diff --git a/Makefile.inc1 b/Makefile.inc1 index 80a360e3aff..d225474d5cf 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -468,13 +468,6 @@ build32: -p ${LIB32TMP}/usr/include >/dev/null mkdir -p ${WORLDTMP} ln -sf ${.CURDIR}/sys ${WORLDTMP} -.if ${MK_KERBEROS} != "no" -.for _t in obj depend all - cd ${.CURDIR}/kerberos5/tools; \ - MAKEOBJDIRPREFIX=${OBJTREE}/lib32 ${MAKE} SSP_CFLAGS= DESTDIR= \ - DIRPRFX=kerberos5/tools/ ${_t} -.endfor -.endif .for _t in obj includes cd ${.CURDIR}/include; ${LIB32WMAKE} DIRPRFX=include/ ${_t} cd ${.CURDIR}/lib; ${LIB32WMAKE} DIRPRFX=lib/ ${_t} @@ -1065,12 +1058,22 @@ _dtrace_tools= cddl/usr.bin/sgsmsg cddl/lib/libctf lib/libelf \ _dtc= gnu/usr.bin/dtc .endif +.if ${MK_KERBEROS} != "no" +_kerberos5_bootstrap_tools= \ + kerberos5/tools/make-roken \ + kerberos5/lib/libroken \ + kerberos5/lib/libvers \ + kerberos5/tools/asn1_compile \ + kerberos5/tools/slc +.endif + # Please document (add comment) why something is in 'bootstrap-tools'. # Try to bound the building of the bootstrap-tool to just the # FreeBSD versions that need the tool built at this stage of the build. bootstrap-tools: .for _tool in \ ${_clang_tblgen} \ + ${_kerberos5_bootstrap_tools} \ ${_dtrace_tools} \ ${_strfile} \ ${_gperf} \ @@ -1112,10 +1115,6 @@ _share= share/syscons/scrnmaps _gcc_tools= gnu/usr.bin/cc/cc_tools .endif -.if ${MK_KERBEROS} != "no" -_kerberos5_tools= kerberos5/tools -.endif - .if ${MK_RESCUE} != "no" _rescue= rescue/rescue .endif @@ -1140,8 +1139,7 @@ build-tools: ${MAKE} DIRPRFX=${_tool}/ build-tools .endfor .for _tool in \ - ${_gcc_tools} \ - ${_kerberos5_tools} + ${_gcc_tools} ${_+_}@${ECHODIR} "===> ${_tool} (obj,depend,all)"; \ cd ${.CURDIR}/${_tool}; \ ${MAKE} DIRPRFX=${_tool}/ obj; \ @@ -1247,10 +1245,15 @@ gnu/lib/libgcc__L: lib/libc__L lib/libcxxrt__L: gnu/lib/libgcc__L .endif -_prebuild_libs= ${_kerberos5_lib_libasn1} ${_kerberos5_lib_libhdb} \ +_prebuild_libs= ${_kerberos5_lib_libasn1} \ + ${_kerberos5_lib_libhdb} \ + ${_kerberos5_lib_libheimbase} \ ${_kerberos5_lib_libheimntlm} \ + ${_kerberos5_lib_libheimsqlite} \ + ${_kerberos5_lib_libheimipcc} \ ${_kerberos5_lib_libhx509} ${_kerberos5_lib_libkrb5} \ ${_kerberos5_lib_libroken} \ + ${_kerberos5_lib_libwind} \ lib/libbz2 lib/libcom_err lib/libcrypt \ lib/libexpat \ ${_lib_libgssapi} ${_lib_libipx} \ @@ -1301,14 +1304,21 @@ _secure_lib= secure/lib .if ${MK_KERBEROS} != "no" kerberos5/lib/libasn1__L: lib/libcom_err__L kerberos5/lib/libroken__L kerberos5/lib/libhdb__L: kerberos5/lib/libasn1__L lib/libcom_err__L \ - kerberos5/lib/libkrb5__L kerberos5/lib/libroken__L -kerberos5/lib/libheimntlm__L: secure/lib/libcrypto__L kerberos5/lib/libkrb5__L + kerberos5/lib/libkrb5__L kerberos5/lib/libroken__L \ + kerberos5/lib/libwind__L kerberos5/lib/libheimsqlite__L +kerberos5/lib/libheimntlm__L: secure/lib/libcrypto__L kerberos5/lib/libkrb5__L \ + kerberos5/lib/libroken__L lib/libcom_err__L kerberos5/lib/libhx509__L: kerberos5/lib/libasn1__L lib/libcom_err__L \ - secure/lib/libcrypto__L kerberos5/lib/libroken__L + secure/lib/libcrypto__L kerberos5/lib/libroken__L kerberos5/lib/libwind__L kerberos5/lib/libkrb5__L: kerberos5/lib/libasn1__L lib/libcom_err__L \ lib/libcrypt__L secure/lib/libcrypto__L kerberos5/lib/libhx509__L \ - kerberos5/lib/libroken__L + kerberos5/lib/libroken__L kerberos5/lib/libwind__L \ + kerberos5/lib/libheimbase__L kerberos5/lib/libheimipcc__L kerberos5/lib/libroken__L: lib/libcrypt__L +kerberos5/lib/libwind__L: kerberos5/lib/libroken__L lib/libcom_err__L +kerberos5/lib/libheimbase__L: lib/libthr__L +kerberos5/lib/libheimipcc__L: kerberos5/lib/libroken__L kerberos5/lib/libheimbase__L lib/libthr__L +kerberos5/lib/libheimsqlite__L: lib/libthr__L .endif .if ${MK_GSSAPI} != "no" @@ -1323,10 +1333,14 @@ _lib_libipx= lib/libipx _kerberos5_lib= kerberos5/lib _kerberos5_lib_libasn1= kerberos5/lib/libasn1 _kerberos5_lib_libhdb= kerberos5/lib/libhdb +_kerberos5_lib_libheimbase= kerberos5/lib/libheimbase _kerberos5_lib_libkrb5= kerberos5/lib/libkrb5 _kerberos5_lib_libhx509= kerberos5/lib/libhx509 _kerberos5_lib_libroken= kerberos5/lib/libroken _kerberos5_lib_libheimntlm= kerberos5/lib/libheimntlm +_kerberos5_lib_libheimsqlite= kerberos5/lib/libheimsqlite +_kerberos5_lib_libheimipcc= kerberos5/lib/libheimipcc +_kerberos5_lib_libwind= kerberos5/lib/libwind .endif .if ${MK_NIS} != "no" diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 950e56e0687..fae8335ebcf 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -38,6 +38,39 @@ # xargs -n1 | sort | uniq -d; # done +# 201203XX: Update heimdal to 1.5.1. +OLD_FILES+=usr/include/krb5-v4compat.h \ + usr/include/krb_err.h \ + usr/include/hdb-private.h \ + usr/share/man/man3/krb5_addresses.3.gz \ + usr/share/man/man3/krb5_cc_cursor.3.gz \ + usr/share/man/man3/krb5_cc_ops.3.gz \ + usr/share/man/man3/krb5_config.3.gz \ + usr/share/man/man3/krb5_config_get_int_default.3.gz \ + usr/share/man/man3/krb5_context.3.gz \ + usr/share/man/man3/krb5_data.3.gz \ + usr/share/man/man3/krb5_err.3.gz \ + usr/share/man/man3/krb5_errx.3.gz \ + usr/share/man/man3/krb5_keyblock.3.gz \ + usr/share/man/man3/krb5_keytab_entry.3.gz \ + usr/share/man/man3/krb5_kt_cursor.3.gz \ + usr/share/man/man3/krb5_kt_ops.3.gz \ + usr/share/man/man3/krb5_set_warn_dest.3.gz \ + usr/share/man/man3/krb5_verify_user.3.gz \ + usr/share/man/man3/krb5_verr.3.gz \ + usr/share/man/man3/krb5_verrx.3.gz \ + usr/share/man/man3/krb5_vwarnx.3.gz \ + usr/share/man/man3/krb5_warn.3.gz \ + usr/share/man/man3/krb5_warnx.3.gz +OLD_LIBS+=usr/lib/libasn1.so.10 \ + usr/lib/libhdb.so.10 \ + usr/lib/libheimntlm.so.10 \ + usr/lib/libhx509.so.10 \ + usr/lib/libkadm5clnt.so.10 \ + usr/lib/libkadm5srv.so.10 \ + usr/lib/libkafs5.so.10 \ + usr/lib/libkrb5.so.10 \ + usr/lib/libroken.so.10 # 20120309: Remove fifofs header files. OLD_FILES+=usr/include/fs/fifofs/fifo.h OLD_DIRS+=usr/include/fs/fifofs diff --git a/contrib/com_err/ChangeLog b/contrib/com_err/ChangeLog index dbeb8fb6bed..e69de29bb2d 100644 --- a/contrib/com_err/ChangeLog +++ b/contrib/com_err/ChangeLog @@ -1,235 +0,0 @@ -2007-07-17 Love Hörnquist Åstrand - - * Makefile.am: split source files in dist and nodist. - -2007-07-16 Love Hörnquist Åstrand - - * Makefile.am: Only do roken rename for the library. - -2007-07-15 Love Hörnquist Åstrand - - * Makefile.am: use version script. - - * version-script.map: use version script. - -2007-07-10 Love Hörnquist Åstrand - - * Makefile.am: New library version. - -2006-10-19 Love Hörnquist Åstrand - - * Makefile.am (compile_et_SOURCES): add lex.h - -2005-12-12 Love Hörnquist Åstrand - - * com_err.3: Document the _r functions. - -2005-07-07 Love Hörnquist Åstrand - - * com_err.h: Include for va_list to help AIX 5.2. - -2005-06-16 Love Hörnquist Åstrand - - * parse.y: rename base to base_id since flex defines a function - with the argument base - - * compile_et.h: rename base to base_id since flex defines a - function with the argument base - - * compile_et.c: rename base to base_id since flex defines a - function with the argument base - - * parse.y (name2number): rename base to num to avoid shadowing - - * compile_et.c: rename optind to optidx - -2005-05-16 Love Hörnquist Åstrand - - * parse.y: check allocation errors - - * lex.l: check allocation errors correctly - - * compile_et.h: include - - * (main): compile_et.c: use strlcpy - -2005-04-29 Dave Love - - * Makefile.am (LDADD): Add libcom_err.la - -2005-04-24 Love Hörnquist Åstrand - - * include strlcpy and *printf and use them - -2005-02-03 Love Hörnquist Åstrand - - * com_right.h: de-__P - - * com_err.h: de-__P - -2002-08-20 Johan Danielsson - - * compile_et.c: don't add comma after last enum member - -2002-08-12 Johan Danielsson - - * compile_et.c: just declare er_list directly instead of including - com_right in generated header files - -2002-03-11 Assar Westerlund - - * Makefile.am (libcom_err_la_LDFLAGS): set version to 2:1:1 - -2002-03-10 Assar Westerlund - - * com_err.c (error_message): do not call strerror with a negative error - -2001-05-17 Assar Westerlund - - * Makefile.am: bump version to 2:0:1 - -2001-05-11 Assar Westerlund - - * com_err.h (add_to_error_table): add prototype - * com_err.c (add_to_error_table): new function, from Derrick J - Brashear - -2001-05-06 Assar Westerlund - - * com_err.h: add printf formats for gcc - -2001-02-28 Johan Danielsson - - * error.c (initialize_error_table_r): put table at end of the list - -2001-02-15 Assar Westerlund - - * com_err.c (default_proc): add printf attributes - -2000-08-16 Assar Westerlund - - * Makefile.am: bump version to 1:1:0 - -2000-07-31 Assar Westerlund - - * com_right.h (initialize_error_table_r): fix prototype - -2000-04-05 Assar Westerlund - - * com_err.c (_et_lit): explicitly initialize it to NULL to make - dyld on Darwin/MacOS X happy - -2000-01-16 Assar Westerlund - - * com_err.h: remove __P definition (now in com_right.h). this - file always includes com_right.h so that's where it should reside. - * com_right.h: moved __P here and added it to the function - prototypes - * com_err.h (error_table_name): add __P - -1999-07-03 Assar Westerlund - - * parse.y (statement): use asprintf - -1999-06-13 Assar Westerlund - - * Makefile.in: make it solaris make vpath-safe - -Thu Apr 1 11:13:53 1999 Johan Danielsson - - * compile_et.c: use getargs - -Sat Mar 20 00:16:30 1999 Assar Westerlund - - * compile_et.c: static-ize - -Thu Mar 18 11:22:13 1999 Johan Danielsson - - * Makefile.am: include Makefile.am.common - -Tue Mar 16 22:30:05 1999 Assar Westerlund - - * parse.y: use YYACCEPT instead of return - -Sat Mar 13 22:22:56 1999 Assar Westerlund - - * compile_et.c (generate_h): cast when calling is* to get rid of a - warning - -Thu Mar 11 15:00:51 1999 Johan Danielsson - - * parse.y: prototype for error_message - -Sun Nov 22 10:39:02 1998 Assar Westerlund - - * compile_et.h: include ctype and roken - - * compile_et.c: include err.h - (generate_h): remove unused variable - - * Makefile.in (WFLAGS): set - -Fri Nov 20 06:58:59 1998 Assar Westerlund - - * lex.l: undef ECHO to work around AIX lex bug - -Sun Sep 27 02:23:59 1998 Johan Danielsson - - * com_err.c (error_message): try to pass code to strerror, to see - if it might be an errno code (this if broken, but some MIT code - seems to expect this behaviour) - -Sat Sep 26 17:42:39 1998 Johan Danielsson - - * compile_et.c: -> "foo_err.h" - -Tue Jun 30 17:17:36 1998 Assar Westerlund - - * Makefile.in: add str{cpy,cat}_truncate - -Mon May 25 05:24:39 1998 Assar Westerlund - - * Makefile.in (clean): try to remove shared library debris - -Sun Apr 19 09:50:17 1998 Assar Westerlund - - * Makefile.in: add symlink magic for linux - -Sun Apr 5 09:22:11 1998 Assar Westerlund - - * parse.y: define alloca to malloc in case we're using bison but - don't have alloca - -Tue Mar 24 05:13:01 1998 Assar Westerlund - - * Makefile.in: link with snprintf (From Derrick J Brashear - ) - -Fri Feb 27 05:01:42 1998 Assar Westerlund - - * parse.y: initialize ec->next - -Thu Feb 26 02:22:25 1998 Assar Westerlund - - * Makefile.am: @LEXLIB@ - -Sat Feb 21 15:18:54 1998 assar westerlund - - * Makefile.in: set YACC and LEX - -Tue Feb 17 22:20:27 1998 Bjoern Groenvall - - * com_right.h: Change typedefs so that one may mix MIT compile_et - generated code with krb4 dito. - -Tue Feb 17 16:30:55 1998 Johan Danielsson - - * compile_et.c (generate): Always return a value. - - * parse.y: Files don't have to end with `end'. - -Mon Feb 16 16:09:20 1998 Johan Danielsson - - * lex.l (getstring): Replace getc() with input(). - - * Makefile.am: Fixes for new compile_et. diff --git a/contrib/com_err/Makefile.am b/contrib/com_err/Makefile.am deleted file mode 100644 index 64d497656fe..00000000000 --- a/contrib/com_err/Makefile.am +++ /dev/null @@ -1,39 +0,0 @@ -# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $ - -include $(top_srcdir)/Makefile.am.common - -YFLAGS = -d - -lib_LTLIBRARIES = libcom_err.la -libcom_err_la_LDFLAGS = -version-info 2:3:1 - -if versionscript -libcom_err_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map -endif - -bin_PROGRAMS = compile_et - -include_HEADERS = com_err.h com_right.h - -compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h - -libcom_err_la_CPPFLAGS = $(ROKEN_RENAME) -dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h - -if do_roken_rename -nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c -endif - -$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s - -compile_et_LDADD = \ - libcom_err.la \ - $(LIB_roken) \ - $(LEXLIB) - -snprintf.c: - $(LN_S) $(srcdir)/../roken/snprintf.c . -strlcpy.c: - $(LN_S) $(srcdir)/../roken/strlcpy.c . - -EXTRA_DIST = version-script.map diff --git a/contrib/com_err/com_err.3 b/contrib/com_err/com_err.3 index e6eeea13b85..b71203aa11b 100644 --- a/contrib/com_err/com_err.3 +++ b/contrib/com_err/com_err.3 @@ -1,96 +1,245 @@ -.\" Copyright (c) 1988 Massachusetts Institute of Technology, -.\" Student Information Processing Board. All rights reserved. +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" $FreeBSD$ +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.TH COM_ERR 3 "22 Nov 1988" SIPB -.SH NAME -com_err \- common error display routine -.SH SYNOPSIS -.nf - #include -.PP -void com_err (whoami, code, format, ...); - const char *whoami; - long code; - const char *format; -.PP -proc = set_com_err_hook (proc); -.fi -void (* -.I proc -) (const char *, long, const char *, va_list); -.nf -.PP -proc = reset_com_err_hook (); -.PP -void initialize_XXXX_error_table (); -.fi -.SH DESCRIPTION -.I Com_err -displays an error message on the standard error stream -.I stderr -(see -.IR stdio (3S)) -composed of the -.I whoami -string, which should specify the program name or some subportion of -a program, followed by an error message generated from the -.I code -value (derived from -.IR compile_et (1)), +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.\" This manpage was contributed by Gregory McGarry. +.\" +.Dd July 7, 2005 +.Dt COM_ERR 3 +.Os +.Sh NAME +.Nm com_err , +.Nm com_err_va , +.Nm error_message , +.Nm error_table_name , +.Nm init_error_table , +.Nm set_com_err_hook , +.Nm reset_com_err_hook , +.Nm add_to_error_table , +.Nm initialize_error_table_r +.Nm free_error_table , +.Nm com_right +.Nd common error display library +.Sh LIBRARY +Common Error Library (libcom_err, -lcom_err) +.Sh SYNOPSIS +.Fd #include +.Fd #include +.Fd #include +.Fd #include \&"XXX_err.h\&" +.Pp +typedef void (*errf)(const char *, long, const char *, ...); +.Ft void +.Fn com_err "const char *whoami" "long code" "const char *format" "..." +.Ft void +.Fn com_err_va "const char *whoami" "long code" "const char *format" "..." +.Ft const char * +.Fn error_message "long code" +.Ft const char * +.Fn error_table_name "int num" +.Ft int +.Fn init_error_table "const char **msgs" "long base" "int count" +.Ft errf +.Fn set_com_err_hook "errf func" +.Ft errf +.Fn reset_com_err_hook "" +.Ft void +.Fn add_to_error_table "struct et_list *new_table" +.Ft void +.Fn initialize_error_table_r "struct et_list **et_list" "const char **msgs" "int base" "long count" +.Ft void +.Fn free_error_table "struct et_list *" +.Ft const char * +.Fn com_right "struct et_list *list" long code" +.Sh DESCRIPTION +The +.Nm +library provides a common error-reporting mechanism for defining and +accessing error codes and descriptions for application software +packages. Error descriptions are defined in a table and error codes +are used to index the table. The error table, the descriptions and +the error codes are generated using +.Xr compile_et 1 . +.Pp +The error table is registered with the +.Nm +library by calling its initialisation function defined in its header +file. The initialisation function is generally defined as +.Fn initialize__error_table , +where +.Em name +is the name of the error table. +.Pp +If a thread-safe version of the library is needed +.Fn initialize__error_table_r +that internally calls +.Fn initialize_error_table_r +instead be used. +.Pp +Any variable which is to contain an error code should be declared +.Em _error_number +where +.Em name +is the name of the error table. +.Sh FUNCTIONS +The following functions are available to the application developer: +.Bl -tag -width compact +.It Fn com_err "whoami" "code" "format" "..." +Displays an error message on standard error composed of the +.Fa whoami +string, which should specify the program name, followed by an error +message generated from +.Fa code , and a string produced using the -.I format -string and any following arguments, in the same style as -.IR fprintf (3). +.Xr printf 3 +.Fa format +string and any following arguments. If +.Fa format +is NULL, the formatted message will not be +printed. The argument +.Fa format +may not be omitted. +.It Fn com_err_va "whoami" "code" "format" "va_list args" +This routine provides an interface, equivalent to +.Fn com_err , +which may be used by higher-level variadic functions (functions which +accept variable numbers of arguments). +.It Fn error_message "code" +Returns the character string error message associate with +.Fa code . +If +.Fa code is associated with an unknown error table, or if +.Fa code +is associated with a known error table but is not in the table, a +string of the form `Unknown code XXXX NN' is returned, where XXXX is +the error table name produced by reversing the compaction performed on +the error table number implied by that error code, and NN is the +offset from that base value. +.Pp +Although this routine is available for use when needed, its use should +be left to circumstances which render +.Fn com_err +unusable. +.Pp +.Fn com_right +returns the error string just like +.Fa com_err +but in a thread-safe way. +.Pp +.It Fn error_table_name "num" +Convert a machine-independent error table number +.Fa num +into an error table name. +.It Fn init_error_table "msgs" "base" "count" +Initialise the internal error table with the array of character string +error messages in +.Fa msgs +of length +.Fa count . +The error codes are assigned incrementally from +.Fa base . +This function is useful for using the error-reporting mechanism with +custom error tables that have not been generated with +.Xr compile_et 1 . +Although this routine is available for use when needed, its use should +be restricted. +.Pp +.Fn initialize_error_table_r +initialize the +.Fa et_list +in the same way as +.Fn init_error_table , +but in a thread-safe way. +.Pp +.It Fn set_com_err_hook "func" +Provides a hook into the +.Nm +library to allow the routine +.Fa func +to be dynamically substituted for +.Fn com_err . +After +.Fn set_com_err_hook + has been called, calls to +.Fn com_err +will turn into calls to the new hook routine. This function is +intended to be used in daemons to use a routine which calls +.Xr syslog 3 , +or in a window system application to pop up a dialogue box. +.It Fn reset_com_err_hook "" +Turns off the hook set in +.Fn set_com_err_hook . +.It Fn add_to_error_table "new_table" +Add the error table, its messages strings and error codes in +.Fa new_table +to the internal error table. +.El +.Sh EXAMPLES +The following is an example using the table defined in +.Xr compile_et 1 : +.Pp +.Bd -literal + #include + #include + #include -The behavior of -.I com_err -can be modified using -.I set_com_err_hook; -this defines a procedure which is called with the arguments passed to -.I com_err, -instead of the default internal procedure which sends the formatted -text to error output. Thus the error messages from a program can all -easily be diverted to another form of diagnostic logging, such as -.IR syslog (3). -.I Reset_com_err_hook -may be used to restore the behavior of -.I com_err -to its default form. Both procedures return the previous ``hook'' -value. These ``hook'' procedures must have the declaration given for -.I proc -above in the synopsis. + #include "test_err.h" -The -.I initialize_XXXX_error_table -routine is generated mechanically by -.IR compile_et (1) -from a source file containing names and associated strings. Each -table has a name of up to four characters, which is used in place of -the -.B XXXX -in the name of the routine. These routines should be called before -any of the corresponding error codes are used, so that the -.I com_err -library will recognize error codes from these tables when they are -used. + void + hook(const char *whoami, long code, + const char *format, va_list args) + { + char buffer[BUFSIZ]; + static int initialized = 0; -The -.B com_err.h -header file should be included in any source file that uses routines -from the -.I com_err -library; executable files must be linked using -.I ``-lcom_err'' -in order to cause the -.I com_err -library to be included. + if (!initialized) { + openlog(whoami, LOG_NOWAIT, LOG_DAEMON); + initialized = 1; + } + vsprintf(buffer, format, args); + syslog(LOG_ERR, "%s %s", error_message(code), buffer); + } -.\" .IR for manual entries -.\" .PP for paragraph breaks + int + main(int argc, char *argv[]) + { + char *whoami = argv[0]; -.SH "SEE ALSO" -compile_et (1), syslog (3). - -Ken Raeburn, "A Common Error Description Library for UNIX". + initialize_test_error_table(); + com_err(whoami, TEST_INVAL, "before hook"); + set_com_err_hook(hook); + com_err(whoami, TEST_IO, "after hook"); + return (0); + } +.Ed +.Sh SEE ALSO +.Xr compile_et 1 diff --git a/contrib/com_err/com_err.c b/contrib/com_err/com_err.c index b6ad85b9476..196dfd59f7f 100644 --- a/contrib/com_err/com_err.c +++ b/contrib/com_err/com_err.c @@ -1,41 +1,37 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $FreeBSD$ */ -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); -#endif + #include #include #include @@ -44,7 +40,7 @@ RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); struct et_list *_et_list = NULL; -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL error_message (long code) { static char msg[128]; @@ -57,23 +53,23 @@ error_message (long code) } if (p != NULL && *p != '\0') { strlcpy(msg, p, sizeof(msg)); - } else + } else snprintf(msg, sizeof(msg), "Unknown error %ld", code); return msg; } -int +KRB5_LIB_FUNCTION int KRB5_LIB_CALL init_error_table(const char **msgs, long base, int count) { initialize_error_table_r(&_et_list, msgs, count, base); return 0; } -static void +static void KRB5_CALLCONV default_proc (const char *whoami, long code, const char *fmt, va_list args) __attribute__((__format__(__printf__, 3, 0))); - -static void + +static void KRB5_CALLCONV default_proc (const char *whoami, long code, const char *fmt, va_list args) { if (whoami) @@ -87,19 +83,19 @@ default_proc (const char *whoami, long code, const char *fmt, va_list args) static errf com_err_hook = default_proc; -void -com_err_va (const char *whoami, - long code, - const char *fmt, +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +com_err_va (const char *whoami, + long code, + const char *fmt, va_list args) { (*com_err_hook) (whoami, code, fmt, args); } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL com_err (const char *whoami, long code, - const char *fmt, + const char *fmt, ...) { va_list ap; @@ -108,7 +104,7 @@ com_err (const char *whoami, va_end(ap); } -errf +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL set_com_err_hook (errf new) { errf old = com_err_hook; @@ -117,12 +113,12 @@ set_com_err_hook (errf new) com_err_hook = new; else com_err_hook = default_proc; - + return old; } -errf -reset_com_err_hook (void) +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL +reset_com_err_hook (void) { return set_com_err_hook(NULL); } @@ -135,7 +131,7 @@ static const char char_set[] = static char buf[6]; -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL error_table_name(int num) { int ch; @@ -157,7 +153,7 @@ error_table_name(int num) return(buf); } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL add_to_error_table(struct et_list *new_table) { struct et_list *et; diff --git a/contrib/com_err/com_err.h b/contrib/com_err/com_err.h index 22f1d5cdf6b..5b8b7e28f77 100644 --- a/contrib/com_err/com_err.h +++ b/contrib/com_err/com_err.h @@ -1,66 +1,76 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $FreeBSD$ */ -/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */ +/* $Id$ */ /* MIT compatible com_err library */ #ifndef __COM_ERR_H__ #define __COM_ERR_H__ -#include -#include - #include #include -typedef void (*errf) __P((const char *, long, const char *, va_list)); +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(X) +#endif -const char * error_message (long); -int init_error_table (const char**, long, int); +typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); -void com_err_va __P((const char *, long, const char *, va_list)) - __printflike(3, 0); +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +error_message (long); -void com_err __P((const char *, long, const char *, ...)) - __printflike(3, 4); +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +init_error_table (const char**, long, int); -errf set_com_err_hook (errf); -errf reset_com_err_hook (void); +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +com_err_va (const char *, long, const char *, va_list) + __attribute__((format(printf, 3, 0))); -const char *error_table_name (int num); +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +com_err (const char *, long, const char *, ...) + __attribute__((format(printf, 3, 4))); -void add_to_error_table (struct et_list *new_table); +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL +set_com_err_hook (errf); + +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL +reset_com_err_hook (void); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +error_table_name (int num); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +add_to_error_table (struct et_list *new_table); #endif /* __COM_ERR_H__ */ diff --git a/contrib/com_err/com_right.h b/contrib/com_err/com_right.h index 74d386d8ada..2ef1ad98fb9 100644 --- a/contrib/com_err/com_right.h +++ b/contrib/com_err/com_right.h @@ -1,44 +1,76 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */ -/* $FreeBSD$ */ +/* $Id$ */ #ifndef __COM_RIGHT_H__ #define __COM_RIGHT_H__ +#ifndef KRB5_LIB_FUNCTION +#if defined(_WIN32) +#define KRB5_LIB_FUNCTION __declspec(dllimport) +#else +#define KRB5_LIB_FUNCTION +#endif +#endif + +#ifndef KRB5_LIB_CALL +#if defined(_WIN32) +#define KRB5_LIB_CALL __stdcall +#else +#define KRB5_LIB_CALL +#endif +#endif + +#ifndef KRB5_LIB_VARIABLE +#if defined(_WIN32) +#define KRB5_LIB_VARIABLE __declspec(dllimport) +#else +#define KRB5_LIB_VARIABLE +#endif +#endif + +#ifdef _WIN32 +#define KRB5_CALLCONV __stdcall +#else +#define KRB5_CALLCONV +#endif + #include + +#ifdef __STDC__ #include +#endif struct error_table { char const * const * msgs; @@ -51,8 +83,16 @@ struct et_list { }; extern struct et_list *_et_list; -const char *com_right (struct et_list *list, long code); -void initialize_error_table_r (struct et_list **, const char **, int, long); -void free_error_table (struct et_list *); +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right (struct et_list *list, long code); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right_r (struct et_list *list, long code, char *, size_t); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +initialize_error_table_r (struct et_list **, const char **, int, long); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +free_error_table (struct et_list *); #endif /* __COM_RIGHT_H__ */ diff --git a/contrib/com_err/compile_et.c b/contrib/com_err/compile_et.c index 1c78325f452..9a06c9759de 100644 --- a/contrib/com_err/compile_et.c +++ b/contrib/com_err/compile_et.c @@ -1,45 +1,44 @@ /* - * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $FreeBSD$ */ #undef ROKEN_RENAME + +#define rk_PATH_DELIM '/' + #include "compile_et.h" #include -#if 0 -RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $"); -#endif - +#include #include #include "parse.h" @@ -77,13 +76,15 @@ generate_c(void) return 1; fprintf(c_file, "/* Generated from %s */\n", filename); - if(id_str) + if(id_str) fprintf(c_file, "/* %s */\n", id_str); fprintf(c_file, "\n"); fprintf(c_file, "#include \n"); fprintf(c_file, "#include \n"); fprintf(c_file, "#include \"%s\"\n", hfn); fprintf(c_file, "\n"); + fprintf(c_file, "#define N_(x) (x)\n"); + fprintf(c_file, "\n"); fprintf(c_file, "static const char *%s_error_strings[] = {\n", name); @@ -92,9 +93,10 @@ generate_c(void) fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n", n, name, n); n++; - + } - fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string); + fprintf(c_file, "\t/* %03d */ N_(\"%s\"),\n", + ec->number, ec->string); } fprintf(c_file, "\tNULL\n"); @@ -102,11 +104,11 @@ generate_c(void) fprintf(c_file, "\n"); fprintf(c_file, "#define num_errors %d\n", number); fprintf(c_file, "\n"); - fprintf(c_file, - "void initialize_%s_error_table_r(struct et_list **list)\n", + fprintf(c_file, + "void initialize_%s_error_table_r(struct et_list **list)\n", name); fprintf(c_file, "{\n"); - fprintf(c_file, + fprintf(c_file, " initialize_error_table_r(list, %s_error_strings, " "num_errors, ERROR_TABLE_BASE_%s);\n", name, name); fprintf(c_file, "}\n"); @@ -137,9 +139,9 @@ generate_h(void) for(p = fn; *p; p++) if(!isalnum((unsigned char)*p)) *p = '_'; - + fprintf(h_file, "/* Generated from %s */\n", filename); - if(id_str) + if(id_str) fprintf(h_file, "/* %s */\n", id_str); fprintf(h_file, "\n"); fprintf(h_file, "#ifndef %s\n", fn); @@ -147,18 +149,18 @@ generate_h(void) fprintf(h_file, "\n"); fprintf(h_file, "struct et_list;\n"); fprintf(h_file, "\n"); - fprintf(h_file, + fprintf(h_file, "void initialize_%s_error_table_r(struct et_list **);\n", name); fprintf(h_file, "\n"); fprintf(h_file, "void initialize_%s_error_table(void);\n", name); - fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", + fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", name, name); fprintf(h_file, "\n"); fprintf(h_file, "typedef enum %s_error_number{\n", name); for(ec = codes; ec; ec = ec->next) { - fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, + fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, (ec->next != NULL) ? "," : ""); } @@ -166,6 +168,8 @@ generate_h(void) fprintf(h_file, "\n"); fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id); fprintf(h_file, "\n"); + fprintf(h_file, "#define COM_ERR_BINDDOMAIN_%s \"heim_com_err%ld\"\n", name, base_id); + fprintf(h_file, "\n"); fprintf(h_file, "#endif /* %s */\n", fn); @@ -179,8 +183,10 @@ generate(void) return generate_c() || generate_h(); } +int version_flag; int help_flag; struct getargs args[] = { + { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -203,27 +209,31 @@ main(int argc, char **argv) usage(1); if(help_flag) usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } - if(optidx == argc) + if(optidx == argc) usage(1); filename = argv[optidx]; yyin = fopen(filename, "r"); if(yyin == NULL) err(1, "%s", filename); - - - p = strrchr(filename, '/'); + + + p = strrchr(filename, rk_PATH_DELIM); if(p) p++; else p = filename; strlcpy(Basename, p, sizeof(Basename)); - + Basename[strcspn(Basename, ".")] = '\0'; - + snprintf(hfn, sizeof(hfn), "%s.h", Basename); snprintf(cfn, sizeof(cfn), "%s.c", Basename); - + yyparse(); if(numerror) return 1; diff --git a/contrib/com_err/compile_et.h b/contrib/com_err/compile_et.h index 9b9db9c86da..6cd6751c777 100644 --- a/contrib/com_err/compile_et.h +++ b/contrib/com_err/compile_et.h @@ -1,46 +1,41 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */ -/* $FreeBSD$ */ +/* $Id$ */ #ifndef __COMPILE_ET_H__ #define __COMPILE_ET_H__ -#ifdef HAVE_CONFIG_H -#include -#endif - #include #include #include diff --git a/contrib/com_err/error.c b/contrib/com_err/error.c index 051078025c5..07cf0320dd1 100644 --- a/contrib/com_err/error.c +++ b/contrib/com_err/error.c @@ -1,52 +1,72 @@ /* - * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $"); -#endif + #include #include #include #include -const char * +#ifdef LIBINTL +#include +#else +#define dgettext(d,s) (s) +#endif + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL com_right(struct et_list *list, long code) { struct et_list *p; - for (p = list; p; p = p->next) { + for (p = list; p; p = p->next) if (code >= p->table->base && code < p->table->base + p->table->n_msgs) return p->table->msgs[code - p->table->base]; + return NULL; +} + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right_r(struct et_list *list, long code, char *str, size_t len) +{ + struct et_list *p; + for (p = list; p; p = p->next) { + if (code >= p->table->base && code < p->table->base + p->table->n_msgs) { + const char *msg = p->table->msgs[code - p->table->base]; +#ifdef LIBINTL + char domain[12 + 20]; + snprintf(domain, sizeof(domain), "heim_com_err%d", p->table->base); +#endif + strlcpy(str, dgettext(domain, msg), len); + return str; + } } return NULL; } @@ -56,9 +76,9 @@ struct foobar { struct error_table et; }; -void -initialize_error_table_r(struct et_list **list, - const char **messages, +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +initialize_error_table_r(struct et_list **list, + const char **messages, int num_errors, long base) { @@ -78,9 +98,9 @@ initialize_error_table_r(struct et_list **list, et->next = NULL; *end = et; } - -void + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL free_error_table(struct et_list *et) { while(et){ diff --git a/contrib/com_err/getarg.c b/contrib/com_err/getarg.c deleted file mode 100644 index 80f76ab4a5e..00000000000 --- a/contrib/com_err/getarg.c +++ /dev/null @@ -1,379 +0,0 @@ -/* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $FreeBSD$ - */ - -#if 0 -RCSID("$Id: getarg.c,v 1.25 1998/11/22 09:45:05 assar Exp $"); -#endif - -#include -#include -#include -#include -#include "getarg.h" - -#define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag) - -static size_t -print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg) -{ - const char *s; - - *string = '\0'; - - if (ISFLAG(*arg)) - return 0; - - if(mdoc){ - if(longp) - strncat(string, "= Ns", len); - strncat(string, " Ar ", len); - }else - if (longp) - strncat (string, "=", len); - else - strncat (string, " ", len); - - if (arg->arg_help) - s = arg->arg_help; - else if (arg->type == arg_integer) - s = "number"; - else if (arg->type == arg_string) - s = "string"; - else - s = ""; - - strncat(string, s, len); - return 1 + strlen(s); -} - -static int -check_column(FILE *f, int col, int len, int columns) -{ - if(col + len > columns) { - fprintf(f, "\n"); - col = fprintf(f, " "); - } - return col; -} - -void -arg_printusage (struct getargs *args, - size_t num_args, - const char *progname, - const char *extra_string) -{ - int i; - size_t max_len = 0; - char buf[128]; - int col = 0, columns; - struct winsize ws; - - columns = 80; - col = 0; - col += fprintf (stderr, "Usage: %s", progname); - for (i = 0; i < num_args; ++i) { - size_t len = 0; - - if (args[i].long_name) { - buf[0] = '\0'; - strncat(buf, "[--", sizeof(buf)); - len += 2; - if(args[i].type == arg_negative_flag) { - strncat(buf, "no-", sizeof(buf)); - len += 3; - } - strncat(buf, args[i].long_name, sizeof(buf)); - len += strlen(args[i].long_name); - len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), - 0, 1, &args[i]); - strncat(buf, "]", sizeof(buf)); - if(args[i].type == arg_strings) - strncat(buf, "...", sizeof(buf)); - col = check_column(stderr, col, strlen(buf) + 1, columns); - col += fprintf(stderr, " %s", buf); - } - if (args[i].short_name) { - snprintf(buf, sizeof(buf), "[-%c", args[i].short_name); - len += 2; - len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), - 0, 0, &args[i]); - strncat(buf, "]", sizeof(buf)); - if(args[i].type == arg_strings) - strncat(buf, "...", sizeof(buf)); - col = check_column(stderr, col, strlen(buf) + 1, columns); - col += fprintf(stderr, " %s", buf); - } - if (args[i].long_name && args[i].short_name) - len += 2; /* ", " */ - max_len = max(max_len, len); - } - if (extra_string) { - col = check_column(stderr, col, strlen(extra_string) + 1, columns); - fprintf (stderr, " %s\n", extra_string); - } else - fprintf (stderr, "\n"); - for (i = 0; i < num_args; ++i) { - if (args[i].help) { - size_t count = 0; - - if (args[i].short_name) { - count += fprintf (stderr, "-%c", args[i].short_name); - print_arg (buf, sizeof(buf), 0, 0, &args[i]); - count += fprintf(stderr, "%s", buf); - } - if (args[i].short_name && args[i].long_name) - count += fprintf (stderr, ", "); - if (args[i].long_name) { - count += fprintf (stderr, "--"); - if (args[i].type == arg_negative_flag) - count += fprintf (stderr, "no-"); - count += fprintf (stderr, "%s", args[i].long_name); - print_arg (buf, sizeof(buf), 0, 1, &args[i]); - count += fprintf(stderr, "%s", buf); - } - while(count++ <= max_len) - putc (' ', stderr); - fprintf (stderr, "%s\n", args[i].help); - } - } -} - -static void -add_string(getarg_strings *s, char *value) -{ - s->strings = realloc(s->strings, (s->num_strings + 1) * sizeof(*s->strings)); - s->strings[s->num_strings] = value; - s->num_strings++; -} - -static int -arg_match_long(struct getargs *args, size_t num_args, - char *argv) -{ - int i; - char *optarg = NULL; - int negate = 0; - int partial_match = 0; - struct getargs *partial = NULL; - struct getargs *current = NULL; - int argv_len; - char *p; - - argv_len = strlen(argv); - p = strchr (argv, '='); - if (p != NULL) - argv_len = p - argv; - - for (i = 0; i < num_args; ++i) { - if(args[i].long_name) { - int len = strlen(args[i].long_name); - char *p = argv; - int p_len = argv_len; - negate = 0; - - for (;;) { - if (strncmp (args[i].long_name, p, p_len) == 0) { - if(p_len == len) - current = &args[i]; - else { - ++partial_match; - partial = &args[i]; - } - optarg = p + p_len; - } else if (ISFLAG(args[i]) && strncmp (p, "no-", 3) == 0) { - negate = !negate; - p += 3; - p_len -= 3; - continue; - } - break; - } - if (current) - break; - } - } - if (current == NULL) { - if (partial_match == 1) - current = partial; - else - return ARG_ERR_NO_MATCH; - } - - if(*optarg == '\0' && !ISFLAG(*current)) - return ARG_ERR_NO_MATCH; - switch(current->type){ - case arg_integer: - { - int tmp; - if(sscanf(optarg + 1, "%d", &tmp) != 1) - return ARG_ERR_BAD_ARG; - *(int*)current->value = tmp; - return 0; - } - case arg_string: - { - *(char**)current->value = optarg + 1; - return 0; - } - case arg_strings: - { - add_string((getarg_strings*)current->value, optarg + 1); - return 0; - } - case arg_flag: - case arg_negative_flag: - { - int *flag = current->value; - if(*optarg == '\0' || - strcmp(optarg + 1, "yes") == 0 || - strcmp(optarg + 1, "true") == 0){ - *flag = !negate; - return 0; - } else if (*optarg && strcmp(optarg + 1, "maybe") == 0) { - *flag = rand() & 1; - } else { - *flag = negate; - return 0; - } - return ARG_ERR_BAD_ARG; - } - default: - abort (); - } -} - -int -getarg(struct getargs *args, size_t num_args, - int argc, char **argv, int *optind) -{ - int i, j, k; - int ret = 0; - - srand (time(NULL)); - (*optind)++; - for(i = *optind; i < argc; i++) { - if(argv[i][0] != '-') - break; - if(argv[i][1] == '-'){ - if(argv[i][2] == 0){ - i++; - break; - } - ret = arg_match_long (args, num_args, argv[i] + 2); - if(ret) - return ret; - }else{ - for(j = 1; argv[i][j]; j++) { - for(k = 0; k < num_args; k++) { - char *optarg; - if(args[k].short_name == 0) - continue; - if(argv[i][j] == args[k].short_name){ - if(args[k].type == arg_flag){ - *(int*)args[k].value = 1; - break; - } - if(args[k].type == arg_negative_flag){ - *(int*)args[k].value = 0; - break; - } - if(argv[i][j + 1]) - optarg = &argv[i][j + 1]; - else{ - i++; - optarg = argv[i]; - } - if(optarg == NULL) - return ARG_ERR_NO_ARG; - if(args[k].type == arg_integer){ - int tmp; - if(sscanf(optarg, "%d", &tmp) != 1) - return ARG_ERR_BAD_ARG; - *(int*)args[k].value = tmp; - goto out; - }else if(args[k].type == arg_string){ - *(char**)args[k].value = optarg; - goto out; - }else if(args[k].type == arg_strings){ - add_string((getarg_strings*)args[k].value, optarg); - goto out; - } - return ARG_ERR_BAD_ARG; - } - - } - if (k == num_args) - return ARG_ERR_NO_MATCH; - } - out:; - } - } - *optind = i; - return 0; -} - -#if TEST -int foo_flag = 2; -int flag1 = 0; -int flag2 = 0; -int bar_int; -char *baz_string; - -struct getargs args[] = { - { NULL, '1', arg_flag, &flag1, "one", NULL }, - { NULL, '2', arg_flag, &flag2, "two", NULL }, - { "foo", 'f', arg_negative_flag, &foo_flag, "foo", NULL }, - { "bar", 'b', arg_integer, &bar_int, "bar", "seconds"}, - { "baz", 'x', arg_string, &baz_string, "baz", "name" }, -}; - -int main(int argc, char **argv) -{ - int optind = 0; - while(getarg(args, 5, argc, argv, &optind)) - printf("Bad arg: %s\n", argv[optind]); - printf("flag1 = %d\n", flag1); - printf("flag2 = %d\n", flag2); - printf("foo_flag = %d\n", foo_flag); - printf("bar_int = %d\n", bar_int); - printf("baz_flag = %s\n", baz_string); - arg_printusage (args, 5, argv[0], "nothing here"); -} -#endif diff --git a/contrib/com_err/getarg.h b/contrib/com_err/getarg.h deleted file mode 100644 index d0d9d4e6f57..00000000000 --- a/contrib/com_err/getarg.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: getarg.h,v 1.5 1998/08/18 20:26:11 assar Exp $ */ - -#ifndef __GETARG_H__ -#define __GETARG_H__ - -#include - -#define max(a,b) (((a)>(b))?(a):(b)) - -struct getargs{ - const char *long_name; - char short_name; - enum { arg_integer, arg_string, arg_flag, arg_negative_flag, arg_strings } type; - void *value; - const char *help; - const char *arg_help; -}; - -enum { - ARG_ERR_NO_MATCH = 1, - ARG_ERR_BAD_ARG, - ARG_ERR_NO_ARG -}; - -typedef struct getarg_strings { - int num_strings; - char **strings; -} getarg_strings; - -int getarg(struct getargs *args, size_t num_args, - int argc, char **argv, int *optind); - -void arg_printusage (struct getargs *args, - size_t num_args, - const char *progname, - const char *extra_string); - -#endif /* __GETARG_H__ */ diff --git a/contrib/com_err/lex.c b/contrib/com_err/lex.c deleted file mode 100644 index 8f756d39c99..00000000000 --- a/contrib/com_err/lex.c +++ /dev/null @@ -1,1896 +0,0 @@ - -#line 3 "lex.c" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ -#include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ - -#if __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif - -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ - -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) -#endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) -#endif - -#endif /* ! FLEXINT_H */ - -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN (yy_start) = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START (((yy_start) - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#ifndef YY_BUF_SIZE -#define YY_BUF_SIZE 16384 -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) - -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE -typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif - -extern int yyleng; - -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ - YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, (yytext_ptr) ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; -#endif - -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; - -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ - -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - * - * Returns the top of the stack, or NULL. - */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) - -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; -static int yy_n_chars; /* number of characters read into yy_ch_buf */ -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); - -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) - -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ - -typedef unsigned char YY_CHAR; - -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - -typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ - *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; - -#define YY_NUM_RULES 16 -#define YY_END_OF_BUFFER 17 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[46] = - { 0, - 0, 0, 17, 15, 11, 12, 13, 10, 9, 14, - 14, 14, 14, 10, 9, 14, 3, 14, 14, 1, - 7, 14, 14, 8, 14, 14, 14, 14, 14, 14, - 14, 6, 14, 14, 5, 14, 14, 14, 14, 14, - 14, 4, 14, 2, 0 - } ; - -static yyconst flex_int32_t yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 4, 5, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 1, 1, 1, - 1, 1, 1, 1, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 1, 1, 1, 1, 8, 1, 9, 10, 11, 12, - - 13, 14, 7, 7, 15, 7, 7, 16, 7, 17, - 18, 19, 7, 20, 7, 21, 7, 7, 7, 22, - 7, 7, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst flex_int32_t yy_meta[23] = - { 0, - 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, - 3, 3 - } ; - -static yyconst flex_int16_t yy_base[48] = - { 0, - 0, 0, 56, 57, 57, 57, 57, 0, 49, 0, - 12, 13, 34, 0, 47, 0, 0, 40, 31, 0, - 0, 38, 36, 0, 30, 34, 32, 25, 22, 28, - 34, 0, 19, 13, 0, 22, 30, 26, 26, 18, - 12, 0, 14, 0, 57, 34, 23 - } ; - -static yyconst flex_int16_t yy_def[48] = - { 0, - 45, 1, 45, 45, 45, 45, 45, 46, 47, 47, - 47, 47, 47, 46, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 47, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 47, 0, 45, 45 - } ; - -static yyconst flex_int16_t yy_nxt[80] = - { 0, - 4, 5, 6, 7, 8, 9, 10, 10, 10, 10, - 10, 10, 11, 10, 12, 10, 10, 10, 13, 10, - 10, 10, 17, 36, 21, 16, 44, 43, 18, 22, - 42, 19, 20, 37, 14, 41, 14, 40, 39, 38, - 35, 34, 33, 32, 31, 30, 29, 28, 27, 26, - 25, 24, 15, 23, 15, 45, 3, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45 - } ; - -static yyconst flex_int16_t yy_chk[80] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 11, 34, 12, 47, 43, 41, 11, 12, - 40, 11, 11, 34, 46, 39, 46, 38, 37, 36, - 33, 31, 30, 29, 28, 27, 26, 25, 23, 22, - 19, 18, 15, 13, 9, 3, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, - 45, 45, 45, 45, 45, 45, 45, 45, 45 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -extern int yy_flex_debug; -int yy_flex_debug = 0; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "lex.l" -#line 2 "lex.l" -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * This is to handle the definition of this symbol in some AIX - * headers, which will conflict with the definition that lex will - * generate for it. It's only a problem for AIX lex. - */ - -#undef ECHO - -#include "compile_et.h" -#include "parse.h" -#include "lex.h" - -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); - -static unsigned lineno = 1; -static int getstring(void); - -#define YY_NO_UNPUT - -#undef ECHO - -#line 536 "lex.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap (void ); -#else -extern int yywrap (void ); -#endif -#endif - - static void yyunput (int c,char *buf_ptr ); - -#ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); -#endif - -#ifndef YY_NO_INPUT - -#ifdef __cplusplus -static int yyinput (void ); -#else -static int input (void ); -#endif - -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ - size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* end tables serialization structures and prototypes */ - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -/** The main scanner function which does all the work. - */ -YY_DECL -{ - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; - -#line 59 "lex.l" - -#line 691 "lex.c" - - if ( !(yy_init) ) - { - (yy_init) = 1; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } - - yy_load_buffer_state( ); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = (yy_c_buf_p); - - /* Support of yytext. */ - *yy_cp = (yy_hold_char); - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = (yy_start); -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 46 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 57 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - -do_action: /* This label is used only to access EOF actions. */ - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 60 "lex.l" -{ return ET; } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 61 "lex.l" -{ return ET; } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 62 "lex.l" -{ return EC; } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 63 "lex.l" -{ return EC; } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 64 "lex.l" -{ return PREFIX; } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 65 "lex.l" -{ return INDEX; } - YY_BREAK -case 7: -YY_RULE_SETUP -#line 66 "lex.l" -{ return ID; } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 67 "lex.l" -{ return END; } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 68 "lex.l" -{ yylval.number = atoi(yytext); return NUMBER; } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 69 "lex.l" -; - YY_BREAK -case 11: -YY_RULE_SETUP -#line 70 "lex.l" -; - YY_BREAK -case 12: -/* rule 12 can match eol */ -YY_RULE_SETUP -#line 71 "lex.l" -{ lineno++; } - YY_BREAK -case 13: -YY_RULE_SETUP -#line 72 "lex.l" -{ return getstring(); } - YY_BREAK -case 14: -YY_RULE_SETUP -#line 73 "lex.l" -{ yylval.string = strdup(yytext); return STRING; } - YY_BREAK -case 15: -YY_RULE_SETUP -#line 74 "lex.l" -{ return *yytext; } - YY_BREAK -case 16: -YY_RULE_SETUP -#line 75 "lex.l" -ECHO; - YY_BREAK -#line 855 "lex.c" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); - YY_RESTORE_YY_MORE_OFFSET - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = (yy_c_buf_p); - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_END_OF_FILE: - { - (yy_did_buffer_switch_on_eof) = 0; - - if ( yywrap( ) ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ -} /* end of yylex */ - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); - register int number_to_move, i; - int ret_val; - - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; - - else - { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - - number_to_move - 1; - - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - if ( (yy_n_chars) == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; - - return ret_val; -} - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - - static yy_state_type yy_get_previous_state (void) -{ - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = (yy_start); - - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 46 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; -} - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ - register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 46 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 45); - - return yy_is_jam ? 0 : yy_current_state; -} - - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); - - /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} - -#ifndef YY_NO_INPUT -#ifdef __cplusplus - static int yyinput (void) -#else - static int input (void) -#endif - -{ - int c; - - *(yy_c_buf_p) = (yy_hold_char); - - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; - - else - { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart(yyin ); - - /*FALLTHROUGH*/ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap( ) ) - return 0; - - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; - break; - } - } - } - - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); - - return c; -} -#endif /* ifndef YY_NO_INPUT */ - -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } - - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} - -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) - return; - - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - (yy_did_buffer_switch_on_eof) = 1; -} - -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} - -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer(b,file ); - - return b; -} - -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - - if ( ! b ) - return; - - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); - - yyfree((void *) b ); -} - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - -{ - int oerrno = errno; - - yy_flush_buffer(b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} - -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer(b ); - - return b; -} - -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) -{ - - return yy_scan_bytes(yystr,strlen(yystr) ); -} - -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -{ - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; - - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer(buf,n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) - -/* Accessor methods (get/set functions) to struct members. */ - -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} - -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} - -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} - -/** Get the current token. - * - */ - -char *yyget_text (void) -{ - return yytext; -} - -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} - -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} - -int yyget_debug (void) -{ - return yy_flex_debug; -} - -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} - -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; -#else - yyin = (FILE *) 0; - yyout = (FILE *) 0; -#endif - - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} - -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; - - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); - - return 0; -} - -/* - * Internal utility routines. - */ - -#ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; -} -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; -} -#endif - -void *yyalloc (yy_size_t size ) -{ - return (void *) malloc( size ); -} - -void *yyrealloc (void * ptr, yy_size_t size ) -{ - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" - -#line 75 "lex.l" - - - -#ifndef yywrap /* XXX */ -int -yywrap () -{ - return 1; -} -#endif - -static int -getstring(void) -{ - char x[128]; - int i = 0; - int c; - int quote = 0; - while(i < sizeof(x) - 1 && (c = input()) != EOF){ - if(quote) { - x[i++] = c; - quote = 0; - continue; - } - if(c == '\n'){ - error_message("unterminated string"); - lineno++; - break; - } - if(c == '\\'){ - quote++; - continue; - } - if(c == '\"') - break; - x[i++] = c; - } - x[i] = '\0'; - yylval.string = strdup(x); - if (yylval.string == NULL) - err(1, "malloc"); - return STRING; -} - -void -error_message (const char *format, ...) -{ - va_list args; - - va_start (args, format); - fprintf (stderr, "%s:%d:", filename, lineno); - vfprintf (stderr, format, args); - va_end (args); - numerror++; -} - diff --git a/contrib/com_err/lex.h b/contrib/com_err/lex.h index 89f0387655f..e158816bbb6 100644 --- a/contrib/com_err/lex.h +++ b/contrib/com_err/lex.h @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */ +/* $Id$ */ -void error_message (const char *, ...) +void _lex_error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); int yylex(void); diff --git a/contrib/com_err/lex.l b/contrib/com_err/lex.l index 069fc9377d9..eb39e0cfb83 100644 --- a/contrib/com_err/lex.l +++ b/contrib/com_err/lex.l @@ -1,37 +1,36 @@ %{ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $FreeBSD$ */ /* * This is to handle the definition of this symbol in some AIX @@ -45,10 +44,6 @@ #include "parse.h" #include "lex.h" -#if 0 -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); -#endif - static unsigned lineno = 1; static int getstring(void); @@ -58,6 +53,7 @@ static int getstring(void); %} +%option nounput %% et { return ET; } @@ -79,7 +75,7 @@ end { return END; } #ifndef yywrap /* XXX */ int -yywrap () +yywrap () { return 1; } @@ -99,7 +95,7 @@ getstring(void) continue; } if(c == '\n'){ - error_message("unterminated string"); + _lex_error_message("unterminated string"); lineno++; break; } @@ -119,7 +115,7 @@ getstring(void) } void -error_message (const char *format, ...) +_lex_error_message (const char *format, ...) { va_list args; diff --git a/contrib/com_err/parse.c b/contrib/com_err/parse.c deleted file mode 100644 index 32cff630d40..00000000000 --- a/contrib/com_err/parse.c +++ /dev/null @@ -1,1716 +0,0 @@ -/* A Bison parser, made by GNU Bison 2.3. */ - -/* Skeleton implementation for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* C LALR(1) parser skeleton written by Richard Stallman, by - simplifying the original so-called "semantic" parser. */ - -/* All symbols defined below should begin with yy or YY, to avoid - infringing on user name space. This should be done even for local - variables, as they might otherwise be expanded by user macros. - There are some unavoidable exceptions within include files to - define necessary library symbols; they are noted "INFRINGES ON - USER NAME SPACE" below. */ - -/* Identify Bison output. */ -#define YYBISON 1 - -/* Bison version. */ -#define YYBISON_VERSION "2.3" - -/* Skeleton name. */ -#define YYSKELETON_NAME "yacc.c" - -/* Pure parsers. */ -#define YYPURE 0 - -/* Using locations. */ -#define YYLSP_NEEDED 0 - - - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - ET = 258, - INDEX = 259, - PREFIX = 260, - EC = 261, - ID = 262, - END = 263, - STRING = 264, - NUMBER = 265 - }; -#endif -/* Tokens. */ -#define ET 258 -#define INDEX 259 -#define PREFIX 260 -#define EC 261 -#define ID 262 -#define END 263 -#define STRING 264 -#define NUMBER 265 - - - - -/* Copy the first part of user declarations. */ -#line 1 "parse.y" - -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "compile_et.h" -#include "lex.h" - -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); - -void yyerror (char *s); -static long name2number(const char *str); - -extern char *yytext; - -/* This is for bison */ - -#if !defined(alloca) && !defined(HAVE_ALLOCA) -#define alloca(x) malloc(x) -#endif - - - -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 0 -#endif - -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE -#line 53 "parse.y" -{ - char *string; - int number; -} -/* Line 193 of yacc.c. */ -#line 173 "parse.c" - YYSTYPE; -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 -#endif - - - -/* Copy the second part of user declarations. */ - - -/* Line 216 of yacc.c. */ -#line 186 "parse.c" - -#ifdef short -# undef short -#endif - -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; -#else -typedef unsigned char yytype_uint8; -#endif - -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#elif (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -typedef signed char yytype_int8; -#else -typedef short int yytype_int8; -#endif - -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; -#else -typedef unsigned short int yytype_uint16; -#endif - -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; -#endif - -#ifndef YYSIZE_T -# ifdef __SIZE_TYPE__ -# define YYSIZE_T __SIZE_TYPE__ -# elif defined size_t -# define YYSIZE_T size_t -# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# else -# define YYSIZE_T unsigned int -# endif -#endif - -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) - -#ifndef YY_ -# if defined YYENABLE_NLS && YYENABLE_NLS -# if ENABLE_NLS -# include /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) -# endif -# endif -# ifndef YY_ -# define YY_(msgid) msgid -# endif -#endif - -/* Suppress unused-variable warnings by "using" E. */ -#if ! defined lint || defined __GNUC__ -# define YYUSE(e) ((void) (e)) -#else -# define YYUSE(e) /* empty */ -#endif - -/* Identity function, used to suppress warnings about constant conditions. */ -#ifndef lint -# define YYID(n) (n) -#else -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static int -YYID (int i) -#else -static int -YYID (i) - int i; -#endif -{ - return i; -} -#endif - -#if ! defined yyoverflow || YYERROR_VERBOSE - -/* The parser invokes alloca or malloc; define the necessary symbols. */ - -# ifdef YYSTACK_USE_ALLOCA -# if YYSTACK_USE_ALLOCA -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# elif defined __BUILTIN_VA_ARG_INCR -# include /* INFRINGES ON USER NAME SPACE */ -# elif defined _AIX -# define YYSTACK_ALLOC __alloca -# elif defined _MSC_VER -# include /* INFRINGES ON USER NAME SPACE */ -# define alloca _alloca -# else -# define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -# include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 -# endif -# endif -# endif -# endif -# endif - -# ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ -# endif -# else -# define YYSTACK_ALLOC YYMALLOC -# define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM -# endif -# if (defined __cplusplus && ! defined _STDLIB_H \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) -# include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 -# endif -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - - -#if (! defined yyoverflow \ - && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) - -/* A type that is properly aligned for any stack member. */ -union yyalloc -{ - yytype_int16 yyss; - YYSTYPE yyvs; - }; - -/* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) - -/* The size of an array large to enough to hold all stacks, each with - N elements. */ -# define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - -/* Copy COUNT objects from FROM to TO. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(To, From, Count) \ - __builtin_memcpy (To, From, (Count) * sizeof (*(From))) -# else -# define YYCOPY(To, From, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (To)[yyi] = (From)[yyi]; \ - } \ - while (YYID (0)) -# endif -# endif - -/* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ -# define YYSTACK_RELOCATE(Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack, Stack, yysize); \ - Stack = &yyptr->Stack; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (YYID (0)) - -#endif - -/* YYFINAL -- State number of the termination state. */ -#define YYFINAL 9 -/* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 23 - -/* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 12 -/* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 7 -/* YYNRULES -- Number of rules. */ -#define YYNRULES 15 -/* YYNRULES -- Number of states. */ -#define YYNSTATES 24 - -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 -#define YYMAXUTOK 265 - -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) - -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const yytype_uint8 yytranslate[] = -{ - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 11, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10 -}; - -#if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const yytype_uint8 yyprhs[] = -{ - 0, 0, 3, 4, 7, 10, 12, 15, 18, 22, - 24, 27, 30, 33, 35, 40 -}; - -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yytype_int8 yyrhs[] = -{ - 13, 0, -1, -1, 14, 17, -1, 15, 16, -1, - 16, -1, 7, 9, -1, 3, 9, -1, 3, 9, - 9, -1, 18, -1, 17, 18, -1, 4, 10, -1, - 5, 9, -1, 5, -1, 6, 9, 11, 9, -1, - 8, -1 -}; - -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const yytype_uint8 yyrline[] = -{ - 0, 64, 64, 65, 68, 69, 72, 78, 84, 93, - 94, 97, 101, 109, 116, 136 -}; -#endif - -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ -static const char *const yytname[] = -{ - "$end", "error", "$undefined", "ET", "INDEX", "PREFIX", "EC", "ID", - "END", "STRING", "NUMBER", "','", "$accept", "file", "header", "id", - "et", "statements", "statement", 0 -}; -#endif - -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const yytype_uint16 yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 44 -}; -# endif - -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint8 yyr1[] = -{ - 0, 12, 13, 13, 14, 14, 15, 16, 16, 17, - 17, 18, 18, 18, 18, 18 -}; - -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = -{ - 0, 2, 0, 2, 2, 1, 2, 2, 3, 1, - 2, 2, 2, 1, 4, 1 -}; - -/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state - STATE-NUM when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const yytype_uint8 yydefact[] = -{ - 2, 0, 0, 0, 0, 0, 5, 7, 6, 1, - 0, 13, 0, 15, 3, 9, 4, 8, 11, 12, - 0, 10, 0, 14 -}; - -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int8 yydefgoto[] = -{ - -1, 3, 4, 5, 6, 14, 15 -}; - -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -5 -static const yytype_int8 yypact[] = -{ - 0, -3, -1, 5, -4, 6, -5, 1, -5, -5, - 2, 4, 7, -5, -4, -5, -5, -5, -5, -5, - 3, -5, 8, -5 -}; - -/* YYPGOTO[NTERM-NUM]. */ -static const yytype_int8 yypgoto[] = -{ - -5, -5, -5, -5, 10, -5, 9 -}; - -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If zero, do what YYDEFACT says. - If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const yytype_uint8 yytable[] = -{ - 10, 11, 12, 1, 13, 9, 7, 2, 8, 1, - 17, 0, 18, 19, 22, 16, 20, 23, 0, 0, - 0, 0, 0, 21 -}; - -static const yytype_int8 yycheck[] = -{ - 4, 5, 6, 3, 8, 0, 9, 7, 9, 3, - 9, -1, 10, 9, 11, 5, 9, 9, -1, -1, - -1, -1, -1, 14 -}; - -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint8 yystos[] = -{ - 0, 3, 7, 13, 14, 15, 16, 9, 9, 0, - 4, 5, 6, 8, 17, 18, 16, 9, 10, 9, - 9, 18, 11, 9 -}; - -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - - -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. */ - -#define YYFAIL goto yyerrlab - -#define YYRECOVERING() (!!yyerrstatus) - -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY && yylen == 1) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK (1); \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (YYID (0)) - - -#define YYTERROR 1 -#define YYERRCODE 256 - - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (YYID (N)) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (YYID (0)) -#endif - - -/* YY_LOCATION_PRINT -- Print the location on the stream. - This macro was not mandated originally: define only if we know - we won't break user code: when these are the locations we know. */ - -#ifndef YY_LOCATION_PRINT -# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL -# define YY_LOCATION_PRINT(File, Loc) \ - fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) -# else -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif -#endif - - -/* YYLEX -- calling `yylex' with the right arguments. */ - -#ifdef YYLEX_PARAM -# define YYLEX yylex (YYLEX_PARAM) -#else -# define YYLEX yylex () -#endif - -/* Enable debugging if requested. */ -#if YYDEBUG - -# ifndef YYFPRINTF -# include /* INFRINGES ON USER NAME SPACE */ -# define YYFPRINTF fprintf -# endif - -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (YYID (0)) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (YYID (0)) - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_value_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif -{ - if (!yyvaluep) - return; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# else - YYUSE (yyoutput); -# endif - switch (yytype) - { - default: - break; - } -} - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif -{ - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); - - yy_symbol_value_print (yyoutput, yytype, yyvaluep); - YYFPRINTF (yyoutput, ")"); -} - -/*------------------------------------------------------------------. -| yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (included). | -`------------------------------------------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) -#else -static void -yy_stack_print (bottom, top) - yytype_int16 *bottom; - yytype_int16 *top; -#endif -{ - YYFPRINTF (stderr, "Stack now"); - for (; bottom <= top; ++bottom) - YYFPRINTF (stderr, " %d", *bottom); - YYFPRINTF (stderr, "\n"); -} - -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (YYID (0)) - - -/*------------------------------------------------. -| Report that the YYRULE is going to be reduced. | -`------------------------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_reduce_print (YYSTYPE *yyvsp, int yyrule) -#else -static void -yy_reduce_print (yyvsp, yyrule) - YYSTYPE *yyvsp; - int yyrule; -#endif -{ - int yynrhs = yyr2[yyrule]; - int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) - { - fprintf (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); - fprintf (stderr, "\n"); - } -} - -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyvsp, Rule); \ -} while (YYID (0)) - -/* Nonzero means print parse trace. It is left uninitialized so that - multiple parsers can coexist. */ -int yydebug; -#else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) -# define YY_STACK_PRINT(Bottom, Top) -# define YY_REDUCE_PRINT(Rule) -#endif /* !YYDEBUG */ - - -/* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH -# define YYINITDEPTH 200 -#endif - -/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only - if the built-in stack extension method is used). - - Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) - evaluated with infinite-precision integer arithmetic. */ - -#ifndef YYMAXDEPTH -# define YYMAXDEPTH 10000 -#endif - - - -#if YYERROR_VERBOSE - -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else -/* Return the length of YYSTR. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static YYSIZE_T -yystrlen (const char *yystr) -#else -static YYSIZE_T -yystrlen (yystr) - const char *yystr; -#endif -{ - YYSIZE_T yylen; - for (yylen = 0; yystr[yylen]; yylen++) - continue; - return yylen; -} -# endif -# endif - -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else -/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - YYDEST. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static char * -yystpcpy (char *yydest, const char *yysrc) -#else -static char * -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -#endif -{ - char *yyd = yydest; - const char *yys = yysrc; - - while ((*yyd++ = *yys++) != '\0') - continue; - - return yyd - 1; -} -# endif -# endif - -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) -{ - if (*yystr == '"') - { - YYSIZE_T yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; -} -# endif - -/* Copy into YYRESULT an error message about the unexpected token - YYCHAR while in state YYSTATE. Return the number of bytes copied, - including the terminating null byte. If YYRESULT is null, do not - copy anything; just return the number of bytes that would be - copied. As a special case, return 0 if an ordinary "syntax error" - message will do. Return YYSIZE_MAXIMUM if overflow occurs during - size calculation. */ -static YYSIZE_T -yysyntax_error (char *yyresult, int yystate, int yychar) -{ - int yyn = yypact[yystate]; - - if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) - return 0; - else - { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -# if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -# endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; - - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; - - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; - } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - - if (yysize_overflow) - return YYSIZE_MAXIMUM; - - if (yyresult) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yyresult; - int yyi = 0; - while ((*yyp = *yyf) != '\0') - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - } - return yysize; - } -} -#endif /* YYERROR_VERBOSE */ - - -/*-----------------------------------------------. -| Release the memory associated to this symbol. | -`-----------------------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) -#else -static void -yydestruct (yymsg, yytype, yyvaluep) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; -#endif -{ - YYUSE (yyvaluep); - - if (!yymsg) - yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); - - switch (yytype) - { - - default: - break; - } -} - - -/* Prevent warnings from -Wmissing-prototypes. */ - -#ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int yyparse (void *YYPARSE_PARAM); -#else -int yyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int yyparse (void); -#else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ - - - -/* The look-ahead symbol. */ -int yychar; - -/* The semantic value of the look-ahead symbol. */ -YYSTYPE yylval; - -/* Number of syntax errors so far. */ -int yynerrs; - - - -/*----------. -| yyparse. | -`----------*/ - -#ifdef YYPARSE_PARAM -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void *YYPARSE_PARAM) -#else -int -yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -#endif -#else /* ! YYPARSE_PARAM */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void) -#else -int -yyparse () - -#endif -#endif -{ - - int yystate; - int yyn; - int yyresult; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - /* Look-ahead token as an internal (translated) token number. */ - int yytoken = 0; -#if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; - char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif - - /* Three stacks and their tools: - `yyss': related to states, - `yyvs': related to semantic values, - `yyls': related to locations. - - Refer to the stacks thru separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ - - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss = yyssa; - yytype_int16 *yyssp; - - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs = yyvsa; - YYSTYPE *yyvsp; - - - -#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - - YYSIZE_T yystacksize = YYINITDEPTH; - - /* The variables used to return semantic value and location from the - action routines. */ - YYSTYPE yyval; - - - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; - - YYDPRINTF ((stderr, "Starting parse\n")); - - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; - yychar = YYEMPTY; /* Cause a token to be read. */ - - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - - yyssp = yyss; - yyvsp = yyvs; - - goto yysetstate; - -/*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | -`------------------------------------------------------------*/ - yynewstate: - /* In all cases, when you get here, the value and location stacks - have just been pushed. So pushing a state here evens the stacks. */ - yyssp++; - - yysetstate: - *yyssp = yystate; - - if (yyss + yystacksize - 1 <= yyssp) - { - /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; - -#ifdef yyoverflow - { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; - } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else - /* Extend the stack our own way. */ - if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; - yystacksize *= 2; - if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; - - { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss); - YYSTACK_RELOCATE (yyvs); - -# undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); - } -# endif -#endif /* no yyoverflow */ - - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - - - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); - - if (yyss + yystacksize - 1 <= yyssp) - YYABORT; - } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - - goto yybackup; - -/*-----------. -| yybackup. | -`-----------*/ -yybackup: - - /* Do appropriate processing given the current state. Read a - look-ahead token if we need one and don't already have one. */ - - /* First try to decide what to do without reference to look-ahead token. */ - yyn = yypact[yystate]; - if (yyn == YYPACT_NINF) - goto yydefault; - - /* Not known => get a look-ahead token if don't already have one. */ - - /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = YYLEX; - } - - if (yychar <= YYEOF) - { - yychar = yytoken = YYEOF; - YYDPRINTF ((stderr, "Now at end of input.\n")); - } - else - { - yytoken = YYTRANSLATE (yychar); - YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); - } - - /* If the proper action on seeing token YYTOKEN is to reduce or to - detect an error, take that action. */ - yyn += yytoken; - if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) - goto yydefault; - yyn = yytable[yyn]; - if (yyn <= 0) - { - if (yyn == 0 || yyn == YYTABLE_NINF) - goto yyerrlab; - yyn = -yyn; - goto yyreduce; - } - - if (yyn == YYFINAL) - YYACCEPT; - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - /* Shift the look-ahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token unless it is eof. */ - if (yychar != YYEOF) - yychar = YYEMPTY; - - yystate = yyn; - *++yyvsp = yylval; - - goto yynewstate; - - -/*-----------------------------------------------------------. -| yydefault -- do the default action for the current state. | -`-----------------------------------------------------------*/ -yydefault: - yyn = yydefact[yystate]; - if (yyn == 0) - goto yyerrlab; - goto yyreduce; - - -/*-----------------------------. -| yyreduce -- Do a reduction. | -`-----------------------------*/ -yyreduce: - /* yyn is the number of a rule to reduce with. */ - yylen = yyr2[yyn]; - - /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. - - Otherwise, the following line sets YYVAL to garbage. - This behavior is undocumented and Bison - users should not rely upon it. Assigning to YYVAL - unconditionally makes the parser a bit smaller, and it avoids a - GCC warning that YYVAL may be used uninitialized. */ - yyval = yyvsp[1-yylen]; - - - YY_REDUCE_PRINT (yyn); - switch (yyn) - { - case 6: -#line 73 "parse.y" - { - id_str = (yyvsp[(2) - (2)].string); - } - break; - - case 7: -#line 79 "parse.y" - { - base_id = name2number((yyvsp[(2) - (2)].string)); - strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); - free((yyvsp[(2) - (2)].string)); - } - break; - - case 8: -#line 85 "parse.y" - { - base_id = name2number((yyvsp[(2) - (3)].string)); - strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); - free((yyvsp[(2) - (3)].string)); - free((yyvsp[(3) - (3)].string)); - } - break; - - case 11: -#line 98 "parse.y" - { - number = (yyvsp[(2) - (2)].number); - } - break; - - case 12: -#line 102 "parse.y" - { - free(prefix); - asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); - if (prefix == NULL) - errx(1, "malloc"); - free((yyvsp[(2) - (2)].string)); - } - break; - - case 13: -#line 110 "parse.y" - { - prefix = realloc(prefix, 1); - if (prefix == NULL) - errx(1, "malloc"); - *prefix = '\0'; - } - break; - - case 14: -#line 117 "parse.y" - { - struct error_code *ec = malloc(sizeof(*ec)); - - if (ec == NULL) - errx(1, "malloc"); - - ec->next = NULL; - ec->number = number; - if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, (yyvsp[(2) - (4)].string)); - if (ec->name == NULL) - errx(1, "malloc"); - free((yyvsp[(2) - (4)].string)); - } else - ec->name = (yyvsp[(2) - (4)].string); - ec->string = (yyvsp[(4) - (4)].string); - APPEND(codes, ec); - number++; - } - break; - - case 15: -#line 137 "parse.y" - { - YYACCEPT; - } - break; - - -/* Line 1267 of yacc.c. */ -#line 1470 "parse.c" - default: break; - } - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); - - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - - *++yyvsp = yyval; - - - /* Now `shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; - - goto yynewstate; - - -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ -yyerrlab: - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { - ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); -#else - { - YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); - if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) - { - YYSIZE_T yyalloc = 2 * yysize; - if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) - yyalloc = YYSTACK_ALLOC_MAXIMUM; - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yyalloc); - if (yymsg) - yymsg_alloc = yyalloc; - else - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - } - } - - if (0 < yysize && yysize <= yymsg_alloc) - { - (void) yysyntax_error (yymsg, yystate, yychar); - yyerror (yymsg); - } - else - { - yyerror (YY_("syntax error")); - if (yysize != 0) - goto yyexhaustedlab; - } - } -#endif - } - - - - if (yyerrstatus == 3) - { - /* If just tried and failed to reuse look-ahead token after an - error, discard it. */ - - if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } - else - { - yydestruct ("Error: discarding", - yytoken, &yylval); - yychar = YYEMPTY; - } - } - - /* Else will try to reuse look-ahead token after shifting the error - token. */ - goto yyerrlab1; - - -/*---------------------------------------------------. -| yyerrorlab -- error raised explicitly by YYERROR. | -`---------------------------------------------------*/ -yyerrorlab: - - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule which action triggered - this YYERROR. */ - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - yystate = *yyssp; - goto yyerrlab1; - - -/*-------------------------------------------------------------. -| yyerrlab1 -- common code for both syntax error and YYERROR. | -`-------------------------------------------------------------*/ -yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ - - for (;;) - { - yyn = yypact[yystate]; - if (yyn != YYPACT_NINF) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } - - /* Pop the current state because it cannot handle the error token. */ - if (yyssp == yyss) - YYABORT; - - - yydestruct ("Error: popping", - yystos[yystate], yyvsp); - YYPOPSTACK (1); - yystate = *yyssp; - YY_STACK_PRINT (yyss, yyssp); - } - - if (yyn == YYFINAL) - YYACCEPT; - - *++yyvsp = yylval; - - - /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); - - yystate = yyn; - goto yynewstate; - - -/*-------------------------------------. -| yyacceptlab -- YYACCEPT comes here. | -`-------------------------------------*/ -yyacceptlab: - yyresult = 0; - goto yyreturn; - -/*-----------------------------------. -| yyabortlab -- YYABORT comes here. | -`-----------------------------------*/ -yyabortlab: - yyresult = 1; - goto yyreturn; - -#ifndef yyoverflow -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); - yyresult = 2; - /* Fall through. */ -#endif - -yyreturn: - if (yychar != YYEOF && yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - /* Do not reclaim the symbols of the rule which action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); - YY_STACK_PRINT (yyss, yyssp); - while (yyssp != yyss) - { - yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); - YYPOPSTACK (1); - } -#ifndef yyoverflow - if (yyss != yyssa) - YYSTACK_FREE (yyss); -#endif -#if YYERROR_VERBOSE - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); -#endif - /* Make sure YYID is used. */ - return YYID (yyresult); -} - - -#line 142 "parse.y" - - -static long -name2number(const char *str) -{ - const char *p; - long num = 0; - const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz0123456789_"; - if(strlen(str) > 4) { - yyerror("table name too long"); - return 0; - } - for(p = str; *p; p++){ - char *q = strchr(x, *p); - if(q == NULL) { - yyerror("invalid character in table name"); - return 0; - } - num = (num << 6) + (q - x) + 1; - } - num <<= 8; - if(num > 0x7fffffff) - num = -(0xffffffff - num + 1); - return num; -} - -void -yyerror (char *s) -{ - error_message ("%s\n", s); -} - diff --git a/contrib/com_err/parse.h b/contrib/com_err/parse.h deleted file mode 100644 index 23d7e0c7d98..00000000000 --- a/contrib/com_err/parse.h +++ /dev/null @@ -1,81 +0,0 @@ -/* A Bison parser, made by GNU Bison 2.3. */ - -/* Skeleton interface for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - ET = 258, - INDEX = 259, - PREFIX = 260, - EC = 261, - ID = 262, - END = 263, - STRING = 264, - NUMBER = 265 - }; -#endif -/* Tokens. */ -#define ET 258 -#define INDEX 259 -#define PREFIX 260 -#define EC 261 -#define ID 262 -#define END 263 -#define STRING 264 -#define NUMBER 265 - - - - -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE -#line 53 "parse.y" -{ - char *string; - int number; -} -/* Line 1529 of yacc.c. */ -#line 74 "parse.h" - YYSTYPE; -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 -#endif - -extern YYSTYPE yylval; - diff --git a/contrib/com_err/parse.y b/contrib/com_err/parse.y index 7e9cf1016eb..0c2e5084b51 100644 --- a/contrib/com_err/parse.y +++ b/contrib/com_err/parse.y @@ -1,43 +1,39 @@ %{ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $FreeBSD$ */ #include "compile_et.h" #include "lex.h" -#if 0 -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); -#endif void yyerror (char *s); static long name2number(const char *str); @@ -50,6 +46,9 @@ extern char *yytext; #define alloca(x) malloc(x) #endif +#define YYMALLOC malloc +#define YYFREE free + %} %union { @@ -63,7 +62,7 @@ extern char *yytext; %% -file : /* */ +file : /* */ | header statements ; @@ -96,7 +95,7 @@ statements : statement | statements statement ; -statement : INDEX NUMBER +statement : INDEX NUMBER { number = $2; } @@ -118,7 +117,7 @@ statement : INDEX NUMBER | EC STRING ',' STRING { struct error_code *ec = malloc(sizeof(*ec)); - + if (ec == NULL) errx(1, "malloc"); @@ -171,5 +170,5 @@ name2number(const char *str) void yyerror (char *s) { - error_message ("%s\n", s); + _lex_error_message ("%s\n", s); } diff --git a/contrib/com_err/roken_rename.h b/contrib/com_err/roken_rename.h index 7c9b0ee10e9..3da2948a64d 100644 --- a/contrib/com_err/roken_rename.h +++ b/contrib/com_err/roken_rename.h @@ -1,61 +1,61 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: roken_rename.h 14930 2005-04-24 19:43:06Z lha $ */ +/* $Id$ */ #ifndef __roken_rename_h__ #define __roken_rename_h__ #ifndef HAVE_SNPRINTF -#define snprintf _com_err_snprintf +#define rk_snprintf _com_err_snprintf #endif #ifndef HAVE_VSNPRINTF -#define vsnprintf _com_err_vsnprintf +#define rk_vsnprintf _com_err_vsnprintf #endif #ifndef HAVE_ASPRINTF -#define asprintf _com_err_asprintf +#define rk_asprintf _com_err_asprintf #endif #ifndef HAVE_ASNPRINTF -#define asnprintf _com_err_asnprintf +#define rk_asnprintf _com_err_asnprintf #endif #ifndef HAVE_VASPRINTF -#define vasprintf _com_err_vasprintf +#define rk_vasprintf _com_err_vasprintf #endif #ifndef HAVE_VASNPRINTF -#define vasnprintf _com_err_vasnprintf +#define rk_vasnprintf _com_err_vasnprintf #endif #ifndef HAVE_STRLCPY -#define strlcpy _com_err_strlcpy +#define rk_strlcpy _com_err_strlcpy #endif diff --git a/contrib/com_err/version-script.map b/contrib/com_err/version-script.map index 43e2e020c0c..8da2fef6dd4 100644 --- a/contrib/com_err/version-script.map +++ b/contrib/com_err/version-script.map @@ -3,6 +3,7 @@ HEIMDAL_COM_ERR_1.0 { global: com_right; + com_right_r; free_error_table; initialize_error_table_r; add_to_error_table; @@ -13,6 +14,7 @@ HEIMDAL_COM_ERR_1.0 { init_error_table; reset_com_err_hook; set_com_err_hook; + _et_list; local: *; }; diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog index e167b09a895..125740da326 100644 --- a/crypto/heimdal/ChangeLog +++ b/crypto/heimdal/ChangeLog @@ -1,8 +1,457 @@ -2008-01-24 Love Hörnquist Åstrand - * Release 1.1 +We stop writing change logs, see the source code version control systems history log instead + +2008-07-28 Love Hornquist Astrand -2008-01-21 Love Hörnquist Åstrand + * lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally + issues invalid AFS tokens + (here "occasionally" means for certain users in certain realms). + + In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket + is padded to a multiple of 8 bytes. If it is already a multiple of + 8 bytes, 8 additional 0-bytes are added. + + This catches the AFS krb4 ticket decoder by surprise: unless the + ticket is exactly 56 bytes, it only supports the minimum necessary + padding. It detects the superfluous padding by comparing the + ticket length decoded to the advertised ticket length. + + Hence a 7-letter userid in "cern.ch" which resulted in a ticket of + 40 bytes, got "padded" to 48 bytes which the rxkad decoder + rejected. + + From Rainer Toebbicke. + +2008-07-25 Love Hörnquist Ã…strand + + * kuser/kinit.c: add --ok-as-delegate and --windows flags + + * kpasswd/kpasswd-generator.c: Switch to krb5_set_password. + + * kuser/kinit.c: Use krb5_cc_set_config. + + * lib/krb5/cache.c: Add krb5_cc_[gs]et_config. + +2008-07-22 Love Hörnquist Ã…strand + + * lib/krb5/crypto.c: Allow numbers to be enctypes to as long as + they are valid. + +2008-07-17 Love Hörnquist Ã…strand + + * lib/hdb/version-script.map: some random bits needed for libkadm + +2008-07-15 Love Hörnquist Ã…strand + + * lib/krb5/send_to_kdc_plugin.h: add name for send_to_kdc plugin. + + * lib/krb5/krbhst.c: handle KRB5_PLUGIN_NO_HANDLE for lookup + plugin. + + * lib/krb5/send_to_kdc.c: Add support for the send_to_kdc plugin + interface. + + * lib/krb5/Makefile.am: add send_to_kdc_plugin.h + + * lib/krb5/krb5_err.et: add plugin error codes + +2008-07-14 Love Hornquist Astrand + + * lib/hdb/Makefile.am: EXTRA_DIST += version-script.map + +2008-07-14 Love Hornquist Astrand + + * lib/krb5/krb5_{address,ccache}.3: spelling, from openbsd via janne + johansson + +2008-07-13 Love Hörnquist Ã…strand + + * lib/krb5/version-script.map: add krb5_free_error_message + +2008-06-21 Love Hörnquist Ã…strand + + * lib/krb5/init_creds_pw.c: switch to krb5_set_password(). + +2008-06-18 Love Hörnquist Ã…strand + + * lib/krb5/time.c (krb5_set_real_time): handle negative usec + +2008-05-31 Love Hörnquist Ã…strand + + * lib/krb5/krb5_locl.h: Add + + * lib/krb5/crypto.c: Use wind_utf8ucs2_length to convert the password to utf16. + +2008-05-30 Love Hörnquist Ã…strand + + * lib/krb5/kcm.c: Add back krb5_kcmcache argument to try_door(). + +2008-05-27 Love Hörnquist Ã…strand + + * lib/krb5/error_string.c (krb5_free_error_message): constify + + * lib/krb5/error_string.c: Add krb5_get_error_message(). + + * lib/krb5/doxygen.c: krb5_cc_new_unique() is name of the creation + function. + +2008-04-30 Love Hörnquist Ã…strand + + * lib/hdb/hdb-ldap.c: Use the _ext api for OpenLDAP, from Honza + Machacek (gentoo). + +2008-04-28 Love Hörnquist Ã…strand + + * lib/krb5/crypto.c: Use DES_set_key_unchecked(). + + * lib/krb5/krb5.conf.5: Document default_cc_type. + + * lib/krb5/cache.c: Pick up [libdefaults]default_cc_type + +2008-04-27 Love Hörnquist Ã…strand + + * kdc/kaserver.c: Use DES_set_key_unchecked(). + +2008-04-21 Love Hörnquist Ã…strand + + * doc/hx509.texi: About the pkcs11 module. + + * doc/hx509.texi: Pick up version from vars.texi + + * doc/hx509.texi: No MIT code in hx509. + + * hx509 now includes a pkcs11 implementation. + +2008-04-20 Love Hörnquist Ã…strand + + * lib/hdb/Makefile.am: Move OpenLDAP includes to AM_CPPFLAGS to + avoid dropping other defines for the library. + +2008-04-17 Love Hörnquist Ã…strand + + * lib/krb5: add __declspec() for windows. + + * configure.in: Update rk_WIN32_EXPORT, add gssapi to + rk_WIN32_EXPORT. + + * configure.in: Lets try dependency tracking for automake 1.10 and + later. + + * configure.in: Use at least libtool-2.2. + + * configure.in: Use LT_INIT the right way. + + * lib/krb5/Makefile.am: Update make-proto usage. + + * configure.in: Run autoupdate, use LT_INIT(). + +2008-04-15 Love Hörnquist Ã…strand + + * lib/krb5/test_forward.c: Don't print krb5_error_code since we + are using krb5_err(). + + * lib/krb5/ticket.c: Cast krb5_error_code to int to avoid warning. + + * lib/krb5/scache.c: Cast krb5_error_code to int to avoid warning. + + * lib/krb5/principal.c: Cast enum to int to avoid warning. + + * lib/krb5/pkinit.c: Cast krb5_error_code to int to avoid warning. + + * lib/krb5/pac.c: Cast size_t to unsigned long to avoid warning. + + * lib/krb5/error_string.c: Cast krb5_error_code to int to avoid + warning. + + * lib/krb5/keytab_keyfile.c: Make num_entries an uint32 to avoid + negative numbers and type warnings. + + * lib/krb5: cc_get_version returns an int, update. + +2008-04-10 Love Hörnquist Ã…strand + + * configure.in: Check for . + +2008-04-09 Love Hörnquist Ã…strand + + * lib/krb5/version-script.map: sort and export _krb5_pk_kdf + + * lib/krb5/crypto.c: Check kdf params. calculate the second half + of the key. + + * lib/krb5/Makefile.am: Add test_pknistkdf + + * lib/krb5/test_pknistkdf.c: Test the new pkinit nist kdf. + + * lib/krb5/crypto.c: Complete _krb5_pk_kdf. + + * lib/krb5/crypto.c: First version of KDF in + draft-ietf-krb-wg-pkinit-alg-agility-03.txt. + +2008-04-08 Love Hörnquist Ã…strand + + * doc/setup.texi: Add text about smbk5pwd overlay from Buchan + Milne. + + * lib/krb5/krb5_locl.h: Name the pkinit type enum. + + * kdc/pkinit.c: Rename constants to match global header. + + * lib/krb5/pkinit.c: Drop krb5_pk_identity and rename constants to + match global header. + + * kdc/pkinit.c: Pick up krb5_pk_identity from krb5_locl.h. + + * lib/krb5/scache.c (scc_alloc): %x is unsigned int. + +2008-04-07 Love Hörnquist Ã…strand + + * lib/krb5/version-script.map: Sort and add krb5_cc_switch. + + * lib/krb5/acache.c: Use unsigned where appropriate. + + * kcm/glue.c: Adapt to chenge to krb5_cc_ops. + + * kcm/acl.c: Add missing op. + + * kdc/connect.c: Use unsigned where appropriate. + + * lib/krb5/n-fold.c: Use size_t where appropriate. + + * lib/krb5/get_addrs.c: Use unsigned where appropriate. + + * lib/krb5/crypto.c: Use unsigned where appropriate. + + * lib/krb5/crc.c: Use unsigned where appropriate. + + * lib/krb5/changepw.c: simplify + + * lib/krb5/copy_host_realm.c: simplify + + * kuser/kswitch.c: Implement --principal. + +2008-04-05 Love Hörnquist Ã…strand + + * lib/krb5/cache.c: allow returning the default cc-type. + + * kuser/kswitch.c: Enable switching between existing caches. + + * lib/krb5/cache.c: Add krb5_cc_switch, to set the default + credential cache. + + * lib/krb5/acache.c: Implement set_default. + + * lib/krb5/krb5.h: Extend krb5_cc_ops and add set_default to set + the default cc name for a credential type. + +2008-04-04 Love Hörnquist Ã…strand + + * lib/krb5/test_cc.c: test remove + + * lib/krb5/fcache.c: Make the remove cred slight more atomic, now + it might lose creds, but there will be no empty cache at any time. + + * lib/krb5/scache.c: Do credential iteration by temporary table. + +2008-04-02 Love Hörnquist Ã…strand + + * lib/krb5/acache.c: Translate ccErrInvalidCCache. + + * lib/krb5/scache.c: implemetation of a sqlite3 backed credential + cache. + + * lib/krb5/test_cc.c: test acc and scc + + * lib/krb5/acache.c: Only release context if its in use. + +2008-04-01 Love Hörnquist Ã…strand + + * doc/setup.texi: No patching of OpenLDAP is needed, from Buchan + Milne. + +2008-03-30 Love Hörnquist Ã…strand + + * lib/krb5/Makefile.am: Add scache. + + * lib/krb5/scache.c: initial implementation + + * lib/Makefile.am: sqlite + + * configure.in: lib/sqlite/Makefile + +2008-03-26 Love Hörnquist Ã…strand + + * lib/krb5/fcache.c: Make the storing credential an atomic + write(2) to avoid signal races, bug traced by Harald Barth and Lars + Malinowsky. + +2008-03-25 Love Hörnquist Ã…strand + + * lib/krb5/fcache.c: Make erase_file() do locking too. + + * kcm/protocol.c: Make work when moving to a non-existant + cred-cache. + + * lib/krb5/test_cc.c: more verbose info. + + * lib/krb5/test_cc.c: test krb5_cc_move(). + +2008-03-23 Love Hörnquist Ã…strand + + * lib/krb5/get_cred.c: Try both kdc server referral and the old + client chasing mode. + + * lib/krb5/get_cred.c: Don't do canonicalize by default, make + add_cred() sane, make loop detection in credential fetching + better. + + * lib/krb5/krb5_locl.h: Add flag EXTRACT_TICKET_AS_REQ. + + * lib/krb5/init_creds_pw.c: Tell _krb5_extract_ticket that this is + an AS-REQ. + + * lib/krb5/get_in_tkt.c: Make server referral work. + +2008-03-22 Love Hörnquist Ã…strand + + * lib/krb5/get_in_tkt.c: check no server referral, don't use + stringent length tests since encryption layer does padding for + us... + + * kdc/kerberos5.c: Match name in ClientCanonicalizedNames with -10 + + * lib/krb5/principal.c (_krb5_principal_compare_PrincipalName): + new function to compare a principal to a PrincipalName. + + * lib/krb5/init_creds_pw.c: Move client referral checking to + _krb5_extract_ticket(). + + * lib/krb5/get_in_tkt.c: More bits for server referral. + + * lib/krb5/get_in_tkt.c: Make working with client referrals. + + * lib/krb5/get_cred.c: Try moving referrals checking into + _krb5_extract_ticket(). + + * lib/krb5/get_in_tkt.c: Try moving referrals checking into + _krb5_extract_ticket(). + +2008-03-21 Love Hörnquist Ã…strand + + * kdc/krb5tgs.c: Send SERVER-REFERRAL data in rep.padata instead + of auth_data in ticket. + +2008-03-20 Love Hörnquist Ã…strand + + * lib/krb5/init_creds_pw.c: remove lost bits from using + krb5_principal_set_realm + + * kdc/krb5tgs.c: Better referrals support, use canonicalize flag. + + * kdc/hprop.c: use krb5_principal_set_realm + + * lib/krb5/init_creds_pw.c: use krb5_principal_set_realm + + * lib/krb5/verify_user.c: use krb5_principal_set_realm + + * lib/krb5/version-script.map: add krb5_principal_set_realm + + * lib/krb5/principal.c: add krb5_principal_set_realm + + * lib/krb5/get_cred.c: Insecure tgs referrals. + + * lib/krb5/get_cred.c: Dont try key usage KRB5_KU_AP_REQ_AUTH for + TGS-REQ. This drop compatibility with pre 0.3d KDCs. + + * lib/krb5/get_cred.c: catch KRB5_GC_CANONICALIZE. + + * lib/krb5/krb5.h: set KRB5_GC_CANONICALIZE. + + * kuser/kgetcred.c: set KRB5_GC_CANONICALIZE. + + * kuser/kgetcred.c: Add stub --canonicalize implementation. + +2008-03-19 Love Hörnquist Ã…strand + + * doc/setup.texi: Fix sasl-regexp, from Howard Chu. + +2008-03-14 Love Hörnquist Ã…strand + + * kdc/kx509.c: Adapt to hx509_env changes. + +2008-03-10 Love Hörnquist Ã…strand + + * lib/krb5/pkinit.c: Try searchin the key by to use by first + looking for for PK-INIT EKU, then the Microsoft smart card EKU and + last, no special EKU at all. + +2008-03-09 Love Hörnquist Ã…strand + + * lib/krb5/acache.c: Create a new credential cache is ->get_name + is called, make acc_initialize() reset the existing credential + cache if needed. + + * lib/krb5/acache.c (acc_get_name): just return the cache_name + directly instead of trying to resolve it. + +2008-02-23 Love Hörnquist Ã…strand + + * include/Makefile.am (CLEANFILES): add wind.h and wind_err.h and + sort. + +2008-02-11 Love Hörnquist Ã…strand + + * lib/hdb/hdb-ldap.c: Use malloc() instead of static buffer. + + * lib/hdb/hdb-ldap.c: Use ldap_get_values_len, from LaMont Jones + via Brian May and Debian. + + * doc/Makefile.am: add libwind + +2008-02-05 Love Hörnquist Ã…strand + + * lib/krb5/test_renew.c: Remove extra ;, From Dennis Davis. + + * lib/krb5/store_emem.c: Make compile on-pre c99 compilers. From + Dennis Davis. + +2008-02-03 Love Hörnquist Ã…strand + + * tools/heimdal-gssapi.pc.in: Add wind. + + * tools/krb5-config.in: Add wind. + + * lib/krb5/pac.c: Use libwind. + +2008-02-01 Love Hörnquist Ã…strand + + * lib/Makefile.am: SUBDIRS: add wind + +2008-01-29 Love Hörnquist Ã…strand + + * doc/programming.texi: See the Kerberos 5 API introduction and + documentation on the Heimdal webpage. + +2008-01-27 Love Hörnquist Ã…strand + + * lib/krb5: better error strings for the keytab fetching functions + + * lib/krb5/verify_krb5_conf.c: Catch deprecated entries. + + * lib/krb5/get_cred.c: Remove support + for [libdefaults]capath (not [libdefaults] capaths though). + +2008-01-25 Love Hörnquist Ã…strand + + * tools/heimdal-gssapi.pc.in: Fix caps of prefix, from Joakim + Fallsjo. + +2008-01-24 Love Hörnquist Ã…strand + + * lib/krb5/fcache.c (fcc_move): more explict why the fcc_move + failes, handle cross device moves. + +2008-01-21 Love Hörnquist Ã…strand * lib/krb5/get_for_creds.c: Use on variable less. @@ -20,1337 +469,17 @@ * kdc/Makefile.am: drop CHECK_SYMBOLS -2008-01-18 Love Hörnquist Åstrand +2008-01-18 Love Hörnquist Ã…strand * lib/krb5/version-script.map: Add krb5_digest_probe. -2008-01-13 Love Hörnquist Åstrand +2008-01-13 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with hx509_name_binary. -2008-01-12 Love Hörnquist Åstrand +2008-01-12 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: add missing files -2007-12-28 Love Hörnquist Åstrand - - * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the - type2 message. - -2007-12-14 Love Hörnquist Åstrand - - * lib/hdb/dbinfo.c: Add hdb_default_db(). - - * Makefile.am: Add some extra cf/*. - -2007-12-12 Love Hörnquist Åstrand - - * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov. - -2007-12-09 Love Hörnquist Åstrand - - * kdc/log.c: Use hdb_db_dir(). - - * kpasswd/kpasswdd.c: Use hdb_db_dir(). - -2007-12-08 Love Hörnquist Åstrand - - * kdc/config.c: Use hdb_db_dir(). - - * kdc/kdc_locl.h: add KDC_LOG_FILE - - * kdc/hpropd.c: Use hdb_default_db(). - - * kdc/kstash.c: Use hdb_db_dir(). - - * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir(). - - * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check. - - * lib/krb5/verify_krb5_conf.c: Check check_pac. - - * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac - field in the krb5_rd_req_in_ctx - - * lib/krb5/expand_hostname.c: Adapt to changing - dns_canonicalize_hostname into flags field. - - * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname - into flags field, add check-pac as an libdefaults option. - - * lib/krb5/pkinit.c: Adapt to changes in hx509 interface. - - * doc: add doxygen documentation to hcrypto - - * doc/doxytmpl.dxy: generate links - -2007-12-07 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h - - * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the - hdb database resides. - - * configure.in: Add --with-hdbdir to specify where the database is - stored. - - * lib/krb5/crypto.c: revert previous patch, the problem is located - in the RAND_file_name() function that will cause recursive nss - lookups, can't fix that here. - -2007-12-06 Love Hörnquist Åstrand - - * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the - dead-lock in by not holding the lock while running - RAND_file_name. Prompted by Hai Zaar. - - * lib/krb5/n-fold.c: spelling - -2007-12-04 Love Hörnquist Åstrand - - * kuser/kdigest.c (digest-probe): implement command. - - * kuser/kdigest-commands.in (digest-probe): new command - - * kdc/digest.c: Implement supportedMechs request. - - * lib/krb5/error_string.c: Make krb5_get_error_string return an - allocated string to make the function indempotent. From - Zeqing (Fred) Xia. - -2007-12-03 Love Hörnquist Åstrand - - * lib/krb5/krb5_locl.h (krb5_context_data): Flag if - default_cc_name was set by the user. - - * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate. - - * kcm/acquire.c: use krb5_free_cred_contents - - * kuser/kimpersonate.c: use krb5_free_cred_contents - - * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the - cred cache. - - * lib/krb5/cache.c: Put back code that was needed, move gen_new - into new_unique. - - * lib/krb5/mcache.c (mcc_default_name): Remove const - - * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine - KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE - - * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the - default name. - - * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name. - - * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name. - - * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name. - - * lib/krb5/krb5.h: Add krb5_cc_ops->default_name. - - * lib/krb5/acache.c: Free context when done, implement - krb5_cc_ops->default_name. - - * lib/krb5/kcm.c: implement dummy kcm_move - - * lib/krb5/mcache.c: Implement the move operation. - - * lib/krb5/version-script.map: export krb5_cc_move - - * lib/krb5/cache.c: New function krb5_cc_move(). - - * lib/krb5/fcache.c: Implement the move operation. - - * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major - version bump. - - * lib/krb5/acache.c: Implement the move operation. Avoid using - cc_set_principal() since it broken on Mac OS X 10.5.0. - -2007-12-02 Love Hörnquist Åstrand - - * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow. - -2007-11-14 Love Hörnquist Åstrand - - * kdc/krb5tgs.c: Should pass different key usage constants - depending on whether or not optional sub-session key was passed by - the client for the check of authorization data. The constant is - used to derive "specific key" and its values are specified in - 7.5.1 of RFC4120. - - Patch from Andy Polyakov. - - * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft - clients have started to not like that. Thanks to Andy Polyakov for - excellent research. - -2007-11-11 Love Hörnquist Åstrand - - * lib/krb5/creds.c: use krb5_data_cmp - - * lib/krb5/acache.c: use krb5_free_cred_contents - - * lib/krb5/test_renew.c: use krb5_free_cred_contents - -2007-11-10 Love Hörnquist Åstrand - - * lib/krb5/acl.c: doxygen documentation - - * lib/krb5/addr_families.c: doxygen documentation - - * doc: add doxygen - - * lib/krb5/plugin.c: doxygen documentation - - * lib/krb5/kcm.c: doxygen documentation - - * lib/krb5/fcache.c: doxygen documentation - - * lib/krb5/cache.c: doxygen documentations - - * lib/krb5/doxygen.c: doxygen introduction - - * lib/krb5/error_string.c: Doxygen documentation. - -2007-11-03 Love Hörnquist Åstrand - - * lib/krb5/test_plugin.c: expose krb5_plugin_register - - * lib/krb5/plugin.c: expose krb5_plugin_register - - * lib/krb5/version-script.map: sort, expose krb5_plugin_register - -2007-10-24 Love Hörnquist Åstrand - - * kdc/kerberos5.c: Adding same enctype is enough one time. From - Andy Polyakov and Bjorn Sandell. - -2007-10-18 Love - - * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value - from krb5_cc_start_seq_get. From Zeqing (Fred) Xia - - * lib/krb5/fcache.c (init_fcc): provide better error codes - - * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid - sending warning about pruned etypes. - - * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour - based) "old", this to support windows 2000 clients (unjoined to a - domain). From Andy Polyakov. - -2007-10-07 Love Hörnquist Åstrand - - * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell. - -2007-10-04 Love Hörnquist Åstrand - - * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA - Ken'ichi. - - * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is - NULL on failure. - -2007-10-03 Love Hörnquist Åstrand - - * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from - krb5_addr2sockaddr and igore thte test is that case. - -2007-09-29 Love Hörnquist Åstrand - - * lib/krb5/context.c (krb5_free_context): free - default_cc_name_env, from Gunther Deschner. - -2007-08-27 Love Hörnquist Åstrand - - * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make - work with c++, reported by Hai Zaar - - * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar - -2007-08-20 Love Hörnquist Åstrand - - * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema - -2007-07-31 Love Hörnquist Åstrand - - * check return value of alloc functions, from Charles Longeau - - * lib/krb5/principal.c: spelling. - - * kadmin/kadmin.8: spelling - - * lib/krb5/crypto.c: Check return values from alloc - functions. Prompted by patch of Charles Longeau. - - * lib/krb5/n-fold.c: Make _krb5_n_fold return a error - code. Prompted by patch of Charles Longeau. - -2007-07-27 Love Hörnquist Åstrand - - * lib/krb5/init_creds.c: Always set the ticket options, use - KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset - tri-state not so useful. - -2007-07-24 Love Hörnquist Åstrand - - * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of - libraries. - - * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in - heimdal. - - * tools/Makefile.am: Add heimdal-gssapi.pc and install it into - $(libdir)/pkgconfig - -2007-07-23 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default. - -2007-07-22 Love Hörnquist Åstrand - - * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as - key if the entry is a correct entry. - - * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from - Gunther Deschner. - - * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS. - - * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds. - -2007-07-21 Love Hörnquist Åstrand - - * lib/hdb/keys.c: Make parse_key_set handle key set string "v5", - from Peter Meinecke. - - * kdc/kaserver.c: Don't ovewrite the error code, from Peter - Meinecke. - -2007-07-18 Love Hörnquist Åstrand - - * TODO-1.0: remove - - * Makefile.am: remove TODO-1.0 - -2007-07-17 Love Hörnquist Åstrand - - * Heimdal 1.0 release branch cut here - - * doc/hx509.texi: use version.texi - - * doc/heimdal.texi: use version.texi - - * doc/version.texi: version.texi - - * lib/hdb/db3.c: avoid type-punned pointer warning. - - * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to - please OpenSSL and gcc. - - * kdc/digest.c: Use unsigned char * as argument to MD5_Update to - please OpenSSL and gcc. - -2007-07-16 Love Hörnquist Åstrand - - * include/Makefile.am: Add krb_err.h. - - * kdc/set_dbinfo.c: Print acl file too. - - * kdc/kerberos4.c: Error codes are just fine, remove XXX now. - - * lib/krb5/krb5-v4compat.h: Drop duplicate error codes. - - * kdc/kerberos4.c: switch to ET errors. - - * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ. - - * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the - et BASE. - -2007-07-15 Love Hörnquist Åstrand - - * lib/krb5/krb5-v4compat.h: Include "krb_err.h". - - * lib/krb5/v4_glue.c: return more interesting error codes. - - * lib/krb5/plugin.c: Prefix enum plugin_type. - - * lib/krb5/krb5_locl.h: Expose plugin structures. - - * lib/krb5/krb5.h: Add plugin structures. - - * lib/krb5/krb_err.et: V4 errors. - - * lib/krb5/version-script.map: First version of version script. - -2007-07-13 Love Hörnquist Åstrand - - * kdc/kerberos5.c: Java 1.6 expects the name to be the same type, - lets allow that for uncomplicated name-types. - -2007-07-12 Love Hörnquist Åstrand - - * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains - address 0, its ticket less and don't really care about - from_addr. return better error codes. - - * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules. - -2007-07-11 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding - more then one enctype 23 to krb5EncryptionType. - - * lib/krb5/cache.c: Spelling. - - * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO. - (get_pa_etype_info2): return the enctypes as sorted in the - database - -2007-07-10 Love Hörnquist Åstrand - - * kuser/kinit.c: krb5-v4compat.h defines prototypes for - v4 (semiprivate functions) in libkrb5, don't include - krb5-private.h any longer. - - * lib/krb5/krbhst.c: Set error string when there is no KDC for a - realm. - - * lib/krb5/Makefile.am: New library version. - - * kdc/Makefile.am: New library version. - - * lib/krb5/krb5_locl.h: Add default_cc_name_env. - - * lib/krb5/cache.c (enviroment_changed): return non-zero if - enviroment that will determine default krb5cc name has changed. - (krb5_cc_default_name): also check if cached value is uptodate. - - * lib/krb5/krb5_locl.h: Drop pkinit_flags. - -2007-07-05 Love Hörnquist Åstrand - - * configure.in: add tests/java/Makefile - - * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file. - -2007-07-04 Love Hörnquist Åstrand - - * kdc/kerberos5.c: Improve the default salt detection to avoid - returning v4 password salting to java that doesn't look at the - returning padata for salting. - - * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett - -2007-07-02 Love Hörnquist Åstrand - - * kdc/digest.c: Try harder to provide better error message for - digest messages. - - * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on - krb5-pr*.h, make -j finds this. - -2007-06-28 Love Hörnquist Åstrand - - * kdc/digest.c: On success, print username, not ip-adress. - -2007-06-26 Love Hörnquist Åstrand - - * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. - - * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds - - * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. - -2007-06-25 Love Hörnquist Åstrand - - * doc/setup.texi: Add example for pkinit_win2k_require_binding - in [kdc] section. - - * kdc/default_config.c: Rename require_binding to - win2k_require_binding to match client configuration. - - * kdc/default_config.c: Add [kdc]pkinit_require_binding option. - - * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply - if its not required. - - * kdc/default_config.c: rename pkinit_princ_in_cert and add - pkinit_require_binding - - * kdc/kdc.h: rename pkinit_princ_in_cert and add - pkinit_require_binding - - * kdc/pkinit.c: rename pkinit_princ_in_cert - -2007-06-24 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change. - -2007-06-21 Love Hörnquist Åstrand - - * kdc/krb5tgs.c: Drop unused variable. - - * kdc/krb5tgs.c: disable anonyous tgs requests - - * kdc/krb5tgs.c: Don't check PAC on cross realm for now. - - * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse - nametypes. - - * lib/krb5/krb5_principal.3: Document krb5_parse_nametype. - - * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and - return their integer values. - - * lib/krb5/krb5.h (krb5_get_creds): Add - KRB5_GC_CONSTRAINED_DELEGATION. - - * lib/krb5/get_cred.c (krb5_get_creds): if - KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous - and constrained_delegation. - -2007-06-20 Love Hörnquist Åstrand - - * kdc/digest.c: Return an error message instead of dropping the - packet for more failure cases. - - * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY. - - * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more - gracefully - -2007-06-18 Love Hörnquist Åstrand - - * lib/krb5/pac.c: make compile. - - * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using - pointer from stack. - - * lib/krb5/plugin.c: Don't expose free pointer. - - * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first - calloc. - - * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory - - * lib/krb5/krbhst.c: Host is static memory, don't free. - - * lib/krb5/crypto.c (decrypt_internal_derived): make sure length - is longer then confounder + checksum. - - * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from - users. This to allows libkdc users to to specify their own - databases - - * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of - content data (and avoid leaking memory). - - * kdc/misc.c (_kdc_db_fetch): set error string for failures. - -2007-06-15 Love Hörnquist Åstrand - - * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. - -2007-06-13 Love Hörnquist Åstrand - - * kdc/pkinit.c: tell user when they got a pk-init request with - pkinit disabled. - -2007-06-12 Love Hörnquist Åstrand - - * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to - UNPARSE_DISPLAY. - - * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY. - - * lib/krb5/principal.c: Make no-quote mean replace strange chars - with space. - - * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. - - * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. - - * lib/krb5/test_princ.c: Test quoteing. - - * lib/krb5/pkinit.c: update (c) - - * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC. - - * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole - process needs to restart or just skip this KDC. - - * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to - KDC. - - * lib/krb5/krb5.h: Add sendto hooks and opaque structure. - - * lib/krb5/krb5_rd_error.3: Update prototype. - - * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from - the server. - -2007-06-11 Love Hörnquist Åstrand - - * lib/krb5/krb5_err.et: Some new error codes from RFC 4120. - -2007-06-09 Love Hörnquist Åstrand - - * kdc/krb5tgs.c: Constify. - - * kdc/kerberos5.c: Constify. - - * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. - -2007-06-08 Love Hörnquist Åstrand - - * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS. - - * kdc/Makefile.am: EXTRA_DIST += version-script.map. - -2007-06-07 Love Hörnquist Åstrand - - * Makefile.am (print-distdir): print name of dist - - * kdc/pkinit.c: Break out loading of mappings file to a separate - function and remove warning that it can't open the mapping file, - there are now mappings in the db, maybe the users uses that - instead... - - * lib/krb5/crypto.c: Require the raw key have the correct size and - do away with the minsize. Minsize was a thing that originated - from RC2, but since RC2 is done in the x509/cms subsystem now - there is no need to keep that around. - - * lib/hdb/dbinfo.c: If there is no default dbname, also check for - unset mkey_file and set it default mkey name, make backward compat - stuff work. - - * kdc/version-script.map: add new symbols - - * kdc/kdc-replay.c: Also update krb5_context view of what the time - is. - - * configure.in: add tests/can/Makefile - - * kdc/kdc-replay.c: Add --[version|help]. - - * kdc/pkinit.c: Push down the kdc time into the x509 library. - - * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the - reply data too. - - * kdc/kdc-replay.c: verify reply by checking asn1 class, type and - tag of the reply if there is one. - - * kdc/process.c: Save asn1 class, type and tag of the reply if - there is one. Used to verify the reply in kdc-replay. - -2007-06-06 Love Hörnquist Åstrand - - * kdc/kdc_locl.h: extern for request_log. - - * kdc/Makefile.am: Add kdc-replay. - - * kdc/kdc-replay.c: Replay kdc messages to the KDC library. - - * kdc/config.c: Pick up request_log from [kdc]kdc-request-log. - - * kdc/connect.c: Option to save the request to disk. - - * kdc/process.c (krb5_kdc_save_request): save request to file. - - * kdc/process.c (krb5_kdc_process*): dont update _kdc_time - automagicly. - (krb5_kdc_update_time): set or get current kdc-time. - - * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and - pkauthdata as the signeddata oid - - * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong. - -2007-06-05 Love Hörnquist Åstrand - - * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to - match windows DC behavior better. - -2007-06-04 Love Hörnquist Åstrand - - * configure.in: use test for -framework Security - - * appl/test/uu_server.c: Print status to stdout. - - * kdc/digest.c (digest ntlm): provide log entires by setting ret - to an error. - -2007-06-03 Love Hörnquist Åstrand - - * doc/hx509.texi: Indent crl-sign. - - * doc/hx509.texi: One more crl-sign example. - - * lib/krb5/test_princ.c: plug memory leaks. - - * lib/krb5/pac.c: plug memory leaks. - - * lib/krb5/test_pac.c: plug memory leaks. - - * lib/krb5/test_prf.c: plug memory leak. - - * lib/krb5/test_cc.c: plug memory leaks. - - * doc/hx509.texi: Simple blob about publishing CRLs. - - * doc/win2k.texi: drop text about enctypes. - -2007-06-02 Love Hörnquist Åstrand - - * kdc/pkinit.c: In case of OCSP verification failure, referash - every 5 min. In case of success, refreash 2 min before expiring or - faster. - -2007-05-31 Love Hörnquist Åstrand - - * lib/krb5/krb5_err.et: add error 68, WRONG_REALM - - * kdc/pkinit.c: Handle the ms san in a propper way, still cheat - with the realm name. - - * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out - directly and hand the error back to the client. - - * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE - and fix error message for CLIENT_NAME_MISMATCH. - - * kdc/pkinit.c: More logging for pk-init client mismatch. - - * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for - windows pk-init (-9) to make MIT clients happy. - -2007-05-30 Love Hörnquist Åstrand - - * kdc/pkinit.c: Force des3 for win2k. - - * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to - COMPAT_WIN2K. - - * lib/krb5/keytab_keyfile.c: Spelling. - - * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta - doesn't deal with case of realm. - -2007-05-16 Love Hörnquist Åstrand - - * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead - of encryption. - -2007-05-10 Dave Love - - * doc/win2k.texi: Update some URLs. - -2007-05-13 Love Hörnquist Åstrand - - * kuser/kimpersonate.c: Fix version number of ticket, it should be - 5 not the kvno. - -2007-05-08 Love Hörnquist Åstrand - - * doc/setup.texi: Salting is really Encryption types and salting. - -2007-05-07 Love Hörnquist Åstrand - - * doc/setup.texi: spelling, from Ronny Blomme - - * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny - Blomme - -2007-05-02 Love Hörnquist Åstrand - - * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database - specified, create one and let it use the defaults. - -2007-04-27 Love Hörnquist Åstrand - - * lib/hdb/test_dbinfo.c: test acl file - - * lib/hdb/test_dbinfo.c: test acl file - - * lib/hdb/dbinfo.c: add acl file - - * etc: ignore Makefile.in - - * Makefile.am: SUBDIRS += etc - - * configure.in: Add etc/Makefile. - - * etc/Makefile.am: make sure services.append is distributed - -2007-04-24 Love Hörnquist Åstrand - - * kdc: rename windc_init to krb5_kdc_windc_init - - * kdc/version-script.map: version script for libkdc - - * kdc/Makefile.am: version script for libkdc - -2007-04-23 Love Hörnquist Åstrand - - * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): - correct the order of the arguments. - - * lib/hdb/Makefile.am: Add and test dbinfo. - - * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo; - - * kdc/config.c: Use krb5_kdc_get_config and just fill in what the - users wanted differently. - - * kdc/default_config.c: Make the default configuration fetch info - from the krb5.conf. - -2007-04-22 Love Hörnquist Åstrand - - * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to - determine if to send the session-key, for the second place in the - function. - - * tools/krb5-config.in: rename des to hcrypto - - * kuser/Makefile.am: depend on libheimntlm - - * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for - this domain if the Kerberos password auth worked. - - * kuser/klist.c: add new option --hidden that doesn't display - principal that starts with @ - - * tools/krb5-config.in: Add heimntlm when we use gssapi. - - * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to - free 'cred' with. - - * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free - 'cred' with. - -2007-04-21 Love Hörnquist Åstrand - - * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to - determine if to send the session-key. - - * kcm/client.c (kcm_ccache_new_client): make root be able to pass - the name constraints, not the opposite. From Bryan Jacobs. - -2007-04-20 Love Hörnquist Åstrand - - * kcm/acl.c: make compile again. - - * kcm/client.c: fix warning. - - * kcm: First, it allows root to ignore the naming conventions. - Second, it allows root to always perform any operation on any - ccache. Note that root could do this anyway with FILE ccaches. - From Bryan Jacobs. - - * Rename libdes to libhcrypto. - -2007-04-19 Love Hörnquist Åstrand - - * kinit: remove code that depend on kerberos 4 library - - * kdc: remove code that depend on kerberos 4 library - - * configure.in: Drop kerberos 4 support. - - * kdc/hpropd.c (main): free the message when done with it. - - * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit): - remember to free memory too. - - * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when - done. - - * configure.in: test rk_VERSIONSCRIPT - -2007-04-18 Love Hörnquist Åstrand - - * fix-export: remove, all done by make dist now - -2007-04-15 Love Hörnquist Åstrand - - * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre - -2007-04-11 Love Hörnquist Åstrand - - * kdc/kstash.8: Spelling, from raga - via Bjorn Sandell. - - * lib/krb5/store_mem.c: indent. - - * lib/krb5/recvauth.c: Set error string. - - * lib/krb5/rd_req.c: clear error strings. - - * lib/krb5/rd_cred.c: clear error string. - - * lib/krb5/pkinit.c: Set error strings. - - * lib/krb5/get_cred.c: Tell what principal we are not finding for - all KRB5_CC_NOTFOUND. - -2007-02-22 Love Hörnquist Åstrand - - * kdc/kerberos5.c: Return the same error codes as a windows KDC. - - * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password - failed. - - * kdc/kerberos5.c: Make handling of replying e_data more generic, - from metze. - - * kdc/kerberos5.c: Fix (string const and shadow) warnings, from - metze. - - * lib/krb5/pac.c: Create the PAC element in the same order as - w2k3, maybe there's some broken code in windows which relies on - this... From metze. - - * kdc/kerberos5.c: Select a session enctype from the list of the - crypto systems supported enctype, is supported by the client and - is one of the enctype of the enctype of the krbtgt. - - The later is used as a hint what enctype all KDC are supporting to - make sure a newer version of KDC wont generate a session enctype - that and older version of a KDC in the same realm can't decrypt. - - But if the KDC admin is paranoid and doesn't want to have "no the - best" enctypes on the krbtgt, lets save the best pick from the - client list and hope that that will work for any other KDCs. - - Reported by metze. - - * kdc/hprop.c (propagate_database): on any failure, drop the - connection to the peer and try next one. - -2007-02-18 Love Hörnquist Åstrand - - * lib/krb5/krb5_get_init_creds.3: document new options. - - * kdc/krb5tgs.c: Only check service key for cross realm PACs. - - * lib/krb5/init_creds.c: use the new merged flags field. - (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k - compat flags. - - * lib/krb5/init_creds_pw.c: use the new merged flags field. - - * lib/krb5/krb5_locl.h: merge all flags into one entity - -2007-02-11 Dave Love - - * lib/krb5/krb5_aname_to_localname.3: Small fixes - - * lib/krb5/krb5_digest.3: Small fixes - - * kuser/kimpersonate.1: Small fixes - -2007-02-17 Love Hörnquist Åstrand - - * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list, - there is no entry. - - * kdc/krb5tgs.c: Don't check PACs on cross realm requests. - - * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES. - - * lib/krb5/init_creds_pw.c: Verify client referral data. - - * kdc/kerberos5.c: switch some "return ret" to "goto out". - - * kdc/kerberos5.c: Pass down canonicalize request to hdb layer, - sign client referrals. - - * lib/hdb/hdb.h: Add HDB_F_CANON. - - * lib/hdb: add simple alias support to the database backends - -2007-02-16 Love Hörnquist Åstrand - - * kuser/kinit.c: Add canonicalize flag. - - * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support - canonicalize. - - * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize): - new function. - - * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags. - - * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags. - - * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags. - -2007-02-15 Love Hörnquist Åstrand - - * lib/krb5/test_princ.c: test parsing enterprise-names. - - * lib/krb5/principal.c: Add support for parsing enterprise-names. - - * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE. - - * lib/hdb/hdb-ldap.c: Make work again. - -2007-02-11 Dave Love - - * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value. - -2007-02-10 Love Hörnquist Åstrand - - * doc/setup.texi: prune trailing space - - * lib/hdb/db.c: Be better at setting and clearing error string. - - * lib/hdb/hdb.c: Be better at setting and clearing error string. - -2007-02-09 Love Hörnquist Åstrand - - * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name - to print out the keytab name. - - * doc/setup.texi: Spelling, from Guido Guenther - -2007-02-08 Love Hörnquist Åstrand - - * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen. - -2007-02-06 Love Hörnquist Åstrand - - * lib/krb5/test_store.c (test_uint16): unsigned ints can't be - negative - -2007-02-03 Love Hörnquist Åstrand - - * kdc/pkinit.c: pass extra flags for detached signatures. - - * lib/krb5/pkinit.c: pass extra flags for detached signatures. - - * kdc/digest.c: Remove debug output. - - * kuser/kdigest.c: Add support for ms-chap-v2 client. - -2007-02-02 Love Hörnquist Åstrand - - * kdc/digest.c: Fix ms-chap-v2 get_masterkey - - * kdc/digest.c: Fix ms-chap-v2 mutual response auth code. - - * kuser/kdigest.c: Print session key if there is one. - - * lib/krb5/digest.c: rename hash-a1 to session key - - * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2 - - * kuser/kdigest.c: print rsp if there is one, from Klas. - - * kdc/digest.c: Use right size, from Klas Lindfors. - - * kuser/kdigest.c: Set client nonce if avaible, from Klas. - - * kdc/digest.c: First version from kllin. - - * kuser/kdigest.c: Don't restrict the type. - -2007-02-01 Love Hörnquist Åstrand - - * kuser/kdigest-commands.in: add --client-response - - * kuser/kdigest.c: Print status instead of response. - - * kdc/digest.c: Better logging and return status = FALSE when - checksum doesn't match. - - * kdc/digest.c: Check the digest response in the KDC. - - * lib/krb5/digest.c: New functions to send in requestResponse to - KDC and get status of the request. - - * kdc/digest.c: Add support for MS-CHAP v2. - - * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap. - -2007-01-31 Love Hörnquist Åstrand - - * fix-export: Make hx509.info too - - * kdc/digest.c: don't verify identifier in CHAP, its the client - that chooses it. - -2007-01-23 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: Basic test of prf. - - * lib/krb5/test_prf.c: Basic test of prf. - - * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF - functions. - - * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions. - - * lib/krb5/krb5_data.3: Document krb5_data_cmp. - - * lib/krb5/data.c: Add krb5_data_cmp. - -2007-01-20 Love Hörnquist Åstrand - - * kdc/kx509.c: Don't use C99 syntax. - -2007-01-17 Love Hörnquist Åstrand - - * configure.in: its LIBADD_roken (and shouldn't really exist, our - libtool usage it broken) - - * configure.in: Add an extra variable for roken, LIBADD, that - should be used for library depencies. - - * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer. - - * lib/krb5/krb5_init_context.3: fix mdoc errors - - * Heimdal 0.8 branch cut today - - * doc/hx509.texi: Spelling and more about proxy certificates. - - * configure.in: check for arc4random - -2007-01-16 Love Hörnquist Åstrand - - * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data - before starting - - * tools/heimdal-build.sh: make cvs keep quiet - - * kuser/kverify.c: Use argument as principal if passed an - argument. Bug report from Douglas E. Engert - -2007-01-15 Love Hörnquist Åstrand - - * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider - the enc_tkt_in_skey case, from Douglas E. Engert. - - * kdc/kx509.c: Issue certificates. - - * kdc/config.c: Parse kx509/kca configuration. - - * kdc/kdc.h: add kx509 config - -2007-01-14 Love Hörnquist Åstrand - - * kdc/kerberos5.c (_kdc_find_padata): if there is not padata, - there is nothing find. - - * doc/hx509.texi: Examples for pk-init. - - * doc/hx509.texi: About extending ca lifetime and sub cas. - -2007-01-13 Love Hörnquist Åstrand - - * doc/hx509.texi: More about certificates. - -2007-01-12 Love Hörnquist Åstrand - - * doc/hx509.texi: add Application requirements and write about - xmpp/jabber. - -2007-01-11 Love Hörnquist Åstrand - - * doc/hx509.texi: More about issuing certificates. - - * doc/hx509.texi: Start of a x.509 manual. - - * include/Makefile.am: remove install headerfiles - - * lib/krb5/test_pac.c: Use more interesting data to cause more - errors. - - * include/Makefile.am: remove install headerfiles - - * lib/krb5/mcache.c: MCC_CURSOR not used, remove. - - * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used - - * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to - allocate data - -2007-01-10 Love Hörnquist Åstrand - - * doc/setup.texi: Hint about hxtool validate. - - * appl/test/uu_server.c: print both "server" and "client" - - * kdc/krb5tgs.c: Rename keys to be more obvious what they do. - - * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew - Bartlett - - * kdc/windc.c: ident, spelling. - - * kdc/windc_plugin.h: indent. - - * kdc/krb5tgs.c: Pass down server entry to verify_pac function. - from Andrew Bartlett - - * kdc/windc.c: pass down server entry to verify_pac function, from - Andrew Bartlett - - * kdc/windc_plugin.h: pass down server entry to verify_pac - function, from Andrew Bartlett - - * configure.in: Provide a automake symbol ENABLE_SHARED if shared - libraries are built. - - * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock - when verifying the PAC. From Andrew Bartlett. - -2007-01-09 Love Hörnquist Åstrand - - * lib/krb5/test_pac.c: move around to code test on real PAC. - - * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work - for real. - - * lib/krb5/test_pac.c: Test more PAC (note that the values used in - this test is wrong, they have to be fixed when the pac code is - fixed). - - * doc/setup.texi: Update to new hxtool issue-certificate usage - - * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS - and PK-INIT pa data, no need to expose our password protecting our - PKCS12 key. - - * kuser/klist.c (print_cred_verbose): include ticket length in the - verbose output - -2007-01-08 Love Hörnquist Åstrand - - * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without - it linux is unhappy. - - * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without - it linux is unhappy. - - * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is - named "bar.domain", this make one of the tests pass when it - shouldn't. - -2007-01-05 Love Hörnquist Åstrand - - * doc/setup.texi: Change --key argument to --out-key. - - * kuser/kimpersonate.1: mangle my name - -2007-01-04 Love Hörnquist Åstrand - - * doc/setup.texi: describe how to use hx509 to create - certificates. - - * tools/heimdal-build.sh: Add --distcheck. - - * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check - if we should include the PAC in the krbtgt. - - * kdc/pkinit.c (_kdc_as_rep): check if - krb5_generate_random_keyblock failes. - - * kdc/kerberos5.c (_kdc_as_rep): check if - krb5_generate_random_keyblock failes. - - * kdc/krb5tgs.c (tgs_build_reply): check if - krb5_generate_random_keyblock failes. - - * kdc/krb5tgs.c: Scope etype. - - * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its - default on. - - * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify - its server signature. - - * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook. - (_kdc_tkt_add_if_relevant_ad): constify in data argument. - - * kdc/windc_plugin.h: More comments add a client_access hook. - - * kdc/windc.c: Add _kdc_windc_client_access. - - * kdc/krb5tgs.c: rename functions after export some more pac - functions. - - * lib/krb5/test_pac.c: export some more pac functions. - - * lib/krb5/pac.c: export some more pac functions. - - * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC. - - * configure.in: add tests/plugin/Makefile - -2007-01-03 Love Hörnquist Åstrand - - * kdc/krb5tgs.c: Get right key for PAC krbtgt verification. - - * kdc/config.c: spelling - - * lib/krb5/krb5.h: typedef for krb5_pac. - - * kdc/headers.h: Include . - - * kdc/Makefile.am: Include windc.c and use windc_plugin.h - - * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain - Controller. - - * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain - Controller. Move the some of the log related stuff to its own - function. - - * kdc/config.c: Init callbacks for emulating a Windows Domain - Controller. - - * kdc/windc.c: Rename the init function to windc instead of pac. - - * kdc/windc.c: Callbacks specific to emulating a Windows Domain - Controller. - - * kdc/windc_plugin.h: Callbacks specific to emulating a Windows - Domain Controller. - - * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ - - * lib/krb5/pac.c: Support all keyed checksum types. - -2007-01-02 Love Hörnquist Åstrand - - * lib/krb5/pac.c (krb5_pac_get_types): Return list of types. - - * lib/krb5/test_pac.c: test krb5_pac_get_types - - * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. - - * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. - - * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA. - - * lib/krb5/test_pac.c: test Add/remove pac buffer functions. - - * lib/krb5/pac.c: Add/remove pac buffer functions. - - * lib/krb5/pac.c: sprinkle const - - * lib/krb5/pac.c: rename DCHECK to CHECK - - * Happy New Year. + * Happy new year. diff --git a/crypto/heimdal/ChangeLog.2002 b/crypto/heimdal/ChangeLog.2002 index 37fda2e4940..8101be14737 100644 --- a/crypto/heimdal/ChangeLog.2002 +++ b/crypto/heimdal/ChangeLog.2002 @@ -663,7 +663,7 @@ * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file before we need to write to it - (from Åke Sandgren) + (from Ã…ke Sandgren) 2002-02-14 Johan Danielsson diff --git a/crypto/heimdal/ChangeLog.2003 b/crypto/heimdal/ChangeLog.2003 index 82233515246..1ffd9dec188 100644 --- a/crypto/heimdal/ChangeLog.2003 +++ b/crypto/heimdal/ChangeLog.2003 @@ -1,4 +1,4 @@ -2003-12-19 Love Hörnquist Åstrand +2003-12-19 Love Hörnquist Ã…strand * lib/krb5/error_string.c: protect error_string with mutex @@ -6,28 +6,28 @@ * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string -2003-12-18 Love Hörnquist Åstrand +2003-12-18 Love Hörnquist Ã…strand * kuser/kinit.c: make -9 work again -2003-12-17 Love Hörnquist Åstrand +2003-12-17 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: try handle ts preauth better, still not good, but at least it work with older heimdal releases that doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was sent -2003-12-16 Love Hörnquist Åstrand +2003-12-16 Love Hörnquist Ã…strand * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer used -2003-12-11 Love Hörnquist Åstrand +2003-12-11 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as parameters, required by CMS -2003-12-07 Love Hörnquist Åstrand +2003-12-07 Love Hörnquist Ã…strand * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab): avoid memory leak that snuck in when krb5_keytab_key_proc was @@ -49,12 +49,12 @@ * lib/krb5/auth_context.c: add krb5_auth_con_addflags and krb5_auth_con_removeflags -2003-12-03 Love Hörnquist Åstrand +2003-12-03 Love Hörnquist Ã…strand * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to avoid memory leak -2003-12-02 Love Hörnquist Åstrand +2003-12-02 Love Hörnquist Ã…strand * lib/krb5/crypto.c: require cipher-text to be padded to padsize @@ -65,7 +65,7 @@ EAI_NODATA, because its depricated in RFC3493 Pointed out by Hajimu UMEMOTO on heimdal-discuss -2003-12-01 Love Hörnquist Åstrand +2003-12-01 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS @@ -73,7 +73,7 @@ * kuser/kinit.c (main): return the return value from simple_execvp -2003-11-26 Love Hörnquist Åstrand +2003-11-26 Love Hörnquist Ã…strand * kuser/kinit.c: don't use PKINIT DH per default since its too slow @@ -86,13 +86,13 @@ * lib/krb5/pkinit.c: clean up error handling, make enc-type work again -2003-11-25 Love Hörnquist Åstrand +2003-11-25 Love Hörnquist Ã…strand * kuser/kinit.c: add flag to make it work with pkinit dh * lib/krb5/pkinit.c: make PKINIT DH support work -2003-11-24 Love Hörnquist Åstrand +2003-11-24 Love Hörnquist Ã…strand * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen @@ -119,7 +119,7 @@ * lib/krb5/pkinit.c: fix bugs, improve error reporting -2003-11-23 Love Hörnquist Åstrand +2003-11-23 Love Hörnquist Ã…strand * kuser/kinit.c: add some "struct foo;" glue for pkinit structures that isn't used @@ -139,22 +139,22 @@ * lib/krb5/heim_threads.h: include pthread.h in the pthread case -2003-11-18 Love Hörnquist Åstrand +2003-11-18 Love Hörnquist Ã…strand * kpasswd/kpasswdd.c (main): parse kdc.conf From: Jeffrey Hutzelman -2003-11-15 Love Hörnquist Åstrand +2003-11-15 Love Hörnquist Ã…strand * lib/krb5/Makefile.am (TESTS): add test_crypto * lib/krb5/test_crypto.c: time crypto operations -2003-11-14 Love Hörnquist Åstrand +2003-11-14 Love Hörnquist Ã…strand * doc/init-creds: spelling, Bruno Rohee -2003-11-09 Love Hörnquist Åstrand +2003-11-09 Love Hörnquist Ã…strand * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free the ticket now, rewrite error handling to handle that @@ -170,7 +170,7 @@ * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket -2003-11-08 Love Hörnquist Åstrand +2003-11-08 Love Hörnquist Ã…strand * lib/krb5/padata.c: add krb5_padata_add @@ -195,7 +195,7 @@ implements -09 of the draft), verify that it conforms the new draft -2003-11-07 Love Hörnquist Åstrand +2003-11-07 Love Hörnquist Ã…strand * lib/asn1/der_copy.c (copy_oid): copy all components @@ -218,7 +218,7 @@ * kdc/config.c: change enforce_transited_policy to a tri-state variable -2003-10-22 Love Hörnquist Åstrand +2003-10-22 Love Hörnquist Ã…strand * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out encoding to make sure it have a defined value on failure @@ -232,7 +232,7 @@ * kdc/kerberos5.c (fix_transited_encoding): always print cross-realm information -2003-10-21 Love Hörnquist Åstrand +2003-10-21 Love Hörnquist Ã…strand * doc/setup.texi: spelling, From: Tracy Di Marco White @@ -249,7 +249,7 @@ * lib/hdb/hdb.asn1: add flag to enforce transited policy -2003-10-21 Love Hörnquist Åstrand +2003-10-21 Love Hörnquist Ã…strand * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms to zero not num_realms @@ -281,7 +281,7 @@ the cache at the same time, and there is no simple way to add a timeout to the lock. -2003-10-13 Love Hörnquist Åstrand +2003-10-13 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c: print the error value krb5_init_context failed with @@ -302,13 +302,13 @@ * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred returns error other than KRB5_CC_END -2003-10-07 Love Hörnquist Åstrand +2003-10-07 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: add some help function that is common between ENC_TS and SAM2, free the etype{,2}-infos on failure, move the pa counter into krb5_get_init_creds_ctx -2003-10-06 Love Hörnquist Åstrand +2003-10-06 Love Hörnquist Ã…strand * kdc/kaserver.c (do_getticket): if times data is shorter then 8 byte, request is malformed. @@ -323,13 +323,13 @@ * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi] -2003-10-04 Love Hörnquist Åstrand +2003-10-04 Love Hörnquist Ã…strand * lib/asn1/lex.l: add BOOLEAN * lib/asn1/parse.y: add BOOLEAN -2003-10-03 Love Hörnquist Åstrand +2003-10-03 Love Hörnquist Ã…strand * kuser/kinit.c: When running kinit in "fork mode" do pagsh independent of krb4, also always do krb4 setup of cc. Always try @@ -374,12 +374,12 @@ * lib/asn1: add boolean support -2003-10-02 Love Hörnquist Åstrand +2003-10-02 Love Hörnquist Ã…strand * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on failure -2003-09-30 Love Hörnquist Åstrand +2003-09-30 Love Hörnquist Ã…strand * appl/test/http_client.c (do_connect): use ai_protocol 0 @@ -402,7 +402,7 @@ * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) -2003-09-23 Love Hörnquist Åstrand +2003-09-23 Love Hörnquist Ã…strand * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth context, use that @@ -411,7 +411,7 @@ * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String -2003-09-21 Love Hörnquist Åstrand +2003-09-21 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy @@ -420,7 +420,7 @@ * kuser/kinit.c: don't get v4 tickets by default -2003-09-20 Love Hörnquist Åstrand +2003-09-20 Love Hörnquist Ã…strand * kpasswd/kpasswdd.c (process): remove a abort() @@ -432,7 +432,7 @@ defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols -2003-09-19 Love Hörnquist Åstrand +2003-09-19 Love Hörnquist Ã…strand * lib/hdb/db3.c: improve readability of ->open ifdef, check if version >= 4.1 @@ -444,7 +444,7 @@ keytab can still pass in the key of the service (matches behavior of MIT Kerberos). -2003-09-18 Love Hörnquist Åstrand +2003-09-18 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: collect all init_creds context into a structure so it can easier be passed around, also, while here, @@ -460,12 +460,12 @@ * lib/krb5/log.c (log_realloc): increase len after realloc returns sucessfully -2003-09-12 Love Hörnquist Åstrand +2003-09-12 Love Hörnquist Ã…strand * lib/krb5/config_file.c: fix prototypes From: Fredrik Ljungberg -2003-09-10 Love Hörnquist Åstrand +2003-09-10 Love Hörnquist Ã…strand * appl/test/http_client.c: close socket when we are done, don't allow the server to restart gssapi negotiation @@ -486,7 +486,7 @@ * appl/test/Makefile.am: build http_client -2003-09-09 Love Hörnquist Åstrand +2003-09-09 Love Hörnquist Ã…strand * lib/asn1/asn1_print.c: add support for printing Enumerated @@ -502,7 +502,7 @@ * kdc/kerberos5.c (only_older_enctype_p): check request if the client only supports old enctypes, before it used the database -2003-09-08 Love Hörnquist Åstrand +2003-09-08 Love Hörnquist Ã…strand * **/*.c: add context argument to krb5_get_init_creds_opt_alloc @@ -511,7 +511,7 @@ * lib/krb5/krb5_get_init_creds.3: spelling -2003-09-04 Love Hörnquist Åstrand +2003-09-04 Love Hörnquist Ã…strand * lib/krb5/context.c (add_file): make len argument an pointer to an integer @@ -526,7 +526,7 @@ * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt} -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * lib/krb5/krb5.h: Add key usage for encryption of the SAM-NONCE-OR-SAD field. @@ -597,7 +597,7 @@ * lib/krb5/krb5_locl.h: add struct _krb5_get_init_creds_opt_private -2003-09-02 Love Hörnquist Åstrand +2003-09-02 Love Hörnquist Ã…strand * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef, add a pointer to a private part of krb5_get_init_creds_opt @@ -605,7 +605,7 @@ * kdc/string2key.c (main): avoid const warning by using a extra variable -2003-08-31 Love Hörnquist Åstrand +2003-08-31 Love Hörnquist Ã…strand * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): reindent @@ -614,18 +614,18 @@ failing, copy data to right memory, the later pointed out by Luke Howard. -2003-08-30 Love Hörnquist Åstrand +2003-08-30 Love Hörnquist Ã…strand * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers -2003-08-29 Love Hörnquist Åstrand +2003-08-29 Love Hörnquist Ã…strand * lib/hdb/db3.c: try to include more db headers * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss From: Luke Howard -2003-08-28 Love Hörnquist Åstrand +2003-08-28 Love Hörnquist Ã…strand * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56 @@ -635,18 +635,18 @@ * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE -2003-08-27 Love Hörnquist Åstrand +2003-08-27 Love Hörnquist Ã…strand * appl/test/uu_client.c (proto): fill in client in the match cred -2003-08-26 Love Hörnquist Åstrand +2003-08-26 Love Hörnquist Ã…strand * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers * lib/krb5/crypto.c (usage2arcfour): simplify, only include special cases From: Luke Howard -2003-08-25 Love Hörnquist Åstrand +2003-08-25 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard @@ -656,7 +656,7 @@ * doc/ack.texi: update Luke Howard email address -2003-08-24 Love Hörnquist Åstrand +2003-08-24 Love Hörnquist Ã…strand * lib/krb5/krb5_encrypt.3: document: krb5_crypto_getconfoundersize, krb5_crypto_getblocksize @@ -666,7 +666,7 @@ krb5_crypto_getconfoundersize): added From: Luke Howard -2003-08-23 Love Hörnquist Åstrand +2003-08-23 Love Hörnquist Ã…strand * kdc/connect.c (handle_tcp): handle recvfrom returning 0 (connection closed) @@ -689,7 +689,7 @@ * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code From: Luke Howard -2003-08-21 Love Hörnquist Åstrand +2003-08-21 Love Hörnquist Ã…strand * include/make_crypto.c: include aes.h inc in the local libdes case too @@ -700,7 +700,7 @@ * lib/asn1/gen_free.c: set free'd poiners to NULL -2003-08-20 Love Hörnquist Åstrand +2003-08-20 Love Hörnquist Ã…strand * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support on netbsd @@ -709,7 +709,7 @@ krb5_create_checksum and krb5_verify_checksum, From: Luke Howard -2003-08-18 Love Hörnquist Åstrand +2003-08-18 Love Hörnquist Ã…strand * lib/krb5/test_config.c: check krb5_prepend_config_files_default and krb5_prepend_config_files @@ -717,7 +717,7 @@ * lib/krb5/context.c: add krb5_prepend_config_files and krb5_prepend_config_files_default -2003-08-17 Love Hörnquist Åstrand +2003-08-17 Love Hörnquist Ã…strand * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t as argument @@ -743,7 +743,7 @@ with the mit implemtation, don't free `creds' argument when done, its up the the caller to do that, also allow a NULL ccache. -2003-08-16 Love Hörnquist Åstrand +2003-08-16 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: document tgs_require_subkey @@ -766,35 +766,35 @@ * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero -2003-08-15 Love Hörnquist Åstrand +2003-08-15 Love Hörnquist Ã…strand * lib/krb5/principal.c (unparse_name): len can't be zero, so, don't check for that -2003-08-13 Love Hörnquist Åstrand +2003-08-13 Love Hörnquist Ã…strand * lib/krb5/principal.c (unparse_name): make sure there are space for a NUL, set *name to NULL when there is a failure (so caller can't get hold of a freed pointer) -2003-07-26 Love Hörnquist Åstrand +2003-07-26 Love Hörnquist Ã…strand * lib/krb5/kerberos.8: remove duplicate manual, from cjep@netbsd.org -2003-07-25 Love Hörnquist Åstrand +2003-07-25 Love Hörnquist Ã…strand * lib/krb5/cache.c: indent * lib/krb5/cache.c (krb5_cc_set_default_name): only read KRB5CCNAME when not suid -2003-07-24 Love Hörnquist Åstrand +2003-07-24 Love Hörnquist Ã…strand * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes, use a char array instead of des_cblock -2003-07-23 Love Hörnquist Åstrand +2003-07-23 Love Hörnquist Ã…strand * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2 @@ -802,7 +802,7 @@ memory, update callsites to either return error or use krb5_abortx (krb5_hmac): expose hmac -2003-07-22 Love Hörnquist Åstrand +2003-07-22 Love Hörnquist Ã…strand * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype of keyblock @@ -845,7 +845,7 @@ error string when there is a context (krb5_checksum_is_collision_proof): ditto -2003-07-21 Love Hörnquist Åstrand +2003-07-21 Love Hörnquist Ã…strand * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data argument optional @@ -862,7 +862,7 @@ * lib/krb5/krb5.h: add krb5_enc_data -2003-07-19 Love Hörnquist Åstrand +2003-07-19 Love Hörnquist Ã…strand * lib/krb5/krb5.3: add krb5_c_ functions @@ -880,7 +880,7 @@ only matter for aes, for all other enctypes the key and unkeyed checksum have the same length. -2003-07-18 Love Hörnquist Åstrand +2003-07-18 Love Hörnquist Ã…strand * lib/krb5/mit_glue.c: first version of krb5_c encryption glue @@ -890,11 +890,11 @@ static to avoid warning from dynamic backend when using a known static backend -2003-07-16 Love Hörnquist Åstrand +2003-07-16 Love Hörnquist Ã…strand * lib/krb5/cache.c: don't return value in void function -2003-07-15 Love Hörnquist Åstrand +2003-07-15 Love Hörnquist Ã…strand * lib/krb5/creds.c (krb5_compare_creds): if client is specified in the mcreds, check that too @@ -904,11 +904,11 @@ * lib/asn1: prefix typedefs and structs with heim_ -2003-07-13 Love Hörnquist Åstrand +2003-07-13 Love Hörnquist Ã…strand * lib/hdb/hdb.c: avoid unnecessary setting of variable -2003-07-07 Love Hörnquist Åstrand +2003-07-07 Love Hörnquist Ã…strand * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred @@ -923,12 +923,12 @@ * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a krb5_creds to use with krb5_cc_retrieve_cred -2003-06-30 Love Hörnquist Åstrand +2003-06-30 Love Hörnquist Ã…strand * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix, don't load anything -2003-06-29 Love Hörnquist Åstrand +2003-06-29 Love Hörnquist Ã…strand * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke Howard @@ -936,7 +936,7 @@ * lib/hdb/hdb.h: add struct hdb_so_method and HDB_INTERFACE_VERSION -2003-06-28 Love Hörnquist Åstrand +2003-06-28 Love Hörnquist Ã…strand * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since @@ -956,12 +956,12 @@ * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since it contains more than 9 words; from wiz -2003-06-25 Love Hörnquist Åstrand +2003-06-25 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from stefan sokoll -2003-06-24 Love Hörnquist Åstrand +2003-06-24 Love Hörnquist Ã…strand * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text @@ -973,7 +973,7 @@ * kuser/kinit.c: add -A as an alias for --no-addresses -2003-06-22 Love Hörnquist Åstrand +2003-06-22 Love Hörnquist Ã…strand * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a krb5_timestamp to krb5_us_timeofday @@ -993,7 +993,7 @@ * lib/asn1/k5.asn1: make the aes and sha1 checksum types match draft-ietf-krb-wg-crypto-05 -2003-06-21 Love Hörnquist Åstrand +2003-06-21 Love Hörnquist Ã…strand * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data @@ -1004,12 +1004,12 @@ (derive_key): always remove the key->schedule since its will contain the wrong (parent key) info -2003-06-18 Love Hörnquist Åstrand +2003-06-18 Love Hörnquist Ã…strand * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn * doc/setup.texi: add more kdc's to the example -2003-06-17 Love Hörnquist Åstrand +2003-06-17 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto Patino , Luke Howard @@ -1028,13 +1028,13 @@ * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256 -2003-06-06 Love Hörnquist Åstrand +2003-06-06 Love Hörnquist Ã…strand * doc/setup.texi: Point out that slave needs /var/heimdal directory and masterkey From: Mans Nilsson , Fix spelling while here -2003-06-02 Love Hörnquist Åstrand +2003-06-02 Love Hörnquist Ã…strand * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3: add manpage for: krb5_get_in_cred, krb5_get_in_tkt, @@ -1052,7 +1052,7 @@ "unsigned" integers. If MSB is set, we need to pad with a zero byte. -2003-05-27 Love Hörnquist Åstrand +2003-05-27 Love Hörnquist Ã…strand * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes @@ -1062,14 +1062,14 @@ From Alberto Patino -2003-05-26 Love Hörnquist Åstrand +2003-05-26 Love Hörnquist Ã…strand * lib/krb5/*.[0-9]: pacify mdoclink * lib/krb5/krb5_ccache.3: document diffrences between mit and heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$// -2003-05-21 Love Hörnquist Åstrand +2003-05-21 Love Hörnquist Ã…strand * appl/test/gssapi_server.c (proto): start to use gss_krb5_copy_ccache @@ -1077,14 +1077,14 @@ * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t groveling for now -2003-05-20 Love Hörnquist Åstrand +2003-05-20 Love Hörnquist Ã…strand * lib/asn1: - add parser/generate glue for UTF8String and NULL (DER primitive encode/decode functions missing) - handle parsing of DEFAULT and, ... -2003-05-16 Love Hörnquist Åstrand +2003-05-16 Love Hörnquist Ã…strand * lib/krb5/heim_threads.h: add missing argument to mutex_init @@ -1097,7 +1097,7 @@ * lib/krb5/heim_threads.h: wrapper macros for thread synchronization primitives -2003-05-15 Love Hörnquist Åstrand +2003-05-15 Love Hörnquist Ã…strand * lib/krb5/krb5_principal.3 lib/krb5/Makefile.am: @@ -1109,7 +1109,7 @@ * lib/krb5/krb5_sname_to_principal.3: remove file * lib/krb5/krb5_principal_get_realm.3: remove file -2003-05-14 Love Hörnquist Åstrand +2003-05-14 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd @@ -1148,7 +1148,7 @@ * kuser/kinit.1: setup -> set up, new sentence, new line from Thomas Klausner -2003-05-13 Love Hörnquist Åstrand +2003-05-13 Love Hörnquist Ã…strand * kpasswd/kpasswd.1: handle setting passwords for multiple principals at the same time @@ -1160,7 +1160,7 @@ rfc3244 share the response packet sure more constants now that they exists -2003-05-12 Love Hörnquist Åstrand +2003-05-12 Love Hörnquist Ã…strand * lib/krb5/krb5.h: some define for rfc3244 @@ -1182,7 +1182,7 @@ * lib/asn1/k5.asn1: add ChangePasswdDataMS, for RFC3244 -2003-05-08 Love Hörnquist Åstrand +2003-05-08 Love Hörnquist Ã…strand * kuser/kdestroy.c: destroy tokens even if there isn't v4 support @@ -1199,7 +1199,7 @@ everything with hex-codes, and cast to unsigned char* to make some compilers happy -2003-05-06 Love Hörnquist Åstrand +2003-05-06 Love Hörnquist Ã…strand * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first argument to krb5_us_timeofday have correct type @@ -1208,12 +1208,12 @@ * include/make_crypto.c (main): include aes.h if ENABLE_AES -2003-05-05 Love Hörnquist Åstrand +2003-05-05 Love Hörnquist Ã…strand * make-release: when fixing a valid cvs tag from release name replace all number. to number- for all non-overlapping matches -2003-05-04 Love Hörnquist Åstrand +2003-05-04 Love Hörnquist Ã…strand * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and asn1_ETYPE_INFO2_ENTRY.x @@ -1231,20 +1231,20 @@ * doc/apps.texi: text about applications using kerberos move afs text here -2003-05-03 Love Hörnquist Åstrand +2003-05-03 Love Hörnquist Ã…strand * doc/setup.texi: add cross realm text -2003-04-29 Love Hörnquist Åstrand +2003-04-29 Love Hörnquist Ã…strand * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and krb5_string_to_enctype -2003-04-28 Love Hörnquist Åstrand +2003-04-28 Love Hörnquist Ã…strand * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd -2003-04-26 Love Hörnquist Åstrand +2003-04-26 Love Hörnquist Ã…strand * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2 * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2 @@ -1267,12 +1267,12 @@ * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching asn1) -2003-04-24 Love Hörnquist Åstrand +2003-04-24 Love Hörnquist Ã…strand * doc/programming.texi: s/managment/management/, from jmc -2003-04-23 Love Hörnquist Åstrand +2003-04-23 Love Hörnquist Ã…strand * lib/krb5/context.c (default_etypes): also advertise that we handle aes encryption types @@ -1287,11 +1287,11 @@ * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY -2003-04-22 Love Hörnquist Åstrand +2003-04-22 Love Hörnquist Ã…strand * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd -2003-04-17 Love Hörnquist Åstrand +2003-04-17 Love Hörnquist Ã…strand * lib/asn1/der_copy.c (copy_general_string): use strdup * lib/asn1/der_put.c: remove sprintf @@ -1303,7 +1303,7 @@ * lib/krb5/test_alname.c: add --version and --help -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * lib/krb5/krb5_warn.3: add krb5_get_err_text @@ -1320,7 +1320,7 @@ needs to be defined on the command line, since lex likes to include stdio.h before we get to config.h -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * lib/krb5/*.3: Change .Fd #include to .In header.h, from Thomas Klausner @@ -1328,19 +1328,19 @@ * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner -2003-04-15 Love Hörnquist Åstrand +2003-04-15 Love Hörnquist Ã…strand * kdc/kerberos5.c: fix some more memory leaks -2003-04-11 Love Hörnquist Åstrand +2003-04-11 Love Hörnquist Ã…strand * appl/kf/kf.1: spelling, from jmc -2003-04-08 Love Hörnquist Åstrand +2003-04-08 Love Hörnquist Ã…strand * admin/ktutil.8: typos, from jmc -2003-04-06 Love Hörnquist Åstrand +2003-04-06 Love Hörnquist Ã…strand * lib/krb5/krb5.3: s/kerberos/Kerberos/ * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ @@ -1350,7 +1350,7 @@ * kuser/kinit.1: s/kerberos/Kerberos/ * kdc/kdc.8: s/kerberos/Kerberos/ -2003-04-01 Love Hörnquist Åstrand +2003-04-01 Love Hörnquist Ã…strand * lib/krb5/test_alname.c: more krb5_aname_to_localname tests @@ -1372,21 +1372,21 @@ kvno the resulting kvno is going to be. Now two ktutil change in a row works. XXX fix the protocol to pass the kvno back. -2003-03-31 Love Hörnquist Åstrand +2003-03-31 Love Hörnquist Ã…strand * appl/kf/kf.1: afs->AFS, from jmc -2003-03-30 Love Hörnquist Åstrand +2003-03-30 Love Hörnquist Ã…strand * doc/setup.texi: add description on how to turn on v4, 524 and kaserver support -2003-03-29 Love Hörnquist Åstrand +2003-03-29 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog and afs-use-524 -2003-03-28 Love Hörnquist Åstrand +2003-03-28 Love Hörnquist Ã…strand * kdc/kerberos5.c (as_rep): when the second enctype_to_string failes, remember to free memory from the first enctype_to_string @@ -1403,13 +1403,13 @@ * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of encyption type, inspired by Aidan Cully -2003-03-27 Love Hörnquist Åstrand +2003-03-27 Love Hörnquist Ã…strand * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 (wildcard kvno) after principal when the keytab entry isn't found, reported by Chris Chiappa -2003-03-26 Love Hörnquist Åstrand +2003-03-26 Love Hörnquist Ã…strand * doc/misc.texi: update 2b example to match reality (from mattiasa@e.kth.se) @@ -1417,7 +1417,7 @@ * doc/misc.texi: spelling and add `Configuring AFS clients' subsection -2003-03-25 Love Hörnquist Åstrand +2003-03-25 Love Hörnquist Ã…strand * lib/krb5/krb5.3: add krb5_free_data_contents.3 @@ -1438,15 +1438,15 @@ * kdc/string2key.c: print the used enctype for kerberos 5 keys -2003-03-25 Love Hörnquist Åstrand +2003-03-25 Love Hörnquist Ã…strand * lib/krb5/aes-test.c: add another arcfour test -2003-03-22 Love Hörnquist Åstrand +2003-03-22 Love Hörnquist Ã…strand * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 -2003-03-20 Love Hörnquist Åstrand +2003-03-20 Love Hörnquist Ã…strand * lib/krb5/krb5_ccache.3: update .Dd @@ -1461,7 +1461,7 @@ change. reported by Iain Moffat @ ufl.edu via Howard Chu -2003-03-19 Love Hörnquist Åstrand +2003-03-19 Love Hörnquist Ã…strand * lib/krb5/krb5_keytab.3: spelling, from @@ -1474,7 +1474,7 @@ * lib/krb5/krb5_auth_context.3: spelling, from -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 @@ -1498,7 +1498,7 @@ * kdc/config.c: add --enable-kerberos4-cross-realm option (default to off) -2003-03-17 Love Hörnquist Åstrand +2003-03-17 Love Hörnquist Ã…strand * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 @@ -1507,7 +1507,7 @@ * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ -2003-03-16 Love Hörnquist Åstrand +2003-03-16 Love Hörnquist Ã…strand * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 @@ -1533,14 +1533,14 @@ * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for a id -2003-03-15 Love Hörnquist Åstrand +2003-03-15 Love Hörnquist Ã…strand * doc/intro.texi: add reference to source code, binaries and the manual * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal -2003-03-14 Love Hörnquist Åstrand +2003-03-14 Love Hörnquist Ã…strand * kdc/kdc.8: better/difrent english @@ -1554,7 +1554,7 @@ * lib/krb5/krb5_ccache.3: add missing name of argument (krb5_context) to most functions -2003-03-13 Love Hörnquist Åstrand +2003-03-13 Love Hörnquist Ã…strand * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of function and return FALSE when there isn't a local account for @@ -1563,12 +1563,12 @@ * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text describing the function -2003-03-12 Love Hörnquist Åstrand +2003-03-12 Love Hörnquist Ã…strand * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name returned memory, don't return ENOMEM -2003-03-11 Love Hörnquist Åstrand +2003-03-11 Love Hörnquist Ã…strand * lib/krb5/krb5.3: add krb5_address stuff and sort @@ -1579,7 +1579,7 @@ * lib/krb5/krb5_address.3: document types krb5_address and krb5_addresses and their helper functions -2003-03-10 Love Hörnquist Åstrand +2003-03-10 Love Hörnquist Ã…strand * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 @@ -1622,20 +1622,20 @@ * lib/krb5/krb5.h (krb5_context_data): add default_cc_name -2003-02-25 Love Hörnquist Åstrand +2003-02-25 Love Hörnquist Ã…strand * appl/kf/kf.1: s/securly/securely/ from NetBSD -2003-02-18 Love Hörnquist Åstrand +2003-02-18 Love Hörnquist Ã…strand * kdc/connect.c: s/intialize/initialize, from -2003-02-17 Love Hörnquist Åstrand +2003-02-17 Love Hörnquist Ã…strand * configure.in: add AM_MAINTAINER_MODE -2003-02-16 Love Hörnquist Åstrand +2003-02-16 Love Hörnquist Ã…strand * **/*.[0-9]: add copyright/licenses on all manpages @@ -1645,35 +1645,35 @@ PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption type specified by the KDC. -2003-02-15 Love Hörnquist Åstrand +2003-02-15 Love Hörnquist Ã…strand * fix-export: some autoconf put their version number in autom4te.cache, so remove autom4te*.cache * fix-export: make sure $1 is a directory -2003-02-04 Love Hörnquist Åstrand +2003-02-04 Love Hörnquist Ã…strand * kpasswd/kpasswdd.8: spelling, from jmc * kdc/kdc.8: spelling, from jmc -2003-01-31 Love Hörnquist Åstrand +2003-01-31 Love Hörnquist Ã…strand * kdc/hpropd.8: s/databases/a database/ s/Not/not/ * kdc/hprop.8: add missing . -2003-01-30 Love Hörnquist Åstrand +2003-01-30 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, address, write out encryption type in sentences, s/Host/host -2003-01-26 Love Hörnquist Åstrand +2003-01-26 Love Hörnquist Ã…strand * lib/asn1/check-gen.c: add checks for Authenticator too -2003-01-25 Love Hörnquist Åstrand +2003-01-25 Love Hörnquist Ã…strand * doc/setup.texi: in the hprop example, use hprop and the first component, not host @@ -1682,7 +1682,7 @@ point-to-point might not have an address, just ignore those. Reported by Harald Barth. -2003-01-23 Love Hörnquist Åstrand +2003-01-23 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c (check_section): when key isn't found, don't print out all known keys @@ -1713,7 +1713,7 @@ * lib/asn1/check-der.c: move out the generic asn1/der functions to a common file -2003-01-22 Love Hörnquist Åstrand +2003-01-22 Love Hörnquist Ã…strand * doc/misc.texi: more text about afs, how to get get your KeyFile, and how to start use 2b tokens @@ -1726,7 +1726,7 @@ * kuser/kuser_locl.h: include crypto-headers.h for des_read_pw_string prototype -2003-01-16 Love Hörnquist Åstrand +2003-01-16 Love Hörnquist Ã…strand * admin/ktutil.8: document -v, --verbose @@ -1736,7 +1736,7 @@ * admin/copy.c (kt_copy): remove adding verbose_flag to args struct, since it will overrun the args array (from Sumit Bose) -2003-01-15 Love Hörnquist Åstrand +2003-01-15 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = ... } @@ -1770,7 +1770,7 @@ * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, KEYTYPE_AES256 -2003-01-14 Love Hörnquist Åstrand +2003-01-14 Love Hörnquist Ã…strand * lib/hdb/common.c (_hdb_fetch): handle error code from hdb_value2entry diff --git a/crypto/heimdal/ChangeLog.2004 b/crypto/heimdal/ChangeLog.2004 index 5e393425682..47cd799e97f 100644 --- a/crypto/heimdal/ChangeLog.2004 +++ b/crypto/heimdal/ChangeLog.2004 @@ -1,9 +1,9 @@ -2004-12-30 Love Hörnquist Åstrand +2004-12-30 Love Hörnquist Ã…strand * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for now (used in pkinit) -2004-12-29 Love Hörnquist Åstrand +2004-12-29 Love Hörnquist Ã…strand * lib/hdb/Makefile.am: add CHECK_SYMBOLS @@ -32,7 +32,7 @@ * lib/krb5/krb5.h: add key usage for server referrals -2004-12-29 Love Hörnquist Åstrand +2004-12-29 Love Hörnquist Ã…strand * lib/krb5/principal.c: make default_v4_name_convert static @@ -40,7 +40,7 @@ * lib/krb5/acache.c: make default_acc_name static -2004-12-28 Love Hörnquist Åstrand +2004-12-28 Love Hörnquist Ã…strand * doc/setup.texi: add some text about samba, use example.com @@ -48,24 +48,24 @@ F. Hranicky . Add LDAP_addmod_integer and use it. -2004-12-27 Love Hörnquist Åstrand +2004-12-27 Love Hörnquist Ã…strand * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text fixes, from Dave Love -2004-12-18 Love Hörnquist Åstrand +2004-12-18 Love Hörnquist Ã…strand * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just needs pthread.h, threadlib is dead -2004-12-17 Love Hörnquist Åstrand +2004-12-17 Love Hörnquist Ã…strand * kdc/config.c (configure): check for deprecated enforce-transited-policy is set and fail if it is * lib/asn1/asn1_print.c: don't print garabage for octet strings -2004-12-13 Love Hörnquist Åstrand +2004-12-13 Love Hörnquist Ã…strand * kdc/main.c (main): catch sigpipe, we don't bother select()ing for errors @@ -81,7 +81,7 @@ * lib/hdb/hdb-ldap.c (pos): uppercase in character -2004-12-12 Love Hörnquist Åstrand +2004-12-12 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode nibbels in the other order @@ -90,7 +90,7 @@ attribute exists before we try to delete it LDAP__bytes2hex encodes in strange byte order, is this really right ? -2004-12-11 Love Hörnquist Åstrand +2004-12-11 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all entries, search for samba accounts too, From: "James F. Hranicky" @@ -103,13 +103,13 @@ both krb5PrincipalName and uid, it must be broken, ignore it and return it doesn't exists. -2004-12-10 Love Hörnquist Åstrand +2004-12-10 Love Hörnquist Ã…strand * kdc/hpropd.8: spelling, from OpenBSD * kdc/kdc.8: use keeps for options, From OpenBSD k -2004-12-09 Love Hörnquist Åstrand +2004-12-09 Love Hörnquist Ã…strand * doc/setup.texi: document --random-key and the need to do backup of the master key @@ -118,7 +118,7 @@ * kdc/kstash.c: add --random-key -2004-12-08 Love Hörnquist Åstrand +2004-12-08 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.8: spelling, from openbsd @@ -135,25 +135,25 @@ * kdc/hprop.8: use keeps around options, from OpenBSD -2004-11-30 Love Hörnquist Åstrand +2004-11-30 Love Hörnquist Ã…strand * lib/krb5/context.c (krb5_free_context): clear error string before destroying mutex (krb5_init_context): don't call krb5_free_context before there is a mutex initialized -2004-11-18 Love Hörnquist Åstrand +2004-11-18 Love Hörnquist Ã…strand * kuser/kinit.c (get_new_tickets): only complain about ticket renewable lifetime when the user asked for a specific renewable lifetime -2004-11-15 Love Hörnquist Åstrand +2004-11-15 Love Hörnquist Ã…strand * kdc/kerberos5.c (find_keys): log what principal is missing enctypes -2004-11-13 Love Hörnquist Åstrand +2004-11-13 Love Hörnquist Ã…strand * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after freeing data @@ -161,21 +161,21 @@ * lib/krb5/init_creds_pw.c (change_password): handle old_options being NULL From Guenther Deschner on samba-technical. -2004-11-12 Love Hörnquist Åstrand +2004-11-12 Love Hörnquist Ã…strand * lib/krb5/krb5_get_init_creds.3: add more text describing the krb5_get_init_creds functions -2004-11-11 Love Hörnquist Åstrand +2004-11-11 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work again -2004-11-10 Love Hörnquist Åstrand +2004-11-10 Love Hörnquist Ã…strand * lib/hdb/hdb.asn1: use constrained integers -2004-11-09 Love Hörnquist Åstrand +2004-11-09 Love Hörnquist Ã…strand * lib/krb5/krb5_get_init_creds.3: add description for opt_init, opt_alloc, opt_free @@ -191,12 +191,12 @@ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in options NULL, just make a clean copy -2004-11-01 Love Hörnquist Åstrand +2004-11-01 Love Hörnquist Ã…strand * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier so we don't leak it on error -2004-10-31 Love Hörnquist Åstrand +2004-10-31 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: unbreak 2b entry @@ -204,18 +204,18 @@ sockaddr but rather a kerberos address, deal with that. Based on bug report from Jakob Schlyter . -2004-10-30 Love Hörnquist Åstrand +2004-10-30 Love Hörnquist Ã…strand * kdc/connect.c: Make sure argument passed to ctype isn't signed char -2004-10-14 Love Hörnquist Åstrand +2004-10-14 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: match new error names * lib/krb5/krb5_err.et: make error messages sane again -2004-10-13 Love Hörnquist Åstrand +2004-10-13 Love Hörnquist Ã…strand * lib/krb5/keytab.c: use KRB5_KT_BADNAME @@ -238,7 +238,7 @@ * lib/asn1/lex.l: support hex numbers -2004-10-12 Love Hörnquist Åstrand +2004-10-12 Love Hörnquist Ã…strand * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS @@ -250,7 +250,7 @@ Requested by Andrew Bartlett for hdb-ldb backend. -2004-10-07 Love Hörnquist Åstrand +2004-10-07 Love Hörnquist Ã…strand * kuser/kinit.c: adapt to new signature of krb5_get_init_creds_opt_set_pkinit @@ -266,7 +266,7 @@ * kuser/klist.c: use rtbl_set_separator -2004-10-03 Love Hörnquist Åstrand +2004-10-03 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse user options first @@ -280,7 +280,7 @@ * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt -2004-09-30 Love Hörnquist Åstrand +2004-09-30 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: assume minutes for time @@ -294,7 +294,7 @@ minute for compatibility with MIT Kerberos. -2004-09-28 Love Hörnquist Åstrand +2004-09-28 Love Hörnquist Ã…strand * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large message safe" transport if we get back @@ -319,7 +319,7 @@ * kuser/kinit.c: make sure we don't always get renewable creds -2004-09-11 Love Hörnquist Åstrand +2004-09-11 Love Hörnquist Ã…strand * lib/krb5/acache.c: use krb5_ccapi.h @@ -329,12 +329,12 @@ * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS since AM_CPPFLAGS overridden by target specific _CPPFLAGS -2004-09-08 Love Hörnquist Åstrand +2004-09-08 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: make variable shorter, make error messages from pkinit, make freeing easier -2004-09-06 Love Hörnquist Åstrand +2004-09-06 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen @@ -342,7 +342,7 @@ is uninitialized, make valgrind unhappy. Pointd out by abartlet@samba.org. While where, plug the fd leak. -2004-09-05 Love Hörnquist Åstrand +2004-09-05 Love Hörnquist Ã…strand * lib/asn1/der_get.c (decode_*): name all tag-length variables the same @@ -351,18 +351,18 @@ * lib/asn1/der_get.c (decode_boolean): fail if length of tag is larger then len -2004-08-31 Love Hörnquist Åstrand +2004-08-31 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be set in case of failure too, free unconditionally on exit to avoid memory leak -2004-08-23 Love Hörnquist Åstrand +2004-08-23 Love Hörnquist Ã…strand * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after free -2004-08-20 Love Hörnquist Åstrand +2004-08-20 Love Hörnquist Ã…strand * lib/krb5/context.c (krb5_get_err_text): if neither of com_right nor strerror finds the error-code, return Unknown error. @@ -374,7 +374,7 @@ * lib/krb5/kuserok.c: if a .k5login file exist, don't give implicit rights to anyone; also check owner/mode of .k5login -2004-08-15 Love Hörnquist Åstrand +2004-08-15 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3 @@ -386,19 +386,19 @@ * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid -2004-08-13 Love Hörnquist Åstrand +2004-08-13 Love Hörnquist Ã…strand * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes from the client and filter them out. * lib/krb5/krb5_string_to_key.3: document krb5_free_salt -2004-08-12 Love Hörnquist Åstrand +2004-08-12 Love Hörnquist Ã…strand * lib/krb5/krb5_ticket.3: data needs to be freed when using krb5_ticket_get_authorization_data_type -2004-08-11 Love Hörnquist Åstrand +2004-08-11 Love Hörnquist Ã…strand * lib/krb5/test_cc.c: test variables in default_cc_name @@ -416,7 +416,7 @@ * lib/krb5/cache.c (krb5_cc_set_default_name): s/libdefault/libdefaults/ -2004-08-06 Love Hörnquist Åstrand +2004-08-06 Love Hörnquist Ã…strand * lib/krb5/acache.c: replace magic 3 with ccapi_version_3 @@ -434,13 +434,13 @@ since its not possible to glue in user information (like uid), but for CCAPI it works just fine -2004-08-05 Love Hörnquist Åstrand +2004-08-05 Love Hörnquist Ã…strand * kuser/kgetcred.1: document --cache/-c * kuser/kgetcred.c: allow to specify what credential cache to use -2004-08-03 Love Hörnquist Åstrand +2004-08-03 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3 @@ -450,7 +450,7 @@ * lib/krb5/krb5.3: add krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno -2004-07-26 Love Hörnquist Åstrand +2004-07-26 Love Hörnquist Ã…strand * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms result should be free with krb5_free_host_realm drop @@ -483,39 +483,39 @@ * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and friends -2004-07-23 Love Hörnquist Åstrand +2004-07-23 Love Hörnquist Ã…strand * kuser/klist.c (print_cred_verbose): keytypes are no longer, use enctype -2004-07-22 Love Hörnquist Åstrand +2004-07-22 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99 compilers, From metze at samba.org -2004-07-20 Love Hörnquist Åstrand +2004-07-20 Love Hörnquist Ã…strand * lib/krb5/test_cc.c: more cc tests * lib/krb5/krb5_check_transited.3: document krb5_check_transited -2004-07-19 Love Hörnquist Åstrand +2004-07-19 Love Hörnquist Ã…strand * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes principal in cert work From: Mayur Patel -2004-07-18 Love Hörnquist Åstrand +2004-07-18 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: add krb5_verify_init_creds.3 * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds -2004-07-15 Love Hörnquist Åstrand +2004-07-15 Love Hörnquist Ã…strand * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org description for krb5_passwd_result_to_string -2004-07-14 Love Hörnquist Åstrand +2004-07-14 Love Hörnquist Ã…strand * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar fixes; split sentence in two for better understanding. From @@ -527,21 +527,21 @@ * lib/krb5/changepw.c (process_reply): cast ssize_t to long and print that From NetBSD via Havard Eidnes. -2004-07-09 Love Hörnquist Åstrand +2004-07-09 Love Hörnquist Ã…strand * configure.in: fix helpstring for hdb-openldap-module * lib/krb5/test_cc.c: don't use krb5_err on error code 0 -2004-07-08 Love Hörnquist Åstrand +2004-07-08 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better -2004-07-02 Love Hörnquist Åstrand +2004-07-02 Love Hörnquist Ã…strand * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const -2004-07-01 Love Hörnquist Åstrand +2004-07-01 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with right argument @@ -572,27 +572,27 @@ OtherName of subjectAltName Based on patch from Mayur Patel -2004-06-21 Love Hörnquist Åstrand +2004-06-21 Love Hörnquist Ã…strand * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use session key for authorization-data -2004-06-15 Love Hörnquist Åstrand +2004-06-15 Love Hörnquist Ã…strand * kdc/connect.c (handle_tcp): note who is what that closed the connection on us -2004-06-09 Love Hörnquist Åstrand +2004-06-09 Love Hörnquist Ã…strand * admin/get.c (kt_get): catch errors from krb5_parse_name -2004-06-05 Love Hörnquist Åstrand +2004-06-05 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: if its the entry just contains the structural object (no samba nor heimdal object), add an aux heimdal object on to it. -2004-06-02 Love Hörnquist Åstrand +2004-06-02 Love Hörnquist Ã…strand * kpasswd/kpasswd.c: use krb5_set_password_using_ccache @@ -611,7 +611,7 @@ * lib/hdb/hdb-ldap.c: indent like the rest of the code -2004-06-01 Love Hörnquist Åstrand +2004-06-01 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: check return values from ldap operations and close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you @@ -620,19 +620,19 @@ * lib/hdb/hdb-ldap.c: require search base to be configured, create local context structure -2004-05-31 Love Hörnquist Åstrand +2004-05-31 Love Hörnquist Ã…strand * doc/setup.texi: more ldap text, partly from Tarjei Huse -2004-05-28 Love Hörnquist Åstrand +2004-05-28 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: clean, indent * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure krb5KeyVersionNumber is added on new entires -2004-05-27 Love Hörnquist Åstrand +2004-05-27 Love Hörnquist Ã…strand * doc/setup.texi: minor fixes, partly from Tarjei Huse @@ -642,15 +642,15 @@ * lib/krb5/krb5.conf.5: default value for hdb-ldap-structural-object is account -2004-05-26 Love Hörnquist Åstrand +2004-05-26 Love Hörnquist Ã…strand * tools/Makefile.am: use ! instead of , as sed delimiter -2004-05-25 Love Hörnquist Åstrand +2004-05-25 Love Hörnquist Ã…strand * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions -2004-05-23 Love Hörnquist Åstrand +2004-05-23 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean @@ -667,11 +667,11 @@ case, make sure ent->etypes are allocated, From: Andrew Bartlett -2004-05-14 Love Hörnquist Åstrand +2004-05-14 Love Hörnquist Ã…strand * kuser/kinit.c: move "setpag if (argc < 1)" to common path -2004-05-12 Love Hörnquist Åstrand +2004-05-12 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers @@ -681,7 +681,7 @@ * kuser/kinit.c: print some diagnostics if the exec fails -2004-04-29 Love Hörnquist Åstrand +2004-04-29 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key From: Luke Howard @@ -689,11 +689,11 @@ * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket, not just a pointer size of it From: Luke Howard -2004-04-28 Love Hörnquist Åstrand +2004-04-28 Love Hörnquist Ã…strand * fix-export: add -E flag where needed to make-proto -2004-04-26 Love Hörnquist Åstrand +2004-04-26 Love Hörnquist Ã…strand * lib/krb5/crypto.c: add set_param for RC2 @@ -772,7 +772,7 @@ * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length of second ticket is > 0 -2004-04-25 Love Hörnquist Åstrand +2004-04-25 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: use the right oid for pkauthdata @@ -806,7 +806,7 @@ * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder issue with a storage flag instead of a separate function. -2004-04-24 Love Hörnquist Åstrand +2004-04-24 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: move out the oid check from get_reply_key @@ -830,7 +830,7 @@ digestAlgorithm to sha1 (both for SignerInfo and SignedData, add new function _set_digest_alg to set it -2004-04-23 Love Hörnquist Åstrand +2004-04-23 Love Hörnquist Ã…strand * include/make_crypto.c: include rc2.h, and when I'm here, make aes mandatory @@ -852,7 +852,7 @@ * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for now -2004-04-22 Love Hörnquist Åstrand +2004-04-22 Love Hörnquist Ã…strand * lib/krb5/krb5_string_to_key.3: document that krb5_string_to_key_derived is broken for non 3des enctypes and @@ -868,7 +868,7 @@ * lib/krb5/krb5_keyblock.3: document krb5_random_to_key -2004-04-21 Love Hörnquist Åstrand +2004-04-21 Love Hörnquist Ã…strand * kdc/pkinit.c: use the first proposed enable enctype @@ -877,28 +877,28 @@ * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes -2004-04-21 Love Hörnquist Åstrand +2004-04-21 Love Hörnquist Ã…strand * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid components being smaller then 127 and allocate one extra element since first byte is split to to elements. -2004-04-20 Love Hörnquist Åstrand +2004-04-20 Love Hörnquist Ã…strand * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: private use, lukeh@padl.com -2004-04-19 Love Hörnquist Åstrand +2004-04-19 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode DH public key -2004-04-18 Love Hörnquist Åstrand +2004-04-18 Love Hörnquist Ã…strand * lib/krb5/krb5_init_context.3: add krb5_context to so its added as manpage-link too -2004-04-17 Love Hörnquist Åstrand +2004-04-17 Love Hörnquist Ã…strand * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation, XXX add locking @@ -913,7 +913,7 @@ * kdc/config.c: merge certificate/private_key to a user_id -2004-04-16 Love Hörnquist Åstrand +2004-04-16 Love Hörnquist Ã…strand * kdc/kdc_locl.h: update prototype for pk_initialize @@ -926,11 +926,11 @@ * kdc/pkinit.c: adapt to heim_integer changes, merge certificate/private_key to a user_id -2004-04-15 Love Hörnquist Åstrand +2004-04-15 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE -2004-04-13 Love Hörnquist Åstrand +2004-04-13 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building libkrb5.la, add KRB5_LIB_FUNCTION proto @@ -957,25 +957,25 @@ * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops -2004-04-05 Love Hörnquist Åstrand +2004-04-05 Love Hörnquist Ã…strand * appl/test/http_client.c: support GSS_C_DELEG_FLAG and GSS_C_MUTUAL_FLAG * appl/test/http_client.c: verbose logging -2004-04-02 Love Hörnquist Åstrand +2004-04-02 Love Hörnquist Ã…strand * kdc/connect.c: case size_t to unsigned long for LP64 platforms -2004-04-01 Love Hörnquist Åstrand +2004-04-01 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of default structural object * tools/Makefile.am: handle sed expression breaking -2004-03-31 Love Hörnquist Åstrand +2004-03-31 Love Hörnquist Ã…strand * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr @@ -987,7 +987,7 @@ * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on osf/1 -2004-03-30 Love Hörnquist Åstrand +2004-03-30 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't increase md->len, krb5_padata_add already does that @@ -999,11 +999,11 @@ * kdc/kerberos4.c: stop the client from renewing tickets into the future From: Jeffrey Hutzelman -2004-03-29 Love Hörnquist Åstrand +2004-03-29 Love Hörnquist Ã…strand * configure.in: try to handle sys/strtty.h needing sys/stream.h -2004-03-23 Love Hörnquist Åstrand +2004-03-23 Love Hörnquist Ã…strand * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no longer used @@ -1018,11 +1018,11 @@ * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external users by prefixing it with _ -2004-03-22 Love Hörnquist Åstrand +2004-03-22 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: add missing } -2004-03-21 Love Hörnquist Åstrand +2004-03-21 Love Hörnquist Ã…strand * kdc/pkinit.c: adapt to change of signature of _krb5_pk_load_openssl_id @@ -1076,7 +1076,7 @@ * lib/krb5/krb5_ticket.3: document krb5_ticket_get_authorization_data_type -2004-03-20 Love Hörnquist Åstrand +2004-03-20 Love Hörnquist Ã…strand * lib/krb5/aes-test.c: remove #if 0'ed code @@ -1157,7 +1157,7 @@ make it not fall over when no non matching acl, make fnmatch matching useful by switching arguments -2004-03-19 Love Hörnquist Åstrand +2004-03-19 Love Hörnquist Ã…strand * kdc/config.c: add --builtin-hdb command @@ -1176,7 +1176,7 @@ * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] password_lifetime; from Henry B. Hotz -2004-03-14 Love Hörnquist Åstrand +2004-03-14 Love Hörnquist Ã…strand * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY is set send subkey @@ -1184,13 +1184,13 @@ * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY -2004-03-14 Love Hörnquist Åstrand +2004-03-14 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, and free memory in error path, assume realloc(NULL, ...) works, factor out common code, indent -2004-03-12 Love Hörnquist Åstrand +2004-03-12 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c: understand [password_quality] spelling @@ -1199,12 +1199,12 @@ * kuser/kgetcred.c: add --canonicalize -2004-03-10 Love Hörnquist Åstrand +2004-03-10 Love Hörnquist Ã…strand * lib/krb5/fcache.c (fcc_store_cred): NULL terminate krb5_config_get_bool_default' arglist -2004-03-09 Love Hörnquist Åstrand +2004-03-09 Love Hörnquist Ã…strand * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply @@ -1234,7 +1234,7 @@ * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is the higher bits of the bitfield -2004-03-08 Love Hörnquist Åstrand +2004-03-08 Love Hörnquist Ã…strand * lib/krb5/store.c (krb5_store_creds): add disabled code that store the ticket flags in reverse order @@ -1244,7 +1244,7 @@ are set, its a mit cache, reverse the bits, bug pointed out by Sergio Gelato -2004-03-07 Love Hörnquist Åstrand +2004-03-07 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * @@ -1280,7 +1280,7 @@ * lib/asn1/k5.asn1: drop SMTP_NAME -2004-03-06 Love Hörnquist Åstrand +2004-03-06 Love Hörnquist Ã…strand * lib/hdb/Makefile.am: support building ldap backend as module sort asn1 hdb files @@ -1300,7 +1300,7 @@ the original data test case from Ronnie Sahlberg -2004-03-03 Love Hörnquist Åstrand +2004-03-03 Love Hörnquist Ã…strand * lib/krb5/test_cc.c: more cc tests, mostly related to mcc behavior @@ -1312,7 +1312,7 @@ as dead since that doesn't always work. Based on patch from Jeffrey Hutzelman , tweeked by me -2004-02-22 Love Hörnquist Åstrand +2004-02-22 Love Hörnquist Ã…strand * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp @@ -1323,7 +1323,7 @@ * doc/setup.texi: add text about hostname to realm mapping using DNS -2004-02-20 Love Hörnquist Åstrand +2004-02-20 Love Hörnquist Ã…strand * kdc/pkinit.c: update error codes @@ -1331,7 +1331,7 @@ * lib/krb5/pkinit.c: update error codes -2004-02-19 Love Hörnquist Åstrand +2004-02-19 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() @@ -1342,7 +1342,7 @@ * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, and don't put an error in the error strings then -2004-02-13 Love Hörnquist Åstrand +2004-02-13 Love Hörnquist Ã…strand * kdc/pkinit.c: s/heim_big_integer/heim_integer/ @@ -1355,18 +1355,18 @@ * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors -2004-02-12 Love Hörnquist Åstrand +2004-02-12 Love Hörnquist Ã…strand * configure.in: rename AC_WFLAGS to rk_WFLAGS * acinclude.m4: use m4_define, over-quote string -2004-02-11 Love Hörnquist Åstrand +2004-02-11 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c (change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't work on solaris -2004-02-10 Love Hörnquist Åstrand +2004-02-10 Love Hörnquist Ã…strand * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't work on solaris @@ -1375,7 +1375,7 @@ some locate.updatedb, use FILES section to describe where the file is instead. -2004-02-07 Love Hörnquist Åstrand +2004-02-07 Love Hörnquist Ã…strand * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned for certain negative integers, it got the length wrong" , from @@ -1393,7 +1393,7 @@ * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, security/pam_appl.h tests. -2004-02-03 Love Hörnquist Åstrand +2004-02-03 Love Hörnquist Ã…strand * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the @@ -1431,11 +1431,11 @@ * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal asn1 encode error -2004-01-30 Love Hörnquist Åstrand +2004-01-30 Love Hörnquist Ã…strand * doc/setup.texi: some text about order of [capaths] realms -2004-01-25 Love Hörnquist Åstrand +2004-01-25 Love Hörnquist Ã…strand * lib/krb5/context.c: register WRFILE ops @@ -1446,30 +1446,30 @@ * kpasswd/kpasswdd.c (change): use the right password when changing the password -2004-01-21 Love Hörnquist Åstrand +2004-01-21 Love Hörnquist Ã…strand * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it means that the filesystem doesn't support locking * lib/krb5/keytab.c: remove #if 0 out file locking code -2004-01-19 Love Hörnquist Åstrand +2004-01-19 Love Hörnquist Ã…strand * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the last element. -2004-01-13 Love Hörnquist Åstrand +2004-01-13 Love Hörnquist Ã…strand * kuser/kinit.c (renew_validate): if renewable_flag and not time specifed, use "1 month" -2004-01-08 Love Hörnquist Åstrand +2004-01-08 Love Hörnquist Ã…strand * lib/krb5/krb5_keyblock.3: add prototypes, describe krb5_keyblock_zero -2004-01-05 Love Hörnquist Åstrand +2004-01-05 Love Hörnquist Ã…strand * lib/krb5/get_for_creds.c (add_addrs): don't add same address multiple times diff --git a/crypto/heimdal/ChangeLog.2005 b/crypto/heimdal/ChangeLog.2005 index 8c84b1c5c38..a594d092404 100644 --- a/crypto/heimdal/ChangeLog.2005 +++ b/crypto/heimdal/ChangeLog.2005 @@ -1,16 +1,16 @@ -2005-12-15 Love Hörnquist Åstrand +2005-12-15 Love Hörnquist Ã…strand * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to make samba happy * fix-export: Build kdc-private.h. -2005-12-14 Love Hörnquist Åstrand +2005-12-14 Love Hörnquist Ã…strand * kdc/kerberos5.c (tgs_rep2): also print the principal for which the enctype was missing -2005-12-13 Love Hörnquist Åstrand +2005-12-13 Love Hörnquist Ã…strand * kdc/kaserver.c: Finish up transition from hdb_entry to hdb_entry_ex. @@ -35,7 +35,7 @@ * lib/hdb/db.c: memset hdb_entry_ex before use -2005-12-12 Love Hörnquist Åstrand +2005-12-12 Love Hörnquist Ã…strand * lib/krb5/krb5.3: Add some more entrypoints. @@ -66,11 +66,11 @@ * Makefile.am: Split long line - * doc/apps.texi: Spelling, From Måns Nilsson. + * doc/apps.texi: Spelling, From MÃ¥ns Nilsson. - * doc/install.texi: spelling, From Måns Nilsson + * doc/install.texi: spelling, From MÃ¥ns Nilsson -2005-12-11 Love Hörnquist Åstrand +2005-12-11 Love Hörnquist Ã…strand * lib/krb5/krb5_principal.3: Constify principal argument to on krb5_principal_get_ functions. @@ -78,12 +78,12 @@ * lib/krb5/principal.c: Constify principal argument to on krb5_principal_get_ functions. -2005-12-08 Love Hörnquist Åstrand +2005-12-08 Love Hörnquist Ã…strand * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long time ago -2005-12-05 Love Hörnquist Åstrand +2005-12-05 Love Hörnquist Ã…strand * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet @@ -91,7 +91,7 @@ NULL on success in the case 0 entries are allocated, From Andrew Bartlet -2005-12-02 Love Hörnquist Åstrand +2005-12-02 Love Hörnquist Ã…strand * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on failure to parse format specifier. @@ -105,9 +105,9 @@ * lib/krb5/derived-key-test.c: Free more of the allocated memory. -2005-12-01 Love Hörnquist Åstrand +2005-12-01 Love Hörnquist Ã…strand - * doc/setup.texi: spelling, From Måns Nilsson + * doc/setup.texi: spelling, From MÃ¥ns Nilsson * lib/krb5/krb5_keytab.3: Memory keytab are now named and refcounted. @@ -117,7 +117,7 @@ * lib/krb5/keytab_memory.c: Index by name and start reference counting on entries. -2005-11-30 Love Hörnquist Åstrand +2005-11-30 Love Hörnquist Ã…strand * lib/krb5/krb5.h (krb5_address_type): add KRB5_ADDRESS_NETBIOS (20) @@ -131,7 +131,7 @@ * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS. -2005-11-29 Love Hörnquist Åstrand +2005-11-29 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add default_cc_name @@ -162,7 +162,7 @@ * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory -2005-11-28 Love Hörnquist Åstrand +2005-11-28 Love Hörnquist Ã…strand * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session key for delegated credentials @@ -170,41 +170,41 @@ * kdc/kerberos5.c (_kdc_as_rep): add comment when we send ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett -2005-11-25 Love Hörnquist Åstrand +2005-11-25 Love Hörnquist Ã…strand * lib/krb5/keytab.c (krb5_kt_get_full_name): new function -2005-11-24 Love Hörnquist Åstrand +2005-11-24 Love Hörnquist Ã…strand * lib/krb5/test_crypto.c: Split encryption and s2k iterations to diffrent counters, 38seconds of aes256 s2k is way too long. * lib/krb5/test_crypto.c: Add timing code for s2k function. -2005-11-07 Love Hörnquist Åstrand +2005-11-07 Love Hörnquist Ã…strand * kdc/kerberos5.c: Print the time the principal expired, based on patch from Andrew Bartlett. -2005-11-01 Love Hörnquist Åstrand +2005-11-01 Love Hörnquist Ã…strand * lib/krb5/cache.c (krb5_cc_get_full_name): Add -2005-11-01 Love Hörnquist Åstrand +2005-11-01 Love Hörnquist Ã…strand * configure.in: Spelling, From Michael Banck -2005-10-30 Love Hörnquist Åstrand +2005-10-30 Love Hörnquist Ã…strand * kcm/headers.h: Maybe include . -2005-10-27 Love Hörnquist Åstrand +2005-10-27 Love Hörnquist Ã…strand * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but have KRB5_AUTHDATA_KDC_ISSUED commented out for now) -2005-10-26 Love Hörnquist Åstrand +2005-10-26 Love Hörnquist Ã…strand * kuser/klist.c: In the list caches view, rename the Status field to Expires. @@ -212,13 +212,13 @@ * lib/krb5/krb5_encrypt.3: Fix mdoc for krb5_encrypt_EncryptedData, Johnny Lam -2005-10-25 Love Hörnquist Åstrand +2005-10-25 Love Hörnquist Ã…strand * appl/test/gssapi_client.c: Check return value from asprintf instead of string != NULL since it undefined behavior on - Linux. From Björn Sandell + Linux. From Björn Sandell -2005-10-21 Love Hörnquist Åstrand +2005-10-21 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are generated from the DH groups, fail. @@ -231,12 +231,12 @@ * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration. -2005-10-20 Love Hörnquist Åstrand +2005-10-20 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Add option to require binding between reply and response for the win2k version of the protocol. -2005-10-19 Love Hörnquist Åstrand +2005-10-19 Love Hörnquist Ã…strand * doc/programming.texi: Text about Kerberos errors. @@ -258,17 +258,17 @@ * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an example. -2005-10-18 Love Hörnquist Åstrand +2005-10-18 Love Hörnquist Ã…strand * doc/programming.texi: Try to explain krb5_ccache, krb5_principal and errors. -2005-10-13 Love Hörnquist Åstrand +2005-10-13 Love Hörnquist Ã…strand * lib/krb5/krb5_get_credentials.3: Add example how to use krb5_get_credentials. -2005-10-12 Love Hörnquist Åstrand +2005-10-12 Love Hörnquist Ã…strand * lib/krb5/init_creds.c: Rename private to opt_private. @@ -280,7 +280,7 @@ * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element private to opt_private to make c++ picky compilers less upset. -2005-10-08 Love Hörnquist Åstrand +2005-10-08 Love Hörnquist Ã…strand * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function (_krb5_free_krbhst_info): expose to internal use @@ -292,7 +292,7 @@ rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for verification of KDC info, and general cleaning up. -2005-10-07 Love Hörnquist Åstrand +2005-10-07 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir. @@ -324,14 +324,14 @@ * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH parameters. -2005-10-06 Love Hörnquist Åstrand +2005-10-06 Love Hörnquist Ã…strand * kuser/klist.1: Document --list-caches * kuser/klist.c: Change short flag of --list-caches to -l (-v is already used). -2005-10-03 Love Hörnquist Åstrand +2005-10-03 Love Hörnquist Ã…strand * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120. @@ -340,11 +340,11 @@ (acc_get_cache_first): don't leak memory or abort on malloc failure -2005-10-02 Love Hörnquist Åstrand +2005-10-02 Love Hörnquist Ã…strand * lib/krb5/kerberos.8: Update text about Kerberos RFC's. -2005-10-01 Love Hörnquist Åstrand +2005-10-01 Love Hörnquist Ã…strand * kuser/klist.c: Add option --list-caches that lists the avaible caches and their status. @@ -356,7 +356,7 @@ lha/root@SU.SE 0 Expired lha@N.L.NXS.SE Initial default ccache Expired -2005-09-30 Love Hörnquist Åstrand +2005-09-30 Love Hörnquist Ã…strand * lib/krb5/keytab_keyfile.c: Use all DES keys, not just des-cbc-md5, verify that they all are the same. @@ -372,7 +372,7 @@ * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions -2005-09-25 Love Hörnquist Åstrand +2005-09-25 Love Hörnquist Ã…strand * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space. @@ -385,18 +385,18 @@ store it though), don't check the oid of the DH signedData for now. -2005-09-22 Love Hörnquist Åstrand +2005-09-22 Love Hörnquist Ã…strand * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and the sender subkey. Both RFC1510 and RFC4120 say that you have to use the session key, Heimdal uses subkey. -2005-09-21 Love Hörnquist Åstrand +2005-09-21 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Don't check oid's too closely, they change in Windows Vista. -2005-09-20 Love Hörnquist Åstrand +2005-09-20 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the protocol. @@ -406,7 +406,7 @@ * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL to make sure its not freed. -2005-09-19 Love Hörnquist Åstrand +2005-09-19 Love Hörnquist Ã…strand * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length it set to 1, and content is 0x01, use the afs3 string-to-key. @@ -417,17 +417,17 @@ * lib/krb5/kcm.c: Remove signedness warnings. -2005-09-15 Love Hörnquist Åstrand +2005-09-15 Love Hörnquist Ã…strand * configure.in: Use libtool's default values for building shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves building problems users have on Mac OS X. -2005-09-08 Love Hörnquist Åstrand +2005-09-08 Love Hörnquist Ã…strand * lib/krb5/changepw.c: Constify password. -2005-09-05 Love Hörnquist Åstrand +2005-09-05 Love Hörnquist Ã…strand * lib/krb5/krb5_mk_req.3: Document krb5_rd_req. @@ -438,16 +438,16 @@ krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, krb5_build_ap_req, krb5_verify_ap_req. -2005-09-01 Love Hörnquist Åstrand +2005-09-01 Love Hörnquist Ã…strand * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at all, use KRB5-PADATA-AFS3-SALT -2005-08-31 Love Hörnquist Åstrand +2005-08-31 Love Hörnquist Ã…strand * kdc/kerberos5.c (log_timestamp): endtime, not endtype -2005-08-30 Love Hörnquist Åstrand +2005-08-30 Love Hörnquist Ã…strand * configure.in: Check for . @@ -456,7 +456,7 @@ * kcm/headers.h: include -2005-08-27 Love Hörnquist Åstrand +2005-08-27 Love Hörnquist Ã…strand * lib/krb5/rd_req.c (check_transited): Allow empty content of type 0 because that is was Microsoft generates in their TGT. @@ -464,15 +464,15 @@ * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of type 0 because that is was Microsoft enerates in their TGT. -2005-08-26 Love Hörnquist Åstrand +2005-08-26 Love Hörnquist Ã…strand * doc/intro.texi: RFC 4120 replaces RFC 1510 -2005-08-25 Love Hörnquist Åstrand +2005-08-25 Love Hörnquist Ã…strand * configure.in: Add --disable-afs-support. -2005-08-23 Love Hörnquist Åstrand +2005-08-23 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but not TESTS, I have no same dns to use. @@ -492,29 +492,29 @@ krb5_config_free_strings (nothing). Mdoc nit. -2005-08-22 Love Hörnquist Åstrand +2005-08-22 Love Hörnquist Ã…strand * kuser/klist.c (check_for_tgt): Re-order code so it only free the credential if one was returned. * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t. -2005-08-19 Love Hörnquist Åstrand +2005-08-19 Love Hörnquist Ã…strand * lib/hdb/dbinfo.c: provide interface to find databases * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys -2005-08-15 Love Hörnquist Åstrand +2005-08-15 Love Hörnquist Ã…strand * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply. -2005-08-13 Love Hörnquist Åstrand +2005-08-13 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: Save the request buffer so that pre-auth mechanism that needs it can verify the reply. -2005-08-12 Love Hörnquist Åstrand +2005-08-12 Love Hörnquist Ã…strand * lib/krb5/test_mem.c: Rename logf to avoid shadowing. @@ -548,7 +548,7 @@ * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to _kdc_pk_mk_pa_reply. -2005-08-11 Love Hörnquist Åstrand +2005-08-11 Love Hörnquist Ã…strand * lib/hdb/ext.c: HDB extensions access glue. @@ -570,7 +570,7 @@ * lib/hdb/hdb.asn1: Add support for HDB-extension. -2005-08-10 Love Hörnquist Åstrand +2005-08-10 Love Hörnquist Ã…strand * lib/krb5/test_pkinit_dh2key.c: add tests vectors from "Liqiang(Larry) Zhu" @@ -579,7 +579,7 @@ * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet -2005-08-09 Love Hörnquist Åstrand +2005-08-09 Love Hörnquist Ã…strand * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the ENC-TS case. From: Andrew Bartlett @@ -603,11 +603,11 @@ instead of letting them slip though to d->cursor. Bug repport from Andrew Bartlett -2005-07-29 Love Hörnquist Åstrand +2005-07-29 Love Hörnquist Ã…strand * kdc/Makefile.am (kdc_LDADD): add LDADD -2005-07-28 Love Hörnquist Åstrand +2005-07-28 Love Hörnquist Ã…strand * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in ENC-TS preauth, both for failure and success. @@ -621,15 +621,15 @@ keyusage 0 in case the key was encrypted with MIT Kerberos (old patch from Johan) -2005-07-26 Love Hörnquist Åstrand +2005-07-26 Love Hörnquist Ã…strand * kdc/pkinit.c: update to pkinit-27 -2005-07-23 Love Hörnquist Åstrand +2005-07-23 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module. -2005-07-20 Love Hörnquist Åstrand +2005-07-20 Love Hörnquist Ã…strand * lib/krb5/test_pkinit_dh2key.c: framework for testing _krb5_pk_octetstring2key @@ -643,18 +643,18 @@ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output unsigned char to match openssl -2005-07-14 Love Hörnquist Åstrand +2005-07-14 Love Hörnquist Ã…strand * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE. -2005-07-13 Love Hörnquist Åstrand +2005-07-13 Love Hörnquist Ã…strand * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call krb5_cc_retrieve_cred once, and plug memory leak. -2005-07-13 Love Hörnquist Åstrand +2005-07-13 Love Hörnquist Ã…strand * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules name in the depend file @@ -667,7 +667,7 @@ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments -2005-07-12 Love Hörnquist Åstrand +2005-07-12 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: clean up pk-init DH support, not finished yet; improve error reporting @@ -684,11 +684,11 @@ support for tags. This compiler support most of what is needed for PK-INIT, LDAP, X.509, PKCS-12 and many other protocols. -2005-07-10 Love Hörnquist Åstrand +2005-07-10 Love Hörnquist Ã…strand * lib/asn1: make scope variables unique to avoid shadow warnings -2005-07-09 Love Hörnquist Åstrand +2005-07-09 Love Hörnquist Ã…strand * lib/krb5/krb5.h: comment out paramenter name in typedef functions to avoid shadow warnings @@ -711,7 +711,7 @@ * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer -2005-07-08 Love Hörnquist Åstrand +2005-07-08 Love Hörnquist Ã…strand * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O otherwise am_aux_dir will be expanded using ac_aux_dir before the @@ -724,7 +724,7 @@ * configure.in: add AM_PROG_CC_C_O for automake 1.9 -2005-07-06 Love Hörnquist Åstrand +2005-07-06 Love Hörnquist Ã…strand * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when returning a new error @@ -735,7 +735,7 @@ * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused, remove From: "Henry B. Hotz" -2005-07-05 Love Hörnquist Åstrand +2005-07-05 Love Hörnquist Ã…strand * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was added in w2k3-sp1 From David Love @@ -747,7 +747,7 @@ * fix-export: build kdc-protos.h -2005-07-01 Love Hörnquist Åstrand +2005-07-01 Love Hörnquist Ã…strand * kdc: prefix pkinit symbols with _kdc @@ -757,7 +757,7 @@ * kdc: adapt pkinit code to libkdc split -2005-06-30 Love Hörnquist Åstrand +2005-06-30 Love Hörnquist Ã…strand * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create @@ -781,7 +781,7 @@ * configure.in: add --disable-afs-string-to-key to allow removal of support for afs string2key (and dependency on crypt) -2005-06-29 Love Hörnquist Åstrand +2005-06-29 Love Hörnquist Ã…strand * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and TGS-REQ, for auditing @@ -798,11 +798,11 @@ * kcm/connect.c: don't send socket address in msghdr, it returns an already connected error on Linux -2005-06-24 Love Hörnquist Åstrand +2005-06-24 Love Hörnquist Ã…strand * kdc/524.c: Always include . -2005-06-23 Love Hörnquist Åstrand +2005-06-23 Love Hörnquist Ã…strand * doc/intro.texi: no more libdes, gssapi lib is complete @@ -821,11 +821,11 @@ * lib/hdb/db.c (DB_open): in case of error, close database -2005-06-20 Love Hörnquist Åstrand +2005-06-20 Love Hörnquist Ã…strand * kcm/kcm.8: fix example -2005-06-17 Love Hörnquist Åstrand +2005-06-17 Love Hörnquist Ã…strand * lib/krb5/rd_rep.c: indent @@ -884,7 +884,7 @@ * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning -2005-06-16 Love Hörnquist Åstrand +2005-06-16 Love Hörnquist Ã…strand * lib/krb5/principal.c: rename index to idx @@ -944,11 +944,11 @@ * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow warning -2005-06-15 Love Hörnquist Åstrand +2005-06-15 Love Hörnquist Ã…strand * Release 0.7, see branch -2005-06-14 Love Hörnquist Åstrand +2005-06-14 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += kcm.h @@ -966,7 +966,7 @@ * lib/krb5/verify_krb5_conf.c: Add more missig entires, from Mathias Feiler -2005-06-11 Love Hörnquist Åstrand +2005-06-11 Love Hörnquist Ã…strand * kdc/pkinit.c (pk_principal_from_X509): remember to free KRB5PrincipalName @@ -974,7 +974,7 @@ * lib/krb5/log.c (krb5_closelog): free all content in krb5_log_facility -2005-06-08 Love Hörnquist Åstrand +2005-06-08 Love Hörnquist Ã…strand * kdc/524.c: init kvno to please gcc @@ -993,7 +993,7 @@ * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. -2005-06-02 Love Hörnquist Åstrand +2005-06-02 Love Hörnquist Ã…strand * kdc/mit_dump.c (mit_prop_dump): cast argument to krb5_parse_principal to avoid warning @@ -1002,7 +1002,7 @@ mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit codebase -2005-06-01 Love Hörnquist Åstrand +2005-06-01 Love Hörnquist Ã…strand * lib/krb5/store.c: If we are allocating 0 entires, avoid failing if ALLOC returns NULL @@ -1012,7 +1012,7 @@ * lib/krb5/cache.c: When returning a new error code, set error string. -2005-05-31 Love Hörnquist Åstrand +2005-05-31 Love Hörnquist Ã…strand * lib/krb5/keytab_file.c: Adapt to changed signature of _krb5_xunlock, clear more error string where needed. @@ -1020,7 +1020,7 @@ * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it into something sensable -2005-05-30 Love Hörnquist Åstrand +2005-05-30 Love Hörnquist Ã…strand * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from server entry to encrypted ticket flags @@ -1036,7 +1036,7 @@ * kdc/main.c (sigterm): set exit_flag to signal causing exit; (main): trap SIGXCPU -2005-05-30 Love Hörnquist Åstrand +2005-05-30 Love Hörnquist Ã…strand * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path @@ -1056,11 +1056,11 @@ * kcm/events.c: if credentials have expired when attempting to renew, attempt to reacquire them using initial creds -2005-05-29 Love Hörnquist Åstrand +2005-05-29 Love Hörnquist Ã…strand - * lib/krb5/krb5_principal.3: Spelling, from Björn Sandell + * lib/krb5/krb5_principal.3: Spelling, from Björn Sandell - * doc/setup.texi: spelling, from Björn Sandell + * doc/setup.texi: spelling, from Björn Sandell * lib/krb5/name-45-test.c: XXX don't run the test unless the machine is in kth.se or su.se because it depends on local resolver @@ -1124,15 +1124,15 @@ * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support -2005-05-27 Love Hörnquist Åstrand +2005-05-27 Love Hörnquist Ã…strand * appl/kf/kfd.c: case uid_t to unsigned long in printf format -2005-05-25 Love Hörnquist Åstrand +2005-05-25 Love Hörnquist Ã…strand * lib/krb5/krb5_auth_context.3: remove trailing space -2005-05-24 Love Hörnquist Åstrand +2005-05-24 Love Hörnquist Ã…strand * kcm/connect.c (do_request): use sendmsg to send the reply @@ -1159,7 +1159,7 @@ * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling -2005-05-23 Love Hörnquist Åstrand +2005-05-23 Love Hörnquist Ã…strand * kcm/protocol.c: Merge the description and function jumptables into one structure. Use the length of the array when checking if @@ -1180,11 +1180,11 @@ * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. -2005-05-23 Love Hörnquist Åstrand +2005-05-23 Love Hörnquist Ã…strand * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 -2005-05-20 Love Hörnquist Åstrand +2005-05-20 Love Hörnquist Ã…strand * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, return and ignore the error @@ -1194,7 +1194,7 @@ * lib/krb5/test_keytab.c: tests all keytab format -2005-05-19 Love Hörnquist Åstrand +2005-05-19 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding errors, fail. Make sure we free memory on error. @@ -1229,7 +1229,7 @@ krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn Wilkes -2005-05-18 Love Hörnquist Åstrand +2005-05-18 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: TESTS += test_keytab @@ -1257,7 +1257,7 @@ * lib/krb5/krb5.3: add krb5_cc_new_unique -2005-05-17 Love Hörnquist Åstrand +2005-05-17 Love Hörnquist Ã…strand * lib/krb5/fcache.c (fcc_get_first): check return value from malloc, memset the structure, make sure cursor doesn't point to @@ -1285,13 +1285,13 @@ be unencrypted, for compatibility with mit kerberos and java kerberos. krb5_javakt_ops: export -2005-05-16 Love Hörnquist Åstrand +2005-05-16 Love Hörnquist Ã…strand * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that doesn't the use extended kvnos, as hinted, this is needed for Java's Kerberos implementation. -2005-05-10 Love Hörnquist Åstrand +2005-05-10 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, still no DH @@ -1309,32 +1309,32 @@ * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, krb5_krbhst_init.3,krb5_storage.3}: - make more pretty, from Björn Sandell + make more pretty, from Björn Sandell 2005-05-09 Dave Love * doc/setup.texi: Fix and clarify password quality check examples. -2005-05-09 Love Hörnquist Åstrand +2005-05-09 Love Hörnquist Ã…strand * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead of HAVE_GETPWNAM_R From: Dave Love -2005-05-07 Love Hörnquist Åstrand +2005-05-07 Love Hörnquist Ã…strand * lib/krb5/addr_families.c (krb5_print_address): catch when the - unknown adress don't fit. From Björn Sandell + unknown adress don't fit. From Björn Sandell 2005-05-05 Dave Love * configure.in: fix type right test, include for sys/strtty.h, not sys/ptyvar.h -2005-05-05 Love Hörnquist Åstrand +2005-05-05 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: spelling -2005-05-04 Love Hörnquist Åstrand +2005-05-04 Love Hörnquist Ã…strand * lib/krb5/krb5.conf.5: expand on what "trailing component" means @@ -1349,7 +1349,7 @@ * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for access files, all of which is handled like the regular ~/.k5login -2005-05-03 Love Hörnquist Åstrand +2005-05-03 Love Hörnquist Ã…strand * doc/ack.texi: Clearify what version of libdes we are using and who's code in it we are using. @@ -1367,7 +1367,7 @@ * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. -2005-05-02 Love Hörnquist Åstrand +2005-05-02 Love Hörnquist Ã…strand * tools/krb5-config.in: add com_err to required libs @@ -1384,7 +1384,7 @@ * lib/krb5/crypto.c: Don't declare des_salt &c as static with incomplete type (invalid in c89, at least). -2005-05-02 Love Hörnquist Åstrand +2005-05-02 Love Hörnquist Ã…strand * lib/krb5/krb5_locl.h: include @@ -1394,7 +1394,7 @@ namespace collision. (handle_stream): Cast arg of krb5_warnx. -2005-04-30 Love Hörnquist Åstrand +2005-04-30 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the highest bit to make windows PK-INIT happy. Also make the nonces @@ -1418,11 +1418,11 @@ * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la -2005-04-29 Love Hörnquist Åstrand +2005-04-29 Love Hörnquist Ã…strand * lib/asn1/Makefile.am: use $(LIB_com_err) -2005-04-28 Love Hörnquist Åstrand +2005-04-28 Love Hörnquist Ã…strand * lib/krb5/context.c (krb5_set_config_files): ignore permission denied on configuration files, user might not be allowed to read @@ -1433,19 +1433,19 @@ * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get posix getpwnam_r -2005-04-25 Love Hörnquist Åstrand +2005-04-25 Love Hörnquist Ã…strand * lib/asn1/gen_glue.c: switch the units variable to a function. gcc-4.1 needs the size of the structure if its defined as extern struct units foo_units[] an we don't want to include in the generate headerfile -2005-04-25 Love Hörnquist Åstrand +2005-04-25 Love Hörnquist Ã…strand * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, krb5ValidEnd, krb5PasswordEnd From Howard Chu -2005-04-24 Love Hörnquist Åstrand +2005-04-24 Love Hörnquist Ã…strand * doc/whatis.texi: comment out docbook stuff for now @@ -1488,22 +1488,22 @@ * doc/heimdal.texi: change the wrapping around the Top node to ifnottex, make html generation work - * lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell + * lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell - * lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell + * lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell - * lib/krb5/krb5_data.3: spelling, from Björn Sandell + * lib/krb5/krb5_data.3: spelling, from Björn Sandell - * lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell + * lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell - * lib/krb5/krb5_address.3: spelling, from Björn Sandell + * lib/krb5/krb5_address.3: spelling, from Björn Sandell -2005-04-23 Love Hörnquist Åstrand +2005-04-23 Love Hörnquist Ã…strand * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so kerberos 4 is always compiled in (still default disabled) @@ -1521,19 +1521,19 @@ * lib/krb5/krb5-v4compat.h: add more v4 defines -2005-04-22 Love Hörnquist Åstrand +2005-04-22 Love Hörnquist Ã…strand * kpasswd/kpasswdd.c: Support multi-realms databases, requires that all the realms are configured on the KDC in krb5.conf with [libdefaults]default_realm stanzas. -2005-04-21 Love Hörnquist Åstrand +2005-04-21 Love Hörnquist Ã…strand * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden * lib/krb5/addr_families.c: catch two more snprintf problems -2005-04-20 Love Hörnquist Åstrand +2005-04-20 Love Hörnquist Ã…strand * lib/hdb/Makefile.am: this lib include com_err, add -com_err to CHECK_SYMBOLS @@ -1541,7 +1541,7 @@ * appl/test/http_client.c: cast ssize_t to unsigned long, fix printf format -2005-04-19 Love Hörnquist Åstrand +2005-04-19 Love Hörnquist Ã…strand * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames @@ -1563,7 +1563,7 @@ * lib/krb5/test_kuserok.c: test program for krb5_kuserok -2005-04-18 Love Hörnquist Åstrand +2005-04-18 Love Hörnquist Ã…strand * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed with ccErrCCacheNotFound try again with create_default_ccache, @@ -1580,7 +1580,7 @@ * include/make_crypto.c: cast to unsigned char to make sure its not negative when passing it to is* functions -2005-04-15 Love Hörnquist Åstrand +2005-04-15 Love Hörnquist Ã…strand * doc/programming.texi: remove manpage macro, add some more references to manpages @@ -1594,7 +1594,7 @@ * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init -2005-04-14 Love Hörnquist Åstrand +2005-04-14 Love Hörnquist Ã…strand * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the same, and clients @@ -1604,25 +1604,25 @@ * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill in a keyblock from key data. -2005-04-12 Love Hörnquist Åstrand +2005-04-12 Love Hörnquist Ã…strand * configure.in: rk_WIN32_EXPORT for roken -2005-04-10 Love Hörnquist Åstrand +2005-04-10 Love Hörnquist Ã…strand * appl/test/gssapi_server.c: print out client principla of delegated credential -2005-04-07 Love Hörnquist Åstrand +2005-04-07 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert -2005-04-07 Love Hörnquist Åstrand +2005-04-07 Love Hörnquist Ã…strand * .cvsignore: ignore more generate files -2005-04-04 Love Hörnquist Åstrand +2005-04-04 Love Hörnquist Ã…strand * lib/asn1/check-der.c: use size_t, print size_t by casting to unsigned long @@ -1645,7 +1645,7 @@ between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to verify both cases -2005-04-03 Love Hörnquist Åstrand +2005-04-03 Love Hörnquist Ã…strand * appl/test/uu_client.c: print size_t by casting to unsigned long @@ -1670,7 +1670,7 @@ * lib/asn1/gen.c: avoid const string warnings steming from writeable-string -2005-03-28 Love Hörnquist Åstrand +2005-03-28 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: TESTS += test_addr @@ -1683,13 +1683,13 @@ * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on wildcards -2005-03-26 Love Hörnquist Åstrand +2005-03-26 Love Hörnquist Ã…strand * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson -2005-03-19 Love Hörnquist Åstrand +2005-03-19 Love Hörnquist Ã…strand * lib/krb5/acache.c: add mutex for global variables, clean up returned error codes, implement storing addresses into the ccapi @@ -1708,7 +1708,7 @@ * appl/test/http_client.c: Make constent with rest of the gssapi test programs -2005-03-17 Love Hörnquist Åstrand +2005-03-17 Love Hörnquist Ã…strand * lib/hdb/keys.c: AES is enabled by default, remove ifdefs @@ -1719,11 +1719,11 @@ * kdc/kerberos5.c: AES is enabled by default, remove ifdefs -2005-03-16 Love Hörnquist Åstrand +2005-03-16 Love Hörnquist Ã…strand * doc/setup.texi: Add some text about modifying the database -2005-03-15 Love Hörnquist Åstrand +2005-03-15 Love Hörnquist Ã…strand * kuser/kinit.c: widen lifetime/renewal warning text field, also make use of unparse_time_approx, no need to be specific to the @@ -1737,12 +1737,12 @@ * lib/krb5/crypto.c: fix signedness issues, prompted by report of Magnus Ahltorp -2005-03-13 Love Hörnquist Åstrand +2005-03-13 Love Hörnquist Ã…strand * lib/krb5/krb5_keytab.3: more text about how to free returned resources -2005-03-10 Love Hörnquist Åstrand +2005-03-10 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: handle the -25 generation path @@ -1750,28 +1750,28 @@ * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes -2005-03-09 Love Hörnquist Åstrand +2005-03-09 Love Hörnquist Ã…strand * kdc/pkinit.c: use generated oid's * lib/krb5/pkinit.c: use generated oid's -2005-03-08 Love Hörnquist Åstrand +2005-03-08 Love Hörnquist Ã…strand * kdc/pkinit.c: update to the asn1 structures used in -25's * lib/krb5/pkinit.c: update to the asn1 structures used in -25's -2005-03-04 Love Hörnquist Åstrand +2005-03-04 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: use the newly written hex function from roken and remove the old implementation -2005-03-01 Love Hörnquist Åstrand +2005-03-01 Love Hörnquist Ã…strand * appl/test/http_client.c: allow specifing port to connect to -2005-02-24 Love Hörnquist Åstrand +2005-02-24 Love Hörnquist Ã…strand * lib/krb5/Makefile.am: bump version to 21:0:4 @@ -1779,7 +1779,7 @@ * lib/asn1/Makefile.am: bump version to 7:0:1 -2005-02-23 Love Hörnquist Åstrand +2005-02-23 Love Hörnquist Ã…strand * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak keys after doing the DES_cbc_cksum @@ -1790,17 +1790,17 @@ config_get_hosts() in kpasswd_get_next() From: Wynn Wilkes -2005-02-15 Love Hörnquist Åstrand +2005-02-15 Love Hörnquist Ã…strand * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY From: Chaskiel M Grundman -2005-02-09 Love Hörnquist Åstrand +2005-02-09 Love Hörnquist Ã…strand * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to make %d work -2005-02-08 Love Hörnquist Åstrand +2005-02-08 Love Hörnquist Ã…strand * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the caller requested to provide the user with a glue what the caller @@ -1816,7 +1816,7 @@ * kcm/config.c: allow KCM system ccache to be configured from krb5.conf, in the system_ccache stanza of [kcm] -2005-02-03 Love Hörnquist Åstrand +2005-02-03 Love Hörnquist Ã…strand * kcm/protocol.c: use -1 as the invalid pid number @@ -1849,7 +1849,7 @@ * kcm: add KCM daemon -2005-02-02 Love Hörnquist Åstrand +2005-02-02 Love Hörnquist Ã…strand * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again @@ -1889,17 +1889,17 @@ * kdc/kerberos5.c: don't crash when logging no server etype support if client == NULL -2005-01-17 Love Hörnquist Åstrand +2005-01-17 Love Hörnquist Ã…strand * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love -2005-01-12 Love Hörnquist Åstrand +2005-01-12 Love Hörnquist Ã…strand * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using PAM. From: Dave Love -2005-01-08 Love Hörnquist Åstrand +2005-01-08 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to unsigned char @@ -1935,7 +1935,7 @@ krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point -2005-01-05 Love Hörnquist Åstrand +2005-01-05 Love Hörnquist Ã…strand * kpasswd/kpasswdd.8: document --addresses, controls what addresses kpasswd should listen too @@ -1993,12 +1993,12 @@ * lib/asn1/k5.asn1: add authorization data types for enctype negotiation implementation -2005-01-04 Love Hörnquist Åstrand +2005-01-04 Love Hörnquist Ã…strand * lib/krb5/changepw.c (change_password_loop): on failing to find a kdc, set result_code to KRB5_KPASSWD_HARDERROR -2005-01-01 Love Hörnquist Åstrand +2005-01-01 Love Hörnquist Ã…strand * doc/heimdal.texi: Happy New Year diff --git a/crypto/heimdal/ChangeLog.2006 b/crypto/heimdal/ChangeLog.2006 index f0e1ce9e966..d48ea8aba65 100644 --- a/crypto/heimdal/ChangeLog.2006 +++ b/crypto/heimdal/ChangeLog.2006 @@ -1,4 +1,4 @@ -2006-12-28 Love Hörnquist Åstrand +2006-12-28 Love Hörnquist Ã…strand * kdc/process.c: Handle kx509 requests. @@ -26,13 +26,13 @@ * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value is krb5_error_code -2006-12-27 Love Hörnquist Åstrand +2006-12-27 Love Hörnquist Ã…strand * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for des-cbc-md4 and des-cbc-md5. This is for (older) windows that will be unhappy anything else. From Inna Bort-Shatsky -2006-12-26 Love Hörnquist Åstrand +2006-12-26 Love Hörnquist Ã…strand * kdc/digest.c: Prefix internal symbol with _kdc_. @@ -48,11 +48,11 @@ * kdc/digest.c: Add digest acl's -2006-12-22 Love Hörnquist Åstrand +2006-12-22 Love Hörnquist Ã…strand * fix-export: build ntlm-private.h -2006-12-20 Love Hörnquist Åstrand +2006-12-20 Love Hörnquist Ã…strand * include/make_crypto.c: Include <.../hmac.h>. @@ -65,21 +65,21 @@ * kdc/digest.c: Add support for generating NTLM2 session security answer. -2006-12-19 Love Hörnquist Åstrand +2006-12-19 Love Hörnquist Ã…strand * lib/krb5/digest.c: Add sessionkey accessor functions. -2006-12-18 Love Hörnquist Åstrand +2006-12-18 Love Hörnquist Ã…strand * kdc/digest.c: Unwrap the NTLM session key and return it to the server. -2006-12-17 Love Hörnquist Åstrand +2006-12-17 Love Hörnquist Ã…strand * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. -2006-12-15 Love Hörnquist Åstrand +2006-12-15 Love Hörnquist Ã…strand * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. @@ -111,12 +111,12 @@ * lib/krb5/krb5_locl.h: Expand the default root for some of the cc type names. -2006-12-14 Love Hörnquist Åstrand +2006-12-14 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data structure too. Bug report from Stefan Metzmacher. -2006-12-12 Love Hörnquist Åstrand +2006-12-12 Love Hörnquist Ã…strand * kuser/kinit.c: Read the appdefault configration before we try to use the flags. Bug reported by Ingemar Nilsson. @@ -125,23 +125,23 @@ * kuser/kdigest-commands.in: prefix digest commands with digest- -2006-12-10 Love Hörnquist Åstrand +2006-12-10 Love Hörnquist Ã…strand * kdc/hprop.c: Return error codes on failure, improve error reporting. -2006-12-08 Love Hörnquist Åstrand +2006-12-08 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error strings -2006-12-07 Love Hörnquist Åstrand +2006-12-07 Love Hörnquist Ã…strand * include/Makefile.am: CLEANFILES += vis.h -2006-12-06 Love Hörnquist Åstrand +2006-12-06 Love Hörnquist Ã…strand * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the encrypted ticket @@ -164,31 +164,31 @@ really should be the trust anchors of the client. * kuser/generate-requests.c: Use strcspn to remove \n from - string returned by fgets. From Björn Sandell + string returned by fgets. From Björn Sandell * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from - string returned by fgets. From Björn Sandell + string returned by fgets. From Björn Sandell -2006-12-05 Love Hörnquist Åstrand +2006-12-05 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol - functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn + functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn Sandell. * lib/krb5/config_file.c: Use strcspn to remove \n from fgets - result. Prompted by change by Ray Lai of OpenBSD via Björn + result. Prompted by change by Ray Lai of OpenBSD via Björn Sandell. * kdc/string2key.c: Use strcspn to remove \n from fgets - result. Prompted by change by Ray Lai of OpenBSD via Björn + result. Prompted by change by Ray Lai of OpenBSD via Björn Sandell. -2006-11-30 Love Hörnquist Åstrand +2006-11-30 Love Hörnquist Ã…strand * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass in a NULLed plugin list -2006-11-29 Love Hörnquist Åstrand +2006-11-29 Love Hörnquist Ã…strand * lib/krb5/verify_krb5_conf.c: add more pkinit options. @@ -201,7 +201,7 @@ * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX -2006-11-28 Love Hörnquist Åstrand +2006-11-28 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry wrapping. Patch from Andreas Hasenack. @@ -209,7 +209,7 @@ * kdc/pkinit.c: Need better code in the DH parameter rejection case, add comment to that effect. -2006-11-27 Love Hörnquist Åstrand +2006-11-27 Love Hörnquist Ã…strand * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large packets when using datagram based transports. @@ -218,7 +218,7 @@ * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. -2006-11-26 Love Hörnquist Åstrand +2006-11-26 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Pass down hx509_peer_info. @@ -228,19 +228,19 @@ * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. -2006-11-24 Love Hörnquist Åstrand +2006-11-24 Love Hörnquist Ã…strand * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not fragment packets and avoid stupid linklayers that doesn't allow fragmented packets (unix dgram sockets on Mac OS X) -2006-11-23 Love Hörnquist Åstrand +2006-11-23 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users certs in the pool to make sure a path is returned, without this proxy certificates wont work. -2006-11-21 Love Hörnquist Åstrand +2006-11-21 Love Hörnquist Ã…strand * kdc/config.c: Make all pkinit options prefixed with pkinit_ @@ -257,7 +257,7 @@ * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate checksum. -2006-11-20 Love Hörnquist Åstrand +2006-11-20 Love Hörnquist Ã…strand * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a context argument. @@ -286,14 +286,14 @@ * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a context argument. -2006-11-19 Love Hörnquist Åstrand +2006-11-19 Love Hörnquist Ã…strand * doc/setup.texi: fix pkinit option (s/-/_/) * kdc/config.c: revert the enable-pkinit change, and make it consistant with all other other enable- options -2006-11-17 Love Hörnquist Åstrand +2006-11-17 Love Hörnquist Ã…strand * doc/setup.texi: Make all pkinit options prefixed with pkinit_ @@ -310,7 +310,7 @@ * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, deal. -2006-11-13 Love Hörnquist Åstrand +2006-11-13 Love Hörnquist Ã…strand * lib/krb5/pac.c (fill_zeros): stop using MIN. @@ -325,7 +325,7 @@ * lib/krb5/krbhst.c: Use plugin for the other realm locate types too. -2006-11-12 Love Hörnquist Åstrand +2006-11-12 Love Hörnquist Ã…strand * lib/krb5/krb5_locl.h: Add plugin api @@ -344,7 +344,7 @@ * lib/krb5/krb5.h: Add struct krb5_pac. -2006-11-09 Love Hörnquist Åstrand +2006-11-09 Love Hörnquist Ã…strand * lib/krb5/test_pac.c: PAC testing. @@ -362,7 +362,7 @@ * lib/krb5/mit_glue.c: Add krb5_c_keylength. -2006-11-08 Love Hörnquist Åstrand +2006-11-08 Love Hörnquist Ã…strand * lib/krb5/pac.c: Almost enough code to do PAC parsing and verification, missing in the unix2NTTIME and ucs2 corner. The @@ -372,7 +372,7 @@ * kdc/hpropd.c: Remove support dumping to a kerberos 4 database. -2006-11-07 Love Hörnquist Åstrand +2006-11-07 Love Hörnquist Ã…strand * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to krb5_[gs]et_max_time_skew @@ -382,7 +382,7 @@ * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. -2006-11-06 Love Hörnquist Åstrand +2006-11-06 Love Hörnquist Ã…strand * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. @@ -390,11 +390,11 @@ dancing version of the krb5_rd_req and implement krb5_rd_req and krb5_rd_req_with_keyblock using it. -2006-11-04 Love Hörnquist Åstrand +2006-11-04 Love Hörnquist Ã…strand * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. -2006-11-03 Love Hörnquist Åstrand +2006-11-03 Love Hörnquist Ã…strand * lib/krb5/expand_hostname.c: Rename various routines and constants from canonize to canonicalize. From Andrew Bartlett @@ -407,12 +407,12 @@ * appl/gssmask/common.c (add_list): fix alloc statement. From Alex Deiter -2006-10-25 Love Hörnquist Åstrand +2006-10-25 Love Hörnquist Ã…strand * include/Makefile.am: Move version.h and version.h.in to DISTCLEANFILES. -2006-10-24 Love Hörnquist Åstrand +2006-10-24 Love Hörnquist Ã…strand * appl/gssmask/gssmask.c: Only log when there are resources left. @@ -421,11 +421,11 @@ * appl/gssmask/gssmask.c (AcquireCreds): free krb5_get_init_creds_opt -2006-10-23 Love Hörnquist Åstrand +2006-10-23 Love Hörnquist Ã…strand * configure.in: heimdal 0.8-RC1 -2006-10-22 Love Hörnquist Åstrand +2006-10-22 Love Hörnquist Ã…strand * lib/krb5/digest.c: Try to not leak memory. @@ -459,7 +459,7 @@ * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. -2006-10-21 Love Hörnquist Åstrand +2006-10-21 Love Hörnquist Ã…strand * tools/heimdal-build.sh: Add --test-environment @@ -468,7 +468,7 @@ * lib/hdb/Makefile.am: remove dependency on et files covert_db that now is removed -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * include/Makefile.am: add gssapi to subdirs @@ -507,7 +507,7 @@ * lib/krb5/Makefile.am: add more files -2006-10-19 Love Hörnquist Åstrand +2006-10-19 Love Hörnquist Ã…strand * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. @@ -521,7 +521,7 @@ * configure.in: make --disable-pk-init help text also negative -2006-10-18 Love Hörnquist Åstrand +2006-10-18 Love Hörnquist Ã…strand * kuser/kgetcred.c: Avoid memory leak. @@ -538,7 +538,7 @@ * lib/krb5/test_princ.c: Test principal parsing and unparsing. -2006-10-17 Love Hörnquist Åstrand +2006-10-17 Love Hörnquist Ã…strand * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we don't recurse @@ -591,11 +591,11 @@ * kdc/kerberos5.c: Prefix asn1 primitives with der_. -2006-10-16 Love Hörnquist Åstrand +2006-10-16 Love Hörnquist Ã…strand * fix-export: Build lib/asn1/der-protos.h. -2006-10-14 Love Hörnquist Åstrand +2006-10-14 Love Hörnquist Ã…strand * appl/gssmask/Makefile.am: Add explit depenency on libroken. @@ -618,7 +618,7 @@ * lib/krb5/data.c: Prefix der primitives with der_. -2006-10-12 Love Hörnquist Åstrand +2006-10-12 Love Hörnquist Ã…strand * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From Olga Kornievskaia. @@ -627,13 +627,13 @@ * include/bits.c: Include Xint64 types. -2006-10-10 Love Hörnquist Åstrand +2006-10-10 Love Hörnquist Ã…strand * tools/heimdal-build.sh: Add socketwrapper and cputime limit. * kdc/connect.c (loop): Log that the kdc have started. -2006-10-09 Love Hörnquist Åstrand +2006-10-09 Love Hörnquist Ã…strand * kdc/connect.c (do_request): tell krb5_kdc_process_request if its a datagram reply or not @@ -658,7 +658,7 @@ * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from auth->cusec. -2006-10-08 Love Hörnquist Åstrand +2006-10-08 Love Hörnquist Ã…strand * fix-export: dist_-ify libkadm5clnt_la_SOURCES too @@ -677,7 +677,7 @@ checksum is done over the whole packet. Reported by Olga Kornievskaia -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * include/Makefile.am: crypto-headers.h is a nodist header @@ -698,7 +698,7 @@ * kdc/kerberos5.c: Adapt to signature change of _krb5_principalname2krb5_principal. -2006-10-06 Love Hörnquist Åstrand +2006-10-06 Love Hörnquist Ã…strand * lib/krb5/krbhst.c (common_init): don't try DNS when there is realm w/o a dot. @@ -736,7 +736,7 @@ * appl/gssmask/common.h: Maybe include . -2006-10-05 Love Hörnquist Åstrand +2006-10-05 Love Hörnquist Ã…strand * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and explain why @@ -749,7 +749,7 @@ * tools/heimdal-build.sh: first cut -2006-10-04 Love Hörnquist Åstrand +2006-10-04 Love Hörnquist Ã…strand * configure.in: Call AB_INIT. @@ -762,11 +762,11 @@ * lib/krb5/krb5_digest.3: Add all protos -2006-10-03 Love Hörnquist Åstrand +2006-10-03 Love Hörnquist Ã…strand * lib/krb5/krb5_digest.3: Basic krb5_digest manpage. -2006-10-02 Love Hörnquist Åstrand +2006-10-02 Love Hörnquist Ã…strand * fix-export: build gssapi mech private files @@ -786,7 +786,7 @@ * fix-export: build gssapi mech private files -2006-09-26 Love Hörnquist Åstrand +2006-09-26 Love Hörnquist Ã…strand * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context building, better error handling. @@ -799,18 +799,18 @@ * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is the same as afterward. -2006-09-25 Love Hörnquist Åstrand +2006-09-25 Love Hörnquist Ã…strand * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. * appl/gssmask/gssmaestro.c: Add logsocket support. -2006-09-22 Love Hörnquist Åstrand +2006-09-22 Love Hörnquist Ã…strand * appl/gssmask/gssmaestro.c (build_context): print the step the context exchange. -2006-09-21 Love Hörnquist Åstrand +2006-09-21 Love Hörnquist Ã…strand * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG to all context flags @@ -826,7 +826,7 @@ * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx seems broken and its not good to upgrade to a broken enctype. -2006-09-20 Love Hörnquist Åstrand +2006-09-20 Love Hörnquist Ã…strand * appl/gssmask/gssmask.c: Add wrap/unwrap ops @@ -842,7 +842,7 @@ * appl/gssmask/gssmaestro.c: test self context building and all permutation of clients -2006-09-19 Love Hörnquist Åstrand +2006-09-19 Love Hörnquist Ã…strand * appl/gssmask/gssmask.c: add --logfile option, use htons() on port number @@ -851,7 +851,7 @@ * configure.in: Make pk-init turned on by default. -2006-09-18 Love Hörnquist Åstrand +2006-09-18 Love Hörnquist Ã…strand * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. @@ -864,20 +864,20 @@ * kdc/krb5tgs.c: Check the adtkt in the constrained delegation case too. -2006-09-16 Love Hörnquist Åstrand +2006-09-16 Love Hörnquist Ã…strand * kdc/main.c (sigterm): don't _exit, let loop() catch the signal instead. - * lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell. + * lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell. - * lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell. + * lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell. -2006-09-15 Love Hörnquist Åstrand +2006-09-15 Love Hörnquist Ã…strand * tools/krb5-config.in: Add "kafs" option. -2006-09-12 Love Hörnquist Åstrand +2006-09-12 Love Hörnquist Ã…strand * lib/hdb/db.c: By using full function calling conversion (*func) we avoid problem when close(fd) is overridden using a macro. @@ -886,7 +886,7 @@ conversion (*func) we avoid problem when close(fd) is overridden using a macro. -2006-09-11 Love Hörnquist Åstrand +2006-09-11 Love Hörnquist Ã…strand * kdc/kerberos5.c: Signing outgoing tickets. @@ -896,17 +896,17 @@ * lib/krb5/pkinit.c: Adapt to new signature of hx509_cms_unenvelope. -2006-09-09 Love Hörnquist Åstrand +2006-09-09 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a sensable way -2006-09-08 Love Hörnquist Åstrand +2006-09-08 Love Hörnquist Ã…strand * lib/krb5/krb5_init_context.3: Prevent a font generation warning, from Jason McIntyre. -2006-09-06 Love Hörnquist Åstrand +2006-09-06 Love Hörnquist Ã…strand * lib/krb5/context.c (krb5_init_ets): Add the hx errortable @@ -915,7 +915,7 @@ * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string from the hx509 lib -2006-09-04 Love Hörnquist Åstrand +2006-09-04 Love Hörnquist Ã…strand * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): fix argument to krb5_get_init_creds_opt_set_addressless. @@ -945,14 +945,14 @@ instead of passing in the empty set of address into krb5_get_init_creds_opt_set_addresses. -2006-09-01 Love Hörnquist Åstrand +2006-09-01 Love Hörnquist Ã…strand * kuser/kinit.c (renew_validate): inherit the proxiable and forwardable from the orignal ticket, pointed out by Bernard Antoine of CERN. * doc/setup.texi: More text about the acl_file entry and - hdb-ldap-structural-object. From Rüdiger Ranft. + hdb-ldap-structural-object. From Rüdiger Ranft. * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback lookups to 5. Patch from Wesley Craig, umich.edu @@ -963,7 +963,7 @@ * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth Patch from Ingemar Nilsson -2006-08-28 Love Hörnquist Åstrand +2006-08-28 Love Hörnquist Ã…strand * kuser/kdigest.c (help): use sl_slc_help(). @@ -971,7 +971,7 @@ * lib/krb5/digest.c: Catch more error. -2006-08-25 Love Hörnquist Åstrand +2006-08-25 Love Hörnquist Ã…strand * doc/setup.texi: language. @@ -984,7 +984,7 @@ * lib/krb5/digest.c: In the case where we get a DigestError back, save the error string and code. -2006-08-24 Love Hörnquist Åstrand +2006-08-24 Love Hörnquist Ã…strand * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. @@ -1027,7 +1027,7 @@ tgt etype, now the krbtgt can be a aes-only key without the need to support not-as-good etypes for the krbtgt. -2006-08-23 Love Hörnquist Åstrand +2006-08-23 Love Hörnquist Ã…strand * kdc/misc.c: Change _kdc_db_fetch() to return the database pointer to if needed by the consumer. @@ -1059,13 +1059,13 @@ * lib/krb5/digest.c: Add digest support to the client side. -2006-08-21 Love Hörnquist Åstrand +2006-08-21 Love Hörnquist Ã…strand * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on error and set return pointer to NULL (krb5_free_ap_rep_enc_part): permit freeing of NULL -2006-08-18 Love Hörnquist Åstrand +2006-08-18 Love Hörnquist Ã…strand * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: Frontend for remote digest service in KDC @@ -1081,7 +1081,7 @@ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear error string on error. -2006-07-20 Love Hörnquist Åstrand +2006-07-20 Love Hörnquist Ã…strand * lib/krb5/crypto.c: remove aes-192 (CMS) @@ -1089,7 +1089,7 @@ * lib/krb5/crypto.c: Remove CMS symmetric encryption support. -2006-07-13 Love Hörnquist Åstrand +2006-07-13 Love Hörnquist Ã…strand * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when there are no acl @@ -1105,7 +1105,7 @@ * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). -2006-07-10 Love Hörnquist Åstrand +2006-07-10 Love Hörnquist Ã…strand * kuser/kinit.c: If --password-file gets STDIN, read the password from the standard input. @@ -1114,20 +1114,20 @@ * lib/krb5/krb5_string_to_key.3: Remove duplicate to. -2006-07-06 Love Hörnquist Åstrand +2006-07-06 Love Hörnquist Ã…strand * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed principals, check the second component of the krbtgt, otherwise cross realm wont work. Prompted by report from Mattias Amnefelt. -2006-07-05 Love Hörnquist Åstrand +2006-07-05 Love Hörnquist Ã…strand * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for length (handle_tcp): if the high bit it set in the unknown case, send back a KRB_ERR_FIELD_TOOLONG -2006-07-03 Love Hörnquist Åstrand +2006-07-03 Love Hörnquist Ã…strand * appl/gssmask/gssmaestro.c: Add get_version_capa, cache target_name. @@ -1143,7 +1143,7 @@ * appl/gssmask/gssmaestro.c: break out out the build context function -2006-07-01 Love Hörnquist Åstrand +2006-07-01 Love Hörnquist Ã…strand * appl/gssmask/gssmaestro.c: externalize slave handling, add GetTargetName glue @@ -1160,7 +1160,7 @@ * appl/gssmask: break out common function; add gssmaestro (that only tests one context for now) -2006-06-30 Love Hörnquist Åstrand +2006-06-30 Love Hörnquist Ã…strand * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on malloc failure @@ -1173,11 +1173,11 @@ * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME as the default prefix -2006-06-28 Love Hörnquist Åstrand +2006-06-28 Love Hörnquist Ã…strand * doc/heimdal.texi: Add Doug Rabson's license -2006-06-22 Love Hörnquist Åstrand +2006-06-22 Love Hörnquist Ã…strand * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the krb5_get_init_creds_opt structure. @@ -1187,11 +1187,11 @@ * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add KRB-ERROR -2006-06-21 Love Hörnquist Åstrand +2006-06-21 Love Hörnquist Ã…strand * doc/setup.texi: section about verify_krb5_conf and kadmin check -2006-06-15 Love Hörnquist Åstrand +2006-06-15 Love Hörnquist Ã…strand * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred argument, its unused @@ -1200,7 +1200,7 @@ * lib/krb5/krb5_get_creds.3: new file -2006-06-14 Love Hörnquist Åstrand +2006-06-14 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is ARCFOUR key already. Idea from Andreas Hasenack. While here, set @@ -1211,7 +1211,7 @@ * kdc/kdc.h: Add enable_v4_per_principal -2006-06-12 Love Hörnquist Åstrand +2006-06-12 Love Hörnquist Ã…strand * kdc/kerberos5.c (_kdc_as_rep): if kdc_time + config->kdc_warn_pwexpire is past pw_end, add expiration @@ -1222,11 +1222,11 @@ * kdc/kerberos5.c: indent. -2006-06-07 Love Hörnquist Åstrand +2006-06-07 Love Hörnquist Ã…strand * kdc/kerberos5.c: constify -2006-06-06 Love Hörnquist Åstrand +2006-06-06 Love Hörnquist Ã…strand * lib/krb5/get_cred.c: Allow setting additional tickets in the tgs-req @@ -1252,7 +1252,7 @@ * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more KRB5_GC flags. -2006-06-01 Love Hörnquist Åstrand +2006-06-01 Love Hörnquist Ã…strand * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. @@ -1271,13 +1271,13 @@ * kdc/kerberos5.c: split out krb5 tgs req to make it easier to reorganize the code. -2006-05-29 Love Hörnquist Åstrand +2006-05-29 Love Hörnquist Ã…strand - * lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell + * lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell - * lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell + * lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell -2006-05-13 Love Hörnquist Åstrand +2006-05-13 Love Hörnquist Ã…strand * kpasswd/kpasswdd.c (change): select the realm based on the target principal From Gabor Gombas @@ -1286,7 +1286,7 @@ * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO -2006-05-12 Love Hörnquist Åstrand +2006-05-12 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. Fix a warning. @@ -1307,7 +1307,7 @@ * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason McIntyre. -2006-05-11 Love Hörnquist Åstrand +2006-05-11 Love Hörnquist Ã…strand * kuser/kinit.c: Move parsing of the PK-INIT configuration file to the library so application doesn't need to deal with it. @@ -1322,7 +1322,7 @@ * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 on failure. Pointed out by Douglas E. Engert. -2006-05-08 Love Hörnquist Åstrand +2006-05-08 Love Hörnquist Ã…strand * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto context cases and doesn't reset the string, and corrects the @@ -1331,7 +1331,7 @@ * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, its all containted in libhcrypto and libhx509 now. -2006-05-07 Love Hörnquist Åstrand +2006-05-07 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use hx509_get_one_cert. @@ -1339,7 +1339,7 @@ * lib/krb5/crypto.c (create_checksum): provide a error message that a key checksum needs a key. From Andew Bartlett. -2006-05-06 Love Hörnquist Åstrand +2006-05-06 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check for hx509 null DH. @@ -1357,21 +1357,21 @@ * kcm/acl.c: Multicache kcm interation isn't done yet, let wait with this enum. -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand - * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn + * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn Sandell - * lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell + * lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell - * lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell + * lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell - * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell + * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell - * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn + * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn Sandell - * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn + * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn Sandell * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit @@ -1399,7 +1399,7 @@ * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. -2006-05-04 Love Hörnquist Åstrand +2006-05-04 Love Hörnquist Ã…strand * kdc/kerberos4.c: Use the new unsigned integer storage types. @@ -1417,7 +1417,7 @@ * lib/krb5/test_store.c: Test the integer storage types. -2006-05-03 Love Hörnquist Åstrand +2006-05-03 Love Hörnquist Ã…strand * lib/krb5/store.c (krb5_store_principal): make it take a krb5_const_principal, indent @@ -1432,79 +1432,79 @@ * kdc/config.c: read [kdc]pki-kdc-ocsp -2006-05-02 Love Hörnquist Åstrand +2006-05-02 Love Hörnquist Ã…strand * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if it seems to be valid, simplfy the pkinit-windows DH case (it doesn't exists). -2006-05-01 Love Hörnquist Åstrand +2006-05-01 Love Hörnquist Ã…strand - * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell. + * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn Sandell. * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. - * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn Sandell. - * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn + * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn Sandell. * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, - from Björn Sandell. + from Björn Sandell. * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, - from Björn Sandell. + from Björn Sandell. * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. * lib/krb5/krb5_address.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from - Björn Sandell. + Björn Sandell. - * lib/krb5/krb5.3: Spelling, from Björn Sandell. + * lib/krb5/krb5.3: Spelling, from Björn Sandell. - * doc/ack.texi: add Björn + * doc/ack.texi: add Björn -2006-04-30 Love Hörnquist Åstrand +2006-04-30 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (cert2epi): don't include subject if its null -2006-04-29 Love Hörnquist Åstrand +2006-04-29 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Send over what trust anchors the client have configured. @@ -1516,7 +1516,7 @@ * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log when a SAN matches. -2006-04-28 Love Hörnquist Åstrand +2006-04-28 Love Hörnquist Ã…strand * doc/setup.texi: More options and some text about windows clients, certificate and KDCs. @@ -1529,7 +1529,7 @@ * lib/hdb/hdb.h: Bump hdb interface version to 4. -2006-04-27 Love Hörnquist Åstrand +2006-04-27 Love Hörnquist Ã…strand * kuser/kdestroy.1: Document --credential=principal. @@ -1556,7 +1556,7 @@ the entry and pass it in as a seprate argument. Add more flags to ->hdb_get(). Re-indent. -2006-04-26 Love Hörnquist Åstrand +2006-04-26 Love Hörnquist Ã…strand * doc/setup.texi: document pki-allow-proxy-certificate @@ -1576,7 +1576,7 @@ * kdc/kerberos5.c (find_keys): add client_name and server_name argument and use them, and adapt callers. -2006-04-25 Love Hörnquist Åstrand +2006-04-25 Love Hörnquist Ã…strand * kuser/kinit.1: document option password-file @@ -1594,7 +1594,7 @@ * lib/hdb/keys.c (parse_key_set): handle error case better (hdb_generate_key_set): return better error -2006-04-24 Love Hörnquist Åstrand +2006-04-24 Love Hörnquist Ã…strand * lib/hdb/hdb.c (hdb_create): print out what we don't support @@ -1619,7 +1619,7 @@ * lib/krb5/init_creds_pw.c: Pass down realm to _krb5_pk_rd_pa_reply -2006-04-23 Love Hörnquist Åstrand +2006-04-23 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding subjectAltName_otherName pk-init-san and verifing it. @@ -1639,13 +1639,13 @@ * tools/kdc-log-analyze.pl: count v5 cross realms too -2006-04-22 Love Hörnquist Åstrand +2006-04-22 Love Hörnquist Ã…strand * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. -2006-04-20 Love Hörnquist Åstrand +2006-04-20 Love Hörnquist Ã…strand * kdc/pkinit.c (_kdc_pk_rd_padata): use hx509_cms_unwrap_ContentInfo. @@ -1658,7 +1658,7 @@ * kdc/config.c: Rename pki-chain to pki-pool to match rest of code. -2006-04-12 Love Hörnquist Åstrand +2006-04-12 Love Hörnquist Ã…strand * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. @@ -1673,7 +1673,7 @@ * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke information, ie CRL's -2006-04-10 Love Hörnquist Åstrand +2006-04-10 Love Hörnquist Ã…strand * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. @@ -1718,15 +1718,15 @@ calloc. removed check that was never really used. Coverity NetBSD CID#2370 -2006-04-09 Love Hörnquist Åstrand +2006-04-09 Love Hörnquist Ã…strand - * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´ + * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´ points to NULL in case of error, add error handling, use calloc. * kpasswd/kpasswdd.c (doit): when done, close all fd in the sockets array and free it. Coverity NetBSD CID#1916 -2006-04-08 Love Hörnquist Åstrand +2006-04-08 Love Hörnquist Ã…strand * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, NetBSD CID#1695 @@ -1734,7 +1734,7 @@ * kdc/524.c (_kdc_do_524): Handle memory allocation failure Coverity, NetBSD CID#2752 -2006-04-07 Love Hörnquist Åstrand +2006-04-07 Love Hörnquist Ã…strand * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory leak Coverity NetBSD CID#1890 @@ -1749,12 +1749,12 @@ * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 -2006-04-04 Love Hörnquist Åstrand +2006-04-04 Love Hörnquist Ã…strand * kpasswd/kpasswd-generator.c (read_words): catch empty file case, will cause PBE (division by zero) later. From Tobias Stoeckmann. -2006-04-02 Love Hörnquist Åstrand +2006-04-02 Love Hörnquist Ã…strand * lib/hdb/keytab.c: Remove a delta from last revision that should have gone in later. @@ -1832,7 +1832,7 @@ * lib/krb5/log.c (krb5_addlog_dest): make string length match strings in strcasecmp. Found by IBM checker. -2006-03-30 Love Hörnquist Åstrand +2006-03-30 Love Hörnquist Ã…strand * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set variable_name as "hdb_entry_ex" @@ -1846,7 +1846,7 @@ * kuser/kinit.c: Add pool of certificates to help certificate path building for clients sending incomplete path in the signedData. -2006-03-28 Love Hörnquist Åstrand +2006-03-28 Love Hörnquist Ã…strand * kdc/pkinit.c: Add pool of certificates to help certificate path building for clients sending incomplete path in the signedData. @@ -1855,7 +1855,7 @@ path building for clients sending incomplete path in the signedData. -2006-03-27 Love Hörnquist Åstrand +2006-03-27 Love Hörnquist Ã…strand * kdc/config.c: Allow passing in related certificates used to build the chain. @@ -1872,7 +1872,7 @@ * tools/Makefile.am: Add hx509 when using PK-INIT. -2006-03-26 Love Hörnquist Åstrand +2006-03-26 Love Hörnquist Ã…strand * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS X Kerberos.app problems. @@ -1896,30 +1896,30 @@ * lib/krb5/pkinit.c: Switch to hx509. -2006-03-24 Love Hörnquist Åstrand +2006-03-24 Love Hörnquist Ã…strand * kdc/kerberos5.c (log_patypes): log the patypes requested by the client -2006-03-23 Love Hörnquist Åstrand +2006-03-23 Love Hörnquist Ã…strand * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the req_buffer in the w2k case too. From Douglas E. Engert. -2006-03-19 Love Hörnquist Åstrand +2006-03-19 Love Hörnquist Ã…strand * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto error handling. Fixes Coverity NetBSD CID 2591 by catching a failing krb5_copy_keyblock() -2006-03-17 Love Hörnquist Åstrand +2006-03-17 Love Hörnquist Ã…strand * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in address when free-ing. Fixes Coverity NetBSD bug #2605 (krb5_parse_address): reset val,len before possibly return errors Fixes Coverity NetBSD bug #2605 -2006-03-07 Love Hörnquist Åstrand +2006-03-07 Love Hörnquist Ã…strand * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but make sure nbytes > 0 @@ -1930,7 +1930,7 @@ * lib/krb5/crypto.c (decrypt_*): handle the case where the plaintext is 0 bytes long, realloc might then return NULL. -2006-02-28 Love Hörnquist Åstrand +2006-02-28 Love Hörnquist Ã…strand * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. @@ -1949,24 +1949,24 @@ else, they should be around the example, not inside it, and probably shouldn't be used in html at all -2006-02-18 Love Hörnquist Åstrand +2006-02-18 Love Hörnquist Ã…strand * lib/krb5/krb5_warn.3: Document that applications want to use krb5_get_error_message, add example. -2006-02-16 Love Hörnquist Åstrand +2006-02-16 Love Hörnquist Ã…strand * lib/krb5/crypto.c (krb5_generate_random_block): check return value from RAND_bytes * lib/krb5/error_string.c: Change indentation, update (c) -2006-02-14 Love Hörnquist Åstrand +2006-02-14 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when compiling w/o pkinit. -2006-02-13 Love Hörnquist Åstrand +2006-02-13 Love Hörnquist Ã…strand * lib/krb5/pkinit.c: update to new paChecksum definition, update the dhgroup handling @@ -1974,14 +1974,14 @@ * kdc/pkinit.c: update to new paChecksum definition, use hdb_entry_ex -2006-02-09 Love Hörnquist Åstrand +2006-02-09 Love Hörnquist Ã…strand * lib/krb5/krb5_locl.h: Move Configurable options to last in the file. * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef -2006-02-03 Love Hörnquist Åstrand +2006-02-03 Love Hörnquist Ã…strand * kpasswd/kpasswdd.c: Send back a better error-message to the client in case the password change was rejected. @@ -2011,23 +2011,23 @@ * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that controlls all address-less behavior. Defaults to false. -2006-02-01 Love Hörnquist Åstrand +2006-02-01 Love Hörnquist Ã…strand * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE failes to produce the matching lenghts. -2006-01-27 Love Hörnquist Åstrand +2006-01-27 Love Hörnquist Ã…strand * kcm/protocol.c (kcm_op_retrieve): remove unused variable -2006-01-15 Love Hörnquist Åstrand +2006-01-15 Love Hörnquist Ã…strand * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to kadm-server, kerberos library doesn't depend on db-library. -2006-01-13 Love Hörnquist Åstrand +2006-01-13 Love Hörnquist Ã…strand * include/Makefile.am: Don't clean crypto headers, they now live in hcrypto/. Add hcrypto to SUBDIRS. @@ -2039,7 +2039,7 @@ * include/make_crypto.c: Include more crypto headerfiles. Remove support for old hash names. -2006-01-02 Love Hörnquist Åstrand +2006-01-02 Love Hörnquist Ã…strand * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, from Andrew Bartlet. diff --git a/crypto/heimdal/LICENSE b/crypto/heimdal/LICENSE index d61e65fecdb..404347b4bda 100644 --- a/crypto/heimdal/LICENSE +++ b/crypto/heimdal/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 1995 - 2007 Kungliga Tekniska Högskolan +Copyright (c) 1995 - 2011 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. @@ -28,3 +28,6 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +Please see info documentation for the complete list of licenses. diff --git a/crypto/heimdal/Makefile.am b/crypto/heimdal/Makefile.am index 693c23fe10d..250809631ff 100644 --- a/crypto/heimdal/Makefile.am +++ b/crypto/heimdal/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 22497 2008-01-21 12:12:23Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -6,13 +6,21 @@ if KCM kcm_dir = kcm endif -SUBDIRS= include lib kuser kdc admin kadmin kpasswd -SUBDIRS+= $(kcm_dir) appl doc tools tests packages etc +SUBDIRS= include base lib kuser kdc admin kadmin kpasswd +SUBDIRS+= $(kcm_dir) appl tools tests packages etc po + +if HEIMDAL_DOCUMENTATION +SUBDIRS+= doc +endif + + ## ACLOCAL = @ACLOCAL@ -I cf ACLOCAL_AMFLAGS = -I cf EXTRA_DIST = \ + NTMakefile \ + windows \ TODO \ LICENSE \ README \ diff --git a/crypto/heimdal/Makefile.am.common b/crypto/heimdal/Makefile.am.common index b3bbf45088e..7f10e71f2ef 100644 --- a/crypto/heimdal/Makefile.am.common +++ b/crypto/heimdal/Makefile.am.common @@ -1,4 +1,4 @@ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ include $(top_srcdir)/cf/Makefile.am.common diff --git a/crypto/heimdal/Makefile.in b/crypto/heimdal/Makefile.in index 68a2ddf55e1..35feeabad74 100644 --- a/crypto/heimdal/Makefile.in +++ b/crypto/heimdal/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 22497 2008-01-21 12:12:23Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -40,12 +42,13 @@ host_triplet = @host@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure \ - ChangeLog NEWS TODO compile config.guess config.sub install-sh \ - ltmain.sh missing ylwrap + ChangeLog NEWS TODO compile config.guess config.sub depcomp \ + install-sh ltmain.sh missing ylwrap +@HEIMDAL_DOCUMENTATION_TRUE@am__append_1 = doc subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +77,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,7 +90,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ @@ -92,8 +98,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -105,17 +110,45 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = include lib kuser kdc admin kadmin kpasswd kcm appl doc \ - tools tests packages etc +DIST_SUBDIRS = include base lib kuser kdc admin kadmin kpasswd kcm \ + appl tools tests packages etc po doc DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ - { test ! -d $(distdir) \ - || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr $(distdir); }; } + { test ! -d "$(distdir)" \ + || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr "$(distdir)"; }; } +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print @@ -124,49 +157,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -190,10 +232,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -210,6 +253,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -225,31 +270,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -264,10 +323,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -308,35 +369,42 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la @KCM_TRUE@kcm_dir = kcm -SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl \ - doc tools tests packages etc +SUBDIRS = include base lib kuser kdc admin kadmin kpasswd $(kcm_dir) \ + appl tools tests packages etc po $(am__append_1) ACLOCAL_AMFLAGS = -I cf EXTRA_DIST = \ + NTMakefile \ + windows \ TODO \ LICENSE \ README \ @@ -373,22 +441,22 @@ EXTRA_DIST = \ all: all-recursive .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c am--refresh: @: $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --foreign --ignore-deps'; \ - cd $(srcdir) && $(AUTOMAKE) --foreign --ignore-deps \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -404,9 +472,10 @@ $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENC $(SHELL) ./config.status --recheck $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(srcdir) && $(AUTOCONF) + $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -415,7 +484,7 @@ clean-libtool: -rm -rf .libs _libs distclean-libtool: - -rm -f libtool + -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. @@ -424,7 +493,7 @@ distclean-libtool: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -441,7 +510,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -449,7 +518,7 @@ $(RECURSIVE_TARGETS): fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -475,16 +544,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -492,14 +561,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -511,46 +580,50 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) $(am__remove_distdir) - test -d $(distdir) || mkdir $(distdir) + test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -566,29 +639,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -596,11 +684,13 @@ distdir: $(DISTFILES) $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ - || chmod -R a+r $(distdir) + || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) @@ -609,6 +699,14 @@ dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 $(am__remove_distdir) +dist-lzma: distdir + tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma + $(am__remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz + $(am__remove_distdir) + dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__remove_distdir) @@ -632,13 +730,17 @@ dist dist-all: distdir distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ - bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lzma*) \ + lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac @@ -646,9 +748,11 @@ distcheck: dist mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ - && cd $(distdir)/_build \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ @@ -670,13 +774,15 @@ distcheck: dist && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ - && $(MAKE) $(AM_MAKEFLAGS) distcleancheck + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: - @cd $(distuninstallcheck_dir) \ + @$(am__cd) '$(distuninstallcheck_dir)' \ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ @@ -719,6 +825,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -739,6 +846,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -746,23 +855,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -786,26 +903,27 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ + ctags-recursive install-am install-data-am install-exec-am \ + install-strip tags-recursive uninstall-am .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local am--refresh check check-am check-local \ clean clean-generic clean-libtool ctags ctags-recursive dist \ - dist-all dist-bzip2 dist-gzip dist-hook dist-shar dist-tarZ \ - dist-zip distcheck distclean distclean-generic \ - distclean-libtool distclean-tags distcleancheck distdir \ - distuninstallcheck dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am \ - install-data-hook install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am uninstall-hook + dist-all dist-bzip2 dist-gzip dist-hook dist-lzma dist-shar \ + dist-tarZ dist-xz dist-zip distcheck distclean \ + distclean-generic distclean-libtool distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-recursive uninstall uninstall-am \ + uninstall-hook install-suid-programs: @@ -876,6 +994,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -961,7 +1082,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -977,6 +1098,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) print-distdir: @echo $(distdir) + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS index f0504274042..585d7cf4af3 100644 --- a/crypto/heimdal/NEWS +++ b/crypto/heimdal/NEWS @@ -1,3 +1,162 @@ +Release Notes - Heimdal - Version Heimdal 1.5 + +New features + + - Support GSS name extensions/attributes + - SHA512 support + - No Kerberos 4 support + - Basic support for MIT Admin protocol (SECGSS flavor) + in kadmind (extract keytab) + - Replace editline with libedit + +Release Notes - Heimdal - Version Heimdal 1.4 + + New features + + - Support for reading MIT database file directly + - KCM is polished up and now used in production + - NTLM first class citizen, credentials stored in KCM + - Table driven ASN.1 compiler, smaller!, not enabled by default + - Native Windows client support + +Notes + + - Disabled write support NDBM hdb backend (read still in there) since + it can't handle large records, please migrate to a diffrent backend + (like BDB4) + +Release Notes - Heimdal - Version Heimdal 1.3.3 + + Bug fixes + - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] + - Check NULL pointers before dereference them [kdc] + +Release Notes - Heimdal - Version Heimdal 1.3.2 + + Bug fixes + + - Don't mix length when clearing hmac (could memset too much) + - More paranoid underrun checking when decrypting packets + - Check the password change requests and refuse to answer empty packets + - Build on OpenSolaris + - Renumber AD-SIGNED-TICKET since it was stolen from US + - Don't cache /dev/*random file descriptor, it doesn't get unloaded + - Make C++ safe + - Misc warnings + +Release Notes - Heimdal - Version Heimdal 1.3.1 + + Bug fixes + + - Store KDC offset in credentials + - Many many more bug fixes + +Release Notes - Heimdal - Version Heimdal 1.3.1 + + New features + + - Make work with OpenLDAPs krb5 overlay + +Release Notes - Heimdal - Version Heimdal 1.3 + + New features + + - Partial support for MIT kadmind rpc protocol in kadmind + - Better support for finding keytab entries when using SPN aliases in the KDC + - Support BER in ASN.1 library (needed for CMS) + - Support decryption in Keychain private keys + - Support for new sqlite based credential cache + - Try both KDC referals and the common DNS reverse lookup in GSS-API + - Fix the KCM to not leak resources on failure + - Add IPv6 support to iprop + - Support localization of error strings in + kinit/klist/kdestroy and Kerberos library + - Remove Kerberos 4 support in application (still in KDC) + - Deprecate DES + - Support i18n password in windows domains (using UTF-8) + - More complete API emulation of OpenSSL in hcrypto + - Support for ECDSA and ECDH when linking with OpenSSL + + API changes + + - Support for settin friendly name on credential caches + - Move to using doxygen to generate documentation. + - Sprinkling __attribute__((depricated)) for old function to be removed + - Support to export LAST-REQUST information in AS-REQ + - Support for client deferrals in in AS-REQ + - Add seek support for krb5_storage. + - Support for split AS-REQ, first step for IA-KERB + - Fix many memory leaks and bugs + - Improved regression test + - Support krb5_cccol + - Switch to krb5_set_error_message + - Support krb5_crypto_*_iov + - Switch to use EVP for most function + - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec) + - Add support for GSS_C_DELEG_POLICY_FLAG + - Add krb5_cc_[gs]et_config to store data in the credential caches + - PTY testing application + +Bugfixes + - Make building on AIX6 possible. + - Bugfixes in LDAP KDC code to make it more stable + - Make ipropd-slave reconnect when master down gown + + +Release Notes - Heimdal - Version Heimdal 1.2.1 + +* Bug + + [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris + [HEIMDAL-151] - Make canned tests work again after cert expired + [HEIMDAL-152] - iprop test: use full hostname to avoid realm + resolving errors + [HEIMDAL-153] - ftp: Use the correct length for unmap, msync + +Release Notes - Heimdal - Version Heimdal 1.2 + +* Bug + + [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in + gss_display_name/gss_export_name when using SPNEGO + [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1 + [HEIMDAL-17] - Remove support for depricated [libdefaults]capath + [HEIMDAL-52] - hdb overwrite aliases for db databases + [HEIMDAL-54] - Two issues which affect credentials delegation + [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args + [HEIMDAL-62] - Fix printing of sig_atomic_t + [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto + [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase + [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241) + +* Improvement + [HEIMDAL-67] - Fix locking and store credential in atomic writes + in the FILE credential cache + [HEIMDAL-106] - make compile on cygwin again + [HEIMDAL-107] - Replace old random key generation in des module + and use it with RAND_ function instead + [HEIMDAL-115] - Better documentation and compatibility in hcrypto + in regards to OpenSSL + +* New Feature + [HEIMDAL-3] - pkinit alg agility PRF test vectors + [HEIMDAL-14] - Add libwind to Heimdal + [HEIMDAL-16] - Use libwind in hx509 + [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to + the negotiation + [HEIMDAL-74] - Add support to report extended error message back + in AS-REQ to support windows clients + [HEIMDAL-116] - test pty based application (using rkpty) + [HEIMDAL-120] - Use new OpenLDAP API (older deprecated) + +* Task + [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. + This drop compatibility with pre 0.3d KDCs. + [HEIMDAL-64] - kcm: first implementation of kcm-move-cache + [HEIMDAL-65] - Failed to compile with --disable-pk-init + [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some + wraparound checks doesn't apply to Heimdal + Changes in release 1.1 * Read-only PKCS11 provider built-in to hx509. diff --git a/crypto/heimdal/README b/crypto/heimdal/README index 88ab7fd1213..d2c4eba8ce6 100644 --- a/crypto/heimdal/README +++ b/crypto/heimdal/README @@ -1,16 +1,15 @@ -$Id: README 8839 2000-07-27 02:33:54Z assar $ Heimdal is a Kerberos 5 implementation. -Please see the manual in doc, by default installed in -/usr/heimdal/info/heimdal.info for information on how to install. -There are also briefer man pages for most of the commands. +For information how to install see . + +There are briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in -the manual on how we prefer them. +the manual on how we prefer them: . For more information see the web-page at - or the mailing lists: + or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion diff --git a/crypto/heimdal/acinclude.m4 b/crypto/heimdal/acinclude.m4 index 3133232a516..7fd37ff051f 100644 --- a/crypto/heimdal/acinclude.m4 +++ b/crypto/heimdal/acinclude.m4 @@ -1,5 +1,4 @@ -dnl $Id: acinclude.m4 13337 2004-02-12 14:19:16Z lha $ -dnl $FreeBSD$ +dnl $Id$ dnl dnl Only put things that for some reason can't live in the `cf' dnl directory in this file. diff --git a/crypto/heimdal/aclocal.m4 b/crypto/heimdal/aclocal.m4 index e9dcb29715e..005a99fb2c1 100644 --- a/crypto/heimdal/aclocal.m4 +++ b/crypto/heimdal/aclocal.m4 @@ -1,7 +1,7 @@ -# generated automatically by aclocal 1.10 -*- Autoconf -*- +# generated automatically by aclocal 1.11.1 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006 Free Software Foundation, Inc. +# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -11,6389 +11,15 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -m4_if(m4_PACKAGE_VERSION, [2.61],, -[m4_fatal([this file was generated for autoconf 2.61. -You have another version of autoconf. If you want to use that, -you should regenerate the build system entirely.], [63])]) - -# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- - -# serial 48 AC_PROG_LIBTOOL - - -# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) -# ----------------------------------------------------------- -# If this macro is not defined by Autoconf, define it here. -m4_ifdef([AC_PROVIDE_IFELSE], - [], - [m4_define([AC_PROVIDE_IFELSE], - [m4_ifdef([AC_PROVIDE_$1], - [$2], [$3])])]) - - -# AC_PROG_LIBTOOL -# --------------- -AC_DEFUN([AC_PROG_LIBTOOL], -[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl -dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX -dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX. - AC_PROVIDE_IFELSE([AC_PROG_CXX], - [AC_LIBTOOL_CXX], - [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX - ])]) -dnl And a similar setup for Fortran 77 support - AC_PROVIDE_IFELSE([AC_PROG_F77], - [AC_LIBTOOL_F77], - [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77 -])]) - -dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly. -dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run -dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both. - AC_PROVIDE_IFELSE([AC_PROG_GCJ], - [AC_LIBTOOL_GCJ], - [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], - [AC_LIBTOOL_GCJ], - [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ], - [AC_LIBTOOL_GCJ], - [ifdef([AC_PROG_GCJ], - [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])]) - ifdef([A][M_PROG_GCJ], - [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])]) - ifdef([LT_AC_PROG_GCJ], - [define([LT_AC_PROG_GCJ], - defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])]) -])])# AC_PROG_LIBTOOL - - -# _AC_PROG_LIBTOOL -# ---------------- -AC_DEFUN([_AC_PROG_LIBTOOL], -[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl -AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl -AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl -AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl - -# This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh" - -# Always use our own libtool. -LIBTOOL='$(SHELL) $(top_builddir)/libtool' -AC_SUBST(LIBTOOL)dnl - -# Prevent multiple expansion -define([AC_PROG_LIBTOOL], []) -])# _AC_PROG_LIBTOOL - - -# AC_LIBTOOL_SETUP -# ---------------- -AC_DEFUN([AC_LIBTOOL_SETUP], -[AC_PREREQ(2.50)dnl -AC_REQUIRE([AC_ENABLE_SHARED])dnl -AC_REQUIRE([AC_ENABLE_STATIC])dnl -AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_PROG_LD])dnl -AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl -AC_REQUIRE([AC_PROG_NM])dnl - -AC_REQUIRE([AC_PROG_LN_S])dnl -AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl -# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers! -AC_REQUIRE([AC_OBJEXT])dnl -AC_REQUIRE([AC_EXEEXT])dnl -dnl - -AC_LIBTOOL_SYS_MAX_CMD_LEN -AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE -AC_LIBTOOL_OBJDIR - -AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl -_LT_AC_PROG_ECHO_BACKSLASH - -case $host_os in -aix3*) - # AIX sometimes has problems with the GCC collect2 program. For some - # reason, if we set the COLLECT_NAMES environment variable, the problems - # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES - fi - ;; -esac - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed='sed -e 1s/^X//' -[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'] - -# Same as above, but do not quote variable references. -[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'] - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' - -# Constants: -rm="rm -f" - -# Global variables: -default_ofile=libtool -can_build_shared=yes - -# All known linkers require a `.a' archive for static linking (except MSVC, -# which needs '.lib'). -libext=a -ltmain="$ac_aux_dir/ltmain.sh" -ofile="$default_ofile" -with_gnu_ld="$lt_cv_prog_gnu_ld" - -AC_CHECK_TOOL(AR, ar, false) -AC_CHECK_TOOL(RANLIB, ranlib, :) -AC_CHECK_TOOL(STRIP, strip, :) - -old_CC="$CC" -old_CFLAGS="$CFLAGS" - -# Set sane defaults for various variables -test -z "$AR" && AR=ar -test -z "$AR_FLAGS" && AR_FLAGS=cru -test -z "$AS" && AS=as -test -z "$CC" && CC=cc -test -z "$LTCC" && LTCC=$CC -test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS -test -z "$DLLTOOL" && DLLTOOL=dlltool -test -z "$LD" && LD=ld -test -z "$LN_S" && LN_S="ln -s" -test -z "$MAGIC_CMD" && MAGIC_CMD=file -test -z "$NM" && NM=nm -test -z "$SED" && SED=sed -test -z "$OBJDUMP" && OBJDUMP=objdump -test -z "$RANLIB" && RANLIB=: -test -z "$STRIP" && STRIP=: -test -z "$ac_objext" && ac_objext=o - -# Determine commands to create old-style static archives. -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' -old_postinstall_cmds='chmod 644 $oldlib' -old_postuninstall_cmds= - -if test -n "$RANLIB"; then - case $host_os in - openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" - ;; - esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" -fi - -_LT_CC_BASENAME([$compiler]) - -# Only perform the check for file, if the check method requires it -case $deplibs_check_method in -file_magic*) - if test "$file_magic_cmd" = '$MAGIC_CMD'; then - AC_PATH_MAGIC - fi - ;; -esac - -AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no) -AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL], -enable_win32_dll=yes, enable_win32_dll=no) - -AC_ARG_ENABLE([libtool-lock], - [AC_HELP_STRING([--disable-libtool-lock], - [avoid locking (might break parallel builds)])]) -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes - -AC_ARG_WITH([pic], - [AC_HELP_STRING([--with-pic], - [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [pic_mode="$withval"], - [pic_mode=default]) -test -z "$pic_mode" && pic_mode=default - -# Use C for the default configuration in the libtool script -tagname= -AC_LIBTOOL_LANG_C_CONFIG -_LT_AC_TAGCONFIG -])# AC_LIBTOOL_SETUP - - -# _LT_AC_SYS_COMPILER -# ------------------- -AC_DEFUN([_LT_AC_SYS_COMPILER], -[AC_REQUIRE([AC_PROG_CC])dnl - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC -])# _LT_AC_SYS_COMPILER - - -# _LT_CC_BASENAME(CC) -# ------------------- -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. -AC_DEFUN([_LT_CC_BASENAME], -[for cc_temp in $1""; do - case $cc_temp in - compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; - distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` -]) - - -# _LT_COMPILER_BOILERPLATE -# ------------------------ -# Check for compiler boilerplate output or warnings with -# the simple compiler test code. -AC_DEFUN([_LT_COMPILER_BOILERPLATE], -[ac_outfile=conftest.$ac_objext -printf "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$rm conftest* -])# _LT_COMPILER_BOILERPLATE - - -# _LT_LINKER_BOILERPLATE -# ---------------------- -# Check for linker boilerplate output or warnings with -# the simple link test code. -AC_DEFUN([_LT_LINKER_BOILERPLATE], -[ac_outfile=conftest.$ac_objext -printf "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$rm conftest* -])# _LT_LINKER_BOILERPLATE - - -# _LT_AC_SYS_LIBPATH_AIX -# ---------------------- -# Links a minimal program and checks the executable -# for the system default hardcoded library path. In most cases, -# this is /usr/lib:/lib, but when the MPI compilers are used -# the location of the communication and MPI libs are included too. -# If we don't find anything, use the default library path according -# to the aix ld manual. -AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX], -[AC_LINK_IFELSE(AC_LANG_PROGRAM,[ -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi],[]) -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi -])# _LT_AC_SYS_LIBPATH_AIX - - -# _LT_AC_SHELL_INIT(ARG) -# ---------------------- -AC_DEFUN([_LT_AC_SHELL_INIT], -[ifdef([AC_DIVERSION_NOTICE], - [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], - [AC_DIVERT_PUSH(NOTICE)]) -$1 -AC_DIVERT_POP -])# _LT_AC_SHELL_INIT - - -# _LT_AC_PROG_ECHO_BACKSLASH -# -------------------------- -# Add some code to the start of the generated configure script which -# will find an echo command which doesn't interpret backslashes. -AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH], -[_LT_AC_SHELL_INIT([ -# Check that we are running under the correct shell. -SHELL=${CONFIG_SHELL-/bin/sh} - -case X$ECHO in -X*--fallback-echo) - # Remove one level of quotation (which was required for Make). - ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` - ;; -esac - -echo=${ECHO-echo} -if test "X[$]1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X[$]1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then - # Yippee, $echo works! - : -else - # Restart under the correct shell. - exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} -fi - -if test "X[$]1" = X--fallback-echo; then - # used as fallback echo - shift - cat </dev/null 2>&1 && unset CDPATH - -if test -z "$ECHO"; then -if test "X${echo_test_string+set}" != Xset; then -# find a string as large as possible, as long as the shell can cope with it - for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do - # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... - if (echo_test_string=`eval $cmd`) 2>/dev/null && - echo_test_string=`eval $cmd` && - (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null - then - break - fi - done -fi - -if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - : -else - # The Solaris, AIX, and Digital Unix default echo programs unquote - # backslashes. This makes it impossible to quote backslashes using - # echo "$something" | sed 's/\\/\\\\/g' - # - # So, first we look for a working echo in the user's PATH. - - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for dir in $PATH /usr/ucb; do - IFS="$lt_save_ifs" - if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && - test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - echo="$dir/echo" - break - fi - done - IFS="$lt_save_ifs" - - if test "X$echo" = Xecho; then - # We didn't find a better echo, so look for alternatives. - if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # This shell has a builtin print -r that does the trick. - echo='print -r' - elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && - test "X$CONFIG_SHELL" != X/bin/ksh; then - # If we have ksh, try running configure again with it. - ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} - export ORIGINAL_CONFIG_SHELL - CONFIG_SHELL=/bin/ksh - export CONFIG_SHELL - exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} - else - # Try using printf. - echo='printf %s\n' - if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # Cool, printf works - : - elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL - export CONFIG_SHELL - SHELL="$CONFIG_SHELL" - export SHELL - echo="$CONFIG_SHELL [$]0 --fallback-echo" - elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - echo="$CONFIG_SHELL [$]0 --fallback-echo" - else - # maybe with a smaller string... - prev=: - - for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do - if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null - then - break - fi - prev="$cmd" - done - - if test "$prev" != 'sed 50q "[$]0"'; then - echo_test_string=`eval $prev` - export echo_test_string - exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} - else - # Oops. We lost completely, so just stick with echo. - echo=echo - fi - fi - fi - fi -fi -fi - -# Copy echo and quote the copy suitably for passing to libtool from -# the Makefile, instead of quoting the original, which is used later. -ECHO=$echo -if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then - ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" -fi - -AC_SUBST(ECHO) -])])# _LT_AC_PROG_ECHO_BACKSLASH - - -# _LT_AC_LOCK -# ----------- -AC_DEFUN([_LT_AC_LOCK], -[AC_ARG_ENABLE([libtool-lock], - [AC_HELP_STRING([--disable-libtool-lock], - [avoid locking (might break parallel builds)])]) -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes - -# Some flags need to be propagated to the compiler or linker for good -# libtool support. -case $host in -ia64-*-hpux*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in - *ELF-32*) - HPUX_IA64_MODE="32" - ;; - *ELF-64*) - HPUX_IA64_MODE="64" - ;; - esac - fi - rm -rf conftest* - ;; -*-*-irix6*) - # Find out which ABI we are using. - echo '[#]line __oline__ "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - if test "$lt_cv_prog_gnu_ld" = yes; then - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -melf32bsmip" - ;; - *N32*) - LD="${LD-ld} -melf32bmipn32" - ;; - *64-bit*) - LD="${LD-ld} -melf64bmip" - ;; - esac - else - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -32" - ;; - *N32*) - LD="${LD-ld} -n32" - ;; - *64-bit*) - LD="${LD-ld} -64" - ;; - esac - fi - fi - rm -rf conftest* - ;; - -x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in - *32-bit*) - case $host in - x86_64-*linux*) - LD="${LD-ld} -m elf_i386" - ;; - ppc64-*linux*|powerpc64-*linux*) - LD="${LD-ld} -m elf32ppclinux" - ;; - s390x-*linux*) - LD="${LD-ld} -m elf_s390" - ;; - sparc64-*linux*) - LD="${LD-ld} -m elf32_sparc" - ;; - esac - ;; - *64-bit*) - case $host in - x86_64-*linux*) - LD="${LD-ld} -m elf_x86_64" - ;; - ppc*-*linux*|powerpc*-*linux*) - LD="${LD-ld} -m elf64ppc" - ;; - s390*-*linux*) - LD="${LD-ld} -m elf64_s390" - ;; - sparc*-*linux*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - -*-*-sco3.2v5*) - # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -belf" - AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, - [AC_LANG_PUSH(C) - AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) - AC_LANG_POP]) - if test x"$lt_cv_cc_needs_belf" != x"yes"; then - # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" - fi - ;; -sparc*-*solaris*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in - *64-bit*) - case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; - *) LD="${LD-ld} -64" ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - -AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL], -[*-*-cygwin* | *-*-mingw* | *-*-pw32*) - AC_CHECK_TOOL(DLLTOOL, dlltool, false) - AC_CHECK_TOOL(AS, as, false) - AC_CHECK_TOOL(OBJDUMP, objdump, false) - ;; - ]) -esac - -need_locks="$enable_libtool_lock" - -])# _LT_AC_LOCK - - -# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, -# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) -# ---------------------------------------------------------------- -# Check whether the given compiler option works -AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], -[AC_REQUIRE([LT_AC_PROG_SED]) -AC_CACHE_CHECK([$1], [$2], - [$2=no - ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$3" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - $2=yes - fi - fi - $rm conftest* -]) - -if test x"[$]$2" = xyes; then - ifelse([$5], , :, [$5]) -else - ifelse([$6], , :, [$6]) -fi -])# AC_LIBTOOL_COMPILER_OPTION - - -# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, -# [ACTION-SUCCESS], [ACTION-FAILURE]) -# ------------------------------------------------------------ -# Check whether the given compiler option works -AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], -[AC_CACHE_CHECK([$1], [$2], - [$2=no - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $3" - printf "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&AS_MESSAGE_LOG_FD - $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - $2=yes - fi - else - $2=yes - fi - fi - $rm conftest* - LDFLAGS="$save_LDFLAGS" -]) - -if test x"[$]$2" = xyes; then - ifelse([$4], , :, [$4]) -else - ifelse([$5], , :, [$5]) -fi -])# AC_LIBTOOL_LINKER_OPTION - - -# AC_LIBTOOL_SYS_MAX_CMD_LEN -# -------------------------- -AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], -[# find the maximum length of command line arguments -AC_MSG_CHECKING([the maximum length of command line arguments]) -AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl - i=0 - teststring="ABCD" - - case $build_os in - msdosdjgpp*) - # On DJGPP, this test can blow up pretty badly due to problems in libc - # (any single argument exceeding 2000 bytes causes a buffer overrun - # during glob expansion). Even if it were fixed, the result of this - # check would be larger than it should be. - lt_cv_sys_max_cmd_len=12288; # 12K is about right - ;; - - gnu*) - # Under GNU Hurd, this test is not required because there is - # no limit to the length of command line arguments. - # Libtool will interpret -1 as no limit whatsoever - lt_cv_sys_max_cmd_len=-1; - ;; - - cygwin* | mingw*) - # On Win9x/ME, this test blows up -- it succeeds, but takes - # about 5 minutes as the teststring grows exponentially. - # Worse, since 9x/ME are not pre-emptively multitasking, - # you end up with a "frozen" computer, even though with patience - # the test eventually succeeds (with a max line length of 256k). - # Instead, let's just punt: use the minimum linelength reported by - # all of the supported platforms: 8192 (on NT/2K/XP). - lt_cv_sys_max_cmd_len=8192; - ;; - - amigaos*) - # On AmigaOS with pdksh, this test takes hours, literally. - # So we just punt and use a minimum line length of 8192. - lt_cv_sys_max_cmd_len=8192; - ;; - - netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) - # This has been around since 386BSD, at least. Likely further. - if test -x /sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` - elif test -x /usr/sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` - else - lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs - fi - # And add a safety zone - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - ;; - - interix*) - # We know the value 262144 and hardcode it with a safety zone (like BSD) - lt_cv_sys_max_cmd_len=196608 - ;; - - osf*) - # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure - # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not - # nice to cause kernel panics so lets avoid the loop below. - # First set a reasonable default. - lt_cv_sys_max_cmd_len=16384 - # - if test -x /sbin/sysconfig; then - case `/sbin/sysconfig -q proc exec_disable_arg_limit` in - *1*) lt_cv_sys_max_cmd_len=-1 ;; - esac - fi - ;; - sco3.2v5*) - lt_cv_sys_max_cmd_len=102400 - ;; - sysv5* | sco5v6* | sysv4.2uw2*) - kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` - if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` - else - lt_cv_sys_max_cmd_len=32768 - fi - ;; - *) - # If test is not a shell built-in, we'll probably end up computing a - # maximum length that is only half of the actual maximum length, but - # we can't tell. - SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} - while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \ - = "XX$teststring") >/dev/null 2>&1 && - new_result=`expr "X$teststring" : ".*" 2>&1` && - lt_cv_sys_max_cmd_len=$new_result && - test $i != 17 # 1/2 MB should be enough - do - i=`expr $i + 1` - teststring=$teststring$teststring - done - teststring= - # Add a significant safety factor because C++ compilers can tack on massive - # amounts of additional arguments before passing them to the linker. - # It appears as though 1/2 is a usable value. - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` - ;; - esac -]) -if test -n $lt_cv_sys_max_cmd_len ; then - AC_MSG_RESULT($lt_cv_sys_max_cmd_len) -else - AC_MSG_RESULT(none) -fi -])# AC_LIBTOOL_SYS_MAX_CMD_LEN - - -# _LT_AC_CHECK_DLFCN -# ------------------ -AC_DEFUN([_LT_AC_CHECK_DLFCN], -[AC_CHECK_HEADERS(dlfcn.h)dnl -])# _LT_AC_CHECK_DLFCN - - -# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, -# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) -# --------------------------------------------------------------------- -AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF], -[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl -if test "$cross_compiling" = yes; then : - [$4] -else - lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 - lt_status=$lt_dlunknown - cat > conftest.$ac_ext < -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LT_DLGLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LT_DLGLOBAL DL_GLOBAL -# else -# define LT_DLGLOBAL 0 -# endif -#endif - -/* We may have to define LT_DLLAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LT_DLLAZY_OR_NOW -# ifdef RTLD_LAZY -# define LT_DLLAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LT_DLLAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LT_DLLAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LT_DLLAZY_OR_NOW DL_NOW -# else -# define LT_DLLAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -#ifdef __cplusplus -extern "C" void exit (int); -#endif - -void fnord() { int i=42;} -int main () -{ - void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); - int status = $lt_dlunknown; - - if (self) - { - if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; - /* dlclose (self); */ - } - else - puts (dlerror ()); - - exit (status); -}] -EOF - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then - (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null - lt_status=$? - case x$lt_status in - x$lt_dlno_uscore) $1 ;; - x$lt_dlneed_uscore) $2 ;; - x$lt_dlunknown|x*) $3 ;; - esac - else : - # compilation failed - $3 - fi -fi -rm -fr conftest* -])# _LT_AC_TRY_DLOPEN_SELF - - -# AC_LIBTOOL_DLOPEN_SELF -# ---------------------- -AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], -[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl -if test "x$enable_dlopen" != xyes; then - enable_dlopen=unknown - enable_dlopen_self=unknown - enable_dlopen_self_static=unknown -else - lt_cv_dlopen=no - lt_cv_dlopen_libs= - - case $host_os in - beos*) - lt_cv_dlopen="load_add_on" - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ;; - - mingw* | pw32*) - lt_cv_dlopen="LoadLibrary" - lt_cv_dlopen_libs= - ;; - - cygwin*) - lt_cv_dlopen="dlopen" - lt_cv_dlopen_libs= - ;; - - darwin*) - # if libdl is installed we need to link against it - AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ - lt_cv_dlopen="dyld" - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ]) - ;; - - *) - AC_CHECK_FUNC([shl_load], - [lt_cv_dlopen="shl_load"], - [AC_CHECK_LIB([dld], [shl_load], - [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"], - [AC_CHECK_FUNC([dlopen], - [lt_cv_dlopen="dlopen"], - [AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], - [AC_CHECK_LIB([svld], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], - [AC_CHECK_LIB([dld], [dld_link], - [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"]) - ]) - ]) - ]) - ]) - ]) - ;; - esac - - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else - enable_dlopen=no - fi - - case $lt_cv_dlopen in - dlopen) - save_CPPFLAGS="$CPPFLAGS" - test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - - save_LDFLAGS="$LDFLAGS" - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - - save_LIBS="$LIBS" - LIBS="$lt_cv_dlopen_libs $LIBS" - - AC_CACHE_CHECK([whether a program can dlopen itself], - lt_cv_dlopen_self, [dnl - _LT_AC_TRY_DLOPEN_SELF( - lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, - lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) - ]) - - if test "x$lt_cv_dlopen_self" = xyes; then - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - AC_CACHE_CHECK([whether a statically linked program can dlopen itself], - lt_cv_dlopen_self_static, [dnl - _LT_AC_TRY_DLOPEN_SELF( - lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, - lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) - ]) - fi - - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" - ;; - esac - - case $lt_cv_dlopen_self in - yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; - *) enable_dlopen_self=unknown ;; - esac - - case $lt_cv_dlopen_self_static in - yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; - *) enable_dlopen_self_static=unknown ;; - esac -fi -])# AC_LIBTOOL_DLOPEN_SELF - - -# AC_LIBTOOL_PROG_CC_C_O([TAGNAME]) -# --------------------------------- -# Check to see if options -c and -o are simultaneously supported by compiler -AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O], -[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl -AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], - [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)], - [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no - $rm -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes - fi - fi - chmod u+w . 2>&AS_MESSAGE_LOG_FD - $rm conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files - $rm out/* && rmdir out - cd .. - rmdir conftest - $rm conftest* -]) -])# AC_LIBTOOL_PROG_CC_C_O - - -# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME]) -# ----------------------------------------- -# Check to see if we can do hard links to lock some files if needed -AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], -[AC_REQUIRE([_LT_AC_LOCK])dnl - -hard_links="nottested" -if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then - # do not overwrite the value of need_locks provided by the user - AC_MSG_CHECKING([if we can lock with hard links]) - hard_links=yes - $rm conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - AC_MSG_RESULT([$hard_links]) - if test "$hard_links" = no; then - AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) - need_locks=warn - fi -else - need_locks=no -fi -])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS - - -# AC_LIBTOOL_OBJDIR -# ----------------- -AC_DEFUN([AC_LIBTOOL_OBJDIR], -[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], -[rm -f .libs 2>/dev/null -mkdir .libs 2>/dev/null -if test -d .libs; then - lt_cv_objdir=.libs -else - # MS-DOS does not allow filenames that begin with a dot. - lt_cv_objdir=_libs -fi -rmdir .libs 2>/dev/null]) -objdir=$lt_cv_objdir -])# AC_LIBTOOL_OBJDIR - - -# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME]) -# ---------------------------------------------- -# Check hardcoding attributes. -AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], -[AC_MSG_CHECKING([how to hardcode library paths into programs]) -_LT_AC_TAGVAR(hardcode_action, $1)= -if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \ - test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \ - test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then - - # We can hardcode non-existant directories. - if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no && - test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then - # Linking always hardcodes the temporary library directory. - _LT_AC_TAGVAR(hardcode_action, $1)=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - _LT_AC_TAGVAR(hardcode_action, $1)=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - _LT_AC_TAGVAR(hardcode_action, $1)=unsupported -fi -AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)]) - -if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then - # Fast installation is not supported - enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then - # Fast installation is not necessary - enable_fast_install=needless -fi -])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH - - -# AC_LIBTOOL_SYS_LIB_STRIP -# ------------------------ -AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP], -[striplib= -old_striplib= -AC_MSG_CHECKING([whether stripping libraries is possible]) -if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - AC_MSG_RESULT([yes]) -else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP" ; then - striplib="$STRIP -x" - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) -fi - ;; - *) - AC_MSG_RESULT([no]) - ;; - esac -fi -])# AC_LIBTOOL_SYS_LIB_STRIP - - -# AC_LIBTOOL_SYS_DYNAMIC_LINKER -# ----------------------------- -# PORTME Fill in your ld.so characteristics -AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER], -[AC_MSG_CHECKING([dynamic linker characteristics]) -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=".so" -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - -case $host_os in -aix3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' - ;; - -aix4* | aix5*) - version_type=linux - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test "$host_cpu" = ia64; then - # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[[01]] | aix4.[[01]].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - -beos*) - library_names_spec='${libname}${shared_ext}' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[[45]]*) - version_type=linux - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32*) - version_type=windows - shrext_cmds=".dll" - need_version=no - need_lib_prefix=no - - case $GCC,$host_os in - yes,cygwin* | yes,mingw* | yes,pw32*) - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $rm \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" - ;; - mingw*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - ;; - esac - ;; - - *) - library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' - ;; - esac - dynamic_linker='Win32 ld.exe' - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' - # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. - if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` - else - sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' - fi - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd1*) - dynamic_linker=no - ;; - -kfreebsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[[123]]*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[[01]]* | freebsdelf3.[[01]]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ - freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - freebsd*) # from 4.6 on - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -gnu*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. - postinstall_cmds='chmod 555 $lib' - ;; - -interix3*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -# This must be Linux ELF. -linux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -knetbsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -nto-qnx*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -openbsd*) - version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" - need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[[89]] | openbsd2.[[89]].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac - else - shlibpath_overrides_runpath=yes - fi - ;; - -os2*) - libname_spec='$name' - shrext_cmds=".dll" - need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" - ;; - -solaris*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - export_dynamic_flag_spec='${wl}-Blargedynsym' - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec ;then - version_type=linux - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - shlibpath_overrides_runpath=no - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - shlibpath_overrides_runpath=yes - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -uts4*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -AC_MSG_RESULT([$dynamic_linker]) -test "$dynamic_linker" = no && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi -])# AC_LIBTOOL_SYS_DYNAMIC_LINKER - - -# _LT_AC_TAGCONFIG -# ---------------- -AC_DEFUN([_LT_AC_TAGCONFIG], -[AC_ARG_WITH([tags], - [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@], - [include additional configurations @<:@automatic@:>@])], - [tagnames="$withval"]) - -if test -f "$ltmain" && test -n "$tagnames"; then - if test ! -f "${ofile}"; then - AC_MSG_WARN([output file `$ofile' does not exist]) - fi - - if test -z "$LTCC"; then - eval "`$SHELL ${ofile} --config | grep '^LTCC='`" - if test -z "$LTCC"; then - AC_MSG_WARN([output file `$ofile' does not look like a libtool script]) - else - AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile']) - fi - fi - if test -z "$LTCFLAGS"; then - eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`" - fi - - # Extract list of available tagged configurations in $ofile. - # Note that this assumes the entire list is on one line. - available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` - - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for tagname in $tagnames; do - IFS="$lt_save_ifs" - # Check whether tagname contains only valid characters - case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in - "") ;; - *) AC_MSG_ERROR([invalid tag name: $tagname]) - ;; - esac - - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null - then - AC_MSG_ERROR([tag name \"$tagname\" already exists]) - fi - - # Update the list of available tags. - if test -n "$tagname"; then - echo appending configuration tag \"$tagname\" to $ofile - - case $tagname in - CXX) - if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - AC_LIBTOOL_LANG_CXX_CONFIG - else - tagname="" - fi - ;; - - F77) - if test -n "$F77" && test "X$F77" != "Xno"; then - AC_LIBTOOL_LANG_F77_CONFIG - else - tagname="" - fi - ;; - - GCJ) - if test -n "$GCJ" && test "X$GCJ" != "Xno"; then - AC_LIBTOOL_LANG_GCJ_CONFIG - else - tagname="" - fi - ;; - - RC) - AC_LIBTOOL_LANG_RC_CONFIG - ;; - - *) - AC_MSG_ERROR([Unsupported tag name: $tagname]) - ;; - esac - - # Append the new tag name to the list of available tags. - if test -n "$tagname" ; then - available_tags="$available_tags $tagname" - fi - fi - done - IFS="$lt_save_ifs" - - # Now substitute the updated list of available tags. - if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then - mv "${ofile}T" "$ofile" - chmod +x "$ofile" - else - rm -f "${ofile}T" - AC_MSG_ERROR([unable to update list of available tagged configurations.]) - fi -fi -])# _LT_AC_TAGCONFIG - - -# AC_LIBTOOL_DLOPEN -# ----------------- -# enable checks for dlopen support -AC_DEFUN([AC_LIBTOOL_DLOPEN], - [AC_BEFORE([$0],[AC_LIBTOOL_SETUP]) -])# AC_LIBTOOL_DLOPEN - - -# AC_LIBTOOL_WIN32_DLL -# -------------------- -# declare package support for building win32 DLLs -AC_DEFUN([AC_LIBTOOL_WIN32_DLL], -[AC_BEFORE([$0], [AC_LIBTOOL_SETUP]) -])# AC_LIBTOOL_WIN32_DLL - - -# AC_ENABLE_SHARED([DEFAULT]) -# --------------------------- -# implement the --enable-shared flag -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. -AC_DEFUN([AC_ENABLE_SHARED], -[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl -AC_ARG_ENABLE([shared], - [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@], - [build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac], - [enable_shared=]AC_ENABLE_SHARED_DEFAULT) -])# AC_ENABLE_SHARED - - -# AC_DISABLE_SHARED -# ----------------- -# set the default shared flag to --disable-shared -AC_DEFUN([AC_DISABLE_SHARED], -[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -AC_ENABLE_SHARED(no) -])# AC_DISABLE_SHARED - - -# AC_ENABLE_STATIC([DEFAULT]) -# --------------------------- -# implement the --enable-static flag -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. -AC_DEFUN([AC_ENABLE_STATIC], -[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl -AC_ARG_ENABLE([static], - [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@], - [build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_static=yes ;; - no) enable_static=no ;; - *) - enable_static=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_static=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac], - [enable_static=]AC_ENABLE_STATIC_DEFAULT) -])# AC_ENABLE_STATIC - - -# AC_DISABLE_STATIC -# ----------------- -# set the default static flag to --disable-static -AC_DEFUN([AC_DISABLE_STATIC], -[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -AC_ENABLE_STATIC(no) -])# AC_DISABLE_STATIC - - -# AC_ENABLE_FAST_INSTALL([DEFAULT]) -# --------------------------------- -# implement the --enable-fast-install flag -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. -AC_DEFUN([AC_ENABLE_FAST_INSTALL], -[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl -AC_ARG_ENABLE([fast-install], - [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], - [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_fast_install=yes ;; - no) enable_fast_install=no ;; - *) - enable_fast_install=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_fast_install=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac], - [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT) -])# AC_ENABLE_FAST_INSTALL - - -# AC_DISABLE_FAST_INSTALL -# ----------------------- -# set the default to --disable-fast-install -AC_DEFUN([AC_DISABLE_FAST_INSTALL], -[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -AC_ENABLE_FAST_INSTALL(no) -])# AC_DISABLE_FAST_INSTALL - - -# AC_LIBTOOL_PICMODE([MODE]) -# -------------------------- -# implement the --with-pic flag -# MODE is either `yes' or `no'. If omitted, it defaults to `both'. -AC_DEFUN([AC_LIBTOOL_PICMODE], -[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl -pic_mode=ifelse($#,1,$1,default) -])# AC_LIBTOOL_PICMODE - - -# AC_PROG_EGREP -# ------------- -# This is predefined starting with Autoconf 2.54, so this conditional -# definition can be removed once we require Autoconf 2.54 or later. -m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP], -[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep], - [if echo a | (grep -E '(a|b)') >/dev/null 2>&1 - then ac_cv_prog_egrep='grep -E' - else ac_cv_prog_egrep='egrep' - fi]) - EGREP=$ac_cv_prog_egrep - AC_SUBST([EGREP]) -])]) - - -# AC_PATH_TOOL_PREFIX -# ------------------- -# find a file program which can recognise shared library -AC_DEFUN([AC_PATH_TOOL_PREFIX], -[AC_REQUIRE([AC_PROG_EGREP])dnl -AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, -[case $MAGIC_CMD in -[[\\/*] | ?:[\\/]*]) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. - ;; -*) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR -dnl $ac_dummy forces splitting on constant user-supplied paths. -dnl POSIX.2 word splitting is done only on the output of word expansions, -dnl not every word. This closes a longstanding sh security hole. - ac_dummy="ifelse([$2], , $PATH, [$2])" - for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$1; then - lt_cv_path_MAGIC_CMD="$ac_dir/$1" - if test -n "$file_magic_test_file"; then - case $deplibs_check_method in - "file_magic "*) - file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" - if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | - $EGREP "$file_magic_regex" > /dev/null; then - : - else - cat <&2 - -*** Warning: the command libtool uses to detect shared libraries, -*** $file_magic_cmd, produces output that libtool cannot recognize. -*** The result is that libtool may fail to recognize shared libraries -*** as such. This will affect the creation of libtool libraries that -*** depend on shared libraries, but programs linked with such libtool -*** libraries will work regardless of this problem. Nevertheless, you -*** may want to report the problem to your system manager and/or to -*** bug-libtool@gnu.org - -EOF - fi ;; - esac - fi - break - fi - done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" - ;; -esac]) -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" -if test -n "$MAGIC_CMD"; then - AC_MSG_RESULT($MAGIC_CMD) -else - AC_MSG_RESULT(no) -fi -])# AC_PATH_TOOL_PREFIX - - -# AC_PATH_MAGIC -# ------------- -# find a file program which can recognise a shared library -AC_DEFUN([AC_PATH_MAGIC], -[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) -if test -z "$lt_cv_path_MAGIC_CMD"; then - if test -n "$ac_tool_prefix"; then - AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) - else - MAGIC_CMD=: - fi -fi -])# AC_PATH_MAGIC - - -# AC_PROG_LD -# ---------- -# find the pathname to the GNU or non-GNU linker -AC_DEFUN([AC_PROG_LD], -[AC_ARG_WITH([gnu-ld], - [AC_HELP_STRING([--with-gnu-ld], - [assume the C compiler uses GNU ld @<:@default=no@:>@])], - [test "$withval" = no || with_gnu_ld=yes], - [with_gnu_ld=no]) -AC_REQUIRE([LT_AC_PROG_SED])dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -ac_prog=ld -if test "$GCC" = yes; then - # Check if gcc -print-prog-name=ld gives a path. - AC_MSG_CHECKING([for ld used by $CC]) - case $host in - *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw - ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; - *) - ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; - esac - case $ac_prog in - # Accept absolute paths. - [[\\/]]* | ?:[[\\/]]*) - re_direlt='/[[^/]][[^/]]*/\.\./' - # Canonicalize the pathname of ld - ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` - while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do - ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` - done - test -z "$LD" && LD="$ac_prog" - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test "$with_gnu_ld" = yes; then - AC_MSG_CHECKING([for GNU ld]) -else - AC_MSG_CHECKING([for non-GNU ld]) -fi -AC_CACHE_VAL(lt_cv_path_LD, -[if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some variants of GNU ld only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null; then - case $host_cpu in - i*86 ) - # Not sure whether the presence of OpenBSD here was a mistake. - # Let's accept both of them until this is cleared up. - lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` - ;; - esac - else - lt_cv_deplibs_check_method=pass_all - fi - ;; - -gnu*) - lt_cv_deplibs_check_method=pass_all - ;; - -hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file - case $host_cpu in - ia64*) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' - lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so - ;; - hppa*64*) - [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] - lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl - ;; - *) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' - lt_cv_file_magic_test_file=/usr/lib/libc.sl - ;; - esac - ;; - -interix3*) - # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' - ;; - -irix5* | irix6* | nonstopux*) - case $LD in - *-32|*"-32 ") libmagic=32-bit;; - *-n32|*"-n32 ") libmagic=N32;; - *-64|*"-64 ") libmagic=64-bit;; - *) libmagic=never-match;; - esac - lt_cv_deplibs_check_method=pass_all - ;; - -# This must be Linux ELF. -linux*) - lt_cv_deplibs_check_method=pass_all - ;; - -netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' - fi - ;; - -newos6*) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=/usr/lib/libnls.so - ;; - -nto-qnx*) - lt_cv_deplibs_check_method=unknown - ;; - -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' - fi - ;; - -osf3* | osf4* | osf5*) - lt_cv_deplibs_check_method=pass_all - ;; - -solaris*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv4 | sysv4.3*) - case $host_vendor in - motorola) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` - ;; - ncr) - lt_cv_deplibs_check_method=pass_all - ;; - sequent) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' - ;; - sni) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" - lt_cv_file_magic_test_file=/lib/libc.so - ;; - siemens) - lt_cv_deplibs_check_method=pass_all - ;; - pc) - lt_cv_deplibs_check_method=pass_all - ;; - esac - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - lt_cv_deplibs_check_method=pass_all - ;; -esac -]) -file_magic_cmd=$lt_cv_file_magic_cmd -deplibs_check_method=$lt_cv_deplibs_check_method -test -z "$deplibs_check_method" && deplibs_check_method=unknown -])# AC_DEPLIBS_CHECK_METHOD - - -# AC_PROG_NM -# ---------- -# find the pathname to a BSD-compatible name lister -AC_DEFUN([AC_PROG_NM], -[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM, -[if test -n "$NM"; then - # Let the user override the test. - lt_cv_path_NM="$NM" -else - lt_nm_to_check="${ac_tool_prefix}nm" - if test -n "$ac_tool_prefix" && test "$build" = "$host"; then - lt_nm_to_check="$lt_nm_to_check nm" - fi - for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - tmp_nm="$ac_dir/$lt_tmp_nm" - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then - # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: - # nm: unknown option "B" ignored - # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) - lt_cv_path_NM="$tmp_nm -B" - break - ;; - *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in - */dev/null*) - lt_cv_path_NM="$tmp_nm -p" - break - ;; - *) - lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but - continue # so that we can try to find one that supports BSD flags - ;; - esac - ;; - esac - fi - done - IFS="$lt_save_ifs" - done - test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm -fi]) -NM="$lt_cv_path_NM" -])# AC_PROG_NM - - -# AC_CHECK_LIBM -# ------------- -# check for math library -AC_DEFUN([AC_CHECK_LIBM], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -LIBM= -case $host in -*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) - # These system don't have libm, or don't need it - ;; -*-ncr-sysv4.3*) - AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") - AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") - ;; -*) - AC_CHECK_LIB(m, cos, LIBM="-lm") - ;; -esac -])# AC_CHECK_LIBM - - -# AC_LIBLTDL_CONVENIENCE([DIRECTORY]) -# ----------------------------------- -# sets LIBLTDL to the link flags for the libltdl convenience library and -# LTDLINCL to the include flags for the libltdl header and adds -# --enable-ltdl-convenience to the configure arguments. Note that -# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided, -# it is assumed to be `libltdl'. LIBLTDL will be prefixed with -# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/' -# (note the single quotes!). If your package is not flat and you're not -# using automake, define top_builddir and top_srcdir appropriately in -# the Makefiles. -AC_DEFUN([AC_LIBLTDL_CONVENIENCE], -[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl - case $enable_ltdl_convenience in - no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;; - "") enable_ltdl_convenience=yes - ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;; - esac - LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la - LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl']) - # For backwards non-gettext consistent compatibility... - INCLTDL="$LTDLINCL" -])# AC_LIBLTDL_CONVENIENCE - - -# AC_LIBLTDL_INSTALLABLE([DIRECTORY]) -# ----------------------------------- -# sets LIBLTDL to the link flags for the libltdl installable library and -# LTDLINCL to the include flags for the libltdl header and adds -# --enable-ltdl-install to the configure arguments. Note that -# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided, -# and an installed libltdl is not found, it is assumed to be `libltdl'. -# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with -# '${top_srcdir}/' (note the single quotes!). If your package is not -# flat and you're not using automake, define top_builddir and top_srcdir -# appropriately in the Makefiles. -# In the future, this macro may have to be called after AC_PROG_LIBTOOL. -AC_DEFUN([AC_LIBLTDL_INSTALLABLE], -[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl - AC_CHECK_LIB(ltdl, lt_dlinit, - [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no], - [if test x"$enable_ltdl_install" = xno; then - AC_MSG_WARN([libltdl not installed, but installation disabled]) - else - enable_ltdl_install=yes - fi - ]) - if test x"$enable_ltdl_install" = x"yes"; then - ac_configure_args="$ac_configure_args --enable-ltdl-install" - LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la - LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl']) - else - ac_configure_args="$ac_configure_args --enable-ltdl-install=no" - LIBLTDL="-lltdl" - LTDLINCL= - fi - # For backwards non-gettext consistent compatibility... - INCLTDL="$LTDLINCL" -])# AC_LIBLTDL_INSTALLABLE - - -# AC_LIBTOOL_CXX -# -------------- -# enable support for C++ libraries -AC_DEFUN([AC_LIBTOOL_CXX], -[AC_REQUIRE([_LT_AC_LANG_CXX]) -])# AC_LIBTOOL_CXX - - -# _LT_AC_LANG_CXX -# --------------- -AC_DEFUN([_LT_AC_LANG_CXX], -[AC_REQUIRE([AC_PROG_CXX]) -AC_REQUIRE([_LT_AC_PROG_CXXCPP]) -_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX]) -])# _LT_AC_LANG_CXX - -# _LT_AC_PROG_CXXCPP -# ------------------ -AC_DEFUN([_LT_AC_PROG_CXXCPP], -[ -AC_REQUIRE([AC_PROG_CXX]) -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - AC_PROG_CXXCPP -fi -])# _LT_AC_PROG_CXXCPP - -# AC_LIBTOOL_F77 -# -------------- -# enable support for Fortran 77 libraries -AC_DEFUN([AC_LIBTOOL_F77], -[AC_REQUIRE([_LT_AC_LANG_F77]) -])# AC_LIBTOOL_F77 - - -# _LT_AC_LANG_F77 -# --------------- -AC_DEFUN([_LT_AC_LANG_F77], -[AC_REQUIRE([AC_PROG_F77]) -_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77]) -])# _LT_AC_LANG_F77 - - -# AC_LIBTOOL_GCJ -# -------------- -# enable support for GCJ libraries -AC_DEFUN([AC_LIBTOOL_GCJ], -[AC_REQUIRE([_LT_AC_LANG_GCJ]) -])# AC_LIBTOOL_GCJ - - -# _LT_AC_LANG_GCJ -# --------------- -AC_DEFUN([_LT_AC_LANG_GCJ], -[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[], - [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[], - [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[], - [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])], - [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])], - [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])]) -_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ]) -])# _LT_AC_LANG_GCJ - - -# AC_LIBTOOL_RC -# ------------- -# enable support for Windows resource files -AC_DEFUN([AC_LIBTOOL_RC], -[AC_REQUIRE([LT_AC_PROG_RC]) -_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC]) -])# AC_LIBTOOL_RC - - -# AC_LIBTOOL_LANG_C_CONFIG -# ------------------------ -# Ensure that the configuration vars for the C compiler are -# suitably defined. Those variables are subsequently used by -# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. -AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG]) -AC_DEFUN([_LT_AC_LANG_C_CONFIG], -[lt_save_CC="$CC" -AC_LANG_PUSH(C) - -# Source file extension for C test sources. -ac_ext=c - -# Object file extension for compiled C test sources. -objext=o -_LT_AC_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;\n" - -# Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}\n' - -_LT_AC_SYS_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1) -AC_LIBTOOL_PROG_COMPILER_PIC($1) -AC_LIBTOOL_PROG_CC_C_O($1) -AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) -AC_LIBTOOL_PROG_LD_SHLIBS($1) -AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) -AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) -AC_LIBTOOL_SYS_LIB_STRIP -AC_LIBTOOL_DLOPEN_SELF - -# Report which library types will actually be built -AC_MSG_CHECKING([if libtool supports shared libraries]) -AC_MSG_RESULT([$can_build_shared]) - -AC_MSG_CHECKING([whether to build shared libraries]) -test "$can_build_shared" = "no" && enable_shared=no - -# On AIX, shared libraries and static libraries use the same namespace, and -# are all built from PIC. -case $host_os in -aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - -aix4* | aix5*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no - fi - ;; -esac -AC_MSG_RESULT([$enable_shared]) - -AC_MSG_CHECKING([whether to build static libraries]) -# Make sure either enable_shared or enable_static is yes. -test "$enable_shared" = yes || enable_static=yes -AC_MSG_RESULT([$enable_static]) - -AC_LIBTOOL_CONFIG($1) - -AC_LANG_POP -CC="$lt_save_CC" -])# AC_LIBTOOL_LANG_C_CONFIG - - -# AC_LIBTOOL_LANG_CXX_CONFIG -# -------------------------- -# Ensure that the configuration vars for the C compiler are -# suitably defined. Those variables are subsequently used by -# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. -AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)]) -AC_DEFUN([_LT_AC_LANG_CXX_CONFIG], -[AC_LANG_PUSH(C++) -AC_REQUIRE([AC_PROG_CXX]) -AC_REQUIRE([_LT_AC_PROG_CXXCPP]) - -_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_AC_TAGVAR(allow_undefined_flag, $1)= -_LT_AC_TAGVAR(always_export_symbols, $1)=no -_LT_AC_TAGVAR(archive_expsym_cmds, $1)= -_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_AC_TAGVAR(hardcode_direct, $1)=no -_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= -_LT_AC_TAGVAR(hardcode_libdir_separator, $1)= -_LT_AC_TAGVAR(hardcode_minus_L, $1)=no -_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported -_LT_AC_TAGVAR(hardcode_automatic, $1)=no -_LT_AC_TAGVAR(module_cmds, $1)= -_LT_AC_TAGVAR(module_expsym_cmds, $1)= -_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown -_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_AC_TAGVAR(no_undefined_flag, $1)= -_LT_AC_TAGVAR(whole_archive_flag_spec, $1)= -_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Dependencies to place before and after the object being linked: -_LT_AC_TAGVAR(predep_objects, $1)= -_LT_AC_TAGVAR(postdep_objects, $1)= -_LT_AC_TAGVAR(predeps, $1)= -_LT_AC_TAGVAR(postdeps, $1)= -_LT_AC_TAGVAR(compiler_lib_search_path, $1)= - -# Source file extension for C++ test sources. -ac_ext=cpp - -# Object file extension for compiled C++ test sources. -objext=o -_LT_AC_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;\n" - -# Code to be used in simple link tests -lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n' - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. -_LT_AC_SYS_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -# Allow CC to be a program name with arguments. -lt_save_CC=$CC -lt_save_LD=$LD -lt_save_GCC=$GCC -GCC=$GXX -lt_save_with_gnu_ld=$with_gnu_ld -lt_save_path_LD=$lt_cv_path_LD -if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then - lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx -else - $as_unset lt_cv_prog_gnu_ld -fi -if test -n "${lt_cv_path_LDCXX+set}"; then - lt_cv_path_LD=$lt_cv_path_LDCXX -else - $as_unset lt_cv_path_LD -fi -test -z "${LDCXX+set}" || LD=$LDCXX -CC=${CXX-"c++"} -compiler=$CC -_LT_AC_TAGVAR(compiler, $1)=$CC -_LT_CC_BASENAME([$compiler]) - -# We don't want -fno-exception wen compiling C++ code, so set the -# no_builtin_flag separately -if test "$GXX" = yes; then - _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' -else - _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= -fi - -if test "$GXX" = yes; then - # Set up default GNU C++ configuration - - AC_PROG_LD - - # Check if GNU C++ uses GNU ld as the underlying linker, since the - # archiving commands below assume that GNU ld is being used. - if test "$with_gnu_ld" = yes; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - - # If archive_cmds runs LD, not CC, wlarc should be empty - # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to - # investigate it a little bit more. (MM) - wlarc='${wl}' - - # ancient GNU ld didn't support --whole-archive et. al. - if eval "`$CC -print-prog-name=ld` --help 2>&1" | \ - grep 'no-whole-archive' > /dev/null; then - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - with_gnu_ld=no - wlarc= - - # A generic and very simple default shared library creation - # command for GNU C++ for the case where it uses the native - # linker, instead of GNU ld. If possible, this setting should - # overridden to take advantage of the native linker features on - # the platform it is being used on. - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - fi - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' - -else - GXX=no - with_gnu_ld=no - wlarc= -fi - -# PORTME: fill in a description of your system's C++ link characteristics -AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) -_LT_AC_TAGVAR(ld_shlibs, $1)=yes -case $host_os in - aix3*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - aix4* | aix5*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*) - for ld_flag in $LDFLAGS; do - case $ld_flag in - *-brtl*) - aix_use_runtimelinking=yes - break - ;; - esac - done - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - _LT_AC_TAGVAR(archive_cmds, $1)='' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - - if test "$GXX" = yes; then - case $host_os in aix4.[[012]]|aix4.[[012]].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null - then - # We have reworked collect2 - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - else - # We have old collect2 - _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= - fi - ;; - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - _LT_AC_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok' - # Determine the default libpath from the value encoded in an empty executable. - _LT_AC_SYS_LIBPATH_AIX - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - - _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' - _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an empty executable. - _LT_AC_SYS_LIBPATH_AIX - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience' - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared libraries. - _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; - - beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - chorus*) - case $cc_basename in - *) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - cygwin* | mingw* | pw32*) - # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, - # as there is no search path for DLLs. - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_AC_TAGVAR(always_export_symbols, $1)=no - _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - darwin* | rhapsody*) - case $host_os in - rhapsody* | darwin1.[[012]]) - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress' - ;; - *) # Darwin 1.3 on - if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - else - case ${MACOSX_DEPLOYMENT_TARGET} in - 10.[[012]]) - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - ;; - 10.*) - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup' - ;; - esac - fi - ;; - esac - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_automatic, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='' - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - - if test "$GXX" = yes ; then - lt_int_apple_cc_single_mod=no - output_verbose_link_cmd='echo' - if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then - lt_int_apple_cc_single_mod=yes - fi - if test "X$lt_int_apple_cc_single_mod" = Xyes ; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - fi - _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - if test "X$lt_int_apple_cc_single_mod" = Xyes ; then - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - fi - _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - case $cc_basename in - xlc*) - output_verbose_link_cmd='echo' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' - _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - ;; - *) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - fi - ;; - - dgux*) - case $cc_basename in - ec++*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - ghcx*) - # Green Hills C++ Compiler - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - freebsd[[12]]*) - # C++ shared libraries reported to be fairly broken before switch to ELF - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - freebsd-elf*) - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - ;; - freebsd* | kfreebsd*-gnu | dragonfly*) - # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF - # conventions - _LT_AC_TAGVAR(ld_shlibs, $1)=yes - ;; - gnu*) - ;; - hpux9*) - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, - # but as the default - # location of the library. - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - aCC*) - _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes; then - _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - hpux10*|hpux11*) - if test $with_gnu_ld = no; then - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - case $host_cpu in - hppa*64*|ia64*) - _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' - ;; - *) - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - ;; - esac - fi - case $host_cpu in - hppa*64*|ia64*) - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - *) - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, - # but as the default - # location of the library. - ;; - esac - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - aCC*) - case $host_cpu in - hppa*64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes; then - if test $with_gnu_ld = no; then - case $host_cpu in - hppa*64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - fi - else - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - interix3*) - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - irix5* | irix6*) - case $cc_basename in - CC*) - # SGI C++ - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - - # Archives containing C++ object files must be created using - # "CC -ar", where "CC" is the IRIX C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' - ;; - *) - if test "$GXX" = yes; then - if test "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib' - fi - fi - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - ;; - esac - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - linux*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - - # Archives containing C++ object files must be created using - # "CC -Bstatic", where "CC" is the KAI C++ compiler. - _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' - ;; - icpc*) - # Intel C++ - with_gnu_ld=yes - # version 8.0 and above of icpc choke on multiply defined symbols - # if we add $predep_objects and $postdep_objects, however 7.1 and - # earlier do not add the objects themselves. - case `$CC -V 2>&1` in - *"Version 7."*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - ;; - *) # Version 8.0 or newer - tmp_idyn= - case $host_cpu in - ia64*) tmp_idyn=' -i_dynamic';; - esac - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - ;; - esac - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' - ;; - pgCC*) - # Portland Group C++ compiler - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - ;; - cxx*) - # Compaq C++ - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' - - runpath_var=LD_RUN_PATH - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - esac - ;; - lynxos*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - m88k*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - mvs*) - case $cc_basename in - cxx*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' - wlarc= - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - fi - # Workaround some broken pre-1.5 toolchains - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' - ;; - openbsd2*) - # C++ shared libraries are fairly broken - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - openbsd*) - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - fi - output_verbose_link_cmd='echo' - ;; - osf3*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Archives containing C++ object files must be created using - # "CC -Bstatic", where "CC" is the KAI C++ compiler. - _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' - - ;; - RCC*) - # Rational C++ 2.4.1 - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - cxx*) - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' - - else - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - osf4* | osf5*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Archives containing C++ object files must be created using - # the KAI C++ compiler. - _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' - ;; - RCC*) - # Rational C++ 2.4.1 - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - cxx*) - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ - echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~ - $rm $lib.exp' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' - - else - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - psos*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - lcc*) - # Lucid - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - solaris*) - case $cc_basename in - CC*) - # Sun C++ 4.2, 5.x and Centerline C++ - _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes - _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - # The C++ compiler is used as linker so we must use $wl - # flag to pass the commands to the underlying system - # linker. We must also pass each convience library through - # to the system linker between allextract/defaultextract. - # The C++ compiler will combine linker options so we - # cannot just pass the convience library names through - # without $wl. - # Supported since Solaris 2.6 (maybe 2.5.1?) - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' - ;; - esac - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - - output_verbose_link_cmd='echo' - - # Archives containing C++ object files must be created using - # "CC -xar", where "CC" is the Sun C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' - ;; - gcx*) - # Green Hills C++ Compiler - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - - # The C++ compiler must be used to create the archive. - _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' - ;; - *) - # GNU C++ compiler with Solaris linker - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' - if $CC --version | grep -v '^2\.7' > /dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" - else - # g++ 2.7 appears to require `-G' NOT `-shared' on this - # platform. - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" - fi - - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' - fi - ;; - esac - ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - # For security reasons, it is highly recommended that you always - # use absolute paths for naming shared libraries, and exclude the - # DT_RUNPATH tag from executables and libraries. But doing so - # requires that you compile everything twice, which is a pain. - # So that behaviour is only enabled if SCOABSPATH is set to a - # non-empty value in the environment. Most likely only useful for - # creating official distributions of packages. - # This is a hack until libtool officially supports absolute path - # names for shared libraries. - _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - vxworks*) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; -esac -AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)]) -test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no - -_LT_AC_TAGVAR(GCC, $1)="$GXX" -_LT_AC_TAGVAR(LD, $1)="$LD" - -AC_LIBTOOL_POSTDEP_PREDEP($1) -AC_LIBTOOL_PROG_COMPILER_PIC($1) -AC_LIBTOOL_PROG_CC_C_O($1) -AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) -AC_LIBTOOL_PROG_LD_SHLIBS($1) -AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) -AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) - -AC_LIBTOOL_CONFIG($1) - -AC_LANG_POP -CC=$lt_save_CC -LDCXX=$LD -LD=$lt_save_LD -GCC=$lt_save_GCC -with_gnu_ldcxx=$with_gnu_ld -with_gnu_ld=$lt_save_with_gnu_ld -lt_cv_path_LDCXX=$lt_cv_path_LD -lt_cv_path_LD=$lt_save_path_LD -lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld -lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld -])# AC_LIBTOOL_LANG_CXX_CONFIG - -# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME]) -# ------------------------------------ -# Figure out "hidden" library dependencies from verbose -# compiler output when linking a shared library. -# Parse the compiler output and extract the necessary -# objects, libraries and library flags. -AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[ -dnl we can't use the lt_simple_compile_test_code here, -dnl because it contains code intended for an executable, -dnl not a library. It's possible we should let each -dnl tag define a new lt_????_link_test_code variable, -dnl but it's only used here... -ifelse([$1],[],[cat > conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext <> "$cfgfile" -ifelse([$1], [], -[#! $SHELL - -# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) -# NOTE: Changes made to this file will be lost: look at ltmain.sh. -# -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 -# Free Software Foundation, Inc. -# -# This file is part of GNU Libtool: -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# A sed program that does not truncate output. -SED=$lt_SED - -# Sed that helps us avoid accidentally triggering echo(1) options like -n. -Xsed="$SED -e 1s/^X//" - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -# The names of the tagged configurations supported by this script. -available_tags= - -# ### BEGIN LIBTOOL CONFIG], -[# ### BEGIN LIBTOOL TAG CONFIG: $tagname]) - -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1) - -# Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# An echo program that does not interpret backslashes. -echo=$lt_echo - -# The archiver. -AR=$lt_AR -AR_FLAGS=$lt_AR_FLAGS - -# A C compiler. -LTCC=$lt_LTCC - -# LTCC compiler flags. -LTCFLAGS=$lt_LTCFLAGS - -# A language-specific compiler. -CC=$lt_[]_LT_AC_TAGVAR(compiler, $1) - -# Is the compiler the GNU C compiler? -with_gcc=$_LT_AC_TAGVAR(GCC, $1) - -# An ERE matcher. -EGREP=$lt_EGREP - -# The linker used to build libraries. -LD=$lt_[]_LT_AC_TAGVAR(LD, $1) - -# Whether we need hard or soft links. -LN_S=$lt_LN_S - -# A BSD-compatible nm program. -NM=$lt_NM - -# A symbol stripping program -STRIP=$lt_STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# How to pass a linker flag through the compiler. -wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) - -# Object file suffix (normally "o"). -objext="$ac_objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Shared library suffix (normally ".so"). -shrext_cmds='$shrext_cmds' - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$lt_cv_sys_max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1) - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1) - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1) - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1) - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$lt_RANLIB -old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1) -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1) - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) - -# Commands used to build and install a shared archive. -archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1) -archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1) -postinstall_cmds=$lt_postinstall_cmds -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to build a loadable module (assumed same as above if empty) -module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1) -module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1) - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1) - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1) - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$lt_file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1) - -# Flag that forces no undefined symbols. -no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1) - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$lt_finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm in a C name address pair -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1) - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) - -# If ld is used when linking, flag to hardcode \$libdir into -# a binary during linking. This must work even if \$libdir does -# not exist. -hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1) - -# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1) - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1) - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1) - -# Set to yes if building a shared library automatically hardcodes DIR into the library -# and all subsequent libraries and executables linked against it. -hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1) - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)" - -# Set to yes if exported symbols are required. -always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1) - -# The commands to list exported symbols. -export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1) - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1) - -# Symbols that must always be exported. -include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1) - -ifelse([$1],[], -[# ### END LIBTOOL CONFIG], -[# ### END LIBTOOL TAG CONFIG: $tagname]) - -__EOF__ - -ifelse([$1],[], [ - case $host_os in - aix3*) - cat <<\EOF >> "$cfgfile" - -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -EOF - ;; - esac - - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1) - - mv -f "$cfgfile" "$ofile" || \ - (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") - chmod +x "$ofile" -]) -else - # If there is no Makefile yet, we rely on a make rule to execute - # `config.status --recheck' to rerun these tests and create the - # libtool script then. - ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` - if test -f "$ltmain_in"; then - test -f Makefile && make "$ltmain" - fi -fi -])# AC_LIBTOOL_CONFIG - - -# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME]) -# ------------------------------------------- -AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], -[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl - -_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= - -if test "$GCC" = yes; then - _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' - - AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], - lt_cv_prog_compiler_rtti_exceptions, - [-fno-rtti -fno-exceptions], [], - [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) -fi -])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI - - -# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE -# --------------------------------- -AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], -[AC_REQUIRE([AC_CANONICAL_HOST]) -AC_REQUIRE([AC_PROG_NM]) -AC_REQUIRE([AC_OBJEXT]) -# Check for command to grab the raw symbol name followed by C symbol from nm. -AC_MSG_CHECKING([command to parse $NM output from $compiler object]) -AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], -[ -# These are sane defaults that work on at least a few old systems. -# [They come from Ultrix. What could be older than Ultrix?!! ;)] - -# Character class describing NM global symbol codes. -symcode='[[BCDEGRST]]' - -# Regexp to match symbols that can be accessed directly from C. -sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' - -# Transform an extracted symbol line into a proper C declaration -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'" - -# Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" - -# Define system-specific variables. -case $host_os in -aix*) - symcode='[[BCDT]]' - ;; -cygwin* | mingw* | pw32*) - symcode='[[ABCDGISTW]]' - ;; -hpux*) # Its linker distinguishes data from code symbols - if test "$host_cpu" = ia64; then - symcode='[[ABCDEGRST]]' - fi - lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" - lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" - ;; -linux*) - if test "$host_cpu" = ia64; then - symcode='[[ABCDGIRSTW]]' - lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" - lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" - fi - ;; -irix* | nonstopux*) - symcode='[[BCDEGRST]]' - ;; -osf*) - symcode='[[BCDEGQRST]]' - ;; -solaris*) - symcode='[[BDRT]]' - ;; -sco3.2v5*) - symcode='[[DT]]' - ;; -sysv4.2uw2*) - symcode='[[DT]]' - ;; -sysv5* | sco5v6* | unixware* | OpenUNIX*) - symcode='[[ABDT]]' - ;; -sysv4) - symcode='[[DFNSTU]]' - ;; -esac - -# Handle CRLF in mingw tool chain -opt_cr= -case $build_os in -mingw*) - opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp - ;; -esac - -# If we're using GNU nm, then use its standard symbol codes. -case `$NM -V 2>&1` in -*GNU* | *'with BFD'*) - symcode='[[ABCDGIRSTW]]' ;; -esac - -# Try without a prefix undercore, then with it. -for ac_symprfx in "" "_"; do - - # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. - symxfrm="\\1 $ac_symprfx\\2 \\2" - - # Write the raw and C identifiers. - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" - - # Check to see that the pipe works correctly. - pipe_works=no - - rm -f conftest* - cat > conftest.$ac_ext < $nlist) && test -s "$nlist"; then - # Try sorting and uniquifying the output. - if sort "$nlist" | uniq > "$nlist"T; then - mv -f "$nlist"T "$nlist" - else - rm -f "$nlist"T - fi - - # Make sure that we snagged all the symbols we need. - if grep ' nm_test_var$' "$nlist" >/dev/null; then - if grep ' nm_test_func$' "$nlist" >/dev/null; then - cat < conftest.$ac_ext -#ifdef __cplusplus -extern "C" { -#endif - -EOF - # Now generate the symbol file. - eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext' - - cat <> conftest.$ac_ext -#if defined (__STDC__) && __STDC__ -# define lt_ptr_t void * -#else -# define lt_ptr_t char * -# define const -#endif - -/* The mapping between symbol names and symbols. */ -const struct { - const char *name; - lt_ptr_t address; -} -lt_preloaded_symbols[[]] = -{ -EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext - cat <<\EOF >> conftest.$ac_ext - {0, (lt_ptr_t) 0} -}; - -#ifdef __cplusplus -} -#endif -EOF - # Now try linking the two files. - mv conftest.$ac_objext conftstm.$ac_objext - lt_save_LIBS="$LIBS" - lt_save_CFLAGS="$CFLAGS" - LIBS="conftstm.$ac_objext" - CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then - pipe_works=yes - fi - LIBS="$lt_save_LIBS" - CFLAGS="$lt_save_CFLAGS" - else - echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD - fi - else - echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD - fi - else - echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD - fi - else - echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD - cat conftest.$ac_ext >&5 - fi - rm -f conftest* conftst* - - # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then - break - else - lt_cv_sys_global_symbol_pipe= - fi -done -]) -if test -z "$lt_cv_sys_global_symbol_pipe"; then - lt_cv_sys_global_symbol_to_cdecl= -fi -if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - AC_MSG_RESULT(failed) -else - AC_MSG_RESULT(ok) -fi -]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE - - -# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME]) -# --------------------------------------- -AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC], -[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)= -_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= -_LT_AC_TAGVAR(lt_prog_compiler_static, $1)= - -AC_MSG_CHECKING([for $compiler option to produce PIC]) - ifelse([$1],[CXX],[ - # C++ specific cases for pic, static, wl, etc. - if test "$GXX" = yes; then - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - amigaos*) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' - ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - mingw* | os2* | pw32*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' - ;; - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - ;; - *djgpp*) - # DJGPP does not support shared libraries at all - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= - ;; - interix3*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - sysv4*MP*) - if test -d /usr/nec; then - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic - fi - ;; - hpux*) - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - else - case $host_os in - aix4* | aix5*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - else - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' - fi - ;; - chorus*) - case $cc_basename in - cxch68*) - # Green Hills C++ Compiler - # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" - ;; - esac - ;; - darwin*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - case $cc_basename in - xlc*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon' - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - ;; - esac - ;; - dgux*) - case $cc_basename in - ec++*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - ;; - ghcx*) - # Green Hills C++ Compiler - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - *) - ;; - esac - ;; - freebsd* | kfreebsd*-gnu | dragonfly*) - # FreeBSD uses GNU C++ - ;; - hpux9* | hpux10* | hpux11*) - case $cc_basename in - CC*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - if test "$host_cpu" != ia64; then - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - fi - ;; - aCC*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - ;; - esac - ;; - *) - ;; - esac - ;; - interix*) - # This is c89, which is MS Visual C++ (no shared libs) - # Anyone wants to do a port? - ;; - irix5* | irix6* | nonstopux*) - case $cc_basename in - CC*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - # CC pic flag -KPIC is the default. - ;; - *) - ;; - esac - ;; - linux*) - case $cc_basename in - KCC*) - # KAI C++ Compiler - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - icpc* | ecpc*) - # Intel C++ - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - pgCC*) - # Portland Group C++ compiler. - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - cxx*) - # Compaq C++ - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - *) - ;; - esac - ;; - lynxos*) - ;; - m88k*) - ;; - mvs*) - case $cc_basename in - cxx*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' - ;; - *) - ;; - esac - ;; - netbsd*) - ;; - osf3* | osf4* | osf5*) - case $cc_basename in - KCC*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' - ;; - RCC*) - # Rational C++ 2.4.1 - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - cxx*) - # Digital/Compaq C++ - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - *) - ;; - esac - ;; - psos*) - ;; - solaris*) - case $cc_basename in - CC*) - # Sun C++ 4.2, 5.x and Centerline C++ - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - ;; - gcx*) - # Green Hills C++ Compiler - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - ;; - *) - ;; - esac - ;; - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - lcc*) - # Lucid - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - *) - ;; - esac - ;; - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - ;; - *) - ;; - esac - ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - case $cc_basename in - CC*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - esac - ;; - vxworks*) - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - esac - fi -], -[ - if test "$GCC" = yes; then - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - - amigaos*) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' - ;; - - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - - mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - ;; - - interix3*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - - msdosdjgpp*) - # Just because we use GCC doesn't mean we suddenly get shared libraries - # on systems that don't support them. - _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - enable_shared=no - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic - fi - ;; - - hpux*) - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - ;; - - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - else - # PORTME Check for flag to pass linker flags through the system compiler. - case $host_os in - aix*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - else - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' - fi - ;; - darwin*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - case $cc_basename in - xlc*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon' - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - ;; - esac - ;; - - mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' - ;; - - hpux9* | hpux10* | hpux11*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - ;; - esac - # Is there a better lt_prog_compiler_static that works with the bundled CC? - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - ;; - - irix5* | irix6* | nonstopux*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # PIC (with -KPIC) is the default. - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - newsos6) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - linux*) - case $cc_basename in - icc* | ecc*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - pgcc* | pgf77* | pgf90* | pgf95*) - # Portland Group compilers (*not* the Pentium gcc compiler, - # which looks to be a dead project) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - ccc*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # All Alpha code is PIC. - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - esac - ;; - - osf3* | osf4* | osf5*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # All OSF/1 code is PIC. - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - solaris*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - case $cc_basename in - f77* | f90* | f95*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; - *) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; - esac - ;; - - sunos4*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - sysv4 | sysv4.2uw2* | sysv4.3*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - sysv4*MP*) - if test -d /usr/nec ;then - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - unicos*) - _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - - uts4*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - *) - _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - esac - fi -]) -AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)]) - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then - AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works], - _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1), - [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [], - [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in - "" | " "*) ;; - *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;; - esac], - [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) -fi -case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: - *djgpp*) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= - ;; - *) - _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])" - ;; -esac - -# -# Check to make sure the static flag actually works. -# -wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\" -AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], - _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1), - $lt_tmp_static_flag, - [], - [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=]) -]) - - -# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME]) -# ------------------------------------ -# See if the linker supports building shared libraries. -AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS], -[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) -ifelse([$1],[CXX],[ - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - case $host_os in - aix4* | aix5*) - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | grep 'GNU' > /dev/null; then - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' - else - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' - fi - ;; - pw32*) - _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" - ;; - cygwin* | mingw*) - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols' - ;; - *) - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - ;; - esac -],[ - runpath_var= - _LT_AC_TAGVAR(allow_undefined_flag, $1)= - _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no - _LT_AC_TAGVAR(archive_cmds, $1)= - _LT_AC_TAGVAR(archive_expsym_cmds, $1)= - _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)= - _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)= - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= - _LT_AC_TAGVAR(thread_safe_flag_spec, $1)= - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_minus_L, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown - _LT_AC_TAGVAR(hardcode_automatic, $1)=no - _LT_AC_TAGVAR(module_cmds, $1)= - _LT_AC_TAGVAR(module_expsym_cmds, $1)= - _LT_AC_TAGVAR(always_export_symbols, $1)=no - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - # include_expsyms should be a list of space-separated symbols to be *always* - # included in the symbol list - _LT_AC_TAGVAR(include_expsyms, $1)= - # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. - _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_" - # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out - # platforms (ab)use it in PIC code, but their linkers get confused if - # the symbol is explicitly referenced. Since portable code cannot - # rely on this symbol name, it's probably fine to never include it in - # preloaded symbol tables. - extract_expsyms_cmds= - # Just being paranoid about ensuring that cc_basename is set. - _LT_CC_BASENAME([$compiler]) - case $host_os in - cygwin* | mingw* | pw32*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test "$GCC" != yes; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd*) - with_gnu_ld=no - ;; - esac - - _LT_AC_TAGVAR(ld_shlibs, $1)=yes - if test "$with_gnu_ld" = yes; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' - - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - runpath_var=LD_RUN_PATH - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= - fi - supports_anon_versioning=no - case `$LD -v 2>/dev/null` in - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix3* | aix4* | aix5*) - # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then - _LT_AC_TAGVAR(ld_shlibs, $1)=no - cat <&2 - -*** Warning: the GNU linker, at least up to release 2.9.1, is reported -*** to be unable to reliably create shared libraries on AIX. -*** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. - -EOF - fi - ;; - - amigaos*) - _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - - # Samuel A. Falvo II reports - # that the semantics of dynamic libraries on AmigaOS, at least up - # to version 4, is to share data among multiple programs linked - # with the same dynamic library. Since this doesn't match the - # behavior of shared libraries on other platforms, we can't use - # them. - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - - beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - cygwin* | mingw* | pw32*) - # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, - # as there is no search path for DLLs. - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_AC_TAGVAR(always_export_symbols, $1)=no - _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - interix3*) - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - - linux*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - tmp_addflag= - case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag' - ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 - tmp_addflag=' -i_dynamic' ;; - efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 - tmp_addflag=' -i_dynamic -nofor_main' ;; - ifc* | ifort*) # Intel Fortran compiler - tmp_addflag=' -nofor_main' ;; - esac - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - - if test $supports_anon_versioning = yes; then - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - $echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' - fi - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' - wlarc= - else - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - fi - ;; - - solaris*) - if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then - _LT_AC_TAGVAR(ld_shlibs, $1)=no - cat <&2 - -*** Warning: The releases 2.8.* of the GNU linker cannot reliably -*** create shared libraries on Solaris systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.9.1 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -EOF - elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not -*** reliably create shared libraries on SCO systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.16.91.0.3 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - ;; - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - sunos4*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_AC_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - - if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then - runpath_var= - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - # PORTME fill in a description of your system's linker (not GNU ld) - case $host_os in - aix3*) - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_AC_TAGVAR(always_export_symbols, $1)=yes - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported - fi - ;; - - aix4* | aix5*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | grep 'GNU' > /dev/null; then - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' - else - _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' - fi - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*) - for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then - aix_use_runtimelinking=yes - break - fi - done - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - _LT_AC_TAGVAR(archive_cmds, $1)='' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - - if test "$GCC" = yes; then - case $host_os in aix4.[[012]]|aix4.[[012]].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null - then - # We have reworked collect2 - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - else - # We have old collect2 - _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= - fi - ;; - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - _LT_AC_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok' - # Determine the default libpath from the value encoded in an empty executable. - _LT_AC_SYS_LIBPATH_AIX - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' - _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an empty executable. - _LT_AC_SYS_LIBPATH_AIX - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience' - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared libraries. - _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; - - amigaos*) - _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - # see comment about different semantics on the GNU ld section - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - - bsdi[[45]]*) - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic - ;; - - cygwin* | mingw* | pw32*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" - # FIXME: Setting linknames here is a bad hack. - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true' - # FIXME: Should let the user specify the lib program. - _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs' - _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' - _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - ;; - - darwin* | rhapsody*) - case $host_os in - rhapsody* | darwin1.[[012]]) - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress' - ;; - *) # Darwin 1.3 on - if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - else - case ${MACOSX_DEPLOYMENT_TARGET} in - 10.[[012]]) - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - ;; - 10.*) - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup' - ;; - esac - fi - ;; - esac - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_automatic, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='' - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - if test "$GCC" = yes ; then - output_verbose_link_cmd='echo' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - case $cc_basename in - xlc*) - output_verbose_link_cmd='echo' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' - _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - ;; - *) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - fi - ;; - - dgux*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - freebsd1*) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor - # support. Future versions do this automatically, but an explicit c++rt0.o - # does not break anything, and helps significantly (at the cost of a little - # extra space). - freebsd2.2*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | kfreebsd*-gnu | dragonfly*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - hpux9*) - if test "$GCC" = yes; then - _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - fi - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - ;; - - hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' - fi - if test "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - fi - ;; - - hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - case $host_cpu in - hppa*64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - else - case $host_cpu in - hppa*64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - fi - if test "$with_gnu_ld" = no; then - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - - case $host_cpu in - hppa*64*|ia64*) - _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' - _LT_AC_TAGVAR(hardcode_direct, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - *) - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - fi - ;; - - irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' - fi - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out - else - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF - fi - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - newsos6) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - openbsd*) - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - else - case $host_os in - openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - ;; - *) - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - ;; - esac - fi - ;; - - os2*) - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' - ;; - - osf3*) - if test "$GCC" = yes; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - fi - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - - osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - else - _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ - $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' - - # Both c and cxx compiler support -rpath directly - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - fi - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - - solaris*) - _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text' - if test "$GCC" = yes; then - wlarc='${wl}' - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' - else - wlarc='' - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' - fi - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - # The compiler driver will combine linker options so we - # cannot just pass the convience library names through - # without $wl, iff we do not link with $LD. - # Luckily, gcc supports the same syntax we need for Sun Studio. - # Supported since Solaris 2.6 (maybe 2.5.1?) - case $wlarc in - '') - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; - *) - _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; - esac ;; - esac - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - ;; - - sunos4*) - if test "x$host_vendor" = xsequent; then - # Use $CC to link under sequent, because it throws in some extra .o - # files that make .init and .fini sections work. - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' - fi - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes - _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - sysv4) - case $host_vendor in - sni) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true??? - ;; - siemens) - ## LD is ld it makes a PLAMLIB - ## CC just makes a GrossModule. - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' - _LT_AC_TAGVAR(hardcode_direct, $1)=no - ;; - motorola) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie - ;; - esac - runpath_var='LD_RUN_PATH' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - sysv4.3*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var=LD_RUN_PATH - hardcode_runpath_var=yes - _LT_AC_TAGVAR(ld_shlibs, $1)=yes - fi - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*) - _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' - _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_AC_TAGVAR(link_all_deplibs, $1)=yes - _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - uts4*) - _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - esac - fi -]) -AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)]) -test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no - -# -# Do we need to explicitly link libc? -# -case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in -x|xyes) - # Assume -lc should be added - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes - - if test "$enable_shared" = yes && test "$GCC" = yes; then - case $_LT_AC_TAGVAR(archive_cmds, $1) in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - AC_MSG_CHECKING([whether -lc should be explicitly linked in]) - $rm conftest* - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - if AC_TRY_EVAL(ac_compile) 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) - pic_flag=$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1) - _LT_AC_TAGVAR(allow_undefined_flag, $1)= - if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) - then - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no - else - _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes - fi - _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $rm conftest* - AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)]) - ;; - esac - fi - ;; -esac -])# AC_LIBTOOL_PROG_LD_SHLIBS - - -# _LT_AC_FILE_LTDLL_C -# ------------------- -# Be careful that the start marker always follows a newline. -AC_DEFUN([_LT_AC_FILE_LTDLL_C], [ -# /* ltdll.c starts here */ -# #define WIN32_LEAN_AND_MEAN -# #include -# #undef WIN32_LEAN_AND_MEAN -# #include -# -# #ifndef __CYGWIN__ -# # ifdef __CYGWIN32__ -# # define __CYGWIN__ __CYGWIN32__ -# # endif -# #endif -# -# #ifdef __cplusplus -# extern "C" { -# #endif -# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved); -# #ifdef __cplusplus -# } -# #endif -# -# #ifdef __CYGWIN__ -# #include -# DECLARE_CYGWIN_DLL( DllMain ); -# #endif -# HINSTANCE __hDllInstance_base; -# -# BOOL APIENTRY -# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) -# { -# __hDllInstance_base = hInst; -# return TRUE; -# } -# /* ltdll.c ends here */ -])# _LT_AC_FILE_LTDLL_C - - -# _LT_AC_TAGVAR(VARNAME, [TAGNAME]) -# --------------------------------- -AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])]) - - -# old names -AC_DEFUN([AM_PROG_LIBTOOL], [AC_PROG_LIBTOOL]) -AC_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) -AC_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) -AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) -AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) -AC_DEFUN([AM_PROG_LD], [AC_PROG_LD]) -AC_DEFUN([AM_PROG_NM], [AC_PROG_NM]) - -# This is just to silence aclocal about the macro not being used -ifelse([AC_DISABLE_FAST_INSTALL]) - -AC_DEFUN([LT_AC_PROG_GCJ], -[AC_CHECK_TOOL(GCJ, gcj, no) - test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" - AC_SUBST(GCJFLAGS) -]) - -AC_DEFUN([LT_AC_PROG_RC], -[AC_CHECK_TOOL(RC, windres, no) -]) - -# NOTE: This macro has been submitted for inclusion into # -# GNU Autoconf as AC_PROG_SED. When it is available in # -# a released version of Autoconf we should remove this # -# macro and use it instead. # -# LT_AC_PROG_SED -# -------------- -# Check for a fully-functional sed program, that truncates -# as few characters as possible. Prefer GNU sed if found. -AC_DEFUN([LT_AC_PROG_SED], -[AC_MSG_CHECKING([for a sed that does not truncate output]) -AC_CACHE_VAL(lt_cv_path_SED, -[# Loop through the user's path and test for sed and gsed. -# Then use that list of sed's as ones to test for truncation. -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for lt_ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then - lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" - fi - done - done -done -lt_ac_max=0 -lt_ac_count=0 -# Add /usr/xpg4/bin/sed as it is typically found on Solaris -# along with /bin/sed that truncates output. -for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do - test ! -f $lt_ac_sed && continue - cat /dev/null > conftest.in - lt_ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >conftest.in - # Check for GNU sed and select it if it is found. - if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then - lt_cv_path_SED=$lt_ac_sed - break - fi - while true; do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo >>conftest.nl - $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break - cmp -s conftest.out conftest.nl || break - # 10000 chars as input seems more than enough - test $lt_ac_count -gt 10 && break - lt_ac_count=`expr $lt_ac_count + 1` - if test $lt_ac_count -gt $lt_ac_max; then - lt_ac_max=$lt_ac_count - lt_cv_path_SED=$lt_ac_sed - fi - done -done -]) -SED=$lt_cv_path_SED -AC_MSG_RESULT([$SED]) -]) - -# Copyright (C) 2002, 2003, 2005, 2006 Free Software Foundation, Inc. +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],, +[m4_warning([this file was generated for autoconf 2.65. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically `autoreconf'.])]) + +# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -6405,10 +31,10 @@ AC_MSG_RESULT([$SED]) # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.10' +[am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.10], [], +m4_if([$1], [1.11.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -6422,10 +48,12 @@ m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. -# This function is AC_REQUIREd by AC_INIT_AUTOMAKE. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.10])dnl -_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)]) +[AM_AUTOMAKE_VERSION([1.11.1])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- @@ -6482,14 +110,14 @@ am_aux_dir=`cd $ac_aux_dir && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006 +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 8 +# serial 9 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- @@ -6502,6 +130,7 @@ AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' @@ -6515,16 +144,278 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Do all the work for Automake. -*- Autoconf -*- - -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 +# Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 12 +# serial 10 + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], UPC, [depcc="$UPC" am_compiler_list=], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +#serial 5 + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking +# is enabled. FIXME. This creates each `.P' file that we will +# need in order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) +]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 16 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. @@ -6541,7 +432,7 @@ fi])]) # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], -[AC_PREREQ([2.60])dnl +[AC_PREREQ([2.62])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl @@ -6592,8 +483,8 @@ AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) -AM_PROG_INSTALL_SH -AM_PROG_INSTALL_STRIP +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. @@ -6601,24 +492,37 @@ AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], - [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], - [_AM_PROG_TAR([v7])])]) + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES(CC)], - [define([AC_PROG_CC], - defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES(CXX)], - [define([AC_PROG_CXX], - defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES(OBJC)], - [define([AC_PROG_OBJC], - defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl + [_AM_DEPENDENCIES(OBJC)], + [define([AC_PROG_OBJC], + defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) +_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl +dnl The `parallel-tests' driver may need to know about EXEEXT, so add the +dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) +dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header @@ -6629,18 +533,19 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJC], # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. +_am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in - $1 | $1:* ) + $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done -echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -6651,7 +556,14 @@ echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"} +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. @@ -6699,33 +611,7 @@ fi]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 4 - -AC_DEFUN([AM_MAINTAINER_MODE], -[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) - dnl maintainer-mode is disabled by default - AC_ARG_ENABLE(maintainer-mode, -[ --enable-maintainer-mode enable make rules and dependencies not useful - (and sometimes confusing) to the casual installer], - USE_MAINTAINER_MODE=$enableval, - USE_MAINTAINER_MODE=no) - AC_MSG_RESULT([$USE_MAINTAINER_MODE]) - AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes]) - MAINT=$MAINTAINER_MODE_TRUE - AC_SUBST(MAINT)dnl -] -) - -AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) - -# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005 +# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation @@ -6734,6 +620,95 @@ AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) # serial 5 +# AM_MAINTAINER_MODE([DEFAULT-MODE]) +# ---------------------------------- +# Control maintainer-specific portions of Makefiles. +# Default is to disable them, unless `enable' is passed literally. +# For symmetry, `disable' may be passed as well. Anyway, the user +# can override the default with the --enable/--disable switch. +AC_DEFUN([AM_MAINTAINER_MODE], +[m4_case(m4_default([$1], [disable]), + [enable], [m4_define([am_maintainer_other], [disable])], + [disable], [m4_define([am_maintainer_other], [enable])], + [m4_define([am_maintainer_other], [enable]) + m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) +AC_MSG_CHECKING([whether to am_maintainer_other maintainer-specific portions of Makefiles]) + dnl maintainer-mode's default is 'disable' unless 'enable' is passed + AC_ARG_ENABLE([maintainer-mode], +[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) + AC_MSG_RESULT([$USE_MAINTAINER_MODE]) + AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST([MAINT])dnl +] +) + +AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_MAKE_INCLUDE() +# ----------------- +# Check to see how make treats includes. +AC_DEFUN([AM_MAKE_INCLUDE], +[am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +AC_MSG_CHECKING([for style of include used by $am_make]) +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi +AC_SUBST([am__include]) +AC_SUBST([am__quote]) +AC_MSG_RESULT([$_am_result]) +rm -f confinc confmf +]) + +# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 6 + # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. @@ -6744,8 +719,9 @@ AC_REQUIRE_AUX_FILE([compile])dnl # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC -ac_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` -if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then +am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` +eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o +if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. @@ -6761,14 +737,14 @@ m4_define([AC_PROG_CC], # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005 +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 +# serial 6 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ @@ -6785,7 +761,14 @@ AC_SUBST($1)]) AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl -test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " @@ -6823,13 +806,13 @@ esac # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 3 +# serial 4 # _AM_MANGLE_OPTION(NAME) # ----------------------- @@ -6846,7 +829,7 @@ AC_DEFUN([_AM_SET_OPTION], # ---------------------------------- # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], -[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- @@ -6856,14 +839,14 @@ AC_DEFUN([_AM_IF_OPTION], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 4 +# serial 5 # AM_SANITY_CHECK # --------------- @@ -6872,16 +855,29 @@ AC_DEFUN([AM_SANITY_CHECK], # Just in case sleep 1 echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; +esac + # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. - set X `ls -t $srcdir/configure conftest.file` + set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ @@ -6934,18 +930,25 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006 Free Software Foundation, Inc. +# Copyright (C) 2006, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 2 + # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- -# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in. +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) +# AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005 Free Software Foundation, Inc. @@ -7044,7 +1047,6 @@ AC_SUBST([am__untar]) m4_include([cf/aix.m4]) m4_include([cf/auth-modules.m4]) -m4_include([cf/autobuild.m4]) m4_include([cf/broken-getaddrinfo.m4]) m4_include([cf/broken-glob.m4]) m4_include([cf/broken-realloc.m4]) @@ -7064,6 +1066,7 @@ m4_include([cf/check-xau.m4]) m4_include([cf/crypto.m4]) m4_include([cf/db.m4]) m4_include([cf/destdirs.m4]) +m4_include([cf/dispatch.m4]) m4_include([cf/dlopen.m4]) m4_include([cf/find-func-no-libs.m4]) m4_include([cf/find-func-no-libs2.m4]) @@ -7081,11 +1084,17 @@ m4_include([cf/krb-readline.m4]) m4_include([cf/krb-struct-spwd.m4]) m4_include([cf/krb-struct-winsize.m4]) m4_include([cf/largefile.m4]) +m4_include([cf/libtool.m4]) +m4_include([cf/ltoptions.m4]) +m4_include([cf/ltsugar.m4]) +m4_include([cf/ltversion.m4]) +m4_include([cf/lt~obsolete.m4]) m4_include([cf/mips-abi.m4]) m4_include([cf/misc.m4]) m4_include([cf/need-proto.m4]) m4_include([cf/osfc2.m4]) m4_include([cf/otp.m4]) +m4_include([cf/pkg.m4]) m4_include([cf/proto-compat.m4]) m4_include([cf/pthreads.m4]) m4_include([cf/resolv.m4]) diff --git a/crypto/heimdal/admin/ChangeLog b/crypto/heimdal/admin/ChangeLog index 6587240f60c..1cdc1536bc8 100644 --- a/crypto/heimdal/admin/ChangeLog +++ b/crypto/heimdal/admin/ChangeLog @@ -1,10 +1,10 @@ -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: Add man_MANS to EXTRA_DIST * Makefile.am: split build files into dist_ and noinst_ SOURCES -2005-07-07 Love Hörnquist Åstrand +2005-07-07 Love Hörnquist Ã…strand * ktutil.c: rename optind to optidx @@ -18,7 +18,7 @@ shadowing; make a copy of realm and admin_server to avoid un-consting. -2005-05-19 Love Hörnquist Åstrand +2005-05-19 Love Hörnquist Ã…strand * change.c (kt_change): plug memory leak from krb5_kt_remove_entry, print principal on error. @@ -27,11 +27,11 @@ * ktutil.c (help): Don't use non-constant initializer for `fake'. -2005-04-15 Love Hörnquist Åstrand +2005-04-15 Love Hörnquist Ã…strand * ktutil_locl.h: include -2005-04-14 Love Hörnquist Åstrand +2005-04-14 Love Hörnquist Ã…strand * add.c: add option -H --hex to the add command @@ -39,7 +39,7 @@ * ktutil.8: document option -H --hex to the add command -2004-09-29 Love Hörnquist Åstrand +2004-09-29 Love Hörnquist Ã…strand * list.c: un c99'ify, from Anders.Magnusson@ltu.se diff --git a/crypto/heimdal/admin/Makefile.am b/crypto/heimdal/admin/Makefile.am index 8c679e1d463..7bb5ef50587 100644 --- a/crypto/heimdal/admin/Makefile.am +++ b/crypto/heimdal/admin/Makefile.am @@ -1,11 +1,9 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) -SLC = $(top_builddir)/lib/sl/slc - man_MANS = ktutil.8 sbin_PROGRAMS = ktutil @@ -14,6 +12,7 @@ dist_ktutil_SOURCES = \ add.c \ change.c \ copy.c \ + destroy.c \ get.c \ ktutil.c \ ktutil_locl.h \ @@ -41,4 +40,4 @@ LDADD = \ $(LIB_readline) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) ktutil-commands.in +EXTRA_DIST = NTMakefile ktutil-version.rc $(man_MANS) ktutil-commands.in diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in index b8fc3fd728a..04e75912c6b 100644 --- a/crypto/heimdal/admin/Makefile.in +++ b/crypto/heimdal/admin/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ sbin_PROGRAMS = ktutil$(EXEEXT) subdir = admin ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,18 +89,19 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" -sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(sbin_PROGRAMS) dist_ktutil_OBJECTS = add.$(OBJEXT) change.$(OBJEXT) copy.$(OBJEXT) \ - get.$(OBJEXT) ktutil.$(OBJEXT) list.$(OBJEXT) purge.$(OBJEXT) \ - remove.$(OBJEXT) rename.$(OBJEXT) + destroy.$(OBJEXT) get.$(OBJEXT) ktutil.$(OBJEXT) \ + list.$(OBJEXT) purge.$(OBJEXT) remove.$(OBJEXT) \ + rename.$(OBJEXT) nodist_ktutil_OBJECTS = ktutil-commands.$(OBJEXT) ktutil_OBJECTS = $(dist_ktutil_OBJECTS) $(nodist_ktutil_OBJECTS) ktutil_LDADD = $(LDADD) @@ -105,9 +111,9 @@ ktutil_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -119,6 +125,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(dist_ktutil_SOURCES) $(nodist_ktutil_SOURCES) DIST_SOURCES = $(dist_ktutil_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 MANS = $(man_MANS) ETAGS = etags @@ -128,49 +155,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -194,10 +230,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -214,6 +251,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -229,31 +268,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -268,10 +321,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -312,37 +367,41 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_readline) $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_readline) $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -SLC = $(top_builddir)/lib/sl/slc man_MANS = ktutil.8 dist_ktutil_SOURCES = \ add.c \ change.c \ copy.c \ + destroy.c \ get.c \ ktutil.c \ ktutil_locl.h \ @@ -364,23 +423,23 @@ LDADD = \ $(LIB_readline) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) ktutil-commands.in +EXTRA_DIST = NTMakefile ktutil-version.rc $(man_MANS) ktutil-commands.in all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps admin/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps admin/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign admin/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -398,34 +457,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list ktutil$(EXEEXT): $(ktutil_OBJECTS) $(ktutil_DEPENDENCIES) @rm -f ktutil$(EXEEXT) $(LINK) $(ktutil_OBJECTS) $(ktutil_LDADD) $(LIBS) @@ -436,115 +511,149 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/change.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/copy.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destroy.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ktutil-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ktutil.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/list.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/purge.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/remove.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -560,13 +669,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -602,6 +715,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -612,6 +726,7 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -622,6 +737,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -629,26 +746,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -668,11 +794,10 @@ ps-am: uninstall-am: uninstall-man uninstall-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libtool clean-sbinPROGRAMS ctags \ @@ -759,6 +884,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -844,7 +972,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -862,6 +990,7 @@ $(ktutil_OBJECTS): ktutil-commands.h ktutil-commands.c ktutil-commands.h: ktutil-commands.in $(SLC) $(srcdir)/ktutil-commands.in + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/admin/add.c b/crypto/heimdal/admin/add.c index 1c203209514..3e8be9a8c40 100644 --- a/crypto/heimdal/admin/add.c +++ b/crypto/heimdal/admin/add.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: add.c 14793 2005-04-14 16:45:14Z lha $"); +RCSID("$Id$"); static char * readstring(const char *prompt, char *buf, size_t len) @@ -104,7 +104,7 @@ kt_add(struct add_options *opt, int argc, char **argv) if (opt->hex_flag) { size_t len; void *data; - + len = (strlen(opt->password_string) + 1) / 2; data = malloc(len); @@ -113,13 +113,13 @@ kt_add(struct add_options *opt, int argc, char **argv) goto out; } - if (hex_decode(opt->password_string, data, len) != len) { + if ((size_t)hex_decode(opt->password_string, data, len) != len) { free(data); krb5_warn(context, ENOMEM, "hex decode failed"); goto out; } - ret = krb5_keyblock_init(context, enctype, + ret = krb5_keyblock_init(context, enctype, data, len, &entry.keyblock); free(data); } else if (!opt->salt_flag) { @@ -134,7 +134,7 @@ kt_add(struct add_options *opt, int argc, char **argv) ret = krb5_string_to_key_data_salt(context, enctype, pw, salt, &entry.keyblock); } else { - ret = krb5_string_to_key(context, enctype, opt->password_string, + ret = krb5_string_to_key(context, enctype, opt->password_string, entry.principal, &entry.keyblock); } memset (opt->password_string, 0, strlen(opt->password_string)); diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c index 01f69c41574..c390441f23d 100644 --- a/crypto/heimdal/admin/change.c +++ b/crypto/heimdal/admin/change.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: change.c 15578 2005-07-07 20:44:48Z lha $"); +RCSID("$Id$"); static krb5_error_code change_entry (krb5_keytab keytab, @@ -61,19 +61,19 @@ change_entry (krb5_keytab keytab, conf.realm = strdup(realm); if (conf.realm == NULL) { free (client_name); - krb5_set_error_string(context, "malloc failed"); + krb5_set_error_message(context, ENOMEM, "malloc failed"); return ENOMEM; } conf.mask |= KADM5_CONFIG_REALM; - + if (admin_server) { conf.admin_server = strdup(admin_server); if (conf.admin_server == NULL) { free(client_name); free(conf.realm); - krb5_set_error_string(context, "malloc failed"); + krb5_set_error_message(context, ENOMEM, "malloc failed"); return ENOMEM; - } + } conf.mask |= KADM5_CONFIG_ADMIN_SERVER; } @@ -140,7 +140,7 @@ kt_change (struct change_options *opt, int argc, char **argv) int i, j, max; struct change_set *changeset; int errors = 0; - + if((keytab = ktutil_open_keytab()) == NULL) return 1; @@ -222,20 +222,20 @@ kt_change (struct change_options *opt, int argc, char **argv) if (verbose_flag) { char *client_name; - ret = krb5_unparse_name (context, changeset[i].principal, + ret = krb5_unparse_name (context, changeset[i].principal, &client_name); if (ret) { krb5_warn (context, ret, "krb5_unparse_name"); } else { - printf("Changing %s kvno %d\n", + printf("Changing %s kvno %d\n", client_name, changeset[i].kvno); free(client_name); } } - ret = change_entry (keytab, + ret = change_entry (keytab, changeset[i].principal, changeset[i].kvno, - opt->realm_string, - opt->admin_server_string, + opt->realm_string, + opt->admin_server_string, opt->server_port_integer); if (ret != 0) errors = 1; diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c index 83b65b61a0a..7b50de1c3cb 100644 --- a/crypto/heimdal/admin/copy.c +++ b/crypto/heimdal/admin/copy.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: copy.c 14260 2004-09-23 14:45:29Z joda $"); +RCSID("$Id$"); static krb5_boolean @@ -46,13 +46,15 @@ compare_keyblock(const krb5_keyblock *a, const krb5_keyblock *b) return TRUE; } -static int -kt_copy_int (const char *from, const char *to) +int +kt_copy (void *opt, int argc, char **argv) { krb5_error_code ret; krb5_keytab src_keytab, dst_keytab; krb5_kt_cursor cursor; krb5_keytab_entry entry, dummy; + const char *from = argv[0]; + const char *to = argv[1]; ret = krb5_kt_resolve (context, from, &src_keytab); if (ret) { @@ -90,9 +92,9 @@ kt_copy_int (const char *from, const char *to) krb5_warn(context, ret, "krb5_enctype_to_string"); etype_str = NULL; /* XXX */ } - ret = krb5_kt_get_entry(context, dst_keytab, - entry.principal, - entry.vno, + ret = krb5_kt_get_entry(context, dst_keytab, + entry.principal, + entry.vno, entry.keyblock.keytype, &dummy); if(ret == 0) { @@ -101,7 +103,7 @@ kt_copy_int (const char *from, const char *to) is weird, so complain about that */ if(!compare_keyblock(&entry.keyblock, &dummy.keyblock)) { krb5_warnx(context, "entry with different keyvalue " - "already exists for %s, keytype %s, kvno %d", + "already exists for %s, keytype %s, kvno %d", name_str, etype_str, entry.vno); } krb5_kt_free_entry(context, &dummy); @@ -110,7 +112,7 @@ kt_copy_int (const char *from, const char *to) free(etype_str); continue; } else if(ret != KRB5_KT_NOTFOUND) { - krb5_warn (context, ret, "%s: fetching %s/%s/%u", + krb5_warn (context, ret, "%s: fetching %s/%s/%u", to, name_str, etype_str, entry.vno); krb5_kt_free_entry (context, &entry); free(name_str); @@ -118,12 +120,12 @@ kt_copy_int (const char *from, const char *to) break; } if (verbose_flag) - fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str, + fprintf (stderr, "copying %s, keytype %s, kvno %d\n", name_str, etype_str, entry.vno); ret = krb5_kt_add_entry (context, dst_keytab, &entry); krb5_kt_free_entry (context, &entry); if (ret) { - krb5_warn (context, ret, "%s: adding %s/%s/%u", + krb5_warn (context, ret, "%s: adding %s/%s/%u", to, name_str, etype_str, entry.vno); free(name_str); free(etype_str); @@ -139,37 +141,3 @@ kt_copy_int (const char *from, const char *to) krb5_kt_close (context, dst_keytab); return ret != 0; } - -int -kt_copy (void *opt, int argc, char **argv) -{ - return kt_copy_int(argv[0], argv[1]); -} - -int -srvconv(struct srvconvert_options *opt, int argc, char **argv) -{ - char kt4[1024], kt5[1024]; - - snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string); - - if(keytab_string != NULL) - return kt_copy_int(kt4, keytab_string); - - krb5_kt_default_modify_name(context, kt5, sizeof(kt5)); - return kt_copy_int(kt4, kt5); -} - -int -srvcreate(struct srvcreate_options *opt, int argc, char **argv) -{ - char kt4[1024], kt5[1024]; - - snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string); - - if(keytab_string != NULL) - return kt_copy_int(keytab_string, kt4); - - krb5_kt_default_name(context, kt5, sizeof(kt5)); - return kt_copy_int(kt5, kt4); -} diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/admin/destroy.c similarity index 53% rename from crypto/heimdal/lib/vers/make-print-version.c rename to crypto/heimdal/admin/destroy.c index 6601b040f07..0e989d904fd 100644 --- a/crypto/heimdal/lib/vers/make-print-version.c +++ b/crypto/heimdal/admin/destroy.c @@ -1,76 +1,52 @@ /* - * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: make-print-version.c 18765 2006-10-21 17:37:32Z lha $"); -#endif - -#include -#include - -#ifdef KRB5 -extern const char *heimdal_version; -#endif -#ifdef KRB4 -extern const char *krb4_version; -#endif -#include +#include "ktutil_locl.h" int -main(int argc, char **argv) +kt_destroy (void *opt, int argc, char **argv) { - FILE *f; - if(argc != 2) + krb5_error_code ret; + krb5_keytab keytab; + + if((keytab = ktutil_open_keytab()) == NULL) + return 1; + + ret = krb5_kt_destroy (context, keytab); + if (ret) { + krb5_warn (context, ret, "destroy keytab failed"); return 1; - if (strcmp(argv[1], "--version") == 0) { - printf("some version"); - return 0; } - f = fopen(argv[1], "w"); - if(f == NULL) - return 1; - fprintf(f, "#define VERSIONLIST \""); -#ifdef KRB5 - fprintf(f, "%s", heimdal_version); -#endif -#ifdef KRB4 -#ifdef KRB5 - fprintf(f, ", "); -#endif - fprintf(f, "%s", krb4_version); -#endif - fprintf(f, "\"\n"); - fclose(f); + return 0; } diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c index 7ad1fc4bc13..df294324bcc 100644 --- a/crypto/heimdal/admin/get.c +++ b/crypto/heimdal/admin/get.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: get.c 15583 2005-07-07 21:44:37Z lha $"); +RCSID("$Id$"); static void* open_kadmin_connection(char *principal, - const char *realm, - char *admin_server, + const char *realm, + char *admin_server, int server_port) { static kadm5_config_params conf; @@ -49,12 +49,12 @@ open_kadmin_connection(char *principal, if(realm) { conf.realm = strdup(realm); if (conf.realm == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, 0, "malloc: out of memory"); return NULL; } conf.mask |= KADM5_CONFIG_REALM; } - + if (admin_server) { conf.admin_server = admin_server; conf.mask |= KADM5_CONFIG_ADMIN_SERVER; @@ -68,11 +68,11 @@ open_kadmin_connection(char *principal, /* should get realm from each principal, instead of doing everything with the same (local) realm */ - ret = kadm5_init_with_password_ctx(context, + ret = kadm5_init_with_password_ctx(context, principal, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); free(conf.realm); if(ret) { @@ -90,9 +90,10 @@ kt_get(struct get_options *opt, int argc, char **argv) void *kadm_handle = NULL; krb5_enctype *etypes = NULL; size_t netypes = 0; - int i, j; + size_t i; + int a, j; unsigned int failed = 0; - + if((keytab = ktutil_open_keytab()) == NULL) return 1; @@ -108,8 +109,8 @@ kt_get(struct get_options *opt, int argc, char **argv) } netypes = opt->enctypes_strings.num_strings; for(i = 0; i < netypes; i++) { - ret = krb5_string_to_enctype(context, - opt->enctypes_strings.strings[i], + ret = krb5_string_to_enctype(context, + opt->enctypes_strings.strings[i], &etypes[i]); if(ret) { krb5_warnx(context, "unrecognized enctype: %s", @@ -119,8 +120,8 @@ kt_get(struct get_options *opt, int argc, char **argv) } } - - for(i = 0; i < argc; i++){ + + for(a = 0; a < argc; a++){ krb5_principal princ_ent; kadm5_principal_ent_rec princ; int mask = 0; @@ -129,9 +130,9 @@ kt_get(struct get_options *opt, int argc, char **argv) int created = 0; krb5_keytab_entry entry; - ret = krb5_parse_name(context, argv[i], &princ_ent); + ret = krb5_parse_name(context, argv[a], &princ_ent); if (ret) { - krb5_warn(context, ret, "can't parse principal %s", argv[i]); + krb5_warn(context, ret, "can't parse principal %s", argv[a]); failed++; continue; } @@ -149,35 +150,35 @@ kt_get(struct get_options *opt, int argc, char **argv) r = opt->realm_string; else r = krb5_principal_get_realm(context, princ_ent); - kadm_handle = open_kadmin_connection(opt->principal_string, - r, - opt->admin_server_string, + kadm_handle = open_kadmin_connection(opt->principal_string, + r, + opt->admin_server_string, opt->server_port_integer); if(kadm_handle == NULL) break; } - + ret = kadm5_create_principal(kadm_handle, &princ, mask, "x"); if(ret == 0) created = 1; else if(ret != KADM5_DUP) { - krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]); krb5_free_principal(context, princ_ent); failed++; continue; } ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); if (ret) { - krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]); krb5_free_principal(context, princ_ent); failed++; continue; } - - ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, + + ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); if (ret) { - krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[a]); for (j = 0; j < n_keys; j++) krb5_free_keyblock_contents(context, &keys[j]); krb5_free_principal(context, princ_ent); @@ -185,7 +186,7 @@ kt_get(struct get_options *opt, int argc, char **argv) continue; } if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX)) - krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]); + krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[a]); princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); mask = KADM5_ATTRIBUTES; if(created) { @@ -194,7 +195,7 @@ kt_get(struct get_options *opt, int argc, char **argv) } ret = kadm5_modify_principal(kadm_handle, &princ, mask); if (ret) { - krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[a]); for (j = 0; j < n_keys; j++) krb5_free_keyblock_contents(context, &keys[j]); krb5_free_principal(context, princ_ent); @@ -205,7 +206,7 @@ kt_get(struct get_options *opt, int argc, char **argv) int do_add = TRUE; if (netypes) { - int k; + size_t k; do_add = FALSE; for (k = 0; k < netypes; ++k) @@ -225,7 +226,7 @@ kt_get(struct get_options *opt, int argc, char **argv) } krb5_free_keyblock_contents(context, &keys[j]); } - + kadm5_free_principal_ent(kadm_handle, &princ); krb5_free_principal(context, princ_ent); } diff --git a/crypto/heimdal/admin/ktutil-commands.in b/crypto/heimdal/admin/ktutil-commands.in index fc5d1bf2e15..dffcb8c2dd1 100644 --- a/crypto/heimdal/admin/ktutil-commands.in +++ b/crypto/heimdal/admin/ktutil-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: ktutil-commands.in 14793 2005-04-14 16:45:14Z lha $ */ +/* $Id$ */ command = { name = "add" @@ -227,36 +227,17 @@ command = { min_args = "2" max_args = "2" help = "Renames an entry in the keytab." + option = { + long = "delete" + type = "-flag" + help = "don't delete orignal entry" + } } command = { - name = "srvconvert" - name = "srv2keytab" - option = { - long = "srvtab" - short = "s" - type = "string" - argument = "file" - help = "name of Kerberos 4 srvtab" - default = "/etc/srvtab" - } + name = "destroy" + function = "kt_destroy" max_args = "0" - function = "srvconv" - help = "Convert a Kerberos 4 srvtab to a keytab." -} -command = { - name = "srvcreate" - name = "key2srvtab" - option = { - long = "srvtab" - short = "s" - type = "string" - argument = "file" - help = "name of Kerberos 4 srvtab" - default = "/etc/srvtab" - } - max_args = "0" - function = "srvcreate" - help = "Convert a keytab to a Kerberos 4 srvtab." + help = "Destroy (remove) the keytab." } command = { name = "help" diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8 index 15523b43372..72a6c817250 100644 --- a/crypto/heimdal/admin/ktutil.8 +++ b/crypto/heimdal/admin/ktutil.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: ktutil.8 14792 2005-04-14 16:43:57Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd April 14, 2005 .Dt KTUTIL 8 @@ -40,12 +40,12 @@ .Sh SYNOPSIS .Nm .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc -.Op Fl v | Fl -verbose -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl v | Fl Fl verbose +.Op Fl Fl version +.Op Fl h | Fl Fl help .Ar command .Op Ar args .Sh DESCRIPTION @@ -53,72 +53,43 @@ is a program for managing keytabs. Supported options: .Bl -tag -width Ds -.It Xo -.Fl v , -.Fl -verbose -.Xc +.It Fl v , Fl Fl verbose Verbose output. .El .Pp .Ar command can be one of the following: .Bl -tag -width srvconvert -.It add Xo -.Op Fl p Ar principal -.Op Fl -principal= Ns Ar principal -.Op Fl V Ar kvno -.Op Fl -kvno= Ns Ar kvno -.Op Fl e Ar enctype -.Op Fl -enctype= Ns Ar enctype -.Op Fl w Ar password -.Op Fl -password= Ns Ar password -.Op Fl r -.Op Fl -random -.Op Fl s -.Op Fl -no-salt -.Op Fl H -.Op Fl -hex -.Xc +.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ +Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ +Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ +Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ +Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the .Ar get command, which talks to the kadmin server. -.It change Xo -.Op Fl r Ar realm -.Op Fl -realm= Ns Ar realm -.Op Fl -a Ar host -.Op Fl -admin-server= Ns Ar host -.Op Fl -s Ar port -.Op Fl -server-port= Ns Ar port -.Xc +.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ +Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ +Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will use the values specified by the options. .Pp If no principals are given, all the ones in the keytab are updated. -.It copy Xo -.Ar keytab-src -.Ar keytab-dest -.Xc +.It copy Ar keytab-src Ar keytab-dest Copies all the entries from .Ar keytab-src to .Ar keytab-dest . -.It get Xo -.Op Fl p Ar admin principal -.Op Fl -principal= Ns Ar admin principal -.Op Fl e Ar enctype -.Op Fl -enctypes= Ns Ar enctype -.Op Fl r Ar realm -.Op Fl -realm= Ns Ar realm -.Op Fl a Ar admin server -.Op Fl -admin-server= Ns Ar admin server -.Op Fl s Ar server port -.Op Fl -server-port= Ns Ar server port -.Ar principal ... -.Xc +.It get Oo Fl p Ar admin principal Oc \ +Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ +Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ +Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ +Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ +Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... For each .Ar principal , generate a new key for it (creating it if it doesn't already exist), @@ -128,69 +99,26 @@ If no .Ar realm is specified, the realm to operate on is taken from the first principal. -.It list Xo -.Op Fl -keys -.Op Fl -timestamp -.Xc +.It list Oo Fl Fl keys Oc Op Fl Fl timestamp List the keys stored in the keytab. -.It remove Xo -.Op Fl p Ar principal -.Op Fl -principal= Ns Ar principal -.Op Fl V kvno -.Op Fl -kvno= Ns Ar kvno -.Op Fl e enctype -.Op Fl -enctype= Ns Ar enctype -.Xc +.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ +Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ +Oo Fl Fl enctype= Ns Ar enctype Oc Removes the specified key or keys. Not specifying a .Ar kvno removes keys with any version number. Not specifying an .Ar enctype removes keys of any type. -.It rename Xo -.Ar from-principal -.Ar to-principal -.Xc +.It rename Ar from-principal Ar to-principal Renames all entries in the keytab that match the .Ar from-principal to .Ar to-principal . -.It purge Xo -.Op Fl -age= Ns Ar age -.Xc +.It purge Op Fl Fl age= Ns Ar age Removes all old versions of a key for which there is a newer version that is at least .Ar age (default one week) old. -.It srvconvert -.It srv2keytab Xo -.Op Fl s Ar srvtab -.Op Fl -srvtab= Ns Ar srvtab -.Xc -Converts the version 4 srvtab in -.Ar srvtab -to a version 5 keytab and stores it in -.Ar keytab . -Identical to: -.Bd -ragged -offset indent -.Li ktutil copy -.Li krb4: Ns Ar srvtab -.Ar keytab -.Ed -.It srvcreate -.It key2srvtab Xo -.Op Fl s Ar srvtab -.Op Fl -srvtab= Ns Ar srvtab -.Xc -Converts the version 5 keytab in -.Ar keytab -to a version 4 srvtab and stores it in -.Ar srvtab . -Identical to: -.Bd -ragged -offset indent -.Li ktutil copy -.Ar keytab -.Li krb4: Ns Ar srvtab -.Ed .El .Sh SEE ALSO .Xr kadmin 8 diff --git a/crypto/heimdal/admin/ktutil.c b/crypto/heimdal/admin/ktutil.c index dfcbbfd401f..27d0d587023 100644 --- a/crypto/heimdal/admin/ktutil.c +++ b/crypto/heimdal/admin/ktutil.c @@ -1,71 +1,71 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" #include -RCSID("$Id: ktutil.c 15585 2005-07-07 21:52:04Z lha $"); +RCSID("$Id$"); static int help_flag; static int version_flag; int verbose_flag; -char *keytab_string; +char *keytab_string; static char keytab_buf[256]; static struct getargs args[] = { - { + { "version", 0, arg_flag, &version_flag, NULL, - NULL - }, - { - "help", - 'h', - arg_flag, - &help_flag, - NULL, NULL }, - { - "keytab", - 'k', - arg_string, - &keytab_string, - "keytab", - "keytab to operate on" + { + "help", + 'h', + arg_flag, + &help_flag, + NULL, + NULL + }, + { + "keytab", + 'k', + arg_string, + &keytab_string, + "keytab", + "keytab to operate on" }, { "verbose", @@ -101,7 +101,7 @@ ktutil_open_keytab(void) } if (verbose_flag) fprintf (stderr, "Using keytab %s\n", keytab_string); - + return keytab; } @@ -118,8 +118,11 @@ help(void *opt, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + char shelp[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = shelp; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/crypto/heimdal/admin/ktutil_locl.h b/crypto/heimdal/admin/ktutil_locl.h index c2d5e88e532..9ecee3199be 100644 --- a/crypto/heimdal/admin/ktutil_locl.h +++ b/crypto/heimdal/admin/ktutil_locl.h @@ -1,47 +1,45 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* - * $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $ - * $FreeBSD$ +/* + * $Id$ */ #ifndef __KTUTIL_LOCL_H__ #define __KTUTIL_LOCL_H__ -#ifdef HAVE_CONFIG_H #include -#endif + #include #include #include @@ -67,7 +65,7 @@ extern krb5_context context; extern int verbose_flag; -extern char *keytab_string; +extern char *keytab_string; krb5_keytab ktutil_open_keytab(void); diff --git a/crypto/heimdal/admin/list.c b/crypto/heimdal/admin/list.c index f305ab3a803..5491aaa1a53 100644 --- a/crypto/heimdal/admin/list.c +++ b/crypto/heimdal/admin/list.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" #include -RCSID("$Id: list.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); static int do_list(struct list_options *opt, const char *keytab_str) @@ -51,7 +51,7 @@ do_list(struct list_options *opt, const char *keytab_str) char buf[1024]; keytab_str += 4; ret = 0; - while (strsep_copy((const char**)&keytab_str, ",", + while (strsep_copy((const char**)&keytab_str, ",", buf, sizeof(buf)) != -1) { if(flag) printf("\n"); @@ -76,7 +76,7 @@ do_list(struct list_options *opt, const char *keytab_str) } printf ("%s:\n\n", keytab_str); - + table = rtbl_create(); rtbl_add_column_by_id(table, 0, "Vno", RTBL_ALIGN_RIGHT); rtbl_add_column_by_id(table, 1, "Type", 0); @@ -85,15 +85,16 @@ do_list(struct list_options *opt, const char *keytab_str) rtbl_add_column_by_id(table, 3, "Date", 0); if(opt->keys_flag) rtbl_add_column_by_id(table, 4, "Key", 0); + rtbl_add_column_by_id(table, 5, "Aliases", 0); rtbl_set_separator(table, " "); - while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0){ char buf[1024], *s; snprintf(buf, sizeof(buf), "%d", entry.vno); rtbl_add_column_entry_by_id(table, 0, buf); - ret = krb5_enctype_to_string(context, + ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &s); if (ret != 0) { snprintf(buf, sizeof(buf), "unknown (%d)", entry.keyblock.keytype); @@ -107,12 +108,12 @@ do_list(struct list_options *opt, const char *keytab_str) rtbl_add_column_entry_by_id(table, 2, buf); if (opt->timestamp_flag) { - krb5_format_time(context, entry.timestamp, buf, + krb5_format_time(context, entry.timestamp, buf, sizeof(buf), FALSE); rtbl_add_column_entry_by_id(table, 3, buf); } if(opt->keys_flag) { - int i; + size_t i; s = malloc(2 * entry.keyblock.keyvalue.length + 1); if (s == NULL) { krb5_warnx(context, "malloc failed"); @@ -120,11 +121,24 @@ do_list(struct list_options *opt, const char *keytab_str) goto out; } for(i = 0; i < entry.keyblock.keyvalue.length; i++) - snprintf(s + 2 * i, 3, "%02x", + snprintf(s + 2 * i, 3, "%02x", ((unsigned char*)entry.keyblock.keyvalue.data)[i]); rtbl_add_column_entry_by_id(table, 4, s); free(s); } + if (entry.aliases) { + unsigned int i; + struct rk_strpool *p = NULL; + + for (i = 0; i< entry.aliases->len; i++) { + krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf)); + rk_strpoolprintf(p, "%s%s", buf, + i + 1 < entry.aliases->len ? ", " : ""); + + } + rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p)); + } + krb5_kt_free_entry(context, &entry); } ret = krb5_kt_end_seq_get(context, keytab, &cursor); diff --git a/crypto/heimdal/admin/purge.c b/crypto/heimdal/admin/purge.c index e928c3e22d5..b4667b38344 100644 --- a/crypto/heimdal/admin/purge.c +++ b/crypto/heimdal/admin/purge.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: purge.c 14261 2004-09-23 14:46:43Z joda $"); +RCSID("$Id$"); /* * keep track of the highest version for every principal. @@ -125,11 +125,11 @@ kt_purge(struct purge_options *opt, int argc, char **argv) goto out; } - while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) { add_entry (entry.principal, entry.vno, entry.timestamp, &head); krb5_kt_free_entry(context, &entry); } - ret = krb5_kt_end_seq_get(context, keytab, &cursor); + krb5_kt_end_seq_get(context, keytab, &cursor); judgement_day = time (NULL); @@ -139,7 +139,7 @@ kt_purge(struct purge_options *opt, int argc, char **argv) goto out; } - while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0) { struct e *e = get_entry (entry.principal, head); if (e == NULL) { diff --git a/crypto/heimdal/admin/remove.c b/crypto/heimdal/admin/remove.c index 15f88cfee66..7c30d887305 100644 --- a/crypto/heimdal/admin/remove.c +++ b/crypto/heimdal/admin/remove.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: remove.c 17004 2006-04-07 13:06:37Z lha $"); +RCSID("$Id$"); int kt_remove(struct remove_options *opt, int argc, char **argv) @@ -66,7 +66,7 @@ kt_remove(struct remove_options *opt, int argc, char **argv) } } if (!principal && !enctype && !opt->kvno_integer) { - krb5_warnx(context, + krb5_warnx(context, "You must give at least one of " "principal, enctype or kvno."); ret = EINVAL; diff --git a/crypto/heimdal/admin/rename.c b/crypto/heimdal/admin/rename.c index aea02b07507..390776dd1e1 100644 --- a/crypto/heimdal/admin/rename.c +++ b/crypto/heimdal/admin/rename.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 2001-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ktutil_locl.h" -RCSID("$Id: rename.c 14260 2004-09-23 14:45:29Z joda $"); +RCSID("$Id$"); int -kt_rename(void *opt, int argc, char **argv) +kt_rename(struct rename_options *opt, int argc, char **argv) { krb5_error_code ret = 0; krb5_keytab_entry entry; @@ -89,13 +89,15 @@ kt_rename(void *opt, int argc, char **argv) krb5_warn(context, ret, "adding entry"); break; } - entry.principal = from_princ; - ret = krb5_kt_remove_entry(context, keytab, &entry); - if(ret) { - entry.principal = NULL; - krb5_kt_free_entry(context, &entry); - krb5_warn(context, ret, "removing entry"); - break; + if (opt->delete_flag) { + entry.principal = from_princ; + ret = krb5_kt_remove_entry(context, keytab, &entry); + if(ret) { + entry.principal = NULL; + krb5_kt_free_entry(context, &entry); + krb5_warn(context, ret, "removing entry"); + break; + } } entry.principal = NULL; } diff --git a/crypto/heimdal/appl/Makefile.am b/crypto/heimdal/appl/Makefile.am index 8f2670353e0..5e4e320bcba 100644 --- a/crypto/heimdal/appl/Makefile.am +++ b/crypto/heimdal/appl/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 17775 2006-06-30 20:26:15Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -25,3 +25,5 @@ SUBDIRS = \ kx \ kf \ $(dir_dce) + +EXTRA_DIST = NTMakefile \ No newline at end of file diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in index 52834fa12dd..ad6b3f977fb 100644 --- a/crypto/heimdal/appl/Makefile.in +++ b/crypto/heimdal/appl/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 17775 2006-06-30 20:26:15Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = appl ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -101,58 +105,95 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = afsutil ftp login otp gssmask popper push rsh rcp su \ xnlock telnet test kx kf dceutils DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -176,10 +217,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -196,6 +238,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -211,31 +255,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -250,10 +308,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -294,29 +354,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la @OTP_TRUE@dir_otp = otp @DCE_TRUE@dir_dce = dceutils @@ -338,22 +403,23 @@ SUBDIRS = \ kf \ $(dir_dce) +EXTRA_DIST = NTMakefile all: all-recursive .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -371,6 +437,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -385,7 +452,7 @@ clean-libtool: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -402,7 +469,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -410,7 +477,7 @@ $(RECURSIVE_TARGETS): fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -436,16 +503,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -453,14 +520,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -472,39 +539,43 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -525,29 +596,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -581,6 +667,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -599,6 +686,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -606,23 +695,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -644,9 +741,9 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ + ctags-recursive install-am install-data-am install-exec-am \ + install-strip tags-recursive uninstall-am .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local check check-am check-local clean \ @@ -732,6 +829,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -817,7 +917,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -830,6 +930,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog index c6cfd39c04d..9825c55a6b9 100644 --- a/crypto/heimdal/appl/afsutil/ChangeLog +++ b/crypto/heimdal/appl/afsutil/ChangeLog @@ -1,4 +1,4 @@ -2007-04-11 Love Hörnquist Åstrand +2007-04-11 Love Hörnquist Ã…strand * pagsh.1,afslog.1: - options must be lexicographically ordered; again, options without arguments must be placed before options @@ -8,11 +8,11 @@ From Igor Sobrado. -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: Add man_MANS to EXTRA_DIST -2006-01-03 Love Hörnquist Åstrand +2006-01-03 Love Hörnquist Ã…strand * afslog.1: Document options to allow select principal or credential cache when doing afslog. @@ -20,7 +20,7 @@ * afslog.c: Add options to allow select principal or credential cache when doing afslog. -2005-02-12 Love Hörnquist Åstrand +2005-02-12 Love Hörnquist Ã…strand * Makefile.am: man_MANS += pagsh.1 @@ -30,12 +30,12 @@ * pagsh.1: manpage for pagsh -2004-09-03 Love Hörnquist Åstrand +2004-09-03 Love Hörnquist Ã…strand * afslog.c: use negative string help string for arg_negative_flag Pointed out by Harald Barth -2004-07-27 Love Hörnquist Åstrand +2004-07-27 Love Hörnquist Ã…strand * pagsh.c: use setprogname, if we stripped off -c, try use the fallback code @@ -44,22 +44,22 @@ * pagsh.c: mkstemp formats must end in exactly six X's -2003-07-15 Love Hörnquist Åstrand +2003-07-15 Love Hörnquist Ã…strand * afslog.c (do_afslog): is cell is unset, set it "" for error printing * pagsh.c: unconditionally set KRBTKFILE -2003-04-23 Love Hörnquist Åstrand +2003-04-23 Love Hörnquist Ã…strand * afslog.c (log_func): drop the error number -2003-04-14 Love Hörnquist Åstrand +2003-04-14 Love Hörnquist Ã…strand * afslog.c: set kafs log function if verbose is turned on -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * Makefile.am (LDADD): use LIB_kafs diff --git a/crypto/heimdal/appl/afsutil/Makefile.am b/crypto/heimdal/appl/afsutil/Makefile.am index 365897b84c0..c0ca0d50d6c 100644 --- a/crypto/heimdal/appl/afsutil/Makefile.am +++ b/crypto/heimdal/appl/afsutil/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -19,4 +19,4 @@ LDADD = $(LIB_kafs) \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in index e50ac2ea319..15968b13dba 100644 --- a/crypto/heimdal/appl/afsutil/Makefile.in +++ b/crypto/heimdal/appl/afsutil/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT) subdir = appl/afsutil ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,14 +89,14 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am_afslog_OBJECTS = afslog.$(OBJEXT) afslog_OBJECTS = $(am_afslog_OBJECTS) @@ -110,9 +115,9 @@ pagsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -124,6 +129,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES) DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 MANS = $(man_MANS) ETAGS = etags @@ -133,49 +159,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -199,10 +234,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -219,6 +255,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -234,31 +272,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -273,10 +325,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -317,30 +371,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_krb4) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la afslog_SOURCES = afslog.c pagsh_SOURCES = pagsh.c @@ -352,23 +410,23 @@ LDADD = $(LIB_kafs) \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/afsutil/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/afsutil/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/afsutil/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/afsutil/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -386,34 +444,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list afslog$(EXEEXT): $(afslog_OBJECTS) $(afslog_DEPENDENCIES) @rm -f afslog$(EXEEXT) $(LINK) $(afslog_OBJECTS) $(afslog_LDADD) $(LIBS) @@ -427,115 +501,140 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/afslog.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pagsh.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -551,13 +650,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -592,6 +695,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -601,6 +705,7 @@ clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -611,6 +716,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -618,26 +725,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -657,11 +773,10 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libtool ctags \ @@ -748,6 +863,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -833,7 +951,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -846,6 +964,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/afsutil/afslog.1 b/crypto/heimdal/appl/afsutil/afslog.1 index aa4b9d685d6..891b29a61e0 100644 --- a/crypto/heimdal/appl/afsutil/afslog.1 +++ b/crypto/heimdal/appl/afsutil/afslog.1 @@ -1,66 +1,65 @@ -.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: afslog.1 20310 2007-04-11 11:22:23Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd November 26, 2002 .Dt AFSLOG 1 .Os HEIMDAL .Sh NAME .Nm afslog -.Nd -obtain AFS tokens +.Nd obtain AFS tokens .Sh SYNOPSIS .Nm -.Op Fl h | Fl -help -.Op Fl -no-v4 -.Op Fl -no-v5 -.Op Fl u | Fl -unlog -.Op Fl v | Fl -verbose -.Op Fl -version +.Op Fl h | Fl Fl help +.Op Fl Fl no-v4 +.Op Fl Fl no-v5 +.Op Fl u | Fl Fl unlog +.Op Fl v | Fl Fl verbose +.Op Fl Fl version .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc .Oo Fl k Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .Oc .Oo Fl P Ar principal \*(Ba Xo -.Fl -principal= Ns Ar principal +.Fl Fl principal= Ns Ar principal .Xc .Oc .Bk -words .Oo Fl p Ar path \*(Ba Xo -.Fl -file= Ns Ar path +.Fl Fl file= Ns Ar path .Xc .Oc .Ek @@ -71,57 +70,57 @@ obtains AFS tokens for a number of cells. What cells to get tokens for can either be specified as an explicit list, as file paths to get tokens for, or be left unspecified, in which case .Nm -will use whatever magic +will use whatever magic .Xr krb_afslog 3 decides upon. .Pp Supported options: .Bl -tag -width Ds -.It Fl -no-v4 +.It Fl Fl no-v4 This makes .Nm not try using Kerberos 4. -.It Fl -no-v5 +.It Fl Fl no-v5 This makes .Nm not try using Kerberos 5. .It Xo .Fl P Ar principal , -.Fl -principal Ar principal +.Fl Fl principal Ar principal .Xc select what Kerberos 5 principal to use. -.It Fl -cache Ar cache +.It Fl Fl cache Ar cache select what Kerberos 5 credential cache to use. -.Fl -principal +.Fl Fl principal overrides this option. .It Xo .Fl u , -.Fl -unlog +.Fl Fl unlog .Xc Destroy tokens instead of obtaining new. If this is specified, all other options are ignored (except for -.Fl -help +.Fl Fl help and -.Fl -version ) . +.Fl Fl version ) . .It Xo .Fl v , -.Fl -verbose +.Fl Fl verbose .Xc Adds more verbosity for what is actually going on. .It Xo .Fl c Ar cell, -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc This specified one or more cell names to get tokens for. .It Xo .Fl k Ar realm , -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc This is the Kerberos realm the AFS servers live in, this should normally not be specified. .It Xo .Fl p Ar path , -.Fl -file= Ns Ar path +.Fl Fl file= Ns Ar path .Xc This specified one or more file paths for which tokens should be obtained. @@ -132,22 +131,22 @@ Instead of using and .Fl p , you may also pass a list of cells and file paths after any other -options. These arguments are considered files if they are either +options. These arguments are considered files if they are either the strings .Do . Dc or -.Dq .. +.Dq .. or they contain a slash, or if there exists a file by that name. .Sh EXAMPLES -Assuming that there is no file called +Assuming that there is no file called .Dq openafs.org -in the current directory, and that +in the current directory, and that .Pa /afs/openafs.org points to that cell, the follwing should be identical: .Bd -literal -offset indent $ afslog -c openafs.org $ afslog openafs.org $ afslog /afs/openafs.org/some/file -.Ed +.Ed .Sh SEE ALSO .Xr krb_afslog 3 diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c index 6ca5b207499..bd6807d0186 100644 --- a/crypto/heimdal/appl/afsutil/afslog.c +++ b/crypto/heimdal/appl/afsutil/afslog.c @@ -1,47 +1,44 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: afslog.c 16438 2006-01-03 09:27:54Z lha $"); +RCSID("$Id$"); #endif #include #ifdef KRB5 #include #endif -#ifdef KRB4 -#include -#endif #include #include #include @@ -54,9 +51,6 @@ static char *realm; static getarg_strings files; static int unlog_flag; static int verbose; -#ifdef KRB4 -static int use_krb4 = 1; -#endif #ifdef KRB5 static char *client_string; static char *cache_string; @@ -68,9 +62,6 @@ struct getargs args[] = { { "file", 'p', arg_strings, &files, "files to get tokens for", "path" }, { "realm", 'k', arg_string, &realm, "realm for afs cell", "realm" }, { "unlog", 'u', arg_flag, &unlog_flag, "remove tokens" }, -#ifdef KRB4 - { "v4", 0, arg_negative_flag, &use_krb4, "don't use Kerberos 4" }, -#endif #ifdef KRB5 { "principal",'P',arg_string,&client_string,"principal to use","principal"}, { "cache", 0, arg_string, &cache_string, "ccache to use", "cache"}, @@ -189,9 +180,9 @@ afslog_file(const char *path) static int do_afslog(const char *cell) { - int k5ret, k4ret; + int k5ret; - k5ret = k4ret = 0; + k5ret = 0; #ifdef KRB5 if(context != NULL && id != NULL && use_krb5) { @@ -199,25 +190,14 @@ do_afslog(const char *cell) if(k5ret == 0) return 0; } -#endif -#if KRB4 - if (use_krb4) { - k4ret = krb_afslog(cell, realm); - if(k4ret == 0) - return 0; - } #endif if (cell == NULL) cell = ""; #ifdef KRB5 if (k5ret) - warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret)); + krb5_warn(context, k5ret, "krb5_afslog(%s)", cell); #endif -#ifdef KRB4 - if (k4ret) - warnx("krb_afslog(%s): %s", cell, krb_get_err_text(k4ret)); -#endif - if (k5ret || k4ret) + if (k5ret) return 1; return 0; } @@ -237,7 +217,7 @@ main(int argc, char **argv) int ret = 0; int failed = 0; struct cell_list *p; - + setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optind)) @@ -266,7 +246,7 @@ main(int argc, char **argv) ret = krb5_parse_name(context, client_string, &client); if (ret == 0) - ret = krb5_cc_cache_match(context, client, NULL, &id); + ret = krb5_cc_cache_match(context, client, &id); if (ret) id = NULL; } @@ -306,7 +286,7 @@ main(int argc, char **argv) afslog_file(argv[i]); else afslog_cell(argv[i], 1); - } + } if(num == 0) { if(do_afslog(NULL)) failed++; diff --git a/crypto/heimdal/appl/afsutil/pagsh.1 b/crypto/heimdal/appl/afsutil/pagsh.1 index c3e93d440e7..7d5ac81428b 100644 --- a/crypto/heimdal/appl/afsutil/pagsh.1 +++ b/crypto/heimdal/appl/afsutil/pagsh.1 @@ -1,79 +1,80 @@ -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: pagsh.1 20311 2007-04-11 11:27:51Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd February 12, 2005 .Dt PAGSH 1 .Os Heimdal .Sh NAME .Nm pagsh -.Nd -creates a new credential cache sandbox +.Nd creates a new credential cache sandbox .Sh SYNOPSIS .Nm -.Op Fl c -.Op Fl h | Fl -help -.Op Fl -version -.Op Fl -cache-type= Ns Ar string +.Op Fl c Ar command-string +.Op Fl h | Fl Fl help +.Op Fl Fl version +.Op Fl Fl cache-type= Ns Ar string .Ar command [args...] .Sh DESCRIPTION Supported options: .Bl -tag -width Ds .It Xo -.Fl c +.Fl c Ar command-string +Executes command(s) contained in +.Ar command-string . .Xc .It Xo -.Fl -cache-type= Ns Ar string +.Fl Fl cache-type= Ns Ar string .Xc .It Xo .Fl h , -.Fl -help +.Fl Fl help .Xc .It Xo -.Fl -version +.Fl Fl version .Xc .El .Pp .Nm creates a new credential cache sandbox for the user to live in. If AFS is installed on the computer, the user is put in a newly -created PAG. +created Process Authentication Group (PAG). .Pp For Kerberos 5, the credential cache type that is used is the same as the credential cache type that was used at the time of .Nm invocation. The credential cache type can be controlled by the option -.Fl -cache-type . +.Fl Fl cache-type . .Sh EXAMPLES Create a new sandbox where new credentials can be used, while the old credentials can be used by other processes. @@ -89,4 +90,5 @@ $ klist klist: No ticket file: /tmp/krb5cc_03014a .Ed .Sh SEE ALSO -.Xr afslog 1 +.Xr afslog 1 , +.Xr kinit 1 diff --git a/crypto/heimdal/appl/afsutil/pagsh.c b/crypto/heimdal/appl/afsutil/pagsh.c index d975fad1143..bfc5dce87f8 100644 --- a/crypto/heimdal/appl/afsutil/pagsh.c +++ b/crypto/heimdal/appl/afsutil/pagsh.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -35,7 +35,7 @@ #include #endif -RCSID("$Id: pagsh.c 14574 2005-02-12 14:23:28Z lha $"); +RCSID("$Id$"); #include #include @@ -55,9 +55,6 @@ RCSID("$Id: pagsh.c 14574 2005-02-12 14:23:28Z lha $"); #ifdef KRB5 #include #endif -#ifdef KRB4 -#include -#endif #include #include @@ -106,7 +103,7 @@ main(int argc, char **argv) char *path; char **args; - int i; + unsigned int i; int optind = 0; setprogname(argv[0]); @@ -124,7 +121,6 @@ main(int argc, char **argv) #ifdef KRB5 { - const krb5_cc_ops *type; krb5_error_code ret; krb5_context context; krb5_ccache id; @@ -134,29 +130,7 @@ main(int argc, char **argv) if (ret) /* XXX should this really call exit ? */ errx(1, "no kerberos 5 support"); - if (typename_arg == NULL) { - char *s; - - name = krb5_cc_default_name(context); - if (name == NULL) - krb5_errx(context, 1, "Failed getting default " - "credential cache type"); - - typename_arg = strdup(name); - if (typename_arg == NULL) - errx(1, "strdup"); - - s = strchr(typename_arg, ':'); - if (s) - *s = '\0'; - } - - type = krb5_cc_get_prefix_ops(context, typename_arg); - if (type == NULL) - krb5_err(context, 1, ret, "Failed getting ops for %s " - "credential cache", typename_arg); - - ret = krb5_cc_gen_new(context, type, &id); + ret = krb5_cc_new_unique(context, typename_arg, NULL, &id); if (ret) krb5_err(context, 1, ret, "Failed generating credential cache"); @@ -164,7 +138,7 @@ main(int argc, char **argv) if (name == NULL) krb5_errx(context, 1, "Generated credential cache have no name"); - snprintf(tf, sizeof(tf), "%s:%s", typename_arg, name); + snprintf(tf, sizeof(tf), "%s:%s", krb5_cc_get_type(context, id), name); ret = krb5_cc_close(context, id); if (ret) @@ -190,11 +164,13 @@ main(int argc, char **argv) if (args == NULL) errx (1, "Out of memory allocating %lu bytes", (unsigned long)((argc + 10)*sizeof(char *))); - + if(*argv == NULL) { path = getenv("SHELL"); if(path == NULL){ struct passwd *pw = k_getpwuid(geteuid()); + if (pw == NULL) + errx(1, "no such user: %d", (int)geteuid()); path = strdup(pw->pw_shell); } } else { @@ -202,7 +178,7 @@ main(int argc, char **argv) } if (path == NULL) errx (1, "Out of memory copying path"); - + p=strrchr(path, '/'); if(p) args[i] = strdup(p+1); @@ -211,7 +187,7 @@ main(int argc, char **argv) if (args[i++] == NULL) errx (1, "Out of memory copying arguments"); - + while(*argv) args[i++] = *argv++; @@ -224,7 +200,7 @@ main(int argc, char **argv) execvp(path, args); if (errno == ENOENT || c_flag) { char **sh_args = malloc ((i + 2) * sizeof(char *)); - int j; + unsigned int j; if (sh_args == NULL) errx (1, "Out of memory copying sh arguments"); diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog index 139e193d054..72df672d698 100644 --- a/crypto/heimdal/appl/ftp/ChangeLog +++ b/crypto/heimdal/appl/ftp/ChangeLog @@ -1,8 +1,24 @@ -2007-07-12 Love Hörnquist Åstrand +2008-05-29 Love Hörnquist Ã…strand + + * ftp/ftp.c: use the correct length to munmap and use msync. + +2008-05-28 Love Hörnquist Ã…strand + + * ftp/ftp.c: Rewrite sliding window code so it doesn't have a + integer overrun. + + * ftp/ftp.c: Try sliding mmap window over memory file (10MB + window), works better with larger files (ie doesn't fail). + +2008-04-10 Love Hörnquist Ã…strand + + * ftpd/logwtmp.c: Use asl for logging ftpd wtmp messages. + +2007-07-12 Love Hörnquist Ã…strand * ftp/gssapi.c: Fix pointer vs strict alias rules. -2007-06-20 Love Hörnquist Åstrand +2007-06-20 Love Hörnquist Ã…strand * ftp/security.c: if no mech have no session, its ok, just don't call it. @@ -11,20 +27,20 @@ * move ksetpag after initgroups to make it work on Linux when its without syscall hooks to change sys_setgroups preserve the - pag. From Alexsander Boström. + pag. From Alexsander Boström. -2007-06-09 Love Hörnquist Åstrand +2007-06-09 Love Hörnquist Ã…strand * ftpd/Makefile.am: don't clean yacc/lex files in CLEANFILES, maintainers clean will do that for us. -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * ftpd/Makefile.am: Add man_MANS to EXTRA_DIST * ftp/Makefile.am: Add man_MANS to EXTRA_DIST -2006-08-08 Love Hörnquist Åstrand +2006-08-08 Love Hörnquist Ã…strand * ftpd/ftpd.c: Add comment by seteuid call isn't not needed. @@ -32,16 +48,16 @@ advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084. -2006-06-27 Love Hörnquist Åstrand +2006-06-27 Love Hörnquist Ã…strand * ftpd/gss_userok.c (gss_userok): create a local krb5_context and use that instead of the libgssapi context (that might not exist). -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand * Rename u_intXX_t to uintXX_t -2006-03-23 Love Hörnquist Åstrand +2006-03-23 Love Hörnquist Ã…strand * ftp/ftp.1: Add undocument flags and spelling, from Ted Percival @@ -51,7 +67,7 @@ * ftpd/ftpd.8: fix grammar in --no-insecure-oob option (partly from Thomas Klausner) -2006-01-24 Love Hörnquist Åstrand +2006-01-24 Love Hörnquist Ã…strand * ftp/ftp.c: Indent. @@ -59,20 +75,20 @@ * ftpd/ftpd.c (pass): remove unused variable in the !OTP case -2005-10-22 Love Hörnquist Åstrand +2005-10-22 Love Hörnquist Ã…strand * ftpd/ls.c: Check return value from asprintf instead of string != - NULL since it undefined behavior on Linux. From Björn Sandell + NULL since it undefined behavior on Linux. From Björn Sandell * ftpd/gss_userok.c: Check return value from asprintf instead of - string != NULL since it undefined behavior on Linux. From Björn + string != NULL since it undefined behavior on Linux. From Björn Sandell * ftpd/ftpd.c: Check return value from asprintf instead of string - != NULL since it undefined behavior on Linux. From Björn Sandell + != NULL since it undefined behavior on Linux. From Björn Sandell * ftp/gssapi.c: Check return value from asprintf instead of string - != NULL since it undefined behavior on Linux. From Björn Sandell + != NULL since it undefined behavior on Linux. From Björn Sandell 2005-10-12 Johan Danielsson @@ -95,7 +111,7 @@ * ftp/main.c: add -x (encrypt) option -2005-07-19 Love Hörnquist Åstrand +2005-07-19 Love Hörnquist Ã…strand * ftpd/ftpcmd.y: Fix shadow warning. @@ -108,11 +124,11 @@ * ftp/cmds.c: fix shadow warnings - * Add Kerberos 5 klist, old patch from Tomas Nyström (remove krb4 + * Add Kerberos 5 klist, old patch from Tomas Nyström (remove krb4 support). Support klist in client for kerberos 5 clase. Clean up delegation of gss tokens and do afslog. -2005-07-13 Love Hörnquist Åstrand +2005-07-13 Love Hörnquist Ã…strand * ftp/gssapi.c (gss_adat): avoid leaking memory (gss_auth): always try next kname if there is one, independant of @@ -121,7 +137,7 @@ * ftp/gssapi.c: avoid const warning, use sin4 instead of sin to avoid shadow warning, free target_name -2005-07-09 Love Hörnquist Åstrand +2005-07-09 Love Hörnquist Ã…strand * ftp/security.c: keep track of if CCC was passed @@ -130,12 +146,12 @@ * ftpd/ftpcmd.y: sprinkel check_secure, check if CCC was passed in check_secure -2005-06-02 Love Hörnquist Åstrand +2005-06-02 Love Hörnquist Ã…strand * ftpd/ftpd.c (filename_check): change signednes of p to avoid warning, move typecasts -2005-05-29 Love Hörnquist Åstrand +2005-05-29 Love Hörnquist Ã…strand * ftpd/ftpd.c: avoid 'unused variable' warnings @@ -143,45 +159,45 @@ * ftpd/pathnames.h: #ifdef protect _PATH_ISSUE -2005-04-25 Love Hörnquist Åstrand +2005-04-25 Love Hörnquist Ã…strand * ftp/domacro.c: handle string trunctions -2005-04-24 Love Hörnquist Åstrand +2005-04-24 Love Hörnquist Ã…strand * ftp/security.c: use strlcat * ftp/domacro.c: use strlcpy -2005-04-20 Love Hörnquist Åstrand +2005-04-20 Love Hörnquist Ã…strand * ftp/security.c: cast size_t to unsigned long -2005-04-18 Love Hörnquist Åstrand +2005-04-18 Love Hörnquist Ã…strand * ftpd/ftpd.c (statcmd): cast argument to isdigit to unsigned char * ftp/cmds.c (mget): cast char to unsigned char to make sure its not negative when passing it to tolower -2005-04-07 Love Hörnquist Åstrand +2005-04-07 Love Hörnquist Ã…strand * ftp/ftp.c: fix 3 'var' might be used uninitialized warnings -2005-04-04 Love Hörnquist Åstrand +2005-04-04 Love Hörnquist Ã…strand * ftp/cmds.c: MacOS is also a unix that doesn't define __unix__/unix While here, rewrite this part of the function to not modify that string, but rather take a copy of it and them modify is, all this just to pacify gcc -2005-01-09 Love Hörnquist Åstrand +2005-01-09 Love Hörnquist Ã…strand * ftp/domacro.c: cast argument to is* to unsigned char * ftp/ftp.c: cast argument to tolower to unsigned char -2004-08-20 Love Hörnquist Åstrand +2004-08-20 Love Hörnquist Ã…strand * ftp/ftp.c: send ABOR protect with security layer if its there @@ -200,16 +216,16 @@ * ftp/main.c: reverse help strings for --no-gss-bindings and --no-gss-delegate -2004-06-20 Love Hörnquist Åstrand +2004-06-20 Love Hörnquist Ã…strand * ftpd/ftpcmd.y: make cbuf 64k to handle lager tickets From: MAAAAA MOOOR -2004-03-14 Love Hörnquist Åstrand +2004-03-14 Love Hörnquist Ã…strand * ftpd/ftpd.c (main): setpag if there is krb4 OR krb5 support -2003-12-19 Love Hörnquist Åstrand +2003-12-19 Love Hörnquist Ã…strand * ftp/security.h: add ftp_do_gss_delegate @@ -217,13 +233,13 @@ * ftp/gssapi.c (ftp_do_gss_delegate): delegate creds (default on) -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * ftp/ftp.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ * ftp/cmds.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ -2003-07-19 Love Hörnquist Åstrand +2003-07-19 Love Hörnquist Ã…strand * ftp/security.h: add ftp_do_gss_bindings @@ -246,7 +262,7 @@ * ftp/gssapi.c (gss_adat): fix name allocation bug -2003-05-21 Love Hörnquist Åstrand +2003-05-21 Love Hörnquist Ã…strand * ftpd/gss_userok.c (gss_userok): release delegated cred handle @@ -256,12 +272,12 @@ * ftpd/gss_userok.c (gss_userok): remove poking inside the delegated handle -2003-05-14 Love Hörnquist Åstrand +2003-05-14 Love Hörnquist Ã…strand * ftpd/ftpcmd.y: support afslog and afslog when compiled with krb5 -2003-05-07 Love Hörnquist Åstrand +2003-05-07 Love Hörnquist Ã…strand * ftp/cmdtab.c: include afslog in both the krb4 and krb5 case @@ -269,21 +285,21 @@ * ftp/Makefile.am: always include auth.c -2003-05-07 Love Hörnquist Åstrand +2003-05-07 Love Hörnquist Ã…strand * ftpd/Makefile.am: always include auth.c * ftpd/kauth.c: do afslog in the krb5 case too -2003-04-22 Love Hörnquist Åstrand +2003-04-22 Love Hörnquist Ã…strand * ftp/ftp.1: replace > with \*[Gt] -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * ftpd/ftpd.c: make sure argument to is* functions are unsigned -2003-04-06 Love Hörnquist Åstrand +2003-04-06 Love Hörnquist Ã…strand * ftpd/ftpd.8: s/kerberos/Kerberos/ @@ -291,7 +307,7 @@ * ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag (its done in main) @@ -305,17 +321,17 @@ * ftpd/ftpd_locl.h: always include kafs -2003-03-16 Love Hörnquist Åstrand +2003-03-16 Love Hörnquist Ã…strand * ftp/gssapi.c (gss_adat): now that gss_export_name exports a principal, bandaid with gss_display_name, and check that oid is GSS_KRB5_NT_PRINCIPAL_NAME, also free memory -2003-02-25 Love Hörnquist Åstrand +2003-02-25 Love Hörnquist Ã…strand * ftp/gssapi.c (gss_auth): print out the name we authenticated too -2003-02-25 Love Hörnquist Åstrand +2003-02-25 Love Hörnquist Ã…strand * ftpd/ls.c: use readlink with bufsize - 1, From NetBSD @@ -329,7 +345,7 @@ 2002-10-29 Johan Danielsson - * ftp/main.c: reinstate -n flag (from Torbjörn Granlund) + * ftp/main.c: reinstate -n flag (from Torbjörn Granlund) 2002-10-16 Johan Danielsson diff --git a/crypto/heimdal/appl/ftp/Makefile.am b/crypto/heimdal/appl/ftp/Makefile.am index 44116ee34a8..efea85d0e59 100644 --- a/crypto/heimdal/appl/ftp/Makefile.am +++ b/crypto/heimdal/appl/ftp/Makefile.am @@ -1,5 +1,7 @@ -# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $ +# $Id$ include $(top_srcdir)/Makefile.am.common SUBDIRS = common ftp ftpd + +EXTRA_DIST = NTMakefile \ No newline at end of file diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in index 3bb9eda715a..9930a95bbd0 100644 --- a/crypto/heimdal/appl/ftp/Makefile.in +++ b/crypto/heimdal/appl/ftp/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = appl/ftp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -101,57 +105,94 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -175,10 +216,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -195,6 +237,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -210,31 +254,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -249,10 +307,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -293,47 +353,53 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la SUBDIRS = common ftp ftpd +EXTRA_DIST = NTMakefile all: all-recursive .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/ftp/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/ftp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -351,6 +417,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -365,7 +432,7 @@ clean-libtool: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -382,7 +449,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -390,7 +457,7 @@ $(RECURSIVE_TARGETS): fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -416,16 +483,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -433,14 +500,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -452,39 +519,43 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -505,29 +576,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -561,6 +647,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -579,6 +666,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -586,23 +675,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -624,9 +721,9 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ + ctags-recursive install-am install-data-am install-exec-am \ + install-strip tags-recursive uninstall-am .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local check check-am check-local clean \ @@ -712,6 +809,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -797,7 +897,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -810,6 +910,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/ftp/common/Makefile.am b/crypto/heimdal/appl/ftp/common/Makefile.am index 304fcd15683..1b0ebf2bfcb 100644 --- a/crypto/heimdal/appl/ftp/common/Makefile.am +++ b/crypto/heimdal/appl/ftp/common/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -10,3 +10,5 @@ libcommon_a_SOURCES = \ sockbuf.c \ buffer.c \ common.h + +EXTRA_DIST = NTMakefile \ No newline at end of file diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in index 1c5338a7b8c..f3ec619cf3d 100644 --- a/crypto/heimdal/appl/ftp/common/Makefile.in +++ b/crypto/heimdal/appl/ftp/common/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -44,7 +46,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = appl/ftp/common ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -59,7 +61,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -73,9 +75,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -83,21 +88,22 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) ARFLAGS = cru libcommon_a_AR = $(AR) $(ARFLAGS) libcommon_a_LIBADD = am_libcommon_a_OBJECTS = sockbuf.$(OBJEXT) buffer.$(OBJEXT) libcommon_a_OBJECTS = $(am_libcommon_a_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -116,49 +122,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -182,10 +197,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -202,6 +218,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -217,31 +235,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -256,10 +288,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -300,30 +334,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_krb4) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la noinst_LIBRARIES = libcommon.a libcommon_a_SOURCES = \ @@ -331,22 +369,23 @@ libcommon_a_SOURCES = \ buffer.c \ common.h +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/common/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/ftp/common/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/common/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/ftp/common/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -364,6 +403,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) @@ -378,14 +418,29 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffer.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sockbuf.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -398,45 +453,49 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -457,13 +516,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -495,6 +558,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -505,6 +569,7 @@ clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -515,6 +580,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -522,26 +589,35 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -561,9 +637,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \ @@ -648,6 +723,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -733,7 +811,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -746,6 +824,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/ftp/common/buffer.c b/crypto/heimdal/appl/ftp/common/buffer.c index 3bca113663e..fca90ce31b0 100644 --- a/crypto/heimdal/appl/ftp/common/buffer.c +++ b/crypto/heimdal/appl/ftp/common/buffer.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -36,7 +36,7 @@ #include #include "roken.h" -RCSID("$Id: buffer.c 9129 2000-10-23 04:49:25Z joda $"); +RCSID("$Id$"); /* * Allocate a buffer enough to handle st->st_blksize, if diff --git a/crypto/heimdal/appl/ftp/common/common.h b/crypto/heimdal/appl/ftp/common/common.h index 76168596dce..e6621dd685f 100644 --- a/crypto/heimdal/appl/ftp/common/common.h +++ b/crypto/heimdal/appl/ftp/common/common.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: common.h 7463 1999-12-02 16:58:55Z joda $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/crypto/heimdal/appl/ftp/common/sockbuf.c b/crypto/heimdal/appl/ftp/common/sockbuf.c index bb9068afc0b..bb2a5fd7905 100644 --- a/crypto/heimdal/appl/ftp/common/sockbuf.c +++ b/crypto/heimdal/appl/ftp/common/sockbuf.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -39,16 +39,30 @@ #include #endif -RCSID("$Id: sockbuf.c 7463 1999-12-02 16:58:55Z joda $"); +RCSID("$Id$"); void set_buffer_size(int fd, int read) { #if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT) - size_t size = 4194304; - while(size >= 131072 && - setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, - (void *)&size, sizeof(size)) < 0) + int size = 4194304; + int optname = read ? SO_RCVBUF : SO_SNDBUF; + +#ifdef HAVE_GETSOCKOPT + int curr=0; + socklen_t optlen; + + optlen = sizeof(curr); + if(getsockopt(fd, SOL_SOCKET, optname, (void *)&curr, &optlen) == 0) { + if(curr >= size) { + /* Already large enough */ + return; + } + } +#endif /* HAVE_GETSOCKOPT */ + + while(size >= 131072 && + setsockopt(fd, SOL_SOCKET, optname, (void *)&size, sizeof(size)) < 0) size /= 2; #endif } diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.am b/crypto/heimdal/appl/ftp/ftp/Makefile.am index 24679dc5599..e47580dfc18 100644 --- a/crypto/heimdal/appl/ftp/ftp/Makefile.am +++ b/crypto/heimdal/appl/ftp/ftp/Makefile.am @@ -1,16 +1,13 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) $(INCLUDE_hcrypto) +AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_hcrypto) bin_PROGRAMS = ftp CHECK_LOCAL = -if KRB4 -krb4_sources = krb4.c -endif if KRB5 krb5_sources = gssapi.c endif @@ -30,10 +27,9 @@ ftp_SOURCES = \ security.c \ security.h \ kauth.c \ - $(krb4_sources) \ $(krb5_sources) -EXTRA_ftp_SOURCES = krb4.c gssapi.c +EXTRA_ftp_SOURCES = gssapi.c man_MANS = ftp.1 @@ -41,9 +37,8 @@ LDADD = \ ../common/libcommon.a \ $(LIB_gssapi) \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_roken) \ $(LIB_readline) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in index 431d087fec7..bd3810b3688 100644 --- a/crypto/heimdal/appl/ftp/ftp/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftp/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ bin_PROGRAMS = ftp$(EXEEXT) subdir = appl/ftp/ftp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,33 +89,32 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am__ftp_SOURCES_DIST = cmds.c cmdtab.c extern.h ftp.c ftp_locl.h \ ftp_var.h main.c pathnames.h ruserpass.c domacro.c globals.c \ - security.c security.h kauth.c krb4.c gssapi.c -@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) -@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) + security.c security.h kauth.c gssapi.c +@KRB5_TRUE@am__objects_1 = gssapi.$(OBJEXT) am_ftp_OBJECTS = cmds.$(OBJEXT) cmdtab.$(OBJEXT) ftp.$(OBJEXT) \ main.$(OBJEXT) ruserpass.$(OBJEXT) domacro.$(OBJEXT) \ globals.$(OBJEXT) security.$(OBJEXT) kauth.$(OBJEXT) \ - $(am__objects_1) $(am__objects_2) + $(am__objects_1) ftp_OBJECTS = $(am_ftp_OBJECTS) ftp_LDADD = $(LDADD) am__DEPENDENCIES_1 = ftp_DEPENDENCIES = ../common/libcommon.a $(LIB_gssapi) $(LIB_krb5) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -122,6 +126,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(ftp_SOURCES) $(EXTRA_ftp_SOURCES) DIST_SOURCES = $(am__ftp_SOURCES_DIST) $(EXTRA_ftp_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 MANS = $(man_MANS) ETAGS = etags @@ -131,49 +156,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -197,10 +231,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -217,6 +252,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -232,31 +269,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -271,10 +322,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -315,34 +368,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4) \ - $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/../common \ + $(INCLUDE_readline) $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = -@KRB4_TRUE@krb4_sources = krb4.c @KRB5_TRUE@krb5_sources = gssapi.c ftp_SOURCES = \ cmds.c \ @@ -359,37 +415,35 @@ ftp_SOURCES = \ security.c \ security.h \ kauth.c \ - $(krb4_sources) \ $(krb5_sources) -EXTRA_ftp_SOURCES = krb4.c gssapi.c +EXTRA_ftp_SOURCES = gssapi.c man_MANS = ftp.1 LDADD = \ ../common/libcommon.a \ $(LIB_gssapi) \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_roken) \ $(LIB_readline) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftp/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftp/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/ftp/ftp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -407,34 +461,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list ftp$(EXEEXT): $(ftp_OBJECTS) $(ftp_DEPENDENCIES) @rm -f ftp$(EXEEXT) $(LINK) $(ftp_OBJECTS) $(ftp_LDADD) $(LIBS) @@ -445,115 +515,148 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmds.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmdtab.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/domacro.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/globals.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kauth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ruserpass.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/security.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -569,13 +672,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -610,6 +717,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -619,6 +727,7 @@ clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -629,6 +738,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -636,26 +747,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -675,11 +795,10 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libtool ctags \ @@ -766,6 +885,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -851,7 +973,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -864,6 +986,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/ftp/ftp/cmds.c b/crypto/heimdal/appl/ftp/ftp/cmds.c index 86f4ff45a66..dbd5d581ee3 100644 --- a/crypto/heimdal/appl/ftp/ftp/cmds.c +++ b/crypto/heimdal/appl/ftp/ftp/cmds.c @@ -36,7 +36,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: cmds.c 15673 2005-07-19 18:19:33Z lha $"); +RCSID("$Id$"); typedef void (*sighand)(int); @@ -189,7 +189,7 @@ setpeer(int argc, char **argv) unix_proxy = 0; else unix_server = 0; - if (overbose && + if (overbose && !strncmp(reply_string, "215 TOPS20", 10)) printf( "Remember to set tenex mode when transfering binary files from this machine.\n"); @@ -682,15 +682,15 @@ getit(int argc, char **argv, int restartit, char *filemode) tm->tm_year += 1900; if ((tm->tm_year > yy) || - (tm->tm_year == yy && + (tm->tm_year == yy && tm->tm_mon > mo) || - (tm->tm_mon == mo && + (tm->tm_mon == mo && tm->tm_mday > day) || - (tm->tm_mday == day && + (tm->tm_mday == day && tm->tm_hour > hour) || - (tm->tm_hour == hour && + (tm->tm_hour == hour && tm->tm_min > min) || - (tm->tm_min == min && + (tm->tm_min == min && tm->tm_sec > sec)) return (1); } @@ -868,7 +868,7 @@ status(int argc, char **argv) sec_status(); printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n", modename, typename, formname, structname); - printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", + printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", onoff(verbose), onoff(bell), onoff(interactive), onoff(doglob)); printf("Store unique: %s; Receive unique: %s\n", onoff(sunique), @@ -987,7 +987,7 @@ setprompt(int argc, char **argv) void setglob(int argc, char **argv) { - + doglob = !doglob; printf("Globbing %s.\n", onoff(doglob)); code = doglob; @@ -1171,7 +1171,7 @@ ls(int argc, char **argv) return; } if (strcmp(argv[2], "-") && *argv[2] != '|') - if (!globulize(&argv[2]) || !confirm("output to local-file:", + if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) { code = -1; return; @@ -1237,7 +1237,7 @@ shell(int argc, char **argv) { pid_t pid; RETSIGTYPE (*old1)(int), (*old2)(int); - char shellnam[40], *shellpath, *namep; + char shellnam[40], *shellpath, *namep; int waitstatus; old1 = signal (SIGINT, SIG_IGN); @@ -1759,6 +1759,11 @@ setnmap(int argc, char **argv) mapflag = 1; code = 1; cp = strchr(altarg, ' '); + if (cp == NULL) { + printf("Usage: %s missing space\n",argv[0]); + code = -1; + return; + } if (proxy) { while(*++cp == ' ') continue; @@ -1833,7 +1838,7 @@ domap(char *name) break; case '[': LOOP: - if (*++cp2 == '$' && isdigit((unsigned char)*(cp2+1))) { + if (*++cp2 == '$' && isdigit((unsigned char)*(cp2+1))) { if (*++cp2 == '0') { char *cp3 = name; @@ -1852,7 +1857,7 @@ LOOP: } } else { - while (*cp2 && *cp2 != ',' && + while (*cp2 && *cp2 != ',' && *cp2 != ']') { if (*cp2 == '\\') { cp2++; @@ -2137,7 +2142,7 @@ klist(int argc, char **argv) code = -1; return; } - + ret = command("SITE KLIST"); code = (ret == COMPLETE); } diff --git a/crypto/heimdal/appl/ftp/ftp/cmdtab.c b/crypto/heimdal/appl/ftp/ftp/cmdtab.c index 1c65e715895..7b4c3294253 100644 --- a/crypto/heimdal/appl/ftp/ftp/cmdtab.c +++ b/crypto/heimdal/appl/ftp/ftp/cmdtab.c @@ -106,17 +106,10 @@ char verbosehelp[] = "toggle verbose mode"; char prothelp[] = "set protection level"; char prothelp_c[] = "set command protection level"; -#ifdef KRB4 -char kauthhelp[] = "get remote tokens"; -#endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) char klisthelp[] = "show remote tickets"; #endif -#ifdef KRB4 -char kdestroyhelp[] = "destroy remote tickets"; -char krbtkfilehelp[] = "set filename of remote tickets"; -#endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) char afsloghelp[] = "obtain remote AFS tokens"; #endif @@ -197,20 +190,13 @@ struct cmd cmdtab[] = { { "protect", prothelp, 0, 1, 0, sec_prot }, /* what MIT uses */ { "cprotect", prothelp_c, 0, 1, 1, sec_prot_command }, -#ifdef KRB4 - { "kauth", kauthhelp, 0, 1, 0, kauth }, -#endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) { "klist", klisthelp, 0, 1, 0, klist }, #endif -#ifdef KRB4 - { "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy }, - { "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile }, -#endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) { "afslog", afsloghelp, 0, 1, 0, afslog }, #endif - + { 0 }, }; diff --git a/crypto/heimdal/appl/ftp/ftp/domacro.c b/crypto/heimdal/appl/ftp/ftp/domacro.c index f0be87a0531..4311d69e02c 100644 --- a/crypto/heimdal/appl/ftp/ftp/domacro.c +++ b/crypto/heimdal/appl/ftp/ftp/domacro.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: domacro.c 14951 2005-04-25 13:09:26Z lha $"); +RCSID("$Id$"); void domacro(int argc, char **argv) diff --git a/crypto/heimdal/appl/ftp/ftp/extern.h b/crypto/heimdal/appl/ftp/ftp/extern.h index a38ccd9518d..ee5184957fb 100644 --- a/crypto/heimdal/appl/ftp/ftp/extern.h +++ b/crypto/heimdal/appl/ftp/ftp/extern.h @@ -33,7 +33,7 @@ * @(#)extern.h 8.3 (Berkeley) 10/9/94 */ -/* $Id: extern.h 9075 2000-09-19 13:15:12Z assar $ */ +/* $Id$ */ #include #include @@ -117,7 +117,7 @@ void reset (int, char **); void restart (int, char **); void rmthelp (int, char **); void rmtstatus (int, char **); -int ruserpass (char *, char **, char **, char **); +int ruserpassword (char *, char **, char **, char **); void sendrequest (char *, char *, char *, char *, int); void setascii (int, char **); void setbell (int, char **); diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.1 b/crypto/heimdal/appl/ftp/ftp/ftp.1 index 5b8b8f6427c..b0a837d863f 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp.1 +++ b/crypto/heimdal/appl/ftp/ftp/ftp.1 @@ -53,8 +53,8 @@ file transfer program .Op Fl t .Op Fl v .Op Fl x -.Op Fl -no-gss-bindings -.Op Fl -no-gss-delegate +.Op Fl Fl no-gss-bindings +.Op Fl Fl no-gss-delegate .Op Ar host .Sh DESCRIPTION .Nm @@ -103,10 +103,10 @@ Turn on passive mode. Enables debugging. .It Fl g Disables file name globbing. - .It Fl -no-gss-bindings + .It Fl Fl no-gss-bindings Don't use GSS-API bindings when talking to peer. IP addresses will not be checked to ensure they match. -.It Fl -no-gss-delegate +.It Fl Fl no-gss-delegate Disable delegation of GSSAPI credentials. .It Fl l Disables command line editing. diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.c b/crypto/heimdal/appl/ftp/ftp/ftp.c index 0a00bd24566..1cd2f46ebb4 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp.c +++ b/crypto/heimdal/appl/ftp/ftp/ftp.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID ("$Id: ftp.c 16650 2006-01-24 08:16:08Z lha $"); +RCSID ("$Id$"); struct sockaddr_storage hisctladdr_ss; struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; @@ -89,7 +89,7 @@ hookup (const char *host, int port) strlcpy (hostnamebuf, a->ai_canonname, sizeof(hostnamebuf)); memcpy (hisctladdr, a->ai_addr, a->ai_addrlen); - + error = connect (s, a->ai_addr, a->ai_addrlen); if (error < 0) { char addrstr[256]; @@ -98,7 +98,7 @@ hookup (const char *host, int port) addrstr, sizeof(addrstr), NULL, 0, NI_NUMERICHOST) != 0) strlcpy (addrstr, "unknown address", sizeof(addrstr)); - + warn ("connect %s", addrstr); close (s); s = -1; @@ -167,6 +167,7 @@ login (char *host) char tmp[80]; char defaultpass[128]; char *userstr, *pass, *acctstr; + char *ruserstr, *rpass, *racctstr; int n, aflag = 0; char *myname = NULL; @@ -175,7 +176,7 @@ login (char *host) if (pw != NULL) myname = pw->pw_name; - userstr = pass = acctstr = 0; + ruserstr = rpass = racctstr = NULL; if(sec_login(host)) printf("\n*** Using plaintext user and password ***\n\n"); @@ -183,10 +184,14 @@ login (char *host) printf("Authentication successful.\n\n"); } - if (ruserpass (host, &userstr, &pass, &acctstr) < 0) { + if (ruserpassword (host, &ruserstr, &rpass, &racctstr) < 0) { code = -1; return (0); } + userstr = ruserstr; + pass = rpass; + acctstr = racctstr; + while (userstr == NULL) { if (myname) printf ("Name (%s:%s): ", host, myname); @@ -201,17 +206,20 @@ login (char *host) userstr = tmp; } strlcpy(username, userstr, sizeof(username)); + if (ruserstr) + free(ruserstr); + n = command("USER %s", userstr); - if (n == COMPLETE) + if (n == COMPLETE) n = command("PASS dummy"); /* DK: Compatibility with gssftp daemon */ else if(n == CONTINUE) { if (pass == NULL) { char prompt[128]; - if(myname && + if(myname && (!strcmp(userstr, "ftp") || !strcmp(userstr, "anonymous"))) { - snprintf(defaultpass, sizeof(defaultpass), + snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain); - snprintf(prompt, sizeof(prompt), + snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass); } else if (sec_complete) { pass = myname; @@ -227,19 +235,25 @@ login (char *host) } } n = command ("PASS %s", pass); + if (rpass) + free(rpass); } if (n == CONTINUE) { aflag++; + UI_UTIL_read_pw_string (tmp, sizeof(tmp), "Account:", 0); acctstr = tmp; - UI_UTIL_read_pw_string (acctstr, 128, "Account:", 0); n = command ("ACCT %s", acctstr); } if (n != COMPLETE) { + if (racctstr) + free(racctstr); warnx ("Login failed."); return (0); } if (!aflag && acctstr != NULL) command ("ACCT %s", acctstr); + if (racctstr) + free(racctstr); if (proxy) return (1); for (n = 0; n < macnum; ++n) { @@ -417,7 +431,7 @@ getreply (int expecteof) continue; default: if(p < buf + sizeof(buf) - 1) - *p++ = c; + *p++ = c; else if(long_warn == 0) { fprintf(stderr, "WARNING: incredibly long line received\n"); long_warn = 1; @@ -579,6 +593,9 @@ copy_stream (FILE * from, FILE * to) #if defined(HAVE_MMAP) && !defined(NO_MMAP) void *chunk; + size_t off; + +#define BLOCKSIZE (1024 * 1024 * 10) #ifndef MAP_FAILED #define MAP_FAILED (-1) @@ -590,17 +607,35 @@ copy_stream (FILE * from, FILE * to) */ if (st.st_size == 0) return 0; - chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0); - if (chunk != (void *) MAP_FAILED) { - int res; + off = 0; + while (off != st.st_size) { + size_t len; + ssize_t res; - res = sec_write (fileno (to), chunk, st.st_size); - if (munmap (chunk, st.st_size) < 0) + len = st.st_size - off; + if (len > BLOCKSIZE) + len = BLOCKSIZE; + + chunk = mmap (0, len, PROT_READ, MAP_SHARED, fileno (from), off); + if (chunk == (void *) MAP_FAILED) { + if (off == 0) /* try read if mmap doesn't work */ + goto try_read; + break; + } + + res = sec_write (fileno (to), chunk, len); + if (msync (chunk, len, MS_ASYNC)) + warn ("msync"); + if (munmap (chunk, len) < 0) warn ("munmap"); sec_fflush (to); - return res; + if (res != len) + return off; + off += len; } + return off; } +try_read: #endif buf = alloc_buffer (buf, &bufsize, @@ -643,7 +678,7 @@ sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames) char *rmode = "w"; if (verbose && printnames) { - if (local && strcmp (local, "-") != 0) + if (strcmp (local, "-") != 0) printf ("local: %s ", local); if (remote) printf ("remote: %s\n", remote); @@ -696,8 +731,7 @@ sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames) return; } closefunc = fclose; - if (fstat (fileno (fin), &st) < 0 || - (st.st_mode & S_IFMT) != S_IFREG) { + if (fstat (fileno (fin), &st) < 0 || !S_ISREG(st.st_mode)) { fprintf (stdout, "%s: not a plain file.\n", local); signal (SIGINT, oldintr); fclose (fin); @@ -875,7 +909,7 @@ recvrequest (char *cmd, char *local, char *remote, is_retr = strcmp (cmd, "RETR") == 0; if (is_retr && verbose && printnames) { - if (local && strcmp (local, "-") != 0) + if (strcmp (local, "-") != 0) printf ("local: %s ", local); if (remote) printf ("remote: %s\n", remote); @@ -902,7 +936,7 @@ recvrequest (char *cmd, char *local, char *remote, return; } oldintr = signal (SIGINT, abortrecv); - if (!local_given || (strcmp (local, "-") && *local != '|')) { + if (!local_given || (strcmp(local, "-") && *local != '|')) { if (access (local, 2) < 0) { char *dir = strrchr (local, '/'); @@ -1317,7 +1351,7 @@ noport: verbose = -1; result = command ("EPRT |%d|%s|%d|", - inet_af, addr_str, + inet_af, addr_str, ntohs(socket_get_port (data_addr))); verbose = overbose; @@ -1332,7 +1366,7 @@ noport: goto bad; } - result = command("PORT %d,%d,%d,%d,%d,%d", + result = command("PORT %d,%d,%d,%d,%d,%d", (a >> 24) & 0xff, (a >> 16) & 0xff, (a >> 8) & 0xff, @@ -1371,7 +1405,7 @@ bad: int initconn (void) { - if (passivemode) + if (passivemode) return passive_mode (); else return active_mode (); diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h index 25362c04d2c..cae845a93ce 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h +++ b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,8 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ftp_locl.h 11444 2002-09-10 20:03:49Z joda $ */ -/* $FreeBSD$ */ +/* $Id$ */ #ifndef __FTP_LOCL_H__ #define __FTP_LOCL_H__ diff --git a/crypto/heimdal/appl/ftp/ftp/globals.c b/crypto/heimdal/appl/ftp/ftp/globals.c index 52f80488240..4c195f6e9e5 100644 --- a/crypto/heimdal/appl/ftp/ftp/globals.c +++ b/crypto/heimdal/appl/ftp/ftp/globals.c @@ -1,5 +1,5 @@ #include "ftp_locl.h" -RCSID("$Id: globals.c 16160 2005-10-12 09:42:47Z joda $"); +RCSID("$Id$"); /* * Options and other state info. @@ -74,6 +74,6 @@ char macbuf[4096]; char username[32]; -/* these are set in ruserpass */ +/* these are set in ruserpassword */ char myhostname[MaxHostNameLen]; char *mydomain; diff --git a/crypto/heimdal/appl/ftp/ftp/gssapi.c b/crypto/heimdal/appl/ftp/ftp/gssapi.c index 9432feb8290..29be7641c96 100644 --- a/crypto/heimdal/appl/ftp/ftp/gssapi.c +++ b/crypto/heimdal/appl/ftp/ftp/gssapi.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef FTP_SERVER @@ -36,17 +36,18 @@ #else #include "ftp_locl.h" #endif -#include +#include +#include #include -RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $"); +RCSID("$Id$"); int ftp_do_gss_bindings = 0; int ftp_do_gss_delegate = 1; -struct gss_data { +struct gssapi_data { gss_ctx_id_t context_hdl; - char *client_name; + gss_name_t client_name; gss_cred_id_t delegated_cred_handle; void *mech_data; }; @@ -54,7 +55,7 @@ struct gss_data { static int gss_init(void *app_data) { - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; d->context_hdl = GSS_C_NO_CONTEXT; d->delegated_cred_handle = GSS_C_NO_CREDENTIAL; #if defined(FTP_SERVER) @@ -84,7 +85,7 @@ gss_decode(void *app_data, void *buf, int len, int level) gss_buffer_desc input, output; gss_qop_t qop_state; int conf_state; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; size_t ret_len; input.length = len; @@ -116,7 +117,7 @@ gss_encode(void *app_data, void *from, int length, int level, void **to) OM_uint32 maj_stat, min_stat; gss_buffer_desc input, output; int conf_state; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; input.length = length; input.value = from; @@ -157,7 +158,7 @@ sockaddr_to_gss_address (struct sockaddr *sa, } default : errx (1, "unknown address family %d", sa->sa_family); - + } } @@ -172,7 +173,7 @@ gss_adat(void *app_data, void *buf, size_t len) gss_buffer_desc input_token, output_token; OM_uint32 maj_stat, min_stat; gss_name_t client_name; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; gss_channel_bindings_t bindings; if (ftp_do_gss_bindings) { @@ -186,7 +187,7 @@ gss_adat(void *app_data, void *buf, size_t len) sockaddr_to_gss_address (ctrl_addr, &bindings->acceptor_addrtype, &bindings->acceptor_address); - + bindings->application_data.length = 0; bindings->application_data.value = NULL; } else @@ -218,32 +219,8 @@ gss_adat(void *app_data, void *buf, size_t len) gss_release_buffer(&min_stat, &output_token); } if(maj_stat == GSS_S_COMPLETE){ - char *name; - gss_buffer_desc export_name; - gss_OID oid; - - maj_stat = gss_display_name(&min_stat, client_name, - &export_name, &oid); - if(maj_stat != 0) { - reply(500, "Error displaying name"); - goto out; - } - /* XXX kerberos */ - if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) { - reply(500, "OID not kerberos principal name"); - gss_release_buffer(&min_stat, &export_name); - goto out; - } - name = malloc(export_name.length + 1); - if(name == NULL) { - reply(500, "Out of memory"); - gss_release_buffer(&min_stat, &export_name); - goto out; - } - memcpy(name, export_name.value, export_name.length); - name[export_name.length] = '\0'; - gss_release_buffer(&min_stat, &export_name); - d->client_name = name; + d->client_name = client_name; + client_name = GSS_C_NO_NAME; if(p) reply(235, "ADAT=%s", p); else @@ -265,24 +242,25 @@ gss_adat(void *app_data, void *buf, size_t len) GSS_C_NO_OID, &msg_ctx, &status_string); - syslog(LOG_ERR, "gss_accept_sec_context: %s", + syslog(LOG_ERR, "gss_accept_sec_context: %.*s", + (int)status_string.length, (char*)status_string.value); gss_release_buffer(&new_stat, &status_string); reply(431, "Security resource unavailable"); } - out: + if (client_name) gss_release_name(&min_stat, &client_name); free(p); return 0; } -int gss_userok(void*, char*); -int gss_session(void*, char*); +int gssapi_userok(void*, char*); +int gssapi_session(void*, char*); struct sec_server_mech gss_server_mech = { "GSSAPI", - sizeof(struct gss_data), + sizeof(struct gssapi_data), gss_init, /* init */ NULL, /* end */ gss_check_prot, @@ -294,8 +272,8 @@ struct sec_server_mech gss_server_mech = { gss_adat, NULL, /* pbsz */ NULL, /* ccc */ - gss_userok, - gss_session + gssapi_userok, + gssapi_session }; #else /* FTP_SERVER */ @@ -324,15 +302,17 @@ import_name(const char *kname, const char *host, gss_name_t *target_name) OM_uint32 new_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string; - + gss_display_status(&new_stat, min_stat, GSS_C_MECH_CODE, GSS_C_NO_OID, &msg_ctx, &status_string); - printf("Error importing name %s: %s\n", + printf("Error importing name %.*s: %.*s\n", + (int)name.length, (char *)name.value, + (int)status_string.length, (char *)status_string.value); free(name.value); gss_release_buffer(&new_stat, &status_string); @@ -345,7 +325,7 @@ import_name(const char *kname, const char *host, gss_name_t *target_name) static int gss_auth(void *app_data, char *host) { - + OM_uint32 maj_stat, min_stat; gss_name_t target_name; gss_buffer_desc input, output_token; @@ -353,12 +333,12 @@ gss_auth(void *app_data, char *host) char *p; int n; gss_channel_bindings_t bindings; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; const char *knames[] = { "ftp", "host", NULL }, **kname = knames; - - + + if(import_name(*kname++, host, &target_name)) return AUTH_ERROR; @@ -369,14 +349,14 @@ gss_auth(void *app_data, char *host) bindings = malloc(sizeof(*bindings)); if (bindings == NULL) errx(1, "out of memory"); - + sockaddr_to_gss_address (myctladdr, &bindings->initiator_addrtype, &bindings->initiator_address); sockaddr_to_gss_address (hisctladdr, &bindings->acceptor_addrtype, &bindings->acceptor_address); - + bindings->application_data.length = 0; bindings->application_data.value = NULL; } else @@ -417,7 +397,7 @@ gss_auth(void *app_data, char *host) } continue; } - + if (bindings != GSS_C_NO_CHANNEL_BINDINGS) free(bindings); @@ -427,7 +407,8 @@ gss_auth(void *app_data, char *host) GSS_C_NO_OID, &msg_ctx, &status_string); - printf("Error initializing security context: %s\n", + printf("Error initializing security context: %.*s\n", + (int)status_string.length, (char*)status_string.value); gss_release_buffer(&new_stat, &status_string); return AUTH_CONTINUE; @@ -501,13 +482,15 @@ gss_auth(void *app_data, char *host) &name, NULL); if (GSS_ERROR(maj_stat) == 0) { - printf("Authenticated to <%s>\n", (char *)name.value); + printf("Authenticated to <%.*s>\n", + (int)name.length, + (char *)name.value); gss_release_buffer(&min_stat, &name); } gss_release_name(&min_stat, &targ_name); } else printf("Failed to get gss name of peer.\n"); - } + } return AUTH_OK; @@ -515,7 +498,7 @@ gss_auth(void *app_data, char *host) struct sec_client_mech gss_client_mech = { "GSSAPI", - sizeof(struct gss_data), + sizeof(struct gssapi_data), gss_init, gss_auth, NULL, /* end */ diff --git a/crypto/heimdal/appl/ftp/ftp/kauth.c b/crypto/heimdal/appl/ftp/ftp/kauth.c index 36305d2cd2e..3af44aa7d6a 100644 --- a/crypto/heimdal/appl/ftp/ftp/kauth.c +++ b/crypto/heimdal/appl/ftp/ftp/kauth.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -32,145 +32,9 @@ */ #include "ftp_locl.h" -RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $"); +RCSID("$Id$"); -#ifdef KRB4 -#include - -void -kauth(int argc, char **argv) -{ - int ret; - char buf[1024]; - des_cblock key; - des_key_schedule schedule; - KTEXT_ST tkt, tktcopy; - char *name; - char *p; - int overbose; - char passwd[100]; - int tmp; - - int save; - - if(argc > 2){ - printf("usage: %s [principal]\n", argv[0]); - code = -1; - return; - } - if(argc == 2) - name = argv[1]; - else - name = username; - - overbose = verbose; - verbose = 0; - - save = set_command_prot(prot_private); - ret = command("SITE KAUTH %s", name); - if(ret != CONTINUE){ - verbose = overbose; - set_command_prot(save); - code = -1; - return; - } - verbose = overbose; - p = strstr(reply_string, "T="); - if(!p){ - printf("Bad reply from server.\n"); - set_command_prot(save); - code = -1; - return; - } - p += 2; - tmp = base64_decode(p, &tkt.dat); - if(tmp < 0){ - printf("Failed to decode base64 in reply.\n"); - set_command_prot(save); - code = -1; - return; - } - tkt.length = tmp; - tktcopy.length = tkt.length; - - p = strstr(reply_string, "P="); - if(!p){ - printf("Bad reply from server.\n"); - verbose = overbose; - set_command_prot(save); - code = -1; - return; - } - name = p + 2; - for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); - *p = 0; - - snprintf(buf, sizeof(buf), "Password for %s:", name); - if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) - *passwd = '\0'; - des_string_to_key (passwd, &key); - - des_key_sched(&key, schedule); - - des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, - tkt.length, - schedule, &key, DES_DECRYPT); - if (strcmp ((char*)tktcopy.dat + 8, - KRB_TICKET_GRANTING_TICKET) != 0) { - afs_string_to_key (passwd, krb_realmofhost(hostname), &key); - des_key_sched (&key, schedule); - des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, - tkt.length, - schedule, &key, DES_DECRYPT); - } - memset(key, 0, sizeof(key)); - memset(schedule, 0, sizeof(schedule)); - memset(passwd, 0, sizeof(passwd)); - if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) { - printf("Out of memory base64-encoding.\n"); - set_command_prot(save); - code = -1; - return; - } - memset (tktcopy.dat, 0, tktcopy.length); - ret = command("SITE KAUTH %s %s", name, p); - free(p); - set_command_prot(save); - if(ret != COMPLETE){ - code = -1; - return; - } - code = 0; -} - -void -kdestroy(int argc, char **argv) -{ - int ret; - if (argc != 1) { - printf("usage: %s\n", argv[0]); - code = -1; - return; - } - ret = command("SITE KDESTROY"); - code = (ret == COMPLETE); -} - -void -krbtkfile(int argc, char **argv) -{ - int ret; - if(argc != 2) { - printf("usage: %s tktfile\n", argv[0]); - code = -1; - return; - } - ret = command("SITE KRBTKFILE %s", argv[1]); - code = (ret == COMPLETE); -} -#endif - -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) void afslog(int argc, char **argv) diff --git a/crypto/heimdal/appl/ftp/ftp/krb4.c b/crypto/heimdal/appl/ftp/ftp/krb4.c deleted file mode 100644 index 408b7fa7357..00000000000 --- a/crypto/heimdal/appl/ftp/ftp/krb4.c +++ /dev/null @@ -1,340 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef FTP_SERVER -#include "ftpd_locl.h" -#else -#include "ftp_locl.h" -#endif -#include - -RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $"); - -#ifdef FTP_SERVER -#define LOCAL_ADDR ctrl_addr -#define REMOTE_ADDR his_addr -#else -#define LOCAL_ADDR myctladdr -#define REMOTE_ADDR hisctladdr -#endif - -extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR; - -struct krb4_data { - des_cblock key; - des_key_schedule schedule; - char name[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; -}; - -static int -krb4_check_prot(void *app_data, int level) -{ - if(level == prot_confidential) - return -1; - return 0; -} - -static int -krb4_decode(void *app_data, void *buf, int len, int level) -{ - MSG_DAT m; - int e; - struct krb4_data *d = app_data; - - if(level == prot_safe) - e = krb_rd_safe(buf, len, &d->key, - (struct sockaddr_in *)REMOTE_ADDR, - (struct sockaddr_in *)LOCAL_ADDR, &m); - else - e = krb_rd_priv(buf, len, d->schedule, &d->key, - (struct sockaddr_in *)REMOTE_ADDR, - (struct sockaddr_in *)LOCAL_ADDR, &m); - if(e){ - syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e)); - return -1; - } - memmove(buf, m.app_data, m.app_length); - return m.app_length; -} - -static int -krb4_overhead(void *app_data, int level, int len) -{ - return 31; -} - -static int -krb4_encode(void *app_data, void *from, int length, int level, void **to) -{ - struct krb4_data *d = app_data; - *to = malloc(length + 31); - if(level == prot_safe) - return krb_mk_safe(from, *to, length, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - else if(level == prot_private) - return krb_mk_priv(from, *to, length, d->schedule, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - else - return -1; -} - -#ifdef FTP_SERVER - -static int -krb4_adat(void *app_data, void *buf, size_t len) -{ - KTEXT_ST tkt; - AUTH_DAT auth_dat; - char *p; - int kerror; - uint32_t cs; - char msg[35]; /* size of encrypted block */ - int tmp_len; - struct krb4_data *d = app_data; - char inst[INST_SZ]; - struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr; - - memcpy(tkt.dat, buf, len); - tkt.length = len; - - k_getsockinst(0, inst, sizeof(inst)); - kerror = krb_rd_req(&tkt, "ftp", inst, - his_addr_sin->sin_addr.s_addr, &auth_dat, ""); - if(kerror == RD_AP_UNDEC){ - k_getsockinst(0, inst, sizeof(inst)); - kerror = krb_rd_req(&tkt, "rcmd", inst, - his_addr_sin->sin_addr.s_addr, &auth_dat, ""); - } - - if(kerror){ - reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); - return -1; - } - - memcpy(d->key, auth_dat.session, sizeof(d->key)); - des_set_key(&d->key, d->schedule); - - strlcpy(d->name, auth_dat.pname, sizeof(d->name)); - strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance)); - strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance)); - - cs = auth_dat.checksum + 1; - { - unsigned char tmp[4]; - KRB_PUT_INT(cs, tmp, 4, sizeof(tmp)); - tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - } - if(tmp_len < 0){ - reply(535, "Error creating reply: %s.", strerror(errno)); - return -1; - } - len = tmp_len; - if(base64_encode(msg, len, &p) < 0) { - reply(535, "Out of memory base64-encoding."); - return -1; - } - reply(235, "ADAT=%s", p); - sec_complete = 1; - free(p); - return 0; -} - -static int -krb4_userok(void *app_data, char *user) -{ - struct krb4_data *d = app_data; - return krb_kuserok(d->name, d->instance, d->realm, user); -} - -struct sec_server_mech krb4_server_mech = { - "KERBEROS_V4", - sizeof(struct krb4_data), - NULL, /* init */ - NULL, /* end */ - krb4_check_prot, - krb4_overhead, - krb4_encode, - krb4_decode, - /* */ - NULL, - krb4_adat, - NULL, /* pbsz */ - NULL, /* ccc */ - krb4_userok -}; - -#else /* FTP_SERVER */ - -static int -krb4_init(void *app_data) -{ - return !use_kerberos; -} - -static int -mk_auth(struct krb4_data *d, KTEXT adat, - char *service, char *host, int checksum) -{ - int ret; - CREDENTIALS cred; - char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - - strlcpy(sname, service, sizeof(sname)); - strlcpy(inst, krb_get_phost(host), sizeof(inst)); - strlcpy(realm, krb_realmofhost(host), sizeof(realm)); - ret = krb_mk_req(adat, sname, inst, realm, checksum); - if(ret) - return ret; - strlcpy(sname, service, sizeof(sname)); - strlcpy(inst, krb_get_phost(host), sizeof(inst)); - strlcpy(realm, krb_realmofhost(host), sizeof(realm)); - ret = krb_get_cred(sname, inst, realm, &cred); - memmove(&d->key, &cred.session, sizeof(des_cblock)); - des_key_sched(&d->key, d->schedule); - memset(&cred, 0, sizeof(cred)); - return ret; -} - -static int -krb4_auth(void *app_data, char *host) -{ - int ret; - char *p; - int len; - KTEXT_ST adat; - MSG_DAT msg_data; - int checksum; - uint32_t cs; - struct krb4_data *d = app_data; - struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR; - struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR; - - checksum = getpid(); - ret = mk_auth(d, &adat, "ftp", host, checksum); - if(ret == KDC_PR_UNKNOWN) - ret = mk_auth(d, &adat, "rcmd", host, checksum); - if(ret){ - printf("%s\n", krb_get_err_text(ret)); - return AUTH_CONTINUE; - } - -#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM - if (krb_get_config_bool("nat_in_use")) { - struct in_addr natAddr; - - if (krb_get_our_ip_for_realm(krb_realmofhost(host), - &natAddr) != KSUCCESS - && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS) - printf("Can't get address for realm %s\n", - krb_realmofhost(host)); - else { - if (natAddr.s_addr != localaddr->sin_addr.s_addr) { - printf("Using NAT IP address (%s) for kerberos 4\n", - inet_ntoa(natAddr)); - localaddr->sin_addr = natAddr; - - /* - * This not the best place to do this, but it - * is here we know that (probably) NAT is in - * use! - */ - - passivemode = 1; - printf("Setting: Passive mode on.\n"); - } - } - } -#endif - - printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr)); - printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr)); - - if(base64_encode(adat.dat, adat.length, &p) < 0) { - printf("Out of memory base64-encoding.\n"); - return AUTH_CONTINUE; - } - ret = command("ADAT %s", p); - free(p); - - if(ret != COMPLETE){ - printf("Server didn't accept auth data.\n"); - return AUTH_ERROR; - } - - p = strstr(reply_string, "ADAT="); - if(!p){ - printf("Remote host didn't send adat reply.\n"); - return AUTH_ERROR; - } - p += 5; - len = base64_decode(p, adat.dat); - if(len < 0){ - printf("Failed to decode base64 from server.\n"); - return AUTH_ERROR; - } - adat.length = len; - ret = krb_rd_safe(adat.dat, adat.length, &d->key, - (struct sockaddr_in *)hisctladdr, - (struct sockaddr_in *)myctladdr, &msg_data); - if(ret){ - printf("Error reading reply from server: %s.\n", - krb_get_err_text(ret)); - return AUTH_ERROR; - } - krb_get_int(msg_data.app_data, &cs, 4, 0); - if(cs - checksum != 1){ - printf("Bad checksum returned from server.\n"); - return AUTH_ERROR; - } - return AUTH_OK; -} - -struct sec_client_mech krb4_client_mech = { - "KERBEROS_V4", - sizeof(struct krb4_data), - krb4_init, /* init */ - krb4_auth, - NULL, /* end */ - krb4_check_prot, - krb4_overhead, - krb4_encode, - krb4_decode -}; - -#endif /* FTP_SERVER */ diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c index c78cd4a6425..5876f51dc4d 100644 --- a/crypto/heimdal/appl/ftp/ftp/main.c +++ b/crypto/heimdal/appl/ftp/ftp/main.c @@ -38,7 +38,7 @@ #include "ftp_locl.h" #include -RCSID("$Id: main.c 16160 2005-10-12 09:42:47Z joda $"); +RCSID("$Id$"); static int help_flag; static int version_flag; @@ -142,7 +142,7 @@ main(int argc, char **argv) } if (argc > 0) { char *xargv[5]; - + if (setjmp(toplevel)) exit(0); signal(SIGINT, intr); @@ -217,7 +217,7 @@ tail(filename) char *filename; { char *s; - + while (*filename) { s = strrchr(filename, '/'); if (s == NULL) @@ -555,10 +555,9 @@ help(int argc, char **argv) for (i = 0; i < lines; i++) { for (j = 0; j < columns; j++) { c = cmdtab + j * lines + i; - if (c->c_name && (!proxy || c->c_proxy)) { + if ((!proxy || c->c_proxy)) { printf("%s", c->c_name); - } - else if (c->c_name) { + } else { for (k=0; k < strlen(c->c_name); k++) { putchar(' '); } diff --git a/crypto/heimdal/appl/ftp/ftp/ruserpass.c b/crypto/heimdal/appl/ftp/ftp/ruserpass.c index 8c0cd8d6e90..a8665b643c5 100644 --- a/crypto/heimdal/appl/ftp/ftp/ruserpass.c +++ b/crypto/heimdal/appl/ftp/ftp/ruserpass.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: ruserpass.c 16161 2005-10-12 09:44:24Z joda $"); +RCSID("$Id$"); static int token (void); static FILE *cfile; @@ -59,7 +59,7 @@ static struct toktab { { "account", ACCOUNT }, { "machine", MACH }, { "macdef", MACDEF }, - { "prot", PROT }, + { "prot", PROT }, { NULL, 0 } }; @@ -105,7 +105,7 @@ guess_domain (char *hostname_str, size_t sz) } int -ruserpass(char *host, char **aname, char **apass, char **aacct) +ruserpassword(char *host, char **aname, char **apass, char **aacct) { char *hdir, buf[BUFSIZ], *tmp; int t, i, c, usedefault = 0; @@ -137,7 +137,7 @@ next: continue; /* * Allow match either for user's input host name - * or official hostname. Also allow match of + * or official hostname. Also allow match of * incompletely-specified host in local domain. */ if (strcasecmp(host, tokval) == 0) @@ -163,7 +163,7 @@ next: case LOGIN: if (token()) { - if (*aname == 0) { + if (*aname == 0) { *aname = strdup(tokval); } else { if (strcmp(*aname, tokval)) @@ -199,7 +199,7 @@ next: fclose(cfile); return (0); } - while ((c=getc(cfile)) != EOF && + while ((c=getc(cfile)) != EOF && (c == ' ' || c == '\t')); if (c == EOF || c == '\n') { printf("Missing macdef name argument.\n"); diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c index 2a4803f90b1..86c73a168ce 100644 --- a/crypto/heimdal/appl/ftp/ftp/security.c +++ b/crypto/heimdal/appl/ftp/ftp/security.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -37,7 +37,7 @@ #include "ftp_locl.h" #endif -RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $"); +RCSID("$Id$"); static enum protection_level command_prot; static enum protection_level data_prot; @@ -74,14 +74,14 @@ level_to_name(enum protection_level level) } #ifndef FTP_SERVER /* not used in server */ -static enum protection_level +static enum protection_level name_to_level(const char *name) { int i; for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) if(!strncasecmp(level_names[i].name, name, strlen(name))) return level_names[i].level; - return (enum protection_level)-1; + return prot_invalid; } #endif @@ -90,9 +90,6 @@ name_to_level(const char *name) static struct sec_server_mech *mechs[] = { #ifdef KRB5 &gss_server_mech, -#endif -#ifdef KRB4 - &krb4_server_mech, #endif NULL }; @@ -104,9 +101,6 @@ static struct sec_server_mech *mech; static struct sec_client_mech *mechs[] = { #ifdef KRB5 &gss_client_mech, -#endif -#ifdef KRB4 - &krb4_client_mech, #endif NULL }; @@ -229,12 +223,12 @@ sec_read(int fd, void *dataptr, int length) in_buffer.eof_flag = 0; return 0; } - + len = buffer_read(&in_buffer, dataptr, length); length -= len; rx += len; dataptr = (char*)dataptr + len; - + while(length){ int ret; @@ -286,7 +280,7 @@ sec_write(int fd, char *dataptr, int length) { int len = buffer_size; int tx = 0; - + if(data_prot == prot_clear) return write(fd, dataptr, length); @@ -337,7 +331,7 @@ sec_putc(int c, FILE *F) char ch = c; if(data_prot == prot_clear) return putc(c, F); - + buffer_write(&out_buffer, &ch, 1); if(c == '\n' || out_buffer.index >= 1024 /* XXX */) { sec_write(fileno(F), out_buffer.data, out_buffer.index); @@ -352,14 +346,14 @@ sec_read_msg(char *s, int level) int len; char *buf; int return_code; - + buf = malloc(strlen(s)); len = base64_decode(s + 4, buf); /* XXX */ - + len = (*mech->decode)(app_data, buf, len, level); if(len < 0) return -1; - + buf[len] = '\0'; if(buf[3] == '-') @@ -381,7 +375,7 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap) int len; if(!sec_complete) return vfprintf(f, fmt, ap); - + if (vasprintf(&buf, fmt, ap) == -1) { printf("Failed to allocate command.\n"); return -1; @@ -520,10 +514,10 @@ prot(char *pl) reply(504, "Unrecognized protection level."); return; } - + if(sec_complete){ if((*mech->check_prot)(app_data, p)){ - reply(536, "%s does not support %s protection.", + reply(536, "%s does not support %s protection.", mech->name, level_to_name(p)); }else{ data_prot = (enum protection_level)p; @@ -556,14 +550,20 @@ void mec(char *msg, enum protection_level level) } buf_size = strlen(msg) + 2; buf = malloc(buf_size); + if (buf == NULL) { + reply(501, "Failed to allocate %lu", (unsigned long)buf_size); + return; + } len = base64_decode(msg, buf); command_prot = level; if(len == (size_t)-1) { + free(buf); reply(501, "Failed to base64-decode command"); return; } len = (*mech->decode)(app_data, buf, len, level); if(len == (size_t)-1) { + free(buf); reply(535, "Failed to decode command"); return; } @@ -628,7 +628,7 @@ sec_status(void) printf("Using %s command channel.\n", level_to_name(command_prot)); printf("Using %s data channel.\n", level_to_name(data_prot)); if(buffer_size > 0) - printf("Protection buffer size: %lu.\n", + printf("Protection buffer size: %lu.\n", (unsigned long)buffer_size); }else{ printf("Not using any security mechanism.\n"); @@ -669,7 +669,7 @@ sec_prot_internal(int level) printf("Failed to set protection level.\n"); return -1; } - + data_prot = (enum protection_level)level; return 0; } @@ -683,7 +683,7 @@ set_command_prot(enum protection_level level) ret = command("CCC"); if(ret != COMPLETE) { printf("Failed to clear command channel.\n"); - return -1; + return prot_invalid; } } command_prot = level; @@ -708,17 +708,17 @@ sec_prot(int argc, char **argv) return; } level = name_to_level(argv[argc - 1]); - + if(level == -1) goto usage; - + if((*mech->check_prot)(app_data, level)) { - printf("%s does not implement %s protection.\n", + printf("%s does not implement %s protection.\n", mech->name, level_to_name(level)); code = -1; return; } - + if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) { if(sec_prot_internal(level) < 0){ code = -1; @@ -759,9 +759,9 @@ sec_prot_command(int argc, char **argv) level = name_to_level(argv[1]); if(level == -1) goto usage; - + if((*mech->check_prot)(app_data, level)) { - printf("%s does not implement %s protection.\n", + printf("%s does not implement %s protection.\n", mech->name, level_to_name(level)); code = -1; return; @@ -808,7 +808,7 @@ sec_login(char *host) verbose = -1; /* shut up all messages this will produce (they are usually not very user friendly) */ - + for(m = mechs; *m && (*m)->name; m++) { void *tmp; @@ -818,7 +818,7 @@ sec_login(char *host) return -1; } app_data = tmp; - + if((*m)->init && (*(*m)->init)(app_data) != 0) { printf("Skipping %s...\n", (*m)->name); continue; @@ -840,7 +840,7 @@ sec_login(char *host) } ret = (*(*m)->auth)(app_data, host); - + if(ret == AUTH_CONTINUE) continue; else if(ret != AUTH_OK){ @@ -852,13 +852,13 @@ sec_login(char *host) sec_complete = 1; if(doencrypt) { command_prot = prot_private; - request_data_prot = prot_private; + request_data_prot = prot_private; } else { command_prot = prot_safe; } break; } - + verbose = old_verbose; return *m == NULL; } diff --git a/crypto/heimdal/appl/ftp/ftp/security.h b/crypto/heimdal/appl/ftp/ftp/security.h index 85ba23eee0b..553372e28bf 100644 --- a/crypto/heimdal/appl/ftp/ftp/security.h +++ b/crypto/heimdal/appl/ftp/ftp/security.h @@ -1,46 +1,47 @@ /* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: security.h 21224 2007-06-20 10:15:13Z lha $ */ +/* $Id$ */ #ifndef __security_h__ #define __security_h__ -enum protection_level { - prot_clear, - prot_safe, - prot_confidential, - prot_private +enum protection_level { + prot_invalid = -1, + prot_clear = 0, + prot_safe = 1, + prot_confidential = 2, + prot_private = 3 }; struct sec_client_mech { @@ -137,4 +138,4 @@ enum protection_level set_command_prot(enum protection_level); #endif -#endif /* __security_h__ */ +#endif /* __security_h__ */ diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.am b/crypto/heimdal/appl/ftp/ftpd/Makefile.am index b4048763040..355b8baae4e 100644 --- a/crypto/heimdal/appl/ftp/ftpd/Makefile.am +++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -8,9 +8,6 @@ libexec_PROGRAMS = ftpd CHECK_LOCAL = -if KRB4 -krb4_sources = krb4.c -endif if KRB5 krb5_sources = gssapi.c gss_userok.c endif @@ -30,7 +27,7 @@ ftpd_SOURCES = \ $(krb4_sources) \ $(krb5_sources) -EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c +EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c $(ftpd_OBJECTS): security.h @@ -38,12 +35,10 @@ security.c: @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c . security.h: @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h . -krb4.c: - @test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c . gssapi.c: @test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c . -CLEANFILES = security.c security.h krb4.c gssapi.c +CLEANFILES = security.c security.h gssapi.c man_MANS = ftpd.8 ftpusers.5 @@ -56,4 +51,4 @@ LDADD = ../common/libcommon.a \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in index c7a6a8fce07..afa961539a3 100644 --- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 21031 2007-06-09 05:00:27Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ libexec_PROGRAMS = ftpd$(EXEEXT) subdir = appl/ftp/ftpd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,25 +89,23 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) am__ftpd_SOURCES_DIST = extern.h ftpcmd.y ftpd.c ftpd_locl.h logwtmp.c \ - ls.c pathnames.h popen.c security.c kauth.c klist.c krb4.c \ - gssapi.c gss_userok.c -@KRB4_TRUE@am__objects_1 = krb4.$(OBJEXT) -@KRB5_TRUE@am__objects_2 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT) + ls.c pathnames.h popen.c security.c kauth.c klist.c gssapi.c \ + gss_userok.c +@KRB5_TRUE@am__objects_1 = gssapi.$(OBJEXT) gss_userok.$(OBJEXT) am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \ ls.$(OBJEXT) popen.$(OBJEXT) security.$(OBJEXT) \ - kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) \ - $(am__objects_2) + kauth.$(OBJEXT) klist.$(OBJEXT) $(am__objects_1) ftpd_OBJECTS = $(am_ftpd_OBJECTS) ftpd_LDADD = $(LDADD) am__DEPENDENCIES_1 = @@ -112,9 +115,9 @@ ftpd_DEPENDENCIES = ../common/libcommon.a $(am__DEPENDENCIES_1) \ $(LIB_gssapi) $(LIB_krb5) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -131,6 +134,27 @@ LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ YLWRAP = $(top_srcdir)/ylwrap SOURCES = $(ftpd_SOURCES) $(EXTRA_ftpd_SOURCES) DIST_SOURCES = $(am__ftpd_SOURCES_DIST) $(EXTRA_ftpd_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 MANS = $(man_MANS) @@ -141,49 +165,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -207,10 +240,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -227,6 +261,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -242,31 +278,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -281,10 +331,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -325,33 +377,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/../common $(INCLUDE_krb4) \ + -DFTP_SERVER @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = -@KRB4_TRUE@krb4_sources = krb4.c @KRB5_TRUE@krb5_sources = gssapi.c gss_userok.c ftpd_SOURCES = \ extern.h \ @@ -368,8 +424,8 @@ ftpd_SOURCES = \ $(krb4_sources) \ $(krb5_sources) -EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c -CLEANFILES = security.c security.h krb4.c gssapi.c +EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c +CLEANFILES = security.c security.h gssapi.c man_MANS = ftpd.8 ftpusers.5 LDADD = ../common/libcommon.a \ $(LIB_otp) \ @@ -380,23 +436,23 @@ LDADD = ../common/libcommon.a \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftpd/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/ftp/ftpd/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -414,34 +470,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list ftpd$(EXEEXT): $(ftpd_OBJECTS) $(ftpd_DEPENDENCIES) @rm -f ftpd$(EXEEXT) $(LINK) $(ftpd_OBJECTS) $(ftpd_LDADD) $(LIBS) @@ -452,14 +524,37 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpcmd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftpd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gss_userok.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kauth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/klist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/logwtmp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ls.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/popen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/security.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .y.c: $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) @@ -469,146 +564,149 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man5: $(man5_MANS) $(man_MANS) +install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -624,13 +722,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -666,6 +768,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -677,6 +780,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -687,6 +791,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -694,26 +800,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man5 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -733,11 +848,10 @@ ps-am: uninstall-am: uninstall-libexecPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man5 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \ @@ -825,6 +939,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -910,7 +1027,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -930,10 +1047,9 @@ security.c: @test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c . security.h: @test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h . -krb4.c: - @test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c . gssapi.c: @test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c . + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/ftp/ftpd/extern.h b/crypto/heimdal/appl/ftp/ftpd/extern.h index db40f2fdd21..3f48ec66eb5 100644 --- a/crypto/heimdal/appl/ftp/ftpd/extern.h +++ b/crypto/heimdal/appl/ftp/ftpd/extern.h @@ -63,7 +63,7 @@ void abor(void); void blkfree(char **); char **copyblk(char **); -void cwd(char *); +void cwd(const char *); void do_delete(char *); void dologout(int); void eprt(char *); @@ -129,6 +129,7 @@ extern struct sockaddr *data_dest; extern int logged_in; extern struct passwd *pw; extern int guest; +extern int dochroot; extern int logging; extern int type; extern off_t file_size; @@ -144,5 +145,6 @@ extern char hostname[], remotehost[]; extern char proctitle[]; extern int usedefault; extern char tmpline[]; +extern int paranoid; #endif /* _EXTERN_H_ */ diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c index 94eadeeec92..dab11bc952a 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.c @@ -242,7 +242,7 @@ #include "ftpd_locl.h" -RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $"); +RCSID("$Id$"); off_t restart_point; @@ -665,16 +665,16 @@ static const yytype_int8 yyrhs[] = /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 129, 129, 131, 136, 140, 146, 153, 164, 170, - 175, 180, 186, 223, 237, 251, 257, 263, 272, 281, - 290, 295, 304, 309, 315, 322, 327, 334, 348, 353, - 358, 365, 370, 387, 392, 399, 406, 411, 416, 426, - 433, 438, 443, 451, 464, 478, 485, 502, 525, 530, - 539, 552, 563, 576, 583, 588, 595, 613, 630, 658, - 665, 671, 681, 691, 696, 701, 706, 711, 716, 721, - 726, 734, 739, 742, 746, 750, 763, 767, 771, 778, - 783, 788, 793, 798, 802, 807, 813, 821, 825, 829, - 836, 840, 844, 851, 879, 883, 909, 917, 928 + 0, 129, 129, 131, 136, 140, 146, 154, 175, 181, + 186, 191, 197, 234, 248, 262, 268, 274, 283, 292, + 301, 306, 315, 320, 326, 333, 338, 345, 359, 364, + 373, 380, 385, 402, 407, 414, 421, 426, 431, 441, + 448, 453, 458, 466, 479, 493, 500, 517, 521, 526, + 530, 534, 545, 558, 565, 570, 577, 595, 612, 640, + 647, 653, 663, 673, 678, 683, 688, 693, 698, 703, + 708, 716, 721, 724, 728, 732, 745, 749, 753, 760, + 765, 770, 775, 780, 784, 789, 795, 803, 807, 811, + 818, 822, 826, 833, 861, 865, 891, 899, 910 }; #endif @@ -1794,21 +1794,31 @@ yyreduce: break; case 7: -#line 154 "ftpcmd.y" +#line 155 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { - usedefault = 0; - if (pdata >= 0) { + if (paranoid && + (data_dest->sa_family != his_addr->sa_family || + (socket_get_port(data_dest) < IPPORT_RESERVED) || + memcmp(socket_get_address(data_dest), + socket_get_address(his_addr), + socket_addr_size(his_addr)) != 0)) { + usedefault = 1; + reply(500, "Illegal PORT range rejected."); + } else { + usedefault = 0; + if (pdata >= 0) { close(pdata); pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } } break; case 8: -#line 165 "ftpcmd.y" +#line 176 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) eprt ((yyvsp[(3) - (5)].s)); @@ -1817,7 +1827,7 @@ yyreduce: break; case 9: -#line 171 "ftpcmd.y" +#line 182 "ftpcmd.y" { if((yyvsp[(3) - (3)].i)) pasv (); @@ -1825,7 +1835,7 @@ yyreduce: break; case 10: -#line 176 "ftpcmd.y" +#line 187 "ftpcmd.y" { if((yyvsp[(3) - (3)].i)) epsv (NULL); @@ -1833,7 +1843,7 @@ yyreduce: break; case 11: -#line 181 "ftpcmd.y" +#line 192 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)) epsv ((yyvsp[(3) - (5)].s)); @@ -1842,7 +1852,7 @@ yyreduce: break; case 12: -#line 187 "ftpcmd.y" +#line 198 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { switch (cmd_type) { @@ -1882,7 +1892,7 @@ yyreduce: break; case 13: -#line 224 "ftpcmd.y" +#line 235 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { switch ((yyvsp[(3) - (5)].i)) { @@ -1899,7 +1909,7 @@ yyreduce: break; case 14: -#line 238 "ftpcmd.y" +#line 249 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { switch ((yyvsp[(3) - (5)].i)) { @@ -1916,7 +1926,7 @@ yyreduce: break; case 15: -#line 252 "ftpcmd.y" +#line 263 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { reply(202, "ALLO command ignored."); @@ -1925,7 +1935,7 @@ yyreduce: break; case 16: -#line 258 "ftpcmd.y" +#line 269 "ftpcmd.y" { if ((yyvsp[(9) - (9)].i)) { reply(202, "ALLO command ignored."); @@ -1934,7 +1944,7 @@ yyreduce: break; case 17: -#line 264 "ftpcmd.y" +#line 275 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1946,7 +1956,7 @@ yyreduce: break; case 18: -#line 273 "ftpcmd.y" +#line 284 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1958,7 +1968,7 @@ yyreduce: break; case 19: -#line 282 "ftpcmd.y" +#line 293 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1970,7 +1980,7 @@ yyreduce: break; case 20: -#line 291 "ftpcmd.y" +#line 302 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) send_file_list("."); @@ -1978,7 +1988,7 @@ yyreduce: break; case 21: -#line 296 "ftpcmd.y" +#line 307 "ftpcmd.y" { char *name = (yyvsp[(3) - (5)].s); @@ -1990,7 +2000,7 @@ yyreduce: break; case 22: -#line 305 "ftpcmd.y" +#line 316 "ftpcmd.y" { if((yyvsp[(3) - (3)].i)) list_file("."); @@ -1998,7 +2008,7 @@ yyreduce: break; case 23: -#line 310 "ftpcmd.y" +#line 321 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)) list_file((yyvsp[(3) - (5)].s)); @@ -2007,7 +2017,7 @@ yyreduce: break; case 24: -#line 316 "ftpcmd.y" +#line 327 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) statfilecmd((yyvsp[(3) - (5)].s)); @@ -2017,7 +2027,7 @@ yyreduce: break; case 25: -#line 323 "ftpcmd.y" +#line 334 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) statcmd(); @@ -2025,7 +2035,7 @@ yyreduce: break; case 26: -#line 328 "ftpcmd.y" +#line 339 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) do_delete((yyvsp[(3) - (5)].s)); @@ -2035,7 +2045,7 @@ yyreduce: break; case 27: -#line 335 "ftpcmd.y" +#line 346 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)){ if (fromname) { @@ -2052,7 +2062,7 @@ yyreduce: break; case 28: -#line 349 "ftpcmd.y" +#line 360 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) reply(225, "ABOR command successful."); @@ -2060,15 +2070,19 @@ yyreduce: break; case 29: -#line 354 "ftpcmd.y" +#line 365 "ftpcmd.y" { - if ((yyvsp[(3) - (3)].i)) - cwd(pw->pw_dir); + if ((yyvsp[(3) - (3)].i)) { + const char *path = pw->pw_dir; + if (dochroot || guest) + path = "/"; + cwd(path); + } } break; case 30: -#line 359 "ftpcmd.y" +#line 374 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) cwd((yyvsp[(3) - (5)].s)); @@ -2078,7 +2092,7 @@ yyreduce: break; case 31: -#line 366 "ftpcmd.y" +#line 381 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) help(cmdtab, (char *) 0); @@ -2086,7 +2100,7 @@ yyreduce: break; case 32: -#line 371 "ftpcmd.y" +#line 386 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { char *cp = (yyvsp[(3) - (5)].s); @@ -2106,7 +2120,7 @@ yyreduce: break; case 33: -#line 388 "ftpcmd.y" +#line 403 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) reply(200, "NOOP command successful."); @@ -2114,7 +2128,7 @@ yyreduce: break; case 34: -#line 393 "ftpcmd.y" +#line 408 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) makedir((yyvsp[(3) - (5)].s)); @@ -2124,7 +2138,7 @@ yyreduce: break; case 35: -#line 400 "ftpcmd.y" +#line 415 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) removedir((yyvsp[(3) - (5)].s)); @@ -2134,7 +2148,7 @@ yyreduce: break; case 36: -#line 407 "ftpcmd.y" +#line 422 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) pwd(); @@ -2142,7 +2156,7 @@ yyreduce: break; case 37: -#line 412 "ftpcmd.y" +#line 427 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) cwd(".."); @@ -2150,7 +2164,7 @@ yyreduce: break; case 38: -#line 417 "ftpcmd.y" +#line 432 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) { lreply(211, "Supported features:"); @@ -2163,7 +2177,7 @@ yyreduce: break; case 39: -#line 427 "ftpcmd.y" +#line 442 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) reply(501, "Bad options"); @@ -2172,7 +2186,7 @@ yyreduce: break; case 40: -#line 434 "ftpcmd.y" +#line 449 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) help(sitetab, (char *) 0); @@ -2180,7 +2194,7 @@ yyreduce: break; case 41: -#line 439 "ftpcmd.y" +#line 454 "ftpcmd.y" { if ((yyvsp[(7) - (7)].i)) help(sitetab, (yyvsp[(5) - (7)].s)); @@ -2188,7 +2202,7 @@ yyreduce: break; case 42: -#line 444 "ftpcmd.y" +#line 459 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { int oldmask = umask(0); @@ -2199,7 +2213,7 @@ yyreduce: break; case 43: -#line 452 "ftpcmd.y" +#line 467 "ftpcmd.y" { if ((yyvsp[(7) - (7)].i)) { if (((yyvsp[(5) - (7)].i) == -1) || ((yyvsp[(5) - (7)].i) > 0777)) { @@ -2215,7 +2229,7 @@ yyreduce: break; case 44: -#line 465 "ftpcmd.y" +#line 480 "ftpcmd.y" { if ((yyvsp[(9) - (9)].i) && (yyvsp[(7) - (9)].s) != NULL) { if ((yyvsp[(5) - (9)].i) > 0777) @@ -2232,7 +2246,7 @@ yyreduce: break; case 45: -#line 479 "ftpcmd.y" +#line 494 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) reply(200, @@ -2242,7 +2256,7 @@ yyreduce: break; case 46: -#line 486 "ftpcmd.y" +#line 501 "ftpcmd.y" { if ((yyvsp[(7) - (7)].i)) { if ((yyvsp[(5) - (7)].i) < 30 || (yyvsp[(5) - (7)].i) > maxtimeout) { @@ -2261,33 +2275,14 @@ yyreduce: break; case 47: -#line 503 "ftpcmd.y" +#line 518 "ftpcmd.y" { -#ifdef KRB4 - char *p; - - if(guest) - reply(500, "Can't be done as guest."); - else{ - if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL){ - p = strpbrk((yyvsp[(5) - (7)].s), " \t"); - if(p){ - *p++ = 0; - kauth((yyvsp[(5) - (7)].s), p + strspn(p, " \t")); - }else - kauth((yyvsp[(5) - (7)].s), NULL); - } - } - if((yyvsp[(5) - (7)].s) != NULL) - free((yyvsp[(5) - (7)].s)); -#else reply(500, "Command not implemented."); -#endif } break; case 48: -#line 526 "ftpcmd.y" +#line 522 "ftpcmd.y" { if((yyvsp[(5) - (5)].i)) klist(); @@ -2295,37 +2290,23 @@ yyreduce: break; case 49: -#line 531 "ftpcmd.y" +#line 527 "ftpcmd.y" { -#ifdef KRB4 - if((yyvsp[(5) - (5)].i)) - kdestroy(); -#else reply(500, "Command not implemented."); -#endif } break; case 50: -#line 540 "ftpcmd.y" +#line 531 "ftpcmd.y" { -#ifdef KRB4 - if(guest) - reply(500, "Can't be done as guest."); - else if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s)) - krbtkfile((yyvsp[(5) - (7)].s)); - if((yyvsp[(5) - (7)].s)) - free((yyvsp[(5) - (7)].s)); -#else reply(500, "Command not implemented."); -#endif } break; case 51: -#line 553 "ftpcmd.y" +#line 535 "ftpcmd.y" { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if((yyvsp[(5) - (5)].i)) @@ -2337,9 +2318,9 @@ yyreduce: break; case 52: -#line 564 "ftpcmd.y" +#line 546 "ftpcmd.y" { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if((yyvsp[(7) - (7)].i)) @@ -2353,7 +2334,7 @@ yyreduce: break; case 53: -#line 577 "ftpcmd.y" +#line 559 "ftpcmd.y" { if((yyvsp[(7) - (7)].i) && (yyvsp[(5) - (7)].s) != NULL) find((yyvsp[(5) - (7)].s)); @@ -2363,7 +2344,7 @@ yyreduce: break; case 54: -#line 584 "ftpcmd.y" +#line 566 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) reply(200, "http://www.pdc.kth.se/heimdal/"); @@ -2371,7 +2352,7 @@ yyreduce: break; case 55: -#line 589 "ftpcmd.y" +#line 571 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) do_store((yyvsp[(3) - (5)].s), "w", 1); @@ -2381,7 +2362,7 @@ yyreduce: break; case 56: -#line 596 "ftpcmd.y" +#line 578 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) { #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) @@ -2394,7 +2375,7 @@ yyreduce: break; case 57: -#line 614 "ftpcmd.y" +#line 596 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) sizecmd((yyvsp[(3) - (5)].s)); @@ -2404,7 +2385,7 @@ yyreduce: break; case 58: -#line 631 "ftpcmd.y" +#line 613 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s) != NULL) { struct stat stbuf; @@ -2435,7 +2416,7 @@ yyreduce: break; case 59: -#line 659 "ftpcmd.y" +#line 641 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) { reply(221, "Goodbye."); @@ -2445,14 +2426,14 @@ yyreduce: break; case 60: -#line 666 "ftpcmd.y" +#line 648 "ftpcmd.y" { yyerrok; } break; case 61: -#line 672 "ftpcmd.y" +#line 654 "ftpcmd.y" { restart_point = (off_t) 0; if ((yyvsp[(5) - (5)].i) && (yyvsp[(3) - (5)].s)) { @@ -2465,7 +2446,7 @@ yyreduce: break; case 62: -#line 682 "ftpcmd.y" +#line 664 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) { fromname = (char *) 0; @@ -2478,7 +2459,7 @@ yyreduce: break; case 63: -#line 692 "ftpcmd.y" +#line 674 "ftpcmd.y" { auth((yyvsp[(3) - (4)].s)); free((yyvsp[(3) - (4)].s)); @@ -2486,7 +2467,7 @@ yyreduce: break; case 64: -#line 697 "ftpcmd.y" +#line 679 "ftpcmd.y" { adat((yyvsp[(3) - (4)].s)); free((yyvsp[(3) - (4)].s)); @@ -2494,7 +2475,7 @@ yyreduce: break; case 65: -#line 702 "ftpcmd.y" +#line 684 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) pbsz((yyvsp[(3) - (5)].i)); @@ -2502,7 +2483,7 @@ yyreduce: break; case 66: -#line 707 "ftpcmd.y" +#line 689 "ftpcmd.y" { if ((yyvsp[(5) - (5)].i)) prot((yyvsp[(3) - (5)].s)); @@ -2510,7 +2491,7 @@ yyreduce: break; case 67: -#line 712 "ftpcmd.y" +#line 694 "ftpcmd.y" { if ((yyvsp[(3) - (3)].i)) ccc(); @@ -2518,7 +2499,7 @@ yyreduce: break; case 68: -#line 717 "ftpcmd.y" +#line 699 "ftpcmd.y" { mec((yyvsp[(3) - (4)].s), prot_safe); free((yyvsp[(3) - (4)].s)); @@ -2526,7 +2507,7 @@ yyreduce: break; case 69: -#line 722 "ftpcmd.y" +#line 704 "ftpcmd.y" { mec((yyvsp[(3) - (4)].s), prot_confidential); free((yyvsp[(3) - (4)].s)); @@ -2534,7 +2515,7 @@ yyreduce: break; case 70: -#line 727 "ftpcmd.y" +#line 709 "ftpcmd.y" { mec((yyvsp[(3) - (4)].s), prot_private); free((yyvsp[(3) - (4)].s)); @@ -2542,47 +2523,47 @@ yyreduce: break; case 72: -#line 739 "ftpcmd.y" +#line 721 "ftpcmd.y" { (yyval.s) = (char *)calloc(1, sizeof(char)); } break; case 75: -#line 752 "ftpcmd.y" +#line 734 "ftpcmd.y" { struct sockaddr_in *sin4 = (struct sockaddr_in *)data_dest; sin4->sin_family = AF_INET; sin4->sin_port = htons((yyvsp[(9) - (11)].i) * 256 + (yyvsp[(11) - (11)].i)); - sin4->sin_addr.s_addr = + sin4->sin_addr.s_addr = htonl(((yyvsp[(1) - (11)].i) << 24) | ((yyvsp[(3) - (11)].i) << 16) | ((yyvsp[(5) - (11)].i) << 8) | (yyvsp[(7) - (11)].i)); } break; case 76: -#line 764 "ftpcmd.y" +#line 746 "ftpcmd.y" { (yyval.i) = FORM_N; } break; case 77: -#line 768 "ftpcmd.y" +#line 750 "ftpcmd.y" { (yyval.i) = FORM_T; } break; case 78: -#line 772 "ftpcmd.y" +#line 754 "ftpcmd.y" { (yyval.i) = FORM_C; } break; case 79: -#line 779 "ftpcmd.y" +#line 761 "ftpcmd.y" { cmd_type = TYPE_A; cmd_form = FORM_N; @@ -2590,7 +2571,7 @@ yyreduce: break; case 80: -#line 784 "ftpcmd.y" +#line 766 "ftpcmd.y" { cmd_type = TYPE_A; cmd_form = (yyvsp[(3) - (3)].i); @@ -2598,7 +2579,7 @@ yyreduce: break; case 81: -#line 789 "ftpcmd.y" +#line 771 "ftpcmd.y" { cmd_type = TYPE_E; cmd_form = FORM_N; @@ -2606,7 +2587,7 @@ yyreduce: break; case 82: -#line 794 "ftpcmd.y" +#line 776 "ftpcmd.y" { cmd_type = TYPE_E; cmd_form = (yyvsp[(3) - (3)].i); @@ -2614,14 +2595,14 @@ yyreduce: break; case 83: -#line 799 "ftpcmd.y" +#line 781 "ftpcmd.y" { cmd_type = TYPE_I; } break; case 84: -#line 803 "ftpcmd.y" +#line 785 "ftpcmd.y" { cmd_type = TYPE_L; cmd_bytesz = NBBY; @@ -2629,7 +2610,7 @@ yyreduce: break; case 85: -#line 808 "ftpcmd.y" +#line 790 "ftpcmd.y" { cmd_type = TYPE_L; cmd_bytesz = (yyvsp[(3) - (3)].i); @@ -2637,7 +2618,7 @@ yyreduce: break; case 86: -#line 814 "ftpcmd.y" +#line 796 "ftpcmd.y" { cmd_type = TYPE_L; cmd_bytesz = (yyvsp[(2) - (2)].i); @@ -2645,49 +2626,49 @@ yyreduce: break; case 87: -#line 822 "ftpcmd.y" +#line 804 "ftpcmd.y" { (yyval.i) = STRU_F; } break; case 88: -#line 826 "ftpcmd.y" +#line 808 "ftpcmd.y" { (yyval.i) = STRU_R; } break; case 89: -#line 830 "ftpcmd.y" +#line 812 "ftpcmd.y" { (yyval.i) = STRU_P; } break; case 90: -#line 837 "ftpcmd.y" +#line 819 "ftpcmd.y" { (yyval.i) = MODE_S; } break; case 91: -#line 841 "ftpcmd.y" +#line 823 "ftpcmd.y" { (yyval.i) = MODE_B; } break; case 92: -#line 845 "ftpcmd.y" +#line 827 "ftpcmd.y" { (yyval.i) = MODE_C; } break; case 93: -#line 852 "ftpcmd.y" +#line 834 "ftpcmd.y" { /* * Problem: this production is used for all pathname @@ -2715,7 +2696,7 @@ yyreduce: break; case 95: -#line 884 "ftpcmd.y" +#line 866 "ftpcmd.y" { int ret, dec, multby, digit; @@ -2741,7 +2722,7 @@ yyreduce: break; case 96: -#line 910 "ftpcmd.y" +#line 892 "ftpcmd.y" { (yyval.i) = (yyvsp[(1) - (1)].i) && !guest; if((yyvsp[(1) - (1)].i) && !(yyval.i)) @@ -2750,7 +2731,7 @@ yyreduce: break; case 97: -#line 918 "ftpcmd.y" +#line 900 "ftpcmd.y" { if((yyvsp[(1) - (1)].i)) { if(((yyval.i) = logged_in) == 0) @@ -2761,7 +2742,7 @@ yyreduce: break; case 98: -#line 928 "ftpcmd.y" +#line 910 "ftpcmd.y" { (yyval.i) = 1; if(sec_complete && !ccc_passed && !secure_command()) { @@ -2774,7 +2755,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2778 "ftpcmd.c" +#line 2759 "ftpcmd.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2988,7 +2969,7 @@ yyreturn: } -#line 938 "ftpcmd.y" +#line 920 "ftpcmd.y" #define CMD 0 /* beginning of command */ @@ -3085,7 +3066,7 @@ struct tab sitetab[] = { { "FIND", LOCATE, STR1, 1, " globexpr" }, { "URL", URL, ARGS, 1, "?" }, - + { NULL, 0, 0, 0, 0 } }; diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y index 963a6a0f459..05ae7366bb4 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y +++ b/crypto/heimdal/appl/ftp/ftpd/ftpcmd.y @@ -43,7 +43,7 @@ %{ #include "ftpd_locl.h" -RCSID("$Id: ftpcmd.y 15677 2005-07-19 18:33:08Z lha $"); +RCSID("$Id$"); off_t restart_point; @@ -150,15 +150,26 @@ cmd memset ($3, 0, strlen($3)); free($3); } + | PORT SP host_port CRLF check_secure { if ($5) { - usedefault = 0; - if (pdata >= 0) { + if (paranoid && + (data_dest->sa_family != his_addr->sa_family || + (socket_get_port(data_dest) < IPPORT_RESERVED) || + memcmp(socket_get_address(data_dest), + socket_get_address(his_addr), + socket_addr_size(his_addr)) != 0)) { + usedefault = 1; + reply(500, "Illegal PORT range rejected."); + } else { + usedefault = 0; + if (pdata >= 0) { close(pdata); pdata = -1; + } + reply(200, "PORT command successful."); } - reply(200, "PORT command successful."); } } | EPRT SP STRING CRLF check_secure @@ -352,8 +363,12 @@ cmd } | CWD CRLF check_login { - if ($3) - cwd(pw->pw_dir); + if ($3) { + const char *path = pw->pw_dir; + if (dochroot || guest) + path = "/"; + cwd(path); + } } | CWD SP pathname CRLF check_login { @@ -501,26 +516,7 @@ cmd | SITE SP KAUTH SP STRING CRLF check_login { -#ifdef KRB4 - char *p; - - if(guest) - reply(500, "Can't be done as guest."); - else{ - if($7 && $5 != NULL){ - p = strpbrk($5, " \t"); - if(p){ - *p++ = 0; - kauth($5, p + strspn(p, " \t")); - }else - kauth($5, NULL); - } - } - if($5 != NULL) - free($5); -#else reply(500, "Command not implemented."); -#endif } | SITE SP KLIST CRLF check_login { @@ -529,29 +525,15 @@ cmd } | SITE SP KDESTROY CRLF check_login { -#ifdef KRB4 - if($5) - kdestroy(); -#else reply(500, "Command not implemented."); -#endif } | SITE SP KRBTKFILE SP STRING CRLF check_login { -#ifdef KRB4 - if(guest) - reply(500, "Can't be done as guest."); - else if($7 && $5) - krbtkfile($5); - if($5) - free($5); -#else reply(500, "Command not implemented."); -#endif } | SITE SP AFSLOG CRLF check_login { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if($5) @@ -562,7 +544,7 @@ cmd } | SITE SP AFSLOG SP STRING CRLF check_login { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(guest) reply(500, "Can't be done as guest."); else if($7) @@ -754,7 +736,7 @@ host_port sin4->sin_family = AF_INET; sin4->sin_port = htons($9 * 256 + $11); - sin4->sin_addr.s_addr = + sin4->sin_addr.s_addr = htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7); } ; @@ -1031,7 +1013,7 @@ struct tab sitetab[] = { { "FIND", LOCATE, STR1, 1, " globexpr" }, { "URL", URL, ARGS, 1, "?" }, - + { NULL, 0, 0, 0, 0 } }; diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 index 0dfed9f7543..b025b1ecdaa 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 @@ -47,11 +47,11 @@ .Op Fl p Ar port .Op Fl T Ar maxtimeout .Op Fl t Ar timeout -.Op Fl -gss-bindings -.Op Fl I | Fl -no-insecure-oob +.Op Fl Fl gss-bindings +.Op Fl I | Fl Fl no-insecure-oob .Op Fl u Ar default umask -.Op Fl B | Fl -builtin-ls -.Op Fl -good-chars= Ns Ar string +.Op Fl B | Fl Fl builtin-ls +.Op Fl Fl good-chars= Ns Ar string .Sh DESCRIPTION .Nm Ftpd is the @@ -101,7 +101,7 @@ Debugging information is written to the syslog using LOG_FTP. .It Fl g Anonymous users will get a umask of .Ar umask . -.It Fl -gss-bindings +.It Fl Fl gss-bindings require the peer to use GSS-API bindings (ie make sure IP addresses match). .It Fl i Open a socket and wait for a connection. This is mainly used for @@ -144,16 +144,16 @@ revert to the old behavior. Verbose mode. .It Xo .Fl B , -.Fl -builtin-ls +.Fl Fl builtin-ls .Xc use built-in ls to list files .It Xo -.Fl -good-chars= Ns Ar string +.Fl Fl good-chars= Ns Ar string .Xc allowed anonymous upload filename chars .It Xo .Fl I -.Fl -no-insecure-oob +.Fl Fl no-insecure-oob .Xc don't allow insecure out of band. Heimdal ftp clients before 0.6.3 doesn't support secure oob, so turning diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c index 2005a4fb316..5be67c86623 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c @@ -38,7 +38,7 @@ #endif #include "getarg.h" -RCSID("$Id: ftpd.c 21222 2007-06-20 10:11:14Z lha $"); +RCSID("$Id$"); static char version[] = "Version 6.00"; @@ -91,6 +91,7 @@ char tmpline[10240]; char hostname[MaxHostNameLen]; char remotehost[MaxHostNameLen]; static char ttyline[20]; +int paranoid = 1; #define AUTH_PLAIN (1 << 0) /* allow sending passwords */ #define AUTH_OTP (1 << 1) /* passwords are one-time */ @@ -190,7 +191,7 @@ parse_auth_level(char *str) else warnx("bad value for -a: `%s'", p); } - return ret; + return ret; } /* @@ -225,7 +226,7 @@ struct getargs args[] = { { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" }, { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" }, -#ifdef KRB5 +#ifdef KRB5 { "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL}, #endif { "version", 0, arg_flag, &version_flag }, @@ -271,22 +272,12 @@ main(int argc, char **argv) setprogname (argv[0]); - /* detach from any tickets and tokens */ - { -#ifdef KRB4 - char tkfile[1024]; - snprintf(tkfile, sizeof(tkfile), - "/tmp/ftp_%u", (unsigned)getpid()); - krb_set_tkt_string(tkfile); -#endif - } - if(getarg(args, num_args, argc, argv, &optind)) usage(1); if(help_flag) usage(0); - + if(version_flag) { print_version(NULL); exit(0); @@ -297,7 +288,7 @@ main(int argc, char **argv) { char *p; long val = 0; - + if(guest_umask_string) { val = strtol(guest_umask_string, &p, 8); if (*p != '\0' || val < 0) @@ -328,7 +319,7 @@ main(int argc, char **argv) else warnx("bad value for -p"); } - + if (maxtimeout < ftpd_timeout) maxtimeout = ftpd_timeout; @@ -338,7 +329,7 @@ main(int argc, char **argv) #endif if(interactive_flag) - mini_inetd (port); + mini_inetd(port, NULL); /* * LOG_NDELAY sets up the logging connection immediately, @@ -355,14 +346,9 @@ main(int argc, char **argv) syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); exit(1); } -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - { - int tos = IPTOS_LOWDELAY; - - if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, - (void *)&tos, sizeof(int)) < 0) - syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); - } +#if defined(IP_TOS) + if (ctrl_addr->sa_family == AF_INET) + socket_set_tos(STDIN_FILENO, IP_TOS); #endif data_source->sa_family = ctrl_addr->sa_family; socket_set_port (data_source, @@ -410,20 +396,14 @@ main(int argc, char **argv) show_file(_PATH_FTPWELCOME, 220); /* reply(220,) must follow */ gethostname(hostname, sizeof(hostname)); - + reply(220, "%s FTP server (%s" #ifdef KRB5 "+%s" -#endif -#ifdef KRB4 - "+%s" #endif ") ready.", hostname, version #ifdef KRB5 ,heimdal_version -#endif -#ifdef KRB4 - ,krb4_version #endif ); @@ -528,7 +508,7 @@ user(char *name) guest = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { if ((auth_level & AUTH_FTP) == 0 || - checkaccess("ftp") || + checkaccess("ftp") || checkaccess("anonymous")) reply(530, "User %s access denied.", name); else if ((pw = sgetpwnam("ftp")) != NULL) { @@ -661,7 +641,7 @@ checkuser(char *fname, char *name) /* - * Determine whether a user has access, based on information in + * Determine whether a user has access, based on information in * _PATH_FTPUSERS. The users are listed one per line, with `allow' * or `deny' after the username. If anything other than `allow', or * just nothing, is given after the username, `deny' is assumed. @@ -689,9 +669,9 @@ checkaccess(char *name) int allowed = ALLOWED; char *user, *perm, line[BUFSIZ]; char *foo; - + fd = fopen(_PATH_FTPUSERS, "r"); - + if(fd == NULL) return allowed; @@ -724,7 +704,7 @@ int do_login(int code, char *passwd) return -1; } initgroups(pw->pw_name, pw->pw_gid); -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(k_hasafs()) k_setpag(); #endif @@ -799,7 +779,7 @@ int do_login(int code, char *passwd) sizeof(data_addr)); syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s", - remotehost, + remotehost, data_addr, passwd); } @@ -850,11 +830,11 @@ end_login(void) static int krb5_verify(struct passwd *pwd, char *passwd) { - krb5_context context; + krb5_context context; krb5_ccache id; krb5_principal princ; krb5_error_code ret; - + ret = krb5_init_context(&context); if(ret) return ret; @@ -864,7 +844,7 @@ krb5_verify(struct passwd *pwd, char *passwd) krb5_free_context(context); return ret; } - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id); if(ret){ krb5_free_principal(context, princ); krb5_free_context(context); @@ -882,7 +862,7 @@ krb5_verify(struct passwd *pwd, char *passwd) } krb5_cc_destroy(context, id); krb5_free_context (context); - if(ret) + if(ret) return ret; return 0; } @@ -916,21 +896,6 @@ pass(char *passwd) else if((auth_level & AUTH_OTP) == 0) { #ifdef KRB5 rval = krb5_verify(pw, passwd); -#endif -#ifdef KRB4 - if (rval) { - char realm[REALM_SZ]; - if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) - rval = krb_verify_user(pw->pw_name, - "", realm, - passwd, - KRB_VERIFY_SECURE, NULL); - if (rval == KSUCCESS ) { - chown (tkt_string(), pw->pw_uid, pw->pw_gid); - if(k_hasafs()) - krb_afslog(0, 0); - } - } #endif if (rval) rval = unix_verify_user(pw->pw_name, passwd); @@ -977,7 +942,7 @@ pass(char *passwd) } if(!do_login(230, passwd)) return; - + /* Forget all about it... */ end_login(); } @@ -1013,7 +978,7 @@ retrieve(const char *cmd, char *name) for(p = cmds; p->ext; p++){ char *tail = name + strlen(name) - strlen(p->ext); char c = *tail; - + if(strcmp(tail, p->ext) == 0 && (*tail = 0) == 0 && access(name, R_OK) == 0){ @@ -1037,7 +1002,7 @@ retrieve(const char *cmd, char *name) free(ext); } } - + } if(p->ext){ fin = ftpd_popen(line, "r", 0, 0); @@ -1106,7 +1071,7 @@ done: /* filename sanity check */ -int +int filename_check(char *filename) { char *p; @@ -1127,7 +1092,7 @@ filename_check(char *filename) lreply(553, "\"%s\" is not an acceptable filename.", filename); lreply(553, "The filename must start with an alphanumeric " "character and must only"); - reply(553, "consist of alphanumeric characters or any of the following: %s", + reply(553, "consist of alphanumeric characters or any of the following: %s", good_chars); return 1; } @@ -1141,10 +1106,14 @@ do_store(char *name, char *mode, int unique) if(guest && filename_check(name)) return; - if (unique && stat(name, &st) == 0 && - (name = gunique(name)) == NULL) { - LOGCMD(*mode == 'w' ? "put" : "append", name); - return; + if (unique) { + char *uname; + if (stat(name, &st) == 0) { + if ((uname = gunique(name)) == NULL) + return; + name = uname; + } + LOGCMD(*mode == 'w' ? "put" : "append", name); } if (restart_point) @@ -1252,7 +1221,7 @@ bad: } static int -accept_with_timeout(int socket, +accept_with_timeout(int socket, struct sockaddr *address, socklen_t *address_len, struct timeval *timeout) @@ -1302,13 +1271,9 @@ dataconn(const char *name, off_t size, const char *mode) } close(pdata); pdata = s; -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - { - int tos = IPTOS_THROUGHPUT; - - setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos, - sizeof(tos)); - } +#if defined(IPTOS_THROUGHPUT) + if (from->sa_family == AF_INET) + socket_set_tos(s, IPTOS_THROUGHPUT); #endif reply(150, "Opening %s mode data connection for '%s'%s.", type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); @@ -1323,7 +1288,7 @@ dataconn(const char *name, off_t size, const char *mode) if (usedefault) data_dest = his_addr; usedefault = 1; - /* + /* * Default to using the same socket type as the ctrl address, * unless we know the type of the data address. */ @@ -1399,7 +1364,7 @@ send_data(FILE *instr, FILE *outstr) goto data_err; reply(226, "Transfer complete."); return; - + case TYPE_I: case TYPE_L: #if 0 /* XXX handle urg flag */ @@ -1411,7 +1376,7 @@ send_data(FILE *instr, FILE *outstr) struct stat st; char *chunk; int in = fileno(instr); - if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) + if(fstat(in, &st) == 0 && S_ISREG(st.st_mode) && st.st_size > 0) { /* * mmap zero bytes has potential of loosing, don't do it. @@ -1505,7 +1470,7 @@ receive_data(FILE *instr, FILE *outstr) perror_reply(451, "Local resource failure: malloc"); return -1; } - + switch (type) { case TYPE_I: @@ -1534,7 +1499,7 @@ receive_data(FILE *instr, FILE *outstr) char *p, *q; int cr_flag = 0; while ((cnt = sec_read(fileno(instr), - buf + cr_flag, + buf + cr_flag, bufsize - cr_flag)) > 0){ if (urgflag && handleoobcmd()) return (-1); @@ -1583,13 +1548,13 @@ receive_data(FILE *instr, FILE *outstr) urgflag = 0; return (-1); } - + data_err: transflag = 0; urgflag = 0; perror_reply(426, "Data Connection"); return (-1); - + file_err: transflag = 0; urgflag = 0; @@ -1772,7 +1737,7 @@ do_delete(char *name) perror_reply(550, name); return; } - if ((st.st_mode&S_IFMT) == S_IFDIR) { + if (S_ISDIR(st.st_mode)) { if (rmdir(name) < 0) { perror_reply(550, name); return; @@ -1788,7 +1753,7 @@ done: } void -cwd(char *path) +cwd(const char *path) { if (chdir(path) < 0) @@ -1831,7 +1796,7 @@ pwd(void) char *ret; /* SunOS has a broken getcwd that does popen(pwd) (!!!), this - * failes miserably when running chroot + * failes miserably when running chroot */ ret = getcwd(path, sizeof(path)); if (ret == NULL) @@ -1902,7 +1867,7 @@ dologout(int status) transflag = 0; urgflag = 0; if (logged_in) { -#if KRB4 || KRB5 +#if KRB5 cond_kdestroy(); #endif seteuid((uid_t)0); /* No need to check, we call exit() below */ @@ -1913,7 +1878,7 @@ dologout(int status) exit(status); #else _exit(status); -#endif +#endif } void abor(void) @@ -2017,8 +1982,8 @@ pasv(void) socket_set_address_and_port (pasv_addr, socket_get_address (ctrl_addr), 0); - socket_set_portrange(pdata, restricted_data_ports, - pasv_addr->sa_family); + socket_set_portrange(pdata, restricted_data_ports, + pasv_addr->sa_family); if (seteuid(0) < 0) fatal("Failed to seteuid"); if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { @@ -2064,8 +2029,8 @@ epsv(char *proto) socket_set_address_and_port (pasv_addr, socket_get_address (ctrl_addr), 0); - socket_set_portrange(pdata, restricted_data_ports, - pasv_addr->sa_family); + socket_set_portrange(pdata, restricted_data_ports, + pasv_addr->sa_family); if (seteuid(0) < 0) fatal("Failed to seteuid"); if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { @@ -2123,7 +2088,7 @@ eprt(char *str) case 2 : data_dest->sa_family = AF_INET6; break; -#endif +#endif case 1 : data_dest->sa_family = AF_INET; break; @@ -2154,7 +2119,18 @@ eprt(char *str) reply(500, "Bad port syntax in EPRT"); return; } + if (port < IPPORT_RESERVED) { + reply(500, "Bad port in invalid range in EPRT"); + return; + } socket_set_port (data_dest, htons(port)); + + if (paranoid && + (data_dest->sa_family != his_addr->sa_family || + memcmp(socket_get_address(data_dest), socket_get_address(his_addr), socket_sockaddr_size(data_dest)) != 0)) + { + reply(500, "Bad address in EPRT"); + } reply(200, "EPRT command successful."); } @@ -2353,15 +2329,13 @@ out: transflag = 0; if (dout != NULL){ sec_write(fileno(dout), buf, 0); /* XXX flush */ - + fclose(dout); } data = -1; pdata = -1; - if (freeglob) { - freeglob = 0; + if (freeglob) globfree(&gl); - } } diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h index f5574e97054..cff3ff3d46a 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: ftpd_locl.h 14933 2005-04-24 19:58:14Z lha $ */ +/* $Id$ */ #ifndef __ftpd_locl_h__ #define __ftpd_locl_h__ @@ -145,14 +145,10 @@ #include #endif /* KRB5 */ -#ifdef KRB4 -#include -#endif - -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) #include #endif - + #ifdef OTP #include #endif diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 index 85b5f62b8a4..2e00a2b26ae 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 @@ -1,4 +1,4 @@ -.\" $Id: ftpusers.5 11176 2002-08-20 17:07:29Z joda $ +.\" $Id$ .\" .Dd May 7, 1997 .Dt FTPUSERS 5 diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c index 6fa8f7e9757..6031b52a87e 100644 --- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c +++ b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c @@ -1,155 +1,75 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "ftpd_locl.h" -#include -#include - -RCSID("$Id: gss_userok.c 21222 2007-06-20 10:11:14Z lha $"); - -/* XXX a bit too much of krb5 dependency here... - What is the correct way to do this? - */ - -struct gss_krb5_data { - krb5_context context; -}; +#include /* XXX sync with gssapi.c */ -struct gss_data { +struct gssapi_data { gss_ctx_id_t context_hdl; - char *client_name; + gss_name_t client_name; gss_cred_id_t delegated_cred_handle; void *mech_data; }; -int gss_userok(void*, char*); /* to keep gcc happy */ -int gss_session(void*, char*); /* to keep gcc happy */ +int gssapi_userok(void*, char*); /* to keep gcc happy */ +int gssapi_session(void*, char*); /* to keep gcc happy */ int -gss_userok(void *app_data, char *username) +gssapi_userok(void *app_data, char *username) { - struct gss_data *data = app_data; - krb5_error_code ret; - krb5_principal client; - struct gss_krb5_data *kdata; + struct gssapi_data *data = app_data; - kdata = calloc(1, sizeof(struct gss_krb5_data)); - if (kdata == NULL) - return 1; - data->mech_data = kdata; - - ret = krb5_init_context(&(kdata->context)); - if (ret) { - free(kdata); - return 1; - } - - ret = krb5_parse_name(kdata->context, data->client_name, &client); - if(ret) { - krb5_free_context(kdata->context); - free(kdata); - return 1; - } - ret = krb5_kuserok(kdata->context, client, username); - if (!ret) { - krb5_free_principal(kdata->context, client); - krb5_free_context(kdata->context); - free(kdata); - return 1; - } - - ret = 0; - krb5_free_principal(kdata->context, client); - return ret; + /* Yes, this logic really is inverted. */ + return !gss_userok(data->client_name, username); } int -gss_session(void *app_data, char *username) +gssapi_session(void *app_data, char *username) { - struct gss_data *data = app_data; - krb5_error_code ret; - OM_uint32 minor_status; - struct gss_krb5_data *kdata; + struct gssapi_data *data = app_data; + OM_uint32 major, minor; + int ret = 0; - ret = 0; - - kdata = (struct gss_krb5_data *)(data->mech_data); - - /* more of krb-depend stuff :-( */ - /* gss_add_cred() ? */ if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) { - krb5_ccache ccache = NULL; - const char* ticketfile; - struct passwd *kpw; - - ret = krb5_cc_gen_new(kdata->context, &krb5_fcc_ops, &ccache); - if (ret) - goto fail; - - ticketfile = krb5_cc_get_name(kdata->context, ccache); - - ret = gss_krb5_copy_ccache(&minor_status, - data->delegated_cred_handle, - ccache); - if (ret) { - ret = 0; - goto fail; - } - - do_destroy_tickets = 1; - - kpw = getpwnam(username); - - if (kpw == NULL) { - unlink(ticketfile); - ret = 1; - goto fail; - } - - chown (ticketfile, kpw->pw_uid, kpw->pw_gid); - - if (asprintf(&k5ccname, "FILE:%s", ticketfile) != -1) { - esetenv ("KRB5CCNAME", k5ccname, 1); - } + major = gss_store_cred(&minor, data->delegated_cred_handle, + GSS_C_INITIATE, GSS_C_NO_OID, + 1, 1, NULL, NULL); + if (GSS_ERROR(major)) + ret = 1; afslog(NULL, 1); - fail: - if (ccache) - krb5_cc_close(kdata->context, ccache); } - - gss_release_cred(&minor_status, &data->delegated_cred_handle); - krb5_free_context(kdata->context); - free(kdata); + + gss_release_cred(&minor, &data->delegated_cred_handle); return ret; } diff --git a/crypto/heimdal/appl/ftp/ftpd/gssapi.c b/crypto/heimdal/appl/ftp/ftpd/gssapi.c index 9432feb8290..29be7641c96 100644 --- a/crypto/heimdal/appl/ftp/ftpd/gssapi.c +++ b/crypto/heimdal/appl/ftp/ftpd/gssapi.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef FTP_SERVER @@ -36,17 +36,18 @@ #else #include "ftp_locl.h" #endif -#include +#include +#include #include -RCSID("$Id: gssapi.c 21513 2007-07-12 12:45:25Z lha $"); +RCSID("$Id$"); int ftp_do_gss_bindings = 0; int ftp_do_gss_delegate = 1; -struct gss_data { +struct gssapi_data { gss_ctx_id_t context_hdl; - char *client_name; + gss_name_t client_name; gss_cred_id_t delegated_cred_handle; void *mech_data; }; @@ -54,7 +55,7 @@ struct gss_data { static int gss_init(void *app_data) { - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; d->context_hdl = GSS_C_NO_CONTEXT; d->delegated_cred_handle = GSS_C_NO_CREDENTIAL; #if defined(FTP_SERVER) @@ -84,7 +85,7 @@ gss_decode(void *app_data, void *buf, int len, int level) gss_buffer_desc input, output; gss_qop_t qop_state; int conf_state; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; size_t ret_len; input.length = len; @@ -116,7 +117,7 @@ gss_encode(void *app_data, void *from, int length, int level, void **to) OM_uint32 maj_stat, min_stat; gss_buffer_desc input, output; int conf_state; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; input.length = length; input.value = from; @@ -157,7 +158,7 @@ sockaddr_to_gss_address (struct sockaddr *sa, } default : errx (1, "unknown address family %d", sa->sa_family); - + } } @@ -172,7 +173,7 @@ gss_adat(void *app_data, void *buf, size_t len) gss_buffer_desc input_token, output_token; OM_uint32 maj_stat, min_stat; gss_name_t client_name; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; gss_channel_bindings_t bindings; if (ftp_do_gss_bindings) { @@ -186,7 +187,7 @@ gss_adat(void *app_data, void *buf, size_t len) sockaddr_to_gss_address (ctrl_addr, &bindings->acceptor_addrtype, &bindings->acceptor_address); - + bindings->application_data.length = 0; bindings->application_data.value = NULL; } else @@ -218,32 +219,8 @@ gss_adat(void *app_data, void *buf, size_t len) gss_release_buffer(&min_stat, &output_token); } if(maj_stat == GSS_S_COMPLETE){ - char *name; - gss_buffer_desc export_name; - gss_OID oid; - - maj_stat = gss_display_name(&min_stat, client_name, - &export_name, &oid); - if(maj_stat != 0) { - reply(500, "Error displaying name"); - goto out; - } - /* XXX kerberos */ - if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) { - reply(500, "OID not kerberos principal name"); - gss_release_buffer(&min_stat, &export_name); - goto out; - } - name = malloc(export_name.length + 1); - if(name == NULL) { - reply(500, "Out of memory"); - gss_release_buffer(&min_stat, &export_name); - goto out; - } - memcpy(name, export_name.value, export_name.length); - name[export_name.length] = '\0'; - gss_release_buffer(&min_stat, &export_name); - d->client_name = name; + d->client_name = client_name; + client_name = GSS_C_NO_NAME; if(p) reply(235, "ADAT=%s", p); else @@ -265,24 +242,25 @@ gss_adat(void *app_data, void *buf, size_t len) GSS_C_NO_OID, &msg_ctx, &status_string); - syslog(LOG_ERR, "gss_accept_sec_context: %s", + syslog(LOG_ERR, "gss_accept_sec_context: %.*s", + (int)status_string.length, (char*)status_string.value); gss_release_buffer(&new_stat, &status_string); reply(431, "Security resource unavailable"); } - out: + if (client_name) gss_release_name(&min_stat, &client_name); free(p); return 0; } -int gss_userok(void*, char*); -int gss_session(void*, char*); +int gssapi_userok(void*, char*); +int gssapi_session(void*, char*); struct sec_server_mech gss_server_mech = { "GSSAPI", - sizeof(struct gss_data), + sizeof(struct gssapi_data), gss_init, /* init */ NULL, /* end */ gss_check_prot, @@ -294,8 +272,8 @@ struct sec_server_mech gss_server_mech = { gss_adat, NULL, /* pbsz */ NULL, /* ccc */ - gss_userok, - gss_session + gssapi_userok, + gssapi_session }; #else /* FTP_SERVER */ @@ -324,15 +302,17 @@ import_name(const char *kname, const char *host, gss_name_t *target_name) OM_uint32 new_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string; - + gss_display_status(&new_stat, min_stat, GSS_C_MECH_CODE, GSS_C_NO_OID, &msg_ctx, &status_string); - printf("Error importing name %s: %s\n", + printf("Error importing name %.*s: %.*s\n", + (int)name.length, (char *)name.value, + (int)status_string.length, (char *)status_string.value); free(name.value); gss_release_buffer(&new_stat, &status_string); @@ -345,7 +325,7 @@ import_name(const char *kname, const char *host, gss_name_t *target_name) static int gss_auth(void *app_data, char *host) { - + OM_uint32 maj_stat, min_stat; gss_name_t target_name; gss_buffer_desc input, output_token; @@ -353,12 +333,12 @@ gss_auth(void *app_data, char *host) char *p; int n; gss_channel_bindings_t bindings; - struct gss_data *d = app_data; + struct gssapi_data *d = app_data; OM_uint32 mech_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; const char *knames[] = { "ftp", "host", NULL }, **kname = knames; - - + + if(import_name(*kname++, host, &target_name)) return AUTH_ERROR; @@ -369,14 +349,14 @@ gss_auth(void *app_data, char *host) bindings = malloc(sizeof(*bindings)); if (bindings == NULL) errx(1, "out of memory"); - + sockaddr_to_gss_address (myctladdr, &bindings->initiator_addrtype, &bindings->initiator_address); sockaddr_to_gss_address (hisctladdr, &bindings->acceptor_addrtype, &bindings->acceptor_address); - + bindings->application_data.length = 0; bindings->application_data.value = NULL; } else @@ -417,7 +397,7 @@ gss_auth(void *app_data, char *host) } continue; } - + if (bindings != GSS_C_NO_CHANNEL_BINDINGS) free(bindings); @@ -427,7 +407,8 @@ gss_auth(void *app_data, char *host) GSS_C_NO_OID, &msg_ctx, &status_string); - printf("Error initializing security context: %s\n", + printf("Error initializing security context: %.*s\n", + (int)status_string.length, (char*)status_string.value); gss_release_buffer(&new_stat, &status_string); return AUTH_CONTINUE; @@ -501,13 +482,15 @@ gss_auth(void *app_data, char *host) &name, NULL); if (GSS_ERROR(maj_stat) == 0) { - printf("Authenticated to <%s>\n", (char *)name.value); + printf("Authenticated to <%.*s>\n", + (int)name.length, + (char *)name.value); gss_release_buffer(&min_stat, &name); } gss_release_name(&min_stat, &targ_name); } else printf("Failed to get gss name of peer.\n"); - } + } return AUTH_OK; @@ -515,7 +498,7 @@ gss_auth(void *app_data, char *host) struct sec_client_mech gss_client_mech = { "GSSAPI", - sizeof(struct gss_data), + sizeof(struct gssapi_data), gss_init, gss_auth, NULL, /* end */ diff --git a/crypto/heimdal/appl/ftp/ftpd/kauth.c b/crypto/heimdal/appl/ftp/ftpd/kauth.c index 0f34092d164..546461d9dbc 100644 --- a/crypto/heimdal/appl/ftp/ftpd/kauth.c +++ b/crypto/heimdal/appl/ftp/ftpd/kauth.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,226 +33,15 @@ #include "ftpd_locl.h" -RCSID("$Id: kauth.c 15666 2005-07-19 17:08:11Z lha $"); +RCSID("$Id$"); -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) int do_destroy_tickets = 1; char *k5ccname; #endif -#ifdef KRB4 - -static KTEXT_ST cip; -static unsigned int lifetime; -static time_t local_time; - -static krb_principal pr; - -static int -save_tkt(const char *user, - const char *instance, - const char *realm, - const void *arg, - key_proc_t key_proc, - KTEXT *cipp) -{ - local_time = time(0); - memmove(&cip, *cipp, sizeof(cip)); - return -1; -} - -static int -store_ticket(KTEXT cip) -{ - char *ptr; - des_cblock session; - krb_principal sp; - unsigned char kvno; - KTEXT_ST tkt; - int left = cip->length; - int len; - int kerror; - - ptr = (char *) cip->dat; - - /* extract session key */ - memmove(session, ptr, 8); - ptr += 8; - left -= 8; - - len = strnlen(ptr, left); - if (len == left) - return(INTK_BADPW); - - /* extract server's name */ - strlcpy(sp.name, ptr, sizeof(sp.name)); - ptr += len + 1; - left -= len + 1; - - len = strnlen(ptr, left); - if (len == left) - return(INTK_BADPW); - - /* extract server's instance */ - strlcpy(sp.instance, ptr, sizeof(sp.instance)); - ptr += len + 1; - left -= len + 1; - - len = strnlen(ptr, left); - if (len == left) - return(INTK_BADPW); - - /* extract server's realm */ - strlcpy(sp.realm, ptr, sizeof(sp.realm)); - ptr += len + 1; - left -= len + 1; - - if(left < 3) - return INTK_BADPW; - /* extract ticket lifetime, server key version, ticket length */ - /* be sure to avoid sign extension on lifetime! */ - lifetime = (unsigned char) ptr[0]; - kvno = (unsigned char) ptr[1]; - tkt.length = (unsigned char) ptr[2]; - ptr += 3; - left -= 3; - - if (tkt.length > left) - return(INTK_BADPW); - - /* extract ticket itself */ - memmove(tkt.dat, ptr, tkt.length); - ptr += tkt.length; - left -= tkt.length; - - /* Here is where the time should be verified against the KDC. - * Unfortunately everything is sent in host byte order (receiver - * makes wrong) , and at this stage there is no way for us to know - * which byteorder the KDC has. So we simply ignore the time, - * there are no security risks with this, the only thing that can - * happen is that we might receive a replayed ticket, which could - * at most be useless. - */ - -#if 0 - /* check KDC time stamp */ - { - time_t kdc_time; - - memmove(&kdc_time, ptr, sizeof(kdc_time)); - if (swap_bytes) swap_u_long(kdc_time); - - ptr += 4; - - if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) { - return(RD_AP_TIME); /* XXX should probably be better - code */ - } - } -#endif - - /* initialize ticket cache */ - - if (tf_create(TKT_FILE) != KSUCCESS) - return(INTK_ERR); - - if (tf_put_pname(pr.name) != KSUCCESS || - tf_put_pinst(pr.instance) != KSUCCESS) { - tf_close(); - return(INTK_ERR); - } - - - kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, - lifetime, kvno, &tkt, local_time); - tf_close(); - - return(kerror); -} - -void -kauth(char *principal, char *ticket) -{ - char *p; - int ret; - - if(get_command_prot() != prot_private) { - reply(500, "Request denied (bad protection level)"); - return; - } - ret = krb_parse_name(principal, &pr); - if(ret){ - reply(500, "Bad principal: %s.", krb_get_err_text(ret)); - return; - } - if(pr.realm[0] == 0) - krb_get_lrealm(pr.realm, 1); - - if(ticket){ - cip.length = base64_decode(ticket, &cip.dat); - if(cip.length == -1){ - reply(500, "Failed to decode data."); - return; - } - ret = store_ticket(&cip); - if(ret){ - reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); - memset(&cip, 0, sizeof(cip)); - return; - } - do_destroy_tickets = 1; - - if(k_hasafs()) - krb_afslog(0, 0); - reply(200, "Tickets will be destroyed on exit."); - return; - } - - ret = krb_get_in_tkt (pr.name, - pr.instance, - pr.realm, - KRB_TICKET_GRANTING_TICKET, - pr.realm, - DEFAULT_TKT_LIFE, - NULL, save_tkt, NULL); - if(ret != INTK_BADPW){ - reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); - return; - } - if(base64_encode(cip.dat, cip.length, &p) < 0) { - reply(500, "Out of memory while base64-encoding."); - return; - } - reply(300, "P=%s T=%s", krb_unparse_name(&pr), p); - free(p); - memset(&cip, 0, sizeof(cip)); -} - - -static char * -short_date(int32_t dp) -{ - char *cp; - time_t t = (time_t)dp; - - if (t == (time_t)(-1L)) return "*** Never *** "; - cp = ctime(&t) + 4; - cp[15] = '\0'; - return (cp); -} - -void -krbtkfile(const char *tkfile) -{ - do_destroy_tickets = 0; - krb_set_tkt_string(tkfile); - reply(200, "Using ticket file %s", tkfile); -} - -#endif /* KRB4 */ - #ifdef KRB5 static void @@ -261,7 +50,7 @@ dest_cc(void) krb5_context context; krb5_error_code ret; krb5_ccache id; - + ret = krb5_init_context(&context); if (ret == 0) { if (k5ccname) @@ -278,7 +67,7 @@ dest_cc(void) } #endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) /* * Only destroy if we created the tickets @@ -288,9 +77,6 @@ void cond_kdestroy(void) { if (do_destroy_tickets) { -#if KRB4 - dest_tkt(); -#endif #if KRB5 dest_cc(); #endif @@ -302,9 +88,6 @@ cond_kdestroy(void) void kdestroy(void) { -#if KRB4 - dest_tkt(); -#endif #if KRB5 dest_cc(); #endif @@ -336,9 +119,6 @@ afslog(const char *cell, int quiet) krb5_cc_close (context, id); krb5_free_context (context); } -#endif -#ifdef KRB4 - krb_afslog(cell, 0); #endif if (!quiet) reply(200, "afslog done"); @@ -357,4 +137,4 @@ afsunlog(void) #else int ftpd_afslog_placeholder; -#endif /* KRB4 || KRB5 */ +#endif /* KRB5 */ diff --git a/crypto/heimdal/appl/ftp/ftpd/klist.c b/crypto/heimdal/appl/ftp/ftpd/klist.c index 4afa9b83ccc..5da107d29b0 100644 --- a/crypto/heimdal/appl/ftp/ftpd/klist.c +++ b/crypto/heimdal/appl/ftp/ftpd/klist.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -48,7 +48,7 @@ print_cred(krb5_context context, krb5_creds *cred) krb5_format_time(context, cred->times.starttime, t1, sizeof(t1), 1); else krb5_format_time(context, cred->times.authtime, t1, sizeof(t1), 1); - + if(cred->times.endtime > sec) krb5_format_time(context, cred->times.endtime, t2, sizeof(t2), 1); else @@ -81,7 +81,7 @@ print_tickets (krb5_context context, return 500; } - lreply(200, "%17s: %s:%s", + lreply(200, "%17s: %s:%s", "Credentials cache", krb5_cc_get_type(context, ccache), krb5_cc_get_name(context, ccache)); @@ -101,7 +101,7 @@ print_tickets (krb5_context context, &cursor, &cred)) == 0) { if (print_cred(context, &cred)) - return 500; + return 500; krb5_free_cred_contents (context, &cred); } if (ret != KRB5_CC_END) { @@ -137,7 +137,7 @@ klist5(void) else ret = krb5_cc_default (context, &ccache); if (ret) { - lreply(500, "krb5_cc_default: %d", ret); + lreply(500, "krb5_cc_default: %d", ret); return 500; } @@ -155,7 +155,7 @@ klist5(void) ret = krb5_cc_close (context, ccache); if (ret) { - lreply(500, "krb5_cc_close: %d", ret); + lreply(500, "krb5_cc_close: %d", ret); exit_status = 500; } diff --git a/crypto/heimdal/appl/ftp/ftpd/krb4.c b/crypto/heimdal/appl/ftp/ftpd/krb4.c deleted file mode 100644 index 408b7fa7357..00000000000 --- a/crypto/heimdal/appl/ftp/ftpd/krb4.c +++ /dev/null @@ -1,340 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef FTP_SERVER -#include "ftpd_locl.h" -#else -#include "ftp_locl.h" -#endif -#include - -RCSID("$Id: krb4.c 17450 2006-05-05 11:11:43Z lha $"); - -#ifdef FTP_SERVER -#define LOCAL_ADDR ctrl_addr -#define REMOTE_ADDR his_addr -#else -#define LOCAL_ADDR myctladdr -#define REMOTE_ADDR hisctladdr -#endif - -extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR; - -struct krb4_data { - des_cblock key; - des_key_schedule schedule; - char name[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; -}; - -static int -krb4_check_prot(void *app_data, int level) -{ - if(level == prot_confidential) - return -1; - return 0; -} - -static int -krb4_decode(void *app_data, void *buf, int len, int level) -{ - MSG_DAT m; - int e; - struct krb4_data *d = app_data; - - if(level == prot_safe) - e = krb_rd_safe(buf, len, &d->key, - (struct sockaddr_in *)REMOTE_ADDR, - (struct sockaddr_in *)LOCAL_ADDR, &m); - else - e = krb_rd_priv(buf, len, d->schedule, &d->key, - (struct sockaddr_in *)REMOTE_ADDR, - (struct sockaddr_in *)LOCAL_ADDR, &m); - if(e){ - syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e)); - return -1; - } - memmove(buf, m.app_data, m.app_length); - return m.app_length; -} - -static int -krb4_overhead(void *app_data, int level, int len) -{ - return 31; -} - -static int -krb4_encode(void *app_data, void *from, int length, int level, void **to) -{ - struct krb4_data *d = app_data; - *to = malloc(length + 31); - if(level == prot_safe) - return krb_mk_safe(from, *to, length, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - else if(level == prot_private) - return krb_mk_priv(from, *to, length, d->schedule, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - else - return -1; -} - -#ifdef FTP_SERVER - -static int -krb4_adat(void *app_data, void *buf, size_t len) -{ - KTEXT_ST tkt; - AUTH_DAT auth_dat; - char *p; - int kerror; - uint32_t cs; - char msg[35]; /* size of encrypted block */ - int tmp_len; - struct krb4_data *d = app_data; - char inst[INST_SZ]; - struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr; - - memcpy(tkt.dat, buf, len); - tkt.length = len; - - k_getsockinst(0, inst, sizeof(inst)); - kerror = krb_rd_req(&tkt, "ftp", inst, - his_addr_sin->sin_addr.s_addr, &auth_dat, ""); - if(kerror == RD_AP_UNDEC){ - k_getsockinst(0, inst, sizeof(inst)); - kerror = krb_rd_req(&tkt, "rcmd", inst, - his_addr_sin->sin_addr.s_addr, &auth_dat, ""); - } - - if(kerror){ - reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); - return -1; - } - - memcpy(d->key, auth_dat.session, sizeof(d->key)); - des_set_key(&d->key, d->schedule); - - strlcpy(d->name, auth_dat.pname, sizeof(d->name)); - strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance)); - strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance)); - - cs = auth_dat.checksum + 1; - { - unsigned char tmp[4]; - KRB_PUT_INT(cs, tmp, 4, sizeof(tmp)); - tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, - (struct sockaddr_in *)LOCAL_ADDR, - (struct sockaddr_in *)REMOTE_ADDR); - } - if(tmp_len < 0){ - reply(535, "Error creating reply: %s.", strerror(errno)); - return -1; - } - len = tmp_len; - if(base64_encode(msg, len, &p) < 0) { - reply(535, "Out of memory base64-encoding."); - return -1; - } - reply(235, "ADAT=%s", p); - sec_complete = 1; - free(p); - return 0; -} - -static int -krb4_userok(void *app_data, char *user) -{ - struct krb4_data *d = app_data; - return krb_kuserok(d->name, d->instance, d->realm, user); -} - -struct sec_server_mech krb4_server_mech = { - "KERBEROS_V4", - sizeof(struct krb4_data), - NULL, /* init */ - NULL, /* end */ - krb4_check_prot, - krb4_overhead, - krb4_encode, - krb4_decode, - /* */ - NULL, - krb4_adat, - NULL, /* pbsz */ - NULL, /* ccc */ - krb4_userok -}; - -#else /* FTP_SERVER */ - -static int -krb4_init(void *app_data) -{ - return !use_kerberos; -} - -static int -mk_auth(struct krb4_data *d, KTEXT adat, - char *service, char *host, int checksum) -{ - int ret; - CREDENTIALS cred; - char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - - strlcpy(sname, service, sizeof(sname)); - strlcpy(inst, krb_get_phost(host), sizeof(inst)); - strlcpy(realm, krb_realmofhost(host), sizeof(realm)); - ret = krb_mk_req(adat, sname, inst, realm, checksum); - if(ret) - return ret; - strlcpy(sname, service, sizeof(sname)); - strlcpy(inst, krb_get_phost(host), sizeof(inst)); - strlcpy(realm, krb_realmofhost(host), sizeof(realm)); - ret = krb_get_cred(sname, inst, realm, &cred); - memmove(&d->key, &cred.session, sizeof(des_cblock)); - des_key_sched(&d->key, d->schedule); - memset(&cred, 0, sizeof(cred)); - return ret; -} - -static int -krb4_auth(void *app_data, char *host) -{ - int ret; - char *p; - int len; - KTEXT_ST adat; - MSG_DAT msg_data; - int checksum; - uint32_t cs; - struct krb4_data *d = app_data; - struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR; - struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR; - - checksum = getpid(); - ret = mk_auth(d, &adat, "ftp", host, checksum); - if(ret == KDC_PR_UNKNOWN) - ret = mk_auth(d, &adat, "rcmd", host, checksum); - if(ret){ - printf("%s\n", krb_get_err_text(ret)); - return AUTH_CONTINUE; - } - -#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM - if (krb_get_config_bool("nat_in_use")) { - struct in_addr natAddr; - - if (krb_get_our_ip_for_realm(krb_realmofhost(host), - &natAddr) != KSUCCESS - && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS) - printf("Can't get address for realm %s\n", - krb_realmofhost(host)); - else { - if (natAddr.s_addr != localaddr->sin_addr.s_addr) { - printf("Using NAT IP address (%s) for kerberos 4\n", - inet_ntoa(natAddr)); - localaddr->sin_addr = natAddr; - - /* - * This not the best place to do this, but it - * is here we know that (probably) NAT is in - * use! - */ - - passivemode = 1; - printf("Setting: Passive mode on.\n"); - } - } - } -#endif - - printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr)); - printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr)); - - if(base64_encode(adat.dat, adat.length, &p) < 0) { - printf("Out of memory base64-encoding.\n"); - return AUTH_CONTINUE; - } - ret = command("ADAT %s", p); - free(p); - - if(ret != COMPLETE){ - printf("Server didn't accept auth data.\n"); - return AUTH_ERROR; - } - - p = strstr(reply_string, "ADAT="); - if(!p){ - printf("Remote host didn't send adat reply.\n"); - return AUTH_ERROR; - } - p += 5; - len = base64_decode(p, adat.dat); - if(len < 0){ - printf("Failed to decode base64 from server.\n"); - return AUTH_ERROR; - } - adat.length = len; - ret = krb_rd_safe(adat.dat, adat.length, &d->key, - (struct sockaddr_in *)hisctladdr, - (struct sockaddr_in *)myctladdr, &msg_data); - if(ret){ - printf("Error reading reply from server: %s.\n", - krb_get_err_text(ret)); - return AUTH_ERROR; - } - krb_get_int(msg_data.app_data, &cs, 4, 0); - if(cs - checksum != 1){ - printf("Bad checksum returned from server.\n"); - return AUTH_ERROR; - } - return AUTH_OK; -} - -struct sec_client_mech krb4_client_mech = { - "KERBEROS_V4", - sizeof(struct krb4_data), - krb4_init, /* init */ - krb4_auth, - NULL, /* end */ - krb4_check_prot, - krb4_overhead, - krb4_encode, - krb4_decode -}; - -#endif /* FTP_SERVER */ diff --git a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c index ebf37e6b14f..59f45b205d7 100644 --- a/crypto/heimdal/appl/ftp/ftpd/logwtmp.c +++ b/crypto/heimdal/appl/ftp/ftpd/logwtmp.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $"); +RCSID("$Id$"); #endif #include @@ -58,9 +58,13 @@ RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $"); #ifdef HAVE_UTMPX_H #include #endif +#ifdef HAVE_ASL_H +#include +#endif #include #include "extern.h" +#ifndef HAVE_UTMPX_H #ifndef WTMP_FILE #ifdef _PATH_WTMP #define WTMP_FILE _PATH_WTMP @@ -68,20 +72,56 @@ RCSID("$Id: logwtmp.c 9079 2000-09-19 13:17:20Z assar $"); #define WTMP_FILE "/var/adm/wtmp" #endif #endif +#endif -void -ftpd_logwtmp(char *line, char *name, char *host) +#ifdef HAVE_ASL_H + +#ifndef ASL_KEY_FACILITY +#define ASL_KEY_FACILITY "Facility" +#endif + +static void +ftpd_logwtmp_asl(char *line, char *name, char *host) +{ + static aslmsg m = NULL; + static int init = 0; + + if (!init) { + init = 1; + m = asl_new(ASL_TYPE_MSG); + if (m == NULL) + return; + asl_set(m, ASL_KEY_FACILITY, "org.h5l.ftpd"); + } + if (m) + asl_log(NULL, m, ASL_LEVEL_NOTICE, + "host %s/%s user %s%sconnected pid %d", + host, line, name, name[0] ? " " : "dis", (int)getpid()); +} + +#endif + +#ifndef HAVE_ASL_H + +static void +ftpd_logwtmp_wtmp(char *line, char *name, char *host) { static int init = 0; static int fd; #ifdef WTMPX_FILE static int fdx; #endif +#ifdef HAVE_UTMP_H struct utmp ut; -#ifdef WTMPX_FILE +#endif +#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H) struct utmpx utx; #endif +#ifdef HAVE_UTMPX_H + memset(&utx, 0, sizeof(struct utmpx)); +#endif +#ifdef HAVE_UTMP_H memset(&ut, 0, sizeof(struct utmp)); #ifdef HAVE_STRUCT_UTMP_UT_TYPE if(name[0]) @@ -98,8 +138,9 @@ ftpd_logwtmp(char *line, char *name, char *host) strncpy(ut.ut_host, host, sizeof(ut.ut_host)); #endif ut.ut_time = time(NULL); +#endif -#ifdef WTMPX_FILE +#if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H) strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_user, name, sizeof(utx.ut_user)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); @@ -122,17 +163,37 @@ ftpd_logwtmp(char *line, char *name, char *host) utx.ut_type = DEAD_PROCESS; #endif +#ifdef HAVE_UTMPX_H + pututxline(&utx); +#endif + if(!init){ +#ifdef WTMP_FILE fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0); +#endif #ifdef WTMPX_FILE fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0); #endif init = 1; } if(fd >= 0) { +#ifdef WTMP_FILE write(fd, &ut, sizeof(struct utmp)); /* XXX */ +#endif #ifdef WTMPX_FILE write(fdx, &utx, sizeof(struct utmpx)); -#endif +#endif } } + +#endif /* !HAVE_ASL_H */ + +void +ftpd_logwtmp(char *line, char *name, char *host) +{ +#ifdef HAVE_ASL_H + ftpd_logwtmp_asl(line, name, host); +#else + ftpd_logwtmp_wtmp(line, name, host); +#endif +} diff --git a/crypto/heimdal/appl/ftp/ftpd/ls.c b/crypto/heimdal/appl/ftp/ftpd/ls.c index 9dcd84812b5..a8366b91e77 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ls.c +++ b/crypto/heimdal/appl/ftp/ftpd/ls.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,7 +33,7 @@ #ifndef TEST #include "ftpd_locl.h" -RCSID("$Id: ls.c 16216 2005-10-22 13:15:43Z lha $"); +RCSID("$Id$"); #else #include @@ -152,10 +152,10 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) char buf[128]; int file_type = 0; struct stat *st = &file->st; - + file->inode = st->st_ino; file->bsize = block_convert(st->st_blocks); - + if(S_ISDIR(st->st_mode)) { file->mode[0] = 'd'; file_type = '/'; @@ -187,10 +187,10 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) file_type = '%'; } #endif - else + else file->mode[0] = '?'; { - char *x[] = { "---", "--x", "-w-", "-wx", + char *x[] = { "---", "--x", "-w-", "-wx", "r--", "r-x", "rw-", "rwx" }; strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]); strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]); @@ -241,7 +241,7 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) return -1; } } - + if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) { #if defined(major) && defined(minor) if (asprintf(&file->major, "%u", (unsigned)major(st->st_rdev)) == -1) @@ -405,16 +405,16 @@ find_log10(int num) * have to fetch them. */ -#ifdef KRB4 +#ifdef KRB5 static int do_the_afs_dance = 1; #endif static int lstat_file (const char *file, struct stat *sb) { -#ifdef KRB4 +#ifdef KRB5 if (do_the_afs_dance && - k_hasafs() + k_hasafs() && strcmp(file, ".") && strcmp(file, "..") && strcmp(file, "/")) @@ -425,19 +425,19 @@ lstat_file (const char *file, struct stat *sb) static ino_t ino_counter = 0, ino_last = 0; int ret; const int maxsize = 2048; - + path_bkp = strdup (file); if (path_bkp == NULL) return -1; - + a_params.out = malloc (maxsize); - if (a_params.out == NULL) { + if (a_params.out == NULL) { free (path_bkp); return -1; } - + /* If path contains more than the filename alone - split it */ - + last = strrchr (path_bkp, '/'); if (last != NULL) { if(last[1] == '\0') @@ -457,10 +457,10 @@ lstat_file (const char *file, struct stat *sb) dir = "."; a_params.in = path_bkp; } - + a_params.in_size = strlen (a_params.in) + 1; a_params.out_size = maxsize; - + ret = k_pioctl (dir, VIOC_AFS_STAT_MT_PT, &a_params, 0); free (a_params.out); if (ret < 0) { @@ -473,7 +473,7 @@ lstat_file (const char *file, struct stat *sb) return lstat (file, sb); } - /* + /* * wow this was a mountpoint, lets cook the struct stat * use . as a prototype */ @@ -494,7 +494,7 @@ lstat_file (const char *file, struct stat *sb) return 0; } -#endif /* KRB4 */ +#endif /* KRB5 */ return lstat (file, sb); } @@ -551,15 +551,15 @@ list_files(FILE *out, const char **files, int n_files, int flags) } switch(SORT_MODE(flags)) { case LS_SORT_NAME: - qsort(fi, n_files, sizeof(*fi), + qsort(fi, n_files, sizeof(*fi), (int (*)(const void*, const void*))compare_filename); break; case LS_SORT_MTIME: - qsort(fi, n_files, sizeof(*fi), + qsort(fi, n_files, sizeof(*fi), (int (*)(const void*, const void*))compare_mtime); break; case LS_SORT_SIZE: - qsort(fi, n_files, sizeof(*fi), + qsort(fi, n_files, sizeof(*fi), (int (*)(const void*, const void*))compare_size); break; } @@ -602,7 +602,7 @@ list_files(FILE *out, const char **files, int n_files, int flags) max_inode = find_log10(max_inode); max_bsize = find_log10(max_bsize); max_n_link = find_log10(max_n_link); - + if(n_print > 0) sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks); if(flags & LS_SORT_REVERSE) @@ -633,7 +633,7 @@ list_files(FILE *out, const char **files, int n_files, int flags) max_major, max_minor, max_date); - } else if(DISP_MODE(flags) == LS_DISP_COLUMN || + } else if(DISP_MODE(flags) == LS_DISP_COLUMN || DISP_MODE(flags) == LS_DISP_CROSS) { int max_len = 0; int size_len = 0; @@ -660,14 +660,14 @@ list_files(FILE *out, const char **files, int n_files, int flags) max_len = 80 / columns; } if(flags & LS_SIZE) - sec_fprintf2(out, "total %lu\r\n", + sec_fprintf2(out, "total %lu\r\n", (unsigned long)total_blocks); if(DISP_MODE(flags) == LS_DISP_CROSS) { for(i = 0, j = 0; i < n_files; i++) { if(fi[i].filename == NULL) continue; if(flags & LS_SIZE) - sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize, + sec_fprintf2(out, "%*u %-*s", size_len, fi[i].bsize, max_len, fi[i].filename); else sec_fprintf2(out, "%-*s", max_len, fi[i].filename); @@ -681,13 +681,13 @@ list_files(FILE *out, const char **files, int n_files, int flags) sec_fprintf2(out, "\r\n"); } else { int skip = (num_files + columns - 1) / columns; - j = 0; + for(i = 0; i < skip; i++) { for(j = i; j < n_files;) { while(j < n_files && fi[j].filename == NULL) j++; if(flags & LS_SIZE) - sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize, + sec_fprintf2(out, "%*u %-*s", size_len, fi[j].bsize, max_len, fi[j].filename); else sec_fprintf2(out, "%-*s", max_len, fi[j].filename); @@ -710,7 +710,7 @@ list_files(FILE *out, const char **files, int n_files, int flags) const char *p = strrchr(files[i], '/'); if(p == NULL) p = files[i]; - else + else p++; if(!(flags & LS_DIR_FLAG) || !IS_DOT_DOTDOT(p)) { if((flags & LS_SHOW_DIRNAME)) { diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c index dc75fb45419..5488472352a 100644 --- a/crypto/heimdal/appl/ftp/ftpd/popen.c +++ b/crypto/heimdal/appl/ftp/ftpd/popen.c @@ -37,7 +37,7 @@ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $"); +RCSID("$Id$"); #endif #include @@ -65,7 +65,7 @@ RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $"); #include "extern.h" -/* +/* * Special version of popen which avoids call to shell. This ensures * no one may create a pipe to a hidden program as a side effect of a * list or dir command. @@ -73,8 +73,6 @@ RCSID("$Id: popen.c 10900 2002-04-02 11:57:39Z joda $"); static int *pids; static int fds; -extern int dochroot; - /* return path prepended with ~ftp if that file exists, otherwise * return path unchanged */ @@ -148,8 +146,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob) ; memset(&gl, 0, sizeof(gl)); - if (no_glob || - glob(argv[argc], flags, NULL, &gl) || + if (no_glob || + glob(argv[argc], flags, NULL, &gl) || gl.gl_pathc == 0) gargv[gargc++] = strdup(argv[argc]); else @@ -198,8 +196,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob) close(pdes[0]); } pids[fileno(iop)] = pid; - -pfree: + +pfree: for (argc = 1; gargv[argc] != NULL; argc++) free(gargv[argc]); diff --git a/crypto/heimdal/appl/ftp/ftpd/security.c b/crypto/heimdal/appl/ftp/ftpd/security.c index 2a4803f90b1..86c73a168ce 100644 --- a/crypto/heimdal/appl/ftp/ftpd/security.c +++ b/crypto/heimdal/appl/ftp/ftpd/security.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1998-2002, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -37,7 +37,7 @@ #include "ftp_locl.h" #endif -RCSID("$Id: security.c 21225 2007-06-20 10:16:02Z lha $"); +RCSID("$Id$"); static enum protection_level command_prot; static enum protection_level data_prot; @@ -74,14 +74,14 @@ level_to_name(enum protection_level level) } #ifndef FTP_SERVER /* not used in server */ -static enum protection_level +static enum protection_level name_to_level(const char *name) { int i; for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) if(!strncasecmp(level_names[i].name, name, strlen(name))) return level_names[i].level; - return (enum protection_level)-1; + return prot_invalid; } #endif @@ -90,9 +90,6 @@ name_to_level(const char *name) static struct sec_server_mech *mechs[] = { #ifdef KRB5 &gss_server_mech, -#endif -#ifdef KRB4 - &krb4_server_mech, #endif NULL }; @@ -104,9 +101,6 @@ static struct sec_server_mech *mech; static struct sec_client_mech *mechs[] = { #ifdef KRB5 &gss_client_mech, -#endif -#ifdef KRB4 - &krb4_client_mech, #endif NULL }; @@ -229,12 +223,12 @@ sec_read(int fd, void *dataptr, int length) in_buffer.eof_flag = 0; return 0; } - + len = buffer_read(&in_buffer, dataptr, length); length -= len; rx += len; dataptr = (char*)dataptr + len; - + while(length){ int ret; @@ -286,7 +280,7 @@ sec_write(int fd, char *dataptr, int length) { int len = buffer_size; int tx = 0; - + if(data_prot == prot_clear) return write(fd, dataptr, length); @@ -337,7 +331,7 @@ sec_putc(int c, FILE *F) char ch = c; if(data_prot == prot_clear) return putc(c, F); - + buffer_write(&out_buffer, &ch, 1); if(c == '\n' || out_buffer.index >= 1024 /* XXX */) { sec_write(fileno(F), out_buffer.data, out_buffer.index); @@ -352,14 +346,14 @@ sec_read_msg(char *s, int level) int len; char *buf; int return_code; - + buf = malloc(strlen(s)); len = base64_decode(s + 4, buf); /* XXX */ - + len = (*mech->decode)(app_data, buf, len, level); if(len < 0) return -1; - + buf[len] = '\0'; if(buf[3] == '-') @@ -381,7 +375,7 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap) int len; if(!sec_complete) return vfprintf(f, fmt, ap); - + if (vasprintf(&buf, fmt, ap) == -1) { printf("Failed to allocate command.\n"); return -1; @@ -520,10 +514,10 @@ prot(char *pl) reply(504, "Unrecognized protection level."); return; } - + if(sec_complete){ if((*mech->check_prot)(app_data, p)){ - reply(536, "%s does not support %s protection.", + reply(536, "%s does not support %s protection.", mech->name, level_to_name(p)); }else{ data_prot = (enum protection_level)p; @@ -556,14 +550,20 @@ void mec(char *msg, enum protection_level level) } buf_size = strlen(msg) + 2; buf = malloc(buf_size); + if (buf == NULL) { + reply(501, "Failed to allocate %lu", (unsigned long)buf_size); + return; + } len = base64_decode(msg, buf); command_prot = level; if(len == (size_t)-1) { + free(buf); reply(501, "Failed to base64-decode command"); return; } len = (*mech->decode)(app_data, buf, len, level); if(len == (size_t)-1) { + free(buf); reply(535, "Failed to decode command"); return; } @@ -628,7 +628,7 @@ sec_status(void) printf("Using %s command channel.\n", level_to_name(command_prot)); printf("Using %s data channel.\n", level_to_name(data_prot)); if(buffer_size > 0) - printf("Protection buffer size: %lu.\n", + printf("Protection buffer size: %lu.\n", (unsigned long)buffer_size); }else{ printf("Not using any security mechanism.\n"); @@ -669,7 +669,7 @@ sec_prot_internal(int level) printf("Failed to set protection level.\n"); return -1; } - + data_prot = (enum protection_level)level; return 0; } @@ -683,7 +683,7 @@ set_command_prot(enum protection_level level) ret = command("CCC"); if(ret != COMPLETE) { printf("Failed to clear command channel.\n"); - return -1; + return prot_invalid; } } command_prot = level; @@ -708,17 +708,17 @@ sec_prot(int argc, char **argv) return; } level = name_to_level(argv[argc - 1]); - + if(level == -1) goto usage; - + if((*mech->check_prot)(app_data, level)) { - printf("%s does not implement %s protection.\n", + printf("%s does not implement %s protection.\n", mech->name, level_to_name(level)); code = -1; return; } - + if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) { if(sec_prot_internal(level) < 0){ code = -1; @@ -759,9 +759,9 @@ sec_prot_command(int argc, char **argv) level = name_to_level(argv[1]); if(level == -1) goto usage; - + if((*mech->check_prot)(app_data, level)) { - printf("%s does not implement %s protection.\n", + printf("%s does not implement %s protection.\n", mech->name, level_to_name(level)); code = -1; return; @@ -808,7 +808,7 @@ sec_login(char *host) verbose = -1; /* shut up all messages this will produce (they are usually not very user friendly) */ - + for(m = mechs; *m && (*m)->name; m++) { void *tmp; @@ -818,7 +818,7 @@ sec_login(char *host) return -1; } app_data = tmp; - + if((*m)->init && (*(*m)->init)(app_data) != 0) { printf("Skipping %s...\n", (*m)->name); continue; @@ -840,7 +840,7 @@ sec_login(char *host) } ret = (*(*m)->auth)(app_data, host); - + if(ret == AUTH_CONTINUE) continue; else if(ret != AUTH_OK){ @@ -852,13 +852,13 @@ sec_login(char *host) sec_complete = 1; if(doencrypt) { command_prot = prot_private; - request_data_prot = prot_private; + request_data_prot = prot_private; } else { command_prot = prot_safe; } break; } - + verbose = old_verbose; return *m == NULL; } diff --git a/crypto/heimdal/appl/gssmask/Makefile.am b/crypto/heimdal/appl/gssmask/Makefile.am index 347a27ec929..55673a03999 100644 --- a/crypto/heimdal/appl/gssmask/Makefile.am +++ b/crypto/heimdal/appl/gssmask/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -8,5 +8,6 @@ gssmask_SOURCES = gssmask.c common.c common.h protocol.h gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h -LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) +LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) $(top_builddir)/lib/krb5/libkrb5.la +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/appl/gssmask/Makefile.in b/crypto/heimdal/appl/gssmask/Makefile.in index a51092274cf..e01b83ede20 100644 --- a/crypto/heimdal/appl/gssmask/Makefile.in +++ b/crypto/heimdal/appl/gssmask/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 18468 2006-10-14 13:50:51Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ noinst_PROGRAMS = gssmask$(EXEEXT) gssmaestro$(EXEEXT) subdir = appl/gssmask ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,27 +89,28 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_gssmaestro_OBJECTS = gssmaestro.$(OBJEXT) common.$(OBJEXT) gssmaestro_OBJECTS = $(am_gssmaestro_OBJECTS) gssmaestro_LDADD = $(LDADD) am__DEPENDENCIES_1 = gssmaestro_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la am_gssmask_OBJECTS = gssmask.$(OBJEXT) common.$(OBJEXT) gssmask_OBJECTS = $(am_gssmask_OBJECTS) gssmask_LDADD = $(LDADD) gssmask_DEPENDENCIES = $(top_builddir)/lib/gssapi/libgssapi.la \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -123,49 +129,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -189,10 +204,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -209,6 +225,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -224,31 +242,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -263,10 +295,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -307,49 +341,55 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la gssmask_SOURCES = gssmask.c common.c common.h protocol.h gssmaestro_SOURCES = gssmaestro.c common.c common.h protocol.h -LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) +LDADD = $(top_builddir)/lib/gssapi/libgssapi.la $(LIB_roken) $(top_builddir)/lib/krb5/libkrb5.la +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/gssmask/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/gssmask/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/gssmask/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/gssmask/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -367,13 +407,16 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list gssmaestro$(EXEEXT): $(gssmaestro_OBJECTS) $(gssmaestro_DEPENDENCIES) @rm -f gssmaestro$(EXEEXT) $(LINK) $(gssmaestro_OBJECTS) $(gssmaestro_LDADD) $(LIBS) @@ -387,14 +430,30 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssmaestro.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssmask.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -407,45 +466,49 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -466,13 +529,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -504,6 +571,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -514,6 +582,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -524,6 +593,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -531,26 +602,35 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -570,9 +650,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \ @@ -657,6 +736,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -742,7 +824,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -755,6 +837,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/gssmask/common.c b/crypto/heimdal/appl/gssmask/common.c index a57b803abaf..8d7d8fa2252 100644 --- a/crypto/heimdal/appl/gssmask/common.c +++ b/crypto/heimdal/appl/gssmask/common.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ #include -RCSID("$Id: common.c 18900 2006-11-03 05:21:01Z lha $"); +RCSID("$Id$"); krb5_error_code store_string(krb5_storage *sp, const char *str) @@ -62,8 +62,8 @@ add_list(char ****list, size_t *listlen, char **str, size_t len) } static void -permute(char ****list, size_t *listlen, - char **str, const int start, const int len) +permute(char ****list, size_t *listlen, + char **str, const int start, const int len) { int i, j; diff --git a/crypto/heimdal/appl/gssmask/common.h b/crypto/heimdal/appl/gssmask/common.h index a44339e4596..cd9b0817f55 100644 --- a/crypto/heimdal/appl/gssmask/common.h +++ b/crypto/heimdal/appl/gssmask/common.h @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -31,13 +31,13 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: common.h 18250 2006-10-06 07:22:00Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include #endif -/* +/* * pthread support is disable because the pthread * test have no "application pthread libflags" variable, * when this is fixed pthread support can be enabled again. @@ -55,7 +55,9 @@ #include #include -#include +#include +#include +#include #include #include diff --git a/crypto/heimdal/appl/gssmask/gssmaestro.c b/crypto/heimdal/appl/gssmask/gssmaestro.c index 610c53f5f59..c972cada262 100644 --- a/crypto/heimdal/appl/gssmask/gssmaestro.c +++ b/crypto/heimdal/appl/gssmask/gssmaestro.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ #include -RCSID("$Id: gssmaestro.c 21605 2007-07-17 06:51:57Z lha $"); +RCSID("$Id$"); static FILE *logfile; @@ -61,9 +61,9 @@ static struct client **clients; static int num_clients; static int -init_sec_context(struct client *client, +init_sec_context(struct client *client, int32_t *hContext, int32_t *hCred, - int32_t flags, + int32_t flags, const char *targetname, const krb5_data *itoken, krb5_data *otoken) { @@ -82,7 +82,7 @@ init_sec_context(struct client *client, } static int -accept_sec_context(struct client *client, +accept_sec_context(struct client *client, int32_t *hContext, int32_t flags, const krb5_data *itoken, @@ -103,7 +103,7 @@ accept_sec_context(struct client *client, } static int -acquire_cred(struct client *client, +acquire_cred(struct client *client, const char *username, const char *password, int32_t flags, @@ -120,7 +120,7 @@ acquire_cred(struct client *client, } static int -toast_resource(struct client *client, +toast_resource(struct client *client, int32_t hCred) { int32_t val; @@ -138,7 +138,7 @@ goodbye(struct client *client) } static int -get_targetname(struct client *client, +get_targetname(struct client *client, char **target) { put32(client, eGetTargetName); @@ -162,7 +162,7 @@ encrypt_token(struct client *client, int32_t hContext, int32_t flags, } static int32_t -decrypt_token(struct client *client, int32_t hContext, int flags, +decrypt_token(struct client *client, int32_t hContext, int flags, krb5_data *in, krb5_data *out) { int32_t val; @@ -176,6 +176,42 @@ decrypt_token(struct client *client, int32_t hContext, int flags, return val; } +static int32_t +wrap_token_ext(struct client *client, int32_t hContext, int32_t flags, + int32_t bflags, krb5_data *header, krb5_data *in, krb5_data *trailer, + krb5_data *out) +{ + int32_t val; + put32(client, eWrapExt); + put32(client, hContext); + put32(client, flags); + put32(client, bflags); + putdata(client, *header); + putdata(client, *in); + putdata(client, *trailer); + ret32(client, val); + retdata(client, *out); + return val; +} + +static int32_t +unwrap_token_ext(struct client *client, int32_t hContext, int32_t flags, + int32_t bflags, krb5_data *header, krb5_data *in, krb5_data *trailer, + krb5_data *out) +{ + int32_t val; + put32(client, eUnwrapExt); + put32(client, hContext); + put32(client, flags); + put32(client, bflags); + putdata(client, *header); + putdata(client, *in); + putdata(client, *trailer); + ret32(client, val); + retdata(client, *out); + return val; +} + static int32_t get_mic(struct client *client, int32_t hContext, krb5_data *in, krb5_data *mic) @@ -192,7 +228,7 @@ get_mic(struct client *client, int32_t hContext, } static int32_t -verify_mic(struct client *client, int32_t hContext, +verify_mic(struct client *client, int32_t hContext, krb5_data *in, krb5_data *mic) { int32_t val; @@ -208,7 +244,7 @@ verify_mic(struct client *client, int32_t hContext, static int32_t -get_version_capa(struct client *client, +get_version_capa(struct client *client, int32_t *version, int32_t *capa, char **version_str) { @@ -220,7 +256,7 @@ get_version_capa(struct client *client, } static int32_t -get_moniker(struct client *client, +get_moniker(struct client *client, char **moniker) { put32(client, eGetMoniker); @@ -291,7 +327,7 @@ build_context(struct client *ipeer, struct client *apeer, krb5_data_zero(&itoken); while (!iDone || !aDone) { - + if (iDone) { warnx("iPeer already done, aPeer want extra rtt"); val = GSMERR_ERROR; @@ -310,7 +346,7 @@ build_context(struct client *ipeer, struct client *apeer, case GSMERR_CONTINUE_NEEDED: break; default: - warnx("iPeer %s failed with %d (step %d)", + warnx("iPeer %s failed with %d (step %d)", ipeer->name, (int)val, step); goto out; } @@ -369,13 +405,13 @@ build_context(struct client *ipeer, struct client *apeer, out: return val; } - + static void test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2) { krb5_data msg, mic; int32_t val; - + msg.data = "foo"; msg.length = 3; @@ -392,12 +428,12 @@ test_mic(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2) } static int32_t -test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, +test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int conf) { krb5_data msg, wrapped, out; int32_t val; - + msg.data = "foo"; msg.length = 3; @@ -431,22 +467,95 @@ test_wrap(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, } static int32_t -test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2) +test_wrap_ext(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, + int conf, int bflags) +{ + krb5_data header, msg, trailer, wrapped, out; + int32_t val; + + header.data = "header"; + header.length = 6; + + msg.data = "0123456789abcdef"; /* padded for most enctypes */ + msg.length = 32; + + trailer.data = "trailer"; + trailer.length = 7; + + krb5_data_zero(&wrapped); + krb5_data_zero(&out); + + val = wrap_token_ext(c1, hc1, conf, bflags, &header, &msg, &trailer, &wrapped); + if (val) { + warnx("encrypt_token failed to host: %s", c1->moniker); + return val; + } + val = unwrap_token_ext(c2, hc2, conf, bflags, &header, &wrapped, &trailer, &out); + if (val) { + krb5_data_free(&wrapped); + warnx("decrypt_token failed to host: %s", c2->moniker); + return val; + } + + if (msg.length != out.length) { + warnx("decrypted'ed token have wrong length (%lu != %lu)", + (unsigned long)msg.length, (unsigned long)out.length); + val = GSMERR_ERROR; + } else if (memcmp(msg.data, out.data, msg.length) != 0) { + warnx("decryptd'ed token have wrong data"); + val = GSMERR_ERROR; + } + + krb5_data_free(&wrapped); + krb5_data_free(&out); + return val; +} + + +static int32_t +test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int wrap_ext) { int32_t val; int i; for (i = 0; i < 10; i++) { + /* mic */ test_mic(c1, hc1, c2, hc2); test_mic(c2, hc2, c1, hc1); + + /* wrap */ val = test_wrap(c1, hc1, c2, hc2, 0); if (val) return val; val = test_wrap(c2, hc2, c1, hc1, 0); if (val) return val; + val = test_wrap(c1, hc1, c2, hc2, 1); if (val) return val; val = test_wrap(c2, hc2, c1, hc1, 1); if (val) return val; + + if (wrap_ext) { + /* wrap ext */ + val = test_wrap_ext(c1, hc1, c2, hc2, 1, 0); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 1, 0); + if (val) return val; + + val = test_wrap_ext(c1, hc1, c2, hc2, 1, 1); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 1, 1); + if (val) return val; + + val = test_wrap_ext(c1, hc1, c2, hc2, 0, 0); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 0, 0); + if (val) return val; + + val = test_wrap_ext(c1, hc1, c2, hc2, 0, 1); + if (val) return val; + val = test_wrap_ext(c2, hc2, c1, hc1, 0, 1); + if (val) return val; + } } return GSMERR_OK; } @@ -476,9 +585,9 @@ log_function(void *ptr) goto out; if (krb5_ret_string(c->logsock, &string)) goto out; - printf("%s:%lu: %s\n", + printf("%s:%lu: %s\n", file, (unsigned long)line, string); - fprintf(logfile, "%s:%lu: %s\n", + fprintf(logfile, "%s:%lu: %s\n", file, (unsigned long)line, string); fflush(logfile); free(file); @@ -510,7 +619,7 @@ connect_client(const char *slave) *port++ = 0; c->name = estrdup(slave); - + memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; @@ -584,7 +693,7 @@ connect_client(const char *slave) clients = erealloc(clients, (num_clients + 1) * sizeof(*clients)); - + clients[num_clients] = c; num_clients++; @@ -607,6 +716,7 @@ get_client(const char *slave) static int version_flag; static int help_flag; +static int wrap_ext = 0; static char *logfile_str; static getarg_strings principals; static getarg_strings slaves; @@ -618,6 +728,8 @@ struct getargs args[] = { NULL }, { "log-file", 0, arg_string, &logfile_str, "Logfile", NULL }, + { "wrap-ext", 0, arg_flag, &wrap_ext, "test wrap extended", + NULL }, { "version", 0, arg_flag, &version_flag, "Print version", NULL }, { "help", 0, arg_flag, &help_flag, NULL, @@ -668,7 +780,7 @@ main(int argc, char **argv) if (password == NULL) errx(1, "password missing from %s", user); *password++ = 0; - + if (slaves.num_strings == 0) errx(1, "no principals"); @@ -703,7 +815,7 @@ main(int argc, char **argv) val = acquire_cred(clients[i], user, password, 1, &hCred); if (val != GSMERR_OK) { - warnx("Failed to acquire_cred on host %s: %d", + warnx("Failed to acquire_cred on host %s: %d", clients[i]->moniker, (int)val); failed = 1; } else @@ -713,7 +825,7 @@ main(int argc, char **argv) if (failed) goto out; - /* + /* * First test if all slaves can build context to them-self. */ @@ -722,7 +834,7 @@ main(int argc, char **argv) int32_t hCred, val, delegCred; int32_t clientC, serverC; struct client *c = clients[i]; - + if (c->target_name == NULL) continue; @@ -732,14 +844,14 @@ main(int argc, char **argv) val = acquire_cred(c, user, password, 1, &hCred); if (val != GSMERR_OK) errx(1, "failed to acquire_cred: %d", (int)val); - - val = build_context(c, c, + + val = build_context(c, c, GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG| GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG| GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG, hCred, &clientC, &serverC, &delegCred); if (val == GSMERR_OK) { - test_token(c, clientC, c, serverC); + test_token(c, clientC, c, serverC, wrap_ext); toast_resource(c, clientC); toast_resource(c, serverC); if (delegCred) @@ -755,7 +867,7 @@ main(int argc, char **argv) GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG, hCred, &clientC, &serverC, &delegCred); if (val == GSMERR_OK) { - test_token(c, clientC, c, serverC); + test_token(c, clientC, c, serverC, wrap_ext); toast_resource(c, clientC); toast_resource(c, serverC); if (delegCred) @@ -781,18 +893,18 @@ main(int argc, char **argv) int32_t hCred, val, delegCred = 0; int32_t clientC = 0, serverC = 0; struct client *client, *server; - + p = list[i]; - + client = get_client(p[0]); - + val = acquire_cred(client, user, password, 1, &hCred); if (val != GSMERR_OK) errx(1, "failed to acquire_cred: %d", (int)val); for (j = 1; j < num_clients + 1; j++) { server = get_client(p[j % num_clients]); - + if (server->target_name == NULL) break; @@ -809,11 +921,11 @@ main(int argc, char **argv) warnx("build_context failed: %d", (int)val); break; } - - val = test_token(client, clientC, server, serverC); + + val = test_token(client, clientC, server, serverC, wrap_ext); if (val) break; - + toast_resource(client, clientC); toast_resource(server, serverC); if (!delegCred) { @@ -827,11 +939,11 @@ main(int argc, char **argv) if (hCred) toast_resource(client, hCred); } - + /* * Close all connections to clients */ - + out: printf("sending goodbye and waiting for log sockets\n"); for (i = 0; i < num_clients; i++) { diff --git a/crypto/heimdal/appl/gssmask/gssmask.c b/crypto/heimdal/appl/gssmask/gssmask.c index 46b532b61f5..916837b42de 100644 --- a/crypto/heimdal/appl/gssmask/gssmask.c +++ b/crypto/heimdal/appl/gssmask/gssmask.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ #include "common.h" -RCSID("$Id: gssmask.c 21229 2007-06-20 10:19:19Z lha $"); +RCSID("$Id$"); /* * @@ -151,7 +151,7 @@ find_handle(struct handle *h, int32_t idx, enum handle_type type) { if (idx == 0) return NULL; - + while (h) { if (h->idx == idx) { if (type == h->type) @@ -160,7 +160,7 @@ find_handle(struct handle *h, int32_t idx, enum handle_type type) } h = h->next; } - return NULL; + return NULL; } @@ -229,7 +229,7 @@ acquire_cred(struct client *c, "krb5_get_init_creds failed: %d", ret); return convert_krb5_to_gsm(ret); } - + ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); @@ -237,7 +237,7 @@ acquire_cred(struct client *c, ret = krb5_cc_initialize (context, id, cred.client); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); - + ret = krb5_cc_store_cred (context, id, &cred); if (ret) krb5_err (context, 1, ret, "krb5_cc_store_cred"); @@ -284,14 +284,14 @@ static int HandleOP(GoodBye) { struct handle *h = c->handles; - int i = 0; + unsigned int i = 0; while (h) { h = h->next; i++; } - if (i != 0) + if (i) logmessage(c, __FILE__, __LINE__, 0, "Did not toast all resources: %d", i); return 1; @@ -358,7 +358,7 @@ HandleOP(InitContext) if (ctx) krb5_errx(context, 1, "initcreds, context not NULL, but first req"); } - + if ((flags & GSS_C_DELEG_FLAG) != 0) logmessage(c, __FILE__, __LINE__, 0, "init_sec_context delegating"); if ((flags & GSS_C_DCE_STYLE) != 0) @@ -370,7 +370,7 @@ HandleOP(InitContext) gss_target_name, oid, flags & 0x7f, - 0, + 0, NULL, input_token_ptr, NULL, @@ -382,7 +382,7 @@ HandleOP(InitContext) del_handle(&c->handles, hContext); new_context_id = 0; logmessage(c, __FILE__, __LINE__, 0, - "gss_init_sec_context returns code: %d/%d", + "gss_init_sec_context returns code: %d/%d", maj_stat, min_stat); } else { if (input_token.length == 0) @@ -461,7 +461,7 @@ HandleOP(AcceptContext) if (hContext != 0) del_handle(&c->handles, hContext); logmessage(c, __FILE__, __LINE__, 0, - "gss_accept_sec_context returns code: %d/%d", + "gss_accept_sec_context returns code: %d/%d", maj_stat, min_stat); new_context_id = 0; } else { @@ -484,8 +484,8 @@ HandleOP(AcceptContext) gss_release_cred(&min_stat, &deleg_cred); deleg_hcred = 0; } - - + + gsm_error = convert_gss_to_gsm(maj_stat); put32(c, new_context_id); @@ -534,11 +534,11 @@ HandleOP(AcquireCreds) gsm_error = convert_krb5_to_gsm(ret); goto out; } - + ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - + krb5_get_init_creds_opt_set_pa_password(context, opt, password, NULL); gsm_error = acquire_cred(c, principal, opt, &handle); @@ -580,22 +580,22 @@ HandleOP(Sign) input_token.length = token.length; input_token.value = token.data; - + maj_stat = gss_get_mic(&min_stat, ctx, 0, &input_token, &output_token); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_get_mic failed"); - + krb5_data_free(&token); - + token.data = output_token.value; token.length = output_token.length; - + put32(c, 0); /* XXX fix gsm_error */ putdata(c, token); - + gss_release_buffer(&min_stat, &output_token); - + return 0; } @@ -621,7 +621,7 @@ HandleOP(Verify) msg_token.length = msg.length; msg_token.value = msg.data; - + retdata(c, mic); mic_token.length = mic.length; @@ -631,12 +631,12 @@ HandleOP(Verify) &mic_token, &qop); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_verify_mic failed"); - + krb5_data_free(&mic); krb5_data_free(&msg); - + put32(c, 0); /* XXX fix gsm_error */ - + return 0; } @@ -653,7 +653,7 @@ HandleOP(GetVersionAndCapabilities) { struct utsname ut; if (uname(&ut) == 0) { - snprintf(name, sizeof(name), "%s-%s-%s", + snprintf(name, sizeof(name), "%s-%s-%s", ut.sysname, ut.version, ut.machine); } } @@ -663,7 +663,7 @@ HandleOP(GetVersionAndCapabilities) put32(c, GSSMAGGOTPROTOCOL); put32(c, cap); - putstring(c, str); + putstring(c, str); free(str); return 0; @@ -711,12 +711,12 @@ HandleOP(SetLoggingSocket) krb5_store_int32(c->logging, eLogSetMoniker); store_string(c->logging, c->moniker); - + logmessage(c, __FILE__, __LINE__, 0, "logging turned on"); return 0; } - + static int HandleOP(ChangePassword) @@ -751,22 +751,22 @@ HandleOP(Wrap) input_token.length = token.length; input_token.value = token.data; - + maj_stat = gss_wrap(&min_stat, ctx, flags, 0, &input_token, &conf_state, &output_token); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_wrap failed"); - + krb5_data_free(&token); - + token.data = output_token.value; token.length = output_token.length; - + put32(c, 0); /* XXX fix gsm_error */ putdata(c, token); - + gss_release_buffer(&min_stat, &output_token); - + return 0; } @@ -793,13 +793,13 @@ HandleOP(Unwrap) input_token.length = token.length; input_token.value = token.data; - + maj_stat = gss_unwrap(&min_stat, ctx, &input_token, &output_token, &conf_state, &qop_state); - + if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat); - + krb5_data_free(&token); if (maj_stat == GSS_S_COMPLETE) { token.data = output_token.value; @@ -853,19 +853,180 @@ HandleOP(AcquirePKInitCreds) { int32_t flags; krb5_data pfxdata; + char fn[] = "FILE:/tmp/pkcs12-creds-XXXXXXX"; + krb5_principal principal = NULL; + int fd; ret32(c, flags); retdata(c, pfxdata); - /* get credentials */ + fd = mkstemp(fn + 5); + if (fd < 0) + errx(1, "mkstemp"); + net_write(fd, pfxdata.data, pfxdata.length); krb5_data_free(&pfxdata); + close(fd); + + if (principal) + krb5_free_principal(context, principal); put32(c, -1); /* hResource */ put32(c, GSMERR_NOT_SUPPORTED); return 0; } +static int +HandleOP(WrapExt) +{ + OM_uint32 maj_stat, min_stat; + int32_t hContext, flags, bflags; + krb5_data token, header, trailer; + gss_ctx_id_t ctx; + unsigned char *p; + int conf_state, iov_len; + gss_iov_buffer_desc iov[6]; + + ret32(c, hContext); + ret32(c, flags); + ret32(c, bflags); + retdata(c, header); + retdata(c, token); + retdata(c, trailer); + + ctx = find_handle(c->handles, hContext, handle_context); + if (ctx == NULL) + errx(1, "wrap: reference to unknown context"); + + memset(&iov, 0, sizeof(iov)); + + iov_len = sizeof(iov)/sizeof(iov[0]); + + if (bflags & WRAP_EXP_ONLY_HEADER) + iov_len -= 2; /* skip trailer and padding, aka dce-style */ + + iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + if (header.length != 0) { + iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[1].buffer.length = header.length; + iov[1].buffer.value = header.data; + } else { + iov[1].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + iov[2].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[2].buffer.length = token.length; + iov[2].buffer.value = token.data; + if (trailer.length != 0) { + iov[3].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[3].buffer.length = trailer.length; + iov[3].buffer.value = trailer.data; + } else { + iov[3].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + iov[4].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + iov[5].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + + maj_stat = gss_wrap_iov_length(&min_stat, ctx, flags, 0, &conf_state, + iov, iov_len); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_wrap_iov_length failed"); + + maj_stat = gss_wrap_iov(&min_stat, ctx, flags, 0, &conf_state, + iov, iov_len); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_wrap_iov failed"); + + krb5_data_free(&token); + + token.length = iov[0].buffer.length + iov[2].buffer.length + iov[4].buffer.length + iov[5].buffer.length; + token.data = malloc(token.length); + + p = token.data; + memcpy(p, iov[0].buffer.value, iov[0].buffer.length); + p += iov[0].buffer.length; + memcpy(p, iov[2].buffer.value, iov[2].buffer.length); + p += iov[2].buffer.length; + memcpy(p, iov[4].buffer.value, iov[4].buffer.length); + p += iov[4].buffer.length; + memcpy(p, iov[5].buffer.value, iov[5].buffer.length); + p += iov[5].buffer.length; + + gss_release_iov_buffer(NULL, iov, iov_len); + + put32(c, 0); /* XXX fix gsm_error */ + putdata(c, token); + + free(token.data); + + return 0; +} + + +static int +HandleOP(UnwrapExt) +{ + OM_uint32 maj_stat, min_stat; + int32_t hContext, flags, bflags; + krb5_data token, header, trailer; + gss_ctx_id_t ctx; + gss_iov_buffer_desc iov[3]; + int conf_state, iov_len; + gss_qop_t qop_state; + + ret32(c, hContext); + ret32(c, flags); + ret32(c, bflags); + retdata(c, header); + retdata(c, token); + retdata(c, trailer); + + iov_len = sizeof(iov)/sizeof(iov[0]); + + if (bflags & WRAP_EXP_ONLY_HEADER) + iov_len -= 1; /* skip trailer and padding, aka dce-style */ + + ctx = find_handle(c->handles, hContext, handle_context); + if (ctx == NULL) + errx(1, "unwrap: reference to unknown context"); + + if (header.length != 0) { + iov[0].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[0].buffer.length = header.length; + iov[0].buffer.value = header.data; + } else { + iov[0].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[1].buffer.length = token.length; + iov[1].buffer.value = token.data; + + if (trailer.length != 0) { + iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[2].buffer.length = trailer.length; + iov[2].buffer.value = trailer.data; + } else { + iov[2].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } + + maj_stat = gss_unwrap_iov(&min_stat, ctx, &conf_state, &qop_state, + iov, iov_len); + + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat); + + if (maj_stat == GSS_S_COMPLETE) { + token.data = iov[1].buffer.value; + token.length = iov[1].buffer.length; + } else { + token.data = NULL; + token.length = 0; + } + put32(c, 0); /* XXX fix gsm_error */ + putdata(c, token); + + return 0; +} + /* * */ @@ -899,7 +1060,9 @@ struct handler handlers[] = { S(ConnectLoggingService2), S(GetMoniker), S(CallExtension), - S(AcquirePKInitCreds) + S(AcquirePKInitCreds), + S(WrapExt), + S(UnwrapExt), }; #undef S @@ -937,16 +1100,16 @@ create_client(int fd, int port, const char *moniker) { c->salen = sizeof(c->sa); getpeername(fd, (struct sockaddr *)&c->sa, &c->salen); - - getnameinfo((struct sockaddr *)&c->sa, c->salen, - c->servername, sizeof(c->servername), + + getnameinfo((struct sockaddr *)&c->sa, c->salen, + c->servername, sizeof(c->servername), NULL, 0, NI_NUMERICHOST); } c->sock = krb5_storage_from_fd(fd); if (c->sock == NULL) errx(1, "krb5_storage_from_fd"); - + close(fd); return c; @@ -987,7 +1150,7 @@ handleServer(void *ptr) } logmessage(c, __FILE__, __LINE__, 0, - "---> Got op %s from server %s", + "---> Got op %s from server %s", handler->name, c->servername); if ((handler->func)(handler->op, c)) @@ -1072,11 +1235,11 @@ main(int argc, char **argv) err(1, "error opening %s", lf); } - mini_inetd(htons(port)); + mini_inetd(htons(port), NULL); fprintf(logfile, "connected\n"); { - struct client *c; + struct client *c; c = create_client(0, port, moniker_str); /* close(0); */ diff --git a/crypto/heimdal/appl/gssmask/protocol.h b/crypto/heimdal/appl/gssmask/protocol.h index 3683fa6edb1..1e1f1410262 100644 --- a/crypto/heimdal/appl/gssmask/protocol.h +++ b/crypto/heimdal/appl/gssmask/protocol.h @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ */ /* - * $Id: protocol.h 18352 2006-10-08 13:53:28Z lha $ + * $Id$ */ /* missing from tests: @@ -63,9 +63,9 @@ enum gssMaggotErrorCodes { * int32: message OP (enum gssMaggotProtocol) * ... * - * return: -- on error + * return: -- on error * int32: not support (GSMERR_NOT_SUPPORTED) - * + * * return: -- on existing message OP * int32: support (GSMERR_OK) -- only sent for extensions * ... @@ -75,28 +75,28 @@ enum gssMaggotErrorCodes { enum gssMaggotOp { eGetVersionInfo = 0, - /* + /* * input: * none * return: - * int32: last version handled + * int32: last version handled */ eGoodBye, - /* + /* * input: * none * return: * close socket */ eInitContext, - /* + /* * input: * int32: hContext * int32: hCred * int32: Flags * the lowest 0x7f flags maps directly to GSS-API flags - * DELEGATE 0x001 - * MUTUAL_AUTH 0x002 + * DELEGATE 0x001 + * MUTUAL_AUTH 0x002 * REPLAY_DETECT 0x004 * SEQUENCE_DETECT 0x008 * CONFIDENTIALITY 0x010 @@ -115,7 +115,7 @@ enum gssMaggotOp { * length-encoded: output token */ eAcceptContext, - /* + /* * input: * int32: hContext * int32: Flags -- unused ? @@ -153,7 +153,7 @@ enum gssMaggotOp { /* * input: * int32: hContext - * int32: flags -- unused + * int32: flags * int32: seqno -- unused * length-encode: plaintext * return: @@ -164,7 +164,7 @@ enum gssMaggotOp { /* * input: * int32: hContext - * int32: flags -- unused + * int32: flags * int32: seqno -- unused * length-encode: ciphertext * return: @@ -177,7 +177,7 @@ enum gssMaggotOp { /* * input: * int32: hContext - * int32: flags -- unused + * int32: flags * int32: seqno -- unused * length-encode: message * length-encode: signature @@ -229,7 +229,7 @@ enum gssMaggotOp { * return1: * int16: log port number * int32: master log prototocol version (0) - * + * * wait for master to connect on the master log socket * * return2: @@ -259,9 +259,40 @@ enum gssMaggotOp { * int32: gsm status val (GSMERR_NOT_SUPPORTED) */ /* here ended version 7 of the protocol */ + eWrapExt, + /* + * input: + * int32: hContext + * int32: flags + * int32: bflags + * length-encode: protocol header + * length-encode: plaintext + * length-encode: protocol trailer + * return: + * int32: gsm status val + * length-encode: ciphertext + */ + eUnwrapExt, + /* + * input: + * int32: hContext + * int32: flags + * int32: bflags + * length-encode: protocol header + * length-encode: ciphertext + * length-encode: protocol trailer + * return: + * int32: gsm status val + * length-encode: plaintext + */ + /* here ended version 8 of the protocol */ + eLastProtocolMessage }; +/* bflags */ +#define WRAP_EXP_ONLY_HEADER 1 + enum gssMaggotLogOp{ eLogInfo = 0, /* diff --git a/crypto/heimdal/appl/kf/Makefile.am b/crypto/heimdal/appl/kf/Makefile.am index 10d4be6ca65..0b38057ca6d 100644 --- a/crypto/heimdal/appl/kf/Makefile.am +++ b/crypto/heimdal/appl/kf/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -17,4 +17,4 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in index 1dc0684ead2..906abf7e532 100644 --- a/crypto/heimdal/appl/kf/Makefile.in +++ b/crypto/heimdal/appl/kf/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -46,7 +48,7 @@ libexec_PROGRAMS = kfd$(EXEEXT) subdir = appl/kf ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -61,7 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -75,9 +77,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -85,16 +90,15 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) am_kf_OBJECTS = kf.$(OBJEXT) kf_OBJECTS = $(am_kf_OBJECTS) @@ -109,9 +113,9 @@ kfd_LDADD = $(LDADD) kfd_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -123,6 +127,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(kf_SOURCES) $(kfd_SOURCES) DIST_SOURCES = $(kf_SOURCES) $(kfd_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 man8dir = $(mandir)/man8 MANS = $(man_MANS) @@ -133,49 +158,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -199,10 +233,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -219,6 +254,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -234,31 +271,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -273,10 +324,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -317,29 +370,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la man_MANS = kf.1 kfd.8 kf_SOURCES = kf.c kf_locl.h @@ -349,23 +407,23 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/kf/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/kf/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kf/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/kf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -383,62 +441,93 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list kf$(EXEEXT): $(kf_OBJECTS) $(kf_DEPENDENCIES) @rm -f kf$(EXEEXT) $(LINK) $(kf_OBJECTS) $(kf_LDADD) $(LIBS) @@ -452,160 +541,178 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kfd.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -621,13 +728,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -662,6 +773,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -672,6 +784,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -682,6 +795,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -689,26 +804,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -729,11 +853,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \ uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ @@ -822,6 +945,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -907,7 +1033,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -920,6 +1046,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/kf/kf.1 b/crypto/heimdal/appl/kf/kf.1 index 97e408d0d92..c50349e015f 100644 --- a/crypto/heimdal/appl/kf/kf.1 +++ b/crypto/heimdal/appl/kf/kf.1 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kf.1 11986 2003-04-11 12:43:57Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd July 2, 2000 .Dt KF 1 @@ -41,20 +41,20 @@ .Nm .Oo .Fl p Ar port | -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Oc .Oo .Fl l Ar login | -.Fl -login Ns = Ns Ar login +.Fl Fl login Ns = Ns Ar login .Oc .Oo .Fl c Ar ccache | -.Fl -ccache Ns = Ns Ar ccache +.Fl Fl ccache Ns = Ns Ar ccache .Oc .Op Fl F | -forwardable .Op Fl G | -no-forwardable .Op Fl h | -help -.Op Fl -version +.Op Fl Fl version .Ar host ... .Sh DESCRIPTION The @@ -65,17 +65,17 @@ Options supported are: .Bl -tag -width indent .It Xo .Fl p Ar port , -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Xc port to connect to .It Xo .Fl l Ar login , -.Fl -login Ns = Ns Ar login +.Fl Fl login Ns = Ns Ar login .Xc remote login name .It Xo .Fl c Ar ccache , -.Fl -ccache Ns = Ns Ar ccache +.Fl Fl ccache Ns = Ns Ar ccache .Xc remote cred cache .It Fl F , -forwardable @@ -83,7 +83,7 @@ forward forwardable credentials .It Fl G , -no-forwardable do not forward forwardable credentials .It Fl h , -help -.It Fl -version +.It Fl Fl version .El .Pp .Nm @@ -94,7 +94,7 @@ In order for .Nm to work you will need to acquire your initial ticket with forwardable flag, i.e. -.Nm kinit Fl -forwardable . +.Nm kinit Fl Fl forwardable . .Pp .Nm telnet is able to forward tickets by itself. diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c index 637796548fc..e3e72ab06c5 100644 --- a/crypto/heimdal/appl/kf/kf.c +++ b/crypto/heimdal/appl/kf/kf.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kf_locl.h" -RCSID("$Id: kf.c 11400 2002-09-05 15:00:03Z joda $"); +RCSID("$Id$"); krb5_context context; static int help_flag; @@ -72,16 +72,16 @@ client_setup(krb5_context *context, int *argc, char **argv) int status; setprogname (argv[0]); - + status = krb5_init_context (context); if (status) errx(1, "krb5_init_context failed: %d", status); - + forwardable = krb5_config_get_bool (*context, NULL, "libdefaults", "forwardable", - NULL); - + NULL); + if (getarg (args, num_args, *argc, argv, &optind)) usage(1, args, num_args); @@ -91,7 +91,7 @@ client_setup(krb5_context *context, int *argc, char **argv) print_version(NULL); exit(0); } - + if(port_str) { struct servent *s = roken_getservbyname(port_str, "tcp"); if(s) @@ -108,7 +108,7 @@ client_setup(krb5_context *context, int *argc, char **argv) if (port == 0) port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM); - + if(*argc - optind < 1) usage(1, args, num_args); *argc = optind; @@ -146,6 +146,7 @@ proto (int sock, const char *hostname, const char *service, auth_context, &sock); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_auth_con_setaddr"); return 1; } @@ -156,6 +157,7 @@ proto (int sock, const char *hostname, const char *service, KRB5_NT_SRV_HST, &server); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_sname_to_principal"); return 1; } @@ -174,6 +176,7 @@ proto (int sock, const char *hostname, const char *service, NULL, NULL); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn(context, status, "krb5_sendauth"); return 1; } @@ -185,6 +188,7 @@ proto (int sock, const char *hostname, const char *service, data_send.length = strlen(remote_name) + 1; status = krb5_write_priv_message(context, auth_context, &sock, &data_send); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_write_message"); return 1; } @@ -192,6 +196,7 @@ proto (int sock, const char *hostname, const char *service, data_send.length = strlen(ccache_name)+1; status = krb5_write_priv_message(context, auth_context, &sock, &data_send); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_write_message"); return 1; } @@ -200,18 +205,20 @@ proto (int sock, const char *hostname, const char *service, status = krb5_cc_default (context, &ccache); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_cc_default"); return 1; } status = krb5_cc_get_principal (context, ccache, &principal); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_cc_get_principal"); return 1; } creds.client = principal; - + status = krb5_make_principal (context, &creds.server, principal->realm, @@ -220,6 +227,7 @@ proto (int sock, const char *hostname, const char *service, NULL); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_make_principal"); return 1; } @@ -238,6 +246,7 @@ proto (int sock, const char *hostname, const char *service, &creds, &data); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_get_forwarded_creds"); return 1; } @@ -245,13 +254,15 @@ proto (int sock, const char *hostname, const char *service, status = krb5_write_priv_message(context, auth_context, &sock, &data); if (status) { + krb5_auth_con_free(context, auth_context); krb5_warn (context, status, "krb5_mk_priv"); return 1; } - + krb5_data_free (&data); status = krb5_read_priv_message(context, auth_context, &sock, &data); + krb5_auth_con_free(context, auth_context); if (status) { krb5_warn (context, status, "krb5_mk_priv"); return 1; @@ -270,7 +281,7 @@ proto (int sock, const char *hostname, const char *service, } static int -doit (const char *hostname, int port, const char *service, +doit (const char *hostname, int port, const char *service, char *message, size_t len) { struct addrinfo *ai, *a; @@ -313,7 +324,7 @@ main(int argc, char **argv) { int argcc,port,i; int ret=0; - + argcc = argc; port = client_setup(&context, &argcc, argv); diff --git a/crypto/heimdal/appl/kf/kf_locl.h b/crypto/heimdal/appl/kf/kf_locl.h index e4d9ee81d81..3ddee48d692 100644 --- a/crypto/heimdal/appl/kf/kf_locl.h +++ b/crypto/heimdal/appl/kf/kf_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kf_locl.h 11376 2002-09-04 20:29:04Z joda $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/crypto/heimdal/appl/kf/kfd.8 b/crypto/heimdal/appl/kf/kfd.8 index f6767498fe7..8b98c2180bd 100644 --- a/crypto/heimdal/appl/kf/kfd.8 +++ b/crypto/heimdal/appl/kf/kfd.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kfd.8 11648 2003-02-16 21:10:32Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd July 2, 2000 .Dt KFD 8 @@ -41,15 +41,15 @@ .Nm .Oo .Fl p Ar port | -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Oc .Op Fl i | -inetd .Oo .Fl R Ar regpag | -.Fl -regpag Ns = Ns Ar regpag +.Fl Fl regpag Ns = Ns Ar regpag .Oc .Op Fl h | -help -.Op Fl -version +.Op Fl Fl version .Sh DESCRIPTION This is the daemon for .Xr kf 1 . @@ -57,14 +57,14 @@ Supported options: .Bl -tag -width indent .It Xo .Fl p Ar port , -.Fl -port Ns = Ns Ar port +.Fl Fl port Ns = Ns Ar port .Xc port to listen to .It Fl i , -inetd not started from inetd .It Xo .Fl R Ar regpag , -.Fl -regpag= Ns Ar regpag +.Fl Fl regpag= Ns Ar regpag .Xc path to regpag binary .El diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c index 9d8c84c3902..71f48c9350f 100644 --- a/crypto/heimdal/appl/kf/kfd.c +++ b/crypto/heimdal/appl/kf/kfd.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kf_locl.h" -RCSID("$Id: kfd.c 15246 2005-05-27 13:47:20Z lha $"); +RCSID("$Id$"); krb5_context context; char krb5_tkfile[MAXPATHLEN]; @@ -76,7 +76,7 @@ server_setup(krb5_context *context, int argc, char **argv) print_version(NULL); exit(0); } - + if(port_str){ struct servent *s = roken_getservbyname(port_str, "tcp"); if(s) @@ -96,7 +96,7 @@ server_setup(krb5_context *context, int argc, char **argv) if(argv[local_argc] != NULL) usage(1, args, num_args); - + return port; } @@ -189,7 +189,7 @@ proto (int sock, const char *service) &sock, &remotename); if (status) krb5_err(context, 1, status, "krb5_read_message"); - status=krb5_read_priv_message (context, auth_context, + status=krb5_read_priv_message (context, auth_context, &sock, &tk_file); if (status) krb5_err(context, 1, status, "krb5_read_message"); @@ -274,14 +274,17 @@ proto (int sock, const char *service) data.data = ret_string; data.length = strlen(ret_string) + 1; - return krb5_write_priv_message(context, auth_context, &sock, &data); + status = krb5_write_priv_message(context, auth_context, &sock, &data); + krb5_auth_con_free(context, auth_context); + + return status; } static int doit (int port, const char *service) { if (do_inetd) - mini_inetd(port); + mini_inetd(port, NULL); return proto (STDIN_FILENO, service); } diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog index 2400808db41..68ab1d120a3 100644 --- a/crypto/heimdal/appl/login/ChangeLog +++ b/crypto/heimdal/appl/login/ChangeLog @@ -1,24 +1,35 @@ -2006-12-05 Love Hörnquist Åstrand +2008-04-15 Love Hörnquist Ã…strand + * utmp_login.c: Reorder to avoid prototype. + + * login_locl.h: If cygwin doesnt have WTMPX_FILE, it uses wtmp for + wtmpx http://www.cygwin.com/ml/cygwin/2006-12/msg00630.html + +2008-04-10 Love Hörnquist Ã…strand + + * utmp_login.c: Remove utmp warning on mac os x + +2006-12-05 Love Hörnquist Ã…strand + * limits_conf.c: Clear errno before calling the strtol - functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn + functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn Sandell. * limits_conf.c: Report to syslog strings that start with NUL; - prevents negative index array access. Ray Lai of OpenBSD via Björn + prevents negative index array access. Ray Lai of OpenBSD via Björn Sandell. -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: Add man_MANS to EXTRA_DIST -2006-09-22 Love Hörnquist Åstrand +2006-09-22 Love Hörnquist Ã…strand * read_string.c: try to not call signaction for signal 0 and use NSIG if it exists to determin how many signals there exists, also, only restore those signalhandlers that we got out. -2006-04-27 Love Hörnquist Åstrand +2006-04-27 Love Hörnquist Ã…strand * login_locl.h: Include "loginpaths.h" @@ -28,7 +39,7 @@ * login.c: log successful logins -2005-08-08 Love Hörnquist Åstrand +2005-08-08 Love Hörnquist Ã…strand * login.c (do_login): only do krb4_get_afs_tokens if we have done v4 authentication or done a 5to4 conversion of tickets. This is to @@ -66,11 +77,11 @@ * login.c: use krb5_appdefault_boolean instead of krb5_config_get_bool -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * login.c (krb5_to4): set client princ of the mcred -2003-07-07 Love Hörnquist Åstrand +2003-07-07 Love Hörnquist Ã…strand * login.c (krb5_to4): use krb5_cc_clear_mcred @@ -84,7 +95,7 @@ * login.access.5: login.access manual page -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * login.c: also need pag_set * login.c: if there is kerberos 5, call krb5_afslog\* diff --git a/crypto/heimdal/appl/login/Makefile.am b/crypto/heimdal/appl/login/Makefile.am index b7c9f93010a..c5a838d7ac9 100644 --- a/crypto/heimdal/appl/login/Makefile.am +++ b/crypto/heimdal/appl/login/Makefile.am @@ -1,9 +1,7 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_krb4) - man_MANS = login.1 login.access.5 bin_PROGRAMS = login @@ -14,7 +12,7 @@ login_SOURCES = \ login.c \ login_access.c \ login_locl.h \ - login_protos.h \ + login-protos.h \ loginpaths.h \ limits_conf.c \ osfc2.c \ @@ -28,16 +26,15 @@ login_SOURCES = \ LDADD = $(LIB_otp) \ $(LIB_kafs) \ $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) \ $(LIB_security) \ $(DBLIB) -$(srcdir)/login_protos.h: - cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h +$(srcdir)/login-protos.h: + cd $(srcdir); perl ../../cf/make-proto.pl -o login-protos.h -q -P comment $(login_SOURCES) || rm -f login-protos.h -$(login_OBJECTS): $(srcdir)/login_protos.h +$(login_OBJECTS): $(srcdir)/login-protos.h -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in index faa632ab8cf..570200c1cb1 100644 --- a/crypto/heimdal/appl/login/Makefile.in +++ b/crypto/heimdal/appl/login/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ bin_PROGRAMS = login$(EXEEXT) subdir = appl/login ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,15 +89,15 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \ "$(DESTDIR)$(man5dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \ login_access.$(OBJEXT) limits_conf.$(OBJEXT) osfc2.$(OBJEXT) \ @@ -105,12 +110,11 @@ am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \ $(am__DEPENDENCIES_1) login_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -122,6 +126,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(login_SOURCES) DIST_SOURCES = $(login_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 man5dir = $(mandir)/man5 MANS = $(man_MANS) @@ -132,49 +157,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -198,10 +232,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -218,6 +253,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -233,31 +270,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -272,10 +323,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -316,30 +369,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la man_MANS = login.1 login.access.5 login_SOURCES = \ @@ -348,7 +405,7 @@ login_SOURCES = \ login.c \ login_access.c \ login_locl.h \ - login_protos.h \ + login-protos.h \ loginpaths.h \ limits_conf.c \ osfc2.c \ @@ -362,30 +419,29 @@ login_SOURCES = \ LDADD = $(LIB_otp) \ $(LIB_kafs) \ $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) \ $(LIB_security) \ $(DBLIB) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/login/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/login/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/login/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/login/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -403,34 +459,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list login$(EXEEXT): $(login_OBJECTS) $(login_DEPENDENCIES) @rm -f login$(EXEEXT) $(LINK) $(login_OBJECTS) $(login_LDADD) $(LIBS) @@ -441,160 +513,188 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/env.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/limits_conf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_access.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/osfc2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/read_string.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadow.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stty_default.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tty.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utmp_login.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utmpx_login.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done -install-man5: $(man5_MANS) $(man_MANS) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -610,13 +710,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -651,6 +755,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -660,6 +765,7 @@ clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -670,6 +776,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -677,26 +785,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-man5 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -716,11 +833,10 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 uninstall-man5 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libtool ctags \ @@ -807,6 +923,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -892,7 +1011,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -906,10 +1025,11 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -$(srcdir)/login_protos.h: - cd $(srcdir); perl ../../cf/make-proto.pl -o login_protos.h -q -P comment $(login_SOURCES) || rm -f login_protos.h +$(srcdir)/login-protos.h: + cd $(srcdir); perl ../../cf/make-proto.pl -o login-protos.h -q -P comment $(login_SOURCES) || rm -f login-protos.h + +$(login_OBJECTS): $(srcdir)/login-protos.h -$(login_OBJECTS): $(srcdir)/login_protos.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/login/conf.c b/crypto/heimdal/appl/login/conf.c index 81a3c744023..2b141359c5e 100644 --- a/crypto/heimdal/appl/login/conf.c +++ b/crypto/heimdal/appl/login/conf.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,7 +32,7 @@ #include "login_locl.h" -RCSID("$Id: conf.c 8302 2000-05-29 16:52:24Z assar $"); +RCSID("$Id$"); static char *confbuf; diff --git a/crypto/heimdal/appl/login/env.c b/crypto/heimdal/appl/login/env.c index e1b33ba2366..98ae93086ba 100644 --- a/crypto/heimdal/appl/login/env.c +++ b/crypto/heimdal/appl/login/env.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" -RCSID("$Id: env.c 8476 2000-06-28 12:27:38Z joda $"); +RCSID("$Id$"); /* * the environment we will send to execle and the shell. @@ -59,16 +59,21 @@ add_env(const char *var, const char *value) if(str == NULL) errx(1, "Out of memory!"); for(i = 0; i < num_env; i++) - if(strncmp(env[i], var, strlen(var)) == 0 && + if(strncmp(env[i], var, strlen(var)) == 0 && env[i][strlen(var)] == '='){ free(env[i]); env[i] = str; return; } - + extend_env(str); } +#if !HAVE_DECL_ENVIRON +extern char **environ; +#endif + + void copy_env(void) { @@ -77,22 +82,24 @@ copy_env(void) extend_env(*p); } -int +void login_read_env(const char *file) { char **newenv; char *p; int i, j; - + newenv = NULL; i = read_environment(file, &newenv); for (j = 0; j < i; j++) { p = strchr(newenv[j], '='); + if (p == NULL) + errx(1, "%s: missing = in string %s", + file, newenv[j]); *p++ = 0; add_env(newenv[j], p); *--p = '='; free(newenv[j]); } free(newenv); - return 0; } diff --git a/crypto/heimdal/appl/login/limits_conf.c b/crypto/heimdal/appl/login/limits_conf.c index ac9837f1406..1068b967014 100644 --- a/crypto/heimdal/appl/login/limits_conf.c +++ b/crypto/heimdal/appl/login/limits_conf.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" -RCSID("$Id: limits_conf.c 19215 2006-12-04 23:41:18Z lha $"); +RCSID("$Id$"); #include #include @@ -91,7 +91,7 @@ find_limit(const char *name) /* this function reads limits.conf files similar to pam_limits unimplemented features include: % maxlogins - "-" no limits, + "-" no limits, priorities etc that are not set via setrlimit XXX uses static storage, and clobbers getgr* */ @@ -131,7 +131,7 @@ read_limits_conf(const char *file, const struct passwd *pwd) int c; while((c = fgetc(f)) != EOF) { eof = 0; - if(c == '\n') + if(c == '\n') break; } if(!eof) { @@ -192,12 +192,12 @@ read_limits_conf(const char *file, const struct passwd *pwd) continue; l->has_limit = level; } - + /* XXX unclear: if you soft to more than default hard, should we set hard to soft? this code doesn't. */ if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0) l->limit.rlim_cur = value; - if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) + if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) l->limit.rlim_max = value; } fclose(f); diff --git a/crypto/heimdal/appl/login/login_protos.h b/crypto/heimdal/appl/login/login-protos.h similarity index 99% rename from crypto/heimdal/appl/login/login_protos.h rename to crypto/heimdal/appl/login/login-protos.h index 7fdbb35ca12..92b5b8721fa 100644 --- a/crypto/heimdal/appl/login/login_protos.h +++ b/crypto/heimdal/appl/login/login-protos.h @@ -38,7 +38,7 @@ login_access ( char * login_conf_get_string (const char */*str*/); -int +void login_read_env (const char */*file*/); char * diff --git a/crypto/heimdal/appl/login/login.1 b/crypto/heimdal/appl/login/login.1 index 1ae4f3e5a14..b01e7872a6d 100644 --- a/crypto/heimdal/appl/login/login.1 +++ b/crypto/heimdal/appl/login/login.1 @@ -1,12 +1,11 @@ -.\" $Id: login.1 14891 2005-04-22 15:49:25Z joda $ -.\" +.\" $Id$ +.\" .Dd April 22, 2005 .Dt LOGIN 1 .Os HEIMDAL .Sh NAME .Nm login -.Nd -authenticate a user and start new session +.Nd authenticate a user and start new session .Sh SYNOPSIS .Nm .Op Fl fp @@ -14,8 +13,8 @@ authenticate a user and start new session .Op Fl h Ar hostname .Ar [username] .Sh DESCRIPTION -This manual page documents the -.Nm login +This manual page documents the +.Nm login program distributed with the Heimdal Kerberos 5 implementation, it may differ in important ways from your system version. .Pp @@ -23,7 +22,7 @@ The .Nm login programs logs users into the system. It is intended to be run by system daemons like -.Xr getty 8 +.Xr getty 8 or .Xr telnetd 8 . If you are already logged in, but want to change to another user, you @@ -33,16 +32,16 @@ should use A username can be given on the command line, else one will be prompted for. .Pp -A password is required to login, unless the +A password is required to login, unless the .Fl f option is given (indicating that the calling program has already done proper authentication). With .Fl f -the user will be logged in without further questions. +the user will be logged in without further questions. .Pp For password authentication Kerberos 5, Kerberos 4 (if compiled in), OTP (if compiled in) and local -.No ( Pa /etc/passwd ) +.No ( Pa /etc/passwd ) passwords are supported. OTP will be used if the the user is registered to use it, and .Nm login @@ -71,7 +70,7 @@ to preserve all environment variables. If not given, only the and .Dv TZ variables are preserved. It could be a security risk to pass random -variables to +variables to .Nm login or the user shell, so the calling daemon should make sure it only passes @@ -91,12 +90,12 @@ Then various system parameters are set up, like changing the owner of the tty to the user, setting up signals, setting the group list, and user and group id. Also various machine specific tasks are performed. .Pp -Next +Next .Nm login -changes to the users home directory, or if that fails, to +changes to the users home directory, or if that fails, to .Pa / . The environment is setup, by adding some required variables (such as -.Dv PATH ) , +.Dv PATH ) , and also authentication related ones (such as .Dv KRB5CCNAME ) . If an environment file exists @@ -108,31 +107,31 @@ If one or more login message files are configured, their contents is printed to the terminal. .Pp If a login time command is configured, it is executed. A logout time -command can also be configured, which makes +command can also be configured, which makes .Nm login fork, and wait for the user shell to exit, and then run the command. This can be used to clean up user credentials. .Pp Finally, the user's shell is executed. If the user logging in is root, -and root's login shell does not exist, a default shell (usually +and root's login shell does not exist, a default shell (usually .Pa /bin/sh ) is also tried before giving up. .Sh ENVIRONMENT -These environment variables are set by login (not including ones set by +These environment variables are set by login (not including ones set by .Pa /etc/environment ) : .Pp .Bl -tag -compact -width USERXXLOGNAME .It Dv PATH the default system path .It Dv HOME -the user's home directory (or possibly +the user's home directory (or possibly .Pa / ) .It Dv USER , Dv LOGNAME both set to the username .It Dv SHELL the user's shell .It Dv TERM , Dv TZ -set to whatever is passed to +set to whatever is passed to .Nm login .It Dv KRB5CCNAME if the password is verified via Kerberos 5, this will point to the @@ -145,7 +144,7 @@ ticket file .Bl -tag -compact -width Ds .It Pa /etc/environment Contains a set of environment variables that should be set in addition -to the ones above. It should contain sh-style assignments like +to the ones above. It should contain sh-style assignments like .Dq VARIABLE=value . Note that they are not parsed the way a shell would. No variable expansion is performed, and all strings are literal, and quotation @@ -161,7 +160,7 @@ FOO="this is a string" BAR= FOO='this is a string' .Ed .It Pa /etc/login.access -See +See .Xr login.access 5 . .It Pa /etc/login.conf This is a termcap style configuration file, that contains various @@ -205,14 +204,14 @@ programs typically print all sorts of information by default, such as last time you logged in, if you have mail, and system message files. This version of .Nm login -does not, so there is no reason for +does not, so there is no reason for .Pa .hushlogin files or similar. We feel that these tasks are best left to the user's -shell, but the +shell, but the .Li login_program facility allows for a shell independent solution, if that is desired. .Sh EXAMPLES -A +A .Pa login.conf file could look like: .Bd -literal -offset indent @@ -225,8 +224,8 @@ The .Pa limits.conf file consists of a table with four whitespace separated fields. First field is a username or a groupname (prefixed with -.Sq @ ) , -or +.Sq @ ) , +or .Sq * . Second field is .Sq soft , @@ -235,11 +234,11 @@ or .Sq - (the last meaning both soft and hard). Third field is a limit name (such as -.Sq cpu -or +.Sq cpu +or .Sq core ) . Last field is the limit value (a number or -.Sq - +.Sq - for unlimited). In the case of data sizes, the value is in kilobytes, and cputime is in minutes. .Sh SEE ALSO diff --git a/crypto/heimdal/appl/login/login.access.5 b/crypto/heimdal/appl/login/login.access.5 index 23290beb9cf..7edefa2019f 100644 --- a/crypto/heimdal/appl/login/login.access.5 +++ b/crypto/heimdal/appl/login/login.access.5 @@ -1,12 +1,11 @@ -.\" $Id: login.access.5 11902 2003-03-24 15:49:30Z joda $ -.\" +.\" $Id$ +.\" .Dd March 21, 2003 .Dt LOGIN.ACCESS 5 .Os HEIMDAL .Sh NAME .Nm login.access -.Nd -login access control table +.Nd login access control table .Sh DESCRIPTION The .Nm login.access @@ -14,7 +13,7 @@ file specifies on which ttys or from which hosts certain users are allowed to login. .Pp At login, the -.Pa /etc/login.access +.Pa /etc/login.access file is checked for the first entry that matches a specific user/host or user/tty combination. That entry can either allow or deny login access to that user. @@ -52,5 +51,5 @@ make the group match if the user also matches. .Sh AUTHORS The .Fn login_access -function was written by +function was written by Wietse Venema. This manual page was written for Heimdal. diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c index cc41097133b..6b16f0b7157 100644 --- a/crypto/heimdal/appl/login/login.c +++ b/crypto/heimdal/appl/login/login.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" @@ -42,7 +42,7 @@ #include #endif -RCSID("$Id: login.c 16498 2006-01-09 16:26:25Z joda $"); +RCSID("$Id$"); static int login_timeout = 60; @@ -100,7 +100,7 @@ start_logout_process(void) execle(prog, argv0, NULL, env); err(1, "exec %s", prog); } - } else if(ret < 0) + } else if(ret < 0) err(1, "waitpid"); } } @@ -110,7 +110,7 @@ exec_shell(const char *shell, int fallback) { char *sh; const char *p; - + extend_env(NULL); if(start_login_process() < 0) warn("login process"); @@ -125,7 +125,7 @@ exec_shell(const char *shell, int fallback) errx(1, "Out of memory"); execle(shell, sh, NULL, env); if(fallback){ - warnx("Can't exec %s, trying %s", + warnx("Can't exec %s, trying %s", shell, _PATH_BSHELL); execle(_PATH_BSHELL, "-sh", NULL, env); err(1, "%s", _PATH_BSHELL); @@ -133,11 +133,7 @@ exec_shell(const char *shell, int fallback) err(1, "%s", shell); } -static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth; - -#ifdef KRB4 -static krb5_boolean get_v4_tgt = FALSE; -#endif +static enum { NONE = 0, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth; #ifdef OTP static OtpContext otp_ctx; @@ -165,88 +161,21 @@ krb5_verify(struct passwd *pwd, const char *password) ret = krb5_parse_name(context, pwd->pw_name, &princ); if(ret) return 1; - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); if(ret) { krb5_free_principal(context, princ); return 1; } ret = krb5_verify_user_lrealm(context, - princ, + princ, id, - password, + password, 1, NULL); krb5_free_principal(context, princ); return ret; } -#ifdef KRB4 -static krb5_error_code -krb5_to4 (krb5_ccache id) -{ - krb5_error_code ret; - krb5_principal princ; - - ret = krb5_cc_get_principal(context, id, &princ); - if(ret == 0) { - krb5_appdefault_boolean(context, "login", - krb5_principal_get_realm(context, princ), - "krb4_get_tickets", FALSE, &get_v4_tgt); - krb5_free_principal(context, princ); - } else { - krb5_realm realm = NULL; - krb5_get_default_realm(context, &realm); - krb5_appdefault_boolean(context, "login", - realm, - "krb4_get_tickets", FALSE, &get_v4_tgt); - free(realm); - } - - if (get_v4_tgt) { - CREDENTIALS c; - krb5_creds mcred, cred; - char krb4tkfile[MAXPATHLEN]; - krb5_error_code ret; - krb5_principal princ; - - krb5_cc_clear_mcred(&mcred); - - ret = krb5_cc_get_principal (context, id, &princ); - if (ret) - return ret; - - ret = krb5_make_principal(context, &mcred.server, - princ->realm, - "krbtgt", - princ->realm, - NULL); - if (ret) { - krb5_free_principal(context, princ); - return ret; - } - mcred.client = princ; - - ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); - if(ret == 0) { - ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c); - if(ret == 0) { - snprintf(krb4tkfile,sizeof(krb4tkfile),"%s%d",TKT_ROOT, - getuid()); - krb_set_tkt_string(krb4tkfile); - tf_setup(&c, c.pname, c.pinst); - } - memset(&c, 0, sizeof(c)); - krb5_free_cred_contents(context, &cred); - } - if (ret != 0) - get_v4_tgt = FALSE; - krb5_free_principal(context, mcred.server); - krb5_free_principal(context, mcred.client); - } - return 0; -} -#endif /* KRB4 */ - static int krb5_start_session (const struct passwd *pwd) { @@ -254,7 +183,7 @@ krb5_start_session (const struct passwd *pwd) char residual[64]; /* copy credentials to file cache */ - snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u", + snprintf(residual, sizeof(residual), "FILE:/tmp/krb5cc_%u", (unsigned)pwd->pw_uid); krb5_cc_resolve(context, residual, &id2); ret = krb5_cc_copy_cache(context, id, id2); @@ -264,9 +193,6 @@ krb5_start_session (const struct passwd *pwd) krb5_cc_destroy (context, id2); return ret; } -#ifdef KRB4 - krb5_to4 (id2); -#endif krb5_cc_close(context, id2); krb5_cc_destroy(context, id); return 0; @@ -289,7 +215,7 @@ krb5_get_afs_tokens (const struct passwd *pwd) return; ret = krb5_cc_default(context, &id2); - + if (ret == 0) { pw_dir = pwd->pw_dir; @@ -309,63 +235,6 @@ krb5_get_afs_tokens (const struct passwd *pwd) #endif /* KRB5 */ -#ifdef KRB4 - -static int -krb4_verify(struct passwd *pwd, const char *password) -{ - char lrealm[REALM_SZ]; - int ret; - char ticket_file[MaxPathLen]; - - ret = krb_get_lrealm (lrealm, 1); - if (ret) - return 1; - - snprintf (ticket_file, sizeof(ticket_file), - "%s%u_%u", - TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid()); - - krb_set_tkt_string (ticket_file); - - ret = krb_verify_user (pwd->pw_name, "", lrealm, (char *)password, - KRB_VERIFY_SECURE_FAIL, NULL); - if (ret) - return 1; - - if (chown (ticket_file, pwd->pw_uid, pwd->pw_gid) < 0) { - dest_tkt(); - return 1; - } - - add_env ("KRBTKFILE", ticket_file); - return 0; -} - -static void -krb4_get_afs_tokens (const struct passwd *pwd) -{ - char cell[64]; - char *pw_dir; - - if (!k_hasafs ()) - return; - - pw_dir = pwd->pw_dir; - - if (!pag_set) { - k_setpag(); - pag_set = 1; - } - - if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0) - krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir); - - krb_afslog_uid_home (NULL, NULL, pwd->pw_uid, pwd->pw_dir); -} - -#endif /* KRB4 */ - static int f_flag; static int p_flag; #if 0 @@ -436,7 +305,7 @@ show_file(const char *file) fclose(f); } -/* +/* * Actually log in the user. `pwd' contains all the relevant * information about the user. `ttyn' is the complete name of the tty * and `tty' the short name. @@ -456,7 +325,7 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) if(!rootlogin) checknologin(); - + #ifdef HAVE_GETSPNAM sp = getspnam(pwd->pw_name); #endif @@ -496,7 +365,7 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) read_limits_conf(file, pwd); } - + #ifdef HAVE_SETPCRED if (setpcred (pwd->pw_name, NULL) == -1) warn("setpcred(%s)", pwd->pw_name); @@ -523,7 +392,7 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) /* make sure signals are set to default actions, apparently some OS:es like to ignore SIGINT, which is not very convenient */ - + for (i = 1; i < NSIG; ++i) signal(i, SIG_DFL); @@ -600,29 +469,12 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) if (auth == AUTH_KRB5) { krb5_start_session (pwd); } -#ifdef KRB4 - else if (auth == 0) { - krb5_error_code ret; - krb5_ccache id; - - ret = krb5_cc_default (context, &id); - if (ret == 0) { - krb5_to4 (id); - krb5_cc_close (context, id); - } - } -#endif /* KRB4 */ krb5_get_afs_tokens (pwd); krb5_finish (); #endif /* KRB5 */ -#ifdef KRB4 - if (auth == AUTH_KRB4 || get_v4_tgt) - krb4_get_afs_tokens (pwd); -#endif /* KRB4 */ - add_env("PATH", _PATH_DEFPATH); { @@ -682,12 +534,6 @@ check_password(struct passwd *pwd, const char *password) return 0; } #endif -#ifdef KRB4 - if (krb4_verify (pwd, password) == 0) { - auth = AUTH_KRB4; - return 0; - } -#endif #ifdef OTP if (otp_verify (pwd, password) == 0) { auth = AUTH_OTP; @@ -726,7 +572,7 @@ main(int argc, char **argv) int ask = 1; struct sigaction sa; - + setprogname(argv[0]); #ifdef KRB5 @@ -753,7 +599,7 @@ main(int argc, char **argv) print_version (NULL); return 0; } - + if (geteuid() != 0) errx(1, "only root may use login, use su"); @@ -841,7 +687,7 @@ main(int argc, char **argv) sig_handler(0); } } - + if(pwd == NULL){ fprintf(stderr, "Login incorrect.\n"); ask = 1; @@ -862,7 +708,7 @@ main(int argc, char **argv) tty = ttyn + strlen(_PATH_DEV); else tty = ttyn; - + if (login_access (pwd, remote_host ? remote_host : tty) == 0) { fprintf(stderr, "Permission denied\n"); if (remote_host) diff --git a/crypto/heimdal/appl/login/login_access.c b/crypto/heimdal/appl/login/login_access.c index e1bfe42ea1b..71b1fb1aa27 100644 --- a/crypto/heimdal/appl/login/login_access.c +++ b/crypto/heimdal/appl/login/login_access.c @@ -25,7 +25,7 @@ #include "login_locl.h" -RCSID("$Id: login_access.c 10020 2001-06-04 14:10:19Z assar $"); +RCSID("$Id$"); /* Delimiters for fields and for lists of users, ttys or hosts. */ @@ -101,13 +101,13 @@ int login_access(struct passwd *user, char *from) || !(users = strtok_r(NULL, fs, &foo)) || !(froms = strtok_r(NULL, fs, &foo)) || strtok_r(NULL, fs, &foo)) { - syslog(LOG_ERR, "%s: line %d: bad field count", + syslog(LOG_ERR, "%s: line %d: bad field count", _PATH_LOGACCESS, lineno); continue; } if (perm[0] != '+' && perm[0] != '-') { - syslog(LOG_ERR, "%s: line %d: bad first field", + syslog(LOG_ERR, "%s: line %d: bad first field", _PATH_LOGACCESS, lineno); continue; diff --git a/crypto/heimdal/appl/login/login_locl.h b/crypto/heimdal/appl/login/login_locl.h index 08b960c9c71..020eac889d0 100644 --- a/crypto/heimdal/appl/login/login_locl.h +++ b/crypto/heimdal/appl/login/login_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: login_locl.h 17302 2006-04-27 09:17:01Z lha $ */ +/* $Id$ */ #ifndef __LOGIN_LOCL_H__ #define __LOGIN_LOCL_H__ @@ -84,9 +84,6 @@ #ifdef HAVE_RPCSVC_YPCLNT_H #include #endif -#ifdef KRB4 -#include -#endif #ifdef KRB5 #include #endif @@ -126,6 +123,14 @@ #endif #endif +/* if cygwin doesnt have WTMPX_FILE, it uses wtmp for wtmpx + * http://www.cygwin.com/ml/cygwin/2006-12/msg00630.html */ +#ifdef __CYGWIN__ +#ifndef WTMPX_FILE +#define WTMPX_FILE WTMP_FILE +#endif +#endif + #ifndef _PATH_LOGACCESS #define _PATH_LOGACCESS SYSCONFDIR "/login.access" #endif /* _PATH_LOGACCESS */ @@ -145,6 +150,6 @@ struct spwd; extern char **env; extern int num_env; -#include "login_protos.h" +#include "login-protos.h" #endif /* __LOGIN_LOCL_H__ */ diff --git a/crypto/heimdal/appl/login/loginpaths.h b/crypto/heimdal/appl/login/loginpaths.h index 141f81e2db5..24ba2c0364e 100644 --- a/crypto/heimdal/appl/login/loginpaths.h +++ b/crypto/heimdal/appl/login/loginpaths.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: loginpaths.h 17299 2006-04-27 09:14:20Z lha $ */ +/* $Id$ */ #ifndef __LOGIN_PATH_H #define __LOGIN_PATH_H diff --git a/crypto/heimdal/appl/login/osfc2.c b/crypto/heimdal/appl/login/osfc2.c index e9c367937d4..d08b282e6b5 100644 --- a/crypto/heimdal/appl/login/osfc2.c +++ b/crypto/heimdal/appl/login/osfc2.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" -RCSID("$Id: osfc2.c 9704 2001-02-20 01:44:56Z assar $"); +RCSID("$Id$"); int do_osfc2_magic(uid_t uid) @@ -40,15 +40,15 @@ do_osfc2_magic(uid_t uid) #ifdef HAVE_OSFC2 struct es_passwd *epw; char *argv[2]; - + /* fake */ argv[0] = (char*)getprogname(); argv[1] = NULL; set_auth_parameters(1, argv); - + epw = getespwuid(uid); if(epw == NULL) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, + syslog(LOG_AUTHPRIV|LOG_NOTICE, "getespwuid failed for %d", uid); printf("Sorry.\n"); return 1; @@ -59,17 +59,17 @@ do_osfc2_magic(uid_t uid) any other kind of serious C2 mumbo-jumbo. We do, however, call setluid, since failing to do so is not very good (take my word for it). */ - + if(!epw->uflg->fg_uid) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, + syslog(LOG_AUTHPRIV|LOG_NOTICE, "attempted login by %s (has no uid)", epw->ufld->fd_name); printf("Sorry.\n"); return 1; } setluid(epw->ufld->fd_uid); if(getluid() != epw->ufld->fd_uid) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "failed to set LUID for %s (%d)", + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "failed to set LUID for %s (%d)", epw->ufld->fd_name, epw->ufld->fd_uid); printf("Sorry.\n"); return 1; diff --git a/crypto/heimdal/appl/login/read_string.c b/crypto/heimdal/appl/login/read_string.c index 925345e9309..eb61621a332 100644 --- a/crypto/heimdal/appl/login/read_string.c +++ b/crypto/heimdal/appl/login/read_string.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" -RCSID("$Id: read_string.c 18156 2006-09-22 15:42:39Z lha $"); +RCSID("$Id$"); static sig_atomic_t intr_flag; @@ -69,13 +69,13 @@ read_string(const char *prompt, char *buf, size_t len, int echo) sigemptyset(&sa.sa_mask); sa.sa_flags = 0; for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) - if (i != SIGALRM) + if (i != SIGALRM) if (sigaction(i, &sa, &sigs[i]) == 0) oksigs[i] = 1; if((tty = fopen("/dev/tty", "r")) == NULL) tty = stdin; - + fprintf(stderr, "%s", prompt); fflush(stderr); @@ -103,19 +103,19 @@ read_string(const char *prompt, char *buf, size_t len, int echo) if(of) p--; *p = 0; - + if(echo == 0){ printf("\n"); tcsetattr(fileno(tty), TCSANOW, &t_old); } - + if(tty != stdin) fclose(tty); for(i = 1; i < sizeof(sigs) / sizeof(sigs[0]); i++) if (oksigs[i]) sigaction(i, &sigs[i], NULL); - + if(ret) return -3; if(intr_flag) diff --git a/crypto/heimdal/appl/login/shadow.c b/crypto/heimdal/appl/login/shadow.c index 081fe1cb703..f8fb892eeaf 100644 --- a/crypto/heimdal/appl/login/shadow.c +++ b/crypto/heimdal/appl/login/shadow.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" -RCSID("$Id: shadow.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); #ifdef HAVE_SHADOW_H @@ -60,13 +60,13 @@ change_passwd(const struct passwd *who) } } -void +void check_shadow(const struct passwd *pw, const struct spwd *sp) { long today; today = time(0)/(24L * 60 * 60); - + if (sp == NULL) return; diff --git a/crypto/heimdal/appl/login/stty_default.c b/crypto/heimdal/appl/login/stty_default.c index df490489c97..286903f999b 100644 --- a/crypto/heimdal/appl/login/stty_default.c +++ b/crypto/heimdal/appl/login/stty_default.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,7 +33,7 @@ #include "login_locl.h" -RCSID("$Id: stty_default.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); #include @@ -95,6 +95,6 @@ stty_default(void) termios.c_cc[VEOF] = Ctl('D'); termios.c_cc[VSUSP] = Ctl('Z'); - + tcsetattr(0, TCSANOW, &termios); } diff --git a/crypto/heimdal/appl/login/tty.c b/crypto/heimdal/appl/login/tty.c index 8dd68eece73..91873ec4fe4 100644 --- a/crypto/heimdal/appl/login/tty.c +++ b/crypto/heimdal/appl/login/tty.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,7 +33,7 @@ #include "login_locl.h" -RCSID("$Id: tty.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); /* * Clean the tty name. Return a pointer to the cleaned version. @@ -61,7 +61,7 @@ char * make_id (char *tty) { char *res = tty; - + if (strncmp (res, "pts/", 4) == 0) res += 4; if (strncmp (res, "tty", 3) == 0) diff --git a/crypto/heimdal/appl/login/utmp_login.c b/crypto/heimdal/appl/login/utmp_login.c index 5f6c79c1397..da3d726da91 100644 --- a/crypto/heimdal/appl/login/utmp_login.c +++ b/crypto/heimdal/appl/login/utmp_login.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,7 +33,7 @@ #include "login_locl.h" -RCSID("$Id: utmp_login.c 9661 2001-02-08 16:08:47Z assar $"); +RCSID("$Id$"); /* try to put something useful from hostname into dst, dst_sz: * full name, first component or address */ @@ -77,8 +77,12 @@ shrink_hostname (const char *hostname, } } +/* update utmp and wtmp - the BSD way */ + +#if !defined(HAVE_UTMPX_H) || (defined(WTMP_FILE) && !defined(WTMPX_FILE)) + void -prepare_utmp (struct utmp *utmp, char *tty, +prepare_utmp (struct utmp *utmp, char *tty, const char *username, const char *hostname) { char *ttyx = clean_ttyname (tty); @@ -117,16 +121,15 @@ prepare_utmp (struct utmp *utmp, char *tty, strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id)); # endif } +#endif #ifdef HAVE_UTMPX_H void utmp_login(char *tty, const char *username, const char *hostname) -{ +{ return; } #else -/* update utmp and wtmp - the BSD way */ - void utmp_login(char *tty, const char *username, const char *hostname) { struct utmp utmp; @@ -159,4 +162,5 @@ void utmp_login(char *tty, const char *username, const char *hostname) close(fd); } } + #endif /* !HAVE_UTMPX_H */ diff --git a/crypto/heimdal/appl/login/utmpx_login.c b/crypto/heimdal/appl/login/utmpx_login.c index 5e25c09892d..8a3f88b60d0 100644 --- a/crypto/heimdal/appl/login/utmpx_login.c +++ b/crypto/heimdal/appl/login/utmpx_login.c @@ -18,7 +18,7 @@ #include "login_locl.h" -RCSID("$Id: utmpx_login.c 10020 2001-06-04 14:10:19Z assar $"); +RCSID("$Id$"); /* utmpx_login - update utmp and wtmp after login */ @@ -51,7 +51,7 @@ utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host) #ifdef WTMPX_FILE updwtmpx(WTMPX_FILE, ut); #elif defined(WTMP_FILE) - { + { /* XXX should be removed, just drop wtmp support */ struct utmp utmp; int fd; diff --git a/crypto/heimdal/appl/push/ChangeLog b/crypto/heimdal/appl/push/ChangeLog index d1ad46b8c83..ac4cb1ad4df 100644 --- a/crypto/heimdal/appl/push/ChangeLog +++ b/crypto/heimdal/appl/push/ChangeLog @@ -1,4 +1,4 @@ -2005-04-19 Love Hörnquist Åstrand +2005-04-19 Love Hörnquist Ã…strand * push.c: catch when snprint needs a larger buffer @@ -10,7 +10,7 @@ * push.c: fixed one incorrect fprintf to stderr -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * push.c: add names of pop states, add some more debugging and use fprintf(stderr) for all dbg stmts. diff --git a/crypto/heimdal/appl/push/Makefile.am b/crypto/heimdal/appl/push/Makefile.am index eb67943371f..a1b46ed6b34 100644 --- a/crypto/heimdal/appl/push/Makefile.am +++ b/crypto/heimdal/appl/push/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hesiod) +AM_CPPFLAGS += $(INCLUDE_hesiod) bin_SCRIPTS = pfrom @@ -18,10 +18,9 @@ man_MANS = push.8 pfrom.1 CLEANFILES = pfrom -EXTRA_DIST = pfrom.in $(man_MANS) +EXTRA_DIST = NTMakefile pfrom.in $(man_MANS) LDADD = $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_roken) \ $(LIB_hesiod) diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in index 9178f7ba79f..7f820dc8bff 100644 --- a/crypto/heimdal/appl/push/Makefile.in +++ b/crypto/heimdal/appl/push/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,17 +15,18 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -46,7 +48,7 @@ libexec_PROGRAMS = push$(EXEEXT) subdir = appl/push ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -61,7 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -75,9 +77,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -85,28 +90,47 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) am_push_OBJECTS = push.$(OBJEXT) push_OBJECTS = $(am_push_OBJECTS) push_LDADD = $(LDADD) am__DEPENDENCIES_1 = push_DEPENDENCIES = $(LIB_krb5) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -binSCRIPT_INSTALL = $(INSTALL_SCRIPT) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' SCRIPTS = $(bin_SCRIPTS) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -128,49 +152,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -194,10 +227,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -214,6 +248,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -229,31 +265,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -268,10 +318,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -312,38 +364,41 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) $(INCLUDE_hesiod) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_hesiod) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la bin_SCRIPTS = pfrom push_SOURCES = push.c push_locl.h man_MANS = push.8 pfrom.1 CLEANFILES = pfrom -EXTRA_DIST = pfrom.in $(man_MANS) +EXTRA_DIST = NTMakefile pfrom.in $(man_MANS) LDADD = $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_roken) \ $(LIB_hesiod) @@ -351,19 +406,19 @@ LDADD = $(LIB_krb5) \ all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/push/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/push/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/push/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/push/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -381,56 +436,87 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list push$(EXEEXT): $(push_OBJECTS) $(push_DEPENDENCIES) @rm -f push$(EXEEXT) $(LINK) $(push_OBJECTS) $(push_LDADD) $(LIBS) install-binSCRIPTS: $(bin_SCRIPTS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_SCRIPTS)'; for p in $$list; do \ + @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f $$d$$p; then \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \ - else :; fi; \ - done + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binSCRIPTS: @$(NORMAL_UNINSTALL) - @list='$(bin_SCRIPTS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -438,160 +524,177 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/push.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -607,13 +710,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -649,6 +756,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -659,6 +767,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -669,6 +778,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -676,26 +787,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binSCRIPTS install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -716,11 +836,10 @@ uninstall-am: uninstall-binSCRIPTS uninstall-libexecPROGRAMS \ uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \ @@ -808,6 +927,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -893,7 +1015,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -910,6 +1032,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) pfrom: pfrom.in sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@ chmod +x $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1 index e8f15618edb..bb474916862 100644 --- a/crypto/heimdal/appl/push/pfrom.1 +++ b/crypto/heimdal/appl/push/pfrom.1 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: pfrom.1 11648 2003-02-16 21:10:32Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd March 4, 2000 .Dt PFROM 1 @@ -39,13 +39,13 @@ .Nd "fetch a list of the current mail via POP" .Sh SYNOPSIS .Nm -.Op Fl 4 | Fl -krb4 -.Op Fl 5 | Fl -krb5 -.Op Fl v | Fl -verbose +.Op Fl 4 | Fl Fl krb4 +.Op Fl 5 | Fl Fl krb5 +.Op Fl v | Fl Fl verbose .Op Fl c | -count -.Op Fl -header +.Op Fl Fl header .Oo Fl p Ar port-spec \*(Ba Xo -.Fl -port= Ns Ar port-spec +.Fl Fl port= Ns Ar port-spec .Xc .Oc .Sh DESCRIPTION diff --git a/crypto/heimdal/appl/push/pfrom.in b/crypto/heimdal/appl/push/pfrom.in index 8af97ef19a0..e90141977d5 100644 --- a/crypto/heimdal/appl/push/pfrom.in +++ b/crypto/heimdal/appl/push/pfrom.in @@ -1,5 +1,5 @@ #!/bin/sh -# $Id: pfrom.in 5248 1998-11-24 13:25:47Z assar $ +# $Id$ libexecdir=%libexecdir% PATH=$libexecdir:$PATH export PATH diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8 index 985545e547d..557a7bb7491 100644 --- a/crypto/heimdal/appl/push/push.8 +++ b/crypto/heimdal/appl/push/push.8 @@ -1,4 +1,4 @@ -.\" $Id: push.8 11176 2002-08-20 17:07:29Z joda $ +.\" $Id$ .\" .Dd May 31, 1998 .Dt PUSH 8 @@ -8,16 +8,15 @@ .Nd fetch mail via POP .Sh SYNOPSIS .Nm -.Op Fl 4 | Fl -krb4 -.Op Fl 5 | Fl -krb5 -.Op Fl v | Fl -verbose -.Op Fl f | Fl -fork +.Op Fl 5 | Fl Fl krb5 +.Op Fl v | Fl Fl verbose +.Op Fl f | Fl Fl fork .Op Fl l | -leave -.Op Fl -from +.Op Fl Fl from .Op Fl c | -count -.Op Fl -headers Ns = Ns Ar headers +.Op Fl Fl headers Ns = Ns Ar headers .Oo Fl p Ar port-spec \*(Ba Xo -.Fl -port Ns = Ns Ar port-spec +.Fl Fl port Ns = Ns Ar port-spec .Xc .Oc .Ar po-box @@ -51,41 +50,36 @@ environment variable. Supported options: .Bl -tag -width Ds .It Xo -.Fl 4 , -.Fl -krb4 -.Xc -use Kerberos 4 (if compiled with support for Kerberos 4) -.It Xo .Fl 5 , -.Fl -krb5 +.Fl Fl krb5 .Xc use Kerberos 5 (if compiled with support for Kerberos 5) .It Xo .Fl f , -.Fl -fork +.Fl Fl fork .Xc fork before starting to delete messages .It Xo .Fl l , -.Fl -leave +.Fl Fl leave .Xc don't delete fetched mail .It Xo -.Fl -from +.Fl Fl from .Xc behave like from. .It Xo .Fl c , -.Fl -count +.Fl Fl count .Xc first print how many messages and bytes there are. .It Xo -.Fl -headers Ns = Ns Ar headers +.Fl Fl headers Ns = Ns Ar headers .Xc a list of comma-separated headers that should get printed. .It Xo .Fl p Ar port-spec , -.Fl -port Ns = Ns Ar port-spec +.Fl Fl port Ns = Ns Ar port-spec .Xc use this port instead of the default .Ql kpop diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c index 87a0be23472..5ccb954eeeb 100644 --- a/crypto/heimdal/appl/push/push.c +++ b/crypto/heimdal/appl/push/push.c @@ -1,41 +1,44 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "push_locl.h" -RCSID("$Id: push.c 14850 2005-04-19 18:00:17Z lha $"); +RCSID("$Id$"); -#ifdef KRB4 -static int use_v4 = -1; +#if defined(_AIX) && defined(STAT) +/* + * AIX defines STAT to 1 in sys/dir.h + */ +# undef STAT #endif #ifdef KRB5 @@ -54,10 +57,6 @@ static int do_count; static char *header_str; struct getargs args[] = { -#ifdef KRB4 - { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4", - NULL }, -#endif #ifdef KRB5 { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5", NULL }, @@ -134,12 +133,12 @@ do_connect (const char *hostname, int port, int nodelay) return s; } -typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP, +typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP, DELE, XDELE, QUIT} pop_state; static char *pop_state_string[] = { "INIT", "GREET", "USER", "PASS", "STAT", "RETR", "TOP", - "DELE", "XDELE", "QUIT" + "DELE", "XDELE", "QUIT" }; #define PUSH_BUFSIZ 65536 @@ -169,20 +168,20 @@ write_state_init (struct write_state *w, int fd) static void write_state_add (struct write_state *w, void *v, size_t len) { - if(w->niovecs == w->allociovecs) { - if(w->niovecs == w->maxiovecs) { - if(writev (w->fd, w->iovecs, w->niovecs) < 0) - err(1, "writev"); - w->niovecs = 0; - } else { - w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs); - w->iovecs = erealloc (w->iovecs, - w->allociovecs * sizeof(*w->iovecs)); - } - } - w->iovecs[w->niovecs].iov_base = v; - w->iovecs[w->niovecs].iov_len = len; - ++w->niovecs; + if(w->niovecs == w->allociovecs) { + if(w->niovecs == w->maxiovecs) { + if(writev (w->fd, w->iovecs, w->niovecs) < 0) + err(1, "writev"); + w->niovecs = 0; + } else { + w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs); + w->iovecs = erealloc (w->iovecs, + w->allociovecs * sizeof(*w->iovecs)); + } + } + w->iovecs[w->niovecs].iov_base = v; + w->iovecs[w->niovecs].iov_len = len; + ++w->niovecs; } static void @@ -219,7 +218,7 @@ doit(int s, size_t in_len = 0; char *in_ptr; pop_state state = INIT; - unsigned count, bytes; + unsigned count = 0, bytes; unsigned asked_for = 0, retrieved = 0, asked_deleted = 0, deleted = 0; unsigned sent_xdele = 0; int out_fd; @@ -227,7 +226,7 @@ doit(int s, size_t from_line_length; time_t now; struct write_state write_state; - int numheaders = 1; + unsigned int numheaders = 1; char **headers = NULL; int i; char *tmp = NULL; @@ -296,7 +295,7 @@ doit(int s, if (verbose > 1) fprintf (stderr, "state: %s count: %d asked_for: %d " "retrieved: %d asked_deleted: %d\n", - pop_state_string[state], + pop_state_string[state], count, asked_for, retrieved, asked_deleted); if (((state == STAT || state == RETR || state == TOP) @@ -311,12 +310,12 @@ doit(int s, else err (1, "select"); } - + if (FD_ISSET(s, &readset)) { char *beg, *p; size_t rem; int blank_line = 0; - + if(in_len >= in_buf_size) { char *tmp = erealloc(in_buf, in_buf_size + PUSH_BUFSIZ + 1); in_ptr = tmp + (in_ptr - in_buf); @@ -329,11 +328,11 @@ doit(int s, err (1, "read"); else if (ret == 0) errx (1, "EOF during read"); - + in_len += ret; in_ptr += ret; *in_ptr = '\0'; - + beg = in_buf; rem = in_len; while(rem > 1 @@ -406,7 +405,7 @@ doit(int s, ++copy; } *p = '\n'; - if(blank_line && + if(blank_line && strncmp(copy, "From ", min(p - copy + 1, 5)) == 0) write_state_add(&write_state, ">", 1); write_state_add(&write_state, copy, p - copy + 1); @@ -419,7 +418,7 @@ doit(int s, write_state_add(&write_state, from_line, from_line_length); blank_line = 0; - if (do_from) + if (do_from) state = TOP; else state = RETR; @@ -565,48 +564,6 @@ do_v5 (const char *host, } #endif -#ifdef KRB4 -static int -do_v4 (const char *host, - int port, - const char *user, - const char *filename, - const char *header_str, - int leavep, - int verbose, - int forkp) -{ - KTEXT_ST ticket; - MSG_DAT msg_data; - CREDENTIALS cred; - des_key_schedule sched; - int s; - int ret; - - s = do_connect (host, port, 1); - if (s < 0) - return 1; - ret = krb_sendauth(0, - s, - &ticket, - "pop", - (char *)host, - krb_realmofhost(host), - getpid(), - &msg_data, - &cred, - sched, - NULL, - NULL, - "KPOPV0.1"); - if(ret) { - warnx("krb_sendauth: %s", krb_get_err_text(ret)); - return 1; - } - return doit (s, host, user, filename, header_str, leavep, verbose, forkp); -} -#endif /* KRB4 */ - #ifdef HESIOD #ifdef HESIOD_INTERFACES @@ -763,13 +720,6 @@ main(int argc, char **argv) argc -= optind; argv += optind; -#if defined(KRB4) && defined(KRB5) - if(use_v4 == -1 && use_v5 == 1) - use_v4 = 0; - if(use_v5 == -1 && use_v4 == 1) - use_v5 = 0; -#endif - if (do_help) usage (0); @@ -777,7 +727,7 @@ main(int argc, char **argv) print_version(NULL); return 0; } - + if (do_from && header_str == NULL) header_str = "From:"; else if (header_str != NULL) @@ -818,10 +768,8 @@ main(int argc, char **argv) if (port == 0) { #ifdef KRB5 port = krb5_getportbyname (context, "kpop", "tcp", 1109); -#elif defined(KRB4) - port = k_getportbyname ("kpop", "tcp", htons(1109)); #else -#error must define KRB4 or KRB5 +#error must define KRB5 #endif } @@ -833,12 +781,5 @@ main(int argc, char **argv) do_leave, verbose_level, do_fork); } #endif - -#ifdef KRB4 - if (ret && use_v4) { - ret = do_v4 (host, port, user, filename, header_str, - do_leave, verbose_level, do_fork); - } -#endif /* KRB4 */ return ret; } diff --git a/crypto/heimdal/appl/push/push_locl.h b/crypto/heimdal/appl/push/push_locl.h index 0bcac64d805..52fc75711d5 100644 --- a/crypto/heimdal/appl/push/push_locl.h +++ b/crypto/heimdal/appl/push/push_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: push_locl.h 7463 1999-12-02 16:58:55Z joda $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include @@ -92,7 +92,3 @@ #ifdef KRB5 #include #endif - -#ifdef KRB4 -#include -#endif diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog index 6ae6a1db0fb..25a0a5176c8 100644 --- a/crypto/heimdal/appl/rcp/ChangeLog +++ b/crypto/heimdal/appl/rcp/ChangeLog @@ -1,12 +1,17 @@ -2007-12-13 Love Hörnquist Åstrand +2008-04-17 Love Hörnquist Ã…strand + + * Sync with NetBSD rcp, add v6 parsing support and no setuid code + at all. + +2007-12-13 Love Hörnquist Ã…strand * Makefile.am: Add missing files, from Buchan Milne. -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * Makefile.am: more files -2006-08-08 Love Hörnquist Åstrand +2006-08-08 Love Hörnquist Ã…strand * util.c: Check return values from setuid, prompted by MIT advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus @@ -20,16 +25,16 @@ advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084. -2005-10-22 Love Hörnquist Åstrand +2005-10-22 Love Hörnquist Ã…strand * rcp.c: Check return value from asprintf instead of string != - NULL since it undefined behavior on Linux. From Björn Sandell + NULL since it undefined behavior on Linux. From Björn Sandell -2005-08-30 Love Hörnquist Åstrand +2005-08-30 Love Hörnquist Ã…strand * util.c: Explicit typecast to avoid signess warning. -2005-05-29 Love Hörnquist Åstrand +2005-05-29 Love Hörnquist Ã…strand * rcp_locl.h: undef _PATH_RSH to make sure our version is used @@ -38,11 +43,11 @@ * rcp.c: MODEMASK is defined in sys/vnode.h on Solaris, so undef it before we define our own. -2005-04-27 Love Hörnquist Åstrand +2005-04-27 Love Hörnquist Ã…strand * rcp_locl.h: use BINDIR instead of "/usr/bin/ with _PATH_RSH -2005-04-18 Love Hörnquist Åstrand +2005-04-18 Love Hörnquist Ã…strand * util.c: use unsigned char * to make sure its not negative when passing it to is* functions diff --git a/crypto/heimdal/appl/rcp/Makefile.am b/crypto/heimdal/appl/rcp/Makefile.am index 6b2295a3f65..39d67be05ac 100644 --- a/crypto/heimdal/appl/rcp/Makefile.am +++ b/crypto/heimdal/appl/rcp/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 22281 2007-12-13 20:35:52Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -10,6 +10,6 @@ rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h man_MANS = rcp.1 -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) LDADD = $(LIB_roken) diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in index 2ee015181aa..2a764d6bbab 100644 --- a/crypto/heimdal/appl/rcp/Makefile.in +++ b/crypto/heimdal/appl/rcp/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 22281 2007-12-13 20:35:52Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ bin_PROGRAMS = rcp$(EXEEXT) subdir = appl/rcp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,23 +89,23 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am_rcp_OBJECTS = rcp.$(OBJEXT) util.$(OBJEXT) rcp_OBJECTS = $(am_rcp_OBJECTS) rcp_LDADD = $(LDADD) am__DEPENDENCIES_1 = rcp_DEPENDENCIES = $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -112,6 +117,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(rcp_SOURCES) DIST_SOURCES = $(rcp_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 MANS = $(man_MANS) ETAGS = etags @@ -121,49 +147,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -187,10 +222,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -207,6 +243,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -222,31 +260,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -261,10 +313,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -305,51 +359,55 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_krb4) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h man_MANS = rcp.1 -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) LDADD = $(LIB_roken) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/rcp/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/rcp/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/rcp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/rcp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -367,34 +425,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list rcp$(EXEEXT): $(rcp_OBJECTS) $(rcp_DEPENDENCIES) @rm -f rcp$(EXEEXT) $(LINK) $(rcp_OBJECTS) $(rcp_LDADD) $(LIBS) @@ -405,115 +479,140 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rcp.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -529,13 +628,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -570,6 +673,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -579,6 +683,7 @@ clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -589,6 +694,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -596,26 +703,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -635,11 +751,10 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libtool ctags \ @@ -726,6 +841,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -811,7 +929,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -824,6 +942,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/rcp/extern.h b/crypto/heimdal/appl/rcp/extern.h index a98456d305e..3878175c17b 100644 --- a/crypto/heimdal/appl/rcp/extern.h +++ b/crypto/heimdal/appl/rcp/extern.h @@ -43,9 +43,10 @@ extern int iamremote; BUF *allocbuf (BUF *, int, int); char *colon (char *); +char *unbracket(char *); void lostconn (int); void nospace (void); int okname (char *); void run_err (const char *, ...); -int susystem (char *, int); +int susystem (char *); void verifydir (char *); diff --git a/crypto/heimdal/appl/rcp/rcp.1 b/crypto/heimdal/appl/rcp/rcp.1 index 920a4f7d134..e56491cfcb4 100644 --- a/crypto/heimdal/appl/rcp/rcp.1 +++ b/crypto/heimdal/appl/rcp/rcp.1 @@ -1,12 +1,11 @@ -.\" $Id: rcp.1 12025 2003-04-16 12:20:43Z joda $ +.\" $Id$ .\" .Dd April 16, 2003 .Dt RCP 1 .Os HEIMDAL .Sh NAME .Nm rcp -.Nd -copy file to and from remote machines +.Nd copy file to and from remote machines .Sh SYNOPSIS .Nm rcp .Op Fl 45FKpxz @@ -18,7 +17,7 @@ copy file to and from remote machines .Ar file... directory .Sh DESCRIPTION .Nm rcp -copies files between machines. Each file argument is either a remote file name of the form +copies files between machines. Each file argument is either a remote file name of the form .Dq rname@rhost:path or a local file (containing no colon or with a slash before the first colon). @@ -26,11 +25,11 @@ colon). Supported options: .Bl -tag -width Ds .It Xo -.Fl 4 , -.Fl 5 , -.Fl K , -.Fl F , -.Fl x , +.Fl 4 , +.Fl 5 , +.Fl K , +.Fl F , +.Fl x , .Fl z .Xc These options are passed on to @@ -38,7 +37,7 @@ These options are passed on to .It Fl P Ar port This will pass the option .Fl p Ar port -to +to .Xr rsh 1 . .It Fl p Preserve file permissions. @@ -59,7 +58,7 @@ connection". .\".Sh SEE ALSO .\".Sh STANDARDS .Sh HISTORY -The +The .Nm rcp utility first appeared in 4.2BSD. This version is derived from 4.3BSD-Reno. diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c index 9a138c78460..9297af6d7b3 100644 --- a/crypto/heimdal/appl/rcp/rcp.c +++ b/crypto/heimdal/appl/rcp/rcp.c @@ -10,11 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -105,7 +101,7 @@ main(int argc, char **argv) print_version (NULL); return 0; } - + iamremote = (fflag || tflag); argc -= optind; @@ -118,16 +114,12 @@ main(int argc, char **argv) remout = STDOUT_FILENO; if (fflag) { /* Follow "protocol", send data. */ - response(); - if (setuid(userid) < 0) - errx(1, "setuid failed"); + (void)response(); source(argc, argv); exit(errs); } if (tflag) { /* Receive data. */ - if (setuid(userid) < 0) - errx(1, "setuid failed"); sink(argc, argv); exit(errs); } @@ -140,7 +132,7 @@ main(int argc, char **argv) remin = remout = -1; /* Command to be executed on remote system using "rsh". */ snprintf(cmd, sizeof(cmd), - "rcp%s%s%s", iamrecursive ? " -r" : "", + "rcp%s%s%s", iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); signal(SIGPIPE, lostconn); @@ -165,7 +157,7 @@ toremote(char *targ, int argc, char **argv) if (*targ == 0) targ = "."; - if ((thost = strchr(argv[argc - 1], '@'))) { + if ((thost = strchr(argv[argc - 1], '@')) != NULL) { /* user@host */ *thost++ = 0; tuser = argv[argc - 1]; @@ -177,6 +169,7 @@ toremote(char *targ, int argc, char **argv) thost = argv[argc - 1]; tuser = NULL; } + thost = unbracket(thost); for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); @@ -188,6 +181,7 @@ toremote(char *targ, int argc, char **argv) host = strchr(argv[i], '@'); if (host) { *host++ = '\0'; + host = unbracket(host); suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; @@ -195,21 +189,22 @@ toremote(char *targ, int argc, char **argv) continue; ret = asprintf(&bp, "%s%s %s -l %s -n %s %s '%s%s%s:%s'", - _PATH_RSH, eflag ? " -e" : "", + _PATH_RSH, eflag ? " -e" : "", host, suser, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else { + host = unbracket(argv[i]); ret = asprintf(&bp, "exec %s%s %s -n %s %s '%s%s%s:%s'", - _PATH_RSH, eflag ? " -e" : "", - argv[i], cmd, src, + _PATH_RSH, eflag ? " -e" : "", + host, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } if (ret == -1) err (1, "malloc"); - susystem(bp, userid); + susystem(bp); free(bp); } else { /* local to remote */ if (remin == -1) { @@ -223,8 +218,6 @@ toremote(char *targ, int argc, char **argv) if (response() < 0) exit(1); free(bp); - if (setuid(userid) < 0) - errx(1, "setuid failed"); } source(1, argv+i); } @@ -246,7 +239,7 @@ tolocal(int argc, char **argv) argv[i], argv[argc - 1]); if (ret == -1) err (1, "malloc"); - if (susystem(bp, userid)) + if (susystem(bp)) ++errs; free(bp); continue; @@ -275,8 +268,6 @@ tolocal(int argc, char **argv) } free(bp); sink(1, argv + argc - 1); - if (seteuid(0) < 0) - exit(1); close(remin); remin = remout = -1; } @@ -289,7 +280,8 @@ source(int argc, char **argv) static BUF buffer; BUF *bp; off_t i; - int amt, fd, haderr, indx, result; + off_t amt; + int fd, haderr, indx, result; char *last, *name, buf[BUFSIZ]; for (indx = 0; indx < argc; ++indx) { @@ -300,16 +292,10 @@ source(int argc, char **argv) syserr: run_err("%s: %s", name, strerror(errno)); goto next; } - switch (stb.st_mode & S_IFMT) { - case S_IFREG: - break; - case S_IFDIR: - if (iamrecursive) { - rsource(name, &stb); - goto next; - } - /* FALLTHROUGH */ - default: + if (S_ISDIR(stb.st_mode) && iamrecursive) { + rsource(name, &stb); + goto next; + } else if (!S_ISREG(stb.st_mode)) { run_err("%s: not a regular file", name); goto next; } @@ -332,7 +318,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); #undef MODEMASK #define MODEMASK (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) snprintf(buf, sizeof(buf), "C%04o %lu %s\n", - stb.st_mode & MODEMASK, + (unsigned int)(stb.st_mode & MODEMASK), (unsigned long)stb.st_size, last); write(remout, buf, strlen(buf)); @@ -349,14 +335,14 @@ next: close(fd); if (i + amt > stb.st_size) amt = stb.st_size - i; if (!haderr) { - result = read(fd, bp->buf, amt); + result = read(fd, bp->buf, (size_t)amt); if (result != amt) haderr = result >= 0 ? EIO : errno; } if (haderr) write(remout, bp->buf, amt); else { - result = write(remout, bp->buf, amt); + result = write(remout, bp->buf, (size_t)amt); if (result != amt) haderr = result >= 0 ? EIO : errno; } @@ -398,13 +384,14 @@ rsource(char *name, struct stat *statp) } } snprintf(path, sizeof(path), - "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last); + "D%04o %d %s\n", + (unsigned int)(statp->st_mode & MODEMASK), 0, last); write(remout, path, strlen(path)); if (response() < 0) { closedir(dirp); return; } - while ((dp = readdir(dirp))) { + while ((dp = readdir(dirp)) != NULL) { if (dp->d_ino == 0) continue; if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) @@ -600,7 +587,7 @@ bad: run_err("%s: %s", np, strerror(errno)); if (count == bp->cnt) { /* Keep reading so we stay sync'd up. */ if (wrerr == NO) { - j = write(ofd, bp->buf, count); + j = write(ofd, bp->buf, (size_t)count); if (j != count) { wrerr = YES; wrerrno = j >= 0 ? EIO : errno; @@ -611,7 +598,7 @@ bad: run_err("%s: %s", np, strerror(errno)); } } if (count != 0 && wrerr == NO && - (j = write(ofd, bp->buf, count)) != count) { + (j = write(ofd, bp->buf, (size_t)count)) != count) { wrerr = YES; wrerrno = j >= 0 ? EIO : errno; } @@ -723,7 +710,7 @@ run_err(const char *fmt, ...) * If it cannot create necessary pipes it exits with error message. */ -int +int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; diff --git a/crypto/heimdal/appl/rcp/rcp_locl.h b/crypto/heimdal/appl/rcp/rcp_locl.h index 4dc6d5f8eb7..ad85d868a51 100644 --- a/crypto/heimdal/appl/rcp/rcp_locl.h +++ b/crypto/heimdal/appl/rcp/rcp_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: rcp_locl.h 15285 2005-05-29 18:24:43Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/crypto/heimdal/appl/rcp/util.c b/crypto/heimdal/appl/rcp/util.c index fe9e899ffc8..e6ad54c0b9b 100644 --- a/crypto/heimdal/appl/rcp/util.c +++ b/crypto/heimdal/appl/rcp/util.c @@ -43,7 +43,7 @@ static const char rcsid[] = #include "rcp_locl.h" -RCSID("$Id: util.c 17878 2006-08-08 21:43:58Z lha $"); +RCSID("$Id$"); char * colon(cp) @@ -61,6 +61,21 @@ colon(cp) return (0); } +char * +unbracket(char *cp) +{ + char *ep; + + if (*cp == '[') { + ep = cp + (strlen(cp) - 1); + if (*ep == ']') { + *ep = '\0'; + ++cp; + } + } + return (cp); +} + void verifydir(cp) char *cp; @@ -98,8 +113,7 @@ bad: warnx("%s: invalid user name", cp0); } int -susystem(s, userid) - int userid; +susystem(s) char *s; { void (*istat)(int), (*qstat)(int); @@ -112,8 +126,6 @@ susystem(s, userid) return (127); case 0: - if (setuid(userid) < 0) - _exit(127); execl(_PATH_BSHELL, "sh", "-c", s, NULL); _exit(127); } diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog index e78ff25a8ae..18202873f5a 100644 --- a/crypto/heimdal/appl/rsh/ChangeLog +++ b/crypto/heimdal/appl/rsh/ChangeLog @@ -1,27 +1,27 @@ -2007-07-12 Love Hörnquist Åstrand +2007-07-12 Love Hörnquist Ã…strand * rsh.c: Fix pointer vs strict alias rules. * rshd.c: Fix pointer vs strict alias rules. -2007-01-04 Love Hörnquist Åstrand +2007-01-04 Love Hörnquist Ã…strand * rshd.c: Declare iruserok if needed, based on bug report from David Love. -2006-11-14 Love Hörnquist Åstrand +2006-11-14 Love Hörnquist Ã…strand * rsh_locl.h: Forward decl. -2006-10-14 Love Hörnquist Åstrand +2006-10-14 Love Hörnquist Ã…strand * rsh_locl.h: Include "crypto-headers.h". -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: Add man_MANS to EXTRA_DIST -2006-04-27 Love Hörnquist Åstrand +2006-04-27 Love Hörnquist Ã…strand * Makefile.am: rshd_SOURCES += add limits_conf.c @@ -38,30 +38,30 @@ * rshd.c (krb5_start_session): syslog failures to store cred cache -2005-12-21 Love Hörnquist Åstrand +2005-12-21 Love Hörnquist Ã…strand * rshd.c (doit): move creation of users ticket file to later to avoid seteuid/setuid dance. this breaks DCE, so remove support for it completely. -2005-10-22 Love Hörnquist Åstrand +2005-10-22 Love Hörnquist Ã…strand * rshd.c: Check return value from asprintf instead of string != - NULL since it undefined behavior on Linux. From Björn Sandell + NULL since it undefined behavior on Linux. From Björn Sandell * rsh.c: Check return value from asprintf instead of string != - NULL since it undefined behavior on Linux. From Björn Sandell + NULL since it undefined behavior on Linux. From Björn Sandell -2005-06-08 Love Hörnquist Åstrand +2005-06-08 Love Hörnquist Ã…strand * rshd.c: init some important variables and check that they are set checking authentication, all to please gcc -2005-05-27 Love Hörnquist Åstrand +2005-05-27 Love Hörnquist Ã…strand * rshd.c: case uid_t to unsigned long in printf format -2005-04-27 Love Hörnquist Åstrand +2005-04-27 Love Hörnquist Ã…strand * rsh_locl.h: Use larger buffer for recving data to be compatible with older versions of heimdal (0.4 branch specificly) @@ -69,11 +69,11 @@ * rshd.c: Use larger buffer for recving data to be compatible with older versions of heimdal (0.4 branch specificly) -2005-04-25 Love Hörnquist Åstrand +2005-04-25 Love Hörnquist Ã…strand * rshd.c: use snprintf to format tkfile -2005-04-24 Love Hörnquist Åstrand +2005-04-24 Love Hörnquist Ã…strand * rsh.c: use strlcat @@ -81,7 +81,7 @@ * rsh_locl.h: forward declaration for private structures -2005-04-20 Love Hörnquist Åstrand +2005-04-20 Love Hörnquist Ã…strand * rsh.c: cast size_t to unsigned long @@ -119,7 +119,7 @@ * rshd.c: -P also with KRB5 -2003-04-22 Love Hörnquist Åstrand +2003-04-22 Love Hörnquist Ã…strand * rsh.1: replace > with \*[Gt] @@ -138,7 +138,7 @@ * rsh.c (loop): only check errsock if it's valid -2003-03-18 Love Love Hörnquist Åstrand +2003-03-18 Love Love Hörnquist Ã…strand * rshd.c: do krb5_afslog when compling with afs support diff --git a/crypto/heimdal/appl/rsh/Makefile.am b/crypto/heimdal/appl/rsh/Makefile.am index 6377e02c712..2cd18752f84 100644 --- a/crypto/heimdal/appl/rsh/Makefile.am +++ b/crypto/heimdal/appl/rsh/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_krb4) -I$(srcdir)/../login +AM_CPPFLAGS += -I$(srcdir)/../login $(INCLUDE_hcrypto) bin_PROGRAMS = rsh @@ -22,8 +22,7 @@ limits_conf.c: LDADD = $(LIB_kafs) \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in index 6c7651c65fd..c2ec70e0eae 100644 --- a/crypto/heimdal/appl/rsh/Makefile.in +++ b/crypto/heimdal/appl/rsh/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -46,7 +48,7 @@ libexec_PROGRAMS = rshd$(EXEEXT) subdir = appl/rsh ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -61,7 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -75,9 +77,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -85,16 +90,15 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT) rsh_OBJECTS = $(am_rsh_OBJECTS) @@ -103,18 +107,16 @@ am__DEPENDENCIES_1 = am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \ $(am__DEPENDENCIES_1) rsh_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) \ login_access.$(OBJEXT) limits_conf.$(OBJEXT) rshd_OBJECTS = $(am_rshd_OBJECTS) rshd_LDADD = $(LDADD) rshd_DEPENDENCIES = $(am__DEPENDENCIES_2) $(LIB_krb5) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -126,6 +128,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(rsh_SOURCES) $(rshd_SOURCES) DIST_SOURCES = $(rsh_SOURCES) $(rshd_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 man8dir = $(mandir)/man8 MANS = $(man_MANS) @@ -136,49 +159,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -202,10 +234,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -222,6 +255,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -237,31 +272,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -276,10 +325,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -320,57 +371,61 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) -I$(srcdir)/../login +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/../login \ + $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la man_MANS = rsh.1 rshd.8 rsh_SOURCES = rsh.c common.c rsh_locl.h rshd_SOURCES = rshd.c common.c login_access.c limits_conf.c rsh_locl.h LDADD = $(LIB_kafs) \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/rsh/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/rsh/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/rsh/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/rsh/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -388,62 +443,93 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list rsh$(EXEEXT): $(rsh_OBJECTS) $(rsh_DEPENDENCIES) @rm -f rsh$(EXEEXT) $(LINK) $(rsh_OBJECTS) $(rsh_LDADD) $(LIBS) @@ -457,160 +543,181 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/limits_conf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_access.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsh.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rshd.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -626,13 +733,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -667,6 +778,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -677,6 +789,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -687,6 +800,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -694,26 +809,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -734,11 +858,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \ uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ @@ -827,6 +950,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -912,7 +1038,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -931,6 +1057,7 @@ login_access.c: limits_conf.c: $(LN_S) $(srcdir)/../login/limits_conf.c . + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/rsh/common.c b/crypto/heimdal/appl/rsh/common.c index 84311b00e18..79017c33c26 100644 --- a/crypto/heimdal/appl/rsh/common.c +++ b/crypto/heimdal/appl/rsh/common.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "rsh_locl.h" -RCSID("$Id: common.c 17450 2006-05-05 11:11:43Z lha $"); +RCSID("$Id$"); -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) #ifdef KRB5 int key_usage = 1026; @@ -74,11 +74,6 @@ ssize_t do_read (int fd, void *buf, size_t sz, void *ivec) { if (do_encrypt) { -#ifdef KRB4 - if (auth_method == AUTH_KRB4) { - return des_enc_read (fd, buf, sz, schedule, &iv); - } else -#endif /* KRB4 */ #ifdef KRB5 if(auth_method == AUTH_KRB5) { krb5_error_code ret; @@ -102,13 +97,15 @@ do_read (int fd, void *buf, size_t sz, void *ivec) if (edata == NULL) errx (1, "malloc: cannot allocate %u bytes", outer_len); ret = krb5_net_read (context, &fd, edata, outer_len); - if (ret <= 0) + if (ret <= 0) { + free(edata); return ret; + } - status = krb5_decrypt_ivec(context, crypto, key_usage, + status = krb5_decrypt_ivec(context, crypto, key_usage, edata, outer_len, &data, ivec); free (edata); - + if (status) krb5_err (context, 1, status, "decrypting data"); if(ivec != NULL) { @@ -134,11 +131,6 @@ ssize_t do_write (int fd, void *buf, size_t sz, void *ivec) { if (do_encrypt) { -#ifdef KRB4 - if(auth_method == AUTH_KRB4) { - return des_enc_write (fd, buf, sz, schedule, &iv); - } else -#endif /* KRB4 */ #ifdef KRB5 if(auth_method == AUTH_KRB5) { krb5_error_code status; @@ -177,4 +169,4 @@ do_write (int fd, void *buf, size_t sz, void *ivec) } else return write (fd, buf, sz); } -#endif /* KRB4 || KRB5 */ +#endif /* KRB5 */ diff --git a/crypto/heimdal/appl/rsh/limits_conf.c b/crypto/heimdal/appl/rsh/limits_conf.c index ac9837f1406..1068b967014 100644 --- a/crypto/heimdal/appl/rsh/limits_conf.c +++ b/crypto/heimdal/appl/rsh/limits_conf.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "login_locl.h" -RCSID("$Id: limits_conf.c 19215 2006-12-04 23:41:18Z lha $"); +RCSID("$Id$"); #include #include @@ -91,7 +91,7 @@ find_limit(const char *name) /* this function reads limits.conf files similar to pam_limits unimplemented features include: % maxlogins - "-" no limits, + "-" no limits, priorities etc that are not set via setrlimit XXX uses static storage, and clobbers getgr* */ @@ -131,7 +131,7 @@ read_limits_conf(const char *file, const struct passwd *pwd) int c; while((c = fgetc(f)) != EOF) { eof = 0; - if(c == '\n') + if(c == '\n') break; } if(!eof) { @@ -192,12 +192,12 @@ read_limits_conf(const char *file, const struct passwd *pwd) continue; l->has_limit = level; } - + /* XXX unclear: if you soft to more than default hard, should we set hard to soft? this code doesn't. */ if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0) l->limit.rlim_cur = value; - if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) + if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0) l->limit.rlim_max = value; } fclose(f); diff --git a/crypto/heimdal/appl/rsh/login_access.c b/crypto/heimdal/appl/rsh/login_access.c index e1bfe42ea1b..71b1fb1aa27 100644 --- a/crypto/heimdal/appl/rsh/login_access.c +++ b/crypto/heimdal/appl/rsh/login_access.c @@ -25,7 +25,7 @@ #include "login_locl.h" -RCSID("$Id: login_access.c 10020 2001-06-04 14:10:19Z assar $"); +RCSID("$Id$"); /* Delimiters for fields and for lists of users, ttys or hosts. */ @@ -101,13 +101,13 @@ int login_access(struct passwd *user, char *from) || !(users = strtok_r(NULL, fs, &foo)) || !(froms = strtok_r(NULL, fs, &foo)) || strtok_r(NULL, fs, &foo)) { - syslog(LOG_ERR, "%s: line %d: bad field count", + syslog(LOG_ERR, "%s: line %d: bad field count", _PATH_LOGACCESS, lineno); continue; } if (perm[0] != '+' && perm[0] != '-') { - syslog(LOG_ERR, "%s: line %d: bad first field", + syslog(LOG_ERR, "%s: line %d: bad first field", _PATH_LOGACCESS, lineno); continue; diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1 index 2999dc06a29..0b0701f43cb 100644 --- a/crypto/heimdal/appl/rsh/rsh.1 +++ b/crypto/heimdal/appl/rsh/rsh.1 @@ -1,43 +1,42 @@ -.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: rsh.1 13394 2004-02-20 12:21:42Z joda $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd February 20, 2004 .Dt RSH 1 .Os HEIMDAL .Sh NAME .Nm rsh -.Nd -remote shell +.Nd remote shell .Sh SYNOPSIS .Nm .Op Fl 45FGKdefnuxz @@ -63,7 +62,7 @@ Valid options are: .Bl -tag -width Ds .It Xo .Fl 4 , -.Fl -krb4 +.Fl Fl krb4 .Xc The .Fl 4 @@ -72,7 +71,7 @@ authentication mechanisms will be tried, but in some cases more explicit control is desired. .It Xo .Fl 5 , -.Fl -krb5 +.Fl Fl krb5 .Xc The .Fl 5 @@ -81,7 +80,7 @@ option requests Kerberos 5 authentication. This is analogous to the option. .It Xo .Fl K , -.Fl -broken +.Fl Fl broken .Xc The .Fl K @@ -90,7 +89,7 @@ mode relies on reserved ports. The long name is an indication of how good this is. .It Xo .Fl n , -.Fl -no-input +.Fl Fl no-input .Xc The .Fl n @@ -105,13 +104,13 @@ Enable socket debugging. .It Xo .Fl e , -.Fl -no-stderr +.Fl Fl no-stderr .Xc Don't use a separate socket for the stderr stream. This can be necessary if rsh-ing through a NAT bridge. .It Xo .Fl x , -.Fl -encrypt +.Fl Fl encrypt .Xc The .Fl x @@ -127,12 +126,12 @@ The opposite of This is the default, and is mainly useful if encryption has been enabled by default, for instance in the .Li appdefaults -section of +section of .Pa /etc/krb5.conf when using Kerberos 5. .It Xo .Fl f , -.Fl -forward +.Fl Fl forward .Xc Forward Kerberos 5 credentials to the remote host. Also settable via @@ -141,16 +140,16 @@ Also settable via .Xr krb5.conf ) . .It Xo .Fl F , -.Fl -forwardable +.Fl Fl forwardable .Xc -Make the forwarded credentials re-forwardable. +Make the forwarded credentials re-forwardable. Also settable via .Li appdefaults (see .Xr krb5.conf ) . .It Xo .Fl l Ar string , -.Fl -user= Ns Ar string +.Fl Fl user= Ns Ar string .Xc By default the remote username is the same as the local. The .Fl l @@ -159,16 +158,16 @@ option or the format allow the remote name to be specified. .It Xo .Fl n , -.Fl -no-input +.Fl Fl no-input .Xc -Direct input from +Direct input from .Pa /dev/null (see the .Sx BUGS section). .It Xo .Fl p Ar number-or-service , -.Fl -port= Ns Ar number-or-service +.Fl Fl port= Ns Ar number-or-service .Xc Connect to this port instead of the default (which is 514 when using old port based authentication, 544 for Kerberos 5 and non-encrypted @@ -177,13 +176,13 @@ the contents of .Pa /etc/services ) . .It Xo .Fl P Ar N|O|1|2 , -.Fl -protocol= Ns Ar N|O|1|2 +.Fl Fl protocol= Ns Ar N|O|1|2 .Xc Specifies the protocol version to use with Kerberos 5. .Ar N and .Ar 2 -select protocol version 2, while +select protocol version 2, while .Ar O and .Ar 1 @@ -193,20 +192,20 @@ default. Unless asked for a specific version, will try both. This behaviour may change in the future. .It Xo .Fl u , -.Fl -unique +.Fl Fl unique .Xc Make sure the remote credentials cache is unique, that is, don't reuse any existing cache. Mutually exclusive to .Fl U . .It Xo .Fl U Pa string , -.Fl -tkfile= Ns Pa string +.Fl Fl tkfile= Ns Pa string .Xc Name of the remote credentials cache. Mutually exclusive to .Fl u . .It Xo .Fl x , -.Fl -encrypt +.Fl Fl encrypt .Xc The .Fl x diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c index 2d64d21f49f..38ac753cd6a 100644 --- a/crypto/heimdal/appl/rsh/rsh.c +++ b/crypto/heimdal/appl/rsh/rsh.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "rsh_locl.h" -RCSID("$Id: rsh.c 21516 2007-07-12 12:47:23Z lha $"); +RCSID("$Id$"); enum auth_method auth_method; -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) int do_encrypt = -1; #endif #ifdef KRB5 @@ -48,19 +48,12 @@ krb5_context context; krb5_keyblock *keyblock; krb5_crypto crypto; #endif -#ifdef KRB4 -des_key_schedule schedule; -des_cblock iv; -#endif int sock_debug = 0; -#ifdef KRB4 -static int use_v4 = -1; -#endif #ifdef KRB5 static int use_v5 = -1; #endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) static int use_only_broken = 0; #else static int use_only_broken = 1; @@ -95,7 +88,7 @@ rsh_loop (int s, int errsock) if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE)) errx (1, "fd too large"); - + FD_ZERO(&real_readset); FD_SET(s, &real_readset); if (errsock != -1) { @@ -156,50 +149,6 @@ rsh_loop (int s, int errsock) } } -#ifdef KRB4 -static int -send_krb4_auth(int s, - struct sockaddr *thisaddr, - struct sockaddr *thataddr, - const char *hostname, - const char *remote_user, - const char *local_user, - size_t cmd_len, - const char *cmd) -{ - KTEXT_ST text; - CREDENTIALS cred; - MSG_DAT msg; - int status; - size_t len; - - /* the normal default for krb4 should be to disable encryption */ - status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0, - s, &text, "rcmd", - (char *)hostname, krb_realmofhost (hostname), - getpid(), &msg, &cred, schedule, - (struct sockaddr_in *)thisaddr, - (struct sockaddr_in *)thataddr, - KCMD_OLD_VERSION); - if (status != KSUCCESS) { - warnx("%s: %s", hostname, krb_get_err_text(status)); - return 1; - } - memcpy (iv, cred.session, sizeof(iv)); - - len = strlen(remote_user) + 1; - if (net_write (s, remote_user, len) != len) { - warn("write"); - return 1; - } - if (net_write (s, cmd, cmd_len) != cmd_len) { - warn("write"); - return 1; - } - return 0; -} -#endif /* KRB4 */ - #ifdef KRB5 /* * Send forward information on `s' for host `hostname', them being @@ -236,17 +185,16 @@ krb5_forward_cred (krb5_auth_context auth_context, } creds.client = principal; - - ret = krb5_build_principal (context, - &creds.server, - strlen(principal->realm), - principal->realm, - "krbtgt", - principal->realm, - NULL); + + ret = krb5_make_principal(context, + &creds.server, + principal->realm, + "krbtgt", + principal->realm, + NULL); if (ret) { - warnx ("could not forward creds: krb5_build_principal: %s", + warnx ("could not forward creds: krb5_make_principal: %s", krb5_get_err_text (context, ret)); return 1; } @@ -313,10 +261,10 @@ send_krb5_auth(int s, } if(do_encrypt == -1) { - krb5_appdefault_boolean(context, NULL, - krb5_principal_get_realm(context, server), - "encrypt", - FALSE, + krb5_appdefault_boolean(context, NULL, + krb5_principal_get_realm(context, server), + "encrypt", + FALSE, &do_encrypt); } @@ -349,7 +297,7 @@ send_krb5_auth(int s, default: abort(); } - + status = krb5_sendauth (context, &auth_context, &s, @@ -369,19 +317,19 @@ send_krb5_auth(int s, krb5_const_realm realm = krb5_principal_get_realm(context, server); if (do_forwardable == -1) krb5_appdefault_boolean(context, NULL, realm, - "forwardable", FALSE, + "forwardable", FALSE, &do_forwardable); if (do_forward == -1) krb5_appdefault_boolean(context, NULL, realm, - "forward", FALSE, + "forward", FALSE, &do_forward); } - + krb5_free_principal(context, server); krb5_data_free(&cksum_data); if (status) { - if(status == KRB5_SENDAUTH_REJECTED && + if(status == KRB5_SENDAUTH_REJECTED && protocol_version == 2 && protocol_version_str == NULL) sendauth_version_error = 1; else @@ -593,7 +541,7 @@ proto (int s, int errsock, cmd_len, cmd)) { close (errsock2); return 1; - } + } ret = net_read (s, &reply, 1); if (ret < 0) { @@ -625,7 +573,7 @@ proto (int s, int errsock, (void *)&one, sizeof(one)) < 0) warn("setsockopt stderr"); } - + return rsh_loop (s, errsock2); } @@ -666,11 +614,11 @@ print_addr (const struct sockaddr *sa) const char *as = NULL; if(sa->sa_family == AF_INET) - as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, + as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, addr_str, sizeof(addr_str)); #ifdef HAVE_INET6 else if(sa->sa_family == AF_INET6) - as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, + as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, addr_str, sizeof(addr_str)); #endif if(as == NULL) @@ -697,7 +645,7 @@ doit_broken (int argc, if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) { int save_errno = errno; - + close(priv_socket1); close(priv_socket2); @@ -754,7 +702,7 @@ doit_broken (int argc, } } -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) static int doit (const char *hostname, struct addrinfo *ai, @@ -778,12 +726,12 @@ doit (const char *hostname, int errsock; s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); - if (s < 0) + if (s < 0) continue; socketfailed = 0; if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { char addr[128]; - if(getnameinfo(a->ai_addr, a->ai_addrlen, + if(getnameinfo(a->ai_addr, a->ai_addrlen, addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0) warn ("connect(%s [%s])", hostname, addr); else @@ -820,7 +768,7 @@ doit (const char *hostname, freeaddrinfo (eai); } else errsock = -1; - + ret = proto (s, errsock, hostname, local_user, remote_user, @@ -832,12 +780,9 @@ doit (const char *hostname, warnx ("failed to contact %s", hostname); return -1; } -#endif /* KRB4 || KRB5 */ +#endif /* KRB5 */ struct getargs args[] = { -#ifdef KRB4 - { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" }, -#endif #ifdef KRB5 { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" }, { "forward", 'f', arg_flag, &do_forward, "Forward credentials [krb5]"}, @@ -848,11 +793,11 @@ struct getargs args[] = { "Use unique remote credentials cache [krb5]" }, { "tkfile", 'U', arg_string, &unique_tkfile, "Specifies remote credentials cache [krb5]" }, - { "protocol", 'P', arg_string, &protocol_version_str, + { "protocol", 'P', arg_string, &protocol_version_str, "Protocol version [krb5]", "protocol" }, #endif { "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" }, -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) { "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" }, { NULL, 'z', arg_negative_flag, &do_encrypt, "Don't encrypt connection", NULL }, @@ -909,14 +854,14 @@ main(int argc, char **argv) uid = getuid (); if (setuid (uid) || (uid != 0 && setuid(0) == 0)) err (1, "setuid"); - + setprogname (argv[0]); if (argc >= 2 && argv[1][0] != '-') { host = argv[host_index = 1]; argindex = 1; } - + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, &argindex)) usage (1); @@ -940,7 +885,7 @@ main(int argc, char **argv) int v; v = strtol(protocol_version_str, &end, 0); if(*end != '\0' || (v != 1 && v != 2)) { - errx(1, "unknown protocol version \"%s\"", + errx(1, "unknown protocol version \"%s\"", protocol_version_str); } protocol_version = v; @@ -962,17 +907,7 @@ main(int argc, char **argv) #endif -#if defined(KRB4) && defined(KRB5) - if(use_v4 == -1 && use_v5 == 1) - use_v4 = 0; - if(use_v5 == -1 && use_v4 == 1) - use_v5 = 0; -#endif - if (use_only_broken) { -#ifdef KRB4 - use_v4 = 0; -#endif #ifdef KRB5 use_v5 = 0; #endif @@ -984,7 +919,7 @@ main(int argc, char **argv) use_broken = 0; } -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if (do_encrypt == 1 && use_only_broken) errx (1, "encryption not supported with old style authentication"); #endif @@ -1013,7 +948,7 @@ main(int argc, char **argv) else host = argv[host_index = argindex++]; } - + if((tmp = strchr(host, '@')) != NULL) { *tmp++ = '\0'; user = host; @@ -1036,7 +971,7 @@ main(int argc, char **argv) user = local_user; cmd_len = construct_command(&cmd, argc - argindex, argv + argindex); - + /* * Try all different authentication methods */ @@ -1061,40 +996,13 @@ main(int argc, char **argv) again: ret = doit (host, ai, user, local_user, cmd, cmd_len, send_krb5_auth); - if(ret != 0 && sendauth_version_error && + if(ret != 0 && sendauth_version_error && protocol_version == 2) { protocol_version = 1; goto again; } freeaddrinfo(ai); } -#endif -#ifdef KRB4 - if (ret && use_v4) { - memset (&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_TCP; - - if(port_str == NULL) { - if(do_encrypt) { - error = getaddrinfo(host, "ekshell", &hints, &ai); - if(error == EAI_NONAME) - error = getaddrinfo(host, "545", &hints, &ai); - } else { - error = getaddrinfo(host, "kshell", &hints, &ai); - if(error == EAI_NONAME) - error = getaddrinfo(host, "544", &hints, &ai); - } - } else - error = getaddrinfo(host, port_str, &hints, &ai); - - if(error) - errx (1, "getaddrinfo: %s", gai_strerror(error)); - auth_method = AUTH_KRB4; - ret = doit (host, ai, user, local_user, cmd, cmd_len, - send_krb4_auth); - freeaddrinfo(ai); - } #endif if (ret && use_broken) { memset (&hints, 0, sizeof(hints)); diff --git a/crypto/heimdal/appl/rsh/rsh_locl.h b/crypto/heimdal/appl/rsh/rsh_locl.h index 0d65962bfd0..3091ce0793a 100644 --- a/crypto/heimdal/appl/rsh/rsh_locl.h +++ b/crypto/heimdal/appl/rsh/rsh_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: rsh_locl.h 21553 2007-07-15 09:04:52Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include @@ -96,22 +96,23 @@ #include #include #include -#ifdef KRB4 -#include -#include -#endif #ifdef KRB5 #include /* XXX */ +struct hx509_certs_data; struct krb5_pk_identity; struct krb5_pk_cert; struct ContentInfo; +struct AlgorithmIdentifier; struct _krb5_krb_auth_data; struct krb5_dh_moduli; +struct _krb5_key_data; +struct _krb5_encryption_type; +struct _krb5_key_type; #include "crypto-headers.h" #include /* for _krb5_{get,put}_int */ #endif -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) #include #endif @@ -129,7 +130,7 @@ struct krb5_dh_moduli; * */ -enum auth_method { AUTH_KRB4, AUTH_KRB5, AUTH_BROKEN }; +enum auth_method { AUTH_KRB5, AUTH_BROKEN }; extern enum auth_method auth_method; extern int do_encrypt; @@ -142,10 +143,6 @@ extern void *ivec_in[2]; extern void *ivec_out[2]; void init_ivecs(int, int); #endif -#ifdef KRB4 -extern des_key_schedule schedule; -extern des_cblock iv; -#endif #define KCMD_OLD_VERSION "KCMDV0.1" #define KCMD_NEW_VERSION "KCMDV0.2" @@ -160,7 +157,7 @@ extern des_cblock iv; #define PATH_RSH BINDIR "/rsh" -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) ssize_t do_read (int, void*, size_t, void*); ssize_t do_write (int, void*, size_t, void*); #else diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8 index 95737a5082d..1815cc691c3 100644 --- a/crypto/heimdal/appl/rsh/rshd.8 +++ b/crypto/heimdal/appl/rsh/rshd.8 @@ -1,43 +1,42 @@ -.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: rshd.8 16764 2006-02-27 10:07:04Z joda $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd November 22, 2002 .Dt RSHD 8 .Os HEIMDAL .Sh NAME .Nm rshd -.Nd -remote shell server +.Nd remote shell server .Sh SYNOPSIS .Nm .Op Fl aiklnvxPL @@ -52,14 +51,14 @@ service. Supported options are: .Bl -tag -width Ds .It Xo .Fl n , -.Fl -no-keepalive +.Fl Fl no-keepalive .Xc Disables keep-alive messages. Keep-alives are packets sent at certain intervals to make sure that the client is still there, even when it doesn't send any data. .It Xo .Fl k , -.Fl -kerberos +.Fl Fl kerberos .Xc Assume that clients connecting to this server will use some form of Kerberos authentication. See the @@ -69,7 +68,7 @@ section for a sample configuration. .It Xo .Fl x , -.Fl -encrypt +.Fl Fl encrypt .Xc For Kerberos 4 this means that the connections are encrypted. Kerberos 5 can negotiate encryption even without this option, but if it's @@ -79,14 +78,14 @@ will deny unencrypted connections. This option implies .Fl k . .\".It Xo .\".Fl l , -.\".Fl -no-rhosts +.\".Fl Fl no-rhosts .\".Xc .\"When using old port-based authentication, the user's .\".Pa .rhosts .\"files are normally checked. This option disables this. .It Xo .Fl v , -.Fl -vacuous +.Fl Fl vacuous .Xc If the connecting client does not use any Kerberised authentication, print a message that complains about this fact, and exit. This is @@ -104,7 +103,7 @@ it possible to share tokens between sessions. This is only useful in peculiar environments, such as some batch systems. .It Xo .Fl i , -.Fl -no-inetd +.Fl Fl no-inetd .Xc The .Fl i @@ -115,7 +114,7 @@ to create a socket, instead of assuming that its stdin came from This is mostly useful for debugging. .It Xo .Fl p Ar port , -.Fl -port= Ns Ar port +.Fl Fl port= Ns Ar port .Xc Port to use with .Fl i . diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c index 852327ad670..1958f2d73aa 100644 --- a/crypto/heimdal/appl/rsh/rshd.c +++ b/crypto/heimdal/appl/rsh/rshd.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "rsh_locl.h" #include "login_locl.h" -RCSID("$Id: rshd.c 21515 2007-07-12 12:47:07Z lha $"); +RCSID("$Id$"); int login_access( struct passwd *user, char *from); @@ -52,11 +52,6 @@ krb5_keyblock *keyblock; krb5_crypto crypto; #endif -#ifdef KRB4 -des_key_schedule schedule; -des_cblock iv; -#endif - #ifdef KRB5 krb5_ccache ccache, ccache2; int kerberos_status = 0; @@ -71,7 +66,6 @@ static int do_inetd = 1; static char *port_str; static int do_rhosts = 1; static int do_kerberos = 0; -#define DO_KRB4 2 #define DO_KRB5 4 static int do_vacuous = 0; static int do_log = 1; @@ -113,7 +107,7 @@ fatal (int sock, const char *what, const char *m, ...) len = min(len, sizeof(buf) - 1); va_end(args); if(what != NULL) - syslog (LOG_ERR, "%s: %m: %s", what, buf + 1); + syslog (LOG_ERR, "%s: %s: %s", what, strerror(errno), buf + 1); else syslog (LOG_ERR, "%s", buf + 1); net_write (sock, buf, len + 1); @@ -129,7 +123,7 @@ read_str (int s, size_t sz, char *expl) fatal(s, NULL, "%s too long", expl); while(p < str + sz) { if(net_read(s, p, 1) != 1) - syslog_and_die("read: %m"); + syslog_and_die("read: %s", strerror(errno)); if(*p == '\0') return str; p++; @@ -146,7 +140,7 @@ recv_bsd_auth (int s, u_char *buf, char **cmd) { struct passwd *pwd; - + *client_username = read_str (s, USERNAME_SZ, "local username"); *server_username = read_str (s, USERNAME_SZ, "remote username"); *cmd = read_str (s, ARG_MAX + 1, "command"); @@ -159,72 +153,8 @@ recv_bsd_auth (int s, u_char *buf, return 0; } -#ifdef KRB4 -static int -recv_krb4_auth (int s, u_char *buf, - struct sockaddr *thisaddr, - struct sockaddr *thataddr, - char **client_username, - char **server_username, - char **cmd) -{ - int status; - int32_t options; - KTEXT_ST ticket; - AUTH_DAT auth; - char instance[INST_SZ + 1]; - char version[KRB_SENDAUTH_VLEN + 1]; - - if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0) - return -1; - if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) != - KRB_SENDAUTH_VLEN - 4) - syslog_and_die ("reading auth info: %m"); - if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) - syslog_and_die("unrecognized auth protocol: %.8s", buf); - - options = KOPT_IGNORE_PROTOCOL; - if (do_encrypt) - options |= KOPT_DO_MUTUAL; - k_getsockinst (s, instance, sizeof(instance)); - status = krb_recvauth (options, - s, - &ticket, - "rcmd", - instance, - (struct sockaddr_in *)thataddr, - (struct sockaddr_in *)thisaddr, - &auth, - "", - schedule, - version); - if (status != KSUCCESS) - syslog_and_die ("recvauth: %s", krb_get_err_text(status)); - if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0) - syslog_and_die ("bad version: %s", version); - - *server_username = read_str (s, USERNAME_SZ, "remote username"); - if (kuserok (&auth, *server_username) != 0) - fatal (s, NULL, "Permission denied."); - *cmd = read_str (s, ARG_MAX + 1, "command"); - - syslog(LOG_INFO|LOG_AUTH, - "kerberos v4 shell from %s on %s as %s, cmd '%.80s'", - krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm), - - inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr), - *server_username, - *cmd); - - memcpy (iv, auth.session, sizeof(iv)); - - return 0; -} - -#endif /* KRB4 */ - #ifdef KRB5 -static int +static int save_krb5_creds (int s, krb5_auth_context auth_context, krb5_principal client) @@ -232,7 +162,7 @@ save_krb5_creds (int s, { int ret; krb5_data remote_cred; - + krb5_data_zero (&remote_cred); ret= krb5_read_message (context, (void *)&s, &remote_cred); if (ret) { @@ -241,13 +171,13 @@ save_krb5_creds (int s, } if (remote_cred.length == 0) return 0; - - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); + + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache); if (ret) { krb5_data_free(&remote_cred); return 0; } - + krb5_cc_initialize(context,ccache,client); ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred); if(ret != 0) @@ -268,8 +198,8 @@ krb5_start_session (void) ret = krb5_cc_resolve (context, tkfile, &ccache2); if (ret) { estr = krb5_get_error_string(context); - syslog(LOG_WARNING, "resolve cred cache %s: %s", - tkfile, + syslog(LOG_WARNING, "resolve cred cache %s: %s", + tkfile, estr ? estr : krb5_get_err_text(context, ret)); free(estr); krb5_cc_destroy(context, ccache); @@ -279,7 +209,7 @@ krb5_start_session (void) ret = krb5_cc_copy_cache (context, ccache, ccache2); if (ret) { estr = krb5_get_error_string(context); - syslog(LOG_WARNING, "storing credentials: %s", + syslog(LOG_WARNING, "storing credentials: %s", estr ? estr : krb5_get_err_text(context, ret)); free(estr); krb5_cc_destroy(context, ccache); @@ -328,13 +258,13 @@ recv_krb5_auth (int s, u_char *buf, if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) return -1; len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]); - + if (net_read(s, buf, len) != len) - syslog_and_die ("reading auth info: %m"); + syslog_and_die ("reading auth info: %s", strerror(errno)); if (len != sizeof(KRB5_SENDAUTH_VERSION) || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) syslog_and_die ("bad sendauth version: %.8s", buf); - + status = krb5_sock_to_principal (context, s, "host", @@ -363,7 +293,7 @@ recv_krb5_auth (int s, u_char *buf, *client_username = read_str (s, ARG_MAX + 1, "local username"); if(protocol_version == 2) { - status = krb5_auth_con_getremotesubkey(context, auth_context, + status = krb5_auth_con_getremotesubkey(context, auth_context, &keyblock); if(status != 0 || keyblock == NULL) syslog_and_die("failed to get remote subkey"); @@ -378,10 +308,10 @@ recv_krb5_auth (int s, u_char *buf, status = krb5_crypto_init(context, keyblock, 0, &crypto); if(status) - syslog_and_die("krb5_crypto_init: %s", + syslog_and_die("krb5_crypto_init: %s", krb5_get_err_text(context, status)); - + cksum_data.length = asprintf (&str, "%u:%s%s", ntohs(socket_get_port (thisaddr)), @@ -391,9 +321,9 @@ recv_krb5_auth (int s, u_char *buf, syslog_and_die ("asprintf: out of memory"); cksum_data.data = str; - status = krb5_verify_authenticator_checksum(context, + status = krb5_verify_authenticator_checksum(context, auth_context, - cksum_data.data, + cksum_data.data, cksum_data.length); if (status) @@ -464,7 +394,9 @@ recv_krb5_auth (int s, u_char *buf, *cmd); free (name); } - } + } + + krb5_auth_con_free(context, auth_context); return 0; } @@ -508,12 +440,12 @@ rshd_loop (int from0, int to0, if (errno == EINTR) continue; else - syslog_and_die ("select: %m"); + syslog_and_die ("select: %s", strerror(errno)); } if (FD_ISSET(from0, &readset)) { ret = do_read (from0, buf, RSHD_BUFSIZ, ivec_in[0]); if (ret < 0) - syslog_and_die ("read: %m"); + syslog_and_die ("read: %s", strerror(errno)); else if (ret == 0) { close (from0); close (to0); @@ -524,7 +456,7 @@ rshd_loop (int from0, int to0, if (FD_ISSET(from1, &readset)) { ret = read (from1, buf, RSH_BUFSIZ); if (ret < 0) - syslog_and_die ("read: %m"); + syslog_and_die ("read: %s", strerror(errno)); else if (ret == 0) { close (from1); close (to1); @@ -537,7 +469,7 @@ rshd_loop (int from0, int to0, if (FD_ISSET(from2, &readset)) { ret = read (from2, buf, RSH_BUFSIZ); if (ret < 0) - syslog_and_die ("read: %m"); + syslog_and_die ("read: %s", strerror(errno)); else if (ret == 0) { close (from2); close (to2); @@ -683,10 +615,10 @@ doit (void) thisaddr_len = sizeof(thisaddr_ss); if (getsockname (s, thisaddr, &thisaddr_len) < 0) - syslog_and_die("getsockname: %m"); + syslog_and_die("getsockname: %s", strerror(errno)); thataddr_len = sizeof(thataddr_ss); if (getpeername (s, thataddr, &thataddr_len) < 0) - syslog_and_die ("getpeername: %m"); + syslog_and_die ("getpeername: %s", strerror(errno)); /* check for V4MAPPED addresses? */ @@ -697,7 +629,7 @@ doit (void) port = 0; for(;;) { if (net_read (s, p, 1) != 1) - syslog_and_die ("reading port number: %m"); + syslog_and_die ("reading port number: %s", strerror(errno)); if (*p == '\0') break; else if (isdigit(*p)) @@ -712,7 +644,7 @@ doit (void) if (port) { int priv_port = IPPORT_RESERVED - 1; - /* + /* * There's no reason to require a ``privileged'' port number * here, but for some reason the brain dead rsh clients * do... :-( @@ -732,28 +664,19 @@ doit (void) else errsock = socket (erraddr->sa_family, SOCK_STREAM, 0); if (errsock < 0) - syslog_and_die ("socket: %m"); + syslog_and_die ("socket: %s", strerror(errno)); if (connect (errsock, erraddr, socket_sockaddr_size (erraddr)) < 0) { - syslog (LOG_WARNING, "connect: %m"); + syslog (LOG_WARNING, "connect: %s", strerror(errno)); close (errsock); } } - + if(do_kerberos) { if (net_read (s, buf, 4) != 4) - syslog_and_die ("reading auth info: %m"); - -#ifdef KRB4 - if ((do_kerberos & DO_KRB4) && - recv_krb4_auth (s, buf, thisaddr, thataddr, - &client_user, - &server_user, - &cmd) == 0) - auth_method = AUTH_KRB4; - else -#endif /* KRB4 */ + syslog_and_die ("reading auth info: %s", strerror(errno)); + #ifdef KRB5 if((do_kerberos & DO_KRB5) && recv_krb5_auth (s, buf, thisaddr, thataddr, @@ -811,26 +734,26 @@ doit (void) { struct spwd *sp; long today; - + sp = getspnam(server_user); if (sp != NULL) { today = time(0)/(24L * 60 * 60); - if (sp->sp_expire > 0) - if (today > sp->sp_expire) + if (sp->sp_expire > 0) + if (today > sp->sp_expire) fatal(s, NULL, "Account has expired."); } } #endif - + #ifdef HAVE_SETLOGIN if (setlogin(pwd->pw_name) < 0) - syslog(LOG_ERR, "setlogin() failed: %m"); + syslog(LOG_ERR, "setlogin() failed: %s", strerror(errno)); #endif #ifdef HAVE_SETPCRED if (setpcred (pwd->pw_name, NULL) == -1) - syslog(LOG_ERR, "setpcred() failure: %m"); + syslog(LOG_ERR, "setpcred() failure: %s", strerror(errno)); #endif /* HAVE_SETPCRED */ /* Apply limits if not root */ @@ -863,7 +786,7 @@ doit (void) #ifdef KRB5 { int fd; - + if (!do_unique_tkfile) snprintf(tkfile,sizeof(tkfile),"FILE:/tmp/krb5cc_%lu", (unsigned long)pwd->pw_uid); @@ -873,7 +796,7 @@ doit (void) close(fd); unlink(tkfile+5); } - + if (kerberos_status) krb5_start_session(); } @@ -888,19 +811,13 @@ doit (void) fatal (s, "net_write", "write failed"); } -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if(k_hasafs()) { char cell[64]; if(do_newpag) k_setpag(); -#ifdef KRB4 - if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0) - krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir); - krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir); -#endif -#ifdef KRB5 /* XXX */ if (kerberos_status) { krb5_ccache ccache; @@ -916,9 +833,8 @@ doit (void) krb5_cc_close (context, ccache); } } -#endif /* KRB5 */ } -#endif /* KRB5 || KRB4 */ +#endif /* KRB5 */ execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env); err(1, "exec %s", pwd->pw_shell); } @@ -928,7 +844,7 @@ struct getargs args[] = { { "keepalive", 'n', arg_negative_flag, &do_keepalive }, { "inetd", 'i', arg_negative_flag, &do_inetd, "Not started from inetd" }, -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) { "kerberos", 'k', arg_flag, &do_kerberos, "Implement kerberised services" }, { "encrypt", 'x', arg_flag, &do_encrypt, @@ -940,7 +856,7 @@ struct getargs args[] = { "port" }, { "vacuous", 'v', arg_flag, &do_vacuous, "Don't accept non-kerberised connections" }, -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) { NULL, 'P', arg_negative_flag, &do_newpag, "Don't put process in new PAG" }, #endif @@ -985,12 +901,12 @@ main(int argc, char **argv) exit(0); } -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if (do_encrypt) do_kerberos = 1; if(do_kerberos) - do_kerberos = DO_KRB4 | DO_KRB5; + do_kerberos = DO_KRB5; #endif #ifdef KRB5 @@ -1002,19 +918,19 @@ main(int argc, char **argv) int error; struct addrinfo *ai = NULL, hints; char portstr[NI_MAXSERV]; - + memset (&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; hints.ai_socktype = SOCK_STREAM; hints.ai_family = PF_UNSPEC; - + if(port_str != NULL) { error = getaddrinfo (NULL, port_str, &hints, &ai); if (error) errx (1, "getaddrinfo: %s", gai_strerror (error)); } if (ai == NULL) { -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) if (do_kerberos) { if (do_encrypt) { error = getaddrinfo(NULL, "ekshell", &hints, &ai); @@ -1022,7 +938,7 @@ main(int argc, char **argv) snprintf(portstr, sizeof(portstr), "%d", 545); error = getaddrinfo(NULL, portstr, &hints, &ai); } - if(error) + if(error) errx (1, "getaddrinfo: %s", gai_strerror (error)); } else { error = getaddrinfo(NULL, "kshell", &hints, &ai); @@ -1030,7 +946,7 @@ main(int argc, char **argv) snprintf(portstr, sizeof(portstr), "%d", 544); error = getaddrinfo(NULL, portstr, &hints, &ai); } - if(error) + if(error) errx (1, "getaddrinfo: %s", gai_strerror (error)); } } else @@ -1041,18 +957,18 @@ main(int argc, char **argv) snprintf(portstr, sizeof(portstr), "%d", 514); error = getaddrinfo(NULL, portstr, &hints, &ai); } - if(error) + if(error) errx (1, "getaddrinfo: %s", gai_strerror (error)); } } - mini_inetd_addrinfo (ai); + mini_inetd_addrinfo (ai, NULL); freeaddrinfo(ai); } if (do_keepalive && setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %s", strerror(errno)); /* set SO_LINGER? */ diff --git a/crypto/heimdal/appl/su/ChangeLog b/crypto/heimdal/appl/su/ChangeLog index 591eadac47c..6e2e569265f 100644 --- a/crypto/heimdal/appl/su/ChangeLog +++ b/crypto/heimdal/appl/su/ChangeLog @@ -1,18 +1,24 @@ -2007-10-19 Love Hörnquist Åstrand +2008-07-15 Love Hörnquist Ã…strand + + * Makefile.am: no krb4 + + * su.c: Drop kerberos 4 support. + +2007-10-19 Love Hörnquist Ã…strand * su.c: read environment from _PATH_ETC_ENVIRONMENT * supaths.c: paths -2007-08-02 Love Hörnquist Åstrand +2007-08-02 Love Hörnquist Ã…strand * su.c: Check all local realms when su-ing, from Magnus Holmberg. -2007-06-19 Love Hörnquist Åstrand +2007-06-19 Love Hörnquist Ã…strand * su.c: If not root and not setuid, print warning. -2006-01-17 Love Hörnquist Åstrand +2006-01-17 Love Hörnquist Ã…strand * su.c (group_member_p): rename from group_member to avoid name pollution from glibc headers. Fixed based on report from David Love. @@ -21,16 +27,16 @@ * su.c: fix reversed logic when deciding to print tty or not -2005-10-22 Love Hörnquist Åstrand +2005-10-22 Love Hörnquist Ã…strand * su.c: Check return value from asprintf instead of string != NULL - since it undefined behavior on Linux. From Björn Sandell + since it undefined behavior on Linux. From Björn Sandell 2005-05-10 Dave Love * su.c: Include . -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * su.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ @@ -39,7 +45,7 @@ * su.c: remove accidentally committed code that prints the command being executed -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4 any more diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am index 6bb584f6812..892bcaf4237 100644 --- a/crypto/heimdal/appl/su/Makefile.am +++ b/crypto/heimdal/appl/su/Makefile.am @@ -1,5 +1,4 @@ -# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $ -# $FreeBSD$ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -12,9 +11,8 @@ man_MANS = su.1 LDADD = $(LIB_kafs) \ $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in index 0159272bc72..70c9f476dc6 100644 --- a/crypto/heimdal/appl/su/Makefile.in +++ b/crypto/heimdal/appl/su/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ bin_PROGRAMS = su$(EXEEXT) subdir = appl/su ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,14 +89,14 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am_su_OBJECTS = su.$(OBJEXT) su_OBJECTS = $(am_su_OBJECTS) @@ -101,11 +106,10 @@ am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \ $(am__DEPENDENCIES_1) su_DEPENDENCIES = $(am__DEPENDENCIES_2) \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -117,6 +121,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(su_SOURCES) DIST_SOURCES = $(su_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 MANS = $(man_MANS) ETAGS = etags @@ -126,49 +151,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -192,10 +226,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -212,6 +247,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -227,31 +264,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -266,10 +317,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -310,58 +363,61 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la bin_SUIDS = su su_SOURCES = su.c supaths.h man_MANS = su.1 LDADD = $(LIB_kafs) \ $(top_builddir)/lib/krb5/libkrb5.la \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/su/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/su/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/su/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/su/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -379,34 +435,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list su$(EXEEXT): $(su_OBJECTS) $(su_DEPENDENCIES) @rm -f su$(EXEEXT) $(LINK) $(su_OBJECTS) $(su_LDADD) $(LIBS) @@ -417,115 +489,139 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/su.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -541,13 +637,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -582,6 +682,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -591,6 +692,7 @@ clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -601,6 +703,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -608,26 +712,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -647,11 +760,10 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libtool ctags \ @@ -738,6 +850,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -823,7 +938,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -836,6 +951,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/su/su.1 b/crypto/heimdal/appl/su/su.1 index 76f4dc5d455..b57129e07dd 100644 --- a/crypto/heimdal/appl/su/su.1 +++ b/crypto/heimdal/appl/su/su.1 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: su.1 16528 2006-01-12 16:25:01Z joda $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd January 12, 2006 .Dt SU 1 @@ -39,16 +39,16 @@ .Nd substitute user identity .Sh SYNOPSIS .Nm su -.Op Fl K | Fl -no-kerberos +.Op Fl K | Fl Fl no-kerberos .Op Fl f -.Op Fl l | Fl -full +.Op Fl l | Fl Fl full .Op Fl m .Oo Fl i Ar instance \*(Ba Xo -.Fl -instance= Ns Ar instance +.Fl Fl instance= Ns Ar instance .Xc .Oc .Oo Fl c Ar command \*(Ba Xo -.Fl -command= Ns Ar command +.Fl Fl command= Ns Ar command .Xc .Oc .Op Ar login Op Ar "shell arguments" @@ -59,25 +59,25 @@ user wanting to change effective UID is present in a file named .Pa .k5login in the target user id's home directory .Pp -A special case exists where +A special case exists where .Ql root Ap s .Pa ~/.k5login needs to contain an entry for: .Ql user Ns / Ns Ao instance Ac Ns @ Ns REALM for .Nm su -to succed (where +to succed (where .Aq instance is .Ql root -unless changed with +unless changed with .Fl i ) . .Pp In the absence of either an entry for current user in said file or -other problems like missing +other problems like missing .Ql host/hostname@REALM keys in the system's -keytab, or user typing the wrong password, +keytab, or user typing the wrong password, .Nm su will fall back to traditional .Pa /etc/passwd @@ -86,7 +86,7 @@ authentication. When using .Pa /etc/passwd authentication, -.Nm su +.Nm su allows .Ql root access only to members of the group @@ -100,24 +100,24 @@ The options are as follows: .Bl -item -width Ds .It .Fl K , -.Fl -no-kerberos +.Fl Fl no-kerberos don't use Kerberos. .It .Fl f don't read .cshrc. .It .Fl l , -.Fl -full +.Fl Fl full simulate full login. .It .Fl m leave environment unmodified. .It .Fl i Ar instance , -.Fl -instance= Ns Ar instance +.Fl Fl instance= Ns Ar instance root instance to use. .It .Fl c Ar command , -.Fl -command= Ns Ar command +.Fl Fl command= Ns Ar command command to execute. .El diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index e8e47836e3e..882ecfaedf9 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,13 +30,9 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* - * $FreeBSD$ - */ - #include -RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $"); +RCSID("$Id$"); #include #include @@ -61,9 +57,6 @@ RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $"); #ifdef KRB5 #include #endif -#ifdef KRB4 -#include -#endif #include #include #include @@ -71,6 +64,10 @@ RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $"); #include "supaths.h" +#if !HAVE_DECL_ENVIRON +extern char **environ; +#endif + int kerberos_flag = 1; int csh_f_flag; int full_login; @@ -141,26 +138,6 @@ dup_info(const struct passwd *pwd) return info; } -#if defined(KRB4) || defined(KRB5) -static void -set_tkfile() -{ -#ifndef TKT_ROOT -#define TKT_ROOT "/tmp/tkt" -#endif - int fd; - if(*tkfile != '\0') - return; - snprintf(tkfile, sizeof(tkfile), "%s_XXXXXX", TKT_ROOT); - fd = mkstemp(tkfile); - if(fd >= 0) - close(fd); -#ifdef KRB4 - krb_set_tkt_string(tkfile); -#endif -} -#endif - #ifdef KRB5 static krb5_context context; static krb5_ccache ccache; @@ -175,7 +152,7 @@ krb5_verify(const struct passwd *login_info, krb5_realm *realms, *r; char *login_name = NULL; int user_ok = 0; - + #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) login_name = getlogin(); #endif @@ -186,35 +163,35 @@ krb5_verify(const struct passwd *login_info, #endif return 1; } - + ret = krb5_get_default_realms(context, &realms); - if (ret) + if (ret) return 1; /* Check all local realms */ for (r = realms; *r != NULL && !user_ok; r++) { - - if (login_name == NULL || strcmp (login_name, "root") == 0) + + if (login_name == NULL || strcmp (login_name, "root") == 0) login_name = login_info->pw_name; if (strcmp (su_info->pw_name, "root") == 0) - ret = krb5_make_principal(context, &p, *r, + ret = krb5_make_principal(context, &p, *r, login_name, kerberos_instance, NULL); else - ret = krb5_make_principal(context, &p, *r, + ret = krb5_make_principal(context, &p, *r, su_info->pw_name, NULL); if (ret) { krb5_free_host_realm(context, realms); return 1; } - + /* if we are su-ing too root, check with krb5_kuserok */ if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name)) continue; - - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); + + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache); if(ret) { krb5_free_host_realm(context, realms); krb5_free_principal (context, p); @@ -253,109 +230,40 @@ krb5_start_session(void) char *cc_name; int ret; - ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2); + ret = krb5_cc_new_unique(context, krb5_cc_type_file, NULL, &ccache2); if (ret) { krb5_cc_destroy(context, ccache); return 1; } ret = krb5_cc_copy_cache(context, ccache, ccache2); + if (ret) { + krb5_cc_destroy(context, ccache); + krb5_cc_destroy(context, ccache2); + return 1; + } ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2), krb5_cc_get_name(context, ccache2)); - if (ret == -1) + if (ret == -1) { + krb5_cc_destroy(context, ccache); + krb5_cc_destroy(context, ccache2); errx(1, "malloc - out of memory"); + } esetenv("KRB5CCNAME", cc_name, 1); - /* we want to export this even if we don't directly support KRB4 */ - set_tkfile(); - esetenv("KRBTKFILE", tkfile, 1); - /* convert creds? */ if(k_hasafs()) { if (k_setpag() == 0) krb5_afslog(context, ccache2, NULL, NULL); } - + krb5_cc_close(context, ccache2); krb5_cc_destroy(context, ccache); return 0; } #endif -#ifdef KRB4 - -static int -krb_verify(const struct passwd *login_info, - const struct passwd *su_info, - const char *kerberos_instance) -{ - int ret; - char *login_name = NULL; - char *name, *instance, realm[REALM_SZ]; - -#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) - login_name = getlogin(); -#endif - - ret = krb_get_lrealm(realm, 1); - - if (login_name == NULL || strcmp (login_name, "root") == 0) - login_name = login_info->pw_name; - if (strcmp (su_info->pw_name, "root") == 0) { - name = login_name; - instance = (char*)kerberos_instance; - } else { - name = su_info->pw_name; - instance = ""; - } - - if(su_info->pw_uid != 0 || - krb_kuserok(name, instance, realm, su_info->pw_name) == 0) { - char password[128]; - char *prompt; - ret = asprintf (&prompt, - "%s's Password: ", - krb_unparse_name_long (name, instance, realm)); - if (ret == -1) - return (1); - if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) { - memset (password, 0, sizeof (password)); - free(prompt); - return (1); - } - free(prompt); - if (strlen(password) == 0) - return (1); /* Empty passwords are not allowed */ - set_tkfile(); - setuid(geteuid()); /* need to run as root here */ - ret = krb_verify_user(name, instance, realm, password, - KRB_VERIFY_SECURE, NULL); - memset(password, 0, sizeof(password)); - - if(ret) { - warnx("%s", krb_get_err_text(ret)); - return 1; - } - chown (tkt_string(), su_info->pw_uid, su_info->pw_gid); - return 0; - } - return 1; -} - - -static int -krb_start_session(void) -{ - esetenv("KRBTKFILE", tkfile, 1); - - /* convert creds? */ - if(k_hasafs() && k_setpag() == 0) - krb_afslog(NULL, NULL); - - return 0; -} -#endif #define GROUP_MEMBER 0 #define GROUP_MISSING 1 @@ -429,7 +337,6 @@ main(int argc, char **argv) char *shell; int ok = 0; - int kerberos_error=1; setprogname (argv[0]); @@ -441,7 +348,7 @@ main(int argc, char **argv) full_login = 1; break; } - + if(help_flag) usage(0); if(version_flag) { @@ -454,7 +361,7 @@ main(int argc, char **argv) su_user = argv[optind++]; if (!issuid() && getuid() != 0) - warnx("Not setuid and you are root, expect this to fail"); + warnx("Not setuid and you are not root, expect this to fail"); pwd = k_getpwnam(su_user); if(pwd == NULL) @@ -466,7 +373,7 @@ main(int argc, char **argv) su_info = dup_info(pwd); if (su_info == NULL) errx (1, "malloc: out of memory"); - + pwd = getpwuid(getuid()); if(pwd == NULL) errx(1, "who are you?"); @@ -479,18 +386,13 @@ main(int argc, char **argv) shell = su_info->pw_shell; if(shell == NULL || *shell == '\0') shell = _PATH_BSHELL; - + #ifdef KRB5 if(kerberos_flag && ok == 0 && - (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0) + krb5_verify(login_info, su_info, kerberos_instance) == 0) ok = 5; #endif -#ifdef KRB4 - if(kerberos_flag && ok == 0 && - (kerberos_error = krb_verify(login_info, su_info, kerberos_instance)) == 0) - ok = 4; -#endif if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) { printf("Sorry!\n"); @@ -500,24 +402,24 @@ main(int argc, char **argv) #ifdef HAVE_GETSPNAM { struct spwd *sp; long today; - + sp = getspnam(su_info->pw_name); if (sp != NULL) { today = time(0)/(24L * 60 * 60); if (sp->sp_expire > 0) { if (today >= sp->sp_expire) { - if (login_info->pw_uid) + if (login_info->pw_uid) errx(1,"Your account has expired."); else printf("Your account has expired."); } - else if (sp->sp_expire - today < 14) + else if (sp->sp_expire - today < 14) printf("Your account will expire in %d days.\n", (int)(sp->sp_expire - today)); - } + } if (sp->sp_max > 0) { if (today >= sp->sp_lstchg + sp->sp_max) { - if (login_info->pw_uid) + if (login_info->pw_uid) errx(1,"Your password has expired. Choose a new one."); else printf("Your password has expired. Choose a new one."); @@ -551,6 +453,8 @@ main(int argc, char **argv) for (j = 0; j < i; j++) { char *p = strchr(newenv[j], '='); + if (p == NULL) + errx(1, "enviroment '%s' missing '='", newenv[j]); *p++ = 0; esetenv (newenv[j], p, 1); } @@ -594,15 +498,15 @@ main(int argc, char **argv) if (cmd) { args[i++] = "-c"; args[i++] = cmd; - } - + } + if (csh_f_flag) args[i++] = "-f"; for (argv += optind; *argv; ++argv) args[i++] = *argv; args[i] = NULL; - + if(setgid(su_info->pw_gid) < 0) err(1, "setgid"); if (initgroups (su_info->pw_name, su_info->pw_gid) < 0) @@ -615,12 +519,8 @@ main(int argc, char **argv) if (ok == 5) krb5_start_session(); #endif -#ifdef KRB4 - if (ok == 4) - krb_start_session(); -#endif - execv(shell, args); + execve(shell, args, environ); } - + exit(1); } diff --git a/crypto/heimdal/appl/su/supaths.h b/crypto/heimdal/appl/su/supaths.h index c12a0c7b748..9e03a04e42a 100644 --- a/crypto/heimdal/appl/su/supaths.h +++ b/crypto/heimdal/appl/su/supaths.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog index 473ab6b0573..2d30af8e3dd 100644 --- a/crypto/heimdal/appl/telnet/ChangeLog +++ b/crypto/heimdal/appl/telnet/ChangeLog @@ -1,20 +1,47 @@ -2007-12-31 Love Hörnquist Åstrand +2008-04-27 Love Hörnquist Ã…strand + + * libtelnet/enc_des.c: Use RAND_bytes() + DES_is_weak_key() to + generate random DES key. Introdunce random by feeding the des + session key into the random pool when the keys is recived instead + of encrypt the random key with the kerberos key. + + This avoid depenency on DES_new_random_key() that doesn't exists + in OpenSSL. + +2008-04-18 Love Hörnquist Ã…strand + + * libtelnet/enc_des.c: No need to call + DES_init_random_number_generator, hcrypto is sane now. + + * libtelnet/enc_des.c: Use DES_new_random_key(). + +2008-04-10 Love Hörnquist Ã…strand + + * telnetd/sys_term.c: Really, mac os uses wtmpx (or asl). + +2008-03-09 Love Hörnquist Ã…strand + + * telnetd/sys_term.c: Dont need to set this as the controlling PTY + on steams sockets, don't abort on failure. From Harald Barth and + Ian Delahorne. + +2007-12-31 Love Hörnquist Ã…strand * telnetd/sys_term.c: Use strlcpy instead of strncpy, thanks to Antoine Brodin. -2007-07-31 Love Hörnquist Åstrand +2007-07-31 Love Hörnquist Ã…strand * telnetd/telnetd.c (usage): use exit_code, add --version and --help. * telnetd/telnetd.c: Add --help, reported by David Love. -2007-07-30 Love Hörnquist Åstrand +2007-07-30 Love Hörnquist Ã…strand * telnet/main.c: Catch --help, reported by David Love. -2007-07-12 Love Hörnquist Åstrand +2007-07-12 Love Hörnquist Ã…strand * telnetd/sys_term.c: GLIBC made the choice that ut_tv should be shared between 32 and 64 bit platforms so now we can no longer use @@ -22,7 +49,7 @@ pointer (gettimeofday for example) since ut_tv is now not a struct timeval but rather a struct { int32_t tv_sec; int32_t tv_usec; }; -2006-10-21 Love Hörnquist Åstrand +2006-10-21 Love Hörnquist Ã…strand * telnet/telnet_locl.h: Include roken.h before the local headerfiles. @@ -36,13 +63,13 @@ * telnetd/telnetd.h: includes some STREAMSPTY header here to avoid ioctl vs socket_wrapper horror. -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * telnet/Makefile.am: more files * telnetd/Makefile.am: more files -2006-09-19 Love Hörnquist Åstrand +2006-09-19 Love Hörnquist Ã…strand * telnetd/telnetd.8: Add documentation for -e, require encryption. @@ -54,50 +81,50 @@ * telnetd/state.c: If encryption is required, don't allow it to be turned off. -2006-09-04 Love Hörnquist Åstrand +2006-09-04 Love Hörnquist Ã…strand * libtelnet/kerberos5.c (kerberos5_forward): use KDCOptions2int on flags before passing them to krb5_get_forwarded_creds. -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand * Rename u_intXX_t to uintXX_t -2006-03-23 Love Hörnquist Åstrand +2006-03-23 Love Hörnquist Ã…strand * libtelnet/encrypt.c: Spelling. -2005-12-01 Love Hörnquist Åstrand +2005-12-01 Love Hörnquist Ã…strand * telnetd/telnetd.c: Initialize the slc mapping table before its used. Based on bug report from Russell Sanford -2005-11-03 Love Hörnquist Åstrand +2005-11-03 Love Hörnquist Ã…strand * telnet/telnet.c: Spelling in comments, from Dave Love -2005-10-31 Love Hörnquist Åstrand +2005-10-31 Love Hörnquist Ã…strand * libtelnet/kerberos5.c (Data): Use right variable. From Tomas Olsson -2005-10-22 Love Hörnquist Åstrand +2005-10-22 Love Hörnquist Ã…strand * telnet/commands.c: Check return value from asprintf instead of - string != NULL since it undefined behavior on Linux. From Björn + string != NULL since it undefined behavior on Linux. From Björn Sandell * libtelnet/kerberos5.c: Check return value from asprintf instead - of string != NULL since it undefined behavior on Linux. From Björn + of string != NULL since it undefined behavior on Linux. From Björn Sandell * libtelnet/kerberos.c: Check return value from asprintf instead - of string != NULL since it undefined behavior on Linux. From Björn + of string != NULL since it undefined behavior on Linux. From Björn Sandell -2005-08-08 Love Hörnquist Åstrand +2005-08-08 Love Hörnquist Ã…strand * telnetd/telnetd.c: Fix printing of /etc/issue{,.net}. @@ -115,7 +142,7 @@ * libtelnet/kerberos.c: Do not assume that des_key_schedule is an array. -2005-05-27 Love Hörnquist Åstrand +2005-05-27 Love Hörnquist Ã…strand * libtelnet/kerberos5.c: case uid_t to unsigned long in printf format @@ -123,7 +150,7 @@ * telnetd/sys_term.c (set_termbuf): use {} around if to make else unambiguous -2005-05-20 Love Hörnquist Åstrand +2005-05-20 Love Hörnquist Ã…strand * telnetd/sys_term.c (start_login): put utmpx code into a new scope to avoid pre c99 problems. @@ -153,33 +180,33 @@ * telnetd/sys_term.c (getpty): Declare p. -2005-04-25 Love Hörnquist Åstrand +2005-04-25 Love Hörnquist Ã…strand * telnetd/telnetd.c: use strlcpy -2005-04-24 Love Hörnquist Åstrand +2005-04-24 Love Hörnquist Ã…strand * telnetd/global.c, telnetd/state.c, telnetd/telnetd.c, telentd/ext.h: remove another strcpy -2005-04-19 Love Hörnquist Åstrand +2005-04-19 Love Hörnquist Ã…strand * telnetd/sys_term.c: rewrite getpty to make use openpty when its found, save the slave fd so that cleanopen can use it if its available -2005-04-07 Love Hörnquist Åstrand +2005-04-07 Love Hörnquist Ã…strand * telnetd/sys_term.c: clean_ttyname might be unused, mark it so with __attribute__ -2005-04-06 Love Hörnquist Åstrand +2005-04-06 Love Hörnquist Ã…strand * telnetd/sys_term.c: use NULL as last argument to execl, not 0 * telnet/commands.c: use NULL as last argument to execl, not 0 -2005-03-29 Love Hörnquist Åstrand +2005-03-29 Love Hörnquist Ã…strand * telnet/telnet.c: From FreeBSD: @@ -205,20 +232,20 @@ These fixes are based in part on patches Submitted by: Solar Designer -2005-03-23 Love Hörnquist Åstrand +2005-03-23 Love Hörnquist Ã…strand * telnetd/telnetd.c: remove setting of DES_check_key, all code uses DES_set_key_checked * libtelnet/enc_des.c: use DES_set_key_checked -2005-01-09 Love Hörnquist Åstrand +2005-01-09 Love Hörnquist Ã…strand * telnet/telnet.c: cast argument to toupper to unsigned char * telnet/commands.c: cast argument to is* to unsigned char -2004-06-20 Love Hörnquist Åstrand +2004-06-20 Love Hörnquist Ã…strand * telnet/network.c: make network rings larger From: MAAAAA MOOOR @@ -229,19 +256,19 @@ * libtelnet/kerberos5.c (Data): allocate the data needed to be send From: MAAAAA MOOOR -2004-04-02 Love Hörnquist Åstrand +2004-04-02 Love Hörnquist Ã…strand * telnet/main.c: make encrypt, forwardable, forward use appdefault (that also searches libdefaults), prompted by Thomas Nystrom -2004-03-22 Love Hörnquist Åstrand +2004-03-22 Love Hörnquist Ã…strand * telnetd/telnetd.c: call setprogname to make libvers happy * telnet/main.c: call setprogname to make libvers happy -2003-09-25 Love Hörnquist Åstrand +2003-09-25 Love Hörnquist Ã…strand * telnet/externs.h: export Scheduler and scheduler_lockout_tty @@ -251,13 +278,13 @@ * telnet/authenc.c (telnet_spin): if Scheduler() returns failure (-1) propagate to higher level -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * telnetd/telnetd.c: use new DES_ api * libtelnet/enc_des.c: use new DES_ api -2003-04-22 Love Hörnquist Åstrand +2003-04-22 Love Hörnquist Ã…strand * telnet/telnet.1: replace <,> with \*[Lt],\*[Gt] diff --git a/crypto/heimdal/appl/telnet/Makefile.am b/crypto/heimdal/appl/telnet/Makefile.am index 61f0e86aecb..db43430aa7e 100644 --- a/crypto/heimdal/appl/telnet/Makefile.am +++ b/crypto/heimdal/appl/telnet/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -8,4 +8,4 @@ dist-hook: $(mkinstalldirs) $(distdir)/arpa $(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa -EXTRA_DIST = README.ORIG telnet.state +EXTRA_DIST = NTMakefile README.ORIG telnet.state diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in index 83dc3744649..815e1aed4a1 100644 --- a/crypto/heimdal/appl/telnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 5652 1999-03-20 13:58:20Z joda $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = appl/telnet ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -101,57 +105,94 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -175,10 +216,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -195,6 +237,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -210,31 +254,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -249,10 +307,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -293,48 +353,53 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la SUBDIRS = libtelnet telnet telnetd -EXTRA_DIST = README.ORIG telnet.state +EXTRA_DIST = NTMakefile README.ORIG telnet.state all: all-recursive .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/telnet/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/telnet/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -352,6 +417,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -366,7 +432,7 @@ clean-libtool: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -383,7 +449,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -391,7 +457,7 @@ $(RECURSIVE_TARGETS): fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -417,16 +483,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -434,14 +500,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -453,39 +519,43 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -506,29 +576,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -562,6 +647,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -580,6 +666,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -587,23 +675,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -625,9 +721,9 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ + ctags-recursive install-am install-data-am install-exec-am \ + install-strip tags-recursive uninstall-am .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local check check-am check-local clean \ @@ -713,6 +809,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -798,7 +897,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -815,6 +914,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) dist-hook: $(mkinstalldirs) $(distdir)/arpa $(INSTALL_DATA) $(srcdir)/arpa/telnet.h $(distdir)/arpa + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am b/crypto/heimdal/appl/telnet/libtelnet/Makefile.am index 60786baa62d..66571d5dbd7 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.am +++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto) +AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_hcrypto) noinst_LIBRARIES = libtelnet.a @@ -15,10 +15,9 @@ libtelnet_a_SOURCES = \ encrypt.c \ encrypt.h \ genget.c \ - kerberos.c \ kerberos5.c \ misc-proto.h \ misc.c \ misc.h -EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c +EXTRA_DIST = NTMakefile rsaencpwd.c spx.c diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in index cb00e59e5ff..37a22963396 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -44,7 +46,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = appl/telnet/libtelnet ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -59,7 +61,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -73,9 +75,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -83,23 +88,24 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) ARFLAGS = cru libtelnet_a_AR = $(AR) $(ARFLAGS) libtelnet_a_LIBADD = am_libtelnet_a_OBJECTS = auth.$(OBJEXT) enc_des.$(OBJEXT) \ - encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos.$(OBJEXT) \ - kerberos5.$(OBJEXT) misc.$(OBJEXT) + encrypt.$(OBJEXT) genget.$(OBJEXT) kerberos5.$(OBJEXT) \ + misc.$(OBJEXT) libtelnet_a_OBJECTS = $(am_libtelnet_a_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -118,49 +124,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -184,10 +199,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -204,6 +220,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -219,31 +237,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -258,10 +290,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -302,30 +336,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la noinst_LIBRARIES = libtelnet.a libtelnet_a_SOURCES = \ @@ -337,29 +375,28 @@ libtelnet_a_SOURCES = \ encrypt.c \ encrypt.h \ genget.c \ - kerberos.c \ kerberos5.c \ misc-proto.h \ misc.c \ misc.h -EXTRA_DIST = krb4encpwd.c rsaencpwd.c spx.c +EXTRA_DIST = NTMakefile rsaencpwd.c spx.c all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/libtelnet/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/telnet/libtelnet/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/libtelnet/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/telnet/libtelnet/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -377,6 +414,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) @@ -391,14 +429,33 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enc_des.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encrypt.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/genget.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kerberos5.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -411,45 +468,49 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -470,13 +531,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -508,6 +573,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -518,6 +584,7 @@ clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -528,6 +595,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -535,26 +604,35 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -574,9 +652,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libtool clean-noinstLIBRARIES ctags \ @@ -661,6 +738,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -746,7 +826,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -759,6 +839,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h b/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h index 4f2e2457bb0..511a5ab712e 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h +++ b/crypto/heimdal/appl/telnet/libtelnet/auth-proto.h @@ -40,7 +40,7 @@ * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -53,7 +53,7 @@ * or implied warranty. */ -/* $Id: auth-proto.h 11288 2002-08-28 20:56:14Z joda $ */ +/* $Id$ */ #ifdef AUTHENTICATION Authenticator *findauthenticator (int, int); @@ -61,7 +61,7 @@ Authenticator *findauthenticator (int, int); int auth_wait (char *, size_t); void auth_disable_name (char *); void auth_finished (Authenticator *, int); -void auth_gen_printsub (unsigned char *, int, unsigned char *, int); +void auth_gen_printsub (unsigned char *, size_t, unsigned char *, size_t); void auth_init (const char *, int); void auth_is (unsigned char *, int); void auth_name(unsigned char*, int); @@ -69,7 +69,7 @@ void auth_reply (unsigned char *, int); void auth_request (void); void auth_send (unsigned char *, int); void auth_send_retry (void); -void auth_printsub(unsigned char*, int, unsigned char*, int); +void auth_printsub(unsigned char*, size_t, unsigned char*, size_t); int getauthmask(char *type, int *maskp); int auth_enable(char *type); int auth_disable(char *type); @@ -78,8 +78,6 @@ int auth_togdebug(int on); int auth_status(void); int auth_sendname(unsigned char *cp, int len); void auth_debug(int mode); -void auth_gen_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen); #ifdef UNSAFE int unsafe_init (Authenticator *, int); @@ -87,7 +85,7 @@ int unsafe_send (Authenticator *); void unsafe_is (Authenticator *, unsigned char *, int); void unsafe_reply (Authenticator *, unsigned char *, int); int unsafe_status (Authenticator *, char *, int); -void unsafe_printsub (unsigned char *, int, unsigned char *, int); +void unsafe_printsub (unsigned char *, size_t, unsigned char *, size_t); #endif #ifdef SRA @@ -96,18 +94,7 @@ int sra_send (Authenticator *); void sra_is (Authenticator *, unsigned char *, int); void sra_reply (Authenticator *, unsigned char *, int); int sra_status (Authenticator *, char *, int); -void sra_printsub (unsigned char *, int, unsigned char *, int); -#endif - -#ifdef KRB4 -int kerberos4_init (Authenticator *, int); -int kerberos4_send_mutual (Authenticator *); -int kerberos4_send_oneway (Authenticator *); -void kerberos4_is (Authenticator *, unsigned char *, int); -void kerberos4_reply (Authenticator *, unsigned char *, int); -int kerberos4_status (Authenticator *, char *, size_t, int); -void kerberos4_printsub (unsigned char *, int, unsigned char *, int); -int kerberos4_forward(Authenticator *ap, void *); +void sra_printsub (unsigned char *, size_t, unsigned char *, size_t); #endif #ifdef KRB5 @@ -117,7 +104,7 @@ int kerberos5_send_oneway (Authenticator *); void kerberos5_is (Authenticator *, unsigned char *, int); void kerberos5_reply (Authenticator *, unsigned char *, int); int kerberos5_status (Authenticator *, char *, size_t, int); -void kerberos5_printsub (unsigned char *, int, unsigned char *, int); +void kerberos5_printsub (unsigned char *, size_t, unsigned char *, size_t); int kerberos5_set_forward(int); int kerberos5_set_forwardable(int); #endif diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.c b/crypto/heimdal/appl/telnet/libtelnet/auth.c index 13253034d17..1c01245d18b 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/auth.c +++ b/crypto/heimdal/appl/telnet/libtelnet/auth.c @@ -53,7 +53,7 @@ #include -RCSID("$Id: auth.c 10809 2002-01-18 12:58:49Z joda $"); +RCSID("$Id$"); #if defined(AUTHENTICATION) #include @@ -81,15 +81,6 @@ RCSID("$Id: auth.c 10809 2002-01-18 12:58:49Z joda $"); #define typemask(x) (1<<((x)-1)) -#ifdef KRB4_ENCPWD -extern krb4encpwd_init(); -extern krb4encpwd_send(); -extern krb4encpwd_is(); -extern krb4encpwd_reply(); -extern krb4encpwd_status(); -extern krb4encpwd_printsub(); -#endif - #ifdef RSA_ENCPWD extern rsaencpwd_init(); extern rsaencpwd_send(); @@ -166,31 +157,6 @@ Authenticator authenticators[] = { kerberos5_status, kerberos5_printsub }, #endif -#ifdef KRB4 - { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - kerberos4_init, - kerberos4_send_mutual, - kerberos4_is, - kerberos4_reply, - kerberos4_status, - kerberos4_printsub }, - { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - kerberos4_init, - kerberos4_send_oneway, - kerberos4_is, - kerberos4_reply, - kerberos4_status, - kerberos4_printsub }, -#endif -#ifdef KRB4_ENCPWD - { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - krb4encpwd_init, - krb4encpwd_send, - krb4encpwd_is, - krb4encpwd_reply, - krb4encpwd_status, - krb4encpwd_printsub }, -#endif #ifdef RSA_ENCPWD { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, rsaencpwd_init, @@ -627,7 +593,8 @@ auth_debug(int mode) } void -auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) +auth_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { Authenticator *ap; @@ -638,7 +605,8 @@ auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) } void -auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) +auth_gen_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { unsigned char *cp; unsigned char tbuf[16]; diff --git a/crypto/heimdal/appl/telnet/libtelnet/auth.h b/crypto/heimdal/appl/telnet/libtelnet/auth.h index 924881588af..bb793459d1b 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/auth.h +++ b/crypto/heimdal/appl/telnet/libtelnet/auth.h @@ -53,7 +53,7 @@ * or implied warranty. */ -/* $Id: auth.h 5027 1998-06-09 19:25:40Z joda $ */ +/* $Id$ */ #ifndef __AUTH__ #define __AUTH__ @@ -72,7 +72,7 @@ typedef struct XauthP { void (*is) (struct XauthP *, unsigned char *, int); void (*reply) (struct XauthP *, unsigned char *, int); int (*status) (struct XauthP *, char *, size_t, int); - void (*printsub) (unsigned char *, int, unsigned char *, int); + void (*printsub) (unsigned char *, size_t, unsigned char *, size_t); } Authenticator; #include "auth-proto.h" diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h index a40893bb8d3..b3e909bcffa 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h +++ b/crypto/heimdal/appl/telnet/libtelnet/enc-proto.h @@ -55,7 +55,7 @@ * or implied warranty. */ -/* $Id: enc-proto.h 10809 2002-01-18 12:58:49Z joda $ */ +/* $Id$ */ #if defined(ENCRYPTION) Encryptions *findencryption (int); @@ -81,12 +81,12 @@ void encrypt_dec_keyid(unsigned char*, int); void encrypt_display(void); void encrypt_enc_keyid(unsigned char*, int); void encrypt_end(void); -void encrypt_gen_printsub(unsigned char*, int, unsigned char*, int); +void encrypt_gen_printsub(unsigned char*, size_t, unsigned char*, size_t); void encrypt_init(const char*, int); void encrypt_is(unsigned char*, int); void encrypt_list_types(void); void encrypt_not(void); -void encrypt_printsub(unsigned char*, int, unsigned char*, int); +void encrypt_printsub(unsigned char*, size_t, unsigned char*, size_t); void encrypt_reply(unsigned char*, int); void encrypt_request_end(void); void encrypt_request_start(unsigned char*, int); @@ -118,7 +118,7 @@ int cfb64_is (unsigned char *, int); int cfb64_reply (unsigned char *, int); void cfb64_session (Session_Key *, int); int cfb64_keyid (int, unsigned char *, int *); -void cfb64_printsub (unsigned char *, int, unsigned char *, int); +void cfb64_printsub (unsigned char *, size_t, unsigned char *, size_t); void ofb64_encrypt (unsigned char *, int); int ofb64_decrypt (int); @@ -128,6 +128,6 @@ int ofb64_is (unsigned char *, int); int ofb64_reply (unsigned char *, int); void ofb64_session (Session_Key *, int); int ofb64_keyid (int, unsigned char *, int *); -void ofb64_printsub (unsigned char *, int, unsigned char *, int); +void ofb64_printsub (unsigned char *, size_t, unsigned char *, size_t); #endif diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c index 13dd9daf38e..9b1a5d36c6b 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c +++ b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: enc_des.c 14681 2005-03-23 16:19:31Z lha $"); +RCSID("$Id$"); #if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION) #include @@ -83,7 +83,6 @@ struct fb { int need_start; int state[2]; int keyid[2]; - int once; struct stinfo streams[2]; }; @@ -124,8 +123,8 @@ int fb64_reply (unsigned char *, int, struct fb *); static void fb64_session (Session_Key *, int, struct fb *); void fb64_stream_key (DES_cblock, struct stinfo *); int fb64_keyid (int, unsigned char *, int *, struct fb *); -void fb64_printsub(unsigned char *, int , - unsigned char *, int , char *); +void fb64_printsub(unsigned char *, size_t , + unsigned char *, size_t , char *); void cfb64_init(int server) { @@ -210,22 +209,13 @@ static int fb64_start(struct fb *fbp, int dir, int server) /* * Create a random feed and send it over. */ -#ifndef OLD_DES_RANDOM_KEY - DES_random_key(&fbp->temp_feed); -#else - /* - * From des_cryp.man "If the des_check_key flag is non-zero, - * des_set_key will check that the key passed is - * of odd parity and is not a week or semi-weak key." - */ do { - DES_random_key(fbp->temp_feed); - DES_set_odd_parity(fbp->temp_feed); - } while (DES_is_weak_key(fbp->temp_feed)); -#endif - DES_ecb_encrypt(&fbp->temp_feed, - &fbp->temp_feed, - &fbp->krbdes_sched, 1); + if (RAND_bytes(fbp->temp_feed, + sizeof(*fbp->temp_feed)) != 1) + abort(); + DES_set_odd_parity(&fbp->temp_feed); + } while(DES_is_weak_key(&fbp->temp_feed)); + p = fbp->fb_feed + 3; *p++ = ENCRYPT_IS; p++; @@ -405,18 +395,13 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp) fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - if (fbp->once == 0) { -#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL) - DES_init_random_number_generator(&fbp->krbdes_key); -#endif - fbp->once = 1; - } + RAND_seed(key->data, key->length); + DES_set_key_checked((DES_cblock *)&fbp->krbdes_key, &fbp->krbdes_sched); /* - * Now look to see if krbdes_start() was was waiting for - * the key to show up. If so, go ahead an call it now - * that we have the key. + * Now look to see if krbdes_start() was waiting for the key to + * show up. If so, go ahead an call it now that we have the key. */ if (fbp->need_start) { fbp->need_start = 0; @@ -456,8 +441,8 @@ int fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp) return(fbp->state[dir-1] = state); } -void fb64_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen, char *type) +void fb64_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen, char *type) { char lbuf[32]; int i; @@ -497,14 +482,14 @@ void fb64_printsub(unsigned char *data, int cnt, } } -void cfb64_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen) +void cfb64_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { fb64_printsub(data, cnt, buf, buflen, "CFB64"); } -void ofb64_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen) +void ofb64_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { fb64_printsub(data, cnt, buf, buflen, "OFB64"); } @@ -540,7 +525,7 @@ void fb64_stream_key(DES_cblock key, struct stinfo *stp) * INPUT --(--------->(+)+---> DATA * | | * +-------------+ - * + * * * Given: * iV: Initial vector, 64 bits (8 bytes) long. @@ -596,7 +581,7 @@ int cfb64_decrypt(int data) DES_ecb_encrypt(&stp->str_output,&b, &stp->str_sched, 1); memcpy(stp->str_feed, b, sizeof(DES_cblock)); stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ + index = 0; /* But now use 0 */ } /* On decryption we store (data) which is cypher. */ @@ -665,7 +650,7 @@ int ofb64_decrypt(int data) DES_ecb_encrypt(&stp->str_feed,&b,&stp->str_sched, 1); memcpy(stp->str_feed, b, sizeof(DES_cblock)); stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ + index = 0; /* But now use 0 */ } return(data ^ stp->str_feed[index]); diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c index a4669d234e8..c443ee79b4a 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.c +++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.c @@ -54,16 +54,13 @@ #include -RCSID("$Id: encrypt.c 16802 2006-03-23 19:36:31Z lha $"); +RCSID("$Id$"); #if defined(ENCRYPTION) #define ENCRYPT_NAMES #include -#include "encrypt.h" -#include "misc.h" - #include #include #include @@ -72,6 +69,9 @@ RCSID("$Id: encrypt.c 16802 2006-03-23 19:36:31Z lha $"); #include #endif +#include "encrypt.h" +#include "misc.h" + /* * These functions pointers point to the current routines @@ -108,7 +108,7 @@ static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) static Encryptions encryptions[] = { #if defined(DES_ENCRYPTION) { "DES_CFB64", ENCTYPE_DES_CFB64, - cfb64_encrypt, + cfb64_encrypt, cfb64_decrypt, cfb64_init, cfb64_start, @@ -118,7 +118,7 @@ static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) cfb64_keyid, cfb64_printsub }, { "DES_OFB64", ENCTYPE_DES_OFB64, - ofb64_encrypt, + ofb64_encrypt, ofb64_decrypt, ofb64_init, ofb64_start, @@ -388,7 +388,7 @@ encrypt_display(void) ENCTYPE_NAME(encrypt_mode)); else printf("Currently not encrypting output\r\n"); - + if (decrypt_input) printf("Currently decrypting input with %s\r\n", ENCTYPE_NAME(decrypt_mode)); @@ -411,7 +411,7 @@ EncryptStatus(void) ENCTYPE_NAME(encrypt_mode)); } else printf("Currently not encrypting output\r\n"); - + if (decrypt_input) { printf("Currently decrypting input with %s\r\n", ENCTYPE_NAME(decrypt_mode)); @@ -714,7 +714,7 @@ encrypt_request_end(void) * Called when ENCRYPT REQUEST-START is received. If we receive * this before a type is picked, then that indicates that the * other side wants us to start encrypting data as soon as we - * can. + * can. */ void encrypt_request_start(unsigned char *data, int cnt) @@ -844,7 +844,7 @@ encrypt_start_output(int type) i = (*ep->start)(DIR_ENCRYPT, Server); if (encrypt_debug_mode) { printf(">>>%s: Encrypt start: %s (%d) %s\r\n", - Name, + Name, (i < 0) ? "failed" : "initial negotiation in progress", i, ENCTYPE_NAME(type)); @@ -968,8 +968,8 @@ encrypt_debug(int mode) encrypt_debug_mode = mode; } -void encrypt_gen_printsub(unsigned char *data, int cnt, - unsigned char *buf, int buflen) +void encrypt_gen_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { char tbuf[16], *cp; @@ -989,7 +989,8 @@ void encrypt_gen_printsub(unsigned char *data, int cnt, } void -encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) +encrypt_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { Encryptions *ep; int type = data[1]; diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h index 814491cb423..3b2785c3f46 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h +++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h @@ -55,7 +55,7 @@ * or implied warranty. */ -/* $Id: encrypt.h 11444 2002-09-10 20:03:49Z joda $ */ +/* $Id$ */ #ifndef __ENCRYPT__ #define __ENCRYPT__ @@ -85,7 +85,7 @@ typedef struct { int (*reply) (unsigned char *, int); void (*session) (Session_Key *, int); int (*keyid) (int, unsigned char *, int *); - void (*printsub) (unsigned char *, int, unsigned char *, int); + void (*printsub) (unsigned char *, size_t, unsigned char *, size_t); } Encryptions; #define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ diff --git a/crypto/heimdal/appl/telnet/libtelnet/genget.c b/crypto/heimdal/appl/telnet/libtelnet/genget.c index 5785314f41b..c5ab9e18847 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/genget.c +++ b/crypto/heimdal/appl/telnet/libtelnet/genget.c @@ -32,11 +32,14 @@ */ #include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include #include "misc-proto.h" -RCSID("$Id: genget.c 10646 2001-09-03 05:54:18Z assar $"); +RCSID("$Id$"); -#include #define LOWER(x) (isupper(x) ? tolower(x) : (x)) /* @@ -72,7 +75,7 @@ char ** genget(char *name, char **table, int stlen) /* name to match */ /* name entry in table */ - + { char **c, **found; int n; diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c deleted file mode 100644 index 1c86fe29851..00000000000 --- a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c +++ /dev/null @@ -1,723 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -RCSID("$Id: kerberos.c 22071 2007-11-14 20:04:50Z lha $"); - -#ifdef KRB4 -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_ARPA_TELNET_H -#include -#endif -#include -#include -#include -#include -#include -#include -#ifdef SOCKS -#include -#endif - - -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -int kerberos4_cksum (unsigned char *, int); -extern int auth_debug_mode; - -static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KERBEROS_V4, }; - -#define KRB_AUTH 0 /* Authentication data follows */ -#define KRB_REJECT 1 /* Rejected (reason might follow) */ -#define KRB_ACCEPT 2 /* Accepted */ -#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */ -#define KRB_RESPONSE 4 /* Response for mutual auth. */ - -#define KRB_FORWARD 5 /* */ -#define KRB_FORWARD_ACCEPT 6 /* */ -#define KRB_FORWARD_REJECT 7 /* */ - -#define KRB_SERVICE_NAME "rcmd" - -static KTEXT_ST auth; -static char name[ANAME_SZ]; -static AUTH_DAT adat; -static des_cblock session_key; -static des_cblock cred_session; -static des_key_schedule sched; -static des_cblock challenge; -static int auth_done; /* XXX */ - -static int pack_cred(CREDENTIALS *cred, unsigned char *buf); -static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred); - - -static int -Data(Authenticator *ap, int type, const void *d, int c) -{ - unsigned char *p = str_data + 4; - const unsigned char *cd = (const unsigned char *)d; - - if (c == -1) - c = strlen((const char *)cd); - - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); - return(telnet_net_write(str_data, p - str_data)); -} - -int -kerberos4_init(Authenticator *ap, int server) -{ - FILE *fp; - - if (server) { - str_data[3] = TELQUAL_REPLY; - if ((fp = fopen(KEYFILE, "r")) == NULL) - return(0); - fclose(fp); - } else { - str_data[3] = TELQUAL_IS; - } - return(1); -} - -char dst_realm_buf[REALM_SZ], *dest_realm = NULL; -int dst_realm_sz = REALM_SZ; - -static int -kerberos4_send(char *name, Authenticator *ap) -{ - KTEXT_ST auth; - char instance[INST_SZ]; - char *realm; - CREDENTIALS cred; - int r; - - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V4: no user name supplied\r\n"); - } - return(0); - } - - memset(instance, 0, sizeof(instance)); - - strlcpy (instance, - krb_get_phost(RemoteHostName), - INST_SZ); - - realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); - - if (!realm) { - printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); - return(0); - } - printf("[ Trying %s (%s.%s@%s) ... ]\r\n", name, - KRB_SERVICE_NAME, instance, realm); - r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L); - if (r) { - printf("mk_req failed: %s\r\n", krb_get_err_text(r)); - return(0); - } - r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred); - if (r) { - printf("get_cred failed: %s\r\n", krb_get_err_text(r)); - return(0); - } - if (!auth_sendname((unsigned char*)UserNameRequested, - strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); - } - if (auth_debug_mode) - printf("Sent %d bytes of authentication data\r\n", auth.length); - if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); - } -#ifdef ENCRYPTION - /* create challenge */ - if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) { - int i; - - des_key_sched(&cred.session, sched); - memcpy (&cred_session, &cred.session, sizeof(cred_session)); -#ifndef HAVE_OPENSSL - des_init_random_number_generator(&cred.session); -#endif - des_new_random_key(&session_key); - des_ecb_encrypt(&session_key, &session_key, sched, 0); - des_ecb_encrypt(&session_key, &challenge, sched, 0); - - /* - old code - Some CERT Advisory thinks this is a bad thing... - - des_init_random_number_generator(&cred.session); - des_new_random_key(&challenge); - des_ecb_encrypt(&challenge, &session_key, sched, 1); - */ - - /* - * Increment the challenge by 1, and encrypt it for - * later comparison. - */ - for (i = 7; i >= 0; --i) - if(++challenge[i] != 0) /* No carry! */ - break; - des_ecb_encrypt(&challenge, &challenge, sched, 1); - } - -#endif - - if (auth_debug_mode) { - printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - printf("Sent Kerberos V4 credentials to server\r\n"); - } - return(1); -} -int -kerberos4_send_mutual(Authenticator *ap) -{ - return kerberos4_send("mutual KERBEROS4", ap); -} - -int -kerberos4_send_oneway(Authenticator *ap) -{ - return kerberos4_send("KERBEROS4", ap); -} - -void -kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) -{ - struct sockaddr_in addr; - char realm[REALM_SZ]; - char instance[INST_SZ]; - int r; - socklen_t addr_len; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) - printf("No local realm\r\n"); - return; - } - memmove(auth.dat, data, auth.length = cnt); - if (auth_debug_mode) { - printf("Got %d bytes of authentication data\r\n", cnt); - printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - } - k_getsockinst(0, instance, sizeof(instance)); - addr_len = sizeof(addr); - if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) { - if(auth_debug_mode) - printf("getpeername failed\r\n"); - Data(ap, KRB_REJECT, "getpeername failed", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - if (addr.sin_family != AF_INET) { - if (auth_debug_mode) - printf("unknown address family: %d\r\n", addr.sin_family); - Data(ap, KRB_REJECT, "bad address family", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - r = krb_rd_req(&auth, KRB_SERVICE_NAME, - instance, addr.sin_addr.s_addr, &adat, ""); - if (r) { - if (auth_debug_mode) - printf("Kerberos failed him as %s\r\n", name); - Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1); - auth_finished(ap, AUTH_REJECT); - return; - } - /* save the session key */ - memmove(session_key, adat.session, sizeof(adat.session)); - krb_kntoln(&adat, name); - - if (UserNameRequested && !kuserok(&adat, UserNameRequested)){ - char ts[MaxPathLen]; - struct passwd *pw = getpwnam(UserNameRequested); - - if(pw){ - snprintf(ts, sizeof(ts), - "%s%u", - TKT_ROOT, - (unsigned)pw->pw_uid); - esetenv("KRBTKFILE", ts, 1); - - if (pw->pw_uid == 0) - syslog(LOG_INFO|LOG_AUTH, - "ROOT Kerberos login from %s on %s\n", - krb_unparse_name_long(adat.pname, - adat.pinst, - adat.prealm), - RemoteHostName); - } - Data(ap, KRB_ACCEPT, NULL, 0); - } else { - char *msg; - int ret; - - ret = asprintf (&msg, "user `%s' is not authorized to " - "login as `%s'", - krb_unparse_name_long(adat.pname, - adat.pinst, - adat.prealm), - UserNameRequested ? UserNameRequested : ""); - if (ret == -1) - Data(ap, KRB_REJECT, NULL, 0); - else { - Data(ap, KRB_REJECT, (void *)msg, -1); - free(msg); - } - auth_finished(ap, AUTH_REJECT); - break; - } - auth_finished(ap, AUTH_USER); - break; - - case KRB_CHALLENGE: -#ifndef ENCRYPTION - Data(ap, KRB_RESPONSE, NULL, 0); -#else - if(!VALIDKEY(session_key)){ - Data(ap, KRB_RESPONSE, NULL, 0); - break; - } - des_key_sched(&session_key, sched); - { - des_cblock d_block; - int i; - Session_Key skey; - - memmove(d_block, data, sizeof(d_block)); - - /* make a session key for encryption */ - des_ecb_encrypt(&d_block, &session_key, sched, 1); - skey.type=SK_DES; - skey.length=8; - skey.data=session_key; - encrypt_session_key(&skey, 1); - - /* decrypt challenge, add one and encrypt it */ - des_ecb_encrypt(&d_block, &challenge, sched, 0); - for (i = 7; i >= 0; i--) - if(++challenge[i] != 0) - break; - des_ecb_encrypt(&challenge, &challenge, sched, 1); - Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge)); - } -#endif - break; - - case KRB_FORWARD: - { - des_key_schedule ks; - unsigned char netcred[sizeof(CREDENTIALS)]; - CREDENTIALS cred; - int ret; - if(cnt > sizeof(cred)) - abort(); - - memcpy (session_key, adat.session, sizeof(session_key)); - des_set_key(&session_key, ks); - des_pcbc_encrypt((void*)data, (void*)netcred, cnt, - ks, &session_key, DES_DECRYPT); - unpack_cred(netcred, cnt, &cred); - { - if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) || - strncmp(cred.instance, cred.realm, sizeof(cred.instance)) || - cred.lifetime < 0 || cred.lifetime > 255 || - cred.kvno < 0 || cred.kvno > 255 || - cred.issue_date < 0 || - cred.issue_date > time(0) + CLOCK_SKEW || - strncmp(cred.pname, adat.pname, sizeof(cred.pname)) || - strncmp(cred.pinst, adat.pinst, sizeof(cred.pinst))){ - Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1); - }else{ - if((ret = tf_setup(&cred, - cred.pname, - cred.pinst)) == KSUCCESS){ - struct passwd *pw = getpwnam(UserNameRequested); - - if (pw) - chown(tkt_string(), pw->pw_uid, pw->pw_gid); - Data(ap, KRB_FORWARD_ACCEPT, 0, 0); - } else{ - Data(ap, KRB_FORWARD_REJECT, - krb_get_err_text(ret), -1); - } - } - } - memset(data, 0, cnt); - memset(&ks, 0, sizeof(ks)); - memset(&cred, 0, sizeof(cred)); - } - - break; - - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; - } -} - -void -kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt) -{ - Session_Key skey; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if(auth_done){ /* XXX Ick! */ - printf("[ Kerberos V4 received unknown opcode ]\r\n"); - }else{ - printf("[ Kerberos V4 refuses authentication "); - if (cnt > 0) - printf("because %.*s ", cnt, data); - printf("]\r\n"); - auth_send_retry(); - } - return; - case KRB_ACCEPT: - printf("[ Kerberos V4 accepts you ]\r\n"); - auth_done = 1; - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* - * Send over the encrypted challenge. - */ - Data(ap, KRB_CHALLENGE, session_key, - sizeof(session_key)); - des_ecb_encrypt(&session_key, &session_key, sched, 1); - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 0); -#if 0 - kerberos4_forward(ap, &cred_session); -#endif - return; - } - auth_finished(ap, AUTH_USER); - return; - case KRB_RESPONSE: - /* make sure the response is correct */ - if ((cnt != sizeof(des_cblock)) || - (memcmp(data, challenge, sizeof(challenge)))){ - printf("[ Kerberos V4 challenge failed!!! ]\r\n"); - auth_send_retry(); - return; - } - printf("[ Kerberos V4 challenge successful ]\r\n"); - auth_finished(ap, AUTH_USER); - break; - case KRB_FORWARD_ACCEPT: - printf("[ Kerberos V4 accepted forwarded credentials ]\r\n"); - break; - case KRB_FORWARD_REJECT: - printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n", - cnt, data); - break; - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; - } -} - -int -kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level) -{ - if (level < AUTH_USER) - return(level); - - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strlcpy(name, UserNameRequested, name_sz); - return(AUTH_VALID); - } else - return(AUTH_USER); -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - -void -kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) -{ - int i; - - buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strlcpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB_ACCEPT: /* Accepted (name might follow) */ - strlcpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - case KRB_AUTH: /* Authentication data follows */ - strlcpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB_CHALLENGE: - strlcpy((char *)buf, " CHALLENGE", buflen); - goto common2; - - case KRB_RESPONSE: - strlcpy((char *)buf, " RESPONSE", buflen); - goto common2; - - default: - snprintf((char*)buf, buflen, " %d (unknown)", data[3]); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - snprintf((char*)buf, buflen, " %d", data[i]); - BUMP(buf, buflen); - } - break; - } -} - -int -kerberos4_cksum(unsigned char *d, int n) -{ - int ck = 0; - - /* - * A comment is probably needed here for those not - * well versed in the "C" language. Yes, this is - * supposed to be a "switch" with the body of the - * "switch" being a "while" statement. The whole - * purpose of the switch is to allow us to jump into - * the middle of the while() loop, and then not have - * to do any more switch()s. - * - * Some compilers will spit out a warning message - * about the loop not being entered at the top. - */ - switch (n&03) - while (n > 0) { - case 0: - ck ^= (int)*d++ << 24; - --n; - case 3: - ck ^= (int)*d++ << 16; - --n; - case 2: - ck ^= (int)*d++ << 8; - --n; - case 1: - ck ^= (int)*d++; - --n; - } - return(ck); -} - -static int -pack_cred(CREDENTIALS *cred, unsigned char *buf) -{ - unsigned char *p = buf; - - memcpy (p, cred->service, ANAME_SZ); - p += ANAME_SZ; - memcpy (p, cred->instance, INST_SZ); - p += INST_SZ; - memcpy (p, cred->realm, REALM_SZ); - p += REALM_SZ; - memcpy(p, cred->session, 8); - p += 8; - p += KRB_PUT_INT(cred->lifetime, p, 4, 4); - p += KRB_PUT_INT(cred->kvno, p, 4, 4); - p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4); - memcpy(p, cred->ticket_st.dat, cred->ticket_st.length); - p += cred->ticket_st.length; - p += KRB_PUT_INT(0, p, 4, 4); - p += KRB_PUT_INT(cred->issue_date, p, 4, 4); - memcpy (p, cred->pname, ANAME_SZ); - p += ANAME_SZ; - memcpy (p, cred->pinst, INST_SZ); - p += INST_SZ; - return p - buf; -} - -static int -unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred) -{ - char *p = (char*)buf; - uint32_t tmp; - - strncpy (cred->service, p, ANAME_SZ); - cred->service[ANAME_SZ - 1] = '\0'; - p += ANAME_SZ; - strncpy (cred->instance, p, INST_SZ); - cred->instance[INST_SZ - 1] = '\0'; - p += INST_SZ; - strncpy (cred->realm, p, REALM_SZ); - cred->realm[REALM_SZ - 1] = '\0'; - p += REALM_SZ; - - memcpy(cred->session, p, 8); - p += 8; - p += krb_get_int(p, &tmp, 4, 0); - cred->lifetime = tmp; - p += krb_get_int(p, &tmp, 4, 0); - cred->kvno = tmp; - - p += krb_get_int(p, &cred->ticket_st.length, 4, 0); - memcpy(cred->ticket_st.dat, p, cred->ticket_st.length); - p += cred->ticket_st.length; - p += krb_get_int(p, &tmp, 4, 0); - cred->ticket_st.mbz = 0; - p += krb_get_int(p, (uint32_t *)&cred->issue_date, 4, 0); - - strncpy (cred->pname, p, ANAME_SZ); - cred->pname[ANAME_SZ - 1] = '\0'; - p += ANAME_SZ; - strncpy (cred->pinst, p, INST_SZ); - cred->pinst[INST_SZ - 1] = '\0'; - p += INST_SZ; - return 0; -} - - -int -kerberos4_forward(Authenticator *ap, void *v) -{ - des_cblock *key = (des_cblock *)v; - CREDENTIALS cred; - char *realm; - des_key_schedule ks; - int len; - unsigned char netcred[sizeof(CREDENTIALS)]; - int ret; - - realm = krb_realmofhost(RemoteHostName); - if(realm == NULL) - return -1; - memset(&cred, 0, sizeof(cred)); - ret = krb_get_cred(KRB_TICKET_GRANTING_TICKET, - realm, - realm, - &cred); - if(ret) - return ret; - des_set_key(key, ks); - len = pack_cred(&cred, netcred); - des_pcbc_encrypt((void*)netcred, (void*)netcred, len, - ks, key, DES_ENCRYPT); - memset(&ks, 0, sizeof(ks)); - Data(ap, KRB_FORWARD, netcred, len); - memset(netcred, 0, sizeof(netcred)); - return 0; -} - -#endif /* KRB4 */ - diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c index cac80d059ab..93a40dfe7de 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c +++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c @@ -53,7 +53,7 @@ #include -RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); #ifdef KRB5 @@ -132,10 +132,10 @@ Data(Authenticator *ap, int type, const void *d, int c) p0 = malloc(len); if (p0 == NULL) return 0; - + memcpy(p0, str_data, sizeof(str_data)); p = p0 + sizeof(str_data); - + if (auth_debug_mode) { printf("%s:%d: [%d] (%d)", str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", @@ -199,14 +199,14 @@ kerberos5_send(char *name, Authenticator *ap) int ap_opts; krb5_data cksum_data; char ap_msg[2]; - + if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V5: no user name supplied\r\n"); } return(0); } - + ret = krb5_cc_default(context, &ccache); if (ret) { if (auth_debug_mode) { @@ -215,14 +215,14 @@ kerberos5_send(char *name, Authenticator *ap) } return 0; } - + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ap_opts = AP_OPTS_MUTUAL_REQUIRED; else ap_opts = 0; ap_opts |= AP_OPTS_USE_SUBKEY; - + ret = krb5_auth_con_init (context, &auth_context); if (ret) { if (auth_debug_mode) { @@ -244,7 +244,7 @@ kerberos5_send(char *name, Authenticator *ap) return(0); } - krb5_auth_con_setkeytype (context, auth_context, KEYTYPE_DES); + krb5_auth_con_setkeytype (context, auth_context, KRB5_ENCTYPE_DES_CBC_CRC); ap_msg[0] = ap->type; ap_msg[1] = ap->way; @@ -282,7 +282,7 @@ kerberos5_send(char *name, Authenticator *ap) } printf("[ Trying %s (%s)... ]\r\n", name, sname); ret = krb5_mk_req_exact(context, &auth_context, ap_opts, - service, + service, &cksum_data, ccache, &auth); krb5_free_principal (context, service); @@ -395,7 +395,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) ret = krb5_rd_req(context, &auth_context, - &auth, + &auth, server, NULL, NULL, @@ -418,16 +418,16 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) free (errbuf); return; } - + { char ap_msg[2]; - + ap_msg[0] = ap->type; ap_msg[1] = ap->way; - + ret = krb5_verify_authenticator_checksum(context, auth_context, - ap_msg, + ap_msg, sizeof(ap_msg)); if (ret) { @@ -435,7 +435,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) char *errbuf; int ret2; - ret2 = asprintf(&errbuf, "Bad checksum: %s", + ret2 = asprintf(&errbuf, "Bad checksum: %s", krb5_get_err_text(context, ret)); if (ret2 != -1) errbuf2 = errbuf; @@ -489,6 +489,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) log_message("Kerberos V5: " "krb5_mk_rep failed (%s)", krb5_get_err_text(context, ret)); + krb5_free_keyblock(context, key_block); return; } Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); @@ -501,7 +502,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) UserNameRequested)) { Data(ap, KRB_ACCEPT, name, name ? -1 : 0); log_message("%s accepted as user %s from %s", - name ? name : "", + name ? name : "", UserNameRequested ? UserNameRequested : "", RemoteHostName ? RemoteHostName : ""); @@ -521,7 +522,7 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) char *msg; ret = asprintf (&msg, "user `%s' is not authorized to " - "login as `%s'", + "login as `%s'", name ? name : "", UserNameRequested ? UserNameRequested : ""); if (ret != -1) @@ -530,12 +531,12 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) if (ret != -1) free(msg); auth_finished (ap, AUTH_REJECT); - krb5_free_keyblock_contents(context, key_block); + krb5_free_keyblock(context, key_block); break; } auth_finished(ap, AUTH_USER); - krb5_free_keyblock_contents(context, key_block); - + krb5_free_keyblock(context, key_block); + break; case KRB_FORWARD: { struct passwd *pwd; @@ -627,7 +628,7 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) krb5_error_code ret; Session_Key skey; krb5_keyblock *keyblock; - + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && !mutual_complete) { printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); @@ -638,7 +639,7 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); else printf("[ Kerberos V5 accepts you ]\r\n"); - + ret = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock); @@ -652,12 +653,12 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) auth_send_retry(); return; } - + skey.type = SK_DES; skey.length = 8; skey.data = keyblock->keyvalue.data; encrypt_session_key(&skey, 0); - krb5_free_keyblock_contents (context, keyblock); + krb5_free_keyblock (context, keyblock); auth_finished(ap, AUTH_USER); if (forward_flags & OPTS_FORWARD_CREDS) kerberos5_forward(ap); @@ -669,7 +670,7 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) krb5_ap_rep_enc_part *reply; krb5_data inbuf; krb5_error_code ret; - + inbuf.length = cnt; inbuf.data = (char *)data; @@ -722,7 +723,8 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level) #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void -kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) +kerberos5_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { int i; @@ -810,14 +812,13 @@ kerberos5_forward(Authenticator *ap) memset (&creds, 0, sizeof(creds)); creds.client = principal; - - ret = krb5_build_principal (context, - &creds.server, - strlen(principal->realm), - principal->realm, - "krbtgt", - principal->realm, - NULL); + + ret = krb5_make_principal(context, + &creds.server, + principal->realm, + "krbtgt", + principal->realm, + NULL); if (ret) { if (auth_debug_mode) diff --git a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c deleted file mode 100644 index f14bc7da50f..00000000000 --- a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c +++ /dev/null @@ -1,436 +0,0 @@ -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include - -RCSID("$Id: krb4encpwd.c 22071 2007-11-14 20:04:50Z lha $"); - -#ifdef KRB4_ENCPWD -/* - * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION - * ALL RIGHTS RESERVED - * - * "Digital Equipment Corporation authorizes the reproduction, - * distribution and modification of this software subject to the following - * restrictions: - * - * 1. Any partial or whole copy of this software, or any modification - * thereof, must include this copyright notice in its entirety. - * - * 2. This software is supplied "as is" with no warranty of any kind, - * expressed or implied, for any purpose, including any warranty of fitness - * or merchantibility. DIGITAL assumes no responsibility for the use or - * reliability of this software, nor promises to provide any form of - * support for it on any basis. - * - * 3. Distribution of this software is authorized only if no profit or - * remuneration of any kind is received in exchange for such distribution. - * - * 4. This software produces public key authentication certificates - * bearing an expiration date established by DIGITAL and RSA Data - * Security, Inc. It may cease to generate certificates after the expiration - * date. Any modification of this software that changes or defeats - * the expiration date or its effect is unauthorized. - * - * 5. Software that will renew or extend the expiration date of - * authentication certificates produced by this software may be obtained - * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA - * 94065, (415)595-8782, or from DIGITAL" - * - */ - -#include -#include -#include -#include - -#include -#include -#include -#ifdef SOCKS -#include -#endif - -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -int krb_mk_encpwd_req (KTEXT, char *, char *, char *, char *, char *, char *); -int krb_rd_encpwd_req (KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *); - -extern auth_debug_mode; - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KRB4_ENCPWD, }; -static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_NAME, }; - -#define KRB4_ENCPWD_AUTH 0 /* Authentication data follows */ -#define KRB4_ENCPWD_REJECT 1 /* Rejected (reason might follow) */ -#define KRB4_ENCPWD_ACCEPT 2 /* Accepted */ -#define KRB4_ENCPWD_CHALLENGE 3 /* Challenge for mutual auth. */ -#define KRB4_ENCPWD_ACK 4 /* Acknowledge */ - -#define KRB_SERVICE_NAME "rcmd" - -static KTEXT_ST auth; -static char name[ANAME_SZ]; -static char user_passwd[ANAME_SZ]; -static AUTH_DAT adat = { 0 }; -static des_key_schedule sched; -static char challenge[REALM_SZ]; - - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - void *d; - int c; -{ - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen(cd); - - if (0) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); - return(telnet_net_write(str_data, p - str_data)); -} - - int -krb4encpwd_init(ap, server) - Authenticator *ap; - int server; -{ - char hostname[80], *cp, *realm; - des_clock skey; - - if (server) { - str_data[3] = TELQUAL_REPLY; - } else { - str_data[3] = TELQUAL_IS; - gethostname(hostname, sizeof(hostname)); - realm = krb_realmofhost(hostname); - cp = strchr(hostname, '.'); - if (*cp != NULL) *cp = NULL; - if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0, - KEYFILE, (char *)skey)) { - return(0); - } - } - return(1); -} - - int -krb4encpwd_send(ap) - Authenticator *ap; -{ - - printf("[ Trying KRB4ENCPWD ... ]\r\n"); - if (!UserNameRequested) { - return(0); - } - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - return(0); - } - - if (!Data(ap, KRB4_ENCPWD_ACK, NULL, 0)) { - return(0); - } - - return(1); -} - - void -krb4encpwd_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - des_cblock datablock; - char r_passwd[ANAME_SZ], r_user[ANAME_SZ]; - char lhostname[ANAME_SZ], *cp; - int r; - time_t now; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB4_ENCPWD_AUTH: - memmove(auth.dat, data, auth.length = cnt); - - gethostname(lhostname, sizeof(lhostname)); - if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; - - if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) { - Data(ap, KRB4_ENCPWD_REJECT, "Auth failed", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - auth_encrypt_userpwd(r_passwd); - if (passwdok(UserNameRequested, UserPassword) == 0) { - /* - * illegal username and password - */ - Data(ap, KRB4_ENCPWD_REJECT, "Illegal password", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - memmove(session_key, adat.session, sizeof(des_cblock)); - Data(ap, KRB4_ENCPWD_ACCEPT, 0, 0); - auth_finished(ap, AUTH_USER); - break; - - case KRB4_ENCPWD_CHALLENGE: - /* - * Take the received random challenge text and save - * for future authentication. - */ - memmove(challenge, data, sizeof(des_cblock)); - break; - - - case KRB4_ENCPWD_ACK: - /* - * Receive ack, if mutual then send random challenge - */ - - /* - * If we are doing mutual authentication, get set up to send - * the challenge, and verify it when the response comes back. - */ - - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - int i; - - time(&now); - snprintf(challenge, sizeof(challenge), "%x", now); - Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge)); - } - break; - - default: - Data(ap, KRB4_ENCPWD_REJECT, 0, 0); - break; - } -} - - - void -krb4encpwd_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - KTEXT_ST krb_token; - des_cblock enckey; - CREDENTIALS cred; - int r; - char randchal[REALM_SZ], instance[ANAME_SZ], *cp; - char hostname[80], *realm; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB4_ENCPWD_REJECT: - if (cnt > 0) { - printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ KRB4_ENCPWD refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB4_ENCPWD_ACCEPT: - printf("[ KRB4_ENCPWD accepts you ]\r\n"); - auth_finished(ap, AUTH_USER); - return; - case KRB4_ENCPWD_CHALLENGE: - /* - * Verify that the response to the challenge is correct. - */ - - gethostname(hostname, sizeof(hostname)); - realm = krb_realmofhost(hostname); - memmove(challenge, data, cnt); - memset(user_passwd, 0, sizeof(user_passwd)); - des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); - UserPassword = user_passwd; - Challenge = challenge; - strlcpy(instance, RemoteHostName, sizeof(instance)); - if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; - - if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { - krb_token.length = 0; - } - - if (!Data(ap, KRB4_ENCPWD_AUTH, krb_token.dat, krb_token.length)) { - return; - } - - break; - - default: - return; - } -} - - int -krb4encpwd_status(ap, name, name_sz, level) - Authenticator *ap; - char *name; - size_t name_sz; - int level; -{ - - if (level < AUTH_USER) - return(level); - - if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) { - strlcpy(name, UserNameRequested, name_sz); - return(AUTH_VALID); - } else { - return(AUTH_USER); - } -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - - void -krb4encpwd_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - int i; - - buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */ - strlcpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */ - strlcpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - case KRB4_ENCPWD_AUTH: /* Authentication data follows */ - strlcpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB4_ENCPWD_CHALLENGE: - strlcpy((char *)buf, " CHALLENGE", buflen); - goto common2; - - case KRB4_ENCPWD_ACK: - strlcpy((char *)buf, " ACK", buflen); - goto common2; - - default: - snprintf(buf, buflen, " %d (unknown)", data[3]); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - snprintf(buf, buflen, " %d", data[i]); - BUMP(buf, buflen); - } - break; - } -} - -int passwdok(name, passwd) -char *name, *passwd; -{ - char *crypt(); - char *salt, *p; - struct passwd *pwd; - int passwdok_status = 0; - - if (pwd = k_getpwnam(name)) - salt = pwd->pw_passwd; - else salt = "xx"; - - p = crypt(passwd, salt); - - if (pwd && !strcmp(p, pwd->pw_passwd)) { - passwdok_status = 1; - } else passwdok_status = 0; - return(passwdok_status); -} - -#endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h b/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h index 07a250948f6..1f496a8f791 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h +++ b/crypto/heimdal/appl/telnet/libtelnet/misc-proto.h @@ -53,7 +53,7 @@ * or implied warranty. */ -/* $Id: misc-proto.h 9187 2000-11-15 23:00:21Z assar $ */ +/* $Id$ */ #ifndef __MISC_PROTO__ #define __MISC_PROTO__ @@ -75,5 +75,5 @@ void net_encrypt (void); int telnet_spin (void); char *telnet_getenv (const char *); char *telnet_gets (char *, char *, int, int); -void printsub(int direction, unsigned char *pointer, int length); +void printsub(int direction, unsigned char *pointer, size_t); #endif diff --git a/crypto/heimdal/appl/telnet/libtelnet/misc.c b/crypto/heimdal/appl/telnet/libtelnet/misc.c index f74e30482db..a5a14e00016 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/misc.c +++ b/crypto/heimdal/appl/telnet/libtelnet/misc.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: misc.c 7822 2000-01-25 23:24:58Z assar $"); +RCSID("$Id$"); #include #include diff --git a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c b/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c index cff096c0229..b30e6ea7dbe 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c +++ b/crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: rsaencpwd.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); #ifdef RSA_ENCPWD /* @@ -403,11 +403,10 @@ rsaencpwd_status(ap, name, name_sz, level) #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void -rsaencpwd_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +rsaencpwd_printsub(unsigned char *data, size_t cnt, + unsigned char * buf, size_t buflen) { - int i; + size_t i; buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; diff --git a/crypto/heimdal/appl/telnet/libtelnet/spx.c b/crypto/heimdal/appl/telnet/libtelnet/spx.c index 82fafdb0b7d..8672c5b4c7a 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/spx.c +++ b/crypto/heimdal/appl/telnet/libtelnet/spx.c @@ -33,7 +33,7 @@ #include -RCSID("$Id: spx.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); #ifdef SPX /* @@ -237,7 +237,9 @@ spx_send(ap) &output_name_buffer, &output_name_type); - printf("target is '%s'\n", output_name_buffer.value); fflush(stdout); + printf("target is '%.*s'\n", (int)output_name_buffer.length, + (char*)output_name_buffer.value); + fflush(stdout); major_status = gss_release_buffer(&status, &output_name_buffer); @@ -290,7 +292,8 @@ spx_send(ap) GSS_C_NULL_OID, &msg_ctx, &status_string); - printf("%s\n", status_string.value); + printf("%.*s\n", (int)status_string.length, + (char*)status_string.value); return(0); } @@ -457,8 +460,9 @@ spx_reply(ap, data, cnt) GSS_C_NULL_OID, &msg_ctx, &status_string); - printf("[ SPX mutual response fails ... '%s' ]\r\n", - status_string.value); + printf("[ SPX mutual response fails ... '%.*s' ]\r\n", + (int)status_string.length, + (char*)status_string.value); auth_send_retry(); return; } @@ -526,11 +530,10 @@ spx_status(ap, name, name_sz, level) #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} void -spx_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +spx_printsub(unsigned char *data, size_t cnt, + unsigned char *buf, size_t buflen) { - int i; + size_t i; buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ buflen -= 1; diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.am b/crypto/heimdal/appl/telnet/telnet/Makefile.am index a472ba919dd..34e0fe6410a 100644 --- a/crypto/heimdal/appl/telnet/telnet/Makefile.am +++ b/crypto/heimdal/appl/telnet/telnet/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto) +AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_hcrypto) bin_PROGRAMS = telnet @@ -16,10 +16,9 @@ man_MANS = telnet.1 LDADD = ../libtelnet/libtelnet.a \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_tgetent) \ $(LIB_kdfs) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in index df9afb1f52d..12c3eed5e4a 100644 --- a/crypto/heimdal/appl/telnet/telnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/telnet/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ bin_PROGRAMS = telnet$(EXEEXT) subdir = appl/telnet/telnet ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,14 +89,14 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am_telnet_OBJECTS = authenc.$(OBJEXT) commands.$(OBJEXT) \ main.$(OBJEXT) network.$(OBJEXT) ring.$(OBJEXT) \ @@ -101,11 +106,11 @@ telnet_OBJECTS = $(am_telnet_OBJECTS) telnet_LDADD = $(LDADD) am__DEPENDENCIES_1 = telnet_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(LIB_kdfs) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(LIB_kdfs) \ + $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -117,6 +122,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(telnet_SOURCES) DIST_SOURCES = $(telnet_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 MANS = $(man_MANS) ETAGS = etags @@ -126,49 +152,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -192,10 +227,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -212,6 +248,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -227,31 +265,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -266,10 +318,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -310,30 +364,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \ @@ -343,29 +401,28 @@ telnet_SOURCES = authenc.c commands.c main.c network.c ring.c \ man_MANS = telnet.1 LDADD = ../libtelnet/libtelnet.a \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_tgetent) \ $(LIB_kdfs) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnet/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnet/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/telnet/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/telnet/telnet/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -383,34 +440,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list telnet$(EXEEXT): $(telnet_OBJECTS) $(telnet_DEPENDENCIES) @rm -f telnet$(EXEEXT) $(LINK) $(telnet_OBJECTS) $(telnet_LDADD) $(LIBS) @@ -421,115 +494,147 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/network.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ring.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_bsd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/telnet.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/terminal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utilities.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -545,13 +650,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -586,6 +695,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -595,6 +705,7 @@ clean: clean-am clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -605,6 +716,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -612,26 +725,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -651,11 +773,10 @@ ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libtool ctags \ @@ -742,6 +863,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -827,7 +951,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -840,6 +964,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/telnet/telnet/authenc.c b/crypto/heimdal/appl/telnet/telnet/authenc.c index 35a3bf74abc..4c0f6fd122c 100644 --- a/crypto/heimdal/appl/telnet/telnet/authenc.c +++ b/crypto/heimdal/appl/telnet/telnet/authenc.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: authenc.c 12921 2003-09-25 15:45:51Z lha $"); +RCSID("$Id$"); #if defined(AUTHENTICATION) || defined(ENCRYPTION) int @@ -68,7 +68,7 @@ telnet_spin(void) if (Scheduler(0) == -1) ret = 1; scheduler_lockout_tty = 0; - + return ret; } diff --git a/crypto/heimdal/appl/telnet/telnet/commands.c b/crypto/heimdal/appl/telnet/telnet/commands.c index 98031e87abf..4bf814c3b7a 100644 --- a/crypto/heimdal/appl/telnet/telnet/commands.c +++ b/crypto/heimdal/appl/telnet/telnet/commands.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: commands.c 16224 2005-10-22 17:17:44Z lha $"); +RCSID("$Id$"); #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -453,20 +453,6 @@ togdebug() return 1; } -#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG) -#include - -static int -togkrbdebug(void) -{ - if(krb_debug) - krb_enable_debug(); - else - krb_disable_debug(); - return 1; -} -#endif - static int togcrlf() { @@ -688,13 +674,6 @@ static struct togglelist Togglelist[] = { togdebug, &debug, "turn on socket level debugging" }, -#if defined(KRB4) && defined(HAVE_KRB_DISABLE_DEBUG) - { "krb_debug", - "kerberos 4 debugging", - togkrbdebug, - &krb_debug, - "turn on kerberos 4 debugging" }, -#endif { "netdata", "printing of hexadecimal network data (debugging)", 0, @@ -1351,7 +1330,7 @@ bye(int argc, char **argv) /* reset options */ tninit(); } - if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) + if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) longjmp(toplevel, 1); return 0; /* NOTREACHED */ } @@ -1553,8 +1532,8 @@ env_find(unsigned char *var) return(NULL); } -#ifdef IRIX4 -#define environ _environ +#if !HAVE_DECL_ENVIRON +extern char **environ; #endif void @@ -1619,7 +1598,7 @@ env_init(void) * USER with the value from LOGNAME. By default, we * don't export the USER variable. */ - if ((env_find((unsigned char*)"USER") == NULL) && + if ((env_find((unsigned char*)"USER") == NULL) && (ep = env_find((unsigned char*)"LOGNAME"))) { env_define((unsigned char *)"USER", ep->value); env_unexport((unsigned char *)"USER"); @@ -2202,7 +2181,7 @@ tn(int argc, char **argv) addrstr, sizeof(addrstr), NULL, 0, NI_NUMERICHOST) != 0) strlcpy (addrstr, "unknown address", sizeof(addrstr)); - + printf("Trying %s...\r\n", addrstr); net = socket (a->ai_family, a->ai_socktype, a->ai_protocol); diff --git a/crypto/heimdal/appl/telnet/telnet/externs.h b/crypto/heimdal/appl/telnet/telnet/externs.h index badfca5775a..ba55a7bfee3 100644 --- a/crypto/heimdal/appl/telnet/telnet/externs.h +++ b/crypto/heimdal/appl/telnet/telnet/externs.h @@ -33,7 +33,7 @@ * @(#)externs.h 8.3 (Berkeley) 5/30/95 */ -/* $Id: externs.h 21734 2007-07-31 01:55:45Z lha $ */ +/* $Id$ */ #ifndef BSD # define BSD 43 @@ -291,7 +291,6 @@ void xmitEC(void); void Dump (char, unsigned char *, int); void printoption (char *, int, int); -void printsub (int, unsigned char *, int); void sendnaws (void); void setconnmode (int); void setcommandmode (void); @@ -360,7 +359,7 @@ void SetNetTrace(char *file); void Dump(char direction, unsigned char *buffer, int length); void printoption(char *direction, int cmd, int option); void optionstatus(void); -void printsub(int direction, unsigned char *pointer, int length); +void printsub(int direction, unsigned char *pointer, size_t length); void EmptyTerminal(void); void SetForExit(void); void Exit(int returnCode); diff --git a/crypto/heimdal/appl/telnet/telnet/main.c b/crypto/heimdal/appl/telnet/telnet/main.c index bb358a8d882..c527608faf1 100644 --- a/crypto/heimdal/appl/telnet/telnet/main.c +++ b/crypto/heimdal/appl/telnet/telnet/main.c @@ -38,7 +38,7 @@ static char *copyright[] = { }; #include "telnet_locl.h" -RCSID("$Id: main.c 21731 2007-07-30 20:01:26Z lha $"); +RCSID("$Id$"); #if KRB5 #define FORWARD @@ -138,12 +138,12 @@ krb5_init(void) kerberos5_set_forwardable(1); #endif #ifdef ENCRYPTION - krb5_appdefault_boolean(context, NULL, + krb5_appdefault_boolean(context, NULL, NULL, "encrypt", 0, &ret_val); if (ret_val) { encrypt_auto(1); - decrypt_auto(1); + decrypt_auto(1); wantencryption = 1; EncryptVerbose(1); } @@ -153,11 +153,6 @@ krb5_init(void) } #endif -#if defined(AUTHENTICATION) && defined(KRB4) -extern char *dest_realm, dst_realm_buf[]; -extern int dst_realm_sz; -#endif - int main(int argc, char **argv) { @@ -169,7 +164,7 @@ main(int argc, char **argv) #ifdef KRB5 krb5_init(); #endif - + tninit(); /* Clear out things */ TerminalSaveState(); @@ -183,10 +178,10 @@ main(int argc, char **argv) rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE; - /* + /* * if AUTHENTICATION and ENCRYPTION is set autologin will be * se to true after the getopt switch; unless the -K option is - * passed + * passed */ autologin = -1; @@ -280,17 +275,10 @@ main(int argc, char **argv) #endif break; case 'k': -#if defined(AUTHENTICATION) && defined(KRB4) - { - dest_realm = dst_realm_buf; - strlcpy(dest_realm, optarg, dst_realm_sz); - } -#else - fprintf(stderr, - "%s: Warning: -k ignored, no Kerberos V4 support.\n", - prompt); -#endif - break; + fprintf(stderr, + "%s: Warning: -k ignored, no Kerberos V4 support.\n", + prompt); + break; case 'l': if(autologin == 0){ fprintf(stderr, "%s: Warning: -K ignored\n", prompt); diff --git a/crypto/heimdal/appl/telnet/telnet/network.c b/crypto/heimdal/appl/telnet/telnet/network.c index 4a565880d2a..a22ff9b489d 100644 --- a/crypto/heimdal/appl/telnet/telnet/network.c +++ b/crypto/heimdal/appl/telnet/telnet/network.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: network.c 13941 2004-06-20 17:01:28Z lha $"); +RCSID("$Id$"); Ring netoring, netiring; size_t netobufsize = 64*1024; @@ -47,7 +47,7 @@ void init_network(void) { void *obuf, *ibuf; - + if ((obuf = malloc(netobufsize)) == NULL) exit(1); if ((ibuf = malloc(netibufsize)) == NULL) diff --git a/crypto/heimdal/appl/telnet/telnet/ring.c b/crypto/heimdal/appl/telnet/telnet/ring.c index fd93e949482..f4aee9ed700 100644 --- a/crypto/heimdal/appl/telnet/telnet/ring.c +++ b/crypto/heimdal/appl/telnet/telnet/ring.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: ring.c 7853 2000-02-06 05:15:47Z assar $"); +RCSID("$Id$"); /* * This defines a structure for a ring buffer. diff --git a/crypto/heimdal/appl/telnet/telnet/ring.h b/crypto/heimdal/appl/telnet/telnet/ring.h index d0c2ad75b66..04e3eaebdf6 100644 --- a/crypto/heimdal/appl/telnet/telnet/ring.h +++ b/crypto/heimdal/appl/telnet/telnet/ring.h @@ -33,7 +33,7 @@ * @(#)ring.h 8.1 (Berkeley) 6/6/93 */ -/* $Id: ring.h 7853 2000-02-06 05:15:47Z assar $ */ +/* $Id$ */ /* * This defines a structure for a ring buffer. diff --git a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c index 5bc2d1298cb..657b85ecaf8 100644 --- a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c +++ b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: sys_bsd.c 10941 2002-04-18 16:18:43Z joda $"); +RCSID("$Id$"); /* * The following routines try to encapsulate what is system dependent @@ -608,11 +608,11 @@ TerminalSpeeds(long *input_speed, long *output_speed) int TerminalWindowSize(long *rows, long *cols) { - struct winsize ws; + int irows, icols; - if (get_window_size (STDIN_FILENO, &ws) == 0) { - *rows = ws.ws_row; - *cols = ws.ws_col; + if (get_window_size(STDIN_FILENO, &irows, &icols) == 0) { + *rows = irows; + *cols = icols; return 1; } else return 0; @@ -641,7 +641,7 @@ static RETSIGTYPE deadpeer(int), #ifdef SIGINFO static RETSIGTYPE ayt(int); #endif - + /* ARGSUSED */ static RETSIGTYPE diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.c b/crypto/heimdal/appl/telnet/telnet/telnet.c index a90f2124dc7..50b436de34c 100644 --- a/crypto/heimdal/appl/telnet/telnet/telnet.c +++ b/crypto/heimdal/appl/telnet/telnet/telnet.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: telnet.c 16285 2005-11-03 18:38:57Z lha $"); +RCSID("$Id$"); #define strip(x) (eight ? (x) : ((x) & 0x7f)) @@ -1631,7 +1631,7 @@ telrcv(void) telrcv_state = TS_IAC; break; } - /* + /* * The 'crmod' hack (see following) is needed * since we can't set CRMOD on output only. * Machines like MULTICS like to send \r without @@ -2036,7 +2036,7 @@ void my_telnet(char *user) { int printed_encrypt = 0; - + sys_telnet_init(); #if defined(AUTHENTICATION) || defined(ENCRYPTION) @@ -2079,7 +2079,7 @@ my_telnet(char *user) /* * Note: we assume a tie to the authentication option here. This * is necessary so that authentication fails, we don't spin - * forever. + * forever. */ if (telnetport && wantencryption) { time_t timeout = time(0) + 60; @@ -2116,7 +2116,7 @@ my_telnet(char *user) printed_encrypt = 1; printf("Waiting for encryption to be negotiated...\n"); /* - * Turn on MODE_TRAPSIG and then turn off localchars + * Turn on MODE_TRAPSIG and then turn off localchars * so that ^C will cause telnet to exit. */ TerminalNewMode(getconnmode()|MODE_TRAPSIG); @@ -2130,7 +2130,7 @@ my_telnet(char *user) printf("\nServer disconnected.\n"); Exit(1); } - + } if (printed_encrypt) { printf("Encryption negotiated.\n"); diff --git a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h b/crypto/heimdal/appl/telnet/telnet/telnet_locl.h index 503191db1f3..1d387e7d790 100644 --- a/crypto/heimdal/appl/telnet/telnet/telnet_locl.h +++ b/crypto/heimdal/appl/telnet/telnet/telnet_locl.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: telnet_locl.h 18776 2006-10-21 19:14:13Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/crypto/heimdal/appl/telnet/telnet/terminal.c b/crypto/heimdal/appl/telnet/telnet/terminal.c index 2fbd3dc9ab9..f9f001711e3 100644 --- a/crypto/heimdal/appl/telnet/telnet/terminal.c +++ b/crypto/heimdal/appl/telnet/telnet/terminal.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: terminal.c 9733 2001-03-06 20:10:14Z assar $"); +RCSID("$Id$"); Ring ttyoring, ttyiring; unsigned char ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ]; @@ -195,7 +195,7 @@ setconnmode(force) newmode = getconnmode()|(force?MODE_FORCE:0); TerminalNewMode(newmode); - + #ifdef ENCRYPTION if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) { if (my_want_state_is_will(TELOPT_ENCRYPT) diff --git a/crypto/heimdal/appl/telnet/telnet/utilities.c b/crypto/heimdal/appl/telnet/telnet/utilities.c index d62d572a5fe..0ac31c9ebd9 100644 --- a/crypto/heimdal/appl/telnet/telnet/utilities.c +++ b/crypto/heimdal/appl/telnet/telnet/utilities.c @@ -37,7 +37,7 @@ #include "telnet_locl.h" -RCSID("$Id: utilities.c 10587 2001-08-29 00:45:23Z assar $"); +RCSID("$Id$"); FILE *NetTrace = 0; /* Not in bss, since needs to stay */ int prettydump; @@ -248,8 +248,20 @@ optionstatus(void) } +static void __attribute__((format (printf, 3, 4))) +qprintf(int quote, FILE *f, const char *fmt, ...) + +{ + va_list va; + if (quote) + fprintf(f, "\" "); + va_start(va, fmt); + vfprintf(f, fmt, va); + va_end(va); +} + void -printsub(int direction, unsigned char *pointer, int length) +printsub(int direction, unsigned char *pointer, size_t length) { int i; unsigned char buf[512]; @@ -295,7 +307,9 @@ printsub(int direction, unsigned char *pointer, int length) fprintf(NetTrace, "TERMINAL-TYPE "); switch (pointer[1]) { case TELQUAL_IS: - fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2); + fprintf(NetTrace, "IS \"%.*s\"", + (int)(length-2), + (char *)pointer+2); break; case TELQUAL_SEND: fprintf(NetTrace, "SEND"); @@ -315,7 +329,7 @@ printsub(int direction, unsigned char *pointer, int length) switch (pointer[1]) { case TELQUAL_IS: fprintf(NetTrace, " IS "); - fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2); + fprintf(NetTrace, "%.*s", (int)(length-2), (char *)pointer+2); break; default: if (pointer[1] == 1) @@ -696,7 +710,7 @@ printsub(int direction, unsigned char *pointer, int length) fprintf(NetTrace, "X-DISPLAY-LOCATION "); switch (pointer[1]) { case TELQUAL_IS: - fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2); + fprintf(NetTrace, "IS \"%.*s\"", (int)(length-2), (char *)pointer+2); break; case TELQUAL_SEND: fprintf(NetTrace, "SEND"); @@ -726,57 +740,44 @@ printsub(int direction, unsigned char *pointer, int length) fprintf(NetTrace, "INFO "); env_common: { - int noquote = 2; + int quote = 0; for (i = 2; i < length; i++ ) { switch (pointer[i]) { - case NEW_ENV_VALUE: -#ifdef OLD_ENVIRON - /* case NEW_ENV_OVAR: */ - if (pointer[0] == TELOPT_OLD_ENVIRON) { - fprintf(NetTrace, "\" VAR " + noquote); - } else -#endif /* OLD_ENVIRON */ - fprintf(NetTrace, "\" VALUE " + noquote); - noquote = 2; + case NEW_ENV_VAR: + qprintf(quote, NetTrace, "VAR "); + quote = 0; break; - case NEW_ENV_VAR: -#ifdef OLD_ENVIRON - /* case OLD_ENV_VALUE: */ - if (pointer[0] == TELOPT_OLD_ENVIRON) { - fprintf(NetTrace, "\" VALUE " + noquote); - } else -#endif /* OLD_ENVIRON */ - fprintf(NetTrace, "\" VAR " + noquote); - noquote = 2; + case NEW_ENV_VALUE: + qprintf(quote, NetTrace, "VALUE"); + quote = 0; break; case ENV_ESC: - fprintf(NetTrace, "\" ESC " + noquote); - noquote = 2; + qprintf(quote, NetTrace, "ESC "); + quote = 0; break; case ENV_USERVAR: - fprintf(NetTrace, "\" USERVAR " + noquote); - noquote = 2; + qprintf(quote, NetTrace, "USERVAR "); + quote = 0; break; default: if (isprint(pointer[i]) && pointer[i] != '"') { - if (noquote) { + if (!quote) { putc('"', NetTrace); - noquote = 0; + quote = 1; } putc(pointer[i], NetTrace); } else { - fprintf(NetTrace, "\" %03o " + noquote, - pointer[i]); - noquote = 2; + qprintf(quote, NetTrace, "%03o ", pointer[i]); + quote = 0; } break; } } - if (!noquote) + if (quote) putc('"', NetTrace); break; } diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.am b/crypto/heimdal/appl/telnet/telnetd/Makefile.am index df2b864dc17..d8f5b19f3f5 100644 --- a/crypto/heimdal/appl/telnet/telnetd/Makefile.am +++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto) +AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_hcrypto) libexec_PROGRAMS = telnetd @@ -16,7 +16,6 @@ man_MANS = telnetd.8 LDADD = \ ../libtelnet/libtelnet.a \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_tgetent) \ $(LIB_logwtmp) \ @@ -25,4 +24,4 @@ LDADD = \ $(LIB_kdfs) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in index ba4cd3594b4..fbfb4550222 100644 --- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in +++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ libexec_PROGRAMS = telnetd$(EXEEXT) subdir = appl/telnet/telnetd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,14 +89,14 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)" -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) am_telnetd_OBJECTS = telnetd.$(OBJEXT) state.$(OBJEXT) \ termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) \ @@ -102,11 +107,10 @@ am__DEPENDENCIES_1 = telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a $(LIB_krb5) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(LIB_kdfs) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) $(LIB_kdfs) $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -118,6 +122,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(telnetd_SOURCES) DIST_SOURCES = $(telnetd_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 MANS = $(man_MANS) ETAGS = etags @@ -127,49 +152,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -193,10 +227,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -213,6 +248,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -228,31 +265,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -267,10 +318,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -311,30 +364,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/.. $(INCLUDE_krb4) $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/.. $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = telnetd_SOURCES = telnetd.c state.c termstat.c slc.c sys_term.c \ @@ -344,7 +401,6 @@ man_MANS = telnetd.8 LDADD = \ ../libtelnet/libtelnet.a \ $(LIB_krb5) \ - $(LIB_krb4) \ $(LIB_hcrypto) \ $(LIB_tgetent) \ $(LIB_logwtmp) \ @@ -353,23 +409,23 @@ LDADD = \ $(LIB_kdfs) \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnetd/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/telnet/telnetd/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/telnetd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/telnet/telnetd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -387,34 +443,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list telnetd$(EXEEXT): $(telnetd_OBJECTS) $(telnetd_DEPENDENCIES) @rm -f telnetd$(EXEEXT) $(LINK) $(telnetd_OBJECTS) $(telnetd_LDADD) $(LIBS) @@ -425,115 +497,146 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/global.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/slc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/state.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_term.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/telnetd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/termstat.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utility.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -549,13 +652,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -590,6 +697,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -600,6 +708,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -610,6 +719,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -617,26 +728,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -656,11 +776,10 @@ ps-am: uninstall-am: uninstall-libexecPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \ @@ -747,6 +866,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -832,7 +954,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -845,6 +967,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/telnet/telnetd/authenc.c b/crypto/heimdal/appl/telnet/telnetd/authenc.c index 1fac6c0917a..f077a468f0c 100644 --- a/crypto/heimdal/appl/telnet/telnetd/authenc.c +++ b/crypto/heimdal/appl/telnet/telnetd/authenc.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: authenc.c 9200 2000-11-15 23:20:43Z assar $"); +RCSID("$Id$"); #ifdef AUTHENTICATION diff --git a/crypto/heimdal/appl/telnet/telnetd/defs.h b/crypto/heimdal/appl/telnet/telnetd/defs.h index add8fd21518..dde22cbe35e 100644 --- a/crypto/heimdal/appl/telnet/telnetd/defs.h +++ b/crypto/heimdal/appl/telnet/telnetd/defs.h @@ -57,11 +57,11 @@ #ifndef TIOCPKT_FLUSHWRITE #define TIOCPKT_FLUSHWRITE 0x02 #endif - + #ifndef TIOCPKT_NOSTOP #define TIOCPKT_NOSTOP 0x10 #endif - + #ifndef TIOCPKT_DOSTOP #define TIOCPKT_DOSTOP 0x20 #endif diff --git a/crypto/heimdal/appl/telnet/telnetd/ext.h b/crypto/heimdal/appl/telnet/telnetd/ext.h index 68b97bfea3e..ef54ba7a3d5 100644 --- a/crypto/heimdal/appl/telnet/telnetd/ext.h +++ b/crypto/heimdal/appl/telnet/telnetd/ext.h @@ -33,7 +33,7 @@ * @(#)ext.h 8.2 (Berkeley) 12/15/93 */ -/* $Id: ext.h 15841 2005-08-08 13:34:26Z lha $ */ +/* $Id$ */ #ifndef __EXT_H__ #define __EXT_H__ @@ -147,8 +147,8 @@ void putstr (char *s); void putchr (int cc); void putf (char *cp, char *where); void printoption (char *fmt, int option); -void printsub (int direction, unsigned char *pointer, int length); -void printdata (char *tag, char *ptr, int cnt); +void printsub (int direction, unsigned char *pointer, size_t length); +void printdata (char *tag, char *ptr, size_t cnt); int login_tty(int t); #ifdef ENCRYPTION diff --git a/crypto/heimdal/appl/telnet/telnetd/global.c b/crypto/heimdal/appl/telnet/telnetd/global.c index 8b3c40580e3..e9ad94fcb9e 100644 --- a/crypto/heimdal/appl/telnet/telnetd/global.c +++ b/crypto/heimdal/appl/telnet/telnetd/global.c @@ -36,7 +36,7 @@ #include "telnetd.h" -RCSID("$Id: global.c 14939 2005-04-24 20:59:35Z lha $"); +RCSID("$Id$"); /* * Telnet server variable declarations diff --git a/crypto/heimdal/appl/telnet/telnetd/slc.c b/crypto/heimdal/appl/telnet/telnetd/slc.c index b9ab1212c07..2fd6528779a 100644 --- a/crypto/heimdal/appl/telnet/telnetd/slc.c +++ b/crypto/heimdal/appl/telnet/telnetd/slc.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: slc.c 1695 1997-05-11 06:30:05Z assar $"); +RCSID("$Id$"); /* * get_slc_defaults @@ -44,14 +44,14 @@ void get_slc_defaults(void) { int i; - + init_termbuf(); - + for (i = 1; i <= NSLC; i++) { slctab[i].defset.flag = spcset(i, &slctab[i].defset.val, &slctab[i].sptr); slctab[i].current.flag = SLC_NOSUPPORT; slctab[i].current.val = 0; } - + } diff --git a/crypto/heimdal/appl/telnet/telnetd/state.c b/crypto/heimdal/appl/telnet/telnetd/state.c index 32c3d0e02c3..69cc236a290 100644 --- a/crypto/heimdal/appl/telnet/telnetd/state.c +++ b/crypto/heimdal/appl/telnet/telnetd/state.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: state.c 18110 2006-09-19 08:25:20Z lha $"); +RCSID("$Id$"); unsigned char doopt[] = { IAC, DO, '%', 'c', 0 }; unsigned char dont[] = { IAC, DONT, '%', 'c', 0 }; @@ -506,7 +506,7 @@ willoption(int option) changeok++; break; #endif - + default: break; } diff --git a/crypto/heimdal/appl/telnet/telnetd/sys_term.c b/crypto/heimdal/appl/telnet/telnetd/sys_term.c index 852611f8eef..d8af14ea733 100644 --- a/crypto/heimdal/appl/telnet/telnetd/sys_term.c +++ b/crypto/heimdal/appl/telnet/telnetd/sys_term.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: sys_term.c 22390 2007-12-31 10:12:48Z lha $"); +RCSID("$Id$"); #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) # define PARENT_DOES_UTMP @@ -67,6 +67,11 @@ int utmp_len = MaxHostNameLen; #endif #endif +/* really, mac os uses wtmpx (or asl) */ +#ifdef __APPLE__ +#undef _PATH_WTMP +#endif + #if !defined(WTMP_FILE) && defined(_PATH_WTMP) #define WTMP_FILE _PATH_WTMP #endif @@ -159,6 +164,8 @@ char wtmpf[] = "/etc/wtmp"; # ifdef STREAMSPTY static int ttyfd = -1; int really_stream = 0; +# else +#define really_stream 0 # endif const char *new_login = _PATH_LOGIN; @@ -379,12 +386,12 @@ int getpty(int *ptynum) return master; } #endif - + #ifdef STREAMSPTY { - char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", + char *clone[] = { "/dev/ptc", "/dev/ptmx", "/dev/ptm", "/dev/ptym/clone", 0 }; - + char **q; int p; for(q=clone; *q; q++){ @@ -408,7 +415,7 @@ int getpty(int *ptynum) int p; char *cp, *p1, *p2; int i; - + #ifndef __hpux snprintf(line, sizeof(Xline), "/dev/ptyXX"); p1 = &line[8]; @@ -418,11 +425,11 @@ int getpty(int *ptynum) p1 = &line[13]; p2 = &line[14]; #endif - - + + for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) { struct stat stb; - + *p1 = *cp; *p2 = '0'; /* @@ -439,7 +446,7 @@ int getpty(int *ptynum) #if SunOS == 40 int dummy; #endif - + #ifndef __hpux line[5] = 't'; #else @@ -467,7 +474,7 @@ int getpty(int *ptynum) extern lowpty, highpty; struct stat sb; int p; - + for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) { snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum); p = open(myline, 2); @@ -748,7 +755,7 @@ static int my_find(int fd, char *module) static struct str_list sl; int n; int i; - + if(!flag){ n = ioctl(fd, I_LIST, 0); if(n < 0){ @@ -764,7 +771,7 @@ static int my_find(int fd, char *module) } flag = 1; } - + for(i=0; i= modules; p--){ err = ioctl(fd, I_PUSH, *p); if(err < 0 && errno != EINVAL) @@ -849,7 +856,7 @@ void getptyslave(void) #ifdef STREAMSPTY ttyfd = t; - + /* * Not all systems have (or need) modules ttcompat and pckt so @@ -869,7 +876,7 @@ void getptyslave(void) pushed (via autopush, for instance). */ - + char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL }; char *ptymodules[] = { "pckt", NULL }; @@ -1008,8 +1015,10 @@ int cleanopen(char *line) int login_tty(int t) { + /* Dont need to set this as the controlling PTY on steams sockets, + * don't abort on failure. */ # if defined(TIOCSCTTY) && !defined(__hpux) - if (ioctl(t, TIOCSCTTY, (char *)0) < 0) + if (ioctl(t, TIOCSCTTY, (char *)0) < 0 && !really_stream) fatalperror(net, "ioctl(sctty)"); # ifdef _CRAY /* @@ -1081,7 +1090,7 @@ static char * make_id (char *tty) { char *res = tty; - + if (strncmp (res, "pts/", 4) == 0) res += 4; if (strncmp (res, "tty", 3) == 0) @@ -1177,7 +1186,9 @@ startslave(const char *host, const char *utmp_host, } char *envinit[3]; +#if !HAVE_DECL_ENVIRON extern char **environ; +#endif void init_env(void) @@ -1223,7 +1234,7 @@ scrub_env(void) char **cpp, **cpp2; const char **p; - + for (cpp2 = cpp = environ; *cpp; cpp++) { int reject_it = 0; @@ -1271,18 +1282,18 @@ start_login(const char *host, int autologin, char *name) encrypt_output = NULL; decrypt_input = NULL; #endif - + #ifdef HAVE_UTMPX_H { int pid = getpid(); struct utmpx utmpx; struct timeval tv; char *clean_tty; - + /* * Create utmp entry for child */ - + clean_tty = clean_ttyname(line); memset(&utmpx, 0, sizeof(utmpx)); strncpy(utmpx.ut_user, ".telnet", sizeof(utmpx.ut_user)); @@ -1291,9 +1302,9 @@ start_login(const char *host, int autologin, char *name) strncpy(utmpx.ut_id, make_id(clean_tty), sizeof(utmpx.ut_id)); #endif utmpx.ut_pid = pid; - + utmpx.ut_type = LOGIN_PROCESS; - + gettimeofday (&tv, NULL); utmpx.ut_tv.tv_sec = tv.tv_sec; utmpx.ut_tv.tv_usec = tv.tv_usec; @@ -1304,7 +1315,7 @@ start_login(const char *host, int autologin, char *name) #endif scrub_env(); - + /* * -h : pass on name of host. * WARNING: -h is accepted by login if and only if @@ -1314,7 +1325,7 @@ start_login(const char *host, int autologin, char *name) * -f : force this login, he has already been authenticated */ - /* init argv structure */ + /* init argv structure */ argv.size=0; argv.argc=0; argv.argv=malloc(0); /*so we can call realloc later */ @@ -1322,7 +1333,7 @@ start_login(const char *host, int autologin, char *name) addarg(&argv, "-h"); addarg(&argv, host); addarg(&argv, "-p"); - if(name[0]) + if(name && name[0]) user = name; else user = getenv("USER"); @@ -1339,8 +1350,8 @@ start_login(const char *host, int autologin, char *name) addarg(&argv, "-a"); addarg(&argv, "otp"); } - if(log_unauth) - syslog(LOG_INFO, "unauthenticated access from %s (%s)", + if(log_unauth) + syslog(LOG_INFO, "unauthenticated access from %s (%s)", host, user ? user : "unknown user"); } if (auth_level >= 0 && autologin == AUTH_VALID) @@ -1433,7 +1444,7 @@ rmut(void) #elif defined(__osf__) /* XXX */ utxp->ut_exit.ut_termination = 0; utxp->ut_exit.ut_exit = 0; -#else +#else utxp->ut_exit.e_termination = 0; utxp->ut_exit.e_exit = 0; #endif @@ -1585,7 +1596,7 @@ cleanup(int sig) int t; int child_status; /* status of child process as returned by waitpid */ int flags = WNOHANG|WUNTRACED; - + /* * 1: Pick up the zombie, if we are being called * as the signal handler. @@ -1613,7 +1624,7 @@ cleanup(int sig) } incleanup = 1; sigsetmask(t); - + t = cleantmp(&wtmp); setutent(); /* just to make sure */ #endif /* CRAY */ @@ -1641,7 +1652,7 @@ cleanup(int sig) #endif #else char *p; - + p = line + sizeof("/dev/") - 1; if (logout(p)) logwtmp(p, "", ""); diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.c b/crypto/heimdal/appl/telnet/telnetd/telnetd.c index 033a0bffc3e..626907e5e2d 100644 --- a/crypto/heimdal/appl/telnet/telnetd/telnetd.c +++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: telnetd.c 21748 2007-07-31 18:57:20Z lha $"); +RCSID("$Id$"); #ifdef _SC_CRAY_SECURE_SYS #include @@ -338,7 +338,7 @@ main(int argc, char **argv) case 'L': new_login = optarg; break; - + default: fprintf(stderr, "telnetd: %c: unknown option\n", ch); /* FALLTHROUGH */ @@ -370,7 +370,7 @@ main(int argc, char **argv) port = k_getportbyname("telnet", "tcp", htons(23)); #endif } - mini_inetd (port); + mini_inetd (port, NULL); } else if (argc > 0) { usage(1); /* NOT REACHED */ @@ -389,7 +389,7 @@ main(int argc, char **argv) memset(&dv, 0, sizeof(dv)); - if (getsysv(&sysv, sizeof(struct sysv)) != 0) + if (getsysv(&sysv, sizeof(struct sysv)) != 0) fatalperror(net, "getsysv"); /* @@ -400,7 +400,7 @@ main(int argc, char **argv) if ((getsockopt(0, SOL_SOCKET, SO_SECURITY, (void *)&ss, &szss) < 0) || (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI, - (void *)&sock_multi, &szi) < 0)) + (void *)&sock_multi, &szi) < 0)) fatalperror(net, "getsockopt"); else { dv.dv_actlvl = ss.ss_actlabel.lt_level; @@ -724,7 +724,7 @@ doit(struct sockaddr *who, int who_len) error = getnameinfo_verified (who, who_len, remote_host_name, sizeof(remote_host_name), - NULL, 0, + NULL, 0, registerd_host_only ? NI_NAMEREQD : 0); if (error) fatal(net, "Couldn't resolve your address into a host name.\r\n\ diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.h b/crypto/heimdal/appl/telnet/telnetd/telnetd.h index 51a5725bd9a..828bfb36011 100644 --- a/crypto/heimdal/appl/telnet/telnetd/telnetd.h +++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.h @@ -189,10 +189,6 @@ struct tm *localtime(const time_t *); struct hostent *gethostbyname(const char *); #endif -#ifdef KRB4 -#include -#endif - #ifdef AUTHENTICATION #include #include diff --git a/crypto/heimdal/appl/telnet/telnetd/termstat.c b/crypto/heimdal/appl/telnet/telnetd/termstat.c index 696a2343dff..77d113525c2 100644 --- a/crypto/heimdal/appl/telnet/telnetd/termstat.c +++ b/crypto/heimdal/appl/telnet/telnetd/termstat.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: termstat.c 10587 2001-08-29 00:45:23Z assar $"); +RCSID("$Id$"); /* * local variables diff --git a/crypto/heimdal/appl/telnet/telnetd/utility.c b/crypto/heimdal/appl/telnet/telnetd/utility.c index f55914f199b..48d2cf5e245 100644 --- a/crypto/heimdal/appl/telnet/telnetd/utility.c +++ b/crypto/heimdal/appl/telnet/telnetd/utility.c @@ -34,7 +34,7 @@ #define PRINTOPTIONS #include "telnetd.h" -RCSID("$Id: utility.c 15844 2005-08-08 13:36:16Z lha $"); +RCSID("$Id$"); /* * utility functions performing io related tasks @@ -116,7 +116,7 @@ ptyflush(void) int n; if ((n = pfrontp - pbackp) > 0) { - DIAG((TD_REPORT | TD_PTYDATA), { + DIAG((TD_REPORT | TD_PTYDATA), { output_data("td: ptyflush %d chars\r\n", n); }); DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); @@ -367,7 +367,7 @@ void fatalperror_errno(int f, const char *msg, int error) { char buf[BUFSIZ]; - + snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(error)); fatal(f, buf); } @@ -445,10 +445,10 @@ void putf(char *cp, char *where) char db[100]; /* if we don't have uname, set these to sensible values */ - char *sysname = "Unix", - *machine = "", + char *sysname = "Unix", + *machine = "", *release = "", - *version = ""; + *version = ""; #ifdef HAVE_UNAME uname(&name); @@ -532,7 +532,7 @@ printoption(char *fmt, int option) } void -printsub(int direction, unsigned char *pointer, int length) +printsub(int direction, unsigned char *pointer, size_t length) /* '<' or '>' */ /* where suboption data sits */ /* length of suboption data */ @@ -587,7 +587,7 @@ printsub(int direction, unsigned char *pointer, int length) switch (pointer[1]) { case TELQUAL_IS: output_data("IS \"%.*s\"", - length-2, + (int)(length-2), (char *)pointer+2); break; case TELQUAL_SEND: @@ -606,7 +606,7 @@ printsub(int direction, unsigned char *pointer, int length) } switch (pointer[1]) { case TELQUAL_IS: - output_data(" IS %.*s", length-2, (char *)pointer+2); + output_data(" IS %.*s", (int)(length-2), (char *)pointer+2); break; default: if (pointer[1] == 1) @@ -884,7 +884,7 @@ printsub(int direction, unsigned char *pointer, int length) switch (pointer[1]) { case TELQUAL_IS: output_data("IS \"%.*s\"", - length-2, + (int)(length-2), (char *)pointer+2); break; case TELQUAL_SEND: @@ -913,46 +913,53 @@ printsub(int direction, unsigned char *pointer, int length) output_data("INFO "); env_common: { - int noquote = 2; + int quote = 0; for (i = 2; i < length; i++ ) { switch (pointer[i]) { case NEW_ENV_VAR: - output_data("\" VAR " + noquote); - noquote = 2; + if (quote) + output_data("\" "); + output_data("VAR "); + quote = 0; break; case NEW_ENV_VALUE: - output_data("\" VALUE " + noquote); - noquote = 2; + if (quote) + output_data("\" "); + output_data("VALUE "); + quote = 0; break; case ENV_ESC: - output_data("\" ESC " + noquote); - noquote = 2; + if (quote) + output_data("\" "); + output_data("ESC "); + quote = 0; break; case ENV_USERVAR: - output_data("\" USERVAR " + noquote); - noquote = 2; + if (quote) + output_data("\" "); + output_data("USERVAR "); + quote = 0; break; default: if (isprint(pointer[i]) && pointer[i] != '"') { - if (noquote) { - output_data ("\""); - noquote = 0; + if (!quote) { + output_data("\""); + quote = 1; } - output_data ("%c", pointer[i]); + output_data("%c", pointer[i]); } else { - output_data("\" %03o " + noquote, - pointer[i]); - noquote = 2; + output_data("%03o ", pointer[i]); + quote = 0; } break; } } - if (!noquote) - output_data ("\""); + if (quote) + output_data("\""); break; } } @@ -1019,7 +1026,7 @@ printsub(int direction, unsigned char *pointer, int length) case TELQUAL_NAME: i = 2; output_data(" NAME \"%.*s\"", - length - 2, + (int)(length - 2), pointer); break; @@ -1130,9 +1137,9 @@ printsub(int direction, unsigned char *pointer, int length) * Dump a data buffer in hex and ascii to the output data stream. */ void -printdata(char *tag, char *ptr, int cnt) +printdata(char *tag, char *ptr, size_t cnt) { - int i; + size_t i; char xbuf[30]; while (cnt) { diff --git a/crypto/heimdal/appl/test/Makefile.am b/crypto/heimdal/appl/test/Makefile.am index 21f2013b71e..7cbaf07d416 100644 --- a/crypto/heimdal/appl/test/Makefile.am +++ b/crypto/heimdal/appl/test/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -40,3 +40,5 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) + +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in index fb9e36884f9..6c352ef3795 100644 --- a/crypto/heimdal/appl/test/Makefile.in +++ b/crypto/heimdal/appl/test/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -48,7 +50,7 @@ noinst_PROGRAMS = tcp_client$(EXEEXT) tcp_server$(EXEEXT) \ subdir = appl/test ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -63,7 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -77,9 +79,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -87,12 +92,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_gssapi_client_OBJECTS = gssapi_client.$(OBJEXT) \ gss_common.$(OBJEXT) common.$(OBJEXT) @@ -147,9 +153,9 @@ uu_server_LDADD = $(LDADD) uu_server_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -176,49 +182,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -242,10 +257,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -262,6 +278,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -277,31 +295,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -316,10 +348,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -360,29 +394,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la tcp_client_SOURCES = tcp_client.c common.c test_locl.h tcp_server_SOURCES = tcp_server.c common.c test_locl.h @@ -409,22 +448,23 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps appl/test/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps appl/test/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/test/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign appl/test/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -442,13 +482,16 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list gssapi_client$(EXEEXT): $(gssapi_client_OBJECTS) $(gssapi_client_DEPENDENCIES) @rm -f gssapi_client$(EXEEXT) $(LINK) $(gssapi_client_OBJECTS) $(gssapi_client_LDADD) $(LIBS) @@ -483,14 +526,39 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gss_common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi_client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi_server.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/http_client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nt_gss_client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nt_gss_common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nt_gss_server.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcp_client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcp_server.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uu_client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uu_server.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -503,45 +571,49 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -562,13 +634,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -600,6 +676,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -610,6 +687,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -620,6 +698,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -627,26 +707,35 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -666,9 +755,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libtool clean-noinstPROGRAMS ctags \ @@ -753,6 +841,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -838,7 +929,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -851,6 +942,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/test/common.c b/crypto/heimdal/appl/test/common.c index 595c8287e12..dcb785efdc8 100644 --- a/crypto/heimdal/appl/test/common.c +++ b/crypto/heimdal/appl/test/common.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -RCSID("$Id: common.c 12796 2003-09-09 03:38:04Z lha $"); +RCSID("$Id$"); static int help_flag; static int version_flag; @@ -43,12 +43,14 @@ krb5_keytab keytab; char *service = SERVICE; char *mech = "krb5"; int fork_flag; +char *password = NULL; static struct getargs args[] = { { "port", 'p', arg_string, &port_str, "port to listen to", "port" }, { "service", 's', arg_string, &service, "service to use", "service" }, { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" }, { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" }, + { "password", 'P', arg_string, &password, "password to use", "password" }, { "fork", 'f', arg_flag, &fork_flag, "do fork" }, { "help", 'h', arg_flag, &help_flag }, { "version", 0, arg_flag, &version_flag } @@ -72,7 +74,7 @@ client_usage(int code, struct getargs *args, int num_args) static int -common_setup(krb5_context *context, int *argc, char **argv, +common_setup(krb5_context *context, int *argc, char **argv, void (*usage)(int, struct getargs*, int)) { int port = 0; @@ -84,7 +86,7 @@ common_setup(krb5_context *context, int *argc, char **argv, print_version(NULL); exit(0); } - + if(port_str){ struct servent *s = roken_getservbyname(port_str, "tcp"); if(s) @@ -101,7 +103,7 @@ common_setup(krb5_context *context, int *argc, char **argv, if (port == 0) port = krb5_getportbyname (*context, PORT, "tcp", 4711); - + return port; } diff --git a/crypto/heimdal/appl/test/gss_common.c b/crypto/heimdal/appl/test/gss_common.c index 4c80e543b7c..6a0eb77a761 100644 --- a/crypto/heimdal/appl/test/gss_common.c +++ b/crypto/heimdal/appl/test/gss_common.c @@ -1,40 +1,42 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -#include +#include +#include +#include #include "gss_common.h" -RCSID("$Id: gss_common.c 19937 2007-01-16 21:56:01Z lha $"); +RCSID("$Id$"); void write_token (int sock, gss_buffer_t buf) @@ -93,7 +95,7 @@ gss_print_errors (int min_stat) GSS_C_NO_OID, &msg_ctx, &status_string); - fprintf (stderr, "%.*s\n", (int)status_string.length, + fprintf (stderr, "%.*s\n", (int)status_string.length, (char *)status_string.value); gss_release_buffer (&new_stat, &status_string); } while (!GSS_ERROR(ret) && msg_ctx != 0); diff --git a/crypto/heimdal/appl/test/gss_common.h b/crypto/heimdal/appl/test/gss_common.h index 598ac8c287d..eaab550beb0 100644 --- a/crypto/heimdal/appl/test/gss_common.h +++ b/crypto/heimdal/appl/test/gss_common.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gss_common.h 14661 2005-03-19 03:13:14Z lha $ */ +/* $Id$ */ void write_token (int sock, gss_buffer_t buf); void read_token (int sock, gss_buffer_t buf); diff --git a/crypto/heimdal/appl/test/gssapi_client.c b/crypto/heimdal/appl/test/gssapi_client.c index d10fc5701fa..5fc564cea27 100644 --- a/crypto/heimdal/appl/test/gssapi_client.c +++ b/crypto/heimdal/appl/test/gssapi_client.c @@ -1,40 +1,42 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -#include +#include +#include +#include #include "gss_common.h" -RCSID("$Id: gssapi_client.c 21521 2007-07-12 13:13:40Z lha $"); +RCSID("$Id$"); static int do_trans (int sock, gss_ctx_id_t context_hdl) @@ -92,21 +94,23 @@ do_trans (int sock, gss_ctx_id_t context_hdl) return 0; } +extern char *password; + static int proto (int sock, const char *hostname, const char *service) { - struct sockaddr_in remote, local; + struct sockaddr_storage remote, local; socklen_t addrlen; int context_established = 0; gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT; + gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; gss_buffer_desc real_input_token, real_output_token; gss_buffer_t input_token = &real_input_token, output_token = &real_output_token; OM_uint32 maj_stat, min_stat; gss_name_t server; gss_buffer_desc name_token; - struct gss_channel_bindings_struct input_chan_bindings; u_char init_buf[4]; u_char acct_buf[4]; gss_OID mech_oid; @@ -119,7 +123,7 @@ proto (int sock, const char *hostname, const char *service) if (str == NULL) errx(1, "malloc - out of memory"); name_token.value = str; - + maj_stat = gss_import_name (&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, @@ -128,19 +132,42 @@ proto (int sock, const char *hostname, const char *service) gss_err (1, min_stat, "Error importing name `%s@%s':\n", service, hostname); + if (password) { + gss_buffer_desc pw; + + pw.value = password; + pw.length = strlen(password); + + maj_stat = gss_acquire_cred_with_password(&min_stat, + GSS_C_NO_NAME, + &pw, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &cred, + NULL, + NULL); + if (GSS_ERROR(maj_stat)) + gss_err (1, min_stat, + "Error acquiring default initiator credentials"); + } + addrlen = sizeof(local); if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 - || addrlen != sizeof(local)) + || addrlen > sizeof(local)) err (1, "getsockname(%s)", hostname); addrlen = sizeof(remote); if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0 - || addrlen != sizeof(remote)) + || addrlen > sizeof(remote)) err (1, "getpeername(%s)", hostname); input_token->length = 0; output_token->length = 0; +#if 0 + struct gss_channel_bindings_struct input_chan_bindings; + input_chan_bindings.initiator_addrtype = GSS_C_AF_INET; input_chan_bindings.initiator_address.length = 4; init_buf[0] = (local.sin_addr.s_addr >> 24) & 0xFF; @@ -156,13 +183,12 @@ proto (int sock, const char *hostname, const char *service) acct_buf[2] = (remote.sin_addr.s_addr >> 8) & 0xFF; acct_buf[3] = (remote.sin_addr.s_addr >> 0) & 0xFF; input_chan_bindings.acceptor_address.value = acct_buf; - -#if 0 + input_chan_bindings.application_data.value = emalloc(4); * (unsigned short*)input_chan_bindings.application_data.value = local.sin_port; * ((unsigned short *)input_chan_bindings.application_data.value + 1) = remote.sin_port; input_chan_bindings.application_data.length = 4; -#else + input_chan_bindings.application_data.length = 0; input_chan_bindings.application_data.value = NULL; #endif @@ -170,14 +196,13 @@ proto (int sock, const char *hostname, const char *service) while(!context_established) { maj_stat = gss_init_sec_context(&min_stat, - GSS_C_NO_CREDENTIAL, + cred, &context_hdl, server, mech_oid, - GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG - | GSS_C_DELEG_FLAG, + GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, - &input_chan_bindings, + NULL, input_token, NULL, output_token, diff --git a/crypto/heimdal/appl/test/gssapi_server.c b/crypto/heimdal/appl/test/gssapi_server.c index e63a2bc8c53..3c6654f5738 100644 --- a/crypto/heimdal/appl/test/gssapi_server.c +++ b/crypto/heimdal/appl/test/gssapi_server.c @@ -1,40 +1,42 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -#include +#include +#include +#include #include "gss_common.h" -RCSID("$Id: gssapi_server.c 14762 2005-04-10 14:47:41Z lha $"); +RCSID("$Id$"); static int process_it(int sock, @@ -185,9 +187,9 @@ proto (int sock, const char *service) input_chan_bindings.application_data.length = 0; input_chan_bindings.application_data.value = NULL; #endif - + delegated_cred_handle = GSS_C_NO_CREDENTIAL; - + do { read_token (sock, input_token); maj_stat = @@ -214,7 +216,7 @@ proto (int sock, const char *service) break; } } while(maj_stat & GSS_S_CONTINUE_NEEDED); - + p = (char *)mech_oid->elements; if (mech_oid->length == GSS_KRB5_MECHANISM->length && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0) @@ -298,6 +300,7 @@ doit (int port, const char *service) int sock, sock2; struct sockaddr_in my_addr; int one = 1; + int ret; sock = socket (AF_INET, SOCK_STREAM, 0); if (sock < 0) @@ -315,14 +318,17 @@ doit (int port, const char *service) if (bind (sock, (struct sockaddr *)&my_addr, sizeof(my_addr)) < 0) err (1, "bind"); - if (listen (sock, 1) < 0) - err (1, "listen"); + while (1) { + if (listen (sock, 1) < 0) + err (1, "listen"); - sock2 = accept (sock, NULL, NULL); - if (sock2 < 0) - err (1, "accept"); + sock2 = accept (sock, NULL, NULL); + if (sock2 < 0) + err (1, "accept"); - return proto (sock2, service); + ret = proto (sock2, service); + } + return ret; } int @@ -332,3 +338,4 @@ main(int argc, char **argv) int port = server_setup(&context, argc, argv); return doit (port, service); } + diff --git a/crypto/heimdal/appl/test/http_client.c b/crypto/heimdal/appl/test/http_client.c index 074ba3768be..c9e1c8492b5 100644 --- a/crypto/heimdal/appl/test/http_client.c +++ b/crypto/heimdal/appl/test/http_client.c @@ -1,42 +1,44 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -#include +#include +#include +#include #include "gss_common.h" #include -RCSID("$Id: http_client.c 14861 2005-04-20 10:38:37Z lha $"); +RCSID("$Id$"); /* * A simplistic client implementing draft-brezak-spnego-http-04.txt @@ -84,7 +86,7 @@ fdprintf(int s, const char *fmt, ...) ssize_t ret; va_list ap; char *str, *buf; - + va_start(ap, fmt); vasprintf(&str, fmt, ap); va_end(ap); @@ -186,7 +188,7 @@ http_find_header(struct http_req *req, const char *header) static int -http_query(const char *host, const char *page, +http_query(const char *host, const char *page, char **headers, int num_headers, struct http_req *req) { enum { RESPONSE, HEADER, BODY } state; @@ -214,7 +216,7 @@ http_query(const char *host, const char *page, break; else if (ret < 0) err (1, "read: %lu", (unsigned long)ret); - + in_buf[ret + in_len] = '\0'; if (state == HEADER || state == RESPONSE) { @@ -235,12 +237,16 @@ http_query(const char *host, const char *page, in_ptr -= 2; break; } else if (state == RESPONSE) { - req->response = strndup(in_buf, p - in_buf); + req->response = emalloc(p - in_buf + 1); + memcpy(req->response, in_buf, p - in_buf); + req->response[p - in_buf] = '\0'; state = HEADER; } else { req->headers = realloc(req->headers, (req->num_headers + 1) * sizeof(req->headers[0])); - req->headers[req->num_headers] = strndup(in_buf, p - in_buf); + req->headers[req->num_headers] = emalloc(p - in_buf + 1); + memcpy(req->headers[req->num_headers], in_buf, p - in_buf); + req->headers[req->num_headers][p - in_buf] = '\0'; if (req->headers[req->num_headers] == NULL) errx(1, "strdup"); req->num_headers++; @@ -332,7 +338,7 @@ main(int argc, char **argv) print_body = 0; http_query(host, page, headers, num_headers, &req); - for (i = 0 ; i < num_headers; i++) + for (i = 0 ; i < num_headers; i++) free(headers[i]); num_headers = 0; @@ -356,7 +362,7 @@ main(int argc, char **argv) if (verbose_flag) printf("Negotiate found\n"); - + if (server == GSS_C_NO_NAME) { char *name; asprintf(&name, "%s@%s", gss_service, host); @@ -468,7 +474,7 @@ main(int argc, char **argv) base64_encode(output_token.value, output_token.length, &neg_token); - + asprintf(&headers[0], "Authorization: Negotiate %s", neg_token); diff --git a/crypto/heimdal/appl/test/nt_gss_client.c b/crypto/heimdal/appl/test/nt_gss_client.c index 3527799b401..fc9ff3c8d6e 100644 --- a/crypto/heimdal/appl/test/nt_gss_client.c +++ b/crypto/heimdal/appl/test/nt_gss_client.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" #include #include "nt_gss_common.h" -RCSID("$Id: nt_gss_client.c 21522 2007-07-12 13:15:04Z lha $"); +RCSID("$Id$"); /* * This program tries to act as a client for the sample in `Sample diff --git a/crypto/heimdal/appl/test/nt_gss_common.c b/crypto/heimdal/appl/test/nt_gss_common.c index ca079179bc8..f26a1022310 100644 --- a/crypto/heimdal/appl/test/nt_gss_common.c +++ b/crypto/heimdal/appl/test/nt_gss_common.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" #include #include "nt_gss_common.h" -RCSID("$Id: nt_gss_common.c 17450 2006-05-05 11:11:43Z lha $"); +RCSID("$Id$"); /* * These are functions that are needed to interoperate with the @@ -43,7 +43,7 @@ RCSID("$Id: nt_gss_common.c 17450 2006-05-05 11:11:43Z lha $"); */ /* - * Write the `gss_buffer_t' in `buf' onto the fd `sock', but remember that + * Write the `gss_buffer_t' in `buf' onto the fd `sock', but remember that * the length is written in little-endian-order. */ @@ -107,7 +107,9 @@ gss_print_errors (int min_stat) GSS_C_NO_OID, &msg_ctx, &status_string); - fprintf (stderr, "%s\n", (char *)status_string.value); + fprintf (stderr, "%.*s\n", + (int)status_string.length, + (char *)status_string.value); gss_release_buffer (&new_stat, &status_string); } while (!GSS_ERROR(ret) && msg_ctx != 0); } diff --git a/crypto/heimdal/appl/test/nt_gss_common.h b/crypto/heimdal/appl/test/nt_gss_common.h index 50b5c8380f4..134afe33cd0 100644 --- a/crypto/heimdal/appl/test/nt_gss_common.h +++ b/crypto/heimdal/appl/test/nt_gss_common.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: nt_gss_common.h 7464 1999-12-02 17:05:13Z joda $ */ +/* $Id$ */ void nt_write_token (int sock, gss_buffer_t buf); void nt_read_token (int sock, gss_buffer_t buf); diff --git a/crypto/heimdal/appl/test/nt_gss_server.c b/crypto/heimdal/appl/test/nt_gss_server.c index df4a32ef857..cdfee1ea58a 100644 --- a/crypto/heimdal/appl/test/nt_gss_server.c +++ b/crypto/heimdal/appl/test/nt_gss_server.c @@ -1,42 +1,44 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -#include +#include +#include +#include #include #include "nt_gss_common.h" -RCSID("$Id: nt_gss_server.c 12323 2003-05-21 15:15:34Z lha $"); +RCSID("$Id$"); /* * This program tries to act as a server for the sample in `Sample @@ -115,21 +117,16 @@ proto (int sock, const char *service) } while(maj_stat & GSS_S_CONTINUE_NEEDED); if (auth_file != NULL) { - int fd = open (auth_file, O_WRONLY | O_CREAT, 0666); -#if 0 - krb5_ticket *ticket; - krb5_data *data; + gss_buffer_desc data; - ticket = context_hdl->ticket; - data = &ticket->ticket.authorization_data->val[0].ad_data; - - if(fd < 0) - err (1, "open %s", auth_file); - if (write (fd, data->data, data->length) != data->length) - errx (1, "write to %s failed", auth_file); -#endif - if (close (fd)) - err (1, "close %s", auth_file); + maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat, + context_hdl, + KRB5_AUTHDATA_WIN2K_PAC, + &data); + if (maj_stat == GSS_S_COMPLETE) { + rk_dumpdata(auth_file, data.value, data.length); + gss_release_buffer(&min_stat, &data); + } } maj_stat = gss_display_name (&min_stat, @@ -196,7 +193,7 @@ usage(int code, struct getargs *args, int num_args) } static int -common_setup(krb5_context *context, int *argc, char **argv, +common_setup(krb5_context *context, int *argc, char **argv, void (*usage)(int, struct getargs*, int)) { int port = 0; @@ -208,7 +205,7 @@ common_setup(krb5_context *context, int *argc, char **argv, print_version(NULL); exit(0); } - + if(port_str){ struct servent *s = roken_getservbyname(port_str, "tcp"); if(s) @@ -225,7 +222,7 @@ common_setup(krb5_context *context, int *argc, char **argv, if (port == 0) port = krb5_getportbyname (*context, PORT, "tcp", 4711); - + return port; } diff --git a/crypto/heimdal/appl/test/tcp_client.c b/crypto/heimdal/appl/test/tcp_client.c index f1a4cb25216..2bbb068113f 100644 --- a/crypto/heimdal/appl/test/tcp_client.c +++ b/crypto/heimdal/appl/test/tcp_client.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -RCSID("$Id: tcp_client.c 17450 2006-05-05 11:11:43Z lha $"); +RCSID("$Id$"); krb5_context context; diff --git a/crypto/heimdal/appl/test/tcp_server.c b/crypto/heimdal/appl/test/tcp_server.c index 97a9b1170d2..7da97e6aa2f 100644 --- a/crypto/heimdal/appl/test/tcp_server.c +++ b/crypto/heimdal/appl/test/tcp_server.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -RCSID("$Id: tcp_server.c 17954 2006-09-01 09:01:03Z lha $"); +RCSID("$Id$"); krb5_context context; @@ -110,7 +110,7 @@ proto (int sock, const char *service) krb5_errx (context, 1, "EOF in krb5_net_read"); if (n < 0) krb5_err (context, 1, errno, "krb5_net_read"); - + status = krb5_rd_safe (context, auth_context, &packet, @@ -137,7 +137,7 @@ proto (int sock, const char *service) krb5_errx (context, 1, "EOF in krb5_net_read"); if (n < 0) krb5_err (context, 1, errno, "krb5_net_read"); - + status = krb5_rd_priv (context, auth_context, &packet, @@ -155,7 +155,7 @@ proto (int sock, const char *service) static int doit (int port, const char *service) { - mini_inetd (port); + mini_inetd (port, NULL); return proto (STDIN_FILENO, service); } diff --git a/crypto/heimdal/appl/test/test_locl.h b/crypto/heimdal/appl/test/test_locl.h index b203787f0a0..a2135c4fb45 100644 --- a/crypto/heimdal/appl/test/test_locl.h +++ b/crypto/heimdal/appl/test/test_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: test_locl.h 12797 2003-09-09 03:38:51Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include diff --git a/crypto/heimdal/appl/test/uu_client.c b/crypto/heimdal/appl/test/uu_client.c index 6113b8b569f..749f05583ce 100644 --- a/crypto/heimdal/appl/test/uu_client.c +++ b/crypto/heimdal/appl/test/uu_client.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -RCSID("$Id: uu_client.c 14719 2005-04-03 19:53:32Z lha $"); +RCSID("$Id$"); krb5_context context; @@ -95,14 +95,14 @@ proto (int sock, const char *hostname, const char *service) if(status) krb5_err(context, 1, status, "krb5_cc_get_principal"); status = krb5_make_principal(context, &mcred.server, - *krb5_princ_realm(context, client), - "krbtgt", - *krb5_princ_realm(context, client), + krb5_principal_get_realm(context, client), + "krbtgt", + krb5_principal_get_realm(context, client), NULL); if(status) krb5_err(context, 1, status, "krb5_make_principal"); mcred.client = client; - + status = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); if(status) krb5_err(context, 1, status, "krb5_cc_retrieve_cred"); @@ -128,13 +128,13 @@ proto (int sock, const char *hostname, const char *service) status = krb5_auth_con_setuserkey(context, auth_context, &cred.session); if(status) krb5_err(context, 1, status, "krb5_auth_con_setuserkey"); - - status = krb5_recvauth(context, &auth_context, &sock, + + status = krb5_recvauth(context, &auth_context, &sock, VERSION, client, 0, NULL, &ticket); if (status) krb5_err(context, 1, status, "krb5_recvauth"); - + if (ticket->ticket.authorization_data) { AuthorizationData *authz; int i; diff --git a/crypto/heimdal/appl/test/uu_server.c b/crypto/heimdal/appl/test/uu_server.c index 6462363456c..43ff5a49c96 100644 --- a/crypto/heimdal/appl/test/uu_server.c +++ b/crypto/heimdal/appl/test/uu_server.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997 - 2000, 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "test_locl.h" -RCSID("$Id: uu_server.c 20880 2007-06-04 16:55:00Z lha $"); +RCSID("$Id$"); krb5_context context; @@ -62,8 +62,7 @@ proto (int sock, const char *service) status = krb5_auth_con_init (context, &auth_context); if (status) - errx (1, "krb5_auth_con_init: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_auth_con_init"); local_addr.addr_type = AF_INET; local_addr.address.length = sizeof(local.sin_addr); @@ -78,16 +77,19 @@ proto (int sock, const char *service) &local_addr, &remote_addr); if (status) - errx (1, "krb5_auth_con_setaddr: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_auth_con_setaddr"); status = krb5_read_message(context, &sock, &client_name); if(status) krb5_err(context, 1, status, "krb5_read_message"); - + memset(&in_creds, 0, sizeof(in_creds)); status = krb5_cc_default(context, &ccache); + if(status) + krb5_err(context, 1, status, "krb5_cc_default"); status = krb5_cc_get_principal(context, ccache, &in_creds.client); + if(status) + krb5_err(context, 1, status, "krb5_cc_get_principal"); status = krb5_read_message(context, &sock, &in_creds.second_ticket); if(status) @@ -96,18 +98,20 @@ proto (int sock, const char *service) status = krb5_parse_name(context, client_name.data, &in_creds.server); if(status) krb5_err(context, 1, status, "krb5_parse_name"); - - status = krb5_get_credentials(context, KRB5_GC_USER_USER, ccache, + + status = krb5_get_credentials(context, KRB5_GC_USER_USER, ccache, &in_creds, &out_creds); if(status) krb5_err(context, 1, status, "krb5_get_credentials"); status = krb5_cc_default(context, &ccache); + if(status) + krb5_err(context, 1, status, "krb5_cc_default"); - status = krb5_sendauth(context, + status = krb5_sendauth(context, &auth_context, - &sock, - VERSION, + &sock, + VERSION, in_creds.client, in_creds.server, AP_OPTS_USE_SESSION_KEY, @@ -117,10 +121,10 @@ proto (int sock, const char *service) NULL, NULL, NULL); - + if (status) krb5_err(context, 1, status, "krb5_sendauth"); - + { char *str; krb5_unparse_name(context, in_creds.server, &str); @@ -137,15 +141,14 @@ proto (int sock, const char *service) status = krb5_read_message(context, &sock, &packet); if(status) krb5_err(context, 1, status, "krb5_read_message"); - + status = krb5_rd_safe (context, auth_context, &packet, &data, NULL); if (status) - errx (1, "krb5_rd_safe: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_rd_safe"); printf ("safe packet: %.*s\n", (int)data.length, (char *)data.data); @@ -153,15 +156,14 @@ proto (int sock, const char *service) status = krb5_read_message(context, &sock, &packet); if(status) krb5_err(context, 1, status, "krb5_read_message"); - + status = krb5_rd_priv (context, auth_context, &packet, &data, NULL); if (status) - errx (1, "krb5_rd_priv: %s", - krb5_get_err_text(context, status)); + krb5_err(context, 1, status, "krb5_rd_priv"); printf ("priv packet: %.*s\n", (int)data.length, (char *)data.data); @@ -185,7 +187,7 @@ doit (int port, const char *service) my_addr.sin_port = port; my_addr.sin_addr.s_addr = INADDR_ANY; - if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, + if (setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)) < 0) warn ("setsockopt SO_REUSEADDR"); diff --git a/crypto/heimdal/autogen.sh b/crypto/heimdal/autogen.sh index c3facbf5c7e..c8ae49af07b 100644 --- a/crypto/heimdal/autogen.sh +++ b/crypto/heimdal/autogen.sh @@ -3,3 +3,4 @@ # object tree, but this will do if you have all parts of the required # tool-chain installed autoreconf -f -i || { echo "autoreconf failed: $?"; exit 1; } +find . \( -name '*-private.h' -o -name '*-protos.h' \) -delete diff --git a/crypto/heimdal/base/Makefile.am b/crypto/heimdal/base/Makefile.am new file mode 100644 index 00000000000..639136f79c3 --- /dev/null +++ b/crypto/heimdal/base/Makefile.am @@ -0,0 +1,31 @@ + +include $(top_srcdir)/Makefile.am.common + +lib_LTLIBRARIES = libheimbase.la +check_PROGRAMS = test_base + +libheimbase_la_LDFLAGS = -version-info 1:0:0 + +if versionscript +libheimbase_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif + +include_HEADERS = heimbase.h + +dist_libheimbase_la_SOURCES = \ + array.c \ + baselocl.h \ + bool.c \ + dict.c \ + heimbase.c \ + heimbasepriv.h \ + heimqueue.h \ + null.c \ + number.c \ + string.c + +libheimbase_la_DEPENDENCIES = version-script.map + +test_base_LDADD = $(LIB_heimbase) + +EXTRA_DIST = NTMakefile version-script.map diff --git a/contrib/com_err/Makefile.in b/crypto/heimdal/base/Makefile.in similarity index 65% rename from contrib/com_err/Makefile.in rename to crypto/heimdal/base/Makefile.in index 2581001abd2..9dc5a5aa14f 100644 --- a/contrib/com_err/Makefile.in +++ b/crypto/heimdal/base/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -42,14 +41,13 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \ - parse.h + $(top_srcdir)/cf/Makefile.am.common +check_PROGRAMS = test_base$(EXEEXT) @versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map -bin_PROGRAMS = compile_et$(EXEEXT) -subdir = lib/com_err +subdir = base ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -64,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -78,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -88,44 +89,49 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ - "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) -libcom_err_la_LIBADD = -dist_libcom_err_la_OBJECTS = libcom_err_la-error.lo \ - libcom_err_la-com_err.lo -@do_roken_rename_TRUE@nodist_libcom_err_la_OBJECTS = \ -@do_roken_rename_TRUE@ libcom_err_la-snprintf.lo \ -@do_roken_rename_TRUE@ libcom_err_la-strlcpy.lo -libcom_err_la_OBJECTS = $(dist_libcom_err_la_OBJECTS) \ - $(nodist_libcom_err_la_OBJECTS) -libcom_err_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +libheimbase_la_LIBADD = +dist_libheimbase_la_OBJECTS = array.lo bool.lo dict.lo heimbase.lo \ + null.lo number.lo string.lo +libheimbase_la_OBJECTS = $(dist_libheimbase_la_OBJECTS) +libheimbase_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libcom_err_la_LDFLAGS) $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -PROGRAMS = $(bin_PROGRAMS) -am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \ - lex.$(OBJEXT) -compile_et_OBJECTS = $(am_compile_et_OBJECTS) -am__DEPENDENCIES_1 = -compile_et_DEPENDENCIES = libcom_err.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(libheimbase_la_LDFLAGS) $(LDFLAGS) -o $@ +test_base_SOURCES = test_base.c +test_base_OBJECTS = test_base.$(OBJEXT) +test_base_DEPENDENCIES = $(LIB_heimbase) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -135,19 +141,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ || -LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS) -LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) -YLWRAP = $(top_srcdir)/ylwrap -@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ || -YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) -LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) -SOURCES = $(dist_libcom_err_la_SOURCES) \ - $(nodist_libcom_err_la_SOURCES) $(compile_et_SOURCES) -DIST_SOURCES = $(dist_libcom_err_la_SOURCES) $(compile_et_SOURCES) -includeHEADERS_INSTALL = $(INSTALL_HEADER) +SOURCES = $(dist_libheimbase_la_SOURCES) test_base.c +DIST_SOURCES = $(dist_libheimbase_la_SOURCES) test_base.c HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags @@ -156,49 +151,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -222,10 +226,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -242,6 +247,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -257,31 +264,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -291,15 +312,17 @@ X_EXTRA_LIBS = @X_EXTRA_LIBS@ X_LIBS = @X_LIBS@ X_PRE_LIBS = @X_PRE_LIBS@ YACC = @YACC@ -YFLAGS = -d +YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -340,59 +363,69 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -lib_LTLIBRARIES = libcom_err.la -libcom_err_la_LDFLAGS = -version-info 2:3:1 $(am__append_1) -include_HEADERS = com_err.h com_right.h -compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h -libcom_err_la_CPPFLAGS = $(ROKEN_RENAME) -dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h -@do_roken_rename_TRUE@nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c -compile_et_LDADD = \ - libcom_err.la \ - $(LIB_roken) \ - $(LEXLIB) +lib_LTLIBRARIES = libheimbase.la +libheimbase_la_LDFLAGS = -version-info 1:0:0 $(am__append_1) +include_HEADERS = heimbase.h +dist_libheimbase_la_SOURCES = \ + array.c \ + baselocl.h \ + bool.c \ + dict.c \ + heimbase.c \ + heimbasepriv.h \ + heimqueue.h \ + null.c \ + number.c \ + string.c -EXTRA_DIST = version-script.map +libheimbase_la_DEPENDENCIES = version-script.map +test_base_LDADD = $(LIB_heimbase) +EXTRA_DIST = NTMakefile version-script.map all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/com_err/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/com_err/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign base/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign base/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -410,23 +443,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -437,44 +475,20 @@ clean-libLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES) - $(libcom_err_la_LINK) -rpath $(libdir) $(libcom_err_la_OBJECTS) $(libcom_err_la_LIBADD) $(LIBS) -install-binPROGRAMS: $(bin_PROGRAMS) - @$(NORMAL_INSTALL) - test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done +libheimbase.la: $(libheimbase_la_OBJECTS) $(libheimbase_la_DEPENDENCIES) + $(libheimbase_la_LINK) -rpath $(libdir) $(libheimbase_la_OBJECTS) $(libheimbase_la_LIBADD) $(LIBS) -uninstall-binPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done - -clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -parse.h: parse.c - @if test ! -f $@; then \ - rm -f parse.c; \ - $(MAKE) $(AM_MAKEFLAGS) parse.c; \ - else :; fi -compile_et$(EXEEXT): $(compile_et_OBJECTS) $(compile_et_DEPENDENCIES) - @rm -f compile_et$(EXEEXT) - $(LINK) $(compile_et_OBJECTS) $(compile_et_LDADD) $(LIBS) +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +test_base$(EXEEXT): $(test_base_OBJECTS) $(test_base_DEPENDENCIES) + @rm -f test_base$(EXEEXT) + $(LINK) $(test_base_OBJECTS) $(test_base_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -482,32 +496,35 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/array.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bool.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dict.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/heimbase.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/null.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/number.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_base.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< - -libcom_err_la-error.lo: error.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c - -libcom_err_la-com_err.lo: com_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c - -libcom_err_la-snprintf.lo: snprintf.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c - -libcom_err_la-strlcpy.lo: strlcpy.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c - -.l.c: - $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) - -.y.c: - $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -517,65 +534,72 @@ clean-libtool: install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -596,13 +620,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -610,13 +638,12 @@ distdir: $(DISTFILES) top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local -install-binPROGRAMS: install-libLTLIBRARIES - +all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -639,19 +666,18 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -rm -f lex.c - -rm -f parse.c - -rm -f parse.h clean: clean-am -clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ +clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -662,6 +688,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -669,26 +697,35 @@ info-am: install-data-am: install-includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am -install-exec-am: install-binPROGRAMS install-libLTLIBRARIES +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -705,30 +742,27 @@ ps: ps-am ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ - uninstall-libLTLIBRARIES +uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ - clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ + clean clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-libtool ctags dist-hook distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ - install-binPROGRAMS install-data install-data-am \ - install-data-hook install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-hook uninstall-includeHEADERS \ + install-data install-data-am install-data-hook install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-includeHEADERS \ + install-info install-info-am install-libLTLIBRARIES \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-hook uninstall-includeHEADERS \ uninstall-libLTLIBRARIES @@ -800,6 +834,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -885,7 +922,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -899,12 +936,6 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -$(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s - -snprintf.c: - $(LN_S) $(srcdir)/../roken/snprintf.c . -strlcpy.c: - $(LN_S) $(srcdir)/../roken/strlcpy.c . # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/base/NTMakefile b/crypto/heimdal/base/NTMakefile new file mode 100644 index 00000000000..0668cd6990a --- /dev/null +++ b/crypto/heimdal/base/NTMakefile @@ -0,0 +1,53 @@ +######################################################################## +# +# Copyright (c) 2010, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=base + +!include ../windows/NTMakefile.w32 + +INCFILES=$(INCDIR)\heimbase.h + +libheimbase_OBJS = \ + $(OBJ)\array.obj \ + $(OBJ)\bool.obj \ + $(OBJ)\dict.obj \ + $(OBJ)\heimbase.obj \ + $(OBJ)\null.obj \ + $(OBJ)\number.obj \ + $(OBJ)\string.obj + +$(LIBHEIMBASE): $(libheimbase_OBJS) + $(LIBCON) + +all:: $(INCFILES) $(LIBHEIMBASE) + +clean:: + -$(RM) $(INCFILES) diff --git a/crypto/heimdal/base/array.c b/crypto/heimdal/base/array.c new file mode 100644 index 00000000000..9266411aabe --- /dev/null +++ b/crypto/heimdal/base/array.c @@ -0,0 +1,234 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +/* + * + */ + +struct heim_array_data { + size_t len; + heim_object_t *val; +}; + +static void +array_dealloc(heim_object_t ptr) +{ + heim_array_t array = ptr; + size_t n; + for (n = 0; n < array->len; n++) + heim_release(array->val[n]); + free(array->val); +} + +struct heim_type_data array_object = { + HEIM_TID_ARRAY, + "dict-object", + NULL, + array_dealloc, + NULL, + NULL, + NULL +}; + +/** + * Allocate an array + * + * @return A new allocated array, free with heim_release() + */ + +heim_array_t +heim_array_create(void) +{ + heim_array_t array; + + array = _heim_alloc_object(&array_object, sizeof(*array)); + if (array == NULL) + return NULL; + + array->val = NULL; + array->len = 0; + + return array; +} + +/** + * Get type id of an dict + * + * @return the type id + */ + +heim_tid_t +heim_array_get_type_id(void) +{ + return HEIM_TID_ARRAY; +} + +/** + * Append object to array + * + * @param array array to add too + * @param object the object to add + * + * @return zero if added, errno otherwise + */ + +int +heim_array_append_value(heim_array_t array, heim_object_t object) +{ + heim_object_t *ptr; + + ptr = realloc(array->val, (array->len + 1) * sizeof(array->val[0])); + if (ptr == NULL) + return ENOMEM; + array->val = ptr; + array->val[array->len++] = heim_retain(object); + + return 0; +} + +/** + * Iterate over all objects in array + * + * @param array array to iterate over + * @param fn function to call on each object + * @param ctx context passed to fn + */ + +void +heim_array_iterate_f(heim_array_t array, heim_array_iterator_f_t fn, void *ctx) +{ + size_t n; + for (n = 0; n < array->len; n++) + fn(array->val[n], ctx); +} + +#ifdef __BLOCKS__ +/** + * Iterate over all objects in array + * + * @param array array to iterate over + * @param fn block to call on each object + */ + +void +heim_array_iterate(heim_array_t array, void (^fn)(heim_object_t)) +{ + size_t n; + for (n = 0; n < array->len; n++) + fn(array->val[n]); +} +#endif + +/** + * Get length of array + * + * @param array array to get length of + * + * @return length of array + */ + +size_t +heim_array_get_length(heim_array_t array) +{ + return array->len; +} + +/** + * Copy value of array + * + * @param array array copy object from + * @param idx index of object, 0 based, must be smaller then + * heim_array_get_length() + * + * @return a retained copy of the object + */ + +heim_object_t +heim_array_copy_value(heim_array_t array, size_t idx) +{ + if (idx >= array->len) + heim_abort("index too large"); + return heim_retain(array->val[idx]); +} + +/** + * Delete value at idx + * + * @param array the array to modify + * @param idx the key to delete + */ + +void +heim_array_delete_value(heim_array_t array, size_t idx) +{ + heim_object_t obj; + if (idx >= array->len) + heim_abort("index too large"); + obj = array->val[idx]; + + array->len--; + + if (idx < array->len) + memmove(&array->val[idx], &array->val[idx + 1], + (array->len - idx) * sizeof(array->val[0])); + + heim_release(obj); +} + +#ifdef __BLOCKS__ +/** + * Get value at idx + * + * @param array the array to modify + * @param idx the key to delete + */ + +void +heim_array_filter(heim_array_t array, int (^block)(heim_object_t)) +{ + size_t n = 0; + + while (n < array->len) { + if (block(array->val[n])) { + heim_array_delete_value(array, n); + } else { + n++; + } + } +} + +#endif /* __BLOCKS__ */ diff --git a/crypto/heimdal/base/baselocl.h b/crypto/heimdal/base/baselocl.h new file mode 100644 index 00000000000..901e8606fd9 --- /dev/null +++ b/crypto/heimdal/base/baselocl.h @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "heimqueue.h" +#include "heim_threads.h" +#include "heimbase.h" +#include "heimbasepriv.h" + +#ifdef HAVE_DISPATCH_DISPATCH_H +#include +#endif + +#if defined(__GNUC__) && defined(HAVE___SYNC_ADD_AND_FETCH) + +#define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1) +#define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1) +#define heim_base_atomic_type unsigned int +#define heim_base_atomic_max UINT_MAX + +#define heim_base_exchange_pointer(t,v) __sync_lock_test_and_set((t), (v)) + +#elif defined(_WIN32) + +#define heim_base_atomic_inc(x) InterlockedIncrement(x) +#define heim_base_atomic_dec(x) InterlockedDecrement(x) +#define heim_base_atomic_type LONG +#define heim_base_atomic_max MAXLONG + +#define heim_base_exchange_pointer(t,v) InterlockedExchangePointer((t),(v)) + +#else + +#define HEIM_BASE_NEED_ATOMIC_MUTEX 1 +extern HEIMDAL_MUTEX _heim_base_mutex; + +#define heim_base_atomic_type unsigned int + +static inline heim_base_atomic_type +heim_base_atomic_inc(heim_base_atomic_type *x) +{ + heim_base_atomic_type t; + HEIMDAL_MUTEX_lock(&_heim_base_mutex); + t = ++(*x); + HEIMDAL_MUTEX_unlock(&_heim_base_mutex); + return t; +} + +static inline heim_base_atomic_type +heim_base_atomic_dec(heim_base_atomic_type *x) +{ + heim_base_atomic_type t; + HEIMDAL_MUTEX_lock(&_heim_base_mutex); + t = --(*x); + HEIMDAL_MUTEX_unlock(&_heim_base_mutex); + return t; +} + +#define heim_base_atomic_max UINT_MAX + +#endif + +/* tagged strings/object/XXX */ +#define heim_base_is_tagged(x) (((uintptr_t)(x)) & 0x3) + +#define heim_base_is_tagged_object(x) ((((uintptr_t)(x)) & 0x3) == 1) +#define heim_base_make_tagged_object(x, tid) \ + ((heim_object_t)((((uintptr_t)(x)) << 5) | ((tid) << 2) | 0x1)) +#define heim_base_tagged_object_tid(x) ((((uintptr_t)(x)) & 0x1f) >> 2) +#define heim_base_tagged_object_value(x) (((uintptr_t)(x)) >> 5) + +/* + * + */ + +#undef HEIMDAL_NORETURN_ATTRIBUTE +#define HEIMDAL_NORETURN_ATTRIBUTE +#undef HEIMDAL_PRINTF_ATTRIBUTE +#define HEIMDAL_PRINTF_ATTRIBUTE(x) diff --git a/crypto/heimdal/base/bool.c b/crypto/heimdal/base/bool.c new file mode 100644 index 00000000000..72edcc71ed4 --- /dev/null +++ b/crypto/heimdal/base/bool.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +struct heim_type_data _heim_bool_object = { + HEIM_TID_BOOL, + "bool-object", + NULL, + NULL, + NULL, + NULL, + NULL +}; + +heim_bool_t +heim_bool_create(int val) +{ + return heim_base_make_tagged_object(!!val, HEIM_TID_BOOL); +} + +int +heim_bool_val(heim_bool_t ptr) +{ + return heim_base_tagged_object_value(ptr); +} diff --git a/crypto/heimdal/base/dict.c b/crypto/heimdal/base/dict.c new file mode 100644 index 00000000000..1f9d71a0f50 --- /dev/null +++ b/crypto/heimdal/base/dict.c @@ -0,0 +1,282 @@ +/* + * Copyright (c) 2002, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +struct hashentry { + struct hashentry **prev; + struct hashentry *next; + heim_object_t key; + heim_object_t value; +}; + +struct heim_dict_data { + size_t size; + struct hashentry **tab; +}; + +static void +dict_dealloc(void *ptr) +{ + heim_dict_t dict = ptr; + struct hashentry **h, *g, *i; + + for (h = dict->tab; h < &dict->tab[dict->size]; ++h) { + for (g = h[0]; g; g = i) { + i = g->next; + heim_release(g->key); + heim_release(g->value); + free(g); + } + } + free(dict->tab); +} + +struct heim_type_data dict_object = { + HEIM_TID_DICT, + "dict-object", + NULL, + dict_dealloc, + NULL, + NULL, + NULL +}; + +static size_t +isprime(size_t p) +{ + size_t q, i; + + for(i = 2 ; i < p; i++) { + q = p / i; + + if (i * q == p) + return 0; + if (i * i > p) + return 1; + } + return 1; +} + +static size_t +findprime(size_t p) +{ + if (p % 2 == 0) + p++; + + while (isprime(p) == 0) + p += 2; + + return p; +} + +/** + * Allocate an array + * + * @return A new allocated array, free with heim_release() + */ + +heim_dict_t +heim_dict_create(size_t size) +{ + heim_dict_t dict; + + dict = _heim_alloc_object(&dict_object, sizeof(*dict)); + + dict->size = findprime(size); + if (dict->size == 0) { + heim_release(dict); + return NULL; + } + + dict->tab = calloc(dict->size, sizeof(dict->tab[0])); + if (dict->tab == NULL) { + dict->size = 0; + heim_release(dict); + return NULL; + } + + return dict; +} + +/** + * Get type id of an dict + * + * @return the type id + */ + +heim_tid_t +heim_dict_get_type_id(void) +{ + return HEIM_TID_DICT; +} + +/* Intern search function */ + +static struct hashentry * +_search(heim_dict_t dict, heim_object_t ptr) +{ + unsigned long v = heim_get_hash(ptr); + struct hashentry *p; + + for (p = dict->tab[v % dict->size]; p != NULL; p = p->next) + if (heim_cmp(ptr, p->key) == 0) + return p; + + return NULL; +} + +/** + * Search for element in hash table + * + * @value dict the dict to search in + * @value key the key to search for + * + * @return a retained copy of the value for key or NULL if not found + */ + +heim_object_t +heim_dict_copy_value(heim_dict_t dict, heim_object_t key) +{ + struct hashentry *p; + p = _search(dict, key); + if (p == NULL) + return NULL; + + return heim_retain(p->value); +} + +/** + * Add key and value to dict + * + * @value dict the dict to add too + * @value key the key to add + * @value value the value to add + * + * @return 0 if added, errno if not + */ + +int +heim_dict_add_value(heim_dict_t dict, heim_object_t key, heim_object_t value) +{ + struct hashentry **tabptr, *h; + + h = _search(dict, key); + if (h) { + heim_release(h->value); + h->value = heim_retain(value); + } else { + unsigned long v; + + h = malloc(sizeof(*h)); + if (h == NULL) + return ENOMEM; + + h->key = heim_retain(key); + h->value = heim_retain(value); + + v = heim_get_hash(key); + + tabptr = &dict->tab[v % dict->size]; + h->next = *tabptr; + *tabptr = h; + h->prev = tabptr; + if (h->next) + h->next->prev = &h->next; + } + + return 0; +} + +/** + * Delete element with key key + * + * @value dict the dict to delete from + * @value key the key to delete + */ + +void +heim_dict_delete_key(heim_dict_t dict, heim_object_t key) +{ + struct hashentry *h = _search(dict, key); + + if (h == NULL) + return; + + heim_release(h->key); + heim_release(h->value); + + if ((*(h->prev) = h->next) != NULL) + h->next->prev = h->prev; + + free(h); +} + +/** + * Do something for each element + * + * @value dict the dict to interate over + * @value func the function to search for + * @value arg argument to func + */ + +void +heim_dict_iterate_f(heim_dict_t dict, heim_dict_iterator_f_t func, void *arg) +{ + struct hashentry **h, *g; + + for (h = dict->tab; h < &dict->tab[dict->size]; ++h) + for (g = *h; g; g = g->next) + func(g->key, g->value, arg); +} + +#ifdef __BLOCKS__ +/** + * Do something for each element + * + * @value dict the dict to interate over + * @value func the function to search for + */ + +void +heim_dict_iterate(heim_dict_t dict, void (^func)(heim_object_t, heim_object_t)) +{ + struct hashentry **h, *g; + + for (h = dict->tab; h < &dict->tab[dict->size]; ++h) + for (g = *h; g; g = g->next) + func(g->key, g->value); +} +#endif diff --git a/crypto/heimdal/base/heimbase.c b/crypto/heimdal/base/heimbase.c new file mode 100644 index 00000000000..7031af9e498 --- /dev/null +++ b/crypto/heimdal/base/heimbase.c @@ -0,0 +1,559 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" +#include + +static heim_base_atomic_type tidglobal = HEIM_TID_USER; + +struct heim_base { + heim_type_t isa; + heim_base_atomic_type ref_cnt; + HEIM_TAILQ_ENTRY(heim_base) autorel; + heim_auto_release_t autorelpool; + uintptr_t isaextra[3]; +}; + +/* specialized version of base */ +struct heim_base_mem { + heim_type_t isa; + heim_base_atomic_type ref_cnt; + HEIM_TAILQ_ENTRY(heim_base) autorel; + heim_auto_release_t autorelpool; + const char *name; + void (*dealloc)(void *); + uintptr_t isaextra[1]; +}; + +#define PTR2BASE(ptr) (((struct heim_base *)ptr) - 1) +#define BASE2PTR(ptr) ((void *)(((struct heim_base *)ptr) + 1)) + +#ifdef HEIM_BASE_NEED_ATOMIC_MUTEX +HEIMDAL_MUTEX _heim_base_mutex = HEIMDAL_MUTEX_INITIALIZER; +#endif + +/* + * Auto release structure + */ + +struct heim_auto_release { + HEIM_TAILQ_HEAD(, heim_base) pool; + HEIMDAL_MUTEX pool_mutex; + struct heim_auto_release *parent; +}; + + +/** + * Retain object + * + * @param object to be released, NULL is ok + * + * @return the same object as passed in + */ + +void * +heim_retain(void *ptr) +{ + struct heim_base *p = PTR2BASE(ptr); + + if (ptr == NULL || heim_base_is_tagged(ptr)) + return ptr; + + if (p->ref_cnt == heim_base_atomic_max) + return ptr; + + if ((heim_base_atomic_inc(&p->ref_cnt) - 1) == 0) + heim_abort("resurection"); + return ptr; +} + +/** + * Release object, free is reference count reaches zero + * + * @param object to be released + */ + +void +heim_release(void *ptr) +{ + heim_base_atomic_type old; + struct heim_base *p = PTR2BASE(ptr); + + if (ptr == NULL || heim_base_is_tagged(ptr)) + return; + + if (p->ref_cnt == heim_base_atomic_max) + return; + + old = heim_base_atomic_dec(&p->ref_cnt) + 1; + + if (old > 1) + return; + + if (old == 1) { + heim_auto_release_t ar = p->autorelpool; + /* remove from autorel pool list */ + if (ar) { + p->autorelpool = NULL; + HEIMDAL_MUTEX_lock(&ar->pool_mutex); + HEIM_TAILQ_REMOVE(&ar->pool, p, autorel); + HEIMDAL_MUTEX_unlock(&ar->pool_mutex); + } + if (p->isa->dealloc) + p->isa->dealloc(ptr); + free(p); + } else + heim_abort("over release"); +} + +static heim_type_t tagged_isa[9] = { + &_heim_number_object, + &_heim_null_object, + &_heim_bool_object, + + NULL, + NULL, + NULL, + + NULL, + NULL, + NULL +}; + +heim_type_t +_heim_get_isa(heim_object_t ptr) +{ + struct heim_base *p; + if (heim_base_is_tagged(ptr)) { + if (heim_base_is_tagged_object(ptr)) + return tagged_isa[heim_base_tagged_object_tid(ptr)]; + heim_abort("not a supported tagged type"); + } + p = PTR2BASE(ptr); + return p->isa; +} + +/** + * Get type ID of object + * + * @param object object to get type id of + * + * @return type id of object + */ + +heim_tid_t +heim_get_tid(heim_object_t ptr) +{ + heim_type_t isa = _heim_get_isa(ptr); + return isa->tid; +} + +/** + * Get hash value of object + * + * @param object object to get hash value for + * + * @return a hash value + */ + +unsigned long +heim_get_hash(heim_object_t ptr) +{ + heim_type_t isa = _heim_get_isa(ptr); + if (isa->hash) + return isa->hash(ptr); + return (unsigned long)ptr; +} + +/** + * Compare two objects, returns 0 if equal, can use used for qsort() + * and friends. + * + * @param a first object to compare + * @param b first object to compare + * + * @return 0 if objects are equal + */ + +int +heim_cmp(heim_object_t a, heim_object_t b) +{ + heim_tid_t ta, tb; + heim_type_t isa; + + ta = heim_get_tid(a); + tb = heim_get_tid(b); + + if (ta != tb) + return ta - tb; + + isa = _heim_get_isa(a); + + if (isa->cmp) + return isa->cmp(a, b); + + return (uintptr_t)a - (uintptr_t)b; +} + +/* + * Private - allocates an memory object + */ + +static void +memory_dealloc(void *ptr) +{ + struct heim_base_mem *p = (struct heim_base_mem *)PTR2BASE(ptr); + if (p->dealloc) + p->dealloc(ptr); +} + +struct heim_type_data memory_object = { + HEIM_TID_MEMORY, + "memory-object", + NULL, + memory_dealloc, + NULL, + NULL, + NULL +}; + +void * +heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc) +{ + /* XXX use posix_memalign */ + + struct heim_base_mem *p = calloc(1, size + sizeof(*p)); + if (p == NULL) + return NULL; + p->isa = &memory_object; + p->ref_cnt = 1; + p->name = name; + p->dealloc = dealloc; + return BASE2PTR(p); +} + +heim_type_t +_heim_create_type(const char *name, + heim_type_init init, + heim_type_dealloc dealloc, + heim_type_copy copy, + heim_type_cmp cmp, + heim_type_hash hash) +{ + heim_type_t type; + + type = calloc(1, sizeof(*type)); + if (type == NULL) + return NULL; + + type->tid = heim_base_atomic_inc(&tidglobal); + type->name = name; + type->init = init; + type->dealloc = dealloc; + type->copy = copy; + type->cmp = cmp; + type->hash = hash; + + return type; +} + +heim_object_t +_heim_alloc_object(heim_type_t type, size_t size) +{ + /* XXX should use posix_memalign */ + struct heim_base *p = calloc(1, size + sizeof(*p)); + if (p == NULL) + return NULL; + p->isa = type; + p->ref_cnt = 1; + + return BASE2PTR(p); +} + +heim_tid_t +_heim_type_get_tid(heim_type_t type) +{ + return type->tid; +} + +/** + * Call func once and only once + * + * @param once pointer to a heim_base_once_t + * @param ctx context passed to func + * @param func function to be called + */ + +void +heim_base_once_f(heim_base_once_t *once, void *ctx, void (*func)(void *)) +{ +#ifdef HAVE_DISPATCH_DISPATCH_H + dispatch_once_f(once, ctx, func); +#else + static HEIMDAL_MUTEX mutex = HEIMDAL_MUTEX_INITIALIZER; + HEIMDAL_MUTEX_lock(&mutex); + if (*once == 0) { + *once = 1; + HEIMDAL_MUTEX_unlock(&mutex); + func(ctx); + HEIMDAL_MUTEX_lock(&mutex); + *once = 2; + HEIMDAL_MUTEX_unlock(&mutex); + } else if (*once == 2) { + HEIMDAL_MUTEX_unlock(&mutex); + } else { + HEIMDAL_MUTEX_unlock(&mutex); + while (1) { + struct timeval tv = { 0, 1000 }; + select(0, NULL, NULL, NULL, &tv); + HEIMDAL_MUTEX_lock(&mutex); + if (*once == 2) + break; + HEIMDAL_MUTEX_unlock(&mutex); + } + HEIMDAL_MUTEX_unlock(&mutex); + } +#endif +} + +/** + * Abort and log the failure (using syslog) + */ + +void +heim_abort(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + heim_abortv(fmt, ap); + va_end(ap); +} + +/** + * Abort and log the failure (using syslog) + */ + +void +heim_abortv(const char *fmt, va_list ap) +{ + static char str[1024]; + + vsnprintf(str, sizeof(str), fmt, ap); + syslog(LOG_ERR, "heim_abort: %s", str); + abort(); +} + +/* + * + */ + +static int ar_created = 0; +static HEIMDAL_thread_key ar_key; + +struct ar_tls { + struct heim_auto_release *head; + struct heim_auto_release *current; + HEIMDAL_MUTEX tls_mutex; +}; + +static void +ar_tls_delete(void *ptr) +{ + struct ar_tls *tls = ptr; + if (tls->head) + heim_release(tls->head); + free(tls); +} + +static void +init_ar_tls(void *ptr) +{ + int ret; + HEIMDAL_key_create(&ar_key, ar_tls_delete, ret); + if (ret == 0) + ar_created = 1; +} + +static struct ar_tls * +autorel_tls(void) +{ + static heim_base_once_t once = HEIM_BASE_ONCE_INIT; + struct ar_tls *arp; + int ret; + + heim_base_once_f(&once, NULL, init_ar_tls); + if (!ar_created) + return NULL; + + arp = HEIMDAL_getspecific(ar_key); + if (arp == NULL) { + + arp = calloc(1, sizeof(*arp)); + if (arp == NULL) + return NULL; + HEIMDAL_setspecific(ar_key, arp, ret); + if (ret) { + free(arp); + return NULL; + } + } + return arp; + +} + +static void +autorel_dealloc(void *ptr) +{ + heim_auto_release_t ar = ptr; + struct ar_tls *tls; + + tls = autorel_tls(); + if (tls == NULL) + heim_abort("autorelease pool released on thread w/o autorelease inited"); + + heim_auto_release_drain(ar); + + if (!HEIM_TAILQ_EMPTY(&ar->pool)) + heim_abort("pool not empty after draining"); + + HEIMDAL_MUTEX_lock(&tls->tls_mutex); + if (tls->current != ptr) + heim_abort("autorelease not releaseing top pool"); + + if (tls->current != tls->head) + tls->current = ar->parent; + HEIMDAL_MUTEX_unlock(&tls->tls_mutex); +} + +static int +autorel_cmp(void *a, void *b) +{ + return (a == b); +} + +static unsigned long +autorel_hash(void *ptr) +{ + return (unsigned long)ptr; +} + + +static struct heim_type_data _heim_autorel_object = { + HEIM_TID_AUTORELEASE, + "autorelease-pool", + NULL, + autorel_dealloc, + NULL, + autorel_cmp, + autorel_hash +}; + +/** + * + */ + +heim_auto_release_t +heim_auto_release_create(void) +{ + struct ar_tls *tls = autorel_tls(); + heim_auto_release_t ar; + + if (tls == NULL) + heim_abort("Failed to create/get autorelease head"); + + ar = _heim_alloc_object(&_heim_autorel_object, sizeof(struct heim_auto_release)); + if (ar) { + HEIMDAL_MUTEX_lock(&tls->tls_mutex); + if (tls->head == NULL) + tls->head = ar; + ar->parent = tls->current; + tls->current = ar; + HEIMDAL_MUTEX_unlock(&tls->tls_mutex); + } + + return ar; +} + +/** + * Mark the current object as a + */ + +void +heim_auto_release(heim_object_t ptr) +{ + struct heim_base *p = PTR2BASE(ptr); + struct ar_tls *tls = autorel_tls(); + heim_auto_release_t ar; + + if (ptr == NULL || heim_base_is_tagged(ptr)) + return; + + /* drop from old pool */ + if ((ar = p->autorelpool) != NULL) { + HEIMDAL_MUTEX_lock(&ar->pool_mutex); + HEIM_TAILQ_REMOVE(&ar->pool, p, autorel); + p->autorelpool = NULL; + HEIMDAL_MUTEX_unlock(&ar->pool_mutex); + } + + if (tls == NULL || (ar = tls->current) == NULL) + heim_abort("no auto relase pool in place, would leak"); + + HEIMDAL_MUTEX_lock(&ar->pool_mutex); + HEIM_TAILQ_INSERT_HEAD(&ar->pool, p, autorel); + p->autorelpool = ar; + HEIMDAL_MUTEX_unlock(&ar->pool_mutex); +} + +/** + * + */ + +void +heim_auto_release_drain(heim_auto_release_t autorel) +{ + heim_object_t obj; + + /* release all elements on the tail queue */ + + HEIMDAL_MUTEX_lock(&autorel->pool_mutex); + while(!HEIM_TAILQ_EMPTY(&autorel->pool)) { + obj = HEIM_TAILQ_FIRST(&autorel->pool); + HEIMDAL_MUTEX_unlock(&autorel->pool_mutex); + heim_release(BASE2PTR(obj)); + HEIMDAL_MUTEX_lock(&autorel->pool_mutex); + } + HEIMDAL_MUTEX_unlock(&autorel->pool_mutex); +} diff --git a/crypto/heimdal/base/heimbase.h b/crypto/heimdal/base/heimbase.h new file mode 100644 index 00000000000..f1ca2317845 --- /dev/null +++ b/crypto/heimdal/base/heimbase.h @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEIM_BASE_H +#define HEIM_BASE_H 1 + +#include +#include +#include +#include + +typedef void * heim_object_t; +typedef unsigned int heim_tid_t; +typedef heim_object_t heim_bool_t; +typedef heim_object_t heim_null_t; +#define HEIM_BASE_ONCE_INIT 0 +typedef long heim_base_once_t; /* XXX arch dependant */ + +#if !defined(__has_extension) +#define __has_extension(x) 0 +#endif + +#define HEIM_REQUIRE_GNUC(m,n,p) \ + (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \ + (((m) * 10000) + ((n) * 100) + (p))) + + +#if __has_extension(__builtin_expect) || HEIM_REQUIRE_GNUC(3,0,0) +#define heim_builtin_expect(_op,_res) __builtin_expect(_op,_res) +#else +#define heim_builtin_expect(_op,_res) (_op) +#endif + + +void * heim_retain(heim_object_t); +void heim_release(heim_object_t); + +typedef void (*heim_type_dealloc)(void *); + +void * +heim_alloc(size_t size, const char *name, heim_type_dealloc dealloc); + +heim_tid_t +heim_get_tid(heim_object_t object); + +int +heim_cmp(heim_object_t a, heim_object_t b); + +unsigned long +heim_get_hash(heim_object_t ptr); + +void +heim_base_once_f(heim_base_once_t *, void *, void (*)(void *)); + +void +heim_abort(const char *fmt, ...) + HEIMDAL_NORETURN_ATTRIBUTE + HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 2)); + +void +heim_abortv(const char *fmt, va_list ap) + HEIMDAL_NORETURN_ATTRIBUTE + HEIMDAL_PRINTF_ATTRIBUTE((printf, 1, 0)); + +#define heim_assert(e,t) \ + (heim_builtin_expect(!(e), 0) ? heim_abort(t ":" #e) : (void)0) + +/* + * + */ + +heim_null_t +heim_null_create(void); + +heim_bool_t +heim_bool_create(int); + +int +heim_bool_val(heim_bool_t); + +/* + * Array + */ + +typedef struct heim_array_data *heim_array_t; + +heim_array_t heim_array_create(void); +heim_tid_t heim_array_get_type_id(void); + +typedef void (*heim_array_iterator_f_t)(heim_object_t, void *); + +int heim_array_append_value(heim_array_t, heim_object_t); +void heim_array_iterate_f(heim_array_t, heim_array_iterator_f_t, void *); +#ifdef __BLOCKS__ +void heim_array_iterate(heim_array_t, void (^)(heim_object_t)); +#endif +size_t heim_array_get_length(heim_array_t); +heim_object_t + heim_array_copy_value(heim_array_t, size_t); +void heim_array_delete_value(heim_array_t, size_t); +#ifdef __BLOCKS__ +void heim_array_filter(heim_array_t, int (^)(heim_object_t)); +#endif + +/* + * Dict + */ + +typedef struct heim_dict_data *heim_dict_t; + +heim_dict_t heim_dict_create(size_t size); +heim_tid_t heim_dict_get_type_id(void); + +typedef void (*heim_dict_iterator_f_t)(heim_object_t, heim_object_t, void *); + +int heim_dict_add_value(heim_dict_t, heim_object_t, heim_object_t); +void heim_dict_iterate_f(heim_dict_t, heim_dict_iterator_f_t, void *); +#ifdef __BLOCKS__ +void heim_dict_iterate(heim_dict_t, void (^)(heim_object_t, heim_object_t)); +#endif + +heim_object_t + heim_dict_copy_value(heim_dict_t, heim_object_t); +void heim_dict_delete_key(heim_dict_t, heim_object_t); + +/* + * String + */ + +typedef struct heim_string_data *heim_string_t; + +heim_string_t heim_string_create(const char *); +heim_tid_t heim_string_get_type_id(void); +const char * heim_string_get_utf8(heim_string_t); + +/* + * Number + */ + +typedef struct heim_number_data *heim_number_t; + +heim_number_t heim_number_create(int); +heim_tid_t heim_number_get_type_id(void); +int heim_number_get_int(heim_number_t); + +/* + * + */ + +typedef struct heim_auto_release * heim_auto_release_t; + +heim_auto_release_t heim_auto_release_create(void); +void heim_auto_release_drain(heim_auto_release_t); +void heim_auto_release(heim_object_t); + +#endif /* HEIM_BASE_H */ diff --git a/crypto/heimdal/base/heimbasepriv.h b/crypto/heimdal/base/heimbasepriv.h new file mode 100644 index 00000000000..772962548f4 --- /dev/null +++ b/crypto/heimdal/base/heimbasepriv.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +typedef void (*heim_type_init)(void *); +typedef heim_object_t (*heim_type_copy)(void *); +typedef int (*heim_type_cmp)(void *, void *); +typedef unsigned long (*heim_type_hash)(void *); + +typedef struct heim_type_data *heim_type_t; + +enum { + HEIM_TID_NUMBER = 0, + HEIM_TID_NULL = 1, + HEIM_TID_BOOL = 2, + HEIM_TID_TAGGED_UNUSED2 = 3, + HEIM_TID_TAGGED_UNUSED3 = 4, + HEIM_TID_TAGGED_UNUSED4 = 5, + HEIM_TID_TAGGED_UNUSED5 = 6, + HEIM_TID_TAGGED_UNUSED6 = 7, + HEIM_TID_MEMORY = 128, + HEIM_TID_ARRAY = 129, + HEIM_TID_DICT = 130, + HEIM_TID_STRING = 131, + HEIM_TID_AUTORELEASE = 132, + HEIM_TID_USER = 255 + +}; + +struct heim_type_data { + heim_tid_t tid; + const char *name; + heim_type_init init; + heim_type_dealloc dealloc; + heim_type_copy copy; + heim_type_cmp cmp; + heim_type_hash hash; +}; + +heim_type_t _heim_get_isa(heim_object_t); + +heim_type_t +_heim_create_type(const char *name, + heim_type_init init, + heim_type_dealloc dealloc, + heim_type_copy copy, + heim_type_cmp cmp, + heim_type_hash hash); + +heim_object_t +_heim_alloc_object(heim_type_t type, size_t size); + +heim_tid_t +_heim_type_get_tid(heim_type_t type); + +/* tagged tid */ +extern struct heim_type_data _heim_null_object; +extern struct heim_type_data _heim_bool_object; +extern struct heim_type_data _heim_number_object; +extern struct heim_type_data _heim_string_object; diff --git a/crypto/heimdal/base/heimqueue.h b/crypto/heimdal/base/heimqueue.h new file mode 100644 index 00000000000..423a6847879 --- /dev/null +++ b/crypto/heimdal/base/heimqueue.h @@ -0,0 +1,167 @@ +/* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */ +/* $Id$ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _HEIM_QUEUE_H_ +#define _HEIM_QUEUE_H_ + +/* + * Tail queue definitions. + */ +#define HEIM_TAILQ_HEAD(name, type) \ +struct name { \ + struct type *tqh_first; /* first element */ \ + struct type **tqh_last; /* addr of last next element */ \ +} + +#define HEIM_TAILQ_HEAD_INITIALIZER(head) \ + { NULL, &(head).tqh_first } +#define HEIM_TAILQ_ENTRY(type) \ +struct { \ + struct type *tqe_next; /* next element */ \ + struct type **tqe_prev; /* address of previous next element */ \ +} + +/* + * Tail queue functions. + */ +#if defined(_KERNEL) && defined(QUEUEDEBUG) +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD(head, elm, field) \ + if ((head)->tqh_first && \ + (head)->tqh_first->field.tqe_prev != &(head)->tqh_first) \ + panic("HEIM_TAILQ_INSERT_HEAD %p %s:%d", (head), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL(head, elm, field) \ + if (*(head)->tqh_last != NULL) \ + panic("HEIM_TAILQ_INSERT_TAIL %p %s:%d", (head), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_OP(elm, field) \ + if ((elm)->field.tqe_next && \ + (elm)->field.tqe_next->field.tqe_prev != \ + &(elm)->field.tqe_next) \ + panic("HEIM_TAILQ_* forw %p %s:%d", (elm), __FILE__, __LINE__);\ + if (*(elm)->field.tqe_prev != (elm)) \ + panic("HEIM_TAILQ_* back %p %s:%d", (elm), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_PREREMOVE(head, elm, field) \ + if ((elm)->field.tqe_next == NULL && \ + (head)->tqh_last != &(elm)->field.tqe_next) \ + panic("HEIM_TAILQ_PREREMOVE head %p elm %p %s:%d", \ + (head), (elm), __FILE__, __LINE__); +#define QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE(elm, field) \ + (elm)->field.tqe_next = (void *)1L; \ + (elm)->field.tqe_prev = (void *)1L; +#else +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD(head, elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL(head, elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_OP(elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_PREREMOVE(head, elm, field) +#define QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE(elm, field) +#endif + +#define HEIM_TAILQ_INIT(head) do { \ + (head)->tqh_first = NULL; \ + (head)->tqh_last = &(head)->tqh_first; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_HEAD(head, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_INSERT_HEAD((head), (elm), field) \ + if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ + (head)->tqh_first->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (head)->tqh_first = (elm); \ + (elm)->field.tqe_prev = &(head)->tqh_first; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_TAIL(head, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_INSERT_TAIL((head), (elm), field) \ + (elm)->field.tqe_next = NULL; \ + (elm)->field.tqe_prev = (head)->tqh_last; \ + *(head)->tqh_last = (elm); \ + (head)->tqh_last = &(elm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_OP((listelm), field) \ + if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ + (elm)->field.tqe_next->field.tqe_prev = \ + &(elm)->field.tqe_next; \ + else \ + (head)->tqh_last = &(elm)->field.tqe_next; \ + (listelm)->field.tqe_next = (elm); \ + (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_OP((listelm), field) \ + (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ + (elm)->field.tqe_next = (listelm); \ + *(listelm)->field.tqe_prev = (elm); \ + (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_REMOVE(head, elm, field) do { \ + QUEUEDEBUG_HEIM_TAILQ_PREREMOVE((head), (elm), field) \ + QUEUEDEBUG_HEIM_TAILQ_OP((elm), field) \ + if (((elm)->field.tqe_next) != NULL) \ + (elm)->field.tqe_next->field.tqe_prev = \ + (elm)->field.tqe_prev; \ + else \ + (head)->tqh_last = (elm)->field.tqe_prev; \ + *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + QUEUEDEBUG_HEIM_TAILQ_POSTREMOVE((elm), field); \ +} while (/*CONSTCOND*/0) + +#define HEIM_TAILQ_FOREACH(var, head, field) \ + for ((var) = ((head)->tqh_first); \ + (var); \ + (var) = ((var)->field.tqe_next)) + +#define HEIM_TAILQ_FOREACH_REVERSE(var, head, headname, field) \ + for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last)); \ + (var); \ + (var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last))) + +/* + * Tail queue access methods. + */ +#define HEIM_TAILQ_EMPTY(head) ((head)->tqh_first == NULL) +#define HEIM_TAILQ_FIRST(head) ((head)->tqh_first) +#define HEIM_TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) + +#define HEIM_TAILQ_LAST(head, headname) \ + (*(((struct headname *)((head)->tqh_last))->tqh_last)) +#define HEIM_TAILQ_PREV(elm, headname, field) \ + (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) + + +#endif /* !_HEIM_QUEUE_H_ */ diff --git a/crypto/heimdal/base/null.c b/crypto/heimdal/base/null.c new file mode 100644 index 00000000000..66731aad261 --- /dev/null +++ b/crypto/heimdal/base/null.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +struct heim_type_data _heim_null_object = { + HEIM_TID_NULL, + "null-object", + NULL, + NULL, + NULL, + NULL, + NULL +}; + +heim_null_t +heim_null_create(void) +{ + return heim_base_make_tagged_object(0, HEIM_TID_NULL); +} diff --git a/crypto/heimdal/base/number.c b/crypto/heimdal/base/number.c new file mode 100644 index 00000000000..72631a531ce --- /dev/null +++ b/crypto/heimdal/base/number.c @@ -0,0 +1,127 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" + +static void +number_dealloc(void *ptr) +{ +} + +static int +number_cmp(void *a, void *b) +{ + int na, nb; + + if (heim_base_is_tagged_object(a)) + na = heim_base_tagged_object_value(a); + else + na = *(int *)a; + + if (heim_base_is_tagged_object(b)) + nb = heim_base_tagged_object_value(b); + else + nb = *(int *)b; + + return na - nb; +} + +static unsigned long +number_hash(void *ptr) +{ + if (heim_base_is_tagged_object(ptr)) + return heim_base_tagged_object_value(ptr); + return (unsigned long)*(int *)ptr; +} + +struct heim_type_data _heim_number_object = { + HEIM_TID_NUMBER, + "number-object", + NULL, + number_dealloc, + NULL, + number_cmp, + number_hash +}; + +/** + * Create a number object + * + * @param the number to contain in the object + * + * @return a number object + */ + +heim_number_t +heim_number_create(int number) +{ + heim_number_t n; + + if (number < 0xffffff && number >= 0) + return heim_base_make_tagged_object(number, HEIM_TID_NUMBER); + + n = _heim_alloc_object(&_heim_number_object, sizeof(int)); + if (n) + *((int *)n) = number; + return n; +} + +/** + * Return the type ID of number objects + * + * @return type id of number objects + */ + +heim_tid_t +heim_number_get_type_id(void) +{ + return HEIM_TID_NUMBER; +} + +/** + * Get the int value of the content + * + * @param number the number object to get the value from + * + * @return an int + */ + +int +heim_number_get_int(heim_number_t number) +{ + if (heim_base_is_tagged_object(number)) + return heim_base_tagged_object_value(number); + return *(int *)number; +} diff --git a/crypto/heimdal/base/string.c b/crypto/heimdal/base/string.c new file mode 100644 index 00000000000..11e8841153b --- /dev/null +++ b/crypto/heimdal/base/string.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "baselocl.h" +#include + +static void +string_dealloc(void *ptr) +{ +} + +static int +string_cmp(void *a, void *b) +{ + return strcmp(a, b); +} + +static unsigned long +string_hash(void *ptr) +{ + const char *s = ptr; + unsigned long n; + + for (n = 0; *s; ++s) + n += *s; + return n; +} + +struct heim_type_data _heim_string_object = { + HEIM_TID_STRING, + "string-object", + NULL, + string_dealloc, + NULL, + string_cmp, + string_hash +}; + +/** + * Create a string object + * + * @param string the string to create, must be an utf8 string + * + * @return string object + */ + +heim_string_t +heim_string_create(const char *string) +{ + size_t len = strlen(string); + heim_string_t s; + + s = _heim_alloc_object(&_heim_string_object, len + 1); + if (s) + memcpy(s, string, len + 1); + return s; +} + +/** + * Return the type ID of string objects + * + * @return type id of string objects + */ + +heim_tid_t +heim_string_get_type_id(void) +{ + return HEIM_TID_STRING; +} + +/** + * Get the string value of the content. + * + * @param string the string object to get the value from + * + * @return a utf8 string + */ + +const char * +heim_string_get_utf8(heim_string_t string) +{ + return (const char *)string; +} diff --git a/crypto/heimdal/base/test_base.c b/crypto/heimdal/base/test_base.c new file mode 100644 index 00000000000..320512bf894 --- /dev/null +++ b/crypto/heimdal/base/test_base.c @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include "heimbase.h" +#include "heimbasepriv.h" + +static void +memory_free(heim_object_t obj) +{ +} + +static int +test_memory(void) +{ + void *ptr; + + ptr = heim_alloc(10, "memory", memory_free); + + heim_retain(ptr); + heim_release(ptr); + + heim_retain(ptr); + heim_release(ptr); + + heim_release(ptr); + + ptr = heim_alloc(10, "memory", NULL); + heim_release(ptr); + + return 0; +} + +static int +test_dict(void) +{ + heim_dict_t dict; + heim_number_t a1 = heim_number_create(1); + heim_string_t a2 = heim_string_create("hejsan"); + heim_number_t a3 = heim_number_create(3); + heim_string_t a4 = heim_string_create("foosan"); + + dict = heim_dict_create(10); + + heim_dict_add_value(dict, a1, a2); + heim_dict_add_value(dict, a3, a4); + + heim_dict_delete_key(dict, a3); + heim_dict_delete_key(dict, a1); + + heim_release(a1); + heim_release(a2); + heim_release(a3); + heim_release(a4); + + heim_release(dict); + + return 0; +} + +static int +test_auto_release(void) +{ + heim_auto_release_t ar1, ar2; + heim_number_t n1; + heim_string_t s1; + + ar1 = heim_auto_release_create(); + + s1 = heim_string_create("hejsan"); + heim_auto_release(s1); + + n1 = heim_number_create(1); + heim_auto_release(n1); + + ar2 = heim_auto_release_create(); + + n1 = heim_number_create(1); + heim_auto_release(n1); + + heim_release(ar2); + heim_release(ar1); + + return 0; +} + +static int +test_string(void) +{ + heim_string_t s1, s2; + const char *string = "hejsan"; + + s1 = heim_string_create(string); + s2 = heim_string_create(string); + + if (heim_cmp(s1, s2) != 0) { + printf("the same string is not the same\n"); + exit(1); + } + + heim_release(s1); + heim_release(s2); + + return 0; +} + +int +main(int argc, char **argv) +{ + int res = 0; + + res |= test_memory(); + res |= test_dict(); + res |= test_auto_release(); + res |= test_string(); + + return res; +} diff --git a/crypto/heimdal/base/version-script.map b/crypto/heimdal/base/version-script.map new file mode 100644 index 00000000000..007052baeb0 --- /dev/null +++ b/crypto/heimdal/base/version-script.map @@ -0,0 +1,28 @@ +HEIMDAL_BASE_1.0 { + global: + heim_abort; + heim_alloc; + heim_array_append_value; + heim_array_copy_value; + heim_array_create; + heim_array_delete_value; + heim_array_get_length; + heim_array_iterate_f; + heim_auto_release; + heim_auto_release_create; + heim_auto_release_drain; + heim_base_once_f; + heim_cmp; + heim_dict_add_value; + heim_dict_copy_value; + heim_dict_create; + heim_dict_delete_key; + heim_dict_iterate_f; + heim_release; + heim_retain; + heim_string_create; + heim_string_get_utf8; + heim_number_create; + local: + *; +}; diff --git a/crypto/heimdal/cf/ChangeLog b/crypto/heimdal/cf/ChangeLog deleted file mode 100644 index 0bd84c652cb..00000000000 --- a/crypto/heimdal/cf/ChangeLog +++ /dev/null @@ -1,1232 +0,0 @@ -2007-10-01 Love Hörnquist Åstrand - - * crypto.m4: openssl might require -ldl too, so lets check that. - -2007-07-31 Love Hörnquist Åstrand - - * Makefile.am.common (check-local::): exit on failure to perform - test. - -2007-07-28 Love Hörnquist Åstrand - - * Makefile.am.common (check-local): also check that --help works. - -2007-07-17 Love Hörnquist Åstrand - - * crypto.m4: depend on EVP_CIPHER_iv_length - -2007-06-27 Love Hörnquist Åstrand - - * Makefile.am.common: Need absolute reference to the top source - directory and top build directory. - -2007-06-20 Love Hörnquist Åstrand - - * wflags.m4: Add --enable-developer and make it cause -Werror to - be included. - -2007-06-18 Love Hörnquist Åstrand - - * Makefile.am.common: Merge from samba config. - - * Makefile.am.common (makedir-in-tree): depend on INFO_DEPS. - - * valgrind-suppressions: Unknown suppression in runtime link - editor - -2007-06-08 Love Hörnquist Åstrand - - * Makefile.am.common: Add heimdal-lorikeet target distdir-in-tree - -2007-06-04 Love Hörnquist Åstrand - - * framework-security.m4: test for -framework Security - -2007-05-10 Love Hörnquist Åstrand - - * roken-frag.m4: we have a fnmatch.h only if there is a working - implementation and a header file. If we do use roken, lets use our - own headerfile that does symbol renaming. - -2007-04-19 Love Hörnquist Åstrand - - * version-script.m4: check if ld supports --version-script - -2007-04-11 Love Hörnquist Åstrand - - * roken-frag.m4: drop broken-getnameinfo.m4 - - * roken-frag.m4: drop test for broken getnameinfo, that old aix is - no longer relevant. - -2007-02-16 Love Hörnquist Åstrand - - * install-catman.sh: Stop overwriting cmd. - -2007-01-15 Love Hörnquist Åstrand - - * install-catman.sh: Use test instead of [. - - * install-catman.sh: Use = instead of ==, make solaris more happy. - -2007-01-08 Love Hörnquist Åstrand - - * roken-frag.m4: More headerfiles for iruserok prototype check. - - * check-symbols.sh: Add fc_softc for AIX as ignore syms. - -2007-01-04 Love Hörnquist Åstrand - - * roken-frag.m4: Check if iruserok needs a prototype. - -2006-12-06 Love Hörnquist Åstrand - - * check-compile-et.m4: set automake symbol COM_ERR when we build - local com_err - -2006-11-16 Love Hörnquist Åstrand - - * valgrind-suppressions: We shouldn't be running /bin/ls under - valgrind, but for now, at least make it easier to see any other - warnings. From Andrew Bartlett. - -2006-10-22 Love Hörnquist Åstrand - - * Makefile.am.common: Add target for valgrind debugging - - * valgrind-suppressions: valgrind suppressions - -2006-10-21 Love Hörnquist Åstrand - - * check-lex.m4: Borrow test for autoconf cvs to help hpux hosts - -2006-10-20 Love Hörnquist Åstrand - - * Makefile.am.common: provide uninstall hook for cat/manpages. - - * install-catman.sh: provide uninstall command - -2006-10-19 Love Hörnquist Åstrand - - * roken-frag.m4: Add check for timegm. - - * roken-frag.m4: Include sys/types.h for sys/socket.h and netdb.h. - -2006-10-07 Love Hörnquist Åstrand - - * Makefile.am.common (install-build-headers): make this function - convoluted and deal with dist_, nodist, nobase and all its - friends. - - * have-struct-field.m4: memset the structure to make sure that we - don't get compiler warnings. - - * crypto.m4: OpenSSL_add_all_algorithms is not a openssl specific - requirement, hcrypto need to have to too. - - * crypto.m4: Require openssl have OpenSSL_add_all_algorithms - -2006-10-04 Love Hörnquist Åstrand - - * autobuild.m4: Add autobuild, GPLed, but free to use in projects - not avaible under GPL or LGPL (just like autoconf). - -2006-09-16 Love Hörnquist Åstrand - - * roken-frag.m4: Add samba_SOCKET_WRAPPER fragment - -2006-09-12 Love Hörnquist Åstrand - - * socket-wrapper.m4: Add socket-wrapper test - -2006-05-06 Love Hörnquist Åstrand - - * crypto.m4: Move up evp.h to please OpenSSL, from Douglas - E. Engert. - -2006-04-22 Love Hörnquist Åstrand - - * roken-frag.m4: Add check for fnmatch.h, its needed to be done - for the automake conditional below. - -2006-04-15 Love Hörnquist Åstrand - - * crypto.m4: Require SHA256 - -2006-01-18 Love Hörnquist Åstrand - - * crypto.m4 Check for if we are to consider - using OpenSSL, also check for headers since - make_crypto.c assumes that the name of the files. - -2006-01-13 Love Hörnquist Åstrand - - * crypto.m4: libdes is renamed to hcrypto - - * crypto.m4: Remove support for old hash names. - -2005-10-26 Love Hörnquist Åstrand - - * install-catman.sh: Add variable INSTALL_CATPAGES that controls - if cat pages are installed, defaults to true. From Johnny Lam - . - -2005-09-28 Love Hörnquist Åstrand - - * roken-frag.m4: Check for and uintptr_t - -2005-09-02 Love Hörnquist Åstrand - - * roken-frag.m4: Resolver check moved to rk_RESOLV, from Andrew - Bartlet - - * resolv.m4: Resolver checks, broken out so samba can use it From - Andrew Bartlet - -2005-08-22 Love Hörnquist Åstrand - - * roken-frag.m4: Check for res_ndestroy. - -2005-08-03 Love Hörnquist Åstrand - - * crypto.m4: Add , OpenSSL 0.9.8 needs it for size_t. - From: Quanah Gibson-Mount - -2005-07-12 Love Hörnquist Åstrand - - * check-compile-et.m4: check that initialize_conf_error_table_r - have the right argument - -2005-07-07 Love Hörnquist Åstrand - - * check-symbols.sh: allow symbols to start with ., aix uses this - -2005-06-16 Love Hörnquist Åstrand - - * krb-bigendian.m4: use ansi c prototypes - - * krb-func-getcwd-broken.m4: use ansi c prototypes - - * broken-snprintf.m4: use ansi c prototypes - - * have-pragma-weak.m4: use ansi c declarations - - * check-getpwnam_r-posix.m4: use ansi c declarations - - * broken-realloc.m4: use ansi c declarations - - * check-compile-et.m4: use ansi c declarations - - * dlopen.m4: add headers and argument to dlopen - - * c-function.m4: use ansi c declarations - - * check-var.m4: use ansi c declarations - - * pthreads.m4: disable threads on aix because of utmp/utmpx - problems - - * broken-getaddrinfo.m4: check for brokenness in getaddrinfo on - AIX that can't handle "0" as port number. - -2005-06-11 Love Hörnquist Åstrand - - * db.m4: Add an option to disable ndbm, from Stefan Metzmacher - - -2005-06-03 Love Hörnquist Åstrand - - * pthreads.m4: rework how pthreads support to turned on/off, - always run though the switch to figure out what the - linker/compiler flag are - -2005-06-01 Love Hörnquist Åstrand - - * pthreads.m4: s/else if/elif/ - - * check-symbols.sh: AIX have a diffrent nm, use -B to get bsd like - output - - * pthreads.m4: aix case: assume gcc handles -pthread, in the - non-gcc case, use the compiler as hint (xlc vs xlc_r) if this - environment handles threads or not - -2005-05-22 Love Hörnquist Åstrand - - * check-symbols.sh: ignore weak symbols too - -2005-05-19 David Love - - * check-getpwnam_r-posix.m4: define _POSIX_PTHREAD_SEMANTICS to - make solaris provide the right getpwname_r - -2005-05-17 Johan Danielsson - - * roken-frag.m4: am_conditional have_cgetent - -2005-05-10 David Love - - * roken-frag.m4: Get daemon declared on Solaris (it's in unistd.h - but masked by a feature test), just to avoid a warning, since it - has int args. - -2005-05-11 Love Hörnquist Åstrand - - * check-var.m4: AC_CHECK_DECL and AC_CHECK_DECLS have a subtile - diffrence, the later defines HAVE_ cpp symbols, the first doesn't. - -2005-05-05 Love Hörnquist Åstrand - - * check-symbols.sh: ignore N symbols too - -2005-04-30 Love Hörnquist Åstrand - - * broken-snprintf.m4: include checking if snprintf(NULL, 0, "") - works - - * check-compile-et.m4: require compile_et to generate a - initialize_FOO_error_table_r (they are used in libkrb5), and - always check for initialize_error_table_r - -2005-04-29 Love Hörnquist Åstrand - - * Makefile.am.common: add LIB_com_err - -2005-04-29 David Love - - * roken-frag.m4: Check for correct vis.h. - -2005-04-28 David Love - - * pthreads.m4: Set PTHREADS_LIBS on Irix. - -2005-04-27 Love Hörnquist Åstrand - - * broken-realloc.m4: use rk_realloc if realloc is broken, this - makes "host-tools" not beeing able to use realloc - - * pthreads.m4: Add support for Solaris, Irix, and modern - Linux. From David Love - -2005-04-25 Love Hörnquist Åstrand - - * check-symbols.sh: limit the units functions to - asn1_[A-Za-z0-9]*_units$ - -2005-04-20 Love Hörnquist Åstrand - - * check-symbols.sh: this lib include com_err, add -com_err to - CHECK_SYMBOLS - - * check-symbols.sh: print the type so I don't need to ask for it - -2005-04-18 Love Hörnquist Åstrand - - * check-symbols.sh: ignore filename symbols - -2005-04-04 Love Hörnquist Åstrand - - * check-symbols.sh: assume symbols prefixed with _ is a sideeffekt - of the local linker and also just fine - -2005-03-16 Love Hörnquist Åstrand - - * roken-frag.m4: include for - -2005-03-01 Love Hörnquist Åstrand - - * sunos.m4: Match solaris 10. From: Joakim Fallsjo - - -2004-12-29 Love - - * check-symbols.sh: add -asn1compile symbols - -2004-12-29 Love Hörnquist Åstrand - - * check-symbols.sh: add exported symbols test - - * Makefile.am.common: add CHECK_SYMBOLS tests, so that we don't - export to much stuff - -2004-09-03 Love Hörnquist Åstrand - - * make-proto.pl: add cpluscplus extern "C" support - -2004-07-09 Love Hörnquist Åstrand - - * pthreads.m4: add -pthread to LIBS since libtool doesn't preserve - it for us when adding is as a dependency on libs - -2004-04-24 Johan Danielsson - - * largefile.m4: like AC_SYS_LARGEFILE, but also add to CPPFLAGS - -2004-04-14 Love Hörnquist Åstrand - - * check-compile-et.m4: even more evil stuff for cross-compiling - - * check-x.m4: use AC_RUN_IFELSE so we can handle cross compiling - - * check-compile-et.m4: use AC_RUN_IFELSE so we can handle cross - compiling - -2004-04-13 Love Hörnquist Åstrand - - * make-proto.pl: if -E, add windows standard calling conv to - headerfile if needed - - * win32.m4: add rk_WIN32_EXPORT - -2004-02-12 Love Hörnquist Åstrand - - * configure.in: rename AC_WFLAGS to rk_WFLAGS - - * *.m4: overquote to pacify automake1.8 - -2004-02-11 Love Hörnquist Åstrand - - * roken-frag.m4: resolv.h is even more special - - * roken-frag.m4: AC_CHECK_HEADERS(net/if.h netinet6/in6_var.h - sys/sysctl.h sys/proc.h, resolv.h) are all special and need extra - help - - * test-package.m4: If there is a --with-PACKAGE=path but no - --with-PACKAGE-config, go seach for path/PACKEGE-config and use it - if it exists. Inspired by Harald Barth - -2003-09-03 Love Hörnquist Åstrand - - * crypto.m4: check for DES_, AES_, and if openssl UI_ - -2003-08-27 Johan Danielsson - - * vararray.m4: test for variable-length arrays - - * roken-frag.m4: test for poll and poll.h - -2003-08-16 Love Hörnquist Åstrand - - * Makefile.am.common: don't try doing local checks if CHECK_LOCAL - is set to no-check-local - -2003-08-01 Love Hörnquist Åstrand - - * check-compile-et.m4: check if compile_et support ``error_table N - M'' also, don't be overly aggressivly reset CFLAGS - -2003-07-22 Love Hörnquist Åstrand - - * pthreads.m4: pthread test - -2003-05-08 Johan Danielsson - - * Makefile.am.common: change install-data-local to - install-data-hook - -2003-05-05 Assar Westerlund - - * crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY - -2003-04-03 Love Hörnquist Åstrand - - * crypto.m4: check if libcrypto needs -lnsl or -lsocket - -2003-04-02 Love Hörnquist Åstrand - - * crypto.m4: in the case where se don't link with kerberos 4, use - ${with_openssl_include} if its are set (not - ${with_openssl}/include) same for with_openssl_lib - -2003-03-18 Love Hörnquist Åstrand - - * Makefile.am.common: always define LIB_kafs - -2003-03-12 Love Hörnquist Åstrand - - * check-compile-et.m4: check if the output of compile_et needs - initialize_error_table_r - -2003-02-17 Love Hörnquist Åstrand - - * check-var.m4: add a check if the variable is avaible when we - include the headerfiles - -2002-12-18 Johan Danielsson - - * roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard - Chu - -2002-10-25 Johan Danielsson - - * crypto.m4: do a better job at matching headers to libraries - -2002-10-16 Johan Danielsson - - * sunos.m4: more quoting - -2002-09-19 Johan Danielsson - - * make-proto.pl: check the processed string for closing ), not the - source - -2002-09-10 Johan Danielsson - - * crypto.m4: use m4 macros for test cases, also test for older - hash names - - * test-package.m4: include dep libraries in LIB_* - - * crypto.m4: move krb4 test before test for openssl, and bail out - if krb4 is requested, but the crypto library is not the same as - krb4 - - * db.m4: filter contents of LDFLAGS - -2002-09-09 Johan Danielsson - - * auth-modules.m4: rename to rk_AUTH_MODULES - - * auth-modules.m4: only include modules explicitly asked for - -2002-09-04 Johan Danielsson - - * roken-frag.m4: test for res_nsearch - -2002-09-03 Assar Westerlund - - * roken-frag.m4: check for sys/mman.h and mmap (used by - parse_reply-test) - -2002-08-28 Assar Westerlund - - * krb-readline.m4: also add LIB_tgetent in the case of editline - - * crypto.m4: define HAVE_OPENSSL even if we got to hear about it - by krb4 - -2002-08-28 Johan Danielsson - - * krb-readline.m4: add LIB_tgetent to LIB_readline if we have to - - * sunos.m4: various sunos tests - - * crypto.m4: try to extract the crypto compiler flags from - {INCLUDE,LIB}_krb4 - (XXX this is really horrible) - - * krb-readline.m4: don't add -rpath to LIB_readline (libtool - should to this for us), also don't append LIB_tgetent to - LIB_readline (TEST_PACKAGE should do this) - - * test-package.m4: add the possibility to use a *-config program - to get flags; rename to rk_TEST_PACKAGE while here - - * krb-bigendian.m4: move ENDIANESS_IN_SYS_PARAM_H tests here - - * aix.m4: rename to rk_AIX - - * telnet.m4: move telnet tests here - - * aix.m4: restructure this somewhat - - * dlopen.m4: test for dlopen suitable for AC_REQUIRE - - * irix.m4: move some stuff here and rename to irix.m4 - - * krb-sys-nextstep.m4: move SGTTY stuff to read_pwd.c - -2002-08-28 Jacques Vidrine - - * auth-modules.m4: do not build pam_krb4 on freebsd - -2002-08-26 Assar Westerlund - - * roken-frag.m4: test for the vis, strvis functions requiring - prototypes - -2002-08-23 Johan Danielsson - - * need-proto.m4: missing comma - -2002-08-22 Johan Danielsson - - * roken-frag.m4: some rototilling - - * need-proto.m4: use AS_TR_CPP - -2002-08-20 Johan Danielsson - - * roken-frag.m4: HAVE_TYPE instead of CHECK_TYPE ssize_t - - * krb-version.m4: use PACKAGE_TARNAME and PACKAGE_STRING - - * broken-getaddrinfo.m4: can't test for EAI_SERVICE here since AIX - is even more fsck:ed - - * roken-frag.m4: test for altzone - -2002-08-19 Johan Danielsson - - * Makefile.am.common: only define ROKEN_RENAME if do_roken_rename - -2002-08-13 Johan Danielsson - - * Makefile.am.common: add ROKEN_RENAME variable - -2002-08-12 Johan Danielsson - - * make-proto.pl: include to get va_list - - * destdirs.m4: also define localstatedir and sysconfdir - -2002-08-01 Johan Danielsson - - * crypto.m4: newer openssl seems to take the address of the - schedule parameter to des_cbc_encrypt, so we need to feed it a - variable, not just NULL (from Magnus Holmberg) - -2002-05-24 Johan Danielsson - - * misc.m4: change \100 back to @; some m4's (probably some regex) - doesn't like this as a replacement regexp; the reason it was once - changed to \100 was probably because of some autoconf bug at the - time - -2002-05-20 Johan Danielsson - - * broken2.m4 []-less is apparently the way to go - -2002-05-19 Johan Danielsson - - * otp.m4: check db_type instead of precence of dbm_firstkey - - * roken-frag.m4: don't AC_LIBOBJ more than one function at a time - - * find-if-not-broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/ - - * broken2.m4: s/AC_LIBOBJ/rk_LIBOBJ/ - - * broken.m4: s/AC_LIBOBJ/rk_LIBOBJ/ - - * misc.m4: automake can't handle macros passed to AC_LIBOBJ, so - add an alias to it called rk_LIBOBJ; this requires that the - relevant source are manually included in roken/Makefile.am - - * aix.m4: ac_enable --diable-dynamic-afs - - * roken-frag.m4: use AC_LIBOBJ - - * krb-func-getcwd-broken.m4: use AC_LIBOBJ - - * find-if-not-broken.m4: use AC_LIBOBJ - - * broken2.m4: use AC_LIBOBJ - - * broken.m4: use AC_LIBOBJ - - * aix.m4: recognise aix5 - -2002-05-17 Johan Danielsson - - * crypto.m4: am-conditionalise HAVE_OPENSSL - - * db.m4: make it possible to run this twice - - * Makefile.am.common: also install nodist_include_HEADERS - -2002-05-16 Johan Danielsson - - * make-proto.pl: make it possible to redefine the "private" regexp - -2002-05-02 Johan Danielsson - - * db.m4: am_cond HAVE_* - -2002-04-30 Johan Danielsson - - * krb-ipv6.m4: use AC_HELP_STRING; fix logic bug in AC_MSG_RESULT - call - - * test-package.m4: use AC_HELP_STRING - - * roken.m4: use AC_HELP_STRING - - * osfc2.m4: use AC_HELP_STRING - - * mips-abi.m4: use AC_HELP_STRING - - * krb-bigendian.m4: use AC_HELP_STRING - - * db.m4: rework this somewhat; check for db3/4 in subdirs, change - --with to --enable; it should really be possible to point it to - some directory --with-berkeley-db=/foo - - * otp.m4: OTP test - -2002-04-25 Johan Danielsson - - * destdirs.m4: define BINDIR et al - -2002-04-18 Johan Danielsson - - * misc.m4: remove some stuff that is defined elsewhere - - * make-proto.pl: optionally remove __P and parameter names - -2001-11-30 Assar Westerlund - - * roken-frag.m4: move ipv6 tests after -lsocket (to handle Solaris - 8) - -2001-09-29 Assar Westerlund - - * install-catman.sh: handle man pages without SYNOPSIS but looking - for both SYNOPSIS and DESCRIPTION - -2001-09-18 Johan Danielsson - - * roken-frag.m4: include freeaddrinfo if using getaddrinfo - -2001-09-13 Assar Westerlund - - * db.m4: test for the ndbm database really being a .db one - and use it when moving/removing database files - -2001-09-03 Assar Westerlund - - * db.m4: prefer ndbm.h to dbm.h - * roken-frag.m4: check for atexit and on_exit - -2001-09-02 Assar Westerlund - - * check-compile-et.m4: only add /usr/include/et to CPPFLAGS if - it's actually used - -2001-09-01 Assar Westerlund - - * Makefile.am.common (AUTOMAKE_OPTIONS): set 1.4b here so that - users are warned if using earlier automake versions - - * find-func-no-libs2.m4: ignore "no" as a library - another - special case to make it easy to send the result from this macro - into another invocation - -2001-08-30 Assar Westerlund - - * db.m4: check for ndbm functions in db3 library too - -2001-08-29 Jacques Vidrine - - * check-compile-et.m4: Check for already-installed com_err. - * Makefile.am.common: Use the compile_et discovered at - configuration time. - -2001-08-29 Assar Westerlund - - * crypto.m4: use AC_WITH_ALL to allow separate specification of - include and lib - * with-all.m4: new macro for doing --with-foo, --with-foo-include, - and --with-foo-lib in a sensible way - - * find-func-no-libs2.m4: handle both -llib and lib in the second - argument also yes -> "" as a library, to ease callers that send in - results from this macro (this might be a little bit unclean) - -2001-08-28 Assar Westerlund - - * roken-frag.m4: test for issetugid - -2001-08-24 Assar Westerlund - - * Makefile.am.common: change one += to = to AM_CFLAGS to avoid an - error with recent automake - -2001-08-22 Assar Westerlund - - * crypto.m4: SHA1_CTX should be SHA_CTX - -2001-08-21 Assar Westerlund - - * roken-frag.m4: remove all winsock.h - for now, it does more harm than good under cygwin and if it should be - used, the correct conditional needs to be found - from - -2001-08-21 Johan Danielsson - - * check-var.m4: AC_TR_CPP -> AS_TR_CPP to make autoconf 2.52 happy - -2001-08-17 Johan Danielsson - - * krb-ipv6.m4: add test for non-existant in6addr_loopback in AIX - -2001-08-15 Johan Danielsson - - * roken-frag.m4: test for getaddrinfo's that doesn't like numeric - services - - * broken-getaddrinfo.m4: test for getaddrinfo's that doesn't like - numeric services - -2001-08-08 Assar Westerlund - - * db.m4: do a separate test for gdbm/ndbm.h and -lgdbm - -2001-08-05 Assar Westerlund - - * db.m4: ac_cv_funclib_\func can be yes - * db.m4: use AC_FIND_FUNC_NO_LIBS to test in libc - anset cache variables after first attempt at finding dbm_firstkey (how - should this be done?) - * db.m4: do not test for ndbm library when ndbm-db was found in libc - * db.m4: test for ndbm-compatability with db - * db.m4: add forgotten AC_SUBST - * db.m4: first steps towards a new db test - - * roken-frag.m4: remove header files checked by rk_db - -2001-08-05 Assar Westerlund - - * roken-frag.m4: remove header files checked by rk_db - -2001-06-24 Assar Westerlund - - * roken-frag.m4: make sure of building getaddrinfo et al if - missing - -2001-06-20 Johan Danielsson - - * install-catman.sh: try to install links to manpages - -2001-06-19 Assar Westerlund - - * broken-glob.m4: try to handle FreeBSD's GLOB_MAXPATH - -2001-06-18 Johan Danielsson - - * roken-frag.m4: test for getaddrinfo needs netdb.h on Tru64 - -2001-06-17 Assar Westerlund - - * roken-frag.m4 (AC_CHECK_HEADERS): test for random - * roken-frag.m4 (AC_CHECK_HEADERS): test for initstate and - setstate - - * roken-frag.m4 (AC_BROKEN): test for - emalloc,ecalloc,erealloc,estrdup - -2001-05-11 Johan Danielsson - - * roken-frag.m4: bswap{16,32} - -2001-03-26 Assar Westerlund - - * broken-glob.m4: also test for GLOB_LIMIT - * krb-ipv6.m4: restore CFLAGS if v6 is not detected - -2001-02-20 Assar Westerlund - - * roken-frag.m4: check for getprogname, setprogname - -2001-02-07 Assar Westerlund - - * Makefile.am.common (LIB_kdfs): set. use it. from Ake Sandgren - - -2000-12-26 Assar Westerlund - - * krb-ipv6.m4: remove some dnl that weren't the correct with - modern autoconf - -2000-12-15 Assar Westerlund - - * roken-frag.m4 (inet_ntoa, inet_ntop, inet_pton): add necessary - includes when testing - * broken2.m4: new variant of broken, with includes and arguments - - * test-package.m4: s/ifval/m4_ifval/ to keep in sync with - autoconf. from Ake Sandgren - * check-var.m4: s/ifval/m4_ifval/ to keep in sync with autoconf. - from Ake Sandgren - -2000-12-13 Assar Westerlund - - * krb-irix.m4: need to set irix to no first. From Ake Sandgren - - -2000-12-12 Johan Danielsson - - * roken-frag.m4: move sa_len test to before test for broken - getnameinfo - -2000-12-12 Assar Westerlund - - * roken-frag.m4: only test for broken getnameinfo if it exists - -2000-12-10 Johan Danielsson - - * roken-frag.m4: ifaddrs.h - -2000-12-06 Johan Danielsson - - * roken-frag.m4: test for unvis, and vis.h - - * roken-frag.m4: test for strvis* - -2000-12-05 Johan Danielsson - - * Makefile.am.common: just warn if we fail to setuid a program - - * broken-getnameinfo.m4: add more quotes - - * roken-frag.m4: test for getifaddrs - - * roken-frag.m4: test for broken AIX getnameinfo - - * broken-getnameinfo.m4: test for broken getnameinfo - -2000-12-01 Assar Westerlund - - * Makefile.am.common: add kludge for LIBS - -2000-11-30 Johan Danielsson - - * check-man.m4: update this after recent changes - - * Makefile.am.common: use install-catman.sh - - * install-catman.sh: script to install preformatted manual pages - - * Makefile.am.common: change cat handling - -2000-11-29 Johan Danielsson - - * roken-frag.m4: don't use AC_CONFIG_FILES here, since it doesn't - work with automake - -2000-11-15 Assar Westerlund - - * krb-readline.m4: link against the libtool-versions of - libeditline and libel_compat - - * Makefile.am.common (INCLUDES): add $(INCLUDES_roken) - * roken-frag.m4 (CPPFLAGS_roken): rename to INCLUDES_roken - -2000-11-05 Johan Danielsson - - * aix.m4: set aix - -2000-08-19 Assar Westerlund - - * krb-bigendian.m4: merge from arla: make it work better - -2000-08-07 Johan Danielsson - - * roken-frag.m4: check getsockname for proto compat - -2000-08-04 Johan Danielsson - - * Makefile.am.common: add library for pidfile - - * roken-frag.m4: tests for util.h and pidfile - -2000-07-19 Johan Danielsson - - * check-var.m4: rename to rk_CHECK_VAR, transposing the arguments, - and making the second optional, AU_DEFINE AC_CHECK_VAR to - rk_CHECK_VAR - - * roken-frag.m4: other roken tests - - * db.m4: db tests - -2000-07-18 Johan Danielsson - - * mips-abi.m4: AC_ERROR -> AC_MSG_ERROR - - * check-netinet-ip-and-tcp.m4: use cache_check, and make this work - with new autoconf - - * aix.m4: don't subst AFS_EXTRA_LD - -2000-07-15 Johan Danielsson - - * check-var.m4: workaround feature of newer autoconf - - * find-func-no-libs2.m4: use cleaner autoheader trick - - * have-type.m4: use cleaner autoheader trick - - * have-types.m4: use cleaner autoheader trick - - * test-package.m4: add 6th parameter for now - - * broken.m4: use cleaner autoheader trick - - * retsigtype.m4: test for signal handler return type - - * broken-realloc.m4: test for broken realloc - -2000-07-08 Assar Westerlund - - * roken.m4: set CPPFLAGS_roken and call AC_CONFIG_SUBDIRS - -2000-07-02 Assar Westerlund - - * Makefile.am.common (CP): set and use - -2000-04-05 Assar Westerlund - - * Makefile.am.common (INCLUDE_openldap, LIB_openldap): add - -2000-03-28 Assar Westerlund - - * krb-prog-yacc.m4: AC_MSG_WARNING should be AC_MSG_WARN - - * shared-libs.m4: try to update to freebsd5 (and elf) - -2000-03-16 Assar Westerlund - - * krb-prog-yacc.m4: warn we do not find any yacc - -2000-01-08 Assar Westerlund - - * krb-bigendian.m4: new file, replacement for ac_c_bigendian - -2000-01-01 Assar Westerlund - - * krb-ipv6.m4: re-organize: test for type of stack first so that - we can find the libraries that we might have to link the test - program against. not linking the test program means we don't know - if the right stuff is in the libraries. also cosmetic changes to - make sure we print the checking for... nicely - -1999-12-21 Assar Westerlund - - * krb-ipv6.m4: try linking, not only compiling - * krb-ipv6.m4: add --without-ipv6 make sure we have `in6addr_any' - which we use in the code. This test avoids false positives on - OpenBSD - -1999-11-29 Johan Danielsson - - * grok-type.m4: inttypes.h - -1999-11-05 Assar Westerlund - - * check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing - -1999-11-01 Assar Westerlund - - * Makefile.am.common (install-build-headers): use `cp' instead of - INSTALL_DATA for copying header files inside the build tree. The - user might have redefined INSTALL_DATA to specify owners and other - information. - -1999-10-30 Assar Westerlund - - * find-func-no-libs2.m4: add yet another argument to allow specify - linker flags that will be added _before_ the library when trying - to link - - * find-func-no-libs.m4: add yet another argument to allow specify - linker flags that will be added _before_ the library when trying - to link - -1999-10-12 Assar Westerlund - - * find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument - `extra libs' - - * find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra - libs' - -1999-09-01 Johan Danielsson - - * capabilities.m4: sgi capabilities - -1999-07-29 Assar Westerlund - - * have-struct-field.m4: quote macros when undefining - -1999-07-28 Assar Westerlund - - * Makefile.am.common (install-build-headers): add dependencies - -1999-07-24 Assar Westerlund - - * have-type.m4: try to get autoheader to co-operate - - * have-type.m4: stolen from Arla - - * krb-struct-sockaddr-sa-len.m4: not used any longer. removed. - -1999-06-13 Assar Westerlund - - * krb-struct-spwd.m4: consequent name of cache variables - - * krb-func-getlogin.m4: new file for testing for posix (broken) - getlogin - - * shared-libs.m4 (freebsd[34]): don't use ld -Bshareable - -1999-06-02 Johan Danielsson - - * check-x.m4: extended test for X - -1999-05-14 Assar Westerlund - - * check-netinet-ip-and-tcp.m4: proper autoheader tricks - - * check-netinet-ip-and-tcp.m4: new file for checking for - netinet/{ip,tcp}.h. These are special as they on Irix 6.5.3 - require to be included in advance. - - * check-xau.m4: we also need to check for XauFilename since it's - used by appl/kx. And on Irix 6.5 that function requires linking - with -lX11. - -1999-05-08 Assar Westerlund - - * krb-find-db.m4: try with more header files than ndbm.h - -1999-04-19 Assar Westerlund - - * test-package.m4: try to handle the case of --without-package - correctly - -1999-04-17 Assar Westerlund - - * make-aclocal: removed. Not used anymore, being replaced by - aclocal from automake. - -Thu Apr 15 14:17:26 1999 Johan Danielsson - - * make-proto.pl: handle __attribute__ - -Fri Apr 9 20:37:18 1999 Assar Westerlund - - * shared-libs.m4: quote $@ - (freebsd3): add install_symlink_command2 - -Wed Apr 7 20:40:22 1999 Assar Westerlund - - * shared-libs.m4 (hpux): no library dependencies - -Mon Apr 5 16:13:08 1999 Johan Danielsson - - * test-package.m4: compile and link, rather than looking for - files; also export more information, so it's possible to add rpath - information - -Tue Mar 30 13:49:54 1999 Johan Danielsson - - * Makefile.am.common: CFLAGS -> AM_CFLAGS - -Mon Mar 29 16:51:12 1999 Johan Danielsson - - * check-xau.m4: check for XauWriteAuth before checking for - XauReadAuth to catch -lX11:s not containing XauWriteAuth, and IRIX - 6.5 that doesn't work with -lXau - -Sat Mar 27 18:03:58 1999 Johan Danielsson - - * osfc2.m4: --enable-osfc2 - -Fri Mar 19 15:34:52 1999 Johan Danielsson - - * shared-libs.m4: move shared lib stuff here - -Wed Mar 24 23:24:51 1999 Assar Westerlund - - * Makefile.am.common (install-build-headers): simplify loop - -Tue Mar 23 17:31:23 1999 Johan Danielsson - - * check-getpwnam_r-posix.m4: check for getpwnam_r, and if it's - posix or not - -Tue Mar 23 00:00:13 1999 Assar Westerlund - - * Makefile.am.common (install_build_headers): try to make it work - better when list of headers is empty. handle make rewriting the - filenames. - - * Makefile.am.common: hesoid -> hesiod - -Sun Mar 21 14:48:03 1999 Johan Danielsson - - * grok-type.m4: - - * Makefile.am.common: fix for automake bug/feature; add more LIB_* - - * test-package.m4: fix typo - - * check-man.m4: fix some typos - - * auth-modules.m4: tests for authentication modules - -Thu Mar 18 11:02:55 1999 Johan Danielsson - - * Makefile.am.common: make install-build-headers a multi - dependency target - - * Makefile.am.common: remove include_dir hack - - * Makefile.am.common: define LIB_kafs and LIB_gssapi - - * krb-find-db.m4: subst DBLIB also - - * check-xau.m4: test for Xau{Read,Write}Auth - -Wed Mar 10 19:29:20 1999 Johan Danielsson - - * wflags.m4: AC_WFLAGS - -Mon Mar 1 11:23:41 1999 Johan Danielsson - - * have-struct-field.m4: remove extra AC_MSG_RESULT - - * proto-compat.m4: typo - - * krb-func-getcwd-broken.m4: update to autoconf 2.13 - - * krb-find-db.m4: update to autoconf 2.13 - - * check-declaration.m4: typo - - * have-pragma-weak.m4: update to autoconf 2.13 - - * have-struct-field.m4: better handling of types with spaces - -Mon Feb 22 20:05:06 1999 Johan Danielsson - - * broken-glob.m4: check for broken glob - -Sun Jan 31 06:50:33 1999 Assar Westerlund - - * krb-ipv6.m4: more magic for different v6 implementations. From - Jun-ichiro itojun Hagino - -Sun Nov 22 12:16:06 1998 Assar Westerlund - - * krb-struct-spwd.m4: new file - -Thu Jun 4 04:07:41 1998 Assar Westerlund - - * find-func-no-libs2.m4: new file - -Fri May 1 23:31:28 1998 Assar Westerlund - - * c-attribute.m4, c-function.m4: new files (from arla) - -Wed Mar 18 23:11:29 1998 Assar Westerlund - - * krb-ipv6.m4: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 - -Thu Feb 26 02:37:49 1998 Assar Westerlund - - * make-proto.pl: should work with perl4 - diff --git a/crypto/heimdal/cf/Makefile.am.common b/crypto/heimdal/cf/Makefile.am.common deleted file mode 100644 index bbc79a5ab9d..00000000000 --- a/crypto/heimdal/cf/Makefile.am.common +++ /dev/null @@ -1,249 +0,0 @@ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ - -SUFFIXES = .et .h - -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) - -if do_roken_rename -ROKEN_RENAME = -DROKEN_RENAME -endif - -AM_CFLAGS = $(WFLAGS) - -CP = cp - -## set build_HEADERZ to headers that should just be installed in build tree - -buildinclude = $(top_builddir)/include - -## these aren't detected by automake -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_crypt = @LIB_crypt@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_el_init = @LIB_el_init@ -LIB_getattr = @LIB_getattr@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_openpty = @LIB_openpty@ -LIB_pidfile = @LIB_pidfile@ -LIB_res_search = @LIB_res_search@ -LIB_setpcred = @LIB_setpcred@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LIB_com_err = @LIB_com_err@ -LIB_door_create = @LIB_door_create@ - -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -LIB_hesiod = @LIB_hesiod@ - -INCLUDE_krb4 = @INCLUDE_krb4@ -LIB_krb4 = @LIB_krb4@ - -INCLUDE_openldap = @INCLUDE_openldap@ -LIB_openldap = @LIB_openldap@ - -INCLUDE_readline = @INCLUDE_readline@ -LIB_readline = @LIB_readline@ - -LEXLIB = @LEXLIB@ - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -SUFFIXES += .x .z - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ - -SUFFIXES += .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 - -NROFF_MAN = groff -mandoc -Tascii -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -## MAINTAINERCLEANFILES += - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) - -if KRB5 -LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ - $(top_builddir)/lib/asn1/libasn1.la -LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -endif - -if DCE -LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -endif - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done diff --git a/crypto/heimdal/cf/aix.m4 b/crypto/heimdal/cf/aix.m4 deleted file mode 100644 index 32aeba6a70c..00000000000 --- a/crypto/heimdal/cf/aix.m4 +++ /dev/null @@ -1,57 +0,0 @@ -dnl -dnl $Id: aix.m4 14147 2004-08-25 14:14:01Z joda $ -dnl - -AC_DEFUN([rk_AIX],[ - -aix=no -case "$host" in -*-*-aix3*) - aix=3 - ;; -*-*-aix4*|*-*-aix5*) - aix=4 - ;; -esac - -AM_CONDITIONAL(AIX, test "$aix" != no)dnl -AM_CONDITIONAL(AIX4, test "$aix" = 4) - - -AC_ARG_ENABLE(dynamic-afs, - AS_HELP_STRING([--disable-dynamic-afs], - [do not use loaded AFS library with AIX])) - -if test "$aix" != no; then - if test "$enable_dynamic_afs" != no; then - AC_REQUIRE([rk_DLOPEN]) - if test "$ac_cv_func_dlopen" = no; then - AC_FIND_FUNC_NO_LIBS(loadquery, ld) - fi - if test "$ac_cv_func_dlopen" != no; then - AIX_EXTRA_KAFS='$(LIB_dlopen)' - elif test "$ac_cv_func_loadquery" != no; then - AIX_EXTRA_KAFS='$(LIB_loadquery)' - else - AC_MSG_NOTICE([not using dynloaded AFS library]) - AIX_EXTRA_KAFS= - enable_dynamic_afs=no - fi - else - AIX_EXTRA_KAFS= - fi -fi - -AM_CONDITIONAL(AIX_DYNAMIC_AFS, test "$enable_dynamic_afs" != no)dnl -AC_SUBST(AIX_EXTRA_KAFS)dnl - -AH_BOTTOM([#if _AIX -#define _ALL_SOURCE -/* XXX this is gross, but kills about a gazillion warnings */ -struct ether_addr; -struct sockaddr; -struct sockaddr_dl; -struct sockaddr_in; -#endif]) - -]) diff --git a/crypto/heimdal/cf/auth-modules.m4 b/crypto/heimdal/cf/auth-modules.m4 deleted file mode 100644 index d2383c6bbde..00000000000 --- a/crypto/heimdal/cf/auth-modules.m4 +++ /dev/null @@ -1,45 +0,0 @@ -dnl $Id: auth-modules.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl Figure what authentication modules should be built -dnl -dnl rk_AUTH_MODULES(module-list) - -AC_DEFUN([rk_AUTH_MODULES],[ -AC_MSG_CHECKING([which authentication modules should be built]) - -z='m4_ifval([$1], $1, [sia pam afskauthlib])' -LIB_AUTH_SUBDIRS= -for i in $z; do -case $i in -sia) -if test "$ac_cv_header_siad_h" = yes; then - LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" -fi -;; -pam) -case "${host}" in -*-*-freebsd*) ac_cv_want_pam_krb4=no ;; -*) ac_cv_want_pam_krb4=yes ;; -esac - -if test "$ac_cv_want_pam_krb4" = yes -a \ - "$ac_cv_header_security_pam_modules_h" = yes -a \ - "$enable_shared" = yes; then - LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" -fi -;; -afskauthlib) -case "${host}" in -*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; -esac -;; -esac -done -if test "$LIB_AUTH_SUBDIRS"; then - AC_MSG_RESULT($LIB_AUTH_SUBDIRS) -else - AC_MSG_RESULT(none) -fi - -AC_SUBST(LIB_AUTH_SUBDIRS)dnl -]) diff --git a/crypto/heimdal/cf/autobuild.m4 b/crypto/heimdal/cf/autobuild.m4 deleted file mode 100644 index bd1f4dc1b0b..00000000000 --- a/crypto/heimdal/cf/autobuild.m4 +++ /dev/null @@ -1,34 +0,0 @@ -# autobuild.m4 serial 2 (autobuild-3.3) -# Copyright (C) 2004 Simon Josefsson -# -# This file is free software, distributed under the terms of the GNU -# General Public License. As a special exception to the GNU General -# Public License, this file may be distributed as part of a program -# that contains a configuration script generated by Autoconf, under -# the same distribution terms as the rest of that program. -# -# This file can can be used in projects which are not available under -# the GNU General Public License or the GNU Library General Public -# License but which still want to provide support for Autobuild. - -# Usage: AB_INIT([MODE]). -AC_DEFUN([AB_INIT], -[ - AC_REQUIRE([AC_CANONICAL_BUILD]) - AC_REQUIRE([AC_CANONICAL_HOST]) - - AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}]) - AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}]) - hostname=`hostname` - if test "$hostname"; then - AC_MSG_NOTICE([autobuild hostname... $hostname]) - fi - ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])]) - date=`date +%Y%m%d-%H%M%S` - if test "$?" != 0; then - date=`date` - fi - if test "$date"; then - AC_MSG_NOTICE([autobuild timestamp... $date]) - fi -]) diff --git a/crypto/heimdal/cf/broken-getaddrinfo.m4 b/crypto/heimdal/cf/broken-getaddrinfo.m4 deleted file mode 100644 index b8d323c7122..00000000000 --- a/crypto/heimdal/cf/broken-getaddrinfo.m4 +++ /dev/null @@ -1,26 +0,0 @@ -dnl $Id: broken-getaddrinfo.m4 15401 2005-06-16 16:10:50Z lha $ -dnl -dnl test if getaddrinfo can handle numeric services - -AC_DEFUN([rk_BROKEN_GETADDRINFO],[ -AC_CACHE_CHECK([if getaddrinfo handles numeric services], ac_cv_func_getaddrinfo_numserv, -AC_RUN_IFELSE([AC_LANG_SOURCE([[#include -#include -#include -#include - -int -main(int argc, char **argv) -{ - struct addrinfo hints, *ai; - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_PASSIVE; - hints.ai_socktype = SOCK_STREAM; - hints.ai_family = PF_UNSPEC; - if(getaddrinfo(NULL, "17", &hints, &ai) != 0) - return 1; - if(getaddrinfo(NULL, "0", &hints, &ai) != 0) - return 1; - return 0; -} -]])],[ac_cv_func_getaddrinfo_numserv=yes],[ac_cv_func_getaddrinfo_numserv=no]))]) diff --git a/crypto/heimdal/cf/broken-glob.m4 b/crypto/heimdal/cf/broken-glob.m4 deleted file mode 100644 index a27e7ea3be0..00000000000 --- a/crypto/heimdal/cf/broken-glob.m4 +++ /dev/null @@ -1,29 +0,0 @@ -dnl $Id: broken-glob.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl check for glob(3) -dnl -AC_DEFUN([AC_BROKEN_GLOB],[ -AC_CACHE_CHECK(for working glob, ac_cv_func_glob_working, -ac_cv_func_glob_working=yes -AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include -#include ]],[[ -glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE| -#ifdef GLOB_MAXPATH -GLOB_MAXPATH -#else -GLOB_LIMIT -#endif -, -NULL, NULL); -]])],[:],[ac_cv_func_glob_working=no])) - -if test "$ac_cv_func_glob_working" = yes; then - AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks - GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT]) -fi -if test "$ac_cv_func_glob_working" = yes; then -AC_NEED_PROTO([#include -#include ],glob) -fi -]) diff --git a/crypto/heimdal/cf/broken-realloc.m4 b/crypto/heimdal/cf/broken-realloc.m4 deleted file mode 100644 index 0b7c4766372..00000000000 --- a/crypto/heimdal/cf/broken-realloc.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl -dnl $Id: broken-realloc.m4 15435 2005-06-16 19:45:52Z lha $ -dnl -dnl Test for realloc that doesn't handle NULL as first parameter -dnl -AC_DEFUN([rk_BROKEN_REALLOC], [ -AC_CACHE_CHECK(if realloc if broken, ac_cv_func_realloc_broken, [ -ac_cv_func_realloc_broken=no -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -#include - -int main(int argc, char **argv) -{ - return realloc(NULL, 17) == NULL; -} -]])],[:], [ac_cv_func_realloc_broken=yes],[:]) -]) -if test "$ac_cv_func_realloc_broken" = yes ; then - AC_DEFINE(BROKEN_REALLOC, 1, [Define if realloc(NULL) doesn't work.]) -fi -AH_BOTTOM([#ifdef BROKEN_REALLOC -#define realloc(X, Y) rk_realloc((X), (Y)) -#endif]) -]) diff --git a/crypto/heimdal/cf/broken-snprintf.m4 b/crypto/heimdal/cf/broken-snprintf.m4 deleted file mode 100644 index 8e2287419f2..00000000000 --- a/crypto/heimdal/cf/broken-snprintf.m4 +++ /dev/null @@ -1,63 +0,0 @@ -dnl $Id: broken-snprintf.m4 15455 2005-06-16 21:03:43Z lha $ -dnl -AC_DEFUN([AC_BROKEN_SNPRINTF], [ -AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working, -ac_cv_func_snprintf_working=yes -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -#include -int main(int argc, char **argv) -{ - char foo[[3]]; - snprintf(foo, 2, "12"); - return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2; -}]])],[:],[ac_cv_func_snprintf_working=no],[:])) - -if test "$ac_cv_func_snprintf_working" = yes; then - AC_DEFINE_UNQUOTED(HAVE_SNPRINTF, 1, [define if you have a working snprintf]) -fi -if test "$ac_cv_func_snprintf_working" = yes; then -AC_NEED_PROTO([#include ],snprintf) -fi -]) - -AC_DEFUN([AC_BROKEN_VSNPRINTF],[ -AC_CACHE_CHECK(for working vsnprintf,ac_cv_func_vsnprintf_working, -ac_cv_func_vsnprintf_working=yes -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -#include -#include - -int foo(int num, ...) -{ - char bar[[3]]; - va_list arg; - va_start(arg, num); - vsnprintf(bar, 2, "%s", arg); - va_end(arg); - return strcmp(bar, "1"); -} - -int bar(int num, int len, ...) -{ - int r; - va_list arg; - va_start(arg, len); - r = vsnprintf(NULL, 0, "%s", arg); - va_end(arg); - return r != len; -} - -int main(int argc, char **argv) -{ - return foo(0, "12") || bar(0, 2, "12"); -}]])],[:],[ac_cv_func_vsnprintf_working=no],[:])) - -if test "$ac_cv_func_vsnprintf_working" = yes; then - AC_DEFINE_UNQUOTED(HAVE_VSNPRINTF, 1, [define if you have a working vsnprintf]) -fi -if test "$ac_cv_func_vsnprintf_working" = yes; then -AC_NEED_PROTO([#include ],vsnprintf) -fi -]) diff --git a/crypto/heimdal/cf/broken.m4 b/crypto/heimdal/cf/broken.m4 deleted file mode 100644 index 6306ba7176f..00000000000 --- a/crypto/heimdal/cf/broken.m4 +++ /dev/null @@ -1,12 +0,0 @@ -dnl $Id: broken.m4 11003 2002-05-19 19:37:08Z joda $ -dnl -dnl -dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal -dnl libraries - -AC_DEFUN([AC_BROKEN], -[AC_FOREACH([rk_func], [$1], - [AC_CHECK_FUNC(rk_func, - [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]rk_func), 1, - [Define if you have the function `]rk_func['.])], - [rk_LIBOBJ(rk_func)])])]) diff --git a/crypto/heimdal/cf/broken2.m4 b/crypto/heimdal/cf/broken2.m4 deleted file mode 100644 index 20d5163ac85..00000000000 --- a/crypto/heimdal/cf/broken2.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl $Id: broken2.m4 14181 2004-08-31 12:53:36Z joda $ -dnl -dnl AC_BROKEN but with more arguments - -dnl AC_BROKEN2(func, includes, arguments) -AC_DEFUN([AC_BROKEN2], -[AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(ac_cv_func_[]$1, -[AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$1) || defined (__stub___$1) -choke me -#else -$1($3); -#endif -]])], [eval "ac_cv_func_[]$1=yes"], [eval "ac_cv_func_[]$1=no"])]) -if eval "test \"\${ac_cv_func_[]$1}\" = yes"; then - AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, define) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) - rk_LIBOBJ($1) -fi]) diff --git a/crypto/heimdal/cf/c-attribute.m4 b/crypto/heimdal/cf/c-attribute.m4 deleted file mode 100644 index 1025538f66f..00000000000 --- a/crypto/heimdal/cf/c-attribute.m4 +++ /dev/null @@ -1,28 +0,0 @@ -dnl -dnl $Id: c-attribute.m4 14166 2004-08-26 12:35:42Z joda $ -dnl - -dnl -dnl Test for __attribute__ -dnl - -AC_DEFUN([AC_C___ATTRIBUTE__], [ -AC_MSG_CHECKING(for __attribute__) -AC_CACHE_VAL(ac_cv___attribute__, [ -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include -static void foo(void) __attribute__ ((noreturn)); - -static void -foo(void) -{ - exit(1); -} -]])], -[ac_cv___attribute__=yes], -[ac_cv___attribute__=no])]) -if test "$ac_cv___attribute__" = "yes"; then - AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__]) -fi -AC_MSG_RESULT($ac_cv___attribute__) -]) - diff --git a/crypto/heimdal/cf/c-function.m4 b/crypto/heimdal/cf/c-function.m4 deleted file mode 100644 index cb39705e869..00000000000 --- a/crypto/heimdal/cf/c-function.m4 +++ /dev/null @@ -1,33 +0,0 @@ -dnl -dnl $Id: c-function.m4 15422 2005-06-16 18:59:29Z lha $ -dnl - -dnl -dnl Test for __FUNCTION__ -dnl - -AC_DEFUN([AC_C___FUNCTION__], [ -AC_MSG_CHECKING(for __FUNCTION__) -AC_CACHE_VAL(ac_cv___function__, [ -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include - -static char *foo(void) -{ - return __FUNCTION__; -} - -int main(int argc, char **argc) -{ - return strcmp(foo(), "foo") != 0; -} -]])], -[ac_cv___function__=yes], -[ac_cv___function__=no], -[ac_cv___function__=no])]) -if test "$ac_cv___function__" = "yes"; then - AC_DEFINE(HAVE___FUNCTION__, 1, [define if your compiler has __FUNCTION__]) -fi -AC_MSG_RESULT($ac_cv___function__) -]) - diff --git a/crypto/heimdal/cf/capabilities.m4 b/crypto/heimdal/cf/capabilities.m4 deleted file mode 100644 index 12cbef81b41..00000000000 --- a/crypto/heimdal/cf/capabilities.m4 +++ /dev/null @@ -1,14 +0,0 @@ -dnl -dnl $Id: capabilities.m4 13338 2004-02-12 14:21:14Z lha $ -dnl - -dnl -dnl Test SGI capabilities -dnl - -AC_DEFUN([KRB_CAPABILITIES],[ - -AC_CHECK_HEADERS(capability.h sys/capability.h) - -AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc) -]) diff --git a/crypto/heimdal/cf/check-compile-et.m4 b/crypto/heimdal/cf/check-compile-et.m4 deleted file mode 100644 index 583abdf7099..00000000000 --- a/crypto/heimdal/cf/check-compile-et.m4 +++ /dev/null @@ -1,109 +0,0 @@ -dnl $Id: check-compile-et.m4 19252 2006-12-06 13:32:55Z lha $ -dnl -dnl CHECK_COMPILE_ET -AC_DEFUN([CHECK_COMPILE_ET], [ - -AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et]) - -krb_cv_compile_et="no" -krb_cv_com_err_need_r="" -krb_cv_compile_et_cross=no -if test "${COMPILE_ET}" = "compile_et"; then - -dnl We have compile_et. Now let's see if it supports `prefix' and `index'. -AC_MSG_CHECKING(whether compile_et has the features we need) -cat > conftest_et.et <<'EOF' -error_table test conf -prefix CONFTEST -index 1 -error_code CODE1, "CODE1" -index 128 -error_code CODE2, "CODE2" -end -EOF -if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then - dnl XXX Some systems have . - save_CPPFLAGS="${CPPFLAGS}" - if test -d "/usr/include/et"; then - CPPFLAGS="-I/usr/include/et ${CPPFLAGS}" - fi - dnl Check that the `prefix' and `index' directives were honored. - AC_RUN_IFELSE([ -#include -#include -#include "conftest_et.h" -int main(int argc, char **argv){ -#ifndef ERROR_TABLE_BASE_conf -#error compile_et does not handle error_table N M -#endif -return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;} - ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"], - [krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes] ) -fi -AC_MSG_RESULT(${krb_cv_compile_et}) -if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then - AC_MSG_CHECKING([for if com_err generates a initialize_conf_error_table_r]) - AC_EGREP_CPP([initialize_conf_error_table_r.*struct et_list], - [#include "conftest_et.h"], - [krb_cv_com_err_need_r="ok"]) - if test X"$krb_cv_com_err_need_r" = X ; then - AC_MSG_RESULT(no) - krb_cv_compile_et=no - else - AC_MSG_RESULT(yes) - fi -fi -rm -fr conftest* -fi - -if test "${krb_cv_compile_et_cross}" = yes ; then - krb_cv_com_err="cross" -elif test "${krb_cv_compile_et}" = "yes"; then - dnl Since compile_et seems to work, let's check libcom_err - krb_cv_save_LIBS="${LIBS}" - LIBS="${LIBS} -lcom_err" - AC_MSG_CHECKING(for com_err) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ - const char *p; - p = error_message(0); - initialize_error_table_r(0,0,0,0); - ]])],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"]) - AC_MSG_RESULT(${krb_cv_com_err}) - LIBS="${krb_cv_save_LIBS}" -else - dnl Since compile_et doesn't work, forget about libcom_err - krb_cv_com_err="no" -fi - -dnl Only use the system's com_err if we found compile_et, libcom_err, and -dnl com_err.h. -if test "${krb_cv_com_err}" = "yes"; then - DIR_com_err="" - LIB_com_err="-lcom_err" - LIB_com_err_a="" - LIB_com_err_so="" - AC_MSG_NOTICE(Using the already-installed com_err) - localcomerr=no -elif test "${krb_cv_com_err}" = "cross"; then - DIR_com_err="com_err" - LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la" - LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a" - LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so" - AC_MSG_NOTICE(Using our own com_err with toolchain compile_et) - localcomerr=yes -else - COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et" - DIR_com_err="com_err" - LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la" - LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a" - LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so" - AC_MSG_NOTICE(Using our own com_err) - localcomerr=yes -fi -AM_CONDITIONAL(COM_ERR, test "$localcomerr" = yes)dnl -AC_SUBST(DIR_com_err) -AC_SUBST(LIB_com_err) -AC_SUBST(LIB_com_err_a) -AC_SUBST(LIB_com_err_so) - -]) diff --git a/crypto/heimdal/cf/check-getpwnam_r-posix.m4 b/crypto/heimdal/cf/check-getpwnam_r-posix.m4 deleted file mode 100644 index bb7e38859a2..00000000000 --- a/crypto/heimdal/cf/check-getpwnam_r-posix.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl $Id: check-getpwnam_r-posix.m4 15435 2005-06-16 19:45:52Z lha $ -dnl -dnl check for getpwnam_r, and if it's posix or not - -AC_DEFUN([AC_CHECK_GETPWNAM_R_POSIX],[ -AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) -if test "$ac_cv_func_getpwnam_r" = yes; then - AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, - ac_libs="$LIBS" - LIBS="$LIBS $LIB_getpwnam_r" - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#define _POSIX_PTHREAD_SEMANTICS -#include -int main(int argc, char **argv) -{ - struct passwd pw, *pwd; - return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; -} -]])],[ac_cv_func_getpwnam_r_posix=yes],[ac_cv_func_getpwnam_r_posix=no],[:]) -LIBS="$ac_libs") -if test "$ac_cv_func_getpwnam_r_posix" = yes; then - AC_DEFINE(POSIX_GETPWNAM_R, 1, [Define if getpwnam_r has POSIX flavour.]) -fi -fi -]) \ No newline at end of file diff --git a/crypto/heimdal/cf/check-man.m4 b/crypto/heimdal/cf/check-man.m4 deleted file mode 100644 index 7538cc82d7a..00000000000 --- a/crypto/heimdal/cf/check-man.m4 +++ /dev/null @@ -1,58 +0,0 @@ -dnl $Id: check-man.m4 13338 2004-02-12 14:21:14Z lha $ -dnl check how to format manual pages -dnl - -AC_DEFUN([rk_CHECK_MAN], -[AC_PATH_PROG(NROFF, nroff) -AC_PATH_PROG(GROFF, groff) -AC_CACHE_CHECK(how to format man pages,ac_cv_sys_man_format, -[cat > conftest.1 << END -.Dd January 1, 1970 -.Dt CONFTEST 1 -.Sh NAME -.Nm conftest -.Nd -foobar -END - -if test "$NROFF" ; then - for i in "-mdoc" "-mandoc"; do - if "$NROFF" $i conftest.1 2> /dev/null | \ - grep Jan > /dev/null 2>&1 ; then - ac_cv_sys_man_format="$NROFF $i" - break - fi - done -fi -if test "$ac_cv_sys_man_format" = "" -a "$GROFF" ; then - for i in "-mdoc" "-mandoc"; do - if "$GROFF" -Tascii $i conftest.1 2> /dev/null | \ - grep Jan > /dev/null 2>&1 ; then - ac_cv_sys_man_format="$GROFF -Tascii $i" - break - fi - done -fi -if test "$ac_cv_sys_man_format"; then - ac_cv_sys_man_format="$ac_cv_sys_man_format \[$]< > \[$]@" -fi -]) -if test "$ac_cv_sys_man_format"; then - CATMAN="$ac_cv_sys_man_format" - AC_SUBST(CATMAN) -fi -AM_CONDITIONAL(CATMAN, test "$CATMAN") -AC_CACHE_CHECK(extension of pre-formatted manual pages,ac_cv_sys_catman_ext, -[if grep _suffix /etc/man.conf > /dev/null 2>&1; then - ac_cv_sys_catman_ext=0 -else - ac_cv_sys_catman_ext=number -fi -]) -if test "$ac_cv_sys_catman_ext" = number; then - CATMANEXT='$$section' -else - CATMANEXT=0 -fi -AC_SUBST(CATMANEXT) -]) \ No newline at end of file diff --git a/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4 b/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4 deleted file mode 100644 index 64bb8f139de..00000000000 --- a/crypto/heimdal/cf/check-netinet-ip-and-tcp.m4 +++ /dev/null @@ -1,33 +0,0 @@ -dnl -dnl $Id: check-netinet-ip-and-tcp.m4 14162 2004-08-26 11:27:32Z joda $ -dnl - -dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3 -dnl you have to include standards.h before including these files - -AC_DEFUN([CHECK_NETINET_IP_AND_TCP], -[ -AC_CHECK_HEADERS(standards.h) -for i in netinet/ip.h netinet/tcp.h; do - -cv=`echo "$i" | sed 'y%./+-%__p_%'` - -AC_CACHE_CHECK([for $i],ac_cv_header_$cv, -[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[ -#ifdef HAVE_STANDARDS_H -#include -#endif -#include <$i> -]])], -[eval "ac_cv_header_$cv=yes"], -[eval "ac_cv_header_$cv=no"])]) -ac_res=`eval echo \\$ac_cv_header_$cv` -if test "$ac_res" = yes; then - ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - AC_DEFINE_UNQUOTED($ac_tr_hdr, 1) -fi -done -if false;then - AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h) -fi -]) diff --git a/crypto/heimdal/cf/check-type-extra.m4 b/crypto/heimdal/cf/check-type-extra.m4 deleted file mode 100644 index 2778a9d76f1..00000000000 --- a/crypto/heimdal/cf/check-type-extra.m4 +++ /dev/null @@ -1,23 +0,0 @@ -dnl $Id: check-type-extra.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl ac_check_type + extra headers - -dnl AC_CHECK_TYPE_EXTRA(TYPE, DEFAULT, HEADERS) -AC_DEFUN([AC_CHECK_TYPE_EXTRA], -[AC_REQUIRE([AC_HEADER_STDC])dnl -AC_MSG_CHECKING(for $1) -AC_CACHE_VAL(ac_cv_type_$1, -[AC_EGREP_CPP(dnl -changequote(<<,>>)dnl -<<$1[^a-zA-Z_0-9]>>dnl -changequote([,]), [#include -#if STDC_HEADERS -#include -#include -#endif -$3], ac_cv_type_$1=yes, ac_cv_type_$1=no)])dnl -AC_MSG_RESULT($ac_cv_type_$1) -if test $ac_cv_type_$1 = no; then - AC_DEFINE($1, $2, [Define this to what the type $1 should be.]) -fi -]) diff --git a/crypto/heimdal/cf/check-var.m4 b/crypto/heimdal/cf/check-var.m4 deleted file mode 100644 index 1e6846593b0..00000000000 --- a/crypto/heimdal/cf/check-var.m4 +++ /dev/null @@ -1,27 +0,0 @@ -dnl $Id: check-var.m4 15422 2005-06-16 18:59:29Z lha $ -dnl -dnl rk_CHECK_VAR(variable, includes) -AC_DEFUN([rk_CHECK_VAR], [ -AC_MSG_CHECKING(for $1) -AC_CACHE_VAL(ac_cv_var_$1, [ -m4_ifval([$2],[ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2 - void * foo(void) { return &$1; }]],[[foo()]])], - [ac_cv_var_$1=yes],[ac_cv_var_$1=no])]) -if test "$ac_cv_var_$1" != yes ; then -AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int $1; -int foo(void) { return $1; }]],[[foo()]])], - [ac_cv_var_$1=yes],[ac_cv_var_$1=no]) -fi -]) -ac_foo=`eval echo \\$ac_cv_var_$1` -AC_MSG_RESULT($ac_foo) -if test "$ac_foo" = yes; then - AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_[]$1), 1, - [Define if you have the `]$1[' variable.]) - m4_ifval([$2], AC_CHECK_DECLS([$1],[],[],[$2])) -fi -]) - -AC_WARNING_ENABLE([obsolete]) -AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) diff --git a/crypto/heimdal/cf/check-x.m4 b/crypto/heimdal/cf/check-x.m4 deleted file mode 100644 index 07f7e2d80f5..00000000000 --- a/crypto/heimdal/cf/check-x.m4 +++ /dev/null @@ -1,53 +0,0 @@ -dnl -dnl See if there is any X11 present -dnl -dnl $Id: check-x.m4 15435 2005-06-16 19:45:52Z lha $ - -AC_DEFUN([KRB_CHECK_X],[ -AC_PATH_XTRA - -# try to figure out if we need any additional ld flags, like -R -# and yes, the autoconf X test is utterly broken -if test "$no_x" != yes; then - AC_CACHE_CHECK(for special X linker flags,krb_cv_sys_x_libs_rpath,[ - ac_save_libs="$LIBS" - ac_save_cflags="$CFLAGS" - CFLAGS="$CFLAGS $X_CFLAGS" - krb_cv_sys_x_libs_rpath="" - krb_cv_sys_x_libs="" - for rflag in "" "-R" "-R " "-rpath "; do - if test "$rflag" = ""; then - foo="$X_LIBS" - else - foo="" - for flag in $X_LIBS; do - case $flag in - -L*) - foo="$foo $flag `echo $flag | sed \"s/-L/$rflag/\"`" - ;; - *) - foo="$foo $flag" - ;; - esac - done - fi - LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS" - AC_RUN_IFELSE([ - #include - foo(void) - { - XOpenDisplay(NULL); - } - main(int argc, char **argv) - { - return 0; - } - ],krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break,:, - krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break) - done - LIBS="$ac_save_libs" - CFLAGS="$ac_save_cflags" - ]) - X_LIBS="$krb_cv_sys_x_libs" -fi -]) diff --git a/crypto/heimdal/cf/check-xau.m4 b/crypto/heimdal/cf/check-xau.m4 deleted file mode 100644 index 4d416fd19ac..00000000000 --- a/crypto/heimdal/cf/check-xau.m4 +++ /dev/null @@ -1,64 +0,0 @@ -dnl $Id: check-xau.m4 15454 2005-06-16 21:02:16Z lha $ -dnl -dnl check for Xau{Read,Write}Auth and XauFileName -dnl -AC_DEFUN([AC_CHECK_XAU],[ -save_CFLAGS="$CFLAGS" -CFLAGS="$X_CFLAGS $CFLAGS" -save_LIBS="$LIBS" -dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS" -LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" -save_LDFLAGS="$LDFLAGS" -LDFLAGS="$LDFLAGS $X_LIBS" - -## check for XauWriteAuth first, so we detect the case where -## XauReadAuth is in -lX11, but XauWriteAuth is only in -lXau this -## could be done by checking for XauReadAuth in -lXau first, but this -## breaks in IRIX 6.5 - -AC_FIND_FUNC_NO_LIBS(XauWriteAuth, X11 Xau,[#include ],[0,0]) -ac_xxx="$LIBS" -LIBS="$LIB_XauWriteAuth $LIBS" -AC_FIND_FUNC_NO_LIBS(XauReadAuth, X11 Xau,[#include ],[0]) -LIBS="$LIB_XauReadAauth $LIBS" -AC_FIND_FUNC_NO_LIBS(XauFileName, X11 Xau,[#include ]) -LIBS="$ac_xxx" - -## set LIB_XauReadAuth to union of these tests, since this is what the -## Makefiles are using -case "$ac_cv_funclib_XauWriteAuth" in -yes) ;; -no) ;; -*) if test "$ac_cv_funclib_XauReadAuth" = yes; then - if test "$ac_cv_funclib_XauFileName" = yes; then - LIB_XauReadAuth="$LIB_XauWriteAuth" - else - LIB_XauReadAuth="$LIB_XauWriteAuth $LIB_XauFileName" - fi - else - if test "$ac_cv_funclib_XauFileName" = yes; then - LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth" - else - LIB_XauReadAuth="$LIB_XauReadAuth $LIB_XauWriteAuth $LIB_XauFileName" - fi - fi - ;; -esac - -if test "$AUTOMAKE" != ""; then - AM_CONDITIONAL(NEED_WRITEAUTH, test "$ac_cv_func_XauWriteAuth" != "yes") -else - AC_SUBST(NEED_WRITEAUTH_TRUE) - AC_SUBST(NEED_WRITEAUTH_FALSE) - if test "$ac_cv_func_XauWriteAuth" != "yes"; then - NEED_WRITEAUTH_TRUE= - NEED_WRITEAUTH_FALSE='#' - else - NEED_WRITEAUTH_TRUE='#' - NEED_WRITEAUTH_FALSE= - fi -fi -CFLAGS=$save_CFLAGS -LIBS=$save_LIBS -LDFLAGS=$save_LDFLAGS -]) diff --git a/crypto/heimdal/cf/crypto.m4 b/crypto/heimdal/cf/crypto.m4 deleted file mode 100644 index 69b2fc963c3..00000000000 --- a/crypto/heimdal/cf/crypto.m4 +++ /dev/null @@ -1,177 +0,0 @@ -dnl $Id: crypto.m4 22080 2007-11-16 11:10:54Z lha $ -dnl -dnl test for crypto libraries: -dnl - libcrypto (from openssl) -dnl - own-built libhcrypto - -m4_define([test_headers], [ - #undef KRB5 /* makes md4.h et al unhappy */ - #ifdef HAVE_OPENSSL - #ifdef HAVE_SYS_TYPES_H - #include - #endif - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #else - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #endif - ]) -m4_define([test_body], [ - void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - SHA256_CTX sha256; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - SHA256_Init(&sha256); - EVP_CIPHER_iv_length(((EVP_CIPHER*)0)); - #ifdef HAVE_OPENSSL - RAND_status(); - UI_UTIL_read_pw_string(0,0,0,0); - #endif - - OpenSSL_add_all_algorithms(); - AES_encrypt(0,0,0); - DES_cbc_encrypt(0, 0, 0, schedule, 0, 0); - RC4(0, 0, 0, 0);]) - - -AC_DEFUN([KRB_CRYPTO],[ -crypto_lib=unknown -AC_WITH_ALL([openssl]) - -DIR_hcrypto= - -AC_MSG_CHECKING([for crypto library]) - -openssl=no - -if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then - save_CPPFLAGS="$CPPFLAGS" - save_LIBS="$LIBS" - - cdirs= clibs= - for i in $LIB_krb4; do - case "$i" in - -L*) cdirs="$cdirs $i";; - -l*) clibs="$clibs $i";; - esac - done - - ires= - for i in $INCLUDE_krb4; do - CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" - for j in $cdirs; do - for k in $clibs; do - LIBS="$j $k $save_LIBS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers], - [test_body])], - [openssl=yes ires="$i" lres="$j $k"; break 3]) - done - done - CFLAGS="$i $save_CFLAGS" - for j in $cdirs; do - for k in $clibs; do - LIBS="$j $k $save_LIBS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], - [openssl=no ires="$i" lres="$j $k"; break 3]) - done - done - done - - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" - if test "$ires" -a "$lres"; then - INCLUDE_hcrypto="$ires" - LIB_hcrypto="$lres" - crypto_lib=krb4 - AC_MSG_RESULT([same as krb4]) - LIB_hcrypto_a='$(LIB_hcrypto)' - LIB_hcrypto_so='$(LIB_hcrypto)' - LIB_hcrypto_appl='$(LIB_hcrypto)' - fi -fi - -if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then - save_CFLAGS="$CFLAGS" - save_LIBS="$LIBS" - INCLUDE_hcrypto= - LIB_hcrypto= - if test "$with_openssl_include" != ""; then - INCLUDE_hcrypto="-I${with_openssl_include}" - fi - if test "$with_openssl_lib" != ""; then - LIB_hcrypto="-L${with_openssl_lib}" - fi - CFLAGS="-DHAVE_OPENSSL ${INCLUDE_hcrypto} ${CFLAGS}" - saved_LIB_hcrypto="$LIB_hcrypto" - for lres in "" "-ldl" "-lnsl -lsocket" "-lnsl -lsocket -ldl"; do - LIB_hcrypto="${saved_LIB_hcrypto} -lcrypto $lres" - LIB_hcrypto_a="$LIB_hcrypto" - LIB_hcrypto_so="$LIB_hcrypto" - LIB_hcrypto_appl="$LIB_hcrypto" - LIBS="${LIBS} ${LIB_hcrypto}" - AC_LINK_IFELSE([AC_LANG_PROGRAM([test_headers],[test_body])], [ - crypto_lib=libcrypto openssl=yes - AC_MSG_RESULT([libcrypto]) - ]) - if test "$crypto_lib" = libcrypto ; then - break; - fi - done - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" -fi - -if test "$crypto_lib" = "unknown"; then - - DIR_hcrypto='hcrypto' - LIB_hcrypto='$(top_builddir)/lib/hcrypto/libhcrypto.la' - LIB_hcrypto_a='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.a' - LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so' - LIB_hcrypto_appl="-lhcrypto" - - AC_MSG_RESULT([included libhcrypto]) - -fi - -if test "$with_krb4" != no -a "$crypto_lib" != krb4; then - AC_MSG_ERROR([the crypto library used by krb4 lacks features -required by Kerberos 5; to continue, you need to install a newer -Kerberos 4 or configure --without-krb4]) -fi - -if test "$openssl" = "yes"; then - AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) -fi -AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl - -AC_SUBST(DIR_hcrypto) -AC_SUBST(INCLUDE_hcrypto) -AC_SUBST(LIB_hcrypto) -AC_SUBST(LIB_hcrypto_a) -AC_SUBST(LIB_hcrypto_so) -AC_SUBST(LIB_hcrypto_appl) -]) diff --git a/crypto/heimdal/cf/db.m4 b/crypto/heimdal/cf/db.m4 deleted file mode 100644 index cc8b8cae40e..00000000000 --- a/crypto/heimdal/cf/db.m4 +++ /dev/null @@ -1,211 +0,0 @@ -dnl $Id: db.m4 15456 2005-06-16 21:04:43Z lha $ -dnl -dnl tests for various db libraries -dnl -AC_DEFUN([rk_DB],[ -AC_ARG_ENABLE(berkeley-db, - AS_HELP_STRING([--disable-berkeley-db], - [if you don't want berkeley db]),[ -]) - -AC_ARG_ENABLE(ndbm-db, - AS_HELP_STRING([--disable-ndbm-db], - [if you don't want ndbm db]),[ -]) - -have_ndbm=no -db_type=unknown - -if test "$enable_berkeley_db" != no; then - - AC_CHECK_HEADERS([ \ - db4/db.h \ - db3/db.h \ - db.h \ - db_185.h \ - ]) - -dnl db_create is used by db3 and db4 - - AC_FIND_FUNC_NO_LIBS(db_create, db4 db3 db, [ - #include - #ifdef HAVE_DB4_DB_H - #include - #elif defined(HAVE_DB3_DB_H) - #include - #else - #include - #endif - ],[NULL, NULL, 0]) - - if test "$ac_cv_func_db_create" = "yes"; then - db_type=db3 - if test "$ac_cv_funclib_db_create" != "yes"; then - DBLIB="$ac_cv_funclib_db_create" - else - DBLIB="" - fi - AC_DEFINE(HAVE_DB3, 1, [define if you have a berkeley db3/4 library]) - else - -dnl dbopen is used by db1/db2 - - AC_FIND_FUNC_NO_LIBS(dbopen, db2 db, [ - #include - #if defined(HAVE_DB2_DB_H) - #include - #elif defined(HAVE_DB_185_H) - #include - #elif defined(HAVE_DB_H) - #include - #else - #error no db.h - #endif - ],[NULL, 0, 0, 0, NULL]) - - if test "$ac_cv_func_dbopen" = "yes"; then - db_type=db1 - if test "$ac_cv_funclib_dbopen" != "yes"; then - DBLIB="$ac_cv_funclib_dbopen" - else - DBLIB="" - fi - AC_DEFINE(HAVE_DB1, 1, [define if you have a berkeley db1/2 library]) - fi - fi - -dnl test for ndbm compatability - - if test "$ac_cv_func_dbm_firstkey" != yes; then - AC_FIND_FUNC_NO_LIBS2(dbm_firstkey, $ac_cv_funclib_dbopen $ac_cv_funclib_db_create, [ - #include - #define DB_DBM_HSEARCH 1 - #include - DBM *dbm; - ],[NULL]) - - if test "$ac_cv_func_dbm_firstkey" = "yes"; then - if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then - LIB_NDBM="$ac_cv_funclib_dbm_firstkey" - else - LIB_NDBM="" - fi - AC_DEFINE(HAVE_DB_NDBM, 1, [define if you have ndbm compat in db]) - AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)]) - else - $as_unset ac_cv_func_dbm_firstkey - $as_unset ac_cv_funclib_dbm_firstkey - fi - fi - -fi # berkeley db - -if test "$enable_ndbm_db" != "no"; then - - if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then - - AC_CHECK_HEADERS([ \ - dbm.h \ - ndbm.h \ - ]) - - AC_FIND_FUNC_NO_LIBS(dbm_firstkey, ndbm, [ - #include - #if defined(HAVE_NDBM_H) - #include - #elif defined(HAVE_DBM_H) - #include - #endif - DBM *dbm; - ],[NULL]) - - if test "$ac_cv_func_dbm_firstkey" = "yes"; then - if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then - LIB_NDBM="$ac_cv_funclib_dbm_firstkey" - else - LIB_NDBM="" - fi - AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl - have_ndbm=yes - if test "$db_type" = "unknown"; then - db_type=ndbm - DBLIB="$LIB_NDBM" - fi - else - - $as_unset ac_cv_func_dbm_firstkey - $as_unset ac_cv_funclib_dbm_firstkey - - AC_CHECK_HEADERS([ \ - gdbm/ndbm.h \ - ]) - - AC_FIND_FUNC_NO_LIBS(dbm_firstkey, gdbm, [ - #include - #include - DBM *dbm; - ],[NULL]) - - if test "$ac_cv_func_dbm_firstkey" = "yes"; then - if test "$ac_cv_funclib_dbm_firstkey" != "yes"; then - LIB_NDBM="$ac_cv_funclib_dbm_firstkey" - else - LIB_NDBM="" - fi - AC_DEFINE(HAVE_NDBM, 1, [define if you have a ndbm library])dnl - have_ndbm=yes - if test "$db_type" = "unknown"; then - db_type=ndbm - DBLIB="$LIB_NDBM" - fi - fi - fi - fi #enable_ndbm_db -fi # unknown - -if test "$have_ndbm" = "yes"; then - AC_MSG_CHECKING([if ndbm is implemented with db]) - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -#include -#if defined(HAVE_GDBM_NDBM_H) -#include -#elif defined(HAVE_NDBM_H) -#include -#elif defined(HAVE_DBM_H) -#include -#endif -int main(int argc, char **argv) -{ - DBM *d; - - d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); - if (d == NULL) - return 1; - dbm_close(d); - return 0; -}]])],[ - if test -f conftest.db; then - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_NEW_DB, 1, [Define if NDBM really is DB (creates files *.db)]) - else - AC_MSG_RESULT([no]) - fi],[AC_MSG_RESULT([no])]) -fi - -AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl -AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl -AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl - -## it's probably not correct to include LDFLAGS here, but we might -## need it, for now just add any possible -L -z="" -for i in $LDFLAGS; do - case "$i" in - -L*) z="$z $i";; - esac -done -DBLIB="$z $DBLIB" -AC_SUBST(DBLIB)dnl -AC_SUBST(LIB_NDBM)dnl -]) diff --git a/crypto/heimdal/cf/destdirs.m4 b/crypto/heimdal/cf/destdirs.m4 deleted file mode 100644 index 6b75f655fb0..00000000000 --- a/crypto/heimdal/cf/destdirs.m4 +++ /dev/null @@ -1,18 +0,0 @@ -dnl -dnl $Id: destdirs.m4 11082 2002-08-12 15:12:50Z joda $ -dnl - -AC_DEFUN([rk_DESTDIRS], [ -# This is done by AC_OUTPUT but we need the result here. -test "x$prefix" = xNONE && prefix=$ac_default_prefix -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -AC_FOREACH([rk_dir], [bin lib libexec localstate sbin sysconf], [ - x="${rk_dir[]dir}" - eval y="$x" - while test "x$y" != "x$x"; do - x="$y" - eval y="$x" - done - AC_DEFINE_UNQUOTED(AS_TR_CPP(rk_dir[]dir), "$x", [path to ]rk_dir[])]) -]) diff --git a/crypto/heimdal/cf/dlopen.m4 b/crypto/heimdal/cf/dlopen.m4 deleted file mode 100644 index 310ca556b4d..00000000000 --- a/crypto/heimdal/cf/dlopen.m4 +++ /dev/null @@ -1,11 +0,0 @@ -dnl -dnl $Id: dlopen.m4 15433 2005-06-16 19:40:59Z lha $ -dnl - -AC_DEFUN([rk_DLOPEN], [ - AC_FIND_FUNC_NO_LIBS(dlopen, dl,[ -#ifdef HAVE_DLFCN_H -#include -#endif],[0,0]) - AM_CONDITIONAL(HAVE_DLOPEN, test "$ac_cv_funclib_dlopen" != no) -]) diff --git a/crypto/heimdal/cf/find-func-no-libs.m4 b/crypto/heimdal/cf/find-func-no-libs.m4 deleted file mode 100644 index 76965a84ee8..00000000000 --- a/crypto/heimdal/cf/find-func-no-libs.m4 +++ /dev/null @@ -1,9 +0,0 @@ -dnl $Id: find-func-no-libs.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl Look for function in any of the specified libraries -dnl - -dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) -AC_DEFUN([AC_FIND_FUNC_NO_LIBS], [ -AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) diff --git a/crypto/heimdal/cf/find-func-no-libs2.m4 b/crypto/heimdal/cf/find-func-no-libs2.m4 deleted file mode 100644 index 617a09e8da1..00000000000 --- a/crypto/heimdal/cf/find-func-no-libs2.m4 +++ /dev/null @@ -1,63 +0,0 @@ -dnl $Id: find-func-no-libs2.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl -dnl Look for function in any of the specified libraries -dnl - -dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) -AC_DEFUN([AC_FIND_FUNC_NO_LIBS2], [ - -AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(ac_cv_funclib_$1, -[ -if eval "test \"\$ac_cv_func_$1\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in $2; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS="$6 $ac_lib $5 $ac_save_LIBS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[$3]],[[$1($4)]])],[eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break]) - done - eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" - LIBS="$ac_save_LIBS" -fi -]) - -eval "ac_res=\$ac_cv_funclib_$1" - -if false; then - AC_CHECK_FUNCS($1) -dnl AC_CHECK_LIBS($2, foo) -fi -# $1 -eval "ac_tr_func=HAVE_[]upcase($1)" -eval "ac_tr_lib=HAVE_LIB[]upcase($ac_res | sed -e 's/-l//')" -eval "LIB_$1=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_$1=yes" - eval "LIB_$1=" - AC_DEFINE_UNQUOTED($ac_tr_func) - AC_MSG_RESULT([yes]) - ;; - no) - eval "ac_cv_func_$1=no" - eval "LIB_$1=" - AC_MSG_RESULT([no]) - ;; - *) - eval "ac_cv_func_$1=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - AC_DEFINE_UNQUOTED($ac_tr_func) - AC_DEFINE_UNQUOTED($ac_tr_lib) - AC_MSG_RESULT([yes, in $ac_res]) - ;; -esac -AC_SUBST(LIB_$1) -]) diff --git a/crypto/heimdal/cf/find-func.m4 b/crypto/heimdal/cf/find-func.m4 deleted file mode 100644 index 2354f38e5e4..00000000000 --- a/crypto/heimdal/cf/find-func.m4 +++ /dev/null @@ -1,9 +0,0 @@ -dnl $Id: find-func.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl AC_FIND_FUNC(func, libraries, includes, arguments) -AC_DEFUN([AC_FIND_FUNC], [ -AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) -if test -n "$LIB_$1"; then - LIBS="$LIB_$1 $LIBS" -fi -]) diff --git a/crypto/heimdal/cf/find-if-not-broken.m4 b/crypto/heimdal/cf/find-if-not-broken.m4 deleted file mode 100644 index 3e946385c50..00000000000 --- a/crypto/heimdal/cf/find-if-not-broken.m4 +++ /dev/null @@ -1,12 +0,0 @@ -dnl $Id: find-if-not-broken.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl Mix between AC_FIND_FUNC and AC_BROKEN -dnl - -AC_DEFUN([AC_FIND_IF_NOT_BROKEN], -[AC_FIND_FUNC([$1], [$2], [$3], [$4]) -if eval "test \"$ac_cv_func_$1\" != yes"; then - rk_LIBOBJ([$1]) -fi -]) diff --git a/crypto/heimdal/cf/framework-security.m4 b/crypto/heimdal/cf/framework-security.m4 deleted file mode 100644 index 3358292f4e6..00000000000 --- a/crypto/heimdal/cf/framework-security.m4 +++ /dev/null @@ -1,31 +0,0 @@ -AC_DEFUN([rk_FRAMEWORK_SECURITY], [ - -AC_MSG_CHECKING([for framework security]) -AC_CACHE_VAL(rk_cv_framework_security, -[ -if test "$rk_cv_framework_security" != yes; then - ac_save_LIBS="$LIBS" - LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include -]], -[[SecKeychainSearchRef searchRef; -SecKeychainSearchCreateFromAttributes(NULL,kSecCertificateItemClass,NULL, &searchRef); -CFRelease(&searchRef); -]])],[rk_cv_framework_security=yes]) - LIBS="$ac_save_LIBS" -fi -]) - -if test "$rk_cv_framework_security" = yes; then - AC_DEFINE(HAVE_FRAMEWORK_SECURITY, 1, [Have -framework Security]) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi -AM_CONDITIONAL(FRAMEWORK_SECURITY, test "$rk_cv_framework_security" = yes) - -if test "$rk_cv_framework_security" = yes; then - AC_NEED_PROTO([#include ],SecKeyGetCSPHandle) -fi - -]) diff --git a/crypto/heimdal/cf/have-pragma-weak.m4 b/crypto/heimdal/cf/have-pragma-weak.m4 deleted file mode 100644 index 32b7a67da14..00000000000 --- a/crypto/heimdal/cf/have-pragma-weak.m4 +++ /dev/null @@ -1,37 +0,0 @@ -dnl $Id: have-pragma-weak.m4 15435 2005-06-16 19:45:52Z lha $ -dnl -AC_DEFUN([AC_HAVE_PRAGMA_WEAK], [ -if test "${enable_shared}" = "yes"; then -AC_MSG_CHECKING(for pragma weak) -AC_CACHE_VAL(ac_have_pragma_weak, [ -ac_have_pragma_weak=no -cat > conftest_foo.$ac_ext <<'EOF' -[#]line __oline__ "configure" -#include "confdefs.h" -#pragma weak foo = _foo -int _foo = 17; -EOF -cat > conftest_bar.$ac_ext <<'EOF' -[#]line __oline__ "configure" -#include "confdefs.h" -extern int foo; - -int t(void) { - return foo; -} - -int main(int argc, char **argv) { - return t(); -} -EOF -if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then -ac_have_pragma_weak=yes -fi -rm -rf conftest* -]) -if test "$ac_have_pragma_weak" = "yes"; then - AC_DEFINE(HAVE_PRAGMA_WEAK, 1, [Define this if your compiler supports \`#pragma weak.'])dnl -fi -AC_MSG_RESULT($ac_have_pragma_weak) -fi -]) diff --git a/crypto/heimdal/cf/have-struct-field.m4 b/crypto/heimdal/cf/have-struct-field.m4 deleted file mode 100644 index 8618bc07348..00000000000 --- a/crypto/heimdal/cf/have-struct-field.m4 +++ /dev/null @@ -1,21 +0,0 @@ -dnl $Id: have-struct-field.m4 18314 2006-10-07 17:31:56Z lha $ -dnl -dnl check for fields in a structure -dnl -dnl AC_HAVE_STRUCT_FIELD(struct, field, headers) - -AC_DEFUN([AC_HAVE_STRUCT_FIELD], [ -define(cache_val, translit(ac_cv_type_$1_$2, [A-Z ], [a-z_])) -AC_CACHE_CHECK([for $2 in $1], cache_val,[ -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$3]], - [[$1 x; memset(&x, 0, sizeof(x)); x.$2]])], - [cache_val=yes], - [cache_val=no]) -]) -if test "$cache_val" = yes; then - define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_])) - AC_DEFINE(foo, 1, [Define if $1 has field $2.]) - undefine([foo]) -fi -undefine([cache_val]) -]) diff --git a/crypto/heimdal/cf/have-type.m4 b/crypto/heimdal/cf/have-type.m4 deleted file mode 100644 index 34d5befbb60..00000000000 --- a/crypto/heimdal/cf/have-type.m4 +++ /dev/null @@ -1,30 +0,0 @@ -dnl $Id: have-type.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl check for existance of a type - -dnl AC_HAVE_TYPE(TYPE,INCLUDES) -AC_DEFUN([AC_HAVE_TYPE], [ -AC_REQUIRE([AC_HEADER_STDC]) -cv=`echo "$1" | sed 'y%./+- %__p__%'` -AC_MSG_CHECKING(for $1) -AC_CACHE_VAL([ac_cv_type_$cv], -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include -#if STDC_HEADERS -#include -#include -#endif -$2]], -[[$1 foo;]])], -[eval "ac_cv_type_$cv=yes"], -[eval "ac_cv_type_$cv=no"]))dnl -ac_foo=`eval echo \\$ac_cv_type_$cv` -AC_MSG_RESULT($ac_foo) -if test "$ac_foo" = yes; then - ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` -if false; then - AC_CHECK_TYPES($1) -fi - AC_DEFINE_UNQUOTED($ac_tr_hdr, 1, [Define if you have type `$1']) -fi -]) diff --git a/crypto/heimdal/cf/have-types.m4 b/crypto/heimdal/cf/have-types.m4 deleted file mode 100644 index 79ceb97e40f..00000000000 --- a/crypto/heimdal/cf/have-types.m4 +++ /dev/null @@ -1,12 +0,0 @@ -dnl -dnl $Id: have-types.m4 13338 2004-02-12 14:21:14Z lha $ -dnl - -AC_DEFUN([AC_HAVE_TYPES], [ -for i in $1; do - AC_HAVE_TYPE($i) -done -if false;then - AC_CHECK_FUNCS($1) -fi -]) diff --git a/crypto/heimdal/cf/install-catman.sh b/crypto/heimdal/cf/install-catman.sh deleted file mode 100755 index 872e1628070..00000000000 --- a/crypto/heimdal/cf/install-catman.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh -# -# $Id: install-catman.sh 20232 2007-02-16 11:03:13Z lha $ -# -# install preformatted manual pages - -cmd="$1"; shift -INSTALL_DATA="$1"; shift -mkinstalldirs="$1"; shift -srcdir="$1"; shift -manbase="$1"; shift -suffix="$1"; shift -catinstall="${INSTALL_CATPAGES-yes}" - -for f in "$@"; do - base=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\1/'` - section=`echo "$f" | sed 's/\(.*\)\.\([^.]*\)$/\2/'` - mandir="$manbase/man$section" - catdir="$manbase/cat$section" - c="$base.cat$section" - - if test "$catinstall" = yes -a -f "$srcdir/$c"; then - if test "$cmd" = install ; then - if test \! -d "$catdir"; then - eval "$mkinstalldirs $catdir" - fi - eval "echo $INSTALL_DATA $srcdir/$c $catdir/$base.$suffix" - eval "$INSTALL_DATA $srcdir/$c $catdir/$base.$suffix" - elif test "$cmd" = uninstall ; then - eval "echo rm -f $catdir/$base.$suffix" - eval "rm -f $catdir/$base.$suffix" - fi - fi - for link in `sed -n -e '/SYNOPSIS/q;/DESCRIPTION/q;s/^\.Nm \([^ ]*\).*/\1/p' $srcdir/$f`; do - if test "$link" = "$base" ; then - continue - fi - if test "$cmd" = install ; then - target="$mandir/$link.$section" - for lncmd in "ln -f $mandir/$base.$section $target" \ - "ln -s $base.$section $target" \ - "cp -f $mandir/$base.$section $target" - do - if eval "$lncmd"; then - eval echo "$lncmd" - break - fi - done - if test "$catinstall" = yes -a -f "$srcdir/$c"; then - target="$catdir/$link.$suffix" - for lncmd in "ln -f $catdir/$base.$suffix $target" \ - "ln -fs $base.$suffix $target" \ - "cp -f $catdir/$base.$suffix $target" - do - if eval "$lncmd"; then - eval echo "$lncmd" - break - fi - done - fi - elif test "$cmd" = uninstall ; then - target="$mandir/$link.$section" - eval "echo rm -f $target" - eval "rm -f $target" - if test "$catinstall" = yes; then - target="$catdir/$link.$suffix" - eval "echo rm -f $target" - eval "rm -f $target" - fi - fi - done -done diff --git a/crypto/heimdal/cf/irix.m4 b/crypto/heimdal/cf/irix.m4 deleted file mode 100644 index 510b81f26bc..00000000000 --- a/crypto/heimdal/cf/irix.m4 +++ /dev/null @@ -1,26 +0,0 @@ -dnl -dnl $Id: irix.m4 11267 2002-08-28 19:11:44Z joda $ -dnl - -AC_DEFUN([rk_IRIX], -[ -irix=no -case "$host" in -*-*-irix4*) - AC_DEFINE([IRIX4], 1, - [Define if you are running IRIX 4.]) - irix=yes - ;; -*-*-irix*) - irix=yes - ;; -esac -AM_CONDITIONAL(IRIX, test "$irix" != no)dnl - -AH_BOTTOM([ -/* IRIX 4 braindamage */ -#if IRIX == 4 && !defined(__STDC__) -#define __STDC__ 0 -#endif -]) -]) diff --git a/crypto/heimdal/cf/krb-bigendian.m4 b/crypto/heimdal/cf/krb-bigendian.m4 deleted file mode 100644 index 30e1a799c51..00000000000 --- a/crypto/heimdal/cf/krb-bigendian.m4 +++ /dev/null @@ -1,62 +0,0 @@ -dnl -dnl $Id: krb-bigendian.m4 15456 2005-06-16 21:04:43Z lha $ -dnl - -dnl check if this computer is little or big-endian -dnl if we can figure it out at compile-time then don't define the cpp symbol -dnl otherwise test for it and define it. also allow options for overriding -dnl it when cross-compiling - -AC_DEFUN([KRB_C_BIGENDIAN], [ -AC_ARG_ENABLE(bigendian, - AS_HELP_STRING([--enable-bigendian],[the target is big endian]), -krb_cv_c_bigendian=yes) -AC_ARG_ENABLE(littleendian, - AS_HELP_STRING([--enable-littleendian],[the target is little endian]), -krb_cv_c_bigendian=no) -AC_CACHE_CHECK([whether byte order is known at compile time], -krb_cv_c_bigendian_compile, -[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ -#include -#include -#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN - bogus endian macros -#endif]])],[krb_cv_c_bigendian_compile=yes],[krb_cv_c_bigendian_compile=no])]) -AC_CACHE_CHECK(whether byte ordering is bigendian, krb_cv_c_bigendian,[ - if test "$krb_cv_c_bigendian_compile" = "yes"; then - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ -#include -#include -#if BYTE_ORDER != BIG_ENDIAN - not big endian -#endif]])],[krb_cv_c_bigendian=yes],[krb_cv_c_bigendian=no]) - else - AC_RUN_IFELSE([AC_LANG_SOURCE([[main (int argc, char **argv) { - /* Are we little or big endian? From Harbison&Steele. */ - union - { - long l; - char c[sizeof (long)]; - } u; - u.l = 1; - exit (u.c[sizeof (long) - 1] == 1); - }]])],[krb_cv_c_bigendian=no],[krb_cv_c_bigendian=yes], - [AC_MSG_ERROR([specify either --enable-bigendian or --enable-littleendian])]) - fi -]) -if test "$krb_cv_c_bigendian" = "yes"; then - AC_DEFINE(WORDS_BIGENDIAN, 1, [define if target is big endian])dnl -fi -if test "$krb_cv_c_bigendian_compile" = "yes"; then - AC_DEFINE(ENDIANESS_IN_SYS_PARAM_H, 1, [define if sys/param.h defines the endiness])dnl -fi -AH_BOTTOM([ -#if ENDIANESS_IN_SYS_PARAM_H -# include -# include -# if BYTE_ORDER == BIG_ENDIAN -# define WORDS_BIGENDIAN 1 -# endif -#endif -]) -]) diff --git a/crypto/heimdal/cf/krb-func-getcwd-broken.m4 b/crypto/heimdal/cf/krb-func-getcwd-broken.m4 deleted file mode 100644 index 6ab4a268a47..00000000000 --- a/crypto/heimdal/cf/krb-func-getcwd-broken.m4 +++ /dev/null @@ -1,41 +0,0 @@ -dnl $Id: krb-func-getcwd-broken.m4 15455 2005-06-16 21:03:43Z lha $ -dnl -dnl -dnl test for broken getcwd in (SunOS braindamage) -dnl - -AC_DEFUN([AC_KRB_FUNC_GETCWD_BROKEN], [ -if test "$ac_cv_func_getcwd" = yes; then -AC_MSG_CHECKING(if getcwd is broken) -AC_CACHE_VAL(ac_cv_func_getcwd_broken, [ -ac_cv_func_getcwd_broken=no - -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include -char *getcwd(char*, int); - -void *popen(char *cmd, char *mode) -{ - errno = ENOTTY; - return 0; -} - -int main(int argc, char **argv) -{ - char *ret; - ret = getcwd(0, 1024); - if(ret == 0 && errno == ENOTTY) - return 0; - return 1; -} -]])], [ac_cv_func_getcwd_broken=yes],[:],[:]) -]) -if test "$ac_cv_func_getcwd_broken" = yes; then - AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl - AC_LIBOBJ(getcwd) - AC_MSG_RESULT($ac_cv_func_getcwd_broken) -else - AC_MSG_RESULT([seems ok]) -fi -fi -]) diff --git a/crypto/heimdal/cf/krb-func-getlogin.m4 b/crypto/heimdal/cf/krb-func-getlogin.m4 deleted file mode 100644 index 03cecfcefe6..00000000000 --- a/crypto/heimdal/cf/krb-func-getlogin.m4 +++ /dev/null @@ -1,22 +0,0 @@ -dnl -dnl $Id: krb-func-getlogin.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl test for POSIX (broken) getlogin -dnl - - -AC_DEFUN([AC_FUNC_GETLOGIN], [ -AC_CHECK_FUNCS(getlogin setlogin) -if test "$ac_cv_func_getlogin" = yes; then -AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [ -if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then - ac_cv_func_getlogin_posix=no -else - ac_cv_func_getlogin_posix=yes -fi -]) -if test "$ac_cv_func_getlogin_posix" = yes; then - AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).]) -fi -fi -]) diff --git a/crypto/heimdal/cf/krb-ipv6.m4 b/crypto/heimdal/cf/krb-ipv6.m4 deleted file mode 100644 index ba0b00093fd..00000000000 --- a/crypto/heimdal/cf/krb-ipv6.m4 +++ /dev/null @@ -1,149 +0,0 @@ -dnl $Id: krb-ipv6.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl test for IPv6 -dnl -AC_DEFUN([AC_KRB_IPV6], [ -AC_ARG_WITH(ipv6, - AS_HELP_STRING([--without-ipv6],[do not enable IPv6 support]),[ -if test "$withval" = "no"; then - ac_cv_lib_ipv6=no -fi]) -save_CFLAGS="${CFLAGS}" -AC_CACHE_CHECK([for IPv6 stack type], v6type, -[dnl check for different v6 implementations (by itojun) -v6type=unknown -v6lib=none - -for i in v6d toshiba kame inria zeta linux; do - case $i in - v6d) - AC_EGREP_CPP(yes, [ -#include -#ifdef __V6D__ -yes -#endif], - [v6type=$i; v6lib=v6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-I/usr/local/v6/include $CFLAGS"]) - ;; - toshiba) - AC_EGREP_CPP(yes, [ -#include -#ifdef _TOSHIBA_INET6 -yes -#endif], - [v6type=$i; v6lib=inet6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-DINET6 $CFLAGS"]) - ;; - kame) - AC_EGREP_CPP(yes, [ -#include -#ifdef __KAME__ -yes -#endif], - [v6type=$i; v6lib=inet6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-DINET6 $CFLAGS"]) - ;; - inria) - AC_EGREP_CPP(yes, [ -#include -#ifdef IPV6_INRIA_VERSION -yes -#endif], - [v6type=$i; CFLAGS="-DINET6 $CFLAGS"]) - ;; - zeta) - AC_EGREP_CPP(yes, [ -#include -#ifdef _ZETA_MINAMI_INET6 -yes -#endif], - [v6type=$i; v6lib=inet6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-DINET6 $CFLAGS"]) - ;; - linux) - if test -d /usr/inet6; then - v6type=$i - v6lib=inet6 - v6libdir=/usr/inet6 - CFLAGS="-DINET6 $CFLAGS" - fi - ;; - esac - if test "$v6type" != "unknown"; then - break - fi -done - -if test "$v6lib" != "none"; then - for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do - if test -d $dir -a -f $dir/lib$v6lib.a; then - LIBS="-L$dir -l$v6lib $LIBS" - break - fi - done -fi -]) - -AC_CACHE_CHECK([for IPv6], ac_cv_lib_ipv6, [ -AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_NETINET_IN6_H -#include -#endif -]], -[[ - struct sockaddr_in6 sin6; - int s; - - s = socket(AF_INET6, SOCK_DGRAM, 0); - - sin6.sin6_family = AF_INET6; - sin6.sin6_port = htons(17); - sin6.sin6_addr = in6addr_any; - bind(s, (struct sockaddr *)&sin6, sizeof(sin6)); -]])], -[ac_cv_lib_ipv6=yes], -[ac_cv_lib_ipv6=no])]) -if test "$ac_cv_lib_ipv6" = yes; then - AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.]) -else - CFLAGS="${save_CFLAGS}" -fi - -## test for AIX missing in6addr_loopback -if test "$ac_cv_lib_ipv6" = yes; then - AC_CACHE_CHECK([for in6addr_loopback],[ac_cv_var_in6addr_loopback],[ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_NETINET_IN6_H -#include -#endif]],[[ -struct sockaddr_in6 sin6; -sin6.sin6_addr = in6addr_loopback; -]])],[ac_cv_var_in6addr_loopback=yes],[ac_cv_var_in6addr_loopback=no])]) - if test "$ac_cv_var_in6addr_loopback" = yes; then - AC_DEFINE(HAVE_IN6ADDR_LOOPBACK, 1, - [Define if you have the in6addr_loopback variable]) - fi -fi -]) \ No newline at end of file diff --git a/crypto/heimdal/cf/krb-prog-ln-s.m4 b/crypto/heimdal/cf/krb-prog-ln-s.m4 deleted file mode 100644 index e4bb7cad460..00000000000 --- a/crypto/heimdal/cf/krb-prog-ln-s.m4 +++ /dev/null @@ -1,28 +0,0 @@ -dnl $Id: krb-prog-ln-s.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl Better test for ln -s, ln or cp -dnl - -AC_DEFUN([AC_KRB_PROG_LN_S], -[AC_MSG_CHECKING(for ln -s or something else) -AC_CACHE_VAL(ac_cv_prog_LN_S, -[rm -f conftestdata -if ln -s X conftestdata 2>/dev/null -then - rm -f conftestdata - ac_cv_prog_LN_S="ln -s" -else - touch conftestdata1 - if ln conftestdata1 conftestdata2; then - rm -f conftestdata* - ac_cv_prog_LN_S=ln - else - ac_cv_prog_LN_S=cp - fi -fi])dnl -LN_S="$ac_cv_prog_LN_S" -AC_MSG_RESULT($ac_cv_prog_LN_S) -AC_SUBST(LN_S)dnl -]) - diff --git a/crypto/heimdal/cf/krb-prog-ranlib.m4 b/crypto/heimdal/cf/krb-prog-ranlib.m4 deleted file mode 100644 index 6a851a24da6..00000000000 --- a/crypto/heimdal/cf/krb-prog-ranlib.m4 +++ /dev/null @@ -1,8 +0,0 @@ -dnl $Id: krb-prog-ranlib.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl Also look for EMXOMF for OS/2 -dnl - -AC_DEFUN([AC_KRB_PROG_RANLIB], -[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)]) diff --git a/crypto/heimdal/cf/krb-prog-yacc.m4 b/crypto/heimdal/cf/krb-prog-yacc.m4 deleted file mode 100644 index 10203e453fe..00000000000 --- a/crypto/heimdal/cf/krb-prog-yacc.m4 +++ /dev/null @@ -1,12 +0,0 @@ -dnl $Id: krb-prog-yacc.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl We prefer byacc or yacc because they do not use `alloca' -dnl - -AC_DEFUN([AC_KRB_PROG_YACC], -[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y') -if test "$YACC" = ""; then - AC_MSG_WARN([yacc not found - some stuff will not build]) -fi -]) diff --git a/crypto/heimdal/cf/krb-readline.m4 b/crypto/heimdal/cf/krb-readline.m4 deleted file mode 100644 index 61a50c5abac..00000000000 --- a/crypto/heimdal/cf/krb-readline.m4 +++ /dev/null @@ -1,39 +0,0 @@ -dnl $Id: krb-readline.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl Tests for readline functions -dnl - -dnl el_init - -AC_DEFUN([KRB_READLINE],[ -AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent]) -if test "$ac_cv_func_el_init" = yes ; then - AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include - #include ]], - [[el_init("", NULL, NULL, NULL);]])], - [ac_cv_func_el_init_four=yes], - [ac_cv_func_el_init_four=no])]) - if test "$ac_cv_func_el_init_four" = yes; then - AC_DEFINE(HAVE_FOUR_VALUED_EL_INIT, 1, [Define if el_init takes four arguments.]) - fi -fi - -dnl readline - -ac_foo=no -if test "$with_readline" = yes; then - : -elif test "$ac_cv_func_readline" = yes; then - : -elif test "$ac_cv_func_el_init" = yes; then - ac_foo=yes - LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)" -else - LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)" -fi -AM_CONDITIONAL(el_compat, test "$ac_foo" = yes) -AC_DEFINE(HAVE_READLINE, 1, - [Define if you have a readline compatible library.])dnl - -]) diff --git a/crypto/heimdal/cf/krb-struct-spwd.m4 b/crypto/heimdal/cf/krb-struct-spwd.m4 deleted file mode 100644 index 17fb2a371cb..00000000000 --- a/crypto/heimdal/cf/krb-struct-spwd.m4 +++ /dev/null @@ -1,21 +0,0 @@ -dnl $Id: krb-struct-spwd.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl Test for `struct spwd' - -AC_DEFUN([AC_KRB_STRUCT_SPWD], [ -AC_MSG_CHECKING(for struct spwd) -AC_CACHE_VAL(ac_cv_struct_spwd, [ -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include -#ifdef HAVE_SHADOW_H -#include -#endif]],[[struct spwd foo;]])], -[ac_cv_struct_spwd=yes], -[ac_cv_struct_spwd=no]) -]) -AC_MSG_RESULT($ac_cv_struct_spwd) - -if test "$ac_cv_struct_spwd" = "yes"; then - AC_DEFINE(HAVE_STRUCT_SPWD, 1, [define if you have struct spwd]) -fi -]) diff --git a/crypto/heimdal/cf/krb-struct-winsize.m4 b/crypto/heimdal/cf/krb-struct-winsize.m4 deleted file mode 100644 index 06e5f5bb8e7..00000000000 --- a/crypto/heimdal/cf/krb-struct-winsize.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl $Id: krb-struct-winsize.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl Search for struct winsize -dnl - -AC_DEFUN([AC_KRB_STRUCT_WINSIZE], [ -AC_MSG_CHECKING(for struct winsize) -AC_CACHE_VAL(ac_cv_struct_winsize, [ -ac_cv_struct_winsize=no -for i in sys/termios.h sys/ioctl.h; do -AC_EGREP_HEADER( -struct[[ ]]*winsize,dnl -$i, ac_cv_struct_winsize=yes; break)dnl -done -]) -if test "$ac_cv_struct_winsize" = "yes"; then - AC_DEFINE(HAVE_STRUCT_WINSIZE, 1, [define if struct winsize is declared in sys/termios.h]) -fi -AC_MSG_RESULT($ac_cv_struct_winsize) -AC_EGREP_HEADER(ws_xpixel, termios.h, - AC_DEFINE(HAVE_WS_XPIXEL, 1, [define if struct winsize has ws_xpixel])) -AC_EGREP_HEADER(ws_ypixel, termios.h, - AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel])) -]) diff --git a/crypto/heimdal/cf/krb-sys-aix.m4 b/crypto/heimdal/cf/krb-sys-aix.m4 deleted file mode 100644 index 544e779181a..00000000000 --- a/crypto/heimdal/cf/krb-sys-aix.m4 +++ /dev/null @@ -1,15 +0,0 @@ -dnl $Id: krb-sys-aix.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl AIX have a very different syscall convention -dnl -AC_DEFUN([AC_KRB_SYS_AIX], [ -AC_MSG_CHECKING(for AIX) -AC_CACHE_VAL(krb_cv_sys_aix, -AC_EGREP_CPP(yes, -[#ifdef _AIX - yes -#endif -], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) ) -AC_MSG_RESULT($krb_cv_sys_aix) -]) diff --git a/crypto/heimdal/cf/krb-sys-nextstep.m4 b/crypto/heimdal/cf/krb-sys-nextstep.m4 deleted file mode 100644 index dcf7e096c33..00000000000 --- a/crypto/heimdal/cf/krb-sys-nextstep.m4 +++ /dev/null @@ -1,18 +0,0 @@ -dnl $Id: krb-sys-nextstep.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl NEXTSTEP is not posix compliant by default, -dnl you need a switch -posix to the compiler -dnl - -AC_DEFUN([rk_SYS_NEXTSTEP], [ -AC_CACHE_CHECK(for NeXTSTEP, rk_cv_sys_nextstep, [ -AC_EGREP_CPP(yes, -[#if defined(NeXT) && !defined(__APPLE__) - yes -#endif -], rk_cv_sys_nextstep=yes, rk_cv_sys_nextstep=no)]) -if test "$rk_cv_sys_nextstep" = "yes"; then - CFLAGS="$CFLAGS -posix" - LIBS="$LIBS -posix" -fi -]) diff --git a/crypto/heimdal/cf/krb-version.m4 b/crypto/heimdal/cf/krb-version.m4 deleted file mode 100644 index 92d731f0438..00000000000 --- a/crypto/heimdal/cf/krb-version.m4 +++ /dev/null @@ -1,24 +0,0 @@ -dnl $Id: krb-version.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl -dnl output a C header-file with some version strings -dnl - -AC_DEFUN([AC_KRB_VERSION],[ -cat > include/newversion.h.in </dev/null | sed 1q` - Date=`date` - mv -f include/newversion.h.in include/version.h.in - sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h -fi -]) diff --git a/crypto/heimdal/cf/largefile.m4 b/crypto/heimdal/cf/largefile.m4 deleted file mode 100644 index 972ba9c4454..00000000000 --- a/crypto/heimdal/cf/largefile.m4 +++ /dev/null @@ -1,16 +0,0 @@ -dnl $Id: largefile.m4 13768 2004-04-24 21:51:32Z joda $ -dnl -dnl Figure out what flags we need for 64-bit file access, and also set -dnl them on the command line. -dnl -AC_DEFUN([rk_SYS_LARGEFILE],[ -AC_REQUIRE([AC_SYS_LARGEFILE])dnl -dnl need to set this on the command line, since it might otherwise break -dnl with generated code, such as lex -if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then - CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" -fi -if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then - CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits" -fi -]) diff --git a/crypto/heimdal/cf/make-proto.pl b/crypto/heimdal/cf/make-proto.pl deleted file mode 100644 index f119b517e79..00000000000 --- a/crypto/heimdal/cf/make-proto.pl +++ /dev/null @@ -1,337 +0,0 @@ -# Make prototypes from .c files -# $Id: make-proto.pl 14183 2004-09-03 08:50:57Z lha $ - -##use Getopt::Std; -require 'getopts.pl'; - -$brace = 0; -$line = ""; -$debug = 0; -$oproto = 1; -$private_func_re = "^_"; - -do Getopts('x:m:o:p:dqE:R:P:') || die "foo"; - -if($opt_d) { - $debug = 1; -} - -if($opt_q) { - $oproto = 0; -} - -if($opt_R) { - $private_func_re = $opt_R; -} -%flags = ( - 'multiline-proto' => 1, - 'header' => 1, - 'function-blocking' => 0, - 'gnuc-attribute' => 1, - 'cxx' => 1 - ); -if($opt_m) { - foreach $i (split(/,/, $opt_m)) { - if($i eq "roken") { - $flags{"multiline-proto"} = 0; - $flags{"header"} = 0; - $flags{"function-blocking"} = 0; - $flags{"gnuc-attribute"} = 0; - $flags{"cxx"} = 0; - } else { - if(substr($i, 0, 3) eq "no-") { - $flags{substr($i, 3)} = 0; - } else { - $flags{$i} = 1; - } - } - } -} - -if($opt_x) { - open(EXP, $opt_x); - while() { - chomp; - s/\#.*//g; - s/\s+/ /g; - if(/^([a-zA-Z0-9_]+)\s?(.*)$/) { - $exported{$1} = $2; - } else { - print $_, "\n"; - } - } - close EXP; -} - -while(<>) { - print $brace, " ", $_ if($debug); - if(/^\#if 0/) { - $if_0 = 1; - } - if($if_0 && /^\#endif/) { - $if_0 = 0; - } - if($if_0) { next } - if(/^\s*\#/) { - next; - } - if(/^\s*$/) { - $line = ""; - next; - } - if(/\{/){ - if (!/\}/) { - $brace++; - } - $_ = $line; - while(s/\*\//\ca/){ - s/\/\*(.|\n)*\ca//; - } - s/^\s*//; - s/\s*$//; - s/\s+/ /g; - if($_ =~ /\)$/){ - if(!/^static/ && !/^PRIVATE/){ - if(/(.*)(__attribute__\s?\(.*\))/) { - $attr = $2; - $_ = $1; - } else { - $attr = ""; - } - # remove outer () - s/\s*\(//; - # remove , within () - while(s/\(([^()]*),(.*)\)/($1\$$2)/g){} - s/\<\s*void\s*\>/<>/; - # remove parameter names - if($opt_P eq "remove") { - s/(\s*)([a-zA-Z0-9_]+)([,>])/$3/g; - s/\s+\*/*/g; - s/\(\*(\s*)([a-zA-Z0-9_]+)\)/(*)/g; - } elsif($opt_P eq "comment") { - s/([a-zA-Z0-9_]+)([,>])/\/\*$1\*\/$2/g; - s/\(\*([a-zA-Z0-9_]+)\)/(*\/\*$1\*\/)/g; - } - s/\<\>//; - # add newlines before parameters - if($flags{"multiline-proto"}) { - s/,\s*/,\n\t/g; - } else { - s/,\s*/, /g; - } - # fix removed , - s/\$/,/g; - # match function name - /([a-zA-Z0-9_]+)\s*\/$RP/; - # insert newline before function name - if($flags{"multiline-proto"}) { - s/(.*)\s([a-zA-Z0-9_]+ \Q$LP\E)/$1\n$2/; - } - if($attr ne "") { - $_ .= "\n $attr"; - } - $_ = $_ . ";"; - $funcs{$f} = $_; - } - } - $line = ""; - } - if(/\}/){ - $brace--; - } - if(/^\}/){ - $brace = 0; - } - if($brace == 0) { - $line = $line . " " . $_; - } -} - -sub foo { - local ($arg) = @_; - $_ = $arg; - s/.*\/([^\/]*)/$1/; - s/[^a-zA-Z0-9]/_/g; - "__" . $_ . "__"; -} - -if($opt_o) { - open(OUT, ">$opt_o"); - $block = &foo($opt_o); -} else { - $block = "__public_h__"; -} - -if($opt_p) { - open(PRIV, ">$opt_p"); - $private = &foo($opt_p); -} else { - $private = "__private_h__"; -} - -$public_h = ""; -$private_h = ""; - -$public_h_header .= "/* This is a generated file */ -#ifndef $block -#define $block - -"; -if ($oproto) { - $public_h_header .= "#ifdef __STDC__ -#include -#ifndef __P -#define __P(x) x -#endif -#else -#ifndef __P -#define __P(x) () -#endif -#endif - -"; -} else { - $public_h_header .= "#include - -"; -} -$public_h_trailer = ""; - -$private_h_header = "/* This is a generated file */ -#ifndef $private -#define $private - -"; -if($oproto) { - $private_h_header .= "#ifdef __STDC__ -#include -#ifndef __P -#define __P(x) x -#endif -#else -#ifndef __P -#define __P(x) () -#endif -#endif - -"; -} else { - $private_h_header .= "#include - -"; -} -$private_h_trailer = ""; - -foreach(sort keys %funcs){ - if(/^(main)$/) { next } - if(!defined($exported{$_}) && /$private_func_re/) { - $private_h .= $funcs{$_} . "\n\n"; - if($funcs{$_} =~ /__attribute__/) { - $private_attribute_seen = 1; - } - } else { - if($flags{"function-blocking"}) { - $fupper = uc $_; - if($exported{$_} =~ /proto/) { - $public_h .= "#if !defined(HAVE_$fupper) || defined(NEED_${fupper}_PROTO)\n"; - } else { - $public_h .= "#ifndef HAVE_$fupper\n"; - } - } - $public_h .= $funcs{$_} . "\n"; - if($funcs{$_} =~ /__attribute__/) { - $public_attribute_seen = 1; - } - if($flags{"function-blocking"}) { - $public_h .= "#endif\n"; - } - $public_h .= "\n"; - } -} - -if($flags{"gnuc-attribute"}) { - if ($public_attribute_seen) { - $public_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(x) -#endif - -"; - } - - if ($private_attribute_seen) { - $private_h_header .= "#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(x) -#endif - -"; - } -} -if($flags{"cxx"}) { - $public_h_header .= "#ifdef __cplusplus -extern \"C\" { -#endif - -"; - $public_h_trailer .= "#ifdef __cplusplus -} -#endif - -"; - -} -if ($opt_E) { - $public_h_header .= "#ifndef $opt_E -#if defined(_WIN32) -#define $opt_E _stdcall -#else -#define $opt_E -#endif -#endif - -"; - - $private_h_header .= "#ifndef $opt_E -#if defined(_WIN32) -#define $opt_E _stdcall -#else -#define $opt_E -#endif -#endif - -"; -} - -if ($public_h ne "" && $flags{"header"}) { - $public_h = $public_h_header . $public_h . - $public_h_trailer . "#endif /* $block */\n"; -} -if ($private_h ne "" && $flags{"header"}) { - $private_h = $private_h_header . $private_h . - $private_h_trailer . "#endif /* $private */\n"; -} - -if($opt_o) { - print OUT $public_h; -} -if($opt_p) { - print PRIV $private_h; -} - -close OUT; -close PRIV; diff --git a/crypto/heimdal/cf/mips-abi.m4 b/crypto/heimdal/cf/mips-abi.m4 deleted file mode 100644 index 2af513e188d..00000000000 --- a/crypto/heimdal/cf/mips-abi.m4 +++ /dev/null @@ -1,87 +0,0 @@ -dnl $Id: mips-abi.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl -dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some -dnl value. - -AC_DEFUN([AC_MIPS_ABI], [ -AC_ARG_WITH(mips_abi, - AS_HELP_STRING([--with-mips-abi=abi],[ABI to use for IRIX (32, n32, or 64)])) - -case "$host_os" in -irix*) -with_mips_abi="${with_mips_abi:-yes}" -if test -n "$GCC"; then - -# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select -# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. -# -# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old -# GCC and revert back to O32. The same goes if O32 is asked for - old -# GCCs doesn't like the -mabi option, and new GCCs can't output O32. -# -# Don't you just love *all* the different SGI ABIs? - -case "${with_mips_abi}" in - 32|o32) abi='-mabi=32'; abilibdirext='' ;; - n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; - 64) abi='-mabi=64'; abilibdirext='64' ;; - no) abi=''; abilibdirext='';; - *) AC_MSG_ERROR("Invalid ABI specified") ;; -esac -if test -n "$abi" ; then -ac_foo=krb_cv_gcc_`echo $abi | tr =- __` -dnl -dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to -dnl AC_MSG_RESULT -dnl -AC_MSG_CHECKING([if $CC supports the $abi option]) -AC_CACHE_VAL($ac_foo, [ -save_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS $abi" -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[eval $ac_foo=yes], [eval $ac_foo=no])dnl -CFLAGS="$save_CFLAGS" -]) -ac_res=`eval echo \\\$$ac_foo` -AC_MSG_RESULT($ac_res) -if test $ac_res = no; then -# Try to figure out why that failed... -case $abi in - -mabi=32) - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -mabi=n32" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x;]])],[ac_res=yes],[ac_res=no])dnl - CLAGS="$save_CFLAGS" - if test $ac_res = yes; then - # New GCC - AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI]) - fi - # Old GCC - abi='' - abilibdirext='' - ;; - -mabi=n32|-mabi=64) - if test $with_mips_abi = yes; then - # Old GCC, default to O32 - abi='' - abilibdirext='' - else - # Some broken GCC - AC_MSG_ERROR([$CC does not support the $with_mips_abi ABI]) - fi - ;; -esac -fi #if test $ac_res = no; then -fi #if test -n "$abi" ; then -else -case "${with_mips_abi}" in - 32|o32) abi='-32'; abilibdirext='' ;; - n32|yes) abi='-n32'; abilibdirext='32' ;; - 64) abi='-64'; abilibdirext='64' ;; - no) abi=''; abilibdirext='';; - *) AC_MSG_ERROR("Invalid ABI specified") ;; -esac -fi #if test -n "$GCC"; then -;; -esac -]) diff --git a/crypto/heimdal/cf/misc.m4 b/crypto/heimdal/cf/misc.m4 deleted file mode 100644 index 042f30a58d6..00000000000 --- a/crypto/heimdal/cf/misc.m4 +++ /dev/null @@ -1,15 +0,0 @@ - -dnl $Id: misc.m4 11022 2002-05-24 15:35:32Z joda $ -dnl -AC_DEFUN([upcase],[`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`])dnl -AC_DEFUN([rk_LIBOBJ],[AC_LIBOBJ([$1])])dnl -AC_DEFUN([rk_CONFIG_HEADER],[AH_TOP([#ifndef RCSID -#define RCSID(msg) \ -static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } -#endif - -/* Maximum values on all known systems */ -#define MaxHostNameLen (64+4) -#define MaxPathLen (1024+4) - -])]) \ No newline at end of file diff --git a/crypto/heimdal/cf/need-proto.m4 b/crypto/heimdal/cf/need-proto.m4 deleted file mode 100644 index 978abb1afba..00000000000 --- a/crypto/heimdal/cf/need-proto.m4 +++ /dev/null @@ -1,22 +0,0 @@ -dnl $Id: need-proto.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl -dnl Check if we need the prototype for a function -dnl - -dnl AC_NEED_PROTO(includes, function) - -AC_DEFUN([AC_NEED_PROTO], [ -if test "$ac_cv_func_$2+set" != set -o "$ac_cv_func_$2" = yes; then -AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto, -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1 -struct foo { int foo; } xx; -extern int $2 (struct foo*);]],[[$2(&xx)]])], -[eval "ac_cv_func_$2_noproto=yes"], -[eval "ac_cv_func_$2_noproto=no"])) -if test "$ac_cv_func_$2_noproto" = yes; then - AC_DEFINE(AS_TR_CPP(NEED_[]$2[]_PROTO), 1, - [define if the system is missing a prototype for $2()]) -fi -fi -]) diff --git a/crypto/heimdal/cf/osfc2.m4 b/crypto/heimdal/cf/osfc2.m4 deleted file mode 100644 index 6366f7a4ed2..00000000000 --- a/crypto/heimdal/cf/osfc2.m4 +++ /dev/null @@ -1,14 +0,0 @@ -dnl $Id: osfc2.m4 14147 2004-08-25 14:14:01Z joda $ -dnl -dnl enable OSF C2 stuff - -AC_DEFUN([AC_CHECK_OSFC2],[ -AC_ARG_ENABLE(osfc2, - AS_HELP_STRING([--enable-osfc2],[enable some OSF C2 support])) -LIB_security= -if test "$enable_osfc2" = yes; then - AC_DEFINE(HAVE_OSFC2, 1, [Define to enable basic OSF C2 support.]) - LIB_security=-lsecurity -fi -AC_SUBST(LIB_security) -]) diff --git a/crypto/heimdal/cf/otp.m4 b/crypto/heimdal/cf/otp.m4 deleted file mode 100644 index fa6a530bcf3..00000000000 --- a/crypto/heimdal/cf/otp.m4 +++ /dev/null @@ -1,27 +0,0 @@ -dnl $Id: otp.m4 14147 2004-08-25 14:14:01Z joda $ -dnl -dnl check requirements for OTP library -dnl -AC_DEFUN([rk_OTP],[ -AC_REQUIRE([rk_DB])dnl -AC_ARG_ENABLE(otp, - AS_HELP_STRING([--disable-otp],[if you don't want OTP support])) -if test "$enable_otp" = yes -a "$db_type" = unknown; then - AC_MSG_ERROR([OTP requires a NDBM/DB compatible library]) -fi -if test "$enable_otp" != no; then - if test "$db_type" != unknown; then - enable_otp=yes - else - enable_otp=no - fi -fi -if test "$enable_otp" = yes; then - AC_DEFINE(OTP, 1, [Define if you want OTP support in applications.]) - LIB_otp='$(top_builddir)/lib/otp/libotp.la' - AC_SUBST(LIB_otp) -fi -AC_MSG_CHECKING([whether to enable OTP library]) -AC_MSG_RESULT($enable_otp) -AM_CONDITIONAL(OTP, test "$enable_otp" = yes)dnl -]) diff --git a/crypto/heimdal/cf/proto-compat.m4 b/crypto/heimdal/cf/proto-compat.m4 deleted file mode 100644 index 0da8b250e60..00000000000 --- a/crypto/heimdal/cf/proto-compat.m4 +++ /dev/null @@ -1,21 +0,0 @@ -dnl $Id: proto-compat.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl -dnl Check if the prototype of a function is compatible with another one -dnl - -dnl AC_PROTO_COMPAT(includes, function, prototype) - -AC_DEFUN([AC_PROTO_COMPAT], [ -AC_CACHE_CHECK([if $2 is compatible with system prototype], -ac_cv_func_$2_proto_compat, -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$1]],[[$3]])], -[eval "ac_cv_func_$2_proto_compat=yes"], -[eval "ac_cv_func_$2_proto_compat=no"])) -define([foo], translit($2, [a-z], [A-Z])[_PROTO_COMPATIBLE]) -if test "$ac_cv_func_$2_proto_compat" = yes; then - AC_DEFINE(foo, 1, [define if prototype of $2 is compatible with - $3]) -fi -undefine([foo]) -]) \ No newline at end of file diff --git a/crypto/heimdal/cf/pthreads.m4 b/crypto/heimdal/cf/pthreads.m4 deleted file mode 100644 index fd2c81ba3f0..00000000000 --- a/crypto/heimdal/cf/pthreads.m4 +++ /dev/null @@ -1,75 +0,0 @@ -dnl $Id: pthreads.m4 20295 2007-04-11 11:08:08Z lha $ - -AC_DEFUN([KRB_PTHREADS], [ -AC_MSG_CHECKING(if compiling threadsafe libraries) - -AC_ARG_ENABLE(pthread-support, - AS_HELP_STRING([--enable-pthread-support], - [if you want thread safe libraries]), - [],[enable_pthread_support=maybe]) - -case "$host" in -*-*-solaris2*) - native_pthread_support=yes - if test "$GCC" = yes; then - PTHREADS_CFLAGS=-pthreads - PTHREADS_LIBS=-pthreads - else - PTHREADS_CFLAGS=-mt - PTHREADS_LIBS=-mt - fi - ;; -*-*-netbsd*) - native_pthread_support="if running netbsd 1.6T or newer" - dnl heim_threads.h knows this - PTHREADS_LIBS="" - ;; -*-*-freebsd5*) - native_pthread_support=yes - ;; -*-*-linux* | *-*-linux-gnu) - case `uname -r` in - 2.*) - native_pthread_support=yes - PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread - ;; - esac - ;; -*-*-aix*) - dnl AIX is disabled since we don't handle the utmp/utmpx - dnl problems that aix causes when compiling with pthread support - native_pthread_support=no - ;; -mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too - native_pthread_support=yes - PTHREADS_LIBS="-lpthread" - ;; -*-*-darwin*) - native_pthread_support=yes - ;; -*) - native_pthread_support=no - ;; -esac - -if test "$enable_pthread_support" = maybe ; then - enable_pthread_support="$native_pthread_support" -fi - -if test "$enable_pthread_support" != no; then - AC_DEFINE(ENABLE_PTHREAD_SUPPORT, 1, - [Define if you want have a thread safe libraries]) - dnl This sucks, but libtool doesn't save the depenecy on -pthread - dnl for libraries. - LIBS="$PTHREADS_LIBS $LIBS" -else - PTHREADS_CFLAGS="" - PTHREADS_LIBS="" -fi - -AC_SUBST(PTHREADS_CFLAGS) -AC_SUBST(PTHREADS_LIBS) - -AC_MSG_RESULT($enable_pthread_support) -]) diff --git a/crypto/heimdal/cf/resolv.m4 b/crypto/heimdal/cf/resolv.m4 deleted file mode 100644 index 8bb5e4ecbb0..00000000000 --- a/crypto/heimdal/cf/resolv.m4 +++ /dev/null @@ -1,109 +0,0 @@ -dnl stuff used by DNS resolv code in roken -dnl -dnl $Id: resolv.m4 16009 2005-09-02 10:17:38Z lha $ -dnl - -AC_DEFUN([rk_RESOLV],[ - -AC_CHECK_HEADERS([arpa/nameser.h]) - -AC_CHECK_HEADERS(resolv.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_NAMESER_H -#include -#endif -]) - -AC_FIND_FUNC(res_search, resolv, -[ -#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_NAMESER_H -#include -#endif -#ifdef HAVE_RESOLV_H -#include -#endif -], -[0,0,0,0,0]) - -AC_FIND_FUNC(res_nsearch, resolv, -[ -#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_NAMESER_H -#include -#endif -#ifdef HAVE_RESOLV_H -#include -#endif -], -[0,0,0,0,0,0]) - -AC_FIND_FUNC(res_ndestroy, resolv, -[ -#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_NAMESER_H -#include -#endif -#ifdef HAVE_RESOLV_H -#include -#endif -], -[0]) - -AC_FIND_FUNC(dn_expand, resolv, -[ -#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_NAMESER_H -#include -#endif -#ifdef HAVE_RESOLV_H -#include -#endif -], -[0,0,0,0,0]) - -rk_CHECK_VAR(_res, -[#include -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_NAMESER_H -#include -#endif -#ifdef HAVE_RESOLV_H -#include -#endif]) - -]) diff --git a/crypto/heimdal/cf/retsigtype.m4 b/crypto/heimdal/cf/retsigtype.m4 deleted file mode 100644 index 2857bff1d96..00000000000 --- a/crypto/heimdal/cf/retsigtype.m4 +++ /dev/null @@ -1,18 +0,0 @@ -dnl -dnl $Id: retsigtype.m4 13338 2004-02-12 14:21:14Z lha $ -dnl -dnl Figure out return type of signal handlers, and define SIGRETURN macro -dnl that can be used to return from one -dnl -AC_DEFUN([rk_RETSIGTYPE],[ -AC_TYPE_SIGNAL -if test "$ac_cv_type_signal" = "void" ; then - AC_DEFINE(VOID_RETSIGTYPE, 1, [Define if signal handlers return void.]) -fi -AC_SUBST(VOID_RETSIGTYPE) -AH_BOTTOM([#ifdef VOID_RETSIGTYPE -#define SIGRETURN(x) return -#else -#define SIGRETURN(x) return (RETSIGTYPE)(x) -#endif]) -]) \ No newline at end of file diff --git a/crypto/heimdal/cf/roken-frag.m4 b/crypto/heimdal/cf/roken-frag.m4 deleted file mode 100644 index eccbdbd4142..00000000000 --- a/crypto/heimdal/cf/roken-frag.m4 +++ /dev/null @@ -1,655 +0,0 @@ -dnl $Id: roken-frag.m4 20639 2007-05-10 17:22:58Z lha $ -dnl -dnl some code to get roken working -dnl -dnl rk_ROKEN(subdir) -dnl -AC_DEFUN([rk_ROKEN], [ - -AC_REQUIRE([rk_CONFIG_HEADER]) - -DIR_roken=roken -LIB_roken='$(top_builddir)/$1/libroken.la' -INCLUDES_roken='-I$(top_builddir)/$1 -I$(top_srcdir)/$1' - -dnl Checks for programs -AC_REQUIRE([AC_PROG_CC]) -AC_REQUIRE([AC_PROG_AWK]) -AC_REQUIRE([AC_OBJEXT]) -AC_REQUIRE([AC_EXEEXT]) -AC_REQUIRE([AC_PROG_LIBTOOL]) - -AC_REQUIRE([AC_MIPS_ABI]) - -dnl C characteristics - -AC_REQUIRE([AC_C___ATTRIBUTE__]) -AC_REQUIRE([AC_C_INLINE]) -AC_REQUIRE([AC_C_CONST]) -rk_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs) - -AC_REQUIRE([rk_DB]) - -dnl C types - -AC_REQUIRE([AC_TYPE_SIZE_T]) -AC_HAVE_TYPE([ssize_t],[#include ]) -AC_REQUIRE([AC_TYPE_PID_T]) -AC_REQUIRE([AC_TYPE_UID_T]) -AC_HAVE_TYPE([long long]) - -AC_REQUIRE([rk_RETSIGTYPE]) - -dnl Checks for header files. -AC_REQUIRE([AC_HEADER_STDC]) -AC_REQUIRE([AC_HEADER_TIME]) - -AC_CHECK_HEADERS([\ - arpa/inet.h \ - config.h \ - crypt.h \ - dirent.h \ - errno.h \ - err.h \ - fcntl.h \ - fnmatch.h \ - grp.h \ - ifaddrs.h \ - netinet/in.h \ - netinet/in6.h \ - netinet/in_systm.h \ - netinet6/in6.h \ - paths.h \ - poll.h \ - pwd.h \ - rpcsvc/ypclnt.h \ - shadow.h \ - stdint.h \ - sys/bswap.h \ - sys/ioctl.h \ - sys/mman.h \ - sys/param.h \ - sys/resource.h \ - sys/sockio.h \ - sys/stat.h \ - sys/time.h \ - sys/tty.h \ - sys/types.h \ - sys/uio.h \ - sys/utsname.h \ - sys/wait.h \ - syslog.h \ - termios.h \ - unistd.h \ - userconf.h \ - usersec.h \ - util.h \ -]) - -AC_HAVE_TYPE([uintptr_t],[#ifdef HAVE_STDINT_H -#include -#endif]) - -dnl Sunpro 5.2 has a vis.h which is something different. -AC_CHECK_HEADERS(vis.h, , , [ -#include -#ifndef VIS_SP -#error invis -#endif]) - -AC_CHECK_HEADERS(netdb.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -#include -#endif -]) - -AC_CHECK_HEADERS(sys/socket.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -#include -#endif -]) - -AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#if HAVE_SYS_SOCKET_H -#include -#endif]) - -AC_CHECK_HEADERS(netinet6/in6_var.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#if HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET6_IN6_H -#include -#endif -]) - -AC_CHECK_HEADERS(sys/sysctl.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_PARAM_H -#include -#endif -]) - -AC_CHECK_HEADERS(sys/proc.h, , , [AC_INCLUDES_DEFAULT -#ifdef HAVE_SYS_PARAM_H -#include -#endif -]) - -AC_REQUIRE([CHECK_NETINET_IP_AND_TCP]) - -AM_CONDITIONAL(have_err_h, test "$ac_cv_header_err_h" = yes) -AM_CONDITIONAL(have_ifaddrs_h, test "$ac_cv_header_ifaddrs_h" = yes) -AM_CONDITIONAL(have_vis_h, test "$ac_cv_header_vis_h" = yes) - -dnl Check for functions and libraries - -AC_FIND_FUNC(socket, socket) -AC_FIND_FUNC(gethostbyname, nsl) -AC_FIND_FUNC(syslog, syslog) - -AC_KRB_IPV6 - -AC_FIND_FUNC(gethostbyname2, inet6 ip6) - -rk_RESOLV - -AC_BROKEN_SNPRINTF -AC_BROKEN_VSNPRINTF - -AC_BROKEN_GLOB -if test "$ac_cv_func_glob_working" != yes; then - AC_LIBOBJ(glob) -fi -AM_CONDITIONAL(have_glob_h, test "$ac_cv_func_glob_working" = yes) - - -AC_CHECK_FUNCS([ \ - asnprintf \ - asprintf \ - atexit \ - cgetent \ - getconfattr \ - getprogname \ - getrlimit \ - getspnam \ - initstate \ - issetugid \ - on_exit \ - poll \ - random \ - setprogname \ - setstate \ - strsvis \ - strunvis \ - strvis \ - strvisx \ - svis \ - sysconf \ - sysctl \ - uname \ - unvis \ - vasnprintf \ - vasprintf \ - vis \ -]) - -if test "$ac_cv_func_cgetent" = no; then - AC_LIBOBJ(getcap) -fi -AM_CONDITIONAL(have_cgetent, test "$ac_cv_func_cgetent" = yes) - -AC_REQUIRE([AC_FUNC_GETLOGIN]) - -AC_REQUIRE([AC_FUNC_MMAP]) - -AC_FIND_FUNC_NO_LIBS(getsockopt,, -[#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif], -[0,0,0,0,0]) -AC_FIND_FUNC_NO_LIBS(setsockopt,, -[#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif], -[0,0,0,0,0]) - -AC_FIND_IF_NOT_BROKEN(hstrerror, resolv, -[#ifdef HAVE_NETDB_H -#include -#endif], -17) -AC_NEED_PROTO([ -#ifdef HAVE_NETDB_H -#include -#endif], -hstrerror) - -AC_FOREACH([rk_func], [asprintf vasprintf asnprintf vasnprintf], - [AC_NEED_PROTO([ - #include - #include ], - rk_func)]) - -AC_FIND_FUNC_NO_LIBS(bswap16,, -[#ifdef HAVE_SYS_BSWAP_H -#include -#endif],0) - -AC_FIND_FUNC_NO_LIBS(bswap32,, -[#ifdef HAVE_SYS_BSWAP_H -#include -#endif],0) - -AC_FIND_FUNC_NO_LIBS(pidfile,util, -[#ifdef HAVE_UTIL_H -#include -#endif],0) - -AC_FIND_IF_NOT_BROKEN(getaddrinfo,, -[#ifdef HAVE_NETDB_H -#include -#endif],[0,0,0,0]) - -AC_FIND_IF_NOT_BROKEN(getnameinfo,, -[#ifdef HAVE_NETDB_H -#include -#endif],[0,0,0,0,0,0,0]) - -AC_FIND_IF_NOT_BROKEN(freeaddrinfo,, -[#ifdef HAVE_NETDB_H -#include -#endif],[0]) - -AC_FIND_IF_NOT_BROKEN(gai_strerror,, -[#ifdef HAVE_NETDB_H -#include -#endif],[0]) - -AC_BROKEN([ \ - chown \ - copyhostent \ - closefrom \ - daemon \ - ecalloc \ - emalloc \ - erealloc \ - estrdup \ - err \ - errx \ - fchown \ - flock \ - fnmatch \ - freehostent \ - getcwd \ - getdtablesize \ - getegid \ - geteuid \ - getgid \ - gethostname \ - getifaddrs \ - getipnodebyaddr \ - getipnodebyname \ - getopt \ - gettimeofday \ - getuid \ - getusershell \ - initgroups \ - innetgr \ - iruserok \ - localtime_r \ - lstat \ - memmove \ - mkstemp \ - putenv \ - rcmd \ - readv \ - recvmsg \ - sendmsg \ - setegid \ - setenv \ - seteuid \ - strcasecmp \ - strdup \ - strerror \ - strftime \ - strlcat \ - strlcpy \ - strlwr \ - strncasecmp \ - strndup \ - strnlen \ - strptime \ - strsep \ - strsep_copy \ - strtok_r \ - strupr \ - swab \ - timegm \ - unsetenv \ - verr \ - verrx \ - vsyslog \ - vwarn \ - vwarnx \ - warn \ - warnx \ - writev \ -]) - -AM_CONDITIONAL(have_fnmatch_h, - test "$ac_cv_header_fnmatch_h" = yes -a "$ac_cv_func_fnmatch" = yes) - -AC_FOREACH([rk_func], [strndup strsep strtok_r], - [AC_NEED_PROTO([#include ], rk_func)]) - -AC_FOREACH([rk_func], [strsvis strunvis strvis strvisx svis unvis vis], -[AC_NEED_PROTO([#ifdef HAVE_VIS_H -#include -#endif], rk_func)]) - -AC_BROKEN2(inet_aton, -[#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif], -[0,0]) - -AC_BROKEN2(inet_ntop, -[#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif], -[0, 0, 0, 0]) - -AC_BROKEN2(inet_pton, -[#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif], -[0,0,0]) - -dnl -dnl Check for sa_len in struct sockaddr, -dnl needs to come before the getnameinfo test -dnl -AC_HAVE_STRUCT_FIELD(struct sockaddr, sa_len, [#include -#include ]) - -if test "$ac_cv_func_getaddrinfo" = "yes"; then - rk_BROKEN_GETADDRINFO - if test "$ac_cv_func_getaddrinfo_numserv" = no; then - AC_LIBOBJ(getaddrinfo) - AC_LIBOBJ(freeaddrinfo) - fi -fi - -AC_NEED_PROTO([#include ], setenv) -AC_NEED_PROTO([#include ], unsetenv) -AC_NEED_PROTO([#include ], gethostname) -AC_NEED_PROTO([#include ], mkstemp) -AC_NEED_PROTO([#include ], getusershell) -AC_NEED_PROTO([#include ], daemon) -AC_NEED_PROTO([ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif], -iruserok) - -AC_NEED_PROTO([ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif], -inet_aton) - -AC_FIND_FUNC_NO_LIBS(crypt, crypt)dnl - -AC_REQUIRE([rk_BROKEN_REALLOC])dnl - -dnl AC_KRB_FUNC_GETCWD_BROKEN - -dnl -dnl Checks for prototypes and declarations -dnl - -AC_PROTO_COMPAT([ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -], -gethostbyname, struct hostent *gethostbyname(const char *)) - -AC_PROTO_COMPAT([ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -], -gethostbyaddr, struct hostent *gethostbyaddr(const void *, size_t, int)) - -AC_PROTO_COMPAT([ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -], -getservbyname, struct servent *getservbyname(const char *, const char *)) - -AC_PROTO_COMPAT([ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -], -getsockname, int getsockname(int, struct sockaddr*, socklen_t*)) - -AC_PROTO_COMPAT([ -#ifdef HAVE_SYSLOG_H -#include -#endif -], -openlog, void openlog(const char *, int, int)) - -AC_NEED_PROTO([ -#ifdef HAVE_CRYPT_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -], -crypt) - -dnl variables - -rk_CHECK_VAR(h_errno, -[#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif]) - -rk_CHECK_VAR(h_errlist, -[#ifdef HAVE_NETDB_H -#include -#endif]) - -rk_CHECK_VAR(h_nerr, -[#ifdef HAVE_NETDB_H -#include -#endif]) - -rk_CHECK_VAR([__progname], -[#ifdef HAVE_ERR_H -#include -#endif]) - -AC_CHECK_DECLS([optarg, optind, opterr, optopt, environ],[],[][ -#include -#ifdef HAVE_UNISTD_H -#include -#endif]) - -dnl -dnl Check for fields in struct tm -dnl - -AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include ]) -AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include ]) - -dnl -dnl or do we have a variable `timezone' ? -dnl - -rk_CHECK_VAR(timezone,[#include ]) -rk_CHECK_VAR(altzone,[#include ]) - -AC_HAVE_TYPE([sa_family_t],[ -#include -#include ]) -AC_HAVE_TYPE([socklen_t],[ -#include -#include ]) -AC_HAVE_TYPE([struct sockaddr], [ -#include -#include ]) -AC_HAVE_TYPE([struct sockaddr_storage], [ -#include -#include ]) -AC_HAVE_TYPE([struct addrinfo], [ -#include -#include ]) -AC_HAVE_TYPE([struct ifaddrs], [#include ]) -AC_HAVE_TYPE([struct iovec],[ -#include -#include -]) -AC_HAVE_TYPE([struct msghdr],[ -#include -#include -]) - -dnl -dnl Check for struct winsize -dnl - -AC_KRB_STRUCT_WINSIZE - -dnl -dnl Check for struct spwd -dnl - -AC_KRB_STRUCT_SPWD - -# -# Check if we want samba's socket wrapper -# - -samba_SOCKET_WRAPPER - -dnl won't work with automake -dnl moved to AC_OUTPUT in configure.in -dnl AC_CONFIG_FILES($1/Makefile) - -LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)" - -AC_SUBST(DIR_roken)dnl -AC_SUBST(LIB_roken)dnl -AC_SUBST(INCLUDES_roken)dnl -]) diff --git a/crypto/heimdal/cf/roken.m4 b/crypto/heimdal/cf/roken.m4 deleted file mode 100644 index 7d8a7e8d244..00000000000 --- a/crypto/heimdal/cf/roken.m4 +++ /dev/null @@ -1,64 +0,0 @@ -dnl $Id: roken.m4 14162 2004-08-26 11:27:32Z joda $ -dnl -dnl try to look for an installed roken library with sufficient stuff -dnl -dnl set LIB_roken to the what we should link with -dnl set DIR_roken to if the directory should be built -dnl set CPPFLAGS_roken to stuff to add to CPPFLAGS - -dnl AC_ROKEN(version,directory-to-try,roken-dir,fallback-library,fallback-cppflags) -AC_DEFUN([AC_ROKEN], [ - -AC_ARG_WITH(roken, - AS_HELP_STRING([--with-roken=dir],[use the roken library in dir]), -[if test "$withval" = "no"; then - AC_MSG_ERROR(roken is required) -fi]) - -save_CPPFLAGS="${CPPFLAGS}" - -case $with_roken in -yes|"") - dirs="$2" ;; -*) - dirs="$with_roken" ;; -esac - -roken_installed=no - -for i in $dirs; do - -AC_MSG_CHECKING(for roken in $i) - -CPPFLAGS="-I$i/include ${CPPFLAGS}" - -AC_PREPROC_IFELSE([AC_LANG_SOURCE([[ -#include -#if ROKEN_VERSION < $1 -#error old roken version, should be $1 -fail -#endif -]])],[roken_installed=yes; break]) - -AC_MSG_RESULT($roken_installed) - -done - -CPPFLAGS="$save_CPPFLAGS" - -if test "$roken_installed" != "yes"; then - DIR_roken="roken" - LIB_roken='$4' - CPPFLAGS_roken='$5' - AC_CONFIG_SUBDIRS(lib/roken) -else - LIB_roken="$i/lib/libroken.la" - CPPFLAGS_roken="-I$i/include" -fi - -LIB_roken="${LIB_roken} \$(LIB_crypt) \$(LIB_dbopen)" - -AC_SUBST(LIB_roken)dnl -AC_SUBST(DIR_roken)dnl -AC_SUBST(CPPFLAGS_roken)dnl -]) diff --git a/crypto/heimdal/cf/socket-wrapper.m4 b/crypto/heimdal/cf/socket-wrapper.m4 deleted file mode 100644 index a2b934bd0a1..00000000000 --- a/crypto/heimdal/cf/socket-wrapper.m4 +++ /dev/null @@ -1,16 +0,0 @@ -dnl $Id: socket-wrapper.m4 18077 2006-09-12 17:33:07Z lha $ -dnl -AC_DEFUN([samba_SOCKET_WRAPPER], [ - -AC_ARG_ENABLE(socket-wrapper, - AS_HELP_STRING([--enable-socket-wrapper], - [use sambas socket-wrapper for testing])) - -AM_CONDITIONAL(have_socket_wrapper, test "x$enable_socket_wrapper" = xyes)dnl - -if test "x$enable_socket_wrapper" = xyes ; then - AC_DEFINE(SOCKET_WRAPPER_REPLACE, 1, - [Define if you want to use samba socket wrappers.]) -fi - -]) diff --git a/crypto/heimdal/cf/sunos.m4 b/crypto/heimdal/cf/sunos.m4 deleted file mode 100644 index 18876f58e12..00000000000 --- a/crypto/heimdal/cf/sunos.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl -dnl $Id: sunos.m4 14608 2005-03-01 22:17:44Z lha $ -dnl - -AC_DEFUN([rk_SUNOS],[ -sunos=no -case "$host" in -*-*-sunos4*) - sunos=40 - ;; -*-*-solaris2.7) - sunos=57 - ;; -*-*-solaris2.[[89]] | *-*-solaris2.10) - sunos=58 - ;; -*-*-solaris2*) - sunos=50 - ;; -esac -if test "$sunos" != no; then - AC_DEFINE_UNQUOTED(SunOS, $sunos, - [Define to what version of SunOS you are running.]) -fi -]) \ No newline at end of file diff --git a/crypto/heimdal/cf/telnet.m4 b/crypto/heimdal/cf/telnet.m4 deleted file mode 100644 index b2bef86e9e7..00000000000 --- a/crypto/heimdal/cf/telnet.m4 +++ /dev/null @@ -1,78 +0,0 @@ -dnl -dnl $Id: telnet.m4 15435 2005-06-16 19:45:52Z lha $ -dnl -dnl stuff used by telnet - -AC_DEFUN([rk_TELNET],[ -AC_DEFINE(AUTHENTICATION, 1, - [Define if you want authentication support in telnet.])dnl -AC_DEFINE(ENCRYPTION, 1, - [Define if you want encryption support in telnet.])dnl -AC_DEFINE(DES_ENCRYPTION, 1, - [Define if you want to use DES encryption in telnet.])dnl -AC_DEFINE(DIAGNOSTICS, 1, - [Define this to enable diagnostics in telnet.])dnl -AC_DEFINE(OLD_ENVIRON, 1, - [Define this to enable old environment option in telnet.])dnl -if false; then - AC_DEFINE(ENV_HACK, 1, - [Define this if you want support for broken ENV_{VAR,VAL} telnets.]) -fi - -# Simple test for streamspty, based on the existance of getmsg(), alas -# this breaks on SunOS4 which have streams but BSD-like ptys -# -# And also something wierd has happend with dec-osf1, fallback to bsd-ptys - -case "$host" in -*-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[[01]]*) - ;; -*) - AC_CHECK_FUNC(getmsg) - if test "$ac_cv_func_getmsg" = "yes"; then - AC_CACHE_CHECK([if getmsg works], ac_cv_func_getmsg_works, - AC_RUN_IFELSE([AC_LANG_SOURCE([[ - #include - #include - - int main(int argc, char **argv) - { - int ret; - ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL); - if(ret < 0 && errno == ENOSYS) - return 1; - return 0; - } - ]])], [ac_cv_func_getmsg_works=yes], - [ac_cv_func_getmsg_works=no], - [ac_cv_func_getmsg_works=no])) - if test "$ac_cv_func_getmsg_works" = "yes"; then - AC_DEFINE(HAVE_GETMSG, 1, - [Define if you have a working getmsg.]) - AC_DEFINE(STREAMSPTY, 1, - [Define if you have streams ptys.]) - fi - fi - ;; -esac - -AH_BOTTOM([ -#if defined(ENCRYPTION) && !defined(AUTHENTICATION) -#define AUTHENTICATION 1 -#endif - -/* Set this to the default system lead string for telnetd - * can contain %-escapes: %s=sysname, %m=machine, %r=os-release - * %v=os-version, %t=tty, %h=hostname, %d=date and time - */ -#undef USE_IM - -/* Used with login -p */ -#undef LOGIN_ARGS - -/* set this to a sensible login */ -#ifndef LOGIN_PATH -#define LOGIN_PATH BINDIR "/login" -#endif -]) -]) diff --git a/crypto/heimdal/cf/test-package.m4 b/crypto/heimdal/cf/test-package.m4 deleted file mode 100644 index 8ef9ef738e4..00000000000 --- a/crypto/heimdal/cf/test-package.m4 +++ /dev/null @@ -1,133 +0,0 @@ -dnl $Id: test-package.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs, -dnl default locations, conditional, config-program) - -AC_DEFUN([rk_TEST_PACKAGE],[ -AC_ARG_WITH($1, - AS_HELP_STRING([--with-$1=dir],[use $1 in dir])) -AC_ARG_WITH($1-lib, - AS_HELP_STRING([--with-$1-lib=dir],[use $1 libraries in dir]), -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-lib]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi]) -AC_ARG_WITH($1-include, - AS_HELP_STRING([--with-$1-include=dir],[use $1 headers in dir]), -[if test "$withval" = "yes" -o "$withval" = "no"; then - AC_MSG_ERROR([No argument for --with-$1-include]) -elif test "X$with_$1" = "X"; then - with_$1=yes -fi]) -AC_ARG_WITH($1-config, - AS_HELP_STRING([--with-$1-config=path],[config program for $1])) - -m4_ifval([$6], - m4_define([rk_pkgname], $6), - m4_define([rk_pkgname], AS_TR_CPP($1))) - -AC_MSG_CHECKING(for $1) - -case "$with_$1" in -yes|"") d='$5' ;; -no) d= ;; -*) d="$with_$1" ;; -esac - -header_dirs= -lib_dirs= -for i in $d; do - if test "$with_$1_include" = ""; then - if test -d "$i/include/$1"; then - header_dirs="$header_dirs $i/include/$1" - fi - if test -d "$i/include"; then - header_dirs="$header_dirs $i/include" - fi - fi - if test "$with_$1_lib" = ""; then - if test -d "$i/lib$abilibdirext"; then - lib_dirs="$lib_dirs $i/lib$abilibdirext" - fi - fi -done - -if test "$with_$1_include"; then - header_dirs="$with_$1_include $header_dirs" -fi -if test "$with_$1_lib"; then - lib_dirs="$with_$1_lib $lib_dirs" -fi - -if test "$with_$1_config" = ""; then - with_$1_config='$7' -fi - -$1_cflags= -$1_libs= - -case "$with_$1_config" in -yes|no|""|"$7") - if test -f $with_$1/bin/$7 ; then - with_$1_config=$with_$1/bin/$7 - fi - ;; -esac - -case "$with_$1_config" in -yes|no|"") - ;; -*) - $1_cflags="`$with_$1_config --cflags 2>&1`" - $1_libs="`$with_$1_config --libs 2>&1`" - ;; -esac - -found=no -if test "$with_$1" != no; then - save_CFLAGS="$CFLAGS" - save_LIBS="$LIBS" - if test "$[]$1_cflags" -a "$[]$1_libs"; then - CFLAGS="$[]$1_cflags $save_CFLAGS" - LIBS="$[]$1_libs $save_LIBS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[ - INCLUDE_$1="$[]$1_cflags" - LIB_$1="$[]$1_libs" - AC_MSG_RESULT([from $with_$1_config]) - found=yes]) - fi - if test "$found" = no; then - ires= lres= - for i in $header_dirs; do - CFLAGS="-I$i $save_CFLAGS" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[ires=$i;break]) - done - for i in $lib_dirs; do - LIBS="-L$i $3 $4 $save_LIBS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[$2]],[[]])],[lres=$i;break]) - done - if test "$ires" -a "$lres" -a "$with_$1" != "no"; then - INCLUDE_$1="-I$ires" - LIB_$1="-L$lres $3 $4" - found=yes - AC_MSG_RESULT([headers $ires, libraries $lres]) - fi - fi - CFLAGS="$save_CFLAGS" - LIBS="$save_LIBS" -fi - -if test "$found" = yes; then - AC_DEFINE_UNQUOTED(rk_pkgname, 1, [Define if you have the $1 package.]) - with_$1=yes -else - with_$1=no - INCLUDE_$1= - LIB_$1= - AC_MSG_RESULT(no) -fi - -AC_SUBST(INCLUDE_$1) -AC_SUBST(LIB_$1) -]) diff --git a/crypto/heimdal/cf/valgrind-suppressions b/crypto/heimdal/cf/valgrind-suppressions deleted file mode 100644 index 1e32042f3c4..00000000000 --- a/crypto/heimdal/cf/valgrind-suppressions +++ /dev/null @@ -1,84 +0,0 @@ -# $Id: valgrind-suppressions 21182 2007-06-20 02:57:13Z lha $ -{ - linux db init brokenness - Memcheck:Param - pwrite64(buf) - fun:do_pwrite64 - fun:__os_io - fun:__memp_pgwrite - fun:__memp_fsync - fun:__bam_read_root - fun:__bam_open - fun:__db_dbopen - fun:__db_open - fun:DB_open -} -{ - linux strerror - Memcheck:Leak - fun:_vgrZU_libcZdsoZa_malloc - fun:rwlock_add_to_list - fun:rwlock_have_already - fun:pthread_rwlock_rdlock - fun:__dcigettext - fun:dcgettext - fun:strerror_r - fun:strerror -} -{ - linux db close brokenness - Memcheck:Param - pwrite64(buf) - fun:do_pwrite64 - fun:__os_io - fun:__memp_pgwrite - fun:__memp_fsync - fun:__db_sync - fun:__db_close - fun:DB_close -} -{ - GLIBC 2.1.2 getservbyname defect - Memcheck:Leak - fun:_vgrZU_libcZdsoZa_malloc - fun:strdup - obj:* - obj:* - fun:getservbyname_r@@GLIBC_2.1.2 - fun:getservbyname -} -{ - glibc getaddrinfo defect - Memcheck:Leak - fun:_vgrZU_libcZdsoZa_malloc - fun:__libc_res_nsend - fun:__libc_res_nquery - fun:__libc_res_nquerydomain - fun:__libc_res_nsearch - obj:* - fun:gaih_inet - fun:getaddrinfo -} -{ - glibc dlopen failure called from /bin/ls - Memcheck:Addr4 - obj:/lib/ld-2.3.6.so - obj:/lib/ld-2.3.6.so - obj:/lib/ld-2.3.6.so -} -{ - Unknown suppression in runtime link editor - Memcheck:Cond - obj:/lib/ld-2.5.so - obj:/lib/ld-2.5.so - obj:/lib/ld-2.5.so - obj:/lib/ld-2.5.so -} -{ - Unknown suppression in runtime link editor - Memcheck:Addr4 - obj:/lib/ld-2.5.so - obj:/lib/ld-2.5.so - obj:/lib/ld-2.5.so - obj:/lib/ld-2.5.so -} diff --git a/crypto/heimdal/cf/vararray.m4 b/crypto/heimdal/cf/vararray.m4 deleted file mode 100644 index 86f58d954f3..00000000000 --- a/crypto/heimdal/cf/vararray.m4 +++ /dev/null @@ -1,16 +0,0 @@ -dnl -dnl $Id: vararray.m4 14166 2004-08-26 12:35:42Z joda $ -dnl -dnl Test for variable size arrays. -dnl - -AC_DEFUN([rk_C_VARARRAY], [ - AC_CACHE_CHECK([if the compiler supports variable-length arrays],[rk_cv_c_vararray],[ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[int x = 0; { int y[x]; }]])], - [rk_cv_c_vararray=yes], - [rk_cv_c_vararray=no])]) - if test "$rk_cv_c_vararray" = yes; then - AC_DEFINE([HAVE_VARIABLE_LENGTH_ARRAY], [1], - [Define if your compiler supports variable-length arrays.]) - fi -]) diff --git a/crypto/heimdal/cf/version-script.m4 b/crypto/heimdal/cf/version-script.m4 deleted file mode 100644 index 342e5ac9cb1..00000000000 --- a/crypto/heimdal/cf/version-script.m4 +++ /dev/null @@ -1,40 +0,0 @@ -dnl check if ld supports --version-script -dnl -AC_DEFUN([rk_VERSIONSCRIPT],[ -AC_CACHE_CHECK(for ld --version-script, rk_cv_version_script,[ - rk_cv_version_script=no - - cat > conftest.map < conftest.c <. # # This program is free software; you can redistribute it and/or modify @@ -17,8 +18,7 @@ scriptversion=2005-05-14.22 # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -103,13 +103,13 @@ if test -z "$ofile" || test -z "$cfile"; then fi # Name of file we expect compiler to create. -cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'` +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. -# Note: use `[/.-]' here to ensure that we don't use the same name +# Note: use `[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. -lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break @@ -124,9 +124,9 @@ trap "rmdir '$lockdir'; exit 1" 1 2 15 ret=$? if test -f "$cofile"; then - mv "$cofile" "$ofile" + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" elif test -f "${cofile}bj"; then - mv "${cofile}bj" "$ofile" + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" fi rmdir "$lockdir" @@ -138,5 +138,6 @@ exit $ret # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/crypto/heimdal/config.guess b/crypto/heimdal/config.guess index 396482d6cb5..dc84c68ef79 100755 --- a/crypto/heimdal/config.guess +++ b/crypto/heimdal/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# Free Software Foundation, Inc. -timestamp='2006-07-02' +timestamp='2009-11-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ timestamp='2006-07-02' # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,8 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -161,6 +161,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -169,7 +170,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep __ELF__ >/dev/null + | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? @@ -323,14 +324,33 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -531,7 +551,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -639,7 +659,7 @@ EOF # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep __LP64__ >/dev/null + grep -q __LP64__ then HP_ARCH="hppa2.0w" else @@ -780,7 +800,7 @@ EOF i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) @@ -790,15 +810,24 @@ EOF i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[3456]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[3456]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we @@ -828,8 +857,29 @@ EOF i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -843,6 +893,17 @@ EOF frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -852,74 +913,33 @@ EOF m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - mips:Linux:*:*) + mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU - #undef mips - #undef mipsel + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mipsel + CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips + CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef mips64 - #undef mips64el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=mips64el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=mips64 - #else - CPU= - #endif - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + padre:Linux:*:*) + echo sparc-unknown-linux-gnu exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level @@ -929,8 +949,11 @@ EOF *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux @@ -950,69 +973,9 @@ EOF x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - a.out-i386-linux) - echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; - "") - # Either a pre-BFD a.out linker (linux-gnuoldld) or - # one that does not give us useful --help. - echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1041,7 +1004,7 @@ EOF i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) @@ -1085,8 +1048,11 @@ EOF pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1124,6 +1090,16 @@ EOF 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1136,7 +1112,7 @@ EOF rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) @@ -1199,6 +1175,9 @@ EOF BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1208,6 +1187,15 @@ EOF SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1217,6 +1205,16 @@ EOF *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} @@ -1298,6 +1296,9 @@ EOF i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1458,9 +1459,9 @@ This script, last modified $timestamp, has failed to recognize the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be diff --git a/crypto/heimdal/config.sub b/crypto/heimdal/config.sub index fab0aa35566..2a55a50751c 100755 --- a/crypto/heimdal/config.sub +++ b/crypto/heimdal/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# Free Software Foundation, Inc. -timestamp='2006-09-20' +timestamp='2009-11-20' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ timestamp='2006-09-20' # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,8 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -122,6 +125,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -148,10 +152,13 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; + -bluegene*) + os=-cnk + ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 @@ -245,17 +252,20 @@ case $basic_machine in | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ - | mips64vr | mips64vrel \ + | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,6 +278,7 @@ case $basic_machine in | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ | nios | nios2 \ @@ -276,20 +287,22 @@ case $basic_machine in | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -324,19 +337,22 @@ case $basic_machine in | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ + | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -357,21 +373,26 @@ case $basic_machine in | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. @@ -435,6 +456,10 @@ case $basic_machine in basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -443,10 +468,26 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -475,8 +516,8 @@ case $basic_machine in basic_machine=craynv-cray os=-unicosmp ;; - cr16c) - basic_machine=cr16c-unknown + cr16) + basic_machine=cr16-unknown os=-elf ;; crds | unos) @@ -514,6 +555,10 @@ case $basic_machine in basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -668,6 +713,14 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -679,10 +732,17 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -809,6 +869,14 @@ case $basic_machine in basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -925,6 +993,9 @@ case $basic_machine in basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1014,6 +1085,10 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; + tile*) + basic_machine=tile-unknown + os=-linux-gnu + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1089,6 +1164,10 @@ case $basic_machine in basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1127,7 +1206,7 @@ case $basic_machine in we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1177,6 +1256,9 @@ case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1197,10 +1279,11 @@ case $os in # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1209,7 +1292,7 @@ case $os in | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ @@ -1219,7 +1302,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1349,6 +1432,9 @@ case $os in -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; -none) ;; *) @@ -1414,6 +1500,9 @@ case $basic_machine in m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; @@ -1543,7 +1632,7 @@ case $basic_machine in -sunos*) vendor=sun ;; - -aix*) + -cnk*|-aix*) vendor=ibm ;; -beos*) diff --git a/crypto/heimdal/configure b/crypto/heimdal/configure index e905a351972..0e702352dfc 100755 --- a/crypto/heimdal/configure +++ b/crypto/heimdal/configure @@ -1,63 +1,86 @@ #! /bin/sh -# From configure.in Revision: 22513 . +# From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for Heimdal 1.1. +# Generated by GNU Autoconf 2.65 for Heimdal 1.5.1. # # Report bugs to . # +# # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# +# # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. -## --------------------- ## -## M4sh Initialization. ## -## --------------------- ## +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; esac - fi - - -# PATH needs CR -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh -fi - -# Support unset when possible. -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - as_unset=unset -else - as_unset=false + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } fi @@ -66,20 +89,18 @@ fi # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) -as_nl=' -' IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. -case $0 in +case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -done + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done IFS=$as_save_IFS ;; @@ -90,32 +111,279 @@ if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then - echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - { (exit 1); exit 1; } + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 fi -# Work around bugs in pre-3.0 UWIN ksh. -for as_var in ENV MAIL MAILPATH -do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. -for as_var in \ - LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ - LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ - LC_TELEPHONE LC_TIME -do - if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then - eval $as_var=C; export $as_var - else - ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - fi -done +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 + + test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also + # works around shells that cannot unset nonexistent variables. + BASH_ENV=/dev/null + ENV=/dev/null + (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: heimdal-bugs@h5l.org about your system, including any +$0: error possibly output before this message. Then install +$0: a modern shell, or manually run the script under such a +$0: shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error ERROR [LINENO LOG_FD] +# --------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with status $?, using 1 if that was 0. +as_fn_error () +{ + as_status=$?; test $as_status -eq 0 && as_status=1 + if test "$3"; then + as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + fi + $as_echo "$as_me: error: $1" >&2 + as_fn_exit $as_status +} # as_fn_error -# Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr @@ -129,13 +397,17 @@ else as_basename=false fi +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi -# Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -echo X/"$0" | +$as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -150,294 +422,19 @@ echo X/"$0" | } s/.*/./; q'` -# CDPATH. -$as_unset CDPATH +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits -if test "x$CONFIG_SHELL" = x; then - if (eval ":") 2>/dev/null; then - as_have_required=yes -else - as_have_required=no -fi - - if test $as_have_required = yes && (eval ": -(as_func_return () { - (exit \$1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = \"\$1\" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test \$exitcode = 0) || { (exit 1); exit 1; } - -( - as_lineno_1=\$LINENO - as_lineno_2=\$LINENO - test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && - test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } -") 2> /dev/null; then - : -else - as_candidate_shells= - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - case $as_dir in - /*) - for as_base in sh bash ksh sh5; do - as_candidate_shells="$as_candidate_shells $as_dir/$as_base" - done;; - esac -done -IFS=$as_save_IFS - - - for as_shell in $as_candidate_shells $SHELL; do - # Try only shells that exist, to save several forks. - if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { ("$as_shell") 2> /dev/null <<\_ASEOF -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - -: -_ASEOF -}; then - CONFIG_SHELL=$as_shell - as_have_required=yes - if { "$as_shell" 2> /dev/null <<\_ASEOF -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - -: -(as_func_return () { - (exit $1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = "$1" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test $exitcode = 0) || { (exit 1); exit 1; } - -( - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } - -_ASEOF -}; then - break -fi - -fi - - done - - if test "x$CONFIG_SHELL" != x; then - for as_var in BASH_ENV ENV - do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - done - export CONFIG_SHELL - exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} -fi - - - if test $as_have_required = no; then - echo This script requires a shell more modern than all the - echo shells that I found on your system. Please install a - echo modern shell, or manually run the script under such a - echo shell if you do have one. - { (exit 1); exit 1; } -fi - - -fi - -fi - - - -(eval "as_func_return () { - (exit \$1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = \"\$1\" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test \$exitcode = 0") || { - echo No shell found that supports shell functions. - echo Please tell autoconf@gnu.org about your system, - echo including any error possibly output before this - echo message -} - - - - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { - - # Create $as_me.lineno as a copy of $as_myself, but with $LINENO - # uniformly replaced by the line number. The first 'sed' inserts a - # line-number line after each line using $LINENO; the second 'sed' - # does the real work. The second script uses 'N' to pair each - # line-number line with the line containing $LINENO, and appends - # trailing '-' during substitution so that $LINENO is not a special - # case at line end. - # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the - # scripts with optimization help from Paolo Bonzini. Blame Lee - # E. McMahon (1931-1989) for sed's syntax. :-) + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= @@ -454,8 +451,7 @@ test \$exitcode = 0") || { s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || - { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 - { (exit 1); exit 1; }; } + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the @@ -465,49 +461,40 @@ test \$exitcode = 0") || { exit } - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in +case `echo -n x` in #((((( -n*) - case `echo 'x\c'` in + case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. - *) ECHO_C='\c';; + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir - mkdir conf$$.dir + mkdir conf$$.dir 2>/dev/null fi -echo >conf$$.file -if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else as_ln_s='cp -p' -elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln + fi else as_ln_s='cp -p' fi @@ -515,7 +502,7 @@ rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then - as_mkdir_p=: + as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false @@ -532,12 +519,12 @@ else as_test_x=' eval sh -c '\'' if test -d "$1"; then - test -d "$1/."; + test -d "$1/."; else - case $1 in - -*)set "./$1";; + case $1 in #( + -*)set "./$1";; esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' @@ -550,163 +537,11 @@ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - - -# Check that we are running under the correct shell. SHELL=${CONFIG_SHELL-/bin/sh} -case X$ECHO in -X*--fallback-echo) - # Remove one level of quotation (which was required for Make). - ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','` - ;; -esac -echo=${ECHO-echo} -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then - # Yippee, $echo works! - : -else - # Restart under the correct shell. - exec $SHELL "$0" --no-reexec ${1+"$@"} -fi - -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat </dev/null 2>&1 && unset CDPATH - -if test -z "$ECHO"; then -if test "X${echo_test_string+set}" != Xset; then -# find a string as large as possible, as long as the shell can cope with it - for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do - # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... - if (echo_test_string=`eval $cmd`) 2>/dev/null && - echo_test_string=`eval $cmd` && - (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null - then - break - fi - done -fi - -if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - : -else - # The Solaris, AIX, and Digital Unix default echo programs unquote - # backslashes. This makes it impossible to quote backslashes using - # echo "$something" | sed 's/\\/\\\\/g' - # - # So, first we look for a working echo in the user's PATH. - - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for dir in $PATH /usr/ucb; do - IFS="$lt_save_ifs" - if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && - test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - echo="$dir/echo" - break - fi - done - IFS="$lt_save_ifs" - - if test "X$echo" = Xecho; then - # We didn't find a better echo, so look for alternatives. - if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # This shell has a builtin print -r that does the trick. - echo='print -r' - elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && - test "X$CONFIG_SHELL" != X/bin/ksh; then - # If we have ksh, try running configure again with it. - ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} - export ORIGINAL_CONFIG_SHELL - CONFIG_SHELL=/bin/ksh - export CONFIG_SHELL - exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"} - else - # Try using printf. - echo='printf %s\n' - if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # Cool, printf works - : - elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL - export CONFIG_SHELL - SHELL="$CONFIG_SHELL" - export SHELL - echo="$CONFIG_SHELL $0 --fallback-echo" - elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - echo="$CONFIG_SHELL $0 --fallback-echo" - else - # maybe with a smaller string... - prev=: - - for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do - if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null - then - break - fi - prev="$cmd" - done - - if test "$prev" != 'sed 50q "$0"'; then - echo_test_string=`eval $prev` - export echo_test_string - exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"} - else - # Oops. We lost completely, so just stick with echo. - echo=echo - fi - fi - fi - fi -fi -fi - -# Copy echo and quote the copy suitably for passing to libtool from -# the Makefile, instead of quoting the original, which is used later. -ECHO=$echo -if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then - ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo" -fi - - - - -tagnames=${tagnames+${tagnames},}CXX - -tagnames=${tagnames+${tagnames},}F77 - -exec 7<&0 &1 +test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, @@ -724,17 +559,16 @@ cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='Heimdal' PACKAGE_TARNAME='heimdal' -PACKAGE_VERSION='1.1' -PACKAGE_STRING='Heimdal 1.1' +PACKAGE_VERSION='1.5.1' +PACKAGE_STRING='Heimdal 1.5.1' PACKAGE_BUGREPORT='heimdal-bugs@h5l.org' +PACKAGE_URL='' ac_unique_file="kuser/kinit.c" -ac_default_prefix=/usr/heimdal # Factoring default headers for most tests. ac_includes_default="\ #include @@ -771,256 +605,380 @@ ac_includes_default="\ # include #endif" -ac_subst_vars='SHELL -PATH_SEPARATOR -PACKAGE_NAME -PACKAGE_TARNAME -PACKAGE_VERSION -PACKAGE_STRING -PACKAGE_BUGREPORT -exec_prefix -prefix -program_transform_name -bindir -sbindir -libexecdir -datarootdir -datadir -sysconfdir -sharedstatedir -localstatedir -includedir -oldincludedir -docdir -infodir -htmldir -dvidir -pdfdir -psdir -libdir -localedir -mandir -DEFS -ECHO_C -ECHO_N -ECHO_T -LIBS -build_alias -host_alias -target_alias -INSTALL_PROGRAM -INSTALL_SCRIPT -INSTALL_DATA -am__isrc -CYGPATH_W -PACKAGE -VERSION -ACLOCAL -AUTOCONF -AUTOMAKE -AUTOHEADER -MAKEINFO -install_sh -STRIP -INSTALL_STRIP_PROGRAM -mkdir_p -AWK -SET_MAKE -am__leading_dot -AMTAR -am__tar -am__untar -MAINTAINER_MODE_TRUE -MAINTAINER_MODE_FALSE -MAINT -CC -CFLAGS -LDFLAGS -CPPFLAGS -ac_ct_CC -EXEEXT -OBJEXT -CPP -build -build_cpu -build_vendor -build_os -host -host_cpu -host_vendor -host_os -CANONICAL_HOST -YACC -YFLAGS -LEX -LEX_OUTPUT_ROOT -LEXLIB -LN_S -GREP -EGREP -ECHO -AR -RANLIB -CXX -CXXFLAGS -ac_ct_CXX -CXXCPP -F77 -FFLAGS -ac_ct_F77 -LIBTOOL -ENABLE_SHARED_TRUE -ENABLE_SHARED_FALSE -VERSIONING -versionscript_TRUE -versionscript_FALSE -LDFLAGS_VERSION_SCRIPT -INCLUDE_openldap -LIB_openldap -OPENLDAP_MODULE_TRUE -OPENLDAP_MODULE_FALSE -PKINIT_TRUE -PKINIT_FALSE -DIR_hdbdir -INCLUDE_krb4 -LIB_krb4 -KRB4_TRUE -KRB4_FALSE -KRB5_TRUE -KRB5_FALSE -do_roken_rename_TRUE -do_roken_rename_FALSE -LIB_kdb -HAVE_OPENSSL_TRUE -HAVE_OPENSSL_FALSE -DIR_hcrypto -INCLUDE_hcrypto -LIB_hcrypto -LIB_hcrypto_a -LIB_hcrypto_so -LIB_hcrypto_appl -PTHREADS_CFLAGS -PTHREADS_LIBS -DCE_TRUE -DCE_FALSE -dpagaix_cflags -dpagaix_ldadd -dpagaix_ldflags -LIB_db_create -LIB_dbopen -LIB_dbm_firstkey -HAVE_DB1_TRUE -HAVE_DB1_FALSE -HAVE_DB3_TRUE -HAVE_DB3_FALSE -HAVE_NDBM_TRUE -HAVE_NDBM_FALSE -DBLIB -LIB_NDBM -WFLAGS -WFLAGS_NOUNUSED -WFLAGS_NOIMPLICITINT -VOID_RETSIGTYPE -have_err_h_TRUE -have_err_h_FALSE -have_ifaddrs_h_TRUE -have_ifaddrs_h_FALSE -have_vis_h_TRUE -have_vis_h_FALSE -LIB_socket -LIB_gethostbyname -LIB_syslog -LIB_gethostbyname2 -LIB_res_search -LIB_res_nsearch -LIB_res_ndestroy -LIB_dn_expand -LIBOBJS -have_glob_h_TRUE -have_glob_h_FALSE -have_cgetent_TRUE -have_cgetent_FALSE -LIB_getsockopt -LIB_setsockopt -LIB_hstrerror -LIB_bswap16 -LIB_bswap32 -LIB_pidfile -LIB_getaddrinfo -LIB_getnameinfo -LIB_freeaddrinfo -LIB_gai_strerror -have_fnmatch_h_TRUE -have_fnmatch_h_FALSE -LIB_crypt -have_socket_wrapper_TRUE -have_socket_wrapper_FALSE -DIR_roken -LIB_roken -INCLUDES_roken -LIBADD_roken -LIB_otp -OTP_TRUE -OTP_FALSE -LIB_security -NROFF -GROFF -CATMAN -CATMAN_TRUE -CATMAN_FALSE -CATMANEXT -INCLUDE_readline -LIB_readline -INCLUDE_hesiod -LIB_hesiod -AIX_TRUE -AIX_FALSE -AIX4_TRUE -AIX4_FALSE -LIB_dlopen -HAVE_DLOPEN_TRUE -HAVE_DLOPEN_FALSE -LIB_loadquery -AIX_DYNAMIC_AFS_TRUE -AIX_DYNAMIC_AFS_FALSE -AIX_EXTRA_KAFS -IRIX_TRUE -IRIX_FALSE -XMKMF -X_CFLAGS -X_PRE_LIBS -X_LIBS -X_EXTRA_LIBS -HAVE_X_TRUE -HAVE_X_FALSE -LIB_XauWriteAuth -LIB_XauReadAuth -LIB_XauFileName -NEED_WRITEAUTH_TRUE -NEED_WRITEAUTH_FALSE -LIB_logwtmp -LIB_logout -LIB_openpty -LIB_tgetent -LIB_getpwnam_r -LIB_door_create -KCM_TRUE -KCM_FALSE -FRAMEWORK_SECURITY_TRUE -FRAMEWORK_SECURITY_FALSE -LIB_el_init -el_compat_TRUE -el_compat_FALSE -COMPILE_ET -COM_ERR_TRUE -COM_ERR_FALSE -DIR_com_err -LIB_com_err -LIB_com_err_a -LIB_com_err_so +ac_default_prefix=/usr/heimdal +ac_header_list= +enable_option_checking=no +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +HEIMDAL_DOCUMENTATION_FALSE +HEIMDAL_DOCUMENTATION_TRUE LIB_AUTH_SUBDIRS -LTLIBOBJS' +LIB_com_err_so +LIB_com_err_a +LIB_com_err +DIR_com_err +COM_ERR_FALSE +COM_ERR_TRUE +COMPILE_ET +LIBEDIT_FALSE +LIBEDIT_TRUE +FRAMEWORK_SECURITY_FALSE +FRAMEWORK_SECURITY_TRUE +KCM_FALSE +KCM_TRUE +LIB_door_create +LIB_getpwnam_r +LIB_tgetent +LIB_openpty +LIB_logout +LIB_logwtmp +NEED_WRITEAUTH_FALSE +NEED_WRITEAUTH_TRUE +LIB_XauFileName +LIB_XauReadAuth +LIB_XauWriteAuth +HAVE_X_FALSE +HAVE_X_TRUE +X_EXTRA_LIBS +X_LIBS +X_PRE_LIBS +X_CFLAGS +XMKMF +LIB_hesiod +INCLUDE_hesiod +subdirs +LIB_libedit +INCLUDE_libedit +LIB_readline +INCLUDE_readline +CATMANEXT +CATMAN_FALSE +CATMAN_TRUE +CATMAN +GROFF +NROFF +LIB_security +have_gcd_FALSE +have_gcd_TRUE +LIB_dispatch_async_f +OTP_FALSE +OTP_TRUE +LIB_otp +LIBADD_roken +INCLUDES_roken +LIB_roken +DIR_roken +have_socket_wrapper_FALSE +have_socket_wrapper_TRUE +LIB_crypt +have_fnmatch_h_FALSE +have_fnmatch_h_TRUE +LIB_gai_strerror +LIB_freeaddrinfo +LIB_getnameinfo +LIB_getaddrinfo +LIB_pidfile +LIB_bswap32 +LIB_bswap16 +LIB_hstrerror +LIB_setsockopt +LIB_getsockopt +have_cgetent_FALSE +have_cgetent_TRUE +have_glob_h_FALSE +have_glob_h_TRUE +LIBOBJS +LIB_dn_expand +LIB_dns_search +LIB_res_ndestroy +LIB_res_nsearch +LIB_res_search +LIB_gethostbyname2 +LIB_syslog +LIB_gethostbyname +LIB_socket +have_vis_h_FALSE +have_vis_h_TRUE +have_search_h_FALSE +have_search_h_TRUE +have_ifaddrs_h_FALSE +have_ifaddrs_h_TRUE +have_err_h_FALSE +have_err_h_TRUE +WFLAGS_NOIMPLICITINT +WFLAGS_NOUNUSED +WFLAGS +LIB_NDBM +DBLIB +HAVE_DBHEADER_FALSE +HAVE_DBHEADER_TRUE +HAVE_NDBM_FALSE +HAVE_NDBM_TRUE +HAVE_DB3_FALSE +HAVE_DB3_TRUE +HAVE_DB1_FALSE +HAVE_DB1_TRUE +LIB_dbm_firstkey +LIB_dbopen +LIB_db_create +DBHEADER +NO_AFS +dpagaix_ldflags +dpagaix_ldadd +dpagaix_cflags +DCE_FALSE +DCE_TRUE +PTHREAD_LIBADD +PTHREAD_LDADD +PTHREAD_CFLAGS +LIB_hcrypto_appl +LIB_hcrypto_so +LIB_hcrypto_a +LIB_hcrypto +INCLUDE_hcrypto +DIR_hcrypto +HAVE_OPENSSL_FALSE +HAVE_OPENSSL_TRUE +LIB_kdb +do_roken_rename_FALSE +do_roken_rename_TRUE +KRB5_FALSE +KRB5_TRUE +KRB4_FALSE +KRB4_TRUE +LIB_krb4 +INCLUDE_krb4 +DIR_hdbdir +LIB_libintl +INCLUDE_libintl +have_scc_FALSE +have_scc_TRUE +SQLITE3_FALSE +SQLITE3_TRUE +LIB_sqlite3 +INCLUDE_sqlite3 +HAVE_CAPNG_FALSE +HAVE_CAPNG_TRUE +CAPNG_LIBS +CAPNG_CFLAGS +PKG_CONFIG +PKINIT_FALSE +PKINIT_TRUE +OPENLDAP_MODULE_FALSE +OPENLDAP_MODULE_TRUE +LIB_openldap +INCLUDE_openldap +SLC_DEP +SLC +ASN1_COMPILE_DEP +ASN1_COMPILE +CROSS_COMPILE_FALSE +CROSS_COMPILE_TRUE +LDFLAGS_VERSION_SCRIPT +versionscript_FALSE +versionscript_TRUE +VERSIONING +ENABLE_SHARED_FALSE +ENABLE_SHARED_TRUE +LEXLIB +LEX_OUTPUT_ROOT +LEX +YFLAGS +YACC +IRIX_FALSE +IRIX_TRUE +AIX_EXTRA_KAFS +AIX_DYNAMIC_AFS_FALSE +AIX_DYNAMIC_AFS_TRUE +LIB_loadquery +HAVE_DLOPEN_FALSE +HAVE_DLOPEN_TRUE +LIB_dlopen +AIX4_FALSE +AIX4_TRUE +AIX_FALSE +AIX_TRUE +CANONICAL_HOST +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +MANIFEST_TOOL +RANLIB +ac_ct_AR +AR +DLLTOOL +OBJDUMP +LN_S +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +EGREP +GREP +SED +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +LIBTOOL +CPP +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +MAINT +MAINTAINER_MODE_FALSE +MAINTAINER_MODE_TRUE +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_maintainer_mode +enable_dependency_tracking +enable_shared +enable_static +with_pic +enable_fast_install +with_gnu_ld +with_sysroot +enable_libtool_lock +enable_largefile +enable_dynamic_afs +with_mips_abi +with_cross_tools +with_openldap +with_openldap_lib +with_openldap_include +with_openldap_config +enable_hdb_openldap_module +enable_pk_init +enable_digest +enable_kx509 +with_capng +with_sqlite3 +with_sqlite3_lib +with_sqlite3_include +with_sqlite3_config +enable_sqlite_cache +with_libintl +with_libintl_lib +with_libintl_include +with_libintl_config +with_hdbdir +with_openssl +with_openssl_lib +with_openssl_include +enable_pthread_support +enable_dce +enable_afs_support +with_berkeley_db +with_berkeley_db_include +enable_ndbm_db +enable_developer +with_ipv6 +enable_socket_wrapper +enable_otp +enable_osfc2 +enable_mmap +enable_afs_string_to_key +with_readline +with_readline_lib +with_readline_include +with_readline_config +with_libedit +with_libedit_lib +with_libedit_include +with_libedit_config +with_hesiod +with_hesiod_lib +with_hesiod_include +with_hesiod_config +enable_bigendian +enable_littleendian +with_x +enable_kcm +enable_heimdal_documentation +' ac_precious_vars='build_alias host_alias target_alias @@ -1032,18 +990,17 @@ CPPFLAGS CPP YACC YFLAGS -CXX -CXXFLAGS -CCC -CXXCPP -F77 -FFLAGS +PKG_CONFIG +CAPNG_CFLAGS +CAPNG_LIBS XMKMF' - +ac_subdirs_all='lib/libedit' # Initialize some variables set by options. ac_init_help= ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null @@ -1142,13 +1099,20 @@ do datarootdir=$ac_optarg ;; -disable-* | --disable-*) - ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. - expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid feature name: $ac_feature" >&2 - { (exit 1); exit 1; }; } - ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` - eval enable_$ac_feature=no ;; + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; @@ -1161,13 +1125,20 @@ do dvidir=$ac_optarg ;; -enable-* | --enable-*) - ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. - expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid feature name: $ac_feature" >&2 - { (exit 1); exit 1; }; } - ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` - eval enable_$ac_feature=\$ac_optarg ;; + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ @@ -1358,22 +1329,36 @@ do ac_init_version=: ;; -with-* | --with-*) - ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. - expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid package name: $ac_package" >&2 - { (exit 1); exit 1; }; } - ac_package=`echo $ac_package | sed 's/[-.]/_/g'` - eval with_$ac_package=\$ac_optarg ;; + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) - ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. - expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid package name: $ac_package" >&2 - { (exit 1); exit 1; }; } - ac_package=`echo $ac_package | sed 's/[-.]/_/g'` - eval with_$ac_package=no ;; + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. @@ -1393,25 +1378,25 @@ do | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) { echo "$as_me: error: unrecognized option: $ac_option -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; } + -*) as_fn_error "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information." ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. - expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 - { (exit 1); exit 1; }; } + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error "invalid variable name: \`$ac_envvar'" ;; + esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. - echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; @@ -1420,23 +1405,36 @@ done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - { echo "$as_me: error: missing argument to $ac_option" >&2 - { (exit 1); exit 1; }; } + as_fn_error "missing argument to $ac_option" fi -# Be sure to have absolute directory names. +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 - { (exit 1); exit 1; }; } + as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -1450,7 +1448,7 @@ target=$target_alias if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes @@ -1466,23 +1464,21 @@ test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - { echo "$as_me: error: Working directory cannot be determined" >&2 - { (exit 1); exit 1; }; } + as_fn_error "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - { echo "$as_me: error: pwd does not report name of working directory" >&2 - { (exit 1); exit 1; }; } + as_fn_error "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. - ac_confdir=`$as_dirname -- "$0" || -$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$0" : 'X\(//\)[^/]' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -echo X"$0" | + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -1509,13 +1505,11 @@ else fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 - { (exit 1); exit 1; }; } + as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2 - { (exit 1); exit 1; }; } + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1541,7 +1535,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Heimdal 1.1 to adapt to many kinds of systems. +\`configure' configures Heimdal 1.5.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1563,9 +1557,9 @@ Configuration: Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] + [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [PREFIX] + [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify @@ -1575,25 +1569,25 @@ for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] - --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] - --datadir=DIR read-only architecture-independent data [DATAROOTDIR] - --infodir=DIR info documentation [DATAROOTDIR/info] - --localedir=DIR locale-dependent data [DATAROOTDIR/locale] - --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root [DATAROOTDIR/doc/heimdal] - --htmldir=DIR html documentation [DOCDIR] - --dvidir=DIR dvi documentation [DOCDIR] - --pdfdir=DIR pdf documentation [DOCDIR] - --psdir=DIR ps documentation [DOCDIR] + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/heimdal] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF @@ -1615,30 +1609,36 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Heimdal 1.1:";; + short | recursive ) echo "Configuration of Heimdal 1.5.1:";; esac cat <<\_ACEOF Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer - --disable-largefile omit support for large files + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) + --disable-largefile omit support for large files + --disable-dynamic-afs do not use loaded AFS library with AIX --enable-hdb-openldap-module if you want support to build openldap hdb as shared object --disable-pk-init if you want disable to PK-INIT support + --disable-digest if you want disable to DIGEST support + --disable-kx509 if you want disable to kx509 support + --disable-sqlite-cache if you want support for cache in sqlite --enable-pthread-support if you want thread safe libraries --enable-dce if you want support for DCE/DFS PAG's --disable-afs-support if you don't want support for AFS - --disable-berkeley-db if you don't want berkeley db --disable-ndbm-db if you don't want ndbm db --enable-developer enable developer warnings --enable-socket-wrapper use sambas socket-wrapper for testing @@ -1649,30 +1649,48 @@ Optional Features: disable use of weak AFS string-to-key functions --enable-bigendian the target is big endian --enable-littleendian the target is little endian - --disable-dynamic-afs do not use loaded AFS library with AIX - --enable-netinfo enable netinfo for configuration lookup --enable-kcm enable Kerberos Credentials Manager + --disable-heimdal-documentation + if you want disable to heimdal documentation Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64) - --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-pic try to use only PIC/non-PIC objects [default=use both] - --with-tags[=TAGS] include additional configurations [automatic] + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot=DIR Search for dependent libraries within DIR + (or the compiler's sysroot if not specified). + --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64) + --with-cross-tools=dir use cross tools in dir --with-openldap=dir use openldap in dir --with-openldap-lib=dir use openldap libraries in dir --with-openldap-include=dir use openldap headers in dir --with-openldap-config=path config program for openldap + --with-capng use libcap-ng to drop KDC privileges [default=check] + --with-sqlite3=dir use sqlite3 in dir + --with-sqlite3-lib=dir use sqlite3 libraries in dir + --with-sqlite3-include=dir + use sqlite3 headers in dir + --with-sqlite3-config=path + config program for sqlite3 + --with-libintl=dir use libintl in dir + --with-libintl-lib=dir use libintl libraries in dir + --with-libintl-include=dir + use libintl headers in dir + --with-libintl-config=path + config program for libintl --with-hdbdir Default location for KDC database [default=/var/heimdal] --with-openssl=dir use openssl in dir --with-openssl-lib=dir use openssl libraries in dir --with-openssl-include=dir use openssl headers in dir + --with-berkeley-db enable support for berkeley db [default=check] + --with-berkeley-db-include=dir + use berkeley-db headers in dir --without-ipv6 do not enable IPv6 support --with-readline=dir use readline in dir --with-readline-lib=dir use readline libraries in dir @@ -1680,6 +1698,12 @@ Optional Packages: use readline headers in dir --with-readline-config=path config program for readline + --with-libedit=dir use libedit in dir + --with-libedit-lib=dir use libedit libraries in dir + --with-libedit-include=dir + use libedit headers in dir + --with-libedit-config=path + config program for libedit --with-hesiod=dir use hesiod in dir --with-hesiod-lib=dir use hesiod libraries in dir --with-hesiod-include=dir @@ -1694,7 +1718,7 @@ Some influential environment variables: LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l - CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor YACC The `Yet Another C Compiler' implementation to use. Defaults to @@ -1702,11 +1726,10 @@ Some influential environment variables: YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. - CXX C++ compiler command - CXXFLAGS C++ compiler flags - CXXCPP C++ preprocessor - F77 Fortran 77 compiler command - FFLAGS Fortran 77 compiler flags + PKG_CONFIG path to pkg-config utility + CAPNG_CFLAGS + C compiler flags for CAPNG, overriding pkg-config + CAPNG_LIBS linker flags for CAPNG, overriding pkg-config XMKMF Path to xmkmf, Makefile generator for X Window System Use these variables to override the choices made by `configure' or to help @@ -1720,15 +1743,17 @@ fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue - test -d "$ac_dir" || continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -1764,7 +1789,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix echo && $SHELL "$ac_srcdir/configure" --help=recursive else - echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done @@ -1773,22 +1798,462 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Heimdal configure 1.1 -generated by GNU Autoconf 2.61 +Heimdal configure 1.5.1 +generated by GNU Autoconf 2.65 -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +Copyright (C) 2009 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_func + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( cat <<\_ASBOX +## ----------------------------------- ## +## Report this to heimdal-bugs@h5l.org ## +## ----------------------------------- ## +_ASBOX + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_type + +# ac_fn_c_check_header_preproc LINENO HEADER VAR +# ---------------------------------------------- +# Tests whether HEADER is present, setting the cache variable VAR accordingly. +ac_fn_c_check_header_preproc () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f conftest.err conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_preproc cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Heimdal $as_me 1.1, which was -generated by GNU Autoconf 2.61. Invocation command line was +It was created by Heimdal $as_me 1.5.1, which was +generated by GNU Autoconf 2.65. Invocation command line was $ $0 $@ @@ -1824,8 +2289,8 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - echo "PATH: $as_dir" -done + $as_echo "PATH: $as_dir" + done IFS=$as_save_IFS } >&5 @@ -1859,12 +2324,12 @@ do | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) - ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in - 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) - ac_configure_args1="$ac_configure_args1 '$ac_arg'" + as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else @@ -1880,13 +2345,13 @@ do -* ) ac_must_keep_next=true ;; esac fi - ac_configure_args="$ac_configure_args '$ac_arg'" + as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done -$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } -$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there @@ -1911,12 +2376,13 @@ _ASBOX case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 -echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( - *) $as_unset $ac_var ;; + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done @@ -1945,9 +2411,9 @@ _ASBOX do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - echo "$ac_var='\''$ac_val'\''" + $as_echo "$ac_var='\''$ac_val'\''" done | sort echo @@ -1962,9 +2428,9 @@ _ASBOX do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - echo "$ac_var='\''$ac_val'\''" + $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi @@ -1980,86 +2446,94 @@ _ASBOX echo fi test "$ac_signal" != 0 && - echo "$as_me: caught signal $ac_signal" - echo "$as_me: exit $exit_status" + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do - trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h +$as_echo "/* confdefs.h */" > confdefs.h + # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + # Let the site file select an alternate cache file if it wants to. -# Prefer explicitly selected file to automatically selected ones. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - set x "$CONFIG_SITE" + ac_site_file1=$CONFIG_SITE elif test "x$prefix" != xNONE; then - set x "$prefix/share/config.site" "$prefix/etc/config.site" + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site else - set x "$ac_default_prefix/share/config.site" \ - "$ac_default_prefix/etc/config.site" + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site fi -shift -for ac_site_file +for ac_site_file in "$ac_site_file1" "$ac_site_file2" do - if test -r "$ac_site_file"; then - { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 -echo "$as_me: loading site script $ac_site_file" >&6;} + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special - # files actually), so we avoid doing that. - if test -f "$cache_file"; then - { echo "$as_me:$LINENO: loading cache $cache_file" >&5 -echo "$as_me: loading cache $cache_file" >&6;} + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else - { echo "$as_me:$LINENO: creating cache $cache_file" >&5 -echo "$as_me: creating cache $cache_file" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi +as_fn_append ac_header_list " stdlib.h" +as_fn_append ac_header_list " unistd.h" +as_fn_append ac_header_list " sys/param.h" # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false @@ -2070,68 +2544,56 @@ for ac_var in $ac_precious_vars; do eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 -echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then - { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 -echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} - { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 -echo "$as_me: former value: $ac_old_val" >&2;} - { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 -echo "$as_me: current value: $ac_new_val" >&2;} - ac_cache_corrupted=: + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in - *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. - *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then - { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 -echo "$as_me: error: changes in the environment can compromise the build" >&2;} - { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 -echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} - { (exit 1); exit 1; }; } + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi - - - - - - - - - - - - - - - - - - - - - - - - +## -------------------- ## +## Main body of script. ## +## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -2144,28 +2606,21 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers include/config.h" -am__api_version='1.10' + +am__api_version='1.11' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi + for ac_t in install-sh install.sh shtool; do + if test -f "$ac_dir/$ac_t"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/$ac_t -c" + break 2 + fi + done done if test -z "$ac_aux_dir"; then - { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 -echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -2190,22 +2645,23 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. -{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 -echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then -if test "${ac_cv_path_install+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +if test "${ac_cv_path_install+set}" = set; then : + $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in - ./ | .// | /cC/* | \ + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. @@ -2223,17 +2679,29 @@ case $as_dir/ in # program-specific install script used by HP pwplus--don't use. : else - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi fi fi done done ;; esac -done + + done IFS=$as_save_IFS +rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then @@ -2246,8 +2714,8 @@ fi INSTALL=$ac_install_sh fi fi -{ echo "$as_me:$LINENO: result: $INSTALL" >&5 -echo "${ECHO_T}$INSTALL" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. @@ -2257,21 +2725,34 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' -{ echo "$as_me:$LINENO: checking whether build environment is sane" >&5 -echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } # Just in case sleep 1 echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; +esac + # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. - set X `ls -t $srcdir/configure conftest.file` + set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ @@ -2281,11 +2762,8 @@ if ( # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". - { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken -alias in your environment" >&5 -echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken -alias in your environment" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "ls -t appears to fail. Make sure there is not a broken +alias in your environment" "$LINENO" 5 fi test "$2" = conftest.file @@ -2294,52 +2772,162 @@ then # Ok. : else - { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! -Check your system clock" >&5 -echo "$as_me: error: newly created file is older than distributed files! -Check your system clock" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 fi -{ echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" -# Double any \ or $. echo might interpret backslashes. +# Double any \ or $. # By default was `s,x,x', remove it if useless. -cat <<\_ACEOF >conftest.sed -s/[\\$]/&&/g;s/;s,x,x,$// -_ACEOF -program_transform_name=`echo $program_transform_name | sed -f conftest.sed` -rm -f conftest.sed +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` -test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= - { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 -echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi -{ echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5 -echo $ECHO_N "checking for a thread-safe mkdir -p... $ECHO_C" >&6; } +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then - if test "${ac_cv_path_mkdir+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + if test "${ac_cv_path_mkdir+set}" = set; then : + $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in mkdir gmkdir; do + for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( @@ -2351,11 +2939,12 @@ do esac done done -done + done IFS=$as_save_IFS fi + test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else @@ -2363,12 +2952,11 @@ fi # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. - test -d ./--version && rmdir ./--version MKDIR_P="$ac_install_sh -d" fi fi -{ echo "$as_me:$LINENO: result: $MKDIR_P" >&5 -echo "${ECHO_T}$MKDIR_P" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } mkdir_p="$MKDIR_P" case $mkdir_p in @@ -2380,10 +2968,10 @@ for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_AWK+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_AWK+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. @@ -2393,36 +2981,37 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { echo "$as_me:$LINENO: result: $AWK" >&5 -echo "${ECHO_T}$AWK" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi test -n "$AWK" && break done -{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 -echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; } -set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh @@ -2439,12 +3028,12 @@ esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } SET_MAKE= else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi @@ -2463,9 +3052,7 @@ if test "`cd $srcdir && pwd`" != "`pwd`"; then am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then - { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 -echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi @@ -2481,7 +3068,7 @@ fi # Define the identity of the package. PACKAGE='heimdal' - VERSION='1.1' + VERSION='1.5.1' cat >>confdefs.h <<_ACEOF @@ -2509,112 +3096,6 @@ AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} -install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"} - -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right -# tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -if test "$cross_compiling" != no; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_STRIP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { echo "$as_me:$LINENO: result: $STRIP" >&5 -echo "${ECHO_T}$STRIP" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_STRIP="strip" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 -echo "${ECHO_T}$ac_ct_STRIP" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_STRIP" = x; then - STRIP=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi -else - STRIP="$ac_cv_prog_STRIP" -fi - -fi -INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" - # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. @@ -2627,17 +3108,18 @@ am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' -{ echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5 -echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 +$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } # Check whether --enable-maintainer-mode was given. -if test "${enable_maintainer_mode+set}" = set; then +if test "${enable_maintainer_mode+set}" = set; then : enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval else USE_MAINTAINER_MODE=no fi - { echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5 -echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 +$as_echo "$USE_MAINTAINER_MODE" >&6; } if test $USE_MAINTAINER_MODE = yes; then MAINTAINER_MODE_TRUE= MAINTAINER_MODE_FALSE='#' @@ -2658,10 +3140,10 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. @@ -2671,25 +3153,25 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -2698,10 +3180,10 @@ if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. @@ -2711,25 +3193,25 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 -echo "${ECHO_T}$ac_ct_CC" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then @@ -2737,12 +3219,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC @@ -2755,10 +3233,10 @@ if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. @@ -2768,25 +3246,25 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -2795,10 +3273,10 @@ fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. @@ -2809,18 +3287,18 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then @@ -2839,11 +3317,11 @@ fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -2854,10 +3332,10 @@ if test -z "$CC"; then do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. @@ -2867,25 +3345,25 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -2898,10 +3376,10 @@ if test -z "$CC"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. @@ -2911,25 +3389,25 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 -echo "${ECHO_T}$ac_ct_CC" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -2941,12 +3419,8 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC @@ -2956,51 +3430,37 @@ fi fi -test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH -See \`config.log' for more details." >&5 -echo "$as_me: error: no acceptable C compiler found in \$PATH -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "no acceptable C compiler found in \$PATH +See \`config.log' for more details." "$LINENO" 5; } # Provide some information about the compiler. -echo "$as_me:$LINENO: checking for C compiler version" >&5 -ac_compiler=`set X $ac_compile; echo $2` -{ (ac_try="$ac_compiler --version >&5" +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler --version >&5") 2>&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -v >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -v >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -V >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -V >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3012,42 +3472,38 @@ main () } _ACEOF ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.exe b.out" +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 -echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; } -ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` -# -# List of possible output files, starting from the most likely. -# The algorithm is not robust to junk in `.', hence go to wildcards (a.*) -# only as a last resort. b.out is created by i960 compilers. -ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out' -# -# The IRIX 6 linker writes into existing files which may not be -# executable, retaining their permissions. Remove them first so a -# subsequent execution test works. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + ac_rmfiles= for ac_file in $ac_files do case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles -if { (ac_try="$ac_link_default" +if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, @@ -3057,14 +3513,14 @@ for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi @@ -3083,78 +3539,42 @@ test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi - -{ echo "$as_me:$LINENO: result: $ac_file" >&5 -echo "${ECHO_T}$ac_file" >&6; } -if test -z "$ac_file"; then - echo "$as_me: failed program was:" >&5 +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { echo "$as_me:$LINENO: error: C compiler cannot create executables -See \`config.log' for more details." >&5 -echo "$as_me: error: C compiler cannot create executables -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ as_fn_set_status 77 +as_fn_error "C compiler cannot create executables +See \`config.log' for more details." "$LINENO" 5; }; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } fi - +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5 -echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; } -# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 -# If not cross compiling, check that we can run a simple program. -if test "$cross_compiling" != yes; then - if { ac_try='./$ac_file' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { echo "$as_me:$LINENO: error: cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } - fi - fi -fi -{ echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -rm -f a.out a.exe conftest$ac_cv_exeext b.out +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 -echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; } -{ echo "$as_me:$LINENO: result: $cross_compiling" >&5 -echo "${ECHO_T}$cross_compiling" >&6; } - -{ echo "$as_me:$LINENO: checking for suffix of executables" >&5 -echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; } -if { (ac_try="$ac_link" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with @@ -3162,37 +3582,90 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else - { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." "$LINENO" 5; } fi - -rm -f conftest$ac_cv_exeext -{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 -echo "${ECHO_T}$ac_cv_exeext" >&6; } +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT -{ echo "$as_me:$LINENO: checking for suffix of object files" >&5 -echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; } -if test "${ac_cv_objext+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if test "${ac_cv_objext+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3204,51 +3677,46 @@ main () } _ACEOF rm -f conftest.o conftest.obj -if { (ac_try="$ac_compile" +if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;; + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else - echo "$as_me: failed program was:" >&5 + $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute suffix of object files: cannot compile -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "cannot compute suffix of object files: cannot compile +See \`config.log' for more details." "$LINENO" 5; } fi - rm -f conftest.$ac_cv_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 -echo "${ECHO_T}$ac_cv_objext" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT -{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 -echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } -if test "${ac_cv_c_compiler_gnu+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3262,54 +3730,34 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_compiler_gnu=no + ac_compiler_gnu=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 -echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } -GCC=`test $ac_compiler_gnu = yes && echo yes` +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS -{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 -echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } -if test "${ac_cv_prog_cc_g+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3320,34 +3768,11 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - CFLAGS="" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3358,35 +3783,12 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_compile "$LINENO"; then : - ac_c_werror_flag=$ac_save_c_werror_flag +else + ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3397,42 +3799,18 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 -echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then @@ -3448,18 +3826,14 @@ else CFLAGS= fi fi -{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 -echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } -if test "${ac_cv_prog_cc_c89+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -3516,31 +3890,9 @@ for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then + if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done @@ -3551,41 +3903,228 @@ fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) - { echo "$as_me:$LINENO: result: none needed" >&5 -echo "${ECHO_T}none needed" >&6; } ;; + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; xno) - { echo "$as_me:$LINENO: result: unsupported" >&5 -echo "${ECHO_T}unsupported" >&6; } ;; + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" - { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 -echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac +if test "x$ac_cv_prog_cc_c89" != xno; then : +fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + if test "x$CC" != xcc; then - { echo "$as_me:$LINENO: checking whether $CC and cc understand -c and -o together" >&5 -echo $ECHO_N "checking whether $CC and cc understand -c and -o together... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 +$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } else - { echo "$as_me:$LINENO: checking whether cc understands -c and -o together" >&5 -echo $ECHO_N "checking whether cc understands -c and -o together... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 +$as_echo_n "checking whether cc understands -c and -o together... " >&6; } fi -set dummy $CC; ac_cc=`echo $2 | +set dummy $CC; ac_cc=`$as_echo "$2" | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` -if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3601,58 +4140,63 @@ _ACEOF # existing .o file with -o, though they will create one. ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* -if { (case "(($ac_try" in +if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - test -f conftest2.$ac_objext && { (case "(($ac_try" in + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && + test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then eval ac_cv_prog_cc_${ac_cc}_c_o=yes if test "x$CC" != xcc; then # Test first that cc exists at all. if { ac_try='cc -c conftest.$ac_ext >&5' - { (case "(($ac_try" in + { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* - if { (case "(($ac_try" in + if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - test -f conftest2.$ac_objext && { (case "(($ac_try" in + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && + test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then # cc works too. : @@ -3669,23 +4213,22 @@ rm -f core conftest* fi if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } -cat >>confdefs.h <<\_ACEOF -#define NO_MINUS_C_MINUS_O 1 -_ACEOF +$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h fi # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC -ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` -if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then +am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` +eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o +if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. @@ -3700,15 +4243,15 @@ ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 -echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then - if test "${ac_cv_prog_CPP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + if test "${ac_cv_prog_CPP+set}" = set; then : + $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" @@ -3722,11 +4265,7 @@ do # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include @@ -3735,76 +4274,34 @@ cat >>conftest.$ac_ext <<_ACEOF #endif Syntax error _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_cpp "$LINENO"; then : +else # Broken: fails on valid input. continue fi - rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then +if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - # Passes both tests. ac_preproc_ok=: break fi - rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then +if $ac_preproc_ok; then : break fi @@ -3816,8 +4313,8 @@ fi else ac_cv_prog_CPP=$CPP fi -{ echo "$as_me:$LINENO: result: $CPP" >&5 -echo "${ECHO_T}$CPP" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do @@ -3827,11 +4324,7 @@ do # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include @@ -3840,83 +4333,40 @@ cat >>conftest.$ac_ext <<_ACEOF #endif Syntax error _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_cpp "$LINENO"; then : +else # Broken: fails on valid input. continue fi - rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then +if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - # Passes both tests. ac_preproc_ok=: break fi - rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - : +if $ac_preproc_ok; then : + else - { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&5 -echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." "$LINENO" 5; } fi ac_ext=c @@ -3925,43 +4375,54 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac -test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' -test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' +macro_version='2.4' +macro_revision='1.3293' + + + + + + + + + + + + + +ltmain="$ac_aux_dir/ltmain.sh" # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 -echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 -{ echo "$as_me:$LINENO: checking build system type" >&5 -echo $ECHO_N "checking build system type... $ECHO_C" >&6; } -if test "${ac_cv_build+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if test "${ac_cv_build+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && - { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 -echo "$as_me: error: cannot guess build type; you must specify one" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 -echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi -{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5 -echo "${ECHO_T}$ac_cv_build" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 -echo "$as_me: error: invalid value of canonical build" >&2;} - { (exit 1); exit 1; }; };; +*) as_fn_error "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -3977,28 +4438,24 @@ IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac -{ echo "$as_me:$LINENO: checking host system type" >&5 -echo $ECHO_N "checking host system type... $ECHO_C" >&6; } -if test "${ac_cv_host+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if test "${ac_cv_host+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 -echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi -{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5 -echo "${ECHO_T}$ac_cv_host" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 -echo "$as_me: error: invalid value of canonical host" >&2;} - { (exit 1); exit 1; }; };; +*) as_fn_error "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -4014,1126 +4471,191 @@ IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac -CANONICAL_HOST=$host +# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO - { echo "$as_me:$LINENO: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&5 -echo "$as_me: autobuild project... ${PACKAGE_NAME:-$PACKAGE}" >&6;} - { echo "$as_me:$LINENO: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&5 -echo "$as_me: autobuild revision... ${PACKAGE_VERSION:-$VERSION}" >&6;} - hostname=`hostname` - if test "$hostname"; then - { echo "$as_me:$LINENO: autobuild hostname... $hostname" >&5 -echo "$as_me: autobuild hostname... $hostname" >&6;} - fi - - date=`date +%Y%m%d-%H%M%S` - if test "$?" != 0; then - date=`date` - fi - if test "$date"; then - { echo "$as_me:$LINENO: autobuild timestamp... $date" >&5 -echo "$as_me: autobuild timestamp... $date" >&6;} - fi - - - -# Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then - enableval=$enable_largefile; +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +$as_echo_n "checking how to print strings... " >&6; } +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' fi -if test "$enable_largefile" != no; then - - { echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5 -echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6; } -if test "${ac_cv_sys_largefile_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () { - - ; - return 0; + $ECHO "" } -_ACEOF - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; + +case "$ECHO" in + printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +$as_echo "printf" >&6; } ;; + print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +$as_echo "print -r" >&6; } ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +$as_echo "cat" >&6; } ;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - break + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if test "${ac_cv_path_SED+set}" = set; then : + $as_echo_n "(cached) " >&6 else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext - CC="$CC -n32" - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_largefile_CC=' -n32'; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5 -echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi - - { echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6; } -if test "${ac_cv_sys_file_offset_bits+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_file_offset_bits=no; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#define _FILE_OFFSET_BITS 64 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_file_offset_bits=64; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown - break -done -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5 -echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF -;; -esac -rm -f conftest* - if test $ac_cv_sys_file_offset_bits = unknown; then - { echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5 -echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6; } -if test "${ac_cv_sys_large_files+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_large_files=no; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#define _LARGE_FILES 1 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_large_files=1; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5 -echo "${ECHO_T}$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF -;; -esac -rm -f conftest* - fi -fi - - -if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then - CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" -fi -if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then - CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits" -fi - - - -cat >>confdefs.h <<\_ACEOF -#define _GNU_SOURCE 1 -_ACEOF - - - - - -for ac_prog in 'bison -y' byacc -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_YACC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$YACC"; then - ac_cv_prog_YACC="$YACC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_YACC="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -YACC=$ac_cv_prog_YACC -if test -n "$YACC"; then - { echo "$as_me:$LINENO: result: $YACC" >&5 -echo "${ECHO_T}$YACC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$YACC" && break -done -test -n "$YACC" || YACC="yacc" - -for ac_prog in flex lex -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_LEX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$LEX"; then - ac_cv_prog_LEX="$LEX" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_LEX="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -LEX=$ac_cv_prog_LEX -if test -n "$LEX"; then - { echo "$as_me:$LINENO: result: $LEX" >&5 -echo "${ECHO_T}$LEX" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$LEX" && break -done -test -n "$LEX" || LEX=":" - -if test "x$LEX" != "x:"; then - cat >conftest.l <<_ACEOF -%% -a { ECHO; } -b { REJECT; } -c { yymore (); } -d { yyless (1); } -e { yyless (input () != 0); } -f { unput (yytext[0]); } -. { BEGIN INITIAL; } -%% -#ifdef YYTEXT_POINTER -extern char *yytext; -#endif -int -main (void) -{ - return ! yylex () + ! yywrap (); -} -_ACEOF -{ (ac_try="$LEX conftest.l" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$LEX conftest.l") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ echo "$as_me:$LINENO: checking lex output file root" >&5 -echo $ECHO_N "checking lex output file root... $ECHO_C" >&6; } -if test "${ac_cv_prog_lex_root+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if test -f lex.yy.c; then - ac_cv_prog_lex_root=lex.yy -elif test -f lexyy.c; then - ac_cv_prog_lex_root=lexyy -else - { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5 -echo "$as_me: error: cannot find output from $LEX; giving up" >&2;} - { (exit 1); exit 1; }; } -fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5 -echo "${ECHO_T}$ac_cv_prog_lex_root" >&6; } -LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root - -if test -z "${LEXLIB+set}"; then - { echo "$as_me:$LINENO: checking lex library" >&5 -echo $ECHO_N "checking lex library... $ECHO_C" >&6; } -if test "${ac_cv_lib_lex+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - ac_save_LIBS=$LIBS - ac_cv_lib_lex='none needed' - for ac_lib in '' -lfl -ll; do - LIBS="$ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -`cat $LEX_OUTPUT_ROOT.c` -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_lex=$ac_lib -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - test "$ac_cv_lib_lex" != 'none needed' && break - done - LIBS=$ac_save_LIBS - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_lex" >&5 -echo "${ECHO_T}$ac_cv_lib_lex" >&6; } - test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex -fi - - -{ echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5 -echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6; } -if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # POSIX says lex can declare yytext either as a pointer or an array; the -# default is implementation-dependent. Figure out which it is, since -# not all implementations provide the %pointer and %array declarations. -ac_cv_prog_lex_yytext_pointer=no -ac_save_LIBS=$LIBS -LIBS="$LEXLIB $ac_save_LIBS" -cat >conftest.$ac_ext <<_ACEOF -#define YYTEXT_POINTER 1 -`cat $LEX_OUTPUT_ROOT.c` -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_prog_lex_yytext_pointer=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_save_LIBS - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5 -echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6; } -if test $ac_cv_prog_lex_yytext_pointer = yes; then - -cat >>confdefs.h <<\_ACEOF -#define YYTEXT_POINTER 1 -_ACEOF - -fi -rm -f conftest.l $LEX_OUTPUT_ROOT.c - -fi -if test "$LEX" = :; then - LEX=${am_missing_run}flex -fi -for ac_prog in gawk mawk nawk awk -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_AWK+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$AWK"; then - ac_cv_prog_AWK="$AWK" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_AWK="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -AWK=$ac_cv_prog_AWK -if test -n "$AWK"; then - { echo "$as_me:$LINENO: result: $AWK" >&5 -echo "${ECHO_T}$AWK" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$AWK" && break -done - -{ echo "$as_me:$LINENO: checking for ln -s or something else" >&5 -echo $ECHO_N "checking for ln -s or something else... $ECHO_C" >&6; } -if test "${ac_cv_prog_LN_S+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - rm -f conftestdata -if ln -s X conftestdata 2>/dev/null -then - rm -f conftestdata - ac_cv_prog_LN_S="ln -s" -else - touch conftestdata1 - if ln conftestdata1 conftestdata2; then - rm -f conftestdata* - ac_cv_prog_LN_S=ln - else - ac_cv_prog_LN_S=cp - fi -fi -fi -LN_S="$ac_cv_prog_LN_S" -{ echo "$as_me:$LINENO: result: $ac_cv_prog_LN_S" >&5 -echo "${ECHO_T}$ac_cv_prog_LN_S" >&6; } - - - - -# Check whether --with-mips_abi was given. -if test "${with_mips_abi+set}" = set; then - withval=$with_mips_abi; -fi - - -case "$host_os" in -irix*) -with_mips_abi="${with_mips_abi:-yes}" -if test -n "$GCC"; then - -# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select -# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. -# -# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old -# GCC and revert back to O32. The same goes if O32 is asked for - old -# GCCs doesn't like the -mabi option, and new GCCs can't output O32. -# -# Don't you just love *all* the different SGI ABIs? - -case "${with_mips_abi}" in - 32|o32) abi='-mabi=32'; abilibdirext='' ;; - n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; - 64) abi='-mabi=64'; abilibdirext='64' ;; - no) abi=''; abilibdirext='';; - *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5 -echo "$as_me: error: \"Invalid ABI specified\"" >&2;} - { (exit 1); exit 1; }; } ;; -esac -if test -n "$abi" ; then -ac_foo=krb_cv_gcc_`echo $abi | tr =- __` -{ echo "$as_me:$LINENO: checking if $CC supports the $abi option" >&5 -echo $ECHO_N "checking if $CC supports the $abi option... $ECHO_C" >&6; } -if { as_var=$ac_foo; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -save_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS $abi" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ -int x; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval $ac_foo=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval $ac_foo=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_extCFLAGS="$save_CFLAGS" - -fi - -ac_res=`eval echo \\\$$ac_foo` -{ echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test $ac_res = no; then -# Try to figure out why that failed... -case $abi in - -mabi=32) - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -mabi=n32" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ -int x; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_res=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_res=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CLAGS="$save_CFLAGS" - if test $ac_res = yes; then - # New GCC - { { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5 -echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;} - { (exit 1); exit 1; }; } - fi - # Old GCC - abi='' - abilibdirext='' - ;; - -mabi=n32|-mabi=64) - if test $with_mips_abi = yes; then - # Old GCC, default to O32 - abi='' - abilibdirext='' - else - # Some broken GCC - { { echo "$as_me:$LINENO: error: $CC does not support the $with_mips_abi ABI" >&5 -echo "$as_me: error: $CC does not support the $with_mips_abi ABI" >&2;} - { (exit 1); exit 1; }; } - fi - ;; -esac -fi #if test $ac_res = no; then -fi #if test -n "$abi" ; then -else -case "${with_mips_abi}" in - 32|o32) abi='-32'; abilibdirext='' ;; - n32|yes) abi='-n32'; abilibdirext='32' ;; - 64) abi='-64'; abilibdirext='64' ;; - no) abi=''; abilibdirext='';; - *) { { echo "$as_me:$LINENO: error: \"Invalid ABI specified\"" >&5 -echo "$as_me: error: \"Invalid ABI specified\"" >&2;} - { (exit 1); exit 1; }; } ;; -esac -fi #if test -n "$GCC"; then -;; -esac - -CC="$CC $abi" -libdir="$libdir$abilibdirext" - - -{ echo "$as_me:$LINENO: checking for __attribute__" >&5 -echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6; } -if test "${ac_cv___attribute__+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -static void foo(void) __attribute__ ((noreturn)); - -static void -foo(void) -{ - exit(1); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv___attribute__=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv___attribute__=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if test "$ac_cv___attribute__" = "yes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE___ATTRIBUTE__ 1 -_ACEOF - -fi -{ echo "$as_me:$LINENO: result: $ac_cv___attribute__" >&5 -echo "${ECHO_T}$ac_cv___attribute__" >&6; } - - -# Check whether --enable-shared was given. -if test "${enable_shared+set}" = set; then - enableval=$enable_shared; p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac -else - enable_shared=yes -fi - - -# Check whether --enable-static was given. -if test "${enable_static+set}" = set; then - enableval=$enable_static; p=${PACKAGE-default} - case $enableval in - yes) enable_static=yes ;; - no) enable_static=no ;; - *) - enable_static=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_static=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac -else - enable_static=yes -fi - - -# Check whether --enable-fast-install was given. -if test "${enable_fast_install+set}" = set; then - enableval=$enable_fast_install; p=${PACKAGE-default} - case $enableval in - yes) enable_fast_install=yes ;; - no) enable_fast_install=no ;; - *) - enable_fast_install=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_fast_install=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac -else - enable_fast_install=yes -fi - - -{ echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5 -echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; } -if test "${lt_cv_path_SED+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Loop through the user's path and test for sed and gsed. -# Then use that list of sed's as ones to test for truncation. -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for lt_ac_prog in sed gsed; do + for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do - if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then - lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" - fi + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 done done -done -lt_ac_max=0 -lt_ac_count=0 -# Add /usr/xpg4/bin/sed as it is typically found on Solaris -# along with /bin/sed that truncates output. -for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do - test ! -f $lt_ac_sed && continue - cat /dev/null > conftest.in - lt_ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >conftest.in - # Check for GNU sed and select it if it is found. - if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then - lt_cv_path_SED=$lt_ac_sed - break - fi - while true; do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo >>conftest.nl - $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break - cmp -s conftest.out conftest.nl || break - # 10000 chars as input seems more than enough - test $lt_ac_count -gt 10 && break - lt_ac_count=`expr $lt_ac_count + 1` - if test $lt_ac_count -gt $lt_ac_max; then - lt_ac_max=$lt_ac_count - lt_cv_path_SED=$lt_ac_sed - fi done -done - +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED fi -SED=$lt_cv_path_SED -{ echo "$as_me:$LINENO: result: $SED" >&5 -echo "${ECHO_T}$SED" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed -{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 -echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; } -if test "${ac_cv_path_GREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Extract the first word of "grep ggrep" to use in msg output -if test -z "$GREP"; then -set dummy grep ggrep; ac_prog_name=$2 -if test "${ac_cv_path_GREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if test "${ac_cv_path_GREP+set}" = set; then : + $as_echo_n "(cached) " >&6 else + if test -z "$GREP"; then ac_path_GREP_found=false -# Loop through the user's path and test for each of PROGNAME-LIST -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue - # Check for GNU ac_path_GREP and select it if it is found. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue +# Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" + $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - echo 'GREP' >> "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" @@ -5145,77 +4667,61 @@ case `"$ac_path_GREP" --version 2>&1` in rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac - - $ac_path_GREP_found && break 3 + $ac_path_GREP_found && break 3 + done + done done -done - -done IFS=$as_save_IFS - - -fi - -GREP="$ac_cv_path_GREP" -if test -z "$GREP"; then - { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } -fi - + if test -z "$ac_cv_path_GREP"; then + as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi else ac_cv_path_GREP=$GREP fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 -echo "${ECHO_T}$ac_cv_path_GREP" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" -{ echo "$as_me:$LINENO: checking for egrep" >&5 -echo $ECHO_N "checking for egrep... $ECHO_C" >&6; } -if test "${ac_cv_path_EGREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if test "${ac_cv_path_EGREP+set}" = set; then : + $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else - # Extract the first word of "egrep" to use in msg output -if test -z "$EGREP"; then -set dummy egrep; ac_prog_name=$2 -if test "${ac_cv_path_EGREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else + if test -z "$EGREP"; then ac_path_EGREP_found=false -# Loop through the user's path and test for each of PROGNAME-LIST -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue - # Check for GNU ac_path_EGREP and select it if it is found. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue +# Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" + $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - echo 'EGREP' >> "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" @@ -5227,39 +4733,114 @@ case `"$ac_path_EGREP" --version 2>&1` in rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac - - $ac_path_EGREP_found && break 3 + $ac_path_EGREP_found && break 3 + done + done done -done - -done IFS=$as_save_IFS - - -fi - -EGREP="$ac_cv_path_EGREP" -if test -z "$EGREP"; then - { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } -fi - + if test -z "$ac_cv_path_EGREP"; then + as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi else ac_cv_path_EGREP=$EGREP fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if test "${ac_cv_path_FGREP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi fi fi -{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 -echo "${ECHO_T}$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + # Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then +if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no @@ -5268,8 +4849,8 @@ fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. - { echo "$as_me:$LINENO: checking for ld used by $CC" >&5 -echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw @@ -5282,9 +4863,9 @@ echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld - ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` - while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do - ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; @@ -5298,14 +4879,14 @@ echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } ;; esac elif test "$with_gnu_ld" = yes; then - { echo "$as_me:$LINENO: checking for GNU ld" >&5 -echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } else - { echo "$as_me:$LINENO: checking for non-GNU ld" >&5 -echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } fi -if test "${lt_cv_path_LD+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +if test "${lt_cv_path_LD+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR @@ -5335,19 +4916,17 @@ fi LD="$lt_cv_path_LD" if test -n "$LD"; then - { echo "$as_me:$LINENO: result: $LD" >&5 -echo "${ECHO_T}$LD" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +$as_echo "$LD" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 -echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} - { (exit 1); exit 1; }; } -{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 -echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; } -if test "${lt_cv_prog_gnu_ld+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if test "${lt_cv_prog_gnu_ld+set}" = set; then : + $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &1 &5 -echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld -{ echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5 -echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; } -if test "${lt_cv_ld_reload_flag+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_cv_ld_reload_flag='-r' -fi -{ echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5 -echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; } -reload_flag=$lt_cv_ld_reload_flag -case $reload_flag in -"" | " "*) ;; -*) reload_flag=" $reload_flag" ;; -esac -reload_cmds='$LD$reload_flag -o $output$reload_objs' -case $host_os in - darwin*) - if test "$GCC" = yes; then - reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' - else - reload_cmds='$LD$reload_flag -o $output$reload_objs' - fi - ;; -esac -{ echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5 -echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6; } -if test "${lt_cv_path_NM+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if test "${lt_cv_path_NM+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. @@ -5435,1682 +4996,178 @@ else done IFS="$lt_save_ifs" done - test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm + : ${lt_cv_path_NM=no} fi fi -{ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5 -echo "${ECHO_T}$lt_cv_path_NM" >&6; } -NM="$lt_cv_path_NM" - -{ echo "$as_me:$LINENO: checking whether ln -s works" >&5 -echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; } -LN_S=$as_ln_s -if test "$LN_S" = "ln -s"; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" else - { echo "$as_me:$LINENO: result: no, using $LN_S" >&5 -echo "${ECHO_T}no, using $LN_S" >&6; } -fi - -{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5 -echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; } -if test "${lt_cv_deplibs_check_method+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_cv_file_magic_cmd='$MAGIC_CMD' -lt_cv_file_magic_test_file= -lt_cv_deplibs_check_method='unknown' -# Need to set the preceding variable on all platforms that support -# interlibrary dependencies. -# 'none' -- dependencies not supported. -# `unknown' -- same as none, but documents that we really don't know. -# 'pass_all' -- all dependencies passed with no checks. -# 'test_compile' -- check by making test program. -# 'file_magic [[regex]]' -- check by looking for files in library path -# which responds to the $file_magic_cmd with a given extended regex. -# If you have `file' or equivalent on your system and you're not sure -# whether `pass_all' will *always* work, you probably want this one. - -case $host_os in -aix4* | aix5*) - lt_cv_deplibs_check_method=pass_all - ;; - -beos*) - lt_cv_deplibs_check_method=pass_all - ;; - -bsdi[45]*) - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' - lt_cv_file_magic_cmd='/usr/bin/file -L' - lt_cv_file_magic_test_file=/shlib/libc.so - ;; - -cygwin*) - # func_win32_libid is a shell function defined in ltmain.sh - lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - ;; - -mingw* | pw32*) - # Base MSYS/MinGW do not provide the 'file' command needed by - # func_win32_libid shell function, so use a weaker test based on 'objdump'. - lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' - lt_cv_file_magic_cmd='$OBJDUMP -f' - ;; - -darwin* | rhapsody*) - lt_cv_deplibs_check_method=pass_all - ;; - -freebsd* | kfreebsd*-gnu | dragonfly*) - if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then - case $host_cpu in - i*86 ) - # Not sure whether the presence of OpenBSD here was a mistake. - # Let's accept both of them until this is cleared up. - lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` - ;; - esac - else - lt_cv_deplibs_check_method=pass_all - fi - ;; - -gnu*) - lt_cv_deplibs_check_method=pass_all - ;; - -hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file - case $host_cpu in - ia64*) - lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' - lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so - ;; - hppa*64*) - lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]' - lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl - ;; - *) - lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library' - lt_cv_file_magic_test_file=/usr/lib/libc.sl - ;; - esac - ;; - -interix3*) - # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' - ;; - -irix5* | irix6* | nonstopux*) - case $LD in - *-32|*"-32 ") libmagic=32-bit;; - *-n32|*"-n32 ") libmagic=N32;; - *-64|*"-64 ") libmagic=64-bit;; - *) libmagic=never-match;; - esac - lt_cv_deplibs_check_method=pass_all - ;; - -# This must be Linux ELF. -linux*) - lt_cv_deplibs_check_method=pass_all - ;; - -netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' - fi - ;; - -newos6*) - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=/usr/lib/libnls.so - ;; - -nto-qnx*) - lt_cv_deplibs_check_method=unknown - ;; - -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' - fi - ;; - -osf3* | osf4* | osf5*) - lt_cv_deplibs_check_method=pass_all - ;; - -solaris*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv4 | sysv4.3*) - case $host_vendor in - motorola) - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` - ;; - ncr) - lt_cv_deplibs_check_method=pass_all - ;; - sequent) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' - ;; - sni) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" - lt_cv_file_magic_test_file=/lib/libc.so - ;; - siemens) - lt_cv_deplibs_check_method=pass_all - ;; - pc) - lt_cv_deplibs_check_method=pass_all - ;; - esac - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - lt_cv_deplibs_check_method=pass_all - ;; -esac - -fi -{ echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5 -echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; } -file_magic_cmd=$lt_cv_file_magic_cmd -deplibs_check_method=$lt_cv_deplibs_check_method -test -z "$deplibs_check_method" && deplibs_check_method=unknown - - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - -# Check whether --enable-libtool-lock was given. -if test "${enable_libtool_lock+set}" = set; then - enableval=$enable_libtool_lock; -fi - -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes - -# Some flags need to be propagated to the compiler or linker for good -# libtool support. -case $host in -ia64-*-hpux*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.$ac_objext` in - *ELF-32*) - HPUX_IA64_MODE="32" - ;; - *ELF-64*) - HPUX_IA64_MODE="64" - ;; - esac - fi - rm -rf conftest* - ;; -*-*-irix6*) - # Find out which ABI we are using. - echo '#line 5679 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - if test "$lt_cv_prog_gnu_ld" = yes; then - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -melf32bsmip" - ;; - *N32*) - LD="${LD-ld} -melf32bmipn32" - ;; - *64-bit*) - LD="${LD-ld} -melf64bmip" - ;; - esac - else - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -32" - ;; - *N32*) - LD="${LD-ld} -n32" - ;; - *64-bit*) - LD="${LD-ld} -64" - ;; - esac - fi - fi - rm -rf conftest* - ;; - -x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.o` in - *32-bit*) - case $host in - x86_64-*linux*) - LD="${LD-ld} -m elf_i386" - ;; - ppc64-*linux*|powerpc64-*linux*) - LD="${LD-ld} -m elf32ppclinux" - ;; - s390x-*linux*) - LD="${LD-ld} -m elf_s390" - ;; - sparc64-*linux*) - LD="${LD-ld} -m elf32_sparc" - ;; - esac - ;; - *64-bit*) - case $host in - x86_64-*linux*) - LD="${LD-ld} -m elf_x86_64" - ;; - ppc*-*linux*|powerpc*-*linux*) - LD="${LD-ld} -m elf64ppc" - ;; - s390*-*linux*) - LD="${LD-ld} -m elf64_s390" - ;; - sparc*-*linux*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - -*-*-sco3.2v5*) - # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -belf" - { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5 -echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; } -if test "${lt_cv_cc_needs_belf+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - lt_cv_cc_needs_belf=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - lt_cv_cc_needs_belf=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -fi -{ echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5 -echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; } - if test x"$lt_cv_cc_needs_belf" != x"yes"; then - # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" - fi - ;; -sparc*-*solaris*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - case `/usr/bin/file conftest.o` in - *64-bit*) - case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; - *) LD="${LD-ld} -64" ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - - -esac - -need_locks="$enable_libtool_lock" - - - -{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5 -echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } -if test "${ac_cv_header_stdc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -#include -#include - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_header_stdc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_stdc=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then - : -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then - : -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then - : -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - : -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 -echo "${ECHO_T}$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -cat >>confdefs.h <<\_ACEOF -#define STDC_HEADERS 1 -_ACEOF - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. - - - - - - - - - -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - -for ac_header in dlfcn.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -ac_ext=cpp -ac_cpp='$CXXCPP $CPPFLAGS' -ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_cxx_compiler_gnu -if test -z "$CXX"; then - if test -n "$CCC"; then - CXX=$CCC + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. else if test -n "$ac_tool_prefix"; then - for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC + for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CXX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_DUMPBIN+set}" = set; then : + $as_echo_n "(cached) " >&6 else - if test -n "$CXX"; then - ac_cv_prog_CXX="$CXX" # Let the user override the test. + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi -CXX=$ac_cv_prog_CXX -if test -n "$CXX"; then - { echo "$as_me:$LINENO: result: $CXX" >&5 -echo "${ECHO_T}$CXX" >&6; } +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi - test -n "$CXX" && break + test -n "$DUMPBIN" && break done fi -if test -z "$CXX"; then - ac_ct_CXX=$CXX - for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then : + $as_echo_n "(cached) " >&6 else - if test -n "$ac_ct_CXX"; then - ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CXX="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_CXX=$ac_cv_prog_ac_ct_CXX -if test -n "$ac_ct_CXX"; then - { echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5 -echo "${ECHO_T}$ac_ct_CXX" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$ac_ct_CXX" && break -done - - if test "x$ac_ct_CXX" = x; then - CXX="g++" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - CXX=$ac_ct_CXX - fi -fi - - fi -fi -# Provide some information about the compiler. -echo "$as_me:$LINENO: checking for C++ compiler version" >&5 -ac_compiler=`set X $ac_compile; echo $2` -{ (ac_try="$ac_compiler --version >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler --version >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -v >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -v >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -V >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -V >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } - -{ echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5 -echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6; } -if test "${ac_cv_cxx_compiler_gnu+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_compiler_gnu=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_compiler_gnu=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_cxx_compiler_gnu=$ac_compiler_gnu - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5 -echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6; } -GXX=`test $ac_compiler_gnu = yes && echo yes` -ac_test_CXXFLAGS=${CXXFLAGS+set} -ac_save_CXXFLAGS=$CXXFLAGS -{ echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5 -echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6; } -if test "${ac_cv_prog_cxx_g+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_save_cxx_werror_flag=$ac_cxx_werror_flag - ac_cxx_werror_flag=yes - ac_cv_prog_cxx_g=no - CXXFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_cxx_g=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - CXXFLAGS="" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cxx_werror_flag=$ac_save_cxx_werror_flag - CXXFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_cxx_g=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cxx_werror_flag=$ac_save_cxx_werror_flag -fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5 -echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6; } -if test "$ac_test_CXXFLAGS" = set; then - CXXFLAGS=$ac_save_CXXFLAGS -elif test $ac_cv_prog_cxx_g = yes; then - if test "$GXX" = yes; then - CXXFLAGS="-g -O2" - else - CXXFLAGS="-g" - fi -else - if test "$GXX" = yes; then - CXXFLAGS="-O2" - else - CXXFLAGS= - fi -fi -ac_ext=cpp -ac_cpp='$CXXCPP $CPPFLAGS' -ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_cxx_compiler_gnu - - - -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - ac_ext=cpp -ac_cpp='$CXXCPP $CPPFLAGS' -ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_cxx_compiler_gnu -{ echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5 -echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6; } -if test -z "$CXXCPP"; then - if test "${ac_cv_prog_CXXCPP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Double quotes because CXXCPP needs to be expanded - for CXXCPP in "$CXX -E" "/lib/cpp" - do - ac_preproc_ok=false -for ac_cxx_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Broken: fails on valid input. -continue -fi - -rm -f conftest.err conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || - test ! -s conftest.err - }; then - # Broken: success on invalid input. -continue -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Passes both tests. -ac_preproc_ok=: -break -fi - -rm -f conftest.err conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - break -fi - - done - ac_cv_prog_CXXCPP=$CXXCPP - -fi - CXXCPP=$ac_cv_prog_CXXCPP -else - ac_cv_prog_CXXCPP=$CXXCPP -fi -{ echo "$as_me:$LINENO: result: $CXXCPP" >&5 -echo "${ECHO_T}$CXXCPP" >&6; } -ac_preproc_ok=false -for ac_cxx_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Broken: fails on valid input. -continue -fi - -rm -f conftest.err conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || - test ! -s conftest.err - }; then - # Broken: success on invalid input. -continue -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Passes both tests. -ac_preproc_ok=: -break -fi - -rm -f conftest.err conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - : -else - { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check -See \`config.log' for more details." >&5 -echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } -fi - -ac_ext=cpp -ac_cpp='$CXXCPP $CPPFLAGS' -ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_cxx_compiler_gnu - -fi - - -ac_ext=f -ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' -ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_f77_compiler_gnu -if test -n "$ac_tool_prefix"; then - for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_F77+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$F77"; then - ac_cv_prog_F77="$F77" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_F77="$ac_tool_prefix$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -F77=$ac_cv_prog_F77 -if test -n "$F77"; then - { echo "$as_me:$LINENO: result: $F77" >&5 -echo "${ECHO_T}$F77" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$F77" && break done -fi -if test -z "$F77"; then - ac_ct_F77=$F77 - for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_F77+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_F77"; then - ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_F77="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done IFS=$as_save_IFS fi fi -ac_ct_F77=$ac_cv_prog_ac_ct_F77 -if test -n "$ac_ct_F77"; then - { echo "$as_me:$LINENO: result: $ac_ct_F77" >&5 -echo "${ECHO_T}$ac_ct_F77" >&6; } +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi - test -n "$ac_ct_F77" && break + test -n "$ac_ct_DUMPBIN" && break done - if test "x$ac_ct_F77" = x; then - F77="" + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" else case $cross_compiling:$ac_tool_warned in yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac - F77=$ac_ct_F77 + DUMPBIN=$ac_ct_DUMPBIN fi fi + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi -# Provide some information about the compiler. -echo "$as_me:$LINENO: checking for Fortran 77 compiler version" >&5 -ac_compiler=`set X $ac_compile; echo $2` -{ (ac_try="$ac_compiler --version >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler --version >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -v >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -v >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -V >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -V >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -rm -f a.out + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm -# If we don't use `.F' as extension, the preprocessor is not run on the -# input file. (Note that this only needs to work for GNU compilers.) -ac_save_ext=$ac_ext -ac_ext=F -{ echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5 -echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6; } -if test "${ac_cv_f77_compiler_gnu+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if test "${lt_cv_nm_interface+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF - program main -#ifndef __GNUC__ - choke me -#endif - - end -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_f77_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_compiler_gnu=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_compiler_gnu=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_f77_compiler_gnu=$ac_compiler_gnu - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5 -echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6; } -ac_ext=$ac_save_ext -ac_test_FFLAGS=${FFLAGS+set} -ac_save_FFLAGS=$FFLAGS -FFLAGS= -{ echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5 -echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6; } -if test "${ac_cv_prog_f77_g+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - FFLAGS=-g -cat >conftest.$ac_ext <<_ACEOF - program main - - end -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_f77_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_f77_g=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_prog_f77_g=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5 -echo "${ECHO_T}$ac_cv_prog_f77_g" >&6; } -if test "$ac_test_FFLAGS" = set; then - FFLAGS=$ac_save_FFLAGS -elif test $ac_cv_prog_f77_g = yes; then - if test "x$ac_cv_f77_compiler_gnu" = xyes; then - FFLAGS="-g -O2" - else - FFLAGS="-g" - fi -else - if test "x$ac_cv_f77_compiler_gnu" = xyes; then - FFLAGS="-O2" - else - FFLAGS= + (eval echo "\"\$as_me:$LINENO: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" fi + rm -f conftest* fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } -G77=`test $ac_compiler_gnu = yes && echo yes` -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - -# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers! +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi # find the maximum length of command line arguments -{ echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5 -echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; } -if test "${lt_cv_sys_max_cmd_len+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if test "${lt_cv_sys_max_cmd_len+set}" = set; then : + $as_echo_n "(cached) " >&6 else i=0 teststring="ABCD" @@ -7131,7 +5188,7 @@ else lt_cv_sys_max_cmd_len=-1; ;; - cygwin* | mingw*) + cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, @@ -7142,6 +5199,11 @@ else lt_cv_sys_max_cmd_len=8192; ;; + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. @@ -7186,51 +5248,1165 @@ else sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) - # If test is not a shell built-in, we'll probably end up computing a - # maximum length that is only half of the actual maximum length, but - # we can't tell. - SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} - while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \ - = "XX$teststring") >/dev/null 2>&1 && - new_result=`expr "X$teststring" : ".*" 2>&1` && - lt_cv_sys_max_cmd_len=$new_result && - test $i != 17 # 1/2 MB should be enough - do - i=`expr $i + 1` - teststring=$teststring$teststring - done - teststring= - # Add a significant safety factor because C++ compilers can tack on massive - # amounts of additional arguments before passing them to the linker. - # It appears as though 1/2 is a usable value. - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi ;; esac fi if test -n $lt_cv_sys_max_cmd_len ; then - { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5 -echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } else - { echo "$as_me:$LINENO: result: none" >&5 -echo "${ECHO_T}none" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 +$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,b/c, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 +$as_echo "$xsi_shell" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 +$as_echo_n "checking whether the shell understands \"+=\"... " >&6; } +lt_shell_append=no +( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 +$as_echo "$lt_shell_append" >&6; } + + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false fi + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +if test "${lt_cv_to_host_file_cmd+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac + +fi + +to_host_file_cmd=$lt_cv_to_host_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +$as_echo "$lt_cv_to_host_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +if test "${lt_cv_to_tool_file_cmd+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + #assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac + +fi + +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +$as_echo "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if test "${lt_cv_ld_reload_flag+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + if test "$GCC" != yes; then + reload_cmds=false + fi + ;; + darwin*) + if test "$GCC" = yes; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_OBJDUMP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if test "${lt_cv_deplibs_check_method+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# `unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# which responds to the $file_magic_cmd with a given extended regex. +# If you have `file' or equivalent on your system and you're not sure +# whether `pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. + if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_DLLTOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +$as_echo "$DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_DLLTOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +$as_echo "$ac_ct_DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + +test -z "$DLLTOOL" && DLLTOOL=dlltool + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +if test "${lt_cv_sharedlib_from_linklib_cmd+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh + # decide which to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd="$ECHO" + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + + + + + + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_AR+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_AR+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} +: ${AR_FLAGS=cru} + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +$as_echo_n "checking for archiver @FILE support... " >&6; } +if test "${lt_cv_ar_at_file+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -ne 0; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +$as_echo "$lt_cv_ar_at_file" >&6; } + +if test "x$lt_cv_ar_at_file" = xno; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_RANLIB+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + # Check for command to grab the raw symbol name followed by C symbol from nm. -{ echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5 -echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; } -if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then : + $as_echo_n "(cached) " >&6 else # These are sane defaults that work on at least a few old systems. @@ -7242,33 +6418,18 @@ symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' -# Transform an extracted symbol line into a proper C declaration -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'" - -# Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" - # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; -cygwin* | mingw* | pw32*) +cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; -hpux*) # Its linker distinguishes data from code symbols +hpux*) if test "$host_cpu" = ia64; then symcode='[ABCDEGRST]' fi - lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" - lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" - ;; -linux*) - if test "$host_cpu" = ia64; then - symcode='[ABCDGIRSTW]' - lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" - lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" - fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' @@ -7293,57 +6454,86 @@ sysv4) ;; esac -# Handle CRLF in mingw tool chain -opt_cr= -case $build_os in -mingw*) - opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp - ;; -esac - # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac -# Try without a prefix undercore, then with it. +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* - cat > conftest.$ac_ext < conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; -void nm_test_func(){} +void nm_test_func(void); +void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} -EOF +_LT_EOF - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm - if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5 - (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 + (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s "$nlist"; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -7352,57 +6542,71 @@ EOF fi # Make sure that we snagged all the symbols we need. - if grep ' nm_test_var$' "$nlist" >/dev/null; then - if grep ' nm_test_func$' "$nlist" >/dev/null; then - cat < conftest.$ac_ext + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + #ifdef __cplusplus extern "C" { #endif -EOF +_LT_EOF # Now generate the symbol file. - eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext' + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' - cat <> conftest.$ac_ext -#if defined (__STDC__) && __STDC__ -# define lt_ptr_t void * -#else -# define lt_ptr_t char * -# define const -#endif + cat <<_LT_EOF >> conftest.$ac_ext -/* The mapping between symbol names and symbols. */ -const struct { +/* The mapping between symbol names and symbols. */ +LT_DLSYM_CONST struct { const char *name; - lt_ptr_t address; + void *address; } -lt_preloaded_symbols[] = +lt__PROGRAM__LTX_preloaded_symbols[] = { -EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext - cat <<\EOF >> conftest.$ac_ext - {0, (lt_ptr_t) 0} + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} }; +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + #ifdef __cplusplus } #endif -EOF +_LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext - lt_save_LIBS="$LIBS" - lt_save_CFLAGS="$CFLAGS" + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s conftest${ac_exeext}; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext}; then pipe_works=yes fi - LIBS="$lt_save_LIBS" - CFLAGS="$lt_save_CFLAGS" + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&5 fi @@ -7416,7 +6620,7 @@ EOF echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi - rm -f conftest* conftst* + rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then @@ -7432,17 +6636,1334 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - { echo "$as_me:$LINENO: result: failed" >&5 -echo "${ECHO_T}failed" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } else - { echo "$as_me:$LINENO: result: ok" >&5 -echo "${ECHO_T}ok" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } fi -{ echo "$as_me:$LINENO: checking for objdir" >&5 -echo $ECHO_N "checking for objdir... $ECHO_C" >&6; } -if test "${lt_cv_objdir+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +$as_echo_n "checking for sysroot... " >&6; } + +# Check whether --with-sysroot was given. +if test "${with_sysroot+set}" = set; then : + withval=$with_sysroot; +else + with_sysroot=no +fi + + +lt_sysroot= +case ${with_sysroot} in #( + yes) + if test "$GCC" = yes; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 +$as_echo "${with_sysroot}" >&6; } + as_fn_error "The sysroot must be an absolute path." "$LINENO" 5 + ;; +esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +$as_echo "${lt_sysroot:-no}" >&6; } + + + + + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if test "${lt_cv_cc_needs_belf+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +sparc*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) LD="${LD-ld} -m elf64_sparc" ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. +set dummy ${ac_tool_prefix}mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_MANIFEST_TOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL +if test -n "$MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +$as_echo "$MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. +set dummy mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_MANIFEST_TOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL +if test -n "$ac_ct_MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then + MANIFEST_TOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL + fi +else + MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" +fi + +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if test "${lt_cv_path_mainfest_tool+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&5 + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +$as_echo "$lt_cv_path_mainfest_tool" >&6; } +if test "x$lt_cv_path_mainfest_tool" != xyes; then + MANIFEST_TOOL=: +fi + + + + + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_DSYMUTIL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_NMEDIT+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_LIPO+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_OTOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_OTOOL64+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if test "${lt_cv_apple_cc_single_mod+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if test "${lt_cv_ld_exported_symbols_list+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +$as_echo_n "checking for -force_load linker flag... " >&6; } +if test "${lt_cv_ld_force_load+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 + echo "$AR cru libconftest.a conftest.o" >&5 + $AR cru libconftest.a conftest.o 2>&5 + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&5 + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +$as_echo "$lt_cv_ld_force_load" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[012]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + + + +# Set options + + + + enable_dlopen=no + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + # Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_static=yes +fi + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; pic_mode="$withval" +else + pic_mode=default +fi + + +test -z "$pic_mode" && pic_mode=default + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if test "${lt_cv_objdir+set}" = set; then : + $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null @@ -7454,14 +7975,21 @@ else fi rmdir .libs 2>/dev/null fi -{ echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5 -echo "${ECHO_T}$lt_cv_objdir" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some @@ -7474,362 +8002,26 @@ aix3*) ;; esac -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed='sed -e 1s/^X//' -sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' - -# Constants: -rm="rm -f" - # Global variables: -default_ofile=libtool +ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a -ltmain="$ac_aux_dir/ltmain.sh" -ofile="$default_ofile" + with_gnu_ld="$lt_cv_prog_gnu_ld" -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. -set dummy ${ac_tool_prefix}ar; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_AR+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_AR="${ac_tool_prefix}ar" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -AR=$ac_cv_prog_AR -if test -n "$AR"; then - { echo "$as_me:$LINENO: result: $AR" >&5 -echo "${ECHO_T}$AR" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_AR"; then - ac_ct_AR=$AR - # Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_AR+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_AR"; then - ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_AR="ar" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_AR=$ac_cv_prog_ac_ct_AR -if test -n "$ac_ct_AR"; then - { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5 -echo "${ECHO_T}$ac_ct_AR" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_AR" = x; then - AR="false" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - AR=$ac_ct_AR - fi -else - AR="$ac_cv_prog_AR" -fi - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_RANLIB+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { echo "$as_me:$LINENO: result: $RANLIB" >&5 -echo "${ECHO_T}$RANLIB" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 -echo "${ECHO_T}$ac_ct_RANLIB" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_STRIP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { echo "$as_me:$LINENO: result: $STRIP" >&5 -echo "${ECHO_T}$STRIP" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_STRIP="strip" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 -echo "${ECHO_T}$ac_ct_STRIP" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_STRIP" = x; then - STRIP=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi -else - STRIP="$ac_cv_prog_STRIP" -fi - - old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables -test -z "$AR" && AR=ar -test -z "$AR_FLAGS" && AR_FLAGS=cru -test -z "$AS" && AS=as test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS -test -z "$DLLTOOL" && DLLTOOL=dlltool test -z "$LD" && LD=ld -test -z "$LN_S" && LN_S="ln -s" -test -z "$MAGIC_CMD" && MAGIC_CMD=file -test -z "$NM" && NM=nm -test -z "$SED" && SED=sed -test -z "$OBJDUMP" && OBJDUMP=objdump -test -z "$RANLIB" && RANLIB=: -test -z "$STRIP" && STRIP=: test -z "$ac_objext" && ac_objext=o -# Determine commands to create old-style static archives. -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' -old_postinstall_cmds='chmod 644 $oldlib' -old_postuninstall_cmds= - -if test -n "$RANLIB"; then - case $host_os in - openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" - ;; - esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" -fi - for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; @@ -7838,17 +8030,18 @@ for cc_temp in $compiler""; do *) break;; esac done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then - { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5 -echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; } -if test "${lt_cv_path_MAGIC_CMD+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : + $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) @@ -7872,7 +8065,7 @@ else $EGREP "$file_magic_regex" > /dev/null; then : else - cat <&2 + cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. @@ -7883,7 +8076,7 @@ else *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org -EOF +_LT_EOF fi ;; esac fi @@ -7898,19 +8091,23 @@ fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then - { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 -echo "${ECHO_T}$MAGIC_CMD" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi + + + + if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then - { echo "$as_me:$LINENO: checking for file" >&5 -echo $ECHO_N "checking for file... $ECHO_C" >&6; } -if test "${lt_cv_path_MAGIC_CMD+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : + $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) @@ -7934,7 +8131,7 @@ else $EGREP "$file_magic_regex" > /dev/null; then : else - cat <&2 + cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. @@ -7945,7 +8142,7 @@ else *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org -EOF +_LT_EOF fi ;; esac fi @@ -7960,13 +8157,14 @@ fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then - { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 -echo "${ECHO_T}$MAGIC_CMD" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi + else MAGIC_CMD=: fi @@ -7976,28 +8174,8 @@ fi ;; esac -enable_dlopen=no -enable_win32_dll=no - -# Check whether --enable-libtool-lock was given. -if test "${enable_libtool_lock+set}" = set; then - enableval=$enable_libtool_lock; -fi - -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes - - -# Check whether --with-pic was given. -if test "${with_pic+set}" = set; then - withval=$with_pic; pic_mode="$withval" -else - pic_mode=default -fi - -test -z "$pic_mode" && pic_mode=default - # Use C for the default configuration in the libtool script -tagname= + lt_save_CC="$CC" ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -8014,10 +8192,15 @@ objext=o objext=$objext # Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;\n" +lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}\n' +lt_simple_link_test_code='int main(){return(0);}' + + + + + # If no C compiler was specified, use CC. @@ -8029,36 +8212,48 @@ LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext -printf "$lt_simple_compile_test_code" >conftest.$ac_ext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` -$rm conftest* +$RM conftest* ac_outfile=conftest.$ac_objext -printf "$lt_simple_link_test_code" >conftest.$ac_ext +echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` -$rm conftest* +$RM -r conftest* +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then - lt_prog_compiler_no_builtin_flag=' -fno-builtin' + case $cc_basename in + nvcc*) + lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; + *) + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac - -{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 -echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; } -if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then : + $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no - ac_outfile=conftest.$ac_objext - printf "$lt_simple_compile_test_code" > conftest.$ac_ext + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. @@ -8069,25 +8264,25 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8072: $lt_compile\"" >&5) + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8076: \$? = $ac_status" >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi - $rm conftest* + $RM conftest* fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 -echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" @@ -8097,12 +8292,15 @@ fi fi -lt_prog_compiler_wl= + + + + + + lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= -{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 -echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } if test "$GCC" = yes; then lt_prog_compiler_wl='-Wl,' @@ -8118,19 +8316,29 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } ;; amigaos*) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; - mingw* | pw32* | os2*) + mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; @@ -8140,7 +8348,27 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } lt_prog_compiler_pic='-fno-common' ;; - interix3*) + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; @@ -8152,29 +8380,29 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } enable_shared=no ;; + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; - hpux*) - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic='-fPIC' - ;; - esac - ;; - *) lt_prog_compiler_pic='-fPIC' ;; esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + lt_prog_compiler_pic='-Xcompiler -fPIC' + ;; + esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in @@ -8187,18 +8415,8 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; - darwin*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - case $cc_basename in - xlc*) - lt_prog_compiler_pic='-qnocommon' - lt_prog_compiler_wl='-Wl,' - ;; - esac - ;; - mingw* | pw32* | os2*) + mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' @@ -8226,19 +8444,34 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } lt_prog_compiler_static='-non_shared' ;; - newsos6) - lt_prog_compiler_pic='-KPIC' - lt_prog_compiler_static='-Bstatic' - ;; - - linux*) + linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in - icc* | ecc*) + # old Intel for x86_64 which still supported -KPIC. + ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; - pgcc* | pgf77* | pgf90* | pgf95*) + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' @@ -8250,20 +8483,57 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ F* | *Sun*Fortran*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + esac + ;; esac ;; + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in - f77* | f90* | f95*) + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; @@ -8311,63 +8581,6 @@ echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } esac fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic" >&6; } - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$lt_prog_compiler_pic"; then - -{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 -echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_pic_works+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_pic_works=no - ac_outfile=conftest.$ac_objext - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic -DPIC" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8340: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:8344: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_pic_works=yes - fi - fi - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6; } - -if test x"$lt_prog_compiler_pic_works" = xyes; then - case $lt_prog_compiler_pic in - "" | " "*) ;; - *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; - esac -else - lt_prog_compiler_pic= - lt_prog_compiler_can_build_shared=no -fi - -fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) @@ -8378,59 +8591,139 @@ case $host_os in ;; esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if test "${lt_cv_prog_compiler_pic+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +$as_echo "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if test "${lt_cv_prog_compiler_pic_works+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test x"$lt_cv_prog_compiler_pic_works" = xyes; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + + + + + + # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" -{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_static_works+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if test "${lt_cv_prog_compiler_static_works+set}" = set; then : + $as_echo_n "(cached) " >&6 else - lt_prog_compiler_static_works=no + lt_cv_prog_compiler_static_works=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" - printf "$lt_simple_link_test_code" > conftest.$ac_ext + echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 - $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_static_works=yes + lt_cv_prog_compiler_static_works=yes fi else - lt_prog_compiler_static_works=yes + lt_cv_prog_compiler_static_works=yes fi fi - $rm conftest* + $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5 -echo "${ECHO_T}$lt_prog_compiler_static_works" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } -if test x"$lt_prog_compiler_static_works" = xyes; then +if test x"$lt_cv_prog_compiler_static_works" = xyes; then : else lt_prog_compiler_static= fi -{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 -echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } -if test "${lt_cv_prog_compiler_c_o+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test "${lt_cv_prog_compiler_c_o+set}" = set; then : + $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no - $rm -r conftest 2>/dev/null + $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out - printf "$lt_simple_compile_test_code" > conftest.$ac_ext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or @@ -8441,83 +8734,148 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8444: $lt_compile\"" >&5) + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8448: \$? = $ac_status" >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 - $rm conftest* + $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation - test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files - $rm out/* && rmdir out + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out cd .. - rmdir conftest - $rm conftest* + $RM -r conftest + $RM conftest* fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5 -echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test "${lt_cv_prog_compiler_c_o+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user - { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 -echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes - $rm conftest* + $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no - { echo "$as_me:$LINENO: result: $hard_links" >&5 -echo "${ECHO_T}$hard_links" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } if test "$hard_links" = no; then - { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 -echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi -{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= - enable_shared_with_static_runtimes=no + always_export_symbols=no archive_cmds= archive_expsym_cmds= - old_archive_From_new_cmds= - old_archive_from_expsyms_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no export_dynamic_flag_spec= - whole_archive_flag_spec= - thread_safe_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no hardcode_libdir_flag_spec= hardcode_libdir_flag_spec_ld= hardcode_libdir_separator= - hardcode_direct=no hardcode_minus_L=no hardcode_shlibpath_var=unsupported + inherit_rpath=no link_all_deplibs=unknown - hardcode_automatic=no module_cmds= module_expsym_cmds= - always_export_symbols=no - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= @@ -8525,26 +8883,17 @@ echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared librar # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. - exclude_expsyms="_GLOBAL_OFFSET_TABLE_" + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= - # Just being paranoid about ensuring that cc_basename is set. - for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` case $host_os in - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. @@ -8562,7 +8911,33 @@ cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` esac ld_shlibs=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; + *\ \(GNU\ Binutils\)\ [3-9]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' @@ -8570,16 +8945,17 @@ cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec= + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec= fi supports_anon_versioning=no - case `$LD -v 2>/dev/null` in + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... @@ -8589,38 +8965,40 @@ cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` # See if GNU ld supports shared libraries. case $host_os in - aix3* | aix4* | aix5*) + aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no - cat <&2 + cat <<_LT_EOF 1>&2 -*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. -EOF +_LT_EOF fi ;; amigaos*) - archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - - # Samuel A. Falvo II reports - # that the semantics of dynamic libraries on AmigaOS, at least up - # to version 4, is to share data among multiple programs linked - # with the same dynamic library. Since this doesn't match the - # behavior of shared libraries on other platforms, we can't use - # them. - ld_shlibs=no + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac ;; beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME @@ -8630,16 +9008,18 @@ EOF fi ;; - cygwin* | mingw* | pw32*) - # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' + export_dynamic_flag_spec='${wl}--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes - export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... @@ -8655,7 +9035,12 @@ EOF fi ;; - interix3*) + haiku*) + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + link_all_deplibs=yes + ;; + + interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' @@ -8670,51 +9055,95 @@ EOF archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; - linux*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - tmp_addflag= + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + ;; esac - archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - if test $supports_anon_versioning = yes; then - archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - $echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' - fi + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec= + hardcode_libdir_flag_spec_ld='-rpath $libdir' + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac else - ld_shlibs=no + ld_shlibs=no fi ;; netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) - if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then ld_shlibs=no - cat <&2 + cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool @@ -8723,10 +9152,10 @@ EOF *** your PATH or compiler configuration so that the native linker is *** used, and then restart. -EOF - elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -8748,10 +9177,14 @@ EOF _LT_EOF ;; *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -8767,9 +9200,9 @@ _LT_EOF ;; *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi @@ -8799,7 +9232,7 @@ _LT_EOF fi ;; - aix4* | aix5*) + aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. @@ -8809,22 +9242,24 @@ _LT_EOF else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | grep 'GNU' > /dev/null; then - export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else - export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix5*) + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then - aix_use_runtimelinking=yes - break - fi + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi done ;; esac @@ -8841,28 +9276,30 @@ _LT_EOF archive_cmds='' hardcode_direct=yes + hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes + file_list_spec='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null then - # We have reworked collect2 - hardcode_direct=yes + # We have reworked collect2 + : else - # We have old collect2 - hardcode_direct=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - hardcode_minus_L=yes - hardcode_libdir_flag_spec='-L$libdir' - hardcode_libdir_separator= + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= fi ;; esac @@ -8873,8 +9310,8 @@ _LT_EOF else # not using gcc if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then @@ -8885,6 +9322,7 @@ _LT_EOF fi fi + export_dynamic_flag_spec='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes @@ -8892,12 +9330,15 @@ _LT_EOF # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + # Determine the default libpath from the value encoded in an + # empty executable. + if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + if test "${lt_cv_aix_libpath_+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -8908,55 +9349,49 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_link "$LINENO"; then : + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_="/usr/lib:/lib" + fi fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + aix_libpath=$lt_cv_aix_libpath_ +fi - hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" - archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + # Determine the default libpath from the value encoded in an + # empty executable. + if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + if test "${lt_cv_aix_libpath_+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -8967,48 +9402,44 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_link "$LINENO"; then : + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_="/usr/lib:/lib" + fi fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + aix_libpath=$lt_cv_aix_libpath_ +fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' ${wl}-bernotok' allow_undefined_flag=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - whole_archive_flag_spec='$convenience' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + fi archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' @@ -9017,86 +9448,117 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ;; amigaos*) - archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec='-L$libdir' - hardcode_minus_L=yes - # see comment about different semantics on the GNU ld section - ld_shlibs=no + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; - cygwin* | mingw* | pw32*) + cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. - hardcode_libdir_flag_spec=' ' - allow_undefined_flag=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" - # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - old_archive_From_new_cmds='true' - # FIXME: Should let the user specify the lib program. - old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs' - fix_srcfile_path='`cygpath -w "$srcfile"`' - enable_shared_with_static_runtimes=yes + case $cc_basename in + cl*) + # Native MSVC + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, )='true' + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + old_postinstall_cmds='chmod 644 $oldlib' + postlink_cmds='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + enable_shared_with_static_runtimes=yes + ;; + esac ;; darwin* | rhapsody*) - case $host_os in - rhapsody* | darwin1.[012]) - allow_undefined_flag='${wl}-undefined ${wl}suppress' - ;; - *) # Darwin 1.3 on - if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then - allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - else - case ${MACOSX_DEPLOYMENT_TARGET} in - 10.[012]) - allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - ;; - 10.*) - allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup' - ;; - esac - fi - ;; - esac - archive_cmds_need_lc=no - hardcode_direct=no - hardcode_automatic=yes - hardcode_shlibpath_var=unsupported - whole_archive_flag_spec='' - link_all_deplibs=yes - if test "$GCC" = yes ; then - output_verbose_link_cmd='echo' - archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - case $cc_basename in - xlc*) - output_verbose_link_cmd='echo' - archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' - module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - ;; - *) - ld_shlibs=no - ;; - esac - fi + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + if test "$lt_cv_ld_force_load" = "yes"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + else + whole_archive_flag_spec='' + fi + link_all_deplibs=yes + allow_undefined_flag="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=func_echo_all + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + + else + ld_shlibs=no + fi + ;; dgux*) @@ -9129,8 +9591,8 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | kfreebsd*-gnu | dragonfly*) - archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no @@ -9138,9 +9600,9 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hpux9*) if test "$GCC" = yes; then - archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else - archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: @@ -9153,18 +9615,18 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ;; hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_flag_spec_ld='+b $libdir' hardcode_libdir_separator=: - hardcode_direct=yes + hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' - # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes @@ -9172,16 +9634,16 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ;; hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then + if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) - archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else @@ -9193,7 +9655,46 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) - archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +$as_echo_n "checking if $CC understands -b... " >&6; } +if test "${lt_cv_prog_compiler__b+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler__b=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -b" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler__b=yes + fi + else + lt_cv_prog_compiler__b=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +$as_echo "$lt_cv_prog_compiler__b" >&6; } + +if test x"$lt_cv_prog_compiler__b" = xyes; then + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' +fi + ;; esac fi @@ -9203,12 +9704,12 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi case $host_cpu in hppa*64*|ia64*) - hardcode_libdir_flag_spec_ld='+b $libdir' hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes + hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, @@ -9221,18 +9722,49 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then - archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if test "${lt_cv_irix_exported_symbol+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo (void) { return 0; } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_irix_exported_symbol=yes +else + lt_cv_irix_exported_symbol=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +$as_echo "$lt_cv_irix_exported_symbol" >&6; } + if test "$lt_cv_irix_exported_symbol" = yes; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + fi else - archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec_ld='-rpath $libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi + archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: + inherit_rpath=yes link_all_deplibs=yes ;; netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF @@ -9250,25 +9782,33 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_shlibpath_var=no ;; + *nto* | *qnx*) + ;; + openbsd*) - hardcode_direct=yes - hardcode_shlibpath_var=no - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - export_dynamic_flag_spec='${wl}-E' + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi else - case $host_os in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac + ld_shlibs=no fi ;; @@ -9276,18 +9816,19 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported - archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi + archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; @@ -9295,49 +9836,59 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else allow_undefined_flag=' -expect_unresolved \*' - archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ - $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi + archive_cmds_need_lc='no' hardcode_libdir_separator=: ;; solaris*) - no_undefined_flag=' -z text' + no_undefined_flag=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' - archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' + archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else - wlarc='' - archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' - archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) - # The compiler driver will combine linker options so we - # cannot just pass the convience library names through - # without $wl, iff we do not link with $LD. - # Luckily, gcc supports the same syntax we need for Sun Studio. - # Supported since Solaris 2.6 (maybe 2.5.1?) - case $wlarc in - '') - whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;; - *) - whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; - esac ;; + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; esac link_all_deplibs=yes ;; @@ -9394,7 +9945,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi fi ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='${wl}-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no @@ -9420,18 +9971,18 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi allow_undefined_flag='${wl}-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no - hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_flag_spec='${wl}-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then - archive_cmds='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else - archive_cmds='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; @@ -9445,12 +9996,36 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ld_shlibs=no ;; esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='${wl}-Blargedynsym' + ;; + esac + fi fi -{ echo "$as_me:$LINENO: result: $ld_shlibs" >&5 -echo "${ECHO_T}$ld_shlibs" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + # # Do we need to explicitly link libc? # @@ -9468,54 +10043,281 @@ x|xyes) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. - { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 -echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } - $rm conftest* - printf "$lt_simple_compile_test_code" > conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if test "${lt_cv_archive_cmds_need_lc+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$lt_prog_compiler_wl - pic_flag=$lt_prog_compiler_pic - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$allow_undefined_flag - allow_undefined_flag= - if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 - (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } - then - archive_cmds_need_lc=no - else - archive_cmds_need_lc=yes - fi - allow_undefined_flag=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $rm conftest* - { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5 -echo "${ECHO_T}$archive_cmds_need_lc" >&6; } + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no + else + lt_cv_archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac fi ;; esac -{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 -echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([A-Za-z]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi library_names_spec= libname_spec='lib$name' soname_spec= @@ -9529,20 +10331,6 @@ shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" -if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi need_lib_prefix=unknown hardcode_into_libs=no @@ -9560,7 +10348,7 @@ aix3*) soname_spec='${libname}${release}${shared_ext}$major' ;; -aix4* | aix5*) +aix[4-9]*) version_type=linux need_lib_prefix=no need_version=no @@ -9579,7 +10367,7 @@ aix4* | aix5*) aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' - echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no @@ -9605,9 +10393,18 @@ aix4* | aix5*) ;; amigaos*) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac ;; beos*) @@ -9630,61 +10427,112 @@ bsdi[45]*) # libtool to hard-code these into programs ;; -cygwin* | mingw* | pw32*) +cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no - case $GCC,$host_os in - yes,cygwin* | yes,mingw* | yes,pw32*) + case $GCC,$cc_basename in + yes,*) + # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname' + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ - $rm \$dlpath' + $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; - mingw*) + mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + library_names_spec='${libname}.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec="$LIB" + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' ;; *) + # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + dynamic_linker='Win32 ld.exe' ;; esac - dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; @@ -9694,17 +10542,13 @@ darwin* | rhapsody*) version_type=darwin need_lib_prefix=no need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext' + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' - # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. - if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` - else - sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' - fi + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; @@ -9721,18 +10565,6 @@ freebsd1*) dynamic_linker=no ;; -kfreebsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. @@ -9770,7 +10602,7 @@ freebsd* | dragonfly*) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; - freebsd*) # from 4.6 on + *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; @@ -9787,6 +10619,19 @@ gnu*) hardcode_into_libs=yes ;; +haiku*) + version_type=linux + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. @@ -9809,18 +10654,18 @@ hpux9* | hpux10* | hpux11*) fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH @@ -9829,11 +10674,13 @@ hpux9* | hpux10* | hpux11*) soname_spec='${libname}${release}${shared_ext}$major' ;; esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 ;; -interix3*) +interix[3-9]*) version_type=linux need_lib_prefix=no need_version=no @@ -9888,7 +10735,7 @@ linux*oldld* | linux*aout* | linux*coff*) ;; # This must be Linux ELF. -linux*) +linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux need_lib_prefix=no need_version=no @@ -9897,6 +10744,41 @@ linux*) finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if test "${lt_cv_shlibpath_overrides_runpath+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. @@ -9904,7 +10786,7 @@ linux*) # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi @@ -9917,23 +10799,11 @@ linux*) dynamic_linker='GNU/Linux ld.so' ;; -knetbsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - netbsd*) version_type=sunos need_lib_prefix=no need_version=no - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' @@ -9954,14 +10824,16 @@ newsos6) shlibpath_overrides_runpath=yes ;; -nto-qnx*) - version_type=linux +*nto* | *qnx*) + version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' ;; openbsd*) @@ -9970,13 +10842,13 @@ openbsd*) need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no @@ -10010,6 +10882,10 @@ osf3* | osf4* | osf5*) sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; +rdos*) + dynamic_linker=no + ;; + solaris*) version_type=linux need_lib_prefix=no @@ -10044,7 +10920,6 @@ sysv4 | sysv4.3*) sni) shlibpath_overrides_runpath=no need_lib_prefix=no - export_dynamic_flag_spec='${wl}-Blargedynsym' runpath_var=LD_RUN_PATH ;; siemens) @@ -10075,13 +10950,12 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - shlibpath_overrides_runpath=no else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - shlibpath_overrides_runpath=yes case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" @@ -10091,6 +10965,17 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) sys_lib_dlsearch_path_spec='/usr/lib' ;; +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -10102,8 +10987,8 @@ uts4*) dynamic_linker=no ;; esac -{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 -echo "${ECHO_T}$dynamic_linker" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" @@ -10111,19 +10996,117 @@ if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi -{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 -echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= -if test -n "$hardcode_libdir_flag_spec" || \ - test -n "$runpath_var" || \ +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || test "X$hardcode_automatic" = "Xyes" ; then - # We can hardcode non-existant directories. + # We can hardcode non-existent directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one - ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no && + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink @@ -10136,10 +11119,11 @@ else # directories. hardcode_action=unsupported fi -{ echo "$as_me:$LINENO: result: $hardcode_action" >&5 -echo "${ECHO_T}$hardcode_action" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } -if test "$hardcode_action" = relink; then +if test "$hardcode_action" = relink || + test "$inherit_rpath" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || @@ -10148,36 +11132,12 @@ elif test "$shlibpath_overrides_runpath" = yes || enable_fast_install=needless fi -striplib= -old_striplib= -{ echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5 -echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; } -if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP" ; then - striplib="$STRIP -x" - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - ;; - *) - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - esac -fi -if test "x$enable_dlopen" != xyes; then + + + + + if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown @@ -10192,30 +11152,26 @@ else lt_cv_dlopen_self=yes ;; - mingw* | pw32*) + mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= - ;; + ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= - ;; + ;; darwin*) # if libdl is installed we need to link against it - { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 -echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } -if test "${ac_cv_lib_dl_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -10233,39 +11189,18 @@ return dlopen (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dl_dlopen=no + ac_cv_lib_dl_dlopen=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 -echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } -if test $ac_cv_lib_dl_dlopen = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else @@ -10275,105 +11210,21 @@ else fi - ;; + ;; *) - { echo "$as_me:$LINENO: checking for shl_load" >&5 -echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; } -if test "${ac_cv_func_shl_load+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define shl_load to an innocuous variant, in case declares shl_load. - For example, HP-UX 11i declares gettimeofday. */ -#define shl_load innocuous_shl_load - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char shl_load (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef shl_load - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char shl_load (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_shl_load || defined __stub___shl_load -choke me -#endif - -int -main () -{ -return shl_load (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_shl_load=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_shl_load=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5 -echo "${ECHO_T}$ac_cv_func_shl_load" >&6; } -if test $ac_cv_func_shl_load = yes; then + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = x""yes; then : lt_cv_dlopen="shl_load" else - { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5 -echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; } -if test "${ac_cv_lib_dld_shl_load+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if test "${ac_cv_lib_dld_shl_load+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -10391,137 +11242,32 @@ return shl_load (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dld_shl_load=no + ac_cv_lib_dld_shl_load=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5 -echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; } -if test $ac_cv_lib_dld_shl_load = yes; then - lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = x""yes; then : + lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else - { echo "$as_me:$LINENO: checking for dlopen" >&5 -echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; } -if test "${ac_cv_func_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define dlopen to an innocuous variant, in case declares dlopen. - For example, HP-UX 11i declares gettimeofday. */ -#define dlopen innocuous_dlopen - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char dlopen (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef dlopen - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_dlopen || defined __stub___dlopen -choke me -#endif - -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_dlopen=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_dlopen=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5 -echo "${ECHO_T}$ac_cv_func_dlopen" >&6; } -if test $ac_cv_func_dlopen = yes; then + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" else - { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 -echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } -if test "${ac_cv_lib_dl_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -10539,53 +11285,28 @@ return dlopen (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dl_dlopen=no + ac_cv_lib_dl_dlopen=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 -echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } -if test $ac_cv_lib_dl_dlopen = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else - { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5 -echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; } -if test "${ac_cv_lib_svld_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if test "${ac_cv_lib_svld_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -10603,53 +11324,28 @@ return dlopen (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_svld_dlopen=no + ac_cv_lib_svld_dlopen=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5 -echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; } -if test $ac_cv_lib_svld_dlopen = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else - { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5 -echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; } -if test "${ac_cv_lib_dld_dld_link+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if test "${ac_cv_lib_dld_dld_link+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -10667,40 +11363,19 @@ return dld_link (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dld_dld_link=no + ac_cv_lib_dld_dld_link=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5 -echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; } -if test $ac_cv_lib_dld_dld_link = yes; then - lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = x""yes; then : + lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi @@ -10738,18 +11413,18 @@ fi save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" - { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5 -echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; } -if test "${lt_cv_dlopen_self+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if test "${lt_cv_dlopen_self+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown - cat > conftest.$ac_ext < conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10790,11 +11465,13 @@ else # endif #endif -#ifdef __cplusplus -extern "C" void exit (int); +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); #endif -void fnord() { int i=42;} +int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); @@ -10803,20 +11480,24 @@ int main () if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } /* dlclose (self); */ } else puts (dlerror ()); - exit (status); + return status; } -EOF - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -10833,23 +11514,23 @@ rm -fr conftest* fi -{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5 -echo "${ECHO_T}$lt_cv_dlopen_self" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5 -echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; } -if test "${lt_cv_dlopen_self_static+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if test "${lt_cv_dlopen_self_static+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown - cat > conftest.$ac_ext < conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10890,11 +11571,13 @@ else # endif #endif -#ifdef __cplusplus -extern "C" void exit (int); +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); #endif -void fnord() { int i=42;} +int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); @@ -10903,20 +11586,24 @@ int main () if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } /* dlclose (self); */ } else puts (dlerror ()); - exit (status); + return status; } -EOF - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -10933,8 +11620,8 @@ rm -fr conftest* fi -{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5 -echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS="$save_CPPFLAGS" @@ -10955,524 +11642,103 @@ echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; } fi -# Report which library types will actually be built -{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 -echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; } -{ echo "$as_me:$LINENO: result: $can_build_shared" >&5 -echo "${ECHO_T}$can_build_shared" >&6; } -{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 -echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; } -test "$can_build_shared" = "no" && enable_shared=no -# On AIX, shared libraries and static libraries use the same namespace, and -# are all built from PIC. -case $host_os in -aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; -aix4* | aix5*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no - fi + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi ;; -esac -{ echo "$as_me:$LINENO: result: $enable_shared" >&5 -echo "${ECHO_T}$enable_shared" >&6; } - -{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5 -echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; } -# Make sure either enable_shared or enable_static is yes. -test "$enable_shared" = yes || enable_static=yes -{ echo "$as_me:$LINENO: result: $enable_static" >&5 -echo "${ECHO_T}$enable_static" >&6; } - -# The else clause should only fire when bootstrapping the -# libtool distribution, otherwise you forgot to ship ltmain.sh -# with your package, and you will get complaints that there are -# no rules to generate ltmain.sh. -if test -f "$ltmain"; then - # See if we are running on zsh, and set the options which allow our commands through - # without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST - fi - # Now quote all the things that may contain metacharacters while being - # careful not to overquote the AC_SUBSTed values. We take copies of the - # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ - SED SHELL STRIP \ - libname_spec library_names_spec soname_spec extract_expsyms_cmds \ - old_striplib striplib file_magic_cmd finish_cmds finish_eval \ - deplibs_check_method reload_flag reload_cmds need_locks \ - lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ - lt_cv_sys_global_symbol_to_c_name_address \ - sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ - old_postinstall_cmds old_postuninstall_cmds \ - compiler \ - CC \ - LD \ - lt_prog_compiler_wl \ - lt_prog_compiler_pic \ - lt_prog_compiler_static \ - lt_prog_compiler_no_builtin_flag \ - export_dynamic_flag_spec \ - thread_safe_flag_spec \ - whole_archive_flag_spec \ - enable_shared_with_static_runtimes \ - old_archive_cmds \ - old_archive_from_new_cmds \ - predep_objects \ - postdep_objects \ - predeps \ - postdeps \ - compiler_lib_search_path \ - archive_cmds \ - archive_expsym_cmds \ - postinstall_cmds \ - postuninstall_cmds \ - old_archive_from_expsyms_cmds \ - allow_undefined_flag \ - no_undefined_flag \ - export_symbols_cmds \ - hardcode_libdir_flag_spec \ - hardcode_libdir_flag_spec_ld \ - hardcode_libdir_separator \ - hardcode_automatic \ - module_cmds \ - module_expsym_cmds \ - lt_cv_prog_compiler_c_o \ - exclude_expsyms \ - include_expsyms; do - - case $var in - old_archive_cmds | \ - old_archive_from_new_cmds | \ - archive_cmds | \ - archive_expsym_cmds | \ - module_cmds | \ - module_expsym_cmds | \ - old_archive_from_expsyms_cmds | \ - export_symbols_cmds | \ - extract_expsyms_cmds | reload_cmds | finish_cmds | \ - postinstall_cmds | postuninstall_cmds | \ - old_postinstall_cmds | old_postuninstall_cmds | \ - sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) - # Double-quote double-evaled strings. - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" - ;; - *) - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" - ;; - esac - done - - case $lt_echo in - *'\$0 --fallback-echo"') - lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; esac +fi -cfgfile="${ofile}T" - trap "$rm \"$cfgfile\"; exit 1" 1 2 15 - $rm -f "$cfgfile" - { echo "$as_me:$LINENO: creating $ofile" >&5 -echo "$as_me: creating $ofile" >&6;} - cat <<__EOF__ >> "$cfgfile" -#! $SHELL -# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) -# NOTE: Changes made to this file will be lost: look at ltmain.sh. -# -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 -# Free Software Foundation, Inc. -# -# This file is part of GNU Libtool: -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. -# A sed program that does not truncate output. -SED=$lt_SED -# Sed that helps us avoid accidentally triggering echo(1) options like -n. -Xsed="$SED -e 1s/^X//" -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# The names of the tagged configurations supported by this script. -available_tags= -# ### BEGIN LIBTOOL CONFIG -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc - -# Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# An echo program that does not interpret backslashes. -echo=$lt_echo - -# The archiver. -AR=$lt_AR -AR_FLAGS=$lt_AR_FLAGS - -# A C compiler. -LTCC=$lt_LTCC - -# LTCC compiler flags. -LTCFLAGS=$lt_LTCFLAGS - -# A language-specific compiler. -CC=$lt_compiler - -# Is the compiler the GNU C compiler? -with_gcc=$GCC - -# An ERE matcher. -EGREP=$lt_EGREP - -# The linker used to build libraries. -LD=$lt_LD - -# Whether we need hard or soft links. -LN_S=$lt_LN_S - -# A BSD-compatible nm program. -NM=$lt_NM - -# A symbol stripping program -STRIP=$lt_STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl - -# Object file suffix (normally "o"). -objext="$ac_objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Shared library suffix (normally ".so"). -shrext_cmds='$shrext_cmds' - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$lt_cv_sys_max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$lt_thread_safe_flag_spec - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$lt_RANLIB -old_archive_cmds=$lt_old_archive_cmds -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds - -# Commands used to build and install a shared archive. -archive_cmds=$lt_archive_cmds -archive_expsym_cmds=$lt_archive_expsym_cmds -postinstall_cmds=$lt_postinstall_cmds -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to build a loadable module (assumed same as above if empty) -module_cmds=$lt_module_cmds -module_expsym_cmds=$lt_module_expsym_cmds - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$lt_predep_objects - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$lt_postdep_objects - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$lt_predeps - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$lt_postdeps - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$lt_file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag - -# Flag that forces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$lt_finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm in a C name address pair -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec - -# If ld is used when linking, flag to hardcode \$libdir into -# a binary during linking. This must work even if \$libdir does -# not exist. -hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator - -# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$hardcode_direct - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$hardcode_minus_L - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var - -# Set to yes if building a shared library automatically hardcodes DIR into the library -# and all subsequent libraries and executables linked against it. -hardcode_automatic=$hardcode_automatic - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$fix_srcfile_path" - -# Set to yes if exported symbols are required. -always_export_symbols=$always_export_symbols - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms - -# ### END LIBTOOL CONFIG - -__EOF__ + # Report which library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test "$can_build_shared" = "no" && enable_shared=no + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. case $host_os in aix3*) - cat <<\EOF >> "$cfgfile" + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -EOF + aix[4-9]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi ;; esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1) - mv -f "$cfgfile" "$ofile" || \ - (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") - chmod +x "$ofile" -else - # If there is no Makefile yet, we rely on a make rule to execute - # `config.status --recheck' to rerun these tests and create the - # libtool script then. - ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` - if test -f "$ltmain_in"; then - test -f Makefile && make "$ltmain" - fi fi - - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -11482,8715 +11748,996 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" -# Check whether --with-tags was given. -if test "${with_tags+set}" = set; then - withval=$with_tags; tagnames="$withval" + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + + + + +test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' +test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal' + + +CANONICAL_HOST=$host + + +# Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then : + enableval=$enable_largefile; fi +if test "$enable_largefile" != no; then -if test -f "$ltmain" && test -n "$tagnames"; then - if test ! -f "${ofile}"; then - { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5 -echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;} - fi - - if test -z "$LTCC"; then - eval "`$SHELL ${ofile} --config | grep '^LTCC='`" - if test -z "$LTCC"; then - { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5 -echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;} - else - { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5 -echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;} - fi - fi - if test -z "$LTCFLAGS"; then - eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`" - fi - - # Extract list of available tagged configurations in $ofile. - # Note that this assumes the entire list is on one line. - available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` - - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for tagname in $tagnames; do - IFS="$lt_save_ifs" - # Check whether tagname contains only valid characters - case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in - "") ;; - *) { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5 -echo "$as_me: error: invalid tag name: $tagname" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - - if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null - then - { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5 -echo "$as_me: error: tag name \"$tagname\" already exists" >&2;} - { (exit 1); exit 1; }; } - fi - - # Update the list of available tags. - if test -n "$tagname"; then - echo appending configuration tag \"$tagname\" to $ofile - - case $tagname in - CXX) - if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - ac_ext=cpp -ac_cpp='$CXXCPP $CPPFLAGS' -ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_cxx_compiler_gnu - - - - -archive_cmds_need_lc_CXX=no -allow_undefined_flag_CXX= -always_export_symbols_CXX=no -archive_expsym_cmds_CXX= -export_dynamic_flag_spec_CXX= -hardcode_direct_CXX=no -hardcode_libdir_flag_spec_CXX= -hardcode_libdir_flag_spec_ld_CXX= -hardcode_libdir_separator_CXX= -hardcode_minus_L_CXX=no -hardcode_shlibpath_var_CXX=unsupported -hardcode_automatic_CXX=no -module_cmds_CXX= -module_expsym_cmds_CXX= -link_all_deplibs_CXX=unknown -old_archive_cmds_CXX=$old_archive_cmds -no_undefined_flag_CXX= -whole_archive_flag_spec_CXX= -enable_shared_with_static_runtimes_CXX=no - -# Dependencies to place before and after the object being linked: -predep_objects_CXX= -postdep_objects_CXX= -predeps_CXX= -postdeps_CXX= -compiler_lib_search_path_CXX= - -# Source file extension for C++ test sources. -ac_ext=cpp - -# Object file extension for compiled C++ test sources. -objext=o -objext_CXX=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;\n" - -# Code to be used in simple link tests -lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n' - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - - -# save warnings/boilerplate of simple test code -ac_outfile=conftest.$ac_objext -printf "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$rm conftest* - -ac_outfile=conftest.$ac_objext -printf "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$rm conftest* - - -# Allow CC to be a program name with arguments. -lt_save_CC=$CC -lt_save_LD=$LD -lt_save_GCC=$GCC -GCC=$GXX -lt_save_with_gnu_ld=$with_gnu_ld -lt_save_path_LD=$lt_cv_path_LD -if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then - lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if test "${ac_cv_sys_largefile_CC+set}" = set; then : + $as_echo_n "(cached) " >&6 else - $as_unset lt_cv_prog_gnu_ld + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF + if ac_fn_c_try_compile "$LINENO"; then : + break fi -if test -n "${lt_cv_path_LDCXX+set}"; then - lt_cv_path_LD=$lt_cv_path_LDCXX +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_largefile_CC=' -n32'; break +fi +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test "${ac_cv_sys_file_offset_bits+set}" = set; then : + $as_echo_n "(cached) " >&6 else - $as_unset lt_cv_path_LD + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=no; break fi -test -z "${LDCXX+set}" || LD=$LDCXX -CC=${CXX-"c++"} -compiler=$CC -compiler_CXX=$CC -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=64; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` - - -# We don't want -fno-exception wen compiling C++ code, so set the -# no_builtin_flag separately -if test "$GXX" = yes; then - lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' -else - lt_prog_compiler_no_builtin_flag_CXX= fi - -if test "$GXX" = yes; then - # Set up default GNU C++ configuration - - -# Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then - withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes -else - with_gnu_ld=no -fi - -ac_prog=ld -if test "$GCC" = yes; then - # Check if gcc -print-prog-name=ld gives a path. - { echo "$as_me:$LINENO: checking for ld used by $CC" >&5 -echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } - case $host in - *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw - ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; *) - ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; - esac - case $ac_prog in - # Accept absolute paths. - [\\/]* | ?:[\\/]*) - re_direlt='/[^/][^/]*/\.\./' - # Canonicalize the pathname of ld - ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` - while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do - ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` - done - test -z "$LD" && LD="$ac_prog" - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test "$with_gnu_ld" = yes; then - { echo "$as_me:$LINENO: checking for GNU ld" >&5 -echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; } -else - { echo "$as_me:$LINENO: checking for non-GNU ld" >&5 -echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; } -fi -if test "${lt_cv_path_LD+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some variants of GNU ld only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$lt_cv_path_LD" -v 2>&1 &5 -echo "${ECHO_T}$LD" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi -test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 -echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} - { (exit 1); exit 1; }; } -{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 -echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; } -if test "${lt_cv_prog_gnu_ld+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # I'd rather use --version here, but apparently some GNU lds only accept -v. -case `$LD -v 2>&1 >confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; esac -fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5 -echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; } -with_gnu_ld=$lt_cv_prog_gnu_ld - - - - # Check if GNU C++ uses GNU ld as the underlying linker, since the - # archiving commands below assume that GNU ld is being used. - if test "$with_gnu_ld" = yes; then - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - - hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir' - export_dynamic_flag_spec_CXX='${wl}--export-dynamic' - - # If archive_cmds runs LD, not CC, wlarc should be empty - # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to - # investigate it a little bit more. (MM) - wlarc='${wl}' - - # ancient GNU ld didn't support --whole-archive et. al. - if eval "`$CC -print-prog-name=ld` --help 2>&1" | \ - grep 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec_CXX= - fi - else - with_gnu_ld=no - wlarc= - - # A generic and very simple default shared library creation - # command for GNU C++ for the case where it uses the native - # linker, instead of GNU ld. If possible, this setting should - # overridden to take advantage of the native linker features on - # the platform it is being used on. - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - fi - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' - +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if test "${ac_cv_sys_large_files+set}" = set; then : + $as_echo_n "(cached) " >&6 else - GXX=no - with_gnu_ld=no - wlarc= + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi fi -# PORTME: fill in a description of your system's C++ link characteristics -{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } -ld_shlibs_CXX=yes -case $host_os in - aix3*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - aix4* | aix5*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - aix_use_runtimelinking=no - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix5*) - for ld_flag in $LDFLAGS; do - case $ld_flag in - *-brtl*) - aix_use_runtimelinking=yes - break - ;; - esac +if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then + CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" +fi +if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then + CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits" +fi + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen" >&5 +$as_echo_n "checking for dlopen... " >&6; } +if test "${ac_cv_funclib_dlopen+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" dl; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_DLFCN_H +#include +#endif +int +main () +{ +dlopen(0,0) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done - ;; - esac + eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}" + LIBS="$ac_save_LIBS" +fi - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi +fi - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - archive_cmds_CXX='' - hardcode_direct_CXX=yes - hardcode_libdir_separator_CXX=':' - link_all_deplibs_CXX=yes +eval "ac_res=\$ac_cv_funclib_dlopen" - if test "$GXX" = yes; then - case $host_os in aix4.[012]|aix4.[012].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null - then - # We have reworked collect2 - hardcode_direct_CXX=yes - else - # We have old collect2 - hardcode_direct_CXX=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - hardcode_minus_L_CXX=yes - hardcode_libdir_flag_spec_CXX='-L$libdir' - hardcode_libdir_separator_CXX= - fi - ;; - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - always_export_symbols_CXX=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - allow_undefined_flag_CXX='-berok' - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +if false; then + for ac_func in dlopen +do : + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLOPEN 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + +fi +done + +fi +# dlopen +eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_dlopen=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dlopen=yes" + eval "LIB_dlopen=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + no) + eval "ac_cv_func_dlopen=no" + eval "LIB_dlopen=" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + *) + eval "ac_cv_func_dlopen=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } + ;; +esac + + + if test "$ac_cv_funclib_dlopen" != no; then + HAVE_DLOPEN_TRUE= + HAVE_DLOPEN_FALSE='#' +else + HAVE_DLOPEN_TRUE='#' + HAVE_DLOPEN_FALSE= +fi + + + + +aix=no +case "$host" in +*-*-aix3*) + aix=3 + ;; +*-*-aix[4-9]*) + aix=4 + ;; +esac + + if test "$aix" != no; then + AIX_TRUE= + AIX_FALSE='#' +else + AIX_TRUE='#' + AIX_FALSE= +fi + if test "$aix" = 4; then + AIX4_TRUE= + AIX4_FALSE='#' +else + AIX4_TRUE='#' + AIX4_FALSE= +fi + +# Check whether --enable-dynamic-afs was given. +if test "${enable_dynamic_afs+set}" = set; then : + enableval=$enable_dynamic_afs; +fi + + +if test "$aix" != no; then + + +$as_echo "#define NEED_QSORT 1" >>confdefs.h + + + if test "$enable_dynamic_afs" != no; then + + if test "$ac_cv_func_dlopen" = no; then + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for loadquery" >&5 +$as_echo_n "checking for loadquery... " >&6; } +if test "${ac_cv_funclib_loadquery+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +if eval "test \"\$ac_cv_func_loadquery\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ld; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - +loadquery() ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" +if ac_fn_c_try_link "$LINENO"; then : + eval "if test -n \"$ac_lib\";then ac_cv_funclib_loadquery=$ac_lib; else ac_cv_funclib_loadquery=yes; fi";break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_loadquery=\${ac_cv_funclib_loadquery-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_loadquery" + +if false; then + for ac_func in loadquery +do : + ac_fn_c_check_func "$LINENO" "loadquery" "ac_cv_func_loadquery" +if test "x$ac_cv_func_loadquery" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LOADQUERY 1 +_ACEOF + +fi +done + +fi +# loadquery +eval "ac_tr_func=HAVE_`echo loadquery | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_loadquery=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_loadquery=yes" + eval "LIB_loadquery=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + no) + eval "ac_cv_func_loadquery=no" + eval "LIB_loadquery=" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + *) + eval "ac_cv_func_loadquery=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } + ;; +esac + + + fi + if test "$ac_cv_func_dlopen" != no; then + AIX_EXTRA_KAFS='$(LIB_dlopen)' + elif test "$ac_cv_func_loadquery" != no; then + AIX_EXTRA_KAFS='$(LIB_loadquery)' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not using dynloaded AFS library" >&5 +$as_echo "$as_me: not using dynloaded AFS library" >&6;} + AIX_EXTRA_KAFS= + enable_dynamic_afs=no + fi + else + AIX_EXTRA_KAFS= + fi +fi + + if test "$enable_dynamic_afs" != no; then + AIX_DYNAMIC_AFS_TRUE= + AIX_DYNAMIC_AFS_FALSE='#' +else + AIX_DYNAMIC_AFS_TRUE='#' + AIX_DYNAMIC_AFS_FALSE= +fi + +if test "$aix" != no; then + +$as_echo "#define _ALL_SOURCE 1" >>confdefs.h + +fi + + + + + +irix=no +case "$host" in +*-*-irix*) + irix=yes + ;; +esac + if test "$irix" != no; then + IRIX_TRUE= + IRIX_FALSE='#' +else + IRIX_TRUE='#' + IRIX_FALSE= +fi + + + +sunos=no +case "$host" in +*-*-solaris2.7) + sunos=57 + ;; +*-*-solaris2.[89] | *-*-solaris2.1[0-9]) + sunos=58 + ;; +*-*-solaris2*) + sunos=50 + ;; +esac +if test "$sunos" != no; then + +cat >>confdefs.h <<_ACEOF +#define SunOS $sunos +_ACEOF + +fi + + + +$as_echo "#define _GNU_SOURCE 1" >>confdefs.h + + + + + +for ac_prog in 'bison -y' byacc +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_YACC+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$YACC"; then + ac_cv_prog_YACC="$YACC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_YACC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +YACC=$ac_cv_prog_YACC +if test -n "$YACC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 +$as_echo "$YACC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$YACC" && break +done +test -n "$YACC" || YACC="yacc" + +for ac_prog in flex lex +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_LEX+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LEX"; then + ac_cv_prog_LEX="$LEX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_LEX="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LEX=$ac_cv_prog_LEX +if test -n "$LEX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5 +$as_echo "$LEX" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$LEX" && break +done +test -n "$LEX" || LEX=":" + +if test "x$LEX" != "x:"; then + cat >conftest.l <<_ACEOF +%% +a { ECHO; } +b { REJECT; } +c { yymore (); } +d { yyless (1); } +e { yyless (input () != 0); } +f { unput (yytext[0]); } +. { BEGIN INITIAL; } +%% +#ifdef YYTEXT_POINTER +extern char *yytext; +#endif +int +main (void) +{ + return ! yylex () + ! yywrap (); +} +_ACEOF +{ { ac_try="$LEX conftest.l" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$LEX conftest.l") 2>&5 ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5 +$as_echo_n "checking lex output file root... " >&6; } +if test "${ac_cv_prog_lex_root+set}" = set; then : + $as_echo_n "(cached) " >&6 else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if test -f lex.yy.c; then + ac_cv_prog_lex_root=lex.yy +elif test -f lexyy.c; then + ac_cv_prog_lex_root=lexyy +else + as_fn_error "cannot find output from $LEX; giving up" "$LINENO" 5 +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 +$as_echo "$ac_cv_prog_lex_root" >&6; } +LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root + +if test -z "${LEXLIB+set}"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5 +$as_echo_n "checking lex library... " >&6; } +if test "${ac_cv_lib_lex+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS=$LIBS + ac_cv_lib_lex='none needed' + for ac_lib in '' -lfl -ll; do + LIBS="$ac_lib $ac_save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +`cat $LEX_OUTPUT_ROOT.c` +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_lex=$ac_lib +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + test "$ac_cv_lib_lex" != 'none needed' && break + done + LIBS=$ac_save_LIBS fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5 +$as_echo "$ac_cv_lib_lex" >&6; } + test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex +fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi - hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath" - - archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib' - allow_undefined_flag_CXX="-z nodefs" - archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5 +$as_echo_n "checking whether yytext is a pointer... " >&6; } +if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + # POSIX says lex can declare yytext either as a pointer or an array; the +# default is implementation-dependent. Figure out which it is, since +# not all implementations provide the %pointer and %array declarations. +ac_cv_prog_lex_yytext_pointer=no +ac_save_LIBS=$LIBS +LIBS="$LEXLIB $ac_save_LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define YYTEXT_POINTER 1 +`cat $LEX_OUTPUT_ROOT.c` _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_prog_lex_yytext_pointer=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_save_LIBS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5 +$as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; } +if test $ac_cv_prog_lex_yytext_pointer = yes; then + +$as_echo "#define YYTEXT_POINTER 1" >>confdefs.h + +fi +rm -f conftest.l $LEX_OUTPUT_ROOT.c + +fi +if test "$LEX" = :; then + LEX=${am_missing_run}flex +fi +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_AWK+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ln -s or something else" >&5 +$as_echo_n "checking for ln -s or something else... " >&6; } +if test "${ac_cv_prog_LN_S+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi +fi +LN_S="$ac_cv_prog_LN_S" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_LN_S" >&5 +$as_echo "$ac_cv_prog_LN_S" >&6; } + + + + +# Check whether --with-mips_abi was given. +if test "${with_mips_abi+set}" = set; then : + withval=$with_mips_abi; +fi + + +case "$host_os" in +irix*) +with_mips_abi="${with_mips_abi:-yes}" +if test -n "$GCC"; then + +# GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select +# which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. +# +# Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old +# GCC and revert back to O32. The same goes if O32 is asked for - old +# GCCs doesn't like the -mabi option, and new GCCs can't output O32. +# +# Don't you just love *all* the different SGI ABIs? + +case "${with_mips_abi}" in + 32|o32) abi='-mabi=32'; abilibdirext='' ;; + n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; + 64) abi='-mabi=64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) as_fn_error "\"Invalid ABI specified\"" "$LINENO" 5 ;; +esac +if test -n "$abi" ; then +ac_foo=krb_cv_gcc_`echo $abi | tr =- __` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports the $abi option" >&5 +$as_echo_n "checking if $CC supports the $abi option... " >&6; } +if { as_var=$ac_foo; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + +save_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $abi" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - +int x; ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi +if ac_fn_c_try_compile "$LINENO"; then : + eval $ac_foo=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - + eval $ac_foo=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_extCFLAGS="$save_CFLAGS" fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi - - hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - no_undefined_flag_CXX=' ${wl}-bernotok' - allow_undefined_flag_CXX=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - whole_archive_flag_spec_CXX='$convenience' - archive_cmds_need_lc_CXX=yes - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; - - beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - allow_undefined_flag_CXX=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - ld_shlibs_CXX=no - fi - ;; - - chorus*) - case $cc_basename in - *) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - esac - ;; - - cygwin* | mingw* | pw32*) - # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless, - # as there is no search path for DLLs. - hardcode_libdir_flag_spec_CXX='-L$libdir' - allow_undefined_flag_CXX=unsupported - always_export_symbols_CXX=no - enable_shared_with_static_runtimes_CXX=yes - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - ld_shlibs_CXX=no - fi - ;; - darwin* | rhapsody*) - case $host_os in - rhapsody* | darwin1.[012]) - allow_undefined_flag_CXX='${wl}-undefined ${wl}suppress' - ;; - *) # Darwin 1.3 on - if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then - allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - else - case ${MACOSX_DEPLOYMENT_TARGET} in - 10.[012]) - allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - ;; - 10.*) - allow_undefined_flag_CXX='${wl}-undefined ${wl}dynamic_lookup' - ;; - esac - fi - ;; - esac - archive_cmds_need_lc_CXX=no - hardcode_direct_CXX=no - hardcode_automatic_CXX=yes - hardcode_shlibpath_var_CXX=unsupported - whole_archive_flag_spec_CXX='' - link_all_deplibs_CXX=yes - - if test "$GXX" = yes ; then - lt_int_apple_cc_single_mod=no - output_verbose_link_cmd='echo' - if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then - lt_int_apple_cc_single_mod=yes - fi - if test "X$lt_int_apple_cc_single_mod" = Xyes ; then - archive_cmds_CXX='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - else - archive_cmds_CXX='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - fi - module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - if test "X$lt_int_apple_cc_single_mod" = Xyes ; then - archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - fi - module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - case $cc_basename in - xlc*) - output_verbose_link_cmd='echo' - archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' - module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - ;; - *) - ld_shlibs_CXX=no - ;; - esac - fi - ;; - - dgux*) - case $cc_basename in - ec++*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - ghcx*) - # Green Hills C++ Compiler - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - *) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - esac - ;; - freebsd[12]*) - # C++ shared libraries reported to be fairly broken before switch to ELF - ld_shlibs_CXX=no - ;; - freebsd-elf*) - archive_cmds_need_lc_CXX=no - ;; - freebsd* | kfreebsd*-gnu | dragonfly*) - # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF - # conventions - ld_shlibs_CXX=yes - ;; - gnu*) - ;; - hpux9*) - hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_CXX=: - export_dynamic_flag_spec_CXX='${wl}-E' - hardcode_direct_CXX=yes - hardcode_minus_L_CXX=yes # Not in the search PATH, - # but as the default - # location of the library. - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - aCC*) - archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes; then - archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - fi - ;; - esac - ;; - hpux10*|hpux11*) - if test $with_gnu_ld = no; then - hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_CXX=: - - case $host_cpu in - hppa*64*|ia64*) - hardcode_libdir_flag_spec_ld_CXX='+b $libdir' - ;; - *) - export_dynamic_flag_spec_CXX='${wl}-E' - ;; - esac - fi - case $host_cpu in - hppa*64*|ia64*) - hardcode_direct_CXX=no - hardcode_shlibpath_var_CXX=no - ;; - *) - hardcode_direct_CXX=yes - hardcode_minus_L_CXX=yes # Not in the search PATH, - # but as the default - # location of the library. - ;; - esac - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - aCC*) - case $host_cpu in - hppa*64*) - archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes; then - if test $with_gnu_ld = no; then - case $host_cpu in - hppa*64*) - archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - fi - else - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - fi - ;; - esac - ;; - interix3*) - hardcode_direct_CXX=no - hardcode_shlibpath_var_CXX=no - hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' - export_dynamic_flag_spec_CXX='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - irix5* | irix6*) - case $cc_basename in - CC*) - # SGI C++ - archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - - # Archives containing C++ object files must be created using - # "CC -ar", where "CC" is the IRIX C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs' - ;; - *) - if test "$GXX" = yes; then - if test "$with_gnu_ld" = no; then - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib' - fi - fi - link_all_deplibs_CXX=yes - ;; - esac - hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_CXX=: - ;; - linux*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - - hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir' - export_dynamic_flag_spec_CXX='${wl}--export-dynamic' - - # Archives containing C++ object files must be created using - # "CC -Bstatic", where "CC" is the KAI C++ compiler. - old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' - ;; - icpc*) - # Intel C++ - with_gnu_ld=yes - # version 8.0 and above of icpc choke on multiply defined symbols - # if we add $predep_objects and $postdep_objects, however 7.1 and - # earlier do not add the objects themselves. - case `$CC -V 2>&1` in - *"Version 7."*) - archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - ;; - *) # Version 8.0 or newer - tmp_idyn= - case $host_cpu in - ia64*) tmp_idyn=' -i_dynamic';; - esac - archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - ;; - esac - archive_cmds_need_lc_CXX=no - hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' - export_dynamic_flag_spec_CXX='${wl}--export-dynamic' - whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive' - ;; - pgCC*) - # Portland Group C++ compiler - archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' - archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' - - hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir' - export_dynamic_flag_spec_CXX='${wl}--export-dynamic' - whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - ;; - cxx*) - # Compaq C++ - archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' - - runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec_CXX='-rpath $libdir' - hardcode_libdir_separator_CXX=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - esac - ;; - lynxos*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - m88k*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - mvs*) - case $cc_basename in - cxx*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - *) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - esac - ;; - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' - wlarc= - hardcode_libdir_flag_spec_CXX='-R$libdir' - hardcode_direct_CXX=yes - hardcode_shlibpath_var_CXX=no - fi - # Workaround some broken pre-1.5 toolchains - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' - ;; - openbsd2*) - # C++ shared libraries are fairly broken - ld_shlibs_CXX=no - ;; - openbsd*) - hardcode_direct_CXX=yes - hardcode_shlibpath_var_CXX=no - archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' - export_dynamic_flag_spec_CXX='${wl}-E' - whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - fi - output_verbose_link_cmd='echo' - ;; - osf3*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - - hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' - hardcode_libdir_separator_CXX=: - - # Archives containing C++ object files must be created using - # "CC -Bstatic", where "CC" is the KAI C++ compiler. - old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' - - ;; - RCC*) - # Rational C++ 2.4.1 - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - cxx*) - allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - - hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_CXX=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - - hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_CXX=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' - - else - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - fi - ;; - esac - ;; - osf4* | osf5*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - - hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' - hardcode_libdir_separator_CXX=: - - # Archives containing C++ object files must be created using - # the KAI C++ compiler. - old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' - ;; - RCC*) - # Rational C++ 2.4.1 - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - cxx*) - allow_undefined_flag_CXX=' -expect_unresolved \*' - archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ - echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~ - $rm $lib.exp' - - hardcode_libdir_flag_spec_CXX='-rpath $libdir' - hardcode_libdir_separator_CXX=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' - ;; - *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - - hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_CXX=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' - - else - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - fi - ;; - esac - ;; - psos*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - lcc*) - # Lucid - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - *) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - esac - ;; - solaris*) - case $cc_basename in - CC*) - # Sun C++ 4.2, 5.x and Centerline C++ - archive_cmds_need_lc_CXX=yes - no_undefined_flag_CXX=' -zdefs' - archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' - - hardcode_libdir_flag_spec_CXX='-R$libdir' - hardcode_shlibpath_var_CXX=no - case $host_os in - solaris2.[0-5] | solaris2.[0-5].*) ;; - *) - # The C++ compiler is used as linker so we must use $wl - # flag to pass the commands to the underlying system - # linker. We must also pass each convience library through - # to the system linker between allextract/defaultextract. - # The C++ compiler will combine linker options so we - # cannot just pass the convience library names through - # without $wl. - # Supported since Solaris 2.6 (maybe 2.5.1?) - whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' - ;; - esac - link_all_deplibs_CXX=yes - - output_verbose_link_cmd='echo' - - # Archives containing C++ object files must be created using - # "CC -xar", where "CC" is the Sun C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' - ;; - gcx*) - # Green Hills C++ Compiler - archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - - # The C++ compiler must be used to create the archive. - old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs' - ;; - *) - # GNU C++ compiler with Solaris linker - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - no_undefined_flag_CXX=' ${wl}-z ${wl}defs' - if $CC --version | grep -v '^2\.7' > /dev/null; then - archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" - else - # g++ 2.7 appears to require `-G' NOT `-shared' on this - # platform. - archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" - fi - - hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir' - fi - ;; - esac - ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) - no_undefined_flag_CXX='${wl}-z,text' - archive_cmds_need_lc_CXX=no - hardcode_shlibpath_var_CXX=no - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - # For security reasons, it is highly recommended that you always - # use absolute paths for naming shared libraries, and exclude the - # DT_RUNPATH tag from executables and libraries. But doing so - # requires that you compile everything twice, which is a pain. - # So that behaviour is only enabled if SCOABSPATH is set to a - # non-empty value in the environment. Most likely only useful for - # creating official distributions of packages. - # This is a hack until libtool officially supports absolute path - # names for shared libraries. - no_undefined_flag_CXX='${wl}-z,text' - allow_undefined_flag_CXX='${wl}-z,nodefs' - archive_cmds_need_lc_CXX=no - hardcode_shlibpath_var_CXX=no - hardcode_libdir_flag_spec_CXX='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' - hardcode_libdir_separator_CXX=':' - link_all_deplibs_CXX=yes - export_dynamic_flag_spec_CXX='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - archive_cmds_CXX='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds_CXX='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - *) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - esac - ;; - vxworks*) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; - *) - # FIXME: insert proper C++ library support - ld_shlibs_CXX=no - ;; -esac -{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5 -echo "${ECHO_T}$ld_shlibs_CXX" >&6; } -test "$ld_shlibs_CXX" = no && can_build_shared=no - -GCC_CXX="$GXX" -LD_CXX="$LD" - - -cat > conftest.$ac_ext <&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - # Parse the compiler output and extract the necessary - # objects, libraries and library flags. - - # Sentinel used to keep track of whether or not we are before - # the conftest object file. - pre_test_object_deps_done=no - - # The `*' in the case matches for architectures that use `case' in - # $output_verbose_cmd can trigger glob expansion during the loop - # eval without this substitution. - output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"` - - for p in `eval $output_verbose_link_cmd`; do - case $p in - - -L* | -R* | -l*) - # Some compilers place space between "-{L,R}" and the path. - # Remove the space. - if test $p = "-L" \ - || test $p = "-R"; then - prev=$p - continue - else - prev= - fi - - if test "$pre_test_object_deps_done" = no; then - case $p in - -L* | -R*) - # Internal compiler library paths should come after those - # provided the user. The postdeps already come after the - # user supplied libs so there is no need to process them. - if test -z "$compiler_lib_search_path_CXX"; then - compiler_lib_search_path_CXX="${prev}${p}" - else - compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}" - fi - ;; - # The "-l" case would never come before the object being - # linked, so don't bother handling this case. - esac - else - if test -z "$postdeps_CXX"; then - postdeps_CXX="${prev}${p}" - else - postdeps_CXX="${postdeps_CXX} ${prev}${p}" - fi - fi - ;; - - *.$objext) - # This assumes that the test object file only shows up - # once in the compiler output. - if test "$p" = "conftest.$objext"; then - pre_test_object_deps_done=yes - continue - fi - - if test "$pre_test_object_deps_done" = no; then - if test -z "$predep_objects_CXX"; then - predep_objects_CXX="$p" - else - predep_objects_CXX="$predep_objects_CXX $p" - fi - else - if test -z "$postdep_objects_CXX"; then - postdep_objects_CXX="$p" - else - postdep_objects_CXX="$postdep_objects_CXX $p" - fi - fi - ;; - - *) ;; # Ignore the rest. - - esac - done - - # Clean up. - rm -f a.out a.exe -else - echo "libtool.m4: error: problem compiling CXX test program" -fi - -$rm -f confest.$objext - -# PORTME: override above test on systems where it is broken -case $host_os in -interix3*) - # Interix 3.5 installs completely hosed .la files for C++, so rather than - # hack all around it, let's just trust "g++" to DTRT. - predep_objects_CXX= - postdep_objects_CXX= - postdeps_CXX= - ;; - -solaris*) - case $cc_basename in - CC*) - # Adding this requires a known-good setup of shared libraries for - # Sun compiler versions before 5.6, else PIC objects from an old - # archive will be linked into the output, leading to subtle bugs. - postdeps_CXX='-lCstd -lCrun' - ;; - esac - ;; -esac - - -case " $postdeps_CXX " in -*" -lc "*) archive_cmds_need_lc_CXX=no ;; -esac - -lt_prog_compiler_wl_CXX= -lt_prog_compiler_pic_CXX= -lt_prog_compiler_static_CXX= - -{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 -echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } - - # C++ specific cases for pic, static, wl, etc. - if test "$GXX" = yes; then - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_static_CXX='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static_CXX='-Bstatic' - fi - ;; - amigaos*) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' - ;; - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - mingw* | os2* | pw32*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_CXX='-DDLL_EXPORT' - ;; - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - lt_prog_compiler_pic_CXX='-fno-common' - ;; - *djgpp*) - # DJGPP does not support shared libraries at all - lt_prog_compiler_pic_CXX= - ;; - interix3*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - sysv4*MP*) - if test -d /usr/nec; then - lt_prog_compiler_pic_CXX=-Kconform_pic - fi - ;; - hpux*) - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - ;; - *) - lt_prog_compiler_pic_CXX='-fPIC' - ;; - esac - ;; - *) - lt_prog_compiler_pic_CXX='-fPIC' - ;; - esac - else - case $host_os in - aix4* | aix5*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static_CXX='-Bstatic' - else - lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp' - fi - ;; - chorus*) - case $cc_basename in - cxch68*) - # Green Hills C++ Compiler - # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" - ;; - esac - ;; - darwin*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - case $cc_basename in - xlc*) - lt_prog_compiler_pic_CXX='-qnocommon' - lt_prog_compiler_wl_CXX='-Wl,' - ;; - esac - ;; - dgux*) - case $cc_basename in - ec++*) - lt_prog_compiler_pic_CXX='-KPIC' - ;; - ghcx*) - # Green Hills C++ Compiler - lt_prog_compiler_pic_CXX='-pic' - ;; - *) - ;; - esac - ;; - freebsd* | kfreebsd*-gnu | dragonfly*) - # FreeBSD uses GNU C++ - ;; - hpux9* | hpux10* | hpux11*) - case $cc_basename in - CC*) - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_static_CXX='${wl}-a ${wl}archive' - if test "$host_cpu" != ia64; then - lt_prog_compiler_pic_CXX='+Z' - fi - ;; - aCC*) - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_static_CXX='${wl}-a ${wl}archive' - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic_CXX='+Z' - ;; - esac - ;; - *) - ;; - esac - ;; - interix*) - # This is c89, which is MS Visual C++ (no shared libs) - # Anyone wants to do a port? - ;; - irix5* | irix6* | nonstopux*) - case $cc_basename in - CC*) - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_static_CXX='-non_shared' - # CC pic flag -KPIC is the default. - ;; - *) - ;; - esac - ;; - linux*) - case $cc_basename in - KCC*) - # KAI C++ Compiler - lt_prog_compiler_wl_CXX='--backend -Wl,' - lt_prog_compiler_pic_CXX='-fPIC' - ;; - icpc* | ecpc*) - # Intel C++ - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_pic_CXX='-KPIC' - lt_prog_compiler_static_CXX='-static' - ;; - pgCC*) - # Portland Group C++ compiler. - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_pic_CXX='-fpic' - lt_prog_compiler_static_CXX='-Bstatic' - ;; - cxx*) - # Compaq C++ - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - lt_prog_compiler_pic_CXX= - lt_prog_compiler_static_CXX='-non_shared' - ;; - *) - ;; - esac - ;; - lynxos*) - ;; - m88k*) - ;; - mvs*) - case $cc_basename in - cxx*) - lt_prog_compiler_pic_CXX='-W c,exportall' - ;; - *) - ;; - esac - ;; - netbsd*) - ;; - osf3* | osf4* | osf5*) - case $cc_basename in - KCC*) - lt_prog_compiler_wl_CXX='--backend -Wl,' - ;; - RCC*) - # Rational C++ 2.4.1 - lt_prog_compiler_pic_CXX='-pic' - ;; - cxx*) - # Digital/Compaq C++ - lt_prog_compiler_wl_CXX='-Wl,' - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - lt_prog_compiler_pic_CXX= - lt_prog_compiler_static_CXX='-non_shared' - ;; - *) - ;; - esac - ;; - psos*) - ;; - solaris*) - case $cc_basename in - CC*) - # Sun C++ 4.2, 5.x and Centerline C++ - lt_prog_compiler_pic_CXX='-KPIC' - lt_prog_compiler_static_CXX='-Bstatic' - lt_prog_compiler_wl_CXX='-Qoption ld ' - ;; - gcx*) - # Green Hills C++ Compiler - lt_prog_compiler_pic_CXX='-PIC' - ;; - *) - ;; - esac - ;; - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - lt_prog_compiler_pic_CXX='-pic' - lt_prog_compiler_static_CXX='-Bstatic' - ;; - lcc*) - # Lucid - lt_prog_compiler_pic_CXX='-pic' - ;; - *) - ;; - esac - ;; - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - lt_prog_compiler_pic_CXX='-KPIC' - ;; - *) - ;; - esac - ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - case $cc_basename in - CC*) - lt_prog_compiler_wl_CXX='-Wl,' - lt_prog_compiler_pic_CXX='-KPIC' - lt_prog_compiler_static_CXX='-Bstatic' - ;; - esac - ;; - vxworks*) - ;; - *) - lt_prog_compiler_can_build_shared_CXX=no - ;; - esac - fi - -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6; } - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$lt_prog_compiler_pic_CXX"; then - -{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5 -echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_pic_works_CXX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_pic_works_CXX=no - ac_outfile=conftest.$ac_objext - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13188: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:13192: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_pic_works_CXX=yes - fi - fi - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_CXX" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_works_CXX" >&6; } - -if test x"$lt_prog_compiler_pic_works_CXX" = xyes; then - case $lt_prog_compiler_pic_CXX in - "" | " "*) ;; - *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;; - esac -else - lt_prog_compiler_pic_CXX= - lt_prog_compiler_can_build_shared_CXX=no -fi - -fi -case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: - *djgpp*) - lt_prog_compiler_pic_CXX= - ;; - *) - lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC" - ;; -esac - -# -# Check to make sure the static flag actually works. -# -wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\" -{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_static_works_CXX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_static_works_CXX=no - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $lt_tmp_static_flag" - printf "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&5 - $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_static_works_CXX=yes - fi - else - lt_prog_compiler_static_works_CXX=yes - fi - fi - $rm conftest* - LDFLAGS="$save_LDFLAGS" - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_CXX" >&5 -echo "${ECHO_T}$lt_prog_compiler_static_works_CXX" >&6; } - -if test x"$lt_prog_compiler_static_works_CXX" = xyes; then - : -else - lt_prog_compiler_static_CXX= -fi - - -{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 -echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } -if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_cv_prog_compiler_c_o_CXX=no - $rm -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13292: $lt_compile\"" >&5) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&5 - echo "$as_me:13296: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - lt_cv_prog_compiler_c_o_CXX=yes - fi - fi - chmod u+w . 2>&5 - $rm conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files - $rm out/* && rmdir out - cd .. - rmdir conftest - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5 -echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6; } - - -hard_links="nottested" -if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then - # do not overwrite the value of need_locks provided by the user - { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 -echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } - hard_links=yes - $rm conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - { echo "$as_me:$LINENO: result: $hard_links" >&5 -echo "${ECHO_T}$hard_links" >&6; } - if test "$hard_links" = no; then - { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 -echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} - need_locks=warn - fi -else - need_locks=no -fi - -{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } - - export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - case $host_os in - aix4* | aix5*) - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | grep 'GNU' > /dev/null; then - export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - else - export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - fi - ;; - pw32*) - export_symbols_cmds_CXX="$ltdll_cmds" - ;; - cygwin* | mingw*) - export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - ;; - *) - export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - ;; - esac - -{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5 -echo "${ECHO_T}$ld_shlibs_CXX" >&6; } -test "$ld_shlibs_CXX" = no && can_build_shared=no - -# -# Do we need to explicitly link libc? -# -case "x$archive_cmds_need_lc_CXX" in -x|xyes) - # Assume -lc should be added - archive_cmds_need_lc_CXX=yes - - if test "$enable_shared" = yes && test "$GCC" = yes; then - case $archive_cmds_CXX in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 -echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } - $rm conftest* - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$lt_prog_compiler_wl_CXX - pic_flag=$lt_prog_compiler_pic_CXX - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$allow_undefined_flag_CXX - allow_undefined_flag_CXX= - if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 - (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } - then - archive_cmds_need_lc_CXX=no - else - archive_cmds_need_lc_CXX=yes - fi - allow_undefined_flag_CXX=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $rm conftest* - { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5 -echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6; } - ;; - esac - fi - ;; -esac - -{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 -echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=".so" -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - -case $host_os in -aix3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' - ;; - -aix4* | aix5*) - version_type=linux - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test "$host_cpu" = ia64; then - # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[01] | aix4.[01].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - -beos*) - library_names_spec='${libname}${shared_ext}' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[45]*) - version_type=linux - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32*) - version_type=windows - shrext_cmds=".dll" - need_version=no - need_lib_prefix=no - - case $GCC,$host_os in - yes,cygwin* | yes,mingw* | yes,pw32*) - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $rm \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" - ;; - mingw*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - ;; - esac - ;; - - *) - library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' - ;; - esac - dynamic_linker='Win32 ld.exe' - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' - # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. - if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` - else - sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' - fi - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd1*) - dynamic_linker=no - ;; - -kfreebsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[123]*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[01]* | freebsdelf3.[01]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ - freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - freebsd*) # from 4.6 on - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -gnu*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. - postinstall_cmds='chmod 555 $lib' - ;; - -interix3*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -# This must be Linux ELF. -linux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -knetbsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -nto-qnx*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -openbsd*) - version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" - need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[89] | openbsd2.[89].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac - else - shlibpath_overrides_runpath=yes - fi - ;; - -os2*) - libname_spec='$name' - shrext_cmds=".dll" - need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" - ;; - -solaris*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - export_dynamic_flag_spec='${wl}-Blargedynsym' - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec ;then - version_type=linux - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - shlibpath_overrides_runpath=no - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - shlibpath_overrides_runpath=yes - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -uts4*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 -echo "${ECHO_T}$dynamic_linker" >&6; } -test "$dynamic_linker" = no && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 -echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } -hardcode_action_CXX= -if test -n "$hardcode_libdir_flag_spec_CXX" || \ - test -n "$runpath_var_CXX" || \ - test "X$hardcode_automatic_CXX" = "Xyes" ; then - - # We can hardcode non-existant directories. - if test "$hardcode_direct_CXX" != no && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no && - test "$hardcode_minus_L_CXX" != no; then - # Linking always hardcodes the temporary library directory. - hardcode_action_CXX=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - hardcode_action_CXX=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - hardcode_action_CXX=unsupported -fi -{ echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5 -echo "${ECHO_T}$hardcode_action_CXX" >&6; } - -if test "$hardcode_action_CXX" = relink; then - # Fast installation is not supported - enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then - # Fast installation is not necessary - enable_fast_install=needless -fi - - -# The else clause should only fire when bootstrapping the -# libtool distribution, otherwise you forgot to ship ltmain.sh -# with your package, and you will get complaints that there are -# no rules to generate ltmain.sh. -if test -f "$ltmain"; then - # See if we are running on zsh, and set the options which allow our commands through - # without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST - fi - # Now quote all the things that may contain metacharacters while being - # careful not to overquote the AC_SUBSTed values. We take copies of the - # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ - SED SHELL STRIP \ - libname_spec library_names_spec soname_spec extract_expsyms_cmds \ - old_striplib striplib file_magic_cmd finish_cmds finish_eval \ - deplibs_check_method reload_flag reload_cmds need_locks \ - lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ - lt_cv_sys_global_symbol_to_c_name_address \ - sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ - old_postinstall_cmds old_postuninstall_cmds \ - compiler_CXX \ - CC_CXX \ - LD_CXX \ - lt_prog_compiler_wl_CXX \ - lt_prog_compiler_pic_CXX \ - lt_prog_compiler_static_CXX \ - lt_prog_compiler_no_builtin_flag_CXX \ - export_dynamic_flag_spec_CXX \ - thread_safe_flag_spec_CXX \ - whole_archive_flag_spec_CXX \ - enable_shared_with_static_runtimes_CXX \ - old_archive_cmds_CXX \ - old_archive_from_new_cmds_CXX \ - predep_objects_CXX \ - postdep_objects_CXX \ - predeps_CXX \ - postdeps_CXX \ - compiler_lib_search_path_CXX \ - archive_cmds_CXX \ - archive_expsym_cmds_CXX \ - postinstall_cmds_CXX \ - postuninstall_cmds_CXX \ - old_archive_from_expsyms_cmds_CXX \ - allow_undefined_flag_CXX \ - no_undefined_flag_CXX \ - export_symbols_cmds_CXX \ - hardcode_libdir_flag_spec_CXX \ - hardcode_libdir_flag_spec_ld_CXX \ - hardcode_libdir_separator_CXX \ - hardcode_automatic_CXX \ - module_cmds_CXX \ - module_expsym_cmds_CXX \ - lt_cv_prog_compiler_c_o_CXX \ - exclude_expsyms_CXX \ - include_expsyms_CXX; do - - case $var in - old_archive_cmds_CXX | \ - old_archive_from_new_cmds_CXX | \ - archive_cmds_CXX | \ - archive_expsym_cmds_CXX | \ - module_cmds_CXX | \ - module_expsym_cmds_CXX | \ - old_archive_from_expsyms_cmds_CXX | \ - export_symbols_cmds_CXX | \ - extract_expsyms_cmds | reload_cmds | finish_cmds | \ - postinstall_cmds | postuninstall_cmds | \ - old_postinstall_cmds | old_postuninstall_cmds | \ - sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) - # Double-quote double-evaled strings. - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" - ;; - *) - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" - ;; - esac - done - - case $lt_echo in - *'\$0 --fallback-echo"') - lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` - ;; - esac - -cfgfile="$ofile" - - cat <<__EOF__ >> "$cfgfile" -# ### BEGIN LIBTOOL TAG CONFIG: $tagname - -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc_CXX - -# Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# An echo program that does not interpret backslashes. -echo=$lt_echo - -# The archiver. -AR=$lt_AR -AR_FLAGS=$lt_AR_FLAGS - -# A C compiler. -LTCC=$lt_LTCC - -# LTCC compiler flags. -LTCFLAGS=$lt_LTCFLAGS - -# A language-specific compiler. -CC=$lt_compiler_CXX - -# Is the compiler the GNU C compiler? -with_gcc=$GCC_CXX - -# An ERE matcher. -EGREP=$lt_EGREP - -# The linker used to build libraries. -LD=$lt_LD_CXX - -# Whether we need hard or soft links. -LN_S=$lt_LN_S - -# A BSD-compatible nm program. -NM=$lt_NM - -# A symbol stripping program -STRIP=$lt_STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl_CXX - -# Object file suffix (normally "o"). -objext="$ac_objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Shared library suffix (normally ".so"). -shrext_cmds='$shrext_cmds' - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic_CXX -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$lt_cv_sys_max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static_CXX - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$lt_RANLIB -old_archive_cmds=$lt_old_archive_cmds_CXX -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX - -# Commands used to build and install a shared archive. -archive_cmds=$lt_archive_cmds_CXX -archive_expsym_cmds=$lt_archive_expsym_cmds_CXX -postinstall_cmds=$lt_postinstall_cmds -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to build a loadable module (assumed same as above if empty) -module_cmds=$lt_module_cmds_CXX -module_expsym_cmds=$lt_module_expsym_cmds_CXX - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$lt_predep_objects_CXX - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$lt_postdep_objects_CXX - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$lt_predeps_CXX - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$lt_postdeps_CXX - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_CXX - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$lt_file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag_CXX - -# Flag that forces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag_CXX - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$lt_finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm in a C name address pair -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action_CXX - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX - -# If ld is used when linking, flag to hardcode \$libdir into -# a binary during linking. This must work even if \$libdir does -# not exist. -hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX - -# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$hardcode_direct_CXX - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$hardcode_minus_L_CXX - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX - -# Set to yes if building a shared library automatically hardcodes DIR into the library -# and all subsequent libraries and executables linked against it. -hardcode_automatic=$hardcode_automatic_CXX - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs_CXX - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$fix_srcfile_path_CXX" - -# Set to yes if exported symbols are required. -always_export_symbols=$always_export_symbols_CXX - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds_CXX - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms_CXX - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms_CXX - -# ### END LIBTOOL TAG CONFIG: $tagname - -__EOF__ - - -else - # If there is no Makefile yet, we rely on a make rule to execute - # `config.status --recheck' to rerun these tests and create the - # libtool script then. - ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` - if test -f "$ltmain_in"; then - test -f Makefile && make "$ltmain" - fi -fi - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -CC=$lt_save_CC -LDCXX=$LD -LD=$lt_save_LD -GCC=$lt_save_GCC -with_gnu_ldcxx=$with_gnu_ld -with_gnu_ld=$lt_save_with_gnu_ld -lt_cv_path_LDCXX=$lt_cv_path_LD -lt_cv_path_LD=$lt_save_path_LD -lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld -lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld - - else - tagname="" - fi - ;; - - F77) - if test -n "$F77" && test "X$F77" != "Xno"; then - -ac_ext=f -ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' -ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_f77_compiler_gnu - - -archive_cmds_need_lc_F77=no -allow_undefined_flag_F77= -always_export_symbols_F77=no -archive_expsym_cmds_F77= -export_dynamic_flag_spec_F77= -hardcode_direct_F77=no -hardcode_libdir_flag_spec_F77= -hardcode_libdir_flag_spec_ld_F77= -hardcode_libdir_separator_F77= -hardcode_minus_L_F77=no -hardcode_automatic_F77=no -module_cmds_F77= -module_expsym_cmds_F77= -link_all_deplibs_F77=unknown -old_archive_cmds_F77=$old_archive_cmds -no_undefined_flag_F77= -whole_archive_flag_spec_F77= -enable_shared_with_static_runtimes_F77=no - -# Source file extension for f77 test sources. -ac_ext=f - -# Object file extension for compiled f77 test sources. -objext=o -objext_F77=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code=" subroutine t\n return\n end\n" - -# Code to be used in simple link tests -lt_simple_link_test_code=" program t\n end\n" - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - - -# save warnings/boilerplate of simple test code -ac_outfile=conftest.$ac_objext -printf "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$rm conftest* - -ac_outfile=conftest.$ac_objext -printf "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$rm conftest* - - -# Allow CC to be a program name with arguments. -lt_save_CC="$CC" -CC=${F77-"f77"} -compiler=$CC -compiler_F77=$CC -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` - - -{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 -echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; } -{ echo "$as_me:$LINENO: result: $can_build_shared" >&5 -echo "${ECHO_T}$can_build_shared" >&6; } - -{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 -echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; } -test "$can_build_shared" = "no" && enable_shared=no - -# On AIX, shared libraries and static libraries use the same namespace, and -# are all built from PIC. -case $host_os in -aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; -aix4* | aix5*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no - fi - ;; -esac -{ echo "$as_me:$LINENO: result: $enable_shared" >&5 -echo "${ECHO_T}$enable_shared" >&6; } - -{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5 -echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; } -# Make sure either enable_shared or enable_static is yes. -test "$enable_shared" = yes || enable_static=yes -{ echo "$as_me:$LINENO: result: $enable_static" >&5 -echo "${ECHO_T}$enable_static" >&6; } - -GCC_F77="$G77" -LD_F77="$LD" - -lt_prog_compiler_wl_F77= -lt_prog_compiler_pic_F77= -lt_prog_compiler_static_F77= - -{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 -echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } - - if test "$GCC" = yes; then - lt_prog_compiler_wl_F77='-Wl,' - lt_prog_compiler_static_F77='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static_F77='-Bstatic' - fi - ;; - - amigaos*) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' - ;; - - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - - mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_F77='-DDLL_EXPORT' - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - lt_prog_compiler_pic_F77='-fno-common' - ;; - - interix3*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - - msdosdjgpp*) - # Just because we use GCC doesn't mean we suddenly get shared libraries - # on systems that don't support them. - lt_prog_compiler_can_build_shared_F77=no - enable_shared=no - ;; - - sysv4*MP*) - if test -d /usr/nec; then - lt_prog_compiler_pic_F77=-Kconform_pic - fi - ;; - - hpux*) - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic_F77='-fPIC' - ;; - esac - ;; - - *) - lt_prog_compiler_pic_F77='-fPIC' - ;; - esac - else - # PORTME Check for flag to pass linker flags through the system compiler. - case $host_os in - aix*) - lt_prog_compiler_wl_F77='-Wl,' - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static_F77='-Bstatic' - else - lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp' - fi - ;; - darwin*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - case $cc_basename in - xlc*) - lt_prog_compiler_pic_F77='-qnocommon' - lt_prog_compiler_wl_F77='-Wl,' - ;; - esac - ;; - - mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_F77='-DDLL_EXPORT' - ;; - - hpux9* | hpux10* | hpux11*) - lt_prog_compiler_wl_F77='-Wl,' - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic_F77='+Z' - ;; - esac - # Is there a better lt_prog_compiler_static that works with the bundled CC? - lt_prog_compiler_static_F77='${wl}-a ${wl}archive' - ;; - - irix5* | irix6* | nonstopux*) - lt_prog_compiler_wl_F77='-Wl,' - # PIC (with -KPIC) is the default. - lt_prog_compiler_static_F77='-non_shared' - ;; - - newsos6) - lt_prog_compiler_pic_F77='-KPIC' - lt_prog_compiler_static_F77='-Bstatic' - ;; - - linux*) - case $cc_basename in - icc* | ecc*) - lt_prog_compiler_wl_F77='-Wl,' - lt_prog_compiler_pic_F77='-KPIC' - lt_prog_compiler_static_F77='-static' - ;; - pgcc* | pgf77* | pgf90* | pgf95*) - # Portland Group compilers (*not* the Pentium gcc compiler, - # which looks to be a dead project) - lt_prog_compiler_wl_F77='-Wl,' - lt_prog_compiler_pic_F77='-fpic' - lt_prog_compiler_static_F77='-Bstatic' - ;; - ccc*) - lt_prog_compiler_wl_F77='-Wl,' - # All Alpha code is PIC. - lt_prog_compiler_static_F77='-non_shared' - ;; - esac - ;; - - osf3* | osf4* | osf5*) - lt_prog_compiler_wl_F77='-Wl,' - # All OSF/1 code is PIC. - lt_prog_compiler_static_F77='-non_shared' - ;; - - solaris*) - lt_prog_compiler_pic_F77='-KPIC' - lt_prog_compiler_static_F77='-Bstatic' - case $cc_basename in - f77* | f90* | f95*) - lt_prog_compiler_wl_F77='-Qoption ld ';; - *) - lt_prog_compiler_wl_F77='-Wl,';; - esac - ;; - - sunos4*) - lt_prog_compiler_wl_F77='-Qoption ld ' - lt_prog_compiler_pic_F77='-PIC' - lt_prog_compiler_static_F77='-Bstatic' - ;; - - sysv4 | sysv4.2uw2* | sysv4.3*) - lt_prog_compiler_wl_F77='-Wl,' - lt_prog_compiler_pic_F77='-KPIC' - lt_prog_compiler_static_F77='-Bstatic' - ;; - - sysv4*MP*) - if test -d /usr/nec ;then - lt_prog_compiler_pic_F77='-Kconform_pic' - lt_prog_compiler_static_F77='-Bstatic' - fi - ;; - - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - lt_prog_compiler_wl_F77='-Wl,' - lt_prog_compiler_pic_F77='-KPIC' - lt_prog_compiler_static_F77='-Bstatic' - ;; - - unicos*) - lt_prog_compiler_wl_F77='-Wl,' - lt_prog_compiler_can_build_shared_F77=no - ;; - - uts4*) - lt_prog_compiler_pic_F77='-pic' - lt_prog_compiler_static_F77='-Bstatic' - ;; - - *) - lt_prog_compiler_can_build_shared_F77=no - ;; - esac - fi - -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6; } - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$lt_prog_compiler_pic_F77"; then - -{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5 -echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_pic_works_F77+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_pic_works_F77=no - ac_outfile=conftest.$ac_objext - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic_F77" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14862: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:14866: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_pic_works_F77=yes - fi - fi - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_F77" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_works_F77" >&6; } - -if test x"$lt_prog_compiler_pic_works_F77" = xyes; then - case $lt_prog_compiler_pic_F77 in - "" | " "*) ;; - *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;; - esac -else - lt_prog_compiler_pic_F77= - lt_prog_compiler_can_build_shared_F77=no -fi - -fi -case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: - *djgpp*) - lt_prog_compiler_pic_F77= - ;; - *) - lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77" - ;; -esac - -# -# Check to make sure the static flag actually works. -# -wl=$lt_prog_compiler_wl_F77 eval lt_tmp_static_flag=\"$lt_prog_compiler_static_F77\" -{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_static_works_F77+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_static_works_F77=no - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $lt_tmp_static_flag" - printf "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&5 - $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_static_works_F77=yes - fi - else - lt_prog_compiler_static_works_F77=yes - fi - fi - $rm conftest* - LDFLAGS="$save_LDFLAGS" - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_F77" >&5 -echo "${ECHO_T}$lt_prog_compiler_static_works_F77" >&6; } - -if test x"$lt_prog_compiler_static_works_F77" = xyes; then - : -else - lt_prog_compiler_static_F77= -fi - - -{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 -echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } -if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_cv_prog_compiler_c_o_F77=no - $rm -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14966: $lt_compile\"" >&5) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&5 - echo "$as_me:14970: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - lt_cv_prog_compiler_c_o_F77=yes - fi - fi - chmod u+w . 2>&5 - $rm conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files - $rm out/* && rmdir out - cd .. - rmdir conftest - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5 -echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6; } - - -hard_links="nottested" -if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then - # do not overwrite the value of need_locks provided by the user - { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 -echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } - hard_links=yes - $rm conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - { echo "$as_me:$LINENO: result: $hard_links" >&5 -echo "${ECHO_T}$hard_links" >&6; } - if test "$hard_links" = no; then - { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 -echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} - need_locks=warn - fi -else - need_locks=no -fi - -{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } - - runpath_var= - allow_undefined_flag_F77= - enable_shared_with_static_runtimes_F77=no - archive_cmds_F77= - archive_expsym_cmds_F77= - old_archive_From_new_cmds_F77= - old_archive_from_expsyms_cmds_F77= - export_dynamic_flag_spec_F77= - whole_archive_flag_spec_F77= - thread_safe_flag_spec_F77= - hardcode_libdir_flag_spec_F77= - hardcode_libdir_flag_spec_ld_F77= - hardcode_libdir_separator_F77= - hardcode_direct_F77=no - hardcode_minus_L_F77=no - hardcode_shlibpath_var_F77=unsupported - link_all_deplibs_F77=unknown - hardcode_automatic_F77=no - module_cmds_F77= - module_expsym_cmds_F77= - always_export_symbols_F77=no - export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - # include_expsyms should be a list of space-separated symbols to be *always* - # included in the symbol list - include_expsyms_F77= - # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. - exclude_expsyms_F77="_GLOBAL_OFFSET_TABLE_" - # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out - # platforms (ab)use it in PIC code, but their linkers get confused if - # the symbol is explicitly referenced. Since portable code cannot - # rely on this symbol name, it's probably fine to never include it in - # preloaded symbol tables. - extract_expsyms_cmds= - # Just being paranoid about ensuring that cc_basename is set. - for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` - - case $host_os in - cygwin* | mingw* | pw32*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test "$GCC" != yes; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd*) - with_gnu_ld=no - ;; - esac - - ld_shlibs_F77=yes - if test "$with_gnu_ld" = yes; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' - - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir' - export_dynamic_flag_spec_F77='${wl}--export-dynamic' - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec_F77= - fi - supports_anon_versioning=no - case `$LD -v 2>/dev/null` in - *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix3* | aix4* | aix5*) - # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then - ld_shlibs_F77=no - cat <&2 - -*** Warning: the GNU linker, at least up to release 2.9.1, is reported -*** to be unable to reliably create shared libraries on AIX. -*** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. - -EOF - fi - ;; - - amigaos*) - archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_minus_L_F77=yes - - # Samuel A. Falvo II reports - # that the semantics of dynamic libraries on AmigaOS, at least up - # to version 4, is to share data among multiple programs linked - # with the same dynamic library. Since this doesn't match the - # behavior of shared libraries on other platforms, we can't use - # them. - ld_shlibs_F77=no - ;; - - beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - allow_undefined_flag_F77=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - ld_shlibs_F77=no - fi - ;; - - cygwin* | mingw* | pw32*) - # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless, - # as there is no search path for DLLs. - hardcode_libdir_flag_spec_F77='-L$libdir' - allow_undefined_flag_F77=unsupported - always_export_symbols_F77=no - enable_shared_with_static_runtimes_F77=yes - export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - ld_shlibs_F77=no - fi - ;; - - interix3*) - hardcode_direct_F77=no - hardcode_shlibpath_var_F77=no - hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' - export_dynamic_flag_spec_F77='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - archive_cmds_F77='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - - linux*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - tmp_addflag= - case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag' - ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 - tmp_addflag=' -i_dynamic' ;; - efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 - tmp_addflag=' -i_dynamic -nofor_main' ;; - ifc* | ifort*) # Intel Fortran compiler - tmp_addflag=' -nofor_main' ;; - esac - archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - - if test $supports_anon_versioning = yes; then - archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - $echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' - fi - else - ld_shlibs_F77=no - fi - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' - wlarc= - else - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - fi - ;; - - solaris*) - if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then - ld_shlibs_F77=no - cat <&2 - -*** Warning: The releases 2.8.* of the GNU linker cannot reliably -*** create shared libraries on Solaris systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.9.1 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -EOF - elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs_F77=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) - ld_shlibs_F77=no - cat <<_LT_EOF 1>&2 - -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not -*** reliably create shared libraries on SCO systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.16.91.0.3 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - ;; - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' - archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' - else - ld_shlibs_F77=no - fi - ;; - esac - ;; - - sunos4*) - archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - hardcode_direct_F77=yes - hardcode_shlibpath_var_F77=no - ;; - - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs_F77=no - fi - ;; - esac - - if test "$ld_shlibs_F77" = no; then - runpath_var= - hardcode_libdir_flag_spec_F77= - export_dynamic_flag_spec_F77= - whole_archive_flag_spec_F77= - fi - else - # PORTME fill in a description of your system's linker (not GNU ld) - case $host_os in - aix3*) - allow_undefined_flag_F77=unsupported - always_export_symbols_F77=yes - archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - hardcode_minus_L_F77=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - hardcode_direct_F77=unsupported - fi - ;; - - aix4* | aix5*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | grep 'GNU' > /dev/null; then - export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - else - export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - fi - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix5*) - for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then - aix_use_runtimelinking=yes - break - fi - done - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - archive_cmds_F77='' - hardcode_direct_F77=yes - hardcode_libdir_separator_F77=':' - link_all_deplibs_F77=yes - - if test "$GCC" = yes; then - case $host_os in aix4.[012]|aix4.[012].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null - then - # We have reworked collect2 - hardcode_direct_F77=yes - else - # We have old collect2 - hardcode_direct_F77=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - hardcode_minus_L_F77=yes - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_libdir_separator_F77= - fi - ;; - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - always_export_symbols_F77=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - allow_undefined_flag_F77='-berok' - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF - program main - - end -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_f77_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi - - hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath" - archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib' - allow_undefined_flag_F77="-z nodefs" - archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF - program main - - end -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_f77_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi - - hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - no_undefined_flag_F77=' ${wl}-bernotok' - allow_undefined_flag_F77=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - whole_archive_flag_spec_F77='$convenience' - archive_cmds_need_lc_F77=yes - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; - - amigaos*) - archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_minus_L_F77=yes - # see comment about different semantics on the GNU ld section - ld_shlibs_F77=no - ;; - - bsdi[45]*) - export_dynamic_flag_spec_F77=-rdynamic - ;; - - cygwin* | mingw* | pw32*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - hardcode_libdir_flag_spec_F77=' ' - allow_undefined_flag_F77=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" - # FIXME: Setting linknames here is a bad hack. - archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - old_archive_From_new_cmds_F77='true' - # FIXME: Should let the user specify the lib program. - old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs' - fix_srcfile_path_F77='`cygpath -w "$srcfile"`' - enable_shared_with_static_runtimes_F77=yes - ;; - - darwin* | rhapsody*) - case $host_os in - rhapsody* | darwin1.[012]) - allow_undefined_flag_F77='${wl}-undefined ${wl}suppress' - ;; - *) # Darwin 1.3 on - if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then - allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - else - case ${MACOSX_DEPLOYMENT_TARGET} in - 10.[012]) - allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - ;; - 10.*) - allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup' - ;; - esac - fi - ;; - esac - archive_cmds_need_lc_F77=no - hardcode_direct_F77=no - hardcode_automatic_F77=yes - hardcode_shlibpath_var_F77=unsupported - whole_archive_flag_spec_F77='' - link_all_deplibs_F77=yes - if test "$GCC" = yes ; then - output_verbose_link_cmd='echo' - archive_cmds_F77='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - case $cc_basename in - xlc*) - output_verbose_link_cmd='echo' - archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' - module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - ;; - *) - ld_shlibs_F77=no - ;; - esac - fi - ;; - - dgux*) - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_shlibpath_var_F77=no - ;; - - freebsd1*) - ld_shlibs_F77=no - ;; - - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor - # support. Future versions do this automatically, but an explicit c++rt0.o - # does not break anything, and helps significantly (at the cost of a little - # extra space). - freebsd2.2*) - archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' - hardcode_libdir_flag_spec_F77='-R$libdir' - hardcode_direct_F77=yes - hardcode_shlibpath_var_F77=no - ;; - - # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) - archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_F77=yes - hardcode_minus_L_F77=yes - hardcode_shlibpath_var_F77=no - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | kfreebsd*-gnu | dragonfly*) - archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec_F77='-R$libdir' - hardcode_direct_F77=yes - hardcode_shlibpath_var_F77=no - ;; - - hpux9*) - if test "$GCC" = yes; then - archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - fi - hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_F77=: - hardcode_direct_F77=yes - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L_F77=yes - export_dynamic_flag_spec_F77='${wl}-E' - ;; - - hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' - fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_F77=: - - hardcode_direct_F77=yes - export_dynamic_flag_spec_F77='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L_F77=yes - fi - ;; - - hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - case $host_cpu in - hppa*64*) - archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - else - case $host_cpu in - hppa*64*) - archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_F77=: - - case $host_cpu in - hppa*64*|ia64*) - hardcode_libdir_flag_spec_ld_F77='+b $libdir' - hardcode_direct_F77=no - hardcode_shlibpath_var_F77=no - ;; - *) - hardcode_direct_F77=yes - export_dynamic_flag_spec_F77='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L_F77=yes - ;; - esac - fi - ;; - - irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec_ld_F77='-rpath $libdir' - fi - hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_F77=: - link_all_deplibs_F77=yes - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out - else - archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF - fi - hardcode_libdir_flag_spec_F77='-R$libdir' - hardcode_direct_F77=yes - hardcode_shlibpath_var_F77=no - ;; - - newsos6) - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_F77=yes - hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_F77=: - hardcode_shlibpath_var_F77=no - ;; - - openbsd*) - hardcode_direct_F77=yes - hardcode_shlibpath_var_F77=no - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' - export_dynamic_flag_spec_F77='${wl}-E' - else - case $host_os in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec_F77='-R$libdir' - ;; - *) - archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' - ;; - esac - fi - ;; - - os2*) - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_minus_L_F77=yes - allow_undefined_flag_F77=unsupported - archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' - ;; - - osf3*) - if test "$GCC" = yes; then - allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - allow_undefined_flag_F77=' -expect_unresolved \*' - archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - fi - hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_F77=: - ;; - - osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' - else - allow_undefined_flag_F77=' -expect_unresolved \*' - archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ - $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' - - # Both c and cxx compiler support -rpath directly - hardcode_libdir_flag_spec_F77='-rpath $libdir' - fi - hardcode_libdir_separator_F77=: - ;; - - solaris*) - no_undefined_flag_F77=' -z text' - if test "$GCC" = yes; then - wlarc='${wl}' - archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' - else - wlarc='' - archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' - archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' - fi - hardcode_libdir_flag_spec_F77='-R$libdir' - hardcode_shlibpath_var_F77=no - case $host_os in - solaris2.[0-5] | solaris2.[0-5].*) ;; - *) - # The compiler driver will combine linker options so we - # cannot just pass the convience library names through - # without $wl, iff we do not link with $LD. - # Luckily, gcc supports the same syntax we need for Sun Studio. - # Supported since Solaris 2.6 (maybe 2.5.1?) - case $wlarc in - '') - whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;; - *) - whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; - esac ;; - esac - link_all_deplibs_F77=yes - ;; - - sunos4*) - if test "x$host_vendor" = xsequent; then - # Use $CC to link under sequent, because it throws in some extra .o - # files that make .init and .fini sections work. - archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' - fi - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_direct_F77=yes - hardcode_minus_L_F77=yes - hardcode_shlibpath_var_F77=no - ;; - - sysv4) - case $host_vendor in - sni) - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_F77=yes # is this really true??? - ;; - siemens) - ## LD is ld it makes a PLAMLIB - ## CC just makes a GrossModule. - archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags' - reload_cmds_F77='$CC -r -o $output$reload_objs' - hardcode_direct_F77=no - ;; - motorola) - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie - ;; - esac - runpath_var='LD_RUN_PATH' - hardcode_shlibpath_var_F77=no - ;; - - sysv4.3*) - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_shlibpath_var_F77=no - export_dynamic_flag_spec_F77='-Bexport' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_shlibpath_var_F77=no - runpath_var=LD_RUN_PATH - hardcode_runpath_var=yes - ld_shlibs_F77=yes - fi - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) - no_undefined_flag_F77='${wl}-z,text' - archive_cmds_need_lc_F77=no - hardcode_shlibpath_var_F77=no - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - archive_cmds_F77='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_F77='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - no_undefined_flag_F77='${wl}-z,text' - allow_undefined_flag_F77='${wl}-z,nodefs' - archive_cmds_need_lc_F77=no - hardcode_shlibpath_var_F77=no - hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' - hardcode_libdir_separator_F77=':' - link_all_deplibs_F77=yes - export_dynamic_flag_spec_F77='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - archive_cmds_F77='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_F77='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - uts4*) - archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec_F77='-L$libdir' - hardcode_shlibpath_var_F77=no - ;; - - *) - ld_shlibs_F77=no - ;; - esac - fi - -{ echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5 -echo "${ECHO_T}$ld_shlibs_F77" >&6; } -test "$ld_shlibs_F77" = no && can_build_shared=no - -# -# Do we need to explicitly link libc? -# -case "x$archive_cmds_need_lc_F77" in -x|xyes) - # Assume -lc should be added - archive_cmds_need_lc_F77=yes - - if test "$enable_shared" = yes && test "$GCC" = yes; then - case $archive_cmds_F77 in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 -echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } - $rm conftest* - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$lt_prog_compiler_wl_F77 - pic_flag=$lt_prog_compiler_pic_F77 - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$allow_undefined_flag_F77 - allow_undefined_flag_F77= - if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 - (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } - then - archive_cmds_need_lc_F77=no - else - archive_cmds_need_lc_F77=yes - fi - allow_undefined_flag_F77=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $rm conftest* - { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5 -echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6; } - ;; - esac - fi - ;; -esac - -{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 -echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=".so" -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - -case $host_os in -aix3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' - ;; - -aix4* | aix5*) - version_type=linux - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test "$host_cpu" = ia64; then - # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[01] | aix4.[01].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - -beos*) - library_names_spec='${libname}${shared_ext}' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[45]*) - version_type=linux - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32*) - version_type=windows - shrext_cmds=".dll" - need_version=no - need_lib_prefix=no - - case $GCC,$host_os in - yes,cygwin* | yes,mingw* | yes,pw32*) - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $rm \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" - ;; - mingw*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - ;; - esac - ;; - - *) - library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' - ;; - esac - dynamic_linker='Win32 ld.exe' - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' - # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. - if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` - else - sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' - fi - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd1*) - dynamic_linker=no - ;; - -kfreebsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[123]*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[01]* | freebsdelf3.[01]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ - freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - freebsd*) # from 4.6 on - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -gnu*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. - postinstall_cmds='chmod 555 $lib' - ;; - -interix3*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -# This must be Linux ELF. -linux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -knetbsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -nto-qnx*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -openbsd*) - version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" - need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[89] | openbsd2.[89].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac - else - shlibpath_overrides_runpath=yes - fi - ;; - -os2*) - libname_spec='$name' - shrext_cmds=".dll" - need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" - ;; - -solaris*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - export_dynamic_flag_spec='${wl}-Blargedynsym' - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec ;then - version_type=linux - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - shlibpath_overrides_runpath=no - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - shlibpath_overrides_runpath=yes - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -uts4*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 -echo "${ECHO_T}$dynamic_linker" >&6; } -test "$dynamic_linker" = no && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 -echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } -hardcode_action_F77= -if test -n "$hardcode_libdir_flag_spec_F77" || \ - test -n "$runpath_var_F77" || \ - test "X$hardcode_automatic_F77" = "Xyes" ; then - - # We can hardcode non-existant directories. - if test "$hardcode_direct_F77" != no && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no && - test "$hardcode_minus_L_F77" != no; then - # Linking always hardcodes the temporary library directory. - hardcode_action_F77=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - hardcode_action_F77=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - hardcode_action_F77=unsupported -fi -{ echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5 -echo "${ECHO_T}$hardcode_action_F77" >&6; } - -if test "$hardcode_action_F77" = relink; then - # Fast installation is not supported - enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then - # Fast installation is not necessary - enable_fast_install=needless -fi - - -# The else clause should only fire when bootstrapping the -# libtool distribution, otherwise you forgot to ship ltmain.sh -# with your package, and you will get complaints that there are -# no rules to generate ltmain.sh. -if test -f "$ltmain"; then - # See if we are running on zsh, and set the options which allow our commands through - # without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST - fi - # Now quote all the things that may contain metacharacters while being - # careful not to overquote the AC_SUBSTed values. We take copies of the - # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ - SED SHELL STRIP \ - libname_spec library_names_spec soname_spec extract_expsyms_cmds \ - old_striplib striplib file_magic_cmd finish_cmds finish_eval \ - deplibs_check_method reload_flag reload_cmds need_locks \ - lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ - lt_cv_sys_global_symbol_to_c_name_address \ - sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ - old_postinstall_cmds old_postuninstall_cmds \ - compiler_F77 \ - CC_F77 \ - LD_F77 \ - lt_prog_compiler_wl_F77 \ - lt_prog_compiler_pic_F77 \ - lt_prog_compiler_static_F77 \ - lt_prog_compiler_no_builtin_flag_F77 \ - export_dynamic_flag_spec_F77 \ - thread_safe_flag_spec_F77 \ - whole_archive_flag_spec_F77 \ - enable_shared_with_static_runtimes_F77 \ - old_archive_cmds_F77 \ - old_archive_from_new_cmds_F77 \ - predep_objects_F77 \ - postdep_objects_F77 \ - predeps_F77 \ - postdeps_F77 \ - compiler_lib_search_path_F77 \ - archive_cmds_F77 \ - archive_expsym_cmds_F77 \ - postinstall_cmds_F77 \ - postuninstall_cmds_F77 \ - old_archive_from_expsyms_cmds_F77 \ - allow_undefined_flag_F77 \ - no_undefined_flag_F77 \ - export_symbols_cmds_F77 \ - hardcode_libdir_flag_spec_F77 \ - hardcode_libdir_flag_spec_ld_F77 \ - hardcode_libdir_separator_F77 \ - hardcode_automatic_F77 \ - module_cmds_F77 \ - module_expsym_cmds_F77 \ - lt_cv_prog_compiler_c_o_F77 \ - exclude_expsyms_F77 \ - include_expsyms_F77; do - - case $var in - old_archive_cmds_F77 | \ - old_archive_from_new_cmds_F77 | \ - archive_cmds_F77 | \ - archive_expsym_cmds_F77 | \ - module_cmds_F77 | \ - module_expsym_cmds_F77 | \ - old_archive_from_expsyms_cmds_F77 | \ - export_symbols_cmds_F77 | \ - extract_expsyms_cmds | reload_cmds | finish_cmds | \ - postinstall_cmds | postuninstall_cmds | \ - old_postinstall_cmds | old_postuninstall_cmds | \ - sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) - # Double-quote double-evaled strings. - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" - ;; - *) - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" - ;; - esac - done - - case $lt_echo in - *'\$0 --fallback-echo"') - lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` - ;; - esac - -cfgfile="$ofile" - - cat <<__EOF__ >> "$cfgfile" -# ### BEGIN LIBTOOL TAG CONFIG: $tagname - -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc_F77 - -# Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77 - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# An echo program that does not interpret backslashes. -echo=$lt_echo - -# The archiver. -AR=$lt_AR -AR_FLAGS=$lt_AR_FLAGS - -# A C compiler. -LTCC=$lt_LTCC - -# LTCC compiler flags. -LTCFLAGS=$lt_LTCFLAGS - -# A language-specific compiler. -CC=$lt_compiler_F77 - -# Is the compiler the GNU C compiler? -with_gcc=$GCC_F77 - -# An ERE matcher. -EGREP=$lt_EGREP - -# The linker used to build libraries. -LD=$lt_LD_F77 - -# Whether we need hard or soft links. -LN_S=$lt_LN_S - -# A BSD-compatible nm program. -NM=$lt_NM - -# A symbol stripping program -STRIP=$lt_STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl_F77 - -# Object file suffix (normally "o"). -objext="$ac_objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Shared library suffix (normally ".so"). -shrext_cmds='$shrext_cmds' - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic_F77 -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$lt_cv_sys_max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77 - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static_F77 - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77 - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77 - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77 - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77 - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$lt_RANLIB -old_archive_cmds=$lt_old_archive_cmds_F77 -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77 - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77 - -# Commands used to build and install a shared archive. -archive_cmds=$lt_archive_cmds_F77 -archive_expsym_cmds=$lt_archive_expsym_cmds_F77 -postinstall_cmds=$lt_postinstall_cmds -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to build a loadable module (assumed same as above if empty) -module_cmds=$lt_module_cmds_F77 -module_expsym_cmds=$lt_module_expsym_cmds_F77 - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$lt_predep_objects_F77 - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$lt_postdep_objects_F77 - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$lt_predeps_F77 - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$lt_postdeps_F77 - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_F77 - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$lt_file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag_F77 - -# Flag that forces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag_F77 - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$lt_finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm in a C name address pair -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action_F77 - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77 - -# If ld is used when linking, flag to hardcode \$libdir into -# a binary during linking. This must work even if \$libdir does -# not exist. -hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77 - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77 - -# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$hardcode_direct_F77 - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$hardcode_minus_L_F77 - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var_F77 - -# Set to yes if building a shared library automatically hardcodes DIR into the library -# and all subsequent libraries and executables linked against it. -hardcode_automatic=$hardcode_automatic_F77 - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs_F77 - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$fix_srcfile_path_F77" - -# Set to yes if exported symbols are required. -always_export_symbols=$always_export_symbols_F77 - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds_F77 - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms_F77 - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms_F77 - -# ### END LIBTOOL TAG CONFIG: $tagname - -__EOF__ - - -else - # If there is no Makefile yet, we rely on a make rule to execute - # `config.status --recheck' to rerun these tests and create the - # libtool script then. - ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` - if test -f "$ltmain_in"; then - test -f Makefile && make "$ltmain" - fi -fi - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -CC="$lt_save_CC" - - else - tagname="" - fi - ;; - - GCJ) - if test -n "$GCJ" && test "X$GCJ" != "Xno"; then - - -# Source file extension for Java test sources. -ac_ext=java - -# Object file extension for compiled Java test sources. -objext=o -objext_GCJ=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="class foo {}\n" - -# Code to be used in simple link tests -lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n' - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - - -# save warnings/boilerplate of simple test code -ac_outfile=conftest.$ac_objext -printf "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$rm conftest* - -ac_outfile=conftest.$ac_objext -printf "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$rm conftest* - - -# Allow CC to be a program name with arguments. -lt_save_CC="$CC" -CC=${GCJ-"gcj"} -compiler=$CC -compiler_GCJ=$CC -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` - - -# GCJ did not exist at the time GCC didn't implicitly link libc in. -archive_cmds_need_lc_GCJ=no - -old_archive_cmds_GCJ=$old_archive_cmds - - -lt_prog_compiler_no_builtin_flag_GCJ= - -if test "$GCC" = yes; then - lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin' - - -{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 -echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; } -if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_cv_prog_compiler_rtti_exceptions=no - ac_outfile=conftest.$ac_objext - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="-fno-rtti -fno-exceptions" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17164: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:17168: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_cv_prog_compiler_rtti_exceptions=yes - fi - fi - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 -echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; } - -if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then - lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions" -else - : -fi - -fi - -lt_prog_compiler_wl_GCJ= -lt_prog_compiler_pic_GCJ= -lt_prog_compiler_static_GCJ= - -{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 -echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } - - if test "$GCC" = yes; then - lt_prog_compiler_wl_GCJ='-Wl,' - lt_prog_compiler_static_GCJ='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static_GCJ='-Bstatic' - fi - ;; - - amigaos*) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' - ;; - - beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - - mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - lt_prog_compiler_pic_GCJ='-fno-common' - ;; - - interix3*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - - msdosdjgpp*) - # Just because we use GCC doesn't mean we suddenly get shared libraries - # on systems that don't support them. - lt_prog_compiler_can_build_shared_GCJ=no - enable_shared=no - ;; - - sysv4*MP*) - if test -d /usr/nec; then - lt_prog_compiler_pic_GCJ=-Kconform_pic - fi - ;; - - hpux*) - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic_GCJ='-fPIC' - ;; - esac - ;; - - *) - lt_prog_compiler_pic_GCJ='-fPIC' - ;; - esac - else - # PORTME Check for flag to pass linker flags through the system compiler. - case $host_os in - aix*) - lt_prog_compiler_wl_GCJ='-Wl,' - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - lt_prog_compiler_static_GCJ='-Bstatic' - else - lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp' - fi - ;; - darwin*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - case $cc_basename in - xlc*) - lt_prog_compiler_pic_GCJ='-qnocommon' - lt_prog_compiler_wl_GCJ='-Wl,' - ;; - esac - ;; - - mingw* | pw32* | os2*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' - ;; - - hpux9* | hpux10* | hpux11*) - lt_prog_compiler_wl_GCJ='-Wl,' - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - lt_prog_compiler_pic_GCJ='+Z' - ;; - esac - # Is there a better lt_prog_compiler_static that works with the bundled CC? - lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive' - ;; - - irix5* | irix6* | nonstopux*) - lt_prog_compiler_wl_GCJ='-Wl,' - # PIC (with -KPIC) is the default. - lt_prog_compiler_static_GCJ='-non_shared' - ;; - - newsos6) - lt_prog_compiler_pic_GCJ='-KPIC' - lt_prog_compiler_static_GCJ='-Bstatic' - ;; - - linux*) - case $cc_basename in - icc* | ecc*) - lt_prog_compiler_wl_GCJ='-Wl,' - lt_prog_compiler_pic_GCJ='-KPIC' - lt_prog_compiler_static_GCJ='-static' - ;; - pgcc* | pgf77* | pgf90* | pgf95*) - # Portland Group compilers (*not* the Pentium gcc compiler, - # which looks to be a dead project) - lt_prog_compiler_wl_GCJ='-Wl,' - lt_prog_compiler_pic_GCJ='-fpic' - lt_prog_compiler_static_GCJ='-Bstatic' - ;; - ccc*) - lt_prog_compiler_wl_GCJ='-Wl,' - # All Alpha code is PIC. - lt_prog_compiler_static_GCJ='-non_shared' - ;; - esac - ;; - - osf3* | osf4* | osf5*) - lt_prog_compiler_wl_GCJ='-Wl,' - # All OSF/1 code is PIC. - lt_prog_compiler_static_GCJ='-non_shared' - ;; - - solaris*) - lt_prog_compiler_pic_GCJ='-KPIC' - lt_prog_compiler_static_GCJ='-Bstatic' - case $cc_basename in - f77* | f90* | f95*) - lt_prog_compiler_wl_GCJ='-Qoption ld ';; - *) - lt_prog_compiler_wl_GCJ='-Wl,';; - esac - ;; - - sunos4*) - lt_prog_compiler_wl_GCJ='-Qoption ld ' - lt_prog_compiler_pic_GCJ='-PIC' - lt_prog_compiler_static_GCJ='-Bstatic' - ;; - - sysv4 | sysv4.2uw2* | sysv4.3*) - lt_prog_compiler_wl_GCJ='-Wl,' - lt_prog_compiler_pic_GCJ='-KPIC' - lt_prog_compiler_static_GCJ='-Bstatic' - ;; - - sysv4*MP*) - if test -d /usr/nec ;then - lt_prog_compiler_pic_GCJ='-Kconform_pic' - lt_prog_compiler_static_GCJ='-Bstatic' - fi - ;; - - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - lt_prog_compiler_wl_GCJ='-Wl,' - lt_prog_compiler_pic_GCJ='-KPIC' - lt_prog_compiler_static_GCJ='-Bstatic' - ;; - - unicos*) - lt_prog_compiler_wl_GCJ='-Wl,' - lt_prog_compiler_can_build_shared_GCJ=no - ;; - - uts4*) - lt_prog_compiler_pic_GCJ='-pic' - lt_prog_compiler_static_GCJ='-Bstatic' - ;; - - *) - lt_prog_compiler_can_build_shared_GCJ=no - ;; - esac - fi - -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6; } - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$lt_prog_compiler_pic_GCJ"; then - -{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5 -echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_pic_works_GCJ+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_pic_works_GCJ=no - ac_outfile=conftest.$ac_objext - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$lt_prog_compiler_pic_GCJ" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17432: $lt_compile\"" >&5) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&5 - echo "$as_me:17436: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_pic_works_GCJ=yes - fi - fi - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_GCJ" >&5 -echo "${ECHO_T}$lt_prog_compiler_pic_works_GCJ" >&6; } - -if test x"$lt_prog_compiler_pic_works_GCJ" = xyes; then - case $lt_prog_compiler_pic_GCJ in - "" | " "*) ;; - *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;; - esac -else - lt_prog_compiler_pic_GCJ= - lt_prog_compiler_can_build_shared_GCJ=no -fi - -fi -case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: - *djgpp*) - lt_prog_compiler_pic_GCJ= - ;; - *) - lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ" - ;; -esac - -# -# Check to make sure the static flag actually works. -# -wl=$lt_prog_compiler_wl_GCJ eval lt_tmp_static_flag=\"$lt_prog_compiler_static_GCJ\" -{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } -if test "${lt_prog_compiler_static_works_GCJ+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_prog_compiler_static_works_GCJ=no - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $lt_tmp_static_flag" - printf "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&5 - $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - lt_prog_compiler_static_works_GCJ=yes - fi - else - lt_prog_compiler_static_works_GCJ=yes - fi - fi - $rm conftest* - LDFLAGS="$save_LDFLAGS" - -fi -{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_GCJ" >&5 -echo "${ECHO_T}$lt_prog_compiler_static_works_GCJ" >&6; } - -if test x"$lt_prog_compiler_static_works_GCJ" = xyes; then - : -else - lt_prog_compiler_static_GCJ= -fi - - -{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 -echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } -if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - lt_cv_prog_compiler_c_o_GCJ=no - $rm -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17536: $lt_compile\"" >&5) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&5 - echo "$as_me:17540: \$? = $ac_status" >&5 - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - lt_cv_prog_compiler_c_o_GCJ=yes - fi - fi - chmod u+w . 2>&5 - $rm conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files - $rm out/* && rmdir out - cd .. - rmdir conftest - $rm conftest* - -fi -{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5 -echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6; } - - -hard_links="nottested" -if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then - # do not overwrite the value of need_locks provided by the user - { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 -echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } - hard_links=yes - $rm conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - { echo "$as_me:$LINENO: result: $hard_links" >&5 -echo "${ECHO_T}$hard_links" >&6; } - if test "$hard_links" = no; then - { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 -echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} - need_locks=warn - fi -else - need_locks=no -fi - -{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } - - runpath_var= - allow_undefined_flag_GCJ= - enable_shared_with_static_runtimes_GCJ=no - archive_cmds_GCJ= - archive_expsym_cmds_GCJ= - old_archive_From_new_cmds_GCJ= - old_archive_from_expsyms_cmds_GCJ= - export_dynamic_flag_spec_GCJ= - whole_archive_flag_spec_GCJ= - thread_safe_flag_spec_GCJ= - hardcode_libdir_flag_spec_GCJ= - hardcode_libdir_flag_spec_ld_GCJ= - hardcode_libdir_separator_GCJ= - hardcode_direct_GCJ=no - hardcode_minus_L_GCJ=no - hardcode_shlibpath_var_GCJ=unsupported - link_all_deplibs_GCJ=unknown - hardcode_automatic_GCJ=no - module_cmds_GCJ= - module_expsym_cmds_GCJ= - always_export_symbols_GCJ=no - export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - # include_expsyms should be a list of space-separated symbols to be *always* - # included in the symbol list - include_expsyms_GCJ= - # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. - exclude_expsyms_GCJ="_GLOBAL_OFFSET_TABLE_" - # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out - # platforms (ab)use it in PIC code, but their linkers get confused if - # the symbol is explicitly referenced. Since portable code cannot - # rely on this symbol name, it's probably fine to never include it in - # preloaded symbol tables. - extract_expsyms_cmds= - # Just being paranoid about ensuring that cc_basename is set. - for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` - - case $host_os in - cygwin* | mingw* | pw32*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test "$GCC" != yes; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd*) - with_gnu_ld=no - ;; - esac - - ld_shlibs_GCJ=yes - if test "$with_gnu_ld" = yes; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' - - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - runpath_var=LD_RUN_PATH - hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir' - export_dynamic_flag_spec_GCJ='${wl}--export-dynamic' - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then - whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - whole_archive_flag_spec_GCJ= - fi - supports_anon_versioning=no - case `$LD -v 2>/dev/null` in - *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix3* | aix4* | aix5*) - # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then - ld_shlibs_GCJ=no - cat <&2 - -*** Warning: the GNU linker, at least up to release 2.9.1, is reported -*** to be unable to reliably create shared libraries on AIX. -*** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. - -EOF - fi - ;; - - amigaos*) - archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_minus_L_GCJ=yes - - # Samuel A. Falvo II reports - # that the semantics of dynamic libraries on AmigaOS, at least up - # to version 4, is to share data among multiple programs linked - # with the same dynamic library. Since this doesn't match the - # behavior of shared libraries on other platforms, we can't use - # them. - ld_shlibs_GCJ=no - ;; - - beos*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - allow_undefined_flag_GCJ=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - ld_shlibs_GCJ=no - fi - ;; - - cygwin* | mingw* | pw32*) - # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless, - # as there is no search path for DLLs. - hardcode_libdir_flag_spec_GCJ='-L$libdir' - allow_undefined_flag_GCJ=unsupported - always_export_symbols_GCJ=no - enable_shared_with_static_runtimes_GCJ=yes - export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - ld_shlibs_GCJ=no - fi - ;; - - interix3*) - hardcode_direct_GCJ=no - hardcode_shlibpath_var_GCJ=no - hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' - export_dynamic_flag_spec_GCJ='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - archive_cmds_GCJ='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - - linux*) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - tmp_addflag= - case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag' - ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 - tmp_addflag=' -i_dynamic' ;; - efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 - tmp_addflag=' -i_dynamic -nofor_main' ;; - ifc* | ifort*) # Intel Fortran compiler - tmp_addflag=' -nofor_main' ;; - esac - archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - - if test $supports_anon_versioning = yes; then - archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - $echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' - fi - else - ld_shlibs_GCJ=no - fi - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' - wlarc= - else - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - fi - ;; - - solaris*) - if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then - ld_shlibs_GCJ=no - cat <&2 - -*** Warning: The releases 2.8.* of the GNU linker cannot reliably -*** create shared libraries on Solaris systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.9.1 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -EOF - elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs_GCJ=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) - ld_shlibs_GCJ=no - cat <<_LT_EOF 1>&2 - -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not -*** reliably create shared libraries on SCO systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.16.91.0.3 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - ;; - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' - archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' - else - ld_shlibs_GCJ=no - fi - ;; - esac - ;; - - sunos4*) - archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - hardcode_direct_GCJ=yes - hardcode_shlibpath_var_GCJ=no - ;; - - *) - if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - ld_shlibs_GCJ=no - fi - ;; - esac - - if test "$ld_shlibs_GCJ" = no; then - runpath_var= - hardcode_libdir_flag_spec_GCJ= - export_dynamic_flag_spec_GCJ= - whole_archive_flag_spec_GCJ= - fi - else - # PORTME fill in a description of your system's linker (not GNU ld) - case $host_os in - aix3*) - allow_undefined_flag_GCJ=unsupported - always_export_symbols_GCJ=yes - archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - hardcode_minus_L_GCJ=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - hardcode_direct_GCJ=unsupported - fi - ;; - - aix4* | aix5*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | grep 'GNU' > /dev/null; then - export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - else - export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - fi - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[23]|aix4.[23].*|aix5*) - for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then - aix_use_runtimelinking=yes - break - fi - done - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - archive_cmds_GCJ='' - hardcode_direct_GCJ=yes - hardcode_libdir_separator_GCJ=':' - link_all_deplibs_GCJ=yes - - if test "$GCC" = yes; then - case $host_os in aix4.[012]|aix4.[012].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && \ - strings "$collect2name" | grep resolve_lib_name >/dev/null - then - # We have reworked collect2 - hardcode_direct_GCJ=yes - else - # We have old collect2 - hardcode_direct_GCJ=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - hardcode_minus_L_GCJ=yes - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_libdir_separator_GCJ= - fi - ;; - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - always_export_symbols_GCJ=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - allow_undefined_flag_GCJ='-berok' - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +ac_res=`eval echo \\\$$ac_foo` +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if test $ac_res = no; then +# Try to figure out why that failed... +case $abi in + -mabi=32) + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -mabi=n32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - +int x; ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi +if ac_fn_c_try_compile "$LINENO"; then : + ac_res=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - + ac_res=no fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CLAGS="$save_CFLAGS" + if test $ac_res = yes; then + # New GCC + as_fn_error "$CC does not support the $with_mips_abi ABI" "$LINENO" 5 + fi + # Old GCC + abi='' + abilibdirext='' + ;; + -mabi=n32|-mabi=64) + if test $with_mips_abi = yes; then + # Old GCC, default to O32 + abi='' + abilibdirext='' + else + # Some broken GCC + as_fn_error "$CC does not support the $with_mips_abi ABI" "$LINENO" 5 + fi + ;; +esac +fi #if test $ac_res = no; then +fi #if test -n "$abi" ; then +else +case "${with_mips_abi}" in + 32|o32) abi='-32'; abilibdirext='' ;; + n32|yes) abi='-n32'; abilibdirext='32' ;; + 64) abi='-64'; abilibdirext='64' ;; + no) abi=''; abilibdirext='';; + *) as_fn_error "\"Invalid ABI specified\"" "$LINENO" 5 ;; +esac +fi #if test -n "$GCC"; then +;; +esac -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi +CC="$CC $abi" +libdir="$libdir$abilibdirext" - hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath" - archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib' - allow_undefined_flag_GCJ="-z nodefs" - archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__" >&5 +$as_echo_n "checking for __attribute__... " >&6; } +if test "${ac_cv___attribute__+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#include +static void foo(void) __attribute__ ((noreturn)); -int -main () +static void +foo(void) { - - ; - return 0; + exit(1); } + _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } -}'`; fi +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv___attribute__=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - + ac_cv___attribute__=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi +if test "$ac_cv___attribute__" = "yes"; then - hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - no_undefined_flag_GCJ=' ${wl}-bernotok' - allow_undefined_flag_GCJ=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - whole_archive_flag_spec_GCJ='$convenience' - archive_cmds_need_lc_GCJ=yes - # This is similar to how AIX traditionally builds its shared libraries. - archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; +$as_echo "#define HAVE___ATTRIBUTE__ 1" >>confdefs.h - amigaos*) - archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_minus_L_GCJ=yes - # see comment about different semantics on the GNU ld section - ld_shlibs_GCJ=no - ;; - - bsdi[45]*) - export_dynamic_flag_spec_GCJ=-rdynamic - ;; - - cygwin* | mingw* | pw32*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - hardcode_libdir_flag_spec_GCJ=' ' - allow_undefined_flag_GCJ=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" - # FIXME: Setting linknames here is a bad hack. - archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - old_archive_From_new_cmds_GCJ='true' - # FIXME: Should let the user specify the lib program. - old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs' - fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`' - enable_shared_with_static_runtimes_GCJ=yes - ;; - - darwin* | rhapsody*) - case $host_os in - rhapsody* | darwin1.[012]) - allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress' - ;; - *) # Darwin 1.3 on - if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then - allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - else - case ${MACOSX_DEPLOYMENT_TARGET} in - 10.[012]) - allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' - ;; - 10.*) - allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup' - ;; - esac - fi - ;; - esac - archive_cmds_need_lc_GCJ=no - hardcode_direct_GCJ=no - hardcode_automatic_GCJ=yes - hardcode_shlibpath_var_GCJ=unsupported - whole_archive_flag_spec_GCJ='' - link_all_deplibs_GCJ=yes - if test "$GCC" = yes ; then - output_verbose_link_cmd='echo' - archive_cmds_GCJ='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' - module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - else - case $cc_basename in - xlc*) - output_verbose_link_cmd='echo' - archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' - module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' - # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds - archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' - ;; - *) - ld_shlibs_GCJ=no - ;; - esac - fi - ;; - - dgux*) - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_shlibpath_var_GCJ=no - ;; - - freebsd1*) - ld_shlibs_GCJ=no - ;; - - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor - # support. Future versions do this automatically, but an explicit c++rt0.o - # does not break anything, and helps significantly (at the cost of a little - # extra space). - freebsd2.2*) - archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' - hardcode_libdir_flag_spec_GCJ='-R$libdir' - hardcode_direct_GCJ=yes - hardcode_shlibpath_var_GCJ=no - ;; - - # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) - archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_GCJ=yes - hardcode_minus_L_GCJ=yes - hardcode_shlibpath_var_GCJ=no - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | kfreebsd*-gnu | dragonfly*) - archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec_GCJ='-R$libdir' - hardcode_direct_GCJ=yes - hardcode_shlibpath_var_GCJ=no - ;; - - hpux9*) - if test "$GCC" = yes; then - archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - fi - hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_GCJ=: - hardcode_direct_GCJ=yes - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L_GCJ=yes - export_dynamic_flag_spec_GCJ='${wl}-E' - ;; - - hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' - fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_GCJ=: - - hardcode_direct_GCJ=yes - export_dynamic_flag_spec_GCJ='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L_GCJ=yes - fi - ;; - - hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - case $host_cpu in - hppa*64*) - archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - else - case $host_cpu in - hppa*64*) - archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - fi - if test "$with_gnu_ld" = no; then - hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' - hardcode_libdir_separator_GCJ=: - - case $host_cpu in - hppa*64*|ia64*) - hardcode_libdir_flag_spec_ld_GCJ='+b $libdir' - hardcode_direct_GCJ=no - hardcode_shlibpath_var_GCJ=no - ;; - *) - hardcode_direct_GCJ=yes - export_dynamic_flag_spec_GCJ='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - hardcode_minus_L_GCJ=yes - ;; - esac - fi - ;; - - irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir' - fi - hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_GCJ=: - link_all_deplibs_GCJ=yes - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out - else - archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF - fi - hardcode_libdir_flag_spec_GCJ='-R$libdir' - hardcode_direct_GCJ=yes - hardcode_shlibpath_var_GCJ=no - ;; - - newsos6) - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_GCJ=yes - hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_GCJ=: - hardcode_shlibpath_var_GCJ=no - ;; - - openbsd*) - hardcode_direct_GCJ=yes - hardcode_shlibpath_var_GCJ=no - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' - export_dynamic_flag_spec_GCJ='${wl}-E' - else - case $host_os in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec_GCJ='-R$libdir' - ;; - *) - archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' - ;; - esac - fi - ;; - - os2*) - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_minus_L_GCJ=yes - allow_undefined_flag_GCJ=unsupported - archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' - ;; - - osf3*) - if test "$GCC" = yes; then - allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - allow_undefined_flag_GCJ=' -expect_unresolved \*' - archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - fi - hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' - hardcode_libdir_separator_GCJ=: - ;; - - osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*' - archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' - else - allow_undefined_flag_GCJ=' -expect_unresolved \*' - archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' - archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ - $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' - - # Both c and cxx compiler support -rpath directly - hardcode_libdir_flag_spec_GCJ='-rpath $libdir' - fi - hardcode_libdir_separator_GCJ=: - ;; - - solaris*) - no_undefined_flag_GCJ=' -z text' - if test "$GCC" = yes; then - wlarc='${wl}' - archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' - else - wlarc='' - archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' - archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' - fi - hardcode_libdir_flag_spec_GCJ='-R$libdir' - hardcode_shlibpath_var_GCJ=no - case $host_os in - solaris2.[0-5] | solaris2.[0-5].*) ;; - *) - # The compiler driver will combine linker options so we - # cannot just pass the convience library names through - # without $wl, iff we do not link with $LD. - # Luckily, gcc supports the same syntax we need for Sun Studio. - # Supported since Solaris 2.6 (maybe 2.5.1?) - case $wlarc in - '') - whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;; - *) - whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; - esac ;; - esac - link_all_deplibs_GCJ=yes - ;; - - sunos4*) - if test "x$host_vendor" = xsequent; then - # Use $CC to link under sequent, because it throws in some extra .o - # files that make .init and .fini sections work. - archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' - fi - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_direct_GCJ=yes - hardcode_minus_L_GCJ=yes - hardcode_shlibpath_var_GCJ=no - ;; - - sysv4) - case $host_vendor in - sni) - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_GCJ=yes # is this really true??? - ;; - siemens) - ## LD is ld it makes a PLAMLIB - ## CC just makes a GrossModule. - archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags' - reload_cmds_GCJ='$CC -r -o $output$reload_objs' - hardcode_direct_GCJ=no - ;; - motorola) - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie - ;; - esac - runpath_var='LD_RUN_PATH' - hardcode_shlibpath_var_GCJ=no - ;; - - sysv4.3*) - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_shlibpath_var_GCJ=no - export_dynamic_flag_spec_GCJ='-Bexport' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_shlibpath_var_GCJ=no - runpath_var=LD_RUN_PATH - hardcode_runpath_var=yes - ld_shlibs_GCJ=yes - fi - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) - no_undefined_flag_GCJ='${wl}-z,text' - archive_cmds_need_lc_GCJ=no - hardcode_shlibpath_var_GCJ=no - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - archive_cmds_GCJ='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_GCJ='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - no_undefined_flag_GCJ='${wl}-z,text' - allow_undefined_flag_GCJ='${wl}-z,nodefs' - archive_cmds_need_lc_GCJ=no - hardcode_shlibpath_var_GCJ=no - hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' - hardcode_libdir_separator_GCJ=':' - link_all_deplibs_GCJ=yes - export_dynamic_flag_spec_GCJ='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - archive_cmds_GCJ='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - else - archive_cmds_GCJ='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - uts4*) - archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - hardcode_libdir_flag_spec_GCJ='-L$libdir' - hardcode_shlibpath_var_GCJ=no - ;; - - *) - ld_shlibs_GCJ=no - ;; - esac - fi - -{ echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5 -echo "${ECHO_T}$ld_shlibs_GCJ" >&6; } -test "$ld_shlibs_GCJ" = no && can_build_shared=no - -# -# Do we need to explicitly link libc? -# -case "x$archive_cmds_need_lc_GCJ" in -x|xyes) - # Assume -lc should be added - archive_cmds_need_lc_GCJ=yes - - if test "$enable_shared" = yes && test "$GCC" = yes; then - case $archive_cmds_GCJ in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 -echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } - $rm conftest* - printf "$lt_simple_compile_test_code" > conftest.$ac_ext - - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$lt_prog_compiler_wl_GCJ - pic_flag=$lt_prog_compiler_pic_GCJ - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ - allow_undefined_flag_GCJ= - if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 - (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } - then - archive_cmds_need_lc_GCJ=no - else - archive_cmds_need_lc_GCJ=yes - fi - allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $rm conftest* - { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5 -echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6; } - ;; - esac - fi - ;; -esac - -{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 -echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=".so" -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - -case $host_os in -aix3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' - ;; - -aix4* | aix5*) - version_type=linux - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test "$host_cpu" = ia64; then - # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[01] | aix4.[01].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - -beos*) - library_names_spec='${libname}${shared_ext}' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[45]*) - version_type=linux - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32*) - version_type=windows - shrext_cmds=".dll" - need_version=no - need_lib_prefix=no - - case $GCC,$host_os in - yes,cygwin* | yes,mingw* | yes,pw32*) - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $rm \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" - ;; - mingw*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' - ;; - esac - ;; - - *) - library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' - ;; - esac - dynamic_linker='Win32 ld.exe' - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext ${libname}${release}${versuffix}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' - # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. - if test "$GCC" = yes; then - sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` - else - sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' - fi - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd1*) - dynamic_linker=no - ;; - -kfreebsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[123]*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[01]* | freebsdelf3.[01]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ - freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - freebsd*) # from 4.6 on - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -gnu*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. - postinstall_cmds='chmod 555 $lib' - ;; - -interix3*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -# This must be Linux ELF. -linux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -knetbsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='GNU ld.so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -nto-qnx*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -openbsd*) - version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" - need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[89] | openbsd2.[89].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac - else - shlibpath_overrides_runpath=yes - fi - ;; - -os2*) - libname_spec='$name' - shrext_cmds=".dll" - need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" - ;; - -solaris*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - export_dynamic_flag_spec='${wl}-Blargedynsym' - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec ;then - version_type=linux - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - shlibpath_overrides_runpath=no - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - shlibpath_overrides_runpath=yes - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -uts4*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 -echo "${ECHO_T}$dynamic_linker" >&6; } -test "$dynamic_linker" = no && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 -echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } -hardcode_action_GCJ= -if test -n "$hardcode_libdir_flag_spec_GCJ" || \ - test -n "$runpath_var_GCJ" || \ - test "X$hardcode_automatic_GCJ" = "Xyes" ; then - - # We can hardcode non-existant directories. - if test "$hardcode_direct_GCJ" != no && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no && - test "$hardcode_minus_L_GCJ" != no; then - # Linking always hardcodes the temporary library directory. - hardcode_action_GCJ=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - hardcode_action_GCJ=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - hardcode_action_GCJ=unsupported -fi -{ echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5 -echo "${ECHO_T}$hardcode_action_GCJ" >&6; } - -if test "$hardcode_action_GCJ" = relink; then - # Fast installation is not supported - enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then - # Fast installation is not necessary - enable_fast_install=needless -fi - - -# The else clause should only fire when bootstrapping the -# libtool distribution, otherwise you forgot to ship ltmain.sh -# with your package, and you will get complaints that there are -# no rules to generate ltmain.sh. -if test -f "$ltmain"; then - # See if we are running on zsh, and set the options which allow our commands through - # without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST - fi - # Now quote all the things that may contain metacharacters while being - # careful not to overquote the AC_SUBSTed values. We take copies of the - # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ - SED SHELL STRIP \ - libname_spec library_names_spec soname_spec extract_expsyms_cmds \ - old_striplib striplib file_magic_cmd finish_cmds finish_eval \ - deplibs_check_method reload_flag reload_cmds need_locks \ - lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ - lt_cv_sys_global_symbol_to_c_name_address \ - sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ - old_postinstall_cmds old_postuninstall_cmds \ - compiler_GCJ \ - CC_GCJ \ - LD_GCJ \ - lt_prog_compiler_wl_GCJ \ - lt_prog_compiler_pic_GCJ \ - lt_prog_compiler_static_GCJ \ - lt_prog_compiler_no_builtin_flag_GCJ \ - export_dynamic_flag_spec_GCJ \ - thread_safe_flag_spec_GCJ \ - whole_archive_flag_spec_GCJ \ - enable_shared_with_static_runtimes_GCJ \ - old_archive_cmds_GCJ \ - old_archive_from_new_cmds_GCJ \ - predep_objects_GCJ \ - postdep_objects_GCJ \ - predeps_GCJ \ - postdeps_GCJ \ - compiler_lib_search_path_GCJ \ - archive_cmds_GCJ \ - archive_expsym_cmds_GCJ \ - postinstall_cmds_GCJ \ - postuninstall_cmds_GCJ \ - old_archive_from_expsyms_cmds_GCJ \ - allow_undefined_flag_GCJ \ - no_undefined_flag_GCJ \ - export_symbols_cmds_GCJ \ - hardcode_libdir_flag_spec_GCJ \ - hardcode_libdir_flag_spec_ld_GCJ \ - hardcode_libdir_separator_GCJ \ - hardcode_automatic_GCJ \ - module_cmds_GCJ \ - module_expsym_cmds_GCJ \ - lt_cv_prog_compiler_c_o_GCJ \ - exclude_expsyms_GCJ \ - include_expsyms_GCJ; do - - case $var in - old_archive_cmds_GCJ | \ - old_archive_from_new_cmds_GCJ | \ - archive_cmds_GCJ | \ - archive_expsym_cmds_GCJ | \ - module_cmds_GCJ | \ - module_expsym_cmds_GCJ | \ - old_archive_from_expsyms_cmds_GCJ | \ - export_symbols_cmds_GCJ | \ - extract_expsyms_cmds | reload_cmds | finish_cmds | \ - postinstall_cmds | postuninstall_cmds | \ - old_postinstall_cmds | old_postuninstall_cmds | \ - sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) - # Double-quote double-evaled strings. - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" - ;; - *) - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" - ;; - esac - done - - case $lt_echo in - *'\$0 --fallback-echo"') - lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` - ;; - esac - -cfgfile="$ofile" - - cat <<__EOF__ >> "$cfgfile" -# ### BEGIN LIBTOOL TAG CONFIG: $tagname - -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc_GCJ - -# Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# An echo program that does not interpret backslashes. -echo=$lt_echo - -# The archiver. -AR=$lt_AR -AR_FLAGS=$lt_AR_FLAGS - -# A C compiler. -LTCC=$lt_LTCC - -# LTCC compiler flags. -LTCFLAGS=$lt_LTCFLAGS - -# A language-specific compiler. -CC=$lt_compiler_GCJ - -# Is the compiler the GNU C compiler? -with_gcc=$GCC_GCJ - -# An ERE matcher. -EGREP=$lt_EGREP - -# The linker used to build libraries. -LD=$lt_LD_GCJ - -# Whether we need hard or soft links. -LN_S=$lt_LN_S - -# A BSD-compatible nm program. -NM=$lt_NM - -# A symbol stripping program -STRIP=$lt_STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl_GCJ - -# Object file suffix (normally "o"). -objext="$ac_objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Shared library suffix (normally ".so"). -shrext_cmds='$shrext_cmds' - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic_GCJ -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$lt_cv_sys_max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static_GCJ - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$lt_RANLIB -old_archive_cmds=$lt_old_archive_cmds_GCJ -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ - -# Commands used to build and install a shared archive. -archive_cmds=$lt_archive_cmds_GCJ -archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ -postinstall_cmds=$lt_postinstall_cmds -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to build a loadable module (assumed same as above if empty) -module_cmds=$lt_module_cmds_GCJ -module_expsym_cmds=$lt_module_expsym_cmds_GCJ - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$lt_predep_objects_GCJ - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$lt_postdep_objects_GCJ - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$lt_predeps_GCJ - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$lt_postdeps_GCJ - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$lt_file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag_GCJ - -# Flag that forces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag_GCJ - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$lt_finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm in a C name address pair -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action_GCJ - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ - -# If ld is used when linking, flag to hardcode \$libdir into -# a binary during linking. This must work even if \$libdir does -# not exist. -hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ - -# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$hardcode_direct_GCJ - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$hardcode_minus_L_GCJ - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ - -# Set to yes if building a shared library automatically hardcodes DIR into the library -# and all subsequent libraries and executables linked against it. -hardcode_automatic=$hardcode_automatic_GCJ - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs_GCJ - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$fix_srcfile_path_GCJ" - -# Set to yes if exported symbols are required. -always_export_symbols=$always_export_symbols_GCJ - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds_GCJ - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms_GCJ - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms_GCJ - -# ### END LIBTOOL TAG CONFIG: $tagname - -__EOF__ - - -else - # If there is no Makefile yet, we rely on a make rule to execute - # `config.status --recheck' to rerun these tests and create the - # libtool script then. - ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` - if test -f "$ltmain_in"; then - test -f Makefile && make "$ltmain" - fi -fi - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -CC="$lt_save_CC" - - else - tagname="" - fi - ;; - - RC) - - -# Source file extension for RC test sources. -ac_ext=rc - -# Object file extension for compiled RC test sources. -objext=o -objext_RC=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n' - -# Code to be used in simple link tests -lt_simple_link_test_code="$lt_simple_compile_test_code" - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC - - -# save warnings/boilerplate of simple test code -ac_outfile=conftest.$ac_objext -printf "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$rm conftest* - -ac_outfile=conftest.$ac_objext -printf "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$rm conftest* - - -# Allow CC to be a program name with arguments. -lt_save_CC="$CC" -CC=${RC-"windres"} -compiler=$CC -compiler_RC=$CC -for cc_temp in $compiler""; do - case $cc_temp in - compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; - distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` - -lt_cv_prog_compiler_c_o_RC=yes - -# The else clause should only fire when bootstrapping the -# libtool distribution, otherwise you forgot to ship ltmain.sh -# with your package, and you will get complaints that there are -# no rules to generate ltmain.sh. -if test -f "$ltmain"; then - # See if we are running on zsh, and set the options which allow our commands through - # without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST - fi - # Now quote all the things that may contain metacharacters while being - # careful not to overquote the AC_SUBSTed values. We take copies of the - # variables and quote the copies for generation of the libtool script. - for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ - SED SHELL STRIP \ - libname_spec library_names_spec soname_spec extract_expsyms_cmds \ - old_striplib striplib file_magic_cmd finish_cmds finish_eval \ - deplibs_check_method reload_flag reload_cmds need_locks \ - lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ - lt_cv_sys_global_symbol_to_c_name_address \ - sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ - old_postinstall_cmds old_postuninstall_cmds \ - compiler_RC \ - CC_RC \ - LD_RC \ - lt_prog_compiler_wl_RC \ - lt_prog_compiler_pic_RC \ - lt_prog_compiler_static_RC \ - lt_prog_compiler_no_builtin_flag_RC \ - export_dynamic_flag_spec_RC \ - thread_safe_flag_spec_RC \ - whole_archive_flag_spec_RC \ - enable_shared_with_static_runtimes_RC \ - old_archive_cmds_RC \ - old_archive_from_new_cmds_RC \ - predep_objects_RC \ - postdep_objects_RC \ - predeps_RC \ - postdeps_RC \ - compiler_lib_search_path_RC \ - archive_cmds_RC \ - archive_expsym_cmds_RC \ - postinstall_cmds_RC \ - postuninstall_cmds_RC \ - old_archive_from_expsyms_cmds_RC \ - allow_undefined_flag_RC \ - no_undefined_flag_RC \ - export_symbols_cmds_RC \ - hardcode_libdir_flag_spec_RC \ - hardcode_libdir_flag_spec_ld_RC \ - hardcode_libdir_separator_RC \ - hardcode_automatic_RC \ - module_cmds_RC \ - module_expsym_cmds_RC \ - lt_cv_prog_compiler_c_o_RC \ - exclude_expsyms_RC \ - include_expsyms_RC; do - - case $var in - old_archive_cmds_RC | \ - old_archive_from_new_cmds_RC | \ - archive_cmds_RC | \ - archive_expsym_cmds_RC | \ - module_cmds_RC | \ - module_expsym_cmds_RC | \ - old_archive_from_expsyms_cmds_RC | \ - export_symbols_cmds_RC | \ - extract_expsyms_cmds | reload_cmds | finish_cmds | \ - postinstall_cmds | postuninstall_cmds | \ - old_postinstall_cmds | old_postuninstall_cmds | \ - sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) - # Double-quote double-evaled strings. - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" - ;; - *) - eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" - ;; - esac - done - - case $lt_echo in - *'\$0 --fallback-echo"') - lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` - ;; - esac - -cfgfile="$ofile" - - cat <<__EOF__ >> "$cfgfile" -# ### BEGIN LIBTOOL TAG CONFIG: $tagname - -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: - -# Shell to use when invoking shell scripts. -SHELL=$lt_SHELL - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$archive_cmds_need_lc_RC - -# Whether or not to disallow shared libs when runtime libs are static -allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host -host_os=$host_os - -# The build system. -build_alias=$build_alias -build=$build -build_os=$build_os - -# An echo program that does not interpret backslashes. -echo=$lt_echo - -# The archiver. -AR=$lt_AR -AR_FLAGS=$lt_AR_FLAGS - -# A C compiler. -LTCC=$lt_LTCC - -# LTCC compiler flags. -LTCFLAGS=$lt_LTCFLAGS - -# A language-specific compiler. -CC=$lt_compiler_RC - -# Is the compiler the GNU C compiler? -with_gcc=$GCC_RC - -# An ERE matcher. -EGREP=$lt_EGREP - -# The linker used to build libraries. -LD=$lt_LD_RC - -# Whether we need hard or soft links. -LN_S=$lt_LN_S - -# A BSD-compatible nm program. -NM=$lt_NM - -# A symbol stripping program -STRIP=$lt_STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$lt_reload_flag -reload_cmds=$lt_reload_cmds - -# How to pass a linker flag through the compiler. -wl=$lt_lt_prog_compiler_wl_RC - -# Object file suffix (normally "o"). -objext="$ac_objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Shared library suffix (normally ".so"). -shrext_cmds='$shrext_cmds' - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$lt_lt_prog_compiler_pic_RC -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$lt_cv_sys_max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC - -# Must we lock files when doing compilation? -need_locks=$lt_need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$lt_lt_prog_compiler_static_RC - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$lt_libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$lt_library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$lt_soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$lt_RANLIB -old_archive_cmds=$lt_old_archive_cmds_RC -old_postinstall_cmds=$lt_old_postinstall_cmds -old_postuninstall_cmds=$lt_old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC - -# Commands used to build and install a shared archive. -archive_cmds=$lt_archive_cmds_RC -archive_expsym_cmds=$lt_archive_expsym_cmds_RC -postinstall_cmds=$lt_postinstall_cmds -postuninstall_cmds=$lt_postuninstall_cmds - -# Commands used to build a loadable module (assumed same as above if empty) -module_cmds=$lt_module_cmds_RC -module_expsym_cmds=$lt_module_expsym_cmds_RC - -# Commands to strip libraries. -old_striplib=$lt_old_striplib -striplib=$lt_striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$lt_predep_objects_RC - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$lt_postdep_objects_RC - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$lt_predeps_RC - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$lt_postdeps_RC - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$lt_compiler_lib_search_path_RC - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$lt_deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$lt_file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$lt_allow_undefined_flag_RC - -# Flag that forces no undefined symbols. -no_undefined_flag=$lt_no_undefined_flag_RC - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$lt_finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$lt_finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl - -# Transform the output of nm in a C name address pair -global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action_RC - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC - -# If ld is used when linking, flag to hardcode \$libdir into -# a binary during linking. This must work even if \$libdir does -# not exist. -hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC - -# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$hardcode_direct_RC - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$hardcode_minus_L_RC - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var_RC - -# Set to yes if building a shared library automatically hardcodes DIR into the library -# and all subsequent libraries and executables linked against it. -hardcode_automatic=$hardcode_automatic_RC - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs_RC - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$lt_sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$fix_srcfile_path_RC" - -# Set to yes if exported symbols are required. -always_export_symbols=$always_export_symbols_RC - -# The commands to list exported symbols. -export_symbols_cmds=$lt_export_symbols_cmds_RC - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$lt_extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$lt_exclude_expsyms_RC - -# Symbols that must always be exported. -include_expsyms=$lt_include_expsyms_RC - -# ### END LIBTOOL TAG CONFIG: $tagname - -__EOF__ - - -else - # If there is no Makefile yet, we rely on a make rule to execute - # `config.status --recheck' to rerun these tests and create the - # libtool script then. - ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` - if test -f "$ltmain_in"; then - test -f Makefile && make "$ltmain" - fi -fi - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -CC="$lt_save_CC" - - ;; - - *) - { { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5 -echo "$as_me: error: Unsupported tag name: $tagname" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - - # Append the new tag name to the list of available tags. - if test -n "$tagname" ; then - available_tags="$available_tags $tagname" - fi - fi - done - IFS="$lt_save_ifs" - - # Now substitute the updated list of available tags. - if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then - mv "${ofile}T" "$ofile" - chmod +x "$ofile" - else - rm -f "${ofile}T" - { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5 -echo "$as_me: error: unable to update list of available tagged configurations." >&2;} - { (exit 1); exit 1; }; } - fi -fi - - - -# This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh" - -# Always use our own libtool. -LIBTOOL='$(SHELL) $(top_builddir)/libtool' - -# Prevent multiple expansion - - - - - - - - - - - - - - - - +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv___attribute__" >&5 +$as_echo "$ac_cv___attribute__" >&6; } @@ -20205,10 +12752,10 @@ else fi -{ echo "$as_me:$LINENO: checking for ld --version-script" >&5 -echo $ECHO_N "checking for ld --version-script... $ECHO_C" >&6; } -if test "${rk_cv_version_script+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld --version-script" >&5 +$as_echo_n "checking for ld --version-script... " >&6; } +if test "${rk_cv_version_script+set}" = set; then : + $as_echo_n "(cached) " >&6 else rk_cv_version_script=no @@ -20225,22 +12772,26 @@ cat > conftest.c <&5 + if { ac_try='${CC-cc} -c $CFLAGS -fPIC conftest.c' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } && + { ac_try='${CC-cc} -shared -Wl,--version-script,conftest.map $CFLAGS $LDFLAGS -o libconftestlib.so conftest.o' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then rk_cv_version_script=yes fi -rm -f conftest* +rm -rf conftest* libconftest* .libs fi -{ echo "$as_me:$LINENO: result: $rk_cv_version_script" >&5 -echo "${ECHO_T}$rk_cv_version_script" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rk_cv_version_script" >&5 +$as_echo "$rk_cv_version_script" >&6; } if test $rk_cv_version_script = yes ; then doversioning=yes @@ -20265,18 +12816,68 @@ fi + + if test "${cross_compiling}" = yes; then + CROSS_COMPILE_TRUE= + CROSS_COMPILE_FALSE='#' +else + CROSS_COMPILE_TRUE='#' + CROSS_COMPILE_FALSE= +fi + + + +# Check whether --with-cross-tools was given. +if test "${with_cross_tools+set}" = set; then : + withval=$with_cross_tools; if test "$withval" = "yes"; then + as_fn_error "Need path to cross tools" "$LINENO" 5 + fi + with_cross_tools="${with_cross_tools}/" + +fi + + +if test "${cross_compiling}" != yes ; then + + ASN1_COMPILE="\$(top_builddir)/lib/asn1/asn1_compile\$(EXEEXT)" + SLC="\$(top_builddir)/lib/sl/slc" + + ASN1_COMPILE_DEP="\$(ASN1_COMPILE)" + SLC_DEP="\$(SLC)" +else + ASN1_COMPILE="${with_cross_tools}asn1_compile" + SLC="${with_cross_tools}slc" + + ASN1_COMPILE_DEP= + SLC_DEP= + + ac_cv_prog_COMPILE_ET=${with_cross_tools}compile_et + +fi + + + + + + + + + +$as_echo "#define HEIM_WEAK_CRYPTO 1" >>confdefs.h + + + + # Check whether --with-openldap was given. -if test "${with_openldap+set}" = set; then +if test "${with_openldap+set}" = set; then : withval=$with_openldap; fi # Check whether --with-openldap-lib was given. -if test "${with_openldap_lib+set}" = set; then +if test "${with_openldap_lib+set}" = set; then : withval=$with_openldap_lib; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openldap-lib" >&5 -echo "$as_me: error: No argument for --with-openldap-lib" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-openldap-lib" "$LINENO" 5 elif test "X$with_openldap" = "X"; then with_openldap=yes fi @@ -20284,11 +12885,9 @@ fi # Check whether --with-openldap-include was given. -if test "${with_openldap_include+set}" = set; then +if test "${with_openldap_include+set}" = set; then : withval=$with_openldap_include; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openldap-include" >&5 -echo "$as_me: error: No argument for --with-openldap-include" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-openldap-include" "$LINENO" 5 elif test "X$with_openldap" = "X"; then with_openldap=yes fi @@ -20296,15 +12895,15 @@ fi # Check whether --with-openldap-config was given. -if test "${with_openldap_config+set}" = set; then +if test "${with_openldap_config+set}" = set; then : withval=$with_openldap_config; fi -{ echo "$as_me:$LINENO: checking for openldap" >&5 -echo $ECHO_N "checking for openldap... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openldap" >&5 +$as_echo_n "checking for openldap... " >&6; } case "$with_openldap" in yes|"") d='' ;; @@ -20368,11 +12967,8 @@ if test "$with_openldap" != no; then if test "$openldap_cflags" -a "$openldap_libs"; then CFLAGS="$openldap_cflags $save_CFLAGS" LIBS="$openldap_libs $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -20384,49 +12980,23 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : INCLUDE_openldap="$openldap_cflags" LIB_openldap="$openldap_libs" - { echo "$as_me:$LINENO: result: from $with_openldap_config" >&5 -echo "${ECHO_T}from $with_openldap_config" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: from $with_openldap_config" >&5 +$as_echo "from $with_openldap_config" >&6; } found=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi if test "$found" = no; then ires= lres= for i in $header_dirs; do CFLAGS="-I$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -20438,40 +13008,14 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ires=$i;break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done for i in $lib_dirs; do LIBS="-L$i -lldap -llber $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -20483,41 +13027,18 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : lres=$i;break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done if test "$ires" -a "$lres" -a "$with_openldap" != "no"; then INCLUDE_openldap="-I$ires" LIB_openldap="-L$lres -lldap -llber " found=yes - { echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 -echo "${ECHO_T}headers $ires, libraries $lres" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: headers $ires, libraries $lres" >&5 +$as_echo "headers $ires, libraries $lres" >&6; } fi fi CFLAGS="$save_CFLAGS" @@ -20535,8 +13056,8 @@ else with_openldap=no INCLUDE_openldap= LIB_openldap= - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -20544,15 +13065,13 @@ fi # Check whether --enable-hdb-openldap-module was given. -if test "${enable_hdb_openldap_module+set}" = set; then +if test "${enable_hdb_openldap_module+set}" = set; then : enableval=$enable_hdb_openldap_module; fi if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then -cat >>confdefs.h <<\_ACEOF -#define OPENLDAP_MODULE 1 -_ACEOF +$as_echo "#define OPENLDAP_MODULE 1" >>confdefs.h fi if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then @@ -20564,16 +13083,15 @@ else fi + # Check whether --enable-pk-init was given. -if test "${enable_pk_init+set}" = set; then +if test "${enable_pk_init+set}" = set; then : enableval=$enable_pk_init; fi if test "$enable_pk_init" != no ;then -cat >>confdefs.h <<\_ACEOF -#define PKINIT 1 -_ACEOF +$as_echo "#define PKINIT 1" >>confdefs.h fi if test "$enable_pk_init" != no; then @@ -20585,10 +13103,683 @@ else fi +# Check whether --enable-digest was given. +if test "${enable_digest+set}" = set; then : + enableval=$enable_digest; +fi + +if test "$enable_digest" != no ;then + +$as_echo "#define DIGEST 1" >>confdefs.h + +fi + +# Check whether --enable-kx509 was given. +if test "${enable_kx509+set}" = set; then : + enableval=$enable_kx509; +fi + +if test "$enable_kx509" != no ;then + +$as_echo "#define KX509 1" >>confdefs.h + +fi + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi + +fi + + +# Check whether --with-capng was given. +if test "${with_capng+set}" = set; then : + withval=$with_capng; +else + with_capng=check +fi + +if test "$with_capng" != "no"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CAPNG" >&5 +$as_echo_n "checking for CAPNG... " >&6; } + +if test -n "$PKG_CONFIG"; then + if test -n "$CAPNG_CFLAGS"; then + pkg_cv_CAPNG_CFLAGS="$CAPNG_CFLAGS" + else + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcap-ng >= 0.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcap-ng >= 0.4.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CAPNG_CFLAGS=`$PKG_CONFIG --cflags "libcap-ng >= 0.4.0" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi +if test -n "$PKG_CONFIG"; then + if test -n "$CAPNG_LIBS"; then + pkg_cv_CAPNG_LIBS="$CAPNG_LIBS" + else + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcap-ng >= 0.4.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcap-ng >= 0.4.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CAPNG_LIBS=`$PKG_CONFIG --libs "libcap-ng >= 0.4.0" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + CAPNG_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libcap-ng >= 0.4.0"` + else + CAPNG_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libcap-ng >= 0.4.0"` + fi + # Put the nasty error message in config.log where it belongs + echo "$CAPNG_PKG_ERRORS" >&5 + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + with_capng=no +elif test $pkg_failed = untried; then + with_capng=no +else + CAPNG_CFLAGS=$pkg_cv_CAPNG_CFLAGS + CAPNG_LIBS=$pkg_cv_CAPNG_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + with_capng=yes +fi +fi +if test "$with_capng" = "yes"; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_CAPNG 1 +_ACEOF + +fi + if test "$with_capng" != "no"; then + HAVE_CAPNG_TRUE= + HAVE_CAPNG_FALSE='#' +else + HAVE_CAPNG_TRUE='#' + HAVE_CAPNG_FALSE= +fi + + + + + + +# Check whether --with-sqlite3 was given. +if test "${with_sqlite3+set}" = set; then : + withval=$with_sqlite3; +fi + + +# Check whether --with-sqlite3-lib was given. +if test "${with_sqlite3_lib+set}" = set; then : + withval=$with_sqlite3_lib; if test "$withval" = "yes" -o "$withval" = "no"; then + as_fn_error "No argument for --with-sqlite3-lib" "$LINENO" 5 +elif test "X$with_sqlite3" = "X"; then + with_sqlite3=yes +fi +fi + + +# Check whether --with-sqlite3-include was given. +if test "${with_sqlite3_include+set}" = set; then : + withval=$with_sqlite3_include; if test "$withval" = "yes" -o "$withval" = "no"; then + as_fn_error "No argument for --with-sqlite3-include" "$LINENO" 5 +elif test "X$with_sqlite3" = "X"; then + with_sqlite3=yes +fi +fi + + +# Check whether --with-sqlite3-config was given. +if test "${with_sqlite3_config+set}" = set; then : + withval=$with_sqlite3_config; +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sqlite3" >&5 +$as_echo_n "checking for sqlite3... " >&6; } + +case "$with_sqlite3" in +yes|"") d='' ;; +no) d= ;; +*) d="$with_sqlite3" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_sqlite3_include" = ""; then + if test -d "$i/include/sqlite3"; then + header_dirs="$header_dirs $i/include/sqlite3" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_sqlite3_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_sqlite3_include"; then + header_dirs="$with_sqlite3_include $header_dirs" +fi +if test "$with_sqlite3_lib"; then + lib_dirs="$with_sqlite3_lib $lib_dirs" +fi + +if test "$with_sqlite3_config" = ""; then + with_sqlite3_config='' +fi + +sqlite3_cflags= +sqlite3_libs= + +case "$with_sqlite3_config" in +yes|no|""|"") + if test -f $with_sqlite3/bin/ ; then + with_sqlite3_config=$with_sqlite3/bin/ + fi + ;; +esac + +case "$with_sqlite3_config" in +yes|no|"") + ;; +*) + sqlite3_cflags="`$with_sqlite3_config --cflags 2>&1`" + sqlite3_libs="`$with_sqlite3_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_sqlite3" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$sqlite3_cflags" -a "$sqlite3_libs"; then + CFLAGS="$sqlite3_cflags $save_CFLAGS" + LIBS="$sqlite3_libs $save_LIBS" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifndef SQLITE_OPEN_CREATE +#error "old version" +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + INCLUDE_sqlite3="$sqlite3_cflags" + LIB_sqlite3="$sqlite3_libs" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: from $with_sqlite3_config" >&5 +$as_echo "from $with_sqlite3_config" >&6; } + found=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifndef SQLITE_OPEN_CREATE +#error "old version" +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ires=$i;break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done + for i in $lib_dirs; do + LIBS="-L$i -lsqlite3 $save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifndef SQLITE_OPEN_CREATE +#error "old version" +#endif +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lres=$i;break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done + if test "$ires" -a "$lres" -a "$with_sqlite3" != "no"; then + INCLUDE_sqlite3="-I$ires" + LIB_sqlite3="-L$lres -lsqlite3 " + found=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: headers $ires, libraries $lres" >&5 +$as_echo "headers $ires, libraries $lres" >&6; } + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + +cat >>confdefs.h <<_ACEOF +#define SQLITE3 1 +_ACEOF + + with_sqlite3=yes +else + with_sqlite3=no + INCLUDE_sqlite3= + LIB_sqlite3= + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test "X$with_sqlite3" != Xyes ; then + INCLUDE_sqlite3="-I\$(top_srcdir)/lib/sqlite" + LIB_sqlite3="\$(top_builddir)/lib/sqlite/libheimsqlite.la" +fi + if test "X$with_sqlite3" = Xyes; then + SQLITE3_TRUE= + SQLITE3_FALSE='#' +else + SQLITE3_TRUE='#' + SQLITE3_FALSE= +fi + + + +$as_echo "#define HAVE_SQLITE3 1" >>confdefs.h + + +# Check whether --enable-sqlite-cache was given. +if test "${enable_sqlite_cache+set}" = set; then : + enableval=$enable_sqlite_cache; +fi + +if test "$enable_sqlite_cache" != no; then + +$as_echo "#define HAVE_SCC 1" >>confdefs.h + +fi + if test "$enable_sqlite_cache" != no; then + have_scc_TRUE= + have_scc_FALSE='#' +else + have_scc_TRUE='#' + have_scc_FALSE= +fi + + + + + +# Check whether --with-libintl was given. +if test "${with_libintl+set}" = set; then : + withval=$with_libintl; +fi + + +# Check whether --with-libintl-lib was given. +if test "${with_libintl_lib+set}" = set; then : + withval=$with_libintl_lib; if test "$withval" = "yes" -o "$withval" = "no"; then + as_fn_error "No argument for --with-libintl-lib" "$LINENO" 5 +elif test "X$with_libintl" = "X"; then + with_libintl=yes +fi +fi + + +# Check whether --with-libintl-include was given. +if test "${with_libintl_include+set}" = set; then : + withval=$with_libintl_include; if test "$withval" = "yes" -o "$withval" = "no"; then + as_fn_error "No argument for --with-libintl-include" "$LINENO" 5 +elif test "X$with_libintl" = "X"; then + with_libintl=yes +fi +fi + + +# Check whether --with-libintl-config was given. +if test "${with_libintl_config+set}" = set; then : + withval=$with_libintl_config; +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libintl" >&5 +$as_echo_n "checking for libintl... " >&6; } + +case "$with_libintl" in +yes|"") d='' ;; +no) d= ;; +*) d="$with_libintl" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_libintl_include" = ""; then + if test -d "$i/include/libintl"; then + header_dirs="$header_dirs $i/include/libintl" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_libintl_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_libintl_include"; then + header_dirs="$with_libintl_include $header_dirs" +fi +if test "$with_libintl_lib"; then + lib_dirs="$with_libintl_lib $lib_dirs" +fi + +if test "$with_libintl_config" = ""; then + with_libintl_config='' +fi + +libintl_cflags= +libintl_libs= + +case "$with_libintl_config" in +yes|no|""|"") + if test -f $with_libintl/bin/ ; then + with_libintl_config=$with_libintl/bin/ + fi + ;; +esac + +case "$with_libintl_config" in +yes|no|"") + ;; +*) + libintl_cflags="`$with_libintl_config --cflags 2>&1`" + libintl_libs="`$with_libintl_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_libintl" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$libintl_cflags" -a "$libintl_libs"; then + CFLAGS="$libintl_cflags $save_CFLAGS" + LIBS="$libintl_libs $save_LIBS" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + INCLUDE_libintl="$libintl_cflags" + LIB_libintl="$libintl_libs" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: from $with_libintl_config" >&5 +$as_echo "from $with_libintl_config" >&6; } + found=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ires=$i;break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done + for i in $lib_dirs; do + LIBS="-L$i -lintl $save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lres=$i;break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done + if test "$ires" -a "$lres" -a "$with_libintl" != "no"; then + INCLUDE_libintl="-I$ires" + LIB_libintl="-L$lres -lintl " + found=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: headers $ires, libraries $lres" >&5 +$as_echo "headers $ires, libraries $lres" >&6; } + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + +cat >>confdefs.h <<_ACEOF +#define LIBINTL 1 +_ACEOF + + with_libintl=yes +else + with_libintl=no + INCLUDE_libintl= + LIB_libintl= + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + # Check whether --with-hdbdir was given. -if test "${with_hdbdir+set}" = set; then +if test "${with_hdbdir+set}" = set; then : withval=$with_hdbdir; else with_hdbdir=/var/heimdal @@ -20628,27 +13819,27 @@ fi -cat >>confdefs.h <<\_ACEOF -#define KRB5 1 -_ACEOF +$as_echo "#define SUPPORT_INETD 1" >>confdefs.h + + + +$as_echo "#define KRB5 1" >>confdefs.h crypto_lib=unknown # Check whether --with-openssl was given. -if test "${with_openssl+set}" = set; then +if test "${with_openssl+set}" = set; then : withval=$with_openssl; fi # Check whether --with-openssl-lib was given. -if test "${with_openssl_lib+set}" = set; then +if test "${with_openssl_lib+set}" = set; then : withval=$with_openssl_lib; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openssl-lib" >&5 -echo "$as_me: error: No argument for --with-openssl-lib" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-openssl-lib" "$LINENO" 5 elif test "X$with_openssl" = "X"; then with_openssl=yes fi @@ -20657,11 +13848,9 @@ fi # Check whether --with-openssl-include was given. -if test "${with_openssl_include+set}" = set; then +if test "${with_openssl_include+set}" = set; then : withval=$with_openssl_include; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-openssl-include" >&5 -echo "$as_me: error: No argument for --with-openssl-include" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-openssl-include" "$LINENO" 5 elif test "X$with_openssl" = "X"; then with_openssl=yes fi @@ -20684,8 +13873,8 @@ esac DIR_hcrypto= -{ echo "$as_me:$LINENO: checking for crypto library" >&5 -echo $ECHO_N "checking for crypto library... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypto library" >&5 +$as_echo_n "checking for crypto library... " >&6; } openssl=no @@ -20707,11 +13896,7 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then for j in $cdirs; do for k in $clibs; do LIBS="$j $k $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #undef KRB5 /* makes md4.h et al unhappy */ @@ -20726,6 +13911,7 @@ cat >>conftest.$ac_ext <<_ACEOF #include #include #include + #include #include #include #include @@ -20749,19 +13935,20 @@ main () { void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - SHA256_CTX sha256; + EVP_MD_CTX mdctx; - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - SHA256_Init(&sha256); + EVP_md4(); + EVP_md5(); + EVP_sha1(); + EVP_sha256(); + + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, EVP_sha1(), (ENGINE *)0); EVP_CIPHER_iv_length(((EVP_CIPHER*)0)); - #ifdef HAVE_OPENSSL - RAND_status(); UI_UTIL_read_pw_string(0,0,0,0); + RAND_status(); + #ifdef HAVE_OPENSSL + EC_KEY_new(); #endif OpenSSL_add_all_algorithms(); @@ -20772,45 +13959,18 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : openssl=yes ires="$i" lres="$j $k"; break 3 -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done done CFLAGS="$i $save_CFLAGS" for j in $cdirs; do for k in $clibs; do LIBS="$j $k $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #undef KRB5 /* makes md4.h et al unhappy */ @@ -20825,6 +13985,7 @@ cat >>conftest.$ac_ext <<_ACEOF #include #include #include + #include #include #include #include @@ -20848,19 +14009,20 @@ main () { void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - SHA256_CTX sha256; + EVP_MD_CTX mdctx; - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - SHA256_Init(&sha256); + EVP_md4(); + EVP_md5(); + EVP_sha1(); + EVP_sha256(); + + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, EVP_sha1(), (ENGINE *)0); EVP_CIPHER_iv_length(((EVP_CIPHER*)0)); - #ifdef HAVE_OPENSSL - RAND_status(); UI_UTIL_read_pw_string(0,0,0,0); + RAND_status(); + #ifdef HAVE_OPENSSL + EC_KEY_new(); #endif OpenSSL_add_all_algorithms(); @@ -20871,34 +14033,11 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : openssl=no ires="$i" lres="$j $k"; break 3 -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done done done @@ -20909,8 +14048,8 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ INCLUDE_hcrypto="$ires" LIB_hcrypto="$lres" crypto_lib=krb4 - { echo "$as_me:$LINENO: result: same as krb4" >&5 -echo "${ECHO_T}same as krb4" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: same as krb4" >&5 +$as_echo "same as krb4" >&6; } LIB_hcrypto_a='$(LIB_hcrypto)' LIB_hcrypto_so='$(LIB_hcrypto)' LIB_hcrypto_appl='$(LIB_hcrypto)' @@ -20936,11 +14075,7 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then LIB_hcrypto_so="$LIB_hcrypto" LIB_hcrypto_appl="$LIB_hcrypto" LIBS="${LIBS} ${LIB_hcrypto}" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #undef KRB5 /* makes md4.h et al unhappy */ @@ -20955,6 +14090,7 @@ cat >>conftest.$ac_ext <<_ACEOF #include #include #include + #include #include #include #include @@ -20978,19 +14114,20 @@ main () { void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - SHA256_CTX sha256; + EVP_MD_CTX mdctx; - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - SHA256_Init(&sha256); + EVP_md4(); + EVP_md5(); + EVP_sha1(); + EVP_sha256(); + + EVP_MD_CTX_init(&mdctx); + EVP_DigestInit_ex(&mdctx, EVP_sha1(), (ENGINE *)0); EVP_CIPHER_iv_length(((EVP_CIPHER*)0)); - #ifdef HAVE_OPENSSL - RAND_status(); UI_UTIL_read_pw_string(0,0,0,0); + RAND_status(); + #ifdef HAVE_OPENSSL + EC_KEY_new(); #endif OpenSSL_add_all_algorithms(); @@ -21001,38 +14138,15 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : crypto_lib=libcrypto openssl=yes - { echo "$as_me:$LINENO: result: libcrypto" >&5 -echo "${ECHO_T}libcrypto" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - + { $as_echo "$as_me:${as_lineno-$LINENO}: result: libcrypto" >&5 +$as_echo "libcrypto" >&6; } fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$crypto_lib" = libcrypto ; then break; fi @@ -21049,26 +14163,20 @@ if test "$crypto_lib" = "unknown"; then LIB_hcrypto_so='$(top_builddir)/lib/hcrypto/.libs/libhcrypto.so' LIB_hcrypto_appl="-lhcrypto" - { echo "$as_me:$LINENO: result: included libhcrypto" >&5 -echo "${ECHO_T}included libhcrypto" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: included libhcrypto" >&5 +$as_echo "included libhcrypto" >&6; } fi if test "$with_krb4" != no -a "$crypto_lib" != krb4; then - { { echo "$as_me:$LINENO: error: the crypto library used by krb4 lacks features + as_fn_error "the crypto library used by krb4 lacks features required by Kerberos 5; to continue, you need to install a newer -Kerberos 4 or configure --without-krb4" >&5 -echo "$as_me: error: the crypto library used by krb4 lacks features -required by Kerberos 5; to continue, you need to install a newer -Kerberos 4 or configure --without-krb4" >&2;} - { (exit 1); exit 1; }; } +Kerberos 4 or configure --without-krb4" "$LINENO" 5 fi if test "$openssl" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_OPENSSL 1 -_ACEOF +$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h fi if test "$openssl" = yes; then @@ -21088,11 +14196,11 @@ fi -{ echo "$as_me:$LINENO: checking if compiling threadsafe libraries" >&5 -echo $ECHO_N "checking if compiling threadsafe libraries... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiling threadsafe libraries" >&5 +$as_echo_n "checking if compiling threadsafe libraries... " >&6; } # Check whether --enable-pthread-support was given. -if test "${enable_pthread_support+set}" = set; then +if test "${enable_pthread_support+set}" = set; then : enableval=$enable_pthread_support; else enable_pthread_support=maybe @@ -21103,35 +14211,51 @@ case "$host" in *-*-solaris2*) native_pthread_support=yes if test "$GCC" = yes; then - PTHREADS_CFLAGS=-pthreads - PTHREADS_LIBS=-pthreads + PTHREAD_CFLAGS=-pthreads + PTHREAD_LIBADD=-pthreads else - PTHREADS_CFLAGS=-mt - PTHREADS_LIBS=-mt + PTHREAD_CFLAGS=-mt + PTHREAD_LDADD=-mt + PTHREAD_LIBADD=-mt fi ;; -*-*-netbsd*) +*-*-netbsd[12]*) native_pthread_support="if running netbsd 1.6T or newer" - PTHREADS_LIBS="" + PTHREAD_LIBADD="-lpthread" ;; -*-*-freebsd5*) +*-*-netbsd[3456789]*) + native_pthread_support="netbsd 3 uses explict pthread" + PTHREAD_LIBADD="-lpthread" + ;; +*-*-freebsd[56789]*) native_pthread_support=yes + PTHREAD_LIBADD="-pthread" + ;; +*-*-openbsd*) + native_pthread_support=yes + PTHREAD_CFLAGS=-pthread + PTHREAD_LIBADD=-pthread ;; *-*-linux* | *-*-linux-gnu) case `uname -r` in - 2.*) + 2.*|3.*) native_pthread_support=yes - PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_CFLAGS=-pthread + PTHREAD_LIBADD=-pthread ;; esac ;; +*-*-kfreebsd*-gnu*) + native_pthread_support=yes + PTHREAD_CFLAGS=-pthread + PTHREAD_LIBADD=-pthread + ;; *-*-aix*) native_pthread_support=no ;; mips-sgi-irix6.[5-9]) # maybe works for earlier versions too native_pthread_support=yes - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; *-*-darwin*) native_pthread_support=yes @@ -21147,33 +14271,30 @@ fi if test "$enable_pthread_support" != no; then -cat >>confdefs.h <<\_ACEOF -#define ENABLE_PTHREAD_SUPPORT 1 -_ACEOF +$as_echo "#define ENABLE_PTHREAD_SUPPORT 1" >>confdefs.h - LIBS="$PTHREADS_LIBS $LIBS" + LIBS="$PTHREAD_LIBADD $LIBS" else - PTHREADS_CFLAGS="" - PTHREADS_LIBS="" + PTHREAD_CFLAGS="" + PTHREAD_LIBADD="" fi -{ echo "$as_me:$LINENO: result: $enable_pthread_support" >&5 -echo "${ECHO_T}$enable_pthread_support" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_pthread_support" >&5 +$as_echo "$enable_pthread_support" >&6; } # Check whether --enable-dce was given. -if test "${enable_dce+set}" = set; then +if test "${enable_dce+set}" = set; then : enableval=$enable_dce; fi if test "$enable_dce" = yes; then -cat >>confdefs.h <<\_ACEOF -#define DCE 1 -_ACEOF +$as_echo "#define DCE 1" >>confdefs.h fi if test "$enable_dce" = yes; then @@ -21200,28 +14321,39 @@ fi # Check whether --enable-afs-support was given. -if test "${enable_afs_support+set}" = set; then +if test "${enable_afs_support+set}" = set; then : enableval=$enable_afs_support; fi if test "$enable_afs_support" = no; then -cat >>confdefs.h <<\_ACEOF -#define NO_AFS 1 -_ACEOF +$as_echo "#define NO_AFS 1" >>confdefs.h + NO_AFS="1" fi -# Check whether --enable-berkeley-db was given. -if test "${enable_berkeley_db+set}" = set; then - enableval=$enable_berkeley_db; +# Check whether --with-berkeley-db was given. +if test "${with_berkeley_db+set}" = set; then : + withval=$with_berkeley_db; +else + with_berkeley_db=check +fi + + +dbheader="" + +# Check whether --with-berkeley-db-include was given. +if test "${with_berkeley_db_include+set}" = set; then : + withval=$with_berkeley_db_include; dbheader=$withval +else + with_berkeley_db_include=check fi # Check whether --enable-ndbm-db was given. -if test "${enable_ndbm_db+set}" = set; then +if test "${enable_ndbm_db+set}" = set; then : enableval=$enable_ndbm_db; fi @@ -21230,175 +14362,70 @@ fi have_ndbm=no db_type=unknown -if test "$enable_berkeley_db" != no; then - - - - - -for ac_header in \ - db4/db.h \ - db3/db.h \ - db.h \ - db_185.h \ - -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +if test "x$with_berkeley_db" != xno; then : + if test "x$with_berkeley_db_include" != xcheck; then : + for ac_header in "$dbheader/db.h" +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + DBHEADER=$dbheader + + +$as_echo "#define HAVE_DBHEADER 1" >>confdefs.h + + +else + if test "x$with_berkeley_db_include" != xcheck; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "--with-berkeley-db-include was given but include test failed +See \`config.log' for more details." "$LINENO" 5; } + fi + +fi + +done + +else + for ac_header in \ + db5/db.h \ + db4/db.h \ + db3/db.h \ + db.h \ + +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done +fi -{ echo "$as_me:$LINENO: checking for db_create" >&5 -echo $ECHO_N "checking for db_create... $ECHO_C" >&6; } -if test "${ac_cv_funclib_db_create+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for db_create" >&5 +$as_echo_n "checking for db_create... " >&6; } +if test "${ac_cv_funclib_db_create+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_db_create\" != yes" ; then ac_save_LIBS="$LIBS" - for ac_lib in "" db4 db3 db; do + for ac_lib in "" $dbheader db5 db4 db3 db; do case "$ac_lib" in "") ;; yes) ac_lib="" ;; @@ -21407,15 +14434,15 @@ if eval "test \"\$ac_cv_func_db_create\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - #ifdef HAVE_DB4_DB_H + #ifdef HAVE_DBHEADER + #include <$dbheader/db.h> + #elif HAVE_DB5_DB_H + #include + #elif HAVE_DB4_DB_H #include #elif defined(HAVE_DB3_DB_H) #include @@ -21431,34 +14458,11 @@ db_create(NULL, NULL, 0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_db_create=$ac_lib; else ac_cv_funclib_db_create=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_db_create=\${ac_cv_funclib_db_create-no}" LIBS="$ac_save_LIBS" @@ -21470,95 +14474,12 @@ fi eval "ac_res=\$ac_cv_funclib_db_create" if false; then - -for ac_func in db_create -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in db_create +do : + ac_fn_c_check_func "$LINENO" "db_create" "ac_cv_func_db_create" +if test "x$ac_cv_func_db_create" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DB_CREATE 1 _ACEOF fi @@ -21578,14 +14499,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_db_create=no" eval "LIB_db_create=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_db_create=yes" @@ -21598,8 +14519,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -21613,20 +14534,18 @@ esac DBLIB="" fi -cat >>confdefs.h <<\_ACEOF -#define HAVE_DB3 1 -_ACEOF +$as_echo "#define HAVE_DB3 1" >>confdefs.h - else + fi -{ echo "$as_me:$LINENO: checking for dbopen" >&5 -echo $ECHO_N "checking for dbopen... $ECHO_C" >&6; } -if test "${ac_cv_funclib_dbopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dbopen" >&5 +$as_echo_n "checking for dbopen... " >&6; } +if test "${ac_cv_funclib_dbopen+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then @@ -21640,23 +14559,17 @@ if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - #include - #if defined(HAVE_DB2_DB_H) - #include - #elif defined(HAVE_DB_185_H) - #include - #elif defined(HAVE_DB_H) - #include - #else - #error no db.h - #endif + #include + #if defined(HAVE_DB2_DB_H) + #include + #elif defined(HAVE_DB_H) + #include + #else + #error no db.h + #endif int main () @@ -21666,34 +14579,11 @@ dbopen(NULL, 0, 0, 0, NULL) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}" LIBS="$ac_save_LIBS" @@ -21705,95 +14595,12 @@ fi eval "ac_res=\$ac_cv_funclib_dbopen" if false; then - -for ac_func in dbopen -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in dbopen +do : + ac_fn_c_check_func "$LINENO" "dbopen" "ac_cv_func_dbopen" +if test "x$ac_cv_func_dbopen" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DBOPEN 1 _ACEOF fi @@ -21813,14 +14620,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_dbopen=no" eval "LIB_dbopen=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_dbopen=yes" @@ -21833,36 +14640,33 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac - if test "$ac_cv_func_dbopen" = "yes"; then - db_type=db1 - if test "$ac_cv_funclib_dbopen" != "yes"; then - DBLIB="$ac_cv_funclib_dbopen" - else - DBLIB="" - fi - -cat >>confdefs.h <<\_ACEOF -#define HAVE_DB1 1 -_ACEOF - + if test "$ac_cv_func_dbopen" = "yes"; then + db_type=db1 + if test "$ac_cv_funclib_dbopen" != "yes"; then + DBLIB="$ac_cv_funclib_dbopen" + else + DBLIB="" fi + +$as_echo "#define HAVE_DB1 1" >>confdefs.h + fi if test "$ac_cv_func_dbm_firstkey" != yes; then -{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5 -echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; } -if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dbm_firstkey" >&5 +$as_echo_n "checking for dbm_firstkey... " >&6; } +if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then @@ -21876,11 +14680,7 @@ if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -21896,34 +14696,11 @@ dbm_firstkey(NULL) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}" LIBS="$ac_save_LIBS" @@ -21935,95 +14712,12 @@ fi eval "ac_res=\$ac_cv_funclib_dbm_firstkey" if false; then - -for ac_func in dbm_firstkey -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in dbm_firstkey +do : + ac_fn_c_check_func "$LINENO" "dbm_firstkey" "ac_cv_func_dbm_firstkey" +if test "x$ac_cv_func_dbm_firstkey" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DBM_FIRSTKEY 1 _ACEOF fi @@ -22043,14 +14737,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_dbm_firstkey=no" eval "LIB_dbm_firstkey=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_dbm_firstkey=yes" @@ -22063,8 +14757,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -22077,14 +14771,10 @@ esac LIB_NDBM="" fi -cat >>confdefs.h <<\_ACEOF -#define HAVE_DB_NDBM 1 -_ACEOF +$as_echo "#define HAVE_DB_NDBM 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define HAVE_NEW_DB 1 -_ACEOF +$as_echo "#define HAVE_NEW_DB 1" >>confdefs.h else $as_unset ac_cv_func_dbm_firstkey @@ -22092,155 +14782,24 @@ _ACEOF fi fi -fi # berkeley db + +fi # fi berkeley db if test "$enable_ndbm_db" != "no"; then if test "$db_type" = "unknown" -o "$ac_cv_func_dbm_firstkey" = ""; then - - -for ac_header in \ + for ac_header in \ dbm.h \ ndbm.h \ -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -22251,10 +14810,10 @@ done -{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5 -echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; } -if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dbm_firstkey" >&5 +$as_echo_n "checking for dbm_firstkey... " >&6; } +if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then @@ -22268,11 +14827,7 @@ if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -22291,34 +14846,11 @@ dbm_firstkey(NULL) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}" LIBS="$ac_save_LIBS" @@ -22330,95 +14862,12 @@ fi eval "ac_res=\$ac_cv_funclib_dbm_firstkey" if false; then - -for ac_func in dbm_firstkey -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in dbm_firstkey +do : + ac_fn_c_check_func "$LINENO" "dbm_firstkey" "ac_cv_func_dbm_firstkey" +if test "x$ac_cv_func_dbm_firstkey" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DBM_FIRSTKEY 1 _ACEOF fi @@ -22438,14 +14887,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_dbm_firstkey=no" eval "LIB_dbm_firstkey=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_dbm_firstkey=yes" @@ -22458,8 +14907,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -22472,9 +14921,7 @@ esac LIB_NDBM="" fi -cat >>confdefs.h <<\_ACEOF -#define HAVE_NDBM 1 -_ACEOF +$as_echo "#define HAVE_NDBM 1" >>confdefs.h have_ndbm=yes if test "$db_type" = "unknown"; then db_type=ndbm @@ -22485,147 +14932,16 @@ _ACEOF $as_unset ac_cv_func_dbm_firstkey $as_unset ac_cv_funclib_dbm_firstkey - -for ac_header in \ + for ac_header in \ gdbm/ndbm.h \ -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -22636,10 +14952,10 @@ done -{ echo "$as_me:$LINENO: checking for dbm_firstkey" >&5 -echo $ECHO_N "checking for dbm_firstkey... $ECHO_C" >&6; } -if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dbm_firstkey" >&5 +$as_echo_n "checking for dbm_firstkey... " >&6; } +if test "${ac_cv_funclib_dbm_firstkey+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then @@ -22653,11 +14969,7 @@ if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -22672,34 +14984,11 @@ dbm_firstkey(NULL) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}" LIBS="$ac_save_LIBS" @@ -22711,95 +15000,12 @@ fi eval "ac_res=\$ac_cv_funclib_dbm_firstkey" if false; then - -for ac_func in dbm_firstkey -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in dbm_firstkey +do : + ac_fn_c_check_func "$LINENO" "dbm_firstkey" "ac_cv_func_dbm_firstkey" +if test "x$ac_cv_func_dbm_firstkey" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DBM_FIRSTKEY 1 _ACEOF fi @@ -22819,14 +15025,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_dbm_firstkey=no" eval "LIB_dbm_firstkey=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_dbm_firstkey=yes" @@ -22839,8 +15045,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -22853,9 +15059,7 @@ esac LIB_NDBM="" fi -cat >>confdefs.h <<\_ACEOF -#define HAVE_NDBM 1 -_ACEOF +$as_echo "#define HAVE_NDBM 1" >>confdefs.h have_ndbm=yes if test "$db_type" = "unknown"; then db_type=ndbm @@ -22867,20 +15071,13 @@ _ACEOF fi # unknown if test "$have_ndbm" = "yes"; then - { echo "$as_me:$LINENO: checking if ndbm is implemented with db" >&5 -echo $ECHO_N "checking if ndbm is implemented with db... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot run test program while cross compiling -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if ndbm is implemented with db" >&5 +$as_echo_n "checking if ndbm is implemented with db... " >&6; } + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no-cross" >&5 +$as_echo "no-cross" >&6; } else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -22903,52 +15100,26 @@ int main(int argc, char **argv) return 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : if test -f conftest.db; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } -cat >>confdefs.h <<\_ACEOF -#define HAVE_NEW_DB 1 -_ACEOF +$as_echo "#define HAVE_NEW_DB 1" >>confdefs.h else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -{ echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi if test "$db_type" = db1; then @@ -22972,6 +15143,13 @@ else HAVE_NDBM_TRUE='#' HAVE_NDBM_FALSE= fi + if test "$dbheader" != ""; then + HAVE_DBHEADER_TRUE= + HAVE_DBHEADER_FALSE='#' +else + HAVE_DBHEADER_TRUE='#' + HAVE_DBHEADER_FALSE= +fi ## it's probably not correct to include LDFLAGS here, but we might ## need it, for now just add any possible -L @@ -22986,19 +15164,14 @@ DBLIB="$z $DBLIB" - -{ echo "$as_me:$LINENO: checking for inline" >&5 -echo $ECHO_N "checking for inline... $ECHO_C" >&6; } -if test "${ac_cv_c_inline+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if test "${ac_cv_c_inline+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; @@ -23007,39 +15180,16 @@ $ac_kw foo_t foo () {return 0; } #endif _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_inline=$ac_kw -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5 -echo "${ECHO_T}$ac_cv_c_inline" >&6; } - +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; @@ -23056,16 +15206,12 @@ _ACEOF ;; esac -{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 -echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; } -if test "${ac_cv_c_const+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +$as_echo_n "checking for an ANSI C-conforming const... " >&6; } +if test "${ac_cv_c_const+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -23125,98 +15271,24 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_c_const=no + ac_cv_c_const=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 -echo "${ECHO_T}$ac_cv_c_const" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +$as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then -cat >>confdefs.h <<\_ACEOF -#define const -_ACEOF +$as_echo "#define const /**/" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking for size_t" >&5 -echo $ECHO_N "checking for size_t... $ECHO_C" >&6; } -if test "${ac_cv_type_size_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef size_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_size_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = x""yes; then : - ac_cv_type_size_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5 -echo "${ECHO_T}$ac_cv_type_size_t" >&6; } -if test $ac_cv_type_size_t = yes; then - : else cat >>confdefs.h <<_ACEOF @@ -23225,61 +15297,9 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for pid_t" >&5 -echo $ECHO_N "checking for pid_t... $ECHO_C" >&6; } -if test "${ac_cv_type_pid_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef pid_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_pid_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = x""yes; then : - ac_cv_type_pid_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5 -echo "${ECHO_T}$ac_cv_type_pid_t" >&6; } -if test $ac_cv_type_pid_t = yes; then - : else cat >>confdefs.h <<_ACEOF @@ -23288,22 +15308,18 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5 -echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6; } -if test "${ac_cv_type_uid_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 +$as_echo_n "checking for uid_t in sys/types.h... " >&6; } +if test "${ac_cv_type_uid_t+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1; then + $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no @@ -23311,32 +15327,24 @@ fi rm -f conftest* fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5 -echo "${ECHO_T}$ac_cv_type_uid_t" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 +$as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then -cat >>confdefs.h <<\_ACEOF -#define uid_t int -_ACEOF +$as_echo "#define uid_t int" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define gid_t int -_ACEOF +$as_echo "#define gid_t int" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking return type of signal handlers" >&5 -echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6; } -if test "${ac_cv_type_signal+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 +$as_echo_n "checking return type of signal handlers... " >&6; } +if test "${ac_cv_type_signal+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -23349,35 +15357,15 @@ return *(signal (0, 0)) (0) == 1; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_signal=int else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_signal=void + ac_cv_type_signal=void fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5 -echo "${ECHO_T}$ac_cv_type_signal" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 +$as_echo "$ac_cv_type_signal" >&6; } cat >>confdefs.h <<_ACEOF #define RETSIGTYPE $ac_cv_type_signal @@ -23386,25 +15374,18 @@ _ACEOF if test "$ac_cv_type_signal" = "void" ; then -cat >>confdefs.h <<\_ACEOF -#define VOID_RETSIGTYPE 1 -_ACEOF +$as_echo "#define VOID_RETSIGTYPE 1" >>confdefs.h fi - -{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5 -echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; } -if test "${ac_cv_header_time+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 +$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } +if test "${ac_cv_header_time+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -23419,183 +15400,28 @@ return 0; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_time=no + ac_cv_header_time=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5 -echo "${ECHO_T}$ac_cv_header_time" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 +$as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then -cat >>confdefs.h <<\_ACEOF -#define TIME_WITH_SYS_TIME 1 -_ACEOF +$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi - for ac_header in standards.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + ac_fn_c_check_header_mongrel "$LINENO" "standards.h" "ac_cv_header_standards_h" "$ac_includes_default" +if test "x$ac_cv_header_standards_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_STANDARDS_H 1 _ACEOF fi @@ -23606,16 +15432,12 @@ for i in netinet/ip.h netinet/tcp.h; do cv=`echo "$i" | sed 'y%./+-%__p_%'` -{ echo "$as_me:$LINENO: checking for $i" >&5 -echo $ECHO_N "checking for $i... $ECHO_C" >&6; } -if { as_var=ac_cv_header_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $i" >&5 +$as_echo_n "checking for $i... " >&6; } +if { as_var=ac_cv_header_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_STANDARDS_H @@ -23624,35 +15446,16 @@ cat >>conftest.$ac_ext <<_ACEOF #include <$i> _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then +if ac_fn_c_try_cpp "$LINENO"; then : eval "ac_cv_header_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - eval "ac_cv_header_$cv=no" fi - rm -f conftest.err conftest.$ac_ext fi -ac_res=`eval echo '${'ac_cv_header_$cv'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } +eval ac_res=\$ac_cv_header_$cv + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } ac_res=`eval echo \\$ac_cv_header_$cv` if test "$ac_res" = yes; then ac_tr_hdr=HAVE_`echo $i | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` @@ -23663,146 +15466,14 @@ _ACEOF fi done if false;then - - -for ac_header in netinet/ip.h netinet/tcp.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then + for ac_header in netinet/ip.h netinet/tcp.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -23812,106 +15483,24 @@ done fi - - for ac_func in getlogin setlogin -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test "$ac_cv_func_getlogin" = yes; then -{ echo "$as_me:$LINENO: checking if getlogin is posix" >&5 -echo $ECHO_N "checking if getlogin is posix... $ECHO_C" >&6; } -if test "${ac_cv_func_getlogin_posix+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getlogin is posix" >&5 +$as_echo_n "checking if getlogin is posix... " >&6; } +if test "${ac_cv_func_getlogin_posix+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then @@ -23921,157 +15510,27 @@ else fi fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getlogin_posix" >&5 -echo "${ECHO_T}$ac_cv_func_getlogin_posix" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getlogin_posix" >&5 +$as_echo "$ac_cv_func_getlogin_posix" >&6; } if test "$ac_cv_func_getlogin_posix" = yes; then -cat >>confdefs.h <<\_ACEOF -#define POSIX_GETLOGIN 1 -_ACEOF +$as_echo "#define POSIX_GETLOGIN 1" >>confdefs.h fi fi -for ac_header in stdlib.h unistd.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then + for ac_header in $ac_header_list +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -24079,112 +15538,32 @@ fi done + + + + + + for ac_func in getpagesize -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then +do : + ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" +if test "x$ac_cv_func_getpagesize" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETPAGESIZE 1 _ACEOF fi done -{ echo "$as_me:$LINENO: checking for working mmap" >&5 -echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; } -if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mmap" >&5 +$as_echo_n "checking for working mmap... " >&6; } +if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then : + $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : ac_cv_func_mmap_fixed_mapped=no else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default /* malloc might have been renamed as rpl_malloc. */ @@ -24221,11 +15600,6 @@ char *malloc (); /* This mess was copied from the GNU getpagesize.h. */ #ifndef HAVE_GETPAGESIZE -/* Assume that all systems that can run configure have sys/param.h. */ -# ifndef HAVE_SYS_PARAM_H -# define HAVE_SYS_PARAM_H 1 -# endif - # ifdef _SC_PAGESIZE # define getpagesize() sysconf(_SC_PAGESIZE) # else /* no _SC_PAGESIZE */ @@ -24261,7 +15635,7 @@ main () { char *data, *data2, *data3; int i, pagesize; - int fd; + int fd, fd2; pagesize = getpagesize (); @@ -24274,27 +15648,41 @@ main () umask (0); fd = creat ("conftest.mmap", 0600); if (fd < 0) - return 1; + return 2; if (write (fd, data, pagesize) != pagesize) - return 1; + return 3; close (fd); + /* Next, check that the tail of a page is zero-filled. File must have + non-zero length, otherwise we risk SIGBUS for entire page. */ + fd2 = open ("conftest.txt", O_RDWR | O_CREAT | O_TRUNC, 0600); + if (fd2 < 0) + return 4; + data2 = ""; + if (write (fd2, data2, 1) != 1) + return 5; + data2 = mmap (0, pagesize, PROT_READ | PROT_WRITE, MAP_SHARED, fd2, 0L); + if (data2 == MAP_FAILED) + return 6; + for (i = 0; i < pagesize; ++i) + if (*(data2 + i)) + return 7; + close (fd2); + if (munmap (data2, pagesize)) + return 8; + /* Next, try to mmap the file at a fixed address which already has something else allocated at it. If we can, also make sure that we see the same garbage. */ fd = open ("conftest.mmap", O_RDWR); if (fd < 0) - return 1; - data2 = (char *) malloc (2 * pagesize); - if (!data2) - return 1; - data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1); + return 9; if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED, fd, 0L)) - return 1; + return 10; for (i = 0; i < pagesize; ++i) if (*(data + i) != *(data2 + i)) - return 1; + return 11; /* Finally, make sure that changes to the mapped area do not percolate back to the file as seen by read(). (This is a bug on @@ -24303,77 +15691,47 @@ main () *(data2 + i) = *(data2 + i) + 1; data3 = (char *) malloc (pagesize); if (!data3) - return 1; + return 12; if (read (fd, data3, pagesize) != pagesize) - return 1; + return 13; for (i = 0; i < pagesize; ++i) if (*(data + i) != *(data3 + i)) - return 1; + return 14; close (fd); return 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_mmap_fixed_mapped=yes else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_mmap_fixed_mapped=no + ac_cv_func_mmap_fixed_mapped=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5 -echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_mmap_fixed_mapped" >&5 +$as_echo "$ac_cv_func_mmap_fixed_mapped" >&6; } if test $ac_cv_func_mmap_fixed_mapped = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_MMAP 1 -_ACEOF +$as_echo "#define HAVE_MMAP 1" >>confdefs.h fi -rm -f conftest.mmap +rm -f conftest.mmap conftest.txt -{ echo "$as_me:$LINENO: checking if realloc if broken" >&5 -echo $ECHO_N "checking if realloc if broken... $ECHO_C" >&6; } -if test "${ac_cv_func_realloc_broken+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if realloc if broken" >&5 +$as_echo_n "checking if realloc if broken... " >&6; } +if test "${ac_cv_func_realloc_broken+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_func_realloc_broken=no -if test "$cross_compiling" = yes; then +if test "$cross_compiling" = yes; then : : else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -24385,48 +15743,22 @@ int main(int argc, char **argv) } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : : else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_realloc_broken=yes + ac_cv_func_realloc_broken=yes fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_realloc_broken" >&5 -echo "${ECHO_T}$ac_cv_func_realloc_broken" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_broken" >&5 +$as_echo "$ac_cv_func_realloc_broken" >&6; } if test "$ac_cv_func_realloc_broken" = yes ; then -cat >>confdefs.h <<\_ACEOF -#define BROKEN_REALLOC 1 -_ACEOF +$as_echo "#define BROKEN_REALLOC 1" >>confdefs.h fi @@ -24435,7 +15767,6 @@ fi - DIR_roken=roken LIB_roken='$(top_builddir)/lib/roken/libroken.la' INCLUDES_roken='-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken' @@ -24449,13 +15780,17 @@ INCLUDES_roken='-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken' +$as_echo "#define rk_PATH_DELIM '/'" >>confdefs.h + + + # Check whether --enable-developer was given. -if test "${enable_developer+set}" = set; then +if test "${enable_developer+set}" = set; then : enableval=$enable_developer; fi @@ -24471,6 +15806,7 @@ if test -z "$WFLAGS" -a "$GCC" = "yes"; then # -Wcast-align doesn't work well on alpha osf/1 # -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast # -Wmissing-declarations -Wnested-externs + # -Wstrict-overflow=5 WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $dwflags" WFLAGS_NOUNUSED="-Wno-unused" WFLAGS_NOIMPLICITINT="-Wno-implicit-int" @@ -24484,16 +15820,12 @@ fi cv=`echo "ssize_t" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for ssize_t" >&5 -echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 +$as_echo_n "checking for ssize_t... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -24510,93 +15842,21 @@ ssize_t foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo ssize_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for ssize_t" >&5 -echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; } -if test "${ac_cv_type_ssize_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef ssize_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_ssize_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_ssize_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5 -echo "${ECHO_T}$ac_cv_type_ssize_t" >&6; } -if test $ac_cv_type_ssize_t = yes; then + ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" +if test "x$ac_cv_type_ssize_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SSIZE_T 1 @@ -24618,16 +15878,12 @@ fi cv=`echo "long long" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for long long" >&5 -echo $ECHO_N "checking for long long... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long" >&5 +$as_echo_n "checking for long long... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -24644,93 +15900,21 @@ long long foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for long long" >&5 -echo $ECHO_N "checking for long long... $ECHO_C" >&6; } -if test "${ac_cv_type_long_long+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef long long ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_long_long=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_long_long=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5 -echo "${ECHO_T}$ac_cv_type_long_long" >&6; } -if test $ac_cv_type_long_long = yes; then + ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" +if test "x$ac_cv_type_long_long" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LONG_LONG 1 @@ -24753,45 +15937,6 @@ fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - for ac_header in \ arpa/inet.h \ config.h \ @@ -24811,6 +15956,7 @@ for ac_header in \ poll.h \ pwd.h \ rpcsvc/ypclnt.h \ + search.h \ shadow.h \ stdint.h \ sys/bswap.h \ @@ -24828,148 +15974,20 @@ for ac_header in \ sys/wait.h \ syslog.h \ termios.h \ + winsock2.h \ + ws2tcpip.h \ unistd.h \ userconf.h \ usersec.h \ util.h \ -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -24980,16 +15998,12 @@ done cv=`echo "uintptr_t" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for uintptr_t" >&5 -echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintptr_t" >&5 +$as_echo_n "checking for uintptr_t... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -25008,93 +16022,21 @@ uintptr_t foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo uintptr_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for uintptr_t" >&5 -echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; } -if test "${ac_cv_type_uintptr_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef uintptr_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_uintptr_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_uintptr_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uintptr_t" >&5 -echo "${ECHO_T}$ac_cv_type_uintptr_t" >&6; } -if test $ac_cv_type_uintptr_t = yes; then + ac_fn_c_check_type "$LINENO" "uintptr_t" "ac_cv_type_uintptr_t" "$ac_includes_default" +if test "x$ac_cv_type_uintptr_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINTPTR_T 1 @@ -25112,62 +16054,17 @@ _ACEOF fi - for ac_header in vis.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +do : + ac_fn_c_check_header_compile "$LINENO" "vis.h" "ac_cv_header_vis_h" " #include #ifndef VIS_SP #error invis #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_vis_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_VIS_H 1 _ACEOF fi @@ -25175,62 +16072,17 @@ fi done - for ac_header in netdb.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "$ac_includes_default #ifdef HAVE_SYS_TYPES_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_netdb_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_NETDB_H 1 _ACEOF fi @@ -25238,62 +16090,17 @@ fi done - for ac_header in sys/socket.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$ac_includes_default #ifdef HAVE_SYS_TYPES_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_sys_socket_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_SOCKET_H 1 _ACEOF fi @@ -25301,64 +16108,19 @@ fi done - for ac_header in net/if.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" "$ac_includes_default #ifdef HAVE_SYS_TYPES_H #include #endif #if HAVE_SYS_SOCKET_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_net_if_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_NET_IF_H 1 _ACEOF fi @@ -25366,22 +16128,9 @@ fi done - for ac_header in netinet6/in6_var.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "netinet6/in6_var.h" "ac_cv_header_netinet6_in6_var_h" "$ac_includes_default #ifdef HAVE_SYS_TYPES_H #include #endif @@ -25392,42 +16141,10 @@ $ac_includes_default #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_netinet6_in6_var_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_NETINET6_IN6_VAR_H 1 _ACEOF fi @@ -25435,62 +16152,17 @@ fi done - for ac_header in sys/sysctl.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "sys/sysctl.h" "ac_cv_header_sys_sysctl_h" "$ac_includes_default #ifdef HAVE_SYS_PARAM_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_sys_sysctl_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_SYSCTL_H 1 _ACEOF fi @@ -25498,62 +16170,17 @@ fi done - for ac_header in sys/proc.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "sys/proc.h" "ac_cv_header_sys_proc_h" "$ac_includes_default #ifdef HAVE_SYS_PARAM_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_sys_proc_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_PROC_H 1 _ACEOF fi @@ -25579,6 +16206,14 @@ else have_ifaddrs_h_FALSE= fi + if test "$ac_cv_header_search_h" = yes; then + have_search_h_TRUE= + have_search_h_FALSE='#' +else + have_search_h_TRUE='#' + have_search_h_FALSE= +fi + if test "$ac_cv_header_vis_h" = yes; then have_vis_h_TRUE= have_vis_h_FALSE='#' @@ -25593,10 +16228,10 @@ fi -{ echo "$as_me:$LINENO: checking for socket" >&5 -echo $ECHO_N "checking for socket... $ECHO_C" >&6; } -if test "${ac_cv_funclib_socket+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket" >&5 +$as_echo_n "checking for socket... " >&6; } +if test "${ac_cv_funclib_socket+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_socket\" != yes" ; then @@ -25610,11 +16245,7 @@ if eval "test \"\$ac_cv_func_socket\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -25625,34 +16256,11 @@ socket() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}" LIBS="$ac_save_LIBS" @@ -25664,95 +16272,12 @@ fi eval "ac_res=\$ac_cv_funclib_socket" if false; then - -for ac_func in socket -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in socket +do : + ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" +if test "x$ac_cv_func_socket" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_SOCKET 1 _ACEOF fi @@ -25772,14 +16297,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_socket=no" eval "LIB_socket=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_socket=yes" @@ -25792,8 +16317,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -25806,10 +16331,10 @@ fi -{ echo "$as_me:$LINENO: checking for gethostbyname" >&5 -echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6; } -if test "${ac_cv_funclib_gethostbyname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname" >&5 +$as_echo_n "checking for gethostbyname... " >&6; } +if test "${ac_cv_funclib_gethostbyname+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then @@ -25823,11 +16348,7 @@ if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -25838,34 +16359,11 @@ gethostbyname() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}" LIBS="$ac_save_LIBS" @@ -25877,95 +16375,12 @@ fi eval "ac_res=\$ac_cv_funclib_gethostbyname" if false; then - -for ac_func in gethostbyname -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in gethostbyname +do : + ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" +if test "x$ac_cv_func_gethostbyname" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETHOSTBYNAME 1 _ACEOF fi @@ -25985,14 +16400,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_gethostbyname=no" eval "LIB_gethostbyname=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_gethostbyname=yes" @@ -26005,8 +16420,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -26019,10 +16434,10 @@ fi -{ echo "$as_me:$LINENO: checking for syslog" >&5 -echo $ECHO_N "checking for syslog... $ECHO_C" >&6; } -if test "${ac_cv_funclib_syslog+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog" >&5 +$as_echo_n "checking for syslog... " >&6; } +if test "${ac_cv_funclib_syslog+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_syslog\" != yes" ; then @@ -26036,11 +16451,7 @@ if eval "test \"\$ac_cv_func_syslog\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -26051,34 +16462,11 @@ syslog() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}" LIBS="$ac_save_LIBS" @@ -26090,95 +16478,12 @@ fi eval "ac_res=\$ac_cv_funclib_syslog" if false; then - -for ac_func in syslog -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in syslog +do : + ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog" +if test "x$ac_cv_func_syslog" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_SYSLOG 1 _ACEOF fi @@ -26198,14 +16503,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_syslog=no" eval "LIB_syslog=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_syslog=yes" @@ -26218,8 +16523,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -26232,30 +16537,28 @@ fi # Check whether --with-ipv6 was given. -if test "${with_ipv6+set}" = set; then +if test "${with_ipv6+set}" = set; then : withval=$with_ipv6; -if test "$withval" = "no"; then - ac_cv_lib_ipv6=no -fi + ac_cv_lib_ipv6="$withval" + fi save_CFLAGS="${CFLAGS}" -{ echo "$as_me:$LINENO: checking for IPv6 stack type" >&5 -echo $ECHO_N "checking for IPv6 stack type... $ECHO_C" >&6; } -if test "${v6type+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - v6type=unknown -v6lib=none -for i in v6d toshiba kame inria zeta linux; do - case $i in - v6d) - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +if test "X$ac_cv_lib_ipv6" != "Xno"; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv6 stack type" >&5 +$as_echo_n "checking for IPv6 stack type... " >&6; } +if test "${rk_cv_v6type+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + v6type=unknown + v6lib=none + + for i in v6d toshiba kame inria zeta linux; do + case $i in + v6d) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -26264,20 +16567,16 @@ yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "yes" >/dev/null 2>&1; then + $EGREP "yes" >/dev/null 2>&1; then : v6type=$i; v6lib=v6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-I/usr/local/v6/include $CFLAGS" + v6libdir=/usr/local/v6/lib; + CFLAGS="-I/usr/local/v6/include $CFLAGS" fi rm -f conftest* - ;; - toshiba) - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ;; + toshiba) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -26286,20 +16585,16 @@ yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "yes" >/dev/null 2>&1; then + $EGREP "yes" >/dev/null 2>&1; then : v6type=$i; v6lib=inet6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-DINET6 $CFLAGS" + v6libdir=/usr/local/v6/lib; + CFLAGS="-DINET6 $CFLAGS" fi rm -f conftest* - ;; - kame) - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ;; + kame) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -26308,20 +16603,16 @@ yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "yes" >/dev/null 2>&1; then + $EGREP "yes" >/dev/null 2>&1; then : v6type=$i; v6lib=inet6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-DINET6 $CFLAGS" + v6libdir=/usr/local/v6/lib; + CFLAGS="-DINET6 $CFLAGS" fi rm -f conftest* - ;; - inria) - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ;; + inria) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -26330,18 +16621,14 @@ yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "yes" >/dev/null 2>&1; then + $EGREP "yes" >/dev/null 2>&1; then : v6type=$i; CFLAGS="-DINET6 $CFLAGS" fi rm -f conftest* - ;; - zeta) - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ;; + zeta) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -26350,52 +16637,47 @@ yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "yes" >/dev/null 2>&1; then + $EGREP "yes" >/dev/null 2>&1; then : v6type=$i; v6lib=inet6; - v6libdir=/usr/local/v6/lib; - CFLAGS="-DINET6 $CFLAGS" + v6libdir=/usr/local/v6/lib; + CFLAGS="-DINET6 $CFLAGS" fi rm -f conftest* - ;; - linux) - if test -d /usr/inet6; then - v6type=$i - v6lib=inet6 - v6libdir=/usr/inet6 - CFLAGS="-DINET6 $CFLAGS" - fi - ;; - esac - if test "$v6type" != "unknown"; then - break - fi -done - -if test "$v6lib" != "none"; then - for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do - if test -d $dir -a -f $dir/lib$v6lib.a; then - LIBS="-L$dir -l$v6lib $LIBS" + ;; + linux) + if test -d /usr/inet6; then + v6type=$i + v6lib=inet6 + v6libdir=/usr/inet6 + CFLAGS="-DINET6 $CFLAGS" + fi + ;; + esac + if test "$v6type" != "unknown"; then break fi done -fi + if test "$v6lib" != "none"; then + for dir in $v6libdir /usr/local/v6/lib /usr/local/lib; do + if test -d $dir -a -f $dir/lib$v6lib.a; then + LIBS="-L$dir -l$v6lib $LIBS" + break + fi + done + fi fi -{ echo "$as_me:$LINENO: result: $v6type" >&5 -echo "${ECHO_T}$v6type" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rk_cv_v6type" >&5 +$as_echo "$rk_cv_v6type" >&6; } -{ echo "$as_me:$LINENO: checking for IPv6" >&5 -echo $ECHO_N "checking for IPv6... $ECHO_C" >&6; } -if test "${ac_cv_lib_ipv6+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv6" >&5 +$as_echo_n "checking for IPv6... " >&6; } +if test "${rk_cv_lib_ipv6+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -26429,42 +16711,21 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ipv6=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_ipv6=no + ac_cv_lib_ipv6=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rk_cv_lib_ipv6" >&5 +$as_echo "$rk_cv_lib_ipv6" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_ipv6" >&5 -echo "${ECHO_T}$ac_cv_lib_ipv6" >&6; } if test "$ac_cv_lib_ipv6" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_IPV6 1 -_ACEOF +$as_echo "#define HAVE_IPV6 1" >>confdefs.h else CFLAGS="${save_CFLAGS}" @@ -26472,17 +16733,13 @@ fi ## test for AIX missing in6addr_loopback if test "$ac_cv_lib_ipv6" = yes; then - { echo "$as_me:$LINENO: checking for in6addr_loopback" >&5 -echo $ECHO_N "checking for in6addr_loopback... $ECHO_C" >&6; } -if test "${ac_cv_var_in6addr_loopback+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for in6addr_loopback" >&5 +$as_echo_n "checking for in6addr_loopback... " >&6; } +if test "${rk_cv_var_in6addr_loopback+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -26508,42 +16765,19 @@ sin6.sin6_addr = in6addr_loopback; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_in6addr_loopback=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_in6addr_loopback=no + ac_cv_var_in6addr_loopback=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_var_in6addr_loopback" >&5 -echo "${ECHO_T}$ac_cv_var_in6addr_loopback" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rk_cv_var_in6addr_loopback" >&5 +$as_echo "$rk_cv_var_in6addr_loopback" >&6; } if test "$ac_cv_var_in6addr_loopback" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_IN6ADDR_LOOPBACK 1 -_ACEOF +$as_echo "#define HAVE_IN6ADDR_LOOPBACK 1" >>confdefs.h fi fi @@ -26553,10 +16787,10 @@ fi -{ echo "$as_me:$LINENO: checking for gethostbyname2" >&5 -echo $ECHO_N "checking for gethostbyname2... $ECHO_C" >&6; } -if test "${ac_cv_funclib_gethostbyname2+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname2" >&5 +$as_echo_n "checking for gethostbyname2... " >&6; } +if test "${ac_cv_funclib_gethostbyname2+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then @@ -26570,11 +16804,7 @@ if eval "test \"\$ac_cv_func_gethostbyname2\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -26585,34 +16815,11 @@ gethostbyname2() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname2=$ac_lib; else ac_cv_funclib_gethostbyname2=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_gethostbyname2=\${ac_cv_funclib_gethostbyname2-no}" LIBS="$ac_save_LIBS" @@ -26624,95 +16831,12 @@ fi eval "ac_res=\$ac_cv_funclib_gethostbyname2" if false; then - -for ac_func in gethostbyname2 -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in gethostbyname2 +do : + ac_fn_c_check_func "$LINENO" "gethostbyname2" "ac_cv_func_gethostbyname2" +if test "x$ac_cv_func_gethostbyname2" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETHOSTBYNAME2 1 _ACEOF fi @@ -26732,14 +16856,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_gethostbyname2=no" eval "LIB_gethostbyname2=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_gethostbyname2=yes" @@ -26752,8 +16876,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -26765,145 +16889,14 @@ fi - -for ac_header in arpa/nameser.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +for ac_header in arpa/nameser.h dns.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -26911,22 +16904,9 @@ fi done - for ac_header in resolv.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "resolv.h" "ac_cv_header_resolv_h" "$ac_includes_default #ifdef HAVE_SYS_TYPES_H #include #endif @@ -26937,42 +16917,10 @@ $ac_includes_default #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_resolv_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_RESOLV_H 1 _ACEOF fi @@ -26984,10 +16932,10 @@ done -{ echo "$as_me:$LINENO: checking for res_search" >&5 -echo $ECHO_N "checking for res_search... $ECHO_C" >&6; } -if test "${ac_cv_funclib_res_search+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_search" >&5 +$as_echo_n "checking for res_search... " >&6; } +if test "${ac_cv_funclib_res_search+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_res_search\" != yes" ; then @@ -27001,11 +16949,7 @@ if eval "test \"\$ac_cv_func_res_search\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -27030,34 +16974,11 @@ res_search(0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}" LIBS="$ac_save_LIBS" @@ -27069,95 +16990,12 @@ fi eval "ac_res=\$ac_cv_funclib_res_search" if false; then - -for ac_func in res_search -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in res_search +do : + ac_fn_c_check_func "$LINENO" "res_search" "ac_cv_func_res_search" +if test "x$ac_cv_func_res_search" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_RES_SEARCH 1 _ACEOF fi @@ -27177,14 +17015,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_res_search=no" eval "LIB_res_search=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_res_search=yes" @@ -27197,8 +17035,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -27212,10 +17050,10 @@ fi -{ echo "$as_me:$LINENO: checking for res_nsearch" >&5 -echo $ECHO_N "checking for res_nsearch... $ECHO_C" >&6; } -if test "${ac_cv_funclib_res_nsearch+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_nsearch" >&5 +$as_echo_n "checking for res_nsearch... " >&6; } +if test "${ac_cv_funclib_res_nsearch+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then @@ -27229,11 +17067,7 @@ if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -27258,34 +17092,11 @@ res_nsearch(0,0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_nsearch=$ac_lib; else ac_cv_funclib_res_nsearch=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_res_nsearch=\${ac_cv_funclib_res_nsearch-no}" LIBS="$ac_save_LIBS" @@ -27297,95 +17108,12 @@ fi eval "ac_res=\$ac_cv_funclib_res_nsearch" if false; then - -for ac_func in res_nsearch -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in res_nsearch +do : + ac_fn_c_check_func "$LINENO" "res_nsearch" "ac_cv_func_res_nsearch" +if test "x$ac_cv_func_res_nsearch" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_RES_NSEARCH 1 _ACEOF fi @@ -27405,14 +17133,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_res_nsearch=no" eval "LIB_res_nsearch=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_res_nsearch=yes" @@ -27425,8 +17153,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -27440,10 +17168,10 @@ fi -{ echo "$as_me:$LINENO: checking for res_ndestroy" >&5 -echo $ECHO_N "checking for res_ndestroy... $ECHO_C" >&6; } -if test "${ac_cv_funclib_res_ndestroy+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_ndestroy" >&5 +$as_echo_n "checking for res_ndestroy... " >&6; } +if test "${ac_cv_funclib_res_ndestroy+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_res_ndestroy\" != yes" ; then @@ -27457,11 +17185,7 @@ if eval "test \"\$ac_cv_func_res_ndestroy\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -27486,34 +17210,11 @@ res_ndestroy(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_ndestroy=$ac_lib; else ac_cv_funclib_res_ndestroy=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_res_ndestroy=\${ac_cv_funclib_res_ndestroy-no}" LIBS="$ac_save_LIBS" @@ -27525,95 +17226,12 @@ fi eval "ac_res=\$ac_cv_funclib_res_ndestroy" if false; then - -for ac_func in res_ndestroy -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in res_ndestroy +do : + ac_fn_c_check_func "$LINENO" "res_ndestroy" "ac_cv_func_res_ndestroy" +if test "x$ac_cv_func_res_ndestroy" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_RES_NDESTROY 1 _ACEOF fi @@ -27633,14 +17251,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_res_ndestroy=no" eval "LIB_res_ndestroy=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_res_ndestroy=yes" @@ -27653,8 +17271,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -27667,11 +17285,115 @@ fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dns_search" >&5 +$as_echo_n "checking for dns_search... " >&6; } +if test "${ac_cv_funclib_dns_search+set}" = set; then : + $as_echo_n "(cached) " >&6 +else -{ echo "$as_me:$LINENO: checking for dn_expand" >&5 -echo $ECHO_N "checking for dn_expand... $ECHO_C" >&6; } -if test "${ac_cv_funclib_dn_expand+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +if eval "test \"\$ac_cv_func_dns_search\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_DNS_H +#include +#endif + +int +main () +{ +dns_search(0,0,0,0,0,0,0,0) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dns_search=$ac_lib; else ac_cv_funclib_dns_search=yes; fi";break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_dns_search=\${ac_cv_funclib_dns_search-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dns_search" + +if false; then + for ac_func in dns_search +do : + ac_fn_c_check_func "$LINENO" "dns_search" "ac_cv_func_dns_search" +if test "x$ac_cv_func_dns_search" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DNS_SEARCH 1 +_ACEOF + +fi +done + +fi +# dns_search +eval "ac_tr_func=HAVE_`echo dns_search | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_dns_search=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dns_search=yes" + eval "LIB_dns_search=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + no) + eval "ac_cv_func_dns_search=no" + eval "LIB_dns_search=" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + *) + eval "ac_cv_func_dns_search=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } + ;; +esac + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dn_expand" >&5 +$as_echo_n "checking for dn_expand... " >&6; } +if test "${ac_cv_funclib_dn_expand+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then @@ -27685,11 +17407,7 @@ if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -27714,34 +17432,11 @@ dn_expand(0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}" LIBS="$ac_save_LIBS" @@ -27753,95 +17448,12 @@ fi eval "ac_res=\$ac_cv_funclib_dn_expand" if false; then - -for ac_func in dn_expand -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in dn_expand +do : + ac_fn_c_check_func "$LINENO" "dn_expand" "ac_cv_func_dn_expand" +if test "x$ac_cv_func_dn_expand" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DN_EXPAND 1 _ACEOF fi @@ -27861,14 +17473,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_dn_expand=no" eval "LIB_dn_expand=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_dn_expand=yes" @@ -27881,8 +17493,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -27893,18 +17505,14 @@ fi -{ echo "$as_me:$LINENO: checking for _res" >&5 -echo $ECHO_N "checking for _res... $ECHO_C" >&6; } -if test "${ac_cv_var__res+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _res" >&5 +$as_echo_n "checking for _res... " >&6; } +if test "${ac_cv_var__res+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_SYS_TYPES_H @@ -27928,102 +17536,15 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var__res=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var__res=no + ac_cv_var__res=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var__res" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -extern int _res; -int foo(void) { return _res; } -int -main () -{ -foo() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_var__res=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var__res=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi - -fi - -ac_foo=`eval echo \\$ac_cv_var__res` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } -if test "$ac_foo" = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE__RES 1 -_ACEOF - - { echo "$as_me:$LINENO: checking whether _res is declared" >&5 -echo $ECHO_N "checking whether _res is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl__res+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_SYS_TYPES_H @@ -28038,83 +17559,115 @@ cat >>conftest.$ac_ext <<_ACEOF #ifdef HAVE_RESOLV_H #include #endif - +extern int _res; +int foo(void) { return _res; } int main () { -#ifndef _res - (void) _res; +foo() + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_var__res=yes +else + ac_cv_var__res=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi + +fi + +ac_foo=`eval echo \\$ac_cv_var__res` +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } +if test "$ac_foo" = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE__RES 1 +_ACEOF + + +# ac_fn_c_check_decl LINENO SYMBOL VAR +# ------------------------------------ +# Tests whether SYMBOL is declared, setting cache variable VAR accordingly. +ac_fn_c_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5 +$as_echo_n "checking whether $2 is declared... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $2 + (void) $2; #endif ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl__res=yes +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl__res=no + eval "$3=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl__res" >&5 -echo "${ECHO_T}$ac_cv_have_decl__res" >&6; } -if test $ac_cv_have_decl__res = yes; then +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_decl +ac_fn_c_check_decl "$LINENO" "_res" "ac_cv_have_decl__res" "#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +" +if test "x$ac_cv_have_decl__res" = x""yes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__RES 1 +#define HAVE_DECL__RES $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__RES 0 -_ACEOF - - -fi - - fi -{ echo "$as_me:$LINENO: checking for working snprintf" >&5 -echo $ECHO_N "checking for working snprintf... $ECHO_C" >&6; } -if test "${ac_cv_func_snprintf_working+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working snprintf" >&5 +$as_echo_n "checking for working snprintf... " >&6; } +if test "${ac_cv_func_snprintf_working+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_func_snprintf_working=yes -if test "$cross_compiling" = yes; then +if test "$cross_compiling" = yes; then : : else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -28126,42 +17679,18 @@ int main(int argc, char **argv) return strcmp(foo, "1") || snprintf(NULL, 0, "%d", 12) != 2; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : : else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_snprintf_working=no + ac_cv_func_snprintf_working=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_working" >&5 -echo "${ECHO_T}$ac_cv_func_snprintf_working" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_snprintf_working" >&5 +$as_echo "$ac_cv_func_snprintf_working" >&6; } if test "$ac_cv_func_snprintf_working" = yes; then @@ -28173,16 +17702,12 @@ fi if test "$ac_cv_func_snprintf_working" = yes; then if test "$ac_cv_func_snprintf+set" != set -o "$ac_cv_func_snprintf" = yes; then -{ echo "$as_me:$LINENO: checking if snprintf needs a prototype" >&5 -echo $ECHO_N "checking if snprintf needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_snprintf_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if snprintf needs a prototype" >&5 +$as_echo_n "checking if snprintf needs a prototype... " >&6; } +if test "${ac_cv_func_snprintf_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -28195,40 +17720,18 @@ snprintf(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_snprintf_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_snprintf_noproto=no" + eval "ac_cv_func_snprintf_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_snprintf_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_snprintf_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_snprintf_noproto" >&5 +$as_echo "$ac_cv_func_snprintf_noproto" >&6; } if test "$ac_cv_func_snprintf_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_SNPRINTF_PROTO 1 -_ACEOF +$as_echo "#define NEED_SNPRINTF_PROTO 1" >>confdefs.h fi fi @@ -28236,20 +17739,16 @@ fi fi -{ echo "$as_me:$LINENO: checking for working vsnprintf" >&5 -echo $ECHO_N "checking for working vsnprintf... $ECHO_C" >&6; } -if test "${ac_cv_func_vsnprintf_working+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 +$as_echo_n "checking for working vsnprintf... " >&6; } +if test "${ac_cv_func_vsnprintf_working+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_func_vsnprintf_working=yes -if test "$cross_compiling" = yes; then +if test "$cross_compiling" = yes; then : : else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -28281,42 +17780,18 @@ int main(int argc, char **argv) return foo(0, "12") || bar(0, 2, "12"); } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : : else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_vsnprintf_working=no + ac_cv_func_vsnprintf_working=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_working" >&5 -echo "${ECHO_T}$ac_cv_func_vsnprintf_working" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vsnprintf_working" >&5 +$as_echo "$ac_cv_func_vsnprintf_working" >&6; } if test "$ac_cv_func_vsnprintf_working" = yes; then @@ -28328,16 +17803,12 @@ fi if test "$ac_cv_func_vsnprintf_working" = yes; then if test "$ac_cv_func_vsnprintf+set" != set -o "$ac_cv_func_vsnprintf" = yes; then -{ echo "$as_me:$LINENO: checking if vsnprintf needs a prototype" >&5 -echo $ECHO_N "checking if vsnprintf needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if vsnprintf needs a prototype" >&5 +$as_echo_n "checking if vsnprintf needs a prototype... " >&6; } +if test "${ac_cv_func_vsnprintf_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -28350,40 +17821,18 @@ vsnprintf(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_vsnprintf_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_vsnprintf_noproto=no" + eval "ac_cv_func_vsnprintf_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_vsnprintf_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vsnprintf_noproto" >&5 +$as_echo "$ac_cv_func_vsnprintf_noproto" >&6; } if test "$ac_cv_func_vsnprintf_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_VSNPRINTF_PROTO 1 -_ACEOF +$as_echo "#define NEED_VSNPRINTF_PROTO 1" >>confdefs.h fi fi @@ -28392,17 +17841,13 @@ fi -{ echo "$as_me:$LINENO: checking for working glob" >&5 -echo $ECHO_N "checking for working glob... $ECHO_C" >&6; } -if test "${ac_cv_func_glob_working+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working glob" >&5 +$as_echo_n "checking for working glob... " >&6; } +if test "${ac_cv_func_glob_working+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_func_glob_working=yes -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -28424,58 +17869,31 @@ NULL, NULL); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : : else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_glob_working=no + ac_cv_func_glob_working=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_glob_working" >&5 -echo "${ECHO_T}$ac_cv_func_glob_working" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_glob_working" >&5 +$as_echo "$ac_cv_func_glob_working" >&6; } if test "$ac_cv_func_glob_working" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_GLOB 1 -_ACEOF +$as_echo "#define HAVE_GLOB 1" >>confdefs.h fi if test "$ac_cv_func_glob_working" = yes; then if test "$ac_cv_func_glob+set" != set -o "$ac_cv_func_glob" = yes; then -{ echo "$as_me:$LINENO: checking if glob needs a prototype" >&5 -echo $ECHO_N "checking if glob needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_glob_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if glob needs a prototype" >&5 +$as_echo_n "checking if glob needs a prototype... " >&6; } +if test "${ac_cv_func_glob_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -28489,40 +17907,18 @@ glob(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_glob_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_glob_noproto=no" + eval "ac_cv_func_glob_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_glob_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_glob_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_glob_noproto" >&5 +$as_echo "$ac_cv_func_glob_noproto" >&6; } if test "$ac_cv_func_glob_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_GLOB_PROTO 1 -_ACEOF +$as_echo "#define NEED_GLOB_PROTO 1" >>confdefs.h fi fi @@ -28547,33 +17943,6 @@ fi - - - - - - - - - - - - - - - - - - - - - - - - - - - for ac_func in \ asnprintf \ asprintf \ @@ -28583,113 +17952,35 @@ for ac_func in \ getprogname \ getrlimit \ getspnam \ - initstate \ issetugid \ on_exit \ poll \ random \ setprogname \ - setstate \ strsvis \ + strsvisx \ strunvis \ strvis \ strvisx \ svis \ sysconf \ sysctl \ + tdelete \ + tfind \ + twalk \ uname \ unvis \ vasnprintf \ vasprintf \ vis \ -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi @@ -28720,10 +18011,10 @@ fi -{ echo "$as_me:$LINENO: checking for getsockopt" >&5 -echo $ECHO_N "checking for getsockopt... $ECHO_C" >&6; } -if test "${ac_cv_funclib_getsockopt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getsockopt" >&5 +$as_echo_n "checking for getsockopt... " >&6; } +if test "${ac_cv_funclib_getsockopt+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then @@ -28737,11 +18028,7 @@ if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include @@ -28757,34 +18044,11 @@ getsockopt(0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}" LIBS="$ac_save_LIBS" @@ -28796,95 +18060,12 @@ fi eval "ac_res=\$ac_cv_funclib_getsockopt" if false; then - -for ac_func in getsockopt -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in getsockopt +do : + ac_fn_c_check_func "$LINENO" "getsockopt" "ac_cv_func_getsockopt" +if test "x$ac_cv_func_getsockopt" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETSOCKOPT 1 _ACEOF fi @@ -28904,14 +18085,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_getsockopt=no" eval "LIB_getsockopt=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_getsockopt=yes" @@ -28924,8 +18105,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -28933,10 +18114,10 @@ esac -{ echo "$as_me:$LINENO: checking for setsockopt" >&5 -echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6; } -if test "${ac_cv_funclib_setsockopt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt" >&5 +$as_echo_n "checking for setsockopt... " >&6; } +if test "${ac_cv_funclib_setsockopt+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then @@ -28950,11 +18131,7 @@ if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include @@ -28970,34 +18147,11 @@ setsockopt(0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}" LIBS="$ac_save_LIBS" @@ -29009,95 +18163,12 @@ fi eval "ac_res=\$ac_cv_funclib_setsockopt" if false; then - -for ac_func in setsockopt -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in setsockopt +do : + ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" +if test "x$ac_cv_func_setsockopt" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_SETSOCKOPT 1 _ACEOF fi @@ -29117,14 +18188,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_setsockopt=no" eval "LIB_setsockopt=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_setsockopt=yes" @@ -29137,8 +18208,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -29148,10 +18219,10 @@ esac -{ echo "$as_me:$LINENO: checking for hstrerror" >&5 -echo $ECHO_N "checking for hstrerror... $ECHO_C" >&6; } -if test "${ac_cv_funclib_hstrerror+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for hstrerror" >&5 +$as_echo_n "checking for hstrerror... " >&6; } +if test "${ac_cv_funclib_hstrerror+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then @@ -29165,11 +18236,7 @@ if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include @@ -29182,34 +18249,11 @@ hstrerror(17) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}" LIBS="$ac_save_LIBS" @@ -29221,95 +18265,12 @@ fi eval "ac_res=\$ac_cv_funclib_hstrerror" if false; then - -for ac_func in hstrerror -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in hstrerror +do : + ac_fn_c_check_func "$LINENO" "hstrerror" "ac_cv_func_hstrerror" +if test "x$ac_cv_func_hstrerror" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_HSTRERROR 1 _ACEOF fi @@ -29329,14 +18290,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_hstrerror=no" eval "LIB_hstrerror=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_hstrerror=yes" @@ -29349,8 +18310,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -29370,16 +18331,12 @@ fi if test "$ac_cv_func_hstrerror+set" != set -o "$ac_cv_func_hstrerror" = yes; then -{ echo "$as_me:$LINENO: checking if hstrerror needs a prototype" >&5 -echo $ECHO_N "checking if hstrerror needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_hstrerror_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if hstrerror needs a prototype" >&5 +$as_echo_n "checking if hstrerror needs a prototype... " >&6; } +if test "${ac_cv_func_hstrerror_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H @@ -29395,40 +18352,18 @@ hstrerror(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_hstrerror_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_hstrerror_noproto=no" + eval "ac_cv_func_hstrerror_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_hstrerror_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_hstrerror_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_hstrerror_noproto" >&5 +$as_echo "$ac_cv_func_hstrerror_noproto" >&6; } if test "$ac_cv_func_hstrerror_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_HSTRERROR_PROTO 1 -_ACEOF +$as_echo "#define NEED_HSTRERROR_PROTO 1" >>confdefs.h fi fi @@ -29436,16 +18371,12 @@ fi if test "$ac_cv_func_asprintf+set" != set -o "$ac_cv_func_asprintf" = yes; then -{ echo "$as_me:$LINENO: checking if asprintf needs a prototype" >&5 -echo $ECHO_N "checking if asprintf needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_asprintf_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if asprintf needs a prototype" >&5 +$as_echo_n "checking if asprintf needs a prototype... " >&6; } +if test "${ac_cv_func_asprintf_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -29460,55 +18391,29 @@ asprintf(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_asprintf_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_asprintf_noproto=no" + eval "ac_cv_func_asprintf_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_asprintf_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_asprintf_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_asprintf_noproto" >&5 +$as_echo "$ac_cv_func_asprintf_noproto" >&6; } if test "$ac_cv_func_asprintf_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_ASPRINTF_PROTO 1 -_ACEOF +$as_echo "#define NEED_ASPRINTF_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_vasprintf+set" != set -o "$ac_cv_func_vasprintf" = yes; then -{ echo "$as_me:$LINENO: checking if vasprintf needs a prototype" >&5 -echo $ECHO_N "checking if vasprintf needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_vasprintf_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if vasprintf needs a prototype" >&5 +$as_echo_n "checking if vasprintf needs a prototype... " >&6; } +if test "${ac_cv_func_vasprintf_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -29523,55 +18428,29 @@ vasprintf(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_vasprintf_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_vasprintf_noproto=no" + eval "ac_cv_func_vasprintf_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vasprintf_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_vasprintf_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vasprintf_noproto" >&5 +$as_echo "$ac_cv_func_vasprintf_noproto" >&6; } if test "$ac_cv_func_vasprintf_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_VASPRINTF_PROTO 1 -_ACEOF +$as_echo "#define NEED_VASPRINTF_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_asnprintf+set" != set -o "$ac_cv_func_asnprintf" = yes; then -{ echo "$as_me:$LINENO: checking if asnprintf needs a prototype" >&5 -echo $ECHO_N "checking if asnprintf needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_asnprintf_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if asnprintf needs a prototype" >&5 +$as_echo_n "checking if asnprintf needs a prototype... " >&6; } +if test "${ac_cv_func_asnprintf_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -29586,55 +18465,29 @@ asnprintf(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_asnprintf_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_asnprintf_noproto=no" + eval "ac_cv_func_asnprintf_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_asnprintf_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_asnprintf_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_asnprintf_noproto" >&5 +$as_echo "$ac_cv_func_asnprintf_noproto" >&6; } if test "$ac_cv_func_asnprintf_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_ASNPRINTF_PROTO 1 -_ACEOF +$as_echo "#define NEED_ASNPRINTF_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_vasnprintf+set" != set -o "$ac_cv_func_vasnprintf" = yes; then -{ echo "$as_me:$LINENO: checking if vasnprintf needs a prototype" >&5 -echo $ECHO_N "checking if vasnprintf needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if vasnprintf needs a prototype" >&5 +$as_echo_n "checking if vasnprintf needs a prototype... " >&6; } +if test "${ac_cv_func_vasnprintf_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -29649,40 +18502,18 @@ vasnprintf(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_vasnprintf_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_vasnprintf_noproto=no" + eval "ac_cv_func_vasnprintf_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vasnprintf_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_vasnprintf_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vasnprintf_noproto" >&5 +$as_echo "$ac_cv_func_vasnprintf_noproto" >&6; } if test "$ac_cv_func_vasnprintf_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_VASNPRINTF_PROTO 1 -_ACEOF +$as_echo "#define NEED_VASNPRINTF_PROTO 1" >>confdefs.h fi fi @@ -29691,10 +18522,10 @@ fi -{ echo "$as_me:$LINENO: checking for bswap16" >&5 -echo $ECHO_N "checking for bswap16... $ECHO_C" >&6; } -if test "${ac_cv_funclib_bswap16+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bswap16" >&5 +$as_echo_n "checking for bswap16... " >&6; } +if test "${ac_cv_funclib_bswap16+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then @@ -29708,12 +18539,11 @@ if eval "test \"\$ac_cv_func_bswap16\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif #ifdef HAVE_SYS_BSWAP_H #include #endif @@ -29725,34 +18555,11 @@ bswap16(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap16=$ac_lib; else ac_cv_funclib_bswap16=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_bswap16=\${ac_cv_funclib_bswap16-no}" LIBS="$ac_save_LIBS" @@ -29764,95 +18571,12 @@ fi eval "ac_res=\$ac_cv_funclib_bswap16" if false; then - -for ac_func in bswap16 -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in bswap16 +do : + ac_fn_c_check_func "$LINENO" "bswap16" "ac_cv_func_bswap16" +if test "x$ac_cv_func_bswap16" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_BSWAP16 1 _ACEOF fi @@ -29872,14 +18596,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_bswap16=no" eval "LIB_bswap16=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_bswap16=yes" @@ -29892,8 +18616,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -29902,10 +18626,10 @@ esac -{ echo "$as_me:$LINENO: checking for bswap32" >&5 -echo $ECHO_N "checking for bswap32... $ECHO_C" >&6; } -if test "${ac_cv_funclib_bswap32+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bswap32" >&5 +$as_echo_n "checking for bswap32... " >&6; } +if test "${ac_cv_funclib_bswap32+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then @@ -29919,12 +18643,11 @@ if eval "test \"\$ac_cv_func_bswap32\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif #ifdef HAVE_SYS_BSWAP_H #include #endif @@ -29936,34 +18659,11 @@ bswap32(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_bswap32=$ac_lib; else ac_cv_funclib_bswap32=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_bswap32=\${ac_cv_funclib_bswap32-no}" LIBS="$ac_save_LIBS" @@ -29975,95 +18675,12 @@ fi eval "ac_res=\$ac_cv_funclib_bswap32" if false; then - -for ac_func in bswap32 -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in bswap32 +do : + ac_fn_c_check_func "$LINENO" "bswap32" "ac_cv_func_bswap32" +if test "x$ac_cv_func_bswap32" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_BSWAP32 1 _ACEOF fi @@ -30083,14 +18700,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_bswap32=no" eval "LIB_bswap32=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_bswap32=yes" @@ -30103,8 +18720,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -30113,10 +18730,10 @@ esac -{ echo "$as_me:$LINENO: checking for pidfile" >&5 -echo $ECHO_N "checking for pidfile... $ECHO_C" >&6; } -if test "${ac_cv_funclib_pidfile+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pidfile" >&5 +$as_echo_n "checking for pidfile... " >&6; } +if test "${ac_cv_funclib_pidfile+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then @@ -30130,11 +18747,7 @@ if eval "test \"\$ac_cv_func_pidfile\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_UTIL_H #include @@ -30147,34 +18760,11 @@ pidfile(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_pidfile=$ac_lib; else ac_cv_funclib_pidfile=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_pidfile=\${ac_cv_funclib_pidfile-no}" LIBS="$ac_save_LIBS" @@ -30186,95 +18776,12 @@ fi eval "ac_res=\$ac_cv_funclib_pidfile" if false; then - -for ac_func in pidfile -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in pidfile +do : + ac_fn_c_check_func "$LINENO" "pidfile" "ac_cv_func_pidfile" +if test "x$ac_cv_func_pidfile" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_PIDFILE 1 _ACEOF fi @@ -30294,14 +18801,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_pidfile=no" eval "LIB_pidfile=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_pidfile=yes" @@ -30314,8 +18821,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -30325,10 +18832,10 @@ esac -{ echo "$as_me:$LINENO: checking for getaddrinfo" >&5 -echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6; } -if test "${ac_cv_funclib_getaddrinfo+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 +$as_echo_n "checking for getaddrinfo... " >&6; } +if test "${ac_cv_funclib_getaddrinfo+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_getaddrinfo\" != yes" ; then @@ -30342,15 +18849,14 @@ if eval "test \"\$ac_cv_func_getaddrinfo\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include #endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -30359,34 +18865,11 @@ getaddrinfo(0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_getaddrinfo=$ac_lib; else ac_cv_funclib_getaddrinfo=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_getaddrinfo=\${ac_cv_funclib_getaddrinfo-no}" LIBS="$ac_save_LIBS" @@ -30398,95 +18881,12 @@ fi eval "ac_res=\$ac_cv_funclib_getaddrinfo" if false; then - -for ac_func in getaddrinfo -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in getaddrinfo +do : + ac_fn_c_check_func "$LINENO" "getaddrinfo" "ac_cv_func_getaddrinfo" +if test "x$ac_cv_func_getaddrinfo" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETADDRINFO 1 _ACEOF fi @@ -30506,14 +18906,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_getaddrinfo=no" eval "LIB_getaddrinfo=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_getaddrinfo=yes" @@ -30526,8 +18926,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -30550,10 +18950,10 @@ fi -{ echo "$as_me:$LINENO: checking for getnameinfo" >&5 -echo $ECHO_N "checking for getnameinfo... $ECHO_C" >&6; } -if test "${ac_cv_funclib_getnameinfo+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getnameinfo" >&5 +$as_echo_n "checking for getnameinfo... " >&6; } +if test "${ac_cv_funclib_getnameinfo+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_getnameinfo\" != yes" ; then @@ -30567,15 +18967,14 @@ if eval "test \"\$ac_cv_func_getnameinfo\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include #endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -30584,34 +18983,11 @@ getnameinfo(0,0,0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_getnameinfo=$ac_lib; else ac_cv_funclib_getnameinfo=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_getnameinfo=\${ac_cv_funclib_getnameinfo-no}" LIBS="$ac_save_LIBS" @@ -30623,95 +18999,12 @@ fi eval "ac_res=\$ac_cv_funclib_getnameinfo" if false; then - -for ac_func in getnameinfo -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in getnameinfo +do : + ac_fn_c_check_func "$LINENO" "getnameinfo" "ac_cv_func_getnameinfo" +if test "x$ac_cv_func_getnameinfo" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETNAMEINFO 1 _ACEOF fi @@ -30731,14 +19024,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_getnameinfo=no" eval "LIB_getnameinfo=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_getnameinfo=yes" @@ -30751,8 +19044,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -30775,10 +19068,10 @@ fi -{ echo "$as_me:$LINENO: checking for freeaddrinfo" >&5 -echo $ECHO_N "checking for freeaddrinfo... $ECHO_C" >&6; } -if test "${ac_cv_funclib_freeaddrinfo+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for freeaddrinfo" >&5 +$as_echo_n "checking for freeaddrinfo... " >&6; } +if test "${ac_cv_funclib_freeaddrinfo+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_freeaddrinfo\" != yes" ; then @@ -30792,15 +19085,14 @@ if eval "test \"\$ac_cv_func_freeaddrinfo\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include #endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -30809,34 +19101,11 @@ freeaddrinfo(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_freeaddrinfo=$ac_lib; else ac_cv_funclib_freeaddrinfo=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_freeaddrinfo=\${ac_cv_funclib_freeaddrinfo-no}" LIBS="$ac_save_LIBS" @@ -30848,95 +19117,12 @@ fi eval "ac_res=\$ac_cv_funclib_freeaddrinfo" if false; then - -for ac_func in freeaddrinfo -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in freeaddrinfo +do : + ac_fn_c_check_func "$LINENO" "freeaddrinfo" "ac_cv_func_freeaddrinfo" +if test "x$ac_cv_func_freeaddrinfo" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_FREEADDRINFO 1 _ACEOF fi @@ -30956,14 +19142,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_freeaddrinfo=no" eval "LIB_freeaddrinfo=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_freeaddrinfo=yes" @@ -30976,8 +19162,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -31000,10 +19186,10 @@ fi -{ echo "$as_me:$LINENO: checking for gai_strerror" >&5 -echo $ECHO_N "checking for gai_strerror... $ECHO_C" >&6; } -if test "${ac_cv_funclib_gai_strerror+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gai_strerror" >&5 +$as_echo_n "checking for gai_strerror... " >&6; } +if test "${ac_cv_funclib_gai_strerror+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_gai_strerror\" != yes" ; then @@ -31017,15 +19203,14 @@ if eval "test \"\$ac_cv_func_gai_strerror\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include #endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -31034,34 +19219,11 @@ gai_strerror(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_gai_strerror=$ac_lib; else ac_cv_funclib_gai_strerror=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_gai_strerror=\${ac_cv_funclib_gai_strerror-no}" LIBS="$ac_save_LIBS" @@ -31073,95 +19235,12 @@ fi eval "ac_res=\$ac_cv_funclib_gai_strerror" if false; then - -for ac_func in gai_strerror -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in gai_strerror +do : + ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror" +if test "x$ac_cv_func_gai_strerror" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GAI_STRERROR 1 _ACEOF fi @@ -31181,14 +19260,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_gai_strerror=no" eval "LIB_gai_strerror=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_gai_strerror=yes" @@ -31201,8 +19280,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -31221,373 +19300,15 @@ esac fi -{ echo "$as_me:$LINENO: checking for chown" >&5 -echo $ECHO_N "checking for chown... $ECHO_C" >&6; } -if test "${ac_cv_func_chown+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define chown to an innocuous variant, in case declares chown. - For example, HP-UX 11i declares gettimeofday. */ -#define chown innocuous_chown +case "$host_os" in + darwin*) + ;; + *) -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char chown (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ +$as_echo "#define SUPPORT_DETACH 1" >>confdefs.h -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef chown - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char chown (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_chown || defined __stub___chown -choke me -#endif - -int -main () -{ -return chown (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_chown=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_chown=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_chown" >&5 -echo "${ECHO_T}$ac_cv_func_chown" >&6; } -if test $ac_cv_func_chown = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_CHOWN 1 -_ACEOF - -else - case " $LIBOBJS " in - *" chown.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS chown.$ac_objext" - ;; -esac - -fi -{ echo "$as_me:$LINENO: checking for copyhostent" >&5 -echo $ECHO_N "checking for copyhostent... $ECHO_C" >&6; } -if test "${ac_cv_func_copyhostent+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define copyhostent to an innocuous variant, in case declares copyhostent. - For example, HP-UX 11i declares gettimeofday. */ -#define copyhostent innocuous_copyhostent - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char copyhostent (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef copyhostent - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char copyhostent (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_copyhostent || defined __stub___copyhostent -choke me -#endif - -int -main () -{ -return copyhostent (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_copyhostent=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_copyhostent=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_copyhostent" >&5 -echo "${ECHO_T}$ac_cv_func_copyhostent" >&6; } -if test $ac_cv_func_copyhostent = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_COPYHOSTENT 1 -_ACEOF - -else - case " $LIBOBJS " in - *" copyhostent.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS copyhostent.$ac_objext" - ;; -esac - -fi -{ echo "$as_me:$LINENO: checking for closefrom" >&5 -echo $ECHO_N "checking for closefrom... $ECHO_C" >&6; } -if test "${ac_cv_func_closefrom+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define closefrom to an innocuous variant, in case declares closefrom. - For example, HP-UX 11i declares gettimeofday. */ -#define closefrom innocuous_closefrom - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char closefrom (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef closefrom - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char closefrom (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_closefrom || defined __stub___closefrom -choke me -#endif - -int -main () -{ -return closefrom (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_closefrom=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_closefrom=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_closefrom" >&5 -echo "${ECHO_T}$ac_cv_func_closefrom" >&6; } -if test $ac_cv_func_closefrom = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_CLOSEFROM 1 -_ACEOF - -else - case " $LIBOBJS " in - *" closefrom.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS closefrom.$ac_objext" - ;; -esac - -fi -{ echo "$as_me:$LINENO: checking for daemon" >&5 -echo $ECHO_N "checking for daemon... $ECHO_C" >&6; } -if test "${ac_cv_func_daemon+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define daemon to an innocuous variant, in case declares daemon. - For example, HP-UX 11i declares gettimeofday. */ -#define daemon innocuous_daemon - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char daemon (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef daemon - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char daemon (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_daemon || defined __stub___daemon -choke me -#endif - -int -main () -{ -return daemon (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_daemon=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_daemon=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5 -echo "${ECHO_T}$ac_cv_func_daemon" >&6; } -if test $ac_cv_func_daemon = yes; then + ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" +if test "x$ac_cv_func_daemon" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DAEMON 1 @@ -31601,88 +19322,56 @@ else esac fi -{ echo "$as_me:$LINENO: checking for ecalloc" >&5 -echo $ECHO_N "checking for ecalloc... $ECHO_C" >&6; } -if test "${ac_cv_func_ecalloc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define ecalloc to an innocuous variant, in case declares ecalloc. - For example, HP-UX 11i declares gettimeofday. */ -#define ecalloc innocuous_ecalloc - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char ecalloc (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef ecalloc - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ecalloc (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_ecalloc || defined __stub___ecalloc -choke me -#endif - -int -main () -{ -return ecalloc (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; + ;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_ecalloc=yes + +ac_fn_c_check_func "$LINENO" "chown" "ac_cv_func_chown" +if test "x$ac_cv_func_chown" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_CHOWN 1 +_ACEOF + else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 + case " $LIBOBJS " in + *" chown.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS chown.$ac_objext" + ;; +esac - ac_cv_func_ecalloc=no fi +ac_fn_c_check_func "$LINENO" "copyhostent" "ac_cv_func_copyhostent" +if test "x$ac_cv_func_copyhostent" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_COPYHOSTENT 1 +_ACEOF + +else + case " $LIBOBJS " in + *" copyhostent.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS copyhostent.$ac_objext" + ;; +esac -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_ecalloc" >&5 -echo "${ECHO_T}$ac_cv_func_ecalloc" >&6; } -if test $ac_cv_func_ecalloc = yes; then +ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom" +if test "x$ac_cv_func_closefrom" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_CLOSEFROM 1 +_ACEOF + +else + case " $LIBOBJS " in + *" closefrom.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS closefrom.$ac_objext" + ;; +esac + +fi +ac_fn_c_check_func "$LINENO" "ecalloc" "ac_cv_func_ecalloc" +if test "x$ac_cv_func_ecalloc" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ECALLOC 1 @@ -31696,88 +19385,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for emalloc" >&5 -echo $ECHO_N "checking for emalloc... $ECHO_C" >&6; } -if test "${ac_cv_func_emalloc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define emalloc to an innocuous variant, in case declares emalloc. - For example, HP-UX 11i declares gettimeofday. */ -#define emalloc innocuous_emalloc - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char emalloc (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef emalloc - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char emalloc (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_emalloc || defined __stub___emalloc -choke me -#endif - -int -main () -{ -return emalloc (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_emalloc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_emalloc=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_emalloc" >&5 -echo "${ECHO_T}$ac_cv_func_emalloc" >&6; } -if test $ac_cv_func_emalloc = yes; then +ac_fn_c_check_func "$LINENO" "emalloc" "ac_cv_func_emalloc" +if test "x$ac_cv_func_emalloc" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_EMALLOC 1 @@ -31791,88 +19400,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for erealloc" >&5 -echo $ECHO_N "checking for erealloc... $ECHO_C" >&6; } -if test "${ac_cv_func_erealloc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define erealloc to an innocuous variant, in case declares erealloc. - For example, HP-UX 11i declares gettimeofday. */ -#define erealloc innocuous_erealloc - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char erealloc (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef erealloc - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char erealloc (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_erealloc || defined __stub___erealloc -choke me -#endif - -int -main () -{ -return erealloc (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_erealloc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_erealloc=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_erealloc" >&5 -echo "${ECHO_T}$ac_cv_func_erealloc" >&6; } -if test $ac_cv_func_erealloc = yes; then +ac_fn_c_check_func "$LINENO" "erealloc" "ac_cv_func_erealloc" +if test "x$ac_cv_func_erealloc" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_EREALLOC 1 @@ -31886,88 +19415,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for estrdup" >&5 -echo $ECHO_N "checking for estrdup... $ECHO_C" >&6; } -if test "${ac_cv_func_estrdup+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define estrdup to an innocuous variant, in case declares estrdup. - For example, HP-UX 11i declares gettimeofday. */ -#define estrdup innocuous_estrdup - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char estrdup (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef estrdup - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char estrdup (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_estrdup || defined __stub___estrdup -choke me -#endif - -int -main () -{ -return estrdup (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_estrdup=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_estrdup=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_estrdup" >&5 -echo "${ECHO_T}$ac_cv_func_estrdup" >&6; } -if test $ac_cv_func_estrdup = yes; then +ac_fn_c_check_func "$LINENO" "estrdup" "ac_cv_func_estrdup" +if test "x$ac_cv_func_estrdup" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ESTRDUP 1 @@ -31981,88 +19430,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for err" >&5 -echo $ECHO_N "checking for err... $ECHO_C" >&6; } -if test "${ac_cv_func_err+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define err to an innocuous variant, in case declares err. - For example, HP-UX 11i declares gettimeofday. */ -#define err innocuous_err - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char err (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef err - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char err (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_err || defined __stub___err -choke me -#endif - -int -main () -{ -return err (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_err=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_err=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_err" >&5 -echo "${ECHO_T}$ac_cv_func_err" >&6; } -if test $ac_cv_func_err = yes; then +ac_fn_c_check_func "$LINENO" "err" "ac_cv_func_err" +if test "x$ac_cv_func_err" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ERR 1 @@ -32076,88 +19445,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for errx" >&5 -echo $ECHO_N "checking for errx... $ECHO_C" >&6; } -if test "${ac_cv_func_errx+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define errx to an innocuous variant, in case declares errx. - For example, HP-UX 11i declares gettimeofday. */ -#define errx innocuous_errx - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char errx (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef errx - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char errx (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_errx || defined __stub___errx -choke me -#endif - -int -main () -{ -return errx (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_errx=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_errx=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_errx" >&5 -echo "${ECHO_T}$ac_cv_func_errx" >&6; } -if test $ac_cv_func_errx = yes; then +ac_fn_c_check_func "$LINENO" "errx" "ac_cv_func_errx" +if test "x$ac_cv_func_errx" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ERRX 1 @@ -32171,88 +19460,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for fchown" >&5 -echo $ECHO_N "checking for fchown... $ECHO_C" >&6; } -if test "${ac_cv_func_fchown+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define fchown to an innocuous variant, in case declares fchown. - For example, HP-UX 11i declares gettimeofday. */ -#define fchown innocuous_fchown - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char fchown (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef fchown - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char fchown (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_fchown || defined __stub___fchown -choke me -#endif - -int -main () -{ -return fchown (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_fchown=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_fchown=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_fchown" >&5 -echo "${ECHO_T}$ac_cv_func_fchown" >&6; } -if test $ac_cv_func_fchown = yes; then +ac_fn_c_check_func "$LINENO" "fchown" "ac_cv_func_fchown" +if test "x$ac_cv_func_fchown" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FCHOWN 1 @@ -32266,88 +19475,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for flock" >&5 -echo $ECHO_N "checking for flock... $ECHO_C" >&6; } -if test "${ac_cv_func_flock+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define flock to an innocuous variant, in case declares flock. - For example, HP-UX 11i declares gettimeofday. */ -#define flock innocuous_flock - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char flock (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef flock - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char flock (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_flock || defined __stub___flock -choke me -#endif - -int -main () -{ -return flock (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_flock=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_flock=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_flock" >&5 -echo "${ECHO_T}$ac_cv_func_flock" >&6; } -if test $ac_cv_func_flock = yes; then +ac_fn_c_check_func "$LINENO" "flock" "ac_cv_func_flock" +if test "x$ac_cv_func_flock" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FLOCK 1 @@ -32361,88 +19490,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for fnmatch" >&5 -echo $ECHO_N "checking for fnmatch... $ECHO_C" >&6; } -if test "${ac_cv_func_fnmatch+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define fnmatch to an innocuous variant, in case declares fnmatch. - For example, HP-UX 11i declares gettimeofday. */ -#define fnmatch innocuous_fnmatch - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char fnmatch (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef fnmatch - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char fnmatch (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_fnmatch || defined __stub___fnmatch -choke me -#endif - -int -main () -{ -return fnmatch (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_fnmatch=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_fnmatch=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_fnmatch" >&5 -echo "${ECHO_T}$ac_cv_func_fnmatch" >&6; } -if test $ac_cv_func_fnmatch = yes; then +ac_fn_c_check_func "$LINENO" "fnmatch" "ac_cv_func_fnmatch" +if test "x$ac_cv_func_fnmatch" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FNMATCH 1 @@ -32456,88 +19505,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for freehostent" >&5 -echo $ECHO_N "checking for freehostent... $ECHO_C" >&6; } -if test "${ac_cv_func_freehostent+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define freehostent to an innocuous variant, in case declares freehostent. - For example, HP-UX 11i declares gettimeofday. */ -#define freehostent innocuous_freehostent - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char freehostent (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef freehostent - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char freehostent (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_freehostent || defined __stub___freehostent -choke me -#endif - -int -main () -{ -return freehostent (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_freehostent=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_freehostent=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_freehostent" >&5 -echo "${ECHO_T}$ac_cv_func_freehostent" >&6; } -if test $ac_cv_func_freehostent = yes; then +ac_fn_c_check_func "$LINENO" "freehostent" "ac_cv_func_freehostent" +if test "x$ac_cv_func_freehostent" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_FREEHOSTENT 1 @@ -32551,88 +19520,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getcwd" >&5 -echo $ECHO_N "checking for getcwd... $ECHO_C" >&6; } -if test "${ac_cv_func_getcwd+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getcwd to an innocuous variant, in case declares getcwd. - For example, HP-UX 11i declares gettimeofday. */ -#define getcwd innocuous_getcwd - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getcwd (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getcwd - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getcwd (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getcwd || defined __stub___getcwd -choke me -#endif - -int -main () -{ -return getcwd (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getcwd=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getcwd=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getcwd" >&5 -echo "${ECHO_T}$ac_cv_func_getcwd" >&6; } -if test $ac_cv_func_getcwd = yes; then +ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd" +if test "x$ac_cv_func_getcwd" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETCWD 1 @@ -32646,88 +19535,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getdtablesize" >&5 -echo $ECHO_N "checking for getdtablesize... $ECHO_C" >&6; } -if test "${ac_cv_func_getdtablesize+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getdtablesize to an innocuous variant, in case declares getdtablesize. - For example, HP-UX 11i declares gettimeofday. */ -#define getdtablesize innocuous_getdtablesize - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getdtablesize (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getdtablesize - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getdtablesize (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getdtablesize || defined __stub___getdtablesize -choke me -#endif - -int -main () -{ -return getdtablesize (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getdtablesize=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getdtablesize=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getdtablesize" >&5 -echo "${ECHO_T}$ac_cv_func_getdtablesize" >&6; } -if test $ac_cv_func_getdtablesize = yes; then +ac_fn_c_check_func "$LINENO" "getdtablesize" "ac_cv_func_getdtablesize" +if test "x$ac_cv_func_getdtablesize" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETDTABLESIZE 1 @@ -32741,88 +19550,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getegid" >&5 -echo $ECHO_N "checking for getegid... $ECHO_C" >&6; } -if test "${ac_cv_func_getegid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getegid to an innocuous variant, in case declares getegid. - For example, HP-UX 11i declares gettimeofday. */ -#define getegid innocuous_getegid - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getegid (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getegid - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getegid (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getegid || defined __stub___getegid -choke me -#endif - -int -main () -{ -return getegid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getegid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getegid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getegid" >&5 -echo "${ECHO_T}$ac_cv_func_getegid" >&6; } -if test $ac_cv_func_getegid = yes; then +ac_fn_c_check_func "$LINENO" "getegid" "ac_cv_func_getegid" +if test "x$ac_cv_func_getegid" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETEGID 1 @@ -32836,88 +19565,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for geteuid" >&5 -echo $ECHO_N "checking for geteuid... $ECHO_C" >&6; } -if test "${ac_cv_func_geteuid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define geteuid to an innocuous variant, in case declares geteuid. - For example, HP-UX 11i declares gettimeofday. */ -#define geteuid innocuous_geteuid - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char geteuid (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef geteuid - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char geteuid (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_geteuid || defined __stub___geteuid -choke me -#endif - -int -main () -{ -return geteuid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_geteuid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_geteuid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_geteuid" >&5 -echo "${ECHO_T}$ac_cv_func_geteuid" >&6; } -if test $ac_cv_func_geteuid = yes; then +ac_fn_c_check_func "$LINENO" "geteuid" "ac_cv_func_geteuid" +if test "x$ac_cv_func_geteuid" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETEUID 1 @@ -32931,88 +19580,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getgid" >&5 -echo $ECHO_N "checking for getgid... $ECHO_C" >&6; } -if test "${ac_cv_func_getgid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getgid to an innocuous variant, in case declares getgid. - For example, HP-UX 11i declares gettimeofday. */ -#define getgid innocuous_getgid - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getgid (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getgid - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getgid (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getgid || defined __stub___getgid -choke me -#endif - -int -main () -{ -return getgid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getgid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getgid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getgid" >&5 -echo "${ECHO_T}$ac_cv_func_getgid" >&6; } -if test $ac_cv_func_getgid = yes; then +ac_fn_c_check_func "$LINENO" "getgid" "ac_cv_func_getgid" +if test "x$ac_cv_func_getgid" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETGID 1 @@ -33026,88 +19595,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for gethostname" >&5 -echo $ECHO_N "checking for gethostname... $ECHO_C" >&6; } -if test "${ac_cv_func_gethostname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define gethostname to an innocuous variant, in case declares gethostname. - For example, HP-UX 11i declares gettimeofday. */ -#define gethostname innocuous_gethostname - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char gethostname (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef gethostname - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gethostname (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_gethostname || defined __stub___gethostname -choke me -#endif - -int -main () -{ -return gethostname (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_gethostname=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_gethostname=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostname" >&5 -echo "${ECHO_T}$ac_cv_func_gethostname" >&6; } -if test $ac_cv_func_gethostname = yes; then +ac_fn_c_check_func "$LINENO" "gethostname" "ac_cv_func_gethostname" +if test "x$ac_cv_func_gethostname" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETHOSTNAME 1 @@ -33121,88 +19610,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getifaddrs" >&5 -echo $ECHO_N "checking for getifaddrs... $ECHO_C" >&6; } -if test "${ac_cv_func_getifaddrs+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getifaddrs to an innocuous variant, in case declares getifaddrs. - For example, HP-UX 11i declares gettimeofday. */ -#define getifaddrs innocuous_getifaddrs - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getifaddrs (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getifaddrs - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getifaddrs (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getifaddrs || defined __stub___getifaddrs -choke me -#endif - -int -main () -{ -return getifaddrs (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getifaddrs=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getifaddrs=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getifaddrs" >&5 -echo "${ECHO_T}$ac_cv_func_getifaddrs" >&6; } -if test $ac_cv_func_getifaddrs = yes; then +ac_fn_c_check_func "$LINENO" "getifaddrs" "ac_cv_func_getifaddrs" +if test "x$ac_cv_func_getifaddrs" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETIFADDRS 1 @@ -33216,88 +19625,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getipnodebyaddr" >&5 -echo $ECHO_N "checking for getipnodebyaddr... $ECHO_C" >&6; } -if test "${ac_cv_func_getipnodebyaddr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getipnodebyaddr to an innocuous variant, in case declares getipnodebyaddr. - For example, HP-UX 11i declares gettimeofday. */ -#define getipnodebyaddr innocuous_getipnodebyaddr - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getipnodebyaddr (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getipnodebyaddr - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getipnodebyaddr (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getipnodebyaddr || defined __stub___getipnodebyaddr -choke me -#endif - -int -main () -{ -return getipnodebyaddr (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getipnodebyaddr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getipnodebyaddr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyaddr" >&5 -echo "${ECHO_T}$ac_cv_func_getipnodebyaddr" >&6; } -if test $ac_cv_func_getipnodebyaddr = yes; then +ac_fn_c_check_func "$LINENO" "getipnodebyaddr" "ac_cv_func_getipnodebyaddr" +if test "x$ac_cv_func_getipnodebyaddr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETIPNODEBYADDR 1 @@ -33311,88 +19640,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getipnodebyname" >&5 -echo $ECHO_N "checking for getipnodebyname... $ECHO_C" >&6; } -if test "${ac_cv_func_getipnodebyname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getipnodebyname to an innocuous variant, in case declares getipnodebyname. - For example, HP-UX 11i declares gettimeofday. */ -#define getipnodebyname innocuous_getipnodebyname - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getipnodebyname (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getipnodebyname - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getipnodebyname (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getipnodebyname || defined __stub___getipnodebyname -choke me -#endif - -int -main () -{ -return getipnodebyname (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getipnodebyname=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getipnodebyname=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getipnodebyname" >&5 -echo "${ECHO_T}$ac_cv_func_getipnodebyname" >&6; } -if test $ac_cv_func_getipnodebyname = yes; then +ac_fn_c_check_func "$LINENO" "getipnodebyname" "ac_cv_func_getipnodebyname" +if test "x$ac_cv_func_getipnodebyname" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETIPNODEBYNAME 1 @@ -33406,88 +19655,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getopt" >&5 -echo $ECHO_N "checking for getopt... $ECHO_C" >&6; } -if test "${ac_cv_func_getopt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getopt to an innocuous variant, in case declares getopt. - For example, HP-UX 11i declares gettimeofday. */ -#define getopt innocuous_getopt - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getopt (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getopt - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getopt (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getopt || defined __stub___getopt -choke me -#endif - -int -main () -{ -return getopt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getopt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getopt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getopt" >&5 -echo "${ECHO_T}$ac_cv_func_getopt" >&6; } -if test $ac_cv_func_getopt = yes; then +ac_fn_c_check_func "$LINENO" "getopt" "ac_cv_func_getopt" +if test "x$ac_cv_func_getopt" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETOPT 1 @@ -33501,88 +19670,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for gettimeofday" >&5 -echo $ECHO_N "checking for gettimeofday... $ECHO_C" >&6; } -if test "${ac_cv_func_gettimeofday+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define gettimeofday to an innocuous variant, in case declares gettimeofday. - For example, HP-UX 11i declares gettimeofday. */ -#define gettimeofday innocuous_gettimeofday - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char gettimeofday (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef gettimeofday - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gettimeofday (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_gettimeofday || defined __stub___gettimeofday -choke me -#endif - -int -main () -{ -return gettimeofday (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_gettimeofday=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_gettimeofday=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_gettimeofday" >&5 -echo "${ECHO_T}$ac_cv_func_gettimeofday" >&6; } -if test $ac_cv_func_gettimeofday = yes; then +ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday" +if test "x$ac_cv_func_gettimeofday" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETTIMEOFDAY 1 @@ -33596,88 +19685,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getuid" >&5 -echo $ECHO_N "checking for getuid... $ECHO_C" >&6; } -if test "${ac_cv_func_getuid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getuid to an innocuous variant, in case declares getuid. - For example, HP-UX 11i declares gettimeofday. */ -#define getuid innocuous_getuid - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getuid (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getuid - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getuid (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getuid || defined __stub___getuid -choke me -#endif - -int -main () -{ -return getuid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getuid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getuid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getuid" >&5 -echo "${ECHO_T}$ac_cv_func_getuid" >&6; } -if test $ac_cv_func_getuid = yes; then +ac_fn_c_check_func "$LINENO" "getuid" "ac_cv_func_getuid" +if test "x$ac_cv_func_getuid" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETUID 1 @@ -33691,88 +19700,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for getusershell" >&5 -echo $ECHO_N "checking for getusershell... $ECHO_C" >&6; } -if test "${ac_cv_func_getusershell+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getusershell to an innocuous variant, in case declares getusershell. - For example, HP-UX 11i declares gettimeofday. */ -#define getusershell innocuous_getusershell - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getusershell (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getusershell - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getusershell (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getusershell || defined __stub___getusershell -choke me -#endif - -int -main () -{ -return getusershell (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getusershell=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getusershell=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getusershell" >&5 -echo "${ECHO_T}$ac_cv_func_getusershell" >&6; } -if test $ac_cv_func_getusershell = yes; then +ac_fn_c_check_func "$LINENO" "getusershell" "ac_cv_func_getusershell" +if test "x$ac_cv_func_getusershell" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETUSERSHELL 1 @@ -33786,88 +19715,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for initgroups" >&5 -echo $ECHO_N "checking for initgroups... $ECHO_C" >&6; } -if test "${ac_cv_func_initgroups+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define initgroups to an innocuous variant, in case declares initgroups. - For example, HP-UX 11i declares gettimeofday. */ -#define initgroups innocuous_initgroups - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char initgroups (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef initgroups - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char initgroups (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_initgroups || defined __stub___initgroups -choke me -#endif - -int -main () -{ -return initgroups (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_initgroups=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_initgroups=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_initgroups" >&5 -echo "${ECHO_T}$ac_cv_func_initgroups" >&6; } -if test $ac_cv_func_initgroups = yes; then +ac_fn_c_check_func "$LINENO" "initgroups" "ac_cv_func_initgroups" +if test "x$ac_cv_func_initgroups" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INITGROUPS 1 @@ -33881,88 +19730,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for innetgr" >&5 -echo $ECHO_N "checking for innetgr... $ECHO_C" >&6; } -if test "${ac_cv_func_innetgr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define innetgr to an innocuous variant, in case declares innetgr. - For example, HP-UX 11i declares gettimeofday. */ -#define innetgr innocuous_innetgr - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char innetgr (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef innetgr - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char innetgr (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_innetgr || defined __stub___innetgr -choke me -#endif - -int -main () -{ -return innetgr (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_innetgr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_innetgr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_innetgr" >&5 -echo "${ECHO_T}$ac_cv_func_innetgr" >&6; } -if test $ac_cv_func_innetgr = yes; then +ac_fn_c_check_func "$LINENO" "innetgr" "ac_cv_func_innetgr" +if test "x$ac_cv_func_innetgr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INNETGR 1 @@ -33976,88 +19745,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for iruserok" >&5 -echo $ECHO_N "checking for iruserok... $ECHO_C" >&6; } -if test "${ac_cv_func_iruserok+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define iruserok to an innocuous variant, in case declares iruserok. - For example, HP-UX 11i declares gettimeofday. */ -#define iruserok innocuous_iruserok - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char iruserok (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef iruserok - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char iruserok (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_iruserok || defined __stub___iruserok -choke me -#endif - -int -main () -{ -return iruserok (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_iruserok=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_iruserok=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_iruserok" >&5 -echo "${ECHO_T}$ac_cv_func_iruserok" >&6; } -if test $ac_cv_func_iruserok = yes; then +ac_fn_c_check_func "$LINENO" "iruserok" "ac_cv_func_iruserok" +if test "x$ac_cv_func_iruserok" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_IRUSEROK 1 @@ -34071,88 +19760,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for localtime_r" >&5 -echo $ECHO_N "checking for localtime_r... $ECHO_C" >&6; } -if test "${ac_cv_func_localtime_r+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define localtime_r to an innocuous variant, in case declares localtime_r. - For example, HP-UX 11i declares gettimeofday. */ -#define localtime_r innocuous_localtime_r - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char localtime_r (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef localtime_r - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char localtime_r (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_localtime_r || defined __stub___localtime_r -choke me -#endif - -int -main () -{ -return localtime_r (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_localtime_r=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_localtime_r=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_localtime_r" >&5 -echo "${ECHO_T}$ac_cv_func_localtime_r" >&6; } -if test $ac_cv_func_localtime_r = yes; then +ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r" +if test "x$ac_cv_func_localtime_r" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LOCALTIME_R 1 @@ -34166,88 +19775,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for lstat" >&5 -echo $ECHO_N "checking for lstat... $ECHO_C" >&6; } -if test "${ac_cv_func_lstat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define lstat to an innocuous variant, in case declares lstat. - For example, HP-UX 11i declares gettimeofday. */ -#define lstat innocuous_lstat - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char lstat (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef lstat - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char lstat (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_lstat || defined __stub___lstat -choke me -#endif - -int -main () -{ -return lstat (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_lstat=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_lstat=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_lstat" >&5 -echo "${ECHO_T}$ac_cv_func_lstat" >&6; } -if test $ac_cv_func_lstat = yes; then +ac_fn_c_check_func "$LINENO" "lstat" "ac_cv_func_lstat" +if test "x$ac_cv_func_lstat" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LSTAT 1 @@ -34261,88 +19790,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for memmove" >&5 -echo $ECHO_N "checking for memmove... $ECHO_C" >&6; } -if test "${ac_cv_func_memmove+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define memmove to an innocuous variant, in case declares memmove. - For example, HP-UX 11i declares gettimeofday. */ -#define memmove innocuous_memmove - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char memmove (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef memmove - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char memmove (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_memmove || defined __stub___memmove -choke me -#endif - -int -main () -{ -return memmove (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_memmove=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_memmove=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_memmove" >&5 -echo "${ECHO_T}$ac_cv_func_memmove" >&6; } -if test $ac_cv_func_memmove = yes; then +ac_fn_c_check_func "$LINENO" "memmove" "ac_cv_func_memmove" +if test "x$ac_cv_func_memmove" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_MEMMOVE 1 @@ -34356,88 +19805,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for mkstemp" >&5 -echo $ECHO_N "checking for mkstemp... $ECHO_C" >&6; } -if test "${ac_cv_func_mkstemp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define mkstemp to an innocuous variant, in case declares mkstemp. - For example, HP-UX 11i declares gettimeofday. */ -#define mkstemp innocuous_mkstemp - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char mkstemp (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef mkstemp - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char mkstemp (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_mkstemp || defined __stub___mkstemp -choke me -#endif - -int -main () -{ -return mkstemp (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_mkstemp=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_mkstemp=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp" >&5 -echo "${ECHO_T}$ac_cv_func_mkstemp" >&6; } -if test $ac_cv_func_mkstemp = yes; then +ac_fn_c_check_func "$LINENO" "mkstemp" "ac_cv_func_mkstemp" +if test "x$ac_cv_func_mkstemp" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_MKSTEMP 1 @@ -34451,88 +19820,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for putenv" >&5 -echo $ECHO_N "checking for putenv... $ECHO_C" >&6; } -if test "${ac_cv_func_putenv+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define putenv to an innocuous variant, in case declares putenv. - For example, HP-UX 11i declares gettimeofday. */ -#define putenv innocuous_putenv - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char putenv (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef putenv - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char putenv (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_putenv || defined __stub___putenv -choke me -#endif - -int -main () -{ -return putenv (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_putenv=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_putenv=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_putenv" >&5 -echo "${ECHO_T}$ac_cv_func_putenv" >&6; } -if test $ac_cv_func_putenv = yes; then +ac_fn_c_check_func "$LINENO" "putenv" "ac_cv_func_putenv" +if test "x$ac_cv_func_putenv" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PUTENV 1 @@ -34546,88 +19835,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for rcmd" >&5 -echo $ECHO_N "checking for rcmd... $ECHO_C" >&6; } -if test "${ac_cv_func_rcmd+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define rcmd to an innocuous variant, in case declares rcmd. - For example, HP-UX 11i declares gettimeofday. */ -#define rcmd innocuous_rcmd - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char rcmd (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef rcmd - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char rcmd (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_rcmd || defined __stub___rcmd -choke me -#endif - -int -main () -{ -return rcmd (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_rcmd=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_rcmd=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_rcmd" >&5 -echo "${ECHO_T}$ac_cv_func_rcmd" >&6; } -if test $ac_cv_func_rcmd = yes; then +ac_fn_c_check_func "$LINENO" "rcmd" "ac_cv_func_rcmd" +if test "x$ac_cv_func_rcmd" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_RCMD 1 @@ -34641,88 +19850,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for readv" >&5 -echo $ECHO_N "checking for readv... $ECHO_C" >&6; } -if test "${ac_cv_func_readv+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define readv to an innocuous variant, in case declares readv. - For example, HP-UX 11i declares gettimeofday. */ -#define readv innocuous_readv - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char readv (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef readv - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char readv (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_readv || defined __stub___readv -choke me -#endif - -int -main () -{ -return readv (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_readv=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_readv=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_readv" >&5 -echo "${ECHO_T}$ac_cv_func_readv" >&6; } -if test $ac_cv_func_readv = yes; then +ac_fn_c_check_func "$LINENO" "readv" "ac_cv_func_readv" +if test "x$ac_cv_func_readv" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_READV 1 @@ -34736,88 +19865,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for recvmsg" >&5 -echo $ECHO_N "checking for recvmsg... $ECHO_C" >&6; } -if test "${ac_cv_func_recvmsg+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define recvmsg to an innocuous variant, in case declares recvmsg. - For example, HP-UX 11i declares gettimeofday. */ -#define recvmsg innocuous_recvmsg - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char recvmsg (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef recvmsg - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char recvmsg (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_recvmsg || defined __stub___recvmsg -choke me -#endif - -int -main () -{ -return recvmsg (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_recvmsg=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_recvmsg=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_recvmsg" >&5 -echo "${ECHO_T}$ac_cv_func_recvmsg" >&6; } -if test $ac_cv_func_recvmsg = yes; then +ac_fn_c_check_func "$LINENO" "recvmsg" "ac_cv_func_recvmsg" +if test "x$ac_cv_func_recvmsg" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_RECVMSG 1 @@ -34831,88 +19880,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for sendmsg" >&5 -echo $ECHO_N "checking for sendmsg... $ECHO_C" >&6; } -if test "${ac_cv_func_sendmsg+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define sendmsg to an innocuous variant, in case declares sendmsg. - For example, HP-UX 11i declares gettimeofday. */ -#define sendmsg innocuous_sendmsg - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char sendmsg (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef sendmsg - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char sendmsg (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_sendmsg || defined __stub___sendmsg -choke me -#endif - -int -main () -{ -return sendmsg (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_sendmsg=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_sendmsg=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_sendmsg" >&5 -echo "${ECHO_T}$ac_cv_func_sendmsg" >&6; } -if test $ac_cv_func_sendmsg = yes; then +ac_fn_c_check_func "$LINENO" "sendmsg" "ac_cv_func_sendmsg" +if test "x$ac_cv_func_sendmsg" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SENDMSG 1 @@ -34926,88 +19895,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for setegid" >&5 -echo $ECHO_N "checking for setegid... $ECHO_C" >&6; } -if test "${ac_cv_func_setegid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define setegid to an innocuous variant, in case declares setegid. - For example, HP-UX 11i declares gettimeofday. */ -#define setegid innocuous_setegid - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char setegid (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef setegid - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setegid (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_setegid || defined __stub___setegid -choke me -#endif - -int -main () -{ -return setegid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_setegid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_setegid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_setegid" >&5 -echo "${ECHO_T}$ac_cv_func_setegid" >&6; } -if test $ac_cv_func_setegid = yes; then +ac_fn_c_check_func "$LINENO" "setegid" "ac_cv_func_setegid" +if test "x$ac_cv_func_setegid" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETEGID 1 @@ -35021,88 +19910,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for setenv" >&5 -echo $ECHO_N "checking for setenv... $ECHO_C" >&6; } -if test "${ac_cv_func_setenv+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define setenv to an innocuous variant, in case declares setenv. - For example, HP-UX 11i declares gettimeofday. */ -#define setenv innocuous_setenv - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char setenv (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef setenv - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setenv (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_setenv || defined __stub___setenv -choke me -#endif - -int -main () -{ -return setenv (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_setenv=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_setenv=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_setenv" >&5 -echo "${ECHO_T}$ac_cv_func_setenv" >&6; } -if test $ac_cv_func_setenv = yes; then +ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv" +if test "x$ac_cv_func_setenv" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETENV 1 @@ -35116,88 +19925,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for seteuid" >&5 -echo $ECHO_N "checking for seteuid... $ECHO_C" >&6; } -if test "${ac_cv_func_seteuid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define seteuid to an innocuous variant, in case declares seteuid. - For example, HP-UX 11i declares gettimeofday. */ -#define seteuid innocuous_seteuid - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char seteuid (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef seteuid - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char seteuid (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_seteuid || defined __stub___seteuid -choke me -#endif - -int -main () -{ -return seteuid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_seteuid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_seteuid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_seteuid" >&5 -echo "${ECHO_T}$ac_cv_func_seteuid" >&6; } -if test $ac_cv_func_seteuid = yes; then +ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid" +if test "x$ac_cv_func_seteuid" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETEUID 1 @@ -35211,88 +19940,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strcasecmp" >&5 -echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6; } -if test "${ac_cv_func_strcasecmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strcasecmp to an innocuous variant, in case declares strcasecmp. - For example, HP-UX 11i declares gettimeofday. */ -#define strcasecmp innocuous_strcasecmp - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strcasecmp (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strcasecmp - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strcasecmp (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strcasecmp || defined __stub___strcasecmp -choke me -#endif - -int -main () -{ -return strcasecmp (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strcasecmp=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strcasecmp=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strcasecmp" >&5 -echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6; } -if test $ac_cv_func_strcasecmp = yes; then +ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" +if test "x$ac_cv_func_strcasecmp" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRCASECMP 1 @@ -35306,88 +19955,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strdup" >&5 -echo $ECHO_N "checking for strdup... $ECHO_C" >&6; } -if test "${ac_cv_func_strdup+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strdup to an innocuous variant, in case declares strdup. - For example, HP-UX 11i declares gettimeofday. */ -#define strdup innocuous_strdup - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strdup (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strdup - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strdup (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strdup || defined __stub___strdup -choke me -#endif - -int -main () -{ -return strdup (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strdup=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strdup=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strdup" >&5 -echo "${ECHO_T}$ac_cv_func_strdup" >&6; } -if test $ac_cv_func_strdup = yes; then +ac_fn_c_check_func "$LINENO" "strdup" "ac_cv_func_strdup" +if test "x$ac_cv_func_strdup" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRDUP 1 @@ -35401,88 +19970,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strerror" >&5 -echo $ECHO_N "checking for strerror... $ECHO_C" >&6; } -if test "${ac_cv_func_strerror+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strerror to an innocuous variant, in case declares strerror. - For example, HP-UX 11i declares gettimeofday. */ -#define strerror innocuous_strerror - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strerror (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strerror - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strerror (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strerror || defined __stub___strerror -choke me -#endif - -int -main () -{ -return strerror (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strerror=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strerror=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strerror" >&5 -echo "${ECHO_T}$ac_cv_func_strerror" >&6; } -if test $ac_cv_func_strerror = yes; then +ac_fn_c_check_func "$LINENO" "strerror" "ac_cv_func_strerror" +if test "x$ac_cv_func_strerror" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRERROR 1 @@ -35496,88 +19985,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strftime" >&5 -echo $ECHO_N "checking for strftime... $ECHO_C" >&6; } -if test "${ac_cv_func_strftime+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strftime to an innocuous variant, in case declares strftime. - For example, HP-UX 11i declares gettimeofday. */ -#define strftime innocuous_strftime - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strftime (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strftime - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strftime (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strftime || defined __stub___strftime -choke me -#endif - -int -main () -{ -return strftime (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strftime=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strftime=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strftime" >&5 -echo "${ECHO_T}$ac_cv_func_strftime" >&6; } -if test $ac_cv_func_strftime = yes; then +ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" +if test "x$ac_cv_func_strftime" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRFTIME 1 @@ -35591,88 +20000,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strlcat" >&5 -echo $ECHO_N "checking for strlcat... $ECHO_C" >&6; } -if test "${ac_cv_func_strlcat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strlcat to an innocuous variant, in case declares strlcat. - For example, HP-UX 11i declares gettimeofday. */ -#define strlcat innocuous_strlcat - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strlcat (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strlcat - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strlcat (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strlcat || defined __stub___strlcat -choke me -#endif - -int -main () -{ -return strlcat (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strlcat=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strlcat=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strlcat" >&5 -echo "${ECHO_T}$ac_cv_func_strlcat" >&6; } -if test $ac_cv_func_strlcat = yes; then +ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" +if test "x$ac_cv_func_strlcat" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRLCAT 1 @@ -35686,88 +20015,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strlcpy" >&5 -echo $ECHO_N "checking for strlcpy... $ECHO_C" >&6; } -if test "${ac_cv_func_strlcpy+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strlcpy to an innocuous variant, in case declares strlcpy. - For example, HP-UX 11i declares gettimeofday. */ -#define strlcpy innocuous_strlcpy - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strlcpy (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strlcpy - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strlcpy (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strlcpy || defined __stub___strlcpy -choke me -#endif - -int -main () -{ -return strlcpy (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strlcpy=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strlcpy=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strlcpy" >&5 -echo "${ECHO_T}$ac_cv_func_strlcpy" >&6; } -if test $ac_cv_func_strlcpy = yes; then +ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" +if test "x$ac_cv_func_strlcpy" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRLCPY 1 @@ -35781,88 +20030,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strlwr" >&5 -echo $ECHO_N "checking for strlwr... $ECHO_C" >&6; } -if test "${ac_cv_func_strlwr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strlwr to an innocuous variant, in case declares strlwr. - For example, HP-UX 11i declares gettimeofday. */ -#define strlwr innocuous_strlwr - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strlwr (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strlwr - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strlwr (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strlwr || defined __stub___strlwr -choke me -#endif - -int -main () -{ -return strlwr (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strlwr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strlwr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strlwr" >&5 -echo "${ECHO_T}$ac_cv_func_strlwr" >&6; } -if test $ac_cv_func_strlwr = yes; then +ac_fn_c_check_func "$LINENO" "strlwr" "ac_cv_func_strlwr" +if test "x$ac_cv_func_strlwr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRLWR 1 @@ -35876,88 +20045,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strncasecmp" >&5 -echo $ECHO_N "checking for strncasecmp... $ECHO_C" >&6; } -if test "${ac_cv_func_strncasecmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strncasecmp to an innocuous variant, in case declares strncasecmp. - For example, HP-UX 11i declares gettimeofday. */ -#define strncasecmp innocuous_strncasecmp - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strncasecmp (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strncasecmp - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strncasecmp (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strncasecmp || defined __stub___strncasecmp -choke me -#endif - -int -main () -{ -return strncasecmp (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strncasecmp=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strncasecmp=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strncasecmp" >&5 -echo "${ECHO_T}$ac_cv_func_strncasecmp" >&6; } -if test $ac_cv_func_strncasecmp = yes; then +ac_fn_c_check_func "$LINENO" "strncasecmp" "ac_cv_func_strncasecmp" +if test "x$ac_cv_func_strncasecmp" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRNCASECMP 1 @@ -35971,88 +20060,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strndup" >&5 -echo $ECHO_N "checking for strndup... $ECHO_C" >&6; } -if test "${ac_cv_func_strndup+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strndup to an innocuous variant, in case declares strndup. - For example, HP-UX 11i declares gettimeofday. */ -#define strndup innocuous_strndup - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strndup (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strndup - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strndup (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strndup || defined __stub___strndup -choke me -#endif - -int -main () -{ -return strndup (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strndup=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strndup=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strndup" >&5 -echo "${ECHO_T}$ac_cv_func_strndup" >&6; } -if test $ac_cv_func_strndup = yes; then +ac_fn_c_check_func "$LINENO" "strndup" "ac_cv_func_strndup" +if test "x$ac_cv_func_strndup" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRNDUP 1 @@ -36066,88 +20075,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strnlen" >&5 -echo $ECHO_N "checking for strnlen... $ECHO_C" >&6; } -if test "${ac_cv_func_strnlen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strnlen to an innocuous variant, in case declares strnlen. - For example, HP-UX 11i declares gettimeofday. */ -#define strnlen innocuous_strnlen - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strnlen (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strnlen - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strnlen (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strnlen || defined __stub___strnlen -choke me -#endif - -int -main () -{ -return strnlen (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strnlen=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strnlen=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strnlen" >&5 -echo "${ECHO_T}$ac_cv_func_strnlen" >&6; } -if test $ac_cv_func_strnlen = yes; then +ac_fn_c_check_func "$LINENO" "strnlen" "ac_cv_func_strnlen" +if test "x$ac_cv_func_strnlen" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRNLEN 1 @@ -36161,88 +20090,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strptime" >&5 -echo $ECHO_N "checking for strptime... $ECHO_C" >&6; } -if test "${ac_cv_func_strptime+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strptime to an innocuous variant, in case declares strptime. - For example, HP-UX 11i declares gettimeofday. */ -#define strptime innocuous_strptime - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strptime (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strptime - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strptime (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strptime || defined __stub___strptime -choke me -#endif - -int -main () -{ -return strptime (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strptime=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strptime=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strptime" >&5 -echo "${ECHO_T}$ac_cv_func_strptime" >&6; } -if test $ac_cv_func_strptime = yes; then +ac_fn_c_check_func "$LINENO" "strptime" "ac_cv_func_strptime" +if test "x$ac_cv_func_strptime" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRPTIME 1 @@ -36256,88 +20105,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strsep" >&5 -echo $ECHO_N "checking for strsep... $ECHO_C" >&6; } -if test "${ac_cv_func_strsep+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strsep to an innocuous variant, in case declares strsep. - For example, HP-UX 11i declares gettimeofday. */ -#define strsep innocuous_strsep - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strsep (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strsep - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strsep (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strsep || defined __stub___strsep -choke me -#endif - -int -main () -{ -return strsep (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strsep=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strsep=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep" >&5 -echo "${ECHO_T}$ac_cv_func_strsep" >&6; } -if test $ac_cv_func_strsep = yes; then +ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" +if test "x$ac_cv_func_strsep" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRSEP 1 @@ -36351,88 +20120,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strsep_copy" >&5 -echo $ECHO_N "checking for strsep_copy... $ECHO_C" >&6; } -if test "${ac_cv_func_strsep_copy+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strsep_copy to an innocuous variant, in case declares strsep_copy. - For example, HP-UX 11i declares gettimeofday. */ -#define strsep_copy innocuous_strsep_copy - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strsep_copy (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strsep_copy - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strsep_copy (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strsep_copy || defined __stub___strsep_copy -choke me -#endif - -int -main () -{ -return strsep_copy (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strsep_copy=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strsep_copy=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep_copy" >&5 -echo "${ECHO_T}$ac_cv_func_strsep_copy" >&6; } -if test $ac_cv_func_strsep_copy = yes; then +ac_fn_c_check_func "$LINENO" "strsep_copy" "ac_cv_func_strsep_copy" +if test "x$ac_cv_func_strsep_copy" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRSEP_COPY 1 @@ -36446,88 +20135,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strtok_r" >&5 -echo $ECHO_N "checking for strtok_r... $ECHO_C" >&6; } -if test "${ac_cv_func_strtok_r+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strtok_r to an innocuous variant, in case declares strtok_r. - For example, HP-UX 11i declares gettimeofday. */ -#define strtok_r innocuous_strtok_r - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strtok_r (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strtok_r - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strtok_r (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strtok_r || defined __stub___strtok_r -choke me -#endif - -int -main () -{ -return strtok_r (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strtok_r=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strtok_r=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r" >&5 -echo "${ECHO_T}$ac_cv_func_strtok_r" >&6; } -if test $ac_cv_func_strtok_r = yes; then +ac_fn_c_check_func "$LINENO" "strtok_r" "ac_cv_func_strtok_r" +if test "x$ac_cv_func_strtok_r" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRTOK_R 1 @@ -36541,88 +20150,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for strupr" >&5 -echo $ECHO_N "checking for strupr... $ECHO_C" >&6; } -if test "${ac_cv_func_strupr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strupr to an innocuous variant, in case declares strupr. - For example, HP-UX 11i declares gettimeofday. */ -#define strupr innocuous_strupr - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strupr (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strupr - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strupr (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strupr || defined __stub___strupr -choke me -#endif - -int -main () -{ -return strupr (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strupr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strupr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strupr" >&5 -echo "${ECHO_T}$ac_cv_func_strupr" >&6; } -if test $ac_cv_func_strupr = yes; then +ac_fn_c_check_func "$LINENO" "strupr" "ac_cv_func_strupr" +if test "x$ac_cv_func_strupr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUPR 1 @@ -36636,88 +20165,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for swab" >&5 -echo $ECHO_N "checking for swab... $ECHO_C" >&6; } -if test "${ac_cv_func_swab+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define swab to an innocuous variant, in case declares swab. - For example, HP-UX 11i declares gettimeofday. */ -#define swab innocuous_swab - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char swab (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef swab - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char swab (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_swab || defined __stub___swab -choke me -#endif - -int -main () -{ -return swab (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_swab=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_swab=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_swab" >&5 -echo "${ECHO_T}$ac_cv_func_swab" >&6; } -if test $ac_cv_func_swab = yes; then +ac_fn_c_check_func "$LINENO" "swab" "ac_cv_func_swab" +if test "x$ac_cv_func_swab" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SWAB 1 @@ -36731,88 +20180,23 @@ else esac fi -{ echo "$as_me:$LINENO: checking for timegm" >&5 -echo $ECHO_N "checking for timegm... $ECHO_C" >&6; } -if test "${ac_cv_func_timegm+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +ac_fn_c_check_func "$LINENO" "tsearch" "ac_cv_func_tsearch" +if test "x$ac_cv_func_tsearch" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_TSEARCH 1 +_ACEOF + else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define timegm to an innocuous variant, in case declares timegm. - For example, HP-UX 11i declares gettimeofday. */ -#define timegm innocuous_timegm - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char timegm (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef timegm - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char timegm (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_timegm || defined __stub___timegm -choke me -#endif - -int -main () -{ -return timegm (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; + case " $LIBOBJS " in + *" tsearch.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS tsearch.$ac_objext" + ;; esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_timegm=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_func_timegm=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_timegm" >&5 -echo "${ECHO_T}$ac_cv_func_timegm" >&6; } -if test $ac_cv_func_timegm = yes; then +ac_fn_c_check_func "$LINENO" "timegm" "ac_cv_func_timegm" +if test "x$ac_cv_func_timegm" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_TIMEGM 1 @@ -36826,88 +20210,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for unsetenv" >&5 -echo $ECHO_N "checking for unsetenv... $ECHO_C" >&6; } -if test "${ac_cv_func_unsetenv+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define unsetenv to an innocuous variant, in case declares unsetenv. - For example, HP-UX 11i declares gettimeofday. */ -#define unsetenv innocuous_unsetenv - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char unsetenv (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef unsetenv - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char unsetenv (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_unsetenv || defined __stub___unsetenv -choke me -#endif - -int -main () -{ -return unsetenv (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_unsetenv=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_unsetenv=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv" >&5 -echo "${ECHO_T}$ac_cv_func_unsetenv" >&6; } -if test $ac_cv_func_unsetenv = yes; then +ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" +if test "x$ac_cv_func_unsetenv" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNSETENV 1 @@ -36921,88 +20225,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for verr" >&5 -echo $ECHO_N "checking for verr... $ECHO_C" >&6; } -if test "${ac_cv_func_verr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define verr to an innocuous variant, in case declares verr. - For example, HP-UX 11i declares gettimeofday. */ -#define verr innocuous_verr - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char verr (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef verr - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char verr (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_verr || defined __stub___verr -choke me -#endif - -int -main () -{ -return verr (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_verr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_verr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_verr" >&5 -echo "${ECHO_T}$ac_cv_func_verr" >&6; } -if test $ac_cv_func_verr = yes; then +ac_fn_c_check_func "$LINENO" "verr" "ac_cv_func_verr" +if test "x$ac_cv_func_verr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VERR 1 @@ -37016,88 +20240,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for verrx" >&5 -echo $ECHO_N "checking for verrx... $ECHO_C" >&6; } -if test "${ac_cv_func_verrx+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define verrx to an innocuous variant, in case declares verrx. - For example, HP-UX 11i declares gettimeofday. */ -#define verrx innocuous_verrx - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char verrx (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef verrx - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char verrx (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_verrx || defined __stub___verrx -choke me -#endif - -int -main () -{ -return verrx (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_verrx=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_verrx=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_verrx" >&5 -echo "${ECHO_T}$ac_cv_func_verrx" >&6; } -if test $ac_cv_func_verrx = yes; then +ac_fn_c_check_func "$LINENO" "verrx" "ac_cv_func_verrx" +if test "x$ac_cv_func_verrx" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VERRX 1 @@ -37111,88 +20255,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for vsyslog" >&5 -echo $ECHO_N "checking for vsyslog... $ECHO_C" >&6; } -if test "${ac_cv_func_vsyslog+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define vsyslog to an innocuous variant, in case declares vsyslog. - For example, HP-UX 11i declares gettimeofday. */ -#define vsyslog innocuous_vsyslog - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vsyslog (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef vsyslog - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char vsyslog (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_vsyslog || defined __stub___vsyslog -choke me -#endif - -int -main () -{ -return vsyslog (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_vsyslog=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_vsyslog=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vsyslog" >&5 -echo "${ECHO_T}$ac_cv_func_vsyslog" >&6; } -if test $ac_cv_func_vsyslog = yes; then +ac_fn_c_check_func "$LINENO" "vsyslog" "ac_cv_func_vsyslog" +if test "x$ac_cv_func_vsyslog" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VSYSLOG 1 @@ -37206,88 +20270,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for vwarn" >&5 -echo $ECHO_N "checking for vwarn... $ECHO_C" >&6; } -if test "${ac_cv_func_vwarn+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define vwarn to an innocuous variant, in case declares vwarn. - For example, HP-UX 11i declares gettimeofday. */ -#define vwarn innocuous_vwarn - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vwarn (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef vwarn - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char vwarn (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_vwarn || defined __stub___vwarn -choke me -#endif - -int -main () -{ -return vwarn (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_vwarn=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_vwarn=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vwarn" >&5 -echo "${ECHO_T}$ac_cv_func_vwarn" >&6; } -if test $ac_cv_func_vwarn = yes; then +ac_fn_c_check_func "$LINENO" "vwarn" "ac_cv_func_vwarn" +if test "x$ac_cv_func_vwarn" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VWARN 1 @@ -37301,88 +20285,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for vwarnx" >&5 -echo $ECHO_N "checking for vwarnx... $ECHO_C" >&6; } -if test "${ac_cv_func_vwarnx+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define vwarnx to an innocuous variant, in case declares vwarnx. - For example, HP-UX 11i declares gettimeofday. */ -#define vwarnx innocuous_vwarnx - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vwarnx (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef vwarnx - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char vwarnx (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_vwarnx || defined __stub___vwarnx -choke me -#endif - -int -main () -{ -return vwarnx (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_vwarnx=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_vwarnx=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vwarnx" >&5 -echo "${ECHO_T}$ac_cv_func_vwarnx" >&6; } -if test $ac_cv_func_vwarnx = yes; then +ac_fn_c_check_func "$LINENO" "vwarnx" "ac_cv_func_vwarnx" +if test "x$ac_cv_func_vwarnx" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VWARNX 1 @@ -37396,88 +20300,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for warn" >&5 -echo $ECHO_N "checking for warn... $ECHO_C" >&6; } -if test "${ac_cv_func_warn+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define warn to an innocuous variant, in case declares warn. - For example, HP-UX 11i declares gettimeofday. */ -#define warn innocuous_warn - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char warn (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef warn - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char warn (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_warn || defined __stub___warn -choke me -#endif - -int -main () -{ -return warn (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_warn=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_warn=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_warn" >&5 -echo "${ECHO_T}$ac_cv_func_warn" >&6; } -if test $ac_cv_func_warn = yes; then +ac_fn_c_check_func "$LINENO" "warn" "ac_cv_func_warn" +if test "x$ac_cv_func_warn" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_WARN 1 @@ -37491,88 +20315,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for warnx" >&5 -echo $ECHO_N "checking for warnx... $ECHO_C" >&6; } -if test "${ac_cv_func_warnx+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define warnx to an innocuous variant, in case declares warnx. - For example, HP-UX 11i declares gettimeofday. */ -#define warnx innocuous_warnx - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char warnx (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef warnx - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char warnx (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_warnx || defined __stub___warnx -choke me -#endif - -int -main () -{ -return warnx (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_warnx=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_warnx=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_warnx" >&5 -echo "${ECHO_T}$ac_cv_func_warnx" >&6; } -if test $ac_cv_func_warnx = yes; then +ac_fn_c_check_func "$LINENO" "warnx" "ac_cv_func_warnx" +if test "x$ac_cv_func_warnx" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_WARNX 1 @@ -37586,88 +20330,8 @@ else esac fi -{ echo "$as_me:$LINENO: checking for writev" >&5 -echo $ECHO_N "checking for writev... $ECHO_C" >&6; } -if test "${ac_cv_func_writev+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define writev to an innocuous variant, in case declares writev. - For example, HP-UX 11i declares gettimeofday. */ -#define writev innocuous_writev - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char writev (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef writev - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char writev (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_writev || defined __stub___writev -choke me -#endif - -int -main () -{ -return writev (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_writev=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_writev=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_writev" >&5 -echo "${ECHO_T}$ac_cv_func_writev" >&6; } -if test $ac_cv_func_writev = yes; then +ac_fn_c_check_func "$LINENO" "writev" "ac_cv_func_writev" +if test "x$ac_cv_func_writev" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_WRITEV 1 @@ -37694,16 +20358,12 @@ fi if test "$ac_cv_func_strndup+set" != set -o "$ac_cv_func_strndup" = yes; then -{ echo "$as_me:$LINENO: checking if strndup needs a prototype" >&5 -echo $ECHO_N "checking if strndup needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strndup_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strndup needs a prototype" >&5 +$as_echo_n "checking if strndup needs a prototype... " >&6; } +if test "${ac_cv_func_strndup_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -37716,55 +20376,29 @@ strndup(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strndup_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strndup_noproto=no" + eval "ac_cv_func_strndup_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strndup_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strndup_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strndup_noproto" >&5 +$as_echo "$ac_cv_func_strndup_noproto" >&6; } if test "$ac_cv_func_strndup_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRNDUP_PROTO 1 -_ACEOF +$as_echo "#define NEED_STRNDUP_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_strsep+set" != set -o "$ac_cv_func_strsep" = yes; then -{ echo "$as_me:$LINENO: checking if strsep needs a prototype" >&5 -echo $ECHO_N "checking if strsep needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strsep_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strsep needs a prototype" >&5 +$as_echo_n "checking if strsep needs a prototype... " >&6; } +if test "${ac_cv_func_strsep_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -37777,55 +20411,29 @@ strsep(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strsep_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strsep_noproto=no" + eval "ac_cv_func_strsep_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strsep_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strsep_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strsep_noproto" >&5 +$as_echo "$ac_cv_func_strsep_noproto" >&6; } if test "$ac_cv_func_strsep_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRSEP_PROTO 1 -_ACEOF +$as_echo "#define NEED_STRSEP_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_strtok_r+set" != set -o "$ac_cv_func_strtok_r" = yes; then -{ echo "$as_me:$LINENO: checking if strtok_r needs a prototype" >&5 -echo $ECHO_N "checking if strtok_r needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strtok_r_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strtok_r needs a prototype" >&5 +$as_echo_n "checking if strtok_r needs a prototype... " >&6; } +if test "${ac_cv_func_strtok_r_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -37838,40 +20446,18 @@ strtok_r(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strtok_r_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strtok_r_noproto=no" + eval "ac_cv_func_strtok_r_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strtok_r_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strtok_r_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strtok_r_noproto" >&5 +$as_echo "$ac_cv_func_strtok_r_noproto" >&6; } if test "$ac_cv_func_strtok_r_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRTOK_R_PROTO 1 -_ACEOF +$as_echo "#define NEED_STRTOK_R_PROTO 1" >>confdefs.h fi fi @@ -37879,16 +20465,12 @@ fi if test "$ac_cv_func_strsvis+set" != set -o "$ac_cv_func_strsvis" = yes; then -{ echo "$as_me:$LINENO: checking if strsvis needs a prototype" >&5 -echo $ECHO_N "checking if strsvis needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strsvis_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strsvis needs a prototype" >&5 +$as_echo_n "checking if strsvis needs a prototype... " >&6; } +if test "${ac_cv_func_strsvis_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -37903,55 +20485,66 @@ strsvis(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strsvis_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strsvis_noproto=no" + eval "ac_cv_func_strsvis_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strsvis_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strsvis_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strsvis_noproto" >&5 +$as_echo "$ac_cv_func_strsvis_noproto" >&6; } if test "$ac_cv_func_strsvis_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRSVIS_PROTO 1 +$as_echo "#define NEED_STRSVIS_PROTO 1" >>confdefs.h + +fi +fi + +if test "$ac_cv_func_strsvisx+set" != set -o "$ac_cv_func_strsvisx" = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strsvisx needs a prototype" >&5 +$as_echo_n "checking if strsvisx needs a prototype... " >&6; } +if test "${ac_cv_func_strsvisx_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef HAVE_VIS_H +#include +#endif +struct foo { int foo; } xx; +extern int strsvisx (struct foo*); +int +main () +{ +strsvisx(&xx) + ; + return 0; +} _ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "ac_cv_func_strsvisx_noproto=yes" +else + eval "ac_cv_func_strsvisx_noproto=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strsvisx_noproto" >&5 +$as_echo "$ac_cv_func_strsvisx_noproto" >&6; } +if test "$ac_cv_func_strsvisx_noproto" = yes; then + +$as_echo "#define NEED_STRSVISX_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_strunvis+set" != set -o "$ac_cv_func_strunvis" = yes; then -{ echo "$as_me:$LINENO: checking if strunvis needs a prototype" >&5 -echo $ECHO_N "checking if strunvis needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strunvis_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strunvis needs a prototype" >&5 +$as_echo_n "checking if strunvis needs a prototype... " >&6; } +if test "${ac_cv_func_strunvis_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -37966,55 +20559,29 @@ strunvis(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strunvis_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strunvis_noproto=no" + eval "ac_cv_func_strunvis_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strunvis_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strunvis_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strunvis_noproto" >&5 +$as_echo "$ac_cv_func_strunvis_noproto" >&6; } if test "$ac_cv_func_strunvis_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRUNVIS_PROTO 1 -_ACEOF +$as_echo "#define NEED_STRUNVIS_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_strvis+set" != set -o "$ac_cv_func_strvis" = yes; then -{ echo "$as_me:$LINENO: checking if strvis needs a prototype" >&5 -echo $ECHO_N "checking if strvis needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strvis_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strvis needs a prototype" >&5 +$as_echo_n "checking if strvis needs a prototype... " >&6; } +if test "${ac_cv_func_strvis_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -38029,55 +20596,29 @@ strvis(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strvis_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strvis_noproto=no" + eval "ac_cv_func_strvis_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strvis_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strvis_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strvis_noproto" >&5 +$as_echo "$ac_cv_func_strvis_noproto" >&6; } if test "$ac_cv_func_strvis_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRVIS_PROTO 1 -_ACEOF +$as_echo "#define NEED_STRVIS_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_strvisx+set" != set -o "$ac_cv_func_strvisx" = yes; then -{ echo "$as_me:$LINENO: checking if strvisx needs a prototype" >&5 -echo $ECHO_N "checking if strvisx needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_strvisx_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strvisx needs a prototype" >&5 +$as_echo_n "checking if strvisx needs a prototype... " >&6; } +if test "${ac_cv_func_strvisx_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -38092,55 +20633,29 @@ strvisx(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_strvisx_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_strvisx_noproto=no" + eval "ac_cv_func_strvisx_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strvisx_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_strvisx_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strvisx_noproto" >&5 +$as_echo "$ac_cv_func_strvisx_noproto" >&6; } if test "$ac_cv_func_strvisx_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_STRVISX_PROTO 1 -_ACEOF +$as_echo "#define NEED_STRVISX_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_svis+set" != set -o "$ac_cv_func_svis" = yes; then -{ echo "$as_me:$LINENO: checking if svis needs a prototype" >&5 -echo $ECHO_N "checking if svis needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_svis_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if svis needs a prototype" >&5 +$as_echo_n "checking if svis needs a prototype... " >&6; } +if test "${ac_cv_func_svis_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -38155,55 +20670,29 @@ svis(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_svis_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_svis_noproto=no" + eval "ac_cv_func_svis_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_svis_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_svis_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_svis_noproto" >&5 +$as_echo "$ac_cv_func_svis_noproto" >&6; } if test "$ac_cv_func_svis_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_SVIS_PROTO 1 -_ACEOF +$as_echo "#define NEED_SVIS_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_unvis+set" != set -o "$ac_cv_func_unvis" = yes; then -{ echo "$as_me:$LINENO: checking if unvis needs a prototype" >&5 -echo $ECHO_N "checking if unvis needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_unvis_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if unvis needs a prototype" >&5 +$as_echo_n "checking if unvis needs a prototype... " >&6; } +if test "${ac_cv_func_unvis_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -38218,55 +20707,29 @@ unvis(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_unvis_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_unvis_noproto=no" + eval "ac_cv_func_unvis_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_unvis_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_unvis_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_unvis_noproto" >&5 +$as_echo "$ac_cv_func_unvis_noproto" >&6; } if test "$ac_cv_func_unvis_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_UNVIS_PROTO 1 -_ACEOF +$as_echo "#define NEED_UNVIS_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_vis+set" != set -o "$ac_cv_func_vis" = yes; then -{ echo "$as_me:$LINENO: checking if vis needs a prototype" >&5 -echo $ECHO_N "checking if vis needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_vis_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if vis needs a prototype" >&5 +$as_echo_n "checking if vis needs a prototype... " >&6; } +if test "${ac_cv_func_vis_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_VIS_H #include @@ -38281,55 +20744,106 @@ vis(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_vis_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_vis_noproto=no" + eval "ac_cv_func_vis_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_vis_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_vis_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vis_noproto" >&5 +$as_echo "$ac_cv_func_vis_noproto" >&6; } if test "$ac_cv_func_vis_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_VIS_PROTO 1 +$as_echo "#define NEED_VIS_PROTO 1" >>confdefs.h + +fi +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking checking for dirfd" >&5 +$as_echo_n "checking checking for dirfd... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifdef HAVE_DIRENT_H +#include +#endif + +int +main () +{ +DIR *d = 0; dirfd(d); + ; + return 0; +} _ACEOF - -fi -fi - - -{ echo "$as_me:$LINENO: checking for inet_aton" >&5 -echo $ECHO_N "checking for inet_aton... $ECHO_C" >&6; } -if test "${ac_cv_func_inet_aton+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +if ac_fn_c_try_link "$LINENO"; then : + ac_rk_have_dirfd=yes else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ + ac_rk_have_dirfd=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test "$ac_rk_have_dirfd" = "yes" ; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_DIRFD 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_rk_have_dirfd" >&5 +$as_echo "$ac_rk_have_dirfd" >&6; } + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dd_fd in DIR" >&5 +$as_echo_n "checking for dd_fd in DIR... " >&6; } +if test "${ac_cv_type_dir_dd_fd+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifdef HAVE_DIRENT_H +#include +#endif +int +main () +{ +DIR x; memset(&x, 0, sizeof(x)); x.dd_fd + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_dir_dd_fd=yes +else + ac_cv_type_dir_dd_fd=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_dir_dd_fd" >&5 +$as_echo "$ac_cv_type_dir_dd_fd" >&6; } +if test "$ac_cv_type_dir_dd_fd" = yes; then + + +$as_echo "#define HAVE_DIR_DD_FD 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_aton" >&5 +$as_echo_n "checking for inet_aton... " >&6; } +if test "${ac_cv_func_inet_aton+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include @@ -38360,34 +20874,13 @@ inet_aton(0,0); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "ac_cv_func_inet_aton=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_inet_aton=no" + eval "ac_cv_func_inet_aton=no" fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi if eval "test \"\${ac_cv_func_inet_aton}\" = yes"; then @@ -38396,11 +20889,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_INET_ATON 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } case " $LIBOBJS " in *" inet_aton.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS inet_aton.$ac_objext" @@ -38409,16 +20902,12 @@ esac fi -{ echo "$as_me:$LINENO: checking for inet_ntop" >&5 -echo $ECHO_N "checking for inet_ntop... $ECHO_C" >&6; } -if test "${ac_cv_func_inet_ntop+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_ntop" >&5 +$as_echo_n "checking for inet_ntop... " >&6; } +if test "${ac_cv_func_inet_ntop+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include @@ -38449,34 +20938,13 @@ inet_ntop(0, 0, 0, 0); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "ac_cv_func_inet_ntop=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_inet_ntop=no" + eval "ac_cv_func_inet_ntop=no" fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi if eval "test \"\${ac_cv_func_inet_ntop}\" = yes"; then @@ -38485,11 +20953,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_INET_NTOP 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } case " $LIBOBJS " in *" inet_ntop.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext" @@ -38498,16 +20966,12 @@ esac fi -{ echo "$as_me:$LINENO: checking for inet_pton" >&5 -echo $ECHO_N "checking for inet_pton... $ECHO_C" >&6; } -if test "${ac_cv_func_inet_pton+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_pton" >&5 +$as_echo_n "checking for inet_pton... " >&6; } +if test "${ac_cv_func_inet_pton+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include @@ -38538,34 +21002,13 @@ inet_pton(0,0,0); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "ac_cv_func_inet_pton=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_inet_pton=no" + eval "ac_cv_func_inet_pton=no" fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi if eval "test \"\${ac_cv_func_inet_pton}\" = yes"; then @@ -38574,11 +21017,11 @@ cat >>confdefs.h <<_ACEOF #define HAVE_INET_PTON 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } case " $LIBOBJS " in *" inet_pton.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext" @@ -38589,17 +21032,13 @@ fi -{ echo "$as_me:$LINENO: checking for sa_len in struct sockaddr" >&5 -echo $ECHO_N "checking for sa_len in struct sockaddr... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_len in struct sockaddr" >&5 +$as_echo_n "checking for sa_len in struct sockaddr... " >&6; } +if test "${ac_cv_type_struct_sockaddr_sa_len+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -38611,42 +21050,20 @@ struct sockaddr x; memset(&x, 0, sizeof(x)); x.sa_len return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_sockaddr_sa_len=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_sockaddr_sa_len=no + ac_cv_type_struct_sockaddr_sa_len=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_sa_len" >&5 -echo "${ECHO_T}$ac_cv_type_struct_sockaddr_sa_len" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_sockaddr_sa_len" >&5 +$as_echo "$ac_cv_type_struct_sockaddr_sa_len" >&6; } if test "$ac_cv_type_struct_sockaddr_sa_len" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_SOCKADDR_SA_LEN 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_SOCKADDR_SA_LEN 1" >>confdefs.h fi @@ -38655,23 +21072,15 @@ fi if test "$ac_cv_func_getaddrinfo" = "yes"; then -{ echo "$as_me:$LINENO: checking if getaddrinfo handles numeric services" >&5 -echo $ECHO_N "checking if getaddrinfo handles numeric services... $ECHO_C" >&6; } -if test "${ac_cv_func_getaddrinfo_numserv+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo handles numeric services" >&5 +$as_echo_n "checking if getaddrinfo handles numeric services... " >&6; } +if test "${ac_cv_func_getaddrinfo_numserv+set}" = set; then : + $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot run test program while cross compiling -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } + if test "$cross_compiling" = yes; then : + ac_cv_func_getaddrinfo_numserv=yes else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -38694,42 +21103,18 @@ main(int argc, char **argv) } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_getaddrinfo_numserv=yes else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_getaddrinfo_numserv=no + ac_cv_func_getaddrinfo_numserv=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo_numserv" >&5 -echo "${ECHO_T}$ac_cv_func_getaddrinfo_numserv" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo_numserv" >&5 +$as_echo "$ac_cv_func_getaddrinfo_numserv" >&6; } if test "$ac_cv_func_getaddrinfo_numserv" = no; then case " $LIBOBJS " in *" getaddrinfo.$ac_objext "* ) ;; @@ -38748,16 +21133,12 @@ fi if test "$ac_cv_func_setenv+set" != set -o "$ac_cv_func_setenv" = yes; then -{ echo "$as_me:$LINENO: checking if setenv needs a prototype" >&5 -echo $ECHO_N "checking if setenv needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_setenv_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setenv needs a prototype" >&5 +$as_echo_n "checking if setenv needs a prototype... " >&6; } +if test "${ac_cv_func_setenv_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -38770,56 +21151,30 @@ setenv(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_setenv_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_setenv_noproto=no" + eval "ac_cv_func_setenv_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_setenv_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_setenv_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_setenv_noproto" >&5 +$as_echo "$ac_cv_func_setenv_noproto" >&6; } if test "$ac_cv_func_setenv_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_SETENV_PROTO 1 -_ACEOF +$as_echo "#define NEED_SETENV_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_unsetenv+set" != set -o "$ac_cv_func_unsetenv" = yes; then -{ echo "$as_me:$LINENO: checking if unsetenv needs a prototype" >&5 -echo $ECHO_N "checking if unsetenv needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_unsetenv_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if unsetenv needs a prototype" >&5 +$as_echo_n "checking if unsetenv needs a prototype... " >&6; } +if test "${ac_cv_func_unsetenv_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -38832,56 +21187,30 @@ unsetenv(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_unsetenv_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_unsetenv_noproto=no" + eval "ac_cv_func_unsetenv_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_unsetenv_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_unsetenv_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_unsetenv_noproto" >&5 +$as_echo "$ac_cv_func_unsetenv_noproto" >&6; } if test "$ac_cv_func_unsetenv_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_UNSETENV_PROTO 1 -_ACEOF +$as_echo "#define NEED_UNSETENV_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_gethostname+set" != set -o "$ac_cv_func_gethostname" = yes; then -{ echo "$as_me:$LINENO: checking if gethostname needs a prototype" >&5 -echo $ECHO_N "checking if gethostname needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_gethostname_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostname needs a prototype" >&5 +$as_echo_n "checking if gethostname needs a prototype... " >&6; } +if test "${ac_cv_func_gethostname_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -38894,56 +21223,30 @@ gethostname(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_gethostname_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_gethostname_noproto=no" + eval "ac_cv_func_gethostname_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostname_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_gethostname_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_gethostname_noproto" >&5 +$as_echo "$ac_cv_func_gethostname_noproto" >&6; } if test "$ac_cv_func_gethostname_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_GETHOSTNAME_PROTO 1 -_ACEOF +$as_echo "#define NEED_GETHOSTNAME_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_mkstemp+set" != set -o "$ac_cv_func_mkstemp" = yes; then -{ echo "$as_me:$LINENO: checking if mkstemp needs a prototype" >&5 -echo $ECHO_N "checking if mkstemp needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_mkstemp_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if mkstemp needs a prototype" >&5 +$as_echo_n "checking if mkstemp needs a prototype... " >&6; } +if test "${ac_cv_func_mkstemp_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -38956,56 +21259,30 @@ mkstemp(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_mkstemp_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_mkstemp_noproto=no" + eval "ac_cv_func_mkstemp_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_mkstemp_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_mkstemp_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_mkstemp_noproto" >&5 +$as_echo "$ac_cv_func_mkstemp_noproto" >&6; } if test "$ac_cv_func_mkstemp_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_MKSTEMP_PROTO 1 -_ACEOF +$as_echo "#define NEED_MKSTEMP_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_getusershell+set" != set -o "$ac_cv_func_getusershell" = yes; then -{ echo "$as_me:$LINENO: checking if getusershell needs a prototype" >&5 -echo $ECHO_N "checking if getusershell needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_getusershell_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getusershell needs a prototype" >&5 +$as_echo_n "checking if getusershell needs a prototype... " >&6; } +if test "${ac_cv_func_getusershell_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -39018,56 +21295,30 @@ getusershell(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_getusershell_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_getusershell_noproto=no" + eval "ac_cv_func_getusershell_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getusershell_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_getusershell_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getusershell_noproto" >&5 +$as_echo "$ac_cv_func_getusershell_noproto" >&6; } if test "$ac_cv_func_getusershell_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_GETUSERSHELL_PROTO 1 -_ACEOF +$as_echo "#define NEED_GETUSERSHELL_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_daemon+set" != set -o "$ac_cv_func_daemon" = yes; then -{ echo "$as_me:$LINENO: checking if daemon needs a prototype" >&5 -echo $ECHO_N "checking if daemon needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_daemon_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if daemon needs a prototype" >&5 +$as_echo_n "checking if daemon needs a prototype... " >&6; } +if test "${ac_cv_func_daemon_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -39080,56 +21331,30 @@ daemon(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_daemon_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_daemon_noproto=no" + eval "ac_cv_func_daemon_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_daemon_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_daemon_noproto" >&5 +$as_echo "$ac_cv_func_daemon_noproto" >&6; } if test "$ac_cv_func_daemon_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_DAEMON_PROTO 1 -_ACEOF +$as_echo "#define NEED_DAEMON_PROTO 1" >>confdefs.h fi fi if test "$ac_cv_func_iruserok+set" != set -o "$ac_cv_func_iruserok" = yes; then -{ echo "$as_me:$LINENO: checking if iruserok needs a prototype" >&5 -echo $ECHO_N "checking if iruserok needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_iruserok_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if iruserok needs a prototype" >&5 +$as_echo_n "checking if iruserok needs a prototype... " >&6; } +if test "${ac_cv_func_iruserok_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -39160,40 +21385,18 @@ iruserok(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_iruserok_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_iruserok_noproto=no" + eval "ac_cv_func_iruserok_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_iruserok_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_iruserok_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_iruserok_noproto" >&5 +$as_echo "$ac_cv_func_iruserok_noproto" >&6; } if test "$ac_cv_func_iruserok_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_IRUSEROK_PROTO 1 -_ACEOF +$as_echo "#define NEED_IRUSEROK_PROTO 1" >>confdefs.h fi fi @@ -39201,16 +21404,12 @@ fi if test "$ac_cv_func_inet_aton+set" != set -o "$ac_cv_func_inet_aton" = yes; then -{ echo "$as_me:$LINENO: checking if inet_aton needs a prototype" >&5 -echo $ECHO_N "checking if inet_aton needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_inet_aton_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if inet_aton needs a prototype" >&5 +$as_echo_n "checking if inet_aton needs a prototype... " >&6; } +if test "${ac_cv_func_inet_aton_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -39235,40 +21434,18 @@ inet_aton(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_inet_aton_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_inet_aton_noproto=no" + eval "ac_cv_func_inet_aton_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_inet_aton_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_inet_aton_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_inet_aton_noproto" >&5 +$as_echo "$ac_cv_func_inet_aton_noproto" >&6; } if test "$ac_cv_func_inet_aton_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_INET_ATON_PROTO 1 -_ACEOF +$as_echo "#define NEED_INET_ATON_PROTO 1" >>confdefs.h fi fi @@ -39277,10 +21454,10 @@ fi -{ echo "$as_me:$LINENO: checking for crypt" >&5 -echo $ECHO_N "checking for crypt... $ECHO_C" >&6; } -if test "${ac_cv_funclib_crypt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt" >&5 +$as_echo_n "checking for crypt... " >&6; } +if test "${ac_cv_funclib_crypt+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_crypt\" != yes" ; then @@ -39294,11 +21471,7 @@ if eval "test \"\$ac_cv_func_crypt\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -39309,34 +21482,11 @@ crypt() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_crypt=$ac_lib; else ac_cv_funclib_crypt=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_crypt=\${ac_cv_funclib_crypt-no}" LIBS="$ac_save_LIBS" @@ -39348,95 +21498,12 @@ fi eval "ac_res=\$ac_cv_funclib_crypt" if false; then - -for ac_func in crypt -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in crypt +do : + ac_fn_c_check_func "$LINENO" "crypt" "ac_cv_func_crypt" +if test "x$ac_cv_func_crypt" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_CRYPT 1 _ACEOF fi @@ -39456,14 +21523,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_crypt=no" eval "LIB_crypt=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_crypt=yes" @@ -39476,8 +21543,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -39486,16 +21553,61 @@ esac -{ echo "$as_me:$LINENO: checking if gethostbyname is compatible with system prototype" >&5 -echo $ECHO_N "checking if gethostbyname is compatible with system prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strerror_r is compatible with system prototype" >&5 +$as_echo_n "checking if strerror_r is compatible with system prototype... " >&6; } +if test "${ac_cv_func_strerror_r_proto_compat+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +int strerror_r(int, char *, size_t) + ; + return 0; +} _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "ac_cv_func_strerror_r_proto_compat=yes" +else + eval "ac_cv_func_strerror_r_proto_compat=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_proto_compat" >&5 +$as_echo "$ac_cv_func_strerror_r_proto_compat" >&6; } + +if test "$ac_cv_func_strerror_r_proto_compat" = yes; then + +$as_echo "#define STRERROR_R_PROTO_COMPATIBLE 1" >>confdefs.h + +fi + + + +ac_fn_c_check_func "$LINENO" "strerror_r" "ac_cv_func_strerror_r" +if test "x$ac_cv_func_strerror_r" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRERROR_R 1 +_ACEOF + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyname is compatible with system prototype" >&5 +$as_echo_n "checking if gethostbyname is compatible with system prototype... " >&6; } +if test "${ac_cv_func_gethostbyname_proto_compat+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -39522,57 +21634,31 @@ struct hostent *gethostbyname(const char *) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_gethostbyname_proto_compat=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_gethostbyname_proto_compat=no" + eval "ac_cv_func_gethostbyname_proto_compat=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname_proto_compat" >&5 -echo "${ECHO_T}$ac_cv_func_gethostbyname_proto_compat" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_gethostbyname_proto_compat" >&5 +$as_echo "$ac_cv_func_gethostbyname_proto_compat" >&6; } if test "$ac_cv_func_gethostbyname_proto_compat" = yes; then -cat >>confdefs.h <<\_ACEOF -#define GETHOSTBYNAME_PROTO_COMPATIBLE 1 -_ACEOF +$as_echo "#define GETHOSTBYNAME_PROTO_COMPATIBLE 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking if gethostbyaddr is compatible with system prototype" >&5 -echo $ECHO_N "checking if gethostbyaddr is compatible with system prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyaddr is compatible with system prototype" >&5 +$as_echo_n "checking if gethostbyaddr is compatible with system prototype... " >&6; } +if test "${ac_cv_func_gethostbyaddr_proto_compat+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -39599,57 +21685,31 @@ struct hostent *gethostbyaddr(const void *, size_t, int) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_gethostbyaddr_proto_compat=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_gethostbyaddr_proto_compat=no" + eval "ac_cv_func_gethostbyaddr_proto_compat=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5 -echo "${ECHO_T}$ac_cv_func_gethostbyaddr_proto_compat" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_gethostbyaddr_proto_compat" >&5 +$as_echo "$ac_cv_func_gethostbyaddr_proto_compat" >&6; } if test "$ac_cv_func_gethostbyaddr_proto_compat" = yes; then -cat >>confdefs.h <<\_ACEOF -#define GETHOSTBYADDR_PROTO_COMPATIBLE 1 -_ACEOF +$as_echo "#define GETHOSTBYADDR_PROTO_COMPATIBLE 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking if getservbyname is compatible with system prototype" >&5 -echo $ECHO_N "checking if getservbyname is compatible with system prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getservbyname is compatible with system prototype" >&5 +$as_echo_n "checking if getservbyname is compatible with system prototype... " >&6; } +if test "${ac_cv_func_getservbyname_proto_compat+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -39676,57 +21736,31 @@ struct servent *getservbyname(const char *, const char *) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_getservbyname_proto_compat=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_getservbyname_proto_compat=no" + eval "ac_cv_func_getservbyname_proto_compat=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getservbyname_proto_compat" >&5 -echo "${ECHO_T}$ac_cv_func_getservbyname_proto_compat" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getservbyname_proto_compat" >&5 +$as_echo "$ac_cv_func_getservbyname_proto_compat" >&6; } if test "$ac_cv_func_getservbyname_proto_compat" = yes; then -cat >>confdefs.h <<\_ACEOF -#define GETSERVBYNAME_PROTO_COMPATIBLE 1 -_ACEOF +$as_echo "#define GETSERVBYNAME_PROTO_COMPATIBLE 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking if getsockname is compatible with system prototype" >&5 -echo $ECHO_N "checking if getsockname is compatible with system prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getsockname is compatible with system prototype" >&5 +$as_echo_n "checking if getsockname is compatible with system prototype... " >&6; } +if test "${ac_cv_func_getsockname_proto_compat+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H @@ -39744,57 +21778,31 @@ int getsockname(int, struct sockaddr*, socklen_t*) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_getsockname_proto_compat=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_getsockname_proto_compat=no" + eval "ac_cv_func_getsockname_proto_compat=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getsockname_proto_compat" >&5 -echo "${ECHO_T}$ac_cv_func_getsockname_proto_compat" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getsockname_proto_compat" >&5 +$as_echo "$ac_cv_func_getsockname_proto_compat" >&6; } if test "$ac_cv_func_getsockname_proto_compat" = yes; then -cat >>confdefs.h <<\_ACEOF -#define GETSOCKNAME_PROTO_COMPATIBLE 1 -_ACEOF +$as_echo "#define GETSOCKNAME_PROTO_COMPATIBLE 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking if openlog is compatible with system prototype" >&5 -echo $ECHO_N "checking if openlog is compatible with system prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_openlog_proto_compat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if openlog is compatible with system prototype" >&5 +$as_echo_n "checking if openlog is compatible with system prototype... " >&6; } +if test "${ac_cv_func_openlog_proto_compat+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYSLOG_H @@ -39809,41 +21817,19 @@ void openlog(const char *, int, int) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_openlog_proto_compat=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_openlog_proto_compat=no" + eval "ac_cv_func_openlog_proto_compat=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_openlog_proto_compat" >&5 -echo "${ECHO_T}$ac_cv_func_openlog_proto_compat" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_openlog_proto_compat" >&5 +$as_echo "$ac_cv_func_openlog_proto_compat" >&6; } if test "$ac_cv_func_openlog_proto_compat" = yes; then -cat >>confdefs.h <<\_ACEOF -#define OPENLOG_PROTO_COMPATIBLE 1 -_ACEOF +$as_echo "#define OPENLOG_PROTO_COMPATIBLE 1" >>confdefs.h fi @@ -39851,16 +21837,12 @@ fi if test "$ac_cv_func_crypt+set" != set -o "$ac_cv_func_crypt" = yes; then -{ echo "$as_me:$LINENO: checking if crypt needs a prototype" >&5 -echo $ECHO_N "checking if crypt needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_crypt_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if crypt needs a prototype" >&5 +$as_echo_n "checking if crypt needs a prototype... " >&6; } +if test "${ac_cv_func_crypt_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_CRYPT_H @@ -39880,40 +21862,18 @@ crypt(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_crypt_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_crypt_noproto=no" + eval "ac_cv_func_crypt_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_crypt_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_crypt_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_crypt_noproto" >&5 +$as_echo "$ac_cv_func_crypt_noproto" >&6; } if test "$ac_cv_func_crypt_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_CRYPT_PROTO 1 -_ACEOF +$as_echo "#define NEED_CRYPT_PROTO 1" >>confdefs.h fi fi @@ -39921,18 +21881,14 @@ fi -{ echo "$as_me:$LINENO: checking for h_errno" >&5 -echo $ECHO_N "checking for h_errno... $ECHO_C" >&6; } -if test "${ac_cv_var_h_errno+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for h_errno" >&5 +$as_echo_n "checking for h_errno... " >&6; } +if test "${ac_cv_var_h_errno+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_TYPES_H #include @@ -39940,6 +21896,10 @@ cat >>conftest.$ac_ext <<_ACEOF #ifdef HAVE_NETDB_H #include #endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + void * foo(void) { return &h_errno; } int main () @@ -39949,41 +21909,26 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_h_errno=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_h_errno=no + ac_cv_var_h_errno=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var_h_errno" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + extern int h_errno; int foo(void) { return h_errno; } int @@ -39994,140 +21939,65 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_h_errno=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_h_errno=no + ac_cv_var_h_errno=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi fi ac_foo=`eval echo \\$ac_cv_var_h_errno` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_H_ERRNO 1 _ACEOF - { echo "$as_me:$LINENO: checking whether h_errno is declared" >&5 -echo $ECHO_N "checking whether h_errno is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_h_errno+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef HAVE_SYS_TYPES_H + ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_NETDB_H #include #endif - -int -main () -{ -#ifndef h_errno - (void) h_errno; +#ifdef HAVE_WS2TCPIP_H +#include #endif - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_h_errno=yes +" +if test "x$ac_cv_have_decl_h_errno" = x""yes; then : + ac_have_decl=1 else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_h_errno=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errno" >&5 -echo "${ECHO_T}$ac_cv_have_decl_h_errno" >&6; } -if test $ac_cv_have_decl_h_errno = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRNO 1 +#define HAVE_DECL_H_ERRNO $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRNO 0 -_ACEOF - - -fi - - fi -{ echo "$as_me:$LINENO: checking for h_errlist" >&5 -echo $ECHO_N "checking for h_errlist... $ECHO_C" >&6; } -if test "${ac_cv_var_h_errlist+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for h_errlist" >&5 +$as_echo_n "checking for h_errlist... " >&6; } +if test "${ac_cv_var_h_errlist+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include #endif void * foo(void) { return &h_errlist; } int @@ -40138,41 +22008,22 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_h_errlist=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_h_errlist=no + ac_cv_var_h_errlist=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var_h_errlist" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif extern int h_errlist; int foo(void) { return h_errlist; } int @@ -40183,137 +22034,61 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_h_errlist=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_h_errlist=no + ac_cv_var_h_errlist=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi fi ac_foo=`eval echo \\$ac_cv_var_h_errlist` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_H_ERRLIST 1 _ACEOF - { echo "$as_me:$LINENO: checking whether h_errlist is declared" >&5 -echo $ECHO_N "checking whether h_errlist is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_h_errlist+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef HAVE_NETDB_H + ac_fn_c_check_decl "$LINENO" "h_errlist" "ac_cv_have_decl_h_errlist" "#ifdef HAVE_NETDB_H #include #endif - -int -main () -{ -#ifndef h_errlist - (void) h_errlist; +#ifdef HAVE_WS2TCPIP_H +#include #endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_h_errlist=yes +" +if test "x$ac_cv_have_decl_h_errlist" = x""yes; then : + ac_have_decl=1 else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_h_errlist=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errlist" >&5 -echo "${ECHO_T}$ac_cv_have_decl_h_errlist" >&6; } -if test $ac_cv_have_decl_h_errlist = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRLIST 1 +#define HAVE_DECL_H_ERRLIST $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRLIST 0 -_ACEOF - - -fi - - fi -{ echo "$as_me:$LINENO: checking for h_nerr" >&5 -echo $ECHO_N "checking for h_nerr... $ECHO_C" >&6; } -if test "${ac_cv_var_h_nerr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for h_nerr" >&5 +$as_echo_n "checking for h_nerr... " >&6; } +if test "${ac_cv_var_h_nerr+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_NETDB_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include #endif void * foo(void) { return &h_nerr; } int @@ -40324,41 +22099,22 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_h_nerr=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_h_nerr=no + ac_cv_var_h_nerr=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var_h_nerr" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif extern int h_nerr; int foo(void) { return h_nerr; } int @@ -40369,134 +22125,55 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_h_nerr=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_h_nerr=no + ac_cv_var_h_nerr=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi fi ac_foo=`eval echo \\$ac_cv_var_h_nerr` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_H_NERR 1 _ACEOF - { echo "$as_me:$LINENO: checking whether h_nerr is declared" >&5 -echo $ECHO_N "checking whether h_nerr is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_h_nerr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef HAVE_NETDB_H + ac_fn_c_check_decl "$LINENO" "h_nerr" "ac_cv_have_decl_h_nerr" "#ifdef HAVE_NETDB_H #include #endif - -int -main () -{ -#ifndef h_nerr - (void) h_nerr; +#ifdef HAVE_WS2TCPIP_H +#include #endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_h_nerr=yes +" +if test "x$ac_cv_have_decl_h_nerr" = x""yes; then : + ac_have_decl=1 else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_h_nerr=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_nerr" >&5 -echo "${ECHO_T}$ac_cv_have_decl_h_nerr" >&6; } -if test $ac_cv_have_decl_h_nerr = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_NERR 1 +#define HAVE_DECL_H_NERR $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_NERR 0 -_ACEOF - - -fi - - fi -{ echo "$as_me:$LINENO: checking for __progname" >&5 -echo $ECHO_N "checking for __progname... $ECHO_C" >&6; } -if test "${ac_cv_var___progname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5 +$as_echo_n "checking for __progname... " >&6; } +if test "${ac_cv_var___progname+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_ERR_H #include @@ -40510,41 +22187,19 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var___progname=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var___progname=no + ac_cv_var___progname=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var___progname" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef HAVE_ERR_H +#include +#endif extern int __progname; int foo(void) { return __progname; } int @@ -40555,488 +22210,130 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var___progname=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var___progname=no + ac_cv_var___progname=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi fi ac_foo=`eval echo \\$ac_cv_var___progname` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then cat >>confdefs.h <<_ACEOF #define HAVE___PROGNAME 1 _ACEOF - { echo "$as_me:$LINENO: checking whether __progname is declared" >&5 -echo $ECHO_N "checking whether __progname is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl___progname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef HAVE_ERR_H + ac_fn_c_check_decl "$LINENO" "__progname" "ac_cv_have_decl___progname" "#ifdef HAVE_ERR_H #include #endif - -int -main () -{ -#ifndef __progname - (void) __progname; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl___progname=yes +" +if test "x$ac_cv_have_decl___progname" = x""yes; then : + ac_have_decl=1 else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl___progname=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl___progname" >&5 -echo "${ECHO_T}$ac_cv_have_decl___progname" >&6; } -if test $ac_cv_have_decl___progname = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL___PROGNAME 1 +#define HAVE_DECL___PROGNAME $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL___PROGNAME 0 -_ACEOF - - fi -fi - - -{ echo "$as_me:$LINENO: checking whether optarg is declared" >&5 -echo $ECHO_N "checking whether optarg is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_optarg+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef optarg - (void) optarg; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_optarg=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_optarg=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optarg" >&5 -echo "${ECHO_T}$ac_cv_have_decl_optarg" >&6; } -if test $ac_cv_have_decl_optarg = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTARG 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTARG 0 -_ACEOF - - +ac_fn_c_check_decl "$LINENO" "optarg" "ac_cv_have_decl_optarg" " #include #ifdef HAVE_UNISTD_H #include #endif -fi -{ echo "$as_me:$LINENO: checking whether optind is declared" >&5 -echo $ECHO_N "checking whether optind is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_optind+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +" +if test "x$ac_cv_have_decl_optarg" = x""yes; then : + ac_have_decl=1 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef optind - (void) optind; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_optind=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_optind=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optind" >&5 -echo "${ECHO_T}$ac_cv_have_decl_optind" >&6; } -if test $ac_cv_have_decl_optind = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTIND 1 +#define HAVE_DECL_OPTARG $ac_have_decl _ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTIND 0 -_ACEOF - - +ac_fn_c_check_decl "$LINENO" "optind" "ac_cv_have_decl_optind" " #include #ifdef HAVE_UNISTD_H #include #endif -fi -{ echo "$as_me:$LINENO: checking whether opterr is declared" >&5 -echo $ECHO_N "checking whether opterr is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_opterr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +" +if test "x$ac_cv_have_decl_optind" = x""yes; then : + ac_have_decl=1 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef opterr - (void) opterr; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_opterr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_opterr=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_opterr" >&5 -echo "${ECHO_T}$ac_cv_have_decl_opterr" >&6; } -if test $ac_cv_have_decl_opterr = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTERR 1 +#define HAVE_DECL_OPTIND $ac_have_decl _ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTERR 0 -_ACEOF - - +ac_fn_c_check_decl "$LINENO" "opterr" "ac_cv_have_decl_opterr" " #include #ifdef HAVE_UNISTD_H #include #endif -fi -{ echo "$as_me:$LINENO: checking whether optopt is declared" >&5 -echo $ECHO_N "checking whether optopt is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_optopt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +" +if test "x$ac_cv_have_decl_opterr" = x""yes; then : + ac_have_decl=1 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef optopt - (void) optopt; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_optopt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_optopt=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_optopt" >&5 -echo "${ECHO_T}$ac_cv_have_decl_optopt" >&6; } -if test $ac_cv_have_decl_optopt = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTOPT 1 +#define HAVE_DECL_OPTERR $ac_have_decl _ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OPTOPT 0 -_ACEOF - - +ac_fn_c_check_decl "$LINENO" "optopt" "ac_cv_have_decl_optopt" " #include #ifdef HAVE_UNISTD_H #include #endif -fi -{ echo "$as_me:$LINENO: checking whether environ is declared" >&5 -echo $ECHO_N "checking whether environ is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_environ+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +" +if test "x$ac_cv_have_decl_optopt" = x""yes; then : + ac_have_decl=1 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef environ - (void) environ; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_environ=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_environ=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_environ" >&5 -echo "${ECHO_T}$ac_cv_have_decl_environ" >&6; } -if test $ac_cv_have_decl_environ = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ENVIRON 1 +#define HAVE_DECL_OPTOPT $ac_have_decl _ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ENVIRON 0 -_ACEOF - - +ac_fn_c_check_decl "$LINENO" "environ" "ac_cv_have_decl_environ" " #include #ifdef HAVE_UNISTD_H #include #endif +" +if test "x$ac_cv_have_decl_environ" = x""yes; then : + ac_have_decl=1 +else + ac_have_decl=0 fi +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_ENVIRON $ac_have_decl +_ACEOF -{ echo "$as_me:$LINENO: checking for tm_gmtoff in struct tm" >&5 -echo $ECHO_N "checking for tm_gmtoff in struct tm... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tm_gmtoff in struct tm" >&5 +$as_echo_n "checking for tm_gmtoff in struct tm... " >&6; } +if test "${ac_cv_type_struct_tm_tm_gmtoff+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -41047,42 +22344,20 @@ struct tm x; memset(&x, 0, sizeof(x)); x.tm_gmtoff return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_tm_tm_gmtoff=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_tm_tm_gmtoff=no + ac_cv_type_struct_tm_tm_gmtoff=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5 -echo "${ECHO_T}$ac_cv_type_struct_tm_tm_gmtoff" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_tm_tm_gmtoff" >&5 +$as_echo "$ac_cv_type_struct_tm_tm_gmtoff" >&6; } if test "$ac_cv_type_struct_tm_tm_gmtoff" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_TM_TM_GMTOFF 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_TM_TM_GMTOFF 1" >>confdefs.h fi @@ -41090,17 +22365,13 @@ fi -{ echo "$as_me:$LINENO: checking for tm_zone in struct tm" >&5 -echo $ECHO_N "checking for tm_zone in struct tm... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tm_zone in struct tm" >&5 +$as_echo_n "checking for tm_zone in struct tm... " >&6; } +if test "${ac_cv_type_struct_tm_tm_zone+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -41111,42 +22382,20 @@ struct tm x; memset(&x, 0, sizeof(x)); x.tm_zone return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_tm_tm_zone=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_tm_tm_zone=no + ac_cv_type_struct_tm_tm_zone=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_tm_tm_zone" >&5 -echo "${ECHO_T}$ac_cv_type_struct_tm_tm_zone" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_tm_tm_zone" >&5 +$as_echo "$ac_cv_type_struct_tm_tm_zone" >&6; } if test "$ac_cv_type_struct_tm_tm_zone" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_TM_TM_ZONE 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_TM_TM_ZONE 1" >>confdefs.h fi @@ -41155,18 +22404,14 @@ fi -{ echo "$as_me:$LINENO: checking for timezone" >&5 -echo $ECHO_N "checking for timezone... $ECHO_C" >&6; } -if test "${ac_cv_var_timezone+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for timezone" >&5 +$as_echo_n "checking for timezone... " >&6; } +if test "${ac_cv_var_timezone+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include void * foo(void) { return &timezone; } @@ -41178,41 +22423,17 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_timezone=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_timezone=no + ac_cv_var_timezone=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var_timezone" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#include extern int timezone; int foo(void) { return timezone; } int @@ -41223,131 +22444,49 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_timezone=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_timezone=no + ac_cv_var_timezone=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi fi ac_foo=`eval echo \\$ac_cv_var_timezone` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_TIMEZONE 1 _ACEOF - { echo "$as_me:$LINENO: checking whether timezone is declared" >&5 -echo $ECHO_N "checking whether timezone is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_timezone+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + ac_fn_c_check_decl "$LINENO" "timezone" "ac_cv_have_decl_timezone" "#include +" +if test "x$ac_cv_have_decl_timezone" = x""yes; then : + ac_have_decl=1 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef timezone - (void) timezone; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_timezone=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_timezone=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_timezone" >&5 -echo "${ECHO_T}$ac_cv_have_decl_timezone" >&6; } -if test $ac_cv_have_decl_timezone = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_TIMEZONE 1 +#define HAVE_DECL_TIMEZONE $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_TIMEZONE 0 -_ACEOF - - fi -fi - - -{ echo "$as_me:$LINENO: checking for altzone" >&5 -echo $ECHO_N "checking for altzone... $ECHO_C" >&6; } -if test "${ac_cv_var_altzone+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for altzone" >&5 +$as_echo_n "checking for altzone... " >&6; } +if test "${ac_cv_var_altzone+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include void * foo(void) { return &altzone; } @@ -41359,41 +22498,17 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_altzone=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_altzone=no + ac_cv_var_altzone=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test "$ac_cv_var_altzone" != yes ; then -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#include extern int altzone; int foo(void) { return altzone; } int @@ -41404,132 +22519,50 @@ foo() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_var_altzone=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_var_altzone=no + ac_cv_var_altzone=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi fi ac_foo=`eval echo \\$ac_cv_var_altzone` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then cat >>confdefs.h <<_ACEOF #define HAVE_ALTZONE 1 _ACEOF - { echo "$as_me:$LINENO: checking whether altzone is declared" >&5 -echo $ECHO_N "checking whether altzone is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_altzone+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + ac_fn_c_check_decl "$LINENO" "altzone" "ac_cv_have_decl_altzone" "#include +" +if test "x$ac_cv_have_decl_altzone" = x""yes; then : + ac_have_decl=1 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef altzone - (void) altzone; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_altzone=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_altzone=no + ac_have_decl=0 fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_altzone" >&5 -echo "${ECHO_T}$ac_cv_have_decl_altzone" >&6; } -if test $ac_cv_have_decl_altzone = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ALTZONE 1 +#define HAVE_DECL_ALTZONE $ac_have_decl _ACEOF - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_ALTZONE 0 -_ACEOF - - -fi - - fi cv=`echo "sa_family_t" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for sa_family_t" >&5 -echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5 +$as_echo_n "checking for sa_family_t... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -41539,7 +22572,12 @@ cat >>conftest.$ac_ext <<_ACEOF #endif #include +#ifdef HAVE_SYS_SOCKET_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -41548,93 +22586,21 @@ sa_family_t foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo sa_family_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for sa_family_t" >&5 -echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; } -if test "${ac_cv_type_sa_family_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef sa_family_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_sa_family_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_sa_family_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_sa_family_t" >&5 -echo "${ECHO_T}$ac_cv_type_sa_family_t" >&6; } -if test $ac_cv_type_sa_family_t = yes; then + ac_fn_c_check_type "$LINENO" "sa_family_t" "ac_cv_type_sa_family_t" "$ac_includes_default" +if test "x$ac_cv_type_sa_family_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SA_FAMILY_T 1 @@ -41654,16 +22620,12 @@ fi cv=`echo "socklen_t" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for socklen_t" >&5 -echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 +$as_echo_n "checking for socklen_t... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -41673,7 +22635,12 @@ cat >>conftest.$ac_ext <<_ACEOF #endif #include +#ifdef HAVE_SYS_SOCKET_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -41682,93 +22649,21 @@ socklen_t foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo socklen_t | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for socklen_t" >&5 -echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; } -if test "${ac_cv_type_socklen_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef socklen_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_socklen_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_socklen_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5 -echo "${ECHO_T}$ac_cv_type_socklen_t" >&6; } -if test $ac_cv_type_socklen_t = yes; then + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "$ac_includes_default" +if test "x$ac_cv_type_socklen_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SOCKLEN_T 1 @@ -41788,16 +22683,12 @@ fi cv=`echo "struct sockaddr" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for struct sockaddr" >&5 -echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr" >&5 +$as_echo_n "checking for struct sockaddr... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -41807,7 +22698,12 @@ cat >>conftest.$ac_ext <<_ACEOF #endif #include +#ifdef HAVE_SYS_SOCKET_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -41816,93 +22712,21 @@ struct sockaddr foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo struct sockaddr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for struct sockaddr" >&5 -echo $ECHO_N "checking for struct sockaddr... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_sockaddr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct sockaddr ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_sockaddr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_sockaddr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr" >&5 -echo "${ECHO_T}$ac_cv_type_struct_sockaddr" >&6; } -if test $ac_cv_type_struct_sockaddr = yes; then + ac_fn_c_check_type "$LINENO" "struct sockaddr" "ac_cv_type_struct_sockaddr" "$ac_includes_default" +if test "x$ac_cv_type_struct_sockaddr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_SOCKADDR 1 @@ -41922,16 +22746,12 @@ fi cv=`echo "struct sockaddr_storage" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5 -echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 +$as_echo_n "checking for struct sockaddr_storage... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -41941,7 +22761,12 @@ cat >>conftest.$ac_ext <<_ACEOF #endif #include +#ifdef HAVE_SYS_SOCKET_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -41950,93 +22775,21 @@ struct sockaddr_storage foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo struct sockaddr_storage | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5 -echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_sockaddr_storage+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct sockaddr_storage ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_sockaddr_storage=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_sockaddr_storage=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_sockaddr_storage" >&5 -echo "${ECHO_T}$ac_cv_type_struct_sockaddr_storage" >&6; } -if test $ac_cv_type_struct_sockaddr_storage = yes; then + ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" "$ac_includes_default" +if test "x$ac_cv_type_struct_sockaddr_storage" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_SOCKADDR_STORAGE 1 @@ -42056,16 +22809,12 @@ fi cv=`echo "struct addrinfo" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5 -echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5 +$as_echo_n "checking for struct addrinfo... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -42075,7 +22824,12 @@ cat >>conftest.$ac_ext <<_ACEOF #endif #include +#ifdef HAVE_NETDB_H #include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -42084,93 +22838,21 @@ struct addrinfo foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo struct addrinfo | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for struct addrinfo" >&5 -echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_addrinfo+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct addrinfo ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_addrinfo=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_addrinfo=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_addrinfo" >&5 -echo "${ECHO_T}$ac_cv_type_struct_addrinfo" >&6; } -if test $ac_cv_type_struct_addrinfo = yes; then + ac_fn_c_check_type "$LINENO" "struct addrinfo" "ac_cv_type_struct_addrinfo" "$ac_includes_default" +if test "x$ac_cv_type_struct_addrinfo" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_ADDRINFO 1 @@ -42190,16 +22872,12 @@ fi cv=`echo "struct ifaddrs" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for struct ifaddrs" >&5 -echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct ifaddrs" >&5 +$as_echo_n "checking for struct ifaddrs... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -42216,93 +22894,21 @@ struct ifaddrs foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo struct ifaddrs | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for struct ifaddrs" >&5 -echo $ECHO_N "checking for struct ifaddrs... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_ifaddrs+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct ifaddrs ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_ifaddrs=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_ifaddrs=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_ifaddrs" >&5 -echo "${ECHO_T}$ac_cv_type_struct_ifaddrs" >&6; } -if test $ac_cv_type_struct_ifaddrs = yes; then + ac_fn_c_check_type "$LINENO" "struct ifaddrs" "ac_cv_type_struct_ifaddrs" "$ac_includes_default" +if test "x$ac_cv_type_struct_ifaddrs" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_IFADDRS 1 @@ -42322,16 +22928,12 @@ fi cv=`echo "struct iovec" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for struct iovec" >&5 -echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct iovec" >&5 +$as_echo_n "checking for struct iovec... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -42351,93 +22953,21 @@ struct iovec foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo struct iovec | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for struct iovec" >&5 -echo $ECHO_N "checking for struct iovec... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_iovec+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct iovec ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_iovec=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_iovec=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_iovec" >&5 -echo "${ECHO_T}$ac_cv_type_struct_iovec" >&6; } -if test $ac_cv_type_struct_iovec = yes; then + ac_fn_c_check_type "$LINENO" "struct iovec" "ac_cv_type_struct_iovec" "$ac_includes_default" +if test "x$ac_cv_type_struct_iovec" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_IOVEC 1 @@ -42457,16 +22987,12 @@ fi cv=`echo "struct msghdr" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for struct msghdr" >&5 -echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct msghdr" >&5 +$as_echo_n "checking for struct msghdr... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -42476,8 +23002,12 @@ cat >>conftest.$ac_ext <<_ACEOF #endif #include +#ifdef HAVE_SYS_SOCKET_H #include - +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif int main () { @@ -42486,93 +23016,21 @@ struct msghdr foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo struct msghdr | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for struct msghdr" >&5 -echo $ECHO_N "checking for struct msghdr... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_msghdr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct msghdr ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_msghdr=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_msghdr=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_msghdr" >&5 -echo "${ECHO_T}$ac_cv_type_struct_msghdr" >&6; } -if test $ac_cv_type_struct_msghdr = yes; then + ac_fn_c_check_type "$LINENO" "struct msghdr" "ac_cv_type_struct_msghdr" "$ac_includes_default" +if test "x$ac_cv_type_struct_msghdr" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_MSGHDR 1 @@ -42592,25 +23050,21 @@ fi -{ echo "$as_me:$LINENO: checking for struct winsize" >&5 -echo $ECHO_N "checking for struct winsize... $ECHO_C" >&6; } -if test "${ac_cv_struct_winsize+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct winsize" >&5 +$as_echo_n "checking for struct winsize... " >&6; } +if test "${ac_cv_struct_winsize+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_struct_winsize=no for i in sys/termios.h sys/ioctl.h; do -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$i> _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "struct[ ]*winsize" >/dev/null 2>&1; then + $EGREP "struct[ ]*winsize" >/dev/null 2>&1; then : ac_cv_struct_winsize=yes; break fi rm -f conftest* @@ -42620,47 +23074,33 @@ fi if test "$ac_cv_struct_winsize" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_WINSIZE 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_WINSIZE 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: result: $ac_cv_struct_winsize" >&5 -echo "${ECHO_T}$ac_cv_struct_winsize" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_winsize" >&5 +$as_echo "$ac_cv_struct_winsize" >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ws_xpixel" >/dev/null 2>&1; then + $EGREP "ws_xpixel" >/dev/null 2>&1; then : -cat >>confdefs.h <<\_ACEOF -#define HAVE_WS_XPIXEL 1 -_ACEOF +$as_echo "#define HAVE_WS_XPIXEL 1" >>confdefs.h fi rm -f conftest* -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ws_ypixel" >/dev/null 2>&1; then + $EGREP "ws_ypixel" >/dev/null 2>&1; then : -cat >>confdefs.h <<\_ACEOF -#define HAVE_WS_YPIXEL 1 -_ACEOF +$as_echo "#define HAVE_WS_YPIXEL 1" >>confdefs.h fi rm -f conftest* @@ -42669,17 +23109,13 @@ rm -f conftest* -{ echo "$as_me:$LINENO: checking for struct spwd" >&5 -echo $ECHO_N "checking for struct spwd... $ECHO_C" >&6; } -if test "${ac_cv_struct_spwd+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct spwd" >&5 +$as_echo_n "checking for struct spwd... " >&6; } +if test "${ac_cv_struct_spwd+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -42694,43 +23130,21 @@ struct spwd foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_struct_spwd=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_struct_spwd=no + ac_cv_struct_spwd=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_struct_spwd" >&5 -echo "${ECHO_T}$ac_cv_struct_spwd" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_spwd" >&5 +$as_echo "$ac_cv_struct_spwd" >&6; } if test "$ac_cv_struct_spwd" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_SPWD 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_SPWD 1" >>confdefs.h fi @@ -42742,7 +23156,7 @@ fi # Check whether --enable-socket-wrapper was given. -if test "${enable_socket_wrapper+set}" = set; then +if test "${enable_socket_wrapper+set}" = set; then : enableval=$enable_socket_wrapper; fi @@ -42757,9 +23171,7 @@ fi if test "x$enable_socket_wrapper" = xyes ; then -cat >>confdefs.h <<\_ACEOF -#define SOCKET_WRAPPER_REPLACE 1 -_ACEOF +$as_echo "#define SOCKET_WRAPPER_REPLACE 1" >>confdefs.h fi @@ -42774,14 +23186,12 @@ LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken" # Check whether --enable-otp was given. -if test "${enable_otp+set}" = set; then +if test "${enable_otp+set}" = set; then : enableval=$enable_otp; fi if test "$enable_otp" = yes -a "$db_type" = unknown; then - { { echo "$as_me:$LINENO: error: OTP requires a NDBM/DB compatible library" >&5 -echo "$as_me: error: OTP requires a NDBM/DB compatible library" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "OTP requires a NDBM/DB compatible library" "$LINENO" 5 fi if test "$enable_otp" != no; then if test "$db_type" != unknown; then @@ -42792,17 +23202,15 @@ if test "$enable_otp" != no; then fi if test "$enable_otp" = yes; then -cat >>confdefs.h <<\_ACEOF -#define OTP 1 -_ACEOF +$as_echo "#define OTP 1" >>confdefs.h LIB_otp='$(top_builddir)/lib/otp/libotp.la' fi -{ echo "$as_me:$LINENO: checking whether to enable OTP library" >&5 -echo $ECHO_N "checking whether to enable OTP library... $ECHO_C" >&6; } -{ echo "$as_me:$LINENO: result: $enable_otp" >&5 -echo "${ECHO_T}$enable_otp" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable OTP library" >&5 +$as_echo_n "checking whether to enable OTP library... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_otp" >&5 +$as_echo "$enable_otp" >&6; } if test "$enable_otp" = yes; then OTP_TRUE= OTP_FALSE='#' @@ -42813,17 +23221,151 @@ fi + +for ac_header in dispatch/dispatch.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "dispatch/dispatch.h" "ac_cv_header_dispatch_dispatch_h" "$ac_includes_default" +if test "x$ac_cv_header_dispatch_dispatch_h" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DISPATCH_DISPATCH_H 1 +_ACEOF + +fi + +done + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dispatch_async_f" >&5 +$as_echo_n "checking for dispatch_async_f... " >&6; } +if test "${ac_cv_funclib_dispatch_async_f+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +if eval "test \"\$ac_cv_func_dispatch_async_f\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" dispatch; do + case "$ac_lib" in + "") ;; + yes) ac_lib="" ;; + no) continue ;; + -l*) ;; + *) ac_lib="-l$ac_lib" ;; + esac + LIBS=" $ac_lib $ac_save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef HAVE_DISPATCH_DISPATCH_H +#include +#endif +int +main () +{ +dispatch_async_f(0,0,0) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dispatch_async_f=$ac_lib; else ac_cv_funclib_dispatch_async_f=yes; fi";break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done + eval "ac_cv_funclib_dispatch_async_f=\${ac_cv_funclib_dispatch_async_f-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dispatch_async_f" + +if false; then + for ac_func in dispatch_async_f +do : + ac_fn_c_check_func "$LINENO" "dispatch_async_f" "ac_cv_func_dispatch_async_f" +if test "x$ac_cv_func_dispatch_async_f" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DISPATCH_ASYNC_F 1 +_ACEOF + +fi +done + +fi +# dispatch_async_f +eval "ac_tr_func=HAVE_`echo dispatch_async_f | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" +eval "LIB_dispatch_async_f=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dispatch_async_f=yes" + eval "LIB_dispatch_async_f=" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + no) + eval "ac_cv_func_dispatch_async_f=no" + eval "LIB_dispatch_async_f=" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + *) + eval "ac_cv_func_dispatch_async_f=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >>confdefs.h <<_ACEOF +#define $ac_tr_func 1 +_ACEOF + + cat >>confdefs.h <<_ACEOF +#define $ac_tr_lib 1 +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } + ;; +esac + + + +if test "$ac_cv_func_dispatch_async_f" = yes ; then + +$as_echo "#define HAVE_GCD 1" >>confdefs.h + + libdispatch=yes +else + libdispatch=no +fi + + if test "$libdispatch" = yes; then + have_gcd_TRUE= + have_gcd_FALSE='#' +else + have_gcd_TRUE='#' + have_gcd_FALSE= +fi + + + + + # Check whether --enable-osfc2 was given. -if test "${enable_osfc2+set}" = set; then +if test "${enable_osfc2+set}" = set; then : enableval=$enable_osfc2; fi LIB_security= if test "$enable_osfc2" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_OSFC2 1 -_ACEOF +$as_echo "#define HAVE_OSFC2 1" >>confdefs.h LIB_security=-lsecurity fi @@ -42831,20 +23373,18 @@ fi # Check whether --enable-mmap was given. -if test "${enable_mmap+set}" = set; then +if test "${enable_mmap+set}" = set; then : enableval=$enable_mmap; fi if test "$enable_mmap" = "no"; then -cat >>confdefs.h <<\_ACEOF -#define NO_MMAP 1 -_ACEOF +$as_echo "#define NO_MMAP 1" >>confdefs.h fi # Check whether --enable-afs-string-to-key was given. -if test "${enable_afs_string_to_key+set}" = set; then +if test "${enable_afs_string_to_key+set}" = set; then : enableval=$enable_afs_string_to_key; else enable_afs_string_to_key=yes @@ -42853,19 +23393,17 @@ fi if test "$enable_afs_string_to_key" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define ENABLE_AFS_STRING_TO_KEY 1 -_ACEOF +$as_echo "#define ENABLE_AFS_STRING_TO_KEY 1" >>confdefs.h fi # Extract the first word of "nroff", so it can be a program name with args. set dummy nroff; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_NROFF+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_NROFF+set}" = set; then : + $as_echo_n "(cached) " >&6 else case $NROFF in [\\/]* | ?:[\\/]*) @@ -42877,14 +23415,14 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS ;; @@ -42892,20 +23430,20 @@ esac fi NROFF=$ac_cv_path_NROFF if test -n "$NROFF"; then - { echo "$as_me:$LINENO: result: $NROFF" >&5 -echo "${ECHO_T}$NROFF" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 +$as_echo "$NROFF" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi # Extract the first word of "groff", so it can be a program name with args. set dummy groff; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_GROFF+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_GROFF+set}" = set; then : + $as_echo_n "(cached) " >&6 else case $GROFF in [\\/]* | ?:[\\/]*) @@ -42917,14 +23455,14 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS ;; @@ -42932,26 +23470,25 @@ esac fi GROFF=$ac_cv_path_GROFF if test -n "$GROFF"; then - { echo "$as_me:$LINENO: result: $GROFF" >&5 -echo "${ECHO_T}$GROFF" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 +$as_echo "$GROFF" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -{ echo "$as_me:$LINENO: checking how to format man pages" >&5 -echo $ECHO_N "checking how to format man pages... $ECHO_C" >&6; } -if test "${ac_cv_sys_man_format+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to format man pages" >&5 +$as_echo_n "checking how to format man pages... " >&6; } +if test "${ac_cv_sys_man_format+set}" = set; then : + $as_echo_n "(cached) " >&6 else cat > conftest.1 << END .Dd January 1, 1970 .Dt CONFTEST 1 .Sh NAME .Nm conftest -.Nd -foobar +.Nd foobar END if test "$NROFF" ; then @@ -42977,8 +23514,8 @@ if test "$ac_cv_sys_man_format"; then fi fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_man_format" >&5 -echo "${ECHO_T}$ac_cv_sys_man_format" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_man_format" >&5 +$as_echo "$ac_cv_sys_man_format" >&6; } if test "$ac_cv_sys_man_format"; then CATMAN="$ac_cv_sys_man_format" @@ -42991,10 +23528,10 @@ else CATMAN_FALSE= fi -{ echo "$as_me:$LINENO: checking extension of pre-formatted manual pages" >&5 -echo $ECHO_N "checking extension of pre-formatted manual pages... $ECHO_C" >&6; } -if test "${ac_cv_sys_catman_ext+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking extension of pre-formatted manual pages" >&5 +$as_echo_n "checking extension of pre-formatted manual pages... " >&6; } +if test "${ac_cv_sys_catman_ext+set}" = set; then : + $as_echo_n "(cached) " >&6 else if grep _suffix /etc/man.conf > /dev/null 2>&1; then ac_cv_sys_catman_ext=0 @@ -43003,8 +23540,8 @@ else fi fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_catman_ext" >&5 -echo "${ECHO_T}$ac_cv_sys_catman_ext" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_catman_ext" >&5 +$as_echo "$ac_cv_sys_catman_ext" >&6; } if test "$ac_cv_sys_catman_ext" = number; then CATMANEXT='$$section' else @@ -43016,17 +23553,15 @@ fi # Check whether --with-readline was given. -if test "${with_readline+set}" = set; then +if test "${with_readline+set}" = set; then : withval=$with_readline; fi # Check whether --with-readline-lib was given. -if test "${with_readline_lib+set}" = set; then +if test "${with_readline_lib+set}" = set; then : withval=$with_readline_lib; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-readline-lib" >&5 -echo "$as_me: error: No argument for --with-readline-lib" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-readline-lib" "$LINENO" 5 elif test "X$with_readline" = "X"; then with_readline=yes fi @@ -43034,11 +23569,9 @@ fi # Check whether --with-readline-include was given. -if test "${with_readline_include+set}" = set; then +if test "${with_readline_include+set}" = set; then : withval=$with_readline_include; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-readline-include" >&5 -echo "$as_me: error: No argument for --with-readline-include" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-readline-include" "$LINENO" 5 elif test "X$with_readline" = "X"; then with_readline=yes fi @@ -43046,15 +23579,15 @@ fi # Check whether --with-readline-config was given. -if test "${with_readline_config+set}" = set; then +if test "${with_readline_config+set}" = set; then : withval=$with_readline_config; fi -{ echo "$as_me:$LINENO: checking for readline" >&5 -echo $ECHO_N "checking for readline... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for readline" >&5 +$as_echo_n "checking for readline... " >&6; } case "$with_readline" in yes|"") d='' ;; @@ -43118,14 +23651,29 @@ if test "$with_readline" != no; then if test "$readline_cflags" -a "$readline_libs"; then CFLAGS="$readline_cflags $save_CFLAGS" LIBS="$readline_libs $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ + for ac_header in readline.h readline/readline.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + +fi + +done + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - #include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif + int main () { @@ -43134,52 +23682,44 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : INCLUDE_readline="$readline_cflags" LIB_readline="$readline_libs" - { echo "$as_me:$LINENO: result: from $with_readline_config" >&5 -echo "${ECHO_T}from $with_readline_config" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: from $with_readline_config" >&5 +$as_echo "from $with_readline_config" >&6; } found=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi if test "$found" = no; then ires= lres= for i in $header_dirs; do CFLAGS="-I$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ + for ac_header in readline.h readline/readline.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + +fi + +done + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - #include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif + int main () { @@ -43188,43 +23728,22 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ires=$i;break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done for i in $lib_dirs; do LIBS="-L$i -lreadline $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - #include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif + int main () { @@ -43233,41 +23752,18 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : lres=$i;break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done if test "$ires" -a "$lres" -a "$with_readline" != "no"; then INCLUDE_readline="-I$ires" LIB_readline="-L$lres -lreadline " found=yes - { echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 -echo "${ECHO_T}headers $ires, libraries $lres" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: headers $ires, libraries $lres" >&5 +$as_echo "headers $ires, libraries $lres" >&6; } fi fi CFLAGS="$save_CFLAGS" @@ -43285,8 +23781,8 @@ else with_readline=no INCLUDE_readline= LIB_readline= - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -43295,18 +23791,260 @@ fi +# Check whether --with-libedit was given. +if test "${with_libedit+set}" = set; then : + withval=$with_libedit; +fi + + +# Check whether --with-libedit-lib was given. +if test "${with_libedit_lib+set}" = set; then : + withval=$with_libedit_lib; if test "$withval" = "yes" -o "$withval" = "no"; then + as_fn_error "No argument for --with-libedit-lib" "$LINENO" 5 +elif test "X$with_libedit" = "X"; then + with_libedit=yes +fi +fi + + +# Check whether --with-libedit-include was given. +if test "${with_libedit_include+set}" = set; then : + withval=$with_libedit_include; if test "$withval" = "yes" -o "$withval" = "no"; then + as_fn_error "No argument for --with-libedit-include" "$LINENO" 5 +elif test "X$with_libedit" = "X"; then + with_libedit=yes +fi +fi + + +# Check whether --with-libedit-config was given. +if test "${with_libedit_config+set}" = set; then : + withval=$with_libedit_config; +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libedit" >&5 +$as_echo_n "checking for libedit... " >&6; } + +case "$with_libedit" in +yes|"") d='' ;; +no) d= ;; +*) d="$with_libedit" ;; +esac + +header_dirs= +lib_dirs= +for i in $d; do + if test "$with_libedit_include" = ""; then + if test -d "$i/include/libedit"; then + header_dirs="$header_dirs $i/include/libedit" + fi + if test -d "$i/include"; then + header_dirs="$header_dirs $i/include" + fi + fi + if test "$with_libedit_lib" = ""; then + if test -d "$i/lib$abilibdirext"; then + lib_dirs="$lib_dirs $i/lib$abilibdirext" + fi + fi +done + +if test "$with_libedit_include"; then + header_dirs="$with_libedit_include $header_dirs" +fi +if test "$with_libedit_lib"; then + lib_dirs="$with_libedit_lib $lib_dirs" +fi + +if test "$with_libedit_config" = ""; then + with_libedit_config='' +fi + +libedit_cflags= +libedit_libs= + +case "$with_libedit_config" in +yes|no|""|"") + if test -f $with_libedit/bin/ ; then + with_libedit_config=$with_libedit/bin/ + fi + ;; +esac + +case "$with_libedit_config" in +yes|no|"") + ;; +*) + libedit_cflags="`$with_libedit_config --cflags 2>&1`" + libedit_libs="`$with_libedit_config --libs 2>&1`" + ;; +esac + +found=no +if test "$with_libedit" != no; then + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + if test "$libedit_cflags" -a "$libedit_libs"; then + CFLAGS="$libedit_cflags $save_CFLAGS" + LIBS="$libedit_libs $save_LIBS" + for ac_header in readline.h readline/readline.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + INCLUDE_libedit="$libedit_cflags" + LIB_libedit="$libedit_libs" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: from $with_libedit_config" >&5 +$as_echo "from $with_libedit_config" >&6; } + found=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + if test "$found" = no; then + ires= lres= + for i in $header_dirs; do + CFLAGS="-I$i $save_CFLAGS" + for ac_header in readline.h readline/readline.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ires=$i;break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done + for i in $lib_dirs; do + LIBS="-L$i -ledit $save_LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if defined(HAVE_READLINE_READLINE_H) +#include +#elif defined(HAVE_READLINE_H) +#include +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lres=$i;break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done + if test "$ires" -a "$lres" -a "$with_libedit" != "no"; then + INCLUDE_libedit="-I$ires" + LIB_libedit="-L$lres -ledit " + found=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: headers $ires, libraries $lres" >&5 +$as_echo "headers $ires, libraries $lres" >&6; } + fi + fi + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" +fi + +if test "$found" = yes; then + +cat >>confdefs.h <<_ACEOF +#define LIBEDIT 1 +_ACEOF + + with_libedit=yes +else + with_libedit=no + INCLUDE_libedit= + LIB_libedit= + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + + + +subdirs="$subdirs lib/libedit" + + + + # Check whether --with-hesiod was given. -if test "${with_hesiod+set}" = set; then +if test "${with_hesiod+set}" = set; then : withval=$with_hesiod; fi # Check whether --with-hesiod-lib was given. -if test "${with_hesiod_lib+set}" = set; then +if test "${with_hesiod_lib+set}" = set; then : withval=$with_hesiod_lib; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-lib" >&5 -echo "$as_me: error: No argument for --with-hesiod-lib" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-hesiod-lib" "$LINENO" 5 elif test "X$with_hesiod" = "X"; then with_hesiod=yes fi @@ -43314,11 +24052,9 @@ fi # Check whether --with-hesiod-include was given. -if test "${with_hesiod_include+set}" = set; then +if test "${with_hesiod_include+set}" = set; then : withval=$with_hesiod_include; if test "$withval" = "yes" -o "$withval" = "no"; then - { { echo "$as_me:$LINENO: error: No argument for --with-hesiod-include" >&5 -echo "$as_me: error: No argument for --with-hesiod-include" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "No argument for --with-hesiod-include" "$LINENO" 5 elif test "X$with_hesiod" = "X"; then with_hesiod=yes fi @@ -43326,15 +24062,15 @@ fi # Check whether --with-hesiod-config was given. -if test "${with_hesiod_config+set}" = set; then +if test "${with_hesiod_config+set}" = set; then : withval=$with_hesiod_config; fi -{ echo "$as_me:$LINENO: checking for hesiod" >&5 -echo $ECHO_N "checking for hesiod... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for hesiod" >&5 +$as_echo_n "checking for hesiod... " >&6; } case "$with_hesiod" in yes|"") d='' ;; @@ -43398,11 +24134,8 @@ if test "$with_hesiod" != no; then if test "$hesiod_cflags" -a "$hesiod_libs"; then CFLAGS="$hesiod_cflags $save_CFLAGS" LIBS="$hesiod_libs $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -43413,49 +24146,23 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : INCLUDE_hesiod="$hesiod_cflags" LIB_hesiod="$hesiod_libs" - { echo "$as_me:$LINENO: result: from $with_hesiod_config" >&5 -echo "${ECHO_T}from $with_hesiod_config" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: from $with_hesiod_config" >&5 +$as_echo "from $with_hesiod_config" >&6; } found=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi if test "$found" = no; then ires= lres= for i in $header_dirs; do CFLAGS="-I$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -43466,40 +24173,14 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ires=$i;break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done for i in $lib_dirs; do LIBS="-L$i -lhesiod $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -43510,41 +24191,18 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : lres=$i;break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done if test "$ires" -a "$lres" -a "$with_hesiod" != "no"; then INCLUDE_hesiod="-I$ires" LIB_hesiod="-L$lres -lhesiod " found=yes - { echo "$as_me:$LINENO: result: headers $ires, libraries $lres" >&5 -echo "${ECHO_T}headers $ires, libraries $lres" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: headers $ires, libraries $lres" >&5 +$as_echo "headers $ires, libraries $lres" >&6; } fi fi CFLAGS="$save_CFLAGS" @@ -43562,8 +24220,8 @@ else with_hesiod=no INCLUDE_hesiod= LIB_hesiod= - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -43572,25 +24230,21 @@ fi # Check whether --enable-bigendian was given. -if test "${enable_bigendian+set}" = set; then +if test "${enable_bigendian+set}" = set; then : enableval=$enable_bigendian; krb_cv_c_bigendian=yes fi # Check whether --enable-littleendian was given. -if test "${enable_littleendian+set}" = set; then +if test "${enable_littleendian+set}" = set; then : enableval=$enable_littleendian; krb_cv_c_bigendian=no fi -{ echo "$as_me:$LINENO: checking whether byte order is known at compile time" >&5 -echo $ECHO_N "checking whether byte order is known at compile time... $ECHO_C" >&6; } -if test "${krb_cv_c_bigendian_compile+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte order is known at compile time" >&5 +$as_echo_n "checking whether byte order is known at compile time... " >&6; } +if test "${krb_cv_c_bigendian_compile+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -43599,47 +24253,23 @@ cat >>conftest.$ac_ext <<_ACEOF bogus endian macros #endif _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : krb_cv_c_bigendian_compile=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - krb_cv_c_bigendian_compile=no + krb_cv_c_bigendian_compile=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $krb_cv_c_bigendian_compile" >&5 -echo "${ECHO_T}$krb_cv_c_bigendian_compile" >&6; } -{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 -echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; } -if test "${krb_cv_c_bigendian+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb_cv_c_bigendian_compile" >&5 +$as_echo "$krb_cv_c_bigendian_compile" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if test "${krb_cv_c_bigendian+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test "$krb_cv_c_bigendian_compile" = "yes"; then - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -43648,43 +24278,17 @@ cat >>conftest.$ac_ext <<_ACEOF not big endian #endif _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : krb_cv_c_bigendian=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - krb_cv_c_bigendian=no + krb_cv_c_bigendian=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else - if test "$cross_compiling" = yes; then - { { echo "$as_me:$LINENO: error: specify either --enable-bigendian or --enable-littleendian" >&5 -echo "$as_me: error: specify either --enable-bigendian or --enable-littleendian" >&2;} - { (exit 1); exit 1; }; } + if test "$cross_compiling" = yes; then : + as_fn_error "specify either --enable-bigendian or --enable-littleendian" "$LINENO" 5 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ main (int argc, char **argv) { /* Are we little or big endian? From Harbison&Steele. */ @@ -43697,71 +24301,38 @@ main (int argc, char **argv) { exit (u.c[sizeof (long) - 1] == 1); } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : krb_cv_c_bigendian=no else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -krb_cv_c_bigendian=yes + krb_cv_c_bigendian=yes fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi fi -{ echo "$as_me:$LINENO: result: $krb_cv_c_bigendian" >&5 -echo "${ECHO_T}$krb_cv_c_bigendian" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb_cv_c_bigendian" >&5 +$as_echo "$krb_cv_c_bigendian" >&6; } if test "$krb_cv_c_bigendian" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define WORDS_BIGENDIAN 1 -_ACEOF +$as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h fi if test "$krb_cv_c_bigendian_compile" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define ENDIANESS_IN_SYS_PARAM_H 1 -_ACEOF +$as_echo "#define ENDIANESS_IN_SYS_PARAM_H 1" >>confdefs.h fi - -{ echo "$as_me:$LINENO: checking for inline" >&5 -echo $ECHO_N "checking for inline... $ECHO_C" >&6; } -if test "${ac_cv_c_inline+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if test "${ac_cv_c_inline+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; @@ -43770,39 +24341,16 @@ $ac_kw foo_t foo () {return 0; } #endif _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_inline=$ac_kw -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5 -echo "${ECHO_T}$ac_cv_c_inline" >&6; } - +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; @@ -43820,559 +24368,12 @@ _ACEOF esac - - - - -{ echo "$as_me:$LINENO: checking for dlopen" >&5 -echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; } -if test "${ac_cv_funclib_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_dlopen\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" dl; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_DLFCN_H -#include -#endif -int -main () -{ -dlopen(0,0) - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_dlopen=$ac_lib; else ac_cv_funclib_dlopen=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_dlopen=\${ac_cv_funclib_dlopen-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_dlopen" - -if false; then - -for ac_func in dlopen -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# dlopen -eval "ac_tr_func=HAVE_`echo dlopen | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_dlopen=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_dlopen=yes" - eval "LIB_dlopen=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) - eval "ac_cv_func_dlopen=no" - eval "LIB_dlopen=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) - eval "ac_cv_func_dlopen=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } - ;; -esac - - - if test "$ac_cv_funclib_dlopen" != no; then - HAVE_DLOPEN_TRUE= - HAVE_DLOPEN_FALSE='#' -else - HAVE_DLOPEN_TRUE='#' - HAVE_DLOPEN_FALSE= -fi - - - - -aix=no -case "$host" in -*-*-aix3*) - aix=3 - ;; -*-*-aix4*|*-*-aix5*) - aix=4 - ;; -esac - - if test "$aix" != no; then - AIX_TRUE= - AIX_FALSE='#' -else - AIX_TRUE='#' - AIX_FALSE= -fi - if test "$aix" = 4; then - AIX4_TRUE= - AIX4_FALSE='#' -else - AIX4_TRUE='#' - AIX4_FALSE= -fi - - - -# Check whether --enable-dynamic-afs was given. -if test "${enable_dynamic_afs+set}" = set; then - enableval=$enable_dynamic_afs; -fi - - -if test "$aix" != no; then - if test "$enable_dynamic_afs" != no; then - - if test "$ac_cv_func_dlopen" = no; then - - - -{ echo "$as_me:$LINENO: checking for loadquery" >&5 -echo $ECHO_N "checking for loadquery... $ECHO_C" >&6; } -if test "${ac_cv_funclib_loadquery+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_loadquery\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" ld; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ -loadquery() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_loadquery=$ac_lib; else ac_cv_funclib_loadquery=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_loadquery=\${ac_cv_funclib_loadquery-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_loadquery" - -if false; then - -for ac_func in loadquery -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# loadquery -eval "ac_tr_func=HAVE_`echo loadquery | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_loadquery=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_loadquery=yes" - eval "LIB_loadquery=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) - eval "ac_cv_func_loadquery=no" - eval "LIB_loadquery=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) - eval "ac_cv_func_loadquery=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } - ;; -esac - - - fi - if test "$ac_cv_func_dlopen" != no; then - AIX_EXTRA_KAFS='$(LIB_dlopen)' - elif test "$ac_cv_func_loadquery" != no; then - AIX_EXTRA_KAFS='$(LIB_loadquery)' - else - { echo "$as_me:$LINENO: not using dynloaded AFS library" >&5 -echo "$as_me: not using dynloaded AFS library" >&6;} - AIX_EXTRA_KAFS= - enable_dynamic_afs=no - fi - else - AIX_EXTRA_KAFS= - fi -fi - - if test "$enable_dynamic_afs" != no; then - AIX_DYNAMIC_AFS_TRUE= - AIX_DYNAMIC_AFS_FALSE='#' -else - AIX_DYNAMIC_AFS_TRUE='#' - AIX_DYNAMIC_AFS_FALSE= -fi - - - - - - -irix=no -case "$host" in -*-*-irix4*) - -cat >>confdefs.h <<\_ACEOF -#define IRIX4 1 -_ACEOF - - irix=yes - ;; -*-*-irix*) - irix=yes - ;; -esac - if test "$irix" != no; then - IRIX_TRUE= - IRIX_FALSE='#' -else - IRIX_TRUE='#' - IRIX_FALSE= -fi - - - - - -sunos=no -case "$host" in -*-*-sunos4*) - sunos=40 - ;; -*-*-solaris2.7) - sunos=57 - ;; -*-*-solaris2.[89] | *-*-solaris2.10) - sunos=58 - ;; -*-*-solaris2*) - sunos=50 - ;; -esac -if test "$sunos" != no; then - -cat >>confdefs.h <<_ACEOF -#define SunOS $sunos -_ACEOF - -fi - - -{ echo "$as_me:$LINENO: checking for X" >&5 -echo $ECHO_N "checking for X... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for X" >&5 +$as_echo_n "checking for X... " >&6; } # Check whether --with-x was given. -if test "${with_x+set}" = set; then +if test "${with_x+set}" = set; then : withval=$with_x; fi @@ -44382,11 +24383,9 @@ if test "x$with_x" = xno; then have_x=disabled else case $x_includes,$x_libraries in #( - *\'*) { { echo "$as_me:$LINENO: error: Cannot use X directory names containing '" >&5 -echo "$as_me: error: Cannot use X directory names containing '" >&2;} - { (exit 1); exit 1; }; };; #( - *,NONE | NONE,*) if test "${ac_cv_have_x+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + *\'*) as_fn_error "cannot use X directory names containing '" "$LINENO" 5;; #( + *,NONE | NONE,*) if test "${ac_cv_have_x+set}" = set; then : + $as_echo_n "(cached) " >&6 else # One or both of the vars are not set, and there is no cached value. ac_x_includes=no ac_x_libraries=no @@ -44407,7 +24406,7 @@ _ACEOF eval "ac_im_$ac_var=\`\${MAKE-make} $ac_var 2>/dev/null | sed -n 's/^$ac_var=//p'\`" done # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR. - for ac_extension in a so sl; do + for ac_extension in a so sl dylib la dll; do if test ! -f "$ac_im_usrlibdir/libX11.$ac_extension" && test -f "$ac_im_libdir/libX11.$ac_extension"; then ac_im_usrlibdir=$ac_im_libdir; break @@ -44421,7 +24420,7 @@ _ACEOF *) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes=$ac_im_incroot;; esac case $ac_im_usrlibdir in - /usr/lib | /lib) ;; + /usr/lib | /usr/lib64 | /lib | /lib64) ;; *) test -d "$ac_im_usrlibdir" && ac_x_libraries=$ac_im_usrlibdir ;; esac fi @@ -44433,21 +24432,25 @@ fi # Check X11 before X11Rn because it is often a symlink to the current release. ac_x_header_dirs=' /usr/X11/include +/usr/X11R7/include /usr/X11R6/include /usr/X11R5/include /usr/X11R4/include /usr/include/X11 +/usr/include/X11R7 /usr/include/X11R6 /usr/include/X11R5 /usr/include/X11R4 /usr/local/X11/include +/usr/local/X11R7/include /usr/local/X11R6/include /usr/local/X11R5/include /usr/local/X11R4/include /usr/local/include/X11 +/usr/local/include/X11R7 /usr/local/include/X11R6 /usr/local/include/X11R5 /usr/local/include/X11R4 @@ -44469,36 +24472,14 @@ ac_x_header_dirs=' if test "$ac_x_includes" = no; then # Guess where to find include files, by looking for Xlib.h. # First, try using that file with no special directory specified. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then +if ac_fn_c_try_cpp "$LINENO"; then : # We can compile using X headers with no special include directory. ac_x_includes= else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - for ac_dir in $ac_x_header_dirs; do if test -r "$ac_dir/X11/Xlib.h"; then ac_x_includes=$ac_dir @@ -44506,7 +24487,6 @@ sed 's/^/| /' conftest.$ac_ext >&5 fi done fi - rm -f conftest.err conftest.$ac_ext fi # $ac_x_includes = no @@ -44516,11 +24496,7 @@ if test "$ac_x_libraries" = no; then # Don't add to $LIBS permanently. ac_save_LIBS=$LIBS LIBS="-lX11 $LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -44531,36 +24507,16 @@ XrmInitialize () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : LIBS=$ac_save_LIBS # We can link X programs with no special library path. ac_x_libraries= else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - LIBS=$ac_save_LIBS -for ac_dir in `echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g` + LIBS=$ac_save_LIBS +for ac_dir in `$as_echo "$ac_x_includes $ac_x_header_dirs" | sed s/include/lib/g` do # Don't even attempt the hair of trying to link an X program! - for ac_extension in a so sl; do + for ac_extension in a so sl dylib la dll; do if test -r "$ac_dir/libX11.$ac_extension"; then ac_x_libraries=$ac_dir break 2 @@ -44568,9 +24524,8 @@ do done done fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi # $ac_x_libraries = no case $ac_x_includes,$ac_x_libraries in #( @@ -44591,8 +24546,8 @@ fi fi # $with_x != no if test "$have_x" != yes; then - { echo "$as_me:$LINENO: result: $have_x" >&5 -echo "${ECHO_T}$have_x" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_x" >&5 +$as_echo "$have_x" >&6; } no_x=yes else # If each of the values was on the command line, it overrides each guess. @@ -44602,17 +24557,15 @@ else ac_cv_have_x="have_x=yes\ ac_x_includes='$x_includes'\ ac_x_libraries='$x_libraries'" - { echo "$as_me:$LINENO: result: libraries $x_libraries, headers $x_includes" >&5 -echo "${ECHO_T}libraries $x_libraries, headers $x_includes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: libraries $x_libraries, headers $x_includes" >&5 +$as_echo "libraries $x_libraries, headers $x_includes" >&6; } fi if test "$no_x" = yes; then # Not all programs may use this symbol, but it does not hurt to define it. -cat >>confdefs.h <<\_ACEOF -#define X_DISPLAY_MISSING 1 -_ACEOF +$as_echo "#define X_DISPLAY_MISSING 1" >>confdefs.h X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS= else @@ -44625,16 +24578,12 @@ else X_LIBS="$X_LIBS -L$x_libraries" # For Solaris; some versions of Sun CC require a space after -R and # others require no space. Words are not sufficient . . . . - { echo "$as_me:$LINENO: checking whether -R must be followed by a space" >&5 -echo $ECHO_N "checking whether -R must be followed by a space... $ECHO_C" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -R must be followed by a space" >&5 +$as_echo_n "checking whether -R must be followed by a space... " >&6; } ac_xsave_LIBS=$LIBS; LIBS="$LIBS -R$x_libraries" ac_xsave_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -44645,37 +24594,13 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } X_LIBS="$X_LIBS -R$x_libraries" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - LIBS="$ac_xsave_LIBS -R $x_libraries" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + LIBS="$ac_xsave_LIBS -R $x_libraries" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -44686,41 +24611,19 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } X_LIBS="$X_LIBS -R $x_libraries" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: neither works" >&5 -echo "${ECHO_T}neither works" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: neither works" >&5 +$as_echo "neither works" >&6; } fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext ac_c_werror_flag=$ac_xsave_c_werror_flag LIBS=$ac_xsave_LIBS fi @@ -44736,11 +24639,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ # libraries were built with DECnet support. And Karl Berry says # the Alpha needs dnet_stub (dnet does not exist). ac_xsave_LIBS="$LIBS"; LIBS="$LIBS $X_LIBS -lX11" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -44758,41 +24657,17 @@ return XOpenDisplay (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_link "$LINENO"; then : - { echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet" >&5 -echo $ECHO_N "checking for dnet_ntoa in -ldnet... $ECHO_C" >&6; } -if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dnet_ntoa in -ldnet" >&5 +$as_echo_n "checking for dnet_ntoa in -ldnet... " >&6; } +if test "${ac_cv_lib_dnet_dnet_ntoa+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldnet $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -44810,55 +24685,30 @@ return dnet_ntoa (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dnet_dnet_ntoa=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dnet_dnet_ntoa=no + ac_cv_lib_dnet_dnet_ntoa=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_dnet_ntoa" >&5 -echo "${ECHO_T}$ac_cv_lib_dnet_dnet_ntoa" >&6; } -if test $ac_cv_lib_dnet_dnet_ntoa = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dnet_dnet_ntoa" >&5 +$as_echo "$ac_cv_lib_dnet_dnet_ntoa" >&6; } +if test "x$ac_cv_lib_dnet_dnet_ntoa" = x""yes; then : X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet" fi if test $ac_cv_lib_dnet_dnet_ntoa = no; then - { echo "$as_me:$LINENO: checking for dnet_ntoa in -ldnet_stub" >&5 -echo $ECHO_N "checking for dnet_ntoa in -ldnet_stub... $ECHO_C" >&6; } -if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dnet_ntoa in -ldnet_stub" >&5 +$as_echo_n "checking for dnet_ntoa in -ldnet_stub... " >&6; } +if test "${ac_cv_lib_dnet_stub_dnet_ntoa+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldnet_stub $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -44876,47 +24726,25 @@ return dnet_ntoa (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dnet_stub_dnet_ntoa=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dnet_stub_dnet_ntoa=no + ac_cv_lib_dnet_stub_dnet_ntoa=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5 -echo "${ECHO_T}$ac_cv_lib_dnet_stub_dnet_ntoa" >&6; } -if test $ac_cv_lib_dnet_stub_dnet_ntoa = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dnet_stub_dnet_ntoa" >&5 +$as_echo "$ac_cv_lib_dnet_stub_dnet_ntoa" >&6; } +if test "x$ac_cv_lib_dnet_stub_dnet_ntoa" = x""yes; then : X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub" fi fi fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS="$ac_xsave_LIBS" # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT, @@ -44927,101 +24755,20 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ # on Irix 5.2, according to T.E. Dickey. # The functions gethostbyname, getservbyname, and inet_addr are # in -lbsd on LynxOS 3.0.1/i386, according to Lars Hecking. - { echo "$as_me:$LINENO: checking for gethostbyname" >&5 -echo $ECHO_N "checking for gethostbyname... $ECHO_C" >&6; } -if test "${ac_cv_func_gethostbyname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define gethostbyname to an innocuous variant, in case declares gethostbyname. - For example, HP-UX 11i declares gettimeofday. */ -#define gethostbyname innocuous_gethostbyname + ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" +if test "x$ac_cv_func_gethostbyname" = x""yes; then : -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char gethostbyname (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef gethostbyname - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gethostbyname (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_gethostbyname || defined __stub___gethostbyname -choke me -#endif - -int -main () -{ -return gethostbyname (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_gethostbyname=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_gethostbyname=no fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_gethostbyname" >&5 -echo "${ECHO_T}$ac_cv_func_gethostbyname" >&6; } - if test $ac_cv_func_gethostbyname = no; then - { echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5 -echo $ECHO_N "checking for gethostbyname in -lnsl... $ECHO_C" >&6; } -if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 +$as_echo_n "checking for gethostbyname in -lnsl... " >&6; } +if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -45039,55 +24786,30 @@ return gethostbyname (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_gethostbyname=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_nsl_gethostbyname=no + ac_cv_lib_nsl_gethostbyname=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5 -echo "${ECHO_T}$ac_cv_lib_nsl_gethostbyname" >&6; } -if test $ac_cv_lib_nsl_gethostbyname = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 +$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } +if test "x$ac_cv_lib_nsl_gethostbyname" = x""yes; then : X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl" fi if test $ac_cv_lib_nsl_gethostbyname = no; then - { echo "$as_me:$LINENO: checking for gethostbyname in -lbsd" >&5 -echo $ECHO_N "checking for gethostbyname in -lbsd... $ECHO_C" >&6; } -if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lbsd" >&5 +$as_echo_n "checking for gethostbyname in -lbsd... " >&6; } +if test "${ac_cv_lib_bsd_gethostbyname+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lbsd $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -45105,39 +24827,18 @@ return gethostbyname (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_bsd_gethostbyname=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_bsd_gethostbyname=no + ac_cv_lib_bsd_gethostbyname=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_bsd_gethostbyname" >&5 -echo "${ECHO_T}$ac_cv_lib_bsd_gethostbyname" >&6; } -if test $ac_cv_lib_bsd_gethostbyname = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_gethostbyname" >&5 +$as_echo "$ac_cv_lib_bsd_gethostbyname" >&6; } +if test "x$ac_cv_lib_bsd_gethostbyname" = x""yes; then : X_EXTRA_LIBS="$X_EXTRA_LIBS -lbsd" fi @@ -45151,101 +24852,20 @@ fi # variants that don't use the name server (or something). -lsocket # must be given before -lnsl if both are needed. We assume that # if connect needs -lnsl, so does gethostbyname. - { echo "$as_me:$LINENO: checking for connect" >&5 -echo $ECHO_N "checking for connect... $ECHO_C" >&6; } -if test "${ac_cv_func_connect+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define connect to an innocuous variant, in case declares connect. - For example, HP-UX 11i declares gettimeofday. */ -#define connect innocuous_connect + ac_fn_c_check_func "$LINENO" "connect" "ac_cv_func_connect" +if test "x$ac_cv_func_connect" = x""yes; then : -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char connect (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef connect - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char connect (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_connect || defined __stub___connect -choke me -#endif - -int -main () -{ -return connect (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_connect=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_connect=no fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_connect" >&5 -echo "${ECHO_T}$ac_cv_func_connect" >&6; } - if test $ac_cv_func_connect = no; then - { echo "$as_me:$LINENO: checking for connect in -lsocket" >&5 -echo $ECHO_N "checking for connect in -lsocket... $ECHO_C" >&6; } -if test "${ac_cv_lib_socket_connect+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for connect in -lsocket" >&5 +$as_echo_n "checking for connect in -lsocket... " >&6; } +if test "${ac_cv_lib_socket_connect+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $X_EXTRA_LIBS $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -45263,140 +24883,38 @@ return connect (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_socket_connect=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_socket_connect=no + ac_cv_lib_socket_connect=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_connect" >&5 -echo "${ECHO_T}$ac_cv_lib_socket_connect" >&6; } -if test $ac_cv_lib_socket_connect = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_connect" >&5 +$as_echo "$ac_cv_lib_socket_connect" >&6; } +if test "x$ac_cv_lib_socket_connect" = x""yes; then : X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS" fi fi # Guillermo Gomez says -lposix is necessary on A/UX. - { echo "$as_me:$LINENO: checking for remove" >&5 -echo $ECHO_N "checking for remove... $ECHO_C" >&6; } -if test "${ac_cv_func_remove+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define remove to an innocuous variant, in case declares remove. - For example, HP-UX 11i declares gettimeofday. */ -#define remove innocuous_remove + ac_fn_c_check_func "$LINENO" "remove" "ac_cv_func_remove" +if test "x$ac_cv_func_remove" = x""yes; then : -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char remove (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef remove - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char remove (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_remove || defined __stub___remove -choke me -#endif - -int -main () -{ -return remove (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_remove=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_remove=no fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_remove" >&5 -echo "${ECHO_T}$ac_cv_func_remove" >&6; } - if test $ac_cv_func_remove = no; then - { echo "$as_me:$LINENO: checking for remove in -lposix" >&5 -echo $ECHO_N "checking for remove in -lposix... $ECHO_C" >&6; } -if test "${ac_cv_lib_posix_remove+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for remove in -lposix" >&5 +$as_echo_n "checking for remove in -lposix... " >&6; } +if test "${ac_cv_lib_posix_remove+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lposix $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -45414,140 +24932,38 @@ return remove (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_posix_remove=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_posix_remove=no + ac_cv_lib_posix_remove=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_posix_remove" >&5 -echo "${ECHO_T}$ac_cv_lib_posix_remove" >&6; } -if test $ac_cv_lib_posix_remove = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_posix_remove" >&5 +$as_echo "$ac_cv_lib_posix_remove" >&6; } +if test "x$ac_cv_lib_posix_remove" = x""yes; then : X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix" fi fi # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. - { echo "$as_me:$LINENO: checking for shmat" >&5 -echo $ECHO_N "checking for shmat... $ECHO_C" >&6; } -if test "${ac_cv_func_shmat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define shmat to an innocuous variant, in case declares shmat. - For example, HP-UX 11i declares gettimeofday. */ -#define shmat innocuous_shmat + ac_fn_c_check_func "$LINENO" "shmat" "ac_cv_func_shmat" +if test "x$ac_cv_func_shmat" = x""yes; then : -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char shmat (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef shmat - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char shmat (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_shmat || defined __stub___shmat -choke me -#endif - -int -main () -{ -return shmat (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_shmat=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_shmat=no fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_shmat" >&5 -echo "${ECHO_T}$ac_cv_func_shmat" >&6; } - if test $ac_cv_func_shmat = no; then - { echo "$as_me:$LINENO: checking for shmat in -lipc" >&5 -echo $ECHO_N "checking for shmat in -lipc... $ECHO_C" >&6; } -if test "${ac_cv_lib_ipc_shmat+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shmat in -lipc" >&5 +$as_echo_n "checking for shmat in -lipc... " >&6; } +if test "${ac_cv_lib_ipc_shmat+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lipc $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -45565,39 +24981,18 @@ return shmat (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ipc_shmat=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_ipc_shmat=no + ac_cv_lib_ipc_shmat=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_ipc_shmat" >&5 -echo "${ECHO_T}$ac_cv_lib_ipc_shmat" >&6; } -if test $ac_cv_lib_ipc_shmat = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ipc_shmat" >&5 +$as_echo "$ac_cv_lib_ipc_shmat" >&6; } +if test "x$ac_cv_lib_ipc_shmat" = x""yes; then : X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc" fi @@ -45613,18 +25008,14 @@ fi # These have to be linked with before -lX11, unlike the other # libraries we check for below, so use a different variable. # John Interrante, Karl Berry - { echo "$as_me:$LINENO: checking for IceConnectionNumber in -lICE" >&5 -echo $ECHO_N "checking for IceConnectionNumber in -lICE... $ECHO_C" >&6; } -if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IceConnectionNumber in -lICE" >&5 +$as_echo_n "checking for IceConnectionNumber in -lICE... " >&6; } +if test "${ac_cv_lib_ICE_IceConnectionNumber+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lICE $X_EXTRA_LIBS $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -45642,39 +25033,18 @@ return IceConnectionNumber (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ICE_IceConnectionNumber=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_ICE_IceConnectionNumber=no + ac_cv_lib_ICE_IceConnectionNumber=no fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5 -echo "${ECHO_T}$ac_cv_lib_ICE_IceConnectionNumber" >&6; } -if test $ac_cv_lib_ICE_IceConnectionNumber = yes; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ICE_IceConnectionNumber" >&5 +$as_echo "$ac_cv_lib_ICE_IceConnectionNumber" >&6; } +if test "x$ac_cv_lib_ICE_IceConnectionNumber" = x""yes; then : X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE" fi @@ -45686,10 +25056,10 @@ fi # try to figure out if we need any additional ld flags, like -R # and yes, the autoconf X test is utterly broken if test "$no_x" != yes; then - { echo "$as_me:$LINENO: checking for special X linker flags" >&5 -echo $ECHO_N "checking for special X linker flags... $ECHO_C" >&6; } -if test "${krb_cv_sys_x_libs_rpath+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special X linker flags" >&5 +$as_echo_n "checking for special X linker flags... " >&6; } +if test "${krb_cv_sys_x_libs_rpath+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_save_libs="$LIBS" @@ -45714,10 +25084,11 @@ else done fi LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS" - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : krb_cv_sys_x_libs_rpath="" ; krb_cv_sys_x_libs="" ; break else - cat >conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ #include foo(void) @@ -45730,46 +25101,22 @@ else } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : krb_cv_sys_x_libs_rpath="$rflag"; krb_cv_sys_x_libs="$foo"; break else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -: + : fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - done LIBS="$ac_save_libs" CFLAGS="$ac_save_cflags" fi -{ echo "$as_me:$LINENO: result: $krb_cv_sys_x_libs_rpath" >&5 -echo "${ECHO_T}$krb_cv_sys_x_libs_rpath" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb_cv_sys_x_libs_rpath" >&5 +$as_echo "$krb_cv_sys_x_libs_rpath" >&6; } X_LIBS="$krb_cv_sys_x_libs" fi @@ -45799,10 +25146,10 @@ LDFLAGS="$LDFLAGS $X_LIBS" -{ echo "$as_me:$LINENO: checking for XauWriteAuth" >&5 -echo $ECHO_N "checking for XauWriteAuth... $ECHO_C" >&6; } -if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XauWriteAuth" >&5 +$as_echo_n "checking for XauWriteAuth... " >&6; } +if test "${ac_cv_funclib_XauWriteAuth+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then @@ -45816,11 +25163,7 @@ if eval "test \"\$ac_cv_func_XauWriteAuth\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -45831,34 +25174,11 @@ XauWriteAuth(0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauWriteAuth=$ac_lib; else ac_cv_funclib_XauWriteAuth=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_XauWriteAuth=\${ac_cv_funclib_XauWriteAuth-no}" LIBS="$ac_save_LIBS" @@ -45870,95 +25190,12 @@ fi eval "ac_res=\$ac_cv_funclib_XauWriteAuth" if false; then - -for ac_func in XauWriteAuth -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in XauWriteAuth +do : + ac_fn_c_check_func "$LINENO" "XauWriteAuth" "ac_cv_func_XauWriteAuth" +if test "x$ac_cv_func_XauWriteAuth" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_XAUWRITEAUTH 1 _ACEOF fi @@ -45978,14 +25215,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_XauWriteAuth=no" eval "LIB_XauWriteAuth=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_XauWriteAuth=yes" @@ -45998,8 +25235,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -46009,10 +25246,10 @@ LIBS="$LIB_XauWriteAuth $LIBS" -{ echo "$as_me:$LINENO: checking for XauReadAuth" >&5 -echo $ECHO_N "checking for XauReadAuth... $ECHO_C" >&6; } -if test "${ac_cv_funclib_XauReadAuth+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XauReadAuth" >&5 +$as_echo_n "checking for XauReadAuth... " >&6; } +if test "${ac_cv_funclib_XauReadAuth+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then @@ -46026,11 +25263,7 @@ if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -46041,34 +25274,11 @@ XauReadAuth(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}" LIBS="$ac_save_LIBS" @@ -46080,95 +25290,12 @@ fi eval "ac_res=\$ac_cv_funclib_XauReadAuth" if false; then - -for ac_func in XauReadAuth -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in XauReadAuth +do : + ac_fn_c_check_func "$LINENO" "XauReadAuth" "ac_cv_func_XauReadAuth" +if test "x$ac_cv_func_XauReadAuth" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_XAUREADAUTH 1 _ACEOF fi @@ -46188,14 +25315,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_XauReadAuth=no" eval "LIB_XauReadAuth=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_XauReadAuth=yes" @@ -46208,8 +25335,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -46218,10 +25345,10 @@ LIBS="$LIB_XauReadAauth $LIBS" -{ echo "$as_me:$LINENO: checking for XauFileName" >&5 -echo $ECHO_N "checking for XauFileName... $ECHO_C" >&6; } -if test "${ac_cv_funclib_XauFileName+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XauFileName" >&5 +$as_echo_n "checking for XauFileName... " >&6; } +if test "${ac_cv_funclib_XauFileName+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then @@ -46235,11 +25362,7 @@ if eval "test \"\$ac_cv_func_XauFileName\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -46250,34 +25373,11 @@ XauFileName() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauFileName=$ac_lib; else ac_cv_funclib_XauFileName=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_XauFileName=\${ac_cv_funclib_XauFileName-no}" LIBS="$ac_save_LIBS" @@ -46289,95 +25389,12 @@ fi eval "ac_res=\$ac_cv_funclib_XauFileName" if false; then - -for ac_func in XauFileName -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in XauFileName +do : + ac_fn_c_check_func "$LINENO" "XauFileName" "ac_cv_func_XauFileName" +if test "x$ac_cv_func_XauFileName" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_XAUFILENAME 1 _ACEOF fi @@ -46397,14 +25414,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_XauFileName=no" eval "LIB_XauFileName=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_XauFileName=yes" @@ -46417,8 +25434,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -46472,16 +25489,12 @@ LDFLAGS=$save_LDFLAGS -{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 -echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; } -if test "${ac_cv_c_const+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +$as_echo_n "checking for an ANSI C-conforming const... " >&6; } +if test "${ac_cv_c_const+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -46541,98 +25554,24 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_c_const=no + ac_cv_c_const=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 -echo "${ECHO_T}$ac_cv_c_const" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +$as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then -cat >>confdefs.h <<\_ACEOF -#define const -_ACEOF +$as_echo "#define const /**/" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking for off_t" >&5 -echo $ECHO_N "checking for off_t... $ECHO_C" >&6; } -if test "${ac_cv_type_off_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef off_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_off_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" +if test "x$ac_cv_type_off_t" = x""yes; then : - ac_cv_type_off_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5 -echo "${ECHO_T}$ac_cv_type_off_t" >&6; } -if test $ac_cv_type_off_t = yes; then - : else cat >>confdefs.h <<_ACEOF @@ -46641,16 +25580,12 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for mode_t" >&5 -echo $ECHO_N "checking for mode_t... $ECHO_C" >&6; } -if test "${ac_cv_type_mode_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5 +$as_echo_n "checking for mode_t... " >&6; } +if test "${ac_cv_type_mode_t+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #if STDC_HEADERS @@ -46660,7 +25595,7 @@ cat >>conftest.$ac_ext <<_ACEOF _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + $EGREP "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then : ac_cv_type_mode_t=yes else ac_cv_type_mode_t=no @@ -46668,26 +25603,20 @@ fi rm -f conftest* fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5 -echo "${ECHO_T}$ac_cv_type_mode_t" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_mode_t" >&5 +$as_echo "$ac_cv_type_mode_t" >&6; } if test $ac_cv_type_mode_t = no; then -cat >>confdefs.h <<\_ACEOF -#define mode_t unsigned short -_ACEOF +$as_echo "#define mode_t unsigned short" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking for sig_atomic_t" >&5 -echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6; } -if test "${ac_cv_type_sig_atomic_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sig_atomic_t" >&5 +$as_echo_n "checking for sig_atomic_t... " >&6; } +if test "${ac_cv_type_sig_atomic_t+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #if STDC_HEADERS @@ -46697,7 +25626,7 @@ cat >>conftest.$ac_ext <<_ACEOF #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + $EGREP "sig_atomic_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then : ac_cv_type_sig_atomic_t=yes else ac_cv_type_sig_atomic_t=no @@ -46705,29 +25634,23 @@ fi rm -f conftest* fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5 -echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_sig_atomic_t" >&5 +$as_echo "$ac_cv_type_sig_atomic_t" >&6; } if test $ac_cv_type_sig_atomic_t = no; then -cat >>confdefs.h <<\_ACEOF -#define sig_atomic_t int -_ACEOF +$as_echo "#define sig_atomic_t int" >>confdefs.h fi cv=`echo "long long" | sed 'y%./+- %__p__%'` -{ echo "$as_me:$LINENO: checking for long long" >&5 -echo $ECHO_N "checking for long long... $ECHO_C" >&6; } -if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long" >&5 +$as_echo_n "checking for long long... " >&6; } +if { as_var=ac_cv_type_$cv; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -46744,93 +25667,21 @@ long long foo; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_type_$cv=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_type_$cv=no" + eval "ac_cv_type_$cv=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_foo=`eval echo \\$ac_cv_type_$cv` -{ echo "$as_me:$LINENO: result: $ac_foo" >&5 -echo "${ECHO_T}$ac_foo" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_foo" >&5 +$as_echo "$ac_foo" >&6; } if test "$ac_foo" = yes; then ac_tr_hdr=HAVE_`echo long long | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'` if false; then - { echo "$as_me:$LINENO: checking for long long" >&5 -echo $ECHO_N "checking for long long... $ECHO_C" >&6; } -if test "${ac_cv_type_long_long+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef long long ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_long_long=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_long_long=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5 -echo "${ECHO_T}$ac_cv_type_long_long" >&6; } -if test $ac_cv_type_long_long = yes; then + ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" +if test "x$ac_cv_type_long_long" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LONG_LONG 1 @@ -46847,16 +25698,12 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5 -echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; } -if test "${ac_cv_header_time+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 +$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } +if test "${ac_cv_header_time+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -46871,53 +25718,27 @@ return 0; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_time=no + ac_cv_header_time=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5 -echo "${ECHO_T}$ac_cv_header_time" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 +$as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then -cat >>confdefs.h <<\_ACEOF -#define TIME_WITH_SYS_TIME 1 -_ACEOF +$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5 -echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6; } -if test "${ac_cv_struct_tm+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 +$as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } +if test "${ac_cv_struct_tm+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -46927,59 +25748,33 @@ main () { struct tm tm; int *p = &tm.tm_sec; - return !p; + return !p; ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_struct_tm=time.h else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_struct_tm=sys/time.h + ac_cv_struct_tm=sys/time.h fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5 -echo "${ECHO_T}$ac_cv_struct_tm" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 +$as_echo "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then -cat >>confdefs.h <<\_ACEOF -#define TM_IN_SYS_TIME 1 -_ACEOF +$as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5 -echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } -if test "${ac_cv_header_stdc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -46994,47 +25789,23 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_stdc=no + ac_cv_header_stdc=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then - : + $EGREP "memchr" >/dev/null 2>&1; then : + else ac_cv_header_stdc=no fi @@ -47044,18 +25815,14 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then - : + $EGREP "free" >/dev/null 2>&1; then : + else ac_cv_header_stdc=no fi @@ -47065,14 +25832,10 @@ fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : : else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -47099,111 +25862,36 @@ main () return 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - : +if ac_fn_c_try_run "$LINENO"; then : + else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_header_stdc=no + ac_cv_header_stdc=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 -echo "${ECHO_T}$ac_cv_header_stdc" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then -cat >>confdefs.h <<\_ACEOF -#define STDC_HEADERS 1 -_ACEOF +$as_echo "#define STDC_HEADERS 1" >>confdefs.h fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - for ac_header in \ + CommonCrypto/CommonDigest.h \ + CommonCrypto/CommonCryptor.h \ arpa/ftp.h \ arpa/telnet.h \ bind/bitypes.h \ bsdsetjmp.h \ curses.h \ dlfcn.h \ + execinfo.h \ fnmatch.h \ inttypes.h \ io.h \ @@ -47212,7 +25900,6 @@ for ac_header in \ maillock.h \ netgroup.h \ netinet/in6_machtypes.h \ - netinfo/ni.h \ pthread.h \ pty.h \ sac.h \ @@ -47241,6 +25928,7 @@ for ac_header in \ sys/times.h \ sys/types.h \ sys/un.h \ + locale.h \ termcap.h \ termio.h \ termios.h \ @@ -47251,143 +25939,13 @@ for ac_header in \ utmp.h \ utmpx.h \ -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -47395,55 +25953,12 @@ fi done - for ac_header in term.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f conftest.err conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + ac_fn_c_check_header_preproc "$LINENO" "term.h" "ac_cv_header_term_h" +if test "x$ac_cv_header_term_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_TERM_H 1 _ACEOF fi @@ -47451,61 +25966,34 @@ fi done +for ac_header in asl.h +do : + ac_fn_c_check_header_compile "$LINENO" "asl.h" "ac_cv_header_asl_h" " +#include +#ifndef ASL_STRING_EMERG +#error ASL_STRING_EMERG missing +#endif +" +if test "x$ac_cv_header_asl_h" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ASL_H 1 +_ACEOF + +fi + +done + for ac_header in net/if.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" "$ac_includes_default #if HAVE_SYS_SOCKET_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_net_if_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_NET_IF_H 1 _ACEOF fi @@ -47513,61 +26001,16 @@ fi done - for ac_header in sys/ptyvar.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "sys/ptyvar.h" "ac_cv_header_sys_ptyvar_h" "$ac_includes_default #if HAVE_SYS_TTY_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_sys_ptyvar_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_PTYVAR_H 1 _ACEOF fi @@ -47575,64 +26018,19 @@ fi done - for ac_header in sys/strtty.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "sys/strtty.h" "ac_cv_header_sys_strtty_h" "$ac_includes_default #if HAVE_TERMIOS_H #include #endif #if HAVE_SYS_STREAM_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_sys_strtty_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_STRTTY_H 1 _ACEOF fi @@ -47640,64 +26038,19 @@ fi done - for ac_header in sys/ucred.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "sys/ucred.h" "ac_cv_header_sys_ucred_h" "$ac_includes_default #if HAVE_SYS_TYPES_H #include #endif #if HAVE_SYS_PARAM_H #include #endif - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_sys_ucred_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_UCRED_H 1 _ACEOF fi @@ -47705,60 +26058,15 @@ fi done - for ac_header in security/pam_modules.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default +do : + ac_fn_c_check_header_compile "$LINENO" "security/pam_modules.h" "ac_cv_header_security_pam_modules_h" "$ac_includes_default #include - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then +" +if test "x$ac_cv_header_security_pam_modules_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SECURITY_PAM_MODULES_H 1 _ACEOF fi @@ -47766,19 +26074,6 @@ fi done -# Check whether --enable-netinfo was given. -if test "${enable_netinfo+set}" = set; then - enableval=$enable_netinfo; -fi - - -if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_NETINFO 1 -_ACEOF - -fi @@ -47787,12 +26082,10 @@ fi - - -{ echo "$as_me:$LINENO: checking for logwtmp" >&5 -echo $ECHO_N "checking for logwtmp... $ECHO_C" >&6; } -if test "${ac_cv_funclib_logwtmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for logwtmp" >&5 +$as_echo_n "checking for logwtmp... " >&6; } +if test "${ac_cv_funclib_logwtmp+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then @@ -47806,11 +26099,7 @@ if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_UTIL_H @@ -47825,34 +26114,11 @@ logwtmp(0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}" LIBS="$ac_save_LIBS" @@ -47864,95 +26130,12 @@ fi eval "ac_res=\$ac_cv_funclib_logwtmp" if false; then - -for ac_func in logwtmp -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in logwtmp +do : + ac_fn_c_check_func "$LINENO" "logwtmp" "ac_cv_func_logwtmp" +if test "x$ac_cv_func_logwtmp" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_LOGWTMP 1 _ACEOF fi @@ -47972,14 +26155,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_logwtmp=no" eval "LIB_logwtmp=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_logwtmp=yes" @@ -47992,8 +26175,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -48001,10 +26184,10 @@ esac -{ echo "$as_me:$LINENO: checking for logout" >&5 -echo $ECHO_N "checking for logout... $ECHO_C" >&6; } -if test "${ac_cv_funclib_logout+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for logout" >&5 +$as_echo_n "checking for logout... " >&6; } +if test "${ac_cv_funclib_logout+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_logout\" != yes" ; then @@ -48018,11 +26201,7 @@ if eval "test \"\$ac_cv_func_logout\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_UTIL_H @@ -48037,34 +26216,11 @@ logout(0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}" LIBS="$ac_save_LIBS" @@ -48076,95 +26232,12 @@ fi eval "ac_res=\$ac_cv_funclib_logout" if false; then - -for ac_func in logout -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in logout +do : + ac_fn_c_check_func "$LINENO" "logout" "ac_cv_func_logout" +if test "x$ac_cv_func_logout" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_LOGOUT 1 _ACEOF fi @@ -48184,14 +26257,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_logout=no" eval "LIB_logout=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_logout=yes" @@ -48204,8 +26277,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -48213,10 +26286,10 @@ esac -{ echo "$as_me:$LINENO: checking for openpty" >&5 -echo $ECHO_N "checking for openpty... $ECHO_C" >&6; } -if test "${ac_cv_funclib_openpty+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty" >&5 +$as_echo_n "checking for openpty... " >&6; } +if test "${ac_cv_funclib_openpty+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_openpty\" != yes" ; then @@ -48230,11 +26303,7 @@ if eval "test \"\$ac_cv_func_openpty\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_UTIL_H @@ -48249,34 +26318,11 @@ openpty(0,0,0,0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_openpty=$ac_lib; else ac_cv_funclib_openpty=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_openpty=\${ac_cv_funclib_openpty-no}" LIBS="$ac_save_LIBS" @@ -48288,95 +26334,12 @@ fi eval "ac_res=\$ac_cv_funclib_openpty" if false; then - -for ac_func in openpty -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in openpty +do : + ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty" +if test "x$ac_cv_func_openpty" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_OPENPTY 1 _ACEOF fi @@ -48396,14 +26359,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_openpty=no" eval "LIB_openpty=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_openpty=yes" @@ -48416,8 +26379,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -48426,10 +26389,10 @@ esac -{ echo "$as_me:$LINENO: checking for tgetent" >&5 -echo $ECHO_N "checking for tgetent... $ECHO_C" >&6; } -if test "${ac_cv_funclib_tgetent+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tgetent" >&5 +$as_echo_n "checking for tgetent... " >&6; } +if test "${ac_cv_funclib_tgetent+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then @@ -48443,11 +26406,7 @@ if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_TERMCAP_H @@ -48465,34 +26424,11 @@ tgetent(0,0) return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}" LIBS="$ac_save_LIBS" @@ -48504,95 +26440,12 @@ fi eval "ac_res=\$ac_cv_funclib_tgetent" if false; then - -for ac_func in tgetent -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in tgetent +do : + ac_fn_c_check_func "$LINENO" "tgetent" "ac_cv_func_tgetent" +if test "x$ac_cv_func_tgetent" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_TGETENT 1 _ACEOF fi @@ -48612,14 +26465,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_tgetent=no" eval "LIB_tgetent=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_tgetent=yes" @@ -48632,48 +26485,19 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - for ac_func in \ _getpty \ _scrsize \ arc4random \ + backtrace \ fcntl \ getpeereid \ getpeerucred \ @@ -48702,352 +26526,70 @@ for ac_func in \ vhangup \ yp_get_default_domain \ -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + +fi +done + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking checking for __sync_add_and_fetch" >&5 +$as_echo_n "checking checking for __sync_add_and_fetch... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - +#include int main () { -return $ac_func (); +unsigned int foo; __sync_add_and_fetch(&foo, 1); ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" +if ac_fn_c_try_link "$LINENO"; then : + ac_rk_have___sync_add_and_fetch=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" + ac_rk_have___sync_add_and_fetch=no fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test "$ac_rk_have___sync_add_and_fetch" = "yes" ; then -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +cat >>confdefs.h <<_ACEOF +#define HAVE___SYNC_ADD_AND_FETCH 1 _ACEOF fi -done - - - - -for ac_header in stdlib.h unistd.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_rk_have___sync_add_and_fetch" >&5 +$as_echo "$ac_rk_have___sync_add_and_fetch" >&6; } for ac_func in getpagesize -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then +do : + ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" +if test "x$ac_cv_func_getpagesize" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETPAGESIZE 1 _ACEOF fi done -{ echo "$as_me:$LINENO: checking for working mmap" >&5 -echo $ECHO_N "checking for working mmap... $ECHO_C" >&6; } -if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mmap" >&5 +$as_echo_n "checking for working mmap... " >&6; } +if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then : + $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : ac_cv_func_mmap_fixed_mapped=no else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default /* malloc might have been renamed as rpl_malloc. */ @@ -49084,11 +26626,6 @@ char *malloc (); /* This mess was copied from the GNU getpagesize.h. */ #ifndef HAVE_GETPAGESIZE -/* Assume that all systems that can run configure have sys/param.h. */ -# ifndef HAVE_SYS_PARAM_H -# define HAVE_SYS_PARAM_H 1 -# endif - # ifdef _SC_PAGESIZE # define getpagesize() sysconf(_SC_PAGESIZE) # else /* no _SC_PAGESIZE */ @@ -49124,7 +26661,7 @@ main () { char *data, *data2, *data3; int i, pagesize; - int fd; + int fd, fd2; pagesize = getpagesize (); @@ -49137,27 +26674,41 @@ main () umask (0); fd = creat ("conftest.mmap", 0600); if (fd < 0) - return 1; + return 2; if (write (fd, data, pagesize) != pagesize) - return 1; + return 3; close (fd); + /* Next, check that the tail of a page is zero-filled. File must have + non-zero length, otherwise we risk SIGBUS for entire page. */ + fd2 = open ("conftest.txt", O_RDWR | O_CREAT | O_TRUNC, 0600); + if (fd2 < 0) + return 4; + data2 = ""; + if (write (fd2, data2, 1) != 1) + return 5; + data2 = mmap (0, pagesize, PROT_READ | PROT_WRITE, MAP_SHARED, fd2, 0L); + if (data2 == MAP_FAILED) + return 6; + for (i = 0; i < pagesize; ++i) + if (*(data2 + i)) + return 7; + close (fd2); + if (munmap (data2, pagesize)) + return 8; + /* Next, try to mmap the file at a fixed address which already has something else allocated at it. If we can, also make sure that we see the same garbage. */ fd = open ("conftest.mmap", O_RDWR); if (fd < 0) - return 1; - data2 = (char *) malloc (2 * pagesize); - if (!data2) - return 1; - data2 += (pagesize - ((long int) data2 & (pagesize - 1))) & (pagesize - 1); + return 9; if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED, fd, 0L)) - return 1; + return 10; for (i = 0; i < pagesize; ++i) if (*(data + i) != *(data2 + i)) - return 1; + return 11; /* Finally, make sure that changes to the mapped area do not percolate back to the file as seen by read(). (This is a bug on @@ -49166,204 +26717,46 @@ main () *(data2 + i) = *(data2 + i) + 1; data3 = (char *) malloc (pagesize); if (!data3) - return 1; + return 12; if (read (fd, data3, pagesize) != pagesize) - return 1; + return 13; for (i = 0; i < pagesize; ++i) if (*(data + i) != *(data3 + i)) - return 1; + return 14; close (fd); return 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_mmap_fixed_mapped=yes else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_mmap_fixed_mapped=no + ac_cv_func_mmap_fixed_mapped=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5 -echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_mmap_fixed_mapped" >&5 +$as_echo "$ac_cv_func_mmap_fixed_mapped" >&6; } if test $ac_cv_func_mmap_fixed_mapped = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_MMAP 1 -_ACEOF +$as_echo "#define HAVE_MMAP 1" >>confdefs.h fi -rm -f conftest.mmap - - +rm -f conftest.mmap conftest.txt for ac_header in capability.h sys/capability.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ----------------------------------- ## -## Report this to heimdal-bugs@h5l.org ## -## ----------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi @@ -49371,96 +26764,14 @@ fi done - - for ac_func in sgi_getcapabilitybyname cap_set_proc -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi @@ -49472,10 +26783,10 @@ done -{ echo "$as_me:$LINENO: checking for getpwnam_r" >&5 -echo $ECHO_N "checking for getpwnam_r... $ECHO_C" >&6; } -if test "${ac_cv_funclib_getpwnam_r+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpwnam_r" >&5 +$as_echo_n "checking for getpwnam_r... " >&6; } +if test "${ac_cv_funclib_getpwnam_r+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then @@ -49489,11 +26800,7 @@ if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -49504,34 +26811,11 @@ getpwnam_r() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}" LIBS="$ac_save_LIBS" @@ -49543,95 +26827,12 @@ fi eval "ac_res=\$ac_cv_funclib_getpwnam_r" if false; then - -for ac_func in getpwnam_r -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in getpwnam_r +do : + ac_fn_c_check_func "$LINENO" "getpwnam_r" "ac_cv_func_getpwnam_r" +if test "x$ac_cv_func_getpwnam_r" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_GETPWNAM_R 1 _ACEOF fi @@ -49651,14 +26852,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_getpwnam_r=no" eval "LIB_getpwnam_r=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_getpwnam_r=yes" @@ -49671,28 +26872,24 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac if test "$ac_cv_func_getpwnam_r" = yes; then - { echo "$as_me:$LINENO: checking if getpwnam_r is posix" >&5 -echo $ECHO_N "checking if getpwnam_r is posix... $ECHO_C" >&6; } -if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getpwnam_r is posix" >&5 +$as_echo_n "checking if getpwnam_r is posix... " >&6; } +if test "${ac_cv_func_getpwnam_r_posix+set}" = set; then : + $as_echo_n "(cached) " >&6 else ac_libs="$LIBS" LIBS="$LIBS $LIB_getpwnam_r" - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : : else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _POSIX_PTHREAD_SEMANTICS @@ -49700,52 +26897,65 @@ cat >>conftest.$ac_ext <<_ACEOF int main(int argc, char **argv) { struct passwd pw, *pwd; - return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; + return getpwnam_r("", &pw, 0, 0, &pwd) < 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_getpwnam_r_posix=yes else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_getpwnam_r_posix=no + ac_cv_func_getpwnam_r_posix=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - LIBS="$ac_libs" fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getpwnam_r_posix" >&5 -echo "${ECHO_T}$ac_cv_func_getpwnam_r_posix" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpwnam_r_posix" >&5 +$as_echo "$ac_cv_func_getpwnam_r_posix" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if _POSIX_PTHREAD_SEMANTICS is needed" >&5 +$as_echo_n "checking if _POSIX_PTHREAD_SEMANTICS is needed... " >&6; } +if test "${ac_cv_func_getpwnam_r_posix_def+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +int main(int argc, char **argv) +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, 0, 0, &pwd) < 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_getpwnam_r_posix_def=no +else + ac_cv_func_getpwnam_r_posix_def=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +LIBS="$ac_libs" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpwnam_r_posix_def" >&5 +$as_echo "$ac_cv_func_getpwnam_r_posix_def" >&6; } if test "$ac_cv_func_getpwnam_r_posix" = yes; then -cat >>confdefs.h <<\_ACEOF -#define POSIX_GETPWNAM_R 1 -_ACEOF +$as_echo "#define POSIX_GETPWNAM_R 1" >>confdefs.h + +fi +if test "$ac_cv_func_getpwnam_r_posix" = yes -a "$ac_cv_func_getpwnam_r_posix_def" = yes; then + +$as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h fi fi @@ -49757,10 +26967,10 @@ if test "$enable_pthread_support" != no; then -{ echo "$as_me:$LINENO: checking for door_create" >&5 -echo $ECHO_N "checking for door_create... $ECHO_C" >&6; } -if test "${ac_cv_funclib_door_create+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for door_create" >&5 +$as_echo_n "checking for door_create... " >&6; } +if test "${ac_cv_funclib_door_create+set}" = set; then : + $as_echo_n "(cached) " >&6 else if eval "test \"\$ac_cv_func_door_create\" != yes" ; then @@ -49774,11 +26984,7 @@ if eval "test \"\$ac_cv_func_door_create\" != yes" ; then *) ac_lib="-l$ac_lib" ;; esac LIBS=" $ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -49789,34 +26995,11 @@ door_create() return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : eval "if test -n \"$ac_lib\";then ac_cv_funclib_door_create=$ac_lib; else ac_cv_funclib_door_create=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext done eval "ac_cv_funclib_door_create=\${ac_cv_funclib_door_create-no}" LIBS="$ac_save_LIBS" @@ -49828,95 +27011,12 @@ fi eval "ac_res=\$ac_cv_funclib_door_create" if false; then - -for ac_func in door_create -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then + for ac_func in door_create +do : + ac_fn_c_check_func "$LINENO" "door_create" "ac_cv_func_door_create" +if test "x$ac_cv_func_door_create" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define HAVE_DOOR_CREATE 1 _ACEOF fi @@ -49936,14 +27036,14 @@ case "$ac_res" in #define $ac_tr_func 1 _ACEOF - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } ;; no) eval "ac_cv_func_door_create=no" eval "LIB_door_create=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; *) eval "ac_cv_func_door_create=yes" @@ -49956,8 +27056,8 @@ _ACEOF #define $ac_tr_lib 1 _ACEOF - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, in $ac_res" >&5 +$as_echo "yes, in $ac_res" >&6; } ;; esac @@ -49966,7 +27066,7 @@ esac fi # Check whether --enable-kcm was given. -if test "${enable_kcm+set}" = set; then +if test "${enable_kcm+set}" = set; then : enableval=$enable_kcm; else enable_kcm=yes @@ -49980,9 +27080,7 @@ if test "$enable_kcm" = yes ; then fi if test "$enable_kcm" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_KCM 1 -_ACEOF +$as_echo "#define HAVE_KCM 1" >>confdefs.h fi if test "$enable_kcm" = yes; then @@ -49996,96 +27094,14 @@ fi - - for ac_func in getudbnam setlim -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi @@ -50096,17 +27112,13 @@ done -{ echo "$as_me:$LINENO: checking for ut_addr in struct utmp" >&5 -echo $ECHO_N "checking for ut_addr in struct utmp... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr in struct utmp" >&5 +$as_echo_n "checking for ut_addr in struct utmp... " >&6; } +if test "${ac_cv_type_struct_utmp_ut_addr+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50117,42 +27129,20 @@ struct utmp x; memset(&x, 0, sizeof(x)); x.ut_addr return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmp_ut_addr=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmp_ut_addr=no + ac_cv_type_struct_utmp_ut_addr=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_addr" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_addr" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmp_ut_addr" >&5 +$as_echo "$ac_cv_type_struct_utmp_ut_addr" >&6; } if test "$ac_cv_type_struct_utmp_ut_addr" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMP_UT_ADDR 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMP_UT_ADDR 1" >>confdefs.h fi @@ -50160,17 +27150,13 @@ fi -{ echo "$as_me:$LINENO: checking for ut_host in struct utmp" >&5 -echo $ECHO_N "checking for ut_host in struct utmp... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host in struct utmp" >&5 +$as_echo_n "checking for ut_host in struct utmp... " >&6; } +if test "${ac_cv_type_struct_utmp_ut_host+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50181,42 +27167,20 @@ struct utmp x; memset(&x, 0, sizeof(x)); x.ut_host return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmp_ut_host=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmp_ut_host=no + ac_cv_type_struct_utmp_ut_host=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_host" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_host" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmp_ut_host" >&5 +$as_echo "$ac_cv_type_struct_utmp_ut_host" >&6; } if test "$ac_cv_type_struct_utmp_ut_host" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMP_UT_HOST 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMP_UT_HOST 1" >>confdefs.h fi @@ -50224,17 +27188,13 @@ fi -{ echo "$as_me:$LINENO: checking for ut_id in struct utmp" >&5 -echo $ECHO_N "checking for ut_id in struct utmp... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id in struct utmp" >&5 +$as_echo_n "checking for ut_id in struct utmp... " >&6; } +if test "${ac_cv_type_struct_utmp_ut_id+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50245,42 +27205,20 @@ struct utmp x; memset(&x, 0, sizeof(x)); x.ut_id return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmp_ut_id=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmp_ut_id=no + ac_cv_type_struct_utmp_ut_id=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_id" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_id" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmp_ut_id" >&5 +$as_echo "$ac_cv_type_struct_utmp_ut_id" >&6; } if test "$ac_cv_type_struct_utmp_ut_id" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMP_UT_ID 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMP_UT_ID 1" >>confdefs.h fi @@ -50288,17 +27226,13 @@ fi -{ echo "$as_me:$LINENO: checking for ut_pid in struct utmp" >&5 -echo $ECHO_N "checking for ut_pid in struct utmp... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid in struct utmp" >&5 +$as_echo_n "checking for ut_pid in struct utmp... " >&6; } +if test "${ac_cv_type_struct_utmp_ut_pid+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50309,42 +27243,20 @@ struct utmp x; memset(&x, 0, sizeof(x)); x.ut_pid return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmp_ut_pid=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmp_ut_pid=no + ac_cv_type_struct_utmp_ut_pid=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_pid" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_pid" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmp_ut_pid" >&5 +$as_echo "$ac_cv_type_struct_utmp_ut_pid" >&6; } if test "$ac_cv_type_struct_utmp_ut_pid" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMP_UT_PID 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMP_UT_PID 1" >>confdefs.h fi @@ -50352,17 +27264,13 @@ fi -{ echo "$as_me:$LINENO: checking for ut_type in struct utmp" >&5 -echo $ECHO_N "checking for ut_type in struct utmp... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type in struct utmp" >&5 +$as_echo_n "checking for ut_type in struct utmp... " >&6; } +if test "${ac_cv_type_struct_utmp_ut_type+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50373,42 +27281,20 @@ struct utmp x; memset(&x, 0, sizeof(x)); x.ut_type return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmp_ut_type=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmp_ut_type=no + ac_cv_type_struct_utmp_ut_type=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_type" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_type" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmp_ut_type" >&5 +$as_echo "$ac_cv_type_struct_utmp_ut_type" >&6; } if test "$ac_cv_type_struct_utmp_ut_type" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMP_UT_TYPE 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMP_UT_TYPE 1" >>confdefs.h fi @@ -50416,17 +27302,13 @@ fi -{ echo "$as_me:$LINENO: checking for ut_user in struct utmp" >&5 -echo $ECHO_N "checking for ut_user in struct utmp... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_user in struct utmp" >&5 +$as_echo_n "checking for ut_user in struct utmp... " >&6; } +if test "${ac_cv_type_struct_utmp_ut_user+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50437,42 +27319,20 @@ struct utmp x; memset(&x, 0, sizeof(x)); x.ut_user return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmp_ut_user=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmp_ut_user=no + ac_cv_type_struct_utmp_ut_user=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmp_ut_user" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmp_ut_user" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmp_ut_user" >&5 +$as_echo "$ac_cv_type_struct_utmp_ut_user" >&6; } if test "$ac_cv_type_struct_utmp_ut_user" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMP_UT_USER 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMP_UT_USER 1" >>confdefs.h fi @@ -50480,17 +27340,279 @@ fi -{ echo "$as_me:$LINENO: checking for ut_exit in struct utmpx" >&5 -echo $ECHO_N "checking for ut_exit in struct utmpx... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host in struct utmpx" >&5 +$as_echo_n "checking for ut_host in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_host+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_host + ; + return 0; +} _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_host=yes +else + ac_cv_type_struct_utmpx_ut_host=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_host" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_host" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_host" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_HOST 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id in struct utmpx" >&5 +$as_echo_n "checking for ut_id in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_id+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_id + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_id=yes +else + ac_cv_type_struct_utmpx_ut_id=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_id" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_id" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_id" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_ID 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_line in struct utmpx" >&5 +$as_echo_n "checking for ut_line in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_line+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_line + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_line=yes +else + ac_cv_type_struct_utmpx_ut_line=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_line" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_line" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_line" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_LINE 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid in struct utmpx" >&5 +$as_echo_n "checking for ut_pid in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_pid+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_pid + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_pid=yes +else + ac_cv_type_struct_utmpx_ut_pid=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_pid" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_pid" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_pid" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_PID 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv in struct utmpx" >&5 +$as_echo_n "checking for ut_tv in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_tv+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_tv + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_tv=yes +else + ac_cv_type_struct_utmpx_ut_tv=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_tv" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_tv" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_tv" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_TV 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type in struct utmpx" >&5 +$as_echo_n "checking for ut_type in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_type+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_type + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_type=yes +else + ac_cv_type_struct_utmpx_ut_type=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_type" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_type" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_type" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_TYPE 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_user in struct utmpx" >&5 +$as_echo_n "checking for ut_user in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_user+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_user + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_type_struct_utmpx_ut_user=yes +else + ac_cv_type_struct_utmpx_ut_user=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_user" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_user" >&6; } +if test "$ac_cv_type_struct_utmpx_ut_user" = yes; then + + +$as_echo "#define HAVE_STRUCT_UTMPX_UT_USER 1" >>confdefs.h + + +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit in struct utmpx" >&5 +$as_echo_n "checking for ut_exit in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_exit+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50501,42 +27623,20 @@ struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_exit return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmpx_ut_exit=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmpx_ut_exit=no + ac_cv_type_struct_utmpx_ut_exit=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_exit" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_exit" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_exit" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_exit" >&6; } if test "$ac_cv_type_struct_utmpx_ut_exit" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMPX_UT_EXIT 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMPX_UT_EXIT 1" >>confdefs.h fi @@ -50544,17 +27644,13 @@ fi -{ echo "$as_me:$LINENO: checking for ut_syslen in struct utmpx" >&5 -echo $ECHO_N "checking for ut_syslen in struct utmpx... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_syslen in struct utmpx" >&5 +$as_echo_n "checking for ut_syslen in struct utmpx... " >&6; } +if test "${ac_cv_type_struct_utmpx_ut_syslen+set}" = set; then : + $as_echo_n "(cached) " >&6 else -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -50565,60 +27661,27 @@ struct utmpx x; memset(&x, 0, sizeof(x)); x.ut_syslen return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_struct_utmpx_ut_syslen=yes else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_utmpx_ut_syslen=no + ac_cv_type_struct_utmpx_ut_syslen=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5 -echo "${ECHO_T}$ac_cv_type_struct_utmpx_ut_syslen" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_struct_utmpx_ut_syslen" >&5 +$as_echo "$ac_cv_type_struct_utmpx_ut_syslen" >&6; } if test "$ac_cv_type_struct_utmpx_ut_syslen" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1 -_ACEOF +$as_echo "#define HAVE_STRUCT_UTMPX_UT_SYSLEN 1" >>confdefs.h fi -{ echo "$as_me:$LINENO: checking for int8_t" >&5 -echo $ECHO_N "checking for int8_t... $ECHO_C" >&6; } -if test "${ac_cv_type_int8_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -50635,49 +27698,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef int8_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_int8_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_int8_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_int8_t" >&5 -echo "${ECHO_T}$ac_cv_type_int8_t" >&6; } -if test $ac_cv_type_int8_t = yes; then +" +if test "x$ac_cv_type_int8_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT8_T 1 @@ -50685,18 +27707,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for int16_t" >&5 -echo $ECHO_N "checking for int16_t... $ECHO_C" >&6; } -if test "${ac_cv_type_int16_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -50713,49 +27724,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef int16_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_int16_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_int16_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_int16_t" >&5 -echo "${ECHO_T}$ac_cv_type_int16_t" >&6; } -if test $ac_cv_type_int16_t = yes; then +" +if test "x$ac_cv_type_int16_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT16_T 1 @@ -50763,18 +27733,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for int32_t" >&5 -echo $ECHO_N "checking for int32_t... $ECHO_C" >&6; } -if test "${ac_cv_type_int32_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -50791,49 +27750,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef int32_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_int32_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_int32_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_int32_t" >&5 -echo "${ECHO_T}$ac_cv_type_int32_t" >&6; } -if test $ac_cv_type_int32_t = yes; then +" +if test "x$ac_cv_type_int32_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT32_T 1 @@ -50841,18 +27759,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for int64_t" >&5 -echo $ECHO_N "checking for int64_t... $ECHO_C" >&6; } -if test "${ac_cv_type_int64_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "int64_t" "ac_cv_type_int64_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -50869,49 +27776,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef int64_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_int64_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_int64_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_int64_t" >&5 -echo "${ECHO_T}$ac_cv_type_int64_t" >&6; } -if test $ac_cv_type_int64_t = yes; then +" +if test "x$ac_cv_type_int64_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT64_T 1 @@ -50919,18 +27785,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for u_int8_t" >&5 -echo $ECHO_N "checking for u_int8_t... $ECHO_C" >&6; } -if test "${ac_cv_type_u_int8_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "u_int8_t" "ac_cv_type_u_int8_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -50947,49 +27802,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef u_int8_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_u_int8_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_u_int8_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int8_t" >&5 -echo "${ECHO_T}$ac_cv_type_u_int8_t" >&6; } -if test $ac_cv_type_u_int8_t = yes; then +" +if test "x$ac_cv_type_u_int8_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT8_T 1 @@ -50997,18 +27811,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for u_int16_t" >&5 -echo $ECHO_N "checking for u_int16_t... $ECHO_C" >&6; } -if test "${ac_cv_type_u_int16_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "u_int16_t" "ac_cv_type_u_int16_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51025,49 +27828,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef u_int16_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_u_int16_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_u_int16_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int16_t" >&5 -echo "${ECHO_T}$ac_cv_type_u_int16_t" >&6; } -if test $ac_cv_type_u_int16_t = yes; then +" +if test "x$ac_cv_type_u_int16_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT16_T 1 @@ -51075,18 +27837,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for u_int32_t" >&5 -echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6; } -if test "${ac_cv_type_u_int32_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "u_int32_t" "ac_cv_type_u_int32_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51103,49 +27854,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef u_int32_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_u_int32_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_u_int32_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int32_t" >&5 -echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6; } -if test $ac_cv_type_u_int32_t = yes; then +" +if test "x$ac_cv_type_u_int32_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT32_T 1 @@ -51153,18 +27863,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for u_int64_t" >&5 -echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6; } -if test "${ac_cv_type_u_int64_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "u_int64_t" "ac_cv_type_u_int64_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51181,49 +27880,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef u_int64_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_u_int64_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_u_int64_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int64_t" >&5 -echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6; } -if test $ac_cv_type_u_int64_t = yes; then +" +if test "x$ac_cv_type_u_int64_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT64_T 1 @@ -51231,18 +27889,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for uint8_t" >&5 -echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6; } -if test "${ac_cv_type_uint8_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51259,49 +27906,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef uint8_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_uint8_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_uint8_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uint8_t" >&5 -echo "${ECHO_T}$ac_cv_type_uint8_t" >&6; } -if test $ac_cv_type_uint8_t = yes; then +" +if test "x$ac_cv_type_uint8_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT8_T 1 @@ -51309,18 +27915,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for uint16_t" >&5 -echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6; } -if test "${ac_cv_type_uint16_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51337,49 +27932,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef uint16_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_uint16_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_uint16_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uint16_t" >&5 -echo "${ECHO_T}$ac_cv_type_uint16_t" >&6; } -if test $ac_cv_type_uint16_t = yes; then +" +if test "x$ac_cv_type_uint16_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT16_T 1 @@ -51387,18 +27941,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for uint32_t" >&5 -echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6; } -if test "${ac_cv_type_uint32_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51415,49 +27958,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef uint32_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_uint32_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_uint32_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5 -echo "${ECHO_T}$ac_cv_type_uint32_t" >&6; } -if test $ac_cv_type_uint32_t = yes; then +" +if test "x$ac_cv_type_uint32_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT32_T 1 @@ -51465,18 +27967,7 @@ _ACEOF fi -{ echo "$as_me:$LINENO: checking for uint64_t" >&5 -echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6; } -if test "${ac_cv_type_uint64_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" " #ifdef HAVE_INTTYPES_H #include #endif @@ -51493,49 +27984,8 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif - -typedef uint64_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_uint64_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_uint64_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5 -echo "${ECHO_T}$ac_cv_type_uint64_t" >&6; } -if test $ac_cv_type_uint64_t = yes; then +" +if test "x$ac_cv_type_uint64_t" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT64_T 1 @@ -51547,20 +27997,16 @@ fi -{ echo "$as_me:$LINENO: checking for framework security" >&5 -echo $ECHO_N "checking for framework security... $ECHO_C" >&6; } -if test "${rk_cv_framework_security+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for framework security" >&5 +$as_echo_n "checking for framework security... " >&6; } +if test "${rk_cv_framework_security+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test "$rk_cv_framework_security" != yes; then ac_save_LIBS="$LIBS" LIBS="$ac_save_LIBS -framework Security -framework CoreFoundation" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -51575,34 +28021,11 @@ CFRelease(&searchRef); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : rk_cv_framework_security=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS="$ac_save_LIBS" fi @@ -51611,15 +28034,13 @@ fi if test "$rk_cv_framework_security" = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_FRAMEWORK_SECURITY 1 -_ACEOF +$as_echo "#define HAVE_FRAMEWORK_SECURITY 1" >>confdefs.h - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi if test "$rk_cv_framework_security" = yes; then FRAMEWORK_SECURITY_TRUE= @@ -51633,16 +28054,12 @@ fi if test "$rk_cv_framework_security" = yes; then if test "$ac_cv_func_SecKeyGetCSPHandle+set" != set -o "$ac_cv_func_SecKeyGetCSPHandle" = yes; then -{ echo "$as_me:$LINENO: checking if SecKeyGetCSPHandle needs a prototype" >&5 -echo $ECHO_N "checking if SecKeyGetCSPHandle needs a prototype... $ECHO_C" >&6; } -if test "${ac_cv_func_SecKeyGetCSPHandle_noproto+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if SecKeyGetCSPHandle needs a prototype" >&5 +$as_echo_n "checking if SecKeyGetCSPHandle needs a prototype... " >&6; } +if test "${ac_cv_func_SecKeyGetCSPHandle_noproto+set}" = set; then : + $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include struct foo { int foo; } xx; @@ -51655,40 +28072,18 @@ SecKeyGetCSPHandle(&xx) return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : eval "ac_cv_func_SecKeyGetCSPHandle_noproto=yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "ac_cv_func_SecKeyGetCSPHandle_noproto=no" + eval "ac_cv_func_SecKeyGetCSPHandle_noproto=no" fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_SecKeyGetCSPHandle_noproto" >&5 -echo "${ECHO_T}$ac_cv_func_SecKeyGetCSPHandle_noproto" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_SecKeyGetCSPHandle_noproto" >&5 +$as_echo "$ac_cv_func_SecKeyGetCSPHandle_noproto" >&6; } if test "$ac_cv_func_SecKeyGetCSPHandle_noproto" = yes; then -cat >>confdefs.h <<\_ACEOF -#define NEED_SECKEYGETCSPHANDLE_PROTO 1 -_ACEOF +$as_echo "#define NEED_SECKEYGETCSPHANDLE_PROTO 1" >>confdefs.h fi fi @@ -51700,326 +28095,45 @@ fi - -{ echo "$as_me:$LINENO: checking for el_init" >&5 -echo $ECHO_N "checking for el_init... $ECHO_C" >&6; } -if test "${ac_cv_funclib_el_init+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - -if eval "test \"\$ac_cv_func_el_init\" != yes" ; then - ac_save_LIBS="$LIBS" - for ac_lib in "" edit; do - case "$ac_lib" in - "") ;; - yes) ac_lib="" ;; - no) continue ;; - -l*) ;; - *) ac_lib="-l$ac_lib" ;; - esac - LIBS=" $ac_lib $LIB_tgetent $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ -el_init() - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - done - eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}" - LIBS="$ac_save_LIBS" -fi - -fi - - -eval "ac_res=\$ac_cv_funclib_el_init" - -if false; then - -for ac_func in el_init -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi -# el_init -eval "ac_tr_func=HAVE_`echo el_init | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`" -eval "LIB_el_init=$ac_res" - -case "$ac_res" in - yes) - eval "ac_cv_func_el_init=yes" - eval "LIB_el_init=" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) - eval "ac_cv_func_el_init=no" - eval "LIB_el_init=" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) - eval "ac_cv_func_el_init=yes" - eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" - cat >>confdefs.h <<_ACEOF -#define $ac_tr_func 1 -_ACEOF - - cat >>confdefs.h <<_ACEOF -#define $ac_tr_lib 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes, in $ac_res" >&5 -echo "${ECHO_T}yes, in $ac_res" >&6; } - ;; -esac - - -if test "$ac_cv_func_el_init" = yes ; then - { echo "$as_me:$LINENO: checking for four argument el_init" >&5 -echo $ECHO_N "checking for four argument el_init... $ECHO_C" >&6; } -if test "${ac_cv_func_el_init_four+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - #include -int -main () -{ -el_init("", NULL, NULL, NULL); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_func_el_init_four=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_el_init_four=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_el_init_four" >&5 -echo "${ECHO_T}$ac_cv_func_el_init_four" >&6; } - if test "$ac_cv_func_el_init_four" = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_FOUR_VALUED_EL_INIT 1 -_ACEOF - - fi -fi - - ac_foo=no +build_editline=no if test "$with_readline" = yes; then : +elif test "$with_libedit" = yes; then + LIB_readline="${LIB_libedit}" elif test "$ac_cv_func_readline" = yes; then : -elif test "$ac_cv_func_el_init" = yes; then - ac_foo=yes - LIB_readline="\$(top_builddir)/lib/editline/libel_compat.la \$(LIB_el_init) \$(LIB_tgetent)" else - LIB_readline="\$(top_builddir)/lib/editline/libeditline.la \$(LIB_tgetent)" + build_libedit=yes + LIB_readline="\$(top_builddir)/lib/libedit/src/libheimedit.la \$(LIB_tgetent)" fi - if test "$ac_foo" = yes; then - el_compat_TRUE= - el_compat_FALSE='#' + if test "$build_libedit" = yes; then + LIBEDIT_TRUE= + LIBEDIT_FALSE='#' else - el_compat_TRUE='#' - el_compat_FALSE= + LIBEDIT_TRUE='#' + LIBEDIT_FALSE= fi -cat >>confdefs.h <<\_ACEOF -#define HAVE_READLINE 1 -_ACEOF +$as_echo "#define HAVE_READLINE 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define AUTHENTICATION 1 -_ACEOF +$as_echo "#define AUTHENTICATION 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define ENCRYPTION 1 -_ACEOF +$as_echo "#define ENCRYPTION 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define DES_ENCRYPTION 1 -_ACEOF +$as_echo "#define DES_ENCRYPTION 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define DIAGNOSTICS 1 -_ACEOF +$as_echo "#define DIAGNOSTICS 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define OLD_ENVIRON 1 -_ACEOF +$as_echo "#define OLD_ENVIRON 1" >>confdefs.h if false; then -cat >>confdefs.h <<\_ACEOF -#define ENV_HACK 1 -_ACEOF +$as_echo "#define ENV_HACK 1" >>confdefs.h fi @@ -52032,102 +28146,21 @@ case "$host" in *-*-aix3*|*-*-sunos4*|*-*-osf*|*-*-hpux1[01]*) ;; *) - { echo "$as_me:$LINENO: checking for getmsg" >&5 -echo $ECHO_N "checking for getmsg... $ECHO_C" >&6; } -if test "${ac_cv_func_getmsg+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getmsg to an innocuous variant, in case declares getmsg. - For example, HP-UX 11i declares gettimeofday. */ -#define getmsg innocuous_getmsg + ac_fn_c_check_func "$LINENO" "getmsg" "ac_cv_func_getmsg" +if test "x$ac_cv_func_getmsg" = x""yes; then : -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getmsg (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getmsg - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getmsg (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getmsg || defined __stub___getmsg -choke me -#endif - -int -main () -{ -return getmsg (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getmsg=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getmsg=no fi -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getmsg" >&5 -echo "${ECHO_T}$ac_cv_func_getmsg" >&6; } - if test "$ac_cv_func_getmsg" = "yes"; then - { echo "$as_me:$LINENO: checking if getmsg works" >&5 -echo $ECHO_N "checking if getmsg works... $ECHO_C" >&6; } -if test "${ac_cv_func_getmsg_works+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getmsg works" >&5 +$as_echo_n "checking if getmsg works... " >&6; } +if test "${ac_cv_func_getmsg_works+set}" = set; then : + $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : ac_cv_func_getmsg_works=no else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -52143,52 +28176,24 @@ cat >>conftest.$ac_ext <<_ACEOF } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_getmsg_works=yes else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_getmsg_works=no + ac_cv_func_getmsg_works=no fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getmsg_works" >&5 -echo "${ECHO_T}$ac_cv_func_getmsg_works" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getmsg_works" >&5 +$as_echo "$ac_cv_func_getmsg_works" >&6; } if test "$ac_cv_func_getmsg_works" = "yes"; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_GETMSG 1 -_ACEOF +$as_echo "#define HAVE_GETMSG 1" >>confdefs.h -cat >>confdefs.h <<\_ACEOF -#define STREAMSPTY 1 -_ACEOF +$as_echo "#define STREAMSPTY 1" >>confdefs.h fi fi @@ -52200,13 +28205,12 @@ esac - # Extract the first word of "compile_et", so it can be a program name with args. set dummy compile_et; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_COMPILE_ET+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_COMPILE_ET+set}" = set; then : + $as_echo_n "(cached) " >&6 else if test -n "$COMPILE_ET"; then ac_cv_prog_COMPILE_ET="$COMPILE_ET" # Let the user override the test. @@ -52216,25 +28220,25 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_COMPILE_ET="compile_et" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi COMPILE_ET=$ac_cv_prog_COMPILE_ET if test -n "$COMPILE_ET"; then - { echo "$as_me:$LINENO: result: $COMPILE_ET" >&5 -echo "${ECHO_T}$COMPILE_ET" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $COMPILE_ET" >&5 +$as_echo "$COMPILE_ET" >&6; } else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi @@ -52244,8 +28248,8 @@ krb_cv_com_err_need_r="" krb_cv_compile_et_cross=no if test "${COMPILE_ET}" = "compile_et"; then -{ echo "$as_me:$LINENO: checking whether compile_et has the features we need" >&5 -echo $ECHO_N "checking whether compile_et has the features we need... $ECHO_C" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compile_et has the features we need" >&5 +$as_echo_n "checking whether compile_et has the features we need... " >&6; } cat > conftest_et.et <<'EOF' error_table test conf prefix CONFTEST @@ -52260,10 +28264,11 @@ if ${COMPILE_ET} conftest_et.et >/dev/null 2>&1; then if test -d "/usr/include/et"; then CPPFLAGS="-I/usr/include/et ${CPPFLAGS}" fi - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : krb_cv_compile_et="yes" krb_cv_compile_et_cross=yes else - cat >conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ #include #include @@ -52275,66 +28280,38 @@ int main(int argc, char **argv){ return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;} _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : krb_cv_compile_et="yes" else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -CPPFLAGS="${save_CPPFLAGS}" + CPPFLAGS="${save_CPPFLAGS}" fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ echo "$as_me:$LINENO: result: ${krb_cv_compile_et}" >&5 -echo "${ECHO_T}${krb_cv_compile_et}" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${krb_cv_compile_et}" >&5 +$as_echo "${krb_cv_compile_et}" >&6; } if test "${krb_cv_compile_et}" = "yes" -a "${krb_cv_compile_et_cross}" = no; then - { echo "$as_me:$LINENO: checking for if com_err generates a initialize_conf_error_table_r" >&5 -echo $ECHO_N "checking for if com_err generates a initialize_conf_error_table_r... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for if com_err generates a initialize_conf_error_table_r" >&5 +$as_echo_n "checking for if com_err generates a initialize_conf_error_table_r... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include "conftest_et.h" _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "initialize_conf_error_table_r.*struct et_list" >/dev/null 2>&1; then + $EGREP "initialize_conf_error_table_r.*struct et_list" >/dev/null 2>&1; then : krb_cv_com_err_need_r="ok" fi rm -f conftest* if test X"$krb_cv_com_err_need_r" = X ; then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } krb_cv_compile_et=no else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } fi fi rm -fr conftest* @@ -52345,13 +28322,9 @@ if test "${krb_cv_compile_et_cross}" = yes ; then elif test "${krb_cv_compile_et}" = "yes"; then krb_cv_save_LIBS="${LIBS}" LIBS="${LIBS} -lcom_err" - { echo "$as_me:$LINENO: checking for com_err" >&5 -echo $ECHO_N "checking for com_err... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err" >&5 +$as_echo_n "checking for com_err... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -52361,41 +28334,21 @@ main () const char *p; p = error_message(0); initialize_error_table_r(0,0,0,0); + com_right_r(0, 0, 0, 0); ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then +if ac_fn_c_try_link "$LINENO"; then : krb_cv_com_err="yes" else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}" + krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}" fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - { echo "$as_me:$LINENO: result: ${krb_cv_com_err}" >&5 -echo "${ECHO_T}${krb_cv_com_err}" >&6; } +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${krb_cv_com_err}" >&5 +$as_echo "${krb_cv_com_err}" >&6; } LIBS="${krb_cv_save_LIBS}" else krb_cv_com_err="no" @@ -52406,16 +28359,18 @@ if test "${krb_cv_com_err}" = "yes"; then LIB_com_err="-lcom_err" LIB_com_err_a="" LIB_com_err_so="" - { echo "$as_me:$LINENO: Using the already-installed com_err" >&5 -echo "$as_me: Using the already-installed com_err" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Using the already-installed com_err" >&5 +$as_echo "$as_me: Using the already-installed com_err" >&6;} + COMPILE_ET="${ac_cv_prog_COMPILE_ET}" localcomerr=no elif test "${krb_cv_com_err}" = "cross"; then DIR_com_err="com_err" LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la" LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a" LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so" - { echo "$as_me:$LINENO: Using our own com_err with toolchain compile_et" >&5 -echo "$as_me: Using our own com_err with toolchain compile_et" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Using our own com_err with toolchain compile_et" >&5 +$as_echo "$as_me: Using our own com_err with toolchain compile_et" >&6;} + COMPILE_ET="${ac_cv_prog_COMPILE_ET}" localcomerr=yes else COMPILE_ET="\$(top_builddir)/lib/com_err/compile_et" @@ -52423,8 +28378,8 @@ else LIB_com_err="\$(top_builddir)/lib/com_err/libcom_err.la" LIB_com_err_a="\$(top_builddir)/lib/com_err/.libs/libcom_err.a" LIB_com_err_so="\$(top_builddir)/lib/com_err/.libs/libcom_err.so" - { echo "$as_me:$LINENO: Using our own com_err" >&5 -echo "$as_me: Using our own com_err" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Using our own com_err" >&5 +$as_echo "$as_me: Using our own com_err" >&6;} localcomerr=yes fi if test "$localcomerr" = yes; then @@ -52442,8 +28397,9 @@ fi -{ echo "$as_me:$LINENO: checking which authentication modules should be built" >&5 -echo $ECHO_N "checking which authentication modules should be built... $ECHO_C" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which authentication modules should be built" >&5 +$as_echo_n "checking which authentication modules should be built... " >&6; } z='sia afskauthlib' LIB_AUTH_SUBDIRS= @@ -52474,11 +28430,11 @@ esac esac done if test "$LIB_AUTH_SUBDIRS"; then - { echo "$as_me:$LINENO: result: $LIB_AUTH_SUBDIRS" >&5 -echo "${ECHO_T}$LIB_AUTH_SUBDIRS" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIB_AUTH_SUBDIRS" >&5 +$as_echo "$LIB_AUTH_SUBDIRS" >&6; } else - { echo "$as_me:$LINENO: result: none" >&5 -echo "${ECHO_T}none" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } fi @@ -52560,7 +28516,7 @@ _ACEOF # Check whether --enable-developer was given. -if test "${enable_developer+set}" = set; then +if test "${enable_developer+set}" = set; then : enableval=$enable_developer; fi @@ -52576,6 +28532,7 @@ if test -z "$WFLAGS" -a "$GCC" = "yes"; then # -Wcast-align doesn't work well on alpha osf/1 # -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast # -Wmissing-declarations -Wnested-externs + # -Wstrict-overflow=5 WFLAGS="-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs $dwflags" WFLAGS_NOUNUSED="-Wno-unused" WFLAGS_NOIMPLICITINT="-Wno-implicit-int" @@ -52586,7 +28543,22 @@ fi -ac_config_files="$ac_config_files Makefile etc/Makefile include/Makefile include/gssapi/Makefile include/hcrypto/Makefile include/kadm5/Makefile lib/Makefile lib/45/Makefile lib/auth/Makefile lib/auth/afskauthlib/Makefile lib/auth/pam/Makefile lib/auth/sia/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/hcrypto/Makefile lib/editline/Makefile lib/hx509/Makefile lib/gssapi/Makefile lib/ntlm/Makefile lib/hdb/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/vers/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kcm/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/gssmask/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile tests/Makefile tests/can/Makefile tests/db/Makefile tests/kdc/Makefile tests/ldap/Makefile tests/gss/Makefile tests/java/Makefile tests/plugin/Makefile packages/Makefile packages/mac/Makefile packages/debian/Makefile doc/Makefile tools/Makefile" + +# Check whether --enable-heimdal-documentation was given. +if test "${enable_heimdal_documentation+set}" = set; then : + enableval=$enable_heimdal_documentation; +fi + + if test "$enable_heimdal_documentation" != no; then + HEIMDAL_DOCUMENTATION_TRUE= + HEIMDAL_DOCUMENTATION_FALSE='#' +else + HEIMDAL_DOCUMENTATION_TRUE='#' + HEIMDAL_DOCUMENTATION_FALSE= +fi + + +ac_config_files="$ac_config_files Makefile etc/Makefile include/Makefile include/gssapi/Makefile include/hcrypto/Makefile include/kadm5/Makefile lib/Makefile base/Makefile lib/asn1/Makefile lib/com_err/Makefile lib/hcrypto/Makefile lib/hx509/Makefile lib/gssapi/Makefile lib/ntlm/Makefile lib/hdb/Makefile lib/ipc/Makefile lib/kadm5/Makefile lib/kafs/Makefile lib/kdfs/Makefile lib/krb5/Makefile lib/otp/Makefile lib/roken/Makefile lib/sl/Makefile lib/sqlite/Makefile lib/vers/Makefile lib/wind/Makefile po/Makefile kuser/Makefile kpasswd/Makefile kadmin/Makefile admin/Makefile kcm/Makefile kdc/Makefile appl/Makefile appl/afsutil/Makefile appl/ftp/Makefile appl/ftp/common/Makefile appl/ftp/ftp/Makefile appl/ftp/ftpd/Makefile appl/gssmask/Makefile appl/kx/Makefile appl/login/Makefile appl/otp/Makefile appl/popper/Makefile appl/push/Makefile appl/rsh/Makefile appl/rcp/Makefile appl/su/Makefile appl/xnlock/Makefile appl/telnet/Makefile appl/telnet/libtelnet/Makefile appl/telnet/telnet/Makefile appl/telnet/telnetd/Makefile appl/test/Makefile appl/kf/Makefile appl/dceutils/Makefile tests/Makefile tests/bin/Makefile tests/can/Makefile tests/db/Makefile tests/kdc/Makefile tests/ldap/Makefile tests/gss/Makefile tests/java/Makefile tests/plugin/Makefile packages/Makefile packages/mac/Makefile doc/Makefile tools/Makefile" cat >confcache <<\_ACEOF @@ -52616,12 +28588,13 @@ _ACEOF case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 -echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( - *) $as_unset $ac_var ;; + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done @@ -52629,8 +28602,8 @@ echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote - # substitution turns \\\\ into \\, and sed turns \\ into \). + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" @@ -52653,12 +28626,12 @@ echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && - { echo "$as_me:$LINENO: updating cache $cache_file" >&5 -echo "$as_me: updating cache $cache_file" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else - { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 -echo "$as_me: not updating unwritable cache $cache_file" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache @@ -52674,255 +28647,206 @@ ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`echo "$ac_i" | sed "$ac_script"` + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. - ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" - ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${ENABLE_SHARED_TRUE}" && test -z "${ENABLE_SHARED_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"ENABLE_SHARED\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"ENABLE_SHARED\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${versionscript_TRUE}" && test -z "${versionscript_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"versionscript\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"versionscript\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${OPENLDAP_MODULE_TRUE}" && test -z "${OPENLDAP_MODULE_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"OPENLDAP_MODULE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"OPENLDAP_MODULE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${PKINIT_TRUE}" && test -z "${PKINIT_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"PKINIT\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"PKINIT\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"KRB4\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"KRB5\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"KRB5\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"do_roken_rename\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"do_roken_rename\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_OPENSSL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_OPENSSL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"DCE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"DCE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB1\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_DB1\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${HAVE_DB3_TRUE}" && test -z "${HAVE_DB3_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_DB3\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_DB3\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${HAVE_NDBM_TRUE}" && test -z "${HAVE_NDBM_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_NDBM\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_NDBM\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_err_h_TRUE}" && test -z "${have_err_h_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_err_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_err_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_ifaddrs_h_TRUE}" && test -z "${have_ifaddrs_h_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_ifaddrs_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_ifaddrs_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_vis_h_TRUE}" && test -z "${have_vis_h_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_vis_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_vis_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_glob_h_TRUE}" && test -z "${have_glob_h_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_glob_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_glob_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_cgetent_TRUE}" && test -z "${have_cgetent_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_cgetent\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_cgetent\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_fnmatch_h_TRUE}" && test -z "${have_fnmatch_h_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_fnmatch_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_fnmatch_h\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${have_socket_wrapper_TRUE}" && test -z "${have_socket_wrapper_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"have_socket_wrapper\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"have_socket_wrapper\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"OTP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"OTP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${CATMAN_TRUE}" && test -z "${CATMAN_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"CATMAN\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"CATMAN\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${AIX_TRUE}" && test -z "${AIX_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"AIX\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"AIX\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"AIX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${AIX4_TRUE}" && test -z "${AIX4_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"AIX4\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"AIX4\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"AIX4\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_DLOPEN_TRUE}" && test -z "${HAVE_DLOPEN_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_DLOPEN\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_DLOPEN\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"HAVE_DLOPEN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${AIX_DYNAMIC_AFS_TRUE}" && test -z "${AIX_DYNAMIC_AFS_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"AIX_DYNAMIC_AFS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"AIX_DYNAMIC_AFS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"AIX_DYNAMIC_AFS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${IRIX_TRUE}" && test -z "${IRIX_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"IRIX\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"IRIX\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"IRIX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_SHARED_TRUE}" && test -z "${ENABLE_SHARED_FALSE}"; then + as_fn_error "conditional \"ENABLE_SHARED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${versionscript_TRUE}" && test -z "${versionscript_FALSE}"; then + as_fn_error "conditional \"versionscript\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CROSS_COMPILE_TRUE}" && test -z "${CROSS_COMPILE_FALSE}"; then + as_fn_error "conditional \"CROSS_COMPILE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OPENLDAP_MODULE_TRUE}" && test -z "${OPENLDAP_MODULE_FALSE}"; then + as_fn_error "conditional \"OPENLDAP_MODULE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${PKINIT_TRUE}" && test -z "${PKINIT_FALSE}"; then + as_fn_error "conditional \"PKINIT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_CAPNG_TRUE}" && test -z "${HAVE_CAPNG_FALSE}"; then + as_fn_error "conditional \"HAVE_CAPNG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${SQLITE3_TRUE}" && test -z "${SQLITE3_FALSE}"; then + as_fn_error "conditional \"SQLITE3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_scc_TRUE}" && test -z "${have_scc_FALSE}"; then + as_fn_error "conditional \"have_scc\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then + as_fn_error "conditional \"KRB4\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${KRB5_TRUE}" && test -z "${KRB5_FALSE}"; then + as_fn_error "conditional \"KRB5\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${do_roken_rename_TRUE}" && test -z "${do_roken_rename_FALSE}"; then + as_fn_error "conditional \"do_roken_rename\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_OPENSSL_TRUE}" && test -z "${HAVE_OPENSSL_FALSE}"; then + as_fn_error "conditional \"HAVE_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DCE_TRUE}" && test -z "${DCE_FALSE}"; then + as_fn_error "conditional \"DCE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_DB1_TRUE}" && test -z "${HAVE_DB1_FALSE}"; then + as_fn_error "conditional \"HAVE_DB1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_DB3_TRUE}" && test -z "${HAVE_DB3_FALSE}"; then + as_fn_error "conditional \"HAVE_DB3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_NDBM_TRUE}" && test -z "${HAVE_NDBM_FALSE}"; then + as_fn_error "conditional \"HAVE_NDBM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_DBHEADER_TRUE}" && test -z "${HAVE_DBHEADER_FALSE}"; then + as_fn_error "conditional \"HAVE_DBHEADER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_err_h_TRUE}" && test -z "${have_err_h_FALSE}"; then + as_fn_error "conditional \"have_err_h\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_ifaddrs_h_TRUE}" && test -z "${have_ifaddrs_h_FALSE}"; then + as_fn_error "conditional \"have_ifaddrs_h\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_search_h_TRUE}" && test -z "${have_search_h_FALSE}"; then + as_fn_error "conditional \"have_search_h\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_vis_h_TRUE}" && test -z "${have_vis_h_FALSE}"; then + as_fn_error "conditional \"have_vis_h\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_glob_h_TRUE}" && test -z "${have_glob_h_FALSE}"; then + as_fn_error "conditional \"have_glob_h\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_cgetent_TRUE}" && test -z "${have_cgetent_FALSE}"; then + as_fn_error "conditional \"have_cgetent\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_fnmatch_h_TRUE}" && test -z "${have_fnmatch_h_FALSE}"; then + as_fn_error "conditional \"have_fnmatch_h\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_socket_wrapper_TRUE}" && test -z "${have_socket_wrapper_FALSE}"; then + as_fn_error "conditional \"have_socket_wrapper\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OTP_TRUE}" && test -z "${OTP_FALSE}"; then + as_fn_error "conditional \"OTP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${have_gcd_TRUE}" && test -z "${have_gcd_FALSE}"; then + as_fn_error "conditional \"have_gcd\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CATMAN_TRUE}" && test -z "${CATMAN_FALSE}"; then + as_fn_error "conditional \"CATMAN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_X_TRUE}" && test -z "${HAVE_X_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"HAVE_X\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"HAVE_X\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"HAVE_X\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${NEED_WRITEAUTH_TRUE}" && test -z "${NEED_WRITEAUTH_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"NEED_WRITEAUTH\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"NEED_WRITEAUTH\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"NEED_WRITEAUTH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${KCM_TRUE}" && test -z "${KCM_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"KCM\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"KCM\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"KCM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${FRAMEWORK_SECURITY_TRUE}" && test -z "${FRAMEWORK_SECURITY_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"FRAMEWORK_SECURITY\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"FRAMEWORK_SECURITY\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"FRAMEWORK_SECURITY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${el_compat_TRUE}" && test -z "${el_compat_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"el_compat\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"el_compat\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } +if test -z "${LIBEDIT_TRUE}" && test -z "${LIBEDIT_FALSE}"; then + as_fn_error "conditional \"LIBEDIT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${COM_ERR_TRUE}" && test -z "${COM_ERR_FALSE}"; then - { { echo "$as_me:$LINENO: error: conditional \"COM_ERR\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -echo "$as_me: error: conditional \"COM_ERR\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"COM_ERR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HEIMDAL_DOCUMENTATION_TRUE}" && test -z "${HEIMDAL_DOCUMENTATION_FALSE}"; then + as_fn_error "conditional \"HEIMDAL_DOCUMENTATION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : ${CONFIG_STATUS=./config.status} +ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 -echo "$as_me: creating $CONFIG_STATUS" >&6;} -cat >$CONFIG_STATUS <<_ACEOF +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. @@ -52932,59 +28856,79 @@ cat >$CONFIG_STATUS <<_ACEOF debug=false ac_cs_recheck=false ac_cs_silent=false -SHELL=\${CONFIG_SHELL-$SHELL} -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF -## --------------------- ## -## M4sh Initialization. ## -## --------------------- ## +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; esac - fi - - -# PATH needs CR -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh -fi - -# Support unset when possible. -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - as_unset=unset -else - as_unset=false + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } fi @@ -52993,20 +28937,18 @@ fi # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) -as_nl=' -' IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. -case $0 in +case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -done + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done IFS=$as_save_IFS ;; @@ -53017,32 +28959,111 @@ if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then - echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - { (exit 1); exit 1; } + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 fi -# Work around bugs in pre-3.0 UWIN ksh. -for as_var in ENV MAIL MAILPATH -do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. -for as_var in \ - LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ - LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ - LC_TELEPHONE LC_TIME -do - if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then - eval $as_var=C; export $as_var - else - ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - fi -done +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error ERROR [LINENO LOG_FD] +# --------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with status $?, using 1 if that was 0. +as_fn_error () +{ + as_status=$?; test $as_status -eq 0 && as_status=1 + if test "$3"; then + as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + fi + $as_echo "$as_me: error: $1" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + -# Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr @@ -53056,13 +29077,17 @@ else as_basename=false fi +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi -# Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -echo X/"$0" | +$as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -53077,104 +29102,103 @@ echo X/"$0" | } s/.*/./; q'` -# CDPATH. -$as_unset CDPATH - - - - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { - - # Create $as_me.lineno as a copy of $as_myself, but with $LINENO - # uniformly replaced by the line number. The first 'sed' inserts a - # line-number line after each line using $LINENO; the second 'sed' - # does the real work. The second script uses 'N' to pair each - # line-number line with the line containing $LINENO, and appends - # trailing '-' during substitution so that $LINENO is not a special - # case at line end. - # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the - # scripts with optimization help from Paolo Bonzini. Blame Lee - # E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 - { (exit 1); exit 1; }; } - - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in +case `echo -n x` in #((((( -n*) - case `echo 'x\c'` in + case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. - *) ECHO_C='\c';; + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir - mkdir conf$$.dir + mkdir conf$$.dir 2>/dev/null fi -echo >conf$$.file -if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else as_ln_s='cp -p' -elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln + fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + + +} # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then - as_mkdir_p=: + as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false @@ -53191,12 +29215,12 @@ else as_test_x=' eval sh -c '\'' if test -d "$1"; then - test -d "$1/."; + test -d "$1/."; else - case $1 in - -*)set "./$1";; + case $1 in #( + -*)set "./$1";; esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' @@ -53211,13 +29235,19 @@ as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 -# Save the log message, to keep $[0] and so on meaningful, and to +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Heimdal $as_me 1.1, which was -generated by GNU Autoconf 2.61. Invocation command line was +This file was extended by Heimdal $as_me 1.5.1, which was +generated by GNU Autoconf 2.65. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -53230,29 +29260,42 @@ on `(hostname || uname -n) 2>/dev/null | sed 1q` _ACEOF -cat >>$CONFIG_STATUS <<_ACEOF +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" +config_commands="$ac_config_commands" _ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -\`$as_me' instantiates files from templates according to the -current configuration. +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. -Usage: $0 [OPTIONS] [FILE]... +Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit - -q, --quiet do not print progress messages + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions - --file=FILE[:TEMPLATE] - instantiate the configuration file FILE - --header=FILE[:TEMPLATE] - instantiate the configuration header FILE + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE Configuration files: $config_files @@ -53260,16 +29303,20 @@ $config_files Configuration headers: $config_headers -Report bugs to ." +Configuration commands: +$config_commands + +Report bugs to ." _ACEOF -cat >>$CONFIG_STATUS <<_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Heimdal config.status 1.1 -configured by $0, generated by GNU Autoconf 2.61, - with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" +Heimdal config.status 1.5.1 +configured by $0, generated by GNU Autoconf 2.65, + with options \\"\$ac_cs_config\\" -Copyright (C) 2006 Free Software Foundation, Inc. +Copyright (C) 2009 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -53277,11 +29324,12 @@ ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk _ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF -# If no file are specified by the user, then we need to provide default -# value. By we need to know if files were specified by the user. +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do @@ -53303,34 +29351,40 @@ do -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - echo "$ac_cs_version"; exit ;; + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift - CONFIG_FILES="$CONFIG_FILES $ac_optarg" + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift - CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header - { echo "$as_me: error: ambiguous option: $1 -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; };; + as_fn_error "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; --help | --hel | -h ) - echo "$ac_cs_usage"; exit ;; + $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. - -*) { echo "$as_me: error: unrecognized option: $1 -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; } ;; + -*) as_fn_error "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; - *) ac_config_targets="$ac_config_targets $1" + *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac @@ -53345,36 +29399,322 @@ if $ac_cs_silent; then fi _ACEOF -cat >>$CONFIG_STATUS <<_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then - echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 - CONFIG_SHELL=$SHELL + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' export CONFIG_SHELL - exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + exec "\$@" fi _ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX - echo "$ac_log" + $as_echo "$ac_log" } >&5 _ACEOF -cat >>$CONFIG_STATUS <<_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' +macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' +enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' +pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' +ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' +host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' +host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' +build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' +build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' +build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' +SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' +Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' +GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' +EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' +FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' +LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' +NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' +LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' +ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' +exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' +lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' +lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' +lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' +reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' +file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' +want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' +DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' +sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' +AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' +archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' +STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' +RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' +lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' +CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' +compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' +GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' +lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' +need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' +MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' +LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' +OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' +libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' +module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec_ld='`$ECHO "$hardcode_libdir_flag_spec_ld" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' +postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' +need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' +version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' +runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' +libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' +soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' +install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' +finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' +sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' +old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' +striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL \ +ECHO \ +SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +file_magic_glob \ +want_nocaseglob \ +DLLTOOL \ +sharedlib_from_linklib_cmd \ +AR \ +AR_FLAGS \ +archiver_list_spec \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +nm_file_list_spec \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_pic \ +lt_prog_compiler_wl \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +MANIFEST_TOOL \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_flag_spec_ld \ +hardcode_libdir_separator \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +install_override_mode \ +finish_eval \ +old_striplib \ +striplib; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postlink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +sys_lib_dlsearch_path_spec; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +ac_aux_dir='$ac_aux_dir' +xsi_shell='$xsi_shell' +lt_shell_append='$lt_shell_append' + +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile' + + + + _ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; @@ -53382,19 +29722,15 @@ do "include/hcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES include/hcrypto/Makefile" ;; "include/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES include/kadm5/Makefile" ;; "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; - "lib/45/Makefile") CONFIG_FILES="$CONFIG_FILES lib/45/Makefile" ;; - "lib/auth/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;; - "lib/auth/afskauthlib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/afskauthlib/Makefile" ;; - "lib/auth/pam/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/pam/Makefile" ;; - "lib/auth/sia/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/sia/Makefile" ;; + "base/Makefile") CONFIG_FILES="$CONFIG_FILES base/Makefile" ;; "lib/asn1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/asn1/Makefile" ;; "lib/com_err/Makefile") CONFIG_FILES="$CONFIG_FILES lib/com_err/Makefile" ;; "lib/hcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hcrypto/Makefile" ;; - "lib/editline/Makefile") CONFIG_FILES="$CONFIG_FILES lib/editline/Makefile" ;; "lib/hx509/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hx509/Makefile" ;; "lib/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile" ;; "lib/ntlm/Makefile") CONFIG_FILES="$CONFIG_FILES lib/ntlm/Makefile" ;; "lib/hdb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/hdb/Makefile" ;; + "lib/ipc/Makefile") CONFIG_FILES="$CONFIG_FILES lib/ipc/Makefile" ;; "lib/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile" ;; "lib/kafs/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kafs/Makefile" ;; "lib/kdfs/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kdfs/Makefile" ;; @@ -53402,7 +29738,10 @@ do "lib/otp/Makefile") CONFIG_FILES="$CONFIG_FILES lib/otp/Makefile" ;; "lib/roken/Makefile") CONFIG_FILES="$CONFIG_FILES lib/roken/Makefile" ;; "lib/sl/Makefile") CONFIG_FILES="$CONFIG_FILES lib/sl/Makefile" ;; + "lib/sqlite/Makefile") CONFIG_FILES="$CONFIG_FILES lib/sqlite/Makefile" ;; "lib/vers/Makefile") CONFIG_FILES="$CONFIG_FILES lib/vers/Makefile" ;; + "lib/wind/Makefile") CONFIG_FILES="$CONFIG_FILES lib/wind/Makefile" ;; + "po/Makefile") CONFIG_FILES="$CONFIG_FILES po/Makefile" ;; "kuser/Makefile") CONFIG_FILES="$CONFIG_FILES kuser/Makefile" ;; "kpasswd/Makefile") CONFIG_FILES="$CONFIG_FILES kpasswd/Makefile" ;; "kadmin/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/Makefile" ;; @@ -53433,6 +29772,7 @@ do "appl/kf/Makefile") CONFIG_FILES="$CONFIG_FILES appl/kf/Makefile" ;; "appl/dceutils/Makefile") CONFIG_FILES="$CONFIG_FILES appl/dceutils/Makefile" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; + "tests/bin/Makefile") CONFIG_FILES="$CONFIG_FILES tests/bin/Makefile" ;; "tests/can/Makefile") CONFIG_FILES="$CONFIG_FILES tests/can/Makefile" ;; "tests/db/Makefile") CONFIG_FILES="$CONFIG_FILES tests/db/Makefile" ;; "tests/kdc/Makefile") CONFIG_FILES="$CONFIG_FILES tests/kdc/Makefile" ;; @@ -53442,13 +29782,10 @@ do "tests/plugin/Makefile") CONFIG_FILES="$CONFIG_FILES tests/plugin/Makefile" ;; "packages/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Makefile" ;; "packages/mac/Makefile") CONFIG_FILES="$CONFIG_FILES packages/mac/Makefile" ;; - "packages/debian/Makefile") CONFIG_FILES="$CONFIG_FILES packages/debian/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;; - *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 -echo "$as_me: error: invalid argument: $ac_config_target" >&2;} - { (exit 1); exit 1; }; };; + *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done @@ -53460,6 +29797,7 @@ done if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree @@ -53474,7 +29812,7 @@ $debug || trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 - trap '{ (exit 1); exit 1; }' 1 2 13 15 + trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. @@ -53485,398 +29823,140 @@ $debug || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || -{ - echo "$me: cannot create a temporary directory in ." >&2 - { (exit 1); exit 1; } -} +} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 -# -# Set up the sed scripts for CONFIG_FILES section. -# - -# No need to generate the scripts if there are no CONFIG_FILES. -# This happens for instance when ./config.status config.h +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$tmp/subs1.awk" && _ACEOF - +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do - cat >conf$$subs.sed <<_ACEOF -SHELL!$SHELL$ac_delim -PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim -PACKAGE_NAME!$PACKAGE_NAME$ac_delim -PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim -PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim -PACKAGE_STRING!$PACKAGE_STRING$ac_delim -PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim -exec_prefix!$exec_prefix$ac_delim -prefix!$prefix$ac_delim -program_transform_name!$program_transform_name$ac_delim -bindir!$bindir$ac_delim -sbindir!$sbindir$ac_delim -libexecdir!$libexecdir$ac_delim -datarootdir!$datarootdir$ac_delim -datadir!$datadir$ac_delim -sysconfdir!$sysconfdir$ac_delim -sharedstatedir!$sharedstatedir$ac_delim -localstatedir!$localstatedir$ac_delim -includedir!$includedir$ac_delim -oldincludedir!$oldincludedir$ac_delim -docdir!$docdir$ac_delim -infodir!$infodir$ac_delim -htmldir!$htmldir$ac_delim -dvidir!$dvidir$ac_delim -pdfdir!$pdfdir$ac_delim -psdir!$psdir$ac_delim -libdir!$libdir$ac_delim -localedir!$localedir$ac_delim -mandir!$mandir$ac_delim -DEFS!$DEFS$ac_delim -ECHO_C!$ECHO_C$ac_delim -ECHO_N!$ECHO_N$ac_delim -ECHO_T!$ECHO_T$ac_delim -LIBS!$LIBS$ac_delim -build_alias!$build_alias$ac_delim -host_alias!$host_alias$ac_delim -target_alias!$target_alias$ac_delim -INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim -INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim -INSTALL_DATA!$INSTALL_DATA$ac_delim -am__isrc!$am__isrc$ac_delim -CYGPATH_W!$CYGPATH_W$ac_delim -PACKAGE!$PACKAGE$ac_delim -VERSION!$VERSION$ac_delim -ACLOCAL!$ACLOCAL$ac_delim -AUTOCONF!$AUTOCONF$ac_delim -AUTOMAKE!$AUTOMAKE$ac_delim -AUTOHEADER!$AUTOHEADER$ac_delim -MAKEINFO!$MAKEINFO$ac_delim -install_sh!$install_sh$ac_delim -STRIP!$STRIP$ac_delim -INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim -mkdir_p!$mkdir_p$ac_delim -AWK!$AWK$ac_delim -SET_MAKE!$SET_MAKE$ac_delim -am__leading_dot!$am__leading_dot$ac_delim -AMTAR!$AMTAR$ac_delim -am__tar!$am__tar$ac_delim -am__untar!$am__untar$ac_delim -MAINTAINER_MODE_TRUE!$MAINTAINER_MODE_TRUE$ac_delim -MAINTAINER_MODE_FALSE!$MAINTAINER_MODE_FALSE$ac_delim -MAINT!$MAINT$ac_delim -CC!$CC$ac_delim -CFLAGS!$CFLAGS$ac_delim -LDFLAGS!$LDFLAGS$ac_delim -CPPFLAGS!$CPPFLAGS$ac_delim -ac_ct_CC!$ac_ct_CC$ac_delim -EXEEXT!$EXEEXT$ac_delim -OBJEXT!$OBJEXT$ac_delim -CPP!$CPP$ac_delim -build!$build$ac_delim -build_cpu!$build_cpu$ac_delim -build_vendor!$build_vendor$ac_delim -build_os!$build_os$ac_delim -host!$host$ac_delim -host_cpu!$host_cpu$ac_delim -host_vendor!$host_vendor$ac_delim -host_os!$host_os$ac_delim -CANONICAL_HOST!$CANONICAL_HOST$ac_delim -YACC!$YACC$ac_delim -YFLAGS!$YFLAGS$ac_delim -LEX!$LEX$ac_delim -LEX_OUTPUT_ROOT!$LEX_OUTPUT_ROOT$ac_delim -LEXLIB!$LEXLIB$ac_delim -LN_S!$LN_S$ac_delim -GREP!$GREP$ac_delim -EGREP!$EGREP$ac_delim -ECHO!$ECHO$ac_delim -AR!$AR$ac_delim -RANLIB!$RANLIB$ac_delim -CXX!$CXX$ac_delim -CXXFLAGS!$CXXFLAGS$ac_delim -ac_ct_CXX!$ac_ct_CXX$ac_delim -CXXCPP!$CXXCPP$ac_delim -F77!$F77$ac_delim -FFLAGS!$FFLAGS$ac_delim -ac_ct_F77!$ac_ct_F77$ac_delim -_ACEOF + . ./conf$$subs.sh || + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done +rm -f conf$$subs.sh -ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` -if test -n "$ac_eof"; then - ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` - ac_eof=`expr $ac_eof + 1` -fi - -cat >>$CONFIG_STATUS <<_ACEOF -cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$tmp/subs1.awk" <<\\_ACAWK && _ACEOF -sed ' -s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g -s/^/s,@/; s/!/@,|#_!!_#|/ -:n -t n -s/'"$ac_delim"'$/,g/; t -s/$/\\/; p -N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n -' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF -CEOF$ac_eof +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK _ACEOF - - -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - cat >conf$$subs.sed <<_ACEOF -LIBTOOL!$LIBTOOL$ac_delim -ENABLE_SHARED_TRUE!$ENABLE_SHARED_TRUE$ac_delim -ENABLE_SHARED_FALSE!$ENABLE_SHARED_FALSE$ac_delim -VERSIONING!$VERSIONING$ac_delim -versionscript_TRUE!$versionscript_TRUE$ac_delim -versionscript_FALSE!$versionscript_FALSE$ac_delim -LDFLAGS_VERSION_SCRIPT!$LDFLAGS_VERSION_SCRIPT$ac_delim -INCLUDE_openldap!$INCLUDE_openldap$ac_delim -LIB_openldap!$LIB_openldap$ac_delim -OPENLDAP_MODULE_TRUE!$OPENLDAP_MODULE_TRUE$ac_delim -OPENLDAP_MODULE_FALSE!$OPENLDAP_MODULE_FALSE$ac_delim -PKINIT_TRUE!$PKINIT_TRUE$ac_delim -PKINIT_FALSE!$PKINIT_FALSE$ac_delim -DIR_hdbdir!$DIR_hdbdir$ac_delim -INCLUDE_krb4!$INCLUDE_krb4$ac_delim -LIB_krb4!$LIB_krb4$ac_delim -KRB4_TRUE!$KRB4_TRUE$ac_delim -KRB4_FALSE!$KRB4_FALSE$ac_delim -KRB5_TRUE!$KRB5_TRUE$ac_delim -KRB5_FALSE!$KRB5_FALSE$ac_delim -do_roken_rename_TRUE!$do_roken_rename_TRUE$ac_delim -do_roken_rename_FALSE!$do_roken_rename_FALSE$ac_delim -LIB_kdb!$LIB_kdb$ac_delim -HAVE_OPENSSL_TRUE!$HAVE_OPENSSL_TRUE$ac_delim -HAVE_OPENSSL_FALSE!$HAVE_OPENSSL_FALSE$ac_delim -DIR_hcrypto!$DIR_hcrypto$ac_delim -INCLUDE_hcrypto!$INCLUDE_hcrypto$ac_delim -LIB_hcrypto!$LIB_hcrypto$ac_delim -LIB_hcrypto_a!$LIB_hcrypto_a$ac_delim -LIB_hcrypto_so!$LIB_hcrypto_so$ac_delim -LIB_hcrypto_appl!$LIB_hcrypto_appl$ac_delim -PTHREADS_CFLAGS!$PTHREADS_CFLAGS$ac_delim -PTHREADS_LIBS!$PTHREADS_LIBS$ac_delim -DCE_TRUE!$DCE_TRUE$ac_delim -DCE_FALSE!$DCE_FALSE$ac_delim -dpagaix_cflags!$dpagaix_cflags$ac_delim -dpagaix_ldadd!$dpagaix_ldadd$ac_delim -dpagaix_ldflags!$dpagaix_ldflags$ac_delim -LIB_db_create!$LIB_db_create$ac_delim -LIB_dbopen!$LIB_dbopen$ac_delim -LIB_dbm_firstkey!$LIB_dbm_firstkey$ac_delim -HAVE_DB1_TRUE!$HAVE_DB1_TRUE$ac_delim -HAVE_DB1_FALSE!$HAVE_DB1_FALSE$ac_delim -HAVE_DB3_TRUE!$HAVE_DB3_TRUE$ac_delim -HAVE_DB3_FALSE!$HAVE_DB3_FALSE$ac_delim -HAVE_NDBM_TRUE!$HAVE_NDBM_TRUE$ac_delim -HAVE_NDBM_FALSE!$HAVE_NDBM_FALSE$ac_delim -DBLIB!$DBLIB$ac_delim -LIB_NDBM!$LIB_NDBM$ac_delim -WFLAGS!$WFLAGS$ac_delim -WFLAGS_NOUNUSED!$WFLAGS_NOUNUSED$ac_delim -WFLAGS_NOIMPLICITINT!$WFLAGS_NOIMPLICITINT$ac_delim -VOID_RETSIGTYPE!$VOID_RETSIGTYPE$ac_delim -have_err_h_TRUE!$have_err_h_TRUE$ac_delim -have_err_h_FALSE!$have_err_h_FALSE$ac_delim -have_ifaddrs_h_TRUE!$have_ifaddrs_h_TRUE$ac_delim -have_ifaddrs_h_FALSE!$have_ifaddrs_h_FALSE$ac_delim -have_vis_h_TRUE!$have_vis_h_TRUE$ac_delim -have_vis_h_FALSE!$have_vis_h_FALSE$ac_delim -LIB_socket!$LIB_socket$ac_delim -LIB_gethostbyname!$LIB_gethostbyname$ac_delim -LIB_syslog!$LIB_syslog$ac_delim -LIB_gethostbyname2!$LIB_gethostbyname2$ac_delim -LIB_res_search!$LIB_res_search$ac_delim -LIB_res_nsearch!$LIB_res_nsearch$ac_delim -LIB_res_ndestroy!$LIB_res_ndestroy$ac_delim -LIB_dn_expand!$LIB_dn_expand$ac_delim -LIBOBJS!$LIBOBJS$ac_delim -have_glob_h_TRUE!$have_glob_h_TRUE$ac_delim -have_glob_h_FALSE!$have_glob_h_FALSE$ac_delim -have_cgetent_TRUE!$have_cgetent_TRUE$ac_delim -have_cgetent_FALSE!$have_cgetent_FALSE$ac_delim -LIB_getsockopt!$LIB_getsockopt$ac_delim -LIB_setsockopt!$LIB_setsockopt$ac_delim -LIB_hstrerror!$LIB_hstrerror$ac_delim -LIB_bswap16!$LIB_bswap16$ac_delim -LIB_bswap32!$LIB_bswap32$ac_delim -LIB_pidfile!$LIB_pidfile$ac_delim -LIB_getaddrinfo!$LIB_getaddrinfo$ac_delim -LIB_getnameinfo!$LIB_getnameinfo$ac_delim -LIB_freeaddrinfo!$LIB_freeaddrinfo$ac_delim -LIB_gai_strerror!$LIB_gai_strerror$ac_delim -have_fnmatch_h_TRUE!$have_fnmatch_h_TRUE$ac_delim -have_fnmatch_h_FALSE!$have_fnmatch_h_FALSE$ac_delim -LIB_crypt!$LIB_crypt$ac_delim -have_socket_wrapper_TRUE!$have_socket_wrapper_TRUE$ac_delim -have_socket_wrapper_FALSE!$have_socket_wrapper_FALSE$ac_delim -DIR_roken!$DIR_roken$ac_delim -LIB_roken!$LIB_roken$ac_delim -INCLUDES_roken!$INCLUDES_roken$ac_delim -LIBADD_roken!$LIBADD_roken$ac_delim -LIB_otp!$LIB_otp$ac_delim -OTP_TRUE!$OTP_TRUE$ac_delim -OTP_FALSE!$OTP_FALSE$ac_delim -LIB_security!$LIB_security$ac_delim -NROFF!$NROFF$ac_delim -GROFF!$GROFF$ac_delim +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ + || as_fn_error "could not setup config files machinery" "$LINENO" 5 _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then - break - elif $ac_last_try; then - { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` -if test -n "$ac_eof"; then - ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` - ac_eof=`expr $ac_eof + 1` -fi - -cat >>$CONFIG_STATUS <<_ACEOF -cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -_ACEOF -sed ' -s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g -s/^/s,@/; s/!/@,|#_!!_#|/ -:n -t n -s/'"$ac_delim"'$/,g/; t -s/$/\\/; p -N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n -' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF -CEOF$ac_eof -_ACEOF - - -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - cat >conf$$subs.sed <<_ACEOF -CATMAN!$CATMAN$ac_delim -CATMAN_TRUE!$CATMAN_TRUE$ac_delim -CATMAN_FALSE!$CATMAN_FALSE$ac_delim -CATMANEXT!$CATMANEXT$ac_delim -INCLUDE_readline!$INCLUDE_readline$ac_delim -LIB_readline!$LIB_readline$ac_delim -INCLUDE_hesiod!$INCLUDE_hesiod$ac_delim -LIB_hesiod!$LIB_hesiod$ac_delim -AIX_TRUE!$AIX_TRUE$ac_delim -AIX_FALSE!$AIX_FALSE$ac_delim -AIX4_TRUE!$AIX4_TRUE$ac_delim -AIX4_FALSE!$AIX4_FALSE$ac_delim -LIB_dlopen!$LIB_dlopen$ac_delim -HAVE_DLOPEN_TRUE!$HAVE_DLOPEN_TRUE$ac_delim -HAVE_DLOPEN_FALSE!$HAVE_DLOPEN_FALSE$ac_delim -LIB_loadquery!$LIB_loadquery$ac_delim -AIX_DYNAMIC_AFS_TRUE!$AIX_DYNAMIC_AFS_TRUE$ac_delim -AIX_DYNAMIC_AFS_FALSE!$AIX_DYNAMIC_AFS_FALSE$ac_delim -AIX_EXTRA_KAFS!$AIX_EXTRA_KAFS$ac_delim -IRIX_TRUE!$IRIX_TRUE$ac_delim -IRIX_FALSE!$IRIX_FALSE$ac_delim -XMKMF!$XMKMF$ac_delim -X_CFLAGS!$X_CFLAGS$ac_delim -X_PRE_LIBS!$X_PRE_LIBS$ac_delim -X_LIBS!$X_LIBS$ac_delim -X_EXTRA_LIBS!$X_EXTRA_LIBS$ac_delim -HAVE_X_TRUE!$HAVE_X_TRUE$ac_delim -HAVE_X_FALSE!$HAVE_X_FALSE$ac_delim -LIB_XauWriteAuth!$LIB_XauWriteAuth$ac_delim -LIB_XauReadAuth!$LIB_XauReadAuth$ac_delim -LIB_XauFileName!$LIB_XauFileName$ac_delim -NEED_WRITEAUTH_TRUE!$NEED_WRITEAUTH_TRUE$ac_delim -NEED_WRITEAUTH_FALSE!$NEED_WRITEAUTH_FALSE$ac_delim -LIB_logwtmp!$LIB_logwtmp$ac_delim -LIB_logout!$LIB_logout$ac_delim -LIB_openpty!$LIB_openpty$ac_delim -LIB_tgetent!$LIB_tgetent$ac_delim -LIB_getpwnam_r!$LIB_getpwnam_r$ac_delim -LIB_door_create!$LIB_door_create$ac_delim -KCM_TRUE!$KCM_TRUE$ac_delim -KCM_FALSE!$KCM_FALSE$ac_delim -FRAMEWORK_SECURITY_TRUE!$FRAMEWORK_SECURITY_TRUE$ac_delim -FRAMEWORK_SECURITY_FALSE!$FRAMEWORK_SECURITY_FALSE$ac_delim -LIB_el_init!$LIB_el_init$ac_delim -el_compat_TRUE!$el_compat_TRUE$ac_delim -el_compat_FALSE!$el_compat_FALSE$ac_delim -COMPILE_ET!$COMPILE_ET$ac_delim -COM_ERR_TRUE!$COM_ERR_TRUE$ac_delim -COM_ERR_FALSE!$COM_ERR_FALSE$ac_delim -DIR_com_err!$DIR_com_err$ac_delim -LIB_com_err!$LIB_com_err$ac_delim -LIB_com_err_a!$LIB_com_err_a$ac_delim -LIB_com_err_so!$LIB_com_err_so$ac_delim -LIB_AUTH_SUBDIRS!$LIB_AUTH_SUBDIRS$ac_delim -LTLIBOBJS!$LTLIBOBJS$ac_delim -_ACEOF - - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 55; then - break - elif $ac_last_try; then - { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` -if test -n "$ac_eof"; then - ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` - ac_eof=`expr $ac_eof + 1` -fi - -cat >>$CONFIG_STATUS <<_ACEOF -cat >"\$tmp/subs-3.sed" <<\CEOF$ac_eof -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end -_ACEOF -sed ' -s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g -s/^/s,@/; s/!/@,|#_!!_#|/ -:n -t n -s/'"$ac_delim"'$/,g/; t -s/$/\\/; p -N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n -' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF -:end -s/|#_!!_#|//g -CEOF$ac_eof -_ACEOF - - # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty @@ -53892,20 +29972,128 @@ s/^[^=]*=[ ]*$// }' fi -cat >>$CONFIG_STATUS <<\_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF -for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_t=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_t"; then + break + elif $ac_last_try; then + as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 -echo "$as_me: error: Invalid tag $ac_tag." >&2;} - { (exit 1); exit 1; }; };; + :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -53933,26 +30121,34 @@ echo "$as_me: error: Invalid tag $ac_tag." >&2;} [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 -echo "$as_me: error: cannot find input file: $ac_f" >&2;} - { (exit 1); exit 1; }; };; + as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac - ac_file_inputs="$ac_file_inputs $ac_f" + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ - configure_input="Generated from "`IFS=: - echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure." + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" - { echo "$as_me:$LINENO: creating $ac_file" >&5 -echo "$as_me: creating $ac_file" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac case $ac_tag in - *:-:* | *:-) cat >"$tmp/stdin";; + *:-:* | *:-) cat >"$tmp/stdin" \ + || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -53962,7 +30158,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -echo X"$ac_file" | +$as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -53980,55 +30176,15 @@ echo X"$ac_file" | q } s/.*/./; q'` - { as_dir="$ac_dir" - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 -echo "$as_me: error: cannot create directory $as_dir" >&2;} - { (exit 1); exit 1; }; }; } + as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -54073,12 +30229,12 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix esac _ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= - -case `sed -n '/datarootdir/ { +ac_sed_dataroot=' +/datarootdir/ { p q } @@ -54086,36 +30242,37 @@ case `sed -n '/datarootdir/ { /@docdir@/p /@infodir@/p /@localedir@/p -/@mandir@/p -' $ac_file_inputs` in +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF -cat >>$CONFIG_STATUS <<_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g - s&\\\${datarootdir}&$datarootdir&g' ;; + s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? -cat >>$CONFIG_STATUS <<_ACEOF - sed "$ac_vpsub +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub $extrasub _ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b -s&@configure_input@&$configure_input&;t t +s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t @@ -54126,135 +30283,65 @@ s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack -" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" | sed -f "$tmp/subs-3.sed" >$tmp/out +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ + || as_fn_error "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && - { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 -echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in - -) cat "$tmp/out"; rm -f "$tmp/out";; - *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;; - esac + -) cat "$tmp/out" && rm -f "$tmp/out";; + *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; + esac \ + || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # -_ACEOF - -# Transform confdefs.h into a sed script `conftest.defines', that -# substitutes the proper values into config.h.in to produce config.h. -rm -f conftest.defines conftest.tail -# First, append a space to every undef/define line, to ease matching. -echo 's/$/ /' >conftest.defines -# Then, protect against being on the right side of a sed subst, or in -# an unquoted here document, in config.status. If some macros were -# called several times there might be several #defines for the same -# symbol, which is useless. But do not sort them, since the last -# AC_DEFINE must be honored. -ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* -# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where -# NAME is the cpp macro being defined, VALUE is the value it is being given. -# PARAMS is the parameter list in the macro definition--in most cases, it's -# just an empty string. -ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*' -ac_dB='\\)[ (].*,\\1define\\2' -ac_dC=' ' -ac_dD=' ,' - -uniq confdefs.h | - sed -n ' - t rset - :rset - s/^[ ]*#[ ]*define[ ][ ]*// - t ok - d - :ok - s/[\\&,]/\\&/g - s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p - s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p - ' >>conftest.defines - -# Remove the space that was appended to ease matching. -# Then replace #undef with comments. This is necessary, for -# example, in the case of _POSIX_SOURCE, which is predefined and required -# on some systems where configure will not decide to define it. -# (The regexp can be short, since the line contains either #define or #undef.) -echo 's/ $// -s,^[ #]*u.*,/* & */,' >>conftest.defines - -# Break up conftest.defines: -ac_max_sed_lines=50 - -# First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1" -# Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2" -# Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1" -# et cetera. -ac_in='$ac_file_inputs' -ac_out='"$tmp/out1"' -ac_nxt='"$tmp/out2"' - -while : -do - # Write a here document: - cat >>$CONFIG_STATUS <<_ACEOF - # First, check the format of the line: - cat >"\$tmp/defines.sed" <<\\CEOF -/^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def -/^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def -b -:def -_ACEOF - sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS - echo 'CEOF - sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS - ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in - sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail - grep . conftest.tail >/dev/null || break - rm -f conftest.defines - mv conftest.tail conftest.defines -done -rm -f conftest.defines conftest.tail - -echo "ac_result=$ac_in" >>$CONFIG_STATUS -cat >>$CONFIG_STATUS <<\_ACEOF if test x"$ac_file" != x-; then - echo "/* $configure_input */" >"$tmp/config.h" - cat "$ac_result" >>"$tmp/config.h" - if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then - { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 -echo "$as_me: $ac_file is unchanged" >&6;} + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" + } >"$tmp/config.h" \ + || as_fn_error "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} else - rm -f $ac_file - mv "$tmp/config.h" $ac_file + rm -f "$ac_file" + mv "$tmp/config.h" "$ac_file" \ + || as_fn_error "could not create $ac_file" "$LINENO" 5 fi else - echo "/* $configure_input */" - cat "$ac_result" + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error "could not create -" "$LINENO" 5 fi - rm -f "$tmp/out12" -# Compute $ac_file's index in $config_headers. +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in - $ac_file | $ac_file:* ) + $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done -echo "timestamp for $ac_file" >`$as_dirname -- $ac_file || -$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X$ac_file : 'X\(//\)[^/]' \| \ - X$ac_file : 'X\(//\)$' \| \ - X$ac_file : 'X\(/\)' \| . 2>/dev/null || -echo X$ac_file | +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -54274,17 +30361,751 @@ echo X$ac_file | s/.*/./; q'`/stamp-h$_am_stamp_count ;; - + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; esac + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, +# Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +# The names of the tagged configurations supported by this script. +available_tags="" + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and in which our libraries should be installed. +lt_sysroot=$lt_sysroot + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# If ld is used when linking, flag to hardcode \$libdir into a binary +# during linking. This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \${shlibpath_var} if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain="$ac_aux_dir/ltmain.sh" + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + if test x"$xsi_shell" = xyes; then + sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ +func_dirname ()\ +{\ +\ case ${1} in\ +\ */*) func_dirname_result="${1%/*}${2}" ;;\ +\ * ) func_dirname_result="${3}" ;;\ +\ esac\ +} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_basename ()$/,/^} # func_basename /c\ +func_basename ()\ +{\ +\ func_basename_result="${1##*/}"\ +} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ +func_dirname_and_basename ()\ +{\ +\ case ${1} in\ +\ */*) func_dirname_result="${1%/*}${2}" ;;\ +\ * ) func_dirname_result="${3}" ;;\ +\ esac\ +\ func_basename_result="${1##*/}"\ +} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ +func_stripname ()\ +{\ +\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ +\ # positional parameters, so assign one to ordinary parameter first.\ +\ func_stripname_result=${3}\ +\ func_stripname_result=${func_stripname_result#"${1}"}\ +\ func_stripname_result=${func_stripname_result%"${2}"}\ +} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ +func_split_long_opt ()\ +{\ +\ func_split_long_opt_name=${1%%=*}\ +\ func_split_long_opt_arg=${1#*=}\ +} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ +func_split_short_opt ()\ +{\ +\ func_split_short_opt_arg=${1#??}\ +\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ +} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ +func_lo2o ()\ +{\ +\ case ${1} in\ +\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ +\ *) func_lo2o_result=${1} ;;\ +\ esac\ +} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_xform ()$/,/^} # func_xform /c\ +func_xform ()\ +{\ + func_xform_result=${1%.*}.lo\ +} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_arith ()$/,/^} # func_arith /c\ +func_arith ()\ +{\ + func_arith_result=$(( $* ))\ +} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_len ()$/,/^} # func_len /c\ +func_len ()\ +{\ + func_len_result=${#1}\ +} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + +fi + +if test x"$lt_shell_append" = xyes; then + sed -e '/^func_append ()$/,/^} # func_append /c\ +func_append ()\ +{\ + eval "${1}+=\\${2}"\ +} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ +func_append_quoted ()\ +{\ +\ func_quote_for_eval "${2}"\ +\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ +} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + # Save a `func_append' function call where possible by direct use of '+=' + sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +else + # Save a `func_append' function call even when '+=' is not available + sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +fi + +if test x"$_lt_function_replace_fail" = x":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 +$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} +fi + + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + ;; + + esac done # for ac_tag -{ (exit 0); exit 0; } +as_fn_exit 0 _ACEOF -chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save +test $ac_write_fail = 0 || + as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 + # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. @@ -54304,14 +31125,166 @@ if test "$no_create" != yes; then exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || { (exit 1); exit 1; } + $ac_cs_success || as_fn_exit $? +fi + +# +# CONFIG_SUBDIRS section. +# +if test "$no_recursion" != yes; then + + # Remove --cache-file, --srcdir, and --disable-option-checking arguments + # so they do not pile up. + ac_sub_configure_args= + ac_prev= + eval "set x $ac_configure_args" + shift + for ac_arg + do + if test -n "$ac_prev"; then + ac_prev= + continue + fi + case $ac_arg in + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \ + | --c=*) + ;; + --config-cache | -C) + ;; + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + ;; + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + ;; + --disable-option-checking) + ;; + *) + case $ac_arg in + *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append ac_sub_configure_args " '$ac_arg'" ;; + esac + done + + # Always prepend --prefix to ensure using the same prefix + # in subdir configurations. + ac_arg="--prefix=$prefix" + case $ac_arg in + *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args" + + # Pass --silent + if test "$silent" = yes; then + ac_sub_configure_args="--silent $ac_sub_configure_args" + fi + + # Always prepend --disable-option-checking to silence warnings, since + # different subdirs can have different --enable and --with options. + ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args" + + ac_popdir=`pwd` + for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue + + # Do not complain, so a configure script can configure whichever + # parts of a large source tree are present. + test -d "$srcdir/$ac_dir" || continue + + ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)" + $as_echo "$as_me:${as_lineno-$LINENO}: $ac_msg" >&5 + $as_echo "$ac_msg" >&6 + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + cd "$ac_dir" + + # Check for guested configure; otherwise get Cygnus style configure. + if test -f "$ac_srcdir/configure.gnu"; then + ac_sub_configure=$ac_srcdir/configure.gnu + elif test -f "$ac_srcdir/configure"; then + ac_sub_configure=$ac_srcdir/configure + elif test -f "$ac_srcdir/configure.in"; then + # This should be Cygnus configure. + ac_sub_configure=$ac_aux_dir/configure + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no configuration information is in $ac_dir" >&5 +$as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2;} + ac_sub_configure= + fi + + # The recursion is here. + if test -n "$ac_sub_configure"; then + # Make the cache file name correct relative to the subdirectory. + case $cache_file in + [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;; + *) # Relative name. + ac_sub_cache_file=$ac_top_build_prefix$cache_file ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5 +$as_echo "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;} + # The eval makes quoting arguments work. + eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \ + --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" || + as_fn_error "$ac_sub_configure failed for $ac_dir" "$LINENO" 5 + fi + + cd "$ac_popdir" + done +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi cat > include/newversion.h.in < -#include ], -[-lldap -llber],,,OPENLDAP) - -AC_ARG_ENABLE(hdb-openldap-module, - AS_HELP_STRING([--enable-hdb-openldap-module], - [if you want support to build openldap hdb as shared object])) -if test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes; then - AC_DEFINE(OPENLDAP_MODULE, 1, [Define if you want support for hdb ldap module]) -fi -AM_CONDITIONAL(OPENLDAP_MODULE, test "$enable_hdb_openldap_module" = yes -a "$with_openldap" = yes) - -AC_ARG_ENABLE(pk-init, - AS_HELP_STRING([--disable-pk-init], - [if you want disable to PK-INIT support])) -if test "$enable_pk_init" != no ;then - AC_DEFINE([PKINIT], 1, [Define to enable PKINIT.]) -fi -AM_CONDITIONAL(PKINIT, test "$enable_pk_init" != no) - - -dnl path where the hdb directory is stored -AC_ARG_WITH([hdbdir], - [AC_HELP_STRING([--with-hdbdir], - [Default location for KDC database @<:@default=/var/heimdal@:>@])], - [], - [with_hdbdir=/var/heimdal]) -DIR_hdbdir="$with_hdbdir" -AC_SUBST([DIR_hdbdir]) - - -dnl no kerberos4 any more -with_krb4=no -AC_SUBST(INCLUDE_krb4) -AC_SUBST(LIB_krb4) -AM_CONDITIONAL(KRB4, false) - -AM_CONDITIONAL(KRB5, true) -AM_CONDITIONAL(do_roken_rename, true) - -AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl -AC_SUBST(LIB_kdb)dnl - -KRB_CRYPTO - -KRB_PTHREADS - -AC_ARG_ENABLE(dce, - AS_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's])) -if test "$enable_dce" = yes; then - AC_DEFINE(DCE, 1, [Define if you want support for DCE/DFS PAG's.]) -fi -AM_CONDITIONAL(DCE, test "$enable_dce" = yes) - -## XXX quite horrible: -if test -f /etc/ibmcxx.cfg; then - dpagaix_ldadd=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/libraries/{;s/^[[^=]]*=\(.*\)/\1/;s/,/ /gp;}'` - dpagaix_cflags=`sed -n '/^xlc_r4/,/^$/p' /etc/ibmcxx.cfg | sed -n -e '/options/{;s/^[[^=]]*=\(.*\)/\1/;s/-q[^,]*//;s/,/ /gp;}'` - dpagaix_ldflags= -else - dpagaix_cflags="-D_THREAD_SAFE -D_AIX_PTHREADS_D7 -D_AIX32_THREADS=1 -D_AES_SOURCE -D_AIX41 -I/usr/include/dce" - dpagaix_ldadd="-L/usr/lib/threads -ldcelibc_r -ldcepthreads -lpthreads_compat lpthreads -lc_r" - dpagaix_ldflags="-Wl,-bI:dfspag.exp" -fi -AC_SUBST(dpagaix_cflags) -AC_SUBST(dpagaix_ldadd) -AC_SUBST(dpagaix_ldflags) - -AC_ARG_ENABLE([afs-support], - AC_HELP_STRING([--disable-afs-support], - [if you don't want support for AFS])) -if test "$enable_afs_support" = no; then - AC_DEFINE(NO_AFS, 1, [Define if you don't wan't support for AFS.]) -fi - -rk_DB - -dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken]) - -rk_ROKEN(lib/roken) -LIBADD_roken="$LIB_roken" -AC_SUBST(LIBADD_roken)dnl -LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken" - -rk_OTP - -AC_CHECK_OSFC2 - -AC_ARG_ENABLE(mmap, - AS_HELP_STRING([--disable-mmap],[disable use of mmap])) -if test "$enable_mmap" = "no"; then - AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.]) -fi - -AC_ARG_ENABLE(afs-string-to-key, - AS_HELP_STRING([--disable-afs-string-to-key], - [disable use of weak AFS string-to-key functions]), - [], [enable_afs_string_to_key=yes]) - -if test "$enable_afs_string_to_key" = "yes"; then - AC_DEFINE(ENABLE_AFS_STRING_TO_KEY, 1, [Define if want to use the weak AFS string to key functions.]) -fi - - -rk_CHECK_MAN - -rk_TEST_PACKAGE(readline, -[#include - #include ],-lreadline,,, READLINE) - -rk_TEST_PACKAGE(hesiod,[#include ],-lhesiod,,, HESIOD) - -KRB_C_BIGENDIAN -AC_C_INLINE - -rk_AIX -rk_IRIX -rk_SUNOS - -KRB_CHECK_X - -AM_CONDITIONAL(HAVE_X, test "$no_x" != yes) - -AC_CHECK_XAU - -dnl AM_C_PROTOTYPES - -dnl Checks for typedefs, structures, and compiler characteristics. -AC_C_CONST -AC_TYPE_OFF_T -AC_CHECK_TYPE_EXTRA(mode_t, unsigned short, []) -AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include ]) -AC_HAVE_TYPE([long long]) -AC_HEADER_TIME -AC_STRUCT_TM - -dnl Checks for header files. -AC_HEADER_STDC - -AC_CHECK_HEADERS([\ - arpa/ftp.h \ - arpa/telnet.h \ - bind/bitypes.h \ - bsdsetjmp.h \ - curses.h \ - dlfcn.h \ - fnmatch.h \ - inttypes.h \ - io.h \ - libutil.h \ - limits.h \ - maillock.h \ - netgroup.h \ - netinet/in6_machtypes.h \ - netinfo/ni.h \ - pthread.h \ - pty.h \ - sac.h \ - sgtty.h \ - siad.h \ - signal.h \ - strings.h \ - stropts.h \ - sys/bitypes.h \ - sys/category.h \ - sys/file.h \ - sys/filio.h \ - sys/ioccom.h \ - sys/mman.h \ - sys/param.h \ - sys/pty.h \ - sys/ptyio.h \ - sys/select.h \ - sys/socket.h \ - sys/str_tty.h \ - sys/stream.h \ - sys/stropts.h \ - sys/syscall.h \ - sys/termio.h \ - sys/timeb.h \ - sys/times.h \ - sys/types.h \ - sys/un.h \ - termcap.h \ - termio.h \ - termios.h \ - time.h \ - tmpdir.h \ - udb.h \ - util.h \ - utmp.h \ - utmpx.h \ -]) - -dnl On Solaris 8 there's a compilation warning for term.h because -dnl it doesn't define `bool'. -AC_CHECK_HEADERS(term.h, , , -) - -AC_CHECK_HEADERS(net/if.h, , , [AC_INCLUDES_DEFAULT -#if HAVE_SYS_SOCKET_H -#include -#endif]) - -AC_CHECK_HEADERS(sys/ptyvar.h, , , [AC_INCLUDES_DEFAULT -#if HAVE_SYS_TTY_H -#include -#endif]) - -AC_CHECK_HEADERS(sys/strtty.h, , , [AC_INCLUDES_DEFAULT -#if HAVE_TERMIOS_H -#include -#endif -#if HAVE_SYS_STREAM_H -#include -#endif]) - -AC_CHECK_HEADERS(sys/ucred.h, , , [AC_INCLUDES_DEFAULT -#if HAVE_SYS_TYPES_H -#include -#endif -#if HAVE_SYS_PARAM_H -#include -#endif]) - -AC_CHECK_HEADERS(security/pam_modules.h, , , [AC_INCLUDES_DEFAULT -#include -]) - -AC_ARG_ENABLE(netinfo, - AS_HELP_STRING([--enable-netinfo],[enable netinfo for configuration lookup])) - -if test "$ac_cv_header_netinfo_ni_h" = yes -a "$enable_netinfo" = yes; then - AC_DEFINE(HAVE_NETINFO, 1, - [Define if you want to use Netinfo instead of krb5.conf.]) -fi - -dnl export symbols -rk_WIN32_EXPORT(BUILD_KRB5_LIB, KRB5_LIB_FUNCTION) -rk_WIN32_EXPORT(BUILD_ROKEN_LIB, ROKEN_LIB_FUNCTION) - -dnl Checks for libraries. - -AC_FIND_FUNC_NO_LIBS(logwtmp, util,[ -#ifdef HAVE_UTIL_H -#include -#endif -],[0,0,0]) -AC_FIND_FUNC_NO_LIBS(logout, util,[ -#ifdef HAVE_UTIL_H -#include -#endif -],[0]) -AC_FIND_FUNC_NO_LIBS(openpty, util,[ -#ifdef HAVE_UTIL_H -#include -#endif -],[0,0,0,0,0]) - -AC_FIND_FUNC_NO_LIBS(tgetent, termcap ncurses curses,[ -#ifdef HAVE_TERMCAP_H -#include -#endif -#ifdef HAVE_CURSES_H -#include -#endif -],[0,0]) - -dnl Checks for library functions. - -AC_CHECK_FUNCS([ \ - _getpty \ - _scrsize \ - arc4random \ - fcntl \ - getpeereid \ - getpeerucred \ - grantpt \ - mktime \ - ptsname \ - rand \ - revoke \ - select \ - setitimer \ - setpcred \ - setpgid \ - setproctitle \ - setregid \ - setresgid \ - setresuid \ - setreuid \ - setsid \ - setutent \ - sigaction \ - strstr \ - ttyname \ - ttyslot \ - umask \ - unlockpt \ - vhangup \ - yp_get_default_domain \ -]) - -AC_FUNC_MMAP - -KRB_CAPABILITIES - -AC_CHECK_GETPWNAM_R_POSIX - -dnl detect doors on solaris -if test "$enable_pthread_support" != no; then - saved_LIBS="$LIBS" - LIBS="$LIBS $PTHREADS_LIBS" - AC_FIND_FUNC_NO_LIBS(door_create, door) - LIBS="$saved_LIBS" -fi - -AC_ARG_ENABLE(kcm, - AS_HELP_STRING([--enable-kcm],[enable Kerberos Credentials Manager]), -,[enable_kcm=yes]) - -if test "$enable_kcm" = yes ; then - if test "$ac_cv_header_sys_un_h" != yes -a "$ac_cv_funclib_door_create" != yes ; then - enable_kcm=no - fi -fi -if test "$enable_kcm" = yes; then - AC_DEFINE(HAVE_KCM, 1, - [Define if you want to use the Kerberos Credentials Manager.]) -fi -AM_CONDITIONAL(KCM, test "$enable_kcm" = yes) - - - -dnl Cray stuff -AC_CHECK_FUNCS(getudbnam setlim) - -dnl AC_KRB_FUNC_GETCWD_BROKEN - -dnl -dnl Check for fields in struct utmp -dnl - -AC_HAVE_STRUCT_FIELD(struct utmp, ut_addr, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_host, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_id, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_pid, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_type, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmp, ut_user, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_exit, [#include ]) -AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen, [#include ]) - -AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, - u_int8_t, u_int16_t, u_int32_t, u_int64_t, - uint8_t, uint16_t, uint32_t, uint64_t],,,[ -#ifdef HAVE_INTTYPES_H -#include -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_BITYPES_H -#include -#endif -#ifdef HAVE_BIND_BITYPES_H -#include -#endif -#ifdef HAVE_NETINET_IN6_MACHTYPES_H -#include -#endif -]) - -rk_FRAMEWORK_SECURITY - -KRB_READLINE - -rk_TELNET - -dnl Some operating systems already have com_err and compile_et -CHECK_COMPILE_ET - -rk_AUTH_MODULES([sia afskauthlib]) - -rk_DESTDIRS - -rk_WFLAGS([-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs]) - - -AH_BOTTOM([#ifdef ROKEN_RENAME -#include "roken_rename.h" -#endif]) - -AC_CONFIG_FILES(Makefile \ - etc/Makefile \ - include/Makefile \ - include/gssapi/Makefile \ - include/hcrypto/Makefile \ - include/kadm5/Makefile \ - lib/Makefile \ - lib/45/Makefile \ - lib/auth/Makefile \ - lib/auth/afskauthlib/Makefile \ - lib/auth/pam/Makefile \ - lib/auth/sia/Makefile \ - lib/asn1/Makefile \ - lib/com_err/Makefile \ - lib/hcrypto/Makefile \ - lib/editline/Makefile \ - lib/hx509/Makefile \ - lib/gssapi/Makefile \ - lib/ntlm/Makefile \ - lib/hdb/Makefile \ - lib/kadm5/Makefile \ - lib/kafs/Makefile \ - lib/kdfs/Makefile \ - lib/krb5/Makefile \ - lib/otp/Makefile \ - lib/roken/Makefile \ - lib/sl/Makefile \ - lib/vers/Makefile \ - kuser/Makefile \ - kpasswd/Makefile \ - kadmin/Makefile \ - admin/Makefile \ - kcm/Makefile \ - kdc/Makefile \ - appl/Makefile \ - appl/afsutil/Makefile \ - appl/ftp/Makefile \ - appl/ftp/common/Makefile \ - appl/ftp/ftp/Makefile \ - appl/ftp/ftpd/Makefile \ - appl/gssmask/Makefile \ - appl/kx/Makefile \ - appl/login/Makefile \ - appl/otp/Makefile \ - appl/popper/Makefile \ - appl/push/Makefile \ - appl/rsh/Makefile \ - appl/rcp/Makefile \ - appl/su/Makefile \ - appl/xnlock/Makefile \ - appl/telnet/Makefile \ - appl/telnet/libtelnet/Makefile \ - appl/telnet/telnet/Makefile \ - appl/telnet/telnetd/Makefile \ - appl/test/Makefile \ - appl/kf/Makefile \ - appl/dceutils/Makefile \ - tests/Makefile \ - tests/can/Makefile \ - tests/db/Makefile \ - tests/kdc/Makefile \ - tests/ldap/Makefile \ - tests/gss/Makefile \ - tests/java/Makefile \ - tests/plugin/Makefile \ - packages/Makefile \ - packages/mac/Makefile \ - packages/debian/Makefile \ - doc/Makefile \ - tools/Makefile \ -) - -AC_OUTPUT - -dnl -dnl This is the release version name-number[beta] -dnl - -cat > include/newversion.h.in </dev/null | sed 1q` - Date=`date` - mv -f include/newversion.h.in include/version.h.in - sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h -fi diff --git a/crypto/heimdal/doc/Makefile.am b/crypto/heimdal/doc/Makefile.am index 87473fe0a3d..0f495704633 100644 --- a/crypto/heimdal/doc/Makefile.am +++ b/crypto/heimdal/doc/Makefile.am @@ -1,10 +1,10 @@ -# $Id: Makefile.am 22284 2007-12-13 20:39:37Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common AUTOMAKE_OPTIONS = no-texinfo.tex -MAKEINFOFLAGS = --no-split --css-include=$(srcdir)/heimdal.css +MAKEINFOFLAGS = --css-include=$(srcdir)/heimdal.css TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles @@ -14,6 +14,26 @@ dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ -e 's,[@]objdir[@],.,g' \ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' +hcrypto.dxy: hcrypto.din Makefile + $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp + chmod +x hcrypto.dxy.tmp + mv hcrypto.dxy.tmp hcrypto.dxy + +hdb.dxy: hdb.din Makefile + $(dxy_subst) < $(srcdir)/hdb.din > hdb.dxy.tmp + chmod +x hdb.dxy.tmp + mv hdb.dxy.tmp hdb.dxy + +hx509.dxy: hx509.din Makefile + $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp + chmod +x hx509.dxy.tmp + mv hx509.dxy.tmp hx509.dxy + +gssapi.dxy: gssapi.din Makefile + $(dxy_subst) < $(srcdir)/gssapi.din > gssapi.dxy.tmp + chmod +x gssapi.dxy.tmp + mv gssapi.dxy.tmp gssapi.dxy + krb5.dxy: krb5.din Makefile $(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp chmod +x krb5.dxy.tmp @@ -24,16 +44,10 @@ ntlm.dxy: ntlm.din Makefile chmod +x ntlm.dxy.tmp mv ntlm.dxy.tmp ntlm.dxy -hx509.dxy: hx509.din Makefile - $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp - chmod +x hx509.dxy.tmp - mv hx509.dxy.tmp hx509.dxy - -hcrypto.dxy: hcrypto.din Makefile - $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp - chmod +x hcrypto.dxy.tmp - mv hcrypto.dxy.tmp hcrypto.dxy - +wind.dxy: wind.din Makefile + $(dxy_subst) < $(srcdir)/wind.din > wind.dxy.tmp + chmod +x wind.dxy.tmp + mv wind.dxy.tmp wind.dxy texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' @@ -43,15 +57,51 @@ vars.texi: vars.tin Makefile chmod +x vars.texi.tmp mv vars.texi.tmp vars.texi -doxygen: krb5.dxy ntlm.dxy hx509.dxy hcrypto.dxy - doxygen krb5.dxy - doxygen ntlm.dxy - doxygen hx509.dxy - doxygen hcrypto.dxy +PROJECTS = hcrypto hdb hx509 gssapi krb5 ntlm wind + +doxyout doxygen: hdb.dxy hx509.dxy hcrypto.dxy gssapi.dxy krb5.dxy ntlm.dxy wind.dxy + @find $(srcdir)/doxyout -type d ! -perm -200 -exec chmod u+w {} ';' ; \ + rm -rf $(srcdir)/doxyout ; \ + mkdir $(srcdir)/doxyout ; \ + for a in $(PROJECTS) ; do \ + echo $$a ; \ + doxygen $$a.dxy; \ + (cd $(srcdir)/doxyout && find $$a/man -type f > $$a/manpages ) ; \ + done + +install-data-hook: install-doxygen-manpage +uninstall-hook: uninstall-doxygen-manpage +dist-hook: doxygen + +install-doxygen-manpage: + for a in $(PROJECTS) ; do \ + f="$(srcdir)/doxyout/$$a/manpages" ; \ + test -f $$f || continue ; \ + echo "install $$a manual pages $$(wc -l < $$f)" ; \ + while read x ; do \ + section=`echo "$$x" | sed 's/.*\.\([0-9]\)/\1/'` ; \ + $(mkinstalldirs) "$(DESTDIR)$(mandir)/man$$section" ; \ + $(INSTALL_DATA) $(srcdir)/doxyout/$$x "$(DESTDIR)$(mandir)/man$$section" ; \ + done < $$f ; \ + done ; exit 0 + +uninstall-doxygen-manpage: + @for a in $(PROJECTS) ; do \ + f="$(srcdir)/doxyout/$$a/manpages" ; \ + test -f $$f || continue ; \ + echo "removing $$a manual pages" ; \ + while read x ; do \ + section=`echo "$$x" | sed 's/.*\.\([0-9]\)/\1/'` ; \ + base=`basename $$x` ; \ + rm "$(DESTDIR)$(mandir)/man$$section/$$base" ; \ + done < $$f ; \ + done + heimdal_TEXINFOS = \ ack.texi \ apps.texi \ + copyright.texi \ heimdal.texi \ install.texi \ intro.texi \ @@ -65,21 +115,30 @@ heimdal_TEXINFOS = \ win2k.texi EXTRA_DIST = \ + NTMakefile \ + doxyout \ + footer.html \ + gssapi.din \ + hdb.din \ + hcrypto.din \ + header.html \ + heimdal.css \ + hx509.din \ krb5.din \ ntlm.din \ - hx509.din \ - hcrypto.din \ - heimdal.css \ init-creds \ latin1.tex \ layman.asc \ doxytmpl.dxy \ + wind.din \ vars.tin CLEANFILES = \ + hcrypto.dxy* \ + hx509.dxy* \ + hdb.dxy* \ + gssapi.dxy* \ krb5.dxy* \ ntlm.dxy* \ - hx509.dxy* \ - hcrypto.dxy* \ + wind.dxy* \ vars.texi* - diff --git a/crypto/heimdal/doc/Makefile.in b/crypto/heimdal/doc/Makefile.in index b79a7e33ece..01b5d7f6c16 100644 --- a/crypto/heimdal/doc/Makefile.in +++ b/crypto/heimdal/doc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 22284 2007-12-13 20:39:37Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(heimdal_TEXINFOS) $(srcdir)/Makefile.am \ subdir = doc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = INFO_DEPS = $(srcdir)/heimdal.info $(srcdir)/hx509.info @@ -109,55 +113,79 @@ am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -181,10 +209,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -201,6 +230,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -216,31 +247,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -255,10 +300,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -299,32 +346,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la AUTOMAKE_OPTIONS = no-texinfo.tex -MAKEINFOFLAGS = --no-split --css-include=$(srcdir)/heimdal.css +MAKEINFOFLAGS = --css-include=$(srcdir)/heimdal.css TEXI2DVI = true # ARGH, make distcheck can't be disabled to not build dvifiles info_TEXINFOS = heimdal.texi hx509.texi dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ @@ -334,9 +386,11 @@ dxy_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ texi_subst = sed -e 's,[@]dbdir[@],$(localstatedir),g' \ -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' +PROJECTS = hcrypto hdb hx509 gssapi krb5 ntlm wind heimdal_TEXINFOS = \ ack.texi \ apps.texi \ + copyright.texi \ heimdal.texi \ install.texi \ intro.texi \ @@ -350,40 +404,50 @@ heimdal_TEXINFOS = \ win2k.texi EXTRA_DIST = \ + NTMakefile \ + doxyout \ + footer.html \ + gssapi.din \ + hdb.din \ + hcrypto.din \ + header.html \ + heimdal.css \ + hx509.din \ krb5.din \ ntlm.din \ - hx509.din \ - hcrypto.din \ - heimdal.css \ init-creds \ latin1.tex \ layman.asc \ doxytmpl.dxy \ + wind.din \ vars.tin CLEANFILES = \ + hcrypto.dxy* \ + hx509.dxy* \ + hdb.dxy* \ + gssapi.dxy* \ krb5.dxy* \ ntlm.dxy* \ - hx509.dxy* \ - hcrypto.dxy* \ + wind.dxy* \ vars.texi* all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .html .info .pdf .ps .texi +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .html .info .pdf .ps .texi $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps doc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps doc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -401,6 +465,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -410,7 +475,7 @@ clean-libtool: .texi.info: restore=: && backupdir="$(am__leading_dot)am$$$$" && \ - am__cwd=`pwd` && cd $(srcdir) && \ + am__cwd=`pwd` && $(am__cd) $(srcdir) && \ rm -rf $$backupdir && mkdir $$backupdir && \ if ($(MAKEINFO) --version) >/dev/null 2>&1; then \ for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \ @@ -422,10 +487,10 @@ clean-libtool: -o $@ $<; \ then \ rc=0; \ - cd $(srcdir); \ + $(am__cd) $(srcdir); \ else \ rc=$$?; \ - cd $(srcdir) && \ + $(am__cd) $(srcdir) && \ $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \ fi; \ rm -rf $$backupdir; exit $$rc @@ -467,16 +532,18 @@ hx509.html: hx509.texi uninstall-dvi-am: @$(NORMAL_UNINSTALL) - @list='$(DVIS)'; for p in $$list; do \ - f=$(am__strip_dir) \ + @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \ rm -f "$(DESTDIR)$(dvidir)/$$f"; \ done uninstall-html-am: @$(NORMAL_UNINSTALL) - @list='$(HTMLS)'; for p in $$list; do \ - f=$(am__strip_dir) \ + @list='$(HTMLS)'; test -n "$(htmldir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \ rm -rf "$(DESTDIR)$(htmldir)/$$f"; \ done @@ -490,7 +557,8 @@ uninstall-info-am: for file in $$list; do \ relfile=`echo "$$file" | sed 's|^.*/||'`; \ echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \ - install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \ + if install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \ + then :; else test ! -f "$(DESTDIR)$(infodir)/$$relfile" || exit 1; fi; \ done; \ else :; fi @$(NORMAL_UNINSTALL) @@ -506,16 +574,18 @@ uninstall-info-am: uninstall-pdf-am: @$(NORMAL_UNINSTALL) - @list='$(PDFS)'; for p in $$list; do \ - f=$(am__strip_dir) \ + @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \ rm -f "$(DESTDIR)$(pdfdir)/$$f"; \ done uninstall-ps-am: @$(NORMAL_UNINSTALL) - @list='$(PSS)'; for p in $$list; do \ - f=$(am__strip_dir) \ + @list='$(PSS)'; test -n "$(psdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \ rm -f "$(DESTDIR)$(psdir)/$$f"; \ done @@ -532,20 +602,25 @@ dist-info: $(INFO_DEPS) for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \ if test -f $$file; then \ relfile=`expr "$$file" : "$$d/\(.*\)"`; \ - test -f $(distdir)/$$relfile || \ - cp -p $$file $(distdir)/$$relfile; \ + test -f "$(distdir)/$$relfile" || \ + cp -p $$file "$(distdir)/$$relfile"; \ else :; fi; \ done; \ done mostlyclean-aminfo: - -rm -rf heimdal.aux heimdal.cp heimdal.cps heimdal.fn heimdal.fns heimdal.ky \ - heimdal.kys heimdal.log heimdal.pg heimdal.tmp heimdal.toc \ - heimdal.tp heimdal.tps heimdal.vr heimdal.vrs heimdal.dvi \ - heimdal.pdf heimdal.ps heimdal.html hx509.aux hx509.cp \ - hx509.cps hx509.fn hx509.fns hx509.ky hx509.kys hx509.log \ - hx509.pg hx509.tmp hx509.toc hx509.tp hx509.tps hx509.vr \ - hx509.vrs hx509.dvi hx509.pdf hx509.ps hx509.html + -rm -rf heimdal.aux heimdal.cp heimdal.cps heimdal.fn heimdal.fns \ + heimdal.ky heimdal.kys heimdal.log heimdal.pg heimdal.tmp \ + heimdal.toc heimdal.tp heimdal.tps heimdal.vr heimdal.vrs \ + hx509.aux hx509.cp hx509.cps hx509.fn hx509.fns hx509.ky \ + hx509.kys hx509.log hx509.pg hx509.tmp hx509.toc hx509.tp \ + hx509.tps hx509.vr hx509.vrs + +clean-aminfo: + -test -z "heimdal.dvi heimdal.pdf heimdal.ps heimdal.html hx509.dvi hx509.pdf \ + hx509.ps hx509.html" \ + || rm -rf heimdal.dvi heimdal.pdf heimdal.ps heimdal.html hx509.dvi hx509.pdf \ + hx509.ps hx509.html maintainer-clean-aminfo: @list='$(INFO_DEPS)'; for i in $$list; do \ @@ -576,13 +651,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -618,13 +697,14 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool mostlyclean-am +clean-am: clean-aminfo clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile @@ -645,47 +725,53 @@ info-am: $(INFO_DEPS) install-data-am: install-info-am @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am install-dvi-am: $(DVIS) @$(NORMAL_INSTALL) test -z "$(dvidir)" || $(MKDIR_P) "$(DESTDIR)$(dvidir)" - @list='$(DVIS)'; for p in $$list; do \ + @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(dvidir)/$$f'"; \ - $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(dvidir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dvidir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(dvidir)" || exit $$?; \ done install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am install-html-am: $(HTMLS) @$(NORMAL_INSTALL) test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)" - @list='$(HTMLS)'; for p in $$list; do \ + @list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \ + for p in $$list; do \ if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ + $(am__strip_dir) \ if test -d "$$d$$p"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \ $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \ echo " $(INSTALL_DATA) '$$d$$p'/* '$(DESTDIR)$(htmldir)/$$f'"; \ - $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f"; \ + $(INSTALL_DATA) "$$d$$p"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \ else \ - echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(htmldir)/$$f'"; \ - $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(htmldir)/$$f"; \ + list2="$$list2 $$d$$p"; \ fi; \ - done + done; \ + test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ + done; } install-info: install-info-am install-info-am: $(INFO_DEPS) @$(NORMAL_INSTALL) test -z "$(infodir)" || $(MKDIR_P) "$(DESTDIR)$(infodir)" @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - list='$(INFO_DEPS)'; \ + list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ for file in $$list; do \ case $$file in \ $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ @@ -693,18 +779,19 @@ install-info-am: $(INFO_DEPS) if test -f $$file; then d=.; else d=$(srcdir); fi; \ file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \ for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \ - $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \ + $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \ if test -f $$ifile; then \ - relfile=`echo "$$ifile" | sed 's|^.*/||'`; \ - echo " $(INSTALL_DATA) '$$ifile' '$(DESTDIR)$(infodir)/$$relfile'"; \ - $(INSTALL_DATA) "$$ifile" "$(DESTDIR)$(infodir)/$$relfile"; \ + echo "$$ifile"; \ else : ; fi; \ done; \ - done + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done @$(POST_INSTALL) @if (install-info --version && \ install-info --version 2>&1 | sed 1q | grep -i -v debian) >/dev/null 2>&1; then \ - list='$(INFO_DEPS)'; \ + list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ for file in $$list; do \ relfile=`echo "$$file" | sed 's|^.*/||'`; \ echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\ @@ -718,23 +805,27 @@ install-pdf: install-pdf-am install-pdf-am: $(PDFS) @$(NORMAL_INSTALL) test -z "$(pdfdir)" || $(MKDIR_P) "$(DESTDIR)$(pdfdir)" - @list='$(PDFS)'; for p in $$list; do \ + @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(pdfdir)/$$f'"; \ - $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(pdfdir)/$$f"; \ - done + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pdfdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pdfdir)" || exit $$?; done install-ps: install-ps-am install-ps-am: $(PSS) @$(NORMAL_INSTALL) test -z "$(psdir)" || $(MKDIR_P) "$(DESTDIR)$(psdir)" - @list='$(PSS)'; for p in $$list; do \ + @list='$(PSS)'; test -n "$(psdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(INSTALL_DATA) '$$d$$p' '$(DESTDIR)$(psdir)/$$f'"; \ - $(INSTALL_DATA) "$$d$$p" "$(DESTDIR)$(psdir)/$$f"; \ - done + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(psdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(psdir)" || exit $$?; done installcheck-am: maintainer-clean: maintainer-clean-am @@ -759,20 +850,19 @@ uninstall-am: uninstall-dvi-am uninstall-html-am uninstall-info-am \ uninstall-pdf-am uninstall-ps-am @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: all all-am all-local check check-am check-local clean \ - clean-generic clean-libtool dist-hook dist-info distclean \ - distclean-generic distclean-libtool distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-hook install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-aminfo \ + clean-aminfo clean-generic clean-libtool dist-hook dist-info \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-data-hook install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-aminfo \ maintainer-clean-generic mostlyclean mostlyclean-aminfo \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ uninstall uninstall-am uninstall-dvi-am uninstall-hook \ @@ -848,6 +938,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -933,7 +1026,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -947,6 +1040,26 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done +hcrypto.dxy: hcrypto.din Makefile + $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp + chmod +x hcrypto.dxy.tmp + mv hcrypto.dxy.tmp hcrypto.dxy + +hdb.dxy: hdb.din Makefile + $(dxy_subst) < $(srcdir)/hdb.din > hdb.dxy.tmp + chmod +x hdb.dxy.tmp + mv hdb.dxy.tmp hdb.dxy + +hx509.dxy: hx509.din Makefile + $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp + chmod +x hx509.dxy.tmp + mv hx509.dxy.tmp hx509.dxy + +gssapi.dxy: gssapi.din Makefile + $(dxy_subst) < $(srcdir)/gssapi.din > gssapi.dxy.tmp + chmod +x gssapi.dxy.tmp + mv gssapi.dxy.tmp gssapi.dxy + krb5.dxy: krb5.din Makefile $(dxy_subst) < $(srcdir)/krb5.din > krb5.dxy.tmp chmod +x krb5.dxy.tmp @@ -957,26 +1070,54 @@ ntlm.dxy: ntlm.din Makefile chmod +x ntlm.dxy.tmp mv ntlm.dxy.tmp ntlm.dxy -hx509.dxy: hx509.din Makefile - $(dxy_subst) < $(srcdir)/hx509.din > hx509.dxy.tmp - chmod +x hx509.dxy.tmp - mv hx509.dxy.tmp hx509.dxy - -hcrypto.dxy: hcrypto.din Makefile - $(dxy_subst) < $(srcdir)/hcrypto.din > hcrypto.dxy.tmp - chmod +x hcrypto.dxy.tmp - mv hcrypto.dxy.tmp hcrypto.dxy +wind.dxy: wind.din Makefile + $(dxy_subst) < $(srcdir)/wind.din > wind.dxy.tmp + chmod +x wind.dxy.tmp + mv wind.dxy.tmp wind.dxy vars.texi: vars.tin Makefile $(texi_subst) < $(srcdir)/vars.tin > vars.texi.tmp chmod +x vars.texi.tmp mv vars.texi.tmp vars.texi -doxygen: krb5.dxy ntlm.dxy hx509.dxy hcrypto.dxy - doxygen krb5.dxy - doxygen ntlm.dxy - doxygen hx509.dxy - doxygen hcrypto.dxy +doxyout doxygen: hdb.dxy hx509.dxy hcrypto.dxy gssapi.dxy krb5.dxy ntlm.dxy wind.dxy + @find $(srcdir)/doxyout -type d ! -perm -200 -exec chmod u+w {} ';' ; \ + rm -rf $(srcdir)/doxyout ; \ + mkdir $(srcdir)/doxyout ; \ + for a in $(PROJECTS) ; do \ + echo $$a ; \ + doxygen $$a.dxy; \ + (cd $(srcdir)/doxyout && find $$a/man -type f > $$a/manpages ) ; \ + done + +install-data-hook: install-doxygen-manpage +uninstall-hook: uninstall-doxygen-manpage +dist-hook: doxygen + +install-doxygen-manpage: + for a in $(PROJECTS) ; do \ + f="$(srcdir)/doxyout/$$a/manpages" ; \ + test -f $$f || continue ; \ + echo "install $$a manual pages $$(wc -l < $$f)" ; \ + while read x ; do \ + section=`echo "$$x" | sed 's/.*\.\([0-9]\)/\1/'` ; \ + $(mkinstalldirs) "$(DESTDIR)$(mandir)/man$$section" ; \ + $(INSTALL_DATA) $(srcdir)/doxyout/$$x "$(DESTDIR)$(mandir)/man$$section" ; \ + done < $$f ; \ + done ; exit 0 + +uninstall-doxygen-manpage: + @for a in $(PROJECTS) ; do \ + f="$(srcdir)/doxyout/$$a/manpages" ; \ + test -f $$f || continue ; \ + echo "removing $$a manual pages" ; \ + while read x ; do \ + section=`echo "$$x" | sed 's/.*\.\([0-9]\)/\1/'` ; \ + base=`basename $$x` ; \ + rm "$(DESTDIR)$(mandir)/man$$section/$$base" ; \ + done < $$f ; \ + done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/doc/ack.texi b/crypto/heimdal/doc/ack.texi index 3c41f5000bc..e368d496a4f 100644 --- a/crypto/heimdal/doc/ack.texi +++ b/crypto/heimdal/doc/ack.texi @@ -1,6 +1,6 @@ -@c $Id: ack.texi 21228 2007-06-20 10:18:03Z lha $ +@c $Id$ -@node Acknowledgments, , Migration, Top +@node Acknowledgments, Copyrights and Licenses, Migration, Top @comment node-name, next, previous, up @appendix Acknowledgments @@ -36,36 +36,88 @@ The @code{pkcs11.h} headerfile was written by the Scute project. Bugfixes, documentation, encouragement, and code has been contributed by: @table @asis -@item Alexander Boström -@item Andreaw Bartlett -@item Björn Sandell +@item Alexander Boström +@item Allan McRae +@item Andrew Bartlett +@item Andrew Cobaugh +@item Andrew Tridge +@item Anton Lundin +@item Asanka Herath +@item Björn Grönvall +@item Björn Sandell +@item Björn Schlögl @item Brandon S. Allbery KF8NH @item Brian A May +@item Buck Huppmann +@item Cacdric Schieli @item Chaskiel M Grundman +@item Christos Zoulas @item Cizzi Storm @item Daniel Kouril @item David Love +@item David Markey +@item David R Boldt @item Derrick J Brashear +@item Donald Norwood @item Douglas E Engert @item Frank van der Linden +@item Gabor Gombas +@item Guido Günther +@item Guillaume Rousse +@item Harald Barth +@item Ingo Schwarze +@item Jacques A. Vidrine +@item Jaideep Padhye +@item Jan Rekorajski @item Jason McIntyre -@item Johan Ihrén +@item Jeffrey Altman +@item Jelmer Vernooij +@item Joerg Pulz +@item Johan Danielsson +@item Johan Gadsjö +@item Johan Ihrén +@item John Center @item Jun-ichiro itojun Hagino +@item KAMADA Ken'ichi +@item Kamen Mazdrashki +@item Karolin Seeger @item Ken Hornstein +@item Love Hörnquist Ã…strand +@item Luke Howard @item Magnus Ahltorp +@item Magnus Holmberg @item Marc Horowitz @item Mario Strasser @item Mark Eichin +@item Martin von Gagern +@item Matthias Dieter Wallnöfer +@item Matthieu Patou @item Mattias Amnefelt @item Michael B Allen @item Michael Fromberger @item Michal Vocu +@item Milosz Kmieciak @item Miroslav Ruda +@item Mustafa A. Hashmi +@item Nicolas Williams +@item Patrik Lundin @item Petr Holub @item Phil Fisher @item Rafal Malinowski +@item Ragnar Sundblad +@item Rainer Toebbicke @item Richard Nyberg -@item Åke Sandgren +@item Roland C. Dowdeswell +@item Roman Divacky +@item Russ Allbery +@item Sho Hosoda, ç´°ç”° å°† +@item Simon Wilkinson +@item Stefan Metzmacher +@item Ted Percival +@item Tom Payerle +@item Victor Guerra +@item Zeqing Xia +@item Ã…ke Sandgren @item and we hope that those not mentioned here will forgive us. @end table diff --git a/crypto/heimdal/doc/apps.texi b/crypto/heimdal/doc/apps.texi index 9d451b60cd7..98585c4d0a7 100644 --- a/crypto/heimdal/doc/apps.texi +++ b/crypto/heimdal/doc/apps.texi @@ -1,4 +1,4 @@ -@c $Id: apps.texi 22071 2007-11-14 20:04:50Z lha $ +@c $Id$ @node Applications, Things in search for a better place, Setting up a realm, Top @@ -174,6 +174,32 @@ For more information about AFS see OpenAFS @url{http://www.openafs.org/} and Arla @url{http://www.stacken.kth.se/projekt/arla/}. +@subsection kafs and afslog +@cindex afslog + +@manpage{afslog,1} will obtains AFS tokens for a number of cells. What cells to get +tokens for can either be specified as an explicit list, as file paths to +get tokens for, or be left unspecified, in which case will use whatever +magic @manpage{kafs,3} decides upon. + +If not told what cell to get credentials for, @manpage{kafs,3} will +search for the files ThisCell and TheseCells in the locations +specified in @manpage{kafs,3} and try to get tokens for these cells +and the cells specified in $HOME/.TheseCells. + +More usefully it will look at and ~/.TheseCells in your home directory +and for each line which is a cell get afs token for these cells. + +The TheseCells file defines the the cells to which applications on the +local client machine should try to aquire tokens for. It must reside in +the directories searched by @manpage{kafs,3} on every AFS client machine. + +The file is in ASCII format and contains one character string, the cell +name, per line. Cell names are case sensitive, but most cell names +are lower case. + +See manpage for @manpage{kafs,3} for search locations of ThisCell and TheseCells. + @subsection How to get a KeyFile @file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM} diff --git a/crypto/heimdal/doc/copyright.texi b/crypto/heimdal/doc/copyright.texi new file mode 100644 index 00000000000..490abbccee8 --- /dev/null +++ b/crypto/heimdal/doc/copyright.texi @@ -0,0 +1,518 @@ + +@macro copynext{} +@vskip 20pt plus 1fil +@end macro + +@macro copyrightstart{} +@end macro + +@macro copyrightend{} +@end macro + + +@node Copyrights and Licenses, , Acknowledgments, Top +@comment node-name, next, previous, up +@appendix Copyrights and Licenses + +@heading Kungliga Tekniska Högskolan + +@copyrightstart +@verbatim + +Copyright (c) 1997-2011 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Portions Copyright (c) 2009 Apple Inc. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Massachusetts Institute of Technology + +The parts of the libtelnet that handle Kerberos. + +@verbatim + +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America may +require a specific license from the United States Government. +It is the responsibility of any person or organization contemplating +export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +@end verbatim +@copynext + +@heading The Regents of the University of California + +The parts of the libroken, most of libtelnet, telnet, ftp, +and popper. + +@verbatim + +Copyright (c) 1988, 1990, 1993 + The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading The Regents of the University of California. + +libedit + +@verbatim + +Copyright (c) 1992, 1993 + The Regents of the University of California. All rights reserved. + +This code is derived from software contributed to Berkeley by +Christos Zoulas of Cornell University. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading TomsFastMath / LibTomMath + +Tom's fast math (bignum support) and LibTomMath + +@verbatim + +LibTomMath is hereby released into the Public Domain. + +@end verbatim + +@copynext + +@heading Doug Rabson + +GSS-API mechglue layer. + +@verbatim + +Copyright (c) 2005 Doug Rabson +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading PADL Software Pty Ltd + +@table @asis +@item GSS-API CFX, SPNEGO, naming extensions, API extensions. +@item KCM credential cache. +@item HDB LDAP backend. +@end table + +@verbatim + +Copyright (c) 2003-2011, PADL Software Pty Ltd. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of PADL Software nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Marko Kreen + +Fortuna in libhcrypto + +@verbatim + +Copyright (c) 2005 Marko Kreen +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@end verbatim +@copynext + +@heading NTT (Nippon Telegraph and Telephone Corporation) + +Camellia in libhcrypto + +@verbatim + +Copyright (c) 2006,2007 +NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer as + the first lines of this file unmodified. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +@end verbatim +@copynext + +@heading The NetBSD Foundation, Inc. + +vis.c in libroken + +@verbatim + +Copyright (c) 1999, 2005 The NetBSD Foundation, Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Vincent Rijmen, Antoon Bosselaers, Paulo Barreto + +AES in libhcrypto + +@verbatim + +rijndael-alg-fst.c + +@version 3.0 (December 2000) + +Optimised ANSI C code for the Rijndael cipher (now AES) + +@author Vincent Rijmen +@author Antoon Bosselaers +@author Paulo Barreto + +This code is hereby placed in the public domain. + +THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS +OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +@end verbatim +@copynext + +@heading Apple, Inc + +kdc/announce.c + +@verbatim + +Copyright (c) 2008 Apple Inc. All Rights Reserved. + +Export of this software from the United States of America may require +a specific license from the United States Government. It is the +responsibility of any person or organization contemplating export to +obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of Apple Inc. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. Apple Inc. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +@end verbatim + +@copynext + +@heading Richard Outerbridge + +DES core in libhcrypto + +@verbatim + +D3DES (V5.09) - + +A portable, public domain, version of the Data Encryption Standard. + +Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. +Thanks to: Dan Hoey for his excellent Initial and Inverse permutation +code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis +Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, +for humouring me on. + +Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. +(GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + + +@end verbatim + +@copynext + +@heading Secure Endpoints Inc + +Windows support + +@verbatim + +Copyright (c) 2009, Secure Endpoints Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +- Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + +@end verbatim + +@copynext + +@heading Novell, Inc + +lib/hcrypto/test_dh.c + +@verbatim + +Copyright (c) 2007, Novell, Inc. +Author: Matthias Koenig + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +* Neither the name of the Novell nor the names of its contributors may be used + to endorse or promote products derived from this software without specific + prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + + +@end verbatim + +@copyrightend diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/doxygen.css b/crypto/heimdal/doc/doxyout/gssapi/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/doxygen.png b/crypto/heimdal/doc/doxyout/gssapi/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/gssapi/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.html b/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.html new file mode 100644 index 00000000000..ccda6dbea63 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.html @@ -0,0 +1,88 @@ + + +HeimdalGSS-APIlibrary: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:17 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.png b/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/gssapi/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/group__gssapi.html b/crypto/heimdal/doc/doxyout/gssapi/html/group__gssapi.html new file mode 100644 index 00000000000..35a68c4dbd9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/group__gssapi.html @@ -0,0 +1,892 @@ + + +HeimdalGSS-APIlibrary: Heimdal GSS-API functions + + + +

+keyhole logo +

+ + + +
+

Heimdal GSS-API functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_add_oid_set_member (OM_uint32 *minor_status, const gss_OID member_oid, gss_OID_set *oid_set)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_wrap_iov (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_unwrap_iov (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_wrap_iov_length (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_release_iov_buffer (OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_canonicalize_name (OM_uint32 *minor_status, const gss_name_t input_name, const gss_OID mech_type, gss_name_t *output_name)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_import_name (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_init_sec_context (OM_uint32 *minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, const gss_name_t target_name, const gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_inquire_saslname_for_mech (OM_uint32 *minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_inquire_attrs_for_mech (OM_uint32 *minor_status, gss_const_OID mech, gss_OID_set *mech_attr, gss_OID_set *known_mech_attrs)
GSSAPI_LIB_FUNCTION int
+GSSAPI_LIB_CALL 		gss_oid_equal (gss_const_OID a, gss_const_OID b)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_release_cred (OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_release_name (OM_uint32 *minor_status, gss_name_t *input_name)
GSSAPI_LIB_FUNCTION OM_uint32
+GSSAPI_LIB_CALL 		gss_wrap (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer)

Variables

gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member (OM_uint32 *  minor_status,
const gss_OID  member_oid,
gss_OID_set *  oid_set 
)
+
+
+ +

+Add a oid to the oid set, function does not make a copy of the oid, so the pointer to member_oid needs to be stable for the whole time oid_set is used.

+If there is a duplicate member of the oid, the new member is not added to to the set.

+

Parameters:
+ + + + +
minor_status minor status code.
member_oid member to add to the oid set
oid_set oid set to add the member too
+
+
Returns:
a gss_error code, see gss_display_status() about printing the error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name (OM_uint32 *  minor_status,
const gss_name_t  input_name,
const gss_OID  mech_type,
gss_name_t *  output_name 
)
+
+
+ +

+gss_canonicalize_name takes a Internal Name (IN) and converts in into a mechanism specific Mechanism Name (MN).

+The input name may multiple name, or generic name types.

+If the input_name if of the GSS_C_NT_USER_NAME, and the Kerberos mechanism is specified, the resulting MN type is a GSS_KRB5_NT_PRINCIPAL_NAME.

+For more information about internalVSmechname.

+

Parameters:
+ + + + + +
minor_status minor status code.
input_name name to covert, unchanged by gss_canonicalize_name().
mech_type the type to convert Name too.
output_name the resulting type, release with gss_release_name(), independent of input_name.
+
+
Returns:
a gss_error code, see gss_display_status() about printing the error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name (OM_uint32 *  minor_status,
const gss_buffer_t  input_name_buffer,
const gss_OID  input_name_type,
gss_name_t *  output_name 
)
+
+
+ +

+Import a name internal or mechanism name

+Type of name and their format:

    +
  • GSS_C_NO_OID
  • GSS_C_NT_USER_NAME
  • GSS_C_NT_HOSTBASED_SERVICE
  • GSS_C_NT_EXPORT_NAME
  • GSS_C_NT_ANONYMOUS
  • GSS_KRB5_NT_PRINCIPAL_NAME
+

+For more information about internalVSmechname.

+

Parameters:
+ + + + + +
minor_status minor status code
input_name_buffer import name buffer
input_name_type type of the import name buffer
output_name the resulting type, release with gss_release_name(), independent of input_name
+
+
Returns:
a gss_error code, see gss_display_status() about printing the error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context (OM_uint32 *  minor_status,
const gss_cred_id_t  initiator_cred_handle,
gss_ctx_id_t *  context_handle,
const gss_name_t  target_name,
const gss_OID  input_mech_type,
OM_uint32  req_flags,
OM_uint32  time_req,
const gss_channel_bindings_t  input_chan_bindings,
const gss_buffer_t  input_token,
gss_OID *  actual_mech_type,
gss_buffer_t  output_token,
OM_uint32 *  ret_flags,
OM_uint32 *  time_rec 
)
+
+
+ +

+As the initiator build a context with an acceptor.

+Returns in the major

    +
  • GSS_S_COMPLETE - if the context if build
  • GSS_S_CONTINUE_NEEDED - if the caller needs to continue another round of gss_i nit_sec_context
  • error code - any other error code
+

+

Parameters:
+ + + + + + + + + + + + + + +
minor_status minor status code.
initiator_cred_handle the credential to use when building the context, if GSS_C_NO_CREDENTIAL is passed, the default credential for the mechanism will be used.
context_handle a pointer to a context handle, will be returned as long as there is not an error.
target_name the target name of acceptor, created using gss_import_name(). The name is can be of any name types the mechanism supports, check supported name types with gss_inquire_names_for_mech().
input_mech_type mechanism type to use, if GSS_C_NO_OID is used, Kerberos (GSS_KRB5_MECHANISM) will be tried. Other available mechanism are listed in the GSS-API mechanisms section.
req_flags flags using when building the context, see Context creation flags
time_req time requested this context should be valid in seconds, common used value is GSS_C_INDEFINITE
input_chan_bindings Channel bindings used, if not exepected otherwise, used GSS_C_NO_CHANNEL_BINDINGS
input_token input token sent from the acceptor, for the initial packet the buffer of { NULL, 0 } should be used.
actual_mech_type the actual mech used, MUST NOT be freed since it pointing to static memory.
output_token if there is an output token, regardless of complete, continue_needed, or error it should be sent to the acceptor
ret_flags return what flags was negotitated, caller should check if they are accetable. For example, if GSS_C_MUTUAL_FLAG was negotiated with the acceptor or not.
time_rec amount of time this context is valid for
+
+
Returns:
a gss_error code, see gss_display_status() about printing the error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_attrs_for_mech (OM_uint32 *  minor_status,
gss_const_OID  mech,
gss_OID_set *  mech_attr,
gss_OID_set *  known_mech_attrs 
)
+
+
+ +

+List support attributes for a mech and/or all mechanisms.

+

Parameters:
+ + + + + +
minor_status minor status code
mech given together with mech_attr will return the list of attributes for mechanism, can optionally be GSS_C_NO_OID.
mech_attr see mech parameter, can optionally be NULL, release with gss_release_oid_set().
known_mech_attrs all attributes for mechanisms supported, release with gss_release_oid_set().
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_saslname_for_mech (OM_uint32 *  minor_status,
const gss_OID  desired_mech,
gss_buffer_t  sasl_mech_name,
gss_buffer_t  mech_name,
gss_buffer_t  mech_description 
)
+
+
+ +

+Returns different protocol names and description of the mechanism.

+

Parameters:
+ + + + + + +
minor_status minor status code
desired_mech mech list query
sasl_mech_name SASL GS2 protocol name
mech_name gssapi protocol name
mech_description description of gssapi mech
+
+
Returns:
returns GSS_S_COMPLETE or a error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL gss_oid_equal (gss_const_OID  a,
gss_const_OID  b 
)
+
+
+ +

+Compare two GSS-API OIDs with each other.

+GSS_C_NO_OID matches nothing, not even it-self.

+

Parameters:
+ + + +
a first oid to compare
b second oid to compare
+
+
Returns:
non-zero when both oid are the same OID, zero when they are not the same.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred (OM_uint32 *  minor_status,
gss_cred_id_t *  cred_handle 
)
+
+
+ +

+Release a credentials

+Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will return a GSS_S_COMPLETE error code. On return cred_handle is set ot GSS_C_NO_CREDENTIAL.

+Example:

+

 gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+ major = gss_release_cred(&minor, &cred);
+

+

Parameters:
+ + + +
minor_status minor status return code, mech specific
cred_handle a pointer to the credential too release
+
+
Returns:
an gssapi error code
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_iov_buffer (OM_uint32 *  minor_status,
gss_iov_buffer_desc *  iov,
int  iov_count 
)
+
+
+ +

+Free all buffer allocated by gss_wrap_iov() or gss_unwrap_iov() by looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name (OM_uint32 *  minor_status,
gss_name_t *  input_name 
)
+
+
+ +

+Free a name

+import_name can point to NULL or be NULL, or a pointer to a gss_name_t structure. If it was a pointer to gss_name_t, the pointer will be set to NULL on success and failure.

+

Parameters:
+ + + +
minor_status minor status code
input_name name to free
+
+
Returns:
a gss_error code, see gss_display_status() about printing the error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap_iov (OM_uint32 *  minor_status,
gss_ctx_id_t  context_handle,
int *  conf_state,
gss_qop_t *  qop_state,
gss_iov_buffer_desc *  iov,
int  iov_count 
)
+
+
+ +

+Decrypt or verifies the signature on the data. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap (OM_uint32 *  minor_status,
const gss_ctx_id_t  context_handle,
int  conf_req_flag,
gss_qop_t  qop_req,
const gss_buffer_t  input_message_buffer,
int *  conf_state,
gss_buffer_t  output_message_buffer 
)
+
+
+ +

+Wrap a message using either confidentiality (encryption + signature) or sealing (signature).

+

Parameters:
+ + + + + + + + +
minor_status minor status code.
context_handle context handle.
conf_req_flag if non zero, confidentiality is requestd.
qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in.
input_message_buffer messages to wrap
conf_state returns non zero if confidentiality was honoured.
output_message_buffer the resulting buffer, release with gss_release_buffer().
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov (OM_uint32 *  minor_status,
gss_ctx_id_t  context_handle,
int  conf_req_flag,
gss_qop_t  qop_req,
int *  conf_state,
gss_iov_buffer_desc *  iov,
int  iov_count 
)
+
+
+ +

+Encrypts or sign the data.

+This is a more complicated version of gss_wrap(), it allows the caller to use AEAD data (signed header/trailer) and allow greater controll over where the encrypted data is placed.

+The maximum packet size is gss_context_stream_sizes.max_msg_size.

+The caller needs provide the folloing buffers when using in conf_req_flag=1 mode:

+

    +
  • HEADER (of size gss_context_stream_sizes.header) { DATA or SIGN_ONLY } (optional, zero or more) PADDING (of size gss_context_stream_sizes.blocksize, if zero padding is zero, can be omitted) TRAILER (of size gss_context_stream_sizes.trailer)
+

+

    +
  • on DCE-RPC mode, the caller can skip PADDING and TRAILER if the DATA elements is padded to a block bountry and header is of at least size gss_context_stream_sizes.header + gss_context_stream_sizes.trailer.
+

+HEADER, PADDING, TRAILER will be shrunken to the size required to transmit any of them too large.

+To generate gss_wrap() compatible packets, use: HEADER | DATA | PADDING | TRAILER

+When used in conf_req_flag=0,

+

    +
  • HEADER (of size gss_context_stream_sizes.header) { DATA or SIGN_ONLY } (optional, zero or more) PADDING (of size gss_context_stream_sizes.blocksize, if zero padding is zero, can be omitted) TRAILER (of size gss_context_stream_sizes.trailer)
+

+The input sizes of HEADER, PADDING and TRAILER can be fetched using gss_wrap_iov_length() or gss_context_query_attributes(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length (OM_uint32 *  minor_status,
gss_ctx_id_t  context_handle,
int  conf_req_flag,
gss_qop_t  qop_req,
int *  conf_state,
gss_iov_buffer_desc *  iov,
int  iov_count 
)
+
+
+ +

+Update the length fields in iov buffer for the types:

    +
  • GSS_IOV_BUFFER_TYPE_HEADER
  • GSS_IOV_BUFFER_TYPE_PADDING
  • GSS_IOV_BUFFER_TYPE_TRAILER
+

+Consider using gss_context_query_attributes() to fetch the data instead. +

+

+

Variable Documentation

+ +
+
+ + + + +
gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc
+
+
+ +

+Initial value:

+    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")}
+
Query the context for parameters.

+SSPI equivalent if this function is QueryContextAttributes.

+

    +
  • GSS_C_ATTR_STREAM_SIZES data is a gss_context_stream_sizes.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/gssapi_mechs_intro.html b/crypto/heimdal/doc/doxyout/gssapi/html/gssapi_mechs_intro.html new file mode 100644 index 00000000000..9480c95c7af --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/gssapi_mechs_intro.html @@ -0,0 +1,30 @@ + + +HeimdalGSS-APIlibrary: GSS-API mechanisms + + + +

+keyhole logo +

+ + + +
+

GSS-API mechanisms

+GSS-API mechanisms

+
    +
  • Kerberos 5 - GSS_KRB5_MECHANISM
  • SPNEGO - GSS_SPNEGO_MECHANISM
  • NTLM - GSS_NTLM_MECHANISM
+
+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/gssapi_services_intro.html b/crypto/heimdal/doc/doxyout/gssapi/html/gssapi_services_intro.html new file mode 100644 index 00000000000..e92217f4f05 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/gssapi_services_intro.html @@ -0,0 +1,43 @@ + + +HeimdalGSS-APIlibrary: Introduction to GSS-API services + + + +

+keyhole logo +

+ + + +
+

Introduction to GSS-API services

+GSS-API services

+

+Context creation

+
    +
  • delegation
  • mutual authentication
  • anonymous
  • use per message before context creation has completed
+

+return status:

    +
  • support conf
  • support int
+

+Context creation flags

+
    +
  • GSS_C_DELEG_FLAG
  • GSS_C_MUTUAL_FLAG
  • GSS_C_REPLAY_FLAG
  • GSS_C_SEQUENCE_FLAG
  • GSS_C_CONF_FLAG
  • GSS_C_INTEG_FLAG
  • GSS_C_ANON_FLAG
  • GSS_C_PROT_READY_FLAG
  • GSS_C_TRANS_FLAG
  • GSS_C_DCE_STYLE
  • GSS_C_IDENTIFY_FLAG
  • GSS_C_EXTENDED_ERROR_FLAG
  • GSS_C_DELEG_POLICY_FLAG
+

+Per-message services

+
    +
  • conf
  • int
  • message integrity
  • replay detection
  • out of sequence
+
+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/index.html b/crypto/heimdal/doc/doxyout/gssapi/html/index.html new file mode 100644 index 00000000000..a1a21dbfe9e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/index.html @@ -0,0 +1,36 @@ + + +HeimdalGSS-APIlibrary: Heimdal GSS-API Library + + + +

+keyhole logo +

+ + + +
+

Heimdal GSS-API Library

+

+

1.5.1

Heimdal implements the following mechanisms:

+

    +
  • Kerberos 5
  • SPNEGO
  • NTLM
+

+See GSS-API mechanisms for more describtion about these mechanisms.

+The project web page: http://www.h5l.org/

+

+
+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/internalvsmechname.html b/crypto/heimdal/doc/doxyout/gssapi/html/internalvsmechname.html new file mode 100644 index 00000000000..ae7591d85eb --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/internalvsmechname.html @@ -0,0 +1,36 @@ + + +HeimdalGSS-APIlibrary: Internal names and mechanism names + + + +

+keyhole logo +

+ + + +
+

Internal names and mechanism names

+Name forms

+There are two forms of name in GSS-API, Internal form and Contiguous string ("flat") form. gss_export_name() and gss_import_name() can be used to convert between the two forms.

+

    +
  • The contiguous string form is described by an oid specificing the type and an octet string. A special form of the contiguous string form is the exported name object. The exported name defined for each mechanism, is something that can be stored and complared later. The exported name is what should be used for ACLs comparisons.
+

+

    +
  • The Internal form
+

+There is also special form of the Internal Name (IN), and that is the Mechanism Name (MN). In the mechanism name all the generic information is stripped of and only contain the information for one mechanism. In GSS-API some function return MN and some require MN as input. Each of these function is marked up as such.

+Describe relationship between import_name, canonicalize_name, export_name and friends.

+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/modules.html b/crypto/heimdal/doc/doxyout/gssapi/html/modules.html new file mode 100644 index 00000000000..520850b7c0a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/modules.html @@ -0,0 +1,29 @@ + + +HeimdalGSS-APIlibrary: Module Index + + + +

+keyhole logo +

+ + + +
+

Modules

Here is a list of all modules: +
+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/pages.html b/crypto/heimdal/doc/doxyout/gssapi/html/pages.html new file mode 100644 index 00000000000..130a0574f4c --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/pages.html @@ -0,0 +1,34 @@ + + +HeimdalGSS-APIlibrary: Page Index + + + +

+keyhole logo +

+ + + +
+

Related Pages

Here is a list of all related documentation pages: +
+
+Generated on Fri Sep 30 15:26:16 2011 for HeimdalGSS-APIlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/tab_b.gif b/crypto/heimdal/doc/doxyout/gssapi/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/gssapi/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/tab_l.gif b/crypto/heimdal/doc/doxyout/gssapi/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/gssapi/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/tab_r.gif b/crypto/heimdal/doc/doxyout/gssapi/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/gssapi/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/gssapi/html/tabs.css b/crypto/heimdal/doc/doxyout/gssapi/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/__gss_c_attr_stream_sizes_oid_desc.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/__gss_c_attr_stream_sizes_oid_desc.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/__gss_c_attr_stream_sizes_oid_desc.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_add_oid_set_member.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_add_oid_set_member.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_add_oid_set_member.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_canonicalize_name.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_canonicalize_name.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_canonicalize_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_import_name.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_import_name.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_import_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_init_sec_context.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_init_sec_context.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_init_sec_context.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_inquire_attrs_for_mech.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_inquire_attrs_for_mech.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_inquire_attrs_for_mech.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_inquire_saslname_for_mech.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_inquire_saslname_for_mech.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_inquire_saslname_for_mech.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_oid_equal.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_oid_equal.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_oid_equal.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_cred.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_cred.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_cred.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_iov_buffer.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_iov_buffer.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_iov_buffer.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_name.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_name.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_release_name.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_unwrap_iov.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_unwrap_iov.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_unwrap_iov.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap_iov.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap_iov.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap_iov.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap_iov_length.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap_iov_length.3 new file mode 100644 index 00000000000..3dff74cffef --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gss_wrap_iov_length.3 @@ -0,0 +1 @@ +.so man3/gssapi.3 diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi.3 new file mode 100644 index 00000000000..1ad1c821eaf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi.3 @@ -0,0 +1,389 @@ +.TH "Heimdal GSS-API functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalGSS-APIlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal GSS-API functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_add_oid_set_member\fP (OM_uint32 *minor_status, const gss_OID member_oid, gss_OID_set *oid_set)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_wrap_iov\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_unwrap_iov\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_wrap_iov_length\fP (OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_release_iov_buffer\fP (OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_canonicalize_name\fP (OM_uint32 *minor_status, const gss_name_t input_name, const gss_OID mech_type, gss_name_t *output_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_import_name\fP (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t *output_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_init_sec_context\fP (OM_uint32 *minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t *context_handle, const gss_name_t target_name, const gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_inquire_saslname_for_mech\fP (OM_uint32 *minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_inquire_attrs_for_mech\fP (OM_uint32 *minor_status, gss_const_OID mech, gss_OID_set *mech_attr, gss_OID_set *known_mech_attrs)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL \fBgss_oid_equal\fP (gss_const_OID a, gss_const_OID b)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_release_cred\fP (OM_uint32 *minor_status, gss_cred_id_t *cred_handle)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_release_name\fP (OM_uint32 *minor_status, gss_name_t *input_name)" +.br +.ti -1c +.RI "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL \fBgss_wrap\fP (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer)" +.br +.in -1c +.SS "Variables" + +.in +1c +.ti -1c +.RI "gss_OID_desc GSSAPI_LIB_FUNCTION \fB__gss_c_attr_stream_sizes_oid_desc\fP" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member (OM_uint32 * minor_status, const gss_OID member_oid, gss_OID_set * oid_set)" +.PP +Add a oid to the oid set, function does not make a copy of the oid, so the pointer to member_oid needs to be stable for the whole time oid_set is used. +.PP +If there is a duplicate member of the oid, the new member is not added to to the set. +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code. +.br +\fImember_oid\fP member to add to the oid set +.br +\fIoid_set\fP oid set to add the member too +.RE +.PP +\fBReturns:\fP +.RS 4 +a gss_error code, see gss_display_status() about printing the error code. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name (OM_uint32 * minor_status, const gss_name_t input_name, const gss_OID mech_type, gss_name_t * output_name)" +.PP +gss_canonicalize_name takes a Internal Name (IN) and converts in into a mechanism specific Mechanism Name (MN). +.PP +The input name may multiple name, or generic name types. +.PP +If the input_name if of the GSS_C_NT_USER_NAME, and the Kerberos mechanism is specified, the resulting MN type is a GSS_KRB5_NT_PRINCIPAL_NAME. +.PP +For more information about \fBinternalVSmechname\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code. +.br +\fIinput_name\fP name to covert, unchanged by \fBgss_canonicalize_name()\fP. +.br +\fImech_type\fP the type to convert Name too. +.br +\fIoutput_name\fP the resulting type, release with \fBgss_release_name()\fP, independent of input_name. +.RE +.PP +\fBReturns:\fP +.RS 4 +a gss_error code, see gss_display_status() about printing the error code. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name (OM_uint32 * minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, gss_name_t * output_name)" +.PP +Import a name internal or mechanism name +.PP +Type of name and their format: +.IP "\(bu" 2 +GSS_C_NO_OID +.IP "\(bu" 2 +GSS_C_NT_USER_NAME +.IP "\(bu" 2 +GSS_C_NT_HOSTBASED_SERVICE +.IP "\(bu" 2 +GSS_C_NT_EXPORT_NAME +.IP "\(bu" 2 +GSS_C_NT_ANONYMOUS +.IP "\(bu" 2 +GSS_KRB5_NT_PRINCIPAL_NAME +.PP +.PP +For more information about \fBinternalVSmechname\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIinput_name_buffer\fP import name buffer +.br +\fIinput_name_type\fP type of the import name buffer +.br +\fIoutput_name\fP the resulting type, release with \fBgss_release_name()\fP, independent of input_name +.RE +.PP +\fBReturns:\fP +.RS 4 +a gss_error code, see gss_display_status() about printing the error code. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context (OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID input_mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID * actual_mech_type, gss_buffer_t output_token, OM_uint32 * ret_flags, OM_uint32 * time_rec)" +.PP +As the initiator build a context with an acceptor. +.PP +Returns in the major +.IP "\(bu" 2 +GSS_S_COMPLETE - if the context if build +.IP "\(bu" 2 +GSS_S_CONTINUE_NEEDED - if the caller needs to continue another round of gss_i nit_sec_context +.IP "\(bu" 2 +error code - any other error code +.PP +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code. +.br +\fIinitiator_cred_handle\fP the credential to use when building the context, if GSS_C_NO_CREDENTIAL is passed, the default credential for the mechanism will be used. +.br +\fIcontext_handle\fP a pointer to a context handle, will be returned as long as there is not an error. +.br +\fItarget_name\fP the target name of acceptor, created using \fBgss_import_name()\fP. The name is can be of any name types the mechanism supports, check supported name types with gss_inquire_names_for_mech(). +.br +\fIinput_mech_type\fP mechanism type to use, if GSS_C_NO_OID is used, Kerberos (GSS_KRB5_MECHANISM) will be tried. Other available mechanism are listed in the \fBGSS-API mechanisms\fP section. +.br +\fIreq_flags\fP flags using when building the context, see \fBContext creation flags\fP +.br +\fItime_req\fP time requested this context should be valid in seconds, common used value is GSS_C_INDEFINITE +.br +\fIinput_chan_bindings\fP Channel bindings used, if not exepected otherwise, used GSS_C_NO_CHANNEL_BINDINGS +.br +\fIinput_token\fP input token sent from the acceptor, for the initial packet the buffer of { NULL, 0 } should be used. +.br +\fIactual_mech_type\fP the actual mech used, MUST NOT be freed since it pointing to static memory. +.br +\fIoutput_token\fP if there is an output token, regardless of complete, continue_needed, or error it should be sent to the acceptor +.br +\fIret_flags\fP return what flags was negotitated, caller should check if they are accetable. For example, if GSS_C_MUTUAL_FLAG was negotiated with the acceptor or not. +.br +\fItime_rec\fP amount of time this context is valid for +.RE +.PP +\fBReturns:\fP +.RS 4 +a gss_error code, see gss_display_status() about printing the error code. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_attrs_for_mech (OM_uint32 * minor_status, gss_const_OID mech, gss_OID_set * mech_attr, gss_OID_set * known_mech_attrs)" +.PP +List support attributes for a mech and/or all mechanisms. +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fImech\fP given together with mech_attr will return the list of attributes for mechanism, can optionally be GSS_C_NO_OID. +.br +\fImech_attr\fP see mech parameter, can optionally be NULL, release with gss_release_oid_set(). +.br +\fIknown_mech_attrs\fP all attributes for mechanisms supported, release with gss_release_oid_set(). +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_saslname_for_mech (OM_uint32 * minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description)" +.PP +Returns different protocol names and description of the mechanism. +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIdesired_mech\fP mech list query +.br +\fIsasl_mech_name\fP SASL GS2 protocol name +.br +\fImech_name\fP gssapi protocol name +.br +\fImech_description\fP description of gssapi mech +.RE +.PP +\fBReturns:\fP +.RS 4 +returns GSS_S_COMPLETE or a error code. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL gss_oid_equal (gss_const_OID a, gss_const_OID b)" +.PP +Compare two GSS-API OIDs with each other. +.PP +GSS_C_NO_OID matches nothing, not even it-self. +.PP +\fBParameters:\fP +.RS 4 +\fIa\fP first oid to compare +.br +\fIb\fP second oid to compare +.RE +.PP +\fBReturns:\fP +.RS 4 +non-zero when both oid are the same OID, zero when they are not the same. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle)" +.PP +Release a credentials +.PP +Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will return a GSS_S_COMPLETE error code. On return cred_handle is set ot GSS_C_NO_CREDENTIAL. +.PP +Example: +.PP +.PP +.nf + gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; + major = gss_release_cred(&minor, &cred); +.fi +.PP +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status return code, mech specific +.br +\fIcred_handle\fP a pointer to the credential too release +.RE +.PP +\fBReturns:\fP +.RS 4 +an gssapi error code +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_iov_buffer (OM_uint32 * minor_status, gss_iov_buffer_desc * iov, int iov_count)" +.PP +Free all buffer allocated by \fBgss_wrap_iov()\fP or \fBgss_unwrap_iov()\fP by looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag. +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name (OM_uint32 * minor_status, gss_name_t * input_name)" +.PP +Free a name +.PP +import_name can point to NULL or be NULL, or a pointer to a gss_name_t structure. If it was a pointer to gss_name_t, the pointer will be set to NULL on success and failure. +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code +.br +\fIinput_name\fP name to free +.RE +.PP +\fBReturns:\fP +.RS 4 +a gss_error code, see gss_display_status() about printing the error code. +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap_iov (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int * conf_state, gss_qop_t * qop_state, gss_iov_buffer_desc * iov, int iov_count)" +.PP +Decrypt or verifies the signature on the data. +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int * conf_state, gss_buffer_t output_message_buffer)" +.PP +Wrap a message using either confidentiality (encryption + signature) or sealing (signature). +.PP +\fBParameters:\fP +.RS 4 +\fIminor_status\fP minor status code. +.br +\fIcontext_handle\fP context handle. +.br +\fIconf_req_flag\fP if non zero, confidentiality is requestd. +.br +\fIqop_req\fP type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in. +.br +\fIinput_message_buffer\fP messages to wrap +.br +\fIconf_state\fP returns non zero if confidentiality was honoured. +.br +\fIoutput_message_buffer\fP the resulting buffer, release with gss_release_buffer(). +.RE +.PP + +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int iov_count)" +.PP +Encrypts or sign the data. +.PP +This is a more complicated version of \fBgss_wrap()\fP, it allows the caller to use AEAD data (signed header/trailer) and allow greater controll over where the encrypted data is placed. +.PP +The maximum packet size is gss_context_stream_sizes.max_msg_size. +.PP +The caller needs provide the folloing buffers when using in conf_req_flag=1 mode: +.PP +.IP "\(bu" 2 +HEADER (of size gss_context_stream_sizes.header) { DATA or SIGN_ONLY } (optional, zero or more) PADDING (of size gss_context_stream_sizes.blocksize, if zero padding is zero, can be omitted) TRAILER (of size gss_context_stream_sizes.trailer) +.PP +.PP +.IP "\(bu" 2 +on DCE-RPC mode, the caller can skip PADDING and TRAILER if the DATA elements is padded to a block bountry and header is of at least size gss_context_stream_sizes.header + gss_context_stream_sizes.trailer. +.PP +.PP +HEADER, PADDING, TRAILER will be shrunken to the size required to transmit any of them too large. +.PP +To generate \fBgss_wrap()\fP compatible packets, use: HEADER | DATA | PADDING | TRAILER +.PP +When used in conf_req_flag=0, +.PP +.IP "\(bu" 2 +HEADER (of size gss_context_stream_sizes.header) { DATA or SIGN_ONLY } (optional, zero or more) PADDING (of size gss_context_stream_sizes.blocksize, if zero padding is zero, can be omitted) TRAILER (of size gss_context_stream_sizes.trailer) +.PP +.PP +The input sizes of HEADER, PADDING and TRAILER can be fetched using \fBgss_wrap_iov_length()\fP or gss_context_query_attributes(). +.SS "GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_iov_length (OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int * conf_state, gss_iov_buffer_desc * iov, int iov_count)" +.PP +Update the length fields in iov buffer for the types: +.IP "\(bu" 2 +GSS_IOV_BUFFER_TYPE_HEADER +.IP "\(bu" 2 +GSS_IOV_BUFFER_TYPE_PADDING +.IP "\(bu" 2 +GSS_IOV_BUFFER_TYPE_TRAILER +.PP +.PP +Consider using gss_context_query_attributes() to fetch the data instead. +.SH "Variable Documentation" +.PP +.SS "gss_OID_desc GSSAPI_LIB_FUNCTION \fB__gss_c_attr_stream_sizes_oid_desc\fP" +.PP +\fBInitial value:\fP +.PP +.nf + + {10, rk_UNCONST('\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03')} +.fi +Query the context for parameters. +.PP +SSPI equivalent if this function is QueryContextAttributes. +.PP +.IP "\(bu" 2 +GSS_C_ATTR_STREAM_SIZES data is a gss_context_stream_sizes. +.PP + diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi_mechs_intro.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi_mechs_intro.3 new file mode 100644 index 00000000000..821705e4f49 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi_mechs_intro.3 @@ -0,0 +1,15 @@ +.TH "gssapi_mechs_intro" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalGSS-APIlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +gssapi_mechs_intro \- GSS-API mechanisms +.SH "GSS-API mechanisms" +.PP +.IP "\(bu" 2 +Kerberos 5 - GSS_KRB5_MECHANISM +.IP "\(bu" 2 +SPNEGO - GSS_SPNEGO_MECHANISM +.IP "\(bu" 2 +NTLM - GSS_NTLM_MECHANISM +.PP + diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi_services_intro.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi_services_intro.3 new file mode 100644 index 00000000000..d43b2140740 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/gssapi_services_intro.3 @@ -0,0 +1,65 @@ +.TH "gssapi_services_intro" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalGSS-APIlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +gssapi_services_intro \- Introduction to GSS-API services +.SH "GSS-API services" +.PP +.SS "Context creation" +.IP "\(bu" 2 +delegation +.IP "\(bu" 2 +mutual authentication +.IP "\(bu" 2 +anonymous +.IP "\(bu" 2 +use per message before context creation has completed +.PP +.PP +return status: +.IP "\(bu" 2 +support conf +.IP "\(bu" 2 +support int +.PP +.SS "Context creation flags" +.IP "\(bu" 2 +GSS_C_DELEG_FLAG +.IP "\(bu" 2 +GSS_C_MUTUAL_FLAG +.IP "\(bu" 2 +GSS_C_REPLAY_FLAG +.IP "\(bu" 2 +GSS_C_SEQUENCE_FLAG +.IP "\(bu" 2 +GSS_C_CONF_FLAG +.IP "\(bu" 2 +GSS_C_INTEG_FLAG +.IP "\(bu" 2 +GSS_C_ANON_FLAG +.IP "\(bu" 2 +GSS_C_PROT_READY_FLAG +.IP "\(bu" 2 +GSS_C_TRANS_FLAG +.IP "\(bu" 2 +GSS_C_DCE_STYLE +.IP "\(bu" 2 +GSS_C_IDENTIFY_FLAG +.IP "\(bu" 2 +GSS_C_EXTENDED_ERROR_FLAG +.IP "\(bu" 2 +GSS_C_DELEG_POLICY_FLAG +.PP +.SS "Per-message services" +.IP "\(bu" 2 +conf +.IP "\(bu" 2 +int +.IP "\(bu" 2 +message integrity +.IP "\(bu" 2 +replay detection +.IP "\(bu" 2 +out of sequence +.PP + diff --git a/crypto/heimdal/doc/doxyout/gssapi/man/man3/internalvsmechname.3 b/crypto/heimdal/doc/doxyout/gssapi/man/man3/internalvsmechname.3 new file mode 100644 index 00000000000..4b4c66e3177 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/man/man3/internalvsmechname.3 @@ -0,0 +1,20 @@ +.TH "internalvsmechname" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalGSS-APIlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +internalvsmechname \- Internal names and mechanism names +.SH "Name forms" +.PP +There are two forms of name in GSS-API, Internal form and Contiguous string ('flat') form. gss_export_name() and \fBgss_import_name()\fP can be used to convert between the two forms. +.PP +.IP "\(bu" 2 +The contiguous string form is described by an oid specificing the type and an octet string. A special form of the contiguous string form is the exported name object. The exported name defined for each mechanism, is something that can be stored and complared later. The exported name is what should be used for ACLs comparisons. +.PP +.PP +.IP "\(bu" 2 +The Internal form +.PP +.PP +There is also special form of the Internal Name (IN), and that is the Mechanism Name (MN). In the mechanism name all the generic information is stripped of and only contain the information for one mechanism. In GSS-API some function return MN and some require MN as input. Each of these function is marked up as such. +.PP +Describe relationship between import_name, canonicalize_name, export_name and friends. diff --git a/crypto/heimdal/doc/doxyout/gssapi/manpages b/crypto/heimdal/doc/doxyout/gssapi/manpages new file mode 100644 index 00000000000..d55654dfaa9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/gssapi/manpages @@ -0,0 +1,19 @@ +gssapi/man/man3/__gss_c_attr_stream_sizes_oid_desc.3 +gssapi/man/man3/gss_add_oid_set_member.3 +gssapi/man/man3/gss_canonicalize_name.3 +gssapi/man/man3/gss_import_name.3 +gssapi/man/man3/gss_init_sec_context.3 +gssapi/man/man3/gss_inquire_attrs_for_mech.3 +gssapi/man/man3/gss_inquire_saslname_for_mech.3 +gssapi/man/man3/gss_oid_equal.3 +gssapi/man/man3/gss_release_cred.3 +gssapi/man/man3/gss_release_iov_buffer.3 +gssapi/man/man3/gss_release_name.3 +gssapi/man/man3/gss_unwrap_iov.3 +gssapi/man/man3/gss_wrap.3 +gssapi/man/man3/gss_wrap_iov.3 +gssapi/man/man3/gss_wrap_iov_length.3 +gssapi/man/man3/gssapi.3 +gssapi/man/man3/gssapi_mechs_intro.3 +gssapi/man/man3/gssapi_services_intro.3 +gssapi/man/man3/internalvsmechname.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/doxygen.css b/crypto/heimdal/doc/doxyout/hcrypto/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/doxygen.png b/crypto/heimdal/doc/doxyout/hcrypto/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hcrypto/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/example__evp__cipher_8c-example.html b/crypto/heimdal/doc/doxyout/hcrypto/html/example__evp__cipher_8c-example.html new file mode 100644 index 00000000000..cb89b668d7a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/example__evp__cipher_8c-example.html @@ -0,0 +1,173 @@ + + +Heimdal crypto library: example_evp_cipher.c + + + +

+keyhole logo +

+ + + +
+

example_evp_cipher.c

This is an example how to use EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex().

+

/*
+ * Copyright (c) 2008 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5-types.h> /* should really be stdint.h */
+#include <hcrypto/evp.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <err.h>
+#include <assert.h>
+
+#include "roken.h"
+
+/* key and initial vector */
+static char key[16] =
+    "\xaa\xbb\x45\xd4\xaa\xbb\x45\xd4"
+    "\xaa\xbb\x45\xd4\xaa\xbb\x45\xd4";
+static char ivec[16] =
+    "\xaa\xbb\x45\xd4\xaa\xbb\x45\xd4"
+    "\xaa\xbb\x45\xd4\xaa\xbb\x45\xd4";
+
+static void
+usage(int exit_code) __attribute__((noreturn));
+
+static void
+usage(int exit_code)
+{
+    printf("usage: %s in out\n", getprogname());
+    exit(exit_code);
+}
+
+
+int
+main(int argc, char **argv)
+{
+    int encryptp = 1;
+    const char *ifn = NULL, *ofn = NULL;
+    FILE *in, *out;
+    void *ibuf, *obuf;
+    int ilen, olen;
+    size_t block_size = 0;
+    const EVP_CIPHER *c = EVP_aes_128_cbc();
+    EVP_CIPHER_CTX ctx;
+    int ret;
+
+    setprogname(argv[0]);
+
+    if (argc == 2) {
+        if (strcmp(argv[1], "--version") == 0) {
+            printf("version");
+            exit(0);
+        }
+        if (strcmp(argv[1], "--help") == 0)
+            usage(0);
+        usage(1);
+    } else if (argc == 4) {
+        block_size = atoi(argv[1]);
+        if (block_size == 0)
+            errx(1, "invalid blocksize %s", argv[1]);
+        ifn = argv[2];
+        ofn = argv[3];
+    } else
+        usage(1);
+
+    in = fopen(ifn, "r");
+    if (in == NULL)
+        errx(1, "failed to open input file");
+    out = fopen(ofn, "w+");
+    if (out == NULL)
+        errx(1, "failed to open output file");
+
+    /* Check that key and ivec are long enough */
+    assert(EVP_CIPHER_key_length(c) <= sizeof(key));
+    assert(EVP_CIPHER_iv_length(c) <= sizeof(ivec));
+
+    /*
+     * Allocate buffer, the output buffer is at least
+     * EVP_CIPHER_block_size() longer
+     */
+    ibuf = malloc(block_size);
+    obuf = malloc(block_size + EVP_CIPHER_block_size(c));
+
+    /*
+     * Init the memory used for EVP_CIPHER_CTX and set the key and
+     * ivec.
+     */
+    EVP_CIPHER_CTX_init(&ctx);
+    EVP_CipherInit_ex(&ctx, c, NULL, key, ivec, encryptp);
+
+    /* read in buffer */
+    while ((ilen = fread(ibuf, 1, block_size, in)) > 0) {
+        /* encrypto/decrypt */
+        ret = EVP_CipherUpdate(&ctx, obuf, &olen, ibuf, ilen);
+        if (ret != 1) {
+            EVP_CIPHER_CTX_cleanup(&ctx);
+            errx(1, "EVP_CipherUpdate failed");
+        }
+        /* write out to output file */
+        fwrite(obuf, 1, olen, out);
+    }
+    /* done reading */
+    fclose(in);
+
+    /* clear up any last bytes left in the output buffer */
+    ret = EVP_CipherFinal_ex(&ctx, obuf, &olen);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    if (ret != 1)
+        errx(1, "EVP_CipherFinal_ex failed");
+
+    /* write the last bytes out and close */
+    fwrite(obuf, 1, olen, out);
+    fclose(out);
+
+    return 0;
+}
+
+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/examples.html b/crypto/heimdal/doc/doxyout/hcrypto/html/examples.html new file mode 100644 index 00000000000..d6a887c4b88 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/examples.html @@ -0,0 +1,29 @@ + + +Heimdal crypto library: Examples + + + +

+keyhole logo +

+ + + +
+

Examples

Here is a list of all examples: +
+
+Generated on Fri Sep 30 15:26:06 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.html b/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.html new file mode 100644 index 00000000000..2b5383bf753 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.html @@ -0,0 +1,88 @@ + + +Heimdal crypto library: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:06 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.png b/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hcrypto/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__core.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__core.html new file mode 100644 index 00000000000..5b2805884a1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__core.html @@ -0,0 +1,190 @@ + + +Heimdal crypto library: hcrypto function controlling behavior + + + +

+keyhole logo +

+ + + +
+

hcrypto function controlling behavior

+ + + + + + + + + + + + +

Functions

int EVP_CIPHER_CTX_rand_key (EVP_CIPHER_CTX *ctx, void *key)
int EVP_CIPHER_CTX_ctrl (EVP_CIPHER_CTX *ctx, int type, int arg, void *data)
void OpenSSL_add_all_algorithms (void)
void OpenSSL_add_all_algorithms_conf (void)
void OpenSSL_add_all_algorithms_noconf (void)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_CIPHER_CTX_ctrl (EVP_CIPHER_CTX *  ctx,
int  type,
int  arg,
void *  data 
)
+
+
+ +

+Perform a operation on a ctx

+

Parameters:
+ + + + + +
ctx context to perform operation on.
type type of operation.
arg argument to operation.
data addition data to operation.
+
+
Returns:
1 for success, 0 for failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int EVP_CIPHER_CTX_rand_key (EVP_CIPHER_CTX *  ctx,
void *  key 
)
+
+
+ +

+Generate a random key for the specificed EVP_CIPHER.

+

Parameters:
+ + + +
ctx EVP_CIPHER_CTX type to build the key for.
key return key, must be at least EVP_CIPHER_key_length() byte long.
+
+
Returns:
1 for success, 0 for failure.
+ +
+

+ +

+
+ + + + + + + + + +
void OpenSSL_add_all_algorithms (void   ) 
+
+
+ +

+Add all algorithms to the crypto core. +

+

+ +

+
+ + + + + + + + + +
void OpenSSL_add_all_algorithms_conf (void   ) 
+
+
+ +

+Add all algorithms to the crypto core using configuration file. +

+

+ +

+
+ + + + + + + + + +
void OpenSSL_add_all_algorithms_noconf (void   ) 
+
+
+ +

+Add all algorithms to the crypto core, but don't use the configuration file. +

+

+

+
+Generated on Fri Sep 30 15:26:05 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__des.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__des.html new file mode 100644 index 00000000000..0f9dc548098 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__des.html @@ -0,0 +1,910 @@ + + +Heimdal crypto library: DES crypto functions + + + +

+keyhole logo +

+ + + +
+

DES crypto functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

void DES_set_odd_parity (DES_cblock *key)
int HC_DEPRECATED DES_check_key_parity (DES_cblock *key)
int DES_is_weak_key (DES_cblock *key)
int HC_DEPRECATED DES_set_key (DES_cblock *key, DES_key_schedule *ks)
int DES_set_key_unchecked (DES_cblock *key, DES_key_schedule *ks)
int DES_set_key_checked (DES_cblock *key, DES_key_schedule *ks)
int DES_key_sched (DES_cblock *key, DES_key_schedule *ks)
void DES_encrypt (uint32_t u[2], DES_key_schedule *ks, int encp)
void DES_ecb_encrypt (DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int encp)
void DES_cbc_encrypt (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int encp)
void DES_pcbc_encrypt (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int encp)
void DES_ecb3_encrypt (DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, int encp)
void DES_ede3_cbc_encrypt (const void *in, void *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *iv, int encp)
void DES_cfb64_encrypt (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int *num, int encp)
uint32_t DES_cbc_cksum (const void *in, DES_cblock *output, long length, DES_key_schedule *ks, DES_cblock *iv)
void DES_string_to_key (const char *str, DES_cblock *key)
int HC_DEPRECATED DES_new_random_key (DES_cblock *key)
void HC_DEPRECATED DES_init_random_number_generator (DES_cblock *seed)
void HC_DEPRECATED DES_random_key (DES_cblock *key)
+

Detailed Description

+See the DES - Data Encryption Standard crypto interface for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
uint32_t DES_cbc_cksum (const void *  in,
DES_cblock *  output,
long  length,
DES_key_schedule *  ks,
DES_cblock *  iv 
)
+
+
+ +

+Crete a checksum using DES in CBC encryption mode. This mode is only used for Kerberos 4, and it should stay that way.

+The IV must always be diffrent for diffrent input data blocks.

+

Parameters:
+ + + + + + +
in data to checksum
output the checksum
length length of data
ks key schedule to use
iv initial vector to use
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void DES_cbc_encrypt (const void *  in,
void *  out,
long  length,
DES_key_schedule *  ks,
DES_cblock *  iv,
int  encp 
)
+
+
+ +

+Encrypt/decrypt a block using DES in Chain Block Cipher mode (cbc).

+The IV must always be diffrent for diffrent input data blocks.

+

Parameters:
+ + + + + + + +
in data to encrypt
out data to encrypt
length length of data
ks key schedule to use
iv initial vector to use
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void DES_cfb64_encrypt (const void *  in,
void *  out,
long  length,
DES_key_schedule *  ks,
DES_cblock *  iv,
int *  num,
int  encp 
)
+
+
+ +

+Encrypt/decrypt using DES in cipher feedback mode with 64 bit feedback.

+The IV must always be diffrent for diffrent input data blocks.

+

Parameters:
+ + + + + + + + +
in data to encrypt
out data to encrypt
length length of data
ks key schedule to use
iv initial vector to use
num offset into in cipher block encryption/decryption stop last time.
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + +
int HC_DEPRECATED DES_check_key_parity (DES_cblock *  key  ) 
+
+
+ +

+Check if the key have correct parity.

+

Parameters:
+ + +
key key to check the parity.
+
+
Returns:
1 on success, 0 on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void DES_ecb3_encrypt (DES_cblock *  input,
DES_cblock *  output,
DES_key_schedule *  ks1,
DES_key_schedule *  ks2,
DES_key_schedule *  ks3,
int  encp 
)
+
+
+ +

+Encrypt/decrypt a block using triple DES using EDE mode, encrypt/decrypt/encrypt.

+

Parameters:
+ + + + + + + +
input data to encrypt
output data to encrypt
ks1 key schedule to use
ks2 key schedule to use
ks3 key schedule to use
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void DES_ecb_encrypt (DES_cblock *  input,
DES_cblock *  output,
DES_key_schedule *  ks,
int  encp 
)
+
+
+ +

+Encrypt/decrypt a block using DES.

+

Parameters:
+ + + + + +
input data to encrypt
output data to encrypt
ks key schedule to use
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void DES_ede3_cbc_encrypt (const void *  in,
void *  out,
long  length,
DES_key_schedule *  ks1,
DES_key_schedule *  ks2,
DES_key_schedule *  ks3,
DES_cblock *  iv,
int  encp 
)
+
+
+ +

+Encrypt/decrypt using Triple DES in Chain Block Cipher mode (cbc).

+The IV must always be diffrent for diffrent input data blocks.

+

Parameters:
+ + + + + + + + + +
in data to encrypt
out data to encrypt
length length of data
ks1 key schedule to use
ks2 key schedule to use
ks3 key schedule to use
iv initial vector to use
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void DES_encrypt (uint32_t  u[2],
DES_key_schedule *  ks,
int  encp 
)
+
+
+ +

+Encrypt/decrypt a block using DES. Also called ECB mode

+

Parameters:
+ + + + +
u data to encrypt
ks key schedule to use
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + +
void HC_DEPRECATED DES_init_random_number_generator (DES_cblock *  seed  ) 
+
+
+ +

+Seed the random number generator. Deprecated, use RAND - random number

+

Parameters:
+ + +
seed a seed to seed that random number generate with.
+
+ +
+

+ +

+
+ + + + + + + + + +
int DES_is_weak_key (DES_cblock *  key  ) 
+
+
+ +

+Checks if the key is any of the weaks keys that makes DES attacks trival.

+

Parameters:
+ + +
key key to check.
+
+
Returns:
1 if the key is weak, 0 otherwise.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int DES_key_sched (DES_cblock *  key,
DES_key_schedule *  ks 
)
+
+
+ +

+Compatibility function for eay libdes, works just like DES_set_key_checked().

+

Parameters:
+ + + +
key a key to initialize the key schedule with.
ks a key schedule to initialize.
+
+
Returns:
0 on success, -1 on invalid parity, -2 on weak key.
+ +
+

+ +

+
+ + + + + + + + + +
int HC_DEPRECATED DES_new_random_key (DES_cblock *  key  ) 
+
+
+ +

+Generate a random des key using a random block, fixup parity and skip weak keys.

+

Parameters:
+ + +
key is set to a random key.
+
+
Returns:
0 on success, non zero on random number generator failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void DES_pcbc_encrypt (const void *  in,
void *  out,
long  length,
DES_key_schedule *  ks,
DES_cblock *  iv,
int  encp 
)
+
+
+ +

+Encrypt/decrypt a block using DES in Propagating Cipher Block Chaining mode. This mode is only used for Kerberos 4, and it should stay that way.

+The IV must always be diffrent for diffrent input data blocks.

+

Parameters:
+ + + + + + + +
in data to encrypt
out data to encrypt
length length of data
ks key schedule to use
iv initial vector to use
encp if non zero, encrypt. if zero, decrypt.
+
+ +
+

+ +

+
+ + + + + + + + + +
void HC_DEPRECATED DES_random_key (DES_cblock *  key  ) 
+
+
+ +

+Generate a random key, deprecated since it doesn't return an error code, use DES_new_random_key().

+

Parameters:
+ + +
key is set to a random key.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int HC_DEPRECATED DES_set_key (DES_cblock *  key,
DES_key_schedule *  ks 
)
+
+
+ +

+Setup a des key schedule from a key. Deprecated function, use DES_set_key_unchecked() or DES_set_key_checked() instead.

+

Parameters:
+ + + +
key a key to initialize the key schedule with.
ks a key schedule to initialize.
+
+
Returns:
0 on success
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int DES_set_key_checked (DES_cblock *  key,
DES_key_schedule *  ks 
)
+
+
+ +

+Just like DES_set_key_unchecked() except checking that the key is not weak for or have correct parity.

+

Parameters:
+ + + +
key a key to initialize the key schedule with.
ks a key schedule to initialize.
+
+
Returns:
0 on success, -1 on invalid parity, -2 on weak key.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int DES_set_key_unchecked (DES_cblock *  key,
DES_key_schedule *  ks 
)
+
+
+ +

+Setup a des key schedule from a key. The key is no longer needed after this transaction and can cleared.

+Does NOT check that the key is weak for or have wrong parity.

+

Parameters:
+ + + +
key a key to initialize the key schedule with.
ks a key schedule to initialize.
+
+
Returns:
0 on success
+ +
+

+ +

+
+ + + + + + + + + +
void DES_set_odd_parity (DES_cblock *  key  ) 
+
+
+ +

+Set the parity of the key block, used to generate a des key from a random key. See DES key generation.

+

Parameters:
+ + +
key key to fixup the parity for.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void DES_string_to_key (const char *  str,
DES_cblock *  key 
)
+
+
+ +

+Convert a string to a DES key. Use something like PKCS5_PBKDF2_HMAC_SHA1() to create key from passwords.

+

Parameters:
+ + + +
str The string to convert to a key
key the resulting key
+
+ +
+

+

+
+Generated on Fri Sep 30 15:26:05 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__dh.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__dh.html new file mode 100644 index 00000000000..8152b6479b0 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__dh.html @@ -0,0 +1,581 @@ + + +Heimdal crypto library: Diffie-Hellman functions + + + +

+keyhole logo +

+ + + +
+

Diffie-Hellman functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

const DH_METHOD * DH_ltm_method (void)
DH * DH_new (void)
DH * DH_new_method (ENGINE *engine)
void DH_free (DH *dh)
int DH_up_ref (DH *dh)
int DH_size (const DH *dh)
int DH_set_ex_data (DH *dh, int idx, void *data)
void * DH_get_ex_data (DH *dh, int idx)
int DH_generate_parameters_ex (DH *dh, int prime_len, int generator, BN_GENCB *cb)
int DH_check_pubkey (const DH *dh, const BIGNUM *pub_key, int *codes)
int DH_generate_key (DH *dh)
int DH_compute_key (unsigned char *shared_key, const BIGNUM *peer_pub_key, DH *dh)
int DH_set_method (DH *dh, const DH_METHOD *method)
const DH_METHOD * DH_null_method (void)
void DH_set_default_method (const DH_METHOD *meth)
const DH_METHOD * DH_get_default_method (void)
+

Detailed Description

+See the DH - Diffie-Hellman key exchange for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int DH_check_pubkey (const DH *  dh,
const BIGNUM *  pub_key,
int *  codes 
)
+
+
+ +

+Check that the public key is sane.

+

Parameters:
+ + + + +
dh the local peer DH parameters.
pub_key the remote peer public key parameters.
codes return that the failures of the pub_key are.
+
+
Returns:
1 on success, 0 on failure and *codes is set the the combined fail check for the public key
+ +

+Checks that the function performs are:

    +
  • pub_key is not negative
+

+

    +
  • pub_key > 1 and pub_key < p - 1, to avoid small subgroups attack.
+

+

    +
  • if g == 2, pub_key have more then one bit set, if bits set is 1, log_2(pub_key) is trival
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int DH_compute_key (unsigned char *  shared_key,
const BIGNUM *  peer_pub_key,
DH *  dh 
)
+
+
+ +

+Complute the shared secret key.

+

Parameters:
+ + + + +
shared_key the resulting shared key, need to be at least DH_size() large.
peer_pub_key the peer's public key.
dh the dh key pair.
+
+
Returns:
1 on success.
+ +

+Checks that the pubkey passed in is valid using DH_check_pubkey(). +

+

+ +

+
+ + + + + + + + + +
void DH_free (DH *  dh  ) 
+
+
+ +

+Free a DH object and release related resources, like ENGINE, that the object was using.

+

Parameters:
+ + +
dh object to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + +
int DH_generate_key (DH *  dh  ) 
+
+
+ +

+Generate a new DH private-public key pair. The dh parameter must be allocted first with DH_new(). dh->p and dp->g must be set.

+

Parameters:
+ + +
dh dh parameter.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int DH_generate_parameters_ex (DH *  dh,
int  prime_len,
int  generator,
BN_GENCB *  cb 
)
+
+
+ +

+Generate DH parameters for the DH object give parameters.

+

Parameters:
+ + + + + +
dh The DH object to generate parameters for.
prime_len length of the prime
generator generator, g
cb Callback parameters to show progress, can be NULL.
+
+
Returns:
the maximum size in bytes of the out data.
+ +
+

+ +

+
+ + + + + + + + + +
const DH_METHOD* DH_get_default_method (void   ) 
+
+
+ +

+Return the default DH implementation.

+

Returns:
pointer to a DH_METHOD.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void* DH_get_ex_data (DH *  dh,
int  idx 
)
+
+
+ +

+Get the data for index idx in the DH object.

+

Parameters:
+ + + +
dh DH object.
idx index to get the data for.
+
+
Returns:
the object store in index idx
+ +
+

+ +

+
+ + + + + + + + + +
const DH_METHOD* DH_ltm_method (void   ) 
+
+
+ +

+DH implementation using libtommath.

+

Returns:
the DH_METHOD for the DH implementation using libtommath.
+ +
+

+ +

+
+ + + + + + + + + +
DH* DH_new (void   ) 
+
+
+ +

+Create a new DH object using DH_new_method(NULL), see DH_new_method().

+

Returns:
a newly allocated DH object.
+ +
+

+ +

+
+ + + + + + + + + +
DH* DH_new_method (ENGINE *  engine  ) 
+
+
+ +

+Create a new DH object from the given engine, if the NULL is used, the default engine is used. Free the DH object with DH_free().

+

Parameters:
+ + +
engine The engine to use to allocate the DH object.
+
+
Returns:
a newly allocated DH object.
+ +
+

+ +

+
+ + + + + + + + + +
const DH_METHOD* DH_null_method (void   ) 
+
+
+ +

+Return the dummy DH implementation.

+

Returns:
pointer to a DH_METHOD.
+ +
+

+ +

+
+ + + + + + + + + +
void DH_set_default_method (const DH_METHOD *  meth  ) 
+
+
+ +

+Set the default DH implementation.

+

Parameters:
+ + +
meth pointer to a DH_METHOD.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int DH_set_ex_data (DH *  dh,
int  idx,
void *  data 
)
+
+
+ +

+Set the data index idx in the DH object to data.

+

Parameters:
+ + + + +
dh DH object.
idx index to set the data for.
data data to store for the index idx.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int DH_set_method (DH *  dh,
const DH_METHOD *  method 
)
+
+
+ +

+Set a new method for the DH keypair.

+

Parameters:
+ + + +
dh dh parameter.
method the new method for the DH parameter.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + +
int DH_size (const DH *  dh  ) 
+
+
+ +

+The maximum output size of the DH_compute_key() function.

+

Parameters:
+ + +
dh The DH object to get the size from.
+
+
Returns:
the maximum size in bytes of the out data.
+ +
+

+ +

+
+ + + + + + + + + +
int DH_up_ref (DH *  dh  ) 
+
+
+ +

+Add a reference to the DH object. The object should be free with DH_free() to drop the reference.

+

Parameters:
+ + +
dh the object to increase the reference count too.
+
+
Returns:
the updated reference count, can't safely be used except for debug printing.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__evp.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__evp.html new file mode 100644 index 00000000000..109fbd7c326 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__evp.html @@ -0,0 +1,2366 @@ + + +Heimdal crypto library: EVP generic crypto functions + + + +

+keyhole logo +

+ + + +
+

EVP generic crypto functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

const EVP_CIPHER * EVP_wincrypt_des_ede3_cbc (void)
const EVP_CIPHER * EVP_hcrypto_aes_128_cbc (void)
const EVP_CIPHER * EVP_hcrypto_aes_192_cbc (void)
const EVP_CIPHER * EVP_hcrypto_aes_256_cbc (void)
const EVP_CIPHER * EVP_hcrypto_aes_128_cfb8 (void)
const EVP_CIPHER * EVP_hcrypto_aes_192_cfb8 (void)
const EVP_CIPHER * EVP_hcrypto_aes_256_cfb8 (void)
const EVP_MD * EVP_hcrypto_sha256 (void)
const EVP_MD * EVP_hcrypto_sha384 (void)
const EVP_MD * EVP_hcrypto_sha512 (void)
const EVP_MD * EVP_hcrypto_sha1 (void)
const EVP_MD * EVP_hcrypto_md5 (void)
const EVP_MD * EVP_hcrypto_md4 (void)
const EVP_MD * EVP_hcrypto_md2 (void)
const EVP_CIPHER * EVP_hcrypto_des_cbc (void)
const EVP_CIPHER * EVP_hcrypto_des_ede3_cbc (void)
const EVP_CIPHER * EVP_hcrypto_rc2_cbc (void)
const EVP_CIPHER * EVP_hcrypto_rc2_40_cbc (void)
const EVP_CIPHER * EVP_hcrypto_rc2_64_cbc (void)
const EVP_CIPHER * EVP_hcrypto_camellia_128_cbc (void)
const EVP_CIPHER * EVP_hcrypto_camellia_192_cbc (void)
const EVP_CIPHER * EVP_hcrypto_camellia_256_cbc (void)
size_t EVP_MD_size (const EVP_MD *md)
size_t EVP_MD_block_size (const EVP_MD *md)
EVP_MD_CTX * EVP_MD_CTX_create (void)
void EVP_MD_CTX_init (EVP_MD_CTX *ctx) HC_DEPRECATED
void EVP_MD_CTX_destroy (EVP_MD_CTX *ctx)
int EVP_MD_CTX_cleanup (EVP_MD_CTX *ctx) HC_DEPRECATED
const EVP_MD * EVP_MD_CTX_md (EVP_MD_CTX *ctx)
size_t EVP_MD_CTX_size (EVP_MD_CTX *ctx)
size_t EVP_MD_CTX_block_size (EVP_MD_CTX *ctx)
int EVP_DigestInit_ex (EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)
int EVP_DigestUpdate (EVP_MD_CTX *ctx, const void *data, size_t size)
int EVP_DigestFinal_ex (EVP_MD_CTX *ctx, void *hash, unsigned int *size)
int EVP_Digest (const void *data, size_t dsize, void *hash, unsigned int *hsize, const EVP_MD *md, ENGINE *engine)
const EVP_MD * EVP_sha256 (void)
const EVP_MD * EVP_sha384 (void)
const EVP_MD * EVP_sha512 (void)
const EVP_MD * EVP_sha1 (void)
const EVP_MD * EVP_sha (void)
const EVP_MD * EVP_md5 (void)
const EVP_MD * EVP_md4 (void)
const EVP_MD * EVP_md2 (void)
const EVP_MD * EVP_md_null (void)
size_t EVP_CIPHER_block_size (const EVP_CIPHER *c)
size_t EVP_CIPHER_key_length (const EVP_CIPHER *c)
size_t EVP_CIPHER_iv_length (const EVP_CIPHER *c)
void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX *c)
int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX *c)
int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX *c, int length)
const EVP_CIPHER * EVP_CIPHER_CTX_cipher (EVP_CIPHER_CTX *ctx)
size_t EVP_CIPHER_CTX_block_size (const EVP_CIPHER_CTX *ctx)
size_t EVP_CIPHER_CTX_key_length (const EVP_CIPHER_CTX *ctx)
size_t EVP_CIPHER_CTX_iv_length (const EVP_CIPHER_CTX *ctx)
unsigned long EVP_CIPHER_CTX_flags (const EVP_CIPHER_CTX *ctx)
int EVP_CIPHER_CTX_mode (const EVP_CIPHER_CTX *ctx)
void * EVP_CIPHER_CTX_get_app_data (EVP_CIPHER_CTX *ctx)
void EVP_CIPHER_CTX_set_app_data (EVP_CIPHER_CTX *ctx, void *data)
int EVP_CipherInit_ex (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp)
int EVP_CipherUpdate (EVP_CIPHER_CTX *ctx, void *out, int *outlen, void *in, size_t inlen)
int EVP_CipherFinal_ex (EVP_CIPHER_CTX *ctx, void *out, int *outlen)
const EVP_CIPHER * EVP_enc_null (void)
const EVP_CIPHER * EVP_rc2_cbc (void)
const EVP_CIPHER * EVP_rc2_40_cbc (void)
const EVP_CIPHER * EVP_rc2_64_cbc (void)
const EVP_CIPHER * EVP_rc4 (void)
const EVP_CIPHER * EVP_rc4_40 (void)
const EVP_CIPHER * EVP_des_cbc (void)
const EVP_CIPHER * EVP_des_ede3_cbc (void)
const EVP_CIPHER * EVP_aes_128_cbc (void)
const EVP_CIPHER * EVP_aes_192_cbc (void)
const EVP_CIPHER * EVP_aes_256_cbc (void)
const EVP_CIPHER * EVP_aes_128_cfb8 (void)
const EVP_CIPHER * EVP_aes_192_cfb8 (void)
const EVP_CIPHER * EVP_aes_256_cfb8 (void)
const EVP_CIPHER * EVP_camellia_128_cbc (void)
const EVP_CIPHER * EVP_camellia_192_cbc (void)
const EVP_CIPHER * EVP_camellia_256_cbc (void)
const EVP_CIPHER * EVP_get_cipherbyname (const char *name)
int EVP_BytesToKey (const EVP_CIPHER *type, const EVP_MD *md, const void *salt, const void *data, size_t datalen, unsigned int count, void *keydata, void *ivdata)
+

Detailed Description

+See the EVP - generic crypto interface for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + +
const EVP_CIPHER* EVP_aes_128_cbc (void   ) 
+
+
+ +

+The AES-128 cipher type

+

Returns:
the AES-128 EVP_CIPHER pointer.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_aes_128_cfb8 (void   ) 
+
+
+ +

+The AES-128 cipher type

+

Returns:
the AES-128 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_aes_192_cbc (void   ) 
+
+
+ +

+The AES-192 cipher type

+

Returns:
the AES-192 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_aes_192_cfb8 (void   ) 
+
+
+ +

+The AES-192 cipher type

+

Returns:
the AES-192 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_aes_256_cbc (void   ) 
+
+
+ +

+The AES-256 cipher type

+

Returns:
the AES-256 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_aes_256_cfb8 (void   ) 
+
+
+ +

+The AES-256 cipher type

+

Returns:
the AES-256 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_BytesToKey (const EVP_CIPHER *  type,
const EVP_MD *  md,
const void *  salt,
const void *  data,
size_t  datalen,
unsigned int  count,
void *  keydata,
void *  ivdata 
)
+
+
+ +

+Provides a legancy string to key function, used in PEM files.

+New protocols should use new string to key functions like NIST SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()).

+

Parameters:
+ + + + + + + + + +
type type of cipher to use
md message digest to use
salt salt salt string, should be an binary 8 byte buffer.
data the password/input key string.
datalen length of data parameter.
count iteration counter.
keydata output keydata, needs to of the size EVP_CIPHER_key_length().
ivdata output ivdata, needs to of the size EVP_CIPHER_block_size().
+
+
Returns:
the size of derived key.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_camellia_128_cbc (void   ) 
+
+
+ +

+The Camellia-128 cipher type

+

Returns:
the Camellia-128 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_camellia_192_cbc (void   ) 
+
+
+ +

+The Camellia-198 cipher type

+

Returns:
the Camellia-198 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_camellia_256_cbc (void   ) 
+
+
+ +

+The Camellia-256 cipher type

+

Returns:
the Camellia-256 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_CIPHER_block_size (const EVP_CIPHER *  c  ) 
+
+
+ +

+Return the block size of the cipher.

+

Parameters:
+ + +
c cipher to get the block size from.
+
+
Returns:
the block size of the cipher.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + +
size_t EVP_CIPHER_CTX_block_size (const EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Return the block size of the cipher context.

+

Parameters:
+ + +
ctx cipher context to get the block size from.
+
+
Returns:
the block size of the cipher context.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_CIPHER_CTX_cipher (EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Return the EVP_CIPHER for a EVP_CIPHER_CTX context.

+

Parameters:
+ + +
ctx the context to get the cipher type from.
+
+
Returns:
the EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX *  c  ) 
+
+
+ +

+Clean up the EVP_CIPHER_CTX context.

+

Parameters:
+ + +
c the cipher to clean up.
+
+
Returns:
1 on success.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + +
unsigned long EVP_CIPHER_CTX_flags (const EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Get the flags for an EVP_CIPHER_CTX context.

+

Parameters:
+ + +
ctx the EVP_CIPHER_CTX to get the flags from
+
+
Returns:
the flags for an EVP_CIPHER_CTX.
+ +
+

+ +

+
+ + + + + + + + + +
void* EVP_CIPHER_CTX_get_app_data (EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Get the app data for an EVP_CIPHER_CTX context.

+

Parameters:
+ + +
ctx the EVP_CIPHER_CTX to get the app data from
+
+
Returns:
the app data for an EVP_CIPHER_CTX.
+ +
+

+ +

+
+ + + + + + + + + +
void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX *  c  ) 
+
+
+ +

+Initiate a EVP_CIPHER_CTX context. Clean up with EVP_CIPHER_CTX_cleanup().

+

Parameters:
+ + +
c the cipher initiate.
+
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + +
size_t EVP_CIPHER_CTX_iv_length (const EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Return the IV size of the cipher context.

+

Parameters:
+ + +
ctx cipher context to get the IV size from.
+
+
Returns:
the IV size of the cipher context.
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_CIPHER_CTX_key_length (const EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Return the key size of the cipher context.

+

Parameters:
+ + +
ctx cipher context to get the key size from.
+
+
Returns:
the key size of the cipher context.
+ +
+

+ +

+
+ + + + + + + + + +
int EVP_CIPHER_CTX_mode (const EVP_CIPHER_CTX *  ctx  ) 
+
+
+ +

+Get the mode for an EVP_CIPHER_CTX context.

+

Parameters:
+ + +
ctx the EVP_CIPHER_CTX to get the mode from
+
+
Returns:
the mode for an EVP_CIPHER_CTX.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void EVP_CIPHER_CTX_set_app_data (EVP_CIPHER_CTX *  ctx,
void *  data 
)
+
+
+ +

+Set the app data for an EVP_CIPHER_CTX context.

+

Parameters:
+ + + +
ctx the EVP_CIPHER_CTX to set the app data for
data the app data to set for an EVP_CIPHER_CTX.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX *  c,
int  length 
)
+
+
+ +

+If the cipher type supports it, change the key length

+

Parameters:
+ + + +
c the cipher context to change the key length for
length new key length
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_CIPHER_iv_length (const EVP_CIPHER *  c  ) 
+
+
+ +

+Return the IV size of the cipher.

+

Parameters:
+ + +
c cipher to get the IV size from.
+
+
Returns:
the IV size of the cipher.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + +
size_t EVP_CIPHER_key_length (const EVP_CIPHER *  c  ) 
+
+
+ +

+Return the key size of the cipher.

+

Parameters:
+ + +
c cipher to get the key size from.
+
+
Returns:
the key size of the cipher.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_CipherFinal_ex (EVP_CIPHER_CTX *  ctx,
void *  out,
int *  outlen 
)
+
+
+ +

+Encipher/decipher final data

+

Parameters:
+ + + + +
ctx the cipher context.
out output data from the operation.
outlen output length
+
+The input length needs to be at least EVP_CIPHER_block_size() bytes long.

+See EVP Cipher for an example how to use this function.

+

Returns:
1 on success.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_CipherInit_ex (EVP_CIPHER_CTX *  ctx,
const EVP_CIPHER *  c,
ENGINE *  engine,
const void *  key,
const void *  iv,
int  encp 
)
+
+
+ +

+Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. Clean up with EVP_CIPHER_CTX_cleanup().

+

Parameters:
+ + + + + + + +
ctx context to initiate
c cipher to use.
engine crypto engine to use, NULL to select default.
key the crypto key to use, NULL will use the previous value.
iv the IV to use, NULL will use the previous value.
encp non zero will encrypt, -1 use the previous value.
+
+
Returns:
1 on success.
+
Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_CipherUpdate (EVP_CIPHER_CTX *  ctx,
void *  out,
int *  outlen,
void *  in,
size_t  inlen 
)
+
+
+ +

+Encipher/decipher partial data

+

Parameters:
+ + + + + + +
ctx the cipher context.
out output data from the operation.
outlen output length
in input data to the operation.
inlen length of data.
+
+The output buffer length should at least be EVP_CIPHER_block_size() byte longer then the input length.

+See EVP Cipher for an example how to use this function.

+

Returns:
1 on success.
+ +

+If there in no spare bytes in the left from last Update and the input length is on the block boundery, the EVP_CipherUpdate() function can take a shortcut (and preformance gain) and directly encrypt the data, otherwise we hav to fix it up and store extra it the EVP_CIPHER_CTX.

Examples:
+example_evp_cipher.c.
+
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_des_cbc (void   ) 
+
+
+ +

+The DES cipher type

+

Returns:
the DES-CBC EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_des_ede3_cbc (void   ) 
+
+
+ +

+The tripple DES cipher type

+

Returns:
the DES-EDE3-CBC EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_Digest (const void *  data,
size_t  dsize,
void *  hash,
unsigned int *  hsize,
const EVP_MD *  md,
ENGINE *  engine 
)
+
+
+ +

+Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() dance in one call.

+

Parameters:
+ + + + + + + +
data the data to update the context with
dsize length of data
hash output data of at least EVP_MD_size() length.
hsize output length of hash.
md message digest to use
engine engine to use, NULL for default engine.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_DigestFinal_ex (EVP_MD_CTX *  ctx,
void *  hash,
unsigned int *  size 
)
+
+
+ +

+Complete the message digest.

+

Parameters:
+ + + + +
ctx the context to complete.
hash the output of the message digest function. At least EVP_MD_size().
size the output size of hash.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_DigestInit_ex (EVP_MD_CTX *  ctx,
const EVP_MD *  md,
ENGINE *  engine 
)
+
+
+ +

+Init a EVP_MD_CTX for use a specific message digest and engine.

+

Parameters:
+ + + + +
ctx the message digest context to init.
md the message digest to use.
engine the engine to use, NULL to use the default engine.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int EVP_DigestUpdate (EVP_MD_CTX *  ctx,
const void *  data,
size_t  size 
)
+
+
+ +

+Update the digest with some data.

+

Parameters:
+ + + + +
ctx the context to update
data the data to update the context with
size length of data
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_enc_null (void   ) 
+
+
+ +

+The NULL cipher type, does no encryption/decryption.

+

Returns:
the null EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_get_cipherbyname (const char *  name  ) 
+
+
+ +

+Get the cipher type using their name.

+

Parameters:
+ + +
name the name of the cipher.
+
+
Returns:
the selected EVP_CIPHER pointer or NULL if not found.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_aes_128_cbc (void   ) 
+
+
+ +

+The AES-128 cipher type (hcrypto)

+

Returns:
the AES-128 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_aes_128_cfb8 (void   ) 
+
+
+ +

+The AES-128 CFB8 cipher type (hcrypto)

+

Returns:
the AES-128 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_aes_192_cbc (void   ) 
+
+
+ +

+The AES-192 cipher type (hcrypto)

+

Returns:
the AES-192 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_aes_192_cfb8 (void   ) 
+
+
+ +

+The AES-192 CFB8 cipher type (hcrypto)

+

Returns:
the AES-192 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_aes_256_cbc (void   ) 
+
+
+ +

+The AES-256 cipher type (hcrypto)

+

Returns:
the AES-256 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_aes_256_cfb8 (void   ) 
+
+
+ +

+The AES-256 CFB8 cipher type (hcrypto)

+

Returns:
the AES-256 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_camellia_128_cbc (void   ) 
+
+
+ +

+The Camellia-128 cipher type - hcrypto

+

Returns:
the Camellia-128 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_camellia_192_cbc (void   ) 
+
+
+ +

+The Camellia-198 cipher type - hcrypto

+

Returns:
the Camellia-198 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_camellia_256_cbc (void   ) 
+
+
+ +

+The Camellia-256 cipher type - hcrypto

+

Returns:
the Camellia-256 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_des_cbc (void   ) 
+
+
+ +

+The DES cipher type

+

Returns:
the DES-CBC EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_des_ede3_cbc (void   ) 
+
+
+ +

+The tripple DES cipher type - hcrypto

+

Returns:
the DES-EDE3-CBC EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_md2 (void   ) 
+
+
+ +

+The message digest MD2 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_md4 (void   ) 
+
+
+ +

+The message digest MD4 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_md5 (void   ) 
+
+
+ +

+The message digest MD5 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_rc2_40_cbc (void   ) 
+
+
+ +

+The RC2-40 cipher type

+

Returns:
the RC2-40 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_rc2_64_cbc (void   ) 
+
+
+ +

+The RC2-64 cipher type

+

Returns:
the RC2-64 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_hcrypto_rc2_cbc (void   ) 
+
+
+ +

+The RC2 cipher type - hcrypto

+

Returns:
the RC2 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_sha1 (void   ) 
+
+
+ +

+The message digest SHA1 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_sha256 (void   ) 
+
+
+ +

+The message digest SHA256 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_sha384 (void   ) 
+
+
+ +

+The message digest SHA384 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_hcrypto_sha512 (void   ) 
+
+
+ +

+The message digest SHA512 - hcrypto

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_md2 (void   ) 
+
+
+ +

+The message digest MD2

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_md4 (void   ) 
+
+
+ +

+The message digest MD4

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_md5 (void   ) 
+
+
+ +

+The message digest MD5

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_MD_block_size (const EVP_MD *  md  ) 
+
+
+ +

+Return the blocksize of the message digest function.

+

Parameters:
+ + +
md the evp message
+
+
Returns:
size size of the message digest block size
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_MD_CTX_block_size (EVP_MD_CTX *  ctx  ) 
+
+
+ +

+Return the blocksize of the message digest function.

+

Parameters:
+ + +
ctx the evp message digest context
+
+
Returns:
size size of the message digest block size
+ +
+

+ +

+
+ + + + + + + + + +
int EVP_MD_CTX_cleanup (EVP_MD_CTX *  ctx  ) 
+
+
+ +

+Free the resources used by the EVP_MD context.

+

Parameters:
+ + +
ctx the context to free the resources from.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + +
EVP_MD_CTX* EVP_MD_CTX_create (void   ) 
+
+
+ +

+Allocate a messsage digest context object. Free with EVP_MD_CTX_destroy().

+

Returns:
a newly allocated message digest context object.
+ +
+

+ +

+
+ + + + + + + + + +
void EVP_MD_CTX_destroy (EVP_MD_CTX *  ctx  ) 
+
+
+ +

+Free a messsage digest context object.

+

Parameters:
+ + +
ctx context to free.
+
+ +
+

+ +

+
+ + + + + + + + + +
void EVP_MD_CTX_init (EVP_MD_CTX *  ctx  ) 
+
+
+ +

+Initiate a messsage digest context object. Deallocate with EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead.

+

Parameters:
+ + +
ctx variable to initiate.
+
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_MD_CTX_md (EVP_MD_CTX *  ctx  ) 
+
+
+ +

+Get the EVP_MD use for a specified context.

+

Parameters:
+ + +
ctx the EVP_MD context to get the EVP_MD for.
+
+
Returns:
the EVP_MD used for the context.
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_MD_CTX_size (EVP_MD_CTX *  ctx  ) 
+
+
+ +

+Return the output size of the message digest function.

+

Parameters:
+ + +
ctx the evp message digest context
+
+
Returns:
size output size of the message digest function.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_md_null (void   ) 
+
+
+ +

+The null message digest

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
size_t EVP_MD_size (const EVP_MD *  md  ) 
+
+
+ +

+Return the output size of the message digest function.

+

Parameters:
+ + +
md the evp message
+
+
Returns:
size output size of the message digest function.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_rc2_40_cbc (void   ) 
+
+
+ +

+The RC2 cipher type

+

Returns:
the RC2 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_rc2_64_cbc (void   ) 
+
+
+ +

+The RC2 cipher type

+

Returns:
the RC2 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_rc2_cbc (void   ) 
+
+
+ +

+The RC2 cipher type

+

Returns:
the RC2 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_rc4 (void   ) 
+
+
+ +

+The RC4 cipher type

+

Returns:
the RC4 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_rc4_40 (void   ) 
+
+
+ +

+The RC4-40 cipher type

+

Returns:
the RC4-40 EVP_CIPHER pointer.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_sha (void   ) 
+
+
+ +

+The message digest SHA1

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_sha1 (void   ) 
+
+
+ +

+The message digest SHA1

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_sha256 (void   ) 
+
+
+ +

+The message digest SHA256

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_sha384 (void   ) 
+
+
+ +

+The message digest SHA384

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_MD* EVP_sha512 (void   ) 
+
+
+ +

+The message digest SHA512

+

Returns:
the message digest type.
+ +
+

+ +

+
+ + + + + + + + + +
const EVP_CIPHER* EVP_wincrypt_des_ede3_cbc (void   ) 
+
+
+ +

+The tripple DES cipher type (Micrsoft crypt provider)

+

Returns:
the DES-EDE3-CBC EVP_CIPHER pointer.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:05 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__misc.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__misc.html new file mode 100644 index 00000000000..0201087ceea --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__misc.html @@ -0,0 +1,106 @@ + + +Heimdal crypto library: hcrypto miscellaneous functions + + + +

+keyhole logo +

+ + + +
+

hcrypto miscellaneous functions

+ + + + +

Functions

int PKCS5_PBKDF2_HMAC_SHA1 (const void *password, size_t password_len, const void *salt, size_t salt_len, unsigned long iter, size_t keylen, void *key)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int PKCS5_PBKDF2_HMAC_SHA1 (const void *  password,
size_t  password_len,
const void *  salt,
size_t  salt_len,
unsigned long  iter,
size_t  keylen,
void *  key 
)
+
+
+ +

+As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key.

+

Parameters:
+ + + + + + + + +
password Password.
password_len Length of password.
salt Salt
salt_len Length of salt.
iter iteration counter.
keylen the output key length.
key the output key.
+
+
Returns:
1 on success, non 1 on failure.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:05 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__rand.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__rand.html new file mode 100644 index 00000000000..9ee7243c4b9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__rand.html @@ -0,0 +1,425 @@ + + +Heimdal crypto library: RAND crypto functions + + + +

+keyhole logo +

+ + + +
+

RAND crypto functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

void RAND_seed (const void *indata, size_t size)
int RAND_bytes (void *outdata, size_t size)
void RAND_cleanup (void)
void RAND_add (const void *indata, size_t size, double entropi)
int RAND_pseudo_bytes (void *outdata, size_t size)
int RAND_status (void)
int RAND_set_rand_method (const RAND_METHOD *meth)
const RAND_METHOD * RAND_get_rand_method (void)
int RAND_set_rand_engine (ENGINE *engine)
int RAND_load_file (const char *filename, size_t size)
int RAND_write_file (const char *filename)
const char * RAND_file_name (char *filename, size_t size)
+

Detailed Description

+See the RAND - random number for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void RAND_add (const void *  indata,
size_t  size,
double  entropi 
)
+
+
+ +

+Seed that random number generator. Secret material can securely be feed into the function, they will never be returned.

+

Parameters:
+ + + + +
indata the input data.
size size of in data.
entropi entropi in data.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int RAND_bytes (void *  outdata,
size_t  size 
)
+
+
+ +

+Get a random block from the random generator, can be used for key material.

+

Parameters:
+ + + +
outdata random data
size length random data
+
+
Returns:
1 on success, 0 on failure.
+ +
+

+ +

+
+ + + + + + + + + +
void RAND_cleanup (void   ) 
+
+
+ +

+Reset and free memory used by the random generator. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
const char* RAND_file_name (char *  filename,
size_t  size 
)
+
+
+ +

+Return the default random state filename for a user to use for RAND_load_file(), and RAND_write_file().

+

Parameters:
+ + + +
filename buffer to hold file name.
size size of buffer filename.
+
+
Returns:
the buffer filename or NULL on failure.
+ +
+

+ +

+
+ + + + + + + + + +
const RAND_METHOD* RAND_get_rand_method (void   ) 
+
+
+ +

+Get the default random method. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int RAND_load_file (const char *  filename,
size_t  size 
)
+
+
+ +

+Load a a file and feed it into RAND_seed().

+

Parameters:
+ + + +
filename name of file to read.
size minimum size to read.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int RAND_pseudo_bytes (void *  outdata,
size_t  size 
)
+
+
+ +

+Get a random block from the random generator, should NOT be used for key material.

+

Parameters:
+ + + +
outdata random data
size length random data
+
+
Returns:
1 on success, 0 on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void RAND_seed (const void *  indata,
size_t  size 
)
+
+
+ +

+Seed that random number generator. Secret material can securely be feed into the function, they will never be returned.

+

Parameters:
+ + + +
indata seed data
size length seed data
+
+ +
+

+ +

+
+ + + + + + + + + +
int RAND_set_rand_engine (ENGINE *  engine  ) 
+
+
+ +

+Set the default random method from engine.

+

Parameters:
+ + +
engine use engine, if NULL is passed it, old method and engine is cleared.
+
+
Returns:
1 on success, 0 on failure.
+ +
+

+ +

+
+ + + + + + + + + +
int RAND_set_rand_method (const RAND_METHOD *  meth  ) 
+
+
+ +

+Set the default random method.

+

Parameters:
+ + +
meth set the new default method.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + +
int RAND_status (void   ) 
+
+
+ +

+Return status of the random generator

+

Returns:
1 if the random generator can deliver random data.
+ +
+

+ +

+
+ + + + + + + + + +
int RAND_write_file (const char *  filename  ) 
+
+
+ +

+Write of random numbers to a file to store for later initiation with RAND_load_file().

+

Parameters:
+ + +
filename name of file to write.
+
+
Returns:
1 on success and non-one on failure.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:05 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__rsa.html b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__rsa.html new file mode 100644 index 00000000000..271fb384374 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/group__hcrypto__rsa.html @@ -0,0 +1,278 @@ + + +Heimdal crypto library: RSA functions + + + +

+keyhole logo +

+ + + +
+

RSA functions

+ + + + + + + + + + + + + + + + + + +

Functions

RSA * RSA_new (void)
RSA * RSA_new_method (ENGINE *engine)
void RSA_free (RSA *rsa)
int RSA_up_ref (RSA *rsa)
const RSA_METHOD * RSA_get_method (const RSA *rsa)
int RSA_set_method (RSA *rsa, const RSA_METHOD *method)
int RSA_set_app_data (RSA *rsa, void *arg)
void * RSA_get_app_data (const RSA *rsa)
+

Detailed Description

+See the RSA - public-key cryptography for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + +
void RSA_free (RSA *  rsa  ) 
+
+
+ +

+Free an allocation RSA object.

+

Parameters:
+ + +
rsa the RSA object to free.
+
+ +
+

+ +

+
+ + + + + + + + + +
void* RSA_get_app_data (const RSA *  rsa  ) 
+
+
+ +

+Get the application data for the RSA object.

+

Parameters:
+ + +
rsa the rsa object to get the parameter for
+
+
Returns:
the data object
+ +
+

+ +

+
+ + + + + + + + + +
const RSA_METHOD* RSA_get_method (const RSA *  rsa  ) 
+
+
+ +

+Return the RSA_METHOD used for this RSA object.

+

Parameters:
+ + +
rsa the object to get the method from.
+
+
Returns:
the method used for this RSA object.
+ +
+

+ +

+
+ + + + + + + + + +
RSA* RSA_new (void   ) 
+
+
+ +

+Same as RSA_new_method() using NULL as engine.

+

Returns:
a newly allocated RSA object. Free with RSA_free().
+ +
+

+ +

+
+ + + + + + + + + +
RSA* RSA_new_method (ENGINE *  engine  ) 
+
+
+ +

+Allocate a new RSA object using the engine, if NULL is specified as the engine, use the default RSA engine as returned by ENGINE_get_default_RSA().

+

Parameters:
+ + +
engine Specific what ENGINE RSA provider should be used.
+
+
Returns:
a newly allocated RSA object. Free with RSA_free().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int RSA_set_app_data (RSA *  rsa,
void *  arg 
)
+
+
+ +

+Set the application data for the RSA object.

+

Parameters:
+ + + +
rsa the rsa object to set the parameter for
arg the data object to store
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int RSA_set_method (RSA *  rsa,
const RSA_METHOD *  method 
)
+
+
+ +

+Set a new method for the RSA keypair.

+

Parameters:
+ + + +
rsa rsa parameter.
method the new method for the RSA parameter.
+
+
Returns:
1 on success.
+ +
+

+ +

+
+ + + + + + + + + +
int RSA_up_ref (RSA *  rsa  ) 
+
+
+ +

+Add an extra reference to the RSA object. The object should be free with RSA_free() to drop the reference.

+

Parameters:
+ + +
rsa the object to add reference counting too.
+
+
Returns:
the current reference count, can't safely be used except for debug printing.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/index.html b/crypto/heimdal/doc/doxyout/hcrypto/html/index.html new file mode 100644 index 00000000000..cb584f200a3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/index.html @@ -0,0 +1,47 @@ + + +Heimdal crypto library: Heimdal crypto library + + + +

+keyhole logo +

+ + + +
+

Heimdal crypto library

+

+

1.5.1

+Introduction

+Heimdal libhcrypto library is a implementation many crypto algorithms, among others: AES, SHA, DES, RSA, Camellia and many help function.

+hcrypto provies a OpenSSL compatible interface libcrypto interface and is licensed under a 3 clause BSD license (GPL compatible).

+The project web page: http://www.h5l.org/

+Sections of this manual:

+

+

+Older interfaces that you should not use:

+

+

+Control functions

+Functions controlling general behavior, like adding algorithms, are documented in this module: hcrypto function controlling behavior .

+Return values

+Return values are diffrent in this module to be compatible with OpenSSL interface. The diffrence is that on success 1 is returned instead of the customary 0.

+History

+Eric Young implemented DES in the library libdes, that grew into libcrypto in the ssleay package. ssleay went into recession and then got picked up by the OpenSSL (htp://www.openssl.org/) project.

+libhcrypto is an independent implementation with no code decended from ssleay/openssl. Both includes some common imported code, for example the AES implementation.

+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/modules.html b/crypto/heimdal/doc/doxyout/hcrypto/html/modules.html new file mode 100644 index 00000000000..a1e577f4d8b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/modules.html @@ -0,0 +1,35 @@ + + +Heimdal crypto library: Module Index + + + +

+keyhole logo +

+ + + +
+

Modules

Here is a list of all modules: +
+
+Generated on Fri Sep 30 15:26:05 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/page_des.html b/crypto/heimdal/doc/doxyout/hcrypto/html/page_des.html new file mode 100644 index 00000000000..7358055b49b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/page_des.html @@ -0,0 +1,45 @@ + + +Heimdal crypto library: DES - Data Encryption Standard crypto interface + + + +

+keyhole logo +

+ + + +
+

DES - Data Encryption Standard crypto interface

See the library functions here: DES crypto functions

+DES was created by IBM, modififed by NSA and then adopted by NBS (now NIST) and published ad FIPS PUB 46 (updated by FIPS 46-1).

+Since the 19th May 2005 DES was withdrawn by NIST and should no longer be used. See EVP - generic crypto interface for replacement encryption algorithms and interfaces.

+Read more the iteresting history of DES on Wikipedia http://www.wikipedia.org/wiki/Data_Encryption_Standard .

+DES key generation

+To generate a DES key safely you have to use the code-snippet below. This is because the DES_random_key() can fail with an abort() in case of and failure to start the random generator.

+There is a replacement function DES_new_random_key(), however that function does not exists in OpenSSL.

+

 DES_cblock key;
+ do {
+     if (RAND_rand(&key, sizeof(key)) != 1)
+          goto failure;
+     DES_set_odd_parity(key);
+ } while (DES_is_weak_key(&key));
+

+DES implementation history

+There was no complete BSD licensed, fast, GPL compatible implementation of DES, so Love wrote the part that was missing, fast key schedule setup and adapted the interface to the orignal libdes.

+The document that got me started for real was "Efficient Implementation of the Data Encryption Standard" by Dag Arne Osvik. I never got to the PC1 transformation was working, instead I used table-lookup was used for all key schedule setup. The document was very useful since it de-mystified other implementations for me.

+The core DES function (SBOX + P transformation) is from Richard Outerbridge public domain DES implementation. My sanity is saved thanks to his work. Thank you Richard.

+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/page_dh.html b/crypto/heimdal/doc/doxyout/hcrypto/html/page_dh.html new file mode 100644 index 00000000000..09e4bd10917 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/page_dh.html @@ -0,0 +1,30 @@ + + +Heimdal crypto library: DH - Diffie-Hellman key exchange + + + +

+keyhole logo +

+ + + +
+

DH - Diffie-Hellman key exchange

Diffie-Hellman key exchange is a protocol that allows two parties to establish a shared secret key.

+Include and example how to use DH_new() and friends here.

+See the library functions here: Diffie-Hellman functions

+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/page_evp.html b/crypto/heimdal/doc/doxyout/hcrypto/html/page_evp.html new file mode 100644 index 00000000000..1ee28d058b0 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/page_evp.html @@ -0,0 +1,30 @@ + + +Heimdal crypto library: EVP - generic crypto interface + + + +

+keyhole logo +

+ + + +
+

EVP - generic crypto interface

See the library functions here: EVP generic crypto functions

+EVP Cipher

+The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to understand forward, then EVP_CipherUpdate() and EVP_CipherFinal_ex() really needs an example to explain example_evp_cipher::c .
+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/page_rand.html b/crypto/heimdal/doc/doxyout/hcrypto/html/page_rand.html new file mode 100644 index 00000000000..a581d764fa2 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/page_rand.html @@ -0,0 +1,28 @@ + + +Heimdal crypto library: RAND - random number + + + +

+keyhole logo +

+ + + +
+

RAND - random number

See the library functions here: RAND crypto functions
+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/page_rsa.html b/crypto/heimdal/doc/doxyout/hcrypto/html/page_rsa.html new file mode 100644 index 00000000000..36051397adb --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/page_rsa.html @@ -0,0 +1,31 @@ + + +Heimdal crypto library: RSA - public-key cryptography + + + +

+keyhole logo +

+ + + +
+

RSA - public-key cryptography

RSA is named by its inventors (Ron Rivest, Adi Shamir, and Leonard Adleman) (published in 1977), patented expired in 21 September 2000.

+Speed for RSA in seconds no key blinding 1000 iteration, same rsa keys (1024 and 2048) operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern

+name 1024 2048 4098 ================================= gmp: 0.73 6.60 44.80 tfm: 2.45 -- -- ltm: 3.79 20.74 105.41 (default in hcrypto) openssl: 4.04 11.90 82.59 cdsa: 15.89 102.89 721.40 imath: 40.62 -- --

+See the library functions here: RSA functions

+
+Generated on Fri Sep 30 15:26:03 2011 for Heimdal crypto library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/tab_b.gif b/crypto/heimdal/doc/doxyout/hcrypto/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hcrypto/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/tab_l.gif b/crypto/heimdal/doc/doxyout/hcrypto/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hcrypto/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/tab_r.gif b/crypto/heimdal/doc/doxyout/hcrypto/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hcrypto/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/hcrypto/html/tabs.css b/crypto/heimdal/doc/doxyout/hcrypto/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cbc_cksum.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cbc_cksum.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cbc_cksum.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cbc_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cbc_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cbc_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cfb64_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cfb64_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_cfb64_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_check_key_parity.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_check_key_parity.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_check_key_parity.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ecb3_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ecb3_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ecb3_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ecb_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ecb_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ecb_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ede3_cbc_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ede3_cbc_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_ede3_cbc_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_init_random_number_generator.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_init_random_number_generator.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_init_random_number_generator.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_is_weak_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_is_weak_key.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_is_weak_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_key_sched.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_key_sched.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_key_sched.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_new_random_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_new_random_key.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_new_random_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_pcbc_encrypt.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_pcbc_encrypt.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_pcbc_encrypt.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_random_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_random_key.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_random_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key_checked.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key_checked.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key_checked.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key_unchecked.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key_unchecked.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_key_unchecked.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_odd_parity.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_odd_parity.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_set_odd_parity.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_string_to_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_string_to_key.3 new file mode 100644 index 00000000000..427856f72d1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DES_string_to_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_des.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_check_pubkey.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_check_pubkey.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_check_pubkey.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_compute_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_compute_key.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_compute_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_free.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_free.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_free.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_generate_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_generate_key.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_generate_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_generate_parameters_ex.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_generate_parameters_ex.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_generate_parameters_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_get_default_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_get_default_method.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_get_default_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_get_ex_data.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_get_ex_data.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_get_ex_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_ltm_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_ltm_method.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_ltm_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_new.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_new.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_new.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_new_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_new_method.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_new_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_null_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_null_method.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_null_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_default_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_default_method.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_default_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_ex_data.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_ex_data.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_ex_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_method.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_set_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_size.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_up_ref.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_up_ref.3 new file mode 100644 index 00000000000..ade37d85c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/DH_up_ref.3 @@ -0,0 +1 @@ +.so man3/hcrypto_dh.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_BytesToKey.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_BytesToKey.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_BytesToKey.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 new file mode 100644 index 00000000000..2245f894556 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_init.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_init.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_init.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 new file mode 100644 index 00000000000..2245f894556 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_block_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_block_size.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_iv_length.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_iv_length.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_iv_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_key_length.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_key_length.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CIPHER_key_length.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherFinal_ex.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherFinal_ex.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherFinal_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherInit_ex.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherInit_ex.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherInit_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherUpdate.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherUpdate.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_CipherUpdate.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_Digest.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_Digest.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_Digest.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestFinal_ex.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestFinal_ex.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestFinal_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestInit_ex.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestInit_ex.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestInit_ex.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestUpdate.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestUpdate.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_DigestUpdate.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_block_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_block_size.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_cleanup.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_cleanup.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_cleanup.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_create.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_create.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_create.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_destroy.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_destroy.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_destroy.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_init.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_init.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_init.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_md.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_md.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_md.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_size.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_CTX_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_block_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_block_size.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_block_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_size.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_size.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_MD_size.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_128_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_128_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_128_cfb8.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_128_cfb8.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_128_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_192_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_192_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_192_cfb8.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_192_cfb8.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_192_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_256_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_256_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_256_cfb8.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_256_cfb8.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_aes_256_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_128_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_128_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_192_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_192_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_256_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_256_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_camellia_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_des_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_des_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_des_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_des_ede3_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_des_ede3_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_des_ede3_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_enc_null.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_enc_null.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_enc_null.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_get_cipherbyname.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_get_cipherbyname.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_get_cipherbyname.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_des_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_des_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_des_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md2.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md2.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md2.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md4.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md4.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md4.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md5.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md5.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_md5.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha1.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha1.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha1.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha256.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha256.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha256.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha384.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha384.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha384.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha512.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha512.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_hcrypto_sha512.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md2.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md2.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md2.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md4.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md4.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md4.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md5.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md5.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md5.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md_null.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md_null.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_md_null.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_40_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_40_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_40_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_64_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_64_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_64_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc4.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc4.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc4.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc4_40.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc4_40.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_rc4_40.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha1.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha1.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha1.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha256.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha256.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha256.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha384.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha384.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha384.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha512.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha512.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_sha512.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 new file mode 100644 index 00000000000..d526f956e4f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 @@ -0,0 +1 @@ +.so man3/hcrypto_evp.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100644 index 00000000000..2245f894556 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 new file mode 100644 index 00000000000..2245f894556 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 new file mode 100644 index 00000000000..2245f894556 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 @@ -0,0 +1 @@ +.so man3/hcrypto_core.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 new file mode 100644 index 00000000000..a6545bd8d82 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 @@ -0,0 +1 @@ +.so man3/hcrypto_misc.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_add.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_add.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_add.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_bytes.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_bytes.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_bytes.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_cleanup.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_cleanup.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_cleanup.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_file_name.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_file_name.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_file_name.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_get_rand_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_get_rand_method.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_get_rand_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_load_file.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_load_file.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_load_file.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_pseudo_bytes.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_pseudo_bytes.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_pseudo_bytes.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_seed.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_seed.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_seed.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_set_rand_engine.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_set_rand_engine.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_set_rand_engine.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_set_rand_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_set_rand_method.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_set_rand_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_status.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_status.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_status.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_write_file.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_write_file.3 new file mode 100644 index 00000000000..321ba4cdcba --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RAND_write_file.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rand.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_free.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_free.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_free.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_get_app_data.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_get_app_data.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_get_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_get_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_get_method.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_get_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_new.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_new.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_new.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_new_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_new_method.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_new_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_set_app_data.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_set_app_data.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_set_app_data.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_set_method.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_set_method.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_set_method.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_up_ref.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_up_ref.3 new file mode 100644 index 00000000000..9f1f31caccf --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/RSA_up_ref.3 @@ -0,0 +1 @@ +.so man3/hcrypto_rsa.3 diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_core.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_core.3 new file mode 100644 index 00000000000..03d62c7d6e0 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_core.3 @@ -0,0 +1,76 @@ +.TH "hcrypto function controlling behavior" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto function controlling behavior \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_rand_key\fP (EVP_CIPHER_CTX *ctx, void *key)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_ctrl\fP (EVP_CIPHER_CTX *ctx, int type, int arg, void *data)" +.br +.ti -1c +.RI "void \fBOpenSSL_add_all_algorithms\fP (void)" +.br +.ti -1c +.RI "void \fBOpenSSL_add_all_algorithms_conf\fP (void)" +.br +.ti -1c +.RI "void \fBOpenSSL_add_all_algorithms_noconf\fP (void)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int EVP_CIPHER_CTX_ctrl (EVP_CIPHER_CTX * ctx, int type, int arg, void * data)" +.PP +Perform a operation on a ctx +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP context to perform operation on. +.br +\fItype\fP type of operation. +.br +\fIarg\fP argument to operation. +.br +\fIdata\fP addition data to operation. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 for success, 0 for failure. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_rand_key (EVP_CIPHER_CTX * ctx, void * key)" +.PP +Generate a random key for the specificed EVP_CIPHER. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP EVP_CIPHER_CTX type to build the key for. +.br +\fIkey\fP return key, must be at least \fBEVP_CIPHER_key_length()\fP byte long. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 for success, 0 for failure. +.RE +.PP + +.SS "void OpenSSL_add_all_algorithms (void)" +.PP +Add all algorithms to the crypto core. +.SS "void OpenSSL_add_all_algorithms_conf (void)" +.PP +Add all algorithms to the crypto core using configuration file. +.SS "void OpenSSL_add_all_algorithms_noconf (void)" +.PP +Add all algorithms to the crypto core, but don't use the configuration file. diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_des.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_des.3 new file mode 100644 index 00000000000..829d3e64534 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_des.3 @@ -0,0 +1,392 @@ +.TH "DES crypto functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +DES crypto functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBDES_set_odd_parity\fP (DES_cblock *key)" +.br +.ti -1c +.RI "int HC_DEPRECATED \fBDES_check_key_parity\fP (DES_cblock *key)" +.br +.ti -1c +.RI "int \fBDES_is_weak_key\fP (DES_cblock *key)" +.br +.ti -1c +.RI "int HC_DEPRECATED \fBDES_set_key\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "int \fBDES_set_key_unchecked\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "int \fBDES_set_key_checked\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "int \fBDES_key_sched\fP (DES_cblock *key, DES_key_schedule *ks)" +.br +.ti -1c +.RI "void \fBDES_encrypt\fP (uint32_t u[2], DES_key_schedule *ks, int encp)" +.br +.ti -1c +.RI "void \fBDES_ecb_encrypt\fP (DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int encp)" +.br +.ti -1c +.RI "void \fBDES_cbc_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int encp)" +.br +.ti -1c +.RI "void \fBDES_pcbc_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int encp)" +.br +.ti -1c +.RI "void \fBDES_ecb3_encrypt\fP (DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, int encp)" +.br +.ti -1c +.RI "void \fBDES_ede3_cbc_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *iv, int encp)" +.br +.ti -1c +.RI "void \fBDES_cfb64_encrypt\fP (const void *in, void *out, long length, DES_key_schedule *ks, DES_cblock *iv, int *num, int encp)" +.br +.ti -1c +.RI "uint32_t \fBDES_cbc_cksum\fP (const void *in, DES_cblock *output, long length, DES_key_schedule *ks, DES_cblock *iv)" +.br +.ti -1c +.RI "void \fBDES_string_to_key\fP (const char *str, DES_cblock *key)" +.br +.ti -1c +.RI "int HC_DEPRECATED \fBDES_new_random_key\fP (DES_cblock *key)" +.br +.ti -1c +.RI "void HC_DEPRECATED \fBDES_init_random_number_generator\fP (DES_cblock *seed)" +.br +.ti -1c +.RI "void HC_DEPRECATED \fBDES_random_key\fP (DES_cblock *key)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBDES - Data Encryption Standard crypto interface\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "uint32_t DES_cbc_cksum (const void * in, DES_cblock * output, long length, DES_key_schedule * ks, DES_cblock * iv)" +.PP +Crete a checksum using DES in CBC encryption mode. This mode is only used for Kerberos 4, and it should stay that way. +.PP +The IV must always be diffrent for diffrent input data blocks. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP data to checksum +.br +\fIoutput\fP the checksum +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.RE +.PP + +.SS "void DES_cbc_encrypt (const void * in, void * out, long length, DES_key_schedule * ks, DES_cblock * iv, int encp)" +.PP +Encrypt/decrypt a block using DES in Chain Block Cipher mode (cbc). +.PP +The IV must always be diffrent for diffrent input data blocks. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "void DES_cfb64_encrypt (const void * in, void * out, long length, DES_key_schedule * ks, DES_cblock * iv, int * num, int encp)" +.PP +Encrypt/decrypt using DES in cipher feedback mode with 64 bit feedback. +.PP +The IV must always be diffrent for diffrent input data blocks. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fInum\fP offset into in cipher block encryption/decryption stop last time. +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "int HC_DEPRECATED DES_check_key_parity (DES_cblock * key)" +.PP +Check if the key have correct parity. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP key to check the parity. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success, 0 on failure. +.RE +.PP + +.SS "void DES_ecb3_encrypt (DES_cblock * input, DES_cblock * output, DES_key_schedule * ks1, DES_key_schedule * ks2, DES_key_schedule * ks3, int encp)" +.PP +Encrypt/decrypt a block using triple DES using EDE mode, encrypt/decrypt/encrypt. +.PP +\fBParameters:\fP +.RS 4 +\fIinput\fP data to encrypt +.br +\fIoutput\fP data to encrypt +.br +\fIks1\fP key schedule to use +.br +\fIks2\fP key schedule to use +.br +\fIks3\fP key schedule to use +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "void DES_ecb_encrypt (DES_cblock * input, DES_cblock * output, DES_key_schedule * ks, int encp)" +.PP +Encrypt/decrypt a block using DES. +.PP +\fBParameters:\fP +.RS 4 +\fIinput\fP data to encrypt +.br +\fIoutput\fP data to encrypt +.br +\fIks\fP key schedule to use +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "void DES_ede3_cbc_encrypt (const void * in, void * out, long length, DES_key_schedule * ks1, DES_key_schedule * ks2, DES_key_schedule * ks3, DES_cblock * iv, int encp)" +.PP +Encrypt/decrypt using Triple DES in Chain Block Cipher mode (cbc). +.PP +The IV must always be diffrent for diffrent input data blocks. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks1\fP key schedule to use +.br +\fIks2\fP key schedule to use +.br +\fIks3\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "void DES_encrypt (uint32_t u[2], DES_key_schedule * ks, int encp)" +.PP +Encrypt/decrypt a block using DES. Also called ECB mode +.PP +\fBParameters:\fP +.RS 4 +\fIu\fP data to encrypt +.br +\fIks\fP key schedule to use +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "void HC_DEPRECATED DES_init_random_number_generator (DES_cblock * seed)" +.PP +Seed the random number generator. Deprecated, use \fBRAND - random number\fP +.PP +\fBParameters:\fP +.RS 4 +\fIseed\fP a seed to seed that random number generate with. +.RE +.PP + +.SS "int DES_is_weak_key (DES_cblock * key)" +.PP +Checks if the key is any of the weaks keys that makes DES attacks trival. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP key to check. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 if the key is weak, 0 otherwise. +.RE +.PP + +.SS "int DES_key_sched (DES_cblock * key, DES_key_schedule * ks)" +.PP +Compatibility function for eay libdes, works just like \fBDES_set_key_checked()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with. +.br +\fIks\fP a key schedule to initialize. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, -1 on invalid parity, -2 on weak key. +.RE +.PP + +.SS "int HC_DEPRECATED DES_new_random_key (DES_cblock * key)" +.PP +Generate a random des key using a random block, fixup parity and skip weak keys. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP is set to a random key. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, non zero on random number generator failure. +.RE +.PP + +.SS "void DES_pcbc_encrypt (const void * in, void * out, long length, DES_key_schedule * ks, DES_cblock * iv, int encp)" +.PP +Encrypt/decrypt a block using DES in Propagating Cipher Block Chaining mode. This mode is only used for Kerberos 4, and it should stay that way. +.PP +The IV must always be diffrent for diffrent input data blocks. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP data to encrypt +.br +\fIout\fP data to encrypt +.br +\fIlength\fP length of data +.br +\fIks\fP key schedule to use +.br +\fIiv\fP initial vector to use +.br +\fIencp\fP if non zero, encrypt. if zero, decrypt. +.RE +.PP + +.SS "void HC_DEPRECATED DES_random_key (DES_cblock * key)" +.PP +Generate a random key, deprecated since it doesn't return an error code, use \fBDES_new_random_key()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP is set to a random key. +.RE +.PP + +.SS "int HC_DEPRECATED DES_set_key (DES_cblock * key, DES_key_schedule * ks)" +.PP +Setup a des key schedule from a key. Deprecated function, use \fBDES_set_key_unchecked()\fP or \fBDES_set_key_checked()\fP instead. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with. +.br +\fIks\fP a key schedule to initialize. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success +.RE +.PP + +.SS "int DES_set_key_checked (DES_cblock * key, DES_key_schedule * ks)" +.PP +Just like \fBDES_set_key_unchecked()\fP except checking that the key is not weak for or have correct parity. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with. +.br +\fIks\fP a key schedule to initialize. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, -1 on invalid parity, -2 on weak key. +.RE +.PP + +.SS "int DES_set_key_unchecked (DES_cblock * key, DES_key_schedule * ks)" +.PP +Setup a des key schedule from a key. The key is no longer needed after this transaction and can cleared. +.PP +Does NOT check that the key is weak for or have wrong parity. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP a key to initialize the key schedule with. +.br +\fIks\fP a key schedule to initialize. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success +.RE +.PP + +.SS "void DES_set_odd_parity (DES_cblock * key)" +.PP +Set the parity of the key block, used to generate a des key from a random key. See \fBDES key generation\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP key to fixup the parity for. +.RE +.PP + +.SS "void DES_string_to_key (const char * str, DES_cblock * key)" +.PP +Convert a string to a DES key. Use something like \fBPKCS5_PBKDF2_HMAC_SHA1()\fP to create key from passwords. +.PP +\fBParameters:\fP +.RS 4 +\fIstr\fP The string to convert to a key +.br +\fIkey\fP the resulting key +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_dh.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_dh.3 new file mode 100644 index 00000000000..3b45ee542f7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_dh.3 @@ -0,0 +1,310 @@ +.TH "Diffie-Hellman functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Diffie-Hellman functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "const DH_METHOD * \fBDH_ltm_method\fP (void)" +.br +.ti -1c +.RI "DH * \fBDH_new\fP (void)" +.br +.ti -1c +.RI "DH * \fBDH_new_method\fP (ENGINE *engine)" +.br +.ti -1c +.RI "void \fBDH_free\fP (DH *dh)" +.br +.ti -1c +.RI "int \fBDH_up_ref\fP (DH *dh)" +.br +.ti -1c +.RI "int \fBDH_size\fP (const DH *dh)" +.br +.ti -1c +.RI "int \fBDH_set_ex_data\fP (DH *dh, int idx, void *data)" +.br +.ti -1c +.RI "void * \fBDH_get_ex_data\fP (DH *dh, int idx)" +.br +.ti -1c +.RI "int \fBDH_generate_parameters_ex\fP (DH *dh, int prime_len, int generator, BN_GENCB *cb)" +.br +.ti -1c +.RI "int \fBDH_check_pubkey\fP (const DH *dh, const BIGNUM *pub_key, int *codes)" +.br +.ti -1c +.RI "int \fBDH_generate_key\fP (DH *dh)" +.br +.ti -1c +.RI "int \fBDH_compute_key\fP (unsigned char *shared_key, const BIGNUM *peer_pub_key, DH *dh)" +.br +.ti -1c +.RI "int \fBDH_set_method\fP (DH *dh, const DH_METHOD *method)" +.br +.ti -1c +.RI "const DH_METHOD * \fBDH_null_method\fP (void)" +.br +.ti -1c +.RI "void \fBDH_set_default_method\fP (const DH_METHOD *meth)" +.br +.ti -1c +.RI "const DH_METHOD * \fBDH_get_default_method\fP (void)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBDH - Diffie-Hellman key exchange\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int DH_check_pubkey (const DH * dh, const BIGNUM * pub_key, int * codes)" +.PP +Check that the public key is sane. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP the local peer DH parameters. +.br +\fIpub_key\fP the remote peer public key parameters. +.br +\fIcodes\fP return that the failures of the pub_key are. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success, 0 on failure and *codes is set the the combined fail check for the public key +.RE +.PP + +.PP +Checks that the function performs are: +.IP "\(bu" 2 +pub_key is not negative +.PP +.PP +.IP "\(bu" 2 +pub_key > 1 and pub_key < p - 1, to avoid small subgroups attack. +.PP +.PP +.IP "\(bu" 2 +if g == 2, pub_key have more then one bit set, if bits set is 1, log_2(pub_key) is trival +.PP + +.SS "int DH_compute_key (unsigned char * shared_key, const BIGNUM * peer_pub_key, DH * dh)" +.PP +Complute the shared secret key. +.PP +\fBParameters:\fP +.RS 4 +\fIshared_key\fP the resulting shared key, need to be at least \fBDH_size()\fP large. +.br +\fIpeer_pub_key\fP the peer's public key. +.br +\fIdh\fP the dh key pair. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.PP +Checks that the pubkey passed in is valid using \fBDH_check_pubkey()\fP. +.SS "void DH_free (DH * dh)" +.PP +Free a DH object and release related resources, like ENGINE, that the object was using. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP object to be freed. +.RE +.PP + +.SS "int DH_generate_key (DH * dh)" +.PP +Generate a new DH private-public key pair. The dh parameter must be allocted first with \fBDH_new()\fP. dh->p and dp->g must be set. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP dh parameter. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int DH_generate_parameters_ex (DH * dh, int prime_len, int generator, BN_GENCB * cb)" +.PP +Generate DH parameters for the DH object give parameters. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP The DH object to generate parameters for. +.br +\fIprime_len\fP length of the prime +.br +\fIgenerator\fP generator, g +.br +\fIcb\fP Callback parameters to show progress, can be NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +the maximum size in bytes of the out data. +.RE +.PP + +.SS "const DH_METHOD* DH_get_default_method (void)" +.PP +Return the default DH implementation. +.PP +\fBReturns:\fP +.RS 4 +pointer to a DH_METHOD. +.RE +.PP + +.SS "void* DH_get_ex_data (DH * dh, int idx)" +.PP +Get the data for index idx in the DH object. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP DH object. +.br +\fIidx\fP index to get the data for. +.RE +.PP +\fBReturns:\fP +.RS 4 +the object store in index idx +.RE +.PP + +.SS "const DH_METHOD* DH_ltm_method (void)" +.PP +DH implementation using libtommath. +.PP +\fBReturns:\fP +.RS 4 +the DH_METHOD for the DH implementation using libtommath. +.RE +.PP + +.SS "DH* DH_new (void)" +.PP +Create a new DH object using DH_new_method(NULL), see \fBDH_new_method()\fP. +.PP +\fBReturns:\fP +.RS 4 +a newly allocated DH object. +.RE +.PP + +.SS "DH* DH_new_method (ENGINE * engine)" +.PP +Create a new DH object from the given engine, if the NULL is used, the default engine is used. Free the DH object with \fBDH_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIengine\fP The engine to use to allocate the DH object. +.RE +.PP +\fBReturns:\fP +.RS 4 +a newly allocated DH object. +.RE +.PP + +.SS "const DH_METHOD* DH_null_method (void)" +.PP +Return the dummy DH implementation. +.PP +\fBReturns:\fP +.RS 4 +pointer to a DH_METHOD. +.RE +.PP + +.SS "void DH_set_default_method (const DH_METHOD * meth)" +.PP +Set the default DH implementation. +.PP +\fBParameters:\fP +.RS 4 +\fImeth\fP pointer to a DH_METHOD. +.RE +.PP + +.SS "int DH_set_ex_data (DH * dh, int idx, void * data)" +.PP +Set the data index idx in the DH object to data. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP DH object. +.br +\fIidx\fP index to set the data for. +.br +\fIdata\fP data to store for the index idx. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int DH_set_method (DH * dh, const DH_METHOD * method)" +.PP +Set a new method for the DH keypair. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP dh parameter. +.br +\fImethod\fP the new method for the DH parameter. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int DH_size (const DH * dh)" +.PP +The maximum output size of the \fBDH_compute_key()\fP function. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP The DH object to get the size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the maximum size in bytes of the out data. +.RE +.PP + +.SS "int DH_up_ref (DH * dh)" +.PP +Add a reference to the DH object. The object should be free with \fBDH_free()\fP to drop the reference. +.PP +\fBParameters:\fP +.RS 4 +\fIdh\fP the object to increase the reference count too. +.RE +.PP +\fBReturns:\fP +.RS 4 +the updated reference count, can't safely be used except for debug printing. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 new file mode 100644 index 00000000000..ef1eb07fa5d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_evp.3 @@ -0,0 +1,1299 @@ +.TH "EVP generic crypto functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +EVP generic crypto functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_wincrypt_des_ede3_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_256_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_128_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_192_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_aes_256_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha256\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha384\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha512\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_sha1\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_md5\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_md4\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_hcrypto_md2\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_des_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_des_ede3_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_40_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_rc2_64_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_hcrypto_camellia_256_cbc\fP (void)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_size\fP (const EVP_MD *md)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_block_size\fP (const EVP_MD *md)" +.br +.ti -1c +.RI "EVP_MD_CTX * \fBEVP_MD_CTX_create\fP (void)" +.br +.ti -1c +.RI "void \fBEVP_MD_CTX_init\fP (EVP_MD_CTX *ctx) HC_DEPRECATED" +.br +.ti -1c +.RI "void \fBEVP_MD_CTX_destroy\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "int \fBEVP_MD_CTX_cleanup\fP (EVP_MD_CTX *ctx) HC_DEPRECATED" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_MD_CTX_md\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_CTX_size\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_MD_CTX_block_size\fP (EVP_MD_CTX *ctx)" +.br +.ti -1c +.RI "int \fBEVP_DigestInit_ex\fP (EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)" +.br +.ti -1c +.RI "int \fBEVP_DigestUpdate\fP (EVP_MD_CTX *ctx, const void *data, size_t size)" +.br +.ti -1c +.RI "int \fBEVP_DigestFinal_ex\fP (EVP_MD_CTX *ctx, void *hash, unsigned int *size)" +.br +.ti -1c +.RI "int \fBEVP_Digest\fP (const void *data, size_t dsize, void *hash, unsigned int *hsize, const EVP_MD *md, ENGINE *engine)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha256\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha384\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha512\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha1\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_sha\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md5\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md4\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md2\fP (void)" +.br +.ti -1c +.RI "const EVP_MD * \fBEVP_md_null\fP (void)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_block_size\fP (const EVP_CIPHER *c)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_key_length\fP (const EVP_CIPHER *c)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_iv_length\fP (const EVP_CIPHER *c)" +.br +.ti -1c +.RI "void \fBEVP_CIPHER_CTX_init\fP (EVP_CIPHER_CTX *c)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_cleanup\fP (EVP_CIPHER_CTX *c)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_set_key_length\fP (EVP_CIPHER_CTX *c, int length)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_CIPHER_CTX_cipher\fP (EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_CTX_block_size\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_CTX_key_length\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "size_t \fBEVP_CIPHER_CTX_iv_length\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "unsigned long \fBEVP_CIPHER_CTX_flags\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "int \fBEVP_CIPHER_CTX_mode\fP (const EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "void * \fBEVP_CIPHER_CTX_get_app_data\fP (EVP_CIPHER_CTX *ctx)" +.br +.ti -1c +.RI "void \fBEVP_CIPHER_CTX_set_app_data\fP (EVP_CIPHER_CTX *ctx, void *data)" +.br +.ti -1c +.RI "int \fBEVP_CipherInit_ex\fP (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, const void *key, const void *iv, int encp)" +.br +.ti -1c +.RI "int \fBEVP_CipherUpdate\fP (EVP_CIPHER_CTX *ctx, void *out, int *outlen, void *in, size_t inlen)" +.br +.ti -1c +.RI "int \fBEVP_CipherFinal_ex\fP (EVP_CIPHER_CTX *ctx, void *out, int *outlen)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_enc_null\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc2_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc2_40_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc2_64_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc4\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_rc4_40\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_des_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_des_ede3_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_256_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_128_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_192_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_aes_256_cfb8\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_camellia_128_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_camellia_192_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_camellia_256_cbc\fP (void)" +.br +.ti -1c +.RI "const EVP_CIPHER * \fBEVP_get_cipherbyname\fP (const char *name)" +.br +.ti -1c +.RI "int \fBEVP_BytesToKey\fP (const EVP_CIPHER *type, const EVP_MD *md, const void *salt, const void *data, size_t datalen, unsigned int count, void *keydata, void *ivdata)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBEVP - generic crypto interface\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "const EVP_CIPHER* EVP_aes_128_cbc (void)" +.PP +The AES-128 cipher type +.PP +\fBReturns:\fP +.RS 4 +the AES-128 EVP_CIPHER pointer. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "const EVP_CIPHER* EVP_aes_128_cfb8 (void)" +.PP +The AES-128 cipher type +.PP +\fBReturns:\fP +.RS 4 +the AES-128 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_192_cbc (void)" +.PP +The AES-192 cipher type +.PP +\fBReturns:\fP +.RS 4 +the AES-192 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_192_cfb8 (void)" +.PP +The AES-192 cipher type +.PP +\fBReturns:\fP +.RS 4 +the AES-192 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_256_cbc (void)" +.PP +The AES-256 cipher type +.PP +\fBReturns:\fP +.RS 4 +the AES-256 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_aes_256_cfb8 (void)" +.PP +The AES-256 cipher type +.PP +\fBReturns:\fP +.RS 4 +the AES-256 EVP_CIPHER pointer. +.RE +.PP + +.SS "int EVP_BytesToKey (const EVP_CIPHER * type, const EVP_MD * md, const void * salt, const void * data, size_t datalen, unsigned int count, void * keydata, void * ivdata)" +.PP +Provides a legancy string to key function, used in PEM files. +.PP +New protocols should use new string to key functions like NIST SP56-800A or PKCS#5 v2.0 (see \fBPKCS5_PBKDF2_HMAC_SHA1()\fP). +.PP +\fBParameters:\fP +.RS 4 +\fItype\fP type of cipher to use +.br +\fImd\fP message digest to use +.br +\fIsalt\fP salt salt string, should be an binary 8 byte buffer. +.br +\fIdata\fP the password/input key string. +.br +\fIdatalen\fP length of data parameter. +.br +\fIcount\fP iteration counter. +.br +\fIkeydata\fP output keydata, needs to of the size \fBEVP_CIPHER_key_length()\fP. +.br +\fIivdata\fP output ivdata, needs to of the size \fBEVP_CIPHER_block_size()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +the size of derived key. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_camellia_128_cbc (void)" +.PP +The Camellia-128 cipher type +.PP +\fBReturns:\fP +.RS 4 +the Camellia-128 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_camellia_192_cbc (void)" +.PP +The Camellia-198 cipher type +.PP +\fBReturns:\fP +.RS 4 +the Camellia-198 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_camellia_256_cbc (void)" +.PP +The Camellia-256 cipher type +.PP +\fBReturns:\fP +.RS 4 +the Camellia-256 EVP_CIPHER pointer. +.RE +.PP + +.SS "size_t EVP_CIPHER_block_size (const EVP_CIPHER * c)" +.PP +Return the block size of the cipher. +.PP +\fBParameters:\fP +.RS 4 +\fIc\fP cipher to get the block size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the block size of the cipher. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "size_t EVP_CIPHER_CTX_block_size (const EVP_CIPHER_CTX * ctx)" +.PP +Return the block size of the cipher context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP cipher context to get the block size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the block size of the cipher context. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_CIPHER_CTX_cipher (EVP_CIPHER_CTX * ctx)" +.PP +Return the EVP_CIPHER for a EVP_CIPHER_CTX context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to get the cipher type from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the EVP_CIPHER pointer. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX * c)" +.PP +Clean up the EVP_CIPHER_CTX context. +.PP +\fBParameters:\fP +.RS 4 +\fIc\fP the cipher to clean up. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "unsigned long EVP_CIPHER_CTX_flags (const EVP_CIPHER_CTX * ctx)" +.PP +Get the flags for an EVP_CIPHER_CTX context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to get the flags from +.RE +.PP +\fBReturns:\fP +.RS 4 +the flags for an EVP_CIPHER_CTX. +.RE +.PP + +.SS "void* EVP_CIPHER_CTX_get_app_data (EVP_CIPHER_CTX * ctx)" +.PP +Get the app data for an EVP_CIPHER_CTX context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to get the app data from +.RE +.PP +\fBReturns:\fP +.RS 4 +the app data for an EVP_CIPHER_CTX. +.RE +.PP + +.SS "void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX * c)" +.PP +Initiate a EVP_CIPHER_CTX context. Clean up with \fBEVP_CIPHER_CTX_cleanup()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIc\fP the cipher initiate. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "size_t EVP_CIPHER_CTX_iv_length (const EVP_CIPHER_CTX * ctx)" +.PP +Return the IV size of the cipher context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP cipher context to get the IV size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the IV size of the cipher context. +.RE +.PP + +.SS "size_t EVP_CIPHER_CTX_key_length (const EVP_CIPHER_CTX * ctx)" +.PP +Return the key size of the cipher context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP cipher context to get the key size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the key size of the cipher context. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_mode (const EVP_CIPHER_CTX * ctx)" +.PP +Get the mode for an EVP_CIPHER_CTX context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to get the mode from +.RE +.PP +\fBReturns:\fP +.RS 4 +the mode for an EVP_CIPHER_CTX. +.RE +.PP + +.SS "void EVP_CIPHER_CTX_set_app_data (EVP_CIPHER_CTX * ctx, void * data)" +.PP +Set the app data for an EVP_CIPHER_CTX context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the EVP_CIPHER_CTX to set the app data for +.br +\fIdata\fP the app data to set for an EVP_CIPHER_CTX. +.RE +.PP + +.SS "int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX * c, int length)" +.PP +If the cipher type supports it, change the key length +.PP +\fBParameters:\fP +.RS 4 +\fIc\fP the cipher context to change the key length for +.br +\fIlength\fP new key length +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "size_t EVP_CIPHER_iv_length (const EVP_CIPHER * c)" +.PP +Return the IV size of the cipher. +.PP +\fBParameters:\fP +.RS 4 +\fIc\fP cipher to get the IV size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the IV size of the cipher. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "size_t EVP_CIPHER_key_length (const EVP_CIPHER * c)" +.PP +Return the key size of the cipher. +.PP +\fBParameters:\fP +.RS 4 +\fIc\fP cipher to get the key size from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the key size of the cipher. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "int EVP_CipherFinal_ex (EVP_CIPHER_CTX * ctx, void * out, int * outlen)" +.PP +Encipher/decipher final data +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the cipher context. +.br +\fIout\fP output data from the operation. +.br +\fIoutlen\fP output length +.RE +.PP +The input length needs to be at least \fBEVP_CIPHER_block_size()\fP bytes long. +.PP +See \fBEVP Cipher\fP for an example how to use this function. +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "int EVP_CipherInit_ex (EVP_CIPHER_CTX * ctx, const EVP_CIPHER * c, ENGINE * engine, const void * key, const void * iv, int encp)" +.PP +Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. Clean up with \fBEVP_CIPHER_CTX_cleanup()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP context to initiate +.br +\fIc\fP cipher to use. +.br +\fIengine\fP crypto engine to use, NULL to select default. +.br +\fIkey\fP the crypto key to use, NULL will use the previous value. +.br +\fIiv\fP the IV to use, NULL will use the previous value. +.br +\fIencp\fP non zero will encrypt, -1 use the previous value. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "int EVP_CipherUpdate (EVP_CIPHER_CTX * ctx, void * out, int * outlen, void * in, size_t inlen)" +.PP +Encipher/decipher partial data +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the cipher context. +.br +\fIout\fP output data from the operation. +.br +\fIoutlen\fP output length +.br +\fIin\fP input data to the operation. +.br +\fIinlen\fP length of data. +.RE +.PP +The output buffer length should at least be \fBEVP_CIPHER_block_size()\fP byte longer then the input length. +.PP +See \fBEVP Cipher\fP for an example how to use this function. +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.PP +If there in no spare bytes in the left from last Update and the input length is on the block boundery, the \fBEVP_CipherUpdate()\fP function can take a shortcut (and preformance gain) and directly encrypt the data, otherwise we hav to fix it up and store extra it the EVP_CIPHER_CTX. +.PP +\fBExamples: \fP +.in +1c +\fBexample_evp_cipher.c\fP. +.SS "const EVP_CIPHER* EVP_des_cbc (void)" +.PP +The DES cipher type +.PP +\fBReturns:\fP +.RS 4 +the DES-CBC EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_des_ede3_cbc (void)" +.PP +The tripple DES cipher type +.PP +\fBReturns:\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer. +.RE +.PP + +.SS "int EVP_Digest (const void * data, size_t dsize, void * hash, unsigned int * hsize, const EVP_MD * md, ENGINE * engine)" +.PP +Do the whole \fBEVP_MD_CTX_create()\fP, \fBEVP_DigestInit_ex()\fP, \fBEVP_DigestUpdate()\fP, \fBEVP_DigestFinal_ex()\fP, \fBEVP_MD_CTX_destroy()\fP dance in one call. +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP the data to update the context with +.br +\fIdsize\fP length of data +.br +\fIhash\fP output data of at least \fBEVP_MD_size()\fP length. +.br +\fIhsize\fP output length of hash. +.br +\fImd\fP message digest to use +.br +\fIengine\fP engine to use, NULL for default engine. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int EVP_DigestFinal_ex (EVP_MD_CTX * ctx, void * hash, unsigned int * size)" +.PP +Complete the message digest. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to complete. +.br +\fIhash\fP the output of the message digest function. At least \fBEVP_MD_size()\fP. +.br +\fIsize\fP the output size of hash. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int EVP_DigestInit_ex (EVP_MD_CTX * ctx, const EVP_MD * md, ENGINE * engine)" +.PP +Init a EVP_MD_CTX for use a specific message digest and engine. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the message digest context to init. +.br +\fImd\fP the message digest to use. +.br +\fIengine\fP the engine to use, NULL to use the default engine. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int EVP_DigestUpdate (EVP_MD_CTX * ctx, const void * data, size_t size)" +.PP +Update the digest with some data. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to update +.br +\fIdata\fP the data to update the context with +.br +\fIsize\fP length of data +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_enc_null (void)" +.PP +The NULL cipher type, does no encryption/decryption. +.PP +\fBReturns:\fP +.RS 4 +the null EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_get_cipherbyname (const char * name)" +.PP +Get the cipher type using their name. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP the name of the cipher. +.RE +.PP +\fBReturns:\fP +.RS 4 +the selected EVP_CIPHER pointer or NULL if not found. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_128_cbc (void)" +.PP +The AES-128 cipher type (hcrypto) +.PP +\fBReturns:\fP +.RS 4 +the AES-128 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_128_cfb8 (void)" +.PP +The AES-128 CFB8 cipher type (hcrypto) +.PP +\fBReturns:\fP +.RS 4 +the AES-128 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_192_cbc (void)" +.PP +The AES-192 cipher type (hcrypto) +.PP +\fBReturns:\fP +.RS 4 +the AES-192 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_192_cfb8 (void)" +.PP +The AES-192 CFB8 cipher type (hcrypto) +.PP +\fBReturns:\fP +.RS 4 +the AES-192 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_256_cbc (void)" +.PP +The AES-256 cipher type (hcrypto) +.PP +\fBReturns:\fP +.RS 4 +the AES-256 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_aes_256_cfb8 (void)" +.PP +The AES-256 CFB8 cipher type (hcrypto) +.PP +\fBReturns:\fP +.RS 4 +the AES-256 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_camellia_128_cbc (void)" +.PP +The Camellia-128 cipher type - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the Camellia-128 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_camellia_192_cbc (void)" +.PP +The Camellia-198 cipher type - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the Camellia-198 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_camellia_256_cbc (void)" +.PP +The Camellia-256 cipher type - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the Camellia-256 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_des_cbc (void)" +.PP +The DES cipher type +.PP +\fBReturns:\fP +.RS 4 +the DES-CBC EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_des_ede3_cbc (void)" +.PP +The tripple DES cipher type - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_md2 (void)" +.PP +The message digest MD2 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_md4 (void)" +.PP +The message digest MD4 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_md5 (void)" +.PP +The message digest MD5 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_rc2_40_cbc (void)" +.PP +The RC2-40 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC2-40 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_rc2_64_cbc (void)" +.PP +The RC2-64 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC2-64 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_hcrypto_rc2_cbc (void)" +.PP +The RC2 cipher type - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the RC2 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha1 (void)" +.PP +The message digest SHA1 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha256 (void)" +.PP +The message digest SHA256 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha384 (void)" +.PP +The message digest SHA384 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_hcrypto_sha512 (void)" +.PP +The message digest SHA512 - hcrypto +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_md2 (void)" +.PP +The message digest MD2 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_md4 (void)" +.PP +The message digest MD4 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_md5 (void)" +.PP +The message digest MD5 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "size_t EVP_MD_block_size (const EVP_MD * md)" +.PP +Return the blocksize of the message digest function. +.PP +\fBParameters:\fP +.RS 4 +\fImd\fP the evp message +.RE +.PP +\fBReturns:\fP +.RS 4 +size size of the message digest block size +.RE +.PP + +.SS "size_t EVP_MD_CTX_block_size (EVP_MD_CTX * ctx)" +.PP +Return the blocksize of the message digest function. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the evp message digest context +.RE +.PP +\fBReturns:\fP +.RS 4 +size size of the message digest block size +.RE +.PP + +.SS "int EVP_MD_CTX_cleanup (EVP_MD_CTX * ctx)" +.PP +Free the resources used by the EVP_MD context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to free the resources from. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "EVP_MD_CTX* EVP_MD_CTX_create (void)" +.PP +Allocate a messsage digest context object. Free with \fBEVP_MD_CTX_destroy()\fP. +.PP +\fBReturns:\fP +.RS 4 +a newly allocated message digest context object. +.RE +.PP + +.SS "void EVP_MD_CTX_destroy (EVP_MD_CTX * ctx)" +.PP +Free a messsage digest context object. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP context to free. +.RE +.PP + +.SS "void EVP_MD_CTX_init (EVP_MD_CTX * ctx)" +.PP +Initiate a messsage digest context object. Deallocate with \fBEVP_MD_CTX_cleanup()\fP. Please use \fBEVP_MD_CTX_create()\fP instead. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP variable to initiate. +.RE +.PP + +.SS "const EVP_MD* EVP_MD_CTX_md (EVP_MD_CTX * ctx)" +.PP +Get the EVP_MD use for a specified context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the EVP_MD context to get the EVP_MD for. +.RE +.PP +\fBReturns:\fP +.RS 4 +the EVP_MD used for the context. +.RE +.PP + +.SS "size_t EVP_MD_CTX_size (EVP_MD_CTX * ctx)" +.PP +Return the output size of the message digest function. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the evp message digest context +.RE +.PP +\fBReturns:\fP +.RS 4 +size output size of the message digest function. +.RE +.PP + +.SS "const EVP_MD* EVP_md_null (void)" +.PP +The null message digest +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "size_t EVP_MD_size (const EVP_MD * md)" +.PP +Return the output size of the message digest function. +.PP +\fBParameters:\fP +.RS 4 +\fImd\fP the evp message +.RE +.PP +\fBReturns:\fP +.RS 4 +size output size of the message digest function. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc2_40_cbc (void)" +.PP +The RC2 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC2 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc2_64_cbc (void)" +.PP +The RC2 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC2 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc2_cbc (void)" +.PP +The RC2 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC2 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc4 (void)" +.PP +The RC4 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC4 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_rc4_40 (void)" +.PP +The RC4-40 cipher type +.PP +\fBReturns:\fP +.RS 4 +the RC4-40 EVP_CIPHER pointer. +.RE +.PP + +.SS "const EVP_MD* EVP_sha (void)" +.PP +The message digest SHA1 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_sha1 (void)" +.PP +The message digest SHA1 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_sha256 (void)" +.PP +The message digest SHA256 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_sha384 (void)" +.PP +The message digest SHA384 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_MD* EVP_sha512 (void)" +.PP +The message digest SHA512 +.PP +\fBReturns:\fP +.RS 4 +the message digest type. +.RE +.PP + +.SS "const EVP_CIPHER* EVP_wincrypt_des_ede3_cbc (void)" +.PP +The tripple DES cipher type (Micrsoft crypt provider) +.PP +\fBReturns:\fP +.RS 4 +the DES-EDE3-CBC EVP_CIPHER pointer. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_misc.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_misc.3 new file mode 100644 index 00000000000..c5ac3e3dbed --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_misc.3 @@ -0,0 +1,44 @@ +.TH "hcrypto miscellaneous functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hcrypto miscellaneous functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBPKCS5_PBKDF2_HMAC_SHA1\fP (const void *password, size_t password_len, const void *salt, size_t salt_len, unsigned long iter, size_t keylen, void *key)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int PKCS5_PBKDF2_HMAC_SHA1 (const void * password, size_t password_len, const void * salt, size_t salt_len, unsigned long iter, size_t keylen, void * key)" +.PP +As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key. +.PP +\fBParameters:\fP +.RS 4 +\fIpassword\fP Password. +.br +\fIpassword_len\fP Length of password. +.br +\fIsalt\fP Salt +.br +\fIsalt_len\fP Length of salt. +.br +\fIiter\fP iteration counter. +.br +\fIkeylen\fP the output key length. +.br +\fIkey\fP the output key. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success, non 1 on failure. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_rand.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_rand.3 new file mode 100644 index 00000000000..8f416bd8da9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_rand.3 @@ -0,0 +1,200 @@ +.TH "RAND crypto functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +RAND crypto functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBRAND_seed\fP (const void *indata, size_t size)" +.br +.ti -1c +.RI "int \fBRAND_bytes\fP (void *outdata, size_t size)" +.br +.ti -1c +.RI "void \fBRAND_cleanup\fP (void)" +.br +.ti -1c +.RI "void \fBRAND_add\fP (const void *indata, size_t size, double entropi)" +.br +.ti -1c +.RI "int \fBRAND_pseudo_bytes\fP (void *outdata, size_t size)" +.br +.ti -1c +.RI "int \fBRAND_status\fP (void)" +.br +.ti -1c +.RI "int \fBRAND_set_rand_method\fP (const RAND_METHOD *meth)" +.br +.ti -1c +.RI "const RAND_METHOD * \fBRAND_get_rand_method\fP (void)" +.br +.ti -1c +.RI "int \fBRAND_set_rand_engine\fP (ENGINE *engine)" +.br +.ti -1c +.RI "int \fBRAND_load_file\fP (const char *filename, size_t size)" +.br +.ti -1c +.RI "int \fBRAND_write_file\fP (const char *filename)" +.br +.ti -1c +.RI "const char * \fBRAND_file_name\fP (char *filename, size_t size)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRAND - random number\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "void RAND_add (const void * indata, size_t size, double entropi)" +.PP +Seed that random number generator. Secret material can securely be feed into the function, they will never be returned. +.PP +\fBParameters:\fP +.RS 4 +\fIindata\fP the input data. +.br +\fIsize\fP size of in data. +.br +\fIentropi\fP entropi in data. +.RE +.PP + +.SS "int RAND_bytes (void * outdata, size_t size)" +.PP +Get a random block from the random generator, can be used for key material. +.PP +\fBParameters:\fP +.RS 4 +\fIoutdata\fP random data +.br +\fIsize\fP length random data +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success, 0 on failure. +.RE +.PP + +.SS "void RAND_cleanup (void)" +.PP +Reset and free memory used by the random generator. +.SS "const char* RAND_file_name (char * filename, size_t size)" +.PP +Return the default random state filename for a user to use for \fBRAND_load_file()\fP, and \fBRAND_write_file()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIfilename\fP buffer to hold file name. +.br +\fIsize\fP size of buffer filename. +.RE +.PP +\fBReturns:\fP +.RS 4 +the buffer filename or NULL on failure. +.RE +.PP + +.SS "const RAND_METHOD* RAND_get_rand_method (void)" +.PP +Get the default random method. +.SS "int RAND_load_file (const char * filename, size_t size)" +.PP +Load a a file and feed it into \fBRAND_seed()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIfilename\fP name of file to read. +.br +\fIsize\fP minimum size to read. +.RE +.PP + +.SS "int RAND_pseudo_bytes (void * outdata, size_t size)" +.PP +Get a random block from the random generator, should NOT be used for key material. +.PP +\fBParameters:\fP +.RS 4 +\fIoutdata\fP random data +.br +\fIsize\fP length random data +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success, 0 on failure. +.RE +.PP + +.SS "void RAND_seed (const void * indata, size_t size)" +.PP +Seed that random number generator. Secret material can securely be feed into the function, they will never be returned. +.PP +\fBParameters:\fP +.RS 4 +\fIindata\fP seed data +.br +\fIsize\fP length seed data +.RE +.PP + +.SS "int RAND_set_rand_engine (ENGINE * engine)" +.PP +Set the default random method from engine. +.PP +\fBParameters:\fP +.RS 4 +\fIengine\fP use engine, if NULL is passed it, old method and engine is cleared. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success, 0 on failure. +.RE +.PP + +.SS "int RAND_set_rand_method (const RAND_METHOD * meth)" +.PP +Set the default random method. +.PP +\fBParameters:\fP +.RS 4 +\fImeth\fP set the new default method. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int RAND_status (void)" +.PP +Return status of the random generator +.PP +\fBReturns:\fP +.RS 4 +1 if the random generator can deliver random data. +.RE +.PP + +.SS "int RAND_write_file (const char * filename)" +.PP +Write of random numbers to a file to store for later initiation with \fBRAND_load_file()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIfilename\fP name of file to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success and non-one on failure. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_rsa.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_rsa.3 new file mode 100644 index 00000000000..2f4e6bc5262 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/hcrypto_rsa.3 @@ -0,0 +1,152 @@ +.TH "RSA functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +RSA functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "RSA * \fBRSA_new\fP (void)" +.br +.ti -1c +.RI "RSA * \fBRSA_new_method\fP (ENGINE *engine)" +.br +.ti -1c +.RI "void \fBRSA_free\fP (RSA *rsa)" +.br +.ti -1c +.RI "int \fBRSA_up_ref\fP (RSA *rsa)" +.br +.ti -1c +.RI "const RSA_METHOD * \fBRSA_get_method\fP (const RSA *rsa)" +.br +.ti -1c +.RI "int \fBRSA_set_method\fP (RSA *rsa, const RSA_METHOD *method)" +.br +.ti -1c +.RI "int \fBRSA_set_app_data\fP (RSA *rsa, void *arg)" +.br +.ti -1c +.RI "void * \fBRSA_get_app_data\fP (const RSA *rsa)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRSA - public-key cryptography\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "void RSA_free (RSA * rsa)" +.PP +Free an allocation RSA object. +.PP +\fBParameters:\fP +.RS 4 +\fIrsa\fP the RSA object to free. +.RE +.PP + +.SS "void* RSA_get_app_data (const RSA * rsa)" +.PP +Get the application data for the RSA object. +.PP +\fBParameters:\fP +.RS 4 +\fIrsa\fP the rsa object to get the parameter for +.RE +.PP +\fBReturns:\fP +.RS 4 +the data object +.RE +.PP + +.SS "const RSA_METHOD* RSA_get_method (const RSA * rsa)" +.PP +Return the RSA_METHOD used for this RSA object. +.PP +\fBParameters:\fP +.RS 4 +\fIrsa\fP the object to get the method from. +.RE +.PP +\fBReturns:\fP +.RS 4 +the method used for this RSA object. +.RE +.PP + +.SS "RSA* RSA_new (void)" +.PP +Same as \fBRSA_new_method()\fP using NULL as engine. +.PP +\fBReturns:\fP +.RS 4 +a newly allocated RSA object. Free with \fBRSA_free()\fP. +.RE +.PP + +.SS "RSA* RSA_new_method (ENGINE * engine)" +.PP +Allocate a new RSA object using the engine, if NULL is specified as the engine, use the default RSA engine as returned by ENGINE_get_default_RSA(). +.PP +\fBParameters:\fP +.RS 4 +\fIengine\fP Specific what ENGINE RSA provider should be used. +.RE +.PP +\fBReturns:\fP +.RS 4 +a newly allocated RSA object. Free with \fBRSA_free()\fP. +.RE +.PP + +.SS "int RSA_set_app_data (RSA * rsa, void * arg)" +.PP +Set the application data for the RSA object. +.PP +\fBParameters:\fP +.RS 4 +\fIrsa\fP the rsa object to set the parameter for +.br +\fIarg\fP the data object to store +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int RSA_set_method (RSA * rsa, const RSA_METHOD * method)" +.PP +Set a new method for the RSA keypair. +.PP +\fBParameters:\fP +.RS 4 +\fIrsa\fP rsa parameter. +.br +\fImethod\fP the new method for the RSA parameter. +.RE +.PP +\fBReturns:\fP +.RS 4 +1 on success. +.RE +.PP + +.SS "int RSA_up_ref (RSA * rsa)" +.PP +Add an extra reference to the RSA object. The object should be free with \fBRSA_free()\fP to drop the reference. +.PP +\fBParameters:\fP +.RS 4 +\fIrsa\fP the object to add reference counting too. +.RE +.PP +\fBReturns:\fP +.RS 4 +the current reference count, can't safely be used except for debug printing. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_des.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_des.3 new file mode 100644 index 00000000000..7e2668e3455 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_des.3 @@ -0,0 +1,35 @@ +.TH "page_des" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_des \- DES - Data Encryption Standard crypto interface +See the library functions here: \fBDES crypto functions\fP +.PP +DES was created by IBM, modififed by NSA and then adopted by NBS (now NIST) and published ad FIPS PUB 46 (updated by FIPS 46-1). +.PP +Since the 19th May 2005 DES was withdrawn by NIST and should no longer be used. See \fBEVP - generic crypto interface\fP for replacement encryption algorithms and interfaces. +.PP +Read more the iteresting history of DES on Wikipedia http://www.wikipedia.org/wiki/Data_Encryption_Standard . +.SH "DES key generation" +.PP +To generate a DES key safely you have to use the code-snippet below. This is because the \fBDES_random_key()\fP can fail with an abort() in case of and failure to start the random generator. +.PP +There is a replacement function \fBDES_new_random_key()\fP, however that function does not exists in OpenSSL. +.PP +.PP +.nf + DES_cblock key; + do { + if (RAND_rand(&key, sizeof(key)) != 1) + goto failure; + DES_set_odd_parity(key); + } while (DES_is_weak_key(&key)); +.fi +.PP +.SH "DES implementation history" +.PP +There was no complete BSD licensed, fast, GPL compatible implementation of DES, so Love wrote the part that was missing, fast key schedule setup and adapted the interface to the orignal libdes. +.PP +The document that got me started for real was 'Efficient Implementation of the Data Encryption Standard' by Dag Arne Osvik. I never got to the PC1 transformation was working, instead I used table-lookup was used for all key schedule setup. The document was very useful since it de-mystified other implementations for me. +.PP +The core DES function (SBOX + P transformation) is from Richard Outerbridge public domain DES implementation. My sanity is saved thanks to his work. Thank you Richard. diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_dh.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_dh.3 new file mode 100644 index 00000000000..d2d5abfa257 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_dh.3 @@ -0,0 +1,10 @@ +.TH "page_dh" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_dh \- DH - Diffie-Hellman key exchange +Diffie-Hellman key exchange is a protocol that allows two parties to establish a shared secret key. +.PP +Include and example how to use \fBDH_new()\fP and friends here. +.PP +See the library functions here: \fBDiffie-Hellman functions\fP diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_evp.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_evp.3 new file mode 100644 index 00000000000..60f8caa026e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_evp.3 @@ -0,0 +1,9 @@ +.TH "page_evp" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_evp \- EVP - generic crypto interface +See the library functions here: \fBEVP generic crypto functions\fP +.SH "EVP Cipher" +.PP +The use of \fBEVP_CipherInit_ex()\fP and EVP_Cipher() is pretty easy to understand forward, then \fBEVP_CipherUpdate()\fP and \fBEVP_CipherFinal_ex()\fP really needs an example to explain \fBexample_evp_cipher::c\fP . diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_rand.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_rand.3 new file mode 100644 index 00000000000..b0d532badbb --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_rand.3 @@ -0,0 +1,6 @@ +.TH "page_rand" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_rand \- RAND - random number +See the library functions here: \fBRAND crypto functions\fP diff --git a/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_rsa.3 b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_rsa.3 new file mode 100644 index 00000000000..cc45260da58 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/man/man3/page_rsa.3 @@ -0,0 +1,12 @@ +.TH "page_rsa" 3 "30 Sep 2011" "Version 1.5.1" "Heimdal crypto library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_rsa \- RSA - public-key cryptography +RSA is named by its inventors (Ron Rivest, Adi Shamir, and Leonard Adleman) (published in 1977), patented expired in 21 September 2000. +.PP +Speed for RSA in seconds no key blinding 1000 iteration, same rsa keys (1024 and 2048) operation performed each eteration sign, verify, encrypt, decrypt on a random bit pattern +.PP +name 1024 2048 4098 ================================= gmp: 0.73 6.60 44.80 tfm: 2.45 -- -- ltm: 3.79 20.74 105.41 (default in hcrypto) openssl: 4.04 11.90 82.59 cdsa: 15.89 102.89 721.40 imath: 40.62 -- -- +.PP +See the library functions here: \fBRSA functions\fP diff --git a/crypto/heimdal/doc/doxyout/hcrypto/manpages b/crypto/heimdal/doc/doxyout/hcrypto/manpages new file mode 100644 index 00000000000..fbd13d0ec2a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hcrypto/manpages @@ -0,0 +1,153 @@ +hcrypto/man/man3/DES_cbc_cksum.3 +hcrypto/man/man3/DES_cbc_encrypt.3 +hcrypto/man/man3/DES_cfb64_encrypt.3 +hcrypto/man/man3/DES_check_key_parity.3 +hcrypto/man/man3/DES_ecb3_encrypt.3 +hcrypto/man/man3/DES_ecb_encrypt.3 +hcrypto/man/man3/DES_ede3_cbc_encrypt.3 +hcrypto/man/man3/DES_encrypt.3 +hcrypto/man/man3/DES_init_random_number_generator.3 +hcrypto/man/man3/DES_is_weak_key.3 +hcrypto/man/man3/DES_key_sched.3 +hcrypto/man/man3/DES_new_random_key.3 +hcrypto/man/man3/DES_pcbc_encrypt.3 +hcrypto/man/man3/DES_random_key.3 +hcrypto/man/man3/DES_set_key.3 +hcrypto/man/man3/DES_set_key_checked.3 +hcrypto/man/man3/DES_set_key_unchecked.3 +hcrypto/man/man3/DES_set_odd_parity.3 +hcrypto/man/man3/DES_string_to_key.3 +hcrypto/man/man3/DH_check_pubkey.3 +hcrypto/man/man3/DH_compute_key.3 +hcrypto/man/man3/DH_free.3 +hcrypto/man/man3/DH_generate_key.3 +hcrypto/man/man3/DH_generate_parameters_ex.3 +hcrypto/man/man3/DH_get_default_method.3 +hcrypto/man/man3/DH_get_ex_data.3 +hcrypto/man/man3/DH_ltm_method.3 +hcrypto/man/man3/DH_new.3 +hcrypto/man/man3/DH_new_method.3 +hcrypto/man/man3/DH_null_method.3 +hcrypto/man/man3/DH_set_default_method.3 +hcrypto/man/man3/DH_set_ex_data.3 +hcrypto/man/man3/DH_set_method.3 +hcrypto/man/man3/DH_size.3 +hcrypto/man/man3/DH_up_ref.3 +hcrypto/man/man3/EVP_aes_128_cbc.3 +hcrypto/man/man3/EVP_aes_128_cfb8.3 +hcrypto/man/man3/EVP_aes_192_cbc.3 +hcrypto/man/man3/EVP_aes_192_cfb8.3 +hcrypto/man/man3/EVP_aes_256_cbc.3 +hcrypto/man/man3/EVP_aes_256_cfb8.3 +hcrypto/man/man3/EVP_BytesToKey.3 +hcrypto/man/man3/EVP_camellia_128_cbc.3 +hcrypto/man/man3/EVP_camellia_192_cbc.3 +hcrypto/man/man3/EVP_camellia_256_cbc.3 +hcrypto/man/man3/EVP_CIPHER_block_size.3 +hcrypto/man/man3/EVP_CIPHER_CTX_block_size.3 +hcrypto/man/man3/EVP_CIPHER_CTX_cipher.3 +hcrypto/man/man3/EVP_CIPHER_CTX_cleanup.3 +hcrypto/man/man3/EVP_CIPHER_CTX_ctrl.3 +hcrypto/man/man3/EVP_CIPHER_CTX_flags.3 +hcrypto/man/man3/EVP_CIPHER_CTX_get_app_data.3 +hcrypto/man/man3/EVP_CIPHER_CTX_init.3 +hcrypto/man/man3/EVP_CIPHER_CTX_iv_length.3 +hcrypto/man/man3/EVP_CIPHER_CTX_key_length.3 +hcrypto/man/man3/EVP_CIPHER_CTX_mode.3 +hcrypto/man/man3/EVP_CIPHER_CTX_rand_key.3 +hcrypto/man/man3/EVP_CIPHER_CTX_set_app_data.3 +hcrypto/man/man3/EVP_CIPHER_CTX_set_key_length.3 +hcrypto/man/man3/EVP_CIPHER_iv_length.3 +hcrypto/man/man3/EVP_CIPHER_key_length.3 +hcrypto/man/man3/EVP_CipherFinal_ex.3 +hcrypto/man/man3/EVP_CipherInit_ex.3 +hcrypto/man/man3/EVP_CipherUpdate.3 +hcrypto/man/man3/EVP_des_cbc.3 +hcrypto/man/man3/EVP_des_ede3_cbc.3 +hcrypto/man/man3/EVP_Digest.3 +hcrypto/man/man3/EVP_DigestFinal_ex.3 +hcrypto/man/man3/EVP_DigestInit_ex.3 +hcrypto/man/man3/EVP_DigestUpdate.3 +hcrypto/man/man3/EVP_enc_null.3 +hcrypto/man/man3/EVP_get_cipherbyname.3 +hcrypto/man/man3/EVP_hcrypto_aes_128_cbc.3 +hcrypto/man/man3/EVP_hcrypto_aes_128_cfb8.3 +hcrypto/man/man3/EVP_hcrypto_aes_192_cbc.3 +hcrypto/man/man3/EVP_hcrypto_aes_192_cfb8.3 +hcrypto/man/man3/EVP_hcrypto_aes_256_cbc.3 +hcrypto/man/man3/EVP_hcrypto_aes_256_cfb8.3 +hcrypto/man/man3/EVP_hcrypto_camellia_128_cbc.3 +hcrypto/man/man3/EVP_hcrypto_camellia_192_cbc.3 +hcrypto/man/man3/EVP_hcrypto_camellia_256_cbc.3 +hcrypto/man/man3/EVP_hcrypto_des_cbc.3 +hcrypto/man/man3/EVP_hcrypto_des_ede3_cbc.3 +hcrypto/man/man3/EVP_hcrypto_md2.3 +hcrypto/man/man3/EVP_hcrypto_md4.3 +hcrypto/man/man3/EVP_hcrypto_md5.3 +hcrypto/man/man3/EVP_hcrypto_rc2_40_cbc.3 +hcrypto/man/man3/EVP_hcrypto_rc2_64_cbc.3 +hcrypto/man/man3/EVP_hcrypto_rc2_cbc.3 +hcrypto/man/man3/EVP_hcrypto_sha1.3 +hcrypto/man/man3/EVP_hcrypto_sha256.3 +hcrypto/man/man3/EVP_hcrypto_sha384.3 +hcrypto/man/man3/EVP_hcrypto_sha512.3 +hcrypto/man/man3/EVP_md2.3 +hcrypto/man/man3/EVP_md4.3 +hcrypto/man/man3/EVP_md5.3 +hcrypto/man/man3/EVP_MD_block_size.3 +hcrypto/man/man3/EVP_MD_CTX_block_size.3 +hcrypto/man/man3/EVP_MD_CTX_cleanup.3 +hcrypto/man/man3/EVP_MD_CTX_create.3 +hcrypto/man/man3/EVP_MD_CTX_destroy.3 +hcrypto/man/man3/EVP_MD_CTX_init.3 +hcrypto/man/man3/EVP_MD_CTX_md.3 +hcrypto/man/man3/EVP_MD_CTX_size.3 +hcrypto/man/man3/EVP_md_null.3 +hcrypto/man/man3/EVP_MD_size.3 +hcrypto/man/man3/EVP_rc2_40_cbc.3 +hcrypto/man/man3/EVP_rc2_64_cbc.3 +hcrypto/man/man3/EVP_rc2_cbc.3 +hcrypto/man/man3/EVP_rc4.3 +hcrypto/man/man3/EVP_rc4_40.3 +hcrypto/man/man3/EVP_sha.3 +hcrypto/man/man3/EVP_sha1.3 +hcrypto/man/man3/EVP_sha256.3 +hcrypto/man/man3/EVP_sha384.3 +hcrypto/man/man3/EVP_sha512.3 +hcrypto/man/man3/EVP_wincrypt_des_ede3_cbc.3 +hcrypto/man/man3/hcrypto_core.3 +hcrypto/man/man3/hcrypto_des.3 +hcrypto/man/man3/hcrypto_dh.3 +hcrypto/man/man3/hcrypto_evp.3 +hcrypto/man/man3/hcrypto_misc.3 +hcrypto/man/man3/hcrypto_rand.3 +hcrypto/man/man3/hcrypto_rsa.3 +hcrypto/man/man3/OpenSSL_add_all_algorithms.3 +hcrypto/man/man3/OpenSSL_add_all_algorithms_conf.3 +hcrypto/man/man3/OpenSSL_add_all_algorithms_noconf.3 +hcrypto/man/man3/page_des.3 +hcrypto/man/man3/page_dh.3 +hcrypto/man/man3/page_evp.3 +hcrypto/man/man3/page_rand.3 +hcrypto/man/man3/page_rsa.3 +hcrypto/man/man3/PKCS5_PBKDF2_HMAC_SHA1.3 +hcrypto/man/man3/RAND_add.3 +hcrypto/man/man3/RAND_bytes.3 +hcrypto/man/man3/RAND_cleanup.3 +hcrypto/man/man3/RAND_file_name.3 +hcrypto/man/man3/RAND_get_rand_method.3 +hcrypto/man/man3/RAND_load_file.3 +hcrypto/man/man3/RAND_pseudo_bytes.3 +hcrypto/man/man3/RAND_seed.3 +hcrypto/man/man3/RAND_set_rand_engine.3 +hcrypto/man/man3/RAND_set_rand_method.3 +hcrypto/man/man3/RAND_status.3 +hcrypto/man/man3/RAND_write_file.3 +hcrypto/man/man3/RSA_free.3 +hcrypto/man/man3/RSA_get_app_data.3 +hcrypto/man/man3/RSA_get_method.3 +hcrypto/man/man3/RSA_new.3 +hcrypto/man/man3/RSA_new_method.3 +hcrypto/man/man3/RSA_set_app_data.3 +hcrypto/man/man3/RSA_set_method.3 +hcrypto/man/man3/RSA_up_ref.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/html/annotated.html b/crypto/heimdal/doc/doxyout/hdb/html/annotated.html new file mode 100644 index 00000000000..bc8f0091946 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/annotated.html @@ -0,0 +1,35 @@ + + +Heimdalhdblibrary: Data Structures + + + +

+keyhole logo +

+ + + +
+

Data Structures

Here are the data structures with brief descriptions: + + +
HDB
hdb_entry_ex
+
+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/doxygen.css b/crypto/heimdal/doc/doxyout/hdb/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/doxygen.png b/crypto/heimdal/doc/doxyout/hdb/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hdb/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/hdb/html/functions.html b/crypto/heimdal/doc/doxyout/hdb/html/functions.html new file mode 100644 index 00000000000..3995651fc23 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/functions.html @@ -0,0 +1,85 @@ + + +Heimdalhdblibrary: Data Fields + + + +

+keyhole logo +

+ + + +
+Here is a list of all documented struct and union fields with links to the struct/union documentation for each field: +

+

    +
  • hdb__del +: HDB +
  • hdb__get +: HDB +
  • hdb__put +: HDB +
  • hdb_auth_status +: HDB +
  • hdb_check_constrained_delegation +: HDB +
  • hdb_check_pkinit_ms_upn_match +: HDB +
  • hdb_check_s4u2self +: HDB +
  • hdb_close +: HDB +
  • hdb_destroy +: HDB +
  • hdb_fetch_kvno +: HDB +
  • hdb_firstkey +: HDB +
  • hdb_free +: HDB +
  • hdb_get_realms +: HDB +
  • hdb_lock +: HDB +
  • hdb_name +: HDB +
  • hdb_nextkey +: HDB +
  • hdb_open +: HDB +
  • hdb_password +: HDB +
  • hdb_remove +: HDB +
  • hdb_rename +: HDB +
  • hdb_store +: HDB +
  • hdb_unlock +: HDB +
+
+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/functions_vars.html b/crypto/heimdal/doc/doxyout/hdb/html/functions_vars.html new file mode 100644 index 00000000000..a2b468580b0 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/functions_vars.html @@ -0,0 +1,85 @@ + + +Heimdalhdblibrary: Data Fields - Variables + + + +

+keyhole logo +

+ + + +
+  +

+

    +
  • hdb__del +: HDB +
  • hdb__get +: HDB +
  • hdb__put +: HDB +
  • hdb_auth_status +: HDB +
  • hdb_check_constrained_delegation +: HDB +
  • hdb_check_pkinit_ms_upn_match +: HDB +
  • hdb_check_s4u2self +: HDB +
  • hdb_close +: HDB +
  • hdb_destroy +: HDB +
  • hdb_fetch_kvno +: HDB +
  • hdb_firstkey +: HDB +
  • hdb_free +: HDB +
  • hdb_get_realms +: HDB +
  • hdb_lock +: HDB +
  • hdb_name +: HDB +
  • hdb_nextkey +: HDB +
  • hdb_open +: HDB +
  • hdb_password +: HDB +
  • hdb_remove +: HDB +
  • hdb_rename +: HDB +
  • hdb_store +: HDB +
  • hdb_unlock +: HDB +
+
+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.html b/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.html new file mode 100644 index 00000000000..77afc215ccc --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.html @@ -0,0 +1,87 @@ + + +Heimdalhdblibrary: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.png b/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hdb/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/hdb/html/index.html b/crypto/heimdal/doc/doxyout/hdb/html/index.html new file mode 100644 index 00000000000..694667a74ab --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/index.html @@ -0,0 +1,33 @@ + + +Heimdalhdblibrary: Heimdal database backend library + + + +

+keyhole logo +

+ + + +
+

Heimdal database backend library

+

+

1.5.1

+Introduction

+Heimdal libhdb library provides the backend support for Heimdal kdc and kadmind. Its here where plugins for diffrent database engines can be pluged in and extend support for here Heimdal get the principal and policy data from.

+Example of Heimdal backend are:

    +
  • Berkeley DB 1.85
  • Berkeley DB 3.0
  • Berkeley DB 4.0
  • New Berkeley DB
  • LDAP
+

+The project web page: http://www.h5l.org/

+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/struct_h_d_b.html b/crypto/heimdal/doc/doxyout/hdb/html/struct_h_d_b.html new file mode 100644 index 00000000000..3768113bb50 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/struct_h_d_b.html @@ -0,0 +1,430 @@ + + +Heimdalhdblibrary: HDB Struct Reference + + + +

+keyhole logo +

+ + + +
+

HDB Struct Reference

#include <hdb.h> +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Data Fields

char * hdb_name
krb5_error_code(* hdb_open )(krb5_context, struct HDB *, int, mode_t)
krb5_error_code(* hdb_close )(krb5_context, struct HDB *)
void(* hdb_free )(krb5_context, struct HDB *, hdb_entry_ex *)
krb5_error_code(* hdb_fetch_kvno )(krb5_context, struct HDB *, krb5_const_principal, unsigned, krb5_kvno, hdb_entry_ex *)
krb5_error_code(* hdb_store )(krb5_context, struct HDB *, unsigned, hdb_entry_ex *)
krb5_error_code(* hdb_remove )(krb5_context, struct HDB *, krb5_const_principal)
krb5_error_code(* hdb_firstkey )(krb5_context, struct HDB *, unsigned, hdb_entry_ex *)
krb5_error_code(* hdb_nextkey )(krb5_context, struct HDB *, unsigned, hdb_entry_ex *)
krb5_error_code(* hdb_lock )(krb5_context, struct HDB *, int)
krb5_error_code(* hdb_unlock )(krb5_context, struct HDB *)
krb5_error_code(* hdb_rename )(krb5_context, struct HDB *, const char *)
krb5_error_code(* hdb__get )(krb5_context, struct HDB *, krb5_data, krb5_data *)
krb5_error_code(* hdb__put )(krb5_context, struct HDB *, int, krb5_data, krb5_data)
krb5_error_code(* hdb__del )(krb5_context, struct HDB *, krb5_data)
krb5_error_code(* hdb_destroy )(krb5_context, struct HDB *)
krb5_error_code(* hdb_get_realms )(krb5_context, struct HDB *, krb5_realm **)
krb5_error_code(* hdb_password )(krb5_context, struct HDB *, hdb_entry_ex *, const char *, int)
krb5_error_code(* hdb_auth_status )(krb5_context, struct HDB *, hdb_entry_ex *, int)
krb5_error_code(* hdb_check_constrained_delegation )(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal)
krb5_error_code(* hdb_check_pkinit_ms_upn_match )(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal)
krb5_error_code(* hdb_check_s4u2self )(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal)
+

Detailed Description

+HDB backend function pointer structure

+The HDB structure is what the KDC and kadmind framework uses to query the backend database when talking about principals.

Field Documentation

+ +
+
+ + + + +
char* HDB::hdb_name
+
+
+ +

+don't use, only for DB3 +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_open)(krb5_context, struct HDB *, int, mode_t)
+
+
+ +

+Open (or create) the a Kerberos database.

+Open (or create) the a Kerberos database that was resolved with hdb_create(). The third and fourth flag to the function are the same as open(), thus passing O_CREAT will create the data base if it doesn't exists.

+Then done the caller should call hdb_close(), and to release all resources hdb_destroy(). +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_close)(krb5_context, struct HDB *)
+
+
+ +

+Close the database for transaction

+Closes the database for further transactions, wont release any permanant resources. the database can be ->hdb_open-ed again. +

+

+ +

+
+ + + + +
void(* HDB::hdb_free)(krb5_context, struct HDB *, hdb_entry_ex *)
+
+
+ +

+Free an entry after use. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_fetch_kvno)(krb5_context, struct HDB *, krb5_const_principal, unsigned, krb5_kvno, hdb_entry_ex *)
+
+
+ +

+Fetch an entry from the backend

+Fetch an entry from the backend, flags are what type of entry should be fetch: client, server, krbtgt. knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_store)(krb5_context, struct HDB *, unsigned, hdb_entry_ex *)
+
+
+ +

+Store an entry to database +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_remove)(krb5_context, struct HDB *, krb5_const_principal)
+
+
+ +

+Remove an entry from the database. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_firstkey)(krb5_context, struct HDB *, unsigned, hdb_entry_ex *)
+
+
+ +

+As part of iteration, fetch one entry +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_nextkey)(krb5_context, struct HDB *, unsigned, hdb_entry_ex *)
+
+
+ +

+As part of iteration, fetch next entry +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_lock)(krb5_context, struct HDB *, int)
+
+
+ +

+Lock database

+A lock can only be held by one consumers. Transaction can still happen on the database while the lock is held, so the entry is only useful for syncroning creation of the database and renaming of the database. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_unlock)(krb5_context, struct HDB *)
+
+
+ +

+Unlock database +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_rename)(krb5_context, struct HDB *, const char *)
+
+
+ +

+Rename the data base.

+Assume that the database is not hdb_open'ed and not locked. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb__get)(krb5_context, struct HDB *, krb5_data, krb5_data *)
+
+
+ +

+Get an hdb_entry from a classical DB backend

+If the database is a classical DB (ie BDB, NDBM, GDBM, etc) backend, this function will take a principal key (krb5_data) and return all data related to principal in the return krb5_data. The returned encoded entry is of type hdb_entry or hdb_entry_alias. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb__put)(krb5_context, struct HDB *, int, krb5_data, krb5_data)
+
+
+ +

+Store an hdb_entry from a classical DB backend

+Same discussion as in HDB::hdb__get +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb__del)(krb5_context, struct HDB *, krb5_data)
+
+
+ +

+Delete and hdb_entry from a classical DB backend

+Same discussion as in HDB::hdb__get +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_destroy)(krb5_context, struct HDB *)
+
+
+ +

+Destroy the handle to the database.

+Destroy the handle to the database, deallocate all memory and related resources. Does not remove any permanent data. Its the logical reverse of hdb_create() function that is the entry point for the module. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **)
+
+
+ +

+Get the list of realms this backend handles. This call is optional to support. The returned realms are used for announcing the realms over bonjour. Free returned array with krb5_free_host_realm(). +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_password)(krb5_context, struct HDB *, hdb_entry_ex *, const char *, int)
+
+
+ +

+Change password.

+Will update keys for the entry when given password. The new keys must be written into the entry and will then later be ->hdb_store() into the database. The backend will still perform all other operations, increasing the kvno, and update modification timestamp.

+The backend needs to call _kadm5_set_keys() and perform password quality checks. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int)
+
+
+ +

+Auth feedback

+This is a feedback call that allows backends that provides lockout functionality to register failure and/or successes.

+In case the entry is locked out, the backend should set the hdb_entry.flags.locked-out flag. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal)
+
+
+ +

+Check if delegation is allowed. +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_check_pkinit_ms_upn_match)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal)
+
+
+ +

+Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins +

+

+ +

+
+ + + + +
krb5_error_code(* HDB::hdb_check_s4u2self)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal)
+
+
+ +

+Check if s4u2self is allowed from this client to this server +

+

+

The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/hdb/hdb.h
+
+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/structhdb__entry__ex.html b/crypto/heimdal/doc/doxyout/hdb/html/structhdb__entry__ex.html new file mode 100644 index 00000000000..34e8b49b2cc --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/structhdb__entry__ex.html @@ -0,0 +1,39 @@ + + +Heimdalhdblibrary: hdb_entry_ex Struct Reference + + + +

+keyhole logo +

+ + + +
+

hdb_entry_ex Struct Reference

#include <hdb.h> +

+ + +
+

Detailed Description

+hdb_entry_ex is a wrapper structure around the hdb_entry structure that allows backends to keep a pointer to the backing store, ie in ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to ->hdb_store(), the backend doesn't need to lookup the entry again.
The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/hdb/hdb.h
+
+
+Generated on Fri Sep 30 15:26:07 2011 for Heimdalhdblibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hdb/html/tab_b.gif b/crypto/heimdal/doc/doxyout/hdb/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hdb/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/hdb/html/tab_l.gif b/crypto/heimdal/doc/doxyout/hdb/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hdb/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/hdb/html/tab_r.gif b/crypto/heimdal/doc/doxyout/hdb/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hdb/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/hdb/html/tabs.css b/crypto/heimdal/doc/doxyout/hdb/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/HDB.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/HDB.3 new file mode 100644 index 00000000000..097554e5c83 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/HDB.3 @@ -0,0 +1,185 @@ +.TH "HDB" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalhdblibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +HDB \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "char * \fBhdb_name\fP" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_open\fP )(krb5_context, struct \fBHDB\fP *, int, mode_t)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_close\fP )(krb5_context, struct \fBHDB\fP *)" +.br +.ti -1c +.RI "void(* \fBhdb_free\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_fetch_kvno\fP )(krb5_context, struct \fBHDB\fP *, krb5_const_principal, unsigned, krb5_kvno, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_store\fP )(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_remove\fP )(krb5_context, struct \fBHDB\fP *, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_firstkey\fP )(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_nextkey\fP )(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_lock\fP )(krb5_context, struct \fBHDB\fP *, int)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_unlock\fP )(krb5_context, struct \fBHDB\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_rename\fP )(krb5_context, struct \fBHDB\fP *, const char *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb__get\fP )(krb5_context, struct \fBHDB\fP *, krb5_data, krb5_data *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb__put\fP )(krb5_context, struct \fBHDB\fP *, int, krb5_data, krb5_data)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb__del\fP )(krb5_context, struct \fBHDB\fP *, krb5_data)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_destroy\fP )(krb5_context, struct \fBHDB\fP *)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_get_realms\fP )(krb5_context, struct \fBHDB\fP *, krb5_realm **)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_password\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, const char *, int)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_auth_status\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, int)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_check_constrained_delegation\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_check_pkinit_ms_upn_match\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.br +.ti -1c +.RI "krb5_error_code(* \fBhdb_check_s4u2self\fP )(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.br +.in -1c +.SH "Detailed Description" +.PP +\fBHDB\fP backend function pointer structure +.PP +The \fBHDB\fP structure is what the KDC and kadmind framework uses to query the backend database when talking about principals. +.SH "Field Documentation" +.PP +.SS "char* \fBHDB::hdb_name\fP" +.PP +don't use, only for DB3 +.SS "krb5_error_code(* \fBHDB::hdb_open\fP)(krb5_context, struct \fBHDB\fP *, int, mode_t)" +.PP +Open (or create) the a Kerberos database. +.PP +Open (or create) the a Kerberos database that was resolved with hdb_create(). The third and fourth flag to the function are the same as open(), thus passing O_CREAT will create the data base if it doesn't exists. +.PP +Then done the caller should call \fBhdb_close()\fP, and to release all resources \fBhdb_destroy()\fP. +.SS "krb5_error_code(* \fBHDB::hdb_close\fP)(krb5_context, struct \fBHDB\fP *)" +.PP +Close the database for transaction +.PP +Closes the database for further transactions, wont release any permanant resources. the database can be ->hdb_open-ed again. +.SS "void(* \fBHDB::hdb_free\fP)(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *)" +.PP +Free an entry after use. +.SS "krb5_error_code(* \fBHDB::hdb_fetch_kvno\fP)(krb5_context, struct \fBHDB\fP *, krb5_const_principal, unsigned, krb5_kvno, \fBhdb_entry_ex\fP *)" +.PP +Fetch an entry from the backend +.PP +Fetch an entry from the backend, flags are what type of entry should be fetch: client, server, krbtgt. knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get +.SS "krb5_error_code(* \fBHDB::hdb_store\fP)(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.PP +Store an entry to database +.SS "krb5_error_code(* \fBHDB::hdb_remove\fP)(krb5_context, struct \fBHDB\fP *, krb5_const_principal)" +.PP +Remove an entry from the database. +.SS "krb5_error_code(* \fBHDB::hdb_firstkey\fP)(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.PP +As part of iteration, fetch one entry +.SS "krb5_error_code(* \fBHDB::hdb_nextkey\fP)(krb5_context, struct \fBHDB\fP *, unsigned, \fBhdb_entry_ex\fP *)" +.PP +As part of iteration, fetch next entry +.SS "krb5_error_code(* \fBHDB::hdb_lock\fP)(krb5_context, struct \fBHDB\fP *, int)" +.PP +Lock database +.PP +A lock can only be held by one consumers. Transaction can still happen on the database while the lock is held, so the entry is only useful for syncroning creation of the database and renaming of the database. +.SS "krb5_error_code(* \fBHDB::hdb_unlock\fP)(krb5_context, struct \fBHDB\fP *)" +.PP +Unlock database +.SS "krb5_error_code(* \fBHDB::hdb_rename\fP)(krb5_context, struct \fBHDB\fP *, const char *)" +.PP +Rename the data base. +.PP +Assume that the database is not hdb_open'ed and not locked. +.SS "krb5_error_code(* \fBHDB::hdb__get\fP)(krb5_context, struct \fBHDB\fP *, krb5_data, krb5_data *)" +.PP +Get an hdb_entry from a classical DB backend +.PP +If the database is a classical DB (ie BDB, NDBM, GDBM, etc) backend, this function will take a principal key (krb5_data) and return all data related to principal in the return krb5_data. The returned encoded entry is of type hdb_entry or hdb_entry_alias. +.SS "krb5_error_code(* \fBHDB::hdb__put\fP)(krb5_context, struct \fBHDB\fP *, int, krb5_data, krb5_data)" +.PP +Store an hdb_entry from a classical DB backend +.PP +Same discussion as in \fBHDB::hdb__get\fP +.SS "krb5_error_code(* \fBHDB::hdb__del\fP)(krb5_context, struct \fBHDB\fP *, krb5_data)" +.PP +Delete and hdb_entry from a classical DB backend +.PP +Same discussion as in \fBHDB::hdb__get\fP +.SS "krb5_error_code(* \fBHDB::hdb_destroy\fP)(krb5_context, struct \fBHDB\fP *)" +.PP +Destroy the handle to the database. +.PP +Destroy the handle to the database, deallocate all memory and related resources. Does not remove any permanent data. Its the logical reverse of hdb_create() function that is the entry point for the module. +.SS "krb5_error_code(* \fBHDB::hdb_get_realms\fP)(krb5_context, struct \fBHDB\fP *, krb5_realm **)" +.PP +Get the list of realms this backend handles. This call is optional to support. The returned realms are used for announcing the realms over bonjour. Free returned array with krb5_free_host_realm(). +.SS "krb5_error_code(* \fBHDB::hdb_password\fP)(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, const char *, int)" +.PP +Change password. +.PP +Will update keys for the entry when given password. The new keys must be written into the entry and will then later be ->\fBhdb_store()\fP into the database. The backend will still perform all other operations, increasing the kvno, and update modification timestamp. +.PP +The backend needs to call _kadm5_set_keys() and perform password quality checks. +.SS "krb5_error_code(* \fBHDB::hdb_auth_status\fP)(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, int)" +.PP +Auth feedback +.PP +This is a feedback call that allows backends that provides lockout functionality to register failure and/or successes. +.PP +In case the entry is locked out, the backend should set the hdb_entry.flags.locked-out flag. +.SS "krb5_error_code(* \fBHDB::hdb_check_constrained_delegation\fP)(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.PP +Check if delegation is allowed. +.SS "krb5_error_code(* \fBHDB::hdb_check_pkinit_ms_upn_match\fP)(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.PP +Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins +.SS "krb5_error_code(* \fBHDB::hdb_check_s4u2self\fP)(krb5_context, struct \fBHDB\fP *, \fBhdb_entry_ex\fP *, krb5_const_principal)" +.PP +Check if s4u2self is allowed from this client to this server + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdalhdblibrary from the source code. diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__del.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__del.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__del.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__get.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__get.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__get.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__put.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__put.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb__put.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_auth_status.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_auth_status.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_auth_status.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_constrained_delegation.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_constrained_delegation.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_constrained_delegation.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_s4u2self.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_s4u2self.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_check_s4u2self.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_close.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_close.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_close.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_destroy.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_destroy.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_destroy.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_entry_ex.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_entry_ex.3 new file mode 100644 index 00000000000..502bdd8b232 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_entry_ex.3 @@ -0,0 +1,17 @@ +.TH "hdb_entry_ex" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalhdblibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hdb_entry_ex \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SH "Detailed Description" +.PP +\fBhdb_entry_ex\fP is a wrapper structure around the hdb_entry structure that allows backends to keep a pointer to the backing store, ie in ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to ->hdb_store(), the backend doesn't need to lookup the entry again. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdalhdblibrary from the source code. diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_fetch_kvno.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_fetch_kvno.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_fetch_kvno.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_firstkey.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_firstkey.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_firstkey.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_free.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_free.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_free.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_get_realms.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_get_realms.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_get_realms.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_lock.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_lock.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_lock.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_name.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_name.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_name.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_nextkey.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_nextkey.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_nextkey.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_open.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_open.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_open.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_password.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_password.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_password.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_remove.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_remove.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_remove.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_rename.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_rename.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_rename.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_store.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_store.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_store.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_unlock.3 b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_unlock.3 new file mode 100644 index 00000000000..46f8e91739a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/man/man3/hdb_unlock.3 @@ -0,0 +1 @@ +.so man3/HDB.3 diff --git a/crypto/heimdal/doc/doxyout/hdb/manpages b/crypto/heimdal/doc/doxyout/hdb/manpages new file mode 100644 index 00000000000..c6d2fe2361f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hdb/manpages @@ -0,0 +1,24 @@ +hdb/man/man3/HDB.3 +hdb/man/man3/hdb__del.3 +hdb/man/man3/hdb__get.3 +hdb/man/man3/hdb__put.3 +hdb/man/man3/hdb_auth_status.3 +hdb/man/man3/hdb_check_constrained_delegation.3 +hdb/man/man3/hdb_check_pkinit_ms_upn_match.3 +hdb/man/man3/hdb_check_s4u2self.3 +hdb/man/man3/hdb_close.3 +hdb/man/man3/hdb_destroy.3 +hdb/man/man3/hdb_entry_ex.3 +hdb/man/man3/hdb_fetch_kvno.3 +hdb/man/man3/hdb_firstkey.3 +hdb/man/man3/hdb_free.3 +hdb/man/man3/hdb_get_realms.3 +hdb/man/man3/hdb_lock.3 +hdb/man/man3/hdb_name.3 +hdb/man/man3/hdb_nextkey.3 +hdb/man/man3/hdb_open.3 +hdb/man/man3/hdb_password.3 +hdb/man/man3/hdb_remove.3 +hdb/man/man3/hdb_rename.3 +hdb/man/man3/hdb_store.3 +hdb/man/man3/hdb_unlock.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/html/doxygen.css b/crypto/heimdal/doc/doxyout/hx509/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/doxygen.png b/crypto/heimdal/doc/doxyout/hx509/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hx509/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.html b/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.html new file mode 100644 index 00000000000..bc58e756668 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.html @@ -0,0 +1,88 @@ + + +Heimdalx509library: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:14 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.png b/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hx509/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509.html new file mode 100644 index 00000000000..7b71eb5c8a5 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509.html @@ -0,0 +1,89 @@ + + +Heimdalx509library: hx509 library + + + +

+keyhole logo +

+ + + +
+

hx509 library

+ + + + + + +

Functions

int hx509_context_init (hx509_context *context)
void hx509_context_free (hx509_context *context)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + +
void hx509_context_free (hx509_context *  context  ) 
+
+
+ +

+Free the context allocated by hx509_context_init().

+

Parameters:
+ + +
context context to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + +
int hx509_context_init (hx509_context *  context  ) 
+
+
+ +

+Creates a hx509 context that most functions in the library uses. The context is only allowed to be used by one thread at each moment. Free the context with hx509_context_free().

+

Parameters:
+ + +
context Returns a pointer to new hx509 context.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__ca.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__ca.html new file mode 100644 index 00000000000..a06314b3953 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__ca.html @@ -0,0 +1,1179 @@ + + +Heimdalx509library: hx509 CA functions + + + +

+keyhole logo +

+ + + +
+

hx509 CA functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs *tbs)
void hx509_ca_tbs_free (hx509_ca_tbs *tbs)
int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)
int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)
int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)
struct units * hx509_ca_tbs_template_units (void)
int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)
int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)
int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)
int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)
int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)
int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)
int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)
int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)
int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char *principal)
int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char *principal)
int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char *jid)
int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)
int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)
int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)
int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)
int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)
int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)
int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)
+

Detailed Description

+See the Hx509 CA functions for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_sign (hx509_context  context,
hx509_ca_tbs  tbs,
hx509_cert  signer,
hx509_cert *  certificate 
)
+
+
+ +

+Sign a to-be-signed certificate object with a issuer certificate.

+The caller needs to at least have called the following functions on the to-be-signed certificate object:

+

+When done the to-be-signed certificate object should be freed with hx509_ca_tbs_free().

+When creating self-signed certificate use hx509_ca_sign_self() instead.

+

Parameters:
+ + + + + +
context A hx509 context.
tbs object to be signed.
signer the CA certificate object to sign with (need private key).
certificate return cerificate, free with hx509_cert_free().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_sign_self (hx509_context  context,
hx509_ca_tbs  tbs,
hx509_private_key  signer,
hx509_cert *  certificate 
)
+
+
+ +

+Work just like hx509_ca_sign() but signs it-self.

+

Parameters:
+ + + + + +
context A hx509 context.
tbs object to be signed.
signer private key to sign with.
certificate return cerificate, free with hx509_cert_free().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_crl_dp_uri (hx509_context  context,
hx509_ca_tbs  tbs,
const char *  uri,
hx509_name  issuername 
)
+
+
+ +

+Add CRL distribution point URI to the to-be-signed certificate object.

+

Parameters:
+ + + + + +
context A hx509 context.
tbs object to be signed.
uri uri to the CRL.
issuername name of the issuer.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +

+issuername not supported +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_eku (hx509_context  context,
hx509_ca_tbs  tbs,
const heim_oid *  oid 
)
+
+
+ +

+An an extended key usage to the to-be-signed certificate object. Duplicates will detected and not added.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
oid extended key usage to add.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_san_hostname (hx509_context  context,
hx509_ca_tbs  tbs,
const char *  dnsname 
)
+
+
+ +

+Add a Subject Alternative Name hostname to to-be-signed certificate object. A domain match starts with ., an exact match does not.

+Example of a an domain match: .domain.se matches the hostname host.domain.se.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
dnsname a hostame.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_san_jid (hx509_context  context,
hx509_ca_tbs  tbs,
const char *  jid 
)
+
+
+ +

+Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object. The jid is an UTF8 string.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
jid string of an a jabber id in UTF8.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_san_ms_upn (hx509_context  context,
hx509_ca_tbs  tbs,
const char *  principal 
)
+
+
+ +

+Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
principal Microsoft UPN string.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_san_otherName (hx509_context  context,
hx509_ca_tbs  tbs,
const heim_oid *  oid,
const heim_octet_string *  os 
)
+
+
+ +

+Add Subject Alternative Name otherName to the to-be-signed certificate object.

+

Parameters:
+ + + + + +
context A hx509 context.
tbs object to be signed.
oid the oid of the OtherName.
os data in the other name.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_san_pkinit (hx509_context  context,
hx509_ca_tbs  tbs,
const char *  principal 
)
+
+
+ +

+Add Kerberos Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
principal Kerberos principal to add to the certificate.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_add_san_rfc822name (hx509_context  context,
hx509_ca_tbs  tbs,
const char *  rfc822Name 
)
+
+
+ +

+Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
rfc822Name a string to a email address.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_ca_tbs_free (hx509_ca_tbs *  tbs  ) 
+
+
+ +

+Free an To Be Signed object.

+

Parameters:
+ + +
tbs object to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_init (hx509_context  context,
hx509_ca_tbs *  tbs 
)
+
+
+ +

+Allocate an to-be-signed certificate object that will be converted into an certificate.

+

Parameters:
+ + + +
context A hx509 context.
tbs returned to-be-signed certicate object, free with hx509_ca_tbs_free().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_ca (hx509_context  context,
hx509_ca_tbs  tbs,
int  pathLenConstraint 
)
+
+
+ +

+Make the to-be-signed certificate object a CA certificate. If the pathLenConstraint is negative path length constraint is used.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
pathLenConstraint path length constraint, negative, no constraint.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_domaincontroller (hx509_context  context,
hx509_ca_tbs  tbs 
)
+
+
+ +

+Make the to-be-signed certificate object a windows domain controller certificate.

+

Parameters:
+ + + +
context A hx509 context.
tbs object to be signed.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_notAfter (hx509_context  context,
hx509_ca_tbs  tbs,
time_t  t 
)
+
+
+ +

+Set the absolute time when the certificate is valid to.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
t time when the certificate will expire
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_notAfter_lifetime (hx509_context  context,
hx509_ca_tbs  tbs,
time_t  delta 
)
+
+
+ +

+Set the relative time when the certificiate is going to expire.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
delta seconds to the certificate is going to expire.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_notBefore (hx509_context  context,
hx509_ca_tbs  tbs,
time_t  t 
)
+
+
+ +

+Set the absolute time when the certificate is valid from. If not set the current time will be used.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
t time the certificated will start to be valid
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_proxy (hx509_context  context,
hx509_ca_tbs  tbs,
int  pathLenConstraint 
)
+
+
+ +

+Make the to-be-signed certificate object a proxy certificate. If the pathLenConstraint is negative path length constraint is used.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
pathLenConstraint path length constraint, negative, no constraint.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_serialnumber (hx509_context  context,
hx509_ca_tbs  tbs,
const heim_integer *  serialNumber 
)
+
+
+ +

+Set the serial number to use for to-be-signed certificate object.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
serialNumber serial number to use for the to-be-signed certificate object.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_spki (hx509_context  context,
hx509_ca_tbs  tbs,
const SubjectPublicKeyInfo *  spki 
)
+
+
+ +

+Set the subject public key info (SPKI) in the to-be-signed certificate object. SPKI is the public key and key related parameters in the certificate.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
spki subject public key info to use for the to-be-signed certificate object.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_subject (hx509_context  context,
hx509_ca_tbs  tbs,
hx509_name  subject 
)
+
+
+ +

+Set the subject name of a to-be-signed certificate object.

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
subject the name to set a subject.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_template (hx509_context  context,
hx509_ca_tbs  tbs,
int  flags,
hx509_cert  cert 
)
+
+
+ +

+Initialize the to-be-signed certificate object from a template certifiate.

+

Parameters:
+ + + + + +
context A hx509 context.
tbs object to be signed.
flags bit field selecting what to copy from the template certifiate.
cert template certificate.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_set_unique (hx509_context  context,
hx509_ca_tbs  tbs,
const heim_bit_string *  subjectUniqueID,
const heim_bit_string *  issuerUniqueID 
)
+
+
+ +

+Set the issuerUniqueID and subjectUniqueID

+These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier. This function is to allow application using legacy protocol to issue them.

+

Parameters:
+ + + + + +
context A hx509 context.
tbs object to be signed.
issuerUniqueID to be set
subjectUniqueID to be set
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ca_tbs_subject_expand (hx509_context  context,
hx509_ca_tbs  tbs,
hx509_env  env 
)
+
+
+ +

+Expand the the subject name in the to-be-signed certificate object using hx509_name_expand().

+

Parameters:
+ + + + +
context A hx509 context.
tbs object to be signed.
env enviroment variable to expand variables in the subject name, see hx509_env_init().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
struct units* hx509_ca_tbs_template_units (void   )  [read]
+
+
+ +

+Make of template units, use to build flags argument to hx509_ca_tbs_set_template() with parse_units().

+

Returns:
an units structure.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:13 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__cert.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__cert.html new file mode 100644 index 00000000000..f2f816b5112 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__cert.html @@ -0,0 +1,1425 @@ + + +Heimdalx509library: hx509 certificate functions + + + +

+keyhole logo +

+ + + +
+

hx509 certificate functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

int hx509_cert_init (hx509_context context, const Certificate *c, hx509_cert *cert)
int hx509_cert_init_data (hx509_context context, const void *ptr, size_t len, hx509_cert *cert)
void hx509_cert_free (hx509_cert cert)
hx509_cert hx509_cert_ref (hx509_cert cert)
void hx509_verify_ctx_f_allow_default_trustanchors (hx509_verify_ctx ctx, int boolean)
int hx509_cert_find_subjectAltName_otherName (hx509_context context, hx509_cert cert, const heim_oid *oid, hx509_octet_string_list *list)
int hx509_cert_cmp (hx509_cert p, hx509_cert q)
int hx509_cert_get_issuer (hx509_cert p, hx509_name *name)
int hx509_cert_get_subject (hx509_cert p, hx509_name *name)
int hx509_cert_get_base_subject (hx509_context context, hx509_cert c, hx509_name *name)
int hx509_cert_get_serialnumber (hx509_cert p, heim_integer *i)
time_t hx509_cert_get_notBefore (hx509_cert p)
time_t hx509_cert_get_notAfter (hx509_cert p)
int hx509_cert_get_SPKI (hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)
int hx509_cert_get_SPKI_AlgorithmIdentifier (hx509_context context, hx509_cert p, AlgorithmIdentifier *alg)
int hx509_cert_get_issuer_unique_id (hx509_context context, hx509_cert p, heim_bit_string *issuer)
int hx509_cert_get_subject_unique_id (hx509_context context, hx509_cert p, heim_bit_string *subject)
int hx509_verify_hostname (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char *hostname, const struct sockaddr *sa, int sa_size)
hx509_cert_attribute hx509_cert_get_attribute (hx509_cert cert, const heim_oid *oid)
int hx509_cert_set_friendly_name (hx509_cert cert, const char *name)
const char * hx509_cert_get_friendly_name (hx509_cert cert)
int hx509_query_alloc (hx509_context context, hx509_query **q)
void hx509_query_match_option (hx509_query *q, hx509_query_option option)
int hx509_query_match_issuer_serial (hx509_query *q, const Name *issuer, const heim_integer *serialNumber)
int hx509_query_match_friendly_name (hx509_query *q, const char *name)
int hx509_query_match_eku (hx509_query *q, const heim_oid *eku)
int hx509_query_match_cmp_func (hx509_query *q, int(*func)(hx509_context, hx509_cert, void *), void *ctx)
void hx509_query_free (hx509_context context, hx509_query *q)
void hx509_query_statistic_file (hx509_context context, const char *fn)
void hx509_query_unparse_stats (hx509_context context, int printtype, FILE *out)
int hx509_cert_check_eku (hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku)
int hx509_cert_binary (hx509_context context, hx509_cert c, heim_octet_string *os)
int hx509_print_cert (hx509_context context, hx509_cert cert, FILE *out)
+

Detailed Description

+See the The basic certificate for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_binary (hx509_context  context,
hx509_cert  c,
heim_octet_string *  os 
)
+
+
+ +

+Encodes the hx509 certificate as a DER encode binary.

+

Parameters:
+ + + + +
context A hx509 context.
c the certificate to encode.
os the encode certificate, set to NULL, 0 on case of error. Free the os->data with hx509_xfree().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_check_eku (hx509_context  context,
hx509_cert  cert,
const heim_oid *  eku,
int  allow_any_eku 
)
+
+
+ +

+Check the extended key usage on the hx509 certificate.

+

Parameters:
+ + + + + +
context A hx509 context.
cert A hx509 context.
eku the EKU to check for
allow_any_eku if the any EKU is set, allow that to be a substitute.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_cert_cmp (hx509_cert  p,
hx509_cert  q 
)
+
+
+ +

+Compare to hx509 certificate object, useful for sorting.

+

Parameters:
+ + + +
p a hx509 certificate object.
q a hx509 certificate object.
+
+
Returns:
0 the objects are the same, returns > 0 is p is "larger" then q, < 0 if p is "smaller" then q.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_find_subjectAltName_otherName (hx509_context  context,
hx509_cert  cert,
const heim_oid *  oid,
hx509_octet_string_list *  list 
)
+
+
+ +

+Return a list of subjectAltNames specified by oid in the certificate. On error the

+The returned list of octet string should be freed with hx509_free_octet_string_list().

+

Parameters:
+ + + + + +
context A hx509 context.
cert a hx509 certificate object.
oid an oid to for SubjectAltName.
list list of matching SubjectAltName.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_cert_free (hx509_cert  cert  ) 
+
+
+ +

+Free reference to the hx509 certificate object, if the refcounter reaches 0, the object if freed. Its allowed to pass in NULL.

+

Parameters:
+ + +
cert the cert to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
hx509_cert_attribute hx509_cert_get_attribute (hx509_cert  cert,
const heim_oid *  oid 
)
+
+
+ +

+Get an external attribute for the certificate, examples are friendly name and id.

+

Parameters:
+ + + +
cert hx509 certificate object to search
oid an oid to search for.
+
+
Returns:
an hx509_cert_attribute, only valid as long as the certificate is referenced.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_get_base_subject (hx509_context  context,
hx509_cert  c,
hx509_name *  name 
)
+
+
+ +

+Return the name of the base subject of the hx509 certificate. If the certiicate is a verified proxy certificate, the this function return the base certificate (root of the proxy chain). If the proxy certificate is not verified with the base certificate HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned.

+

Parameters:
+ + + + +
context a hx509 context.
c a hx509 certificate object.
name a pointer to a hx509 name, should be freed by hx509_name_free(). See also hx509_cert_get_subject().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
const char* hx509_cert_get_friendly_name (hx509_cert  cert  ) 
+
+
+ +

+Get friendly name of the certificate.

+

Parameters:
+ + +
cert cert to get the friendly name from.
+
+
Returns:
an friendly name or NULL if there is. The friendly name is only valid as long as the certificate is referenced.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_cert_get_issuer (hx509_cert  p,
hx509_name *  name 
)
+
+
+ +

+Return the name of the issuer of the hx509 certificate.

+

Parameters:
+ + + +
p a hx509 certificate object.
name a pointer to a hx509 name, should be freed by hx509_name_free().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_get_issuer_unique_id (hx509_context  context,
hx509_cert  p,
heim_bit_string *  issuer 
)
+
+
+ +

+Get a copy of the Issuer Unique ID

+

Parameters:
+ + + + +
context a hx509_context
p a hx509 certificate
issuer the issuer id returned, free with der_free_bit_string()
+
+
Returns:
An hx509 error code, see hx509_get_error_string(). The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a issuerUniqueID
+ +
+

+ +

+
+ + + + + + + + + +
time_t hx509_cert_get_notAfter (hx509_cert  p  ) 
+
+
+ +

+Get notAfter time of the certificate.

+

Parameters:
+ + +
p a hx509 certificate object.
+
+
Returns:
return not after time.
+ +
+

+ +

+
+ + + + + + + + + +
time_t hx509_cert_get_notBefore (hx509_cert  p  ) 
+
+
+ +

+Get notBefore time of the certificate.

+

Parameters:
+ + +
p a hx509 certificate object.
+
+
Returns:
return not before time
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_cert_get_serialnumber (hx509_cert  p,
heim_integer *  i 
)
+
+
+ +

+Get serial number of the certificate.

+

Parameters:
+ + + +
p a hx509 certificate object.
i serial number, should be freed ith der_free_heim_integer().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_get_SPKI (hx509_context  context,
hx509_cert  p,
SubjectPublicKeyInfo *  spki 
)
+
+
+ +

+Get the SubjectPublicKeyInfo structure from the hx509 certificate.

+

Parameters:
+ + + + +
context a hx509 context.
p a hx509 certificate object.
spki SubjectPublicKeyInfo, should be freed with free_SubjectPublicKeyInfo().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_get_SPKI_AlgorithmIdentifier (hx509_context  context,
hx509_cert  p,
AlgorithmIdentifier *  alg 
)
+
+
+ +

+Get the AlgorithmIdentifier from the hx509 certificate.

+

Parameters:
+ + + + +
context a hx509 context.
p a hx509 certificate object.
alg AlgorithmIdentifier, should be freed with free_AlgorithmIdentifier(). The algorithmidentifier is typicly rsaEncryption, or id-ecPublicKey, or some other public key mechanism.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_cert_get_subject (hx509_cert  p,
hx509_name *  name 
)
+
+
+ +

+Return the name of the subject of the hx509 certificate.

+

Parameters:
+ + + +
p a hx509 certificate object.
name a pointer to a hx509 name, should be freed by hx509_name_free(). See also hx509_cert_get_base_subject().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_get_subject_unique_id (hx509_context  context,
hx509_cert  p,
heim_bit_string *  subject 
)
+
+
+ +

+Get a copy of the Subect Unique ID

+

Parameters:
+ + + + +
context a hx509_context
p a hx509 certificate
subject the subject id returned, free with der_free_bit_string()
+
+
Returns:
An hx509 error code, see hx509_get_error_string(). The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a subjectUniqueID
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_init (hx509_context  context,
const Certificate *  c,
hx509_cert *  cert 
)
+
+
+ +

+Allocate and init an hx509 certificate object from the decoded certificate `c´.

+

Parameters:
+ + + + +
context A hx509 context.
c 
cert 
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_init_data (hx509_context  context,
const void *  ptr,
size_t  len,
hx509_cert *  cert 
)
+
+
+ +

+Just like hx509_cert_init(), but instead of a decode certificate takes an pointer and length to a memory region that contains a DER/BER encoded certificate.

+If the memory region doesn't contain just the certificate and nothing more the function will fail with HX509_EXTRA_DATA_AFTER_STRUCTURE.

+

Parameters:
+ + + + + +
context A hx509 context.
ptr pointer to memory region containing encoded certificate.
len length of memory region.
cert a return pointer to a hx509 certificate object, will contain NULL on error.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
hx509_cert hx509_cert_ref (hx509_cert  cert  ) 
+
+
+ +

+Add a reference to a hx509 certificate object.

+

Parameters:
+ + +
cert a pointer to an hx509 certificate object.
+
+
Returns:
the same object as is passed in.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_cert_set_friendly_name (hx509_cert  cert,
const char *  name 
)
+
+
+ +

+Set the friendly name on the certificate.

+

Parameters:
+ + + +
cert The certificate to set the friendly name on
name Friendly name.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_print_cert (hx509_context  context,
hx509_cert  cert,
FILE *  out 
)
+
+
+ +

+Print a simple representation of a certificate

+

Parameters:
+ + + + +
context A hx509 context, can be NULL
cert certificate to print
out the stdio output stream, if NULL, stdout is used
+
+
Returns:
An hx509 error code
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_query_alloc (hx509_context  context,
hx509_query **  q 
)
+
+
+ +

+Allocate an query controller. Free using hx509_query_free().

+

Parameters:
+ + + +
context A hx509 context.
q return pointer to a hx509_query.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_query_free (hx509_context  context,
hx509_query *  q 
)
+
+
+ +

+Free the query controller.

+

Parameters:
+ + + +
context A hx509 context.
q a pointer to the query controller.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_query_match_cmp_func (hx509_query *  q,
int(*)(hx509_context, hx509_cert, void *)  func,
void *  ctx 
)
+
+
+ +

+Set the query controller to match using a specific match function.

+

Parameters:
+ + + + +
q a hx509 query controller.
func function to use for matching, if the argument is NULL, the match function is removed.
ctx context passed to the function.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_query_match_eku (hx509_query *  q,
const heim_oid *  eku 
)
+
+
+ +

+Set the query controller to require an one specific EKU (extended key usage). Any previous EKU matching is overwitten. If NULL is passed in as the eku, the EKU requirement is reset.

+

Parameters:
+ + + +
q a hx509 query controller.
eku an EKU to match on.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_query_match_friendly_name (hx509_query *  q,
const char *  name 
)
+
+
+ +

+Set the query controller to match on a friendly name

+

Parameters:
+ + + +
q a hx509 query controller.
name a friendly name to match on
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_query_match_issuer_serial (hx509_query *  q,
const Name *  issuer,
const heim_integer *  serialNumber 
)
+
+
+ +

+Set the issuer and serial number of match in the query controller. The function make copies of the isser and serial number.

+

Parameters:
+ + + + +
q a hx509 query controller
issuer issuer to search for
serialNumber the serialNumber of the issuer.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_query_match_option (hx509_query *  q,
hx509_query_option  option 
)
+
+
+ +

+Set match options for the hx509 query controller.

+

Parameters:
+ + + +
q query controller.
option options to control the query controller.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_query_statistic_file (hx509_context  context,
const char *  fn 
)
+
+
+ +

+Set a statistic file for the query statistics.

+

Parameters:
+ + + +
context A hx509 context.
fn statistics file name
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_query_unparse_stats (hx509_context  context,
int  printtype,
FILE *  out 
)
+
+
+ +

+Unparse the statistics file and print the result on a FILE descriptor.

+

Parameters:
+ + + + +
context A hx509 context.
printtype tyep to print
out the FILE to write the data on.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_ctx_f_allow_default_trustanchors (hx509_verify_ctx  ctx,
int  boolean 
)
+
+
+ +

+Allow using the operating system builtin trust anchors if no other trust anchors are configured.

+

Parameters:
+ + + +
ctx a verification context
boolean if non zero, useing the operating systems builtin trust anchors.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_verify_hostname (hx509_context  context,
const hx509_cert  cert,
int  flags,
hx509_hostname_type  type,
const char *  hostname,
const struct sockaddr *  sa,
int  sa_size 
)
+
+
+ +

+Verify that the certificate is allowed to be used for the hostname and address.

+

Parameters:
+ + + + + + + + +
context A hx509 context.
cert the certificate to match with
flags Flags to modify the behavior:
    +
  • HX509_VHN_F_ALLOW_NO_MATCH no match is ok
+
type type of hostname:
    +
  • HX509_HN_HOSTNAME for plain hostname.
  • HX509_HN_DNSSRV for DNS SRV names.
+
hostname the hostname to check
sa address of the host
sa_size length of address
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:11 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__cms.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__cms.html new file mode 100644 index 00000000000..804b6b6bc88 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__cms.html @@ -0,0 +1,504 @@ + + +Heimdalx509library: hx509 CMS/pkcs7 functions + + + +

+keyhole logo +

+ + + +
+

hx509 CMS/pkcs7 functions

+ + + + + + + + + + + + + + +

Functions

int hx509_cms_wrap_ContentInfo (const heim_oid *oid, const heim_octet_string *buf, heim_octet_string *res)
int hx509_cms_unwrap_ContentInfo (const heim_octet_string *in, heim_oid *oid, heim_octet_string *out, int *have_data)
int hx509_cms_unenvelope (hx509_context context, hx509_certs certs, int flags, const void *data, size_t length, const heim_octet_string *encryptedContent, time_t time_now, heim_oid *contentType, heim_octet_string *content)
int hx509_cms_envelope_1 (hx509_context context, int flags, hx509_cert cert, const void *data, size_t length, const heim_oid *encryption_type, const heim_oid *contentType, heim_octet_string *content)
int hx509_cms_verify_signed (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void *data, size_t length, const heim_octet_string *signedContent, hx509_certs pool, heim_oid *contentType, heim_octet_string *content, hx509_certs *signer_certs)
int hx509_cms_create_signed_1 (hx509_context context, int flags, const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string *signed_data)
+

Detailed Description

+See the CMS/PKCS7 message functions. for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cms_create_signed_1 (hx509_context  context,
int  flags,
const heim_oid *  eContentType,
const void *  data,
size_t  length,
const AlgorithmIdentifier *  digest_alg,
hx509_cert  cert,
hx509_peer_info  peer,
hx509_certs  anchors,
hx509_certs  pool,
heim_octet_string *  signed_data 
)
+
+
+ +

+Decode SignedData and verify that the signature is correct.

+

Parameters:
+ + + + + + + + + + + + +
context A hx509 context.
flags 
eContentType the type of the data.
data data to sign
length length of the data that data point to.
digest_alg digest algorithm to use, use NULL to get the default or the peer determined algorithm.
cert certificate to use for sign the data.
peer info about the peer the message to send the message to, like what digest algorithm to use.
anchors trust anchors that the client will use, used to polulate the certificates included in the message
pool certificates to use in try to build the path to the trust anchors.
signed_data the output of the function, free with der_free_octet_string().
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cms_envelope_1 (hx509_context  context,
int  flags,
hx509_cert  cert,
const void *  data,
size_t  length,
const heim_oid *  encryption_type,
const heim_oid *  contentType,
heim_octet_string *  content 
)
+
+
+ +

+Encrypt end encode EnvelopedData.

+Encrypt and encode EnvelopedData. The data is encrypted with a random key and the the random key is encrypted with the certificates private key. This limits what private key type can be used to RSA.

+

Parameters:
+ + + + + + + + + +
context A hx509 context.
flags flags to control the behavior.
    +
  • HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
  • HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
  • HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
+
cert Certificate to encrypt the EnvelopedData encryption key with.
data pointer the data to encrypt.
length length of the data that data point to.
encryption_type Encryption cipher to use for the bulk data, use NULL to get default.
contentType type of the data that is encrypted
content the output of the function, free with der_free_octet_string().
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cms_unenvelope (hx509_context  context,
hx509_certs  certs,
int  flags,
const void *  data,
size_t  length,
const heim_octet_string *  encryptedContent,
time_t  time_now,
heim_oid *  contentType,
heim_octet_string *  content 
)
+
+
+ +

+Decode and unencrypt EnvelopedData.

+Extract data and parameteres from from the EnvelopedData. Also supports using detached EnvelopedData.

+

Parameters:
+ + + + + + + + + + +
context A hx509 context.
certs Certificate that can decrypt the EnvelopedData encryption key.
flags HX509_CMS_UE flags to control the behavior.
data pointer the structure the contains the DER/BER encoded EnvelopedData stucture.
length length of the data that data point to.
encryptedContent in case of detached signature, this contains the actual encrypted data, othersize its should be NULL.
time_now set the current time, if zero the library uses now as the date.
contentType output type oid, should be freed with der_free_oid().
content the data, free with der_free_octet_string().
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cms_unwrap_ContentInfo (const heim_octet_string *  in,
heim_oid *  oid,
heim_octet_string *  out,
int *  have_data 
)
+
+
+ +

+Decode an ContentInfo and unwrap data and oid it.

+

Parameters:
+ + + + + +
in the encoded buffer.
oid type of the content.
out data to be wrapped.
have_data since the data is optional, this flags show dthe diffrence between no data and the zero length data.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cms_verify_signed (hx509_context  context,
hx509_verify_ctx  ctx,
unsigned int  flags,
const void *  data,
size_t  length,
const heim_octet_string *  signedContent,
hx509_certs  pool,
heim_oid *  contentType,
heim_octet_string *  content,
hx509_certs *  signer_certs 
)
+
+
+ +

+Decode SignedData and verify that the signature is correct.

+

Parameters:
+ + + + + + + + + + + +
context A hx509 context.
ctx a hx509 verify context.
flags to control the behaivor of the function.
    +
  • HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
  • HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
  • HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
+
data pointer to CMS SignedData encoded data.
length length of the data that data point to.
signedContent external data used for signature.
pool certificate pool to build certificates paths.
contentType free with der_free_oid().
content the output of the function, free with der_free_octet_string().
signer_certs list of the cerficates used to sign this request, free with hx509_certs_free().
+
+ +

+If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal search for matching certificates by not considering KeyUsage bits on the certificates.

+If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow encapContentInfo mismatch with the oid in signedAttributes (or if no signedAttributes where use, pkcs7-data oid). This is only needed to work with broken CMS implementations that doesn't follow CMS signedAttributes rules.

+If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the signing certificates and leave that up to the caller.

+If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty SignerInfo (no signatures). If SignedData have no signatures, the function will return 0 with signer_certs set to NULL. Zero signers is allowed by the standard, but since its only useful in corner cases, it make into a flag that the caller have to turn on. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cms_wrap_ContentInfo (const heim_oid *  oid,
const heim_octet_string *  buf,
heim_octet_string *  res 
)
+
+
+ +

+Wrap data and oid in a ContentInfo and encode it.

+

Parameters:
+ + + + +
oid type of the content.
buf data to be wrapped. If a NULL pointer is passed in, the optional content field in the ContentInfo is not going be filled in.
res the encoded buffer, the result should be freed with der_free_octet_string().
+
+
Returns:
Returns an hx509 error code.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:11 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__crypto.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__crypto.html new file mode 100644 index 00000000000..8e1fdc92bb7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__crypto.html @@ -0,0 +1,92 @@ + + +Heimdalx509library: hx509 crypto functions + + + +

+keyhole logo +

+ + + +
+

hx509 crypto functions

+ + + + +

Functions

int hx509_verify_signature (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_verify_signature (hx509_context  context,
const hx509_cert  signer,
const AlgorithmIdentifier *  alg,
const heim_octet_string *  data,
const heim_octet_string *  sig 
)
+
+
+ +

+Verify a signature made using the private key of an certificate.

+

Parameters:
+ + + + + + +
context A hx509 context.
signer the certificate that made the signature.
alg algorthm that was used to sign the data.
data the data that was signed.
sig the sigature to verify.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:11 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__env.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__env.html new file mode 100644 index 00000000000..35b3d66c217 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__env.html @@ -0,0 +1,311 @@ + + +Heimdalx509library: hx509 enviroment functions + + + +

+keyhole logo +

+ + + +
+

hx509 enviroment functions

+ + + + + + + + + + + + + + +

Functions

int hx509_env_add (hx509_context context, hx509_env *env, const char *key, const char *value)
int hx509_env_add_binding (hx509_context context, hx509_env *env, const char *key, hx509_env list)
const char * hx509_env_lfind (hx509_context context, hx509_env env, const char *key, size_t len)
const char * hx509_env_find (hx509_context context, hx509_env env, const char *key)
hx509_env hx509_env_find_binding (hx509_context context, hx509_env env, const char *key)
void hx509_env_free (hx509_env *env)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_env_add (hx509_context  context,
hx509_env *  env,
const char *  key,
const char *  value 
)
+
+
+ +

+Add a new key/value pair to the hx509_env.

+

Parameters:
+ + + + + +
context A hx509 context.
env enviroment to add the enviroment variable too.
key key to add
value value to add
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_env_add_binding (hx509_context  context,
hx509_env *  env,
const char *  key,
hx509_env  list 
)
+
+
+ +

+Add a new key/binding pair to the hx509_env.

+

Parameters:
+ + + + + +
context A hx509 context.
env enviroment to add the enviroment variable too.
key key to add
list binding list to add
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
const char* hx509_env_find (hx509_context  context,
hx509_env  env,
const char *  key 
)
+
+
+ +

+Search the hx509_env for a key.

+

Parameters:
+ + + + +
context A hx509 context.
env enviroment to add the enviroment variable too.
key key to search for.
+
+
Returns:
the value if the key is found, NULL otherwise.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
hx509_env hx509_env_find_binding (hx509_context  context,
hx509_env  env,
const char *  key 
)
+
+
+ +

+Search the hx509_env for a binding.

+

Parameters:
+ + + + +
context A hx509 context.
env enviroment to add the enviroment variable too.
key key to search for.
+
+
Returns:
the binding if the key is found, NULL if not found.
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_env_free (hx509_env *  env  ) 
+
+
+ +

+Free an hx509_env enviroment context.

+

Parameters:
+ + +
env the enviroment to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
const char* hx509_env_lfind (hx509_context  context,
hx509_env  env,
const char *  key,
size_t  len 
)
+
+
+ +

+Search the hx509_env for a length based key.

+

Parameters:
+ + + + + +
context A hx509 context.
env enviroment to add the enviroment variable too.
key key to search for.
len length of key.
+
+
Returns:
the value if the key is found, NULL otherwise.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:14 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__error.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__error.html new file mode 100644 index 00000000000..631fbec3b62 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__error.html @@ -0,0 +1,308 @@ + + +Heimdalx509library: hx509 error functions + + + +

+keyhole logo +

+ + + +
+

hx509 error functions

+ + + + + + + + + + + + + + +

Functions

void hx509_clear_error_string (hx509_context context)
void hx509_set_error_stringv (hx509_context context, int flags, int code, const char *fmt, va_list ap)
void hx509_set_error_string (hx509_context context, int flags, int code, const char *fmt,...)
char * hx509_get_error_string (hx509_context context, int error_code)
void hx509_free_error_string (char *str)
void hx509_err (hx509_context context, int exit_code, int error_code, const char *fmt,...)
+

Detailed Description

+See the Hx509 error reporting functions for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + +
void hx509_clear_error_string (hx509_context  context  ) 
+
+
+ +

+Resets the error strings the hx509 context.

+

Parameters:
+ + +
context A hx509 context.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_err (hx509_context  context,
int  exit_code,
int  error_code,
const char *  fmt,
  ... 
)
+
+
+ +

+Print error message and fatally exit from error code

+

Parameters:
+ + + + + + +
context A hx509 context.
exit_code exit() code from process.
error_code Error code for the reason to exit.
fmt format string with the exit message.
... argument to format string.
+
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_free_error_string (char *  str  ) 
+
+
+ +

+Free error string returned by hx509_get_error_string().

+

Parameters:
+ + +
str error string to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
char* hx509_get_error_string (hx509_context  context,
int  error_code 
)
+
+
+ +

+Get an error string from context associated with error_code.

+

Parameters:
+ + + +
context A hx509 context.
error_code Get error message for this error code.
+
+
Returns:
error string, free with hx509_free_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_set_error_string (hx509_context  context,
int  flags,
int  code,
const char *  fmt,
  ... 
)
+
+
+ +

+See hx509_set_error_stringv().

+

Parameters:
+ + + + + + +
context A hx509 context.
flags 
    +
  • HX509_ERROR_APPEND appends the error string to the old messages (code is updated).
+
code error code related to error message
fmt error message format
... arguments to error message format
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_set_error_stringv (hx509_context  context,
int  flags,
int  code,
const char *  fmt,
va_list  ap 
)
+
+
+ +

+Add an error message to the hx509 context.

+

Parameters:
+ + + + + + +
context A hx509 context.
flags 
    +
  • HX509_ERROR_APPEND appends the error string to the old messages (code is updated).
+
code error code related to error message
fmt error message format
ap arguments to error message format
+
+ +
+

+

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__keyset.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__keyset.html new file mode 100644 index 00000000000..acce00411b9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__keyset.html @@ -0,0 +1,781 @@ + + +Heimdalx509library: hx509 certificate store functions + + + +

+keyhole logo +

+ + + +
+

hx509 certificate store functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

int hx509_certs_init (hx509_context context, const char *name, int flags, hx509_lock lock, hx509_certs *certs)
int hx509_certs_store (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)
void hx509_certs_free (hx509_certs *certs)
int hx509_certs_start_seq (hx509_context context, hx509_certs certs, hx509_cursor *cursor)
int hx509_certs_next_cert (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert *cert)
int hx509_certs_end_seq (hx509_context context, hx509_certs certs, hx509_cursor cursor)
int hx509_certs_iter_f (hx509_context context, hx509_certs certs, int(*func)(hx509_context, void *, hx509_cert), void *ctx)
int hx509_ci_print_names (hx509_context context, void *ctx, hx509_cert c)
int hx509_certs_add (hx509_context context, hx509_certs certs, hx509_cert cert)
int hx509_certs_find (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_cert *r)
int hx509_certs_filter (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_certs *result)
int hx509_certs_merge (hx509_context context, hx509_certs to, hx509_certs from)
int hx509_certs_append (hx509_context context, hx509_certs to, hx509_lock lock, const char *name)
int hx509_get_one_cert (hx509_context context, hx509_certs certs, hx509_cert *c)
int hx509_certs_info (hx509_context context, hx509_certs certs, int(*func)(void *, const char *), void *ctx)
+

Detailed Description

+See the Certificate store operations for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_add (hx509_context  context,
hx509_certs  certs,
hx509_cert  cert 
)
+
+
+ +

+Add a certificate to the certificiate store.

+The receiving keyset certs will either increase reference counter of the cert or make a deep copy, either way, the caller needs to free the cert itself.

+

Parameters:
+ + + + +
context a hx509 context.
certs certificate store to add the certificate to.
cert certificate to add.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_append (hx509_context  context,
hx509_certs  to,
hx509_lock  lock,
const char *  name 
)
+
+
+ +

+Same a hx509_certs_merge() but use a lock and name to describe the from source.

+

Parameters:
+ + + + + +
context a hx509 context.
to the store to merge into.
lock a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see Locking and unlocking certificates and encrypted data.).
name name of the source store
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_end_seq (hx509_context  context,
hx509_certs  certs,
hx509_cursor  cursor 
)
+
+
+ +

+End the iteration over certificates.

+

Parameters:
+ + + + +
context a hx509 context.
certs certificate store to iterate over.
cursor cursor that will keep track of progress, freed.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_filter (hx509_context  context,
hx509_certs  certs,
const hx509_query *  q,
hx509_certs *  result 
)
+
+
+ +

+Filter certificate matching the query.

+

Parameters:
+ + + + + +
context a hx509 context.
certs certificate store to search.
q query allocated with hx509 query functions functions.
result the filtered certificate store, caller must free with hx509_certs_free().
+
+
Returns:
Returns an hx509 error code.
+ +

+Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_find (hx509_context  context,
hx509_certs  certs,
const hx509_query *  q,
hx509_cert *  r 
)
+
+
+ +

+Find a certificate matching the query.

+

Parameters:
+ + + + + +
context a hx509 context.
certs certificate store to search.
q query allocated with hx509 query functions functions.
r return certificate (or NULL on error), should be freed with hx509_cert_free().
+
+
Returns:
Returns an hx509 error code.
+ +

+Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query. +

+

+ +

+
+ + + + + + + + + +
void hx509_certs_free (hx509_certs *  certs  ) 
+
+
+ +

+Free a certificate store.

+

Parameters:
+ + +
certs certificate store to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_info (hx509_context  context,
hx509_certs  certs,
int(*)(void *, const char *)  func,
void *  ctx 
)
+
+
+ +

+Print some info about the certificate store.

+

Parameters:
+ + + + + +
context a hx509 context.
certs certificate store to print information about.
func function that will get each line of the information, if NULL is used the data is printed on a FILE descriptor that should be passed in ctx, if ctx also is NULL, stdout is used.
ctx parameter to func.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_init (hx509_context  context,
const char *  name,
int  flags,
hx509_lock  lock,
hx509_certs *  certs 
)
+
+
+ +

+Open or creates a new hx509 certificate store.

+

Parameters:
+ + + + + + +
context A hx509 context
name name of the store, format is TYPE:type-specific-string, if NULL is used the MEMORY store is used.
flags list of flags:
    +
  • HX509_CERTS_CREATE create a new keystore of the specific TYPE.
  • HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted.
+
lock a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see Locking and unlocking certificates and encrypted data.).
certs return pointer, free with hx509_certs_free().
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_iter_f (hx509_context  context,
hx509_certs  certs,
int(*)(hx509_context, void *, hx509_cert)  func,
void *  ctx 
)
+
+
+ +

+Iterate over all certificates in a keystore and call an function for each fo them.

+

Parameters:
+ + + + + +
context a hx509 context.
certs certificate store to iterate over.
func function to call for each certificate. The function should return non-zero to abort the iteration, that value is passed back to the caller of hx509_certs_iter_f().
ctx context variable that will passed to the function.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_merge (hx509_context  context,
hx509_certs  to,
hx509_certs  from 
)
+
+
+ +

+Merge a certificate store into another. The from store is keep intact.

+

Parameters:
+ + + + +
context a hx509 context.
to the store to merge into.
from the store to copy the object from.
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_next_cert (hx509_context  context,
hx509_certs  certs,
hx509_cursor  cursor,
hx509_cert *  cert 
)
+
+
+ +

+Get next ceritificate from the certificate keystore pointed out by cursor.

+

Parameters:
+ + + + + +
context a hx509 context.
certs certificate store to iterate over.
cursor cursor that keeps track of progress.
cert return certificate next in store, NULL if the store contains no more certificates. Free with hx509_cert_free().
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_start_seq (hx509_context  context,
hx509_certs  certs,
hx509_cursor *  cursor 
)
+
+
+ +

+Start the integration

+

Parameters:
+ + + + +
context a hx509 context.
certs certificate store to iterate over
cursor cursor that will keep track of progress, free with hx509_certs_end_seq().
+
+
Returns:
Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is returned if the certificate store doesn't support the iteration operation.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_certs_store (hx509_context  context,
hx509_certs  certs,
int  flags,
hx509_lock  lock 
)
+
+
+ +

+Write the certificate store to stable storage.

+

Parameters:
+ + + + + +
context A hx509 context.
certs a certificate store to store.
flags currently unused, use 0.
lock a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see Locking and unlocking certificates and encrypted data.).
+
+
Returns:
Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if the certificate store doesn't support the store operation.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ci_print_names (hx509_context  context,
void *  ctx,
hx509_cert  c 
)
+
+
+ +

+Iterate over all certificates in a keystore and call an function for each fo them.

+

Parameters:
+ + + + +
context a hx509 context.
certs certificate store to iterate over.
func function to call for each certificate. The function should return non-zero to abort the iteration, that value is passed back to the caller of hx509_certs_iter().
+
+
Returns:
Returns an hx509 error code. Function to use to hx509_certs_iter_f() as a function argument, the ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
+
Parameters:
+ + + + +
context a hx509 context.
ctx used by hx509_certs_iter_f().
c a certificate
+
+
Returns:
Returns an hx509 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_get_one_cert (hx509_context  context,
hx509_certs  certs,
hx509_cert *  c 
)
+
+
+ +

+Get one random certificate from the certificate store.

+

Parameters:
+ + + + +
context a hx509 context.
certs a certificate store to get the certificate from.
c return certificate, should be freed with hx509_cert_free().
+
+
Returns:
Returns an hx509 error code.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:11 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__lock.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__lock.html new file mode 100644 index 00000000000..b10c22ab34c --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__lock.html @@ -0,0 +1,29 @@ + + +Heimdalx509library: hx509 lock functions + + + +

+keyhole logo +

+ + + +
+

hx509 lock functions

+ +
+See the Locking and unlocking certificates and encrypted data. for description and examples.
+
+Generated on Fri Sep 30 15:26:13 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__misc.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__misc.html new file mode 100644 index 00000000000..37dd15de4ea --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__misc.html @@ -0,0 +1,88 @@ + + +Heimdalx509library: hx509 misc functions + + + +

+keyhole logo +

+ + + +
+

hx509 misc functions

+ + + + + + +

Functions

void hx509_free_octet_string_list (hx509_octet_string_list *list)
void hx509_xfree (void *ptr)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + +
void hx509_free_octet_string_list (hx509_octet_string_list *  list  ) 
+
+
+ +

+Free a list of octet strings returned by another hx509 library function.

+

Parameters:
+ + +
list list to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_xfree (void *  ptr  ) 
+
+
+ +

+Free a data element allocated in the library.

+

Parameters:
+ + +
ptr data to be freed.
+
+ +
+

+

+
+Generated on Fri Sep 30 15:26:11 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__name.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__name.html new file mode 100644 index 00000000000..decfa695340 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__name.html @@ -0,0 +1,470 @@ + + +Heimdalx509library: hx509 name functions + + + +

+keyhole logo +

+ + + +
+

hx509 name functions

+ + + + + + + + + + + + + + + + + + + + + + + + +

Functions

int hx509_name_to_string (const hx509_name name, char **str)
int hx509_name_cmp (hx509_name n1, hx509_name n2)
int hx509_parse_name (hx509_context context, const char *str, hx509_name *name)
int hx509_name_copy (hx509_context context, const hx509_name from, hx509_name *to)
int hx509_name_to_Name (const hx509_name from, Name *to)
int hx509_name_expand (hx509_context context, hx509_name name, hx509_env env)
void hx509_name_free (hx509_name *name)
int hx509_unparse_der_name (const void *data, size_t length, char **str)
int hx509_name_binary (const hx509_name name, heim_octet_string *os)
int hx509_name_is_null_p (const hx509_name name)
int hx509_general_name_unparse (GeneralName *name, char **str)
+

Detailed Description

+See the PKIX/X.509 Names for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
int hx509_general_name_unparse (GeneralName *  name,
char **  str 
)
+
+
+ +

+Unparse the hx509 name in name into a string.

+

Parameters:
+ + + +
name the name to print
str an allocated string returns the name in string form
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_name_binary (const hx509_name  name,
heim_octet_string *  os 
)
+
+
+ +

+Convert a hx509_name object to DER encoded name.

+

Parameters:
+ + + +
name name to concert
os data to a DER encoded name, free the resulting octet string with hx509_xfree(os->data).
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_name_cmp (hx509_name  n1,
hx509_name  n2 
)
+
+
+ +

+Compare to hx509 name object, useful for sorting.

+

Parameters:
+ + + +
n1 a hx509 name object.
n2 a hx509 name object.
+
+
Returns:
0 the objects are the same, returns > 0 is n2 is "larger" then n2, < 0 if n1 is "smaller" then n2.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_name_copy (hx509_context  context,
const hx509_name  from,
hx509_name *  to 
)
+
+
+ +

+Copy a hx509 name object.

+

Parameters:
+ + + + +
context A hx509 cotext.
from the name to copy from
to the name to copy to
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_name_expand (hx509_context  context,
hx509_name  name,
hx509_env  env 
)
+
+
+ +

+Expands variables in the name using env. Variables are on the form ${name}. Useful when dealing with certificate templates.

+

Parameters:
+ + + + +
context A hx509 cotext.
name the name to expand.
env environment variable to expand.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +

+Only UTF8String rdnSequence names are allowed +

+

+ +

+
+ + + + + + + + + +
void hx509_name_free (hx509_name *  name  ) 
+
+
+ +

+Free a hx509 name object, upond return *name will be NULL.

+

Parameters:
+ + +
name a hx509 name object to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + +
int hx509_name_is_null_p (const hx509_name  name  ) 
+
+
+ +

+Unparse the hx509 name in name into a string.

+

Parameters:
+ + +
name the name to check if its empty/null.
+
+
Returns:
non zero if the name is empty/null.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_name_to_Name (const hx509_name  from,
Name *  to 
)
+
+
+ +

+Convert a hx509_name into a Name.

+

Parameters:
+ + + +
from the name to copy from
to the name to copy to
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_name_to_string (const hx509_name  name,
char **  str 
)
+
+
+ +

+Convert the hx509 name object into a printable string. The resulting string should be freed with free().

+

Parameters:
+ + + +
name name to print
str the string to return
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_parse_name (hx509_context  context,
const char *  str,
hx509_name *  name 
)
+
+
+ +

+Parse a string into a hx509 name object.

+

Parameters:
+ + + + +
context A hx509 context.
str a string to parse.
name the resulting object, NULL in case of error.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_unparse_der_name (const void *  data,
size_t  length,
char **  str 
)
+
+
+ +

+Convert a DER encoded name info a string.

+

Parameters:
+ + + + +
data data to a DER/BER encoded name
length length of data
str the resulting string, is NULL on failure.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:12 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__peer.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__peer.html new file mode 100644 index 00000000000..c750f1ceada --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__peer.html @@ -0,0 +1,237 @@ + + +Heimdalx509library: hx509 certificate selecting functions + + + +

+keyhole logo +

+ + + +
+

hx509 certificate selecting functions

+ + + + + + + + + + + + +

Functions

int hx509_peer_info_alloc (hx509_context context, hx509_peer_info *peer)
void hx509_peer_info_free (hx509_peer_info peer)
int hx509_peer_info_set_cert (hx509_peer_info peer, hx509_cert cert)
int hx509_peer_info_add_cms_alg (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val)
int hx509_peer_info_set_cms_algs (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val, size_t len)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_peer_info_add_cms_alg (hx509_context  context,
hx509_peer_info  peer,
const AlgorithmIdentifier *  val 
)
+
+
+ +

+Add an additional algorithm that the peer supports.

+

Parameters:
+ + + + +
context A hx509 context.
peer the peer to set the new algorithms for
val an AlgorithmsIdentier to add
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_peer_info_alloc (hx509_context  context,
hx509_peer_info *  peer 
)
+
+
+ +

+Allocate a new peer info structure an init it to default values.

+

Parameters:
+ + + +
context A hx509 context.
peer return an allocated peer, free with hx509_peer_info_free().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_peer_info_free (hx509_peer_info  peer  ) 
+
+
+ +

+Free a peer info structure.

+

Parameters:
+ + +
peer peer info to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_peer_info_set_cert (hx509_peer_info  peer,
hx509_cert  cert 
)
+
+
+ +

+Set the certificate that remote peer is using.

+

Parameters:
+ + + +
peer peer info to update
cert cerificate of the remote peer.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_peer_info_set_cms_algs (hx509_context  context,
hx509_peer_info  peer,
const AlgorithmIdentifier *  val,
size_t  len 
)
+
+
+ +

+Set the algorithms that the peer supports.

+

Parameters:
+ + + + + +
context A hx509 context.
peer the peer to set the new algorithms for
val array of supported AlgorithmsIdentiers
len length of array val.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:13 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__print.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__print.html new file mode 100644 index 00000000000..dba1b2546e7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__print.html @@ -0,0 +1,452 @@ + + +Heimdalx509library: hx509 printing functions + + + +

+keyhole logo +

+ + + +
+

hx509 printing functions

+ + + + + + + + + + + + + + + + + + + + + + +

Functions

void hx509_print_stdout (void *ctx, const char *fmt, va_list va)
int hx509_oid_sprint (const heim_oid *oid, char **str)
void hx509_oid_print (const heim_oid *oid, hx509_vprint_func func, void *ctx)
void hx509_bitstring_print (const heim_bit_string *b, hx509_vprint_func func, void *ctx)
int hx509_cert_keyusage_print (hx509_context context, hx509_cert c, char **s)
int hx509_validate_ctx_init (hx509_context context, hx509_validate_ctx *ctx)
void hx509_validate_ctx_set_print (hx509_validate_ctx ctx, hx509_vprint_func func, void *c)
void hx509_validate_ctx_add_flags (hx509_validate_ctx ctx, int flags)
void hx509_validate_ctx_free (hx509_validate_ctx ctx)
int hx509_validate_cert (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_bitstring_print (const heim_bit_string *  b,
hx509_vprint_func  func,
void *  ctx 
)
+
+
+ +

+Print a bitstring using a hx509_vprint_func function. To print to stdout use hx509_print_stdout().

+

Parameters:
+ + + + +
b bit string to print.
func hx509_vprint_func to print with.
ctx context variable to hx509_vprint_func function.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_cert_keyusage_print (hx509_context  context,
hx509_cert  c,
char **  s 
)
+
+
+ +

+Print certificate usage for a certificate to a string.

+

Parameters:
+ + + + +
context A hx509 context.
c a certificate print the keyusage for.
s the return string with the keysage printed in to, free with hx509_xfree().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_oid_print (const heim_oid *  oid,
hx509_vprint_func  func,
void *  ctx 
)
+
+
+ +

+Print a oid using a hx509_vprint_func function. To print to stdout use hx509_print_stdout().

+

Parameters:
+ + + + +
oid oid to print
func hx509_vprint_func to print with.
ctx context variable to hx509_vprint_func function.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_oid_sprint (const heim_oid *  oid,
char **  str 
)
+
+
+ +

+Print a oid to a string.

+

Parameters:
+ + + +
oid oid to print
str allocated string, free with hx509_xfree().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_print_stdout (void *  ctx,
const char *  fmt,
va_list  va 
)
+
+
+ +

+Helper function to print on stdout for:

+

+

Parameters:
+ + + + +
ctx the context to the print function. If the ctx is NULL, stdout is used.
fmt the printing format.
va the argumet list.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_validate_cert (hx509_context  context,
hx509_validate_ctx  ctx,
hx509_cert  cert 
)
+
+
+ +

+Validate/Print the status of the certificate.

+

Parameters:
+ + + + +
context A hx509 context.
ctx A hx509 validation context.
cert the cerificate to validate/print.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_validate_ctx_add_flags (hx509_validate_ctx  ctx,
int  flags 
)
+
+
+ +

+Add flags to control the behaivor of the hx509_validate_cert() function.

+

Parameters:
+ + + +
ctx A hx509 validation context.
flags flags to add to the validation context.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_validate_ctx_free (hx509_validate_ctx  ctx  ) 
+
+
+ +

+Free an hx509 validate context.

+

Parameters:
+ + +
ctx the hx509 validate context to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_validate_ctx_init (hx509_context  context,
hx509_validate_ctx *  ctx 
)
+
+
+ +

+Allocate a hx509 validation/printing context.

+

Parameters:
+ + + +
context A hx509 context.
ctx a new allocated hx509 validation context, free with hx509_validate_ctx_free().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
void hx509_validate_ctx_set_print (hx509_validate_ctx  ctx,
hx509_vprint_func  func,
void *  c 
)
+
+
+ +

+Set the printing functions for the validation context.

+

Parameters:
+ + + + +
ctx a hx509 valication context.
func the printing function to usea.
c the context variable to the printing function.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:14 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__query.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__query.html new file mode 100644 index 00000000000..4ef973c6091 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__query.html @@ -0,0 +1,29 @@ + + +Heimdalx509library: hx509 query functions + + + +

+keyhole logo +

+ + + +
+

hx509 query functions

+ +
+
+
+Generated on Fri Sep 30 15:26:13 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__revoke.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__revoke.html new file mode 100644 index 00000000000..1e375f77934 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__revoke.html @@ -0,0 +1,378 @@ + + +Heimdalx509library: hx509 revokation checking functions + + + +

+keyhole logo +

+ + + +
+

hx509 revokation checking functions

+ + + + + + + + + + + + + + + + +

Functions

int hx509_revoke_init (hx509_context context, hx509_revoke_ctx *ctx)
void hx509_revoke_free (hx509_revoke_ctx *ctx)
int hx509_revoke_add_ocsp (hx509_context context, hx509_revoke_ctx ctx, const char *path)
int hx509_revoke_add_crl (hx509_context context, hx509_revoke_ctx ctx, const char *path)
int hx509_revoke_verify (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)
int hx509_ocsp_request (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier *digest, heim_octet_string *request, heim_octet_string *nonce)
int hx509_revoke_ocsp_print (hx509_context context, const char *path, FILE *out)
+

Detailed Description

+See the Revocation methods for description and examples.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ocsp_request (hx509_context  context,
hx509_certs  reqcerts,
hx509_certs  pool,
hx509_cert  signer,
const AlgorithmIdentifier *  digest,
heim_octet_string *  request,
heim_octet_string *  nonce 
)
+
+
+ +

+Create an OCSP request for a set of certificates.

+

Parameters:
+ + + + + + + + +
context a hx509 context
reqcerts list of certificates to request ocsp data for
pool certificate pool to use when signing
signer certificate to use to sign the request
digest the signing algorithm in the request, if NULL use the default signature algorithm,
request the encoded request, free with free_heim_octet_string().
nonce nonce in the request, free with free_heim_octet_string().
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_revoke_add_crl (hx509_context  context,
hx509_revoke_ctx  ctx,
const char *  path 
)
+
+
+ +

+Add a CRL file to the revokation context.

+

Parameters:
+ + + + +
context hx509 context
ctx hx509 revokation context
path path to file that is going to be added to the context.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_revoke_add_ocsp (hx509_context  context,
hx509_revoke_ctx  ctx,
const char *  path 
)
+
+
+ +

+Add a OCSP file to the revokation context.

+

Parameters:
+ + + + +
context hx509 context
ctx hx509 revokation context
path path to file that is going to be added to the context.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_revoke_free (hx509_revoke_ctx *  ctx  ) 
+
+
+ +

+Free a hx509 revokation context.

+

Parameters:
+ + +
ctx context to be freed
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_revoke_init (hx509_context  context,
hx509_revoke_ctx *  ctx 
)
+
+
+ +

+Allocate a revokation context. Free with hx509_revoke_free().

+

Parameters:
+ + + +
context A hx509 context.
ctx returns a newly allocated revokation context.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_revoke_ocsp_print (hx509_context  context,
const char *  path,
FILE *  out 
)
+
+
+ +

+Print the OCSP reply stored in a file.

+

Parameters:
+ + + + +
context a hx509 context
path path to a file with a OCSP reply
out the out FILE descriptor to print the reply on
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_revoke_verify (hx509_context  context,
hx509_revoke_ctx  ctx,
hx509_certs  certs,
time_t  now,
hx509_cert  cert,
hx509_cert  parent_cert 
)
+
+
+ +

+Check that a certificate is not expired according to a revokation context. Also need the parent certificte to the check OCSP parent identifier.

+

Parameters:
+ + + + + + + +
context hx509 context
ctx hx509 revokation context
certs 
now 
cert 
parent_cert 
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:12 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__verify.html b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__verify.html new file mode 100644 index 00000000000..2296ed3650e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/group__hx509__verify.html @@ -0,0 +1,714 @@ + + +Heimdalx509library: hx509 verification functions + + + +

+keyhole logo +

+ + + +
+

hx509 verification functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

void hx509_context_set_missing_revoke (hx509_context context, int flag)
int hx509_verify_init_ctx (hx509_context context, hx509_verify_ctx *ctx)
void hx509_verify_destroy_ctx (hx509_verify_ctx ctx)
void hx509_verify_attach_anchors (hx509_verify_ctx ctx, hx509_certs set)
void hx509_verify_attach_revoke (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)
void hx509_verify_set_time (hx509_verify_ctx ctx, time_t t)
void hx509_verify_set_max_depth (hx509_verify_ctx ctx, unsigned int max_depth)
void hx509_verify_set_proxy_certificate (hx509_verify_ctx ctx, int boolean)
void hx509_verify_set_strict_rfc3280_verification (hx509_verify_ctx ctx, int boolean)
int hx509_verify_path (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)
int hx509_ocsp_verify (hx509_context context, time_t now, hx509_cert cert, int flags, const void *data, size_t length, time_t *expiration)
int hx509_crl_alloc (hx509_context context, hx509_crl *crl)
int hx509_crl_add_revoked_certs (hx509_context context, hx509_crl crl, hx509_certs certs)
int hx509_crl_lifetime (hx509_context context, hx509_crl crl, int delta)
void hx509_crl_free (hx509_context context, hx509_crl *crl)
int hx509_crl_sign (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string *os)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
void hx509_context_set_missing_revoke (hx509_context  context,
int  flag 
)
+
+
+ +

+Selects if the hx509_revoke_verify() function is going to require the existans of a revokation method (OCSP, CRL) or not. Note that hx509_verify_path(), hx509_cms_verify_signed(), and other function call hx509_revoke_verify().

+

Parameters:
+ + + +
context hx509 context to change the flag for.
flag zero, revokation method required, non zero missing revokation method ok
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_crl_add_revoked_certs (hx509_context  context,
hx509_crl  crl,
hx509_certs  certs 
)
+
+
+ +

+Add revoked certificate to an CRL context.

+

Parameters:
+ + + + +
context a hx509 context.
crl the CRL to add the revoked certificate to.
certs keyset of certificate to revoke.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_crl_alloc (hx509_context  context,
hx509_crl *  crl 
)
+
+
+ +

+Create a CRL context. Use hx509_crl_free() to free the CRL context.

+

Parameters:
+ + + +
context a hx509 context.
crl return pointer to a newly allocated CRL context.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_crl_free (hx509_context  context,
hx509_crl *  crl 
)
+
+
+ +

+Free a CRL context.

+

Parameters:
+ + + +
context a hx509 context.
crl a CRL context to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_crl_lifetime (hx509_context  context,
hx509_crl  crl,
int  delta 
)
+
+
+ +

+Set the lifetime of a CRL context.

+

Parameters:
+ + + + +
context a hx509 context.
crl a CRL context
delta delta time the certificate is valid, library adds the current time to this.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_crl_sign (hx509_context  context,
hx509_cert  signer,
hx509_crl  crl,
heim_octet_string *  os 
)
+
+
+ +

+Sign a CRL and return an encode certificate.

+

Parameters:
+ + + + + +
context a hx509 context.
signer certificate to sign the CRL with
crl the CRL to sign
os return the signed and encoded CRL, free with free_heim_octet_string()
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_ocsp_verify (hx509_context  context,
time_t  now,
hx509_cert  cert,
int  flags,
const void *  data,
size_t  length,
time_t *  expiration 
)
+
+
+ +

+Verify that the certificate is part of the OCSP reply and it's not expired. Doesn't verify signature the OCSP reply or it's done by a authorized sender, that is assumed to be already done.

+

Parameters:
+ + + + + + + + +
context a hx509 context
now the time right now, if 0, use the current time.
cert the certificate to verify
flags flags control the behavior
data pointer to the encode ocsp reply
length the length of the encode ocsp reply
expiration return the time the OCSP will expire and need to be rechecked.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_attach_anchors (hx509_verify_ctx  ctx,
hx509_certs  set 
)
+
+
+ +

+Set the trust anchors in the verification context, makes an reference to the keyset, so the consumer can free the keyset independent of the destruction of the verification context (ctx). If there already is a keyset attached, it's released.

+

Parameters:
+ + + +
ctx a verification context
set a keyset containing the trust anchors.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_attach_revoke (hx509_verify_ctx  ctx,
hx509_revoke_ctx  revoke_ctx 
)
+
+
+ +

+Attach an revocation context to the verfication context, , makes an reference to the revoke context, so the consumer can free the revoke context independent of the destruction of the verification context. If there is no revoke context, the verification process is NOT going to check any verification status.

+

Parameters:
+ + + +
ctx a verification context.
revoke_ctx a revoke context.
+
+ +
+

+ +

+
+ + + + + + + + + +
void hx509_verify_destroy_ctx (hx509_verify_ctx  ctx  ) 
+
+
+ +

+Free an hx509 verification context.

+

Parameters:
+ + +
ctx the context to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int hx509_verify_init_ctx (hx509_context  context,
hx509_verify_ctx *  ctx 
)
+
+
+ +

+Allocate an verification context that is used fo control the verification process.

+

Parameters:
+ + + +
context A hx509 context.
ctx returns a pointer to a hx509_verify_ctx object.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int hx509_verify_path (hx509_context  context,
hx509_verify_ctx  ctx,
hx509_cert  cert,
hx509_certs  pool 
)
+
+
+ +

+Build and verify the path for the certificate to the trust anchor specified in the verify context. The path is constructed from the certificate, the pool and the trust anchors.

+

Parameters:
+ + + + + +
context A hx509 context.
ctx A hx509 verification context.
cert the certificate to build the path from.
pool A keyset of certificates to build the chain from.
+
+
Returns:
An hx509 error code, see hx509_get_error_string().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_set_max_depth (hx509_verify_ctx  ctx,
unsigned int  max_depth 
)
+
+
+ +

+Set the maximum depth of the certificate chain that the path builder is going to try.

+

Parameters:
+ + + +
ctx a verification context
max_depth maxium depth of the certificate chain, include trust anchor.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_set_proxy_certificate (hx509_verify_ctx  ctx,
int  boolean 
)
+
+
+ +

+Allow or deny the use of proxy certificates

+

Parameters:
+ + + +
ctx a verification context
boolean if non zero, allow proxy certificates.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_set_strict_rfc3280_verification (hx509_verify_ctx  ctx,
int  boolean 
)
+
+
+ +

+Select strict RFC3280 verification of certificiates. This means checking key usage on CA certificates, this will make version 1 certificiates unuseable.

+

Parameters:
+ + + +
ctx a verification context
boolean if non zero, use strict verification.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
void hx509_verify_set_time (hx509_verify_ctx  ctx,
time_t  t 
)
+
+
+ +

+Set the clock time the the verification process is going to use. Used to check certificate in the past and future time. If not set the current time will be used.

+

Parameters:
+ + + +
ctx a verification context.
t the time the verifiation is using.
+
+ +
+

+

+
+Generated on Fri Sep 30 15:26:13 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/index.html b/crypto/heimdal/doc/doxyout/hx509/html/index.html new file mode 100644 index 00000000000..d73d5e184e2 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/index.html @@ -0,0 +1,35 @@ + + +Heimdalx509library: Heimdal PKIX/X.509 library + + + +

+keyhole logo +

+ + + +
+

Heimdal PKIX/X.509 library

+

+

1.5.1

+Introduction

+Heimdal libhx509 library is a implementation of the PKIX/X.509 and related protocols.

+PKIX/X.509 is ...

+Sections in this manual are:

+

+The project web page: http://www.h5l.org/

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/modules.html b/crypto/heimdal/doc/doxyout/hx509/html/modules.html new file mode 100644 index 00000000000..1ac9379ff1d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/modules.html @@ -0,0 +1,44 @@ + + +Heimdalx509library: Module Index + + + +

+keyhole logo +

+ + + +
+

Modules

Here is a list of all modules: +
+
+Generated on Fri Sep 30 15:26:14 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_ca.html b/crypto/heimdal/doc/doxyout/hx509/html/page_ca.html new file mode 100644 index 00000000000..fa5201e4b3b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_ca.html @@ -0,0 +1,26 @@ + + +Heimdalx509library: Hx509 CA functions + + + +

+keyhole logo +

+ + + +
+

Hx509 CA functions

See the library functions here: hx509 CA functions
+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_cert.html b/crypto/heimdal/doc/doxyout/hx509/html/page_cert.html new file mode 100644 index 00000000000..897c5f98de1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_cert.html @@ -0,0 +1,28 @@ + + +Heimdalx509library: The basic certificate + + + +

+keyhole logo +

+ + + +
+

The basic certificate

The basic hx509 cerificate object in hx509 is hx509_cert. The hx509_cert object is representing one X509/PKIX certificate and associated attributes; like private key, friendly name, etc.

+A hx509_cert object is usully found via the keyset interfaces (Certificate store operations), but its also possible to create a certificate directly from a parsed object with hx509_cert_init() and hx509_cert_init_data().

+See the library functions here: hx509 certificate functions

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_cms.html b/crypto/heimdal/doc/doxyout/hx509/html/page_cms.html new file mode 100644 index 00000000000..ad753891462 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_cms.html @@ -0,0 +1,30 @@ + + +Heimdalx509library: CMS/PKCS7 message functions. + + + +

+keyhole logo +

+ + + +
+

CMS/PKCS7 message functions.

CMS is defined in RFC 3369 and is an continuation of the RSA Labs standard PKCS7. The basic messages in CMS is

+

    +
  • SignedData Data signed with private key (RSA, DSA, ECDSA) or secret (symmetric) key
  • EnvelopedData Data encrypted with private key (RSA)
  • EncryptedData Data encrypted with secret (symmetric) key.
  • ContentInfo Wrapper structure including type and data.
+

+See the library functions here: hx509 CMS/pkcs7 functions

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_env.html b/crypto/heimdal/doc/doxyout/hx509/html/page_env.html new file mode 100644 index 00000000000..add94d6ac7d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_env.html @@ -0,0 +1,26 @@ + + +Heimdalx509library: Hx509 enviroment functions + + + +

+keyhole logo +

+ + + +
+

Hx509 enviroment functions

See the library functions here: hx509 enviroment functions
+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_error.html b/crypto/heimdal/doc/doxyout/hx509/html/page_error.html new file mode 100644 index 00000000000..8055b3870f1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_error.html @@ -0,0 +1,26 @@ + + +Heimdalx509library: Hx509 error reporting functions + + + +

+keyhole logo +

+ + + +
+

Hx509 error reporting functions

See the library functions here: hx509 error functions
+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_keyset.html b/crypto/heimdal/doc/doxyout/hx509/html/page_keyset.html new file mode 100644 index 00000000000..4bd2894be0c --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_keyset.html @@ -0,0 +1,29 @@ + + +Heimdalx509library: Certificate store operations + + + +

+keyhole logo +

+ + + +
+

Certificate store operations

Type of certificates store:
    +
  • MEMORY In memory based format. Doesnt support storing.
  • FILE FILE supports raw DER certicates and PEM certicates. When PEM is used the file can contain may certificates and match private keys. Support storing the certificates. DER format only supports on certificate and no private key.
  • PEM-FILE Same as FILE, defaulting to PEM encoded certificates.
  • PEM-FILE Same as FILE, defaulting to DER encoded certificates.
  • PKCS11
  • PKCS12
  • DIR
  • KEYCHAIN Apple Mac OS X KeyChain backed keychain object.
+

+See the library functions here: hx509 certificate store functions

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_lock.html b/crypto/heimdal/doc/doxyout/hx509/html/page_lock.html new file mode 100644 index 00000000000..9758006f042 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_lock.html @@ -0,0 +1,26 @@ + + +Heimdalx509library: Locking and unlocking certificates and encrypted data. + + + +

+keyhole logo +

+ + + +
+

Locking and unlocking certificates and encrypted data.

See the library functions here: hx509 lock functions
+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_name.html b/crypto/heimdal/doc/doxyout/hx509/html/page_name.html new file mode 100644 index 00000000000..cc69c1c0ae9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_name.html @@ -0,0 +1,32 @@ + + +Heimdalx509library: PKIX/X.509 Names + + + +

+keyhole logo +

+ + + +
+

PKIX/X.509 Names

There are several names in PKIX/X.509, GeneralName and Name.

+A Name consists of an ordered list of Relative Distinguished Names (RDN). Each RDN consists of an unordered list of typed strings. The types are defined by OID and have long and short description. For example id-at-commonName (2.5.4.3) have the long name CommonName and short name CN. The string itself can be of several encoding, UTF8, UTF16, Teltex string, etc. The type limit what encoding should be used.

+GeneralName is a broader nametype that can contains al kind of stuff like Name, IP addresses, partial Name, etc.

+Name is mapped into a hx509_name object.

+Parse and string name into a hx509_name object with hx509_parse_name(), make it back into string representation with hx509_name_to_string().

+Name string are defined rfc2253, rfc1779 and X.501.

+See the library functions here: hx509 name functions

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_peer.html b/crypto/heimdal/doc/doxyout/hx509/html/page_peer.html new file mode 100644 index 00000000000..a51ab87db58 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_peer.html @@ -0,0 +1,27 @@ + + +Heimdalx509library: Hx509 crypto selecting functions + + + +

+keyhole logo +

+ + + +
+

Hx509 crypto selecting functions

Peer info structures are used togeter with hx509_crypto_select() to select the best avaible crypto algorithm to use.

+See the library functions here: hx509 certificate selecting functions

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_print.html b/crypto/heimdal/doc/doxyout/hx509/html/page_print.html new file mode 100644 index 00000000000..aa28eedc239 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_print.html @@ -0,0 +1,26 @@ + + +Heimdalx509library: Hx509 printing functions + + + +

+keyhole logo +

+ + + +
+

Hx509 printing functions

See the library functions here: hx509 printing functions
+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/page_revoke.html b/crypto/heimdal/doc/doxyout/hx509/html/page_revoke.html new file mode 100644 index 00000000000..8115e8bbad1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/page_revoke.html @@ -0,0 +1,28 @@ + + +Heimdalx509library: Revocation methods + + + +

+keyhole logo +

+ + + +
+

Revocation methods

There are two revocation method for PKIX/X.509: CRL and OCSP. Revocation is needed if the private key is lost and stolen. Depending on how picky you are, you might want to make revocation for destroyed private keys too (smartcard broken), but that should not be a problem.

+CRL is a list of certifiates that have expired.

+OCSP is an online checking method where the requestor sends a list of certificates to the OCSP server to return a signed reply if they are valid or not. Some services sends a OCSP reply as part of the hand-shake to make the revoktion decision simpler/faster for the client.

+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/pages.html b/crypto/heimdal/doc/doxyout/hx509/html/pages.html new file mode 100644 index 00000000000..913d7b99455 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/pages.html @@ -0,0 +1,50 @@ + + +Heimdalx509library: Page Index + + + +

+keyhole logo +

+ + + +
+

Related Pages

Here is a list of all related documentation pages: +
+
+Generated on Fri Sep 30 15:26:09 2011 for Heimdalx509library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/hx509/html/tab_b.gif b/crypto/heimdal/doc/doxyout/hx509/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hx509/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/hx509/html/tab_l.gif b/crypto/heimdal/doc/doxyout/hx509/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hx509/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/hx509/html/tab_r.gif b/crypto/heimdal/doc/doxyout/hx509/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/hx509/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/hx509/html/tabs.css b/crypto/heimdal/doc/doxyout/hx509/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509.3 new file mode 100644 index 00000000000..9c0666d1843 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509.3 @@ -0,0 +1,45 @@ +.TH "hx509 library" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 library \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_context_init\fP (hx509_context *context)" +.br +.ti -1c +.RI "void \fBhx509_context_free\fP (hx509_context *context)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_context_free (hx509_context * context)" +.PP +Free the context allocated by \fBhx509_context_init()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP context to be freed. +.RE +.PP + +.SS "int hx509_context_init (hx509_context * context)" +.PP +Creates a hx509 context that most functions in the library uses. The context is only allowed to be used by one thread at each moment. Free the context with \fBhx509_context_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Returns a pointer to new hx509 context. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_bitstring_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_bitstring_print.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_bitstring_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 new file mode 100644 index 00000000000..17204a06eb1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca.3 @@ -0,0 +1,573 @@ +.TH "hx509 CA functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 CA functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_ca_tbs_init\fP (hx509_context context, hx509_ca_tbs *tbs)" +.br +.ti -1c +.RI "void \fBhx509_ca_tbs_free\fP (hx509_ca_tbs *tbs)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notBefore\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notAfter\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notAfter_lifetime\fP (hx509_context context, hx509_ca_tbs tbs, time_t delta)" +.br +.ti -1c +.RI "struct units * \fBhx509_ca_tbs_template_units\fP (void)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_template\fP (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_ca\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_proxy\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_domaincontroller\fP (hx509_context context, hx509_ca_tbs tbs)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_spki\fP (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_serialnumber\fP (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_eku\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_crl_dp_uri\fP (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_otherName\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_pkinit\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_ms_upn\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_jid\fP (hx509_context context, hx509_ca_tbs tbs, const char *jid)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_hostname\fP (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_rfc822name\fP (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_subject\fP (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_unique\fP (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_subject_expand\fP (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" +.br +.ti -1c +.RI "int \fBhx509_ca_sign\fP (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)" +.br +.ti -1c +.RI "int \fBhx509_ca_sign_self\fP (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBHx509 CA functions\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert * certificate)" +.PP +Sign a to-be-signed certificate object with a issuer certificate. +.PP +The caller needs to at least have called the following functions on the to-be-signed certificate object: +.IP "\(bu" 2 +\fBhx509_ca_tbs_init()\fP +.IP "\(bu" 2 +\fBhx509_ca_tbs_set_subject()\fP +.IP "\(bu" 2 +\fBhx509_ca_tbs_set_spki()\fP +.PP +.PP +When done the to-be-signed certificate object should be freed with \fBhx509_ca_tbs_free()\fP. +.PP +When creating self-signed certificate use \fBhx509_ca_sign_self()\fP instead. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIsigner\fP the CA certificate object to sign with (need private key). +.br +\fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert * certificate)" +.PP +Work just like \fBhx509_ca_sign()\fP but signs it-self. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIsigner\fP private key to sign with. +.br +\fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char * uri, hx509_name issuername)" +.PP +Add CRL distribution point URI to the to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIuri\fP uri to the CRL. +.br +\fIissuername\fP name of the issuer. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.PP +issuername not supported +.SS "int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid)" +.PP +An an extended key usage to the to-be-signed certificate object. Duplicates will detected and not added. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIoid\fP extended key usage to add. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char * dnsname)" +.PP +Add a Subject Alternative Name hostname to to-be-signed certificate object. A domain match starts with ., an exact match does not. +.PP +Example of a an domain match: .domain.se matches the hostname host.domain.se. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIdnsname\fP a hostame. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char * jid)" +.PP +Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object. The jid is an UTF8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIjid\fP string of an a jabber id in UTF8. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char * principal)" +.PP +Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIprincipal\fP Microsoft UPN string. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid, const heim_octet_string * os)" +.PP +Add Subject Alternative Name otherName to the to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIoid\fP the oid of the OtherName. +.br +\fIos\fP data in the other name. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char * principal)" +.PP +Add Kerberos Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIprincipal\fP Kerberos principal to add to the certificate. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char * rfc822Name)" +.PP +Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIrfc822Name\fP a string to a email address. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_ca_tbs_free (hx509_ca_tbs * tbs)" +.PP +Free an To Be Signed object. +.PP +\fBParameters:\fP +.RS 4 +\fItbs\fP object to free. +.RE +.PP + +.SS "int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs * tbs)" +.PP +Allocate an to-be-signed certificate object that will be converted into an certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP returned to-be-signed certicate object, free with \fBhx509_ca_tbs_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.PP +Make the to-be-signed certificate object a CA certificate. If the pathLenConstraint is negative path length constraint is used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIpathLenConstraint\fP path length constraint, negative, no constraint. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)" +.PP +Make the to-be-signed certificate object a windows domain controller certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.PP +Set the absolute time when the certificate is valid to. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIt\fP time when the certificate will expire +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)" +.PP +Set the relative time when the certificiate is going to expire. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIdelta\fP seconds to the certificate is going to expire. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.PP +Set the absolute time when the certificate is valid from. If not set the current time will be used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIt\fP time the certificated will start to be valid +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.PP +Make the to-be-signed certificate object a proxy certificate. If the pathLenConstraint is negative path length constraint is used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIpathLenConstraint\fP path length constraint, negative, no constraint. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer * serialNumber)" +.PP +Set the serial number to use for to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIserialNumber\fP serial number to use for the to-be-signed certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo * spki)" +.PP +Set the subject public key info (SPKI) in the to-be-signed certificate object. SPKI is the public key and key related parameters in the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIspki\fP subject public key info to use for the to-be-signed certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" +.PP +Set the subject name of a to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIsubject\fP the name to set a subject. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" +.PP +Initialize the to-be-signed certificate object from a template certifiate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIflags\fP bit field selecting what to copy from the template certifiate. +.br +\fIcert\fP template certificate. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string * subjectUniqueID, const heim_bit_string * issuerUniqueID)" +.PP +Set the issuerUniqueID and subjectUniqueID +.PP +These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier. This function is to allow application using legacy protocol to issue them. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIissuerUniqueID\fP to be set +.br +\fIsubjectUniqueID\fP to be set +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" +.PP +Expand the the subject name in the to-be-signed certificate object using \fBhx509_name_expand()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIenv\fP enviroment variable to expand variables in the subject name, see hx509_env_init(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "struct units* hx509_ca_tbs_template_units (void)\fC [read]\fP" +.PP +Make of template units, use to build flags argument to \fBhx509_ca_tbs_set_template()\fP with parse_units(). +.PP +\fBReturns:\fP +.RS 4 +an units structure. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_sign.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_sign.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_sign.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_sign_self.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_sign_self.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_sign_self.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_eku.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_eku.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_free.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_free.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_init.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_init.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_init.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_ca.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_ca.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_ca.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_proxy.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_proxy.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_proxy.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_spki.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_spki.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_spki.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_subject.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_subject.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_template.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_template.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_template.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_unique.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_unique.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_unique.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_subject_expand.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_subject_expand.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_subject_expand.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_template_units.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_template_units.3 new file mode 100644 index 00000000000..8b46f5ce9b8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ca_tbs_template_units.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert.3 new file mode 100644 index 00000000000..f57b5438f3c --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert.3 @@ -0,0 +1,700 @@ +.TH "hx509 certificate functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 certificate functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_cert_init\fP (hx509_context context, const Certificate *c, hx509_cert *cert)" +.br +.ti -1c +.RI "int \fBhx509_cert_init_data\fP (hx509_context context, const void *ptr, size_t len, hx509_cert *cert)" +.br +.ti -1c +.RI "void \fBhx509_cert_free\fP (hx509_cert cert)" +.br +.ti -1c +.RI "hx509_cert \fBhx509_cert_ref\fP (hx509_cert cert)" +.br +.ti -1c +.RI "void \fBhx509_verify_ctx_f_allow_default_trustanchors\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "int \fBhx509_cert_find_subjectAltName_otherName\fP (hx509_context context, hx509_cert cert, const heim_oid *oid, hx509_octet_string_list *list)" +.br +.ti -1c +.RI "int \fBhx509_cert_cmp\fP (hx509_cert p, hx509_cert q)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_issuer\fP (hx509_cert p, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_subject\fP (hx509_cert p, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_base_subject\fP (hx509_context context, hx509_cert c, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_serialnumber\fP (hx509_cert p, heim_integer *i)" +.br +.ti -1c +.RI "time_t \fBhx509_cert_get_notBefore\fP (hx509_cert p)" +.br +.ti -1c +.RI "time_t \fBhx509_cert_get_notAfter\fP (hx509_cert p)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_SPKI\fP (hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_SPKI_AlgorithmIdentifier\fP (hx509_context context, hx509_cert p, AlgorithmIdentifier *alg)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_issuer_unique_id\fP (hx509_context context, hx509_cert p, heim_bit_string *issuer)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_subject_unique_id\fP (hx509_context context, hx509_cert p, heim_bit_string *subject)" +.br +.ti -1c +.RI "int \fBhx509_verify_hostname\fP (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char *hostname, const struct sockaddr *sa, int sa_size)" +.br +.ti -1c +.RI "hx509_cert_attribute \fBhx509_cert_get_attribute\fP (hx509_cert cert, const heim_oid *oid)" +.br +.ti -1c +.RI "int \fBhx509_cert_set_friendly_name\fP (hx509_cert cert, const char *name)" +.br +.ti -1c +.RI "const char * \fBhx509_cert_get_friendly_name\fP (hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_query_alloc\fP (hx509_context context, hx509_query **q)" +.br +.ti -1c +.RI "void \fBhx509_query_match_option\fP (hx509_query *q, hx509_query_option option)" +.br +.ti -1c +.RI "int \fBhx509_query_match_issuer_serial\fP (hx509_query *q, const Name *issuer, const heim_integer *serialNumber)" +.br +.ti -1c +.RI "int \fBhx509_query_match_friendly_name\fP (hx509_query *q, const char *name)" +.br +.ti -1c +.RI "int \fBhx509_query_match_eku\fP (hx509_query *q, const heim_oid *eku)" +.br +.ti -1c +.RI "int \fBhx509_query_match_cmp_func\fP (hx509_query *q, int(*func)(hx509_context, hx509_cert, void *), void *ctx)" +.br +.ti -1c +.RI "void \fBhx509_query_free\fP (hx509_context context, hx509_query *q)" +.br +.ti -1c +.RI "void \fBhx509_query_statistic_file\fP (hx509_context context, const char *fn)" +.br +.ti -1c +.RI "void \fBhx509_query_unparse_stats\fP (hx509_context context, int printtype, FILE *out)" +.br +.ti -1c +.RI "int \fBhx509_cert_check_eku\fP (hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku)" +.br +.ti -1c +.RI "int \fBhx509_cert_binary\fP (hx509_context context, hx509_cert c, heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_print_cert\fP (hx509_context context, hx509_cert cert, FILE *out)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBThe basic certificate\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_cert_binary (hx509_context context, hx509_cert c, heim_octet_string * os)" +.PP +Encodes the hx509 certificate as a DER encode binary. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIc\fP the certificate to encode. +.br +\fIos\fP the encode certificate, set to NULL, 0 on case of error. Free the os->data with \fBhx509_xfree()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_check_eku (hx509_context context, hx509_cert cert, const heim_oid * eku, int allow_any_eku)" +.PP +Check the extended key usage on the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcert\fP A hx509 context. +.br +\fIeku\fP the EKU to check for +.br +\fIallow_any_eku\fP if the any EKU is set, allow that to be a substitute. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_cmp (hx509_cert p, hx509_cert q)" +.PP +Compare to hx509 certificate object, useful for sorting. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIq\fP a hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 the objects are the same, returns > 0 is p is 'larger' then q, < 0 if p is 'smaller' then q. +.RE +.PP + +.SS "int hx509_cert_find_subjectAltName_otherName (hx509_context context, hx509_cert cert, const heim_oid * oid, hx509_octet_string_list * list)" +.PP +Return a list of subjectAltNames specified by oid in the certificate. On error the +.PP +The returned list of octet string should be freed with \fBhx509_free_octet_string_list()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcert\fP a hx509 certificate object. +.br +\fIoid\fP an oid to for SubjectAltName. +.br +\fIlist\fP list of matching SubjectAltName. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_cert_free (hx509_cert cert)" +.PP +Free reference to the hx509 certificate object, if the refcounter reaches 0, the object if freed. Its allowed to pass in NULL. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP the cert to free. +.RE +.PP + +.SS "hx509_cert_attribute hx509_cert_get_attribute (hx509_cert cert, const heim_oid * oid)" +.PP +Get an external attribute for the certificate, examples are friendly name and id. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP hx509 certificate object to search +.br +\fIoid\fP an oid to search for. +.RE +.PP +\fBReturns:\fP +.RS 4 +an hx509_cert_attribute, only valid as long as the certificate is referenced. +.RE +.PP + +.SS "int hx509_cert_get_base_subject (hx509_context context, hx509_cert c, hx509_name * name)" +.PP +Return the name of the base subject of the hx509 certificate. If the certiicate is a verified proxy certificate, the this function return the base certificate (root of the proxy chain). If the proxy certificate is not verified with the base certificate HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIc\fP a hx509 certificate object. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP. See also \fBhx509_cert_get_subject()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "const char* hx509_cert_get_friendly_name (hx509_cert cert)" +.PP +Get friendly name of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP cert to get the friendly name from. +.RE +.PP +\fBReturns:\fP +.RS 4 +an friendly name or NULL if there is. The friendly name is only valid as long as the certificate is referenced. +.RE +.PP + +.SS "int hx509_cert_get_issuer (hx509_cert p, hx509_name * name)" +.PP +Return the name of the issuer of the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_issuer_unique_id (hx509_context context, hx509_cert p, heim_bit_string * issuer)" +.PP +Get a copy of the Issuer Unique ID +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509_context +.br +\fIp\fP a hx509 certificate +.br +\fIissuer\fP the issuer id returned, free with der_free_bit_string() +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a issuerUniqueID +.RE +.PP + +.SS "time_t hx509_cert_get_notAfter (hx509_cert p)" +.PP +Get notAfter time of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +return not after time. +.RE +.PP + +.SS "time_t hx509_cert_get_notBefore (hx509_cert p)" +.PP +Get notBefore time of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +return not before time +.RE +.PP + +.SS "int hx509_cert_get_serialnumber (hx509_cert p, heim_integer * i)" +.PP +Get serial number of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIi\fP serial number, should be freed ith der_free_heim_integer(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_SPKI (hx509_context context, hx509_cert p, SubjectPublicKeyInfo * spki)" +.PP +Get the SubjectPublicKeyInfo structure from the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIp\fP a hx509 certificate object. +.br +\fIspki\fP SubjectPublicKeyInfo, should be freed with free_SubjectPublicKeyInfo(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_SPKI_AlgorithmIdentifier (hx509_context context, hx509_cert p, AlgorithmIdentifier * alg)" +.PP +Get the AlgorithmIdentifier from the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIp\fP a hx509 certificate object. +.br +\fIalg\fP AlgorithmIdentifier, should be freed with free_AlgorithmIdentifier(). The algorithmidentifier is typicly rsaEncryption, or id-ecPublicKey, or some other public key mechanism. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_subject (hx509_cert p, hx509_name * name)" +.PP +Return the name of the subject of the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP. See also \fBhx509_cert_get_base_subject()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_subject_unique_id (hx509_context context, hx509_cert p, heim_bit_string * subject)" +.PP +Get a copy of the Subect Unique ID +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509_context +.br +\fIp\fP a hx509 certificate +.br +\fIsubject\fP the subject id returned, free with der_free_bit_string() +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a subjectUniqueID +.RE +.PP + +.SS "int hx509_cert_init (hx509_context context, const Certificate * c, hx509_cert * cert)" +.PP +Allocate and init an hx509 certificate object from the decoded certificate `c´. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIc\fP +.br +\fIcert\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_cert_init_data (hx509_context context, const void * ptr, size_t len, hx509_cert * cert)" +.PP +Just like \fBhx509_cert_init()\fP, but instead of a decode certificate takes an pointer and length to a memory region that contains a DER/BER encoded certificate. +.PP +If the memory region doesn't contain just the certificate and nothing more the function will fail with HX509_EXTRA_DATA_AFTER_STRUCTURE. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIptr\fP pointer to memory region containing encoded certificate. +.br +\fIlen\fP length of memory region. +.br +\fIcert\fP a return pointer to a hx509 certificate object, will contain NULL on error. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "hx509_cert hx509_cert_ref (hx509_cert cert)" +.PP +Add a reference to a hx509 certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP a pointer to an hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +the same object as is passed in. +.RE +.PP + +.SS "int hx509_cert_set_friendly_name (hx509_cert cert, const char * name)" +.PP +Set the friendly name on the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP The certificate to set the friendly name on +.br +\fIname\fP Friendly name. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_print_cert (hx509_context context, hx509_cert cert, FILE * out)" +.PP +Print a simple representation of a certificate +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context, can be NULL +.br +\fIcert\fP certificate to print +.br +\fIout\fP the stdio output stream, if NULL, stdout is used +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code +.RE +.PP + +.SS "int hx509_query_alloc (hx509_context context, hx509_query ** q)" +.PP +Allocate an query controller. Free using \fBhx509_query_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIq\fP return pointer to a hx509_query. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_query_free (hx509_context context, hx509_query * q)" +.PP +Free the query controller. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIq\fP a pointer to the query controller. +.RE +.PP + +.SS "int hx509_query_match_cmp_func (hx509_query * q, int(*)(hx509_context, hx509_cert, void *) func, void * ctx)" +.PP +Set the query controller to match using a specific match function. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller. +.br +\fIfunc\fP function to use for matching, if the argument is NULL, the match function is removed. +.br +\fIctx\fP context passed to the function. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_query_match_eku (hx509_query * q, const heim_oid * eku)" +.PP +Set the query controller to require an one specific EKU (extended key usage). Any previous EKU matching is overwitten. If NULL is passed in as the eku, the EKU requirement is reset. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller. +.br +\fIeku\fP an EKU to match on. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_query_match_friendly_name (hx509_query * q, const char * name)" +.PP +Set the query controller to match on a friendly name +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller. +.br +\fIname\fP a friendly name to match on +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_query_match_issuer_serial (hx509_query * q, const Name * issuer, const heim_integer * serialNumber)" +.PP +Set the issuer and serial number of match in the query controller. The function make copies of the isser and serial number. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller +.br +\fIissuer\fP issuer to search for +.br +\fIserialNumber\fP the serialNumber of the issuer. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_query_match_option (hx509_query * q, hx509_query_option option)" +.PP +Set match options for the hx509 query controller. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP query controller. +.br +\fIoption\fP options to control the query controller. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_query_statistic_file (hx509_context context, const char * fn)" +.PP +Set a statistic file for the query statistics. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIfn\fP statistics file name +.RE +.PP + +.SS "void hx509_query_unparse_stats (hx509_context context, int printtype, FILE * out)" +.PP +Unparse the statistics file and print the result on a FILE descriptor. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIprinttype\fP tyep to print +.br +\fIout\fP the FILE to write the data on. +.RE +.PP + +.SS "void hx509_verify_ctx_f_allow_default_trustanchors (hx509_verify_ctx ctx, int boolean)" +.PP +Allow using the operating system builtin trust anchors if no other trust anchors are configured. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, useing the operating systems builtin trust anchors. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_verify_hostname (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char * hostname, const struct sockaddr * sa, int sa_size)" +.PP +Verify that the certificate is allowed to be used for the hostname and address. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcert\fP the certificate to match with +.br +\fIflags\fP Flags to modify the behavior: +.IP "\(bu" 2 +HX509_VHN_F_ALLOW_NO_MATCH no match is ok +.PP +.br +\fItype\fP type of hostname: +.IP "\(bu" 2 +HX509_HN_HOSTNAME for plain hostname. +.IP "\(bu" 2 +HX509_HN_DNSSRV for DNS SRV names. +.PP +.br +\fIhostname\fP the hostname to check +.br +\fIsa\fP address of the host +.br +\fIsa_size\fP length of address +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_binary.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_binary.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_binary.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_check_eku.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_check_eku.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_check_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_cmp.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_cmp.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_cmp.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_free.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_free.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_attribute.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_attribute.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_attribute.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_base_subject.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_base_subject.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_base_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_friendly_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_friendly_name.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_notAfter.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_notAfter.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_notAfter.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_notBefore.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_notBefore.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_notBefore.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_serialnumber.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_serialnumber.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_serialnumber.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_subject.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_subject.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_subject_unique_id.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_subject_unique_id.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_get_subject_unique_id.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_init.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_init.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_init.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_init_data.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_init_data.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_init_data.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_keyusage_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_keyusage_print.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_keyusage_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_ref.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_ref.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_ref.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_set_friendly_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_set_friendly_name.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cert_set_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_add.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_add.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_add.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_append.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_append.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_append.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_end_seq.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_end_seq.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_end_seq.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_filter.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_filter.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_filter.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_find.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_find.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_find.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_free.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_free.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_info.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_info.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_info.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_init.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_init.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_init.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_iter_f.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_iter_f.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_iter_f.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_merge.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_merge.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_merge.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_next_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_next_cert.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_next_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_start_seq.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_start_seq.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_start_seq.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_store.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_store.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_certs_store.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ci_print_names.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ci_print_names.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ci_print_names.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_clear_error_string.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_clear_error_string.3 new file mode 100644 index 00000000000..191f0f0843f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_clear_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms.3 new file mode 100644 index 00000000000..1661a4b0361 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms.3 @@ -0,0 +1,206 @@ +.TH "hx509 CMS/pkcs7 functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 CMS/pkcs7 functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_cms_wrap_ContentInfo\fP (const heim_oid *oid, const heim_octet_string *buf, heim_octet_string *res)" +.br +.ti -1c +.RI "int \fBhx509_cms_unwrap_ContentInfo\fP (const heim_octet_string *in, heim_oid *oid, heim_octet_string *out, int *have_data)" +.br +.ti -1c +.RI "int \fBhx509_cms_unenvelope\fP (hx509_context context, hx509_certs certs, int flags, const void *data, size_t length, const heim_octet_string *encryptedContent, time_t time_now, heim_oid *contentType, heim_octet_string *content)" +.br +.ti -1c +.RI "int \fBhx509_cms_envelope_1\fP (hx509_context context, int flags, hx509_cert cert, const void *data, size_t length, const heim_oid *encryption_type, const heim_oid *contentType, heim_octet_string *content)" +.br +.ti -1c +.RI "int \fBhx509_cms_verify_signed\fP (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void *data, size_t length, const heim_octet_string *signedContent, hx509_certs pool, heim_oid *contentType, heim_octet_string *content, hx509_certs *signer_certs)" +.br +.ti -1c +.RI "int \fBhx509_cms_create_signed_1\fP (hx509_context context, int flags, const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string *signed_data)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBCMS/PKCS7 message functions.\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_cms_create_signed_1 (hx509_context context, int flags, const heim_oid * eContentType, const void * data, size_t length, const AlgorithmIdentifier * digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string * signed_data)" +.PP +Decode SignedData and verify that the signature is correct. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP +.br +\fIeContentType\fP the type of the data. +.br +\fIdata\fP data to sign +.br +\fIlength\fP length of the data that data point to. +.br +\fIdigest_alg\fP digest algorithm to use, use NULL to get the default or the peer determined algorithm. +.br +\fIcert\fP certificate to use for sign the data. +.br +\fIpeer\fP info about the peer the message to send the message to, like what digest algorithm to use. +.br +\fIanchors\fP trust anchors that the client will use, used to polulate the certificates included in the message +.br +\fIpool\fP certificates to use in try to build the path to the trust anchors. +.br +\fIsigned_data\fP the output of the function, free with der_free_octet_string(). +.RE +.PP + +.SS "int hx509_cms_envelope_1 (hx509_context context, int flags, hx509_cert cert, const void * data, size_t length, const heim_oid * encryption_type, const heim_oid * contentType, heim_octet_string * content)" +.PP +Encrypt end encode EnvelopedData. +.PP +Encrypt and encode EnvelopedData. The data is encrypted with a random key and the the random key is encrypted with the certificates private key. This limits what private key type can be used to RSA. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP flags to control the behavior. +.IP "\(bu" 2 +HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate +.IP "\(bu" 2 +HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo +.IP "\(bu" 2 +HX509_CMS_EV_ID_NAME - prefer issuer name and serial number +.PP +.br +\fIcert\fP Certificate to encrypt the EnvelopedData encryption key with. +.br +\fIdata\fP pointer the data to encrypt. +.br +\fIlength\fP length of the data that data point to. +.br +\fIencryption_type\fP Encryption cipher to use for the bulk data, use NULL to get default. +.br +\fIcontentType\fP type of the data that is encrypted +.br +\fIcontent\fP the output of the function, free with der_free_octet_string(). +.RE +.PP + +.SS "int hx509_cms_unenvelope (hx509_context context, hx509_certs certs, int flags, const void * data, size_t length, const heim_octet_string * encryptedContent, time_t time_now, heim_oid * contentType, heim_octet_string * content)" +.PP +Decode and unencrypt EnvelopedData. +.PP +Extract data and parameteres from from the EnvelopedData. Also supports using detached EnvelopedData. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcerts\fP Certificate that can decrypt the EnvelopedData encryption key. +.br +\fIflags\fP HX509_CMS_UE flags to control the behavior. +.br +\fIdata\fP pointer the structure the contains the DER/BER encoded EnvelopedData stucture. +.br +\fIlength\fP length of the data that data point to. +.br +\fIencryptedContent\fP in case of detached signature, this contains the actual encrypted data, othersize its should be NULL. +.br +\fItime_now\fP set the current time, if zero the library uses now as the date. +.br +\fIcontentType\fP output type oid, should be freed with der_free_oid(). +.br +\fIcontent\fP the data, free with der_free_octet_string(). +.RE +.PP + +.SS "int hx509_cms_unwrap_ContentInfo (const heim_octet_string * in, heim_oid * oid, heim_octet_string * out, int * have_data)" +.PP +Decode an ContentInfo and unwrap data and oid it. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP the encoded buffer. +.br +\fIoid\fP type of the content. +.br +\fIout\fP data to be wrapped. +.br +\fIhave_data\fP since the data is optional, this flags show dthe diffrence between no data and the zero length data. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_cms_verify_signed (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void * data, size_t length, const heim_octet_string * signedContent, hx509_certs pool, heim_oid * contentType, heim_octet_string * content, hx509_certs * signer_certs)" +.PP +Decode SignedData and verify that the signature is correct. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP a hx509 verify context. +.br +\fIflags\fP to control the behaivor of the function. +.IP "\(bu" 2 +HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage +.IP "\(bu" 2 +HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch +.IP "\(bu" 2 +HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below. +.PP +.br +\fIdata\fP pointer to CMS SignedData encoded data. +.br +\fIlength\fP length of the data that data point to. +.br +\fIsignedContent\fP external data used for signature. +.br +\fIpool\fP certificate pool to build certificates paths. +.br +\fIcontentType\fP free with der_free_oid(). +.br +\fIcontent\fP the output of the function, free with der_free_octet_string(). +.br +\fIsigner_certs\fP list of the cerficates used to sign this request, free with \fBhx509_certs_free()\fP. +.RE +.PP + +.PP +If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal search for matching certificates by not considering KeyUsage bits on the certificates. +.PP +If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow encapContentInfo mismatch with the oid in signedAttributes (or if no signedAttributes where use, pkcs7-data oid). This is only needed to work with broken CMS implementations that doesn't follow CMS signedAttributes rules. +.PP +If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the signing certificates and leave that up to the caller. +.PP +If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty SignerInfo (no signatures). If SignedData have no signatures, the function will return 0 with signer_certs set to NULL. Zero signers is allowed by the standard, but since its only useful in corner cases, it make into a flag that the caller have to turn on. +.SS "int hx509_cms_wrap_ContentInfo (const heim_oid * oid, const heim_octet_string * buf, heim_octet_string * res)" +.PP +Wrap data and oid in a ContentInfo and encode it. +.PP +\fBParameters:\fP +.RS 4 +\fIoid\fP type of the content. +.br +\fIbuf\fP data to be wrapped. If a NULL pointer is passed in, the optional content field in the ContentInfo is not going be filled in. +.br +\fIres\fP the encoded buffer, the result should be freed with der_free_octet_string(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_create_signed_1.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_create_signed_1.3 new file mode 100644 index 00000000000..ce2803ea99d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_create_signed_1.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_envelope_1.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_envelope_1.3 new file mode 100644 index 00000000000..ce2803ea99d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_envelope_1.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_unenvelope.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_unenvelope.3 new file mode 100644 index 00000000000..ce2803ea99d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_unenvelope.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 new file mode 100644 index 00000000000..ce2803ea99d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_verify_signed.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_verify_signed.3 new file mode 100644 index 00000000000..ce2803ea99d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_verify_signed.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 new file mode 100644 index 00000000000..ce2803ea99d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_free.3 new file mode 100644 index 00000000000..19c5e816ac6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_free.3 @@ -0,0 +1 @@ +.so man3/hx509.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_init.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_init.3 new file mode 100644 index 00000000000..19c5e816ac6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_init.3 @@ -0,0 +1 @@ +.so man3/hx509.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_set_missing_revoke.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_set_missing_revoke.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_context_set_missing_revoke.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_add_revoked_certs.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_add_revoked_certs.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_add_revoked_certs.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_alloc.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_alloc.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_free.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_free.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_lifetime.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_lifetime.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_lifetime.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_sign.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_sign.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crl_sign.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crypto.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crypto.3 new file mode 100644 index 00000000000..29c385e154b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_crypto.3 @@ -0,0 +1,40 @@ +.TH "hx509 crypto functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 crypto functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_verify_signature\fP (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_verify_signature (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier * alg, const heim_octet_string * data, const heim_octet_string * sig)" +.PP +Verify a signature made using the private key of an certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIsigner\fP the certificate that made the signature. +.br +\fIalg\fP algorthm that was used to sign the data. +.br +\fIdata\fP the data that was signed. +.br +\fIsig\fP the sigature to verify. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 new file mode 100644 index 00000000000..d8380596c5f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env.3 @@ -0,0 +1,143 @@ +.TH "hx509 enviroment functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 enviroment functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_env_add\fP (hx509_context context, hx509_env *env, const char *key, const char *value)" +.br +.ti -1c +.RI "int \fBhx509_env_add_binding\fP (hx509_context context, hx509_env *env, const char *key, hx509_env list)" +.br +.ti -1c +.RI "const char * \fBhx509_env_lfind\fP (hx509_context context, hx509_env env, const char *key, size_t len)" +.br +.ti -1c +.RI "const char * \fBhx509_env_find\fP (hx509_context context, hx509_env env, const char *key)" +.br +.ti -1c +.RI "hx509_env \fBhx509_env_find_binding\fP (hx509_context context, hx509_env env, const char *key)" +.br +.ti -1c +.RI "void \fBhx509_env_free\fP (hx509_env *env)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_env_add (hx509_context context, hx509_env * env, const char * key, const char * value)" +.PP +Add a new key/value pair to the hx509_env. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to add +.br +\fIvalue\fP value to add +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_env_add_binding (hx509_context context, hx509_env * env, const char * key, hx509_env list)" +.PP +Add a new key/binding pair to the hx509_env. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to add +.br +\fIlist\fP binding list to add +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "const char* hx509_env_find (hx509_context context, hx509_env env, const char * key)" +.PP +Search the hx509_env for a key. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to search for. +.RE +.PP +\fBReturns:\fP +.RS 4 +the value if the key is found, NULL otherwise. +.RE +.PP + +.SS "hx509_env hx509_env_find_binding (hx509_context context, hx509_env env, const char * key)" +.PP +Search the hx509_env for a binding. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to search for. +.RE +.PP +\fBReturns:\fP +.RS 4 +the binding if the key is found, NULL if not found. +.RE +.PP + +.SS "void hx509_env_free (hx509_env * env)" +.PP +Free an hx509_env enviroment context. +.PP +\fBParameters:\fP +.RS 4 +\fIenv\fP the enviroment to free. +.RE +.PP + +.SS "const char* hx509_env_lfind (hx509_context context, hx509_env env, const char * key, size_t len)" +.PP +Search the hx509_env for a length based key. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to search for. +.br +\fIlen\fP length of key. +.RE +.PP +\fBReturns:\fP +.RS 4 +the value if the key is found, NULL otherwise. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_add.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_add.3 new file mode 100644 index 00000000000..cdf891871ad --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_add.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_add_binding.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_add_binding.3 new file mode 100644 index 00000000000..cdf891871ad --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_add_binding.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_find.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_find.3 new file mode 100644 index 00000000000..cdf891871ad --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_find.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_find_binding.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_find_binding.3 new file mode 100644 index 00000000000..cdf891871ad --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_find_binding.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_free.3 new file mode 100644 index 00000000000..cdf891871ad --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_free.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_lfind.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_lfind.3 new file mode 100644 index 00000000000..cdf891871ad --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_env_lfind.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_err.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_err.3 new file mode 100644 index 00000000000..191f0f0843f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_err.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_error.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_error.3 new file mode 100644 index 00000000000..838aaeb74c0 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_error.3 @@ -0,0 +1,129 @@ +.TH "hx509 error functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 error functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_clear_error_string\fP (hx509_context context)" +.br +.ti -1c +.RI "void \fBhx509_set_error_stringv\fP (hx509_context context, int flags, int code, const char *fmt, va_list ap)" +.br +.ti -1c +.RI "void \fBhx509_set_error_string\fP (hx509_context context, int flags, int code, const char *fmt,...)" +.br +.ti -1c +.RI "char * \fBhx509_get_error_string\fP (hx509_context context, int error_code)" +.br +.ti -1c +.RI "void \fBhx509_free_error_string\fP (char *str)" +.br +.ti -1c +.RI "void \fBhx509_err\fP (hx509_context context, int exit_code, int error_code, const char *fmt,...)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBHx509 error reporting functions\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "void hx509_clear_error_string (hx509_context context)" +.PP +Resets the error strings the hx509 context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.RE +.PP + +.SS "void hx509_err (hx509_context context, int exit_code, int error_code, const char * fmt, ...)" +.PP +Print error message and fatally exit from error code +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIexit_code\fP exit() code from process. +.br +\fIerror_code\fP Error code for the reason to exit. +.br +\fIfmt\fP format string with the exit message. +.br +\fI...\fP argument to format string. +.RE +.PP + +.SS "void hx509_free_error_string (char * str)" +.PP +Free error string returned by \fBhx509_get_error_string()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIstr\fP error string to free. +.RE +.PP + +.SS "char* hx509_get_error_string (hx509_context context, int error_code)" +.PP +Get an error string from context associated with error_code. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIerror_code\fP Get error message for this error code. +.RE +.PP +\fBReturns:\fP +.RS 4 +error string, free with \fBhx509_free_error_string()\fP. +.RE +.PP + +.SS "void hx509_set_error_string (hx509_context context, int flags, int code, const char * fmt, ...)" +.PP +See \fBhx509_set_error_stringv()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP +.IP "\(bu" 2 +HX509_ERROR_APPEND appends the error string to the old messages (code is updated). +.PP +.br +\fIcode\fP error code related to error message +.br +\fIfmt\fP error message format +.br +\fI...\fP arguments to error message format +.RE +.PP + +.SS "void hx509_set_error_stringv (hx509_context context, int flags, int code, const char * fmt, va_list ap)" +.PP +Add an error message to the hx509 context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP +.IP "\(bu" 2 +HX509_ERROR_APPEND appends the error string to the old messages (code is updated). +.PP +.br +\fIcode\fP error code related to error message +.br +\fIfmt\fP error message format +.br +\fIap\fP arguments to error message format +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_free_error_string.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_free_error_string.3 new file mode 100644 index 00000000000..191f0f0843f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_free_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_free_octet_string_list.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_free_octet_string_list.3 new file mode 100644 index 00000000000..f58308e8cd1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_free_octet_string_list.3 @@ -0,0 +1 @@ +.so man3/hx509_misc.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_general_name_unparse.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_general_name_unparse.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_general_name_unparse.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_get_error_string.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_get_error_string.3 new file mode 100644 index 00000000000..191f0f0843f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_get_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_get_one_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_get_one_cert.3 new file mode 100644 index 00000000000..4543cfc8ff9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_get_one_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_keyset.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_keyset.3 new file mode 100644 index 00000000000..8a550927117 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_keyset.3 @@ -0,0 +1,373 @@ +.TH "hx509 certificate store functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 certificate store functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_certs_init\fP (hx509_context context, const char *name, int flags, hx509_lock lock, hx509_certs *certs)" +.br +.ti -1c +.RI "int \fBhx509_certs_store\fP (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)" +.br +.ti -1c +.RI "void \fBhx509_certs_free\fP (hx509_certs *certs)" +.br +.ti -1c +.RI "int \fBhx509_certs_start_seq\fP (hx509_context context, hx509_certs certs, hx509_cursor *cursor)" +.br +.ti -1c +.RI "int \fBhx509_certs_next_cert\fP (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert *cert)" +.br +.ti -1c +.RI "int \fBhx509_certs_end_seq\fP (hx509_context context, hx509_certs certs, hx509_cursor cursor)" +.br +.ti -1c +.RI "int \fBhx509_certs_iter_f\fP (hx509_context context, hx509_certs certs, int(*func)(hx509_context, void *, hx509_cert), void *ctx)" +.br +.ti -1c +.RI "int \fBhx509_ci_print_names\fP (hx509_context context, void *ctx, hx509_cert c)" +.br +.ti -1c +.RI "int \fBhx509_certs_add\fP (hx509_context context, hx509_certs certs, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_certs_find\fP (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_cert *r)" +.br +.ti -1c +.RI "int \fBhx509_certs_filter\fP (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_certs *result)" +.br +.ti -1c +.RI "int \fBhx509_certs_merge\fP (hx509_context context, hx509_certs to, hx509_certs from)" +.br +.ti -1c +.RI "int \fBhx509_certs_append\fP (hx509_context context, hx509_certs to, hx509_lock lock, const char *name)" +.br +.ti -1c +.RI "int \fBhx509_get_one_cert\fP (hx509_context context, hx509_certs certs, hx509_cert *c)" +.br +.ti -1c +.RI "int \fBhx509_certs_info\fP (hx509_context context, hx509_certs certs, int(*func)(void *, const char *), void *ctx)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBCertificate store operations\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_certs_add (hx509_context context, hx509_certs certs, hx509_cert cert)" +.PP +Add a certificate to the certificiate store. +.PP +The receiving keyset certs will either increase reference counter of the cert or make a deep copy, either way, the caller needs to free the cert itself. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to add the certificate to. +.br +\fIcert\fP certificate to add. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_append (hx509_context context, hx509_certs to, hx509_lock lock, const char * name)" +.PP +Same a \fBhx509_certs_merge()\fP but use a lock and name to describe the from source. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIto\fP the store to merge into. +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data.\fP). +.br +\fIname\fP name of the source store +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_end_seq (hx509_context context, hx509_certs certs, hx509_cursor cursor)" +.PP +End the iteration over certificates. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIcursor\fP cursor that will keep track of progress, freed. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_filter (hx509_context context, hx509_certs certs, const hx509_query * q, hx509_certs * result)" +.PP +Filter certificate matching the query. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to search. +.br +\fIq\fP query allocated with \fBhx509 query functions\fP functions. +.br +\fIresult\fP the filtered certificate store, caller must free with \fBhx509_certs_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.PP +Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query. +.SS "int hx509_certs_find (hx509_context context, hx509_certs certs, const hx509_query * q, hx509_cert * r)" +.PP +Find a certificate matching the query. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to search. +.br +\fIq\fP query allocated with \fBhx509 query functions\fP functions. +.br +\fIr\fP return certificate (or NULL on error), should be freed with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.PP +Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query. +.SS "void hx509_certs_free (hx509_certs * certs)" +.PP +Free a certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcerts\fP certificate store to free. +.RE +.PP + +.SS "int hx509_certs_info (hx509_context context, hx509_certs certs, int(*)(void *, const char *) func, void * ctx)" +.PP +Print some info about the certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to print information about. +.br +\fIfunc\fP function that will get each line of the information, if NULL is used the data is printed on a FILE descriptor that should be passed in ctx, if ctx also is NULL, stdout is used. +.br +\fIctx\fP parameter to func. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_init (hx509_context context, const char * name, int flags, hx509_lock lock, hx509_certs * certs)" +.PP +Open or creates a new hx509 certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context +.br +\fIname\fP name of the store, format is TYPE:type-specific-string, if NULL is used the MEMORY store is used. +.br +\fIflags\fP list of flags: +.IP "\(bu" 2 +HX509_CERTS_CREATE create a new keystore of the specific TYPE. +.IP "\(bu" 2 +HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted. +.PP +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data.\fP). +.br +\fIcerts\fP return pointer, free with \fBhx509_certs_free()\fP. +.RE +.PP + +.SS "int hx509_certs_iter_f (hx509_context context, hx509_certs certs, int(*)(hx509_context, void *, hx509_cert) func, void * ctx)" +.PP +Iterate over all certificates in a keystore and call an function for each fo them. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIfunc\fP function to call for each certificate. The function should return non-zero to abort the iteration, that value is passed back to the caller of \fBhx509_certs_iter_f()\fP. +.br +\fIctx\fP context variable that will passed to the function. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_merge (hx509_context context, hx509_certs to, hx509_certs from)" +.PP +Merge a certificate store into another. The from store is keep intact. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIto\fP the store to merge into. +.br +\fIfrom\fP the store to copy the object from. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_next_cert (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert * cert)" +.PP +Get next ceritificate from the certificate keystore pointed out by cursor. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIcursor\fP cursor that keeps track of progress. +.br +\fIcert\fP return certificate next in store, NULL if the store contains no more certificates. Free with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_start_seq (hx509_context context, hx509_certs certs, hx509_cursor * cursor)" +.PP +Start the integration +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over +.br +\fIcursor\fP cursor that will keep track of progress, free with \fBhx509_certs_end_seq()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is returned if the certificate store doesn't support the iteration operation. +.RE +.PP + +.SS "int hx509_certs_store (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)" +.PP +Write the certificate store to stable storage. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcerts\fP a certificate store to store. +.br +\fIflags\fP currently unused, use 0. +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data.\fP). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if the certificate store doesn't support the store operation. +.RE +.PP + +.SS "int hx509_ci_print_names (hx509_context context, void * ctx, hx509_cert c)" +.PP +Iterate over all certificates in a keystore and call an function for each fo them. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIfunc\fP function to call for each certificate. The function should return non-zero to abort the iteration, that value is passed back to the caller of hx509_certs_iter(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. Function to use to \fBhx509_certs_iter_f()\fP as a function argument, the ctx variable to \fBhx509_certs_iter_f()\fP should be a FILE file descriptor. +.RE +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIctx\fP used by \fBhx509_certs_iter_f()\fP. +.br +\fIc\fP a certificate +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_get_one_cert (hx509_context context, hx509_certs certs, hx509_cert * c)" +.PP +Get one random certificate from the certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP a certificate store to get the certificate from. +.br +\fIc\fP return certificate, should be freed with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_lock.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_lock.3 new file mode 100644 index 00000000000..66233bc98e4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_lock.3 @@ -0,0 +1,5 @@ +.TH "hx509 lock functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 lock functions \- See the \fBLocking and unlocking certificates and encrypted data.\fP for description and examples. diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_misc.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_misc.3 new file mode 100644 index 00000000000..3e00ce14344 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_misc.3 @@ -0,0 +1,40 @@ +.TH "hx509 misc functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 misc functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_free_octet_string_list\fP (hx509_octet_string_list *list)" +.br +.ti -1c +.RI "void \fBhx509_xfree\fP (void *ptr)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_free_octet_string_list (hx509_octet_string_list * list)" +.PP +Free a list of octet strings returned by another hx509 library function. +.PP +\fBParameters:\fP +.RS 4 +\fIlist\fP list to be freed. +.RE +.PP + +.SS "void hx509_xfree (void * ptr)" +.PP +Free a data element allocated in the library. +.PP +\fBParameters:\fP +.RS 4 +\fIptr\fP data to be freed. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name.3 new file mode 100644 index 00000000000..2e3f3eb1c12 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name.3 @@ -0,0 +1,235 @@ +.TH "hx509 name functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 name functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_name_to_string\fP (const hx509_name name, char **str)" +.br +.ti -1c +.RI "int \fBhx509_name_cmp\fP (hx509_name n1, hx509_name n2)" +.br +.ti -1c +.RI "int \fBhx509_parse_name\fP (hx509_context context, const char *str, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_name_copy\fP (hx509_context context, const hx509_name from, hx509_name *to)" +.br +.ti -1c +.RI "int \fBhx509_name_to_Name\fP (const hx509_name from, Name *to)" +.br +.ti -1c +.RI "int \fBhx509_name_expand\fP (hx509_context context, hx509_name name, hx509_env env)" +.br +.ti -1c +.RI "void \fBhx509_name_free\fP (hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_unparse_der_name\fP (const void *data, size_t length, char **str)" +.br +.ti -1c +.RI "int \fBhx509_name_binary\fP (const hx509_name name, heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_name_is_null_p\fP (const hx509_name name)" +.br +.ti -1c +.RI "int \fBhx509_general_name_unparse\fP (GeneralName *name, char **str)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBPKIX/X.509 Names\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_general_name_unparse (GeneralName * name, char ** str)" +.PP +Unparse the hx509 name in name into a string. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP the name to print +.br +\fIstr\fP an allocated string returns the name in string form +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_binary (const hx509_name name, heim_octet_string * os)" +.PP +Convert a hx509_name object to DER encoded name. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP name to concert +.br +\fIos\fP data to a DER encoded name, free the resulting octet string with hx509_xfree(os->data). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_cmp (hx509_name n1, hx509_name n2)" +.PP +Compare to hx509 name object, useful for sorting. +.PP +\fBParameters:\fP +.RS 4 +\fIn1\fP a hx509 name object. +.br +\fIn2\fP a hx509 name object. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 the objects are the same, returns > 0 is n2 is 'larger' then n2, < 0 if n1 is 'smaller' then n2. +.RE +.PP + +.SS "int hx509_name_copy (hx509_context context, const hx509_name from, hx509_name * to)" +.PP +Copy a hx509 name object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 cotext. +.br +\fIfrom\fP the name to copy from +.br +\fIto\fP the name to copy to +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_expand (hx509_context context, hx509_name name, hx509_env env)" +.PP +Expands variables in the name using env. Variables are on the form ${name}. Useful when dealing with certificate templates. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 cotext. +.br +\fIname\fP the name to expand. +.br +\fIenv\fP environment variable to expand. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.PP +Only UTF8String rdnSequence names are allowed +.SS "void hx509_name_free (hx509_name * name)" +.PP +Free a hx509 name object, upond return *name will be NULL. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP a hx509 name object to be freed. +.RE +.PP + +.SS "int hx509_name_is_null_p (const hx509_name name)" +.PP +Unparse the hx509 name in name into a string. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP the name to check if its empty/null. +.RE +.PP +\fBReturns:\fP +.RS 4 +non zero if the name is empty/null. +.RE +.PP + +.SS "int hx509_name_to_Name (const hx509_name from, Name * to)" +.PP +Convert a hx509_name into a Name. +.PP +\fBParameters:\fP +.RS 4 +\fIfrom\fP the name to copy from +.br +\fIto\fP the name to copy to +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_to_string (const hx509_name name, char ** str)" +.PP +Convert the hx509 name object into a printable string. The resulting string should be freed with free(). +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP name to print +.br +\fIstr\fP the string to return +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_parse_name (hx509_context context, const char * str, hx509_name * name)" +.PP +Parse a string into a hx509 name object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIstr\fP a string to parse. +.br +\fIname\fP the resulting object, NULL in case of error. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_unparse_der_name (const void * data, size_t length, char ** str)" +.PP +Convert a DER encoded name info a string. +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP data to a DER/BER encoded name +.br +\fIlength\fP length of data +.br +\fIstr\fP the resulting string, is NULL on failure. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_binary.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_binary.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_binary.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_cmp.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_cmp.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_cmp.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_copy.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_copy.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_copy.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_expand.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_expand.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_expand.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_free.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_free.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_is_null_p.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_is_null_p.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_is_null_p.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_to_Name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_to_Name.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_to_Name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_to_string.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_to_string.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_name_to_string.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ocsp_request.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ocsp_request.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ocsp_request.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ocsp_verify.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ocsp_verify.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_ocsp_verify.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_oid_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_oid_print.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_oid_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_oid_sprint.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_oid_sprint.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_oid_sprint.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_parse_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_parse_name.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_parse_name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer.3 new file mode 100644 index 00000000000..68382f242da --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer.3 @@ -0,0 +1,113 @@ +.TH "hx509 certificate selecting functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 certificate selecting functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_peer_info_alloc\fP (hx509_context context, hx509_peer_info *peer)" +.br +.ti -1c +.RI "void \fBhx509_peer_info_free\fP (hx509_peer_info peer)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_set_cert\fP (hx509_peer_info peer, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_add_cms_alg\fP (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_set_cms_algs\fP (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val, size_t len)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_peer_info_add_cms_alg (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier * val)" +.PP +Add an additional algorithm that the peer supports. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIpeer\fP the peer to set the new algorithms for +.br +\fIval\fP an AlgorithmsIdentier to add +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_peer_info_alloc (hx509_context context, hx509_peer_info * peer)" +.PP +Allocate a new peer info structure an init it to default values. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIpeer\fP return an allocated peer, free with \fBhx509_peer_info_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_peer_info_free (hx509_peer_info peer)" +.PP +Free a peer info structure. +.PP +\fBParameters:\fP +.RS 4 +\fIpeer\fP peer info to be freed. +.RE +.PP + +.SS "int hx509_peer_info_set_cert (hx509_peer_info peer, hx509_cert cert)" +.PP +Set the certificate that remote peer is using. +.PP +\fBParameters:\fP +.RS 4 +\fIpeer\fP peer info to update +.br +\fIcert\fP cerificate of the remote peer. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_peer_info_set_cms_algs (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier * val, size_t len)" +.PP +Set the algorithms that the peer supports. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIpeer\fP the peer to set the new algorithms for +.br +\fIval\fP array of supported AlgorithmsIdentiers +.br +\fIlen\fP length of array val. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_add_cms_alg.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_add_cms_alg.3 new file mode 100644 index 00000000000..b6a9f0fae0b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_add_cms_alg.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_alloc.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_alloc.3 new file mode 100644 index 00000000000..b6a9f0fae0b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_free.3 new file mode 100644 index 00000000000..b6a9f0fae0b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_free.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cert.3 new file mode 100644 index 00000000000..b6a9f0fae0b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cms_algs.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cms_algs.3 new file mode 100644 index 00000000000..b6a9f0fae0b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cms_algs.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print.3 new file mode 100644 index 00000000000..6523dc651c8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print.3 @@ -0,0 +1,211 @@ +.TH "hx509 printing functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 printing functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_print_stdout\fP (void *ctx, const char *fmt, va_list va)" +.br +.ti -1c +.RI "int \fBhx509_oid_sprint\fP (const heim_oid *oid, char **str)" +.br +.ti -1c +.RI "void \fBhx509_oid_print\fP (const heim_oid *oid, hx509_vprint_func func, void *ctx)" +.br +.ti -1c +.RI "void \fBhx509_bitstring_print\fP (const heim_bit_string *b, hx509_vprint_func func, void *ctx)" +.br +.ti -1c +.RI "int \fBhx509_cert_keyusage_print\fP (hx509_context context, hx509_cert c, char **s)" +.br +.ti -1c +.RI "int \fBhx509_validate_ctx_init\fP (hx509_context context, hx509_validate_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_set_print\fP (hx509_validate_ctx ctx, hx509_vprint_func func, void *c)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_add_flags\fP (hx509_validate_ctx ctx, int flags)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_free\fP (hx509_validate_ctx ctx)" +.br +.ti -1c +.RI "int \fBhx509_validate_cert\fP (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_bitstring_print (const heim_bit_string * b, hx509_vprint_func func, void * ctx)" +.PP +Print a bitstring using a hx509_vprint_func function. To print to stdout use \fBhx509_print_stdout()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIb\fP bit string to print. +.br +\fIfunc\fP hx509_vprint_func to print with. +.br +\fIctx\fP context variable to hx509_vprint_func function. +.RE +.PP + +.SS "int hx509_cert_keyusage_print (hx509_context context, hx509_cert c, char ** s)" +.PP +Print certificate usage for a certificate to a string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIc\fP a certificate print the keyusage for. +.br +\fIs\fP the return string with the keysage printed in to, free with \fBhx509_xfree()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_oid_print (const heim_oid * oid, hx509_vprint_func func, void * ctx)" +.PP +Print a oid using a hx509_vprint_func function. To print to stdout use \fBhx509_print_stdout()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIoid\fP oid to print +.br +\fIfunc\fP hx509_vprint_func to print with. +.br +\fIctx\fP context variable to hx509_vprint_func function. +.RE +.PP + +.SS "int hx509_oid_sprint (const heim_oid * oid, char ** str)" +.PP +Print a oid to a string. +.PP +\fBParameters:\fP +.RS 4 +\fIoid\fP oid to print +.br +\fIstr\fP allocated string, free with \fBhx509_xfree()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_print_stdout (void * ctx, const char * fmt, va_list va)" +.PP +Helper function to print on stdout for: +.IP "\(bu" 2 +\fBhx509_oid_print()\fP, +.IP "\(bu" 2 +\fBhx509_bitstring_print()\fP, +.IP "\(bu" 2 +\fBhx509_validate_ctx_set_print()\fP. +.PP +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to the print function. If the ctx is NULL, stdout is used. +.br +\fIfmt\fP the printing format. +.br +\fIva\fP the argumet list. +.RE +.PP + +.SS "int hx509_validate_cert (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)" +.PP +Validate/Print the status of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP A hx509 validation context. +.br +\fIcert\fP the cerificate to validate/print. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_validate_ctx_add_flags (hx509_validate_ctx ctx, int flags)" +.PP +Add flags to control the behaivor of the \fBhx509_validate_cert()\fP function. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP A hx509 validation context. +.br +\fIflags\fP flags to add to the validation context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_validate_ctx_free (hx509_validate_ctx ctx)" +.PP +Free an hx509 validate context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the hx509 validate context to free. +.RE +.PP + +.SS "int hx509_validate_ctx_init (hx509_context context, hx509_validate_ctx * ctx)" +.PP +Allocate a hx509 validation/printing context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP a new allocated hx509 validation context, free with \fBhx509_validate_ctx_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_validate_ctx_set_print (hx509_validate_ctx ctx, hx509_vprint_func func, void * c)" +.PP +Set the printing functions for the validation context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a hx509 valication context. +.br +\fIfunc\fP the printing function to usea. +.br +\fIc\fP the context variable to the printing function. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print_cert.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print_stdout.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print_stdout.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_print_stdout.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query.3 new file mode 100644 index 00000000000..3bf02a1ff11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query.3 @@ -0,0 +1,5 @@ +.TH "hx509 query functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 query functions \- diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_alloc.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_alloc.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_free.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_free.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_cmp_func.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_cmp_func.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_cmp_func.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_eku.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_eku.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_friendly_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_friendly_name.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_issuer_serial.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_issuer_serial.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_issuer_serial.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_option.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_option.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_match_option.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_statistic_file.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_statistic_file.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_statistic_file.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_unparse_stats.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_unparse_stats.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_query_unparse_stats.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke.3 new file mode 100644 index 00000000000..d040cc5ad88 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke.3 @@ -0,0 +1,171 @@ +.TH "hx509 revokation checking functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 revokation checking functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_revoke_init\fP (hx509_context context, hx509_revoke_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_revoke_free\fP (hx509_revoke_ctx *ctx)" +.br +.ti -1c +.RI "int \fBhx509_revoke_add_ocsp\fP (hx509_context context, hx509_revoke_ctx ctx, const char *path)" +.br +.ti -1c +.RI "int \fBhx509_revoke_add_crl\fP (hx509_context context, hx509_revoke_ctx ctx, const char *path)" +.br +.ti -1c +.RI "int \fBhx509_revoke_verify\fP (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)" +.br +.ti -1c +.RI "int \fBhx509_ocsp_request\fP (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier *digest, heim_octet_string *request, heim_octet_string *nonce)" +.br +.ti -1c +.RI "int \fBhx509_revoke_ocsp_print\fP (hx509_context context, const char *path, FILE *out)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRevocation methods\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_ocsp_request (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier * digest, heim_octet_string * request, heim_octet_string * nonce)" +.PP +Create an OCSP request for a set of certificates. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fIreqcerts\fP list of certificates to request ocsp data for +.br +\fIpool\fP certificate pool to use when signing +.br +\fIsigner\fP certificate to use to sign the request +.br +\fIdigest\fP the signing algorithm in the request, if NULL use the default signature algorithm, +.br +\fIrequest\fP the encoded request, free with free_heim_octet_string(). +.br +\fInonce\fP nonce in the request, free with free_heim_octet_string(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_add_crl (hx509_context context, hx509_revoke_ctx ctx, const char * path)" +.PP +Add a CRL file to the revokation context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIpath\fP path to file that is going to be added to the context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_add_ocsp (hx509_context context, hx509_revoke_ctx ctx, const char * path)" +.PP +Add a OCSP file to the revokation context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIpath\fP path to file that is going to be added to the context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_revoke_free (hx509_revoke_ctx * ctx)" +.PP +Free a hx509 revokation context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP context to be freed +.RE +.PP + +.SS "int hx509_revoke_init (hx509_context context, hx509_revoke_ctx * ctx)" +.PP +Allocate a revokation context. Free with \fBhx509_revoke_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP returns a newly allocated revokation context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_ocsp_print (hx509_context context, const char * path, FILE * out)" +.PP +Print the OCSP reply stored in a file. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fIpath\fP path to a file with a OCSP reply +.br +\fIout\fP the out FILE descriptor to print the reply on +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_verify (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)" +.PP +Check that a certificate is not expired according to a revokation context. Also need the parent certificte to the check OCSP parent identifier. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIcerts\fP +.br +\fInow\fP +.br +\fIcert\fP +.br +\fIparent_cert\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_add_crl.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_add_crl.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_add_crl.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_add_ocsp.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_add_ocsp.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_add_ocsp.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_free.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_free.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_init.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_init.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_init.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_ocsp_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_ocsp_print.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_ocsp_print.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_verify.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_verify.3 new file mode 100644 index 00000000000..d7d6ccf0d93 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_revoke_verify.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_set_error_string.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_set_error_string.3 new file mode 100644 index 00000000000..191f0f0843f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_set_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_set_error_stringv.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_set_error_stringv.3 new file mode 100644 index 00000000000..191f0f0843f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_set_error_stringv.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_unparse_der_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_unparse_der_name.3 new file mode 100644 index 00000000000..926e21e01aa --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_unparse_der_name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_cert.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_add_flags.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_add_flags.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_add_flags.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_free.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_free.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_free.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_init.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_init.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_init.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_set_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_set_print.3 new file mode 100644 index 00000000000..2577d70ee90 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_validate_ctx_set_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 new file mode 100644 index 00000000000..2b7764593a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify.3 @@ -0,0 +1,309 @@ +.TH "hx509 verification functions" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 verification functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_context_set_missing_revoke\fP (hx509_context context, int flag)" +.br +.ti -1c +.RI "int \fBhx509_verify_init_ctx\fP (hx509_context context, hx509_verify_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_destroy_ctx\fP (hx509_verify_ctx ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_attach_anchors\fP (hx509_verify_ctx ctx, hx509_certs set)" +.br +.ti -1c +.RI "void \fBhx509_verify_attach_revoke\fP (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_time\fP (hx509_verify_ctx ctx, time_t t)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_max_depth\fP (hx509_verify_ctx ctx, unsigned int max_depth)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_proxy_certificate\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_strict_rfc3280_verification\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "int \fBhx509_verify_path\fP (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" +.br +.ti -1c +.RI "int \fBhx509_ocsp_verify\fP (hx509_context context, time_t now, hx509_cert cert, int flags, const void *data, size_t length, time_t *expiration)" +.br +.ti -1c +.RI "int \fBhx509_crl_alloc\fP (hx509_context context, hx509_crl *crl)" +.br +.ti -1c +.RI "int \fBhx509_crl_add_revoked_certs\fP (hx509_context context, hx509_crl crl, hx509_certs certs)" +.br +.ti -1c +.RI "int \fBhx509_crl_lifetime\fP (hx509_context context, hx509_crl crl, int delta)" +.br +.ti -1c +.RI "void \fBhx509_crl_free\fP (hx509_context context, hx509_crl *crl)" +.br +.ti -1c +.RI "int \fBhx509_crl_sign\fP (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string *os)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_context_set_missing_revoke (hx509_context context, int flag)" +.PP +Selects if the \fBhx509_revoke_verify()\fP function is going to require the existans of a revokation method (OCSP, CRL) or not. Note that \fBhx509_verify_path()\fP, \fBhx509_cms_verify_signed()\fP, and other function call \fBhx509_revoke_verify()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context to change the flag for. +.br +\fIflag\fP zero, revokation method required, non zero missing revokation method ok +.RE +.PP + +.SS "int hx509_crl_add_revoked_certs (hx509_context context, hx509_crl crl, hx509_certs certs)" +.PP +Add revoked certificate to an CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP the CRL to add the revoked certificate to. +.br +\fIcerts\fP keyset of certificate to revoke. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_crl_alloc (hx509_context context, hx509_crl * crl)" +.PP +Create a CRL context. Use \fBhx509_crl_free()\fP to free the CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP return pointer to a newly allocated CRL context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_crl_free (hx509_context context, hx509_crl * crl)" +.PP +Free a CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP a CRL context to free. +.RE +.PP + +.SS "int hx509_crl_lifetime (hx509_context context, hx509_crl crl, int delta)" +.PP +Set the lifetime of a CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP a CRL context +.br +\fIdelta\fP delta time the certificate is valid, library adds the current time to this. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_crl_sign (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string * os)" +.PP +Sign a CRL and return an encode certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIsigner\fP certificate to sign the CRL with +.br +\fIcrl\fP the CRL to sign +.br +\fIos\fP return the signed and encoded CRL, free with free_heim_octet_string() +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ocsp_verify (hx509_context context, time_t now, hx509_cert cert, int flags, const void * data, size_t length, time_t * expiration)" +.PP +Verify that the certificate is part of the OCSP reply and it's not expired. Doesn't verify signature the OCSP reply or it's done by a authorized sender, that is assumed to be already done. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fInow\fP the time right now, if 0, use the current time. +.br +\fIcert\fP the certificate to verify +.br +\fIflags\fP flags control the behavior +.br +\fIdata\fP pointer to the encode ocsp reply +.br +\fIlength\fP the length of the encode ocsp reply +.br +\fIexpiration\fP return the time the OCSP will expire and need to be rechecked. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_verify_attach_anchors (hx509_verify_ctx ctx, hx509_certs set)" +.PP +Set the trust anchors in the verification context, makes an reference to the keyset, so the consumer can free the keyset independent of the destruction of the verification context (ctx). If there already is a keyset attached, it's released. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIset\fP a keyset containing the trust anchors. +.RE +.PP + +.SS "void hx509_verify_attach_revoke (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" +.PP +Attach an revocation context to the verfication context, , makes an reference to the revoke context, so the consumer can free the revoke context independent of the destruction of the verification context. If there is no revoke context, the verification process is NOT going to check any verification status. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context. +.br +\fIrevoke_ctx\fP a revoke context. +.RE +.PP + +.SS "void hx509_verify_destroy_ctx (hx509_verify_ctx ctx)" +.PP +Free an hx509 verification context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to be freed. +.RE +.PP + +.SS "int hx509_verify_init_ctx (hx509_context context, hx509_verify_ctx * ctx)" +.PP +Allocate an verification context that is used fo control the verification process. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP returns a pointer to a hx509_verify_ctx object. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_verify_path (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" +.PP +Build and verify the path for the certificate to the trust anchor specified in the verify context. The path is constructed from the certificate, the pool and the trust anchors. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP A hx509 verification context. +.br +\fIcert\fP the certificate to build the path from. +.br +\fIpool\fP A keyset of certificates to build the chain from. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_verify_set_max_depth (hx509_verify_ctx ctx, unsigned int max_depth)" +.PP +Set the maximum depth of the certificate chain that the path builder is going to try. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fImax_depth\fP maxium depth of the certificate chain, include trust anchor. +.RE +.PP + +.SS "void hx509_verify_set_proxy_certificate (hx509_verify_ctx ctx, int boolean)" +.PP +Allow or deny the use of proxy certificates +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, allow proxy certificates. +.RE +.PP + +.SS "void hx509_verify_set_strict_rfc3280_verification (hx509_verify_ctx ctx, int boolean)" +.PP +Select strict RFC3280 verification of certificiates. This means checking key usage on CA certificates, this will make version 1 certificiates unuseable. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, use strict verification. +.RE +.PP + +.SS "void hx509_verify_set_time (hx509_verify_ctx ctx, time_t t)" +.PP +Set the clock time the the verification process is going to use. Used to check certificate in the past and future time. If not set the current time will be used. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context. +.br +\fIt\fP the time the verifiation is using. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_attach_anchors.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_attach_anchors.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_attach_anchors.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_attach_revoke.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_attach_revoke.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_attach_revoke.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_destroy_ctx.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_destroy_ctx.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_destroy_ctx.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_hostname.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_hostname.3 new file mode 100644 index 00000000000..d65a4b6b4f6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_hostname.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_init_ctx.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_init_ctx.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_init_ctx.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_path.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_path.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_path.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_max_depth.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_max_depth.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_max_depth.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_proxy_certificate.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_proxy_certificate.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_proxy_certificate.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_time.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_time.3 new file mode 100644 index 00000000000..e52f771b529 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_set_time.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_signature.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_signature.3 new file mode 100644 index 00000000000..67b1f7fa6ea --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_verify_signature.3 @@ -0,0 +1 @@ +.so man3/hx509_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_xfree.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_xfree.3 new file mode 100644 index 00000000000..f58308e8cd1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/hx509_xfree.3 @@ -0,0 +1 @@ +.so man3/hx509_misc.3 diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_ca.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_ca.3 new file mode 100644 index 00000000000..7caf10edbd8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_ca.3 @@ -0,0 +1,6 @@ +.TH "page_ca" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_ca \- Hx509 CA functions +See the library functions here: \fBhx509 CA functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_cert.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_cert.3 new file mode 100644 index 00000000000..d445250c0f1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_cert.3 @@ -0,0 +1,10 @@ +.TH "page_cert" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_cert \- The basic certificate +The basic hx509 cerificate object in hx509 is hx509_cert. The hx509_cert object is representing one X509/PKIX certificate and associated attributes; like private key, friendly name, etc. +.PP +A hx509_cert object is usully found via the keyset interfaces (\fBCertificate store operations\fP), but its also possible to create a certificate directly from a parsed object with \fBhx509_cert_init()\fP and \fBhx509_cert_init_data()\fP. +.PP +See the library functions here: \fBhx509 certificate functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_cms.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_cms.3 new file mode 100644 index 00000000000..a8be947f531 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_cms.3 @@ -0,0 +1,18 @@ +.TH "page_cms" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_cms \- CMS/PKCS7 message functions. +CMS is defined in RFC 3369 and is an continuation of the RSA Labs standard PKCS7. The basic messages in CMS is +.PP +.IP "\(bu" 2 +SignedData Data signed with private key (RSA, DSA, ECDSA) or secret (symmetric) key +.IP "\(bu" 2 +EnvelopedData Data encrypted with private key (RSA) +.IP "\(bu" 2 +EncryptedData Data encrypted with secret (symmetric) key. +.IP "\(bu" 2 +ContentInfo Wrapper structure including type and data. +.PP +.PP +See the library functions here: \fBhx509 CMS/pkcs7 functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 new file mode 100644 index 00000000000..d0012741ffb --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_env.3 @@ -0,0 +1,6 @@ +.TH "page_env" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_env \- Hx509 enviroment functions +See the library functions here: \fBhx509 enviroment functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_error.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_error.3 new file mode 100644 index 00000000000..ed93a0406b7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_error.3 @@ -0,0 +1,6 @@ +.TH "page_error" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_error \- Hx509 error reporting functions +See the library functions here: \fBhx509 error functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_keyset.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_keyset.3 new file mode 100644 index 00000000000..c2a7519f8e4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_keyset.3 @@ -0,0 +1,25 @@ +.TH "page_keyset" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_keyset \- Certificate store operations +Type of certificates store: +.IP "\(bu" 2 +MEMORY In memory based format. Doesnt support storing. +.IP "\(bu" 2 +FILE FILE supports raw DER certicates and PEM certicates. When PEM is used the file can contain may certificates and match private keys. Support storing the certificates. DER format only supports on certificate and no private key. +.IP "\(bu" 2 +PEM-FILE Same as FILE, defaulting to PEM encoded certificates. +.IP "\(bu" 2 +PEM-FILE Same as FILE, defaulting to DER encoded certificates. +.IP "\(bu" 2 +PKCS11 +.IP "\(bu" 2 +PKCS12 +.IP "\(bu" 2 +DIR +.IP "\(bu" 2 +KEYCHAIN Apple Mac OS X KeyChain backed keychain object. +.PP +.PP +See the library functions here: \fBhx509 certificate store functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_lock.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_lock.3 new file mode 100644 index 00000000000..56fdd8656bc --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_lock.3 @@ -0,0 +1,6 @@ +.TH "page_lock" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_lock \- Locking and unlocking certificates and encrypted data. +See the library functions here: \fBhx509 lock functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_name.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_name.3 new file mode 100644 index 00000000000..8e8a9dfdea5 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_name.3 @@ -0,0 +1,18 @@ +.TH "page_name" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_name \- PKIX/X.509 Names +There are several names in PKIX/X.509, GeneralName and Name. +.PP +A Name consists of an ordered list of Relative Distinguished Names (RDN). Each RDN consists of an unordered list of typed strings. The types are defined by OID and have long and short description. For example id-at-commonName (2.5.4.3) have the long name CommonName and short name CN. The string itself can be of several encoding, UTF8, UTF16, Teltex string, etc. The type limit what encoding should be used. +.PP +GeneralName is a broader nametype that can contains al kind of stuff like Name, IP addresses, partial Name, etc. +.PP +Name is mapped into a hx509_name object. +.PP +Parse and string name into a hx509_name object with \fBhx509_parse_name()\fP, make it back into string representation with \fBhx509_name_to_string()\fP. +.PP +Name string are defined rfc2253, rfc1779 and X.501. +.PP +See the library functions here: \fBhx509 name functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_peer.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_peer.3 new file mode 100644 index 00000000000..7e8b67e6d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_peer.3 @@ -0,0 +1,8 @@ +.TH "page_peer" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_peer \- Hx509 crypto selecting functions +Peer info structures are used togeter with hx509_crypto_select() to select the best avaible crypto algorithm to use. +.PP +See the library functions here: \fBhx509 certificate selecting functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_print.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_print.3 new file mode 100644 index 00000000000..3837994ba76 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_print.3 @@ -0,0 +1,6 @@ +.TH "page_print" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_print \- Hx509 printing functions +See the library functions here: \fBhx509 printing functions\fP diff --git a/crypto/heimdal/doc/doxyout/hx509/man/man3/page_revoke.3 b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_revoke.3 new file mode 100644 index 00000000000..1d4a33a4458 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/man/man3/page_revoke.3 @@ -0,0 +1,10 @@ +.TH "page_revoke" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_revoke \- Revocation methods +There are two revocation method for PKIX/X.509: CRL and OCSP. Revocation is needed if the private key is lost and stolen. Depending on how picky you are, you might want to make revocation for destroyed private keys too (smartcard broken), but that should not be a problem. +.PP +CRL is a list of certifiates that have expired. +.PP +OCSP is an online checking method where the requestor sends a list of certificates to the OCSP server to return a signed reply if they are valid or not. Some services sends a OCSP reply as part of the hand-shake to make the revoktion decision simpler/faster for the client. diff --git a/crypto/heimdal/doc/doxyout/hx509/manpages b/crypto/heimdal/doc/doxyout/hx509/manpages new file mode 100644 index 00000000000..6c621d2482a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/hx509/manpages @@ -0,0 +1,172 @@ +hx509/man/man3/hx509.3 +hx509/man/man3/hx509_bitstring_print.3 +hx509/man/man3/hx509_ca.3 +hx509/man/man3/hx509_ca_sign.3 +hx509/man/man3/hx509_ca_sign_self.3 +hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 +hx509/man/man3/hx509_ca_tbs_add_eku.3 +hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 +hx509/man/man3/hx509_ca_tbs_add_san_jid.3 +hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 +hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 +hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 +hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 +hx509/man/man3/hx509_ca_tbs_free.3 +hx509/man/man3/hx509_ca_tbs_init.3 +hx509/man/man3/hx509_ca_tbs_set_ca.3 +hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 +hx509/man/man3/hx509_ca_tbs_set_notAfter.3 +hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 +hx509/man/man3/hx509_ca_tbs_set_notBefore.3 +hx509/man/man3/hx509_ca_tbs_set_proxy.3 +hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 +hx509/man/man3/hx509_ca_tbs_set_spki.3 +hx509/man/man3/hx509_ca_tbs_set_subject.3 +hx509/man/man3/hx509_ca_tbs_set_template.3 +hx509/man/man3/hx509_ca_tbs_set_unique.3 +hx509/man/man3/hx509_ca_tbs_subject_expand.3 +hx509/man/man3/hx509_ca_tbs_template_units.3 +hx509/man/man3/hx509_cert.3 +hx509/man/man3/hx509_cert_binary.3 +hx509/man/man3/hx509_cert_check_eku.3 +hx509/man/man3/hx509_cert_cmp.3 +hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 +hx509/man/man3/hx509_cert_free.3 +hx509/man/man3/hx509_cert_get_attribute.3 +hx509/man/man3/hx509_cert_get_base_subject.3 +hx509/man/man3/hx509_cert_get_friendly_name.3 +hx509/man/man3/hx509_cert_get_issuer.3 +hx509/man/man3/hx509_cert_get_issuer_unique_id.3 +hx509/man/man3/hx509_cert_get_notAfter.3 +hx509/man/man3/hx509_cert_get_notBefore.3 +hx509/man/man3/hx509_cert_get_serialnumber.3 +hx509/man/man3/hx509_cert_get_SPKI.3 +hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 +hx509/man/man3/hx509_cert_get_subject.3 +hx509/man/man3/hx509_cert_get_subject_unique_id.3 +hx509/man/man3/hx509_cert_init.3 +hx509/man/man3/hx509_cert_init_data.3 +hx509/man/man3/hx509_cert_keyusage_print.3 +hx509/man/man3/hx509_cert_ref.3 +hx509/man/man3/hx509_cert_set_friendly_name.3 +hx509/man/man3/hx509_certs_add.3 +hx509/man/man3/hx509_certs_append.3 +hx509/man/man3/hx509_certs_end_seq.3 +hx509/man/man3/hx509_certs_filter.3 +hx509/man/man3/hx509_certs_find.3 +hx509/man/man3/hx509_certs_free.3 +hx509/man/man3/hx509_certs_info.3 +hx509/man/man3/hx509_certs_init.3 +hx509/man/man3/hx509_certs_iter_f.3 +hx509/man/man3/hx509_certs_merge.3 +hx509/man/man3/hx509_certs_next_cert.3 +hx509/man/man3/hx509_certs_start_seq.3 +hx509/man/man3/hx509_certs_store.3 +hx509/man/man3/hx509_ci_print_names.3 +hx509/man/man3/hx509_clear_error_string.3 +hx509/man/man3/hx509_cms.3 +hx509/man/man3/hx509_cms_create_signed_1.3 +hx509/man/man3/hx509_cms_envelope_1.3 +hx509/man/man3/hx509_cms_unenvelope.3 +hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 +hx509/man/man3/hx509_cms_verify_signed.3 +hx509/man/man3/hx509_cms_wrap_ContentInfo.3 +hx509/man/man3/hx509_context_free.3 +hx509/man/man3/hx509_context_init.3 +hx509/man/man3/hx509_context_set_missing_revoke.3 +hx509/man/man3/hx509_crl_add_revoked_certs.3 +hx509/man/man3/hx509_crl_alloc.3 +hx509/man/man3/hx509_crl_free.3 +hx509/man/man3/hx509_crl_lifetime.3 +hx509/man/man3/hx509_crl_sign.3 +hx509/man/man3/hx509_crypto.3 +hx509/man/man3/hx509_env.3 +hx509/man/man3/hx509_env_add.3 +hx509/man/man3/hx509_env_add_binding.3 +hx509/man/man3/hx509_env_find.3 +hx509/man/man3/hx509_env_find_binding.3 +hx509/man/man3/hx509_env_free.3 +hx509/man/man3/hx509_env_lfind.3 +hx509/man/man3/hx509_err.3 +hx509/man/man3/hx509_error.3 +hx509/man/man3/hx509_free_error_string.3 +hx509/man/man3/hx509_free_octet_string_list.3 +hx509/man/man3/hx509_general_name_unparse.3 +hx509/man/man3/hx509_get_error_string.3 +hx509/man/man3/hx509_get_one_cert.3 +hx509/man/man3/hx509_keyset.3 +hx509/man/man3/hx509_lock.3 +hx509/man/man3/hx509_misc.3 +hx509/man/man3/hx509_name.3 +hx509/man/man3/hx509_name_binary.3 +hx509/man/man3/hx509_name_cmp.3 +hx509/man/man3/hx509_name_copy.3 +hx509/man/man3/hx509_name_expand.3 +hx509/man/man3/hx509_name_free.3 +hx509/man/man3/hx509_name_is_null_p.3 +hx509/man/man3/hx509_name_to_Name.3 +hx509/man/man3/hx509_name_to_string.3 +hx509/man/man3/hx509_ocsp_request.3 +hx509/man/man3/hx509_ocsp_verify.3 +hx509/man/man3/hx509_oid_print.3 +hx509/man/man3/hx509_oid_sprint.3 +hx509/man/man3/hx509_parse_name.3 +hx509/man/man3/hx509_peer.3 +hx509/man/man3/hx509_peer_info_add_cms_alg.3 +hx509/man/man3/hx509_peer_info_alloc.3 +hx509/man/man3/hx509_peer_info_free.3 +hx509/man/man3/hx509_peer_info_set_cert.3 +hx509/man/man3/hx509_peer_info_set_cms_algs.3 +hx509/man/man3/hx509_print.3 +hx509/man/man3/hx509_print_cert.3 +hx509/man/man3/hx509_print_stdout.3 +hx509/man/man3/hx509_query.3 +hx509/man/man3/hx509_query_alloc.3 +hx509/man/man3/hx509_query_free.3 +hx509/man/man3/hx509_query_match_cmp_func.3 +hx509/man/man3/hx509_query_match_eku.3 +hx509/man/man3/hx509_query_match_friendly_name.3 +hx509/man/man3/hx509_query_match_issuer_serial.3 +hx509/man/man3/hx509_query_match_option.3 +hx509/man/man3/hx509_query_statistic_file.3 +hx509/man/man3/hx509_query_unparse_stats.3 +hx509/man/man3/hx509_revoke.3 +hx509/man/man3/hx509_revoke_add_crl.3 +hx509/man/man3/hx509_revoke_add_ocsp.3 +hx509/man/man3/hx509_revoke_free.3 +hx509/man/man3/hx509_revoke_init.3 +hx509/man/man3/hx509_revoke_ocsp_print.3 +hx509/man/man3/hx509_revoke_verify.3 +hx509/man/man3/hx509_set_error_string.3 +hx509/man/man3/hx509_set_error_stringv.3 +hx509/man/man3/hx509_unparse_der_name.3 +hx509/man/man3/hx509_validate_cert.3 +hx509/man/man3/hx509_validate_ctx_add_flags.3 +hx509/man/man3/hx509_validate_ctx_free.3 +hx509/man/man3/hx509_validate_ctx_init.3 +hx509/man/man3/hx509_validate_ctx_set_print.3 +hx509/man/man3/hx509_verify.3 +hx509/man/man3/hx509_verify_attach_anchors.3 +hx509/man/man3/hx509_verify_attach_revoke.3 +hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 +hx509/man/man3/hx509_verify_destroy_ctx.3 +hx509/man/man3/hx509_verify_hostname.3 +hx509/man/man3/hx509_verify_init_ctx.3 +hx509/man/man3/hx509_verify_path.3 +hx509/man/man3/hx509_verify_set_max_depth.3 +hx509/man/man3/hx509_verify_set_proxy_certificate.3 +hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 +hx509/man/man3/hx509_verify_set_time.3 +hx509/man/man3/hx509_verify_signature.3 +hx509/man/man3/hx509_xfree.3 +hx509/man/man3/page_ca.3 +hx509/man/man3/page_cert.3 +hx509/man/man3/page_cms.3 +hx509/man/man3/page_env.3 +hx509/man/man3/page_error.3 +hx509/man/man3/page_keyset.3 +hx509/man/man3/page_lock.3 +hx509/man/man3/page_name.3 +hx509/man/man3/page_peer.3 +hx509/man/man3/page_print.3 +hx509/man/man3/page_revoke.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/html/annotated.html b/crypto/heimdal/doc/doxyout/krb5/html/annotated.html new file mode 100644 index 00000000000..a1b26bf40a4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/annotated.html @@ -0,0 +1,35 @@ + + +HeimdalKerberos5library: Data Structures + + + +

+keyhole logo +

+ + + +
+

Data Structures

Here are the data structures with brief descriptions: + +
krb5_crypto_iov
+
+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/doxygen.css b/crypto/heimdal/doc/doxyout/krb5/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/doxygen.png b/crypto/heimdal/doc/doxyout/krb5/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/krb5/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.html b/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.html new file mode 100644 index 00000000000..0446e821733 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.html @@ -0,0 +1,89 @@ + + +HeimdalKerberos5library: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.png b/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/krb5/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5.html new file mode 100644 index 00000000000..2c2163b4230 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5.html @@ -0,0 +1,2237 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 library + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 library

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_add_et_list (krb5_context context, void(*func)(struct et_list **))
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_password (krb5_context context, krb5_creds *creds, const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, krb5_data *result_string)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_context (krb5_context *context)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_context (krb5_context context, krb5_context *out)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_context (krb5_context context)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_config_files (krb5_context context, char **filenames)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_prepend_config_files_default (const char *filelist, char ***pfilenames)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_default_config_files (char ***pfilenames)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_config_files (char **filenames)
KRB5_LIB_FUNCTION const
+krb5_enctype *KRB5_LIB_CALL 		krb5_kerberos_enctypes (krb5_context context)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_default_in_tkt_etypes (krb5_context context, const krb5_enctype *etypes)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_default_in_tkt_etypes (krb5_context context, krb5_pdu pdu_type, krb5_enctype **etypes)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_init_ets (krb5_context context)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_get_use_admin_kdc (krb5_context context)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_add_extra_addresses (krb5_context context, krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_extra_addresses (krb5_context context, const krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_extra_addresses (krb5_context context, krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_add_ignore_addresses (krb5_context context, krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_ignore_addresses (krb5_context context, const krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_ignore_addresses (krb5_context context, krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_fcache_version (krb5_context context, int version)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_fcache_version (krb5_context context, int *version)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_is_thread_safe (void)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_get_dns_canonicalize_hostname (krb5_context context)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
KRB5_LIB_FUNCTION time_t
+KRB5_LIB_CALL 		krb5_get_max_time_skew (krb5_context context)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_set_max_time_skew (krb5_context context, time_t t)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_set_home_dir_access (krb5_context context, krb5_boolean allow)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_host_realm (krb5_context context, const krb5_realm *from, krb5_realm **to)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_cred_contents (krb5_context context, krb5_creds *c)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_creds_contents (krb5_context context, const krb5_creds *incred, krb5_creds *c)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_creds (krb5_context context, const krb5_creds *incred, krb5_creds **outcred)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_creds (krb5_context context, krb5_creds *c)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_compare_creds (krb5_context context, krb5_flags whichfields, const krb5_creds *mcreds, const krb5_creds *creds)
KRB5_LIB_FUNCTION unsigned
+long KRB5_LIB_CALL 		krb5_creds_get_ticket_flags (krb5_creds *creds)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_data_zero (krb5_data *p)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_data_free (krb5_data *p)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_data (krb5_context context, krb5_data *p)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_data_alloc (krb5_data *p, int len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_data_realloc (krb5_data *p, int len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_data_copy (krb5_data *p, const void *data, size_t len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_data (krb5_context context, const krb5_data *indata, krb5_data **outdata)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp (const krb5_data *data1, const krb5_data *data2)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_ct_cmp (const krb5_data *data1, const krb5_data *data2)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_krbhst_get_addrinfo (krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_ticket (krb5_context context, krb5_ticket *ticket)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_ticket (krb5_context context, const krb5_ticket *from, krb5_ticket **to)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ticket_get_client (krb5_context context, const krb5_ticket *ticket, krb5_principal *client)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ticket_get_server (krb5_context context, const krb5_ticket *ticket, krb5_principal *server)
KRB5_LIB_FUNCTION time_t
+KRB5_LIB_CALL 		krb5_ticket_get_endtime (krb5_context context, const krb5_ticket *ticket)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ticket_get_authorization_data_type (krb5_context context, krb5_ticket *ticket, int type, krb5_data *data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context  context,
void(*)(struct et_list **)  func 
)
+
+
+ +

+Add a specified list of error messages to the et list in context. Call func (probably a comerr-generated function) with a pointer to the current et_list.

+

Parameters:
+ + + +
context A kerberos context.
func The generated com_err et function.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses (krb5_context  context,
krb5_addresses *  addresses 
)
+
+
+ +

+Add extra address to the address list that the library will add to the client's address list when communicating with the KDC.

+

Parameters:
+ + + +
context Kerberos 5 context.
addresses addreses to add
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses (krb5_context  context,
krb5_addresses *  addresses 
)
+
+
+ +

+Add extra addresses to ignore when fetching addresses from the underlaying operating system.

+

Parameters:
+ + + +
context Kerberos 5 context.
addresses addreses to ignore
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds (krb5_context  context,
krb5_flags  whichfields,
const krb5_creds *  mcreds,
const krb5_creds *  creds 
)
+
+
+ +

+Return TRUE if `mcreds' and `creds' are equal (`whichfields' determines what equal means).

+The following flags, set in whichfields affects the comparison:

    +
  • KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal.
  • KRB5_TC_MATCH_KEYTYPE Compare enctypes.
  • KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical.
  • KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds .
  • KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly.
  • KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds.
  • KRB5_TC_MATCH_AUTHDATA Compares the authdata fields.
  • KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication).
  • KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket.
+

+

Parameters:
+ + + + + +
context Kerberos 5 context.
whichfields which fields to compare.
mcreds cred to compare with.
creds cred to compare with.
+
+
Returns:
return TRUE if mcred and creds are equal, FALSE if not.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context (krb5_context  context,
krb5_context *  out 
)
+
+
+ +

+Make a copy for the Kerberos 5 context, the new krb5_context shoud be freed with krb5_free_context().

+

Parameters:
+ + + +
context the Kerberos context to copy
out the copy of the Kerberos, set to NULL error.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context  context,
const krb5_creds *  incred,
krb5_creds **  outcred 
)
+
+
+ +

+Copy krb5_creds.

+

Parameters:
+ + + + +
context Kerberos 5 context.
incred source credential
outcred destination credential, free with krb5_free_creds().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context  context,
const krb5_creds *  incred,
krb5_creds *  c 
)
+
+
+ +

+Copy content of krb5_creds.

+

Parameters:
+ + + + +
context Kerberos 5 context.
incred source credential
c destination credential, free with krb5_free_cred_contents().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data (krb5_context  context,
const krb5_data *  indata,
krb5_data **  outdata 
)
+
+
+ +

+Copy the data into a newly allocated krb5_data.

+

Parameters:
+ + + + +
context Kerberos 5 context.
indata the krb5_data data to copy
outdata new krb5_date to copy too. Free with krb5_free_data().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm (krb5_context  context,
const krb5_realm *  from,
krb5_realm **  to 
)
+
+
+ +

+Copy the list of realms from `from' to `to'.

+

Parameters:
+ + + + +
context Kerberos 5 context.
from list of realms to copy from.
to list of realms to copy to, free list of krb5_free_host_realm().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket (krb5_context  context,
const krb5_ticket *  from,
krb5_ticket **  to 
)
+
+
+ +

+Copy ticket and content

+

Parameters:
+ + + + +
context a Kerberos 5 context
from ticket to copy
to new copy of ticket, free with krb5_free_ticket()
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags (krb5_creds *  creds  ) 
+
+
+ +

+Returns the ticket flags for the credentials in creds. See also krb5_ticket_get_flags().

+

Parameters:
+ + +
creds credential to get ticket flags from
+
+
Returns:
ticket flags
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc (krb5_data *  p,
int  len 
)
+
+
+ +

+Allocate data of and krb5_data.

+

Parameters:
+ + + +
p krb5_data to allocate.
len size to allocate.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp (const krb5_data *  data1,
const krb5_data *  data2 
)
+
+
+ +

+Compare to data.

+

Parameters:
+ + + +
data1 krb5_data to compare
data2 krb5_data to compare
+
+
Returns:
return the same way as memcmp(), useful when sorting.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy (krb5_data *  p,
const void *  data,
size_t  len 
)
+
+
+ +

+Copy the data of len into the krb5_data.

+

Parameters:
+ + + + +
p krb5_data to copy into.
data data to copy..
len new size.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_ct_cmp (const krb5_data *  data1,
const krb5_data *  data2 
)
+
+
+ +

+Compare to data not exposing timing information from the checksum data

+

Parameters:
+ + + +
data1 krb5_data to compare
data2 krb5_data to compare
+
+
Returns:
returns zero for same data, otherwise non zero.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free (krb5_data *  p  ) 
+
+
+ +

+Free the content of krb5_data structure, its ok to free a zeroed structure (with memset() or krb5_data_zero()). When done, the structure will be zeroed. The same function is called krb5_free_data_contents() in MIT Kerberos.

+

Parameters:
+ + +
p krb5_data to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc (krb5_data *  p,
int  len 
)
+
+
+ +

+Grow (or shrink) the content of krb5_data to a new size.

+

Parameters:
+ + + +
p krb5_data to free.
len new size.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero (krb5_data *  p  ) 
+
+
+ +

+Reset the (potentially uninitalized) krb5_data structure.

+

Parameters:
+ + +
p krb5_data to reset.
+
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files (char **  filenames  ) 
+
+
+ +

+Free a list of configuration files.

+

Parameters:
+ + +
filenames list, terminated with a NULL pointer, to be freed. NULL is an valid argument.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context (krb5_context  context  ) 
+
+
+ +

+Frees the krb5_context allocated by krb5_init_context().

+

Parameters:
+ + +
context context to be freed.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context  context,
krb5_creds *  c 
)
+
+
+ +

+Free content of krb5_creds.

+

Parameters:
+ + + +
context Kerberos 5 context.
c krb5_creds to free.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context  context,
krb5_creds *  c 
)
+
+
+ +

+Free krb5_creds.

+

Parameters:
+ + + +
context Kerberos 5 context.
c krb5_creds to free.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data (krb5_context  context,
krb5_data *  p 
)
+
+
+ +

+Free krb5_data (and its content).

+

Parameters:
+ + + +
context Kerberos 5 context.
p krb5_data to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket (krb5_context  context,
krb5_ticket *  ticket 
)
+
+
+ +

+Free ticket and content

+

Parameters:
+ + + +
context a Kerberos 5 context
ticket ticket to free
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files (char ***  pfilenames  ) 
+
+
+ +

+Get the global configuration list.

+

Parameters:
+ + +
pfilenames return array of filenames, should be freed with krb5_free_config_files().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes (krb5_context  context,
krb5_pdu  pdu_type,
krb5_enctype **  etypes 
)
+
+
+ +

+Get the default encryption types that will be use in communcation with the KDC, clients and servers.

+

Parameters:
+ + + +
context Kerberos 5 context.
etypes Encryption types, array terminated with ETYPE_NULL(0), caller should free array with krb5_xfree():
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context  context  ) 
+
+
+ +

+Get if the library uses DNS to canonicalize hostnames.

+

Parameters:
+ + +
context Kerberos 5 context.
+
+
Returns:
return non zero if the library uses DNS to canonicalize hostnames.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses (krb5_context  context,
krb5_addresses *  addresses 
)
+
+
+ +

+Get extra address to the address list that the library will add to the client's address list when communicating with the KDC.

+

Parameters:
+ + + +
context Kerberos 5 context.
addresses addreses to set
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version (krb5_context  context,
int *  version 
)
+
+
+ +

+Get version of fcache that the library should use.

+

Parameters:
+ + + +
context Kerberos 5 context.
version version number.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses (krb5_context  context,
krb5_addresses *  addresses 
)
+
+
+ +

+Get extra addresses to ignore when fetching addresses from the underlaying operating system.

+

Parameters:
+ + + +
context Kerberos 5 context.
addresses list addreses ignored
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context  context,
int32_t *  sec,
int32_t *  usec 
)
+
+
+ +

+Get current offset in time to the KDC.

+

Parameters:
+ + + + +
context Kerberos 5 context.
sec seconds part of offset.
usec micro seconds part of offset.
+
+
Returns:
returns zero
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context  context  ) 
+
+
+ +

+Get max time skew allowed.

+

Parameters:
+ + +
context Kerberos 5 context.
+
+
Returns:
timeskew in seconds.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context  context  ) 
+
+
+ +

+Make the kerberos library default to the admin KDC.

+

Parameters:
+ + +
context Kerberos 5 context.
+
+
Returns:
boolean flag to telling the context will use admin KDC as the default KDC.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context (krb5_context *  context  ) 
+
+
+ +

+Initializes the context structure and reads the configuration file /etc/krb5.conf. The structure should be freed by calling krb5_free_context() when it is no longer being used.

+

Parameters:
+ + +
context pointer to returned context
+
+
Returns:
Returns 0 to indicate success. Otherwise an errno code is returned. Failure means either that something bad happened during initialization (typically ENOMEM) or that Kerberos should not be used ENXIO.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context  context  ) 
+
+
+ +

+Init the built-in ets in the Kerberos library.

+

Parameters:
+ + +
context kerberos context to add the ets too
+
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe (void   ) 
+
+
+ +

+Runtime check if the Kerberos library was complied with thread support.

+

Returns:
TRUE if the library was compiled with thread support, FALSE if not.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION const krb5_enctype* KRB5_LIB_CALL krb5_kerberos_enctypes (krb5_context  context  ) 
+
+
+ +

+Returns the list of Kerberos encryption types sorted in order of most preferred to least preferred encryption type. Note that some encryption types might be disabled, so you need to check with krb5_enctype_valid() before using the encryption type.

+

Returns:
list of enctypes, terminated with ETYPE_NULL. Its a static array completed into the Kerberos library so the content doesn't need to be freed.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo (krb5_context  context,
krb5_krbhst_info *  host,
struct addrinfo **  ai 
)
+
+
+ +

+Return an `struct addrinfo *' for a KDC host.

+Returns an the struct addrinfo in in that corresponds to the information in `host'. free:ing is handled by krb5_krbhst_free, so the returned ai must not be released. +

+First try this as an IP address, this allows us to add a dot at the end to stop using the search domains.

+If the hostname contains a dot, assumes it's a FQDN and don't use search domains since that might be painfully slow when machine is disconnected from that network. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default (const char *  filelist,
char ***  pfilenames 
)
+
+
+ +

+Prepend the filename to the global configuration list.

+

Parameters:
+ + + +
filelist a filename to add to the default list of filename
pfilenames return array of filenames, should be freed with krb5_free_config_files().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files (krb5_context  context,
char **  filenames 
)
+
+
+ +

+Reinit the context from a new set of filenames.

+

Parameters:
+ + + +
context context to add configuration too.
filenames array of filenames, end of list is indicated with a NULL filename.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes (krb5_context  context,
const krb5_enctype *  etypes 
)
+
+
+ +

+Set the default encryption types that will be use in communcation with the KDC, clients and servers.

+

Parameters:
+ + + +
context Kerberos 5 context.
etypes Encryption types, array terminated with ETYPE_NULL (0).
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context  context,
krb5_boolean  flag 
)
+
+
+ +

+Set if the library should use DNS to canonicalize hostnames.

+

Parameters:
+ + + +
context Kerberos 5 context.
flag if its dns canonicalizion is used or not.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses (krb5_context  context,
const krb5_addresses *  addresses 
)
+
+
+ +

+Set extra address to the address list that the library will add to the client's address list when communicating with the KDC.

+

Parameters:
+ + + +
context Kerberos 5 context.
addresses addreses to set
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version (krb5_context  context,
int  version 
)
+
+
+ +

+Set version of fcache that the library should use.

+

Parameters:
+ + + +
context Kerberos 5 context.
version version number.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_set_home_dir_access (krb5_context  context,
krb5_boolean  allow 
)
+
+
+ +

+Enable and disable home directory access on either the global state or the krb5_context state. By calling krb5_set_home_dir_access() with context set to NULL, the global state is configured otherwise the state for the krb5_context is modified.

+For home directory access to be allowed, both the global state and the krb5_context state have to be allowed.

+Administrator (root user), never uses the home directory.

+

Parameters:
+ + + +
context a Kerberos 5 context or NULL
allow allow if TRUE home directory
+
+
Returns:
the old value
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses (krb5_context  context,
const krb5_addresses *  addresses 
)
+
+
+ +

+Set extra addresses to ignore when fetching addresses from the underlaying operating system.

+

Parameters:
+ + + +
context Kerberos 5 context.
addresses addreses to ignore
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset (krb5_context  context,
int32_t  sec,
int32_t  usec 
)
+
+
+ +

+Set current offset in time to the KDC.

+

Parameters:
+ + + + +
context Kerberos 5 context.
sec seconds part of offset.
usec micro seconds part of offset.
+
+
Returns:
returns zero
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context  context,
time_t  t 
)
+
+
+ +

+Set max time skew allowed.

+

Parameters:
+ + + +
context Kerberos 5 context.
t timeskew in seconds.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password (krb5_context  context,
krb5_creds *  creds,
const char *  newpw,
krb5_principal  targprinc,
int *  result_code,
krb5_data *  result_code_string,
krb5_data *  result_string 
)
+
+
+ +

+Change password using creds.

+

Parameters:
+ + + + + + + + +
context a Keberos context
creds The initial kadmin/passwd for the principal or an admin principal
newpw The new password to set
targprinc if unset, the default principal is used.
result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed.
result_code_string binary message from the server, contains at least the result_code.
result_string A message from the kpasswd service or the library in human printable form. The string is NUL terminated.
+
+
Returns:
On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed.
+@ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context  context,
krb5_timestamp  sec,
int32_t  usec 
)
+
+
+ +

+Set the absolute time that the caller knows the kdc has so the kerberos library can calculate the relative diffrence beteen the KDC time and local system time.

+

Parameters:
+ + + + +
context Keberos 5 context.
sec The applications new of "now" in seconds
usec The applications new of "now" in micro seconds
+
+
Returns:
Kerberos 5 error code, see krb5_get_error_message().
+ +

+If the caller passes in a negative usec, its assumed to be unknown and the function will use the current time usec. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context  context,
krb5_boolean  flag 
)
+
+
+ +

+Make the kerberos library default to the admin KDC.

+

Parameters:
+ + + +
context Kerberos 5 context.
flag boolean flag to select if the use the admin KDC or not.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type (krb5_context  context,
krb5_ticket *  ticket,
int  type,
krb5_data *  data 
)
+
+
+ +

+Extract the authorization data type of type from the ticket. Store the field in data. This function is to use for kerberos applications.

+

Parameters:
+ + + + + +
context a Kerberos 5 context
ticket Kerberos ticket
type type to fetch
data returned data, free with krb5_data_free()
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client (krb5_context  context,
const krb5_ticket *  ticket,
krb5_principal *  client 
)
+
+
+ +

+Return client principal in ticket

+

Parameters:
+ + + + +
context a Kerberos 5 context
ticket ticket to copy
client client principal, free with krb5_free_principal()
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime (krb5_context  context,
const krb5_ticket *  ticket 
)
+
+
+ +

+Return end time of ticket

+

Parameters:
+ + + +
context a Kerberos 5 context
ticket ticket to copy
+
+
Returns:
end time of ticket
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server (krb5_context  context,
const krb5_ticket *  ticket,
krb5_principal *  server 
)
+
+
+ +

+Return server principal in ticket

+

Parameters:
+ + + + +
context a Kerberos 5 context
ticket ticket to copy
server server principal, free with krb5_free_principal()
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__address.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__address.html new file mode 100644 index 00000000000..395e32360ea --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__address.html @@ -0,0 +1,1003 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 address functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 address functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_sockaddr2address (krb5_context context, const struct sockaddr *sa, krb5_address *addr)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_sockaddr2port (krb5_context context, const struct sockaddr *sa, int16_t *port)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_addr2sockaddr (krb5_context context, const krb5_address *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
KRB5_LIB_FUNCTION size_t
+KRB5_LIB_CALL 		krb5_max_sockaddr_size (void)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_sockaddr_uninteresting (const struct sockaddr *sa)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_h_addr2sockaddr (krb5_context context, int af, const char *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_h_addr2addr (krb5_context context, int af, const char *haddr, krb5_address *addr)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_anyaddr (krb5_context context, int af, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_print_address (const krb5_address *addr, char *str, size_t len, size_t *ret_len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_parse_address (krb5_context context, const char *string, krb5_addresses *addresses)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_address_compare (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_address_search (krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_address (krb5_context context, krb5_address *address)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_addresses (krb5_context context, krb5_addresses *addresses)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_address (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_addresses (krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_append_addresses (krb5_context context, krb5_addresses *dest, const krb5_addresses *source)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_make_addrport (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_address_prefixlen_boundary (krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, krb5_address *low, krb5_address *high)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context  context,
const krb5_address *  addr,
struct sockaddr *  sa,
krb5_socklen_t *  sa_size,
int  port 
)
+
+
+ +

+krb5_addr2sockaddr sets the "struct sockaddr sockaddr" from addr and port. The argument sa_size should initially contain the size of the sa and after the call, it will contain the actual length of the address. In case of the sa is too small to fit the whole address, the up to *sa_size will be stored, and then *sa_size will be set to the required length.

+

Parameters:
+ + + + + + +
context a Keberos context
addr the address to copy the from
sa the struct sockaddr that will be filled in
sa_size pointer to length of sa, and after the call, it will contain the actual length of the address.
port set port in sa.
+
+
Returns:
Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare (krb5_context  context,
const krb5_address *  addr1,
const krb5_address *  addr2 
)
+
+
+ +

+krb5_address_compare compares the addresses addr1 and addr2. Returns TRUE if the two addresses are the same.

+

Parameters:
+ + + + +
context a Keberos context
addr1 address to compare
addr2 address to compare
+
+
Returns:
Return an TRUE is the address are the same FALSE if not
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order (krb5_context  context,
const krb5_address *  addr1,
const krb5_address *  addr2 
)
+
+
+ +

+krb5_address_order compares the addresses addr1 and addr2 so that it can be used for sorting addresses. If the addresses are the same address krb5_address_order will return 0. Behavies like memcmp(2).

+

Parameters:
+ + + + +
context a Keberos context
addr1 krb5_address to compare
addr2 krb5_address to compare
+
+
Returns:
< 0 if address addr1 in "less" then addr2. 0 if addr1 and addr2 is the same address, > 0 if addr2 is "less" then addr1.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary (krb5_context  context,
const krb5_address *  inaddr,
unsigned long  prefixlen,
krb5_address *  low,
krb5_address *  high 
)
+
+
+ +

+Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low' and `high'.

+

Parameters:
+ + + + + + +
context a Keberos context
inaddr address in prefixlen that the bondery searched
prefixlen width of boundery
low lowest address
high highest address
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search (krb5_context  context,
const krb5_address *  addr,
const krb5_addresses *  addrlist 
)
+
+
+ +

+krb5_address_search checks if the address addr is a member of the address set list addrlist .

+

Parameters:
+ + + + +
context a Keberos context.
addr address to search for.
addrlist list of addresses to look in for addr.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context  context,
int  af,
struct sockaddr *  sa,
krb5_socklen_t *  sa_size,
int  port 
)
+
+
+ +

+krb5_anyaddr fills in a "struct sockaddr sa" that can be used to bind(2) to. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address.

+

Parameters:
+ + + + + + +
context a Keberos context
af address family
sa sockaddr
sa_size lenght of sa.
port for to fill into sa.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses (krb5_context  context,
krb5_addresses *  dest,
const krb5_addresses *  source 
)
+
+
+ +

+krb5_append_addresses adds the set of addresses in source to dest. While copying the addresses, duplicates are also sorted out.

+

Parameters:
+ + + + +
context a Keberos context
dest destination of copy operation
source adresses that are going to be added to dest
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address (krb5_context  context,
const krb5_address *  inaddr,
krb5_address *  outaddr 
)
+
+
+ +

+krb5_copy_address copies the content of address inaddr to outaddr.

+

Parameters:
+ + + + +
context a Keberos context
inaddr pointer to source address
outaddr pointer to destination address
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses (krb5_context  context,
const krb5_addresses *  inaddr,
krb5_addresses *  outaddr 
)
+
+
+ +

+krb5_copy_addresses copies the content of addresses inaddr to outaddr.

+

Parameters:
+ + + + +
context a Keberos context
inaddr pointer to source addresses
outaddr pointer to destination addresses
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address (krb5_context  context,
krb5_address *  address 
)
+
+
+ +

+krb5_free_address frees the data stored in the address that is alloced with any of the krb5_address functions.

+

Parameters:
+ + + +
context a Keberos context
address addresss to be freed.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses (krb5_context  context,
krb5_addresses *  addresses 
)
+
+
+ +

+krb5_free_addresses frees the data stored in the address that is alloced with any of the krb5_address functions.

+

Parameters:
+ + + +
context a Keberos context
addresses addressses to be freed.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context  context,
int  af,
const char *  haddr,
krb5_address *  addr 
)
+
+
+ +

+krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it operates on a krb5_address instead of a struct sockaddr.

+

Parameters:
+ + + + + +
context a Keberos context
af address family
haddr host address from struct hostent.
addr returned krb5_address.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context  context,
int  af,
const char *  addr,
struct sockaddr *  sa,
krb5_socklen_t *  sa_size,
int  port 
)
+
+
+ +

+krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and the "struct hostent" (see gethostbyname(3) ) h_addr_list component. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address.

+

Parameters:
+ + + + + + + +
context a Keberos context
af addresses
addr address
sa returned struct sockaddr
sa_size size of sa
port port to set in sa.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context  context,
krb5_address **  res,
const krb5_address *  addr,
int16_t  port 
)
+
+
+ +

+Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port)

+

Parameters:
+ + + + + +
context a Keberos context
res built address from addr/port
addr address to use
port port to use
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void   ) 
+
+
+ +

+krb5_max_sockaddr_size returns the max size of the .Li struct sockaddr that the Kerberos library will return.

+

Returns:
Return an size_t of the maximum struct sockaddr.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address (krb5_context  context,
const char *  string,
krb5_addresses *  addresses 
)
+
+
+ +

+krb5_parse_address returns the resolved hostname in string to the krb5_addresses addresses .

+

Parameters:
+ + + + +
context a Keberos context
string 
addresses 
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address *  addr,
char *  str,
size_t  len,
size_t *  ret_len 
)
+
+
+ +

+krb5_print_address prints the address in addr to the string string that have the length len. If ret_len is not NULL, it will be filled with the length of the string if size were unlimited (not including the final NUL) .

+

Parameters:
+ + + + + +
addr address to be printed
str pointer string to print the address into
len length that will fit into area pointed to by "str".
ret_len return length the str.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context  context,
const struct sockaddr *  sa,
krb5_address *  addr 
)
+
+
+ +

+krb5_sockaddr2address stores a address a "struct sockaddr" sa in the krb5_address addr.

+

Parameters:
+ + + + +
context a Keberos context
sa a struct sockaddr to extract the address from
addr an Kerberos 5 address to store the address in.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context  context,
const struct sockaddr *  sa,
int16_t *  port 
)
+
+
+ +

+krb5_sockaddr2port extracts a port (if possible) from a "struct sockaddr.

+

Parameters:
+ + + + +
context a Keberos context
sa a struct sockaddr to extract the port from
port a pointer to an int16_t store the port in.
+
+
Returns:
Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr *  sa  ) 
+
+
+ +

+krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the kerberos library thinks are uninteresting. One example are link local addresses.

+

Parameters:
+ + +
sa pointer to struct sockaddr that might be interesting.
+
+
Returns:
Return a non zero for uninteresting addresses.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__auth.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__auth.html new file mode 100644 index 00000000000..26fcd3ab55a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__auth.html @@ -0,0 +1,320 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 authentication functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 authentication functions

+ + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_rd_req_in_ctx_alloc (krb5_context context, krb5_rd_req_in_ctx *ctx)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_rd_req_in_set_pac_check (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_rd_req_out_get_server (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal *principal)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_rd_req_out_ctx_free (krb5_context context, krb5_rd_req_out_ctx ctx)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_rd_req_ctx (krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx *outctx)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx (krb5_context  context,
krb5_auth_context *  auth_context,
const krb5_data *  inbuf,
krb5_const_principal  server,
krb5_rd_req_in_ctx  inctx,
krb5_rd_req_out_ctx *  outctx 
)
+
+
+ +

+The core server function that verify application authentication requests from clients.

+

Parameters:
+ + + + + + + +
context Keberos 5 context.
auth_context the authentication context, can be NULL, then default values for the authentication context will used.
inbuf the (AP-REQ) authentication buffer
server the server with authenticate as, if NULL the function will try to find any available credential in the keytab that will verify the reply. The function will prefer the server the server client specified in the AP-REQ, but if there is no mach, it will try all keytab entries for a match. This have serious performance issues for larger keytabs.
inctx control the behavior of the function, if NULL, the default behavior is used.
outctx the return outctx, free with krb5_rd_req_out_ctx_free().
+
+
Returns:
Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc (krb5_context  context,
krb5_rd_req_in_ctx *  ctx 
)
+
+
+ +

+Allocate a krb5_rd_req_in_ctx as an input parameter to krb5_rd_req_ctx(). The caller should free the context with krb5_rd_req_in_ctx_free() when done with the context.

+

Parameters:
+ + + +
context Keberos 5 context.
ctx in ctx to krb5_rd_req_ctx().
+
+
Returns:
Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab (krb5_context  context,
krb5_rd_req_in_ctx  in,
krb5_keytab  keytab 
)
+
+
+ +

+Set the keytab that krb5_rd_req_ctx() will use.

+

Parameters:
+ + + + +
context Keberos 5 context.
in in ctx to krb5_rd_req_ctx().
keytab keytab that krb5_rd_req_ctx() will use, only copy the pointer, so the caller must free they keytab after krb5_rd_req_in_ctx_free() is called.
+
+
Returns:
Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check (krb5_context  context,
krb5_rd_req_in_ctx  in,
krb5_boolean  flag 
)
+
+
+ +

+Set if krb5_rq_red() is going to check the Windows PAC or not

+

Parameters:
+ + + + +
context Keberos 5 context.
in krb5_rd_req_in_ctx to check the option on.
flag flag to select if to check the pac (TRUE) or not (FALSE).
+
+
Returns:
Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free (krb5_context  context,
krb5_rd_req_out_ctx  ctx 
)
+
+
+ +

+Free the krb5_rd_req_out_ctx.

+

Parameters:
+ + + +
context Keberos 5 context.
ctx krb5_rd_req_out_ctx context to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server (krb5_context  context,
krb5_rd_req_out_ctx  out,
krb5_principal *  principal 
)
+
+
+ +

+Get the principal that was used in the request from the client. Might not match whats in the ticket if krb5_rd_req_ctx() searched in the keytab for a matching key.

+

Parameters:
+ + + + +
context a Kerberos 5 context.
out a krb5_rd_req_out_ctx from krb5_rd_req_ctx().
principal return principal, free with krb5_free_principal().
+
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__ccache.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__ccache.html new file mode 100644 index 00000000000..7f2c77f84ea --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__ccache.html @@ -0,0 +1,2264 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 credential cache functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 credential cache functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_register (krb5_context context, const krb5_cc_ops *ops, krb5_boolean override)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_new_unique (krb5_context context, const char *type, const char *hint, krb5_ccache *id)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_cc_get_name (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_cc_get_type (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_full_name (krb5_context context, krb5_ccache id, char **str)
KRB5_LIB_FUNCTION const
+krb5_cc_ops *KRB5_LIB_CALL 		krb5_cc_get_ops (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_switch (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_cc_support_switch (krb5_context context, const char *type)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_set_default_name (krb5_context context, const char *name)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_cc_default_name (krb5_context context)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_default (krb5_context context, krb5_ccache *id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_initialize (krb5_context context, krb5_ccache id, krb5_principal primary_principal)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_destroy (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_close (krb5_context context, krb5_ccache id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_store_cred (krb5_context context, krb5_ccache id, krb5_creds *creds)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_retrieve_cred (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds *mcreds, krb5_creds *creds)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_principal (krb5_context context, krb5_ccache id, krb5_principal *principal)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_remove_cred (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_set_flags (krb5_context context, krb5_ccache id, krb5_flags flags)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_flags (krb5_context context, krb5_ccache id, krb5_flags *flags)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_copy_match_f (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*match)(krb5_context, void *, const krb5_creds *), void *matchctx, unsigned int *matched)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_copy_cache (krb5_context context, const krb5_ccache from, krb5_ccache to)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_version (krb5_context context, const krb5_ccache id)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_cc_clear_mcred (krb5_creds *mcred)
KRB5_LIB_FUNCTION const
+krb5_cc_ops *KRB5_LIB_CALL 		krb5_cc_get_prefix_ops (krb5_context context, const char *prefix)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_cache_get_first (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache *id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_move (krb5_context context, krb5_ccache from, krb5_ccache to)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_is_config_principal (krb5_context context, krb5_const_principal principal)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_set_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cccol_cursor_new (krb5_context context, krb5_cccol_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cccol_cursor_next (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cccol_cursor_free (krb5_context context, krb5_cccol_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cccol_last_change_time (krb5_context context, const char *type, krb5_timestamp *mtime)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_friendly_name (krb5_context context, krb5_ccache id, char **name)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_set_friendly_name (krb5_context context, krb5_ccache id, const char *name)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_lifetime (krb5_context context, krb5_ccache id, time_t *t)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_set_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat offset)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_get_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat *offset)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_gen_new (krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cc_copy_creds (krb5_context context, const krb5_ccache from, krb5_ccache to)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_validated_creds (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *service)

Variables

KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context  context,
krb5_cc_cache_cursor  cursor 
)
+
+
+ +

+Destroy the cursor `cursor'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context  context,
const char *  type,
krb5_cc_cache_cursor *  cursor 
)
+
+
+ +

+Start iterating over all caches of specified type. See also krb5_cccol_cursor_new().

+

Parameters:
+ + + + +
context A Kerberos 5 context
type optional type to iterate over, if NULL, the default cache is used.
cursor cursor should be freed with krb5_cc_cache_end_seq_get().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context  context,
krb5_principal  client,
krb5_ccache *  id 
)
+
+
+ +

+Search for a matching credential cache that have the `principal' as the default principal. On success, `id' needs to be freed with krb5_cc_close() or krb5_cc_destroy().

+

Parameters:
+ + + + +
context A Kerberos 5 context
client The principal to search for
id the returned credential cache
+
+
Returns:
On failure, error code is returned and `id' is set to NULL.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context  context,
krb5_cc_cache_cursor  cursor,
krb5_ccache *  id 
)
+
+
+ +

+Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'.

+

Parameters:
+ + + + +
context A Kerberos 5 context
cursor the iterator cursor, returned by krb5_cc_cache_get_first()
id next ccache
+
+
Returns:
Return 0 or an error code. Returns KRB5_CC_END when the end of caches is reached, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds *  mcred  ) 
+
+
+ +

+Clear `mcreds' so it can be used with krb5_cc_retrieve_cred +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close (krb5_context  context,
krb5_ccache  id 
)
+
+
+ +

+Stop using the ccache `id' and free the related resources.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache (krb5_context  context,
const krb5_ccache  from,
krb5_ccache  to 
)
+
+
+ +

+Just like krb5_cc_copy_match_f(), but copy everything.

+@ +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds (krb5_context  context,
const krb5_ccache  from,
krb5_ccache  to 
)
+
+
+ +

+MIT compat glue +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f (krb5_context  context,
const krb5_ccache  from,
krb5_ccache  to,
krb5_boolean(*)(krb5_context, void *, const krb5_creds *)  match,
void *  matchctx,
unsigned int *  matched 
)
+
+
+ +

+Copy the contents of `from' to `to' if the given match function return true.

+

Parameters:
+ + + + + + + +
context A Kerberos 5 context.
from the cache to copy data from.
to the cache to copy data to.
match a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied.
matchctx context passed to match function.
matched set to true if there was a credential that matched, may be NULL.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default (krb5_context  context,
krb5_ccache *  id 
)
+
+
+ +

+Open the default ccache in `id'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context  context  ) 
+
+
+ +

+Return a pointer to a context static string containing the default ccache name.

+

Returns:
String to the default credential cache name.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy (krb5_context  context,
krb5_ccache  id 
)
+
+
+ +

+Remove the ccache `id'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context  context,
const krb5_ccache  id,
krb5_cc_cursor *  cursor 
)
+
+
+ +

+Destroy the cursor `cursor'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new (krb5_context  context,
const krb5_cc_ops *  ops,
krb5_ccache *  id 
)
+
+
+ +

+Generate a new ccache of type `ops' in `id'.

+Deprecated: use krb5_cc_new_unique() instead.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config (krb5_context  context,
krb5_ccache  id,
krb5_const_principal  principal,
const char *  name,
krb5_data *  data 
)
+
+
+ +

+Get some configuration for the credential cache in the cache.

+

Parameters:
+ + + + + + +
context a Keberos context
id the credential cache to store the data for
principal configuration for a specific principal, if NULL, global for the whole cache.
name name under which the configuraion is stored.
data data to fetched, free with krb5_data_free()
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags (krb5_context  context,
krb5_ccache  id,
krb5_flags *  flags 
)
+
+
+ +

+Get the flags of `id', store them in `flags'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name (krb5_context  context,
krb5_ccache  id,
char **  name 
)
+
+
+ +

+Return a friendly name on credential cache. Free the result with krb5_xfree().

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name (krb5_context  context,
krb5_ccache  id,
char **  str 
)
+
+
+ +

+Return the complete resolvable name the cache

+

Parameters:
+ + + + +
context a Keberos context
id return pointer to a found credential cache
str the returned name of a credential cache, free with krb5_xfree()
+
+
Returns:
Returns 0 or an error (and then *str is set to NULL).
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset (krb5_context  context,
krb5_ccache  id,
krb5_deltat *  offset 
)
+
+
+ +

+Get the time offset betwen the client and the KDC

+If the backend doesn't support KDC offset, use the context global setting.

+

Parameters:
+ + + + +
context A Kerberos 5 context.
id a credential cache
offset the offset in seconds
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime (krb5_context  context,
krb5_ccache  id,
time_t *  t 
)
+
+
+ +

+Get the lifetime of the initial ticket in the cache

+Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned.

+

Parameters:
+ + + + +
context A Kerberos 5 context.
id a credential cache
t the relative lifetime of the initial ticket
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name (krb5_context  context,
krb5_ccache  id 
)
+
+
+ +

+Return the name of the ccache `id' +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_ops (krb5_context  context,
krb5_ccache  id 
)
+
+
+ +

+Return krb5_cc_ops of a the ccache `id'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_prefix_ops (krb5_context  context,
const char *  prefix 
)
+
+
+ +

+Get the cc ops that is registered in `context' to handle the prefix. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one. If prefix the argument is NULL, the default ccache implemtation is returned.

+

Returns:
Returns NULL if ops not found.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal (krb5_context  context,
krb5_ccache  id,
krb5_principal *  principal 
)
+
+
+ +

+Return the principal of `id' in `principal'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type (krb5_context  context,
krb5_ccache  id 
)
+
+
+ +

+Return the type of the ccache `id'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version (krb5_context  context,
const krb5_ccache  id 
)
+
+
+ +

+Return the version of `id'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize (krb5_context  context,
krb5_ccache  id,
krb5_principal  primary_principal 
)
+
+
+ +

+Create a new ccache in `id' for `primary_principal'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time (krb5_context  context,
krb5_ccache  id,
krb5_timestamp *  mtime 
)
+
+
+ +

+Return the last time the credential cache was modified.

+

Parameters:
+ + + + +
context A Kerberos 5 context
id The credential cache to probe
mtime the last modification time, set to 0 on error.
+
+
Returns:
Return 0 or and error. See krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move (krb5_context  context,
krb5_ccache  from,
krb5_ccache  to 
)
+
+
+ +

+Move the content from one credential cache to another. The operation is an atomic switch.

+

Parameters:
+ + + + +
context a Keberos context
from the credential cache to move the content from
to the credential cache to move the content to
+
+
Returns:
On sucess, from is freed. On failure, error code is returned and from and to are both still allocated, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique (krb5_context  context,
const char *  type,
const char *  hint,
krb5_ccache *  id 
)
+
+
+ +

+Generates a new unique ccache of `type` in `id'. If `type' is NULL, the library chooses the default credential cache type. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context  context,
const krb5_ccache  id,
krb5_cc_cursor *  cursor,
krb5_creds *  creds 
)
+
+
+ +

+Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register (krb5_context  context,
const krb5_cc_ops *  ops,
krb5_boolean  override 
)
+
+
+ +

+Add a new ccache type with operations `ops', overwriting any existing one if `override'.

+

Parameters:
+ + + + +
context a Keberos context
ops type of plugin symbol
override flag to select if the registration is to overide an existing ops with the same name.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred (krb5_context  context,
krb5_ccache  id,
krb5_flags  which,
krb5_creds *  cred 
)
+
+
+ +

+Remove the credential identified by `cred', `which' from `id'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve (krb5_context  context,
const char *  name,
krb5_ccache *  id 
)
+
+
+ +

+Find and allocate a ccache in `id' from the specification in `residual'. If the ccache name doesn't contain any colon, interpret it as a file name.

+

Parameters:
+ + + + +
context a Keberos context.
name string name of a credential cache.
id return pointer to a found credential cache.
+
+
Returns:
Return 0 or an error code. In case of an error, id is set to NULL, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred (krb5_context  context,
krb5_ccache  id,
krb5_flags  whichfields,
const krb5_creds *  mcreds,
krb5_creds *  creds 
)
+
+
+ +

+Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'. 'creds' must be free by the caller using krb5_free_cred_contents.

+

Parameters:
+ + + + + + +
context A Kerberos 5 context
id a Kerberos 5 credential cache
whichfields what fields to use for matching credentials, same flags as whichfields in krb5_compare_creds()
mcreds template credential to use for comparing
creds returned credential, free with krb5_free_cred_contents()
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config (krb5_context  context,
krb5_ccache  id,
krb5_const_principal  principal,
const char *  name,
krb5_data *  data 
)
+
+
+ +

+Store some configuration for the credential cache in the cache. Existing configuration under the same name is over-written.

+

Parameters:
+ + + + + + +
context a Keberos context
id the credential cache to store the data for
principal configuration for a specific principal, if NULL, global for the whole cache.
name name under which the configuraion is stored.
data data to store, if NULL, configure is removed.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name (krb5_context  context,
const char *  name 
)
+
+
+ +

+Set the default cc name for `context' to `name'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags (krb5_context  context,
krb5_ccache  id,
krb5_flags  flags 
)
+
+
+ +

+Set the flags of `id' to `flags'. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name (krb5_context  context,
krb5_ccache  id,
const char *  name 
)
+
+
+ +

+Set the friendly name on credential cache.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset (krb5_context  context,
krb5_ccache  id,
krb5_deltat  offset 
)
+
+
+ +

+Set the time offset betwen the client and the KDC

+If the backend doesn't support KDC offset, use the context global setting.

+

Parameters:
+ + + + +
context A Kerberos 5 context.
id a credential cache
offset the offset in seconds
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context  context,
const krb5_ccache  id,
krb5_cc_cursor *  cursor 
)
+
+
+ +

+Start iterating over `id', `cursor' is initialized to the beginning. Caller must free the cursor with krb5_cc_end_seq_get().

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred (krb5_context  context,
krb5_ccache  id,
krb5_creds *  creds 
)
+
+
+ +

+Store `creds' in the ccache `id'.

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch (krb5_context  context,
const char *  type 
)
+
+
+ +

+Return true if the default credential cache support switch +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch (krb5_context  context,
krb5_ccache  id 
)
+
+
+ +

+Switch the default default credential cache for a specific credcache type (and name for some implementations).

+

Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free (krb5_context  context,
krb5_cccol_cursor *  cursor 
)
+
+
+ +

+End an iteration and free all resources, can be done before end is reached.

+

Parameters:
+ + + +
context A Kerberos 5 context
cursor the iteration cursor to be freed.
+
+
Returns:
Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new (krb5_context  context,
krb5_cccol_cursor *  cursor 
)
+
+
+ +

+Get a new cache interation cursor that will interate over all credentials caches independent of type.

+

Parameters:
+ + + +
context a Keberos context
cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free().
+
+
Returns:
Returns 0 or and error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next (krb5_context  context,
krb5_cccol_cursor  cursor,
krb5_ccache *  cache 
)
+
+
+ +

+Get next credential cache from the iteration.

+

Parameters:
+ + + + +
context A Kerberos 5 context
cursor the iteration cursor
cache the returned cursor, pointer is set to NULL on failure and a cache on success. The returned cache needs to be freed with krb5_cc_close() or destroyed with krb5_cc_destroy(). MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0.
+
+
Returns:
Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time (krb5_context  context,
const char *  type,
krb5_timestamp *  mtime 
)
+
+
+ +

+Return the last modfication time for a cache collection. The query can be limited to a specific cache type. If the function return 0 and mtime is 0, there was no credentials in the caches.

+

Parameters:
+ + + + +
context A Kerberos 5 context
type The credential cache to probe, if NULL, all type are traversed.
mtime the last modification time, set to 0 on error.
+
+
Returns:
Return 0 or and error. See krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds (krb5_context  context,
krb5_creds *  creds,
krb5_principal  client,
krb5_ccache  ccache,
char *  service 
)
+
+
+ +

+Validate the newly fetch credential, see also krb5_verify_init_creds().

+

Parameters:
+ + + + + + +
context a Kerberos 5 context
creds the credentials to verify
client the client name to match up
ccache the credential cache to use
service a service name to use, used with krb5_sname_to_principal() to build a hostname to use to verify.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal (krb5_context  context,
krb5_const_principal  principal 
)
+
+
+ +

+Return TRUE (non zero) if the principal is a configuration principal (generated part of krb5_cc_set_config()). Returns FALSE (zero) if not a configuration principal.

+

Parameters:
+ + + +
context a Keberos context
principal principal to check if it a configuration principal
+
+ +
+

+

Variable Documentation

+ +
+
+ + + + +
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops
+
+
+ +

+Initial value:

 {
+    KRB5_CC_OPS_VERSION,
+    "API",
+    acc_get_name,
+    acc_resolve,
+    acc_gen_new,
+    acc_initialize,
+    acc_destroy,
+    acc_close,
+    acc_store_cred,
+    NULL, 
+    acc_get_principal,
+    acc_get_first,
+    acc_get_next,
+    acc_end_get,
+    acc_remove_cred,
+    acc_set_flags,
+    acc_get_version,
+    acc_get_cache_first,
+    acc_get_cache_next,
+    acc_end_cache_get,
+    acc_move,
+    acc_get_default_name,
+    acc_set_default,
+    acc_lastchange,
+    NULL,
+    NULL,
+}
+
Variable containing the API based credential cache implemention. +
+

+ +

+
+ + + + +
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops
+
+
+ +

+Initial value:

 {
+    KRB5_CC_OPS_VERSION,
+    "FILE",
+    fcc_get_name,
+    fcc_resolve,
+    fcc_gen_new,
+    fcc_initialize,
+    fcc_destroy,
+    fcc_close,
+    fcc_store_cred,
+    NULL, 
+    fcc_get_principal,
+    fcc_get_first,
+    fcc_get_next,
+    fcc_end_get,
+    fcc_remove_cred,
+    fcc_set_flags,
+    fcc_get_version,
+    fcc_get_cache_first,
+    fcc_get_cache_next,
+    fcc_end_cache_get,
+    fcc_move,
+    fcc_get_default_name,
+    NULL,
+    fcc_lastchange,
+    fcc_set_kdc_offset,
+    fcc_get_kdc_offset
+}
+
Variable containing the FILE based credential cache implemention. +
+

+ +

+
+ + + + +
KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops
+
+
+ +

+Initial value:

 {
+    KRB5_CC_OPS_VERSION,
+    "MEMORY",
+    mcc_get_name,
+    mcc_resolve,
+    mcc_gen_new,
+    mcc_initialize,
+    mcc_destroy,
+    mcc_close,
+    mcc_store_cred,
+    NULL, 
+    mcc_get_principal,
+    mcc_get_first,
+    mcc_get_next,
+    mcc_end_get,
+    mcc_remove_cred,
+    mcc_set_flags,
+    NULL,
+    mcc_get_cache_first,
+    mcc_get_cache_next,
+    mcc_end_cache_get,
+    mcc_move,
+    mcc_default_name,
+    NULL,
+    mcc_lastchange,
+    mcc_set_kdc_offset,
+    mcc_get_kdc_offset
+}
+
Variable containing the MEMORY based credential cache implemention. +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__credential.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__credential.html new file mode 100644 index 00000000000..c43802a3023 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__credential.html @@ -0,0 +1,858 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 credential handing functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 credential handing functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char *hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data *out_data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char *hostname, krb5_creds *in_creds, krb5_data *out_data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt **opt)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt *opt)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *rctx)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char *service)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char *password)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_krbhst_info *hostinfo, unsigned int *flags)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_init_creds_password (krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_init_creds_keyblock (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keyblock *keyblock, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_init_creds_keytab (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context  context,
krb5_auth_context  auth_context,
const char *  hostname,
krb5_principal  client,
krb5_principal  server,
krb5_ccache  ccache,
int  forwardable,
krb5_data *  out_data 
)
+
+
+ +

+Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data. If hostname == NULL, pick it from server.

+

Parameters:
+ + + + + + + + + +
context A kerberos 5 context.
auth_context the auth context with the key to encrypt the out_data.
hostname the host to forward the tickets too.
client the client to delegate from.
server the server to delegate the credential too.
ccache credential cache to use.
forwardable make the forwarded ticket forwabledable.
out_data the resulting credential.
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context  context,
krb5_auth_context  auth_context,
krb5_ccache  ccache,
krb5_flags  flags,
const char *  hostname,
krb5_creds *  in_creds,
krb5_data *  out_data 
)
+
+
+ +

+Gets tickets forwarded to hostname. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less.

+If the ticket have any address, hostname will be used for figure out the address to forward the ticket too. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS. This IPv6 address might be used communications and thus the resulting ticket useless.

+

Parameters:
+ + + + + + + + +
context A kerberos 5 context.
auth_context the auth context with the key to encrypt the out_data.
ccache credential cache to use
flags the flags to control the resulting ticket flags
hostname the host to forward the tickets too.
in_creds the in client and server ticket names. The client and server components forwarded to the remote host.
out_data the resulting credential.
+
+
Returns:
Return an error code or 0.
+ +

+Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets. The session key is used otherwise to encrypt the forwarded ticket. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context  context,
krb5_creds *  creds,
krb5_principal  client,
krb5_keyblock *  keyblock,
krb5_deltat  start_time,
const char *  in_tkt_service,
krb5_get_init_creds_opt *  options 
)
+
+
+ +

+Get new credentials using keyblock. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context  context,
krb5_creds *  creds,
krb5_principal  client,
krb5_keytab  keytab,
krb5_deltat  start_time,
const char *  in_tkt_service,
krb5_get_init_creds_opt *  options 
)
+
+
+ +

+Get new credentials using keytab. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context  context,
krb5_get_init_creds_opt **  opt 
)
+
+
+ +

+Allocate a new krb5_get_init_creds_opt structure, free with krb5_get_init_creds_opt_free(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context  context,
krb5_get_init_creds_opt *  opt 
)
+
+
+ +

+Free krb5_get_init_creds_opt structure. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context  context,
krb5_creds *  creds,
krb5_principal  client,
const char *  password,
krb5_prompter_fct  prompter,
void *  data,
krb5_deltat  start_time,
const char *  in_tkt_service,
krb5_get_init_creds_opt *  options 
)
+
+
+ +

+Get new credentials using password. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context  context,
krb5_init_creds_context  ctx 
)
+
+
+ +

+Free the krb5_init_creds_context allocated by krb5_init_creds_init().

+

Parameters:
+ + + +
context A Kerberos 5 context.
ctx The krb5_init_creds_context to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context  context,
krb5_init_creds_context  ctx 
)
+
+
+ +

+Get new credentials as setup by the krb5_init_creds_context.

+

Parameters:
+ + + +
context A Kerberos 5 context.
ctx The krb5_init_creds_context to process.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context  context,
krb5_init_creds_context  ctx,
KRB_ERROR *  error 
)
+
+
+ +

+Get the last error from the transaction.

+

Returns:
Returns 0 or an error code
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context  context,
krb5_principal  client,
krb5_prompter_fct  prompter,
void *  prompter_data,
krb5_deltat  start_time,
krb5_get_init_creds_opt *  options,
krb5_init_creds_context *  rctx 
)
+
+
+ +

+Start a new context to get a new initial credential.

+

Parameters:
+ + + + + + + + +
context A Kerberos 5 context.
client The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal().
prompter 
prompter_data 
start_time the time the ticket should start to be valid or 0 for now.
options a options structure, can be NULL for default options.
rctx A new allocated free with krb5_init_creds_free().
+
+
Returns:
0 for success or an Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context  context,
krb5_init_creds_context  ctx,
krb5_keytab  keytab 
)
+
+
+ +

+Set the keytab to use for authentication.

+

Parameters:
+ + + + +
context a Kerberos 5 context.
ctx ctx krb5_init_creds_context context.
keytab the keytab to read the key from.
+
+
Returns:
0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context  context,
krb5_init_creds_context  ctx,
const char *  password 
)
+
+
+ +

+Sets the password that will use for the request.

+

Parameters:
+ + + + +
context a Kerberos 5 context.
ctx ctx krb5_init_creds_context context.
password the password to use.
+
+
Returns:
0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context  context,
krb5_init_creds_context  ctx,
const char *  service 
)
+
+
+ +

+Sets the service that the is requested. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm.

+

Parameters:
+ + + + +
context a Kerberos 5 context.
ctx a krb5_init_creds_context context.
service the service given as a string, for example "kadmind/admin". If NULL, the default krbtgt in the clients realm is set.
+
+
Returns:
0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context  context,
krb5_init_creds_context  ctx,
krb5_data *  in,
krb5_data *  out,
krb5_krbhst_info *  hostinfo,
unsigned int *  flags 
)
+
+
+ +

+The core loop if krb5_get_init_creds() function family. Create the packets and have the caller send them off to the KDC.

+If the caller want all work been done for them, use krb5_init_creds_get() instead.

+

Parameters:
+ + + + + + + +
context a Kerberos 5 context.
ctx ctx krb5_init_creds_context context.
in input data from KDC, first round it should be reset by krb5_data_zer().
out reply to KDC.
hostinfo KDC address info, first round it can be NULL.
flags status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round.
+
+
Returns:
0 for success, or an Kerberos 5 error code, see krb5_get_error_message().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__crypto.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__crypto.html new file mode 100644 index 00000000000..d3e6dc3c8ca --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__crypto.html @@ -0,0 +1,1262 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 cryptography functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 cryptography functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_enctype_valid (krb5_context context, krb5_enctype etype)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, krb5_crypto_iov *data, int num_data, void *ivec)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, krb5_crypto_iov *data, unsigned int num_data, void *ivec)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, krb5_crypto_iov *data, unsigned int num_data, krb5_cksumtype *type)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, krb5_crypto_iov *data, unsigned int num_data, krb5_cksumtype *type)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_init (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t *blocksize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype *enctype)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t *padsize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t *confoundersize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_enctype_disable (krb5_context context, krb5_enctype enctype)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_enctype_enable (krb5_context context, krb5_enctype enctype)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_random_to_key (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data *pepper1, krb5_data *pepper2, krb5_enctype enctype, krb5_keyblock *res)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_keyblock **subkey)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_keyblock_zero (krb5_keyblock *keyblock)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_keyblock_contents (krb5_context context, krb5_keyblock *keyblock)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_keyblock (krb5_context context, krb5_keyblock *keyblock)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_keyblock (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to)
KRB5_LIB_FUNCTION krb5_enctype
+KRB5_LIB_CALL 		krb5_keyblock_get_enctype (const krb5_keyblock *block)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_keyblock_init (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context  context,
krb5_boolean  enable 
)
+
+
+ +

+Enable or disable all weak encryption types

+

Parameters:
+ + + +
context Kerberos 5 context
enable true to enable, false to disable
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context  context,
krb5_cksumtype  ctype,
krb5_enctype *  etype 
)
+
+
+ +

+Return the coresponding encryption type for a checksum type.

+

Parameters:
+ + + + +
context Kerberos context
ctype The checksum type to get the result enctype for
etype The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL.
+
+
Returns:
Return an error code for an failure or 0 on success.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context  context,
const krb5_keyblock *  inblock,
krb5_keyblock **  to 
)
+
+
+ +

+Copy a keyblock, free the output keyblock with krb5_free_keyblock().

+

Parameters:
+ + + + +
context a Kerberos 5 context
inblock the key to copy
to the output key.
+
+
Returns:
0 on success or a Kerberos 5 error code
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context  context,
const krb5_keyblock *  inblock,
krb5_keyblock *  to 
)
+
+
+ +

+Copy a keyblock, free the output keyblock with krb5_free_keyblock_contents().

+

Parameters:
+ + + + +
context a Kerberos 5 context
inblock the key to copy
to the output key.
+
+
Returns:
0 on success or a Kerberos 5 error code
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context  context,
krb5_crypto  crypto,
unsigned  usage,
krb5_crypto_iov data,
unsigned int  num_data,
krb5_cksumtype *  type 
)
+
+
+ +

+Create a Kerberos message checksum.

+

Parameters:
+ + + + + + + +
context Kerberos context
crypto Kerberos crypto context
usage Key usage for this buffer
data array of buffers to process
num_data length of array
type output data
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context  context,
krb5_crypto  crypto 
)
+
+
+ +

+Free a crypto context created by krb5_crypto_init().

+

Parameters:
+ + + +
context Kerberos context
crypto crypto context to free
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context  context,
const krb5_crypto  crypto1,
const krb5_crypto  crypto2,
krb5_data *  pepper1,
krb5_data *  pepper2,
krb5_enctype  enctype,
krb5_keyblock *  res 
)
+
+
+ +

+The FX-CF2 key derivation function, used in FAST and preauth framework.

+

Parameters:
+ + + + + + + + +
context Kerberos 5 context
crypto1 first key to combine
crypto2 second key to combine
pepper1 factor to combine with first key to garante uniqueness
pepper2 factor to combine with second key to garante uniqueness
enctype the encryption type of the resulting key
res allocated key, free with krb5_free_keyblock_contents()
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context  context,
krb5_crypto  crypto,
size_t *  blocksize 
)
+
+
+ +

+Return the blocksize used algorithm referenced by the crypto context

+

Parameters:
+ + + + +
context Kerberos context
crypto crypto context to query
blocksize the resulting blocksize
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context  context,
krb5_crypto  crypto,
size_t *  confoundersize 
)
+
+
+ +

+Return the confounder size used by the crypto context

+

Parameters:
+ + + + +
context Kerberos context
crypto crypto context to query
confoundersize the returned confounder size
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context  context,
krb5_crypto  crypto,
krb5_enctype *  enctype 
)
+
+
+ +

+Return the encryption type used by the crypto context

+

Parameters:
+ + + + +
context Kerberos context
crypto crypto context to query
enctype the resulting encryption type
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context  context,
krb5_crypto  crypto,
size_t *  padsize 
)
+
+
+ +

+Return the padding size used by the crypto context

+

Parameters:
+ + + + +
context Kerberos context
crypto crypto context to query
padsize the return padding size
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context  context,
const krb5_keyblock *  key,
krb5_enctype  etype,
krb5_crypto *  crypto 
)
+
+
+ +

+Create a crypto context used for all encryption and signature operation. The encryption type to use is taken from the key, but can be overridden with the enctype parameter. This can be useful for encryptions types which is compatiable (DES for example).

+To free the crypto context, use krb5_crypto_destroy().

+

Parameters:
+ + + + + +
context Kerberos context
key the key block information with all key data
etype the encryption type
crypto the resulting crypto context
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context  context,
krb5_crypto  crypto,
unsigned  usage,
krb5_crypto_iov data,
unsigned int  num_data,
void *  ivec 
)
+
+
+ +

+Inline decrypt a Kerberos message.

+

Parameters:
+ + + + + + + +
context Kerberos context
crypto Kerberos crypto context
usage Key usage for this buffer
data array of buffers to process
num_data length of array
ivec initial cbc/cts vector
+
+
Returns:
Return an error code or 0.
+1. KRB5_CRYPTO_TYPE_HEADER 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers. The output data will be of same size as the input data or shorter. +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context  context,
krb5_crypto  crypto,
unsigned  usage,
krb5_crypto_iov data,
int  num_data,
void *  ivec 
)
+
+
+ +

+Inline encrypt a kerberos message

+

Parameters:
+ + + + + + + +
context Kerberos context
crypto Kerberos crypto context
usage Key usage for this buffer
data array of buffers to process
num_data length of array
ivec initial cbc/cts vector
+
+
Returns:
Return an error code or 0.
+Kerberos encrypted data look like this:

+1. KRB5_CRYPTO_TYPE_HEADER 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers. 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 4. KRB5_CRYPTO_TYPE_TRAILER +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context  context,
krb5_enctype  enctype 
)
+
+
+ +

+Disable encryption type

+

Parameters:
+ + + +
context Kerberos 5 context
enctype encryption type to disable
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context  context,
krb5_enctype  enctype 
)
+
+
+ +

+Enable encryption type

+

Parameters:
+ + + +
context Kerberos 5 context
enctype encryption type to enable
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context  context,
krb5_enctype  etype 
)
+
+
+ +

+Check if a enctype is valid, return 0 if it is.

+

Parameters:
+ + + +
context Kerberos context
etype enctype to check if its valid or not
+
+
Returns:
Return an error code for an failure or 0 on success (enctype valid).
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context  context,
krb5_keyblock *  keyblock 
)
+
+
+ +

+Free a keyblock, also zero out the content of the keyblock, uses krb5_free_keyblock_contents() to free the content.

+

Parameters:
+ + + +
context a Kerberos 5 context
keyblock keyblock to free, NULL is valid argument
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context  context,
krb5_keyblock *  keyblock 
)
+
+
+ +

+Free a keyblock's content, also zero out the content of the keyblock.

+

Parameters:
+ + + +
context a Kerberos 5 context
keyblock keyblock content to free, NULL is valid argument
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context  context,
const krb5_keyblock *  key,
krb5_enctype  etype,
krb5_keyblock **  subkey 
)
+
+
+ +

+Generate subkey, from keyblock

+

Parameters:
+ + + + + +
context kerberos context
key session key
etype encryption type of subkey, if ETYPE_NULL, use key's enctype
subkey returned new, free with krb5_free_keyblock().
+
+
Returns:
0 on success or a Kerberos 5 error code
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock *  block  ) 
+
+
+ +

+Get encryption type of a keyblock. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context  context,
krb5_enctype  type,
const void *  data,
size_t  size,
krb5_keyblock *  key 
)
+
+
+ +

+Fill in `key' with key data of type `enctype' from `data' of length `size'. Key should be freed using krb5_free_keyblock_contents().

+

Returns:
0 on success or a Kerberos 5 error code
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock *  keyblock  ) 
+
+
+ +

+Zero out a keyblock

+

Parameters:
+ + +
keyblock keyblock to zero out
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context  context,
krb5_enctype  type,
const void *  data,
size_t  size,
krb5_keyblock *  key 
)
+
+
+ +

+Converts the random bytestring to a protocol key according to Kerberos crypto frame work. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited.

+

Parameters:
+ + + + + + +
context Kerberos 5 context
type the enctype resulting key will be of
data input random data to convert to a key
size size of input random data, at least krb5_enctype_keysize() long
key key, output key, free with krb5_free_keyblock_contents()
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context  context,
krb5_crypto  crypto,
unsigned  usage,
krb5_crypto_iov data,
unsigned int  num_data,
krb5_cksumtype *  type 
)
+
+
+ +

+Verify a Kerberos message checksum.

+

Parameters:
+ + + + + + + +
context Kerberos context
crypto Kerberos crypto context
usage Key usage for this buffer
data array of buffers to process
num_data length of array
type return checksum type if not NULL
+
+
Returns:
Return an error code or 0.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__deprecated.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__deprecated.html new file mode 100644 index 00000000000..cdcec342485 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__deprecated.html @@ -0,0 +1,1289 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 deprecated functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 deprecated functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_change_password (krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_config_parse_string_multi (krb5_context context, const char *string, krb5_config_section **res) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_enctypes_compatible_keys (krb5_context context, krb5_enctype etype1, krb5_enctype etype2) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_data_contents (krb5_context context, krb5_data *data) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_keytype_to_string (krb5_context context, krb5_keytype keytype, char **string) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_string_to_keytype (krb5_context context, const char *string, krb5_keytype *keytype) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_CALLCONV 		krb5_password_key_proc (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_in_tkt_with_password (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, const char *password, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_in_tkt_with_skey (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, const krb5_keyblock *key, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_CALLCONV 		krb5_keytab_key_proc (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_in_tkt_with_keytab (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION krb5_realm
+*KRB5_LIB_CALL 		krb5_princ_realm (krb5_context context, krb5_principal principal) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_princ_set_realm (krb5_context context, krb5_principal principal, krb5_realm *realm) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_creds_contents (krb5_context context, krb5_creds *c) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_error_string (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_set_error_string (krb5_context context, const char *fmt,...) __attribute__((format(printf
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_vset_error_string (krb5_context context, const char *fmt, va_list args) __attribute__((format(printf
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_clear_error_string (krb5_context context) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_cred_from_kdc_opt (krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts, krb5_flags flags) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_cred_from_kdc (krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_unparsed_name (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_generate_subkey (krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_auth_getremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_get_init_creds_opt_init (krb5_get_init_creds_opt *opt) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_get_init_creds_opt_get_error (krb5_context context, krb5_get_init_creds_opt *opt, KRB_ERROR **error) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar) KRB5_DEPRECATED_FUNCTION("Use X instead")
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_getremoteseqnumber (krb5_context  context,
krb5_auth_context  auth_context,
int32_t *  seqnumber 
)
+
+
+ +

+Deprecated: use krb5_auth_con_getremoteseqnumber() +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare (krb5_context  context,
krb5_enctype  e1,
krb5_enctype  e2,
krb5_boolean *  similar 
)
+
+
+ +

+Deprecated: keytypes doesn't exists, they are really enctypes. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context  context,
krb5_creds *  creds,
const char *  newpw,
int *  result_code,
krb5_data *  result_code_string,
krb5_data *  result_string 
)
+
+
+ +

+Deprecated: krb5_change_password() is deprecated, use krb5_set_password().

+

Parameters:
+ + + + + + + +
context a Keberos context
creds 
newpw 
result_code 
result_code_string 
result_string 
+
+
Returns:
On sucess password is changed.
+@ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_string (krb5_context  context  ) 
+
+
+ +

+Clear the error message returned by krb5_get_error_string().

+Deprecated: use krb5_clear_error_message()

+

Parameters:
+ + +
context Kerberos context
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi (krb5_context  context,
const char *  string,
krb5_config_section **  res 
)
+
+
+ +

+Deprecated: configuration files are not strings +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys (krb5_context  context,
krb5_enctype  etype1,
krb5_enctype  etype2 
)
+
+
+ +

+Deprecated: keytypes doesn't exists, they are really enctypes. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds_contents (krb5_context  context,
krb5_creds *  c 
)
+
+
+ +

+Deprecated: use krb5_free_cred_contents() +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents (krb5_context  context,
krb5_data *  data 
)
+
+
+ +

+Same as krb5_data_free(). MIT compat.

+Deprecated: use krb5_data_free().

+

Parameters:
+ + + +
context Kerberos 5 context.
data krb5_data to free.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string (krb5_context  context,
char *  str 
)
+
+
+ +

+Free the error message returned by krb5_get_error_string().

+Deprecated: use krb5_free_error_message()

+

Parameters:
+ + + +
context Kerberos context
str error message to free
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_unparsed_name (krb5_context  context,
char *  str 
)
+
+
+ +

+Deprecated: use krb5_xfree(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey (krb5_context  context,
const krb5_keyblock *  key,
krb5_keyblock **  subkey 
)
+
+
+ +

+Deprecated: use krb5_generate_subkey_extended() +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc (krb5_context  context,
krb5_ccache  ccache,
krb5_creds *  in_creds,
krb5_creds **  out_creds,
krb5_creds ***  ret_tgts 
)
+
+
+ +

+Deprecated: use krb5_get_credentials_with_flags(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt (krb5_context  context,
krb5_ccache  ccache,
krb5_creds *  in_creds,
krb5_creds **  out_creds,
krb5_creds ***  ret_tgts,
krb5_flags  flags 
)
+
+
+ +

+Deprecated: use krb5_get_credentials_with_flags(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab (krb5_context  context,
krb5_flags  options,
krb5_addresses *  addrs,
const krb5_enctype *  etypes,
const krb5_preauthtype *  pre_auth_types,
krb5_keytab  keytab,
krb5_ccache  ccache,
krb5_creds *  creds,
krb5_kdc_rep *  ret_as_reply 
)
+
+
+ +

+Deprecated: use krb5_get_init_creds() and friends. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password (krb5_context  context,
krb5_flags  options,
krb5_addresses *  addrs,
const krb5_enctype *  etypes,
const krb5_preauthtype *  pre_auth_types,
const char *  password,
krb5_ccache  ccache,
krb5_creds *  creds,
krb5_kdc_rep *  ret_as_reply 
)
+
+
+ +

+Deprecated: use krb5_get_init_creds() and friends. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey (krb5_context  context,
krb5_flags  options,
krb5_addresses *  addrs,
const krb5_enctype *  etypes,
const krb5_preauthtype *  pre_auth_types,
const krb5_keyblock *  key,
krb5_ccache  ccache,
krb5_creds *  creds,
krb5_kdc_rep *  ret_as_reply 
)
+
+
+ +

+Deprecated: use krb5_get_init_creds() and friends. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error (krb5_context  context,
krb5_get_init_creds_opt *  opt,
KRB_ERROR **  error 
)
+
+
+ +

+Deprecated: use the new krb5_init_creds_init() and krb5_init_creds_get_error(). +

+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init (krb5_get_init_creds_opt *  opt  ) 
+
+
+ +

+Deprecated: use krb5_get_init_creds_opt_alloc().

+The reason krb5_get_init_creds_opt_init() is deprecated is that krb5_get_init_creds_opt is a static structure and for ABI reason it can't grow, ie can't add new functionality. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_keytab_key_proc (krb5_context  context,
krb5_enctype  enctype,
krb5_salt  salt,
krb5_const_pointer  keyseed,
krb5_keyblock **  key 
)
+
+
+ +

+Deprecated: use krb5_get_init_creds() and friends. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context  context,
krb5_keytype  keytype,
unsigned *  len,
krb5_enctype **  val 
)
+
+
+ +

+Deprecated: keytypes doesn't exists, they are really enctypes. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default (krb5_context  context,
krb5_keytype  keytype,
unsigned *  len,
krb5_enctype **  val 
)
+
+
+ +

+Deprecated: keytypes doesn't exists, they are really enctypes. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string (krb5_context  context,
krb5_keytype  keytype,
char **  string 
)
+
+
+ +

+Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_enctype_to_string(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc (krb5_context  context,
krb5_enctype  type,
krb5_salt  salt,
krb5_const_pointer  keyseed,
krb5_keyblock **  key 
)
+
+
+ +

+Deprecated: use krb5_get_init_creds() and friends. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_realm* KRB5_LIB_CALL krb5_princ_realm (krb5_context  context,
krb5_principal  principal 
)
+
+
+ +

+Deprecated: use krb5_principal_get_realm() +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm (krb5_context  context,
krb5_principal  principal,
krb5_realm *  realm 
)
+
+
+ +

+Deprecated: use krb5_principal_set_realm() +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string (krb5_context  context,
const char *  fmt,
  ... 
)
+
+
+ +

+Set the error message returned by krb5_get_error_string().

+Deprecated: use krb5_get_error_message()

+

Parameters:
+ + + +
context Kerberos context
fmt error message to free
+
+
Returns:
Return an error code or 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype (krb5_context  context,
const char *  string,
krb5_keytype *  keytype 
)
+
+
+ +

+Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_string_to_enctype(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string (krb5_context  context,
const char *  fmt,
va_list  args 
)
+
+
+ +

+Set the error message returned by krb5_get_error_string(), deprecated, use krb5_set_error_message().

+Deprecated: use krb5_vset_error_message()

+

Parameters:
+ + + +
context Kerberos context
msg error message to free
+
+
Returns:
Return an error code or 0.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__digest.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__digest.html new file mode 100644 index 00000000000..d977e5dffb8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__digest.html @@ -0,0 +1,87 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 digest service + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 digest service

+ + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_digest_probe (krb5_context context, krb5_realm realm, krb5_ccache ccache, unsigned *flags)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe (krb5_context  context,
krb5_realm  realm,
krb5_ccache  ccache,
unsigned *  flags 
)
+
+
+ +

+Get the supported/allowed mechanism for this principal.

+

Parameters:
+ + + + + +
context A Keberos context.
realm The realm of the KDC.
ccache The credential cache to use when talking to the KDC.
flags The supported mechanism.
+
+
Returns:
Return an error code or 0.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__error.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__error.html new file mode 100644 index 00000000000..3c192e5ebf3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__error.html @@ -0,0 +1,239 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 error reporting functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 error reporting functions

+ + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_eai_to_heim_errno (int eai_errno, int system_error)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_h_errno_to_heim_errno (int eai_errno)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_clear_error_message (krb5_context context)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_set_error_message (krb5_context context, krb5_error_code ret, const char *fmt,...) __attribute__((format(printf
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_vwarn (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((format(printf
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message (krb5_context  context  ) 
+
+
+ +

+Clears the error message from the Kerberos 5 context.

+

Parameters:
+ + +
context The Kerberos 5 context to clear
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno (int  eai_errno,
int  system_error 
)
+
+
+ +

+Convert the getaddrinfo() error code to a Kerberos et error code.

+

Parameters:
+ + + +
eai_errno contains the error code from getaddrinfo().
system_error should have the value of errno after the failed getaddrinfo().
+
+
Returns:
Kerberos error code representing the EAI errors.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int  eai_errno  ) 
+
+
+ +

+Convert the gethostname() error code (h_error) to a Kerberos et error code.

+

Parameters:
+ + +
eai_errno contains the error code from gethostname().
+
+
Returns:
Kerberos error code representing the gethostname errors.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message (krb5_context  context,
krb5_error_code  ret,
const char *  fmt,
  ... 
)
+
+
+ +

+Set the context full error string for a specific error code. The error that is stored should be internationalized.

+The if context is NULL, no error string is stored.

+

Parameters:
+ + + + + +
context Kerberos 5 context
ret The error code
fmt Error string for the error code
... printf(3) style parameters.
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn (krb5_context  context,
krb5_error_code  code,
const char *  fmt,
va_list  ap 
)
+
+
+ +

+Log a warning to the log, default stderr, include the error from the last failure.

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
code error code of the last error
fmt message to print
ap arguments
+
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__keytab.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__keytab.html new file mode 100644 index 00000000000..9447c29fd14 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__keytab.html @@ -0,0 +1,1055 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 keytab handling functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 keytab handling functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_register (krb5_context context, const krb5_kt_ops *ops)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_default_name (krb5_context context, char *name, size_t namesize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_default_modify_name (krb5_context context, char *name, size_t namesize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_default (krb5_context context, krb5_keytab *id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_read_service_key (krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock **key)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_get_type (krb5_context context, krb5_keytab keytab, char *prefix, size_t prefixsize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_get_name (krb5_context context, krb5_keytab keytab, char *name, size_t namesize)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_get_full_name (krb5_context context, krb5_keytab keytab, char **str)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_close (krb5_context context, krb5_keytab id)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_destroy (krb5_context context, krb5_keytab id)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_kt_compare (krb5_context context, krb5_keytab_entry *entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_get_entry (krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_copy_entry_contents (krb5_context context, const krb5_keytab_entry *in, krb5_keytab_entry *out)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *entry)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_start_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_next_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_end_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_kt_have_content (krb5_context context, krb5_keytab id)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry (krb5_context  context,
krb5_keytab  id,
krb5_keytab_entry *  entry 
)
+
+
+ +

+Add the entry in `entry' to the keytab `id'.

+

Parameters:
+ + + + +
context a Keberos context.
id a keytab.
entry the entry to add
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close (krb5_context  context,
krb5_keytab  id 
)
+
+
+ +

+Finish using the keytab in `id'. All resources will be released, even on errors.

+

Parameters:
+ + + +
context a Keberos context.
id keytab to close.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare (krb5_context  context,
krb5_keytab_entry *  entry,
krb5_const_principal  principal,
krb5_kvno  vno,
krb5_enctype  enctype 
)
+
+
+ +

+Compare `entry' against `principal, vno, enctype'. Any of `principal, vno, enctype' might be 0 which acts as a wildcard. Return TRUE if they compare the same, FALSE otherwise.

+

Parameters:
+ + + + + + +
context a Keberos context.
entry an entry to match with.
principal principal to match, NULL matches all principals.
vno key version to match, 0 matches all key version numbers.
enctype encryption type to match, 0 matches all encryption types.
+
+
Returns:
Return TRUE or match, FALSE if not matched.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents (krb5_context  context,
const krb5_keytab_entry *  in,
krb5_keytab_entry *  out 
)
+
+
+ +

+Copy the contents of `in' into `out'.

+

Parameters:
+ + + + +
context a Keberos context.
in the keytab entry to copy.
out the copy of the keytab entry, free with krb5_kt_free_entry().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default (krb5_context  context,
krb5_keytab *  id 
)
+
+
+ +

+Set `id' to the default keytab.

+

Parameters:
+ + + +
context a Keberos context.
id the new default keytab.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name (krb5_context  context,
char *  name,
size_t  namesize 
)
+
+
+ +

+Copy the name of the default modify keytab into `name'.

+

Parameters:
+ + + + +
context a Keberos context.
name buffer where the name will be written
namesize length of name
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name (krb5_context  context,
char *  name,
size_t  namesize 
)
+
+
+ +

+copy the name of the default keytab into `name'.

+

Parameters:
+ + + + +
context a Keberos context.
name buffer where the name will be written
namesize length of name
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy (krb5_context  context,
krb5_keytab  id 
)
+
+
+ +

+Destroy (remove) the keytab in `id'. All resources will be released, even on errors, does the equvalment of krb5_kt_close() on the resources.

+

Parameters:
+ + + +
context a Keberos context.
id keytab to destroy.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get (krb5_context  context,
krb5_keytab  id,
krb5_kt_cursor *  cursor 
)
+
+
+ +

+Release all resources associated with `cursor'.

+

Parameters:
+ + + + +
context a Keberos context.
id a keytab.
cursor the cursor to free.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry (krb5_context  context,
krb5_keytab_entry *  entry 
)
+
+
+ +

+Free the contents of `entry'.

+

Parameters:
+ + + +
context a Keberos context.
entry the entry to free
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry (krb5_context  context,
krb5_keytab  id,
krb5_const_principal  principal,
krb5_kvno  kvno,
krb5_enctype  enctype,
krb5_keytab_entry *  entry 
)
+
+
+ +

+Retrieve the keytab entry for `principal, kvno, enctype' into `entry' from the keytab `id'. Matching is done like krb5_kt_compare().

+

Parameters:
+ + + + + + + +
context a Keberos context.
id a keytab.
principal principal to match, NULL matches all principals.
kvno key version to match, 0 matches all key version numbers.
enctype encryption type to match, 0 matches all encryption types.
entry the returned entry, free with krb5_kt_free_entry().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name (krb5_context  context,
krb5_keytab  keytab,
char **  str 
)
+
+
+ +

+Retrieve the full name of the keytab `keytab' and store the name in `str'.

+

Parameters:
+ + + + +
context a Keberos context.
keytab keytab to get name for.
str the name of the keytab name, usee krb5_xfree() to free the string. On error, *str is set to NULL.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name (krb5_context  context,
krb5_keytab  keytab,
char *  name,
size_t  namesize 
)
+
+
+ +

+Retrieve the name of the keytab `keytab' into `name', `namesize'

+

Parameters:
+ + + + + +
context a Keberos context.
keytab the keytab to get the name for.
name name buffer.
namesize size of name buffer.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type (krb5_context  context,
krb5_keytab  keytab,
char *  prefix,
size_t  prefixsize 
)
+
+
+ +

+Return the type of the `keytab' in the string `prefix of length `prefixsize'.

+

Parameters:
+ + + + + +
context a Keberos context.
keytab the keytab to get the prefix for
prefix prefix buffer
prefixsize length of prefix buffer
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_have_content (krb5_context  context,
krb5_keytab  id 
)
+
+
+ +

+Return true if the keytab exists and have entries

+

Parameters:
+ + + +
context a Keberos context.
id a keytab.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry (krb5_context  context,
krb5_keytab  id,
krb5_keytab_entry *  entry,
krb5_kt_cursor *  cursor 
)
+
+
+ +

+Get the next entry from keytab, advance the cursor. On last entry the function will return KRB5_KT_END.

+

Parameters:
+ + + + + +
context a Keberos context.
id a keytab.
entry the returned entry, free with krb5_kt_free_entry().
cursor the cursor of the iteration.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key (krb5_context  context,
krb5_pointer  keyprocarg,
krb5_principal  principal,
krb5_kvno  vno,
krb5_enctype  enctype,
krb5_keyblock **  key 
)
+
+
+ +

+Read the key identified by `(principal, vno, enctype)' from the keytab in `keyprocarg' (the default if == NULL) into `*key'.

+

Parameters:
+ + + + + + + +
context a Keberos context.
keyprocarg 
principal 
vno 
enctype 
key 
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register (krb5_context  context,
const krb5_kt_ops *  ops 
)
+
+
+ +

+Register a new keytab backend.

+

Parameters:
+ + + +
context a Keberos context.
ops a backend to register.
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry (krb5_context  context,
krb5_keytab  id,
krb5_keytab_entry *  entry 
)
+
+
+ +

+Remove an entry from the keytab, matching is done using krb5_kt_compare().

+

Parameters:
+ + + + +
context a Keberos context.
id a keytab.
entry the entry to remove
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve (krb5_context  context,
const char *  name,
krb5_keytab *  id 
)
+
+
+ +

+Resolve the keytab name (of the form `type:residual') in `name' into a keytab in `id'.

+

Parameters:
+ + + + +
context a Keberos context.
name name to resolve
id resulting keytab, free with krb5_kt_close().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get (krb5_context  context,
krb5_keytab  id,
krb5_kt_cursor *  cursor 
)
+
+
+ +

+Set `cursor' to point at the beginning of `id'.

+

Parameters:
+ + + + +
context a Keberos context.
id a keytab.
cursor a newly allocated cursor, free with krb5_kt_end_seq_get().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__pac.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__pac.html new file mode 100644 index 00000000000..45dddb6cf76 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__pac.html @@ -0,0 +1,155 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 PAC handling functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 PAC handling functions

+ + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_pac_get_buffer (krb5_context context, krb5_pac p, uint32_t type, krb5_data *data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_pac_verify (krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer (krb5_context  context,
krb5_pac  p,
uint32_t  type,
krb5_data *  data 
)
+
+
+ +

+Get the PAC buffer of specific type from the pac.

+

Parameters:
+ + + + + +
context Kerberos 5 context.
p the pac structure returned by krb5_pac_parse().
type type of buffer to get
data return data, free with krb5_data_free().
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify (krb5_context  context,
const krb5_pac  pac,
time_t  authtime,
krb5_const_principal  principal,
const krb5_keyblock *  server,
const krb5_keyblock *  privsvr 
)
+
+
+ +

+Verify the PAC.

+

Parameters:
+ + + + + + + +
context Kerberos 5 context.
pac the pac structure returned by krb5_pac_parse().
authtime The time of the ticket the PAC belongs to.
principal the principal to verify.
server The service key, most always be given.
privsvr The KDC key, may be given.
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__principal.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__principal.html new file mode 100644 index 00000000000..678478a12e3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__principal.html @@ -0,0 +1,1180 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 principal functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 principal functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_free_principal (krb5_context context, krb5_principal p)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_principal_set_type (krb5_context context, krb5_principal principal, int type)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type (krb5_context context, krb5_const_principal principal)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_principal_get_realm (krb5_context context, krb5_const_principal principal)
KRB5_LIB_FUNCTION unsigned int
+KRB5_LIB_CALL 		krb5_principal_get_num_comp (krb5_context context, krb5_const_principal principal)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_parse_name_flags (krb5_context context, const char *name, int flags, krb5_principal *principal)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_parse_name (krb5_context context, const char *name, krb5_principal *principal)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_unparse_name_fixed (krb5_context context, krb5_const_principal principal, char *name, size_t len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_unparse_name_fixed_short (krb5_context context, krb5_const_principal principal, char *name, size_t len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_unparse_name_fixed_flags (krb5_context context, krb5_const_principal principal, int flags, char *name, size_t len)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_unparse_name (krb5_context context, krb5_const_principal principal, char **name)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_unparse_name_flags (krb5_context context, krb5_const_principal principal, int flags, char **name)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_unparse_name_short (krb5_context context, krb5_const_principal principal, char **name)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_principal_set_realm (krb5_context context, krb5_principal principal, krb5_const_realm realm)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_build_principal (krb5_context context, krb5_principal *principal, int rlen, krb5_const_realm realm,...)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_make_principal (krb5_context context, krb5_principal *principal, krb5_const_realm realm,...)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_copy_principal (krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_principal_compare_any_realm (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_principal_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_realm_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_principal_match (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_sname_to_principal (krb5_context context, const char *hostname, const char *sname, int32_t type, krb5_principal *ret_princ)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_parse_nametype (krb5_context context, const char *str, int32_t *nametype)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_principal_is_krbtgt (krb5_context context, krb5_const_principal p)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal (krb5_context  context,
krb5_principal *  principal,
int  rlen,
krb5_const_realm  realm,
  ... 
)
+
+
+ +

+Build a principal using vararg style building

+

Parameters:
+ + + + + + +
context A Kerberos context.
principal returned principal
rlen length of realm
realm realm name
... a list of components ended with NULL.
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal (krb5_context  context,
krb5_const_principal  inprinc,
krb5_principal *  outprinc 
)
+
+
+ +

+Copy a principal

+

Parameters:
+ + + + +
context A Kerberos context.
inprinc principal to copy
outprinc copied principal, free with krb5_free_principal()
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal (krb5_context  context,
krb5_principal  p 
)
+
+
+ +

+Frees a Kerberos principal allocated by the library with krb5_parse_name(), krb5_make_principal() or any other related principal functions.

+

Parameters:
+ + + +
context A Kerberos context.
p a principal to free.
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal (krb5_context  context,
krb5_principal *  principal,
krb5_const_realm  realm,
  ... 
)
+
+
+ +

+Build a principal using vararg style building

+

Parameters:
+ + + + + +
context A Kerberos context.
principal returned principal
realm realm name
... a list of components ended with NULL.
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name (krb5_context  context,
const char *  name,
krb5_principal *  principal 
)
+
+
+ +

+Parse a name into a krb5_principal structure

+

Parameters:
+ + + + +
context Kerberos 5 context
name name to parse into a Kerberos principal
principal returned principal, free with krb5_free_principal().
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags (krb5_context  context,
const char *  name,
int  flags,
krb5_principal *  principal 
)
+
+
+ +

+Parse a name into a krb5_principal structure, flags controls the behavior.

+

Parameters:
+ + + + + +
context Kerberos 5 context
name name to parse into a Kerberos principal
flags flags to control the behavior
principal returned principal, free with krb5_free_principal().
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype (krb5_context  context,
const char *  str,
int32_t *  nametype 
)
+
+
+ +

+Parse nametype string and return a nametype integer +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare (krb5_context  context,
krb5_const_principal  princ1,
krb5_const_principal  princ2 
)
+
+
+ +

+Compares the two principals, including realm of the principals and returns TRUE if they are the same and FALSE if not.

+

Parameters:
+ + + + +
context Kerberos 5 context
princ1 first principal to compare
princ2 second principal to compare
+
+
See also:
krb5_principal_compare_any_realm()

+krb5_realm_compare()

+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm (krb5_context  context,
krb5_const_principal  princ1,
krb5_const_principal  princ2 
)
+
+
+ +

+Return TRUE iff princ1 == princ2 (without considering the realm)

+

Parameters:
+ + + + +
context Kerberos 5 context
princ1 first principal to compare
princ2 second principal to compare
+
+
Returns:
non zero if equal, 0 if not
+
See also:
krb5_principal_compare()

+krb5_realm_compare()

+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp (krb5_context  context,
krb5_const_principal  principal 
)
+
+
+ +

+Get number of component is principal.

+

Parameters:
+ + + +
context Kerberos 5 context
principal principal to query
+
+
Returns:
number of components in string
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm (krb5_context  context,
krb5_const_principal  principal 
)
+
+
+ +

+Get the realm of the principal

+

Parameters:
+ + + +
context A Kerberos context.
principal principal to get the realm for
+
+
Returns:
realm of the principal, don't free or use after krb5_principal is freed
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type (krb5_context  context,
krb5_const_principal  principal 
)
+
+
+ +

+Get the type of the principal

+

Parameters:
+ + + +
context A Kerberos context.
principal principal to get the type for
+
+
Returns:
the type of principal
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt (krb5_context  context,
krb5_const_principal  p 
)
+
+
+ +

+Check if the cname part of the principal is a krbtgt principal +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match (krb5_context  context,
krb5_const_principal  princ,
krb5_const_principal  pattern 
)
+
+
+ +

+return TRUE iff princ matches pattern +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm (krb5_context  context,
krb5_principal  principal,
krb5_const_realm  realm 
)
+
+
+ +

+Set a new realm for a principal, and as a side-effect free the previous realm.

+

Parameters:
+ + + + +
context A Kerberos context.
principal principal set the realm for
realm the new realm to set
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type (krb5_context  context,
krb5_principal  principal,
int  type 
)
+
+
+ +

+Set the type of the principal

+

Parameters:
+ + + + +
context A Kerberos context.
principal principal to set the type for
type the new type
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare (krb5_context  context,
krb5_const_principal  princ1,
krb5_const_principal  princ2 
)
+
+
+ +

+return TRUE iff realm(princ1) == realm(princ2)

+

Parameters:
+ + + + +
context Kerberos 5 context
princ1 first principal to compare
princ2 second principal to compare
+
+
See also:
krb5_principal_compare_any_realm()

+krb5_principal_compare()

+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context  context,
const char *  hostname,
const char *  sname,
int32_t  type,
krb5_principal *  ret_princ 
)
+
+
+ +

+Create a principal for the service running on hostname. If KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or some other service), this is potentially insecure.

+

Parameters:
+ + + + + + +
context A Kerberos context.
hostname hostname to use
sname Service name to use
type name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN.
ret_princ return principal, free with krb5_free_principal().
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name (krb5_context  context,
krb5_const_principal  principal,
char **  name 
)
+
+
+ +

+Unparse the Kerberos name into a string

+

Parameters:
+ + + + +
context Kerberos 5 context
principal principal to query
name resulting string, free with krb5_xfree()
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed (krb5_context  context,
krb5_const_principal  principal,
char *  name,
size_t  len 
)
+
+
+ +

+Unparse the principal name to a fixed buffer

+

Parameters:
+ + + + + +
context A Kerberos context.
principal principal to unparse
name buffer to write name to
len length of buffer
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags (krb5_context  context,
krb5_const_principal  principal,
int  flags,
char *  name,
size_t  len 
)
+
+
+ +

+Unparse the principal name with unparse flags to a fixed buffer.

+

Parameters:
+ + + + + + +
context A Kerberos context.
principal principal to unparse
flags unparse flags
name buffer to write name to
len length of buffer
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short (krb5_context  context,
krb5_const_principal  principal,
char *  name,
size_t  len 
)
+
+
+ +

+Unparse the principal name to a fixed buffer. The realm is skipped if its a default realm.

+

Parameters:
+ + + + + +
context A Kerberos context.
principal principal to unparse
name buffer to write name to
len length of buffer
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags (krb5_context  context,
krb5_const_principal  principal,
int  flags,
char **  name 
)
+
+
+ +

+Unparse the Kerberos name into a string

+

Parameters:
+ + + + + +
context Kerberos 5 context
principal principal to query
flags flag to determine the behavior
name resulting string, free with krb5_xfree()
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short (krb5_context  context,
krb5_const_principal  principal,
char **  name 
)
+
+
+ +

+Unparse the principal name to a allocated buffer. The realm is skipped if its a default realm.

+

Parameters:
+ + + + +
context A Kerberos context.
principal principal to unparse
name returned buffer, free with krb5_xfree()
+
+
Returns:
An krb5 error code, see krb5_get_error_message().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__storage.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__storage.html new file mode 100644 index 00000000000..71c0e02aa5b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__storage.html @@ -0,0 +1,2092 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 storage functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 storage functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_storage_set_flags (krb5_storage *sp, krb5_flags flags)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_storage_clear_flags (krb5_storage *sp, krb5_flags flags)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_storage_is_flags (krb5_storage *sp, krb5_flags flags)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_storage_set_byteorder (krb5_storage *sp, krb5_flags byteorder)
KRB5_LIB_FUNCTION krb5_flags
+KRB5_LIB_CALL 		krb5_storage_get_byteorder (krb5_storage *sp)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_storage_set_max_alloc (krb5_storage *sp, size_t size)
KRB5_LIB_FUNCTION off_t
+KRB5_LIB_CALL 		krb5_storage_seek (krb5_storage *sp, off_t offset, int whence)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate (krb5_storage *sp, off_t offset)
KRB5_LIB_FUNCTION krb5_ssize_t
+KRB5_LIB_CALL 		krb5_storage_read (krb5_storage *sp, void *buf, size_t len)
KRB5_LIB_FUNCTION krb5_ssize_t
+KRB5_LIB_CALL 		krb5_storage_write (krb5_storage *sp, const void *buf, size_t len)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_storage_set_eof_code (krb5_storage *sp, int code)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage *sp)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_storage_free (krb5_storage *sp)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_storage_to_data (krb5_storage *sp, krb5_data *data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_int32 (krb5_storage *sp, int32_t value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_uint32 (krb5_storage *sp, uint32_t value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_int32 (krb5_storage *sp, int32_t *value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_uint32 (krb5_storage *sp, uint32_t *value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_int16 (krb5_storage *sp, int16_t value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_uint16 (krb5_storage *sp, uint16_t value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_int16 (krb5_storage *sp, int16_t *value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_uint16 (krb5_storage *sp, uint16_t *value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_int8 (krb5_storage *sp, int8_t value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_uint8 (krb5_storage *sp, uint8_t value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_int8 (krb5_storage *sp, int8_t *value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_uint8 (krb5_storage *sp, uint8_t *value)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_data (krb5_storage *sp, krb5_data data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_data (krb5_storage *sp, krb5_data *data)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_string (krb5_storage *sp, const char *s)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_string (krb5_storage *sp, char **string)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_stringz (krb5_storage *sp, const char *s)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_stringz (krb5_storage *sp, char **string)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_principal (krb5_storage *sp, krb5_const_principal p)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_principal (krb5_storage *sp, krb5_principal *princ)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_keyblock (krb5_storage *sp, krb5_keyblock p)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_keyblock (krb5_storage *sp, krb5_keyblock *p)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_times (krb5_storage *sp, krb5_times times)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_times (krb5_storage *sp, krb5_times *times)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_address (krb5_storage *sp, krb5_address p)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_address (krb5_storage *sp, krb5_address *adr)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_addrs (krb5_storage *sp, krb5_addresses p)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_addrs (krb5_storage *sp, krb5_addresses *adr)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_authdata (krb5_storage *sp, krb5_authdata auth)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_authdata (krb5_storage *sp, krb5_authdata *auth)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_creds (krb5_storage *sp, krb5_creds *creds)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_creds (krb5_storage *sp, krb5_creds *creds)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_store_creds_tag (krb5_storage *sp, krb5_creds *creds)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_ret_creds_tag (krb5_storage *sp, krb5_creds *creds)
KRB5_LIB_FUNCTION krb5_storage
+*KRB5_LIB_CALL 		krb5_storage_emem (void)
KRB5_LIB_FUNCTION krb5_storage
+*KRB5_LIB_CALL 		krb5_storage_from_fd (krb5_socket_t fd_in)
KRB5_LIB_FUNCTION krb5_storage
+*KRB5_LIB_CALL 		krb5_storage_from_mem (void *buf, size_t len)
KRB5_LIB_FUNCTION krb5_storage
+*KRB5_LIB_CALL 		krb5_storage_from_data (krb5_data *data)
KRB5_LIB_FUNCTION krb5_storage
+*KRB5_LIB_CALL 		krb5_storage_from_readonly_mem (const void *buf, size_t len)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address (krb5_storage *  sp,
krb5_address *  adr 
)
+
+
+ +

+Read a address block from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
adr the address block read from storage
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs (krb5_storage *  sp,
krb5_addresses *  adr 
)
+
+
+ +

+Read a addresses block from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
adr the addresses block read from storage
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata (krb5_storage *  sp,
krb5_authdata *  auth 
)
+
+
+ +

+Read a auth data from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
auth the auth data block read from storage
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds (krb5_storage *  sp,
krb5_creds *  creds 
)
+
+
+ +

+Read a credentials block from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
creds the credentials block read from storage
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag (krb5_storage *  sp,
krb5_creds *  creds 
)
+
+
+ +

+Read a tagged credentials block from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
creds the credentials block read from storage
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data (krb5_storage *  sp,
krb5_data *  data 
)
+
+
+ +

+Parse a data from the storage.

+

Parameters:
+ + + +
sp the storage buffer to read from
data the parsed data
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16 (krb5_storage *  sp,
int16_t *  value 
)
+
+
+ +

+Read a int16 from storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value read from the buffer
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32 (krb5_storage *  sp,
int32_t *  value 
)
+
+
+ +

+Read a int32 from storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value read from the buffer
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8 (krb5_storage *  sp,
int8_t *  value 
)
+
+
+ +

+Read a int8 from storage

+

Parameters:
+ + + +
sp the storage to write too
value the value read from the buffer
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock (krb5_storage *  sp,
krb5_keyblock *  p 
)
+
+
+ +

+Read a keyblock from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
p the keyblock read from storage, free using krb5_free_keyblock()
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal (krb5_storage *  sp,
krb5_principal *  princ 
)
+
+
+ +

+Parse principal from the storage.

+

Parameters:
+ + + +
sp the storage buffer to read from
princ the parsed principal
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string (krb5_storage *  sp,
char **  string 
)
+
+
+ +

+Parse a string from the storage.

+

Parameters:
+ + + +
sp the storage buffer to read from
string the parsed string
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz (krb5_storage *  sp,
char **  string 
)
+
+
+ +

+Parse zero terminated string from the storage.

+

Parameters:
+ + + +
sp the storage buffer to read from
string the parsed string
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times (krb5_storage *  sp,
krb5_times *  times 
)
+
+
+ +

+Read a times block from the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
times the times block read from storage
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16 (krb5_storage *  sp,
uint16_t *  value 
)
+
+
+ +

+Read a int16 from storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value read from the buffer
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32 (krb5_storage *  sp,
uint32_t *  value 
)
+
+
+ +

+Read a uint32 from storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value read from the buffer
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8 (krb5_storage *  sp,
uint8_t *  value 
)
+
+
+ +

+Read a uint8 from storage

+

Parameters:
+ + + +
sp the storage to write too
value the value read from the buffer
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags (krb5_storage *  sp,
krb5_flags  flags 
)
+
+
+ +

+Clear the flags on a storage buffer

+

Parameters:
+ + + +
sp the storage buffer to clear the flags on
flags the flags to clear
+
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_emem (void   ) 
+
+
+ +

+Create a elastic (allocating) memory storage backend. Memory is allocated on demand. Free returned krb5_storage with krb5_storage_free().

+

Returns:
A krb5_storage on success, or NULL on out of memory error.
+
See also:
krb5_storage_from_mem()

+krb5_storage_from_readonly_mem()

+krb5_storage_from_fd()

+krb5_storage_from_data()

+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free (krb5_storage *  sp  ) 
+
+
+ +

+Free a krb5 storage.

+

Parameters:
+ + +
sp the storage to free.
+
+
Returns:
An Kerberos 5 error code.
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_data (krb5_data *  data  ) 
+
+
+ +

+Create a fixed size memory storage block

+

Returns:
A krb5_storage on success, or NULL on out of memory error.
+
See also:
krb5_storage_mem()

+krb5_storage_from_mem()

+krb5_storage_from_readonly_mem()

+krb5_storage_from_fd()

+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_fd (krb5_socket_t  fd_in  ) 
+
+
+ +

+

Returns:
A krb5_storage on success, or NULL on out of memory error.
+
See also:
krb5_storage_emem()

+krb5_storage_from_mem()

+krb5_storage_from_readonly_mem()

+krb5_storage_from_data()

+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_mem (void *  buf,
size_t  len 
)
+
+
+ +

+Create a fixed size memory storage block

+

Returns:
A krb5_storage on success, or NULL on out of memory error.
+
See also:
krb5_storage_mem()

+krb5_storage_from_readonly_mem()

+krb5_storage_from_data()

+krb5_storage_from_fd()

+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_readonly_mem (const void *  buf,
size_t  len 
)
+
+
+ +

+Create a fixed size memory storage block that is read only

+

Returns:
A krb5_storage on success, or NULL on out of memory error.
+
See also:
krb5_storage_mem()

+krb5_storage_from_mem()

+krb5_storage_from_data()

+krb5_storage_from_fd()

+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder (krb5_storage *  sp  ) 
+
+
+ +

+Return the current byteorder for the buffer. See krb5_storage_set_byteorder() for the list or byte order contants. +

+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage *  sp  ) 
+
+
+ +

+Get the return code that will be used when end of storage is reached.

+

Parameters:
+ + +
sp the storage
+
+
Returns:
storage error code
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags (krb5_storage *  sp,
krb5_flags  flags 
)
+
+
+ +

+Return true or false depending on if the storage flags is set or not. NB testing for the flag 0 always return true.

+

Parameters:
+ + + +
sp the storage buffer to check flags on
flags The flags to test for
+
+
Returns:
true if all the flags are set, false if not.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read (krb5_storage *  sp,
void *  buf,
size_t  len 
)
+
+
+ +

+Read to the storage buffer.

+

Parameters:
+ + + + +
sp the storage buffer to read from
buf the buffer to store the data in
len the length to read
+
+
Returns:
The length of data read (can be shorter then len), or negative on error.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek (krb5_storage *  sp,
off_t  offset,
int  whence 
)
+
+
+ +

+Seek to a new offset.

+

Parameters:
+ + + + +
sp the storage buffer to seek in.
offset the offset to seek
whence relateive searching, SEEK_CUR from the current position, SEEK_END from the end, SEEK_SET absolute from the start.
+
+
Returns:
The new current offset
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder (krb5_storage *  sp,
krb5_flags  byteorder 
)
+
+
+ +

+Set the new byte order of the storage buffer.

+

Parameters:
+ + + +
sp the storage buffer to set the byte order for.
byteorder the new byte order.
+
+The byte order are: KRB5_STORAGE_BYTEORDER_BE, KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST. +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code (krb5_storage *  sp,
int  code 
)
+
+
+ +

+Set the return code that will be used when end of storage is reached.

+

Parameters:
+ + + +
sp the storage
code the error code to return on end of storage
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags (krb5_storage *  sp,
krb5_flags  flags 
)
+
+
+ +

+Add the flags on a storage buffer by or-ing in the flags to the buffer.

+

Parameters:
+ + + +
sp the storage buffer to set the flags on
flags the flags to set
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_max_alloc (krb5_storage *  sp,
size_t  size 
)
+
+
+ +

+Set the max alloc value

+

Parameters:
+ + + +
sp the storage buffer set the max allow for
size maximum size to allocate, use 0 to remove limit
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data (krb5_storage *  sp,
krb5_data *  data 
)
+
+
+ +

+Copy the contnent of storage

+

Parameters:
+ + + +
sp the storage to copy to a data
data the copied data, free with krb5_data_free()
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate (krb5_storage *  sp,
off_t  offset 
)
+
+
+ +

+Truncate the storage buffer in sp to offset.

+

Parameters:
+ + + +
sp the storage buffer to truncate.
offset the offset to truncate too.
+
+
Returns:
An Kerberos 5 error code.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write (krb5_storage *  sp,
const void *  buf,
size_t  len 
)
+
+
+ +

+Write to the storage buffer.

+

Parameters:
+ + + + +
sp the storage buffer to write to
buf the buffer to write to the storage buffer
len the length to write
+
+
Returns:
The length of data written (can be shorter then len), or negative on error.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address (krb5_storage *  sp,
krb5_address  p 
)
+
+
+ +

+Write a address block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
p the address block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs (krb5_storage *  sp,
krb5_addresses  p 
)
+
+
+ +

+Write a addresses block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
p the addresses block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata (krb5_storage *  sp,
krb5_authdata  auth 
)
+
+
+ +

+Write a auth data block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
auth the auth data block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds (krb5_storage *  sp,
krb5_creds *  creds 
)
+
+
+ +

+Write a credentials block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
creds the creds block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag (krb5_storage *  sp,
krb5_creds *  creds 
)
+
+
+ +

+Write a tagged credentials block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
creds the creds block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data (krb5_storage *  sp,
krb5_data  data 
)
+
+
+ +

+Store a data to the storage. The data is stored with an int32 as lenght plus the data (not padded).

+

Parameters:
+ + + +
sp the storage buffer to write to
data the buffer to store.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16 (krb5_storage *  sp,
int16_t  value 
)
+
+
+ +

+Store a int16 to storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value to store
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32 (krb5_storage *  sp,
int32_t  value 
)
+
+
+ +

+Store a int32 to storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value to store
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8 (krb5_storage *  sp,
int8_t  value 
)
+
+
+ +

+Store a int8 to storage.

+

Parameters:
+ + + +
sp the storage to write too
value the value to store
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock (krb5_storage *  sp,
krb5_keyblock  p 
)
+
+
+ +

+Store a keyblock to the storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
p the keyblock to write
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal (krb5_storage *  sp,
krb5_const_principal  p 
)
+
+
+ +

+Write a principal block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
p the principal block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string (krb5_storage *  sp,
const char *  s 
)
+
+
+ +

+Store a string to the buffer. The data is formated as an len:uint32 plus the string itself (not padded).

+

Parameters:
+ + + +
sp the storage buffer to write to
s the string to store.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz (krb5_storage *  sp,
const char *  s 
)
+
+
+ +

+Store a zero terminated string to the buffer. The data is stored one character at a time until a NUL is stored.

+

Parameters:
+ + + +
sp the storage buffer to write to
s the string to store.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times (krb5_storage *  sp,
krb5_times  times 
)
+
+
+ +

+Write a times block to storage.

+

Parameters:
+ + + +
sp the storage buffer to write to
times the times block to write.
+
+
Returns:
0 on success, a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16 (krb5_storage *  sp,
uint16_t  value 
)
+
+
+ +

+Store a uint16 to storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value to store
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32 (krb5_storage *  sp,
uint32_t  value 
)
+
+
+ +

+Store a uint32 to storage, byte order is controlled by the settings on the storage, see krb5_storage_set_byteorder().

+

Parameters:
+ + + +
sp the storage to write too
value the value to store
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8 (krb5_storage *  sp,
uint8_t  value 
)
+
+
+ +

+Store a uint8 to storage.

+

Parameters:
+ + + +
sp the storage to write too
value the value to store
+
+
Returns:
0 for success, or a Kerberos 5 error code on failure.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__support.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__support.html new file mode 100644 index 00000000000..8c6545fc39b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__support.html @@ -0,0 +1,1320 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 support functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 support functions

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_acl_match_string (krb5_context context, const char *string, const char *format,...)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_acl_match_file (krb5_context context, const char *file, const char *format,...)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_config_parse_file_multi (krb5_context context, const char *fname, krb5_config_section **res)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_config_file_free (krb5_context context, krb5_config_section *s)
KRB5_LIB_FUNCTION const
+krb5_config_binding
+*KRB5_LIB_CALL 		krb5_config_get_list (krb5_context context, const krb5_config_section *c,...)
KRB5_LIB_FUNCTION const
+krb5_config_binding
+*KRB5_LIB_CALL 		krb5_config_vget_list (krb5_context context, const krb5_config_section *c, va_list args)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_config_get_string (krb5_context context, const krb5_config_section *c,...)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_config_vget_string (krb5_context context, const krb5_config_section *c, va_list args)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_config_vget_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, va_list args)
KRB5_LIB_FUNCTION const char
+*KRB5_LIB_CALL 		krb5_config_get_string_default (krb5_context context, const krb5_config_section *c, const char *def_value,...)
KRB5_LIB_FUNCTION char
+**KRB5_LIB_CALL 		krb5_config_vget_strings (krb5_context context, const krb5_config_section *c, va_list args)
KRB5_LIB_FUNCTION char
+**KRB5_LIB_CALL 		krb5_config_get_strings (krb5_context context, const krb5_config_section *c,...)
KRB5_LIB_FUNCTION void
+KRB5_LIB_CALL 		krb5_config_free_strings (char **strings)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_config_vget_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, va_list args)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_config_vget_bool (krb5_context context, const krb5_config_section *c, va_list args)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_config_get_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value,...)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_config_get_bool (krb5_context context, const krb5_config_section *c,...)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section *c, int def_value, va_list args)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context context, const krb5_config_section *c, va_list args)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section *c, int def_value,...)
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section *c,...)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_expand_hostname (krb5_context context, const char *orig_hostname, char **new_hostname)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_expand_hostname_realms (krb5_context context, const char *orig_hostname, char **new_hostname, char ***realms)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_free_host_realm (krb5_context context, krb5_realm *realmlist)
KRB5_LIB_FUNCTION krb5_boolean
+KRB5_LIB_CALL 		krb5_kuserok (krb5_context context, krb5_principal principal, const char *luser)
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb5_plugin_register (krb5_context context, enum krb5_plugin_type type, const char *name, void *symbol)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file (krb5_context  context,
const char *  file,
const char *  format,
  ... 
)
+
+
+ +

+krb5_acl_match_file matches ACL format against each line in a file using krb5_acl_match_string(). Lines starting with # are treated like comments and ignored.

+

Parameters:
+ + + + + +
context Kerberos 5 context.
file file with acl listed in the file.
format format to match.
... parameter to format string.
+
+
Returns:
Return an error code or 0.
+
See also:
krb5_acl_match_string
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string (krb5_context  context,
const char *  string,
const char *  format,
  ... 
)
+
+
+ +

+krb5_acl_match_string matches ACL format against a string.

+The ACL format has three format specifiers: s, f, and r. Each specifier will retrieve one argument from the variable arguments for either matching or storing data. The input string is split up using " " (space) and "\t" (tab) as a delimiter; multiple and "\t" in a row are considered to be the same.

+List of format specifiers:

    +
  • s Matches a string using strcmp(3) (case sensitive).
  • f Matches the string with fnmatch(3). Theflags argument (the last argument) passed to the fnmatch function is 0.
  • r Returns a copy of the string in the char ** passed in; the copy must be freed with free(3). There is no need to free(3) the string on error: the function will clean up and set the pointer to NULL.
+

+

Parameters:
+ + + + + +
context Kerberos 5 context
string string to match with
format format to match
... parameter to format string
+
+
Returns:
Return an error code or 0.
+
 char *s;
+
+ ret = krb5_acl_match_string(context, "foo", "s", "foo");
+ if (ret)
+     krb5_errx(context, 1, "acl didn't match");
+ ret = krb5_acl_match_string(context, "foo foo baz/kaka",
+     "ss", "foo", &s, "foo/\\*");
+ if (ret) {
+     // no need to free(s) on error
+     assert(s == NULL);
+     krb5_errx(context, 1, "acl didn't match");
+ }
+ free(s);
+

+

See also:
krb5_acl_match_file
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context  context,
krb5_config_section *  s 
)
+
+
+ +

+Free configuration file section, the result of krb5_config_parse_file() and krb5_config_parse_file_multi().

+

Parameters:
+ + + +
context A Kerberos 5 context
s the configuration section to free
+
+
Returns:
returns 0 on successes, otherwise an error code, see krb5_get_error_message()
+ +
+

+ +

+
+ + + + + + + + + +
KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char **  strings  ) 
+
+
+ +

+Free the resulting strings from krb5_config-get_strings() and krb5_config_vget_strings().

+

Parameters:
+ + +
strings strings to free
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context  context,
const krb5_config_section *  c,
  ... 
)
+
+
+ +

+Like krb5_config_get_bool() but with a va_list list of configuration selection.

+Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
... a list of names, terminated with NULL.
+
+
Returns:
TRUE or FALSE
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context  context,
const krb5_config_section *  c,
krb5_boolean  def_value,
  ... 
)
+
+
+ +

+krb5_config_get_bool_default() will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
def_value the default value to return if no configuration found in the database.
... a list of names, terminated with NULL.
+
+
Returns:
TRUE or FALSE
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_get_list (krb5_context  context,
const krb5_config_section *  c,
  ... 
)
+
+
+ +

+Get a list of configuration binding list for more processing

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
... a list of names, terminated with NULL.
+
+
Returns:
NULL if configuration list is not found, a list otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context  context,
const krb5_config_section *  c,
  ... 
)
+
+
+ +

+Returns a "const char *" to a string in the configuration database. The string may not be valid after a reload of the configuration database so a caller should make a local copy if it needs to keep the string.

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
... a list of names, terminated with NULL.
+
+
Returns:
NULL if configuration string not found, a string otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context  context,
const krb5_config_section *  c,
const char *  def_value,
  ... 
)
+
+
+ +

+Like krb5_config_get_string(), but instead of returning NULL, instead return a default value.

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
def_value the default value to return if no configuration found in the database.
... a list of names, terminated with NULL.
+
+
Returns:
a configuration string
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings (krb5_context  context,
const krb5_config_section *  c,
  ... 
)
+
+
+ +

+Get a list of configuration strings, free the result with krb5_config_free_strings().

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
... a list of names, terminated with NULL.
+
+
Returns:
TRUE or FALSE
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context  context,
const krb5_config_section *  c,
  ... 
)
+
+
+ +

+Get the time from the configuration file using a relative time, for example: 1h30s

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
... a list of names, terminated with NULL.
+
+
Returns:
parsed the time or -1 on error
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context  context,
const krb5_config_section *  c,
int  def_value,
  ... 
)
+
+
+ +

+Get the time from the configuration file using a relative time, for example: 1h30s

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
def_value the default value to return if no configuration found in the database.
... a list of names, terminated with NULL.
+
+
Returns:
parsed the time (or def_value on parse error)
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context  context,
const char *  fname,
krb5_config_section **  res 
)
+
+
+ +

+Parse a configuration file and add the result into res. This interface can be used to parse several configuration files into one resulting krb5_config_section by calling it repeatably.

+

Parameters:
+ + + + +
context a Kerberos 5 context.
fname a file name to a Kerberos configuration file
res the returned result, must be free with krb5_free_config_files().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +

+If the fname starts with "~/" parse configuration file in the current users home directory. The behavior can be disabled and enabled by calling krb5_set_home_dir_access(). +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context  context,
const krb5_config_section *  c,
va_list  args 
)
+
+
+ +

+krb5_config_get_bool() will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
args a va_list of arguments
+
+
Returns:
TRUE or FALSE
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context  context,
const krb5_config_section *  c,
krb5_boolean  def_value,
va_list  args 
)
+
+
+ +

+Like krb5_config_get_bool_default() but with a va_list list of configuration selection.

+Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE.

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
def_value the default value to return if no configuration found in the database.
args a va_list of arguments
+
+
Returns:
TRUE or FALSE
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_vget_list (krb5_context  context,
const krb5_config_section *  c,
va_list  args 
)
+
+
+ +

+Get a list of configuration binding list for more processing

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
args a va_list of arguments
+
+
Returns:
NULL if configuration list is not found, a list otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context  context,
const krb5_config_section *  c,
va_list  args 
)
+
+
+ +

+Like krb5_config_get_string(), but uses a va_list instead of ...

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
args a va_list of arguments
+
+
Returns:
NULL if configuration string not found, a string otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context  context,
const krb5_config_section *  c,
const char *  def_value,
va_list  args 
)
+
+
+ +

+Like krb5_config_vget_string(), but instead of returning NULL, instead return a default value.

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
def_value the default value to return if no configuration found in the database.
args a va_list of arguments
+
+
Returns:
a configuration string
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_vget_strings (krb5_context  context,
const krb5_config_section *  c,
va_list  args 
)
+
+
+ +

+Get a list of configuration strings, free the result with krb5_config_free_strings().

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
args a va_list of arguments
+
+
Returns:
TRUE or FALSE
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context  context,
const krb5_config_section *  c,
va_list  args 
)
+
+
+ +

+Get the time from the configuration file using a relative time, for example: 1h30s

+

Parameters:
+ + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
args a va_list of arguments
+
+
Returns:
parsed the time or -1 on error
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context  context,
const krb5_config_section *  c,
int  def_value,
va_list  args 
)
+
+
+ +

+Get the time from the configuration file using a relative time.

+Like krb5_config_get_time_default() but with a va_list list of configuration selection.

+

Parameters:
+ + + + + +
context A Kerberos 5 context.
c a configuration section, or NULL to use the section from context
def_value the default value to return if no configuration found in the database.
args a va_list of arguments
+
+
Returns:
parsed the time (or def_value on parse error)
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context  context,
const char *  orig_hostname,
char **  new_hostname 
)
+
+
+ +

+krb5_expand_hostname() tries to make orig_hostname into a more canonical one in the newly allocated space returned in new_hostname.

+

Parameters:
+ + + + +
context a Keberos context
orig_hostname hostname to canonicalise.
new_hostname output hostname, caller must free hostname with krb5_xfree().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context  context,
const char *  orig_hostname,
char **  new_hostname,
char ***  realms 
)
+
+
+ +

+krb5_expand_hostname_realms() expands orig_hostname to a name we believe to be a hostname in newly allocated space in new_hostname and return the realms new_hostname is believed to belong to in realms.

+

Parameters:
+ + + + + +
context a Keberos context
orig_hostname hostname to canonicalise.
new_hostname output hostname, caller must free hostname with krb5_xfree().
realms output possible realms, is an array that is terminated with NULL. Caller must free with krb5_free_host_realm().
+
+
Returns:
Return an error code or 0, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm (krb5_context  context,
krb5_realm *  realmlist 
)
+
+
+ +

+Free all memory allocated by `realmlist'

+

Parameters:
+ + + +
context A Kerberos 5 context.
realmlist realmlist to free, NULL is ok
+
+
Returns:
a Kerberos error code, always 0.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context  context,
krb5_principal  principal,
const char *  luser 
)
+
+
+ +

+This function takes the name of a local user and checks if principal is allowed to log in as that user.

+The user may have a ~/.k5login file listing principals that are allowed to login as that user. If that file does not exist, all principals with a first component identical to the username, and a realm considered local, are allowed access.

+The .k5login file must contain one principal per line, be owned by user and not be writable by group or other (but must be readable by anyone).

+Note that if the file exists, no implicit access rights are given to user@LOCALREALM.

+Optionally, a set of files may be put in ~/.k5login.d (a directory), in which case they will all be checked in the same manner as .k5login. The files may be called anything, but files starting with a hash (#) , or ending with a tilde (~) are ignored. Subdirectories are not traversed. Note that this directory may not be checked by other Kerberos implementations.

+If no configuration file exists, match user against local domains, ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES.

+

Parameters:
+ + + + +
context Kerberos 5 context.
principal principal to check if allowed to login
luser local user id
+
+
Returns:
returns TRUE if access should be granted, FALSE otherwise.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register (krb5_context  context,
enum krb5_plugin_type  type,
const char *  name,
void *  symbol 
)
+
+
+ +

+Register a plugin symbol name of specific type.

Parameters:
+ + + + + +
context a Keberos context
type type of plugin symbol
name name of plugin symbol
symbol a pointer to the named symbol
+
+
Returns:
In case of error a non zero error com_err error is returned and the Kerberos error string is set.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__ticket.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__ticket.html new file mode 100644 index 00000000000..38400ab7f21 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__ticket.html @@ -0,0 +1,73 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 ticket functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 ticket functions

+ + + + +

Functions

KRB5_LIB_FUNCTION unsigned
+long KRB5_LIB_CALL 		krb5_ticket_get_flags (krb5_context context, const krb5_ticket *ticket)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags (krb5_context  context,
const krb5_ticket *  ticket 
)
+
+
+ +

+Get the flags from the Kerberos ticket

+

Parameters:
+ + + +
context Kerberos context
ticket Kerberos ticket
+
+
Returns:
ticket flags
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__v4compat.html b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__v4compat.html new file mode 100644 index 00000000000..6acfb9e7857 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/group__krb5__v4compat.html @@ -0,0 +1,134 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 4 compatiblity functions + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 4 compatiblity functions

+ + + + + + +

Functions

KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb524_convert_creds_kdc (krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION("Use X instead")
KRB5_LIB_FUNCTION
+krb5_error_code KRB5_LIB_CALL 		krb524_convert_creds_kdc_ccache (krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION("Use X instead")
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc (krb5_context  context,
krb5_creds *  in_cred,
struct credentials *  v4creds 
)
+
+
+ +

+Convert the v5 credentials in in_cred to v4-dito in v4creds. This is done by sending them to the 524 function in the KDC. If `in_cred' doesn't contain a DES session key, then a new one is gotten from the KDC and stored in the cred cache `ccache'.

+

Parameters:
+ + + + +
context Kerberos 5 context.
in_cred the credential to convert
v4creds the converted credential
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache (krb5_context  context,
krb5_ccache  ccache,
krb5_creds *  in_cred,
struct credentials *  v4creds 
)
+
+
+ +

+Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credential cache ccache before checking with the KDC.

+

Parameters:
+ + + + + +
context Kerberos 5 context.
ccache credential cache used to check for des-ticket.
in_cred the credential to convert
v4creds the converted credential
+
+
Returns:
Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message().
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/index.html b/crypto/heimdal/doc/doxyout/krb5/html/index.html new file mode 100644 index 00000000000..aed57556e58 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/index.html @@ -0,0 +1,37 @@ + + +HeimdalKerberos5library: Heimdal Kerberos 5 library + + + +

+keyhole logo +

+ + + +
+

Heimdal Kerberos 5 library

+

+

1.5.1

+Introduction

+Heimdal libkrb5 library is a implementation of the Kerberos protocol.

+Kerberos is a system for authenticating users and services on a network. It is built upon the assumption that the network is ``unsafe''. For example, data sent over the network can be eavesdropped and altered, and addresses can also be faked. Therefore they cannot be used for authentication purposes.

+

+

+If you want to know more about the file formats that is used by Heimdal, please see: File formats

+The project web page: http://www.h5l.org/

+
+Generated on Fri Sep 30 15:26:18 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/krb5_ccache_intro.html b/crypto/heimdal/doc/doxyout/krb5/html/krb5_ccache_intro.html new file mode 100644 index 00000000000..a0992dc66a9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/krb5_ccache_intro.html @@ -0,0 +1,74 @@ + + +HeimdalKerberos5library: The credential cache functions + + + +

+keyhole logo +

+ + + +
+

The credential cache functions

+Kerberos credential caches

+krb5_ccache structure holds a Kerberos credential cache.

+Heimdal support the follow types of credential caches:

+

    +
  • SCC Store the credential in a database
  • FILE Store the credential in memory
  • MEMORY Store the credential in memory
  • API A credential cache server based solution for Mac OS X
  • KCM A credential cache server based solution for all platforms
+

+Example

+This is a minimalistic version of klist: 
#include <krb5.h>
+
+int
+main (int argc, char **argv)
+{
+    krb5_context context;
+    krb5_cc_cursor cursor;
+    krb5_error_code ret;
+    krb5_ccache id;
+    krb5_creds creds;
+
+    if (krb5_init_context (&context) != 0)
+        errx(1, "krb5_context");
+
+    ret = krb5_cc_default (context, &id);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_cc_default");
+
+    ret = krb5_cc_start_seq_get(context, id, &cursor);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
+
+    while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){
+        char *principal;
+
+        krb5_unparse_name(context, creds.server, &principal);
+        printf("principal: %s\\n", principal);
+        free(principal);
+        krb5_free_cred_contents (context, &creds);
+    }
+    ret = krb5_cc_end_seq_get(context, id, &cursor);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
+
+    krb5_cc_close(context, id);
+
+    krb5_free_context(context);
+    return 0;
+}
+
+
+Generated on Fri Sep 30 15:26:18 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/krb5_fileformats.html b/crypto/heimdal/doc/doxyout/krb5/html/krb5_fileformats.html new file mode 100644 index 00000000000..543ba048abd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/krb5_fileformats.html @@ -0,0 +1,154 @@ + + +HeimdalKerberos5library: File formats + + + +

+keyhole logo +

+ + + +
+

File formats

+File formats

+This section documents the diffrent file formats that are used in Heimdal and other Kerberos implementations.

+keytab

+The keytab binary format is not a standard format. The format has evolved and may continue to. It is however understood by several Kerberos implementations including Heimdal, MIT, Sun's Java ktab and are created by the ktpass.exe utility from Windows. So it has established itself as the defacto format for storing Kerberos keys.

+The following C-like structure definitions illustrate the MIT keytab file format. All values are in network byte order. All text is ASCII.

+

   keytab {
+       uint16_t file_format_version;                    # 0x502
+       keytab_entry entries[*];
+   };
+
+   keytab_entry {
+       int32_t size;
+       uint16_t num_components;   # subtract 1 if version 0x501
+       counted_octet_string realm;
+       counted_octet_string components[num_components];
+       uint32_t name_type;       # not present if version 0x501
+       uint32_t timestamp;
+       uint8_t vno8;
+       keyblock key;
+       uint32_t vno; #only present if >= 4 bytes left in entry
+       uint32_t flags; #only present if >= 4 bytes left in entry
+   };
+
+   counted_octet_string {
+       uint16_t length;
+       uint8_t data[length];
+   };
+
+   keyblock {
+       uint16_t type;
+       counted_octet_string;
+   };
+

+All numbers are stored in network byteorder (big endian) format.

+The keytab file format begins with the 16 bit file_format_version which at the time this document was authored is 0x502. The format of older keytabs is described at the end of this document.

+The file_format_version is immediately followed by an array of keytab_entry structures which are prefixed with a 32 bit size indicating the number of bytes that follow in the entry. Note that the size should be evaluated as signed. This is because a negative value indicates that the entry is in fact empty (e.g. it has been deleted) and that the negative value of that negative value (which is of course a positive value) is the offset to the next keytab_entry. Based on these size values alone the entire keytab file can be traversed.

+The size is followed by a 16 bit num_components field indicating the number of counted_octet_string components in the components array.

+The num_components field is followed by a counted_octet_string representing the realm of the principal.

+A counted_octet_string is simply an array of bytes prefixed with a 16 bit length. For the realm and name components, the counted_octet_string bytes are ASCII encoded text with no zero terminator.

+Following the realm is the components array that represents the name of the principal. The text of these components may be joined with slashs to construct the typical SPN representation. For example, the service principal HTTP/www.foo.net@FOO.NET would consist of name components "HTTP" followed by "www.foo.net".

+Following the components array is the 32 bit name_type (e.g. 1 is KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL.

+The 32 bit timestamp indicates the time the key was established for that principal. The value represents the number of seconds since Jan 1, 1970.

+The 8 bit vno8 field is the version number of the key. This value is overridden by the 32 bit vno field if it is present. The vno8 field is filled with the lower 8 bits of the 32 bit protocol kvno field.

+The keyblock structure consists of a 16 bit value indicating the encryption type and is a counted_octet_string containing the key. The encryption type is the same as the Kerberos standard (e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, etc).

+The last field of the keytab_entry structure is optional. If the size of the keytab_entry indicates that there are at least 4 bytes remaining, a 32 bit value representing the key version number is present. This value supersedes the 8 bit vno8 value preceeding the keyblock.

+Older keytabs with a file_format_version of 0x501 are different in three ways:

+

    +
  • All integers are in host byte order [1].
  • The num_components field is 1 too large (i.e. after decoding, decrement by 1).
  • The 32 bit name_type field is not present.
+

+[1] The file_format_version field should really be treated as two separate 8 bit quantities representing the major and minor version number respectively.

+Heimdal database dump file

+Format of the Heimdal text dump file as of Heimdal 0.6.3:

+Each line in the dump file is one entry in the database.

+Each field of a line is separated by one or more spaces, with the exception of fields consisting of principals containing spaces, where space can be quoted with \ and \ is quoted by \.

+Fields and their types are:

+

        Quoted princial (quote character is \) [string]
+        Keys [keys]
+        Created by [event]
+        Modified by [event optional]
+        Valid start time [time optional]
+        Valid end time [time optional]
+        Password end valid time [time optional]
+        Max lifetime of ticket [time optional]
+        Max renew time of ticket [integer optional]
+        Flags [hdb flags]
+        Generation number [generation optional]
+        Extensions [extentions optional]
+

+Fields following these silently are ignored.

+All optional fields will be skipped if they fail to parse (or comprise the optional field marker of "-", w/o quotes).

+Example:

+

 fred\@CODE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE.COM 20041221112428:fred\@CODE.COM - - - 86400 604800 126 20020415130120:793707:28 -
+

+Encoding of types are as follows:

+

    +
  • keys
+

+

 kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :}
+

+kvno is the key version number.

+keydata is hex-encoded

+masterkvno is the kvno of the database master key. If this field is empty, the kadmin load and merge operations will encrypt the key data with the master key if there is one. Otherwise the key data will be imported asis.

+salt is encoded as "-" (no/default salt) or

+

 salt-type /
+ salt-type / "string"
+ salt-type / hex-encoded-data
+

+keytype is the protocol enctype number; see enum ENCTYPE in include/krb5_asn1.h for values.

+Example: 

 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:-
+

+

 kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt}...
+

+

    +
  • time
+

+Format of the time is: YYYYmmddHHMMSS, corresponding to strftime format "%Y%m%d%k%M%S".

+Time is expressed in UTC.

+Time can be optional (using -), when the time 0 is used.

+Example:

+

 20041221112428
+

+

    +
  • event
+

+

        time:principal
+

+time is as given in format time

+principal is a string. Not quoting it may not work in earlier versions of Heimdal.

+Example: 

 20041221112428:bloggs\@CODE.COM
+

+

    +
  • hdb flags
+

+Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each bit in the integer is the same as the bit in the specification.

+

    +
  • generation:
+

+

 time:usec:gen
+

+usec is a the microsecond, integer. gen is generation number, integer.

+The generation can be defaulted (using '-') or the empty string

+

    +
  • extensions:
+

+

 first-hex-encoded-HDB-Extension[:second-...]
+

+HDB-extension is encoded the DER encoded HDB-Extension from lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that unknown entires needs to be preserved even thought the ASN.1 data content might be unknown. There is a critical flag in the data to show to the KDC that the entry MUST be understod if the entry is to be used.

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/krb5_init_creds_intro.html b/crypto/heimdal/doc/doxyout/krb5/html/krb5_init_creds_intro.html new file mode 100644 index 00000000000..a9b43a255e1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/krb5_init_creds_intro.html @@ -0,0 +1,29 @@ + + +HeimdalKerberos5library: The initial credential handing functions + + + +

+keyhole logo +

+ + + +
+

The initial credential handing functions

+Initial credential

+Functions to get initial credentials: Heimdal Kerberos 5 credential handing functions .
+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/krb5_introduction.html b/crypto/heimdal/doc/doxyout/krb5/html/krb5_introduction.html new file mode 100644 index 00000000000..8745a342f05 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/krb5_introduction.html @@ -0,0 +1,204 @@ + + +HeimdalKerberos5library: Introduction to the Kerberos 5 API + + + +

+keyhole logo +

+ + + +
+

Introduction to the Kerberos 5 API

+Kerberos 5 API Overview

+All functions are documented in manual pages. This section tries to give an overview of the major components used in Kerberos library, and point to where to look for a specific function.

+Kerberos context

+A kerberos context (krb5_context) holds all per thread state. All global variables that are context specific are stored in this structure, including default encryption types, credential cache (for example, a ticket file), and default realms.

+The internals of the structure should never be accessed directly, functions exist for extracting information.

+See the manual page for krb5_init_context() how to create a context and module Heimdal Kerberos 5 library for more information about the functions.

+Kerberos authentication context

+Kerberos authentication context (krb5_auth_context) holds all context related to an authenticated connection, in a similar way to the kerberos context that holds the context for the thread or process.

+The krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum types.

+Kerberos principal

+The Kerberos principal is the structure that identifies a user or service in Kerberos. The structure that holds the principal is the krb5_principal. There are function to extract the realm and elements of the principal, but most applications have no reason to inspect the content of the structure.

+The are several ways to create a principal (with different degree of portability), and one way to free it.

+See also the page The principal handing functions. for more information and also module Heimdal Kerberos 5 principal functions.

+Credential cache

+A credential cache holds the tickets for a user. A given user can have several credential caches, one for each realm where the user have the initial tickets (the first krbtgt).

+The credential cache data can be stored internally in different way, each of them for different proposes. File credential (FILE) caches and processes based (KCM) caches are for permanent storage. While memory caches (MEMORY) are local caches to the local process.

+Caches are opened with krb5_cc_resolve() or created with krb5_cc_new_unique().

+If the cache needs to be opened again (using krb5_cc_resolve()) krb5_cc_close() will close the handle, but not the remove the cache. krb5_cc_destroy() will zero out the cache, remove the cache so it can no longer be referenced.

+See also The credential cache functions and Heimdal Kerberos 5 credential cache functions .

+Kerberos errors

+Kerberos errors are based on the com_err library. All error codes are 32-bit signed numbers, the first 24 bits define what subsystem the error originates from, and last 8 bits are 255 error codes within the library. Each error code have fixed string associated with it. For example, the error-code -1765328383 have the symbolic name KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in database has expired''.

+This is a great improvement compared to just getting one of the unix error-codes back. However, Heimdal have an extention to pass back customised errors messages. Instead of getting ``Key table entry not found'', the user might back ``failed to find host/host.example.com@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab (des-cbc-crc)''. This improves the chance that the user find the cause of the error so you should use the customised error message whenever it's available.

+See also module Heimdal Kerberos 5 error reporting functions .

+Keytab management

+A keytab is a storage for locally stored keys. Heimdal includes keytab support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, and for storing keys in memory.

+Keytabs are used for servers and long-running services.

+See also The keytab handing functions and Heimdal Kerberos 5 keytab handling functions .

+Kerberos crypto

+Heimdal includes a implementation of the Kerberos crypto framework, all crypto operations. To create a crypto context call krb5_crypto_init().

+See also module Heimdal Kerberos 5 cryptography functions .

+Walkthrough of a sample Kerberos 5 client

+This example contains parts of a sample TCP Kerberos 5 clients, if you want a real working client, please look in appl/test directory in the Heimdal distribution.

+All Kerberos error-codes that are returned from kerberos functions in this program are passed to krb5_err, that will print a descriptive text of the error code and exit. Graphical programs can convert error-code to a human readable error-string with the krb5_get_error_message() function.

+Note that you should not use any Kerberos function before krb5_init_context() have completed successfully. That is the reason err() is used when krb5_init_context() fails.

+First the client needs to call krb5_init_context to initialise the Kerberos 5 library. This is only needed once per thread in the program. If the function returns a non-zero value it indicates that either the Kerberos implementation is failing or it's disabled on this host.

+

 #include <krb5.h>
+
+ int
+ main(int argc, char **argv)
+ {
+         krb5_context context;
+
+         if (krb5_init_context(&context))
+                 errx (1, "krb5_context");
+

+Now the client wants to connect to the host at the other end. The preferred way of doing this is using getaddrinfo (for operating system that have this function implemented), since getaddrinfo is neutral to the address type and can use any protocol that is available.

+

         struct addrinfo *ai, *a;
+         struct addrinfo hints;
+         int error;
+
+         memset (&hints, 0, sizeof(hints));
+         hints.ai_socktype = SOCK_STREAM;
+         hints.ai_protocol = IPPROTO_TCP;
+
+         error = getaddrinfo (hostname, "pop3", &hints, &ai);
+         if (error)
+                 errx (1, "%s: %s", hostname, gai_strerror(error));
+
+         for (a = ai; a != NULL; a = a->ai_next) {
+                 int s;
+
+                 s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+                 if (s < 0)
+                         continue;
+                 if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
+                         warn ("connect(%s)", hostname);
+                             close (s);
+                             continue;
+                 }
+                 freeaddrinfo (ai);
+                 ai = NULL;
+         }
+         if (ai) {
+                     freeaddrinfo (ai);
+                     errx ("failed to contact %s", hostname);
+         }
+

+Before authenticating, an authentication context needs to be created. This context keeps all information for one (to be) authenticated connection (see krb5_auth_context).

+

         status = krb5_auth_con_init (context, &auth_context);
+         if (status)
+                 krb5_err (context, 1, status, "krb5_auth_con_init");
+

+For setting the address in the authentication there is a help function krb5_auth_con_setaddrs_from_fd() that does everything that is needed when given a connected file descriptor to the socket.

+

         status = krb5_auth_con_setaddrs_from_fd (context,
+                                                  auth_context,
+                                                  &sock);
+         if (status)
+                 krb5_err (context, 1, status,
+                           "krb5_auth_con_setaddrs_from_fd");
+

+The next step is to build a server principal for the service we want to connect to. (See also krb5_sname_to_principal().)

+

         status = krb5_sname_to_principal (context,
+                                           hostname,
+                                           service,
+                                           KRB5_NT_SRV_HST,
+                                           &server);
+         if (status)
+                 krb5_err (context, 1, status, "krb5_sname_to_principal");
+

+The client principal is not passed to krb5_sendauth() function, this causes the krb5_sendauth() function to try to figure it out itself.

+The server program is using the function krb5_recvauth() to receive the Kerberos 5 authenticator.

+In this case, mutual authentication will be tried. That means that the server will authenticate to the client. Using mutual authentication is good since it enables the user to verify that they are talking to the right server (a server that knows the key).

+If you are using a non-blocking socket you will need to do all work of krb5_sendauth() yourself. Basically you need to send over the authenticator from krb5_mk_req() and, in case of mutual authentication, verifying the result from the server with krb5_rd_rep().

+

         status = krb5_sendauth (context,
+                                 &auth_context,
+                                 &sock,
+                                 VERSION,
+                                 NULL,
+                                 server,
+                                 AP_OPTS_MUTUAL_REQUIRED,
+                                 NULL,
+                                 NULL,
+                                 NULL,
+                                 NULL,
+                                 NULL,
+                                 NULL);
+         if (status)
+                 krb5_err (context, 1, status, "krb5_sendauth");
+

+Once authentication has been performed, it is time to send some data. First we create a krb5_data structure, then we sign it with krb5_mk_safe() using the auth_context that contains the session-key that was exchanged in the krb5_sendauth()/krb5_recvauth() authentication sequence.

+

         data.data   = "hej";
+         data.length = 3;
+
+         krb5_data_zero (&packet);
+
+         status = krb5_mk_safe (context,
+                                auth_context,
+                                &data,
+                                &packet,
+                                NULL);
+         if (status)
+                 krb5_err (context, 1, status, "krb5_mk_safe");
+

+And send it over the network.

+

         len = packet.length;
+         net_len = htonl(len);
+
+         if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+                 err (1, "krb5_net_write");
+         if (krb5_net_write (context, &sock, packet.data, len) != len)
+                 err (1, "krb5_net_write");
+

+To send encrypted (and signed) data krb5_mk_priv() should be used instead. krb5_mk_priv() works the same way as krb5_mk_safe(), with the exception that it encrypts the data in addition to signing it.

+

         data.data   = "hemligt";
+         data.length = 7;
+
+         krb5_data_free (&packet);
+
+         status = krb5_mk_priv (context,
+                                auth_context,
+                                &data,
+                                &packet,
+                                NULL);
+         if (status)
+                 krb5_err (context, 1, status, "krb5_mk_priv");
+

+And send it over the network.

+

         len = packet.length;
+         net_len = htonl(len);
+
+         if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+                 err (1, "krb5_net_write");
+         if (krb5_net_write (context, &sock, packet.data, len) != len)
+                 err (1, "krb5_net_write");
+

+The server is using krb5_rd_safe() and krb5_rd_priv() to verify the signature and decrypt the packet.

+Validating a password in an application

+See the manual page for krb5_verify_user().

+API differences to MIT Kerberos

+This section is somewhat disorganised, but so far there is no overall structure to the differences, though some of the have their root in that Heimdal uses an ASN.1 compiler and MIT doesn't.

+Principal and realms

+Heimdal stores the realm as a krb5_realm, that is a char *. MIT Kerberos uses a krb5_data to store a realm.

+In Heimdal krb5_principal doesn't contain the component name_type; it's instead stored in component name.name_type. To get and set the nametype in Heimdal, use krb5_principal_get_type() and krb5_principal_set_type().

+For more information about principal and realms, see krb5_principal.

+Error messages

+To get the error string, Heimdal uses krb5_get_error_message(). This is to return custom error messages (like ``Can't find host/datan.example.com@CODE.COM in /etc/krb5.conf.'' instead of a ``Key table entry not found'' that error_message returns.

+Heimdal uses a threadsafe(r) version of the com_err interface; the global com_err table isn't initialised. Then error_message returns quite a boring error string (just the error code itself).

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/krb5_keytab_intro.html b/crypto/heimdal/doc/doxyout/krb5/html/krb5_keytab_intro.html new file mode 100644 index 00000000000..814d5351507 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/krb5_keytab_intro.html @@ -0,0 +1,82 @@ + + +HeimdalKerberos5library: The keytab handing functions + + + +

+keyhole logo +

+ + + +
+

The keytab handing functions

+Kerberos Keytabs

+See the library functions here: Heimdal Kerberos 5 keytab handling functions

+Keytabs are long term key storage for servers, their equvalment of password files.

+Normally the only function that useful for server are to specify what keytab to use to other core functions like krb5_rd_req() krb5_kt_resolve(), and krb5_kt_close().

+Keytab names

+A keytab name is on the form type:residual. The residual part is specific to each keytab-type.

+When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is FILE.

+The default value can be changed in the configuration file /etc/krb5.conf by setting the variable [defaults]default_keytab_name.

+The keytab types that are implemented in Heimdal are:

    +
  • file store the keytab in a file, the type's name is FILE . The residual part is a filename. For compatibility with other Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE has the same format as FILE. JAVA14 have a format that is compatible with older versions of MIT kerberos and SUN's Java based installation. They store a truncted kvno, so when the knvo excess 255, they are truncted in this format.
+

+

    +
  • keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEYFILE. The residual part is a filename.
+

+

    +
  • memory The keytab is stored in a memory segment. This allows sensitive and/or temporary data not to be stored on disk. The type's name is MEMORY. Each MEMORY keytab is referenced counted by and opened by the residual name, so two handles can point to the same memory area. When the last user closes using krb5_kt_close() the keytab, the keys in they keytab is memset() to zero and freed and can no longer be looked up by name.
+

+Keytab example

+This is a minimalistic version of ktutil.

+

int
+main (int argc, char **argv)
+{
+    krb5_context context;
+    krb5_keytab keytab;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry entry;
+    krb5_error_code ret;
+    char *principal;
+
+    if (krb5_init_context (&context) != 0)
+        errx(1, "krb5_context");
+
+    ret = krb5_kt_default (context, &keytab);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_kt_default");
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_kt_start_seq_get");
+    while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
+        krb5_unparse_name(context, entry.principal, &principal);
+        printf("principal: %s\n", principal);
+        free(principal);
+        krb5_kt_free_entry(context, &entry);
+    }
+    ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_kt_end_seq_get");
+    ret = krb5_kt_close(context, keytab);
+    if (ret)
+        krb5_err(context, 1, ret, "krb5_kt_close");
+    krb5_free_context(context);
+    return 0;
+}
+
+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/krb5_principal_intro.html b/crypto/heimdal/doc/doxyout/krb5/html/krb5_principal_intro.html new file mode 100644 index 00000000000..7cdb71d0609 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/krb5_principal_intro.html @@ -0,0 +1,32 @@ + + +HeimdalKerberos5library: The principal handing functions. + + + +

+keyhole logo +

+ + + +
+

The principal handing functions.

A Kerberos principal is a email address looking string that contains to parts separeted by a @. The later part is the kerbero realm the principal belongs to and the former is a list of 0 or more components. For example 
+lha@SU.SE
+host/hummel.it.su.se@SU.SE
+host/admin@H5L.ORG
+

+See the library functions here: Heimdal Kerberos 5 principal functions

+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/modules.html b/crypto/heimdal/doc/doxyout/krb5/html/modules.html new file mode 100644 index 00000000000..0f566ae2647 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/modules.html @@ -0,0 +1,45 @@ + + +HeimdalKerberos5library: Module Index + + + +

+keyhole logo +

+ + + +
+

Modules

Here is a list of all modules: +
+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/pages.html b/crypto/heimdal/doc/doxyout/krb5/html/pages.html new file mode 100644 index 00000000000..63a1d90f49d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/pages.html @@ -0,0 +1,41 @@ + + +HeimdalKerberos5library: Page Index + + + +

+keyhole logo +

+ + + +
+

Related Pages

Here is a list of all related documentation pages: +
+
+Generated on Fri Sep 30 15:26:18 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/structkrb5__crypto__iov.html b/crypto/heimdal/doc/doxyout/krb5/html/structkrb5__crypto__iov.html new file mode 100644 index 00000000000..04681815271 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/structkrb5__crypto__iov.html @@ -0,0 +1,40 @@ + + +HeimdalKerberos5library: krb5_crypto_iov Struct Reference + + + +

+keyhole logo +

+ + + +
+

krb5_crypto_iov Struct Reference

#include <krb5.h> +

+ + +
+

Detailed Description

+Semi private, not stable yet
The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/krb5/krb5.h
+
+
+Generated on Fri Sep 30 15:26:19 2011 for HeimdalKerberos5library by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/krb5/html/tab_b.gif b/crypto/heimdal/doc/doxyout/krb5/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/krb5/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/krb5/html/tab_l.gif b/crypto/heimdal/doc/doxyout/krb5/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/krb5/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/krb5/html/tab_r.gif b/crypto/heimdal/doc/doxyout/krb5/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/krb5/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/krb5/html/tabs.css b/crypto/heimdal/doc/doxyout/krb5/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5.3 new file mode 100644 index 00000000000..a6661bd923d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5.3 @@ -0,0 +1,1092 @@ +.TH "Heimdal Kerberos 5 library" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 library \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_add_et_list\fP (krb5_context context, void(*func)(struct et_list **))" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_password\fP (krb5_context context, krb5_creds *creds, const char *newpw, krb5_principal targprinc, int *result_code, krb5_data *result_code_string, krb5_data *result_string)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_context\fP (krb5_context *context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_context\fP (krb5_context context, krb5_context *out)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_context\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_config_files\fP (krb5_context context, char **filenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_prepend_config_files_default\fP (const char *filelist, char ***pfilenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_default_config_files\fP (char ***pfilenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_config_files\fP (char **filenames)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_enctype *KRB5_LIB_CALL \fBkrb5_kerberos_enctypes\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_default_in_tkt_etypes\fP (krb5_context context, const krb5_enctype *etypes)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_default_in_tkt_etypes\fP (krb5_context context, krb5_pdu pdu_type, krb5_enctype **etypes)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_init_ets\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_use_admin_kdc\fP (krb5_context context, krb5_boolean flag)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_get_use_admin_kdc\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_add_extra_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_extra_addresses\fP (krb5_context context, const krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_extra_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_add_ignore_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_ignore_addresses\fP (krb5_context context, const krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_ignore_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_fcache_version\fP (krb5_context context, int version)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_fcache_version\fP (krb5_context context, int *version)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_thread_safe\fP (void)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_dns_canonicalize_hostname\fP (krb5_context context, krb5_boolean flag)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_get_dns_canonicalize_hostname\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_kdc_sec_offset\fP (krb5_context context, int32_t *sec, int32_t *usec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_kdc_sec_offset\fP (krb5_context context, int32_t sec, int32_t usec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL \fBkrb5_get_max_time_skew\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_max_time_skew\fP (krb5_context context, time_t t)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_set_home_dir_access\fP (krb5_context context, krb5_boolean allow)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_host_realm\fP (krb5_context context, const krb5_realm *from, krb5_realm **to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_cred_contents\fP (krb5_context context, krb5_creds *c)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_creds_contents\fP (krb5_context context, const krb5_creds *incred, krb5_creds *c)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_creds\fP (krb5_context context, const krb5_creds *incred, krb5_creds **outcred)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_creds\fP (krb5_context context, krb5_creds *c)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_compare_creds\fP (krb5_context context, krb5_flags whichfields, const krb5_creds *mcreds, const krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL \fBkrb5_creds_get_ticket_flags\fP (krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_data_zero\fP (krb5_data *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_data_free\fP (krb5_data *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_data\fP (krb5_context context, krb5_data *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_data_alloc\fP (krb5_data *p, int len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_data_realloc\fP (krb5_data *p, int len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_data_copy\fP (krb5_data *p, const void *data, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_data\fP (krb5_context context, const krb5_data *indata, krb5_data **outdata)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_data_cmp\fP (const krb5_data *data1, const krb5_data *data2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_data_ct_cmp\fP (const krb5_data *data1, const krb5_data *data2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_krbhst_get_addrinfo\fP (krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_ticket\fP (krb5_context context, krb5_ticket *ticket)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_ticket\fP (krb5_context context, const krb5_ticket *from, krb5_ticket **to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ticket_get_client\fP (krb5_context context, const krb5_ticket *ticket, krb5_principal *client)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ticket_get_server\fP (krb5_context context, const krb5_ticket *ticket, krb5_principal *server)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL \fBkrb5_ticket_get_endtime\fP (krb5_context context, const krb5_ticket *ticket)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ticket_get_authorization_data_type\fP (krb5_context context, krb5_ticket *ticket, int type, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_real_time\fP (krb5_context context, krb5_timestamp sec, int32_t usec)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context context, void(*)(struct et_list **) func)" +.PP +Add a specified list of error messages to the et list in context. Call func (probably a comerr-generated function) with a pointer to the current et_list. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A kerberos context. +.br +\fIfunc\fP The generated com_err et function. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses (krb5_context context, krb5_addresses * addresses)" +.PP +Add extra address to the address list that the library will add to the client's address list when communicating with the KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIaddresses\fP addreses to add +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses (krb5_context context, krb5_addresses * addresses)" +.PP +Add extra addresses to ignore when fetching addresses from the underlaying operating system. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIaddresses\fP addreses to ignore +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds (krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds)" +.PP +Return TRUE if `mcreds' and `creds' are equal (`whichfields' determines what equal means). +.PP +The following flags, set in whichfields affects the comparison: +.IP "\(bu" 2 +KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal. +.IP "\(bu" 2 +KRB5_TC_MATCH_KEYTYPE Compare enctypes. +.IP "\(bu" 2 +KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical. +.IP "\(bu" 2 +KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds . +.IP "\(bu" 2 +KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly. +.IP "\(bu" 2 +KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds. +.IP "\(bu" 2 +KRB5_TC_MATCH_AUTHDATA Compares the authdata fields. +.IP "\(bu" 2 +KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication). +.IP "\(bu" 2 +KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket. +.PP +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIwhichfields\fP which fields to compare. +.br +\fImcreds\fP cred to compare with. +.br +\fIcreds\fP cred to compare with. +.RE +.PP +\fBReturns:\fP +.RS 4 +return TRUE if mcred and creds are equal, FALSE if not. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_context (krb5_context context, krb5_context * out)" +.PP +Make a copy for the Kerberos 5 context, the new krb5_context shoud be freed with \fBkrb5_free_context()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP the Kerberos context to copy +.br +\fIout\fP the copy of the Kerberos, set to NULL error. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context context, const krb5_creds * incred, krb5_creds ** outcred)" +.PP +Copy krb5_creds. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIincred\fP source credential +.br +\fIoutcred\fP destination credential, free with \fBkrb5_free_creds()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context context, const krb5_creds * incred, krb5_creds * c)" +.PP +Copy content of krb5_creds. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIincred\fP source credential +.br +\fIc\fP destination credential, free with \fBkrb5_free_cred_contents()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data (krb5_context context, const krb5_data * indata, krb5_data ** outdata)" +.PP +Copy the data into a newly allocated krb5_data. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIindata\fP the krb5_data data to copy +.br +\fIoutdata\fP new krb5_date to copy too. Free with \fBkrb5_free_data()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm (krb5_context context, const krb5_realm * from, krb5_realm ** to)" +.PP +Copy the list of realms from `from' to `to'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIfrom\fP list of realms to copy from. +.br +\fIto\fP list of realms to copy to, free list of \fBkrb5_free_host_realm()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket (krb5_context context, const krb5_ticket * from, krb5_ticket ** to)" +.PP +Copy ticket and content +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIfrom\fP ticket to copy +.br +\fIto\fP new copy of ticket, free with \fBkrb5_free_ticket()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags (krb5_creds * creds)" +.PP +Returns the ticket flags for the credentials in creds. See also \fBkrb5_ticket_get_flags()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcreds\fP credential to get ticket flags from +.RE +.PP +\fBReturns:\fP +.RS 4 +ticket flags +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc (krb5_data * p, int len)" +.PP +Allocate data of and krb5_data. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP krb5_data to allocate. +.br +\fIlen\fP size to allocate. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp (const krb5_data * data1, const krb5_data * data2)" +.PP +Compare to data. +.PP +\fBParameters:\fP +.RS 4 +\fIdata1\fP krb5_data to compare +.br +\fIdata2\fP krb5_data to compare +.RE +.PP +\fBReturns:\fP +.RS 4 +return the same way as memcmp(), useful when sorting. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy (krb5_data * p, const void * data, size_t len)" +.PP +Copy the data of len into the krb5_data. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP krb5_data to copy into. +.br +\fIdata\fP data to copy.. +.br +\fIlen\fP new size. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_ct_cmp (const krb5_data * data1, const krb5_data * data2)" +.PP +Compare to data not exposing timing information from the checksum data +.PP +\fBParameters:\fP +.RS 4 +\fIdata1\fP krb5_data to compare +.br +\fIdata2\fP krb5_data to compare +.RE +.PP +\fBReturns:\fP +.RS 4 +returns zero for same data, otherwise non zero. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free (krb5_data * p)" +.PP +Free the content of krb5_data structure, its ok to free a zeroed structure (with memset() or \fBkrb5_data_zero()\fP). When done, the structure will be zeroed. The same function is called \fBkrb5_free_data_contents()\fP in MIT Kerberos. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP krb5_data to free. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc (krb5_data * p, int len)" +.PP +Grow (or shrink) the content of krb5_data to a new size. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP krb5_data to free. +.br +\fIlen\fP new size. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero (krb5_data * p)" +.PP +Reset the (potentially uninitalized) krb5_data structure. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP krb5_data to reset. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files (char ** filenames)" +.PP +Free a list of configuration files. +.PP +\fBParameters:\fP +.RS 4 +\fIfilenames\fP list, terminated with a NULL pointer, to be freed. NULL is an valid argument. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context (krb5_context context)" +.PP +Frees the krb5_context allocated by \fBkrb5_init_context()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP context to be freed. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context context, krb5_creds * c)" +.PP +Free content of krb5_creds. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIc\fP krb5_creds to free. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context context, krb5_creds * c)" +.PP +Free krb5_creds. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIc\fP krb5_creds to free. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data (krb5_context context, krb5_data * p)" +.PP +Free krb5_data (and its content). +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIp\fP krb5_data to free. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket (krb5_context context, krb5_ticket * ticket)" +.PP +Free ticket and content +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to free +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files (char *** pfilenames)" +.PP +Get the global configuration list. +.PP +\fBParameters:\fP +.RS 4 +\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes (krb5_context context, krb5_pdu pdu_type, krb5_enctype ** etypes)" +.PP +Get the default encryption types that will be use in communcation with the KDC, clients and servers. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIetypes\fP Encryption types, array terminated with ETYPE_NULL(0), caller should free array with krb5_xfree(): +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context context)" +.PP +Get if the library uses DNS to canonicalize hostnames. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.RE +.PP +\fBReturns:\fP +.RS 4 +return non zero if the library uses DNS to canonicalize hostnames. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses (krb5_context context, krb5_addresses * addresses)" +.PP +Get extra address to the address list that the library will add to the client's address list when communicating with the KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIaddresses\fP addreses to set +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version (krb5_context context, int * version)" +.PP +Get version of fcache that the library should use. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIversion\fP version number. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses (krb5_context context, krb5_addresses * addresses)" +.PP +Get extra addresses to ignore when fetching addresses from the underlaying operating system. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIaddresses\fP list addreses ignored +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context context, int32_t * sec, int32_t * usec)" +.PP +Get current offset in time to the KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIsec\fP seconds part of offset. +.br +\fIusec\fP micro seconds part of offset. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns zero +.RE +.PP + +.SS "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context context)" +.PP +Get max time skew allowed. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.RE +.PP +\fBReturns:\fP +.RS 4 +timeskew in seconds. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context context)" +.PP +Make the kerberos library default to the admin KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.RE +.PP +\fBReturns:\fP +.RS 4 +boolean flag to telling the context will use admin KDC as the default KDC. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context (krb5_context * context)" +.PP +Initializes the context structure and reads the configuration file /etc/krb5.conf. The structure should be freed by calling \fBkrb5_free_context()\fP when it is no longer being used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP pointer to returned context +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an errno code is returned. Failure means either that something bad happened during initialization (typically ENOMEM) or that Kerberos should not be used ENXIO. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context context)" +.PP +Init the built-in ets in the Kerberos library. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP kerberos context to add the ets too +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe (void)" +.PP +Runtime check if the Kerberos library was complied with thread support. +.PP +\fBReturns:\fP +.RS 4 +TRUE if the library was compiled with thread support, FALSE if not. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const krb5_enctype* KRB5_LIB_CALL krb5_kerberos_enctypes (krb5_context context)" +.PP +Returns the list of Kerberos encryption types sorted in order of most preferred to least preferred encryption type. Note that some encryption types might be disabled, so you need to check with \fBkrb5_enctype_valid()\fP before using the encryption type. +.PP +\fBReturns:\fP +.RS 4 +list of enctypes, terminated with ETYPE_NULL. Its a static array completed into the Kerberos library so the content doesn't need to be freed. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo (krb5_context context, krb5_krbhst_info * host, struct addrinfo ** ai)" +.PP +Return an `struct addrinfo *' for a KDC host. +.PP +Returns an the struct addrinfo in in that corresponds to the information in `host'. free:ing is handled by krb5_krbhst_free, so the returned ai must not be released. +.PP +First try this as an IP address, this allows us to add a dot at the end to stop using the search domains. +.PP +If the hostname contains a dot, assumes it's a FQDN and don't use search domains since that might be painfully slow when machine is disconnected from that network. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default (const char * filelist, char *** pfilenames)" +.PP +Prepend the filename to the global configuration list. +.PP +\fBParameters:\fP +.RS 4 +\fIfilelist\fP a filename to add to the default list of filename +.br +\fIpfilenames\fP return array of filenames, should be freed with \fBkrb5_free_config_files()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files (krb5_context context, char ** filenames)" +.PP +Reinit the context from a new set of filenames. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP context to add configuration too. +.br +\fIfilenames\fP array of filenames, end of list is indicated with a NULL filename. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes (krb5_context context, const krb5_enctype * etypes)" +.PP +Set the default encryption types that will be use in communcation with the KDC, clients and servers. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIetypes\fP Encryption types, array terminated with ETYPE_NULL (0). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)" +.PP +Set if the library should use DNS to canonicalize hostnames. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIflag\fP if its dns canonicalizion is used or not. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses (krb5_context context, const krb5_addresses * addresses)" +.PP +Set extra address to the address list that the library will add to the client's address list when communicating with the KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIaddresses\fP addreses to set +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version (krb5_context context, int version)" +.PP +Set version of fcache that the library should use. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIversion\fP version number. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_set_home_dir_access (krb5_context context, krb5_boolean allow)" +.PP +Enable and disable home directory access on either the global state or the krb5_context state. By calling \fBkrb5_set_home_dir_access()\fP with context set to NULL, the global state is configured otherwise the state for the krb5_context is modified. +.PP +For home directory access to be allowed, both the global state and the krb5_context state have to be allowed. +.PP +Administrator (root user), never uses the home directory. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context or NULL +.br +\fIallow\fP allow if TRUE home directory +.RE +.PP +\fBReturns:\fP +.RS 4 +the old value +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses (krb5_context context, const krb5_addresses * addresses)" +.PP +Set extra addresses to ignore when fetching addresses from the underlaying operating system. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIaddresses\fP addreses to ignore +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)" +.PP +Set current offset in time to the KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIsec\fP seconds part of offset. +.br +\fIusec\fP micro seconds part of offset. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns zero +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context context, time_t t)" +.PP +Set max time skew allowed. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIt\fP timeskew in seconds. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password (krb5_context context, krb5_creds * creds, const char * newpw, krb5_principal targprinc, int * result_code, krb5_data * result_code_string, krb5_data * result_string)" +.PP +Change password using creds. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIcreds\fP The initial kadmin/passwd for the principal or an admin principal +.br +\fInewpw\fP The new password to set +.br +\fItargprinc\fP if unset, the default principal is used. +.br +\fIresult_code\fP Result code, KRB5_KPASSWD_SUCCESS is when password is changed. +.br +\fIresult_code_string\fP binary message from the server, contains at least the result_code. +.br +\fIresult_string\fP A message from the kpasswd service or the library in human printable form. The string is NUL terminated. +.RE +.PP +\fBReturns:\fP +.RS 4 +On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed. +.RE +.PP +@ +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec)" +.PP +Set the absolute time that the caller knows the kdc has so the kerberos library can calculate the relative diffrence beteen the KDC time and local system time. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Keberos 5 context. +.br +\fIsec\fP The applications new of 'now' in seconds +.br +\fIusec\fP The applications new of 'now' in micro seconds +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.PP +If the caller passes in a negative usec, its assumed to be unknown and the function will use the current time usec. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)" +.PP +Make the kerberos library default to the admin KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIflag\fP boolean flag to select if the use the admin KDC or not. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type (krb5_context context, krb5_ticket * ticket, int type, krb5_data * data)" +.PP +Extract the authorization data type of type from the ticket. Store the field in data. This function is to use for kerberos applications. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP Kerberos ticket +.br +\fItype\fP type to fetch +.br +\fIdata\fP returned data, free with \fBkrb5_data_free()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client (krb5_context context, const krb5_ticket * ticket, krb5_principal * client)" +.PP +Return client principal in ticket +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to copy +.br +\fIclient\fP client principal, free with \fBkrb5_free_principal()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime (krb5_context context, const krb5_ticket * ticket)" +.PP +Return end time of ticket +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to copy +.RE +.PP +\fBReturns:\fP +.RS 4 +end time of ticket +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server (krb5_context context, const krb5_ticket * ticket, krb5_principal * server)" +.PP +Return server principal in ticket +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIticket\fP ticket to copy +.br +\fIserver\fP server principal, free with \fBkrb5_free_principal()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb524_convert_creds_kdc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb524_convert_creds_kdc.3 new file mode 100644 index 00000000000..2f0545d0dd2 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb524_convert_creds_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5_v4compat.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb524_convert_creds_kdc_ccache.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb524_convert_creds_kdc_ccache.3 new file mode 100644 index 00000000000..2f0545d0dd2 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb524_convert_creds_kdc_ccache.3 @@ -0,0 +1 @@ +.so man3/krb5_v4compat.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acc_ops.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acc_ops.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acl_match_file.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acl_match_file.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acl_match_file.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acl_match_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acl_match_string.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_acl_match_string.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_et_list.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_et_list.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_et_list.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_extra_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_extra_addresses.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_extra_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_ignore_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_ignore_addresses.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_add_ignore_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_addr2sockaddr.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_addr2sockaddr.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_addr2sockaddr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 new file mode 100644 index 00000000000..9b2e5d92984 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address.3 @@ -0,0 +1,461 @@ +.TH "Heimdal Kerberos 5 address functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 address functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sockaddr2address\fP (krb5_context context, const struct sockaddr *sa, krb5_address *addr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sockaddr2port\fP (krb5_context context, const struct sockaddr *sa, int16_t *port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_addr2sockaddr\fP (krb5_context context, const krb5_address *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL \fBkrb5_max_sockaddr_size\fP (void)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_sockaddr_uninteresting\fP (const struct sockaddr *sa)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_addr2sockaddr\fP (krb5_context context, int af, const char *addr, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_addr2addr\fP (krb5_context context, int af, const char *haddr, krb5_address *addr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_anyaddr\fP (krb5_context context, int af, struct sockaddr *sa, krb5_socklen_t *sa_size, int port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_print_address\fP (const krb5_address *addr, char *str, size_t len, size_t *ret_len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_address\fP (krb5_context context, const char *string, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_address_order\fP (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_address_compare\fP (krb5_context context, const krb5_address *addr1, const krb5_address *addr2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_address_search\fP (krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_address\fP (krb5_context context, krb5_address *address)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_addresses\fP (krb5_context context, krb5_addresses *addresses)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_address\fP (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_addresses\fP (krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_append_addresses\fP (krb5_context context, krb5_addresses *dest, const krb5_addresses *source)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_addrport\fP (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_address_prefixlen_boundary\fP (krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, krb5_address *low, krb5_address *high)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" +.PP +krb5_addr2sockaddr sets the 'struct sockaddr sockaddr' from addr and port. The argument sa_size should initially contain the size of the sa and after the call, it will contain the actual length of the address. In case of the sa is too small to fit the whole address, the up to *sa_size will be stored, and then *sa_size will be set to the required length. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddr\fP the address to copy the from +.br +\fIsa\fP the struct sockaddr that will be filled in +.br +\fIsa_size\fP pointer to length of sa, and after the call, it will contain the actual length of the address. +.br +\fIport\fP set port in sa. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)" +.PP +krb5_address_compare compares the addresses addr1 and addr2. Returns TRUE if the two addresses are the same. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddr1\fP address to compare +.br +\fIaddr2\fP address to compare +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an TRUE is the address are the same FALSE if not +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order (krb5_context context, const krb5_address * addr1, const krb5_address * addr2)" +.PP +krb5_address_order compares the addresses addr1 and addr2 so that it can be used for sorting addresses. If the addresses are the same address krb5_address_order will return 0. Behavies like memcmp(2). +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddr1\fP krb5_address to compare +.br +\fIaddr2\fP krb5_address to compare +.RE +.PP +\fBReturns:\fP +.RS 4 +< 0 if address addr1 in 'less' then addr2. 0 if addr1 and addr2 is the same address, > 0 if addr2 is 'less' then addr1. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary (krb5_context context, const krb5_address * inaddr, unsigned long prefixlen, krb5_address * low, krb5_address * high)" +.PP +Calculate the boundary addresses of `inaddr'/`prefixlen' and store them in `low' and `high'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIinaddr\fP address in prefixlen that the bondery searched +.br +\fIprefixlen\fP width of boundery +.br +\fIlow\fP lowest address +.br +\fIhigh\fP highest address +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search (krb5_context context, const krb5_address * addr, const krb5_addresses * addrlist)" +.PP +krb5_address_search checks if the address addr is a member of the address set list addrlist . +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIaddr\fP address to search for. +.br +\fIaddrlist\fP list of addresses to look in for addr. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" +.PP +krb5_anyaddr fills in a 'struct sockaddr sa' that can be used to bind(2) to. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaf\fP address family +.br +\fIsa\fP sockaddr +.br +\fIsa_size\fP lenght of sa. +.br +\fIport\fP for to fill into sa. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses (krb5_context context, krb5_addresses * dest, const krb5_addresses * source)" +.PP +krb5_append_addresses adds the set of addresses in source to dest. While copying the addresses, duplicates are also sorted out. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIdest\fP destination of copy operation +.br +\fIsource\fP adresses that are going to be added to dest +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address (krb5_context context, const krb5_address * inaddr, krb5_address * outaddr)" +.PP +krb5_copy_address copies the content of address inaddr to outaddr. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIinaddr\fP pointer to source address +.br +\fIoutaddr\fP pointer to destination address +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses (krb5_context context, const krb5_addresses * inaddr, krb5_addresses * outaddr)" +.PP +krb5_copy_addresses copies the content of addresses inaddr to outaddr. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIinaddr\fP pointer to source addresses +.br +\fIoutaddr\fP pointer to destination addresses +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address (krb5_context context, krb5_address * address)" +.PP +krb5_free_address frees the data stored in the address that is alloced with any of the krb5_address functions. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddress\fP addresss to be freed. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses (krb5_context context, krb5_addresses * addresses)" +.PP +krb5_free_addresses frees the data stored in the address that is alloced with any of the krb5_address functions. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaddresses\fP addressses to be freed. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char * haddr, krb5_address * addr)" +.PP +krb5_h_addr2addr works like krb5_h_addr2sockaddr with the exception that it operates on a krb5_address instead of a struct sockaddr. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaf\fP address family +.br +\fIhaddr\fP host address from struct hostent. +.br +\fIaddr\fP returned krb5_address. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char * addr, struct sockaddr * sa, krb5_socklen_t * sa_size, int port)" +.PP +krb5_h_addr2sockaddr initializes a 'struct sockaddr sa' from af and the 'struct hostent' (see gethostbyname(3) ) h_addr_list component. The argument sa_size should initially contain the size of the sa, and after the call, it will contain the actual length of the address. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIaf\fP addresses +.br +\fIaddr\fP address +.br +\fIsa\fP returned struct sockaddr +.br +\fIsa_size\fP size of sa +.br +\fIport\fP port to set in sa. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address ** res, const krb5_address * addr, int16_t port)" +.PP +Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIres\fP built address from addr/port +.br +\fIaddr\fP address to use +.br +\fIport\fP port to use +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void)" +.PP +krb5_max_sockaddr_size returns the max size of the .Li struct sockaddr that the Kerberos library will return. +.PP +\fBReturns:\fP +.RS 4 +Return an size_t of the maximum struct sockaddr. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address (krb5_context context, const char * string, krb5_addresses * addresses)" +.PP +krb5_parse_address returns the resolved hostname in string to the krb5_addresses addresses . +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIstring\fP +.br +\fIaddresses\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address (const krb5_address * addr, char * str, size_t len, size_t * ret_len)" +.PP +krb5_print_address prints the address in addr to the string string that have the length len. If ret_len is not NULL, it will be filled with the length of the string if size were unlimited (not including the final NUL) . +.PP +\fBParameters:\fP +.RS 4 +\fIaddr\fP address to be printed +.br +\fIstr\fP pointer string to print the address into +.br +\fIlen\fP length that will fit into area pointed to by 'str'. +.br +\fIret_len\fP return length the str. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr * sa, krb5_address * addr)" +.PP +krb5_sockaddr2address stores a address a 'struct sockaddr' sa in the krb5_address addr. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIsa\fP a struct sockaddr to extract the address from +.br +\fIaddr\fP an Kerberos 5 address to store the address in. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr * sa, int16_t * port)" +.PP +krb5_sockaddr2port extracts a port (if possible) from a 'struct sockaddr. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIsa\fP a struct sockaddr to extract the port from +.br +\fIport\fP a pointer to an int16_t store the port in. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. Will return KRB5_PROG_ATYPE_NOSUPP in case address type is not supported. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr * sa)" +.PP +krb5_sockaddr_uninteresting returns TRUE for all .Fa sa that the kerberos library thinks are uninteresting. One example are link local addresses. +.PP +\fBParameters:\fP +.RS 4 +\fIsa\fP pointer to struct sockaddr that might be interesting. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return a non zero for uninteresting addresses. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_compare.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_compare.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_order.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_order.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_order.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_prefixlen_boundary.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_prefixlen_boundary.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_prefixlen_boundary.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_search.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_search.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_address_search.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_allow_weak_crypto.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_allow_weak_crypto.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_allow_weak_crypto.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_anyaddr.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_anyaddr.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_anyaddr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_append_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_append_addresses.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_append_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_auth.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_auth.3 new file mode 100644 index 00000000000..58edda697d4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_auth.3 @@ -0,0 +1,138 @@ +.TH "Heimdal Kerberos 5 authentication functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 authentication functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_in_ctx_alloc\fP (krb5_context context, krb5_rd_req_in_ctx *ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_in_set_keytab\fP (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_in_set_pac_check\fP (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_out_get_server\fP (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_rd_req_out_ctx_free\fP (krb5_context context, krb5_rd_req_out_ctx ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_rd_req_ctx\fP (krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx *outctx)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx (krb5_context context, krb5_auth_context * auth_context, const krb5_data * inbuf, krb5_const_principal server, krb5_rd_req_in_ctx inctx, krb5_rd_req_out_ctx * outctx)" +.PP +The core server function that verify application authentication requests from clients. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Keberos 5 context. +.br +\fIauth_context\fP the authentication context, can be NULL, then default values for the authentication context will used. +.br +\fIinbuf\fP the (AP-REQ) authentication buffer +.br +\fIserver\fP the server with authenticate as, if NULL the function will try to find any available credential in the keytab that will verify the reply. The function will prefer the server the server client specified in the AP-REQ, but if there is no mach, it will try all keytab entries for a match. This have serious performance issues for larger keytabs. +.br +\fIinctx\fP control the behavior of the function, if NULL, the default behavior is used. +.br +\fIoutctx\fP the return outctx, free with \fBkrb5_rd_req_out_ctx_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc (krb5_context context, krb5_rd_req_in_ctx * ctx)" +.PP +Allocate a krb5_rd_req_in_ctx as an input parameter to \fBkrb5_rd_req_ctx()\fP. The caller should free the context with krb5_rd_req_in_ctx_free() when done with the context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Keberos 5 context. +.br +\fIctx\fP in ctx to \fBkrb5_rd_req_ctx()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab (krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab)" +.PP +Set the keytab that \fBkrb5_rd_req_ctx()\fP will use. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Keberos 5 context. +.br +\fIin\fP in ctx to \fBkrb5_rd_req_ctx()\fP. +.br +\fIkeytab\fP keytab that \fBkrb5_rd_req_ctx()\fP will use, only copy the pointer, so the caller must free they keytab after krb5_rd_req_in_ctx_free() is called. +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check (krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag)" +.PP +Set if krb5_rq_red() is going to check the Windows PAC or not +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Keberos 5 context. +.br +\fIin\fP krb5_rd_req_in_ctx to check the option on. +.br +\fIflag\fP flag to select if to check the pac (TRUE) or not (FALSE). +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free (krb5_context context, krb5_rd_req_out_ctx ctx)" +.PP +Free the krb5_rd_req_out_ctx. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Keberos 5 context. +.br +\fIctx\fP krb5_rd_req_out_ctx context to free. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_server (krb5_context context, krb5_rd_req_out_ctx out, krb5_principal * principal)" +.PP +Get the principal that was used in the request from the client. Might not match whats in the ticket if \fBkrb5_rd_req_ctx()\fP searched in the keytab for a matching key. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context. +.br +\fIout\fP a krb5_rd_req_out_ctx from \fBkrb5_rd_req_ctx()\fP. +.br +\fIprincipal\fP return principal, free with \fBkrb5_free_principal()\fP. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_auth_getremoteseqnumber.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_auth_getremoteseqnumber.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_auth_getremoteseqnumber.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_build_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_build_principal.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_build_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_c_enctype_compare.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_c_enctype_compare.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_c_enctype_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_end_seq_get.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_end_seq_get.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_end_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_get_first.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_get_first.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_get_first.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_match.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_match.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_match.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_next.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_next.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_cache_next.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_clear_mcred.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_clear_mcred.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_clear_mcred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_close.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_close.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_close.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_cache.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_cache.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_cache.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_creds.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_match_f.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_match_f.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_copy_match_f.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_default.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_default.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_default_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_default_name.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_default_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_destroy.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_destroy.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_destroy.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_end_seq_get.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_end_seq_get.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_end_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_gen_new.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_gen_new.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_gen_new.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_config.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_config.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_config.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_flags.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_friendly_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_friendly_name.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_friendly_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_full_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_full_name.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_full_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_kdc_offset.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_kdc_offset.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_kdc_offset.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_lifetime.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_lifetime.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_lifetime.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_name.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_ops.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_ops.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_prefix_ops.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_prefix_ops.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_prefix_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_principal.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_type.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_type.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_type.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_version.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_version.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_get_version.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_initialize.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_initialize.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_initialize.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_last_change_time.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_last_change_time.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_last_change_time.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_move.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_move.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_move.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_new_unique.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_new_unique.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_new_unique.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_next_cred.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_next_cred.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_next_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_register.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_register.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_register.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_remove_cred.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_remove_cred.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_remove_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_resolve.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_resolve.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_resolve.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_retrieve_cred.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_retrieve_cred.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_retrieve_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_config.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_config.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_config.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_default_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_default_name.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_default_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_flags.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_friendly_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_friendly_name.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_friendly_name.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_kdc_offset.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_kdc_offset.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_set_kdc_offset.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_start_seq_get.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_start_seq_get.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_start_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_store_cred.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_store_cred.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_store_cred.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_support_switch.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_support_switch.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_support_switch.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_switch.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_switch.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cc_switch.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 new file mode 100644 index 00000000000..3c9b05e0086 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache.3 @@ -0,0 +1,888 @@ +.TH "Heimdal Kerberos 5 credential cache functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 credential cache functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_register\fP (krb5_context context, const krb5_cc_ops *ops, krb5_boolean override)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_resolve\fP (krb5_context context, const char *name, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_new_unique\fP (krb5_context context, const char *type, const char *hint, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_get_name\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_get_type\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_full_name\fP (krb5_context context, krb5_ccache id, char **str)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL \fBkrb5_cc_get_ops\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_switch\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_cc_support_switch\fP (krb5_context context, const char *type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_default_name\fP (krb5_context context, const char *name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_cc_default_name\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_default\fP (krb5_context context, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_initialize\fP (krb5_context context, krb5_ccache id, krb5_principal primary_principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_destroy\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_close\fP (krb5_context context, krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_store_cred\fP (krb5_context context, krb5_ccache id, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_retrieve_cred\fP (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds *mcreds, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_principal\fP (krb5_context context, krb5_ccache id, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_start_seq_get\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_next_cred\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_end_seq_get\fP (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_remove_cred\fP (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_flags\fP (krb5_context context, krb5_ccache id, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_flags\fP (krb5_context context, krb5_ccache id, krb5_flags *flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_match_f\fP (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*match)(krb5_context, void *, const krb5_creds *), void *matchctx, unsigned int *matched)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_cache\fP (krb5_context context, const krb5_ccache from, krb5_ccache to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_version\fP (krb5_context context, const krb5_ccache id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_cc_clear_mcred\fP (krb5_creds *mcred)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_cc_ops *KRB5_LIB_CALL \fBkrb5_cc_get_prefix_ops\fP (krb5_context context, const char *prefix)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_get_first\fP (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_next\fP (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_end_seq_get\fP (krb5_context context, krb5_cc_cache_cursor cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_cache_match\fP (krb5_context context, krb5_principal client, krb5_ccache *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_move\fP (krb5_context context, krb5_ccache from, krb5_ccache to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_is_config_principal\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_config\fP (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_config\fP (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_new\fP (krb5_context context, krb5_cccol_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_next\fP (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *cache)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_cursor_free\fP (krb5_context context, krb5_cccol_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_last_change_time\fP (krb5_context context, krb5_ccache id, krb5_timestamp *mtime)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cccol_last_change_time\fP (krb5_context context, const char *type, krb5_timestamp *mtime)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_friendly_name\fP (krb5_context context, krb5_ccache id, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_friendly_name\fP (krb5_context context, krb5_ccache id, const char *name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_lifetime\fP (krb5_context context, krb5_ccache id, time_t *t)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_set_kdc_offset\fP (krb5_context context, krb5_ccache id, krb5_deltat offset)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_get_kdc_offset\fP (krb5_context context, krb5_ccache id, krb5_deltat *offset)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_gen_new\fP (krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cc_copy_creds\fP (krb5_context context, const krb5_ccache from, krb5_ccache to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_validated_creds\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *service)" +.br +.in -1c +.SS "Variables" + +.in +1c +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP" +.br +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP" +.br +.ti -1c +.RI "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_mcc_ops\fP" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor)" +.PP +Destroy the cursor `cursor'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char * type, krb5_cc_cache_cursor * cursor)" +.PP +Start iterating over all caches of specified type. See also \fBkrb5_cccol_cursor_new()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fItype\fP optional type to iterate over, if NULL, the default cache is used. +.br +\fIcursor\fP cursor should be freed with \fBkrb5_cc_cache_end_seq_get()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, krb5_ccache * id)" +.PP +Search for a matching credential cache that have the `principal' as the default principal. On success, `id' needs to be freed with \fBkrb5_cc_close()\fP or \fBkrb5_cc_destroy()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIclient\fP The principal to search for +.br +\fIid\fP the returned credential cache +.RE +.PP +\fBReturns:\fP +.RS 4 +On failure, error code is returned and `id' is set to NULL. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache * id)" +.PP +Retrieve the next cache pointed to by (`cursor') in `id' and advance `cursor'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcursor\fP the iterator cursor, returned by \fBkrb5_cc_cache_get_first()\fP +.br +\fIid\fP next ccache +.RE +.PP +\fBReturns:\fP +.RS 4 +Return 0 or an error code. Returns KRB5_CC_END when the end of caches is reached, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds * mcred)" +.PP +Clear `mcreds' so it can be used with krb5_cc_retrieve_cred +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close (krb5_context context, krb5_ccache id)" +.PP +Stop using the ccache `id' and free the related resources. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache (krb5_context context, const krb5_ccache from, krb5_ccache to)" +.PP +Just like \fBkrb5_cc_copy_match_f()\fP, but copy everything. +.PP +@ +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_creds (krb5_context context, const krb5_ccache from, krb5_ccache to)" +.PP +MIT compat glue +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_match_f (krb5_context context, const krb5_ccache from, krb5_ccache to, krb5_boolean(*)(krb5_context, void *, const krb5_creds *) match, void * matchctx, unsigned int * matched)" +.PP +Copy the contents of `from' to `to' if the given match function return true. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIfrom\fP the cache to copy data from. +.br +\fIto\fP the cache to copy data to. +.br +\fImatch\fP a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied. +.br +\fImatchctx\fP context passed to match function. +.br +\fImatched\fP set to true if there was a credential that matched, may be NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default (krb5_context context, krb5_ccache * id)" +.PP +Open the default ccache in `id'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context context)" +.PP +Return a pointer to a context static string containing the default ccache name. +.PP +\fBReturns:\fP +.RS 4 +String to the default credential cache name. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy (krb5_context context, krb5_ccache id)" +.PP +Remove the ccache `id'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)" +.PP +Destroy the cursor `cursor'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new (krb5_context context, const krb5_cc_ops * ops, krb5_ccache * id)" +.PP +Generate a new ccache of type `ops' in `id'. +.PP +Deprecated: use \fBkrb5_cc_new_unique()\fP instead. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)" +.PP +Get some configuration for the credential cache in the cache. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIid\fP the credential cache to store the data for +.br +\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache. +.br +\fIname\fP name under which the configuraion is stored. +.br +\fIdata\fP data to fetched, free with \fBkrb5_data_free()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_flags (krb5_context context, krb5_ccache id, krb5_flags * flags)" +.PP +Get the flags of `id', store them in `flags'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_friendly_name (krb5_context context, krb5_ccache id, char ** name)" +.PP +Return a friendly name on credential cache. Free the result with krb5_xfree(). +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name (krb5_context context, krb5_ccache id, char ** str)" +.PP +Return the complete resolvable name the cache +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIid\fP return pointer to a found credential cache +.br +\fIstr\fP the returned name of a credential cache, free with krb5_xfree() +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 or an error (and then *str is set to NULL). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat * offset)" +.PP +Get the time offset betwen the client and the KDC +.PP +If the backend doesn't support KDC offset, use the context global setting. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIid\fP a credential cache +.br +\fIoffset\fP the offset in seconds +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_lifetime (krb5_context context, krb5_ccache id, time_t * t)" +.PP +Get the lifetime of the initial ticket in the cache +.PP +Get the lifetime of the initial ticket in the cache, if the initial ticket was not found, the error code KRB5_CC_END is returned. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIid\fP a credential cache +.br +\fIt\fP the relative lifetime of the initial ticket +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name (krb5_context context, krb5_ccache id)" +.PP +Return the name of the ccache `id' +.SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_ops (krb5_context context, krb5_ccache id)" +.PP +Return krb5_cc_ops of a the ccache `id'. +.SS "KRB5_LIB_FUNCTION const krb5_cc_ops* KRB5_LIB_CALL krb5_cc_get_prefix_ops (krb5_context context, const char * prefix)" +.PP +Get the cc ops that is registered in `context' to handle the prefix. prefix can be a complete credential cache name or a prefix, the function will only use part up to the first colon (:) if there is one. If prefix the argument is NULL, the default ccache implemtation is returned. +.PP +\fBReturns:\fP +.RS 4 +Returns NULL if ops not found. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal (krb5_context context, krb5_ccache id, krb5_principal * principal)" +.PP +Return the principal of `id' in `principal'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type (krb5_context context, krb5_ccache id)" +.PP +Return the type of the ccache `id'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version (krb5_context context, const krb5_ccache id)" +.PP +Return the version of `id'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize (krb5_context context, krb5_ccache id, krb5_principal primary_principal)" +.PP +Create a new ccache in `id' for `primary_principal'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_last_change_time (krb5_context context, krb5_ccache id, krb5_timestamp * mtime)" +.PP +Return the last time the credential cache was modified. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIid\fP The credential cache to probe +.br +\fImtime\fP the last modification time, set to 0 on error. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return 0 or and error. See krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move (krb5_context context, krb5_ccache from, krb5_ccache to)" +.PP +Move the content from one credential cache to another. The operation is an atomic switch. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIfrom\fP the credential cache to move the content from +.br +\fIto\fP the credential cache to move the content to +.RE +.PP +\fBReturns:\fP +.RS 4 +On sucess, from is freed. On failure, error code is returned and from and to are both still allocated, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique (krb5_context context, const char * type, const char * hint, krb5_ccache * id)" +.PP +Generates a new unique ccache of `type` in `id'. If `type' is NULL, the library chooses the default credential cache type. The supplied `hint' (that can be NULL) is a string that the credential cache type can use to base the name of the credential on, this is to make it easier for the user to differentiate the credentials. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor, krb5_creds * creds)" +.PP +Retrieve the next cred pointed to by (`id', `cursor') in `creds' and advance `cursor'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register (krb5_context context, const krb5_cc_ops * ops, krb5_boolean override)" +.PP +Add a new ccache type with operations `ops', overwriting any existing one if `override'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIops\fP type of plugin symbol +.br +\fIoverride\fP flag to select if the registration is to overide an existing ops with the same name. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred (krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds * cred)" +.PP +Remove the credential identified by `cred', `which' from `id'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve (krb5_context context, const char * name, krb5_ccache * id)" +.PP +Find and allocate a ccache in `id' from the specification in `residual'. If the ccache name doesn't contain any colon, interpret it as a file name. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIname\fP string name of a credential cache. +.br +\fIid\fP return pointer to a found credential cache. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return 0 or an error code. In case of an error, id is set to NULL, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred (krb5_context context, krb5_ccache id, krb5_flags whichfields, const krb5_creds * mcreds, krb5_creds * creds)" +.PP +Retrieve the credential identified by `mcreds' (and `whichfields') from `id' in `creds'. 'creds' must be free by the caller using krb5_free_cred_contents. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIid\fP a Kerberos 5 credential cache +.br +\fIwhichfields\fP what fields to use for matching credentials, same flags as whichfields in \fBkrb5_compare_creds()\fP +.br +\fImcreds\fP template credential to use for comparing +.br +\fIcreds\fP returned credential, free with \fBkrb5_free_cred_contents()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_config (krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * name, krb5_data * data)" +.PP +Store some configuration for the credential cache in the cache. Existing configuration under the same name is over-written. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIid\fP the credential cache to store the data for +.br +\fIprincipal\fP configuration for a specific principal, if NULL, global for the whole cache. +.br +\fIname\fP name under which the configuraion is stored. +.br +\fIdata\fP data to store, if NULL, configure is removed. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name (krb5_context context, const char * name)" +.PP +Set the default cc name for `context' to `name'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags (krb5_context context, krb5_ccache id, krb5_flags flags)" +.PP +Set the flags of `id' to `flags'. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_friendly_name (krb5_context context, krb5_ccache id, const char * name)" +.PP +Set the friendly name on credential cache. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset (krb5_context context, krb5_ccache id, krb5_deltat offset)" +.PP +Set the time offset betwen the client and the KDC +.PP +If the backend doesn't support KDC offset, use the context global setting. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIid\fP a credential cache +.br +\fIoffset\fP the offset in seconds +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor * cursor)" +.PP +Start iterating over `id', `cursor' is initialized to the beginning. Caller must free the cursor with \fBkrb5_cc_end_seq_get()\fP. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred (krb5_context context, krb5_ccache id, krb5_creds * creds)" +.PP +Store `creds' in the ccache `id'. +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch (krb5_context context, const char * type)" +.PP +Return true if the default credential cache support switch +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch (krb5_context context, krb5_ccache id)" +.PP +Switch the default default credential cache for a specific credcache type (and name for some implementations). +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_free (krb5_context context, krb5_cccol_cursor * cursor)" +.PP +End an iteration and free all resources, can be done before end is reached. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcursor\fP the iteration cursor to be freed. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_new (krb5_context context, krb5_cccol_cursor * cursor)" +.PP +Get a new cache interation cursor that will interate over all credentials caches independent of type. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIcursor\fP passed into \fBkrb5_cccol_cursor_next()\fP and free with \fBkrb5_cccol_cursor_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 or and error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_cursor_next (krb5_context context, krb5_cccol_cursor cursor, krb5_ccache * cache)" +.PP +Get next credential cache from the iteration. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIcursor\fP the iteration cursor +.br +\fIcache\fP the returned cursor, pointer is set to NULL on failure and a cache on success. The returned cache needs to be freed with \fBkrb5_cc_close()\fP or destroyed with \fBkrb5_cc_destroy()\fP. MIT Kerberos behavies slightly diffrent and sets cache to NULL when all caches are iterated over and return 0. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return 0 or and error, KRB5_CC_END is returned at the end of iteration. See krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cccol_last_change_time (krb5_context context, const char * type, krb5_timestamp * mtime)" +.PP +Return the last modfication time for a cache collection. The query can be limited to a specific cache type. If the function return 0 and mtime is 0, there was no credentials in the caches. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fItype\fP The credential cache to probe, if NULL, all type are traversed. +.br +\fImtime\fP the last modification time, set to 0 on error. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return 0 or and error. See krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_validated_creds (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, char * service)" +.PP +Validate the newly fetch credential, see also krb5_verify_init_creds(). +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIcreds\fP the credentials to verify +.br +\fIclient\fP the client name to match up +.br +\fIccache\fP the credential cache to use +.br +\fIservice\fP a service name to use, used with \fBkrb5_sname_to_principal()\fP to build a hostname to use to verify. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_config_principal (krb5_context context, krb5_const_principal principal)" +.PP +Return TRUE (non zero) if the principal is a configuration principal (generated part of \fBkrb5_cc_set_config()\fP). Returns FALSE (zero) if not a configuration principal. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIprincipal\fP principal to check if it a configuration principal +.RE +.PP + +.SH "Variable Documentation" +.PP +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_acc_ops\fP" +.PP +\fBInitial value:\fP +.PP +.nf + { + KRB5_CC_OPS_VERSION, + 'API', + acc_get_name, + acc_resolve, + acc_gen_new, + acc_initialize, + acc_destroy, + acc_close, + acc_store_cred, + NULL, + acc_get_principal, + acc_get_first, + acc_get_next, + acc_end_get, + acc_remove_cred, + acc_set_flags, + acc_get_version, + acc_get_cache_first, + acc_get_cache_next, + acc_end_cache_get, + acc_move, + acc_get_default_name, + acc_set_default, + acc_lastchange, + NULL, + NULL, +} +.fi +Variable containing the API based credential cache implemention. +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_fcc_ops\fP" +.PP +\fBInitial value:\fP +.PP +.nf + { + KRB5_CC_OPS_VERSION, + 'FILE', + fcc_get_name, + fcc_resolve, + fcc_gen_new, + fcc_initialize, + fcc_destroy, + fcc_close, + fcc_store_cred, + NULL, + fcc_get_principal, + fcc_get_first, + fcc_get_next, + fcc_end_get, + fcc_remove_cred, + fcc_set_flags, + fcc_get_version, + fcc_get_cache_first, + fcc_get_cache_next, + fcc_end_cache_get, + fcc_move, + fcc_get_default_name, + NULL, + fcc_lastchange, + fcc_set_kdc_offset, + fcc_get_kdc_offset +} +.fi +Variable containing the FILE based credential cache implemention. +.SS "KRB5_LIB_VARIABLE const krb5_cc_ops \fBkrb5_mcc_ops\fP" +.PP +\fBInitial value:\fP +.PP +.nf + { + KRB5_CC_OPS_VERSION, + 'MEMORY', + mcc_get_name, + mcc_resolve, + mcc_gen_new, + mcc_initialize, + mcc_destroy, + mcc_close, + mcc_store_cred, + NULL, + mcc_get_principal, + mcc_get_first, + mcc_get_next, + mcc_end_get, + mcc_remove_cred, + mcc_set_flags, + NULL, + mcc_get_cache_first, + mcc_get_cache_next, + mcc_end_cache_get, + mcc_move, + mcc_default_name, + NULL, + mcc_lastchange, + mcc_set_kdc_offset, + mcc_get_kdc_offset +} +.fi +Variable containing the MEMORY based credential cache implemention. diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3 new file mode 100644 index 00000000000..c5ac4acd1ea --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ccache_intro.3 @@ -0,0 +1,69 @@ +.TH "krb5_ccache_intro" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_ccache_intro \- The credential cache functions +.SH "Kerberos credential caches" +.PP +krb5_ccache structure holds a Kerberos credential cache. +.PP +Heimdal support the follow types of credential caches: +.PP +.IP "\(bu" 2 +SCC Store the credential in a database +.IP "\(bu" 2 +FILE Store the credential in memory +.IP "\(bu" 2 +MEMORY Store the credential in memory +.IP "\(bu" 2 +API A credential cache server based solution for Mac OS X +.IP "\(bu" 2 +KCM A credential cache server based solution for all platforms +.PP +.SS "Example" +This is a minimalistic version of klist: +.PP +.nf +#include + +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_cc_cursor cursor; + krb5_error_code ret; + krb5_ccache id; + krb5_creds creds; + + if (krb5_init_context (&context) != 0) + errx(1, 'krb5_context'); + + ret = krb5_cc_default (context, &id); + if (ret) + krb5_err(context, 1, ret, 'krb5_cc_default'); + + ret = krb5_cc_start_seq_get(context, id, &cursor); + if (ret) + krb5_err(context, 1, ret, 'krb5_cc_start_seq_get'); + + while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){ + char *principal; + + krb5_unparse_name(context, creds.server, &principal); + printf('principal: %s\\n', principal); + free(principal); + krb5_free_cred_contents (context, &creds); + } + ret = krb5_cc_end_seq_get(context, id, &cursor); + if (ret) + krb5_err(context, 1, ret, 'krb5_cc_end_seq_get'); + + krb5_cc_close(context, id); + + krb5_free_context(context); + return 0; +} + +.fi +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_free.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_free.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_new.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_new.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_new.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_next.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_next.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_cursor_next.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_last_change_time.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_last_change_time.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cccol_last_change_time.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_change_password.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_change_password.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_change_password.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cksumtype_to_enctype.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cksumtype_to_enctype.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_cksumtype_to_enctype.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_clear_error_message.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_clear_error_message.3 new file mode 100644 index 00000000000..f721fda2cd4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_clear_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_clear_error_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_clear_error_string.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_clear_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_compare_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_compare_creds.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_compare_creds.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_file_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_file_free.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_file_free.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_free_strings.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_free_strings.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_free_strings.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_bool.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_bool.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_bool.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_bool_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_bool_default.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_bool_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_list.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_list.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_list.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_string.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_string.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_string_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_string_default.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_string_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_strings.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_strings.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_strings.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_time.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_time.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_time.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_time_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_time_default.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_get_time_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_parse_file_multi.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_parse_file_multi.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_parse_file_multi.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_parse_string_multi.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_parse_string_multi.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_parse_string_multi.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_bool.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_bool.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_bool.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_bool_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_bool_default.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_bool_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_list.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_list.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_list.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_string.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_string.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_string_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_string_default.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_string_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_strings.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_strings.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_strings.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_time.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_time.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_time.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_time_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_time_default.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_config_vget_time_default.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_address.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_addresses.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_context.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_context.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_context.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_creds.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_creds.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_creds_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_creds_contents.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_creds_contents.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_data.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_data.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_data.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_host_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_host_realm.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_host_realm.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_keyblock.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_keyblock.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_keyblock_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_keyblock_contents.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_keyblock_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_principal.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_ticket.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_ticket.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_copy_ticket.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_create_checksum_iov.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_create_checksum_iov.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_create_checksum_iov.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_credential.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_credential.3 new file mode 100644 index 00000000000..40cda97ab5d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_credential.3 @@ -0,0 +1,279 @@ +.TH "Heimdal Kerberos 5 credential handing functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 credential handing functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_fwd_tgt_creds\fP (krb5_context context, krb5_auth_context auth_context, const char *hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data *out_data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_forwarded_creds\fP (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char *hostname, krb5_creds *in_creds, krb5_data *out_data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_alloc\fP (krb5_context context, krb5_get_init_creds_opt **opt)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_free\fP (krb5_context context, krb5_get_init_creds_opt *opt)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_init\fP (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *rctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_service\fP (krb5_context context, krb5_init_creds_context ctx, const char *service)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_password\fP (krb5_context context, krb5_init_creds_context ctx, const char *password)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_set_keytab\fP (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_step\fP (krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_krbhst_info *hostinfo, unsigned int *flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get_error\fP (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR *error)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_init_creds_free\fP (krb5_context context, krb5_init_creds_context ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_init_creds_get\fP (krb5_context context, krb5_init_creds_context ctx)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_password\fP (krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keyblock\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keyblock *keyblock, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_keytab\fP (krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *options)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char * hostname, krb5_principal client, krb5_principal server, krb5_ccache ccache, int forwardable, krb5_data * out_data)" +.PP +Forward credentials for client to host hostname , making them forwardable if forwardable, and returning the blob of data to sent in out_data. If hostname == NULL, pick it from server. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A kerberos 5 context. +.br +\fIauth_context\fP the auth context with the key to encrypt the out_data. +.br +\fIhostname\fP the host to forward the tickets too. +.br +\fIclient\fP the client to delegate from. +.br +\fIserver\fP the server to delegate the credential too. +.br +\fIccache\fP credential cache to use. +.br +\fIforwardable\fP make the forwarded ticket forwabledable. +.br +\fIout_data\fP the resulting credential. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, krb5_flags flags, const char * hostname, krb5_creds * in_creds, krb5_data * out_data)" +.PP +Gets tickets forwarded to hostname. If the tickets that are forwarded are address-less, the forwarded tickets will also be address-less. +.PP +If the ticket have any address, hostname will be used for figure out the address to forward the ticket too. This since this might use DNS, its insecure and also doesn't represent configured all addresses of the host. For example, the host might have two adresses, one IPv4 and one IPv6 address where the later is not published in DNS. This IPv6 address might be used communications and thus the resulting ticket useless. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A kerberos 5 context. +.br +\fIauth_context\fP the auth context with the key to encrypt the out_data. +.br +\fIccache\fP credential cache to use +.br +\fIflags\fP the flags to control the resulting ticket flags +.br +\fIhostname\fP the host to forward the tickets too. +.br +\fIin_creds\fP the in client and server ticket names. The client and server components forwarded to the remote host. +.br +\fIout_data\fP the resulting credential. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.PP +Some older of the MIT gssapi library used clear-text tickets (warped inside AP-REQ encryption), use the krb5_auth_context flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those tickets. The session key is used otherwise to encrypt the forwarded ticket. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keyblock * keyblock, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" +.PP +Get new credentials using keyblock. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab (krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" +.PP +Get new credentials using keytab. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc (krb5_context context, krb5_get_init_creds_opt ** opt)" +.PP +Allocate a new krb5_get_init_creds_opt structure, free with \fBkrb5_get_init_creds_opt_free()\fP. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt * opt)" +.PP +Free krb5_get_init_creds_opt structure. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password (krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * options)" +.PP +Get new credentials using password. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_creds_free (krb5_context context, krb5_init_creds_context ctx)" +.PP +Free the krb5_init_creds_context allocated by \fBkrb5_init_creds_init()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIctx\fP The krb5_init_creds_context to free. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get (krb5_context context, krb5_init_creds_context ctx)" +.PP +Get new credentials as setup by the krb5_init_creds_context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIctx\fP The krb5_init_creds_context to process. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_get_error (krb5_context context, krb5_init_creds_context ctx, KRB_ERROR * error)" +.PP +Get the last error from the transaction. +.PP +\fBReturns:\fP +.RS 4 +Returns 0 or an error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_init (krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * prompter_data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * rctx)" +.PP +Start a new context to get a new initial credential. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIclient\fP The Kerberos principal to get the credential for, if NULL is given, the default principal is used as determined by krb5_get_default_principal(). +.br +\fIprompter\fP +.br +\fIprompter_data\fP +.br +\fIstart_time\fP the time the ticket should start to be valid or 0 for now. +.br +\fIoptions\fP a options structure, can be NULL for default options. +.br +\fIrctx\fP A new allocated free with \fBkrb5_init_creds_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success or an Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_keytab (krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)" +.PP +Set the keytab to use for authentication. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context. +.br +\fIctx\fP ctx krb5_init_creds_context context. +.br +\fIkeytab\fP the keytab to read the key from. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_password (krb5_context context, krb5_init_creds_context ctx, const char * password)" +.PP +Sets the password that will use for the request. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context. +.br +\fIctx\fP ctx krb5_init_creds_context context. +.br +\fIpassword\fP the password to use. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_set_service (krb5_context context, krb5_init_creds_context ctx, const char * service)" +.PP +Sets the service that the is requested. This call is only neede for special initial tickets, by default the a krbtgt is fetched in the default realm. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context. +.br +\fIctx\fP a krb5_init_creds_context context. +.br +\fIservice\fP the service given as a string, for example 'kadmind/admin'. If NULL, the default krbtgt in the clients realm is set. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_creds_step (krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_krbhst_info * hostinfo, unsigned int * flags)" +.PP +The core loop if krb5_get_init_creds() function family. Create the packets and have the caller send them off to the KDC. +.PP +If the caller want all work been done for them, use \fBkrb5_init_creds_get()\fP instead. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context. +.br +\fIctx\fP ctx krb5_init_creds_context context. +.br +\fIin\fP input data from KDC, first round it should be reset by krb5_data_zer(). +.br +\fIout\fP reply to KDC. +.br +\fIhostinfo\fP KDC address info, first round it can be NULL. +.br +\fIflags\fP status of the round, if KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_creds_get_ticket_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_creds_get_ticket_flags.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_creds_get_ticket_flags.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto.3 new file mode 100644 index 00000000000..79367b19897 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto.3 @@ -0,0 +1,550 @@ +.TH "Heimdal Kerberos 5 cryptography functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 cryptography functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_valid\fP (krb5_context context, krb5_enctype etype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_cksumtype_to_enctype\fP (krb5_context context, krb5_cksumtype ctype, krb5_enctype *etype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_encrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, int num_data, void *ivec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_decrypt_iov_ivec\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, void *ivec)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_create_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_verify_checksum_iov\fP (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP *data, unsigned int num_data, krb5_cksumtype *type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_init\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_destroy\fP (krb5_context context, krb5_crypto crypto)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getblocksize\fP (krb5_context context, krb5_crypto crypto, size_t *blocksize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getenctype\fP (krb5_context context, krb5_crypto crypto, krb5_enctype *enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getpadsize\fP (krb5_context context, krb5_crypto crypto, size_t *padsize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_getconfoundersize\fP (krb5_context context, krb5_crypto crypto, size_t *confoundersize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_disable\fP (krb5_context context, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_enctype_enable\fP (krb5_context context, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_allow_weak_crypto\fP (krb5_context context, krb5_boolean enable)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_random_to_key\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_crypto_fx_cf2\fP (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data *pepper1, krb5_data *pepper2, krb5_enctype enctype, krb5_keyblock *res)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey_extended\fP (krb5_context context, const krb5_keyblock *key, krb5_enctype etype, krb5_keyblock **subkey)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_keyblock_zero\fP (krb5_keyblock *keyblock)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock_contents\fP (krb5_context context, krb5_keyblock *keyblock)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_keyblock\fP (krb5_context context, krb5_keyblock *keyblock)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock_contents\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_keyblock\fP (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL \fBkrb5_keyblock_get_enctype\fP (const krb5_keyblock *block)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keyblock_init\fP (krb5_context context, krb5_enctype type, const void *data, size_t size, krb5_keyblock *key)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_allow_weak_crypto (krb5_context context, krb5_boolean enable)" +.PP +Enable or disable all weak encryption types +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenable\fP true to enable, false to disable +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_to_enctype (krb5_context context, krb5_cksumtype ctype, krb5_enctype * etype)" +.PP +Return the coresponding encryption type for a checksum type. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIctype\fP The checksum type to get the result enctype for +.br +\fIetype\fP The returned encryption, when the matching etype is not found, etype is set to ETYPE_NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code for an failure or 0 on success. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock ** to)" +.PP +Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIinblock\fP the key to copy +.br +\fIto\fP the output key. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock * inblock, krb5_keyblock * to)" +.PP +Copy a keyblock, free the output keyblock with \fBkrb5_free_keyblock_contents()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIinblock\fP the key to copy +.br +\fIto\fP the output key. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)" +.PP +Create a Kerberos message checksum. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fItype\fP output data +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy (krb5_context context, krb5_crypto crypto)" +.PP +Free a crypto context created by \fBkrb5_crypto_init()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to free +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_fx_cf2 (krb5_context context, const krb5_crypto crypto1, const krb5_crypto crypto2, krb5_data * pepper1, krb5_data * pepper2, krb5_enctype enctype, krb5_keyblock * res)" +.PP +The FX-CF2 key derivation function, used in FAST and preauth framework. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIcrypto1\fP first key to combine +.br +\fIcrypto2\fP second key to combine +.br +\fIpepper1\fP factor to combine with first key to garante uniqueness +.br +\fIpepper2\fP factor to combine with second key to garante uniqueness +.br +\fIenctype\fP the encryption type of the resulting key +.br +\fIres\fP allocated key, free with \fBkrb5_free_keyblock_contents()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize (krb5_context context, krb5_crypto crypto, size_t * blocksize)" +.PP +Return the blocksize used algorithm referenced by the crypto context +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIblocksize\fP the resulting blocksize +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize (krb5_context context, krb5_crypto crypto, size_t * confoundersize)" +.PP +Return the confounder size used by the crypto context +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIconfoundersize\fP the returned confounder size +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype (krb5_context context, krb5_crypto crypto, krb5_enctype * enctype)" +.PP +Return the encryption type used by the crypto context +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIenctype\fP the resulting encryption type +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize (krb5_context context, krb5_crypto crypto, size_t * padsize)" +.PP +Return the padding size used by the crypto context +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP crypto context to query +.br +\fIpadsize\fP the return padding size +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_crypto * crypto)" +.PP +Create a crypto context used for all encryption and signature operation. The encryption type to use is taken from the key, but can be overridden with the enctype parameter. This can be useful for encryptions types which is compatiable (DES for example). +.PP +To free the crypto context, use \fBkrb5_crypto_destroy()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIkey\fP the key block information with all key data +.br +\fIetype\fP the encryption type +.br +\fIcrypto\fP the resulting crypto context +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, void * ivec)" +.PP +Inline decrypt a Kerberos message. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fIivec\fP initial cbc/cts vector +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP +1. KRB5_CRYPTO_TYPE_HEADER 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted protocol headers and trailers. The output data will be of same size as the input data or shorter. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_iov_ivec (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, int num_data, void * ivec)" +.PP +Inline encrypt a kerberos message +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fIivec\fP initial cbc/cts vector +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP +Kerberos encrypted data look like this: +.PP +1. KRB5_CRYPTO_TYPE_HEADER 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and trailers. 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 4. KRB5_CRYPTO_TYPE_TRAILER +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable (krb5_context context, krb5_enctype enctype)" +.PP +Disable encryption type +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenctype\fP encryption type to disable +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_enable (krb5_context context, krb5_enctype enctype)" +.PP +Enable encryption type +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIenctype\fP encryption type to enable +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid (krb5_context context, krb5_enctype etype)" +.PP +Check if a enctype is valid, return 0 if it is. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIetype\fP enctype to check if its valid or not +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code for an failure or 0 on success (enctype valid). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock (krb5_context context, krb5_keyblock * keyblock)" +.PP +Free a keyblock, also zero out the content of the keyblock, uses \fBkrb5_free_keyblock_contents()\fP to free the content. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIkeyblock\fP keyblock to free, NULL is valid argument +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents (krb5_context context, krb5_keyblock * keyblock)" +.PP +Free a keyblock's content, also zero out the content of the keyblock. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context +.br +\fIkeyblock\fP keyblock content to free, NULL is valid argument +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended (krb5_context context, const krb5_keyblock * key, krb5_enctype etype, krb5_keyblock ** subkey)" +.PP +Generate subkey, from keyblock +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP kerberos context +.br +\fIkey\fP session key +.br +\fIetype\fP encryption type of subkey, if ETYPE_NULL, use key's enctype +.br +\fIsubkey\fP returned new, free with \fBkrb5_free_keyblock()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock * block)" +.PP +Get encryption type of a keyblock. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)" +.PP +Fill in `key' with key data of type `enctype' from `data' of length `size'. Key should be freed using \fBkrb5_free_keyblock_contents()\fP. +.PP +\fBReturns:\fP +.RS 4 +0 on success or a Kerberos 5 error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock * keyblock)" +.PP +Zero out a keyblock +.PP +\fBParameters:\fP +.RS 4 +\fIkeyblock\fP keyblock to zero out +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key (krb5_context context, krb5_enctype type, const void * data, size_t size, krb5_keyblock * key)" +.PP +Converts the random bytestring to a protocol key according to Kerberos crypto frame work. It may be assumed that all the bits of the input string are equally random, even though the entropy present in the random source may be limited. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fItype\fP the enctype resulting key will be of +.br +\fIdata\fP input random data to convert to a key +.br +\fIsize\fP size of input random data, at least krb5_enctype_keysize() long +.br +\fIkey\fP key, output key, free with \fBkrb5_free_keyblock_contents()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum_iov (krb5_context context, krb5_crypto crypto, unsigned usage, \fBkrb5_crypto_iov\fP * data, unsigned int num_data, krb5_cksumtype * type)" +.PP +Verify a Kerberos message checksum. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIcrypto\fP Kerberos crypto context +.br +\fIusage\fP Key usage for this buffer +.br +\fIdata\fP array of buffers to process +.br +\fInum_data\fP length of array +.br +\fItype\fP return checksum type if not NULL +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_destroy.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_destroy.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_destroy.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_fx_cf2.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_fx_cf2.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_fx_cf2.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getblocksize.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getblocksize.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getblocksize.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getconfoundersize.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getconfoundersize.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getconfoundersize.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getenctype.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getenctype.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getenctype.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getpadsize.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getpadsize.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_getpadsize.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_init.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_init.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_init.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3 new file mode 100644 index 00000000000..fa74965198d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_crypto_iov.3 @@ -0,0 +1,17 @@ +.TH "krb5_crypto_iov" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_crypto_iov \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SH "Detailed Description" +.PP +Semi private, not stable yet + +.SH "Author" +.PP +Generated automatically by Doxygen for HeimdalKerberos5library from the source code. diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_alloc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_alloc.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_cmp.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_cmp.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_cmp.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_copy.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_copy.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_copy.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_ct_cmp.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_ct_cmp.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_ct_cmp.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_free.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_free.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_realloc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_realloc.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_realloc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_zero.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_zero.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_data_zero.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_decrypt_iov_ivec.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_decrypt_iov_ivec.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_decrypt_iov_ivec.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_deprecated.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_deprecated.3 new file mode 100644 index 00000000000..ea0c90144e6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_deprecated.3 @@ -0,0 +1,269 @@ +.TH "Heimdal Kerberos 5 deprecated functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 deprecated functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_change_password\fP (krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_parse_string_multi\fP (krb5_context context, const char *string, krb5_config_section **res) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keytype_to_enctypes\fP (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_enctypes_compatible_keys\fP (krb5_context context, krb5_enctype etype1, krb5_enctype etype2) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_data_contents\fP (krb5_context context, krb5_data *data) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keytype_to_enctypes_default\fP (krb5_context context, krb5_keytype keytype, unsigned *len, krb5_enctype **val) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_keytype_to_string\fP (krb5_context context, krb5_keytype keytype, char **string) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_string_to_keytype\fP (krb5_context context, const char *string, krb5_keytype *keytype) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV \fBkrb5_password_key_proc\fP (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_in_tkt_with_password\fP (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, const char *password, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_in_tkt_with_skey\fP (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, const krb5_keyblock *key, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV \fBkrb5_keytab_key_proc\fP (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock **key) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_in_tkt_with_keytab\fP (krb5_context context, krb5_flags options, krb5_addresses *addrs, const krb5_enctype *etypes, const krb5_preauthtype *pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_realm *KRB5_LIB_CALL \fBkrb5_princ_realm\fP (krb5_context context, krb5_principal principal) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_princ_set_realm\fP (krb5_context context, krb5_principal principal, krb5_realm *realm) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_creds_contents\fP (krb5_context context, krb5_creds *c) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_error_string\fP (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_set_error_string\fP (krb5_context context, const char *fmt,...) __attribute__((format(printf" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vset_error_string\fP (krb5_context context, const char *fmt, va_list args) __attribute__((format(printf" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_clear_error_string\fP (krb5_context context) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_cred_from_kdc_opt\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts, krb5_flags flags) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_cred_from_kdc\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_unparsed_name\fP (krb5_context context, char *str) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_generate_subkey\fP (krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_auth_getremoteseqnumber\fP (krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_init\fP (krb5_get_init_creds_opt *opt) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_get_init_creds_opt_get_error\fP (krb5_context context, krb5_get_init_creds_opt *opt, KRB_ERROR **error) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_c_enctype_compare\fP (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_getremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t * seqnumber)" +.PP +Deprecated: use krb5_auth_con_getremoteseqnumber() +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare (krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean * similar)" +.PP +Deprecated: keytypes doesn't exists, they are really enctypes. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context context, krb5_creds * creds, const char * newpw, int * result_code, krb5_data * result_code_string, krb5_data * result_string)" +.PP +Deprecated: \fBkrb5_change_password()\fP is deprecated, use \fBkrb5_set_password()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIcreds\fP +.br +\fInewpw\fP +.br +\fIresult_code\fP +.br +\fIresult_code_string\fP +.br +\fIresult_string\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +On sucess password is changed. +.RE +.PP +@ +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_string (krb5_context context)" +.PP +Clear the error message returned by krb5_get_error_string(). +.PP +Deprecated: use \fBkrb5_clear_error_message()\fP +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi (krb5_context context, const char * string, krb5_config_section ** res)" +.PP +Deprecated: configuration files are not strings +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys (krb5_context context, krb5_enctype etype1, krb5_enctype etype2)" +.PP +Deprecated: keytypes doesn't exists, they are really enctypes. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds_contents (krb5_context context, krb5_creds * c)" +.PP +Deprecated: use \fBkrb5_free_cred_contents()\fP +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents (krb5_context context, krb5_data * data)" +.PP +Same as \fBkrb5_data_free()\fP. MIT compat. +.PP +Deprecated: use \fBkrb5_data_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIdata\fP krb5_data to free. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string (krb5_context context, char * str)" +.PP +Free the error message returned by krb5_get_error_string(). +.PP +Deprecated: use krb5_free_error_message() +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIstr\fP error message to free +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_unparsed_name (krb5_context context, char * str)" +.PP +Deprecated: use krb5_xfree(). +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey (krb5_context context, const krb5_keyblock * key, krb5_keyblock ** subkey)" +.PP +Deprecated: use \fBkrb5_generate_subkey_extended()\fP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc (krb5_context context, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds, krb5_creds *** ret_tgts)" +.PP +Deprecated: use krb5_get_credentials_with_flags(). +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt (krb5_context context, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds, krb5_creds *** ret_tgts, krb5_flags flags)" +.PP +Deprecated: use krb5_get_credentials_with_flags(). +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, krb5_keytab keytab, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)" +.PP +Deprecated: use krb5_get_init_creds() and friends. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, const char * password, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)" +.PP +Deprecated: use krb5_get_init_creds() and friends. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey (krb5_context context, krb5_flags options, krb5_addresses * addrs, const krb5_enctype * etypes, const krb5_preauthtype * pre_auth_types, const krb5_keyblock * key, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep * ret_as_reply)" +.PP +Deprecated: use krb5_get_init_creds() and friends. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error (krb5_context context, krb5_get_init_creds_opt * opt, KRB_ERROR ** error)" +.PP +Deprecated: use the new \fBkrb5_init_creds_init()\fP and \fBkrb5_init_creds_get_error()\fP. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_init (krb5_get_init_creds_opt * opt)" +.PP +Deprecated: use \fBkrb5_get_init_creds_opt_alloc()\fP. +.PP +The reason \fBkrb5_get_init_creds_opt_init()\fP is deprecated is that krb5_get_init_creds_opt is a static structure and for ABI reason it can't grow, ie can't add new functionality. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_keytab_key_proc (krb5_context context, krb5_enctype enctype, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock ** key)" +.PP +Deprecated: use krb5_get_init_creds() and friends. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned * len, krb5_enctype ** val)" +.PP +Deprecated: keytypes doesn't exists, they are really enctypes. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned * len, krb5_enctype ** val)" +.PP +Deprecated: keytypes doesn't exists, they are really enctypes. +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string (krb5_context context, krb5_keytype keytype, char ** string)" +.PP +Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_enctype_to_string(). +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc (krb5_context context, krb5_enctype type, krb5_salt salt, krb5_const_pointer keyseed, krb5_keyblock ** key)" +.PP +Deprecated: use krb5_get_init_creds() and friends. +.SS "KRB5_LIB_FUNCTION krb5_realm* KRB5_LIB_CALL krb5_princ_realm (krb5_context context, krb5_principal principal)" +.PP +Deprecated: use \fBkrb5_principal_get_realm()\fP +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm (krb5_context context, krb5_principal principal, krb5_realm * realm)" +.PP +Deprecated: use \fBkrb5_principal_set_realm()\fP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string (krb5_context context, const char * fmt, ...)" +.PP +Set the error message returned by krb5_get_error_string(). +.PP +Deprecated: use krb5_get_error_message() +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIfmt\fP error message to free +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype (krb5_context context, const char * string, krb5_keytype * keytype)" +.PP +Deprecated: keytypes doesn't exists, they are really enctypes in most cases, use krb5_string_to_enctype(). +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string (krb5_context context, const char * fmt, va_list args)" +.PP +Set the error message returned by krb5_get_error_string(), deprecated, use \fBkrb5_set_error_message()\fP. +.PP +Deprecated: use krb5_vset_error_message() +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fImsg\fP error message to free +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_digest.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_digest.3 new file mode 100644 index 00000000000..1be62851d66 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_digest.3 @@ -0,0 +1,38 @@ +.TH "Heimdal Kerberos 5 digest service" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 digest service \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_digest_probe\fP (krb5_context context, krb5_realm realm, krb5_ccache ccache, unsigned *flags)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe (krb5_context context, krb5_realm realm, krb5_ccache ccache, unsigned * flags)" +.PP +Get the supported/allowed mechanism for this principal. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Keberos context. +.br +\fIrealm\fP The realm of the KDC. +.br +\fIccache\fP The credential cache to use when talking to the KDC. +.br +\fIflags\fP The supported mechanism. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_digest_probe.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_digest_probe.3 new file mode 100644 index 00000000000..d7f12b174eb --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_digest_probe.3 @@ -0,0 +1 @@ +.so man3/krb5_digest.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_eai_to_heim_errno.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_eai_to_heim_errno.3 new file mode 100644 index 00000000000..f721fda2cd4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_eai_to_heim_errno.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_encrypt_iov_ivec.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_encrypt_iov_ivec.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_encrypt_iov_ivec.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_disable.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_disable.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_disable.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_enable.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_enable.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_enable.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_valid.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_valid.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctype_valid.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctypes_compatible_keys.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctypes_compatible_keys.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_enctypes_compatible_keys.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_error.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_error.3 new file mode 100644 index 00000000000..7ada02c3997 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_error.3 @@ -0,0 +1,105 @@ +.TH "Heimdal Kerberos 5 error reporting functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 error reporting functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_eai_to_heim_errno\fP (int eai_errno, int system_error)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_h_errno_to_heim_errno\fP (int eai_errno)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_clear_error_message\fP (krb5_context context)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_set_error_message\fP (krb5_context context, krb5_error_code ret, const char *fmt,...) __attribute__((format(printf" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_vwarn\fP (krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__((format(printf" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_clear_error_message (krb5_context context)" +.PP +Clears the error message from the Kerberos 5 context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP The Kerberos 5 context to clear +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno (int eai_errno, int system_error)" +.PP +Convert the getaddrinfo() error code to a Kerberos et error code. +.PP +\fBParameters:\fP +.RS 4 +\fIeai_errno\fP contains the error code from getaddrinfo(). +.br +\fIsystem_error\fP should have the value of errno after the failed getaddrinfo(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos error code representing the EAI errors. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int eai_errno)" +.PP +Convert the gethostname() error code (h_error) to a Kerberos et error code. +.PP +\fBParameters:\fP +.RS 4 +\fIeai_errno\fP contains the error code from gethostname(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Kerberos error code representing the gethostname errors. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_error_message (krb5_context context, krb5_error_code ret, const char * fmt, ...)" +.PP +Set the context full error string for a specific error code. The error that is stored should be internationalized. +.PP +The if context is NULL, no error string is stored. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIret\fP The error code +.br +\fIfmt\fP Error string for the error code +.br +\fI...\fP printf(3) style parameters. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn (krb5_context context, krb5_error_code code, const char * fmt, va_list ap)" +.PP +Log a warning to the log, default stderr, include the error from the last failure. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIcode\fP error code of the last error +.br +\fIfmt\fP message to print +.br +\fIap\fP arguments +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_expand_hostname.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_expand_hostname.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_expand_hostname.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_expand_hostname_realms.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_expand_hostname_realms.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_expand_hostname_realms.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fcc_ops.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fcc_ops.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fcc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 new file mode 100644 index 00000000000..2a2663f4425 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fileformats.3 @@ -0,0 +1,233 @@ +.TH "krb5_fileformats" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_fileformats \- File formats +.SH "File formats" +.PP +This section documents the diffrent file formats that are used in Heimdal and other Kerberos implementations. +.SS "keytab" +The keytab binary format is not a standard format. The format has evolved and may continue to. It is however understood by several Kerberos implementations including Heimdal, MIT, Sun's Java ktab and are created by the ktpass.exe utility from Windows. So it has established itself as the defacto format for storing Kerberos keys. +.PP +The following C-like structure definitions illustrate the MIT keytab file format. All values are in network byte order. All text is ASCII. +.PP +.PP +.nf + keytab { + uint16_t file_format_version; # 0x502 + keytab_entry entries[*]; + }; + + keytab_entry { + int32_t size; + uint16_t num_components; # subtract 1 if version 0x501 + counted_octet_string realm; + counted_octet_string components[num_components]; + uint32_t name_type; # not present if version 0x501 + uint32_t timestamp; + uint8_t vno8; + keyblock key; + uint32_t vno; #only present if >= 4 bytes left in entry + uint32_t flags; #only present if >= 4 bytes left in entry + }; + + counted_octet_string { + uint16_t length; + uint8_t data[length]; + }; + + keyblock { + uint16_t type; + counted_octet_string; + }; +.fi +.PP +.PP +All numbers are stored in network byteorder (big endian) format. +.PP +The keytab file format begins with the 16 bit file_format_version which at the time this document was authored is 0x502. The format of older keytabs is described at the end of this document. +.PP +The file_format_version is immediately followed by an array of keytab_entry structures which are prefixed with a 32 bit size indicating the number of bytes that follow in the entry. Note that the size should be evaluated as signed. This is because a negative value indicates that the entry is in fact empty (e.g. it has been deleted) and that the negative value of that negative value (which is of course a positive value) is the offset to the next keytab_entry. Based on these size values alone the entire keytab file can be traversed. +.PP +The size is followed by a 16 bit num_components field indicating the number of counted_octet_string components in the components array. +.PP +The num_components field is followed by a counted_octet_string representing the realm of the principal. +.PP +A counted_octet_string is simply an array of bytes prefixed with a 16 bit length. For the realm and name components, the counted_octet_string bytes are ASCII encoded text with no zero terminator. +.PP +Following the realm is the components array that represents the name of the principal. The text of these components may be joined with slashs to construct the typical SPN representation. For example, the service principal HTTP/www.foo.net@FOO.NET would consist of name components 'HTTP' followed by 'www.foo.net'. +.PP +Following the components array is the 32 bit name_type (e.g. 1 is KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL. +.PP +The 32 bit timestamp indicates the time the key was established for that principal. The value represents the number of seconds since Jan 1, 1970. +.PP +The 8 bit vno8 field is the version number of the key. This value is overridden by the 32 bit vno field if it is present. The vno8 field is filled with the lower 8 bits of the 32 bit protocol kvno field. +.PP +The keyblock structure consists of a 16 bit value indicating the encryption type and is a counted_octet_string containing the key. The encryption type is the same as the Kerberos standard (e.g. 3 is des-cbc-md5, 23 is arcfour-hmac-md5, etc). +.PP +The last field of the keytab_entry structure is optional. If the size of the keytab_entry indicates that there are at least 4 bytes remaining, a 32 bit value representing the key version number is present. This value supersedes the 8 bit vno8 value preceeding the keyblock. +.PP +Older keytabs with a file_format_version of 0x501 are different in three ways: +.PP +.IP "\(bu" 2 +All integers are in host byte order [1]. +.IP "\(bu" 2 +The num_components field is 1 too large (i.e. after decoding, decrement by 1). +.IP "\(bu" 2 +The 32 bit name_type field is not present. +.PP +.PP +[1] The file_format_version field should really be treated as two separate 8 bit quantities representing the major and minor version number respectively. +.SS "Heimdal database dump file" +Format of the Heimdal text dump file as of Heimdal 0.6.3: +.PP +Each line in the dump file is one entry in the database. +.PP +Each field of a line is separated by one or more spaces, with the exception of fields consisting of principals containing spaces, where space can be quoted with \\ and \\ is quoted by \\. +.PP +Fields and their types are: +.PP +.PP +.nf + Quoted princial (quote character is \) [string] + Keys [keys] + Created by [event] + Modified by [event optional] + Valid start time [time optional] + Valid end time [time optional] + Password end valid time [time optional] + Max lifetime of ticket [time optional] + Max renew time of ticket [integer optional] + Flags [hdb flags] + Generation number [generation optional] + Extensions [extentions optional] +.fi +.PP +.PP +Fields following these silently are ignored. +.PP +All optional fields will be skipped if they fail to parse (or comprise the optional field marker of '-', w/o quotes). +.PP +Example: +.PP +.PP +.nf + fred\@CODE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE.COM 20041221112428:fred\@CODE.COM - - - 86400 604800 126 20020415130120:793707:28 - +.fi +.PP +.PP +Encoding of types are as follows: +.PP +.IP "\(bu" 2 +keys +.PP +.PP +.PP +.nf + kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :} +.fi +.PP +.PP +kvno is the key version number. +.PP +keydata is hex-encoded +.PP +masterkvno is the kvno of the database master key. If this field is empty, the kadmin load and merge operations will encrypt the key data with the master key if there is one. Otherwise the key data will be imported asis. +.PP +salt is encoded as '-' (no/default salt) or +.PP +.PP +.nf + salt-type / + salt-type / 'string' + salt-type / hex-encoded-data +.fi +.PP +.PP +keytype is the protocol enctype number; see enum ENCTYPE in include/krb5_asn1.h for values. +.PP +Example: +.PP +.nf + 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- + +.fi +.PP +.PP +.PP +.nf + kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt}... +.fi +.PP +.PP +.IP "\(bu" 2 +time +.PP +.PP +Format of the time is: YYYYmmddHHMMSS, corresponding to strftime format '%Y%m%d%k%M%S'. +.PP +Time is expressed in UTC. +.PP +Time can be optional (using -), when the time 0 is used. +.PP +Example: +.PP +.PP +.nf + 20041221112428 +.fi +.PP +.PP +.IP "\(bu" 2 +event +.PP +.PP +.PP +.nf + time:principal +.fi +.PP +.PP +time is as given in format time +.PP +principal is a string. Not quoting it may not work in earlier versions of Heimdal. +.PP +Example: +.PP +.nf + 20041221112428:bloggs\@CODE.COM + +.fi +.PP +.PP +.IP "\(bu" 2 +hdb flags +.PP +.PP +Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each bit in the integer is the same as the bit in the specification. +.PP +.IP "\(bu" 2 +generation: +.PP +.PP +.PP +.nf + time:usec:gen +.fi +.PP +.PP +usec is a the microsecond, integer. gen is generation number, integer. +.PP +The generation can be defaulted (using '-') or the empty string +.PP +.IP "\(bu" 2 +extensions: +.PP +.PP +.PP +.nf + first-hex-encoded-HDB-Extension[:second-...] +.fi +.PP +.PP +HDB-extension is encoded the DER encoded HDB-Extension from lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that unknown entires needs to be preserved even thought the ASN.1 data content might be unknown. There is a critical flag in the data to show to the KDC that the entry MUST be understod if the entry is to be used. diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_address.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_addresses.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_config_files.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_config_files.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_config_files.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_context.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_context.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_context.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_cred_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_cred_contents.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_cred_contents.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_creds.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_creds.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_creds_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_creds_contents.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_creds_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_data.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_data.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_data.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_data_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_data_contents.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_data_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_error_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_error_string.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_host_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_host_realm.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_host_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_keyblock.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_keyblock.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_keyblock_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_keyblock_contents.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_keyblock_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_principal.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_ticket.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_ticket.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_ticket.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_unparsed_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_unparsed_name.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_free_unparsed_name.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fwd_tgt_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fwd_tgt_creds.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_fwd_tgt_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_generate_subkey.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_generate_subkey.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_generate_subkey.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_generate_subkey_extended.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_generate_subkey_extended.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_generate_subkey_extended.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_cred_from_kdc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_cred_from_kdc.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_cred_from_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_cred_from_kdc_opt.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_cred_from_kdc_opt.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_cred_from_kdc_opt.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_default_config_files.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_default_config_files.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_default_config_files.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_default_in_tkt_etypes.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_default_in_tkt_etypes.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_default_in_tkt_etypes.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_extra_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_extra_addresses.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_extra_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_fcache_version.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_fcache_version.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_fcache_version.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_forwarded_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_forwarded_creds.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_forwarded_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_ignore_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_ignore_addresses.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_ignore_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_keytab.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_keytab.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_password.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_password.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_password.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_skey.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_skey.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_in_tkt_with_skey.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_keyblock.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_keyblock.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_keytab.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_keytab.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_alloc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_alloc.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_free.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_free.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_get_error.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_get_error.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_get_error.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_init.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_init.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_opt_init.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_password.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_password.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_init_creds_password.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_kdc_sec_offset.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_kdc_sec_offset.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_kdc_sec_offset.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_max_time_skew.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_max_time_skew.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_max_time_skew.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_use_admin_kdc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_use_admin_kdc.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_use_admin_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_validated_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_validated_creds.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_get_validated_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_addr2addr.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_addr2addr.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_addr2addr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_addr2sockaddr.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_addr2sockaddr.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_addr2sockaddr.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_errno_to_heim_errno.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_errno_to_heim_errno.3 new file mode 100644 index 00000000000..f721fda2cd4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_h_errno_to_heim_errno.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_context.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_context.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_context.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_free.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_free.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_get.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_get.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_get.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_get_error.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_get_error.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_get_error.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_init.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_init.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_init.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3 new file mode 100644 index 00000000000..d24d0a02609 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_intro.3 @@ -0,0 +1,8 @@ +.TH "krb5_init_creds_intro" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_init_creds_intro \- The initial credential handing functions +.SH "Initial credential" +.PP +Functions to get initial credentials: \fBHeimdal Kerberos 5 credential handing functions\fP . diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_keytab.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_keytab.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_password.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_password.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_password.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_service.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_service.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_set_service.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_step.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_step.3 new file mode 100644 index 00000000000..9030ec94298 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_creds_step.3 @@ -0,0 +1 @@ +.so man3/krb5_credential.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_ets.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_ets.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_init_ets.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_introduction.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_introduction.3 new file mode 100644 index 00000000000..14cf52f69db --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_introduction.3 @@ -0,0 +1,259 @@ +.TH "krb5_introduction" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_introduction \- Introduction to the Kerberos 5 API +.SH "Kerberos 5 API Overview" +.PP +All functions are documented in manual pages. This section tries to give an overview of the major components used in Kerberos library, and point to where to look for a specific function. +.SS "Kerberos context" +A kerberos context (krb5_context) holds all per thread state. All global variables that are context specific are stored in this structure, including default encryption types, credential cache (for example, a ticket file), and default realms. +.PP +The internals of the structure should never be accessed directly, functions exist for extracting information. +.PP +See the manual page for \fBkrb5_init_context()\fP how to create a context and module \fBHeimdal Kerberos 5 library\fP for more information about the functions. +.SS "Kerberos authentication context" +Kerberos authentication context (krb5_auth_context) holds all context related to an authenticated connection, in a similar way to the kerberos context that holds the context for the thread or process. +.PP +The krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum types. +.SS "Kerberos principal" +The Kerberos principal is the structure that identifies a user or service in Kerberos. The structure that holds the principal is the krb5_principal. There are function to extract the realm and elements of the principal, but most applications have no reason to inspect the content of the structure. +.PP +The are several ways to create a principal (with different degree of portability), and one way to free it. +.PP +See also the page \fBThe principal handing functions.\fP for more information and also module \fBHeimdal Kerberos 5 principal functions\fP. +.SS "Credential cache" +A credential cache holds the tickets for a user. A given user can have several credential caches, one for each realm where the user have the initial tickets (the first krbtgt). +.PP +The credential cache data can be stored internally in different way, each of them for different proposes. File credential (FILE) caches and processes based (KCM) caches are for permanent storage. While memory caches (MEMORY) are local caches to the local process. +.PP +Caches are opened with \fBkrb5_cc_resolve()\fP or created with \fBkrb5_cc_new_unique()\fP. +.PP +If the cache needs to be opened again (using \fBkrb5_cc_resolve()\fP) \fBkrb5_cc_close()\fP will close the handle, but not the remove the cache. \fBkrb5_cc_destroy()\fP will zero out the cache, remove the cache so it can no longer be referenced. +.PP +See also \fBThe credential cache functions\fP and \fBHeimdal Kerberos 5 credential cache functions\fP . +.SS "Kerberos errors" +Kerberos errors are based on the com_err library. All error codes are 32-bit signed numbers, the first 24 bits define what subsystem the error originates from, and last 8 bits are 255 error codes within the library. Each error code have fixed string associated with it. For example, the error-code -1765328383 have the symbolic name KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in database has expired''. +.PP +This is a great improvement compared to just getting one of the unix error-codes back. However, Heimdal have an extention to pass back customised errors messages. Instead of getting ``Key table entry not found'', the user might back ``failed to find host/host.example.com@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab (des-cbc-crc)''. This improves the chance that the user find the cause of the error so you should use the customised error message whenever it's available. +.PP +See also module \fBHeimdal Kerberos 5 error reporting functions\fP . +.SS "Keytab management" +A keytab is a storage for locally stored keys. Heimdal includes keytab support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, and for storing keys in memory. +.PP +Keytabs are used for servers and long-running services. +.PP +See also \fBThe keytab handing functions\fP and \fBHeimdal Kerberos 5 keytab handling functions\fP . +.SS "Kerberos crypto" +Heimdal includes a implementation of the Kerberos crypto framework, all crypto operations. To create a crypto context call \fBkrb5_crypto_init()\fP. +.PP +See also module \fBHeimdal Kerberos 5 cryptography functions\fP . +.SH "Walkthrough of a sample Kerberos 5 client" +.PP +This example contains parts of a sample TCP Kerberos 5 clients, if you want a real working client, please look in appl/test directory in the Heimdal distribution. +.PP +All Kerberos error-codes that are returned from kerberos functions in this program are passed to krb5_err, that will print a descriptive text of the error code and exit. Graphical programs can convert error-code to a human readable error-string with the krb5_get_error_message() function. +.PP +Note that you should not use any Kerberos function before \fBkrb5_init_context()\fP have completed successfully. That is the reason err() is used when \fBkrb5_init_context()\fP fails. +.PP +First the client needs to call krb5_init_context to initialise the Kerberos 5 library. This is only needed once per thread in the program. If the function returns a non-zero value it indicates that either the Kerberos implementation is failing or it's disabled on this host. +.PP +.PP +.nf + #include + + int + main(int argc, char **argv) + { + krb5_context context; + + if (krb5_init_context(&context)) + errx (1, 'krb5_context'); +.fi +.PP +.PP +Now the client wants to connect to the host at the other end. The preferred way of doing this is using getaddrinfo (for operating system that have this function implemented), since getaddrinfo is neutral to the address type and can use any protocol that is available. +.PP +.PP +.nf + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; + + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + error = getaddrinfo (hostname, 'pop3', &hints, &ai); + if (error) + errx (1, '%s: %s', hostname, gai_strerror(error)); + + for (a = ai; a != NULL; a = a->ai_next) { + int s; + + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + warn ('connect(%s)', hostname); + close (s); + continue; + } + freeaddrinfo (ai); + ai = NULL; + } + if (ai) { + freeaddrinfo (ai); + errx ('failed to contact %s', hostname); + } +.fi +.PP +.PP +Before authenticating, an authentication context needs to be created. This context keeps all information for one (to be) authenticated connection (see krb5_auth_context). +.PP +.PP +.nf + status = krb5_auth_con_init (context, &auth_context); + if (status) + krb5_err (context, 1, status, 'krb5_auth_con_init'); +.fi +.PP +.PP +For setting the address in the authentication there is a help function krb5_auth_con_setaddrs_from_fd() that does everything that is needed when given a connected file descriptor to the socket. +.PP +.PP +.nf + status = krb5_auth_con_setaddrs_from_fd (context, + auth_context, + &sock); + if (status) + krb5_err (context, 1, status, + 'krb5_auth_con_setaddrs_from_fd'); +.fi +.PP +.PP +The next step is to build a server principal for the service we want to connect to. (See also \fBkrb5_sname_to_principal()\fP.) +.PP +.PP +.nf + status = krb5_sname_to_principal (context, + hostname, + service, + KRB5_NT_SRV_HST, + &server); + if (status) + krb5_err (context, 1, status, 'krb5_sname_to_principal'); +.fi +.PP +.PP +The client principal is not passed to krb5_sendauth() function, this causes the krb5_sendauth() function to try to figure it out itself. +.PP +The server program is using the function krb5_recvauth() to receive the Kerberos 5 authenticator. +.PP +In this case, mutual authentication will be tried. That means that the server will authenticate to the client. Using mutual authentication is good since it enables the user to verify that they are talking to the right server (a server that knows the key). +.PP +If you are using a non-blocking socket you will need to do all work of krb5_sendauth() yourself. Basically you need to send over the authenticator from krb5_mk_req() and, in case of mutual authentication, verifying the result from the server with krb5_rd_rep(). +.PP +.PP +.nf + status = krb5_sendauth (context, + &auth_context, + &sock, + VERSION, + NULL, + server, + AP_OPTS_MUTUAL_REQUIRED, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL); + if (status) + krb5_err (context, 1, status, 'krb5_sendauth'); +.fi +.PP +.PP +Once authentication has been performed, it is time to send some data. First we create a krb5_data structure, then we sign it with krb5_mk_safe() using the auth_context that contains the session-key that was exchanged in the krb5_sendauth()/krb5_recvauth() authentication sequence. +.PP +.PP +.nf + data.data = 'hej'; + data.length = 3; + + krb5_data_zero (&packet); + + status = krb5_mk_safe (context, + auth_context, + &data, + &packet, + NULL); + if (status) + krb5_err (context, 1, status, 'krb5_mk_safe'); +.fi +.PP +.PP +And send it over the network. +.PP +.PP +.nf + len = packet.length; + net_len = htonl(len); + + if (krb5_net_write (context, &sock, &net_len, 4) != 4) + err (1, 'krb5_net_write'); + if (krb5_net_write (context, &sock, packet.data, len) != len) + err (1, 'krb5_net_write'); +.fi +.PP +.PP +To send encrypted (and signed) data krb5_mk_priv() should be used instead. krb5_mk_priv() works the same way as krb5_mk_safe(), with the exception that it encrypts the data in addition to signing it. +.PP +.PP +.nf + data.data = 'hemligt'; + data.length = 7; + + krb5_data_free (&packet); + + status = krb5_mk_priv (context, + auth_context, + &data, + &packet, + NULL); + if (status) + krb5_err (context, 1, status, 'krb5_mk_priv'); +.fi +.PP +.PP +And send it over the network. +.PP +.PP +.nf + len = packet.length; + net_len = htonl(len); + + if (krb5_net_write (context, &sock, &net_len, 4) != 4) + err (1, 'krb5_net_write'); + if (krb5_net_write (context, &sock, packet.data, len) != len) + err (1, 'krb5_net_write'); +.fi +.PP +.PP +The server is using krb5_rd_safe() and krb5_rd_priv() to verify the signature and decrypt the packet. +.SH "Validating a password in an application" +.PP +See the manual page for krb5_verify_user(). +.SH "API differences to MIT Kerberos" +.PP +This section is somewhat disorganised, but so far there is no overall structure to the differences, though some of the have their root in that Heimdal uses an ASN.1 compiler and MIT doesn't. +.SS "Principal and realms" +Heimdal stores the realm as a krb5_realm, that is a char *. MIT Kerberos uses a krb5_data to store a realm. +.PP +In Heimdal krb5_principal doesn't contain the component name_type; it's instead stored in component name.name_type. To get and set the nametype in Heimdal, use \fBkrb5_principal_get_type()\fP and \fBkrb5_principal_set_type()\fP. +.PP +For more information about principal and realms, see krb5_principal. +.SS "Error messages" +To get the error string, Heimdal uses krb5_get_error_message(). This is to return custom error messages (like ``Can't find host/datan.example.com@CODE.COM in /etc/krb5.conf.'' instead of a ``Key table entry not found'' that error_message returns. +.PP +Heimdal uses a threadsafe(r) version of the com_err interface; the global com_err table isn't initialised. Then error_message returns quite a boring error string (just the error code itself). diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_is_config_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_is_config_principal.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_is_config_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_is_thread_safe.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_is_thread_safe.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_is_thread_safe.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kerberos_enctypes.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kerberos_enctypes.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kerberos_enctypes.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_get_enctype.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_get_enctype.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_get_enctype.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_init.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_init.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_init.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_zero.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_zero.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keyblock_zero.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab.3 new file mode 100644 index 00000000000..3c76f400d5e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab.3 @@ -0,0 +1,486 @@ +.TH "Heimdal Kerberos 5 keytab handling functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 keytab handling functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_register\fP (krb5_context context, const krb5_kt_ops *ops)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_resolve\fP (krb5_context context, const char *name, krb5_keytab *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_default_name\fP (krb5_context context, char *name, size_t namesize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_default_modify_name\fP (krb5_context context, char *name, size_t namesize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_default\fP (krb5_context context, krb5_keytab *id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_read_service_key\fP (krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock **key)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_type\fP (krb5_context context, krb5_keytab keytab, char *prefix, size_t prefixsize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_name\fP (krb5_context context, krb5_keytab keytab, char *name, size_t namesize)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_full_name\fP (krb5_context context, krb5_keytab keytab, char **str)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_close\fP (krb5_context context, krb5_keytab id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_destroy\fP (krb5_context context, krb5_keytab id)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kt_compare\fP (krb5_context context, krb5_keytab_entry *entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_get_entry\fP (krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_copy_entry_contents\fP (krb5_context context, const krb5_keytab_entry *in, krb5_keytab_entry *out)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_free_entry\fP (krb5_context context, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_start_seq_get\fP (krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_next_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_end_seq_get\fP (krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_add_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_kt_remove_entry\fP (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kt_have_content\fP (krb5_context context, krb5_keytab id)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry)" +.PP +Add the entry in `entry' to the keytab `id'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.br +\fIentry\fP the entry to add +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close (krb5_context context, krb5_keytab id)" +.PP +Finish using the keytab in `id'. All resources will be released, even on errors. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP keytab to close. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare (krb5_context context, krb5_keytab_entry * entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype)" +.PP +Compare `entry' against `principal, vno, enctype'. Any of `principal, vno, enctype' might be 0 which acts as a wildcard. Return TRUE if they compare the same, FALSE otherwise. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIentry\fP an entry to match with. +.br +\fIprincipal\fP principal to match, NULL matches all principals. +.br +\fIvno\fP key version to match, 0 matches all key version numbers. +.br +\fIenctype\fP encryption type to match, 0 matches all encryption types. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return TRUE or match, FALSE if not matched. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents (krb5_context context, const krb5_keytab_entry * in, krb5_keytab_entry * out)" +.PP +Copy the contents of `in' into `out'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIin\fP the keytab entry to copy. +.br +\fIout\fP the copy of the keytab entry, free with \fBkrb5_kt_free_entry()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default (krb5_context context, krb5_keytab * id)" +.PP +Set `id' to the default keytab. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP the new default keytab. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name (krb5_context context, char * name, size_t namesize)" +.PP +Copy the name of the default modify keytab into `name'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIname\fP buffer where the name will be written +.br +\fInamesize\fP length of name +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name (krb5_context context, char * name, size_t namesize)" +.PP +copy the name of the default keytab into `name'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIname\fP buffer where the name will be written +.br +\fInamesize\fP length of name +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_destroy (krb5_context context, krb5_keytab id)" +.PP +Destroy (remove) the keytab in `id'. All resources will be released, even on errors, does the equvalment of \fBkrb5_kt_close()\fP on the resources. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP keytab to destroy. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor * cursor)" +.PP +Release all resources associated with `cursor'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.br +\fIcursor\fP the cursor to free. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry (krb5_context context, krb5_keytab_entry * entry)" +.PP +Free the contents of `entry'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIentry\fP the entry to free +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry (krb5_context context, krb5_keytab id, krb5_const_principal principal, krb5_kvno kvno, krb5_enctype enctype, krb5_keytab_entry * entry)" +.PP +Retrieve the keytab entry for `principal, kvno, enctype' into `entry' from the keytab `id'. Matching is done like \fBkrb5_kt_compare()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.br +\fIprincipal\fP principal to match, NULL matches all principals. +.br +\fIkvno\fP key version to match, 0 matches all key version numbers. +.br +\fIenctype\fP encryption type to match, 0 matches all encryption types. +.br +\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name (krb5_context context, krb5_keytab keytab, char ** str)" +.PP +Retrieve the full name of the keytab `keytab' and store the name in `str'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIkeytab\fP keytab to get name for. +.br +\fIstr\fP the name of the keytab name, usee krb5_xfree() to free the string. On error, *str is set to NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name (krb5_context context, krb5_keytab keytab, char * name, size_t namesize)" +.PP +Retrieve the name of the keytab `keytab' into `name', `namesize' +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIkeytab\fP the keytab to get the name for. +.br +\fIname\fP name buffer. +.br +\fInamesize\fP size of name buffer. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type (krb5_context context, krb5_keytab keytab, char * prefix, size_t prefixsize)" +.PP +Return the type of the `keytab' in the string `prefix of length `prefixsize'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIkeytab\fP the keytab to get the prefix for +.br +\fIprefix\fP prefix buffer +.br +\fIprefixsize\fP length of prefix buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_have_content (krb5_context context, krb5_keytab id)" +.PP +Return true if the keytab exists and have entries +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry, krb5_kt_cursor * cursor)" +.PP +Get the next entry from keytab, advance the cursor. On last entry the function will return KRB5_KT_END. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.br +\fIentry\fP the returned entry, free with \fBkrb5_kt_free_entry()\fP. +.br +\fIcursor\fP the cursor of the iteration. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key (krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock ** key)" +.PP +Read the key identified by `(principal, vno, enctype)' from the keytab in `keyprocarg' (the default if == NULL) into `*key'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIkeyprocarg\fP +.br +\fIprincipal\fP +.br +\fIvno\fP +.br +\fIenctype\fP +.br +\fIkey\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register (krb5_context context, const krb5_kt_ops * ops)" +.PP +Register a new keytab backend. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIops\fP a backend to register. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry * entry)" +.PP +Remove an entry from the keytab, matching is done using \fBkrb5_kt_compare()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.br +\fIentry\fP the entry to remove +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve (krb5_context context, const char * name, krb5_keytab * id)" +.PP +Resolve the keytab name (of the form `type:residual') in `name' into a keytab in `id'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIname\fP name to resolve +.br +\fIid\fP resulting keytab, free with \fBkrb5_kt_close()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get (krb5_context context, krb5_keytab id, krb5_kt_cursor * cursor)" +.PP +Set `cursor' to point at the beginning of `id'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context. +.br +\fIid\fP a keytab. +.br +\fIcursor\fP a newly allocated cursor, free with \fBkrb5_kt_end_seq_get()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3 new file mode 100644 index 00000000000..ee3eff2ce4c --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab_intro.3 @@ -0,0 +1,74 @@ +.TH "krb5_keytab_intro" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_keytab_intro \- The keytab handing functions +.SH "Kerberos Keytabs" +.PP +See the library functions here: \fBHeimdal Kerberos 5 keytab handling functions\fP +.PP +Keytabs are long term key storage for servers, their equvalment of password files. +.PP +Normally the only function that useful for server are to specify what keytab to use to other core functions like krb5_rd_req() \fBkrb5_kt_resolve()\fP, and \fBkrb5_kt_close()\fP. +.SS "Keytab names" +A keytab name is on the form type:residual. The residual part is specific to each keytab-type. +.PP +When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is FILE. +.PP +The default value can be changed in the configuration file /etc/krb5.conf by setting the variable [defaults]default_keytab_name. +.PP +The keytab types that are implemented in Heimdal are: +.IP "\(bu" 2 +file store the keytab in a file, the type's name is FILE . The residual part is a filename. For compatibility with other Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE has the same format as FILE. JAVA14 have a format that is compatible with older versions of MIT kerberos and SUN's Java based installation. They store a truncted kvno, so when the knvo excess 255, they are truncted in this format. +.PP +.PP +.IP "\(bu" 2 +keytab store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), the type's name is AFSKEYFILE. The residual part is a filename. +.PP +.PP +.IP "\(bu" 2 +memory The keytab is stored in a memory segment. This allows sensitive and/or temporary data not to be stored on disk. The type's name is MEMORY. Each MEMORY keytab is referenced counted by and opened by the residual name, so two handles can point to the same memory area. When the last user closes using \fBkrb5_kt_close()\fP the keytab, the keys in they keytab is memset() to zero and freed and can no longer be looked up by name. +.PP +.SS "Keytab example" +This is a minimalistic version of ktutil. +.PP +.PP +.nf +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + krb5_error_code ret; + char *principal; + + if (krb5_init_context (&context) != 0) + errx(1, 'krb5_context'); + + ret = krb5_kt_default (context, &keytab); + if (ret) + krb5_err(context, 1, ret, 'krb5_kt_default'); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, 'krb5_kt_start_seq_get'); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + krb5_unparse_name(context, entry.principal, &principal); + printf('principal: %s\n', principal); + free(principal); + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, 'krb5_kt_end_seq_get'); + ret = krb5_kt_close(context, keytab); + if (ret) + krb5_err(context, 1, ret, 'krb5_kt_close'); + krb5_free_context(context); + return 0; +} +.fi +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab_key_proc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab_key_proc.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytab_key_proc.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_enctypes.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_enctypes.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_enctypes.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_enctypes_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_enctypes_default.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_enctypes_default.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_string.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_keytype_to_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_krbhst_get_addrinfo.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_krbhst_get_addrinfo.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_krbhst_get_addrinfo.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_add_entry.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_add_entry.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_add_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_close.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_close.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_close.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_compare.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_compare.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_copy_entry_contents.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_copy_entry_contents.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_copy_entry_contents.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default_modify_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default_modify_name.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default_modify_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default_name.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_default_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_destroy.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_destroy.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_destroy.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_end_seq_get.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_end_seq_get.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_end_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_free_entry.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_free_entry.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_free_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_entry.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_entry.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_full_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_full_name.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_full_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_name.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_name.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_type.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_type.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_get_type.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_have_content.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_have_content.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_have_content.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_next_entry.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_next_entry.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_next_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_read_service_key.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_read_service_key.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_read_service_key.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_register.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_register.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_register.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_remove_entry.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_remove_entry.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_remove_entry.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_resolve.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_resolve.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_resolve.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_start_seq_get.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_start_seq_get.3 new file mode 100644 index 00000000000..abf40bbf82b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kt_start_seq_get.3 @@ -0,0 +1 @@ +.so man3/krb5_keytab.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kuserok.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kuserok.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_kuserok.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_make_addrport.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_make_addrport.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_make_addrport.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_make_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_make_principal.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_make_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_max_sockaddr_size.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_max_sockaddr_size.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_max_sockaddr_size.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_mcc_ops.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_mcc_ops.3 new file mode 100644 index 00000000000..e64747b9d07 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_mcc_ops.3 @@ -0,0 +1 @@ +.so man3/krb5_ccache.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac.3 new file mode 100644 index 00000000000..d4ea6d22930 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac.3 @@ -0,0 +1,66 @@ +.TH "Heimdal Kerberos 5 PAC handling functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 PAC handling functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_pac_get_buffer\fP (krb5_context context, krb5_pac p, uint32_t type, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_pac_verify\fP (krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer (krb5_context context, krb5_pac p, uint32_t type, krb5_data * data)" +.PP +Get the PAC buffer of specific type from the pac. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIp\fP the pac structure returned by krb5_pac_parse(). +.br +\fItype\fP type of buffer to get +.br +\fIdata\fP return data, free with \fBkrb5_data_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify (krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr)" +.PP +Verify the PAC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIpac\fP the pac structure returned by krb5_pac_parse(). +.br +\fIauthtime\fP The time of the ticket the PAC belongs to. +.br +\fIprincipal\fP the principal to verify. +.br +\fIserver\fP The service key, most always be given. +.br +\fIprivsvr\fP The KDC key, may be given. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac_get_buffer.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac_get_buffer.3 new file mode 100644 index 00000000000..bd150f6be5b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac_get_buffer.3 @@ -0,0 +1 @@ +.so man3/krb5_pac.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac_verify.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac_verify.3 new file mode 100644 index 00000000000..bd150f6be5b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_pac_verify.3 @@ -0,0 +1 @@ +.so man3/krb5_pac.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_address.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_name.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_name.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_name_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_name_flags.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_name_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_nametype.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_nametype.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_parse_nametype.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_password_key_proc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_password_key_proc.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_password_key_proc.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_plugin_register.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_plugin_register.3 new file mode 100644 index 00000000000..21a2567dc68 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_plugin_register.3 @@ -0,0 +1 @@ +.so man3/krb5_support.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_prepend_config_files_default.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_prepend_config_files_default.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_prepend_config_files_default.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_princ_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_princ_realm.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_princ_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_princ_set_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_princ_set_realm.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_princ_set_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 new file mode 100644 index 00000000000..23ceedf156b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal.3 @@ -0,0 +1,519 @@ +.TH "Heimdal Kerberos 5 principal functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 principal functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_free_principal\fP (krb5_context context, krb5_principal p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_principal_set_type\fP (krb5_context context, krb5_principal principal, int type)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_principal_get_type\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_principal_get_realm\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL \fBkrb5_principal_get_num_comp\fP (krb5_context context, krb5_const_principal principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_name_flags\fP (krb5_context context, const char *name, int flags, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_name\fP (krb5_context context, const char *name, krb5_principal *principal)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed\fP (krb5_context context, krb5_const_principal principal, char *name, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed_short\fP (krb5_context context, krb5_const_principal principal, char *name, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_fixed_flags\fP (krb5_context context, krb5_const_principal principal, int flags, char *name, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name\fP (krb5_context context, krb5_const_principal principal, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_flags\fP (krb5_context context, krb5_const_principal principal, int flags, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_unparse_name_short\fP (krb5_context context, krb5_const_principal principal, char **name)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_principal_set_realm\fP (krb5_context context, krb5_principal principal, krb5_const_realm realm)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_build_principal\fP (krb5_context context, krb5_principal *principal, int rlen, krb5_const_realm realm,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_make_principal\fP (krb5_context context, krb5_principal *principal, krb5_const_realm realm,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_copy_principal\fP (krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_compare_any_realm\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_compare\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_realm_compare\fP (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_match\fP (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_sname_to_principal\fP (krb5_context context, const char *hostname, const char *sname, int32_t type, krb5_principal *ret_princ)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_parse_nametype\fP (krb5_context context, const char *str, int32_t *nametype)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_principal_is_krbtgt\fP (krb5_context context, krb5_const_principal p)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal (krb5_context context, krb5_principal * principal, int rlen, krb5_const_realm realm, ...)" +.PP +Build a principal using vararg style building +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP returned principal +.br +\fIrlen\fP length of realm +.br +\fIrealm\fP realm name +.br +\fI...\fP a list of components ended with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal (krb5_context context, krb5_const_principal inprinc, krb5_principal * outprinc)" +.PP +Copy a principal +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIinprinc\fP principal to copy +.br +\fIoutprinc\fP copied principal, free with \fBkrb5_free_principal()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal (krb5_context context, krb5_principal p)" +.PP +Frees a Kerberos principal allocated by the library with \fBkrb5_parse_name()\fP, \fBkrb5_make_principal()\fP or any other related principal functions. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIp\fP a principal to free. +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal (krb5_context context, krb5_principal * principal, krb5_const_realm realm, ...)" +.PP +Build a principal using vararg style building +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP returned principal +.br +\fIrealm\fP realm name +.br +\fI...\fP a list of components ended with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name (krb5_context context, const char * name, krb5_principal * principal)" +.PP +Parse a name into a krb5_principal structure +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIname\fP name to parse into a Kerberos principal +.br +\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags (krb5_context context, const char * name, int flags, krb5_principal * principal)" +.PP +Parse a name into a krb5_principal structure, flags controls the behavior. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIname\fP name to parse into a Kerberos principal +.br +\fIflags\fP flags to control the behavior +.br +\fIprincipal\fP returned principal, free with \fBkrb5_free_principal()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype (krb5_context context, const char * str, int32_t * nametype)" +.PP +Parse nametype string and return a nametype integer +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.PP +Compares the two principals, including realm of the principals and returns TRUE if they are the same and FALSE if not. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprinc1\fP first principal to compare +.br +\fIprinc2\fP second principal to compare +.RE +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_principal_compare_any_realm()\fP +.PP +\fBkrb5_realm_compare()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.PP +Return TRUE iff princ1 == princ2 (without considering the realm) +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprinc1\fP first principal to compare +.br +\fIprinc2\fP second principal to compare +.RE +.PP +\fBReturns:\fP +.RS 4 +non zero if equal, 0 if not +.RE +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_principal_compare()\fP +.PP +\fBkrb5_realm_compare()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL krb5_principal_get_num_comp (krb5_context context, krb5_const_principal principal)" +.PP +Get number of component is principal. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprincipal\fP principal to query +.RE +.PP +\fBReturns:\fP +.RS 4 +number of components in string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm (krb5_context context, krb5_const_principal principal)" +.PP +Get the realm of the principal +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to get the realm for +.RE +.PP +\fBReturns:\fP +.RS 4 +realm of the principal, don't free or use after krb5_principal is freed +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type (krb5_context context, krb5_const_principal principal)" +.PP +Get the type of the principal +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to get the type for +.RE +.PP +\fBReturns:\fP +.RS 4 +the type of principal +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt (krb5_context context, krb5_const_principal p)" +.PP +Check if the cname part of the principal is a krbtgt principal +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match (krb5_context context, krb5_const_principal princ, krb5_const_principal pattern)" +.PP +return TRUE iff princ matches pattern +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_principal_set_realm (krb5_context context, krb5_principal principal, krb5_const_realm realm)" +.PP +Set a new realm for a principal, and as a side-effect free the previous realm. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal set the realm for +.br +\fIrealm\fP the new realm to set +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type (krb5_context context, krb5_principal principal, int type)" +.PP +Set the type of the principal +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to set the type for +.br +\fItype\fP the new type +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare (krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)" +.PP +return TRUE iff realm(princ1) == realm(princ2) +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprinc1\fP first principal to compare +.br +\fIprinc2\fP second principal to compare +.RE +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_principal_compare_any_realm()\fP +.PP +\fBkrb5_principal_compare()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char * hostname, const char * sname, int32_t type, krb5_principal * ret_princ)" +.PP +Create a principal for the service running on hostname. If KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or some other service), this is potentially insecure. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIhostname\fP hostname to use +.br +\fIsname\fP Service name to use +.br +\fItype\fP name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. +.br +\fIret_princ\fP return principal, free with \fBkrb5_free_principal()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name (krb5_context context, krb5_const_principal principal, char ** name)" +.PP +Unparse the Kerberos name into a string +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprincipal\fP principal to query +.br +\fIname\fP resulting string, free with krb5_xfree() +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed (krb5_context context, krb5_const_principal principal, char * name, size_t len)" +.PP +Unparse the principal name to a fixed buffer +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to unparse +.br +\fIname\fP buffer to write name to +.br +\fIlen\fP length of buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags (krb5_context context, krb5_const_principal principal, int flags, char * name, size_t len)" +.PP +Unparse the principal name with unparse flags to a fixed buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to unparse +.br +\fIflags\fP unparse flags +.br +\fIname\fP buffer to write name to +.br +\fIlen\fP length of buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short (krb5_context context, krb5_const_principal principal, char * name, size_t len)" +.PP +Unparse the principal name to a fixed buffer. The realm is skipped if its a default realm. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to unparse +.br +\fIname\fP buffer to write name to +.br +\fIlen\fP length of buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags (krb5_context context, krb5_const_principal principal, int flags, char ** name)" +.PP +Unparse the Kerberos name into a string +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIprincipal\fP principal to query +.br +\fIflags\fP flag to determine the behavior +.br +\fIname\fP resulting string, free with krb5_xfree() +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short (krb5_context context, krb5_const_principal principal, char ** name)" +.PP +Unparse the principal name to a allocated buffer. The realm is skipped if its a default realm. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos context. +.br +\fIprincipal\fP principal to unparse +.br +\fIname\fP returned buffer, free with krb5_xfree() +.RE +.PP +\fBReturns:\fP +.RS 4 +An krb5 error code, see krb5_get_error_message(). +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_compare.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_compare.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_compare_any_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_compare_any_realm.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_compare_any_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_num_comp.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_num_comp.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_num_comp.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_realm.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_type.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_type.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_get_type.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_intro.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_intro.3 new file mode 100644 index 00000000000..4f496fa3b85 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_intro.3 @@ -0,0 +1,17 @@ +.TH "krb5_principal_intro" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +krb5_principal_intro \- The principal handing functions. +A Kerberos principal is a email address looking string that contains to parts separeted by a @. The later part is the kerbero realm the principal belongs to and the former is a list of 0 or more components. For example +.PP +.nf + +lha@SU.SE +host/hummel.it.su.se@SU.SE +host/admin@H5L.ORG + +.fi +.PP +.PP +See the library functions here: \fBHeimdal Kerberos 5 principal functions\fP diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_is_krbtgt.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_is_krbtgt.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_is_krbtgt.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_match.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_match.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_match.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_set_realm.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_set_realm.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_set_realm.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_set_type.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_set_type.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_principal_set_type.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_print_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_print_address.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_print_address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_random_to_key.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_random_to_key.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_random_to_key.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_ctx.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_ctx.3 new file mode 100644 index 00000000000..a329e38ee1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_ctx.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 new file mode 100644 index 00000000000..a329e38ee1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_set_keytab.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_set_keytab.3 new file mode 100644 index 00000000000..a329e38ee1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_set_keytab.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_set_pac_check.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_set_pac_check.3 new file mode 100644 index 00000000000..a329e38ee1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_in_set_pac_check.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_out_ctx_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_out_ctx_free.3 new file mode 100644 index 00000000000..a329e38ee1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_out_ctx_free.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_out_get_server.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_out_get_server.3 new file mode 100644 index 00000000000..a329e38ee1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_rd_req_out_get_server.3 @@ -0,0 +1 @@ +.so man3/krb5_auth.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_realm_compare.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_realm_compare.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_realm_compare.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_address.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_address.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_addrs.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_addrs.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_addrs.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_authdata.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_authdata.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_authdata.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_creds.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_creds_tag.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_creds_tag.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_creds_tag.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_data.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_data.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int16.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int16.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int32.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int32.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int8.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int8.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_int8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_keyblock.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_keyblock.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_principal.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_string.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_string.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_stringz.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_stringz.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_stringz.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_times.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_times.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_times.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint16.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint16.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint32.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint32.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint8.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint8.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ret_uint8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_config_files.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_config_files.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_config_files.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_default_in_tkt_etypes.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_default_in_tkt_etypes.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_default_in_tkt_etypes.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_error_message.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_error_message.3 new file mode 100644 index 00000000000..f721fda2cd4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_error_message.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_error_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_error_string.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_extra_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_extra_addresses.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_extra_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_fcache_version.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_fcache_version.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_fcache_version.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_home_dir_access.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_home_dir_access.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_home_dir_access.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_ignore_addresses.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_ignore_addresses.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_ignore_addresses.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_kdc_sec_offset.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_kdc_sec_offset.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_kdc_sec_offset.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_max_time_skew.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_max_time_skew.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_max_time_skew.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_password.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_password.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_password.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_real_time.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_real_time.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_real_time.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_use_admin_kdc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_use_admin_kdc.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_set_use_admin_kdc.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sname_to_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sname_to_principal.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sname_to_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr2address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr2address.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr2address.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr2port.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr2port.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr2port.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr_uninteresting.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr_uninteresting.3 new file mode 100644 index 00000000000..de56fa15d11 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_sockaddr_uninteresting.3 @@ -0,0 +1 @@ +.so man3/krb5_address.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage.3 new file mode 100644 index 00000000000..0db3d661a3d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage.3 @@ -0,0 +1,1055 @@ +.TH "Heimdal Kerberos 5 storage functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 storage functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_flags\fP (krb5_storage *sp, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_clear_flags\fP (krb5_storage *sp, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_storage_is_flags\fP (krb5_storage *sp, krb5_flags flags)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_byteorder\fP (krb5_storage *sp, krb5_flags byteorder)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL \fBkrb5_storage_get_byteorder\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_max_alloc\fP (krb5_storage *sp, size_t size)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL \fBkrb5_storage_seek\fP (krb5_storage *sp, off_t offset, int whence)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_truncate\fP (krb5_storage *sp, off_t offset)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL \fBkrb5_storage_read\fP (krb5_storage *sp, void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL \fBkrb5_storage_write\fP (krb5_storage *sp, const void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_storage_set_eof_code\fP (krb5_storage *sp, int code)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_storage_get_eof_code\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_storage_free\fP (krb5_storage *sp)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_storage_to_data\fP (krb5_storage *sp, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int32\fP (krb5_storage *sp, int32_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint32\fP (krb5_storage *sp, uint32_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int32\fP (krb5_storage *sp, int32_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint32\fP (krb5_storage *sp, uint32_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int16\fP (krb5_storage *sp, int16_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint16\fP (krb5_storage *sp, uint16_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int16\fP (krb5_storage *sp, int16_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint16\fP (krb5_storage *sp, uint16_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_int8\fP (krb5_storage *sp, int8_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_uint8\fP (krb5_storage *sp, uint8_t value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_int8\fP (krb5_storage *sp, int8_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_uint8\fP (krb5_storage *sp, uint8_t *value)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_data\fP (krb5_storage *sp, krb5_data data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_data\fP (krb5_storage *sp, krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_string\fP (krb5_storage *sp, const char *s)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_string\fP (krb5_storage *sp, char **string)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_stringz\fP (krb5_storage *sp, const char *s)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_stringz\fP (krb5_storage *sp, char **string)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_principal\fP (krb5_storage *sp, krb5_const_principal p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_principal\fP (krb5_storage *sp, krb5_principal *princ)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_keyblock\fP (krb5_storage *sp, krb5_keyblock p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_keyblock\fP (krb5_storage *sp, krb5_keyblock *p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_times\fP (krb5_storage *sp, krb5_times times)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_times\fP (krb5_storage *sp, krb5_times *times)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_address\fP (krb5_storage *sp, krb5_address p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_address\fP (krb5_storage *sp, krb5_address *adr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_addrs\fP (krb5_storage *sp, krb5_addresses p)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_addrs\fP (krb5_storage *sp, krb5_addresses *adr)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_authdata\fP (krb5_storage *sp, krb5_authdata auth)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_authdata\fP (krb5_storage *sp, krb5_authdata *auth)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_creds\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_creds\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_store_creds_tag\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_ret_creds_tag\fP (krb5_storage *sp, krb5_creds *creds)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_emem\fP (void)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_fd\fP (krb5_socket_t fd_in)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_mem\fP (void *buf, size_t len)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_data\fP (krb5_data *data)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_storage *KRB5_LIB_CALL \fBkrb5_storage_from_readonly_mem\fP (const void *buf, size_t len)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address (krb5_storage * sp, krb5_address * adr)" +.PP +Read a address block from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIadr\fP the address block read from storage +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs (krb5_storage * sp, krb5_addresses * adr)" +.PP +Read a addresses block from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIadr\fP the addresses block read from storage +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata (krb5_storage * sp, krb5_authdata * auth)" +.PP +Read a auth data from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIauth\fP the auth data block read from storage +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds (krb5_storage * sp, krb5_creds * creds)" +.PP +Read a credentials block from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the credentials block read from storage +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag (krb5_storage * sp, krb5_creds * creds)" +.PP +Read a tagged credentials block from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the credentials block read from storage +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data (krb5_storage * sp, krb5_data * data)" +.PP +Parse a data from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIdata\fP the parsed data +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16 (krb5_storage * sp, int16_t * value)" +.PP +Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32 (krb5_storage * sp, int32_t * value)" +.PP +Read a int32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8 (krb5_storage * sp, int8_t * value)" +.PP +Read a int8 from storage +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock (krb5_storage * sp, krb5_keyblock * p)" +.PP +Read a keyblock from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the keyblock read from storage, free using \fBkrb5_free_keyblock()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal (krb5_storage * sp, krb5_principal * princ)" +.PP +Parse principal from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIprinc\fP the parsed principal +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string (krb5_storage * sp, char ** string)" +.PP +Parse a string from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIstring\fP the parsed string +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz (krb5_storage * sp, char ** string)" +.PP +Parse zero terminated string from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIstring\fP the parsed string +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times (krb5_storage * sp, krb5_times * times)" +.PP +Read a times block from the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fItimes\fP the times block read from storage +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16 (krb5_storage * sp, uint16_t * value)" +.PP +Read a int16 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32 (krb5_storage * sp, uint32_t * value)" +.PP +Read a uint32 from storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8 (krb5_storage * sp, uint8_t * value)" +.PP +Read a uint8 from storage +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value read from the buffer +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags (krb5_storage * sp, krb5_flags flags)" +.PP +Clear the flags on a storage buffer +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to clear the flags on +.br +\fIflags\fP the flags to clear +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_emem (void)" +.PP +Create a elastic (allocating) memory storage backend. Memory is allocated on demand. Free returned krb5_storage with \fBkrb5_storage_free()\fP. +.PP +\fBReturns:\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error. +.RE +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.PP +\fBkrb5_storage_from_data()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free (krb5_storage * sp)" +.PP +Free a krb5 storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to free. +.RE +.PP +\fBReturns:\fP +.RS 4 +An Kerberos 5 error code. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_data (krb5_data * data)" +.PP +Create a fixed size memory storage block +.PP +\fBReturns:\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error. +.RE +.PP +\fBSee also:\fP +.RS 4 +krb5_storage_mem() +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_fd (krb5_socket_t fd_in)" +.PP +\fBReturns:\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error. +.RE +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_storage_emem()\fP +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_mem (void * buf, size_t len)" +.PP +Create a fixed size memory storage block +.PP +\fBReturns:\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error. +.RE +.PP +\fBSee also:\fP +.RS 4 +krb5_storage_mem() +.PP +\fBkrb5_storage_from_readonly_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_storage* KRB5_LIB_CALL krb5_storage_from_readonly_mem (const void * buf, size_t len)" +.PP +Create a fixed size memory storage block that is read only +.PP +\fBReturns:\fP +.RS 4 +A krb5_storage on success, or NULL on out of memory error. +.RE +.PP +\fBSee also:\fP +.RS 4 +krb5_storage_mem() +.PP +\fBkrb5_storage_from_mem()\fP +.PP +\fBkrb5_storage_from_data()\fP +.PP +\fBkrb5_storage_from_fd()\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL krb5_storage_get_byteorder (krb5_storage * sp)" +.PP +Return the current byteorder for the buffer. See \fBkrb5_storage_set_byteorder()\fP for the list or byte order contants. +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_get_eof_code (krb5_storage * sp)" +.PP +Get the return code that will be used when end of storage is reached. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage +.RE +.PP +\fBReturns:\fP +.RS 4 +storage error code +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags (krb5_storage * sp, krb5_flags flags)" +.PP +Return true or false depending on if the storage flags is set or not. NB testing for the flag 0 always return true. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to check flags on +.br +\fIflags\fP The flags to test for +.RE +.PP +\fBReturns:\fP +.RS 4 +true if all the flags are set, false if not. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read (krb5_storage * sp, void * buf, size_t len)" +.PP +Read to the storage buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to read from +.br +\fIbuf\fP the buffer to store the data in +.br +\fIlen\fP the length to read +.RE +.PP +\fBReturns:\fP +.RS 4 +The length of data read (can be shorter then len), or negative on error. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek (krb5_storage * sp, off_t offset, int whence)" +.PP +Seek to a new offset. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to seek in. +.br +\fIoffset\fP the offset to seek +.br +\fIwhence\fP relateive searching, SEEK_CUR from the current position, SEEK_END from the end, SEEK_SET absolute from the start. +.RE +.PP +\fBReturns:\fP +.RS 4 +The new current offset +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder (krb5_storage * sp, krb5_flags byteorder)" +.PP +Set the new byte order of the storage buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to set the byte order for. +.br +\fIbyteorder\fP the new byte order. +.RE +.PP +The byte order are: KRB5_STORAGE_BYTEORDER_BE, KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST. +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code (krb5_storage * sp, int code)" +.PP +Set the return code that will be used when end of storage is reached. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage +.br +\fIcode\fP the error code to return on end of storage +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags (krb5_storage * sp, krb5_flags flags)" +.PP +Add the flags on a storage buffer by or-ing in the flags to the buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to set the flags on +.br +\fIflags\fP the flags to set +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_max_alloc (krb5_storage * sp, size_t size)" +.PP +Set the max alloc value +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer set the max allow for +.br +\fIsize\fP maximum size to allocate, use 0 to remove limit +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data (krb5_storage * sp, krb5_data * data)" +.PP +Copy the contnent of storage +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to copy to a data +.br +\fIdata\fP the copied data, free with \fBkrb5_data_free()\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_storage_truncate (krb5_storage * sp, off_t offset)" +.PP +Truncate the storage buffer in sp to offset. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to truncate. +.br +\fIoffset\fP the offset to truncate too. +.RE +.PP +\fBReturns:\fP +.RS 4 +An Kerberos 5 error code. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write (krb5_storage * sp, const void * buf, size_t len)" +.PP +Write to the storage buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIbuf\fP the buffer to write to the storage buffer +.br +\fIlen\fP the length to write +.RE +.PP +\fBReturns:\fP +.RS 4 +The length of data written (can be shorter then len), or negative on error. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address (krb5_storage * sp, krb5_address p)" +.PP +Write a address block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the address block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs (krb5_storage * sp, krb5_addresses p)" +.PP +Write a addresses block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the addresses block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata (krb5_storage * sp, krb5_authdata auth)" +.PP +Write a auth data block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIauth\fP the auth data block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds (krb5_storage * sp, krb5_creds * creds)" +.PP +Write a credentials block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the creds block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag (krb5_storage * sp, krb5_creds * creds)" +.PP +Write a tagged credentials block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIcreds\fP the creds block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data (krb5_storage * sp, krb5_data data)" +.PP +Store a data to the storage. The data is stored with an int32 as lenght plus the data (not padded). +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIdata\fP the buffer to store. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16 (krb5_storage * sp, int16_t value)" +.PP +Store a int16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32 (krb5_storage * sp, int32_t value)" +.PP +Store a int32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8 (krb5_storage * sp, int8_t value)" +.PP +Store a int8 to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock (krb5_storage * sp, krb5_keyblock p)" +.PP +Store a keyblock to the storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the keyblock to write +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal (krb5_storage * sp, krb5_const_principal p)" +.PP +Write a principal block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIp\fP the principal block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string (krb5_storage * sp, const char * s)" +.PP +Store a string to the buffer. The data is formated as an len:uint32 plus the string itself (not padded). +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIs\fP the string to store. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz (krb5_storage * sp, const char * s)" +.PP +Store a zero terminated string to the buffer. The data is stored one character at a time until a NUL is stored. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fIs\fP the string to store. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times (krb5_storage * sp, krb5_times times)" +.PP +Write a times block to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage buffer to write to +.br +\fItimes\fP the times block to write. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16 (krb5_storage * sp, uint16_t value)" +.PP +Store a uint16 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32 (krb5_storage * sp, uint32_t value)" +.PP +Store a uint32 to storage, byte order is controlled by the settings on the storage, see \fBkrb5_storage_set_byteorder()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8 (krb5_storage * sp, uint8_t value)" +.PP +Store a uint8 to storage. +.PP +\fBParameters:\fP +.RS 4 +\fIsp\fP the storage to write too +.br +\fIvalue\fP the value to store +.RE +.PP +\fBReturns:\fP +.RS 4 +0 for success, or a Kerberos 5 error code on failure. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_clear_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_clear_flags.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_clear_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_emem.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_emem.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_emem.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_free.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_free.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_free.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_data.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_data.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_fd.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_fd.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_fd.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_mem.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_mem.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_mem.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_readonly_mem.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_readonly_mem.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_from_readonly_mem.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_get_byteorder.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_get_byteorder.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_get_byteorder.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_get_eof_code.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_get_eof_code.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_get_eof_code.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_is_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_is_flags.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_is_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_read.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_read.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_read.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_seek.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_seek.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_seek.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_byteorder.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_byteorder.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_byteorder.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_eof_code.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_eof_code.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_eof_code.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_flags.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_max_alloc.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_max_alloc.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_set_max_alloc.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_to_data.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_to_data.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_to_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_truncate.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_truncate.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_truncate.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_write.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_write.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_storage_write.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_address.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_address.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_address.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_addrs.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_addrs.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_addrs.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_authdata.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_authdata.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_authdata.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_creds.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_creds.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_creds.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_creds_tag.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_creds_tag.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_creds_tag.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_data.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_data.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_data.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int16.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int16.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int32.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int32.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int8.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int8.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_int8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_keyblock.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_keyblock.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_keyblock.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_principal.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_principal.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_principal.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_string.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_string.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_stringz.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_stringz.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_stringz.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_times.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_times.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_times.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint16.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint16.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint16.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint32.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint32.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint32.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint8.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint8.3 new file mode 100644 index 00000000000..de414358a46 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_store_uint8.3 @@ -0,0 +1 @@ +.so man3/krb5_storage.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_string_to_keytype.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_string_to_keytype.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_string_to_keytype.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_support.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_support.3 new file mode 100644 index 00000000000..524a6b98e7b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_support.3 @@ -0,0 +1,650 @@ +.TH "Heimdal Kerberos 5 support functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 support functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_string\fP (krb5_context context, const char *string, const char *format,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_acl_match_file\fP (krb5_context context, const char *file, const char *format,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_parse_file_multi\fP (krb5_context context, const char *fname, krb5_config_section **res)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_config_file_free\fP (krb5_context context, krb5_config_section *s)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_get_list\fP (krb5_context context, const krb5_config_section *c,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const krb5_config_binding *KRB5_LIB_CALL \fBkrb5_config_vget_list\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string\fP (krb5_context context, const krb5_config_section *c,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_vget_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION const char *KRB5_LIB_CALL \fBkrb5_config_get_string_default\fP (krb5_context context, const krb5_config_section *c, const char *def_value,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_vget_strings\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION char **KRB5_LIB_CALL \fBkrb5_config_get_strings\fP (krb5_context context, const krb5_config_section *c,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION void KRB5_LIB_CALL \fBkrb5_config_free_strings\fP (char **strings)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_vget_bool\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool_default\fP (krb5_context context, const krb5_config_section *c, krb5_boolean def_value,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_config_get_bool\fP (krb5_context context, const krb5_config_section *c,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_vget_time\fP (krb5_context context, const krb5_config_section *c, va_list args)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time_default\fP (krb5_context context, const krb5_config_section *c, int def_value,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION int KRB5_LIB_CALL \fBkrb5_config_get_time\fP (krb5_context context, const krb5_config_section *c,...)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname\fP (krb5_context context, const char *orig_hostname, char **new_hostname)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_expand_hostname_realms\fP (krb5_context context, const char *orig_hostname, char **new_hostname, char ***realms)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_free_host_realm\fP (krb5_context context, krb5_realm *realmlist)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL \fBkrb5_kuserok\fP (krb5_context context, krb5_principal principal, const char *luser)" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb5_plugin_register\fP (krb5_context context, enum krb5_plugin_type type, const char *name, void *symbol)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file (krb5_context context, const char * file, const char * format, ...)" +.PP +krb5_acl_match_file matches ACL format against each line in a file using \fBkrb5_acl_match_string()\fP. Lines starting with # are treated like comments and ignored. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIfile\fP file with acl listed in the file. +.br +\fIformat\fP format to match. +.br +\fI...\fP parameter to format string. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_acl_match_string\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string (krb5_context context, const char * string, const char * format, ...)" +.PP +krb5_acl_match_string matches ACL format against a string. +.PP +The ACL format has three format specifiers: s, f, and r. Each specifier will retrieve one argument from the variable arguments for either matching or storing data. The input string is split up using ' ' (space) and '\\t' (tab) as a delimiter; multiple and '\\t' in a row are considered to be the same. +.PP +List of format specifiers: +.IP "\(bu" 2 +s Matches a string using strcmp(3) (case sensitive). +.IP "\(bu" 2 +f Matches the string with fnmatch(3). Theflags argument (the last argument) passed to the fnmatch function is 0. +.IP "\(bu" 2 +r Returns a copy of the string in the char ** passed in; the copy must be freed with free(3). There is no need to free(3) the string on error: the function will clean up and set the pointer to NULL. +.PP +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context +.br +\fIstring\fP string to match with +.br +\fIformat\fP format to match +.br +\fI...\fP parameter to format string +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0. +.RE +.PP +.PP +.nf + char *s; + + ret = krb5_acl_match_string(context, 'foo', 's', 'foo'); + if (ret) + krb5_errx(context, 1, 'acl didn't match'); + ret = krb5_acl_match_string(context, 'foo foo baz/kaka', + 'ss', 'foo', &s, 'foo/\\*'); + if (ret) { + // no need to free(s) on error + assert(s == NULL); + krb5_errx(context, 1, 'acl didn't match'); + } + free(s); +.fi +.PP +.PP +\fBSee also:\fP +.RS 4 +\fBkrb5_acl_match_file\fP +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section * s)" +.PP +Free configuration file section, the result of krb5_config_parse_file() and \fBkrb5_config_parse_file_multi()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context +.br +\fIs\fP the configuration section to free +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on successes, otherwise an error code, see krb5_get_error_message() +.RE +.PP + +.SS "KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char ** strings)" +.PP +Free the resulting strings from krb5_config-get_strings() and \fBkrb5_config_vget_strings()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIstrings\fP strings to free +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section * c, ...)" +.PP +Like \fBkrb5_config_get_bool()\fP but with a va_list list of configuration selection. +.PP +Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, ...)" +.PP +\fBkrb5_config_get_bool_default()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database. +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section * c, ...)" +.PP +Get a list of configuration binding list for more processing +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +NULL if configuration list is not found, a list otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section * c, ...)" +.PP +Returns a 'const char *' to a string in the configuration database. The string may not be valid after a reload of the configuration database so a caller should make a local copy if it needs to keep the string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +NULL if configuration string not found, a string otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, ...)" +.PP +Like \fBkrb5_config_get_string()\fP, but instead of returning NULL, instead return a default value. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database. +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +a configuration string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings (krb5_context context, const krb5_config_section * c, ...)" +.PP +Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section * c, ...)" +.PP +Get the time from the configuration file using a relative time, for example: 1h30s +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +parsed the time or -1 on error +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section * c, int def_value, ...)" +.PP +Get the time from the configuration file using a relative time, for example: 1h30s +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database. +.br +\fI...\fP a list of names, terminated with NULL. +.RE +.PP +\fBReturns:\fP +.RS 4 +parsed the time (or def_value on parse error) +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char * fname, krb5_config_section ** res)" +.PP +Parse a configuration file and add the result into res. This interface can be used to parse several configuration files into one resulting krb5_config_section by calling it repeatably. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Kerberos 5 context. +.br +\fIfname\fP a file name to a Kerberos configuration file +.br +\fIres\fP the returned result, must be free with \fBkrb5_free_config_files()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.PP +If the fname starts with '~/' parse configuration file in the current users home directory. The behavior can be disabled and enabled by calling \fBkrb5_set_home_dir_access()\fP. +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section * c, va_list args)" +.PP +\fBkrb5_config_get_bool()\fP will convert the configuration option value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section * c, krb5_boolean def_value, va_list args)" +.PP +Like \fBkrb5_config_get_bool_default()\fP but with a va_list list of configuration selection. +.PP +Configuration value to a boolean value, where yes/true and any non-zero number means TRUE and other value is FALSE. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database. +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const krb5_config_binding* KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section * c, va_list args)" +.PP +Get a list of configuration binding list for more processing +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +NULL if configuration list is not found, a list otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section * c, va_list args)" +.PP +Like \fBkrb5_config_get_string()\fP, but uses a va_list instead of ... +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +NULL if configuration string not found, a string otherwise +.RE +.PP + +.SS "KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section * c, const char * def_value, va_list args)" +.PP +Like \fBkrb5_config_vget_string()\fP, but instead of returning NULL, instead return a default value. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database. +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +a configuration string +.RE +.PP + +.SS "KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_vget_strings (krb5_context context, const krb5_config_section * c, va_list args)" +.PP +Get a list of configuration strings, free the result with \fBkrb5_config_free_strings()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +TRUE or FALSE +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context context, const krb5_config_section * c, va_list args)" +.PP +Get the time from the configuration file using a relative time, for example: 1h30s +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +parsed the time or -1 on error +.RE +.PP + +.SS "KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section * c, int def_value, va_list args)" +.PP +Get the time from the configuration file using a relative time. +.PP +Like \fBkrb5_config_get_time_default()\fP but with a va_list list of configuration selection. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIc\fP a configuration section, or NULL to use the section from context +.br +\fIdef_value\fP the default value to return if no configuration found in the database. +.br +\fIargs\fP a va_list of arguments +.RE +.PP +\fBReturns:\fP +.RS 4 +parsed the time (or def_value on parse error) +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char * orig_hostname, char ** new_hostname)" +.PP +\fBkrb5_expand_hostname()\fP tries to make orig_hostname into a more canonical one in the newly allocated space returned in new_hostname. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIorig_hostname\fP hostname to canonicalise. +.br +\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char * orig_hostname, char ** new_hostname, char *** realms)" +.PP +\fBkrb5_expand_hostname_realms()\fP expands orig_hostname to a name we believe to be a hostname in newly allocated space in new_hostname and return the realms new_hostname is believed to belong to in realms. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fIorig_hostname\fP hostname to canonicalise. +.br +\fInew_hostname\fP output hostname, caller must free hostname with krb5_xfree(). +.br +\fIrealms\fP output possible realms, is an array that is terminated with NULL. Caller must free with \fBkrb5_free_host_realm()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Return an error code or 0, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm (krb5_context context, krb5_realm * realmlist)" +.PP +Free all memory allocated by `realmlist' +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A Kerberos 5 context. +.br +\fIrealmlist\fP realmlist to free, NULL is ok +.RE +.PP +\fBReturns:\fP +.RS 4 +a Kerberos error code, always 0. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context context, krb5_principal principal, const char * luser)" +.PP +This function takes the name of a local user and checks if principal is allowed to log in as that user. +.PP +The user may have a ~/.k5login file listing principals that are allowed to login as that user. If that file does not exist, all principals with a first component identical to the username, and a realm considered local, are allowed access. +.PP +The .k5login file must contain one principal per line, be owned by user and not be writable by group or other (but must be readable by anyone). +.PP +Note that if the file exists, no implicit access rights are given to user@LOCALREALM. +.PP +Optionally, a set of files may be put in ~/.k5login.d (a directory), in which case they will all be checked in the same manner as .k5login. The files may be called anything, but files starting with a hash (#) , or ending with a tilde (~) are ignored. Subdirectories are not traversed. Note that this directory may not be checked by other Kerberos implementations. +.PP +If no configuration file exists, match user against local domains, ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIprincipal\fP principal to check if allowed to login +.br +\fIluser\fP local user id +.RE +.PP +\fBReturns:\fP +.RS 4 +returns TRUE if access should be granted, FALSE otherwise. +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register (krb5_context context, enum krb5_plugin_type type, const char * name, void * symbol)" +.PP +Register a plugin symbol name of specific type. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a Keberos context +.br +\fItype\fP type of plugin symbol +.br +\fIname\fP name of plugin symbol +.br +\fIsymbol\fP a pointer to the named symbol +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of error a non zero error com_err error is returned and the Kerberos error string is set. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket.3 new file mode 100644 index 00000000000..4ae51129237 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket.3 @@ -0,0 +1,34 @@ +.TH "Heimdal Kerberos 5 ticket functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 5 ticket functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL \fBkrb5_ticket_get_flags\fP (krb5_context context, const krb5_ticket *ticket)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags (krb5_context context, const krb5_ticket * ticket)" +.PP +Get the flags from the Kerberos ticket +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos context +.br +\fIticket\fP Kerberos ticket +.RE +.PP +\fBReturns:\fP +.RS 4 +ticket flags +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_authorization_data_type.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_authorization_data_type.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_authorization_data_type.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_client.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_client.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_client.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_endtime.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_endtime.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_endtime.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_flags.3 new file mode 100644 index 00000000000..7b8aa1908a1 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_ticket.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_server.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_server.3 new file mode 100644 index 00000000000..16c542ae4a7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_ticket_get_server.3 @@ -0,0 +1 @@ +.so man3/krb5.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed_flags.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed_short.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed_short.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_fixed_short.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_flags.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_flags.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_flags.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_short.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_short.3 new file mode 100644 index 00000000000..86ad45a98b4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_unparse_name_short.3 @@ -0,0 +1 @@ +.so man3/krb5_principal.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 new file mode 100644 index 00000000000..8d80e3edcf6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_v4compat.3 @@ -0,0 +1,60 @@ +.TH "Heimdal Kerberos 4 compatiblity functions" 3 "30 Sep 2011" "Version 1.5.1" "HeimdalKerberos5library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal Kerberos 4 compatiblity functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb524_convert_creds_kdc\fP (krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.ti -1c +.RI "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL \fBkrb524_convert_creds_kdc_ccache\fP (krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) KRB5_DEPRECATED_FUNCTION('Use X instead')" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc (krb5_context context, krb5_creds * in_cred, struct credentials * v4creds)" +.PP +Convert the v5 credentials in in_cred to v4-dito in v4creds. This is done by sending them to the 524 function in the KDC. If `in_cred' doesn't contain a DES session key, then a new one is gotten from the KDC and stored in the cred cache `ccache'. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIin_cred\fP the credential to convert +.br +\fIv4creds\fP the converted credential +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + +.SS "KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache (krb5_context context, krb5_ccache ccache, krb5_creds * in_cred, struct credentials * v4creds)" +.PP +Convert the v5 credentials in in_cred to v4-dito in v4creds, check the credential cache ccache before checking with the KDC. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Kerberos 5 context. +.br +\fIccache\fP credential cache used to check for des-ticket. +.br +\fIin_cred\fP the credential to convert +.br +\fIv4creds\fP the converted credential +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns 0 to indicate success. Otherwise an kerberos et error code is returned, see krb5_get_error_message(). +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_verify_checksum_iov.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_verify_checksum_iov.3 new file mode 100644 index 00000000000..ebfd1cbfb9b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_verify_checksum_iov.3 @@ -0,0 +1 @@ +.so man3/krb5_crypto.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_vset_error_string.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_vset_error_string.3 new file mode 100644 index 00000000000..daa28323968 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_vset_error_string.3 @@ -0,0 +1 @@ +.so man3/krb5_deprecated.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_vwarn.3 b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_vwarn.3 new file mode 100644 index 00000000000..f721fda2cd4 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/man/man3/krb5_vwarn.3 @@ -0,0 +1 @@ +.so man3/krb5_error.3 diff --git a/crypto/heimdal/doc/doxyout/krb5/manpages b/crypto/heimdal/doc/doxyout/krb5/manpages new file mode 100644 index 00000000000..b5172637fde --- /dev/null +++ b/crypto/heimdal/doc/doxyout/krb5/manpages @@ -0,0 +1,360 @@ +krb5/man/man3/krb5.3 +krb5/man/man3/krb524_convert_creds_kdc.3 +krb5/man/man3/krb524_convert_creds_kdc_ccache.3 +krb5/man/man3/krb5_acc_ops.3 +krb5/man/man3/krb5_acl_match_file.3 +krb5/man/man3/krb5_acl_match_string.3 +krb5/man/man3/krb5_add_et_list.3 +krb5/man/man3/krb5_add_extra_addresses.3 +krb5/man/man3/krb5_add_ignore_addresses.3 +krb5/man/man3/krb5_addr2sockaddr.3 +krb5/man/man3/krb5_address.3 +krb5/man/man3/krb5_address_compare.3 +krb5/man/man3/krb5_address_order.3 +krb5/man/man3/krb5_address_prefixlen_boundary.3 +krb5/man/man3/krb5_address_search.3 +krb5/man/man3/krb5_allow_weak_crypto.3 +krb5/man/man3/krb5_anyaddr.3 +krb5/man/man3/krb5_append_addresses.3 +krb5/man/man3/krb5_auth.3 +krb5/man/man3/krb5_auth_getremoteseqnumber.3 +krb5/man/man3/krb5_build_principal.3 +krb5/man/man3/krb5_c_enctype_compare.3 +krb5/man/man3/krb5_cc_cache_end_seq_get.3 +krb5/man/man3/krb5_cc_cache_get_first.3 +krb5/man/man3/krb5_cc_cache_match.3 +krb5/man/man3/krb5_cc_cache_next.3 +krb5/man/man3/krb5_cc_clear_mcred.3 +krb5/man/man3/krb5_cc_close.3 +krb5/man/man3/krb5_cc_copy_cache.3 +krb5/man/man3/krb5_cc_copy_creds.3 +krb5/man/man3/krb5_cc_copy_match_f.3 +krb5/man/man3/krb5_cc_default.3 +krb5/man/man3/krb5_cc_default_name.3 +krb5/man/man3/krb5_cc_destroy.3 +krb5/man/man3/krb5_cc_end_seq_get.3 +krb5/man/man3/krb5_cc_gen_new.3 +krb5/man/man3/krb5_cc_get_config.3 +krb5/man/man3/krb5_cc_get_flags.3 +krb5/man/man3/krb5_cc_get_friendly_name.3 +krb5/man/man3/krb5_cc_get_full_name.3 +krb5/man/man3/krb5_cc_get_kdc_offset.3 +krb5/man/man3/krb5_cc_get_lifetime.3 +krb5/man/man3/krb5_cc_get_name.3 +krb5/man/man3/krb5_cc_get_ops.3 +krb5/man/man3/krb5_cc_get_prefix_ops.3 +krb5/man/man3/krb5_cc_get_principal.3 +krb5/man/man3/krb5_cc_get_type.3 +krb5/man/man3/krb5_cc_get_version.3 +krb5/man/man3/krb5_cc_initialize.3 +krb5/man/man3/krb5_cc_last_change_time.3 +krb5/man/man3/krb5_cc_move.3 +krb5/man/man3/krb5_cc_new_unique.3 +krb5/man/man3/krb5_cc_next_cred.3 +krb5/man/man3/krb5_cc_register.3 +krb5/man/man3/krb5_cc_remove_cred.3 +krb5/man/man3/krb5_cc_resolve.3 +krb5/man/man3/krb5_cc_retrieve_cred.3 +krb5/man/man3/krb5_cc_set_config.3 +krb5/man/man3/krb5_cc_set_default_name.3 +krb5/man/man3/krb5_cc_set_flags.3 +krb5/man/man3/krb5_cc_set_friendly_name.3 +krb5/man/man3/krb5_cc_set_kdc_offset.3 +krb5/man/man3/krb5_cc_start_seq_get.3 +krb5/man/man3/krb5_cc_store_cred.3 +krb5/man/man3/krb5_cc_support_switch.3 +krb5/man/man3/krb5_cc_switch.3 +krb5/man/man3/krb5_ccache.3 +krb5/man/man3/krb5_ccache_intro.3 +krb5/man/man3/krb5_cccol_cursor_free.3 +krb5/man/man3/krb5_cccol_cursor_new.3 +krb5/man/man3/krb5_cccol_cursor_next.3 +krb5/man/man3/krb5_cccol_last_change_time.3 +krb5/man/man3/krb5_change_password.3 +krb5/man/man3/krb5_cksumtype_to_enctype.3 +krb5/man/man3/krb5_clear_error_message.3 +krb5/man/man3/krb5_clear_error_string.3 +krb5/man/man3/krb5_compare_creds.3 +krb5/man/man3/krb5_config_file_free.3 +krb5/man/man3/krb5_config_free_strings.3 +krb5/man/man3/krb5_config_get_bool.3 +krb5/man/man3/krb5_config_get_bool_default.3 +krb5/man/man3/krb5_config_get_list.3 +krb5/man/man3/krb5_config_get_string.3 +krb5/man/man3/krb5_config_get_string_default.3 +krb5/man/man3/krb5_config_get_strings.3 +krb5/man/man3/krb5_config_get_time.3 +krb5/man/man3/krb5_config_get_time_default.3 +krb5/man/man3/krb5_config_parse_file_multi.3 +krb5/man/man3/krb5_config_parse_string_multi.3 +krb5/man/man3/krb5_config_vget_bool.3 +krb5/man/man3/krb5_config_vget_bool_default.3 +krb5/man/man3/krb5_config_vget_list.3 +krb5/man/man3/krb5_config_vget_string.3 +krb5/man/man3/krb5_config_vget_string_default.3 +krb5/man/man3/krb5_config_vget_strings.3 +krb5/man/man3/krb5_config_vget_time.3 +krb5/man/man3/krb5_config_vget_time_default.3 +krb5/man/man3/krb5_copy_address.3 +krb5/man/man3/krb5_copy_addresses.3 +krb5/man/man3/krb5_copy_context.3 +krb5/man/man3/krb5_copy_creds.3 +krb5/man/man3/krb5_copy_creds_contents.3 +krb5/man/man3/krb5_copy_data.3 +krb5/man/man3/krb5_copy_host_realm.3 +krb5/man/man3/krb5_copy_keyblock.3 +krb5/man/man3/krb5_copy_keyblock_contents.3 +krb5/man/man3/krb5_copy_principal.3 +krb5/man/man3/krb5_copy_ticket.3 +krb5/man/man3/krb5_create_checksum_iov.3 +krb5/man/man3/krb5_credential.3 +krb5/man/man3/krb5_creds_get_ticket_flags.3 +krb5/man/man3/krb5_crypto.3 +krb5/man/man3/krb5_crypto_destroy.3 +krb5/man/man3/krb5_crypto_fx_cf2.3 +krb5/man/man3/krb5_crypto_getblocksize.3 +krb5/man/man3/krb5_crypto_getconfoundersize.3 +krb5/man/man3/krb5_crypto_getenctype.3 +krb5/man/man3/krb5_crypto_getpadsize.3 +krb5/man/man3/krb5_crypto_init.3 +krb5/man/man3/krb5_crypto_iov.3 +krb5/man/man3/krb5_data_alloc.3 +krb5/man/man3/krb5_data_cmp.3 +krb5/man/man3/krb5_data_copy.3 +krb5/man/man3/krb5_data_ct_cmp.3 +krb5/man/man3/krb5_data_free.3 +krb5/man/man3/krb5_data_realloc.3 +krb5/man/man3/krb5_data_zero.3 +krb5/man/man3/krb5_decrypt_iov_ivec.3 +krb5/man/man3/krb5_deprecated.3 +krb5/man/man3/krb5_digest.3 +krb5/man/man3/krb5_digest_probe.3 +krb5/man/man3/krb5_eai_to_heim_errno.3 +krb5/man/man3/krb5_encrypt_iov_ivec.3 +krb5/man/man3/krb5_enctype_disable.3 +krb5/man/man3/krb5_enctype_enable.3 +krb5/man/man3/krb5_enctype_valid.3 +krb5/man/man3/krb5_enctypes_compatible_keys.3 +krb5/man/man3/krb5_error.3 +krb5/man/man3/krb5_expand_hostname.3 +krb5/man/man3/krb5_expand_hostname_realms.3 +krb5/man/man3/krb5_fcc_ops.3 +krb5/man/man3/krb5_fileformats.3 +krb5/man/man3/krb5_free_address.3 +krb5/man/man3/krb5_free_addresses.3 +krb5/man/man3/krb5_free_config_files.3 +krb5/man/man3/krb5_free_context.3 +krb5/man/man3/krb5_free_cred_contents.3 +krb5/man/man3/krb5_free_creds.3 +krb5/man/man3/krb5_free_creds_contents.3 +krb5/man/man3/krb5_free_data.3 +krb5/man/man3/krb5_free_data_contents.3 +krb5/man/man3/krb5_free_error_string.3 +krb5/man/man3/krb5_free_host_realm.3 +krb5/man/man3/krb5_free_keyblock.3 +krb5/man/man3/krb5_free_keyblock_contents.3 +krb5/man/man3/krb5_free_principal.3 +krb5/man/man3/krb5_free_ticket.3 +krb5/man/man3/krb5_free_unparsed_name.3 +krb5/man/man3/krb5_fwd_tgt_creds.3 +krb5/man/man3/krb5_generate_subkey.3 +krb5/man/man3/krb5_generate_subkey_extended.3 +krb5/man/man3/krb5_get_cred_from_kdc.3 +krb5/man/man3/krb5_get_cred_from_kdc_opt.3 +krb5/man/man3/krb5_get_default_config_files.3 +krb5/man/man3/krb5_get_default_in_tkt_etypes.3 +krb5/man/man3/krb5_get_dns_canonicalize_hostname.3 +krb5/man/man3/krb5_get_extra_addresses.3 +krb5/man/man3/krb5_get_fcache_version.3 +krb5/man/man3/krb5_get_forwarded_creds.3 +krb5/man/man3/krb5_get_ignore_addresses.3 +krb5/man/man3/krb5_get_in_tkt_with_keytab.3 +krb5/man/man3/krb5_get_in_tkt_with_password.3 +krb5/man/man3/krb5_get_in_tkt_with_skey.3 +krb5/man/man3/krb5_get_init_creds_keyblock.3 +krb5/man/man3/krb5_get_init_creds_keytab.3 +krb5/man/man3/krb5_get_init_creds_opt_alloc.3 +krb5/man/man3/krb5_get_init_creds_opt_free.3 +krb5/man/man3/krb5_get_init_creds_opt_get_error.3 +krb5/man/man3/krb5_get_init_creds_opt_init.3 +krb5/man/man3/krb5_get_init_creds_password.3 +krb5/man/man3/krb5_get_kdc_sec_offset.3 +krb5/man/man3/krb5_get_max_time_skew.3 +krb5/man/man3/krb5_get_use_admin_kdc.3 +krb5/man/man3/krb5_get_validated_creds.3 +krb5/man/man3/krb5_h_addr2addr.3 +krb5/man/man3/krb5_h_addr2sockaddr.3 +krb5/man/man3/krb5_h_errno_to_heim_errno.3 +krb5/man/man3/krb5_init_context.3 +krb5/man/man3/krb5_init_creds_free.3 +krb5/man/man3/krb5_init_creds_get.3 +krb5/man/man3/krb5_init_creds_get_error.3 +krb5/man/man3/krb5_init_creds_init.3 +krb5/man/man3/krb5_init_creds_intro.3 +krb5/man/man3/krb5_init_creds_set_keytab.3 +krb5/man/man3/krb5_init_creds_set_password.3 +krb5/man/man3/krb5_init_creds_set_service.3 +krb5/man/man3/krb5_init_creds_step.3 +krb5/man/man3/krb5_init_ets.3 +krb5/man/man3/krb5_introduction.3 +krb5/man/man3/krb5_is_config_principal.3 +krb5/man/man3/krb5_is_thread_safe.3 +krb5/man/man3/krb5_kerberos_enctypes.3 +krb5/man/man3/krb5_keyblock_get_enctype.3 +krb5/man/man3/krb5_keyblock_init.3 +krb5/man/man3/krb5_keyblock_zero.3 +krb5/man/man3/krb5_keytab.3 +krb5/man/man3/krb5_keytab_intro.3 +krb5/man/man3/krb5_keytab_key_proc.3 +krb5/man/man3/krb5_keytype_to_enctypes.3 +krb5/man/man3/krb5_keytype_to_enctypes_default.3 +krb5/man/man3/krb5_keytype_to_string.3 +krb5/man/man3/krb5_krbhst_get_addrinfo.3 +krb5/man/man3/krb5_kt_add_entry.3 +krb5/man/man3/krb5_kt_close.3 +krb5/man/man3/krb5_kt_compare.3 +krb5/man/man3/krb5_kt_copy_entry_contents.3 +krb5/man/man3/krb5_kt_default.3 +krb5/man/man3/krb5_kt_default_modify_name.3 +krb5/man/man3/krb5_kt_default_name.3 +krb5/man/man3/krb5_kt_destroy.3 +krb5/man/man3/krb5_kt_end_seq_get.3 +krb5/man/man3/krb5_kt_free_entry.3 +krb5/man/man3/krb5_kt_get_entry.3 +krb5/man/man3/krb5_kt_get_full_name.3 +krb5/man/man3/krb5_kt_get_name.3 +krb5/man/man3/krb5_kt_get_type.3 +krb5/man/man3/krb5_kt_have_content.3 +krb5/man/man3/krb5_kt_next_entry.3 +krb5/man/man3/krb5_kt_read_service_key.3 +krb5/man/man3/krb5_kt_register.3 +krb5/man/man3/krb5_kt_remove_entry.3 +krb5/man/man3/krb5_kt_resolve.3 +krb5/man/man3/krb5_kt_start_seq_get.3 +krb5/man/man3/krb5_kuserok.3 +krb5/man/man3/krb5_make_addrport.3 +krb5/man/man3/krb5_make_principal.3 +krb5/man/man3/krb5_max_sockaddr_size.3 +krb5/man/man3/krb5_mcc_ops.3 +krb5/man/man3/krb5_pac.3 +krb5/man/man3/krb5_pac_get_buffer.3 +krb5/man/man3/krb5_pac_verify.3 +krb5/man/man3/krb5_parse_address.3 +krb5/man/man3/krb5_parse_name.3 +krb5/man/man3/krb5_parse_name_flags.3 +krb5/man/man3/krb5_parse_nametype.3 +krb5/man/man3/krb5_password_key_proc.3 +krb5/man/man3/krb5_plugin_register.3 +krb5/man/man3/krb5_prepend_config_files_default.3 +krb5/man/man3/krb5_princ_realm.3 +krb5/man/man3/krb5_princ_set_realm.3 +krb5/man/man3/krb5_principal.3 +krb5/man/man3/krb5_principal_compare.3 +krb5/man/man3/krb5_principal_compare_any_realm.3 +krb5/man/man3/krb5_principal_get_num_comp.3 +krb5/man/man3/krb5_principal_get_realm.3 +krb5/man/man3/krb5_principal_get_type.3 +krb5/man/man3/krb5_principal_intro.3 +krb5/man/man3/krb5_principal_is_krbtgt.3 +krb5/man/man3/krb5_principal_match.3 +krb5/man/man3/krb5_principal_set_realm.3 +krb5/man/man3/krb5_principal_set_type.3 +krb5/man/man3/krb5_print_address.3 +krb5/man/man3/krb5_random_to_key.3 +krb5/man/man3/krb5_rd_req_ctx.3 +krb5/man/man3/krb5_rd_req_in_ctx_alloc.3 +krb5/man/man3/krb5_rd_req_in_set_keytab.3 +krb5/man/man3/krb5_rd_req_in_set_pac_check.3 +krb5/man/man3/krb5_rd_req_out_ctx_free.3 +krb5/man/man3/krb5_rd_req_out_get_server.3 +krb5/man/man3/krb5_realm_compare.3 +krb5/man/man3/krb5_ret_address.3 +krb5/man/man3/krb5_ret_addrs.3 +krb5/man/man3/krb5_ret_authdata.3 +krb5/man/man3/krb5_ret_creds.3 +krb5/man/man3/krb5_ret_creds_tag.3 +krb5/man/man3/krb5_ret_data.3 +krb5/man/man3/krb5_ret_int16.3 +krb5/man/man3/krb5_ret_int32.3 +krb5/man/man3/krb5_ret_int8.3 +krb5/man/man3/krb5_ret_keyblock.3 +krb5/man/man3/krb5_ret_principal.3 +krb5/man/man3/krb5_ret_string.3 +krb5/man/man3/krb5_ret_stringz.3 +krb5/man/man3/krb5_ret_times.3 +krb5/man/man3/krb5_ret_uint16.3 +krb5/man/man3/krb5_ret_uint32.3 +krb5/man/man3/krb5_ret_uint8.3 +krb5/man/man3/krb5_set_config_files.3 +krb5/man/man3/krb5_set_default_in_tkt_etypes.3 +krb5/man/man3/krb5_set_dns_canonicalize_hostname.3 +krb5/man/man3/krb5_set_error_message.3 +krb5/man/man3/krb5_set_error_string.3 +krb5/man/man3/krb5_set_extra_addresses.3 +krb5/man/man3/krb5_set_fcache_version.3 +krb5/man/man3/krb5_set_home_dir_access.3 +krb5/man/man3/krb5_set_ignore_addresses.3 +krb5/man/man3/krb5_set_kdc_sec_offset.3 +krb5/man/man3/krb5_set_max_time_skew.3 +krb5/man/man3/krb5_set_password.3 +krb5/man/man3/krb5_set_real_time.3 +krb5/man/man3/krb5_set_use_admin_kdc.3 +krb5/man/man3/krb5_sname_to_principal.3 +krb5/man/man3/krb5_sockaddr2address.3 +krb5/man/man3/krb5_sockaddr2port.3 +krb5/man/man3/krb5_sockaddr_uninteresting.3 +krb5/man/man3/krb5_storage.3 +krb5/man/man3/krb5_storage_clear_flags.3 +krb5/man/man3/krb5_storage_emem.3 +krb5/man/man3/krb5_storage_free.3 +krb5/man/man3/krb5_storage_from_data.3 +krb5/man/man3/krb5_storage_from_fd.3 +krb5/man/man3/krb5_storage_from_mem.3 +krb5/man/man3/krb5_storage_from_readonly_mem.3 +krb5/man/man3/krb5_storage_get_byteorder.3 +krb5/man/man3/krb5_storage_get_eof_code.3 +krb5/man/man3/krb5_storage_is_flags.3 +krb5/man/man3/krb5_storage_read.3 +krb5/man/man3/krb5_storage_seek.3 +krb5/man/man3/krb5_storage_set_byteorder.3 +krb5/man/man3/krb5_storage_set_eof_code.3 +krb5/man/man3/krb5_storage_set_flags.3 +krb5/man/man3/krb5_storage_set_max_alloc.3 +krb5/man/man3/krb5_storage_to_data.3 +krb5/man/man3/krb5_storage_truncate.3 +krb5/man/man3/krb5_storage_write.3 +krb5/man/man3/krb5_store_address.3 +krb5/man/man3/krb5_store_addrs.3 +krb5/man/man3/krb5_store_authdata.3 +krb5/man/man3/krb5_store_creds.3 +krb5/man/man3/krb5_store_creds_tag.3 +krb5/man/man3/krb5_store_data.3 +krb5/man/man3/krb5_store_int16.3 +krb5/man/man3/krb5_store_int32.3 +krb5/man/man3/krb5_store_int8.3 +krb5/man/man3/krb5_store_keyblock.3 +krb5/man/man3/krb5_store_principal.3 +krb5/man/man3/krb5_store_string.3 +krb5/man/man3/krb5_store_stringz.3 +krb5/man/man3/krb5_store_times.3 +krb5/man/man3/krb5_store_uint16.3 +krb5/man/man3/krb5_store_uint32.3 +krb5/man/man3/krb5_store_uint8.3 +krb5/man/man3/krb5_string_to_keytype.3 +krb5/man/man3/krb5_support.3 +krb5/man/man3/krb5_ticket.3 +krb5/man/man3/krb5_ticket_get_authorization_data_type.3 +krb5/man/man3/krb5_ticket_get_client.3 +krb5/man/man3/krb5_ticket_get_endtime.3 +krb5/man/man3/krb5_ticket_get_flags.3 +krb5/man/man3/krb5_ticket_get_server.3 +krb5/man/man3/krb5_unparse_name.3 +krb5/man/man3/krb5_unparse_name_fixed.3 +krb5/man/man3/krb5_unparse_name_fixed_flags.3 +krb5/man/man3/krb5_unparse_name_fixed_short.3 +krb5/man/man3/krb5_unparse_name_flags.3 +krb5/man/man3/krb5_unparse_name_short.3 +krb5/man/man3/krb5_v4compat.3 +krb5/man/man3/krb5_verify_checksum_iov.3 +krb5/man/man3/krb5_vset_error_string.3 +krb5/man/man3/krb5_vwarn.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/annotated.html b/crypto/heimdal/doc/doxyout/ntlm/html/annotated.html new file mode 100644 index 00000000000..25571647c1a --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/annotated.html @@ -0,0 +1,39 @@ + + +Heimdalntlmlibrary: Data Structures + + + +

+keyhole logo +

+ + + +
+

Data Structures

Here are the data structures with brief descriptions: + + + + +
ntlm_buf
ntlm_type1
ntlm_type2
ntlm_type3
+
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/doxygen.css b/crypto/heimdal/doc/doxyout/ntlm/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/doxygen.png b/crypto/heimdal/doc/doxyout/ntlm/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/examples.html b/crypto/heimdal/doc/doxyout/ntlm/html/examples.html new file mode 100644 index 00000000000..03f1863703b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/examples.html @@ -0,0 +1,30 @@ + + +Heimdalntlmlibrary: Examples + + + +

+keyhole logo +

+ + + +
+

Examples

Here is a list of all examples: +
+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/functions.html b/crypto/heimdal/doc/doxyout/ntlm/html/functions.html new file mode 100644 index 00000000000..4e61376d166 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/functions.html @@ -0,0 +1,78 @@ + + +Heimdalntlmlibrary: Data Fields + + + +

+keyhole logo +

+ + + +
+Here is a list of all documented struct and union fields with links to the struct/union documentation for each field: +

+

+
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/functions_vars.html b/crypto/heimdal/doc/doxyout/ntlm/html/functions_vars.html new file mode 100644 index 00000000000..378c553840d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/functions_vars.html @@ -0,0 +1,78 @@ + + +Heimdalntlmlibrary: Data Fields - Variables + + + +

+keyhole logo +

+ + + +
+  +

+

+
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.html b/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.html new file mode 100644 index 00000000000..6caf3381420 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.html @@ -0,0 +1,89 @@ + + +Heimdalntlmlibrary: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.png b/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/group__ntlm__core.html b/crypto/heimdal/doc/doxyout/ntlm/html/group__ntlm__core.html new file mode 100644 index 00000000000..d6776dfa5ee --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/group__ntlm__core.html @@ -0,0 +1,936 @@ + + +Heimdalntlmlibrary: Heimdal NTLM library + + + +

+keyhole logo +

+ + + +
+

Heimdal NTLM library

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

void heim_ntlm_free_buf (struct ntlm_buf *p)
void heim_ntlm_free_targetinfo (struct ntlm_targetinfo *ti)
int heim_ntlm_encode_targetinfo (const struct ntlm_targetinfo *ti, int ucs2, struct ntlm_buf *data)
int heim_ntlm_decode_targetinfo (const struct ntlm_buf *data, int ucs2, struct ntlm_targetinfo *ti)
void heim_ntlm_free_type1 (struct ntlm_type1 *data)
int heim_ntlm_encode_type1 (const struct ntlm_type1 *type1, struct ntlm_buf *data)
void heim_ntlm_free_type2 (struct ntlm_type2 *data)
int heim_ntlm_encode_type2 (const struct ntlm_type2 *type2, struct ntlm_buf *data)
void heim_ntlm_free_type3 (struct ntlm_type3 *data)
int heim_ntlm_encode_type3 (const struct ntlm_type3 *type3, struct ntlm_buf *data)
int heim_ntlm_nt_key (const char *password, struct ntlm_buf *key)
int heim_ntlm_calculate_ntlm1 (void *key, size_t len, unsigned char challenge[8], struct ntlm_buf *answer)
int heim_ntlm_build_ntlm1_master (void *key, size_t len, struct ntlm_buf *session, struct ntlm_buf *master)
int heim_ntlm_build_ntlm2_master (void *key, size_t len, struct ntlm_buf *blob, struct ntlm_buf *session, struct ntlm_buf *master)
int heim_ntlm_keyex_unwrap (struct ntlm_buf *baseKey, struct ntlm_buf *encryptedSession, struct ntlm_buf *session)
int heim_ntlm_ntlmv2_key (const void *key, size_t len, const char *username, const char *target, unsigned char ntlmv2[16])
int heim_ntlm_calculate_lm2 (const void *key, size_t len, const char *username, const char *target, const unsigned char serverchallenge[8], unsigned char ntlmv2[16], struct ntlm_buf *answer)
int heim_ntlm_calculate_ntlm2 (const void *key, size_t len, const char *username, const char *target, const unsigned char serverchallenge[8], const struct ntlm_buf *infotarget, unsigned char ntlmv2[16], struct ntlm_buf *answer)
int heim_ntlm_verify_ntlm2 (const void *key, size_t len, const char *username, const char *target, time_t now, const unsigned char serverchallenge[8], const struct ntlm_buf *answer, struct ntlm_buf *infotarget, unsigned char ntlmv2[16])
+

Detailed Description

+The NTLM core functions implement the string2key generation function, message encode and decode function, and the hash function functions.

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_build_ntlm1_master (void *  key,
size_t  len,
struct ntlm_buf session,
struct ntlm_buf master 
)
+
+
+ +

+Generates an NTLMv1 session random with assosited session master key.

+

Parameters:
+ + + + + +
key the ntlm v1 key
len length of key
session generated session nonce, should be freed with heim_ntlm_free_buf().
master calculated session master key, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_build_ntlm2_master (void *  key,
size_t  len,
struct ntlm_buf blob,
struct ntlm_buf session,
struct ntlm_buf master 
)
+
+
+ +

+Generates an NTLMv2 session random with associated session master key.

+

Parameters:
+ + + + + + +
key the NTLMv2 key
len length of key
blob the NTLMv2 "blob"
session generated session nonce, should be freed with heim_ntlm_free_buf().
master calculated session master key, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_calculate_lm2 (const void *  key,
size_t  len,
const char *  username,
const char *  target,
const unsigned char  serverchallenge[8],
unsigned char  ntlmv2[16],
struct ntlm_buf answer 
)
+
+
+ +

+Calculate LMv2 response

+

Parameters:
+ + + + + + + + +
key the ntlm key
len length of key
username name of the user, as sent in the message, assumed to be in UTF8.
target the name of the target, assumed to be in UTF8.
serverchallenge challenge as sent by the server in the type2 message.
ntlmv2 calculated session key
answer ntlm response answer, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_calculate_ntlm1 (void *  key,
size_t  len,
unsigned char  challenge[8],
struct ntlm_buf answer 
)
+
+
+ +

+Calculate NTLMv1 response hash

+

Parameters:
+ + + + + +
key the ntlm v1 key
len length of key
challenge sent by the server
answer calculated answer, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_calculate_ntlm2 (const void *  key,
size_t  len,
const char *  username,
const char *  target,
const unsigned char  serverchallenge[8],
const struct ntlm_buf infotarget,
unsigned char  ntlmv2[16],
struct ntlm_buf answer 
)
+
+
+ +

+Calculate NTLMv2 response

+

Parameters:
+ + + + + + + + + +
key the ntlm key
len length of key
username name of the user, as sent in the message, assumed to be in UTF8.
target the name of the target, assumed to be in UTF8.
serverchallenge challenge as sent by the server in the type2 message.
infotarget infotarget as sent by the server in the type2 message.
ntlmv2 calculated session key
answer ntlm response answer, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_decode_targetinfo (const struct ntlm_buf data,
int  ucs2,
struct ntlm_targetinfo *  ti 
)
+
+
+ +

+Decodes an NTLM targetinfo message

+

Parameters:
+ + + + +
data input data buffer with the encode NTLM targetinfo message
ucs2 if the strings should be encoded with ucs2 (selected by flag in message).
ti the decoded target info, should be freed with heim_ntlm_free_targetinfo().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_encode_targetinfo (const struct ntlm_targetinfo *  ti,
int  ucs2,
struct ntlm_buf data 
)
+
+
+ +

+Encodes a ntlm_targetinfo message.

+

Parameters:
+ + + + +
ti the ntlm_targetinfo message to encode.
ucs2 ignored
data is the return buffer with the encoded message, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int heim_ntlm_encode_type1 (const struct ntlm_type1 type1,
struct ntlm_buf data 
)
+
+
+ +

+Encodes an ntlm_type1 message.

+

Parameters:
+ + + +
type1 the ntlm_type1 message to encode.
data is the return buffer with the encoded message, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int heim_ntlm_encode_type2 (const struct ntlm_type2 type2,
struct ntlm_buf data 
)
+
+
+ +

+Encodes an ntlm_type2 message.

+

Parameters:
+ + + +
type2 the ntlm_type2 message to encode.
data is the return buffer with the encoded message, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int heim_ntlm_encode_type3 (const struct ntlm_type3 type3,
struct ntlm_buf data 
)
+
+
+ +

+Encodes an ntlm_type3 message.

+

Parameters:
+ + + +
type3 the ntlm_type3 message to encode.
data is the return buffer with the encoded message, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + +
void heim_ntlm_free_buf (struct ntlm_buf p  ) 
+
+
+ +

+heim_ntlm_free_buf frees the ntlm buffer

+

Parameters:
+ + +
p buffer to be freed
+
+ +
+

+ +

+
+ + + + + + + + + +
void heim_ntlm_free_targetinfo (struct ntlm_targetinfo *  ti  ) 
+
+
+ +

+Frees the ntlm_targetinfo message

+

Parameters:
+ + +
ti targetinfo to be freed
+
+ +
+

+ +

+
+ + + + + + + + + +
void heim_ntlm_free_type1 (struct ntlm_type1 data  ) 
+
+
+ +

+Frees the ntlm_type1 message

+

Parameters:
+ + +
data message to be freed
+
+ +
+

+ +

+
+ + + + + + + + + +
void heim_ntlm_free_type2 (struct ntlm_type2 data  ) 
+
+
+ +

+Frees the ntlm_type2 message

+

Parameters:
+ + +
data message to be freed
+
+ +
+

+ +

+
+ + + + + + + + + +
void heim_ntlm_free_type3 (struct ntlm_type3 data  ) 
+
+
+ +

+Frees the ntlm_type3 message

+

Parameters:
+ + +
data message to be freed
+
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_keyex_unwrap (struct ntlm_buf baseKey,
struct ntlm_buf encryptedSession,
struct ntlm_buf session 
)
+
+
+ +

+Given a key and encrypted session, unwrap the session key

+

Parameters:
+ + + + +
baseKey the sessionBaseKey
encryptedSession encrypted session, type3.session field.
session generated session nonce, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int heim_ntlm_nt_key (const char *  password,
struct ntlm_buf key 
)
+
+
+ +

+Calculate the NTLM key, the password is assumed to be in UTF8.

+

Parameters:
+ + + +
password password to calcute the key for.
key calcuted key, should be freed with heim_ntlm_free_buf().
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_ntlmv2_key (const void *  key,
size_t  len,
const char *  username,
const char *  target,
unsigned char  ntlmv2[16] 
)
+
+
+ +

+Generates an NTLMv2 session key.

+

Parameters:
+ + + + + + +
key the ntlm key
len length of key
username name of the user, as sent in the message, assumed to be in UTF8.
target the name of the target, assumed to be in UTF8.
ntlmv2 the ntlmv2 session key
+
+
Returns:
0 on success, or an error code on failure.
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int heim_ntlm_verify_ntlm2 (const void *  key,
size_t  len,
const char *  username,
const char *  target,
time_t  now,
const unsigned char  serverchallenge[8],
const struct ntlm_buf answer,
struct ntlm_buf infotarget,
unsigned char  ntlmv2[16] 
)
+
+
+ +

+Verify NTLMv2 response.

+

Parameters:
+ + + + + + + + + + +
key the ntlm key
len length of key
username name of the user, as sent in the message, assumed to be in UTF8.
target the name of the target, assumed to be in UTF8.
now the time now (0 if the library should pick it up itself)
serverchallenge challenge as sent by the server in the type2 message.
answer ntlm response answer, should be freed with heim_ntlm_free_buf().
infotarget infotarget as sent by the server in the type2 message.
ntlmv2 calculated session key
+
+
Returns:
In case of success 0 is return, an errors, a errno in what went wrong.
+ +
+

+

+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/index.html b/crypto/heimdal/doc/doxyout/ntlm/html/index.html new file mode 100644 index 00000000000..5f1b39a2fb7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/index.html @@ -0,0 +1,37 @@ + + +Heimdalntlmlibrary: Heimdal NTLM library + + + +

+keyhole logo +

+ + + +
+

Heimdal NTLM library

+

+

1.5.1

+Introduction

+Heimdal libheimntlm library is a implementation of the NTLM protocol, both version 1 and 2. The GSS-API mech that uses this library adds support for transport encryption and integrity checking.

+NTLM is a protocol for mutual authentication, its still used in many protocol where Kerberos is not support, one example is EAP/X802.1x mechanism LEAP from Microsoft and Cisco.

+This is a support library for the core protocol, its used in Heimdal to implement and GSS-API mechanism. There is also support in the KDC to do remote digest authenticiation, this to allow services to authenticate users w/o direct access to the users ntlm hashes (same as Kerberos arcfour enctype keys).

+More information about the NTLM protocol can found here http://davenport.sourceforge.net/ntlm.html .

+The Heimdal projects web page: http://www.h5l.org/

+NTLM Example

+Example to to use test_ntlm::c .
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/modules.html b/crypto/heimdal/doc/doxyout/ntlm/html/modules.html new file mode 100644 index 00000000000..408e99cb77d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/modules.html @@ -0,0 +1,30 @@ + + +Heimdalntlmlibrary: Module Index + + + +

+keyhole logo +

+ + + +
+

Modules

Here is a list of all modules: +
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__buf.html b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__buf.html new file mode 100644 index 00000000000..dca8f24a971 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__buf.html @@ -0,0 +1,82 @@ + + +Heimdalntlmlibrary: ntlm_buf Struct Reference + + + +

+keyhole logo +

+ + + +
+

ntlm_buf Struct Reference

#include <heimntlm.h> +

+ + + + + + + +

Data Fields

size_t length
void * data
+

Detailed Description

+Buffer for storing data in the NTLM library. When filled in by the library it should be freed with heim_ntlm_free_buf().
Examples:
+ +

+test_ntlm.c.

Field Documentation

+ +
+
+ + + + +
size_t ntlm_buf::length
+
+
+ +

+length buffer data

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
void* ntlm_buf::data
+
+
+ +

+pointer to the data itself

Examples:
+test_ntlm.c.
+
+

+

The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/ntlm/heimntlm.h
+
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type1.html b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type1.html new file mode 100644 index 00000000000..7b3e8e6d383 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type1.html @@ -0,0 +1,118 @@ + + +Heimdalntlmlibrary: ntlm_type1 Struct Reference + + + +

+keyhole logo +

+ + + +
+

ntlm_type1 Struct Reference

#include <heimntlm.h> +

+ + + + + + + + + + + +

Data Fields

uint32_t flags
char * domain
char * hostname
uint32_t os [2]
+

Detailed Description

+Struct for the NTLM type1 message info, the strings is assumed to be in UTF8. When filled in by the library it should be freed with heim_ntlm_free_type1().
Examples:
+ +

+test_ntlm.c.

Field Documentation

+ +
+
+ + + + +
uint32_t ntlm_type1::flags
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
char* ntlm_type1::domain
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
char* ntlm_type1::hostname
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
uint32_t ntlm_type1::os[2]
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+

The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/ntlm/heimntlm.h
+
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2.html b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2.html new file mode 100644 index 00000000000..959405923b9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2.html @@ -0,0 +1,159 @@ + + +Heimdalntlmlibrary: ntlm_type2 Struct Reference + + + +

+keyhole logo +

+ + + +
+

ntlm_type2 Struct Reference

#include <heimntlm.h> +

+

+Collaboration diagram for ntlm_type2:
+
+

Collaboration graph
+ + +
[legend]
+ + + + + + + + + + + + + + + +

Data Fields

uint32_t flags
char * targetname
struct ntlm_buf targetinfo
unsigned char challenge [8]
uint32_t context [2]
uint32_t os [2]
+

Detailed Description

+Struct for the NTLM type2 message info, the strings is assumed to be in UTF8. When filled in by the library it should be freed with heim_ntlm_free_type2().
Examples:
+ +

+test_ntlm.c.

Field Documentation

+ +
+
+ + + + +
uint32_t ntlm_type2::flags
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
char* ntlm_type2::targetname
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
struct ntlm_buf ntlm_type2::targetinfo [read]
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
unsigned char ntlm_type2::challenge[8]
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
uint32_t ntlm_type2::context[2]
+
+
+ +

+ +

+

+ +

+
+ + + + +
uint32_t ntlm_type2::os[2]
+
+
+ +

+ +

+

+

The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/ntlm/heimntlm.h
+
+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.map b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.map new file mode 100644 index 00000000000..9e6cd72b444 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.map @@ -0,0 +1 @@ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.md5 b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.md5 new file mode 100644 index 00000000000..4340819135c --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.md5 @@ -0,0 +1 @@ +b5989391473842dda9191d0175c17177 \ No newline at end of file diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.png b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.png new file mode 100644 index 00000000000..14c79b434fb Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type2__coll__graph.png differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3.html b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3.html new file mode 100644 index 00000000000..2edea39efed --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3.html @@ -0,0 +1,194 @@ + + +Heimdalntlmlibrary: ntlm_type3 Struct Reference + + + +

+keyhole logo +

+ + + +
+

ntlm_type3 Struct Reference

#include <heimntlm.h> +

+

+Collaboration diagram for ntlm_type3:
+
+

Collaboration graph
+ + +
[legend]
+ + + + + + + + + + + + + + + + + + + +

Data Fields

uint32_t flags
char * username
char * targetname
struct ntlm_buf lm
struct ntlm_buf ntlm
struct ntlm_buf sessionkey
char * ws
uint32_t os [2]
+

Detailed Description

+Struct for the NTLM type3 message info, the strings is assumed to be in UTF8. When filled in by the library it should be freed with heim_ntlm_free_type3().
Examples:
+ +

+test_ntlm.c.

Field Documentation

+ +
+
+ + + + +
uint32_t ntlm_type3::flags
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
char* ntlm_type3::username
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
char* ntlm_type3::targetname
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
struct ntlm_buf ntlm_type3::lm [read]
+
+
+ +

+ +

+

+ +

+
+ + + + +
struct ntlm_buf ntlm_type3::ntlm [read]
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
struct ntlm_buf ntlm_type3::sessionkey [read]
+
+
+ +

+ +

+

+ +

+
+ + + + +
char* ntlm_type3::ws
+
+
+ +

+

Examples:
+test_ntlm.c.
+
+

+ +

+
+ + + + +
uint32_t ntlm_type3::os[2]
+
+
+ +

+ +

+

+

The documentation for this struct was generated from the following file:
    +
  • /Users/lha/src/heimdal/heimdal-release/heimdal-1.5.1/lib/ntlm/heimntlm.h
+
+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.map b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.map new file mode 100644 index 00000000000..9e6cd72b444 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.map @@ -0,0 +1 @@ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.md5 b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.md5 new file mode 100644 index 00000000000..1c9e7239dc0 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.md5 @@ -0,0 +1 @@ +e51b24543271b5e19333877ec8086fcd \ No newline at end of file diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.png b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.png new file mode 100644 index 00000000000..6553470777e Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/structntlm__type3__coll__graph.png differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/tab_b.gif b/crypto/heimdal/doc/doxyout/ntlm/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/tab_l.gif b/crypto/heimdal/doc/doxyout/ntlm/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/tab_r.gif b/crypto/heimdal/doc/doxyout/ntlm/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/ntlm/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/tabs.css b/crypto/heimdal/doc/doxyout/ntlm/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/ntlm/html/test__ntlm_8c-example.html b/crypto/heimdal/doc/doxyout/ntlm/html/test__ntlm_8c-example.html new file mode 100644 index 00000000000..b9087796680 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/html/test__ntlm_8c-example.html @@ -0,0 +1,408 @@ + + +Heimdalntlmlibrary: test_ntlm.c + + + +

+keyhole logo +

+ + + +
+

test_ntlm.c

Example how to use the NTLM primitives.

+

/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <err.h>
+#include <roken.h>
+#include <getarg.h>
+
+#include <krb5-types.h> /* or <inttypes.h> */
+#include <heimntlm.h>
+
+static int
+test_parse(void)
+{
+    const char *user = "foo",
+        *domain = "mydomain",
+        *password = "digestpassword",
+        *target = "DOMAIN";
+    struct ntlm_type1 type1;
+    struct ntlm_type2 type2;
+    struct ntlm_type3 type3;
+    struct ntlm_buf data;
+    int ret, flags;
+
+    memset(&type1, 0, sizeof(type1));
+
+    type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM;
+    type1.domain = rk_UNCONST(domain);
+    type1.hostname = NULL;
+    type1.os[0] = 0;
+    type1.os[1] = 0;
+
+    ret = heim_ntlm_encode_type1(&type1, &data);
+    if (ret)
+        errx(1, "heim_ntlm_encode_type1");
+
+    memset(&type1, 0, sizeof(type1));
+
+    ret = heim_ntlm_decode_type1(&data, &type1);
+    free(data.data);
+    if (ret)
+        errx(1, "heim_ntlm_encode_type1");
+
+    heim_ntlm_free_type1(&type1);
+
+    /*
+     *
+     */
+
+    memset(&type2, 0, sizeof(type2));
+
+    flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
+    type2.flags = flags;
+
+    memset(type2.challenge, 0x7f, sizeof(type2.challenge));
+    type2.targetname = rk_UNCONST(target);
+    type2.targetinfo.data = NULL;
+    type2.targetinfo.length = 0;
+
+    ret = heim_ntlm_encode_type2(&type2, &data);
+    if (ret)
+        errx(1, "heim_ntlm_encode_type2");
+
+    memset(&type2, 0, sizeof(type2));
+
+    ret = heim_ntlm_decode_type2(&data, &type2);
+    free(data.data);
+    if (ret)
+        errx(1, "heim_ntlm_decode_type2");
+
+    heim_ntlm_free_type2(&type2);
+
+    /*
+     *
+     */
+
+    memset(&type3, 0, sizeof(type3));
+
+    type3.flags = flags;
+    type3.username = rk_UNCONST(user);
+    type3.targetname = rk_UNCONST(target);
+    type3.ws = rk_UNCONST("workstation");
+
+    {
+        struct ntlm_buf key;
+        heim_ntlm_nt_key(password, &key);
+
+        heim_ntlm_calculate_ntlm1(key.data, key.length,
+                                  type2.challenge,
+                                  &type3.ntlm);
+        free(key.data);
+    }
+
+    ret = heim_ntlm_encode_type3(&type3, &data);
+    if (ret)
+        errx(1, "heim_ntlm_encode_type3");
+
+    free(type3.ntlm.data);
+
+    memset(&type3, 0, sizeof(type3));
+
+    ret = heim_ntlm_decode_type3(&data, 1, &type3);
+    free(data.data);
+    if (ret)
+        errx(1, "heim_ntlm_decode_type3");
+
+    if (strcmp("workstation", type3.ws) != 0)
+        errx(1, "type3 ws wrong");
+
+    if (strcmp(target, type3.targetname) != 0)
+        errx(1, "type3 targetname wrong");
+
+    if (strcmp(user, type3.username) != 0)
+        errx(1, "type3 username wrong");
+
+
+    heim_ntlm_free_type3(&type3);
+
+    /*
+     * NTLMv2
+     */
+
+    memset(&type2, 0, sizeof(type2));
+
+    flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN;
+    type2.flags = flags;
+
+    memset(type2.challenge, 0x7f, sizeof(type2.challenge));
+    type2.targetname = rk_UNCONST(target);
+    type2.targetinfo.data = "\x00\x00";
+    type2.targetinfo.length = 2;
+
+    ret = heim_ntlm_encode_type2(&type2, &data);
+    if (ret)
+        errx(1, "heim_ntlm_encode_type2");
+
+    memset(&type2, 0, sizeof(type2));
+
+    ret = heim_ntlm_decode_type2(&data, &type2);
+    free(data.data);
+    if (ret)
+        errx(1, "heim_ntlm_decode_type2");
+
+    heim_ntlm_free_type2(&type2);
+
+    return 0;
+}
+
+static int
+test_keys(void)
+{
+    const char
+        *username = "test",
+        *password = "test1234",
+        *target = "TESTNT";
+    const unsigned char
+        serverchallenge[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c";
+    struct ntlm_buf infotarget, infotarget2, answer, key;
+    unsigned char ntlmv2[16], ntlmv2_1[16];
+    int ret;
+
+    infotarget.length = 70;
+    infotarget.data =
+        "\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00"
+        "\x01\x00\x0c\x00\x4d\x00\x45\x00\x4d\x00\x42\x00\x45\x00\x52\x00"
+        "\x03\x00\x1e\x00\x6d\x00\x65\x00\x6d\x00\x62\x00\x65\x00\x72\x00"
+            "\x2e\x00\x74\x00\x65\x00\x73\x00\x74\x00\x2e\x00\x63\x00\x6f"
+            "\x00\x6d\x00"
+        "\x00\x00\x00\x00";
+
+    answer.length = 0;
+    answer.data = NULL;
+
+    heim_ntlm_nt_key(password, &key);
+
+    ret = heim_ntlm_calculate_ntlm2(key.data,
+                                    key.length,
+                                    username,
+                                    target,
+                                    serverchallenge,
+                                    &infotarget,
+                                    ntlmv2,
+                                    &answer);
+    if (ret)
+        errx(1, "heim_ntlm_calculate_ntlm2");
+
+    ret = heim_ntlm_verify_ntlm2(key.data,
+                                 key.length,
+                                 username,
+                                 target,
+                                 0,
+                                 serverchallenge,
+                                 &answer,
+                                 &infotarget2,
+                                 ntlmv2_1);
+    if (ret)
+        errx(1, "heim_ntlm_verify_ntlm2");
+
+    if (memcmp(ntlmv2, ntlmv2_1, sizeof(ntlmv2)) != 0)
+        errx(1, "ntlm master key not same");
+
+    if (infotarget.length > infotarget2.length)
+        errx(1, "infotarget length");
+
+    if (memcmp(infotarget.data, infotarget2.data, infotarget.length) != 0)
+        errx(1, "infotarget not the same");
+
+    free(key.data);
+    free(answer.data);
+    free(infotarget2.data);
+
+    return 0;
+}
+
+static int
+test_ntlm2_session_resp(void)
+{
+    int ret;
+    struct ntlm_buf lm, ntlm;
+
+    const unsigned char lm_resp[24] =
+        "\xff\xff\xff\x00\x11\x22\x33\x44"
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00";
+    const unsigned char ntlm2_sess_resp[24] =
+        "\x10\xd5\x50\x83\x2d\x12\xb2\xcc"
+        "\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf"
+        "\x82\xac\xa4\xc3\x68\x1d\xd4\x55";
+
+    const unsigned char client_nonce[8] =
+        "\xff\xff\xff\x00\x11\x22\x33\x44";
+    const unsigned char server_challenge[8] =
+        "\x01\x23\x45\x67\x89\xab\xcd\xef";
+
+    const unsigned char ntlm_hash[16] =
+        "\xcd\x06\xca\x7c\x7e\x10\xc9\x9b"
+        "\x1d\x33\xb7\x48\x5a\x2e\xd8\x08";
+
+    ret = heim_ntlm_calculate_ntlm2_sess(client_nonce,
+                                         server_challenge,
+                                         ntlm_hash,
+                                         &lm,
+                                         &ntlm);
+    if (ret)
+        errx(1, "heim_ntlm_calculate_ntlm2_sess_resp");
+
+    if (lm.length != 24 || memcmp(lm.data, lm_resp, 24) != 0)
+        errx(1, "lm_resp wrong");
+    if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0)
+        errx(1, "ntlm2_sess_resp wrong");
+
+    free(lm.data);
+    free(ntlm.data);
+
+
+    return 0;
+}
+
+static int
+test_targetinfo(void)
+{
+    struct ntlm_targetinfo ti;
+    struct ntlm_buf buf;
+    const char *dnsservername = "dnsservername";
+    int ret;
+
+    memset(&ti, 0, sizeof(ti));
+
+    ti.dnsservername = rk_UNCONST(dnsservername);
+    ti.avflags = 1;
+    ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf);
+    if (ret)
+        return ret;
+
+    memset(&ti, 0, sizeof(ti));
+
+    ret = heim_ntlm_decode_targetinfo(&buf, 1, &ti);
+    if (ret)
+        return ret;
+
+    if (ti.dnsservername == NULL ||
+        strcmp(ti.dnsservername, dnsservername) != 0)
+        errx(1, "ti.dnshostname != %s", dnsservername);
+    if (ti.avflags != 1)
+        errx(1, "ti.avflags != 1");
+
+    heim_ntlm_free_targetinfo(&ti);
+
+    return 0;
+}
+
+static int verbose_flag = 0;
+static int version_flag = 0;
+static int help_flag    = 0;
+
+static struct getargs args[] = {
+    {"verbose", 0,      arg_flag,       &verbose_flag, "verbose printing", NULL },
+    {"version", 0,      arg_flag,       &version_flag, "print version", NULL },
+    {"help",    0,      arg_flag,       &help_flag,  NULL, NULL }
+};
+
+static void
+usage (int ret)
+{
+    arg_printusage (args, sizeof(args)/sizeof(*args),
+                    NULL, "");
+    exit (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+    int ret = 0, optind = 0;
+
+    setprogname(argv[0]);
+
+    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
+        usage(1);
+
+    if (help_flag)
+        usage (0);
+
+    if(version_flag){
+        print_version(NULL);
+        exit(0);
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    if (verbose_flag)
+        printf("test_parse\n");
+
+    ret += test_parse();
+    if (verbose_flag)
+        printf("test_keys\n");
+
+    ret += test_keys();
+    if (verbose_flag)
+        printf("test_ntlm2_session_resp\n");
+    ret += test_ntlm2_session_resp();
+
+    if (verbose_flag)
+        printf("test_targetinfo\n");
+    ret += test_targetinfo();
+
+    return ret;
+}
+
+
+Generated on Fri Sep 30 15:26:19 2011 for Heimdalntlmlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/challenge.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/challenge.3 new file mode 100644 index 00000000000..a7659b3d1fe --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/challenge.3 @@ -0,0 +1 @@ +.so man3/ntlm_type2.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/context.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/context.3 new file mode 100644 index 00000000000..a7659b3d1fe --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/context.3 @@ -0,0 +1 @@ +.so man3/ntlm_type2.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/data.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/data.3 new file mode 100644 index 00000000000..340108f66d7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/data.3 @@ -0,0 +1 @@ +.so man3/ntlm_buf.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/domain.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/domain.3 new file mode 100644 index 00000000000..d1020b43b40 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/domain.3 @@ -0,0 +1 @@ +.so man3/ntlm_type1.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/flags.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/flags.3 new file mode 100644 index 00000000000..d1020b43b40 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/flags.3 @@ -0,0 +1 @@ +.so man3/ntlm_type1.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_lm2.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_lm2.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_lm2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_decode_targetinfo.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_decode_targetinfo.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_decode_targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_targetinfo.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_targetinfo.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type1.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type1.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type1.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type2.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type2.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type3.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type3.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_encode_type3.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_buf.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_buf.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_buf.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_targetinfo.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_targetinfo.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type1.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type1.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type1.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type2.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type2.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type3.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type3.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_free_type3.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_keyex_unwrap.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_keyex_unwrap.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_keyex_unwrap.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_nt_key.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_nt_key.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_nt_key.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_ntlmv2_key.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_ntlmv2_key.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_ntlmv2_key.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_verify_ntlm2.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_verify_ntlm2.3 new file mode 100644 index 00000000000..c44afffe65e --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/heim_ntlm_verify_ntlm2.3 @@ -0,0 +1 @@ +.so man3/ntlm_core.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/hostname.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/hostname.3 new file mode 100644 index 00000000000..d1020b43b40 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/hostname.3 @@ -0,0 +1 @@ +.so man3/ntlm_type1.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/length.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/length.3 new file mode 100644 index 00000000000..340108f66d7 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/length.3 @@ -0,0 +1 @@ +.so man3/ntlm_buf.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/lm.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/lm.3 new file mode 100644 index 00000000000..de392aede5f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/lm.3 @@ -0,0 +1 @@ +.so man3/ntlm_type3.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm.3 new file mode 100644 index 00000000000..de392aede5f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm.3 @@ -0,0 +1 @@ +.so man3/ntlm_type3.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_buf.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_buf.3 new file mode 100644 index 00000000000..52fdc03f879 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_buf.3 @@ -0,0 +1,48 @@ +.TH "ntlm_buf" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalntlmlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_buf \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "size_t \fBlength\fP" +.br +.ti -1c +.RI "void * \fBdata\fP" +.br +.in -1c +.SH "Detailed Description" +.PP +Buffer for storing data in the NTLM library. When filled in by the library it should be freed with \fBheim_ntlm_free_buf()\fP. +.PP +\fBExamples: \fP +.in +1c +.PP +\fBtest_ntlm.c\fP. +.SH "Field Documentation" +.PP +.SS "size_t \fBntlm_buf::length\fP" +.PP +length buffer data +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "void* \fBntlm_buf::data\fP" +.PP +pointer to the data itself +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdalntlmlibrary from the source code. diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_core.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_core.3 new file mode 100644 index 00000000000..50599af98e8 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_core.3 @@ -0,0 +1,421 @@ +.TH "Heimdal NTLM library" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalntlmlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal NTLM library \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBheim_ntlm_free_buf\fP (struct \fBntlm_buf\fP *p)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_targetinfo\fP (struct ntlm_targetinfo *ti)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_targetinfo\fP (const struct ntlm_targetinfo *ti, int ucs2, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_decode_targetinfo\fP (const struct \fBntlm_buf\fP *data, int ucs2, struct ntlm_targetinfo *ti)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_type1\fP (struct \fBntlm_type1\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_type1\fP (const struct \fBntlm_type1\fP *type1, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_type2\fP (struct \fBntlm_type2\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_type2\fP (const struct \fBntlm_type2\fP *type2, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "void \fBheim_ntlm_free_type3\fP (struct \fBntlm_type3\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_encode_type3\fP (const struct \fBntlm_type3\fP *type3, struct \fBntlm_buf\fP *data)" +.br +.ti -1c +.RI "int \fBheim_ntlm_nt_key\fP (const char *password, struct \fBntlm_buf\fP *key)" +.br +.ti -1c +.RI "int \fBheim_ntlm_calculate_ntlm1\fP (void *key, size_t len, unsigned char challenge[8], struct \fBntlm_buf\fP *answer)" +.br +.ti -1c +.RI "int \fBheim_ntlm_build_ntlm1_master\fP (void *key, size_t len, struct \fBntlm_buf\fP *session, struct \fBntlm_buf\fP *master)" +.br +.ti -1c +.RI "int \fBheim_ntlm_build_ntlm2_master\fP (void *key, size_t len, struct \fBntlm_buf\fP *blob, struct \fBntlm_buf\fP *session, struct \fBntlm_buf\fP *master)" +.br +.ti -1c +.RI "int \fBheim_ntlm_keyex_unwrap\fP (struct \fBntlm_buf\fP *baseKey, struct \fBntlm_buf\fP *encryptedSession, struct \fBntlm_buf\fP *session)" +.br +.ti -1c +.RI "int \fBheim_ntlm_ntlmv2_key\fP (const void *key, size_t len, const char *username, const char *target, unsigned char ntlmv2[16])" +.br +.ti -1c +.RI "int \fBheim_ntlm_calculate_lm2\fP (const void *key, size_t len, const char *username, const char *target, const unsigned char serverchallenge[8], unsigned char ntlmv2[16], struct \fBntlm_buf\fP *answer)" +.br +.ti -1c +.RI "int \fBheim_ntlm_calculate_ntlm2\fP (const void *key, size_t len, const char *username, const char *target, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP *infotarget, unsigned char ntlmv2[16], struct \fBntlm_buf\fP *answer)" +.br +.ti -1c +.RI "int \fBheim_ntlm_verify_ntlm2\fP (const void *key, size_t len, const char *username, const char *target, time_t now, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP *answer, struct \fBntlm_buf\fP *infotarget, unsigned char ntlmv2[16])" +.br +.in -1c +.SH "Detailed Description" +.PP +The NTLM core functions implement the string2key generation function, message encode and decode function, and the hash function functions. +.SH "Function Documentation" +.PP +.SS "int heim_ntlm_build_ntlm1_master (void * key, size_t len, struct \fBntlm_buf\fP * session, struct \fBntlm_buf\fP * master)" +.PP +Generates an NTLMv1 session random with assosited session master key. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the ntlm v1 key +.br +\fIlen\fP length of key +.br +\fIsession\fP generated session nonce, should be freed with \fBheim_ntlm_free_buf()\fP. +.br +\fImaster\fP calculated session master key, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_build_ntlm2_master (void * key, size_t len, struct \fBntlm_buf\fP * blob, struct \fBntlm_buf\fP * session, struct \fBntlm_buf\fP * master)" +.PP +Generates an NTLMv2 session random with associated session master key. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the NTLMv2 key +.br +\fIlen\fP length of key +.br +\fIblob\fP the NTLMv2 'blob' +.br +\fIsession\fP generated session nonce, should be freed with \fBheim_ntlm_free_buf()\fP. +.br +\fImaster\fP calculated session master key, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_calculate_lm2 (const void * key, size_t len, const char * username, const char * target, const unsigned char serverchallenge[8], unsigned char ntlmv2[16], struct \fBntlm_buf\fP * answer)" +.PP +Calculate LMv2 response +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8. +.br +\fItarget\fP the name of the target, assumed to be in UTF8. +.br +\fIserverchallenge\fP challenge as sent by the server in the type2 message. +.br +\fIntlmv2\fP calculated session key +.br +\fIanswer\fP ntlm response answer, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_calculate_ntlm1 (void * key, size_t len, unsigned char challenge[8], struct \fBntlm_buf\fP * answer)" +.PP +Calculate NTLMv1 response hash +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the ntlm v1 key +.br +\fIlen\fP length of key +.br +\fIchallenge\fP sent by the server +.br +\fIanswer\fP calculated answer, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_calculate_ntlm2 (const void * key, size_t len, const char * username, const char * target, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP * infotarget, unsigned char ntlmv2[16], struct \fBntlm_buf\fP * answer)" +.PP +Calculate NTLMv2 response +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8. +.br +\fItarget\fP the name of the target, assumed to be in UTF8. +.br +\fIserverchallenge\fP challenge as sent by the server in the type2 message. +.br +\fIinfotarget\fP infotarget as sent by the server in the type2 message. +.br +\fIntlmv2\fP calculated session key +.br +\fIanswer\fP ntlm response answer, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_decode_targetinfo (const struct \fBntlm_buf\fP * data, int ucs2, struct ntlm_targetinfo * ti)" +.PP +Decodes an NTLM targetinfo message +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP input data buffer with the encode NTLM targetinfo message +.br +\fIucs2\fP if the strings should be encoded with ucs2 (selected by flag in message). +.br +\fIti\fP the decoded target info, should be freed with \fBheim_ntlm_free_targetinfo()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_encode_targetinfo (const struct ntlm_targetinfo * ti, int ucs2, struct \fBntlm_buf\fP * data)" +.PP +Encodes a ntlm_targetinfo message. +.PP +\fBParameters:\fP +.RS 4 +\fIti\fP the ntlm_targetinfo message to encode. +.br +\fIucs2\fP ignored +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_encode_type1 (const struct \fBntlm_type1\fP * type1, struct \fBntlm_buf\fP * data)" +.PP +Encodes an \fBntlm_type1\fP message. +.PP +\fBParameters:\fP +.RS 4 +\fItype1\fP the \fBntlm_type1\fP message to encode. +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_encode_type2 (const struct \fBntlm_type2\fP * type2, struct \fBntlm_buf\fP * data)" +.PP +Encodes an \fBntlm_type2\fP message. +.PP +\fBParameters:\fP +.RS 4 +\fItype2\fP the \fBntlm_type2\fP message to encode. +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_encode_type3 (const struct \fBntlm_type3\fP * type3, struct \fBntlm_buf\fP * data)" +.PP +Encodes an \fBntlm_type3\fP message. +.PP +\fBParameters:\fP +.RS 4 +\fItype3\fP the \fBntlm_type3\fP message to encode. +.br +\fIdata\fP is the return buffer with the encoded message, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "void heim_ntlm_free_buf (struct \fBntlm_buf\fP * p)" +.PP +heim_ntlm_free_buf frees the ntlm buffer +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP buffer to be freed +.RE +.PP + +.SS "void heim_ntlm_free_targetinfo (struct ntlm_targetinfo * ti)" +.PP +Frees the ntlm_targetinfo message +.PP +\fBParameters:\fP +.RS 4 +\fIti\fP targetinfo to be freed +.RE +.PP + +.SS "void heim_ntlm_free_type1 (struct \fBntlm_type1\fP * data)" +.PP +Frees the \fBntlm_type1\fP message +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP message to be freed +.RE +.PP + +.SS "void heim_ntlm_free_type2 (struct \fBntlm_type2\fP * data)" +.PP +Frees the \fBntlm_type2\fP message +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP message to be freed +.RE +.PP + +.SS "void heim_ntlm_free_type3 (struct \fBntlm_type3\fP * data)" +.PP +Frees the \fBntlm_type3\fP message +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP message to be freed +.RE +.PP + +.SS "int heim_ntlm_keyex_unwrap (struct \fBntlm_buf\fP * baseKey, struct \fBntlm_buf\fP * encryptedSession, struct \fBntlm_buf\fP * session)" +.PP +Given a key and encrypted session, unwrap the session key +.PP +\fBParameters:\fP +.RS 4 +\fIbaseKey\fP the sessionBaseKey +.br +\fIencryptedSession\fP encrypted session, type3.session field. +.br +\fIsession\fP generated session nonce, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_nt_key (const char * password, struct \fBntlm_buf\fP * key)" +.PP +Calculate the NTLM key, the password is assumed to be in UTF8. +.PP +\fBParameters:\fP +.RS 4 +\fIpassword\fP password to calcute the key for. +.br +\fIkey\fP calcuted key, should be freed with \fBheim_ntlm_free_buf()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + +.SS "int heim_ntlm_ntlmv2_key (const void * key, size_t len, const char * username, const char * target, unsigned char ntlmv2[16])" +.PP +Generates an NTLMv2 session key. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8. +.br +\fItarget\fP the name of the target, assumed to be in UTF8. +.br +\fIntlmv2\fP the ntlmv2 session key +.RE +.PP +\fBReturns:\fP +.RS 4 +0 on success, or an error code on failure. +.RE +.PP + +.SS "int heim_ntlm_verify_ntlm2 (const void * key, size_t len, const char * username, const char * target, time_t now, const unsigned char serverchallenge[8], const struct \fBntlm_buf\fP * answer, struct \fBntlm_buf\fP * infotarget, unsigned char ntlmv2[16])" +.PP +Verify NTLMv2 response. +.PP +\fBParameters:\fP +.RS 4 +\fIkey\fP the ntlm key +.br +\fIlen\fP length of key +.br +\fIusername\fP name of the user, as sent in the message, assumed to be in UTF8. +.br +\fItarget\fP the name of the target, assumed to be in UTF8. +.br +\fInow\fP the time now (0 if the library should pick it up itself) +.br +\fIserverchallenge\fP challenge as sent by the server in the type2 message. +.br +\fIanswer\fP ntlm response answer, should be freed with \fBheim_ntlm_free_buf()\fP. +.br +\fIinfotarget\fP infotarget as sent by the server in the type2 message. +.br +\fIntlmv2\fP calculated session key +.RE +.PP +\fBReturns:\fP +.RS 4 +In case of success 0 is return, an errors, a errno in what went wrong. +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type1.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type1.3 new file mode 100644 index 00000000000..3b4f2afa116 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type1.3 @@ -0,0 +1,68 @@ +.TH "ntlm_type1" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalntlmlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_type1 \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "uint32_t \fBflags\fP" +.br +.ti -1c +.RI "char * \fBdomain\fP" +.br +.ti -1c +.RI "char * \fBhostname\fP" +.br +.ti -1c +.RI "uint32_t \fBos\fP [2]" +.br +.in -1c +.SH "Detailed Description" +.PP +Struct for the NTLM type1 message info, the strings is assumed to be in UTF8. When filled in by the library it should be freed with \fBheim_ntlm_free_type1()\fP. +.PP +\fBExamples: \fP +.in +1c +.PP +\fBtest_ntlm.c\fP. +.SH "Field Documentation" +.PP +.SS "uint32_t \fBntlm_type1::flags\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "char* \fBntlm_type1::domain\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "char* \fBntlm_type1::hostname\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "uint32_t \fBntlm_type1::os\fP[2]" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdalntlmlibrary from the source code. diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type2.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type2.3 new file mode 100644 index 00000000000..e46eeb37e6d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type2.3 @@ -0,0 +1,80 @@ +.TH "ntlm_type2" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalntlmlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_type2 \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "uint32_t \fBflags\fP" +.br +.ti -1c +.RI "char * \fBtargetname\fP" +.br +.ti -1c +.RI "struct \fBntlm_buf\fP \fBtargetinfo\fP" +.br +.ti -1c +.RI "unsigned char \fBchallenge\fP [8]" +.br +.ti -1c +.RI "uint32_t \fBcontext\fP [2]" +.br +.ti -1c +.RI "uint32_t \fBos\fP [2]" +.br +.in -1c +.SH "Detailed Description" +.PP +Struct for the NTLM type2 message info, the strings is assumed to be in UTF8. When filled in by the library it should be freed with \fBheim_ntlm_free_type2()\fP. +.PP +\fBExamples: \fP +.in +1c +.PP +\fBtest_ntlm.c\fP. +.SH "Field Documentation" +.PP +.SS "uint32_t \fBntlm_type2::flags\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "char* \fBntlm_type2::targetname\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "struct \fBntlm_buf\fP \fBntlm_type2::targetinfo\fP\fC [read]\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "unsigned char \fBntlm_type2::challenge\fP[8]" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "uint32_t \fBntlm_type2::context\fP[2]" +.PP + +.SS "uint32_t \fBntlm_type2::os\fP[2]" +.PP + + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdalntlmlibrary from the source code. diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type3.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type3.3 new file mode 100644 index 00000000000..6f20c58b7a9 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ntlm_type3.3 @@ -0,0 +1,96 @@ +.TH "ntlm_type3" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalntlmlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +ntlm_type3 \- +.SH SYNOPSIS +.br +.PP +\fC#include \fP +.PP +.SS "Data Fields" + +.in +1c +.ti -1c +.RI "uint32_t \fBflags\fP" +.br +.ti -1c +.RI "char * \fBusername\fP" +.br +.ti -1c +.RI "char * \fBtargetname\fP" +.br +.ti -1c +.RI "struct \fBntlm_buf\fP \fBlm\fP" +.br +.ti -1c +.RI "struct \fBntlm_buf\fP \fBntlm\fP" +.br +.ti -1c +.RI "struct \fBntlm_buf\fP \fBsessionkey\fP" +.br +.ti -1c +.RI "char * \fBws\fP" +.br +.ti -1c +.RI "uint32_t \fBos\fP [2]" +.br +.in -1c +.SH "Detailed Description" +.PP +Struct for the NTLM type3 message info, the strings is assumed to be in UTF8. When filled in by the library it should be freed with \fBheim_ntlm_free_type3()\fP. +.PP +\fBExamples: \fP +.in +1c +.PP +\fBtest_ntlm.c\fP. +.SH "Field Documentation" +.PP +.SS "uint32_t \fBntlm_type3::flags\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "char* \fBntlm_type3::username\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "char* \fBntlm_type3::targetname\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "struct \fBntlm_buf\fP \fBntlm_type3::lm\fP\fC [read]\fP" +.PP + +.SS "struct \fBntlm_buf\fP \fBntlm_type3::ntlm\fP\fC [read]\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "struct \fBntlm_buf\fP \fBntlm_type3::sessionkey\fP\fC [read]\fP" +.PP + +.SS "char* \fBntlm_type3::ws\fP" +.PP + +.PP +\fBExamples: \fP +.in +1c +\fBtest_ntlm.c\fP. +.SS "uint32_t \fBntlm_type3::os\fP[2]" +.PP + + +.SH "Author" +.PP +Generated automatically by Doxygen for Heimdalntlmlibrary from the source code. diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/os.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/os.3 new file mode 100644 index 00000000000..d1020b43b40 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/os.3 @@ -0,0 +1 @@ +.so man3/ntlm_type1.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/sessionkey.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/sessionkey.3 new file mode 100644 index 00000000000..de392aede5f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/sessionkey.3 @@ -0,0 +1 @@ +.so man3/ntlm_type3.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/targetinfo.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/targetinfo.3 new file mode 100644 index 00000000000..a7659b3d1fe --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/targetinfo.3 @@ -0,0 +1 @@ +.so man3/ntlm_type2.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/targetname.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/targetname.3 new file mode 100644 index 00000000000..a7659b3d1fe --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/targetname.3 @@ -0,0 +1 @@ +.so man3/ntlm_type2.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/username.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/username.3 new file mode 100644 index 00000000000..de392aede5f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/username.3 @@ -0,0 +1 @@ +.so man3/ntlm_type3.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/man/man3/ws.3 b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ws.3 new file mode 100644 index 00000000000..de392aede5f --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/man/man3/ws.3 @@ -0,0 +1 @@ +.so man3/ntlm_type3.3 diff --git a/crypto/heimdal/doc/doxyout/ntlm/manpages b/crypto/heimdal/doc/doxyout/ntlm/manpages new file mode 100644 index 00000000000..d79b6dd9a43 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/ntlm/manpages @@ -0,0 +1,39 @@ +ntlm/man/man3/challenge.3 +ntlm/man/man3/context.3 +ntlm/man/man3/data.3 +ntlm/man/man3/domain.3 +ntlm/man/man3/flags.3 +ntlm/man/man3/heim_ntlm_build_ntlm1_master.3 +ntlm/man/man3/heim_ntlm_build_ntlm2_master.3 +ntlm/man/man3/heim_ntlm_calculate_lm2.3 +ntlm/man/man3/heim_ntlm_calculate_ntlm1.3 +ntlm/man/man3/heim_ntlm_calculate_ntlm2.3 +ntlm/man/man3/heim_ntlm_decode_targetinfo.3 +ntlm/man/man3/heim_ntlm_encode_targetinfo.3 +ntlm/man/man3/heim_ntlm_encode_type1.3 +ntlm/man/man3/heim_ntlm_encode_type2.3 +ntlm/man/man3/heim_ntlm_encode_type3.3 +ntlm/man/man3/heim_ntlm_free_buf.3 +ntlm/man/man3/heim_ntlm_free_targetinfo.3 +ntlm/man/man3/heim_ntlm_free_type1.3 +ntlm/man/man3/heim_ntlm_free_type2.3 +ntlm/man/man3/heim_ntlm_free_type3.3 +ntlm/man/man3/heim_ntlm_keyex_unwrap.3 +ntlm/man/man3/heim_ntlm_nt_key.3 +ntlm/man/man3/heim_ntlm_ntlmv2_key.3 +ntlm/man/man3/heim_ntlm_verify_ntlm2.3 +ntlm/man/man3/hostname.3 +ntlm/man/man3/length.3 +ntlm/man/man3/lm.3 +ntlm/man/man3/ntlm.3 +ntlm/man/man3/ntlm_buf.3 +ntlm/man/man3/ntlm_core.3 +ntlm/man/man3/ntlm_type1.3 +ntlm/man/man3/ntlm_type2.3 +ntlm/man/man3/ntlm_type3.3 +ntlm/man/man3/os.3 +ntlm/man/man3/sessionkey.3 +ntlm/man/man3/targetinfo.3 +ntlm/man/man3/targetname.3 +ntlm/man/man3/username.3 +ntlm/man/man3/ws.3 diff --git a/crypto/heimdal/doc/doxyout/wind/html/doxygen.css b/crypto/heimdal/doc/doxyout/wind/html/doxygen.css new file mode 100644 index 00000000000..22c484301dd --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/doxygen.css @@ -0,0 +1,473 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { + text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { + font-weight: bold +} +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navpath { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1A419D; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1A419D +} +A.qindex:hover { + text-decoration: none; + background-color: #ddddff; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { + text-decoration: none; + background-color: #6666cc; + color: #ffffff +} +A.el { + text-decoration: none; + font-weight: bold +} +A.elRef { + font-weight: bold +} +A.code:link { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.code:visited { + text-decoration: none; + font-weight: normal; + color: #0000FF +} +A.codeRef:link { + font-weight: normal; + color: #0000FF +} +A.codeRef:visited { + font-weight: normal; + color: #0000FF +} +A:hover { + text-decoration: none; + background-color: #f2f2ff +} +DL.el { + margin-left: -1cm +} +.fragment { + font-family: monospace, fixed; + font-size: 95%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { + background-color: black; + font-weight: bold; + color: #ffffff; + margin-bottom: 3px; + margin-top: 3px +} + +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { + margin-left: 16px; + font-style: italic; + font-size: 90% +} +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { + text-align: center; +} +IMG.formulaDsp { +} +IMG.formulaInl { + vertical-align: middle; +} +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +SPAN.vhdldigit { color: #ff00ff } +SPAN.vhdlchar { color: #000000 } +SPAN.vhdlkeyword { color: #700070 } +SPAN.vhdllogic { color: #ff0000 } + +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { + color: #003399; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { + font-size: 75%; + color: #000080; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { + font-size: 75%; +} +a { + color: #1A41A8; +} +a:visited { + color: #2A3798; +} +.dirtab { + padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { + background: #e8eef2; + font-weight: bold; +} +HR { + height: 1px; + border: none; + border-top: 1px solid black; +} + +/* Style for detailed member documentation */ +.memtemplate { + font-size: 80%; + color: #606060; + font-weight: normal; + margin-left: 3px; +} +.memnav { + background-color: #e8eef2; + border: 1px solid #84b0c7; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +.memitem { + padding: 4px; + background-color: #eef3f5; + border-width: 1px; + border-style: solid; + border-color: #dedeee; + -moz-border-radius: 8px 8px 8px 8px; +} +.memname { + white-space: nowrap; + font-weight: bold; +} +.memdoc{ + padding-left: 10px; +} +.memproto { + background-color: #d5e1e8; + width: 100%; + border-width: 1px; + border-style: solid; + border-color: #84b0c7; + font-weight: bold; + -moz-border-radius: 8px 8px 8px 8px; +} +.paramkey { + text-align: right; +} +.paramtype { + white-space: nowrap; +} +.paramname { + color: #602020; + font-style: italic; + white-space: nowrap; +} +/* End Styling for detailed member documentation */ + +/* for the tree view */ +.ftvtree { + font-family: sans-serif; + margin:0.5em; +} +/* these are for tree view when used as main index */ +.directory { + font-size: 9pt; + font-weight: bold; +} +.directory h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} + +/* The following two styles can be used to replace the root node title */ +/* with an image of your choice. Simply uncomment the next two styles, */ +/* specify the name of your image and be sure to set 'height' to the */ +/* proper pixel height of your image. */ + +/* .directory h3.swap { */ +/* height: 61px; */ +/* background-repeat: no-repeat; */ +/* background-image: url("yourimage.gif"); */ +/* } */ +/* .directory h3.swap span { */ +/* display: none; */ +/* } */ + +.directory > h3 { + margin-top: 0; +} +.directory p { + margin: 0px; + white-space: nowrap; +} +.directory div { + display: none; + margin: 0px; +} +.directory img { + vertical-align: -30%; +} +/* these are for tree view when not used as main index */ +.directory-alt { + font-size: 100%; + font-weight: bold; +} +.directory-alt h3 { + margin: 0px; + margin-top: 1em; + font-size: 11pt; +} +.directory-alt > h3 { + margin-top: 0; +} +.directory-alt p { + margin: 0px; + white-space: nowrap; +} +.directory-alt div { + display: none; + margin: 0px; +} +.directory-alt img { + vertical-align: -30%; +} + diff --git a/crypto/heimdal/doc/doxyout/wind/html/doxygen.png b/crypto/heimdal/doc/doxyout/wind/html/doxygen.png new file mode 100644 index 00000000000..f0a274bbaff Binary files /dev/null and b/crypto/heimdal/doc/doxyout/wind/html/doxygen.png differ diff --git a/crypto/heimdal/doc/doxyout/wind/html/graph_legend.dot b/crypto/heimdal/doc/doxyout/wind/html/graph_legend.dot new file mode 100644 index 00000000000..4df0f1aa486 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/graph_legend.dot @@ -0,0 +1,22 @@ +digraph G +{ + edge [fontname="FreeSans",fontsize=10,labelfontname="FreeSans",labelfontsize=10]; + node [fontname="FreeSans",fontsize=10,shape=record]; + Node9 [shape="box",label="Inherited",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",fillcolor="grey75",style="filled" fontcolor="black"]; + Node10 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node10 [shape="box",label="PublicBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPublicBase.html"]; + Node11 -> Node10 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node11 [shape="box",label="Truncated",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="red",URL="$classTruncated.html"]; + Node13 -> Node9 [dir=back,color="darkgreen",fontsize=10,style="solid",fontname="FreeSans"]; + Node13 [shape="box",label="ProtectedBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classProtectedBase.html"]; + Node14 -> Node9 [dir=back,color="firebrick4",fontsize=10,style="solid",fontname="FreeSans"]; + Node14 [shape="box",label="PrivateBase",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classPrivateBase.html"]; + Node15 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node15 [shape="box",label="Undocumented",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="grey75"]; + Node16 -> Node9 [dir=back,color="midnightblue",fontsize=10,style="solid",fontname="FreeSans"]; + Node16 [shape="box",label="Templ< int >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node17 -> Node16 [dir=back,color="orange",fontsize=10,style="dashed",label="< int >",fontname="FreeSans"]; + Node17 [shape="box",label="Templ< T >",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classTempl.html"]; + Node18 -> Node9 [dir=back,color="darkorchid3",fontsize=10,style="dashed",label="m_usedClass",fontname="FreeSans"]; + Node18 [shape="box",label="Used",fontsize=10,height=0.2,width=0.4,fontname="FreeSans",color="black",URL="$classUsed.html"]; +} diff --git a/crypto/heimdal/doc/doxyout/wind/html/graph_legend.html b/crypto/heimdal/doc/doxyout/wind/html/graph_legend.html new file mode 100644 index 00000000000..78e1121b257 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/graph_legend.html @@ -0,0 +1,87 @@ + + +Heimdalwindlibrary: Graph Legend + + + +

+keyhole logo +

+ + + +
+

Graph Legend

This page explains how to interpret the graphs that are generated by doxygen.

+Consider the following example: 

/*! Invisible class because of truncation */
+class Invisible { };
+
+/*! Truncated class, inheritance relation is hidden */
+class Truncated : public Invisible { };
+
+/* Class not documented with doxygen comments */
+class Undocumented { };
+
+/*! Class that is inherited using public inheritance */
+class PublicBase : public Truncated { };
+
+/*! A template class */
+template<class T> class Templ { };
+
+/*! Class that is inherited using protected inheritance */
+class ProtectedBase { };
+
+/*! Class that is inherited using private inheritance */
+class PrivateBase { };
+
+/*! Class that is used by the Inherited class */
+class Used { };
+
+/*! Super class that inherits a number of other classes */
+class Inherited : public PublicBase,
+                  protected ProtectedBase,
+                  private PrivateBase,
+                  public Undocumented,
+                  public Templ<int>
+{
+  private:
+    Used *m_usedClass;
+};
+
If the MAX_DOT_GRAPH_HEIGHT tag in the configuration file is set to 240 this will result in the following graph:

+

+graph_legend.png +
+

+The boxes in the above graph have the following meaning:

    +
  • +A filled gray box represents the struct or class for which the graph is generated.
    • +
  • +A box with a black border denotes a documented struct or class.
    • +
  • +A box with a grey border denotes an undocumented struct or class.
    • +
  • +A box with a red border denotes a documented struct or class forwhich not all inheritance/containment relations are shown. A graph is truncated if it does not fit within the specified boundaries.
    • +
+The arrows have the following meaning:
    +
  • +A dark blue arrow is used to visualize a public inheritance relation between two classes.
    • +
  • +A dark green arrow is used for protected inheritance.
    • +
  • +A dark red arrow is used for private inheritance.
    • +
  • +A purple dashed arrow is used if a class is contained or used by another class. The arrow is labeled with the variable(s) through which the pointed class or struct is accessible.
    • +
  • +A yellow dashed arrow denotes a relation between a template instance and the template class it was instantiated from. The arrow is labeled with the template parameters of the instance.
    • +
+
+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalwindlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/wind/html/graph_legend.png b/crypto/heimdal/doc/doxyout/wind/html/graph_legend.png new file mode 100644 index 00000000000..9b96937bfd5 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/wind/html/graph_legend.png differ diff --git a/crypto/heimdal/doc/doxyout/wind/html/group__wind.html b/crypto/heimdal/doc/doxyout/wind/html/group__wind.html new file mode 100644 index 00000000000..5bd5752d066 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/group__wind.html @@ -0,0 +1,680 @@ + + +Heimdalwindlibrary: Heimdal wind library + + + +

+keyhole logo +

+ + + +
+

Heimdal wind library

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Functions

int wind_punycode_label_toascii (const uint32_t *in, size_t in_len, char *out, size_t *out_len)
int wind_stringprep (const uint32_t *in, size_t in_len, uint32_t *out, size_t *out_len, wind_profile_flags flags)
int wind_profile (const char *name, wind_profile_flags *flags)
int wind_utf8ucs4 (const char *in, uint32_t *out, size_t *out_len)
int wind_utf8ucs4_length (const char *in, size_t *out_len)
int wind_ucs4utf8 (const uint32_t *in, size_t in_len, char *out, size_t *out_len)
int wind_ucs4utf8_length (const uint32_t *in, size_t in_len, size_t *out_len)
int wind_ucs2read (const void *ptr, size_t len, unsigned int *flags, uint16_t *out, size_t *out_len)
int wind_ucs2write (const uint16_t *in, size_t in_len, unsigned int *flags, void *ptr, size_t *out_len)
int wind_utf8ucs2 (const char *in, uint16_t *out, size_t *out_len)
int wind_utf8ucs2_length (const char *in, size_t *out_len)
int wind_ucs2utf8 (const uint16_t *in, size_t in_len, char *out, size_t *out_len)
int wind_ucs2utf8_length (const uint16_t *in, size_t in_len, size_t *out_len)
+

Detailed Description

+

Function Documentation

+ +
+
+ + + + + + + + + + + + + + + + + + +
int wind_profile (const char *  name,
wind_profile_flags *  flags 
)
+
+
+ +

+Try to find the profile given a name.

+

Parameters:
+ + + +
name name of the profile.
flags the resulting profile.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int wind_punycode_label_toascii (const uint32_t *  in,
size_t  in_len,
char *  out,
size_t *  out_len 
)
+
+
+ +

+Convert an UCS4 string to a puny-coded DNS label string suitable when combined with delimiters and other labels for DNS lookup.

+

Parameters:
+ + + + + +
in an UCS4 string to convert
in_len the length of in.
out the resulting puny-coded string. The string is not NUL terminatied.
out_len before processing out_len should be the length of the out variable, after processing it will be the length of the out string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int wind_stringprep (const uint32_t *  in,
size_t  in_len,
uint32_t *  out,
size_t *  out_len,
wind_profile_flags  flags 
)
+
+
+ +

+Process a input UCS4 string according a string-prep profile.

+

Parameters:
+ + + + + + +
in input UCS4 string to process
in_len length of the input string
out output UCS4 string
out_len length of the output string.
flags stringprep profile.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int wind_ucs2read (const void *  ptr,
size_t  len,
unsigned int *  flags,
uint16_t *  out,
size_t *  out_len 
)
+
+
+ +

+Read in an UCS2 from a buffer.

+

Parameters:
+ + + + + + +
ptr The input buffer to read from.
len the length of the input buffer.
flags Flags to control the behavior of the function.
out the output UCS2, the array must be at least out/2 long.
out_len the output length
+
+
Returns:
returns 0 on success, an wind error code otherwise.
+ +

+if len is zero, flags are unchanged

+if len is odd, WIND_ERR_LENGTH_NOT_MOD2 is returned

+If the flags WIND_RW_BOM is set, check for BOM. If not BOM is found, check is LE/BE flag is already and use that otherwise fail with WIND_ERR_NO_BOM. When done, clear WIND_RW_BOM and the LE/BE flag and set the resulting LE/BE flag. +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int wind_ucs2utf8 (const uint16_t *  in,
size_t  in_len,
char *  out,
size_t *  out_len 
)
+
+
+ +

+Convert an UCS2 string to a UTF-8 string.

+

Parameters:
+ + + + + +
in an UCS2 string to convert.
in_len the length of the in UCS2 string.
out the resulting UTF-8 strint, must be at least wind_ucs2utf8_length() long. If out is NULL, the function will calculate the needed space for the out variable (just like wind_ucs2utf8_length()).
out_len before processing out_len should be the length of the out variable, after processing it will be the length of the out string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int wind_ucs2utf8_length (const uint16_t *  in,
size_t  in_len,
size_t *  out_len 
)
+
+
+ +

+Calculate the length of from converting a UCS2 string to an UTF-8 string.

+

Parameters:
+ + + + +
in an UCS2 string to convert.
in_len an UCS2 string length to convert.
out_len the length of the resulting UTF-8 string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int wind_ucs2write (const uint16_t *  in,
size_t  in_len,
unsigned int *  flags,
void *  ptr,
size_t *  out_len 
)
+
+
+ +

+Write an UCS2 string to a buffer.

+

Parameters:
+ + + + + + +
in The input UCS2 string.
in_len the length of the input buffer.
flags Flags to control the behavior of the function.
ptr The input buffer to write to, the array must be at least (in + 1) * 2 bytes long.
out_len the output length
+
+
Returns:
returns 0 on success, an wind error code otherwise.
+ +

+If in buffer is not of length be mod 2, WIND_ERR_LENGTH_NOT_MOD2 is returned

+On zero input length, flags are preserved

+If flags have WIND_RW_BOM set, the byte order mark is written first to the output data

+If the output wont fit into out_len, WIND_ERR_OVERRUN is returned +

+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
int wind_ucs4utf8 (const uint32_t *  in,
size_t  in_len,
char *  out,
size_t *  out_len 
)
+
+
+ +

+Convert an UCS4 string to a UTF-8 string.

+

Parameters:
+ + + + + +
in an UCS4 string to convert.
in_len the length input array.
out the resulting UTF-8 strint, must be at least wind_ucs4utf8_length() + 1 long (the extra char for the NUL). If out is NULL, the function will calculate the needed space for the out variable (just like wind_ucs4utf8_length()).
out_len before processing out_len should be the length of the out variable, after processing it will be the length of the out string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int wind_ucs4utf8_length (const uint32_t *  in,
size_t  in_len,
size_t *  out_len 
)
+
+
+ +

+Calculate the length of from converting a UCS4 string to an UTF-8 string.

+

Parameters:
+ + + + +
in an UCS4 string to convert.
in_len the length of UCS4 string to convert.
out_len the length of the resulting UTF-8 string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int wind_utf8ucs2 (const char *  in,
uint16_t *  out,
size_t *  out_len 
)
+
+
+ +

+Convert an UTF-8 string to an UCS2 string.

+

Parameters:
+ + + + +
in an UTF-8 string to convert.
out the resulting UCS2 strint, must be at least wind_utf8ucs2_length() long. If out is NULL, the function will calculate the needed space for the out variable (just like wind_utf8ucs2_length()).
out_len before processing out_len should be the length of the out variable, after processing it will be the length of the out string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int wind_utf8ucs2_length (const char *  in,
size_t *  out_len 
)
+
+
+ +

+Calculate the length of from converting a UTF-8 string to a UCS2 string.

+

Parameters:
+ + + +
in an UTF-8 string to convert.
out_len the length of the resulting UCS4 string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + +
int wind_utf8ucs4 (const char *  in,
uint32_t *  out,
size_t *  out_len 
)
+
+
+ +

+Convert an UTF-8 string to an UCS4 string.

+

Parameters:
+ + + + +
in an UTF-8 string to convert.
out the resulting UCS4 strint, must be at least wind_utf8ucs4_length() long. If out is NULL, the function will calculate the needed space for the out variable (just like wind_utf8ucs4_length()).
out_len before processing out_len should be the length of the out variable, after processing it will be the length of the out string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+ +

+
+ + + + + + + + + + + + + + + + + + +
int wind_utf8ucs4_length (const char *  in,
size_t *  out_len 
)
+
+
+ +

+Calculate the length of from converting a UTF-8 string to a UCS4 string.

+

Parameters:
+ + + +
in an UTF-8 string to convert.
out_len the length of the resulting UCS4 string.
+
+
Returns:
returns 0 on success, an wind error code otherwise
+ +
+

+

+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalwindlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/wind/html/index.html b/crypto/heimdal/doc/doxyout/wind/html/index.html new file mode 100644 index 00000000000..1bef61c2e3b --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/index.html @@ -0,0 +1,30 @@ + + +Heimdalwindlibrary: Heimdal wind library + + + +

+keyhole logo +

+ + + +
+

Heimdal wind library

+

+

1.5.1

+Introduction

+Heimdal wind library is a implementation of stringprep and some of its profiles.

+The project web page: http://www.h5l.org/

+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalwindlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/wind/html/modules.html b/crypto/heimdal/doc/doxyout/wind/html/modules.html new file mode 100644 index 00000000000..25dc32ee98d --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/modules.html @@ -0,0 +1,28 @@ + + +Heimdalwindlibrary: Module Index + + + +

+keyhole logo +

+ + + +
+

Modules

Here is a list of all modules: +
+
+Generated on Fri Sep 30 15:26:20 2011 for Heimdalwindlibrary by doxygen 1.5.6
+ + diff --git a/crypto/heimdal/doc/doxyout/wind/html/tab_b.gif b/crypto/heimdal/doc/doxyout/wind/html/tab_b.gif new file mode 100644 index 00000000000..0d623483ffd Binary files /dev/null and b/crypto/heimdal/doc/doxyout/wind/html/tab_b.gif differ diff --git a/crypto/heimdal/doc/doxyout/wind/html/tab_l.gif b/crypto/heimdal/doc/doxyout/wind/html/tab_l.gif new file mode 100644 index 00000000000..9b1e6337c92 Binary files /dev/null and b/crypto/heimdal/doc/doxyout/wind/html/tab_l.gif differ diff --git a/crypto/heimdal/doc/doxyout/wind/html/tab_r.gif b/crypto/heimdal/doc/doxyout/wind/html/tab_r.gif new file mode 100644 index 00000000000..ce9dd9f533c Binary files /dev/null and b/crypto/heimdal/doc/doxyout/wind/html/tab_r.gif differ diff --git a/crypto/heimdal/doc/doxyout/wind/html/tabs.css b/crypto/heimdal/doc/doxyout/wind/html/tabs.css new file mode 100644 index 00000000000..95f00a91da3 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/html/tabs.css @@ -0,0 +1,102 @@ +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84B0C7; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1A419D; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI.current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI.current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.navpath +{ + background : none; + border : none; + border-bottom : 1px solid #84B0C7; +} diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind.3 new file mode 100644 index 00000000000..f95461b9718 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind.3 @@ -0,0 +1,326 @@ +.TH "Heimdal wind library" 3 "30 Sep 2011" "Version 1.5.1" "Heimdalwindlibrary" \" -*- nroff -*- +.ad l +.nh +.SH NAME +Heimdal wind library \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBwind_punycode_label_toascii\fP (const uint32_t *in, size_t in_len, char *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_stringprep\fP (const uint32_t *in, size_t in_len, uint32_t *out, size_t *out_len, wind_profile_flags flags)" +.br +.ti -1c +.RI "int \fBwind_profile\fP (const char *name, wind_profile_flags *flags)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs4\fP (const char *in, uint32_t *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs4_length\fP (const char *in, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs4utf8\fP (const uint32_t *in, size_t in_len, char *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs4utf8_length\fP (const uint32_t *in, size_t in_len, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2read\fP (const void *ptr, size_t len, unsigned int *flags, uint16_t *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2write\fP (const uint16_t *in, size_t in_len, unsigned int *flags, void *ptr, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs2\fP (const char *in, uint16_t *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_utf8ucs2_length\fP (const char *in, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2utf8\fP (const uint16_t *in, size_t in_len, char *out, size_t *out_len)" +.br +.ti -1c +.RI "int \fBwind_ucs2utf8_length\fP (const uint16_t *in, size_t in_len, size_t *out_len)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int wind_profile (const char * name, wind_profile_flags * flags)" +.PP +Try to find the profile given a name. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP name of the profile. +.br +\fIflags\fP the resulting profile. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_punycode_label_toascii (const uint32_t * in, size_t in_len, char * out, size_t * out_len)" +.PP +Convert an UCS4 string to a puny-coded DNS label string suitable when combined with delimiters and other labels for DNS lookup. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UCS4 string to convert +.br +\fIin_len\fP the length of in. +.br +\fIout\fP the resulting puny-coded string. The string is not NUL terminatied. +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_stringprep (const uint32_t * in, size_t in_len, uint32_t * out, size_t * out_len, wind_profile_flags flags)" +.PP +Process a input UCS4 string according a string-prep profile. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP input UCS4 string to process +.br +\fIin_len\fP length of the input string +.br +\fIout\fP output UCS4 string +.br +\fIout_len\fP length of the output string. +.br +\fIflags\fP stringprep profile. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs2read (const void * ptr, size_t len, unsigned int * flags, uint16_t * out, size_t * out_len)" +.PP +Read in an UCS2 from a buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIptr\fP The input buffer to read from. +.br +\fIlen\fP the length of the input buffer. +.br +\fIflags\fP Flags to control the behavior of the function. +.br +\fIout\fP the output UCS2, the array must be at least out/2 long. +.br +\fIout_len\fP the output length +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise. +.RE +.PP + +.PP +if len is zero, flags are unchanged +.PP +if len is odd, WIND_ERR_LENGTH_NOT_MOD2 is returned +.PP +If the flags WIND_RW_BOM is set, check for BOM. If not BOM is found, check is LE/BE flag is already and use that otherwise fail with WIND_ERR_NO_BOM. When done, clear WIND_RW_BOM and the LE/BE flag and set the resulting LE/BE flag. +.SS "int wind_ucs2utf8 (const uint16_t * in, size_t in_len, char * out, size_t * out_len)" +.PP +Convert an UCS2 string to a UTF-8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UCS2 string to convert. +.br +\fIin_len\fP the length of the in UCS2 string. +.br +\fIout\fP the resulting UTF-8 strint, must be at least \fBwind_ucs2utf8_length()\fP long. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_ucs2utf8_length()\fP). +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs2utf8_length (const uint16_t * in, size_t in_len, size_t * out_len)" +.PP +Calculate the length of from converting a UCS2 string to an UTF-8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UCS2 string to convert. +.br +\fIin_len\fP an UCS2 string length to convert. +.br +\fIout_len\fP the length of the resulting UTF-8 string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs2write (const uint16_t * in, size_t in_len, unsigned int * flags, void * ptr, size_t * out_len)" +.PP +Write an UCS2 string to a buffer. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP The input UCS2 string. +.br +\fIin_len\fP the length of the input buffer. +.br +\fIflags\fP Flags to control the behavior of the function. +.br +\fIptr\fP The input buffer to write to, the array must be at least (in + 1) * 2 bytes long. +.br +\fIout_len\fP the output length +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise. +.RE +.PP + +.PP +If in buffer is not of length be mod 2, WIND_ERR_LENGTH_NOT_MOD2 is returned +.PP +On zero input length, flags are preserved +.PP +If flags have WIND_RW_BOM set, the byte order mark is written first to the output data +.PP +If the output wont fit into out_len, WIND_ERR_OVERRUN is returned +.SS "int wind_ucs4utf8 (const uint32_t * in, size_t in_len, char * out, size_t * out_len)" +.PP +Convert an UCS4 string to a UTF-8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UCS4 string to convert. +.br +\fIin_len\fP the length input array. +.br +\fIout\fP the resulting UTF-8 strint, must be at least \fBwind_ucs4utf8_length()\fP + 1 long (the extra char for the NUL). If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_ucs4utf8_length()\fP). +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_ucs4utf8_length (const uint32_t * in, size_t in_len, size_t * out_len)" +.PP +Calculate the length of from converting a UCS4 string to an UTF-8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UCS4 string to convert. +.br +\fIin_len\fP the length of UCS4 string to convert. +.br +\fIout_len\fP the length of the resulting UTF-8 string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs2 (const char * in, uint16_t * out, size_t * out_len)" +.PP +Convert an UTF-8 string to an UCS2 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UTF-8 string to convert. +.br +\fIout\fP the resulting UCS2 strint, must be at least \fBwind_utf8ucs2_length()\fP long. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_utf8ucs2_length()\fP). +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs2_length (const char * in, size_t * out_len)" +.PP +Calculate the length of from converting a UTF-8 string to a UCS2 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UTF-8 string to convert. +.br +\fIout_len\fP the length of the resulting UCS4 string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs4 (const char * in, uint32_t * out, size_t * out_len)" +.PP +Convert an UTF-8 string to an UCS4 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UTF-8 string to convert. +.br +\fIout\fP the resulting UCS4 strint, must be at least \fBwind_utf8ucs4_length()\fP long. If out is NULL, the function will calculate the needed space for the out variable (just like \fBwind_utf8ucs4_length()\fP). +.br +\fIout_len\fP before processing out_len should be the length of the out variable, after processing it will be the length of the out string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + +.SS "int wind_utf8ucs4_length (const char * in, size_t * out_len)" +.PP +Calculate the length of from converting a UTF-8 string to a UCS4 string. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP an UTF-8 string to convert. +.br +\fIout_len\fP the length of the resulting UCS4 string. +.RE +.PP +\fBReturns:\fP +.RS 4 +returns 0 on success, an wind error code otherwise +.RE +.PP + diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_profile.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_profile.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_profile.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_punycode_label_toascii.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_punycode_label_toascii.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_punycode_label_toascii.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_stringprep.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_stringprep.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_stringprep.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2read.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2read.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2read.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2utf8.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2utf8.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2utf8.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2utf8_length.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2utf8_length.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2utf8_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2write.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2write.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs2write.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs4utf8.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs4utf8.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs4utf8.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs4utf8_length.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs4utf8_length.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_ucs4utf8_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs2.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs2.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs2.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs2_length.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs2_length.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs2_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs4.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs4.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs4.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs4_length.3 b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs4_length.3 new file mode 100644 index 00000000000..ea2c29233a6 --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/man/man3/wind_utf8ucs4_length.3 @@ -0,0 +1 @@ +.so man3/wind.3 diff --git a/crypto/heimdal/doc/doxyout/wind/manpages b/crypto/heimdal/doc/doxyout/wind/manpages new file mode 100644 index 00000000000..a6269d12ade --- /dev/null +++ b/crypto/heimdal/doc/doxyout/wind/manpages @@ -0,0 +1,14 @@ +wind/man/man3/wind.3 +wind/man/man3/wind_profile.3 +wind/man/man3/wind_punycode_label_toascii.3 +wind/man/man3/wind_stringprep.3 +wind/man/man3/wind_ucs2read.3 +wind/man/man3/wind_ucs2utf8.3 +wind/man/man3/wind_ucs2utf8_length.3 +wind/man/man3/wind_ucs2write.3 +wind/man/man3/wind_ucs4utf8.3 +wind/man/man3/wind_ucs4utf8_length.3 +wind/man/man3/wind_utf8ucs2.3 +wind/man/man3/wind_utf8ucs2_length.3 +wind/man/man3/wind_utf8ucs4.3 +wind/man/man3/wind_utf8ucs4_length.3 diff --git a/crypto/heimdal/doc/doxytmpl.dxy b/crypto/heimdal/doc/doxytmpl.dxy index bb7f25cb85e..a16b0d8ce66 100644 --- a/crypto/heimdal/doc/doxytmpl.dxy +++ b/crypto/heimdal/doc/doxytmpl.dxy @@ -112,7 +112,6 @@ EXCLUDE = EXCLUDE_SYMLINKS = NO EXCLUDE_PATTERNS = */.svn EXCLUDE_SYMBOLS = -EXAMPLE_PATH = EXAMPLE_PATTERNS = * EXAMPLE_RECURSIVE = NO IMAGE_PATH = diff --git a/crypto/heimdal/doc/gssapi.din b/crypto/heimdal/doc/gssapi.din new file mode 100644 index 00000000000..3dd8bb61256 --- /dev/null +++ b/crypto/heimdal/doc/gssapi.din @@ -0,0 +1,16 @@ +# Doxyfile 1.5.3 + +PROJECT_NAME = Heimdal GSS-API library +PROJECT_NUMBER = @PACKAGE_VERSION@ +OUTPUT_DIRECTORY = @srcdir@/doxyout/gssapi +INPUT = @srcdir@/../lib/gssapi + +WARN_IF_UNDOCUMENTED = NO + +PERL_PATH = /usr/bin/perl + +HTML_HEADER = "@srcdir@/header.html" +HTML_FOOTER = "@srcdir@/footer.html" + +@INCLUDE = "@srcdir@/doxytmpl.dxy" + diff --git a/crypto/heimdal/doc/hcrypto.din b/crypto/heimdal/doc/hcrypto.din index 55f1ed7c6ae..aeea17921af 100644 --- a/crypto/heimdal/doc/hcrypto.din +++ b/crypto/heimdal/doc/hcrypto.din @@ -2,8 +2,9 @@ PROJECT_NAME = "Heimdal crypto library" PROJECT_NUMBER = @PACKAGE_VERSION@ -OUTPUT_DIRECTORY = @objdir@/hcrypto +OUTPUT_DIRECTORY = @srcdir@/doxyout/hcrypto INPUT = @srcdir@/../lib/hcrypto +EXAMPLE_PATH = @srcdir@/../lib/hcrypto WARN_IF_UNDOCUMENTED = YES diff --git a/crypto/heimdal/doc/header.html b/crypto/heimdal/doc/header.html new file mode 100644 index 00000000000..b3401c8b8c8 --- /dev/null +++ b/crypto/heimdal/doc/header.html @@ -0,0 +1,10 @@ + + +$title + + + +

+keyhole logo +

+ diff --git a/crypto/heimdal/doc/heimdal.texi b/crypto/heimdal/doc/heimdal.texi index 1b999d30108..cebee5df792 100644 --- a/crypto/heimdal/doc/heimdal.texi +++ b/crypto/heimdal/doc/heimdal.texi @@ -1,6 +1,6 @@ \input texinfo @c -*- texinfo -*- @c %**start of header -@c $Id: heimdal.texi 22191 2007-12-06 17:26:30Z lha $ +@c $Id$ @setfilename heimdal.info @settitle HEIMDAL @iftex @@ -16,7 +16,6 @@ @include vars.texi -@set UPDATED $Date: 2007-12-06 09:26:30 -0800 (Tor, 06 Dec 2007) $ @set VERSION @value{PACKAGE_VERSION} @set EDITION 1.0 @@ -32,227 +31,11 @@ @title Heimdal @subtitle Kerberos 5 from KTH @subtitle Edition @value{EDITION}, for version @value{VERSION} -@subtitle 2007 +@subtitle 2008 @author Johan Danielsson -@author Love Hörnquist Åstrand +@author Love Hörnquist Ã…strand @author Assar Westerlund -@author last updated @value{UPDATED} -@def@copynext{@vskip 20pt plus 1fil@penalty-1000} -@def@copyrightstart{} -@def@copyrightend{} -@page -@copyrightstart -Copyright (c) 1997-2007 Kungliga Tekniska Högskolan -(Royal Institute of Technology, Stockholm, Sweden). -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -3. Neither the name of the Institute nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -@copynext - -Copyright (C) 1990 by the Massachusetts Institute of Technology - -Export of this software from the United States of America may -require a specific license from the United States Government. -It is the responsibility of any person or organization contemplating -export to obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - -@copynext - -Copyright (c) 1988, 1990, 1993 - The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -@copynext - -Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. - -This software is not subject to any license of the American Telephone -and Telegraph Company or of the Regents of the University of California. - -Permission is granted to anyone to use this software for any purpose on -any computer system, and to alter it and redistribute it freely, subject -to the following restrictions: - -1. The authors are not responsible for the consequences of use of this - software, no matter how awful, even if they arise from flaws in it. - -2. The origin of this software must not be misrepresented, either by - explicit claim or by omission. Since few users ever read sources, - credits must appear in the documentation. - -3. Altered versions must be plainly marked as such, and must not be - misrepresented as being the original software. Since few users - ever read sources, credits must appear in the documentation. - -4. This notice may not be removed or altered. - -@copynext - -IMath is Copyright 2002-2005 Michael J. Fromberger -You may use it subject to the following Licensing Terms: - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -@copynext - -Copyright (c) 2005 Doug Rabson -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -@copynext - -Copyright (c) 2005 Marko Kreen -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -@copynext - -Copyright (c) 2006,2007 -NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer as - the first lines of this file unmodified. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -@copyrightend @end titlepage @macro manpage{man, section} @@ -276,8 +59,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. @top Heimdal @end ifnottex -This manual is last updated @value{UPDATED} for version -@value{VERSION} of Heimdal. +This manual for version @value{VERSION} of Heimdal. @menu * Introduction:: @@ -287,10 +69,11 @@ This manual is last updated @value{UPDATED} for version * Applications:: * Things in search for a better place:: * Kerberos 4 issues:: -* Windows 2000 compatability:: +* Windows compatibility:: * Programming with Kerberos:: * Migration:: * Acknowledgments:: +* Copyrights and Licenses:: @detailmenu --- The Detailed Node Listing --- @@ -308,6 +91,7 @@ Setting up a realm * Slave Servers:: * Incremental propagation:: * Encryption types and salting:: +* Credential cache server - KCM:: * Cross realm:: * Transit policy:: * Setting up DNS:: @@ -331,24 +115,18 @@ Kerberos 4 issues * Converting a version 4 database:: * kaserver:: -Windows 2000 compatability +Windows compatibility -* Configuring Windows 2000 to use a Heimdal KDC:: -* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC:: +* Configuring Windows to use a Heimdal KDC:: +* Inter-Realm keys (trust) between Windows and a Heimdal KDC:: * Create account mappings:: * Encryption types:: * Authorisation data:: * Quirks of Windows 2000 KDC:: -* Useful links when reading about the Windows 2000:: +* Useful links when reading about the Windows:: Programming with Kerberos -* Kerberos 5 API Overview:: -* Walkthrough of a sample Kerberos 5 client:: -* Validating a password in a server application:: -* API differences to MIT Kerberos:: -* File formats:: - @end detailmenu @end menu @@ -363,6 +141,7 @@ Programming with Kerberos @include programming.texi @include migration.texi @include ack.texi +@include copyright.texi @c @shortcontents @contents diff --git a/crypto/heimdal/doc/hx509.din b/crypto/heimdal/doc/hx509.din index e28429f383b..c6d02b287c1 100644 --- a/crypto/heimdal/doc/hx509.din +++ b/crypto/heimdal/doc/hx509.din @@ -2,7 +2,7 @@ PROJECT_NAME = Heimdal x509 library PROJECT_NUMBER = @PACKAGE_VERSION@ -OUTPUT_DIRECTORY = @objdir@/hx509 +OUTPUT_DIRECTORY = @srcdir@/doxyout/hx509 INPUT = @srcdir@/../lib/hx509 WARN_IF_UNDOCUMENTED = YES diff --git a/crypto/heimdal/doc/hx509.texi b/crypto/heimdal/doc/hx509.texi index dbb5261ef93..c927357f715 100644 --- a/crypto/heimdal/doc/hx509.texi +++ b/crypto/heimdal/doc/hx509.texi @@ -1,6 +1,6 @@ \input texinfo @c -*- texinfo -*- @c %**start of header -@c $Id: hx509.texi 22071 2007-11-14 20:04:50Z lha $ +@c $Id$ @setfilename hx509.info @settitle HX509 @iftex @@ -14,14 +14,15 @@ @syncodeindex pg cp @c %**end of header -@set UPDATED $Date: 2007-11-14 12:04:50 -0800 (Ons, 14 Nov 2007) $ -@set VERSION 1.0 +@include vars.texi + +@set VERSION @value{PACKAGE_VERSION} @set EDITION 1.0 @ifinfo @dircategory Security @direntry -* hx509: (hx509). The X.509 distribution from KTH +* hx509: (hx509). The X.509 distribution from KTH @end direntry @end ifinfo @@ -30,16 +31,15 @@ @title HX509 @subtitle X.509 distribution from KTH @subtitle Edition @value{EDITION}, for version @value{VERSION} -@subtitle 2007 -@author Love Hörnquist Åstrand -@author last updated @value{UPDATED} +@subtitle 2008 +@author Love Hörnquist Ã…strand -@def@copynext{@vskip 20pt plus 1fil@penalty-1000} +@def@copynext{@vskip 20pt plus 1fil} @def@copyrightstart{} @def@copyrightend{} @page @copyrightstart -Copyright (c) 1994-2007 Kungliga Tekniska Högskolan +Copyright (c) 1994-2008 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. @@ -72,26 +72,6 @@ SUCH DAMAGE. @copynext -Copyright (C) 1990 by the Massachusetts Institute of Technology - -Export of this software from the United States of America may -require a specific license from the United States Government. -It is the responsibility of any person or organization contemplating -export to obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - -@copynext - Copyright (c) 1988, 1990, 1993 The Regents of the University of California. All rights reserved. @@ -194,14 +174,15 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. @top Heimdal @end ifnottex -This manual is last updated @value{UPDATED} for version -@value{VERSION} of hx509. +This manual is for version @value{VERSION} of hx509. @menu * Introduction:: * What is X.509 ?:: * Setting up a CA:: * CMS signing and encryption:: +* Certificate matching:: +* Software PKCS 11 module:: @detailmenu --- The Detailed Node Listing --- @@ -222,38 +203,69 @@ CMS signing and encryption * CMS background:: +Certificate matching + +* Matching syntax:: + +Software PKCS 11 module + +* How to use the PKCS11 module:: + @end detailmenu @end menu @node Introduction, What is X.509 ?, Top, Top @chapter Introduction -hx509 is a somewhat complete X.509 stack that can handle CMS messages -(crypto system used in S/MIME and Kerberos PK-INIT) and basic -certificate processing tasks, path construction, path validation, OCSP -and CRL validation, PKCS10 message construction, CMS Encrypted (shared -secret encrypted), CMS SignedData (certificate signed), and CMS -EnvelopedData (certificate encrypted). +The goals of a PKI infrastructure (as defined in +RFC 3280) is to meet +@emph{the needs of deterministic, automated identification, authentication, access control, and authorization}. -hx509 can use PKCS11 tokens, PKCS12 files, PEM files, DER encoded files. + +The administrator should be aware of certain terminologies as explained by the aforementioned +RFC before attemping to put in place a PKI infrastructure. Briefly, these are: + +@itemize @bullet +@item CA +Certificate Authority +@item RA +Registration Authority, i.e., an optional system to which a CA delegates certain management functions. +@item CRL Issuer +An optional system to which a CA delegates the publication of certificate revocation lists. +@item Repository +A system or collection of distributed systems that stores certificates and CRLs +and serves as a means of distributing these certificates and CRLs to end entities +@end itemize + +hx509 (Heimdal x509 support) is a near complete X.509 stack that can +handle CMS messages (crypto system used in S/MIME and Kerberos PK-INIT) +and basic certificate processing tasks, path construction, path +validation, OCSP and CRL validation, PKCS10 message construction, CMS +Encrypted (shared secret encrypted), CMS SignedData (certificate +signed), and CMS EnvelopedData (certificate encrypted). + +hx509 can use PKCS11 tokens, PKCS12 files, PEM files, and/or DER encoded +files. @node What is X.509 ?, Setting up a CA, Introduction, Top @chapter What is X.509, PKIX, PKCS7 and CMS ? -X.509 is from the beginning created by CCITT (later ITU) for the X.500 -directory service. But today when people are talking about X.509 they -are commonly referring to IETF's PKIX Certificate and CRL Profile of the -X.509 v3 certificate standard, as specified in RFC 3280. +X.509 was created by CCITT (later ITU) for the X.500 directory +service. Today, X.509 discussions and implementations commonly reference +the IETF's PKIX Certificate and CRL Profile of the X.509 v3 certificate +standard, as specified in RFC 3280. -ITU continues to develop the X.509 standard together in a complicated -dance with IETF. +ITU continues to develop the X.509 standard together with the IETF in a +rather complicated dance. -X.509 is public key based security system that have associated data -stored within a so called certificate. From the beginning X.509 was a -strict hierarchical system with one root. This didn't not work so over -time X.509 got support for multiple policy roots, bridges, and mesh -solutions. You can even use it as a peer to peer system, but this is not -very common. +X.509 is a public key based security system that has associated data +stored within a so called certificate. Initially, X.509 was a strict +hierarchical system with one root. However, ever evolving requiments and +technology advancements saw the inclusion of multiple policy roots, +bridges and mesh solutions. + +x.509 can also be used as a peer to peer system, though often seen as a +common scenario. @section Type of certificates @@ -263,36 +275,36 @@ There are several flavors of certificate in X.509. @item Trust anchors -Trust anchors are strictly not certificate, but commonly stored in -certificate since they are easier to handle then. Trust anchor are the -keys that you trust to validate other certificate. This is done by -building a path from the certificate you wan to validate to to any of -the trust anchors you have. +Trust anchors are strictly not certificates, but commonly stored in a +certificate format as they become easier to manage. Trust anchors are +the keys that an end entity would trust to validate other certificates. +This is done by building a path from the certificate you want to +validate to to any of the trust anchors you have. @item End Entity (EE) certificates -End entity certificates is the most common type of certificate. End -entity certificates can't issue certificate them-self and is used to -authenticate and authorize user and services. +End entity certificates are the most common types of certificates. End +entity certificates cannot issue (sign) certificate themselves and are generally +used to authenticate and authorize users and services. @item Certification Authority (CA) certificates -Certificate authority are certificates that have the right to issue -other certificate, they may be End entity certificates or Certificate -Authority certificates. There is no limit to how many certificates a CA +Certificate authority certificates have the right to issue additional +certificates (be it sub-ordinate CA certificates to build an trust anchors +or end entity certificates). There is no limit to how many certificates a CA may issue, but there might other restrictions, like the maximum path depth. @item Proxy certificates -Remember that End Entity can't issue certificates by them own, it's not -really true. There there is an extension called proxy certificates, -defined in RFC3820, that allows certificates to be issued by end entity -certificates. The service that receives the proxy certificates must have -explicitly turned on support for proxy certificates, so their use is -somewhat limited. +Remember the statement "End Entity certificates cannot issue +certificates"? Well that statement is not entirely true. There is an +extension called proxy certificates defined in RFC3820, that allows +certificates to be issued by end entity certificates. The service that +receives the proxy certificates must have explicitly turned on support +for proxy certificates, so their use is somewhat limited. -Proxy certificates can be limited by policy stored in the certificate to +Proxy certificates can be limited by policies stored in the certificate to what they can be used for. This allows users to delegate the proxy certificate to services (by sending over the certificate and private key) so the service can access services on behalf of the user. @@ -302,59 +314,52 @@ large job in the middle of the night when the printer isn't used that much, so the user creates a proxy certificate with the policy that it can only be used to access files related to this print job, creates the print job description and send both the description and proxy -certificate with key over to print service. Later at night will the -print service, without the help of the user, access the files for the -the print job using the proxy certificate and print the job. Because of -the policy (limitation) in the proxy certificate, it can't be used for -any other purposes. +certificate with key over to print service. Later at night when the +print service initializes (without any user intervention), access to the files +for the print job is granted via the proxy certificate. As a result of (in-place) +policy limitations, the certificate cannot be used for any other purposes. @end itemize @section Building a path -Before validating a path the path must be constructed. Given a -certificate (EE, CA, Proxy, or any other type), the path construction -algorithm will try to find a path to one of the trust anchors. +Before validating a certificate path (or chain), the path needs to be +constructed. Given a certificate (EE, CA, Proxy, or any other type), +the path construction algorithm will try to find a path to one of the +trust anchors. -It start with looking at whom issued the certificate, by name or Key -Identifier, and tries to find that certificate while at the same time -evaluates the policy. +The process starts by looking at the issuing CA of the certificate, by +Name or Key Identifier, and tries to find that certificate while at the +same time evaluting any policies in-place. @node Setting up a CA, Creating a CA certificate, What is X.509 ?, Top @chapter Setting up a CA -Do not let this chapter scare you off, it's just to give you an idea how -to complicated setting up a CA can be. If you are just playing around, -skip all this and go to the next chapter, @pxref{Creating a CA -certificate}. +Do not let information overload scare you off! If you are simply testing +or getting started with a PKI infrastructure, skip all this and go to +the next chapter (see: @pxref{Creating a CA certificate}). Creating a CA certificate should be more the just creating a -certificate, there is the policy of the CA. If it's just you and your -friend that is playing around then it probably doesn't matter what the -policy is. But then it comes to trust in an organisation, it will -probably matter more whom your users and sysadmins will find it -acceptable to trust. +certificate, CA's should define a policy. Again, if you are simply +testing a PKI, policies do not matter so much. However, when it comes to +trust in an organisation, it will probably matter more whom your users +and sysadmins will find it acceptable to trust. -At the same time, try to keep thing simple, it's not very hard to run a -Certificate authority and the process to get new certificates should -simple. +At the same time, try to keep things simple, it's not very hard to run a +Certificate authority and the process to get new certificates should be simple. -Fill all this in later. +You may find it helpful to answer the following policy questions for +your organization at a later stage: -How do you trust your CA. - -What is the CA responsibility. - -Review of CA activity. - -How much process should it be to issue certificate. - -Who is allowed to issue certificates. - -Who is allowed to requests certificates. - -How to handle certificate revocation, issuing CRLs and maintain OCSP -services. +@itemize @bullet +@item How do you trust your CA. +@item What is the CA responsibility. +@item Review of CA activity. +@item How much process should it be to issue certificate. +@item Who is allowed to issue certificates. +@item Who is allowed to requests certificates. +@item How to handle certificate revocation, issuing CRLs and maintain OCSP services. +@end itemize @node Creating a CA certificate, Issuing certificates, Setting up a CA, Top @section Creating a CA certificate @@ -365,10 +370,10 @@ about. @subsection Lifetime CA certificate You probably want to create a CA certificate with a long lifetime, 10 -years at the shortest. This because you don't want to push out the -certificate (as a trust anchor) to all you users once again when the old -one just expired. A trust anchor can't really expire, but not all -software works that way. +years at the very minimum. This is because you don't want to push out the +certificate (as a trust anchor) to all you users again when the old +CA certificate expires. Although a trust anchor can't really expire, not all +software works in accordance with published standards. Keep in mind the security requirements might be different 10-20 years into the future. For example, SHA1 is going to be withdrawn in 2010, so @@ -377,7 +382,7 @@ algorithms, signature algorithms and key lengths. @subsection Create a CA certificate -This command below will create a CA certificate in the file ca.pem. +This command below can be used to generate a self-signed CA certificate. @example hxtool issue-certificate \ @@ -389,14 +394,14 @@ hxtool issue-certificate \ --certificate="FILE:ca.pem" @end example -@subsection Extending lifetime of a CA certificate +@subsection Extending the lifetime of a CA certificate You just realised that your CA certificate is going to expire soon and -that you need replace it with something else, the easiest way to do that -is to extend the lifetime of your CA certificate. +that you need replace it with a new CA. The easiest way to do that +is to extend the lifetime of your existing CA certificate. -The example below will extend the CA certificate 10 years into the -future. You should compare this new certificate if it contains all the +The example below will extend the CA certificate's lifetime by 10 years. +You should compare this new certificate if it contains all the special tweaks as the old certificate had. @example @@ -412,7 +417,7 @@ hxtool issue-certificate \ @subsection Subordinate CA -This example create a new subordinate certificate authority. +This example below creates a new subordinate certificate authority. @example hxtool issue-certificate \ @@ -428,17 +433,34 @@ hxtool issue-certificate \ @section Issuing certificates First you'll create a CA certificate, after that you have to deal with -your users and servers and issue certificate to them. +your users and servers and issue certificates to them. -CA can generate the key for the user. +@c I think this section needs a bit of clarity. Can I add a separate +@c section which explains CSRs as well? -Can receive PKCS10 certificate requests from the users. PKCS10 is a -request for a certificate. The user can specified what DN the user wants -and what public key. To prove the user have the key, the whole request -is signed by the private key of the user. + +@itemize @bullet + +@item Do all the work themself + +Generate the key for the user. This has the problme that the the CA +knows the private key of the user. For a paranoid user this might leave +feeling of disconfort. + +@item Have the user do part of the work + +Receive PKCS10 certificate requests fromusers. PKCS10 is a request for a +certificate. The user may specify what DN they want as well as provide +a certificate signing request (CSR). To prove the user have the key, +the whole request is signed by the private key of the user. + +@end itemize @subsection Name space management +@c The explanation given below is slightly unclear. I will re-read the +@c RFC and document accordingly + What people might want to see. Re-issue certificates just because people moved within the organization. @@ -449,22 +471,43 @@ Using Sub-component name (+ notation). @subsection Certificate Revocation, CRL and OCSP -Sonetimes people loose smartcard or computers and certificates have to -be make not valid any more, this is called revoking certificates. There -are two main protocols for doing this Certificate Revocations Lists -(CRL) and Online Certificate Status Protocol (OCSP). +Certificates that a CA issues may need to be revoked at some stage. As +an example, an employee leaves the organization and does not bother +handing in his smart card (or even if the smart card is handed back -- +the certificate on it must no longer be acceptable to services; the +employee has left). -If you know that the certificate is destroyed then there is no need to -revoke the certificate because it can not be used by someone else. +You may also want to revoke a certificate for a service which is no +longer being offered on your network. Overlooking these scenarios can +lead to security holes which will quickly become a nightmare to deal +with. + +There are two primary protocols for dealing with certificate +revokation. Namely: + +@itemize @bullet +@item Certificate Revocation List (CRL) +@item Online Certificate Status Protocol (OCSP) +@end itemize + +If however the certificate in qeustion has been destroyed, there is no +need to revoke the certificate because it can not be used by someone +else. This matter since for each certificate you add to CRL, the +download time and processing time for clients are longer. + +CRLs and OCSP responders however greatly help manage compatible services +which may authenticate and authorize users (or services) on an on-going +basis. As an example, VPN connectivity established via certificates for +connecting clients would require your VPN software to make use of a CRL +or an OCSP service to ensure revoked certificates belonging to former +clients are not allowed access to (formerly subscribed) network +services. -The main reason you as a CA administrator have to deal with CRLs however -will be that some software require there to be CRLs. Example of this is -Windows, so you have to deal with this somehow. @node Issuing CRLs, Application requirements, Issuing certificates, Top @section Issuing CRLs -Create an empty CRL with not certificates revoked. Default expiration +Create an empty CRL with no certificates revoked. Default expiration value is one year from now. @example @@ -488,7 +531,7 @@ hxtool crl-sign \ @node Application requirements, CMS signing and encryption, Issuing CRLs, Top @section Application requirements -Application have different requirements on certificates. This section +Application place different requirements on certificates. This section tries to expand what they are and how to use hxtool to generate certificates for those services. @@ -521,14 +564,14 @@ The email address format used in S/MIME certificates is defined in RFC2822, section 3.4.1 and it should be an ``addr-spec''. There are two ways to specifify email address in certificates. The old -ways is in the subject distinguished name, this should not be used. The +way is in the subject distinguished name, @emph{this should not be used}. The new way is using a Subject Alternative Name (SAN). -But even though email address is stored in certificates, they don't need -to, email reader programs are required to accept certificates that -doesn't have either of the two methods of storing email in certificates. -In that case, they try to protect the user by printing the name of the -certificate instead. +Even though the email address is stored in certificates, they don't need +to be, email reader programs are required to accept certificates that +doesn't have either of the two methods of storing email in certificates +-- in which case, the email client will try to protect the user by +printing the name of the certificate instead. S/MIME certificate can be used in another special way. They can be issued with a NULL subject distinguished name plus the email in SAN, @@ -561,26 +604,51 @@ hxtool issue-certificate \ @subsection PK-INIT -How to create a certificate for a KDC. +A PK-INIT infrastructure allows users and services to pick up kerberos +credentials (tickets) based on their certificate. This, for example, +allows users to authenticate to their desktops using smartcards while +acquiring kerberos tickets in the process. + +As an example, an office network which offers centrally controlled +desktop logins, mail, messaging (xmpp) and openafs would give users +single sign-on facilities via smartcard based logins. Once the kerberos +ticket has been acquired, all kerberized services would immediately +become accessible based on deployed security policies. + +Let's go over the process of initializing a demo PK-INIT framework: @example hxtool issue-certificate \ - --type="pkinit-kdc" \ - --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \ - --hostname kerberos.test.h5l.se \ - --hostname pal.test.h5l.se \ - ... + --type="pkinit-kdc" \ + --pk-init-principal="krbtgt/TEST.H5L.SE@@TEST.H5L.SE" \ + --hostname=kerberos.test.h5l.se \ + --ca-certificate="FILE:ca.pem,ca.key" \ + --generate-key=rsa \ + --certificate="FILE:kdc.pem" \ + --subject="cn=kdc" @end example How to create a certificate for a user. @example hxtool issue-certificate \ - --type="pkinit-client" \ - --pk-init-principal="user@@TEST.H5L.SE" \ - ... + --type="pkinit-client" \ + --pk-init-principal="user@@TEST.H5L.SE" \ + --ca-certificate="FILE:ca.pem,ca.key" \ + --generate-key=rsa \ + --subject="cn=Test User" \ + --certificate="FILE:user.pem" @end example +The --type field can be specified multiple times. The same certificate +can hence house extensions for both pkinit-client as well as S/MIME. + +To use the PKCS11 module, please see the section: +@pxref{How to use the PKCS11 module}. + +More about how to configure the KDC, see the documentation in the +Heimdal manual to set up the KDC. + @subsection XMPP/Jabber The jabber server certificate should have a dNSname that is the same as @@ -623,10 +691,66 @@ CMS is the Cryptographic Message System that among other, is used by S/MIME (secure email) and Kerberos PK-INIT. It's an extended version of the RSA, Inc standard PKCS7. -@node CMS background, , CMS signing and encryption, Top +@node CMS background, Certificate matching, CMS signing and encryption, Top @section CMS background +@node Certificate matching, Matching syntax, CMS background, Top +@chapter Certificate matching + +To match certificates hx509 have a special query language to match +certifictes in queries and ACLs. + +@node Matching syntax, Software PKCS 11 module, Certificate matching, Top +@section Matching syntax + +This is the language definitions somewhat slopply descriped: + +@example + +expr = TRUE, + FALSE, + ! expr, + expr AND expr, + expr OR expr, + ( expr ) + compare + +compare = + word == word, + word != word, + word IN ( word [, word ...]) + word IN %@{variable.subvariable@} + +word = + STRING, + %@{variable@} + +@end example + +@node Software PKCS 11 module, How to use the PKCS11 module, Matching syntax, Top +@chapter Software PKCS 11 module + +PKCS11 is a standard created by RSA, Inc to support hardware and +software encryption modules. It can be used by smartcard to expose the +crypto primitives inside without exposing the crypto keys. + +Hx509 includes a software implementation of PKCS11 that runs within the +memory space of the process and thus exposes the keys to the +application. + +@node How to use the PKCS11 module, , Software PKCS 11 module, Top +@section How to use the PKCS11 module + +@example +$ cat > ~/.soft-pkcs11.rc < - -int -main(int argc, char **argv) -@{ - krb5_context context; - - if (krb5_context(&context)) - errx (1, "krb5_context"); -@end example - -Now the client wants to connect to the host at the other end. The -preferred way of doing this is using @manpage{getaddrinfo,3} (for -operating system that have this function implemented), since getaddrinfo -is neutral to the address type and can use any protocol that is available. - -@example - struct addrinfo *ai, *a; - struct addrinfo hints; - int error; - - memset (&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_TCP; - - error = getaddrinfo (hostname, "pop3", &hints, &ai); - if (error) - errx (1, "%s: %s", hostname, gai_strerror(error)); - - for (a = ai; a != NULL; a = a->ai_next) @{ - int s; - - s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); - if (s < 0) - continue; - if (connect (s, a->ai_addr, a->ai_addrlen) < 0) @{ - warn ("connect(%s)", hostname); - close (s); - continue; - @} - freeaddrinfo (ai); - ai = NULL; - @} - if (ai) @{ - freeaddrinfo (ai); - errx ("failed to contact %s", hostname); - @} -@end example - -Before authenticating, an authentication context needs to be -created. This context keeps all information for one (to be) authenticated -connection (see @manpage{krb5_auth_context,3}). - -@example - status = krb5_auth_con_init (context, &auth_context); - if (status) - krb5_err (context, 1, status, "krb5_auth_con_init"); -@end example - -For setting the address in the authentication there is a help function -@code{krb5_auth_con_setaddrs_from_fd} that does everything that is needed -when given a connected file descriptor to the socket. - -@example - status = krb5_auth_con_setaddrs_from_fd (context, - auth_context, - &sock); - if (status) - krb5_err (context, 1, status, - "krb5_auth_con_setaddrs_from_fd"); -@end example - -The next step is to build a server principal for the service we want -to connect to. (See also @manpage{krb5_sname_to_principal,3}.) - -@example - status = krb5_sname_to_principal (context, - hostname, - service, - KRB5_NT_SRV_HST, - &server); - if (status) - krb5_err (context, 1, status, "krb5_sname_to_principal"); -@end example - -The client principal is not passed to @manpage{krb5_sendauth,3} -function, this causes the @code{krb5_sendauth} function to try to figure it -out itself. - -The server program is using the function @manpage{krb5_recvauth,3} to -receive the Kerberos 5 authenticator. - -In this case, mutual authentication will be tried. That means that the server -will authenticate to the client. Using mutual authentication -is good since it enables the user to verify that they are talking to the -right server (a server that knows the key). - -If you are using a non-blocking socket you will need to do all work of -@code{krb5_sendauth} yourself. Basically you need to send over the -authenticator from @manpage{krb5_mk_req,3} and, in case of mutual -authentication, verifying the result from the server with -@manpage{krb5_rd_rep,3}. - -@example - status = krb5_sendauth (context, - &auth_context, - &sock, - VERSION, - NULL, - server, - AP_OPTS_MUTUAL_REQUIRED, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL); - if (status) - krb5_err (context, 1, status, "krb5_sendauth"); -@end example - -Once authentication has been performed, it is time to send some -data. First we create a krb5_data structure, then we sign it with -@manpage{krb5_mk_safe,3} using the @code{auth_context} that contains the -session-key that was exchanged in the -@manpage{krb5_sendauth,3}/@manpage{krb5_recvauth,3} authentication -sequence. - -@example - data.data = "hej"; - data.length = 3; - - krb5_data_zero (&packet); - - status = krb5_mk_safe (context, - auth_context, - &data, - &packet, - NULL); - if (status) - krb5_err (context, 1, status, "krb5_mk_safe"); -@end example - -And send it over the network. - -@example - len = packet.length; - net_len = htonl(len); - - if (krb5_net_write (context, &sock, &net_len, 4) != 4) - err (1, "krb5_net_write"); - if (krb5_net_write (context, &sock, packet.data, len) != len) - err (1, "krb5_net_write"); -@end example - -To send encrypted (and signed) data @manpage{krb5_mk_priv,3} should be -used instead. @manpage{krb5_mk_priv,3} works the same way as -@manpage{krb5_mk_safe,3}, with the exception that it encrypts the data -in addition to signing it. - -@example - data.data = "hemligt"; - data.length = 7; - - krb5_data_free (&packet); - - status = krb5_mk_priv (context, - auth_context, - &data, - &packet, - NULL); - if (status) - krb5_err (context, 1, status, "krb5_mk_priv"); -@end example - -And send it over the network. - -@example - len = packet.length; - net_len = htonl(len); - - if (krb5_net_write (context, &sock, &net_len, 4) != 4) - err (1, "krb5_net_write"); - if (krb5_net_write (context, &sock, packet.data, len) != len) - err (1, "krb5_net_write"); - -@end example - -The server is using @manpage{krb5_rd_safe,3} and -@manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet. - -@node Validating a password in a server application, API differences to MIT Kerberos, Walkthrough of a sample Kerberos 5 client, Programming with Kerberos -@section Validating a password in an application - -See the manual page for @manpage{krb5_verify_user,3}. - -@node API differences to MIT Kerberos, File formats, Validating a password in a server application, Programming with Kerberos -@section API differences to MIT Kerberos - -This section is somewhat disorganised, but so far there is no overall -structure to the differences, though some of the have their root in -that Heimdal uses an ASN.1 compiler and MIT doesn't. - -@subsection Principal and realms - -Heimdal stores the realm as a @code{krb5_realm}, that is a @code{char *}. -MIT Kerberos uses a @code{krb5_data} to store a realm. - -In Heimdal @code{krb5_principal} doesn't contain the component -@code{name_type}; it's instead stored in component -@code{name.name_type}. To get and set the nametype in Heimdal, use -@manpage{krb5_principal_get_type,3} and -@manpage{krb5_principal_set_type,3}. - -For more information about principal and realms, see -@manpage{krb5_principal,3}. - -@subsection Error messages - -To get the error string, Heimdal uses -@manpage{krb5_get_error_string,3} or, if @code{NULL} is returned, -@manpage{krb5_get_err_text,3}. This is to return custom error messages -(like ``Can't find host/datan.example.com@@EXAMPLE.COM in -/etc/krb5.conf.'' instead of a ``Key table entry not found'' that -@manpage{error_message,3} returns. - -Heimdal uses a threadsafe(r) version of the com_err interface; the -global @code{com_err} table isn't initialised. Then -@manpage{error_message,3} returns quite a boring error string (just -the error code itself). - - -@c @node Why you should use GSS-API for new applications, Walkthrough of a sample GSS-API client, Validating a password in a server application, Programming with Kerberos -@c @section Why you should use GSS-API for new applications -@c -@c SSPI, bah, bah, microsoft, bah, bah, almost GSS-API. -@c -@c It would also be possible for other mechanisms then Kerberos, but that -@c doesn't exist any other GSS-API implementations today. -@c -@c @node Walkthrough of a sample GSS-API client, , Why you should use GSS-API for new applications, Programming with Kerberos -@c @section Walkthrough of a sample GSS-API client -@c -@c Write about how gssapi_clent.c works. - -@node File formats, , API differences to MIT Kerberos, Programming with Kerberos -@section File formats - -This section documents the diffrent file formats that are used in -Heimdal and other Kerberos implementations. - -@subsection keytab - -The keytab binary format is not a standard format. The format has -evolved and may continue to. It is however understood by several -Kerberos implementations including Heimdal, MIT, Sun's Java ktab and -are created by the ktpass.exe utility from Windows. So it has -established itself as the defacto format for storing Kerberos keys. - -The following C-like structure definitions illustrate the MIT keytab -file format. All values are in network byte order. All text is ASCII. - -@example - keytab @{ - uint16_t file_format_version; /* 0x502 */ - keytab_entry entries[*]; - @}; - - keytab_entry @{ - int32_t size; - uint16_t num_components; /* subtract 1 if version 0x501 */ - counted_octet_string realm; - counted_octet_string components[num_components]; - uint32_t name_type; /* not present if version 0x501 */ - uint32_t timestamp; - uint8_t vno8; - keyblock key; - uint32_t vno; /* only present if >= 4 bytes left in entry */ - @}; - - counted_octet_string @{ - uint16_t length; - uint8_t data[length]; - @}; - - keyblock @{ - uint16_t type; - counted_octet_string; - @}; -@end example - -All numbers are stored in network byteorder (big endian) format. - -The keytab file format begins with the 16 bit file_format_version which -at the time this document was authored is 0x502. The format of older -keytabs is described at the end of this document. - -The file_format_version is immediately followed by an array of -keytab_entry structures which are prefixed with a 32 bit size indicating -the number of bytes that follow in the entry. Note that the size should be -evaluated as signed. This is because a negative value indicates that the -entry is in fact empty (e.g. it has been deleted) and that the negative -value of that negative value (which is of course a positive value) is -the offset to the next keytab_entry. Based on these size values alone -the entire keytab file can be traversed. - -The size is followed by a 16 bit num_components field indicating the -number of counted_octet_string components in the components array. - -The num_components field is followed by a counted_octet_string -representing the realm of the principal. - -A counted_octet_string is simply an array of bytes prefixed with a 16 -bit length. For the realm and name components, the counted_octet_string -bytes are ASCII encoded text with no zero terminator. - -Following the realm is the components array that represents the name of -the principal. The text of these components may be joined with slashs -to construct the typical SPN representation. For example, the service -principal HTTP/www.foo.net@@FOO.NET would consist of name components -"HTTP" followed by "www.foo.net". - -Following the components array is the 32 bit name_type (e.g. 1 is -KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In -practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL. - -The 32 bit timestamp indicates the time the key was established for that -principal. The value represents the number of seconds since Jan 1, 1970. - -The 8 bit vno8 field is the version number of the key. This value is -overridden by the 32 bit vno field if it is present. The vno8 field is -filled with the lower 8 bits of the 32 bit protocol kvno field. - -The keyblock structure consists of a 16 bit value indicating the -encryption type and is a counted_octet_string containing the key. The -encryption type is the same as the Kerberos standard (e.g. 3 is -des-cbc-md5, 23 is arcfour-hmac-md5, etc). - -The last field of the keytab_entry structure is optional. If the size of -the keytab_entry indicates that there are at least 4 bytes remaining, -a 32 bit value representing the key version number is present. This -value supersedes the 8 bit vno8 value preceeding the keyblock. - -Older keytabs with a file_format_version of 0x501 are different in -three ways: - -@table @asis -@item All integers are in host byte order [1]. -@item The num_components field is 1 too large (i.e. after decoding, decrement by 1). -@item The 32 bit name_type field is not present. -@end table - -[1] The file_format_version field should really be treated as two -separate 8 bit quantities representing the major and minor version -number respectively. - -@subsection Heimdal database dump file - -Format of the Heimdal text dump file as of Heimdal 0.6.3: - -Each line in the dump file is one entry in the database. - -Each field of a line is separated by one or more spaces, with the -exception of fields consisting of principals containing spaces, where -space can be quoted with \ and \ is quoted by \. - -Fields and their types are: - -@example - Quoted princial (quote character is \) [string] - Keys [keys] - Created by [event] - Modified by [event optional] - Valid start time [time optional] - Valid end time [time optional] - Password end valid time [time optional] - Max lifetime of ticket [time optional] - Max renew time of ticket [integer optional] - Flags [hdb flags] - Generation number [generation optional] - Extensions [extentions optional] -@end example - -Fields following these silently are ignored. - -All optional fields will be skipped if they fail to parse (or comprise -the optional field marker of "-", w/o quotes). - -Example: - -@example -fred@@EXAMPLE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin@@EXAMPLE.COM 20041221112428:fred@@EXAMPLE.COM - - - 86400 604800 126 20020415130120:793707:28 - -@end example - -Encoding of types are as follows: - -@table @asis -@item keys - -@example -kvno:[masterkvno:keytype:keydata:salt]@{zero or more separated by :@} -@end example - -kvno is the key version number. - -keydata is hex-encoded - -masterkvno is the kvno of the database master key. If this field is -empty, the kadmin load and merge operations will encrypt the key data -with the master key if there is one. Otherwise the key data will be -imported asis. - -salt is encoded as "-" (no/default salt) or - -@example -salt-type / -salt-type / "string" -salt-type / hex-encoded-data -@end example - -keytype is the protocol enctype number; see enum ENCTYPE in -include/krb5_asn1.h for values. - -Example: -@example -27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- -@end example - - -@example -kvno=27,@{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt@}... -@end example - -@item time - -Format of the time is: YYYYmmddHHMMSS, corresponding to strftime -format "%Y%m%d%k%M%S". - -Time is expressed in UTC. - -Time can be optional (using -), when the time 0 is used. - -Example: - -@example -20041221112428 -@end example - -@item event - -@example - time:principal -@end example - -time is as given in format time - -principal is a string. Not quoting it may not work in earlier -versions of Heimdal. - -Example: -@example -20041221112428:bloggs@@EXAMPLE.COM -@end example - -@item hdb flags - -Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each -bit in the integer is the same as the bit in the specification. - -@item generation: - -@example -time:usec:gen -@end example - - -usec is a the microsecond, integer. -gen is generation number, integer. - -The generation can be defaulted (using '-') or the empty string - -@item extensions: - -@example -first-hex-encoded-HDB-Extension[:second-...] -@end example - -HDB-extension is encoded the DER encoded HDB-Extension from -lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that -unknown entires needs to be preserved even thought the ASN.1 data -content might be unknown. There is a critical flag in the data to show -to the KDC that the entry MUST be understod if the entry is to be -used. - -@end table +See the Kerberos 5 API introduction and documentation on the Heimdal +webpage. diff --git a/crypto/heimdal/doc/setup.texi b/crypto/heimdal/doc/setup.texi index 02e7972c1df..ad5476f325d 100644 --- a/crypto/heimdal/doc/setup.texi +++ b/crypto/heimdal/doc/setup.texi @@ -1,4 +1,4 @@ -@c $Id: setup.texi 22191 2007-12-06 17:26:30Z lha $ +@c $Id$ @node Setting up a realm, Applications, Building and Installing, Top @@ -24,12 +24,14 @@ doing so. It will make life easier for you and everyone else. * Slave Servers:: * Incremental propagation:: * Encryption types and salting:: +* Credential cache server - KCM:: * Cross realm:: * Transit policy:: * Setting up DNS:: * Using LDAP to store the database:: * Providing Kerberos credentials to servers and programs:: * Setting up PK-INIT:: +* Debugging Kerberos problems:: @end menu @node Configuration file, Creating the database, Setting up a realm, Setting up a realm @@ -92,6 +94,8 @@ with contents similar to the following. MY.REALM = @{ kdc = my.kdc my.slave.kdc kdc = my.third.kdc + kdc = 130.237.237.17 + kdc = [2001:6b0:1:ea::100]:88 @} [domain_realm] .my.domain = MY.REALM @@ -103,6 +107,14 @@ If you use a realm name equal to your domain name, you can omit the SRV-record for your realm, or your Kerberos server has DNS CNAME @samp{kerberos.my.realm}, you can omit the @samp{realms} section too. +@cindex KRB5_CONFIG +If you want to use a different configuration file then the default you +can point a file with the enviroment variable @samp{KRB5_CONFIG}. + +@example +env KRB5_CONFIG=$HOME/etc/krb5.conf kinit user@@REALM +@end example + @node Creating the database, Modifying the database, Configuration file, Setting up a realm @section Creating the database @@ -267,14 +279,14 @@ check are for existence and flags on important principals. The database check by run by the following command : @example -kadmin check REALM.EXAMPLE.ORG +kadmin -l check REALM.EXAMPLE.ORG @end example @node keytabs, Serving Kerberos 4/524/kaserver, Checking the setup, Setting up a realm @section keytabs To extract a service ticket from the database and put it in a keytab, you -need to first create the principal in the database with @samp{ank} +need to first create the principal in the database with @samp{add} (using the @kbd{--random-key} flag to get a random key) and then extract it with @samp{ext_keytab}. @@ -306,7 +318,7 @@ on Kerberos 4 support having been included at compile-time, using 524 is a service that allows the KDC to convert Kerberos 5 tickets to Kerberos 4 tickets for backward compatibility. See also Using 2b -tokens with AFS in @xref{Things in search for a better place}. +tokens with AFS in @xref{AFS}. 524 can be turned on by adding this to the configuration file @@ -403,7 +415,17 @@ To allow users to change their passwords, you should run @command{kpasswdd}. It is not run from @command{inetd}. You might need to add @samp{kpasswd} to your @file{/etc/services} as -@samp{464/udp}. +@samp{464/udp}. If your realm is not setup to use DNS, you might also +need to add a @samp{kpasswd_server} entry to the realm configuration +in @file{/etc/krb5.conf} on client machines: + +@example +[realms] + MY.REALM = @{ + kdc = my.kdc my.slave.kdc + kpasswd_server = my.kdc + @} +@end example @subsection Password quality assurance @@ -419,16 +441,18 @@ controls, add lines similar to the following to your @example [password_quality] - policies = external-check builtin:minimum-length module:policyname + policies = external-check builtin:minimum-length modulename:policyname external_program = /bin/false policy_libraries = @var{library1.so} @var{library2.so} @end example In @samp{[password_quality]policies} the module name is optional if the policy name is unique in all modules (members of -@samp{policy_libraries}). +@samp{policy_libraries}). All built-in policies can be qualified with +a module name of @samp{builtin} to unambiguously specify the built-in +policy and not a policy by the same name from a loaded module. -The built-in polices are +The built-in policies are @itemize @bullet @@ -488,7 +512,7 @@ If no password quality checking function is configured, the only check performed is that the password is at least six characters long. To check the password policy settings, use the command -@command{password-quality} in @command{kadmin} program. The password +@command{verify-password-quality} in @command{kadmin} program. The password verification is only performed locally, on the client. It may be convenient to set the environment variable @samp{KRB5_CONFIG} to point to a test version of @file{krb5.conf} while you're testing the @@ -555,7 +579,7 @@ good idea. @node Incremental propagation, Encryption types and salting, Slave Servers, Setting up a realm @section Incremental propagation -There is also a newer, and still somewhat experimental, mechanism for +There is also a newer mechanism for doing incremental propagation in Heimdal. Instead of sending the whole database regularly, it sends the changes as they happen on the master to the slaves. The master keeps track of all the changes by assigning a @@ -572,6 +596,14 @@ the current version at the master (a series of @samp{FORYOU} messages) or the whole database in a @samp{TELLYOUEVERYTHING} message. There is also a keep-alive protocol that makes sure all slaves are up and running. +In addition on listening on the network to get connection from new +slaves, the ipropd-master also listens on a status unix +socket. kadmind and kpasswdd both open that socket when a transation +is done and written a notification to the socket. That cause +ipropd-master to check for new version in the log file. As a fallback in +case a notification is lost by the unix socket, the log file is +checked after 30 seconds of no event. + @subsection Configuring incremental propagation The program that runs on the master is @command{ipropd-master} and all @@ -596,6 +628,11 @@ for every slave. master# /usr/heimdal/sbin/ktutil get iprop/`hostname` @end example +@example +slave# /usr/heimdal/sbin/ktutil get iprop/`hostname` +@end example + + The next step is to start the @command{ipropd-master} process on the master server. The @command{ipropd-master} listens on the UNIX domain socket @file{/var/heimdal/signal} to know when changes have been made to the @@ -612,7 +649,7 @@ slave# /usr/heimdal/libexec/ipropd-slave master & To manage the iprop log file you should use the @command{iprop-log} command. With it you can dump, truncate and replay the logfile. -@node Encryption types and salting, Cross realm, Incremental propagation, Setting up a realm +@node Encryption types and salting, Credential cache server - KCM, Incremental propagation, Setting up a realm @section Encryption types and salting @cindex Salting @cindex Encryption types @@ -673,7 +710,76 @@ the cell name appended to the password. @end itemize -@node Cross realm, Transit policy, Encryption types and salting, Setting up a realm +@node Credential cache server - KCM, Cross realm, Encryption types and salting, Setting up a realm +@section Credential cache server - KCM +@cindex KCM +@cindex Credential cache server + +When KCM running is easy for users to switch between different +kerberos principals using @file{kswitch} or built in support in +application, like OpenSSH's GSSAPIClientIdentity. + +Other advantages are that there is the long term credentials are not +written to disk and on reboot the credential is removed when kcm +process stopps running. + +Configure the system startup script to start the kcm process, +@file{/usr/heimdal/libexec/kcm} and then configure the system to use kcm in @file{krb5.conf}. + +@example +[libdefaults] + default_cc_type = KCM +@end example + +Now when you run @command{kinit} it doesn't overwrite your existing +credentials but rather just add them to the set of +credentials. @command{klist -l} lists the credentials and the star +marks the default credential. + +@example +$ kinit lha@@KTH.SE +lha@@KTH.SE's Password: +$ klist -l + Name Cache name Expires +lha@@KTH.SE 0 Nov 22 23:09:40 * +lha@@SU.SE Initial default ccache Nov 22 14:14:24 +@end example + +When switching between credentials you can use @command{kswitch}. + +@example +$ kswitch -i + Principal +1 lha@@KTH.SE +2 lha@@SU.SE +Select number: 2 +@end example + +After switching, a new set of credentials are used as default. + +@example +$ klist -l + Name Cache name Expires +lha@@SU.SE Initial default ccache Nov 22 14:14:24 * +lha@@KTH.SE 0 Nov 22 23:09:40 +@end example + +Som applications, like openssh with Simon Wilkinsons patch applied, +support specifiying that credential to use. The example below will +login to the host computer.kth.se using lha@@KTH.SE (not the current +default credential). + +@example +$ ssh \ + -o GSSAPIAuthentication=yes \ + -o GSSAPIKeyExchange=yes \ + -o GSSAPIClientIdentity=lha@@KTH.SE \ + computer.kth.se +@end example + + + +@node Cross realm, Transit policy, Credential cache server - KCM, Setting up a realm @section Cross realm @cindex Cross realm @@ -740,17 +846,36 @@ May 3 14:10:54 May 3 23:55:54 host/hummel.it.su.se@@SU.SE @section Transit policy @cindex Transit policy -If you want to use cross realm authentication through an intermediate -realm, it must be explicitly allowed by either the KDCs or the server -receiving the request. This is done in @file{krb5.conf} in the +Under some circumstances, you may not wish to set up direct +cross-realm trust with every realm to which you wish to authenticate +or from which you wish to accept authentications. Kerberos supports +multi-hop cross-realm trust where a client principal in realm A +authenticates to a service in realm C through a realm B with which +both A and C have cross-realm trust relationships. In this situation, +A and C need not set up cross-realm principals between each other. + +If you want to use cross-realm authentication through an intermediate +realm, it must be explicitly allowed by either the KDCs for the realm +to which the client is authenticating (in this case, realm C), or the +server receiving the request. This is done in @file{krb5.conf} in the @code{[capaths]} section. +In addition, the client in realm A need to be configured to know how +to reach realm C via realm B. This can be done either on the client or +via KDC configuration in the KDC for realm A. + +@subsection Allowing cross-realm transits + When the ticket transits through a realm to another realm, the destination realm adds its peer to the "transited-realms" field in the -ticket. The field is unordered, since there is no way to know if -know if one of the transited-realms changed the order of the list. +ticket. The field is unordered, since there is no way to know if know +if one of the transited-realms changed the order of the list. For the +authentication to be accepted by the final destination realm, all of +the transited realms must be listed as trusted in the @code{[capaths]} +configuration, either in the KDC for the destination realm or on the +server receiving the authentication. -The syntax for @code{[capaths]} section: +The syntax for @code{[capaths]} section is: @example [capaths] @@ -759,11 +884,15 @@ The syntax for @code{[capaths]} section: @} @end example -The realm @code{STACKEN.KTH.SE} allows clients from @code{SU.SE} and -@code{DSV.SU.SE} to cross it. Since @code{STACKEN.KTH.SE} only has -direct cross realm setup with @code{KTH.SE}, and @code{DSV.SU.SE} only -has direct cross realm setup with @code{SU.SE} they need to use both -@code{SU.SE} and @code{KTH.SE} as transit realms. +In the following example, the realm @code{STACKEN.KTH.SE} only has +direct cross-realm set up with @code{KTH.SE}. @code{KTH.SE} has +direct cross-realm set up with @code{STACKEN.KTH.SE} and @code{SU.SE}. +@code{DSV.SU.SE} only has direct cross-realm set up with @code{SU.SE}. +The goal is to allow principals in the @code{DSV.SU.SE} or +@code{SU.SE} realms to authenticate to services in +@code{STACKEN.KTH.SE}. This is done with the following +@code{[capaths]} entry on either the server accepting authentication +or on the KDC for @code{STACKEN.KTH.SE}. @example [capaths] @@ -773,17 +902,100 @@ has direct cross realm setup with @code{SU.SE} they need to use both DSV.SU.SE = @{ STACKEN.KTH.SE = SU.SE KTH.SE @} - @end example +The first entry allows cross-realm authentication from clients in +@code{SU.SE} transiting through @code{KTH.SE} to +@code{STACKEN.KTH.SE}. The second entry allows cross-realm +authentication from clients in @code{DSV.SU.SE} transiting through +both @code{SU.SE} and @code{KTH.SE} to @code{STACKEN.KTH.SE}. + +Be careful of which realm goes where; it's easy to put realms in the +wrong place. The block is tagged with the client realm (the realm of +the principal authenticating), and the realm before the equal sign is +the final destination realm: the realm to which the client is +authenticating. After the equal sign go all the realms that the +client transits through. + The order of the @code{PERMITTED-CROSS-REALMS} is not important when doing transit cross realm verification. -However, the order is important when the @code{[capaths]} section is used -to figure out the intermediate realm to go to when doing multi-realm -transit. When figuring out the next realm, the first realm of the list -of @code{PERMITTED-CROSS-REALMS} is chosen. This is done in both the -client kerberos library and the KDC. +@subsection Configuring client cross-realm transits + +The @code{[capaths]} section is also used for another purpose: to tell +clients which realm to transit through to reach a realm with which +their local realm does not have cross-realm trust. This can be done +by either putting a @code{[capaths]} entry in the configuration of the +client or by putting the entry in the configuration of the KDC for the +client's local realm. In the latter case, the KDC will then hand back +a referral to the client when the client requests a cross-realm ticket +to the destination realm, telling the client to try to go through an +intermediate realm. + +For client configuration, the order of @code{PERMITTED-CROSS-REALMS} +is significant, since only the first realm in this section (after the +equal sign) is used by the client. + +For example, again consider the @code{[capaths]} entry above for the +case of a client in the @code{SU.SE} realm, and assume that the client +or the @code{SU.SE} KDC has that @code{[capaths]} entry. If the +client attempts to authenticate to a service in the +@code{STACKEN.KTH.SE} realm, that entry says to first authenticate +cross-realm to the @code{KTH.SE} realm (the first realm listed in the +@code{PERMITTED-CROSS-REALMS} section), and then from there to +@code{STACKEN.KTH.SE}. + +Each entry in @code{[capaths]} can only give the next hop, since only +the first realm in @code{PERMITTED-CROSS-REALMS} is used. If, for +instance, a client in @code{DSV.SU.SE} had a @code{[capaths]} +configuration as above but without the first block for @code{SU.SE}, +they would not be able to reach @code{STACKEN.KTH.SE}. They would get +as far as @code{SU.SE} based on the @code{DSV.SU.SE} entry in +@code{[capaths]} and then attempt to go directly from there to +@code{STACKEN.KTH.SE} and get stuck (unless, of course, the +@code{SU.SE} KDC had the additional entry required to tell the client +to go through @code{KTH.SE}). + +@subsection Active Directory forest example + +One common place where a @code{[capaths]} configuration is desirable +is with Windows Active Directory forests. One common Active Directory +configuration is to have one top-level Active Directory realm but then +divide systems, services, and users into child realms (perhaps based +on organizational unit). One generally establishes cross-realm trust +only with the top-level realm, and then uses transit policy to permit +authentications to and from the child realms. + +For example, suppose an organization has a Heimdal realm +@code{EXAMPLE.COM}, a Windows Active Directory realm +@code{WIN.EXAMPLE.COM}, and then child Active Directory realms +@code{ENGR.WIN.EXAMPLE.COM} and @code{SALES.WIN.EXAMPLE.COM}. The +goal is to allow users in any of these realms to authenticate to +services in any of these realms. The @code{EXAMPLE.COM} KDC (and +possibly client) configuration should therefore contain a +@code{[capaths]} section as follows: + +@example +[capaths] + ENGR.WIN.EXAMPLE.COM = @{ + EXAMPLE.COM = WIN.EXAMPLE.COM + @} + SALES.WIN.EXAMPLE.COM = @{ + EXAMPLE.COM = WIN.EXAMPLE.COM + @} + EXAMPLE.COM = @{ + ENGR.WIN.EXAMPLE.COM = WIN.EXAMPLE.COM + SALES.WIN.EXAMPLE.COM = WIN.EXAMPLE.COM + @} +@end example + +The first two blocks allow clients in the @code{ENGR.WIN.EXAMPLE.COM} +and @code{SALES.WIN.EXAMPLE.COM} realms to authenticate to services in +the @code{EXAMPLE.COM} realm. The third block tells the client (or +tells the KDC to tell the client via referrals) to transit through +@code{WIN.EXAMPLE.COM} to reach these realms. Both sides of the +configuration are needed for bi-directional transited cross-realm +authentication. @c To test the cross realm configuration, use: @c kmumble transit-check client server transit-realms ... @@ -863,6 +1075,8 @@ suitable authorisation policy, it is possible to set this up in a secure fashion. A knowledge of LDAP, Kerberos, and C is necessary to install this backend. The HDB schema was devised by Leif Johansson. +This assumes, OpenLDAP 2.3 or later. + Requirements: @itemize @bullet @@ -880,9 +1094,7 @@ Its also possible to configure the ldap backend as a shared module, see option --hdb-openldap-module to configure. @item -OpenLDAP 2.0.x. Configure OpenLDAP with @kbd{--enable-local} to enable the -local transport. (A patch to support SASL EXTERNAL authentication is -necessary in order to use OpenLDAP 2.1.x.) +Configure OpenLDAP with @kbd{--enable-local} to enable the local transport. @item Add the hdb schema to the LDAP server, it's included in the source-tree @@ -901,7 +1113,7 @@ access to * by dn.exact="uid=heimdal,dc=services,dc=example,dc=com" write ... -sasl-regexp "uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth" +authz-regexp "gidNumber=.*\\\+uidNumber=0,cn=peercred,cn=external,cn=auth'' "uid=heimdal,dc=services,dc=example,dc=com" @end example @@ -970,7 +1182,7 @@ kdc# kadmin -l kadmin> init EXAMPLE.COM Realm max ticket life [unlimited]: Realm max renewable ticket life [unlimited]: -kadmin> ank lukeh +kadmin> add lukeh Max ticket life [1 day]: Max renewable life [1 week]: Principal expiration time [never]: @@ -1004,6 +1216,14 @@ index krb5PrincipalName eq @end itemize +@subsection smbk5pwd overlay + +The smbk5pwd overlay, updates the krb5Key and krb5KeyVersionNumber +appropriately when it receives an LDAP Password change Extended +Operation: + +@url{http://www.openldap.org/devel/cvsweb.cgi/contrib/slapd-modules/smbk5pwd/README?hideattic=1&sortbydate=0} + @subsection Troubleshooting guide @url{https://sec.miljovern.no/bin/view/Info/TroubleshootingGuide} @@ -1073,21 +1293,22 @@ service@@host$ kinit --cache=/var/run/service_krb5_cache \ @end example -@node Setting up PK-INIT, , Providing Kerberos credentials to servers and programs, Setting up a realm +@node Setting up PK-INIT, Debugging Kerberos problems, Providing Kerberos credentials to servers and programs, Setting up a realm @section Setting up PK-INIT -PK-INIT is levering the existing PKI infrastructure to use -certificates to get the initial ticket, that is usually the krbtgt. +PK-INIT leverages an existing PKI (public key infrastructure), using +certificates to get the initial ticket (usually the krbtgt +ticket-granting ticket). -To use PK-INIT you must first have a PKI, so if you don't have one, -it is time to create it. Note that you should read the whole chapter -of the document to see the requirements on the CA software. +To use PK-INIT you must first have a PKI. If you don't have one, it is +time to create it. You should first read the whole chapter of the +document to see the requirements imposed on the CA software. -There needs to exist a mapping between the certificate and what -principals that certificate is allowed to use. There are several ways -to do this. The administrator can use a configuration file, storing -the principal in the SubjectAltName extension of the certificate, or store the -mapping in the principals entry in the kerberos database. +A mapping between the PKI certificate and what principals that +certificate is allowed to use must exist. There are several ways to do +this. The administrator can use a configuration file, store the +principal in the SubjectAltName extension of the certificate, or store +the mapping in the principals entry in the kerberos database. @section Certificates @@ -1097,27 +1318,28 @@ extention. @subsection KDC certificate -The certificate for the KDC have serveral requirements. +The certificate for the KDC has serveral requirements. -First the certificate should have an Extended Key Usage (EKU) -id-pkkdcekuoid (1.3.6.1.5.2.3.5) set. Second there must be a -subjectAltName otherName using oid id-pkinit-san (1.3.6.1.5.2.2) in +First, the certificate should have an Extended Key Usage (EKU) +id-pkkdcekuoid (1.3.6.1.5.2.3.5) set. Second, there must be a +subjectAltName otherName using OID id-pkinit-san (1.3.6.1.5.2.2) in the type field and a DER encoded KRB5PrincipalName that matches the -name of the TGS of the target realm. +name of the TGS of the target realm. Also, if the certificate has a +nameConstraints extention with a Generalname with dNSName or iPAdress, +it must match the hostname or adress of the KDC. -Both of these two requirements are not required by the standard to be -checked by the client if it have external information what the -certificate the KDC is supposed to be used. So it's in the interest of -minimum amount of configuration on the clients they should be included. +The client is not required by the standard to check the server +certificate for this information if the client has external +information confirming which certificate the KDC is supposed to be +using. However, adding this information to the KDC certificate removes +the need to specially configure the client to recognize the KDC +certificate. Remember that if the client would accept any certificate as the KDC's certificate, the client could be fooled into trusting something that isn't a KDC and thus expose the user to giving away information (like -password or other private information) that it is supposed to secret. - -Also, if the certificate has a nameConstraints extention with a -Generalname with dNSName or iPAdress it must match the hostname or -adress of the KDC. +a password or other private information) that it is supposed to keep +secret. @subsection Client certificate @@ -1128,14 +1350,23 @@ It possible to store the principal (if allowed by the KDC) in the certificate and thus delegate responsibility to do the mapping between certificates and principals to the CA. +This behavior is controlled by KDC configuration option: + +@example +[kdc] + pkinit_principal_in_certificate = yes +@end example + @subsubsection Using KRB5PrincipalName in id-pkinit-san -OtherName extention in the GeneralName is used to do the -mapping between certifiate and principal in the certifiate or storing -the krbtgt principal in the KDC certificate. +The OtherName extention in the GeneralName is used to do the mapping +between certificate and principal. For the KDC certificate, this +stores the krbtgt principal name for that KDC. For the client +certificate, this stores the principal for which that certificate is +allowed to get tickets. The principal is stored in a SubjectAltName in the certificate using -OtherName. The oid in the type is id-pkinit-san. +OtherName. The OID in the type is id-pkinit-san. @example id-pkinit-san OBJECT IDENTIFIER ::= @{ iso (1) org (3) dod (6) @@ -1152,32 +1383,32 @@ KRB5PrincipalName ::= SEQUENCE @{ @} @end example -where Realm and PrincipalName is defined by the Kerberos ASN.1 specification. +where Realm and PrincipalName is defined by the Kerberos ASN.1 +specification. @section Naming certificate using hx509 hx509 is the X.509 software used in Heimdal to handle -certificates. hx509 uses different syntaxes to specify the different -formats the certificates are stored in and what formats they exist in. - -There are several formats that can be used, PEM, embedded into PKCS12 -files, embedded into PKCS11 devices and raw DER encoded certificates. -Below is a list of types to use. +certificates. hx509 supports several different syntaxes for specifying +certificate files or formats. Several formats may be used: PEM, +certificates embedded in PKCS#12 files, certificates embedded in +PKCS#11 devices, and raw DER encoded certificates. +Those formats may be specified as follows: @table @asis @item DIR: -DIR is reading all certificates in a directory that is DER or PEM -formatted. +DIR specifies a directory which contains certificates in the DER or +PEM format. The main feature of DIR is that the directory is read on demand when -iterating over certificates, that way applictions can for some cases -avoid to store all certificates in memory. It's very useful for tests -that iterate over larger amount of certificates. +iterating over certificates. This allows applications, in some +situations, to avoid having to store all certificates in memory. It's +very useful for tests that iterate over large numbers of certificates. -Syntax is: +The syntax is: @example DIR:/path/to/der/files @@ -1185,15 +1416,16 @@ DIR:/path/to/der/files @item FILE: -FILE: is used to have the lib pick up a certificate chain and a -private key. The file can be either a PEM (openssl) file or a raw DER -encoded certificate. If it's a PEM file it can contain several keys and +FILE: specifies a file that contains a certificate or private key. +The file can be either a PEM (openssl) file or a raw DER encoded +certificate. If it's a PEM file, it can contain several keys and certificates and the code will try to match the private key and -certificate together. +certificate together. Multiple files may be specified, separated by +commas. -Its useful to have one PEM file that contains all the trust anchors. +It's useful to have one PEM file that contains all the trust anchors. -Syntax is: +The syntax is: @example FILE:certificate.pem,private-key.key,other-cert.pem,.... @@ -1201,11 +1433,12 @@ FILE:certificate.pem,private-key.key,other-cert.pem,.... @item PKCS11: -PKCS11: is used to handle smartcards via PKCS11 drivers, for example -soft-token, opensc, or muscle. The default is to use all slots on the -device/token. +PKCS11: is used to handle smartcards via PKCS#11 drivers, such as +soft-token, opensc, or muscle. The argument specifies a shared object +that implements the PKCS#11 API. The default is to use all slots on +the device/token. -Syntax is: +The syntax is: @example PKCS11:shared-object.so @@ -1213,10 +1446,10 @@ PKCS11:shared-object.so @item PKCS12: -PKCS12: is used to handle PKCS12 files. PKCS12 files commonly have the -extension pfx or p12. +PKCS12: is used to handle PKCS#12 files. PKCS#12 files commonly have +the extension pfx or p12. -Syntax is: +The syntax is: @example PKCS12:/path/to/file.pfx @@ -1227,8 +1460,8 @@ PKCS12:/path/to/file.pfx @section Configure the Kerberos software First configure the client's trust anchors and what parameters to -verify, see subsection below how to do that. Now you can use kinit to -get yourself tickets. One example how that can look like is: +verify. See the subsections below for how to do that. Then, you can +use kinit to get yourself tickets. For example: @example $ kinit -C FILE:$HOME/.certs/lha.crt,$HOME/.certs/lha.key lha@@EXAMPLE.ORG @@ -1241,10 +1474,10 @@ Credentials cache: FILE:/tmp/krb5cc_19100a Apr 20 02:08:08 Apr 20 12:08:08 krbtgt/EXAMPLE.ORG@@EXAMPLE.ORG @end example -Using PKCS11 it can look like this instead: +Using PKCS#11 it can look like this instead: @example -$ kinit -C PKCS11:/tmp/pkcs11/lib/soft-pkcs11.so lha@@EXAMPLE.ORG +$ kinit -C PKCS11:/usr/heimdal/lib/hx509.so lha@@EXAMPLE.ORG PIN code for SoftToken (slot): $ klist Credentials cache: API:4 @@ -1254,8 +1487,7 @@ Credentials cache: API:4 Mar 26 23:40:10 Mar 27 09:40:10 krbtgt/EXAMPLE.ORG@@EXAMPLE.ORG @end example - -Write about the kdc. +TODO: Write about the KDC. @section Configure the client @@ -1282,8 +1514,9 @@ Write about the kdc. pkinit_anchors = FILE:/path/to/trust-anchors.pem pkinit_pool = PKCS12:/path/to/useful-intermediate-certs.pfx pkinit_pool = FILE:/path/to/other-useful-intermediate-certs.pem - pkinit_allow_proxy_certificate = false + pkinit_allow_proxy_certificate = no pkinit_win2k_require_binding = yes + pkinit_principal_in_certificate = no @end example @subsection Using pki-mapping file @@ -1303,10 +1536,11 @@ lha@@EXAMPLE.ORG:CN=Love,UID=lha @subsection Generate certificates -First you need to generate a CA certificate, change the --subject to -something appropriate, the CA certificate will be valid for 10 years. +First, you need to generate a CA certificate. This example creates a +CA certificate that will be valid for 10 years. -You need to change --subject in the command below. +You need to change --subject in the command below to something +appropriate for your site. @example hxtool issue-certificate \ @@ -1322,7 +1556,8 @@ The KDC needs to have a certificate, so generate a certificate of the type ``pkinit-kdc'' and set the PK-INIT specifial SubjectAltName to the name of the krbtgt of the realm. -You need to change --subject and --pk-init-principal in the command below. +You need to change --subject and --pk-init-principal in the command +below to something appropriate for your site. @example hxtool issue-certificate \ @@ -1334,12 +1569,14 @@ hxtool issue-certificate \ --certificate="FILE:kdc.pem" @end example -The users also needs to have a certificate, so generate a certificate -of the type ``pkinit-client''. The client doesn't need to have the PK-INIT -SubjectAltName set, you can have the Subject DN in the ACL file -(pki-mapping) instead. +The users also needs to have certificates. For your first client, +generate a certificate of type ``pkinit-client''. The client doesn't +need to have the PK-INIT SubjectAltName set; you can have the Subject +DN in the ACL file (pki-mapping) instead. -You need to change --subject and --pk-init-principal in the command below. +You need to change --subject and --pk-init-principal in the command +below to something appropriate for your site. You can omit +--pk-init-principal if you're going to use the ACL file instead. @example hxtool issue-certificate \ @@ -1353,9 +1590,10 @@ hxtool issue-certificate \ @subsection Validate the certificate -hxtool also contains a tool that will validate certificates according to -rules from the PKIX document. These checks are not complete, but a good test -to check if you got all of the basic bits right in your certificates. +hxtool also contains a tool that will validate certificates according +to rules from the PKIX document. These checks are not complete, but +they provide a good test of whether you got all of the basic bits +right in your certificates. @example hxtool validate FILE:user.pem @@ -1368,7 +1606,7 @@ certificates using OpenSSL (or CA software based on OpenSSL). @subsection Using OpenSSL to create certificates with krb5PrincipalName -To make OpenSSL create certificates with krb5PrincipalName use +To make OpenSSL create certificates with krb5PrincipalName, use an @file{openssl.cnf} as described below. To see a complete example of creating client and KDC certificates, see the test-data generation script @file{lib/hx509/data/gen-req.sh} in the source-tree. The @@ -1395,7 +1633,7 @@ princ1 = GeneralString:userid @end example -Command usage +Command usage: @example openssl x509 -extensions user_certificate @@ -1425,9 +1663,9 @@ Clients using a Windows KDC with PK-INIT need configuration since windows uses pre-standard format and this can't be autodetected. The pkinit_win2k_require_binding option requires the reply for the KDC -to be of the new, secure, type that binds the request to reply. Before -clients should fake the reply from the KDC. To use this option you -have to apply a fix from Microsoft. +to be of the new, secure, type that binds the request to +reply. Before, clients could fake the reply from the KDC. To use this +option you have to apply a fix from Microsoft. @example [realms] @@ -1440,16 +1678,32 @@ have to apply a fix from Microsoft. @subsection Certificates The client certificates need to have the extended keyusage ``Microsoft -Smartcardlogin'' (openssl have the oid shortname msSmartcardLogin). +Smartcardlogin'' (openssl has the OID shortname msSmartcardLogin). See Microsoft Knowledge Base Article - 281245 ``Guidelines for Enabling Smart Card Logon with Third-Party Certification Authorities'' for a -more extensive description of how set setup an external CA to it -includes all information that will make a Windows KDC happy. +more extensive description of how set setup an external CA so that it +includes all the information required to make a Windows KDC happy. @subsection Configure Windows 2000 CA -To enable Microsoft Smartcardlogin> for certificates in your Windows -2000 CA, you want to look at Microsoft Knowledge Base Article - -313274 ``HOW TO: Configure a Certification Authority to Issue -Smart Card Certificates in Windows''. +To enable Microsoft Smartcardlogin for certificates in your Windows +2000 CA, you want to look at Microsoft Knowledge Base Article - 313274 +``HOW TO: Configure a Certification Authority to Issue Smart Card +Certificates in Windows''. + +@node Debugging Kerberos problems, , Setting up PK-INIT, Setting up a realm +@section Debugging Kerberos problems + +To debug Kerberos client and server problems you can enable debug +traceing by adding the following to @file{/etc/krb5,conf}. Note that the +trace logging is sparse at the moment, but will continue to improve. + +@example +[logging] + libkrb5 = 0-/SYSLOG: +@end example + + + + diff --git a/crypto/heimdal/doc/vars.texi b/crypto/heimdal/doc/vars.texi index c2e6671a68e..8b1158af637 100755 --- a/crypto/heimdal/doc/vars.texi +++ b/crypto/heimdal/doc/vars.texi @@ -4,4 +4,4 @@ @c @set dbdir /var/heimdal -@set PACKAGE_VERSION 1.1 +@set PACKAGE_VERSION 1.5.1 diff --git a/crypto/heimdal/doc/whatis.texi b/crypto/heimdal/doc/whatis.texi index 307c5a20877..8c1f45ddb51 100644 --- a/crypto/heimdal/doc/whatis.texi +++ b/crypto/heimdal/doc/whatis.texi @@ -1,4 +1,4 @@ -@c $Id: whatis.texi 16769 2006-02-27 12:26:50Z joda $ +@c $Id$ @node What is Kerberos?, Building and Installing, Introduction, Top @chapter What is Kerberos? diff --git a/crypto/heimdal/doc/win2k.texi b/crypto/heimdal/doc/win2k.texi index 7bc9b2a30b8..0452b4d80f2 100644 --- a/crypto/heimdal/doc/win2k.texi +++ b/crypto/heimdal/doc/win2k.texi @@ -1,41 +1,36 @@ -@c $Id: win2k.texi 21991 2007-10-19 13:28:07Z lha $ +@c $Id$ -@node Windows 2000 compatability, Programming with Kerberos, Kerberos 4 issues, Top + +@node Windows compatibility, Programming with Kerberos, Kerberos 4 issues, Top @comment node-name, next, previous, up -@chapter Windows 2000 compatability +@chapter Windows compatibility -Windows 2000 (formerly known as Windows NT 5) from Microsoft implements -Kerberos 5. Their implementation, however, has some quirks, -peculiarities, and bugs. This chapter is a short summary of the things -that we have found out while trying to test Heimdal against Windows -2000. Another big problem with the Kerberos implementation in Windows -2000 is that the available documentation is more focused on getting +Microsoft Windows, starting from version 2000 (formerly known as Windows NT 5), implements Kerberos 5. Their implementation, however, has some quirks, +peculiarities, and bugs. This chapter is a short summary of the compatibility +issues between Heimdal and various Windows versions. + +The big problem with the Kerberos implementation in Windows +is that the available documentation is more focused on getting things to work rather than how they work, and not that useful in figuring -out how things really work. - -This information should apply to Heimdal @value{VERSION} and Windows -2000 Professional. It's of course subject to change all the time and +out how things really work. It's of course subject to change all the time and mostly consists of our not so inspired guesses. Hopefully it's still somewhat useful. @menu -* Configuring Windows 2000 to use a Heimdal KDC:: -* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC:: +* Configuring Windows to use a Heimdal KDC:: +* Inter-Realm keys (trust) between Windows and a Heimdal KDC:: * Create account mappings:: * Encryption types:: * Authorisation data:: * Quirks of Windows 2000 KDC:: -* Useful links when reading about the Windows 2000:: +* Useful links when reading about the Windows:: @end menu -@node Configuring Windows 2000 to use a Heimdal KDC, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability, Windows 2000 compatability +@node Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heimdal KDC, Windows compatibility, Windows compatibility @comment node-name, next, precious, up -@section Configuring Windows 2000 to use a Heimdal KDC +@section Configuring Windows to use a Heimdal KDC -You need the command line program called @command{ksetup.exe} which is available -in the file @file{SUPPORT/TOOLS/SUPPORT.CAB} on the Windows 2000 Professional -CD-ROM. This program is used to configure the Kerberos settings on a -Workstation. +You need the command line program called @command{ksetup.exe}. This program comes with the Windows Support Tools, available from either the installation CD-ROM (@file{SUPPORT/TOOLS/SUPPORT.CAB}), or from Microsoft web site. Starting from Windows 2008, it is already installed. This program is used to configure the Kerberos settings on a Workstation. @command{Ksetup} store the domain information under the registry key: @code{HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains}. @@ -88,13 +83,13 @@ The Windows machine will now map any user to the corresponding principal, for example @samp{nisse} to the principal @samp{nisse@@MY.REALM}. (This is most likely what you want.) -@node Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Create account mappings, Configuring Windows 2000 to use a Heimdal KDC, Windows 2000 compatability +@node Inter-Realm keys (trust) between Windows and a Heimdal KDC, Create account mappings, Configuring Windows to use a Heimdal KDC, Windows compatibility @comment node-name, next, precious, up -@section Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC +@section Inter-Realm keys (trust) between Windows and a Heimdal KDC See also the Step-by-Step guide from Microsoft, referenced below. -Install Windows 2000, and create a new controller (Active Directory +Install Windows, and create a new controller (Active Directory Server) for the domain. By default the trust will be non-transitive. This means that only users @@ -102,8 +97,8 @@ directly from the trusted domain may authenticate. This can be changed to transitive by using the @command{netdom.exe} tool. @command{netdom.exe} can also be used to add the trust between two realms. -You need to tell Windows 2000 on what hosts to find the KDCs for the -non-Windows realm with @command{ksetup}, see @xref{Configuring Windows 2000 +You need to tell Windows on what hosts to find the KDCs for the +non-Windows realm with @command{ksetup}, see @xref{Configuring Windows to use a Heimdal KDC}. This needs to be done on all computers that want enable cross-realm @@ -127,33 +122,37 @@ Management tool, you do it like this: netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword @end example -You also need to add the inter-realm keys to the Heimdal KDC. Make sure -you have matching encryption types (DES, Arcfour and AES in case of Longhorn) +You also need to add the inter-realm keys to the Heimdal KDC. But take +care to the encryption types and salting used for those keys. There should be +no encryption type stronger than the one configured on Windows side for this +relationship, itself limited to the ones supported by this specific version of +Windows, nor any Kerberos 4 salted hashes, as Windows does not seem to +understand them. Otherwise, the trust will not works. -Another issue is salting. Since Windows 2000 does not seem to -understand Kerberos 4 salted hashes you might need to turn off anything -similar to the following if you have it, at least while adding the -principals that are going to share keys with Windows 2000. +Here are the version-specific needed information: +@enumerate +@item Windows 2000: maximum encryption type is DES +@item Windows 2003: maximum encryption type is DES +@item Windows 2003RC2: maximum encryption type is RC4, relationship defaults to DES +@item Windows 2008: maximum encryption type is AES, relationship defaults to RC4 +@end enumerate + +For Windows 2003RC2, to change the trust encryption type, you have to use the +@command{ktpass}, from the Windows 2003 Resource kit *service pack2*, available +from Microsoft web site. @example -[kadmin] - default_keys = v5 v4 +C:> ktpass /MITRealmName UNIX.EXAMPLE.COM /TrustEncryp RC4 @end example -So remove v4 from default keys. - -What you probably want to use is this: +For Windows 2008, the same operation can be done with the @command{ksetup}, installed by default. @example -[kadmin] - default_keys = des-cbc-crc:pw-salt arcfour-hmac-md5:pw-salt +C:> ksetup /SetEncTypeAttre EXAMPLE.COM AES256-SHA1 @end example -@c XXX check this -@c It is definitely not supported in base 2003. I haven't been able to -@c get SP1 installed here, but it is supposed to work in that. - -Once that is also done, you can add the required inter-realm keys: +Once the relationship is correctly configured, you can add the required +inter-realm keys, using heimdal default encryption types: @example kadmin add krbtgt/NT.REALM.EXAMPLE.COM@@EXAMPLE.COM @@ -162,11 +161,20 @@ kadmin add krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM Use the same passwords for both keys. +And if needed, to remove unsupported encryptions, such as the following ones for a Windows 2003RC2 server. + +@example +kadmin del_enctype krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM aes256-cts-hmac-sha1-96 +kadmin del_enctype krbtgt/REALM.EXAMPLE.COM@@NT.EXAMPLE.COM des3-cbc-sha1 +kadmin del_enctype krbtgt/NT.EXAMPLE.COM@@EXAMPLE.COM aes256-cts-hmac-sha1-96 +kadmin del_enctype krbtgt/NT.EXAMPLE.COM@@EXAMPLE.COM des3-cbc-sha1 +@end example + Do not forget to reboot before trying the new realm-trust (after running @command{ksetup}). It looks like it might work, but packets are never sent to the non-Windows KDC. -@node Create account mappings, Encryption types, Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC, Windows 2000 compatability +@node Create account mappings, Encryption types, Inter-Realm keys (trust) between Windows and a Heimdal KDC, Windows compatibility @comment node-name, next, precious, up @section Create account mappings @@ -183,7 +191,7 @@ This adds @samp{authorizationNames} entry to the users LDAP entry to the Active Directory LDAP catalog. When you create users by script you can add this entry instead. -@node Encryption types, Authorisation data, Create account mappings, Windows 2000 compatability +@node Encryption types, Authorisation data, Create account mappings, Windows compatibility @comment node-name, next, previous, up @section Encryption types @@ -195,7 +203,7 @@ MD4 and DES keys. Users that are converted from a NT4 database, will only have MD4 passwords and will need a password change to get a DES key. -@node Authorisation data, Quirks of Windows 2000 KDC, Encryption types, Windows 2000 compatability +@node Authorisation data, Quirks of Windows 2000 KDC, Encryption types, Windows compatibility @comment node-name, next, previous, up @section Authorisation data @@ -223,7 +231,7 @@ the file. analysing the data. @end enumerate -@node Quirks of Windows 2000 KDC, Useful links when reading about the Windows 2000, Authorisation data, Windows 2000 compatability +@node Quirks of Windows 2000 KDC, Useful links when reading about the Windows, Authorisation data, Windows compatibility @comment node-name, next, previous, up @section Quirks of Windows 2000 KDC @@ -255,9 +263,9 @@ You should also add the following entries to the @file{krb5.conf} file: These configuration options will make sure that no checksums of the unsupported types are generated. -@node Useful links when reading about the Windows 2000, , Quirks of Windows 2000 KDC, Windows 2000 compatability +@node Useful links when reading about the Windows, , Quirks of Windows 2000 KDC, Windows compatibility @comment node-name, next, previous, up -@section Useful links when reading about the Windows 2000 +@section Useful links when reading about the Windows See also our paper presented at the 2001 Usenix Annual Technical Conference, available in the proceedings or at @@ -272,7 +280,7 @@ short list of the interesting documents that we have managed to find. @uref{http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx}. Kerberos GSS-API (in Windows-eze SSPI), Windows as a client in a non-Windows KDC realm, adding unix clients to a Windows 2000 KDC, and -adding cross-realm trust (@pxref{Inter-Realm keys (trust) between Windows 2000 +adding cross-realm trust (@pxref{Inter-Realm keys (trust) between Windows and a Heimdal KDC}). @item Windows 2000 Kerberos Authentication: diff --git a/crypto/heimdal/doc/wind.din b/crypto/heimdal/doc/wind.din new file mode 100644 index 00000000000..da36dd1b768 --- /dev/null +++ b/crypto/heimdal/doc/wind.din @@ -0,0 +1,15 @@ +# Doxyfile 1.5.3 + +PROJECT_NAME = Heimdal wind library +PROJECT_NUMBER = @PACKAGE_VERSION@ +OUTPUT_DIRECTORY = @srcdir@/doxyout/wind +INPUT = @srcdir@/../lib/wind + +WARN_IF_UNDOCUMENTED = YES + +PERL_PATH = /usr/bin/perl + +HTML_HEADER = "@srcdir@/header.html" +HTML_FOOTER = "@srcdir@/footer.html" + +@INCLUDE = "@srcdir@/doxytmpl.dxy" diff --git a/crypto/heimdal/etc/Makefile.am b/crypto/heimdal/etc/Makefile.am index d5675d57a2e..6736bbc8f27 100644 --- a/crypto/heimdal/etc/Makefile.am +++ b/crypto/heimdal/etc/Makefile.am @@ -1,5 +1,5 @@ -# $Id: Makefile.am 20565 2007-04-27 13:52:30Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -EXTRA_DIST = services.append +EXTRA_DIST = NTMakefile services.append diff --git a/crypto/heimdal/etc/Makefile.in b/crypto/heimdal/etc/Makefile.in index fef8bd2fa2d..5b0a8126923 100644 --- a/crypto/heimdal/etc/Makefile.in +++ b/crypto/heimdal/etc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 20565 2007-04-27 13:52:30Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = etc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -97,49 +101,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -163,10 +176,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -183,6 +197,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -198,31 +214,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -237,10 +267,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -281,47 +313,52 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -EXTRA_DIST = services.append +EXTRA_DIST = NTMakefile services.append all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps etc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps etc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign etc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign etc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -339,6 +376,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -368,13 +406,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -406,6 +448,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -424,6 +467,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -431,23 +476,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -469,9 +522,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool dist-hook distclean \ @@ -555,6 +607,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -640,7 +695,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -653,6 +708,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/etc/services.append b/crypto/heimdal/etc/services.append index 2eff2f7a34d..f63f2af9718 100644 --- a/crypto/heimdal/etc/services.append +++ b/crypto/heimdal/etc/services.append @@ -1,5 +1,5 @@ # -# $Id: services.append 10452 2001-08-08 15:48:37Z assar $ +# $Id$ # # Kerberos services # diff --git a/crypto/heimdal/include/Makefile.am b/crypto/heimdal/include/Makefile.am index a63c227d44a..c9425c8e5fc 100644 --- a/crypto/heimdal/include/Makefile.am +++ b/crypto/heimdal/include/Makefile.am @@ -1,85 +1,105 @@ -# $Id: Makefile.am 22396 2008-01-01 19:35:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common SUBDIRS = kadm5 hcrypto gssapi -noinst_PROGRAMS = bits make_crypto +noinst_PROGRAMS = bits CHECK_LOCAL = no-check-local AM_CPPFLAGS += -DHOST=\"$(CANONICAL_HOST)\" nodist_include_HEADERS = krb5-types.h -nodist_noinst_HEADERS = crypto-headers.h + +noinst_HEADERS = heim_threads.h crypto-headers.h + +EXTRA_DIST = NTMakefile krb5-types.cross + +if !CROSS_COMPILE krb5-types.h: bits$(EXEEXT) ./bits$(EXEEXT) krb5-types.h -crypto-headers.h: make_crypto$(EXEEXT) - ./make_crypto$(EXEEXT) crypto-headers.h +else + +krb5-types.h: krb5-types.cross + cp $(srcdir)/krb5-types.cross krb5-types.h + +endif CLEANFILES = \ - cms_asn1.h \ - der-protos.h \ - digest_asn1.h \ - hdb-protos.h \ - heim_asn1.h \ - heim_threads.h \ - hex.h \ - hx509-protos.h \ - hx509.h \ - hx509_err.h \ - kx509_asn1.h \ - kx509_err.h \ - k524_err.h \ - kdc-protos.h \ - kdc.h \ - krb5_asn1.h \ - krb5_ccapi.h \ - parse_bytes.h \ - pkcs12_asn1.h \ - pkcs8_asn1.h \ - pkcs9_asn1.h \ - pkinit_asn1.h \ - rfc2459_asn1.h \ - rtbl.h \ - test-mem.h \ - vers.h \ - vis.h \ asn1.h \ + asn1-common.h \ + asn1-template.h \ asn1_err.h \ base64.h \ + cms_asn1.h \ + crmf_asn1.h \ com_err.h \ com_right.h \ - crypto-headers.h \ + ccache_plugin.h \ + der-protos.h \ + der-private.h \ der.h \ + digest_asn1.h \ editline.h \ err.h \ getarg.h \ glob.h \ gssapi.h \ + hdb-protos.h \ hdb.h \ hdb_asn1.h \ hdb_err.h \ + heim-ipc.h \ + heim_asn1.h \ heim_err.h \ - heimntlm.h \ + heimbase.h \ heimntlm-protos.h \ + heimntlm.h \ + hex.h \ + hx509-protos.h \ + hx509.h \ + hx509_err.h \ + k524_err.h \ kafs.h \ - krb_err.h \ - krb5-protos.h \ + kdc-protos.h \ + kdc.h \ krb5-private.h \ + krb5-protos.h \ krb5-types.h \ krb5.h \ + krb5_asn1.h \ + krb5_ccapi.h \ krb5_err.h \ + krb_err.h \ + kx509_asn1.h \ + kx509_err.h \ + locate_plugin.h \ + ntlm_err.h \ + ocsp_asn1.h \ otp.h \ + parse_bytes.h \ parse_time.h \ parse_units.h \ + pkcs10_asn1.h \ + pkcs12_asn1.h \ + pkcs8_asn1.h \ + pkcs9_asn1.h \ + pkinit_asn1.h \ resolve.h \ + rfc2459_asn1.h \ roken-common.h \ roken.h \ + rtbl.h \ + send_to_kdc_plugin.h \ sl.h \ + test-mem.h \ + vers.h \ + vis.h \ + wind.h \ + wind_err.h \ windc_plugin.h \ - locate_plugin.h \ xdbm.h DISTCLEANFILES = \ diff --git a/crypto/heimdal/include/Makefile.in b/crypto/heimdal/include/Makefile.in index 38227441941..2fd7d70b999 100644 --- a/crypto/heimdal/include/Makefile.in +++ b/crypto/heimdal/include/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,17 +15,18 @@ @SET_MAKE@ -# $Id: Makefile.am 22396 2008-01-01 19:35:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -39,14 +41,15 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(srcdir)/config.h.in $(top_srcdir)/Makefile.am.common \ +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common -noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT) +noinst_PROGRAMS = bits$(EXEEXT) subdir = include ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -61,7 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -75,9 +78,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -85,22 +91,20 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) bits_SOURCES = bits.c bits_OBJECTS = bits.$(OBJEXT) bits_LDADD = $(LDADD) -make_crypto_SOURCES = make_crypto.c -make_crypto_OBJECTS = make_crypto.$(OBJEXT) -make_crypto_LDADD = $(LDADD) -DEFAULT_INCLUDES = -I.@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -110,8 +114,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = bits.c make_crypto.c -DIST_SOURCES = bits.c make_crypto.c +SOURCES = bits.c +DIST_SOURCES = bits.c RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ @@ -124,63 +128,114 @@ am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(includedir)" -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -HEADERS = $(nodist_include_HEADERS) $(nodist_noinst_HEADERS) +HEADERS = $(nodist_include_HEADERS) $(noinst_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -204,10 +259,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -224,6 +280,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -239,31 +297,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -278,10 +350,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -322,97 +396,113 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -DHOST=\"$(CANONICAL_HOST)\" +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -DHOST=\"$(CANONICAL_HOST)\" @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la SUBDIRS = kadm5 hcrypto gssapi CHECK_LOCAL = no-check-local nodist_include_HEADERS = krb5-types.h -nodist_noinst_HEADERS = crypto-headers.h +noinst_HEADERS = heim_threads.h crypto-headers.h +EXTRA_DIST = NTMakefile krb5-types.cross CLEANFILES = \ - cms_asn1.h \ - der-protos.h \ - digest_asn1.h \ - hdb-protos.h \ - heim_asn1.h \ - heim_threads.h \ - hex.h \ - hx509-protos.h \ - hx509.h \ - hx509_err.h \ - kx509_asn1.h \ - kx509_err.h \ - k524_err.h \ - kdc-protos.h \ - kdc.h \ - krb5_asn1.h \ - krb5_ccapi.h \ - parse_bytes.h \ - pkcs12_asn1.h \ - pkcs8_asn1.h \ - pkcs9_asn1.h \ - pkinit_asn1.h \ - rfc2459_asn1.h \ - rtbl.h \ - test-mem.h \ - vers.h \ - vis.h \ asn1.h \ + asn1-common.h \ + asn1-template.h \ asn1_err.h \ base64.h \ + cms_asn1.h \ + crmf_asn1.h \ com_err.h \ com_right.h \ - crypto-headers.h \ + ccache_plugin.h \ + der-protos.h \ + der-private.h \ der.h \ + digest_asn1.h \ editline.h \ err.h \ getarg.h \ glob.h \ gssapi.h \ + hdb-protos.h \ hdb.h \ hdb_asn1.h \ hdb_err.h \ + heim-ipc.h \ + heim_asn1.h \ heim_err.h \ - heimntlm.h \ + heimbase.h \ heimntlm-protos.h \ + heimntlm.h \ + hex.h \ + hx509-protos.h \ + hx509.h \ + hx509_err.h \ + k524_err.h \ kafs.h \ - krb_err.h \ - krb5-protos.h \ + kdc-protos.h \ + kdc.h \ krb5-private.h \ + krb5-protos.h \ krb5-types.h \ krb5.h \ + krb5_asn1.h \ + krb5_ccapi.h \ krb5_err.h \ + krb_err.h \ + kx509_asn1.h \ + kx509_err.h \ + locate_plugin.h \ + ntlm_err.h \ + ocsp_asn1.h \ otp.h \ + parse_bytes.h \ parse_time.h \ parse_units.h \ + pkcs10_asn1.h \ + pkcs12_asn1.h \ + pkcs8_asn1.h \ + pkcs9_asn1.h \ + pkinit_asn1.h \ resolve.h \ + rfc2459_asn1.h \ roken-common.h \ roken.h \ + rtbl.h \ + send_to_kdc_plugin.h \ sl.h \ + test-mem.h \ + vers.h \ + vis.h \ + wind.h \ + wind_err.h \ windc_plugin.h \ - locate_plugin.h \ xdbm.h DISTCLEANFILES = \ @@ -423,19 +513,19 @@ all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps include/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign include/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -453,6 +543,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): config.h: stamp-h1 @if test ! -f $@; then \ @@ -464,7 +555,7 @@ stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status include/config.h $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_srcdir) && $(AUTOHEADER) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ @@ -472,17 +563,16 @@ distclean-hdr: -rm -f config.h stamp-h1 clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES) @rm -f bits$(EXEEXT) $(LINK) $(bits_OBJECTS) $(bits_LDADD) $(LIBS) -make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES) - @rm -f make_crypto$(EXEEXT) - $(LINK) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -490,14 +580,28 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bits.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -507,20 +611,23 @@ clean-libtool: install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. @@ -529,7 +636,7 @@ uninstall-nodist_includeHEADERS: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -546,7 +653,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -554,7 +661,7 @@ $(RECURSIVE_TARGETS): fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -580,16 +687,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -597,14 +704,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -616,39 +723,43 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -669,29 +780,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -729,6 +855,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @@ -740,6 +867,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-recursive + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-hdr distclean-tags @@ -750,6 +878,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -757,26 +887,35 @@ info-am: install-data-am: install-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -796,9 +935,9 @@ ps-am: uninstall-am: uninstall-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check-am \ + ctags-recursive install-am install-data-am install-exec-am \ + install-strip tags-recursive uninstall-am .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local check check-am check-local clean \ @@ -887,6 +1026,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -972,7 +1114,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -986,11 +1128,12 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -krb5-types.h: bits$(EXEEXT) - ./bits$(EXEEXT) krb5-types.h +@CROSS_COMPILE_FALSE@krb5-types.h: bits$(EXEEXT) +@CROSS_COMPILE_FALSE@ ./bits$(EXEEXT) krb5-types.h + +@CROSS_COMPILE_TRUE@krb5-types.h: krb5-types.cross +@CROSS_COMPILE_TRUE@ cp $(srcdir)/krb5-types.cross krb5-types.h -crypto-headers.h: make_crypto$(EXEEXT) - ./make_crypto$(EXEEXT) crypto-headers.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/include/bits.c b/crypto/heimdal/include/bits.c index 3fdaee420bf..7e76828b4e9 100644 --- a/crypto/heimdal/include/bits.c +++ b/crypto/heimdal/include/bits.c @@ -1,44 +1,50 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include -RCSID("$Id: bits.c 18703 2006-10-20 20:33:58Z lha $"); +RCSID("$Id$"); #endif #include #include #include #include +#ifdef WIN32 +#include +#include +#endif #define BITSIZE(TYPE) \ { \ @@ -46,7 +52,7 @@ RCSID("$Id: bits.c 18703 2006-10-20 20:33:58Z lha $"); char tmp[128], tmp2[128]; \ while(x){ x <<= 1; b++; if(x < zero) pre=""; } \ if(b >= len){ \ - int tabs; \ + size_t tabs; \ sprintf(tmp, "%sint%d_t" , pre, len); \ sprintf(tmp2, "typedef %s %s;", #TYPE, tmp); \ tabs = 5 - strlen(tmp2) / 8; \ @@ -113,7 +119,7 @@ int main(int argc, char **argv) FILE *f; int flag; const char *fn, *hb; - + if (argc > 1 && strcmp(argv[1], "--version") == 0) { printf("some version"); return 0; @@ -136,8 +142,8 @@ int main(int argc, char **argv) f = fopen(argv[1], "w"); } fprintf(f, "/* %s -- this file was generated for %s by\n", fn, HOST); - fprintf(f, " %*s %s */\n\n", (int)strlen(fn), "", - "$Id: bits.c 18703 2006-10-20 20:33:58Z lha $"); + fprintf(f, " %*s %s */\n\n", (int)strlen(fn), "", + "$Id$"); fprintf(f, "#ifndef %s\n", hb); fprintf(f, "#define %s\n", hb); fprintf(f, "\n"); @@ -157,7 +163,12 @@ int main(int argc, char **argv) fprintf(f, "#include \n"); #endif #ifdef HAVE_SOCKLEN_T +#ifndef WIN32 fprintf(f, "#include \n"); +#else + fprintf(f, "#include \n"); + fprintf(f, "#include \n"); +#endif #endif fprintf(f, "\n"); @@ -234,7 +245,53 @@ int main(int argc, char **argv) fprintf(f, "typedef int krb5_ssize_t;\n"); #endif fprintf(f, "\n"); + +#if defined(_WIN32) + fprintf(f, "typedef SOCKET krb5_socket_t;\n"); +#else + fprintf(f, "typedef int krb5_socket_t;\n"); +#endif + fprintf(f, "\n"); + #endif /* KRB5 */ + + fprintf(f, "#ifndef HEIMDAL_DEPRECATED\n"); + fprintf(f, "#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))\n"); + fprintf(f, "#define HEIMDAL_DEPRECATED __attribute__((deprecated))\n"); + fprintf(f, "#elif defined(_MSC_VER) && (_MSC_VER>1200)\n"); + fprintf(f, "#define HEIMDAL_DEPRECATED __declspec(deprecated)\n"); + fprintf(f, "#else\n"); + fprintf(f, "#define HEIMDAL_DEPRECATED\n"); + fprintf(f, "#endif\n"); + fprintf(f, "#endif\n"); + + fprintf(f, "#ifndef HEIMDAL_PRINTF_ATTRIBUTE\n"); + fprintf(f, "#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))\n"); + fprintf(f, "#define HEIMDAL_PRINTF_ATTRIBUTE(x) __attribute__((format x))\n"); + fprintf(f, "#else\n"); + fprintf(f, "#define HEIMDAL_PRINTF_ATTRIBUTE(x)\n"); + fprintf(f, "#endif\n"); + fprintf(f, "#endif\n"); + + fprintf(f, "#ifndef HEIMDAL_NORETURN_ATTRIBUTE\n"); + fprintf(f, "#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))\n"); + fprintf(f, "#define HEIMDAL_NORETURN_ATTRIBUTE __attribute__((noreturn))\n"); + fprintf(f, "#else\n"); + fprintf(f, "#define HEIMDAL_NORETURN_ATTRIBUTE\n"); + fprintf(f, "#endif\n"); + fprintf(f, "#endif\n"); + + fprintf(f, "#ifndef HEIMDAL_UNUSED_ATTRIBUTE\n"); + fprintf(f, "#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 )))\n"); + fprintf(f, "#define HEIMDAL_UNUSED_ATTRIBUTE __attribute__((unused))\n"); + fprintf(f, "#else\n"); + fprintf(f, "#define HEIMDAL_UNUSED_ATTRIBUTE\n"); + fprintf(f, "#endif\n"); + fprintf(f, "#endif\n"); + fprintf(f, "#endif /* %s */\n", hb); + + if (f != stdout) + fclose(f); return 0; } diff --git a/crypto/heimdal/include/config.h.in b/crypto/heimdal/include/config.h.in index 50cf5b19001..a2e7daeebc0 100644 --- a/crypto/heimdal/include/config.h.in +++ b/crypto/heimdal/include/config.h.in @@ -1,4 +1,4 @@ -/* include/config.h.in. Generated from configure.in by autoheader. */ +/* include/config.h.in. Generated from configure.ac by autoheader. */ #ifndef RCSID #define RCSID(msg) \ @@ -12,22 +12,45 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #ifdef BUILD_KRB5_LIB -#ifndef KRB5_LIB_FUNCTION +#ifndef KRB5_LIB #ifdef _WIN32_ -#define KRB5_LIB_FUNCTION _export _stdcall +#define KRB5_LIB_FUNCTION __declspec(dllexport) +#define KRB5_LIB_CALL __stdcall +#define KRB5_LIB_VARIABLE __declspec(dllexport) #else #define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL +#define KRB5_LIB_VARIABLE #endif #endif #endif #ifdef BUILD_ROKEN_LIB -#ifndef ROKEN_LIB_FUNCTION +#ifndef ROKEN_LIB #ifdef _WIN32_ -#define ROKEN_LIB_FUNCTION _export _stdcall +#define ROKEN_LIB_FUNCTION __declspec(dllexport) +#define ROKEN_LIB_CALL __stdcall +#define ROKEN_LIB_VARIABLE __declspec(dllexport) #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#define ROKEN_LIB_VARIABLE +#endif +#endif +#endif + + +#ifdef BUILD_GSSAPI_LIB +#ifndef GSSAPI_LIB +#ifdef _WIN32_ +#define GSSAPI_LIB_FUNCTION __declspec(dllexport) +#define GSSAPI_LIB_CALL __stdcall +#define GSSAPI_LIB_VARIABLE __declspec(dllexport) +#else +#define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_CALL +#define GSSAPI_LIB_VARIABLE #endif #endif #endif @@ -51,6 +74,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define this to enable diagnostics in telnet. */ #undef DIAGNOSTICS +/* Define to enable DIGEST. */ +#undef DIGEST + /* Define if want to use the weak AFS string to key functions. */ #undef ENABLE_AFS_STRING_TO_KEY @@ -100,6 +126,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_TELNET_H +/* Define to 1 if you have the header file. */ +#undef HAVE_ASL_H + /* Define to 1 if you have the `asnprintf' function. */ #undef HAVE_ASNPRINTF @@ -109,6 +138,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `atexit' function. */ #undef HAVE_ATEXIT +/* Define to 1 if you have the `backtrace' function. */ +#undef HAVE_BACKTRACE + /* Define to 1 if you have the header file. */ #undef HAVE_BIND_BITYPES_H @@ -124,6 +156,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_CAPABILITY_H +/* whether capng is available for privilege reduction */ +#undef HAVE_CAPNG + /* Define to 1 if you have the `cap_set_proc' function. */ #undef HAVE_CAP_SET_PROC @@ -136,6 +171,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `closefrom'. */ #undef HAVE_CLOSEFROM +/* Define to 1 if you have the header file. */ +#undef HAVE_COMMONCRYPTO_COMMONCRYPTOR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_COMMONCRYPTO_COMMONDIGEST_H + /* Define to 1 if you have the header file. */ #undef HAVE_CONFIG_H @@ -157,7 +198,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if you have a berkeley db1/2 library */ #undef HAVE_DB1 -/* define if you have a berkeley db3/4 library */ +/* define if you have a berkeley db3/4/5 library */ #undef HAVE_DB3 /* Define to 1 if you have the header file. */ @@ -166,6 +207,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_DB4_DB_H +/* Define to 1 if you have the header file. */ +#undef HAVE_DB5_DB_H + +/* Define if you have user supplied header location */ +#undef HAVE_DBHEADER + /* Define to 1 if you have the `dbm_firstkey' function. */ #undef HAVE_DBM_FIRSTKEY @@ -175,9 +222,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `dbopen' function. */ #undef HAVE_DBOPEN -/* Define to 1 if you have the header file. */ -#undef HAVE_DB_185_H - /* Define to 1 if you have the `db_create' function. */ #undef HAVE_DB_CREATE @@ -238,12 +282,30 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_DIRENT_H +/* have a dirfd function/macro */ +#undef HAVE_DIRFD + +/* Define if DIR has field dd_fd. */ +#undef HAVE_DIR_DD_FD + +/* Define to 1 if you have the `dispatch_async_f' function. */ +#undef HAVE_DISPATCH_ASYNC_F + +/* Define to 1 if you have the header file. */ +#undef HAVE_DISPATCH_DISPATCH_H + /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the `dlopen' function. */ #undef HAVE_DLOPEN +/* Define to 1 if you have the header file. */ +#undef HAVE_DNS_H + +/* Define to 1 if you have the `dns_search' function. */ +#undef HAVE_DNS_SEARCH + /* Define to 1 if you have the `dn_expand' function. */ #undef HAVE_DN_EXPAND @@ -253,9 +315,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `ecalloc'. */ #undef HAVE_ECALLOC -/* Define to 1 if you have the `el_init' function. */ -#undef HAVE_EL_INIT - /* Define if you have the function `emalloc'. */ #undef HAVE_EMALLOC @@ -277,6 +336,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `estrdup'. */ #undef HAVE_ESTRDUP +/* Define to 1 if you have the header file. */ +#undef HAVE_EXECINFO_H + /* Define if you have the function `fchown'. */ #undef HAVE_FCHOWN @@ -295,9 +357,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_FNMATCH_H -/* Define if el_init takes four arguments. */ -#undef HAVE_FOUR_VALUED_EL_INIT - /* Have -framework Security */ #undef HAVE_FRAMEWORK_SECURITY @@ -310,6 +369,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `gai_strerror' function. */ #undef HAVE_GAI_STRERROR +/* Define if os support gcd. */ +#undef HAVE_GCD + /* Define to 1 if you have the header file. */ #undef HAVE_GDBM_NDBM_H @@ -440,9 +502,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `initgroups'. */ #undef HAVE_INITGROUPS -/* Define to 1 if you have the `initstate' function. */ -#undef HAVE_INITSTATE - /* Define if you have the function `innetgr'. */ #undef HAVE_INNETGR @@ -485,6 +544,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `loadquery' function. */ #undef HAVE_LOADQUERY +/* Define to 1 if you have the header file. */ +#undef HAVE_LOCALE_H + /* Define if you have the function `localtime_r'. */ #undef HAVE_LOCALTIME_R @@ -554,12 +616,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_TCP_H -/* Define if you want to use Netinfo instead of krb5.conf. */ -#undef HAVE_NETINFO - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETINFO_NI_H - /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF_H @@ -617,6 +673,13 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have a readline compatible library. */ #undef HAVE_READLINE +/* Define to 1 if you have the + <[readline.h])[][]_AH_CHECK_HEADER([readline/readline.h]> header file. */ +#undef HAVE_READLINE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_READLINE_READLINE_H_ + /* Define if you have the function `readv'. */ #undef HAVE_READV @@ -647,6 +710,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if the system has the type `sa_family_t'. */ #undef HAVE_SA_FAMILY_T +/* Define if you want support for cache in sqlite. */ +#undef HAVE_SCC + +/* Define to 1 if you have the header file. */ +#undef HAVE_SEARCH_H + /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_MODULES_H @@ -704,9 +773,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `setsockopt' function. */ #undef HAVE_SETSOCKOPT -/* Define to 1 if you have the `setstate' function. */ -#undef HAVE_SETSTATE - /* Define to 1 if you have the `setutent' function. */ #undef HAVE_SETUTENT @@ -737,6 +803,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if the system has the type `socklen_t'. */ #undef HAVE_SOCKLEN_T +/* Define if you want support for sqlite in Heimdal. */ +#undef HAVE_SQLITE3 + /* Define to 1 if the system has the type `ssize_t'. */ #undef HAVE_SSIZE_T @@ -758,6 +827,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `strerror'. */ #undef HAVE_STRERROR +/* Define if you have the function strerror_r. */ +#undef HAVE_STRERROR_R + /* Define if you have the function `strftime'. */ #undef HAVE_STRFTIME @@ -803,6 +875,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `strsvis' function. */ #undef HAVE_STRSVIS +/* Define to 1 if you have the `strsvisx' function. */ +#undef HAVE_STRSVISX + /* Define if you have the function `strtok_r'. */ #undef HAVE_STRTOK_R @@ -839,9 +914,30 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if struct utmpx has field ut_exit. */ #undef HAVE_STRUCT_UTMPX_UT_EXIT +/* Define if struct utmpx has field ut_host. */ +#undef HAVE_STRUCT_UTMPX_UT_HOST + +/* Define if struct utmpx has field ut_id. */ +#undef HAVE_STRUCT_UTMPX_UT_ID + +/* Define if struct utmpx has field ut_line. */ +#undef HAVE_STRUCT_UTMPX_UT_LINE + +/* Define if struct utmpx has field ut_pid. */ +#undef HAVE_STRUCT_UTMPX_UT_PID + /* Define if struct utmpx has field ut_syslen. */ #undef HAVE_STRUCT_UTMPX_UT_SYSLEN +/* Define if struct utmpx has field ut_tv. */ +#undef HAVE_STRUCT_UTMPX_UT_TV + +/* Define if struct utmpx has field ut_type. */ +#undef HAVE_STRUCT_UTMPX_UT_TYPE + +/* Define if struct utmpx has field ut_user. */ +#undef HAVE_STRUCT_UTMPX_UT_USER + /* Define if struct utmp has field ut_addr. */ #undef HAVE_STRUCT_UTMP_UT_ADDR @@ -1001,6 +1097,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_SYS_WAIT_H +/* Define to 1 if you have the `tdelete' function. */ +#undef HAVE_TDELETE + /* Define to 1 if you have the header file. */ #undef HAVE_TERMCAP_H @@ -1013,6 +1112,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_TERM_H +/* Define to 1 if you have the `tfind' function. */ +#undef HAVE_TFIND + /* Define to 1 if you have the `tgetent' function. */ #undef HAVE_TGETENT @@ -1028,12 +1130,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the header file. */ #undef HAVE_TMPDIR_H +/* Define if you have the function `tsearch'. */ +#undef HAVE_TSEARCH + /* Define to 1 if you have the `ttyname' function. */ #undef HAVE_TTYNAME /* Define to 1 if you have the `ttyslot' function. */ #undef HAVE_TTYSLOT +/* Define to 1 if you have the `twalk' function. */ +#undef HAVE_TWALK + /* Define to 1 if you have the header file. */ #undef HAVE_UDB_H @@ -1136,9 +1244,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `warnx'. */ #undef HAVE_WARNX +/* Define to 1 if you have the header file. */ +#undef HAVE_WINSOCK2_H + /* Define if you have the function `writev'. */ #undef HAVE_WRITEV +/* Define to 1 if you have the header file. */ +#undef HAVE_WS2TCPIP_H + /* define if struct winsize has ws_xpixel */ #undef HAVE_WS_XPIXEL @@ -1172,24 +1286,40 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the `__progname' variable. */ #undef HAVE___PROGNAME +/* have __sync_add_and_fetch */ +#undef HAVE___SYNC_ADD_AND_FETCH + +/* Define if you want support for weak crypto */ +#undef HEIM_WEAK_CRYPTO + /* Define if you have the hesiod package. */ #undef HESIOD -/* Define if you are running IRIX 4. */ -#undef IRIX4 - /* Enable Kerberos 5 support in applications. */ #undef KRB5 +/* Define to enable kx509. */ +#undef KX509 + /* path to lib */ #undef LIBDIR +/* Define if you have the libedit package. */ +#undef LIBEDIT + /* path to libexec */ #undef LIBEXECDIR +/* Define if you have the libintl package. */ +#undef LIBINTL + /* path to localstate */ #undef LOCALSTATEDIR +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + /* define if the system is missing a prototype for asnprintf() */ #undef NEED_ASNPRINTF_PROTO @@ -1223,6 +1353,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if the system is missing a prototype for mkstemp() */ #undef NEED_MKSTEMP_PROTO +/* if your qsort is not a stable sort */ +#undef NEED_QSORT + /* define if the system is missing a prototype for SecKeyGetCSPHandle() */ #undef NEED_SECKEYGETCSPHANDLE_PROTO @@ -1238,6 +1371,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if the system is missing a prototype for strsep() */ #undef NEED_STRSEP_PROTO +/* define if the system is missing a prototype for strsvisx() */ +#undef NEED_STRSVISX_PROTO + /* define if the system is missing a prototype for strsvis() */ #undef NEED_STRSVIS_PROTO @@ -1314,6 +1450,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION @@ -1338,12 +1477,25 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you want to use samba socket wrappers. */ #undef SOCKET_WRAPPER_REPLACE +/* Define if you have the sqlite3 package. */ +#undef SQLITE3 + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define if you have streams ptys. */ #undef STREAMSPTY +/* define if prototype of strerror_r is compatible with int strerror_r(int, + char *, size_t) */ +#undef STRERROR_R_PROTO_COMPATIBLE + +/* Define if os support want to detach is daemonens. */ +#undef SUPPORT_DETACH + +/* Enable use of inetd style startup. */ +#undef SUPPORT_INETD + /* path to sysconf */ #undef SYSCONFDIR @@ -1372,6 +1524,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } `char[]'. */ #undef YYTEXT_POINTER +/* Required for functional/sane headers on AIX */ +#undef _ALL_SOURCE + /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS @@ -1381,6 +1536,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define for large files, on AIX-style hosts. */ #undef _LARGE_FILES +/* Define to get POSIX getpwnam_r in some systems. */ +#undef _POSIX_PTHREAD_SEMANTICS + /* Define to empty if `const' does not conform to ANSI C. */ #undef const @@ -1402,6 +1560,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to `int' if does not define. */ #undef pid_t +/* Path name delimiter */ +#undef rk_PATH_DELIM + /* Define this to what the type sig_atomic_t should be. */ #undef sig_atomic_t @@ -1411,6 +1572,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to `int' if doesn't define. */ #undef uid_t +#if _AIX +/* XXX this is gross, but kills about a gazillion warnings */ +struct ether_addr; +struct sockaddr; +struct sockaddr_dl; +struct sockaddr_in; +#endif + +#ifdef __APPLE__ +#include +#endif + #ifdef ROKEN_RENAME #include "roken_rename.h" #endif @@ -1426,7 +1599,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif -#if ENDIANESS_IN_SYS_PARAM_H +#ifdef ENDIANESS_IN_SYS_PARAM_H # include # include # if BYTE_ORDER == BIG_ENDIAN @@ -1435,27 +1608,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif -#if _AIX -#define _ALL_SOURCE -/* XXX this is gross, but kills about a gazillion warnings */ -struct ether_addr; -struct sockaddr; -struct sockaddr_dl; -struct sockaddr_in; -#endif -/* IRIX 4 braindamage */ -#if IRIX == 4 && !defined(__STDC__) -#define __STDC__ 0 -#endif - - - -#if defined(ENCRYPTION) && !defined(AUTHENTICATION) -#define AUTHENTICATION 1 -#endif - /* Set this to the default system lead string for telnetd * can contain %-escapes: %s=sysname, %m=machine, %r=os-release * %v=os-version, %t=tty, %h=hostname, %d=date and time diff --git a/crypto/heimdal/include/crypto-headers.h b/crypto/heimdal/include/crypto-headers.h new file mode 100644 index 00000000000..a23aaf86e90 --- /dev/null +++ b/crypto/heimdal/include/crypto-headers.h @@ -0,0 +1,57 @@ +#ifndef __crypto_header__ +#define __crypto_header__ + +#ifndef PACKAGE_NAME +#error "need config.h" +#endif + +#ifdef HAVE_OPENSSL + +#define OPENSSL_DES_LIBDES_COMPATIBILITY + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef BN_is_negative +#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0) +#define BN_is_negative(bn) ((bn)->neg != 0) +#endif + +#else /* !HAVE_OPENSSL */ + +#ifdef KRB5 +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#endif /* HAVE_OPENSSL */ + +#endif /* __crypto_header__ */ diff --git a/crypto/heimdal/include/gssapi/Makefile.am b/crypto/heimdal/include/gssapi/Makefile.am index 71733955741..c0b05086433 100644 --- a/crypto/heimdal/include/gssapi/Makefile.am +++ b/crypto/heimdal/include/gssapi/Makefile.am @@ -1,6 +1,7 @@ -# $Id: Makefile.am 18701 2006-10-20 20:32:01Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h +CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h gssapi_ntlm.h gssapi_oid.h +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/include/gssapi/Makefile.in b/crypto/heimdal/include/gssapi/Makefile.in index 0aef05ddffe..f8ef1bce6fc 100644 --- a/crypto/heimdal/include/gssapi/Makefile.in +++ b/crypto/heimdal/include/gssapi/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 18701 2006-10-20 20:32:01Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = include/gssapi ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -97,49 +101,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -163,10 +176,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -183,6 +197,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -198,31 +214,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -237,10 +267,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -281,47 +313,53 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h +CLEANFILES = gssapi.h gssapi_krb5.h gssapi_spnego.h gssapi_ntlm.h gssapi_oid.h +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/gssapi/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps include/gssapi/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/gssapi/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign include/gssapi/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -339,6 +377,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -368,13 +407,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -407,6 +450,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -425,6 +469,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -432,23 +478,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -470,9 +524,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool dist-hook distclean \ @@ -556,6 +609,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -641,7 +697,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -654,6 +710,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/include/hcrypto/Makefile.am b/crypto/heimdal/include/hcrypto/Makefile.am index c5299a387ca..4b76909d646 100644 --- a/crypto/heimdal/include/hcrypto/Makefile.am +++ b/crypto/heimdal/include/hcrypto/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 16553 2006-01-13 13:43:32Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -8,8 +8,13 @@ CLEANFILES = \ des.h \ dh.h \ dsa.h \ + ec.h \ + ecdsa.h \ + ecdh.h \ engine.h \ evp.h \ + evp-hcrypto.h \ + evp-cc.h \ hmac.h \ md2.h \ md4.h \ @@ -21,3 +26,5 @@ CLEANFILES = \ rsa.h \ sha.h \ ui.h + +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/include/hcrypto/Makefile.in b/crypto/heimdal/include/hcrypto/Makefile.in index 9896a2ad03f..a0394409499 100644 --- a/crypto/heimdal/include/hcrypto/Makefile.in +++ b/crypto/heimdal/include/hcrypto/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 16553 2006-01-13 13:43:32Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = include/hcrypto ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -97,49 +101,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -163,10 +176,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -183,6 +197,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -198,31 +214,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -237,10 +267,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -281,29 +313,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CLEANFILES = \ aes.h \ @@ -311,8 +348,13 @@ CLEANFILES = \ des.h \ dh.h \ dsa.h \ + ec.h \ + ecdsa.h \ + ecdh.h \ engine.h \ evp.h \ + evp-hcrypto.h \ + evp-cc.h \ hmac.h \ md2.h \ md4.h \ @@ -325,22 +367,23 @@ CLEANFILES = \ sha.h \ ui.h +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/hcrypto/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps include/hcrypto/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/hcrypto/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign include/hcrypto/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -358,6 +401,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -387,13 +431,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -444,6 +493,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -451,23 +502,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -489,9 +548,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool dist-hook distclean \ @@ -575,6 +633,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -660,7 +721,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -673,6 +734,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/krb5/heim_threads.h b/crypto/heimdal/include/heim_threads.h similarity index 82% rename from crypto/heimdal/lib/krb5/heim_threads.h rename to crypto/heimdal/include/heim_threads.h index 3c27d13d81b..8ff677f3309 100644 --- a/crypto/heimdal/lib/krb5/heim_threads.h +++ b/crypto/heimdal/include/heim_threads.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */ +/* $Id$ */ /* * Provide wrapper macros for thread synchronization primitives so we @@ -50,7 +50,7 @@ #if defined(__NetBSD__) && __NetBSD_Version__ >= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT) -/* +/* * NetBSD have a thread lib that we can use that part of libc that * works regardless if application are linked to pthreads or not. * NetBSD newer then 2.99.11 just use pthread.h, and the same thing @@ -67,13 +67,13 @@ #define HEIMDAL_RWLOCK rwlock_t #define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER -#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL) -#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l) -#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l) -#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) -#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) -#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l) -#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l) +#define HEIMDAL_RWLOCK_init(l) rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) rwlock_destroy(l) #define HEIMDAL_thread_key thread_key_t #define HEIMDAL_key_create(k,d,r) do { r = thr_keycreate(k,d); } while(0) @@ -94,13 +94,13 @@ #define HEIMDAL_RWLOCK rwlock_t #define HEIMDAL_RWLOCK_INITIALIZER RWLOCK_INITIALIZER -#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL) -#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l) -#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l) -#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) -#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) -#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l) -#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l) +#define HEIMDAL_RWLOCK_init(l) pthread_rwlock_init(l, NULL) +#define HEIMDAL_RWLOCK_rdlock(l) pthread_rwlock_rdlock(l) +#define HEIMDAL_RWLOCK_wrlock(l) pthread_rwlock_wrlock(l) +#define HEIMDAL_RWLOCK_tryrdlock(l) pthread_rwlock_tryrdlock(l) +#define HEIMDAL_RWLOCK_trywrlock(l) pthread_rwlock_trywrlock(l) +#define HEIMDAL_RWLOCK_unlock(l) pthread_rwlock_unlock(l) +#define HEIMDAL_RWLOCK_destroy(l) pthread_rwlock_destroy(l) #define HEIMDAL_thread_key pthread_key_t #define HEIMDAL_key_create(k,d,r) do { r = pthread_key_create(k,d); } while(0) diff --git a/crypto/heimdal/include/kadm5/Makefile.am b/crypto/heimdal/include/kadm5/Makefile.am index 6ccf564d30c..d0ce25d3f67 100644 --- a/crypto/heimdal/include/kadm5/Makefile.am +++ b/crypto/heimdal/include/kadm5/Makefile.am @@ -1,5 +1,8 @@ -# $Id: Makefile.am 18696 2006-10-20 20:25:13Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h +CLEANFILES = admin.h kadm5_err.h private.h +CLEANFILES += kadm5-private.h kadm5-protos.h kadm5-pwcheck.h + +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/include/kadm5/Makefile.in b/crypto/heimdal/include/kadm5/Makefile.in index a553ab99d0c..f0bccb1f2cc 100644 --- a/crypto/heimdal/include/kadm5/Makefile.in +++ b/crypto/heimdal/include/kadm5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 18696 2006-10-20 20:25:13Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = include/kadm5 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -97,49 +101,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -163,10 +176,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -183,6 +197,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -198,31 +214,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -237,10 +267,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -281,47 +313,54 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h +CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h \ + kadm5-protos.h kadm5-pwcheck.h +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps include/kadm5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps include/kadm5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/kadm5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign include/kadm5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -339,6 +378,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -368,13 +408,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -407,6 +451,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -425,6 +470,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -432,23 +479,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -470,9 +525,8 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool dist-hook distclean \ @@ -556,6 +610,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -641,7 +698,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -654,6 +711,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/include/krb5-types.cross b/crypto/heimdal/include/krb5-types.cross new file mode 100644 index 00000000000..ee43abd4a6e --- /dev/null +++ b/crypto/heimdal/include/krb5-types.cross @@ -0,0 +1,61 @@ +/* + * generic krb5-types.h for cross compiling, assume system is posix/sus + */ + +#ifndef __krb5_types_h__ +#define __krb5_types_h__ + +#include +#include +#include + +typedef socklen_t krb5_socklen_t; +#include +typedef ssize_t krb5_ssize_t; + +#if !defined(__has_extension) +#define __has_extension(x) 0 +#endif + +#define KRB5TYPES_REQUIRE_GNUC(m,n,p) \ + (((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + __GNUC_PATCHLEVEL__) >= \ + (((m) * 10000) + ((n) * 100) + (p))) + + +#ifndef HEIMDAL_DEPRECATED +#if __has_extension(deprecated) || KRB5TYPES_REQUIRE_GNUC(3,1,0) +#define HEIMDAL_DEPRECATED __attribute__((deprecated)) +#elif defined(_MSC_VER) && (_MSC_VER>1200) +#define HEIMDAL_DEPRECATED __declspec(deprecated) +#else +#define HEIMDAL_DEPRECATED +#endif +#endif + +#ifndef HEIMDAL_PRINTF_ATTRIBUTE +#if __has_extension(format) || KRB5TYPES_REQUIRE_GNUC(3,1,0) +#define HEIMDAL_PRINTF_ATTRIBUTE(x) __attribute__((format x)) +#else +#define HEIMDAL_PRINTF_ATTRIBUTE(x) +#endif +#endif + +#ifndef HEIMDAL_NORETURN_ATTRIBUTE +#if __has_extension(noreturn) || KRB5TYPES_REQUIRE_GNUC(3,1,0) +#define HEIMDAL_NORETURN_ATTRIBUTE __attribute__((noreturn)) +#else +#define HEIMDAL_NORETURN_ATTRIBUTE +#endif +#endif + +#ifndef HEIMDAL_UNUSED_ATTRIBUTE +#if __has_extension(unused) || KRB5TYPES_REQUIRE_GNUC(3,1,0) +#define HEIMDAL_UNUSED_ATTRIBUTE __attribute__((unused)) +#else +#define HEIMDAL_UNUSED_ATTRIBUTE +#endif +#endif + +typedef int krb5_socket_t; + +#endif /* __krb5_types_h__ */ diff --git a/crypto/heimdal/include/make_crypto.c b/crypto/heimdal/include/make_crypto.c deleted file mode 100644 index 2df17a555e8..00000000000 --- a/crypto/heimdal/include/make_crypto.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2002 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: make_crypto.c 19477 2006-12-20 19:51:53Z lha $"); -#endif -#include -#include -#include -#include - -int -main(int argc, char **argv) -{ - char *p; - FILE *f; - if(argc != 2) { - fprintf(stderr, "Usage: make_crypto file\n"); - exit(1); - } - if (strcmp(argv[1], "--version") == 0) { - printf("some version"); - return 0; - } - f = fopen(argv[1], "w"); - if(f == NULL) { - perror(argv[1]); - exit(1); - } - for(p = argv[1]; *p; p++) - if(!isalnum((unsigned char)*p)) - *p = '_'; - fprintf(f, "#ifndef __%s__\n", argv[1]); - fprintf(f, "#define __%s__\n", argv[1]); -#ifdef HAVE_OPENSSL - fputs("#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY\n", f); - fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f); - fputs("#endif\n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#ifndef BN_is_negative\n", f); - fputs("#define BN_set_negative(bn, flag) ((bn)->neg=(flag)?1:0)\n", f); - fputs("#define BN_is_negative(bn) ((bn)->neg != 0)\n", f); - fputs("#endif\n", f); -#else - fputs("#ifdef KRB5\n", f); - fputs("#include \n", f); - fputs("#endif\n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); - fputs("#include \n", f); -#endif - fprintf(f, "#endif /* __%s__ */\n", argv[1]); - fclose(f); - exit(0); -} diff --git a/crypto/heimdal/install-sh b/crypto/heimdal/install-sh index 4fbbae7b7ff..6781b987bdb 100755 --- a/crypto/heimdal/install-sh +++ b/crypto/heimdal/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2006-10-14.15 +scriptversion=2009-04-28.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -48,7 +48,7 @@ IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" +doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else @@ -58,34 +58,49 @@ fi # Put in absolute file names if you don't have them in your path; # or use environment vars. -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' -posix_glob= posix_mkdir= # Desired mode of installed file. mode=0755 +chgrpcmd= chmodcmd=$chmodprog chowncmd= -chgrpcmd= -stripcmd= +mvcmd=$mvprog rmcmd="$rmprog -f" -mvcmd="$mvprog" +stripcmd= + src= dst= dir_arg= -dstarg= +dst_arg= + +copy_on_change=false no_target_directory= -usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... @@ -95,65 +110,55 @@ In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --c (ignored) --d create directories instead of installing files. --g GROUP $chgrpprog installed files to GROUP. --m MODE $chmodprog installed files to MODE. --o USER $chownprog installed files to USER. --s $stripprog installed files. --t DIRECTORY install into DIRECTORY. --T report an error if DSTFILE is a directory. ---help display this help and exit. ---version display version info and exit. + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. Environment variables override the default commands: - CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG " while test $# -ne 0; do case $1 in - -c) shift - continue;; + -c) ;; - -d) dir_arg=true - shift - continue;; + -C) copy_on_change=true;; + + -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - shift - shift case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac - continue;; + shift;; -o) chowncmd="$chownprog $2" - shift - shift - continue;; + shift;; - -s) stripcmd=$stripprog - shift - continue;; + -s) stripcmd=$stripprog;; - -t) dstarg=$2 - shift - shift - continue;; + -t) dst_arg=$2 + shift;; - -T) no_target_directory=true - shift - continue;; + -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; @@ -165,21 +170,22 @@ while test $# -ne 0; do *) break;; esac + shift done -if test $# -ne 0 && test -z "$dir_arg$dstarg"; then +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do - if test -n "$dstarg"; then + if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. - set fnord "$@" "$dstarg" + set fnord "$@" "$dst_arg" shift # fnord fi shift # arg - dstarg=$arg + dst_arg=$arg done fi @@ -224,7 +230,7 @@ for src do # Protect names starting with `-'. case $src in - -*) src=./$src ;; + -*) src=./$src;; esac if test -n "$dir_arg"; then @@ -242,22 +248,22 @@ do exit 1 fi - if test -z "$dstarg"; then + if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi - dst=$dstarg + dst=$dst_arg # Protect names starting with `-'. case $dst in - -*) dst=./$dst ;; + -*) dst=./$dst;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then - echo "$0: $dstarg: Is a directory" >&2 + echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst @@ -378,26 +384,19 @@ do # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix=/ ;; - -*) prefix=./ ;; - *) prefix= ;; + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; esac - case $posix_glob in - '') - if (set -f) 2>/dev/null; then - posix_glob=true - else - posix_glob=false - fi ;; - esac + eval "$initialize_posix_glob" oIFS=$IFS IFS=/ - $posix_glob && set -f + $posix_glob set -f set fnord $dstdir shift - $posix_glob && set +f + $posix_glob set +f IFS=$oIFS prefixes= @@ -459,41 +458,54 @@ do # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # - { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ - && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ - && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ - && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && - # Now rename the file to the real destination. - { $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null \ - || { - # The rename failed, perhaps because mv can't rename something else - # to itself, or perhaps because mv is so ancient that it does not - # support -f. + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - if test -f "$dst"; then - $doit $rmcmd -f "$dst" 2>/dev/null \ - || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null \ - && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }; }\ - || { - echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - else - : - fi - } && + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" - } - } || exit 1 + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 trap '' 0 fi @@ -503,5 +515,6 @@ done # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog index ef1d458127f..05dc1b1f11c 100644 --- a/crypto/heimdal/kadmin/ChangeLog +++ b/crypto/heimdal/kadmin/ChangeLog @@ -1,20 +1,24 @@ -2007-12-09 Love Hörnquist Åstrand +2008-04-07 Love Hörnquist Ã…strand + + * kadm_conn.c: Use unsigned where appropriate. + +2007-12-09 Love Hörnquist Ã…strand * kadmin.c: Use hdb_db_dir(). * kadmind.c: Use hdb_db_dir(). -2007-07-26 Love Hörnquist Åstrand +2007-07-26 Love Hörnquist Ã…strand * util.c: Clear error string, just to be sure. -2007-05-10 Love Hörnquist Åstrand +2007-05-10 Love Hörnquist Ã…strand * kadmin-commands.in: modify --pkinit-acl * mod.c: add pk-init command -2007-02-22 Love Hörnquist Åstrand +2007-02-22 Love Hörnquist Ã…strand * kadmin.8: document kadmin add_enctype functionallity. @@ -25,7 +29,7 @@ * add_enctype.c: Add support for adding a random key enctype to a principal. -2007-02-17 Love Hörnquist Åstrand +2007-02-17 Love Hörnquist Ã…strand * mod.c: add setting and displaying aliases @@ -33,7 +37,7 @@ * kadmin-commands.in: add setting and displaying aliases -2006-12-22 Love Hörnquist Åstrand +2006-12-22 Love Hörnquist Ã…strand * util.c: Make str2time_t parser more robust. @@ -41,51 +45,51 @@ * test_util.c: Test str2time_t parser. -2006-12-05 Love Hörnquist Åstrand +2006-12-05 Love Hörnquist Ã…strand * add-random-users.c: Use strcspn to remove \n from fgets - result. Prompted by change by Ray Lai of OpenBSD via Björn + result. Prompted by change by Ray Lai of OpenBSD via Björn Sandell. -2006-10-22 Love Hörnquist Åstrand +2006-10-22 Love Hörnquist Ã…strand * mod.c: Try to not leak memory. * check.c: Try to not leak memory. -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: split build files into dist_ and noinst_ SOURCES -2006-08-28 Love Hörnquist Åstrand +2006-08-28 Love Hörnquist Ã…strand * kadmin.c (help): use sl_slc_help(). -2006-08-24 Love Hörnquist Åstrand +2006-08-24 Love Hörnquist Ã…strand * util.c: Add KRB5_KDB_ALLOW_DIGEST -2006-07-14 Love Hörnquist Åstrand +2006-07-14 Love Hörnquist Ã…strand * get.c (format_field): optionally print issuer and anchor. -2006-06-21 Love Hörnquist Åstrand +2006-06-21 Love Hörnquist Ã…strand * check.c: Check if afs@REALM and afs/cellname@REALM both exists. -2006-06-14 Love Hörnquist Åstrand +2006-06-14 Love Hörnquist Ã…strand * util.c (kdb_attrs): Add KRB5_KDB_ALLOW_KERBEROS4 -2006-06-07 Love Hörnquist Åstrand +2006-06-07 Love Hörnquist Ã…strand * mod.c (do_mod_entry): Add setting 1 delegation entry -2006-06-01 Love Hörnquist Åstrand +2006-06-01 Love Hörnquist Ã…strand * server.c: Less shadowing. -2006-05-13 Love Hörnquist Åstrand +2006-05-13 Love Hörnquist Ã…strand * Makefile.am: kadmin_SOURCES += add check.c @@ -98,32 +102,32 @@ * check.c: Check database for strange configurations on default principals. -2006-05-08 Love Hörnquist Åstrand +2006-05-08 Love Hörnquist Ã…strand * server.c (kadm_get_privs): one less "pointer targets in passing argument differ in signedness" warning. -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand * dump-format.txt: Moved to info documentation. * Rename u_intXX_t to uintXX_t -2006-05-01 Love Hörnquist Åstrand +2006-05-01 Love Hörnquist Ã…strand * kadmin.8: spelling, update .Dd -2006-04-12 Love Hörnquist Åstrand +2006-04-12 Love Hörnquist Ã…strand * add-random-users.c: Catch empty file case. From Tobias Stoeckmann. -2006-04-07 Love Hörnquist Åstrand +2006-04-07 Love Hörnquist Ã…strand * random_password.c (generate_password): memory leak in error condition case From Coverity NetBSD CID#1887 -2006-02-19 Love Hörnquist Åstrand +2006-02-19 Love Hörnquist Ã…strand * cpw.c (cpw_entry): make sure ret have a defined value @@ -132,7 +136,7 @@ * mod.c: Return error code so that toplevel function can catch them. -2006-01-25 Love Hörnquist Åstrand +2006-01-25 Love Hörnquist Ã…strand * cpw.c (cpw_entry): return 1 on failure. @@ -148,26 +152,26 @@ * util.c (foreach_principal): If any of calls to `func' failes, the first error is returned when all principals are processed. -2005-12-01 Love Hörnquist Åstrand +2005-12-01 Love Hörnquist Ã…strand * kadmin-commands.in: Add ank as an alias to add, it lost in - transition to slc, from Måns Nilsson. + transition to slc, from MÃ¥ns Nilsson. -2005-09-14 Love Hörquist Åstrand +2005-09-14 Love Hörquist Ã…strand * dump-format.txt: Add extensions, fill in missing fields. -2005-09-08 Love Hörquist Åstrand +2005-09-08 Love Hörquist Ã…strand * init.c (create_random_entry): create principal with random password even though its disabled. From Andrew Bartlet -2005-09-01 Love Hörquist Åstrand +2005-09-01 Love Hörquist Ã…strand * kadm_conn.c: Use socket_set_reuseaddr and socket_set_ipv6only. -2005-08-11 Love Hörquist Åstrand +2005-08-11 Love Hörquist Ã…strand * get.c: Remove structure that is never used (sneaked in the large TL_DATA patch). @@ -188,7 +192,7 @@ options and fix a dependency bug (keys needed principal to print the salting). -2005-07-08 Love Hörquist Åstrand +2005-07-08 Love Hörquist Ã…strand * lower amount of shadow and const warnings @@ -196,14 +200,14 @@ * dump-format.txt: Clarify, spelling and add examples. -2005-05-30 Love Hörquist Åstrand +2005-05-30 Love Hörquist Ã…strand * util.c (kdb_attrs): add ok-as-delegate * get.c (getit): init data.mask to 0. Problem found by Andrew Bartlett -2005-05-09 Love Hörquist Åstrand +2005-05-09 Love Hörquist Ã…strand * kadmin.c (main): catch -2 as EOF @@ -215,12 +219,12 @@ * kadmin.c (help): Don't use non-constant initializer for `fake'. -2005-04-20 Love Hörquist Åstrand +2005-04-20 Love Hörquist Ã…strand * util.c (foreach_principal): initialize ret to make sure it have a value -2005-04-04 Love Hörquist Åstrand +2005-04-04 Love Hörquist Ã…strand * kadmind.c: add verifier libraries with kadm5_add_passwd_quality_verifier @@ -231,50 +235,50 @@ * load.c: max-life and max-renew is of unsigned int in asn1 compiler, use that for the parser too -2005-03-26 Love Hörquist Åstrand +2005-03-26 Love Hörquist Ã…strand * kadmin.8: List of attributes, from James F. Hranicky -2005-01-19 Love Hörquist Åstrand +2005-01-19 Love Hörquist Ã…strand * dump.c (dump): handle errors -2005-01-08 Love Hörquist Åstrand +2005-01-08 Love Hörquist Ã…strand * dump-format.txt: text dump format -2004-12-08 Love Hörquist Åstrand +2004-12-08 Love Hörquist Ã…strand * kadmind.8: use keeps around options, from OpenBSD * kadmin.8: use keeps around options, "improve" spelling, from openbsd -2004-11-01 Love Hörquist Åstrand +2004-11-01 Love Hörquist Ã…strand * get.c (getit): always free columns * ank.c (add_one_principal): catch error from UI_UTIL_read_pw_string -2004-10-31 Love Hörquist Åstrand +2004-10-31 Love Hörquist Ã…strand * del_enctype.c (del_enctype): fix off-by-one error in del_enctype From: -2004-08-13 Love Hörquist Åstrand +2004-08-13 Love Hörquist Ã…strand * get.c: print keytypes on long format -2004-07-06 Love Hörquist Åstrand +2004-07-06 Love Hörquist Ã…strand * get.c (format_field): allow mod_name to be optional * ext.c (do_ext_keytab): if there isn't any keydata, try using kadm5_randkey_principal -2004-07-02 Love Hörquist Åstrand +2004-07-02 Love Hörquist Ã…strand * load.c: make merge/load work again @@ -282,7 +286,7 @@ * ank.c: fix slc lossage -2004-06-28 Love Hörquist Åstrand +2004-06-28 Love Hörquist Ã…strand * kadmin.c: use kadm5_ad_init_with_password_ctx @@ -303,11 +307,11 @@ * kadmin: convert to use slc; also add stash subcommand -2004-06-15 Love Hörquist Åstrand +2004-06-15 Love Hörquist Ã…strand * kadmin.c (main): keytab mode requires principal name -2004-06-12 Love Hörquist Åstrand +2004-06-12 Love Hörquist Ã…strand * kadmind.c: drop keyfile, not used, found by Elrond @@ -315,7 +319,7 @@ * kadmin.c: if keyfile is set, pass in to libkadm5 bug pointed out by Elrond -2004-05-31 Love Hörquist Åstrand +2004-05-31 Love Hörquist Ã…strand * kadmin.c: add --ad flag, XXX rewrite the init kadm5 interface @@ -328,7 +332,7 @@ * util.c (str2time_t): fix end-of-day logic, from Duncan McEwan/Mark Davies. -2004-04-29 Love Hörquist Åstrand +2004-04-29 Love Hörquist Ã…strand * version4.c (handle_v4): make sure length is longer then 2, Pointed out by Evgeny Demidov @@ -342,7 +346,7 @@ * mod.c: allow wildcarding principals, and make parameters a work same as if prompted -2004-03-08 Love Hörquist Åstrand +2004-03-08 Love Hörquist Ã…strand * kadmin.8: document password-quality @@ -354,40 +358,40 @@ * pw_quality.c: test run the password quality function -2004-03-07 Love Hörquist Åstrand +2004-03-07 Love Hörquist Ã…strand * ank.c (add_one_principal): even though the principal is disabled (creation of random key/keydata), create it with a random password -2003-12-07 Love Hörquist Åstrand +2003-12-07 Love Hörquist Ã…strand * init.c (create_random_entry): print error message on failure * ank.c (add_one_principal): pass right argument to kadm5_free_principal_ent From Panasas, Inc -2003-11-18 Love Hörquist Åstrand +2003-11-18 Love Hörquist Ã…strand * kadmind.c (main): move opening the logfile to after reading kdc.conf move the loading of hdb keytab ops closer to where its used From: Jeffrey Hutzelman -2003-10-04 Love Hörquist Åstrand +2003-10-04 Love Hörquist Ã…strand * util.c (str2time_t): allow whitespace between date and time From: Bob Beck and adharw@yahoo.com -2003-09-03 Love Hörquist Åstrand +2003-09-03 Love Hörquist Ã…strand * ank.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ * cpw.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ -2003-08-21 Love Hörquist Åstrand +2003-08-21 Love Hörquist Ã…strand * get.c (print_entry_terse): handle error when unparsing name -2003-08-18 Love Hörquist Åstrand +2003-08-18 Love Hörquist Ã…strand * kadmind.c (main): use krb5_prepend_config_files_default, now all options in kdc.conf is parsed, not just [kdc]key-file= @@ -395,16 +399,16 @@ * kadmin.c (main): use krb5_prepend_config_files_default, now all options in kdc.conf is parsed, not just [kdc]key-file= -2003-04-14 Love Hörquist Åstrand +2003-04-14 Love Hörquist Ã…strand * util.c: cast argument to tolower to unsigned char, from Christian Biere via NetBSD -2003-04-06 Love Hörquist Åstrand +2003-04-06 Love Hörquist Ã…strand * kadmind.8: s/kerberos/Kerberos/ -2003-03-31 Love Hörquist Åstrand +2003-03-31 Love Hörquist Ã…strand * kadmin.8: initialises -> initializes, from Perry E. Metzger" @@ -412,13 +416,13 @@ * kadmin.c: principal, not pricipal. From Thomas Klausner -2003-02-04 Love Hörquist Åstrand +2003-02-04 Love Hörquist Ã…strand * kadmind.8: spelling, from jmc * kadmin.8: spelling, from jmc -2003-01-29 Love Hörquist Åstrand +2003-01-29 Love Hörquist Ã…strand * server.c (kadmind_dispatch): kadm_chpass: require the password to pass the password quality check in case the user changes the diff --git a/crypto/heimdal/kadmin/Makefile.am b/crypto/heimdal/kadmin/Makefile.am index 323439a130d..38f7ddecf8b 100644 --- a/crypto/heimdal/kadmin/Makefile.am +++ b/crypto/heimdal/kadmin/Makefile.am @@ -1,15 +1,13 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 -I$(top_builddir)/include/gssapi sbin_PROGRAMS = kadmin libexec_PROGRAMS = kadmind -SLC = $(top_builddir)/lib/sl/slc - man_MANS = kadmin.8 kadmind.8 noinst_PROGRAMS = add_random_users @@ -47,10 +45,10 @@ kadmin-commands.c kadmin-commands.h: kadmin-commands.in $(SLC) $(srcdir)/kadmin-commands.in kadmind_SOURCES = \ - kadmind.c \ + rpc.c \ server.c \ + kadmind.c \ kadmin_locl.h \ - $(version4_c) \ kadm_conn.c add_random_users_SOURCES = add-random-users.c @@ -63,7 +61,6 @@ check_PROGRAMS = $(TESTS) LDADD_common = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ @@ -71,6 +68,7 @@ LDADD_common = \ $(DBLIB) kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \ + ../lib/gssapi/libgssapi.la \ $(LDADD_common) \ $(LIB_pidfile) \ $(LIB_dlopen) @@ -91,4 +89,9 @@ add_random_users_LDADD = \ test_util_LDADD = $(kadmin_LDADD) -EXTRA_DIST = $(man_MANS) kadmin-commands.in +EXTRA_DIST = \ + NTMakefile \ + kadmin-version.rc \ + kadmind-version.rc \ + $(man_MANS) \ + kadmin-commands.in diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in index 746cb48f664..53c43d16022 100644 --- a/crypto/heimdal/kadmin/Makefile.in +++ b/crypto/heimdal/kadmin/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -49,7 +51,7 @@ check_PROGRAMS = $(am__EXEEXT_1) subdir = kadmin ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -64,7 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -78,9 +80,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -88,25 +93,24 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__EXEEXT_1 = test_util$(EXEEXT) am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(man8dir)" -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) am_add_random_users_OBJECTS = add-random-users.$(OBJEXT) add_random_users_OBJECTS = $(am_add_random_users_OBJECTS) am__DEPENDENCIES_1 = am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) add_random_users_DEPENDENCIES = \ $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/kadm5/libkadm5srv.la $(am__DEPENDENCIES_2) \ @@ -123,12 +127,12 @@ kadmin_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) -am_kadmind_OBJECTS = kadmind.$(OBJEXT) server.$(OBJEXT) \ +am_kadmind_OBJECTS = rpc.$(OBJEXT) server.$(OBJEXT) kadmind.$(OBJEXT) \ kadm_conn.$(OBJEXT) kadmind_OBJECTS = $(am_kadmind_OBJECTS) kadmind_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \ - $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + ../lib/gssapi/libgssapi.la $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_test_util_OBJECTS = test_util.$(OBJEXT) util.$(OBJEXT) test_util_OBJECTS = $(am_test_util_OBJECTS) am__DEPENDENCIES_3 = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ @@ -136,9 +140,9 @@ am__DEPENDENCIES_3 = $(top_builddir)/lib/kadm5/libkadm5clnt.la \ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) test_util_DEPENDENCIES = $(am__DEPENDENCIES_3) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -153,58 +157,90 @@ SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \ $(test_util_SOURCES) DIST_SOURCES = $(add_random_users_SOURCES) $(dist_kadmin_SOURCES) \ $(kadmind_SOURCES) $(test_util_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 MANS = $(man_MANS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -228,10 +264,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -248,6 +285,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -263,31 +302,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -302,10 +355,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -346,32 +401,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_libintl) $(INCLUDE_readline) \ + $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 \ + -I$(top_builddir)/include/gssapi @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -SLC = $(top_builddir)/lib/sl/slc man_MANS = kadmin.8 kadmind.8 dist_kadmin_SOURCES = \ ank.c \ @@ -400,17 +460,16 @@ nodist_kadmin_SOURCES = \ CLEANFILES = kadmin-commands.h kadmin-commands.c kadmind_SOURCES = \ - kadmind.c \ + rpc.c \ server.c \ + kadmind.c \ kadmin_locl.h \ - $(version4_c) \ kadm_conn.c add_random_users_SOURCES = add-random-users.c test_util_SOURCES = test_util.c util.c LDADD_common = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ @@ -418,6 +477,7 @@ LDADD_common = \ $(DBLIB) kadmind_LDADD = $(top_builddir)/lib/kadm5/libkadm5srv.la \ + ../lib/gssapi/libgssapi.la \ $(LDADD_common) \ $(LIB_pidfile) \ $(LIB_dlopen) @@ -437,23 +497,29 @@ add_random_users_LDADD = \ $(LIB_dlopen) test_util_LDADD = $(kadmin_LDADD) -EXTRA_DIST = $(man_MANS) kadmin-commands.in +EXTRA_DIST = \ + NTMakefile \ + kadmin-version.rc \ + kadmind-version.rc \ + $(man_MANS) \ + kadmin-commands.in + all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kadmin/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps kadmin/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign kadmin/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign kadmin/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -471,76 +537,111 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list add_random_users$(EXEEXT): $(add_random_users_OBJECTS) $(add_random_users_DEPENDENCIES) @rm -f add_random_users$(EXEEXT) $(LINK) $(add_random_users_OBJECTS) $(add_random_users_LDADD) $(LIBS) @@ -560,118 +661,154 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add-random-users.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/add_enctype.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ank.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cpw.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/del.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/del_enctype.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dump.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadm_conn.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmin-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadmind.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/load.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pw_quality.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random_password.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stash.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_util.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -680,49 +817,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -733,15 +884,32 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -757,13 +925,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -800,6 +972,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -811,6 +984,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -821,6 +995,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -828,26 +1004,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -868,11 +1053,10 @@ uninstall-am: uninstall-libexecPROGRAMS uninstall-man \ uninstall-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-checkPROGRAMS clean-generic \ @@ -961,6 +1145,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1046,7 +1233,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1064,6 +1251,7 @@ $(kadmin_OBJECTS): kadmin-commands.h kadmin-commands.c kadmin-commands.h: kadmin-commands.in $(SLC) $(srcdir)/kadmin-commands.in + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/kadmin/add-random-users.c b/crypto/heimdal/kadmin/add-random-users.c index b7971434b25..c3beaf206a6 100644 --- a/crypto/heimdal/kadmin/add-random-users.c +++ b/crypto/heimdal/kadmin/add-random-users.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" -RCSID("$Id: add-random-users.c 19213 2006-12-04 23:36:36Z lha $"); - #define WORDS_FILENAME "/usr/share/dict/words" #define NUSERS 1000 @@ -74,6 +72,7 @@ read_words (const char *filename, char ***ret_w) if (n == 0) errx(1, "%s is an empty file, no words to try", filename); *ret_w = w; + fclose(f); return n; } @@ -119,17 +118,17 @@ add_users (const char *filename, unsigned n) ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - ret = kadm5_s_init_with_password_ctx(context, + ret = kadm5_s_init_with_password_ctx(context, KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - NULL, 0, 0, + NULL, 0, 0, &kadm_handle); if(ret) krb5_err(context, 1, ret, "kadm5_init_with_password"); nwords = read_words (filename, &words); - + for (i = 0; i < n; ++i) add_user (context, kadm_handle, nwords, words); kadm5_destroy(kadm_handle); diff --git a/crypto/heimdal/kadmin/add_enctype.c b/crypto/heimdal/kadmin/add_enctype.c index 65337e62c00..233c4ab9498 100644 --- a/crypto/heimdal/kadmin/add_enctype.c +++ b/crypto/heimdal/kadmin/add_enctype.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1999-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: add_enctype.c 20287 2007-02-22 03:12:30Z lha $"); - /* * del_enctype principal enctypes... */ @@ -102,6 +100,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv) if (etypes[j] == key->key_data_type[0]) { krb5_warnx(context, "enctype %d already exists", (int)etypes[j]); + free(new_key_data); goto out; } } diff --git a/crypto/heimdal/kadmin/ank.c b/crypto/heimdal/kadmin/ank.c index 7e7cfa8817e..0b7ebc02743 100644 --- a/crypto/heimdal/kadmin/ank.c +++ b/crypto/heimdal/kadmin/ank.c @@ -1,61 +1,59 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: ank.c 16658 2006-01-25 12:29:46Z lha $"); - /* * fetch the default principal corresponding to `princ' */ static krb5_error_code -get_default (kadm5_server_context *context, +get_default (kadm5_server_context *contextp, krb5_principal princ, kadm5_principal_ent_t default_ent) { krb5_error_code ret; krb5_principal def_principal; - krb5_realm *realm = krb5_princ_realm(context->context, princ); + krb5_const_realm realm = krb5_principal_get_realm(contextp->context, princ); - ret = krb5_make_principal (context->context, &def_principal, - *realm, "default", NULL); + ret = krb5_make_principal (contextp->context, &def_principal, + realm, "default", NULL); if (ret) return ret; - ret = kadm5_get_principal (context, def_principal, default_ent, + ret = kadm5_get_principal (contextp, def_principal, default_ent, KADM5_PRINCIPAL_NORMAL_MASK); - krb5_free_principal (context->context, def_principal); + krb5_free_principal (contextp->context, def_principal); return ret; } @@ -68,7 +66,7 @@ static krb5_error_code add_one_principal (const char *name, int rand_key, int rand_password, - int use_defaults, + int use_defaults, char *password, krb5_key_data *key_data, const char *max_ticket_life, @@ -95,7 +93,7 @@ add_one_principal (const char *name, mask |= KADM5_PRINCIPAL; ret = set_entry(context, &princ, &mask, - max_ticket_life, max_renewable_life, + max_ticket_life, max_renewable_life, expiration, pw_expiration, attributes); if (ret) goto out; @@ -110,7 +108,7 @@ add_one_principal (const char *name, KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION; } - if(use_defaults) + if(use_defaults) set_defaults(&princ, &mask, default_ent, default_mask); else if(edit_entry(&princ, &mask, default_ent, default_mask)) @@ -133,13 +131,13 @@ add_one_principal (const char *name, ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1); free (prompt); if (ret) { - krb5_set_error_string(context, "failed to verify password"); ret = KRB5_LIBOS_BADPWDMATCH; + krb5_set_error_message(context, ret, "failed to verify password"); goto out; } password = pwbuf; } - + ret = kadm5_create_principal(kadm_handle, &princ, mask, password); if(ret) { krb5_warn(context, ret, "kadm5_create_principal"); @@ -148,7 +146,7 @@ add_one_principal (const char *name, if(rand_key) { krb5_keyblock *new_keys; int n_keys, i; - ret = kadm5_randkey_principal(kadm_handle, princ_ent, + ret = kadm5_randkey_principal(kadm_handle, princ_ent, &new_keys, &n_keys); if(ret){ krb5_warn(context, ret, "kadm5_randkey_principal"); @@ -158,11 +156,11 @@ add_one_principal (const char *name, krb5_free_keyblock_contents(context, &new_keys[i]); if (n_keys > 0) free(new_keys); - kadm5_get_principal(kadm_handle, princ_ent, &princ, + kadm5_get_principal(kadm_handle, princ_ent, &princ, KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); princ.kvno = 1; - kadm5_modify_principal(kadm_handle, &princ, + kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES | KADM5_KVNO); kadm5_free_principal_ent(kadm_handle, &princ); } else if (key_data) { @@ -171,7 +169,7 @@ add_one_principal (const char *name, if (ret) { krb5_warn(context, ret, "kadm5_chpass_principal_with_key"); } - kadm5_get_principal(kadm_handle, princ_ent, &princ, + kadm5_get_principal(kadm_handle, princ_ent, &princ, KADM5_PRINCIPAL | KADM5_ATTRIBUTES); princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); kadm5_modify_principal(kadm_handle, &princ, KADM5_ATTRIBUTES); @@ -234,7 +232,7 @@ add_new_key(struct add_options *opt, int argc, char **argv) const char *error; if (parse_des_key (opt->key_string, key_data, &error)) { - fprintf (stderr, "failed parsing key \"%s\": %s\n", + fprintf (stderr, "failed parsing key \"%s\": %s\n", opt->key_string, error); return 1; } @@ -242,10 +240,10 @@ add_new_key(struct add_options *opt, int argc, char **argv) } for(i = 0; i < argc; i++) { - ret = add_one_principal (argv[i], - opt->random_key_flag, + ret = add_one_principal (argv[i], + opt->random_key_flag, opt->random_password_flag, - opt->use_defaults_flag, + opt->use_defaults_flag, opt->password_string, kdp, opt->max_ticket_life_string, diff --git a/crypto/heimdal/kadmin/check.c b/crypto/heimdal/kadmin/check.c index bd4f270adb7..b5a03854ab7 100644 --- a/crypto/heimdal/kadmin/check.c +++ b/crypto/heimdal/kadmin/check.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* @@ -38,8 +38,6 @@ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: check.c 20962 2007-06-07 05:09:24Z lha $"); - static int get_check_entry(const char *name, kadm5_principal_ent_rec *ent) { @@ -69,7 +67,7 @@ do_check_entry(krb5_principal principal, void *data) kadm5_principal_ent_rec princ; char *name; int i; - + ret = krb5_unparse_name(context, principal, &name); if (ret) return 1; @@ -85,10 +83,10 @@ do_check_entry(krb5_principal principal, void *data) for (i = 0; i < princ.n_key_data; i++) { size_t keysize; - ret = krb5_enctype_keysize(context, + ret = krb5_enctype_keysize(context, princ.key_data[i].key_data_type[0], &keysize); - if (ret == 0 && keysize != princ.key_data[i].key_data_length[0]) { + if (ret == 0 && keysize != (size_t)princ.key_data[i].key_data_length[0]) { krb5_warnx(context, "Principal %s enctype %d, wrong length: %lu\n", name, princ.key_data[i].key_data_type[0], @@ -142,7 +140,7 @@ check(void *opt, int argc, char **argv) free(p); goto fail; } - free(p); + free(p); kadm5_free_principal_ent(kadm_handle, &ent); @@ -187,13 +185,12 @@ check(void *opt, int argc, char **argv) kadm5_free_principal_ent(kadm_handle, &ent); /* - * Check for duplicate afs keys + * Check for duplicate afs keys */ p2 = strdup(realm); if (p2 == NULL) { krb5_warn(context, errno, "malloc"); - free(p); goto fail; } strlwr(p2); diff --git a/crypto/heimdal/kadmin/cpw.c b/crypto/heimdal/kadmin/cpw.c index c5fa9ed3994..c5a2eb87e9f 100644 --- a/crypto/heimdal/kadmin/cpw.c +++ b/crypto/heimdal/kadmin/cpw.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: cpw.c 16755 2006-02-18 23:30:32Z lha $"); - struct cpw_entry_data { int random_key; int random_password; @@ -120,7 +118,7 @@ static int do_cpw_entry(krb5_principal principal, void *data) { struct cpw_entry_data *e = data; - + if (e->random_key) return set_random_key (principal); else if (e->random_password) @@ -160,12 +158,12 @@ cpw_entry(struct passwd_options *opt, int argc, char **argv) "--random-key, --random-password, --password, --key\n"); return 1; } - + if (opt->key_string) { const char *error; if (parse_des_key (opt->key_string, key_data, &error)) { - fprintf (stderr, "failed parsing key \"%s\": %s\n", + fprintf (stderr, "failed parsing key \"%s\": %s\n", opt->key_string, error); return 1; } diff --git a/crypto/heimdal/kadmin/del.c b/crypto/heimdal/kadmin/del.c index a7db479135e..a4cec7acbe1 100644 --- a/crypto/heimdal/kadmin/del.c +++ b/crypto/heimdal/kadmin/del.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: del.c 16754 2006-02-18 23:29:43Z lha $"); - static int do_del_entry(krb5_principal principal, void *data) { diff --git a/crypto/heimdal/kadmin/del_enctype.c b/crypto/heimdal/kadmin/del_enctype.c index 26921f2d42d..01d2036a45c 100644 --- a/crypto/heimdal/kadmin/del_enctype.c +++ b/crypto/heimdal/kadmin/del_enctype.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1999-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: del_enctype.c 16658 2006-01-25 12:29:46Z lha $"); - /* * del_enctype principal enctypes... */ @@ -84,7 +82,7 @@ del_enctype(void *opt, int argc, char **argv) } new_key_data = malloc(princ.n_key_data * sizeof(*new_key_data)); - if (new_key_data == NULL) { + if (new_key_data == NULL && princ.n_key_data != 0) { krb5_warnx (context, "out of memory"); goto out; } diff --git a/crypto/heimdal/kadmin/dump.c b/crypto/heimdal/kadmin/dump.c index 97ec667ba6f..91a5ada8660 100644 --- a/crypto/heimdal/kadmin/dump.c +++ b/crypto/heimdal/kadmin/dump.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" #include -RCSID("$Id: dump.c 14518 2005-01-19 17:09:56Z lha $"); - extern int local_flag; int @@ -45,7 +43,7 @@ dump(struct dump_options *opt, int argc, char **argv) krb5_error_code ret; FILE *f; HDB *db = NULL; - + if(!local_flag) { krb5_warnx(context, "dump is only available in local (-l) mode"); return 0; @@ -57,7 +55,7 @@ dump(struct dump_options *opt, int argc, char **argv) f = stdout; else f = fopen(argv[0], "w"); - + if(f == NULL) { krb5_warn(context, errno, "open: %s", argv[0]); goto out; @@ -68,7 +66,7 @@ dump(struct dump_options *opt, int argc, char **argv) goto out; } - hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0, + hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0, hdb_print_entry, f); db->hdb_close(context, db); diff --git a/crypto/heimdal/kadmin/ext.c b/crypto/heimdal/kadmin/ext.c index f80272f65f1..cce38bc175f 100644 --- a/crypto/heimdal/kadmin/ext.c +++ b/crypto/heimdal/kadmin/ext.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: ext.c 16658 2006-01-25 12:29:46Z lha $"); - struct ext_keytab_data { krb5_keytab keytab; }; @@ -49,8 +47,8 @@ do_ext_keytab(krb5_principal principal, void *data) krb5_keytab_entry *keys = NULL; krb5_keyblock *k = NULL; int i, n_k; - - ret = kadm5_get_principal(kadm_handle, principal, &princ, + + ret = kadm5_get_principal(kadm_handle, principal, &princ, KADM5_PRINCIPAL|KADM5_KVNO|KADM5_KEY_DATA); if(ret) return ret; @@ -59,7 +57,7 @@ do_ext_keytab(krb5_principal principal, void *data) keys = malloc(sizeof(*keys) * princ.n_key_data); if (keys == NULL) { kadm5_free_principal_ent(kadm_handle, &princ); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } for (i = 0; i < princ.n_key_data; i++) { @@ -83,7 +81,7 @@ do_ext_keytab(krb5_principal principal, void *data) keys = malloc(sizeof(*keys) * n_k); if (keys == NULL) { kadm5_free_principal_ent(kadm_handle, &princ); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } for (i = 0; i < n_k; i++) { diff --git a/crypto/heimdal/kadmin/get.c b/crypto/heimdal/kadmin/get.c index 6e09f916d4f..0895b53ccba 100644 --- a/crypto/heimdal/kadmin/get.c +++ b/crypto/heimdal/kadmin/get.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" @@ -36,8 +36,6 @@ #include #include -RCSID("$Id: get.c 21745 2007-07-31 16:11:25Z lha $"); - static struct field_name { const char *fieldname; unsigned int fieldvalue; @@ -100,7 +98,7 @@ add_column(struct get_entry_data *data, struct field_name *ff, const char *heade data->mask |= ff->fieldvalue; data->extra_mask |= ff->extra_mask; if(data->table != NULL) - rtbl_add_column_by_id(data->table, ff->fieldvalue, + rtbl_add_column_by_id(data->table, ff->fieldvalue, header ? header : ff->default_header, ff->flags); return 0; } @@ -112,9 +110,9 @@ add_column(struct get_entry_data *data, struct field_name *ff, const char *heade static int cmp_salt (const krb5_salt *salt, const krb5_key_data *k) { - if (salt->salttype != k->key_data_type[1]) + if (salt->salttype != (size_t)k->key_data_type[1]) return 1; - if (salt->saltvalue.length != k->key_data_length[1]) + if (salt->saltvalue.length != (size_t)k->key_data_length[1]) return 1; return memcmp (salt->saltvalue.data, k->key_data_contents[1], salt->saltvalue.length); @@ -159,7 +157,7 @@ format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len) } static void -format_field(kadm5_principal_ent_t princ, unsigned int field, +format_field(kadm5_principal_ent_t princ, unsigned int field, unsigned int subfield, char *buf, size_t buf_len, int condensed) { switch(field) { @@ -169,27 +167,27 @@ format_field(kadm5_principal_ent_t princ, unsigned int field, else krb5_unparse_name_fixed(context, princ->principal, buf, buf_len); break; - + case KADM5_PRINC_EXPIRE_TIME: time_t2str(princ->princ_expire_time, buf, buf_len, !condensed); break; - + case KADM5_PW_EXPIRATION: time_t2str(princ->pw_expiration, buf, buf_len, !condensed); break; - + case KADM5_LAST_PWD_CHANGE: time_t2str(princ->last_pwd_change, buf, buf_len, !condensed); break; - + case KADM5_MAX_LIFE: deltat2str(princ->max_life, buf, buf_len); break; - + case KADM5_MAX_RLIFE: deltat2str(princ->max_renewable_life, buf, buf_len); break; - + case KADM5_MOD_TIME: time_t2str(princ->mod_date, buf, buf_len, !condensed); break; @@ -209,7 +207,8 @@ format_field(kadm5_principal_ent_t princ, unsigned int field, snprintf(buf, buf_len, "%d", princ->kvno); break; case KADM5_MKVNO: - snprintf(buf, buf_len, "%d", princ->mkvno); + /* XXX libkadm5srv decrypts the keys, so mkvno is always 0. */ + strlcpy(buf, "unknown", buf_len); break; case KADM5_LAST_SUCCESS: time_t2str(princ->last_success, buf, buf_len, !condensed); @@ -246,7 +245,7 @@ format_field(kadm5_principal_ent_t princ, unsigned int field, krb5_tl_data *tl; for (tl = princ->tl_data; tl != NULL; tl = tl->tl_data_next) - if (tl->tl_data_type == subfield) + if ((unsigned)tl->tl_data_type == subfield) break; if (tl == NULL) { strlcpy(buf, "", buf_len); @@ -262,7 +261,8 @@ format_field(kadm5_principal_ent_t princ, unsigned int field, case KRB5_TL_PKINIT_ACL: { HDB_Ext_PKINIT_acl acl; size_t size; - int i, ret; + int ret; + size_t i; ret = decode_HDB_Ext_PKINIT_acl(tl->tl_data_contents, tl->tl_data_length, @@ -294,7 +294,8 @@ format_field(kadm5_principal_ent_t princ, unsigned int field, case KRB5_TL_ALIASES: { HDB_Ext_Aliases alias; size_t size; - int i, ret; + int ret; + size_t i; ret = decode_HDB_Ext_Aliases(tl->tl_data_contents, tl->tl_data_length, @@ -310,7 +311,7 @@ format_field(kadm5_principal_ent_t princ, unsigned int field, ret = krb5_unparse_name(context, &alias.aliases.val[i], &p); if (ret) break; - if (i < 0) + if (i > 0) strlcat(buf, " ", buf_len); strlcat(buf, p, buf_len); free(p); @@ -335,7 +336,7 @@ print_entry_short(struct get_entry_data *data, kadm5_principal_ent_t princ) { char buf[1024]; struct field_info *f; - + for(f = data->chead; f != NULL; f = f->next) { format_field(princ, f->ff->fieldvalue, f->ff->subvalue, buf, sizeof(buf), 1); rtbl_add_column_entry_by_id(data->table, f->ff->fieldvalue, buf); @@ -348,7 +349,7 @@ print_entry_long(struct get_entry_data *data, kadm5_principal_ent_t princ) char buf[1024]; struct field_info *f; int width = 0; - + for(f = data->chead; f != NULL; f = f->next) { int w = strlen(f->header ? f->header : f->ff->def_longheader); if(w > width) @@ -367,9 +368,9 @@ do_get_entry(krb5_principal principal, void *data) kadm5_principal_ent_rec princ; krb5_error_code ret; struct get_entry_data *e = data; - + memset(&princ, 0, sizeof(princ)); - ret = kadm5_get_principal(kadm_handle, principal, + ret = kadm5_get_principal(kadm_handle, principal, &princ, e->mask | e->extra_mask); if(ret) @@ -420,9 +421,35 @@ setup_columns(struct get_entry_data *data, const char *column_info) return 0; } +static int +do_list_entry(krb5_principal principal, void *data) +{ + char buf[1024]; + krb5_error_code ret; + + ret = krb5_unparse_name_fixed_short(context, principal, buf, sizeof(buf)); + if (ret != 0) + return ret; + printf("%s\n", buf); + return 0; +} + +static int +listit(const char *funcname, int argc, char **argv) +{ + int i; + krb5_error_code ret, saved_ret = 0; + + for (i = 0; i < argc; i++) { + ret = foreach_principal(argv[i], do_list_entry, funcname, NULL); + if (saved_ret == 0 && ret != 0) + saved_ret = ret; + } + return saved_ret != 0; +} + #define DEFAULT_COLUMNS_SHORT "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife" #define DEFAULT_COLUMNS_LONG "principal,princ_expire_time,pw_expiration,last_pwd_change,max_life,max_rlife,kvno,mkvno,last_success,last_failed,fail_auth_count,mod_time,mod_name,attributes,keytypes,pkinit-acl,aliases" -#define DEFAULT_COLUMNS_TERSE "principal=" static int getit(struct get_options *opt, const char *name, int argc, char **argv) @@ -430,7 +457,7 @@ getit(struct get_options *opt, const char *name, int argc, char **argv) int i; krb5_error_code ret; struct get_entry_data data; - + if(opt->long_flag == -1 && (opt->short_flag == 1 || opt->terse_flag == 1)) opt->long_flag = 0; if(opt->short_flag == -1 && (opt->long_flag == 1 || opt->terse_flag == 1)) @@ -440,13 +467,16 @@ getit(struct get_options *opt, const char *name, int argc, char **argv) if(opt->long_flag == 0 && opt->short_flag == 0 && opt->terse_flag == 0) opt->short_flag = 1; + if (opt->terse_flag) + return listit(name, argc, argv); + data.table = NULL; data.chead = NULL; data.ctail = &data.chead; data.mask = 0; data.extra_mask = 0; - if(opt->short_flag || opt->terse_flag) { + if(opt->short_flag) { data.table = rtbl_create(); rtbl_set_separator(data.table, " "); data.format = print_entry_short; @@ -455,24 +485,20 @@ getit(struct get_options *opt, const char *name, int argc, char **argv) if(opt->column_info_string == NULL) { if(opt->long_flag) ret = setup_columns(&data, DEFAULT_COLUMNS_LONG); - else if(opt->short_flag) + else ret = setup_columns(&data, DEFAULT_COLUMNS_SHORT); - else { - ret = setup_columns(&data, DEFAULT_COLUMNS_TERSE); - rtbl_set_flags(data.table, RTBL_HEADER_STYLE_NONE); - } } else ret = setup_columns(&data, opt->column_info_string); - + if(ret != 0) { if(data.table != NULL) rtbl_destroy(data.table); return 0; } - + for(i = 0; i < argc; i++) - ret = foreach_principal(argv[i], do_get_entry, "get", &data); - + ret = foreach_principal(argv[i], do_get_entry, name, &data); + if(data.table != NULL) { rtbl_format(data.table, stdout); rtbl_destroy(data.table); diff --git a/crypto/heimdal/kadmin/init.c b/crypto/heimdal/kadmin/init.c index 8b512f94f2d..19f7328fc17 100644 --- a/crypto/heimdal/kadmin/init.c +++ b/crypto/heimdal/kadmin/init.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" #include -RCSID("$Id: init.c 17447 2006-05-05 10:52:01Z lha $"); - static kadm5_ret_t create_random_entry(krb5_principal princ, unsigned max_life, @@ -78,22 +78,22 @@ create_random_entry(krb5_principal princ, /* Create the entry with a random password */ ret = kadm5_create_principal(kadm_handle, &ent, mask, password); if(ret) { - krb5_warn(context, ret, "create_random_entry(%s): randkey failed", + krb5_warn(context, ret, "create_random_entry(%s): randkey failed", name); goto out; } - + /* Replace the string2key based keys with real random bytes */ ret = kadm5_randkey_principal(kadm_handle, princ, &keys, &n_keys); if(ret) { - krb5_warn(context, ret, "create_random_entry*%s): randkey failed", + krb5_warn(context, ret, "create_random_entry(%s): randkey failed", name); goto out; } for(i = 0; i < n_keys; i++) krb5_free_keyblock_contents(context, &keys[i]); free(keys); - ret = kadm5_get_principal(kadm_handle, princ, &ent, + ret = kadm5_get_principal(kadm_handle, princ, &ent, KADM5_PRINCIPAL | KADM5_ATTRIBUTES); if(ret) { krb5_warn(context, ret, "create_random_entry(%s): " @@ -102,7 +102,7 @@ create_random_entry(krb5_principal princ, } ent.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); ent.kvno = 1; - ret = kadm5_modify_principal(kadm_handle, &ent, + ret = kadm5_modify_principal(kadm_handle, &ent, KADM5_ATTRIBUTES|KADM5_KVNO); kadm5_free_principal_ent (kadm_handle, &ent); if(ret) { @@ -123,23 +123,23 @@ init(struct init_options *opt, int argc, char **argv) kadm5_ret_t ret; int i; HDB *db; - krb5_deltat max_life, max_rlife; + krb5_deltat max_life = 0, max_rlife = 0; - if(!local_flag) { + if (!local_flag) { krb5_warnx(context, "init is only available in local (-l) mode"); return 0; } if (opt->realm_max_ticket_life_string) { if (str2deltat (opt->realm_max_ticket_life_string, &max_life) != 0) { - krb5_warnx (context, "unable to parse \"%s\"", + krb5_warnx (context, "unable to parse \"%s\"", opt->realm_max_ticket_life_string); return 0; } } if (opt->realm_max_renewable_life_string) { if (str2deltat (opt->realm_max_renewable_life_string, &max_rlife) != 0) { - krb5_warnx (context, "unable to parse \"%s\"", + krb5_warnx (context, "unable to parse \"%s\"", opt->realm_max_renewable_life_string); return 0; } @@ -157,15 +157,9 @@ init(struct init_options *opt, int argc, char **argv) krb5_principal princ; const char *realm = argv[i]; - /* Create `krbtgt/REALM' */ - ret = krb5_make_principal(context, &princ, realm, - KRB5_TGS_NAME, realm, NULL); - if(ret) - return 0; if (opt->realm_max_ticket_life_string == NULL) { max_life = 0; if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) { - krb5_free_principal(context, princ); return 0; } } @@ -173,15 +167,24 @@ init(struct init_options *opt, int argc, char **argv) max_rlife = 0; if(edit_deltat("Realm max renewable ticket life", &max_rlife, NULL, 0)) { - krb5_free_principal(context, princ); return 0; } } + + /* Create `krbtgt/REALM' */ + ret = krb5_make_principal(context, &princ, realm, + KRB5_TGS_NAME, realm, NULL); + if(ret) + return 0; + create_random_entry(princ, max_life, max_rlife, 0); krb5_free_principal(context, princ); + if (opt->bare_flag) + continue; + /* Create `kadmin/changepw' */ - krb5_make_principal(context, &princ, realm, + krb5_make_principal(context, &princ, realm, "kadmin", "changepw", NULL); /* * The Windows XP (at least) password changing protocol @@ -189,7 +192,7 @@ init(struct init_options *opt, int argc, char **argv) * renewable, forwardable' and so fails if we disallow * forwardable here. */ - create_random_entry(princ, 5*60, 5*60, + create_random_entry(princ, 5*60, 5*60, KRB5_KDB_DISALLOW_TGT_BASED| KRB5_KDB_PWCHANGE_SERVICE| KRB5_KDB_DISALLOW_POSTDATED| @@ -199,7 +202,7 @@ init(struct init_options *opt, int argc, char **argv) krb5_free_principal(context, princ); /* Create `kadmin/admin' */ - krb5_make_principal(context, &princ, realm, + krb5_make_principal(context, &princ, realm, "kadmin", "admin", NULL); create_random_entry(princ, 60*60, 60*60, KRB5_KDB_REQUIRES_PRE_AUTH); krb5_free_principal(context, princ); @@ -221,6 +224,14 @@ init(struct init_options *opt, int argc, char **argv) KRB5_KDB_DISALLOW_TGT_BASED); krb5_free_principal(context, princ); + /* Create `WELLKNOWN/ANONYMOUS' for anonymous as-req */ + krb5_make_principal(context, &princ, realm, + KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, NULL); + create_random_entry(princ, 60*60, 60*60, + KRB5_KDB_REQUIRES_PRE_AUTH); + krb5_free_principal(context, princ); + + /* Create `default' */ { kadm5_principal_ent_rec ent; diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c index f2a0828ed85..e959d0362ff 100644 --- a/crypto/heimdal/kadmin/kadm_conn.c +++ b/crypto/heimdal/kadmin/kadm_conn.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" @@ -36,8 +36,6 @@ #include #endif -RCSID("$Id: kadm_conn.c 16007 2005-09-01 18:49:57Z lha $"); - struct kadm_port { char *port; unsigned short def_port; @@ -45,16 +43,16 @@ struct kadm_port { } *kadm_ports; static void -add_kadm_port(krb5_context context, const char *service, unsigned int port) +add_kadm_port(krb5_context contextp, const char *service, unsigned int port) { struct kadm_port *p; p = malloc(sizeof(*p)); if(p == NULL) { - krb5_warnx(context, "failed to allocate %lu bytes\n", + krb5_warnx(contextp, "failed to allocate %lu bytes\n", (unsigned long)sizeof(*p)); return; } - + p->port = strdup(service); p->def_port = port; @@ -63,9 +61,9 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port) } static void -add_standard_ports (krb5_context context) +add_standard_ports (krb5_context contextp) { - add_kadm_port(context, "kerberos-adm", 749); + add_kadm_port(contextp, "kerberos-adm", 749); } /* @@ -75,15 +73,15 @@ add_standard_ports (krb5_context context) */ void -parse_ports(krb5_context context, const char *str) +parse_ports(krb5_context contextp, const char *str) { char p[128]; while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) { if(strcmp(p, "+") == 0) - add_standard_ports(context); + add_standard_ports(contextp); else - add_kadm_port(context, p, 0); + add_kadm_port(contextp, p, 0); } } @@ -94,7 +92,12 @@ static RETSIGTYPE sigchld(int sig) { int status; - waitpid(-1, &status, 0); + /* + * waitpid() is async safe. will return -1 or 0 on no more zombie + * children + */ + while ((waitpid(-1, &status, WNOHANG)) > 0) + ; SIGRETURN(0); } @@ -117,68 +120,73 @@ terminate(int sig) } static int -spawn_child(krb5_context context, int *socks, int num_socks, int this_sock) +spawn_child(krb5_context contextp, int *socks, + unsigned int num_socks, int this_sock) { - int e, i; + int e; + size_t i; struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; socklen_t sa_size = sizeof(__ss); - int s; + krb5_socket_t s; pid_t pid; krb5_address addr; char buf[128]; size_t buf_len; s = accept(socks[this_sock], sa, &sa_size); - if(s < 0) { - krb5_warn(context, errno, "accept"); + if(rk_IS_BAD_SOCKET(s)) { + krb5_warn(contextp, rk_SOCK_ERRNO, "accept"); return 1; } - e = krb5_sockaddr2address(context, sa, &addr); + e = krb5_sockaddr2address(contextp, sa, &addr); if(e) - krb5_warn(context, e, "krb5_sockaddr2address"); + krb5_warn(contextp, e, "krb5_sockaddr2address"); else { - e = krb5_print_address (&addr, buf, sizeof(buf), + e = krb5_print_address (&addr, buf, sizeof(buf), &buf_len); - if(e) - krb5_warn(context, e, "krb5_print_address"); + if(e) + krb5_warn(contextp, e, "krb5_print_address"); else - krb5_warnx(context, "connection from %s", buf); - krb5_free_address(context, &addr); + krb5_warnx(contextp, "connection from %s", buf); + krb5_free_address(contextp, &addr); } - + pid = fork(); if(pid == 0) { for(i = 0; i < num_socks; i++) - close(socks[i]); + rk_closesocket(socks[i]); dup2(s, STDIN_FILENO); dup2(s, STDOUT_FILENO); if(s != STDIN_FILENO && s != STDOUT_FILENO) - close(s); + rk_closesocket(s); return 0; } else { - close(s); + rk_closesocket(s); } return 1; } -static int -wait_for_connection(krb5_context context, - int *socks, int num_socks) +static void +wait_for_connection(krb5_context contextp, + krb5_socket_t *socks, unsigned int num_socks) { - int i, e; + unsigned int i; + int e; fd_set orig_read_set, read_set; - int max_fd = -1; - + int status, max_fd = -1; + FD_ZERO(&orig_read_set); - + for(i = 0; i < num_socks; i++) { +#ifdef FD_SETSIZE if (socks[i] >= FD_SETSIZE) errx (1, "fd too large"); +#endif FD_SET(socks[i], &orig_read_set); max_fd = max(max_fd, socks[i]); } - + pgrp = getpid(); if(setpgid(0, pgrp) < 0) @@ -191,41 +199,43 @@ wait_for_connection(krb5_context context, while (term_flag == 0) { read_set = orig_read_set; e = select(max_fd + 1, &read_set, NULL, NULL, NULL); - if(e < 0) { - if(errno != EINTR) - krb5_warn(context, errno, "select"); + if(rk_IS_SOCKET_ERROR(e)) { + if(rk_SOCK_ERRNO != EINTR) + krb5_warn(contextp, rk_SOCK_ERRNO, "select"); } else if(e == 0) - krb5_warnx(context, "select returned 0"); + krb5_warnx(contextp, "select returned 0"); else { for(i = 0; i < num_socks; i++) { if(FD_ISSET(socks[i], &read_set)) - if(spawn_child(context, socks, num_socks, i) == 0) - return 0; + if(spawn_child(contextp, socks, num_socks, i) == 0) + return; } } } signal(SIGCHLD, SIG_IGN); - while(1) { - int status; - pid_t pid; - pid = waitpid(-1, &status, 0); - if(pid == -1 && errno == ECHILD) - break; - } + + while ((waitpid(-1, &status, WNOHANG)) > 0) + ; + exit(0); } -int -start_server(krb5_context context) +void +start_server(krb5_context contextp, const char *port_str) { int e; struct kadm_port *p; - int *socks = NULL, *tmp; - int num_socks = 0; + krb5_socket_t *socks = NULL, *tmp; + unsigned int num_socks = 0; int i; + if (port_str == NULL) + port_str = "+"; + + parse_ports(contextp, port_str); + for(p = kadm_ports; p; p = p->next) { struct addrinfo hints, *ai, *ap; char portstr[32]; @@ -240,38 +250,38 @@ start_server(krb5_context context) } if(e) { - krb5_warn(context, krb5_eai_to_heim_errno(e, errno), + krb5_warn(contextp, krb5_eai_to_heim_errno(e, errno), "%s", portstr); continue; } i = 0; - for(ap = ai; ap; ap = ap->ai_next) + for(ap = ai; ap; ap = ap->ai_next) i++; tmp = realloc(socks, (num_socks + i) * sizeof(*socks)); if(tmp == NULL) { - krb5_warnx(context, "failed to reallocate %lu bytes", + krb5_warnx(contextp, "failed to reallocate %lu bytes", (unsigned long)(num_socks + i) * sizeof(*socks)); continue; } socks = tmp; for(ap = ai; ap; ap = ap->ai_next) { - int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol); - if(s < 0) { - krb5_warn(context, errno, "socket"); + krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol); + if(rk_IS_BAD_SOCKET(s)) { + krb5_warn(contextp, rk_SOCK_ERRNO, "socket"); continue; } socket_set_reuseaddr(s, 1); socket_set_ipv6only(s, 1); - if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) { - krb5_warn(context, errno, "bind"); - close(s); + if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) { + krb5_warn(contextp, rk_SOCK_ERRNO, "bind"); + rk_closesocket(s); continue; } - if (listen (s, SOMAXCONN) < 0) { - krb5_warn(context, errno, "listen"); - close(s); + if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) { + krb5_warn(contextp, rk_SOCK_ERRNO, "listen"); + rk_closesocket(s); continue; } socks[num_socks++] = s; @@ -279,6 +289,7 @@ start_server(krb5_context context) freeaddrinfo (ai); } if(num_socks == 0) - krb5_errx(context, 1, "no sockets to listen to - exiting"); - return wait_for_connection(context, socks, num_socks); + krb5_errx(contextp, 1, "no sockets to listen to - exiting"); + + wait_for_connection(contextp, socks, num_socks); } diff --git a/crypto/heimdal/kadmin/kadmin-commands.in b/crypto/heimdal/kadmin/kadmin-commands.in index 019b99ce14b..4396ff80044 100644 --- a/crypto/heimdal/kadmin/kadmin-commands.in +++ b/crypto/heimdal/kadmin/kadmin-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kadmin-commands.in 21969 2007-10-18 18:51:11Z lha $ */ +/* $Id$ */ command = { name = "stash" @@ -54,6 +54,11 @@ command = { type = "flag" help = "just convert keyfile to new format" } + option = { + long = "random-password" + type = "flag" + help = "use a random password (and print the password to stdout)" + } option = { long = "master-key-fd" type = "integer" @@ -89,6 +94,11 @@ command = { type = "string" help = "realm max renewable lifetime" } + option = { + long = "bare" + type = "flag" + help = "only create krbtgt for realm" + } argument = "realm..." min_args = "1" help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8 index 06fe3d09b26..bd2fd4e7363 100644 --- a/crypto/heimdal/kadmin/kadmin.8 +++ b/crypto/heimdal/kadmin/kadmin.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan +.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: kadmin.8 21739 2007-07-31 15:55:32Z lha $ +.\" $Id$ .\" .Dd Feb 22, 2007 .Dt KADMIN 8 @@ -40,37 +40,16 @@ .Sh SYNOPSIS .Nm .Bk -words -.Oo Fl p Ar string \*(Ba Xo -.Fl -principal= Ns Ar string -.Xc -.Oc -.Oo Fl K Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string -.Xc -.Oc -.Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file -.Xc -.Oc -.Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file -.Xc -.Oc -.Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm -.Xc -.Oc -.Oo Fl a Ar host \*(Ba Xo -.Fl -admin-server= Ns Ar host -.Xc -.Oc -.Oo Fl s Ar port number \*(Ba Xo -.Fl -server-port= Ns Ar port number -.Xc -.Oc -.Op Fl l | Fl -local -.Op Fl h | Fl -help -.Op Fl v | Fl -version +.Op Fl p Ar string \*(Ba Fl Fl principal= Ns Ar string +.Op Fl K Ar string \*(Ba Fl Fl keytab= Ns Ar string +.Op Fl c Ar file \*(Ba Fl Fl config-file= Ns Ar file +.Op Fl k Ar file \*(Ba Fl Fl key-file= Ns Ar file +.Op Fl r Ar realm \*(Ba Fl Fl realm= Ns Ar realm +.Op Fl a Ar host \*(Ba Fl Fl admin-server= Ns Ar host +.Op Fl s Ar port number \*(Ba Fl Fl server-port= Ns Ar port number +.Op Fl l | Fl Fl local +.Op Fl h | Fl Fl help +.Op Fl v | Fl Fl version .Op Ar command .Ek .Sh DESCRIPTION @@ -84,45 +63,21 @@ option). .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl p Ar string , -.Fl -principal= Ns Ar string -.Xc +.It Fl p Ar string , Fl Fl principal= Ns Ar string principal to authenticate as -.It Xo -.Fl K Ar string , -.Fl -keytab= Ns Ar string -.Xc +.It Fl K Ar string , Fl Fl keytab= Ns Ar string keytab for authentication principal -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl Fl key-file= Ns Ar file location of master key file -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl Fl realm= Ns Ar realm realm to use -.It Xo -.Fl a Ar host , -.Fl -admin-server= Ns Ar host -.Xc +.It Fl a Ar host , Fl Fl admin-server= Ns Ar host server to contact -.It Xo -.Fl s Ar port number , -.Fl -server-port= Ns Ar port number -.Xc +.It Fl s Ar port number , Fl Fl server-port= Ns Ar port number port to use -.It Xo -.Fl l , -.Fl -local -.Xc +.It Fl l , Fl Fl local local admin mode .El .Pp @@ -144,29 +99,25 @@ matching principals. Commands include: .\" not using a list here, since groff apparently gets confused .\" with nested Xo/Xc -.Bd -ragged -offset indent -.Nm add -.Op Fl r | Fl -random-key -.Op Fl -random-password -.Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string -.Xc -.Oc -.Op Fl -key= Ns Ar string -.Op Fl -max-ticket-life= Ns Ar lifetime -.Op Fl -max-renewable-life= Ns Ar lifetime -.Op Fl -attributes= Ns Ar attributes -.Op Fl -expiration-time= Ns Ar time -.Op Fl -pw-expiration-time= Ns Ar time -.Ar principal... .Pp +.Nm add +.Op Fl r | Fl Fl random-key +.Op Fl Fl random-password +.Op Fl p Ar string \*(Ba Fl Fl password= Ns Ar string +.Op Fl Fl key= Ns Ar string +.Op Fl Fl max-ticket-life= Ns Ar lifetime +.Op Fl Fl max-renewable-life= Ns Ar lifetime +.Op Fl Fl attributes= Ns Ar attributes +.Op Fl Fl expiration-time= Ns Ar time +.Op Fl Fl pw-expiration-time= Ns Ar time +.Ar principal... .Bd -ragged -offset indent Adds a new principal to the database. The options not passed on the command line will be promped for. .Ed .Pp .Nm add_enctype -.Op Fl r | Fl -random-key +.Op Fl r | Fl Fl random-key .Ar principal enctypes... .Pp .Bd -ragged -offset indent @@ -176,14 +127,12 @@ supported. .Pp .Nm delete .Ar principal... -.Pp .Bd -ragged -offset indent Removes a principal. .Ed .Pp .Nm del_enctype .Ar principal enctypes... -.Pp .Bd -ragged -offset indent Removes some enctypes from a principal; this can be useful if the service belonging to the principal is known to not handle certain @@ -192,22 +141,20 @@ enctypes. .Pp .Nm ext_keytab .Oo Fl k Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string +.Fl Fl keytab= Ns Ar string .Xc .Oc .Ar principal... -.Pp .Bd -ragged -offset indent Creates a keytab with the keys of the specified principals. .Ed .Pp .Nm get -.Op Fl l | Fl -long -.Op Fl s | Fl -short -.Op Fl t | Fl -terse -.Op Fl o Ar string | Fl -column-info= Ns Ar string +.Op Fl l | Fl Fl long +.Op Fl s | Fl Fl short +.Op Fl t | Fl Fl terse +.Op Fl o Ar string | Fl Fl column-info= Ns Ar string .Ar principal... -.Pp .Bd -ragged -offset indent Lists the matching principals, short prints the result as a table, while long format produces a more verbose output. Which columns to @@ -245,16 +192,15 @@ and .Pp .Nm modify .Oo Fl a Ar attributes \*(Ba Xo -.Fl -attributes= Ns Ar attributes +.Fl Fl attributes= Ns Ar attributes .Xc .Oc -.Op Fl -max-ticket-life= Ns Ar lifetime -.Op Fl -max-renewable-life= Ns Ar lifetime -.Op Fl -expiration-time= Ns Ar time -.Op Fl -pw-expiration-time= Ns Ar time -.Op Fl -kvno= Ns Ar number +.Op Fl Fl max-ticket-life= Ns Ar lifetime +.Op Fl Fl max-renewable-life= Ns Ar lifetime +.Op Fl Fl expiration-time= Ns Ar time +.Op Fl Fl pw-expiration-time= Ns Ar time +.Op Fl Fl kvno= Ns Ar number .Ar principal... -.Pp .Bd -ragged -offset indent Modifies certain attributes of a principal. If run without command line options, you will be prompted. With command line options, it will @@ -276,21 +222,20 @@ Possible attributes are: .Li disallow-forwardable , .Li disallow-postdated .Pp -Attributes may be negated with a "-", e.g., -.Pp +Attributes may be negated with a "-", e.g., +.Pp kadmin -l modify -a -disallow-proxiable user .Ed .Pp .Nm passwd -.Op Fl r | Fl -random-key -.Op Fl -random-password +.Op Fl r | Fl Fl random-key +.Op Fl Fl random-password .Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string +.Fl Fl password= Ns Ar string .Xc .Oc -.Op Fl -key= Ns Ar string +.Op Fl Fl key= Ns Ar string .Ar principal... -.Pp .Bd -ragged -offset indent Changes the password of an existing principal. .Ed @@ -298,7 +243,6 @@ Changes the password of an existing principal. .Nm password-quality .Ar principal .Ar password -.Pp .Bd -ragged -offset indent Run the password quality check function locally. You can run this on the host that is configured to run the kadmind @@ -308,7 +252,6 @@ no rpc call is done to the server. .Ed .Pp .Nm privileges -.Pp .Bd -ragged -offset indent Lists the operations you are allowed to perform. These include .Li add , @@ -324,7 +267,6 @@ and .Pp .Nm rename .Ar from to -.Pp .Bd -ragged -offset indent Renames a principal. This is normally transparent, but since keys are salted with the principal name, they will have a non-standard salt, @@ -340,28 +282,24 @@ Check database for strange configurations on important principals. If no realm is given, the default realm is used. .Ed .Pp -.Ed -.Pp When running in local mode, the following commands can also be used: -.Bd -ragged -offset indent -.Nm dump -.Op Fl d | Fl -decrypt -.Op Ar dump-file .Pp +.Nm dump +.Op Fl d | Fl Fl decrypt +.Op Ar dump-file .Bd -ragged -offset indent Writes the database in .Dq human readable form to the specified file, or standard out. If the database is encrypted, the dump will also have encrypted keys, unless -.Fl -decrypt +.Fl Fl decrypt is used. .Ed .Pp .Nm init -.Op Fl -realm-max-ticket-life= Ns Ar string -.Op Fl -realm-max-renewable-life= Ns Ar string +.Op Fl Fl realm-max-ticket-life= Ns Ar string +.Op Fl Fl realm-max-renewable-life= Ns Ar string .Ar realm -.Pp .Bd -ragged -offset indent Initializes the Kerberos database with entries for a new realm. It's possible to have more than one realm served by one server. @@ -369,7 +307,6 @@ possible to have more than one realm served by one server. .Pp .Nm load .Ar file -.Pp .Bd -ragged -offset indent Reads a previously dumped database, and re-creates that database from scratch. @@ -377,7 +314,6 @@ scratch. .Pp .Nm merge .Ar file -.Pp .Bd -ragged -offset indent Similar to .Nm load @@ -386,21 +322,18 @@ but just modifies the database with the entries in the dump file. .Pp .Nm stash .Oo Fl e Ar enctype \*(Ba Xo -.Fl -enctype= Ns Ar enctype +.Fl Fl enctype= Ns Ar enctype .Xc .Oc .Oo Fl k Ar keyfile \*(Ba Xo -.Fl -key-file= Ns Ar keyfile +.Fl Fl key-file= Ns Ar keyfile .Xc .Oc -.Op Fl -convert-file -.Op Fl -master-key-fd= Ns Ar fd -.Pp +.Op Fl Fl convert-file +.Op Fl Fl master-key-fd= Ns Ar fd .Bd -ragged -offset indent Writes the Kerberos master key to a file used by the KDC. .Ed -.Pp -.Ed .\".Sh ENVIRONMENT .\".Sh FILES .\".Sh EXAMPLES diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c index da9b894561d..6e31828afa1 100644 --- a/crypto/heimdal/kadmin/kadmin.c +++ b/crypto/heimdal/kadmin/kadmin.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" #include -RCSID("$Id: kadmin.c 22253 2007-12-09 06:00:00Z lha $"); - static char *config_file; static char *keyfile; int local_flag; @@ -54,41 +52,42 @@ static getarg_strings policy_libraries = { 0, NULL }; static struct getargs args[] = { { "principal", 'p', arg_string, &client_name, - "principal to authenticate as" }, + "principal to authenticate as", NULL }, { "keytab", 'K', arg_string, &keytab, - "keytab for authentication principal" }, - { - "config-file", 'c', arg_string, &config_file, - "location of config file", "file" + "keytab for authentication principal", NULL }, + { + "config-file", 'c', arg_string, &config_file, + "location of config file", "file" }, { - "key-file", 'k', arg_string, &keyfile, + "key-file", 'k', arg_string, &keyfile, "location of master key file", "file" }, - { - "realm", 'r', arg_string, &realm, - "realm to use", "realm" + { + "realm", 'r', arg_string, &realm, + "realm to use", "realm" }, - { - "admin-server", 'a', arg_string, &admin_server, - "server to contact", "host" + { + "admin-server", 'a', arg_string, &admin_server, + "server to contact", "host" }, - { - "server-port", 's', arg_integer, &server_port, - "port to use", "port number" + { + "server-port", 's', arg_integer, &server_port, + "port to use", "port number" }, - { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" }, + { "ad", 0, arg_flag, &ad_flag, "active directory admin mode", + NULL }, #ifdef HAVE_DLOPEN - { "check-library", 0, arg_string, &check_library, + { "check-library", 0, arg_string, &check_library, "library to load password check function from", "library" }, { "check-function", 0, arg_string, &check_function, "password check function to load", "function" }, { "policy-libraries", 0, arg_strings, &policy_libraries, "password check function to load", "function" }, #endif - { "local", 'l', arg_flag, &local_flag, "local admin mode" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -126,13 +125,16 @@ get_privs(void *opt, int argc, char **argv) uint32_t privs; char str[128]; kadm5_ret_t ret; - + ret = kadm5_get_privs(kadm_handle, &privs); if(ret) krb5_warn(context, ret, "kadm5_get_privs"); else{ ret =_kadm5_privs_to_string(privs, str, sizeof(str)); - printf("%s\n", str); + if (ret == 0) + printf("%s\n", str); + else + printf("privs: 0x%x\n", (unsigned int)privs); } return 0; } @@ -151,7 +153,7 @@ main(int argc, char **argv) ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - + if(getarg(args, num_args, argc, argv, &optidx)) usage(1); @@ -175,12 +177,12 @@ main(int argc, char **argv) ret = krb5_prepend_config_files_default(config_file, &files); if (ret) krb5_err(context, 1, ret, "getting configuration files"); - + ret = krb5_set_config_files(context, files); krb5_free_config_files(files); - if(ret) + if(ret) krb5_err(context, 1, ret, "reading configuration files"); - + memset(&conf, 0, sizeof(conf)); if(realm) { krb5_set_default_realm(context, realm); /* XXX should be fixed @@ -207,11 +209,11 @@ main(int argc, char **argv) if(local_flag) { int i; - kadm5_setup_passwd_quality_check (context, + kadm5_setup_passwd_quality_check (context, check_library, check_function); - + for (i = 0; i < policy_libraries.num_strings; i++) { - ret = kadm5_add_passwd_quality_verifier(context, + ret = kadm5_add_passwd_quality_verifier(context, policy_libraries.strings[i]); if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); @@ -219,12 +221,12 @@ main(int argc, char **argv) ret = kadm5_add_passwd_quality_verifier(context, NULL); if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); - - ret = kadm5_s_init_with_password_ctx(context, + + ret = kadm5_s_init_with_password_ctx(context, KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); } else if (ad_flag) { if (client_name == NULL) @@ -245,13 +247,13 @@ main(int argc, char **argv) &conf, 0, 0, &kadm_handle); } else - ret = kadm5_c_init_with_password_ctx(context, + ret = kadm5_c_init_with_password_ctx(context, client_name, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); - + if(ret) krb5_err(context, 1, ret, "kadm5_init_with_password"); diff --git a/crypto/heimdal/kadmin/kadmin_locl.h b/crypto/heimdal/kadmin/kadmin_locl.h index 1707c459ffe..bd92d9fbe9f 100644 --- a/crypto/heimdal/kadmin/kadmin_locl.h +++ b/crypto/heimdal/kadmin/kadmin_locl.h @@ -1,47 +1,45 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* - * $Id: kadmin_locl.h 17580 2006-05-13 21:28:56Z lha $ - * $FreeBSD$ +/* + * $Id$ */ #ifndef __ADMIN_LOCL_H__ #define __ADMIN_LOCL_H__ -#ifdef HAVE_CONFIG_H #include -#endif + #include #include #include @@ -128,16 +126,11 @@ int set_entry(krb5_context, kadm5_principal_ent_t, int *, const char *, const char *, const char *, const char *, const char *); int -foreach_principal(const char *, int (*)(krb5_principal, void*), +foreach_principal(const char *, int (*)(krb5_principal, void*), const char *, void *); int parse_des_key (const char *, krb5_key_data *, const char **); -/* server.c */ - -krb5_error_code -kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int); - /* random_password.c */ void @@ -148,11 +141,17 @@ random_password(char *, size_t); extern sig_atomic_t term_flag, doing_useful_work; void parse_ports(krb5_context, const char*); -int start_server(krb5_context); +void start_server(krb5_context, const char*); /* server.c */ krb5_error_code -kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int); +kadmind_loop (krb5_context, krb5_keytab, int); + +/* rpc.c */ + +int +handle_mit(krb5_context, void *, size_t, int); + #endif /* __ADMIN_LOCL_H__ */ diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 index 4715da9be66..894340c2495 100644 --- a/crypto/heimdal/kadmin/kadmind.8 +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2002 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2002 - 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kadmind.8 14370 2004-12-08 17:20:21Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd December 8, 2004 .Dt KADMIND 8 @@ -41,21 +41,21 @@ .Nm .Bk -words .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file +.Fl Fl key-file= Ns Ar file .Xc .Oc -.Op Fl -keytab= Ns Ar keytab +.Op Fl Fl keytab= Ns Ar keytab .Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .Oc -.Op Fl d | Fl -debug +.Op Fl d | Fl Fl debug .Oo Fl p Ar port \*(Ba Xo -.Fl -ports= Ns Ar port +.Fl Fl ports= Ns Ar port .Xc .Oc .Ek @@ -67,7 +67,7 @@ assumes that it has been started by .Xr inetd 8 , otherwise it behaves as a daemon, forking processes for each new connection. The -.Fl -debug +.Fl Fl debug option causes .Nm to accept exactly one connection, which is useful for debugging. @@ -76,8 +76,7 @@ The .Xr kpasswdd 8 daemon is responsible for the Kerberos 5 password changing protocol (used by -.Xr kpasswd 1 ) -. +.Xr kpasswd 1 ) . .Pp This daemon should only be run on the master server, and not on any slaves. @@ -118,34 +117,17 @@ glob-style pattern. .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl Fl key-file= Ns Ar file location of master key file -.It Xo -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl Fl keytab= Ns Ar keytab what keytab to use -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl Fl realm= Ns Ar realm realm to use -.It Xo -.Fl d , -.Fl -debug -.Xc +.It Fl d , Fl Fl debug enable debugging -.It Xo -.Fl p Ar port , -.Fl -ports= Ns Ar port -.Xc +.It Fl p Ar port , Fl Fl ports= Ns Ar port ports to listen to. By default, if run as a daemon, it listens to port 749, but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the @@ -162,7 +144,7 @@ This will cause to listen to port 4711 in addition to any compiled in defaults: .Pp -.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &" +.D1 Nm Fl Fl ports Ns Li "=\*[q]+ 4711\*[q] &" .Pp This acl file will grant Joe all rights, and allow Mallory to view and add host principals. diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c index 4d1c2ecc267..f99f9572334 100644 --- a/crypto/heimdal/kadmin/kadmind.c +++ b/crypto/heimdal/kadmin/kadmind.c @@ -1,45 +1,44 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" -RCSID("$Id: kadmind.c 22250 2007-12-09 05:57:31Z lha $"); - static char *check_library = NULL; static char *check_function = NULL; static getarg_strings policy_libraries = { 0, NULL }; static char *config_file; -static char *keytab_str = "HDB:"; +static char sHDB[] = "HDB:"; +static char *keytab_str = sHDB; static int help_flag; static int version_flag; static int debug_flag; @@ -47,32 +46,32 @@ static char *port_str; char *realm; static struct getargs args[] = { - { - "config-file", 'c', arg_string, &config_file, - "location of config file", "file" + { + "config-file", 'c', arg_string, &config_file, + "location of config file", "file" }, { "keytab", 0, arg_string, &keytab_str, "what keytab to use", "keytab" }, - { "realm", 'r', arg_string, &realm, - "realm to use", "realm" + { "realm", 'r', arg_string, &realm, + "realm to use", "realm" }, #ifdef HAVE_DLOPEN - { "check-library", 0, arg_string, &check_library, + { "check-library", 0, arg_string, &check_library, "library to load password check function from", "library" }, { "check-function", 0, arg_string, &check_function, "password check function to load", "function" }, { "policy-libraries", 0, arg_strings, &policy_libraries, "password check function to load", "function" }, #endif - { "debug", 'd', arg_flag, &debug_flag, - "enable debugging" + { "debug", 'd', arg_flag, &debug_flag, + "enable debugging", NULL }, - { "ports", 'p', arg_string, &port_str, + { "ports", 'p', arg_string, &port_str, "ports to listen to", "port" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -92,9 +91,10 @@ main(int argc, char **argv) krb5_error_code ret; char **files; int optidx = 0; - int e, i; + int i; krb5_log_facility *logfacility; krb5_keytab keytab; + krb5_socket_t sfd = rk_INVALID_SOCKET; setprogname(argv[0]); @@ -102,8 +102,10 @@ main(int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); - while((e = getarg(args, num_args, argc, argv, &optidx))) + if (getarg(args, num_args, argc, argv, &optidx)) { warnx("error at argument `%s'", argv[optidx]); + usage(1); + } if (help_flag) usage (0); @@ -121,16 +123,16 @@ main(int argc, char **argv) if (config_file == NULL) errx(1, "out of memory"); } - + ret = krb5_prepend_config_files_default(config_file, &files); if (ret) krb5_err(context, 1, ret, "getting configuration files"); - + ret = krb5_set_config_files(context, files); krb5_free_config_files(files); - if(ret) + if(ret) krb5_err(context, 1, ret, "reading configuration files"); - + ret = krb5_openlog(context, "kadmind", &logfacility); if (ret) krb5_err(context, 1, ret, "krb5_openlog"); @@ -149,7 +151,7 @@ main(int argc, char **argv) kadm5_setup_passwd_quality_check (context, check_library, check_function); for (i = 0; i < policy_libraries.num_strings; i++) { - ret = kadm5_add_passwd_quality_verifier(context, + ret = kadm5_add_passwd_quality_verifier(context, policy_libraries.strings[i]); if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); @@ -158,30 +160,42 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); - { - int fd = 0; + if(debug_flag) { + int debug_port; + + if(port_str == NULL) + debug_port = krb5_getportbyname (context, "kerberos-adm", + "tcp", 749); + else + debug_port = htons(atoi(port_str)); + mini_inetd(debug_port, &sfd); + } else { +#ifdef _WIN32 + pidfile(NULL); + start_server(context, port_str); +#else struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; socklen_t sa_size = sizeof(__ss); - krb5_auth_context ac = NULL; - int debug_port; - if(debug_flag) { - if(port_str == NULL) - debug_port = krb5_getportbyname (context, "kerberos-adm", - "tcp", 749); - else - debug_port = htons(atoi(port_str)); - mini_inetd(debug_port); - } else if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && - errno == ENOTSOCK) { - parse_ports(context, port_str ? port_str : "+"); + /* + * Check if we are running inside inetd or not, if not, start + * our own server. + */ + + if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 && + rk_SOCK_ERRNO == ENOTSOCK) { pidfile(NULL); - start_server(context); + start_server(context, port_str); } - if(realm) - krb5_set_default_realm(context, realm); /* XXX */ - kadmind_loop(context, ac, keytab, fd); +#endif /* _WIN32 */ + sfd = STDIN_FILENO; } + + if(realm) + krb5_set_default_realm(context, realm); /* XXX */ + + kadmind_loop(context, keytab, sfd); + return 0; } diff --git a/crypto/heimdal/kadmin/load.c b/crypto/heimdal/kadmin/load.c index 30e6d93c089..eb33be77ac5 100644 --- a/crypto/heimdal/kadmin/load.c +++ b/crypto/heimdal/kadmin/load.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" #include -RCSID("$Id: load.c 16658 2006-01-25 12:29:46Z lha $"); - struct entry { char *principal; char *key; @@ -55,7 +53,7 @@ struct entry { static char * skip_next(char *p) { - while(*p && !isspace((unsigned char)*p)) + while(*p && !isspace((unsigned char)*p)) p++; *p++ = 0; while(*p && isspace((unsigned char)*p)) @@ -78,7 +76,7 @@ parse_time_string(time_t *t, const char *s) if(strcmp(s, "-") == 0) return 0; - if(sscanf(s, "%04d%02d%02d%02d%02d%02d", + if(sscanf(s, "%04d%02d%02d%02d%02d%02d", &year, &month, &date, &hour, &minute, &second) != 6) return -1; tm.tm_year = year - 1900; @@ -155,8 +153,8 @@ parse_keys(hdb_entry *ent, char *str) krb5_error_code ret; int tmp; char *p; - int i; - + size_t i; + p = strsep(&str, ":"); if (sscanf(p, "%d", &tmp) != 1) return 1; @@ -164,7 +162,7 @@ parse_keys(hdb_entry *ent, char *str) p = strsep(&str, ":"); while(p){ Key *key; - key = realloc(ent->keys.val, + key = realloc(ent->keys.val, (ent->keys.len + 1) * sizeof(*ent->keys.val)); if(key == NULL) krb5_errx (context, 1, "realloc: out of memory"); @@ -203,11 +201,11 @@ parse_keys(hdb_entry *ent, char *str) p++; p_len = strlen(p); - key->salt = malloc(sizeof(*key->salt)); + key->salt = calloc(1, sizeof(*key->salt)); if (key->salt == NULL) krb5_errx (context, 1, "malloc: out of memory"); key->salt->type = type; - + if (p_len) { if(*p == '\"') { ret = krb5_data_copy(&key->salt->salt, p + 1, p_len - 2); @@ -333,8 +331,10 @@ parse_extensions(char *str, HDB_extensions **e) d = malloc(len); len = hex_decode(p, d, len); - if (len < 0) + if (len < 0) { + free(d); return -1; + } ret = decode_HDB_extension(d, len, &ext, NULL); free(d); @@ -395,7 +395,6 @@ doit(const char *filename, int mergep) line = 0; ret = 0; while(fgets(s, sizeof(s), f) != NULL) { - ret = 0; line++; p = s; @@ -412,7 +411,7 @@ doit(const char *filename, int mergep) } } p = skip_next(p); - + e.key = p; p = skip_next(p); @@ -444,26 +443,25 @@ doit(const char *filename, int mergep) p = skip_next(p); e.extensions = p; - p = skip_next(p); + skip_next(p); memset(&ent, 0, sizeof(ent)); ret = krb5_parse_name(context, e.principal, &ent.entry.principal); if(ret) { - fprintf(stderr, "%s:%d:%s (%s)\n", - filename, - line, - krb5_get_err_text(context, ret), - e.principal); + const char *msg = krb5_get_error_message(context, ret); + fprintf(stderr, "%s:%d:%s (%s)\n", + filename, line, msg, e.principal); + krb5_free_error_message(context, msg); continue; } - + if (parse_keys(&ent.entry, e.key)) { fprintf (stderr, "%s:%d:error parsing keys (%s)\n", filename, line, e.key); hdb_free_entry (context, &ent); continue; } - + if (parse_event(&ent.entry.created_by, e.created) == -1) { fprintf (stderr, "%s:%d:error parsing created event (%s)\n", filename, line, e.created); @@ -555,13 +553,13 @@ loadit(int mergep, const char *name, int argc, char **argv) return doit(argv[0], mergep); } - + int load(void *opt, int argc, char **argv) { return loadit(0, "load", argc, argv); } - + int merge(void *opt, int argc, char **argv) { diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c index f5f9e0467a5..940425f2a54 100644 --- a/crypto/heimdal/kadmin/mod.c +++ b/crypto/heimdal/kadmin/mod.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: mod.c 21968 2007-10-18 18:50:33Z lha $"); - static void add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data) { @@ -46,7 +44,7 @@ add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data) tl->tl_data_type = KRB5_TL_EXTENSION; tl->tl_data_length = data->length; tl->tl_data_contents = data->data; - + princ->n_tl_data++; ptl = &princ->tl_data; while (*ptl != NULL) @@ -57,15 +55,15 @@ add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data) } static void -add_constrained_delegation(krb5_context context, +add_constrained_delegation(krb5_context contextp, kadm5_principal_ent_rec *princ, struct getarg_strings *strings) { krb5_error_code ret; HDB_extension ext; krb5_data buf; - size_t size; - + size_t size = 0; + memset(&ext, 0, sizeof(ext)); ext.mandatory = FALSE; ext.data.element = choice_HDB_extension_data_allowed_to_delegate_to; @@ -77,15 +75,19 @@ add_constrained_delegation(krb5_context context, krb5_principal p; int i; - ext.data.u.allowed_to_delegate_to.val = - calloc(strings->num_strings, + ext.data.u.allowed_to_delegate_to.val = + calloc(strings->num_strings, sizeof(ext.data.u.allowed_to_delegate_to.val[0])); ext.data.u.allowed_to_delegate_to.len = strings->num_strings; - + for (i = 0; i < strings->num_strings; i++) { - ret = krb5_parse_name(context, strings->strings[i], &p); + ret = krb5_parse_name(contextp, strings->strings[i], &p); + if (ret) + abort(); ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]); - krb5_free_principal(context, p); + if (ret) + abort(); + krb5_free_principal(contextp, p); } } @@ -101,16 +103,16 @@ add_constrained_delegation(krb5_context context, } static void -add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, +add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ, struct getarg_strings *strings) { krb5_error_code ret; HDB_extension ext; krb5_data buf; krb5_principal p; - size_t size; + size_t size = 0; int i; - + memset(&ext, 0, sizeof(ext)); ext.mandatory = FALSE; ext.data.element = choice_HDB_extension_data_aliases; @@ -120,15 +122,15 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, ext.data.u.aliases.aliases.val = NULL; ext.data.u.aliases.aliases.len = 0; } else { - ext.data.u.aliases.aliases.val = - calloc(strings->num_strings, + ext.data.u.aliases.aliases.val = + calloc(strings->num_strings, sizeof(ext.data.u.aliases.aliases.val[0])); ext.data.u.aliases.aliases.len = strings->num_strings; - + for (i = 0; i < strings->num_strings; i++) { - ret = krb5_parse_name(context, strings->strings[i], &p); + ret = krb5_parse_name(contextp, strings->strings[i], &p); ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]); - krb5_free_principal(context, p); + krb5_free_principal(contextp, p); } } @@ -139,20 +141,20 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, abort(); if (buf.length != size) abort(); - + add_tl(princ, KRB5_TL_EXTENSION, &buf); } static void -add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ, +add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ, struct getarg_strings *strings) { krb5_error_code ret; HDB_extension ext; krb5_data buf; - size_t size; + size_t size = 0; int i; - + memset(&ext, 0, sizeof(ext)); ext.mandatory = FALSE; ext.data.element = choice_HDB_extension_data_pkinit_acl; @@ -162,11 +164,11 @@ add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ, ext.data.u.pkinit_acl.val = NULL; ext.data.u.pkinit_acl.len = 0; } else { - ext.data.u.pkinit_acl.val = - calloc(strings->num_strings, + ext.data.u.pkinit_acl.val = + calloc(strings->num_strings, sizeof(ext.data.u.pkinit_acl.val[0])); ext.data.u.pkinit_acl.len = strings->num_strings; - + for (i = 0; i < strings->num_strings; i++) { ext.data.u.pkinit_acl.val[i].subject = estrdup(strings->strings[i]); } @@ -179,7 +181,7 @@ add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ, abort(); if (buf.length != size) abort(); - + add_tl(princ, KRB5_TL_EXTENSION, &buf); } @@ -190,17 +192,17 @@ do_mod_entry(krb5_principal principal, void *data) kadm5_principal_ent_rec princ; int mask = 0; struct modify_options *e = data; - + memset (&princ, 0, sizeof(princ)); ret = kadm5_get_principal(kadm_handle, principal, &princ, - KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_PRINCIPAL | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION); - if(ret) + if(ret) return ret; - if(e->max_ticket_life_string || + if(e->max_ticket_life_string || e->max_renewable_life_string || e->expiration_time_string || e->pw_expiration_time_string || @@ -209,11 +211,11 @@ do_mod_entry(krb5_principal principal, void *data) e->constrained_delegation_strings.num_strings || e->alias_strings.num_strings || e->pkinit_acl_strings.num_strings) { - ret = set_entry(context, &princ, &mask, - e->max_ticket_life_string, - e->max_renewable_life_string, - e->expiration_time_string, - e->pw_expiration_time_string, + ret = set_entry(context, &princ, &mask, + e->max_ticket_life_string, + e->max_renewable_life_string, + e->expiration_time_string, + e->pw_expiration_time_string, e->attributes_string); if(e->kvno_integer != -1) { princ.kvno = e->kvno_integer; @@ -240,7 +242,7 @@ do_mod_entry(krb5_principal principal, void *data) if(ret) krb5_warn(context, ret, "kadm5_modify_principal"); } - + kadm5_free_principal_ent(kadm_handle, &princ); return ret; } diff --git a/crypto/heimdal/kadmin/pw_quality.c b/crypto/heimdal/kadmin/pw_quality.c index 8d1e9cc11a8..23b13626686 100644 --- a/crypto/heimdal/kadmin/pw_quality.c +++ b/crypto/heimdal/kadmin/pw_quality.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: pw_quality.c 14026 2004-07-05 11:41:22Z joda $"); - int password_quality(void *opt, int argc, char **argv) { diff --git a/crypto/heimdal/kadmin/random_password.c b/crypto/heimdal/kadmin/random_password.c index d56dd941f39..970e99d34ad 100644 --- a/crypto/heimdal/kadmin/random_password.c +++ b/crypto/heimdal/kadmin/random_password.c @@ -1,45 +1,43 @@ /* - * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" -RCSID("$Id: random_password.c 21745 2007-07-31 16:11:25Z lha $"); - /* This file defines some a function that generates a random password, that can be used when creating a large amount of principals (such as for a batch of students). Since this is a political matter, you should think about how secure generated passwords has to be. - + Both methods defined here will give you at least 55 bits of entropy. */ @@ -65,9 +63,9 @@ random_password(char *pw, size_t len) } #else char *pass; - generate_password(&pass, 3, - "abcdefghijklmnopqrstuvwxyz", 7, - "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, + generate_password(&pass, 3, + "abcdefghijklmnopqrstuvwxyz", 7, + "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 2, "@$%&*()-+=:,/<>1234567890", 1); strlcpy(pw, pass, len); memset(pass, 0, strlen(pass)); @@ -104,11 +102,11 @@ RND(unsigned char *key, int keylen, int *left) | | ---- * | / | | | Ni! | /___ | i=1 \ i=1 / - + Since it uses the RND function above, neither the size of each class, nor the total length of the generated password should be larger than 127 (without fixing RND). - + */ static void generate_password(char **pw, int num_classes, ...) diff --git a/crypto/heimdal/kadmin/rename.c b/crypto/heimdal/kadmin/rename.c index 9309db5c229..cdd7de24d84 100644 --- a/crypto/heimdal/kadmin/rename.c +++ b/crypto/heimdal/kadmin/rename.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: rename.c 17007 2006-04-07 13:11:24Z lha $"); - int rename_entry(void *opt, int argc, char **argv) { diff --git a/crypto/heimdal/kadmin/rpc.c b/crypto/heimdal/kadmin/rpc.c new file mode 100644 index 00000000000..f49238c6dc9 --- /dev/null +++ b/crypto/heimdal/kadmin/rpc.c @@ -0,0 +1,1110 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadmin_locl.h" + +#include +//#include +//#include + +static gss_OID_desc krb5_mechanism = +{9, (void *)(uintptr_t) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; +#define GSS_KRB5_MECHANISM (&krb5_mechanism) + +#define CHECK(x) \ + do { \ + int __r; \ + if ((__r = (x))) { \ + krb5_errx(dcontext, 1, "Failed (%d) on %s:%d", \ + __r, __FILE__, __LINE__); \ + } \ + } while(0) + +static krb5_context dcontext; + +#define INSIST(x) CHECK(!(x)) + +#define VERSION2 0x12345702 + +#define LAST_FRAGMENT 0x80000000 + +#define RPC_VERSION 2 +#define KADM_SERVER 2112 +#define VVERSION 2 +#define FLAVOR_GSS 6 +#define FLAVOR_GSS_VERSION 1 + +struct opaque_auth { + uint32_t flavor; + krb5_data data; +}; + +struct call_header { + uint32_t xid; + uint32_t rpcvers; + uint32_t prog; + uint32_t vers; + uint32_t proc; + struct opaque_auth cred; + struct opaque_auth verf; +}; + +enum { + RPG_DATA = 0, + RPG_INIT = 1, + RPG_CONTINUE_INIT = 2, + RPG_DESTROY = 3 +}; + +enum { + rpg_privacy = 3 +}; + +/* +struct chrand_ret { + krb5_ui_4 api_version; + kadm5_ret_t ret; + int n_keys; + krb5_keyblock *keys; +}; +*/ + + +struct gcred { + uint32_t version; + uint32_t proc; + uint32_t seq_num; + uint32_t service; + krb5_data handle; +}; + +static int +parse_name(const unsigned char *p, size_t len, + const gss_OID oid, char **name) +{ + size_t l; + + if (len < 4) + return 1; + + /* TOK_ID */ + if (memcmp(p, "\x04\x01", 2) != 0) + return 1; + len -= 2; + p += 2; + + /* MECH_LEN */ + l = (p[0] << 8) | p[1]; + len -= 2; + p += 2; + if (l < 2 || len < l) + return 1; + + /* oid wrapping */ + if (p[0] != 6 || p[1] != l - 2) + return 1; + p += 2; + l -= 2; + len -= 2; + + /* MECH */ + if (l != oid->length || memcmp(p, oid->elements, oid->length) != 0) + return 1; + len -= l; + p += l; + + /* MECHNAME_LEN */ + if (len < 4) + return 1; + l = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; + len -= 4; + p += 4; + + /* MECH NAME */ + if (len != l) + return 1; + + *name = malloc(l + 1); + INSIST(*name != NULL); + memcpy(*name, p, l); + (*name)[l] = '\0'; + + return 0; +} + + + +static void +gss_error(krb5_context contextp, + gss_OID mech, OM_uint32 type, OM_uint32 error) +{ + OM_uint32 new_stat; + OM_uint32 msg_ctx = 0; + gss_buffer_desc status_string; + OM_uint32 ret; + + do { + ret = gss_display_status (&new_stat, + error, + type, + mech, + &msg_ctx, + &status_string); + krb5_warnx(contextp, "%.*s", + (int)status_string.length, + (char *)status_string.value); + gss_release_buffer (&new_stat, &status_string); + } while (!GSS_ERROR(ret) && msg_ctx != 0); +} + +static void +gss_print_errors (krb5_context contextp, + OM_uint32 maj_stat, OM_uint32 min_stat) +{ + gss_error(contextp, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat); + gss_error(contextp, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat); +} + +static int +read_data(krb5_storage *sp, krb5_storage *msg, size_t len) +{ + char buf[1024]; + + while (len) { + size_t tlen = len; + ssize_t slen; + + if (tlen > sizeof(buf)) + tlen = sizeof(buf); + + slen = krb5_storage_read(sp, buf, tlen); + INSIST((size_t)slen == tlen); + + slen = krb5_storage_write(msg, buf, tlen); + INSIST((size_t)slen == tlen); + + len -= tlen; + } + return 0; +} + +static int +collect_framents(krb5_storage *sp, krb5_storage *msg) +{ + krb5_error_code ret; + uint32_t len; + int last_fragment; + size_t total_len = 0; + + do { + ret = krb5_ret_uint32(sp, &len); + if (ret) + return ret; + + last_fragment = (len & LAST_FRAGMENT); + len &= ~LAST_FRAGMENT; + + CHECK(read_data(sp, msg, len)); + total_len += len; + + } while(!last_fragment || total_len == 0); + + return 0; +} + +static krb5_error_code +store_data_xdr(krb5_storage *sp, krb5_data data) +{ + krb5_error_code ret; + size_t res; + + ret = krb5_store_data(sp, data); + if (ret) + return ret; + res = 4 - (data.length % 4); + if (res != 4) { + static const char zero[4] = { 0, 0, 0, 0 }; + + ret = krb5_storage_write(sp, zero, res); + if((size_t)ret != res) + return (ret < 0)? errno : krb5_storage_get_eof_code(sp); + } + return 0; +} + +static krb5_error_code +ret_data_xdr(krb5_storage *sp, krb5_data *data) +{ + krb5_error_code ret; + ret = krb5_ret_data(sp, data); + if (ret) + return ret; + + if ((data->length % 4) != 0) { + char buf[4]; + size_t res; + + res = 4 - (data->length % 4); + if (res != 4) { + ret = krb5_storage_read(sp, buf, res); + if((size_t)ret != res) + return (ret < 0)? errno : krb5_storage_get_eof_code(sp); + } + } + return 0; +} + +static krb5_error_code +ret_auth_opaque(krb5_storage *msg, struct opaque_auth *ao) +{ + krb5_error_code ret; + ret = krb5_ret_uint32(msg, &ao->flavor); + if (ret) return ret; + ret = ret_data_xdr(msg, &ao->data); + return ret; +} + +static int +ret_gcred(krb5_data *data, struct gcred *gcred) +{ + krb5_storage *sp; + + memset(gcred, 0, sizeof(*gcred)); + + sp = krb5_storage_from_data(data); + INSIST(sp != NULL); + + CHECK(krb5_ret_uint32(sp, &gcred->version)); + CHECK(krb5_ret_uint32(sp, &gcred->proc)); + CHECK(krb5_ret_uint32(sp, &gcred->seq_num)); + CHECK(krb5_ret_uint32(sp, &gcred->service)); + CHECK(ret_data_xdr(sp, &gcred->handle)); + + krb5_storage_free(sp); + + return 0; +} + +static krb5_error_code +store_gss_init_res(krb5_storage *sp, krb5_data handle, + OM_uint32 maj_stat, OM_uint32 min_stat, + uint32_t seq_window, gss_buffer_t gout) +{ + krb5_error_code ret; + krb5_data out; + + out.data = gout->value; + out.length = gout->length; + + ret = store_data_xdr(sp, handle); + if (ret) return ret; + ret = krb5_store_uint32(sp, maj_stat); + if (ret) return ret; + ret = krb5_store_uint32(sp, min_stat); + if (ret) return ret; + ret = store_data_xdr(sp, out); + return ret; +} + +static int +store_string_xdr(krb5_storage *sp, const char *str) +{ + krb5_data c; + if (str) { + c.data = rk_UNCONST(str); + c.length = strlen(str) + 1; + } else + krb5_data_zero(&c); + + return store_data_xdr(sp, c); +} + +static int +ret_string_xdr(krb5_storage *sp, char **str) +{ + krb5_data c; + *str = NULL; + CHECK(ret_data_xdr(sp, &c)); + if (c.length) { + *str = malloc(c.length + 1); + INSIST(*str != NULL); + memcpy(*str, c.data, c.length); + (*str)[c.length] = '\0'; + } + krb5_data_free(&c); + return 0; +} + +static int +store_principal_xdr(krb5_context contextp, + krb5_storage *sp, + krb5_principal p) +{ + char *str; + CHECK(krb5_unparse_name(contextp, p, &str)); + CHECK(store_string_xdr(sp, str)); + free(str); + return 0; +} + +static int +ret_principal_xdr(krb5_context contextp, + krb5_storage *sp, + krb5_principal *p) +{ + char *str; + *p = NULL; + CHECK(ret_string_xdr(sp, &str)); + if (str) { + CHECK(krb5_parse_name(contextp, str, p)); + free(str); + } + return 0; +} + +static int +store_principal_ent(krb5_context contextp, + krb5_storage *sp, + kadm5_principal_ent_rec *ent) +{ + int i; + + CHECK(store_principal_xdr(contextp, sp, ent->principal)); + CHECK(krb5_store_uint32(sp, ent->princ_expire_time)); + CHECK(krb5_store_uint32(sp, ent->pw_expiration)); + CHECK(krb5_store_uint32(sp, ent->last_pwd_change)); + CHECK(krb5_store_uint32(sp, ent->max_life)); + CHECK(krb5_store_int32(sp, ent->mod_name == NULL)); + if (ent->mod_name) + CHECK(store_principal_xdr(contextp, sp, ent->mod_name)); + CHECK(krb5_store_uint32(sp, ent->mod_date)); + CHECK(krb5_store_uint32(sp, ent->attributes)); + CHECK(krb5_store_uint32(sp, ent->kvno)); + CHECK(krb5_store_uint32(sp, ent->mkvno)); + CHECK(store_string_xdr(sp, ent->policy)); + CHECK(krb5_store_int32(sp, ent->aux_attributes)); + CHECK(krb5_store_int32(sp, ent->max_renewable_life)); + CHECK(krb5_store_int32(sp, ent->last_success)); + CHECK(krb5_store_int32(sp, ent->last_failed)); + CHECK(krb5_store_int32(sp, ent->fail_auth_count)); + CHECK(krb5_store_int32(sp, ent->n_key_data)); + CHECK(krb5_store_int32(sp, ent->n_tl_data)); + CHECK(krb5_store_int32(sp, ent->n_tl_data == 0)); + if (ent->n_tl_data) { + krb5_tl_data *tp; + + for (tp = ent->tl_data; tp; tp = tp->tl_data_next) { + krb5_data c; + c.length = tp->tl_data_length; + c.data = tp->tl_data_contents; + + CHECK(krb5_store_int32(sp, 0)); /* last item */ + CHECK(krb5_store_int32(sp, tp->tl_data_type)); + CHECK(store_data_xdr(sp, c)); + } + CHECK(krb5_store_int32(sp, 1)); /* last item */ + } + + CHECK(krb5_store_int32(sp, ent->n_key_data)); + for (i = 0; i < ent->n_key_data; i++) { + CHECK(krb5_store_uint32(sp, 2)); + CHECK(krb5_store_uint32(sp, ent->kvno)); + CHECK(krb5_store_uint32(sp, ent->key_data[i].key_data_type[0])); + CHECK(krb5_store_uint32(sp, ent->key_data[i].key_data_type[1])); + } + + return 0; +} + +static int +ret_principal_ent(krb5_context contextp, + krb5_storage *sp, + kadm5_principal_ent_rec *ent) +{ + uint32_t flag, num; + size_t i; + + memset(ent, 0, sizeof(*ent)); + + CHECK(ret_principal_xdr(contextp, sp, &ent->principal)); + CHECK(krb5_ret_uint32(sp, &flag)); + ent->princ_expire_time = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->pw_expiration = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->last_pwd_change = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->max_life = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + if (flag == 0) + ret_principal_xdr(contextp, sp, &ent->mod_name); + CHECK(krb5_ret_uint32(sp, &flag)); + ent->mod_date = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->attributes = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->kvno = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->mkvno = flag; + CHECK(ret_string_xdr(sp, &ent->policy)); + CHECK(krb5_ret_uint32(sp, &flag)); + ent->aux_attributes = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->max_renewable_life = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->last_success = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->last_failed = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->fail_auth_count = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->n_key_data = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->n_tl_data = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + if (flag == 0) { + krb5_tl_data **tp = &ent->tl_data; + size_t count = 0; + + while(1) { + krb5_data c; + CHECK(krb5_ret_uint32(sp, &flag)); /* last item */ + if (flag) + break; + *tp = calloc(1, sizeof(**tp)); + INSIST(*tp != NULL); + CHECK(krb5_ret_uint32(sp, &flag)); + (*tp)->tl_data_type = flag; + CHECK(ret_data_xdr(sp, &c)); + (*tp)->tl_data_length = c.length; + (*tp)->tl_data_contents = c.data; + tp = &(*tp)->tl_data_next; + + count++; + } + INSIST((size_t)ent->n_tl_data == count); + } else { + INSIST(ent->n_tl_data == 0); + } + + CHECK(krb5_ret_uint32(sp, &num)); + INSIST(num == (uint32_t)ent->n_key_data); + + ent->key_data = calloc(num, sizeof(ent->key_data[0])); + INSIST(ent->key_data != NULL); + + for (i = 0; i < num; i++) { + CHECK(krb5_ret_uint32(sp, &flag)); /* data version */ + INSIST(flag > 1); + CHECK(krb5_ret_uint32(sp, &flag)); + ent->kvno = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->key_data[i].key_data_type[0] = flag; + CHECK(krb5_ret_uint32(sp, &flag)); + ent->key_data[i].key_data_type[1] = flag; + } + + return 0; +} + +/* + * + */ + +static void +proc_create_principal(kadm5_server_context *contextp, + krb5_storage *in, + krb5_storage *out) +{ + uint32_t version, mask; + kadm5_principal_ent_rec ent; + krb5_error_code ret; + char *password; + + memset(&ent, 0, sizeof(ent)); + + CHECK(krb5_ret_uint32(in, &version)); + INSIST(version == VERSION2); + CHECK(ret_principal_ent(contextp->context, in, &ent)); + CHECK(krb5_ret_uint32(in, &mask)); + CHECK(ret_string_xdr(in, &password)); + + INSIST(ent.principal); + + + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, ent.principal); + if (ret) + goto fail; + + ret = kadm5_create_principal(contextp, &ent, mask, password); + + fail: + krb5_warn(contextp->context, ret, "create principal"); + CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ + CHECK(krb5_store_uint32(out, ret)); /* code */ + + free(password); + kadm5_free_principal_ent(contextp, &ent); +} + +static void +proc_delete_principal(kadm5_server_context *contextp, + krb5_storage *in, + krb5_storage *out) +{ + uint32_t version; + krb5_principal princ; + krb5_error_code ret; + + CHECK(krb5_ret_uint32(in, &version)); + INSIST(version == VERSION2); + CHECK(ret_principal_xdr(contextp->context, in, &princ)); + + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ); + if (ret) + goto fail; + + ret = kadm5_delete_principal(contextp, princ); + + fail: + krb5_warn(contextp->context, ret, "delete principal"); + CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ + CHECK(krb5_store_uint32(out, ret)); /* code */ + + krb5_free_principal(contextp->context, princ); +} + +static void +proc_get_principal(kadm5_server_context *contextp, + krb5_storage *in, + krb5_storage *out) +{ + uint32_t version, mask; + krb5_principal princ; + kadm5_principal_ent_rec ent; + krb5_error_code ret; + + memset(&ent, 0, sizeof(ent)); + + CHECK(krb5_ret_uint32(in, &version)); + INSIST(version == VERSION2); + CHECK(ret_principal_xdr(contextp->context, in, &princ)); + CHECK(krb5_ret_uint32(in, &mask)); + + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); + if(ret) + goto fail; + + ret = kadm5_get_principal(contextp, princ, &ent, mask); + + fail: + krb5_warn(contextp->context, ret, "get principal principal"); + + CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ + CHECK(krb5_store_uint32(out, ret)); /* code */ + if (ret == 0) { + CHECK(store_principal_ent(contextp->context, out, &ent)); + } + krb5_free_principal(contextp->context, princ); + kadm5_free_principal_ent(contextp, &ent); +} + +static void +proc_chrand_principal_v2(kadm5_server_context *contextp, + krb5_storage *in, + krb5_storage *out) +{ + krb5_error_code ret; + krb5_principal princ; + uint32_t version; + krb5_keyblock *new_keys; + int n_keys; + + CHECK(krb5_ret_uint32(in, &version)); + INSIST(version == VERSION2); + CHECK(ret_principal_xdr(contextp->context, in, &princ)); + + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); + if(ret) + goto fail; + + ret = kadm5_randkey_principal(contextp, princ, + &new_keys, &n_keys); + + fail: + krb5_warn(contextp->context, ret, "rand key principal"); + + CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ + CHECK(krb5_store_uint32(out, ret)); + if (ret == 0) { + int i; + CHECK(krb5_store_int32(out, n_keys)); + + for(i = 0; i < n_keys; i++){ + CHECK(krb5_store_uint32(out, new_keys[i].keytype)); + CHECK(store_data_xdr(out, new_keys[i].keyvalue)); + krb5_free_keyblock_contents(contextp->context, &new_keys[i]); + } + free(new_keys); + } + krb5_free_principal(contextp->context, princ); +} + +static void +proc_init(kadm5_server_context *contextp, + krb5_storage *in, + krb5_storage *out) +{ + CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ + CHECK(krb5_store_uint32(out, 0)); /* code */ + CHECK(krb5_store_uint32(out, 0)); /* code */ +} + +struct krb5_proc { + const char *name; + void (*func)(kadm5_server_context *, krb5_storage *, krb5_storage *); +} procs[] = { + { "NULL", NULL }, + { "create principal", proc_create_principal }, + { "delete principal", proc_delete_principal }, + { "modify principal", NULL }, + { "rename principal", NULL }, + { "get principal", proc_get_principal }, + { "chpass principal", NULL }, + { "chrand principal", proc_chrand_principal_v2 }, + { "create policy", NULL }, + { "delete policy", NULL }, + { "modify policy", NULL }, + { "get policy", NULL }, + { "get privs", NULL }, + { "init", proc_init }, + { "get principals", NULL }, + { "get polices", NULL }, + { "setkey principal", NULL }, + { "setkey principal v4", NULL }, + { "create principal v3", NULL }, + { "chpass principal v3", NULL }, + { "chrand principal v3", NULL }, + { "setkey principal v3", NULL } +}; + +static krb5_error_code +copyheader(krb5_storage *sp, krb5_data *data) +{ + off_t off; + ssize_t sret; + + off = krb5_storage_seek(sp, 0, SEEK_CUR); + + CHECK(krb5_data_alloc(data, off)); + INSIST((size_t)off == data->length); + krb5_storage_seek(sp, 0, SEEK_SET); + sret = krb5_storage_read(sp, data->data, data->length); + INSIST(sret == off); + INSIST(off == krb5_storage_seek(sp, 0, SEEK_CUR)); + + return 0; +} + +struct gctx { + krb5_data handle; + gss_ctx_id_t ctx; + uint32_t seq_num; + int done; + int inprogress; +}; + +static int +process_stream(krb5_context contextp, + unsigned char *buf, size_t ilen, + krb5_storage *sp) +{ + krb5_error_code ret; + krb5_storage *msg, *reply, *dreply; + OM_uint32 maj_stat, min_stat; + gss_buffer_desc gin, gout; + struct gctx gctx; + void *server_handle = NULL; + + memset(&gctx, 0, sizeof(gctx)); + + msg = krb5_storage_emem(); + reply = krb5_storage_emem(); + dreply = krb5_storage_emem(); + + /* + * First packet comes partly from the caller + */ + + INSIST(ilen >= 4); + + while (1) { + struct call_header chdr; + struct gcred gcred; + uint32_t mtype; + krb5_data headercopy; + + krb5_storage_truncate(dreply, 0); + krb5_storage_truncate(reply, 0); + krb5_storage_truncate(msg, 0); + + krb5_data_zero(&headercopy); + memset(&chdr, 0, sizeof(chdr)); + memset(&gcred, 0, sizeof(gcred)); + + /* + * This is very icky to handle the the auto-detection between + * the Heimdal protocol and the MIT ONC-RPC based protocol. + */ + + if (ilen) { + int last_fragment; + unsigned long len; + ssize_t slen; + unsigned char tmp[4]; + + if (ilen < 4) { + memcpy(tmp, buf, ilen); + slen = krb5_storage_read(sp, tmp + ilen, sizeof(tmp) - ilen); + INSIST((size_t)slen == sizeof(tmp) - ilen); + + ilen = sizeof(tmp); + buf = tmp; + } + INSIST(ilen >= 4); + + _krb5_get_int(buf, &len, 4); + last_fragment = (len & LAST_FRAGMENT) != 0; + len &= ~LAST_FRAGMENT; + + ilen -= 4; + buf += 4; + + if (ilen) { + if (len < ilen) { + slen = krb5_storage_write(msg, buf, len); + INSIST((size_t)slen == len); + ilen -= len; + len = 0; + } else { + slen = krb5_storage_write(msg, buf, ilen); + INSIST((size_t)slen == ilen); + len -= ilen; + } + } + + CHECK(read_data(sp, msg, len)); + + if (!last_fragment) { + ret = collect_framents(sp, msg); + if (ret == HEIM_ERR_EOF) + krb5_errx(contextp, 0, "client disconnected"); + INSIST(ret == 0); + } + } else { + + ret = collect_framents(sp, msg); + if (ret == HEIM_ERR_EOF) + krb5_errx(contextp, 0, "client disconnected"); + INSIST(ret == 0); + } + krb5_storage_seek(msg, 0, SEEK_SET); + + CHECK(krb5_ret_uint32(msg, &chdr.xid)); + CHECK(krb5_ret_uint32(msg, &mtype)); + CHECK(krb5_ret_uint32(msg, &chdr.rpcvers)); + CHECK(krb5_ret_uint32(msg, &chdr.prog)); + CHECK(krb5_ret_uint32(msg, &chdr.vers)); + CHECK(krb5_ret_uint32(msg, &chdr.proc)); + CHECK(ret_auth_opaque(msg, &chdr.cred)); + CHECK(copyheader(msg, &headercopy)); + CHECK(ret_auth_opaque(msg, &chdr.verf)); + + INSIST(chdr.rpcvers == RPC_VERSION); + INSIST(chdr.prog == KADM_SERVER); + INSIST(chdr.vers == VVERSION); + INSIST(chdr.cred.flavor == FLAVOR_GSS); + + CHECK(ret_gcred(&chdr.cred.data, &gcred)); + + INSIST(gcred.version == FLAVOR_GSS_VERSION); + + if (gctx.done) { + INSIST(chdr.verf.flavor == FLAVOR_GSS); + + /* from first byte to last of credential */ + gin.value = headercopy.data; + gin.length = headercopy.length; + gout.value = chdr.verf.data.data; + gout.length = chdr.verf.data.length; + + maj_stat = gss_verify_mic(&min_stat, gctx.ctx, &gin, &gout, NULL); + INSIST(maj_stat == GSS_S_COMPLETE); + } + + switch(gcred.proc) { + case RPG_DATA: { + krb5_data data; + int conf_state; + uint32_t seq; + krb5_storage *sp1; + + INSIST(gcred.service == rpg_privacy); + + INSIST(gctx.done); + + INSIST(krb5_data_cmp(&gcred.handle, &gctx.handle) == 0); + + CHECK(ret_data_xdr(msg, &data)); + + gin.value = data.data; + gin.length = data.length; + + maj_stat = gss_unwrap(&min_stat, gctx.ctx, &gin, &gout, + &conf_state, NULL); + krb5_data_free(&data); + INSIST(maj_stat == GSS_S_COMPLETE); + INSIST(conf_state != 0); + + sp1 = krb5_storage_from_mem(gout.value, gout.length); + INSIST(sp1 != NULL); + + CHECK(krb5_ret_uint32(sp1, &seq)); + INSIST (seq == gcred.seq_num); + + /* + * Check sequence number + */ + INSIST(seq > gctx.seq_num); + gctx.seq_num = seq; + + /* + * If contextp is setup, priv data have the seq_num stored + * first in the block, so add it here before users data is + * added. + */ + CHECK(krb5_store_uint32(dreply, gctx.seq_num)); + + if (chdr.proc >= sizeof(procs)/sizeof(procs[0])) { + krb5_warnx(contextp, "proc number out of array"); + } else if (procs[chdr.proc].func == NULL) { + krb5_warnx(contextp, "proc '%s' never implemented", + procs[chdr.proc].name); + } else { + krb5_warnx(contextp, "proc %s", procs[chdr.proc].name); + INSIST(server_handle != NULL); + (*procs[chdr.proc].func)(server_handle, sp, dreply); + } + krb5_storage_free(sp); + gss_release_buffer(&min_stat, &gout); + + break; + } + case RPG_INIT: + INSIST(gctx.inprogress == 0); + INSIST(gctx.ctx == NULL); + + gctx.inprogress = 1; + /* FALL THOUGH */ + case RPG_CONTINUE_INIT: { + gss_name_t src_name = GSS_C_NO_NAME; + krb5_data in; + + INSIST(gctx.inprogress); + + CHECK(ret_data_xdr(msg, &in)); + + gin.value = in.data; + gin.length = in.length; + gout.value = NULL; + gout.length = 0; + + maj_stat = gss_accept_sec_context(&min_stat, + &gctx.ctx, + GSS_C_NO_CREDENTIAL, + &gin, + GSS_C_NO_CHANNEL_BINDINGS, + &src_name, + NULL, + &gout, + NULL, + NULL, + NULL); + if (GSS_ERROR(maj_stat)) { + gss_print_errors(contextp, maj_stat, min_stat); + krb5_errx(contextp, 1, "gss error, exit"); + } + if ((maj_stat & GSS_S_CONTINUE_NEEDED) == 0) { + kadm5_config_params realm_params; + gss_buffer_desc bufp; + char *client; + + gctx.done = 1; + + memset(&realm_params, 0, sizeof(realm_params)); + + maj_stat = gss_export_name(&min_stat, src_name, &bufp); + INSIST(maj_stat == GSS_S_COMPLETE); + + CHECK(parse_name(bufp.value, bufp.length, + GSS_KRB5_MECHANISM, &client)); + + gss_release_buffer(&min_stat, &bufp); + + krb5_warnx(contextp, "%s connected", client); + + ret = kadm5_s_init_with_password_ctx(contextp, + client, + NULL, + KADM5_ADMIN_SERVICE, + &realm_params, + 0, 0, + &server_handle); + INSIST(ret == 0); + } + + INSIST(gctx.ctx != GSS_C_NO_CONTEXT); + + CHECK(krb5_store_uint32(dreply, 0)); + CHECK(store_gss_init_res(dreply, gctx.handle, + maj_stat, min_stat, 1, &gout)); + if (gout.value) + gss_release_buffer(&min_stat, &gout); + if (src_name) + gss_release_name(&min_stat, &src_name); + + break; + } + case RPG_DESTROY: + krb5_errx(contextp, 1, "client destroyed gss contextp"); + default: + krb5_errx(contextp, 1, "client sent unknown gsscode %d", + (int)gcred.proc); + } + + krb5_data_free(&gcred.handle); + krb5_data_free(&chdr.cred.data); + krb5_data_free(&chdr.verf.data); + krb5_data_free(&headercopy); + + CHECK(krb5_store_uint32(reply, chdr.xid)); + CHECK(krb5_store_uint32(reply, 1)); /* REPLY */ + CHECK(krb5_store_uint32(reply, 0)); /* MSG_ACCEPTED */ + + if (!gctx.done) { + krb5_data data; + + CHECK(krb5_store_uint32(reply, 0)); /* flavor_none */ + CHECK(krb5_store_uint32(reply, 0)); /* length */ + + CHECK(krb5_store_uint32(reply, 0)); /* SUCCESS */ + + CHECK(krb5_storage_to_data(dreply, &data)); + INSIST((size_t)krb5_storage_write(reply, data.data, data.length) == data.length); + krb5_data_free(&data); + + } else { + uint32_t seqnum = htonl(gctx.seq_num); + krb5_data data; + + gin.value = &seqnum; + gin.length = sizeof(seqnum); + + maj_stat = gss_get_mic(&min_stat, gctx.ctx, 0, &gin, &gout); + INSIST(maj_stat == GSS_S_COMPLETE); + + data.data = gout.value; + data.length = gout.length; + + CHECK(krb5_store_uint32(reply, FLAVOR_GSS)); + CHECK(store_data_xdr(reply, data)); + gss_release_buffer(&min_stat, &gout); + + CHECK(krb5_store_uint32(reply, 0)); /* SUCCESS */ + + CHECK(krb5_storage_to_data(dreply, &data)); + + if (gctx.inprogress) { + ssize_t sret; + gctx.inprogress = 0; + sret = krb5_storage_write(reply, data.data, data.length); + INSIST((size_t)sret == data.length); + krb5_data_free(&data); + } else { + int conf_state; + + gin.value = data.data; + gin.length = data.length; + + maj_stat = gss_wrap(&min_stat, gctx.ctx, 1, 0, + &gin, &conf_state, &gout); + INSIST(maj_stat == GSS_S_COMPLETE); + INSIST(conf_state != 0); + krb5_data_free(&data); + + data.data = gout.value; + data.length = gout.length; + + store_data_xdr(reply, data); + gss_release_buffer(&min_stat, &gout); + } + } + + { + krb5_data data; + ssize_t sret; + CHECK(krb5_storage_to_data(reply, &data)); + CHECK(krb5_store_uint32(sp, data.length | LAST_FRAGMENT)); + sret = krb5_storage_write(sp, data.data, data.length); + INSIST((size_t)sret == data.length); + krb5_data_free(&data); + } + + } +} + + +int +handle_mit(krb5_context contextp, void *buf, size_t len, krb5_socket_t sock) +{ + krb5_storage *sp; + + dcontext = contextp; + + sp = krb5_storage_from_fd(sock); + INSIST(sp != NULL); + + process_stream(contextp, buf, len, sp); + + return 0; +} diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index 07dd9a5ad7b..256c2bac89b 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -1,50 +1,48 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include -RCSID("$Id: server.c 17611 2006-06-02 22:10:21Z lha $"); - static kadm5_ret_t -kadmind_dispatch(void *kadm_handle, krb5_boolean initial, +kadmind_dispatch(void *kadm_handlep, krb5_boolean initial, krb5_data *in, krb5_data *out) { kadm5_ret_t ret; int32_t cmd, mask, tmp; - kadm5_server_context *context = kadm_handle; + kadm5_server_context *contextp = kadm_handlep; char client[128], name[128], name2[128]; - char *op = ""; + const char *op = ""; krb5_principal princ, princ2; kadm5_principal_ent_rec ent; char *password, *expression; @@ -53,11 +51,13 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, char **princs; int n_princs; krb5_storage *sp; - - krb5_unparse_name_fixed(context->context, context->caller, + + krb5_unparse_name_fixed(contextp->context, contextp->caller, client, sizeof(client)); - + sp = krb5_storage_from_data(in); + if (sp == NULL) + krb5_errx(contextp->context, 1, "out of memory"); krb5_ret_int32(sp, &cmd); switch(cmd){ @@ -68,25 +68,26 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &mask); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); + mask |= KADM5_PRINCIPAL; + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_get_principal(kadm_handle, princ, &ent, mask); + ret = kadm5_get_principal(kadm_handlep, princ, &ent, mask); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); if(ret == 0){ kadm5_store_principal_ent(sp, &ent); - kadm5_free_principal_ent(kadm_handle, &ent); + kadm5_free_principal_ent(kadm_handlep, &ent); } - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); break; } case kadm_delete:{ @@ -94,15 +95,15 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, ret = krb5_ret_principal(sp, &princ); if(ret) goto fail; - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_delete_principal(kadm_handle, princ); - krb5_free_principal(context->context, princ); + ret = kadm5_delete_principal(kadm_handlep, princ); + krb5_free_principal(contextp->context, princ); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -115,28 +116,28 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &mask); if(ret){ - kadm5_free_principal_ent(context->context, &ent); + kadm5_free_principal_ent(contextp->context, &ent); goto fail; } ret = krb5_ret_string(sp, &password); if(ret){ - kadm5_free_principal_ent(context->context, &ent); + kadm5_free_principal_ent(contextp->context, &ent); goto fail; } - krb5_unparse_name_fixed(context->context, ent.principal, + krb5_unparse_name_fixed(contextp->context, ent.principal, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, ent.principal); if(ret){ - kadm5_free_principal_ent(context->context, &ent); + kadm5_free_principal_ent(contextp->context, &ent); memset(password, 0, strlen(password)); free(password); goto fail; } - ret = kadm5_create_principal(kadm_handle, &ent, + ret = kadm5_create_principal(kadm_handlep, &ent, mask, password); - kadm5_free_principal_ent(kadm_handle, &ent); + kadm5_free_principal_ent(kadm_handlep, &ent); memset(password, 0, strlen(password)); free(password); krb5_storage_free(sp); @@ -151,20 +152,20 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &mask); if(ret){ - kadm5_free_principal_ent(context, &ent); + kadm5_free_principal_ent(contextp, &ent); goto fail; } - krb5_unparse_name_fixed(context->context, ent.principal, + krb5_unparse_name_fixed(contextp->context, ent.principal, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY, + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_MODIFY, ent.principal); if(ret){ - kadm5_free_principal_ent(context, &ent); + kadm5_free_principal_ent(contextp, &ent); goto fail; } - ret = kadm5_modify_principal(kadm_handle, &ent, mask); - kadm5_free_principal_ent(kadm_handle, &ent); + ret = kadm5_modify_principal(kadm_handlep, &ent, mask); + kadm5_free_principal_ent(kadm_handlep, &ent); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -177,27 +178,27 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_principal(sp, &princ2); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2)); - krb5_warnx(context->context, "%s: %s %s -> %s", + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_unparse_name_fixed(contextp->context, princ2, name2, sizeof(name2)); + krb5_warnx(contextp->context, "%s: %s %s -> %s", client, op, name, name2); - ret = _kadm5_acl_check_permission(context, + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, princ2) - || _kadm5_acl_check_permission(context, + || _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ); if(ret){ - krb5_free_principal(context->context, princ); - krb5_free_principal(context->context, princ2); + krb5_free_principal(contextp->context, princ); + krb5_free_principal(contextp->context, princ2); goto fail; } - ret = kadm5_rename_principal(kadm_handle, princ, princ2); - krb5_free_principal(context->context, princ); - krb5_free_principal(context->context, princ2); + ret = kadm5_rename_principal(kadm_handlep, princ, princ2); + krb5_free_principal(contextp->context, princ); + krb5_free_principal(contextp->context, princ2); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -210,23 +211,26 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_string(sp, &password); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); /* * The change is allowed if at least one of: - - * a) it's for the principal him/herself and this was an + * + * a) allowed by sysadmin + * b) it's for the principal him/herself and this was an * initial ticket, but then, check with the password quality * function. - * b) the user is on the CPW ACL. + * c) the user is on the CPW ACL. */ - if (initial - && krb5_principal_compare (context->context, context->caller, + if (krb5_config_get_bool_default(contextp->context, NULL, TRUE, + "kadmin", "allow_self_change_password", NULL) + && initial + && krb5_principal_compare (contextp->context, contextp->caller, princ)) { krb5_data pwd_data; @@ -235,23 +239,23 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, pwd_data.data = password; pwd_data.length = strlen(password); - pwd_reason = kadm5_check_password_quality (context->context, + pwd_reason = kadm5_check_password_quality (contextp->context, princ, &pwd_data); if (pwd_reason != NULL) ret = KADM5_PASS_Q_DICT; else ret = 0; } else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) { - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); memset(password, 0, strlen(password)); free(password); goto fail; } - ret = kadm5_chpass_principal(kadm_handle, princ, password); - krb5_free_principal(context->context, princ); + ret = kadm5_chpass_principal(kadm_handlep, princ, password); + krb5_free_principal(contextp->context, princ); memset(password, 0, strlen(password)); free(password); krb5_storage_free(sp); @@ -270,21 +274,21 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &n_key_data); if (ret) { - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } /* n_key_data will be squeezed into an int16_t below. */ if (n_key_data < 0 || n_key_data >= 1 << 16 || - n_key_data > UINT_MAX/sizeof(*key_data)) { + (size_t)n_key_data > UINT_MAX/sizeof(*key_data)) { ret = ERANGE; - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } key_data = malloc (n_key_data * sizeof(*key_data)); - if (key_data == NULL) { + if (key_data == NULL && n_key_data != 0) { ret = ENOMEM; - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } @@ -293,38 +297,38 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, if (ret) { int16_t dummy = i; - kadm5_free_key_data (context, &dummy, key_data); + kadm5_free_key_data (contextp, &dummy, key_data); free (key_data); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); /* * The change is only allowed if the user is on the CPW ACL, * this it to force password quality check on the user. */ - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) { int16_t dummy = n_key_data; - kadm5_free_key_data (context, &dummy, key_data); + kadm5_free_key_data (contextp, &dummy, key_data); free (key_data); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_chpass_principal_with_key(kadm_handle, princ, + ret = kadm5_chpass_principal_with_key(kadm_handlep, princ, n_key_data, key_data); { int16_t dummy = n_key_data; - kadm5_free_key_data (context, &dummy, key_data); + kadm5_free_key_data (contextp, &dummy, key_data); } free (key_data); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -335,8 +339,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, ret = krb5_ret_principal(sp, &princ); if(ret) goto fail; - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); /* * The change is allowed if at least one of: * a) it's for the principal him/herself and this was an initial ticket @@ -344,19 +348,19 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, */ if (initial - && krb5_principal_compare (context->context, context->caller, + && krb5_principal_compare (contextp->context, contextp->caller, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) { - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_randkey_principal(kadm_handle, princ, + ret = kadm5_randkey_principal(kadm_handlep, princ, &new_keys, &n_keys); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -365,14 +369,15 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_store_int32(sp, n_keys); for(i = 0; i < n_keys; i++){ krb5_store_keyblock(sp, new_keys[i]); - krb5_free_keyblock_contents(context->context, &new_keys[i]); + krb5_free_keyblock_contents(contextp->context, &new_keys[i]); } + free(new_keys); } break; } case kadm_get_privs:{ uint32_t privs; - ret = kadm5_get_privs(kadm_handle, &privs); + ret = kadm5_get_privs(kadm_handlep, &privs); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -391,14 +396,14 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; }else expression = NULL; - krb5_warnx(context->context, "%s: %s %s", client, op, + krb5_warnx(contextp->context, "%s: %s %s", client, op, expression ? expression : "*"); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_LIST, NULL); if(ret){ free(expression); goto fail; } - ret = kadm5_get_principals(kadm_handle, expression, &princs, &n_princs); + ret = kadm5_get_principals(kadm_handlep, expression, &princs, &n_princs); free(expression); krb5_storage_free(sp); sp = krb5_storage_emem(); @@ -408,12 +413,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_store_int32(sp, n_princs); for(i = 0; i < n_princs; i++) krb5_store_string(sp, princs[i]); - kadm5_free_name_list(kadm_handle, princs, &n_princs); + kadm5_free_name_list(kadm_handlep, princs, &n_princs); } break; } default: - krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd); + krb5_warnx(contextp->context, "%s: UNKNOWN OP %d", client, cmd); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, KADM5_FAILURE); @@ -423,7 +428,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_storage_free(sp); return 0; fail: - krb5_warn(context->context, ret, "%s", op); + krb5_warn(contextp->context, ret, "%s", op); krb5_storage_seek(sp, 0, SEEK_SET); krb5_store_int32(sp, ret); krb5_storage_to_data(sp, out); @@ -432,11 +437,11 @@ fail: } static void -v5_loop (krb5_context context, +v5_loop (krb5_context contextp, krb5_auth_context ac, krb5_boolean initial, - void *kadm_handle, - int fd) + void *kadm_handlep, + krb5_socket_t fd) { krb5_error_code ret; krb5_data in, out; @@ -445,17 +450,17 @@ v5_loop (krb5_context context, doing_useful_work = 0; if(term_flag) exit(0); - ret = krb5_read_priv_message(context, ac, &fd, &in); + ret = krb5_read_priv_message(contextp, ac, &fd, &in); if(ret == HEIM_ERR_EOF) exit(0); if(ret) - krb5_err(context, 1, ret, "krb5_read_priv_message"); + krb5_err(contextp, 1, ret, "krb5_read_priv_message"); doing_useful_work = 1; - kadmind_dispatch(kadm_handle, initial, &in, &out); + kadmind_dispatch(kadm_handlep, initial, &in, &out); krb5_data_free(&in); - ret = krb5_write_priv_message(context, ac, &fd, &out); + ret = krb5_write_priv_message(contextp, ac, &fd, &out); if(ret) - krb5_err(context, 1, ret, "krb5_write_priv_message"); + krb5_err(contextp, 1, ret, "krb5_write_priv_message"); } } @@ -465,55 +470,41 @@ match_appl_version(const void *data, const char *appl_version) unsigned minor; if(sscanf(appl_version, "KADM0.%u", &minor) != 1) return 0; - *(unsigned*)data = minor; + /*XXX*/ + *(unsigned*)(intptr_t)data = minor; return 1; } static void -handle_v5(krb5_context context, - krb5_auth_context ac, +handle_v5(krb5_context contextp, krb5_keytab keytab, - int len, - int fd) + krb5_socket_t fd) { krb5_error_code ret; - u_char version[sizeof(KRB5_SENDAUTH_VERSION)]; krb5_ticket *ticket; char *server_name; char *client; - void *kadm_handle; - ssize_t n; + void *kadm_handlep; krb5_boolean initial; + krb5_auth_context ac = NULL; unsigned kadm_version; kadm5_config_params realm_params; - if (len != sizeof(KRB5_SENDAUTH_VERSION)) - krb5_errx(context, 1, "bad sendauth len %d", len); - n = krb5_net_read(context, &fd, version, len); - if (n < 0) - krb5_err (context, 1, errno, "reading sendauth version"); - if (n == 0) - krb5_errx (context, 1, "EOF reading sendauth version"); - if(memcmp(version, KRB5_SENDAUTH_VERSION, len) != 0) - krb5_errx(context, 1, "bad sendauth version %.8s", version); - - ret = krb5_recvauth_match_version(context, &ac, &fd, + ret = krb5_recvauth_match_version(contextp, &ac, &fd, match_appl_version, &kadm_version, - NULL, KRB5_RECVAUTH_IGNORE_VERSION, + NULL, KRB5_RECVAUTH_IGNORE_VERSION, keytab, &ticket); - if(ret == KRB5_KT_NOTFOUND) - krb5_errx(context, 1, "krb5_recvauth: key not found"); - if(ret) - krb5_err(context, 1, ret, "krb5_recvauth"); - - ret = krb5_unparse_name (context, ticket->server, &server_name); if (ret) - krb5_err (context, 1, ret, "krb5_unparse_name"); + krb5_err(contextp, 1, ret, "krb5_recvauth"); + + ret = krb5_unparse_name (contextp, ticket->server, &server_name); + if (ret) + krb5_err (contextp, 1, ret, "krb5_unparse_name"); if (strncmp (server_name, KADM5_ADMIN_SERVICE, strlen(KADM5_ADMIN_SERVICE)) != 0) - krb5_errx (context, 1, "ticket for strange principal (%s)", + krb5_errx (contextp, 1, "ticket for strange principal (%s)", server_name); free (server_name); @@ -522,56 +513,62 @@ handle_v5(krb5_context context, if(kadm_version == 1) { krb5_data params; - ret = krb5_read_priv_message(context, ac, &fd, ¶ms); + ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms); if(ret) - krb5_err(context, 1, ret, "krb5_read_priv_message"); - _kadm5_unmarshal_params(context, ¶ms, &realm_params); + krb5_err(contextp, 1, ret, "krb5_read_priv_message"); + _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); } initial = ticket->ticket.flags.initial; - ret = krb5_unparse_name(context, ticket->client, &client); + ret = krb5_unparse_name(contextp, ticket->client, &client); if (ret) - krb5_err (context, 1, ret, "krb5_unparse_name"); - krb5_free_ticket (context, ticket); - ret = kadm5_init_with_password_ctx(context, - client, - NULL, - KADM5_ADMIN_SERVICE, - &realm_params, - 0, 0, - &kadm_handle); + krb5_err (contextp, 1, ret, "krb5_unparse_name"); + krb5_free_ticket (contextp, ticket); + ret = kadm5_s_init_with_password_ctx(contextp, + client, + NULL, + KADM5_ADMIN_SERVICE, + &realm_params, + 0, 0, + &kadm_handlep); if(ret) - krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); - v5_loop (context, ac, initial, kadm_handle, fd); + krb5_err (contextp, 1, ret, "kadm5_init_with_password_ctx"); + v5_loop (contextp, ac, initial, kadm_handlep, fd); } krb5_error_code -kadmind_loop(krb5_context context, - krb5_auth_context ac, - krb5_keytab keytab, - int fd) +kadmind_loop(krb5_context contextp, + krb5_keytab keytab, + krb5_socket_t sock) { - unsigned char tmp[4]; + u_char buf[sizeof(KRB5_SENDAUTH_VERSION) + 4]; ssize_t n; unsigned long len; - n = krb5_net_read(context, &fd, tmp, 4); + n = krb5_net_read(contextp, &sock, buf, 4); if(n == 0) exit(0); if(n < 0) - krb5_err(context, 1, errno, "read"); - _krb5_get_int(tmp, &len, 4); - /* this v4 test could probably also go away */ - if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') { - unsigned char v4reply[] = { - 0x00, 0x0c, - 'K', 'Y', 'O', 'U', 'L', 'O', 'S', 'E', - 0x95, 0xb7, 0xa7, 0x08 /* KADM_BAD_VER */ - }; - krb5_net_write(context, &fd, v4reply, sizeof(v4reply)); - krb5_errx(context, 1, "packet appears to be version 4"); - } else { - handle_v5(context, ac, keytab, len, fd); - } + krb5_err(contextp, 1, errno, "read"); + _krb5_get_int(buf, &len, 4); + + if (len == sizeof(KRB5_SENDAUTH_VERSION)) { + + n = krb5_net_read(contextp, &sock, buf + 4, len); + if (n < 0) + krb5_err (contextp, 1, errno, "reading sendauth version"); + if (n == 0) + krb5_errx (contextp, 1, "EOF reading sendauth version"); + + if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) { + handle_v5(contextp, keytab, sock); + return 0; + } + len += 4; + } else + len = 4; + + handle_mit(contextp, buf, len, sock); + return 0; } diff --git a/crypto/heimdal/kadmin/stash.c b/crypto/heimdal/kadmin/stash.c index d5b65ee8d37..f9b940ac5b7 100644 --- a/crypto/heimdal/kadmin/stash.c +++ b/crypto/heimdal/kadmin/stash.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include "kadmin-commands.h" -RCSID("$Id: stash.c 22251 2007-12-09 05:58:43Z lha $"); - extern int local_flag; int @@ -45,7 +45,7 @@ stash(struct stash_options *opt, int argc, char **argv) krb5_error_code ret; krb5_enctype enctype; hdb_master_key mkey; - + if(!local_flag) { krb5_warnx(context, "stash is only available in local (-l) mode"); return 0; @@ -65,14 +65,14 @@ stash(struct stash_options *opt, int argc, char **argv) ret = hdb_read_master_key(context, opt->key_file_string, &mkey); if(ret && ret != ENOENT) { - krb5_warn(context, ret, "reading master key from %s", + krb5_warn(context, ret, "reading master key from %s", opt->key_file_string); return 0; } if (opt->convert_file_flag) { if (ret) - krb5_warn(context, ret, "reading master key from %s", + krb5_warn(context, ret, "reading master key from %s", opt->key_file_string); return 0; } else { @@ -87,10 +87,15 @@ stash(struct stash_options *opt, int argc, char **argv) n = read(opt->master_key_fd_integer, buf, sizeof(buf)); if(n == 0) krb5_warnx(context, "end of file reading passphrase"); - else if(n < 0) + else if(n < 0) { krb5_warn(context, errno, "reading passphrase"); + n = 0; + } buf[n] = '\0'; buf[strcspn(buf, "\r\n")] = '\0'; + } else if (opt->random_password_flag) { + random_password (buf, sizeof(buf)); + printf("Using random master stash password: %s\n", buf); } else { if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) { hdb_free_master_key(context, mkey); @@ -101,7 +106,7 @@ stash(struct stash_options *opt, int argc, char **argv) ret = hdb_add_master_key(context, &key, &mkey); krb5_free_keyblock_contents(context, &key); } - + { char *new, *old; asprintf(&old, "%s.old", opt->key_file_string); @@ -110,7 +115,7 @@ stash(struct stash_options *opt, int argc, char **argv) ret = ENOMEM; goto out; } - + if(unlink(new) < 0 && errno != ENOENT) { ret = errno; goto out; @@ -121,12 +126,18 @@ stash(struct stash_options *opt, int argc, char **argv) unlink(new); else { unlink(old); +#ifndef NO_POSIX_LINKS if(link(opt->key_file_string, old) < 0 && errno != ENOENT) { ret = errno; unlink(new); - } else if(rename(new, opt->key_file_string) < 0) { - ret = errno; + } else { +#endif + if(rename(new, opt->key_file_string) < 0) { + ret = errno; + } +#ifndef NO_POSIX_LINKS } +#endif } out: free(old); diff --git a/crypto/heimdal/kadmin/test_util.c b/crypto/heimdal/kadmin/test_util.c index 0f59f60782e..56e4d114944 100644 --- a/crypto/heimdal/kadmin/test_util.c +++ b/crypto/heimdal/kadmin/test_util.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,8 +32,6 @@ #include "kadmin_locl.h" -RCSID("$Id: test_util.c 19486 2006-12-22 17:25:59Z lha $"); - krb5_context context; void *kadm_handle; @@ -60,13 +58,13 @@ test_time(void) if (ret != ts[i].ret) { printf("%d: %d is wrong ret\n", i, ret); errors++; - } + } else if (t != ts[i].t) { printf("%d: %d is wrong time\n", i, (int)t); errors++; } } - + return errors; } @@ -89,4 +87,4 @@ main(int argc, char **argv) return ret; } - + diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c index 3c12dcb835b..480c82e7df9 100644 --- a/crypto/heimdal/kadmin/util.c +++ b/crypto/heimdal/kadmin/util.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadmin_locl.h" #include -RCSID("$Id: util.c 21745 2007-07-31 16:11:25Z lha $"); - /* * util.c - functions for parsing, unparsing, and editing different * types of data used in kadmin. @@ -45,7 +43,7 @@ static int get_response(const char *prompt, const char *def, char *buf, size_t len); /* - * attributes + * attributes */ struct units kdb_attrs[] = { @@ -67,7 +65,7 @@ struct units kdb_attrs[] = { { "disallow-tgt-based", KRB5_KDB_DISALLOW_TGT_BASED }, { "disallow-forwardable", KRB5_KDB_DISALLOW_FORWARDABLE }, { "disallow-postdated", KRB5_KDB_DISALLOW_POSTDATED }, - { NULL } + { NULL, 0 } }; /* @@ -155,7 +153,7 @@ edit_attributes (const char *prompt, krb5_flags *attr, int *mask, int bit) /* * Convert the time `t' to a string representation in `str' (of max * size `len'). If include_time also include time, otherwise just - * date. + * date. */ void @@ -184,6 +182,18 @@ str2time_t (const char *str, time_t *t) memset (&tm, 0, sizeof (tm)); memset (&tm2, 0, sizeof (tm2)); + while(isspace((unsigned char)*str)) + str++; + + if (str[0] == '+') { + str++; + *t = parse_time(str, "month"); + if (*t < 0) + return -1; + *t += time(NULL); + return 0; + } + if(strcasecmp(str, "never") == 0) { *t = 0; return 0; @@ -233,7 +243,7 @@ parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit) if(mask) *mask |= bit; return 0; - } + } if(*resp != '?') fprintf (stderr, "Unable to parse time \"%s\"\n", resp); fprintf (stderr, "Print date on format YYYY-mm-dd [hh:mm:ss]\n"); @@ -393,7 +403,7 @@ edit_entry(kadm5_principal_ent_t ent, int *mask, if(edit_deltat ("Max ticket life", &ent->max_life, mask, KADM5_MAX_LIFE) != 0) return 1; - + if(edit_deltat ("Max renewable life", &ent->max_renewable_life, mask, KADM5_MAX_RLIFE) != 0) return 1; @@ -420,7 +430,7 @@ edit_entry(kadm5_principal_ent_t ent, int *mask, */ int -set_entry(krb5_context context, +set_entry(krb5_context contextp, kadm5_principal_ent_t ent, int *mask, const char *max_ticket_life, @@ -430,38 +440,38 @@ set_entry(krb5_context context, const char *attributes) { if (max_ticket_life != NULL) { - if (parse_deltat (max_ticket_life, &ent->max_life, + if (parse_deltat (max_ticket_life, &ent->max_life, mask, KADM5_MAX_LIFE)) { - krb5_warnx (context, "unable to parse `%s'", max_ticket_life); + krb5_warnx (contextp, "unable to parse `%s'", max_ticket_life); return 1; } } if (max_renewable_life != NULL) { - if (parse_deltat (max_renewable_life, &ent->max_renewable_life, + if (parse_deltat (max_renewable_life, &ent->max_renewable_life, mask, KADM5_MAX_RLIFE)) { - krb5_warnx (context, "unable to parse `%s'", max_renewable_life); + krb5_warnx (contextp, "unable to parse `%s'", max_renewable_life); return 1; } } if (expiration) { - if (parse_timet (expiration, &ent->princ_expire_time, + if (parse_timet (expiration, &ent->princ_expire_time, mask, KADM5_PRINC_EXPIRE_TIME)) { - krb5_warnx (context, "unable to parse `%s'", expiration); + krb5_warnx (contextp, "unable to parse `%s'", expiration); return 1; } } if (pw_expiration) { - if (parse_timet (pw_expiration, &ent->pw_expiration, + if (parse_timet (pw_expiration, &ent->pw_expiration, mask, KADM5_PW_EXPIRATION)) { - krb5_warnx (context, "unable to parse `%s'", pw_expiration); + krb5_warnx (contextp, "unable to parse `%s'", pw_expiration); return 1; } } if (attributes != NULL) { - if (parse_attributes (attributes, &ent->attributes, + if (parse_attributes (attributes, &ent->attributes, mask, KADM5_ATTRIBUTES)) { - krb5_warnx (context, "unable to parse `%s'", attributes); + krb5_warnx (contextp, "unable to parse `%s'", attributes); return 1; } } @@ -485,7 +495,7 @@ is_expression(const char *string) } if(*p == '\\') quote++; - else if(strchr("[]*?", *p) != NULL) + else if(strchr("[]*?", *p) != NULL) return 1; } return 0; @@ -497,13 +507,13 @@ is_expression(const char *string) * processed. */ int -foreach_principal(const char *exp_str, - int (*func)(krb5_principal, void*), +foreach_principal(const char *exp_str, + int (*func)(krb5_principal, void*), const char *funcname, void *data) { - char **princs; - int num_princs; + char **princs = NULL; + int num_princs = 0; int i; krb5_error_code saved_ret = 0, ret = 0; krb5_principal princ_ent; @@ -522,7 +532,7 @@ foreach_principal(const char *exp_str, if(princs == NULL) return ENOMEM; princs[0] = strdup(exp_str); - if(princs[0] == NULL){ + if(princs[0] == NULL){ free(princs); return ENOMEM; } @@ -538,7 +548,7 @@ foreach_principal(const char *exp_str, } ret = (*func)(princ_ent, data); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_warn(context, ret, "%s %s", funcname, princs[i]); if (saved_ret == 0) saved_ret = ret; diff --git a/crypto/heimdal/kcm/Makefile.am b/crypto/heimdal/kcm/Makefile.am index baf89ac6192..68299701074 100644 --- a/crypto/heimdal/kcm/Makefile.am +++ b/crypto/heimdal/kcm/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 libexec_PROGRAMS = kcm @@ -13,32 +13,33 @@ kcm_SOURCES = \ client.c \ config.c \ connect.c \ - cursor.c \ events.c \ glue.c \ headers.h \ kcm_locl.h \ - kcm_protos.h \ + kcm-protos.h \ log.c \ main.c \ protocol.c \ + sessions.c \ renew.c -$(srcdir)/kcm_protos.h: - cd $(srcdir); perl ../cf/make-proto.pl -o kcm_protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm_protos.h +$(srcdir)/kcm-protos.h: + cd $(srcdir); perl ../cf/make-proto.pl -o kcm-protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm-protos.h -$(kcm_OBJECTS): $(srcdir)/kcm_protos.h +$(kcm_OBJECTS): $(srcdir)/kcm-protos.h man_MANS = kcm.8 LDADD = $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la \ + $(top_builddir)/lib/ipc/libheim-ipcs.la \ $(LIB_roken) \ $(LIB_door_create) \ $(LIB_pidfile) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/kcm/Makefile.in b/crypto/heimdal/kcm/Makefile.in index c3996df70d6..1176033b345 100644 --- a/crypto/heimdal/kcm/Makefile.in +++ b/crypto/heimdal/kcm/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,7 +47,7 @@ libexec_PROGRAMS = kcm$(EXEEXT) subdir = kcm ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,30 +89,31 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)" -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) am_kcm_OBJECTS = acl.$(OBJEXT) acquire.$(OBJEXT) cache.$(OBJEXT) \ client.$(OBJEXT) config.$(OBJEXT) connect.$(OBJEXT) \ - cursor.$(OBJEXT) events.$(OBJEXT) glue.$(OBJEXT) log.$(OBJEXT) \ - main.$(OBJEXT) protocol.$(OBJEXT) renew.$(OBJEXT) + events.$(OBJEXT) glue.$(OBJEXT) log.$(OBJEXT) main.$(OBJEXT) \ + protocol.$(OBJEXT) sessions.$(OBJEXT) renew.$(OBJEXT) kcm_OBJECTS = $(am_kcm_OBJECTS) kcm_LDADD = $(LDADD) am__DEPENDENCIES_1 = kcm_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la \ + $(top_builddir)/lib/ipc/libheim-ipcs.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -119,6 +125,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(kcm_SOURCES) DIST_SOURCES = $(kcm_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 MANS = $(man_MANS) ETAGS = etags @@ -128,49 +155,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -194,10 +230,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -214,6 +251,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -229,31 +268,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -268,10 +321,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -312,30 +367,35 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_libintl) $(INCLUDE_krb4) \ + $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la kcm_SOURCES = \ acl.c \ @@ -344,45 +404,46 @@ kcm_SOURCES = \ client.c \ config.c \ connect.c \ - cursor.c \ events.c \ glue.c \ headers.h \ kcm_locl.h \ - kcm_protos.h \ + kcm-protos.h \ log.c \ main.c \ protocol.c \ + sessions.c \ renew.c man_MANS = kcm.8 LDADD = $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la \ + $(top_builddir)/lib/ipc/libheim-ipcs.la \ $(LIB_roken) \ $(LIB_door_create) \ $(LIB_pidfile) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kcm/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps kcm/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign kcm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign kcm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -400,34 +461,50 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list kcm$(EXEEXT): $(kcm_OBJECTS) $(kcm_DEPENDENCIES) @rm -f kcm$(EXEEXT) $(LINK) $(kcm_OBJECTS) $(kcm_LDADD) $(LIBS) @@ -438,115 +515,151 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cache.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/events.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/glue.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/renew.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sessions.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -562,13 +675,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -603,6 +720,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -613,6 +731,7 @@ clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -623,6 +742,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -630,26 +751,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -669,11 +799,10 @@ ps-am: uninstall-am: uninstall-libexecPROGRAMS uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libexecPROGRAMS clean-libtool ctags \ @@ -760,6 +889,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -845,7 +977,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -859,10 +991,11 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -$(srcdir)/kcm_protos.h: - cd $(srcdir); perl ../cf/make-proto.pl -o kcm_protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm_protos.h +$(srcdir)/kcm-protos.h: + cd $(srcdir); perl ../cf/make-proto.pl -o kcm-protos.h -q -P comment $(kcm_SOURCES) || rm -f kcm-protos.h + +$(kcm_OBJECTS): $(srcdir)/kcm-protos.h -$(kcm_OBJECTS): $(srcdir)/kcm_protos.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/kcm/acl.c b/crypto/heimdal/kcm/acl.c index 1b96204bd95..5102c133596 100644 --- a/crypto/heimdal/kcm/acl.c +++ b/crypto/heimdal/kcm/acl.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -32,8 +34,6 @@ #include "kcm_locl.h" -RCSID("$Id: acl.c 20472 2007-04-20 10:43:25Z lha $"); - krb5_error_code kcm_access(krb5_context context, kcm_client *client, @@ -57,6 +57,9 @@ kcm_access(krb5_context context, case KCM_OP_CHMOD: case KCM_OP_GET_INITIAL_TICKET: case KCM_OP_GET_TICKET: + case KCM_OP_MOVE_CACHE: + case KCM_OP_SET_DEFAULT_CACHE: + case KCM_OP_SET_KDC_OFFSET: write_p = 1; read_p = 0; break; @@ -66,52 +69,70 @@ kcm_access(krb5_context context, case KCM_OP_GEN_NEW: case KCM_OP_RETRIEVE: case KCM_OP_GET_PRINCIPAL: - case KCM_OP_GET_FIRST: - case KCM_OP_GET_NEXT: - case KCM_OP_END_GET: - case KCM_OP_MAX: + case KCM_OP_GET_CRED_UUID_LIST: + case KCM_OP_GET_CRED_BY_UUID: + case KCM_OP_GET_CACHE_UUID_LIST: + case KCM_OP_GET_CACHE_BY_UUID: + case KCM_OP_GET_DEFAULT_CACHE: + case KCM_OP_GET_KDC_OFFSET: write_p = 0; read_p = 1; break; + default: + ret = KRB5_FCC_PERM; + goto out; } if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM) { /* System caches cannot be reinitialized or destroyed by users */ if (opcode == KCM_OP_INITIALIZE || opcode == KCM_OP_DESTROY || - opcode == KCM_OP_REMOVE_CRED) { + opcode == KCM_OP_REMOVE_CRED || + opcode == KCM_OP_MOVE_CACHE) { ret = KRB5_FCC_PERM; goto out; } /* Let root always read system caches */ - if (client->uid == 0) { + if (CLIENT_IS_ROOT(client)) { ret = 0; goto out; } } - mask = 0; + /* start out with "other" mask */ + mask = S_IROTH|S_IWOTH; - /* Root may do whatever they like */ - if (client->uid == ccache->uid || CLIENT_IS_ROOT(client)) { + /* root can do anything */ + if (CLIENT_IS_ROOT(client)) { if (read_p) - mask |= S_IRUSR; + mask |= S_IRUSR|S_IRGRP|S_IROTH; if (write_p) - mask |= S_IWUSR; - } else if (client->gid == ccache->gid || CLIENT_IS_ROOT(client)) { - if (read_p) - mask |= S_IRGRP; - if (write_p) - mask |= S_IWGRP; - } else { + mask |= S_IWUSR|S_IWGRP|S_IWOTH; + } + /* same session same as owner */ + if (kcm_is_same_session(client, ccache->uid, ccache->session)) { if (read_p) mask |= S_IROTH; if (write_p) mask |= S_IWOTH; } + /* owner */ + if (client->uid == ccache->uid) { + if (read_p) + mask |= S_IRUSR; + if (write_p) + mask |= S_IWUSR; + } + /* group */ + if (client->gid == ccache->gid) { + if (read_p) + mask |= S_IRGRP; + if (write_p) + mask |= S_IWGRP; + } - ret = ((ccache->mode & mask) == mask) ? 0 : KRB5_FCC_PERM; + ret = (ccache->mode & mask) ? 0 : KRB5_FCC_PERM; out: if (ret) { diff --git a/crypto/heimdal/kcm/acquire.c b/crypto/heimdal/kcm/acquire.c index 416881a3a13..68e6e685d4d 100644 --- a/crypto/heimdal/kcm/acquire.c +++ b/crypto/heimdal/kcm/acquire.c @@ -32,11 +32,6 @@ #include "kcm_locl.h" -RCSID("$Id: acquire.c 22118 2007-12-03 21:44:00Z lha $"); - -static krb5_error_code -change_pw_and_update_keytab(krb5_context context, kcm_ccache ccache); - /* * Get a new ticket using a keytab/cached key and swap it into * an existing redentials cache @@ -50,10 +45,9 @@ kcm_ccache_acquire(krb5_context context, krb5_error_code ret = 0; krb5_creds cred; krb5_const_realm realm; - krb5_get_init_creds_opt opt; + krb5_get_init_creds_opt *opt = NULL; krb5_ccache_data ccdata; char *in_tkt_service = NULL; - int done = 0; memset(&cred, 0, sizeof(cred)); @@ -73,7 +67,7 @@ kcm_ccache_acquire(krb5_context context, ccache->name); return KRB5_FCC_INTERNAL; } - + HEIMDAL_MUTEX_lock(&ccache->mutex); /* Fake up an internal ccache */ @@ -91,12 +85,14 @@ kcm_ccache_acquire(krb5_context context, realm = krb5_principal_get_realm(context, ccache->client); - krb5_get_init_creds_opt_init(&opt); - krb5_get_init_creds_opt_set_default_flags(context, "kcm", realm, &opt); + ret = krb5_get_init_creds_opt_alloc(context, &opt); + if (ret) + goto out; + krb5_get_init_creds_opt_set_default_flags(context, "kcm", realm, opt); if (ccache->tkt_life != 0) - krb5_get_init_creds_opt_set_tkt_life(&opt, ccache->tkt_life); + krb5_get_init_creds_opt_set_tkt_life(opt, ccache->tkt_life); if (ccache->renew_life != 0) - krb5_get_init_creds_opt_set_renew_life(&opt, ccache->renew_life); + krb5_get_init_creds_opt_set_renew_life(opt, ccache->renew_life); if (ccache->flags & KCM_FLAGS_USE_CACHED_KEY) { ret = krb5_get_init_creds_keyblock(context, @@ -105,34 +101,16 @@ kcm_ccache_acquire(krb5_context context, &ccache->key.keyblock, 0, in_tkt_service, - &opt); + opt); } else { /* loosely based on lib/krb5/init_creds_pw.c */ - while (!done) { - ret = krb5_get_init_creds_keytab(context, - &cred, - ccache->client, - ccache->key.keytab, - 0, - in_tkt_service, - &opt); - switch (ret) { - case KRB5KDC_ERR_KEY_EXPIRED: - if (in_tkt_service != NULL && - strcmp(in_tkt_service, "kadmin/changepw") == 0) { - goto out; - } - - ret = change_pw_and_update_keytab(context, ccache); - if (ret) - goto out; - break; - case 0: - default: - done = 1; - break; - } - } + ret = krb5_get_init_creds_keytab(context, + &cred, + ccache->client, + ccache->key.keytab, + 0, + in_tkt_service, + opt); } if (ret) { @@ -158,374 +136,10 @@ kcm_ccache_acquire(krb5_context context, } out: + if (opt) + krb5_get_init_creds_opt_free(context, opt); + HEIMDAL_MUTEX_unlock(&ccache->mutex); return ret; } - -static krb5_error_code -change_pw(krb5_context context, - kcm_ccache ccache, - char *cpn, - char *newpw) -{ - krb5_error_code ret; - krb5_creds cpw_cred; - int result_code; - krb5_data result_code_string; - krb5_data result_string; - krb5_get_init_creds_opt options; - - memset(&cpw_cred, 0, sizeof(cpw_cred)); - - krb5_get_init_creds_opt_init(&options); - krb5_get_init_creds_opt_set_tkt_life(&options, 60); - krb5_get_init_creds_opt_set_forwardable(&options, FALSE); - krb5_get_init_creds_opt_set_proxiable(&options, FALSE); - - krb5_data_zero(&result_code_string); - krb5_data_zero(&result_string); - - ret = krb5_get_init_creds_keytab(context, - &cpw_cred, - ccache->client, - ccache->key.keytab, - 0, - "kadmin/changepw", - &options); - if (ret) { - kcm_log(0, "Failed to acquire password change credentials " - "for principal %s: %s", - cpn, krb5_get_err_text(context, ret)); - goto out; - } - - ret = krb5_set_password(context, - &cpw_cred, - newpw, - ccache->client, - &result_code, - &result_code_string, - &result_string); - if (ret) { - kcm_log(0, "Failed to change password for principal %s: %s", - cpn, krb5_get_err_text(context, ret)); - goto out; - } - - if (result_code) { - kcm_log(0, "Failed to change password for principal %s: %.*s", - cpn, - (int)result_string.length, - result_string.length > 0 ? (char *)result_string.data : ""); - goto out; - } - -out: - krb5_data_free(&result_string); - krb5_data_free(&result_code_string); - krb5_free_cred_contents(context, &cpw_cred); - - return ret; -} - -struct kcm_keyseed_data { - krb5_salt salt; - const char *password; -}; - -static krb5_error_code -kcm_password_key_proc(krb5_context context, - krb5_enctype etype, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key) -{ - krb5_error_code ret; - struct kcm_keyseed_data *s = (struct kcm_keyseed_data *)keyseed; - - /* we may be called multiple times */ - krb5_free_salt(context, s->salt); - krb5_data_zero(&s->salt.saltvalue); - - /* stash the salt */ - s->salt.salttype = salt.salttype; - - ret = krb5_data_copy(&s->salt.saltvalue, - salt.saltvalue.data, - salt.saltvalue.length); - if (ret) - return ret; - - *key = (krb5_keyblock *)malloc(sizeof(**key)); - if (*key == NULL) { - return ENOMEM; - } - - ret = krb5_string_to_key_salt(context, etype, s->password, - s->salt, *key); - if (ret) { - free(*key); - *key = NULL; - } - - return ret; -} - -static krb5_error_code -get_salt_and_kvno(krb5_context context, - kcm_ccache ccache, - krb5_enctype *etypes, - char *cpn, - char *newpw, - krb5_salt *salt, - unsigned *kvno) -{ - krb5_error_code ret; - krb5_creds creds; - krb5_ccache_data ccdata; - krb5_flags options = 0; - krb5_kdc_rep reply; - struct kcm_keyseed_data s; - - memset(&creds, 0, sizeof(creds)); - memset(&reply, 0, sizeof(reply)); - - s.password = NULL; - s.salt.salttype = (int)ETYPE_NULL; - krb5_data_zero(&s.salt.saltvalue); - - *kvno = 0; - kcm_internal_ccache(context, ccache, &ccdata); - s.password = newpw; - - /* Do an AS-REQ to determine salt and key version number */ - ret = krb5_copy_principal(context, ccache->client, &creds.client); - if (ret) - return ret; - - /* Yes, get a ticket to ourselves */ - ret = krb5_copy_principal(context, ccache->client, &creds.server); - if (ret) { - krb5_free_principal(context, creds.client); - return ret; - } - - ret = krb5_get_in_tkt(context, - options, - NULL, - etypes, - NULL, - kcm_password_key_proc, - &s, - NULL, - NULL, - &creds, - &ccdata, - &reply); - if (ret) { - kcm_log(0, "Failed to get self ticket for principal %s: %s", - cpn, krb5_get_err_text(context, ret)); - krb5_free_salt(context, s.salt); - } else { - *salt = s.salt; /* retrieve stashed salt */ - if (reply.kdc_rep.enc_part.kvno != NULL) - *kvno = *(reply.kdc_rep.enc_part.kvno); - } - /* ccache may have been modified but it will get trashed anyway */ - - krb5_free_cred_contents(context, &creds); - krb5_free_kdc_rep(context, &reply); - - return ret; -} - -static krb5_error_code -update_keytab_entry(krb5_context context, - kcm_ccache ccache, - krb5_enctype etype, - char *cpn, - char *spn, - char *newpw, - krb5_salt salt, - unsigned kvno) -{ - krb5_error_code ret; - krb5_keytab_entry entry; - krb5_data pw; - - memset(&entry, 0, sizeof(entry)); - - pw.data = (char *)newpw; - pw.length = strlen(newpw); - - ret = krb5_string_to_key_data_salt(context, etype, pw, - salt, &entry.keyblock); - if (ret) { - kcm_log(0, "String to key conversion failed for principal %s " - "and etype %d: %s", - cpn, etype, krb5_get_err_text(context, ret)); - return ret; - } - - if (spn == NULL) { - ret = krb5_copy_principal(context, ccache->client, - &entry.principal); - if (ret) { - kcm_log(0, "Failed to copy principal name %s: %s", - cpn, krb5_get_err_text(context, ret)); - return ret; - } - } else { - ret = krb5_parse_name(context, spn, &entry.principal); - if (ret) { - kcm_log(0, "Failed to parse SPN alias %s: %s", - spn, krb5_get_err_text(context, ret)); - return ret; - } - } - - entry.vno = kvno; - entry.timestamp = time(NULL); - - ret = krb5_kt_add_entry(context, ccache->key.keytab, &entry); - if (ret) { - kcm_log(0, "Failed to update keytab for principal %s " - "and etype %d: %s", - cpn, etype, krb5_get_err_text(context, ret)); - } - - krb5_kt_free_entry(context, &entry); - - return ret; -} - -static krb5_error_code -update_keytab_entries(krb5_context context, - kcm_ccache ccache, - krb5_enctype *etypes, - char *cpn, - char *spn, - char *newpw, - krb5_salt salt, - unsigned kvno) -{ - krb5_error_code ret = 0; - int i; - - for (i = 0; etypes[i] != ETYPE_NULL; i++) { - ret = update_keytab_entry(context, ccache, etypes[i], - cpn, spn, newpw, salt, kvno); - if (ret) - break; - } - - return ret; -} - -static void -generate_random_pw(krb5_context context, - char *buf, - size_t bufsiz) -{ - unsigned char x[512], *p; - size_t i; - - memset(x, 0, sizeof(x)); - krb5_generate_random_block(x, sizeof(x)); - p = x; - - for (i = 0; i < bufsiz; i++) { - while (isprint(*p) == 0) - p++; - - if (p - x >= sizeof(x)) { - krb5_generate_random_block(x, sizeof(x)); - p = x; - } - buf[i] = (char)*p++; - } - buf[bufsiz - 1] = '\0'; - memset(x, 0, sizeof(x)); -} - -static krb5_error_code -change_pw_and_update_keytab(krb5_context context, - kcm_ccache ccache) -{ - char newpw[121]; - krb5_error_code ret; - unsigned kvno; - krb5_salt salt; - krb5_enctype *etypes = NULL; - int i; - char *cpn = NULL; - char **spns = NULL; - - krb5_data_zero(&salt.saltvalue); - - ret = krb5_unparse_name(context, ccache->client, &cpn); - if (ret) { - kcm_log(0, "Failed to unparse name: %s", - krb5_get_err_text(context, ret)); - goto out; - } - - ret = krb5_get_default_in_tkt_etypes(context, &etypes); - if (ret) { - kcm_log(0, "Failed to determine default encryption types: %s", - krb5_get_err_text(context, ret)); - goto out; - } - - /* Generate a random password (there is no set keys protocol) */ - generate_random_pw(context, newpw, sizeof(newpw)); - - /* Change it */ - ret = change_pw(context, ccache, cpn, newpw); - if (ret) - goto out; - - /* Do an AS-REQ to determine salt and key version number */ - ret = get_salt_and_kvno(context, ccache, etypes, cpn, newpw, - &salt, &kvno); - if (ret) { - kcm_log(0, "Failed to determine salting principal for principal %s: %s", - cpn, krb5_get_err_text(context, ret)); - goto out; - } - - /* Add canonical name */ - ret = update_keytab_entries(context, ccache, etypes, cpn, - NULL, newpw, salt, kvno); - if (ret) - goto out; - - /* Add SPN aliases, if any */ - spns = krb5_config_get_strings(context, NULL, "kcm", - "system_ccache", "spn_aliases", NULL); - if (spns != NULL) { - for (i = 0; spns[i] != NULL; i++) { - ret = update_keytab_entries(context, ccache, etypes, cpn, - spns[i], newpw, salt, kvno); - if (ret) - goto out; - } - } - - kcm_log(0, "Changed expired password for principal %s in cache %s", - cpn, ccache->name); - -out: - if (cpn != NULL) - free(cpn); - if (spns != NULL) - krb5_config_free_strings(spns); - if (etypes != NULL) - free(etypes); - krb5_free_salt(context, salt); - memset(newpw, 0, sizeof(newpw)); - - return ret; -} - diff --git a/crypto/heimdal/kcm/cache.c b/crypto/heimdal/kcm/cache.c index aeb30cca1fe..1bd220c8a70 100644 --- a/crypto/heimdal/kcm/cache.c +++ b/crypto/heimdal/kcm/cache.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -32,11 +34,9 @@ #include "kcm_locl.h" -RCSID("$Id: cache.c 14566 2005-02-06 01:22:49Z lukeh $"); - -static HEIMDAL_MUTEX ccache_mutex = HEIMDAL_MUTEX_INITIALIZER; -static kcm_ccache_data *ccache_head = NULL; -static unsigned int ccache_nextid = 0; +HEIMDAL_MUTEX ccache_mutex = HEIMDAL_MUTEX_INITIALIZER; +kcm_ccache_data *ccache_head = NULL; +static unsigned int ccache_nextid = 0; char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid) { @@ -47,15 +47,15 @@ char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid) n = ++ccache_nextid; HEIMDAL_MUTEX_unlock(&ccache_mutex); - asprintf(&name, "%d:%u", uid, n); + asprintf(&name, "%ld:%u", (long)uid, n); return name; } -static krb5_error_code -kcm_ccache_resolve_internal(krb5_context context, - const char *name, - kcm_ccache *ccache) +krb5_error_code +kcm_ccache_resolve(krb5_context context, + const char *name, + kcm_ccache *ccache) { kcm_ccache p; krb5_error_code ret; @@ -85,6 +85,66 @@ kcm_ccache_resolve_internal(krb5_context context, return ret; } +krb5_error_code +kcm_ccache_resolve_by_uuid(krb5_context context, + kcmuuid_t uuid, + kcm_ccache *ccache) +{ + kcm_ccache p; + krb5_error_code ret; + + *ccache = NULL; + + ret = KRB5_FCC_NOFILE; + + HEIMDAL_MUTEX_lock(&ccache_mutex); + + for (p = ccache_head; p != NULL; p = p->next) { + if ((p->flags & KCM_FLAGS_VALID) == 0) + continue; + if (memcmp(p->uuid, uuid, sizeof(uuid)) == 0) { + ret = 0; + break; + } + } + + if (ret == 0) { + kcm_retain_ccache(context, p); + *ccache = p; + } + + HEIMDAL_MUTEX_unlock(&ccache_mutex); + + return ret; +} + +krb5_error_code +kcm_ccache_get_uuids(krb5_context context, kcm_client *client, kcm_operation opcode, krb5_storage *sp) +{ + krb5_error_code ret; + kcm_ccache p; + + ret = KRB5_FCC_NOFILE; + + HEIMDAL_MUTEX_lock(&ccache_mutex); + + for (p = ccache_head; p != NULL; p = p->next) { + if ((p->flags & KCM_FLAGS_VALID) == 0) + continue; + ret = kcm_access(context, client, opcode, p); + if (ret) { + ret = 0; + continue; + } + krb5_storage_write(sp, p->uuid, sizeof(p->uuid)); + } + + HEIMDAL_MUTEX_unlock(&ccache_mutex); + + return ret; +} + + krb5_error_code kcm_debug_ccache(krb5_context context) { kcm_ccache p; @@ -108,7 +168,7 @@ krb5_error_code kcm_debug_ccache(krb5_context context) krb5_unparse_name(context, p->client, &cpn); if (p->server != NULL) krb5_unparse_name(context, p->server, &spn); - + kcm_log(7, "cache %08x: name %s refcnt %d flags %04x mode %04o " "uid %d gid %d client %s server %s ncreds %d", p, p->name, p->refcnt, p->flags, p->mode, p->uid, p->gid, @@ -125,10 +185,48 @@ krb5_error_code kcm_debug_ccache(krb5_context context) return 0; } -static krb5_error_code -kcm_ccache_destroy_internal(krb5_context context, const char *name) +static void +kcm_free_ccache_data_internal(krb5_context context, + kcm_ccache_data *cache) { - kcm_ccache *p; + KCM_ASSERT_VALID(cache); + + if (cache->name != NULL) { + free(cache->name); + cache->name = NULL; + } + + if (cache->flags & KCM_FLAGS_USE_KEYTAB) { + krb5_kt_close(context, cache->key.keytab); + cache->key.keytab = NULL; + } else if (cache->flags & KCM_FLAGS_USE_CACHED_KEY) { + krb5_free_keyblock_contents(context, &cache->key.keyblock); + krb5_keyblock_zero(&cache->key.keyblock); + } + + cache->flags = 0; + cache->mode = 0; + cache->uid = -1; + cache->gid = -1; + cache->session = -1; + + kcm_zero_ccache_data_internal(context, cache); + + cache->tkt_life = 0; + cache->renew_life = 0; + + cache->next = NULL; + cache->refcnt = 0; + + HEIMDAL_MUTEX_unlock(&cache->mutex); + HEIMDAL_MUTEX_destroy(&cache->mutex); +} + + +krb5_error_code +kcm_ccache_destroy(krb5_context context, const char *name) +{ + kcm_ccache *p, ccache; krb5_error_code ret; ret = KRB5_FCC_NOFILE; @@ -142,11 +240,18 @@ kcm_ccache_destroy_internal(krb5_context context, const char *name) break; } } - if (ret) goto out; - kcm_release_ccache(context, p); + if ((*p)->refcnt != 1) { + ret = EAGAIN; + goto out; + } + + ccache = *p; + *p = (*p)->next; + kcm_free_ccache_data_internal(context, ccache); + free(ccache); out: HEIMDAL_MUTEX_unlock(&ccache_mutex); @@ -182,29 +287,21 @@ kcm_ccache_alloc(krb5_context context, goto out; /* - * Then try and find an empty slot - * XXX we need to recycle slots for this to actually do anything + * Create an enpty slot for us. */ if (slot == NULL) { - for (; p != NULL; p = p->next) { - if ((p->flags & KCM_FLAGS_VALID) == 0) { - slot = p; - break; - } - } - + slot = (kcm_ccache_data *)malloc(sizeof(*slot)); if (slot == NULL) { - slot = (kcm_ccache_data *)malloc(sizeof(*slot)); - if (slot == NULL) { - ret = KRB5_CC_NOMEM; - goto out; - } - slot->next = ccache_head; - HEIMDAL_MUTEX_init(&slot->mutex); - new_slot = 1; + ret = KRB5_CC_NOMEM; + goto out; } + slot->next = ccache_head; + HEIMDAL_MUTEX_init(&slot->mutex); + new_slot = 1; } + RAND_bytes(slot->uuid, sizeof(slot->uuid)); + slot->name = strdup(name); if (slot->name == NULL) { ret = KRB5_CC_NOMEM; @@ -219,8 +316,6 @@ kcm_ccache_alloc(krb5_context context, slot->client = NULL; slot->server = NULL; slot->creds = NULL; - slot->n_cursor = 0; - slot->cursors = NULL; slot->key.keytab = NULL; slot->tkt_life = 0; slot->renew_life = 0; @@ -247,7 +342,6 @@ kcm_ccache_remove_creds_internal(krb5_context context, kcm_ccache ccache) { struct kcm_creds *k; - struct kcm_cursor *c; k = ccache->creds; while (k != NULL) { @@ -260,20 +354,6 @@ kcm_ccache_remove_creds_internal(krb5_context context, } ccache->creds = NULL; - /* remove anything that would have pointed into the creds too */ - - ccache->n_cursor = 0; - - c = ccache->cursors; - while (c != NULL) { - struct kcm_cursor *old; - - old = c; - c = c->next; - free(old); - } - ccache->cursors = NULL; - return 0; } @@ -326,44 +406,6 @@ kcm_zero_ccache_data(krb5_context context, return ret; } -static krb5_error_code -kcm_free_ccache_data_internal(krb5_context context, - kcm_ccache_data *cache) -{ - KCM_ASSERT_VALID(cache); - - if (cache->name != NULL) { - free(cache->name); - cache->name = NULL; - } - - if (cache->flags & KCM_FLAGS_USE_KEYTAB) { - krb5_kt_close(context, cache->key.keytab); - cache->key.keytab = NULL; - } else if (cache->flags & KCM_FLAGS_USE_CACHED_KEY) { - krb5_free_keyblock_contents(context, &cache->key.keyblock); - krb5_keyblock_zero(&cache->key.keyblock); - } - - cache->flags = 0; - cache->mode = 0; - cache->uid = -1; - cache->gid = -1; - - kcm_zero_ccache_data_internal(context, cache); - - cache->tkt_life = 0; - cache->renew_life = 0; - - cache->next = NULL; - cache->refcnt = 0; - - HEIMDAL_MUTEX_unlock(&cache->mutex); - HEIMDAL_MUTEX_destroy(&cache->mutex); - - return 0; -} - krb5_error_code kcm_retain_ccache(krb5_context context, kcm_ccache ccache) @@ -378,26 +420,21 @@ kcm_retain_ccache(krb5_context context, } krb5_error_code -kcm_release_ccache(krb5_context context, - kcm_ccache *ccache) +kcm_release_ccache(krb5_context context, kcm_ccache c) { - kcm_ccache c = *ccache; krb5_error_code ret = 0; KCM_ASSERT_VALID(c); HEIMDAL_MUTEX_lock(&c->mutex); if (c->refcnt == 1) { - ret = kcm_free_ccache_data_internal(context, c); - if (ret == 0) - free(c); + kcm_free_ccache_data_internal(context, c); + free(c); } else { c->refcnt--; HEIMDAL_MUTEX_unlock(&c->mutex); } - *ccache = NULL; - return ret; } @@ -441,29 +478,6 @@ kcm_ccache_new(krb5_context context, return ret; } -krb5_error_code -kcm_ccache_resolve(krb5_context context, - const char *name, - kcm_ccache *ccache) -{ - krb5_error_code ret; - - ret = kcm_ccache_resolve_internal(context, name, ccache); - - return ret; -} - -krb5_error_code -kcm_ccache_destroy(krb5_context context, - const char *name) -{ - krb5_error_code ret; - - ret = kcm_ccache_destroy_internal(context, name); - - return ret; -} - krb5_error_code kcm_ccache_destroy_if_empty(krb5_context context, kcm_ccache ccache) @@ -471,9 +485,9 @@ kcm_ccache_destroy_if_empty(krb5_context context, krb5_error_code ret; KCM_ASSERT_VALID(ccache); - + if (ccache->creds == NULL) { - ret = kcm_ccache_destroy_internal(context, ccache->name); + ret = kcm_ccache_destroy(context, ccache->name); } else ret = 0; @@ -490,7 +504,7 @@ kcm_ccache_store_cred(krb5_context context, krb5_creds *tmp; KCM_ASSERT_VALID(ccache); - + HEIMDAL_MUTEX_lock(&ccache->mutex); ret = kcm_ccache_store_cred_internal(context, ccache, creds, copy, &tmp); HEIMDAL_MUTEX_unlock(&ccache->mutex); @@ -498,6 +512,22 @@ kcm_ccache_store_cred(krb5_context context, return ret; } +struct kcm_creds * +kcm_ccache_find_cred_uuid(krb5_context context, + kcm_ccache ccache, + kcmuuid_t uuid) +{ + struct kcm_creds *c; + + for (c = ccache->creds; c != NULL; c = c->next) + if (memcmp(c->uuid, uuid, sizeof(c->uuid)) == 0) + return c; + + return NULL; +} + + + krb5_error_code kcm_ccache_store_cred_internal(krb5_context context, kcm_ccache ccache, @@ -511,10 +541,11 @@ kcm_ccache_store_cred_internal(krb5_context context, for (c = &ccache->creds; *c != NULL; c = &(*c)->next) ; - *c = (struct kcm_creds *)malloc(sizeof(struct kcm_creds)); - if (*c == NULL) { + *c = (struct kcm_creds *)calloc(1, sizeof(**c)); + if (*c == NULL) return KRB5_CC_NOMEM; - } + + RAND_bytes((*c)->uuid, sizeof((*c)->uuid)); *credp = &(*c)->cred; @@ -529,25 +560,9 @@ kcm_ccache_store_cred_internal(krb5_context context, ret = 0; } - (*c)->next = NULL; - return ret; } -static void -remove_cred(krb5_context context, - struct kcm_creds **c) -{ - struct kcm_creds *cred; - - cred = *c; - - *c = cred->next; - - krb5_free_cred_contents(context, &cred->cred); - free(cred); -} - krb5_error_code kcm_ccache_remove_cred_internal(krb5_context context, kcm_ccache ccache, @@ -561,8 +576,14 @@ kcm_ccache_remove_cred_internal(krb5_context context, for (c = &ccache->creds; *c != NULL; c = &(*c)->next) { if (krb5_compare_creds(context, whichfields, mcreds, &(*c)->cred)) { - remove_cred(context, c); + struct kcm_creds *cred = *c; + + *c = cred->next; + krb5_free_cred_contents(context, &cred->cred); + free(cred); ret = 0; + if (*c == NULL) + break; } } @@ -626,7 +647,7 @@ kcm_ccache_retrieve_cred(krb5_context context, krb5_error_code ret; KCM_ASSERT_VALID(ccache); - + HEIMDAL_MUTEX_lock(&ccache->mutex); ret = kcm_ccache_retrieve_cred_internal(context, ccache, whichfields, mcreds, credp); @@ -634,3 +655,21 @@ kcm_ccache_retrieve_cred(krb5_context context, return ret; } + +char * +kcm_ccache_first_name(kcm_client *client) +{ + kcm_ccache p; + char *name = NULL; + + HEIMDAL_MUTEX_lock(&ccache_mutex); + + for (p = ccache_head; p != NULL; p = p->next) { + if (kcm_is_same_session(client, p->uid, p->session)) + break; + } + if (p) + name = strdup(p->name); + HEIMDAL_MUTEX_unlock(&ccache_mutex); + return name; +} diff --git a/crypto/heimdal/kcm/client.c b/crypto/heimdal/kcm/client.c index f0758949baf..38a84491785 100644 --- a/crypto/heimdal/kcm/client.c +++ b/crypto/heimdal/kcm/client.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,8 +35,6 @@ #include "kcm_locl.h" #include -RCSID("$Id: client.c 20487 2007-04-21 06:25:06Z lha $"); - krb5_error_code kcm_ccache_resolve_client(krb5_context context, kcm_client *client, @@ -54,7 +54,7 @@ kcm_ccache_resolve_client(krb5_context context, ret = kcm_access(context, client, opcode, *ccache); if (ret) { ret = KRB5_FCC_NOFILE; /* don't disclose */ - kcm_release_ccache(context, ccache); + kcm_release_ccache(context, *ccache); } return ret; @@ -76,19 +76,12 @@ kcm_ccache_destroy_client(krb5_context context, } ret = kcm_access(context, client, KCM_OP_DESTROY, ccache); - if (ret) { - kcm_release_ccache(context, &ccache); + kcm_cleanup_events(context, ccache); + kcm_release_ccache(context, ccache); + if (ret) return ret; - } - ret = kcm_ccache_destroy(context, ccache->name); - if (ret == 0) { - /* don't leave any events dangling */ - kcm_cleanup_events(context, ccache); - } - - kcm_release_ccache(context, &ccache); - return ret; + return kcm_ccache_destroy(context, name); } krb5_error_code @@ -121,7 +114,7 @@ kcm_ccache_new_client(krb5_context context, if (bad && !CLIENT_IS_ROOT(client)) return KRB5_CC_BADNAME; } - + ret = kcm_ccache_resolve(context, name, &ccache); if (ret == 0) { if ((ccache->uid != client->uid || @@ -142,12 +135,13 @@ kcm_ccache_new_client(krb5_context context, /* bind to current client */ ccache->uid = client->uid; ccache->gid = client->gid; + ccache->session = client->session; } else { ret = kcm_zero_ccache_data(context, ccache); if (ret) { kcm_log(1, "Failed to empty cache %s: %s", name, krb5_get_err_text(context, ret)); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } kcm_cleanup_events(context, ccache); @@ -155,12 +149,12 @@ kcm_ccache_new_client(krb5_context context, ret = kcm_access(context, client, KCM_OP_INITIALIZE, ccache); if (ret) { - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); kcm_ccache_destroy(context, name); return ret; } - /* + /* * Finally, if the user is root and the cache was created under * another user's name, chown the cache to that user and their * default gid. @@ -178,7 +172,7 @@ kcm_ccache_new_client(krb5_context context, } } } - + *ccache_p = ccache; return 0; } diff --git a/crypto/heimdal/kcm/config.c b/crypto/heimdal/kcm/config.c index 5de797eb4b3..26c48be3c7d 100644 --- a/crypto/heimdal/kcm/config.c +++ b/crypto/heimdal/kcm/config.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,8 +36,6 @@ #include #include -RCSID("$Id: config.c 15296 2005-05-30 10:17:43Z lha $"); - static const char *config_file; /* location of kcm config file */ size_t max_request = 0; /* maximal size of a request */ @@ -44,8 +44,10 @@ char *door_path = NULL; static char *max_request_str; /* `max_request' as a string */ +#ifdef SUPPORT_DETACH int detach_from_console = -1; #define DETACH_IS_DEFAULT FALSE +#endif static const char *system_cache_name = NULL; static const char *system_keytab = NULL; @@ -58,44 +60,51 @@ static const char *system_group = NULL; static const char *renew_life = NULL; static const char *ticket_life = NULL; -int disallow_getting_krbtgt = -1; +int launchd_flag = 0; +int disallow_getting_krbtgt = 0; int name_constraints = -1; static int help_flag; static int version_flag; static struct getargs args[] = { - { - "cache-name", 0, arg_string, &system_cache_name, - "system cache name", "cachename" + { + "cache-name", 0, arg_string, &system_cache_name, + "system cache name", "cachename" }, - { - "config-file", 'c', arg_string, &config_file, - "location of config file", "file" + { + "config-file", 'c', arg_string, &config_file, + "location of config file", "file" }, - { - "group", 'g', arg_string, &system_group, - "system cache group", "group" + { + "group", 'g', arg_string, &system_group, + "system cache group", "group" }, - { - "max-request", 0, arg_string, &max_request, + { + "max-request", 0, arg_string, &max_request, "max size for a kcm-request", "size" }, + { + "launchd", 0, arg_flag, &launchd_flag, + "when in use by launchd" + }, +#ifdef SUPPORT_DETACH #if DETACH_IS_DEFAULT { - "detach", 'D', arg_negative_flag, &detach_from_console, + "detach", 'D', arg_negative_flag, &detach_from_console, "don't detach from console" }, #else { - "detach", 0 , arg_flag, &detach_from_console, + "detach", 0 , arg_flag, &detach_from_console, "detach from console" }, +#endif #endif { "help", 'h', arg_flag, &help_flag }, - { - "system-principal", 'k', arg_string, &system_principal, - "system principal name", "principal" + { + "system-principal", 'k', arg_string, &system_principal, + "system principal name", "principal" }, { "lifetime", 'l', arg_string, &ticket_life, @@ -131,13 +140,13 @@ static struct getargs args[] = { "server", 'S', arg_string, &system_server, "server to get system ticket for", "principal" }, - { - "keytab", 't', arg_string, &system_keytab, - "system keytab name", "keytab" + { + "keytab", 't', arg_string, &system_keytab, + "system keytab name", "keytab" }, - { - "user", 'u', arg_string, &system_user, - "system cache owner", "user" + { + "user", 'u', arg_string, &system_user, + "system cache owner", "user" }, { "version", 'v', arg_flag, &version_flag } }; @@ -236,7 +245,7 @@ ccache_init_system(void) ret = krb5_parse_name(kcm_context, system_principal, &ccache->client); if (ret) { - kcm_release_ccache(kcm_context, &ccache); + kcm_release_ccache(kcm_context, ccache); return ret; } @@ -246,7 +255,7 @@ ccache_init_system(void) if (system_server != NULL) { ret = krb5_parse_name(kcm_context, system_server, &ccache->server); if (ret) { - kcm_release_ccache(kcm_context, &ccache); + kcm_release_ccache(kcm_context, ccache); return ret; } } @@ -260,7 +269,7 @@ ccache_init_system(void) ret = krb5_kt_default(kcm_context, &ccache->key.keytab); } if (ret) { - kcm_release_ccache(kcm_context, &ccache); + kcm_release_ccache(kcm_context, ccache); return ret; } @@ -273,7 +282,7 @@ ccache_init_system(void) if (renew_life != NULL) { ccache->renew_life = parse_time(renew_life, "s"); if (ccache->renew_life < 0) { - kcm_release_ccache(kcm_context, &ccache); + kcm_release_ccache(kcm_context, ccache); return EINVAL; } } @@ -284,7 +293,7 @@ ccache_init_system(void) if (ticket_life != NULL) { ccache->tkt_life = parse_time(ticket_life, "s"); if (ccache->tkt_life < 0) { - kcm_release_ccache(kcm_context, &ccache); + kcm_release_ccache(kcm_context, ccache); return EINVAL; } } @@ -310,7 +319,7 @@ ccache_init_system(void) /* enqueue default actions for credentials cache */ ret = kcm_ccache_enqueue_default(kcm_context, ccache, NULL); - kcm_release_ccache(kcm_context, &ccache); /* retained by event queue */ + kcm_release_ccache(kcm_context, ccache); /* retained by event queue */ return ret; } @@ -321,7 +330,7 @@ kcm_configure(int argc, char **argv) krb5_error_code ret; int optind = 0; const char *p; - + while(getarg(args, num_args, argc, argv, &optind)) warnx("error at argument `%s'", argv[optind]); @@ -338,7 +347,7 @@ kcm_configure(int argc, char **argv) if (argc != 0) usage(1); - + { char **files; @@ -348,10 +357,10 @@ kcm_configure(int argc, char **argv) ret = krb5_prepend_config_files_default(config_file, &files); if (ret) krb5_err(kcm_context, 1, ret, "getting configuration files"); - + ret = krb5_set_config_files(kcm_context, files); krb5_free_config_files(files); - if(ret) + if(ret) krb5_err(kcm_context, 1, ret, "reading configuration files"); } @@ -378,11 +387,13 @@ kcm_configure(int argc, char **argv) krb5_err(kcm_context, 1, ret, "initializing system ccache"); } - if(detach_from_console == -1) +#ifdef SUPPORT_DETACH + if(detach_from_console == -1) detach_from_console = krb5_config_get_bool_default(kcm_context, NULL, DETACH_IS_DEFAULT, "kcm", "detach", NULL); +#endif kcm_openlog(); if(max_request == 0) max_request = 64 * 1024; diff --git a/crypto/heimdal/kcm/connect.c b/crypto/heimdal/kcm/connect.c index edad6fcdf25..ee09193b352 100644 --- a/crypto/heimdal/kcm/connect.c +++ b/crypto/heimdal/kcm/connect.c @@ -1,688 +1,84 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kcm_locl.h" -RCSID("$Id: connect.c 16314 2005-11-29 19:03:50Z lha $"); - -struct descr { - int s; - int type; - char *path; - unsigned char *buf; - size_t size; - size_t len; - time_t timeout; - struct sockaddr_storage __ss; - struct sockaddr *sa; - socklen_t sock_len; +void +kcm_service(void *ctx, const heim_idata *req, + const heim_icred cred, + heim_ipc_complete complete, + heim_sipc_call cctx) +{ kcm_client peercred; -}; + krb5_error_code ret; + krb5_data request, rep; + unsigned char *buf; + size_t len; -static void -init_descr(struct descr *d) -{ - memset(d, 0, sizeof(*d)); - d->sa = (struct sockaddr *)&d->__ss; - d->s = -1; -} + krb5_data_zero(&rep); -/* - * re-initialize all `n' ->sa in `d'. - */ + peercred.uid = heim_ipc_cred_get_uid(cred); + peercred.gid = heim_ipc_cred_get_gid(cred); + peercred.pid = heim_ipc_cred_get_pid(cred); + peercred.session = heim_ipc_cred_get_session(cred); -static void -reinit_descrs (struct descr *d, int n) -{ - int i; - - for (i = 0; i < n; ++i) - d[i].sa = (struct sockaddr *)&d[i].__ss; -} - -/* - * Update peer credentials from socket. - * - * SCM_CREDS can only be updated the first time there is read data to - * read from the filedescriptor, so if we read do it before this - * point, the cred data might not be is not there yet. - */ - -static int -update_client_creds(int s, kcm_client *peer) -{ -#ifdef GETPEERUCRED - /* Solaris 10 */ - { - ucred_t *peercred; - - if (getpeerucred(s, &peercred) != 0) { - peer->uid = ucred_geteuid(peercred); - peer->gid = ucred_getegid(peercred); - peer->pid = 0; - ucred_free(peercred); - return 0; - } - } -#endif -#ifdef GETPEEREID - /* FreeBSD, OpenBSD */ - { - uid_t uid; - gid_t gid; - - if (getpeereid(s, &uid, &gid) == 0) { - peer->uid = uid; - peer->gid = gid; - peer->pid = 0; - return 0; - } - } -#endif -#ifdef SO_PEERCRED - /* Linux */ - { - struct ucred pc; - socklen_t pclen = sizeof(pc); - - if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) { - peer->uid = pc.uid; - peer->gid = pc.gid; - peer->pid = pc.pid; - return 0; - } - } -#endif -#if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION) - { - struct xucred peercred; - socklen_t peercredlen = sizeof(peercred); - - if (getsockopt(s, LOCAL_PEERCRED, 1, - (void *)&peercred, &peercredlen) == 0 - && peercred.cr_version == XUCRED_VERSION) - { - peer->uid = peercred.cr_uid; - peer->gid = peercred.cr_gid; - peer->pid = 0; - return 0; - } - } -#endif -#if defined(SOCKCREDSIZE) && defined(SCM_CREDS) - /* NetBSD */ - if (peer->uid == -1) { - struct msghdr msg; - socklen_t crmsgsize; - void *crmsg; - struct cmsghdr *cmp; - struct sockcred *sc; - - memset(&msg, 0, sizeof(msg)); - crmsgsize = CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)); - if (crmsgsize == 0) - return 1 ; - - crmsg = malloc(crmsgsize); - if (crmsg == NULL) - goto failed_scm_creds; - - memset(crmsg, 0, crmsgsize); - - msg.msg_control = crmsg; - msg.msg_controllen = crmsgsize; - - if (recvmsg(s, &msg, 0) < 0) { - free(crmsg); - goto failed_scm_creds; - } - - if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) { - free(crmsg); - goto failed_scm_creds; - } - - cmp = CMSG_FIRSTHDR(&msg); - if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) { - free(crmsg); - goto failed_scm_creds; - } - - sc = (struct sockcred *)(void *)CMSG_DATA(cmp); - - peer->uid = sc->sc_euid; - peer->gid = sc->sc_egid; - peer->pid = 0; - - free(crmsg); - return 0; - } else { - /* we already got the cred, just return it */ - return 0; - } - failed_scm_creds: -#endif - krb5_warn(kcm_context, errno, "failed to determine peer identity"); - return 1; -} - - -/* - * Create the socket (family, type, port) in `d' - */ - -static void -init_socket(struct descr *d) -{ - struct sockaddr_un un; - struct sockaddr *sa = (struct sockaddr *)&un; - krb5_socklen_t sa_size = sizeof(un); - - init_descr (d); - - un.sun_family = AF_UNIX; - - if (socket_path != NULL) - d->path = socket_path; - else - d->path = _PATH_KCM_SOCKET; - - strlcpy(un.sun_path, d->path, sizeof(un.sun_path)); - - d->s = socket(AF_UNIX, SOCK_STREAM, 0); - if (d->s < 0){ - krb5_warn(kcm_context, errno, "socket(%d, %d, 0)", AF_UNIX, SOCK_STREAM); - d->s = -1; - return; - } -#if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR) - { - int one = 1; - setsockopt(d->s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)); - } -#endif -#ifdef LOCAL_CREDS - { - int one = 1; - setsockopt(d->s, 0, LOCAL_CREDS, (void *)&one, sizeof(one)); - } -#endif - - d->type = SOCK_STREAM; - - unlink(d->path); - - if (bind(d->s, sa, sa_size) < 0) { - krb5_warn(kcm_context, errno, "bind %s", un.sun_path); - close(d->s); - d->s = -1; + if (req->length < 4) { + kcm_log(1, "malformed request from process %d (too short)", + peercred.pid); + (*complete)(cctx, EINVAL, NULL); return; } - if (listen(d->s, SOMAXCONN) < 0) { - krb5_warn(kcm_context, errno, "listen %s", un.sun_path); - close(d->s); - d->s = -1; - return; - } - - chmod(d->path, 0777); - - return; -} - -/* - * Allocate descriptors for all the sockets that we should listen on - * and return the number of them. - */ - -static int -init_sockets(struct descr **desc) -{ - struct descr *d; - size_t num = 0; - - d = (struct descr *)malloc(sizeof(*d)); - if (d == NULL) { - krb5_errx(kcm_context, 1, "malloc failed"); - } - - init_socket(d); - if (d->s != -1) { - kcm_log(5, "listening on domain socket %s", d->path); - num++; - } - - reinit_descrs (d, num); - *desc = d; - - return num; -} - -/* - * handle the request in `buf, len', from `addr' (or `from' as a string), - * sending a reply in `reply'. - */ - -static int -process_request(unsigned char *buf, - size_t len, - krb5_data *reply, - kcm_client *client) -{ - krb5_data request; - - if (len < 4) { - kcm_log(1, "malformed request from process %d (too short)", - client->pid); - return -1; - } + buf = req->data; + len = req->length; if (buf[0] != KCM_PROTOCOL_VERSION_MAJOR || buf[1] != KCM_PROTOCOL_VERSION_MINOR) { kcm_log(1, "incorrect protocol version %d.%d from process %d", - buf[0], buf[1], client->pid); - return -1; + buf[0], buf[1], peercred.pid); + (*complete)(cctx, EINVAL, NULL); + return; } - buf += 2; - len -= 2; + request.data = buf + 2; + request.length = len - 2; /* buf is now pointing at opcode */ - request.data = buf; - request.length = len; + ret = kcm_dispatch(kcm_context, &peercred, &request, &rep); - return kcm_dispatch(kcm_context, client, &request, reply); + (*complete)(cctx, ret, &rep); + krb5_data_free(&rep); } - -/* - * Handle the request in `buf, len' to socket `d' - */ - -static void -do_request(void *buf, size_t len, struct descr *d) -{ - krb5_error_code ret; - krb5_data reply; - - reply.length = 0; - - ret = process_request(buf, len, &reply, &d->peercred); - if (reply.length != 0) { - unsigned char len[4]; - struct msghdr msghdr; - struct iovec iov[2]; - - kcm_log(5, "sending %lu bytes to process %d", - (unsigned long)reply.length, - (int)d->peercred.pid); - - memset (&msghdr, 0, sizeof(msghdr)); - msghdr.msg_name = NULL; - msghdr.msg_namelen = 0; - msghdr.msg_iov = iov; - msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov); -#if 0 - msghdr.msg_control = NULL; - msghdr.msg_controllen = 0; -#endif - - len[0] = (reply.length >> 24) & 0xff; - len[1] = (reply.length >> 16) & 0xff; - len[2] = (reply.length >> 8) & 0xff; - len[3] = reply.length & 0xff; - - iov[0].iov_base = (void*)len; - iov[0].iov_len = 4; - iov[1].iov_base = reply.data; - iov[1].iov_len = reply.length; - - if (sendmsg (d->s, &msghdr, 0) < 0) { - kcm_log (0, "sendmsg(%d): %d %s", (int)d->peercred.pid, - errno, strerror(errno)); - krb5_data_free(&reply); - return; - } - - krb5_data_free(&reply); - } - - if (ret) { - kcm_log(0, "Failed processing %lu byte request from process %d", - (unsigned long)len, d->peercred.pid); - } -} - -static void -clear_descr(struct descr *d) -{ - if(d->buf) - memset(d->buf, 0, d->size); - d->len = 0; - if(d->s != -1) - close(d->s); - d->s = -1; -} - -#define STREAM_TIMEOUT 4 - -/* - * accept a new stream connection on `d[parent]' and store it in `d[child]' - */ - -static void -add_new_stream (struct descr *d, int parent, int child) -{ - int s; - - if (child == -1) - return; - - d[child].peercred.pid = -1; - d[child].peercred.uid = -1; - d[child].peercred.gid = -1; - - d[child].sock_len = sizeof(d[child].__ss); - s = accept(d[parent].s, d[child].sa, &d[child].sock_len); - if(s < 0) { - krb5_warn(kcm_context, errno, "accept"); - return; - } - - if (s >= FD_SETSIZE) { - krb5_warnx(kcm_context, "socket FD too large"); - close (s); - return; - } - - d[child].s = s; - d[child].timeout = time(NULL) + STREAM_TIMEOUT; - d[child].type = SOCK_STREAM; -} - -/* - * Grow `d' to handle at least `n'. - * Return != 0 if fails - */ - -static int -grow_descr (struct descr *d, size_t n) -{ - if (d->size - d->len < n) { - unsigned char *tmp; - size_t grow; - - grow = max(1024, d->len + n); - if (d->size + grow > max_request) { - kcm_log(0, "Request exceeds max request size (%lu bytes).", - (unsigned long)d->size + grow); - clear_descr(d); - return -1; - } - tmp = realloc (d->buf, d->size + grow); - if (tmp == NULL) { - kcm_log(0, "Failed to re-allocate %lu bytes.", - (unsigned long)d->size + grow); - clear_descr(d); - return -1; - } - d->size += grow; - d->buf = tmp; - } - return 0; -} - -/* - * Handle incoming data to the stream socket in `d[index]' - */ - -static void -handle_stream(struct descr *d, int index, int min_free) -{ - unsigned char buf[1024]; - int n; - int ret = 0; - - if (d[index].timeout == 0) { - add_new_stream (d, index, min_free); - return; - } - - if (update_client_creds(d[index].s, &d[index].peercred)) { - krb5_warnx(kcm_context, "failed to update peer identity"); - clear_descr(d + index); - return; - } - - if (d[index].peercred.uid == -1) { - krb5_warnx(kcm_context, "failed to determine peer identity"); - clear_descr (d + index); - return; - } - - n = recvfrom(d[index].s, buf, sizeof(buf), 0, NULL, NULL); - if (n < 0) { - krb5_warn(kcm_context, errno, "recvfrom"); - return; - } else if (n == 0) { - krb5_warnx(kcm_context, "connection closed before end of data " - "after %lu bytes from process %ld", - (unsigned long) d[index].len, (long) d[index].peercred.pid); - clear_descr (d + index); - return; - } - if (grow_descr (&d[index], n)) - return; - memcpy(d[index].buf + d[index].len, buf, n); - d[index].len += n; - if (d[index].len > 4) { - krb5_storage *sp; - int32_t len; - - sp = krb5_storage_from_mem(d[index].buf, d[index].len); - if (sp == NULL) { - kcm_log (0, "krb5_storage_from_mem failed"); - ret = -1; - } else { - krb5_ret_int32(sp, &len); - krb5_storage_free(sp); - if (d[index].len - 4 >= len) { - memmove(d[index].buf, d[index].buf + 4, d[index].len - 4); - ret = 1; - } else - ret = 0; - } - } - if (ret < 0) - return; - else if (ret == 1) { - do_request(d[index].buf, d[index].len, &d[index]); - clear_descr(d + index); - } -} - -#ifdef HAVE_DOOR_CREATE - -static void -kcm_door_server(void *cookie, char *argp, size_t arg_size, - door_desc_t *dp, uint_t n_desc) -{ - kcm_client peercred; - door_cred_t cred; - krb5_error_code ret; - krb5_data reply; - size_t length; - char *p; - - reply.length = 0; - - p = NULL; - length = 0; - - if (door_cred(&cred) != 0) { - kcm_log(0, "door_cred failed with %s", strerror(errno)); - goto out; - } - - peercred.uid = cred.dc_euid; - peercred.gid = cred.dc_egid; - peercred.pid = cred.dc_pid; - - ret = process_request((unsigned char*)argp, arg_size, &reply, &peercred); - if (reply.length != 0) { - p = alloca(reply.length); /* XXX don't use alloca */ - if (p) { - memcpy(p, reply.data, reply.length); - length = reply.length; - } - krb5_data_free(&reply); - } - - out: - door_return(p, length, NULL, 0); -} - -static void -kcm_setup_door(void) -{ - int fd, ret; - char *path; - - fd = door_create(kcm_door_server, NULL, 0); - if (fd < 0) - krb5_err(kcm_context, 1, errno, "Failed to create door"); - - if (door_path != NULL) - path = door_path; - else - path = _PATH_KCM_DOOR; - - unlink(path); - ret = open(path, O_RDWR | O_CREAT, 0666); - if (ret < 0) - krb5_err(kcm_context, 1, errno, "Failed to create/open door"); - close(ret); - - ret = fattach(fd, path); - if (ret < 0) - krb5_err(kcm_context, 1, errno, "Failed to attach door"); - -} -#endif /* HAVE_DOOR_CREATE */ - - -void -kcm_loop(void) -{ - struct descr *d; - int ndescr; - -#ifdef HAVE_DOOR_CREATE - kcm_setup_door(); -#endif - - ndescr = init_sockets(&d); - if (ndescr <= 0) { - krb5_warnx(kcm_context, "No sockets!"); -#ifndef HAVE_DOOR_CREATE - exit(1); -#endif - } - while (exit_flag == 0){ - struct timeval tmout; - fd_set fds; - int min_free = -1; - int max_fd = 0; - int i; - - FD_ZERO(&fds); - for(i = 0; i < ndescr; i++) { - if (d[i].s >= 0){ - if(d[i].type == SOCK_STREAM && - d[i].timeout && d[i].timeout < time(NULL)) { - kcm_log(1, "Stream connection from %d expired after %lu bytes", - d[i].peercred.pid, (unsigned long)d[i].len); - clear_descr(&d[i]); - continue; - } - if (max_fd < d[i].s) - max_fd = d[i].s; - if (max_fd >= FD_SETSIZE) - krb5_errx(kcm_context, 1, "fd too large"); - FD_SET(d[i].s, &fds); - } else if (min_free < 0 || i < min_free) - min_free = i; - } - if (min_free == -1) { - struct descr *tmp; - tmp = realloc(d, (ndescr + 4) * sizeof(*d)); - if(tmp == NULL) - krb5_warnx(kcm_context, "No memory"); - else { - d = tmp; - reinit_descrs (d, ndescr); - memset(d + ndescr, 0, 4 * sizeof(*d)); - for(i = ndescr; i < ndescr + 4; i++) - init_descr (&d[i]); - min_free = ndescr; - ndescr += 4; - } - } - - tmout.tv_sec = STREAM_TIMEOUT; - tmout.tv_usec = 0; - switch (select(max_fd + 1, &fds, 0, 0, &tmout)){ - case 0: - kcm_run_events(kcm_context, time(NULL)); - break; - case -1: - if (errno != EINTR) - krb5_warn(kcm_context, errno, "select"); - break; - default: - for(i = 0; i < ndescr; i++) { - if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) { - if (d[i].type == SOCK_STREAM) - handle_stream(d, i, min_free); - } - } - kcm_run_events(kcm_context, time(NULL)); - break; - } - } - if (d->path != NULL) - unlink(d->path); - free(d); -} - diff --git a/crypto/heimdal/kcm/cursor.c b/crypto/heimdal/kcm/cursor.c deleted file mode 100644 index 701f770219f..00000000000 --- a/crypto/heimdal/kcm/cursor.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright (c) 2005, PADL Software Pty Ltd. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of PADL Software nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kcm_locl.h" - -RCSID("$Id: cursor.c 17447 2006-05-05 10:52:01Z lha $"); - -krb5_error_code -kcm_cursor_new(krb5_context context, - pid_t pid, - kcm_ccache ccache, - uint32_t *cursor) -{ - kcm_cursor **p; - krb5_error_code ret; - - *cursor = 0; - - KCM_ASSERT_VALID(ccache); - - HEIMDAL_MUTEX_lock(&ccache->mutex); - for (p = &ccache->cursors; *p != NULL; p = &(*p)->next) - ; - - *p = (kcm_cursor *)malloc(sizeof(kcm_cursor)); - if (*p == NULL) { - ret = KRB5_CC_NOMEM; - goto out; - } - - (*p)->pid = pid; - (*p)->key = ++ccache->n_cursor; - (*p)->credp = ccache->creds; - (*p)->next = NULL; - - *cursor = (*p)->key; - - ret = 0; - -out: - HEIMDAL_MUTEX_unlock(&ccache->mutex); - - return ret; -} - -krb5_error_code -kcm_cursor_find(krb5_context context, - pid_t pid, - kcm_ccache ccache, - uint32_t key, - kcm_cursor **cursor) -{ - kcm_cursor *p; - krb5_error_code ret; - - KCM_ASSERT_VALID(ccache); - - if (key == 0) - return KRB5_CC_NOTFOUND; - - ret = KRB5_CC_END; - - HEIMDAL_MUTEX_lock(&ccache->mutex); - - for (p = ccache->cursors; p != NULL; p = p->next) { - if (p->key == key) { - if (p->pid != pid) - ret = KRB5_FCC_PERM; - else - ret = 0; - break; - } - } - - if (ret == 0) - *cursor = p; - - HEIMDAL_MUTEX_unlock(&ccache->mutex); - - return ret; -} - -krb5_error_code -kcm_cursor_delete(krb5_context context, - pid_t pid, - kcm_ccache ccache, - uint32_t key) -{ - kcm_cursor **p; - krb5_error_code ret; - - KCM_ASSERT_VALID(ccache); - - if (key == 0) - return KRB5_CC_NOTFOUND; - - ret = KRB5_CC_END; - - HEIMDAL_MUTEX_lock(&ccache->mutex); - - for (p = &ccache->cursors; *p != NULL; p = &(*p)->next) { - if ((*p)->key == key) { - if ((*p)->pid != pid) - ret = KRB5_FCC_PERM; - else - ret = 0; - break; - } - } - - if (ret == 0) { - kcm_cursor *x = *p; - - *p = x->next; - free(x); - } - - HEIMDAL_MUTEX_unlock(&ccache->mutex); - - return ret; -} - diff --git a/crypto/heimdal/kcm/events.c b/crypto/heimdal/kcm/events.c index f1110d110f2..e9c375f6a13 100644 --- a/crypto/heimdal/kcm/events.c +++ b/crypto/heimdal/kcm/events.c @@ -32,7 +32,7 @@ #include "kcm_locl.h" -RCSID("$Id: events.c 15294 2005-05-30 01:43:23Z lukeh $"); +RCSID("$Id$"); /* thread-safe in case we multi-thread later */ static HEIMDAL_MUTEX events_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -161,7 +161,7 @@ kcm_remove_event_internal(krb5_context context, (*e)->fire_count = 0; (*e)->expire_time = 0; (*e)->backoff_time = 0; - kcm_release_ccache(context, &(*e)->ccache); + kcm_release_ccache(context, (*e)->ccache); (*e)->next = NULL; free(*e); @@ -206,7 +206,7 @@ kcm_ccache_make_default_event(krb5_context context, krb5_error_code ret = 0; kcm_ccache ccache = event->ccache; - event->fire_time = 0; + event->fire_time = 0; event->expire_time = 0; event->backoff_time = KCM_EVENT_DEFAULT_BACKOFF_TIME; @@ -353,7 +353,7 @@ kcm_fire_event(krb5_context context, event->fire_count++; if (ret) { - /* Reschedule failed event for another time */ + /* Reschedule failed event for another time */ event->fire_time += event->backoff_time; if (event->backoff_time < KCM_EVENT_MAX_BACKOFF_TIME) event->backoff_time *= 2; @@ -394,8 +394,7 @@ kcm_fire_event(krb5_context context, } krb5_error_code -kcm_run_events(krb5_context context, - time_t now) +kcm_run_events(krb5_context context, time_t now) { krb5_error_code ret; kcm_event **e; diff --git a/crypto/heimdal/kcm/glue.c b/crypto/heimdal/kcm/glue.c index be217f344f4..8b0d1722644 100644 --- a/crypto/heimdal/kcm/glue.c +++ b/crypto/heimdal/kcm/glue.c @@ -32,7 +32,7 @@ #include "kcm_locl.h" -RCSID("$Id: glue.c 14566 2005-02-06 01:22:49Z lukeh $"); +RCSID("$Id$"); /* * Server-side loopback glue for credentials cache operations; this @@ -247,6 +247,7 @@ kcmss_get_version(krb5_context context, } static const krb5_cc_ops krb5_kcmss_ops = { + KRB5_CC_OPS_VERSION, "KCM", kcmss_get_name, kcmss_resolve, diff --git a/crypto/heimdal/kcm/headers.h b/crypto/heimdal/kcm/headers.h index 1042dd8d620..603a6b811ed 100644 --- a/crypto/heimdal/kcm/headers.h +++ b/crypto/heimdal/kcm/headers.h @@ -33,9 +33,9 @@ #ifndef __HEADERS_H__ #define __HEADERS_H__ -#ifdef HAVE_CONFIG_H + #include -#endif + #include #include #include @@ -70,20 +70,21 @@ #ifdef HAVE_LIBUTIL_H #include #endif -#ifdef HAVE_GETPEERUCRED -#include -#endif -#ifdef HAVE_DOOR_CREATE -#include -#include -#endif +#include #include #include #include #include #include +#include + + #include -#include +#include + +#include + +#include "crypto-headers.h" #endif /* __HEADERS_H__ */ diff --git a/crypto/heimdal/kcm/kcm_protos.h b/crypto/heimdal/kcm/kcm-protos.h similarity index 88% rename from crypto/heimdal/kcm/kcm_protos.h rename to crypto/heimdal/kcm/kcm-protos.h index 0fcea7511f9..1f985c601dd 100644 --- a/crypto/heimdal/kcm/kcm_protos.h +++ b/crypto/heimdal/kcm/kcm-protos.h @@ -43,6 +43,15 @@ kcm_ccache_enqueue_default ( kcm_ccache /*ccache*/, krb5_creds */*newcred*/); +struct kcm_creds * +kcm_ccache_find_cred_uuid ( + krb5_context /*context*/, + kcm_ccache /*ccache*/, + kcmuuid_t /*uuid*/); + +char * +kcm_ccache_first_name (kcm_client */*client*/); + krb5_error_code kcm_ccache_gen_new ( krb5_context /*context*/, @@ -51,6 +60,13 @@ kcm_ccache_gen_new ( gid_t /*gid*/, kcm_ccache */*ccache*/); +krb5_error_code +kcm_ccache_get_uuids ( + krb5_context /*context*/, + kcm_client */*client*/, + kcm_operation /*opcode*/, + krb5_storage */*sp*/); + krb5_error_code kcm_ccache_new ( krb5_context /*context*/, @@ -105,6 +121,12 @@ kcm_ccache_resolve ( const char */*name*/, kcm_ccache */*ccache*/); +krb5_error_code +kcm_ccache_resolve_by_uuid ( + krb5_context /*context*/, + kcmuuid_t /*uuid*/, + kcm_ccache */*ccache*/); + krb5_error_code kcm_ccache_resolve_client ( krb5_context /*context*/, @@ -169,28 +191,6 @@ kcm_configure ( int /*argc*/, char **/*argv*/); -krb5_error_code -kcm_cursor_delete ( - krb5_context /*context*/, - pid_t /*pid*/, - kcm_ccache /*ccache*/, - uint32_t /*key*/); - -krb5_error_code -kcm_cursor_find ( - krb5_context /*context*/, - pid_t /*pid*/, - kcm_ccache /*ccache*/, - uint32_t /*key*/, - kcm_cursor **/*cursor*/); - -krb5_error_code -kcm_cursor_new ( - krb5_context /*context*/, - pid_t /*pid*/, - kcm_ccache /*ccache*/, - uint32_t */*cursor*/); - krb5_error_code kcm_debug_ccache (krb5_context /*context*/); @@ -225,6 +225,12 @@ kcm_internal_ccache ( kcm_ccache /*c*/, krb5_ccache /*id*/); +int +kcm_is_same_session ( + kcm_client */*client*/, + uid_t /*uid*/, + pid_t /*session*/); + void kcm_log ( int /*level*/, @@ -243,10 +249,8 @@ kcm_log_msg_va ( const char */*fmt*/, va_list /*ap*/); -void -kcm_loop (void); - -const char *kcm_op2string (kcm_operation /*opcode*/); +const char * +kcm_op2string (kcm_operation /*opcode*/); void kcm_openlog (void); @@ -254,7 +258,7 @@ kcm_openlog (void); krb5_error_code kcm_release_ccache ( krb5_context /*context*/, - kcm_ccache */*ccache*/); + kcm_ccache /*c*/); krb5_error_code kcm_remove_event ( @@ -271,6 +275,20 @@ kcm_run_events ( krb5_context /*context*/, time_t /*now*/); +void +kcm_service ( + void */*ctx*/, + const heim_idata */*req*/, + const heim_icred /*cred*/, + heim_ipc_complete /*complete*/, + heim_sipc_call /*cctx*/); + +void +kcm_session_add (pid_t /*session_id*/); + +void +kcm_session_setup_handler (void); + krb5_error_code kcm_zero_ccache_data ( krb5_context /*context*/, diff --git a/crypto/heimdal/kcm/kcm.8 b/crypto/heimdal/kcm/kcm.8 index 4a72eb382aa..3ff9ea45abe 100644 --- a/crypto/heimdal/kcm/kcm.8 +++ b/crypto/heimdal/kcm/kcm.8 @@ -1,96 +1,95 @@ -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.\" $Id: kcm.8 15497 2005-06-20 13:32:44Z lha $ +.\" $Id$ .\" .Dd May 29, 2005 .Dt KCM 8 .Os Heimdal .Sh NAME .Nm kcm -.Nd -is a process based credential cache for Kerberos tickets. +.Nd process-based credential cache for Kerberos tickets. .Sh SYNOPSIS .Nm -.Op Fl -cache-name= Ns Ar cachename +.Op Fl Fl cache-name= Ns Ar cachename .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl g Ar group \*(Ba Xo -.Fl -group= Ns Ar group +.Fl Fl group= Ns Ar group .Xc .Oc -.Op Fl -max-request= Ns Ar size -.Op Fl -disallow-getting-krbtgt -.Op Fl -detach -.Op Fl h | Fl -help +.Op Fl Fl max-request= Ns Ar size +.Op Fl Fl disallow-getting-krbtgt +.Op Fl Fl detach +.Op Fl h | Fl Fl help .Oo Fl k Ar principal \*(Ba Xo -.Fl -system-principal= Ns Ar principal +.Fl Fl system-principal= Ns Ar principal .Xc .Oc .Oo Fl l Ar time \*(Ba Xo -.Fl -lifetime= Ns Ar time +.Fl Fl lifetime= Ns Ar time .Xc .Oc .Oo Fl m Ar mode \*(Ba Xo -.Fl -mode= Ns Ar mode +.Fl Fl mode= Ns Ar mode .Xc .Oc -.Op Fl n | Fl -no-name-constraints +.Op Fl n | Fl Fl no-name-constraints .Oo Fl r Ar time \*(Ba Xo -.Fl -renewable-life= Ns Ar time +.Fl Fl renewable-life= Ns Ar time .Xc .Oc .Oo Fl s Ar path \*(Ba Xo -.Fl -socket-path= Ns Ar path +.Fl Fl socket-path= Ns Ar path .Xc .Oc .Oo Xo -.Fl -door-path= Ns Ar path +.Fl Fl door-path= Ns Ar path .Xc .Oc .Oo Fl S Ar principal \*(Ba Xo -.Fl -server= Ns Ar principal +.Fl Fl server= Ns Ar principal .Xc .Oc .Oo Fl t Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc .Oo Fl u Ar user \*(Ba Xo -.Fl -user= Ns Ar user +.Fl Fl user= Ns Ar user .Xc .Oc -.Op Fl v | Fl -version +.Op Fl v | Fl Fl version .Sh DESCRIPTION .Nm is a process based credential cache. @@ -123,95 +122,46 @@ The daemon can also keep a SYSTEM credential that server processes can use to access services. One example of usage might be an nss_ldap module that quickly needs to get credentials and doesn't want to renew -the ticket itself. +the ticket itself. .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -cache-name= Ns Ar cachename -.Xc +.It Fl Fl cache-name= Ns Ar cachename system cache name -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file location of config file -.It Xo -.Fl g Ar group , -.Fl -group= Ns Ar group -.Xc +.It Fl g Ar group , Fl Fl group= Ns Ar group system cache group -.It Xo -.Fl -max-request= Ns Ar size -.Xc +.It Fl Fl max-request= Ns Ar size max size for a kcm-request -.It Xo -.Fl -disallow-getting-krbtgt -.Xc +.It Fl Fl disallow-getting-krbtgt disallow extracting any krbtgt from the .Nm kcm daemon. -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl h , -.Fl -help -.Xc -.It Xo -.Fl k Ar principal , -.Fl -system-principal= Ns Ar principal -.Xc +.It Fl h , Fl Fl help +.It Fl k Ar principal , Fl Fl system-principal= Ns Ar principal system principal name -.It Xo -.Fl l Ar time , -.Fl -lifetime= Ns Ar time -.Xc +.It Fl l Ar time , Fl Fl lifetime= Ns Ar time lifetime of system tickets -.It Xo -.Fl m Ar mode , -.Fl -mode= Ns Ar mode -.Xc +.It Fl m Ar mode , Fl Fl mode= Ns Ar mode octal mode of system cache -.It Xo -.Fl n , -.Fl -no-name-constraints -.Xc +.It Fl n , Fl Fl no-name-constraints disable credentials cache name constraints -.It Xo -.Fl r Ar time , -.Fl -renewable-life= Ns Ar time -.Xc +.It Fl r Ar time , Fl Fl renewable-life= Ns Ar time renewable lifetime of system tickets -.It Xo -.Fl s Ar path , -.Fl -socket-path= Ns Ar path -.Xc +.It Fl s Ar path , Fl Fl socket-path= Ns Ar path path to kcm domain socket -.It Xo -.Fl -door-path= Ns Ar path -.Xc +.It Fl Fl door-path= Ns Ar path path to kcm door socket -.It Xo -.Fl S Ar principal , -.Fl -server= Ns Ar principal -.Xc +.It Fl S Ar principal , Fl Fl server= Ns Ar principal server to get system ticket for -.It Xo -.Fl t Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl t Ar keytab , Fl Fl keytab= Ns Ar keytab system keytab name -.It Xo -.Fl u Ar user , -.Fl -user= Ns Ar user -.Xc +.It Fl u Ar user , Fl Fl user= Ns Ar user system cache owner -.It Xo -.Fl v , -.Fl -version -.Xc +.It Fl v , Fl Fl version .El .\".Sh ENVIRONMENT .\".Sh FILES diff --git a/crypto/heimdal/kcm/kcm_locl.h b/crypto/heimdal/kcm/kcm_locl.h index 75e55ee0b3f..56bb7045b45 100644 --- a/crypto/heimdal/kcm/kcm_locl.h +++ b/crypto/heimdal/kcm/kcm_locl.h @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -30,8 +32,8 @@ * SUCH DAMAGE. */ -/* - * $Id: kcm_locl.h 20470 2007-04-20 10:41:11Z lha $ +/* + * $Id$ */ #ifndef __KCM_LOCL_H__ @@ -65,30 +67,36 @@ struct kcm_ccache_data; struct kcm_creds; -typedef struct kcm_cursor { - pid_t pid; - uint32_t key; - struct kcm_creds *credp; /* pointer to next credential */ - struct kcm_cursor *next; -} kcm_cursor; +struct kcm_default_cache { + uid_t uid; + pid_t session; /* really au_asid_t */ + char *name; + struct kcm_default_cache *next; +}; + +extern struct kcm_default_cache *default_caches; + +struct kcm_creds { + kcmuuid_t uuid; + krb5_creds cred; + struct kcm_creds *next; +}; typedef struct kcm_ccache_data { char *name; + kcmuuid_t uuid; unsigned refcnt; uint16_t flags; uint16_t mode; uid_t uid; gid_t gid; + pid_t session; /* really au_asid_t */ krb5_principal client; /* primary client principal */ krb5_principal server; /* primary server principal (TGS if NULL) */ - struct kcm_creds { - krb5_creds cred; /* XXX would be useful for have ACLs on creds */ - struct kcm_creds *next; - } *creds; - uint32_t n_cursor; - kcm_cursor *cursors; + struct kcm_creds *creds; krb5_deltat tkt_life; krb5_deltat renew_life; + int32_t kdc_offset; union { krb5_keytab keytab; krb5_keyblock keyblock; @@ -138,6 +146,7 @@ typedef struct kcm_client { pid_t pid; uid_t uid; gid_t gid; + pid_t session; } kcm_client; #define CLIENT_IS_ROOT(client) ((client)->uid == 0) @@ -160,14 +169,20 @@ extern char *door_path; extern size_t max_request; extern sig_atomic_t exit_flag; extern int name_constraints; +#ifdef SUPPORT_DETACH extern int detach_from_console; +#endif +extern int launchd_flag; extern int disallow_getting_krbtgt; #if 0 extern const krb5_cc_ops krb5_kcmss_ops; #endif -#include +void kcm_service(void *, const heim_idata *, const heim_icred, + heim_ipc_complete, heim_sipc_call); + +#include #endif /* __KCM_LOCL_H__ */ diff --git a/crypto/heimdal/kcm/log.c b/crypto/heimdal/kcm/log.c index 351782eba87..34f1bbf7901 100644 --- a/crypto/heimdal/kcm/log.c +++ b/crypto/heimdal/kcm/log.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kcm_locl.h" -RCSID("$Id: log.c 14566 2005-02-06 01:22:49Z lukeh $"); +RCSID("$Id$"); static krb5_log_facility *logf; diff --git a/crypto/heimdal/kcm/main.c b/crypto/heimdal/kcm/main.c index da88a2c653c..2b3af222039 100644 --- a/crypto/heimdal/kcm/main.c +++ b/crypto/heimdal/kcm/main.c @@ -1,44 +1,46 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kcm_locl.h" -RCSID("$Id: main.c 15298 2005-05-30 10:58:14Z lha $"); +RCSID("$Id$"); sig_atomic_t exit_flag = 0; krb5_context kcm_context = NULL; +const char *service_name = "org.h5l.kcm"; + static RETSIGTYPE sigterm(int sig) { @@ -70,7 +72,7 @@ main(int argc, char **argv) } kcm_configure(argc, argv); - + #ifdef HAVE_SIGACTION { struct sigaction sa; @@ -98,10 +100,22 @@ main(int argc, char **argv) signal(SIGUSR2, sigusr2); signal(SIGPIPE, SIG_IGN); #endif +#ifdef SUPPORT_DETACH if (detach_from_console) daemon(0, 0); +#endif pidfile(NULL); - kcm_loop(); + + if (launchd_flag) { + heim_sipc mach; + heim_sipc_launchd_mach_init(service_name, kcm_service, NULL, &mach); + } else { + heim_sipc un; + heim_sipc_service_unix(service_name, kcm_service, NULL, &un); + } + + heim_ipc_main(); + krb5_free_context(kcm_context); return 0; } diff --git a/crypto/heimdal/kcm/protocol.c b/crypto/heimdal/kcm/protocol.c index bb3c6538f04..0cf7157b7a7 100644 --- a/crypto/heimdal/kcm/protocol.c +++ b/crypto/heimdal/kcm/protocol.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -31,8 +33,22 @@ */ #include "kcm_locl.h" +#include -RCSID("$Id: protocol.c 22112 2007-12-03 19:34:33Z lha $"); +static void +kcm_drop_default_cache(krb5_context context, kcm_client *client, char *name); + + +int +kcm_is_same_session(kcm_client *client, uid_t uid, pid_t session) +{ +#if 0 /* XXX pppd is running in diffrent session the user */ + if (session != -1) + return (client->session == session); + else +#endif + return (client->uid == uid); +} static krb5_error_code kcm_op_noop(krb5_context context, @@ -43,7 +59,7 @@ kcm_op_noop(krb5_context context, { KCM_LOG_REQUEST(context, client, opcode); - return 0; + return 0; } /* @@ -80,19 +96,19 @@ kcm_op_get_name(krb5_context context, ret = krb5_store_stringz(response, ccache->name); if (ret) { - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); free(name); return ret; } free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return 0; } /* * Request: - * + * * Response: * NameZ */ @@ -123,9 +139,9 @@ kcm_op_gen_new(krb5_context context, * Request: * NameZ * Principal - * + * * Response: - * + * */ static krb5_error_code kcm_op_initialize(krb5_context context, @@ -181,7 +197,7 @@ kcm_op_initialize(krb5_context context, ret = kcm_enqueue_event_relative(context, &event); #endif - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } @@ -189,9 +205,9 @@ kcm_op_initialize(krb5_context context, /* * Request: * NameZ - * + * * Response: - * + * */ static krb5_error_code kcm_op_destroy(krb5_context context, @@ -210,6 +226,8 @@ kcm_op_destroy(krb5_context context, KCM_LOG_REQUEST_NAME(context, client, opcode, name); ret = kcm_ccache_destroy_client(context, client, name); + if (ret == 0) + kcm_drop_default_cache(context, client, name); free(name); @@ -220,9 +238,9 @@ kcm_op_destroy(krb5_context context, * Request: * NameZ * Creds - * + * * Response: - * + * */ static krb5_error_code kcm_op_store(krb5_context context, @@ -260,14 +278,14 @@ kcm_op_store(krb5_context context, if (ret) { free(name); krb5_free_cred_contents(context, &creds); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } kcm_ccache_enqueue_default(context, ccache, &creds); free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return 0; } @@ -280,7 +298,7 @@ kcm_op_store(krb5_context context, * * Response: * Creds - * + * */ static krb5_error_code kcm_op_retrieve(krb5_context context, @@ -334,7 +352,8 @@ kcm_op_retrieve(krb5_context context, ret = kcm_ccache_retrieve_cred(context, ccache, flags, &mcreds, &credp); - if (ret && ((flags & KRB5_GC_CACHED) == 0)) { + if (ret && ((flags & KRB5_GC_CACHED) == 0) && + !krb5_is_config_principal(context, mcreds.server)) { krb5_ccache_data ccdata; /* try and acquire */ @@ -357,7 +376,7 @@ kcm_op_retrieve(krb5_context context, free(name); krb5_free_cred_contents(context, &mcreds); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); if (free_creds) krb5_free_cred_contents(context, credp); @@ -402,7 +421,7 @@ kcm_op_get_principal(krb5_context context, ret = krb5_store_principal(response, ccache->client); free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return 0; } @@ -412,19 +431,19 @@ kcm_op_get_principal(krb5_context context, * NameZ * * Response: - * Cursor - * + * UUIDs + * */ static krb5_error_code -kcm_op_get_first(krb5_context context, - kcm_client *client, - kcm_operation opcode, - krb5_storage *request, - krb5_storage *response) +kcm_op_get_cred_uuid_list(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) { + struct kcm_creds *creds; krb5_error_code ret; kcm_ccache ccache; - uint32_t cursor; char *name; ret = krb5_ret_stringz(request, &name); @@ -435,22 +454,20 @@ kcm_op_get_first(krb5_context context, ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); - if (ret) { - free(name); - return ret; - } - - ret = kcm_cursor_new(context, client->pid, ccache, &cursor); - if (ret) { - kcm_release_ccache(context, &ccache); - free(name); - return ret; - } - - ret = krb5_store_int32(response, cursor); - free(name); - kcm_release_ccache(context, &ccache); + if (ret) + return ret; + + for (creds = ccache->creds ; creds ; creds = creds->next) { + ssize_t sret; + sret = krb5_storage_write(response, &creds->uuid, sizeof(creds->uuid)); + if (sret != sizeof(creds->uuid)) { + ret = ENOMEM; + break; + } + } + + kcm_release_ccache(context, ccache); return ret; } @@ -464,17 +481,18 @@ kcm_op_get_first(krb5_context context, * Creds */ static krb5_error_code -kcm_op_get_next(krb5_context context, - kcm_client *client, - kcm_operation opcode, - krb5_storage *request, - krb5_storage *response) +kcm_op_get_cred_by_uuid(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) { krb5_error_code ret; kcm_ccache ccache; char *name; - uint32_t cursor; - kcm_cursor *c; + struct kcm_creds *c; + kcmuuid_t uuid; + ssize_t sret; ret = krb5_ret_stringz(request, &name); if (ret) @@ -482,84 +500,30 @@ kcm_op_get_next(krb5_context context, KCM_LOG_REQUEST_NAME(context, client, opcode, name); - ret = krb5_ret_uint32(request, &cursor); - if (ret) { - free(name); - return ret; - } - ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); - if (ret) { - free(name); + free(name); + if (ret) return ret; + + sret = krb5_storage_read(request, &uuid, sizeof(uuid)); + if (sret != sizeof(uuid)) { + kcm_release_ccache(context, ccache); + krb5_clear_error_message(context); + return KRB5_CC_IO; } - ret = kcm_cursor_find(context, client->pid, ccache, cursor, &c); - if (ret) { - kcm_release_ccache(context, &ccache); - free(name); - return ret; + c = kcm_ccache_find_cred_uuid(context, ccache, uuid); + if (c == NULL) { + kcm_release_ccache(context, ccache); + return KRB5_CC_END; } HEIMDAL_MUTEX_lock(&ccache->mutex); - if (c->credp == NULL) { - ret = KRB5_CC_END; - } else { - ret = krb5_store_creds(response, &c->credp->cred); - c->credp = c->credp->next; - } + ret = krb5_store_creds(response, &c->cred); HEIMDAL_MUTEX_unlock(&ccache->mutex); - free(name); - kcm_release_ccache(context, &ccache); - - return ret; -} - -/* - * Request: - * NameZ - * Cursor - * - * Response: - * - */ -static krb5_error_code -kcm_op_end_get(krb5_context context, - kcm_client *client, - kcm_operation opcode, - krb5_storage *request, - krb5_storage *response) -{ - krb5_error_code ret; - kcm_ccache ccache; - uint32_t cursor; - char *name; - - ret = krb5_ret_stringz(request, &name); - if (ret) - return ret; - - KCM_LOG_REQUEST_NAME(context, client, opcode, name); - - ret = krb5_ret_uint32(request, &cursor); - if (ret) { - free(name); - return ret; - } - - ret = kcm_ccache_resolve_client(context, client, opcode, - name, &ccache); - if (ret) { - free(name); - return ret; - } - - ret = kcm_cursor_delete(context, client->pid, ccache, cursor); - - free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } @@ -571,7 +535,7 @@ kcm_op_end_get(krb5_context context, * MatchCreds * * Response: - * + * */ static krb5_error_code kcm_op_remove_cred(krb5_context context, @@ -618,7 +582,7 @@ kcm_op_remove_cred(krb5_context context, free(name); krb5_free_cred_contents(context, &mcreds); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } @@ -629,7 +593,7 @@ kcm_op_remove_cred(krb5_context context, * Flags * * Response: - * + * */ static krb5_error_code kcm_op_set_flags(krb5_context context, @@ -664,7 +628,7 @@ kcm_op_set_flags(krb5_context context, /* we don't really support any flags yet */ free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return 0; } @@ -676,7 +640,7 @@ kcm_op_set_flags(krb5_context context, * GID * * Response: - * + * */ static krb5_error_code kcm_op_chown(krb5_context context, @@ -719,7 +683,7 @@ kcm_op_chown(krb5_context context, ret = kcm_chown(context, client, ccache, uid, gid); free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } @@ -730,7 +694,7 @@ kcm_op_chown(krb5_context context, * Mode * * Response: - * + * */ static krb5_error_code kcm_op_chmod(krb5_context context, @@ -766,7 +730,7 @@ kcm_op_chmod(krb5_context context, ret = kcm_chmod(context, client, ccache, mode); free(name); - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } @@ -863,7 +827,7 @@ kcm_op_get_initial_ticket(krb5_context context, krb5_free_keyblock(context, &key); } - kcm_release_ccache(context, &ccache); + kcm_release_ccache(context, ccache); return ret; } @@ -926,7 +890,7 @@ kcm_op_get_ticket(krb5_context context, free(name); return ret; } - + HEIMDAL_MUTEX_lock(&ccache->mutex); /* Fake up an internal ccache */ @@ -942,14 +906,796 @@ kcm_op_get_ticket(krb5_context context, HEIMDAL_MUTEX_unlock(&ccache->mutex); + krb5_free_principal(context, server); + if (ret == 0) krb5_free_cred_contents(context, out); + kcm_release_ccache(context, ccache); free(name); return ret; } +/* + * Request: + * OldNameZ + * NewNameZ + * + * Repsonse: + * + */ +static krb5_error_code +kcm_op_move_cache(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + krb5_error_code ret; + kcm_ccache oldid, newid; + char *oldname, *newname; + + ret = krb5_ret_stringz(request, &oldname); + if (ret) + return ret; + + KCM_LOG_REQUEST_NAME(context, client, opcode, oldname); + + ret = krb5_ret_stringz(request, &newname); + if (ret) { + free(oldname); + return ret; + } + + /* move to ourself is simple, done! */ + if (strcmp(oldname, newname) == 0) { + free(oldname); + free(newname); + return 0; + } + + ret = kcm_ccache_resolve_client(context, client, opcode, oldname, &oldid); + if (ret) { + free(oldname); + free(newname); + return ret; + } + + /* Check if new credential cache exists, if not create one. */ + ret = kcm_ccache_resolve_client(context, client, opcode, newname, &newid); + if (ret == KRB5_FCC_NOFILE) + ret = kcm_ccache_new_client(context, client, newname, &newid); + free(newname); + + if (ret) { + free(oldname); + kcm_release_ccache(context, oldid); + return ret; + } + + HEIMDAL_MUTEX_lock(&oldid->mutex); + HEIMDAL_MUTEX_lock(&newid->mutex); + + /* move content */ + { + kcm_ccache_data tmp; + +#define MOVE(n,o,f) { tmp.f = n->f ; n->f = o->f; o->f = tmp.f; } + + MOVE(newid, oldid, flags); + MOVE(newid, oldid, client); + MOVE(newid, oldid, server); + MOVE(newid, oldid, creds); + MOVE(newid, oldid, tkt_life); + MOVE(newid, oldid, renew_life); + MOVE(newid, oldid, key); + MOVE(newid, oldid, kdc_offset); +#undef MOVE + } + + HEIMDAL_MUTEX_unlock(&oldid->mutex); + HEIMDAL_MUTEX_unlock(&newid->mutex); + + kcm_release_ccache(context, oldid); + kcm_release_ccache(context, newid); + + ret = kcm_ccache_destroy_client(context, client, oldname); + if (ret == 0) + kcm_drop_default_cache(context, client, oldname); + + free(oldname); + + return ret; +} + +static krb5_error_code +kcm_op_get_cache_uuid_list(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + KCM_LOG_REQUEST(context, client, opcode); + + return kcm_ccache_get_uuids(context, client, opcode, response); +} + +static krb5_error_code +kcm_op_get_cache_by_uuid(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + krb5_error_code ret; + kcmuuid_t uuid; + ssize_t sret; + kcm_ccache cache; + + KCM_LOG_REQUEST(context, client, opcode); + + sret = krb5_storage_read(request, &uuid, sizeof(uuid)); + if (sret != sizeof(uuid)) { + krb5_clear_error_message(context); + return KRB5_CC_IO; + } + + ret = kcm_ccache_resolve_by_uuid(context, uuid, &cache); + if (ret) + return ret; + + ret = kcm_access(context, client, opcode, cache); + if (ret) + ret = KRB5_FCC_NOFILE; + + if (ret == 0) + ret = krb5_store_stringz(response, cache->name); + + kcm_release_ccache(context, cache); + + return ret; +} + +struct kcm_default_cache *default_caches; + +static krb5_error_code +kcm_op_get_default_cache(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_default_cache *c; + krb5_error_code ret; + const char *name = NULL; + char *n = NULL; + + KCM_LOG_REQUEST(context, client, opcode); + + for (c = default_caches; c != NULL; c = c->next) { + if (kcm_is_same_session(client, c->uid, c->session)) { + name = c->name; + break; + } + } + if (name == NULL) + name = n = kcm_ccache_first_name(client); + + if (name == NULL) { + asprintf(&n, "%d", (int)client->uid); + name = n; + } + if (name == NULL) + return ENOMEM; + ret = krb5_store_stringz(response, name); + if (n) + free(n); + return ret; +} + +static void +kcm_drop_default_cache(krb5_context context, kcm_client *client, char *name) +{ + struct kcm_default_cache **c; + + for (c = &default_caches; *c != NULL; c = &(*c)->next) { + if (!kcm_is_same_session(client, (*c)->uid, (*c)->session)) + continue; + if (strcmp((*c)->name, name) == 0) { + struct kcm_default_cache *h = *c; + *c = (*c)->next; + free(h->name); + free(h); + break; + } + } +} + +static krb5_error_code +kcm_op_set_default_cache(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_default_cache *c; + krb5_error_code ret; + char *name; + + ret = krb5_ret_stringz(request, &name); + if (ret) + return ret; + + KCM_LOG_REQUEST_NAME(context, client, opcode, name); + + for (c = default_caches; c != NULL; c = c->next) { + if (kcm_is_same_session(client, c->uid, c->session)) + break; + } + if (c == NULL) { + c = malloc(sizeof(*c)); + if (c == NULL) + return ENOMEM; + c->session = client->session; + c->uid = client->uid; + c->name = strdup(name); + + c->next = default_caches; + default_caches = c; + } else { + free(c->name); + c->name = strdup(name); + } + + return 0; +} + +static krb5_error_code +kcm_op_get_kdc_offset(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + krb5_error_code ret; + kcm_ccache ccache; + char *name; + + ret = krb5_ret_stringz(request, &name); + if (ret) + return ret; + + KCM_LOG_REQUEST_NAME(context, client, opcode, name); + + ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); + free(name); + if (ret) + return ret; + + HEIMDAL_MUTEX_lock(&ccache->mutex); + ret = krb5_store_int32(response, ccache->kdc_offset); + HEIMDAL_MUTEX_unlock(&ccache->mutex); + + kcm_release_ccache(context, ccache); + + return ret; +} + +static krb5_error_code +kcm_op_set_kdc_offset(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + krb5_error_code ret; + kcm_ccache ccache; + int32_t offset; + char *name; + + ret = krb5_ret_stringz(request, &name); + if (ret) + return ret; + + KCM_LOG_REQUEST_NAME(context, client, opcode, name); + + ret = krb5_ret_int32(request, &offset); + if (ret) { + free(name); + return ret; + } + + ret = kcm_ccache_resolve_client(context, client, opcode, name, &ccache); + free(name); + if (ret) + return ret; + + HEIMDAL_MUTEX_lock(&ccache->mutex); + ccache->kdc_offset = offset; + HEIMDAL_MUTEX_unlock(&ccache->mutex); + + kcm_release_ccache(context, ccache); + + return ret; +} + +struct kcm_ntlm_cred { + kcmuuid_t uuid; + char *user; + char *domain; + krb5_data nthash; + uid_t uid; + pid_t session; + struct kcm_ntlm_cred *next; +}; + +static struct kcm_ntlm_cred *ntlm_head; + +static void +free_cred(struct kcm_ntlm_cred *cred) +{ + free(cred->user); + free(cred->domain); + krb5_data_free(&cred->nthash); + free(cred); +} + + +/* + * name + * domain + * ntlm hash + * + * Reply: + * uuid + */ + +static struct kcm_ntlm_cred * +find_ntlm_cred(const char *user, const char *domain, kcm_client *client) +{ + struct kcm_ntlm_cred *c; + + for (c = ntlm_head; c != NULL; c = c->next) + if ((user[0] == '\0' || strcmp(user, c->user) == 0) && + (domain == NULL || strcmp(domain, c->domain) == 0) && + kcm_is_same_session(client, c->uid, c->session)) + return c; + + return NULL; +} + +static krb5_error_code +kcm_op_add_ntlm_cred(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_ntlm_cred *cred, *c; + krb5_error_code ret; + + cred = calloc(1, sizeof(*cred)); + if (cred == NULL) + return ENOMEM; + + RAND_bytes(cred->uuid, sizeof(cred->uuid)); + + ret = krb5_ret_stringz(request, &cred->user); + if (ret) + goto error; + + ret = krb5_ret_stringz(request, &cred->domain); + if (ret) + goto error; + + ret = krb5_ret_data(request, &cred->nthash); + if (ret) + goto error; + + /* search for dups */ + c = find_ntlm_cred(cred->user, cred->domain, client); + if (c) { + krb5_data hash = c->nthash; + c->nthash = cred->nthash; + cred->nthash = hash; + free_cred(cred); + cred = c; + } else { + cred->next = ntlm_head; + ntlm_head = cred; + } + + cred->uid = client->uid; + cred->session = client->session; + + /* write response */ + (void)krb5_storage_write(response, &cred->uuid, sizeof(cred->uuid)); + + return 0; + + error: + free_cred(cred); + + return ret; +} + +/* + * { "HAVE_NTLM_CRED", NULL }, + * + * input: + * name + * domain + */ + +static krb5_error_code +kcm_op_have_ntlm_cred(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_ntlm_cred *c; + char *user = NULL, *domain = NULL; + krb5_error_code ret; + + ret = krb5_ret_stringz(request, &user); + if (ret) + goto error; + + ret = krb5_ret_stringz(request, &domain); + if (ret) + goto error; + + if (domain[0] == '\0') { + free(domain); + domain = NULL; + } + + c = find_ntlm_cred(user, domain, client); + if (c == NULL) + ret = ENOENT; + + error: + free(user); + if (domain) + free(domain); + + return ret; +} + +/* + * { "DEL_NTLM_CRED", NULL }, + * + * input: + * name + * domain + */ + +static krb5_error_code +kcm_op_del_ntlm_cred(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_ntlm_cred **cp, *c; + char *user = NULL, *domain = NULL; + krb5_error_code ret; + + ret = krb5_ret_stringz(request, &user); + if (ret) + goto error; + + ret = krb5_ret_stringz(request, &domain); + if (ret) + goto error; + + for (cp = &ntlm_head; *cp != NULL; cp = &(*cp)->next) { + if (strcmp(user, (*cp)->user) == 0 && strcmp(domain, (*cp)->domain) == 0 && + kcm_is_same_session(client, (*cp)->uid, (*cp)->session)) + { + c = *cp; + *cp = c->next; + + free_cred(c); + break; + } + } + + error: + free(user); + free(domain); + + return ret; +} + +/* + * { "DO_NTLM_AUTH", NULL }, + * + * input: + * name:string + * domain:string + * type2:data + * + * reply: + * type3:data + * flags:int32 + * session-key:data + */ + +#define NTLM_FLAG_SESSIONKEY 1 +#define NTLM_FLAG_NTLM2_SESSION 2 +#define NTLM_FLAG_KEYEX 4 + +static krb5_error_code +kcm_op_do_ntlm(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_ntlm_cred *c; + struct ntlm_type2 type2; + struct ntlm_type3 type3; + char *user = NULL, *domain = NULL; + struct ntlm_buf ndata, sessionkey; + krb5_data data; + krb5_error_code ret; + uint32_t flags = 0; + + memset(&type2, 0, sizeof(type2)); + memset(&type3, 0, sizeof(type3)); + sessionkey.data = NULL; + sessionkey.length = 0; + + ret = krb5_ret_stringz(request, &user); + if (ret) + goto error; + + ret = krb5_ret_stringz(request, &domain); + if (ret) + goto error; + + if (domain[0] == '\0') { + free(domain); + domain = NULL; + } + + c = find_ntlm_cred(user, domain, client); + if (c == NULL) { + ret = EINVAL; + goto error; + } + + ret = krb5_ret_data(request, &data); + if (ret) + goto error; + + ndata.data = data.data; + ndata.length = data.length; + + ret = heim_ntlm_decode_type2(&ndata, &type2); + krb5_data_free(&data); + if (ret) + goto error; + + if (domain && strcmp(domain, type2.targetname) == 0) { + ret = EINVAL; + goto error; + } + + type3.username = c->user; + type3.flags = type2.flags; + type3.targetname = type2.targetname; + type3.ws = rk_UNCONST("workstation"); + + /* + * NTLM Version 1 if no targetinfo buffer. + */ + + if (1 || type2.targetinfo.length == 0) { + struct ntlm_buf sessionkey; + + if (type2.flags & NTLM_NEG_NTLM2_SESSION) { + unsigned char nonce[8]; + + if (RAND_bytes(nonce, sizeof(nonce)) != 1) { + ret = EINVAL; + goto error; + } + + ret = heim_ntlm_calculate_ntlm2_sess(nonce, + type2.challenge, + c->nthash.data, + &type3.lm, + &type3.ntlm); + } else { + ret = heim_ntlm_calculate_ntlm1(c->nthash.data, + c->nthash.length, + type2.challenge, + &type3.ntlm); + + } + if (ret) + goto error; + + ret = heim_ntlm_build_ntlm1_master(c->nthash.data, + c->nthash.length, + &sessionkey, + &type3.sessionkey); + if (ret) { + if (type3.lm.data) + free(type3.lm.data); + if (type3.ntlm.data) + free(type3.ntlm.data); + goto error; + } + + free(sessionkey.data); + if (ret) { + if (type3.lm.data) + free(type3.lm.data); + if (type3.ntlm.data) + free(type3.ntlm.data); + goto error; + } + flags |= NTLM_FLAG_SESSIONKEY; +#if 0 + } else { + struct ntlm_buf sessionkey; + unsigned char ntlmv2[16]; + struct ntlm_targetinfo ti; + + /* verify infotarget */ + + ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti); + if(ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data, + ctx->client->key.length, + type3.username, + name->domain, + type2.challenge, + &type2.targetinfo, + ntlmv2, + &type3.ntlm); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2), + &sessionkey, + &type3.sessionkey); + memset(ntlmv2, 0, sizeof(ntlmv2)); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } + + flags |= NTLM_FLAG_NTLM2_SESSION | + NTLM_FLAG_SESSION; + + if (type3.flags & NTLM_NEG_KEYEX) + flags |= NTLM_FLAG_KEYEX; + + ret = krb5_data_copy(&ctx->sessionkey, + sessionkey.data, sessionkey.length); + free(sessionkey.data); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } +#endif + } + +#if 0 + if (flags & NTLM_FLAG_NTLM2_SESSION) { + _gss_ntlm_set_key(&ctx->u.v2.send, 0, (ctx->flags & NTLM_NEG_KEYEX), + ctx->sessionkey.data, + ctx->sessionkey.length); + _gss_ntlm_set_key(&ctx->u.v2.recv, 1, (ctx->flags & NTLM_NEG_KEYEX), + ctx->sessionkey.data, + ctx->sessionkey.length); + } else { + flags |= NTLM_FLAG_SESSION; + RC4_set_key(&ctx->u.v1.crypto_recv.key, + ctx->sessionkey.length, + ctx->sessionkey.data); + RC4_set_key(&ctx->u.v1.crypto_send.key, + ctx->sessionkey.length, + ctx->sessionkey.data); + } +#endif + + ret = heim_ntlm_encode_type3(&type3, &ndata); + if (ret) + goto error; + + data.data = ndata.data; + data.length = ndata.length; + ret = krb5_store_data(response, data); + heim_ntlm_free_buf(&ndata); + if (ret) goto error; + + ret = krb5_store_int32(response, flags); + if (ret) goto error; + + data.data = sessionkey.data; + data.length = sessionkey.length; + + ret = krb5_store_data(response, data); + if (ret) goto error; + + error: + free(type3.username); + heim_ntlm_free_type2(&type2); + free(user); + if (domain) + free(domain); + + return ret; +} + + +/* + * { "GET_NTLM_UUID_LIST", NULL } + * + * reply: + * 1 user domain + * 0 [ end of list ] + */ + +static krb5_error_code +kcm_op_get_ntlm_user_list(krb5_context context, + kcm_client *client, + kcm_operation opcode, + krb5_storage *request, + krb5_storage *response) +{ + struct kcm_ntlm_cred *c; + krb5_error_code ret; + + for (c = ntlm_head; c != NULL; c = c->next) { + if (!kcm_is_same_session(client, c->uid, c->session)) + continue; + + ret = krb5_store_uint32(response, 1); + if (ret) + return ret; + ret = krb5_store_stringz(response, c->user); + if (ret) + return ret; + ret = krb5_store_stringz(response, c->domain); + if (ret) + return ret; + } + return krb5_store_uint32(response, 0); +} + +/* + * + */ + static struct kcm_op kcm_ops[] = { { "NOOP", kcm_op_noop }, { "GET_NAME", kcm_op_get_name }, @@ -960,19 +1706,31 @@ static struct kcm_op kcm_ops[] = { { "STORE", kcm_op_store }, { "RETRIEVE", kcm_op_retrieve }, { "GET_PRINCIPAL", kcm_op_get_principal }, - { "GET_FIRST", kcm_op_get_first }, - { "GET_NEXT", kcm_op_get_next }, - { "END_GET", kcm_op_end_get }, + { "GET_CRED_UUID_LIST", kcm_op_get_cred_uuid_list }, + { "GET_CRED_BY_UUID", kcm_op_get_cred_by_uuid }, { "REMOVE_CRED", kcm_op_remove_cred }, { "SET_FLAGS", kcm_op_set_flags }, { "CHOWN", kcm_op_chown }, { "CHMOD", kcm_op_chmod }, { "GET_INITIAL_TICKET", kcm_op_get_initial_ticket }, - { "GET_TICKET", kcm_op_get_ticket } + { "GET_TICKET", kcm_op_get_ticket }, + { "MOVE_CACHE", kcm_op_move_cache }, + { "GET_CACHE_UUID_LIST", kcm_op_get_cache_uuid_list }, + { "GET_CACHE_BY_UUID", kcm_op_get_cache_by_uuid }, + { "GET_DEFAULT_CACHE", kcm_op_get_default_cache }, + { "SET_DEFAULT_CACHE", kcm_op_set_default_cache }, + { "GET_KDC_OFFSET", kcm_op_get_kdc_offset }, + { "SET_KDC_OFFSET", kcm_op_set_kdc_offset }, + { "ADD_NTLM_CRED", kcm_op_add_ntlm_cred }, + { "HAVE_USER_CRED", kcm_op_have_ntlm_cred }, + { "DEL_NTLM_CRED", kcm_op_del_ntlm_cred }, + { "DO_NTLM_AUTH", kcm_op_do_ntlm }, + { "GET_NTLM_USER_LIST", kcm_op_get_ntlm_user_list } }; -const char *kcm_op2string(kcm_operation opcode) +const char * +kcm_op2string(kcm_operation opcode) { if (opcode >= sizeof(kcm_ops)/sizeof(kcm_ops[0])) return "Unknown operation"; @@ -1024,6 +1782,12 @@ kcm_dispatch(krb5_context context, goto out; } method = kcm_ops[opcode].method; + if (method == NULL) { + kcm_log(0, "Process %d: operation code %s not implemented", + client->pid, kcm_op2string(opcode)); + ret = KRB5_FCC_INTERNAL; + goto out; + } /* seek past place for status code */ krb5_storage_seek(resp_sp, 4, SEEK_SET); diff --git a/crypto/heimdal/kcm/renew.c b/crypto/heimdal/kcm/renew.c index 94502091350..ea06208f3e8 100644 --- a/crypto/heimdal/kcm/renew.c +++ b/crypto/heimdal/kcm/renew.c @@ -32,7 +32,7 @@ #include "kcm_locl.h" -RCSID("$Id: renew.c 14566 2005-02-06 01:22:49Z lukeh $"); +RCSID("$Id$"); krb5_error_code kcm_ccache_refresh(krb5_context context, diff --git a/crypto/heimdal/kcm/sessions.c b/crypto/heimdal/kcm/sessions.c new file mode 100644 index 00000000000..c44e48c5b00 --- /dev/null +++ b/crypto/heimdal/kcm/sessions.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kcm_locl.h" + +#if 0 +#include +#endif + +void +kcm_session_add(pid_t session_id) +{ + kcm_log(1, "monitor session: %d\n", session_id); +} + +void +kcm_session_setup_handler(void) +{ +#if 0 + au_sdev_handle_t *h; + dispatch_queue_t bgq; + + h = au_sdev_open(AU_SDEVF_ALLSESSIONS); + if (h == NULL) + return; + + bgq = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_LOW, 0); + + dispatch_async(bgq, ^{ + for (;;) { + auditinfo_addr_t aio; + int event; + + if (au_sdev_read_aia(h, &event, &aio) != 0) + continue; + + /* + * Ignore everything but END. This should relly be + * CLOSE but since that is delayed until the credential + * is reused, we can't do that + * */ + if (event != AUE_SESSION_END) + continue; + + dispatch_async(dispatch_get_main_queue(), ^{ + kcm_cache_remove_session(aio.ai_asid); + }); + } + }); +#endif +} diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c deleted file mode 100644 index 3e4ad292537..00000000000 --- a/crypto/heimdal/kdc/524.c +++ /dev/null @@ -1,400 +0,0 @@ -/* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kdc_locl.h" - -RCSID("$Id: 524.c 18270 2006-10-06 17:06:30Z lha $"); - -#include - -/* - * fetch the server from `t', returning the name in malloced memory in - * `spn' and the entry itself in `server' - */ - -static krb5_error_code -fetch_server (krb5_context context, - krb5_kdc_configuration *config, - const Ticket *t, - char **spn, - hdb_entry_ex **server, - const char *from) -{ - krb5_error_code ret; - krb5_principal sprinc; - - ret = _krb5_principalname2krb5_principal(context, &sprinc, - t->sname, t->realm); - if (ret) { - kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", - krb5_get_err_text(context, ret)); - return ret; - } - ret = krb5_unparse_name(context, sprinc, spn); - if (ret) { - krb5_free_principal(context, sprinc); - kdc_log(context, config, 0, "krb5_unparse_name: %s", - krb5_get_err_text(context, ret)); - return ret; - } - ret = _kdc_db_fetch(context, config, sprinc, HDB_F_GET_SERVER, - NULL, server); - krb5_free_principal(context, sprinc); - if (ret) { - kdc_log(context, config, 0, - "Request to convert ticket from %s for unknown principal %s: %s", - from, *spn, krb5_get_err_text(context, ret)); - if (ret == HDB_ERR_NOENTRY) - ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - return ret; - } - return 0; -} - -static krb5_error_code -log_524 (krb5_context context, - krb5_kdc_configuration *config, - const EncTicketPart *et, - const char *from, - const char *spn) -{ - krb5_principal client; - char *cpn; - krb5_error_code ret; - - ret = _krb5_principalname2krb5_principal(context, &client, - et->cname, et->crealm); - if (ret) { - kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", - krb5_get_err_text (context, ret)); - return ret; - } - ret = krb5_unparse_name(context, client, &cpn); - if (ret) { - krb5_free_principal(context, client); - kdc_log(context, config, 0, "krb5_unparse_name: %s", - krb5_get_err_text (context, ret)); - return ret; - } - kdc_log(context, config, 1, "524-REQ %s from %s for %s", cpn, from, spn); - free(cpn); - krb5_free_principal(context, client); - return 0; -} - -static krb5_error_code -verify_flags (krb5_context context, - krb5_kdc_configuration *config, - const EncTicketPart *et, - const char *spn) -{ - if(et->endtime < kdc_time){ - kdc_log(context, config, 0, "Ticket expired (%s)", spn); - return KRB5KRB_AP_ERR_TKT_EXPIRED; - } - if(et->flags.invalid){ - kdc_log(context, config, 0, "Ticket not valid (%s)", spn); - return KRB5KRB_AP_ERR_TKT_NYV; - } - return 0; -} - -/* - * set the `et->caddr' to the most appropriate address to use, where - * `addr' is the address the request was received from. - */ - -static krb5_error_code -set_address (krb5_context context, - krb5_kdc_configuration *config, - EncTicketPart *et, - struct sockaddr *addr, - const char *from) -{ - krb5_error_code ret; - krb5_address *v4_addr; - - v4_addr = malloc (sizeof(*v4_addr)); - if (v4_addr == NULL) - return ENOMEM; - - ret = krb5_sockaddr2address(context, addr, v4_addr); - if(ret) { - free (v4_addr); - kdc_log(context, config, 0, "Failed to convert address (%s)", from); - return ret; - } - - if (et->caddr && !krb5_address_search (context, v4_addr, et->caddr)) { - kdc_log(context, config, 0, "Incorrect network address (%s)", from); - krb5_free_address(context, v4_addr); - free (v4_addr); - return KRB5KRB_AP_ERR_BADADDR; - } - if(v4_addr->addr_type == KRB5_ADDRESS_INET) { - /* we need to collapse the addresses in the ticket to a - single address; best guess is to use the address the - connection came from */ - - if (et->caddr != NULL) { - free_HostAddresses(et->caddr); - } else { - et->caddr = malloc (sizeof (*et->caddr)); - if (et->caddr == NULL) { - krb5_free_address(context, v4_addr); - free(v4_addr); - return ENOMEM; - } - } - et->caddr->val = v4_addr; - et->caddr->len = 1; - } else { - krb5_free_address(context, v4_addr); - free(v4_addr); - } - return 0; -} - - -static krb5_error_code -encrypt_v4_ticket(krb5_context context, - krb5_kdc_configuration *config, - void *buf, - size_t len, - krb5_keyblock *skey, - EncryptedData *reply) -{ - krb5_crypto crypto; - krb5_error_code ret; - ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto); - if (ret) { - free(buf); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); - return ret; - } - - ret = krb5_encrypt_EncryptedData(context, - crypto, - KRB5_KU_TICKET, - buf, - len, - 0, - reply); - krb5_crypto_destroy(context, crypto); - if(ret) { - kdc_log(context, config, 0, "Failed to encrypt data: %s", - krb5_get_err_text(context, ret)); - return ret; - } - return 0; -} - -static krb5_error_code -encode_524_response(krb5_context context, - krb5_kdc_configuration *config, - const char *spn, const EncTicketPart et, - const Ticket *t, hdb_entry_ex *server, - EncryptedData *ticket, int *kvno) -{ - krb5_error_code ret; - int use_2b; - size_t len; - - use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL); - if(use_2b) { - ASN1_MALLOC_ENCODE(EncryptedData, - ticket->cipher.data, ticket->cipher.length, - &t->enc_part, &len, ret); - - if (ret) { - kdc_log(context, config, 0, - "Failed to encode v4 (2b) ticket (%s)", spn); - return ret; - } - - ticket->etype = 0; - ticket->kvno = NULL; - *kvno = 213; /* 2b's use this magic kvno */ - } else { - unsigned char buf[MAX_KTXT_LEN + 4 * 4]; - Key *skey; - - if (!config->enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) { - kdc_log(context, config, 0, "524 cross-realm %s -> %s disabled", et.crealm, - t->realm); - return KRB5KDC_ERR_POLICY; - } - - ret = _kdc_encode_v4_ticket(context, config, - buf + sizeof(buf) - 1, sizeof(buf), - &et, &t->sname, &len); - if(ret){ - kdc_log(context, config, 0, - "Failed to encode v4 ticket (%s)", spn); - return ret; - } - ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); - if(ret){ - kdc_log(context, config, 0, - "no suitable DES key for server (%s)", spn); - return ret; - } - ret = encrypt_v4_ticket(context, config, buf + sizeof(buf) - len, len, - &skey->key, ticket); - if(ret){ - kdc_log(context, config, 0, - "Failed to encrypt v4 ticket (%s)", spn); - return ret; - } - *kvno = server->entry.kvno; - } - - return 0; -} - -/* - * process a 5->4 request, based on `t', and received `from, addr', - * returning the reply in `reply' - */ - -krb5_error_code -_kdc_do_524(krb5_context context, - krb5_kdc_configuration *config, - const Ticket *t, krb5_data *reply, - const char *from, struct sockaddr *addr) -{ - krb5_error_code ret = 0; - krb5_crypto crypto; - hdb_entry_ex *server = NULL; - Key *skey; - krb5_data et_data; - EncTicketPart et; - EncryptedData ticket; - krb5_storage *sp; - char *spn = NULL; - unsigned char buf[MAX_KTXT_LEN + 4 * 4]; - size_t len; - int kvno = 0; - - if(!config->enable_524) { - ret = KRB5KDC_ERR_POLICY; - kdc_log(context, config, 0, - "Rejected ticket conversion request from %s", from); - goto out; - } - - ret = fetch_server (context, config, t, &spn, &server, from); - if (ret) { - goto out; - } - - ret = hdb_enctype2key(context, &server->entry, t->enc_part.etype, &skey); - if(ret){ - kdc_log(context, config, 0, - "No suitable key found for server (%s) from %s", spn, from); - goto out; - } - ret = krb5_crypto_init(context, &skey->key, 0, &crypto); - if (ret) { - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); - goto out; - } - ret = krb5_decrypt_EncryptedData (context, - crypto, - KRB5_KU_TICKET, - &t->enc_part, - &et_data); - krb5_crypto_destroy(context, crypto); - if(ret){ - kdc_log(context, config, 0, - "Failed to decrypt ticket from %s for %s", from, spn); - goto out; - } - ret = krb5_decode_EncTicketPart(context, et_data.data, et_data.length, - &et, &len); - krb5_data_free(&et_data); - if(ret){ - kdc_log(context, config, 0, - "Failed to decode ticket from %s for %s", from, spn); - goto out; - } - - ret = log_524 (context, config, &et, from, spn); - if (ret) { - free_EncTicketPart(&et); - goto out; - } - - ret = verify_flags (context, config, &et, spn); - if (ret) { - free_EncTicketPart(&et); - goto out; - } - - ret = set_address (context, config, &et, addr, from); - if (ret) { - free_EncTicketPart(&et); - goto out; - } - - ret = encode_524_response(context, config, spn, et, t, - server, &ticket, &kvno); - free_EncTicketPart(&et); - - out: - /* make reply */ - memset(buf, 0, sizeof(buf)); - sp = krb5_storage_from_mem(buf, sizeof(buf)); - if (sp) { - krb5_store_int32(sp, ret); - if(ret == 0){ - krb5_store_int32(sp, kvno); - krb5_store_data(sp, ticket.cipher); - /* Aargh! This is coded as a KTEXT_ST. */ - krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); - krb5_store_int32(sp, 0); /* mbz */ - free_EncryptedData(&ticket); - } - ret = krb5_storage_to_data(sp, reply); - reply->length = krb5_storage_seek(sp, 0, SEEK_CUR); - krb5_storage_free(sp); - } else - krb5_data_zero(reply); - if(spn) - free(spn); - if(server) - _kdc_free_ent (context, server); - return ret; -} diff --git a/crypto/heimdal/kdc/Makefile.am b/crypto/heimdal/kdc/Makefile.am index ff20bde9c57..5ef3cbec5d9 100644 --- a/crypto/heimdal/kdc/Makefile.am +++ b/crypto/heimdal/kdc/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am 22489 2008-01-21 11:49:06Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 lib_LTLIBRARIES = libkdc.la @@ -10,21 +10,25 @@ bin_PROGRAMS = string2key sbin_PROGRAMS = kstash -libexec_PROGRAMS = hprop hpropd kdc +libexec_PROGRAMS = hprop hpropd kdc digest-service noinst_PROGRAMS = kdc-replay man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8 -hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h +hprop_SOURCES = hprop.c mit_dump.c hprop.h hpropd_SOURCES = hpropd.c hprop.h kstash_SOURCES = kstash.c headers.h string2key_SOURCES = string2key.c headers.h +digest_service_SOURCES = \ + digest-service.c + kdc_SOURCES = connect.c \ config.c \ + announce.c \ main.c libkdc_la_SOURCES = \ @@ -39,9 +43,6 @@ libkdc_la_SOURCES = \ pkinit.c \ log.c \ misc.c \ - 524.c \ - kerberos4.c \ - kaserver.c \ kx509.c \ process.c \ windc.c \ @@ -66,7 +67,6 @@ $(srcdir)/kdc-private.h: hprop_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -76,7 +76,6 @@ hprop_LDADD = \ hpropd_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -91,7 +90,6 @@ endif libkdc_la_LIBADD = \ $(LIB_pkinit) \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(top_builddir)/lib/ntlm/libheimntlm.la \ @@ -101,7 +99,6 @@ libkdc_la_LIBADD = \ $(DBLIB) LDADD = $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -109,14 +106,34 @@ LDADD = $(top_builddir)/lib/hdb/libhdb.la \ $(LIB_roken) \ $(DBLIB) -kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) -kdc_replay_LDADD = $(kdc_LDADD) +kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(CAPNG_LIBS) + +if FRAMEWORK_SECURITY +kdc_LDFLAGS = -framework SystemConfiguration -framework CoreFoundation +endif +kdc_CFLAGS = $(CAPNG_CFLAGS) + +digest_service_LDADD = \ + libkdc.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la \ + $(top_builddir)/lib/ipc/libheim-ipcs.la \ + $(LDADD) $(LIB_pidfile) +kdc_replay_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) include_HEADERS = kdc.h kdc-protos.h + krb5dir = $(includedir)/krb5 krb5_HEADERS = windc_plugin.h build_HEADERZ = $(krb5_HEADERS) # XXX -EXTRA_DIST = $(man_MANS) version-script.map +EXTRA_DIST = \ + hprop-version.rc \ + hpropd-version.rc \ + kdc-version.rc \ + kstash-version.rc \ + libkdc-version.rc \ + string2key-version.rc \ + libkdc-exports.def \ + NTMakefile $(man_MANS) version-script.map diff --git a/crypto/heimdal/kdc/Makefile.in b/crypto/heimdal/kdc/Makefile.in index d7e623afe7e..57259cf151d 100644 --- a/crypto/heimdal/kdc/Makefile.in +++ b/crypto/heimdal/kdc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22489 2008-01-21 11:49:06Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,13 +47,14 @@ DIST_COMMON = $(include_HEADERS) $(krb5_HEADERS) $(srcdir)/Makefile.am \ $(top_srcdir)/cf/Makefile.am.common bin_PROGRAMS = string2key$(EXEEXT) sbin_PROGRAMS = kstash$(EXEEXT) -libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT) +libexec_PROGRAMS = hprop$(EXEEXT) hpropd$(EXEEXT) kdc$(EXEEXT) \ + digest-service$(EXEEXT) noinst_PROGRAMS = kdc-replay$(EXEEXT) @versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map subdir = kdc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -66,7 +69,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -80,9 +83,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -90,91 +96,108 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \ "$(DESTDIR)$(krb5dir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = libkdc_la_DEPENDENCIES = $(LIB_pkinit) \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/ntlm/libheimntlm.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_libkdc_la_OBJECTS = default_config.lo set_dbinfo.lo digest.lo \ - kerberos5.lo krb5tgs.lo pkinit.lo log.lo misc.lo 524.lo \ - kerberos4.lo kaserver.lo kx509.lo process.lo windc.lo + kerberos5.lo krb5tgs.lo pkinit.lo log.lo misc.lo kx509.lo \ + process.lo windc.lo libkdc_la_OBJECTS = $(am_libkdc_la_OBJECTS) libkdc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libkdc_la_LDFLAGS) $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) \ $(sbin_PROGRAMS) -am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT) \ - v4_dump.$(OBJEXT) +am_digest_service_OBJECTS = digest-service.$(OBJEXT) +digest_service_OBJECTS = $(am_digest_service_OBJECTS) +am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \ + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +digest_service_DEPENDENCIES = libkdc.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la \ + $(top_builddir)/lib/ipc/libheim-ipcs.la $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) +am_hprop_OBJECTS = hprop.$(OBJEXT) mit_dump.$(OBJEXT) hprop_OBJECTS = $(am_hprop_OBJECTS) hprop_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -am_hpropd_OBJECTS = hpropd.$(OBJEXT) -hpropd_OBJECTS = $(am_hpropd_OBJECTS) -hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -am_kdc_OBJECTS = connect.$(OBJEXT) config.$(OBJEXT) main.$(OBJEXT) -kdc_OBJECTS = $(am_kdc_OBJECTS) -am__DEPENDENCIES_2 = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -kdc_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \ +am_hpropd_OBJECTS = hpropd.$(OBJEXT) +hpropd_OBJECTS = $(am_hpropd_OBJECTS) +hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +am_kdc_OBJECTS = kdc-connect.$(OBJEXT) kdc-config.$(OBJEXT) \ + kdc-announce.$(OBJEXT) kdc-main.$(OBJEXT) +kdc_OBJECTS = $(am_kdc_OBJECTS) +kdc_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +kdc_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(kdc_CFLAGS) $(CFLAGS) $(kdc_LDFLAGS) \ + $(LDFLAGS) -o $@ kdc_replay_SOURCES = kdc-replay.c kdc_replay_OBJECTS = kdc-replay.$(OBJEXT) -am__DEPENDENCIES_3 = libkdc.la $(am__DEPENDENCIES_2) \ +kdc_replay_DEPENDENCIES = libkdc.la $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) -kdc_replay_DEPENDENCIES = $(am__DEPENDENCIES_3) am_kstash_OBJECTS = kstash.$(OBJEXT) kstash_OBJECTS = $(am_kstash_OBJECTS) kstash_LDADD = $(LDADD) kstash_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_string2key_OBJECTS = string2key.$(OBJEXT) string2key_OBJECTS = $(am_string2key_OBJECTS) string2key_LDADD = $(LDADD) string2key_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -184,16 +207,14 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libkdc_la_SOURCES) $(hprop_SOURCES) $(hpropd_SOURCES) \ - $(kdc_SOURCES) kdc-replay.c $(kstash_SOURCES) \ - $(string2key_SOURCES) -DIST_SOURCES = $(libkdc_la_SOURCES) $(hprop_SOURCES) $(hpropd_SOURCES) \ - $(kdc_SOURCES) kdc-replay.c $(kstash_SOURCES) \ - $(string2key_SOURCES) +SOURCES = $(libkdc_la_SOURCES) $(digest_service_SOURCES) \ + $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) kdc-replay.c \ + $(kstash_SOURCES) $(string2key_SOURCES) +DIST_SOURCES = $(libkdc_la_SOURCES) $(digest_service_SOURCES) \ + $(hprop_SOURCES) $(hpropd_SOURCES) $(kdc_SOURCES) kdc-replay.c \ + $(kstash_SOURCES) $(string2key_SOURCES) man8dir = $(mandir)/man8 MANS = $(man_MANS) -includeHEADERS_INSTALL = $(INSTALL_HEADER) -krb5HEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) $(krb5_HEADERS) ETAGS = etags CTAGS = ctags @@ -202,49 +223,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -268,10 +298,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -288,6 +319,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -303,31 +336,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -342,10 +389,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -386,39 +435,48 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_libintl) $(INCLUDE_krb4) \ + $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libkdc.la man_MANS = kdc.8 kstash.8 hprop.8 hpropd.8 string2key.8 -hprop_SOURCES = hprop.c mit_dump.c v4_dump.c hprop.h kadb.h +hprop_SOURCES = hprop.c mit_dump.c hprop.h hpropd_SOURCES = hpropd.c hprop.h kstash_SOURCES = kstash.c headers.h string2key_SOURCES = string2key.c headers.h +digest_service_SOURCES = \ + digest-service.c + kdc_SOURCES = connect.c \ config.c \ + announce.c \ main.c libkdc_la_SOURCES = \ @@ -433,9 +491,6 @@ libkdc_la_SOURCES = \ pkinit.c \ log.c \ misc.c \ - 524.c \ - kerberos4.c \ - kaserver.c \ kx509.c \ process.c \ windc.c \ @@ -444,7 +499,6 @@ libkdc_la_SOURCES = \ libkdc_la_LDFLAGS = -version-info 2:0:0 $(am__append_1) hprop_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -454,7 +508,6 @@ hprop_LDADD = \ hpropd_LDADD = \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -466,7 +519,6 @@ hpropd_LDADD = \ libkdc_la_LIBADD = \ $(LIB_pkinit) \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_kdb) $(LIB_krb4) \ $(top_builddir)/lib/ntlm/libheimntlm.la \ @@ -476,7 +528,6 @@ libkdc_la_LIBADD = \ $(DBLIB) LDADD = $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ $(LIB_hcrypto) \ @@ -484,29 +535,46 @@ LDADD = $(top_builddir)/lib/hdb/libhdb.la \ $(LIB_roken) \ $(DBLIB) -kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) -kdc_replay_LDADD = $(kdc_LDADD) +kdc_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) $(CAPNG_LIBS) +@FRAMEWORK_SECURITY_TRUE@kdc_LDFLAGS = -framework SystemConfiguration -framework CoreFoundation +kdc_CFLAGS = $(CAPNG_CFLAGS) +digest_service_LDADD = \ + libkdc.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la \ + $(top_builddir)/lib/ipc/libheim-ipcs.la \ + $(LDADD) $(LIB_pidfile) + +kdc_replay_LDADD = libkdc.la $(LDADD) $(LIB_pidfile) include_HEADERS = kdc.h kdc-protos.h krb5dir = $(includedir)/krb5 krb5_HEADERS = windc_plugin.h build_HEADERZ = $(krb5_HEADERS) # XXX -EXTRA_DIST = $(man_MANS) version-script.map +EXTRA_DIST = \ + hprop-version.rc \ + hpropd-version.rc \ + kdc-version.rc \ + kstash-version.rc \ + libkdc-version.rc \ + string2key-version.rc \ + libkdc-exports.def \ + NTMakefile $(man_MANS) version-script.map + all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kdc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps kdc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign kdc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign kdc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -524,23 +592,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -556,94 +629,144 @@ libkdc.la: $(libkdc_la_OBJECTS) $(libkdc_la_DEPENDENCIES) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +digest-service$(EXEEXT): $(digest_service_OBJECTS) $(digest_service_DEPENDENCIES) + @rm -f digest-service$(EXEEXT) + $(LINK) $(digest_service_OBJECTS) $(digest_service_LDADD) $(LIBS) hprop$(EXEEXT): $(hprop_OBJECTS) $(hprop_DEPENDENCIES) @rm -f hprop$(EXEEXT) $(LINK) $(hprop_OBJECTS) $(hprop_LDADD) $(LIBS) @@ -652,7 +775,7 @@ hpropd$(EXEEXT): $(hpropd_OBJECTS) $(hpropd_DEPENDENCIES) $(LINK) $(hpropd_OBJECTS) $(hpropd_LDADD) $(LIBS) kdc$(EXEEXT): $(kdc_OBJECTS) $(kdc_DEPENDENCIES) @rm -f kdc$(EXEEXT) - $(LINK) $(kdc_OBJECTS) $(kdc_LDADD) $(LIBS) + $(kdc_LINK) $(kdc_OBJECTS) $(kdc_LDADD) $(LIBS) kdc-replay$(EXEEXT): $(kdc_replay_OBJECTS) $(kdc_replay_DEPENDENCIES) @rm -f kdc-replay$(EXEEXT) $(LINK) $(kdc_replay_OBJECTS) $(kdc_replay_LDADD) $(LIBS) @@ -669,149 +792,256 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/default_config.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digest-service.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hprop.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hpropd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdc-announce.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdc-config.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdc-connect.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdc-main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdc-replay.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kerberos5.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/krb5tgs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kstash.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kx509.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mit_dump.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkinit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_dbinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string2key.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/windc.Plo@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +kdc-connect.o: connect.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-connect.o -MD -MP -MF $(DEPDIR)/kdc-connect.Tpo -c -o kdc-connect.o `test -f 'connect.c' || echo '$(srcdir)/'`connect.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-connect.Tpo $(DEPDIR)/kdc-connect.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='connect.c' object='kdc-connect.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-connect.o `test -f 'connect.c' || echo '$(srcdir)/'`connect.c + +kdc-connect.obj: connect.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-connect.obj -MD -MP -MF $(DEPDIR)/kdc-connect.Tpo -c -o kdc-connect.obj `if test -f 'connect.c'; then $(CYGPATH_W) 'connect.c'; else $(CYGPATH_W) '$(srcdir)/connect.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-connect.Tpo $(DEPDIR)/kdc-connect.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='connect.c' object='kdc-connect.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-connect.obj `if test -f 'connect.c'; then $(CYGPATH_W) 'connect.c'; else $(CYGPATH_W) '$(srcdir)/connect.c'; fi` + +kdc-config.o: config.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-config.o -MD -MP -MF $(DEPDIR)/kdc-config.Tpo -c -o kdc-config.o `test -f 'config.c' || echo '$(srcdir)/'`config.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-config.Tpo $(DEPDIR)/kdc-config.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config.c' object='kdc-config.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-config.o `test -f 'config.c' || echo '$(srcdir)/'`config.c + +kdc-config.obj: config.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-config.obj -MD -MP -MF $(DEPDIR)/kdc-config.Tpo -c -o kdc-config.obj `if test -f 'config.c'; then $(CYGPATH_W) 'config.c'; else $(CYGPATH_W) '$(srcdir)/config.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-config.Tpo $(DEPDIR)/kdc-config.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config.c' object='kdc-config.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-config.obj `if test -f 'config.c'; then $(CYGPATH_W) 'config.c'; else $(CYGPATH_W) '$(srcdir)/config.c'; fi` + +kdc-announce.o: announce.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-announce.o -MD -MP -MF $(DEPDIR)/kdc-announce.Tpo -c -o kdc-announce.o `test -f 'announce.c' || echo '$(srcdir)/'`announce.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-announce.Tpo $(DEPDIR)/kdc-announce.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='announce.c' object='kdc-announce.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-announce.o `test -f 'announce.c' || echo '$(srcdir)/'`announce.c + +kdc-announce.obj: announce.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-announce.obj -MD -MP -MF $(DEPDIR)/kdc-announce.Tpo -c -o kdc-announce.obj `if test -f 'announce.c'; then $(CYGPATH_W) 'announce.c'; else $(CYGPATH_W) '$(srcdir)/announce.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-announce.Tpo $(DEPDIR)/kdc-announce.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='announce.c' object='kdc-announce.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-announce.obj `if test -f 'announce.c'; then $(CYGPATH_W) 'announce.c'; else $(CYGPATH_W) '$(srcdir)/announce.c'; fi` + +kdc-main.o: main.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-main.o -MD -MP -MF $(DEPDIR)/kdc-main.Tpo -c -o kdc-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-main.Tpo $(DEPDIR)/kdc-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='main.c' object='kdc-main.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c + +kdc-main.obj: main.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -MT kdc-main.obj -MD -MP -MF $(DEPDIR)/kdc-main.Tpo -c -o kdc-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kdc-main.Tpo $(DEPDIR)/kdc-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='main.c' object='kdc-main.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(kdc_CFLAGS) $(CFLAGS) -c -o kdc-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-krb5HEADERS: $(krb5_HEADERS) @$(NORMAL_INSTALL) test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)" - @list='$(krb5_HEADERS)'; for p in $$list; do \ + @list='$(krb5_HEADERS)'; test -n "$(krb5dir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \ - $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(krb5dir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(krb5dir)" || exit $$?; \ done uninstall-krb5HEADERS: @$(NORMAL_UNINSTALL) - @list='$(krb5_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \ - rm -f "$(DESTDIR)$(krb5dir)/$$f"; \ - done + @list='$(krb5_HEADERS)'; test -n "$(krb5dir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(krb5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(krb5dir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -827,13 +1057,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -871,6 +1105,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -882,6 +1117,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -892,6 +1128,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -900,27 +1138,36 @@ install-data-am: install-includeHEADERS install-krb5HEADERS \ install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libLTLIBRARIES \ install-libexecPROGRAMS install-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -942,11 +1189,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-libexecPROGRAMS uninstall-man uninstall-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ @@ -1039,6 +1285,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1124,7 +1373,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1146,6 +1395,7 @@ $(srcdir)/kdc-protos.h: $(srcdir)/kdc-private.h: cd $(srcdir) && perl ../cf/make-proto.pl -q -P comment -p kdc-private.h $(libkdc_la_SOURCES) || rm -f kdc-private.h + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/kdc/announce.c b/crypto/heimdal/kdc/announce.c new file mode 100644 index 00000000000..cf3fdc36363 --- /dev/null +++ b/crypto/heimdal/kdc/announce.c @@ -0,0 +1,544 @@ +/* + * Copyright (c) 2008 Apple Inc. All Rights Reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of Apple Inc. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Apple Inc. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#include "kdc_locl.h" + +#if defined(__APPLE__) && defined(HAVE_GCD) + +#include +#include +#include +#include + +#include + +#include +#include + +#include +#include + +static krb5_kdc_configuration *announce_config; +static krb5_context announce_context; + +struct entry { + DNSRecordRef recordRef; + char *domain; + char *realm; +#define F_EXISTS 1 +#define F_PUSH 2 + int flags; + struct entry *next; +}; + +/* #define REGISTER_SRV_RR */ + +static struct entry *g_entries = NULL; +static CFStringRef g_hostname = NULL; +static DNSServiceRef g_dnsRef = NULL; +static SCDynamicStoreRef g_store = NULL; +static dispatch_queue_t g_queue = NULL; + +#define LOG(...) asl_log(NULL, NULL, ASL_LEVEL_INFO, __VA_ARGS__) + +static void create_dns_sd(void); +static void destroy_dns_sd(void); +static void update_all(SCDynamicStoreRef, CFArrayRef, void *); + + +/* parameters */ +static CFStringRef NetworkChangedKey_BackToMyMac = CFSTR("Setup:/Network/BackToMyMac"); + + +static char * +CFString2utf8(CFStringRef string) +{ + size_t size; + char *str; + + size = 1 + CFStringGetMaximumSizeForEncoding(CFStringGetLength(string), kCFStringEncodingUTF8); + str = malloc(size); + if (str == NULL) + return NULL; + + if (CFStringGetCString(string, str, size, kCFStringEncodingUTF8) == false) { + free(str); + return NULL; + } + return str; +} + +/* + * + */ + +static void +retry_timer(void) +{ + dispatch_source_t s; + dispatch_time_t t; + + s = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, + 0, 0, g_queue); + t = dispatch_time(DISPATCH_TIME_NOW, 5ull * NSEC_PER_SEC); + dispatch_source_set_timer(s, t, 0, NSEC_PER_SEC); + dispatch_source_set_event_handler(s, ^{ + create_dns_sd(); + dispatch_release(s); + }); + dispatch_resume(s); +} + +/* + * + */ + +static void +create_dns_sd(void) +{ + DNSServiceErrorType error; + dispatch_source_t s; + + error = DNSServiceCreateConnection(&g_dnsRef); + if (error) { + retry_timer(); + return; + } + + dispatch_suspend(g_queue); + + s = dispatch_source_create(DISPATCH_SOURCE_TYPE_READ, + DNSServiceRefSockFD(g_dnsRef), + 0, g_queue); + + dispatch_source_set_event_handler(s, ^{ + DNSServiceErrorType ret = DNSServiceProcessResult(g_dnsRef); + /* on error tear down and set timer to recreate */ + if (ret != kDNSServiceErr_NoError && ret != kDNSServiceErr_Transient) { + dispatch_source_cancel(s); + } + }); + + dispatch_source_set_cancel_handler(s, ^{ + destroy_dns_sd(); + retry_timer(); + dispatch_release(s); + }); + + dispatch_resume(s); + + /* Do the first update ourself */ + update_all(g_store, NULL, NULL); + dispatch_resume(g_queue); +} + +static void +domain_add(const char *domain, const char *realm, int flag) +{ + struct entry *e; + + for (e = g_entries; e != NULL; e = e->next) { + if (strcmp(domain, e->domain) == 0 && strcmp(realm, e->realm) == 0) { + e->flags |= flag; + return; + } + } + + LOG("Adding realm %s to domain %s", realm, domain); + + e = calloc(1, sizeof(*e)); + if (e == NULL) + return; + e->domain = strdup(domain); + e->realm = strdup(realm); + if (e->domain == NULL || e->realm == NULL) { + free(e->domain); + free(e->realm); + free(e); + return; + } + e->flags = flag | F_PUSH; /* if we allocate, we push */ + e->next = g_entries; + g_entries = e; +} + +struct addctx { + int flags; + const char *realm; +}; + +static void +domains_add(const void *key, const void *value, void *context) +{ + char *str = CFString2utf8((CFStringRef)value); + struct addctx *ctx = context; + + if (str == NULL) + return; + if (str[0] != '\0') + domain_add(str, ctx->realm, F_EXISTS | ctx->flags); + free(str); +} + + +static void +dnsCallback(DNSServiceRef sdRef __attribute__((unused)), + DNSRecordRef RecordRef __attribute__((unused)), + DNSServiceFlags flags __attribute__((unused)), + DNSServiceErrorType errorCode __attribute__((unused)), + void *context __attribute__((unused))) +{ +} + +#ifdef REGISTER_SRV_RR + +/* + * Register DNS SRV rr for the realm. + */ + +static const char *register_names[2] = { + "_kerberos._tcp", + "_kerberos._udp" +}; + +static struct { + DNSRecordRef *val; + size_t len; +} srvRefs = { NULL, 0 }; + +static void +register_srv(const char *realm, const char *hostname, int port) +{ + unsigned char target[1024]; + int i; + int size; + + /* skip registering LKDC realms */ + if (strncmp(realm, "LKDC:", 5) == 0) + return; + + /* encode SRV-RR */ + target[0] = 0; /* priority */ + target[1] = 0; /* priority */ + target[2] = 0; /* weight */ + target[3] = 0; /* weigth */ + target[4] = (port >> 8) & 0xff; /* port */ + target[5] = (port >> 0) & 0xff; /* port */ + + size = dn_comp(hostname, target + 6, sizeof(target) - 6, NULL, NULL); + if (size < 0) + return; + + size += 6; + + LOG("register SRV rr for realm %s hostname %s:%d", realm, hostname, port); + + for (i = 0; i < sizeof(register_names)/sizeof(register_names[0]); i++) { + char name[kDNSServiceMaxDomainName]; + DNSServiceErrorType error; + void *ptr; + + ptr = realloc(srvRefs.val, sizeof(srvRefs.val[0]) * (srvRefs.len + 1)); + if (ptr == NULL) + errx(1, "malloc: out of memory"); + srvRefs.val = ptr; + + DNSServiceConstructFullName(name, NULL, register_names[i], realm); + + error = DNSServiceRegisterRecord(g_dnsRef, + &srvRefs.val[srvRefs.len], + kDNSServiceFlagsUnique | kDNSServiceFlagsShareConnection, + 0, + name, + kDNSServiceType_SRV, + kDNSServiceClass_IN, + size, + target, + 0, + dnsCallback, + NULL); + if (error) { + LOG("Failed to register SRV rr for realm %s: %d", realm, error); + } else + srvRefs.len++; + } +} + +static void +unregister_srv_realms(void) +{ + if (g_dnsRef) { + for (i = 0; i < srvRefs.len; i++) + DNSServiceRemoveRecord(g_dnsRef, srvRefs.val[i], 0); + } + free(srvRefs.val); + srvRefs.len = 0; + srvRefs.val = NULL; +} + +static void +register_srv_realms(CFStringRef host) +{ + krb5_error_code ret; + char *hostname; + size_t i; + + /* first unregister old names */ + + hostname = CFString2utf8(host); + if (hostname == NULL) + return; + + for(i = 0; i < announce_config->num_db; i++) { + char **realms, **r; + + if (announce_config->db[i]->hdb_get_realms == NULL) + continue; + + ret = (announce_config->db[i]->hdb_get_realms)(announce_context, &realms); + if (ret == 0) { + for (r = realms; r && *r; r++) + register_srv(*r, hostname, 88); + krb5_free_host_realm(announce_context, realms); + } + } + + free(hostname); +} +#endif /* REGISTER_SRV_RR */ + +static void +update_dns(void) +{ + DNSServiceErrorType error; + struct entry **e = &g_entries; + char *hostname; + + hostname = CFString2utf8(g_hostname); + if (hostname == NULL) + return; + + while (*e != NULL) { + /* remove if this wasn't updated */ + if (((*e)->flags & F_EXISTS) == 0) { + struct entry *drop = *e; + *e = (*e)->next; + + LOG("Deleting realm %s from domain %s", + drop->realm, drop->domain); + + if (drop->recordRef && g_dnsRef) + DNSServiceRemoveRecord(g_dnsRef, drop->recordRef, 0); + free(drop->domain); + free(drop->realm); + free(drop); + continue; + } + if ((*e)->flags & F_PUSH) { + struct entry *update = *e; + char *dnsdata, *name; + size_t len; + + len = strlen(update->realm); + asprintf(&dnsdata, "%c%s", (int)len, update->realm); + if (dnsdata == NULL) + errx(1, "malloc"); + + asprintf(&name, "_kerberos.%s.%s", hostname, update->domain); + if (name == NULL) + errx(1, "malloc"); + + if (update->recordRef) + DNSServiceRemoveRecord(g_dnsRef, update->recordRef, 0); + + error = DNSServiceRegisterRecord(g_dnsRef, + &update->recordRef, + kDNSServiceFlagsShared | kDNSServiceFlagsAllowRemoteQuery, + 0, + name, + kDNSServiceType_TXT, + kDNSServiceClass_IN, + len+1, + dnsdata, + 0, + dnsCallback, + NULL); + free(name); + free(dnsdata); + if (error) + errx(1, "failure to update entry for %s/%s", + update->domain, update->realm); + } + e = &(*e)->next; + } + free(hostname); +} + +static void +update_entries(SCDynamicStoreRef store, const char *realm, int flags) +{ + CFDictionaryRef btmm; + + /* we always announce in the local domain */ + domain_add("local", realm, F_EXISTS | flags); + + /* announce btmm */ + btmm = SCDynamicStoreCopyValue(store, NetworkChangedKey_BackToMyMac); + if (btmm) { + struct addctx addctx; + + addctx.flags = flags; + addctx.realm = realm; + + CFDictionaryApplyFunction(btmm, domains_add, &addctx); + CFRelease(btmm); + } +} + +static void +update_all(SCDynamicStoreRef store, CFArrayRef changedKeys, void *info) +{ + struct entry *e; + CFStringRef host; + int i, flags = 0; + + LOG("something changed, running update"); + + host = SCDynamicStoreCopyLocalHostName(store); + if (host == NULL) + return; + + if (g_hostname == NULL || CFStringCompare(host, g_hostname, 0) != kCFCompareEqualTo) { + if (g_hostname) + CFRelease(g_hostname); + g_hostname = CFRetain(host); + flags = F_PUSH; /* if hostname has changed, force push */ + +#ifdef REGISTER_SRV_RR + register_srv_realms(g_hostname); +#endif + } + + for (e = g_entries; e != NULL; e = e->next) + e->flags &= ~(F_EXISTS|F_PUSH); + + for(i = 0; i < announce_config->num_db; i++) { + krb5_error_code ret; + char **realms, **r; + + if (announce_config->db[i]->hdb_get_realms == NULL) + continue; + + ret = (announce_config->db[i]->hdb_get_realms)(announce_context, announce_config->db[i], &realms); + if (ret == 0) { + for (r = realms; r && *r; r++) + update_entries(store, *r, flags); + krb5_free_host_realm(announce_context, realms); + } + } + + update_dns(); + + CFRelease(host); +} + +static void +delete_all(void) +{ + struct entry *e; + + for (e = g_entries; e != NULL; e = e->next) + e->flags &= ~(F_EXISTS|F_PUSH); + + update_dns(); + if (g_entries != NULL) + errx(1, "Failed to remove all bonjour entries"); +} + +static void +destroy_dns_sd(void) +{ + if (g_dnsRef == NULL) + return; + + delete_all(); +#ifdef REGISTER_SRV_RR + unregister_srv_realms(); +#endif + + DNSServiceRefDeallocate(g_dnsRef); + g_dnsRef = NULL; +} + + +static SCDynamicStoreRef +register_notification(void) +{ + SCDynamicStoreRef store; + CFStringRef computerNameKey; + CFMutableArrayRef keys; + + computerNameKey = SCDynamicStoreKeyCreateHostNames(kCFAllocatorDefault); + + store = SCDynamicStoreCreate(kCFAllocatorDefault, CFSTR("Network watcher"), + update_all, NULL); + if (store == NULL) + errx(1, "SCDynamicStoreCreate"); + + keys = CFArrayCreateMutable(kCFAllocatorDefault, 2, &kCFTypeArrayCallBacks); + if (keys == NULL) + errx(1, "CFArrayCreateMutable"); + + CFArrayAppendValue(keys, computerNameKey); + CFArrayAppendValue(keys, NetworkChangedKey_BackToMyMac); + + if (SCDynamicStoreSetNotificationKeys(store, keys, NULL) == false) + errx(1, "SCDynamicStoreSetNotificationKeys"); + + CFRelease(computerNameKey); + CFRelease(keys); + + if (!SCDynamicStoreSetDispatchQueue(store, g_queue)) + errx(1, "SCDynamicStoreSetDispatchQueue"); + + return store; +} +#endif + +void +bonjour_announce(krb5_context context, krb5_kdc_configuration *config) +{ +#if defined(__APPLE__) && defined(HAVE_GCD) + g_queue = dispatch_queue_create("com.apple.kdc_announce", NULL); + if (!g_queue) + errx(1, "dispatch_queue_create"); + + g_store = register_notification(); + announce_config = config; + announce_context = context; + + create_dns_sd(); +#endif +} diff --git a/crypto/heimdal/kdc/config.c b/crypto/heimdal/kdc/config.c index a4d40fce4fa..a437bbd121b 100644 --- a/crypto/heimdal/kdc/config.c +++ b/crypto/heimdal/kdc/config.c @@ -1,43 +1,42 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * All rights reserved. + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" #include #include -RCSID("$Id: config.c 22248 2007-12-08 23:52:12Z lha $"); - struct dbinfo { char *realm; char *dbname; @@ -51,10 +50,6 @@ static int require_preauth = -1; /* 1 == require preauth for all principals */ static char *max_request_str; /* `max_request' as a string */ static int disable_des = -1; -static int enable_v4 = -1; -static int enable_kaserver = -1; -static int enable_524 = -1; -static int enable_v4_cross_realm = -1; static int builtin_hdb_flag; static int help_flag; @@ -62,62 +57,55 @@ static int version_flag; static struct getarg_strings addresses_str; /* addresses to listen on */ -static char *v4_realm; +char *runas_string; +char *chroot_string; + static struct getargs args[] = { - { - "config-file", 'c', arg_string, &config_file, - "location of config file", "file" + { + "config-file", 'c', arg_string, &config_file, + "location of config file", "file" }, - { - "require-preauth", 'p', arg_negative_flag, &require_preauth, - "don't require pa-data in as-reqs" + { + "require-preauth", 'p', arg_negative_flag, &require_preauth, + "don't require pa-data in as-reqs", NULL }, - { - "max-request", 0, arg_string, &max_request, + { + "max-request", 0, arg_string, &max_request_str, "max size for a kdc-request", "size" }, - { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" }, - { "524", 0, arg_negative_flag, &enable_524, - "don't respond to 524 requests" - }, - { - "kaserver", 'K', arg_flag, &enable_kaserver, - "enable kaserver support" - }, - { "kerberos4", 0, arg_flag, &enable_v4, - "respond to kerberos 4 requests" - }, - { - "v4-realm", 'r', arg_string, &v4_realm, - "realm to serve v4-requests for" - }, - { "kerberos4-cross-realm", 0, arg_flag, - &enable_v4_cross_realm, - "respond to kerberos 4 requests from foreign realms" - }, - { "ports", 'P', arg_string, &port_str, + { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support", + NULL }, + { "ports", 'P', arg_string, rk_UNCONST(&port_str), "ports to listen to", "portspec" }, +#ifdef SUPPORT_DETACH #if DETACH_IS_DEFAULT { - "detach", 'D', arg_negative_flag, &detach_from_console, - "don't detach from console" + "detach", 'D', arg_negative_flag, &detach_from_console, + "don't detach from console", NULL }, #else { - "detach", 0 , arg_flag, &detach_from_console, - "detach from console" + "detach", 0 , arg_flag, &detach_from_console, + "detach from console", NULL }, +#endif #endif { "addresses", 0, arg_strings, &addresses_str, "addresses to listen on", "list of addresses" }, { "disable-des", 0, arg_flag, &disable_des, - "disable DES" }, + "disable DES", NULL }, { "builtin-hdb", 0, arg_flag, &builtin_hdb_flag, - "list builtin hdb backends"}, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + "list builtin hdb backends", NULL}, + { "runas-user", 0, arg_string, &runas_string, + "run as this user when connected to network", NULL + }, + { "chroot", 0, arg_string, &chroot_string, + "chroot directory to run in", NULL + }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -152,7 +140,7 @@ configure(krb5_context context, int argc, char **argv) krb5_error_code ret; int optidx = 0; const char *p; - + while(getarg(args, num_args, argc, argv, &optidx)) warnx("error at argument `%s'", argv[optidx]); @@ -179,7 +167,7 @@ configure(krb5_context context, int argc, char **argv) if (argc != 0) usage(1); - + { char **files; @@ -192,10 +180,10 @@ configure(krb5_context context, int argc, char **argv) ret = krb5_prepend_config_files_default(config_file, &files); if (ret) krb5_err(context, 1, ret, "getting configuration files"); - + ret = krb5_set_config_files(context, files); krb5_free_config_files(files); - if(ret) + if(ret) krb5_err(context, 1, ret, "reading configuration files"); } @@ -203,25 +191,25 @@ configure(krb5_context context, int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_kdc_default_config"); - kdc_openlog(context, config); + kdc_openlog(context, "kdc", config); ret = krb5_kdc_set_dbinfo(context, config); if (ret) krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo"); if(max_request_str) - max_request = parse_bytes(max_request_str, NULL); + max_request_tcp = max_request_udp = parse_bytes(max_request_str, NULL); - if(max_request == 0){ + if(max_request_tcp == 0){ p = krb5_config_get_string (context, NULL, "kdc", "max-request", NULL); if(p) - max_request = parse_bytes(p, NULL); + max_request_tcp = max_request_udp = parse_bytes(p, NULL); } - + if(require_preauth != -1) config->require_preauth = require_preauth; @@ -250,53 +238,39 @@ configure(krb5_context context, int argc, char **argv) } } - if(enable_v4 != -1) - config->enable_v4 = enable_v4; - - if(enable_v4_cross_realm != -1) - config->enable_v4_cross_realm = enable_v4_cross_realm; - - if(enable_524 != -1) - config->enable_524 = enable_524; - if(enable_http == -1) - enable_http = krb5_config_get_bool(context, NULL, "kdc", + enable_http = krb5_config_get_bool(context, NULL, "kdc", "enable-http", NULL); if(request_log == NULL) - request_log = krb5_config_get_string(context, NULL, - "kdc", - "kdc-request-log", + request_log = krb5_config_get_string(context, NULL, + "kdc", + "kdc-request-log", NULL); - if (krb5_config_get_string(context, NULL, "kdc", + if (krb5_config_get_string(context, NULL, "kdc", "enforce-transited-policy", NULL)) krb5_errx(context, 1, "enforce-transited-policy deprecated, " "use [kdc]transited-policy instead"); - if (enable_kaserver != -1) - config->enable_kaserver = enable_kaserver; - - if(detach_from_console == -1) - detach_from_console = krb5_config_get_bool_default(context, NULL, +#ifdef SUPPORT_DETACH + if(detach_from_console == -1) + detach_from_console = krb5_config_get_bool_default(context, NULL, DETACH_IS_DEFAULT, "kdc", "detach", NULL); +#endif /* SUPPORT_DETACH */ - if(max_request == 0) - max_request = 64 * 1024; + if(max_request_tcp == 0) + max_request_tcp = 64 * 1024; + if(max_request_udp == 0) + max_request_udp = 64 * 1024; if (port_str == NULL) port_str = "+"; - if (v4_realm) - config->v4_realm = v4_realm; - - if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4)) - krb5_errx(context, 1, "Kerberos 4 enabled but no realm configured"); - if(disable_des == -1) - disable_des = krb5_config_get_bool_default(context, NULL, + disable_des = krb5_config_get_bool_default(context, NULL, FALSE, "kdc", "disable-des", NULL); @@ -307,16 +281,11 @@ configure(krb5_context context, int argc, char **argv) krb5_enctype_disable(context, ETYPE_DES_CBC_NONE); krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE); krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE); - - kdc_log(context, config, - 0, "DES was disabled, turned off Kerberos V4, 524 " - "and kaserver"); - config->enable_v4 = 0; - config->enable_524 = 0; - config->enable_kaserver = 0; } krb5_kdc_windc_init(context); + krb5_kdc_pkinit_config(context, config); + return config; } diff --git a/crypto/heimdal/kdc/connect.c b/crypto/heimdal/kdc/connect.c index c2df088342f..8ecf375b8d2 100644 --- a/crypto/heimdal/kdc/connect.c +++ b/crypto/heimdal/kdc/connect.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: connect.c 22434 2008-01-14 09:21:37Z lha $"); - /* Should we enable the HTTP hack? */ int enable_http = -1; @@ -46,7 +44,8 @@ const char *port_str; krb5_addresses explicit_addresses; -size_t max_request; /* maximal size of a request */ +size_t max_request_udp; +size_t max_request_tcp; /* * a tuple describing on what to listen @@ -61,18 +60,18 @@ struct port_desc{ /* the current ones */ static struct port_desc *ports; -static int num_ports; +static size_t num_ports; /* * add `family, port, protocol' to the list with duplicate suppresion. */ static void -add_port(krb5_context context, +add_port(krb5_context context, int family, int port, const char *protocol) { int type; - int i; + size_t i; if(strcmp(protocol, "udp") == 0) type = SOCK_DGRAM; @@ -101,7 +100,7 @@ add_port(krb5_context context, */ static void -add_port_service(krb5_context context, +add_port_service(krb5_context context, int family, const char *service, int port, const char *protocol) { @@ -115,7 +114,7 @@ add_port_service(krb5_context context, */ static void -add_port_string (krb5_context context, +add_port_string (krb5_context context, int family, const char *str, const char *protocol) { struct servent *sp; @@ -139,7 +138,7 @@ add_port_string (krb5_context context, */ static void -add_standard_ports (krb5_context context, +add_standard_ports (krb5_context context, krb5_kdc_configuration *config, int family) { @@ -149,16 +148,6 @@ add_standard_ports (krb5_context context, add_port_service(context, family, "kerberos-sec", 88, "tcp"); if(enable_http) add_port_service(context, family, "http", 80, "tcp"); - if(config->enable_524) { - add_port_service(context, family, "krb524", 4444, "udp"); - add_port_service(context, family, "krb524", 4444, "tcp"); - } - if(config->enable_v4) { - add_port_service(context, family, "kerberos-iv", 750, "udp"); - add_port_service(context, family, "kerberos-iv", 750, "tcp"); - } - if (config->enable_kaserver) - add_port_service(context, family, "afs3-kaserver", 7004, "udp"); if(config->enable_kx509) { add_port_service(context, family, "kca_service", 9878, "udp"); add_port_service(context, family, "kca_service", 9878, "tcp"); @@ -173,7 +162,7 @@ add_standard_ports (krb5_context context, */ static void -parse_ports(krb5_context context, +parse_ports(krb5_context context, krb5_kdc_configuration *config, const char *str) { @@ -205,7 +194,7 @@ parse_ports(krb5_context context, add_port_string(context, AF_INET, p, "tcp"); } } - + p = strtok_r(NULL, " \t", &pos); } free (str_copy); @@ -216,7 +205,7 @@ parse_ports(krb5_context context, */ struct descr { - int s; + krb5_socket_t s; int type; int port; unsigned char *buf; @@ -234,7 +223,7 @@ init_descr(struct descr *d) { memset(d, 0, sizeof(*d)); d->sa = (struct sockaddr *)&d->__ss; - d->s = -1; + d->s = rk_INVALID_SOCKET; } /* @@ -254,8 +243,8 @@ reinit_descrs (struct descr *d, int n) * Create the socket (family, type, port) in `d' */ -static void -init_socket(krb5_context context, +static void +init_socket(krb5_context context, krb5_kdc_configuration *config, struct descr *d, krb5_address *a, int family, int type, int port) { @@ -269,8 +258,8 @@ init_socket(krb5_context context, ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port); if (ret) { krb5_warn(context, ret, "krb5_addr2sockaddr"); - close(d->s); - d->s = -1; + rk_closesocket(d->s); + d->s = rk_INVALID_SOCKET; return; } @@ -278,9 +267,9 @@ init_socket(krb5_context context, return; d->s = socket(family, type, 0); - if(d->s < 0){ + if(rk_IS_BAD_SOCKET(d->s)){ krb5_warn(context, errno, "socket(%d, %d, 0)", family, type); - d->s = -1; + d->s = rk_INVALID_SOCKET; return; } #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_REUSEADDR) @@ -292,24 +281,24 @@ init_socket(krb5_context context, d->type = type; d->port = port; - if(bind(d->s, sa, sa_size) < 0){ + if(rk_IS_SOCKET_ERROR(bind(d->s, sa, sa_size))){ char a_str[256]; size_t len; krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port)); - close(d->s); - d->s = -1; + rk_closesocket(d->s); + d->s = rk_INVALID_SOCKET; return; } - if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){ + if(type == SOCK_STREAM && rk_IS_SOCKET_ERROR(listen(d->s, SOMAXCONN))){ char a_str[256]; size_t len; krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port)); - close(d->s); - d->s = -1; + rk_closesocket(d->s); + d->s = rk_INVALID_SOCKET; return; } } @@ -320,12 +309,12 @@ init_socket(krb5_context context, */ static int -init_sockets(krb5_context context, +init_sockets(krb5_context context, krb5_kdc_configuration *config, struct descr **desc) { krb5_error_code ret; - int i, j; + size_t i, j; struct descr *d; int num = 0; krb5_addresses addresses; @@ -347,7 +336,7 @@ init_sockets(krb5_context context, for (j = 0; j < addresses.len; ++j) { init_socket(context, config, &d[num], &addresses.val[j], ports[i].family, ports[i].type, ports[i].port); - if(d[num].s != -1){ + if(d[num].s != rk_INVALID_SOCKET){ char a_str[80]; size_t len; @@ -356,7 +345,7 @@ init_sockets(krb5_context context, kdc_log(context, config, 5, "listening on %s port %u/%s", a_str, - ntohs(ports[i].port), + ntohs(ports[i].port), (ports[i].type == SOCK_STREAM) ? "tcp" : "udp"); /* XXX */ num++; @@ -388,7 +377,7 @@ descr_type(struct descr *d) } static void -addr_to_string(krb5_context context, +addr_to_string(krb5_context context, struct sockaddr *addr, size_t addr_len, char *str, size_t len) { krb5_address a; @@ -407,7 +396,7 @@ addr_to_string(krb5_context context, */ static void -send_reply(krb5_context context, +send_reply(krb5_context context, krb5_kdc_configuration *config, krb5_boolean prependlength, struct descr *d, @@ -422,15 +411,16 @@ send_reply(krb5_context context, l[1] = (reply->length >> 16) & 0xff; l[2] = (reply->length >> 8) & 0xff; l[3] = reply->length & 0xff; - if(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len) < 0) { - kdc_log (context, config, - 0, "sendto(%s): %s", d->addr_string, strerror(errno)); + if(rk_IS_SOCKET_ERROR(sendto(d->s, l, sizeof(l), 0, d->sa, d->sock_len))) { + kdc_log (context, config, + 0, "sendto(%s): %s", d->addr_string, + strerror(rk_SOCK_ERRNO)); return; } } - if(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len) < 0) { - kdc_log (context, config, - 0, "sendto(%s): %s", d->addr_string, strerror(errno)); + if(rk_IS_SOCKET_ERROR(sendto(d->s, reply->data, reply->length, 0, d->sa, d->sock_len))) { + kdc_log (context, config, 0, "sendto(%s): %s", d->addr_string, + strerror(rk_SOCK_ERRNO)); return; } } @@ -440,7 +430,7 @@ send_reply(krb5_context context, */ static void -do_request(krb5_context context, +do_request(krb5_context context, krb5_kdc_configuration *config, void *buf, size_t len, krb5_boolean prependlength, struct descr *d) @@ -452,7 +442,7 @@ do_request(krb5_context context, krb5_kdc_update_time(NULL); krb5_data_zero(&reply); - ret = krb5_kdc_process_request(context, config, + ret = krb5_kdc_process_request(context, config, buf, len, &reply, &prependlength, d->addr_string, d->sa, datagram_reply); @@ -463,8 +453,8 @@ do_request(krb5_context context, krb5_data_free(&reply); } if(ret) - kdc_log(context, config, 0, - "Failed processing %lu byte request from %s", + kdc_log(context, config, 0, + "Failed processing %lu byte request from %s", (unsigned long)len, d->addr_string); } @@ -473,27 +463,45 @@ do_request(krb5_context context, */ static void -handle_udp(krb5_context context, +handle_udp(krb5_context context, krb5_kdc_configuration *config, struct descr *d) { unsigned char *buf; - int n; + ssize_t n; - buf = malloc(max_request); + buf = malloc(max_request_udp); if(buf == NULL){ - kdc_log(context, config, 0, "Failed to allocate %lu bytes", (unsigned long)max_request); + kdc_log(context, config, 0, "Failed to allocate %lu bytes", (unsigned long)max_request_udp); return; } d->sock_len = sizeof(d->__ss); - n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len); - if(n < 0) - krb5_warn(context, errno, "recvfrom"); + n = recvfrom(d->s, buf, max_request_udp, 0, d->sa, &d->sock_len); + if(rk_IS_SOCKET_ERROR(n)) + krb5_warn(context, rk_SOCK_ERRNO, "recvfrom"); else { addr_to_string (context, d->sa, d->sock_len, d->addr_string, sizeof(d->addr_string)); - do_request(context, config, buf, n, FALSE, d); + if ((size_t)n == max_request_udp) { + krb5_data data; + krb5_warn(context, errno, + "recvfrom: truncated packet from %s, asking for TCP", + d->addr_string); + krb5_mk_error(context, + KRB5KRB_ERR_RESPONSE_TOO_BIG, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + &data); + send_reply(context, config, FALSE, d, &data); + krb5_data_free(&data); + } else { + do_request(context, config, buf, n, FALSE, d); + } } free (buf); } @@ -504,9 +512,9 @@ clear_descr(struct descr *d) if(d->buf) memset(d->buf, 0, d->size); d->len = 0; - if(d->s != -1) - close(d->s); - d->s = -1; + if(d->s != rk_INVALID_SOCKET) + rk_closesocket(d->s); + d->s = rk_INVALID_SOCKET; } @@ -536,32 +544,34 @@ de_http(char *buf) */ static void -add_new_tcp (krb5_context context, +add_new_tcp (krb5_context context, krb5_kdc_configuration *config, struct descr *d, int parent, int child) { - int s; + krb5_socket_t s; if (child == -1) return; d[child].sock_len = sizeof(d[child].__ss); s = accept(d[parent].s, d[child].sa, &d[child].sock_len); - if(s < 0) { - krb5_warn(context, errno, "accept"); + if(rk_IS_BAD_SOCKET(s)) { + krb5_warn(context, rk_SOCK_ERRNO, "accept"); return; } - + +#ifdef FD_SETSIZE if (s >= FD_SETSIZE) { krb5_warnx(context, "socket FD too large"); - close (s); + rk_closesocket (s); return; } +#endif d[child].s = s; d[child].timeout = time(NULL) + TCP_TIMEOUT; d[child].type = SOCK_STREAM; - addr_to_string (context, + addr_to_string (context, d[child].sa, d[child].sock_len, d[child].addr_string, sizeof(d[child].addr_string)); } @@ -572,16 +582,16 @@ add_new_tcp (krb5_context context, */ static int -grow_descr (krb5_context context, +grow_descr (krb5_context context, krb5_kdc_configuration *config, struct descr *d, size_t n) { if (d->size - d->len < n) { unsigned char *tmp; - size_t grow; + size_t grow; grow = max(1024, d->len + n); - if (d->size + grow > max_request) { + if (d->size + grow > max_request_tcp) { kdc_log(context, config, 0, "Request exceeds max request size (%lu bytes).", (unsigned long)d->size + grow); clear_descr(d); @@ -606,7 +616,7 @@ grow_descr (krb5_context context, */ static int -handle_vanilla_tcp (krb5_context context, +handle_vanilla_tcp (krb5_context context, krb5_kdc_configuration *config, struct descr *d) { @@ -634,7 +644,7 @@ handle_vanilla_tcp (krb5_context context, */ static int -handle_http_tcp (krb5_context context, +handle_http_tcp (krb5_context context, krb5_kdc_configuration *config, struct descr *d) { @@ -645,24 +655,26 @@ handle_http_tcp (krb5_context context, s = (char *)d->buf; + /* If its a multi line query, truncate off the first line */ p = strstr(s, "\r\n"); - if (p == NULL) { - kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string); - return -1; - } - *p = 0; + if (p) + *p = 0; p = NULL; t = strtok_r(s, " \t", &p); if (t == NULL) { - kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string); + kdc_log(context, config, 0, + "Missing HTTP operand (GET) request from %s", d->addr_string); return -1; } + t = strtok_r(NULL, " \t", &p); if(t == NULL) { - kdc_log(context, config, 0, "Malformed HTTP request from %s", d->addr_string); + kdc_log(context, config, 0, + "Missing HTTP GET data in request from %s", d->addr_string); return -1; } + data = malloc(strlen(t)); if (data == NULL) { kdc_log(context, config, 0, "Failed to allocate %lu bytes", @@ -685,7 +697,7 @@ handle_http_tcp (krb5_context context, } len = base64_decode(t, data); if(len <= 0){ - const char *msg = + const char *msg = " 404 Not found\r\n" "Server: Heimdal/" VERSION "\r\n" "Cache-Control: no-cache\r\n" @@ -699,37 +711,41 @@ handle_http_tcp (krb5_context context, kdc_log(context, config, 0, "HTTP request from %s is non KDC request", d->addr_string); kdc_log(context, config, 5, "HTTP request: %s", t); free(data); - if (write(d->s, proto, strlen(proto)) < 0) { - kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + if (rk_IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) { + kdc_log(context, config, 0, "HTTP write failed: %s: %s", + d->addr_string, strerror(rk_SOCK_ERRNO)); return -1; } - if (write(d->s, msg, strlen(msg)) < 0) { - kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + if (rk_IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) { + kdc_log(context, config, 0, "HTTP write failed: %s: %s", + d->addr_string, strerror(rk_SOCK_ERRNO)); return -1; } return -1; } { - const char *msg = + const char *msg = " 200 OK\r\n" "Server: Heimdal/" VERSION "\r\n" "Cache-Control: no-cache\r\n" "Pragma: no-cache\r\n" "Content-type: application/octet-stream\r\n" "Content-transfer-encoding: binary\r\n\r\n"; - if (write(d->s, proto, strlen(proto)) < 0) { - kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + if (rk_IS_SOCKET_ERROR(send(d->s, proto, strlen(proto), 0))) { + free(data); + kdc_log(context, config, 0, "HTTP write failed: %s: %s", + d->addr_string, strerror(rk_SOCK_ERRNO)); return -1; } - if (write(d->s, msg, strlen(msg)) < 0) { - kdc_log(context, config, 0, "HTTP write failed: %s: %s", - d->addr_string, strerror(errno)); + if (rk_IS_SOCKET_ERROR(send(d->s, msg, strlen(msg), 0))) { + free(data); + kdc_log(context, config, 0, "HTTP write failed: %s: %s", + d->addr_string, strerror(rk_SOCK_ERRNO)); return -1; } } + if ((size_t)len > d->len) + len = d->len; memcpy(d->buf, data, len); d->len = len; free(data); @@ -741,7 +757,7 @@ handle_http_tcp (krb5_context context, */ static void -handle_tcp(krb5_context context, +handle_tcp(krb5_context context, krb5_kdc_configuration *config, struct descr *d, int idx, int min_free) { @@ -755,15 +771,15 @@ handle_tcp(krb5_context context, } n = recvfrom(d[idx].s, buf, sizeof(buf), 0, NULL, NULL); - if(n < 0){ - krb5_warn(context, errno, "recvfrom failed from %s to %s/%d", - d[idx].addr_string, descr_type(d + idx), + if(rk_IS_SOCKET_ERROR(n)){ + krb5_warn(context, rk_SOCK_ERRNO, "recvfrom failed from %s to %s/%d", + d[idx].addr_string, descr_type(d + idx), ntohs(d[idx].port)); return; } else if (n == 0) { krb5_warnx(context, "connection closed before end of data after %lu " - "bytes from %s to %s/%d", (unsigned long)d[idx].len, - d[idx].addr_string, descr_type(d + idx), + "bytes from %s to %s/%d", (unsigned long)d[idx].len, + d[idx].addr_string, descr_type(d + idx), ntohs(d[idx].port)); clear_descr (d + idx); return; @@ -776,16 +792,20 @@ handle_tcp(krb5_context context, ret = handle_vanilla_tcp (context, config, &d[idx]); } else if(enable_http && d[idx].len >= 4 && - strncmp((char *)d[idx].buf, "GET ", 4) == 0 && + strncmp((char *)d[idx].buf, "GET ", 4) == 0 && strncmp((char *)d[idx].buf + d[idx].len - 4, "\r\n\r\n", 4) == 0) { + + /* remove the trailing \r\n\r\n so the string is NUL terminated */ + d[idx].buf[d[idx].len - 4] = '\0'; + ret = handle_http_tcp (context, config, &d[idx]); if (ret < 0) clear_descr (d + idx); } else if (d[idx].len > 4) { - kdc_log (context, config, + kdc_log (context, config, 0, "TCP data of strange type from %s to %s/%d", - d[idx].addr_string, descr_type(d + idx), + d[idx].addr_string, descr_type(d + idx), ntohs(d[idx].port)); if (d[idx].buf[0] & 0x80) { krb5_data reply; @@ -812,18 +832,18 @@ handle_tcp(krb5_context context, if (ret < 0) return; else if (ret == 1) { - do_request(context, config, + do_request(context, config, d[idx].buf, d[idx].len, TRUE, &d[idx]); clear_descr(d + idx); } } void -loop(krb5_context context, +loop(krb5_context context, krb5_kdc_configuration *config) { struct descr *d; - int ndescr; + unsigned int ndescr; ndescr = init_sockets(context, config, &d); if(ndescr <= 0) @@ -834,25 +854,29 @@ loop(krb5_context context, fd_set fds; int min_free = -1; int max_fd = 0; - int i; + size_t i; FD_ZERO(&fds); for(i = 0; i < ndescr; i++) { - if(d[i].s >= 0){ - if(d[i].type == SOCK_STREAM && + if(!rk_IS_BAD_SOCKET(d[i].s)){ + if(d[i].type == SOCK_STREAM && d[i].timeout && d[i].timeout < time(NULL)) { - kdc_log(context, config, 1, + kdc_log(context, config, 1, "TCP-connection from %s expired after %lu bytes", d[i].addr_string, (unsigned long)d[i].len); clear_descr(&d[i]); continue; } +#ifndef NO_LIMIT_FD_SETSIZE if(max_fd < d[i].s) max_fd = d[i].s; +#ifdef FD_SETSIZE if (max_fd >= FD_SETSIZE) krb5_errx(context, 1, "fd too large"); +#endif +#endif FD_SET(d[i].s, &fds); - } else if(min_free < 0 || i < min_free) + } else if(min_free < 0 || i < (size_t)min_free) min_free = i; } if(min_free == -1){ @@ -870,7 +894,7 @@ loop(krb5_context context, ndescr += 4; } } - + tmout.tv_sec = TCP_TIMEOUT; tmout.tv_usec = 0; switch(select(max_fd + 1, &fds, 0, 0, &tmout)){ @@ -878,11 +902,11 @@ loop(krb5_context context, break; case -1: if (errno != EINTR) - krb5_warn(context, errno, "select"); + krb5_warn(context, rk_SOCK_ERRNO, "select"); break; default: for(i = 0; i < ndescr; i++) - if(d[i].s >= 0 && FD_ISSET(d[i].s, &fds)) { + if(!rk_IS_BAD_SOCKET(d[i].s) && FD_ISSET(d[i].s, &fds)) { if(d[i].type == SOCK_DGRAM) handle_udp(context, config, &d[i]); else if(d[i].type == SOCK_STREAM) @@ -890,8 +914,11 @@ loop(krb5_context context, } } } - if(exit_flag == SIGXCPU) + if (0); +#ifdef SIGXCPU + else if(exit_flag == SIGXCPU) kdc_log(context, config, 0, "CPU time limit exceeded"); +#endif else if(exit_flag == SIGINT || exit_flag == SIGTERM) kdc_log(context, config, 0, "Terminated"); else diff --git a/crypto/heimdal/kdc/default_config.c b/crypto/heimdal/kdc/default_config.c index 5f336e3275d..6fbf5fdae15 100644 --- a/crypto/heimdal/kdc/default_config.c +++ b/crypto/heimdal/kdc/default_config.c @@ -1,43 +1,42 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * All rights reserved. + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" #include #include -RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $"); - krb5_error_code krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) { @@ -45,21 +44,21 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c = calloc(1, sizeof(*c)); if (c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } c->require_preauth = TRUE; c->kdc_warn_pwexpire = 0; c->encode_as_rep_as_tgs_rep = FALSE; + c->as_use_strongest_session_key = FALSE; + c->preauth_use_strongest_session_key = FALSE; + c->tgs_use_strongest_session_key = FALSE; + c->use_strongest_server_key = TRUE; c->check_ticket_addresses = TRUE; c->allow_null_ticket_addresses = TRUE; c->allow_anonymous = FALSE; c->trpolicy = TRPOLICY_ALWAYS_CHECK; - c->enable_v4 = FALSE; - c->enable_kaserver = FALSE; - c->enable_524 = FALSE; - c->enable_v4_cross_realm = FALSE; c->enable_pkinit = FALSE; c->pkinit_princ_in_cert = TRUE; c->pkinit_require_binding = TRUE; @@ -68,32 +67,20 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->logf = NULL; c->require_preauth = - krb5_config_get_bool_default(context, NULL, + krb5_config_get_bool_default(context, NULL, c->require_preauth, "kdc", "require-preauth", NULL); - c->enable_v4 = - krb5_config_get_bool_default(context, NULL, - c->enable_v4, - "kdc", "enable-kerberos4", NULL); - c->enable_v4_cross_realm = +#ifdef DIGEST + c->enable_digest = krb5_config_get_bool_default(context, NULL, - c->enable_v4_cross_realm, - "kdc", - "enable-kerberos4-cross-realm", NULL); - c->enable_524 = - krb5_config_get_bool_default(context, NULL, - c->enable_v4, - "kdc", "enable-524", NULL); - c->enable_digest = - krb5_config_get_bool_default(context, NULL, FALSE, "kdc", "enable-digest", NULL); { const char *digests; - digests = krb5_config_get_string(context, NULL, - "kdc", + digests = krb5_config_get_string(context, NULL, + "kdc", "digests_allowed", NULL); if (digests == NULL) digests = "ntlm-v2"; @@ -110,18 +97,20 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->enable_digest = 0; } } +#endif - c->enable_kx509 = - krb5_config_get_bool_default(context, NULL, - FALSE, +#ifdef KX509 + c->enable_kx509 = + krb5_config_get_bool_default(context, NULL, + FALSE, "kdc", "enable-kx509", NULL); if (c->enable_kx509) { c->kx509_template = - krb5_config_get_string(context, NULL, + krb5_config_get_string(context, NULL, "kdc", "kx509_template", NULL); c->kx509_ca = - krb5_config_get_string(context, NULL, + krb5_config_get_string(context, NULL, "kdc", "kx509_ca", NULL); if (c->kx509_ca == NULL || c->kx509_template == NULL) { kdc_log(context, c, 0, @@ -129,27 +118,49 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->enable_kx509 = FALSE; } } +#endif - c->check_ticket_addresses = - krb5_config_get_bool_default(context, NULL, - c->check_ticket_addresses, - "kdc", + c->as_use_strongest_session_key = + krb5_config_get_bool_default(context, NULL, + c->as_use_strongest_session_key, + "kdc", + "as-use-strongest-session-key", NULL); + c->preauth_use_strongest_session_key = + krb5_config_get_bool_default(context, NULL, + c->preauth_use_strongest_session_key, + "kdc", + "preauth-use-strongest-session-key", NULL); + c->tgs_use_strongest_session_key = + krb5_config_get_bool_default(context, NULL, + c->tgs_use_strongest_session_key, + "kdc", + "tgs-use-strongest-session-key", NULL); + c->use_strongest_server_key = + krb5_config_get_bool_default(context, NULL, + c->use_strongest_server_key, + "kdc", + "use-strongest-server-key", NULL); + + c->check_ticket_addresses = + krb5_config_get_bool_default(context, NULL, + c->check_ticket_addresses, + "kdc", "check-ticket-addresses", NULL); - c->allow_null_ticket_addresses = - krb5_config_get_bool_default(context, NULL, - c->allow_null_ticket_addresses, - "kdc", + c->allow_null_ticket_addresses = + krb5_config_get_bool_default(context, NULL, + c->allow_null_ticket_addresses, + "kdc", "allow-null-ticket-addresses", NULL); - c->allow_anonymous = - krb5_config_get_bool_default(context, NULL, + c->allow_anonymous = + krb5_config_get_bool_default(context, NULL, c->allow_anonymous, - "kdc", + "kdc", "allow-anonymous", NULL); c->max_datagram_reply_length = - krb5_config_get_int_default(context, - NULL, + krb5_config_get_int_default(context, + NULL, 1400, "kdc", "max-kdc-datagram-reply-length", @@ -158,8 +169,8 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) { const char *trpolicy_str; - trpolicy_str = - krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc", + trpolicy_str = + krb5_config_get_string_default(context, NULL, "DEFAULT", "kdc", "transited-policy", NULL); if(strcasecmp(trpolicy_str, "always-check") == 0) { c->trpolicy = TRPOLICY_ALWAYS_CHECK; @@ -167,119 +178,110 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL; } else if(strcasecmp(trpolicy_str, "always-honour-request") == 0) { c->trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST; - } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) { + } else if(strcasecmp(trpolicy_str, "DEFAULT") == 0) { /* default */ } else { kdc_log(context, c, 0, "unknown transited-policy: %s, " - "reverting to default (always-check)", + "reverting to default (always-check)", trpolicy_str); } } - { - const char *p; - p = krb5_config_get_string (context, NULL, - "kdc", - "v4-realm", - NULL); - if(p != NULL) { - c->v4_realm = strdup(p); - if (c->v4_realm == NULL) - krb5_errx(context, 1, "out of memory"); - } else { - c->v4_realm = NULL; - } - } - - c->enable_kaserver = - krb5_config_get_bool_default(context, - NULL, - c->enable_kaserver, - "kdc", "enable-kaserver", NULL); - - c->encode_as_rep_as_tgs_rep = - krb5_config_get_bool_default(context, NULL, - c->encode_as_rep_as_tgs_rep, - "kdc", + krb5_config_get_bool_default(context, NULL, + c->encode_as_rep_as_tgs_rep, + "kdc", "encode_as_rep_as_tgs_rep", NULL); - + c->kdc_warn_pwexpire = krb5_config_get_time_default (context, NULL, c->kdc_warn_pwexpire, "kdc", "kdc_warn_pwexpire", NULL); -#ifdef PKINIT - c->enable_pkinit = - krb5_config_get_bool_default(context, - NULL, + c->enable_pkinit = + krb5_config_get_bool_default(context, + NULL, c->enable_pkinit, "kdc", "enable-pkinit", NULL); - if (c->enable_pkinit) { - const char *user_id, *anchors, *ocsp_file; - char **pool_list, **revoke_list; - user_id = - krb5_config_get_string(context, NULL, - "kdc", "pkinit_identity", NULL); - if (user_id == NULL) - krb5_errx(context, 1, "pkinit enabled but no identity"); - - anchors = krb5_config_get_string(context, NULL, - "kdc", "pkinit_anchors", NULL); - if (anchors == NULL) - krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); - - pool_list = - krb5_config_get_strings(context, NULL, - "kdc", "pkinit_pool", NULL); - - revoke_list = - krb5_config_get_strings(context, NULL, - "kdc", "pkinit_revoke", NULL); - - ocsp_file = - krb5_config_get_string(context, NULL, - "kdc", "pkinit_kdc_ocsp", NULL); - if (ocsp_file) { - c->pkinit_kdc_ocsp_file = strdup(ocsp_file); - if (c->pkinit_kdc_ocsp_file == NULL) - krb5_errx(context, 1, "out of memory"); - } - - _kdc_pk_initialize(context, c, user_id, anchors, - pool_list, revoke_list); - - krb5_config_free_strings(pool_list); - krb5_config_free_strings(revoke_list); - - c->pkinit_princ_in_cert = - krb5_config_get_bool_default(context, NULL, - c->pkinit_princ_in_cert, - "kdc", - "pkinit_principal_in_certificate", - NULL); - - c->pkinit_require_binding = - krb5_config_get_bool_default(context, NULL, - c->pkinit_require_binding, - "kdc", - "pkinit_win2k_require_binding", - NULL); - } + c->pkinit_kdc_identity = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_identity", NULL); + c->pkinit_kdc_anchors = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_anchors", NULL); + c->pkinit_kdc_cert_pool = + krb5_config_get_strings(context, NULL, + "kdc", "pkinit_pool", NULL); + c->pkinit_kdc_revoke = + krb5_config_get_strings(context, NULL, + "kdc", "pkinit_revoke", NULL); + c->pkinit_kdc_ocsp_file = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_kdc_ocsp", NULL); + c->pkinit_kdc_friendly_name = + krb5_config_get_string(context, NULL, + "kdc", "pkinit_kdc_friendly_name", NULL); + c->pkinit_princ_in_cert = + krb5_config_get_bool_default(context, NULL, + c->pkinit_princ_in_cert, + "kdc", + "pkinit_principal_in_certificate", + NULL); + c->pkinit_require_binding = + krb5_config_get_bool_default(context, NULL, + c->pkinit_require_binding, + "kdc", + "pkinit_win2k_require_binding", + NULL); c->pkinit_dh_min_bits = - krb5_config_get_int_default(context, NULL, + krb5_config_get_int_default(context, NULL, 0, "kdc", "pkinit_dh_min_bits", NULL); -#endif - *config = c; return 0; } + +krb5_error_code +krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) +{ +#ifdef PKINIT +#ifdef __APPLE__ + config->enable_pkinit = 1; + + if (config->pkinit_kdc_identity == NULL) { + if (config->pkinit_kdc_friendly_name == NULL) + config->pkinit_kdc_friendly_name = + strdup("O=System Identity,CN=com.apple.kerberos.kdc"); + config->pkinit_kdc_identity = strdup("KEYCHAIN:"); + } + if (config->pkinit_kdc_anchors == NULL) + config->pkinit_kdc_anchors = strdup("KEYCHAIN:"); + +#endif /* __APPLE__ */ + + if (config->enable_pkinit) { + if (config->pkinit_kdc_identity == NULL) + krb5_errx(context, 1, "pkinit enabled but no identity"); + + if (config->pkinit_kdc_anchors == NULL) + krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); + + krb5_kdc_pk_initialize(context, config, + config->pkinit_kdc_identity, + config->pkinit_kdc_anchors, + config->pkinit_kdc_cert_pool, + config->pkinit_kdc_revoke); + + } + + return 0; +#endif /* PKINIT */ +} diff --git a/crypto/heimdal/kdc/digest-service.c b/crypto/heimdal/kdc/digest-service.c new file mode 100644 index 00000000000..4d339a2ddd3 --- /dev/null +++ b/crypto/heimdal/kdc/digest-service.c @@ -0,0 +1,282 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define HC_DEPRECATED_CRYPTO + +#include "headers.h" +#include +#include +#include +#include + +typedef struct pk_client_params pk_client_params; +struct DigestREQ; +struct Kx509Request; +#include + +krb5_kdc_configuration *config; + +static void +ntlm_service(void *ctx, const heim_idata *req, + const heim_icred cred, + heim_ipc_complete complete, + heim_sipc_call cctx) +{ + NTLMRequest2 ntq; + unsigned char sessionkey[16]; + heim_idata rep = { 0, NULL }; + krb5_context context = ctx; + hdb_entry_ex *user = NULL; + Key *key = NULL; + NTLMReply ntp; + size_t size; + int ret; + const char *domain; + + kdc_log(context, config, 1, "digest-request: uid=%d", + (int)heim_ipc_cred_get_uid(cred)); + + if (heim_ipc_cred_get_uid(cred) != 0) { + (*complete)(cctx, EPERM, NULL); + return; + } + + ntp.success = 0; + ntp.flags = 0; + ntp.sessionkey = NULL; + + ret = decode_NTLMRequest2(req->data, req->length, &ntq, NULL); + if (ret) + goto failed; + + /* XXX forward to NetrLogonSamLogonEx() if not a local domain */ + if (strcmp(ntq.loginDomainName, "BUILTIN") == 0) { + domain = ntq.loginDomainName; + } else if (strcmp(ntq.loginDomainName, "") == 0) { + domain = "BUILTIN"; + } else { + ret = EINVAL; + goto failed; + } + + kdc_log(context, config, 1, "digest-request: user=%s/%s", + ntq.loginUserName, domain); + + if (ntq.lmchallenge.length != 8) + goto failed; + + if (ntq.ntChallengeResponce.length == 0) + goto failed; + + { + krb5_principal client; + + ret = krb5_make_principal(context, &client, domain, + ntq.loginUserName, NULL); + if (ret) + goto failed; + + krb5_principal_set_type(context, client, KRB5_NT_NTLM); + + ret = _kdc_db_fetch(context, config, client, + HDB_F_GET_CLIENT, NULL, NULL, &user); + krb5_free_principal(context, client); + if (ret) + goto failed; + + ret = hdb_enctype2key(context, &user->entry, + ETYPE_ARCFOUR_HMAC_MD5, &key); + if (ret) { + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); + goto failed; + } + } + + kdc_log(context, config, 2, + "digest-request: found user, processing ntlm request", ret); + + if (ntq.ntChallengeResponce.length != 24) { + struct ntlm_buf infotarget, answer; + + answer.length = ntq.ntChallengeResponce.length; + answer.data = ntq.ntChallengeResponce.data; + + ret = heim_ntlm_verify_ntlm2(key->key.keyvalue.data, + key->key.keyvalue.length, + ntq.loginUserName, + ntq.loginDomainName, + 0, + ntq.lmchallenge.data, + &answer, + &infotarget, + sessionkey); + if (ret) { + goto failed; + } + + free(infotarget.data); + /* XXX verify info target */ + + } else { + struct ntlm_buf answer; + + if (ntq.flags & NTLM_NEG_NTLM2_SESSION) { + unsigned char sessionhash[MD5_DIGEST_LENGTH]; + EVP_MD_CTX *md5ctx; + + /* the first first 8 bytes is the challenge, what is the other 16 bytes ? */ + if (ntq.lmChallengeResponce.length != 24) + goto failed; + + md5ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(md5ctx, EVP_md5(), NULL); + EVP_DigestUpdate(md5ctx, ntq.lmchallenge.data, 8); + EVP_DigestUpdate(md5ctx, ntq.lmChallengeResponce.data, 8); + EVP_DigestFinal_ex(md5ctx, sessionhash, NULL); + EVP_MD_CTX_destroy(md5ctx); + memcpy(ntq.lmchallenge.data, sessionhash, ntq.lmchallenge.length); + } + + ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data, + key->key.keyvalue.length, + ntq.lmchallenge.data, &answer); + if (ret) + goto failed; + + if (ntq.ntChallengeResponce.length != answer.length || + memcmp(ntq.ntChallengeResponce.data, answer.data, answer.length) != 0) { + free(answer.data); + ret = EINVAL; + goto failed; + } + free(answer.data); + + { + EVP_MD_CTX *ctxp; + + ctxp = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctxp, EVP_md4(), NULL); + EVP_DigestUpdate(ctxp, key->key.keyvalue.data, key->key.keyvalue.length); + EVP_DigestFinal_ex(ctxp, sessionkey, NULL); + EVP_MD_CTX_destroy(ctxp); + } + } + + ntp.success = 1; + + ASN1_MALLOC_ENCODE(NTLMReply, rep.data, rep.length, &ntp, &size, ret); + if (ret) + goto failed; + if (rep.length != size) + abort(); + + failed: + kdc_log(context, config, 1, "digest-request: %d", ret); + + (*complete)(cctx, ret, &rep); + + free(rep.data); + + free_NTLMRequest2(&ntq); + if (user) + _kdc_free_ent (context, user); +} + +static int help_flag; +static int version_flag; + +static struct getargs args[] = { + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int ret) +{ + arg_printusage (args, num_args, NULL, ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_context context; + int ret, optidx = 0; + + setprogname(argv[0]); + + if (getarg(args, num_args, argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage(0); + + if (version_flag) { + print_version(NULL); + exit(0); + } + + ret = krb5_init_context(&context); + if (ret) + krb5_errx(context, 1, "krb5_init_context"); + + ret = krb5_kdc_get_config(context, &config); + if (ret) + krb5_err(context, 1, ret, "krb5_kdc_default_config"); + + kdc_openlog(context, "digest-service", config); + + ret = krb5_kdc_set_dbinfo(context, config); + if (ret) + krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo"); + +#if __APPLE__ + { + heim_sipc mach; + heim_sipc_launchd_mach_init("org.h5l.ntlm-service", + ntlm_service, context, &mach); + heim_sipc_timeout(60); + } +#endif + { + heim_sipc un; + heim_sipc_service_unix("org.h5l.ntlm-service", ntlm_service, NULL, &un); + } + + heim_ipc_main(); + return 0; +} diff --git a/crypto/heimdal/kdc/digest.c b/crypto/heimdal/kdc/digest.c index b845b0f9a89..5f0d27441a2 100644 --- a/crypto/heimdal/kdc/digest.c +++ b/crypto/heimdal/kdc/digest.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" #include -RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $"); +#ifdef DIGEST #define MS_CHAP_V2 0x20 #define CHAP_MD5 0x10 @@ -44,13 +44,13 @@ RCSID("$Id: digest.c 22374 2007-12-28 18:36:52Z lha $"); #define NTLM_V1 0x01 const struct units _kdc_digestunits[] = { - {"ms-chap-v2", 1U << 5}, - {"chap-md5", 1U << 4}, - {"digest-md5", 1U << 3}, - {"ntlm-v2", 1U << 2}, - {"ntlm-v1-session", 1U << 1}, - {"ntlm-v1", 1U << 0}, - {NULL, 0} + {"ms-chap-v2", 1U << 5}, + {"chap-md5", 1U << 4}, + {"digest-md5", 1U << 3}, + {"ntlm-v2", 1U << 2}, + {"ntlm-v1-session", 1U << 1}, + {"ntlm-v1", 1U << 0}, + {NULL, 0} }; @@ -63,7 +63,7 @@ get_digest_key(krb5_context context, krb5_error_code ret; krb5_enctype enctype; Key *key; - + ret = _kdc_get_preferred_key(context, config, server, @@ -115,17 +115,17 @@ fill_targetinfo(krb5_context context, ti.domainname = targetname; p = client->entry.principal; str = krb5_principal_get_comp_string(context, p, 0); - if (str != NULL && - (strcmp("host", str) == 0 || + if (str != NULL && + (strcmp("host", str) == 0 || strcmp("ftp", str) == 0 || strcmp("imap", str) == 0 || strcmp("pop", str) == 0 || strcmp("smtp", str))) - { - str = krb5_principal_get_comp_string(context, p, 1); - ti.dnsservername = rk_UNCONST(str); - } - + { + str = krb5_principal_get_comp_string(context, p, 1); + ti.dnsservername = rk_UNCONST(str); + } + ret = heim_ntlm_encode_targetinfo(&ti, 1, &d); if (ret) return ret; @@ -177,7 +177,7 @@ get_password_entry(krb5_context context, return ret; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, &db, &user); + HDB_F_GET_CLIENT, NULL, &db, &user); krb5_free_principal(context, clientprincipal); if (ret) return ret; @@ -186,7 +186,7 @@ get_password_entry(krb5_context context, if (ret || password == NULL) { if (ret == 0) { ret = EINVAL; - krb5_set_error_string(context, "password missing"); + krb5_set_error_message(context, ret, "password missing"); } memset(user, 0, sizeof(*user)); } @@ -199,9 +199,9 @@ get_password_entry(krb5_context context, */ krb5_error_code -_kdc_do_digest(krb5_context context, +_kdc_do_digest(krb5_context context, krb5_kdc_configuration *config, - const DigestREQ *req, krb5_data *reply, + const struct DigestREQ *req, krb5_data *reply, const char *from, struct sockaddr *addr) { krb5_error_code ret = 0; @@ -223,7 +223,7 @@ _kdc_do_digest(krb5_context context, krb5_data serverNonce; if(!config->enable_digest) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Rejected digest request (disabled) from %s", from); return KRB5KDC_ERR_POLICY; } @@ -234,6 +234,7 @@ _kdc_do_digest(krb5_context context, memset(&ireq, 0, sizeof(ireq)); memset(&r, 0, sizeof(r)); memset(&rep, 0, sizeof(rep)); + memset(&res, 0, sizeof(res)); kdc_log(context, config, 0, "Digest request from %s", from); @@ -243,7 +244,7 @@ _kdc_do_digest(krb5_context context, goto out; } - ret = krb5_rd_req(context, + ret = krb5_rd_req(context, &ac, &req->apReq, NULL, @@ -256,14 +257,14 @@ _kdc_do_digest(krb5_context context, /* check the server principal in the ticket matches digest/R@R */ { krb5_principal principal = NULL; - const char *p, *r; + const char *p, *rr; ret = krb5_ticket_get_server(context, ticket, &principal); if (ret) goto out; ret = EINVAL; - krb5_set_error_string(context, "Wrong digest server principal used"); + krb5_set_error_message(context, ret, "Wrong digest server principal used"); p = krb5_principal_get_comp_string(context, principal, 0); if (p == NULL) { krb5_free_principal(context, principal); @@ -279,19 +280,19 @@ _kdc_do_digest(krb5_context context, krb5_free_principal(context, principal); goto out; } - r = krb5_principal_get_realm(context, principal); - if (r == NULL) { + rr = krb5_principal_get_realm(context, principal); + if (rr == NULL) { krb5_free_principal(context, principal); goto out; } - if (strcmp(p, r) != 0) { + if (strcmp(p, rr) != 0) { krb5_free_principal(context, principal); goto out; } - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = _kdc_db_fetch(context, config, principal, - HDB_F_GET_SERVER, NULL, &server); + HDB_F_GET_SERVER, NULL, NULL, &server); if (ret) goto out; @@ -313,19 +314,19 @@ _kdc_do_digest(krb5_context context, } ret = _kdc_db_fetch(context, config, principal, - HDB_F_GET_CLIENT, NULL, &client); + HDB_F_GET_CLIENT, NULL, NULL, &client); krb5_free_principal(context, principal); if (ret) goto out; if (client->entry.flags.allow_digest == 0) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Client %s tried to use digest " - "but is not allowed to", + "but is not allowed to", client_name); - krb5_set_error_string(context, - "Client is not permitted to use digest"); ret = KRB5KDC_ERR_POLICY; + krb5_set_error_message(context, ret, + "Client is not permitted to use digest"); goto out; } } @@ -338,8 +339,8 @@ _kdc_do_digest(krb5_context context, if (ret) goto out; if (key == NULL) { - krb5_set_error_string(context, "digest: remote subkey not found"); ret = EINVAL; + krb5_set_error_message(context, ret, "digest: remote subkey not found"); goto out; } @@ -355,15 +356,15 @@ _kdc_do_digest(krb5_context context, crypto = NULL; if (ret) goto out; - + ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL); krb5_data_free(&buf); if (ret) { - krb5_set_error_string(context, "Failed to decode digest inner request"); + krb5_set_error_message(context, ret, "Failed to decode digest inner request"); goto out; } - kdc_log(context, config, 0, "Valid digest request from %s (%s)", + kdc_log(context, config, 0, "Valid digest request from %s (%s)", client_name, from); /* @@ -386,20 +387,20 @@ _kdc_do_digest(krb5_context context, hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce); if (r.u.initReply.nonce == NULL) { - krb5_set_error_string(context, "Failed to decode server nonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode server nonce"); goto out; } sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_store_stringz(sp, ireq.u.init.type); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -410,34 +411,34 @@ _kdc_do_digest(krb5_context context, ireq.u.init.channel->cb_type, ireq.u.init.channel->cb_binding); if (s == NULL) { - krb5_set_error_string(context, "Failed to allocate " - "channel binding"); ret = ENOMEM; + krb5_set_error_message(context, ret, + "Failed to allocate channel binding"); goto out; } free(r.u.initReply.nonce); r.u.initReply.nonce = s; } - + ret = krb5_store_stringz(sp, r.u.initReply.nonce); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } if (strcasecmp(ireq.u.init.type, "CHAP") == 0) { - r.u.initReply.identifier = + r.u.initReply.identifier = malloc(sizeof(*r.u.initReply.identifier)); if (r.u.initReply.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff); if (*r.u.initReply.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -447,14 +448,14 @@ _kdc_do_digest(krb5_context context, if (ireq.u.init.hostname) { ret = krb5_store_stringz(sp, *ireq.u.init.hostname); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } } ret = krb5_storage_to_data(sp, &buf); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -474,12 +475,12 @@ _kdc_do_digest(krb5_context context, krb5_data_free(&buf); if (ret) goto out; - + ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret); free_Checksum(&res); if (ret) { - krb5_set_error_string(context, "Failed to encode " - "checksum in digest request"); + krb5_set_error_message(context, ret, "Failed to encode " + "checksum in digest request"); goto out; } if (size != buf.length) @@ -487,8 +488,9 @@ _kdc_do_digest(krb5_context context, hex_encode(buf.data, buf.length, &r.u.initReply.opaque); free(buf.data); + krb5_data_zero(&buf); if (r.u.initReply.opaque == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -502,12 +504,12 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = krb5_store_stringz(sp, ireq.u.digestRequest.type); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -516,7 +518,7 @@ _kdc_do_digest(krb5_context context, if (ireq.u.digestRequest.hostname) { ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } } @@ -524,52 +526,54 @@ _kdc_do_digest(krb5_context context, buf.length = strlen(ireq.u.digestRequest.opaque); buf.data = malloc(buf.length); if (buf.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length); if (ret <= 0) { - krb5_set_error_string(context, "Failed to decode opaque"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode opaque"); goto out; } buf.length = ret; ret = decode_Checksum(buf.data, buf.length, &res, NULL); free(buf.data); + krb5_data_zero(&buf); if (ret) { - krb5_set_error_string(context, "Failed to decode digest Checksum"); + krb5_set_error_message(context, ret, + "Failed to decode digest Checksum"); goto out; } - + ret = krb5_storage_to_data(sp, &buf); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } serverNonce.length = strlen(ireq.u.digestRequest.serverNonce); serverNonce.data = malloc(serverNonce.length); if (serverNonce.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - + /* * CHAP does the checksum of the raw nonce, but do it for all * types, since we need to check the timestamp. */ { ssize_t ssize; - - ssize = hex_decode(ireq.u.digestRequest.serverNonce, + + ssize = hex_decode(ireq.u.digestRequest.serverNonce, serverNonce.data, serverNonce.length); if (ssize <= 0) { - krb5_set_error_string(context, "Failed to decode serverNonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Failed to decode serverNonce"); goto out; } serverNonce.length = ssize; @@ -579,9 +583,11 @@ _kdc_do_digest(krb5_context context, if (ret) goto out; - ret = krb5_verify_checksum(context, crypto, + ret = krb5_verify_checksum(context, crypto, KRB5_KU_DIGEST_OPAQUE, buf.data, buf.length, &res); + free_Checksum(&res); + krb5_data_free(&buf); krb5_crypto_destroy(context, crypto); crypto = NULL; if (ret) @@ -591,26 +597,26 @@ _kdc_do_digest(krb5_context context, { unsigned char *p = serverNonce.data; uint32_t t; - + if (serverNonce.length < 4) { - krb5_set_error_string(context, "server nonce too short"); ret = EINVAL; + krb5_set_error_message(context, ret, "server nonce too short"); goto out; } t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) { - krb5_set_error_string(context, "time screw in server nonce "); ret = EINVAL; + krb5_set_error_message(context, ret, "time screw in server nonce "); goto out; } } if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md[MD5_DIGEST_LENGTH]; char *mdx; - char id; + char idx; if ((config->digests_allowed & CHAP_MD5) == 0) { kdc_log(context, config, 0, "Digest CHAP MD5 not allowed"); @@ -618,33 +624,37 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.digestRequest.identifier == NULL) { - krb5_set_error_string(context, "Identifier missing " - "from CHAP request"); ret = EINVAL; + krb5_set_error_message(context, ret, "Identifier missing " + "from CHAP request"); goto out; } - - if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { - krb5_set_error_string(context, "failed to decode identifier"); + + if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) { ret = EINVAL; + krb5_set_error_message(context, ret, "failed to decode identifier"); goto out; } - - ret = get_password_entry(context, config, + + ret = get_password_entry(context, config, ireq.u.digestRequest.username, &password); if (ret) goto out; - MD5_Init(&ctx); - MD5_Update(&ctx, &id, 1); - MD5_Update(&ctx, password, strlen(password)); - MD5_Update(&ctx, serverNonce.data, serverNonce.length); - MD5_Final(md, &ctx); + ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, &idx, 1); + EVP_DigestUpdate(ctx, password, strlen(password)); + EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); + EVP_DigestFinal_ex(ctx, md, NULL); + + EVP_MD_CTX_destroy(ctx); hex_encode(md, sizeof(md), &mdx); if (mdx == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -656,14 +666,14 @@ _kdc_do_digest(krb5_context context, if (ret == 0) { r.u.response.success = TRUE; } else { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "CHAP reply mismatch for %s", ireq.u.digestRequest.username); r.u.response.success = FALSE; } } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md[MD5_DIGEST_LENGTH]; char *mdx; char *A1, *A2; @@ -673,97 +683,104 @@ _kdc_do_digest(krb5_context context, goto out; } - if (ireq.u.digestRequest.nonceCount == NULL) + if (ireq.u.digestRequest.nonceCount == NULL) goto out; - if (ireq.u.digestRequest.clientNonce == NULL) + if (ireq.u.digestRequest.clientNonce == NULL) goto out; - if (ireq.u.digestRequest.qop == NULL) + if (ireq.u.digestRequest.qop == NULL) goto out; - if (ireq.u.digestRequest.realm == NULL) + if (ireq.u.digestRequest.realm == NULL) goto out; - - ret = get_password_entry(context, config, + + ret = get_password_entry(context, config, ireq.u.digestRequest.username, &password); if (ret) goto failed; - MD5_Init(&ctx); - MD5_Update(&ctx, ireq.u.digestRequest.username, + ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, ireq.u.digestRequest.username, strlen(ireq.u.digestRequest.username)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, *ireq.u.digestRequest.realm, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.realm, strlen(*ireq.u.digestRequest.realm)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, password, strlen(password)); - MD5_Final(md, &ctx); - - MD5_Init(&ctx); - MD5_Update(&ctx, md, sizeof(md)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, ireq.u.digestRequest.serverNonce, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, password, strlen(password)); + EVP_DigestFinal_ex(ctx, md, NULL); + + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, md, sizeof(md)); + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce, strlen(ireq.u.digestRequest.serverNonce)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount, strlen(*ireq.u.digestRequest.nonceCount)); if (ireq.u.digestRequest.authid) { - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, *ireq.u.digestRequest.authid, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.authid, strlen(*ireq.u.digestRequest.authid)); } - MD5_Final(md, &ctx); + EVP_DigestFinal_ex(ctx, md, NULL); hex_encode(md, sizeof(md), &A1); if (A1 == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + EVP_MD_CTX_destroy(ctx); goto failed; } - - MD5_Init(&ctx); - MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1); - MD5_Update(&ctx, *ireq.u.digestRequest.uri, + + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, + "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.uri, strlen(*ireq.u.digestRequest.uri)); - + /* conf|int */ if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) { static char conf_zeros[] = ":00000000000000000000000000000000"; - MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1); + EVP_DigestUpdate(ctx, conf_zeros, sizeof(conf_zeros) - 1); } - - MD5_Final(md, &ctx); + + EVP_DigestFinal_ex(ctx, md, NULL); + hex_encode(md, sizeof(md), &A2); if (A2 == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); free(A1); goto failed; } - MD5_Init(&ctx); - MD5_Update(&ctx, A1, strlen(A2)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, ireq.u.digestRequest.serverNonce, + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, A1, strlen(A2)); + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, ireq.u.digestRequest.serverNonce, strlen(ireq.u.digestRequest.serverNonce)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.nonceCount, strlen(*ireq.u.digestRequest.nonceCount)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.clientNonce, strlen(*ireq.u.digestRequest.clientNonce)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, *ireq.u.digestRequest.qop, + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, *ireq.u.digestRequest.qop, strlen(*ireq.u.digestRequest.qop)); - MD5_Update(&ctx, ":", 1); - MD5_Update(&ctx, A2, strlen(A2)); + EVP_DigestUpdate(ctx, ":", 1); + EVP_DigestUpdate(ctx, A2, strlen(A2)); - MD5_Final(md, &ctx); + EVP_DigestFinal_ex(ctx, md, NULL); + + EVP_MD_CTX_destroy(ctx); free(A1); free(A2); hex_encode(md, sizeof(md), &mdx); if (mdx == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -774,7 +791,7 @@ _kdc_do_digest(krb5_context context, if (ret == 0) { r.u.response.success = TRUE; } else { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "DIGEST-MD5 reply mismatch for %s", ireq.u.digestRequest.username); r.u.response.success = FALSE; @@ -787,7 +804,7 @@ _kdc_do_digest(krb5_context context, const char *username; struct ntlm_buf answer; Key *key = NULL; - SHA_CTX ctx; + EVP_MD_CTX *ctp; if ((config->digests_allowed & MS_CHAP_V2) == 0) { kdc_log(context, config, 0, "MS-CHAP-V2 not allowed"); @@ -795,15 +812,15 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.digestRequest.clientNonce == NULL) { - krb5_set_error_string(context, - "MS-CHAP-V2 clientNonce missing"); ret = EINVAL; + krb5_set_error_message(context, ret, + "MS-CHAP-V2 clientNonce missing"); goto failed; - } + } if (serverNonce.length != 16) { - krb5_set_error_string(context, - "MS-CHAP-V2 serverNonce wrong length"); ret = EINVAL; + krb5_set_error_message(context, ret, + "MS-CHAP-V2 serverNonce wrong length"); goto failed; } @@ -814,56 +831,64 @@ _kdc_do_digest(krb5_context context, else username++; + ctp = EVP_MD_CTX_create(); + /* ChallangeHash */ - SHA1_Init(&ctx); + EVP_DigestInit_ex(ctp, EVP_sha1(), NULL); { ssize_t ssize; krb5_data clientNonce; - + clientNonce.length = strlen(*ireq.u.digestRequest.clientNonce); clientNonce.data = malloc(clientNonce.length); if (clientNonce.data == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, + "malloc: out of memory"); + EVP_MD_CTX_destroy(ctp); goto out; } - ssize = hex_decode(*ireq.u.digestRequest.clientNonce, + ssize = hex_decode(*ireq.u.digestRequest.clientNonce, clientNonce.data, clientNonce.length); if (ssize != 16) { - krb5_set_error_string(context, - "Failed to decode clientNonce"); ret = ENOMEM; + krb5_set_error_message(context, ret, + "Failed to decode clientNonce"); + EVP_MD_CTX_destroy(ctp); goto out; } - SHA1_Update(&ctx, clientNonce.data, ssize); + EVP_DigestUpdate(ctp, clientNonce.data, ssize); free(clientNonce.data); } - SHA1_Update(&ctx, serverNonce.data, serverNonce.length); - SHA1_Update(&ctx, username, strlen(username)); - SHA1_Final(challange, &ctx); + EVP_DigestUpdate(ctp, serverNonce.data, serverNonce.length); + EVP_DigestUpdate(ctp, username, strlen(username)); + + EVP_DigestFinal_ex(ctp, challange, NULL); + + EVP_MD_CTX_destroy(ctp); /* NtPasswordHash */ ret = krb5_parse_name(context, username, &clientprincipal); if (ret) goto failed; - + ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, NULL, &user); + HDB_F_GET_CLIENT, NULL, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { - krb5_set_error_string(context, - "MS-CHAP-V2 user %s not in database", - username); + krb5_set_error_message(context, ret, + "MS-CHAP-V2 user %s not in database", + username); goto failed; } - ret = hdb_enctype2key(context, &user->entry, + ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { - krb5_set_error_string(context, - "MS-CHAP-V2 missing arcfour key %s", - username); + krb5_set_error_message(context, ret, + "MS-CHAP-V2 missing arcfour key %s", + username); goto failed; } @@ -872,14 +897,14 @@ _kdc_do_digest(krb5_context context, key->key.keyvalue.length, challange, &answer); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } - + hex_encode(answer.data, answer.length, &mdx); if (mdx == NULL) { free(answer.data); - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -889,7 +914,7 @@ _kdc_do_digest(krb5_context context, if (ret == 0) { r.u.response.success = TRUE; } else { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "MS-CHAP-V2 hash mismatch for %s", ireq.u.digestRequest.username); r.u.response.success = FALSE; @@ -898,34 +923,39 @@ _kdc_do_digest(krb5_context context, if (r.u.response.success) { unsigned char hashhash[MD4_DIGEST_LENGTH]; + EVP_MD_CTX *ctxp; + + ctxp = EVP_MD_CTX_create(); /* hashhash */ { - MD4_CTX hctx; - - MD4_Init(&hctx); - MD4_Update(&hctx, key->key.keyvalue.data, - key->key.keyvalue.length); - MD4_Final(hashhash, &hctx); + EVP_DigestInit_ex(ctxp, EVP_md4(), NULL); + EVP_DigestUpdate(ctxp, + key->key.keyvalue.data, + key->key.keyvalue.length); + EVP_DigestFinal_ex(ctxp, hashhash, NULL); } /* GenerateAuthenticatorResponse */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, hashhash, sizeof(hashhash)); - SHA1_Update(&ctx, answer.data, answer.length); - SHA1_Update(&ctx, ms_chap_v2_magic1,sizeof(ms_chap_v2_magic1)); - SHA1_Final(md, &ctx); + EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxp, hashhash, sizeof(hashhash)); + EVP_DigestUpdate(ctxp, answer.data, answer.length); + EVP_DigestUpdate(ctxp, ms_chap_v2_magic1, + sizeof(ms_chap_v2_magic1)); + EVP_DigestFinal_ex(ctxp, md, NULL); - SHA1_Init(&ctx); - SHA1_Update(&ctx, md, sizeof(md)); - SHA1_Update(&ctx, challange, 8); - SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2)); - SHA1_Final(md, &ctx); + EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxp, md, sizeof(md)); + EVP_DigestUpdate(ctxp, challange, 8); + EVP_DigestUpdate(ctxp, ms_chap_v2_magic2, + sizeof(ms_chap_v2_magic2)); + EVP_DigestFinal_ex(ctxp, md, NULL); r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp)); if (r.u.response.rsp == NULL) { free(answer.data); - krb5_clear_error_string(context); + krb5_clear_error_message(context); + EVP_MD_CTX_destroy(ctxp); ret = ENOMEM; goto out; } @@ -933,42 +963,46 @@ _kdc_do_digest(krb5_context context, hex_encode(md, sizeof(md), r.u.response.rsp); if (r.u.response.rsp == NULL) { free(answer.data); - krb5_clear_error_string(context); + krb5_clear_error_message(context); + EVP_MD_CTX_destroy(ctxp); ret = ENOMEM; goto out; } /* get_master, rfc 3079 3.4 */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, hashhash, 16); /* md4(hash) */ - SHA1_Update(&ctx, answer.data, answer.length); - SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1)); - SHA1_Final(md, &ctx); + EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxp, hashhash, 16); + EVP_DigestUpdate(ctxp, answer.data, answer.length); + EVP_DigestUpdate(ctxp, ms_rfc3079_magic1, + sizeof(ms_rfc3079_magic1)); + EVP_DigestFinal_ex(ctxp, md, NULL); free(answer.data); - r.u.response.session_key = + EVP_MD_CTX_destroy(ctxp); + + r.u.response.session_key = calloc(1, sizeof(*r.u.response.session_key)); if (r.u.response.session_key == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } ret = krb5_data_copy(r.u.response.session_key, md, 16); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } } } else { r.element = choice_DigestRepInner_error; - asprintf(&r.u.error.reason, "Unsupported digest type %s", + asprintf(&r.u.error.reason, "Unsupported digest type %s", ireq.u.digestRequest.type); if (r.u.error.reason == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.error.code = EINVAL; @@ -1002,7 +1036,7 @@ _kdc_do_digest(krb5_context context, goto failed; } - r.u.ntlmInitReply.flags |= + r.u.ntlmInitReply.flags |= NTLM_NEG_TARGET | NTLM_TARGET_DOMAIN | NTLM_ENC_128; @@ -1018,32 +1052,32 @@ _kdc_do_digest(krb5_context context, #undef ALL - r.u.ntlmInitReply.targetname = + r.u.ntlmInitReply.targetname = get_ntlm_targetname(context, client); if (r.u.ntlmInitReply.targetname == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.ntlmInitReply.challange.data = malloc(8); if (r.u.ntlmInitReply.challange.data == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.ntlmInitReply.challange.length = 8; if (RAND_bytes(r.u.ntlmInitReply.challange.data, - r.u.ntlmInitReply.challange.length) != 1) - { - krb5_set_error_string(context, "out of random error"); - ret = ENOMEM; - goto out; - } + r.u.ntlmInitReply.challange.length) != 1) + { + ret = ENOMEM; + krb5_set_error_message(context, ret, "out of random error"); + goto out; + } /* XXX fix targetinfo */ ALLOC(r.u.ntlmInitReply.targetinfo); if (r.u.ntlmInitReply.targetinfo == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1052,37 +1086,37 @@ _kdc_do_digest(krb5_context context, client, r.u.ntlmInitReply.targetinfo); if (ret) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - /* + /* * Save data encryted in opaque for the second part of the * ntlm authentication */ sp = krb5_storage_emem(); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - + ret = krb5_storage_write(sp, r.u.ntlmInitReply.challange.data, 8); if (ret != 8) { ret = ENOMEM; - krb5_set_error_string(context, "storage write challange"); + krb5_set_error_message(context, ret, "storage write challange"); goto out; } ret = krb5_store_uint32(sp, r.u.ntlmInitReply.flags); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } ret = krb5_storage_to_data(sp, &buf); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -1109,7 +1143,7 @@ _kdc_do_digest(krb5_context context, uint32_t flags; Key *key = NULL; int version; - + r.element = choice_DigestRepInner_ntlmResponse; r.u.ntlmResponse.success = 0; r.u.ntlmResponse.flags = 0; @@ -1124,11 +1158,11 @@ _kdc_do_digest(krb5_context context, goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, NULL, &user); + HDB_F_GET_CLIENT, NULL, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { - krb5_set_error_string(context, "NTLM user %s not in database", - ireq.u.ntlmRequest.username); + krb5_set_error_message(context, ret, "NTLM user %s not in database", + ireq.u.ntlmRequest.username); goto failed; } @@ -1142,7 +1176,7 @@ _kdc_do_digest(krb5_context context, krb5_crypto_destroy(context, crypto); crypto = NULL; if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed to decrypt nonce from %s", from); goto failed; } @@ -1150,33 +1184,35 @@ _kdc_do_digest(krb5_context context, sp = krb5_storage_from_data(&buf); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - + ret = krb5_storage_read(sp, challange, sizeof(challange)); if (ret != sizeof(challange)) { - krb5_set_error_string(context, "NTLM storage read challange"); ret = ENOMEM; + krb5_set_error_message(context, ret, "NTLM storage read challange"); goto out; } ret = krb5_ret_uint32(sp, &flags); if (ret) { - krb5_set_error_string(context, "NTLM storage read flags"); + krb5_set_error_message(context, ret, "NTLM storage read flags"); goto out; } + krb5_storage_free(sp); + sp = NULL; krb5_data_free(&buf); if ((flags & NTLM_NEG_NTLM) == 0) { ret = EINVAL; - krb5_set_error_string(context, "NTLM not negotiated"); + krb5_set_error_message(context, ret, "NTLM not negotiated"); goto out; } - ret = hdb_enctype2key(context, &user->entry, + ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto out; } @@ -1194,8 +1230,8 @@ _kdc_do_digest(krb5_context context, targetname = get_ntlm_targetname(context, client); if (targetname == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -1213,7 +1249,7 @@ _kdc_do_digest(krb5_context context, sessionkey); free(targetname); if (ret) { - krb5_set_error_string(context, "NTLM v2 verify failed"); + krb5_set_error_message(context, ret, "NTLM v2 verify failed"); goto failed; } @@ -1229,8 +1265,8 @@ _kdc_do_digest(krb5_context context, if (flags & NTLM_NEG_NTLM2_SESSION) { unsigned char sessionhash[MD5_DIGEST_LENGTH]; - MD5_CTX md5ctx; - + EVP_MD_CTX *ctx; + if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { kdc_log(context, config, 0, "NTLM v1-session not allowed"); ret = EINVAL; @@ -1238,91 +1274,105 @@ _kdc_do_digest(krb5_context context, } if (ireq.u.ntlmRequest.lm.length != 24) { - krb5_set_error_string(context, "LM hash have wrong length " - "for NTLM session key"); ret = EINVAL; + krb5_set_error_message(context, ret, "LM hash have wrong length " + "for NTLM session key"); goto failed; } - - MD5_Init(&md5ctx); - MD5_Update(&md5ctx, challange, sizeof(challange)); - MD5_Update(&md5ctx, ireq.u.ntlmRequest.lm.data, 8); - MD5_Final(sessionhash, &md5ctx); + + ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + + EVP_DigestUpdate(ctx, challange, sizeof(challange)); + EVP_DigestUpdate(ctx, ireq.u.ntlmRequest.lm.data, 8); + EVP_DigestFinal_ex(ctx, sessionhash, NULL); memcpy(challange, sessionhash, sizeof(challange)); + + EVP_MD_CTX_destroy(ctx); + } else { if ((config->digests_allowed & NTLM_V1) == 0) { kdc_log(context, config, 0, "NTLM v1 not allowed"); goto failed; } } - + ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data, key->key.keyvalue.length, challange, &answer); if (ret) { - krb5_set_error_string(context, "NTLM missing arcfour key"); + krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } - + if (ireq.u.ntlmRequest.ntlm.length != answer.length || memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0) - { - free(answer.data); - ret = EINVAL; - krb5_set_error_string(context, "NTLM hash mismatch"); - goto failed; - } + { + free(answer.data); + ret = EINVAL; + krb5_set_error_message(context, ret, "NTLM hash mismatch"); + goto failed; + } free(answer.data); { - MD4_CTX ctx; + EVP_MD_CTX *ctx; - MD4_Init(&ctx); - MD4_Update(&ctx, - key->key.keyvalue.data, key->key.keyvalue.length); - MD4_Final(sessionkey, &ctx); + ctx = EVP_MD_CTX_create(); + + EVP_DigestInit_ex(ctx, EVP_md4(), NULL); + EVP_DigestUpdate(ctx, + key->key.keyvalue.data, + key->key.keyvalue.length); + EVP_DigestFinal_ex(ctx, sessionkey, NULL); + + EVP_MD_CTX_destroy(ctx); } } if (ireq.u.ntlmRequest.sessionkey) { unsigned char masterkey[MD4_DIGEST_LENGTH]; - RC4_KEY rc4; + EVP_CIPHER_CTX rc4; size_t len; - + if ((flags & NTLM_NEG_KEYEX) == 0) { - krb5_set_error_string(context, - "NTLM client failed to neg key " - "exchange but still sent key"); ret = EINVAL; + krb5_set_error_message(context, ret, + "NTLM client failed to neg key " + "exchange but still sent key"); goto failed; } - + len = ireq.u.ntlmRequest.sessionkey->length; if (len != sizeof(masterkey)){ - krb5_set_error_string(context, - "NTLM master key wrong length: %lu", - (unsigned long)len); + ret = EINVAL; + krb5_set_error_message(context, ret, + "NTLM master key wrong length: %lu", + (unsigned long)len); goto failed; } - - RC4_set_key(&rc4, sizeof(sessionkey), sessionkey); - - RC4(&rc4, sizeof(masterkey), - ireq.u.ntlmRequest.sessionkey->data, - masterkey); - memset(&rc4, 0, sizeof(rc4)); - - r.u.ntlmResponse.sessionkey = + + + EVP_CIPHER_CTX_init(&rc4); + EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); + EVP_Cipher(&rc4, + masterkey, ireq.u.ntlmRequest.sessionkey->data, + sizeof(masterkey)); + EVP_CIPHER_CTX_cleanup(&rc4); + + r.u.ntlmResponse.sessionkey = malloc(sizeof(*r.u.ntlmResponse.sessionkey)); if (r.u.ntlmResponse.sessionkey == NULL) { - krb5_set_error_string(context, "out of memory"); + ret = EINVAL; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - + ret = krb5_data_copy(r.u.ntlmResponse.sessionkey, masterkey, sizeof(masterkey)); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1354,26 +1404,26 @@ _kdc_do_digest(krb5_context context, break; default: { - char *s; - krb5_set_error_string(context, "unknown operation to digest"); + const char *s; ret = EINVAL; + krb5_set_error_message(context, ret, "unknown operation to digest"); - failed: + failed: s = krb5_get_error_message(context, ret); if (s == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } - + kdc_log(context, config, 0, "Digest failed with: %s", s); r.element = choice_DigestRepInner_error; r.u.error.reason = strdup("unknown error"); - krb5_free_error_string(context, s); + krb5_free_error_message(context, s); if (r.u.error.reason == NULL) { - krb5_set_error_string(context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } r.u.error.code = EINVAL; @@ -1383,7 +1433,7 @@ _kdc_do_digest(krb5_context context, ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode inner digest reply"); + krb5_set_error_message(context, ret, "Failed to encode inner digest reply"); goto out; } if (size != buf.length) @@ -1408,20 +1458,20 @@ _kdc_do_digest(krb5_context context, goto out; } - ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT, buf.data, buf.length, 0, &rep.innerRep); - + ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode digest reply"); + krb5_set_error_message(context, ret, "Failed to encode digest reply"); goto out; } if (size != reply->length) krb5_abortx(context, "ASN1 internal error"); - -out: + + out: if (ac) krb5_auth_con_free(context, ac); if (ret) @@ -1448,9 +1498,12 @@ out: free (client_name); krb5_data_free(&buf); krb5_data_free(&serverNonce); + free_Checksum(&res); free_DigestREP(&rep); free_DigestRepInner(&r); free_DigestReqInner(&ireq); return ret; } + +#endif /* DIGEST */ diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h index bdbc1563e55..aced5ce6170 100644 --- a/crypto/heimdal/kdc/headers.h +++ b/crypto/heimdal/kdc/headers.h @@ -1,47 +1,45 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* - * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $ - * $FreeBSD$ +/* + * $Id$ */ #ifndef __HEADERS_H__ #define __HEADERS_H__ -#ifdef HAVE_CONFIG_H #include -#endif + #include #include #include @@ -92,17 +90,24 @@ #include #include #include +#ifdef DIGEST #include +#endif +#ifdef KX509 #include +#endif #include #include #include +#ifndef NO_NTLM #include +#endif +#include #include #undef ALLOC -#define ALLOC(X) ((X) = malloc(sizeof(*(X)))) +#define ALLOC(X) ((X) = calloc(1, sizeof(*(X)))) #undef ALLOC_SEQ #define ALLOC_SEQ(X, N) do { (X)->len = (N); \ (X)->val = calloc((X)->len, sizeof(*(X)->val)); } while(0) diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8 index 99fc9784bd9..973235f2ae4 100644 --- a/crypto/heimdal/kdc/hprop.8 +++ b/crypto/heimdal/kdc/hprop.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: hprop.8 20456 2007-04-19 20:29:42Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd December 8, 2004 .Dt HPROP 8 @@ -41,37 +41,36 @@ .Nm .Bk -words .Oo Fl m Ar file \*(Ba Xo -.Fl -master-key= Ns Pa file +.Fl Fl master-key= Ns Pa file .Xc .Oc .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Pa file +.Fl Fl database= Ns Pa file .Xc .Oc -.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver +.Op Fl Fl source= Ns Ar heimdal|mit-dump .Oo Fl r Ar string \*(Ba Xo -.Fl -v4-realm= Ns Ar string +.Fl Fl v4-realm= Ns Ar string .Xc .Oc .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc -.Op Fl S | Fl -kaspecials .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc .Oo Fl R Ar string \*(Ba Xo -.Fl -v5-realm= Ns Ar string +.Fl Fl v5-realm= Ns Ar string .Xc .Oc -.Op Fl D | Fl -decrypt -.Op Fl E | Fl -encrypt -.Op Fl n | Fl -stdout -.Op Fl v | Fl -verbose -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl D | Fl Fl decrypt +.Op Fl E | Fl Fl encrypt +.Op Fl n | Fl Fl stdout +.Op Fl v | Fl Fl verbose +.Op Fl Fl version +.Op Fl h | Fl Fl help .Op Ar host Ns Op : Ns Ar port .Ar ... .Ek @@ -90,101 +89,42 @@ specified on the command by opening a TCP connection to port 754 .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl m Ar file , -.Fl -master-key= Ns Pa file -.Xc +.It Fl m Ar file , Fl Fl master-key= Ns Pa file Where to find the master key to encrypt or decrypt keys with. -.It Xo -.Fl d Ar file , -.Fl -database= Ns Pa file -.Xc +.It Fl d Ar file , Fl Fl database= Ns Pa file The database to be propagated. -.It Xo -.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver -.Xc +.It Fl Fl source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver Specifies the type of the source database. Alternatives include: .Pp -.Bl -tag -width krb4-dump -compact -offset indent +.Bl -tag -width mit-dump -compact -offset indent .It heimdal a Heimdal database .It mit-dump a MIT Kerberos 5 dump file -.It krb4-dump -a Kerberos 4 dump file -.It kaserver -an AFS kaserver database .El -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc ++.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key -.Pa kadmin/hprop +.Pa hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database. -.It Xo -.Fl R Ar string , -.Fl -v5-realm= Ns Ar string -.Xc +.It Fl R Ar string , Fl Fl v5-realm= Ns Ar string Local realm override. -.It Xo -.Fl D , -.Fl -decrypt -.Xc +.It Fl D , Fl Fl decrypt The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys. -.It Xo -.Fl E , -.Fl -encrypt -.Xc +.It Fl E , Fl Fl encrypt This option transmits the database with encrypted keys. -.It Xo -.Fl n , -.Fl -stdout -.Xc +.It Fl n , Fl Fl stdout Dump the database on stdout, in a format that can be fed to hpropd. .El -.Pp -The following options are only valid if -.Nm hprop -is compiled with support for Kerberos 4 (kaserver). -.Bl -tag -width Ds -.It Xo -.Fl r Ar string , -.Fl -v4-realm= Ns Ar string -.Xc -v4 realm to use. -.It Xo -.Fl c Ar cell , -.Fl -cell= Ns Ar cell -.Xc -The AFS cell name, used if reading a kaserver database. -.It Xo -.Fl S , -.Fl -kaspecials -.Xc -Also dump the principals marked as special in the kaserver database. -.It Xo -.Fl K , -.Fl -ka-db -.Xc -Deprecated, identical to -.Sq --source=kaserver . -.El .Sh EXAMPLES The following will propagate a database to another machine (which should run -.Xr hpropd 8 ): +.Xr hpropd 8 ) : .Bd -literal -offset indent $ hprop slave-1 slave-2 .Ed -.Pp -Convert a Kerberos 4 dump-file for use with a Heimdal KDC: -.Bd -literal -offset indent -$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n -.Ed .Sh SEE ALSO .Xr hpropd 8 diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c index e5b7fd11fb4..b68f159ef23 100644 --- a/crypto/heimdal/kdc/hprop.c +++ b/crypto/heimdal/kdc/hprop.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "hprop.h" +#define KRB5_DEPRECATED /* uses v4 functions that will die */ -RCSID("$Id: hprop.c 21745 2007-07-31 16:11:25Z lha $"); +#include "hprop.h" static int version_flag; static int help_flag; @@ -48,12 +48,6 @@ static hdb_master_key mkey5; static char *source_type; -static char *afs_cell; -static char *v4_realm; - -static int kaspecials_flag; -static int ka_use_null_salt; - static char *local_realm=NULL; static int @@ -72,7 +66,7 @@ open_socket(krb5_context context, const char *hostname, const char *port) warnx ("%s: %s", hostname, gai_strerror(error)); return -1; } - + for (a = ai; a != NULL; a = a->ai_next) { int s; @@ -112,7 +106,7 @@ v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata) krb5_warn(context, ret, "hdb_unseal_keys_mkey"); return ret; } - } + } ret = hdb_entry2value(context, &entry->entry, &data); if(ret) { @@ -123,310 +117,29 @@ v5_prop(krb5_context context, HDB *db, hdb_entry_ex *entry, void *appdata) if(to_stdout) ret = krb5_write_message(context, &pd->sock, &data); else - ret = krb5_write_priv_message(context, pd->auth_context, + ret = krb5_write_priv_message(context, pd->auth_context, &pd->sock, &data); krb5_data_free(&data); return ret; } -int -v4_prop(void *arg, struct v4_principal *p) -{ - struct prop_data *pd = arg; - hdb_entry_ex ent; - krb5_error_code ret; - - memset(&ent, 0, sizeof(ent)); - - ret = krb5_425_conv_principal(pd->context, p->name, p->instance, v4_realm, - &ent.entry.principal); - if(ret) { - krb5_warn(pd->context, ret, - "krb5_425_conv_principal %s.%s@%s", - p->name, p->instance, v4_realm); - return 0; - } - - if(verbose_flag) { - char *s; - krb5_unparse_name_short(pd->context, ent.entry.principal, &s); - krb5_warnx(pd->context, "%s.%s -> %s", p->name, p->instance, s); - free(s); - } - - ent.entry.kvno = p->kvno; - ent.entry.keys.len = 3; - ent.entry.keys.val = malloc(ent.entry.keys.len * sizeof(*ent.entry.keys.val)); - if (ent.entry.keys.val == NULL) - krb5_errx(pd->context, ENOMEM, "malloc"); - if(p->mkvno != -1) { - ent.entry.keys.val[0].mkvno = malloc (sizeof(*ent.entry.keys.val[0].mkvno)); - if (ent.entry.keys.val[0].mkvno == NULL) - krb5_errx(pd->context, ENOMEM, "malloc"); - *(ent.entry.keys.val[0].mkvno) = p->mkvno; - } else - ent.entry.keys.val[0].mkvno = NULL; - ent.entry.keys.val[0].salt = calloc(1, sizeof(*ent.entry.keys.val[0].salt)); - if (ent.entry.keys.val[0].salt == NULL) - krb5_errx(pd->context, ENOMEM, "calloc"); - ent.entry.keys.val[0].salt->type = KRB5_PADATA_PW_SALT; - ent.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5; - krb5_data_alloc(&ent.entry.keys.val[0].key.keyvalue, DES_KEY_SZ); - memcpy(ent.entry.keys.val[0].key.keyvalue.data, p->key, 8); - - copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[1]); - ent.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; - copy_Key(&ent.entry.keys.val[0], &ent.entry.keys.val[2]); - ent.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC; - - { - int life = _krb5_krb_life_to_time(0, p->max_life); - if(life == NEVERDATE){ - ent.entry.max_life = NULL; - } else { - /* clean up lifetime a bit */ - if(life > 86400) - life = (life + 86399) / 86400 * 86400; - else if(life > 3600) - life = (life + 3599) / 3600 * 3600; - ALLOC(ent.entry.max_life); - *ent.entry.max_life = life; - } - } - - ALLOC(ent.entry.valid_end); - *ent.entry.valid_end = p->exp_date; - - ret = krb5_make_principal(pd->context, &ent.entry.created_by.principal, - v4_realm, - "kadmin", - "hprop", - NULL); - if(ret){ - krb5_warn(pd->context, ret, "krb5_make_principal"); - ret = 0; - goto out; - } - ent.entry.created_by.time = time(NULL); - ALLOC(ent.entry.modified_by); - ret = krb5_425_conv_principal(pd->context, p->mod_name, p->mod_instance, - v4_realm, &ent.entry.modified_by->principal); - if(ret){ - krb5_warn(pd->context, ret, "%s.%s@%s", p->name, p->instance, v4_realm); - ent.entry.modified_by->principal = NULL; - ret = 0; - goto out; - } - ent.entry.modified_by->time = p->mod_date; - - ent.entry.flags.forwardable = 1; - ent.entry.flags.renewable = 1; - ent.entry.flags.proxiable = 1; - ent.entry.flags.postdate = 1; - ent.entry.flags.client = 1; - ent.entry.flags.server = 1; - - /* special case password changing service */ - if(strcmp(p->name, "changepw") == 0 && - strcmp(p->instance, "kerberos") == 0) { - ent.entry.flags.forwardable = 0; - ent.entry.flags.renewable = 0; - ent.entry.flags.proxiable = 0; - ent.entry.flags.postdate = 0; - ent.entry.flags.initial = 1; - ent.entry.flags.change_pw = 1; - } - - ret = v5_prop(pd->context, NULL, &ent, pd); - - if (strcmp (p->name, "krbtgt") == 0 - && strcmp (v4_realm, p->instance) != 0) { - krb5_free_principal (pd->context, ent.entry.principal); - ret = krb5_425_conv_principal (pd->context, p->name, - v4_realm, p->instance, - &ent.entry.principal); - if (ret == 0) - ret = v5_prop (pd->context, NULL, &ent, pd); - } - - out: - hdb_free_entry(pd->context, &ent); - return ret; -} - -#include "kadb.h" - -/* read a `ka_entry' from `fd' at offset `pos' */ -static void -read_block(krb5_context context, int fd, int32_t pos, void *buf, size_t len) -{ - krb5_error_code ret; -#ifdef HAVE_PREAD - if((ret = pread(fd, buf, len, 64 + pos)) < 0) - krb5_err(context, 1, errno, "pread(%u)", 64 + pos); -#else - if(lseek(fd, 64 + pos, SEEK_SET) == (off_t)-1) - krb5_err(context, 1, errno, "lseek(%u)", 64 + pos); - ret = read(fd, buf, len); - if(ret < 0) - krb5_err(context, 1, errno, "read(%lu)", (unsigned long)len); -#endif - if(ret != len) - krb5_errx(context, 1, "read(%lu) = %u", (unsigned long)len, ret); -} - -static int -ka_convert(struct prop_data *pd, int fd, struct ka_entry *ent) -{ - int32_t flags = ntohl(ent->flags); - krb5_error_code ret; - hdb_entry_ex hdb; - - if(!kaspecials_flag - && (flags & KAFNORMAL) == 0) /* remove special entries */ - return 0; - memset(&hdb, 0, sizeof(hdb)); - ret = krb5_425_conv_principal(pd->context, ent->name, ent->instance, - v4_realm, &hdb.entry.principal); - if(ret) { - krb5_warn(pd->context, ret, - "krb5_425_conv_principal (%s.%s@%s)", - ent->name, ent->instance, v4_realm); - return 0; - } - hdb.entry.kvno = ntohl(ent->kvno); - hdb.entry.keys.len = 3; - hdb.entry.keys.val = - malloc(hdb.entry.keys.len * sizeof(*hdb.entry.keys.val)); - if (hdb.entry.keys.val == NULL) - krb5_errx(pd->context, ENOMEM, "malloc"); - hdb.entry.keys.val[0].mkvno = NULL; - hdb.entry.keys.val[0].salt = calloc(1, sizeof(*hdb.entry.keys.val[0].salt)); - if (hdb.entry.keys.val[0].salt == NULL) - krb5_errx(pd->context, ENOMEM, "calloc"); - if (ka_use_null_salt) { - hdb.entry.keys.val[0].salt->type = hdb_pw_salt; - hdb.entry.keys.val[0].salt->salt.data = NULL; - hdb.entry.keys.val[0].salt->salt.length = 0; - } else { - hdb.entry.keys.val[0].salt->type = hdb_afs3_salt; - hdb.entry.keys.val[0].salt->salt.data = strdup(afs_cell); - if (hdb.entry.keys.val[0].salt->salt.data == NULL) - krb5_errx(pd->context, ENOMEM, "strdup"); - hdb.entry.keys.val[0].salt->salt.length = strlen(afs_cell); - } - - hdb.entry.keys.val[0].key.keytype = ETYPE_DES_CBC_MD5; - krb5_data_copy(&hdb.entry.keys.val[0].key.keyvalue, - ent->key, - sizeof(ent->key)); - copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[1]); - hdb.entry.keys.val[1].key.keytype = ETYPE_DES_CBC_MD4; - copy_Key(&hdb.entry.keys.val[0], &hdb.entry.keys.val[2]); - hdb.entry.keys.val[2].key.keytype = ETYPE_DES_CBC_CRC; - - ALLOC(hdb.entry.max_life); - *hdb.entry.max_life = ntohl(ent->max_life); - - if(ntohl(ent->valid_end) != NEVERDATE && ntohl(ent->valid_end) != 0xffffffff) { - ALLOC(hdb.entry.valid_end); - *hdb.entry.valid_end = ntohl(ent->valid_end); - } - - if (ntohl(ent->pw_change) != NEVERDATE && - ent->pw_expire != 255 && - ent->pw_expire != 0) { - ALLOC(hdb.entry.pw_end); - *hdb.entry.pw_end = ntohl(ent->pw_change) - + 24 * 60 * 60 * ent->pw_expire; - } - - ret = krb5_make_principal(pd->context, &hdb.entry.created_by.principal, - v4_realm, - "kadmin", - "hprop", - NULL); - hdb.entry.created_by.time = time(NULL); - - if(ent->mod_ptr){ - struct ka_entry mod; - ALLOC(hdb.entry.modified_by); - read_block(pd->context, fd, ntohl(ent->mod_ptr), &mod, sizeof(mod)); - - krb5_425_conv_principal(pd->context, mod.name, mod.instance, v4_realm, - &hdb.entry.modified_by->principal); - hdb.entry.modified_by->time = ntohl(ent->mod_time); - memset(&mod, 0, sizeof(mod)); - } - - hdb.entry.flags.forwardable = 1; - hdb.entry.flags.renewable = 1; - hdb.entry.flags.proxiable = 1; - hdb.entry.flags.postdate = 1; - /* XXX - AFS 3.4a creates krbtgt.REALMOFCELL as NOTGS+NOSEAL */ - if (strcmp(ent->name, "krbtgt") == 0 && - (flags & (KAFNOTGS|KAFNOSEAL)) == (KAFNOTGS|KAFNOSEAL)) - flags &= ~(KAFNOTGS|KAFNOSEAL); - - hdb.entry.flags.client = (flags & KAFNOTGS) == 0; - hdb.entry.flags.server = (flags & KAFNOSEAL) == 0; - - ret = v5_prop(pd->context, NULL, &hdb, pd); - hdb_free_entry(pd->context, &hdb); - return ret; -} - -static int -ka_dump(struct prop_data *pd, const char *file) -{ - struct ka_header header; - int i; - int fd = open(file, O_RDONLY); - - if(fd < 0) - krb5_err(pd->context, 1, errno, "open(%s)", file); - read_block(pd->context, fd, 0, &header, sizeof(header)); - if(header.version1 != header.version2) - krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld", - (long)ntohl(header.version1), (long)ntohl(header.version2)); - if(ntohl(header.version1) != 5) - krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)", - (long)ntohl(header.version1)); - for(i = 0; i < ntohl(header.hashsize); i++){ - int32_t pos = ntohl(header.hash[i]); - while(pos){ - struct ka_entry ent; - read_block(pd->context, fd, pos, &ent, sizeof(ent)); - ka_convert(pd, fd, &ent); - pos = ntohl(ent.next); - } - } - return 0; -} - - - struct getargs args[] = { { "master-key", 'm', arg_string, &mkeyfile, "v5 master key file", "file" }, - { "database", 'd', arg_string, &database, "database", "file" }, - { "source", 0, arg_string, &source_type, "type of database to read", + { "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" }, + { "source", 0, arg_string, &source_type, "type of database to read", "heimdal" "|mit-dump" - "|krb4-dump" - "|kaserver" }, - - { "v4-realm", 'r', arg_string, &v4_realm, "v4 realm to use" }, - { "cell", 'c', arg_string, &afs_cell, "name of AFS cell" }, - { "kaspecials", 'S', arg_flag, &kaspecials_flag, "dump KASPECIAL keys"}, - { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, - { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use" }, - { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys" }, - { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys" }, - { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout" }, - { "verbose", 'v', arg_flag, &verbose_flag }, - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } + + { "keytab", 'k', arg_string, rk_UNCONST(&ktname), + "keytab to use for authentication", "keytab" }, + { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use", NULL }, + { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys", NULL }, + { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys", NULL }, + { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout", NULL }, + { "verbose", 'v', arg_flag, &verbose_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -447,14 +160,14 @@ get_creds(krb5_context context, krb5_ccache *cache) krb5_get_init_creds_opt *init_opts; krb5_preauthtype preauth = KRB5_PADATA_ENC_TIMESTAMP; krb5_creds creds; - + ret = krb5_kt_register(context, &hdb_kt_ops); if(ret) krb5_err(context, 1, ret, "krb5_kt_register"); ret = krb5_kt_resolve(context, ktname, &keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve"); - - ret = krb5_make_principal(context, &client, NULL, + + ret = krb5_make_principal(context, &client, NULL, "kadmin", HPROP_NAME, NULL); if(ret) krb5_err(context, 1, ret, "krb5_make_principal"); @@ -466,12 +179,12 @@ get_creds(krb5_context context, krb5_ccache *cache) if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds"); krb5_get_init_creds_opt_free(context, init_opts); - + ret = krb5_kt_close(context, keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_close"); - - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache); - if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new"); + + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, cache); + if(ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_initialize(context, *cache, client); if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); @@ -486,27 +199,21 @@ get_creds(krb5_context context, krb5_ccache *cache) enum hprop_source { HPROP_HEIMDAL = 1, - HPROP_KRB4_DUMP, - HPROP_KASERVER, HPROP_MIT_DUMP }; -#define IS_TYPE_V4(X) ((X) == HPROP_KRB4_DUMP || (X) == HPROP_KASERVER) - struct { int type; const char *name; } types[] = { { HPROP_HEIMDAL, "heimdal" }, - { HPROP_KRB4_DUMP, "krb4-dump" }, - { HPROP_KASERVER, "kaserver" }, { HPROP_MIT_DUMP, "mit-dump" } }; static int parse_source_type(const char *s) { - int i; + size_t i; for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) { if(strstr(types[i].name, s) == types[i].name) return types[i].type; @@ -524,22 +231,10 @@ iterate (krb5_context context, int ret; switch(type) { - case HPROP_KRB4_DUMP: - ret = v4_prop_dump(pd, database_name); - if(ret) - krb5_warnx(context, "v4_prop_dump: %s", - krb5_get_err_text(context, ret)); - break; - case HPROP_KASERVER: - ret = ka_dump(pd, database_name); - if(ret) - krb5_warn(context, ret, "ka_dump"); - break; case HPROP_MIT_DUMP: ret = mit_prop_dump(pd, database_name); if (ret) - krb5_warnx(context, "mit_prop_dump: %s", - krb5_get_err_text(context, ret)); + krb5_warn(context, ret, "mit_prop_dump"); break; case HPROP_HEIMDAL: ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd); @@ -563,7 +258,7 @@ dump_database (krb5_context context, int type, pd.context = context; pd.auth_context = NULL; pd.sock = STDOUT_FILENO; - + ret = iterate (context, database_name, db, type, &pd); if (ret) krb5_errx(context, 1, "iterate failure"); @@ -577,7 +272,7 @@ dump_database (krb5_context context, int type, static int propagate_database (krb5_context context, int type, - const char *database_name, + const char *database_name, HDB *db, krb5_ccache ccache, int optidx, int argc, char **argv) { @@ -596,8 +291,8 @@ propagate_database (krb5_context context, int type, port = strchr(host, ':'); if(port == NULL) { - snprintf(portstr, sizeof(portstr), "%u", - ntohs(krb5_getportbyname (context, "hprop", "tcp", + snprintf(portstr, sizeof(portstr), "%u", + ntohs(krb5_getportbyname (context, "hprop", "tcp", HPROP_PORT))); port = portstr; } else @@ -622,11 +317,10 @@ propagate_database (krb5_context context, int type, if (local_realm) { krb5_realm my_realm; krb5_get_default_realm(context,&my_realm); - - free (*krb5_princ_realm(context, server)); - krb5_princ_set_realm(context,server,&my_realm); + krb5_principal_set_realm(context,server,my_realm); + krb5_xfree(my_realm); } - + auth_context = NULL; ret = krb5_sendauth(context, &auth_context, @@ -650,7 +344,7 @@ propagate_database (krb5_context context, int type, close(fd); goto next_host; } - + pd.context = context; pd.auth_context = auth_context; pd.sock = fd; @@ -677,7 +371,7 @@ propagate_database (krb5_context context, int type, goto next_host; } else krb5_data_free (&data); - + next_host: krb5_auth_con_free(context, auth_context); close(fd); @@ -705,7 +399,7 @@ main(int argc, char **argv) if(help_flag) usage(0); - + if(version_flag){ print_version(NULL); exit(0); @@ -715,25 +409,16 @@ main(int argc, char **argv) if(ret) exit(1); + /* We may be reading an old database encrypted with a DES master key. */ + ret = krb5_allow_weak_crypto(context, 1); + if(ret) + krb5_err(context, 1, ret, "krb5_allow_weak_crypto"); + if(local_realm) krb5_set_default_realm(context, local_realm); - if(v4_realm == NULL) { - ret = krb5_get_default_realm(context, &v4_realm); - if(ret) - krb5_err(context, 1, ret, "krb5_get_default_realm"); - } - - if(afs_cell == NULL) { - afs_cell = strdup(v4_realm); - if(afs_cell == NULL) - krb5_errx(context, 1, "out of memory"); - strlwr(afs_cell); - } - - if(encrypt_flag && decrypt_flag) - krb5_errx(context, 1, + krb5_errx(context, 1, "only one of `--encrypt' and `--decrypt' is meaningful"); if(source_type != NULL) { @@ -745,7 +430,7 @@ main(int argc, char **argv) if(!to_stdout) get_creds(context, &ccache); - + if(decrypt_flag || encrypt_flag) { ret = hdb_read_master_key(context, mkeyfile, &mkey5); if(ret && ret != ENOENT) @@ -753,26 +438,8 @@ main(int argc, char **argv) if(ret) krb5_errx(context, 1, "No master key file found"); } - - if (IS_TYPE_V4(type) && v4_realm == NULL) - krb5_errx(context, 1, "Its a Kerberos 4 database " - "but no realm configured"); switch(type) { - case HPROP_KASERVER: - if (database == NULL) - database = DEFAULT_DATABASE; - ka_use_null_salt = krb5_config_get_bool_default(context, NULL, FALSE, - "hprop", - "afs_uses_null_salt", - NULL); - - break; - case HPROP_KRB4_DUMP: - if (database == NULL) - krb5_errx(context, 1, "no dump file specified"); - - break; case HPROP_MIT_DUMP: if (database == NULL) krb5_errx(context, 1, "no dump file specified"); @@ -793,12 +460,12 @@ main(int argc, char **argv) if (to_stdout) exit_code = dump_database (context, type, database, db); else - exit_code = propagate_database (context, type, database, + exit_code = propagate_database (context, type, database, db, ccache, optidx, argc, argv); if(ccache != NULL) krb5_cc_destroy(context, ccache); - + if(db != NULL) (*db->hdb_destroy)(context, db); diff --git a/crypto/heimdal/kdc/hprop.h b/crypto/heimdal/kdc/hprop.h index d43d04c2153..59fe8bc1693 100644 --- a/crypto/heimdal/kdc/hprop.h +++ b/crypto/heimdal/kdc/hprop.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: hprop.h 16378 2005-12-12 12:40:12Z lha $ */ +/* $Id$ */ #ifndef __HPROP_H__ #define __HPROP_H__ diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8 index 74a3dad816d..31b44e28a59 100644 --- a/crypto/heimdal/kdc/hpropd.8 +++ b/crypto/heimdal/kdc/hpropd.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: hpropd.8 14381 2004-12-10 09:44:05Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd August 27, 1997 .Dt HPROPD 8 @@ -41,17 +41,17 @@ .Nm .Bk -words .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Ar file +.Fl Fl database= Ns Ar file .Xc .Oc -.Op Fl n | Fl -stdin -.Op Fl -print -.Op Fl i | Fl -no-inetd +.Op Fl n | Fl Fl stdin +.Op Fl Fl print +.Op Fl i | Fl Fl no-inetd .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc -.Op Fl 4 | Fl -v4dump +.Op Fl 4 | Fl Fl v4dump .Ek .Sh DESCRIPTION .Nm @@ -73,34 +73,17 @@ are accepted. .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl Fl database= Ns Ar file database -.It Xo -.Fl n , -.Fl -stdin -.Xc +.It Fl n , Fl Fl stdin read from stdin -.It Xo -.Fl -print -.Xc +.It Fl Fl print print dump to stdout -.It Xo -.Fl i , -.Fl -no-inetd -.Xc +.It Fl i , Fl Fl no-inetd not started from inetd -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab keytab to use for authentication -.It Xo -.Fl 4 , -.Fl -v4dump -.Xc +.It Fl 4 , Fl Fl v4dump create v4 type DB .El .Sh SEE ALSO diff --git a/crypto/heimdal/kdc/hpropd.c b/crypto/heimdal/kdc/hpropd.c index 12a97665721..75b26a15f50 100644 --- a/crypto/heimdal/kdc/hpropd.c +++ b/crypto/heimdal/kdc/hpropd.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hprop.h" -RCSID("$Id: hpropd.c 22245 2007-12-08 23:48:52Z lha $"); - static int inetd_flag = -1; static int help_flag; static int version_flag; @@ -45,18 +43,21 @@ static char *local_realm; static char *ktname = NULL; struct getargs args[] = { - { "database", 'd', arg_string, &database, "database", "file" }, - { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" }, - { "print", 0, arg_flag, &print_dump, "print dump to stdout" }, + { "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" }, + { "stdin", 'n', arg_flag, &from_stdin, "read from stdin", NULL }, + { "print", 0, arg_flag, &print_dump, "print dump to stdout", NULL }, +#ifdef SUPPORT_INETD { "inetd", 'i', arg_negative_flag, &inetd_flag, - "Not started from inetd" }, + "Not started from inetd", NULL }, +#endif { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, - { "realm", 'r', arg_string, &local_realm, "realm to use" }, + { "realm", 'r', arg_string, &local_realm, "realm to use", NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL }, { "help", 'h', arg_flag, &help_flag, NULL, NULL} }; static int num_args = sizeof(args) / sizeof(args[0]); +static char unparseable_name[] = "unparseable name"; static void usage(int ret) @@ -74,8 +75,8 @@ main(int argc, char **argv) krb5_principal c1, c2; krb5_authenticator authent; krb5_keytab keytab; - int fd; - HDB *db; + krb5_socket_t sock = rk_INVALID_SOCKET; + HDB *db = NULL; int optidx = 0; char *tmp_db; krb5_log_facility *fac; @@ -89,22 +90,22 @@ main(int argc, char **argv) ret = krb5_openlog(context, "hpropd", &fac); if(ret) - ; + errx(1, "krb5_openlog"); krb5_set_warn_dest(context, fac); - + if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(local_realm != NULL) krb5_set_default_realm(context, local_realm); - + if(help_flag) usage(0); if(version_flag) { print_version(NULL); exit(0); } - + argc -= optidx; argv += optidx; @@ -114,9 +115,9 @@ main(int argc, char **argv) if (database == NULL) database = hdb_default_db(context); - if(from_stdin) - fd = STDIN_FILENO; - else { + if(from_stdin) { + sock = STDIN_FILENO; + } else { struct sockaddr_storage ss; struct sockaddr *sa = (struct sockaddr *)&ss; socklen_t sin_len = sizeof(ss); @@ -124,19 +125,24 @@ main(int argc, char **argv) krb5_ticket *ticket; char *server; - fd = STDIN_FILENO; + sock = STDIN_FILENO; +#ifdef SUPPORT_INETD if (inetd_flag == -1) { - if (getpeername (fd, sa, &sin_len) < 0) + if (getpeername (sock, sa, &sin_len) < 0) { inetd_flag = 0; - else + } else { inetd_flag = 1; + } } +#else + inetd_flag = 0; +#endif if (!inetd_flag) { mini_inetd (krb5_getportbyname (context, "hprop", "tcp", - HPROP_PORT)); + HPROP_PORT), &sock); } sin_len = sizeof(ss); - if(getpeername(fd, sa, &sin_len) < 0) + if(getpeername(sock, sa, &sin_len) < 0) krb5_err(context, 1, errno, "getpeername"); if (inet_ntop(sa->sa_family, @@ -147,7 +153,7 @@ main(int argc, char **argv) sizeof(addr_name)); krb5_log(context, fac, 0, "Connection from %s", addr_name); - + ret = krb5_kt_register(context, &hdb_kt_ops); if(ret) krb5_err(context, 1, ret, "krb5_kt_register"); @@ -162,11 +168,11 @@ main(int argc, char **argv) krb5_err (context, 1, ret, "krb5_kt_default"); } - ret = krb5_recvauth(context, &ac, &fd, HPROP_VERSION, NULL, + ret = krb5_recvauth(context, &ac, &sock, HPROP_VERSION, NULL, 0, keytab, &ticket); if(ret) krb5_err(context, 1, ret, "krb5_recvauth"); - + ret = krb5_unparse_name(context, ticket->server, &server); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); @@ -179,17 +185,17 @@ main(int argc, char **argv) ret = krb5_auth_con_getauthenticator(context, ac, &authent); if(ret) krb5_err(context, 1, ret, "krb5_auth_con_getauthenticator"); - + ret = krb5_make_principal(context, &c1, NULL, "kadmin", "hprop", NULL); if(ret) krb5_err(context, 1, ret, "krb5_make_principal"); - _krb5_principalname2krb5_principal(context, &c2, + _krb5_principalname2krb5_principal(context, &c2, authent->cname, authent->crealm); if(!krb5_principal_compare(context, c1, c2)) { char *s; ret = krb5_unparse_name(context, c2, &s); if (ret) - s = "unparseable name"; + s = unparseable_name; krb5_errx(context, 1, "Unauthorized connection from %s", s); } krb5_free_principal(context, c1); @@ -199,7 +205,7 @@ main(int argc, char **argv) if(ret) krb5_err(context, 1, ret, "krb5_kt_close"); } - + if(!print_dump) { asprintf(&tmp_db, "%s~", database); @@ -217,11 +223,11 @@ main(int argc, char **argv) hdb_entry_ex entry; if(from_stdin) { - ret = krb5_read_message(context, &fd, &data); + ret = krb5_read_message(context, &sock, &data); if(ret != 0 && ret != HEIM_ERR_EOF) krb5_err(context, 1, ret, "krb5_read_message"); } else { - ret = krb5_read_priv_message(context, ac, &fd, &data); + ret = krb5_read_priv_message(context, ac, &sock, &data); if(ret) krb5_err(context, 1, ret, "krb5_read_priv_message"); } @@ -230,15 +236,15 @@ main(int argc, char **argv) if(!from_stdin) { data.data = NULL; data.length = 0; - krb5_write_priv_message(context, ac, &fd, &data); + krb5_write_priv_message(context, ac, &sock, &data); } if(!print_dump) { - ret = db->hdb_rename(context, db, database); - if(ret) - krb5_err(context, 1, ret, "db_rename"); ret = db->hdb_close(context, db); if(ret) krb5_err(context, 1, ret, "db_close"); + ret = db->hdb_rename(context, db, database); + if(ret) + krb5_err(context, 1, ret, "db_rename"); } break; } @@ -255,10 +261,10 @@ main(int argc, char **argv) char *s; ret = krb5_unparse_name(context, entry.entry.principal, &s); if (ret) - s = strdup("unparseable name"); + s = strdup(unparseable_name); krb5_warnx(context, "Entry exists: %s", s); free(s); - } else if(ret) + } else if(ret) krb5_err(context, 1, ret, "db_store"); else nprincs++; @@ -267,5 +273,9 @@ main(int argc, char **argv) } if (!print_dump) krb5_log(context, fac, 0, "Received %d principals", nprincs); + + if (inetd_flag == 0) + rk_closesocket(sock); + exit(0); } diff --git a/crypto/heimdal/kdc/kadb.h b/crypto/heimdal/kdc/kadb.h deleted file mode 100644 index 4b59abe1cf9..00000000000 --- a/crypto/heimdal/kdc/kadb.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: kadb.h 7997 2000-03-03 12:36:26Z assar $ */ - -#ifndef __kadb_h__ -#define __kadb_h__ - -#define HASHSIZE 8191 - -struct ka_header { - int32_t version1; /* file format version, should - match version2 */ - int32_t size; - int32_t free_ptr; - int32_t eof_ptr; - int32_t kvno_ptr; - int32_t stats[8]; - int32_t admin_accounts; - int32_t special_keys_version; - int32_t hashsize; /* allocated size of hash */ - int32_t hash[HASHSIZE]; - int32_t version2; -}; - -struct ka_entry { - int32_t flags; /* see below */ - int32_t next; /* next in hash list */ - int32_t valid_end; /* expiration date */ - int32_t mod_time; /* time last modified */ - int32_t mod_ptr; /* pointer to modifier */ - int32_t pw_change; /* last pw change */ - int32_t max_life; /* max ticket life */ - int32_t kvno; - int32_t foo2[2]; /* huh? */ - char name[64]; - char instance[64]; - char key[8]; - u_char pw_expire; /* # days before password expires */ - u_char spare; - u_char attempts; - u_char locktime; -}; - -#define KAFNORMAL (1<<0) -#define KAFADMIN (1<<2) /* an administrator */ -#define KAFNOTGS (1<<3) /* ! allow principal to get or use TGT */ -#define KAFNOSEAL (1<<5) /* ! allow principal as server in GetTicket */ -#define KAFNOCPW (1<<6) /* ! allow principal to change its own key */ -#define KAFSPECIAL (1<<8) /* set if special AuthServer principal */ - -#define DEFAULT_DATABASE "/usr/afs/db/kaserver.DB0" - -#endif /* __kadb_h__ */ diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c deleted file mode 100644 index 27f497ea664..00000000000 --- a/crypto/heimdal/kdc/kaserver.c +++ /dev/null @@ -1,951 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kdc_locl.h" - -RCSID("$Id: kaserver.c 21654 2007-07-21 17:30:18Z lha $"); - -#include -#include - -#define KA_AUTHENTICATION_SERVICE 731 -#define KA_TICKET_GRANTING_SERVICE 732 -#define KA_MAINTENANCE_SERVICE 733 - -#define AUTHENTICATE_OLD 1 -#define CHANGEPASSWORD 2 -#define GETTICKET_OLD 3 -#define SETPASSWORD 4 -#define SETFIELDS 5 -#define CREATEUSER 6 -#define DELETEUSER 7 -#define GETENTRY 8 -#define LISTENTRY 9 -#define GETSTATS 10 -#define DEBUG 11 -#define GETPASSWORD 12 -#define GETRANDOMKEY 13 -#define AUTHENTICATE 21 -#define AUTHENTICATE_V2 22 -#define GETTICKET 23 - -/* XXX - Where do we get these? */ - -#define RXGEN_OPCODE (-455) - -#define KADATABASEINCONSISTENT (180480L) -#define KAEXIST (180481L) -#define KAIO (180482L) -#define KACREATEFAIL (180483L) -#define KANOENT (180484L) -#define KAEMPTY (180485L) -#define KABADNAME (180486L) -#define KABADINDEX (180487L) -#define KANOAUTH (180488L) -#define KAANSWERTOOLONG (180489L) -#define KABADREQUEST (180490L) -#define KAOLDINTERFACE (180491L) -#define KABADARGUMENT (180492L) -#define KABADCMD (180493L) -#define KANOKEYS (180494L) -#define KAREADPW (180495L) -#define KABADKEY (180496L) -#define KAUBIKINIT (180497L) -#define KAUBIKCALL (180498L) -#define KABADPROTOCOL (180499L) -#define KANOCELLS (180500L) -#define KANOCELL (180501L) -#define KATOOMANYUBIKS (180502L) -#define KATOOMANYKEYS (180503L) -#define KABADTICKET (180504L) -#define KAUNKNOWNKEY (180505L) -#define KAKEYCACHEINVALID (180506L) -#define KABADSERVER (180507L) -#define KABADUSER (180508L) -#define KABADCPW (180509L) -#define KABADCREATE (180510L) -#define KANOTICKET (180511L) -#define KAASSOCUSER (180512L) -#define KANOTSPECIAL (180513L) -#define KACLOCKSKEW (180514L) -#define KANORECURSE (180515L) -#define KARXFAIL (180516L) -#define KANULLPASSWORD (180517L) -#define KAINTERNALERROR (180518L) -#define KAPWEXPIRED (180519L) -#define KAREUSED (180520L) -#define KATOOSOON (180521L) -#define KALOCKED (180522L) - - -static krb5_error_code -decode_rx_header (krb5_storage *sp, - struct rx_header *h) -{ - krb5_error_code ret; - - ret = krb5_ret_uint32(sp, &h->epoch); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->connid); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->callid); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->seqno); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->serialno); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->type); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->flags); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->status); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->secindex); - if (ret) return ret; - ret = krb5_ret_uint16(sp, &h->reserved); - if (ret) return ret; - ret = krb5_ret_uint16(sp, &h->serviceid); - if (ret) return ret; - - return 0; -} - -static krb5_error_code -encode_rx_header (struct rx_header *h, - krb5_storage *sp) -{ - krb5_error_code ret; - - ret = krb5_store_uint32(sp, h->epoch); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->connid); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->callid); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->seqno); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->serialno); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->type); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->flags); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->status); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->secindex); - if (ret) return ret; - ret = krb5_store_uint16(sp, h->reserved); - if (ret) return ret; - ret = krb5_store_uint16(sp, h->serviceid); - if (ret) return ret; - - return 0; -} - -static void -init_reply_header (struct rx_header *hdr, - struct rx_header *reply_hdr, - u_char type, - u_char flags) -{ - reply_hdr->epoch = hdr->epoch; - reply_hdr->connid = hdr->connid; - reply_hdr->callid = hdr->callid; - reply_hdr->seqno = 1; - reply_hdr->serialno = 1; - reply_hdr->type = type; - reply_hdr->flags = flags; - reply_hdr->status = 0; - reply_hdr->secindex = 0; - reply_hdr->reserved = 0; - reply_hdr->serviceid = hdr->serviceid; -} - -/* - * Create an error `reply´ using for the packet `hdr' with the error - * `error´ code. - */ -static void -make_error_reply (struct rx_header *hdr, - uint32_t error, - krb5_data *reply) - -{ - struct rx_header reply_hdr; - krb5_error_code ret; - krb5_storage *sp; - - init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST); - sp = krb5_storage_emem(); - if (sp == NULL) - return; - ret = encode_rx_header (&reply_hdr, sp); - if (ret) - return; - krb5_store_int32(sp, error); - krb5_storage_to_data (sp, reply); - krb5_storage_free (sp); -} - -static krb5_error_code -krb5_ret_xdr_data(krb5_storage *sp, - krb5_data *data) -{ - int ret; - int size; - ret = krb5_ret_int32(sp, &size); - if(ret) - return ret; - if(size < 0) - return ERANGE; - data->length = size; - if (size) { - u_char foo[4]; - size_t pad = (4 - size % 4) % 4; - - data->data = malloc(size); - if (data->data == NULL) - return ENOMEM; - ret = krb5_storage_read(sp, data->data, size); - if(ret != size) - return (ret < 0)? errno : KRB5_CC_END; - if (pad) { - ret = krb5_storage_read(sp, foo, pad); - if (ret != pad) - return (ret < 0)? errno : KRB5_CC_END; - } - } else - data->data = NULL; - return 0; -} - -static krb5_error_code -krb5_store_xdr_data(krb5_storage *sp, - krb5_data data) -{ - u_char zero[4] = {0, 0, 0, 0}; - int ret; - size_t pad; - - ret = krb5_store_int32(sp, data.length); - if(ret < 0) - return ret; - ret = krb5_storage_write(sp, data.data, data.length); - if(ret != data.length){ - if(ret < 0) - return errno; - return KRB5_CC_END; - } - pad = (4 - data.length % 4) % 4; - if (pad) { - ret = krb5_storage_write(sp, zero, pad); - if (ret != pad) { - if (ret < 0) - return errno; - return KRB5_CC_END; - } - } - return 0; -} - - -static krb5_error_code -create_reply_ticket (krb5_context context, - struct rx_header *hdr, - Key *skey, - char *name, char *instance, char *realm, - struct sockaddr_in *addr, - int life, - int kvno, - int32_t max_seq_len, - const char *sname, const char *sinstance, - uint32_t challenge, - const char *label, - krb5_keyblock *key, - krb5_data *reply) -{ - krb5_error_code ret; - krb5_data ticket; - krb5_keyblock session; - krb5_storage *sp; - krb5_data enc_data; - struct rx_header reply_hdr; - char zero[8]; - size_t pad; - unsigned fyrtiosjuelva; - - /* create the ticket */ - - krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session); - - _krb5_krb_create_ticket(context, - 0, - name, - instance, - realm, - addr->sin_addr.s_addr, - &session, - life, - kdc_time, - sname, - sinstance, - &skey->key, - &ticket); - - /* create the encrypted part of the reply */ - sp = krb5_storage_emem (); - krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva)); - fyrtiosjuelva &= 0xffffffff; - krb5_store_int32 (sp, fyrtiosjuelva); - krb5_store_int32 (sp, challenge); - krb5_storage_write (sp, session.keyvalue.data, 8); - krb5_free_keyblock_contents(context, &session); - krb5_store_int32 (sp, kdc_time); - krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life)); - krb5_store_int32 (sp, kvno); - krb5_store_int32 (sp, ticket.length); - krb5_store_stringz (sp, name); - krb5_store_stringz (sp, instance); -#if 1 /* XXX - Why shouldn't the realm go here? */ - krb5_store_stringz (sp, ""); -#else - krb5_store_stringz (sp, realm); -#endif - krb5_store_stringz (sp, sname); - krb5_store_stringz (sp, sinstance); - krb5_storage_write (sp, ticket.data, ticket.length); - krb5_storage_write (sp, label, strlen(label)); - - /* pad to DES block */ - memset (zero, 0, sizeof(zero)); - pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8; - krb5_storage_write (sp, zero, pad); - - krb5_storage_to_data (sp, &enc_data); - krb5_storage_free (sp); - - if (enc_data.length > max_seq_len) { - krb5_data_free (&enc_data); - make_error_reply (hdr, KAANSWERTOOLONG, reply); - return 0; - } - - /* encrypt it */ - { - DES_key_schedule schedule; - DES_cblock deskey; - - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); - DES_pcbc_encrypt (enc_data.data, - enc_data.data, - enc_data.length, - &schedule, - &deskey, - DES_ENCRYPT); - memset (&schedule, 0, sizeof(schedule)); - memset (&deskey, 0, sizeof(deskey)); - } - - /* create the reply packet */ - init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST); - sp = krb5_storage_emem (); - ret = encode_rx_header (&reply_hdr, sp); - krb5_store_int32 (sp, max_seq_len); - krb5_store_xdr_data (sp, enc_data); - krb5_data_free (&enc_data); - krb5_storage_to_data (sp, reply); - krb5_storage_free (sp); - return 0; -} - -static krb5_error_code -unparse_auth_args (krb5_storage *sp, - char **name, - char **instance, - time_t *start_time, - time_t *end_time, - krb5_data *request, - int32_t *max_seq_len) -{ - krb5_data data; - int32_t tmp; - - krb5_ret_xdr_data (sp, &data); - *name = malloc(data.length + 1); - if (*name == NULL) - return ENOMEM; - memcpy (*name, data.data, data.length); - (*name)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, &data); - *instance = malloc(data.length + 1); - if (*instance == NULL) { - free (*name); - return ENOMEM; - } - memcpy (*instance, data.data, data.length); - (*instance)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_int32 (sp, &tmp); - *start_time = tmp; - krb5_ret_int32 (sp, &tmp); - *end_time = tmp; - krb5_ret_xdr_data (sp, request); - krb5_ret_int32 (sp, max_seq_len); - /* ignore the rest */ - return 0; -} - -static void -do_authenticate (krb5_context context, - krb5_kdc_configuration *config, - struct rx_header *hdr, - krb5_storage *sp, - struct sockaddr_in *addr, - const char *from, - krb5_data *reply) -{ - krb5_error_code ret; - char *name = NULL; - char *instance = NULL; - time_t start_time; - time_t end_time; - krb5_data request; - int32_t max_seq_len; - hdb_entry_ex *client_entry = NULL; - hdb_entry_ex *server_entry = NULL; - Key *ckey = NULL; - Key *skey = NULL; - krb5_storage *reply_sp; - time_t max_life; - uint8_t life; - int32_t chal; - char client_name[256]; - char server_name[256]; - - krb5_data_zero (&request); - - ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time, - &request, &max_seq_len); - if (ret != 0 || request.length < 8) { - make_error_reply (hdr, KABADREQUEST, reply); - goto out; - } - - snprintf (client_name, sizeof(client_name), "%s.%s@%s", - name, instance, config->v4_realm); - snprintf (server_name, sizeof(server_name), "%s.%s@%s", - "krbtgt", config->v4_realm, config->v4_realm); - - kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s", - client_name, from, server_name); - - ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_F_GET_CLIENT, - &client_entry); - if (ret) { - kdc_log(context, config, 0, "Client not found in database: %s: %s", - client_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = _kdc_db_fetch4 (context, config, "krbtgt", - config->v4_realm, config->v4_realm, - HDB_F_GET_KRBTGT, &server_entry); - if (ret) { - kdc_log(context, config, 0, "Server not found in database: %s: %s", - server_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = _kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, - TRUE); - if (ret) { - make_error_reply (hdr, KAPWEXPIRED, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for client"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for server"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - { - DES_cblock key; - DES_key_schedule schedule; - - /* try to decode the `request' */ - memcpy (&key, ckey->key.keyvalue.data, sizeof(key)); - DES_set_key (&key, &schedule); - DES_pcbc_encrypt (request.data, - request.data, - request.length, - &schedule, - &key, - DES_DECRYPT); - memset (&schedule, 0, sizeof(schedule)); - memset (&key, 0, sizeof(key)); - } - - /* check for the magic label */ - if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) { - kdc_log(context, config, 0, "preauth failed for %s", client_name); - make_error_reply (hdr, KABADREQUEST, reply); - goto out; - } - - reply_sp = krb5_storage_from_mem (request.data, 4); - krb5_ret_int32 (reply_sp, &chal); - krb5_storage_free (reply_sp); - - if (abs(chal - kdc_time) > context->max_skew) { - make_error_reply (hdr, KACLOCKSKEW, reply); - goto out; - } - - /* life */ - max_life = end_time - kdc_time; - /* end_time - kdc_time can sometimes be non-positive due to slight - time skew between client and server. Let's make sure it is postive */ - if(max_life < 1) - max_life = 1; - if (client_entry->entry.max_life) - max_life = min(max_life, *client_entry->entry.max_life); - if (server_entry->entry.max_life) - max_life = min(max_life, *server_entry->entry.max_life); - - life = krb_time_to_life(kdc_time, kdc_time + max_life); - - create_reply_ticket (context, - hdr, skey, - name, instance, config->v4_realm, - addr, life, server_entry->entry.kvno, - max_seq_len, - "krbtgt", config->v4_realm, - chal + 1, "tgsT", - &ckey->key, reply); - - out: - if (request.length) { - memset (request.data, 0, request.length); - krb5_data_free (&request); - } - if (name) - free (name); - if (instance) - free (instance); - if (client_entry) - _kdc_free_ent (context, client_entry); - if (server_entry) - _kdc_free_ent (context, server_entry); -} - -static krb5_error_code -unparse_getticket_args (krb5_storage *sp, - int *kvno, - char **auth_domain, - krb5_data *ticket, - char **name, - char **instance, - krb5_data *times, - int32_t *max_seq_len) -{ - krb5_data data; - int32_t tmp; - - krb5_ret_int32 (sp, &tmp); - *kvno = tmp; - - krb5_ret_xdr_data (sp, &data); - *auth_domain = malloc(data.length + 1); - if (*auth_domain == NULL) - return ENOMEM; - memcpy (*auth_domain, data.data, data.length); - (*auth_domain)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, ticket); - - krb5_ret_xdr_data (sp, &data); - *name = malloc(data.length + 1); - if (*name == NULL) { - free (*auth_domain); - return ENOMEM; - } - memcpy (*name, data.data, data.length); - (*name)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, &data); - *instance = malloc(data.length + 1); - if (*instance == NULL) { - free (*auth_domain); - free (*name); - return ENOMEM; - } - memcpy (*instance, data.data, data.length); - (*instance)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, times); - - krb5_ret_int32 (sp, max_seq_len); - /* ignore the rest */ - return 0; -} - -static void -do_getticket (krb5_context context, - krb5_kdc_configuration *config, - struct rx_header *hdr, - krb5_storage *sp, - struct sockaddr_in *addr, - const char *from, - krb5_data *reply) -{ - krb5_error_code ret; - int kvno; - char *auth_domain = NULL; - krb5_data aticket; - char *name = NULL; - char *instance = NULL; - krb5_data times; - int32_t max_seq_len; - hdb_entry_ex *server_entry = NULL; - hdb_entry_ex *client_entry = NULL; - hdb_entry_ex *krbtgt_entry = NULL; - Key *kkey = NULL; - Key *skey = NULL; - DES_cblock key; - DES_key_schedule schedule; - DES_cblock session; - time_t max_life; - int8_t life; - time_t start_time, end_time; - char server_name[256]; - char client_name[256]; - struct _krb5_krb_auth_data ad; - - krb5_data_zero (&aticket); - krb5_data_zero (×); - - memset(&ad, 0, sizeof(ad)); - - unparse_getticket_args (sp, &kvno, &auth_domain, &aticket, - &name, &instance, ×, &max_seq_len); - if (times.length < 8) { - make_error_reply (hdr, KABADREQUEST, reply); - goto out; - - } - - snprintf (server_name, sizeof(server_name), - "%s.%s@%s", name, instance, config->v4_realm); - - ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_F_GET_SERVER, &server_entry); - if (ret) { - kdc_log(context, config, 0, "Server not found in database: %s: %s", - server_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = _kdc_db_fetch4 (context, config, "krbtgt", - config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry); - if (ret) { - kdc_log(context, config, 0, - "Server not found in database: %s.%s@%s: %s", - "krbtgt", config->v4_realm, config->v4_realm, - krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for krbtgt"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for server"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - /* decrypt the incoming ticket */ - memcpy (&key, kkey->key.keyvalue.data, sizeof(key)); - - /* unpack the ticket */ - { - char *sname = NULL; - char *sinstance = NULL; - - ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key, - config->v4_realm, &sname, - &sinstance, &ad); - if (ret) { - kdc_log(context, config, 0, - "kaserver: decomp failed for %s.%s with %d", - sname, sinstance, ret); - make_error_reply (hdr, KABADTICKET, reply); - goto out; - } - - if (strcmp (sname, "krbtgt") != 0 - || strcmp (sinstance, config->v4_realm) != 0) { - kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s", - sname, sinstance, - ad.pname, ad.pinst, ad.prealm); - make_error_reply (hdr, KABADTICKET, reply); - free(sname); - free(sinstance); - goto out; - } - free(sname); - free(sinstance); - - if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) { - kdc_log(context, config, 0, "TGT expired: %s.%s@%s", - ad.pname, ad.pinst, ad.prealm); - make_error_reply (hdr, KABADTICKET, reply); - goto out; - } - } - - snprintf (client_name, sizeof(client_name), - "%s.%s@%s", ad.pname, ad.pinst, ad.prealm); - - kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s", - client_name, from, server_name); - - ret = _kdc_db_fetch4 (context, config, - ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT, - &client_entry); - if(ret && ret != HDB_ERR_NOENTRY) { - kdc_log(context, config, 0, - "Client not found in database: (krb4) %s: %s", - client_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) { - kdc_log(context, config, 0, - "Local client not found in database: (krb4) " - "%s", client_name); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = _kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, - FALSE); - if (ret) { - make_error_reply (hdr, KAPWEXPIRED, reply); - goto out; - } - - /* decrypt the times */ - memcpy(&session, ad.session.keyvalue.data, sizeof(session)); - DES_set_key (&session, &schedule); - DES_ecb_encrypt (times.data, - times.data, - &schedule, - DES_DECRYPT); - memset (&schedule, 0, sizeof(schedule)); - memset (&session, 0, sizeof(session)); - - /* and extract them */ - { - krb5_storage *tsp; - int32_t tmp; - - tsp = krb5_storage_from_mem (times.data, times.length); - krb5_ret_int32 (tsp, &tmp); - start_time = tmp; - krb5_ret_int32 (tsp, &tmp); - end_time = tmp; - krb5_storage_free (tsp); - } - - /* life */ - max_life = end_time - kdc_time; - /* end_time - kdc_time can sometimes be non-positive due to slight - time skew between client and server. Let's make sure it is postive */ - if(max_life < 1) - max_life = 1; - if (krbtgt_entry->entry.max_life) - max_life = min(max_life, *krbtgt_entry->entry.max_life); - if (server_entry->entry.max_life) - max_life = min(max_life, *server_entry->entry.max_life); - /* if this is a cross realm request, the client_entry will likely - be NULL */ - if (client_entry && client_entry->entry.max_life) - max_life = min(max_life, *client_entry->entry.max_life); - - life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life); - - create_reply_ticket (context, - hdr, skey, - ad.pname, ad.pinst, ad.prealm, - addr, life, server_entry->entry.kvno, - max_seq_len, - name, instance, - 0, "gtkt", - &ad.session, reply); - - out: - _krb5_krb_free_auth_data(context, &ad); - if (aticket.length) { - memset (aticket.data, 0, aticket.length); - krb5_data_free (&aticket); - } - if (times.length) { - memset (times.data, 0, times.length); - krb5_data_free (×); - } - if (auth_domain) - free (auth_domain); - if (name) - free (name); - if (instance) - free (instance); - if (krbtgt_entry) - _kdc_free_ent (context, krbtgt_entry); - if (server_entry) - _kdc_free_ent (context, server_entry); -} - -krb5_error_code -_kdc_do_kaserver(krb5_context context, - krb5_kdc_configuration *config, - unsigned char *buf, - size_t len, - krb5_data *reply, - const char *from, - struct sockaddr_in *addr) -{ - krb5_error_code ret = 0; - struct rx_header hdr; - uint32_t op; - krb5_storage *sp; - - if (len < RX_HEADER_SIZE) - return -1; - sp = krb5_storage_from_mem (buf, len); - - ret = decode_rx_header (sp, &hdr); - if (ret) - goto out; - buf += RX_HEADER_SIZE; - len -= RX_HEADER_SIZE; - - switch (hdr.type) { - case HT_DATA : - break; - case HT_ACK : - case HT_BUSY : - case HT_ABORT : - case HT_ACKALL : - case HT_CHAL : - case HT_RESP : - case HT_DEBUG : - default: - /* drop */ - goto out; - } - - - if (hdr.serviceid != KA_AUTHENTICATION_SERVICE - && hdr.serviceid != KA_TICKET_GRANTING_SERVICE) { - ret = -1; - goto out; - } - - ret = krb5_ret_uint32(sp, &op); - if (ret) - goto out; - switch (op) { - case AUTHENTICATE : - case AUTHENTICATE_V2 : - do_authenticate (context, config, &hdr, sp, addr, from, reply); - break; - case GETTICKET : - do_getticket (context, config, &hdr, sp, addr, from, reply); - break; - case AUTHENTICATE_OLD : - case CHANGEPASSWORD : - case GETTICKET_OLD : - case SETPASSWORD : - case SETFIELDS : - case CREATEUSER : - case DELETEUSER : - case GETENTRY : - case LISTENTRY : - case GETSTATS : - case DEBUG : - case GETPASSWORD : - case GETRANDOMKEY : - default : - make_error_reply (&hdr, RXGEN_OPCODE, reply); - break; - } - -out: - krb5_storage_free (sp); - return ret; -} diff --git a/crypto/heimdal/kdc/kdc-private.h b/crypto/heimdal/kdc/kdc-private.h index 030be9ae58b..aef929b2697 100644 --- a/crypto/heimdal/kdc/kdc-private.h +++ b/crypto/heimdal/kdc/kdc-private.h @@ -10,15 +10,16 @@ _kdc_add_KRB5SignedPath ( krb5_kdc_configuration */*config*/, hdb_entry_ex */*krbtgt*/, krb5_enctype /*enctype*/, + krb5_principal /*client*/, krb5_const_principal /*server*/, - KRB5SignedPathPrincipals */*principals*/, + krb5_principals /*principals*/, EncTicketPart */*tkt*/); krb5_error_code _kdc_add_inital_verified_cas ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - pk_client_params */*params*/, + pk_client_params */*cp*/, EncTicketPart */*tkt*/); krb5_error_code @@ -32,6 +33,17 @@ _kdc_as_rep ( struct sockaddr */*from_addr*/, int /*datagram_reply*/); +krb5_error_code +_kdc_check_access ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*client_ex*/, + const char */*client_name*/, + hdb_entry_ex */*server_ex*/, + const char */*server_name*/, + KDC_REQ */*req*/, + krb5_data */*e_data*/); + krb5_boolean _kdc_check_addresses ( krb5_context /*context*/, @@ -39,82 +51,34 @@ _kdc_check_addresses ( HostAddresses */*addresses*/, const struct sockaddr */*from*/); -krb5_error_code -_kdc_check_flags ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - hdb_entry_ex */*client_ex*/, - const char */*client_name*/, - hdb_entry_ex */*server_ex*/, - const char */*server_name*/, - krb5_boolean /*is_as_req*/); - krb5_error_code _kdc_db_fetch ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, krb5_const_principal /*principal*/, unsigned /*flags*/, + krb5uint32 */*kvno_ptr*/, HDB **/*db*/, hdb_entry_ex **/*h*/); -krb5_error_code -_kdc_db_fetch4 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - unsigned /*flags*/, - hdb_entry_ex **/*ent*/); - -krb5_error_code -_kdc_do_524 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const Ticket */*t*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr */*addr*/); - krb5_error_code _kdc_do_digest ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - const DigestREQ */*req*/, + const struct DigestREQ */*req*/, krb5_data */*reply*/, const char */*from*/, struct sockaddr */*addr*/); -krb5_error_code -_kdc_do_kaserver ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - unsigned char */*buf*/, - size_t /*len*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr_in */*addr*/); - krb5_error_code _kdc_do_kx509 ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - const Kx509Request */*req*/, + const struct Kx509Request */*req*/, krb5_data */*reply*/, const char */*from*/, struct sockaddr */*addr*/); -krb5_error_code -_kdc_do_version4 ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - unsigned char */*buf*/, - size_t /*len*/, - krb5_data */*reply*/, - const char */*from*/, - struct sockaddr_in */*addr*/); - krb5_error_code _kdc_encode_reply ( krb5_context /*context*/, @@ -126,28 +90,21 @@ _kdc_encode_reply ( int /*skvno*/, const EncryptionKey */*skey*/, int /*ckvno*/, - const EncryptionKey */*ckey*/, + const EncryptionKey */*reply_key*/, + int /*rk_is_subkey*/, const char **/*e_text*/, krb5_data */*reply*/); -krb5_error_code -_kdc_encode_v4_ticket ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - void */*buf*/, - size_t /*len*/, - const EncTicketPart */*et*/, - const PrincipalName */*service*/, - size_t */*size*/); - krb5_error_code _kdc_find_etype ( krb5_context /*context*/, - const hdb_entry_ex */*princ*/, + krb5_boolean /*use_strongest_session_key*/, + krb5_boolean /*is_preauth*/, + hdb_entry_ex */*princ*/, krb5_enctype */*etypes*/, unsigned /*len*/, - Key **/*ret_key*/, - krb5_enctype */*ret_etype*/); + krb5_enctype */*ret_enctype*/, + Key **/*ret_key*/); const PA_DATA* _kdc_find_padata ( @@ -163,14 +120,6 @@ _kdc_free_ent ( krb5_context /*context*/, hdb_entry_ex */*ent*/); -krb5_error_code -_kdc_get_des_key ( - krb5_context /*context*/, - hdb_entry_ex */*principal*/, - krb5_boolean /*is_server*/, - krb5_boolean /*prefer_afs_key*/, - Key **/*ret_key*/); - krb5_error_code _kdc_get_preferred_key ( krb5_context /*context*/, @@ -180,6 +129,16 @@ _kdc_get_preferred_key ( krb5_enctype */*enctype*/, Key **/*key*/); +krb5_boolean +_kdc_is_anonymous ( + krb5_context /*context*/, + krb5_principal /*principal*/); + +krb5_boolean +_kdc_is_weak_exception ( + krb5_principal /*principal*/, + krb5_enctype /*etype*/); + void _kdc_log_timestamp ( krb5_context /*context*/, @@ -193,11 +152,6 @@ _kdc_log_timestamp ( krb5_error_code _kdc_make_anonymous_principalname (PrincipalName */*pn*/); -int -_kdc_maybe_version4 ( - unsigned char */*buf*/, - int /*len*/); - krb5_error_code _kdc_pac_generate ( krb5_context /*context*/, @@ -208,41 +162,38 @@ krb5_error_code _kdc_pac_verify ( krb5_context /*context*/, const krb5_principal /*client_principal*/, + const krb5_principal /*delegated_proxy_principal*/, hdb_entry_ex */*client*/, hdb_entry_ex */*server*/, - krb5_pac */*pac*/); + hdb_entry_ex */*krbtgt*/, + krb5_pac */*pac*/, + int */*verified*/); krb5_error_code _kdc_pk_check_client ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - const hdb_entry_ex */*client*/, - pk_client_params */*client_params*/, + HDB */*clientdb*/, + hdb_entry_ex */*client*/, + pk_client_params */*cp*/, char **/*subject_name*/); void _kdc_pk_free_client_param ( krb5_context /*context*/, - pk_client_params */*client_params*/); - -krb5_error_code -_kdc_pk_initialize ( - krb5_context /*context*/, - krb5_kdc_configuration */*config*/, - const char */*user_id*/, - const char */*anchors*/, - char **/*pool*/, - char **/*revoke_list*/); + pk_client_params */*cp*/); krb5_error_code _kdc_pk_mk_pa_reply ( krb5_context /*context*/, krb5_kdc_configuration */*config*/, - pk_client_params */*client_params*/, + pk_client_params */*cp*/, const hdb_entry_ex */*client*/, + krb5_enctype /*sessionetype*/, const KDC_REQ */*req*/, const krb5_data */*req_buffer*/, krb5_keyblock **/*reply_key*/, + krb5_keyblock */*sessionkey*/, METHOD_DATA */*md*/); krb5_error_code @@ -251,6 +202,7 @@ _kdc_pk_rd_padata ( krb5_kdc_configuration */*config*/, const KDC_REQ */*req*/, const PA_DATA */*pa*/, + hdb_entry_ex */*client*/, pk_client_params **/*ret_params*/); krb5_error_code @@ -274,13 +226,7 @@ krb5_error_code _kdc_try_kx509_request ( void */*ptr*/, size_t /*len*/, - Kx509Request */*req*/, + struct Kx509Request */*req*/, size_t */*size*/); -krb5_error_code -_kdc_windc_client_access ( - krb5_context /*context*/, - struct hdb_entry_ex */*client*/, - KDC_REQ */*req*/); - #endif /* __kdc_private_h__ */ diff --git a/crypto/heimdal/kdc/kdc-protos.h b/crypto/heimdal/kdc/kdc-protos.h index 15e8c29f4cb..a46993b6790 100644 --- a/crypto/heimdal/kdc/kdc-protos.h +++ b/crypto/heimdal/kdc/kdc-protos.h @@ -8,6 +8,16 @@ extern "C" { #endif +krb5_error_code +kdc_check_flags ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + hdb_entry_ex */*client_ex*/, + const char */*client_name*/, + hdb_entry_ex */*server_ex*/, + const char */*server_name*/, + krb5_boolean /*is_as_req*/); + void kdc_log ( krb5_context /*context*/, @@ -35,6 +45,7 @@ kdc_log_msg_va ( void kdc_openlog ( krb5_context /*context*/, + const char */*service*/, krb5_kdc_configuration */*config*/); krb5_error_code @@ -42,6 +53,20 @@ krb5_kdc_get_config ( krb5_context /*context*/, krb5_kdc_configuration **/*config*/); +krb5_error_code +krb5_kdc_pk_initialize ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/, + const char */*user_id*/, + const char */*anchors*/, + char **/*pool*/, + char **/*revoke_list*/); + +krb5_error_code +krb5_kdc_pkinit_config ( + krb5_context /*context*/, + krb5_kdc_configuration */*config*/); + int krb5_kdc_process_krb5_request ( krb5_context /*context*/, diff --git a/crypto/heimdal/kdc/kdc-replay.c b/crypto/heimdal/kdc/kdc-replay.c index 966831dca3f..b0510f40892 100644 --- a/crypto/heimdal/kdc/kdc-replay.c +++ b/crypto/heimdal/kdc/kdc-replay.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: kdc-replay.c 21945 2007-10-03 21:52:24Z lha $"); - static int version_flag; static int help_flag; @@ -62,13 +60,13 @@ main(int argc, char **argv) int fd, optidx = 0; setprogname(argv[0]); - + if(getarg(args, num_args, argc, argv, &optidx)) usage(1); if(help_flag) usage(0); - + if(version_flag){ print_version(NULL); exit(0); @@ -82,12 +80,29 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_kdc_default_config"); - kdc_openlog(context, config); + kdc_openlog(context, "kdc-replay", config); ret = krb5_kdc_set_dbinfo(context, config); if (ret) krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo"); +#ifdef PKINIT + if (config->enable_pkinit) { + if (config->pkinit_kdc_identity == NULL) + krb5_errx(context, 1, "pkinit enabled but no identity"); + + if (config->pkinit_kdc_anchors == NULL) + krb5_errx(context, 1, "pkinit enabled but no X509 anchors"); + + krb5_kdc_pk_initialize(context, config, + config->pkinit_kdc_identity, + config->pkinit_kdc_anchors, + config->pkinit_kdc_cert_pool, + config->pkinit_kdc_revoke); + + } +#endif /* PKINIT */ + if (argc != 2) errx(1, "argc != 2"); @@ -145,7 +160,7 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_print_address"); - printf("processing request from %s, %lu bytes\n", + printf("processing request from %s, %lu bytes\n", astr, (unsigned long)d.length); r.length = 0; diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 index 331682f1cd6..4a69bda0679 100644 --- a/crypto/heimdal/kdc/kdc.8 +++ b/crypto/heimdal/kdc/kdc.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.\" $Id: kdc.8 18419 2006-10-12 10:05:57Z lha $ +.\" $Id$ .\" .Dd August 24, 2006 .Dt KDC 8 @@ -41,27 +41,27 @@ .Nm .Bk -words .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc -.Op Fl p | Fl -no-require-preauth -.Op Fl -max-request= Ns Ar size -.Op Fl H | Fl -enable-http -.Op Fl -no-524 -.Op Fl -kerberos4 -.Op Fl -kerberos4-cross-realm +.Op Fl p | Fl Fl no-require-preauth +.Op Fl Fl max-request= Ns Ar size +.Op Fl H | Fl Fl enable-http +.Op Fl Fl no-524 +.Op Fl Fl kerberos4 +.Op Fl Fl kerberos4-cross-realm .Oo Fl r Ar string \*(Ba Xo -.Fl -v4-realm= Ns Ar string +.Fl Fl v4-realm= Ns Ar string .Xc .Oc -.Op Fl K | Fl -kaserver +.Op Fl K | Fl Fl kaserver .Oo Fl P Ar portspec \*(Ba Xo -.Fl -ports= Ns Ar portspec +.Fl Fl ports= Ns Ar portspec .Xc .Oc -.Op Fl -detach -.Op Fl -disable-DES -.Op Fl -addresses= Ns Ar list of addresses +.Op Fl Fl detach +.Op Fl Fl disable-des +.Op Fl Fl addresses= Ns Ar list of addresses .Ek .Sh DESCRIPTION .Nm @@ -72,17 +72,11 @@ or from a default compiled-in value. .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file Specifies the location of the config file, the default is .Pa /var/heimdal/kdc.conf . This is the only value that can't be specified in the config file. -.It Xo -.Fl p , -.Fl -no-require-preauth -.Xc +.It Fl p , Fl Fl no-require-preauth Turn off the requirement for pre-autentication in the initial AS-REQ for all principals. The use of pre-authentication makes it more difficult to do offline @@ -95,34 +89,20 @@ pre-athentication. The default is to require pre-authentication. Adding the require-preauth per principal is a more flexible way of handling this. -.It Xo -.Fl -max-request= Ns Ar size -.Xc +.It Fl Fl max-request= Ns Ar size Gives an upper limit on the size of the requests that the kdc is willing to handle. -.It Xo -.Fl H , -.Fl -enable-http -.Xc +.It Fl H , Fl Fl enable-http Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. -.It Xo -.Fl -no-524 -.Xc +.It Fl Fl no-524 don't respond to 524 requests -.It Xo -.Fl -kerberos4 -.Xc +.It Fl Fl kerberos4 respond to Kerberos 4 requests -.It Xo -.Fl -kerberos4-cross-realm -.Xc +.It Fl Fl kerberos4-cross-realm respond to Kerberos 4 requests from foreign realms. This is a known security hole and should not be enabled unless you understand the consequences and are willing to live with them. -.It Xo -.Fl r Ar string , -.Fl -v4-realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl v4-realm= Ns Ar string What realm this server should act as when dealing with version 4 requests. The database can contain any number of realms, but since the version 4 @@ -130,29 +110,23 @@ protocol doesn't contain a realm for the server, it must be explicitly specified. The default is whatever is returned by .Fn krb_get_lrealm . -This option is only availabe if the KDC has been compiled with version +This option is only available if the KDC has been compiled with version 4 support. -.It Xo -.Fl K , -.Fl -kaserver -.Xc +.It Fl K , Fl Fl kaserver Enable kaserver emulation (in case it's compiled in). -.It Xo -.Fl P Ar portspec , -.Fl -ports= Ns Ar portspec -.Xc +.It Fl P Ar portspec , Fl Fl ports= Ns Ar portspec Specifies the set of ports the KDC should listen on. It is given as a white-space separated list of services or port numbers. -.It Fl -addresses= Ns Ar list of addresses +.It Fl Fl addresses= Ns Ar list of addresses The list of addresses to listen for requests on. By default, the kdc will listen on all the locally configured addresses. If only a subset is desired, or the automatic detection fails, this option might be used. -.It Fl -detach +.It Fl Fl detach detach from pty and run as a daemon. -.It Fl -disable-DES +.It Fl Fl disable-des disable add des encryption types, makes the kdc not use them. .El .Pp @@ -163,13 +137,13 @@ and The entity used for logging is .Nm kdc . .Sh CONFIGURATION FILE -The configuration file has the same syntax as +The configuration file has the same syntax as .Xr krb5.conf 5 , -but will be read before +but will be read before .Pa /etc/krb5.conf , so it may override settings found there. Options specific to the KDC only are found in the -.Dq [kdc] +.Dq [kdc] section. All the command-line options can preferably be added in the configuration file. @@ -179,7 +153,7 @@ specified as: .Dl require-preauth = no .Pp (in fact you can specify the option as -.Fl -require-preauth=no ) . +.Fl Fl require-preauth=no ) . .Pp And there are some configuration options which do not have command-line equivalents: @@ -198,11 +172,8 @@ Permit anonymous tickets with no addresses. .It Li max-kdc-datagram-reply-length = Va number Maximum packet size the UDP rely that the KDC will transmit, instead the KDC sends back a reply telling the client to use TCP instead. -.It Li transited-policy = Xo -.Li always-check \*(Ba -.Li allow-per-principal | -.Li always-honour-request -.Xc +.It Li transited-policy = Li always-check \*(Ba \ +Li allow-per-principal | Li always-honour-request This controls how KDC requests with the .Li disable-transited-check flag are handled. It can be one of: @@ -227,7 +198,7 @@ How long before password/principal expiration the KDC should start sending out warning messages. .El .Pp -The configuration file is only read when the +The configuration file is only read when the .Nm is started. If changes made to the configuration file are to take effect, the @@ -252,7 +223,7 @@ addresses, the best option is probably to listen to a wildcarded TCP socket, and make sure your clients use TCP to connect. For instance, this will listen to IPv4 TCP port 88 only: .Bd -literal -offset indent -kdc --addresses=0.0.0.0 --ports="88/tcp" +kdc --addresses=0.0.0.0 --ports="88/tcp" .Ed .Pp There should be a way to specify protocol, port, and address triplets, diff --git a/crypto/heimdal/kdc/kdc.h b/crypto/heimdal/kdc/kdc.h index 6c129f38f52..9d52fd4c2ec 100644 --- a/crypto/heimdal/kdc/kdc.h +++ b/crypto/heimdal/kdc/kdc.h @@ -1,51 +1,52 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * * Copyright (c) 2005 Andrew Bartlett - * - * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* - * $Id: kdc.h 21287 2007-06-25 14:09:03Z lha $ +/* + * $Id$ */ #ifndef __KDC_H__ #define __KDC_H__ +#include #include enum krb5_kdc_trpolicy { TRPOLICY_ALWAYS_CHECK, - TRPOLICY_ALLOW_PER_PRINCIPAL, + TRPOLICY_ALLOW_PER_PRINCIPAL, TRPOLICY_ALWAYS_HONOUR_REQUEST }; @@ -57,26 +58,28 @@ typedef struct krb5_kdc_configuration { int num_db; krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */ - + + krb5_boolean as_use_strongest_session_key; + krb5_boolean preauth_use_strongest_session_key; + krb5_boolean tgs_use_strongest_session_key; + krb5_boolean use_strongest_server_key; + krb5_boolean check_ticket_addresses; krb5_boolean allow_null_ticket_addresses; krb5_boolean allow_anonymous; enum krb5_kdc_trpolicy trpolicy; - char *v4_realm; - krb5_boolean enable_v4; - krb5_boolean enable_v4_cross_realm; - krb5_boolean enable_v4_per_principal; - - krb5_boolean enable_kaserver; - - krb5_boolean enable_524; - krb5_boolean enable_pkinit; krb5_boolean pkinit_princ_in_cert; - char *pkinit_kdc_ocsp_file; + const char *pkinit_kdc_identity; + const char *pkinit_kdc_anchors; + const char *pkinit_kdc_friendly_name; + const char *pkinit_kdc_ocsp_file; + char **pkinit_kdc_cert_pool; + char **pkinit_kdc_revoke; int pkinit_dh_min_bits; int pkinit_require_binding; + int pkinit_allow_proxy_certs; krb5_log_facility *logf; @@ -91,6 +94,20 @@ typedef struct krb5_kdc_configuration { } krb5_kdc_configuration; +struct krb5_kdc_service { + unsigned int flags; +#define KS_KRB5 1 +#define KS_NO_LENGTH 2 + krb5_error_code (*process)(krb5_context context, + krb5_kdc_configuration *config, + krb5_data *req_buffer, + krb5_data *reply, + const char *from, + struct sockaddr *addr, + int datagram_reply, + int *claim); +}; + #include #endif diff --git a/crypto/heimdal/kdc/kdc_locl.h b/crypto/heimdal/kdc/kdc_locl.h index fe0523665a4..36d694dae5f 100644 --- a/crypto/heimdal/kdc/kdc_locl.h +++ b/crypto/heimdal/kdc/kdc_locl.h @@ -1,60 +1,65 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* - * $Id: kdc_locl.h 22247 2007-12-08 23:49:41Z lha $ +/* + * $Id$ */ #ifndef __KDC_LOCL_H__ #define __KDC_LOCL_H__ #include "headers.h" -#include "kdc.h" typedef struct pk_client_params pk_client_params; +struct DigestREQ; +struct Kx509Request; #include extern sig_atomic_t exit_flag; -extern size_t max_request; +extern size_t max_request_udp; +extern size_t max_request_tcp; extern const char *request_log; extern const char *port_str; extern krb5_addresses explicit_addresses; extern int enable_http; +#ifdef SUPPORT_DETACH + #define DETACH_IS_DEFAULT FALSE extern int detach_from_console; +#endif extern const struct units _kdc_digestunits[]; @@ -63,10 +68,17 @@ extern const struct units _kdc_digestunits[]; extern struct timeval _kdc_now; #define kdc_time (_kdc_now.tv_sec) +extern char *runas_string; +extern char *chroot_string; + void loop(krb5_context context, krb5_kdc_configuration *config); krb5_kdc_configuration * configure(krb5_context context, int argc, char **argv); +#ifdef __APPLE__ +void bonjour_announce(krb5_context, krb5_kdc_configuration *); +#endif + #endif /* __KDC_LOCL_H__ */ diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c deleted file mode 100644 index cbba64945b3..00000000000 --- a/crypto/heimdal/kdc/kerberos4.c +++ /dev/null @@ -1,805 +0,0 @@ -/* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kdc_locl.h" - -#include - -RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $"); - -#ifndef swap32 -static uint32_t -swap32(uint32_t x) -{ - return ((x << 24) & 0xff000000) | - ((x << 8) & 0xff0000) | - ((x >> 8) & 0xff00) | - ((x >> 24) & 0xff); -} -#endif /* swap32 */ - -int -_kdc_maybe_version4(unsigned char *buf, int len) -{ - return len > 0 && *buf == 4; -} - -static void -make_err_reply(krb5_context context, krb5_data *reply, - int code, const char *msg) -{ - _krb5_krb_cr_err_reply(context, "", "", "", - kdc_time, code, msg, reply); -} - -struct valid_princ_ctx { - krb5_kdc_configuration *config; - unsigned flags; -}; - -static krb5_boolean -valid_princ(krb5_context context, - void *funcctx, - krb5_principal princ) -{ - struct valid_princ_ctx *ctx = funcctx; - krb5_error_code ret; - char *s; - hdb_entry_ex *ent; - - ret = krb5_unparse_name(context, princ, &s); - if (ret) - return FALSE; - ret = _kdc_db_fetch(context, ctx->config, princ, ctx->flags, NULL, &ent); - if (ret) { - kdc_log(context, ctx->config, 7, "Lookup %s failed: %s", s, - krb5_get_err_text (context, ret)); - free(s); - return FALSE; - } - kdc_log(context, ctx->config, 7, "Lookup %s succeeded", s); - free(s); - _kdc_free_ent(context, ent); - return TRUE; -} - -krb5_error_code -_kdc_db_fetch4(krb5_context context, - krb5_kdc_configuration *config, - const char *name, const char *instance, const char *realm, - unsigned flags, - hdb_entry_ex **ent) -{ - krb5_principal p; - krb5_error_code ret; - struct valid_princ_ctx ctx; - - ctx.config = config; - ctx.flags = flags; - - ret = krb5_425_conv_principal_ext2(context, name, instance, realm, - valid_princ, &ctx, 0, &p); - if(ret) - return ret; - ret = _kdc_db_fetch(context, config, p, flags, NULL, ent); - krb5_free_principal(context, p); - return ret; -} - -#define RCHECK(X, L) if(X){make_err_reply(context, reply, KFAILURE, "Packet too short"); goto L;} - -/* - * Process the v4 request in `buf, len' (received from `addr' - * (with string `from'). - * Return an error code and a reply in `reply'. - */ - -krb5_error_code -_kdc_do_version4(krb5_context context, - krb5_kdc_configuration *config, - unsigned char *buf, - size_t len, - krb5_data *reply, - const char *from, - struct sockaddr_in *addr) -{ - krb5_storage *sp; - krb5_error_code ret; - hdb_entry_ex *client = NULL, *server = NULL; - Key *ckey, *skey; - int8_t pvno; - int8_t msg_type; - int lsb; - char *name = NULL, *inst = NULL, *realm = NULL; - char *sname = NULL, *sinst = NULL; - int32_t req_time; - time_t max_life; - uint8_t life; - char client_name[256]; - char server_name[256]; - - if(!config->enable_v4) { - kdc_log(context, config, 0, - "Rejected version 4 request from %s", from); - make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR, - "Function not enabled"); - return 0; - } - - sp = krb5_storage_from_mem(buf, len); - RCHECK(krb5_ret_int8(sp, &pvno), out); - if(pvno != 4){ - kdc_log(context, config, 0, - "Protocol version mismatch (krb4) (%d)", pvno); - make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch"); - goto out; - } - RCHECK(krb5_ret_int8(sp, &msg_type), out); - lsb = msg_type & 1; - msg_type &= ~1; - switch(msg_type){ - case AUTH_MSG_KDC_REQUEST: { - krb5_data ticket, cipher; - krb5_keyblock session; - - krb5_data_zero(&ticket); - krb5_data_zero(&cipher); - - RCHECK(krb5_ret_stringz(sp, &name), out1); - RCHECK(krb5_ret_stringz(sp, &inst), out1); - RCHECK(krb5_ret_stringz(sp, &realm), out1); - RCHECK(krb5_ret_int32(sp, &req_time), out1); - if(lsb) - req_time = swap32(req_time); - RCHECK(krb5_ret_uint8(sp, &life), out1); - RCHECK(krb5_ret_stringz(sp, &sname), out1); - RCHECK(krb5_ret_stringz(sp, &sinst), out1); - snprintf (client_name, sizeof(client_name), - "%s.%s@%s", name, inst, realm); - snprintf (server_name, sizeof(server_name), - "%s.%s@%s", sname, sinst, config->v4_realm); - - kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s", - client_name, from, server_name); - - ret = _kdc_db_fetch4(context, config, name, inst, realm, - HDB_F_GET_CLIENT, &client); - if(ret) { - kdc_log(context, config, 0, "Client not found in database: %s: %s", - client_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, - "principal unknown"); - goto out1; - } - ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, - HDB_F_GET_SERVER, &server); - if(ret){ - kdc_log(context, config, 0, "Server not found in database: %s: %s", - server_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, - "principal unknown"); - goto out1; - } - - ret = _kdc_check_flags (context, config, - client, client_name, - server, server_name, - TRUE); - if (ret) { - /* good error code? */ - make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP, - "operation not allowed"); - goto out1; - } - - if (config->enable_v4_per_principal && - client->entry.flags.allow_kerberos4 == 0) - { - kdc_log(context, config, 0, - "Per principal Kerberos 4 flag not turned on for %s", - client_name); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "allow kerberos4 flag required"); - goto out1; - } - - /* - * There's no way to do pre-authentication in v4 and thus no - * good error code to return if preauthentication is required. - */ - - if (config->require_preauth - || client->entry.flags.require_preauth - || server->entry.flags.require_preauth) { - kdc_log(context, config, 0, - "Pre-authentication required for v4-request: " - "%s for %s", - client_name, server_name); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "preauth required"); - goto out1; - } - - ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for client"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "no suitable DES key for client"); - goto out1; - } - -#if 0 - /* this is not necessary with the new code in libkrb */ - /* find a properly salted key */ - while(ckey->salt == NULL || ckey->salt->salt.length != 0) - ret = hdb_next_keytype2key(context, &client->entry, KEYTYPE_DES, &ckey); - if(ret){ - kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", - name, inst, realm); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "No version-4 salted key in database"); - goto out1; - } -#endif - - ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for server"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "no suitable DES key for server"); - goto out1; - } - - max_life = _krb5_krb_life_to_time(0, life); - if(client->entry.max_life) - max_life = min(max_life, *client->entry.max_life); - if(server->entry.max_life) - max_life = min(max_life, *server->entry.max_life); - - life = krb_time_to_life(kdc_time, kdc_time + max_life); - - ret = krb5_generate_random_keyblock(context, - ETYPE_DES_PCBC_NONE, - &session); - if (ret) { - make_err_reply(context, reply, KFAILURE, - "Not enough random i KDC"); - goto out1; - } - - ret = _krb5_krb_create_ticket(context, - 0, - name, - inst, - config->v4_realm, - addr->sin_addr.s_addr, - &session, - life, - kdc_time, - sname, - sinst, - &skey->key, - &ticket); - if (ret) { - krb5_free_keyblock_contents(context, &session); - make_err_reply(context, reply, KFAILURE, - "failed to create v4 ticket"); - goto out1; - } - - ret = _krb5_krb_create_ciph(context, - &session, - sname, - sinst, - config->v4_realm, - life, - server->entry.kvno % 255, - &ticket, - kdc_time, - &ckey->key, - &cipher); - krb5_free_keyblock_contents(context, &session); - krb5_data_free(&ticket); - if (ret) { - make_err_reply(context, reply, KFAILURE, - "Failed to create v4 cipher"); - goto out1; - } - - ret = _krb5_krb_create_auth_reply(context, - name, - inst, - realm, - req_time, - 0, - client->entry.pw_end ? *client->entry.pw_end : 0, - client->entry.kvno % 256, - &cipher, - reply); - krb5_data_free(&cipher); - - out1: - break; - } - case AUTH_MSG_APPL_REQUEST: { - struct _krb5_krb_auth_data ad; - int8_t kvno; - int8_t ticket_len; - int8_t req_len; - krb5_data auth; - int32_t address; - size_t pos; - krb5_principal tgt_princ = NULL; - hdb_entry_ex *tgt = NULL; - Key *tkey; - time_t max_end, actual_end, issue_time; - - memset(&ad, 0, sizeof(ad)); - krb5_data_zero(&auth); - - RCHECK(krb5_ret_int8(sp, &kvno), out2); - RCHECK(krb5_ret_stringz(sp, &realm), out2); - - ret = krb5_425_conv_principal(context, "krbtgt", realm, - config->v4_realm, - &tgt_princ); - if(ret){ - kdc_log(context, config, 0, - "Converting krbtgt principal (krb4): %s", - krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KFAILURE, - "Failed to convert v4 principal (krbtgt)"); - goto out2; - } - - ret = _kdc_db_fetch(context, config, tgt_princ, - HDB_F_GET_KRBTGT, NULL, &tgt); - if(ret){ - char *s; - s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not " - "found in database (krb4): krbtgt.%s@%s: %s", - realm, config->v4_realm, - krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KFAILURE, s); - free(s); - goto out2; - } - - if(tgt->entry.kvno % 256 != kvno){ - kdc_log(context, config, 0, - "tgs-req (krb4) with old kvno %d (current %d) for " - "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, - realm, config->v4_realm); - make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP, - "old krbtgt kvno used"); - goto out2; - } - - ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey); - if(ret){ - kdc_log(context, config, 0, - "no suitable DES key for krbtgt (krb4)"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "no suitable DES key for krbtgt"); - goto out2; - } - - RCHECK(krb5_ret_int8(sp, &ticket_len), out2); - RCHECK(krb5_ret_int8(sp, &req_len), out2); - - pos = krb5_storage_seek(sp, ticket_len + req_len, SEEK_CUR); - - auth.data = buf; - auth.length = pos; - - if (config->check_ticket_addresses) - address = addr->sin_addr.s_addr; - else - address = 0; - - ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm, - config->v4_realm, - address, &tkey->key, &ad); - if(ret){ - kdc_log(context, config, 0, "krb_rd_req: %d", ret); - make_err_reply(context, reply, ret, "failed to parse request"); - goto out2; - } - - RCHECK(krb5_ret_int32(sp, &req_time), out2); - if(lsb) - req_time = swap32(req_time); - RCHECK(krb5_ret_uint8(sp, &life), out2); - RCHECK(krb5_ret_stringz(sp, &sname), out2); - RCHECK(krb5_ret_stringz(sp, &sinst), out2); - snprintf (server_name, sizeof(server_name), - "%s.%s@%s", - sname, sinst, config->v4_realm); - snprintf (client_name, sizeof(client_name), - "%s.%s@%s", - ad.pname, ad.pinst, ad.prealm); - - kdc_log(context, config, 0, "TGS-REQ (krb4) %s from %s for %s", - client_name, from, server_name); - - if(strcmp(ad.prealm, realm)){ - kdc_log(context, config, 0, - "Can't hop realms (krb4) %s -> %s", realm, ad.prealm); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, - "Can't hop realms"); - goto out2; - } - - if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) { - kdc_log(context, config, 0, - "krb4 Cross-realm %s -> %s disabled", - realm, config->v4_realm); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, - "Can't hop realms"); - goto out2; - } - - if(strcmp(sname, "changepw") == 0){ - kdc_log(context, config, 0, - "Bad request for changepw ticket (krb4)"); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, - "Can't authorize password change based on TGT"); - goto out2; - } - - ret = _kdc_db_fetch4(context, config, ad.pname, ad.pinst, ad.prealm, - HDB_F_GET_CLIENT, &client); - if(ret && ret != HDB_ERR_NOENTRY) { - char *s; - s = kdc_log_msg(context, config, 0, - "Client not found in database: (krb4) %s: %s", - client_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s); - free(s); - goto out2; - } - if (client == NULL && strcmp(ad.prealm, config->v4_realm) == 0) { - char *s; - s = kdc_log_msg(context, config, 0, - "Local client not found in database: (krb4) " - "%s", client_name); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s); - free(s); - goto out2; - } - - ret = _kdc_db_fetch4(context, config, sname, sinst, config->v4_realm, - HDB_F_GET_SERVER, &server); - if(ret){ - char *s; - s = kdc_log_msg(context, config, 0, - "Server not found in database (krb4): %s: %s", - server_name, krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s); - free(s); - goto out2; - } - - ret = _kdc_check_flags (context, config, - client, client_name, - server, server_name, - FALSE); - if (ret) { - make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP, - "operation not allowed"); - goto out2; - } - - ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); - if(ret){ - kdc_log(context, config, 0, - "no suitable DES key for server (krb4)"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, - "no suitable DES key for server"); - goto out2; - } - - max_end = _krb5_krb_life_to_time(ad.time_sec, ad.life); - max_end = min(max_end, _krb5_krb_life_to_time(kdc_time, life)); - if(server->entry.max_life) - max_end = min(max_end, kdc_time + *server->entry.max_life); - if(client && client->entry.max_life) - max_end = min(max_end, kdc_time + *client->entry.max_life); - life = min(life, krb_time_to_life(kdc_time, max_end)); - - issue_time = kdc_time; - actual_end = _krb5_krb_life_to_time(issue_time, life); - while (actual_end > max_end && life > 1) { - /* move them into the next earlier lifetime bracket */ - life--; - actual_end = _krb5_krb_life_to_time(issue_time, life); - } - if (actual_end > max_end) { - /* if life <= 1 and it's still too long, backdate the ticket */ - issue_time -= actual_end - max_end; - } - - { - krb5_data ticket, cipher; - krb5_keyblock session; - - krb5_data_zero(&ticket); - krb5_data_zero(&cipher); - - ret = krb5_generate_random_keyblock(context, - ETYPE_DES_PCBC_NONE, - &session); - if (ret) { - make_err_reply(context, reply, KFAILURE, - "Not enough random i KDC"); - goto out2; - } - - ret = _krb5_krb_create_ticket(context, - 0, - ad.pname, - ad.pinst, - ad.prealm, - addr->sin_addr.s_addr, - &session, - life, - issue_time, - sname, - sinst, - &skey->key, - &ticket); - if (ret) { - krb5_free_keyblock_contents(context, &session); - make_err_reply(context, reply, KFAILURE, - "failed to create v4 ticket"); - goto out2; - } - - ret = _krb5_krb_create_ciph(context, - &session, - sname, - sinst, - config->v4_realm, - life, - server->entry.kvno % 255, - &ticket, - issue_time, - &ad.session, - &cipher); - krb5_free_keyblock_contents(context, &session); - if (ret) { - make_err_reply(context, reply, KFAILURE, - "failed to create v4 cipher"); - goto out2; - } - - ret = _krb5_krb_create_auth_reply(context, - ad.pname, - ad.pinst, - ad.prealm, - req_time, - 0, - 0, - 0, - &cipher, - reply); - krb5_data_free(&cipher); - } - out2: - _krb5_krb_free_auth_data(context, &ad); - if(tgt_princ) - krb5_free_principal(context, tgt_princ); - if(tgt) - _kdc_free_ent(context, tgt); - break; - } - case AUTH_MSG_ERR_REPLY: - break; - default: - kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", - msg_type, from); - - make_err_reply(context, reply, KFAILURE, "Unknown message type"); - } - out: - if(name) - free(name); - if(inst) - free(inst); - if(realm) - free(realm); - if(sname) - free(sname); - if(sinst) - free(sinst); - if(client) - _kdc_free_ent(context, client); - if(server) - _kdc_free_ent(context, server); - krb5_storage_free(sp); - return 0; -} - -krb5_error_code -_kdc_encode_v4_ticket(krb5_context context, - krb5_kdc_configuration *config, - void *buf, size_t len, const EncTicketPart *et, - const PrincipalName *service, size_t *size) -{ - krb5_storage *sp; - krb5_error_code ret; - char name[40], inst[40], realm[40]; - char sname[40], sinst[40]; - - { - krb5_principal princ; - _krb5_principalname2krb5_principal(context, - &princ, - *service, - et->crealm); - ret = krb5_524_conv_principal(context, - princ, - sname, - sinst, - realm); - krb5_free_principal(context, princ); - if(ret) - return ret; - - _krb5_principalname2krb5_principal(context, - &princ, - et->cname, - et->crealm); - - ret = krb5_524_conv_principal(context, - princ, - name, - inst, - realm); - krb5_free_principal(context, princ); - } - if(ret) - return ret; - - sp = krb5_storage_emem(); - - krb5_store_int8(sp, 0); /* flags */ - krb5_store_stringz(sp, name); - krb5_store_stringz(sp, inst); - krb5_store_stringz(sp, realm); - { - unsigned char tmp[4] = { 0, 0, 0, 0 }; - int i; - if(et->caddr){ - for(i = 0; i < et->caddr->len; i++) - if(et->caddr->val[i].addr_type == AF_INET && - et->caddr->val[i].address.length == 4){ - memcpy(tmp, et->caddr->val[i].address.data, 4); - break; - } - } - krb5_storage_write(sp, tmp, sizeof(tmp)); - } - - if((et->key.keytype != ETYPE_DES_CBC_MD5 && - et->key.keytype != ETYPE_DES_CBC_MD4 && - et->key.keytype != ETYPE_DES_CBC_CRC) || - et->key.keyvalue.length != 8) - return -1; - krb5_storage_write(sp, et->key.keyvalue.data, 8); - - { - time_t start = et->starttime ? *et->starttime : et->authtime; - krb5_store_int8(sp, krb_time_to_life(start, et->endtime)); - krb5_store_int32(sp, start); - } - - krb5_store_stringz(sp, sname); - krb5_store_stringz(sp, sinst); - - { - krb5_data data; - krb5_storage_to_data(sp, &data); - krb5_storage_free(sp); - *size = (data.length + 7) & ~7; /* pad to 8 bytes */ - if(*size > len) - return -1; - memset((unsigned char*)buf - *size + 1, 0, *size); - memcpy((unsigned char*)buf - *size + 1, data.data, data.length); - krb5_data_free(&data); - } - return 0; -} - -krb5_error_code -_kdc_get_des_key(krb5_context context, - hdb_entry_ex *principal, krb5_boolean is_server, - krb5_boolean prefer_afs_key, Key **ret_key) -{ - Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; - int i; - krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC }; - - for(i = 0; - i < sizeof(etypes)/sizeof(etypes[0]) - && (v5_key == NULL || v4_key == NULL || - afs_key == NULL || server_key == NULL); - ++i) { - Key *key = NULL; - while(hdb_next_enctype2key(context, &principal->entry, etypes[i], &key) == 0) { - if(key->salt == NULL) { - if(v5_key == NULL) - v5_key = key; - } else if(key->salt->type == hdb_pw_salt && - key->salt->salt.length == 0) { - if(v4_key == NULL) - v4_key = key; - } else if(key->salt->type == hdb_afs3_salt) { - if(afs_key == NULL) - afs_key = key; - } else if(server_key == NULL) - server_key = key; - } - } - - if(prefer_afs_key) { - if(afs_key) - *ret_key = afs_key; - else if(v4_key) - *ret_key = v4_key; - else if(v5_key) - *ret_key = v5_key; - else if(is_server && server_key) - *ret_key = server_key; - else - return KRB4ET_KDC_NULL_KEY; - } else { - if(v4_key) - *ret_key = v4_key; - else if(afs_key) - *ret_key = afs_key; - else if(v5_key) - *ret_key = v5_key; - else if(is_server && server_key) - *ret_key = server_key; - else - return KRB4ET_KDC_NULL_KEY; - } - - if((*ret_key)->key.keyvalue.length == 0) - return KRB4ET_KDC_NULL_KEY; - return 0; -} - diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c index 9582cd85ec3..c13abb7ce0b 100644 --- a/crypto/heimdal/kdc/kerberos5.c +++ b/crypto/heimdal/kdc/kerberos5.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c 22071 2007-11-14 20:04:50Z lha $"); - #define MAX_TIME ((time_t)((1U << 31) - 1)) void @@ -60,13 +58,13 @@ realloc_method_data(METHOD_DATA *md) } static void -set_salt_padata (METHOD_DATA *md, Salt *salt) +set_salt_padata(METHOD_DATA *md, Salt *salt) { if (salt) { - realloc_method_data(md); - md->val[md->len - 1].padata_type = salt->type; - der_copy_octet_string(&salt->salt, - &md->val[md->len - 1].padata_value); + realloc_method_data(md); + md->val[md->len - 1].padata_type = salt->type; + der_copy_octet_string(&salt->salt, + &md->val[md->len - 1].padata_value); } } @@ -76,14 +74,32 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type) if (req->padata == NULL) return NULL; - while(*start < req->padata->len){ + while((size_t)*start < req->padata->len){ (*start)++; - if(req->padata->val[*start - 1].padata_type == type) + if(req->padata->val[*start - 1].padata_type == (unsigned)type) return &req->padata->val[*start - 1]; } return NULL; } +/* + * This is a hack to allow predefined weak services, like afs to + * still use weak types + */ + +krb5_boolean +_kdc_is_weak_exception(krb5_principal principal, krb5_enctype etype) +{ + if (principal->name.name_string.len > 0 && + strcmp(principal->name.name_string.val[0], "afs") == 0 && + (etype == ETYPE_DES_CBC_CRC + || etype == ETYPE_DES_CBC_MD4 + || etype == ETYPE_DES_CBC_MD5)) + return TRUE; + return FALSE; +} + + /* * Detect if `key' is the using the the precomputed `default_salt'. */ @@ -107,36 +123,103 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key) */ krb5_error_code -_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, - krb5_enctype *etypes, unsigned len, - Key **ret_key, krb5_enctype *ret_etype) +_kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key, + krb5_boolean is_preauth, hdb_entry_ex *princ, + krb5_enctype *etypes, unsigned len, + krb5_enctype *ret_enctype, Key **ret_key) { - int i; - krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; + krb5_error_code ret; krb5_salt def_salt; + krb5_enctype enctype = ETYPE_NULL; + Key *key; + int i; - krb5_get_pw_salt (context, princ->entry.principal, &def_salt); + /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */ + ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt); + if (ret) + return ret; - for(i = 0; ret != 0 && i < len ; i++) { - Key *key = NULL; + ret = KRB5KDC_ERR_ETYPE_NOSUPP; - if (krb5_enctype_valid(context, etypes[i]) != 0) - continue; + if (use_strongest_session_key) { + const krb5_enctype *p; + krb5_enctype clientbest = ETYPE_NULL; + int j; - while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) { - if (key->key.keyvalue.length == 0) { - ret = KRB5KDC_ERR_NULL_KEY; + /* + * Pick the strongest key that the KDC, target service, and + * client all support, using the local cryptosystem enctype + * list in strongest-to-weakest order to drive the search. + * + * This is not what RFC4120 says to do, but it encourages + * adoption of stronger enctypes. This doesn't play well with + * clients that have multiple Kerberos client implementations + * available with different supported enctype lists. + */ + + /* drive the search with local supported enctypes list */ + p = krb5_kerberos_enctypes(context); + for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) { + if (krb5_enctype_valid(context, p[i]) != 0) continue; + + /* check that the client supports it too */ + for (j = 0; j < len && enctype == ETYPE_NULL; j++) { + if (p[i] != etypes[j]) + continue; + /* save best of union of { client, crypto system } */ + if (clientbest == ETYPE_NULL) + clientbest = p[i]; + /* check target princ support */ + ret = hdb_enctype2key(context, &princ->entry, p[i], &key); + if (ret) + continue; + if (is_preauth && !is_default_salt_p(&def_salt, key)) + continue; + enctype = p[i]; } - *ret_key = key; - *ret_etype = etypes[i]; - ret = 0; - if (is_default_salt_p(&def_salt, key)) { - krb5_free_salt (context, def_salt); - return ret; + } + if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL) + enctype = clientbest; + else if (enctype == ETYPE_NULL) + ret = KRB5KDC_ERR_ETYPE_NOSUPP; + if (ret == 0 && ret_enctype != NULL) + *ret_enctype = enctype; + if (ret == 0 && ret_key != NULL) + *ret_key = key; + } else { + /* + * Pick the first key from the client's enctype list that is + * supported by the cryptosystem and by the given principal. + * + * RFC4120 says we SHOULD pick the first _strong_ key from the + * client's list... not the first key... If the admin disallows + * weak enctypes in krb5.conf and selects this key selection + * algorithm, then we get exactly what RFC4120 says. + */ + for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) { + + if (krb5_enctype_valid(context, etypes[i]) != 0 && + !_kdc_is_weak_exception(princ->entry.principal, etypes[i])) + continue; + + while (hdb_next_enctype2key(context, &princ->entry, etypes[i], &key) == 0) { + if (key->key.keyvalue.length == 0) { + ret = KRB5KDC_ERR_NULL_KEY; + continue; + } + if (ret_key != NULL) + *ret_key = key; + if (ret_enctype != NULL) + *ret_enctype = etypes[i]; + ret = 0; + if (is_preauth && is_default_salt_p(&def_salt, key)) + goto out; } } } + +out: krb5_free_salt (context, def_salt); return ret; } @@ -159,44 +242,44 @@ _kdc_make_anonymous_principalname (PrincipalName *pn) } void -_kdc_log_timestamp(krb5_context context, +_kdc_log_timestamp(krb5_context context, krb5_kdc_configuration *config, const char *type, - KerberosTime authtime, KerberosTime *starttime, + KerberosTime authtime, KerberosTime *starttime, KerberosTime endtime, KerberosTime *renew_till) { - char authtime_str[100], starttime_str[100], + char authtime_str[100], starttime_str[100], endtime_str[100], renewtime_str[100]; - - krb5_format_time(context, authtime, - authtime_str, sizeof(authtime_str), TRUE); + + krb5_format_time(context, authtime, + authtime_str, sizeof(authtime_str), TRUE); if (starttime) - krb5_format_time(context, *starttime, - starttime_str, sizeof(starttime_str), TRUE); + krb5_format_time(context, *starttime, + starttime_str, sizeof(starttime_str), TRUE); else strlcpy(starttime_str, "unset", sizeof(starttime_str)); - krb5_format_time(context, endtime, - endtime_str, sizeof(endtime_str), TRUE); + krb5_format_time(context, endtime, + endtime_str, sizeof(endtime_str), TRUE); if (renew_till) - krb5_format_time(context, *renew_till, - renewtime_str, sizeof(renewtime_str), TRUE); + krb5_format_time(context, *renew_till, + renewtime_str, sizeof(renewtime_str), TRUE); else strlcpy(renewtime_str, "unset", sizeof(renewtime_str)); - + kdc_log(context, config, 5, "%s authtime: %s starttime: %s endtime: %s renew till: %s", type, authtime_str, starttime_str, endtime_str, renewtime_str); } static void -log_patypes(krb5_context context, +log_patypes(krb5_context context, krb5_kdc_configuration *config, METHOD_DATA *padata) { struct rk_strpool *p = NULL; char *str; - int i; - + size_t i; + for (i = 0; i < padata->len; i++) { switch(padata->val[i].padata_type) { case KRB5_PADATA_PK_AS_REQ: @@ -224,7 +307,7 @@ log_patypes(krb5_context context, } if (p == NULL) p = rk_strpoolprintf(p, "none"); - + str = rk_strpoolcollect(p); kdc_log(context, config, 0, "Client sent patypes: %s", str); free(str); @@ -238,23 +321,25 @@ log_patypes(krb5_context context, krb5_error_code _kdc_encode_reply(krb5_context context, krb5_kdc_configuration *config, - KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek, - krb5_enctype etype, + KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek, + krb5_enctype etype, int skvno, const EncryptionKey *skey, - int ckvno, const EncryptionKey *ckey, + int ckvno, const EncryptionKey *reply_key, + int rk_is_subkey, const char **e_text, krb5_data *reply) { unsigned char *buf; size_t buf_size; - size_t len; + size_t len = 0; krb5_error_code ret; krb5_crypto crypto; ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret); if(ret) { - kdc_log(context, config, 0, "Failed to encode ticket: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to encode ticket: %s", msg); + krb5_free_error_message(context, msg); return ret; } if(buf_size != len) { @@ -266,13 +351,15 @@ _kdc_encode_reply(krb5_context context, ret = krb5_crypto_init(context, skey, etype, &crypto); if (ret) { + const char *msg; free(buf); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); + msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); + krb5_free_error_message(context, msg); return ret; } - ret = krb5_encrypt_EncryptedData(context, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_TICKET, buf, @@ -282,18 +369,20 @@ _kdc_encode_reply(krb5_context context, free(buf); krb5_crypto_destroy(context, crypto); if(ret) { - kdc_log(context, config, 0, "Failed to encrypt data: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to encrypt data: %s", msg); + krb5_free_error_message(context, msg); return ret; } - + if(rep->msg_type == krb_as_rep && !config->encode_as_rep_as_tgs_rep) ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret); else ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret); if(ret) { - kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg); + krb5_free_error_message(context, msg); return ret; } if(buf_size != len) { @@ -302,11 +391,12 @@ _kdc_encode_reply(krb5_context context, *e_text = "KDC internal error"; return KRB5KRB_ERR_GENERIC; } - ret = krb5_crypto_init(context, ckey, 0, &crypto); + ret = krb5_crypto_init(context, reply_key, 0, &crypto); if (ret) { + const char *msg = krb5_get_error_message(context, ret); free(buf); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); + krb5_free_error_message(context, msg); return ret; } if(rep->msg_type == krb_as_rep) { @@ -322,7 +412,7 @@ _kdc_encode_reply(krb5_context context, } else { krb5_encrypt_EncryptedData(context, crypto, - KRB5_KU_TGS_REP_ENC_PART_SESSION, + rk_is_subkey ? KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : KRB5_KU_TGS_REP_ENC_PART_SESSION, buf, len, ckvno, @@ -332,8 +422,9 @@ _kdc_encode_reply(krb5_context context, } krb5_crypto_destroy(context, crypto); if(ret) { - kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to encode KDC-REP: %s", msg); + krb5_free_error_message(context, msg); return ret; } if(buf_size != len) { @@ -362,7 +453,7 @@ older_enctype(krb5_enctype enctype) case ETYPE_DES3_CBC_SHA1: case ETYPE_ARCFOUR_HMAC_MD5: case ETYPE_ARCFOUR_HMAC_MD5_56: - /* + /* * The following three is "old" windows enctypes and is needed for * windows 2000 hosts. */ @@ -375,18 +466,6 @@ older_enctype(krb5_enctype enctype) } } -static int -only_older_enctype_p(const KDC_REQ *req) -{ - int i; - - for(i = 0; i < req->req_body.etype.len; i++) { - if (!older_enctype(req->req_body.etype.val[i])) - return 0; - } - return 1; -} - /* * */ @@ -404,7 +483,7 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) else if(key->salt->type == hdb_afs3_salt) *ent->salttype = 2; else { - kdc_log(context, config, 0, "unknown salt-type: %d", + kdc_log(context, config, 0, "unknown salt-type: %d", key->salt->type); return KRB5KRB_ERR_GENERIC; } @@ -417,7 +496,7 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) ALLOC(ent->salttype); *ent->salttype = key->salt->type; #else - /* + /* * We shouldn't sent salttype since it is incompatible with the * specification and it breaks windows clients. The afs * salting problem is solved by using KRB5-PADATA-AFS3-SALT @@ -440,74 +519,25 @@ make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) } static krb5_error_code -get_pa_etype_info(krb5_context context, +get_pa_etype_info(krb5_context context, krb5_kdc_configuration *config, - METHOD_DATA *md, hdb_entry *client, - ENCTYPE *etypes, unsigned int etypes_len) + METHOD_DATA *md, Key *ckey) { krb5_error_code ret = 0; - int i, j; - unsigned int n = 0; ETYPE_INFO pa; unsigned char *buf; size_t len; - - pa.len = client->keys.len; - if(pa.len > UINT_MAX/sizeof(*pa.val)) - return ERANGE; - pa.val = malloc(pa.len * sizeof(*pa.val)); + + pa.len = 1; + pa.val = calloc(1, sizeof(pa.val[0])); if(pa.val == NULL) return ENOMEM; - memset(pa.val, 0, pa.len * sizeof(*pa.val)); - for(i = 0; i < client->keys.len; i++) { - for (j = 0; j < n; j++) - if (pa.val[j].etype == client->keys.val[i].key.keytype) - goto skip1; - for(j = 0; j < etypes_len; j++) { - if(client->keys.val[i].key.keytype == etypes[j]) { - if (krb5_enctype_valid(context, etypes[j]) != 0) - continue; - if (!older_enctype(etypes[j])) - continue; - if (n >= pa.len) - krb5_abortx(context, "internal error: n >= p.len"); - if((ret = make_etype_info_entry(context, - &pa.val[n++], - &client->keys.val[i])) != 0) { - free_ETYPE_INFO(&pa); - return ret; - } - break; - } - } - skip1:; - } - for(i = 0; i < client->keys.len; i++) { - /* already added? */ - for(j = 0; j < etypes_len; j++) { - if(client->keys.val[i].key.keytype == etypes[j]) - goto skip2; - } - if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) - continue; - if (!older_enctype(etypes[j])) - continue; - if (n >= pa.len) - krb5_abortx(context, "internal error: n >= p.len"); - if((ret = make_etype_info_entry(context, - &pa.val[n++], - &client->keys.val[i])) != 0) { - free_ETYPE_INFO(&pa); - return ret; - } - skip2:; - } - - if(n < pa.len) { - /* stripped out dups, newer enctypes, and not valid enctypes */ - pa.len = n; + ret = make_etype_info_entry(context, &pa.val[0], ckey); + if (ret) { + free_ETYPE_INFO(&pa); + return ret; } ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret); @@ -565,8 +595,8 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) ent->s2kparams = NULL; return ENOMEM; } - _krb5_put_int(ent->s2kparams->data, - _krb5_AES_string_to_default_iterator, + _krb5_put_int(ent->s2kparams->data, + _krb5_AES_string_to_default_iterator, ent->s2kparams->length); break; case ETYPE_DES_CBC_CRC: @@ -584,7 +614,7 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) ent->s2kparams = NULL; return ENOMEM; } - _krb5_put_int(ent->s2kparams->data, + _krb5_put_int(ent->s2kparams->data, 1, ent->s2kparams->length); } @@ -602,68 +632,24 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key) */ static krb5_error_code -get_pa_etype_info2(krb5_context context, +get_pa_etype_info2(krb5_context context, krb5_kdc_configuration *config, - METHOD_DATA *md, hdb_entry *client, - ENCTYPE *etypes, unsigned int etypes_len) + METHOD_DATA *md, Key *ckey) { krb5_error_code ret = 0; - int i, j; - unsigned int n = 0; ETYPE_INFO2 pa; unsigned char *buf; size_t len; - pa.len = client->keys.len; - if(pa.len > UINT_MAX/sizeof(*pa.val)) - return ERANGE; - pa.val = malloc(pa.len * sizeof(*pa.val)); + pa.len = 1; + pa.val = calloc(1, sizeof(pa.val[0])); if(pa.val == NULL) return ENOMEM; - memset(pa.val, 0, pa.len * sizeof(*pa.val)); - for(i = 0; i < client->keys.len; i++) { - for (j = 0; j < n; j++) - if (pa.val[j].etype == client->keys.val[i].key.keytype) - goto skip1; - for(j = 0; j < etypes_len; j++) { - if(client->keys.val[i].key.keytype == etypes[j]) { - if (krb5_enctype_valid(context, etypes[j]) != 0) - continue; - if (n >= pa.len) - krb5_abortx(context, "internal error: n >= p.len"); - if((ret = make_etype_info2_entry(&pa.val[n++], - &client->keys.val[i])) != 0) { - free_ETYPE_INFO2(&pa); - return ret; - } - break; - } - } - skip1:; - } - /* send enctypes that the client doesn't know about too */ - for(i = 0; i < client->keys.len; i++) { - /* already added? */ - for(j = 0; j < etypes_len; j++) { - if(client->keys.val[i].key.keytype == etypes[j]) - goto skip2; - } - if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) - continue; - if (n >= pa.len) - krb5_abortx(context, "internal error: n >= p.len"); - if((ret = make_etype_info2_entry(&pa.val[n++], - &client->keys.val[i])) != 0) { - free_ETYPE_INFO2(&pa); - return ret; - } - skip2:; - } - - if(n < pa.len) { - /* stripped out dups, and not valid enctypes */ - pa.len = n; + ret = make_etype_info2_entry(&pa.val[0], ckey); + if (ret) { + free_ETYPE_INFO2(&pa); + return ret; } ASN1_MALLOC_ENCODE(ETYPE_INFO2, buf, len, &pa, &len, ret); @@ -693,10 +679,12 @@ log_as_req(krb5_context context, const KDC_REQ_BODY *b) { krb5_error_code ret; - struct rk_strpool *p = NULL; + struct rk_strpool *p; char *str; - int i; - + size_t i; + + p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: "); + for (i = 0; i < b->etype.len; i++) { ret = krb5_enctype_to_string(context, b->etype.val[i], &str); if (ret == 0) { @@ -713,10 +701,6 @@ log_as_req(krb5_context context, } if (p == NULL) p = rk_strpoolprintf(p, "no encryption types"); - - str = rk_strpoolcollect(p); - kdc_log(context, config, 0, "Client supported enctypes: %s", str); - free(str); { char *cet; @@ -726,21 +710,26 @@ log_as_req(krb5_context context, if(ret == 0) { ret = krb5_enctype_to_string(context, setype, &set); if (ret == 0) { - kdc_log(context, config, 5, "Using %s/%s", cet, set); + p = rk_strpoolprintf(p, ", using %s/%s", cet, set); free(set); } free(cet); } if (ret != 0) - kdc_log(context, config, 5, "Using e-types %d/%d", cetype, setype); + p = rk_strpoolprintf(p, ", using enctypes %d/%d", + cetype, setype); } - + + str = rk_strpoolcollect(p); + kdc_log(context, config, 0, "%s", str); + free(str); + { char fixedstr[128]; - unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(), + unparse_flags(KDCOptions2int(b->kdc_options), asn1_KDCOptions_units(), fixedstr, sizeof(fixedstr)); if(*fixedstr) - kdc_log(context, config, 2, "Requested flags: %s", fixedstr); + kdc_log(context, config, 0, "Requested flags: %s", fixedstr); } } @@ -751,65 +740,76 @@ log_as_req(krb5_context context, */ krb5_error_code -_kdc_check_flags(krb5_context context, - krb5_kdc_configuration *config, - hdb_entry_ex *client_ex, const char *client_name, - hdb_entry_ex *server_ex, const char *server_name, - krb5_boolean is_as_req) +kdc_check_flags(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *client_ex, const char *client_name, + hdb_entry_ex *server_ex, const char *server_name, + krb5_boolean is_as_req) { if(client_ex != NULL) { hdb_entry *client = &client_ex->entry; /* check client */ + if (client->flags.locked_out) { + kdc_log(context, config, 0, + "Client (%s) is locked out", client_name); + return KRB5KDC_ERR_POLICY; + } + if (client->flags.invalid) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Client (%s) has invalid bit set", client_name); return KRB5KDC_ERR_POLICY; } - + if(!client->flags.client){ kdc_log(context, config, 0, "Principal may not act as client -- %s", client_name); return KRB5KDC_ERR_POLICY; } - + if (client->valid_start && *client->valid_start > kdc_time) { char starttime_str[100]; - krb5_format_time(context, *client->valid_start, - starttime_str, sizeof(starttime_str), TRUE); + krb5_format_time(context, *client->valid_start, + starttime_str, sizeof(starttime_str), TRUE); kdc_log(context, config, 0, - "Client not yet valid until %s -- %s", + "Client not yet valid until %s -- %s", starttime_str, client_name); return KRB5KDC_ERR_CLIENT_NOTYET; } - + if (client->valid_end && *client->valid_end < kdc_time) { char endtime_str[100]; - krb5_format_time(context, *client->valid_end, - endtime_str, sizeof(endtime_str), TRUE); + krb5_format_time(context, *client->valid_end, + endtime_str, sizeof(endtime_str), TRUE); kdc_log(context, config, 0, "Client expired at %s -- %s", endtime_str, client_name); return KRB5KDC_ERR_NAME_EXP; } - - if (client->pw_end && *client->pw_end < kdc_time + + if (client->pw_end && *client->pw_end < kdc_time && (server_ex == NULL || !server_ex->entry.flags.change_pw)) { char pwend_str[100]; - krb5_format_time(context, *client->pw_end, - pwend_str, sizeof(pwend_str), TRUE); + krb5_format_time(context, *client->pw_end, + pwend_str, sizeof(pwend_str), TRUE); kdc_log(context, config, 0, - "Client's key has expired at %s -- %s", + "Client's key has expired at %s -- %s", pwend_str, client_name); return KRB5KDC_ERR_KEY_EXPIRED; } } /* check server */ - + if (server_ex != NULL) { hdb_entry *server = &server_ex->entry; + if (server->flags.locked_out) { + kdc_log(context, config, 0, + "Client server locked out -- %s", server_name); + return KRB5KDC_ERR_POLICY; + } if (server->flags.invalid) { kdc_log(context, config, 0, "Server has invalid flag set -- %s", server_name); @@ -830,8 +830,8 @@ _kdc_check_flags(krb5_context context, if (server->valid_start && *server->valid_start > kdc_time) { char starttime_str[100]; - krb5_format_time(context, *server->valid_start, - starttime_str, sizeof(starttime_str), TRUE); + krb5_format_time(context, *server->valid_start, + starttime_str, sizeof(starttime_str), TRUE); kdc_log(context, config, 0, "Server not yet valid until %s -- %s", starttime_str, server_name); @@ -840,20 +840,20 @@ _kdc_check_flags(krb5_context context, if (server->valid_end && *server->valid_end < kdc_time) { char endtime_str[100]; - krb5_format_time(context, *server->valid_end, - endtime_str, sizeof(endtime_str), TRUE); + krb5_format_time(context, *server->valid_end, + endtime_str, sizeof(endtime_str), TRUE); kdc_log(context, config, 0, - "Server expired at %s -- %s", + "Server expired at %s -- %s", endtime_str, server_name); return KRB5KDC_ERR_SERVICE_EXP; } if (server->pw_end && *server->pw_end < kdc_time) { char pwend_str[100]; - krb5_format_time(context, *server->pw_end, - pwend_str, sizeof(pwend_str), TRUE); + krb5_format_time(context, *server->pw_end, + pwend_str, sizeof(pwend_str), TRUE); kdc_log(context, config, 0, - "Server's key has expired at -- %s", + "Server's key has expired at -- %s", pwend_str, server_name); return KRB5KDC_ERR_KEY_EXPIRED; } @@ -868,7 +868,7 @@ _kdc_check_flags(krb5_context context, */ krb5_boolean -_kdc_check_addresses(krb5_context context, +_kdc_check_addresses(krb5_context context, krb5_kdc_configuration *config, HostAddresses *addresses, const struct sockaddr *from) { @@ -876,14 +876,14 @@ _kdc_check_addresses(krb5_context context, krb5_address addr; krb5_boolean result; krb5_boolean only_netbios = TRUE; - int i; - + size_t i; + if(config->check_ticket_addresses == 0) return TRUE; if(addresses == NULL) return config->allow_null_ticket_addresses; - + for (i = 0; i < addresses->len; ++i) { if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) { only_netbios = FALSE; @@ -919,7 +919,7 @@ send_pac_p(krb5_context context, KDC_REQ *req) PA_PAC_REQUEST pacreq; const PA_DATA *pa; int i = 0; - + pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST); if (pa == NULL) return TRUE; @@ -937,15 +937,26 @@ send_pac_p(krb5_context context, KDC_REQ *req) return TRUE; } +krb5_boolean +_kdc_is_anonymous(krb5_context context, krb5_principal principal) +{ + if (principal->name.name_type != KRB5_NT_WELLKNOWN || + principal->name.name_string.len != 2 || + strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 || + strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0) + return 0; + return 1; +} + /* * */ krb5_error_code -_kdc_as_rep(krb5_context context, +_kdc_as_rep(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ *req, - const krb5_data *req_buffer, + KDC_REQ *req, + const krb5_data *req_buffer, krb5_data *reply, const char *from, struct sockaddr *from_addr, @@ -955,7 +966,8 @@ _kdc_as_rep(krb5_context context, AS_REP rep; KDCOptions f = b->kdc_options; hdb_entry_ex *client = NULL, *server = NULL; - krb5_enctype cetype, setype, sessionetype; + HDB *clientdb; + krb5_enctype setype, sessionetype; krb5_data e_data; EncTicketPart et; EncKDCRepPart ek; @@ -965,15 +977,20 @@ _kdc_as_rep(krb5_context context, const char *e_text = NULL; krb5_crypto crypto; Key *ckey, *skey; - EncryptionKey *reply_key; - int flags = 0; + EncryptionKey *reply_key = NULL, session_key; + int flags = HDB_F_FOR_AS_REQ; #ifdef PKINIT pk_client_params *pkp = NULL; #endif memset(&rep, 0, sizeof(rep)); + memset(&session_key, 0, sizeof(session_key)); krb5_data_zero(&e_data); + ALLOC(rep.padata); + rep.padata->len = 0; + rep.padata->val = NULL; + if (f.canonicalize) flags |= HDB_F_CANON; @@ -989,37 +1006,21 @@ _kdc_as_rep(krb5_context context, ret = krb5_unparse_name(context, server_princ, &server_name); } if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "AS-REQ malformed server name from %s", from); goto out; } - if(b->cname == NULL){ ret = KRB5KRB_ERR_GENERIC; e_text = "No client in request"; } else { + ret = _krb5_principalname2krb5_principal (context, + &client_princ, + *(b->cname), + b->realm); + if (ret) + goto out; - if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { - if (b->cname->name_string.len != 1) { - kdc_log(context, config, 0, - "AS-REQ malformed canon request from %s, " - "enterprise name with %d name components", - from, b->cname->name_string.len); - ret = KRB5_PARSE_MALFORMED; - goto out; - } - ret = krb5_parse_name(context, b->cname->name_string.val[0], - &client_princ); - if (ret) - goto out; - } else { - ret = _krb5_principalname2krb5_principal (context, - &client_princ, - *(b->cname), - b->realm); - if (ret) - goto out; - } ret = krb5_unparse_name(context, client_princ, &client_name); } if (ret) { @@ -1028,42 +1029,92 @@ _kdc_as_rep(krb5_context context, goto out; } - kdc_log(context, config, 0, "AS-REQ %s from %s for %s", + kdc_log(context, config, 0, "AS-REQ %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch(context, config, client_princ, - HDB_F_GET_CLIENT | flags, NULL, &client); - if(ret){ - kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, - krb5_get_err_text(context, ret)); + /* + * + */ + + if (_kdc_is_anonymous(context, client_princ)) { + if (!b->kdc_options.request_anonymous) { + kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag"); + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + goto out; + } + } else if (b->kdc_options.request_anonymous) { + kdc_log(context, config, 0, + "Request for a anonymous ticket with non " + "anonymous client name: %s", client_name); ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto out; } + /* + * + */ + + ret = _kdc_db_fetch(context, config, client_princ, + HDB_F_GET_CLIENT | flags, NULL, + &clientdb, &client); + if(ret == HDB_ERR_NOT_FOUND_HERE) { + kdc_log(context, config, 5, "client %s does not have secrets at this KDC, need to proxy", client_name); + goto out; + } else if(ret){ + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "UNKNOWN -- %s: %s", client_name, msg); + krb5_free_error_message(context, msg); + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + goto out; + } ret = _kdc_db_fetch(context, config, server_princ, - HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - NULL, &server); - if(ret){ - kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, - krb5_get_err_text(context, ret)); + HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags, + NULL, NULL, &server); + if(ret == HDB_ERR_NOT_FOUND_HERE) { + kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name); + goto out; + } else if(ret){ + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg); + krb5_free_error_message(context, msg); ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } - ret = _kdc_windc_client_access(context, client, req); - if(ret) - goto out; - - ret = _kdc_check_flags(context, config, - client, client_name, - server, server_name, - TRUE); - if(ret) - goto out; - memset(&et, 0, sizeof(et)); memset(&ek, 0, sizeof(ek)); + /* + * Select a session enctype from the list of the crypto system + * supported enctypes that is supported by the client and is one of + * the enctype of the enctype of the service (likely krbtgt). + * + * The latter is used as a hint of what enctypes all KDC support, + * to make sure a newer version of KDC won't generate a session + * enctype that an older version of a KDC in the same realm can't + * decrypt. + */ + ret = _kdc_find_etype(context, config->as_use_strongest_session_key, FALSE, + client, b->etype.val, b->etype.len, &sessionetype, + NULL); + if (ret) { + kdc_log(context, config, 0, + "Client (%s) from %s has no common enctypes with KDC " + "to use for the session key", + client_name, from); + goto out; + } + /* + * But if the KDC admin is paranoid and doesn't want to have "not + * the best" enctypes on the krbtgt, lets save the best pick from + * the client list and hope that that will work for any other + * KDCs. + */ + + /* + * Pre-auth processing + */ + if(req->padata){ int i; const PA_DATA *pa; @@ -1072,27 +1123,25 @@ _kdc_as_rep(krb5_context context, log_patypes(context, config, req->padata); #ifdef PKINIT - kdc_log(context, config, 5, + kdc_log(context, config, 5, "Looking for PKINIT pa-data -- %s", client_name); e_text = "No PKINIT PA found"; i = 0; - if ((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ))) - ; + pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ); if (pa == NULL) { i = 0; - if((pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN))) - ; + pa = _kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_REQ_WIN); } if (pa) { char *client_cert = NULL; - ret = _kdc_pk_rd_padata(context, config, req, pa, &pkp); + ret = _kdc_pk_rd_padata(context, config, req, pa, client, &pkp); if (ret) { ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - kdc_log(context, config, 5, - "Failed to decode PKINIT PA-DATA -- %s", + kdc_log(context, config, 5, + "Failed to decode PKINIT PA-DATA -- %s", client_name); goto ts_enc; } @@ -1101,6 +1150,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_pk_check_client(context, config, + clientdb, client, pkp, &client_cert); @@ -1113,10 +1163,11 @@ _kdc_as_rep(krb5_context context, pkp = NULL; goto out; } + found_pa = 1; et.flags.pre_authent = 1; kdc_log(context, config, 0, - "PKINIT pre-authentication succeeded -- %s using %s", + "PKINIT pre-authentication succeeded -- %s using %s", client_name, client_cert); free(client_cert); if (pkp) @@ -1124,7 +1175,7 @@ _kdc_as_rep(krb5_context context, } ts_enc: #endif - kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s", + kdc_log(context, config, 5, "Looking for ENC-TS pa-data -- %s", client_name); i = 0; @@ -1136,21 +1187,27 @@ _kdc_as_rep(krb5_context context, EncryptedData enc_data; Key *pa_key; char *str; - + found_pa = 1; - + + if (b->kdc_options.request_anonymous) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + kdc_log(context, config, 0, "ENC-TS doesn't support anon"); + goto out; + } + ret = decode_EncryptedData(pa->padata_value.data, pa->padata_value.length, &enc_data, &len); if (ret) { ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s", + kdc_log(context, config, 5, "Failed to decode PA-DATA -- %s", client_name); goto out; } - - ret = hdb_enctype2key(context, &client->entry, + + ret = hdb_enctype2key(context, &client->entry, enc_data.etype, &pa_key); if(ret){ char *estr; @@ -1159,24 +1216,25 @@ _kdc_as_rep(krb5_context context, if(krb5_enctype_to_string(context, enc_data.etype, &estr)) estr = NULL; if(estr == NULL) - kdc_log(context, config, 5, - "No client key matching pa-data (%d) -- %s", + kdc_log(context, config, 5, + "No client key matching pa-data (%d) -- %s", enc_data.etype, client_name); else kdc_log(context, config, 5, - "No client key matching pa-data (%s) -- %s", + "No client key matching pa-data (%s) -- %s", estr, client_name); free(estr); - free_EncryptedData(&enc_data); + continue; } try_next_key: ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto); if (ret) { - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); + krb5_free_error_message(context, msg); free_EncryptedData(&enc_data); continue; } @@ -1187,26 +1245,36 @@ _kdc_as_rep(krb5_context context, &enc_data, &ts_data); krb5_crypto_destroy(context, crypto); + /* + * Since the user might have several keys with the same + * enctype but with diffrent salting, we need to try all + * the keys with the same enctype. + */ if(ret){ krb5_error_code ret2; - ret2 = krb5_enctype_to_string(context, + const char *msg = krb5_get_error_message(context, ret); + + ret2 = krb5_enctype_to_string(context, pa_key->key.keytype, &str); if (ret2) str = NULL; - kdc_log(context, config, 5, + kdc_log(context, config, 5, "Failed to decrypt PA-DATA -- %s " "(enctype %s) error %s", - client_name, - str ? str : "unknown enctype", - krb5_get_err_text(context, ret)); + client_name, str ? str : "unknown enctype", msg); + krb5_free_error_message(context, msg); free(str); - if(hdb_next_enctype2key(context, &client->entry, + if(hdb_next_enctype2key(context, &client->entry, enc_data.etype, &pa_key) == 0) goto try_next_key; e_text = "Failed to decrypt PA-DATA"; free_EncryptedData(&enc_data); + + if (clientdb->hdb_auth_status) + (clientdb->hdb_auth_status)(context, clientdb, client, HDB_AUTH_WRONG_PASSWORD); + ret = KRB5KDC_ERR_PREAUTH_FAILED; continue; } @@ -1219,7 +1287,7 @@ _kdc_as_rep(krb5_context context, if(ret){ e_text = "Failed to decode PA-ENC-TS-ENC"; ret = KRB5KDC_ERR_PREAUTH_FAILED; - kdc_log(context, config, + kdc_log(context, config, 5, "Failed to decode PA-ENC-TS_ENC -- %s", client_name); continue; @@ -1227,41 +1295,39 @@ _kdc_as_rep(krb5_context context, free_PA_ENC_TS_ENC(&p); if (abs(kdc_time - p.patimestamp) > context->max_skew) { char client_time[100]; - - krb5_format_time(context, p.patimestamp, - client_time, sizeof(client_time), TRUE); + + krb5_format_time(context, p.patimestamp, + client_time, sizeof(client_time), TRUE); ret = KRB5KRB_AP_ERR_SKEW; kdc_log(context, config, 0, "Too large time skew, " - "client time %s is out by %u > %u seconds -- %s", - client_time, - (unsigned)abs(kdc_time - p.patimestamp), + "client time %s is out by %u > %u seconds -- %s", + client_time, + (unsigned)abs(kdc_time - p.patimestamp), context->max_skew, client_name); -#if 0 - /* This code is from samba, needs testing */ - /* - * the following is needed to make windows clients - * to retry using the timestamp in the error message - * - * this is maybe a bug in windows to not trying when e_text - * is present... + + /* + * The following is needed to make windows clients to + * retry using the timestamp in the error message, if + * there is a e_text, they become unhappy. */ e_text = NULL; -#else - e_text = "Too large time skew"; -#endif goto out; } et.flags.pre_authent = 1; - ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str); + set_salt_padata(rep.padata, pa_key->salt); + + reply_key = &pa_key->key; + + ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str); if (ret) str = NULL; kdc_log(context, config, 2, - "ENC-TS Pre-authentication succeeded -- %s using %s", + "ENC-TS Pre-authentication succeeded -- %s using %s", client_name, str ? str : "unknown enctype"); free(str); break; @@ -1279,6 +1345,7 @@ _kdc_as_rep(krb5_context context, goto out; } }else if (config->require_preauth + || b->kdc_options.request_anonymous /* hack to force anon */ || client->entry.flags.require_preauth || server->entry.flags.require_preauth) { METHOD_DATA method_data; @@ -1286,11 +1353,15 @@ _kdc_as_rep(krb5_context context, unsigned char *buf; size_t len; - use_pa: + use_pa: method_data.len = 0; method_data.val = NULL; ret = realloc_method_data(&method_data); + if (ret) { + free_METHOD_DATA(&method_data); + goto out; + } pa = &method_data.val[method_data.len-1]; pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; pa->padata_value.length = 0; @@ -1298,36 +1369,62 @@ _kdc_as_rep(krb5_context context, #ifdef PKINIT ret = realloc_method_data(&method_data); + if (ret) { + free_METHOD_DATA(&method_data); + goto out; + } pa = &method_data.val[method_data.len-1]; pa->padata_type = KRB5_PADATA_PK_AS_REQ; pa->padata_value.length = 0; pa->padata_value.data = NULL; ret = realloc_method_data(&method_data); + if (ret) { + free_METHOD_DATA(&method_data); + goto out; + } pa = &method_data.val[method_data.len-1]; pa->padata_type = KRB5_PADATA_PK_AS_REQ_WIN; pa->padata_value.length = 0; pa->padata_value.data = NULL; #endif - /* - * RFC4120 requires: - * - If the client only knows about old enctypes, then send - * both info replies (we send 'info' first in the list). - * - If the client is 'modern', because it knows about 'new' - * enctype types, then only send the 'info2' reply. + /* + * If there is a client key, send ETYPE_INFO{,2} */ + ret = _kdc_find_etype(context, + config->preauth_use_strongest_session_key, TRUE, + client, b->etype.val, b->etype.len, NULL, &ckey); + if (ret == 0) { - /* XXX check ret */ - if (only_older_enctype_p(req)) - ret = get_pa_etype_info(context, config, - &method_data, &client->entry, - b->etype.val, b->etype.len); - /* XXX check ret */ - ret = get_pa_etype_info2(context, config, &method_data, - &client->entry, b->etype.val, b->etype.len); + /* + * RFC4120 requires: + * - If the client only knows about old enctypes, then send + * both info replies (we send 'info' first in the list). + * - If the client is 'modern', because it knows about 'new' + * enctype types, then only send the 'info2' reply. + * + * Before we send the full list of etype-info data, we pick + * the client key we would have used anyway below, just pick + * that instead. + */ + + if (older_enctype(ckey->key.keytype)) { + ret = get_pa_etype_info(context, config, + &method_data, ckey); + if (ret) { + free_METHOD_DATA(&method_data); + goto out; + } + } + ret = get_pa_etype_info2(context, config, + &method_data, ckey); + if (ret) { + free_METHOD_DATA(&method_data); + goto out; + } + } - ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret); free_METHOD_DATA(&method_data); @@ -1342,103 +1439,54 @@ _kdc_as_rep(krb5_context context, client_name); goto out; } - + + if (clientdb->hdb_auth_status) + (clientdb->hdb_auth_status)(context, clientdb, client, + HDB_AUTH_SUCCESS); + /* - * Find the client key (for preauth ENC-TS verification and reply - * encryption). Then the best encryption type for the KDC and - * last the best session key that shared between the client and - * KDC runtime enctypes. + * Verify flags after the user been required to prove its identity + * with in a preauth mech. */ - ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, - &ckey, &cetype); - if (ret) { - kdc_log(context, config, 0, - "Client (%s) has no support for etypes", client_name); + ret = _kdc_check_access(context, config, client, client_name, + server, server_name, + req, &e_data); + if(ret) goto out; - } - + + /* + * Selelct the best encryption type for the KDC with out regard to + * the client since the client never needs to read that data. + */ + ret = _kdc_get_preferred_key(context, config, server, server_name, &setype, &skey); if(ret) goto out; - /* - * Select a session enctype from the list of the crypto systems - * supported enctype, is supported by the client and is one of the - * enctype of the enctype of the krbtgt. - * - * The later is used as a hint what enctype all KDC are supporting - * to make sure a newer version of KDC wont generate a session - * enctype that and older version of a KDC in the same realm can't - * decrypt. - * - * But if the KDC admin is paranoid and doesn't want to have "no - * the best" enctypes on the krbtgt, lets save the best pick from - * the client list and hope that that will work for any other - * KDCs. - */ - { - const krb5_enctype *p; - krb5_enctype clientbest = ETYPE_NULL; - int i, j; - - p = krb5_kerberos_enctypes(context); - - sessionetype = ETYPE_NULL; - - for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { - if (krb5_enctype_valid(context, p[i]) != 0) - continue; - - for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) { - Key *dummy; - /* check with client */ - if (p[i] != b->etype.val[j]) - continue; - /* save best of union of { client, crypto system } */ - if (clientbest == ETYPE_NULL) - clientbest = p[i]; - /* check with krbtgt */ - ret = hdb_enctype2key(context, &server->entry, p[i], &dummy); - if (ret) - continue; - sessionetype = p[i]; - } - } - /* if krbtgt had no shared keys with client, pick clients best */ - if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) { - sessionetype = clientbest; - } else if (sessionetype == ETYPE_NULL) { - kdc_log(context, config, 0, - "Client (%s) from %s has no common enctypes with KDC" - "to use for the session key", - client_name, from); - goto out; - } - } - - log_as_req(context, config, cetype, setype, b); - if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey || (f.request_anonymous && !config->allow_anonymous)) { ret = KRB5KDC_ERR_BADOPTION; + e_text = "Bad KDC options"; kdc_log(context, config, 0, "Bad KDC options -- %s", client_name); goto out; } - + rep.pvno = 5; rep.msg_type = krb_as_rep; - copy_Realm(&client->entry.principal->realm, &rep.crealm); - if (f.request_anonymous) - _kdc_make_anonymous_principalname (&rep.cname); - else - _krb5_principal2principalname(&rep.cname, - client->entry.principal); + + ret = copy_Realm(&client->entry.principal->realm, &rep.crealm); + if (ret) + goto out; + ret = _krb5_principal2principalname(&rep.cname, client->entry.principal); + if (ret) + goto out; + rep.ticket.tkt_vno = 5; copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); - _krb5_principal2principalname(&rep.ticket.sname, + _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); /* java 1.6 expects the name to be the same type, lets allow that * uncomplicated name-types. */ @@ -1451,6 +1499,7 @@ _kdc_as_rep(krb5_context context, if(client->entry.flags.forwardable && server->entry.flags.forwardable) et.flags.forwardable = f.forwardable; else if (f.forwardable) { + e_text = "Ticket may not be forwardable"; ret = KRB5KDC_ERR_POLICY; kdc_log(context, config, 0, "Ticket may not be forwardable -- %s", client_name); @@ -1459,14 +1508,16 @@ _kdc_as_rep(krb5_context context, if(client->entry.flags.proxiable && server->entry.flags.proxiable) et.flags.proxiable = f.proxiable; else if (f.proxiable) { + e_text = "Ticket may not be proxiable"; ret = KRB5KDC_ERR_POLICY; - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Ticket may not be proxiable -- %s", client_name); goto out; } if(client->entry.flags.postdate && server->entry.flags.postdate) et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ + e_text = "Ticket may not be postdate"; ret = KRB5KDC_ERR_POLICY; kdc_log(context, config, 0, "Ticket may not be postdatable -- %s", client_name); @@ -1475,24 +1526,26 @@ _kdc_as_rep(krb5_context context, /* check for valid set of addresses */ if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) { + e_text = "Bad address list in requested"; ret = KRB5KRB_AP_ERR_BADADDR; kdc_log(context, config, 0, "Bad address list requested -- %s", client_name); goto out; } - ret = krb5_generate_random_keyblock(context, sessionetype, &et.key); + ret = copy_PrincipalName(&rep.cname, &et.cname); if (ret) goto out; - copy_PrincipalName(&rep.cname, &et.cname); - copy_Realm(&rep.crealm, &et.crealm); - + ret = copy_Realm(&rep.crealm, &et.crealm); + if (ret) + goto out; + { time_t start; time_t t; - + start = et.authtime = kdc_time; - + if(f.postdated && req->req_body.from){ ALLOC(et.starttime); start = *et.starttime = *req->req_body.from; @@ -1540,16 +1593,14 @@ _kdc_as_rep(krb5_context context, if (f.request_anonymous) et.flags.anonymous = 1; - + if(b->addresses){ ALLOC(et.caddr); copy_HostAddresses(b->addresses, et.caddr); } - + et.transited.tr_type = DOMAIN_X500_COMPRESS; - krb5_data_zero(&et.transited.contents); - - copy_EncryptionKey(&et.key, &ek.key); + krb5_data_zero(&et.transited.contents); /* The MIT ASN.1 library (obviously) doesn't tell lengths encoded * as 0 and as 0x80 (meaning indefinite length) apart, and is thus @@ -1588,7 +1639,7 @@ _kdc_as_rep(krb5_context context, ALLOC(ek.key_expiration); if (client->entry.valid_end) { if (client->entry.pw_end) - *ek.key_expiration = min(*client->entry.valid_end, + *ek.key_expiration = min(*client->entry.valid_end, *client->entry.pw_end); else *ek.key_expiration = *client->entry.valid_end; @@ -1614,16 +1665,12 @@ _kdc_as_rep(krb5_context context, copy_HostAddresses(et.caddr, ek.caddr); } - ALLOC(rep.padata); - rep.padata->len = 0; - rep.padata->val = NULL; - - reply_key = &ckey->key; #if PKINIT if (pkp) { - ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, - req, req_buffer, - &reply_key, rep.padata); + e_text = "Failed to build PK-INIT reply"; + ret = _kdc_pk_mk_pa_reply(context, config, pkp, client, + sessionetype, req, req_buffer, + &reply_key, &et.key, rep.padata); if (ret) goto out; ret = _kdc_add_inital_verified_cas(context, @@ -1632,51 +1679,65 @@ _kdc_as_rep(krb5_context context, &et); if (ret) goto out; - } -#endif - set_salt_padata (rep.padata, ckey->salt); + } else +#endif + { + ret = krb5_generate_random_keyblock(context, sessionetype, &et.key); + if (ret) + goto out; + } + + if (reply_key == NULL) { + e_text = "Client have no reply key"; + ret = KRB5KDC_ERR_CLIENT_NOTYET; + goto out; + } + + ret = copy_EncryptionKey(&et.key, &ek.key); + if (ret) + goto out; /* Add signing of alias referral */ if (f.canonicalize) { PA_ClientCanonicalized canon; krb5_data data; PA_DATA pa; - krb5_crypto crypto; - size_t len; + krb5_crypto cryptox; + size_t len = 0; memset(&canon, 0, sizeof(canon)); canon.names.requested_name = *b->cname; - canon.names.real_name = client->entry.principal->name; + canon.names.mapped_name = client->entry.principal->name; ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, &canon.names, &len, ret); - if (ret) + if (ret) goto out; if (data.length != len) krb5_abortx(context, "internal asn.1 error"); /* sign using "returned session key" */ - ret = krb5_crypto_init(context, &et.key, 0, &crypto); + ret = krb5_crypto_init(context, &et.key, 0, &cryptox); if (ret) { free(data.data); goto out; } - ret = krb5_create_checksum(context, crypto, + ret = krb5_create_checksum(context, cryptox, KRB5_KU_CANONICALIZED_NAMES, 0, data.data, data.length, &canon.canon_checksum); free(data.data); - krb5_crypto_destroy(context, crypto); + krb5_crypto_destroy(context, cryptox); if (ret) goto out; - + ASN1_MALLOC_ENCODE(PA_ClientCanonicalized, data.data, data.length, &canon, &len, ret); free_Checksum(&canon.canon_checksum); - if (ret) + if (ret) goto out; if (data.length != len) krb5_abortx(context, "internal asn.1 error"); @@ -1701,19 +1762,19 @@ _kdc_as_rep(krb5_context context, ret = _kdc_pac_generate(context, client, &p); if (ret) { - kdc_log(context, config, 0, "PAC generation failed for -- %s", + kdc_log(context, config, 0, "PAC generation failed for -- %s", client_name); goto out; } if (p != NULL) { ret = _krb5_pac_sign(context, p, et.authtime, client->entry.principal, - &skey->key, /* Server key */ + &skey->key, /* Server key */ &skey->key, /* FIXME: should be krbtgt key */ &data); krb5_pac_free(context, p); if (ret) { - kdc_log(context, config, 0, "PAC signing failed for -- %s", + kdc_log(context, config, 0, "PAC signing failed for -- %s", client_name); goto out; } @@ -1727,7 +1788,7 @@ _kdc_as_rep(krb5_context context, } } - _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, + _kdc_log_timestamp(context, config, "AS-REQ", et.authtime, et.starttime, et.endtime, et.renew_till); /* do this as the last thing since this signs the EncTicketPart */ @@ -1735,16 +1796,19 @@ _kdc_as_rep(krb5_context context, config, server, setype, + client->entry.principal, NULL, NULL, &et); if (ret) goto out; - ret = _kdc_encode_reply(context, config, - &rep, &et, &ek, setype, server->entry.kvno, - &skey->key, client->entry.kvno, - reply_key, &e_text, reply); + log_as_req(context, config, reply_key->keytype, setype, b); + + ret = _kdc_encode_reply(context, config, + &rep, &et, &ek, setype, server->entry.kvno, + &skey->key, client->entry.kvno, + reply_key, 0, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); if (ret) @@ -1759,7 +1823,7 @@ _kdc_as_rep(krb5_context context, out: free_AS_REP(&rep); - if(ret){ + if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE){ krb5_mk_error(context, ret, e_text, @@ -1791,8 +1855,8 @@ out: } /* - * Add the AuthorizationData `data´ of `type´ to the last element in - * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT + * Add the AuthorizationData `data´ of `type´ to the last element in + * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT */ krb5_error_code @@ -1802,16 +1866,16 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, const krb5_data *data) { krb5_error_code ret; - size_t size; + size_t size = 0; if (tkt->authorization_data == NULL) { tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data)); if (tkt->authorization_data == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } } - + /* add the entry to the last element */ { AuthorizationData ad = { 0, NULL }; @@ -1822,28 +1886,28 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context, ret = add_AuthorizationData(&ad, &ade); if (ret) { - krb5_set_error_string(context, "add AuthorizationData failed"); + krb5_set_error_message(context, ret, "add AuthorizationData failed"); return ret; } ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT; - ASN1_MALLOC_ENCODE(AuthorizationData, - ade.ad_data.data, ade.ad_data.length, + ASN1_MALLOC_ENCODE(AuthorizationData, + ade.ad_data.data, ade.ad_data.length, &ad, &size, ret); free_AuthorizationData(&ad); if (ret) { - krb5_set_error_string(context, "ASN.1 encode of " - "AuthorizationData failed"); + krb5_set_error_message(context, ret, "ASN.1 encode of " + "AuthorizationData failed"); return ret; } if (ade.ad_data.length != size) krb5_abortx(context, "internal asn.1 encoder error"); - + ret = add_AuthorizationData(tkt->authorization_data, &ade); der_free_octet_string(&ade.ad_data); if (ret) { - krb5_set_error_string(context, "add AuthorizationData failed"); + krb5_set_error_message(context, ret, "add AuthorizationData failed"); return ret; } } diff --git a/crypto/heimdal/kdc/krb5tgs.c b/crypto/heimdal/kdc/krb5tgs.c index 32bdee9799c..5bf68cdfdc2 100644 --- a/crypto/heimdal/kdc/krb5tgs.c +++ b/crypto/heimdal/kdc/krb5tgs.c @@ -1,45 +1,43 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 22071 2007-11-14 20:04:50Z lha $"); - /* * return the realm of a krbtgt-ticket or NULL */ -static Realm +static Realm get_krbtgt_realm(const PrincipalName *p) { if(p->name_string.len == 2 @@ -66,7 +64,7 @@ find_KRB5SignedPath(krb5_context context, AuthorizationData child; krb5_error_code ret; int pos; - + if (ad == NULL || ad->len == 0) return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; @@ -80,8 +78,8 @@ find_KRB5SignedPath(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", ret); return ret; } @@ -106,28 +104,31 @@ _kdc_add_KRB5SignedPath(krb5_context context, krb5_kdc_configuration *config, hdb_entry_ex *krbtgt, krb5_enctype enctype, + krb5_principal client, krb5_const_principal server, - KRB5SignedPathPrincipals *principals, + krb5_principals principals, EncTicketPart *tkt) { krb5_error_code ret; KRB5SignedPath sp; krb5_data data; krb5_crypto crypto = NULL; - size_t size; + size_t size = 0; if (server && principals) { - ret = add_KRB5SignedPathPrincipals(principals, server); + ret = add_Principals(principals, server); if (ret) return ret; } { KRB5SignedPathData spd; - - spd.encticket = *tkt; + + spd.client = client; + spd.authtime = tkt->authtime; spd.delegated = principals; - + spd.method_data = NULL; + ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length, &spd, &size, ret); if (ret) @@ -153,6 +154,7 @@ _kdc_add_KRB5SignedPath(krb5_context context, sp.etype = enctype; sp.delegated = principals; + sp.method_data = NULL; ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, 0, data.data, data.length, &sp.cksum); @@ -168,7 +170,7 @@ _kdc_add_KRB5SignedPath(krb5_context context, if (data.length != size) krb5_abortx(context, "internal asn.1 encoder error"); - + /* * Add IF-RELEVANT(KRB5SignedPath) to the last slot in * authorization data field. @@ -185,39 +187,36 @@ static krb5_error_code check_KRB5SignedPath(krb5_context context, krb5_kdc_configuration *config, hdb_entry_ex *krbtgt, + krb5_principal cp, EncTicketPart *tkt, - KRB5SignedPathPrincipals **delegated, - int require_signedpath) + krb5_principals *delegated, + int *signedpath) { krb5_error_code ret; krb5_data data; krb5_crypto crypto = NULL; - *delegated = NULL; + if (delegated) + *delegated = NULL; ret = find_KRB5SignedPath(context, tkt->authorization_data, &data); if (ret == 0) { KRB5SignedPathData spd; KRB5SignedPath sp; - AuthorizationData *ad; - size_t size; + size_t size = 0; ret = decode_KRB5SignedPath(data.data, data.length, &sp, NULL); krb5_data_free(&data); if (ret) return ret; - spd.encticket = *tkt; - /* the KRB5SignedPath is the last entry */ - ad = spd.encticket.authorization_data; - if (--ad->len == 0) - spd.encticket.authorization_data = NULL; + spd.client = cp; + spd.authtime = tkt->authtime; spd.delegated = sp.delegated; + spd.method_data = sp.method_data; ASN1_MALLOC_ENCODE(KRB5SignedPathData, data.data, data.length, &spd, &size, ret); - ad->len++; - spd.encticket.authorization_data = ad; if (ret) { free_KRB5SignedPath(&sp); return ret; @@ -236,17 +235,19 @@ check_KRB5SignedPath(krb5_context context, return ret; } } - ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, - data.data, data.length, + ret = krb5_verify_checksum(context, crypto, KRB5_KU_KRB5SIGNEDPATH, + data.data, data.length, &sp.cksum); krb5_crypto_destroy(context, crypto); free(data.data); if (ret) { free_KRB5SignedPath(&sp); - return ret; + kdc_log(context, config, 5, + "KRB5SignedPath not signed correctly, not marking as signed"); + return 0; } - if (sp.delegated) { + if (delegated && sp.delegated) { *delegated = malloc(sizeof(*sp.delegated)); if (*delegated == NULL) { @@ -254,7 +255,7 @@ check_KRB5SignedPath(krb5_context context, return ENOMEM; } - ret = copy_KRB5SignedPathPrincipals(*delegated, sp.delegated); + ret = copy_Principals(*delegated, sp.delegated); if (ret) { free_KRB5SignedPath(&sp); free(*delegated); @@ -263,10 +264,8 @@ check_KRB5SignedPath(krb5_context context, } } free_KRB5SignedPath(&sp); - - } else { - if (require_signedpath) - return KRB5KDC_ERR_BADOPTION; + + *signedpath = 1; } return 0; @@ -280,13 +279,17 @@ static krb5_error_code check_PAC(krb5_context context, krb5_kdc_configuration *config, const krb5_principal client_principal, + const krb5_principal delegated_proxy_principal, hdb_entry_ex *client, hdb_entry_ex *server, - const EncryptionKey *server_key, - const EncryptionKey *krbtgt_key, + hdb_entry_ex *krbtgt, + const EncryptionKey *server_check_key, + const EncryptionKey *krbtgt_check_key, + const EncryptionKey *server_sign_key, + const EncryptionKey *krbtgt_sign_key, EncTicketPart *tkt, krb5_data *rspac, - int *require_signedpath) + int *signedpath) { AuthorizationData *ad = tkt->authorization_data; unsigned i, j; @@ -306,13 +309,14 @@ check_PAC(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, "Failed to decode " + "IF_RELEVANT with %d", ret); return ret; } for (j = 0; j < child.len; j++) { if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) { + int signed_pac = 0; krb5_pac pac; /* Found PAC */ @@ -324,26 +328,34 @@ check_PAC(krb5_context context, if (ret) return ret; - ret = krb5_pac_verify(context, pac, tkt->authtime, + ret = krb5_pac_verify(context, pac, tkt->authtime, client_principal, - krbtgt_key, NULL); + server_check_key, krbtgt_check_key); if (ret) { krb5_pac_free(context, pac); return ret; } - ret = _kdc_pac_verify(context, client_principal, - client, server, &pac); + ret = _kdc_pac_verify(context, client_principal, + delegated_proxy_principal, + client, server, krbtgt, &pac, &signed_pac); if (ret) { krb5_pac_free(context, pac); return ret; } - *require_signedpath = 0; - - ret = _krb5_pac_sign(context, pac, tkt->authtime, - client_principal, - server_key, krbtgt_key, rspac); + /* + * Only re-sign PAC if we could verify it with the PAC + * function. The no-verify case happens when we get in + * a PAC from cross realm from a Windows domain and + * that there is no PAC verification function. + */ + if (signed_pac) { + *signedpath = 1; + ret = _krb5_pac_sign(context, pac, tkt->authtime, + client_principal, + server_sign_key, krbtgt_sign_key, rspac); + } krb5_pac_free(context, pac); return ret; @@ -359,12 +371,12 @@ check_PAC(krb5_context context, */ static krb5_error_code -check_tgs_flags(krb5_context context, +check_tgs_flags(krb5_context context, krb5_kdc_configuration *config, KDC_REQ_BODY *b, const EncTicketPart *tgt, EncTicketPart *et) { KDCOptions f = b->kdc_options; - + if(f.validate){ if(!tgt->flags.invalid || tgt->starttime == NULL){ kdc_log(context, config, 0, @@ -379,7 +391,7 @@ check_tgs_flags(krb5_context context, /* XXX tkt = tgt */ et->flags.invalid = 0; }else if(tgt->flags.invalid){ - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Ticket-granting ticket has INVALID flag set"); return KRB5KRB_AP_ERR_TKT_INVALID; } @@ -403,7 +415,7 @@ check_tgs_flags(krb5_context context, } if(tgt->flags.forwarded) et->flags.forwarded = 1; - + if(f.proxiable){ if(!tgt->flags.proxiable){ kdc_log(context, config, 0, @@ -448,7 +460,7 @@ check_tgs_flags(krb5_context context, } if(f.renewable){ - if(!tgt->flags.renewable){ + if(!tgt->flags.renewable || tgt->renew_till == NULL){ kdc_log(context, config, 0, "Bad request for renewable ticket"); return KRB5KDC_ERR_BADOPTION; @@ -473,8 +485,8 @@ check_tgs_flags(krb5_context context, et->endtime = *et->starttime + old_life; if (et->renew_till != NULL) et->endtime = min(*et->renew_till, et->endtime); - } - + } + #if 0 /* checks for excess flags */ if(f.request_anonymous && !config->allow_anonymous){ @@ -487,34 +499,90 @@ check_tgs_flags(krb5_context context, } /* - * + * Determine if constrained delegation is allowed from this client to this server */ static krb5_error_code -check_constrained_delegation(krb5_context context, +check_constrained_delegation(krb5_context context, krb5_kdc_configuration *config, + HDB *clientdb, hdb_entry_ex *client, - krb5_const_principal server) + hdb_entry_ex *server, + krb5_const_principal target) { const HDB_Ext_Constrained_delegation_acl *acl; krb5_error_code ret; - int i; + size_t i; - ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); - if (ret) { - krb5_clear_error_string(context); + /* + * constrained_delegation (S4U2Proxy) only works within + * the same realm. We use the already canonicalized version + * of the principals here, while "target" is the principal + * provided by the client. + */ + if(!krb5_realm_compare(context, client->entry.principal, server->entry.principal)) { + ret = KRB5KDC_ERR_BADOPTION; + kdc_log(context, config, 0, + "Bad request for constrained delegation"); return ret; } - if (acl) { - for (i = 0; i < acl->len; i++) { - if (krb5_principal_compare(context, server, &acl->val[i]) == TRUE) - return 0; + if (clientdb->hdb_check_constrained_delegation) { + ret = clientdb->hdb_check_constrained_delegation(context, clientdb, client, target); + if (ret == 0) + return 0; + } else { + /* if client delegates to itself, that ok */ + if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) + return 0; + + ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); + if (ret) { + krb5_clear_error_message(context); + return ret; } + + if (acl) { + for (i = 0; i < acl->len; i++) { + if (krb5_principal_compare(context, target, &acl->val[i]) == TRUE) + return 0; + } + } + ret = KRB5KDC_ERR_BADOPTION; } kdc_log(context, config, 0, "Bad request for constrained delegation"); - return KRB5KDC_ERR_BADOPTION; + return ret; +} + +/* + * Determine if s4u2self is allowed from this client to this server + * + * For example, regardless of the principal being impersonated, if the + * 'client' and 'server' are the same, then it's safe. + */ + +static krb5_error_code +check_s4u2self(krb5_context context, + krb5_kdc_configuration *config, + HDB *clientdb, + hdb_entry_ex *client, + krb5_const_principal server) +{ + krb5_error_code ret; + + /* if client does a s4u2self to itself, that ok */ + if (krb5_principal_compare(context, client->entry.principal, server) == TRUE) + return 0; + + if (clientdb->hdb_check_s4u2self) { + ret = clientdb->hdb_check_s4u2self(context, clientdb, client, server); + if (ret == 0) + return 0; + } else { + ret = KRB5KDC_ERR_BADOPTION; + } + return ret; } /* @@ -522,7 +590,7 @@ check_constrained_delegation(krb5_context context, */ static krb5_error_code -verify_flags (krb5_context context, +verify_flags (krb5_context context, krb5_kdc_configuration *config, const EncTicketPart *et, const char *pstr) @@ -543,19 +611,19 @@ verify_flags (krb5_context context, */ static krb5_error_code -fix_transited_encoding(krb5_context context, +fix_transited_encoding(krb5_context context, krb5_kdc_configuration *config, krb5_boolean check_policy, - const TransitedEncoding *tr, - EncTicketPart *et, - const char *client_realm, - const char *server_realm, + const TransitedEncoding *tr, + EncTicketPart *et, + const char *client_realm, + const char *server_realm, const char *tgt_realm) { krb5_error_code ret = 0; char **realms, **tmp; - int num_realms; - int i; + unsigned int num_realms; + size_t i; switch (tr->tr_type) { case DOMAIN_X500_COMPRESS: @@ -576,9 +644,9 @@ fix_transited_encoding(krb5_context context, return KRB5KDC_ERR_TRTYPE_NOSUPP; } - ret = krb5_domain_x500_decode(context, + ret = krb5_domain_x500_decode(context, tr->contents, - &realms, + &realms, &num_realms, client_realm, server_realm); @@ -589,7 +657,7 @@ fix_transited_encoding(krb5_context context, } if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { /* not us, so add the previous realm to transited set */ - if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) { + if (num_realms + 1 > UINT_MAX/sizeof(*realms)) { ret = ERANGE; goto free_realms; } @@ -607,7 +675,7 @@ fix_transited_encoding(krb5_context context, num_realms++; } if(num_realms == 0) { - if(strcmp(client_realm, server_realm)) + if(strcmp(client_realm, server_realm)) kdc_log(context, config, 0, "cross-realm %s -> %s", client_realm, server_realm); } else { @@ -630,11 +698,11 @@ fix_transited_encoding(krb5_context context, } } if(check_policy) { - ret = krb5_check_transited(context, client_realm, - server_realm, + ret = krb5_check_transited(context, client_realm, + server_realm, realms, num_realms, NULL); if(ret) { - krb5_warn(context, ret, "cross-realm %s -> %s", + krb5_warn(context, ret, "cross-realm %s -> %s", client_realm, server_realm); goto free_realms; } @@ -653,23 +721,27 @@ fix_transited_encoding(krb5_context context, static krb5_error_code -tgs_make_reply(krb5_context context, +tgs_make_reply(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ_BODY *b, + KDC_REQ_BODY *b, krb5_const_principal tgt_name, - const EncTicketPart *tgt, + const EncTicketPart *tgt, + const krb5_keyblock *replykey, + int rk_is_subkey, const EncryptionKey *serverkey, const krb5_keyblock *sessionkey, krb5_kvno kvno, AuthorizationData *auth_data, - hdb_entry_ex *server, - const char *server_name, - hdb_entry_ex *client, - krb5_principal client_principal, + hdb_entry_ex *server, + krb5_principal server_principal, + const char *server_name, + hdb_entry_ex *client, + krb5_principal client_principal, hdb_entry_ex *krbtgt, krb5_enctype krbtgt_etype, - KRB5SignedPathPrincipals *spp, + krb5_principals spp, const krb5_data *rspac, + const METHOD_DATA *enc_pa_data, const char **e_text, krb5_data *reply) { @@ -678,11 +750,12 @@ tgs_make_reply(krb5_context context, EncTicketPart et; KDCOptions f = b->kdc_options; krb5_error_code ret; - + int is_weak = 0; + memset(&rep, 0, sizeof(rep)); memset(&et, 0, sizeof(et)); memset(&ek, 0, sizeof(ek)); - + rep.pvno = 5; rep.msg_type = krb_tgs_rep; @@ -691,7 +764,7 @@ tgs_make_reply(krb5_context context, et.endtime = min(tgt->endtime, *b->till); ALLOC(et.starttime); *et.starttime = kdc_time; - + ret = check_tgs_flags(context, config, b, tgt, &et); if(ret) goto out; @@ -715,23 +788,22 @@ tgs_make_reply(krb5_context context, #define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 #define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 - ret = fix_transited_encoding(context, config, + ret = fix_transited_encoding(context, config, !f.disable_transited_check || GLOBAL_FORCE_TRANSITED_CHECK || PRINCIPAL_FORCE_TRANSITED_CHECK(server) || - !((GLOBAL_ALLOW_PER_PRINCIPAL && + !((GLOBAL_ALLOW_PER_PRINCIPAL && PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), &tgt->transited, &et, - *krb5_princ_realm(context, client_principal), - *krb5_princ_realm(context, server->entry.principal), - *krb5_princ_realm(context, krbtgt->entry.principal)); + krb5_principal_get_realm(context, client_principal), + krb5_principal_get_realm(context, server->entry.principal), + krb5_principal_get_realm(context, krbtgt->entry.principal)); if(ret) goto out; - copy_Realm(krb5_princ_realm(context, server->entry.principal), - &rep.ticket.realm); - _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); + copy_Realm(&server_principal->realm, &rep.ticket.realm); + _krb5_principal2principalname(&rep.ticket.sname, server_principal); copy_Realm(&tgt_name->realm, &rep.crealm); /* if (f.request_anonymous) @@ -754,8 +826,10 @@ tgs_make_reply(krb5_context context, life = min(life, *server->entry.max_life); et.endtime = *et.starttime + life; } - if(f.renewable_ok && tgt->flags.renewable && - et.renew_till == NULL && et.endtime < *b->till){ + if(f.renewable_ok && tgt->flags.renewable && + et.renew_till == NULL && et.endtime < *b->till && + tgt->renew_till != NULL) + { et.flags.renewable = 1; ALLOC(et.renew_till); *et.renew_till = *b->till; @@ -769,13 +843,13 @@ tgs_make_reply(krb5_context context, renew = min(renew, *server->entry.max_renew); *et.renew_till = et.authtime + renew; } - + if(et.renew_till){ *et.renew_till = min(*et.renew_till, *tgt->renew_till); *et.starttime = min(*et.starttime, *et.renew_till); et.endtime = min(et.endtime, *et.renew_till); } - + *et.starttime = min(*et.starttime, et.endtime); if(*et.starttime == et.endtime){ @@ -787,22 +861,43 @@ tgs_make_reply(krb5_context context, et.renew_till = NULL; et.flags.renewable = 0; } - + et.flags.pre_authent = tgt->flags.pre_authent; et.flags.hw_authent = tgt->flags.hw_authent; et.flags.anonymous = tgt->flags.anonymous; et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; - - if (auth_data) { - /* XXX Check enc-authorization-data */ - et.authorization_data = calloc(1, sizeof(*et.authorization_data)); - if (et.authorization_data == NULL) { - ret = ENOMEM; - goto out; - } - ret = copy_AuthorizationData(auth_data, et.authorization_data); + + if(rspac->length) { + /* + * No not need to filter out the any PAC from the + * auth_data since it's signed by the KDC. + */ + ret = _kdc_tkt_add_if_relevant_ad(context, &et, + KRB5_AUTHDATA_WIN2K_PAC, rspac); if (ret) goto out; + } + + if (auth_data) { + unsigned int i = 0; + + /* XXX check authdata */ + + if (et.authorization_data == NULL) { + et.authorization_data = calloc(1, sizeof(*et.authorization_data)); + if (et.authorization_data == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + } + for(i = 0; i < auth_data->len ; i++) { + ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]); + if (ret) { + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + } /* Filter out type KRB5SignedPath */ ret = find_KRB5SignedPath(context, et.authorization_data, NULL); @@ -819,24 +914,12 @@ tgs_make_reply(krb5_context context, } } - if(rspac->length) { - /* - * No not need to filter out the any PAC from the - * auth_data since it's signed by the KDC. - */ - ret = _kdc_tkt_add_if_relevant_ad(context, &et, - KRB5_AUTHDATA_WIN2K_PAC, - rspac); - if (ret) - goto out; - } - ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key); if (ret) goto out; - et.crealm = tgt->crealm; + et.crealm = tgt_name->realm; et.cname = tgt_name->name; - + ek.key = et.key; /* MIT must have at least one last_req */ ek.last_req.len = 1; @@ -853,8 +936,8 @@ tgs_make_reply(krb5_context context, ek.renew_till = et.renew_till; ek.srealm = rep.ticket.realm; ek.sname = rep.ticket.sname; - - _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, + + _kdc_log_timestamp(context, config, "TGS-REQ", et.authtime, et.starttime, et.endtime, et.renew_till); /* Don't sign cross realm tickets, they can't be checked anyway */ @@ -866,6 +949,7 @@ tgs_make_reply(krb5_context context, config, krbtgt, krbtgt_etype, + client_principal, NULL, spp, &et); @@ -874,6 +958,25 @@ tgs_make_reply(krb5_context context, } } + if (enc_pa_data->len) { + rep.padata = calloc(1, sizeof(*rep.padata)); + if (rep.padata == NULL) { + ret = ENOMEM; + goto out; + } + ret = copy_METHOD_DATA(enc_pa_data, rep.padata); + if (ret) + goto out; + } + + if (krb5_enctype_valid(context, et.key.keytype) != 0 + && _kdc_is_weak_exception(server->entry.principal, et.key.keytype)) + { + krb5_enctype_enable(context, et.key.keytype); + is_weak = 1; + } + + /* It is somewhat unclear where the etype in the following encryption should come from. What we have is a session key in the passed tgt, and a list of preferred etypes @@ -884,10 +987,14 @@ tgs_make_reply(krb5_context context, CAST session key. Should the DES3 etype be added to the etype list, even if we don't want a session key with DES3? */ - ret = _kdc_encode_reply(context, config, + ret = _kdc_encode_reply(context, config, &rep, &et, &ek, et.key.keytype, - kvno, - serverkey, 0, &tgt->key, e_text, reply); + kvno, + serverkey, 0, replykey, rk_is_subkey, + e_text, reply); + if (is_weak) + krb5_enctype_disable(context, et.key.keytype); + out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); @@ -906,20 +1013,20 @@ out: } static krb5_error_code -tgs_check_authenticator(krb5_context context, +tgs_check_authenticator(krb5_context context, krb5_kdc_configuration *config, krb5_auth_context ac, - KDC_REQ_BODY *b, + KDC_REQ_BODY *b, const char **e_text, krb5_keyblock *key) { krb5_authenticator auth; - size_t len; + size_t len = 0; unsigned char *buf; size_t buf_size; krb5_error_code ret; krb5_crypto crypto; - + krb5_auth_con_getauthenticator(context, ac, &auth); if(auth->cksum == NULL){ kdc_log(context, config, 0, "No authenticator in request"); @@ -936,17 +1043,18 @@ tgs_check_authenticator(krb5_context context, || #endif !krb5_checksum_is_collision_proof(context, auth->cksum->cksumtype)) { - kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", + kdc_log(context, config, 0, "Bad checksum type in authenticator: %d", auth->cksum->cksumtype); ret = KRB5KRB_AP_ERR_INAPP_CKSUM; goto out; } - + /* XXX should not re-encode this */ ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret); if(ret){ - kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to encode KDC-REQ-BODY: %s", msg); + krb5_free_error_message(context, msg); goto out; } if(buf_size != len) { @@ -958,23 +1066,25 @@ tgs_check_authenticator(krb5_context context, } ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { + const char *msg = krb5_get_error_message(context, ret); free(buf); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); + krb5_free_error_message(context, msg); goto out; } ret = krb5_verify_checksum(context, crypto, KRB5_KU_TGS_REQ_AUTH_CKSUM, - buf, + buf, len, auth->cksum); free(buf); krb5_crypto_destroy(context, crypto); if(ret){ + const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, - "Failed to verify authenticator checksum: %s", - krb5_get_err_text(context, ret)); + "Failed to verify authenticator checksum: %s", msg); + krb5_free_error_message(context, msg); } out: free_Authenticator(auth); @@ -991,27 +1101,38 @@ find_rpath(krb5_context context, Realm crealm, Realm srealm) { const char *new_realm = krb5_config_get_string(context, NULL, - "capaths", + "capaths", crealm, srealm, NULL); return new_realm; } - + static krb5_boolean -need_referral(krb5_context context, krb5_principal server, krb5_realm **realms) +need_referral(krb5_context context, krb5_kdc_configuration *config, + const KDCOptions * const options, krb5_principal server, + krb5_realm **realms) { - if(server->name.name_type != KRB5_NT_SRV_INST || - server->name.name_string.len != 2) + const char *name; + + if(!options->canonicalize && server->name.name_type != KRB5_NT_SRV_INST) return FALSE; - - return _krb5_get_host_realm_int(context, server->name.name_string.val[1], - FALSE, realms) == 0; + + if (server->name.name_string.len == 1) + name = server->name.name_string.val[0]; + else if (server->name.name_string.len > 1) + name = server->name.name_string.val[1]; + else + return FALSE; + + kdc_log(context, config, 0, "Searching referral for %s", name); + + return _krb5_get_host_realm_int(context, name, FALSE, realms) == 0; } static krb5_error_code -tgs_parse_request(krb5_context context, +tgs_parse_request(krb5_context context, krb5_kdc_configuration *config, KDC_REQ_BODY *b, const PA_DATA *tgs_req, @@ -1023,8 +1144,11 @@ tgs_parse_request(krb5_context context, const struct sockaddr *from_addr, time_t **csec, int **cusec, - AuthorizationData **auth_data) + AuthorizationData **auth_data, + krb5_keyblock **replykey, + int *rk_is_subkey) { + static char failed[] = ""; krb5_ap_req ap_req; krb5_error_code ret; krb5_principal princ; @@ -1033,16 +1157,20 @@ tgs_parse_request(krb5_context context, krb5_flags verify_ap_req_flags; krb5_crypto crypto; Key *tkey; + krb5_keyblock *subkey = NULL; + unsigned usage; *auth_data = NULL; *csec = NULL; *cusec = NULL; + *replykey = NULL; memset(&ap_req, 0, sizeof(ap_req)); ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req); if(ret){ - kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to decode AP-REQ: %s", msg); + krb5_free_error_message(context, msg); goto out; } @@ -1052,39 +1180,51 @@ tgs_parse_request(krb5_context context, ret = KRB5KDC_ERR_POLICY; /* ? */ goto out; } - + _krb5_principalname2krb5_principal(context, &princ, ap_req.ticket.sname, ap_req.ticket.realm); - - ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, NULL, krbtgt); - if(ret) { + ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, ap_req.ticket.enc_part.kvno, NULL, krbtgt); + + if(ret == HDB_ERR_NOT_FOUND_HERE) { char *p; ret = krb5_unparse_name(context, princ, &p); if (ret != 0) - p = ""; + p = failed; + krb5_free_principal(context, princ); + kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p); + if (ret == 0) + free(p); + ret = HDB_ERR_NOT_FOUND_HERE; + goto out; + } else if(ret){ + const char *msg = krb5_get_error_message(context, ret); + char *p; + ret = krb5_unparse_name(context, princ, &p); + if (ret != 0) + p = failed; krb5_free_principal(context, princ); kdc_log(context, config, 0, - "Ticket-granting ticket not found in database: %s: %s", - p, krb5_get_err_text(context, ret)); + "Ticket-granting ticket not found in database: %s", msg); + krb5_free_error_message(context, msg); if (ret == 0) free(p); ret = KRB5KRB_AP_ERR_NOT_US; goto out; } - - if(ap_req.ticket.enc_part.kvno && + + if(ap_req.ticket.enc_part.kvno && *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ char *p; ret = krb5_unparse_name (context, princ, &p); krb5_free_principal(context, princ); if (ret != 0) - p = ""; + p = failed; kdc_log(context, config, 0, - "Ticket kvno = %d, DB kvno = %d (%s)", + "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, (*krbtgt)->entry.kvno, p); @@ -1096,7 +1236,7 @@ tgs_parse_request(krb5_context context, *krbtgt_etype = ap_req.ticket.enc_part.etype; - ret = hdb_enctype2key(context, &(*krbtgt)->entry, + ret = hdb_enctype2key(context, &(*krbtgt)->entry, ap_req.ticket.enc_part.etype, &tkey); if(ret){ char *str = NULL, *p = NULL; @@ -1112,7 +1252,7 @@ tgs_parse_request(krb5_context context, ret = KRB5KRB_AP_ERR_BADKEYVER; goto out; } - + if (b->kdc_options.validate) verify_ap_req_flags = KRB5_VERIFY_AP_REQ_IGNORE_INVALID; else @@ -1127,11 +1267,12 @@ tgs_parse_request(krb5_context context, &ap_req_options, ticket, KRB5_KU_TGS_REQ_AUTH); - + krb5_free_principal(context, princ); if(ret) { - kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to verify AP-REQ: %s", msg); + krb5_free_error_message(context, msg); goto out; } @@ -1158,49 +1299,56 @@ tgs_parse_request(krb5_context context, } } - ret = tgs_check_authenticator(context, config, + ret = tgs_check_authenticator(context, config, ac, b, e_text, &(*ticket)->ticket.key); if (ret) { krb5_auth_con_free(context, ac); goto out; } + usage = KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY; + *rk_is_subkey = 1; + + ret = krb5_auth_con_getremotesubkey(context, ac, &subkey); + if(ret){ + const char *msg = krb5_get_error_message(context, ret); + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to get remote subkey: %s", msg); + krb5_free_error_message(context, msg); + goto out; + } + if(subkey == NULL){ + usage = KRB5_KU_TGS_REQ_AUTH_DAT_SESSION; + *rk_is_subkey = 0; + + ret = krb5_auth_con_getkey(context, ac, &subkey); + if(ret) { + const char *msg = krb5_get_error_message(context, ret); + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, "Failed to get session key: %s", msg); + krb5_free_error_message(context, msg); + goto out; + } + } + if(subkey == NULL){ + krb5_auth_con_free(context, ac); + kdc_log(context, config, 0, + "Failed to get key for enc-authorization-data"); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ + goto out; + } + + *replykey = subkey; + if (b->enc_authorization_data) { - unsigned usage = KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY; - krb5_keyblock *subkey; krb5_data ad; - ret = krb5_auth_con_getremotesubkey(context, - ac, - &subkey); - if(ret){ - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to get remote subkey: %s", - krb5_get_err_text(context, ret)); - goto out; - } - if(subkey == NULL){ - usage = KRB5_KU_TGS_REQ_AUTH_DAT_SESSION; - ret = krb5_auth_con_getkey(context, ac, &subkey); - if(ret) { - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "Failed to get session key: %s", - krb5_get_err_text(context, ret)); - goto out; - } - } - if(subkey == NULL){ - krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, - "Failed to get key for enc-authorization-data"); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ - goto out; - } ret = krb5_crypto_init(context, subkey, 0, &crypto); if (ret) { + const char *msg = krb5_get_error_message(context, ret); krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); + krb5_free_error_message(context, msg); goto out; } ret = krb5_decrypt_EncryptedData (context, @@ -1211,12 +1359,11 @@ tgs_parse_request(krb5_context context, krb5_crypto_destroy(context, crypto); if(ret){ krb5_auth_con_free(context, ac); - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed to decrypt enc-authorization-data"); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ goto out; } - krb5_free_keyblock(context, subkey); ALLOC(*auth_data); if (*auth_data == NULL) { krb5_auth_con_free(context, ac); @@ -1235,62 +1382,154 @@ tgs_parse_request(krb5_context context, } krb5_auth_con_free(context, ac); - + out: free_AP_REQ(&ap_req); - + return ret; } static krb5_error_code -tgs_build_reply(krb5_context context, +build_server_referral(krb5_context context, + krb5_kdc_configuration *config, + krb5_crypto session, + krb5_const_realm referred_realm, + const PrincipalName *true_principal_name, + const PrincipalName *requested_principal, + krb5_data *outdata) +{ + PA_ServerReferralData ref; + krb5_error_code ret; + EncryptedData ed; + krb5_data data; + size_t size = 0; + + memset(&ref, 0, sizeof(ref)); + + if (referred_realm) { + ALLOC(ref.referred_realm); + if (ref.referred_realm == NULL) + goto eout; + *ref.referred_realm = strdup(referred_realm); + if (*ref.referred_realm == NULL) + goto eout; + } + if (true_principal_name) { + ALLOC(ref.true_principal_name); + if (ref.true_principal_name == NULL) + goto eout; + ret = copy_PrincipalName(true_principal_name, ref.true_principal_name); + if (ret) + goto eout; + } + if (requested_principal) { + ALLOC(ref.requested_principal_name); + if (ref.requested_principal_name == NULL) + goto eout; + ret = copy_PrincipalName(requested_principal, + ref.requested_principal_name); + if (ret) + goto eout; + } + + ASN1_MALLOC_ENCODE(PA_ServerReferralData, + data.data, data.length, + &ref, &size, ret); + free_PA_ServerReferralData(&ref); + if (ret) + return ret; + if (data.length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + ret = krb5_encrypt_EncryptedData(context, session, + KRB5_KU_PA_SERVER_REFERRAL, + data.data, data.length, + 0 /* kvno */, &ed); + free(data.data); + if (ret) + return ret; + + ASN1_MALLOC_ENCODE(EncryptedData, + outdata->data, outdata->length, + &ed, &size, ret); + free_EncryptedData(&ed); + if (ret) + return ret; + if (outdata->length != size) + krb5_abortx(context, "internal asn.1 encoder error"); + + return 0; +eout: + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; +} + +static krb5_error_code +tgs_build_reply(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ *req, + KDC_REQ *req, KDC_REQ_BODY *b, hdb_entry_ex *krbtgt, krb5_enctype krbtgt_etype, + const krb5_keyblock *replykey, + int rk_is_subkey, krb5_ticket *ticket, krb5_data *reply, const char *from, const char **e_text, - AuthorizationData *auth_data, - const struct sockaddr *from_addr, - int datagram_reply) + AuthorizationData **auth_data, + const struct sockaddr *from_addr) { krb5_error_code ret; - krb5_principal cp = NULL, sp = NULL; - krb5_principal client_principal = NULL; - char *spn = NULL, *cpn = NULL; - hdb_entry_ex *server = NULL, *client = NULL; + krb5_principal cp = NULL, sp = NULL, rsp = NULL, tp = NULL, dp = NULL; + krb5_principal krbtgt_principal = NULL; + char *spn = NULL, *cpn = NULL, *tpn = NULL, *dpn = NULL; + hdb_entry_ex *server = NULL, *client = NULL, *s4u2self_impersonated_client = NULL; + HDB *clientdb, *s4u2self_impersonated_clientdb; + krb5_realm ref_realm = NULL; EncTicketPart *tgt = &ticket->ticket; - KRB5SignedPathPrincipals *spp = NULL; + krb5_principals spp = NULL; const EncryptionKey *ekey; krb5_keyblock sessionkey; krb5_kvno kvno; krb5_data rspac; - int cross_realm = 0; + + hdb_entry_ex *krbtgt_out = NULL; + + METHOD_DATA enc_pa_data; PrincipalName *s; Realm r; int nloop = 0; EncTicketPart adtkt; char opt_str[128]; - int require_signedpath = 0; + int signedpath = 0; + + Key *tkey_check; + Key *tkey_sign; + int flags = HDB_F_FOR_TGS_REQ; memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); krb5_data_zero(&rspac); + memset(&enc_pa_data, 0, sizeof(enc_pa_data)); s = b->sname; r = b->realm; + /* + * Always to do CANON, see comment below about returned server principal (rsp). + */ + flags |= HDB_F_CANON; + if(b->kdc_options.enc_tkt_in_skey){ Ticket *t; hdb_entry_ex *uu; krb5_principal p; Key *uukey; - - if(b->additional_tickets == NULL || + + if(b->additional_tickets == NULL || b->additional_tickets->len == 0){ ret = KRB5KDC_ERR_BADOPTION; /* ? */ kdc_log(context, config, 0, @@ -1305,8 +1544,8 @@ tgs_build_reply(krb5_context context, goto out; } _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); - ret = _kdc_db_fetch(context, config, p, - HDB_F_GET_CLIENT|HDB_F_GET_SERVER, + ret = _kdc_db_fetch(context, config, p, + HDB_F_GET_KRBTGT, t->enc_part.kvno, NULL, &uu); krb5_free_principal(context, p); if(ret){ @@ -1314,7 +1553,7 @@ tgs_build_reply(krb5_context context, ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } - ret = hdb_enctype2key(context, &uu->entry, + ret = hdb_enctype2key(context, &uu->entry, t->enc_part.etype, &uukey); if(ret){ _kdc_free_ent(context, uu); @@ -1335,7 +1574,7 @@ tgs_build_reply(krb5_context context, } _krb5_principalname2krb5_principal(context, &sp, *s, r); - ret = krb5_unparse_name(context, sp, &spn); + ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm); @@ -1347,7 +1586,7 @@ tgs_build_reply(krb5_context context, opt_str, sizeof(opt_str)); if(*opt_str) kdc_log(context, config, 0, - "TGS-REQ %s from %s for %s [%s]", + "TGS-REQ %s from %s for %s [%s]", cpn, from, spn, opt_str); else kdc_log(context, config, 0, @@ -1358,10 +1597,14 @@ tgs_build_reply(krb5_context context, */ server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER, NULL, &server); + ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | flags, + NULL, NULL, &server); - if(ret){ - const char *new_rlm; + if(ret == HDB_ERR_NOT_FOUND_HERE) { + kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", sp); + goto out; + } else if(ret){ + const char *new_rlm, *msg; Realm req_rlm; krb5_realm *realms; @@ -1370,20 +1613,23 @@ server_lookup: new_rlm = find_rpath(context, tgt->crealm, req_rlm); if(new_rlm) { kdc_log(context, config, 5, "krbtgt for realm %s " - "not found, trying %s", + "not found, trying %s", req_rlm, new_rlm); krb5_free_principal(context, sp); free(spn); - krb5_make_principal(context, &sp, r, + krb5_make_principal(context, &sp, r, KRB5_TGS_NAME, new_rlm, NULL); - ret = krb5_unparse_name(context, sp, &spn); + ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; - auth_data = NULL; /* ms don't handle AD in referals */ + + if (ref_realm) + free(ref_realm); + ref_realm = strdup(new_rlm); goto server_lookup; } } - } else if(need_referral(context, sp, &realms)) { + } else if(need_referral(context, config, &b->kdc_options, sp, &realms)) { if (strcmp(realms[0], sp->realm) != 0) { kdc_log(context, config, 5, "Returning a referral to realm %s for " @@ -1396,23 +1642,167 @@ server_lookup: ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; + + if (ref_realm) + free(ref_realm); + ref_realm = strdup(realms[0]); + krb5_free_host_realm(context, realms); - auth_data = NULL; /* ms don't handle AD in referals */ goto server_lookup; } krb5_free_host_realm(context, realms); } + msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, - "Server not found in database: %s: %s", spn, - krb5_get_err_text(context, ret)); + "Server not found in database: %s: %s", spn, msg); + krb5_free_error_message(context, msg); if (ret == HDB_ERR_NOENTRY) ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } - ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT, NULL, &client); + /* the name returned to the client depend on what was asked for, + * return canonical name if kdc_options.canonicalize was set, the + * client wants the true name of the principal, if not it just + * wants the name its asked for. + */ + + if (b->kdc_options.canonicalize) + rsp = server->entry.principal; + else + rsp = sp; + + + /* + * Select enctype, return key and kvno. + */ + + { + krb5_enctype etype; + + if(b->kdc_options.enc_tkt_in_skey) { + size_t i; + ekey = &adtkt.key; + for(i = 0; i < b->etype.len; i++) + if (b->etype.val[i] == adtkt.key.keytype) + break; + if(i == b->etype.len) { + kdc_log(context, config, 0, + "Addition ticket have not matching etypes"); + krb5_clear_error_message(context); + ret = KRB5KDC_ERR_ETYPE_NOSUPP; + goto out; + } + etype = b->etype.val[i]; + kvno = 0; + } else { + Key *skey; + + ret = _kdc_find_etype(context, + config->tgs_use_strongest_session_key, FALSE, + server, b->etype.val, b->etype.len, NULL, + &skey); + if(ret) { + kdc_log(context, config, 0, + "Server (%s) has no support for etypes", spn); + goto out; + } + ekey = &skey->key; + etype = skey->key.keytype; + kvno = server->entry.kvno; + } + + ret = krb5_generate_random_keyblock(context, etype, &sessionkey); + if (ret) + goto out; + } + + /* + * Check that service is in the same realm as the krbtgt. If it's + * not the same, it's someone that is using a uni-directional trust + * backward. + */ + + /* + * Validate authoriation data + */ + + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey_check); if(ret) { - const char *krbtgt_realm; + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; + } + + /* Now refetch the primary krbtgt, and get the current kvno (the + * sign check may have been on an old kvno, and the server may + * have been an incoming trust) */ + ret = krb5_make_principal(context, &krbtgt_principal, + krb5_principal_get_comp_string(context, + krbtgt->entry.principal, + 1), + KRB5_TGS_NAME, + krb5_principal_get_comp_string(context, + krbtgt->entry.principal, + 1), NULL); + if(ret) { + kdc_log(context, config, 0, + "Failed to generate krbtgt principal"); + goto out; + } + + ret = _kdc_db_fetch(context, config, krbtgt_principal, HDB_F_GET_KRBTGT, NULL, NULL, &krbtgt_out); + krb5_free_principal(context, krbtgt_principal); + if (ret) { + krb5_error_code ret2; + char *ktpn, *ktpn2; + ret = krb5_unparse_name(context, krbtgt->entry.principal, &ktpn); + ret2 = krb5_unparse_name(context, krbtgt_principal, &ktpn2); + kdc_log(context, config, 0, + "Request with wrong krbtgt: %s, %s not found in our database", + (ret == 0) ? ktpn : "", (ret2 == 0) ? ktpn2 : ""); + if(ret == 0) + free(ktpn); + if(ret2 == 0) + free(ktpn2); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out; + } + + /* The first realm is the realm of the service, the second is + * krbtgt//@REALM component of the krbtgt DN the request was + * encrypted to. The redirection via the krbtgt_out entry allows + * the DB to possibly correct the case of the realm (Samba4 does + * this) before the strcmp() */ + if (strcmp(krb5_principal_get_realm(context, server->entry.principal), + krb5_principal_get_realm(context, krbtgt_out->entry.principal)) != 0) { + char *ktpn; + ret = krb5_unparse_name(context, krbtgt_out->entry.principal, &ktpn); + kdc_log(context, config, 0, + "Request with wrong krbtgt: %s", + (ret == 0) ? ktpn : ""); + if(ret == 0) + free(ktpn); + ret = KRB5KRB_AP_ERR_NOT_US; + } + + ret = hdb_enctype2key(context, &krbtgt_out->entry, + krbtgt_etype, &tkey_sign); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC signature"); + goto out; + } + + ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | flags, + NULL, &clientdb, &client); + if(ret == HDB_ERR_NOT_FOUND_HERE) { + /* This is OK, we are just trying to find out if they have + * been disabled or deleted in the meantime, missing secrets + * is OK */ + } else if(ret){ + const char *krbtgt_realm, *msg; /* * If the client belongs to the same realm as our krbtgt, it @@ -1420,9 +1810,7 @@ server_lookup: * */ - krbtgt_realm = - krb5_principal_get_comp_string(context, - krbtgt->entry.principal, 1); + krbtgt_realm = krb5_principal_get_realm(context, krbtgt_out->entry.principal); if(strcmp(krb5_principal_get_realm(context, cp), krbtgt_realm) == 0) { if (ret == HDB_ERR_NOENTRY) @@ -1431,53 +1819,63 @@ server_lookup: cpn); goto out; } - - kdc_log(context, config, 1, "Client not found in database: %s: %s", - cpn, krb5_get_err_text(context, ret)); - cross_realm = 1; + msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 1, "Client not found in database: %s", msg); + krb5_free_error_message(context, msg); } - - /* - * Check that service is in the same realm as the krbtgt. If it's - * not the same, it's someone that is using a uni-directional trust - * backward. - */ - - if (strcmp(krb5_principal_get_realm(context, sp), - krb5_principal_get_comp_string(context, - krbtgt->entry.principal, - 1)) != 0) { - char *tpn; - ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); + + ret = check_PAC(context, config, cp, NULL, + client, server, krbtgt, + &tkey_check->key, &tkey_check->key, + ekey, &tkey_sign->key, + tgt, &rspac, &signedpath); + if (ret) { + const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, - "Request with wrong krbtgt: %s", - (ret == 0) ? tpn : ""); - if(ret == 0) - free(tpn); - ret = KRB5KRB_AP_ERR_NOT_US; + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, msg); + krb5_free_error_message(context, msg); + goto out; + } + + /* also check the krbtgt for signature */ + ret = check_KRB5SignedPath(context, + config, + krbtgt, + cp, + tgt, + &spp, + &signedpath); + if (ret) { + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, + "KRB5SignedPath check failed for %s (%s) from %s with %s", + spn, cpn, from, msg); + krb5_free_error_message(context, msg); goto out; } /* - * + * Process request */ - client_principal = cp; + /* by default the tgt principal matches the client principal */ + tp = cp; + tpn = cpn; if (client) { const PA_DATA *sdata; int i = 0; - sdata = _kdc_find_padata(req, &i, KRB5_PADATA_S4U2SELF); + sdata = _kdc_find_padata(req, &i, KRB5_PADATA_FOR_USER); if (sdata) { krb5_crypto crypto; krb5_data datack; PA_S4U2Self self; - char *selfcpn = NULL; const char *str; - ret = decode_PA_S4U2Self(sdata->padata_value.data, + ret = decode_PA_S4U2Self(sdata->padata_value.data, sdata->padata_value.length, &self, NULL); if (ret) { @@ -1491,52 +1889,97 @@ server_lookup: ret = krb5_crypto_init(context, &tgt->key, 0, &crypto); if (ret) { + const char *msg = krb5_get_error_message(context, ret); free_PA_S4U2Self(&self); krb5_data_free(&datack); - kdc_log(context, config, 0, "krb5_crypto_init failed: %s", - krb5_get_err_text(context, ret)); + kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); + krb5_free_error_message(context, msg); goto out; } ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, - datack.data, - datack.length, + datack.data, + datack.length, &self.cksum); krb5_data_free(&datack); krb5_crypto_destroy(context, crypto); if (ret) { + const char *msg = krb5_get_error_message(context, ret); free_PA_S4U2Self(&self); - kdc_log(context, config, 0, - "krb5_verify_checksum failed for S4U2Self: %s", - krb5_get_err_text(context, ret)); + kdc_log(context, config, 0, + "krb5_verify_checksum failed for S4U2Self: %s", msg); + krb5_free_error_message(context, msg); goto out; } ret = _krb5_principalname2krb5_principal(context, - &client_principal, + &tp, self.name, self.realm); free_PA_S4U2Self(&self); if (ret) goto out; - ret = krb5_unparse_name(context, client_principal, &selfcpn); + ret = krb5_unparse_name(context, tp, &tpn); if (ret) goto out; + /* If we were about to put a PAC into the ticket, we better fix it to be the right PAC */ + if(rspac.data) { + krb5_pac p = NULL; + krb5_data_free(&rspac); + ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags, + NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client); + if (ret) { + const char *msg; + + /* + * If the client belongs to the same realm as our krbtgt, it + * should exist in the local database. + * + */ + + if (ret == HDB_ERR_NOENTRY) + ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 1, + "S2U4Self principal to impersonate %s not found in database: %s", + tpn, msg); + krb5_free_error_message(context, msg); + goto out; + } + ret = _kdc_pac_generate(context, s4u2self_impersonated_client, &p); + if (ret) { + kdc_log(context, config, 0, "PAC generation failed for -- %s", + tpn); + goto out; + } + if (p != NULL) { + ret = _krb5_pac_sign(context, p, ticket->ticket.authtime, + s4u2self_impersonated_client->entry.principal, + ekey, &tkey_sign->key, + &rspac); + krb5_pac_free(context, p); + if (ret) { + kdc_log(context, config, 0, "PAC signing failed for -- %s", + tpn); + goto out; + } + } + } + /* * Check that service doing the impersonating is * requesting a ticket to it-self. */ - if (krb5_principal_compare(context, cp, sp) != TRUE) { + ret = check_s4u2self(context, config, clientdb, client, sp); + if (ret) { kdc_log(context, config, 0, "S4U2Self: %s is not allowed " - "to impersonate some other user " + "to impersonate to service " "(tried for user %s to service %s)", - cpn, selfcpn, spn); - free(selfcpn); - ret = KRB5KDC_ERR_BADOPTION; /* ? */ + cpn, tpn, spn); goto out; } @@ -1552,8 +1995,7 @@ server_lookup: str = ""; } kdc_log(context, config, 0, "s4u2self %s impersonating %s to " - "service %s %s", cpn, selfcpn, spn, str); - free(selfcpn); + "service %s %s", cpn, tpn, spn, str); } } @@ -1566,13 +2008,25 @@ server_lookup: && b->additional_tickets->len != 0 && b->kdc_options.enc_tkt_in_skey == 0) { + int ad_signedpath = 0; Key *clientkey; Ticket *t; - char *str; + + /* + * Require that the KDC have issued the service's krbtgt (not + * self-issued ticket with kimpersonate(1). + */ + if (!signedpath) { + ret = KRB5KDC_ERR_BADOPTION; + kdc_log(context, config, 0, + "Constrained delegation done on service ticket %s/%s", + cpn, spn); + goto out; + } t = &b->additional_tickets->val[0]; - ret = hdb_enctype2key(context, &client->entry, + ret = hdb_enctype2key(context, &client->entry, t->enc_part.etype, &clientkey); if(ret){ ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ @@ -1583,90 +2037,127 @@ server_lookup: if (ret) { kdc_log(context, config, 0, "failed to decrypt ticket for " - "constrained delegation from %s to %s ", spn, cpn); - goto out; - } - - /* check that ticket is valid */ - - if (adtkt.flags.forwardable == 0) { - kdc_log(context, config, 0, - "Missing forwardable flag on ticket for " - "constrained delegation from %s to %s ", spn, cpn); - ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ - goto out; - } - - ret = check_constrained_delegation(context, config, client, sp); - if (ret) { - kdc_log(context, config, 0, - "constrained delegation from %s to %s not allowed", - spn, cpn); + "constrained delegation from %s to %s ", cpn, spn); goto out; } ret = _krb5_principalname2krb5_principal(context, - &client_principal, + &tp, adtkt.cname, adtkt.crealm); if (ret) goto out; - ret = krb5_unparse_name(context, client_principal, &str); + ret = krb5_unparse_name(context, tp, &tpn); if (ret) goto out; - ret = verify_flags(context, config, &adtkt, str); + ret = _krb5_principalname2krb5_principal(context, + &dp, + t->sname, + t->realm); + if (ret) + goto out; + + ret = krb5_unparse_name(context, dp, &dpn); + if (ret) + goto out; + + /* check that ticket is valid */ + if (adtkt.flags.forwardable == 0) { + kdc_log(context, config, 0, + "Missing forwardable flag on ticket for " + "constrained delegation from %s (%s) as %s to %s ", + cpn, dpn, tpn, spn); + ret = KRB5KDC_ERR_BADOPTION; + goto out; + } + + ret = check_constrained_delegation(context, config, clientdb, + client, server, sp); if (ret) { - free(str); + kdc_log(context, config, 0, + "constrained delegation from %s (%s) as %s to %s not allowed", + cpn, dpn, tpn, spn); + goto out; + } + + ret = verify_flags(context, config, &adtkt, tpn); + if (ret) { + goto out; + } + + krb5_data_free(&rspac); + + /* + * generate the PAC for the user. + * + * TODO: pass in t->sname and t->realm and build + * a S4U_DELEGATION_INFO blob to the PAC. + */ + ret = check_PAC(context, config, tp, dp, + client, server, krbtgt, + &clientkey->key, &tkey_check->key, + ekey, &tkey_sign->key, + &adtkt, &rspac, &ad_signedpath); + if (ret) { + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, + "Verify delegated PAC failed to %s for client" + "%s (%s) as %s from %s with %s", + spn, cpn, dpn, tpn, from, msg); + krb5_free_error_message(context, msg); goto out; } /* - * Check KRB5SignedPath in authorization data and add new entry to - * make sure servers can't fake a ticket to us. + * Check that the KDC issued the user's ticket. */ - ret = check_KRB5SignedPath(context, config, krbtgt, + cp, &adtkt, - &spp, - 1); + NULL, + &ad_signedpath); if (ret) { + const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, "KRB5SignedPath check from service %s failed " - "for delegation to %s for client %s " + "for delegation to %s for client %s (%s)" "from %s failed with %s", - spn, str, cpn, from, krb5_get_err_text(context, ret)); - free(str); + spn, tpn, dpn, cpn, from, msg); + krb5_free_error_message(context, msg); + goto out; + } + + if (!ad_signedpath) { + ret = KRB5KDC_ERR_BADOPTION; + kdc_log(context, config, 0, + "Ticket not signed with PAC nor SignedPath service %s failed " + "for delegation to %s for client %s (%s)" + "from %s", + spn, tpn, dpn, cpn, from); goto out; } kdc_log(context, config, 0, "constrained delegation for %s " - "from %s to %s", str, cpn, spn); - free(str); - - /* - * Also require that the KDC have issue the service's krbtgt - * used to do the request. - */ - require_signedpath = 1; + "from %s (%s) to %s", tpn, cpn, dpn, spn); } /* * Check flags */ - ret = _kdc_check_flags(context, config, - client, cpn, - server, spn, - FALSE); + ret = kdc_check_flags(context, config, + client, cpn, + server, spn, + FALSE); if(ret) goto out; - if((b->kdc_options.validate || b->kdc_options.renew) && - !krb5_principal_compare(context, + if((b->kdc_options.validate || b->kdc_options.renew) && + !krb5_principal_compare(context, krbtgt->entry.principal, server->entry.principal)){ kdc_log(context, config, 0, "Inconsistent request."); @@ -1680,80 +2171,39 @@ server_lookup: kdc_log(context, config, 0, "Request from wrong address"); goto out; } - + /* - * Select enctype, return key and kvno. + * If this is an referral, add server referral data to the + * auth_data reply . */ + if (ref_realm) { + PA_DATA pa; + krb5_crypto crypto; - { - krb5_enctype etype; + kdc_log(context, config, 0, + "Adding server referral to %s", ref_realm); - if(b->kdc_options.enc_tkt_in_skey) { - int i; - ekey = &adtkt.key; - for(i = 0; i < b->etype.len; i++) - if (b->etype.val[i] == adtkt.key.keytype) - break; - if(i == b->etype.len) { - krb5_clear_error_string(context); - return KRB5KDC_ERR_ETYPE_NOSUPP; - } - etype = b->etype.val[i]; - kvno = 0; - } else { - Key *skey; - - ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, - &skey, &etype); - if(ret) { - kdc_log(context, config, 0, - "Server (%s) has no support for etypes", spp); - return ret; - } - ekey = &skey->key; - kvno = server->entry.kvno; - } - - ret = krb5_generate_random_keyblock(context, etype, &sessionkey); + ret = krb5_crypto_init(context, &sessionkey, 0, &crypto); if (ret) goto out; - } - /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; - - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, - "Failed to find key for krbtgt PAC check"); - goto out; - } - - ret = check_PAC(context, config, client_principal, - client, server, ekey, &tkey->key, - tgt, &rspac, &require_signedpath); + ret = build_server_referral(context, config, crypto, ref_realm, + NULL, s, &pa.padata_value); + krb5_crypto_destroy(context, crypto); if (ret) { kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); + "Failed building server referral"); goto out; } - } + pa.padata_type = KRB5_PADATA_SERVER_REFERRAL; - /* also check the krbtgt for signature */ - ret = check_KRB5SignedPath(context, - config, - krbtgt, - tgt, - &spp, - require_signedpath); - if (ret) { - kdc_log(context, config, 0, - "KRB5SignedPath check failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; + ret = add_METHOD_DATA(&enc_pa_data, &pa); + krb5_data_free(&pa.padata_value); + if (ret) { + kdc_log(context, config, 0, + "Add server referral METHOD-DATA failed"); + goto out; + } } /* @@ -1761,42 +2211,59 @@ server_lookup: */ ret = tgs_make_reply(context, - config, - b, - client_principal, - tgt, + config, + b, + tp, + tgt, + replykey, + rk_is_subkey, ekey, &sessionkey, kvno, - auth_data, - server, + *auth_data, + server, + rsp, spn, - client, - cp, - krbtgt, + client, + cp, + krbtgt_out, krbtgt_etype, spp, &rspac, + &enc_pa_data, e_text, reply); - + out: + if (tpn != cpn) + free(tpn); free(spn); free(cpn); - + if (dpn) + free(dpn); + krb5_data_free(&rspac); krb5_free_keyblock_contents(context, &sessionkey); + if(krbtgt_out) + _kdc_free_ent(context, krbtgt_out); if(server) _kdc_free_ent(context, server); if(client) _kdc_free_ent(context, client); + if(s4u2self_impersonated_client) + _kdc_free_ent(context, s4u2self_impersonated_client); - if (client_principal && client_principal != cp) - krb5_free_principal(context, client_principal); + if (tp && tp != cp) + krb5_free_principal(context, tp); if (cp) krb5_free_principal(context, cp); + if (dp) + krb5_free_principal(context, dp); if (sp) krb5_free_principal(context, sp); + if (ref_realm) + free(ref_realm); + free_METHOD_DATA(&enc_pa_data); free_EncTicketPart(&adtkt); @@ -1808,9 +2275,9 @@ out: */ krb5_error_code -_kdc_tgs_rep(krb5_context context, +_kdc_tgs_rep(krb5_context context, krb5_kdc_configuration *config, - KDC_REQ *req, + KDC_REQ *req, krb5_data *data, const char *from, struct sockaddr *from_addr, @@ -1826,6 +2293,8 @@ _kdc_tgs_rep(krb5_context context, const char *e_text = NULL; krb5_enctype krbtgt_etype = ETYPE_NULL; + krb5_keyblock *replykey = NULL; + int rk_is_subkey = 0; time_t *csec = NULL; int *cusec = NULL; @@ -1835,17 +2304,17 @@ _kdc_tgs_rep(krb5_context context, "TGS-REQ from %s without PA-DATA", from); goto out; } - + tgs_req = _kdc_find_padata(req, &i, KRB5_PADATA_TGS_REQ); if(tgs_req == NULL){ ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - - kdc_log(context, config, 0, + + kdc_log(context, config, 0, "TGS-REQ from %s without PA-TGS-REQ", from); goto out; } - ret = tgs_parse_request(context, config, + ret = tgs_parse_request(context, config, &req->req_body, tgs_req, &krbtgt, &krbtgt_etype, @@ -1853,9 +2322,15 @@ _kdc_tgs_rep(krb5_context context, &e_text, from, from_addr, &csec, &cusec, - &auth_data); + &auth_data, + &replykey, + &rk_is_subkey); + if (ret == HDB_ERR_NOT_FOUND_HERE) { + /* kdc_log() is called in tgs_parse_request() */ + goto out; + } if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed parsing TGS-REQ from %s", from); goto out; } @@ -1866,15 +2341,16 @@ _kdc_tgs_rep(krb5_context context, &req->req_body, krbtgt, krbtgt_etype, + replykey, + rk_is_subkey, ticket, data, from, &e_text, - auth_data, - from_addr, - datagram_reply); + &auth_data, + from_addr); if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Failed building TGS-REP to %s", from); goto out; } @@ -1887,7 +2363,9 @@ _kdc_tgs_rep(krb5_context context, } out: - if(ret && data->data == NULL){ + if (replykey) + krb5_free_keyblock(context, replykey); + if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){ krb5_mk_error(context, ret, NULL, @@ -1897,6 +2375,7 @@ out: csec, cusec, data); + ret = 0; } free(csec); free(cusec); @@ -1910,5 +2389,5 @@ out: free(auth_data); } - return 0; + return ret; } diff --git a/crypto/heimdal/kdc/kstash.8 b/crypto/heimdal/kdc/kstash.8 index f30eac693d0..615132b8d01 100644 --- a/crypto/heimdal/kdc/kstash.8 +++ b/crypto/heimdal/kdc/kstash.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.\" $Id: kstash.8 20316 2007-04-11 11:53:20Z lha $ +.\" $Id$ .\" .Dd April 10, 2007 .Dt KSTASH 8 @@ -41,19 +41,19 @@ .Nm .Bk -words .Oo Fl e Ar string \*(Ba Xo -.Fl -enctype= Ns Ar string +.Fl Fl enctype= Ns Ar string .Xc .Oc .Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file +.Fl Fl key-file= Ns Ar file .Xc .Oc -.Op Fl -convert-file -.Op Fl -random-key -.Op Fl -master-key-fd= Ns Ar fd -.Op Fl -random-key -.Op Fl h | Fl -help -.Op Fl -version +.Op Fl Fl convert-file +.Op Fl Fl random-key +.Op Fl Fl master-key-fd= Ns Ar fd +.Op Fl Fl random-key +.Op Fl h | Fl Fl help +.Op Fl Fl version .Ek .Sh DESCRIPTION .Nm @@ -62,28 +62,16 @@ used by the KDC. .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl e Ar string , -.Fl -enctype= Ns Ar string -.Xc +.It Fl e Ar string , Fl Fl enctype= Ns Ar string the encryption type to use, defaults to DES3-CBC-SHA1. -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl Fl key-file= Ns Ar file the name of the master key file. -.It Xo -.Fl -convert-file -.Xc +.It Fl Fl convert-file don't ask for a new master key, just read an old master key file, and write it back in the new keyfile format. -.It Xo -.Fl -random-key -.Xc +.It Fl Fl random-key generate a random master key. -.It Xo -.Fl -master-key-fd= Ns Ar fd -.Xc +.It Fl Fl master-key-fd= Ns Ar fd filedescriptor to read passphrase from, if not specified the passphrase will be read from the terminal. .El diff --git a/crypto/heimdal/kdc/kstash.c b/crypto/heimdal/kdc/kstash.c index 9e499a1093a..0b75fb8d84a 100644 --- a/crypto/heimdal/kdc/kstash.c +++ b/crypto/heimdal/kdc/kstash.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "headers.h" -RCSID("$Id: kstash.c 22244 2007-12-08 23:47:42Z lha $"); - krb5_context context; static char *keyfile; @@ -48,15 +46,17 @@ static int random_key_flag; static const char *enctype_str = "des3-cbc-sha1"; static struct getargs args[] = { - { "enctype", 'e', arg_string, &enctype_str, "encryption type" }, + { "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type", + NULL }, { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, - { "convert-file", 0, arg_flag, &convert_flag, - "just convert keyfile to new format" }, - { "master-key-fd", 0, arg_integer, &master_key_fd, + { "convert-file", 0, arg_flag, &convert_flag, + "just convert keyfile to new format", NULL }, + { "master-key-fd", 0, arg_integer, &master_key_fd, "filedescriptor to read passphrase from", "fd" }, - { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "random-key", 0, arg_flag, &random_key_flag, + "generate a random master key", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -66,11 +66,11 @@ main(int argc, char **argv) { char buf[1024]; krb5_error_code ret; - + krb5_enctype enctype; hdb_master_key mkey; - + krb5_program_setup(&context, argc, argv, args, num_args, NULL); if(help_flag) @@ -118,7 +118,7 @@ main(int argc, char **argv) krb5_err(context, 1, errno, "failed to read passphrase"); buf[n] = '\0'; buf[strcspn(buf, "\r\n")] = '\0'; - + } else { if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) exit(1); @@ -126,11 +126,11 @@ main(int argc, char **argv) krb5_string_to_key_salt(context, enctype, buf, salt, &key); } ret = hdb_add_master_key(context, &key, &mkey); - + krb5_free_keyblock_contents(context, &key); } - + { char *new, *old; asprintf(&old, "%s.old", keyfile); @@ -144,13 +144,19 @@ main(int argc, char **argv) if(ret) unlink(new); else { +#ifndef NO_POSIX_LINKS unlink(old); if(link(keyfile, old) < 0 && errno != ENOENT) { ret = errno; unlink(new); - } else if(rename(new, keyfile) < 0) { - ret = errno; + } else { +#endif + if(rename(new, keyfile) < 0) { + ret = errno; + } +#ifndef NO_POSIX_LINKS } +#endif } out: free(old); diff --git a/crypto/heimdal/kdc/kx509.c b/crypto/heimdal/kdc/kx509.c index b1b861efef8..8d683d50a37 100644 --- a/crypto/heimdal/kdc/kx509.c +++ b/crypto/heimdal/kdc/kx509.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" @@ -36,14 +36,14 @@ #include #include -RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $"); +#ifdef KX509 /* * */ krb5_error_code -_kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size) +_kdc_try_kx509_request(void *ptr, size_t len, struct Kx509Request *req, size_t *size) { if (len < 4) return -1; @@ -59,22 +59,23 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size) static const unsigned char version_2_0[4] = {0 , 0, 2, 0}; static krb5_error_code -verify_req_hash(krb5_context context, +verify_req_hash(krb5_context context, const Kx509Request *req, krb5_keyblock *key) { unsigned char digest[SHA_DIGEST_LENGTH]; HMAC_CTX ctx; - + if (req->pk_hash.length != sizeof(digest)) { - krb5_set_error_string(context, "pk-hash have wrong length: %lu", - (unsigned long)req->pk_hash.length); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash have wrong length: %lu", + (unsigned long)req->pk_hash.length); return KRB5KDC_ERR_PREAUTH_FAILED; } HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, - key->keyvalue.data, key->keyvalue.length, + HMAC_Init_ex(&ctx, + key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); if (sizeof(digest) != HMAC_size(&ctx)) krb5_abortx(context, "runtime error, hmac buffer wrong size in kx509"); @@ -84,7 +85,8 @@ verify_req_hash(krb5_context context, HMAC_CTX_cleanup(&ctx); if (memcmp(req->pk_hash.data, digest, sizeof(digest)) != 0) { - krb5_set_error_string(context, "pk-hash is not correct"); + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, + "pk-hash is not correct"); return KRB5KDC_ERR_PREAUTH_FAILED; } return 0; @@ -95,18 +97,17 @@ calculate_reply_hash(krb5_context context, krb5_keyblock *key, Kx509Response *rep) { + krb5_error_code ret; HMAC_CTX ctx; - + HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, - key->keyvalue.data, key->keyvalue.length, + HMAC_Init_ex(&ctx, key->keyvalue.data, key->keyvalue.length, EVP_sha1(), NULL); - rep->hash->length = HMAC_size(&ctx); - rep->hash->data = malloc(rep->hash->length); - if (rep->hash->data == NULL) { + ret = krb5_data_alloc(rep->hash, HMAC_size(&ctx)); + if (ret) { HMAC_CTX_cleanup(&ctx); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -131,18 +132,17 @@ calculate_reply_hash(krb5_context context, } /* - * Build a certifate for `principal´ that will expire at `endtime´. + * Build a certifate for `principal´ that will expire at `endtime´. */ static krb5_error_code -build_certificate(krb5_context context, +build_certificate(krb5_context context, krb5_kdc_configuration *config, const krb5_data *key, time_t endtime, krb5_principal principal, krb5_data *certificate) { - hx509_context hxctx = NULL; hx509_ca_tbs tbs = NULL; hx509_env env = NULL; hx509_cert cert = NULL; @@ -154,15 +154,7 @@ build_certificate(krb5_context context, return EINVAL; } - ret = hx509_context_init(&hxctx); - if (ret) - goto out; - - ret = hx509_env_init(hxctx, &env); - if (ret) - goto out; - - ret = hx509_env_add(hxctx, env, "principal-name", + ret = hx509_env_add(context->hx509ctx, &env, "principal-name", krb5_principal_get_comp_string(context, principal, 0)); if (ret) goto out; @@ -171,14 +163,14 @@ build_certificate(krb5_context context, hx509_certs certs; hx509_query *q; - ret = hx509_certs_init(hxctx, config->kx509_ca, 0, + ret = hx509_certs_init(context->hx509ctx, config->kx509_ca, 0, NULL, &certs); if (ret) { kdc_log(context, config, 0, "Failed to load CA %s", config->kx509_ca); goto out; } - ret = hx509_query_alloc(hxctx, &q); + ret = hx509_query_alloc(context->hx509ctx, &q); if (ret) { hx509_certs_free(&certs); goto out; @@ -187,8 +179,8 @@ build_certificate(krb5_context context, hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); hx509_query_match_option(q, HX509_QUERY_OPTION_KU_KEYCERTSIGN); - ret = hx509_certs_find(hxctx, certs, q, &signer); - hx509_query_free(hxctx, q); + ret = hx509_certs_find(context->hx509ctx, certs, q, &signer); + hx509_query_free(context->hx509ctx, q); hx509_certs_free(&certs); if (ret) { kdc_log(context, config, 0, "Failed to find a CA in %s", @@ -197,7 +189,7 @@ build_certificate(krb5_context context, } } - ret = hx509_ca_tbs_init(hxctx, &tbs); + ret = hx509_ca_tbs_init(context->hx509ctx, &tbs); if (ret) goto out; @@ -210,14 +202,14 @@ build_certificate(krb5_context context, spki.subjectPublicKey.data = key->data; spki.subjectPublicKey.length = key->length * 8; - ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), + ret = der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption, &spki.algorithm.algorithm); any.data = "\x05\x00"; any.length = 2; spki.algorithm.parameters = &any; - ret = hx509_ca_tbs_set_spki(hxctx, tbs, &spki); + ret = hx509_ca_tbs_set_spki(context->hx509ctx, tbs, &spki); der_free_oid(&spki.algorithm.algorithm); if (ret) goto out; @@ -227,21 +219,21 @@ build_certificate(krb5_context context, hx509_certs certs; hx509_cert template; - ret = hx509_certs_init(hxctx, config->kx509_template, 0, + ret = hx509_certs_init(context->hx509ctx, config->kx509_template, 0, NULL, &certs); if (ret) { kdc_log(context, config, 0, "Failed to load template %s", config->kx509_template); goto out; } - ret = hx509_get_one_cert(hxctx, certs, &template); + ret = hx509_get_one_cert(context->hx509ctx, certs, &template); hx509_certs_free(&certs); if (ret) { kdc_log(context, config, 0, "Failed to find template in %s", config->kx509_template); goto out; } - ret = hx509_ca_tbs_set_template(hxctx, tbs, + ret = hx509_ca_tbs_set_template(context->hx509ctx, tbs, HX509_CA_TEMPLATE_SUBJECT| HX509_CA_TEMPLATE_KU| HX509_CA_TEMPLATE_EKU, @@ -251,24 +243,22 @@ build_certificate(krb5_context context, goto out; } - hx509_ca_tbs_set_notAfter(hxctx, tbs, endtime); + hx509_ca_tbs_set_notAfter(context->hx509ctx, tbs, endtime); - hx509_ca_tbs_subject_expand(hxctx, tbs, env); + hx509_ca_tbs_subject_expand(context->hx509ctx, tbs, env); hx509_env_free(&env); - ret = hx509_ca_sign(hxctx, tbs, signer, &cert); + ret = hx509_ca_sign(context->hx509ctx, tbs, signer, &cert); hx509_cert_free(signer); if (ret) goto out; hx509_ca_tbs_free(&tbs); - ret = hx509_cert_binary(hxctx, cert, certificate); + ret = hx509_cert_binary(context->hx509ctx, cert, certificate); hx509_cert_free(cert); if (ret) goto out; - - hx509_context_free(&hxctx); return 0; out: @@ -278,9 +268,7 @@ out: hx509_ca_tbs_free(&tbs); if (signer) hx509_cert_free(signer); - if (hxctx) - hx509_context_free(&hxctx); - krb5_set_error_string(context, "cert creation failed"); + krb5_set_error_message(context, ret, "cert creation failed"); return ret; } @@ -289,9 +277,9 @@ out: */ krb5_error_code -_kdc_do_kx509(krb5_context context, +_kdc_do_kx509(krb5_context context, krb5_kdc_configuration *config, - const Kx509Request *req, krb5_data *reply, + const struct Kx509Request *req, krb5_data *reply, const char *from, struct sockaddr *addr) { krb5_error_code ret; @@ -309,7 +297,7 @@ _kdc_do_kx509(krb5_context context, memset(&rep, 0, sizeof(rep)); if(!config->enable_kx509) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Rejected kx509 request (disabled) from %s", from); return KRB5KDC_ERR_POLICY; } @@ -322,7 +310,7 @@ _kdc_do_kx509(krb5_context context, goto out; } - ret = krb5_rd_req(context, + ret = krb5_rd_req(context, &ac, &req->authenticator, NULL, @@ -339,7 +327,7 @@ _kdc_do_kx509(krb5_context context, ret = krb5_unparse_name(context, cprincipal, &cname); if (ret) goto out; - + /* verify server principal */ ret = krb5_sname_to_principal(context, NULL, "kca_service", @@ -357,20 +345,36 @@ _kdc_do_kx509(krb5_context context, ret = krb5_principal_compare(context, sprincipal, principal); krb5_free_principal(context, principal); if (ret != TRUE) { + char *expected, *used; + + ret = krb5_unparse_name(context, sprincipal, &expected); + if (ret) + goto out; + ret = krb5_unparse_name(context, principal, &used); + if (ret) { + krb5_xfree(expected); + goto out; + } + ret = KRB5KDC_ERR_SERVER_NOMATCH; - krb5_set_error_string(context, - "User %s used wrong Kx509 service principal", - cname); + krb5_set_error_message(context, ret, + "User %s used wrong Kx509 service " + "principal, expected: %s, used %s", + cname, expected, used); + krb5_xfree(expected); + krb5_xfree(used); goto out; } } - + ret = krb5_auth_con_getkey(context, ac, &key); - if (ret || key == NULL) { - krb5_set_error_string(context, "Kx509 can't get session key"); + if (ret == 0 && key == NULL) + ret = KRB5KDC_ERR_NULL_KEY; + if (ret) { + krb5_set_error_message(context, ret, "Kx509 can't get session key"); goto out; } - + ret = verify_req_hash(context, req, key); if (ret) goto out; @@ -385,8 +389,10 @@ _kdc_do_kx509(krb5_context context, if (ret) goto out; free_RSAPublicKey(&key); - if (size != req->pk_key.length) - ; + if (size != req->pk_key.length) { + ret = ASN1_EXTRA_DATA; + goto out; + } } ALLOC(rep.certificate); @@ -398,7 +404,7 @@ _kdc_do_kx509(krb5_context context, goto out; krb5_data_zero(rep.hash); - ret = build_certificate(context, config, &req->pk_key, + ret = build_certificate(context, config, &req->pk_key, krb5_ticket_get_endtime(context, ticket), cprincipal, rep.certificate); if (ret) @@ -418,7 +424,7 @@ _kdc_do_kx509(krb5_context context, ASN1_MALLOC_ENCODE(Kx509Response, data.data, data.length, &rep, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode kx509 reply"); + krb5_set_error_message(context, ret, "Failed to encode kx509 reply"); goto out; } if (size != data.length) @@ -458,3 +464,5 @@ out: return 0; } + +#endif /* KX509 */ diff --git a/crypto/heimdal/kdc/log.c b/crypto/heimdal/kdc/log.c index 8cf967fbfb8..6d85729f514 100644 --- a/crypto/heimdal/kdc/log.c +++ b/crypto/heimdal/kdc/log.c @@ -1,63 +1,67 @@ /* - * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: log.c 22254 2007-12-09 06:01:05Z lha $"); void -kdc_openlog(krb5_context context, +kdc_openlog(krb5_context context, + const char *service, krb5_kdc_configuration *config) { char **s = NULL, **p; krb5_initlog(context, "kdc", &config->logf); - s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL); + s = krb5_config_get_strings(context, NULL, service, "logging", NULL); if(s == NULL) - s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL); + s = krb5_config_get_strings(context, NULL, "logging", service, NULL); if(s){ for(p = s; *p; p++) krb5_addlog_dest(context, config->logf, *p); krb5_config_free_strings(s); }else { - char *s; - asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE); - krb5_addlog_dest(context, config->logf, s); - free(s); + char *ss; + if (asprintf(&ss, "0-1/FILE:%s/%s", hdb_db_dir(context), + KDC_LOG_FILE) < 0) + err(1, NULL); + krb5_addlog_dest(context, config->logf, ss); + free(ss); } krb5_set_warn_dest(context, config->logf); } char* -kdc_log_msg_va(krb5_context context, +kdc_log_msg_va(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, va_list ap) { @@ -67,7 +71,7 @@ kdc_log_msg_va(krb5_context context, } char* -kdc_log_msg(krb5_context context, +kdc_log_msg(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, ...) { @@ -80,7 +84,7 @@ kdc_log_msg(krb5_context context, } void -kdc_log(krb5_context context, +kdc_log(krb5_context context, krb5_kdc_configuration *config, int level, const char *fmt, ...) { diff --git a/crypto/heimdal/kdc/main.c b/crypto/heimdal/kdc/main.c index 9195b048895..fc42e9dcdeb 100644 --- a/crypto/heimdal/kdc/main.c +++ b/crypto/heimdal/kdc/main.c @@ -1,34 +1,36 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" @@ -36,11 +38,15 @@ #include #endif -RCSID("$Id: main.c 20454 2007-04-19 20:21:51Z lha $"); +#ifdef HAVE_CAPNG +#include +#endif sig_atomic_t exit_flag = 0; +#ifdef SUPPORT_DETACH int detach_from_console = -1; +#endif static RETSIGTYPE sigterm(int sig) @@ -48,6 +54,54 @@ sigterm(int sig) exit_flag = sig; } +/* + * Allow dropping root bit, since heimdal reopens the database all the + * time the database needs to be owned by the user you are switched + * too. A better solution is to split the kdc in to more processes and + * run the network facing part with very low privilege. + */ + +static void +switch_environment(void) +{ +#ifdef HAVE_GETEUID + if ((runas_string || chroot_string) && geteuid() != 0) + errx(1, "no running as root, can't switch user/chroot"); + + if (chroot_string && chroot(chroot_string) != 0) + errx(1, "chroot(%s)", "chroot_string failed"); + + if (runas_string) { + struct passwd *pw; + + pw = getpwnam(runas_string); + if (pw == NULL) + errx(1, "unknown user %s", runas_string); + + if (initgroups(pw->pw_name, pw->pw_gid) < 0) + err(1, "initgroups failed"); + +#ifndef HAVE_CAPNG + if (setgid(pw->pw_gid) < 0) + err(1, "setgid(%s) failed", runas_string); + + if (setuid(pw->pw_uid) < 0) + err(1, "setuid(%s)", runas_string); +#else + capng_clear (CAPNG_EFFECTIVE | CAPNG_PERMITTED); + if (capng_updatev (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, + CAP_NET_BIND_SERVICE, CAP_SETPCAP, -1) < 0) + err(1, "capng_updateev"); + + if (capng_change_id(pw->pw_uid, pw->pw_gid, + CAPNG_CLEAR_BOUNDING) < 0) + err(1, "capng_change_id(%s)", runas_string); +#endif + } +#endif +} + + int main(int argc, char **argv) { @@ -56,7 +110,7 @@ main(int argc, char **argv) krb5_kdc_configuration *config; setprogname(argv[0]); - + ret = krb5_init_context(&context); if (ret == KRB5_CONFIG_BADFORMAT) errx (1, "krb5_init_context failed to parse configuration file"); @@ -79,20 +133,36 @@ main(int argc, char **argv) sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); +#ifdef SIGXCPU sigaction(SIGXCPU, &sa, NULL); +#endif sa.sa_handler = SIG_IGN; +#ifdef SIGPIPE sigaction(SIGPIPE, &sa, NULL); +#endif } #else signal(SIGINT, sigterm); signal(SIGTERM, sigterm); +#ifdef SIGXCPU signal(SIGXCPU, sigterm); +#endif +#ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); #endif +#endif +#ifdef SUPPORT_DETACH if (detach_from_console) daemon(0, 0); +#endif +#ifdef __APPLE__ + bonjour_announce(context, config); +#endif pidfile(NULL); + + switch_environment(); + loop(context, config); krb5_free_context(context); return 0; diff --git a/crypto/heimdal/kdc/misc.c b/crypto/heimdal/kdc/misc.c index 072df440429..1b2c4400059 100644 --- a/crypto/heimdal/kdc/misc.c +++ b/crypto/heimdal/kdc/misc.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: misc.c 21106 2007-06-18 10:18:11Z lha $"); - struct timeval _kdc_now; krb5_error_code @@ -42,31 +40,66 @@ _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_const_principal principal, unsigned flags, + krb5uint32 *kvno_ptr, HDB **db, hdb_entry_ex **h) { hdb_entry_ex *ent; - krb5_error_code ret; + krb5_error_code ret = HDB_ERR_NOENTRY; int i; + unsigned kvno = 0; + + if (kvno_ptr) { + kvno = *kvno_ptr; + flags |= HDB_F_KVNO_SPECIFIED; + } ent = calloc (1, sizeof (*ent)); if (ent == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } for(i = 0; i < config->num_db; i++) { + krb5_principal enterprise_principal = NULL; + if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL) + && principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (principal->name.name_string.len != 1) { + ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + "malformed request: " + "enterprise name with %d name components", + principal->name.name_string.len); + free(ent); + return ret; + } + ret = krb5_parse_name(context, principal->name.name_string.val[0], + &enterprise_principal); + if (ret) { + free(ent); + return ret; + } + + principal = enterprise_principal; + } + ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); if (ret) { - kdc_log(context, config, 0, "Failed to open database: %s", - krb5_get_err_text(context, ret)); + const char *msg = krb5_get_error_message(context, ret); + kdc_log(context, config, 0, "Failed to open database: %s", msg); + krb5_free_error_message(context, msg); continue; } - ret = config->db[i]->hdb_fetch(context, - config->db[i], - principal, - flags | HDB_F_DECRYPT, - ent); + + ret = config->db[i]->hdb_fetch_kvno(context, + config->db[i], + principal, + flags | HDB_F_DECRYPT, + kvno, + ent); + + krb5_free_principal(context, enterprise_principal); + config->db[i]->hdb_close(context, config->db[i]); if(ret == 0) { if (db) @@ -76,8 +109,9 @@ _kdc_db_fetch(krb5_context context, } } free(ent); - krb5_set_error_string(context, "no such entry found in hdb"); - return HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, + "no such entry found in hdb"); + return ret; } void @@ -100,23 +134,41 @@ _kdc_get_preferred_key(krb5_context context, krb5_enctype *enctype, Key **key) { - const krb5_enctype *p; krb5_error_code ret; int i; - p = krb5_kerberos_enctypes(context); + if (config->use_strongest_server_key) { + const krb5_enctype *p = krb5_kerberos_enctypes(context); - for (i = 0; p[i] != ETYPE_NULL; i++) { - if (krb5_enctype_valid(context, p[i]) != 0) - continue; - ret = hdb_enctype2key(context, &h->entry, p[i], key); - if (ret == 0) { - *enctype = p[i]; + for (i = 0; p[i] != ETYPE_NULL; i++) { + if (krb5_enctype_valid(context, p[i]) != 0) + continue; + ret = hdb_enctype2key(context, &h->entry, p[i], key); + if (ret != 0) + continue; + if (enctype != NULL) + *enctype = p[i]; + return 0; + } + } else { + *key = NULL; + + for (i = 0; i < h->entry.keys.len; i++) { + if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype) + != 0) + continue; + ret = hdb_enctype2key(context, &h->entry, + h->entry.keys.val[i].key.keytype, key); + if (ret != 0) + continue; + if (enctype != NULL) + *enctype = (*key)->key.keytype; return 0; } } - krb5_set_error_string(context, "No valid kerberos key found for %s", name); - return EINVAL; + krb5_set_error_message(context, EINVAL, + "No valid kerberos key found for %s", name); + return EINVAL; /* XXX */ } diff --git a/crypto/heimdal/kdc/mit_dump.c b/crypto/heimdal/kdc/mit_dump.c index dd2f5d78c8e..f28e932b15b 100644 --- a/crypto/heimdal/kdc/mit_dump.c +++ b/crypto/heimdal/kdc/mit_dump.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,8 +33,6 @@ #include "hprop.h" -RCSID("$Id: mit_dump.c 21745 2007-07-31 16:11:25Z lha $"); - /* can have any number of princ stanzas. format is as follows (only \n indicates newlines) @@ -42,13 +40,13 @@ princ\t%d\t (%d is KRB5_KDB_V1_BASE_LENGTH, always 38) %d\t (strlen of principal e.g. shadow/foo@ANDREW.CMU.EDU) %d\t (number of tl_data) %d\t (number of key data, e.g. how many keys for this user) -%d\t (extra data length) +%d\t (extra data length) %s\t (principal name) %d\t (attributes) %d\t (max lifetime, seconds) %d\t (max renewable life, seconds) %d\t (expiration, seconds since epoch or 2145830400 for never) -%d\t (password expiration, seconds, 0 for never) +%d\t (password expiration, seconds, 0 for never) %d\t (last successful auth, seconds since epoch) %d\t (last failed auth, per above) %d\t (failed auth count) @@ -67,7 +65,7 @@ foreach key 0 to number of keys - 1 as above %02x (key data contents[element n]) except if key_data length is 0 %d (always -1) - \t + \t foreach extra data length 0 to length - 1 %02x (extra data part) unless no extra data @@ -79,7 +77,7 @@ unless no extra data static int hex_to_octet_string(const char *ptr, krb5_data *data) { - int i; + size_t i; unsigned int v; for(i = 0; i < data->length; i++) { if(sscanf(ptr + 2 * i, "%02x", &v) != 1) @@ -137,7 +135,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags) /* DUP_SKEY */ flags->invalid = !!(attr & KRB5_KDB_DISALLOW_ALL_TIX); flags->require_preauth = !!(attr & KRB5_KDB_REQUIRES_PRE_AUTH); - /* HW_AUTH */ + flags->require_hwauth = !!(attr & KRB5_KDB_REQUIRES_HW_AUTH); flags->server = !(attr & KRB5_KDB_DISALLOW_SVR); flags->change_pw = !!(attr & KRB5_KDB_PWCHANGE_SERVICE); flags->client = 1; /* XXX */ @@ -167,9 +165,9 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num) case KRB5_KDB_SALTTYPE_NOREALM: { size_t len; - int i; + size_t i; char *p; - + len = 0; for (i = 0; i < ent->principal->name.name_string.len; ++i) len += strlen(ent->principal->name.name_string.val[i]); @@ -189,8 +187,8 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num) } case KRB5_KDB_SALTTYPE_ONLYREALM: krb5_data_free(&salt->salt); - ret = krb5_data_copy(&salt->salt, - ent->principal->realm, + ret = krb5_data_copy(&salt->salt, + ent->principal->realm, strlen(ent->principal->realm)); if(ret) return ret; @@ -201,8 +199,8 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num) break; case KRB5_KDB_SALTTYPE_AFS3: krb5_data_free(&salt->salt); - ret = krb5_data_copy(&salt->salt, - ent->principal->realm, + ret = krb5_data_copy(&salt->salt, + ent->principal->realm, strlen(ent->principal->realm)); if(ret) return ret; @@ -228,7 +226,7 @@ mit_prop_dump(void *arg, const char *file) f = fopen(file, "r"); if(f == NULL) return errno; - + while(fgets(line, sizeof(line), f)) { char *p = line, *q; @@ -236,7 +234,7 @@ mit_prop_dump(void *arg, const char *file) int num_tl_data; int num_key_data; - int extra_data_length; + int high_kvno; int attributes; int tmp; @@ -257,8 +255,11 @@ mit_prop_dump(void *arg, const char *file) q = nexttoken(&p); /* x.0 */ if(sscanf(q, "%d", &major) != 1) errx(1, "line %d: unknown version", lineno); - if(major != 4) - errx(1, "unknown dump file format, got %d, expected 4", major); + if(major != 4 && major != 5 && major != 6) + errx(1, "unknown dump file format, got %d, expected 4-6", + major); + continue; + } else if(strcmp(q, "policy") == 0) { continue; } else if(strcmp(q, "princ") != 0) { warnx("line %d: not a principal", lineno); @@ -269,10 +270,10 @@ mit_prop_dump(void *arg, const char *file) warnx("line %d: bad base length %d != 38", lineno, tmp); continue; } - q = nexttoken(&p); /* length of principal */ + nexttoken(&p); /* length of principal */ num_tl_data = getint(&p); /* number of tl-data */ num_key_data = getint(&p); /* number of key-data */ - extra_data_length = getint(&p); /* length of extra data */ + getint(&p); /* length of extra data */ q = nexttoken(&p); /* principal name */ krb5_parse_name(pd->context, q, &ent.entry.principal); attributes = getint(&p); /* attributes */ @@ -297,9 +298,9 @@ mit_prop_dump(void *arg, const char *file) ALLOC(ent.entry.pw_end); *ent.entry.pw_end = tmp; } - q = nexttoken(&p); /* last auth */ - q = nexttoken(&p); /* last failed auth */ - q = nexttoken(&p); /* fail auth count */ + nexttoken(&p); /* last auth */ + nexttoken(&p); /* last failed auth */ + nexttoken(&p); /* fail auth count */ for(i = 0; i < num_tl_data; i++) { unsigned long val; int tl_type, tl_length; @@ -312,6 +313,20 @@ mit_prop_dump(void *arg, const char *file) #define mit_KRB5_TL_LAST_PWD_CHANGE 1 #define mit_KRB5_TL_MOD_PRINC 2 switch(tl_type) { + case mit_KRB5_TL_LAST_PWD_CHANGE: + buf = malloc(tl_length); + if (buf == NULL) + errx(ENOMEM, "malloc"); + getdata(&p, buf, tl_length); /* data itself */ + val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); + free(buf); + ALLOC(ent.entry.extensions); + ALLOC_SEQ(ent.entry.extensions, 1); + ent.entry.extensions->val[0].mandatory = 0; + ent.entry.extensions->val[0].data.element + = choice_HDB_extension_data_last_pw_change; + ent.entry.extensions->val[0].data.u.last_pw_change = val; + break; case mit_KRB5_TL_MOD_PRINC: buf = malloc(tl_length); if (buf == NULL) @@ -319,6 +334,9 @@ mit_prop_dump(void *arg, const char *file) getdata(&p, buf, tl_length); /* data itself */ val = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); ret = krb5_parse_name(pd->context, (char *)buf + 4, &princ); + if (ret) + krb5_err(pd->context, 1, ret, + "parse_name: %s", (char *)buf + 4); free(buf); ALLOC(ent.entry.modified_by); ent.entry.modified_by->time = val; @@ -330,14 +348,40 @@ mit_prop_dump(void *arg, const char *file) } } ALLOC_SEQ(&ent.entry.keys, num_key_data); + high_kvno = -1; for(i = 0; i < num_key_data; i++) { int key_versions; + int kvno; key_versions = getint(&p); /* key data version */ - ent.entry.kvno = getint(&p); /* XXX kvno */ - + kvno = getint(&p); + + /* + * An MIT dump file may contain multiple sets of keys with + * different kvnos. Since the Heimdal database can only represent + * one kvno per principal, we only want the highest set. Assume + * that set will be given first, and discard all keys with lower + * kvnos. + */ + if (kvno > high_kvno && high_kvno != -1) + errx(1, "line %d: high kvno keys given after low kvno keys", + lineno); + else if (kvno < high_kvno) { + nexttoken(&p); /* key type */ + nexttoken(&p); /* key length */ + nexttoken(&p); /* key */ + if (key_versions > 1) { + nexttoken(&p); /* salt type */ + nexttoken(&p); /* salt length */ + nexttoken(&p); /* salt */ + } + ent.entry.keys.len--; + continue; + } + ent.entry.kvno = kvno; + high_kvno = kvno; ALLOC(ent.entry.keys.val[i].mkvno); - *ent.entry.keys.val[i].mkvno = 0; - + *ent.entry.keys.val[i].mkvno = 1; + /* key version 0 -- actual key */ ent.entry.keys.val[i].key.keytype = getint(&p); /* key type */ tmp = getint(&p); /* key length */ @@ -360,12 +404,12 @@ mit_prop_dump(void *arg, const char *file) } else { ent.entry.keys.val[i].salt->salt.length = 0; ent.entry.keys.val[i].salt->salt.data = NULL; - tmp = getint(&p); /* -1, if no data. */ + getint(&p); /* -1, if no data. */ } fix_salt(pd->context, &ent.entry, i); } } - q = nexttoken(&p); /* extra data */ + nexttoken(&p); /* extra data */ v5_prop(pd->context, NULL, &ent, arg); } fclose(f); diff --git a/crypto/heimdal/kdc/pkinit.c b/crypto/heimdal/kdc/pkinit.c index bf248af588f..d85b1565007 100644 --- a/crypto/heimdal/kdc/pkinit.c +++ b/crypto/heimdal/kdc/pkinit.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $"); - #ifdef PKINIT #include @@ -45,31 +45,28 @@ RCSID("$Id: pkinit.c 22243 2007-12-08 23:39:30Z lha $"); #include #include "crypto-headers.h" -/* XXX copied from lib/krb5/pkinit.c */ -struct krb5_pk_identity { - hx509_context hx509ctx; - hx509_verify_ctx verify_ctx; - hx509_certs certs; - hx509_certs anchors; - hx509_certs certpool; - hx509_revoke_ctx revoke; -}; - -enum pkinit_type { - PKINIT_COMPAT_WIN2K = 1, - PKINIT_COMPAT_27 = 3 -}; - struct pk_client_params { - enum pkinit_type type; - BIGNUM *dh_public_key; + enum krb5_pk_type type; + enum { USE_RSA, USE_DH, USE_ECDH } keyex; + union { + struct { + BIGNUM *public_key; + DH *key; + } dh; +#ifdef HAVE_OPENSSL + struct { + EC_KEY *public_key; + EC_KEY *key; + } ecdh; +#endif + } u; hx509_cert cert; unsigned nonce; - DH *dh; EncryptionKey reply_key; char *dh_group_name; hx509_peer_info peer; hx509_certs client_anchors; + hx509_verify_ctx verify_ctx; }; struct pk_principal_mapping { @@ -105,7 +102,7 @@ pk_check_pkauthenticator_win2k(krb5_context context, /* XXX cusec */ if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5KRB_AP_ERR_SKEW; } return 0; @@ -119,7 +116,7 @@ pk_check_pkauthenticator(krb5_context context, u_char *buf = NULL; size_t buf_size; krb5_error_code ret; - size_t len; + size_t len = 0; krb5_timestamp now; Checksum checksum; @@ -127,13 +124,13 @@ pk_check_pkauthenticator(krb5_context context, /* XXX cusec */ if (a->ctime == 0 || abs(a->ctime - now) > context->max_skew) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5KRB_AP_ERR_SKEW; } ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, &req->req_body, &len, ret); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if (buf_size != len) @@ -148,18 +145,18 @@ pk_check_pkauthenticator(krb5_context context, &checksum); free(buf); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } - + if (a->paChecksum == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED; goto out; } if (der_heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = KRB5KRB_ERR_GENERIC; } @@ -170,29 +167,43 @@ out: } void -_kdc_pk_free_client_param(krb5_context context, - pk_client_params *client_params) +_kdc_pk_free_client_param(krb5_context context, pk_client_params *cp) { - if (client_params->cert) - hx509_cert_free(client_params->cert); - if (client_params->dh) - DH_free(client_params->dh); - if (client_params->dh_public_key) - BN_free(client_params->dh_public_key); - krb5_free_keyblock_contents(context, &client_params->reply_key); - if (client_params->dh_group_name) - free(client_params->dh_group_name); - if (client_params->peer) - hx509_peer_info_free(client_params->peer); - if (client_params->client_anchors) - hx509_certs_free(&client_params->client_anchors); - memset(client_params, 0, sizeof(*client_params)); - free(client_params); + if (cp == NULL) + return; + if (cp->cert) + hx509_cert_free(cp->cert); + if (cp->verify_ctx) + hx509_verify_destroy_ctx(cp->verify_ctx); + if (cp->keyex == USE_DH) { + if (cp->u.dh.key) + DH_free(cp->u.dh.key); + if (cp->u.dh.public_key) + BN_free(cp->u.dh.public_key); + } +#ifdef HAVE_OPENSSL + if (cp->keyex == USE_ECDH) { + if (cp->u.ecdh.key) + EC_KEY_free(cp->u.ecdh.key); + if (cp->u.ecdh.public_key) + EC_KEY_free(cp->u.ecdh.public_key); + } +#endif + krb5_free_keyblock_contents(context, &cp->reply_key); + if (cp->dh_group_name) + free(cp->dh_group_name); + if (cp->peer) + hx509_peer_info_free(cp->peer); + if (cp->client_anchors) + hx509_certs_free(&cp->client_anchors); + memset(cp, 0, sizeof(*cp)); + free(cp); } static krb5_error_code -generate_dh_keyblock(krb5_context context, pk_client_params *client_params, - krb5_enctype enctype, krb5_keyblock *reply_key) +generate_dh_keyblock(krb5_context context, + pk_client_params *client_params, + krb5_enctype enctype) { unsigned char *dh_gen_key = NULL; krb5_keyblock key; @@ -201,36 +212,84 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, memset(&key, 0, sizeof(key)); - if (!DH_generate_key(client_params->dh)) { - krb5_set_error_string(context, "Can't generate Diffie-Hellman keys"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } - if (client_params->dh_public_key == NULL) { - krb5_set_error_string(context, "dh_public_key"); - ret = KRB5KRB_ERR_GENERIC; - goto out; - } + if (client_params->keyex == USE_DH) { - dh_gen_keylen = DH_size(client_params->dh); - size = BN_num_bytes(client_params->dh->p); - if (size < dh_gen_keylen) - size = dh_gen_keylen; + if (client_params->u.dh.public_key == NULL) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "public_key"); + goto out; + } - dh_gen_key = malloc(size); - if (dh_gen_key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - memset(dh_gen_key, 0, size - dh_gen_keylen); + if (!DH_generate_key(client_params->u.dh.key)) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "Can't generate Diffie-Hellman keys"); + goto out; + } - dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), - client_params->dh_public_key, - client_params->dh); - if (dh_gen_keylen == -1) { - krb5_set_error_string(context, "Can't compute Diffie-Hellman key"); + size = DH_size(client_params->u.dh.key); + + dh_gen_key = malloc(size); + if (dh_gen_key == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + + dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key); + if (dh_gen_keylen == (size_t)-1) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "Can't compute Diffie-Hellman key"); + goto out; + } + if (dh_gen_keylen < size) { + size -= dh_gen_keylen; + memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen); + memset(dh_gen_key, 0, size); + } + + ret = 0; +#ifdef HAVE_OPENSSL + } else if (client_params->keyex == USE_ECDH) { + + if (client_params->u.ecdh.public_key == NULL) { + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, "public_key"); + goto out; + } + + client_params->u.ecdh.key = EC_KEY_new(); + if (client_params->u.ecdh.key == NULL) { + ret = ENOMEM; + goto out; + } + EC_KEY_set_group(client_params->u.ecdh.key, + EC_KEY_get0_group(client_params->u.ecdh.public_key)); + + if (EC_KEY_generate_key(client_params->u.ecdh.key) != 1) { + ret = ENOMEM; + goto out; + } + + size = (EC_GROUP_get_degree(EC_KEY_get0_group(client_params->u.ecdh.key)) + 7) / 8; + dh_gen_key = malloc(size); + if (dh_gen_key == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + goto out; + } + + dh_gen_keylen = ECDH_compute_key(dh_gen_key, size, + EC_KEY_get0_public_key(client_params->u.ecdh.public_key), + client_params->u.ecdh.key, NULL); + +#endif /* HAVE_OPENSSL */ + } else { ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "Diffie-Hellman not selected keys"); goto out; } @@ -238,7 +297,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params, enctype, dh_gen_key, dh_gen_keylen, NULL, NULL, - reply_key); + &client_params->reply_key); out: if (dh_gen_key) @@ -256,7 +315,8 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT: parsing BN failed %s", field); return NULL; } BN_set_negative(bn, f->negative); @@ -275,14 +335,17 @@ get_dh_param(krb5_context context, memset(&dhparam, 0, sizeof(dhparam)); - if (der_heim_oid_cmp(&dh_key_info->algorithm.algorithm, oid_id_dhpublicnumber())) { - krb5_set_error_string(context, - "PKINIT invalid oid in clientPublicValue"); - return KRB5_BADMSGTYPE; + if ((dh_key_info->subjectPublicKey.length % 8) != 0) { + ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, + "PKINIT: subjectPublicKey not aligned " + "to 8 bit boundary"); + goto out; } if (dh_key_info->algorithm.parameters == NULL) { - krb5_set_error_string(context, "PKINIT missing algorithm parameter " + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT missing algorithm parameter " "in clientPublicValue"); return KRB5_BADMSGTYPE; } @@ -292,20 +355,12 @@ get_dh_param(krb5_context context, &dhparam, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode algorithm " - "parameters in clientPublicValue"); + krb5_set_error_message(context, ret, "Can't decode algorithm " + "parameters in clientPublicValue"); goto out; } - if ((dh_key_info->subjectPublicKey.length % 8) != 0) { - ret = KRB5_BADMSGTYPE; - krb5_set_error_string(context, "PKINIT: subjectPublicKey not aligned " - "to 8 bit boundary"); - goto out; - } - - - ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, + ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, &dhparam.p, &dhparam.g, &dhparam.q, moduli, &client_params->dh_group_name); if (ret) { @@ -315,8 +370,8 @@ get_dh_param(krb5_context context, dh = DH_new(); if (dh == NULL) { - krb5_set_error_string(context, "Cannot create DH structure"); ret = ENOMEM; + krb5_set_error_message(context, ret, "Cannot create DH structure"); goto out; } ret = KRB5_BADMSGTYPE; @@ -339,22 +394,24 @@ get_dh_param(krb5_context context, &glue, &size); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } - client_params->dh_public_key = integer_to_BN(context, - "subjectPublicKey", - &glue); + client_params->u.dh.public_key = integer_to_BN(context, + "subjectPublicKey", + &glue); der_free_heim_integer(&glue); - if (client_params->dh_public_key == NULL) + if (client_params->u.dh.public_key == NULL) { + ret = KRB5_BADMSGTYPE; goto out; + } } - client_params->dh = dh; + client_params->u.dh.key = dh; dh = NULL; ret = 0; - + out: if (dh) DH_free(dh); @@ -362,60 +419,182 @@ get_dh_param(krb5_context context, return ret; } +#ifdef HAVE_OPENSSL + +static krb5_error_code +get_ecdh_param(krb5_context context, + krb5_kdc_configuration *config, + SubjectPublicKeyInfo *dh_key_info, + pk_client_params *client_params) +{ + ECParameters ecp; + EC_KEY *public = NULL; + krb5_error_code ret; + const unsigned char *p; + size_t len; + int nid; + + if (dh_key_info->algorithm.parameters == NULL) { + krb5_set_error_message(context, KRB5_BADMSGTYPE, + "PKINIT missing algorithm parameter " + "in clientPublicValue"); + return KRB5_BADMSGTYPE; + } + + memset(&ecp, 0, sizeof(ecp)); + + ret = decode_ECParameters(dh_key_info->algorithm.parameters->data, + dh_key_info->algorithm.parameters->length, &ecp, &len); + if (ret) + goto out; + + if (ecp.element != choice_ECParameters_namedCurve) { + ret = KRB5_BADMSGTYPE; + goto out; + } + + if (der_heim_oid_cmp(&ecp.u.namedCurve, &asn1_oid_id_ec_group_secp256r1) == 0) + nid = NID_X9_62_prime256v1; + else { + ret = KRB5_BADMSGTYPE; + goto out; + } + + /* XXX verify group is ok */ + + public = EC_KEY_new_by_curve_name(nid); + + p = dh_key_info->subjectPublicKey.data; + len = dh_key_info->subjectPublicKey.length / 8; + if (o2i_ECPublicKey(&public, &p, len) == NULL) { + ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, + "PKINIT failed to decode ECDH key"); + goto out; + } + client_params->u.ecdh.public_key = public; + public = NULL; + + out: + if (public) + EC_KEY_free(public); + free_ECParameters(&ecp); + return ret; +} + +#endif /* HAVE_OPENSSL */ + krb5_error_code _kdc_pk_rd_padata(krb5_context context, krb5_kdc_configuration *config, const KDC_REQ *req, const PA_DATA *pa, + hdb_entry_ex *client, pk_client_params **ret_params) { - pk_client_params *client_params; + pk_client_params *cp; krb5_error_code ret; heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL }; krb5_data eContent = { 0, NULL }; krb5_data signed_content = { 0, NULL }; const char *type = "unknown type"; + hx509_certs trust_anchors; int have_data = 0; + const HDB_Ext_PKINIT_cert *pc; *ret_params = NULL; - + if (!config->enable_pkinit) { kdc_log(context, config, 0, "PK-INIT request but PK-INIT not enabled"); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return 0; } - hx509_verify_set_time(kdc_identity->verify_ctx, _kdc_now.tv_sec); - - client_params = calloc(1, sizeof(*client_params)); - if (client_params == NULL) { - krb5_clear_error_string(context); + cp = calloc(1, sizeof(*cp)); + if (cp == NULL) { + krb5_clear_error_message(context); ret = ENOMEM; goto out; } + ret = hx509_certs_init(context->hx509ctx, + "MEMORY:trust-anchors", + 0, NULL, &trust_anchors); + if (ret) { + krb5_set_error_message(context, ret, "failed to create trust anchors"); + goto out; + } + + ret = hx509_certs_merge(context->hx509ctx, trust_anchors, + kdc_identity->anchors); + if (ret) { + hx509_certs_free(&trust_anchors); + krb5_set_error_message(context, ret, "failed to create verify context"); + goto out; + } + + /* Add any registered certificates for this client as trust anchors */ + ret = hdb_entry_get_pkinit_cert(&client->entry, &pc); + if (ret == 0 && pc != NULL) { + hx509_cert cert; + unsigned int i; + + for (i = 0; i < pc->len; i++) { + ret = hx509_cert_init_data(context->hx509ctx, + pc->val[i].cert.data, + pc->val[i].cert.length, + &cert); + if (ret) + continue; + hx509_certs_add(context->hx509ctx, trust_anchors, cert); + hx509_cert_free(cert); + } + } + + ret = hx509_verify_init_ctx(context->hx509ctx, &cp->verify_ctx); + if (ret) { + hx509_certs_free(&trust_anchors); + krb5_set_error_message(context, ret, "failed to create verify context"); + goto out; + } + + hx509_verify_set_time(cp->verify_ctx, kdc_time); + hx509_verify_attach_anchors(cp->verify_ctx, trust_anchors); + hx509_certs_free(&trust_anchors); + + if (config->pkinit_allow_proxy_certs) + hx509_verify_set_proxy_certificate(cp->verify_ctx, 1); + if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) { PA_PK_AS_REQ_Win2k r; type = "PK-INIT-Win2k"; + if (req->req_body.kdc_options.request_anonymous) { + ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED; + krb5_set_error_message(context, ret, + "Anon not supported in RSA mode"); + goto out; + } + ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data, pa->padata_value.length, &r, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode " - "PK-AS-REQ-Win2k: %d", ret); + krb5_set_error_message(context, ret, "Can't decode " + "PK-AS-REQ-Win2k: %d", ret); goto out; } - + ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack, &contentInfoOid, &signed_content, &have_data); free_PA_PK_AS_REQ_Win2k(&r); if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + krb5_set_error_message(context, ret, + "Can't unwrap ContentInfo(win): %d", ret); goto out; } @@ -429,25 +608,35 @@ _kdc_pk_rd_padata(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret); + krb5_set_error_message(context, ret, + "Can't decode PK-AS-REQ: %d", ret); goto out; } - + /* XXX look at r.kdcPkId */ if (r.trustedCertifiers) { ExternalPrincipalIdentifiers *edi = r.trustedCertifiers; - unsigned int i; + unsigned int i, maxedi; - ret = hx509_certs_init(kdc_identity->hx509ctx, + ret = hx509_certs_init(context->hx509ctx, "MEMORY:client-anchors", 0, NULL, - &client_params->client_anchors); + &cp->client_anchors); if (ret) { - krb5_set_error_string(context, "Can't allocate client anchors: %d", ret); + krb5_set_error_message(context, ret, + "Can't allocate client anchors: %d", + ret); goto out; } - for (i = 0; i < edi->len; i++) { + /* + * If the client sent more then 10 EDI, don't bother + * looking more then 10 of performance reasons. + */ + maxedi = edi->len; + if (maxedi > 10) + maxedi = 10; + for (i = 0; i < maxedi; i++) { IssuerAndSerialNumber iasn; hx509_query *q; hx509_cert cert; @@ -456,35 +645,37 @@ _kdc_pk_rd_padata(krb5_context context, if (edi->val[i].issuerAndSerialNumber == NULL) continue; - ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + ret = hx509_query_alloc(context->hx509ctx, &q); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "Failed to allocate hx509_query"); goto out; } - + ret = decode_IssuerAndSerialNumber(edi->val[i].issuerAndSerialNumber->data, edi->val[i].issuerAndSerialNumber->length, &iasn, &size); if (ret) { - hx509_query_free(kdc_identity->hx509ctx, q); + hx509_query_free(context->hx509ctx, q); continue; } ret = hx509_query_match_issuer_serial(q, &iasn.issuer, &iasn.serialNumber); free_IssuerAndSerialNumber(&iasn); - if (ret) + if (ret) { + hx509_query_free(context->hx509ctx, q); continue; + } - ret = hx509_certs_find(kdc_identity->hx509ctx, + ret = hx509_certs_find(context->hx509ctx, kdc_identity->certs, q, &cert); - hx509_query_free(kdc_identity->hx509ctx, q); + hx509_query_free(context->hx509ctx, q); if (ret) continue; - hx509_certs_add(kdc_identity->hx509ctx, - client_params->client_anchors, cert); + hx509_certs_add(context->hx509ctx, + cp->client_anchors, cert); hx509_cert_free(cert); } } @@ -495,36 +686,42 @@ _kdc_pk_rd_padata(krb5_context context, &have_data); free_PA_PK_AS_REQ(&r); if (ret) { - krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret); + krb5_set_error_message(context, ret, + "Can't unwrap ContentInfo: %d", ret); goto out; } - } else { - krb5_clear_error_string(context); + } else { + krb5_clear_error_message(context); ret = KRB5KDC_ERR_PADATA_TYPE_NOSUPP; goto out; } - ret = der_heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData()); + ret = der_heim_oid_cmp(&contentInfoOid, &asn1_oid_id_pkcs7_signedData); if (ret != 0) { - krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content " - "type oid"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PK-AS-REQ-Win2k invalid content type oid"); goto out; } - + if (!have_data) { - krb5_set_error_string(context, - "PK-AS-REQ-Win2k no signed auth pack"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "PK-AS-REQ-Win2k no signed auth pack"); goto out; } { hx509_certs signer_certs; + int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */ - ret = hx509_cms_verify_signed(kdc_identity->hx509ctx, - kdc_identity->verify_ctx, + if (req->req_body.kdc_options.request_anonymous) + flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER; + + ret = hx509_cms_verify_signed(context->hx509ctx, + cp->verify_ctx, + flags, signed_content.data, signed_content.length, NULL, @@ -533,26 +730,28 @@ _kdc_pk_rd_padata(krb5_context context, &eContent, &signer_certs); if (ret) { - char *s = hx509_get_error_string(kdc_identity->hx509ctx, ret); + char *s = hx509_get_error_string(context->hx509ctx, ret); krb5_warnx(context, "PKINIT: failed to verify signature: %s: %d", s, ret); free(s); goto out; } - ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs, - &client_params->cert); - hx509_certs_free(&signer_certs); + if (signer_certs) { + ret = hx509_get_one_cert(context->hx509ctx, signer_certs, + &cp->cert); + hx509_certs_free(&signer_certs); + } if (ret) goto out; } /* Signature is correct, now verify the signed message */ - if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 && - der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0) + if (der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkcs7_data) != 0 && + der_heim_oid_cmp(&eContentType, &asn1_oid_id_pkauthdata) != 0) { - krb5_set_error_string(context, "got wrong oid for pkauthdata"); ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, "got wrong oid for pkauthdata"); goto out; } @@ -564,11 +763,12 @@ _kdc_pk_rd_padata(krb5_context context, &ap, NULL); if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + krb5_set_error_message(context, ret, + "Can't decode AuthPack: %d", ret); goto out; } - - ret = pk_check_pkauthenticator_win2k(context, + + ret = pk_check_pkauthenticator_win2k(context, &ap.pkAuthenticator, req); if (ret) { @@ -576,12 +776,13 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - client_params->type = PKINIT_COMPAT_WIN2K; - client_params->nonce = ap.pkAuthenticator.nonce; + cp->type = PKINIT_WIN2K; + cp->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - krb5_set_error_string(context, "DH not supported for windows"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "DH not supported for windows"); goto out; } free_AuthPack_Win2k(&ap); @@ -594,12 +795,22 @@ _kdc_pk_rd_padata(krb5_context context, &ap, NULL); if (ret) { - krb5_set_error_string(context, "can't decode AuthPack: %d", ret); + krb5_set_error_message(context, ret, + "Can't decode AuthPack: %d", ret); free_AuthPack(&ap); goto out; } - - ret = pk_check_pkauthenticator(context, + + if (req->req_body.kdc_options.request_anonymous && + ap.clientPublicValue == NULL) { + free_AuthPack(&ap); + ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED; + krb5_set_error_message(context, ret, + "Anon not supported in RSA mode"); + goto out; + } + + ret = pk_check_pkauthenticator(context, &ap.pkAuthenticator, req); if (ret) { @@ -607,33 +818,55 @@ _kdc_pk_rd_padata(krb5_context context, goto out; } - client_params->type = PKINIT_COMPAT_27; - client_params->nonce = ap.pkAuthenticator.nonce; + cp->type = PKINIT_27; + cp->nonce = ap.pkAuthenticator.nonce; if (ap.clientPublicValue) { - ret = get_dh_param(context, config, - ap.clientPublicValue, client_params); + if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_dhpublicnumber) == 0) { + cp->keyex = USE_DH; + ret = get_dh_param(context, config, + ap.clientPublicValue, cp); +#ifdef HAVE_OPENSSL + } else if (der_heim_oid_cmp(&ap.clientPublicValue->algorithm.algorithm, &asn1_oid_id_ecPublicKey) == 0) { + cp->keyex = USE_ECDH; + ret = get_ecdh_param(context, config, + ap.clientPublicValue, cp); +#endif /* HAVE_OPENSSL */ + } else { + ret = KRB5_BADMSGTYPE; + krb5_set_error_message(context, ret, "PKINIT unknown DH mechanism"); + } if (ret) { free_AuthPack(&ap); goto out; } + } else + cp->keyex = USE_RSA; + + ret = hx509_peer_info_alloc(context->hx509ctx, + &cp->peer); + if (ret) { + free_AuthPack(&ap); + goto out; } if (ap.supportedCMSTypes) { - ret = hx509_peer_info_alloc(kdc_identity->hx509ctx, - &client_params->peer); - if (ret) { - free_AuthPack(&ap); - goto out; - } - ret = hx509_peer_info_set_cms_algs(kdc_identity->hx509ctx, - client_params->peer, + ret = hx509_peer_info_set_cms_algs(context->hx509ctx, + cp->peer, ap.supportedCMSTypes->val, ap.supportedCMSTypes->len); if (ret) { free_AuthPack(&ap); goto out; } + } else { + /* assume old client */ + hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer, + hx509_crypto_des_rsdi_ede3_cbc()); + hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer, + hx509_signature_rsa_with_sha1()); + hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer, + hx509_signature_sha1()); } free_AuthPack(&ap); } else @@ -650,10 +883,10 @@ out: krb5_data_free(&eContent); der_free_oid(&eContentType); der_free_oid(&contentInfoOid); - if (ret) - _kdc_pk_free_client_param(context, client_params); - else - *ret_params = client_params; + if (ret) { + _kdc_pk_free_client_param(context, cp); + } else + *ret_params = cp; return ret; } @@ -667,7 +900,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); if (integer->data == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } BN_bn2bin(bn, integer->data); @@ -678,58 +911,63 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) static krb5_error_code pk_mk_pa_reply_enckey(krb5_context context, krb5_kdc_configuration *config, - pk_client_params *client_params, + pk_client_params *cp, const KDC_REQ *req, const krb5_data *req_buffer, krb5_keyblock *reply_key, - ContentInfo *content_info) + ContentInfo *content_info, + hx509_cert *kdc_cert) { - const heim_oid *envelopedAlg = NULL, *sdAlg = NULL; + const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL; krb5_error_code ret; krb5_data buf, signed_data; - size_t size; + size_t size = 0; int do_win2k = 0; krb5_data_zero(&buf); krb5_data_zero(&signed_data); + *kdc_cert = NULL; + /* * If the message client is a win2k-type but it send pa data * 09-binding it expects a IETF (checksum) reply so there can be * no replay attacks. */ - switch (client_params->type) { - case PKINIT_COMPAT_WIN2K: { + switch (cp->type) { + case PKINIT_WIN2K: { int i = 0; if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL && config->pkinit_require_binding == 0) { do_win2k = 1; } + sdAlg = &asn1_oid_id_pkcs7_data; + evAlg = &asn1_oid_id_pkcs7_data; + envelopedAlg = &asn1_oid_id_rsadsi_des_ede3_cbc; break; } - case PKINIT_COMPAT_27: + case PKINIT_27: + sdAlg = &asn1_oid_id_pkrkeydata; + evAlg = &asn1_oid_id_pkcs7_signedData; break; default: krb5_abortx(context, "internal pkinit error"); - } + } if (do_win2k) { ReplyKeyPack_Win2k kp; memset(&kp, 0, sizeof(kp)); - envelopedAlg = oid_id_rsadsi_des_ede3_cbc(); - sdAlg = oid_id_pkcs7_data(); - ret = copy_EncryptionKey(reply_key, &kp.replyKey); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } - kp.nonce = client_params->nonce; - - ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k, + kp.nonce = cp->nonce; + + ASN1_MALLOC_ENCODE(ReplyKeyPack_Win2k, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack_Win2k(&kp); @@ -738,17 +976,15 @@ pk_mk_pa_reply_enckey(krb5_context context, ReplyKeyPack kp; memset(&kp, 0, sizeof(kp)); - sdAlg = oid_id_pkrkeydata(); - ret = copy_EncryptionKey(reply_key, &kp.replyKey); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } ret = krb5_crypto_init(context, reply_key, 0, &ascrypto); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -756,21 +992,21 @@ pk_mk_pa_reply_enckey(krb5_context context, req_buffer->data, req_buffer->length, &kp.asChecksum); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } - + ret = krb5_crypto_destroy(context, ascrypto); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } ASN1_MALLOC_ENCODE(ReplyKeyPack, buf.data, buf.length, &kp, &size,ret); free_ReplyKeyPack(&kp); } if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of ReplyKeyPack " - "failed (%d)", ret); + krb5_set_error_message(context, ret, "ASN.1 encoding of ReplyKeyPack " + "failed (%d)", ret); goto out; } if (buf.length != size) @@ -779,42 +1015,43 @@ pk_mk_pa_reply_enckey(krb5_context context, { hx509_query *q; hx509_cert cert; - - ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + + ret = hx509_query_alloc(context->hx509ctx, &q); if (ret) goto out; - + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); - hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - - ret = hx509_certs_find(kdc_identity->hx509ctx, - kdc_identity->certs, - q, + if (config->pkinit_kdc_friendly_name) + hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name); + + ret = hx509_certs_find(context->hx509ctx, + kdc_identity->certs, + q, &cert); - hx509_query_free(kdc_identity->hx509ctx, q); + hx509_query_free(context->hx509ctx, q); if (ret) goto out; - - ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, + + ret = hx509_cms_create_signed_1(context->hx509ctx, 0, sdAlg, buf.data, buf.length, NULL, cert, - client_params->peer, - client_params->client_anchors, + cp->peer, + cp->client_anchors, kdc_identity->certpool, &signed_data); - hx509_cert_free(cert); + *kdc_cert = cert; } krb5_data_free(&buf); - if (ret) + if (ret) goto out; - if (client_params->type == PKINIT_COMPAT_WIN2K) { - ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), + if (cp->type == PKINIT_WIN2K) { + ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &signed_data, &buf); if (ret) @@ -823,20 +1060,25 @@ pk_mk_pa_reply_enckey(krb5_context context, signed_data = buf; } - ret = hx509_cms_envelope_1(kdc_identity->hx509ctx, - 0, - client_params->cert, - signed_data.data, signed_data.length, + ret = hx509_cms_envelope_1(context->hx509ctx, + HX509_CMS_EV_NO_KU_CHECK, + cp->cert, + signed_data.data, signed_data.length, envelopedAlg, - oid_id_pkcs7_signedData(), &buf); + evAlg, &buf); if (ret) goto out; - + ret = _krb5_pk_mk_ContentInfo(context, &buf, - oid_id_pkcs7_envelopedData(), + &asn1_oid_id_pkcs7_envelopedData, content_info); out: + if (ret && *kdc_cert) { + hx509_cert_free(*kdc_cert); + *kdc_cert = NULL; + } + krb5_data_free(&buf); krb5_data_free(&signed_data); return ret; @@ -848,9 +1090,8 @@ out: static krb5_error_code pk_mk_pa_reply_dh(krb5_context context, - DH *kdc_dh, - pk_client_params *client_params, - krb5_keyblock *reply_key, + krb5_kdc_configuration *config, + pk_client_params *cp, ContentInfo *content_info, hx509_cert *kdc_cert) { @@ -858,88 +1099,115 @@ pk_mk_pa_reply_dh(krb5_context context, krb5_data signed_data, buf; ContentInfo contentinfo; krb5_error_code ret; - size_t size; - heim_integer i; + hx509_cert cert; + hx509_query *q; + size_t size = 0; memset(&contentinfo, 0, sizeof(contentinfo)); memset(&dh_info, 0, sizeof(dh_info)); - krb5_data_zero(&buf); krb5_data_zero(&signed_data); + krb5_data_zero(&buf); *kdc_cert = NULL; - ret = BN_to_integer(context, kdc_dh->pub_key, &i); - if (ret) - return ret; + if (cp->keyex == USE_DH) { + DH *kdc_dh = cp->u.dh.key; + heim_integer i; - ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); - if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of " - "DHPublicKey failed (%d)", ret); - krb5_clear_error_string(context); - return ret; - } - if (buf.length != size) - krb5_abortx(context, "Internal ASN.1 encoder error"); + ret = BN_to_integer(context, kdc_dh->pub_key, &i); + if (ret) + return ret; - dh_info.subjectPublicKey.length = buf.length * 8; - dh_info.subjectPublicKey.data = buf.data; - - dh_info.nonce = client_params->nonce; + ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret); + der_free_heim_integer(&i); + if (ret) { + krb5_set_error_message(context, ret, "ASN.1 encoding of " + "DHPublicKey failed (%d)", ret); + return ret; + } + if (buf.length != size) + krb5_abortx(context, "Internal ASN.1 encoder error"); - ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, + dh_info.subjectPublicKey.length = buf.length * 8; + dh_info.subjectPublicKey.data = buf.data; + krb5_data_zero(&buf); +#ifdef HAVE_OPENSSL + } else if (cp->keyex == USE_ECDH) { + unsigned char *p; + int len; + + len = i2o_ECPublicKey(cp->u.ecdh.key, NULL); + if (len <= 0) + abort(); + + p = malloc(len); + if (p == NULL) + abort(); + + dh_info.subjectPublicKey.length = len * 8; + dh_info.subjectPublicKey.data = p; + + len = i2o_ECPublicKey(cp->u.ecdh.key, &p); + if (len <= 0) + abort(); +#endif + } else + krb5_abortx(context, "no keyex selected ?"); + + + dh_info.nonce = cp->nonce; + + ASN1_MALLOC_ENCODE(KDCDHKeyInfo, buf.data, buf.length, &dh_info, &size, ret); if (ret) { - krb5_set_error_string(context, "ASN.1 encoding of " - "KdcDHKeyInfo failed (%d)", ret); + krb5_set_error_message(context, ret, "ASN.1 encoding of " + "KdcDHKeyInfo failed (%d)", ret); goto out; } if (buf.length != size) krb5_abortx(context, "Internal ASN.1 encoder error"); - /* + /* * Create the SignedData structure and sign the KdcDHKeyInfo * filled in above */ - { - hx509_query *q; - hx509_cert cert; - - ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); - if (ret) - goto out; - - hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); - hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - - ret = hx509_certs_find(kdc_identity->hx509ctx, - kdc_identity->certs, - q, - &cert); - hx509_query_free(kdc_identity->hx509ctx, q); - if (ret) - goto out; - - ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx, - 0, - oid_id_pkdhkeydata(), - buf.data, - buf.length, - NULL, - cert, - client_params->peer, - client_params->client_anchors, - kdc_identity->certpool, - &signed_data); - *kdc_cert = cert; - } + ret = hx509_query_alloc(context->hx509ctx, &q); if (ret) goto out; + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + if (config->pkinit_kdc_friendly_name) + hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name); + + ret = hx509_certs_find(context->hx509ctx, + kdc_identity->certs, + q, + &cert); + hx509_query_free(context->hx509ctx, q); + if (ret) + goto out; + + ret = hx509_cms_create_signed_1(context->hx509ctx, + 0, + &asn1_oid_id_pkdhkeydata, + buf.data, + buf.length, + NULL, + cert, + cp->peer, + cp->client_anchors, + kdc_identity->certpool, + &signed_data); + if (ret) { + kdc_log(context, config, 0, "Failed signing the DH* reply: %d", ret); + goto out; + } + *kdc_cert = cert; + ret = _krb5_pk_mk_ContentInfo(context, &signed_data, - oid_id_pkcs7_signedData(), + &asn1_oid_id_pkcs7_signedData, content_info); if (ret) goto out; @@ -964,23 +1232,25 @@ pk_mk_pa_reply_dh(krb5_context context, krb5_error_code _kdc_pk_mk_pa_reply(krb5_context context, krb5_kdc_configuration *config, - pk_client_params *client_params, + pk_client_params *cp, const hdb_entry_ex *client, + krb5_enctype sessionetype, const KDC_REQ *req, const krb5_data *req_buffer, krb5_keyblock **reply_key, + krb5_keyblock *sessionkey, METHOD_DATA *md) { krb5_error_code ret; - void *buf; - size_t len, size; + void *buf = NULL; + size_t len = 0, size = 0; krb5_enctype enctype; int pa_type; hx509_cert kdc_cert = NULL; - int i; + size_t i; if (!config->enable_pkinit) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return 0; } @@ -990,15 +1260,15 @@ _kdc_pk_mk_pa_reply(krb5_context context, break; if (req->req_body.etype.len <= i) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_string(context, - "No valid enctype available from client"); + krb5_set_error_message(context, ret, + "No valid enctype available from client"); goto out; - } + } enctype = req->req_body.etype.val[i]; } else enctype = ETYPE_DES3_CBC_SHA1; - if (client_params->type == PKINIT_COMPAT_27) { + if (cp->type == PKINIT_27) { PA_PK_AS_REP rep; const char *type, *other = ""; @@ -1006,87 +1276,129 @@ _kdc_pk_mk_pa_reply(krb5_context context, pa_type = KRB5_PADATA_PK_AS_REP; - if (client_params->dh == NULL) { + if (cp->keyex == USE_RSA) { ContentInfo info; type = "enckey"; rep.element = choice_PA_PK_AS_REP_encKeyPack; - ret = krb5_generate_random_keyblock(context, enctype, - &client_params->reply_key); + ret = krb5_generate_random_keyblock(context, enctype, + &cp->reply_key); if (ret) { free_PA_PK_AS_REP(&rep); goto out; } ret = pk_mk_pa_reply_enckey(context, config, - client_params, + cp, req, req_buffer, - &client_params->reply_key, - &info); + &cp->reply_key, + &info, + &kdc_cert); if (ret) { free_PA_PK_AS_REP(&rep); goto out; } - ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, - rep.u.encKeyPack.length, &info, &size, + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, + rep.u.encKeyPack.length, &info, &size, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP(&rep); goto out; } if (rep.u.encKeyPack.length != size) krb5_abortx(context, "Internal ASN.1 encoder error"); + ret = krb5_generate_random_keyblock(context, sessionetype, + sessionkey); + if (ret) { + free_PA_PK_AS_REP(&rep); + goto out; + } + } else { ContentInfo info; - type = "dh"; - if (client_params->dh_group_name) - other = client_params->dh_group_name; + switch (cp->keyex) { + case USE_DH: type = "dh"; break; +#ifdef HAVE_OPENSSL + case USE_ECDH: type = "ecdh"; break; +#endif + default: krb5_abortx(context, "unknown keyex"); break; + } + + if (cp->dh_group_name) + other = cp->dh_group_name; rep.element = choice_PA_PK_AS_REP_dhInfo; - ret = generate_dh_keyblock(context, client_params, enctype, - &client_params->reply_key); + ret = generate_dh_keyblock(context, cp, enctype); if (ret) return ret; - ret = pk_mk_pa_reply_dh(context, client_params->dh, - client_params, - &client_params->reply_key, + ret = pk_mk_pa_reply_dh(context, config, + cp, &info, &kdc_cert); + if (ret) { + free_PA_PK_AS_REP(&rep); + krb5_set_error_message(context, ret, + "create pa-reply-dh " + "failed %d", ret); + goto out; + } ASN1_MALLOC_ENCODE(ContentInfo, rep.u.dhInfo.dhSignedData.data, rep.u.dhInfo.dhSignedData.length, &info, &size, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " - "failed %d", ret); + krb5_set_error_message(context, ret, + "encoding of Key ContentInfo " + "failed %d", ret); free_PA_PK_AS_REP(&rep); goto out; } if (rep.u.encKeyPack.length != size) krb5_abortx(context, "Internal ASN.1 encoder error"); - } - if (ret) { - free_PA_PK_AS_REP(&rep); - goto out; + /* XXX KRB-FX-CF2 */ + ret = krb5_generate_random_keyblock(context, sessionetype, + sessionkey); + if (ret) { + free_PA_PK_AS_REP(&rep); + goto out; + } + + /* XXX Add PA-PKINIT-KX */ + + } + +#define use_btmm_with_enckey 0 + if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) { + PA_PK_AS_REP_BTMM btmm; + heim_any any; + + any.data = rep.u.encKeyPack.data; + any.length = rep.u.encKeyPack.length; + + btmm.dhSignedData = NULL; + btmm.encKeyPack = &any; + + ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret); + } else { + ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); } - ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); free_PA_PK_AS_REP(&rep); if (ret) { - krb5_set_error_string(context, "encode PA-PK-AS-REP failed %d", - ret); + krb5_set_error_message(context, ret, + "encode PA-PK-AS-REP failed %d", ret); goto out; } if (len != size) @@ -1094,44 +1406,46 @@ _kdc_pk_mk_pa_reply(krb5_context context, kdc_log(context, config, 0, "PK-INIT using %s %s", type, other); - } else if (client_params->type == PKINIT_COMPAT_WIN2K) { + } else if (cp->type == PKINIT_WIN2K) { PA_PK_AS_REP_Win2k rep; ContentInfo info; - if (client_params->dh) { - krb5_set_error_string(context, "Windows PK-INIT doesn't support DH"); + if (cp->keyex != USE_RSA) { ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + "Windows PK-INIT doesn't support DH"); goto out; } memset(&rep, 0, sizeof(rep)); pa_type = KRB5_PADATA_PK_AS_REP_19; - rep.element = choice_PA_PK_AS_REP_encKeyPack; + rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack; - ret = krb5_generate_random_keyblock(context, enctype, - &client_params->reply_key); + ret = krb5_generate_random_keyblock(context, enctype, + &cp->reply_key); if (ret) { free_PA_PK_AS_REP_Win2k(&rep); goto out; } ret = pk_mk_pa_reply_enckey(context, config, - client_params, + cp, req, req_buffer, - &client_params->reply_key, - &info); + &cp->reply_key, + &info, + &kdc_cert); if (ret) { free_PA_PK_AS_REP_Win2k(&rep); goto out; } - ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, - rep.u.encKeyPack.length, &info, &size, + ASN1_MALLOC_ENCODE(ContentInfo, rep.u.encKeyPack.data, + rep.u.encKeyPack.length, &info, &size, ret); free_ContentInfo(&info); if (ret) { - krb5_set_error_string(context, "encoding of Key ContentInfo " + krb5_set_error_message(context, ret, "encoding of Key ContentInfo " "failed %d", ret); free_PA_PK_AS_REP_Win2k(&rep); goto out; @@ -1142,20 +1456,28 @@ _kdc_pk_mk_pa_reply(krb5_context context, ASN1_MALLOC_ENCODE(PA_PK_AS_REP_Win2k, buf, len, &rep, &size, ret); free_PA_PK_AS_REP_Win2k(&rep); if (ret) { - krb5_set_error_string(context, + krb5_set_error_message(context, ret, "encode PA-PK-AS-REP-Win2k failed %d", ret); goto out; } if (len != size) krb5_abortx(context, "Internal ASN.1 encoder error"); + ret = krb5_generate_random_keyblock(context, sessionetype, + sessionkey); + if (ret) { + free(buf); + goto out; + } + } else krb5_abortx(context, "PK-INIT internal error"); ret = krb5_padata_add(context, md, pa_type, buf, len); if (ret) { - krb5_set_error_string(context, "failed adding PA-PK-AS-REP %d", ret); + krb5_set_error_message(context, ret, + "Failed adding PA-PK-AS-REP %d", ret); free(buf); goto out; } @@ -1173,7 +1495,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY); if (fd < 0) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "PK-INIT failed to open ocsp data file %d", errno); goto out_ocsp; } @@ -1181,15 +1503,15 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (ret) { ret = errno; close(fd); - kdc_log(context, config, 0, + kdc_log(context, config, 0, "PK-INIT failed to stat ocsp data %d", ret); goto out_ocsp; } - + ret = krb5_data_alloc(&ocsp.data, sb.st_size); if (ret) { close(fd); - kdc_log(context, config, 0, + kdc_log(context, config, 0, "PK-INIT failed to stat ocsp data %d", ret); goto out_ocsp; } @@ -1197,19 +1519,19 @@ _kdc_pk_mk_pa_reply(krb5_context context, ret = read(fd, ocsp.data.data, sb.st_size); close(fd); if (ret != sb.st_size) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "PK-INIT failed to read ocsp data %d", errno); goto out_ocsp; } - ret = hx509_ocsp_verify(kdc_identity->hx509ctx, + ret = hx509_ocsp_verify(context->hx509ctx, kdc_time, kdc_cert, 0, ocsp.data.data, ocsp.data.length, &ocsp.expire); if (ret) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "PK-INIT failed to verify ocsp data %d", ret); krb5_data_free(&ocsp.data); ocsp.expire = 0; @@ -1225,12 +1547,12 @@ _kdc_pk_mk_pa_reply(krb5_context context, if (ocsp.expire != 0 && ocsp.expire > kdc_time) { - ret = krb5_padata_add(context, md, + ret = krb5_padata_add(context, md, KRB5_PADATA_PA_PK_OCSP_RESPONSE, ocsp.data.data, ocsp.data.length); if (ret) { - krb5_set_error_string(context, - "Failed adding OCSP response %d", ret); + krb5_set_error_message(context, ret, + "Failed adding OCSP response %d", ret); goto out; } } @@ -1241,25 +1563,26 @@ out: hx509_cert_free(kdc_cert); if (ret == 0) - *reply_key = &client_params->reply_key; + *reply_key = &cp->reply_key; return ret; } static int -match_rfc_san(krb5_context context, +match_rfc_san(krb5_context context, krb5_kdc_configuration *config, hx509_context hx509ctx, - hx509_cert client_cert, + hx509_cert client_cert, krb5_const_principal match) { hx509_octet_string_list list; - int ret, i, found = 0; + int ret, found = 0; + size_t i; memset(&list, 0 , sizeof(list)); ret = hx509_cert_find_subjectAltName_otherName(hx509ctx, client_cert, - oid_id_pkinit_san(), + &asn1_oid_id_pkinit_san, &list); if (ret) goto out; @@ -1269,13 +1592,14 @@ match_rfc_san(krb5_context context, KRB5PrincipalName kn; size_t size; - ret = decode_KRB5PrincipalName(list.val[i].data, + ret = decode_KRB5PrincipalName(list.val[i].data, list.val[i].length, &kn, &size); if (ret) { + const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, - "Decoding kerberos name in certificate failed: %s", - krb5_get_err_text(context, ret)); + "Decoding kerberos name in certificate failed: %s", msg); + krb5_free_error_message(context, msg); break; } if (size != list.val[i].length) { @@ -1293,7 +1617,7 @@ match_rfc_san(krb5_context context, } out: - hx509_free_octet_string_list(&list); + hx509_free_octet_string_list(&list); if (ret) return ret; @@ -1304,15 +1628,16 @@ out: } static int -match_ms_upn_san(krb5_context context, +match_ms_upn_san(krb5_context context, krb5_kdc_configuration *config, hx509_context hx509ctx, - hx509_cert client_cert, - krb5_const_principal match) + hx509_cert client_cert, + HDB *clientdb, + hdb_entry_ex *client) { hx509_octet_string_list list; krb5_principal principal = NULL; - int ret, found = 0; + int ret; MS_UPN_SAN upn; size_t size; @@ -1320,7 +1645,7 @@ match_ms_upn_san(krb5_context context, ret = hx509_cert_find_subjectAltName_otherName(hx509ctx, client_cert, - oid_id_pkinit_ms_san(), + &asn1_oid_id_pkinit_ms_san, &list); if (ret) goto out; @@ -1336,6 +1661,12 @@ match_ms_upn_san(krb5_context context, kdc_log(context, config, 0, "Decode of MS-UPN-SAN failed"); goto out; } + if (size != list.val[0].length) { + free_MS_UPN_SAN(&upn); + kdc_log(context, config, 0, "Trailing data in "); + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + goto out; + } kdc_log(context, config, 0, "found MS UPN SAN: %s", upn); @@ -1346,42 +1677,51 @@ match_ms_upn_san(krb5_context context, goto out; } - /* - * This is very wrong, but will do for now, should really and a - * plugin to the windc layer to very this ACL. - */ - strupr(principal->realm); + if (clientdb->hdb_check_pkinit_ms_upn_match) { + ret = clientdb->hdb_check_pkinit_ms_upn_match(context, clientdb, client, principal); + } else { - if (krb5_principal_compare(context, principal, match) == TRUE) - found = 1; + /* + * This is very wrong, but will do for a fallback + */ + strupr(principal->realm); + + if (krb5_principal_compare(context, principal, client->entry.principal) == FALSE) + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + } out: if (principal) krb5_free_principal(context, principal); - hx509_free_octet_string_list(&list); - if (ret) - return ret; + hx509_free_octet_string_list(&list); - if (!found) - return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; - - return 0; + return ret; } krb5_error_code _kdc_pk_check_client(krb5_context context, krb5_kdc_configuration *config, - const hdb_entry_ex *client, - pk_client_params *client_params, + HDB *clientdb, + hdb_entry_ex *client, + pk_client_params *cp, char **subject_name) { const HDB_Ext_PKINIT_acl *acl; + const HDB_Ext_PKINIT_cert *pc; krb5_error_code ret; hx509_name name; - int i; + size_t i; - ret = hx509_cert_get_base_subject(kdc_identity->hx509ctx, - client_params->cert, + if (cp->cert == NULL) { + + *subject_name = strdup("anonymous client client"); + if (*subject_name == NULL) + return ENOMEM; + return 0; + } + + ret = hx509_cert_get_base_subject(context->hx509ctx, + cp->cert, &name); if (ret) return ret; @@ -1392,13 +1732,36 @@ _kdc_pk_check_client(krb5_context context, return ret; kdc_log(context, config, 0, - "Trying to authorize PK-INIT subject DN %s", + "Trying to authorize PK-INIT subject DN %s", *subject_name); + ret = hdb_entry_get_pkinit_cert(&client->entry, &pc); + if (ret == 0 && pc) { + hx509_cert cert; + size_t j; + + for (j = 0; j < pc->len; j++) { + ret = hx509_cert_init_data(context->hx509ctx, + pc->val[j].cert.data, + pc->val[j].cert.length, + &cert); + if (ret) + continue; + ret = hx509_cert_cmp(cert, cp->cert); + hx509_cert_free(cert); + if (ret == 0) { + kdc_log(context, config, 5, + "Found matching PK-INIT cert in hdb"); + return 0; + } + } + } + + if (config->pkinit_princ_in_cert) { ret = match_rfc_san(context, config, - kdc_identity->hx509ctx, - client_params->cert, + context->hx509ctx, + cp->cert, client->entry.principal); if (ret == 0) { kdc_log(context, config, 5, @@ -1406,9 +1769,10 @@ _kdc_pk_check_client(krb5_context context, return 0; } ret = match_ms_upn_san(context, config, - kdc_identity->hx509ctx, - client_params->cert, - client->entry.principal); + context->hx509ctx, + cp->cert, + clientdb, + client); if (ret == 0) { kdc_log(context, config, 5, "Found matching MS UPN SAN in certificate"); @@ -1453,7 +1817,8 @@ _kdc_pk_check_client(krb5_context context, return 0; } - krb5_set_error_string(context, + ret = KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + krb5_set_error_message(context, ret, "PKINIT no matching principals for %s", *subject_name); @@ -1464,11 +1829,11 @@ _kdc_pk_check_client(krb5_context context, free(*subject_name); *subject_name = NULL; - return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH; + return ret; } static krb5_error_code -add_principal_mapping(krb5_context context, +add_principal_mapping(krb5_context context, const char *principal_name, const char * subject) { @@ -1501,16 +1866,16 @@ add_principal_mapping(krb5_context context, krb5_error_code _kdc_add_inital_verified_cas(krb5_context context, krb5_kdc_configuration *config, - pk_client_params *params, + pk_client_params *cp, EncTicketPart *tkt) { AD_INITIAL_VERIFIED_CAS cas; krb5_error_code ret; krb5_data data; - size_t size; + size_t size = 0; memset(&cas, 0, sizeof(cas)); - + /* XXX add CAs to cas here */ ASN1_MALLOC_ENCODE(AD_INITIAL_VERIFIED_CAS, data.data, data.length, @@ -1520,7 +1885,7 @@ _kdc_add_inital_verified_cas(krb5_context context, if (data.length != size) krb5_abortx(context, "internal asn.1 encoder error"); - ret = _kdc_tkt_add_if_relevant_ad(context, tkt, + ret = _kdc_tkt_add_if_relevant_ad(context, tkt, KRB5_AUTHDATA_INITIAL_VERIFIED_CAS, &data); krb5_data_free(&data); @@ -1545,7 +1910,7 @@ load_mappings(krb5_context context, const char *fn) while (fgets(buf, sizeof(buf), f) != NULL) { char *subject_name, *p; - + buf[strcspn(buf, "\n")] = '\0'; lineno++; @@ -1569,22 +1934,22 @@ load_mappings(krb5_context context, const char *fn) lineno, buf); continue; } - } + } fclose(f); } - + /* * */ krb5_error_code -_kdc_pk_initialize(krb5_context context, - krb5_kdc_configuration *config, - const char *user_id, - const char *anchors, - char **pool, - char **revoke_list) +krb5_kdc_pk_initialize(krb5_context context, + krb5_kdc_configuration *config, + const char *user_id, + const char *anchors, + char **pool, + char **revoke_list) { const char *file; char *fn = NULL; @@ -1618,42 +1983,52 @@ _kdc_pk_initialize(krb5_context context, { hx509_query *q; hx509_cert cert; - - ret = hx509_query_alloc(kdc_identity->hx509ctx, &q); + + ret = hx509_query_alloc(context->hx509ctx, &q); if (ret) { krb5_warnx(context, "PKINIT: out of memory"); return ENOMEM; } - + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); - hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - - ret = hx509_certs_find(kdc_identity->hx509ctx, + if (config->pkinit_kdc_friendly_name) + hx509_query_match_friendly_name(q, config->pkinit_kdc_friendly_name); + + ret = hx509_certs_find(context->hx509ctx, kdc_identity->certs, q, &cert); - hx509_query_free(kdc_identity->hx509ctx, q); + hx509_query_free(context->hx509ctx, q); if (ret == 0) { - if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert, - oid_id_pkkdcekuoid(), 0)) - krb5_warnx(context, "WARNING Found KDC certificate " - "is missing the PK-INIT KDC EKU, this is bad for " - "interoperability."); + if (hx509_cert_check_eku(context->hx509ctx, cert, + &asn1_oid_id_pkkdcekuoid, 0)) { + hx509_name name; + char *str; + ret = hx509_cert_get_subject(cert, &name); + if (ret == 0) { + hx509_name_to_string(name, &str); + krb5_warnx(context, "WARNING Found KDC certificate (%s)" + "is missing the PK-INIT KDC EKU, this is bad for " + "interoperability.", str); + hx509_name_free(&name); + free(str); + } + } hx509_cert_free(cert); } else krb5_warnx(context, "PKINIT: failed to find a signing " "certifiate with a public key"); } - ret = krb5_config_get_bool_default(context, - NULL, - FALSE, - "kdc", - "pkinit_allow_proxy_certificate", - NULL); - _krb5_pk_allow_proxy_certificate(kdc_identity, ret); + if (krb5_config_get_bool_default(context, + NULL, + FALSE, + "kdc", + "pkinit_allow_proxy_certificate", + NULL)) + config->pkinit_allow_proxy_certs = 1; - file = krb5_config_get_string(context, + file = krb5_config_get_string(context, NULL, "kdc", "pkinit_mappings_file", diff --git a/crypto/heimdal/kdc/process.c b/crypto/heimdal/kdc/process.c index 1d0a01a215d..6f36915800b 100644 --- a/crypto/heimdal/kdc/process.c +++ b/crypto/heimdal/kdc/process.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * - * All rights reserved. + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: process.c 20959 2007-06-07 04:46:06Z lha $"); - /* * */ @@ -49,66 +47,167 @@ krb5_kdc_update_time(struct timeval *tv) _kdc_now = *tv; } +static krb5_error_code +kdc_as_req(krb5_context context, + krb5_kdc_configuration *config, + krb5_data *req_buffer, + krb5_data *reply, + const char *from, + struct sockaddr *addr, + int datagram_reply, + int *claim) +{ + krb5_error_code ret; + KDC_REQ req; + size_t len; + + ret = decode_AS_REQ(req_buffer->data, req_buffer->length, &req, &len); + if (ret) + return ret; + + *claim = 1; + + ret = _kdc_as_rep(context, config, &req, req_buffer, + reply, from, addr, datagram_reply); + free_AS_REQ(&req); + return ret; +} + + +static krb5_error_code +kdc_tgs_req(krb5_context context, + krb5_kdc_configuration *config, + krb5_data *req_buffer, + krb5_data *reply, + const char *from, + struct sockaddr *addr, + int datagram_reply, + int *claim) +{ + krb5_error_code ret; + KDC_REQ req; + size_t len; + + ret = decode_TGS_REQ(req_buffer->data, req_buffer->length, &req, &len); + if (ret) + return ret; + + *claim = 1; + + ret = _kdc_tgs_rep(context, config, &req, reply, + from, addr, datagram_reply); + free_TGS_REQ(&req); + return ret; +} + +#ifdef DIGEST + +static krb5_error_code +kdc_digest(krb5_context context, + krb5_kdc_configuration *config, + krb5_data *req_buffer, + krb5_data *reply, + const char *from, + struct sockaddr *addr, + int datagram_reply, + int *claim) +{ + DigestREQ digestreq; + krb5_error_code ret; + size_t len; + + ret = decode_DigestREQ(req_buffer->data, req_buffer->length, + &digestreq, &len); + if (ret) + return ret; + + *claim = 1; + + ret = _kdc_do_digest(context, config, &digestreq, reply, from, addr); + free_DigestREQ(&digestreq); + return ret; +} + +#endif + +#ifdef KX509 + +static krb5_error_code +kdc_kx509(krb5_context context, + krb5_kdc_configuration *config, + krb5_data *req_buffer, + krb5_data *reply, + const char *from, + struct sockaddr *addr, + int datagram_reply, + int *claim) +{ + Kx509Request kx509req; + krb5_error_code ret; + size_t len; + + ret = _kdc_try_kx509_request(req_buffer->data, req_buffer->length, + &kx509req, &len); + if (ret) + return ret; + + *claim = 1; + + ret = _kdc_do_kx509(context, config, &kx509req, reply, from, addr); + free_Kx509Request(&kx509req); + return ret; +} + +#endif + + +static struct krb5_kdc_service services[] = { + { KS_KRB5, kdc_as_req }, + { KS_KRB5, kdc_tgs_req }, +#ifdef DIGEST + { 0, kdc_digest }, +#endif +#ifdef KX509 + { 0, kdc_kx509 }, +#endif + { 0, NULL } +}; + /* * handle the request in `buf, len', from `addr' (or `from' as a string), * sending a reply in `reply'. */ int -krb5_kdc_process_request(krb5_context context, +krb5_kdc_process_request(krb5_context context, krb5_kdc_configuration *config, - unsigned char *buf, - size_t len, + unsigned char *buf, + size_t len, krb5_data *reply, krb5_boolean *prependlength, const char *from, struct sockaddr *addr, int datagram_reply) { - KDC_REQ req; - Ticket ticket; - DigestREQ digestreq; - Kx509Request kx509req; krb5_error_code ret; - size_t i; + unsigned int i; + krb5_data req_buffer; + int claim = 0; - if(decode_AS_REQ(buf, len, &req, &i) == 0){ - krb5_data req_buffer; + req_buffer.data = buf; + req_buffer.length = len; - req_buffer.data = buf; - req_buffer.length = len; - - ret = _kdc_as_rep(context, config, &req, &req_buffer, - reply, from, addr, datagram_reply); - free_AS_REQ(&req); - return ret; - }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ - ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply); - free_TGS_REQ(&req); - return ret; - }else if(decode_Ticket(buf, len, &ticket, &i) == 0){ - ret = _kdc_do_524(context, config, &ticket, reply, from, addr); - free_Ticket(&ticket); - return ret; - }else if(decode_DigestREQ(buf, len, &digestreq, &i) == 0){ - ret = _kdc_do_digest(context, config, &digestreq, reply, from, addr); - free_DigestREQ(&digestreq); - return ret; - } else if (_kdc_try_kx509_request(buf, len, &kx509req, &i) == 0) { - ret = _kdc_do_kx509(context, config, &kx509req, reply, from, addr); - free_Kx509Request(&kx509req); - return ret; - } else if(_kdc_maybe_version4(buf, len)){ - *prependlength = FALSE; /* elbitapmoc sdrawkcab XXX */ - _kdc_do_version4(context, config, buf, len, reply, from, - (struct sockaddr_in*)addr); - return 0; - } else if (config->enable_kaserver) { - ret = _kdc_do_kaserver(context, config, buf, len, reply, from, - (struct sockaddr_in*)addr); - return ret; + for (i = 0; services[i].process != NULL; i++) { + ret = (*services[i].process)(context, config, &req_buffer, + reply, from, addr, datagram_reply, + &claim); + if (claim) { + if (services[i].flags & KS_NO_LENGTH) + *prependlength = 0; + return ret; + } } - + return -1; } @@ -120,34 +219,33 @@ krb5_kdc_process_request(krb5_context context, */ int -krb5_kdc_process_krb5_request(krb5_context context, +krb5_kdc_process_krb5_request(krb5_context context, krb5_kdc_configuration *config, - unsigned char *buf, - size_t len, + unsigned char *buf, + size_t len, krb5_data *reply, const char *from, struct sockaddr *addr, int datagram_reply) { - KDC_REQ req; krb5_error_code ret; - size_t i; + unsigned int i; + krb5_data req_buffer; + int claim = 0; - if(decode_AS_REQ(buf, len, &req, &i) == 0){ - krb5_data req_buffer; + req_buffer.data = buf; + req_buffer.length = len; - req_buffer.data = buf; - req_buffer.length = len; - - ret = _kdc_as_rep(context, config, &req, &req_buffer, - reply, from, addr, datagram_reply); - free_AS_REQ(&req); - return ret; - }else if(decode_TGS_REQ(buf, len, &req, &i) == 0){ - ret = _kdc_tgs_rep(context, config, &req, reply, from, addr, datagram_reply); - free_TGS_REQ(&req); - return ret; + for (i = 0; services[i].process != NULL; i++) { + if ((services[i].flags & KS_KRB5) == 0) + continue; + ret = (*services[i].process)(context, config, &req_buffer, + reply, from, addr, datagram_reply, + &claim); + if (claim) + return ret; } + return -1; } @@ -156,7 +254,7 @@ krb5_kdc_process_krb5_request(krb5_context context, */ int -krb5_kdc_save_request(krb5_context context, +krb5_kdc_save_request(krb5_context context, const char *fn, const unsigned char *buf, size_t len, @@ -177,14 +275,15 @@ krb5_kdc_save_request(krb5_context context, fd = open(fn, O_WRONLY|O_CREAT|O_APPEND, 0600); if (fd < 0) { - krb5_set_error_string(context, "Failed to open: %s", fn); - return errno; + int saved_errno = errno; + krb5_set_error_message(context, saved_errno, "Failed to open: %s", fn); + return saved_errno; } - + sp = krb5_storage_from_fd(fd); close(fd); if (sp == NULL) { - krb5_set_error_string(context, "Storage failed to open fd"); + krb5_set_error_message(context, ENOMEM, "Storage failed to open fd"); return ENOMEM; } diff --git a/crypto/heimdal/kdc/rx.h b/crypto/heimdal/kdc/rx.h index 18806d79dae..f914e93e6ef 100644 --- a/crypto/heimdal/kdc/rx.h +++ b/crypto/heimdal/kdc/rx.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: rx.h 17447 2006-05-05 10:52:01Z lha $ */ +/* $Id$ */ #ifndef __RX_H__ #define __RX_H__ diff --git a/crypto/heimdal/kdc/set_dbinfo.c b/crypto/heimdal/kdc/set_dbinfo.c index 651f4c4a4b2..d22e083f7d5 100644 --- a/crypto/heimdal/kdc/set_dbinfo.c +++ b/crypto/heimdal/kdc/set_dbinfo.c @@ -1,40 +1,68 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * All rights reserved. + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $"); +static krb5_error_code +add_db(krb5_context context, struct krb5_kdc_configuration *c, + const char *conf, const char *master_key) +{ + krb5_error_code ret; + void *ptr; + + ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db)); + if (ptr == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + c->db = ptr; + + ret = hdb_create(context, &c->db[c->num_db], conf); + if(ret) + return ret; + + c->num_db++; + + if (master_key) { + ret = hdb_set_master_keyfile(context, c->db[c->num_db - 1], master_key); + if (ret) + return ret; + } + + return 0; +} krb5_error_code krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c) @@ -47,30 +75,15 @@ krb5_kdc_set_dbinfo(krb5_context context, struct krb5_kdc_configuration *c) ret = hdb_get_dbinfo(context, &info); if (ret) return ret; - + d = NULL; while ((d = hdb_dbinfo_get_next(info, d)) != NULL) { - void *ptr; - - ptr = realloc(c->db, (c->num_db + 1) * sizeof(*c->db)); - if (ptr == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); - goto out; - } - c->db = ptr; - - ret = hdb_create(context, &c->db[c->num_db], - hdb_dbinfo_get_dbname(context, d)); - if(ret) - goto out; - - ret = hdb_set_master_keyfile(context, c->db[c->num_db], - hdb_dbinfo_get_mkey_file(context, d)); + + ret = add_db(context, c, + hdb_dbinfo_get_dbname(context, d), + hdb_dbinfo_get_mkey_file(context, d)); if (ret) goto out; - - c->num_db++; kdc_log(context, c, 0, "label: %s", hdb_dbinfo_get_label(context, d)); @@ -91,7 +104,7 @@ out: c->num_db = 0; free(c->db); c->db = NULL; - + hdb_free_dbinfo(context, &info); return ret; diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8 index 8f2d562cc80..1b38d332282 100644 --- a/crypto/heimdal/kdc/string2key.8 +++ b/crypto/heimdal/kdc/string2key.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: string2key.8 11648 2003-02-16 21:10:32Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd March 4, 2000 .Dt STRING2KEY 8 @@ -39,23 +39,23 @@ .Nd map a password into a key .Sh SYNOPSIS .Nm -.Op Fl 5 | Fl -version5 -.Op Fl 4 | Fl -version4 -.Op Fl a | Fl -afs +.Op Fl 5 | Fl Fl version5 +.Op Fl 4 | Fl Fl version4 +.Op Fl a | Fl Fl afs .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc .Oo Fl w Ar password \*(Ba Xo -.Fl -password= Ns Ar password +.Fl Fl password= Ns Ar password .Xc .Oc .Oo Fl p Ar principal \*(Ba Xo -.Fl -principal= Ns Ar principal +.Fl Fl principal= Ns Ar principal .Xc .Oc .Oo Fl k Ar string \*(Ba Xo -.Fl -keytype= Ns Ar string +.Fl Fl keytype= Ns Ar string .Xc .Oc .Ar password @@ -65,46 +65,21 @@ performs the string-to-key function. This is useful when you want to handle the raw key instead of the password. Supported options: .Bl -tag -width Ds -.It Xo -.Fl 5 , -.Fl -version5 -.Xc +.It Fl 5 , Fl Fl version5 Output Kerberos v5 string-to-key -.It Xo -.Fl 4 , -.Fl -version4 -.Xc +.It Fl 4 , Fl Fl version4 Output Kerberos v4 string-to-key -.It Xo -.Fl a , -.Fl -afs -.Xc +.It Fl a , Fl Fl afs Output AFS string-to-key -.It Xo -.Fl c Ar cell , -.Fl -cell= Ns Ar cell -.Xc +.It Fl c Ar cell , Fl Fl cell= Ns Ar cell AFS cell to use -.It Xo -.Fl w Ar password , -.Fl -password= Ns Ar password -.Xc +.It Fl w Ar password , Fl Fl password= Ns Ar password Password to use -.It Xo -.Fl p Ar principal , -.Fl -principal= Ns Ar principal -.Xc +.It Fl p Ar principal , Fl Fl principal= Ns Ar principal Kerberos v5 principal to use -.It Xo -.Fl k Ar string , -.Fl -keytype= Ns Ar string -.Xc +.It Fl k Ar string , Fl Fl keytype= Ns Ar string Keytype -.It Xo -.Fl -version -.Xc +.It Fl Fl version print version -.It Xo -.Fl -help -.Xc +.It Fl Fl help .El diff --git a/crypto/heimdal/kdc/string2key.c b/crypto/heimdal/kdc/string2key.c index 4211bf7a93f..6f24c27a29a 100644 --- a/crypto/heimdal/kdc/string2key.c +++ b/crypto/heimdal/kdc/string2key.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "headers.h" #include -RCSID("$Id: string2key.c 19213 2006-12-04 23:36:36Z lha $"); - int version5; int version4; int afs; @@ -47,15 +45,17 @@ int version; int help; struct getargs args[] = { - { "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key" }, - { "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key" }, - { "afs", 'a', arg_flag, &afs, "Output AFS string-to-key" }, + { "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key", + NULL }, + { "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key", + NULL }, + { "afs", 'a', arg_flag, &afs, "Output AFS string-to-key", NULL }, { "cell", 'c', arg_string, &cell, "AFS cell to use", "cell" }, { "password", 'w', arg_string, &password, "Password to use", "password" }, { "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" }, - { "keytype", 'k', arg_string, &keytype_str, "Keytype" }, - { "version", 0, arg_flag, &version, "print version" }, - { "help", 0, arg_flag, &help, NULL } + { "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype", NULL }, + { "version", 0, arg_flag, &version, "print version", NULL }, + { "help", 0, arg_flag, &help, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -68,14 +68,14 @@ usage(int status) } static void -tokey(krb5_context context, - krb5_enctype enctype, - const char *pw, - krb5_salt salt, +tokey(krb5_context context, + krb5_enctype enctype, + const char *pw, + krb5_salt salt, const char *label) { krb5_error_code ret; - int i; + size_t i; krb5_keyblock key; char *e; @@ -109,7 +109,7 @@ main(int argc, char **argv) if(help) usage(0); - + if(version){ print_version (NULL); return 0; @@ -125,26 +125,9 @@ main(int argc, char **argv) version5 = 1; ret = krb5_string_to_enctype(context, keytype_str, &etype); - if(ret) { - krb5_keytype keytype; - int *etypes; - unsigned num; - char *str; - ret = krb5_string_to_keytype(context, keytype_str, &keytype); - if(ret) - krb5_err(context, 1, ret, "%s", keytype_str); - ret = krb5_keytype_to_enctypes(context, keytype, &num, &etypes); - if(ret) - krb5_err(context, 1, ret, "%s", keytype_str); - if(num == 0) - krb5_errx(context, 1, "there are no encryption types for that keytype"); - etype = etypes[0]; - krb5_enctype_to_string(context, etype, &str); - keytype_str = str; - if(num > 1 && version5) - krb5_warnx(context, "ambiguous keytype, using %s", keytype_str); - } - + if(ret) + krb5_err(context, 1, ret, "krb5_string_to_enctype"); + if((etype != ETYPE_DES_CBC_CRC && etype != ETYPE_DES_CBC_MD4 && etype != ETYPE_DES_CBC_MD5) && @@ -152,7 +135,7 @@ main(int argc, char **argv) if(!version5) { etype = ETYPE_DES_CBC_CRC; } else { - krb5_errx(context, 1, + krb5_errx(context, 1, "DES is the only valid keytype for AFS and Kerberos 4"); } } @@ -178,7 +161,7 @@ main(int argc, char **argv) return 1; password = buf; } - + if(version5){ krb5_parse_name(context, principal, &princ); krb5_get_pw_salt(context, princ, &salt); diff --git a/crypto/heimdal/kdc/v4_dump.c b/crypto/heimdal/kdc/v4_dump.c deleted file mode 100644 index 93c56f87f27..00000000000 --- a/crypto/heimdal/kdc/v4_dump.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hprop.h" - -RCSID("$Id: v4_dump.c 17023 2006-04-09 17:41:47Z lha $"); - -static time_t -time_parse(const char *cp) -{ - char wbuf[5]; - struct tm tp; - int local; - - memset(&tp, 0, sizeof(tp)); /* clear out the struct */ - - /* new format is YYYYMMDDHHMM UTC, - old format is YYMMDDHHMM local time */ - if (strlen(cp) > 10) { /* new format */ - strlcpy(wbuf, cp, sizeof(wbuf)); - tp.tm_year = atoi(wbuf) - 1900; - cp += 4; - local = 0; - } else { - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = '\0'; - tp.tm_year = atoi(wbuf); - if(tp.tm_year < 38) - tp.tm_year += 100; - local = 1; - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf) - 1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - return(tm2time(tp, local)); -} - -/* convert a version 4 dump file */ -int -v4_prop_dump(void *arg, const char *file) -{ - char buf [1024]; - FILE *f; - int lineno = 0; - - f = fopen(file, "r"); - if(f == NULL) - return errno; - - while(fgets(buf, sizeof(buf), f)) { - int ret; - unsigned long key[2]; /* yes, long */ - char exp_date[64], mod_date[64]; - struct v4_principal pr; - int attributes; - - memset(&pr, 0, sizeof(pr)); - errno = 0; - lineno++; - ret = sscanf(buf, "%63s %63s %d %d %d %d %lx %lx %63s %63s %63s %63s", - pr.name, pr.instance, - &pr.max_life, &pr.mkvno, &pr.kvno, - &attributes, - &key[0], &key[1], - exp_date, mod_date, - pr.mod_name, pr.mod_instance); - if(ret != 12){ - warnx("Line %d malformed (ignored)", lineno); - continue; - } - if(attributes != 0) { - warnx("Line %d (%s.%s) has non-zero attributes - skipping", - lineno, pr.name, pr.instance); - continue; - } - pr.key[0] = (key[0] >> 24) & 0xff; - pr.key[1] = (key[0] >> 16) & 0xff; - pr.key[2] = (key[0] >> 8) & 0xff; - pr.key[3] = (key[0] >> 0) & 0xff; - pr.key[4] = (key[1] >> 24) & 0xff; - pr.key[5] = (key[1] >> 16) & 0xff; - pr.key[6] = (key[1] >> 8) & 0xff; - pr.key[7] = (key[1] >> 0) & 0xff; - pr.exp_date = time_parse(exp_date); - pr.mod_date = time_parse(mod_date); - if (pr.instance[0] == '*') - pr.instance[0] = '\0'; - if (pr.mod_name[0] == '*') - pr.mod_name[0] = '\0'; - if (pr.mod_instance[0] == '*') - pr.mod_instance[0] = '\0'; - v4_prop(arg, &pr); - memset(&pr, 0, sizeof(pr)); - } - fclose(f); - return 0; -} diff --git a/crypto/heimdal/kdc/version-script.map b/crypto/heimdal/kdc/version-script.map index 2612b8ed261..ae16f39faad 100644 --- a/crypto/heimdal/kdc/version-script.map +++ b/crypto/heimdal/kdc/version-script.map @@ -1,4 +1,4 @@ -# $Id: version-script.map 21110 2007-06-18 10:52:20Z lha $ +# $Id$ HEIMDAL_KDC_1.0 { global: @@ -6,13 +6,20 @@ HEIMDAL_KDC_1.0 { kdc_log_msg; kdc_log_msg_va; kdc_openlog; + kdc_check_flags; krb5_kdc_windc_init; krb5_kdc_get_config; + krb5_kdc_pkinit_config; krb5_kdc_set_dbinfo; krb5_kdc_process_krb5_request; krb5_kdc_process_request; krb5_kdc_save_request; krb5_kdc_update_time; + krb5_kdc_pk_initialize; + + # needed for digest-service + _kdc_db_fetch; + _kdc_free_ent; local: *; }; diff --git a/crypto/heimdal/kdc/windc.c b/crypto/heimdal/kdc/windc.c index 395ab734328..ba87abb7cc0 100644 --- a/crypto/heimdal/kdc/windc.c +++ b/crypto/heimdal/kdc/windc.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" -RCSID("$Id: windc.c 20559 2007-04-24 16:00:07Z lha $"); - static krb5plugin_windc_ftable *windcft; static void *windcctx; @@ -55,15 +53,15 @@ krb5_kdc_windc_init(krb5_context context) for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { windcft = _krb5_plugin_get_symbol(e); - if (windcft->minor_version < KRB5_WINDC_PLUGING_MINOR) + if (windcft->minor_version < KRB5_WINDC_PLUGIN_MINOR) continue; - + (*windcft->init)(context, &windcctx); break; } + _krb5_plugin_free(list); if (e == NULL) { - _krb5_plugin_free(list); - krb5_set_error_string(context, "Did not find any WINDC plugin"); + krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin"); windcft = NULL; return ENOENT; } @@ -72,9 +70,9 @@ krb5_kdc_windc_init(krb5_context context) } -krb5_error_code +krb5_error_code _kdc_pac_generate(krb5_context context, - hdb_entry_ex *client, + hdb_entry_ex *client, krb5_pac *pac) { *pac = NULL; @@ -83,27 +81,47 @@ _kdc_pac_generate(krb5_context context, return (windcft->pac_generate)(windcctx, context, client, pac); } -krb5_error_code -_kdc_pac_verify(krb5_context context, +krb5_error_code +_kdc_pac_verify(krb5_context context, const krb5_principal client_principal, + const krb5_principal delegated_proxy_principal, hdb_entry_ex *client, hdb_entry_ex *server, - krb5_pac *pac) + hdb_entry_ex *krbtgt, + krb5_pac *pac, + int *verified) { - if (windcft == NULL) { - krb5_set_error_string(context, "Can't verify PAC, no function"); - return EINVAL; - } - return (windcft->pac_verify)(windcctx, context, - client_principal, client, server, pac); + krb5_error_code ret; + + if (windcft == NULL) + return 0; + + ret = windcft->pac_verify(windcctx, context, + client_principal, + delegated_proxy_principal, + client, server, krbtgt, pac); + if (ret == 0) + *verified = 1; + return ret; } krb5_error_code -_kdc_windc_client_access(krb5_context context, - struct hdb_entry_ex *client, - KDC_REQ *req) +_kdc_check_access(krb5_context context, + krb5_kdc_configuration *config, + hdb_entry_ex *client_ex, const char *client_name, + hdb_entry_ex *server_ex, const char *server_name, + KDC_REQ *req, + krb5_data *e_data) { if (windcft == NULL) - return 0; - return (windcft->client_access)(windcctx, context, client, req); + return kdc_check_flags(context, config, + client_ex, client_name, + server_ex, server_name, + req->msg_type == krb_as_req); + + return (windcft->client_access)(windcctx, + context, config, + client_ex, client_name, + server_ex, server_name, + req, e_data); } diff --git a/crypto/heimdal/kdc/windc_plugin.h b/crypto/heimdal/kdc/windc_plugin.h index ec480cf950c..fa4ba434f3e 100644 --- a/crypto/heimdal/kdc/windc_plugin.h +++ b/crypto/heimdal/kdc/windc_plugin.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: windc_plugin.h 19798 2007-01-10 15:24:51Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_PAC_PLUGIN_H #define HEIMDAL_KRB5_PAC_PLUGIN_H 1 @@ -51,23 +51,30 @@ struct hdb_entry_ex; -typedef krb5_error_code +typedef krb5_error_code (*krb5plugin_windc_pac_generate)(void *, krb5_context, struct hdb_entry_ex *, krb5_pac *); -typedef krb5_error_code +typedef krb5_error_code (*krb5plugin_windc_pac_verify)(void *, krb5_context, - const krb5_principal, - struct hdb_entry_ex *, - struct hdb_entry_ex *, + const krb5_principal, /* new ticket client */ + const krb5_principal, /* delegation proxy */ + struct hdb_entry_ex *,/* client */ + struct hdb_entry_ex *,/* server */ + struct hdb_entry_ex *,/* krbtgt */ krb5_pac *); -typedef krb5_error_code +typedef krb5_error_code (*krb5plugin_windc_client_access)( - void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *); + void *, krb5_context, + krb5_kdc_configuration *config, + hdb_entry_ex *, const char *, + hdb_entry_ex *, const char *, + KDC_REQ *, krb5_data *); -#define KRB5_WINDC_PLUGING_MINOR 2 +#define KRB5_WINDC_PLUGIN_MINOR 6 +#define KRB5_WINDC_PLUGING_MINOR KRB5_WINDC_PLUGIN_MINOR typedef struct krb5plugin_windc_ftable { int minor_version; diff --git a/crypto/heimdal/kpasswd/Makefile.am b/crypto/heimdal/kpasswd/Makefile.am index ecfb752e39d..4965cea3cff 100644 --- a/crypto/heimdal/kpasswd/Makefile.am +++ b/crypto/heimdal/kpasswd/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -19,7 +19,6 @@ kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h kpasswdd_LDADD = \ $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(LDADD) \ $(LIB_pidfile) \ $(LIB_dlopen) \ @@ -30,4 +29,4 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in index 5c0e6db071d..01d418fd6ec 100644 --- a/crypto/heimdal/kpasswd/Makefile.in +++ b/crypto/heimdal/kpasswd/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -47,7 +49,7 @@ noinst_PROGRAMS = kpasswd-generator$(EXEEXT) subdir = kpasswd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -62,7 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -76,9 +78,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -86,16 +91,15 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) am_kpasswd_OBJECTS = kpasswd.$(OBJEXT) kpasswd_OBJECTS = $(am_kpasswd_OBJECTS) @@ -116,12 +120,12 @@ am__DEPENDENCIES_2 = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) kpasswdd_DEPENDENCIES = $(top_builddir)/lib/kadm5/libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -134,6 +138,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c $(kpasswdd_SOURCES) DIST_SOURCES = $(kpasswd_SOURCES) kpasswd-generator.c \ $(kpasswdd_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 man8dir = $(mandir)/man8 MANS = $(man_MANS) @@ -144,49 +169,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -210,10 +244,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -230,6 +265,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -245,31 +282,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -284,10 +335,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -328,30 +381,34 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_hcrypto) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la man_MANS = kpasswd.1 kpasswdd.8 kpasswd_SOURCES = kpasswd.c kpasswd_locl.h @@ -359,7 +416,6 @@ kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h kpasswdd_LDADD = \ $(top_builddir)/lib/kadm5/libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(LDADD) \ $(LIB_pidfile) \ $(LIB_dlopen) \ @@ -370,23 +426,23 @@ LDADD = $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) +EXTRA_DIST = NTMakefile $(man_MANS) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kpasswd/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps kpasswd/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign kpasswd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign kpasswd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -404,69 +460,102 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list kpasswd$(EXEEXT): $(kpasswd_OBJECTS) $(kpasswd_DEPENDENCIES) @rm -f kpasswd$(EXEEXT) $(LINK) $(kpasswd_OBJECTS) $(kpasswd_LDADD) $(LIBS) @@ -483,160 +572,179 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kpasswd-generator.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kpasswd.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kpasswdd.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -652,13 +760,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -693,6 +805,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -703,6 +816,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ clean-libtool clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -713,6 +827,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -720,26 +836,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man1 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -760,11 +885,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \ uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man1 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ @@ -853,6 +977,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -938,7 +1065,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -951,6 +1078,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/kpasswd/kpasswd-generator.c b/crypto/heimdal/kpasswd/kpasswd-generator.c index e37f86980fe..952531d3048 100644 --- a/crypto/heimdal/kpasswd/kpasswd-generator.c +++ b/crypto/heimdal/kpasswd/kpasswd-generator.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kpasswd_locl.h" -RCSID("$Id: kpasswd-generator.c 19233 2006-12-06 08:04:05Z lha $"); +RCSID("$Id$"); static unsigned read_words (const char *filename, char ***ret_w) @@ -58,6 +58,7 @@ read_words (const char *filename, char ***ret_w) *ret_w = w; if (n == 0) errx(1, "%s is an empty file, no words to try", filename); + fclose(f); return n; } @@ -140,10 +141,14 @@ generate_requests (const char *filename, unsigned nreq) krb5_free_principal (context, principal); - ret = krb5_change_password (context, &cred, new_pwd, - &result_code, - &result_code_string, - &result_string); + + ret = krb5_set_password (context, + &cred, + new_pwd, + NULL, + &result_code, + &result_code_string, + &result_string); if (ret) krb5_err (context, 1, ret, "krb5_change_password"); diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1 index 6d2c7c9227d..679b38924f3 100644 --- a/crypto/heimdal/kpasswd/kpasswd.1 +++ b/crypto/heimdal/kpasswd/kpasswd.1 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kpasswd.1 14478 2005-01-05 16:08:58Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd January 5, 2005 .Dt KPASSWD 1 @@ -39,9 +39,9 @@ .Nd Kerberos 5 password changing program .Sh SYNOPSIS .Nm -.Op Fl -admin-principal= Ns Ar principal +.Op Fl Fl admin-principal= Ns Ar principal .Oo Fl c Ar cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc .Op Ar principal ... @@ -58,7 +58,7 @@ If the administrator isn't specified on the command prompt, the principal of the default credential cache will be used. .Pp If a credential cache is given, the -.Fl -admin-principal +.Fl Fl admin-principal flag is ignored and use the default name of the credential cache is used instead. .Sh DIAGNOSTICS diff --git a/crypto/heimdal/kpasswd/kpasswd.c b/crypto/heimdal/kpasswd/kpasswd.c index b844628f6f0..e681a359d46 100644 --- a/crypto/heimdal/kpasswd/kpasswd.c +++ b/crypto/heimdal/kpasswd/kpasswd.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kpasswd_locl.h" -RCSID("$Id: kpasswd.c 19078 2006-11-20 18:12:41Z lha $"); +RCSID("$Id$"); static int version_flag; static int help_flag; @@ -40,10 +40,11 @@ static char *admin_principal_str; static char *cred_cache_str; static struct getargs args[] = { - { "admin-principal", 0, arg_string, &admin_principal_str }, - { "cache", 'c', arg_string, &cred_cache_str }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "admin-principal", 0, arg_string, &admin_principal_str, NULL, + NULL }, + { "cache", 'c', arg_string, &cred_cache_str, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void @@ -117,33 +118,32 @@ main (int argc, char **argv) krb5_error_code ret; krb5_context context; krb5_principal principal; - int optind = 0; krb5_get_init_creds_opt *opt; krb5_ccache id = NULL; int exit_value; + int optidx = 0; - optind = krb5_program_setup(&context, argc, argv, - args, sizeof(args) / sizeof(args[0]), usage); + setprogname(argv[0]); + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1, args, sizeof(args) / sizeof(args[0])); if (help_flag) - usage (0, args, sizeof(args) / sizeof(args[0])); - - if(version_flag){ - print_version (NULL); - exit(0); + usage(0, args, sizeof(args) / sizeof(args[0])); + if (version_flag) { + print_version(NULL); + return 0; } - - argc -= optind; - argv += optind; + argc -= optidx; + argv += optidx; ret = krb5_init_context (&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - + ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - + krb5_get_init_creds_opt_set_tkt_life (opt, 300); krb5_get_init_creds_opt_set_forwardable (opt, FALSE); krb5_get_init_creds_opt_set_proxiable (opt, FALSE); @@ -153,9 +153,9 @@ main (int argc, char **argv) if (ret) krb5_err (context, 1, ret, "krb5_cc_resolve"); } else { - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); if (ret) - krb5_err (context, 1, ret, "krb5_cc_gen_new"); + krb5_err (context, 1, ret, "krb5_cc_new_unique"); } if (cred_cache_str == NULL) { @@ -198,18 +198,18 @@ main (int argc, char **argv) default: krb5_err(context, 1, ret, "krb5_get_init_creds"); } - + krb5_get_init_creds_opt_free(context, opt); - + ret = krb5_cc_initialize(context, id, admin_principal); krb5_free_principal(context, admin_principal); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); - ret = krb5_cc_store_cred(context, id, &cred); + ret = krb5_cc_store_cred(context, id, &cred); if (ret) krb5_err(context, 1, ret, "krb5_cc_store_cred"); - + krb5_free_cred_contents (context, &cred); } @@ -243,5 +243,5 @@ main (int argc, char **argv) } krb5_free_context (context); - return ret; + return exit_value; } diff --git a/crypto/heimdal/kpasswd/kpasswd_locl.h b/crypto/heimdal/kpasswd/kpasswd_locl.h index b797ceb26de..a1ed2e3762b 100644 --- a/crypto/heimdal/kpasswd/kpasswd_locl.h +++ b/crypto/heimdal/kpasswd/kpasswd_locl.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kpasswd_locl.h 11444 2002-09-10 20:03:49Z joda $ */ +/* $Id$ */ #ifndef __KPASSWD_LOCL_H__ #define __KPASSWD_LOCL_H__ diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8 index ab750bd4993..d68aca25631 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.8 +++ b/crypto/heimdal/kpasswd/kpasswdd.8 @@ -1,4 +1,33 @@ -.\" $Id: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $ +.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" .Dd April 19, 1999 .Dt KPASSWDD 8 @@ -9,23 +38,23 @@ .Sh SYNOPSIS .Nm .Bk -words -.Op Fl -addresses= Ns Ar address -.Op Fl -check-library= Ns Ar library -.Op Fl -check-function= Ns Ar function +.Op Fl Fl addresses= Ns Ar address +.Op Fl Fl check-library= Ns Ar library +.Op Fl Fl check-function= Ns Ar function .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc .Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm +.Fl Fl realm= Ns Ar realm .Xc .Oc .Oo Fl p Ar string \*(Ba Xo -.Fl -port= Ns Ar string +.Fl Fl port= Ns Ar string .Xc .Oc -.Op Fl -version -.Op Fl -help +.Op Fl Fl version +.Op Fl Fl help .Ek .Sh DESCRIPTION .Nm @@ -35,20 +64,14 @@ the database directly and should thus only run on the master KDC. .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -addresses= Ns Ar address -.Xc +.It Fl Fl addresses= Ns Ar address For each till the argument is given, add the address to what kpasswdd should listen too. -.It Xo -.Fl -check-library= Ns Ar library -.Xc +.It Fl Fl check-library= Ns Ar library If your system has support for dynamic loading of shared libraries, you can use an external function to check password quality. This option specifies which library to load. -.It Xo -.Fl -check-function= Ns Ar function -.Xc +.It Fl Fl check-function= Ns Ar function This is the function to call in the loaded library. The function should look like this: .Pp @@ -63,20 +86,11 @@ is the one who tries to change passwords, and is the new password. Note that the password (in .Fa password->data ) is not zero terminated. -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec Keytab to get authentication key from. -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl Fl realm= Ns Ar realm Default realm. -.It Xo -.Fl p Ar string , -.Fl -port= Ns Ar string -.Xc +.It Fl p Ar string , Fl Fl port= Ns Ar string Port to listen on (default service kpasswd - 464). .El .Sh DIAGNOSTICS diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c index 5b4119c897b..cc1ac25f30d 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.c +++ b/crypto/heimdal/kpasswd/kpasswdd.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kpasswd_locl.h" -RCSID("$Id: kpasswdd.c 22252 2007-12-09 05:59:34Z lha $"); +RCSID("$Id$"); #include #ifdef HAVE_SYS_UN_H @@ -244,14 +244,14 @@ change (krb5_auth_context auth_context, const char *pwd_reason; kadm5_config_params conf; void *kadm5_handle = NULL; - krb5_principal principal; + krb5_principal principal = NULL; krb5_data *pwd_data = NULL; char *tmp; ChangePasswdDataMS chpw; memset (&conf, 0, sizeof(conf)); memset(&chpw, 0, sizeof(chpw)); - + if (version == KRB5_KPASSWD_VERS_CHANGEPW) { ret = krb5_copy_data(context, in_data, &pwd_data); if (ret) { @@ -272,7 +272,7 @@ change (krb5_auth_context auth_context, "malformed ChangePasswdData"); return; } - + ret = krb5_copy_data(context, &chpw.newpasswd, &pwd_data); if (ret) { @@ -284,7 +284,7 @@ change (krb5_auth_context auth_context, if (chpw.targname == NULL && chpw.targrealm != NULL) { krb5_warn (context, ret, "kadm5_init_with_password_ctx"); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_MALFORMED, "targrealm but not targname"); goto out; @@ -299,10 +299,10 @@ change (krb5_auth_context auth_context, ret = krb5_get_default_realm(context, &princ.realm); if (ret) { - krb5_warnx (context, + krb5_warnx (context, "kadm5_init_with_password_ctx: " "failed to allocate realm"); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, "failed to allocate realm"); goto out; @@ -313,7 +313,7 @@ change (krb5_auth_context auth_context, free(princ.realm); if (ret) { krb5_warn(context, ret, "krb5_copy_principal"); - reply_priv(auth_context, s, sa, sa_size, + reply_priv(auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR, "failed to allocate principal"); goto out; @@ -322,7 +322,7 @@ change (krb5_auth_context auth_context, principal = admin_principal; } else { krb5_warnx (context, "kadm5_init_with_password_ctx: unknown proto"); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR, "Unknown protocol used"); return; @@ -331,7 +331,7 @@ change (krb5_auth_context auth_context, ret = krb5_unparse_name (context, admin_principal, &admin); if (ret) { krb5_warn (context, ret, "unparse_name failed"); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR, "out of memory error"); goto out; } @@ -339,11 +339,11 @@ change (krb5_auth_context auth_context, conf.realm = principal->realm; conf.mask |= KADM5_CONFIG_REALM; - ret = kadm5_init_with_password_ctx(context, + ret = kadm5_init_with_password_ctx(context, admin, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm5_handle); if (ret) { krb5_warn (context, ret, "kadm5_init_with_password_ctx"); @@ -355,7 +355,7 @@ change (krb5_auth_context auth_context, ret = krb5_unparse_name(context, principal, &client); if (ret) { krb5_warn (context, ret, "unparse_name failed"); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR, "out of memory error"); goto out; } @@ -366,25 +366,25 @@ change (krb5_auth_context auth_context, if (krb5_principal_compare(context, admin_principal, principal) == TRUE) { - pwd_reason = kadm5_check_password_quality (context, principal, + pwd_reason = kadm5_check_password_quality (context, principal, pwd_data); if (pwd_reason != NULL ) { - krb5_warnx (context, + krb5_warnx (context, "%s didn't pass password quality check with error: %s", client, pwd_reason); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, pwd_reason); goto out; } krb5_warnx (context, "Changing password for %s", client); } else { - ret = _kadm5_acl_check_permission(kadm5_handle, KADM5_PRIV_CPW, + ret = _kadm5_acl_check_permission(kadm5_handle, KADM5_PRIV_CPW, principal); if (ret) { - krb5_warn (context, ret, + krb5_warn (context, ret, "Check ACL failed for %s for changing %s password", admin, client); - reply_priv (auth_context, s, sa, sa_size, + reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR, "permission denied"); goto out; } @@ -405,17 +405,19 @@ change (krb5_auth_context auth_context, krb5_free_data (context, pwd_data); pwd_data = NULL; if (ret) { - char *str = krb5_get_error_message(context, ret); + const char *str = krb5_get_error_message(context, ret); krb5_warnx(context, "kadm5_s_chpass_principal_cond: %s", str); reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SOFTERROR, str ? str : "Internal error"); - krb5_free_error_string(context, str); + krb5_free_error_message(context, str); goto out; } reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_SUCCESS, "Password changed"); out: free_ChangePasswdDataMS(&chpw); + if (principal != admin_principal) + krb5_free_principal(context, principal); if (admin) free(admin); if (client) @@ -445,13 +447,27 @@ verify (krb5_auth_context *auth_context, krb5_data krb_priv_data; krb5_realm *r; + /* + * Only send an error reply if the request passes basic length + * verification. Otherwise, kpasswdd would reply to every UDP packet, + * allowing an attacker to set up a ping-pong DoS attack via a spoofed UDP + * packet with a source address of another UDP service that also replies + * to every packet. + * + * Also suppress the error reply if ap_req_len is 0, which indicates + * either an invalid request or an error packet. An error packet may be + * the result of a ping-pong attacker pointing us at another kpasswdd. + */ pkt_len = (msg[0] << 8) | (msg[1]); pkt_ver = (msg[2] << 8) | (msg[3]); ap_req_len = (msg[4] << 8) | (msg[5]); if (pkt_len != len) { - krb5_warnx (context, "Strange len: %ld != %ld", + krb5_warnx (context, "Strange len: %ld != %ld", (long)pkt_len, (long)len); - reply_error (NULL, s, sa, sa_size, 0, 1, "Bad request"); + return 1; + } + if (ap_req_len == 0) { + krb5_warnx (context, "Request is error packet (ap_req_len == 0)"); return 1; } if (pkt_ver != KRB5_KPASSWD_VERS_CHANGEPW && @@ -483,7 +499,7 @@ verify (krb5_auth_context *auth_context, krb5_principal principal; krb5_boolean same; - ret = krb5_make_principal (context, + ret = krb5_make_principal (context, &principal, *r, "kadmin", @@ -529,10 +545,10 @@ verify (krb5_auth_context *auth_context, &krb_priv_data, out_data, NULL); - + if (ret) { krb5_warn (context, ret, "krb5_rd_priv"); - reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 3, + reply_error ((*ticket)->server->realm, s, sa, sa_size, ret, 3, "Bad request"); goto out; } @@ -640,7 +656,7 @@ doit (krb5_keytab keytab, int port) krb5_socklen_t sa_size = sizeof(__ss); krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port); - + sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0); if (sockets[i] < 0) krb5_err (context, 1, errno, "socket"); @@ -664,11 +680,11 @@ doit (krb5_keytab keytab, int port) krb5_errx (context, 1, "No sockets!"); while(exit_flag == 0) { - int ret; + krb5_ssize_t retx; fd_set fdset = real_fdset; - ret = select (maxfd + 1, &fdset, NULL, NULL, NULL); - if (ret < 0) { + retx = select (maxfd + 1, &fdset, NULL, NULL, NULL); + if (retx < 0) { if (errno == EINTR) continue; else @@ -679,9 +695,9 @@ doit (krb5_keytab keytab, int port) u_char buf[BUFSIZ]; socklen_t addrlen = sizeof(__ss); - ret = recvfrom (sockets[i], buf, sizeof(buf), 0, + retx = recvfrom(sockets[i], buf, sizeof(buf), 0, sa, &addrlen); - if (ret < 0) { + if (retx < 0) { if(errno == EINTR) break; else @@ -691,7 +707,7 @@ doit (krb5_keytab keytab, int port) process (realms, keytab, sockets[i], &addrs.val[i], sa, addrlen, - buf, ret); + buf, retx); } } @@ -714,7 +730,8 @@ sigterm(int sig) static const char *check_library = NULL; static const char *check_function = NULL; static getarg_strings policy_libraries = { 0, NULL }; -static char *keytab_str = "HDB:"; +static char sHDB[] = "HDB:"; +static char *keytab_str = sHDB; static char *realm_str; static int version_flag; static int help_flag; @@ -723,7 +740,7 @@ static char *config_file; struct getargs args[] = { #ifdef HAVE_DLOPEN - { "check-library", 0, arg_string, &check_library, + { "check-library", 0, arg_string, &check_library, "library to load password check function from", "library" }, { "check-function", 0, arg_string, &check_function, "password check function to load", "function" }, @@ -732,27 +749,26 @@ struct getargs args[] = { #endif { "addresses", 0, arg_strings, &addresses_str, "addresses to listen on", "list of addresses" }, - { "keytab", 'k', arg_string, &keytab_str, + { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication key from", "kspec" }, - { "config-file", 'c', arg_string, &config_file }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, { "realm", 'r', arg_string, &realm_str, "default realm", "realm" }, - { "port", 'p', arg_string, &port_str, "port" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "port", 'p', arg_string, &port_str, "port", NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); int main (int argc, char **argv) { - int optind; krb5_keytab keytab; krb5_error_code ret; char **files; int port, i; - - optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + + krb5_program_setup(&context, argc, argv, args, num_args, NULL); + if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag) { @@ -777,7 +793,7 @@ main (int argc, char **argv) if(realm_str) krb5_set_default_realm(context, realm_str); - + krb5_openlog (context, "kpasswdd", &log_facility); krb5_set_warn_dest(context, log_facility); @@ -804,11 +820,11 @@ main (int argc, char **argv) ret = krb5_kt_resolve(context, keytab_str, &keytab); if(ret) krb5_err(context, 1, ret, "%s", keytab_str); - + kadm5_setup_passwd_quality_check (context, check_library, check_function); for (i = 0; i < policy_libraries.num_strings; i++) { - ret = kadm5_add_passwd_quality_verifier(context, + ret = kadm5_add_passwd_quality_verifier(context, policy_libraries.strings[i]); if (ret) krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); @@ -821,10 +837,10 @@ main (int argc, char **argv) explicit_addresses.len = 0; if (addresses_str.num_strings) { - int i; + int j; - for (i = 0; i < addresses_str.num_strings; ++i) - add_one_address (addresses_str.strings[i], i == 0); + for (j = 0; j < addresses_str.num_strings; ++j) + add_one_address (addresses_str.strings[j], j == 0); free_getarg_strings (&addresses_str); } else { char **foo = krb5_config_get_strings (context, NULL, diff --git a/crypto/heimdal/kuser/Makefile.am b/crypto/heimdal/kuser/Makefile.am index 619d8f8562d..72f01d3ca69 100644 --- a/crypto/heimdal/kuser/Makefile.am +++ b/crypto/heimdal/kuser/Makefile.am @@ -1,22 +1,24 @@ -# $Id: Makefile.am 22285 2007-12-13 20:40:57Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +AM_CPPFLAGS += $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 \ + $(INCLUDE_libintl) \ + -DHEIMDAL_LOCALEDIR='"$(localedir)"' man_MANS = \ kinit.1 \ klist.1 \ kdestroy.1 \ + kswitch.1 \ + kdigest.8 \ kgetcred.1 \ - kimpersonate.1 + kimpersonate.8 -SLC = $(top_builddir)/lib/sl/slc - -bin_PROGRAMS = kinit klist kdestroy kgetcred +bin_PROGRAMS = kinit kdestroy kgetcred kcc libexec_PROGRAMS = kdigest kimpersonate -noinst_PROGRAMS = kverify kdecode_ticket generate-requests copy_cred_cache +noinst_PROGRAMS = kverify kdecode_ticket generate-requests kinit_LDADD = \ $(LIB_kafs) \ @@ -24,14 +26,23 @@ kinit_LDADD = \ $(top_builddir)/lib/ntlm/libheimntlm.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_libintl) \ $(LIB_roken) kdestroy_LDADD = $(kinit_LDADD) -klist_LDADD = $(kinit_LDADD) - kimpersonate_LDADD = $(kinit_LDADD) +kcc_LDADD = \ + $(top_builddir)/lib/sl/libsl.la \ + $(kinit_LDADD) \ + $(LIB_readline) + +dist_kcc_SOURCES = kcc.c klist.c kswitch.c copy_cred_cache.c +nodist_kcc_SOURCES = kcc-commands.c + +$(kcc_OBJECTS): kcc-commands.h + dist_kdigest_SOURCES = kdigest.c nodist_kdigest_SOURCES = kdigest-commands.c @@ -45,20 +56,33 @@ kdigest_LDADD = \ $(kdigest_OBJECTS): kdigest-commands.h -CLEANFILES = kdigest-commands.h kdigest-commands.c +CLEANFILES = \ + kdigest-commands.h kdigest-commands.c \ + kcc-commands.h kcc-commands.c kdigest-commands.c kdigest-commands.h: kdigest-commands.in $(SLC) $(srcdir)/kdigest-commands.in +kcc-commands.c kcc-commands.h: kcc-commands.in + $(SLC) $(srcdir)/kcc-commands.in + LDADD = \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) +EXTRA_DIST = NTMakefile $(man_MANS) \ + kcc-version.rc \ + kdestroy-version.rc \ + kdigest-version.rc \ + kgetcred-version.rc \ + kimpersonate-version.rc \ + kinit-version.rc \ + kuser_locl.h kcc-commands.in kdigest-commands.in copy_cred_cache.1 + # make sure install-exec-hook doesn't have any commands in Makefile.am.common install-exec-hook: - (cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth) - -EXTRA_DIST = $(man_MANS) kuser_locl.h kdigest-commands.in copy_cred_cache.1 + (cd $(DESTDIR)$(bindir) && rm -f klist && $(LN_S) kcc klist) + (cd $(DESTDIR)$(bindir) && rm -f kswitch && $(LN_S) kcc kswitch) diff --git a/crypto/heimdal/kuser/Makefile.in b/crypto/heimdal/kuser/Makefile.in index 8616bf3869e..f3ab34c959f 100644 --- a/crypto/heimdal/kuser/Makefile.in +++ b/crypto/heimdal/kuser/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 22285 2007-12-13 20:40:57Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -41,15 +43,15 @@ host_triplet = @host@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common -bin_PROGRAMS = kinit$(EXEEXT) klist$(EXEEXT) kdestroy$(EXEEXT) \ - kgetcred$(EXEEXT) +bin_PROGRAMS = kinit$(EXEEXT) kdestroy$(EXEEXT) kgetcred$(EXEEXT) \ + kcc$(EXEEXT) libexec_PROGRAMS = kdigest$(EXEEXT) kimpersonate$(EXEEXT) noinst_PROGRAMS = kverify$(EXEEXT) kdecode_ticket$(EXEEXT) \ - generate-requests$(EXEEXT) copy_cred_cache$(EXEEXT) + generate-requests$(EXEEXT) subdir = kuser ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -64,7 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -78,9 +80,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -88,30 +93,36 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \ - "$(DESTDIR)$(man1dir)" -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) + "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(noinst_PROGRAMS) -copy_cred_cache_SOURCES = copy_cred_cache.c -copy_cred_cache_OBJECTS = copy_cred_cache.$(OBJEXT) -copy_cred_cache_LDADD = $(LDADD) -am__DEPENDENCIES_1 = -copy_cred_cache_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) generate_requests_SOURCES = generate-requests.c generate_requests_OBJECTS = generate-requests.$(OBJEXT) generate_requests_LDADD = $(LDADD) +am__DEPENDENCIES_1 = generate_requests_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) +dist_kcc_OBJECTS = kcc.$(OBJEXT) klist.$(OBJEXT) kswitch.$(OBJEXT) \ + copy_cred_cache.$(OBJEXT) +nodist_kcc_OBJECTS = kcc-commands.$(OBJEXT) +kcc_OBJECTS = $(dist_kcc_OBJECTS) $(nodist_kcc_OBJECTS) +am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \ + $(am__DEPENDENCIES_1) +am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +kcc_DEPENDENCIES = $(top_builddir)/lib/sl/libsl.la \ + $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) kdecode_ticket_SOURCES = kdecode_ticket.c kdecode_ticket_OBJECTS = kdecode_ticket.$(OBJEXT) kdecode_ticket_LDADD = $(LDADD) @@ -120,12 +131,6 @@ kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) kdestroy_SOURCES = kdestroy.c kdestroy_OBJECTS = kdestroy.$(OBJEXT) -am__DEPENDENCIES_2 = $(top_builddir)/lib/kafs/libkafs.la \ - $(am__DEPENDENCIES_1) -am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \ - $(top_builddir)/lib/krb5/libkrb5.la \ - $(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) kdestroy_DEPENDENCIES = $(am__DEPENDENCIES_3) dist_kdigest_OBJECTS = kdigest.$(OBJEXT) nodist_kdigest_OBJECTS = kdigest-commands.$(OBJEXT) @@ -148,19 +153,17 @@ kinit_OBJECTS = kinit.$(OBJEXT) kinit_DEPENDENCIES = $(am__DEPENDENCIES_2) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/ntlm/libheimntlm.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) -klist_SOURCES = klist.c -klist_OBJECTS = klist.$(OBJEXT) -klist_DEPENDENCIES = $(am__DEPENDENCIES_3) + $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) kverify_SOURCES = kverify.c kverify_OBJECTS = kverify.$(OBJEXT) kverify_LDADD = $(LDADD) kverify_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -170,13 +173,36 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \ - kdestroy.c $(dist_kdigest_SOURCES) $(nodist_kdigest_SOURCES) \ - kgetcred.c kimpersonate.c kinit.c klist.c kverify.c -DIST_SOURCES = copy_cred_cache.c generate-requests.c kdecode_ticket.c \ - kdestroy.c $(dist_kdigest_SOURCES) kgetcred.c kimpersonate.c \ - kinit.c klist.c kverify.c +SOURCES = generate-requests.c $(dist_kcc_SOURCES) \ + $(nodist_kcc_SOURCES) kdecode_ticket.c kdestroy.c \ + $(dist_kdigest_SOURCES) $(nodist_kdigest_SOURCES) kgetcred.c \ + kimpersonate.c kinit.c kverify.c +DIST_SOURCES = generate-requests.c $(dist_kcc_SOURCES) \ + kdecode_ticket.c kdestroy.c $(dist_kdigest_SOURCES) kgetcred.c \ + kimpersonate.c kinit.c kverify.c +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man1dir = $(mandir)/man1 +man8dir = $(mandir)/man8 MANS = $(man_MANS) ETAGS = etags CTAGS = ctags @@ -185,49 +211,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -251,10 +286,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -271,6 +307,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -286,31 +324,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -325,10 +377,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -369,50 +423,64 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_hcrypto) \ + -I$(srcdir)/../lib/krb5 $(INCLUDE_libintl) \ + -DHEIMDAL_LOCALEDIR='"$(localedir)"' @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la man_MANS = \ kinit.1 \ klist.1 \ kdestroy.1 \ + kswitch.1 \ + kdigest.8 \ kgetcred.1 \ - kimpersonate.1 + kimpersonate.8 -SLC = $(top_builddir)/lib/sl/slc kinit_LDADD = \ $(LIB_kafs) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/ntlm/libheimntlm.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_libintl) \ $(LIB_roken) kdestroy_LDADD = $(kinit_LDADD) -klist_LDADD = $(kinit_LDADD) kimpersonate_LDADD = $(kinit_LDADD) +kcc_LDADD = \ + $(top_builddir)/lib/sl/libsl.la \ + $(kinit_LDADD) \ + $(LIB_readline) + +dist_kcc_SOURCES = kcc.c klist.c kswitch.c copy_cred_cache.c +nodist_kcc_SOURCES = kcc-commands.c dist_kdigest_SOURCES = kdigest.c nodist_kdigest_SOURCES = kdigest-commands.c kdigest_LDADD = \ @@ -423,30 +491,41 @@ kdigest_LDADD = \ $(top_builddir)/lib/sl/libsl.la \ $(LIB_roken) -CLEANFILES = kdigest-commands.h kdigest-commands.c +CLEANFILES = \ + kdigest-commands.h kdigest-commands.c \ + kcc-commands.h kcc-commands.c + LDADD = \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) -EXTRA_DIST = $(man_MANS) kuser_locl.h kdigest-commands.in copy_cred_cache.1 +EXTRA_DIST = NTMakefile $(man_MANS) \ + kcc-version.rc \ + kdestroy-version.rc \ + kdigest-version.rc \ + kgetcred-version.rc \ + kimpersonate-version.rc \ + kinit-version.rc \ + kuser_locl.h kcc-commands.in kdigest-commands.in copy_cred_cache.1 + all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps kuser/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps kuser/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign kuser/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign kuser/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -464,75 +543,108 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -copy_cred_cache$(EXEEXT): $(copy_cred_cache_OBJECTS) $(copy_cred_cache_DEPENDENCIES) - @rm -f copy_cred_cache$(EXEEXT) - $(LINK) $(copy_cred_cache_OBJECTS) $(copy_cred_cache_LDADD) $(LIBS) + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list generate-requests$(EXEEXT): $(generate_requests_OBJECTS) $(generate_requests_DEPENDENCIES) @rm -f generate-requests$(EXEEXT) $(LINK) $(generate_requests_OBJECTS) $(generate_requests_LDADD) $(LIBS) +kcc$(EXEEXT): $(kcc_OBJECTS) $(kcc_DEPENDENCIES) + @rm -f kcc$(EXEEXT) + $(LINK) $(kcc_OBJECTS) $(kcc_LDADD) $(LIBS) kdecode_ticket$(EXEEXT): $(kdecode_ticket_OBJECTS) $(kdecode_ticket_DEPENDENCIES) @rm -f kdecode_ticket$(EXEEXT) $(LINK) $(kdecode_ticket_OBJECTS) $(kdecode_ticket_LDADD) $(LIBS) @@ -551,9 +663,6 @@ kimpersonate$(EXEEXT): $(kimpersonate_OBJECTS) $(kimpersonate_DEPENDENCIES) kinit$(EXEEXT): $(kinit_OBJECTS) $(kinit_DEPENDENCIES) @rm -f kinit$(EXEEXT) $(LINK) $(kinit_OBJECTS) $(kinit_LDADD) $(LIBS) -klist$(EXEEXT): $(klist_OBJECTS) $(klist_DEPENDENCIES) - @rm -f klist$(EXEEXT) - $(LINK) $(klist_OBJECTS) $(klist_LDADD) $(LIBS) kverify$(EXEEXT): $(kverify_OBJECTS) $(kverify_DEPENDENCIES) @rm -f kverify$(EXEEXT) $(LINK) $(kverify_OBJECTS) $(kverify_LDADD) $(LIBS) @@ -564,115 +673,190 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/copy_cred_cache.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generate-requests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kcc-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kcc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdecode_ticket.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdestroy.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdigest-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdigest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kgetcred.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kimpersonate.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kinit.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/klist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kswitch.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kverify.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man1: $(man1_MANS) $(man_MANS) +install-man1: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + uninstall-man1: @$(NORMAL_UNINSTALL) - @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.1*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man1dir)" && rm -f $$files; } +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 1*) ;; \ - *) ext='1' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man1dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -688,13 +872,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -706,7 +894,7 @@ check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) $(MANS) all-local installdirs: - for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)"; do \ + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -730,6 +918,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -740,6 +929,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ clean-libtool clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -750,6 +940,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -757,26 +949,35 @@ info-am: install-data-am: install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am -install-man: install-man1 +install-info-am: + +install-man: install-man1 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -797,11 +998,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \ uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook +uninstall-man: uninstall-man1 uninstall-man8 -uninstall-man: uninstall-man1 - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libexecPROGRAMS \ @@ -812,14 +1012,14 @@ uninstall-man: uninstall-man1 install-data-am install-data-hook install-dvi install-dvi-am \ install-exec install-exec-am install-exec-hook install-html \ install-html-am install-info install-info-am \ - install-libexecPROGRAMS install-man install-man1 install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-hook uninstall-libexecPROGRAMS uninstall-man \ - uninstall-man1 + install-libexecPROGRAMS install-man install-man1 install-man8 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-hook uninstall-libexecPROGRAMS \ + uninstall-man uninstall-man1 uninstall-man8 install-suid-programs: @@ -890,6 +1090,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -975,7 +1178,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -989,14 +1192,21 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done +$(kcc_OBJECTS): kcc-commands.h + $(kdigest_OBJECTS): kdigest-commands.h kdigest-commands.c kdigest-commands.h: kdigest-commands.in $(SLC) $(srcdir)/kdigest-commands.in +kcc-commands.c kcc-commands.h: kcc-commands.in + $(SLC) $(srcdir)/kcc-commands.in + # make sure install-exec-hook doesn't have any commands in Makefile.am.common install-exec-hook: - (cd $(DESTDIR)$(bindir) && rm -f kauth && $(LN_S) kinit kauth) + (cd $(DESTDIR)$(bindir) && rm -f klist && $(LN_S) kcc klist) + (cd $(DESTDIR)$(bindir) && rm -f kswitch && $(LN_S) kcc kswitch) + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/kuser/copy_cred_cache.1 b/crypto/heimdal/kuser/copy_cred_cache.1 index b589735b788..0a3f46fbe85 100644 --- a/crypto/heimdal/kuser/copy_cred_cache.1 +++ b/crypto/heimdal/kuser/copy_cred_cache.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,23 +29,22 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: copy_cred_cache.1 13783 2004-04-25 16:03:45Z joda $ +.\" $Id$ .\" .Dd April 24, 2004 .Dt COPY_CRED_CACHE 1 .Os HEIMDAL .Sh NAME .Nm copy_cred_cache -.Nd -copy credentials from one cache to another +.Nd copy credentials from one cache to another .Sh SYNOPSIS .Nm -.Op Fl -krbtgt-only -.Op Fl -service= Ns Ar principal -.Op Fl -enctype= Ns Ar enctype -.Op Fl -flags= Ns Ar ticketflags -.Op Fl -valid-for= Ns Ar time -.Op Fl -fcache-version= Ns Ar integer +.Op Fl Fl krbtgt-only +.Op Fl Fl service= Ns Ar principal +.Op Fl Fl enctype= Ns Ar enctype +.Op Fl Fl flags= Ns Ar ticketflags +.Op Fl Fl valid-for= Ns Ar time +.Op Fl Fl fcache-version= Ns Ar integer .Op Aq Ar from-cache .Aq Ar to-cache .Sh DESCRIPTION @@ -57,20 +56,20 @@ copies credentials from .Pp Supported options: .Bl -tag -width Ds -.It Fl -krbtgt-only +.It Fl Fl krbtgt-only Copies only krbtgt credentials for the client's realm. This is equivalent to -.Fl -service= Ns Li krbtgt/ Ns Ao Ar CLIENTREALM Ac Ns Li @ Ns Ao Ar CLIENTREALM Ac . -.It Fl -service= Ns Ar principal +.Fl Fl service= Ns Li krbtgt/ Ns Ao Ar CLIENTREALM Ac Ns Li @ Ns Ao Ar CLIENTREALM Ac . +.It Fl Fl service= Ns Ar principal Copies only credentials matching this service principal. -.It Fl -enctype= Ns Ar enctype +.It Fl Fl enctype= Ns Ar enctype Copies only credentials a matching enctype. -.It Fl -flags= Ns Ar ticketflags +.It Fl Fl flags= Ns Ar ticketflags Copies only credentials with these ticket flags set. -.It Fl -valid-for= Ns Ar time +.It Fl Fl valid-for= Ns Ar time Copies only credentials that are valid for at least this long. This does not take renewable creds into account. -.It Fl -fcache-version= Ns Ar integer +.It Fl Fl fcache-version= Ns Ar integer The created cache, If a standard .Li FILE cache is created, it will have this file format version. @@ -88,7 +87,7 @@ $ copy_cred_cache --valid-for=1d --flags=initial FILE:/some/cache .Sh DIAGNOSTICS The .Nm -utility exits 0 on success, and \*[Gt]0 if an error occurs, or of no +utility exits 0 on success, and \*[Gt]0 if an error occurs, or if no credentials where actually copied. .\".Sh SEE ALSO .\".Sh STANDARDS diff --git a/crypto/heimdal/kuser/copy_cred_cache.c b/crypto/heimdal/kuser/copy_cred_cache.c index 8faf82d41ff..21149d3b91e 100644 --- a/crypto/heimdal/kuser/copy_cred_cache.c +++ b/crypto/heimdal/kuser/copy_cred_cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,53 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H +#include "kuser_locl.h" #include -RCSID("$Id: copy_cred_cache.c 15542 2005-07-01 07:20:54Z lha $"); -#endif - -#include -#include -#include -#include #include #include - -static int krbtgt_only_flag; -static char *service_string; -static char *enctype_string; -static char *flags_string; -static char *valid_string; -static int fcache_version; -static int help_flag; -static int version_flag; - -static struct getargs args[] = { - { "krbtgt-only", 0, arg_flag, &krbtgt_only_flag, - "only copy local krbtgt" }, - { "service", 0, arg_string, &service_string, - "limit to this service", "principal" }, - { "enctype", 0, arg_string, &enctype_string, - "limit to this enctype", "enctype" }, - { "flags", 0, arg_string, &flags_string, - "limit to these flags", "ticketflags" }, - { "valid-for", 0, arg_string, &valid_string, - "limit to creds valid for at least this long", "time" }, - { "fcache-version", 0, arg_integer, &fcache_version, - "file cache version to create" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } -}; - -static void -usage(int ret) -{ - arg_printusage(args, - sizeof(args) / sizeof(*args), - NULL, - "[from-cache] to-cache"); - exit(ret); -} +#include "kcc-commands.h" static int32_t bitswap32(int32_t b) @@ -102,114 +60,104 @@ parse_ticket_flags(krb5_context context, memset(&ff, 0, sizeof(ff)); ff.proxy = 1; - if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) + if ((size_t)parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) ret_flags->i = flags; else ret_flags->i = bitswap32(flags); } +struct ctx { + krb5_flags whichfields; + krb5_creds mcreds; +}; + +static krb5_boolean +matchfunc(krb5_context context, void *ptr, const krb5_creds *creds) +{ + struct ctx *ctx = ptr; + if (krb5_compare_creds(context, ctx->whichfields, &ctx->mcreds, creds)) + return TRUE; + return FALSE; +} + int -main(int argc, char **argv) +copy_cred_cache(struct copy_cred_cache_options *opt, int argc, char **argv) { krb5_error_code ret; - krb5_context context; - int optidx = 0; const char *from_name, *to_name; krb5_ccache from_ccache, to_ccache; - krb5_flags whichfields = 0; - krb5_creds mcreds; unsigned int matched; + struct ctx ctx; - setprogname(argv[0]); + memset(&ctx, 0, sizeof(ctx)); - memset(&mcreds, 0, sizeof(mcreds)); - - if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage(0); - - if (version_flag) { - print_version(NULL); - exit(0); - } - argc -= optidx; - argv += optidx; - - if (argc < 1 || argc > 2) - usage(1); - - if (krb5_init_context(&context)) - errx(1, "krb5_init_context failed"); - - if (service_string) { - ret = krb5_parse_name(context, service_string, &mcreds.server); + if (opt->service_string) { + ret = krb5_parse_name(kcc_context, opt->service_string, &ctx.mcreds.server); if (ret) - krb5_err(context, 1, ret, "%s", service_string); + krb5_err(kcc_context, 1, ret, "%s", opt->service_string); } - if (enctype_string) { + if (opt->enctype_string) { krb5_enctype enctype; - ret = krb5_string_to_enctype(context, enctype_string, &enctype); + ret = krb5_string_to_enctype(kcc_context, opt->enctype_string, &enctype); if (ret) - krb5_err(context, 1, ret, "%s", enctype_string); - whichfields |= KRB5_TC_MATCH_KEYTYPE; - mcreds.session.keytype = enctype; + krb5_err(kcc_context, 1, ret, "%s", opt->enctype_string); + ctx.whichfields |= KRB5_TC_MATCH_KEYTYPE; + ctx.mcreds.session.keytype = enctype; } - if (flags_string) { - parse_ticket_flags(context, flags_string, &mcreds.flags); - whichfields |= KRB5_TC_MATCH_FLAGS; + if (opt->flags_string) { + parse_ticket_flags(kcc_context, opt->flags_string, &ctx.mcreds.flags); + ctx.whichfields |= KRB5_TC_MATCH_FLAGS; } - if (valid_string) { - time_t t = parse_time(valid_string, "s"); + if (opt->valid_for_string) { + time_t t = parse_time(opt->valid_for_string, "s"); if(t < 0) - errx(1, "unknown time \"%s\"", valid_string); - mcreds.times.endtime = time(NULL) + t; - whichfields |= KRB5_TC_MATCH_TIMES; + errx(1, "unknown time \"%s\"", opt->valid_for_string); + ctx.mcreds.times.endtime = time(NULL) + t; + ctx.whichfields |= KRB5_TC_MATCH_TIMES; } - if (fcache_version) - krb5_set_fcache_version(context, fcache_version); + if (opt->fcache_version_integer) + krb5_set_fcache_version(kcc_context, opt->fcache_version_integer); if (argc == 1) { - from_name = krb5_cc_default_name(context); + from_name = krb5_cc_default_name(kcc_context); to_name = argv[0]; } else { from_name = argv[0]; to_name = argv[1]; } - ret = krb5_cc_resolve(context, from_name, &from_ccache); + ret = krb5_cc_resolve(kcc_context, from_name, &from_ccache); if (ret) - krb5_err(context, 1, ret, "%s", from_name); + krb5_err(kcc_context, 1, ret, "%s", from_name); - if (krbtgt_only_flag) { + if (opt->krbtgt_only_flag) { krb5_principal client; - ret = krb5_cc_get_principal(context, from_ccache, &client); + ret = krb5_cc_get_principal(kcc_context, from_ccache, &client); if (ret) - krb5_err(context, 1, ret, "getting default principal"); - ret = krb5_make_principal(context, &mcreds.server, - krb5_principal_get_realm(context, client), + krb5_err(kcc_context, 1, ret, "getting default principal"); + ret = krb5_make_principal(kcc_context, &ctx.mcreds.server, + krb5_principal_get_realm(kcc_context, client), KRB5_TGS_NAME, - krb5_principal_get_realm(context, client), + krb5_principal_get_realm(kcc_context, client), NULL); if (ret) - krb5_err(context, 1, ret, "constructing krbtgt principal"); - krb5_free_principal(context, client); + krb5_err(kcc_context, 1, ret, "constructing krbtgt principal"); + krb5_free_principal(kcc_context, client); } - ret = krb5_cc_resolve(context, to_name, &to_ccache); + ret = krb5_cc_resolve(kcc_context, to_name, &to_ccache); if (ret) - krb5_err(context, 1, ret, "%s", to_name); + krb5_err(kcc_context, 1, ret, "%s", to_name); - ret = krb5_cc_copy_cache_match(context, from_ccache, to_ccache, - whichfields, &mcreds, &matched); + ret = krb5_cc_copy_match_f(kcc_context, from_ccache, to_ccache, + matchfunc, &ctx, &matched); if (ret) - krb5_err(context, 1, ret, "copying cred cache"); + krb5_err(kcc_context, 1, ret, "copying cred cache"); - krb5_cc_close(context, from_ccache); + krb5_cc_close(kcc_context, from_ccache); if(matched == 0) - krb5_cc_destroy(context, to_ccache); + krb5_cc_destroy(kcc_context, to_ccache); else - krb5_cc_close(context, to_ccache); - krb5_free_context(context); + krb5_cc_close(kcc_context, to_ccache); + return matched == 0; } diff --git a/crypto/heimdal/kuser/generate-requests.c b/crypto/heimdal/kuser/generate-requests.c index 95d8dc968bb..8f50427adca 100644 --- a/crypto/heimdal/kuser/generate-requests.c +++ b/crypto/heimdal/kuser/generate-requests.c @@ -1,50 +1,38 @@ /* - * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" -RCSID("$Id: generate-requests.c 19233 2006-12-06 08:04:05Z lha $"); - -static krb5_error_code -null_key_proc (krb5_context context, - krb5_enctype type, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key) -{ - return ENOTTY; -} - static unsigned read_words (const char *filename, char ***ret_w) { @@ -68,12 +56,14 @@ read_words (const char *filename, char ***ret_w) *ret_w = w; if (n == 0) errx(1, "%s is an empty file, no words to try", filename); + fclose(f); return n; } static void generate_requests (const char *filename, unsigned nreq) { + krb5_principal client; krb5_context context; krb5_error_code ret; krb5_creds cred; @@ -89,24 +79,18 @@ generate_requests (const char *filename, unsigned nreq) for (i = 0; i < nreq; ++i) { char *name = words[rand() % nwords]; - krb5_realm *client_realm; memset(&cred, 0, sizeof(cred)); - ret = krb5_parse_name (context, name, &cred.client); + ret = krb5_parse_name (context, name, &client); if (ret) krb5_err (context, 1, ret, "krb5_parse_name %s", name); - client_realm = krb5_princ_realm (context, cred.client); - ret = krb5_make_principal(context, &cred.server, *client_realm, - KRB5_TGS_NAME, *client_realm, NULL); + ret = krb5_get_init_creds_password (context, &cred, client, "", + NULL, NULL, 0, NULL, NULL); if (ret) - krb5_err (context, 1, ret, "krb5_make_principal"); - - ret = krb5_get_in_cred (context, 0, NULL, NULL, NULL, NULL, - null_key_proc, NULL, NULL, NULL, - &cred, NULL); - krb5_free_cred_contents (context, &cred); + krb5_free_cred_contents (context, &cred); + krb5_free_principal(context, client); } } diff --git a/crypto/heimdal/kuser/kcc-commands.in b/crypto/heimdal/kuser/kcc-commands.in new file mode 100644 index 00000000000..70967d4486e --- /dev/null +++ b/crypto/heimdal/kuser/kcc-commands.in @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +command = { + name = "klist" + name = "list" + help = "List kerberos tickets" + option = { + long = "cache" + short = "c" + type = "string" + help = "credential cache to list" + } + option = { + name = "flags" + short = "f" + type = "flag" + help = "list flags" + } + option = { + long = "test" + short = "t" + type = "flag" + help = "test for having tickets" + } + option = { + name = "s" + short = "s" + type = "flag" + } + option = { + long = "tokens" + short = "T" + type = "flag" + help = "display AFS tokens" + } + option = { + long = "v5" + short = "5" + type = "flag" + default = "1" + help = "display v5 credential tokens" + } + option = { + long = "all-content" + short = "A" + type = "flag" + help = "List all caches with their content" + } + option = { + long = "list-all" + short = "l" + type = "flag" + help = "List all caches" + } + option = { + long = "verbose" + short = "v" + type = "flag" + help = "Verbose output" + } + option = { + name = "a" + short = "a" + type = "flag" + } + option = { + name = "n" + short = "n" + type = "flag" + } + option = { + long = "hidden" + type = "flag" + help = "Verbose output" + } +} +command = { + name = "kgetcred" + help = "Acquire a Kerberos ticket" + option = { + long = "enctype" + short = "e" + type = "string" + argument = "enctype" + help = "Encryption type to use" + } + option = { + long = "cache" + short = "c" + type = "string" + argument = "cachename" + help = "Credentials cache" + } +} +command = { + name = "kswitch" + name = "switch" + help = "Switch default kerberos cache" + option = { + long = "type" + short = "t" + type = "string" + help = "type of credential cache" + } + option = { + long = "cache" + short = "c" + type = "string" + help = "name of credential cache" + } + option = { + long = "principal" + short = "p" + type = "string" + help = "name of principal" + } + option = { + long = "interactive" + short = "i" + type = "flag" + help = "interactive selection" + } +}; +command = { + name = "kvno" + help = "Acquire a Kerberos ticket" + option = { + long = "enctype" + short = "e" + type = "string" + argument = "enctype" + help = "Encryption type to use" + } + option = { + long = "cache" + short = "c" + type = "string" + argument = "cachename" + help = "Credentials cache" + } + option = { + long = "keytab" + short = "k" + type = "string" + argument = "keytabname" + help = "Keytab to use" + } + option = { + long = "server" + short = "S" + type = "string" + argument = "principal" + help = "Server to get ticket for" + } + option = { + long = "quiet" + short = "q" + type = "flag" + help = "Quiet" + } +} +command = { + name = "copy_cred_cache" + option = { + long = "krbtgt-only" + type = "flag" + help = "only copy local krbtgt" + } + option = { + long = "service" + type = "string" + help = "limit to this service" + argument = "service" + } + option = { + long = "enctype" + type = "string" + help = "limit to this enctype" + argument = "enctype" + } + option = { + long = "flags" + type = "string" + help = "limit to these flags" + } + option = { + long = "valid-for" + type = "string" + help = "limit to creds valid for at least this long" + argument = "time" + } + option = { + long = "fcache-version" + type = "integer" + help = "file cache version to create" + } + min_args = "1" + max_args = "2" + help = "Copies credential caches" +} +command = { + name = "help" + name = "?" + argument = "[command]" + min_args = "0" + max_args = "1" + help = "Help! I need somebody." +} diff --git a/crypto/heimdal/kuser/kcc.c b/crypto/heimdal/kuser/kcc.c new file mode 100644 index 00000000000..511398c9280 --- /dev/null +++ b/crypto/heimdal/kuser/kcc.c @@ -0,0 +1,165 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +#include +#include "kcc-commands.h" + +krb5_context kcc_context; +static int version_flag; +static int help_flag; + +static struct getargs args[] = { + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } +}; + +static void +usage(int ret) +{ + arg_printusage_i18n(args, + sizeof(args)/sizeof(*args), + N_("Usage: ", ""), + NULL, + "command ..", + getarg_i18n); + exit (ret); +} + +int +help(void *opt, int argc, char **argv) +{ + sl_slc_help(commands, argc, argv); + return 0; +} + +int +kgetcred(struct kgetcred_options *opt, int argc, char **argv) +{ + return 0; +} + +/* + * Wrapper for command line compatiblity + */ + +int +kvno(struct kvno_options *opt, int argc, char **argv) +{ + struct kgetcred_options k; + memset(&k, 0, sizeof(k)); + + k.cache_string = opt->cache_string; + k.enctype_string = opt->enctype_string; + + return kgetcred(&k, argc, argv); +} + +static int +command_alias(const char *name) +{ + const char *aliases[] = { + "kinit", "klist", "kswitch", "kgetcred", "kvno", "kdeltkt", + "kdestroy", "kcpytkt", NULL + }, **p = aliases; + + while (*p && strcmp(name, *p) != 0) + p++; + return *p != NULL; +} + + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + int optidx = 0; + int exit_status = 0; + + setprogname (argv[0]); + + setlocale (LC_ALL, ""); + bindtextdomain ("heimdal_kuser", HEIMDAL_LOCALEDIR); + textdomain("heimdal_kuser"); + + ret = krb5_init_context(&kcc_context); + if (ret == KRB5_CONFIG_BADFORMAT) + errx (1, "krb5_init_context failed to parse configuration file"); + else if (ret) + errx(1, "krb5_init_context failed: %d", ret); + + /* + * Support linking of kcc to commands + */ + + if (!command_alias(getprogname())) { + + if (argc == 1) { + sl_slc_help(commands, 0, NULL); + return 1; + } + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag) { + print_version(NULL); + exit(0); + } + + } else { + argv[0] = rk_UNCONST(getprogname()); + } + + argc -= optidx; + argv += optidx; + + if (argc != 0) { + ret = sl_command(commands, argc, argv); + if(ret == -1) + krb5_warnx(kcc_context, "unrecognized command: %s", argv[0]); + else if (ret == -2) + ret = 0; + if(ret != 0) + exit_status = 1; + } else { + sl_slc_help(commands, argc, argv); + exit_status = 1; + } + + krb5_free_context(kcc_context); + return exit_status; +} diff --git a/crypto/heimdal/kuser/kdecode_ticket.c b/crypto/heimdal/kuser/kdecode_ticket.c index 968478d3477..2d30b5f388c 100644 --- a/crypto/heimdal/kuser/kdecode_ticket.c +++ b/crypto/heimdal/kuser/kdecode_ticket.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" -RCSID("$Id: kdecode_ticket.c 15541 2005-07-01 07:14:58Z lha $"); - static char *etype_str; static int version_flag; static int help_flag; @@ -70,11 +68,12 @@ print_and_decode_tkt (krb5_context context, krb5_crypto_destroy (context, crypto); if (ret) krb5_err (context, 1, ret, "krb5_decrypt_EncryptedData"); - ret = krb5_decode_EncTicketPart (context, dec_data.data, dec_data.length, - &decr_part, &len); + ret = decode_EncTicketPart (dec_data.data, dec_data.length, + &decr_part, &len); krb5_data_free (&dec_data); if (ret) krb5_err (context, 1, ret, "krb5_decode_EncTicketPart"); + free_EncTicketPart(&decr_part); } struct getargs args[] = { @@ -108,10 +107,10 @@ main(int argc, char **argv) ret = krb5_init_context (&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); - + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1 index 5e187019ba4..3c936652f10 100644 --- a/crypto/heimdal/kuser/kdestroy.1 +++ b/crypto/heimdal/kuser/kdestroy.1 @@ -1,56 +1,57 @@ -.\" Copyright (c) 1997, 1999, 2001, 2004, 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1997, 1999, 2001, 2004, 2006 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kdestroy.1 22071 2007-11-14 20:04:50Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd April 27, 2006 .Dt KDESTROY 1 .Os HEIMDAL .Sh NAME .Nm kdestroy -.Nd remove one credental or destroy the current ticket file +.Nd remove one credential or destroy the current ticket file .Sh SYNOPSIS .Nm .Bk -words .Op Fl c Ar cachefile -.Op Fl -credential= Ns Ar principal -.Op Fl -cache= Ns Ar cachefile -.Op Fl -no-unlog -.Op Fl -no-delete-v4 -.Op Fl -version -.Op Fl -help +.Op Fl Fl credential= Ns Ar principal +.Op Fl Fl cache= Ns Ar cachefile +.Op Fl A | Fl Fl all +.Op Fl Fl no-unlog +.Op Fl Fl no-delete-v4 +.Op Fl Fl version +.Op Fl Fl help .Ek .Sh DESCRIPTION .Nm -remove one or the current set of tickets. +removes one credential or the current set of tickets. .Pp Supported options: .Bl -tag -width Ds @@ -61,9 +62,12 @@ from the credential cache if it exists. .It Fl c Ar cachefile .It Fl cache= Ns Ar cachefile The cache file to remove. -.It Fl -no-unlog +.It Fl A +.It Fl Fl all +remove all credential caches. +.It Fl Fl no-unlog Do not remove AFS tokens. -.It Fl -no-delete-v4 +.It Fl Fl no-delete-v4 Do not remove v4 tickets. .El .Sh SEE ALSO diff --git a/crypto/heimdal/kuser/kdestroy.c b/crypto/heimdal/kuser/kdestroy.c index 5358fcd67d9..1823bf56ca4 100644 --- a/crypto/heimdal/kuser/kdestroy.c +++ b/crypto/heimdal/kuser/kdestroy.c @@ -1,52 +1,57 @@ /* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" -RCSID("$Id: kdestroy.c 20458 2007-04-19 20:41:27Z lha $"); static const char *cache; static const char *credential; static int help_flag; static int version_flag; +#ifndef NO_AFS static int unlog_flag = 1; +#endif static int dest_tkt_flag = 1; +static int all_flag = 0; struct getargs args[] = { - { "credential", 0, arg_string, &credential, + { "credential", 0, arg_string, rk_UNCONST(&credential), "remove one credential", "principal" }, - { "cache", 'c', arg_string, &cache, "cache to destroy", "cache" }, + { "cache", 'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" }, + { "all", 'A', arg_flag, &all_flag, "destroy all caches", NULL }, +#ifndef NO_AFS { "unlog", 0, arg_negative_flag, &unlog_flag, "do not destroy tokens", NULL }, +#endif { "delete-v4", 0, arg_negative_flag, &dest_tkt_flag, "do not destroy v4 tickets", NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL }, @@ -75,15 +80,15 @@ main (int argc, char **argv) if(getarg(args, num_args, argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); - + if(version_flag){ print_version(NULL); exit(0); } - + argc -= optidx; argv += optidx; @@ -93,58 +98,75 @@ main (int argc, char **argv) ret = krb5_init_context (&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - - if(cache == NULL) { - cache = krb5_cc_default_name(context); - if (cache == NULL) { - warnx ("krb5_cc_default_name: %s", krb5_get_err_text(context, ret)); - exit(1); + + if (all_flag) { + krb5_cccol_cursor cursor; + + ret = krb5_cccol_cursor_new (context, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cccol_cursor_new"); + + while (krb5_cccol_cursor_next (context, cursor, &ccache) == 0 && ccache != NULL) { + + ret = krb5_cc_destroy (context, ccache); + if (ret) { + krb5_warn(context, ret, "krb5_cc_destroy"); + exit_val = 1; + } } - } + krb5_cccol_cursor_free(context, &cursor); - ret = krb5_cc_resolve(context, - cache, - &ccache); - - if (ret == 0) { - if (credential) { - krb5_creds mcred; - - krb5_cc_clear_mcred(&mcred); - - ret = krb5_parse_name(context, credential, &mcred.server); - if (ret) - krb5_err(context, 1, ret, - "Can't parse principal %s", credential); - - ret = krb5_cc_remove_cred(context, ccache, 0, &mcred); - if (ret) - krb5_err(context, 1, ret, - "Failed to remove principal %s", credential); - - krb5_cc_close(context, ccache); - krb5_free_principal(context, mcred.server); - krb5_free_context(context); - return 0; - } - - ret = krb5_cc_destroy (context, ccache); - if (ret) { - warnx ("krb5_cc_destroy: %s", krb5_get_err_text(context, ret)); - exit_val = 1; - } } else { - warnx ("krb5_cc_resolve(%s): %s", cache, - krb5_get_err_text(context, ret)); - exit_val = 1; + if(cache == NULL) { + ret = krb5_cc_default(context, &ccache); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_default"); + } else { + ret = krb5_cc_resolve(context, + cache, + &ccache); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_resolve"); + } + + if (ret == 0) { + if (credential) { + krb5_creds mcred; + + krb5_cc_clear_mcred(&mcred); + + ret = krb5_parse_name(context, credential, &mcred.server); + if (ret) + krb5_err(context, 1, ret, + "Can't parse principal %s", credential); + + ret = krb5_cc_remove_cred(context, ccache, 0, &mcred); + if (ret) + krb5_err(context, 1, ret, + "Failed to remove principal %s", credential); + + krb5_cc_close(context, ccache); + krb5_free_principal(context, mcred.server); + krb5_free_context(context); + return 0; + } + + ret = krb5_cc_destroy (context, ccache); + if (ret) { + krb5_warn(context, ret, "krb5_cc_destroy"); + exit_val = 1; + } + } } krb5_free_context (context); +#ifndef NO_AFS if (unlog_flag && k_hasafs ()) { if (k_unlog ()) exit_val = 1; } +#endif return exit_val; } diff --git a/crypto/heimdal/kuser/kdigest-commands.in b/crypto/heimdal/kuser/kdigest-commands.in index c980b188edd..3f73f5bd55e 100644 --- a/crypto/heimdal/kuser/kdigest-commands.in +++ b/crypto/heimdal/kuser/kdigest-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: kdigest-commands.in 22157 2007-12-04 20:03:29Z lha $ */ +/* $Id$ */ command = { name = "digest-probe" diff --git a/crypto/heimdal/kuser/kdigest.8 b/crypto/heimdal/kuser/kdigest.8 new file mode 100644 index 00000000000..c792241416d --- /dev/null +++ b/crypto/heimdal/kuser/kdigest.8 @@ -0,0 +1,256 @@ +.\" Copyright (c) 2008 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd September 25, 2008 +.Dt KDIGEST 8 +.Os HEIMDAL +.Sh NAME +.Nm kdigest +.Nd userland tool to access digest interface in the KDC +.Sh SYNOPSIS +.Nm +.Op Fl Fl ccache= Ns Ar string +.Op Fl Fl version +.Op Fl Fl help +command +.Op arguments +.Sh DESCRIPTION +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl Fl ccache= Ns Ar string +.Xc +credential cache +.It Xo +.Fl Fl version +.Xc +print version +.It Xo +.Fl Fl help +.Xc +.El +.Pp +Available commands are: +.Bl -tag -width Ds +.It Xo digest-probe +.Op Fl Fl realm= Ns Ar string +.Op Fl h | Fl Fl help +.Xc +.Bl -tag -width Ds +.It Xo +.Fl Fl realm= Ns Ar string +.Xc +Kerberos realm to communicate with +.El +.It Xo digest-server-init +.Op Fl Fl type= Ns Ar string +.Op Fl Fl kerberos-realm= Ns Ar realm +.Op Fl Fl digest= Ns Ar digest-type +.Op Fl Fl cb-type= Ns Ar type +.Op Fl Fl cb-value= Ns Ar value +.Op Fl Fl hostname= Ns Ar hostname +.Op Fl Fl realm= Ns Ar string +.Xc +.Bl -tag -width Ds +.It Xo +.Fl Fl type= Ns Ar string +.Xc +digest type +.It Xo +.Fl Fl kerberos-realm= Ns Ar realm +.Xc +.It Xo +.Fl Fl digest= Ns Ar digest-type +.Xc +digest type to use in the algorithm +.It Xo +.Fl Fl cb-type= Ns Ar type +.Xc +type of channel bindings +.It Xo +.Fl Fl cb-value= Ns Ar value +.Xc +value of channel bindings +.It Xo +.Fl Fl hostname= Ns Ar hostname +.Xc +hostname of the server +.It Xo +.Fl Fl realm= Ns Ar string +.Xc +Kerberos realm to communicate with +.El +.It Xo digest-server-request +.Op Fl Fl type= Ns Ar string +.Op Fl Fl kerberos-realm= Ns Ar realm +.Op Fl Fl username= Ns Ar name +.Op Fl Fl server-nonce= Ns Ar nonce +.Op Fl Fl server-identifier= Ns Ar nonce +.Op Fl Fl client-nonce= Ns Ar nonce +.Op Fl Fl client-response= Ns Ar response +.Op Fl Fl opaque= Ns Ar string +.Op Fl Fl authentication-name= Ns Ar name +.Op Fl Fl realm= Ns Ar realm +.Op Fl Fl method= Ns Ar method +.Op Fl Fl uri= Ns Ar uri +.Op Fl Fl nounce-count= Ns Ar count +.Op Fl Fl qop= Ns Ar qop +.Op Fl Fl ccache= Ns Ar ccache +.Xc +.Bl -tag -width Ds +.It Xo +.Fl Fl type= Ns Ar string +.Xc +digest type +.It Xo +.Fl Fl kerberos-realm= Ns Ar realm +.Xc +.It Xo +.Fl Fl username= Ns Ar name +.Xc +digest type +.It Xo +.Fl Fl server-nonce= Ns Ar nonce +.Xc +.It Xo +.Fl Fl server-identifier= Ns Ar nonce +.Xc +.It Xo +.Fl Fl client-nonce= Ns Ar nonce +.Xc +.It Xo +.Fl Fl client-response= Ns Ar response +.Xc +.It Xo +.Fl Fl opaque= Ns Ar string +.Xc +.It Xo +.Fl Fl authentication-name= Ns Ar name +.Xc +.It Xo +.Fl Fl realm= Ns Ar realm +.Xc +.It Xo +.Fl Fl method= Ns Ar method +.Xc +.It Xo +.Fl Fl uri= Ns Ar uri +.Xc +.It Xo +.Fl Fl nounce-count= Ns Ar count +.Xc +.It Xo +.Fl Fl qop= Ns Ar qop +.Xc +.It Xo +.Fl Fl ccache= Ns Ar ccache +.Xc +Where the the credential cache is created when the KDC returns tickets +.El +.It Xo digest-client-request +.Op Fl Fl type= Ns Ar string +.Op Fl Fl username= Ns Ar name +.Op Fl Fl password= Ns Ar password +.Op Fl Fl server-nonce= Ns Ar nonce +.Op Fl Fl server-identifier= Ns Ar nonce +.Op Fl Fl client-nonce= Ns Ar nonce +.Op Fl Fl opaque= Ns Ar string +.Op Fl Fl realm= Ns Ar realm +.Op Fl Fl method= Ns Ar method +.Op Fl Fl uri= Ns Ar uri +.Op Fl Fl nounce-count= Ns Ar count +.Op Fl Fl qop= Ns Ar qop +.Xc +.Bl -tag -width Ds +.It Xo +.Fl Fl type= Ns Ar string +.Xc +digest type +.It Xo +.Fl Fl username= Ns Ar name +.Xc +digest type +.It Xo +.Fl Fl password= Ns Ar password +.Xc +.It Xo +.Fl Fl server-nonce= Ns Ar nonce +.Xc +.It Xo +.Fl Fl server-identifier= Ns Ar nonce +.Xc +.It Xo +.Fl Fl client-nonce= Ns Ar nonce +.Xc +.It Xo +.Fl Fl opaque= Ns Ar string +.Xc +.It Xo +.Fl Fl realm= Ns Ar realm +.Xc +.It Xo +.Fl Fl method= Ns Ar method +.Xc +.It Xo +.Fl Fl uri= Ns Ar uri +.Xc +.It Xo +.Fl Fl nounce-count= Ns Ar count +.Xc +.It Xo +.Fl Fl qop= Ns Ar qop +.Xc +.El +.It Xo ntlm-server-init +.Op Fl Fl version= Ns Ar integer +.Op Fl Fl kerberos-realm= Ns Ar string +.Xc +.Bl -tag -width Ds +.It Xo +.Fl Fl version= Ns Ar integer +.Xc +ntlm version +.It Xo +.Fl Fl kerberos-realm= Ns Ar string +.Xc +Kerberos realm to communicate with +.El +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.\".Sh SEE ALSO +.\".Sh STANDARDS +.\".Sh HISTORY +.\".Sh AUTHORS +.\".Sh BUGS diff --git a/crypto/heimdal/kuser/kdigest.c b/crypto/heimdal/kuser/kdigest.c index 418aedb7144..f15b661a0dc 100644 --- a/crypto/heimdal/kuser/kdigest.c +++ b/crypto/heimdal/kuser/kdigest.c @@ -1,38 +1,40 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ +#define HC_DEPRECATED_CRYPTO + #include "kuser_locl.h" -RCSID("$Id: kdigest.c 22158 2007-12-04 20:04:01Z lha $"); + #include #include #include @@ -98,7 +100,7 @@ digest_server_init(struct digest_server_init_options *opt, krb5_err(context, 1, ret, "krb5_digest_set_type"); if (opt->cb_type_string && opt->cb_value_string) { - ret = krb5_digest_set_server_cb(context, digest, + ret = krb5_digest_set_server_cb(context, digest, opt->cb_type_string, opt->cb_value_string); if (ret) @@ -112,7 +114,7 @@ digest_server_init(struct digest_server_init_options *opt, krb5_err(context, 1, ret, "krb5_digest_init_request"); printf("type=%s\n", opt->type_string); - printf("server-nonce=%s\n", + printf("server-nonce=%s\n", krb5_digest_get_server_nonce(context, digest)); { const char *s = krb5_digest_get_identifier(context, digest); @@ -121,11 +123,13 @@ digest_server_init(struct digest_server_init_options *opt, } printf("opaque=%s\n", krb5_digest_get_opaque(context, digest)); + krb5_digest_free(digest); + return 0; } int -digest_server_request(struct digest_server_request_options *opt, +digest_server_request(struct digest_server_request_options *opt, int argc, char **argv) { krb5_error_code ret; @@ -150,7 +154,7 @@ digest_server_request(struct digest_server_request_options *opt, if (opt->server_identifier_string == NULL) errx(1, "server identifier missing"); - ret = krb5_digest_set_identifier(context, digest, + ret = krb5_digest_set_identifier(context, digest, opt->server_identifier_string); if (ret) krb5_err(context, 1, ret, "krb5_digest_set_type"); @@ -164,13 +168,13 @@ digest_server_request(struct digest_server_request_options *opt, if (ret) krb5_err(context, 1, ret, "krb5_digest_set_username"); - ret = krb5_digest_set_server_nonce(context, digest, + ret = krb5_digest_set_server_nonce(context, digest, opt->server_nonce_string); if (ret) krb5_err(context, 1, ret, "krb5_digest_set_server_nonce"); if(opt->client_nonce_string) { - ret = krb5_digest_set_client_nonce(context, digest, + ret = krb5_digest_set_client_nonce(context, digest, opt->client_nonce_string); if (ret) krb5_err(context, 1, ret, "krb5_digest_set_client_nonce"); @@ -181,7 +185,7 @@ digest_server_request(struct digest_server_request_options *opt, if (ret) krb5_err(context, 1, ret, "krb5_digest_set_opaque"); - ret = krb5_digest_set_responseData(context, digest, + ret = krb5_digest_set_responseData(context, digest, opt->client_response_string); if (ret) krb5_err(context, 1, ret, "krb5_digest_set_responseData"); @@ -213,6 +217,8 @@ digest_server_request(struct digest_server_request_options *opt, free(key); } + krb5_digest_free(digest); + return 0; } @@ -221,15 +227,19 @@ client_chap(const void *server_nonce, size_t snoncelen, unsigned char server_identifier, const char *password) { - MD5_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md[MD5_DIGEST_LENGTH]; char *h; - MD5_Init(&ctx); - MD5_Update(&ctx, &server_identifier, 1); - MD5_Update(&ctx, password, strlen(password)); - MD5_Update(&ctx, server_nonce, snoncelen); - MD5_Final(md, &ctx); + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + + EVP_DigestUpdate(ctx, &server_identifier, 1); + EVP_DigestUpdate(ctx, password, strlen(password)); + EVP_DigestUpdate(ctx, server_nonce, snoncelen); + EVP_DigestFinal_ex(ctx, md, NULL); + + EVP_MD_CTX_destroy(ctx); hex_encode(md, 16, &h); @@ -262,27 +272,31 @@ client_mschapv2(const void *server_nonce, size_t snoncelen, const char *username, const char *password) { - SHA_CTX ctx; - MD4_CTX hctx; - unsigned char md[SHA_DIGEST_LENGTH], challange[SHA_DIGEST_LENGTH]; + EVP_MD_CTX *hctx, *ctx; + unsigned char md[SHA_DIGEST_LENGTH], challenge[SHA_DIGEST_LENGTH]; unsigned char hmd[MD4_DIGEST_LENGTH]; struct ntlm_buf answer; int i, len, ret; char *h; - SHA1_Init(&ctx); - SHA1_Update(&ctx, client_nonce, cnoncelen); - SHA1_Update(&ctx, server_nonce, snoncelen); - SHA1_Update(&ctx, username, strlen(username)); - SHA1_Final(md, &ctx); + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); - MD4_Init(&hctx); + EVP_DigestUpdate(ctx, client_nonce, cnoncelen); + EVP_DigestUpdate(ctx, server_nonce, snoncelen); + EVP_DigestUpdate(ctx, username, strlen(username)); + EVP_DigestFinal_ex(ctx, md, NULL); + + + hctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(hctx, EVP_md4(), NULL); len = strlen(password); for (i = 0; i < len; i++) { - MD4_Update(&hctx, &password[i], 1); - MD4_Update(&hctx, &password[len], 1); - } - MD4_Final(hmd, &hctx); + EVP_DigestUpdate(hctx, &password[i], 1); + EVP_DigestUpdate(hctx, &password[len], 1); + } + EVP_DigestFinal_ex(hctx, hmd, NULL); + /* ChallengeResponse */ ret = heim_ntlm_calculate_ntlm1(hmd, sizeof(hmd), md, &answer); @@ -294,51 +308,55 @@ client_mschapv2(const void *server_nonce, size_t snoncelen, free(h); /* PasswordHash */ - MD4_Init(&hctx); - MD4_Update(&hctx, hmd, sizeof(hmd)); - MD4_Final(hmd, &hctx); + EVP_DigestInit_ex(hctx, EVP_md4(), NULL); + EVP_DigestUpdate(hctx, hmd, sizeof(hmd)); + EVP_DigestFinal_ex(hctx, hmd, NULL); + /* GenerateAuthenticatorResponse */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, hmd, sizeof(hmd)); - SHA1_Update(&ctx, answer.data, answer.length); - SHA1_Update(&ctx, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1)); - SHA1_Final(md, &ctx); - - /* ChallengeHash */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, client_nonce, cnoncelen); - SHA1_Update(&ctx, server_nonce, snoncelen); - SHA1_Update(&ctx, username, strlen(username)); - SHA1_Final(challange, &ctx); + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(ctx, hmd, sizeof(hmd)); + EVP_DigestUpdate(ctx, answer.data, answer.length); + EVP_DigestUpdate(ctx, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1)); + EVP_DigestFinal_ex(ctx, md, NULL); - SHA1_Init(&ctx); - SHA1_Update(&ctx, md, sizeof(md)); - SHA1_Update(&ctx, challange, 8); - SHA1_Update(&ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2)); - SHA1_Final(md, &ctx); + /* ChallengeHash */ + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(ctx, client_nonce, cnoncelen); + EVP_DigestUpdate(ctx, server_nonce, snoncelen); + EVP_DigestUpdate(ctx, username, strlen(username)); + EVP_DigestFinal_ex(ctx, challenge, NULL); + + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(ctx, md, sizeof(md)); + EVP_DigestUpdate(ctx, challenge, 8); + EVP_DigestUpdate(ctx, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2)); + EVP_DigestFinal_ex(ctx, md, NULL); hex_encode(md, sizeof(md), &h); printf("AuthenticatorResponse=%s\n", h); free(h); /* get_master, rfc 3079 3.4 */ - SHA1_Init(&ctx); - SHA1_Update(&ctx, hmd, sizeof(hmd)); - SHA1_Update(&ctx, answer.data, answer.length); - SHA1_Update(&ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1)); - SHA1_Final(md, &ctx); + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(ctx, hmd, sizeof(hmd)); + EVP_DigestUpdate(ctx, answer.data, answer.length); + EVP_DigestUpdate(ctx, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1)); + EVP_DigestFinal_ex(ctx, md, NULL); free(answer.data); hex_encode(md, 16, &h); printf("session-key=%s\n", h); free(h); + + EVP_MD_CTX_destroy(hctx); + EVP_MD_CTX_destroy(ctx); } int -digest_client_request(struct digest_client_request_options *opt, +digest_client_request(struct digest_client_request_options *opt, int argc, char **argv) { char *server_nonce, *client_nonce = NULL, server_identifier; @@ -358,7 +376,7 @@ digest_client_request(struct digest_client_request_options *opt, errx(1, "server_nonce"); snoncelen = hex_decode(opt->server_nonce_string, server_nonce, snoncelen); - if (snoncelen <= 0) + if (snoncelen <= 0) errx(1, "server nonce wrong"); if (opt->client_nonce_string) { @@ -366,10 +384,10 @@ digest_client_request(struct digest_client_request_options *opt, client_nonce = malloc(cnoncelen); if (client_nonce == NULL) errx(1, "client_nonce"); - - cnoncelen = hex_decode(opt->client_nonce_string, + + cnoncelen = hex_decode(opt->client_nonce_string, client_nonce, cnoncelen); - if (cnoncelen <= 0) + if (cnoncelen <= 0) errx(1, "client nonce wrong"); } @@ -385,7 +403,7 @@ digest_client_request(struct digest_client_request_options *opt, if (opt->server_identifier_string == NULL) errx(1, "server identifier missing"); - client_chap(server_nonce, snoncelen, server_identifier, + client_chap(server_nonce, snoncelen, server_identifier, opt->password_string); } else if (strcasecmp(opt->type_string, "MS-CHAP-V2") == 0) { @@ -395,11 +413,13 @@ digest_client_request(struct digest_client_request_options *opt, errx(1, "client nonce missing"); client_mschapv2(server_nonce, snoncelen, - client_nonce, cnoncelen, + client_nonce, cnoncelen, opt->username_string, opt->password_string); } - + if (client_nonce) + free(client_nonce); + free(server_nonce); return 0; } @@ -413,9 +433,10 @@ ntlm_server_init(struct ntlm_server_init_options *opt, krb5_error_code ret; krb5_ntlm ntlm; struct ntlm_type2 type2; - krb5_data challange, opaque; + krb5_data challenge, opaque; struct ntlm_buf data; char *s; + static char zero2[] = "\x00\x00"; memset(&type2, 0, sizeof(type2)); @@ -423,7 +444,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt, if (ret) krb5_err(context, 1, ret, "krb5_ntlm_alloc"); - ret = krb5_ntlm_init_request(context, + ret = krb5_ntlm_init_request(context, ntlm, opt->kerberos_realm_string, id, @@ -437,29 +458,29 @@ ntlm_server_init(struct ntlm_server_init_options *opt, * */ - ret = krb5_ntlm_init_get_challange(context, ntlm, &challange); + ret = krb5_ntlm_init_get_challange(context, ntlm, &challenge); if (ret) krb5_err(context, 1, ret, "krb5_ntlm_init_get_challange"); - if (challange.length != sizeof(type2.challange)) - krb5_errx(context, 1, "ntlm challange have wrong length"); - memcpy(type2.challange, challange.data, sizeof(type2.challange)); - krb5_data_free(&challange); + if (challenge.length != sizeof(type2.challenge)) + krb5_errx(context, 1, "ntlm challenge have wrong length"); + memcpy(type2.challenge, challenge.data, sizeof(type2.challenge)); + krb5_data_free(&challenge); ret = krb5_ntlm_init_get_flags(context, ntlm, &type2.flags); if (ret) krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags"); krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname); - type2.targetinfo.data = "\x00\x00"; + type2.targetinfo.data = zero2; type2.targetinfo.length = 2; - + ret = heim_ntlm_encode_type2(&type2, &data); if (ret) krb5_errx(context, 1, "heim_ntlm_encode_type2"); free(type2.targetname); - + /* * */ @@ -519,7 +540,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1 index 1949ff7e0bb..5c1b212e2be 100644 --- a/crypto/heimdal/kuser/kgetcred.1 +++ b/crypto/heimdal/kuser/kgetcred.1 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kgetcred.1 14090 2004-08-05 18:49:47Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd March 12, 2004 .Dt KGETCRED 1 @@ -39,18 +39,18 @@ .Nd "get a ticket for a particular service" .Sh SYNOPSIS .Nm -.Op Fl -canonicalize +.Op Fl Fl canonicalize .Oo Fl c cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc .Oo Fl e Ar enctype \*(Ba Xo -.Fl -enctype= Ns Ar enctype +.Fl Fl enctype= Ns Ar enctype .Xc .Oc -.Op Fl -no-transit-check -.Op Fl -version -.Op Fl -help +.Op Fl Fl no-transit-check +.Op Fl Fl version +.Op Fl Fl help .Ar service .Sh DESCRIPTION .Nm @@ -61,30 +61,16 @@ ticket or of a special type. .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -canonicalize -.Xc +.It Fl Fl canonicalize requests that the KDC canonicalize the principal. -.It Xo -.Fl c Ar cache , -.Fl -cache= Ns Ar cache -.Xc +.It Fl c Ar cache , Fl Fl cache= Ns Ar cache the credential cache to use. -.It Xo -.Fl e Ar enctype , -.Fl -enctype= Ns Ar enctype -.Xc +.It Fl e Ar enctype , Fl Fl enctype= Ns Ar enctype encryption type to use. -.It Xo -.Fl -no-transit-check -.Xc -requests that the KDC doesn't do trasnit checking. -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl no-transit-check +requests that the KDC doesn't do transit checking. +.It Fl Fl version +.It Fl Fl help .El .Sh SEE ALSO .Xr kinit 1 , diff --git a/crypto/heimdal/kuser/kgetcred.c b/crypto/heimdal/kuser/kgetcred.c index a842e002da5..7742eca4087 100644 --- a/crypto/heimdal/kuser/kgetcred.c +++ b/crypto/heimdal/kuser/kgetcred.c @@ -1,46 +1,45 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" -RCSID("$Id: kgetcred.c 22276 2007-12-12 02:42:31Z lha $"); - static char *cache_str; static char *out_cache_str; static char *delegation_cred_str; static char *etype_str; static int transit_flag = 1; static int forwardable_flag; +static int canonicalize_flag; static char *impersonate_str; static char *nametype_str; static int version_flag; @@ -48,21 +47,23 @@ static int help_flag; struct getargs args[] = { { "cache", 'c', arg_string, &cache_str, - "credential cache to use", "cache"}, + NP_("credential cache to use", ""), "cache"}, { "out-cache", 0, arg_string, &out_cache_str, - "credential cache to store credential in", "cache"}, + NP_("credential cache to store credential in", ""), "cache"}, { "delegation-credential-cache",0,arg_string, &delegation_cred_str, - "where to find the ticket use for delegation", "cache"}, + NP_("where to find the ticket use for delegation", ""), "cache"}, + { "canonicalize", 0, arg_flag, &canonicalize_flag, + NP_("canonicalize the principal", ""), NULL }, { "forwardable", 0, arg_flag, &forwardable_flag, - "forwardable ticket requested"}, - { "transit-check", 0, arg_negative_flag, &transit_flag }, + NP_("forwardable ticket requested", ""), NULL}, + { "transit-check", 0, arg_negative_flag, &transit_flag, NULL, NULL }, { "enctype", 'e', arg_string, &etype_str, - "encryption type to use", "enctype"}, + NP_("encryption type to use", ""), "enctype"}, { "impersonate", 0, arg_string, &impersonate_str, - "client to impersonate", "principal"}, - { "name-type", 0, arg_string, &nametype_str }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + NP_("client to impersonate", ""), "principal"}, + { "name-type", 0, arg_string, &nametype_str, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void @@ -92,10 +93,10 @@ main(int argc, char **argv) ret = krb5_init_context (&context); if (ret) errx(1, "krb5_init_context failed: %d", ret); - + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -129,7 +130,8 @@ main(int argc, char **argv) ret = krb5_string_to_enctype(context, etype_str, &enctype); if (ret) - krb5_errx (context, 1, "unrecognized enctype: %s", etype_str); + krb5_errx (context, 1, N_("unrecognized enctype: %s", ""), + etype_str); krb5_get_creds_opt_set_enctype(context, opt, enctype); } @@ -148,6 +150,8 @@ main(int argc, char **argv) krb5_get_creds_opt_add_options(context, opt, KRB5_GC_FORWARDABLE); if (!transit_flag) krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_TRANSIT_CHECK); + if (canonicalize_flag) + krb5_get_creds_opt_add_options(context, opt, KRB5_GC_CANONICALIZE); if (delegation_cred_str) { krb5_ccache id; @@ -169,7 +173,7 @@ main(int argc, char **argv) ret = decode_Ticket(c.ticket.data, c.ticket.length, &ticket, NULL); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_err (context, 1, ret, "decode_Ticket"); } krb5_free_cred_contents(context, &c); @@ -182,7 +186,7 @@ main(int argc, char **argv) krb5_cc_close (context, id); krb5_free_principal(context, mc.server); - krb5_get_creds_opt_add_options(context, opt, + krb5_get_creds_opt_add_options(context, opt, KRB5_GC_CONSTRAINED_DELEGATION); } @@ -191,10 +195,13 @@ main(int argc, char **argv) krb5_err (context, 1, ret, "krb5_parse_name %s", argv[0]); if (nametype_str) { - ret = krb5_parse_nametype(context, nametype_str, - &server->name.name_type); + int32_t nametype; + + ret = krb5_parse_nametype(context, nametype_str, &nametype); if (ret) krb5_err(context, 1, ret, "krb5_parse_nametype"); + + server->name.name_type = (NAME_TYPE)nametype; } ret = krb5_get_creds(context, opt, cache, server, &out); diff --git a/crypto/heimdal/kuser/kimpersonate.1 b/crypto/heimdal/kuser/kimpersonate.8 similarity index 56% rename from crypto/heimdal/kuser/kimpersonate.1 rename to crypto/heimdal/kuser/kimpersonate.8 index b9cd8d61488..df83b5ded15 100644 --- a/crypto/heimdal/kuser/kimpersonate.1 +++ b/crypto/heimdal/kuser/kimpersonate.8 @@ -1,70 +1,55 @@ -.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kimpersonate.1 20259 2007-02-17 23:49:54Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd September 18, 2006 -.Dt KERBEROS 1 +.Dt KIMPERSONATE 8 .Os Heimdal .Sh NAME .Nm kimpersonate -.Nd -impersonate a user when there exist a srvtab, keyfile or KeyFile +.Nd impersonate a user when there exist a srvtab, keyfile or KeyFile .Sh SYNOPSIS .Nm -.Oo Fl s Ar string \*(Ba Xo -.Fl -server= Ns Ar string Oc -.Xc -.Oo Fl c Ar string \*(Ba Xo -.Fl -client= Ns Ar string Oc -.Xc -.Oo Fl k Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string Oc -.Xc -.Op Fl 5 | Fl -krb5 -.Oo Fl e Ar integer \*(Ba Xo -.Fl -expire-time= Ns Ar integer Oc -.Xc -.Oo Fl a Ar string \*(Ba Xo -.Fl -client-address= Ns Ar string Oc -.Xc -.Oo Fl t Ar string \*(Ba Xo -.Fl -enc-type= Ns Ar string Oc -.Xc -.Oo Fl f Ar string \*(Ba Xo -.Fl -ticket-flags= Ns Ar string Oc -.Xc -.Op Fl -verbose -.Op Fl -version -.Op Fl -help +.Op Fl s Ar string \*(Ba Fl Fl server= Ns Ar string +.Op Fl c Ar string \*(Ba Fl Fl client= Ns Ar string +.Op Fl k Ar string \*(Ba Fl Fl keytab= Ns Ar string +.Op Fl 5 | Fl Fl krb5 +.Op Fl e Ar integer \*(Ba Fl Fl expire-time= Ns Ar integer +.Op Fl a Ar string \*(Ba Fl Fl client-address= Ns Ar string +.Op Fl t Ar string \*(Ba Fl Fl enc-type= Ns Ar string +.Op Fl f Ar string \*(Ba Fl Fl ticket-flags= Ns Ar string +.Op Fl Fl verbose +.Op Fl Fl version +.Op Fl Fl help .Sh DESCRIPTION The .Nm @@ -73,57 +58,27 @@ The service key can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options: .Bl -tag -width Ds -.It Xo -.Fl s Ar string Ns , -.Fl -server= Ns Ar string -.Xc +.It Fl s Ar string Ns , Fl Fl server= Ns Ar string name of server principal -.It Xo -.Fl c Ar string Ns , -.Fl -client= Ns Ar string -.Xc +.It Fl c Ar string Ns , Fl Fl client= Ns Ar string name of client principal -.It Xo -.Fl k Ar string Ns , -.Fl -keytab= Ns Ar string -.Xc +.It Fl k Ar string Ns , Fl Fl keytab= Ns Ar string name of keytab file -.It Xo -.Fl 5 Ns , -.Fl -krb5 -.Xc +.It Fl 5 Ns , Fl Fl krb5 create a Kerberos 5 ticket -.It Xo -.Fl e Ar integer Ns , -.Fl -expire-time= Ns Ar integer -.Xc +.It Fl e Ar integer Ns , Fl Fl expire-time= Ns Ar integer lifetime of ticket in seconds -.It Xo -.Fl a Ar string Ns , -.Fl -client-address= Ns Ar string -.Xc +.It Fl a Ar string Ns , Fl Fl client-address= Ns Ar string address of client -.It Xo -.Fl t Ar string Ns , -.Fl -enc-type= Ns Ar string -.Xc +.It Fl t Ar string Ns , Fl Fl enc-type= Ns Ar string encryption type -.It Xo -.Fl f Ar string Ns , -.Fl -ticket-flags= Ns Ar string -.Xc +.It Fl f Ar string Ns , Fl Fl ticket-flags= Ns Ar string ticket flags for krb5 ticket -.It Xo -.Fl -verbose -.Xc +.It Fl Fl verbose Verbose output -.It Xo -.Fl -version -.Xc +.It Fl Fl version Print version -.It Xo -.Fl -help -.Xc +.It Fl Fl help .El .Sh FILES Uses @@ -131,9 +86,9 @@ Uses .Pa /etc/srvtab and .Pa /usr/afs/etc/KeyFile -when avalible and the the +when available and the .Fl k -is used with appropriate prefix. +option is used with an appropriate prefix. .Sh EXAMPLES .Nm can be used in diff --git a/crypto/heimdal/kuser/kimpersonate.c b/crypto/heimdal/kuser/kimpersonate.c index 9ef99aff9f1..af1e9f43035 100644 --- a/crypto/heimdal/kuser/kimpersonate.c +++ b/crypto/heimdal/kuser/kimpersonate.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -32,7 +32,6 @@ */ #include "kuser_locl.h" -RCSID("$Id: kimpersonate.c 22117 2007-12-03 21:24:16Z lha $"); #include static char *client_principal_str = NULL; @@ -45,19 +44,21 @@ static char *ccache_str = NULL; static char *ticket_flags_str = NULL; static TicketFlags ticket_flags; static char *keytab_file = NULL; -static char *enc_type = "des-cbc-md5"; +static char *enctype_string = NULL; static int expiration_time = 3600; static struct getarg_strings client_addresses; static int version_flag = 0; static int help_flag = 0; static int use_krb5 = 1; +static const char *enc_type = "des-cbc-md5"; + /* * */ static void -encode_ticket (krb5_context context, +encode_ticket (krb5_context context, EncryptionKey *skey, krb5_enctype etype, int skvno, @@ -68,24 +69,24 @@ encode_ticket (krb5_context context, krb5_error_code ret; krb5_crypto crypto; EncryptedData enc_part; - EncTicketPart et; + EncTicketPart et; Ticket ticket; memset (&enc_part, 0, sizeof(enc_part)); memset (&ticket, 0, sizeof(ticket)); - + /* * Set up `enc_part' */ et.flags = cred->flags.b; et.key = cred->session; - et.crealm = *krb5_princ_realm (context, cred->client); + et.crealm = cred->client->realm; copy_PrincipalName(&cred->client->name, &et.cname); { krb5_data empty_string; - - krb5_data_zero(&empty_string); + + krb5_data_zero(&empty_string); et.transited.tr_type = DOMAIN_X500_COMPRESS; et.transited.contents = empty_string; } @@ -104,14 +105,19 @@ encode_ticket (krb5_context context, if (ret) krb5_err(context, 1, ret, "EncTicketPart"); - krb5_crypto_init(context, skey, etype, &crypto); - krb5_encrypt_EncryptedData (context, - crypto, - KRB5_KU_TICKET, - buf, - len, - skvno, - &ticket.enc_part); + ret = krb5_crypto_init(context, skey, etype, &crypto); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_init"); + ret = krb5_encrypt_EncryptedData (context, + crypto, + KRB5_KU_TICKET, + buf, + len, + skvno, + &ticket.enc_part); + if (ret) + krb5_err(context, 1, ret, "krb5_encrypt_EncryptedData"); + free(buf); krb5_crypto_destroy(context, crypto); @@ -120,14 +126,15 @@ encode_ticket (krb5_context context, */ ticket.tkt_vno = 5; - ticket.realm = *krb5_princ_realm (context, cred->server); + ticket.realm = cred->server->realm; copy_PrincipalName(&cred->server->name, &ticket.sname); - + ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret); if(ret) krb5_err (context, 1, ret, "encode_Ticket"); krb5_data_copy(&cred->ticket, buf, len); + free(buf); } /* @@ -142,13 +149,13 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) krb5_creds cred; krb5_enctype etype; krb5_ccache ccache; - + memset (&cred, 0, sizeof(cred)); - + ret = krb5_string_to_enctype (context, enc_type, &etype); if (ret) krb5_err (context, 1, ret, "krb5_string_to_enctype"); - ret = krb5_kt_get_entry (context, kt, server_principal, + ret = krb5_kt_get_entry (context, kt, server_principal, 0, etype, &entry); if (ret) krb5_err (context, 1, ret, "krb5_kt_get_entry"); @@ -162,27 +169,27 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) if (ret) krb5_err (context, 1, ret, "krb5_copy_principal"); ret = krb5_copy_principal (context, server_principal, &cred.server); - if (ret) + if (ret) krb5_err (context, 1, ret, "krb5_copy_principal"); - krb5_generate_random_keyblock(context, etype, &cred.session); + krb5_generate_random_keyblock(context, etype, &cred.session); cred.times.authtime = time(NULL); cred.times.starttime = time(NULL); cred.times.endtime = time(NULL) + expiration_time; cred.times.renew_till = 0; - krb5_data_zero(&cred.second_ticket); + krb5_data_zero(&cred.second_ticket); ret = krb5_get_all_client_addrs (context, &cred.addresses); if (ret) krb5_err (context, 1, ret, "krb5_get_all_client_addrs"); cred.flags.b = ticket_flags; - - + + /* * Encode encrypted part of ticket */ - encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred); + encode_ticket (context, &entry.keyblock, etype, entry.vno, &cred); /* * Write to cc @@ -201,14 +208,14 @@ create_krb5_tickets (krb5_context context, krb5_keytab kt) ret = krb5_cc_initialize (context, ccache, cred.client); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); - + ret = krb5_cc_store_cred (context, ccache, &cred); if (ret) krb5_err (context, 1, ret, "krb5_cc_store_cred"); krb5_free_cred_contents (context, &cred); krb5_cc_close (context, ccache); - + return 0; } @@ -243,7 +250,7 @@ setup_env (krb5_context context, krb5_keytab *kt) if (ticket_flags_str) { int ticket_flags_int; - ticket_flags_int = parse_flags(ticket_flags_str, + ticket_flags_int = parse_flags(ticket_flags_str, asn1_TicketFlags_units(), 0); if (ticket_flags_int <= 0) { krb5_warnx (context, "bad ticket flags: `%s'", ticket_flags_str); @@ -262,22 +269,22 @@ setup_env (krb5_context context, krb5_keytab *kt) struct getargs args[] = { { "ccache", 0, arg_string, &ccache_str, "name of kerberos 5 credential cache", "cache-name"}, - { "server", 's', arg_string, &server_principal_str, - "name of server principal" }, - { "client", 'c', arg_string, &client_principal_str, - "name of client principal" }, + { "server", 's', arg_string, &server_principal_str, + "name of server principal", NULL }, + { "client", 'c', arg_string, &client_principal_str, + "name of client principal", NULL }, { "keytab", 'k', arg_string, &keytab_file, - "name of keytab file" }, + "name of keytab file", NULL }, { "krb5", '5', arg_flag, &use_krb5, - "create a kerberos 5 ticket"}, + "create a kerberos 5 ticket", NULL }, { "expire-time", 'e', arg_integer, &expiration_time, - "lifetime of ticket in seconds" }, + "lifetime of ticket in seconds", NULL }, { "client-addresses", 'a', arg_strings, &client_addresses, - "addresses of client" }, - { "enc-type", 't', arg_string, &enc_type, - "encryption type" }, + "addresses of client", NULL }, + { "enc-type", 't', arg_string, &enctype_string, + "encryption type", NULL }, { "ticket-flags", 'f', arg_string, &ticket_flags_str, - "ticket flags for krb5 ticket" }, + "ticket flags for krb5 ticket", NULL }, { "version", 0, arg_flag, &version_flag, "Print version", NULL }, { "help", 0, arg_flag, &help_flag, NULL, @@ -297,7 +304,7 @@ usage (int ret) int main (int argc, char **argv) { - int optind = 0; + int optidx = 0; krb5_error_code ret; krb5_context context; krb5_keytab kt; @@ -308,23 +315,26 @@ main (int argc, char **argv) if (ret) errx(1, "krb5_init_context failed: %u", ret); - if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optind)) - usage (1); + if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); if (help_flag) - usage (0); + usage(0); if (version_flag) { print_version(NULL); return 0; } - setup_env (context, &kt); + if (enctype_string) + enc_type = enctype_string; + + setup_env(context, &kt); if (use_krb5) - create_krb5_tickets (context, kt); + create_krb5_tickets(context, kt); + + krb5_kt_close(context, kt); - krb5_kt_close (context, kt); return 0; } diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1 index 01fac262a68..56ad66dd40f 100644 --- a/crypto/heimdal/kuser/kinit.1 +++ b/crypto/heimdal/kuser/kinit.1 @@ -1,92 +1,90 @@ -.\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1998 - 2003, 2006 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kinit.1 17822 2006-07-10 14:46:58Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd April 25, 2006 .Dt KINIT 1 .Os HEIMDAL .Sh NAME .Nm kinit -.Nm kauth .Nd acquire initial tickets .Sh SYNOPSIS .Nm kinit -.Op Fl 4 | Fl -524init -.Op Fl 9 | Fl -524convert -.Op Fl -afslog +.Op Fl Fl afslog .Oo Fl c Ar cachename \*(Ba Xo -.Fl -cache= Ns Ar cachename +.Fl Fl cache= Ns Ar cachename .Xc .Oc -.Op Fl f | Fl -forwardable +.Op Fl f | Fl Fl no-forwardable .Oo Fl t Ar keytabname \*(Ba Xo -.Fl -keytab= Ns Ar keytabname +.Fl Fl keytab= Ns Ar keytabname .Xc .Oc .Oo Fl l Ar time \*(Ba Xo -.Fl -lifetime= Ns Ar time +.Fl Fl lifetime= Ns Ar time .Xc .Oc -.Op Fl p | Fl -proxiable -.Op Fl R | Fl -renew -.Op Fl -renewable +.Op Fl p | Fl Fl proxiable +.Op Fl R | Fl Fl renew +.Op Fl Fl renewable .Oo Fl r Ar time \*(Ba Xo -.Fl -renewable-life= Ns Ar time +.Fl Fl renewable-life= Ns Ar time .Xc .Oc .Oo Fl S Ar principal \*(Ba Xo -.Fl -server= Ns Ar principal +.Fl Fl server= Ns Ar principal .Xc .Oc .Oo Fl s Ar time \*(Ba Xo -.Fl -start-time= Ns Ar time +.Fl Fl start-time= Ns Ar time .Xc .Oc -.Op Fl k | Fl -use-keytab -.Op Fl v | Fl -validate +.Op Fl k | Fl Fl use-keytab +.Op Fl v | Fl Fl validate .Oo Fl e Ar enctypes \*(Ba Xo -.Fl -enctypes= Ns Ar enctypes +.Fl Fl enctypes= Ns Ar enctypes .Xc .Oc .Oo Fl a Ar addresses \*(Ba Xo -.Fl -extra-addresses= Ns Ar addresses +.Fl Fl extra-addresses= Ns Ar addresses .Xc .Oc -.Op Fl -password-file= Ns Ar filename -.Op Fl -fcache-version= Ns Ar version-number -.Op Fl A | Fl -no-addresses -.Op Fl -anonymous -.Op Fl -version -.Op Fl -help +.Op Fl Fl password-file= Ns Ar filename +.Op Fl Fl fcache-version= Ns Ar version-number +.Op Fl A | Fl Fl no-addresses +.Op Fl Fl anonymous +.Op Fl Fl enterprise +.Op Fl Fl version +.Op Fl Fl help .Op Ar principal Op Ar command .Sh DESCRIPTION .Nm @@ -96,97 +94,53 @@ or if none is given, a system generated default (typically your login name at the default realm), and acquire a ticket granting ticket that can later be used to obtain tickets for other services. .Pp -If you have compiled -.Nm kinit -with Kerberos 4 support and you have a -Kerberos 4 server, -.Nm -will detect this and get you Kerberos 4 tickets. -.Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl c Ar cachename -.Fl -cache= Ns Ar cachename -.Xc +.It Fl c Ar cachename Fl Fl cache= Ns Ar cachename The credentials cache to put the acquired ticket in, if other than default. -.It Xo -.Fl f , -.Fl -forwardable -.Xc -Get ticket that can be forwarded to another host. -.It Xo -.Fl t Ar keytabname , -.Fl -keytab= Ns Ar keytabname -.Xc +.It Fl f Fl Fl no-forwardable +Get ticket that can be forwarded to another host, or if the negative +flags use, don't get a forwardable flag. +.It Fl t Ar keytabname , Fl Fl keytab= Ns Ar keytabname Don't ask for a password, but instead get the key from the specified keytab. -.It Xo -.Fl l Ar time , -.Fl -lifetime= Ns Ar time -.Xc +.It Fl l Ar time , Fl Fl lifetime= Ns Ar time Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human readable string like .Sq 1h . -.It Xo -.Fl p , -.Fl -proxiable -.Xc +.It Fl p , Fl Fl proxiable Request tickets with the proxiable flag set. -.It Xo -.Fl R , -.Fl -renew -.Xc +.It Fl R , Fl Fl renew Try to renew ticket. The ticket must have the .Sq renewable flag set, and must not be expired. -.It Fl -renewable +.It Fl Fl renewable The same as -.Fl -renewable-life , +.Fl Fl renewable-life , with an infinite time. -.It Xo -.Fl r Ar time , -.Fl -renewable-life= Ns Ar time -.Xc +.It Fl r Ar time , Fl Fl renewable-life= Ns Ar time The max renewable ticket life. -.It Xo -.Fl S Ar principal , -.Fl -server= Ns Ar principal -.Xc +.It Fl S Ar principal , Fl Fl server= Ns Ar principal Get a ticket for a service other than krbtgt/LOCAL.REALM. -.It Xo -.Fl s Ar time , -.Fl -start-time= Ns Ar time -.Xc +.It Fl s Ar time , Fl Fl start-time= Ns Ar time Obtain a ticket that starts to be valid .Ar time (which can really be a generic time specification, like .Sq 1h ) seconds into the future. -.It Xo -.Fl k , -.Fl -use-keytab -.Xc +.It Fl k , Fl Fl use-keytab The same as -.Fl -keytab , +.Fl Fl keytab , but with the default keytab name (normally .Ar FILE:/etc/krb5.keytab ) . -.It Xo -.Fl v , -.Fl -validate -.Xc +.It Fl v , Fl Fl validate Try to validate an invalid ticket. -.It Xo -.Fl e , -.Fl -enctypes= Ns Ar enctypes -.Xc +.It Fl e , Fl Fl enctypes= Ns Ar enctypes Request tickets with this particular enctype. -.It Xo -.Fl -password-file= Ns Ar filename -.Xc +.It Fl Fl password-file= Ns Ar filename read the password from the first line of .Ar filename . If the @@ -194,15 +148,10 @@ If the is .Ar STDIN , the password will be read from the standard input. -.It Xo -.Fl -fcache-version= Ns Ar version-number -.Xc +.It Fl Fl fcache-version= Ns Ar version-number Create a credentials cache of version .Ar version-number . -.It Xo -.Fl a , -.Fl -extra-addresses= Ns Ar enctypes -.Xc +.It Fl a , Fl Fl extra-addresses= Ns Ar enctypes Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket. This can be useful if all addresses a client can use can't be @@ -212,36 +161,23 @@ Also settable via .Li libdefaults/extra_addresses in .Xr krb5.conf 5 . -.It Xo -.Fl A , -.Fl -no-addresses -.Xc +.It Fl A , Fl Fl no-addresses Request a ticket with no addresses. -.It Xo -.Fl -anonymous -.Xc +.It Fl Fl anonymous Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically .Dq anonymous@REALM ) . -.El -.Pp -The following options are only available if -.Nm -has been compiled with support for Kerberos 4. -.Bl -tag -width Ds -.It Xo -.Fl 4 , -.Fl -524init -.Xc -Try to convert the obtained Kerberos 5 krbtgt to a version 4 -compatible ticket. -It will store this ticket in the default Kerberos 4 ticket file. -.It Xo -.Fl 9 , -.Fl -524convert -.Xc -only convert ticket to version 4 -.It Fl -afslog +.It Fl Fl enterprise +Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise +names are email like principals that are stored in the name part of +the principal, and since there are two @ characters the parser needs +to know that the first is not a realm. +An example of an enterprise name is +.Dq lha@e.kth.se@KTH.SE , +and this option is usually used with canonicalize so that the +principal returned from the KDC will typically be the real principal +name. +.It Fl Fl afslog Gets AFS tickets, converts them to version 4 format, and stores them in the kernel. Only useful if you have AFS. @@ -261,7 +197,7 @@ section in krb5.conf, see If a .Ar command is given, -.Nm kinit +.Nm will set up new credentials caches, and AFS PAG, and then run the given command. When it finishes the credentials will be removed. diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c index 26763098590..0b3876dcc5e 100644 --- a/crypto/heimdal/kuser/kinit.c +++ b/crypto/heimdal/kuser/kinit.c @@ -1,42 +1,47 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" -RCSID("$Id: kinit.c 22116 2007-12-03 21:22:58Z lha $"); -#include "krb5-v4compat.h" +#ifdef __APPLE__ +#include +#endif +#ifndef NO_NTLM #include "heimntlm.h" +#endif int forwardable_flag = -1; int proxiable_flag = -1; @@ -54,124 +59,153 @@ char *renew_life = NULL; char *server_str = NULL; char *cred_cache = NULL; char *start_str = NULL; +static int switch_cache_flags = 1; struct getarg_strings etype_str; int use_keytab = 0; char *keytab_str = NULL; int do_afslog = -1; -int get_v4_tgt = -1; -int convert_524 = 0; int fcache_version; char *password_file = NULL; char *pk_user_id = NULL; +int pk_enterprise_flag = 0; +struct hx509_certs_data *ent_user_id = NULL; char *pk_x509_anchors = NULL; int pk_use_enckey = 0; static int canonicalize_flag = 0; +static int enterprise_flag = 0; +static int ok_as_delegate_flag = 0; +static int use_referrals_flag = 0; +static int windows_flag = 0; +#ifndef NO_NTLM static char *ntlm_domain; +#endif -static char *krb4_cc_name; static struct getargs args[] = { - /* + /* * used by MIT * a: ~A * V: verbose * F: ~f * P: ~p * C: v4 cache name? - * 5: + * 5: + * + * old flags + * 4: + * 9: */ - { "524init", '4', arg_flag, &get_v4_tgt, - "obtain version 4 TGT" }, - - { "524convert", '9', arg_flag, &convert_524, - "only convert ticket to version 4" }, - { "afslog", 0 , arg_flag, &do_afslog, - "obtain afs tokens" }, + NP_("obtain afs tokens", ""), NULL }, { "cache", 'c', arg_string, &cred_cache, - "credentials cache", "cachename" }, + NP_("credentials cache", ""), "cachename" }, - { "forwardable", 'f', arg_flag, &forwardable_flag, - "get forwardable tickets"}, + { "forwardable", 0, arg_negative_flag, &forwardable_flag, + NP_("get tickets not forwardable", ""), NULL }, + + { NULL, 'f', arg_flag, &forwardable_flag, + NP_("get forwardable tickets", ""), NULL }, { "keytab", 't', arg_string, &keytab_str, - "keytab to use", "keytabname" }, + NP_("keytab to use", ""), "keytabname" }, { "lifetime", 'l', arg_string, &lifetime, - "lifetime of tickets", "time"}, + NP_("lifetime of tickets", ""), "time" }, { "proxiable", 'p', arg_flag, &proxiable_flag, - "get proxiable tickets" }, + NP_("get proxiable tickets", ""), NULL }, { "renew", 'R', arg_flag, &renew_flag, - "renew TGT" }, + NP_("renew TGT", ""), NULL }, { "renewable", 0, arg_flag, &renewable_flag, - "get renewable tickets" }, + NP_("get renewable tickets", ""), NULL }, { "renewable-life", 'r', arg_string, &renew_life, - "renewable lifetime of tickets", "time" }, + NP_("renewable lifetime of tickets", ""), "time" }, { "server", 'S', arg_string, &server_str, - "server to get ticket for", "principal" }, + NP_("server to get ticket for", ""), "principal" }, { "start-time", 's', arg_string, &start_str, - "when ticket gets valid", "time" }, + NP_("when ticket gets valid", ""), "time" }, { "use-keytab", 'k', arg_flag, &use_keytab, - "get key from keytab" }, + NP_("get key from keytab", ""), NULL }, { "validate", 'v', arg_flag, &validate_flag, - "validate TGT" }, + NP_("validate TGT", ""), NULL }, { "enctypes", 'e', arg_strings, &etype_str, - "encryption types to use", "enctypes" }, + NP_("encryption types to use", ""), "enctypes" }, { "fcache-version", 0, arg_integer, &fcache_version, - "file cache version to create" }, + NP_("file cache version to create", ""), NULL }, { "addresses", 'A', arg_negative_flag, &addrs_flag, - "request a ticket with no addresses" }, + NP_("request a ticket with no addresses", ""), NULL }, { "extra-addresses",'a', arg_strings, &extra_addresses, - "include these extra addresses", "addresses" }, + NP_("include these extra addresses", ""), "addresses" }, { "anonymous", 0, arg_flag, &anonymous_flag, - "request an anonymous ticket" }, + NP_("request an anonymous ticket", ""), NULL }, { "request-pac", 0, arg_flag, &pac_flag, - "request a Windows PAC" }, + NP_("request a Windows PAC", ""), NULL }, { "password-file", 0, arg_string, &password_file, - "read the password from a file" }, + NP_("read the password from a file", ""), NULL }, { "canonicalize",0, arg_flag, &canonicalize_flag, - "canonicalize client principal" }, + NP_("canonicalize client principal", ""), NULL }, + + { "enterprise",0, arg_flag, &enterprise_flag, + NP_("parse principal as a KRB5-NT-ENTERPRISE name", ""), NULL }, #ifdef PKINIT + { "pk-enterprise", 0, arg_flag, &pk_enterprise_flag, + NP_("use enterprise name from certificate", ""), NULL }, + { "pk-user", 'C', arg_string, &pk_user_id, - "principal's public/private/certificate identifier", "id" }, + NP_("principal's public/private/certificate identifier", ""), "id" }, { "x509-anchors", 'D', arg_string, &pk_x509_anchors, - "directory with CA certificates", "directory" }, + NP_("directory with CA certificates", ""), "directory" }, { "pk-use-enckey", 0, arg_flag, &pk_use_enckey, - "Use RSA encrypted reply (instead of DH)" }, + NP_("Use RSA encrypted reply (instead of DH)", ""), NULL }, #endif +#ifndef NO_NTLM { "ntlm-domain", 0, arg_string, &ntlm_domain, - "NTLM domain", "domain" }, + NP_("NTLM domain", ""), "domain" }, +#endif - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "change-default", 0, arg_negative_flag, &switch_cache_flags, + NP_("switch the default cache to the new credentials cache", ""), NULL }, + + { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, + NP_("honor ok-as-delegate on tickets", ""), NULL }, + + { "use-referrals", 0, arg_flag, &use_referrals_flag, + NP_("only use referrals, no dns canalisation", ""), NULL }, + + { "windows", 0, arg_flag, &windows_flag, + NP_("get windows behavior", ""), NULL }, + + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void usage (int ret) { - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - "[principal [command]]"); + arg_printusage_i18n (args, + sizeof(args)/sizeof(*args), + N_("Usage: ", ""), + NULL, + "[principal [command]]", + getarg_i18n); exit (ret); } @@ -181,63 +215,20 @@ get_server(krb5_context context, const char *server, krb5_principal *princ) { - krb5_realm *client_realm; + krb5_const_realm realm; if(server) return krb5_parse_name(context, server, princ); - client_realm = krb5_princ_realm (context, client); - return krb5_make_principal(context, princ, *client_realm, - KRB5_TGS_NAME, *client_realm, NULL); -} - -static krb5_error_code -do_524init(krb5_context context, krb5_ccache ccache, - krb5_creds *creds, const char *server) -{ - krb5_error_code ret; - - struct credentials c; - krb5_creds in_creds, *real_creds; - - if(creds != NULL) - real_creds = creds; - else { - krb5_principal client; - krb5_cc_get_principal(context, ccache, &client); - memset(&in_creds, 0, sizeof(in_creds)); - ret = get_server(context, client, server, &in_creds.server); - if(ret) { - krb5_free_principal(context, client); - return ret; - } - in_creds.client = client; - ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds); - krb5_free_principal(context, client); - krb5_free_principal(context, in_creds.server); - if(ret) - return ret; - } - ret = krb524_convert_creds_kdc_ccache(context, ccache, real_creds, &c); - if(ret) - krb5_warn(context, ret, "converting creds"); - else { - krb5_error_code tret = _krb5_krb_tf_setup(context, &c, NULL, 0); - if(tret) - krb5_warn(context, tret, "saving v4 creds"); - } - - if(creds == NULL) - krb5_free_creds(context, real_creds); - memset(&c, 0, sizeof(c)); - - return ret; + realm = krb5_principal_get_realm(context, client); + return krb5_make_principal(context, princ, realm, + KRB5_TGS_NAME, realm, NULL); } static int -renew_validate(krb5_context context, +renew_validate(krb5_context context, int renew, int validate, - krb5_ccache cache, + krb5_ccache cache, const char *server, krb5_deltat life) { @@ -259,8 +250,8 @@ renew_validate(krb5_context context, } if (renew) { - /* - * no need to check the error here, it's only to be + /* + * no need to check the error here, it's only to be * friendly to the user */ krb5_get_credentials(context, KRB5_GC_CACHED, cache, &in, &out); @@ -280,7 +271,7 @@ renew_validate(krb5_context context, else if (out) flags.b.proxiable = out->flags.b.proxiable; - if (anonymous_flag != -1) + if (anonymous_flag) flags.b.request_anonymous = anonymous_flag; if(life) in.times.endtime = time(NULL) + life; @@ -312,10 +303,10 @@ renew_validate(krb5_context context, if(ret == 0 && server == NULL) { /* only do this if it's a general renew-my-tgt request */ - if(get_v4_tgt) - do_524init(context, cache, out, NULL); +#ifndef NO_AFS if(do_afslog && k_hasafs()) krb5_afslog(context, cache, NULL, NULL); +#endif } krb5_free_creds (context, out); @@ -328,41 +319,33 @@ out: return ret; } +#ifndef NO_NTLM + static krb5_error_code -store_ntlmkey(krb5_context context, krb5_ccache id, - const char *domain, krb5_const_principal client, - struct ntlm_buf *buf) +store_ntlmkey(krb5_context context, krb5_ccache id, + const char *domain, struct ntlm_buf *buf) { krb5_error_code ret; - krb5_creds cred; - - memset(&cred, 0, sizeof(cred)); + krb5_data data; + char *name; - ret = krb5_make_principal(context, &cred.server, - krb5_principal_get_realm(context, client), - "@ntlm-key", domain, NULL); - if (ret) - goto out; - ret = krb5_copy_principal(context, client, &cred.client); - if (ret) - goto out; - - cred.times.authtime = time(NULL); - cred.times.endtime = time(NULL) + 3600 * 24 * 30; /* XXX */ - cred.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5; - ret = krb5_data_copy(&cred.session.keyvalue, buf->data, buf->length); - if (ret) - goto out; + asprintf(&name, "ntlm-key-%s", domain); + if (name == NULL) { + krb5_clear_error_message(context); + return ENOMEM; + } - ret = krb5_cc_store_cred(context, id, &cred); + data.length = buf->length; + data.data = buf->data; -out: - krb5_free_cred_contents (context, &cred); - return 0; + ret = krb5_cc_set_config(context, id, NULL, name, &data); + free(name); + return ret; } +#endif static krb5_error_code -get_new_tickets(krb5_context context, +get_new_tickets(krb5_context context, krb5_principal principal, krb5_ccache ccache, krb5_deltat ticket_life, @@ -374,12 +357,13 @@ get_new_tickets(krb5_context context, char passwd[256]; krb5_deltat start_time = 0; krb5_deltat renew = 0; - char *renewstr = NULL; + const char *renewstr = NULL; krb5_enctype *enctype = NULL; - struct ntlm_buf ntlmkey; krb5_ccache tempccache; - +#ifndef NO_NTLM + struct ntlm_buf ntlmkey; memset(&ntlmkey, 0, sizeof(ntlmkey)); +#endif passwd[0] = '\0'; if (password_file) { @@ -394,20 +378,48 @@ get_new_tickets(krb5_context context, password_file); if (fgets(passwd, sizeof(passwd), f) == NULL) - krb5_errx(context, 1, - "Failed to read password from file %s", password_file); + krb5_errx(context, 1, + N_("Failed to read password from file %s", ""), + password_file); if (f != stdin) fclose(f); passwd[strcspn(passwd, "\n")] = '\0'; } +#ifdef __APPLE__ + if (passwd[0] == '\0') { + const char *realm; + OSStatus osret; + UInt32 length; + void *buffer; + char *name; + + realm = krb5_principal_get_realm(context, principal); + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name); + if (ret) + goto nopassword; + + osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm, + strlen(name), name, + &length, &buffer, NULL); + free(name); + if (osret == noErr && length < sizeof(passwd) - 1) { + memcpy(passwd, buffer, length); + passwd[length] = '\0'; + } + nopassword: + do { } while(0); + } +#endif memset(&cred, 0, sizeof(cred)); ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - + krb5_get_init_creds_opt_set_default_flags(context, "kinit", krb5_principal_get_realm(context, principal), opt); @@ -415,30 +427,35 @@ get_new_tickets(krb5_context context, krb5_get_init_creds_opt_set_forwardable (opt, forwardable_flag); if(proxiable_flag != -1) krb5_get_init_creds_opt_set_proxiable (opt, proxiable_flag); - if(anonymous_flag != -1) + if(anonymous_flag) krb5_get_init_creds_opt_set_anonymous (opt, anonymous_flag); if (pac_flag != -1) - krb5_get_init_creds_opt_set_pac_request(context, opt, + krb5_get_init_creds_opt_set_pac_request(context, opt, pac_flag ? TRUE : FALSE); if (canonicalize_flag) krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE); - if (pk_user_id) { + if (pk_enterprise_flag || enterprise_flag || canonicalize_flag || windows_flag) + krb5_get_init_creds_opt_set_win2k(context, opt, TRUE); + if (pk_user_id || ent_user_id || anonymous_flag) { ret = krb5_get_init_creds_opt_set_pkinit(context, opt, principal, pk_user_id, pk_x509_anchors, NULL, NULL, - pk_use_enckey ? 2 : 0, + pk_use_enckey ? 2 : 0 | + anonymous_flag ? 4 : 0, krb5_prompter_posix, NULL, passwd); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit"); + if (ent_user_id) + krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id); } if (addrs_flag != -1) - krb5_get_init_creds_opt_set_addressless(context, opt, + krb5_get_init_creds_opt_set_addressless(context, opt, addrs_flag ? FALSE : TRUE); if (renew_life == NULL && renewable_flag) @@ -449,7 +466,7 @@ get_new_tickets(krb5_context context, renew = parse_time (renewstr, "s"); if (renew < 0) errx (1, "unparsable time: %s", renewstr); - + krb5_get_init_creds_opt_set_renew_life (opt, renew); } @@ -459,7 +476,7 @@ get_new_tickets(krb5_context context, if(start_str) { int tmp = parse_time (start_str, "s"); if (tmp < 0) - errx (1, "unparsable time: %s", start_str); + errx (1, N_("unparsable time: %s", ""), start_str); start_time = tmp; } @@ -471,13 +488,13 @@ get_new_tickets(krb5_context context, if(enctype == NULL) errx(1, "out of memory"); for(i = 0; i < etype_str.num_strings; i++) { - ret = krb5_string_to_enctype(context, - etype_str.strings[i], + ret = krb5_string_to_enctype(context, + etype_str.strings[i], &enctype[i]); if(ret) errx(1, "unrecognized enctype: %s", etype_str.strings[i]); } - krb5_get_init_creds_opt_set_etype_list(opt, enctype, + krb5_get_init_creds_opt_set_etype_list(opt, enctype, etype_str.num_strings); } @@ -497,7 +514,7 @@ get_new_tickets(krb5_context context, server_str, opt); krb5_kt_close(context, kt); - } else if (pk_user_id) { + } else if (pk_user_id || ent_user_id || anonymous_flag) { ret = krb5_get_init_creds_password (context, &cred, principal, @@ -515,11 +532,11 @@ get_new_tickets(krb5_context context, if (passwd[0] == '\0') { char *p, *prompt; - + krb5_unparse_name (context, principal, &p); - asprintf (&prompt, "%s's Password: ", p); + asprintf (&prompt, N_("%s's Password: ", ""), p); free (p); - + if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ memset(passwd, 0, sizeof(passwd)); exit(1); @@ -527,7 +544,7 @@ get_new_tickets(krb5_context context, free (prompt); } - + ret = krb5_get_init_creds_password (context, &cred, principal, @@ -539,8 +556,10 @@ get_new_tickets(krb5_context context, opt); } krb5_get_init_creds_opt_free(context, opt); +#ifndef NO_NTLM if (ntlm_domain && passwd[0]) heim_ntlm_nt_key(passwd, &ntlmkey); +#endif memset(passwd, 0, sizeof(passwd)); switch(ret){ @@ -551,10 +570,10 @@ get_new_tickets(krb5_context context, case KRB5KRB_AP_ERR_BAD_INTEGRITY: case KRB5KRB_AP_ERR_MODIFIED: case KRB5KDC_ERR_PREAUTH_FAILED: - krb5_errx(context, 1, "Password incorrect"); + krb5_errx(context, 1, N_("Password incorrect", "")); break; case KRB5KRB_AP_ERR_V4_REPLY: - krb5_errx(context, 1, "Looks like a Kerberos 4 reply"); + krb5_errx(context, 1, N_("Looks like a Kerberos 4 reply", "")); break; default: krb5_err(context, 1, ret, "krb5_get_init_creds"); @@ -563,22 +582,23 @@ get_new_tickets(krb5_context context, if(ticket_life != 0) { if(abs(cred.times.endtime - cred.times.starttime - ticket_life) > 30) { char life[64]; - unparse_time_approx(cred.times.endtime - cred.times.starttime, + unparse_time_approx(cred.times.endtime - cred.times.starttime, life, sizeof(life)); - krb5_warnx(context, "NOTICE: ticket lifetime is %s", life); + krb5_warnx(context, N_("NOTICE: ticket lifetime is %s", ""), life); } } if(renew_life) { if(abs(cred.times.renew_till - cred.times.starttime - renew) > 30) { char life[64]; - unparse_time_approx(cred.times.renew_till - cred.times.starttime, + unparse_time_approx(cred.times.renew_till - cred.times.starttime, life, sizeof(life)); - krb5_warnx(context, "NOTICE: ticket renewable lifetime is %s", + krb5_warnx(context, + N_("NOTICE: ticket renewable lifetime is %s", ""), life); } } - ret = krb5_cc_new_unique(context, krb5_cc_get_type(context, ccache), + ret = krb5_cc_new_unique(context, krb5_cc_get_type(context, ccache), NULL, &tempccache); if (ret) krb5_err (context, 1, ret, "krb5_cc_new_unique"); @@ -586,7 +606,7 @@ get_new_tickets(krb5_context context, ret = krb5_cc_initialize (context, tempccache, cred.client); if (ret) krb5_err (context, 1, ret, "krb5_cc_initialize"); - + ret = krb5_cc_store_cred (context, tempccache, &cred); if (ret) krb5_err (context, 1, ret, "krb5_cc_store_cred"); @@ -597,8 +617,29 @@ get_new_tickets(krb5_context context, if (ret) krb5_err (context, 1, ret, "krb5_cc_move"); + if (switch_cache_flags) + krb5_cc_switch(context, ccache); + +#ifndef NO_NTLM if (ntlm_domain && ntlmkey.data) - store_ntlmkey(context, ccache, ntlm_domain, principal, &ntlmkey); + store_ntlmkey(context, ccache, ntlm_domain, &ntlmkey); +#endif + + if (ok_as_delegate_flag || windows_flag || use_referrals_flag) { + unsigned char d = 0; + krb5_data data; + + if (ok_as_delegate_flag || windows_flag) + d |= 1; + if (use_referrals_flag || windows_flag) + d |= 2; + + data.length = 1; + data.data = &d; + + krb5_cc_set_config(context, ccache, NULL, "realm-config", &data); + } + if (enctype) free(enctype); @@ -607,7 +648,7 @@ get_new_tickets(krb5_context context, } static time_t -ticket_lifetime(krb5_context context, krb5_ccache cache, +ticket_lifetime(krb5_context context, krb5_ccache cache, krb5_principal client, const char *server) { krb5_creds in_cred, *cred; @@ -667,13 +708,13 @@ renew_func(void *ptr) new_tickets = 1; if (new_tickets) - get_new_tickets(ctx->context, ctx->principal, + get_new_tickets(ctx->context, ctx->principal, ctx->ccache, ctx->ticket_life, 0); - if(get_v4_tgt || convert_524) - do_524init(ctx->context, ctx->ccache, NULL, server_str); +#ifndef NO_AFS if(do_afslog && k_hasafs()) krb5_afslog(ctx->context, ctx->ccache, NULL, NULL); +#endif expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal, server_str) / 2; @@ -692,16 +733,20 @@ main (int argc, char **argv) int parseflags = 0; setprogname (argv[0]); - + + setlocale (LC_ALL, ""); + bindtextdomain ("heimdal_kuser", HEIMDAL_LOCALEDIR); + textdomain("heimdal_kuser"); + ret = krb5_init_context (&context); if (ret == KRB5_CONFIG_BADFORMAT) errx (1, "krb5_init_context failed to parse configuration file"); else if (ret) errx(1, "krb5_init_context failed: %d", ret); - + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -713,17 +758,38 @@ main (int argc, char **argv) argc -= optidx; argv += optidx; - if (canonicalize_flag) + if (canonicalize_flag || enterprise_flag) parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE; - if (argv[0]) { - ret = krb5_parse_name_flags (context, argv[0], parseflags, &principal); + if (pk_enterprise_flag) { + ret = krb5_pk_enterprise_cert(context, pk_user_id, + argv[0], &principal, + &ent_user_id); if (ret) - krb5_err (context, 1, ret, "krb5_parse_name"); + krb5_err(context, 1, ret, "krb5_pk_enterprise_certs"); + + pk_user_id = NULL; + + } else if (anonymous_flag) { + + ret = krb5_make_principal(context, &principal, argv[0], + KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME, + NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_make_principal"); + krb5_principal_set_type(context, principal, KRB5_NT_WELLKNOWN); + } else { - ret = krb5_get_default_principal (context, &principal); - if (ret) - krb5_err (context, 1, ret, "krb5_get_default_principal"); + if (argv[0]) { + ret = krb5_parse_name_flags (context, argv[0], parseflags, + &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_parse_name"); + } else { + ret = krb5_get_default_principal (context, &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_get_default_principal"); + } } if(fcache_version) @@ -734,68 +800,70 @@ main (int argc, char **argv) krb5_appdefault_boolean(context, "kinit", krb5_principal_get_realm(context, principal), "renewable", FALSE, &renewable_flag); - if(get_v4_tgt == -1) - krb5_appdefault_boolean(context, "kinit", - krb5_principal_get_realm(context, principal), - "krb4_get_tickets", FALSE, &get_v4_tgt); if(do_afslog == -1) - krb5_appdefault_boolean(context, "kinit", - krb5_principal_get_realm(context, principal), + krb5_appdefault_boolean(context, "kinit", + krb5_principal_get_realm(context, principal), "afslog", TRUE, &do_afslog); - if(cred_cache) + if(cred_cache) ret = krb5_cc_resolve(context, cred_cache, &ccache); else { if(argc > 1) { char s[1024]; - ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache); + ret = krb5_cc_new_unique(context, NULL, NULL, &ccache); if(ret) krb5_err(context, 1, ret, "creating cred cache"); snprintf(s, sizeof(s), "%s:%s", krb5_cc_get_type(context, ccache), krb5_cc_get_name(context, ccache)); setenv("KRB5CCNAME", s, 1); - if (get_v4_tgt) { - int fd; - if (asprintf(&krb4_cc_name, "%s_XXXXXX", TKT_ROOT) < 0) - krb5_errx(context, 1, "out of memory"); - if((fd = mkstemp(krb4_cc_name)) >= 0) { - close(fd); - setenv("KRBTKFILE", krb4_cc_name, 1); - } else { - free(krb4_cc_name); - krb4_cc_name = NULL; + } else { + ret = krb5_cc_cache_match(context, principal, &ccache); + if (ret) { + const char *type; + ret = krb5_cc_default (context, &ccache); + if (ret) + krb5_err (context, 1, ret, N_("resolving credentials cache", "")); + + /* + * Check if the type support switching, and we do, + * then do that instead over overwriting the current + * default credential + */ + type = krb5_cc_get_type(context, ccache); + if (krb5_cc_support_switch(context, type)) { + krb5_cc_close(context, ccache); + ret = krb5_cc_new_unique(context, type, NULL, &ccache); } } - } else { - ret = krb5_cc_cache_match(context, principal, NULL, &ccache); - if (ret) - ret = krb5_cc_default (context, &ccache); } } if (ret) - krb5_err (context, 1, ret, "resolving credentials cache"); + krb5_err (context, 1, ret, N_("resolving credentials cache", "")); +#ifndef NO_AFS if(argc > 1 && k_hasafs ()) k_setpag(); +#endif if (lifetime) { int tmp = parse_time (lifetime, "s"); if (tmp < 0) - errx (1, "unparsable time: %s", lifetime); + errx (1, N_("unparsable time: %s", ""), lifetime); ticket_life = tmp; } if(addrs_flag == 0 && extra_addresses.num_strings > 0) - krb5_errx(context, 1, "specifying both extra addresses and " - "no addresses makes no sense"); + krb5_errx(context, 1, + N_("specifying both extra addresses and " + "no addresses makes no sense", "")); { int i; krb5_addresses addresses; memset(&addresses, 0, sizeof(addresses)); for(i = 0; i < extra_addresses.num_strings; i++) { - ret = krb5_parse_address(context, extra_addresses.strings[i], + ret = krb5_parse_address(context, extra_addresses.strings[i], &addresses); if (ret == 0) { krb5_add_extra_addresses(context, &addresses); @@ -806,18 +874,17 @@ main (int argc, char **argv) } if(renew_flag || validate_flag) { - ret = renew_validate(context, renew_flag, validate_flag, + ret = renew_validate(context, renew_flag, validate_flag, ccache, server_str, ticket_life); exit(ret != 0); } - if(!convert_524) - get_new_tickets(context, principal, ccache, ticket_life, 1); + get_new_tickets(context, principal, ccache, ticket_life, 1); - if(get_v4_tgt || convert_524) - do_524init(context, ccache, NULL, server_str); +#ifndef NO_AFS if(do_afslog && k_hasafs()) krb5_afslog(context, ccache, NULL, NULL); +#endif if(argc > 1) { struct renew_ctx ctx; time_t timeout; @@ -829,19 +896,20 @@ main (int argc, char **argv) ctx.principal = principal; ctx.ticket_life = ticket_life; - ret = simple_execvp_timed(argv[1], argv+1, + ret = simple_execvp_timed(argv[1], argv+1, renew_func, &ctx, timeout); #define EX_NOEXEC 126 #define EX_NOTFOUND 127 if(ret == EX_NOEXEC) - krb5_warnx(context, "permission denied: %s", argv[1]); + krb5_warnx(context, N_("permission denied: %s", ""), argv[1]); else if(ret == EX_NOTFOUND) - krb5_warnx(context, "command not found: %s", argv[1]); - + krb5_warnx(context, N_("command not found: %s", ""), argv[1]); + krb5_cc_destroy(context, ccache); - _krb5_krb_dest_tkt(context, krb4_cc_name); +#ifndef NO_AFS if(k_hasafs()) k_unlog(); +#endif } else { krb5_cc_close (context, ccache); ret = 0; diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1 index 65ed7d36aa1..8ebad7d1bac 100644 --- a/crypto/heimdal/kuser/klist.1 +++ b/crypto/heimdal/kuser/klist.1 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: klist.1 20458 2007-04-19 20:41:27Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd October 6, 2005 .Dt KLIST 1 @@ -41,17 +41,17 @@ .Nm .Bk -words .Oo Fl c Ar cache \*(Ba Xo -.Fl -cache= Ns Ar cache +.Fl Fl cache= Ns Ar cache .Xc .Oc -.Op Fl s | Fl t | Fl -test -.Op Fl T | Fl -tokens -.Op Fl 5 | Fl -v5 -.Op Fl v | Fl -verbose -.Op Fl l | Fl -list-caches +.Op Fl s | Fl t | Fl Fl test +.Op Fl T | Fl Fl tokens +.Op Fl 5 | Fl Fl v5 +.Op Fl v | Fl Fl verbose +.Op Fl l | Fl Fl list-caches .Op Fl f -.Op Fl -version -.Op Fl -help +.Op Fl Fl version +.Op Fl Fl help .Ek .Sh DESCRIPTION .Nm @@ -60,27 +60,14 @@ known as the ticket file). .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl c Ar cache , -.Fl -cache= Ns Ar cache -.Xc +.It Fl c Ar cache , Fl Fl cache= Ns Ar cache credential cache to list -.It Xo -.Fl s , -.Fl t , -.Fl -test -.Xc +.It Fl s , Fl t , Fl Fl test Test for there being an active and valid TGT for the local realm of the user in the credential cache. -.It Xo -.Fl T , -.Fl -tokens -.Xc +.It Fl T , Fl Fl tokens display AFS tokens -.It Xo -.Fl 5 , -.Fl -v5 -.Xc +.It Fl 5 , Fl Fl v5 display v5 cred cache (this is the default) .It Fl f Include ticket flags in short form, each character stands for a @@ -111,12 +98,9 @@ hardware authenticated .El .Pp This information is also output with the -.Fl -verbose +.Fl Fl verbose option, but in a more verbose way. -.It Xo -.Fl v , -.Fl -verbose -.Xc +.It Fl v , Fl Fl verbose Verbose output. Include all possible information: .Bl -tag -width XXXX -offset indent .It Server @@ -141,10 +125,7 @@ the flags set on the ticket .It Addresses the set of addresses from which this ticket is valid .El -.It Xo -.Fl l , -.Fl -list-caches -.Xc +.It Fl l , Fl Fl list-caches List the credential caches for the current users, not all cache types supports listing multiple caches. .Pp diff --git a/crypto/heimdal/kuser/klist.c b/crypto/heimdal/kuser/klist.c index 3148ddc275e..895a7493776 100644 --- a/crypto/heimdal/kuser/klist.c +++ b/crypto/heimdal/kuser/klist.c @@ -1,65 +1,77 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" #include "rtbl.h" +#include "parse_units.h" +#include "kcc-commands.h" -RCSID("$Id: klist.c 20516 2007-04-22 10:40:41Z lha $"); +static char* +printable_time_internal(time_t t, int x) +{ + static char s[128]; + char *p; + + if ((p = ctime(&t)) == NULL) + strlcpy(s, "?", sizeof(s)); + else + strlcpy(s, p + 4, sizeof(s)); + s[x] = 0; + return s; +} static char* printable_time(time_t t) { - static char s[128]; - strlcpy(s, ctime(&t)+ 4, sizeof(s)); - s[15] = 0; - return s; + return printable_time_internal(t, 20); } static char* printable_time_long(time_t t) { - static char s[128]; - strlcpy(s, ctime(&t)+ 4, sizeof(s)); - s[20] = 0; - return s; + return printable_time_internal(t, 20); } -#define COL_ISSUED " Issued" -#define COL_EXPIRES " Expires" -#define COL_FLAGS "Flags" -#define COL_PRINCIPAL " Principal" -#define COL_PRINCIPAL_KVNO " Principal (kvno)" -#define COL_CACHENAME " Cache name" +#define COL_ISSUED NP_(" Issued","") +#define COL_EXPIRES NP_(" Expires", "") +#define COL_FLAGS NP_("Flags", "") +#define COL_NAME NP_(" Name", "") +#define COL_PRINCIPAL NP_(" Principal", "in klist output") +#define COL_PRINCIPAL_KVNO NP_(" Principal (kvno)", "in klist output") +#define COL_CACHENAME NP_(" Cache name", "name in klist output") +#define COL_DEFCACHE NP_("", "") static void print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) @@ -77,12 +89,12 @@ print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) else rtbl_add_column_entry(ct, COL_ISSUED, printable_time(cred->times.authtime)); - + if(cred->times.endtime > sec) rtbl_add_column_entry(ct, COL_EXPIRES, printable_time(cred->times.endtime)); else - rtbl_add_column_entry(ct, COL_EXPIRES, ">>>Expired<<<"); + rtbl_add_column_entry(ct, COL_EXPIRES, N_(">>>Expired<<<", "")); ret = krb5_unparse_name (context, cred->server, &str); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); @@ -111,7 +123,7 @@ print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) *sp++ = 'A'; if(cred->flags.b.hw_authent) *sp++ = 'H'; - *sp++ = '\0'; + *sp = '\0'; rtbl_add_column_entry(ct, COL_FLAGS, s); } free(str); @@ -120,10 +132,9 @@ print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) static void print_cred_verbose(krb5_context context, krb5_creds *cred) { - int j; + size_t j; char *str; krb5_error_code ret; - int first_flag; krb5_timestamp sec; krb5_timeofday (context, &sec); @@ -131,13 +142,13 @@ print_cred_verbose(krb5_context context, krb5_creds *cred) ret = krb5_unparse_name(context, cred->server, &str); if(ret) exit(1); - printf("Server: %s\n", str); + printf(N_("Server: %s\n", ""), str); free (str); ret = krb5_unparse_name(context, cred->client, &str); if(ret) exit(1); - printf("Client: %s\n", str); + printf(N_("Client: %s\n", ""), str); free (str); { @@ -147,71 +158,63 @@ print_cred_verbose(krb5_context context, krb5_creds *cred) decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); ret = krb5_enctype_to_string(context, t.enc_part.etype, &s); - printf("Ticket etype: "); + printf(N_("Ticket etype: ", "")); if (ret == 0) { printf("%s", s); free(s); } else { - printf("unknown(%d)", t.enc_part.etype); + printf(N_("unknown-enctype(%d)", ""), t.enc_part.etype); } if(t.enc_part.kvno) - printf(", kvno %d", *t.enc_part.kvno); + printf(N_(", kvno %d", ""), *t.enc_part.kvno); printf("\n"); if(cred->session.keytype != t.enc_part.etype) { ret = krb5_enctype_to_string(context, cred->session.keytype, &str); if(ret) krb5_warn(context, ret, "session keytype"); else { - printf("Session key: %s\n", str); + printf(N_("Session key: %s\n", "enctype"), str); free(str); } } free_Ticket(&t); - printf("Ticket length: %lu\n", (unsigned long)cred->ticket.length); + printf(N_("Ticket length: %lu\n", ""), + (unsigned long)cred->ticket.length); } - printf("Auth time: %s\n", printable_time_long(cred->times.authtime)); + printf(N_("Auth time: %s\n", ""), + printable_time_long(cred->times.authtime)); if(cred->times.authtime != cred->times.starttime) - printf("Start time: %s\n", printable_time_long(cred->times.starttime)); - printf("End time: %s", printable_time_long(cred->times.endtime)); + printf(N_("Start time: %s\n", ""), + printable_time_long(cred->times.starttime)); + printf(N_("End time: %s", ""), + printable_time_long(cred->times.endtime)); if(sec > cred->times.endtime) - printf(" (expired)"); + printf(N_(" (expired)", "")); printf("\n"); if(cred->flags.b.renewable) - printf("Renew till: %s\n", + printf(N_("Renew till: %s\n", ""), printable_time_long(cred->times.renew_till)); - printf("Ticket flags: "); -#define PRINT_FLAG2(f, s) if(cred->flags.b.f) { if(!first_flag) printf(", "); printf("%s", #s); first_flag = 0; } -#define PRINT_FLAG(f) PRINT_FLAG2(f, f) - first_flag = 1; - PRINT_FLAG(forwardable); - PRINT_FLAG(forwarded); - PRINT_FLAG(proxiable); - PRINT_FLAG(proxy); - PRINT_FLAG2(may_postdate, may-postdate); - PRINT_FLAG(postdated); - PRINT_FLAG(invalid); - PRINT_FLAG(renewable); - PRINT_FLAG(initial); - PRINT_FLAG2(pre_authent, pre-authenticated); - PRINT_FLAG2(hw_authent, hw-authenticated); - PRINT_FLAG2(transited_policy_checked, transited-policy-checked); - PRINT_FLAG2(ok_as_delegate, ok-as-delegate); - PRINT_FLAG(anonymous); - printf("\n"); - printf("Addresses: "); + { + char flags[1024]; + unparse_flags(TicketFlags2int(cred->flags.b), + asn1_TicketFlags_units(), + flags, sizeof(flags)); + printf(N_("Ticket flags: %s\n", ""), flags); + } + printf(N_("Addresses: ", "")); if (cred->addresses.len != 0) { for(j = 0; j < cred->addresses.len; j++){ char buf[128]; size_t len; if(j) printf(", "); - ret = krb5_print_address(&cred->addresses.val[j], + ret = krb5_print_address(&cred->addresses.val[j], buf, sizeof(buf), &len); - + if(ret == 0) printf("%s", buf); } } else { - printf("addressless"); + printf(N_("addressless", "")); } printf("\n\n"); } @@ -229,10 +232,10 @@ print_tickets (krb5_context context, int do_hidden) { krb5_error_code ret; - char *str; + char *str, *name; krb5_cc_cursor cursor; krb5_creds creds; - int32_t sec, usec; + krb5_deltat sec; rtbl_t ct = NULL; @@ -240,20 +243,30 @@ print_tickets (krb5_context context, if (ret) krb5_err (context, 1, ret, "krb5_unparse_name"); - printf ("%17s: %s:%s\n", - "Credentials cache", + printf ("%17s: %s:%s\n", + N_("Credentials cache", ""), krb5_cc_get_type(context, ccache), krb5_cc_get_name(context, ccache)); - printf ("%17s: %s\n", "Principal", str); - free (str); - - if(do_verbose) - printf ("%17s: %d\n", "Cache version", - krb5_cc_get_version(context, ccache)); - - krb5_get_kdc_sec_offset(context, &sec, &usec); + printf ("%17s: %s\n", N_("Principal", ""), str); - if (do_verbose && sec != 0) { + ret = krb5_cc_get_friendly_name(context, ccache, &name); + if (ret == 0) { + if (strcmp(name, str) != 0) + printf ("%17s: %s\n", N_("Friendly name", ""), name); + free(name); + } + free (str); + + if(do_verbose) { + printf ("%17s: %d\n", N_("Cache version", ""), + krb5_cc_get_version(context, ccache)); + } else { + krb5_cc_set_flags(context, ccache, KRB5_TC_NOTICKET); + } + + ret = krb5_cc_get_kdc_offset(context, ccache, &sec); + + if (ret == 0 && do_verbose && sec != 0) { char buf[BUFSIZ]; int val; int sig; @@ -264,10 +277,10 @@ print_tickets (krb5_context context, sig = -1; val = -val; } - + unparse_time (val, buf, sizeof(buf)); - printf ("%17s: %s%s\n", "KDC time offset", + printf ("%17s: %s%s\n", N_("KDC time offset", ""), sig == -1 ? "-" : "", buf); } @@ -290,9 +303,7 @@ print_tickets (krb5_context context, ccache, &cursor, &creds)) == 0) { - const char *str; - str = krb5_principal_get_comp_string(context, creds.server, 0); - if (!do_hidden && str && str[0] == '@') { + if (!do_hidden && krb5_is_config_principal(context, creds.server)) { ; }else if(do_verbose){ print_cred_verbose(context, &creds); @@ -326,16 +337,15 @@ check_for_tgt (krb5_context context, krb5_error_code ret; krb5_creds pattern; krb5_creds creds; - krb5_realm *client_realm; + krb5_const_realm client_realm; int expired; krb5_cc_clear_mcred(&pattern); - client_realm = krb5_princ_realm (context, principal); + client_realm = krb5_principal_get_realm(context, principal); ret = krb5_make_principal (context, &pattern.server, - *client_realm, KRB5_TGS_NAME, *client_realm, - NULL); + client_realm, KRB5_TGS_NAME, client_realm, NULL); if (ret) krb5_err (context, 1, ret, "krb5_make_principal"); pattern.client = principal; @@ -362,6 +372,8 @@ check_for_tgt (krb5_context context, * Print a list of all AFS tokens */ +#ifndef NO_AFS + static void display_tokens(int do_verbose) { @@ -414,53 +426,40 @@ display_tokens(int do_verbose) strlcpy (buf2, printable_time(ct.EndTimestamp), sizeof(buf2)); else - strlcpy (buf2, ">>> Expired <<<", sizeof(buf2)); + strlcpy (buf2, N_(">>> Expired <<<", ""), sizeof(buf2)); printf("%s %s ", buf1, buf2); if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) - printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); + printf(N_("User's (AFS ID %d) tokens for %s", ""), ct.ViceId, cell); else - printf("Tokens for %s", cell); + printf(N_("Tokens for %s", ""), cell); if (do_verbose) printf(" (%d)", ct.AuthHandle); putchar('\n'); } } +#endif /* * display the ccache in `cred_cache' */ static int -display_v5_ccache (const char *cred_cache, int do_test, int do_verbose, +display_v5_ccache (krb5_context context, krb5_ccache ccache, + int do_test, int do_verbose, int do_flags, int do_hidden) { krb5_error_code ret; - krb5_context context; - krb5_ccache ccache; krb5_principal principal; int exit_status = 0; - ret = krb5_init_context (&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - if(cred_cache) { - ret = krb5_cc_resolve(context, cred_cache, &ccache); - if (ret) - krb5_err (context, 1, ret, "%s", cred_cache); - } else { - ret = krb5_cc_default (context, &ccache); - if (ret) - krb5_err (context, 1, ret, "krb5_cc_resolve"); - } ret = krb5_cc_get_principal (context, ccache, &principal); if (ret) { if(ret == ENOENT) { if (!do_test) - krb5_warnx(context, "No ticket file: %s", + krb5_warnx(context, N_("No ticket file: %s", ""), krb5_cc_get_name(context, ccache)); return 1; } else @@ -477,7 +476,7 @@ display_v5_ccache (const char *cred_cache, int do_test, int do_verbose, krb5_err (context, 1, ret, "krb5_cc_close"); krb5_free_principal (context, principal); - krb5_free_context (context); + return exit_status; } @@ -486,17 +485,19 @@ display_v5_ccache (const char *cred_cache, int do_test, int do_verbose, */ static int -list_caches(void) +list_caches(krb5_context context) { krb5_cc_cache_cursor cursor; - krb5_context context; + const char *cdef_name; + char *def_name; krb5_error_code ret; krb5_ccache id; rtbl_t ct; - - ret = krb5_init_context (&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); + + cdef_name = krb5_cc_default_name(context); + if (cdef_name == NULL) + krb5_errx(context, 1, "krb5_cc_default_name"); + def_name = strdup(cdef_name); ret = krb5_cc_cache_get_first (context, NULL, &cursor); if (ret == KRB5_CC_NOSUPP) @@ -505,41 +506,61 @@ list_caches(void) krb5_err (context, 1, ret, "krb5_cc_cache_get_first"); ct = rtbl_create(); - rtbl_add_column(ct, COL_PRINCIPAL, 0); + rtbl_add_column(ct, COL_NAME, 0); rtbl_add_column(ct, COL_CACHENAME, 0); rtbl_add_column(ct, COL_EXPIRES, 0); + rtbl_add_column(ct, COL_DEFCACHE, 0); rtbl_set_prefix(ct, " "); - rtbl_set_column_prefix(ct, COL_PRINCIPAL, ""); + rtbl_set_column_prefix(ct, COL_NAME, ""); - while ((ret = krb5_cc_cache_next (context, cursor, &id)) == 0) { - krb5_principal principal; + while (krb5_cc_cache_next (context, cursor, &id) == 0) { + krb5_principal principal = NULL; + int expired = 0; char *name; + time_t t; ret = krb5_cc_get_principal(context, id, &principal); - if (ret == 0) { - time_t t; - int expired = check_for_tgt (context, id, principal, &t); + if (ret) + continue; - ret = krb5_unparse_name(context, principal, &name); - if (ret == 0) { - rtbl_add_column_entry(ct, COL_PRINCIPAL, name); - rtbl_add_column_entry(ct, COL_CACHENAME, - krb5_cc_get_name(context, id)); - rtbl_add_column_entry(ct, COL_EXPIRES, - expired ? ">>> Expired <<<" : - printable_time(t)); - free(name); - krb5_free_principal(context, principal); - } + expired = check_for_tgt (context, id, principal, &t); + + ret = krb5_cc_get_friendly_name(context, id, &name); + if (ret == 0) { + const char *str; + char *fname; + rtbl_add_column_entry(ct, COL_NAME, name); + rtbl_add_column_entry(ct, COL_CACHENAME, + krb5_cc_get_name(context, id)); + if (expired) + str = N_(">>> Expired <<<", ""); + else + str = printable_time(t); + rtbl_add_column_entry(ct, COL_EXPIRES, str); + free(name); + + ret = krb5_cc_get_full_name(context, id, &fname); + if (ret) + krb5_err (context, 1, ret, "krb5_cc_get_full_name"); + + if (strcmp(fname, def_name) == 0) + rtbl_add_column_entry(ct, COL_DEFCACHE, "*"); + else + rtbl_add_column_entry(ct, COL_DEFCACHE, ""); + + krb5_xfree(fname); } krb5_cc_close(context, id); + + krb5_free_principal(context, principal); } krb5_cc_cache_end_seq_get(context, cursor); + free(def_name); rtbl_format(ct, stdout); rtbl_destroy(ct); - + return 0; } @@ -547,92 +568,68 @@ list_caches(void) * */ -static int version_flag = 0; -static int help_flag = 0; -static int do_verbose = 0; -static int do_list_caches = 0; -static int do_test = 0; -static int do_tokens = 0; -static int do_v5 = 1; -static char *cred_cache; -static int do_flags = 0; -static int do_hidden = 0; - -static struct getargs args[] = { - { NULL, 'f', arg_flag, &do_flags }, - { "cache", 'c', arg_string, &cred_cache, - "credentials cache to list", "cache" }, - { "test", 't', arg_flag, &do_test, - "test for having tickets", NULL }, - { NULL, 's', arg_flag, &do_test }, - { "tokens", 'T', arg_flag, &do_tokens, - "display AFS tokens", NULL }, - { "v5", '5', arg_flag, &do_v5, - "display v5 cred cache", NULL}, - { "list-caches", 'l', arg_flag, &do_list_caches, - "verbose output", NULL }, - { "verbose", 'v', arg_flag, &do_verbose, - "verbose output", NULL }, - { "hidden", 0, arg_flag, &do_hidden, - "display hidden credentials", NULL }, - { NULL, 'a', arg_flag, &do_verbose }, - { NULL, 'n', arg_flag, &do_verbose }, - { "version", 0, arg_flag, &version_flag, - "print version", NULL }, - { "help", 0, arg_flag, &help_flag, - NULL, NULL} -}; - -static void -usage (int ret) -{ - arg_printusage (args, - sizeof(args)/sizeof(*args), - NULL, - ""); - exit (ret); -} - int -main (int argc, char **argv) +klist(struct klist_options *opt, int argc, char **argv) { - int optidx = 0; + krb5_error_code ret; int exit_status = 0; - setprogname (argv[0]); + int do_verbose = + opt->verbose_flag || + opt->a_flag || + opt->n_flag; + int do_test = + opt->test_flag || + opt->s_flag; - if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) - usage(1); - - if (help_flag) - usage (0); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - argc -= optidx; - argv += optidx; - - if (argc != 0) - usage (1); - - if (do_list_caches) { - exit_status = list_caches(); + if (opt->list_all_flag) { + exit_status = list_caches(kcc_context); return exit_status; } - if (do_v5) - exit_status = display_v5_ccache (cred_cache, do_test, - do_verbose, do_flags, do_hidden); + if (opt->v5_flag) { + krb5_ccache id; + + if (opt->all_content_flag) { + krb5_cc_cache_cursor cursor; + + ret = krb5_cc_cache_get_first(kcc_context, NULL, &cursor); + if (ret) + krb5_err(kcc_context, 1, ret, "krb5_cc_cache_get_first"); + + + while (krb5_cc_cache_next(kcc_context, cursor, &id) == 0) { + exit_status |= display_v5_ccache(kcc_context, id, do_test, + do_verbose, opt->flags_flag, + opt->hidden_flag); + printf("\n\n"); + } + krb5_cc_cache_end_seq_get(kcc_context, cursor); + + } else { + if(opt->cache_string) { + ret = krb5_cc_resolve(kcc_context, opt->cache_string, &id); + if (ret) + krb5_err(kcc_context, 1, ret, "%s", opt->cache_string); + } else { + ret = krb5_cc_default(kcc_context, &id); + if (ret) + krb5_err(kcc_context, 1, ret, "krb5_cc_resolve"); + } + exit_status = display_v5_ccache(kcc_context, id, do_test, + do_verbose, opt->flags_flag, + opt->hidden_flag); + } + } if (!do_test) { - if (do_tokens && k_hasafs ()) { - if (do_v5) - printf ("\n"); - display_tokens (do_verbose); +#ifndef NO_AFS + if (opt->tokens_flag && k_hasafs()) { + if (opt->v5_flag) + printf("\n"); + display_tokens(opt->verbose_flag); } +#endif } return exit_status; diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/kuser/kswitch.1 similarity index 65% rename from crypto/heimdal/lib/krb5/krb5_context.3 rename to crypto/heimdal/kuser/kswitch.1 index 5bfcc26c710..e98d0e2bf5e 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/kuser/kswitch.1 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" Copyright (c) 2009 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,28 +29,57 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_context.3 12329 2003-05-26 14:09:04Z lha $ -.\" -.Dd January 21, 2001 -.Dt KRB5_CONTEXT 3 -.Os HEIMDAL +.Dd Augusti 25, 2009 +.Dt KSWITCH SECTION +.Os OPERATING_SYSTEM .Sh NAME -.Nm krb5_context -.Nd krb5 state structure -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) +.Nm kswitch +.Nd switch between default credential caches .Sh SYNOPSIS -.In krb5.h -.Sh DESCRIPTION -The .Nm -structure is designed to hold all per thread state. All global -variables that are context specific are stored in this structure, -including default encryption types, credentials-cache (ticket file), and -default realms. -.Pp -The internals of the structure should never be accessed directly, -functions exist for extracting information. -.Sh SEE ALSO -.Xr krb5_init_context 3 , -.Xr kerberos 8 +.Oo Fl t Ar type \*(Ba Xo +.Fl Fl type= Ns Ar type +.Xc +.Oc +.Oo Fl c Ar cache \*(Ba Xo +.Fl Fl cache= Ns Ar cache +.Xc +.Oc +.Oo Fl p Ar principal \*(Ba Xo +.Fl Fl principal= Ns Ar principal +.Xc +.Oc +.Op Fl i | Fl Fl interactive +.Op Fl Fl version +.Op Fl Fl help +.Sh DESCRIPTION +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl t Ar type , +.Fl Fl type= Ns Ar type +.Xc +type of credential cache +.It Xo +.Fl c Ar cache , +.Fl Fl cache= Ns Ar cache +.Xc +name of credential cache to switch to +.It Xo +.Fl p Ar principal , +.Fl Fl principal= Ns Ar principal +.Xc +name of principal to switch to +.It Xo +.Fl i , +.Fl Fl interactive +.Xc +interactive switching between credentials. +.It Xo +.Fl Fl version +.Xc +print version +.It Xo +.Fl Fl help +.Xc +.El diff --git a/crypto/heimdal/kuser/kswitch.c b/crypto/heimdal/kuser/kswitch.c new file mode 100644 index 00000000000..cdb6ee11cae --- /dev/null +++ b/crypto/heimdal/kuser/kswitch.c @@ -0,0 +1,172 @@ +/* + * Copyright (c) 2008 - 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kuser_locl.h" +#include "kcc-commands.h" + +#ifdef HAVE_READLINE +char *readline(const char *prompt); +#else + +static char * +readline(const char *prompt) +{ + char buf[BUFSIZ]; + printf ("%s", prompt); + fflush (stdout); + if(fgets(buf, sizeof(buf), stdin) == NULL) + return NULL; + buf[strcspn(buf, "\r\n")] = '\0'; + return strdup(buf); +} + +#endif + +/* + * + */ + +int +kswitch(struct kswitch_options *opt, int argc, char **argv) +{ + krb5_error_code ret; + krb5_ccache id = NULL; + + if (opt->cache_string && opt->principal_string) + krb5_errx(kcc_context, 1, + N_("Both --cache and --principal given, choose one", "")); + + if (opt->interactive_flag) { + krb5_cc_cache_cursor cursor; + krb5_ccache *ids = NULL; + size_t i, len = 0; + char *name; + rtbl_t ct; + + ct = rtbl_create(); + + rtbl_add_column_by_id(ct, 0, "#", 0); + rtbl_add_column_by_id(ct, 1, "Principal", 0); + rtbl_set_column_affix_by_id(ct, 1, " ", ""); + rtbl_add_column_by_id(ct, 2, "Type", 0); + rtbl_set_column_affix_by_id(ct, 2, " ", ""); + + ret = krb5_cc_cache_get_first(kcc_context, NULL, &cursor); + if (ret) + krb5_err(kcc_context, 1, ret, "krb5_cc_cache_get_first"); + + while (krb5_cc_cache_next(kcc_context, cursor, &id) == 0) { + krb5_principal p; + char num[10]; + + ret = krb5_cc_get_principal(kcc_context, id, &p); + if (ret) + continue; + + ret = krb5_unparse_name(kcc_context, p, &name); + krb5_free_principal(kcc_context, p); + + snprintf(num, sizeof(num), "%d", (int)(len + 1)); + rtbl_add_column_entry_by_id(ct, 0, num); + rtbl_add_column_entry_by_id(ct, 1, name); + rtbl_add_column_entry_by_id(ct, 2, krb5_cc_get_type(kcc_context, id)); + free(name); + + ids = erealloc(ids, (len + 1) * sizeof(ids[0])); + ids[len] = id; + len++; + } + krb5_cc_cache_end_seq_get(kcc_context, cursor); + + rtbl_format(ct, stdout); + rtbl_destroy(ct); + + name = readline("Select number: "); + if (name) { + i = atoi(name); + if (i == 0) + krb5_errx(kcc_context, 1, "Cache number '%s' is invalid", name); + if (i > len) + krb5_errx(kcc_context, 1, "Cache number '%s' is too large", name); + + id = ids[i - 1]; + ids[i - 1] = NULL; + } else + krb5_errx(kcc_context, 1, "No cache selected"); + for (i = 0; i < len; i++) + if (ids[i]) + krb5_cc_close(kcc_context, ids[i]); + + } else if (opt->principal_string) { + krb5_principal p; + + ret = krb5_parse_name(kcc_context, opt->principal_string, &p); + if (ret) + krb5_err(kcc_context, 1, ret, "krb5_parse_name: %s", + opt->principal_string); + + ret = krb5_cc_cache_match(kcc_context, p, &id); + if (ret) + krb5_err(kcc_context, 1, ret, + N_("Did not find principal: %s", ""), + opt->principal_string); + + krb5_free_principal(kcc_context, p); + + } else if (opt->cache_string) { + const krb5_cc_ops *ops; + char *str; + + ops = krb5_cc_get_prefix_ops(kcc_context, opt->type_string); + if (ops == NULL) + krb5_err(kcc_context, 1, 0, "krb5_cc_get_prefix_ops"); + + asprintf(&str, "%s:%s", ops->prefix, opt->cache_string); + if (str == NULL) + krb5_errx(kcc_context, 1, N_("out of memory", "")); + + ret = krb5_cc_resolve(kcc_context, str, &id); + if (ret) + krb5_err(kcc_context, 1, ret, "krb5_cc_resolve: %s", str); + + free(str); + } else { + krb5_errx(kcc_context, 1, "missing option for kswitch"); + } + + ret = krb5_cc_switch(kcc_context, id); + if (ret) + krb5_err(kcc_context, 1, ret, "krb5_cc_switch"); + + return 0; +} diff --git a/crypto/heimdal/kuser/kuser_locl.h b/crypto/heimdal/kuser/kuser_locl.h index 36ea01a9a59..82e6eb2e22b 100644 --- a/crypto/heimdal/kuser/kuser_locl.h +++ b/crypto/heimdal/kuser/kuser_locl.h @@ -1,44 +1,42 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kuser_locl.h 20458 2007-04-19 20:41:27Z lha $ */ +/* $Id$ */ #ifndef __KUSER_LOCL_H__ #define __KUSER_LOCL_H__ -#ifdef HAVE_CONFIG_H #include -#endif #include #include @@ -81,7 +79,30 @@ #ifdef HAVE_SYS_IOCCOM_H #include #endif +#ifndef NO_AFS #include -#include "crypto-headers.h" /* for des_read_pw_string */ +#endif +#include "crypto-headers.h" /* for UI_UTIL_read_pw_string */ + +#include + +#ifdef HAVE_LOCALE_H +#include +#endif + +#ifdef LIBINTL +#include +#define N_(x,y) gettext(x) +#define NP_(x,y) (x) +#define getarg_i18n gettext +#else +#define N_(x,y) (x) +#define NP_(x,y) (x) +#define getarg_i18n NULL +#define bindtextdomain(package, localedir) +#define textdomain(package) +#endif + +extern krb5_context kcc_context; #endif /* __KUSER_LOCL_H__ */ diff --git a/crypto/heimdal/kuser/kverify.c b/crypto/heimdal/kuser/kverify.c index 888658d9529..64bd54a2bea 100644 --- a/crypto/heimdal/kuser/kverify.c +++ b/crypto/heimdal/kuser/kverify.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2005, 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005, 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kuser_locl.h" -RCSID("$Id: kverify.c 19920 2007-01-15 23:21:32Z lha $"); - static int help_flag = 0; static int version_flag = 0; @@ -69,7 +67,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -77,7 +75,7 @@ main(int argc, char **argv) print_version(NULL); exit(0); } - + argc -= optidx; argv += optidx; @@ -94,11 +92,16 @@ main(int argc, char **argv) 1); krb5_verify_init_creds_opt_init (&verify_options); - + if (argc) { ret = krb5_parse_name(context, argv[0], &principal); if (ret) krb5_err(context, 1, ret, "krb5_parse_name: %s", argv[0]); + } else { + ret = krb5_get_default_principal(context, &principal); + if (ret) + krb5_err(context, 1, ret, "krb5_get_default_principal"); + } ret = krb5_get_init_creds_password (context, @@ -111,7 +114,7 @@ main(int argc, char **argv) NULL, get_options); if (ret) - errx (1, "krb5_get_init_creds: %s", krb5_get_err_text(context, ret)); + krb5_err(context, 1, ret, "krb5_get_init_creds"); ret = krb5_verify_init_creds (context, &cred, @@ -120,8 +123,7 @@ main(int argc, char **argv) NULL, &verify_options); if (ret) - errx (1, "krb5_verify_init_creds: %s", - krb5_get_err_text(context, ret)); + krb5_err(context, 1, ret, "krb5_verify_init_creds"); krb5_free_cred_contents (context, &cred); krb5_free_context (context); return 0; diff --git a/crypto/heimdal/lib/45/Makefile.am b/crypto/heimdal/lib/45/Makefile.am deleted file mode 100644 index 7ffa8c3ba67..00000000000 --- a/crypto/heimdal/lib/45/Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ -# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $ - -include $(top_srcdir)/Makefile.am.common - -AM_CPPFLAGS += $(INCLUDE_krb4) - -lib_LIBRARIES = @EXTRA_LIB45@ - -EXTRA_LIBRARIES = lib45.a - -lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in deleted file mode 100644 index fc6ff540cd4..00000000000 --- a/crypto/heimdal/lib/45/Makefile.in +++ /dev/null @@ -1,787 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am 14164 2004-08-26 11:55:29Z joda $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common -subdir = lib/45 -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/framework-security.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ - $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ - $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ - $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" -libLIBRARIES_INSTALL = $(INSTALL_DATA) -LIBRARIES = $(lib_LIBRARIES) -ARFLAGS = cru -lib45_a_AR = $(AR) $(ARFLAGS) -lib45_a_LIBADD = -am_lib45_a_OBJECTS = get_ad_tkt.$(OBJEXT) mk_req.$(OBJEXT) -lib45_a_OBJECTS = $(am_lib45_a_OBJECTS) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(lib45_a_SOURCES) -DIST_SOURCES = $(lib45_a_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DBLIB = @DBLIB@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ -DIR_hcrypto = @DIR_hcrypto@ -DIR_hdbdir = @DIR_hdbdir@ -DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -GREP = @GREP@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_hcrypto = @INCLUDE_hcrypto@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBADD_roken = @LIBADD_roken@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hcrypto = @LIB_hcrypto@ -LIB_hcrypto_a = @LIB_hcrypto_a@ -LIB_hcrypto_appl = @LIB_hcrypto_appl@ -LIB_hcrypto_so = @LIB_hcrypto_so@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ -LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ -LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_ndestroy = @LIB_res_ndestroy@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NROFF = @NROFF@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -XMKMF = @XMKMF@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__leading_dot = @am__leading_dot@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) -CP = cp -buildinclude = $(top_builddir)/include -LIB_getattr = @LIB_getattr@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_setpcred = @LIB_setpcred@ -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -lib_LIBRARIES = @EXTRA_LIB45@ -EXTRA_LIBRARIES = lib45.a -lib45_a_SOURCES = get_ad_tkt.c mk_req.c 45_locl.h -all: all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/45/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/45/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -install-libLIBRARIES: $(lib_LIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(libLIBRARIES_INSTALL) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(libLIBRARIES_INSTALL) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ - else :; fi; \ - done - @$(POST_INSTALL) - @list='$(lib_LIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - p=$(am__strip_dir) \ - echo " $(RANLIB) '$(DESTDIR)$(libdir)/$$p'"; \ - $(RANLIB) "$(DESTDIR)$(libdir)/$$p"; \ - else :; fi; \ - done - -uninstall-libLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - rm -f "$(DESTDIR)$(libdir)/$$p"; \ - done - -clean-libLIBRARIES: - -test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES) -lib45.a: $(lib45_a_OBJECTS) $(lib45_a_DEPENDENCIES) - -rm -f lib45.a - $(lib45_a_AR) lib45.a $(lib45_a_OBJECTS) $(lib45_a_LIBADD) - $(RANLIB) lib45.a - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -.c.o: - $(COMPILE) -c $< - -.c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: - $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-am -all-am: Makefile $(LIBRARIES) all-local -installdirs: - for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libLIBRARIES clean-libtool \ - mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-dvi: install-dvi-am - -install-exec-am: install-libLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-libLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am - -.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ - clean clean-generic clean-libLIBRARIES clean-libtool ctags \ - dist-hook distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-hook install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-html \ - install-html-am install-info install-info-am \ - install-libLIBRARIES install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-hook \ - uninstall-libLIBRARIES - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/45/get_ad_tkt.c b/crypto/heimdal/lib/45/get_ad_tkt.c deleted file mode 100644 index 0d142353eb6..00000000000 --- a/crypto/heimdal/lib/45/get_ad_tkt.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "45_locl.h" - -RCSID("$Id: get_ad_tkt.c 10113 2001-06-18 13:11:33Z assar $"); - -/* get an additional version 4 ticket via the 524 protocol */ - -#ifndef NEVERDATE -#define NEVERDATE ((unsigned long)0x7fffffffL) -#endif - -int -get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) -{ - krb5_error_code ret; - int code; - krb5_context context; - krb5_ccache id; - krb5_creds in_creds, *out_creds; - CREDENTIALS cred; - time_t now; - char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - - ret = krb5_init_context(&context); - if(ret) - return KFAILURE; - ret = krb5_cc_default(context, &id); - if(ret){ - krb5_free_context(context); - return KFAILURE; - } - memset(&in_creds, 0, sizeof(in_creds)); - now = time(NULL); - in_creds.times.endtime = krb_life_to_time(time(NULL), lifetime); - if(in_creds.times.endtime == NEVERDATE) - in_creds.times.endtime = 0; - ret = krb5_cc_get_principal(context, id, &in_creds.client); - if(ret){ - krb5_cc_close(context, id); - krb5_free_context(context); - return KFAILURE; - } - ret = krb5_524_conv_principal(context, in_creds.client, - pname, pinst, prealm); - if(ret){ - krb5_free_principal(context, in_creds.client); - krb5_cc_close(context, id); - krb5_free_context(context); - return KFAILURE; - } - ret = krb5_425_conv_principal(context, service, sinstance, realm, - &in_creds.server); - if(ret){ - krb5_free_principal(context, in_creds.client); - krb5_cc_close(context, id); - krb5_free_context(context); - return KFAILURE; - } - ret = krb5_get_credentials(context, - 0, - id, - &in_creds, - &out_creds); - krb5_free_principal(context, in_creds.client); - krb5_free_principal(context, in_creds.server); - if(ret){ - krb5_cc_close(context, id); - krb5_free_context(context); - return KFAILURE; - } - ret = krb524_convert_creds_kdc_ccache(context, id, out_creds, &cred); - krb5_cc_close(context, id); - krb5_free_context(context); - krb5_free_creds(context, out_creds); - if(ret) - return KFAILURE; - code = save_credentials(cred.service, cred.instance, cred.realm, - cred.session, cred.lifetime, cred.kvno, - &cred.ticket_st, now); - if(code == NO_TKT_FIL) - code = tf_setup(&cred, pname, pinst); - memset(&cred.session, 0, sizeof(cred.session)); - return code; -} diff --git a/crypto/heimdal/lib/45/mk_req.c b/crypto/heimdal/lib/45/mk_req.c deleted file mode 100644 index af63f0b653b..00000000000 --- a/crypto/heimdal/lib/45/mk_req.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* implementation of krb_mk_req that uses 524 protocol */ - -#include "45_locl.h" - -RCSID("$Id: mk_req.c 17445 2006-05-05 10:37:46Z lha $"); - -static int lifetime = 255; - -static void -build_request(KTEXT req, - const char *name, const char *inst, const char *realm, - uint32_t checksum) -{ - struct timeval tv; - krb5_storage *sp; - krb5_data data; - sp = krb5_storage_emem(); - krb5_store_stringz(sp, name); - krb5_store_stringz(sp, inst); - krb5_store_stringz(sp, realm); - krb5_store_int32(sp, checksum); - gettimeofday(&tv, NULL); - krb5_store_int8(sp, tv.tv_usec / 5000); - krb5_store_int32(sp, tv.tv_sec); - krb5_storage_to_data(sp, &data); - krb5_storage_free(sp); - memcpy(req->dat, data.data, data.length); - req->length = (data.length + 7) & ~7; - krb5_data_free(&data); -} - -#ifdef KRB_MK_REQ_CONST -int -krb_mk_req(KTEXT authent, - const char *service, const char *instance, const char *realm, - int32_t checksum) -#else -int -krb_mk_req(KTEXT authent, - char *service, char *instance, char *realm, - int32_t checksum) - -#endif -{ - CREDENTIALS cr; - KTEXT_ST req; - krb5_storage *sp; - int code; - /* XXX get user realm */ - const char *myrealm = realm; - krb5_data a; - - code = krb_get_cred(service, instance, realm, &cr); - if(code || time(NULL) > krb_life_to_time(cr.issue_date, cr.lifetime)){ - code = get_ad_tkt((char *)service, - (char *)instance, (char *)realm, lifetime); - if(code == KSUCCESS) - code = krb_get_cred(service, instance, realm, &cr); - } - - if(code) - return code; - - sp = krb5_storage_emem(); - - krb5_store_int8(sp, KRB_PROT_VERSION); - krb5_store_int8(sp, AUTH_MSG_APPL_REQUEST); - - krb5_store_int8(sp, cr.kvno); - krb5_store_stringz(sp, realm); - krb5_store_int8(sp, cr.ticket_st.length); - - build_request(&req, cr.pname, cr.pinst, myrealm, checksum); - encrypt_ktext(&req, &cr.session, DES_ENCRYPT); - - krb5_store_int8(sp, req.length); - - krb5_storage_write(sp, cr.ticket_st.dat, cr.ticket_st.length); - krb5_storage_write(sp, req.dat, req.length); - krb5_storage_to_data(sp, &a); - krb5_storage_free(sp); - memcpy(authent->dat, a.data, a.length); - authent->length = a.length; - krb5_data_free(&a); - - memset(&cr, 0, sizeof(cr)); - memset(&req, 0, sizeof(req)); - - return KSUCCESS; -} - -/* - * krb_set_lifetime sets the default lifetime for additional tickets - * obtained via krb_mk_req(). - * - * It returns the previous value of the default lifetime. - */ - -int -krb_set_lifetime(int newval) -{ - int olife = lifetime; - - lifetime = newval; - return(olife); -} diff --git a/crypto/heimdal/lib/Makefile.am b/crypto/heimdal/lib/Makefile.am index f1e26e1f2a0..bed19304add 100644 --- a/crypto/heimdal/lib/Makefile.am +++ b/crypto/heimdal/lib/Makefile.am @@ -1,9 +1,9 @@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -if KRB4 -dir_45 = 45 +if LIBEDIT +dir_editline = libedit endif if OTP dir_otp = otp @@ -17,6 +17,29 @@ endif if !HAVE_OPENSSL dir_hcrypto = hcrypto endif +if !SQLITE3 +dir_sqlite = sqlite +endif -SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \ - krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce) +SUBDIRS = \ + roken \ + vers \ + $(dir_editline) \ + $(dir_com_err) \ + sl \ + wind \ + asn1 \ + $(dir_sqlite) \ + $(dir_hcrypto) \ + ipc \ + hx509 \ + krb5 \ + ntlm \ + kafs \ + gssapi \ + hdb \ + kadm5 \ + $(dir_otp) \ + $(dir_dce) + +EXTRA_DIST = NTMakefile heimdal \ No newline at end of file diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in index 6884c24a0e2..d1d771a4011 100644 --- a/crypto/heimdal/lib/Makefile.in +++ b/crypto/heimdal/lib/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,15 +15,16 @@ @SET_MAKE@ -# $Id: Makefile.am 20466 2007-04-20 08:29:05Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,7 +45,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -58,7 +60,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -72,9 +74,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -82,14 +87,13 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -101,58 +105,95 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = roken vers editline com_err sl asn1 hcrypto hx509 krb5 \ - ntlm kafs gssapi hdb kadm5 auth 45 otp kdfs +DIST_SUBDIRS = roken vers libedit com_err sl wind asn1 sqlite hcrypto \ + ipc hx509 krb5 ntlm kafs gssapi hdb kadm5 otp kdfs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -176,10 +217,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -196,6 +238,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -211,31 +255,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -250,10 +308,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -294,54 +354,79 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KRB4_TRUE@dir_45 = 45 +@LIBEDIT_TRUE@dir_editline = libedit @OTP_TRUE@dir_otp = otp @DCE_TRUE@dir_dce = kdfs @COM_ERR_TRUE@dir_com_err = com_err @HAVE_OPENSSL_FALSE@dir_hcrypto = hcrypto -SUBDIRS = roken vers editline $(dir_com_err) sl asn1 $(dir_hcrypto) hx509 \ - krb5 ntlm kafs gssapi hdb kadm5 auth $(dir_45) $(dir_otp) $(dir_dce) +@SQLITE3_FALSE@dir_sqlite = sqlite +SUBDIRS = \ + roken \ + vers \ + $(dir_editline) \ + $(dir_com_err) \ + sl \ + wind \ + asn1 \ + $(dir_sqlite) \ + $(dir_hcrypto) \ + ipc \ + hx509 \ + krb5 \ + ntlm \ + kafs \ + gssapi \ + hdb \ + kadm5 \ + $(dir_otp) \ + $(dir_dce) +EXTRA_DIST = NTMakefile heimdal all: all-recursive .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -359,6 +444,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -373,7 +459,7 @@ clean-libtool: # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -390,7 +476,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -398,7 +484,7 @@ $(RECURSIVE_TARGETS): fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ + @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ @@ -424,16 +510,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -441,14 +527,14 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -460,39 +546,43 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -513,29 +603,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -569,6 +674,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -587,6 +693,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -594,23 +702,31 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -632,9 +748,9 @@ ps-am: uninstall-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ + ctags-recursive install-am install-data-am install-exec-am \ + install-strip tags-recursive uninstall-am .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am all-local check check-am check-local clean \ @@ -720,6 +836,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -805,7 +924,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -818,6 +937,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/asn1/ChangeLog b/crypto/heimdal/lib/asn1/ChangeLog index 9039e253fed..523e24bad03 100644 --- a/crypto/heimdal/lib/asn1/ChangeLog +++ b/crypto/heimdal/lib/asn1/ChangeLog @@ -1,43 +1,59 @@ -2008-01-13 Love Hörnquist Åstrand +2008-04-09 Love Hörnquist Ã…strand + + * pkinit.asn1: add id-pkinit-kdf + + * pkinit.asn1: add PkinitSP80056AOtherInfo + +2008-04-07 Love Hörnquist Ã…strand + + * gen.c: Use unsigned where appropriate. + +2008-03-22 Love Hörnquist Ã…strand + + * k5.asn1: Match name in ClientCanonicalizedNames with -10 + + * k5.asn1: add referral-valid-until + +2008-01-13 Love Hörnquist Ã…strand * asn1-common.h gen.c der.c gen_encode.c: add and use der_{malloc,free} -2007-12-13 Love Hörnquist Åstrand +2007-12-13 Love Hörnquist Ã…strand * libasn1.h: remove, not used. -2007-12-04 Love Hörnquist Åstrand +2007-12-04 Love Hörnquist Ã…strand * Makefile.am: Add DigestTypes, add --seq to antoher type. * digest.asn1: Add supportedMechs request. - -2007-10-18 Love Hörnquist Åstrand + +2007-10-18 Love Hörnquist Ã…strand * k5.asn1: Some "old" windows enctypes. From Andy Polyakov. - -2007-07-23 Love Hörnquist Åstrand + +2007-07-23 Love Hörnquist Ã…strand * Makefile.am: Fold in pk-init-alg-agilty. * pkinit.asn1: Fold in pk-init-alg-agilty. -2007-07-16 Love Hörnquist Åstrand +2007-07-16 Love Hörnquist Ã…strand * parse.y: Passe object id is its part of the module defintion statement. -2007-07-14 Love Hörnquist Åstrand +2007-07-14 Love Hörnquist Ã…strand * check-gen.c: test SEQ OF SIZE (...) * Makefile.am: Include more sizeof tests. -2007-07-12 Love Hörnquist Åstrand +2007-07-12 Love Hörnquist Ã…strand * try to avoid aliasing of pointers enum {} vs int -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * test.asn1: Test SIZE attribute for SEQ and OCTET STRING @@ -45,10 +61,10 @@ * Makefile.am: New library version. -2007-07-02 Love Hörnquist Åstrand +2007-07-02 Love Hörnquist Ã…strand + + * rfc2459.asn1: Re-add size limits. - * rfc2459.asn1: Re-add size limits. - * k5.asn1: Add size limits from RFC 4120. * gen_decode.c: Check range on SEQ OF and OCTET STRING. @@ -57,17 +73,17 @@ * parse.y: Parse size limitations to SEQ OF. -2007-06-28 Love Hörnquist Åstrand +2007-06-28 Love Hörnquist Ã…strand * Makefile.am: Add AuthorityInfoAccessSyntax. * rfc2459.asn1: Add AuthorityInfoAccessSyntax. * rfc2459.asn1: Add authorityInfoAccess, rename proxyCertInfo. - + * Makefile.am: Add authorityInfoAccess, rename proxyCertInfo. -2007-06-27 Love Hörnquist Åstrand +2007-06-27 Love Hörnquist Ã…strand * der_get.c (der_get_time): avoid using wrapping of octet_string and realloc. @@ -95,20 +111,20 @@ * check-der.c: Test zero length integer. -2007-06-18 Love Hörnquist Åstrand +2007-06-18 Love Hörnquist Ã…strand * check-der.c: Init data to something. -2007-06-15 Love Hörnquist Åstrand +2007-06-15 Love Hörnquist Ã…strand * k5.asn1: Add KRB5-AUTHDATA-INITIAL-VERIFIED-CAS. -2007-06-13 Love Hörnquist Åstrand +2007-06-13 Love Hörnquist Ã…strand * pkinit.asn1: Make the pkinit nonce signed (like the kerberos nonce). -2007-06-03 Love Hörnquist Åstrand +2007-06-03 Love Hörnquist Ã…strand * check-der.c: Free more memory. @@ -122,10 +138,10 @@ * der_format.c (der_parse_hex_heim_integer): check length before reading data. - + * check-gen.c (test_authenticator): free memory - -2007-05-31 Love Hörnquist Åstrand + +2007-05-31 Love Hörnquist Ã…strand * Makefile.am: add MS-UPN-SAN @@ -133,13 +149,13 @@ * rfc2459.asn1: Do evil things to handle IMPLICIT encoded structures. Add id-ms-client-authentication. - -2007-05-30 Love Hörnquist Åstrand + +2007-05-30 Love Hörnquist Ã…strand * Makefile.am: Add asn1_id_ms_cert_enroll_domaincontroller.x - -2007-05-10 Love Hörnquist Åstrand - + +2007-05-10 Love Hörnquist Ã…strand + * gen.c: Add struct units; as a forward declaration. Pointed out by Marcus Watts. @@ -148,65 +164,65 @@ * Makefile.am: add U.S. Federal PKI Common Policy Framework * rfc2459.asn1: add U.S. Federal PKI Common Policy Framework - -2007-04-24 Love Hörnquist Åstrand + +2007-04-24 Love Hörnquist Ã…strand * gen_seq.c: Handle the case of resize to 0 and realloc that returns NULL. * check-gen.c (check_seq): free seq. - -2007-04-19 Love Hörnquist Åstrand + +2007-04-19 Love Hörnquist Ã…strand * check-der.c (test_heim_oid_format_same): avoid leaking memory in the non failure case too - -2007-04-16 Love Hörnquist Åstrand - + +2007-04-16 Love Hörnquist Ã…strand + * Makefile.am: remove extra ^Q - -2007-04-11 Love Hörnquist Åstrand - + +2007-04-11 Love Hörnquist Ã…strand + * der_get.c: Allow trailing NULs. We allow this since MIT Kerberos sends an strings in the NEED_PREAUTH case that includes a trailing NUL. - -2007-02-17 Love Hörnquist Åstrand - - + +2007-02-17 Love Hörnquist Ã…strand + + * Makefile.am: Add PA-ClientCanonicalized and friends. * k5.asn1: Add PA-ClientCanonicalized and friends. - -2007-02-08 Love Hörnquist Åstrand + +2007-02-08 Love Hörnquist Ã…strand * check-der.c: Drop one over INT_MAX test-case. - -2007-02-05 Love Hörnquist Åstrand - + +2007-02-05 Love Hörnquist Ã…strand + * pkinit.asn1: add id-pkinit-ms-eku - + * pkinit.asn1: fill in more bits of id-pkinit-ms-san - -2007-02-02 Love Hörnquist Åstrand - + +2007-02-02 Love Hörnquist Ã…strand + * digest.asn1: rename hash-a1 to session key - -2007-02-01 Love Hörnquist Åstrand - + +2007-02-01 Love Hörnquist Ã…strand + * digest.asn1: Add elements to send in requestResponse to KDC and get status of the request. - -2007-01-31 Love Hörnquist Åstrand - + +2007-01-31 Love Hörnquist Ã…strand + * Makefile.am: seq rules for CRLDistributionPoints - -2007-01-30 Love Hörnquist Åstrand - + +2007-01-30 Love Hörnquist Ã…strand + * Makefile.am: add CRLDistributionPoints and friends - -2007-01-20 Love Hörnquist Åstrand - + +2007-01-20 Love Hörnquist Ã…strand + * check-der.c: check BMPstring oddlength more * check-der.c: Test for NUL char in string in GENERAL STRING. @@ -215,24 +231,24 @@ ASN1_BAD_CHARACTER error-code if we find them. * asn1_err.et: Add BAD_CHARACTER error. - -2007-01-16 Love Hörnquist Åstrand - + +2007-01-16 Love Hörnquist Ã…strand + * Makefile.am: Add id-at-streetAddress. * rfc2459.asn1: Add id-at-streetAddress. - -2007-01-12 Love Hörnquist Åstrand - + +2007-01-12 Love Hörnquist Ã…strand + * rfc2459.asn1: Add PKIXXmppAddr and id-pkix-on-xmppAddr. - -2006-12-30 Love Hörnquist Åstrand - + +2006-12-30 Love Hörnquist Ã…strand + * Makefile.am: Add id-pkix-kp oids. * rfc2459.asn1: Add id-pkix-kp oids. - -2006-12-29 Love Hörnquist Åstrand + +2006-12-29 Love Hörnquist Ã…strand * gen_encode.c: Named bit strings have this horrible, disgusting, compress bits until they are no longer really there but stuff in @@ -242,56 +258,56 @@ * check-gen.c: Check all other silly bitstring combinations. * Makefile.am: Add --sequence=Extensions to rfc2459. - -2006-12-28 Love Hörnquist Åstrand - + +2006-12-28 Love Hörnquist Ã…strand + * kx509.asn1: Add kx509. * Makefile.am: Add kx509. * Add VisibleString parsing -2006-12-15 Love Hörnquist Åstrand +2006-12-15 Love Hörnquist Ã…strand * Makefile.am: Add ntlm files. * digest.asn1: Add bits for handling NTLM. - -2006-12-08 Love Hörnquist Åstrand + +2006-12-08 Love Hörnquist Ã…strand * Makefile.am: add pkix proxy cert policy lang oids * rfc2459.asn1: add pkix proxy cert policy lang oids - -2006-12-07 Love Hörnquist Åstrand - + +2006-12-07 Love Hörnquist Ã…strand + * rfc2459.asn1: unbreak id-pe-proxyCertInfo * rfc2459.asn1: Add id-pkix-on-dnsSRV and related oids -2006-11-28 Love Hörnquist Åstrand - +2006-11-28 Love Hörnquist Ã…strand + * Makefile.am: Add explicit depenency to LIB_roken for libasn1.la, make AIX happy. - -2006-11-27 Love Hörnquist Åstrand + +2006-11-27 Love Hörnquist Ã…strand * der_format.c (der_print_heim_oid): oid with zero length is invalid, fail to print. - -2006-11-24 Love Hörnquist Åstrand - + +2006-11-24 Love Hörnquist Ã…strand + * der_format.c (der_print_heim_oid): use delim when printing. - -2006-11-21 Love Hörnquist Åstrand - + +2006-11-21 Love Hörnquist Ã…strand + * k5.asn1: Make KRB5-PADATA-S4U2SELF pa type 129. - -2006-10-24 Love Hörnquist Åstrand + +2006-10-24 Love Hörnquist Ã…strand * asn1_err.et: add EXTRA_DATA - -2006-10-21 Love Hörnquist Åstrand + +2006-10-21 Love Hörnquist Ã…strand * check-gen.c: avoid leaking memory @@ -305,18 +321,18 @@ unaligned. * lex.l: add missing */ - + * lex.c: need %e for hpux lex -2006-10-20 Love Hörnquist Åstrand - +2006-10-20 Love Hörnquist Ã…strand + * Makefile.am: remove dups from gen_files_test, add check-timegm. - + * Makefile.am: include more test.asn1 built files * Makefile.am: More files, now for make check. - -2006-10-19 Love Hörnquist Åstrand + +2006-10-19 Love Hörnquist Ã…strand * Makefile.am: Add missing files @@ -329,17 +345,17 @@ * timegm.c: make more strict * der_locl.h: Rename timegm to _der_timegm. - -2006-10-17 Love Hörnquist Åstrand - + +2006-10-17 Love Hörnquist Ã…strand + * timegm.c: vJust fail if tm_mon is out of range for now XXXX this is wrong. - -2006-10-16 Love Hörnquist Åstrand - + +2006-10-16 Love Hörnquist Ã…strand + * Makefile.am: extra depencies on der-protos.h - -2006-10-14 Love Hörnquist Åstrand + +2006-10-14 Love Hörnquist Ã…strand * check-der.c: Prefix primitive types with der_. @@ -348,7 +364,7 @@ * heim_asn1.h: move prototype away from here. * der_format.c: Add der_parse_heim_oid - + * gen_free.c: prefix primitive types with der_ * der_copy.c: prefix primitive types with der_ @@ -368,7 +384,7 @@ * der_copy.c: rename copy_ to der_copy_ * Makefile.am: Add der-protos.h to nodist_include_HEADERS. - + * der.h: use newly built * Makefile.am: Generate der prototypes. @@ -384,29 +400,29 @@ * check-der.c: New der_print_heim_oid signature. Test der_parse_heim_oid - -2006-10-07 Love Hörnquist Åstrand - + +2006-10-07 Love Hörnquist Ã…strand + * lex.l: Grow an even larger output table size. * Makefile.am: split build files into dist_ and noinst_ SOURCES - -2006-10-04 Love Hörnquist Åstrand + +2006-10-04 Love Hörnquist Ã…strand * gen_seq.c: In generation of remove_TYPE: if you just removed the last element, you must not memmove memory beyond the array. From Andrew Bartlett - -2006-10-01 Love Hörnquist Åstrand + +2006-10-01 Love Hörnquist Ã…strand * lex.l: Grow (%p, %a, %n) tables for Solaris 10 lex. From Harald Barth. - -2006-09-24 Love Hörnquist Åstrand + +2006-09-24 Love Hörnquist Ã…strand * gen_decode.c (decode_type): drop unused variable realtype. - -2006-09-11 Love Hörnquist Åstrand + +2006-09-11 Love Hörnquist Ã…strand * Makefile.am: Add KRB5SignedPath and friends. @@ -414,12 +430,12 @@ * Makefile.am: Add new sequence generation for GeneralNames. -2006-09-07 Love Hörnquist Åstrand +2006-09-07 Love Hörnquist Ã…strand * CMS.asn1 (CMSVersion): rename versions from v0 to CMSVersion_v0, ... - -2006-09-05 Love Hörnquist Åstrand + +2006-09-05 Love Hörnquist Ã…strand * Makefile.am: Add TESTSeqOf for testing sequence generation code. @@ -446,23 +462,23 @@ TType". I'm tried of writing realloc(foo->data, sizeof(foo->data[0]) + (foo->len + 1)); Only generated for those type that is enabled by the command flag --sequence. - -2006-08-25 Love Hörnquist Åstrand + +2006-08-25 Love Hörnquist Ã…strand * digest.asn1 (DigestRequest): add authid * digest.asn1: Comment describing on how to communicate the sasl int/conf mode. - -2006-08-23 Love Hörnquist Åstrand + +2006-08-23 Love Hörnquist Ã…strand * digest.asn1: Add some missing fields needed for digest. - -2006-08-21 Love Hörnquist Åstrand + +2006-08-21 Love Hörnquist Ã…strand * digest.asn1: Tweak to make consisten and more easier to use. - -2006-07-20 Love Hörnquist Åstrand + +2006-07-20 Love Hörnquist Ã…strand * Makefile.am: Remove CMS symmetric encryption support. Add DigestProtocol. @@ -470,9 +486,9 @@ * digest.asn1: DigestProtocol * k5.asn1: Remove CMS symmetric encryption support. - -2006-06-22 Love Hörnquist Åstrand - + +2006-06-22 Love Hörnquist Ã…strand + * check-der.c (check_fail_heim_integer): disable test * der_get.c (der_get_heim_integer): revert part of previous @@ -485,58 +501,58 @@ * check-der.c: Add one check for heim_int, add checking for oid printing - -2006-06-06 Love Hörnquist Åstrand + +2006-06-06 Love Hörnquist Ã…strand * Makefile.am: Impersonation support bits (and sort) * k5.asn1: Impersonation support bits. - -2006-05-13 Love Hörnquist Åstrand + +2006-05-13 Love Hörnquist Ã…strand * der_format.c (der_parse_hex_heim_integer): avoid shadowing. - -2006-04-29 Love Hörnquist Åstrand - + +2006-04-29 Love Hörnquist Ã…strand + * Makefile.am: Add ExternalPrincipalIdentifiers, shared between several elements. * pkinit.asn1: Add ExternalPrincipalIdentifiers, shared between several elements. - -2006-04-28 Love Hörnquist Åstrand + +2006-04-28 Love Hörnquist Ã…strand * parse.y: Add missing ;'s, found by bison on a SuSE 8.2 machine. - -2006-04-26 Love Hörnquist Åstrand + +2006-04-26 Love Hörnquist Ã…strand * Makefile.am: Add definitions from RFC 3820, Proxy Certificate Profile. * rfc2459.asn1: Add definitions from RFC 3820, Proxy Certificate Profile. - -2006-04-24 Love Hörnquist Åstrand + +2006-04-24 Love Hörnquist Ã…strand * rfc2459.asn1: Add id-Userid * Makefile.am: Add UID and email * pkcs9.asn1: Add id-pkcs9-emailAddress - + * Makefile.am: Add attribute type oids from X520 and RFC 2247 DC oid * rfc2459.asn1: Add attribute type oids from X520 and RFC 2247 DC oid - -2006-04-21 Love Hörnquist Åstrand + +2006-04-21 Love Hörnquist Ã…strand * Makefile.am: add sha-1 and sha-2 * rfc2459.asn1: add sha-1 and sha-2 - -2006-04-15 Love Hörnquist Åstrand + +2006-04-15 Love Hörnquist Ã…strand * Makefile.am: Add id-pkcs1-sha256WithRSAEncryption and friends @@ -544,50 +560,50 @@ * CMS.asn1: Turn CMSRC2CBCParameter.rc2ParameterVersion into a constrained integer - -2006-04-08 Love Hörnquist Åstrand + +2006-04-08 Love Hörnquist Ã…strand * hash.c (hashtabnew): check for NULL before setting structure. Coverity, NetBSD CID#4 - -2006-03-31 Love Hörnquist Åstrand + +2006-03-31 Love Hörnquist Ã…strand * Makefile.am: gen_files_rfc2459 += asn1_ExtKeyUsage.x - + * rfc2459.asn1: Add ExtKeyUsage. * gen.c (generate_header_of_codefile): remove unused variable. - -2006-03-30 Love Hörnquist Åstrand + +2006-03-30 Love Hörnquist Ã…strand * gen.c: Put all the IMPORTed headers into the headerfile to avoid hidden depencies. - -2006-03-27 Love Hörnquist Åstrand + +2006-03-27 Love Hörnquist Ã…strand * Makefile.am: Add id-pkinit-ms-san. * pkinit.asn1: Add id-pkinit-ms-san. * k5.asn1 (PADATA-TYPE): Add KRB5-PADATA-PA-PK-OCSP-RESPONSE - -2006-03-26 Love Hörnquist Åstrand + +2006-03-26 Love Hörnquist Ã…strand * Makefile.am: Add pkinit-san. * pkinit.asn1: Rename id-pksan to id-pkinit-san - -2006-03-08 Love Hörnquist Åstrand + +2006-03-08 Love Hörnquist Ã…strand * gen.c (init_generate): Nothing in the generated files needs timegm(), so no need to provide a prototype for it. - -2006-02-13 Love Hörnquist Åstrand + +2006-02-13 Love Hörnquist Ã…strand * pkinit.asn1: paChecksum is now OPTIONAL so it can be upgraded to something better then SHA1 - -2006-01-31 Love Hörnquist Åstrand + +2006-01-31 Love Hörnquist Ã…strand * extra.c: Stub-generator now generates alloc statements for tagless ANY OPTIONAL, remove workaround. @@ -595,25 +611,25 @@ * check-gen.c: check for "tagless ANY OPTIONAL" * test.asn1: check for "tagless ANY OPTIONAL" - -2006-01-30 Love Hörnquist Åstrand + +2006-01-30 Love Hörnquist Ã…strand * der.h: UniversalString and BMPString are both implemented. * der.h: Remove , after the last element of enum. * asn1_gen.c: Spelling. - -2006-01-20 Love Hörnquist Åstrand - + +2006-01-20 Love Hörnquist Ã…strand + * der_length.c (length_heim_integer): Try handle negative length of integers better. * der_get.c (der_get_heim_integer): handle negative integers. - + * check-der.c: check heim_integer. - -2006-01-18 Love Hörnquist Åstrand + +2006-01-18 Love Hörnquist Ã…strand * Makefile.am: Its cRLReason, not cRLReasons @@ -630,8 +646,8 @@ * der_cmp.c (heim_integer_cmp): make it work with negative numbers. - -2006-01-17 Love Hörnquist Åstrand + +2006-01-17 Love Hörnquist Ã…strand * check-der.c: check that der_parse_hex_heim_integer() handles odd length numbers. @@ -639,21 +655,21 @@ * der_format.c (der_parse_hex_heim_integer): make more resiliant to errors, handle odd length numbers. -2006-01-13 Love Hörnquist Åstrand - +2006-01-13 Love Hörnquist Ã…strand + * Makefile.am: Add RSAPrivateKey - + * rfc2459.asn1: Add RSAPrivateKey. - -2006-01-05 Love Hörnquist Åstrand - + +2006-01-05 Love Hörnquist Ã…strand + * der_copy.c (copy_heim_integer): copy the negative flag - -2005-12-14 Love Hörnquist Åstrand + +2005-12-14 Love Hörnquist Ã…strand * parse.y: Drop ExceptionSpec for now, its not used. - -2005-12-06 Love Hörnquist Åstrand + +2005-12-06 Love Hörnquist Ã…strand * test.asn1: Add test string for constraints. @@ -663,71 +679,71 @@ constructed types. * parse.y: Add support for parsing part of the Constraint-s - -2005-10-29 Love Hörnquist Åstrand - + +2005-10-29 Love Hörnquist Ã…strand + * Makefile.am: Add some X9.57 (DSA) oids, sort lines * rfc2459.asn1: Add some X9.57 (DSA) oids. - -2005-10-07 Love Hörnquist Åstrand + +2005-10-07 Love Hörnquist Ã…strand * Makefile.am: Remove pk-init-19 support. - + * pkinit.asn1: Fix comment - + * check-der.c: Add tests for parse and print functions for heim_integer. * Makefile.am: Add parse and print functions for heim_integer. - + * der_format.c: Add parse and print functions for heim_integer. * der.h: Add parse and print functions for heim_integer. - -2005-09-22 Love Hörnquist Åstrand + +2005-09-22 Love Hörnquist Ã…strand * Makefile.am (gen_files_rfc2459) += asn1_DHPublicKey.x - + * rfc2459.asn1: Add DHPublicKey, and INTEGER to for storing the DH public key in the SubjectPublicKeyInfo.subjectPublicKey BIT STRING. - -2005-09-20 Love Hörnquist Åstrand + +2005-09-20 Love Hörnquist Ã…strand * gen_decode.c: TSequenceOf/TSetOf: Increase the length of the array after successful decoding the next element, so that the array don't contain heap-data. - -2005-09-13 Love Hörnquist Åstrand + +2005-09-13 Love Hörnquist Ã…strand * check-der.c: Avoid empty array initiators. - + * pkcs8.asn1 (PKCS8PrivateKeyInfo): Inline SET OF to avoid compiler "feature" - + * check-common.c: Avoid signedness warnings. - + * check-common.h: Makes bytes native platform signed to avoid casting everywhere - + * check-der.c: Don't depend on malloc(very-very-larger-value) will fail. Cast to unsigned long before printing size_t. - + * check-gen.c: Don't depend on malloc(very-very-larger-value) will fail. - + * check-gen.c: Fix signedness warnings. - + * lex.l: unput() have to hanppen in actions for flex 2.5.31, can do them in user code sesction, so move up handle_comment and handle_string into action, not much sharing was done anyway. - -2005-09-09 Love Hörnquist Åstrand + +2005-09-09 Love Hörnquist Ã…strand * check-der.c (test_one_int): len and len_len is size_t -2005-08-23 Love Hörnquist Åstrand +2005-08-23 Love Hörnquist Ã…strand * gen_encode.c: Change name of oldret for each instance its used to avoid shadow warning. From: Stefan Metzmacher @@ -740,61 +756,61 @@ * gen_decode.c: Change name of oldret for each instance its used to avoid shadow warning. From: Stefan Metzmacher . - + * parse.y: Const poision yyerror. * gen.c: Const poision. - -2005-08-22 Love Hörnquist Åstrand + +2005-08-22 Love Hörnquist Ã…strand * k5.asn1: Add KRB5-PADATA-PK-AS-09-BINDING, client send this (with an empty pa-data.padata-value) to tell the KDC that the client support the binding the PA-REP to the AS-REQ packet. This is to fix the problem lack of binding the AS-REQ to the PK-AS-REP in pre PK-INIT-27. The nonce is replaced with a asCheckSum. - -2005-08-11 Love Hörnquist Åstrand + +2005-08-11 Love Hörnquist Ã…strand * canthandle.asn1: Allocation is done on CONTEXT tags. * asn1_gen.c: rename optind to optidx to avoid shadow warnings -2005-07-28 Love Hörnquist Åstrand +2005-07-28 Love Hörnquist Ã…strand * rfc2459.asn1: add id-rsadsi-rc2-cbc * Makefile.am: add another oid for rc2 -2005-07-27 Love Hörnquist Åstrand +2005-07-27 Love Hörnquist Ã…strand * check-der.c: Make variable initiation constant by moving them to global context * check-gen.c: change to c89 comment -2005-07-27 Love Hörnquist Åstrand +2005-07-27 Love Hörnquist Ã…strand * Makefile.am: remove duplicate asn1_CMSAttributes.x -2005-07-26 Love Hörnquist Åstrand +2005-07-26 Love Hörnquist Ã…strand * asn1_print.c: rename optind to optidx * Makefile.am: Update to pkinit-27 * pkinit.asn1: Update to pkinit-27 - -2005-07-25 Love Hörnquist Åstrand + +2005-07-25 Love Hörnquist Ã…strand * check-der.c: make it work for non c99 compilers too - + * check-der.c: start testing BIT STRING * der_cmp.c (heim_bit_string_cmp): try handle corner cases better - + * gen_free.c (free_type): free bignum integers -2005-07-23 Love Hörnquist Åstrand +2005-07-23 Love Hörnquist Ã…strand * Makefile.am: add PKCS12-OctetString @@ -807,24 +823,24 @@ * CMS.asn1: handle IMPLICIT and share some common structures -2005-07-21 Love Hörnquist Åstrand +2005-07-21 Love Hörnquist Ã…strand * rfc2459.asn1: Include enough workarounds that this even might work. * check-gen.c: Two implicit tests, one with all structures inlined - + * test.asn1: fix workaround for IMPLICIT CONS case - + * canthandle.asn1: fix workaround for IMPLICIT CONS case - + * asn1_print.c: hint that there are IMPLICIT content when we find it * check-gen.c: Added #ifdef out test for IMPLICIT tagging. * Makefile.am: test several IMPLICIT tag level deep - + * test.asn1: test several IMPLICIT tag level deep * test.asn1: tests for IMPLICIT @@ -837,7 +853,7 @@ * rfc2459.asn1: some of the structure are in the IMPLICIT TAGS module -2005-07-19 Love Hörnquist Åstrand +2005-07-19 Love Hörnquist Ã…strand * asn1_print.c: print size_t by casting to unsigned long and use right printf format tags are unsigned integers @@ -869,7 +885,7 @@ * gen_decode.c (find_tag): Fix return in TType case. -2005-07-13 Love Hörnquist Åstrand +2005-07-13 Love Hörnquist Ã…strand * gen_encode.c (TChoice): add () to make sure variable expression is evaluated correctly @@ -880,7 +896,7 @@ * k5.asn1: reapply 1.43 that got lost in the merge: rename pvno to krb5-pvno -2005-07-12 Love Hörnquist Åstrand +2005-07-12 Love Hörnquist Ã…strand * gen_decode.c (decode_type): TChoice: set the label @@ -931,7 +947,7 @@ Make sure that malloc(0) returning NULL is not treated as an error. -2005-07-10 Love Hörnquist Åstrand +2005-07-10 Love Hörnquist Ã…strand * check-gen.c: test cases for CHOICE, its too liberal right now, it don't fail hard on failure on after it successfully decoded the @@ -958,7 +974,7 @@ * der.h: Add class/type/tag string<->num converter. Prototypes/structures for new time bits. -2005-07-09 Love Hörnquist Åstrand +2005-07-09 Love Hörnquist Ã…strand * der_get.c (der_get_unsigned) check for length overflow (der_get_integer) ditto @@ -979,13 +995,13 @@ * check-common.c (map_alloc): make input buffer const (generic_decode_fail): verify decoding failures -2005-07-05 Love Hörnquist Åstrand +2005-07-05 Love Hörnquist Ã…strand * gen_encode.c: split up the printf for SET OF, also use the generate name for the symbol in the SET OF, if not, the name might contain non valid variable name characters (like -) -2005-07-04 Love Hörnquist Åstrand +2005-07-04 Love Hörnquist Ã…strand * Makefile.am: move pkcs12 defines into their own namespace @@ -1004,7 +1020,7 @@ * gen_decode.c: use less context so lower indentention level, add missing {} where needed -2005-07-02 Love Hörnquist Åstrand +2005-07-02 Love Hörnquist Ã…strand * gen_copy.c: Use a global variable to keep track of if the 'goto fail' was used, and use that to only generate the label if needed. @@ -1017,7 +1033,7 @@ (missing EndOfContent tag) add (negative) indent flag to speed up testing -2005-07-01 Love Hörnquist Åstrand +2005-07-01 Love Hörnquist Ã…strand * canthandle.asn1: Can't handle primitives in CHOICE @@ -1028,12 +1044,12 @@ * gen_decode.c: Check if malloc failes, rename "reallen" to tagdatalen since that is what it is. -2005-05-29 Love Hörnquist Åstrand +2005-05-29 Love Hörnquist Ã…strand * prefix Der_class with ASN1_C_ to avoid problems with system headerfiles that pollute the name space -2005-05-20 Love Hörnquist Åstrand +2005-05-20 Love Hörnquist Ã…strand * pkcs12.asn1: add PKCS12CertBag @@ -1047,16 +1063,16 @@ * Makefile.am: add PKCS12Attributes -2005-05-10 Love Hörnquist Åstrand +2005-05-10 Love Hörnquist Ã…strand * canthandle.asn1: fix tags in example -2005-05-02 Love Hörnquist Åstrand +2005-05-02 Love Hörnquist Ã…strand * pkinit.asn1: Let the Windows nonce be an int32 (signed), if not it will fail when using Windows PK-INIT. -2005-05-01 Love Hörnquist Åstrand +2005-05-01 Love Hörnquist Ã…strand * Makefile.am: add pkcs12-PBEParams @@ -1064,14 +1080,14 @@ * parse.y: objid_element: exit when the condition fails -2005-04-26 Love Hörnquist Åstrand +2005-04-26 Love Hörnquist Ã…strand * gen_glue.c: 1.8: switch the units variable to a function. gcc-4.1 needs the size of the structure if its defined as extern struct units foo_units[] an we don't want to include in the generate headerfile -2005-03-20 Love Hörnquist Åstrand +2005-03-20 Love Hörnquist Ã…strand * Makefile.am: add the des-ede3-cbc oid that ansi x9.52 uses @@ -1081,23 +1097,23 @@ * rfc2459.asn1: add oids now when the compiler can handle them -2005-03-19 Love Hörnquist Åstrand +2005-03-19 Love Hörnquist Ã…strand * Makefile.am: add pkcs9 files * pkcs9.asn1: add small number of oids from pkcs9 -2005-03-14 Love Hörnquist Åstrand +2005-03-14 Love Hörnquist Ã…strand * Makefile.am: add a bunch of pkcs1/pkcs2/pkcs3/aes oids * rfc2459.asn1: add a bunch of pkcs1/pkcs2/pkcs3/aes oids -2005-03-10 Love Hörnquist Åstrand +2005-03-10 Love Hörnquist Ã…strand * k5.asn1: merge pa-numbers -2005-03-09 Love Hörnquist Åstrand +2005-03-09 Love Hörnquist Ã…strand * Makefile.am: add oid's @@ -1109,7 +1125,7 @@ * CMS.asn1: add pkcs7 oids -2005-03-08 Love Hörnquist Åstrand +2005-03-08 Love Hörnquist Ã…strand * gen.c (generate_header_of_codefile): break out the header section generation @@ -1120,12 +1136,12 @@ * parse.y: handle OBJECT IDENTIFIER as value construct -2005-02-24 Love Hörnquist Åstrand +2005-02-24 Love Hörnquist Ã…strand * Preserve content of CHOICE element that is unknown if ellipsis was used when defining the structure -2005-02-13 Love Hörnquist Åstrand +2005-02-13 Love Hörnquist Ã…strand * parse.y: use ANS1_TAILQ macros @@ -1134,43 +1150,43 @@ * asn1_queue.h: inline bsd sys/queue.h and rename TAILQ to ASN1_TAILQ to avoid problems with name polluting headerfiles -2005-01-19 Love Hörnquist Åstrand +2005-01-19 Love Hörnquist Ã…strand * gen.c: pull in -2005-01-10 Love Hörnquist Åstrand +2005-01-10 Love Hörnquist Ã…strand * Add BMPString and UniversalString * k5.asn1 (EtypeList): make INTEGER constrained (use krb5int32) -2005-01-07 Love Hörnquist Åstrand +2005-01-07 Love Hörnquist Ã…strand * rfc2459.asn1: add GeneralNames -2004-11-21 Love Hörnquist Åstrand +2004-11-21 Love Hörnquist Ã…strand * gen.c: use unsigned integer for len of SequenceOf/SetOf and bitstring names -2004-11-10 Love Hörnquist Åstrand +2004-11-10 Love Hörnquist Ã…strand * Makefile.am: switch to krb5int32 and krb5uint32 * Unify that three integer types TInteger TUInteger and TBigInteger. Start to use constrained integers where appropriate. -2004-10-13 Love Hörnquist Åstrand +2004-10-13 Love Hörnquist Ã…strand * CMS.asn1: remove no longer used commented out elements * gen_glue.c: make units structures const -2004-10-12 Love Hörnquist Åstrand +2004-10-12 Love Hörnquist Ã…strand * lex.l: handle hex number with [a-fA-F] in them -2004-10-07 Love Hörnquist Åstrand +2004-10-07 Love Hörnquist Ã…strand * gen_free.c: free _save for CHOICE too @@ -1187,7 +1203,7 @@ name is CMSIdentifier and add glue for that so we can share code use Name and not heim_any -2004-10-03 Love Hörnquist Åstrand +2004-10-03 Love Hörnquist Ã…strand * Makefile.am: drop AlgorithmIdentifierNonOpt add {RC2CBC,}CBCParameter here where they belong @@ -1199,7 +1215,7 @@ * rfc2459.asn1: stop using AlgorithmIdentifierNonOpt hint that we really want to use Name and some MS stuff -2004-09-05 Love Hörnquist Åstrand +2004-09-05 Love Hörnquist Ã…strand * asn1_print.c: handle end of content, this is part BER support, however, OCTET STRING need some tweeking too. @@ -1244,7 +1260,7 @@ * CMS.asn1: add EncryptedData -2004-08-26 Love Hörnquist Åstrand +2004-08-26 Love Hörnquist Ã…strand * gen_decode.c (decode_type): if the entry is already optional when parsing a tag and we allocate the structure, not pass down @@ -1252,12 +1268,12 @@ allocate an entry. and we'll leak an entry. Bug from Luke Howard . While here, use calloc. -2004-04-29 Love Hörnquist Åstrand +2004-04-29 Love Hörnquist Ã…strand * k5.asn1: shift the last added etypes one step so rc2 doesn't stomp on cram-md5 -2004-04-26 Love Hörnquist Åstrand +2004-04-26 Love Hörnquist Ã…strand * k5.asn1: add ETYPE_AESNNN_CBC_NONE @@ -1266,17 +1282,17 @@ * k5.asn1: add CMS symmetrical parameters here, more nametypes enctype rc2-cbc -2004-04-25 Love Hörnquist Åstrand +2004-04-25 Love Hörnquist Ã…strand * gen_decode.c: free data on decode failure -2004-04-24 Love Hörnquist Åstrand +2004-04-24 Love Hörnquist Ã…strand * Makefile.am: add CBCParameter and RC2CBCParameter * CMS.asn1: add CBCParameter and RC2CBCParameter -2004-04-20 Love Hörnquist Åstrand +2004-04-20 Love Hörnquist Ã…strand * check-der.c: add simple test for oid's, used to trigger malloc bugs in you have picky malloc (like valgrind/purify/third) @@ -1285,7 +1301,7 @@ then 127 and allocate one extra element since first byte is split to to elements. -2004-04-16 Love Hörnquist Åstrand +2004-04-16 Love Hörnquist Ã…strand * canthandle.asn1: one thing handled @@ -1295,7 +1311,7 @@ an unsigned, do the length counting here. ("unsigned" is zero padded when most significate bit is set, length is not) -2004-04-12 Love Hörnquist Åstrand +2004-04-12 Love Hörnquist Ã…strand * canthandle.asn1: document by example what the encoder can't handle right now @@ -1344,7 +1360,7 @@ * der.h: hide away more symbols, add more _cmp functions -2004-03-06 Love Hörnquist Åstrand +2004-03-06 Love Hörnquist Ã…strand * Makefile.am: add more pkix types make k5 use rfc150 bitstrings, everything else use der bitstrings @@ -1365,7 +1381,7 @@ * rfc2459.asn1: add Certificates and KeyUsage -2004-02-22 Love Hörnquist Åstrand +2004-02-22 Love Hörnquist Ã…strand * pkinit.asn1: use Name from PKIX @@ -1398,7 +1414,7 @@ * gen_length.c: 1.14: (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the last element. -2004-02-20 Love Hörnquist Åstrand +2004-02-20 Love Hörnquist Ã…strand * rfc2459.asn1: include defintion of Name @@ -1410,7 +1426,7 @@ * Makefile.am: align with pk-init-18, move contentinfo to cms -2004-02-17 Love Hörnquist Åstrand +2004-02-17 Love Hörnquist Ã…strand * der_get.c: rewrite previous commit @@ -1461,17 +1477,17 @@ * asn1-common.h: add signedness flag to heim_integer, add ia5string and printablestring -2004-02-13 Love Hörnquist Åstrand +2004-02-13 Love Hörnquist Ã…strand * rfc2459.asn1: use BIGINTEGER where appropriate * setchgpw2.asn1: spelling and add op-req again -2004-02-12 Love Hörnquist Åstrand +2004-02-12 Love Hörnquist Ã…strand * Makefile.am: clean up better -2004-02-11 Love Hörnquist Åstrand +2004-02-11 Love Hörnquist Ã…strand * gen_decode.c (decode_type): TTag, don't overshare the reallen variable @@ -1480,7 +1496,7 @@ * gen.c: genereate log file name based on base name -2003-11-26 Love Hörnquist Åstrand +2003-11-26 Love Hörnquist Ã…strand * Makefile.am: += asn1_AlgorithmIdentifierNonOpt.x @@ -1491,7 +1507,7 @@ * pkinit.asn1: don't import AlgorithmIdentifier -2003-11-25 Love Hörnquist Åstrand +2003-11-25 Love Hörnquist Ã…strand * der_put.c (der_put_bit_string): make it work somewhat better (should really prune off all trailing zeros) @@ -1501,7 +1517,7 @@ * der_length.c (length_bit_string): calculate right length for bitstrings -2003-11-24 Love Hörnquist Åstrand +2003-11-24 Love Hörnquist Ã…strand * der_cmp.c (oid_cmp): compare the whole array, not just length/sizeof(component) @@ -1524,11 +1540,11 @@ * asn1_print.c: check end of tag_names loop into APPL class tags -2003-11-23 Love Hörnquist Åstrand +2003-11-23 Love Hörnquist Ã…strand * der_put.c (der_put_generalized_time): check size, not *size -2003-11-11 Love Hörnquist Åstrand +2003-11-11 Love Hörnquist Ã…strand * gen_decode.c (decode_type/TBitString): skip over skipped-bits-in-last-octet octet @@ -1536,7 +1552,7 @@ * gen_glue.c (generate_units): generate units in reverse order to keep unparse_units happy -2003-11-08 Love Hörnquist Åstrand +2003-11-08 Love Hörnquist Ã…strand * Makefile.am: generate all silly pkinit files @@ -1592,7 +1608,7 @@ * pkinit.asn1: add KdcDHKeyInfo-Win2k -2003-11-07 Love Hörnquist Åstrand +2003-11-07 Love Hörnquist Ã…strand * der_copy.c (copy_oid): copy all components @@ -1612,29 +1628,29 @@ steping out in the void, parse SET, only go down CONTEXT of type CONS (not PRIM) -2003-09-17 Love Hörnquist Åstrand +2003-09-17 Love Hörnquist Ã…strand * gen_encode.c (TChoice, TSequence): code element in reverse order... -2003-09-16 Love Hörnquist Åstrand +2003-09-16 Love Hörnquist Ã…strand * gen.c: store NULL's as int's for now * parse.y: remove dup of type def of UsefulType -2003-09-11 Love Hörnquist Åstrand +2003-09-11 Love Hörnquist Ã…strand * gen_decode.c (decode_type): if malloc failes, return ENOMEM -2003-09-10 Love Hörnquist Åstrand +2003-09-10 Love Hörnquist Ã…strand * parse.y: kw_UTF8String is a token put tag around the OID * asn1_print.c (UT_Integer): when the integer is larger then int can handle, just print BIG INT and its size -2003-09-10 Love Hörnquist Åstrand +2003-09-10 Love Hörnquist Ã…strand * gen_decode.c (decode_type): TTag, try to generate prettier code in the non optional case, also remember to update length diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am index af300f0679c..47158b88aa4 100644 --- a/crypto/heimdal/lib/asn1/Makefile.am +++ b/crypto/heimdal/lib/asn1/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 22445 2008-01-14 21:23:36Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -7,456 +7,62 @@ YFLAGS = -d -t lib_LTLIBRARIES = libasn1.la libasn1_la_LDFLAGS = -version-info 8:0:0 +noinst_LTLIBRARIES = libasn1base.la + +if versionscript +libasn1_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif + + libasn1_la_LIBADD = \ + libasn1base.la \ @LIB_com_err@ \ $(LIBADD_roken) BUILT_SOURCES = \ $(gen_files_rfc2459:.x=.c) \ $(gen_files_cms:.x=.c) \ - $(gen_files_k5:.x=.c) \ + $(gen_files_krb5:.x=.c) \ $(gen_files_pkinit:.x=.c) \ $(gen_files_pkcs8:.x=.c) \ $(gen_files_pkcs9:.x=.c) \ $(gen_files_pkcs12:.x=.c) \ $(gen_files_digest:.x=.c) \ - $(gen_files_kx509:.x=.c) \ - asn1_err.h \ - asn1_err.c + $(gen_files_kx509:.x=.c) -gen_files_k5 = \ - asn1_AD_AND_OR.x \ - asn1_AD_IF_RELEVANT.x \ - asn1_AD_KDCIssued.x \ - asn1_AD_MANDATORY_FOR_KDC.x \ - asn1_AD_LoginAlias.x \ - asn1_APOptions.x \ - asn1_AP_REP.x \ - asn1_AP_REQ.x \ - asn1_AS_REP.x \ - asn1_AS_REQ.x \ - asn1_AUTHDATA_TYPE.x \ - asn1_Authenticator.x \ - asn1_AuthorizationData.x \ - asn1_AuthorizationDataElement.x \ - asn1_CKSUMTYPE.x \ - asn1_ChangePasswdDataMS.x \ - asn1_Checksum.x \ - asn1_ENCTYPE.x \ - asn1_ETYPE_INFO.x \ - asn1_ETYPE_INFO2.x \ - asn1_ETYPE_INFO2_ENTRY.x \ - asn1_ETYPE_INFO_ENTRY.x \ - asn1_EncAPRepPart.x \ - asn1_EncASRepPart.x \ - asn1_EncKDCRepPart.x \ - asn1_EncKrbCredPart.x \ - asn1_EncKrbPrivPart.x \ - asn1_EncTGSRepPart.x \ - asn1_EncTicketPart.x \ - asn1_EncryptedData.x \ - asn1_EncryptionKey.x \ - asn1_EtypeList.x \ - asn1_HostAddress.x \ - asn1_HostAddresses.x \ - asn1_KDCOptions.x \ - asn1_KDC_REP.x \ - asn1_KDC_REQ.x \ - asn1_KDC_REQ_BODY.x \ - asn1_KRB_CRED.x \ - asn1_KRB_ERROR.x \ - asn1_KRB_PRIV.x \ - asn1_KRB_SAFE.x \ - asn1_KRB_SAFE_BODY.x \ - asn1_KerberosString.x \ - asn1_KerberosTime.x \ - asn1_KrbCredInfo.x \ - asn1_LR_TYPE.x \ - asn1_LastReq.x \ - asn1_MESSAGE_TYPE.x \ - asn1_METHOD_DATA.x \ - asn1_NAME_TYPE.x \ - asn1_PADATA_TYPE.x \ - asn1_PA_DATA.x \ - asn1_PA_ENC_SAM_RESPONSE_ENC.x \ - asn1_PA_ENC_TS_ENC.x \ - asn1_PA_PAC_REQUEST.x \ - asn1_PA_S4U2Self.x \ - asn1_PA_SAM_CHALLENGE_2.x \ - asn1_PA_SAM_CHALLENGE_2_BODY.x \ - asn1_PA_SAM_REDIRECT.x \ - asn1_PA_SAM_RESPONSE_2.x \ - asn1_PA_SAM_TYPE.x \ - asn1_PA_ClientCanonicalized.x \ - asn1_PA_ClientCanonicalizedNames.x \ - asn1_PA_SvrReferralData.x \ - asn1_PROV_SRV_LOCATION.x \ - asn1_Principal.x \ - asn1_PrincipalName.x \ - asn1_Realm.x \ - asn1_SAMFlags.x \ - asn1_TGS_REP.x \ - asn1_TGS_REQ.x \ - asn1_TYPED_DATA.x \ - asn1_Ticket.x \ - asn1_TicketFlags.x \ - asn1_TransitedEncoding.x \ - asn1_TypedData.x \ - asn1_krb5int32.x \ - asn1_krb5uint32.x \ - asn1_KRB5SignedPathData.x \ - asn1_KRB5SignedPathPrincipals.x \ - asn1_KRB5SignedPath.x +gen_files_krb5 = asn1_krb5_asn1.x +gen_files_cms = asn1_cms_asn1.x +gen_files_rfc2459 = asn1_rfc2459_asn1.x +gen_files_pkinit = asn1_pkinit_asn1.x +gen_files_pkcs12 = asn1_pkcs12_asn1.x +gen_files_pkcs8 = asn1_pkcs8_asn1.x +gen_files_pkcs9 = asn1_pkcs9_asn1.x +gen_files_test = asn1_test_asn1.x +gen_files_digest = asn1_digest_asn1.x +gen_files_kx509 = asn1_kx509_asn1.x -gen_files_cms = \ - asn1_CMSAttributes.x \ - asn1_CMSCBCParameter.x \ - asn1_CMSEncryptedData.x \ - asn1_CMSIdentifier.x \ - asn1_CMSRC2CBCParameter.x \ - asn1_CMSVersion.x \ - asn1_CertificateList.x \ - asn1_CertificateRevocationLists.x \ - asn1_CertificateSet.x \ - asn1_ContentEncryptionAlgorithmIdentifier.x \ - asn1_ContentInfo.x \ - asn1_ContentType.x \ - asn1_DigestAlgorithmIdentifier.x \ - asn1_DigestAlgorithmIdentifiers.x \ - asn1_EncapsulatedContentInfo.x \ - asn1_EncryptedContent.x \ - asn1_EncryptedContentInfo.x \ - asn1_EncryptedKey.x \ - asn1_EnvelopedData.x \ - asn1_IssuerAndSerialNumber.x \ - asn1_KeyEncryptionAlgorithmIdentifier.x \ - asn1_KeyTransRecipientInfo.x \ - asn1_MessageDigest.x \ - asn1_OriginatorInfo.x \ - asn1_RecipientIdentifier.x \ - asn1_RecipientInfo.x \ - asn1_RecipientInfos.x \ - asn1_SignatureAlgorithmIdentifier.x \ - asn1_SignatureValue.x \ - asn1_SignedData.x \ - asn1_SignerIdentifier.x \ - asn1_SignerInfo.x \ - asn1_SignerInfos.x \ - asn1_id_pkcs7.x \ - asn1_id_pkcs7_data.x \ - asn1_id_pkcs7_digestedData.x \ - asn1_id_pkcs7_encryptedData.x \ - asn1_id_pkcs7_envelopedData.x \ - asn1_id_pkcs7_signedAndEnvelopedData.x \ - asn1_id_pkcs7_signedData.x \ - asn1_UnprotectedAttributes.x +noinst_PROGRAMS = asn1_gen -gen_files_rfc2459 = \ - asn1_Version.x \ - asn1_id_pkcs_1.x \ - asn1_id_pkcs1_rsaEncryption.x \ - asn1_id_pkcs1_md2WithRSAEncryption.x \ - asn1_id_pkcs1_md5WithRSAEncryption.x \ - asn1_id_pkcs1_sha1WithRSAEncryption.x \ - asn1_id_pkcs1_sha256WithRSAEncryption.x \ - asn1_id_pkcs1_sha384WithRSAEncryption.x \ - asn1_id_pkcs1_sha512WithRSAEncryption.x \ - asn1_id_heim_rsa_pkcs1_x509.x \ - asn1_id_pkcs_2.x \ - asn1_id_pkcs2_md2.x \ - asn1_id_pkcs2_md4.x \ - asn1_id_pkcs2_md5.x \ - asn1_id_rsa_digestAlgorithm.x \ - asn1_id_rsa_digest_md2.x \ - asn1_id_rsa_digest_md4.x \ - asn1_id_rsa_digest_md5.x \ - asn1_id_pkcs_3.x \ - asn1_id_pkcs3_rc2_cbc.x \ - asn1_id_pkcs3_rc4.x \ - asn1_id_pkcs3_des_ede3_cbc.x \ - asn1_id_rsadsi_encalg.x \ - asn1_id_rsadsi_rc2_cbc.x \ - asn1_id_rsadsi_des_ede3_cbc.x \ - asn1_id_secsig_sha_1.x \ - asn1_id_nistAlgorithm.x \ - asn1_id_nist_aes_algs.x \ - asn1_id_aes_128_cbc.x \ - asn1_id_aes_192_cbc.x \ - asn1_id_aes_256_cbc.x \ - asn1_id_nist_sha_algs.x \ - asn1_id_sha256.x \ - asn1_id_sha224.x \ - asn1_id_sha384.x \ - asn1_id_sha512.x \ - asn1_id_dhpublicnumber.x \ - asn1_id_x9_57.x \ - asn1_id_dsa.x \ - asn1_id_dsa_with_sha1.x \ - asn1_id_x520_at.x \ - asn1_id_at_commonName.x \ - asn1_id_at_surname.x \ - asn1_id_at_serialNumber.x \ - asn1_id_at_countryName.x \ - asn1_id_at_localityName.x \ - asn1_id_at_streetAddress.x \ - asn1_id_at_stateOrProvinceName.x \ - asn1_id_at_organizationName.x \ - asn1_id_at_organizationalUnitName.x \ - asn1_id_at_name.x \ - asn1_id_at_givenName.x \ - asn1_id_at_initials.x \ - asn1_id_at_generationQualifier.x \ - asn1_id_at_pseudonym.x \ - asn1_id_Userid.x \ - asn1_id_domainComponent.x \ - asn1_id_x509_ce.x \ - asn1_id_uspkicommon_card_id.x \ - asn1_id_uspkicommon_piv_interim.x \ - asn1_id_netscape.x \ - asn1_id_netscape_cert_comment.x \ - asn1_id_ms_cert_enroll_domaincontroller.x \ - asn1_id_ms_client_authentication.x \ - asn1_AlgorithmIdentifier.x \ - asn1_AttributeType.x \ - asn1_AttributeValue.x \ - asn1_TeletexStringx.x \ - asn1_DirectoryString.x \ - asn1_Attribute.x \ - asn1_AttributeTypeAndValue.x \ - asn1_AuthorityInfoAccessSyntax.x \ - asn1_AccessDescription.x \ - asn1_RelativeDistinguishedName.x \ - asn1_RDNSequence.x \ - asn1_Name.x \ - asn1_CertificateSerialNumber.x \ - asn1_Time.x \ - asn1_Validity.x \ - asn1_UniqueIdentifier.x \ - asn1_SubjectPublicKeyInfo.x \ - asn1_Extension.x \ - asn1_Extensions.x \ - asn1_TBSCertificate.x \ - asn1_Certificate.x \ - asn1_Certificates.x \ - asn1_ValidationParms.x \ - asn1_DomainParameters.x \ - asn1_DHPublicKey.x \ - asn1_OtherName.x \ - asn1_GeneralName.x \ - asn1_GeneralNames.x \ - asn1_id_x509_ce_keyUsage.x \ - asn1_KeyUsage.x \ - asn1_id_x509_ce_authorityKeyIdentifier.x \ - asn1_KeyIdentifier.x \ - asn1_AuthorityKeyIdentifier.x \ - asn1_id_x509_ce_subjectKeyIdentifier.x \ - asn1_SubjectKeyIdentifier.x \ - asn1_id_x509_ce_basicConstraints.x \ - asn1_BasicConstraints.x \ - asn1_id_x509_ce_nameConstraints.x \ - asn1_BaseDistance.x \ - asn1_GeneralSubtree.x \ - asn1_GeneralSubtrees.x \ - asn1_NameConstraints.x \ - asn1_id_x509_ce_privateKeyUsagePeriod.x \ - asn1_id_x509_ce_certificatePolicies.x \ - asn1_id_x509_ce_policyMappings.x \ - asn1_id_x509_ce_subjectAltName.x \ - asn1_id_x509_ce_issuerAltName.x \ - asn1_id_x509_ce_subjectDirectoryAttributes.x \ - asn1_id_x509_ce_policyConstraints.x \ - asn1_id_x509_ce_extKeyUsage.x \ - asn1_ExtKeyUsage.x \ - asn1_id_x509_ce_cRLDistributionPoints.x \ - asn1_id_x509_ce_deltaCRLIndicator.x \ - asn1_id_x509_ce_issuingDistributionPoint.x \ - asn1_id_x509_ce_holdInstructionCode.x \ - asn1_id_x509_ce_invalidityDate.x \ - asn1_id_x509_ce_certificateIssuer.x \ - asn1_id_x509_ce_inhibitAnyPolicy.x \ - asn1_DistributionPointReasonFlags.x \ - asn1_DistributionPointName.x \ - asn1_DistributionPoint.x \ - asn1_CRLDistributionPoints.x \ - asn1_DSASigValue.x \ - asn1_DSAPublicKey.x \ - asn1_DSAParams.x \ - asn1_RSAPublicKey.x \ - asn1_RSAPrivateKey.x \ - asn1_DigestInfo.x \ - asn1_TBSCRLCertList.x \ - asn1_CRLCertificateList.x \ - asn1_id_x509_ce_cRLNumber.x \ - asn1_id_x509_ce_freshestCRL.x \ - asn1_id_x509_ce_cRLReason.x \ - asn1_CRLReason.x \ - asn1_PKIXXmppAddr.x \ - asn1_id_pkix.x \ - asn1_id_pkix_on.x \ - asn1_id_pkix_on_dnsSRV.x \ - asn1_id_pkix_on_xmppAddr.x \ - asn1_id_pkix_kp.x \ - asn1_id_pkix_kp_serverAuth.x \ - asn1_id_pkix_kp_clientAuth.x \ - asn1_id_pkix_kp_emailProtection.x \ - asn1_id_pkix_kp_timeStamping.x \ - asn1_id_pkix_kp_OCSPSigning.x \ - asn1_id_pkix_pe.x \ - asn1_id_pkix_pe_authorityInfoAccess.x \ - asn1_id_pkix_pe_proxyCertInfo.x \ - asn1_id_pkix_ppl.x \ - asn1_id_pkix_ppl_anyLanguage.x \ - asn1_id_pkix_ppl_inheritAll.x \ - asn1_id_pkix_ppl_independent.x \ - asn1_ProxyPolicy.x \ - asn1_ProxyCertInfo.x +libexec_heimdal_PROGRAMS = asn1_compile asn1_print -gen_files_pkinit = \ - asn1_id_pkinit.x \ - asn1_id_pkauthdata.x \ - asn1_id_pkdhkeydata.x \ - asn1_id_pkrkeydata.x \ - asn1_id_pkekuoid.x \ - asn1_id_pkkdcekuoid.x \ - asn1_id_pkinit_san.x \ - asn1_id_pkinit_ms_eku.x \ - asn1_id_pkinit_ms_san.x \ - asn1_MS_UPN_SAN.x \ - asn1_DHNonce.x \ - asn1_KDFAlgorithmId.x \ - asn1_TrustedCA.x \ - asn1_ExternalPrincipalIdentifier.x \ - asn1_ExternalPrincipalIdentifiers.x \ - asn1_PA_PK_AS_REQ.x \ - asn1_PKAuthenticator.x \ - asn1_AuthPack.x \ - asn1_TD_TRUSTED_CERTIFIERS.x \ - asn1_TD_INVALID_CERTIFICATES.x \ - asn1_KRB5PrincipalName.x \ - asn1_AD_INITIAL_VERIFIED_CAS.x \ - asn1_DHRepInfo.x \ - asn1_PA_PK_AS_REP.x \ - asn1_KDCDHKeyInfo.x \ - asn1_ReplyKeyPack.x \ - asn1_TD_DH_PARAMETERS.x \ - asn1_PKAuthenticator_Win2k.x \ - asn1_AuthPack_Win2k.x \ - asn1_TrustedCA_Win2k.x \ - asn1_PA_PK_AS_REQ_Win2k.x \ - asn1_PA_PK_AS_REP_Win2k.x \ - asn1_KDCDHKeyInfo_Win2k.x \ - asn1_ReplyKeyPack_Win2k.x \ - asn1_PkinitSuppPubInfo.x - -gen_files_pkcs12 = \ - asn1_id_pkcs_12.x \ - asn1_id_pkcs_12PbeIds.x \ - asn1_id_pbeWithSHAAnd128BitRC4.x \ - asn1_id_pbeWithSHAAnd40BitRC4.x \ - asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \ - asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \ - asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \ - asn1_id_pbewithSHAAnd40BitRC2_CBC.x \ - asn1_id_pkcs12_bagtypes.x \ - asn1_id_pkcs12_keyBag.x \ - asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \ - asn1_id_pkcs12_certBag.x \ - asn1_id_pkcs12_crlBag.x \ - asn1_id_pkcs12_secretBag.x \ - asn1_id_pkcs12_safeContentsBag.x \ - asn1_PKCS12_MacData.x \ - asn1_PKCS12_PFX.x \ - asn1_PKCS12_AuthenticatedSafe.x \ - asn1_PKCS12_CertBag.x \ - asn1_PKCS12_Attribute.x \ - asn1_PKCS12_Attributes.x \ - asn1_PKCS12_SafeBag.x \ - asn1_PKCS12_SafeContents.x \ - asn1_PKCS12_OctetString.x \ - asn1_PKCS12_PBEParams.x - -gen_files_pkcs8 = \ - asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \ - asn1_PKCS8PrivateKey.x \ - asn1_PKCS8PrivateKeyInfo.x \ - asn1_PKCS8Attributes.x \ - asn1_PKCS8EncryptedPrivateKeyInfo.x \ - asn1_PKCS8EncryptedData.x - -gen_files_pkcs9 = \ - asn1_id_pkcs_9.x \ - asn1_id_pkcs9_contentType.x \ - asn1_id_pkcs9_emailAddress.x \ - asn1_id_pkcs9_messageDigest.x \ - asn1_id_pkcs9_signingTime.x \ - asn1_id_pkcs9_countersignature.x \ - asn1_id_pkcs_9_at_friendlyName.x \ - asn1_id_pkcs_9_at_localKeyId.x \ - asn1_id_pkcs_9_at_certTypes.x \ - asn1_id_pkcs_9_at_certTypes_x509.x \ - asn1_PKCS9_BMPString.x \ - asn1_PKCS9_friendlyName.x - -gen_files_test = \ - asn1_TESTAlloc.x \ - asn1_TESTAllocInner.x \ - asn1_TESTCONTAINING.x \ - asn1_TESTCONTAININGENCODEDBY.x \ - asn1_TESTCONTAININGENCODEDBY2.x \ - asn1_TESTChoice1.x \ - asn1_TESTChoice2.x \ - asn1_TESTDer.x \ - asn1_TESTENCODEDBY.x \ - asn1_TESTImplicit.x \ - asn1_TESTImplicit2.x \ - asn1_TESTInteger.x \ - asn1_TESTInteger2.x \ - asn1_TESTInteger3.x \ - asn1_TESTLargeTag.x \ - asn1_TESTSeq.x \ - asn1_TESTUSERCONSTRAINED.x \ - asn1_TESTSeqOf.x \ - asn1_TESTOSSize1.x \ - asn1_TESTSeqSizeOf1.x \ - asn1_TESTSeqSizeOf2.x \ - asn1_TESTSeqSizeOf3.x \ - asn1_TESTSeqSizeOf4.x - -gen_files_digest = \ - asn1_DigestError.x \ - asn1_DigestInit.x \ - asn1_DigestInitReply.x \ - asn1_DigestREP.x \ - asn1_DigestREQ.x \ - asn1_DigestRepInner.x \ - asn1_DigestReqInner.x \ - asn1_DigestRequest.x \ - asn1_DigestResponse.x \ - asn1_DigestTypes.x \ - asn1_NTLMInit.x \ - asn1_NTLMInitReply.x \ - asn1_NTLMRequest.x \ - asn1_NTLMResponse.x - -gen_files_kx509 = \ - asn1_Kx509Response.x \ - asn1_Kx509Request.x - -noinst_PROGRAMS = asn1_compile asn1_print asn1_gen - -TESTS = check-der check-gen check-timegm +TESTS = check-der check-gen check-timegm check-ber check-template check_PROGRAMS = $(TESTS) asn1_gen_SOURCES = asn1_gen.c asn1_print_SOURCES = asn1_print.c check_der_SOURCES = check-der.c check-common.c check-common.h +check_template_SOURCES = check-template.c check-common.c check-common.h +nodist_check_template_SOURCES = $(gen_files_test:.x=.c) + dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h nodist_check_gen_SOURCES = $(gen_files_test:.x=.c) +build_HEADERZ = asn1-template.h + asn1_compile_SOURCES = \ - asn1-common.h \ asn1_queue.h \ + asn1parse.y \ der.h \ gen.c \ gen_copy.c \ @@ -467,17 +73,17 @@ asn1_compile_SOURCES = \ gen_length.c \ gen_locl.h \ gen_seq.c \ + gen_template.c \ hash.c \ hash.h \ lex.l \ lex.h \ main.c \ - parse.y \ + asn1-template.h \ symbol.c \ symbol.h -dist_libasn1_la_SOURCES = \ - der-protos.h \ +dist_libasn1base_la_SOURCES = \ der_locl.h \ der.c \ der.h \ @@ -490,27 +96,38 @@ dist_libasn1_la_SOURCES = \ der_format.c \ heim_asn1.h \ extra.c \ + template.c \ timegm.c +nodist_libasn1base_la_SOURCES = \ + asn1_err.h \ + asn1_err.c + nodist_libasn1_la_SOURCES = $(BUILT_SOURCES) asn1_compile_LDADD = \ $(LIB_roken) $(LEXLIB) check_der_LDADD = \ + libasn1base.la \ + $(LIB_roken) + +check_template_LDADD = $(check_der_LDADD) +asn1_print_LDADD = $(check_der_LDADD) $(LIB_com_err) +asn1_gen_LDADD = $(check_der_LDADD) +check_timegm_LDADD = $(check_der_LDADD) + +check_gen_LDADD = \ libasn1.la \ $(LIB_roken) -check_gen_LDADD = $(check_der_LDADD) -asn1_print_LDADD = $(check_der_LDADD) -asn1_gen_LDADD = $(check_der_LDADD) -check_timegm_LDADD = $(check_der_LDADD) +check_ber_LDADD = $(check_gen_LDADD) CLEANFILES = \ $(BUILT_SOURCES) \ $(gen_files_rfc2459) \ $(gen_files_cms) \ - $(gen_files_k5) \ + $(gen_files_krb5) \ $(gen_files_pkinit) \ $(gen_files_pkcs8) \ $(gen_files_pkcs9) \ @@ -518,18 +135,20 @@ CLEANFILES = \ $(gen_files_digest) \ $(gen_files_kx509) \ $(gen_files_test) $(nodist_check_gen_SOURCES) \ - rfc2459_asn1_files rfc2459_asn1.h \ - cms_asn1_files cms_asn1.h \ - krb5_asn1_files krb5_asn1.h \ - pkinit_asn1_files pkinit_asn1.h \ - pkcs8_asn1_files pkcs8_asn1.h \ - pkcs9_asn1_files pkcs9_asn1.h \ - pkcs12_asn1_files pkcs12_asn1.h \ - digest_asn1_files digest_asn1.h \ - kx509_asn1_files kx509_asn1.h \ - test_asn1_files test_asn1.h + asn1_err.c asn1_err.h \ + rfc2459_asn1_files rfc2459_asn1*.h* \ + cms_asn1_files cms_asn1*.h* \ + krb5_asn1_files krb5_asn1*.h* \ + pkinit_asn1_files pkinit_asn1*.h* \ + pkcs8_asn1_files pkcs8_asn1*.h* \ + pkcs9_asn1_files pkcs9_asn1*.h* \ + pkcs12_asn1_files pkcs12_asn1*.h* \ + digest_asn1_files digest_asn1*.h* \ + kx509_asn1_files kx509_asn1*.h* \ + test_asn1_files test_asn1*.h* -dist_include_HEADERS = der.h heim_asn1.h der-protos.h +dist_include_HEADERS = der.h heim_asn1.h der-protos.h der-private.h +dist_include_HEADERS += asn1-common.h nodist_include_HEADERS = asn1_err.h nodist_include_HEADERS += krb5_asn1.h @@ -542,69 +161,94 @@ nodist_include_HEADERS += pkcs12_asn1.h nodist_include_HEADERS += digest_asn1.h nodist_include_HEADERS += kx509_asn1.h -$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h -$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h +priv_headers = krb5_asn1-priv.h +priv_headers += pkinit_asn1-priv.h +priv_headers += cms_asn1-priv.h +priv_headers += rfc2459_asn1-priv.h +priv_headers += pkcs8_asn1-priv.h +priv_headers += pkcs9_asn1-priv.h +priv_headers += pkcs12_asn1-priv.h +priv_headers += digest_asn1-priv.h +priv_headers += kx509_asn1-priv.h +priv_headers += test_asn1.h test_asn1-priv.h + + + +$(asn1_compile_OBJECTS): asn1parse.h asn1parse.c $(srcdir)/der-protos.h $(srcdir)/der-private.h +$(libasn1_la_OBJECTS): $(nodist_include_HEADERS) $(priv_headers) asn1_err.h $(srcdir)/der-protos.h $(srcdir)/der-private.h +$(libasn1base_la_OBJECTS): asn1_err.h $(srcdir)/der-protos.h $(srcdir)/der-private.h $(check_gen_OBJECTS): test_asn1.h +$(check_template_OBJECTS): test_asn1_files $(asn1_print_OBJECTS): krb5_asn1.h -parse.h: parse.c +asn1parse.h: asn1parse.c -$(gen_files_k5) krb5_asn1.h: krb5_asn1_files -$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files -$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files -$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files -$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files -$(gen_files_digest) digest_asn1.h: digest_asn1_files -$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files -$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files -$(gen_files_cms) cms_asn1.h: cms_asn1_files -$(gen_files_test) test_asn1.h: test_asn1_files +$(gen_files_krb5) krb5_asn1.hx krb5_asn1-priv.hx: krb5_asn1_files +$(gen_files_pkinit) pkinit_asn1.hx pkinit_asn1-priv.hx: pkinit_asn1_files +$(gen_files_pkcs8) pkcs8_asn1.hx pkcs8_asn1-priv.hx: pkcs8_asn1_files +$(gen_files_pkcs9) pkcs9_asn1.hx pkcs9_asn1-priv.hx: pkcs9_asn1_files +$(gen_files_pkcs12) pkcs12_asn1.hx pkcs12_asn1-priv.hx: pkcs12_asn1_files +$(gen_files_digest) digest_asn1.hx digest_asn1-priv.hx: digest_asn1_files +$(gen_files_kx509) kx509_asn1.hx kx509_asn1-priv.hx: kx509_asn1_files +$(gen_files_rfc2459) rfc2459_asn1.hx rfc2459_asn1-priv.hx: rfc2459_asn1_files +$(gen_files_cms) cms_asn1.hx cms_asn1-priv.hx: cms_asn1_files +$(gen_files_test) test_asn1.hx test_asn1-priv.hx: test_asn1_files rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1 - ./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1) -cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1) +cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/cms.asn1 $(srcdir)/cms.opt + $(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/cms.opt $(srcdir)/cms.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1) -krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 - ./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1) +krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/krb5.asn1 $(srcdir)/krb5.opt + $(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/krb5.opt $(srcdir)/krb5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1) pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1) pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1) pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1) pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1) digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1) kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1) test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1 - ./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1) + EXTRA_DIST = \ + NTMakefile \ + asn1_compile-version.rc \ + libasn1-exports.def \ + cms.asn1 \ + cms.opt \ asn1_err.et \ canthandle.asn1 \ - CMS.asn1 \ digest.asn1 \ - k5.asn1 \ + krb5.asn1 \ + krb5.opt \ kx509.asn1 \ - test.asn1 \ - setchgpw2.asn1 \ pkcs12.asn1 \ pkcs8.asn1 \ pkcs9.asn1 \ pkinit.asn1 \ rfc2459.asn1 \ - test.gen + setchgpw2.asn1 \ + test.asn1 \ + test.gen \ + version-script.map $(srcdir)/der-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1base_la_SOURCES) || rm -f der-protos.h + +$(srcdir)/der-private.h: + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p der-private.h $(dist_libasn1base_la_SOURCES) || rm -f der-private.h diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in index 0a3783a9b60..ab377b3090f 100644 --- a/crypto/heimdal/lib/asn1/Makefile.in +++ b/crypto/heimdal/lib/asn1/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22445 2008-01-14 21:23:36Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -42,16 +44,18 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \ - parse.h -noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) \ - asn1_gen$(EXEEXT) -TESTS = check-der$(EXEEXT) check-gen$(EXEEXT) check-timegm$(EXEEXT) + $(top_srcdir)/cf/Makefile.am.common ChangeLog asn1parse.c \ + asn1parse.h lex.c +@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +noinst_PROGRAMS = asn1_gen$(EXEEXT) +libexec_heimdal_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) +TESTS = check-der$(EXEEXT) check-gen$(EXEEXT) check-timegm$(EXEEXT) \ + check-ber$(EXEEXT) check-template$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = lib/asn1 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -66,7 +70,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -80,9 +84,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -90,281 +97,108 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \ +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" \ + "$(DESTDIR)$(libexec_heimdaldir)" "$(DESTDIR)$(includedir)" \ "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) -LTLIBRARIES = $(lib_LTLIBRARIES) +LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = -libasn1_la_DEPENDENCIES = $(am__DEPENDENCIES_1) -dist_libasn1_la_OBJECTS = der.lo der_get.lo der_put.lo der_free.lo \ - der_length.lo der_copy.lo der_cmp.lo der_format.lo extra.lo \ - timegm.lo -am__objects_1 = asn1_Version.lo asn1_id_pkcs_1.lo \ - asn1_id_pkcs1_rsaEncryption.lo \ - asn1_id_pkcs1_md2WithRSAEncryption.lo \ - asn1_id_pkcs1_md5WithRSAEncryption.lo \ - asn1_id_pkcs1_sha1WithRSAEncryption.lo \ - asn1_id_pkcs1_sha256WithRSAEncryption.lo \ - asn1_id_pkcs1_sha384WithRSAEncryption.lo \ - asn1_id_pkcs1_sha512WithRSAEncryption.lo \ - asn1_id_heim_rsa_pkcs1_x509.lo asn1_id_pkcs_2.lo \ - asn1_id_pkcs2_md2.lo asn1_id_pkcs2_md4.lo asn1_id_pkcs2_md5.lo \ - asn1_id_rsa_digestAlgorithm.lo asn1_id_rsa_digest_md2.lo \ - asn1_id_rsa_digest_md4.lo asn1_id_rsa_digest_md5.lo \ - asn1_id_pkcs_3.lo asn1_id_pkcs3_rc2_cbc.lo \ - asn1_id_pkcs3_rc4.lo asn1_id_pkcs3_des_ede3_cbc.lo \ - asn1_id_rsadsi_encalg.lo asn1_id_rsadsi_rc2_cbc.lo \ - asn1_id_rsadsi_des_ede3_cbc.lo asn1_id_secsig_sha_1.lo \ - asn1_id_nistAlgorithm.lo asn1_id_nist_aes_algs.lo \ - asn1_id_aes_128_cbc.lo asn1_id_aes_192_cbc.lo \ - asn1_id_aes_256_cbc.lo asn1_id_nist_sha_algs.lo \ - asn1_id_sha256.lo asn1_id_sha224.lo asn1_id_sha384.lo \ - asn1_id_sha512.lo asn1_id_dhpublicnumber.lo asn1_id_x9_57.lo \ - asn1_id_dsa.lo asn1_id_dsa_with_sha1.lo asn1_id_x520_at.lo \ - asn1_id_at_commonName.lo asn1_id_at_surname.lo \ - asn1_id_at_serialNumber.lo asn1_id_at_countryName.lo \ - asn1_id_at_localityName.lo asn1_id_at_streetAddress.lo \ - asn1_id_at_stateOrProvinceName.lo \ - asn1_id_at_organizationName.lo \ - asn1_id_at_organizationalUnitName.lo asn1_id_at_name.lo \ - asn1_id_at_givenName.lo asn1_id_at_initials.lo \ - asn1_id_at_generationQualifier.lo asn1_id_at_pseudonym.lo \ - asn1_id_Userid.lo asn1_id_domainComponent.lo \ - asn1_id_x509_ce.lo asn1_id_uspkicommon_card_id.lo \ - asn1_id_uspkicommon_piv_interim.lo asn1_id_netscape.lo \ - asn1_id_netscape_cert_comment.lo \ - asn1_id_ms_cert_enroll_domaincontroller.lo \ - asn1_id_ms_client_authentication.lo \ - asn1_AlgorithmIdentifier.lo asn1_AttributeType.lo \ - asn1_AttributeValue.lo asn1_TeletexStringx.lo \ - asn1_DirectoryString.lo asn1_Attribute.lo \ - asn1_AttributeTypeAndValue.lo \ - asn1_AuthorityInfoAccessSyntax.lo asn1_AccessDescription.lo \ - asn1_RelativeDistinguishedName.lo asn1_RDNSequence.lo \ - asn1_Name.lo asn1_CertificateSerialNumber.lo asn1_Time.lo \ - asn1_Validity.lo asn1_UniqueIdentifier.lo \ - asn1_SubjectPublicKeyInfo.lo asn1_Extension.lo \ - asn1_Extensions.lo asn1_TBSCertificate.lo asn1_Certificate.lo \ - asn1_Certificates.lo asn1_ValidationParms.lo \ - asn1_DomainParameters.lo asn1_DHPublicKey.lo asn1_OtherName.lo \ - asn1_GeneralName.lo asn1_GeneralNames.lo \ - asn1_id_x509_ce_keyUsage.lo asn1_KeyUsage.lo \ - asn1_id_x509_ce_authorityKeyIdentifier.lo \ - asn1_KeyIdentifier.lo asn1_AuthorityKeyIdentifier.lo \ - asn1_id_x509_ce_subjectKeyIdentifier.lo \ - asn1_SubjectKeyIdentifier.lo \ - asn1_id_x509_ce_basicConstraints.lo asn1_BasicConstraints.lo \ - asn1_id_x509_ce_nameConstraints.lo asn1_BaseDistance.lo \ - asn1_GeneralSubtree.lo asn1_GeneralSubtrees.lo \ - asn1_NameConstraints.lo \ - asn1_id_x509_ce_privateKeyUsagePeriod.lo \ - asn1_id_x509_ce_certificatePolicies.lo \ - asn1_id_x509_ce_policyMappings.lo \ - asn1_id_x509_ce_subjectAltName.lo \ - asn1_id_x509_ce_issuerAltName.lo \ - asn1_id_x509_ce_subjectDirectoryAttributes.lo \ - asn1_id_x509_ce_policyConstraints.lo \ - asn1_id_x509_ce_extKeyUsage.lo asn1_ExtKeyUsage.lo \ - asn1_id_x509_ce_cRLDistributionPoints.lo \ - asn1_id_x509_ce_deltaCRLIndicator.lo \ - asn1_id_x509_ce_issuingDistributionPoint.lo \ - asn1_id_x509_ce_holdInstructionCode.lo \ - asn1_id_x509_ce_invalidityDate.lo \ - asn1_id_x509_ce_certificateIssuer.lo \ - asn1_id_x509_ce_inhibitAnyPolicy.lo \ - asn1_DistributionPointReasonFlags.lo \ - asn1_DistributionPointName.lo asn1_DistributionPoint.lo \ - asn1_CRLDistributionPoints.lo asn1_DSASigValue.lo \ - asn1_DSAPublicKey.lo asn1_DSAParams.lo asn1_RSAPublicKey.lo \ - asn1_RSAPrivateKey.lo asn1_DigestInfo.lo \ - asn1_TBSCRLCertList.lo asn1_CRLCertificateList.lo \ - asn1_id_x509_ce_cRLNumber.lo asn1_id_x509_ce_freshestCRL.lo \ - asn1_id_x509_ce_cRLReason.lo asn1_CRLReason.lo \ - asn1_PKIXXmppAddr.lo asn1_id_pkix.lo asn1_id_pkix_on.lo \ - asn1_id_pkix_on_dnsSRV.lo asn1_id_pkix_on_xmppAddr.lo \ - asn1_id_pkix_kp.lo asn1_id_pkix_kp_serverAuth.lo \ - asn1_id_pkix_kp_clientAuth.lo \ - asn1_id_pkix_kp_emailProtection.lo \ - asn1_id_pkix_kp_timeStamping.lo asn1_id_pkix_kp_OCSPSigning.lo \ - asn1_id_pkix_pe.lo asn1_id_pkix_pe_authorityInfoAccess.lo \ - asn1_id_pkix_pe_proxyCertInfo.lo asn1_id_pkix_ppl.lo \ - asn1_id_pkix_ppl_anyLanguage.lo asn1_id_pkix_ppl_inheritAll.lo \ - asn1_id_pkix_ppl_independent.lo asn1_ProxyPolicy.lo \ - asn1_ProxyCertInfo.lo -am__objects_2 = asn1_CMSAttributes.lo asn1_CMSCBCParameter.lo \ - asn1_CMSEncryptedData.lo asn1_CMSIdentifier.lo \ - asn1_CMSRC2CBCParameter.lo asn1_CMSVersion.lo \ - asn1_CertificateList.lo asn1_CertificateRevocationLists.lo \ - asn1_CertificateSet.lo \ - asn1_ContentEncryptionAlgorithmIdentifier.lo \ - asn1_ContentInfo.lo asn1_ContentType.lo \ - asn1_DigestAlgorithmIdentifier.lo \ - asn1_DigestAlgorithmIdentifiers.lo \ - asn1_EncapsulatedContentInfo.lo asn1_EncryptedContent.lo \ - asn1_EncryptedContentInfo.lo asn1_EncryptedKey.lo \ - asn1_EnvelopedData.lo asn1_IssuerAndSerialNumber.lo \ - asn1_KeyEncryptionAlgorithmIdentifier.lo \ - asn1_KeyTransRecipientInfo.lo asn1_MessageDigest.lo \ - asn1_OriginatorInfo.lo asn1_RecipientIdentifier.lo \ - asn1_RecipientInfo.lo asn1_RecipientInfos.lo \ - asn1_SignatureAlgorithmIdentifier.lo asn1_SignatureValue.lo \ - asn1_SignedData.lo asn1_SignerIdentifier.lo asn1_SignerInfo.lo \ - asn1_SignerInfos.lo asn1_id_pkcs7.lo asn1_id_pkcs7_data.lo \ - asn1_id_pkcs7_digestedData.lo asn1_id_pkcs7_encryptedData.lo \ - asn1_id_pkcs7_envelopedData.lo \ - asn1_id_pkcs7_signedAndEnvelopedData.lo \ - asn1_id_pkcs7_signedData.lo asn1_UnprotectedAttributes.lo -am__objects_3 = asn1_AD_AND_OR.lo asn1_AD_IF_RELEVANT.lo \ - asn1_AD_KDCIssued.lo asn1_AD_MANDATORY_FOR_KDC.lo \ - asn1_AD_LoginAlias.lo asn1_APOptions.lo asn1_AP_REP.lo \ - asn1_AP_REQ.lo asn1_AS_REP.lo asn1_AS_REQ.lo \ - asn1_AUTHDATA_TYPE.lo asn1_Authenticator.lo \ - asn1_AuthorizationData.lo asn1_AuthorizationDataElement.lo \ - asn1_CKSUMTYPE.lo asn1_ChangePasswdDataMS.lo asn1_Checksum.lo \ - asn1_ENCTYPE.lo asn1_ETYPE_INFO.lo asn1_ETYPE_INFO2.lo \ - asn1_ETYPE_INFO2_ENTRY.lo asn1_ETYPE_INFO_ENTRY.lo \ - asn1_EncAPRepPart.lo asn1_EncASRepPart.lo \ - asn1_EncKDCRepPart.lo asn1_EncKrbCredPart.lo \ - asn1_EncKrbPrivPart.lo asn1_EncTGSRepPart.lo \ - asn1_EncTicketPart.lo asn1_EncryptedData.lo \ - asn1_EncryptionKey.lo asn1_EtypeList.lo asn1_HostAddress.lo \ - asn1_HostAddresses.lo asn1_KDCOptions.lo asn1_KDC_REP.lo \ - asn1_KDC_REQ.lo asn1_KDC_REQ_BODY.lo asn1_KRB_CRED.lo \ - asn1_KRB_ERROR.lo asn1_KRB_PRIV.lo asn1_KRB_SAFE.lo \ - asn1_KRB_SAFE_BODY.lo asn1_KerberosString.lo \ - asn1_KerberosTime.lo asn1_KrbCredInfo.lo asn1_LR_TYPE.lo \ - asn1_LastReq.lo asn1_MESSAGE_TYPE.lo asn1_METHOD_DATA.lo \ - asn1_NAME_TYPE.lo asn1_PADATA_TYPE.lo asn1_PA_DATA.lo \ - asn1_PA_ENC_SAM_RESPONSE_ENC.lo asn1_PA_ENC_TS_ENC.lo \ - asn1_PA_PAC_REQUEST.lo asn1_PA_S4U2Self.lo \ - asn1_PA_SAM_CHALLENGE_2.lo asn1_PA_SAM_CHALLENGE_2_BODY.lo \ - asn1_PA_SAM_REDIRECT.lo asn1_PA_SAM_RESPONSE_2.lo \ - asn1_PA_SAM_TYPE.lo asn1_PA_ClientCanonicalized.lo \ - asn1_PA_ClientCanonicalizedNames.lo asn1_PA_SvrReferralData.lo \ - asn1_PROV_SRV_LOCATION.lo asn1_Principal.lo \ - asn1_PrincipalName.lo asn1_Realm.lo asn1_SAMFlags.lo \ - asn1_TGS_REP.lo asn1_TGS_REQ.lo asn1_TYPED_DATA.lo \ - asn1_Ticket.lo asn1_TicketFlags.lo asn1_TransitedEncoding.lo \ - asn1_TypedData.lo asn1_krb5int32.lo asn1_krb5uint32.lo \ - asn1_KRB5SignedPathData.lo asn1_KRB5SignedPathPrincipals.lo \ - asn1_KRB5SignedPath.lo -am__objects_4 = asn1_id_pkinit.lo asn1_id_pkauthdata.lo \ - asn1_id_pkdhkeydata.lo asn1_id_pkrkeydata.lo \ - asn1_id_pkekuoid.lo asn1_id_pkkdcekuoid.lo \ - asn1_id_pkinit_san.lo asn1_id_pkinit_ms_eku.lo \ - asn1_id_pkinit_ms_san.lo asn1_MS_UPN_SAN.lo asn1_DHNonce.lo \ - asn1_KDFAlgorithmId.lo asn1_TrustedCA.lo \ - asn1_ExternalPrincipalIdentifier.lo \ - asn1_ExternalPrincipalIdentifiers.lo asn1_PA_PK_AS_REQ.lo \ - asn1_PKAuthenticator.lo asn1_AuthPack.lo \ - asn1_TD_TRUSTED_CERTIFIERS.lo asn1_TD_INVALID_CERTIFICATES.lo \ - asn1_KRB5PrincipalName.lo asn1_AD_INITIAL_VERIFIED_CAS.lo \ - asn1_DHRepInfo.lo asn1_PA_PK_AS_REP.lo asn1_KDCDHKeyInfo.lo \ - asn1_ReplyKeyPack.lo asn1_TD_DH_PARAMETERS.lo \ - asn1_PKAuthenticator_Win2k.lo asn1_AuthPack_Win2k.lo \ - asn1_TrustedCA_Win2k.lo asn1_PA_PK_AS_REQ_Win2k.lo \ - asn1_PA_PK_AS_REP_Win2k.lo asn1_KDCDHKeyInfo_Win2k.lo \ - asn1_ReplyKeyPack_Win2k.lo asn1_PkinitSuppPubInfo.lo -am__objects_5 = asn1_PKCS8PrivateKeyAlgorithmIdentifier.lo \ - asn1_PKCS8PrivateKey.lo asn1_PKCS8PrivateKeyInfo.lo \ - asn1_PKCS8Attributes.lo asn1_PKCS8EncryptedPrivateKeyInfo.lo \ - asn1_PKCS8EncryptedData.lo -am__objects_6 = asn1_id_pkcs_9.lo asn1_id_pkcs9_contentType.lo \ - asn1_id_pkcs9_emailAddress.lo asn1_id_pkcs9_messageDigest.lo \ - asn1_id_pkcs9_signingTime.lo asn1_id_pkcs9_countersignature.lo \ - asn1_id_pkcs_9_at_friendlyName.lo \ - asn1_id_pkcs_9_at_localKeyId.lo asn1_id_pkcs_9_at_certTypes.lo \ - asn1_id_pkcs_9_at_certTypes_x509.lo asn1_PKCS9_BMPString.lo \ - asn1_PKCS9_friendlyName.lo -am__objects_7 = asn1_id_pkcs_12.lo asn1_id_pkcs_12PbeIds.lo \ - asn1_id_pbeWithSHAAnd128BitRC4.lo \ - asn1_id_pbeWithSHAAnd40BitRC4.lo \ - asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.lo \ - asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.lo \ - asn1_id_pbeWithSHAAnd128BitRC2_CBC.lo \ - asn1_id_pbewithSHAAnd40BitRC2_CBC.lo \ - asn1_id_pkcs12_bagtypes.lo asn1_id_pkcs12_keyBag.lo \ - asn1_id_pkcs12_pkcs8ShroudedKeyBag.lo \ - asn1_id_pkcs12_certBag.lo asn1_id_pkcs12_crlBag.lo \ - asn1_id_pkcs12_secretBag.lo asn1_id_pkcs12_safeContentsBag.lo \ - asn1_PKCS12_MacData.lo asn1_PKCS12_PFX.lo \ - asn1_PKCS12_AuthenticatedSafe.lo asn1_PKCS12_CertBag.lo \ - asn1_PKCS12_Attribute.lo asn1_PKCS12_Attributes.lo \ - asn1_PKCS12_SafeBag.lo asn1_PKCS12_SafeContents.lo \ - asn1_PKCS12_OctetString.lo asn1_PKCS12_PBEParams.lo -am__objects_8 = asn1_DigestError.lo asn1_DigestInit.lo \ - asn1_DigestInitReply.lo asn1_DigestREP.lo asn1_DigestREQ.lo \ - asn1_DigestRepInner.lo asn1_DigestReqInner.lo \ - asn1_DigestRequest.lo asn1_DigestResponse.lo \ - asn1_DigestTypes.lo asn1_NTLMInit.lo asn1_NTLMInitReply.lo \ - asn1_NTLMRequest.lo asn1_NTLMResponse.lo -am__objects_9 = asn1_Kx509Response.lo asn1_Kx509Request.lo +libasn1_la_DEPENDENCIES = libasn1base.la $(am__DEPENDENCIES_1) +am__objects_1 = asn1_rfc2459_asn1.lo +am__objects_2 = asn1_cms_asn1.lo +am__objects_3 = asn1_krb5_asn1.lo +am__objects_4 = asn1_pkinit_asn1.lo +am__objects_5 = asn1_pkcs8_asn1.lo +am__objects_6 = asn1_pkcs9_asn1.lo +am__objects_7 = asn1_pkcs12_asn1.lo +am__objects_8 = asn1_digest_asn1.lo +am__objects_9 = asn1_kx509_asn1.lo am__objects_10 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \ $(am__objects_4) $(am__objects_5) $(am__objects_6) \ - $(am__objects_7) $(am__objects_8) $(am__objects_9) asn1_err.lo + $(am__objects_7) $(am__objects_8) $(am__objects_9) nodist_libasn1_la_OBJECTS = $(am__objects_10) -libasn1_la_OBJECTS = $(dist_libasn1_la_OBJECTS) \ - $(nodist_libasn1_la_OBJECTS) +libasn1_la_OBJECTS = $(nodist_libasn1_la_OBJECTS) libasn1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libasn1_la_LDFLAGS) $(LDFLAGS) -o $@ +libasn1base_la_LIBADD = +dist_libasn1base_la_OBJECTS = der.lo der_get.lo der_put.lo der_free.lo \ + der_length.lo der_copy.lo der_cmp.lo der_format.lo extra.lo \ + template.lo timegm.lo +nodist_libasn1base_la_OBJECTS = asn1_err.lo +libasn1base_la_OBJECTS = $(dist_libasn1base_la_OBJECTS) \ + $(nodist_libasn1base_la_OBJECTS) am__EXEEXT_1 = check-der$(EXEEXT) check-gen$(EXEEXT) \ - check-timegm$(EXEEXT) -PROGRAMS = $(noinst_PROGRAMS) -am_asn1_compile_OBJECTS = gen.$(OBJEXT) gen_copy.$(OBJEXT) \ - gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) gen_free.$(OBJEXT) \ - gen_glue.$(OBJEXT) gen_length.$(OBJEXT) gen_seq.$(OBJEXT) \ - hash.$(OBJEXT) lex.$(OBJEXT) main.$(OBJEXT) parse.$(OBJEXT) \ - symbol.$(OBJEXT) + check-timegm$(EXEEXT) check-ber$(EXEEXT) \ + check-template$(EXEEXT) +PROGRAMS = $(libexec_heimdal_PROGRAMS) $(noinst_PROGRAMS) +am_asn1_compile_OBJECTS = asn1parse.$(OBJEXT) gen.$(OBJEXT) \ + gen_copy.$(OBJEXT) gen_decode.$(OBJEXT) gen_encode.$(OBJEXT) \ + gen_free.$(OBJEXT) gen_glue.$(OBJEXT) gen_length.$(OBJEXT) \ + gen_seq.$(OBJEXT) gen_template.$(OBJEXT) hash.$(OBJEXT) \ + lex.$(OBJEXT) main.$(OBJEXT) symbol.$(OBJEXT) asn1_compile_OBJECTS = $(am_asn1_compile_OBJECTS) asn1_compile_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am_asn1_gen_OBJECTS = asn1_gen.$(OBJEXT) asn1_gen_OBJECTS = $(am_asn1_gen_OBJECTS) -am__DEPENDENCIES_2 = libasn1.la $(am__DEPENDENCIES_1) +am__DEPENDENCIES_2 = libasn1base.la $(am__DEPENDENCIES_1) asn1_gen_DEPENDENCIES = $(am__DEPENDENCIES_2) am_asn1_print_OBJECTS = asn1_print.$(OBJEXT) asn1_print_OBJECTS = $(am_asn1_print_OBJECTS) -asn1_print_DEPENDENCIES = $(am__DEPENDENCIES_2) +asn1_print_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) +check_ber_SOURCES = check-ber.c +check_ber_OBJECTS = check-ber.$(OBJEXT) +am__DEPENDENCIES_3 = libasn1.la $(am__DEPENDENCIES_1) +check_ber_DEPENDENCIES = $(am__DEPENDENCIES_3) am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT) check_der_OBJECTS = $(am_check_der_OBJECTS) -check_der_DEPENDENCIES = libasn1.la $(am__DEPENDENCIES_1) +check_der_DEPENDENCIES = libasn1base.la $(am__DEPENDENCIES_1) dist_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT) -am__objects_11 = asn1_TESTAlloc.$(OBJEXT) \ - asn1_TESTAllocInner.$(OBJEXT) asn1_TESTCONTAINING.$(OBJEXT) \ - asn1_TESTCONTAININGENCODEDBY.$(OBJEXT) \ - asn1_TESTCONTAININGENCODEDBY2.$(OBJEXT) \ - asn1_TESTChoice1.$(OBJEXT) asn1_TESTChoice2.$(OBJEXT) \ - asn1_TESTDer.$(OBJEXT) asn1_TESTENCODEDBY.$(OBJEXT) \ - asn1_TESTImplicit.$(OBJEXT) asn1_TESTImplicit2.$(OBJEXT) \ - asn1_TESTInteger.$(OBJEXT) asn1_TESTInteger2.$(OBJEXT) \ - asn1_TESTInteger3.$(OBJEXT) asn1_TESTLargeTag.$(OBJEXT) \ - asn1_TESTSeq.$(OBJEXT) asn1_TESTUSERCONSTRAINED.$(OBJEXT) \ - asn1_TESTSeqOf.$(OBJEXT) asn1_TESTOSSize1.$(OBJEXT) \ - asn1_TESTSeqSizeOf1.$(OBJEXT) asn1_TESTSeqSizeOf2.$(OBJEXT) \ - asn1_TESTSeqSizeOf3.$(OBJEXT) asn1_TESTSeqSizeOf4.$(OBJEXT) +am__objects_11 = asn1_test_asn1.$(OBJEXT) nodist_check_gen_OBJECTS = $(am__objects_11) check_gen_OBJECTS = $(dist_check_gen_OBJECTS) \ $(nodist_check_gen_OBJECTS) -check_gen_DEPENDENCIES = $(am__DEPENDENCIES_2) +check_gen_DEPENDENCIES = libasn1.la $(am__DEPENDENCIES_1) +am_check_template_OBJECTS = check-template.$(OBJEXT) \ + check-common.$(OBJEXT) +nodist_check_template_OBJECTS = $(am__objects_11) +check_template_OBJECTS = $(am_check_template_OBJECTS) \ + $(nodist_check_template_OBJECTS) +check_template_DEPENDENCIES = $(am__DEPENDENCIES_2) check_timegm_SOURCES = check-timegm.c check_timegm_OBJECTS = check-timegm.$(OBJEXT) check_timegm_DEPENDENCIES = $(am__DEPENDENCIES_2) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -383,67 +217,78 @@ YLWRAP = $(top_srcdir)/ylwrap YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) -SOURCES = $(dist_libasn1_la_SOURCES) $(nodist_libasn1_la_SOURCES) \ - $(asn1_compile_SOURCES) $(asn1_gen_SOURCES) \ - $(asn1_print_SOURCES) $(check_der_SOURCES) \ - $(dist_check_gen_SOURCES) $(nodist_check_gen_SOURCES) \ - check-timegm.c -DIST_SOURCES = $(dist_libasn1_la_SOURCES) $(asn1_compile_SOURCES) \ - $(asn1_gen_SOURCES) $(asn1_print_SOURCES) $(check_der_SOURCES) \ - $(dist_check_gen_SOURCES) check-timegm.c -dist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) +SOURCES = $(nodist_libasn1_la_SOURCES) $(dist_libasn1base_la_SOURCES) \ + $(nodist_libasn1base_la_SOURCES) $(asn1_compile_SOURCES) \ + $(asn1_gen_SOURCES) $(asn1_print_SOURCES) check-ber.c \ + $(check_der_SOURCES) $(dist_check_gen_SOURCES) \ + $(nodist_check_gen_SOURCES) $(check_template_SOURCES) \ + $(nodist_check_template_SOURCES) check-timegm.c +DIST_SOURCES = $(dist_libasn1base_la_SOURCES) $(asn1_compile_SOURCES) \ + $(asn1_gen_SOURCES) $(asn1_print_SOURCES) check-ber.c \ + $(check_der_SOURCES) $(dist_check_gen_SOURCES) \ + $(check_template_SOURCES) check-timegm.c HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -467,10 +312,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -487,6 +333,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -502,31 +350,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -541,10 +403,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -585,475 +449,75 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libasn1.la -libasn1_la_LDFLAGS = -version-info 8:0:0 +libasn1_la_LDFLAGS = -version-info 8:0:0 $(am__append_1) +noinst_LTLIBRARIES = libasn1base.la libasn1_la_LIBADD = \ + libasn1base.la \ @LIB_com_err@ \ $(LIBADD_roken) BUILT_SOURCES = \ $(gen_files_rfc2459:.x=.c) \ $(gen_files_cms:.x=.c) \ - $(gen_files_k5:.x=.c) \ + $(gen_files_krb5:.x=.c) \ $(gen_files_pkinit:.x=.c) \ $(gen_files_pkcs8:.x=.c) \ $(gen_files_pkcs9:.x=.c) \ $(gen_files_pkcs12:.x=.c) \ $(gen_files_digest:.x=.c) \ - $(gen_files_kx509:.x=.c) \ - asn1_err.h \ - asn1_err.c - -gen_files_k5 = \ - asn1_AD_AND_OR.x \ - asn1_AD_IF_RELEVANT.x \ - asn1_AD_KDCIssued.x \ - asn1_AD_MANDATORY_FOR_KDC.x \ - asn1_AD_LoginAlias.x \ - asn1_APOptions.x \ - asn1_AP_REP.x \ - asn1_AP_REQ.x \ - asn1_AS_REP.x \ - asn1_AS_REQ.x \ - asn1_AUTHDATA_TYPE.x \ - asn1_Authenticator.x \ - asn1_AuthorizationData.x \ - asn1_AuthorizationDataElement.x \ - asn1_CKSUMTYPE.x \ - asn1_ChangePasswdDataMS.x \ - asn1_Checksum.x \ - asn1_ENCTYPE.x \ - asn1_ETYPE_INFO.x \ - asn1_ETYPE_INFO2.x \ - asn1_ETYPE_INFO2_ENTRY.x \ - asn1_ETYPE_INFO_ENTRY.x \ - asn1_EncAPRepPart.x \ - asn1_EncASRepPart.x \ - asn1_EncKDCRepPart.x \ - asn1_EncKrbCredPart.x \ - asn1_EncKrbPrivPart.x \ - asn1_EncTGSRepPart.x \ - asn1_EncTicketPart.x \ - asn1_EncryptedData.x \ - asn1_EncryptionKey.x \ - asn1_EtypeList.x \ - asn1_HostAddress.x \ - asn1_HostAddresses.x \ - asn1_KDCOptions.x \ - asn1_KDC_REP.x \ - asn1_KDC_REQ.x \ - asn1_KDC_REQ_BODY.x \ - asn1_KRB_CRED.x \ - asn1_KRB_ERROR.x \ - asn1_KRB_PRIV.x \ - asn1_KRB_SAFE.x \ - asn1_KRB_SAFE_BODY.x \ - asn1_KerberosString.x \ - asn1_KerberosTime.x \ - asn1_KrbCredInfo.x \ - asn1_LR_TYPE.x \ - asn1_LastReq.x \ - asn1_MESSAGE_TYPE.x \ - asn1_METHOD_DATA.x \ - asn1_NAME_TYPE.x \ - asn1_PADATA_TYPE.x \ - asn1_PA_DATA.x \ - asn1_PA_ENC_SAM_RESPONSE_ENC.x \ - asn1_PA_ENC_TS_ENC.x \ - asn1_PA_PAC_REQUEST.x \ - asn1_PA_S4U2Self.x \ - asn1_PA_SAM_CHALLENGE_2.x \ - asn1_PA_SAM_CHALLENGE_2_BODY.x \ - asn1_PA_SAM_REDIRECT.x \ - asn1_PA_SAM_RESPONSE_2.x \ - asn1_PA_SAM_TYPE.x \ - asn1_PA_ClientCanonicalized.x \ - asn1_PA_ClientCanonicalizedNames.x \ - asn1_PA_SvrReferralData.x \ - asn1_PROV_SRV_LOCATION.x \ - asn1_Principal.x \ - asn1_PrincipalName.x \ - asn1_Realm.x \ - asn1_SAMFlags.x \ - asn1_TGS_REP.x \ - asn1_TGS_REQ.x \ - asn1_TYPED_DATA.x \ - asn1_Ticket.x \ - asn1_TicketFlags.x \ - asn1_TransitedEncoding.x \ - asn1_TypedData.x \ - asn1_krb5int32.x \ - asn1_krb5uint32.x \ - asn1_KRB5SignedPathData.x \ - asn1_KRB5SignedPathPrincipals.x \ - asn1_KRB5SignedPath.x - -gen_files_cms = \ - asn1_CMSAttributes.x \ - asn1_CMSCBCParameter.x \ - asn1_CMSEncryptedData.x \ - asn1_CMSIdentifier.x \ - asn1_CMSRC2CBCParameter.x \ - asn1_CMSVersion.x \ - asn1_CertificateList.x \ - asn1_CertificateRevocationLists.x \ - asn1_CertificateSet.x \ - asn1_ContentEncryptionAlgorithmIdentifier.x \ - asn1_ContentInfo.x \ - asn1_ContentType.x \ - asn1_DigestAlgorithmIdentifier.x \ - asn1_DigestAlgorithmIdentifiers.x \ - asn1_EncapsulatedContentInfo.x \ - asn1_EncryptedContent.x \ - asn1_EncryptedContentInfo.x \ - asn1_EncryptedKey.x \ - asn1_EnvelopedData.x \ - asn1_IssuerAndSerialNumber.x \ - asn1_KeyEncryptionAlgorithmIdentifier.x \ - asn1_KeyTransRecipientInfo.x \ - asn1_MessageDigest.x \ - asn1_OriginatorInfo.x \ - asn1_RecipientIdentifier.x \ - asn1_RecipientInfo.x \ - asn1_RecipientInfos.x \ - asn1_SignatureAlgorithmIdentifier.x \ - asn1_SignatureValue.x \ - asn1_SignedData.x \ - asn1_SignerIdentifier.x \ - asn1_SignerInfo.x \ - asn1_SignerInfos.x \ - asn1_id_pkcs7.x \ - asn1_id_pkcs7_data.x \ - asn1_id_pkcs7_digestedData.x \ - asn1_id_pkcs7_encryptedData.x \ - asn1_id_pkcs7_envelopedData.x \ - asn1_id_pkcs7_signedAndEnvelopedData.x \ - asn1_id_pkcs7_signedData.x \ - asn1_UnprotectedAttributes.x - -gen_files_rfc2459 = \ - asn1_Version.x \ - asn1_id_pkcs_1.x \ - asn1_id_pkcs1_rsaEncryption.x \ - asn1_id_pkcs1_md2WithRSAEncryption.x \ - asn1_id_pkcs1_md5WithRSAEncryption.x \ - asn1_id_pkcs1_sha1WithRSAEncryption.x \ - asn1_id_pkcs1_sha256WithRSAEncryption.x \ - asn1_id_pkcs1_sha384WithRSAEncryption.x \ - asn1_id_pkcs1_sha512WithRSAEncryption.x \ - asn1_id_heim_rsa_pkcs1_x509.x \ - asn1_id_pkcs_2.x \ - asn1_id_pkcs2_md2.x \ - asn1_id_pkcs2_md4.x \ - asn1_id_pkcs2_md5.x \ - asn1_id_rsa_digestAlgorithm.x \ - asn1_id_rsa_digest_md2.x \ - asn1_id_rsa_digest_md4.x \ - asn1_id_rsa_digest_md5.x \ - asn1_id_pkcs_3.x \ - asn1_id_pkcs3_rc2_cbc.x \ - asn1_id_pkcs3_rc4.x \ - asn1_id_pkcs3_des_ede3_cbc.x \ - asn1_id_rsadsi_encalg.x \ - asn1_id_rsadsi_rc2_cbc.x \ - asn1_id_rsadsi_des_ede3_cbc.x \ - asn1_id_secsig_sha_1.x \ - asn1_id_nistAlgorithm.x \ - asn1_id_nist_aes_algs.x \ - asn1_id_aes_128_cbc.x \ - asn1_id_aes_192_cbc.x \ - asn1_id_aes_256_cbc.x \ - asn1_id_nist_sha_algs.x \ - asn1_id_sha256.x \ - asn1_id_sha224.x \ - asn1_id_sha384.x \ - asn1_id_sha512.x \ - asn1_id_dhpublicnumber.x \ - asn1_id_x9_57.x \ - asn1_id_dsa.x \ - asn1_id_dsa_with_sha1.x \ - asn1_id_x520_at.x \ - asn1_id_at_commonName.x \ - asn1_id_at_surname.x \ - asn1_id_at_serialNumber.x \ - asn1_id_at_countryName.x \ - asn1_id_at_localityName.x \ - asn1_id_at_streetAddress.x \ - asn1_id_at_stateOrProvinceName.x \ - asn1_id_at_organizationName.x \ - asn1_id_at_organizationalUnitName.x \ - asn1_id_at_name.x \ - asn1_id_at_givenName.x \ - asn1_id_at_initials.x \ - asn1_id_at_generationQualifier.x \ - asn1_id_at_pseudonym.x \ - asn1_id_Userid.x \ - asn1_id_domainComponent.x \ - asn1_id_x509_ce.x \ - asn1_id_uspkicommon_card_id.x \ - asn1_id_uspkicommon_piv_interim.x \ - asn1_id_netscape.x \ - asn1_id_netscape_cert_comment.x \ - asn1_id_ms_cert_enroll_domaincontroller.x \ - asn1_id_ms_client_authentication.x \ - asn1_AlgorithmIdentifier.x \ - asn1_AttributeType.x \ - asn1_AttributeValue.x \ - asn1_TeletexStringx.x \ - asn1_DirectoryString.x \ - asn1_Attribute.x \ - asn1_AttributeTypeAndValue.x \ - asn1_AuthorityInfoAccessSyntax.x \ - asn1_AccessDescription.x \ - asn1_RelativeDistinguishedName.x \ - asn1_RDNSequence.x \ - asn1_Name.x \ - asn1_CertificateSerialNumber.x \ - asn1_Time.x \ - asn1_Validity.x \ - asn1_UniqueIdentifier.x \ - asn1_SubjectPublicKeyInfo.x \ - asn1_Extension.x \ - asn1_Extensions.x \ - asn1_TBSCertificate.x \ - asn1_Certificate.x \ - asn1_Certificates.x \ - asn1_ValidationParms.x \ - asn1_DomainParameters.x \ - asn1_DHPublicKey.x \ - asn1_OtherName.x \ - asn1_GeneralName.x \ - asn1_GeneralNames.x \ - asn1_id_x509_ce_keyUsage.x \ - asn1_KeyUsage.x \ - asn1_id_x509_ce_authorityKeyIdentifier.x \ - asn1_KeyIdentifier.x \ - asn1_AuthorityKeyIdentifier.x \ - asn1_id_x509_ce_subjectKeyIdentifier.x \ - asn1_SubjectKeyIdentifier.x \ - asn1_id_x509_ce_basicConstraints.x \ - asn1_BasicConstraints.x \ - asn1_id_x509_ce_nameConstraints.x \ - asn1_BaseDistance.x \ - asn1_GeneralSubtree.x \ - asn1_GeneralSubtrees.x \ - asn1_NameConstraints.x \ - asn1_id_x509_ce_privateKeyUsagePeriod.x \ - asn1_id_x509_ce_certificatePolicies.x \ - asn1_id_x509_ce_policyMappings.x \ - asn1_id_x509_ce_subjectAltName.x \ - asn1_id_x509_ce_issuerAltName.x \ - asn1_id_x509_ce_subjectDirectoryAttributes.x \ - asn1_id_x509_ce_policyConstraints.x \ - asn1_id_x509_ce_extKeyUsage.x \ - asn1_ExtKeyUsage.x \ - asn1_id_x509_ce_cRLDistributionPoints.x \ - asn1_id_x509_ce_deltaCRLIndicator.x \ - asn1_id_x509_ce_issuingDistributionPoint.x \ - asn1_id_x509_ce_holdInstructionCode.x \ - asn1_id_x509_ce_invalidityDate.x \ - asn1_id_x509_ce_certificateIssuer.x \ - asn1_id_x509_ce_inhibitAnyPolicy.x \ - asn1_DistributionPointReasonFlags.x \ - asn1_DistributionPointName.x \ - asn1_DistributionPoint.x \ - asn1_CRLDistributionPoints.x \ - asn1_DSASigValue.x \ - asn1_DSAPublicKey.x \ - asn1_DSAParams.x \ - asn1_RSAPublicKey.x \ - asn1_RSAPrivateKey.x \ - asn1_DigestInfo.x \ - asn1_TBSCRLCertList.x \ - asn1_CRLCertificateList.x \ - asn1_id_x509_ce_cRLNumber.x \ - asn1_id_x509_ce_freshestCRL.x \ - asn1_id_x509_ce_cRLReason.x \ - asn1_CRLReason.x \ - asn1_PKIXXmppAddr.x \ - asn1_id_pkix.x \ - asn1_id_pkix_on.x \ - asn1_id_pkix_on_dnsSRV.x \ - asn1_id_pkix_on_xmppAddr.x \ - asn1_id_pkix_kp.x \ - asn1_id_pkix_kp_serverAuth.x \ - asn1_id_pkix_kp_clientAuth.x \ - asn1_id_pkix_kp_emailProtection.x \ - asn1_id_pkix_kp_timeStamping.x \ - asn1_id_pkix_kp_OCSPSigning.x \ - asn1_id_pkix_pe.x \ - asn1_id_pkix_pe_authorityInfoAccess.x \ - asn1_id_pkix_pe_proxyCertInfo.x \ - asn1_id_pkix_ppl.x \ - asn1_id_pkix_ppl_anyLanguage.x \ - asn1_id_pkix_ppl_inheritAll.x \ - asn1_id_pkix_ppl_independent.x \ - asn1_ProxyPolicy.x \ - asn1_ProxyCertInfo.x - -gen_files_pkinit = \ - asn1_id_pkinit.x \ - asn1_id_pkauthdata.x \ - asn1_id_pkdhkeydata.x \ - asn1_id_pkrkeydata.x \ - asn1_id_pkekuoid.x \ - asn1_id_pkkdcekuoid.x \ - asn1_id_pkinit_san.x \ - asn1_id_pkinit_ms_eku.x \ - asn1_id_pkinit_ms_san.x \ - asn1_MS_UPN_SAN.x \ - asn1_DHNonce.x \ - asn1_KDFAlgorithmId.x \ - asn1_TrustedCA.x \ - asn1_ExternalPrincipalIdentifier.x \ - asn1_ExternalPrincipalIdentifiers.x \ - asn1_PA_PK_AS_REQ.x \ - asn1_PKAuthenticator.x \ - asn1_AuthPack.x \ - asn1_TD_TRUSTED_CERTIFIERS.x \ - asn1_TD_INVALID_CERTIFICATES.x \ - asn1_KRB5PrincipalName.x \ - asn1_AD_INITIAL_VERIFIED_CAS.x \ - asn1_DHRepInfo.x \ - asn1_PA_PK_AS_REP.x \ - asn1_KDCDHKeyInfo.x \ - asn1_ReplyKeyPack.x \ - asn1_TD_DH_PARAMETERS.x \ - asn1_PKAuthenticator_Win2k.x \ - asn1_AuthPack_Win2k.x \ - asn1_TrustedCA_Win2k.x \ - asn1_PA_PK_AS_REQ_Win2k.x \ - asn1_PA_PK_AS_REP_Win2k.x \ - asn1_KDCDHKeyInfo_Win2k.x \ - asn1_ReplyKeyPack_Win2k.x \ - asn1_PkinitSuppPubInfo.x - -gen_files_pkcs12 = \ - asn1_id_pkcs_12.x \ - asn1_id_pkcs_12PbeIds.x \ - asn1_id_pbeWithSHAAnd128BitRC4.x \ - asn1_id_pbeWithSHAAnd40BitRC4.x \ - asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \ - asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \ - asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \ - asn1_id_pbewithSHAAnd40BitRC2_CBC.x \ - asn1_id_pkcs12_bagtypes.x \ - asn1_id_pkcs12_keyBag.x \ - asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \ - asn1_id_pkcs12_certBag.x \ - asn1_id_pkcs12_crlBag.x \ - asn1_id_pkcs12_secretBag.x \ - asn1_id_pkcs12_safeContentsBag.x \ - asn1_PKCS12_MacData.x \ - asn1_PKCS12_PFX.x \ - asn1_PKCS12_AuthenticatedSafe.x \ - asn1_PKCS12_CertBag.x \ - asn1_PKCS12_Attribute.x \ - asn1_PKCS12_Attributes.x \ - asn1_PKCS12_SafeBag.x \ - asn1_PKCS12_SafeContents.x \ - asn1_PKCS12_OctetString.x \ - asn1_PKCS12_PBEParams.x - -gen_files_pkcs8 = \ - asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \ - asn1_PKCS8PrivateKey.x \ - asn1_PKCS8PrivateKeyInfo.x \ - asn1_PKCS8Attributes.x \ - asn1_PKCS8EncryptedPrivateKeyInfo.x \ - asn1_PKCS8EncryptedData.x - -gen_files_pkcs9 = \ - asn1_id_pkcs_9.x \ - asn1_id_pkcs9_contentType.x \ - asn1_id_pkcs9_emailAddress.x \ - asn1_id_pkcs9_messageDigest.x \ - asn1_id_pkcs9_signingTime.x \ - asn1_id_pkcs9_countersignature.x \ - asn1_id_pkcs_9_at_friendlyName.x \ - asn1_id_pkcs_9_at_localKeyId.x \ - asn1_id_pkcs_9_at_certTypes.x \ - asn1_id_pkcs_9_at_certTypes_x509.x \ - asn1_PKCS9_BMPString.x \ - asn1_PKCS9_friendlyName.x - -gen_files_test = \ - asn1_TESTAlloc.x \ - asn1_TESTAllocInner.x \ - asn1_TESTCONTAINING.x \ - asn1_TESTCONTAININGENCODEDBY.x \ - asn1_TESTCONTAININGENCODEDBY2.x \ - asn1_TESTChoice1.x \ - asn1_TESTChoice2.x \ - asn1_TESTDer.x \ - asn1_TESTENCODEDBY.x \ - asn1_TESTImplicit.x \ - asn1_TESTImplicit2.x \ - asn1_TESTInteger.x \ - asn1_TESTInteger2.x \ - asn1_TESTInteger3.x \ - asn1_TESTLargeTag.x \ - asn1_TESTSeq.x \ - asn1_TESTUSERCONSTRAINED.x \ - asn1_TESTSeqOf.x \ - asn1_TESTOSSize1.x \ - asn1_TESTSeqSizeOf1.x \ - asn1_TESTSeqSizeOf2.x \ - asn1_TESTSeqSizeOf3.x \ - asn1_TESTSeqSizeOf4.x - -gen_files_digest = \ - asn1_DigestError.x \ - asn1_DigestInit.x \ - asn1_DigestInitReply.x \ - asn1_DigestREP.x \ - asn1_DigestREQ.x \ - asn1_DigestRepInner.x \ - asn1_DigestReqInner.x \ - asn1_DigestRequest.x \ - asn1_DigestResponse.x \ - asn1_DigestTypes.x \ - asn1_NTLMInit.x \ - asn1_NTLMInitReply.x \ - asn1_NTLMRequest.x \ - asn1_NTLMResponse.x - -gen_files_kx509 = \ - asn1_Kx509Response.x \ - asn1_Kx509Request.x + $(gen_files_kx509:.x=.c) +gen_files_krb5 = asn1_krb5_asn1.x +gen_files_cms = asn1_cms_asn1.x +gen_files_rfc2459 = asn1_rfc2459_asn1.x +gen_files_pkinit = asn1_pkinit_asn1.x +gen_files_pkcs12 = asn1_pkcs12_asn1.x +gen_files_pkcs8 = asn1_pkcs8_asn1.x +gen_files_pkcs9 = asn1_pkcs9_asn1.x +gen_files_test = asn1_test_asn1.x +gen_files_digest = asn1_digest_asn1.x +gen_files_kx509 = asn1_kx509_asn1.x asn1_gen_SOURCES = asn1_gen.c asn1_print_SOURCES = asn1_print.c check_der_SOURCES = check-der.c check-common.c check-common.h +check_template_SOURCES = check-template.c check-common.c check-common.h +nodist_check_template_SOURCES = $(gen_files_test:.x=.c) dist_check_gen_SOURCES = check-gen.c check-common.c check-common.h nodist_check_gen_SOURCES = $(gen_files_test:.x=.c) +build_HEADERZ = asn1-template.h asn1_compile_SOURCES = \ - asn1-common.h \ asn1_queue.h \ + asn1parse.y \ der.h \ gen.c \ gen_copy.c \ @@ -1064,17 +528,17 @@ asn1_compile_SOURCES = \ gen_length.c \ gen_locl.h \ gen_seq.c \ + gen_template.c \ hash.c \ hash.h \ lex.l \ lex.h \ main.c \ - parse.y \ + asn1-template.h \ symbol.c \ symbol.h -dist_libasn1_la_SOURCES = \ - der-protos.h \ +dist_libasn1base_la_SOURCES = \ der_locl.h \ der.c \ der.h \ @@ -1087,25 +551,35 @@ dist_libasn1_la_SOURCES = \ der_format.c \ heim_asn1.h \ extra.c \ + template.c \ timegm.c +nodist_libasn1base_la_SOURCES = \ + asn1_err.h \ + asn1_err.c + nodist_libasn1_la_SOURCES = $(BUILT_SOURCES) asn1_compile_LDADD = \ $(LIB_roken) $(LEXLIB) check_der_LDADD = \ + libasn1base.la \ + $(LIB_roken) + +check_template_LDADD = $(check_der_LDADD) +asn1_print_LDADD = $(check_der_LDADD) $(LIB_com_err) +asn1_gen_LDADD = $(check_der_LDADD) +check_timegm_LDADD = $(check_der_LDADD) +check_gen_LDADD = \ libasn1.la \ $(LIB_roken) -check_gen_LDADD = $(check_der_LDADD) -asn1_print_LDADD = $(check_der_LDADD) -asn1_gen_LDADD = $(check_der_LDADD) -check_timegm_LDADD = $(check_der_LDADD) +check_ber_LDADD = $(check_gen_LDADD) CLEANFILES = \ $(BUILT_SOURCES) \ $(gen_files_rfc2459) \ $(gen_files_cms) \ - $(gen_files_k5) \ + $(gen_files_krb5) \ $(gen_files_pkinit) \ $(gen_files_pkcs8) \ $(gen_files_pkcs9) \ @@ -1113,54 +587,66 @@ CLEANFILES = \ $(gen_files_digest) \ $(gen_files_kx509) \ $(gen_files_test) $(nodist_check_gen_SOURCES) \ - rfc2459_asn1_files rfc2459_asn1.h \ - cms_asn1_files cms_asn1.h \ - krb5_asn1_files krb5_asn1.h \ - pkinit_asn1_files pkinit_asn1.h \ - pkcs8_asn1_files pkcs8_asn1.h \ - pkcs9_asn1_files pkcs9_asn1.h \ - pkcs12_asn1_files pkcs12_asn1.h \ - digest_asn1_files digest_asn1.h \ - kx509_asn1_files kx509_asn1.h \ - test_asn1_files test_asn1.h + asn1_err.c asn1_err.h \ + rfc2459_asn1_files rfc2459_asn1*.h* \ + cms_asn1_files cms_asn1*.h* \ + krb5_asn1_files krb5_asn1*.h* \ + pkinit_asn1_files pkinit_asn1*.h* \ + pkcs8_asn1_files pkcs8_asn1*.h* \ + pkcs9_asn1_files pkcs9_asn1*.h* \ + pkcs12_asn1_files pkcs12_asn1*.h* \ + digest_asn1_files digest_asn1*.h* \ + kx509_asn1_files kx509_asn1*.h* \ + test_asn1_files test_asn1*.h* -dist_include_HEADERS = der.h heim_asn1.h der-protos.h +dist_include_HEADERS = der.h heim_asn1.h der-protos.h der-private.h \ + asn1-common.h nodist_include_HEADERS = asn1_err.h krb5_asn1.h pkinit_asn1.h \ cms_asn1.h rfc2459_asn1.h pkcs8_asn1.h pkcs9_asn1.h \ pkcs12_asn1.h digest_asn1.h kx509_asn1.h +priv_headers = krb5_asn1-priv.h pkinit_asn1-priv.h cms_asn1-priv.h \ + rfc2459_asn1-priv.h pkcs8_asn1-priv.h pkcs9_asn1-priv.h \ + pkcs12_asn1-priv.h digest_asn1-priv.h kx509_asn1-priv.h \ + test_asn1.h test_asn1-priv.h EXTRA_DIST = \ + NTMakefile \ + asn1_compile-version.rc \ + libasn1-exports.def \ + cms.asn1 \ + cms.opt \ asn1_err.et \ canthandle.asn1 \ - CMS.asn1 \ digest.asn1 \ - k5.asn1 \ + krb5.asn1 \ + krb5.opt \ kx509.asn1 \ - test.asn1 \ - setchgpw2.asn1 \ pkcs12.asn1 \ pkcs8.asn1 \ pkcs9.asn1 \ pkinit.asn1 \ rfc2459.asn1 \ - test.gen + setchgpw2.asn1 \ + test.asn1 \ + test.gen \ + version-script.map all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/asn1/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/asn1/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/asn1/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/asn1/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -1178,23 +664,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -1205,22 +696,80 @@ clean-libLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES) $(libasn1_la_LINK) -rpath $(libdir) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS) +libasn1base.la: $(libasn1base_la_OBJECTS) $(libasn1base_la_DEPENDENCIES) + $(LINK) $(libasn1base_la_OBJECTS) $(libasn1base_la_LIBADD) $(LIBS) clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +install-libexec_heimdalPROGRAMS: $(libexec_heimdal_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(libexec_heimdaldir)" || $(MKDIR_P) "$(DESTDIR)$(libexec_heimdaldir)" + @list='$(libexec_heimdal_PROGRAMS)'; test -n "$(libexec_heimdaldir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexec_heimdaldir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexec_heimdaldir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-libexec_heimdalPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_heimdal_PROGRAMS)'; test -n "$(libexec_heimdaldir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexec_heimdaldir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexec_heimdaldir)" && rm -f $$files + +clean-libexec_heimdalPROGRAMS: + @list='$(libexec_heimdal_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list asn1_compile$(EXEEXT): $(asn1_compile_OBJECTS) $(asn1_compile_DEPENDENCIES) @rm -f asn1_compile$(EXEEXT) $(LINK) $(asn1_compile_OBJECTS) $(asn1_compile_LDADD) $(LIBS) @@ -1230,12 +779,18 @@ asn1_gen$(EXEEXT): $(asn1_gen_OBJECTS) $(asn1_gen_DEPENDENCIES) asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) @rm -f asn1_print$(EXEEXT) $(LINK) $(asn1_print_OBJECTS) $(asn1_print_LDADD) $(LIBS) +check-ber$(EXEEXT): $(check_ber_OBJECTS) $(check_ber_DEPENDENCIES) + @rm -f check-ber$(EXEEXT) + $(LINK) $(check_ber_OBJECTS) $(check_ber_LDADD) $(LIBS) check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) @rm -f check-der$(EXEEXT) $(LINK) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS) check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES) @rm -f check-gen$(EXEEXT) $(LINK) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS) +check-template$(EXEEXT): $(check_template_OBJECTS) $(check_template_DEPENDENCIES) + @rm -f check-template$(EXEEXT) + $(LINK) $(check_template_OBJECTS) $(check_template_LDADD) $(LIBS) check-timegm$(EXEEXT): $(check_timegm_OBJECTS) $(check_timegm_DEPENDENCIES) @rm -f check-timegm$(EXEEXT) $(LINK) $(check_timegm_OBJECTS) $(check_timegm_LDADD) $(LIBS) @@ -1246,14 +801,71 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_cms_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_digest_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_krb5_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_kx509_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_pkcs12_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_pkcs8_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_pkcs9_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_pkinit_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_print.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_rfc2459_asn1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_test_asn1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1parse.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check-ber.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check-common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check-der.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check-gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check-template.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check-timegm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_cmp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_copy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_format.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_free.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_get.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_length.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/der_put.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/extra.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_copy.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_decode.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_encode.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_free.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_glue.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_length.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_seq.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen_template.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lex.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/symbol.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/template.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timegm.Plo@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .l.c: $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) @@ -1269,90 +881,101 @@ clean-libtool: install-dist_includeHEADERS: $(dist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(dist_include_HEADERS)'; for p in $$list; do \ + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-dist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(dist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -1361,49 +984,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -1414,11 +1051,15 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi @@ -1438,13 +1079,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -1458,7 +1103,7 @@ check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexec_heimdaldir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) @@ -1483,20 +1128,23 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -rm -f asn1parse.c + -rm -f asn1parse.h -rm -f lex.c - -rm -f parse.c - -rm -f parse.h -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ - clean-libtool clean-noinstPROGRAMS mostlyclean-am + clean-libexec_heimdalPROGRAMS clean-libtool \ + clean-noinstLTLIBRARIES clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1507,6 +1155,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1515,26 +1165,36 @@ install-data-am: install-dist_includeHEADERS \ install-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am -install-exec-am: install-libLTLIBRARIES +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES \ + install-libexec_heimdalPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1552,23 +1212,25 @@ ps: ps-am ps-am: uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \ + uninstall-libexec_heimdalPROGRAMS \ uninstall-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: all check check-am install install-am install-data-am \ + install-exec-am install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-checkPROGRAMS clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \ - dist-hook distclean distclean-compile distclean-generic \ + clean-libLTLIBRARIES clean-libexec_heimdalPROGRAMS \ + clean-libtool clean-noinstLTLIBRARIES clean-noinstPROGRAMS \ + ctags dist-hook distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-data-hook install-dist_includeHEADERS \ install-dvi install-dvi-am install-exec install-exec-am \ install-exec-hook install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man \ + install-info-am install-libLTLIBRARIES \ + install-libexec_heimdalPROGRAMS install-man \ install-nodist_includeHEADERS install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -1576,6 +1238,7 @@ uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-dist_includeHEADERS \ uninstall-hook uninstall-libLTLIBRARIES \ + uninstall-libexec_heimdalPROGRAMS \ uninstall-nodist_includeHEADERS @@ -1647,6 +1310,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1732,7 +1398,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1746,56 +1412,62 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -$(asn1_compile_OBJECTS): parse.h parse.c $(srcdir)/der-protos.h -$(libasn1_la_OBJECTS): krb5_asn1.h asn1_err.h $(srcdir)/der-protos.h +$(asn1_compile_OBJECTS): asn1parse.h asn1parse.c $(srcdir)/der-protos.h $(srcdir)/der-private.h +$(libasn1_la_OBJECTS): $(nodist_include_HEADERS) $(priv_headers) asn1_err.h $(srcdir)/der-protos.h $(srcdir)/der-private.h +$(libasn1base_la_OBJECTS): asn1_err.h $(srcdir)/der-protos.h $(srcdir)/der-private.h $(check_gen_OBJECTS): test_asn1.h +$(check_template_OBJECTS): test_asn1_files $(asn1_print_OBJECTS): krb5_asn1.h -parse.h: parse.c +asn1parse.h: asn1parse.c -$(gen_files_k5) krb5_asn1.h: krb5_asn1_files -$(gen_files_pkinit) pkinit_asn1.h: pkinit_asn1_files -$(gen_files_pkcs8) pkcs8_asn1.h: pkcs8_asn1_files -$(gen_files_pkcs9) pkcs9_asn1.h: pkcs9_asn1_files -$(gen_files_pkcs12) pkcs12_asn1.h: pkcs12_asn1_files -$(gen_files_digest) digest_asn1.h: digest_asn1_files -$(gen_files_kx509) kx509_asn1.h: kx509_asn1_files -$(gen_files_rfc2459) rfc2459_asn1.h: rfc2459_asn1_files -$(gen_files_cms) cms_asn1.h: cms_asn1_files -$(gen_files_test) test_asn1.h: test_asn1_files +$(gen_files_krb5) krb5_asn1.hx krb5_asn1-priv.hx: krb5_asn1_files +$(gen_files_pkinit) pkinit_asn1.hx pkinit_asn1-priv.hx: pkinit_asn1_files +$(gen_files_pkcs8) pkcs8_asn1.hx pkcs8_asn1-priv.hx: pkcs8_asn1_files +$(gen_files_pkcs9) pkcs9_asn1.hx pkcs9_asn1-priv.hx: pkcs9_asn1_files +$(gen_files_pkcs12) pkcs12_asn1.hx pkcs12_asn1-priv.hx: pkcs12_asn1_files +$(gen_files_digest) digest_asn1.hx digest_asn1-priv.hx: digest_asn1_files +$(gen_files_kx509) kx509_asn1.hx kx509_asn1-priv.hx: kx509_asn1_files +$(gen_files_rfc2459) rfc2459_asn1.hx rfc2459_asn1-priv.hx: rfc2459_asn1_files +$(gen_files_cms) cms_asn1.hx cms_asn1-priv.hx: cms_asn1_files +$(gen_files_test) test_asn1.hx test_asn1-priv.hx: test_asn1_files rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1 - ./asn1_compile$(EXEEXT) --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file --preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1) -cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/CMS.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1) +cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/cms.asn1 $(srcdir)/cms.opt + $(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/cms.opt $(srcdir)/cms.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1) -krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/k5.asn1 - ./asn1_compile$(EXEEXT) --encode-rfc1510-bit-string --sequence=KRB5SignedPathPrincipals --sequence=AuthorizationData --sequence=METHOD-DATA --sequence=ETYPE-INFO --sequence=ETYPE-INFO2 $(srcdir)/k5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1) +krb5_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/krb5.asn1 $(srcdir)/krb5.opt + $(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/krb5.opt $(srcdir)/krb5.asn1 krb5_asn1 || (rm -f krb5_asn1_files ; exit 1) pkinit_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkinit.asn1 pkinit_asn1 || (rm -f pkinit_asn1_files ; exit 1) pkcs8_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkcs8.asn1 pkcs8_asn1 || (rm -f pkcs8_asn1_files ; exit 1) pkcs9_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkcs9.asn1 pkcs9_asn1 || (rm -f pkcs9_asn1_files ; exit 1) pkcs12_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/pkcs12.asn1 pkcs12_asn1 || (rm -f pkcs12_asn1_files ; exit 1) digest_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/digest.asn1 digest_asn1 || (rm -f digest_asn1_files ; exit 1) kx509_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 - ./asn1_compile$(EXEEXT) $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file $(srcdir)/kx509.asn1 kx509_asn1 || (rm -f kx509_asn1_files ; exit 1) test_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/test.asn1 - ./asn1_compile$(EXEEXT) --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1) + $(ASN1_COMPILE) --one-code-file --sequence=TESTSeqOf $(srcdir)/test.asn1 test_asn1 || (rm -f test_asn1_files ; exit 1) $(srcdir)/der-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1_la_SOURCES) || rm -f der-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1base_la_SOURCES) || rm -f der-protos.h + +$(srcdir)/der-private.h: + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p der-private.h $(dist_libasn1base_la_SOURCES) || rm -f der-private.h + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/asn1/asn1-common.h b/crypto/heimdal/lib/asn1/asn1-common.h index 5789e0f22df..4083ebc23dd 100644 --- a/crypto/heimdal/lib/asn1/asn1-common.h +++ b/crypto/heimdal/lib/asn1/asn1-common.h @@ -1,7 +1,8 @@ -/* $Id: asn1-common.h 22429 2008-01-13 10:25:50Z lha $ */ +/* $Id$ */ #include #include +#include #ifndef __asn1_common_definitions__ #define __asn1_common_definitions__ @@ -19,8 +20,8 @@ typedef struct heim_octet_string { typedef char *heim_general_string; typedef char *heim_utf8_string; -typedef char *heim_printable_string; -typedef char *heim_ia5_string; +typedef struct heim_octet_string heim_printable_string; +typedef struct heim_octet_string heim_ia5_string; typedef struct heim_bmp_string { size_t length; @@ -63,4 +64,16 @@ typedef struct heim_octet_string heim_any_set; } \ } while (0) +#ifdef _WIN32 +#ifndef ASN1_LIB +#define ASN1EXP __declspec(dllimport) +#else +#define ASN1EXP +#endif +#define ASN1CALL __stdcall +#else +#define ASN1EXP +#define ASN1CALL +#endif + #endif diff --git a/crypto/heimdal/lib/asn1/asn1-template.h b/crypto/heimdal/lib/asn1/asn1-template.h new file mode 100644 index 00000000000..107706ce834 --- /dev/null +++ b/crypto/heimdal/lib/asn1/asn1-template.h @@ -0,0 +1,141 @@ +/* + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* asn1 templates */ + +#ifndef __TEMPLATE_H__ +#define __TEMPLATE_H__ + +/* tag: + * 0..20 tag + * 21 type + * 22..23 class + * 24..27 flags + * 28..31 op + */ + +/* parse: + * 0..11 type + * 12..23 unused + * 24..27 flags + * 28..31 op + */ + +#define A1_OP_MASK (0xf0000000) +#define A1_OP_TYPE (0x10000000) +#define A1_OP_TYPE_EXTERN (0x20000000) +#define A1_OP_TAG (0x30000000) +#define A1_OP_PARSE (0x40000000) +#define A1_OP_SEQOF (0x50000000) +#define A1_OP_SETOF (0x60000000) +#define A1_OP_BMEMBER (0x70000000) +#define A1_OP_CHOICE (0x80000000) + +#define A1_FLAG_MASK (0x0f000000) +#define A1_FLAG_OPTIONAL (0x01000000) +#define A1_FLAG_IMPLICIT (0x02000000) + +#define A1_TAG_T(CLASS,TYPE,TAG) ((A1_OP_TAG) | (((CLASS) << 22) | ((TYPE) << 21) | (TAG))) +#define A1_TAG_CLASS(x) (((x) >> 22) & 0x3) +#define A1_TAG_TYPE(x) (((x) >> 21) & 0x1) +#define A1_TAG_TAG(x) ((x) & 0x1fffff) + +#define A1_TAG_LEN(t) ((uintptr_t)(t)->ptr) +#define A1_HEADER_LEN(t) ((uintptr_t)(t)->ptr) + +#define A1_PARSE_T(type) ((A1_OP_PARSE) | (type)) +#define A1_PARSE_TYPE_MASK 0xfff +#define A1_PARSE_TYPE(x) (A1_PARSE_TYPE_MASK & (x)) + +#define A1_PF_INDEFINTE 0x1 +#define A1_PF_ALLOW_BER 0x2 + +#define A1_HF_PRESERVE 0x1 +#define A1_HF_ELLIPSIS 0x2 + +#define A1_HBF_RFC1510 0x1 + + +struct asn1_template { + uint32_t tt; + size_t offset; + const void *ptr; +}; + +typedef int (*asn1_type_decode)(const unsigned char *, size_t, void *, size_t *); +typedef int (*asn1_type_encode)(unsigned char *, size_t, const void *, size_t *); +typedef size_t (*asn1_type_length)(const void *); +typedef void (*asn1_type_release)(void *); +typedef int (*asn1_type_copy)(const void *, void *); + +struct asn1_type_func { + asn1_type_encode encode; + asn1_type_decode decode; + asn1_type_length length; + asn1_type_copy copy; + asn1_type_release release; + size_t size; +}; + +struct template_of { + unsigned int len; + void *val; +}; + +enum template_types { + A1T_IMEMBER = 0, + A1T_HEIM_INTEGER, + A1T_INTEGER, + A1T_UNSIGNED, + A1T_GENERAL_STRING, + A1T_OCTET_STRING, + A1T_OCTET_STRING_BER, + A1T_IA5_STRING, + A1T_BMP_STRING, + A1T_UNIVERSAL_STRING, + A1T_PRINTABLE_STRING, + A1T_VISIBLE_STRING, + A1T_UTF8_STRING, + A1T_GENERALIZED_TIME, + A1T_UTC_TIME, + A1T_HEIM_BIT_STRING, + A1T_BOOLEAN, + A1T_OID, + A1T_TELETEX_STRING, + A1T_NULL +}; + + +#endif diff --git a/crypto/heimdal/lib/asn1/asn1_err.et b/crypto/heimdal/lib/asn1/asn1_err.et index c624e218e7c..ac7a9ebaa52 100644 --- a/crypto/heimdal/lib/asn1/asn1_err.et +++ b/crypto/heimdal/lib/asn1/asn1_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $" +id "$Id$" error_table asn1 prefix ASN1 @@ -22,4 +22,8 @@ error_code BAD_CHARACTER, "ASN.1 invalid character in string" error_code MIN_CONSTRAINT, "ASN.1 too few elements" error_code MAX_CONSTRAINT, "ASN.1 too many elements" error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" +error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun" +error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun" +error_code GOT_BER, "ASN.1 got BER encoded when expected DER" +error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data" end diff --git a/crypto/heimdal/lib/asn1/asn1_gen.c b/crypto/heimdal/lib/asn1/asn1_gen.c index 65b382e6daf..01dc6805162 100644 --- a/crypto/heimdal/lib/asn1/asn1_gen.c +++ b/crypto/heimdal/lib/asn1/asn1_gen.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" @@ -40,13 +40,13 @@ #include #include -RCSID("$Id: asn1_gen.c 16666 2006-01-30 15:06:03Z lha $"); +RCSID("$Id$"); static int doit(const char *fn) { char buf[2048]; - char *fnout; + char *fnout = NULL; const char *bname; unsigned long line = 0; FILE *f, *fout; @@ -62,8 +62,7 @@ doit(const char *fn) else bname = fn; - asprintf(&fnout, "%s.out", bname); - if (fnout == NULL) + if (asprintf(&fnout, "%s.out", bname) < 0 || fnout == NULL) errx(1, "malloc"); fout = fopen(fnout, "w"); @@ -107,8 +106,8 @@ doit(const char *fn) l = atoi(length); printf("line: %3lu offset: %3lu class: %d type: %d " - "tag: %3d length: %3d %s\n", - line, (unsigned long)offset, c, ty, ta, l, + "tag: %3d length: %3d %s\n", + line, (unsigned long)offset, c, ty, ta, l, data ? "" : ""); ret = der_put_length_and_tag(p + sizeof(p) - 1, sizeof(p), @@ -119,29 +118,29 @@ doit(const char *fn) &sz); if (ret) errx(1, "der_put_length_and_tag: %d", ret); - + if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1) err(1, "fwrite length/tag failed"); offset += sz; - + if (data) { size_t datalen; - + datalen = strlen(data) / 2; pdata = emalloc(sz); - + if (hex_decode(data, pdata, datalen) != datalen) errx(1, "failed to decode data"); - + if (fwrite(pdata, datalen, 1, fout) != 1) err(1, "fwrite data failed"); offset += datalen; - + free(pdata); } } printf("line: eof offset: %lu\n", (unsigned long)offset); - + fclose(fout); fclose(f); return 0; diff --git a/crypto/heimdal/lib/asn1/asn1_print.c b/crypto/heimdal/lib/asn1/asn1_print.c index e00bf10c80f..84446e0d8b9 100644 --- a/crypto/heimdal/lib/asn1/asn1_print.c +++ b/crypto/heimdal/lib/asn1/asn1_print.c @@ -1,34 +1,36 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" @@ -39,9 +41,8 @@ #include #include -RCSID("$Id: asn1_print.c 19539 2006-12-28 17:15:05Z lha $"); - static int indent_flag = 1; +static int inner_flag = 0; static unsigned long indefinite_form_loop; static unsigned long indefinite_form_loop_max = 10000; @@ -151,13 +152,13 @@ loop (unsigned char *buf, size_t len, int indent) ret = der_get_heim_integer(buf, length, &vali, NULL); if (ret) - errx (1, "der_get_heim_integer: %s", + errx (1, "der_get_heim_integer: %s", error_message (ret)); ret = der_print_hex_heim_integer(&vali, &p); if (ret) - errx (1, "der_print_hex_heim_integer: %s", + errx (1, "der_print_hex_heim_integer: %s", error_message (ret)); - printf ("BIG NUM integer: length %lu %s\n", + printf ("BIG NUM integer: length %lu %s\n", (unsigned long)length, p); free(p); } @@ -165,24 +166,70 @@ loop (unsigned char *buf, size_t len, int indent) } case UT_OctetString : { heim_octet_string str; - int i; - unsigned char *uc; + size_t i; ret = der_get_octet_string (buf, length, &str, NULL); if (ret) errx (1, "der_get_octet_string: %s", error_message (ret)); printf ("(length %lu), ", (unsigned long)length); - uc = (unsigned char *)str.data; - for (i = 0; i < min(16,length); ++i) - printf ("%02x", uc[i]); - printf ("\n"); + + if (inner_flag) { + Der_class class; + Der_type type; + unsigned int tag; + + ret = der_get_tag(str.data, str.length, + &class, &type, &tag, &sz); + if (ret || sz > str.length || + type != CONS || tag != UT_Sequence) + goto just_an_octet_string; + + printf("{\n"); + loop (str.data, str.length, indent + 2); + for (i = 0; i < indent; ++i) + printf (" "); + printf ("}\n"); + + } else { + unsigned char *uc; + + just_an_octet_string: + uc = (unsigned char *)str.data; + for (i = 0; i < min(16,length); ++i) + printf ("%02x", uc[i]); + printf ("\n"); + } free (str.data); break; } + case UT_IA5String : + case UT_PrintableString : { + heim_printable_string str; + unsigned char *s; + size_t n; + + memset(&str, 0, sizeof(str)); + + ret = der_get_printable_string (buf, length, &str, NULL); + if (ret) + errx (1, "der_get_general_string: %s", + error_message (ret)); + s = str.data; + printf("\""); + for (n = 0; n < str.length; n++) { + if (isprint((int)s[n])) + printf ("%c", s[n]); + else + printf ("#%02x", s[n]); + } + printf("\"\n"); + der_free_printable_string(&str); + break; + } case UT_GeneralizedTime : case UT_GeneralString : - case UT_PrintableString : - case UT_VisibleString : { + case UT_VisibleString : + case UT_UTF8String : { heim_general_string str; ret = der_get_general_string (buf, length, &str, NULL); @@ -215,7 +262,7 @@ loop (unsigned char *buf, size_t len, int indent) ret = der_get_integer (buf, length, &num, NULL); if (ret) errx (1, "der_get_enum: %s", error_message (ret)); - + printf("%u\n", num); break; } @@ -226,7 +273,7 @@ loop (unsigned char *buf, size_t len, int indent) } if (end_tag) { if (loop_length == 0) - errx(1, "zero length INDEFINITE data ? indent = %d\n", + errx(1, "zero length INDEFINITE data ? indent = %d\n", indent / 2); if (loop_length < length) length = loop_length; @@ -261,7 +308,7 @@ doit (const char *filename) close (fd); ret = loop (buf, len, 0); free (buf); - return 0; + return ret; } @@ -269,6 +316,7 @@ static int version_flag; static int help_flag; struct getargs args[] = { { "indent", 0, arg_negative_flag, &indent_flag }, + { "inner", 0, arg_flag, &inner_flag, "try to parse inner structures of OCTET STRING" }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; diff --git a/crypto/heimdal/lib/asn1/asn1_queue.h b/crypto/heimdal/lib/asn1/asn1_queue.h index 3659b3859d0..73eb50f8b82 100644 --- a/crypto/heimdal/lib/asn1/asn1_queue.h +++ b/crypto/heimdal/lib/asn1/asn1_queue.h @@ -1,5 +1,5 @@ /* $NetBSD: queue.h,v 1.38 2004/04/18 14:12:05 lukem Exp $ */ -/* $Id: asn1_queue.h 15617 2005-07-12 06:27:42Z lha $ */ +/* $Id$ */ /* * Copyright (c) 1991, 1993 diff --git a/crypto/heimdal/lib/asn1/parse.c b/crypto/heimdal/lib/asn1/asn1parse.c similarity index 75% rename from crypto/heimdal/lib/asn1/parse.c rename to crypto/heimdal/lib/asn1/asn1parse.c index 9800d54de83..0e04fabf629 100644 --- a/crypto/heimdal/lib/asn1/parse.c +++ b/crypto/heimdal/lib/asn1/asn1parse.c @@ -248,11 +248,11 @@ /* Copy the first part of user declarations. */ -#line 36 "parse.y" +#line 38 "asn1parse.y" + -#ifdef HAVE_CONFIG_H #include -#endif + #include #include #include @@ -261,7 +261,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); +RCSID("$Id$"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -276,6 +276,10 @@ struct string_list { struct string_list *next; }; +/* Declarations for Bison */ +#define YYMALLOC malloc +#define YYFREE free + /* Enabling traces. */ @@ -298,7 +302,7 @@ struct string_list { #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 71 "asn1parse.y" { int constant; struct value *value; @@ -314,7 +318,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 193 of yacc.c. */ -#line 318 "parse.c" +#line 322 "asn1parse.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -327,7 +331,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 331 "parse.c" +#line 335 "asn1parse.c" #ifdef short # undef short @@ -542,16 +546,16 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 6 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 195 +#define YYLAST 203 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 98 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 68 +#define YYNNTS 69 /* YYNRULES -- Number of rules. */ -#define YYNRULES 136 +#define YYNRULES 140 /* YYNRULES -- Number of states. */ -#define YYNSTATES 214 +#define YYNSTATES 220 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 @@ -606,82 +610,85 @@ static const yytype_uint8 yytranslate[] = static const yytype_uint16 yyprhs[] = { 0, 0, 3, 13, 16, 19, 22, 23, 26, 27, - 30, 31, 35, 36, 38, 39, 41, 44, 49, 51, - 54, 56, 58, 62, 64, 68, 70, 72, 74, 76, - 78, 80, 82, 84, 86, 88, 90, 92, 94, 96, - 98, 100, 102, 104, 110, 116, 122, 126, 128, 131, - 136, 138, 142, 146, 151, 156, 158, 161, 167, 170, - 174, 176, 177, 180, 185, 189, 194, 199, 203, 207, - 212, 214, 216, 218, 220, 222, 225, 229, 231, 233, - 235, 238, 242, 248, 253, 257, 262, 263, 265, 267, - 269, 270, 272, 274, 279, 281, 283, 285, 287, 289, - 291, 293, 295, 297, 301, 305, 308, 310, 313, 317, - 319, 323, 328, 330, 331, 335, 336, 339, 344, 346, - 348, 350, 352, 354, 356, 358, 360, 362, 364, 366, - 368, 370, 372, 374, 376, 378, 380 + 31, 32, 36, 37, 39, 40, 42, 45, 50, 54, + 57, 58, 60, 63, 65, 67, 71, 73, 77, 79, + 81, 83, 85, 87, 89, 91, 93, 95, 97, 99, + 101, 103, 105, 107, 109, 111, 113, 119, 125, 131, + 135, 137, 140, 145, 147, 151, 155, 160, 165, 167, + 170, 176, 179, 183, 185, 186, 189, 194, 198, 203, + 208, 212, 216, 221, 223, 225, 227, 229, 231, 234, + 238, 240, 242, 244, 247, 251, 257, 262, 266, 271, + 272, 274, 276, 278, 279, 281, 283, 288, 290, 292, + 294, 296, 298, 300, 302, 304, 306, 308, 312, 316, + 319, 321, 324, 328, 330, 334, 339, 341, 342, 346, + 347, 350, 355, 357, 359, 361, 363, 365, 367, 369, + 371, 373, 375, 377, 379, 381, 383, 385, 387, 389, + 391 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ static const yytype_int16 yyrhs[] = { - 99, 0, -1, 86, 151, 21, 100, 101, 84, 8, + 99, 0, -1, 86, 152, 21, 100, 101, 84, 8, 102, 24, -1, 27, 70, -1, 38, 70, -1, 7, - 70, -1, -1, 29, 39, -1, -1, 103, 107, -1, - -1, 40, 104, 90, -1, -1, 105, -1, -1, 106, - -1, 105, 106, -1, 109, 32, 86, 151, -1, 108, - -1, 108, 107, -1, 110, -1, 143, -1, 86, 91, - 109, -1, 86, -1, 86, 84, 111, -1, 112, -1, - 130, -1, 133, -1, 120, -1, 113, -1, 144, -1, - 129, -1, 118, -1, 115, -1, 123, -1, 121, -1, - 122, -1, 125, -1, 126, -1, 127, -1, 128, -1, - 139, -1, 11, -1, 92, 155, 83, 155, 93, -1, - 92, 155, 83, 46, 93, -1, 92, 47, 83, 155, - 93, -1, 92, 155, 93, -1, 43, -1, 43, 114, - -1, 43, 94, 116, 95, -1, 117, -1, 116, 91, - 117, -1, 116, 91, 85, -1, 86, 92, 163, 93, - -1, 25, 94, 119, 95, -1, 116, -1, 9, 67, - -1, 9, 67, 94, 149, 95, -1, 51, 37, -1, - 52, 67, 124, -1, 49, -1, -1, 66, 114, -1, - 64, 94, 146, 95, -1, 64, 94, 95, -1, 64, - 124, 53, 111, -1, 65, 94, 146, 95, -1, 65, - 94, 95, -1, 65, 53, 111, -1, 14, 94, 146, - 95, -1, 131, -1, 132, -1, 86, -1, 34, -1, - 77, -1, 111, 134, -1, 92, 135, 93, -1, 136, - -1, 137, -1, 138, -1, 19, 111, -1, 23, 12, - 155, -1, 19, 111, 23, 12, 155, -1, 18, 12, - 94, 95, -1, 140, 142, 111, -1, 96, 141, 89, - 97, -1, -1, 76, -1, 6, -1, 60, -1, -1, - 27, -1, 38, -1, 86, 111, 84, 155, -1, 145, - -1, 33, -1, 78, -1, 61, -1, 81, -1, 36, - -1, 10, -1, 79, -1, 148, -1, 146, 91, 148, - -1, 146, 91, 85, -1, 86, 111, -1, 147, -1, - 147, 54, -1, 147, 20, 155, -1, 150, -1, 149, - 91, 150, -1, 86, 92, 89, 93, -1, 152, -1, - -1, 94, 153, 95, -1, -1, 154, 153, -1, 86, - 92, 89, 93, -1, 86, -1, 89, -1, 156, -1, - 157, -1, 161, -1, 160, -1, 162, -1, 165, -1, - 164, -1, 158, -1, 159, -1, 86, -1, 88, -1, - 71, -1, 31, -1, 163, -1, 89, -1, 49, -1, - 152, -1 + 70, -1, -1, 29, 39, -1, -1, 107, 103, 108, + -1, -1, 40, 104, 90, -1, -1, 105, -1, -1, + 106, -1, 105, 106, -1, 110, 32, 86, 152, -1, + 28, 110, 90, -1, 28, 5, -1, -1, 109, -1, + 109, 108, -1, 111, -1, 144, -1, 86, 91, 110, + -1, 86, -1, 86, 84, 112, -1, 113, -1, 131, + -1, 134, -1, 121, -1, 114, -1, 145, -1, 130, + -1, 119, -1, 116, -1, 124, -1, 122, -1, 123, + -1, 126, -1, 127, -1, 128, -1, 129, -1, 140, + -1, 11, -1, 92, 156, 83, 156, 93, -1, 92, + 156, 83, 46, 93, -1, 92, 47, 83, 156, 93, + -1, 92, 156, 93, -1, 43, -1, 43, 115, -1, + 43, 94, 117, 95, -1, 118, -1, 117, 91, 118, + -1, 117, 91, 85, -1, 86, 92, 164, 93, -1, + 25, 94, 120, 95, -1, 117, -1, 9, 67, -1, + 9, 67, 94, 150, 95, -1, 51, 37, -1, 52, + 67, 125, -1, 49, -1, -1, 66, 115, -1, 64, + 94, 147, 95, -1, 64, 94, 95, -1, 64, 125, + 53, 112, -1, 65, 94, 147, 95, -1, 65, 94, + 95, -1, 65, 53, 112, -1, 14, 94, 147, 95, + -1, 132, -1, 133, -1, 86, -1, 34, -1, 77, + -1, 112, 135, -1, 92, 136, 93, -1, 137, -1, + 138, -1, 139, -1, 19, 112, -1, 23, 12, 156, + -1, 19, 112, 23, 12, 156, -1, 18, 12, 94, + 95, -1, 141, 143, 112, -1, 96, 142, 89, 97, + -1, -1, 76, -1, 6, -1, 60, -1, -1, 27, + -1, 38, -1, 86, 112, 84, 156, -1, 146, -1, + 33, -1, 73, -1, 78, -1, 61, -1, 81, -1, + 36, -1, 10, -1, 79, -1, 149, -1, 147, 91, + 149, -1, 147, 91, 85, -1, 86, 112, -1, 148, + -1, 148, 54, -1, 148, 20, 156, -1, 151, -1, + 150, 91, 151, -1, 86, 92, 89, 93, -1, 153, + -1, -1, 94, 154, 95, -1, -1, 155, 154, -1, + 86, 92, 89, 93, -1, 86, -1, 89, -1, 157, + -1, 158, -1, 162, -1, 161, -1, 163, -1, 166, + -1, 165, -1, 159, -1, 160, -1, 86, -1, 88, + -1, 71, -1, 31, -1, 164, -1, 89, -1, 49, + -1, 153, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 233, 233, 240, 241, 243, 245, 248, 250, 253, - 254, 257, 258, 261, 262, 265, 266, 269, 280, 281, - 284, 285, 288, 294, 302, 312, 313, 314, 317, 318, - 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 333, 340, 350, 358, 366, 377, 382, 388, - 396, 402, 407, 411, 424, 432, 435, 442, 450, 456, - 465, 473, 474, 479, 485, 493, 502, 508, 516, 524, - 531, 532, 535, 546, 551, 558, 574, 580, 583, 584, - 587, 593, 601, 611, 617, 630, 639, 642, 646, 650, - 657, 660, 664, 671, 682, 685, 690, 695, 700, 705, - 710, 715, 723, 729, 734, 745, 756, 762, 768, 776, - 782, 789, 802, 803, 806, 813, 816, 827, 831, 842, - 848, 849, 852, 853, 854, 855, 856, 859, 862, 865, - 876, 884, 890, 898, 906, 909, 914 + 0, 239, 239, 246, 247, 249, 251, 254, 256, 259, + 260, 263, 264, 267, 268, 271, 272, 275, 287, 293, + 294, 297, 298, 301, 302, 305, 311, 319, 329, 330, + 331, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 350, 357, 367, 375, 383, + 394, 399, 405, 413, 419, 424, 428, 441, 449, 452, + 459, 467, 473, 482, 490, 491, 496, 502, 510, 519, + 525, 533, 541, 548, 549, 552, 563, 568, 575, 591, + 597, 600, 601, 604, 610, 618, 628, 634, 647, 656, + 659, 663, 667, 674, 677, 681, 688, 699, 702, 707, + 712, 717, 722, 727, 732, 737, 745, 751, 756, 767, + 778, 784, 790, 798, 804, 811, 824, 825, 828, 835, + 838, 849, 853, 864, 870, 871, 874, 875, 876, 877, + 878, 881, 884, 887, 898, 906, 912, 920, 928, 931, + 936 }; #endif @@ -713,19 +720,20 @@ static const char *const yytname[] = "NUMBER", "';'", "','", "'('", "')'", "'{'", "'}'", "'['", "']'", "$accept", "ModuleDefinition", "TagDefault", "ExtensionDefault", "ModuleBody", "Imports", "SymbolsImported", "SymbolsFromModuleList", - "SymbolsFromModule", "AssignmentList", "Assignment", "referencenames", - "TypeAssignment", "Type", "BuiltinType", "BooleanType", "range", - "IntegerType", "NamedNumberList", "NamedNumber", "EnumeratedType", - "Enumerations", "BitStringType", "ObjectIdentifierType", - "OctetStringType", "NullType", "size", "SequenceType", "SequenceOfType", - "SetType", "SetOfType", "ChoiceType", "ReferencedType", "DefinedType", - "UsefulType", "ConstrainedType", "Constraint", "ConstraintSpec", - "GeneralConstraint", "ContentsConstraint", "UserDefinedConstraint", - "TaggedType", "Tag", "Class", "tagenv", "ValueAssignment", - "CharacterStringType", "RestrictedCharactedStringType", - "ComponentTypeList", "NamedType", "ComponentType", "NamedBitList", - "NamedBit", "objid_opt", "objid", "objid_list", "objid_element", "Value", - "BuiltinValue", "ReferencedValue", "DefinedValue", "Valuereference", + "SymbolsFromModule", "Exports", "AssignmentList", "Assignment", + "referencenames", "TypeAssignment", "Type", "BuiltinType", "BooleanType", + "range", "IntegerType", "NamedNumberList", "NamedNumber", + "EnumeratedType", "Enumerations", "BitStringType", + "ObjectIdentifierType", "OctetStringType", "NullType", "size", + "SequenceType", "SequenceOfType", "SetType", "SetOfType", "ChoiceType", + "ReferencedType", "DefinedType", "UsefulType", "ConstrainedType", + "Constraint", "ConstraintSpec", "GeneralConstraint", + "ContentsConstraint", "UserDefinedConstraint", "TaggedType", "Tag", + "Class", "tagenv", "ValueAssignment", "CharacterStringType", + "RestrictedCharactedStringType", "ComponentTypeList", "NamedType", + "ComponentType", "NamedBitList", "NamedBit", "objid_opt", "objid", + "objid_list", "objid_element", "Value", "BuiltinValue", + "ReferencedValue", "DefinedValue", "Valuereference", "CharacterStringValue", "BooleanValue", "IntegerValue", "SignedNumber", "NullValue", "ObjectIdentifierValue", 0 }; @@ -754,37 +762,39 @@ static const yytype_uint8 yyr1[] = { 0, 98, 99, 100, 100, 100, 100, 101, 101, 102, 102, 103, 103, 104, 104, 105, 105, 106, 107, 107, - 108, 108, 109, 109, 110, 111, 111, 111, 112, 112, - 112, 112, 112, 112, 112, 112, 112, 112, 112, 112, - 112, 112, 113, 114, 114, 114, 114, 115, 115, 115, - 116, 116, 116, 117, 118, 119, 120, 120, 121, 122, - 123, 124, 124, 125, 125, 126, 127, 127, 128, 129, - 130, 130, 131, 132, 132, 133, 134, 135, 136, 136, - 137, 137, 137, 138, 139, 140, 141, 141, 141, 141, - 142, 142, 142, 143, 144, 145, 145, 145, 145, 145, - 145, 145, 146, 146, 146, 147, 148, 148, 148, 149, - 149, 150, 151, 151, 152, 153, 153, 154, 154, 154, - 155, 155, 156, 156, 156, 156, 156, 157, 158, 159, - 160, 161, 161, 162, 163, 164, 165 + 107, 108, 108, 109, 109, 110, 110, 111, 112, 112, + 112, 113, 113, 113, 113, 113, 113, 113, 113, 113, + 113, 113, 113, 113, 113, 114, 115, 115, 115, 115, + 116, 116, 116, 117, 117, 117, 118, 119, 120, 121, + 121, 122, 123, 124, 125, 125, 126, 126, 127, 128, + 128, 129, 130, 131, 131, 132, 133, 133, 134, 135, + 136, 137, 137, 138, 138, 138, 139, 140, 141, 142, + 142, 142, 142, 143, 143, 143, 144, 145, 146, 146, + 146, 146, 146, 146, 146, 146, 147, 147, 147, 148, + 149, 149, 149, 150, 150, 151, 152, 152, 153, 154, + 154, 155, 155, 155, 156, 156, 157, 157, 157, 157, + 157, 158, 159, 160, 161, 162, 162, 163, 164, 165, + 166 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { - 0, 2, 9, 2, 2, 2, 0, 2, 0, 2, - 0, 3, 0, 1, 0, 1, 2, 4, 1, 2, - 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, + 0, 2, 9, 2, 2, 2, 0, 2, 0, 3, + 0, 3, 0, 1, 0, 1, 2, 4, 3, 2, + 0, 1, 2, 1, 1, 3, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 5, 5, 5, 3, 1, 2, 4, - 1, 3, 3, 4, 4, 1, 2, 5, 2, 3, - 1, 0, 2, 4, 3, 4, 4, 3, 3, 4, - 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, - 2, 3, 5, 4, 3, 4, 0, 1, 1, 1, - 0, 1, 1, 4, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 3, 3, 2, 1, 2, 3, 1, - 3, 4, 1, 0, 3, 0, 2, 4, 1, 1, + 1, 1, 1, 1, 1, 1, 5, 5, 5, 3, + 1, 2, 4, 1, 3, 3, 4, 4, 1, 2, + 5, 2, 3, 1, 0, 2, 4, 3, 4, 4, + 3, 3, 4, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 2, 3, 5, 4, 3, 4, 0, + 1, 1, 1, 0, 1, 1, 4, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 3, 3, 2, + 1, 2, 3, 1, 3, 4, 1, 0, 3, 0, + 2, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1 + 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state @@ -792,162 +802,164 @@ static const yytype_uint8 yyr2[] = means the default is an error. */ static const yytype_uint8 yydefact[] = { - 0, 113, 0, 115, 0, 112, 1, 118, 119, 0, - 115, 6, 0, 114, 116, 0, 0, 0, 8, 0, - 5, 3, 4, 0, 0, 117, 7, 0, 10, 14, - 0, 0, 23, 0, 13, 15, 0, 2, 0, 9, - 18, 20, 21, 0, 11, 16, 0, 0, 100, 42, - 0, 0, 95, 73, 99, 47, 60, 0, 0, 97, - 61, 0, 74, 96, 101, 98, 0, 72, 86, 0, - 25, 29, 33, 32, 28, 35, 36, 34, 37, 38, - 39, 40, 31, 26, 70, 71, 27, 41, 90, 30, - 94, 19, 22, 113, 56, 0, 0, 0, 0, 48, - 58, 61, 0, 0, 0, 0, 0, 24, 88, 89, - 87, 0, 0, 0, 75, 91, 92, 0, 17, 0, - 0, 0, 106, 102, 0, 55, 50, 0, 132, 0, - 135, 131, 129, 130, 134, 136, 0, 120, 121, 127, - 128, 123, 122, 124, 133, 126, 125, 0, 59, 62, - 64, 0, 0, 68, 67, 0, 0, 93, 0, 0, - 0, 0, 77, 78, 79, 84, 0, 0, 109, 105, - 0, 69, 0, 107, 0, 0, 54, 0, 0, 46, - 49, 63, 65, 66, 85, 0, 80, 0, 76, 0, - 0, 57, 104, 103, 108, 0, 52, 51, 0, 0, - 0, 0, 0, 81, 0, 110, 53, 45, 44, 43, - 83, 0, 111, 82 + 0, 117, 0, 119, 0, 116, 1, 122, 123, 0, + 119, 6, 0, 118, 120, 0, 0, 0, 8, 0, + 5, 3, 4, 0, 0, 121, 7, 0, 20, 0, + 0, 12, 19, 26, 0, 2, 14, 0, 0, 18, + 0, 13, 15, 0, 0, 9, 21, 23, 24, 25, + 11, 16, 0, 0, 104, 45, 0, 0, 98, 76, + 103, 50, 63, 0, 0, 101, 64, 0, 99, 77, + 100, 105, 102, 0, 75, 89, 0, 28, 32, 36, + 35, 31, 38, 39, 37, 40, 41, 42, 43, 34, + 29, 73, 74, 30, 44, 93, 33, 97, 22, 117, + 59, 0, 0, 0, 0, 51, 61, 64, 0, 0, + 0, 0, 0, 27, 91, 92, 90, 0, 0, 0, + 78, 94, 95, 0, 17, 0, 0, 0, 110, 106, + 0, 58, 53, 0, 136, 0, 139, 135, 133, 134, + 138, 140, 0, 124, 125, 131, 132, 127, 126, 128, + 137, 130, 129, 0, 62, 65, 67, 0, 0, 71, + 70, 0, 0, 96, 0, 0, 0, 0, 80, 81, + 82, 87, 0, 0, 113, 109, 0, 72, 0, 111, + 0, 0, 57, 0, 0, 49, 52, 66, 68, 69, + 88, 0, 83, 0, 79, 0, 0, 60, 108, 107, + 112, 0, 55, 54, 0, 0, 0, 0, 0, 84, + 0, 114, 56, 48, 47, 46, 86, 0, 115, 85 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 2, 18, 24, 30, 31, 33, 34, 35, 39, - 40, 36, 41, 69, 70, 71, 99, 72, 125, 126, - 73, 127, 74, 75, 76, 77, 104, 78, 79, 80, - 81, 82, 83, 84, 85, 86, 114, 161, 162, 163, - 164, 87, 88, 111, 117, 42, 89, 90, 121, 122, - 123, 167, 168, 4, 135, 9, 10, 136, 137, 138, - 139, 140, 141, 142, 143, 144, 145, 146 + -1, 2, 18, 24, 30, 37, 40, 41, 42, 31, + 45, 46, 43, 47, 76, 77, 78, 105, 79, 131, + 132, 80, 133, 81, 82, 83, 84, 110, 85, 86, + 87, 88, 89, 90, 91, 92, 93, 120, 167, 168, + 169, 170, 94, 95, 117, 123, 48, 96, 97, 127, + 128, 129, 173, 174, 4, 141, 9, 10, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ -#define YYPACT_NINF -113 +#define YYPACT_NINF -119 static const yytype_int16 yypact[] = { - -74, -67, 38, -69, 23, -113, -113, -44, -113, -41, - -69, 4, -26, -113, -113, -3, 1, 10, 52, -10, - -113, -113, -113, 45, 13, -113, -113, 77, -35, 15, - 64, 19, 17, 20, 15, -113, 85, -113, 25, -113, - 19, -113, -113, 15, -113, -113, 27, 47, -113, -113, - 26, 29, -113, -113, -113, -30, -113, 89, 61, -113, - -57, -47, -113, -113, -113, -113, 82, -113, -4, -68, - -113, -113, -113, -113, -113, -113, -113, -113, -113, -113, - -113, -113, -113, -113, -113, -113, -113, -113, -17, -113, - -113, -113, -113, -67, 35, 33, 46, 51, 46, -113, - -113, 69, 44, -73, 88, 82, -72, 56, -113, -113, - -113, 49, 93, 7, -113, -113, -113, 82, -113, 58, - 82, -76, -13, -113, 57, 59, -113, 60, -113, 68, - -113, -113, -113, -113, -113, -113, -75, -113, -113, -113, - -113, -113, -113, -113, -113, -113, -113, -63, -113, -113, - -113, -62, 82, 56, -113, -46, 65, -113, 141, 82, - 142, 63, -113, -113, -113, 56, 66, -38, -113, 56, - -16, -113, 93, -113, 76, -7, -113, 93, 81, -113, - -113, -113, 56, -113, -113, 72, -19, 93, -113, 83, - 58, -113, -113, -113, -113, 78, -113, -113, 80, 84, - 87, 62, 162, -113, 90, -113, -113, -113, -113, -113, - -113, 93, -113, -113 + -43, -56, 47, -65, 29, -119, -119, -31, -119, -25, + -65, 4, -1, -119, -119, 17, 20, 26, 50, 13, + -119, -119, -119, 63, 24, -119, -119, 104, 8, -2, + 89, 74, -119, 33, 25, -119, 34, 39, 34, -119, + 37, 34, -119, 98, 58, -119, 39, -119, -119, -119, + -119, -119, 52, 66, -119, -119, 51, 53, -119, -119, + -119, -79, -119, 109, 81, -119, -60, -48, -119, -119, + -119, -119, -119, 107, -119, 2, -74, -119, -119, -119, + -119, -119, -119, -119, -119, -119, -119, -119, -119, -119, + -119, -119, -119, -119, -119, -18, -119, -119, -119, -56, + 55, 65, 67, -12, 67, -119, -119, 86, 68, -70, + 102, 107, -69, 69, -119, -119, -119, 73, 40, 10, + -119, -119, -119, 107, -119, 71, 107, -47, -13, -119, + 72, 75, -119, 70, -119, 80, -119, -119, -119, -119, + -119, -119, -71, -119, -119, -119, -119, -119, -119, -119, + -119, -119, -119, -46, -119, -119, -119, -39, 107, 69, + -119, -38, 76, -119, 155, 107, 157, 77, -119, -119, + -119, 69, 82, -10, -119, 69, -22, -119, 40, -119, + 87, 19, -119, 40, 9, -119, -119, -119, 69, -119, + -119, 83, -19, 40, -119, 90, 71, -119, -119, -119, + -119, 85, -119, -119, 88, 94, 96, 95, 163, -119, + 99, -119, -119, -119, -119, -119, -119, 40, -119, -119 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -113, -113, -113, -113, -113, -113, -113, -113, 150, 136, - -113, 143, -113, -65, -113, -113, 86, -113, 91, 16, - -113, -113, -113, -113, -113, -113, 92, -113, -113, -113, - -113, -113, -113, -113, -113, -113, -113, -113, -113, -113, - -113, -113, -113, -113, -113, -113, -113, -113, -60, -113, - 22, -113, -5, 97, 2, 184, -113, -112, -113, -113, - -113, -113, -113, -113, -113, 21, -113, -113 + -119, -119, -119, -119, -119, -119, -119, -119, 141, -119, + 137, -119, -15, -119, -72, -119, -119, 91, -119, 92, + 14, -119, -119, -119, -119, -119, -119, 84, -119, -119, + -119, -119, -119, -119, -119, -119, -119, -119, -119, -119, + -119, -119, -119, -119, -119, -119, -119, -119, -119, -82, + -119, 18, -119, 5, 101, 1, 187, -119, -118, -119, + -119, -119, -119, -119, -119, -119, 22, -119, -119 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule which number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -13 +#define YYTABLE_NINF -11 static const yytype_int16 yytable[] = { - 157, 107, 108, 5, 202, 29, 105, 172, 178, 102, - 115, 15, 1, 120, 120, 170, 112, 7, 179, 171, - 8, 116, 150, 154, 113, 158, 159, 3, 175, 170, - 160, 16, 180, 181, 47, 48, 49, 103, 6, 50, - 153, 173, 17, 151, 11, 170, 155, 106, 12, 183, - 51, -12, 165, 190, 13, 169, 109, 191, 52, 53, - 194, 54, 97, 19, 98, 198, 200, 20, 55, 192, - 120, 21, 110, 113, 56, 203, 57, 58, 196, 124, - 22, 23, 128, 25, 26, 28, 59, 182, 37, 60, - 61, 47, 48, 49, 186, 5, 50, 27, 129, 213, - 130, 32, 62, 63, 64, 38, 65, 51, 43, 66, - 44, 67, 128, 93, 94, 52, 53, 46, 54, 120, - 95, 68, 131, 96, 128, 55, 100, 199, 101, 119, - 130, 56, 124, 57, 58, 102, 97, 132, 156, 133, - 134, 152, 130, 59, 166, 3, 60, 61, 113, 174, - 175, 177, 131, 185, 187, 176, 188, 210, 189, 62, - 63, 64, 184, 65, 131, 134, 201, 132, 67, 133, - 134, 206, 204, 207, 211, 3, 91, 208, 68, 132, - 209, 133, 134, 212, 45, 205, 92, 3, 149, 147, - 118, 197, 193, 148, 14, 195 + 163, 113, 5, 32, 208, 111, 108, 178, 114, 121, + 118, 15, 184, 103, 34, 104, 126, 126, 119, 134, + 122, 7, 185, 49, 8, 156, 160, 157, 164, 165, + 161, 16, -10, 166, 109, 135, 29, 136, 3, 159, + 134, 179, 17, 1, 176, 181, 112, 6, 177, 186, + 11, 171, 176, 176, 175, 205, 187, 189, 136, 137, + 200, 12, 115, 198, 126, 204, 206, 53, 54, 55, + 13, 134, 56, 119, 138, 209, 139, 140, 116, 23, + 137, 196, 3, 57, 33, 197, 188, 20, 19, 136, + 21, 58, 59, 192, 60, 138, 22, 139, 140, 219, + 5, 61, 26, 3, 202, 130, 25, 62, 27, 63, + 64, 137, 28, 35, 36, 39, 53, 54, 55, 65, + 33, 56, 66, 67, 38, 44, 138, 50, 139, 140, + 52, 68, 57, 100, 3, 69, 70, 71, 99, 72, + 58, 59, 73, 60, 74, 101, 106, 102, 107, 125, + 61, 126, 108, 130, 75, 158, 62, 172, 63, 64, + 103, 119, 162, 183, 180, 182, 181, 191, 65, 193, + 194, 66, 67, 190, 195, 217, 140, 207, 212, 210, + 68, 213, 51, 98, 69, 70, 71, 214, 72, 215, + 216, 154, 218, 74, 199, 203, 153, 14, 0, 155, + 124, 211, 201, 75 }; -static const yytype_uint8 yycheck[] = +static const yytype_int16 yycheck[] = { - 112, 66, 6, 1, 23, 40, 53, 20, 83, 66, - 27, 7, 86, 86, 86, 91, 84, 86, 93, 95, - 89, 38, 95, 95, 92, 18, 19, 94, 91, 91, - 23, 27, 95, 95, 9, 10, 11, 94, 0, 14, - 105, 54, 38, 103, 21, 91, 106, 94, 92, 95, - 25, 86, 117, 91, 95, 120, 60, 95, 33, 34, - 172, 36, 92, 89, 94, 177, 178, 70, 43, 85, - 86, 70, 76, 92, 49, 187, 51, 52, 85, 86, - 70, 29, 31, 93, 39, 8, 61, 152, 24, 64, - 65, 9, 10, 11, 159, 93, 14, 84, 47, 211, - 49, 86, 77, 78, 79, 86, 81, 25, 91, 84, - 90, 86, 31, 86, 67, 33, 34, 32, 36, 86, - 94, 96, 71, 94, 31, 43, 37, 46, 67, 94, - 49, 49, 86, 51, 52, 66, 92, 86, 89, 88, - 89, 53, 49, 61, 86, 94, 64, 65, 92, 92, - 91, 83, 71, 12, 12, 95, 93, 95, 92, 77, - 78, 79, 97, 81, 71, 89, 94, 86, 86, 88, - 89, 93, 89, 93, 12, 94, 40, 93, 96, 86, - 93, 88, 89, 93, 34, 190, 43, 94, 102, 98, - 93, 175, 170, 101, 10, 174 + 118, 73, 1, 5, 23, 53, 66, 20, 6, 27, + 84, 7, 83, 92, 29, 94, 86, 86, 92, 31, + 38, 86, 93, 38, 89, 95, 95, 109, 18, 19, + 112, 27, 24, 23, 94, 47, 28, 49, 94, 111, + 31, 54, 38, 86, 91, 91, 94, 0, 95, 95, + 21, 123, 91, 91, 126, 46, 95, 95, 49, 71, + 178, 92, 60, 85, 86, 183, 184, 9, 10, 11, + 95, 31, 14, 92, 86, 193, 88, 89, 76, 29, + 71, 91, 94, 25, 86, 95, 158, 70, 89, 49, + 70, 33, 34, 165, 36, 86, 70, 88, 89, 217, + 99, 43, 39, 94, 85, 86, 93, 49, 84, 51, + 52, 71, 8, 24, 40, 90, 9, 10, 11, 61, + 86, 14, 64, 65, 91, 86, 86, 90, 88, 89, + 32, 73, 25, 67, 94, 77, 78, 79, 86, 81, + 33, 34, 84, 36, 86, 94, 37, 94, 67, 94, + 43, 86, 66, 86, 96, 53, 49, 86, 51, 52, + 92, 92, 89, 83, 92, 95, 91, 12, 61, 12, + 93, 64, 65, 97, 92, 12, 89, 94, 93, 89, + 73, 93, 41, 46, 77, 78, 79, 93, 81, 93, + 95, 107, 93, 86, 176, 181, 104, 10, -1, 108, + 99, 196, 180, 96 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { - 0, 86, 99, 94, 151, 152, 0, 86, 89, 153, - 154, 21, 92, 95, 153, 7, 27, 38, 100, 89, - 70, 70, 70, 29, 101, 93, 39, 84, 8, 40, - 102, 103, 86, 104, 105, 106, 109, 24, 86, 107, - 108, 110, 143, 91, 90, 106, 32, 9, 10, 11, - 14, 25, 33, 34, 36, 43, 49, 51, 52, 61, - 64, 65, 77, 78, 79, 81, 84, 86, 96, 111, - 112, 113, 115, 118, 120, 121, 122, 123, 125, 126, - 127, 128, 129, 130, 131, 132, 133, 139, 140, 144, - 145, 107, 109, 86, 67, 94, 94, 92, 94, 114, - 37, 67, 66, 94, 124, 53, 94, 111, 6, 60, - 76, 141, 84, 92, 134, 27, 38, 142, 151, 94, - 86, 146, 147, 148, 86, 116, 117, 119, 31, 47, - 49, 71, 86, 88, 89, 152, 155, 156, 157, 158, - 159, 160, 161, 162, 163, 164, 165, 116, 124, 114, - 95, 146, 53, 111, 95, 146, 89, 155, 18, 19, - 23, 135, 136, 137, 138, 111, 86, 149, 150, 111, - 91, 95, 20, 54, 92, 91, 95, 83, 83, 93, - 95, 95, 111, 95, 97, 12, 111, 12, 93, 92, - 91, 95, 85, 148, 155, 163, 85, 117, 155, 46, - 155, 94, 23, 155, 89, 150, 93, 93, 93, 93, - 95, 12, 93, 155 + 0, 86, 99, 94, 152, 153, 0, 86, 89, 154, + 155, 21, 92, 95, 154, 7, 27, 38, 100, 89, + 70, 70, 70, 29, 101, 93, 39, 84, 8, 28, + 102, 107, 5, 86, 110, 24, 40, 103, 91, 90, + 104, 105, 106, 110, 86, 108, 109, 111, 144, 110, + 90, 106, 32, 9, 10, 11, 14, 25, 33, 34, + 36, 43, 49, 51, 52, 61, 64, 65, 73, 77, + 78, 79, 81, 84, 86, 96, 112, 113, 114, 116, + 119, 121, 122, 123, 124, 126, 127, 128, 129, 130, + 131, 132, 133, 134, 140, 141, 145, 146, 108, 86, + 67, 94, 94, 92, 94, 115, 37, 67, 66, 94, + 125, 53, 94, 112, 6, 60, 76, 142, 84, 92, + 135, 27, 38, 143, 152, 94, 86, 147, 148, 149, + 86, 117, 118, 120, 31, 47, 49, 71, 86, 88, + 89, 153, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 117, 125, 115, 95, 147, 53, 112, + 95, 147, 89, 156, 18, 19, 23, 136, 137, 138, + 139, 112, 86, 150, 151, 112, 91, 95, 20, 54, + 92, 91, 95, 83, 83, 93, 95, 95, 112, 95, + 97, 12, 112, 12, 93, 92, 91, 95, 85, 149, + 156, 164, 85, 118, 156, 46, 156, 94, 23, 156, + 89, 151, 93, 93, 93, 93, 95, 12, 93, 156 }; #define yyerrok (yyerrstatus = 0) @@ -1762,41 +1774,51 @@ yyreduce: switch (yyn) { case 2: -#line 235 "parse.y" +#line 241 "asn1parse.y" { checkundefined(); } break; case 4: -#line 242 "parse.y" - { error_message("implicit tagging is not supported"); } +#line 248 "asn1parse.y" + { lex_error_message("implicit tagging is not supported"); } break; case 5: -#line 244 "parse.y" - { error_message("automatic tagging is not supported"); } +#line 250 "asn1parse.y" + { lex_error_message("automatic tagging is not supported"); } break; case 7: -#line 249 "parse.y" - { error_message("no extensibility options supported"); } +#line 255 "asn1parse.y" + { lex_error_message("no extensibility options supported"); } break; case 17: -#line 270 "parse.y" - { +#line 276 "asn1parse.y" + { struct string_list *sl; for(sl = (yyvsp[(1) - (4)].sl); sl != NULL; sl = sl->next) { Symbol *s = addsym(sl->string); s->stype = Stype; + gen_template_import(s); } add_import((yyvsp[(3) - (4)].name)); } break; - case 22: -#line 289 "parse.y" + case 18: +#line 288 "asn1parse.y" + { + struct string_list *sl; + for(sl = (yyvsp[(2) - (3)].sl); sl != NULL; sl = sl->next) + add_export(sl->string); + } + break; + + case 25: +#line 306 "asn1parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (3)].name); @@ -1804,8 +1826,8 @@ yyreduce: } break; - case 23: -#line 295 "parse.y" + case 26: +#line 312 "asn1parse.y" { (yyval.sl) = emalloc(sizeof(*(yyval.sl))); (yyval.sl)->string = (yyvsp[(1) - (1)].name); @@ -1813,8 +1835,8 @@ yyreduce: } break; - case 24: -#line 303 "parse.y" + case 27: +#line 320 "asn1parse.y" { Symbol *s = addsym ((yyvsp[(1) - (3)].name)); s->stype = Stype; @@ -1824,70 +1846,70 @@ yyreduce: } break; - case 42: -#line 334 "parse.y" + case 45: +#line 351 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); } break; - case 43: -#line 341 "parse.y" + case 46: +#line 358 "asn1parse.y" { if((yyvsp[(2) - (5)].value)->type != integervalue) - error_message("Non-integer used in first part of range"); + lex_error_message("Non-integer used in first part of range"); if((yyvsp[(2) - (5)].value)->type != integervalue) - error_message("Non-integer in second part of range"); + lex_error_message("Non-integer in second part of range"); (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue; (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue; } break; - case 44: -#line 351 "parse.y" - { + case 47: +#line 368 "asn1parse.y" + { if((yyvsp[(2) - (5)].value)->type != integervalue) - error_message("Non-integer in first part of range"); + lex_error_message("Non-integer in first part of range"); (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); (yyval.range)->min = (yyvsp[(2) - (5)].value)->u.integervalue; (yyval.range)->max = (yyvsp[(2) - (5)].value)->u.integervalue - 1; } break; - case 45: -#line 359 "parse.y" - { + case 48: +#line 376 "asn1parse.y" + { if((yyvsp[(4) - (5)].value)->type != integervalue) - error_message("Non-integer in second part of range"); + lex_error_message("Non-integer in second part of range"); (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); (yyval.range)->min = (yyvsp[(4) - (5)].value)->u.integervalue + 2; (yyval.range)->max = (yyvsp[(4) - (5)].value)->u.integervalue; } break; - case 46: -#line 367 "parse.y" + case 49: +#line 384 "asn1parse.y" { if((yyvsp[(2) - (3)].value)->type != integervalue) - error_message("Non-integer used in limit"); + lex_error_message("Non-integer used in limit"); (yyval.range) = ecalloc(1, sizeof(*(yyval.range))); (yyval.range)->min = (yyvsp[(2) - (3)].value)->u.integervalue; (yyval.range)->max = (yyvsp[(2) - (3)].value)->u.integervalue; } break; - case 47: -#line 378 "parse.y" + case 50: +#line 395 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } break; - case 48: -#line 383 "parse.y" + case 51: +#line 400 "asn1parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->range = (yyvsp[(2) - (2)].range); @@ -1895,8 +1917,8 @@ yyreduce: } break; - case 49: -#line 389 "parse.y" + case 52: +#line 406 "asn1parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1904,8 +1926,8 @@ yyreduce: } break; - case 50: -#line 397 "parse.y" + case 53: +#line 414 "asn1parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -1913,21 +1935,21 @@ yyreduce: } break; - case 51: -#line 403 "parse.y" + case 54: +#line 420 "asn1parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 52: -#line 408 "parse.y" + case 55: +#line 425 "asn1parse.y" { (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 53: -#line 412 "parse.y" + case 56: +#line 429 "asn1parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -1940,8 +1962,8 @@ yyreduce: } break; - case 54: -#line 425 "parse.y" + case 57: +#line 442 "asn1parse.y" { (yyval.type) = new_type(TInteger); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -1949,8 +1971,8 @@ yyreduce: } break; - case 56: -#line 436 "parse.y" + case 59: +#line 453 "asn1parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = emalloc(sizeof(*(yyval.type)->members)); @@ -1959,8 +1981,8 @@ yyreduce: } break; - case 57: -#line 443 "parse.y" + case 60: +#line 460 "asn1parse.y" { (yyval.type) = new_type(TBitString); (yyval.type)->members = (yyvsp[(4) - (5)].members); @@ -1968,44 +1990,44 @@ yyreduce: } break; - case 58: -#line 451 "parse.y" + case 61: +#line 468 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } break; - case 59: -#line 457 "parse.y" + case 62: +#line 474 "asn1parse.y" { Type *t = new_type(TOctetString); t->range = (yyvsp[(3) - (3)].range); - (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, t); } break; - case 60: -#line 466 "parse.y" + case 63: +#line 483 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } break; - case 61: -#line 473 "parse.y" + case 64: +#line 490 "asn1parse.y" { (yyval.range) = NULL; } break; - case 62: -#line 475 "parse.y" + case 65: +#line 492 "asn1parse.y" { (yyval.range) = (yyvsp[(2) - (2)].range); } break; - case 63: -#line 480 "parse.y" + case 66: +#line 497 "asn1parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2013,8 +2035,8 @@ yyreduce: } break; - case 64: -#line 486 "parse.y" + case 67: +#line 503 "asn1parse.y" { (yyval.type) = new_type(TSequence); (yyval.type)->members = NULL; @@ -2022,8 +2044,8 @@ yyreduce: } break; - case 65: -#line 494 "parse.y" + case 68: +#line 511 "asn1parse.y" { (yyval.type) = new_type(TSequenceOf); (yyval.type)->range = (yyvsp[(2) - (4)].range); @@ -2032,8 +2054,8 @@ yyreduce: } break; - case 66: -#line 503 "parse.y" + case 69: +#line 520 "asn1parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = (yyvsp[(3) - (4)].members); @@ -2041,8 +2063,8 @@ yyreduce: } break; - case 67: -#line 509 "parse.y" + case 70: +#line 526 "asn1parse.y" { (yyval.type) = new_type(TSet); (yyval.type)->members = NULL; @@ -2050,8 +2072,8 @@ yyreduce: } break; - case 68: -#line 517 "parse.y" + case 71: +#line 534 "asn1parse.y" { (yyval.type) = new_type(TSetOf); (yyval.type)->subtype = (yyvsp[(3) - (3)].type); @@ -2059,44 +2081,44 @@ yyreduce: } break; - case 69: -#line 525 "parse.y" + case 72: +#line 542 "asn1parse.y" { (yyval.type) = new_type(TChoice); (yyval.type)->members = (yyvsp[(3) - (4)].members); } break; - case 72: -#line 536 "parse.y" + case 75: +#line 553 "asn1parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); (yyval.type) = new_type(TType); if(s->stype != Stype && s->stype != SUndefined) - error_message ("%s is not a type\n", (yyvsp[(1) - (1)].name)); + lex_error_message ("%s is not a type\n", (yyvsp[(1) - (1)].name)); else (yyval.type)->symbol = s; } break; - case 73: -#line 547 "parse.y" + case 76: +#line 564 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } break; - case 74: -#line 552 "parse.y" + case 77: +#line 569 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } break; - case 75: -#line 559 "parse.y" + case 78: +#line 576 "asn1parse.y" { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too @@ -2111,15 +2133,15 @@ yyreduce: } break; - case 76: -#line 575 "parse.y" + case 79: +#line 592 "asn1parse.y" { (yyval.constraint_spec) = (yyvsp[(2) - (3)].constraint_spec); } break; - case 80: -#line 588 "parse.y" + case 83: +#line 605 "asn1parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (2)].type); @@ -2127,37 +2149,37 @@ yyreduce: } break; - case 81: -#line 594 "parse.y" + case 84: +#line 611 "asn1parse.y" { if ((yyvsp[(3) - (3)].value)->type != objectidentifiervalue) - error_message("Non-OID used in ENCODED BY constraint"); + lex_error_message("Non-OID used in ENCODED BY constraint"); (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = NULL; (yyval.constraint_spec)->u.content.encoding = (yyvsp[(3) - (3)].value); } break; - case 82: -#line 602 "parse.y" + case 85: +#line 619 "asn1parse.y" { if ((yyvsp[(5) - (5)].value)->type != objectidentifiervalue) - error_message("Non-OID used in ENCODED BY constraint"); + lex_error_message("Non-OID used in ENCODED BY constraint"); (yyval.constraint_spec) = new_constraint_spec(CT_CONTENTS); (yyval.constraint_spec)->u.content.type = (yyvsp[(2) - (5)].type); (yyval.constraint_spec)->u.content.encoding = (yyvsp[(5) - (5)].value); } break; - case 83: -#line 612 "parse.y" + case 86: +#line 629 "asn1parse.y" { (yyval.constraint_spec) = new_constraint_spec(CT_USER); } break; - case 84: -#line 618 "parse.y" + case 87: +#line 635 "asn1parse.y" { (yyval.type) = new_type(TTag); (yyval.type)->tag = (yyvsp[(1) - (3)].tag); @@ -2170,8 +2192,8 @@ yyreduce: } break; - case 85: -#line 631 "parse.y" + case 88: +#line 648 "asn1parse.y" { (yyval.tag).tagclass = (yyvsp[(2) - (4)].constant); (yyval.tag).tagvalue = (yyvsp[(3) - (4)].constant); @@ -2179,57 +2201,57 @@ yyreduce: } break; - case 86: -#line 639 "parse.y" + case 89: +#line 656 "asn1parse.y" { (yyval.constant) = ASN1_C_CONTEXT; } break; - case 87: -#line 643 "parse.y" + case 90: +#line 660 "asn1parse.y" { (yyval.constant) = ASN1_C_UNIV; } break; - case 88: -#line 647 "parse.y" + case 91: +#line 664 "asn1parse.y" { (yyval.constant) = ASN1_C_APPL; } break; - case 89: -#line 651 "parse.y" + case 92: +#line 668 "asn1parse.y" { (yyval.constant) = ASN1_C_PRIVATE; } break; - case 90: -#line 657 "parse.y" + case 93: +#line 674 "asn1parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 91: -#line 661 "parse.y" + case 94: +#line 678 "asn1parse.y" { (yyval.constant) = TE_EXPLICIT; } break; - case 92: -#line 665 "parse.y" + case 95: +#line 682 "asn1parse.y" { (yyval.constant) = TE_IMPLICIT; } break; - case 93: -#line 672 "parse.y" + case 96: +#line 689 "asn1parse.y" { Symbol *s; s = addsym ((yyvsp[(1) - (4)].name)); @@ -2240,64 +2262,72 @@ yyreduce: } break; - case 95: -#line 686 "parse.y" + case 98: +#line 703 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, + (yyval.type) = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } break; - case 96: -#line 691 "parse.y" - { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, - TE_EXPLICIT, new_type(TUTF8String)); - } - break; - - case 97: -#line 696 "parse.y" - { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, - TE_EXPLICIT, new_type(TPrintableString)); - } - break; - - case 98: -#line 701 "parse.y" - { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, - TE_EXPLICIT, new_type(TVisibleString)); - } - break; - case 99: -#line 706 "parse.y" +#line 708 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, - TE_EXPLICIT, new_type(TIA5String)); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_TeletexString, + TE_EXPLICIT, new_type(TTeletexString)); } break; case 100: -#line 711 "parse.y" +#line 713 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, - TE_EXPLICIT, new_type(TBMPString)); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_UTF8String, + TE_EXPLICIT, new_type(TUTF8String)); } break; case 101: -#line 716 "parse.y" +#line 718 "asn1parse.y" { - (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, - TE_EXPLICIT, new_type(TUniversalString)); + (yyval.type) = new_tag(ASN1_C_UNIV, UT_PrintableString, + TE_EXPLICIT, new_type(TPrintableString)); } break; case 102: -#line 724 "parse.y" +#line 723 "asn1parse.y" + { + (yyval.type) = new_tag(ASN1_C_UNIV, UT_VisibleString, + TE_EXPLICIT, new_type(TVisibleString)); + } + break; + + case 103: +#line 728 "asn1parse.y" + { + (yyval.type) = new_tag(ASN1_C_UNIV, UT_IA5String, + TE_EXPLICIT, new_type(TIA5String)); + } + break; + + case 104: +#line 733 "asn1parse.y" + { + (yyval.type) = new_tag(ASN1_C_UNIV, UT_BMPString, + TE_EXPLICIT, new_type(TBMPString)); + } + break; + + case 105: +#line 738 "asn1parse.y" + { + (yyval.type) = new_tag(ASN1_C_UNIV, UT_UniversalString, + TE_EXPLICIT, new_type(TUniversalString)); + } + break; + + case 106: +#line 746 "asn1parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2305,16 +2335,16 @@ yyreduce: } break; - case 103: -#line 730 "parse.y" + case 107: +#line 752 "asn1parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 104: -#line 735 "parse.y" + case 108: +#line 757 "asn1parse.y" { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); @@ -2325,8 +2355,8 @@ yyreduce: } break; - case 105: -#line 746 "parse.y" + case 109: +#line 768 "asn1parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (2)].name); @@ -2337,8 +2367,8 @@ yyreduce: } break; - case 106: -#line 757 "parse.y" + case 110: +#line 779 "asn1parse.y" { (yyval.member) = (yyvsp[(1) - (1)].member); (yyval.member)->optional = 0; @@ -2346,8 +2376,8 @@ yyreduce: } break; - case 107: -#line 763 "parse.y" + case 111: +#line 785 "asn1parse.y" { (yyval.member) = (yyvsp[(1) - (2)].member); (yyval.member)->optional = 1; @@ -2355,8 +2385,8 @@ yyreduce: } break; - case 108: -#line 769 "parse.y" + case 112: +#line 791 "asn1parse.y" { (yyval.member) = (yyvsp[(1) - (3)].member); (yyval.member)->optional = 0; @@ -2364,8 +2394,8 @@ yyreduce: } break; - case 109: -#line 777 "parse.y" + case 113: +#line 799 "asn1parse.y" { (yyval.members) = emalloc(sizeof(*(yyval.members))); ASN1_TAILQ_INIT((yyval.members)); @@ -2373,16 +2403,16 @@ yyreduce: } break; - case 110: -#line 783 "parse.y" + case 114: +#line 805 "asn1parse.y" { ASN1_TAILQ_INSERT_TAIL((yyvsp[(1) - (3)].members), (yyvsp[(3) - (3)].member), members); (yyval.members) = (yyvsp[(1) - (3)].members); } break; - case 111: -#line 790 "parse.y" + case 115: +#line 812 "asn1parse.y" { (yyval.member) = emalloc(sizeof(*(yyval.member))); (yyval.member)->name = (yyvsp[(1) - (4)].name); @@ -2395,27 +2425,27 @@ yyreduce: } break; - case 113: -#line 803 "parse.y" + case 117: +#line 825 "asn1parse.y" { (yyval.objid) = NULL; } break; - case 114: -#line 807 "parse.y" + case 118: +#line 829 "asn1parse.y" { (yyval.objid) = (yyvsp[(2) - (3)].objid); } break; - case 115: -#line 813 "parse.y" + case 119: +#line 835 "asn1parse.y" { (yyval.objid) = NULL; } break; - case 116: -#line 817 "parse.y" + case 120: +#line 839 "asn1parse.y" { if ((yyvsp[(2) - (2)].objid)) { (yyval.objid) = (yyvsp[(2) - (2)].objid); @@ -2426,20 +2456,20 @@ yyreduce: } break; - case 117: -#line 828 "parse.y" + case 121: +#line 850 "asn1parse.y" { (yyval.objid) = new_objid((yyvsp[(1) - (4)].name), (yyvsp[(3) - (4)].constant)); } break; - case 118: -#line 832 "parse.y" + case 122: +#line 854 "asn1parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue || s->value->type != objectidentifiervalue) { - error_message("%s is not an object identifier\n", + lex_error_message("%s is not an object identifier\n", s->name); exit(1); } @@ -2447,27 +2477,27 @@ yyreduce: } break; - case 119: -#line 843 "parse.y" + case 123: +#line 865 "asn1parse.y" { (yyval.objid) = new_objid(NULL, (yyvsp[(1) - (1)].constant)); } break; - case 129: -#line 866 "parse.y" + case 133: +#line 888 "asn1parse.y" { Symbol *s = addsym((yyvsp[(1) - (1)].name)); if(s->stype != SValue) - error_message ("%s is not a value\n", + lex_error_message ("%s is not a value\n", s->name); else (yyval.value) = s->value; } break; - case 130: -#line 877 "parse.y" + case 134: +#line 899 "asn1parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = stringvalue; @@ -2475,8 +2505,8 @@ yyreduce: } break; - case 131: -#line 885 "parse.y" + case 135: +#line 907 "asn1parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2484,8 +2514,8 @@ yyreduce: } break; - case 132: -#line 891 "parse.y" + case 136: +#line 913 "asn1parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = booleanvalue; @@ -2493,8 +2523,8 @@ yyreduce: } break; - case 133: -#line 899 "parse.y" + case 137: +#line 921 "asn1parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = integervalue; @@ -2502,14 +2532,14 @@ yyreduce: } break; - case 135: -#line 910 "parse.y" + case 139: +#line 932 "asn1parse.y" { } break; - case 136: -#line 915 "parse.y" + case 140: +#line 937 "asn1parse.y" { (yyval.value) = emalloc(sizeof(*(yyval.value))); (yyval.value)->type = objectidentifiervalue; @@ -2519,7 +2549,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 2523 "parse.c" +#line 2553 "asn1parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -2733,13 +2763,13 @@ yyreturn: } -#line 922 "parse.y" +#line 944 "asn1parse.y" void yyerror (const char *s) { - error_message ("%s\n", s); + lex_error_message ("%s\n", s); } static Type * @@ -2751,7 +2781,7 @@ new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype) oldtype = oldtype->subtype; /* XXX */ } else t = new_type (TTag); - + t->tag.tagclass = tagclass; t->tag.tagvalue = tagvalue; t->tag.tagenv = tagenv; @@ -2804,7 +2834,8 @@ static void fix_labels1(struct memhead *members, const char *prefix) if(members == NULL) return; ASN1_TAILQ_FOREACH(m, members, members) { - asprintf(&m->label, "%s_%s", prefix, m->gen_name); + if (asprintf(&m->label, "%s_%s", prefix, m->gen_name) < 0) + errx(1, "malloc"); if (m->label == NULL) errx(1, "malloc"); if(m->type != NULL) @@ -2821,9 +2852,8 @@ static void fix_labels2(Type *t, const char *prefix) static void fix_labels(Symbol *s) { - char *p; - asprintf(&p, "choice_%s", s->gen_name); - if (p == NULL) + char *p = NULL; + if (asprintf(&p, "choice_%s", s->gen_name) < 0 || p == NULL) errx(1, "malloc"); fix_labels2(s->type, p); free(p); diff --git a/crypto/heimdal/lib/asn1/parse.h b/crypto/heimdal/lib/asn1/asn1parse.h similarity index 99% rename from crypto/heimdal/lib/asn1/parse.h rename to crypto/heimdal/lib/asn1/asn1parse.h index 45b06c59d5d..69b7d6dc1a4 100644 --- a/crypto/heimdal/lib/asn1/parse.h +++ b/crypto/heimdal/lib/asn1/asn1parse.h @@ -222,7 +222,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 65 "parse.y" +#line 71 "asn1parse.y" { int constant; struct value *value; @@ -238,7 +238,7 @@ typedef union YYSTYPE struct constraint_spec *constraint_spec; } /* Line 1529 of yacc.c. */ -#line 242 "parse.h" +#line 242 "asn1parse.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 diff --git a/crypto/heimdal/lib/asn1/parse.y b/crypto/heimdal/lib/asn1/asn1parse.y similarity index 87% rename from crypto/heimdal/lib/asn1/parse.y rename to crypto/heimdal/lib/asn1/asn1parse.y index 772f2b1bc1c..e3bea6ce0ac 100644 --- a/crypto/heimdal/lib/asn1/parse.y +++ b/crypto/heimdal/lib/asn1/asn1parse.y @@ -1,42 +1,44 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: parse.y 21597 2007-07-16 18:48:58Z lha $ */ +/* $Id$ */ %{ -#ifdef HAVE_CONFIG_H + #include -#endif + #include #include #include @@ -45,7 +47,7 @@ #include "gen_locl.h" #include "der.h" -RCSID("$Id: parse.y 21597 2007-07-16 18:48:58Z lha $"); +RCSID("$Id$"); static Type *new_type (Typetype t); static struct constraint_spec *new_constraint_spec(enum ctype); @@ -60,6 +62,10 @@ struct string_list { struct string_list *next; }; +/* Declarations for Bison */ +#define YYMALLOC malloc +#define YYFREE free + %} %union { @@ -208,7 +214,7 @@ struct string_list { %type NamedBit %type NamedNumber %type NamedType -%type ComponentTypeList +%type ComponentTypeList %type Enumerations %type NamedBitList %type NamedNumberList @@ -239,18 +245,18 @@ ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefaul TagDefault : kw_EXPLICIT kw_TAGS | kw_IMPLICIT kw_TAGS - { error_message("implicit tagging is not supported"); } + { lex_error_message("implicit tagging is not supported"); } | kw_AUTOMATIC kw_TAGS - { error_message("automatic tagging is not supported"); } + { lex_error_message("automatic tagging is not supported"); } | /* empty */ ; ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED - { error_message("no extensibility options supported"); } + { lex_error_message("no extensibility options supported"); } | /* empty */ ; -ModuleBody : /* Exports */ Imports AssignmentList +ModuleBody : Exports Imports AssignmentList | /* empty */ ; @@ -267,16 +273,27 @@ SymbolsFromModuleList: SymbolsFromModule ; SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt - { + { struct string_list *sl; for(sl = $1; sl != NULL; sl = sl->next) { Symbol *s = addsym(sl->string); s->stype = Stype; + gen_template_import(s); } add_import($3); } ; +Exports : kw_EXPORTS referencenames ';' + { + struct string_list *sl; + for(sl = $2; sl != NULL; sl = sl->next) + add_export(sl->string); + } + | kw_EXPORTS kw_ALL + | /* empty */ + ; + AssignmentList : Assignment | Assignment AssignmentList ; @@ -332,7 +349,7 @@ BuiltinType : BitStringType BooleanType : kw_BOOLEAN { - $$ = new_tag(ASN1_C_UNIV, UT_Boolean, + $$ = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); } ; @@ -340,25 +357,25 @@ BooleanType : kw_BOOLEAN range : '(' Value RANGE Value ')' { if($2->type != integervalue) - error_message("Non-integer used in first part of range"); + lex_error_message("Non-integer used in first part of range"); if($2->type != integervalue) - error_message("Non-integer in second part of range"); + lex_error_message("Non-integer in second part of range"); $$ = ecalloc(1, sizeof(*$$)); $$->min = $2->u.integervalue; $$->max = $4->u.integervalue; } | '(' Value RANGE kw_MAX ')' - { + { if($2->type != integervalue) - error_message("Non-integer in first part of range"); + lex_error_message("Non-integer in first part of range"); $$ = ecalloc(1, sizeof(*$$)); $$->min = $2->u.integervalue; $$->max = $2->u.integervalue - 1; } | '(' kw_MIN RANGE Value ')' - { + { if($4->type != integervalue) - error_message("Non-integer in second part of range"); + lex_error_message("Non-integer in second part of range"); $$ = ecalloc(1, sizeof(*$$)); $$->min = $4->u.integervalue + 2; $$->max = $4->u.integervalue; @@ -366,7 +383,7 @@ range : '(' Value RANGE Value ')' | '(' Value ')' { if($2->type != integervalue) - error_message("Non-integer used in limit"); + lex_error_message("Non-integer used in limit"); $$ = ecalloc(1, sizeof(*$$)); $$->min = $2->u.integervalue; $$->max = $2->u.integervalue; @@ -376,7 +393,7 @@ range : '(' Value RANGE Value ')' IntegerType : kw_INTEGER { - $$ = new_tag(ASN1_C_UNIV, UT_Integer, + $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } | kw_INTEGER range @@ -449,7 +466,7 @@ BitStringType : kw_BIT kw_STRING ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER { - $$ = new_tag(ASN1_C_UNIV, UT_OID, + $$ = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } ; @@ -457,14 +474,14 @@ OctetStringType : kw_OCTET kw_STRING size { Type *t = new_type(TOctetString); t->range = $3; - $$ = new_tag(ASN1_C_UNIV, UT_OctetString, + $$ = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, t); } ; NullType : kw_NULL { - $$ = new_tag(ASN1_C_UNIV, UT_Null, + $$ = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } ; @@ -537,7 +554,7 @@ DefinedType : IDENTIFIER Symbol *s = addsym($1); $$ = new_type(TType); if(s->stype != Stype && s->stype != SUndefined) - error_message ("%s is not a type\n", $1); + lex_error_message ("%s is not a type\n", $1); else $$->symbol = s; } @@ -545,12 +562,12 @@ DefinedType : IDENTIFIER UsefulType : kw_GeneralizedTime { - $$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, + $$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } | kw_UTCTime { - $$ = new_tag(ASN1_C_UNIV, UT_UTCTime, + $$ = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } ; @@ -593,7 +610,7 @@ ContentsConstraint: kw_CONTAINING Type | kw_ENCODED kw_BY Value { if ($3->type != objectidentifiervalue) - error_message("Non-OID used in ENCODED BY constraint"); + lex_error_message("Non-OID used in ENCODED BY constraint"); $$ = new_constraint_spec(CT_CONTENTS); $$->u.content.type = NULL; $$->u.content.encoding = $3; @@ -601,7 +618,7 @@ ContentsConstraint: kw_CONTAINING Type | kw_CONTAINING Type kw_ENCODED kw_BY Value { if ($5->type != objectidentifiervalue) - error_message("Non-OID used in ENCODED BY constraint"); + lex_error_message("Non-OID used in ENCODED BY constraint"); $$ = new_constraint_spec(CT_CONTENTS); $$->u.content.type = $2; $$->u.content.encoding = $5; @@ -684,37 +701,42 @@ CharacterStringType: RestrictedCharactedStringType RestrictedCharactedStringType: kw_GeneralString { - $$ = new_tag(ASN1_C_UNIV, UT_GeneralString, + $$ = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } + | kw_TeletexString + { + $$ = new_tag(ASN1_C_UNIV, UT_TeletexString, + TE_EXPLICIT, new_type(TTeletexString)); + } | kw_UTF8String { - $$ = new_tag(ASN1_C_UNIV, UT_UTF8String, + $$ = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); } | kw_PrintableString { - $$ = new_tag(ASN1_C_UNIV, UT_PrintableString, + $$ = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } | kw_VisibleString { - $$ = new_tag(ASN1_C_UNIV, UT_VisibleString, + $$ = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); } | kw_IA5String { - $$ = new_tag(ASN1_C_UNIV, UT_IA5String, + $$ = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); } | kw_BMPString { - $$ = new_tag(ASN1_C_UNIV, UT_BMPString, + $$ = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); } | kw_UniversalString { - $$ = new_tag(ASN1_C_UNIV, UT_UniversalString, + $$ = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } @@ -833,7 +855,7 @@ objid_element : IDENTIFIER '(' NUMBER ')' Symbol *s = addsym($1); if(s->stype != SValue || s->value->type != objectidentifiervalue) { - error_message("%s is not an object identifier\n", + lex_error_message("%s is not an object identifier\n", s->name); exit(1); } @@ -866,7 +888,7 @@ Valuereference : IDENTIFIER { Symbol *s = addsym($1); if(s->stype != SValue) - error_message ("%s is not a value\n", + lex_error_message ("%s is not a value\n", s->name); else $$ = s->value; @@ -924,7 +946,7 @@ ObjectIdentifierValue: objid void yyerror (const char *s) { - error_message ("%s\n", s); + lex_error_message ("%s\n", s); } static Type * @@ -936,7 +958,7 @@ new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype) oldtype = oldtype->subtype; /* XXX */ } else t = new_type (TTag); - + t->tag.tagclass = tagclass; t->tag.tagvalue = tagvalue; t->tag.tagenv = tagenv; @@ -989,7 +1011,8 @@ static void fix_labels1(struct memhead *members, const char *prefix) if(members == NULL) return; ASN1_TAILQ_FOREACH(m, members, members) { - asprintf(&m->label, "%s_%s", prefix, m->gen_name); + if (asprintf(&m->label, "%s_%s", prefix, m->gen_name) < 0) + errx(1, "malloc"); if (m->label == NULL) errx(1, "malloc"); if(m->type != NULL) @@ -1006,9 +1029,8 @@ static void fix_labels2(Type *t, const char *prefix) static void fix_labels(Symbol *s) { - char *p; - asprintf(&p, "choice_%s", s->gen_name); - if (p == NULL) + char *p = NULL; + if (asprintf(&p, "choice_%s", s->gen_name) < 0 || p == NULL) errx(1, "malloc"); fix_labels2(s->type, p); free(p); diff --git a/crypto/heimdal/lib/asn1/canthandle.asn1 b/crypto/heimdal/lib/asn1/canthandle.asn1 index 5ba3e3880c2..a335ee89e34 100644 --- a/crypto/heimdal/lib/asn1/canthandle.asn1 +++ b/crypto/heimdal/lib/asn1/canthandle.asn1 @@ -1,4 +1,4 @@ --- $Id: canthandle.asn1 22071 2007-11-14 20:04:50Z lha $ -- +-- $Id$ -- CANTHANDLE DEFINITIONS ::= BEGIN @@ -7,7 +7,7 @@ CANTHANDLE DEFINITIONS ::= BEGIN -- Code the tag [2] but it should be primitive since KAKA3 is -- Workaround: use the INTEGER type directly -Kaka2 ::= SEQUENCE { +Kaka2 ::= SEQUENCE { kaka2-1 [0] INTEGER } diff --git a/crypto/heimdal/lib/asn1/check-common.c b/crypto/heimdal/lib/asn1/check-common.c index adf95f6a9f6..ac96b91b18e 100644 --- a/crypto/heimdal/lib/asn1/check-common.c +++ b/crypto/heimdal/lib/asn1/check-common.c @@ -1,34 +1,36 @@ /* - * Copyright (c) 1999 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H @@ -42,9 +44,10 @@ #include #include +#include "asn1-common.h" #include "check-common.h" -RCSID("$Id: check-common.c 18751 2006-10-21 14:49:13Z lha $"); +RCSID("$Id$"); struct map_page { void *start; @@ -57,14 +60,14 @@ struct map_page { /* #undef HAVE_MMAP */ void * -map_alloc(enum map_type type, const void *buf, +map_alloc(enum map_type type, const void *buf, size_t size, struct map_page **map) { #ifndef HAVE_MMAP unsigned char *p; size_t len = size + sizeof(long) * 2; int i; - + *map = ecalloc(1, sizeof(**map)); p = emalloc(len); @@ -136,18 +139,18 @@ map_free(struct map_page *map, const char *test_name, const char *map_name) #ifndef HAVE_MMAP unsigned char *p = map->start; int i; - + for (i = sizeof(long); i > 0; i--) if (p[sizeof(long) - i] != 0xff - i) errx(1, "%s: %s underrun %d\n", test_name, map_name, i); for (i = sizeof(long); i > 0; i--) if (p[map->size - i] != 0xff - i) - errx(1, "%s: %s overrun %lu\n", test_name, map_name, + errx(1, "%s: %s overrun %lu\n", test_name, map_name, (unsigned long)map->size - i); free(map->start); #else int ret; - + ret = munmap (map->start, map->size); if (ret < 0) err (1, "munmap"); @@ -176,7 +179,7 @@ segv_handler(int sig) { int fd; char msg[] = "SIGSEGV i current test: "; - + fd = open("/dev/stdout", O_WRONLY, 0600); if (fd >= 0) { write(fd, msg, sizeof(msg)); @@ -193,11 +196,12 @@ int generic_test (const struct test_case *tests, unsigned ntests, size_t data_size, - int (*encode)(unsigned char *, size_t, void *, size_t *), - int (*length)(void *), - int (*decode)(unsigned char *, size_t, void *, size_t *), - int (*free_data)(void *), - int (*cmp)(void *a, void *b)) + int (ASN1CALL *encode)(unsigned char *, size_t, void *, size_t *), + int (ASN1CALL *length)(void *), + int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *), + int (ASN1CALL *free_data)(void *), + int (*cmp)(void *a, void *b), + int (ASN1CALL *copy)(const void *from, void *to)) { unsigned char *buf, *buf2; int i; @@ -205,16 +209,20 @@ generic_test (const struct test_case *tests, void *data; struct map_page *data_map, *buf_map, *buf2_map; +#ifdef HAVE_SIGACTION struct sigaction sa, osa; +#endif for (i = 0; i < ntests; ++i) { int ret; size_t sz, consumed_sz, length_sz, buf_sz; + void *to = NULL; current_test = tests[i].name; current_state = "init"; +#ifdef HAVE_SIGACTION sigemptyset (&sa.sa_mask); sa.sa_flags = 0; #ifdef SA_RESETHAND @@ -222,6 +230,7 @@ generic_test (const struct test_case *tests, #endif sa.sa_handler = segv_handler; sigaction (SIGSEGV, &sa, &osa); +#endif data = map_alloc(OVERRUN, NULL, data_size, &data_map); @@ -237,8 +246,8 @@ generic_test (const struct test_case *tests, continue; } if (sz != tests[i].byte_len) { - printf ("encoding of %s has wrong len (%lu != %lu)\n", - tests[i].name, + printf ("encoding of %s has wrong len (%lu != %lu)\n", + tests[i].name, (unsigned long)sz, (unsigned long)tests[i].byte_len); ++failures; continue; @@ -261,6 +270,11 @@ generic_test (const struct test_case *tests, printf ("\nactual: "); print_bytes (buf, sz); printf ("\n"); +#if 0 + rk_dumpdata("correct", tests[i].bytes, tests[i].byte_len); + rk_dumpdata("actual", buf, sz); + exit (1); +#endif ++failures; continue; } @@ -276,7 +290,7 @@ generic_test (const struct test_case *tests, } if (sz != consumed_sz) { printf ("different length decoding %s (%ld != %ld)\n", - tests[i].name, + tests[i].name, (unsigned long)sz, (unsigned long)consumed_sz); ++failures; continue; @@ -287,16 +301,42 @@ generic_test (const struct test_case *tests, ++failures; continue; } + + current_state = "copy"; + if (copy) { + to = emalloc(data_size); + ret = (*copy)(data, to); + if (ret != 0) { + printf ("copy of %s failed %d\n", tests[i].name, ret); + ++failures; + continue; + } + + current_state = "cmp-copy"; + if ((*cmp)(data, to) != 0) { + printf ("%s: copy comparison failed\n", tests[i].name); + ++failures; + continue; + } + } + current_state = "free"; - if (free_data) + if (free_data) { (*free_data)(data); + if (to) { + (*free_data)(to); + free(to); + } + } current_state = "free"; map_free(buf_map, tests[i].name, "encode"); map_free(buf2_map, tests[i].name, "decode"); map_free(data_map, tests[i].name, "data"); +#ifdef HAVE_SIGACTION sigaction (SIGSEGV, &osa, NULL); +#endif } current_state = "done"; return failures; @@ -304,7 +344,7 @@ generic_test (const struct test_case *tests, /* * check for failures - * + * * a test size (byte_len) of -1 means that the test tries to trigger a * integer overflow (and later a malloc of to little memory), just * allocate some memory and hope that is enough for that test. @@ -314,7 +354,7 @@ int generic_decode_fail (const struct test_case *tests, unsigned ntests, size_t data_size, - int (*decode)(unsigned char *, size_t, void *, size_t *)) + int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *)) { unsigned char *buf; int i; @@ -322,17 +362,20 @@ generic_decode_fail (const struct test_case *tests, void *data; struct map_page *data_map, *buf_map; +#ifdef HAVE_SIGACTION struct sigaction sa, osa; +#endif for (i = 0; i < ntests; ++i) { int ret; size_t sz; const void *bytes; - + current_test = tests[i].name; current_state = "init"; +#ifdef HAVE_SIGACTION sigemptyset (&sa.sa_mask); sa.sa_flags = 0; #ifdef SA_RESETHAND @@ -340,6 +383,7 @@ generic_decode_fail (const struct test_case *tests, #endif sa.sa_handler = segv_handler; sigaction (SIGSEGV, &sa, &osa); +#endif data = map_alloc(OVERRUN, NULL, data_size, &data_map); @@ -350,7 +394,7 @@ generic_decode_fail (const struct test_case *tests, sz = 4096; bytes = NULL; } - + buf = map_alloc(OVERRUN, bytes, sz, &buf_map); if (tests[i].byte_len == -1) @@ -369,7 +413,9 @@ generic_decode_fail (const struct test_case *tests, map_free(buf_map, tests[i].name, "encode"); map_free(data_map, tests[i].name, "data"); +#ifdef HAVE_SIGACTION sigaction (SIGSEGV, &osa, NULL); +#endif } current_state = "done"; return failures; diff --git a/crypto/heimdal/lib/asn1/check-common.h b/crypto/heimdal/lib/asn1/check-common.h index b1cb647e6ab..9ecbdbc35de 100644 --- a/crypto/heimdal/lib/asn1/check-common.h +++ b/crypto/heimdal/lib/asn1/check-common.h @@ -1,34 +1,36 @@ /* - * Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ struct test_case { @@ -38,26 +40,28 @@ struct test_case { char *name; }; -typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *); -typedef int (*generic_length)(void *); -typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *); -typedef int (*generic_free)(void *); +typedef int (ASN1CALL *generic_encode)(unsigned char *, size_t, void *, size_t *); +typedef int (ASN1CALL *generic_length)(void *); +typedef int (ASN1CALL *generic_decode)(unsigned char *, size_t, void *, size_t *); +typedef int (ASN1CALL *generic_free)(void *); +typedef int (ASN1CALL *generic_copy)(const void *, void *); int generic_test (const struct test_case *tests, unsigned ntests, size_t data_size, - int (*encode)(unsigned char *, size_t, void *, size_t *), - int (*length)(void *), - int (*decode)(unsigned char *, size_t, void *, size_t *), - int (*free_data)(void *), - int (*cmp)(void *a, void *b)); + int (ASN1CALL *encode)(unsigned char *, size_t, void *, size_t *), + int (ASN1CALL *length)(void *), + int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *), + int (ASN1CALL *free_data)(void *), + int (*cmp)(void *a, void *b), + int (ASN1CALL *copy)(const void *a, void *b)); int generic_decode_fail(const struct test_case *tests, unsigned ntests, size_t data_size, - int (*decode)(unsigned char *, size_t, void *, size_t *)); + int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *)); struct map_page; diff --git a/crypto/heimdal/lib/asn1/check-der.c b/crypto/heimdal/lib/asn1/check-der.c index 9ba260145e1..fa80a425410 100644 --- a/crypto/heimdal/lib/asn1/check-der.c +++ b/crypto/heimdal/lib/asn1/check-der.c @@ -1,34 +1,36 @@ /* - * Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" @@ -41,7 +43,7 @@ #include "check-common.h" -RCSID("$Id: check-der.c 21359 2007-06-27 08:15:41Z lha $"); +RCSID("$Id$"); static int cmp_integer (void *a, void *b) @@ -75,17 +77,19 @@ test_integer (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "integer %d", values[i]); + if (asprintf (&tests[i].name, "integer %d", values[i]) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } ret = generic_test (tests, ntests, sizeof(int), (generic_encode)der_put_integer, - (generic_length) der_length_integer, - (generic_decode)der_get_integer, - (generic_free)NULL, - cmp_integer); + (generic_length) der_length_integer, + (generic_decode)der_get_integer, + (generic_free)NULL, + cmp_integer, + NULL); for (i = 0; i < ntests; ++i) free (tests[i].name); @@ -190,14 +194,15 @@ test_unsigned (void) {NULL, 4, "\x7f\xff\xff\xff"} }; - unsigned int values[] = {0, 127, 128, 256, 512, 32768, + unsigned int values[] = {0, 127, 128, 256, 512, 32768, 0x80000000, 0x7fffffff}; int i, ret; int ntests = sizeof(tests) / sizeof(*tests); for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "unsigned %u", values[i]); + if (asprintf (&tests[i].name, "unsigned %u", values[i]) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } @@ -207,8 +212,9 @@ test_unsigned (void) (generic_length)der_length_unsigned, (generic_decode)der_get_unsigned, (generic_free)NULL, - cmp_unsigned); - for (i = 0; i < ntests; ++i) + cmp_unsigned, + NULL); + for (i = 0; i < ntests; ++i) free (tests[i].name); return ret; } @@ -237,7 +243,8 @@ test_octet_string (void) int ret; tests[0].val = &s1; - asprintf (&tests[0].name, "a octet string"); + if (asprintf (&tests[0].name, "a octet string") < 0) + errx(1, "malloc"); if (tests[0].name == NULL) errx(1, "malloc"); @@ -246,7 +253,8 @@ test_octet_string (void) (generic_length)der_length_octet_string, (generic_decode)der_get_octet_string, (generic_free)der_free_octet_string, - cmp_octet_string); + cmp_octet_string, + NULL); free(tests[0].name); return ret; } @@ -277,11 +285,13 @@ test_bmp_string (void) int ret; tests[0].val = &s1; - asprintf (&tests[0].name, "a bmp string"); + if (asprintf (&tests[0].name, "a bmp string") < 0) + errx(1, "malloc"); if (tests[0].name == NULL) errx(1, "malloc"); tests[1].val = &s2; - asprintf (&tests[1].name, "second bmp string"); + if (asprintf (&tests[1].name, "second bmp string") < 0) + errx(1, "malloc"); if (tests[1].name == NULL) errx(1, "malloc"); @@ -290,7 +300,8 @@ test_bmp_string (void) (generic_length)der_length_bmp_string, (generic_decode)der_get_bmp_string, (generic_free)der_free_bmp_string, - cmp_bmp_string); + cmp_bmp_string, + NULL); free(tests[0].name); free(tests[1].name); return ret; @@ -322,11 +333,13 @@ test_universal_string (void) int ret; tests[0].val = &s1; - asprintf (&tests[0].name, "a universal string"); + if (asprintf (&tests[0].name, "a universal string") < 0) + errx(1, "malloc"); if (tests[0].name == NULL) errx(1, "malloc"); tests[1].val = &s2; - asprintf (&tests[1].name, "second universal string"); + if (asprintf (&tests[1].name, "second universal string") < 0) + errx(1, "malloc"); if (tests[1].name == NULL) errx(1, "malloc"); @@ -335,7 +348,8 @@ test_universal_string (void) (generic_length)der_length_universal_string, (generic_decode)der_get_universal_string, (generic_free)der_free_universal_string, - cmp_universal_string); + cmp_universal_string, + NULL); free(tests[0].name); free(tests[1].name); return ret; @@ -361,7 +375,8 @@ test_general_string (void) int ret, ntests = sizeof(tests) / sizeof(*tests); tests[0].val = &s1; - asprintf (&tests[0].name, "the string \"%s\"", s1); + if (asprintf (&tests[0].name, "the string \"%s\"", s1) < 0) + errx(1, "malloc"); if (tests[0].name == NULL) errx(1, "malloc"); @@ -370,7 +385,8 @@ test_general_string (void) (generic_length)der_length_general_string, (generic_decode)der_get_general_string, (generic_free)der_free_general_string, - cmp_general_string); + cmp_general_string, + NULL); free(tests[0].name); return ret; } @@ -397,7 +413,8 @@ test_generalized_time (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "time %d", (int)values[i]); + if (asprintf (&tests[i].name, "time %d", (int)values[i]) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } @@ -407,7 +424,8 @@ test_generalized_time (void) (generic_length)der_length_generalized_time, (generic_decode)der_get_generalized_time, (generic_free)NULL, - cmp_generalized_time); + cmp_generalized_time, + NULL); for (i = 0; i < ntests; ++i) free(tests[i].name); return ret; @@ -444,7 +462,8 @@ test_oid (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "oid %d", i); + if (asprintf (&tests[i].name, "oid %d", i) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } @@ -454,7 +473,8 @@ test_oid (void) (generic_length)der_length_oid, (generic_decode)der_get_oid, (generic_free)der_free_oid, - test_cmp_oid); + test_cmp_oid, + NULL); for (i = 0; i < ntests; ++i) free(tests[i].name); return ret; @@ -480,7 +500,8 @@ test_bit_string (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "bit_string %d", i); + if (asprintf (&tests[i].name, "bit_string %d", i) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } @@ -490,7 +511,8 @@ test_bit_string (void) (generic_length)der_length_bit_string, (generic_decode)der_get_bit_string, (generic_free)der_free_bit_string, - test_cmp_bit_string); + test_cmp_bit_string, + NULL); for (i = 0; i < ntests; ++i) free(tests[i].name); return ret; @@ -531,7 +553,8 @@ test_heim_integer (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "heim_integer %d", i); + if (asprintf (&tests[i].name, "heim_integer %d", i) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } @@ -541,8 +564,9 @@ test_heim_integer (void) (generic_length)der_length_heim_integer, (generic_decode)der_get_heim_integer, (generic_free)der_free_heim_integer, - test_cmp_heim_integer); - for (i = 0; i < ntests; ++i) + test_cmp_heim_integer, + NULL); + for (i = 0; i < ntests; ++i) free (tests[i].name); if (ret) return ret; @@ -580,7 +604,8 @@ test_boolean (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "heim_boolean %d", i); + if (asprintf (&tests[i].name, "heim_boolean %d", i) < 0) + errx(1, "malloc"); if (tests[i].name == NULL) errx(1, "malloc"); } @@ -590,8 +615,9 @@ test_boolean (void) (generic_length)der_length_boolean, (generic_decode)der_get_boolean, (generic_free)NULL, - test_cmp_boolean); - for (i = 0; i < ntests; ++i) + test_cmp_boolean, + NULL); + for (i = 0; i < ntests; ++i) free (tests[i].name); if (ret) return ret; @@ -733,7 +759,7 @@ check_fail_oid(void) struct test_case tests[] = { {NULL, 0, "", "empty input data"}, {NULL, 2, "\x00\x80", "last byte continuation" }, - {NULL, 11, "\x00\x81\x80\x80\x80\x80\x80\x80\x80\x80\x00", + {NULL, 11, "\x00\x81\x80\x80\x80\x80\x80\x80\x80\x80\x00", "oid element overflow" } }; int ntests = sizeof(tests) / sizeof(*tests); @@ -808,7 +834,7 @@ test_heim_int_format(void) "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"; heim_integer bni = { - 128, + 128, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC9\x0F\xDA\xA2" "\x21\x68\xC2\x34\xC4\xC6\x62\x8B\x80\xDC\x1C\xD1" "\x29\x02\x4E\x08\x8A\x67\xCC\x74\x02\x0B\xBE\xA6" @@ -916,7 +942,7 @@ check_trailing_nul(void) { 0, (const unsigned char *)"foo\0", 4, "foo", 4 }, { 0, (const unsigned char *)"foo", 3, "foo", 3 } }; - + for (i = 0; i < sizeof(foo)/sizeof(foo[0]); i++) { char *s; size_t size; @@ -1024,7 +1050,7 @@ corner_tag(void) int ok; const char *ptr; size_t len; - } tests[] = { + } tests[] = { { 1, "\x00", 1 }, { 0, "\xff", 1 }, { 0, "\xff\xff\xff\xff\xff\xff\xff\xff", 8 } @@ -1036,7 +1062,7 @@ corner_tag(void) size_t size; for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - ret = der_get_tag((const unsigned char*)tests[i].ptr, + ret = der_get_tag((const unsigned char*)tests[i].ptr, tests[i].len, &cl, &ty, &tag, &size); if (ret) { if (tests[i].ok) diff --git a/crypto/heimdal/lib/asn1/check-gen.c b/crypto/heimdal/lib/asn1/check-gen.c index a18a21d087e..e686f166cfa 100644 --- a/crypto/heimdal/lib/asn1/check-gen.c +++ b/crypto/heimdal/lib/asn1/check-gen.c @@ -1,34 +1,36 @@ /* - * Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H @@ -49,7 +51,7 @@ #include "check-common.h" -RCSID("$Id: check-gen.c 21539 2007-07-14 16:12:04Z lha $"); +RCSID("$Id$"); static char *lha_principal[] = { "lha" }; static char *lharoot_princ[] = { "lha", "root" }; @@ -67,6 +69,8 @@ static char *nada_tgt_principal[] = { "krbtgt", "NADA.KTH.SE" }; do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0) #define COMPARE_INTEGER(ac,bc,e) \ do { if ((ac)->e != (bc)->e) return 1; } while(0) +#define COMPARE_OPT_INTEGER(ac,bc,e) \ + do { if (*(ac)->e != *(bc)->e) return 1; } while(0) #define COMPARE_MEM(ac,bc,e,len) \ do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0) @@ -92,7 +96,7 @@ test_principal (void) { struct test_case tests[] = { - { NULL, 29, + { NULL, 29, "\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b" "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45" }, @@ -101,7 +105,7 @@ test_principal (void) "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55" "\x2e\x53\x45" }, - { NULL, 54, + { NULL, 54, "\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b" "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65" "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e" @@ -110,7 +114,7 @@ test_principal (void) }; - Principal values[] = { + Principal values[] = { { { KRB5_NT_PRINCIPAL, { 1, lha_principal } }, "SU.SE" }, { { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } }, "SU.SE" }, { { KRB5_NT_SRV_HST, { 2, datan_princ } }, "E.KTH.SE" } @@ -120,7 +124,10 @@ test_principal (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "Principal %d", i); + if (asprintf (&tests[i].name, "Principal %d", i) < 0) + errx(1, "malloc"); + if (tests[i].name == NULL) + errx(1, "malloc"); } ret = generic_test (tests, ntests, sizeof(Principal), @@ -128,7 +135,8 @@ test_principal (void) (generic_length)length_Principal, (generic_decode)decode_Principal, (generic_free)free_Principal, - cmp_principal); + cmp_principal, + NULL); for (i = 0; i < ntests; ++i) free (tests[i].name); @@ -158,14 +166,14 @@ static int test_authenticator (void) { struct test_case tests[] = { - { NULL, 63, + { NULL, 63, "\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08" "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0" "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61" "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30" "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a" }, - { NULL, 67, + { NULL, 67, "\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05" "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01" "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72" @@ -186,7 +194,10 @@ test_authenticator (void) for (i = 0; i < ntests; ++i) { tests[i].val = &values[i]; - asprintf (&tests[i].name, "Authenticator %d", i); + if (asprintf (&tests[i].name, "Authenticator %d", i) < 0) + errx(1, "malloc"); + if (tests[i].name == NULL) + errx(1, "malloc"); } ret = generic_test (tests, ntests, sizeof(Authenticator), @@ -194,7 +205,8 @@ test_authenticator (void) (generic_length)length_Authenticator, (generic_decode)decode_Authenticator, (generic_free)free_Authenticator, - cmp_authenticator); + cmp_authenticator, + (generic_copy)copy_Authenticator); for (i = 0; i < ntests; ++i) free(tests[i].name); @@ -249,7 +261,7 @@ static int test_krb_error (void) { struct test_case tests[] = { - { NULL, 127, + { NULL, 127, "\x7e\x7d\x30\x7b\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11" "\x18\x0f\x32\x30\x30\x33\x31\x31\x32\x34\x30\x30\x31\x31\x31\x39" "\x5a\xa5\x05\x02\x03\x04\xed\xa5\xa6\x03\x02\x01\x1f\xa7\x0d\x1b" @@ -288,7 +300,8 @@ test_krb_error (void) (generic_length)length_KRB_ERROR, (generic_decode)decode_KRB_ERROR, (generic_free)free_KRB_ERROR, - cmp_KRB_ERROR); + cmp_KRB_ERROR, + (generic_copy)copy_KRB_ERROR); } static int @@ -306,13 +319,13 @@ static int test_Name (void) { struct test_case tests[] = { - { NULL, 35, + { NULL, 35, "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76" "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48" "\x4f\x4c\x4d", "Name CN=Love+L=STOCKHOLM" }, - { NULL, 35, + { NULL, 35, "\x30\x21\x31\x1f\x30\x0b\x06\x03\x55\x04\x03\x13\x04\x4c\x6f\x76" "\x65\x30\x10\x06\x03\x55\x04\x07\x13\x09\x53\x54\x4f\x43\x4b\x48" "\x4f\x4c\x4d", @@ -339,12 +352,14 @@ test_Name (void) atv1[0].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]); atv1[0].type.components = cmp_CN; atv1[0].value.element = choice_DirectoryString_printableString; - atv1[0].value.u.printableString = "Love"; + atv1[0].value.u.printableString.data = "Love"; + atv1[0].value.u.printableString.length = 4; atv1[1].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]); atv1[1].type.components = cmp_L; atv1[1].value.element = choice_DirectoryString_printableString; - atv1[1].value.u.printableString = "STOCKHOLM"; + atv1[1].value.u.printableString.data = "STOCKHOLM"; + atv1[1].value.u.printableString.length = 9; /* n2 */ n2.element = choice_Name_rdnSequence; @@ -356,12 +371,14 @@ test_Name (void) atv2[0].type.length = sizeof(cmp_L)/sizeof(cmp_L[0]); atv2[0].type.components = cmp_L; atv2[0].value.element = choice_DirectoryString_printableString; - atv2[0].value.u.printableString = "STOCKHOLM"; + atv2[0].value.u.printableString.data = "STOCKHOLM"; + atv2[0].value.u.printableString.length = 9; atv2[1].type.length = sizeof(cmp_CN)/sizeof(cmp_CN[0]); atv2[1].type.components = cmp_CN; atv2[1].value.element = choice_DirectoryString_printableString; - atv2[1].value.u.printableString = "Love"; + atv2[1].value.u.printableString.data = "Love"; + atv2[1].value.u.printableString.length = 4; /* */ tests[0].val = &n1; @@ -372,7 +389,8 @@ test_Name (void) (generic_length)length_Name, (generic_decode)decode_Name, (generic_free)free_Name, - cmp_Name); + cmp_Name, + (generic_copy)copy_Name); } static int @@ -431,9 +449,226 @@ test_bit_string (void) (generic_length)length_KeyUsage, (generic_decode)decode_KeyUsage, (generic_free)free_KeyUsage, - cmp_KeyUsage); + cmp_KeyUsage, + (generic_copy)copy_KeyUsage); } +static int +cmp_TicketFlags (void *a, void *b) +{ + TicketFlags *aa = a; + TicketFlags *ab = b; + + return TicketFlags2int(*aa) != TicketFlags2int(*ab); +} + +static int +test_bit_string_rfc1510 (void) +{ + struct test_case tests[] = { + { NULL, 7, + "\x03\x05\x00\x80\x00\x00\x00", + "TF bitstring 1" + }, + { NULL, 7, + "\x03\x05\x00\x40\x20\x00\x00", + "TF bitstring 2" + }, + { NULL, 7, + "\x03\x05\x00\x00\x20\x00\x00", + "TF bitstring 3" + }, + { NULL, 7, + "\x03\x05\x00\x00\x00\x00\x00", + "TF bitstring 4" + } + }; + + int ntests = sizeof(tests) / sizeof(*tests); + TicketFlags tf1, tf2, tf3, tf4; + + memset(&tf1, 0, sizeof(tf1)); + tf1.reserved = 1; + tests[0].val = &tf1; + + memset(&tf2, 0, sizeof(tf2)); + tf2.forwardable = 1; + tf2.pre_authent = 1; + tests[1].val = &tf2; + + memset(&tf3, 0, sizeof(tf3)); + tf3.pre_authent = 1; + tests[2].val = &tf3; + + memset(&tf4, 0, sizeof(tf4)); + tests[3].val = &tf4; + + + return generic_test (tests, ntests, sizeof(TicketFlags), + (generic_encode)encode_TicketFlags, + (generic_length)length_TicketFlags, + (generic_decode)decode_TicketFlags, + (generic_free)free_TicketFlags, + cmp_TicketFlags, + (generic_copy)copy_TicketFlags); +} + +static int +cmp_KerberosTime (void *a, void *b) +{ + KerberosTime *aa = a; + KerberosTime *ab = b; + + return *aa != *ab; +} + +static int +test_time (void) +{ + struct test_case tests[] = { + { NULL, 17, + "\x18\x0f\x31\x39\x37\x30\x30\x31\x30\x31\x30\x31\x31\x38\x33\x31" + "\x5a", + "time 1" }, + { NULL, 17, + "\x18\x0f\x32\x30\x30\x39\x30\x35\x32\x34\x30\x32\x30\x32\x34\x30" + "\x5a" + "time 2" } + }; + + int ntests = sizeof(tests) / sizeof(*tests); + KerberosTime times[] = { + 4711, + 1243130560 + }; + + tests[0].val = ×[0]; + tests[1].val = ×[1]; + + return generic_test (tests, ntests, sizeof(KerberosTime), + (generic_encode)encode_KerberosTime, + (generic_length)length_KerberosTime, + (generic_decode)decode_KerberosTime, + (generic_free)free_KerberosTime, + cmp_KerberosTime, + (generic_copy)copy_KerberosTime); +} + +struct { + const char *cert; + size_t len; +} certs[] = { + { + "\x30\x82\x02\x6c\x30\x82\x01\xd5\xa0\x03\x02\x01\x02\x02\x09\x00" + "\x99\x32\xde\x61\x0e\x40\x19\x8a\x30\x0d\x06\x09\x2a\x86\x48\x86" + "\xf7\x0d\x01\x01\x05\x05\x00\x30\x2a\x31\x1b\x30\x19\x06\x03\x55" + "\x04\x03\x0c\x12\x68\x78\x35\x30\x39\x20\x54\x65\x73\x74\x20\x52" + "\x6f\x6f\x74\x20\x43\x41\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13" + "\x02\x53\x45\x30\x1e\x17\x0d\x30\x39\x30\x34\x32\x36\x32\x30\x32" + "\x39\x34\x30\x5a\x17\x0d\x31\x39\x30\x34\x32\x34\x32\x30\x32\x39" + "\x34\x30\x5a\x30\x2a\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x0c\x12" + "\x68\x78\x35\x30\x39\x20\x54\x65\x73\x74\x20\x52\x6f\x6f\x74\x20" + "\x43\x41\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x30" + "\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05" + "\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xb9\xd3\x1b\x67" + "\x1c\xf7\x5e\x26\x81\x3b\x82\xff\x03\xa4\x43\xb5\xb2\x63\x0b\x89" + "\x58\x43\xfe\x3d\xe0\x38\x7d\x93\x74\xbb\xad\x21\xa4\x29\xd9\x34" + "\x79\xf3\x1c\x8c\x5a\xd6\xb0\xd7\x19\xea\xcc\xaf\xe0\xa8\x40\x02" + "\x1d\x91\xf1\xac\x36\xb0\xfb\x08\xbd\xcc\x9a\xe1\xb7\x6e\xee\x0a" + "\x69\xbf\x6d\x2b\xee\x20\x82\x61\x06\xf2\x18\xcc\x89\x11\x64\x7e" + "\xb2\xff\x47\xd1\x3b\x52\x73\xeb\x5a\xc0\x03\xa6\x4b\xc7\x40\x7e" + "\xbc\xe1\x0e\x65\x44\x3f\x40\x8b\x02\x82\x54\x04\xd9\xcc\x2c\x67" + "\x01\xb6\x16\x82\xd8\x33\x53\x17\xd7\xde\x8d\x5d\x02\x03\x01\x00" + "\x01\xa3\x81\x99\x30\x81\x96\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16" + "\x04\x14\x6e\x48\x13\xdc\xbf\x8b\x95\x4c\x13\xf3\x1f\x97\x30\xdd" + "\x27\x96\x59\x9b\x0e\x68\x30\x5a\x06\x03\x55\x1d\x23\x04\x53\x30" + "\x51\x80\x14\x6e\x48\x13\xdc\xbf\x8b\x95\x4c\x13\xf3\x1f\x97\x30" + "\xdd\x27\x96\x59\x9b\x0e\x68\xa1\x2e\xa4\x2c\x30\x2a\x31\x1b\x30" + "\x19\x06\x03\x55\x04\x03\x0c\x12\x68\x78\x35\x30\x39\x20\x54\x65" + "\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x0b\x30\x09\x06\x03" + "\x55\x04\x06\x13\x02\x53\x45\x82\x09\x00\x99\x32\xde\x61\x0e\x40" + "\x19\x8a\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff" + "\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x01\xe6\x30\x0d\x06" + "\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x81\x81\x00" + "\x52\x9b\xe4\x0e\xee\xc2\x5d\xb7\xf1\xba\x47\xe3\xfe\xaf\x3d\x51" + "\x10\xfd\xe8\x0d\x14\x58\x05\x36\xa7\xeb\xd8\x05\xe5\x27\x6f\x51" + "\xb8\xec\x90\xd9\x03\xe1\xbc\x9c\x93\x38\x21\x5c\xaf\x4e\x6c\x7b" + "\x6c\x65\xa9\x92\xcd\x94\xef\xa8\xae\x90\x12\x14\x78\x2d\xa3\x15" + "\xaa\x42\xf1\xd9\x44\x64\x2c\x3c\xc0\xbd\x3a\x48\xd8\x80\x45\x8b" + "\xd1\x79\x82\xe0\x0f\xdf\x08\x3c\x60\x21\x6f\x31\x47\x98\xae\x2f" + "\xcb\xb1\xa1\xb9\xc1\xa3\x71\x5e\x4a\xc2\x67\xdf\x66\x0a\x51\xb5" + "\xad\x60\x05\xdb\x02\xd4\x1a\xd2\xb9\x4e\x01\x08\x2b\xc3\x57\xaf", + 624 }, + { + "\x30\x82\x02\x54\x30\x82\x01\xbd\xa0\x03\x02\x01\x02\x02\x01\x08" + "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30" + "\x2a\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x0c\x12\x68\x78\x35\x30" + "\x39\x20\x54\x65\x73\x74\x20\x52\x6f\x6f\x74\x20\x43\x41\x31\x0b" + "\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x30\x1e\x17\x0d\x30" + "\x39\x30\x34\x32\x36\x32\x30\x32\x39\x34\x30\x5a\x17\x0d\x31\x39" + "\x30\x34\x32\x34\x32\x30\x32\x39\x34\x30\x5a\x30\x1b\x31\x0b\x30" + "\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x0c\x30\x0a\x06\x03" + "\x55\x04\x03\x0c\x03\x6b\x64\x63\x30\x81\x9f\x30\x0d\x06\x09\x2a" + "\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x81\x8d\x00\x30\x81" + "\x89\x02\x81\x81\x00\xd2\x41\x7a\xf8\x4b\x55\xb2\xaf\x11\xf9\x43" + "\x9b\x43\x81\x09\x3b\x9a\x94\xcf\x00\xf4\x85\x75\x92\xd7\x2a\xa5" + "\x11\xf1\xa8\x50\x6e\xc6\x84\x74\x24\x17\xda\x84\xc8\x03\x37\xb2" + "\x20\xf3\xba\xb5\x59\x36\x21\x4d\xab\x70\xe2\xc3\x09\x93\x68\x14" + "\x12\x79\xc5\xbb\x9e\x1b\x4a\xf0\xc6\x24\x59\x25\xc3\x1c\xa8\x70" + "\x66\x5b\x3e\x41\x8e\xe3\x25\x71\x9a\x94\xa0\x5b\x46\x91\x6f\xdd" + "\x58\x14\xec\x89\xe5\x8c\x96\xc5\x38\x60\xe4\xab\xf2\x75\xee\x6e" + "\x62\xfc\xe1\xbd\x03\x47\xff\xc4\xbe\x0f\xca\x70\x73\xe3\x74\x58" + "\x3a\x2f\x04\x2d\x39\x02\x03\x01\x00\x01\xa3\x81\x98\x30\x81\x95" + "\x30\x09\x06\x03\x55\x1d\x13\x04\x02\x30\x00\x30\x0b\x06\x03\x55" + "\x1d\x0f\x04\x04\x03\x02\x05\xe0\x30\x12\x06\x03\x55\x1d\x25\x04" + "\x0b\x30\x09\x06\x07\x2b\x06\x01\x05\x02\x03\x05\x30\x1d\x06\x03" + "\x55\x1d\x0e\x04\x16\x04\x14\x3a\xd3\x73\xff\xab\xdb\x7d\x8d\xc6" + "\x3a\xa2\x26\x3e\xae\x78\x95\x80\xc9\xe6\x31\x30\x48\x06\x03\x55" + "\x1d\x11\x04\x41\x30\x3f\xa0\x3d\x06\x06\x2b\x06\x01\x05\x02\x02" + "\xa0\x33\x30\x31\xa0\x0d\x1b\x0b\x54\x45\x53\x54\x2e\x48\x35\x4c" + "\x2e\x53\x45\xa1\x20\x30\x1e\xa0\x03\x02\x01\x01\xa1\x17\x30\x15" + "\x1b\x06\x6b\x72\x62\x74\x67\x74\x1b\x0b\x54\x45\x53\x54\x2e\x48" + "\x35\x4c\x2e\x53\x45\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01" + "\x01\x05\x05\x00\x03\x81\x81\x00\x83\xf4\x14\xa7\x6e\x59\xff\x80" + "\x64\xe7\xfa\xcf\x13\x80\x86\xe1\xed\x02\x38\xad\x96\x72\x25\xe5" + "\x06\x7a\x9a\xbc\x24\x74\xa9\x75\x55\xb2\x49\x80\x69\x45\x95\x4a" + "\x4c\x76\xa9\xe3\x4e\x49\xd3\xc2\x69\x5a\x95\x03\xeb\xba\x72\x23" + "\x9c\xfd\x3d\x8b\xc6\x07\x82\x3b\xf4\xf3\xef\x6c\x2e\x9e\x0b\xac" + "\x9e\x6c\xbb\x37\x4a\xa1\x9e\x73\xd1\xdc\x97\x61\xba\xfc\xd3\x49" + "\xa6\xc2\x4c\x55\x2e\x06\x37\x76\xb5\xef\x57\xe7\x57\x58\x8a\x71" + "\x63\xf3\xeb\xe7\x55\x68\x0d\xf6\x46\x4c\xfb\xf9\x43\xbb\x0c\x92" + "\x4f\x4e\x22\x7b\x63\xe8\x4f\x9c", + 600 + } +}; + +static int +test_cert(void) +{ + Certificate c, c2; + size_t size; + size_t i; + int ret; + + for (i = 0; i < sizeof(certs)/sizeof(certs[0]); i++) { + + ret = decode_Certificate((unsigned char *)certs[i].cert, + certs[i].len, &c, &size); + if (ret) + return ret; + + ret = copy_Certificate(&c, &c2); + free_Certificate(&c); + if (ret) + return ret; + + free_Certificate(&c2); + } + + return 0; +} + + static int cmp_TESTLargeTag (void *a, void *b) { @@ -441,6 +676,7 @@ cmp_TESTLargeTag (void *a, void *b) TESTLargeTag *ab = b; COMPARE_INTEGER(aa,ab,foo); + COMPARE_INTEGER(aa,ab,bar); return 0; } @@ -448,7 +684,7 @@ static int test_large_tag (void) { struct test_case tests[] = { - { NULL, 8, "\x30\x06\xbf\x7f\x03\x02\x01\x01", "large tag 1" } + { NULL, 15, "\x30\x0d\xbf\x7f\x03\x02\x01\x01\xbf\x81\x00\x03\x02\x01\x02", "large tag 1" } }; int ntests = sizeof(tests) / sizeof(*tests); @@ -456,6 +692,7 @@ test_large_tag (void) memset(<1, 0, sizeof(lt1)); lt1.foo = 1; + lt1.bar = 2; tests[0].val = <1; @@ -464,7 +701,8 @@ test_large_tag (void) (generic_length)length_TESTLargeTag, (generic_decode)decode_TESTLargeTag, (generic_free)free_TESTLargeTag, - cmp_TESTLargeTag); + cmp_TESTLargeTag, + (generic_copy)copy_TESTLargeTag); } struct test_data { @@ -490,9 +728,9 @@ check_tag_length(void) { 0, 5, 0, "\x02\xff\x7f\x02\x00"} }; size_t sz; - krb5uint32 values[] = {0, 127, 128, 256, 512, + TESTuint32 values[] = {0, 127, 128, 256, 512, 0, 127, 128, 256, 512 }; - krb5uint32 u; + TESTuint32 u; int i, ret, failed = 0; void *buf; @@ -501,7 +739,7 @@ check_tag_length(void) buf = map_alloc(OVERRUN, td[i].data, td[i].len, &page); - ret = decode_krb5uint32(buf, td[i].len, &u, &sz); + ret = decode_TESTuint32(buf, td[i].len, &u, &sz); if (ret) { if (td[i].ok) { printf("failed with tag len test %d\n", i); @@ -560,7 +798,8 @@ test_choice (void) (generic_length)length_TESTChoice1, (generic_decode)decode_TESTChoice1, (generic_free)free_TESTChoice1, - cmp_TESTChoice); + cmp_TESTChoice, + (generic_copy)copy_TESTChoice1); memset(&c2_2, 0, sizeof(c2_2)); c2_2.element = choice_TESTChoice2_asn1_ellipsis; @@ -573,7 +812,8 @@ test_choice (void) (generic_length)length_TESTChoice2, (generic_decode)decode_TESTChoice2, (generic_free)free_TESTChoice2, - cmp_TESTChoice); + cmp_TESTChoice, + (generic_copy)copy_TESTChoice2); return ret; } @@ -603,9 +843,9 @@ static int test_implicit (void) { struct test_case tests[] = { - { NULL, 16, + { NULL, 16, "\x30\x0e\x80\x01\x00\xa1\x06\xbf" - "\x7f\x03\x02\x01\x02\x82\x01\x03", + "\x7f\x03\x02\x01\x02\x82\x01\x03", "implicit 1" } }; @@ -623,7 +863,8 @@ test_implicit (void) (generic_length)length_TESTImplicit, (generic_decode)decode_TESTImplicit, (generic_free)free_TESTImplicit, - cmp_TESTImplicit); + cmp_TESTImplicit, + (generic_copy)copy_TESTImplicit); #ifdef IMPLICIT_TAGGING_WORKS ret += generic_test (tests, ntests, sizeof(TESTImplicit2), @@ -631,7 +872,8 @@ test_implicit (void) (generic_length)length_TESTImplicit2, (generic_decode)decode_TESTImplicit2, (generic_free)free_TESTImplicit2, - cmp_TESTImplicit); + cmp_TESTImplicit, + NULL); #endif /* IMPLICIT_TAGGING_WORKS */ return ret; @@ -679,14 +921,14 @@ static int test_taglessalloc (void) { struct test_case tests[] = { - { NULL, 14, - "\x30\x0c\x30\x05\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x03", + { NULL, 14, + "\x30\x0c\x30\x05\xa0\x03\x02\x01\x01\xa1\x03\x02\x01\x03", "alloc 1" }, - { NULL, 7, - "\x30\x05\xa1\x03\x02\x01\x03", + { NULL, 7, + "\x30\x05\xa1\x03\x02\x01\x03", "alloc 2" }, - { NULL, 10, - "\x30\x08\xa1\x03\x02\x01\x04\x02\x01\x05", + { NULL, 10, + "\x30\x08\xa1\x03\x02\x01\x04\x02\x01\x05", "alloc 3" } }; @@ -718,13 +960,95 @@ test_taglessalloc (void) (generic_length)length_TESTAlloc, (generic_decode)decode_TESTAlloc, (generic_free)free_TESTAlloc, - cmp_TESTAlloc); + cmp_TESTAlloc, + (generic_copy)copy_TESTAlloc); free(c1.tagless); return ret; } +static int +cmp_TESTOptional (void *a, void *b) +{ + TESTOptional *aa = a; + TESTOptional *ab = b; + + IF_OPT_COMPARE(aa,ab,zero) { + COMPARE_OPT_INTEGER(aa,ab,zero); + } + IF_OPT_COMPARE(aa,ab,one) { + COMPARE_OPT_INTEGER(aa,ab,one); + } + return 0; +} + +/* +UNIV CONS Sequence 5 + CONTEXT CONS 0 3 + UNIV PRIM Integer 1 00 + +UNIV CONS Sequence 5 + CONTEXT CONS 1 3 + UNIV PRIM Integer 1 03 + +UNIV CONS Sequence 10 + CONTEXT CONS 0 3 + UNIV PRIM Integer 1 00 + CONTEXT CONS 1 3 + UNIV PRIM Integer 1 01 + +*/ + +static int +test_optional (void) +{ + struct test_case tests[] = { + { NULL, 2, + "\x30\x00", + "optional 0" }, + { NULL, 7, + "\x30\x05\xa0\x03\x02\x01\x00", + "optional 1" }, + { NULL, 7, + "\x30\x05\xa1\x03\x02\x01\x01", + "optional 2" }, + { NULL, 12, + "\x30\x0a\xa0\x03\x02\x01\x00\xa1\x03\x02\x01\x01", + "optional 3" } + }; + + int ret = 0, ntests = sizeof(tests) / sizeof(*tests); + TESTOptional c0, c1, c2, c3; + int zero = 0; + int one = 1; + + c0.zero = NULL; + c0.one = NULL; + tests[0].val = &c0; + + c1.zero = &zero; + c1.one = NULL; + tests[1].val = &c1; + + c2.zero = NULL; + c2.one = &one; + tests[2].val = &c2; + + c3.zero = &zero; + c3.one = &one; + tests[3].val = &c3; + + ret += generic_test (tests, ntests, sizeof(TESTOptional), + (generic_encode)encode_TESTOptional, + (generic_length)length_TESTOptional, + (generic_decode)decode_TESTOptional, + (generic_free)free_TESTOptional, + cmp_TESTOptional, + (generic_copy)copy_TESTOptional); + + return ret; +} static int check_fail_largetag(void) @@ -768,7 +1092,7 @@ check_fail_sequence(void) { struct test_case tests[] = { {NULL, 0, "", "empty buffer"}, - {NULL, 24, + {NULL, 24, "\x30\x16\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01" "\x02\x01\x01\xa2\x03\x02\x01\x01" "missing one byte from the end, internal length ok"}, @@ -776,7 +1100,7 @@ check_fail_sequence(void) "\x30\x18\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01" "\x02\x01\x01\xa2\x03\x02\x01\x01", "inner length one byte too long"}, - {NULL, 24, + {NULL, 24, "\x30\x17\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01" "\x01\x02\x01\x01\xa2\x03\x02\x01\x01", "correct buffer but missing one too short"} @@ -793,10 +1117,10 @@ check_fail_choice(void) struct test_case tests[] = { {NULL, 6, "\xa1\x02\x02\x01\x01", - "one too short"}, + "choice one too short"}, {NULL, 6, "\xa1\x03\x02\x02\x01", - "one too short inner"} + "choice one too short inner"} }; int ntests = sizeof(tests) / sizeof(*tests); @@ -877,6 +1201,7 @@ out: static int check_seq_of_size(void) { +#if 0 /* template */ TESTInteger integers[4] = { 1, 2, 3, 4 }; int ret; @@ -894,7 +1219,7 @@ check_seq_of_size(void) TESTSeqSizeOf2 ssof2ok1 = { 1, integers }; TESTSeqSizeOf2 ssof2ok2 = { 2, integers }; TESTSeqSizeOf2 ssof2f2 = { 3, integers }; - + test_seq_of(TESTSeqSizeOf2, 0, &ssof2f1); test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok1); test_seq_of(TESTSeqSizeOf2, 1, &ssof2ok2); @@ -904,7 +1229,7 @@ check_seq_of_size(void) TESTSeqSizeOf3 ssof3f1 = { 0, NULL }; TESTSeqSizeOf3 ssof3ok1 = { 1, integers }; TESTSeqSizeOf3 ssof3ok2 = { 2, integers }; - + test_seq_of(TESTSeqSizeOf3, 0, &ssof3f1); test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok1); test_seq_of(TESTSeqSizeOf3, 1, &ssof3ok2); @@ -914,17 +1239,42 @@ check_seq_of_size(void) TESTSeqSizeOf4 ssof4ok2 = { 1, integers }; TESTSeqSizeOf4 ssof4ok3 = { 2, integers }; TESTSeqSizeOf4 ssof4f1 = { 3, integers }; - + test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok1); - test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok2); + test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok2); test_seq_of(TESTSeqSizeOf4, 1, &ssof4ok3); test_seq_of(TESTSeqSizeOf4, 0, &ssof4f1); } - +#endif return 0; } +static int +check_TESTMechTypeList(void) +{ + TESTMechTypeList tl; + unsigned oid1[] = { 1, 2, 840, 48018, 1, 2, 2}; + unsigned oid2[] = { 1, 2, 840, 113554, 1, 2, 2}; + unsigned oid3[] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 30}; + unsigned oid4[] = { 1, 3, 6, 1, 4, 1, 311, 2, 2, 10}; + TESTMechType array[] = {{ 7, oid1 }, + { 7, oid2 }, + { 10, oid3 }, + { 10, oid4 }}; + size_t size, len; + void *ptr; + int ret; + tl.len = 4; + tl.val = array; + + ASN1_MALLOC_ENCODE(TESTMechTypeList, ptr, len, &tl, &size, ret); + if (ret) + errx(1, "TESTMechTypeList: %d", ret); + if (len != size) + abort(); + return 0; +} int main(int argc, char **argv) @@ -936,6 +1286,9 @@ main(int argc, char **argv) ret += test_krb_error(); ret += test_Name(); ret += test_bit_string(); + ret += test_bit_string_rfc1510(); + ret += test_time(); + ret += test_cert(); ret += check_tag_length(); ret += test_large_tag(); @@ -943,6 +1296,7 @@ main(int argc, char **argv) ret += test_implicit(); ret += test_taglessalloc(); + ret += test_optional(); ret += check_fail_largetag(); ret += check_fail_sequence(); @@ -951,5 +1305,7 @@ main(int argc, char **argv) ret += check_seq(); ret += check_seq_of_size(); + ret += check_TESTMechTypeList(); + return ret; } diff --git a/crypto/heimdal/lib/asn1/check-timegm.c b/crypto/heimdal/lib/asn1/check-timegm.c index 7d33455a3c5..13d3abcf1fa 100644 --- a/crypto/heimdal/lib/asn1/check-timegm.c +++ b/crypto/heimdal/lib/asn1/check-timegm.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include -RCSID("$Id: check-timegm.c 18610 2006-10-19 16:33:24Z lha $"); +RCSID("$Id$"); static int test_timegm(void) @@ -58,6 +58,15 @@ test_timegm(void) if (t != -1) ret += 1; + _der_gmtime(1159696980, &tm); + if (tm.tm_year != 106 || + tm.tm_mon != 9 || + tm.tm_mday != 1 || + tm.tm_hour != 10 || + tm.tm_min != 3 || + tm.tm_sec != 0) + errx(1, "tmtime failes"); + return ret; } diff --git a/crypto/heimdal/lib/asn1/CMS.asn1 b/crypto/heimdal/lib/asn1/cms.asn1 similarity index 92% rename from crypto/heimdal/lib/asn1/CMS.asn1 rename to crypto/heimdal/lib/asn1/cms.asn1 index 685f0b18983..ccbe6838382 100644 --- a/crypto/heimdal/lib/asn1/CMS.asn1 +++ b/crypto/heimdal/lib/asn1/cms.asn1 @@ -1,10 +1,10 @@ -- From RFC 3369 -- --- $Id: CMS.asn1 18054 2006-09-07 12:20:42Z lha $ -- +-- $Id$ -- CMS DEFINITIONS ::= BEGIN IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name, - Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459 + Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459 heim_any, heim_any_set FROM heim; id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) @@ -18,8 +18,8 @@ id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 } id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 } CMSVersion ::= INTEGER { - CMSVersion_v0(0), - CMSVersion_v1(1), + CMSVersion_v0(0), + CMSVersion_v1(1), CMSVersion_v2(2), CMSVersion_v3(3), CMSVersion_v4(4) @@ -34,7 +34,7 @@ MessageDigest ::= OCTET STRING ContentInfo ::= SEQUENCE { contentType ContentType, - content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType + content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType } EncapsulatedContentInfo ::= SEQUENCE { @@ -53,7 +53,7 @@ IssuerAndSerialNumber ::= SEQUENCE { serialNumber CertificateSerialNumber } --- RecipientIdentifier is same as SignerIdentifier, +-- RecipientIdentifier is same as SignerIdentifier, -- lets glue them togheter and save some bytes and share code for them CMSIdentifier ::= CHOICE { @@ -67,7 +67,7 @@ RecipientIdentifier ::= CMSIdentifier --- CMSAttributes are the combined UnsignedAttributes and SignedAttributes --- to store space and share code -CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) +CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) SignatureValue ::= OCTET STRING @@ -79,7 +79,7 @@ SignerInfo ::= SEQUENCE { SET OF Attribute OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, - unsignedAttrs [1] IMPLICIT -- CMSAttributes -- + unsignedAttrs [1] IMPLICIT -- CMSAttributes -- SET OF Attribute OPTIONAL } diff --git a/crypto/heimdal/lib/asn1/cms.opt b/crypto/heimdal/lib/asn1/cms.opt new file mode 100644 index 00000000000..49333e53a75 --- /dev/null +++ b/crypto/heimdal/lib/asn1/cms.opt @@ -0,0 +1,2 @@ +--decode-dce-ber +--sequence=DigestAlgorithmIdentifiers diff --git a/crypto/heimdal/lib/asn1/der-private.h b/crypto/heimdal/lib/asn1/der-private.h new file mode 100644 index 00000000000..555f71bd004 --- /dev/null +++ b/crypto/heimdal/lib/asn1/der-private.h @@ -0,0 +1,82 @@ +/* This is a generated file */ +#ifndef __der_private_h__ +#define __der_private_h__ + +#include + +int +_asn1_copy ( + const struct asn1_template */*t*/, + const void */*from*/, + void */*to*/); + +int +_asn1_copy_top ( + const struct asn1_template */*t*/, + const void */*from*/, + void */*to*/); + +int +_asn1_decode ( + const struct asn1_template */*t*/, + unsigned /*flags*/, + const unsigned char */*p*/, + size_t /*len*/, + void */*data*/, + size_t */*size*/); + +int +_asn1_decode_top ( + const struct asn1_template */*t*/, + unsigned /*flags*/, + const unsigned char */*p*/, + size_t /*len*/, + void */*data*/, + size_t */*size*/); + +int +_asn1_encode ( + const struct asn1_template */*t*/, + unsigned char */*p*/, + size_t /*len*/, + const void */*data*/, + size_t */*size*/); + +void +_asn1_free ( + const struct asn1_template */*t*/, + void */*data*/); + +size_t +_asn1_length ( + const struct asn1_template */*t*/, + const void */*data*/); + +struct tm * +_der_gmtime ( + time_t /*t*/, + struct tm */*tm*/); + +int +_heim_der_set_sort ( + const void */*a1*/, + const void */*a2*/); + +int +_heim_fix_dce ( + size_t /*reallen*/, + size_t */*len*/); + +size_t +_heim_len_int (int /*val*/); + +size_t +_heim_len_unsigned (unsigned /*val*/); + +int +_heim_time2generalizedtime ( + time_t /*t*/, + heim_octet_string */*s*/, + int /*gtimep*/); + +#endif /* __der_private_h__ */ diff --git a/crypto/heimdal/lib/asn1/der-protos.h b/crypto/heimdal/lib/asn1/der-protos.h index 7bfe02ebb44..3b3d81d175f 100644 --- a/crypto/heimdal/lib/asn1/der-protos.h +++ b/crypto/heimdal/lib/asn1/der-protos.h @@ -47,6 +47,11 @@ der_copy_general_string ( const heim_general_string */*from*/, heim_general_string */*to*/); +int +der_copy_generalized_time ( + const time_t */*from*/, + time_t */*to*/); + int der_copy_heim_integer ( const heim_integer */*from*/, @@ -54,8 +59,13 @@ der_copy_heim_integer ( int der_copy_ia5_string ( - const heim_printable_string */*from*/, - heim_printable_string */*to*/); + const heim_ia5_string */*from*/, + heim_ia5_string */*to*/); + +int +der_copy_integer ( + const int */*from*/, + int */*to*/); int der_copy_octet_string ( @@ -77,6 +87,16 @@ der_copy_universal_string ( const heim_universal_string */*from*/, heim_universal_string */*to*/); +int +der_copy_unsigned ( + const unsigned */*from*/, + unsigned */*to*/); + +int +der_copy_utctime ( + const time_t */*from*/, + time_t */*to*/); + int der_copy_utf8string ( const heim_utf8_string */*from*/, @@ -96,12 +116,18 @@ der_free_bmp_string (heim_bmp_string */*k*/); void der_free_general_string (heim_general_string */*str*/); +void +der_free_generalized_time (time_t */*t*/); + void der_free_heim_integer (heim_integer */*k*/); void der_free_ia5_string (heim_ia5_string */*str*/); +void +der_free_integer (int */*i*/); + void der_free_octet_string (heim_octet_string */*k*/); @@ -114,6 +140,12 @@ der_free_printable_string (heim_printable_string */*str*/); void der_free_universal_string (heim_universal_string */*k*/); +void +der_free_unsigned (unsigned */*u*/); + +void +der_free_utctime (time_t */*t*/); + void der_free_utf8string (heim_utf8_string */*str*/); @@ -196,6 +228,13 @@ der_get_octet_string ( heim_octet_string */*data*/, size_t */*size*/); +int +der_get_octet_string_ber ( + const unsigned char */*p*/, + size_t /*len*/, + heim_octet_string */*data*/, + size_t */*size*/); + int der_get_oid ( const unsigned char */*p*/, @@ -296,6 +335,11 @@ der_heim_universal_string_cmp ( const heim_universal_string */*p*/, const heim_universal_string */*q*/); +int +der_ia5_string_cmp ( + const heim_ia5_string */*p*/, + const heim_ia5_string */*q*/); + size_t der_length_bit_string (const heim_bit_string */*k*/); @@ -335,6 +379,9 @@ der_length_oid (const heim_oid */*k*/); size_t der_length_printable_string (const heim_printable_string */*data*/); +size_t +der_length_tag (unsigned int /*tag*/); + size_t der_length_universal_string (const heim_universal_string */*data*/); @@ -359,12 +406,21 @@ der_match_tag ( unsigned int /*tag*/, size_t */*size*/); +int +der_match_tag2 ( + const unsigned char */*p*/, + size_t /*len*/, + Der_class /*class*/, + Der_type */*type*/, + unsigned int /*tag*/, + size_t */*size*/); + int der_match_tag_and_length ( const unsigned char */*p*/, size_t /*len*/, Der_class /*class*/, - Der_type /*type*/, + Der_type */*type*/, unsigned int /*tag*/, size_t */*length_ret*/, size_t */*size*/); @@ -391,6 +447,11 @@ der_print_hex_heim_integer ( const heim_integer */*data*/, char **/*p*/); +int +der_printable_string_cmp ( + const heim_printable_string */*p*/, + const heim_printable_string */*q*/); + int der_put_bit_string ( unsigned char */*p*/, diff --git a/crypto/heimdal/lib/asn1/der.c b/crypto/heimdal/lib/asn1/der.c index 120dc086afc..0c59e6f6409 100644 --- a/crypto/heimdal/lib/asn1/der.c +++ b/crypto/heimdal/lib/asn1/der.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" @@ -38,7 +38,7 @@ #include #include -RCSID("$Id: der.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); static const char *class_names[] = { diff --git a/crypto/heimdal/lib/asn1/der.h b/crypto/heimdal/lib/asn1/der.h index 13e39320d4e..f20cdb83ca5 100644 --- a/crypto/heimdal/lib/asn1/der.h +++ b/crypto/heimdal/lib/asn1/der.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: der.h 18437 2006-10-14 05:16:08Z lha $ */ +/* $Id$ */ #ifndef __DER_H__ #define __DER_H__ @@ -52,7 +52,7 @@ typedef enum {PRIM = 0, CONS = 1} Der_type; enum { UT_EndOfContent = 0, UT_Boolean = 1, - UT_Integer = 2, + UT_Integer = 2, UT_BitString = 3, UT_OctetString = 4, UT_Null = 5, @@ -94,6 +94,8 @@ typedef struct heim_ber_time_t { int bt_zone; } heim_ber_time_t; +struct asn1_template; + #include int _heim_fix_dce(size_t reallen, size_t *len); diff --git a/crypto/heimdal/lib/asn1/der_cmp.c b/crypto/heimdal/lib/asn1/der_cmp.c index f27f03c02bd..468ccb2d040 100644 --- a/crypto/heimdal/lib/asn1/der_cmp.c +++ b/crypto/heimdal/lib/asn1/der_cmp.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" @@ -38,13 +38,13 @@ der_heim_oid_cmp(const heim_oid *p, const heim_oid *q) { if (p->length != q->length) return p->length - q->length; - return memcmp(p->components, + return memcmp(p->components, q->components, p->length * sizeof(*p->components)); } int -der_heim_octet_string_cmp(const heim_octet_string *p, +der_heim_octet_string_cmp(const heim_octet_string *p, const heim_octet_string *q) { if (p->length != q->length) @@ -52,6 +52,20 @@ der_heim_octet_string_cmp(const heim_octet_string *p, return memcmp(p->data, q->data, p->length); } +int +der_printable_string_cmp(const heim_printable_string *p, + const heim_printable_string *q) +{ + return der_heim_octet_string_cmp(p, q); +} + +int +der_ia5_string_cmp(const heim_ia5_string *p, + const heim_ia5_string *q) +{ + return der_heim_octet_string_cmp(p, q); +} + int der_heim_bit_string_cmp(const heim_bit_string *p, const heim_bit_string *q) @@ -93,7 +107,7 @@ der_heim_bmp_string_cmp(const heim_bmp_string *p, const heim_bmp_string *q) } int -der_heim_universal_string_cmp(const heim_universal_string *p, +der_heim_universal_string_cmp(const heim_universal_string *p, const heim_universal_string *q) { if (p->length != q->length) diff --git a/crypto/heimdal/lib/asn1/der_copy.c b/crypto/heimdal/lib/asn1/der_copy.c index 04c4531ca57..3a0a8c5ffa6 100644 --- a/crypto/heimdal/lib/asn1/der_copy.c +++ b/crypto/heimdal/lib/asn1/der_copy.c @@ -1,42 +1,44 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" -RCSID("$Id: der_copy.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); int -der_copy_general_string (const heim_general_string *from, +der_copy_general_string (const heim_general_string *from, heim_general_string *to) { *to = strdup(*from); @@ -45,6 +47,34 @@ der_copy_general_string (const heim_general_string *from, return 0; } +int +der_copy_integer (const int *from, int *to) +{ + *to = *from; + return 0; +} + +int +der_copy_unsigned (const unsigned *from, unsigned *to) +{ + *to = *from; + return 0; +} + +int +der_copy_generalized_time (const time_t *from, time_t *to) +{ + *to = *from; + return 0; +} + +int +der_copy_utctime (const time_t *from, time_t *to) +{ + *to = *from; + return 0; +} + int der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) { @@ -52,17 +82,23 @@ der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) } int -der_copy_printable_string (const heim_printable_string *from, +der_copy_printable_string (const heim_printable_string *from, heim_printable_string *to) { - return der_copy_general_string(from, to); + to->length = from->length; + to->data = malloc(to->length + 1); + if(to->data == NULL) + return ENOMEM; + memcpy(to->data, from->data, to->length); + ((char *)to->data)[to->length] = '\0'; + return 0; } int -der_copy_ia5_string (const heim_printable_string *from, - heim_printable_string *to) +der_copy_ia5_string (const heim_ia5_string *from, + heim_ia5_string *to) { - return der_copy_general_string(from, to); + return der_copy_printable_string(from, to); } int @@ -89,7 +125,7 @@ der_copy_universal_string (const heim_universal_string *from, } int -der_copy_visible_string (const heim_visible_string *from, +der_copy_visible_string (const heim_visible_string *from, heim_visible_string *to) { return der_copy_general_string(from, to); diff --git a/crypto/heimdal/lib/asn1/der_format.c b/crypto/heimdal/lib/asn1/der_format.c index 6908bddcc26..4f06c1b01fd 100644 --- a/crypto/heimdal/lib/asn1/der_format.c +++ b/crypto/heimdal/lib/asn1/der_format.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" #include -RCSID("$Id: der_format.c 20861 2007-06-03 20:18:29Z lha $"); +RCSID("$Id$"); int der_parse_hex_heim_integer (const char *p, heim_integer *data) @@ -56,7 +56,7 @@ der_parse_hex_heim_integer (const char *p, heim_integer *data) data->length = 0; return EINVAL; } - + data->length = (len / 2) + 1; data->data = malloc(data->length); if (data->data == NULL) { @@ -108,7 +108,7 @@ int der_print_heim_oid (const heim_oid *oid, char delim, char **str) { struct rk_strpool *p = NULL; - int i; + size_t i; if (oid->length == 0) return EINVAL; @@ -144,8 +144,8 @@ der_parse_heim_oid (const char *str, const char *sep, heim_oid *data) s = strdup(str); - for (w = strtok_r(s, sep, &brkt); - w != NULL; + for (w = strtok_r(s, sep, &brkt); + w != NULL; w = strtok_r(NULL, sep, &brkt)) { c = realloc(data->components, diff --git a/crypto/heimdal/lib/asn1/der_free.c b/crypto/heimdal/lib/asn1/der_free.c index 851cb1d4077..4bae5fc2338 100644 --- a/crypto/heimdal/lib/asn1/der_free.c +++ b/crypto/heimdal/lib/asn1/der_free.c @@ -1,39 +1,41 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" -RCSID("$Id: der_free.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); void der_free_general_string (heim_general_string *str) @@ -42,6 +44,31 @@ der_free_general_string (heim_general_string *str) *str = NULL; } +void +der_free_integer (int *i) +{ + *i = 0; +} + +void +der_free_unsigned (unsigned *u) +{ + *u = 0; +} + +void +der_free_generalized_time(time_t *t) +{ + *t = 0; +} + +void +der_free_utctime(time_t *t) +{ + *t = 0; +} + + void der_free_utf8string (heim_utf8_string *str) { @@ -52,15 +79,13 @@ der_free_utf8string (heim_utf8_string *str) void der_free_printable_string (heim_printable_string *str) { - free(*str); - *str = NULL; + der_free_octet_string(str); } void der_free_ia5_string (heim_ia5_string *str) { - free(*str); - *str = NULL; + der_free_octet_string(str); } void diff --git a/crypto/heimdal/lib/asn1/der_get.c b/crypto/heimdal/lib/asn1/der_get.c index f232ce9a296..3112da86f93 100644 --- a/crypto/heimdal/lib/asn1/der_get.c +++ b/crypto/heimdal/lib/asn1/der_get.c @@ -1,43 +1,39 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" -RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $"); - -#include - -/* +/* * All decoding functions take a pointer `p' to first position in * which to read, from the left, `len' which means the maximum number * of characters we are able to read, `ret' were the value will be @@ -132,7 +128,7 @@ der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size) } int -der_get_general_string (const unsigned char *p, size_t len, +der_get_general_string (const unsigned char *p, size_t len, heim_general_string *str, size_t *size) { const unsigned char *p1; @@ -140,14 +136,14 @@ der_get_general_string (const unsigned char *p, size_t len, p1 = memchr(p, 0, len); if (p1 != NULL) { - /* + /* * Allow trailing NULs. We allow this since MIT Kerberos sends * an strings in the NEED_PREAUTH case that includes a * trailing NUL. */ - while (p1 - p < len && *p1 == '\0') + while ((size_t)(p1 - p) < len && *p1 == '\0') p1++; - if (p1 - p != len) + if ((size_t)(p1 - p) != len) return ASN1_BAD_CHARACTER; } if (len > len + 1) @@ -164,28 +160,35 @@ der_get_general_string (const unsigned char *p, size_t len, } int -der_get_utf8string (const unsigned char *p, size_t len, +der_get_utf8string (const unsigned char *p, size_t len, heim_utf8_string *str, size_t *size) { return der_get_general_string(p, len, str, size); } int -der_get_printable_string (const unsigned char *p, size_t len, - heim_printable_string *str, size_t *size) +der_get_printable_string(const unsigned char *p, size_t len, + heim_printable_string *str, size_t *size) { - return der_get_general_string(p, len, str, size); + str->length = len; + str->data = malloc(len + 1); + if (str->data == NULL) + return ENOMEM; + memcpy(str->data, p, len); + ((char *)str->data)[len] = '\0'; + if(size) *size = len; + return 0; } int -der_get_ia5_string (const unsigned char *p, size_t len, - heim_ia5_string *str, size_t *size) +der_get_ia5_string(const unsigned char *p, size_t len, + heim_ia5_string *str, size_t *size) { - return der_get_general_string(p, len, str, size); + return der_get_printable_string(p, len, str, size); } int -der_get_bmp_string (const unsigned char *p, size_t len, +der_get_bmp_string (const unsigned char *p, size_t len, heim_bmp_string *data, size_t *size) { size_t i; @@ -202,6 +205,13 @@ der_get_bmp_string (const unsigned char *p, size_t len, for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 8) | p[1]; p += 2; + /* check for NUL in the middle of the string */ + if (data->data[i] == 0 && i != (data->length - 1)) { + free(data->data); + data->data = NULL; + data->length = 0; + return ASN1_BAD_CHARACTER; + } } if (size) *size = len; @@ -209,7 +219,7 @@ der_get_bmp_string (const unsigned char *p, size_t len, } int -der_get_universal_string (const unsigned char *p, size_t len, +der_get_universal_string (const unsigned char *p, size_t len, heim_universal_string *data, size_t *size) { size_t i; @@ -226,20 +236,27 @@ der_get_universal_string (const unsigned char *p, size_t len, for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; p += 4; + /* check for NUL in the middle of the string */ + if (data->data[i] == 0 && i != (data->length - 1)) { + free(data->data); + data->data = NULL; + data->length = 0; + return ASN1_BAD_CHARACTER; + } } if (size) *size = len; return 0; } int -der_get_visible_string (const unsigned char *p, size_t len, +der_get_visible_string (const unsigned char *p, size_t len, heim_visible_string *str, size_t *size) { return der_get_general_string(p, len, str, size); } int -der_get_octet_string (const unsigned char *p, size_t len, +der_get_octet_string (const unsigned char *p, size_t len, heim_octet_string *data, size_t *size) { data->length = len; @@ -252,7 +269,76 @@ der_get_octet_string (const unsigned char *p, size_t len, } int -der_get_heim_integer (const unsigned char *p, size_t len, +der_get_octet_string_ber (const unsigned char *p, size_t len, + heim_octet_string *data, size_t *size) +{ + int e; + Der_type type; + Der_class class; + unsigned int tag, depth = 0; + size_t l, datalen, oldlen = len; + + data->length = 0; + data->data = NULL; + + while (len) { + e = der_get_tag (p, len, &class, &type, &tag, &l); + if (e) goto out; + if (class != ASN1_C_UNIV) { + e = ASN1_BAD_ID; + goto out; + } + if (type == PRIM && tag == UT_EndOfContent) { + if (depth == 0) + break; + depth--; + } + if (tag != UT_OctetString) { + e = ASN1_BAD_ID; + goto out; + } + + p += l; + len -= l; + e = der_get_length (p, len, &datalen, &l); + if (e) goto out; + p += l; + len -= l; + + if (datalen > len) + return ASN1_OVERRUN; + + if (type == PRIM) { + void *ptr; + + ptr = realloc(data->data, data->length + datalen); + if (ptr == NULL) { + e = ENOMEM; + goto out; + } + data->data = ptr; + memcpy(((unsigned char *)data->data) + data->length, p, datalen); + data->length += datalen; + } else + depth++; + + p += datalen; + len -= datalen; + } + if (depth != 0) + return ASN1_INDEF_OVERRUN; + if(size) *size = oldlen - len; + return 0; + out: + free(data->data); + data->data = NULL; + data->length = 0; + return e; +} + + +int +der_get_heim_integer (const unsigned char *p, size_t len, heim_integer *data, size_t *size) { data->length = 0; @@ -338,7 +424,7 @@ generalizedtime2time (const char *s, time_t *t) } static int -der_get_time (const unsigned char *p, size_t len, +der_get_time (const unsigned char *p, size_t len, time_t *data, size_t *size) { char *times; @@ -359,14 +445,14 @@ der_get_time (const unsigned char *p, size_t len, } int -der_get_generalized_time (const unsigned char *p, size_t len, +der_get_generalized_time (const unsigned char *p, size_t len, time_t *data, size_t *size) { return der_get_time(p, len, data, size); } int -der_get_utctime (const unsigned char *p, size_t len, +der_get_utctime (const unsigned char *p, size_t len, time_t *data, size_t *size) { return der_get_time(p, len, data, size); @@ -397,7 +483,7 @@ der_get_oid (const unsigned char *p, size_t len, ++p; for (n = 2; len > 0; ++n) { unsigned u = 0, u1; - + do { --len; u1 = u * 128 + (*p++ % 128); @@ -456,16 +542,29 @@ int der_match_tag (const unsigned char *p, size_t len, Der_class class, Der_type type, unsigned int tag, size_t *size) +{ + Der_type thistype; + int e; + + e = der_match_tag2(p, len, class, &thistype, tag, size); + if (e) return e; + if (thistype != type) return ASN1_BAD_ID; + return 0; +} + +int +der_match_tag2 (const unsigned char *p, size_t len, + Der_class class, Der_type *type, + unsigned int tag, size_t *size) { size_t l; Der_class thisclass; - Der_type thistype; unsigned int thistag; int e; - e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); + e = der_get_tag (p, len, &thisclass, type, &thistag, &l); if (e) return e; - if (class != thisclass || type != thistype) + if (class != thisclass) return ASN1_BAD_ID; if(tag > thistag) return ASN1_MISPLACED_FIELD; @@ -477,27 +576,26 @@ der_match_tag (const unsigned char *p, size_t len, int der_match_tag_and_length (const unsigned char *p, size_t len, - Der_class class, Der_type type, unsigned int tag, + Der_class class, Der_type *type, unsigned int tag, size_t *length_ret, size_t *size) { size_t l, ret = 0; int e; - e = der_match_tag (p, len, class, type, tag, &l); + e = der_match_tag2 (p, len, class, type, tag, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, length_ret, &l); if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; + if(size) *size = ret + l; return 0; } -/* + + +/* * Old versions of DCE was based on a very early beta of the MIT code, * which used MAVROS for ASN.1 encoding. MAVROS had the interesting * feature that it encoded data in the forward direction, which has @@ -507,7 +605,7 @@ der_match_tag_and_length (const unsigned char *p, size_t len, * to indefinite, BER style, lengths. The version of MAVROS used by * the DCE people could apparently generate correct X.509 DER encodings, and * did this by making space for the length after encoding, but - * unfortunately this feature wasn't used with Kerberos. + * unfortunately this feature wasn't used with Kerberos. */ int @@ -522,7 +620,7 @@ _heim_fix_dce(size_t reallen, size_t *len) } int -der_get_bit_string (const unsigned char *p, size_t len, +der_get_bit_string (const unsigned char *p, size_t len, heim_bit_string *data, size_t *size) { if (len < 1) @@ -539,8 +637,11 @@ der_get_bit_string (const unsigned char *p, size_t len, data->data = malloc(len - 1); if (data->data == NULL && (len - 1) != 0) return ENOMEM; - memcpy (data->data, p + 1, len - 1); - data->length -= p[0]; + /* copy data is there is data to copy */ + if (len - 1 != 0) { + memcpy (data->data, p + 1, len - 1); + data->length -= p[0]; + } if(size) *size = len; return 0; } diff --git a/crypto/heimdal/lib/asn1/der_length.c b/crypto/heimdal/lib/asn1/der_length.c index a7f8f593a20..db82025861e 100644 --- a/crypto/heimdal/lib/asn1/der_length.c +++ b/crypto/heimdal/lib/asn1/der_length.c @@ -1,46 +1,48 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" -RCSID("$Id: der_length.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); size_t _heim_len_unsigned (unsigned val) { size_t ret = 0; int last_val_gt_128; - + do { ++ret; last_val_gt_128 = (val >= 128); @@ -84,7 +86,7 @@ static size_t len_oid (const heim_oid *oid) { size_t ret = 1; - int n; + size_t n; for (n = 2; n < oid->length; ++n) { unsigned u = oid->components[n]; @@ -112,6 +114,20 @@ der_length_len (size_t len) } } +size_t +der_length_tag(unsigned int tag) +{ + size_t len = 0; + + if(tag <= 30) + return 1; + while(tag) { + tag /= 128; + len++; + } + return len + 1; +} + size_t der_length_integer (const int *data) { @@ -145,13 +161,13 @@ der_length_utf8string (const heim_utf8_string *data) size_t der_length_printable_string (const heim_printable_string *data) { - return strlen(*data); + return data->length; } size_t der_length_ia5_string (const heim_ia5_string *data) { - return strlen(*data); + return data->length; } size_t diff --git a/crypto/heimdal/lib/asn1/der_locl.h b/crypto/heimdal/lib/asn1/der_locl.h index 5b97557d74a..a086e18fa4a 100644 --- a/crypto/heimdal/lib/asn1/der_locl.h +++ b/crypto/heimdal/lib/asn1/der_locl.h @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 2002, 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: der_locl.h 18608 2006-10-19 16:24:02Z lha $ */ +/* $Id$ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ -#ifdef HAVE_CONFIG_H + #include -#endif + #include #include #include @@ -52,8 +52,11 @@ #include #include #include +#include +#include "asn1-template.h" time_t _der_timegm (struct tm *); +struct tm * _der_gmtime(time_t t, struct tm *); size_t _heim_len_unsigned (unsigned); size_t _heim_len_int (int); diff --git a/crypto/heimdal/lib/asn1/der_put.c b/crypto/heimdal/lib/asn1/der_put.c index 1fdbfe1305d..0b276d1ebdc 100644 --- a/crypto/heimdal/lib/asn1/der_put.c +++ b/crypto/heimdal/lib/asn1/der_put.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" -RCSID("$Id: der_put.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); /* * All encoding functions take a pointer `p' to first position in @@ -157,7 +157,7 @@ der_put_boolean(unsigned char *p, size_t len, const int *data, size_t *size) } int -der_put_general_string (unsigned char *p, size_t len, +der_put_general_string (unsigned char *p, size_t len, const heim_general_string *str, size_t *size) { size_t slen = strlen(*str); @@ -165,42 +165,40 @@ der_put_general_string (unsigned char *p, size_t len, if (len < slen) return ASN1_OVERFLOW; p -= slen; - len -= slen; memcpy (p+1, *str, slen); *size = slen; return 0; } int -der_put_utf8string (unsigned char *p, size_t len, +der_put_utf8string (unsigned char *p, size_t len, const heim_utf8_string *str, size_t *size) { return der_put_general_string(p, len, str, size); } int -der_put_printable_string (unsigned char *p, size_t len, +der_put_printable_string (unsigned char *p, size_t len, const heim_printable_string *str, size_t *size) { - return der_put_general_string(p, len, str, size); + return der_put_octet_string(p, len, str, size); } int -der_put_ia5_string (unsigned char *p, size_t len, +der_put_ia5_string (unsigned char *p, size_t len, const heim_ia5_string *str, size_t *size) { - return der_put_general_string(p, len, str, size); + return der_put_octet_string(p, len, str, size); } int -der_put_bmp_string (unsigned char *p, size_t len, +der_put_bmp_string (unsigned char *p, size_t len, const heim_bmp_string *data, size_t *size) { size_t i; if (len / 2 < data->length) return ASN1_OVERFLOW; p -= data->length * 2; - len -= data->length * 2; for (i = 0; i < data->length; i++) { p[1] = (data->data[i] >> 8) & 0xff; p[2] = data->data[i] & 0xff; @@ -211,14 +209,13 @@ der_put_bmp_string (unsigned char *p, size_t len, } int -der_put_universal_string (unsigned char *p, size_t len, +der_put_universal_string (unsigned char *p, size_t len, const heim_universal_string *data, size_t *size) { size_t i; if (len / 4 < data->length) return ASN1_OVERFLOW; p -= data->length * 4; - len -= data->length * 4; for (i = 0; i < data->length; i++) { p[1] = (data->data[i] >> 24) & 0xff; p[2] = (data->data[i] >> 16) & 0xff; @@ -231,27 +228,26 @@ der_put_universal_string (unsigned char *p, size_t len, } int -der_put_visible_string (unsigned char *p, size_t len, +der_put_visible_string (unsigned char *p, size_t len, const heim_visible_string *str, size_t *size) { return der_put_general_string(p, len, str, size); } int -der_put_octet_string (unsigned char *p, size_t len, +der_put_octet_string (unsigned char *p, size_t len, const heim_octet_string *data, size_t *size) { if (len < data->length) return ASN1_OVERFLOW; p -= data->length; - len -= data->length; memcpy (p+1, data->data, data->length); *size = data->length; return 0; } int -der_put_heim_integer (unsigned char *p, size_t len, +der_put_heim_integer (unsigned char *p, size_t len, const heim_integer *data, size_t *size) { unsigned char *buf = data->data; @@ -303,7 +299,7 @@ der_put_heim_integer (unsigned char *p, size_t len, } int -der_put_generalized_time (unsigned char *p, size_t len, +der_put_generalized_time (unsigned char *p, size_t len, const time_t *data, size_t *size) { heim_octet_string k; @@ -323,7 +319,7 @@ der_put_generalized_time (unsigned char *p, size_t len, } int -der_put_utctime (unsigned char *p, size_t len, +der_put_utctime (unsigned char *p, size_t len, const time_t *data, size_t *size) { heim_octet_string k; @@ -384,7 +380,7 @@ der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, } else { size_t ret = 0; unsigned int continuation = 0; - + do { if (len < 1) return ASN1_OVERFLOW; @@ -405,7 +401,7 @@ der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, int der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, - Der_class class, Der_type type, + Der_class class, Der_type type, unsigned int tag, size_t *size) { size_t ret = 0; @@ -421,8 +417,7 @@ der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, e = der_put_tag (p, len, class, type, tag, &l); if(e) return e; - p -= l; - len -= l; + ret += l; *size = ret; return 0; @@ -431,35 +426,36 @@ der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, int _heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep) { - struct tm *tm; + struct tm tm; const size_t len = gtimep ? 15 : 13; s->data = malloc(len + 1); if (s->data == NULL) return ENOMEM; s->length = len; - tm = gmtime (&t); + if (_der_gmtime(t, &tm) == NULL) + return ASN1_BAD_TIMEFORMAT; if (gtimep) - snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", - tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); + snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", + tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, + tm.tm_hour, tm.tm_min, tm.tm_sec); else - snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ", - tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); + snprintf (s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ", + tm.tm_year % 100, tm.tm_mon + 1, tm.tm_mday, + tm.tm_hour, tm.tm_min, tm.tm_sec); return 0; } int -der_put_bit_string (unsigned char *p, size_t len, +der_put_bit_string (unsigned char *p, size_t len, const heim_bit_string *data, size_t *size) { size_t data_size = (data->length + 7) / 8; if (len < data_size + 1) return ASN1_OVERFLOW; p -= data_size + 1; - len -= data_size + 1; + memcpy (p+2, data->data, data_size); if (data->length && (data->length % 8) != 0) p[1] = 8 - (data->length % 8); @@ -469,13 +465,13 @@ der_put_bit_string (unsigned char *p, size_t len, return 0; } -int +int _heim_der_set_sort(const void *a1, const void *a2) { const struct heim_octet_string *s1 = a1, *s2 = a2; int ret; - ret = memcmp(s1->data, s2->data, + ret = memcmp(s1->data, s2->data, s1->length < s2->length ? s1->length : s2->length); if(ret) return ret; diff --git a/crypto/heimdal/lib/asn1/digest.asn1 b/crypto/heimdal/lib/asn1/digest.asn1 index eafe48ea5ae..027402f1efe 100644 --- a/crypto/heimdal/lib/asn1/digest.asn1 +++ b/crypto/heimdal/lib/asn1/digest.asn1 @@ -1,4 +1,4 @@ --- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $ +-- $Id$ DIGEST DEFINITIONS ::= BEGIN @@ -100,6 +100,21 @@ NTLMResponse ::= SEQUENCE { tickets [3] SEQUENCE OF OCTET STRING OPTIONAL } +NTLMRequest2 ::= SEQUENCE { + loginUserName [0] UTF8String, + loginDomainName [1] UTF8String, + flags [2] INTEGER (0..4294967295), + lmchallenge [3] OCTET STRING SIZE (8), + ntChallengeResponce [4] OCTET STRING, + lmChallengeResponce [5] OCTET STRING +} + +NTLMReply ::= SEQUENCE { + success [0] BOOLEAN, + flags [1] INTEGER (0..4294967295), + sessionkey [2] OCTET STRING OPTIONAL +} + DigestReqInner ::= CHOICE { init [0] DigestInit, digestRequest [1] DigestRequest, @@ -139,7 +154,7 @@ DigestREP ::= [APPLICATION 129] SEQUENCE { -- qop == auth -- A2 = Method ":" digest-uri-value -- qop == auth-int --- A2 = Method ":" digest-uri-value ":" H(entity-body) +-- A2 = Method ":" digest-uri-value ":" H(entity-body) -- request-digest = HEX(KD(HEX(H(A1)), -- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2)))) diff --git a/crypto/heimdal/lib/asn1/extra.c b/crypto/heimdal/lib/asn1/extra.c index e29a4378785..a18797ec259 100644 --- a/crypto/heimdal/lib/asn1/extra.c +++ b/crypto/heimdal/lib/asn1/extra.c @@ -1,56 +1,52 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" #include "heim_asn1.h" -RCSID("$Id: extra.c 16672 2006-01-31 09:44:54Z lha $"); +RCSID("$Id$"); int -encode_heim_any(unsigned char *p, size_t len, +encode_heim_any(unsigned char *p, size_t len, const heim_any *data, size_t *size) { - if (data->length > len) - return ASN1_OVERFLOW; - p -= data->length; - len -= data->length; - memcpy (p+1, data->data, data->length); - *size = data->length; - return 0; + return der_put_octet_string (p, len, data, size); } int -decode_heim_any(const unsigned char *p, size_t len, +decode_heim_any(const unsigned char *p, size_t len, heim_any *data, size_t *size) { size_t len_len, length, l; @@ -67,8 +63,14 @@ decode_heim_any(const unsigned char *p, size_t len, return ASN1_OVERFLOW; e = der_get_length(p + l, len - l, &length, &len_len); if (e) return e; - if (length + len_len + l > len) - return ASN1_OVERFLOW; + if (length == ASN1_INDEFINITE) { + if (len < len_len + l) + return ASN1_OVERFLOW; + length = len - (len_len + l); + } else { + if (len < length + len_len + l) + return ASN1_OVERFLOW; + } data->data = malloc(length + len_len + l); if (data->data == NULL) @@ -85,8 +87,7 @@ decode_heim_any(const unsigned char *p, size_t len, void free_heim_any(heim_any *data) { - free(data->data); - data->data = NULL; + der_free_octet_string(data); } size_t @@ -98,58 +99,43 @@ length_heim_any(const heim_any *data) int copy_heim_any(const heim_any *from, heim_any *to) { - to->data = malloc(from->length); - if (to->data == NULL && from->length != 0) - return ENOMEM; - memcpy(to->data, from->data, from->length); - to->length = from->length; - return 0; + return der_copy_octet_string(from, to); } int -encode_heim_any_set(unsigned char *p, size_t len, +encode_heim_any_set(unsigned char *p, size_t len, const heim_any_set *data, size_t *size) { - return encode_heim_any(p, len, data, size); + return der_put_octet_string (p, len, data, size); } - int -decode_heim_any_set(const unsigned char *p, size_t len, +decode_heim_any_set(const unsigned char *p, size_t len, heim_any_set *data, size_t *size) { - memset(data, 0, sizeof(*data)); - data->data = malloc(len); - if (data->data == NULL && len != 0) - return ENOMEM; - data->length = len; - memcpy(data->data, p, len); - if (size) *size = len; - return 0; + return der_get_octet_string(p, len, data, size); } void free_heim_any_set(heim_any_set *data) { - free_heim_any(data); + der_free_octet_string(data); } size_t length_heim_any_set(const heim_any *data) { - return length_heim_any(data); + return data->length; } int copy_heim_any_set(const heim_any_set *from, heim_any_set *to) { - return copy_heim_any(from, to); + return der_copy_octet_string(from, to); } int heim_any_cmp(const heim_any_set *p, const heim_any_set *q) { - if (p->length != q->length) - return p->length - q->length; - return memcmp(p->data, q->data, p->length); + return der_heim_octet_string_cmp(p, q); } diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c index 499f8eab363..2194b329ce1 100644 --- a/crypto/heimdal/lib/asn1/gen.c +++ b/crypto/heimdal/lib/asn1/gen.c @@ -1,46 +1,48 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); -FILE *headerfile, *codefile, *logfile; +FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile; #define STEM "asn1" static const char *orig_filename; -static char *header; +static char *privheader, *header, *template; static const char *headerbase = STEM; /* @@ -66,6 +68,45 @@ add_import (const char *module) fprintf (headerfile, "#include <%s_asn1.h>\n", module); } +/* + * List of all exported symbols + */ + +struct sexport { + const char *name; + int defined; + struct sexport *next; +}; + +static struct sexport *exports = NULL; + +void +add_export (const char *name) +{ + struct sexport *tmp = emalloc (sizeof(*tmp)); + + tmp->name = name; + tmp->next = exports; + exports = tmp; +} + +int +is_export(const char *name) +{ + struct sexport *tmp; + + if (exports == NULL) /* no export list, all exported */ + return 1; + + for (tmp = exports; tmp != NULL; tmp = tmp->next) { + if (strcmp(tmp->name, name) == 0) { + tmp->defined = 1; + return 1; + } + } + return 0; +} + const char * get_filename (void) { @@ -75,7 +116,7 @@ get_filename (void) void init_generate (const char *filename, const char *base) { - char *fn; + char *fn = NULL; orig_filename = filename; if (base != NULL) { @@ -83,20 +124,40 @@ init_generate (const char *filename, const char *base) if (headerbase == NULL) errx(1, "strdup"); } - asprintf(&header, "%s.h", headerbase); - if (header == NULL) + + /* public header file */ + if (asprintf(&header, "%s.h", headerbase) < 0 || header == NULL) errx(1, "malloc"); - headerfile = fopen (header, "w"); + if (asprintf(&fn, "%s.hx", headerbase) < 0 || fn == NULL) + errx(1, "malloc"); + headerfile = fopen (fn, "w"); if (headerfile == NULL) - err (1, "open %s", header); + err (1, "open %s", fn); + free(fn); + fn = NULL; + + /* private header file */ + if (asprintf(&privheader, "%s-priv.h", headerbase) < 0 || privheader == NULL) + errx(1, "malloc"); + if (asprintf(&fn, "%s-priv.hx", headerbase) < 0 || fn == NULL) + errx(1, "malloc"); + privheaderfile = fopen (fn, "w"); + if (privheaderfile == NULL) + err (1, "open %s", fn); + free(fn); + fn = NULL; + + /* template file */ + if (asprintf(&template, "%s-template.c", headerbase) < 0 || template == NULL) + errx(1, "malloc"); fprintf (headerfile, "/* Generated from %s */\n" "/* Do not edit */\n\n", filename); - fprintf (headerfile, + fprintf (headerfile, "#ifndef __%s_h__\n" "#define __%s_h__\n\n", headerbase, headerbase); - fprintf (headerfile, + fprintf (headerfile, "#include \n" "#include \n\n"); fprintf (headerfile, @@ -120,10 +181,10 @@ init_generate (const char *filename, const char *base) "typedef char *heim_utf8_string;\n\n" ); fprintf (headerfile, - "typedef char *heim_printable_string;\n\n" + "typedef struct heim_octet_string heim_printable_string;\n\n" ); fprintf (headerfile, - "typedef char *heim_ia5_string;\n\n" + "typedef struct heim_octet_string heim_ia5_string;\n\n" ); fprintf (headerfile, "typedef struct heim_bmp_string {\n" @@ -167,14 +228,55 @@ init_generate (const char *filename, const char *base) " } \\\n" " } while (0)\n\n", headerfile); + fputs("#ifdef _WIN32\n" + "#ifndef ASN1_LIB\n" + "#define ASN1EXP __declspec(dllimport)\n" + "#else\n" + "#define ASN1EXP\n" + "#endif\n" + "#define ASN1CALL __stdcall\n" + "#else\n" + "#define ASN1EXP\n" + "#define ASN1CALL\n" + "#endif\n", + headerfile); fprintf (headerfile, "struct units;\n\n"); fprintf (headerfile, "#endif\n\n"); - asprintf(&fn, "%s_files", base); - if (fn == NULL) + if (asprintf(&fn, "%s_files", base) < 0 || fn == NULL) errx(1, "malloc"); logfile = fopen(fn, "w"); if (logfile == NULL) err (1, "open %s", fn); + + /* if one code file, write into the one codefile */ + if (one_code_file) + return; + + templatefile = fopen (template, "w"); + if (templatefile == NULL) + err (1, "open %s", template); + + fprintf (templatefile, + "/* Generated from %s */\n" + "/* Do not edit */\n\n" + "#include \n" + "#include \n" + "#include \n" + "#include \n" + "#include \n" + "#include \n" + "#include \n", + filename); + + fprintf (templatefile, + "#include <%s>\n" + "#include <%s>\n" + "#include \n" + "#include \n" + "#include \n", + header, privheader); + + } void @@ -182,9 +284,15 @@ close_generate (void) { fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase); - fclose (headerfile); - fprintf (logfile, "\n"); - fclose (logfile); + if (headerfile) + fclose (headerfile); + if (privheaderfile) + fclose (privheaderfile); + if (templatefile) + fclose (templatefile); + if (logfile) + fprintf (logfile, "\n"); + fclose (logfile); } void @@ -229,25 +337,26 @@ gen_compare_defval(const char *var, struct value *val) } } -static void +void generate_header_of_codefile(const char *name) { - char *filename; + char *filename = NULL; if (codefile != NULL) abort(); - asprintf (&filename, "%s_%s.x", STEM, name); - if (filename == NULL) + if (asprintf (&filename, "%s_%s.x", STEM, name) < 0 || filename == NULL) errx(1, "malloc"); codefile = fopen (filename, "w"); if (codefile == NULL) err (1, "fopen %s", filename); fprintf(logfile, "%s ", filename); free(filename); - fprintf (codefile, + filename = NULL; + fprintf (codefile, "/* Generated from %s */\n" "/* Do not edit */\n\n" + "#define ASN1_LIB\n\n" "#include \n" "#include \n" "#include \n" @@ -258,16 +367,19 @@ generate_header_of_codefile(const char *name) orig_filename); fprintf (codefile, - "#include <%s.h>\n", - headerbase); + "#include <%s>\n" + "#include <%s>\n", + header, privheader); fprintf (codefile, "#include \n" "#include \n" + "#include \n" + "#include \n" "#include \n\n"); } -static void +void close_codefile(void) { if (codefile == NULL) @@ -294,13 +406,20 @@ generate_constant (const Symbol *s) break; case objectidentifiervalue: { struct objid *o, **list; - int i, len; + unsigned int i, len; + char *gen_upper; - generate_header_of_codefile(s->gen_name); + if (!one_code_file) + generate_header_of_codefile(s->gen_name); len = 0; for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next) len++; + if (len == 0) { + printf("s->gen_name: %s",s->gen_name); + fflush(stdout); + break; + } list = emalloc(sizeof(*list) * len); i = 0; @@ -308,34 +427,44 @@ generate_constant (const Symbol *s) list[i++] = o; fprintf (headerfile, "/* OBJECT IDENTIFIER %s ::= { ", s->name); - for (i = len - 1 ; i >= 0; i--) { - o = list[i]; + for (i = len ; i > 0; i--) { + o = list[i - 1]; fprintf(headerfile, "%s(%d) ", o->label ? o->label : "label-less", o->value); } - fprintf (headerfile, "} */\n"); - fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n", - s->gen_name); - fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {", s->gen_name, len); - for (i = len - 1 ; i >= 0; i--) { - fprintf(codefile, "%d%s ", list[i]->value, i > 0 ? "," : ""); + for (i = len ; i > 0; i--) { + fprintf(codefile, "%d%s ", list[i - 1]->value, i > 1 ? "," : ""); } fprintf(codefile, "};\n"); - fprintf (codefile, "static const heim_oid oid_%s_variable = " - "{ %d, oid_%s_variable_num };\n\n", + fprintf (codefile, "const heim_oid asn1_oid_%s = " + "{ %d, oid_%s_variable_num };\n\n", s->gen_name, len, s->gen_name); - fprintf (codefile, "const heim_oid *oid_%s(void)\n" - "{\n" - "return &oid_%s_variable;\n" - "}\n\n", - s->gen_name, s->gen_name); + free(list); - close_codefile(); + /* header file */ + + gen_upper = strdup(s->gen_name); + len = strlen(gen_upper); + for (i = 0; i < len; i++) + gen_upper[i] = toupper((int)s->gen_name[i]); + + fprintf (headerfile, "} */\n"); + fprintf (headerfile, + "extern ASN1EXP const heim_oid asn1_oid_%s;\n" + "#define ASN1_OID_%s (&asn1_oid_%s)\n\n", + s->gen_name, + gen_upper, + s->gen_name); + + free(gen_upper); + + if (!one_code_file) + close_codefile(); break; } @@ -344,6 +473,33 @@ generate_constant (const Symbol *s) } } +int +is_primitive_type(int type) +{ + switch(type) { + case TInteger: + case TBoolean: + case TOctetString: + case TBitString: + case TEnumerated: + case TGeneralizedTime: + case TGeneralString: + case TTeletexString: + case TOID: + case TUTCTime: + case TUTF8String: + case TPrintableString: + case TIA5String: + case TBMPString: + case TUniversalString: + case TVisibleString: + case TNull: + return 1; + default: + return 0; + } +} + static void space(int level) { @@ -391,7 +547,7 @@ define_asn1 (int level, Type *t) fprintf (headerfile, "INTEGER {\n"); ASN1_TAILQ_FOREACH(m, t->members, members) { space (level + 1); - fprintf(headerfile, "%s(%d)%s\n", m->gen_name, m->val, + fprintf(headerfile, "%s(%d)%s\n", m->gen_name, m->val, last_member_p(m)); } space(level); @@ -415,7 +571,7 @@ define_asn1 (int level, Type *t) fprintf (headerfile, "ENUMERATED {\n"); ASN1_TAILQ_FOREACH(m, t->members, members) { space(level + 1); - fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, + fprintf (headerfile, "%s(%d)%s\n", m->name, m->val, last_member_p(m)); } space(level); @@ -474,11 +630,14 @@ define_asn1 (int level, Type *t) case TGeneralString: fprintf (headerfile, "GeneralString"); break; + case TTeletexString: + fprintf (headerfile, "TeletexString"); + break; case TTag: { - const char *classnames[] = { "UNIVERSAL ", "APPLICATION ", + const char *classnames[] = { "UNIVERSAL ", "APPLICATION ", "" /* CONTEXT */, "PRIVATE " }; if(t->tag.tagclass != ASN1_C_UNIV) - fprintf (headerfile, "[%s%d] ", + fprintf (headerfile, "[%s%d] ", classnames[t->tag.tagclass], t->tag.tagvalue); if(t->tag.tagenv == TE_IMPLICIT) @@ -527,8 +686,25 @@ define_asn1 (int level, Type *t) } static void -define_type (int level, const char *name, Type *t, int typedefp, int preservep) +getnewbasename(char **newbasename, int typedefp, const char *basename, const char *name) { + if (typedefp) + *newbasename = strdup(name); + else { + if (name[0] == '*') + name++; + if (asprintf(newbasename, "%s_%s", basename, name) < 0) + errx(1, "malloc"); + } + if (*newbasename == NULL) + err(1, "malloc"); +} + +static void +define_type (int level, const char *name, const char *basename, Type *t, int typedefp, int preservep) +{ + char *newbasename = NULL; + switch (t->type) { case TType: space(level); @@ -541,7 +717,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) fprintf (headerfile, "enum %s {\n", typedefp ? name : ""); ASN1_TAILQ_FOREACH(m, t->members, members) { space (level + 1); - fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, + fprintf(headerfile, "%s = %d%s\n", m->gen_name, m->val, last_member_p(m)); } fprintf (headerfile, "} %s;\n", name); @@ -554,7 +730,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) } else if (t->range->min == 0 && t->range->max == INT_MAX) { fprintf (headerfile, "unsigned int %s;\n", name); } else - errx(1, "%s: unsupported range %d -> %d", + errx(1, "%s: unsupported range %d -> %d", name, t->range->min, t->range->max); break; case TBoolean: @@ -576,19 +752,43 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) i.constraint = NULL; space(level); - if(ASN1_TAILQ_EMPTY(t->members)) + if(ASN1_TAILQ_EMPTY(t->members)) fprintf (headerfile, "heim_bit_string %s;\n", name); else { - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + int pos = 0; + getnewbasename(&newbasename, typedefp, basename, name); + + fprintf (headerfile, "struct %s {\n", newbasename); ASN1_TAILQ_FOREACH(m, t->members, members) { - char *n; - - asprintf (&n, "%s:1", m->gen_name); - if (n == NULL) + char *n = NULL; + + /* pad unused */ + while (pos < m->val) { + if (asprintf (&n, "_unused%d:1", pos) < 0 || n == NULL) + errx(1, "malloc"); + define_type (level + 1, n, newbasename, &i, FALSE, FALSE); + free(n); + pos++; + } + + n = NULL; + if (asprintf (&n, "%s:1", m->gen_name) < 0 || n == NULL) errx(1, "malloc"); - define_type (level + 1, n, &i, FALSE, FALSE); + define_type (level + 1, n, newbasename, &i, FALSE, FALSE); free (n); + n = NULL; + pos++; } + /* pad to 32 elements */ + while (pos < 32) { + char *n = NULL; + if (asprintf (&n, "_unused%d:1", pos) < 0 || n == NULL) + errx(1, "malloc"); + define_type (level + 1, n, newbasename, &i, FALSE, FALSE); + free(n); + pos++; + } + space(level); fprintf (headerfile, "} %s;\n\n", name); } @@ -615,8 +815,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) case TSequence: { Member *m; + getnewbasename(&newbasename, typedefp, basename, name); + space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + fprintf (headerfile, "struct %s {\n", newbasename); if (t->type == TSequence && preservep) { space(level + 1); fprintf(headerfile, "heim_octet_string _save;\n"); @@ -625,15 +827,14 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) if (m->ellipsis) { ; } else if (m->optional) { - char *n; + char *n = NULL; - asprintf (&n, "*%s", m->gen_name); - if (n == NULL) + if (asprintf (&n, "*%s", m->gen_name) < 0 || n == NULL) errx(1, "malloc"); - define_type (level + 1, n, m->type, FALSE, FALSE); + define_type (level + 1, n, newbasename, m->type, FALSE, FALSE); free (n); } else - define_type (level + 1, m->gen_name, m->type, FALSE, FALSE); + define_type (level + 1, m->gen_name, newbasename, m->type, FALSE, FALSE); } space(level); fprintf (headerfile, "} %s;\n", name); @@ -644,15 +845,17 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) Type i; struct range range = { 0, INT_MAX }; + getnewbasename(&newbasename, typedefp, basename, name); + i.type = TInteger; i.range = ⦥ i.members = NULL; i.constraint = NULL; space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); - define_type (level + 1, "len", &i, FALSE, FALSE); - define_type (level + 1, "*val", t->subtype, FALSE, FALSE); + fprintf (headerfile, "struct %s {\n", newbasename); + define_type (level + 1, "len", newbasename, &i, FALSE, FALSE); + define_type (level + 1, "*val", newbasename, t->subtype, FALSE, FALSE); space(level); fprintf (headerfile, "} %s;\n", name); break; @@ -665,15 +868,21 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) space(level); fprintf (headerfile, "heim_general_string %s;\n", name); break; + case TTeletexString: + space(level); + fprintf (headerfile, "heim_general_string %s;\n", name); + break; case TTag: - define_type (level, name, t->subtype, typedefp, preservep); + define_type (level, name, basename, t->subtype, typedefp, preservep); break; case TChoice: { int first = 1; Member *m; + getnewbasename(&newbasename, typedefp, basename, name); + space(level); - fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); + fprintf (headerfile, "struct %s {\n", newbasename); if (preservep) { space(level + 1); fprintf(headerfile, "heim_octet_string _save;\n"); @@ -683,7 +892,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) m = have_ellipsis(t); if (m) { space(level + 2); - fprintf (headerfile, "%s = 0,\n", m->label); + fprintf (headerfile, "%s = 0,\n", m->label); first = 0; } ASN1_TAILQ_FOREACH(m, t->members, members) { @@ -691,8 +900,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) if (m->ellipsis) fprintf (headerfile, "/* ... */\n"); else - fprintf (headerfile, "%s%s%s\n", m->label, - first ? " = 1" : "", + fprintf (headerfile, "%s%s%s\n", m->label, + first ? " = 1" : "", last_member_p(m)); first = 0; } @@ -705,15 +914,14 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) space(level + 2); fprintf(headerfile, "heim_octet_string asn1_ellipsis;\n"); } else if (m->optional) { - char *n; + char *n = NULL; - asprintf (&n, "*%s", m->gen_name); - if (n == NULL) + if (asprintf (&n, "*%s", m->gen_name) < 0 || n == NULL) errx(1, "malloc"); - define_type (level + 2, n, m->type, FALSE, FALSE); + define_type (level + 2, n, newbasename, m->type, FALSE, FALSE); free (n); } else - define_type (level + 2, m->gen_name, m->type, FALSE, FALSE); + define_type (level + 2, m->gen_name, newbasename, m->type, FALSE, FALSE); } space(level + 1); fprintf (headerfile, "} u;\n"); @@ -760,6 +968,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) default: abort (); } + if (newbasename) + free(newbasename); } static void @@ -773,25 +983,72 @@ generate_type_header (const Symbol *s) fprintf (headerfile, "\n*/\n\n"); fprintf (headerfile, "typedef "); - define_type (0, s->gen_name, s->type, TRUE, preservep); + define_type (0, s->gen_name, s->gen_name, s->type, TRUE, preservep); fprintf (headerfile, "\n"); } - void generate_type (const Symbol *s) { - generate_header_of_codefile(s->gen_name); + FILE *h; + const char * exp; + + if (!one_code_file) + generate_header_of_codefile(s->gen_name); generate_type_header (s); - generate_type_encode (s); - generate_type_decode (s); - generate_type_free (s); - generate_type_length (s); - generate_type_copy (s); + + if (template_flag) + generate_template(s); + + if (template_flag == 0 || is_template_compat(s) == 0) { + generate_type_encode (s); + generate_type_decode (s); + generate_type_free (s); + generate_type_length (s); + generate_type_copy (s); + } generate_type_seq (s); generate_glue (s->type, s->gen_name); - fprintf(headerfile, "\n\n"); - close_codefile(); + + /* generate prototypes */ + + if (is_export(s->name)) { + h = headerfile; + exp = "ASN1EXP "; + } else { + h = privheaderfile; + exp = ""; + } + + fprintf (h, + "%sint ASN1CALL " + "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", + exp, + s->gen_name, s->gen_name); + fprintf (h, + "%sint ASN1CALL " + "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", + exp, + s->gen_name, s->gen_name); + fprintf (h, + "%ssize_t ASN1CALL length_%s(const %s *);\n", + exp, + s->gen_name, s->gen_name); + fprintf (h, + "%sint ASN1CALL copy_%s (const %s *, %s *);\n", + exp, + s->gen_name, s->gen_name, s->gen_name); + fprintf (h, + "%svoid ASN1CALL free_%s (%s *);\n", + exp, + s->gen_name, s->gen_name); + + fprintf(h, "\n\n"); + + if (!one_code_file) { + fprintf(codefile, "\n\n"); + close_codefile(); + } } diff --git a/crypto/heimdal/lib/asn1/gen_copy.c b/crypto/heimdal/lib/asn1/gen_copy.c index abf11859d5f..36f68ee5d99 100644 --- a/crypto/heimdal/lib/asn1/gen_copy.c +++ b/crypto/heimdal/lib/asn1/gen_copy.c @@ -1,46 +1,46 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen_copy.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); static int used_fail; static void copy_primitive (const char *typename, const char *from, const char *to) { - fprintf (codefile, "if(der_copy_%s(%s, %s)) goto fail;\n", + fprintf (codefile, "if(der_copy_%s(%s, %s)) goto fail;\n", typename, from, to); used_fail++; } @@ -53,7 +53,7 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) #if 0 copy_type (from, to, t->symbol->type, preserve); #endif - fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", + fprintf (codefile, "if(copy_%s(%s, %s)) goto fail;\n", t->symbol->gen_name, from, to); used_fail++; break; @@ -82,7 +82,7 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) if(t->members == NULL) break; - + if ((t->type == TSequence || t->type == TChoice) && preserve) { fprintf(codefile, "{ int ret;\n" @@ -110,14 +110,16 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) if(t->type == TChoice) fprintf(codefile, "case %s:\n", m->label); - asprintf (&fs, "%s(%s)->%s%s", - m->optional ? "" : "&", from, - t->type == TChoice ? "u." : "", m->gen_name); + if (asprintf (&fs, "%s(%s)->%s%s", + m->optional ? "" : "&", from, + t->type == TChoice ? "u." : "", m->gen_name) < 0) + errx(1, "malloc"); if (fs == NULL) errx(1, "malloc"); - asprintf (&ts, "%s(%s)->%s%s", - m->optional ? "" : "&", to, - t->type == TChoice ? "u." : "", m->gen_name); + if (asprintf (&ts, "%s(%s)->%s%s", + m->optional ? "" : "&", to, + t->type == TChoice ? "u." : "", m->gen_name) < 0) + errx(1, "malloc"); if (ts == NULL) errx(1, "malloc"); if(m->optional){ @@ -145,31 +147,32 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) "break;\n" "}\n", have_ellipsis->label, - from, have_ellipsis->gen_name, + from, have_ellipsis->gen_name, to, have_ellipsis->gen_name); used_fail++; } - fprintf(codefile, "}\n"); + fprintf(codefile, "}\n"); } break; } case TSetOf: case TSequenceOf: { - char *f; - char *T; + char *f = NULL, *T = NULL; fprintf (codefile, "if(((%s)->val = " - "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", + "malloc((%s)->len * sizeof(*(%s)->val))) == NULL && (%s)->len != 0)\n", to, from, to, from); fprintf (codefile, "goto fail;\n"); used_fail++; fprintf(codefile, "for((%s)->len = 0; (%s)->len < (%s)->len; (%s)->len++){\n", to, to, from, to); - asprintf(&f, "&(%s)->val[(%s)->len]", from, to); + if (asprintf(&f, "&(%s)->val[(%s)->len]", from, to) < 0) + errx(1, "malloc"); if (f == NULL) errx(1, "malloc"); - asprintf(&T, "&(%s)->val[(%s)->len]", to, to); + if (asprintf(&T, "&(%s)->val[(%s)->len]", to, to) < 0) + errx(1, "malloc"); if (T == NULL) errx(1, "malloc"); copy_type(f, T, t->subtype, FALSE); @@ -184,6 +187,9 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) case TGeneralString: copy_primitive ("general_string", from, to); break; + case TTeletexString: + copy_primitive ("general_string", from, to); + break; case TUTCTime: fprintf(codefile, "*(%s) = *(%s);\n", to, from); break; @@ -225,11 +231,7 @@ generate_type_copy (const Symbol *s) used_fail = 0; - fprintf (headerfile, - "int copy_%s (const %s *, %s *);\n", - s->gen_name, s->gen_name, s->gen_name); - - fprintf (codefile, "int\n" + fprintf (codefile, "int ASN1CALL\n" "copy_%s(const %s *from, %s *to)\n" "{\n" "memset(to, 0, sizeof(*to));\n", diff --git a/crypto/heimdal/lib/asn1/gen_decode.c b/crypto/heimdal/lib/asn1/gen_decode.c index face9ba47a0..9d816d5400d 100644 --- a/crypto/heimdal/lib/asn1/gen_decode.c +++ b/crypto/heimdal/lib/asn1/gen_decode.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id$"); static void decode_primitive (const char *typename, const char *name, const char *forwstr) @@ -56,32 +56,6 @@ decode_primitive (const char *typename, const char *name, const char *forwstr) #endif } -static int -is_primitive_type(int type) -{ - switch(type) { - case TInteger: - case TBoolean: - case TOctetString: - case TBitString: - case TEnumerated: - case TGeneralizedTime: - case TGeneralString: - case TOID: - case TUTCTime: - case TUTF8String: - case TPrintableString: - case TIA5String: - case TBMPString: - case TUniversalString: - case TVisibleString: - case TNull: - return 1; - default: - return 0; - } -} - static void find_tag (const Type *t, Der_class *cl, Der_type *ty, unsigned *tag) @@ -97,19 +71,24 @@ find_tag (const Type *t, *ty = PRIM; *tag = UT_Boolean; break; - case TChoice: + case TChoice: errx(1, "Cannot have recursive CHOICE"); case TEnumerated: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_Enumerated; break; - case TGeneralString: + case TGeneralString: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_GeneralString; break; - case TGeneralizedTime: + case TTeletexString: + *cl = ASN1_C_UNIV; + *ty = PRIM; + *tag = UT_TeletexString; + break; + case TGeneralizedTime: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_GeneralizedTime; @@ -119,7 +98,7 @@ find_tag (const Type *t, *ty = PRIM; *tag = UT_IA5String; break; - case TInteger: + case TInteger: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_Integer; @@ -129,12 +108,12 @@ find_tag (const Type *t, *ty = PRIM; *tag = UT_Null; break; - case TOID: + case TOID: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_OID; break; - case TOctetString: + case TOctetString: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_OctetString; @@ -144,35 +123,35 @@ find_tag (const Type *t, *ty = PRIM; *tag = UT_PrintableString; break; - case TSequence: + case TSequence: case TSequenceOf: *cl = ASN1_C_UNIV; *ty = CONS; *tag = UT_Sequence; break; - case TSet: + case TSet: case TSetOf: *cl = ASN1_C_UNIV; *ty = CONS; *tag = UT_Set; break; - case TTag: + case TTag: *cl = t->tag.tagclass; *ty = is_primitive_type(t->subtype->type) ? PRIM : CONS; *tag = t->tag.tagvalue; break; - case TType: + case TType: if ((t->symbol->stype == Stype && t->symbol->type == NULL) || t->symbol->stype == SUndefined) { - error_message("%s is imported or still undefined, " - " can't generate tag checking data in CHOICE " - "without this information", - t->symbol->name); + lex_error_message("%s is imported or still undefined, " + " can't generate tag checking data in CHOICE " + "without this information", + t->symbol->name); exit(1); } find_tag(t->symbol->type, cl, ty, tag); return; - case TUTCTime: + case TUTCTime: *cl = ASN1_C_UNIV; *ty = PRIM; *tag = UT_UTCTime; @@ -205,7 +184,7 @@ find_tag (const Type *t, static void range_check(const char *name, const char *length, - const char *forwstr, + const char *forwstr, struct range *r) { if (r->min == r->max + 2 || r->min < r->max) @@ -229,13 +208,14 @@ range_check(const char *name, } static int -decode_type (const char *name, const Type *t, int optional, - const char *forwstr, const char *tmpstr) +decode_type (const char *name, const Type *t, int optional, + const char *forwstr, const char *tmpstr, const char *dertype, + unsigned int depth) { switch (t->type) { case TType: { if (optional) - fprintf(codefile, + fprintf(codefile, "%s = calloc(1, sizeof(*%s));\n" "if (%s == NULL) %s;\n", name, name, name, forwstr); @@ -279,7 +259,7 @@ decode_type (const char *name, const Type *t, int optional, } else if (t->range->min == 0 && t->range->max == INT_MAX) { decode_primitive ("unsigned", name, forwstr); } else - errx(1, "%s: unsupported range %d -> %d", + errx(1, "%s: unsupported range %d -> %d", name, t->range->min, t->range->max); break; case TBoolean: @@ -289,7 +269,17 @@ decode_type (const char *name, const Type *t, int optional, decode_primitive ("enumerated", name, forwstr); break; case TOctetString: + if (dertype) { + fprintf(codefile, + "if (%s == CONS) {\n", + dertype); + decode_primitive("octet_string_ber", name, forwstr); + fprintf(codefile, + "} else {\n"); + } decode_primitive ("octet_string", name, forwstr); + if (dertype) + fprintf(codefile, "}\n"); if (t->range) range_check(name, "length", forwstr, t->range); break; @@ -331,19 +321,19 @@ decode_type (const char *name, const Type *t, int optional, break; ASN1_TAILQ_FOREACH(m, t->members, members) { - char *s; + char *s = NULL; if (m->ellipsis) continue; - asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", - name, m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", + name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr, m->gen_name); + decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL, + depth + 1); free (s); } - + break; } case TSet: { @@ -356,7 +346,7 @@ decode_type (const char *name, const Type *t, int optional, fprintf(codefile, "{\n"); fprintf(codefile, "unsigned int members = 0;\n"); fprintf(codefile, "while(len > 0) {\n"); - fprintf(codefile, + fprintf(codefile, "Der_class class;\n" "Der_type type;\n" "int tag;\n" @@ -374,22 +364,21 @@ decode_type (const char *name, const Type *t, int optional, is_primitive_type(m->type->subtype->type) ? "PRIM" : "CONS", valuename(m->type->tag.tagclass, m->type->tag.tagvalue)); - asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); if(m->optional) - fprintf(codefile, + fprintf(codefile, "%s = calloc(1, sizeof(*%s));\n" "if (%s == NULL) { e = ENOMEM; %s; }\n", s, s, s, forwstr); - decode_type (s, m->type, 0, forwstr, m->gen_name); + decode_type (s, m->type, 0, forwstr, m->gen_name, NULL, depth + 1); free (s); fprintf(codefile, "members |= (1 << %d);\n", memno); memno++; fprintf(codefile, "break;\n"); } - fprintf(codefile, + fprintf(codefile, "default:\n" "return ASN1_MISPLACED_FIELD;\n" "break;\n"); @@ -399,8 +388,7 @@ decode_type (const char *name, const Type *t, int optional, ASN1_TAILQ_FOREACH(m, t->members, members) { char *s; - asprintf (&s, "%s->%s", name, m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s->%s", name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); fprintf(codefile, "if((members & (1 << %d)) == 0)\n", memno); if(m->optional) @@ -417,8 +405,8 @@ decode_type (const char *name, const Type *t, int optional, } case TSetOf: case TSequenceOf: { - char *n; - char *sname; + char *n = NULL; + char *sname = NULL; fprintf (codefile, "{\n" @@ -449,17 +437,15 @@ decode_type (const char *name, const Type *t, int optional, tmpstr, tmpstr, forwstr, tmpstr, tmpstr, tmpstr, name, tmpstr, - tmpstr, forwstr, + tmpstr, forwstr, name, tmpstr); - asprintf (&n, "&(%s)->val[(%s)->len]", name, name); - if (n == NULL) + if (asprintf (&n, "&(%s)->val[(%s)->len]", name, name) < 0 || n == NULL) errx(1, "malloc"); - asprintf (&sname, "%s_s_of", tmpstr); - if (sname == NULL) + if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL) errx(1, "malloc"); - decode_type (n, t->subtype, 0, forwstr, sname); - fprintf (codefile, + decode_type (n, t->subtype, 0, forwstr, sname, NULL, depth + 1); + fprintf (codefile, "(%s)->len++;\n" "len = %s_origlen - ret;\n" "}\n" @@ -479,24 +465,44 @@ decode_type (const char *name, const Type *t, int optional, case TGeneralString: decode_primitive ("general_string", name, forwstr); break; + case TTeletexString: + decode_primitive ("general_string", name, forwstr); + break; case TTag:{ - char *tname; + char *tname = NULL, *typestring = NULL; + char *ide = NULL; - fprintf(codefile, + if (asprintf(&typestring, "%s_type", tmpstr) < 0 || typestring == NULL) + errx(1, "malloc"); + + fprintf(codefile, "{\n" - "size_t %s_datalen, %s_oldlen;\n", - tmpstr, tmpstr); - if(dce_fix) - fprintf(codefile, - "int dce_fix;\n"); - fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, " + "size_t %s_datalen, %s_oldlen;\n" + "Der_type %s;\n", + tmpstr, tmpstr, typestring); + if(support_ber) + fprintf(codefile, + "int is_indefinite%u;\n", depth); + + fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, " "&%s_datalen, &l);\n", classname(t->tag.tagclass), - is_primitive_type(t->subtype->type) ? "PRIM" : "CONS", + typestring, valuename(t->tag.tagclass, t->tag.tagvalue), tmpstr); + + /* XXX hardcode for now */ + if (support_ber && t->subtype->type == TOctetString) { + ide = typestring; + } else { + fprintf(codefile, + "if (e == 0 && %s != %s) { e = ASN1_BAD_ID; }\n", + typestring, + is_primitive_type(t->subtype->type) ? "PRIM" : "CONS"); + } + if(optional) { - fprintf(codefile, + fprintf(codefile, "if(e) {\n" "%s = NULL;\n" "} else {\n" @@ -510,36 +516,45 @@ decode_type (const char *name, const Type *t, int optional, "p += l; len -= l; ret += l;\n" "%s_oldlen = len;\n", tmpstr); - if(dce_fix) + if(support_ber) fprintf (codefile, - "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n" - "{ e = ASN1_BAD_FORMAT; %s; }\n", - tmpstr, forwstr); + "if((is_indefinite%u = _heim_fix_dce(%s_datalen, &len)) < 0)\n" + "{ e = ASN1_BAD_FORMAT; %s; }\n" + "if (is_indefinite%u) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }", + depth, tmpstr, forwstr, depth, forwstr); else - fprintf(codefile, + fprintf(codefile, "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n" "len = %s_datalen;\n", tmpstr, forwstr, tmpstr); - asprintf (&tname, "%s_Tag", tmpstr); - if (tname == NULL) + if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL) errx(1, "malloc"); - decode_type (name, t->subtype, 0, forwstr, tname); - if(dce_fix) + decode_type (name, t->subtype, 0, forwstr, tname, ide, depth + 1); + if(support_ber) fprintf(codefile, - "if(dce_fix){\n" - "e = der_match_tag_and_length (p, len, " - "(Der_class)0,(Der_type)0, UT_EndOfContent, " + "if(is_indefinite%u){\n" + "len += 2;\n" + "e = der_match_tag_and_length(p, len, " + "(Der_class)0, &%s, UT_EndOfContent, " "&%s_datalen, &l);\n" - "if(e) %s;\np += l; len -= l; ret += l;\n" - "} else \n", tmpstr, forwstr); - fprintf(codefile, + "if(e) %s;\n" + "p += l; len -= l; ret += l;\n" + "if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n" + "} else \n", + depth, + typestring, + tmpstr, + forwstr, + typestring, forwstr); + fprintf(codefile, "len = %s_oldlen - %s_datalen;\n", tmpstr, tmpstr); if(optional) - fprintf(codefile, + fprintf(codefile, "}\n"); - fprintf(codefile, + fprintf(codefile, "}\n"); free(tname); + free(typestring); break; } case TChoice: { @@ -551,11 +566,11 @@ decode_type (const char *name, const Type *t, int optional, ASN1_TAILQ_FOREACH(m, t->members, members) { const Type *tt = m->type; - char *s; + char *s = NULL; Der_class cl; Der_type ty; unsigned tag; - + if (m->ellipsis) { have_ellipsis = m; continue; @@ -569,11 +584,11 @@ decode_type (const char *name, const Type *t, int optional, classname(cl), ty ? "CONS" : "PRIM", valuename(cl, tag)); - asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&", - name, m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&", + name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr, m->gen_name); + decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL, + depth + 1); fprintf(codefile, "(%s)->element = %s;\n", name, m->label); @@ -594,11 +609,11 @@ decode_type (const char *name, const Type *t, int optional, "(%s)->element = %s;\n" "p += len;\n" "ret += len;\n" - "len -= len;\n" + "len = 0;\n" "}\n", name, have_ellipsis->gen_name, name, have_ellipsis->gen_name, - forwstr, + forwstr, name, have_ellipsis->gen_name, name, have_ellipsis->gen_name, name, have_ellipsis->label); @@ -650,14 +665,9 @@ generate_type_decode (const Symbol *s) { int preserve = preserve_type(s->name) ? TRUE : FALSE; - fprintf (headerfile, - "int " - "decode_%s(const unsigned char *, size_t, %s *, size_t *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, "int\n" - "decode_%s(const unsigned char *p," - " size_t len, %s *data, size_t *size)\n" + fprintf (codefile, "int ASN1CALL\n" + "decode_%s(const unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE," + " size_t len HEIMDAL_UNUSED_ATTRIBUTE, %s *data, size_t *size)\n" "{\n", s->gen_name, s->gen_name); @@ -668,6 +678,7 @@ generate_type_decode (const Symbol *s) case TOID: case TGeneralizedTime: case TGeneralString: + case TTeletexString: case TUTF8String: case TPrintableString: case TIA5String: @@ -687,15 +698,15 @@ generate_type_decode (const Symbol *s) case TChoice: fprintf (codefile, "size_t ret = 0;\n" - "size_t l;\n" - "int e;\n"); + "size_t l HEIMDAL_UNUSED_ATTRIBUTE;\n" + "int e HEIMDAL_UNUSED_ATTRIBUTE;\n"); if (preserve) fprintf (codefile, "const unsigned char *begin = p;\n"); fprintf (codefile, "\n"); fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */ - decode_type ("data", s->type, 0, "goto fail", "Top"); + decode_type ("data", s->type, 0, "goto fail", "Top", NULL, 1); if (preserve) fprintf (codefile, "data->_save.data = calloc(1, ret);\n" @@ -704,7 +715,7 @@ generate_type_decode (const Symbol *s) "}\n" "data->_save.length = ret;\n" "memcpy(data->_save.data, begin, ret);\n"); - fprintf (codefile, + fprintf (codefile, "if(size) *size = ret;\n" "return 0;\n"); fprintf (codefile, diff --git a/crypto/heimdal/lib/asn1/gen_encode.c b/crypto/heimdal/lib/asn1/gen_encode.c index 08f1a9449f8..1bd47484d83 100644 --- a/crypto/heimdal/lib/asn1/gen_encode.c +++ b/crypto/heimdal/lib/asn1/gen_encode.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen_encode.c 22429 2008-01-13 10:25:50Z lha $"); +RCSID("$Id$"); static void encode_primitive (const char *typename, const char *name) @@ -60,7 +60,7 @@ const char * valuename(Der_class class, int value) { static char s[32]; - struct { + struct { int value; const char *s; } *p, values[] = { @@ -136,7 +136,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) } else if (t->range->min == 0 && t->range->max == INT_MAX) { encode_primitive ("unsigned", name); } else - errx(1, "%s: unsupported range %d -> %d", + errx(1, "%s: unsupported range %d -> %d", name, t->range->min, t->range->max); constructed = 0; break; @@ -209,7 +209,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) } fprintf (codefile, "if((%s)->%s) {\n" - "c |= 1<<%d;\n", + "c |= 1<<%d;\n", name, m->gen_name, 7 - m->val % 8); fprintf (codefile, "}\n"); @@ -218,7 +218,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) if (!rfc1510_bitstring) fprintf (codefile, "if (c != 0 || bit_set) {\n"); - fprintf (codefile, + fprintf (codefile, "if (len < 1) return ASN1_OVERFLOW;\n" "*p-- = c; len--; ret++;\n"); if (!rfc1510_bitstring) @@ -235,7 +235,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) "}\n" "}\n"); - fprintf (codefile, + fprintf (codefile, "if (len < 1) return ASN1_OVERFLOW;\n" "*p-- = %s;\n" "len -= 1;\n" @@ -257,15 +257,14 @@ encode_type (const char *name, const Type *t, const char *tmpstr) if (t->members == NULL) break; - + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { - char *s; + char *s = NULL; if (m->ellipsis) continue; - asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); fprintf(codefile, "/* %s */\n", m->name); if (m->optional) @@ -275,7 +274,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) else if(m->defval) gen_compare_defval(s + 1, m->defval); fprintf (codefile, "{\n"); - fprintf (codefile, "size_t %s_oldret = ret;\n", tmpstr); + fprintf (codefile, "size_t %s_oldret HEIMDAL_UNUSED_ATTRIBUTE = ret;\n", tmpstr); fprintf (codefile, "ret = 0;\n"); encode_type (s, m->type, m->gen_name); fprintf (codefile, "ret += %s_oldret;\n", tmpstr); @@ -289,8 +288,8 @@ encode_type (const char *name, const Type *t, const char *tmpstr) fprintf(codefile, "{\n" "struct heim_octet_string *val;\n" - "size_t elen, totallen = 0;\n" - "int eret;\n"); + "size_t elen = 0, totallen = 0;\n" + "int eret = 0;\n"); fprintf(codefile, "if ((%s)->len > UINT_MAX/sizeof(val[0]))\n" @@ -303,7 +302,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) name, name); fprintf(codefile, - "for(i = 0; i < (%s)->len; i++) {\n", + "for(i = 0; i < (int)(%s)->len; i++) {\n", name); fprintf(codefile, @@ -327,7 +326,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) fprintf(codefile, "if (totallen > len) {\n" - "for (i = 0; i < (%s)->len; i++) {\n" + "for (i = 0; i < (int)(%s)->len; i++) {\n" "free(val[i].data);\n" "}\n" "free(val);\n" @@ -340,7 +339,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) name); fprintf (codefile, - "for(i = (%s)->len - 1; i >= 0; --i) {\n" + "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n" "p -= val[i].length;\n" "ret += val[i].length;\n" "memcpy(p + 1, val[i].data, val[i].length);\n" @@ -352,19 +351,17 @@ encode_type (const char *name, const Type *t, const char *tmpstr) break; } case TSequenceOf: { - char *n; - char *sname; + char *sname = NULL; + char *n = NULL; fprintf (codefile, - "for(i = (%s)->len - 1; i >= 0; --i) {\n" + "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n" "size_t %s_for_oldret = ret;\n" "ret = 0;\n", name, tmpstr); - asprintf (&n, "&(%s)->val[i]", name); - if (n == NULL) + if (asprintf (&n, "&(%s)->val[i]", name) < 0 || n == NULL) errx(1, "malloc"); - asprintf (&sname, "%s_S_Of", tmpstr); - if (sname == NULL) + if (asprintf (&sname, "%s_S_Of", tmpstr) < 0 || sname == NULL) errx(1, "malloc"); encode_type (n, t->subtype, sname); fprintf (codefile, @@ -383,48 +380,49 @@ encode_type (const char *name, const Type *t, const char *tmpstr) encode_primitive ("general_string", name); constructed = 0; break; + case TTeletexString: + encode_primitive ("general_string", name); + constructed = 0; + break; case TTag: { - char *tname; + char *tname = NULL; int c; - asprintf (&tname, "%s_tag", tmpstr); - if (tname == NULL) - errx(1, "malloc"); + if (asprintf (&tname, "%s_tag", tmpstr) < 0 || tname == NULL) + errx(1, "malloc"); c = encode_type (name, t->subtype, tname); fprintf (codefile, "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n" "if (e) return e;\np -= l; len -= l; ret += l;\n\n", classname(t->tag.tagclass), - c ? "CONS" : "PRIM", + c ? "CONS" : "PRIM", valuename(t->tag.tagclass, t->tag.tagvalue)); free (tname); break; } case TChoice:{ Member *m, *have_ellipsis = NULL; - char *s; + char *s = NULL; if (t->members == NULL) break; fprintf(codefile, "\n"); - asprintf (&s, "(%s)", name); - if (s == NULL) + if (asprintf (&s, "(%s)", name) < 0 || s == NULL) errx(1, "malloc"); fprintf(codefile, "switch(%s->element) {\n", s); ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { - char *s2; + char *s2 = NULL; if (m->ellipsis) { have_ellipsis = m; continue; } - fprintf (codefile, "case %s: {", m->label); - asprintf(&s2, "%s(%s)->u.%s", m->optional ? "" : "&", - s, m->gen_name); - if (s2 == NULL) + fprintf (codefile, "case %s: {", m->label); + if (asprintf(&s2, "%s(%s)->u.%s", m->optional ? "" : "&", + s, m->gen_name) < 0 || s2 == NULL) errx(1, "malloc"); if (m->optional) fprintf (codefile, "if(%s) {\n", s2); @@ -504,13 +502,8 @@ encode_type (const char *name, const Type *t, const char *tmpstr) void generate_type_encode (const Symbol *s) { - fprintf (headerfile, - "int " - "encode_%s(unsigned char *, size_t, const %s *, size_t *);\n", - s->gen_name, s->gen_name); - - fprintf (codefile, "int\n" - "encode_%s(unsigned char *p, size_t len," + fprintf (codefile, "int ASN1CALL\n" + "encode_%s(unsigned char *p HEIMDAL_UNUSED_ATTRIBUTE, size_t len HEIMDAL_UNUSED_ATTRIBUTE," " const %s *data, size_t *size)\n" "{\n", s->gen_name, s->gen_name); @@ -521,6 +514,7 @@ generate_type_encode (const Symbol *s) case TOctetString: case TGeneralizedTime: case TGeneralString: + case TTeletexString: case TUTCTime: case TUTF8String: case TPrintableString: @@ -540,11 +534,10 @@ generate_type_encode (const Symbol *s) case TType: case TChoice: fprintf (codefile, - "size_t ret = 0;\n" - "size_t l;\n" - "int i, e;\n\n"); - fprintf(codefile, "i = 0;\n"); /* hack to avoid `unused variable' */ - + "size_t ret HEIMDAL_UNUSED_ATTRIBUTE = 0;\n" + "size_t l HEIMDAL_UNUSED_ATTRIBUTE;\n" + "int i HEIMDAL_UNUSED_ATTRIBUTE, e HEIMDAL_UNUSED_ATTRIBUTE;\n\n"); + encode_type("data", s->type, "Top"); fprintf (codefile, "*size = ret;\n" diff --git a/crypto/heimdal/lib/asn1/gen_free.c b/crypto/heimdal/lib/asn1/gen_free.c index d667c5d31aa..b9cae7533b1 100644 --- a/crypto/heimdal/lib/asn1/gen_free.c +++ b/crypto/heimdal/lib/asn1/gen_free.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen_free.c 19539 2006-12-28 17:15:05Z lha $"); +RCSID("$Id$"); static void free_primitive (const char *typename, const char *name) @@ -82,7 +82,7 @@ free_type (const char *name, const Type *t, int preserve) if(t->type == TChoice) fprintf(codefile, "switch((%s)->element) {\n", name); - + ASN1_TAILQ_FOREACH(m, t->members, members) { char *s; @@ -93,16 +93,15 @@ free_type (const char *name, const Type *t, int preserve) if(t->type == TChoice) fprintf(codefile, "case %s:\n", m->label); - asprintf (&s, "%s(%s)->%s%s", - m->optional ? "" : "&", name, - t->type == TChoice ? "u." : "", m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s(%s)->%s%s", + m->optional ? "" : "&", name, + t->type == TChoice ? "u." : "", m->gen_name) < 0 || s == NULL) errx(1, "malloc"); if(m->optional) fprintf(codefile, "if(%s) {\n", s); free_type (s, m->type, FALSE); if(m->optional) - fprintf(codefile, + fprintf(codefile, "free(%s);\n" "%s = NULL;\n" "}\n",s, s); @@ -110,7 +109,7 @@ free_type (const char *name, const Type *t, int preserve) if(t->type == TChoice) fprintf(codefile, "break;\n"); } - + if(t->type == TChoice) { if (have_ellipsis) fprintf(codefile, @@ -128,11 +127,10 @@ free_type (const char *name, const Type *t, int preserve) char *n; fprintf (codefile, "while((%s)->len){\n", name); - asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name); - if (n == NULL) + if (asprintf (&n, "&(%s)->val[(%s)->len-1]", name, name) < 0 || n == NULL) errx(1, "malloc"); free_type(n, t->subtype, FALSE); - fprintf(codefile, + fprintf(codefile, "(%s)->len--;\n" "}\n", name); @@ -145,6 +143,9 @@ free_type (const char *name, const Type *t, int preserve) case TGeneralString: free_primitive ("general_string", name); break; + case TTeletexString: + free_primitive ("general_string", name); + break; case TUTF8String: free_primitive ("utf8string", name); break; @@ -177,18 +178,14 @@ free_type (const char *name, const Type *t, int preserve) void generate_type_free (const Symbol *s) { - int preserve = preserve_type(s->name) ? TRUE : FALSE; + int preserve = preserve_type(s->name) ? TRUE : FALSE; - fprintf (headerfile, - "void free_%s (%s *);\n", - s->gen_name, s->gen_name); + fprintf (codefile, "void ASN1CALL\n" + "free_%s(%s *data)\n" + "{\n", + s->gen_name, s->gen_name); - fprintf (codefile, "void\n" - "free_%s(%s *data)\n" - "{\n", - s->gen_name, s->gen_name); - - free_type ("data", s->type, preserve); - fprintf (codefile, "}\n\n"); + free_type ("data", s->type, preserve); + fprintf (codefile, "}\n\n"); } diff --git a/crypto/heimdal/lib/asn1/gen_glue.c b/crypto/heimdal/lib/asn1/gen_glue.c index 8d8bd152a3b..5ab93305a24 100644 --- a/crypto/heimdal/lib/asn1/gen_glue.c +++ b/crypto/heimdal/lib/asn1/gen_glue.c @@ -1,39 +1,41 @@ /* - * Copyright (c) 1997, 1999, 2000, 2003 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1999, 2000, 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen_glue.c 15617 2005-07-12 06:27:42Z lha $"); +RCSID("$Id$"); static void generate_2int (const Type *t, const char *gen_name) @@ -70,7 +72,8 @@ generate_int2 (const Type *t, const char *gen_name) fprintf (codefile, "%s int2%s(unsigned n)\n" "{\n" - "\t%s flags;\n\n", + "\t%s flags;\n\n" + "\tmemset(&flags, 0, sizeof(flags));\n\n", gen_name, gen_name, gen_name); if(t->members) { @@ -92,9 +95,17 @@ generate_units (const Type *t, const char *gen_name) { Member *m; - fprintf (headerfile, - "const struct units * asn1_%s_units(void);", - gen_name); + if (template_flag) { + fprintf (headerfile, + "extern const struct units *asn1_%s_table_units;\n", + gen_name); + fprintf (headerfile, "#define asn1_%s_units() (asn1_%s_table_units)\n", + gen_name, gen_name); + } else { + fprintf (headerfile, + "const struct units * asn1_%s_units(void);\n", + gen_name); + } fprintf (codefile, "static struct units %s_units[] = {\n", @@ -103,7 +114,7 @@ generate_units (const Type *t, const char *gen_name) if(t->members) { ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { fprintf (codefile, - "\t{\"%s\",\t1U << %d},\n", m->gen_name, m->val); + "\t{\"%s\",\t1U << %d},\n", m->name, m->val); } } @@ -111,11 +122,16 @@ generate_units (const Type *t, const char *gen_name) "\t{NULL,\t0}\n" "};\n\n"); - fprintf (codefile, - "const struct units * asn1_%s_units(void){\n" - "return %s_units;\n" - "}\n\n", - gen_name, gen_name); + if (template_flag) + fprintf (codefile, + "const struct units * asn1_%s_table_units = %s_units;\n", + gen_name, gen_name); + else + fprintf (codefile, + "const struct units * asn1_%s_units(void){\n" + "return %s_units;\n" + "}\n\n", + gen_name, gen_name); } diff --git a/crypto/heimdal/lib/asn1/gen_length.c b/crypto/heimdal/lib/asn1/gen_length.c index 4cb5d45089f..20b5adfe5d0 100644 --- a/crypto/heimdal/lib/asn1/gen_length.c +++ b/crypto/heimdal/lib/asn1/gen_length.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $"); +RCSID("$Id$"); static void length_primitive (const char *typename, @@ -43,11 +43,12 @@ length_primitive (const char *typename, fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name); } +/* XXX same as der_length_tag */ static size_t length_tag(unsigned int tag) { size_t len = 0; - + if(tag <= 30) return 1; while(tag) { @@ -59,7 +60,7 @@ length_tag(unsigned int tag) static int -length_type (const char *name, const Type *t, +length_type (const char *name, const Type *t, const char *variable, const char *tmpstr) { switch (t->type) { @@ -86,7 +87,7 @@ length_type (const char *name, const Type *t, } else if (t->range->min == 0 && t->range->max == INT_MAX) { length_primitive ("unsigned", name, variable); } else - errx(1, "%s: unsupported range %d -> %d", + errx(1, "%s: unsupported range %d -> %d", name, t->range->min, t->range->max); break; @@ -133,13 +134,13 @@ length_type (const char *name, const Type *t, if (t->members == NULL) break; - + if(t->type == TChoice) fprintf (codefile, "switch((%s)->element) {\n", name); ASN1_TAILQ_FOREACH(m, t->members, members) { char *s; - + if (m->ellipsis) { have_ellipsis = m; continue; @@ -148,10 +149,9 @@ length_type (const char *name, const Type *t, if(t->type == TChoice) fprintf(codefile, "case %s:\n", m->label); - asprintf (&s, "%s(%s)->%s%s", - m->optional ? "" : "&", name, - t->type == TChoice ? "u." : "", m->gen_name); - if (s == NULL) + if (asprintf (&s, "%s(%s)->%s%s", + m->optional ? "" : "&", name, + t->type == TChoice ? "u." : "", m->gen_name) < 0 || s == NULL) errx(1, "malloc"); if (m->optional) fprintf (codefile, "if(%s)", s); @@ -182,24 +182,22 @@ length_type (const char *name, const Type *t, } case TSetOf: case TSequenceOf: { - char *n; - char *sname; + char *n = NULL; + char *sname = NULL; fprintf (codefile, "{\n" - "int %s_oldret = %s;\n" + "size_t %s_oldret = %s;\n" "int i;\n" "%s = 0;\n", tmpstr, variable, variable); fprintf (codefile, "for(i = (%s)->len - 1; i >= 0; --i){\n", name); - fprintf (codefile, "int %s_for_oldret = %s;\n" + fprintf (codefile, "size_t %s_for_oldret = %s;\n" "%s = 0;\n", tmpstr, variable, variable); - asprintf (&n, "&(%s)->val[i]", name); - if (n == NULL) + if (asprintf (&n, "&(%s)->val[i]", name) < 0 || n == NULL) errx(1, "malloc"); - asprintf (&sname, "%s_S_Of", tmpstr); - if (sname == NULL) + if (asprintf (&sname, "%s_S_Of", tmpstr) < 0 || sname == NULL) errx(1, "malloc"); length_type(n, t->subtype, variable, sname); fprintf (codefile, "%s += %s_for_oldret;\n", @@ -219,6 +217,9 @@ length_type (const char *name, const Type *t, case TGeneralString: length_primitive ("general_string", name, variable); break; + case TTeletexString: + length_primitive ("general_string", name, variable); + break; case TUTCTime: length_primitive ("utctime", name, variable); break; @@ -244,12 +245,11 @@ length_type (const char *name, const Type *t, fprintf (codefile, "/* NULL */\n"); break; case TTag:{ - char *tname; - asprintf(&tname, "%s_tag", tmpstr); - if (tname == NULL) + char *tname = NULL; + if (asprintf(&tname, "%s_tag", tmpstr) < 0 || tname == NULL) errx(1, "malloc"); length_type (name, t->subtype, variable, tname); - fprintf (codefile, "ret += %lu + der_length_len (ret);\n", + fprintf (codefile, "ret += %lu + der_length_len (ret);\n", (unsigned long)length_tag(t->tag.tagvalue)); free(tname); break; @@ -266,17 +266,13 @@ length_type (const char *name, const Type *t, void generate_type_length (const Symbol *s) { - fprintf (headerfile, - "size_t length_%s(const %s *);\n", - s->gen_name, s->gen_name); - fprintf (codefile, - "size_t\n" + "size_t ASN1CALL\n" "length_%s(const %s *data)\n" "{\n" "size_t ret = 0;\n", s->gen_name, s->gen_name); - + length_type ("data", s->type, "ret", "Top"); fprintf (codefile, "return ret;\n}\n\n"); } diff --git a/crypto/heimdal/lib/asn1/gen_locl.h b/crypto/heimdal/lib/asn1/gen_locl.h index 8cd4dbad5a8..9e87b0c578c 100644 --- a/crypto/heimdal/lib/asn1/gen_locl.h +++ b/crypto/heimdal/lib/asn1/gen_locl.h @@ -1,44 +1,43 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gen_locl.h 18008 2006-09-05 12:29:18Z lha $ */ +/* $Id$ */ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ -#ifdef HAVE_CONFIG_H #include -#endif + #include #include #include @@ -53,6 +52,7 @@ #include "symbol.h" #include "asn1-common.h" #include "der.h" +#include "der-private.h" void generate_type (const Symbol *); void generate_constant (const Symbol *); @@ -75,14 +75,27 @@ void init_generate (const char *, const char *); const char *get_filename (void); void close_generate(void); void add_import(const char *); +void add_export(const char *); +int is_export(const char *); int yyparse(void); +int is_primitive_type(int); int preserve_type(const char *); int seq_type(const char *); -extern FILE *headerfile, *codefile, *logfile; -extern int dce_fix; +void generate_header_of_codefile(const char *); +void close_codefile(void); + +int is_template_compat (const Symbol *); +void generate_template(const Symbol *); +void gen_template_import(const Symbol *); + + +extern FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile; +extern int support_ber; +extern int template_flag; extern int rfc1510_bitstring; +extern int one_code_file; extern int error_flag; diff --git a/crypto/heimdal/lib/asn1/gen_seq.c b/crypto/heimdal/lib/asn1/gen_seq.c index 54776752c2e..3487e98b0a7 100644 --- a/crypto/heimdal/lib/asn1/gen_seq.c +++ b/crypto/heimdal/lib/asn1/gen_seq.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" -RCSID("$Id: gen_seq.c 20561 2007-04-24 16:14:30Z lha $"); +RCSID("$Id$"); void generate_type_seq (const Symbol *s) @@ -47,8 +47,8 @@ generate_type_seq (const Symbol *s) while(type->type == TTag) type = type->subtype; - if (type->type != TSequenceOf) { - printf("%s not seq of %d\n", s->name, (int)type->type); + if (type->type != TSequenceOf && type->type != TSetOf) { + fprintf(stderr, "%s not seq of %d\n", s->name, (int)type->type); return; } @@ -56,7 +56,7 @@ generate_type_seq (const Symbol *s) * Require the subtype to be a type so we can name it and use * copy_/free_ */ - + if (type->subtype->type != TType) { fprintf(stderr, "%s subtype is not a type, can't generate " "sequence code for this case: %d\n", @@ -67,17 +67,17 @@ generate_type_seq (const Symbol *s) subname = type->subtype->symbol->gen_name; fprintf (headerfile, - "int add_%s (%s *, const %s *);\n" - "int remove_%s (%s *, unsigned int);\n", + "ASN1EXP int ASN1CALL add_%s (%s *, const %s *);\n" + "ASN1EXP int ASN1CALL remove_%s (%s *, unsigned int);\n", s->gen_name, s->gen_name, subname, s->gen_name, s->gen_name); - fprintf (codefile, "int\n" + fprintf (codefile, "int ASN1CALL\n" "add_%s(%s *data, const %s *element)\n" "{\n", s->gen_name, s->gen_name, subname); - fprintf (codefile, + fprintf (codefile, "int ret;\n" "void *ptr;\n" "\n" @@ -92,13 +92,13 @@ generate_type_seq (const Symbol *s) subname); fprintf (codefile, "}\n\n"); - - fprintf (codefile, "int\n" + + fprintf (codefile, "int ASN1CALL\n" "remove_%s(%s *data, unsigned int element)\n" "{\n", s->gen_name, s->gen_name); - fprintf (codefile, + fprintf (codefile, "void *ptr;\n" "\n" "if (data->len == 0 || element >= data->len)\n" @@ -108,7 +108,7 @@ generate_type_seq (const Symbol *s) /* don't move if its the last element */ "if (element < data->len)\n" "\tmemmove(&data->val[element], &data->val[element + 1], \n" - "\t\tsizeof(data->val[0]) * data->len);\n" + "\t\tsizeof(data->val[0]) * (data->len - element));\n" /* resize but don't care about failures since it doesn't matter */ "ptr = realloc(data->val, data->len * sizeof(data->val[0]));\n" "if (ptr != NULL || data->len == 0) data->val = ptr;\n" diff --git a/crypto/heimdal/lib/asn1/gen_template.c b/crypto/heimdal/lib/asn1/gen_template.c new file mode 100644 index 00000000000..edd68e12238 --- /dev/null +++ b/crypto/heimdal/lib/asn1/gen_template.c @@ -0,0 +1,918 @@ +/* + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gen_locl.h" + +static const char *symbol_name(const char *, const Type *); +static void generate_template_type(const char *, const char **, const char *, const char *, const char *, + Type *, int, int, int); + +static const char * +ttype_symbol(const char *basename, const Type *t) +{ + return t->symbol->gen_name; +} + +static const char * +integer_symbol(const char *basename, const Type *t) +{ + if (t->members) + return "int"; /* XXX enum foo */ + else if (t->range == NULL) + return "heim_integer"; + else if (t->range->min == INT_MIN && t->range->max == INT_MAX) + return "int"; + else if (t->range->min == 0 && t->range->max == UINT_MAX) + return "unsigned"; + else if (t->range->min == 0 && t->range->max == INT_MAX) + return "unsigned"; + else { + abort(); + UNREACHABLE(return NULL); + } +} + +static const char * +boolean_symbol(const char *basename, const Type *t) +{ + return "int"; +} + + +static const char * +octetstring_symbol(const char *basename, const Type *t) +{ + return "heim_octet_string"; +} + +static const char * +sequence_symbol(const char *basename, const Type *t) +{ + return basename; +} + +static const char * +time_symbol(const char *basename, const Type *t) +{ + return "time_t"; +} + +static const char * +tag_symbol(const char *basename, const Type *t) +{ + return symbol_name(basename, t->subtype); +} + +static const char * +generalstring_symbol(const char *basename, const Type *t) +{ + return "heim_general_string"; +} + +static const char * +printablestring_symbol(const char *basename, const Type *t) +{ + return "heim_printable_string"; +} + +static const char * +ia5string_symbol(const char *basename, const Type *t) +{ + return "heim_ia5_string"; +} + +static const char * +visiblestring_symbol(const char *basename, const Type *t) +{ + return "heim_visible_string"; +} + +static const char * +utf8string_symbol(const char *basename, const Type *t) +{ + return "heim_utf8_string"; +} + +static const char * +bmpstring_symbol(const char *basename, const Type *t) +{ + return "heim_bmp_string"; +} + +static const char * +universalstring_symbol(const char *basename, const Type *t) +{ + return "heim_universal_string"; +} + +static const char * +oid_symbol(const char *basename, const Type *t) +{ + return "heim_oid"; +} + +static const char * +bitstring_symbol(const char *basename, const Type *t) +{ + if (t->members) + return basename; + return "heim_bit_string"; +} + + + +struct { + enum typetype type; + const char *(*symbol_name)(const char *, const Type *); + int is_struct; +} types[] = { + { TBMPString, bmpstring_symbol, 0 }, + { TBitString, bitstring_symbol, 0 }, + { TBoolean, boolean_symbol, 0 }, + { TGeneralString, generalstring_symbol, 0 }, + { TGeneralizedTime, time_symbol, 0 }, + { TIA5String, ia5string_symbol, 0 }, + { TInteger, integer_symbol, 0 }, + { TOID, oid_symbol, 0 }, + { TOctetString, octetstring_symbol, 0 }, + { TPrintableString, printablestring_symbol, 0 }, + { TSequence, sequence_symbol, 1 }, + { TSequenceOf, tag_symbol, 1 }, + { TSetOf, tag_symbol, 1 }, + { TTag, tag_symbol, 1 }, + { TType, ttype_symbol, 1 }, + { TUTCTime, time_symbol, 0 }, + { TUniversalString, universalstring_symbol, 0 }, + { TVisibleString, visiblestring_symbol, 0 }, + { TUTF8String, utf8string_symbol, 0 }, + { TChoice, sequence_symbol, 1 }, + { TNull, integer_symbol, 1 } +}; + +static FILE * +get_code_file(void) +{ + if (!one_code_file) + return templatefile; + return codefile; +} + + +static int +is_supported_type_p(const Type *t) +{ + size_t i; + + for (i = 0; i < sizeof(types)/sizeof(types[0]); i++) + if (t->type == types[i].type) + return 1; + return 0; +} + +int +is_template_compat (const Symbol *s) +{ + return is_supported_type_p(s->type); +} + +static const char * +symbol_name(const char *basename, const Type *t) +{ + size_t i; + + for (i = 0; i < sizeof(types)/sizeof(types[0]); i++) + if (t->type == types[i].type) + return (types[i].symbol_name)(basename, t); + printf("unknown der type: %d\n", t->type); + exit(1); +} + + +static char * +partial_offset(const char *basetype, const char *name, int need_offset) +{ + char *str; + if (name == NULL || need_offset == 0) + return strdup("0"); + if (asprintf(&str, "offsetof(struct %s, %s)", basetype, name) < 0 || str == NULL) + errx(1, "malloc"); + return str; +} + +struct template { + char *line; + char *tt; + char *offset; + char *ptr; + ASN1_TAILQ_ENTRY(template) members; +}; + +ASN1_TAILQ_HEAD(templatehead, template); + +struct tlist { + char *name; + char *header; + struct templatehead template; + ASN1_TAILQ_ENTRY(tlist) tmembers; +}; + +ASN1_TAILQ_HEAD(tlisthead, tlist); + +static void tlist_header(struct tlist *, const char *, ...) __attribute__((__format__(__printf__, 2, 3))); +static struct template * + add_line(struct templatehead *, const char *, ...) __attribute__((__format__(__printf__, 2, 3))); +static int tlist_cmp(const struct tlist *, const struct tlist *); + +static void add_line_pointer(struct templatehead *, const char *, const char *, const char *, ...) + __attribute__((__format__(__printf__, 4, 5))); + + +static struct tlisthead tlistmaster = ASN1_TAILQ_HEAD_INITIALIZER(tlistmaster); +static unsigned long numdups = 0; + +static struct tlist * +tlist_new(const char *name) +{ + struct tlist *tl = calloc(1, sizeof(*tl)); + tl->name = strdup(name); + ASN1_TAILQ_INIT(&tl->template); + return tl; +} + +static void +tlist_header(struct tlist *t, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + if (vasprintf(&t->header, fmt, ap) < 0 || t->header == NULL) + errx(1, "malloc"); + va_end(ap); +} + +static unsigned long +tlist_count(struct tlist *tl) +{ + unsigned int count = 0; + struct template *q; + + ASN1_TAILQ_FOREACH(q, &tl->template, members) { + count++; + } + return count; +} + +static void +tlist_add(struct tlist *tl) +{ + ASN1_TAILQ_INSERT_TAIL(&tlistmaster, tl, tmembers); +} + +static void +tlist_print(struct tlist *tl) +{ + struct template *q; + unsigned int i = 1; + FILE *f = get_code_file(); + + fprintf(f, "static const struct asn1_template asn1_%s[] = {\n", tl->name); + fprintf(f, "/* 0 */ %s,\n", tl->header); + ASN1_TAILQ_FOREACH(q, &tl->template, members) { + int last = (ASN1_TAILQ_LAST(&tl->template, templatehead) == q); + fprintf(f, "/* %lu */ %s%s\n", (unsigned long)i++, q->line, last ? "" : ","); + } + fprintf(f, "};\n"); +} + +static struct tlist * +tlist_find_by_name(const char *name) +{ + struct tlist *ql; + ASN1_TAILQ_FOREACH(ql, &tlistmaster, tmembers) { + if (strcmp(ql->name, name) == 0) + return ql; + } + return NULL; +} + +static int +tlist_cmp_name(const char *tname, const char *qname) +{ + struct tlist *tl = tlist_find_by_name(tname); + struct tlist *ql = tlist_find_by_name(qname); + return tlist_cmp(tl, ql); +} + +static int +tlist_cmp(const struct tlist *tl, const struct tlist *ql) +{ + int ret; + struct template *t, *q; + + ret = strcmp(tl->header, ql->header); + if (ret) return ret; + + q = ASN1_TAILQ_FIRST(&ql->template); + ASN1_TAILQ_FOREACH(t, &tl->template, members) { + if (q == NULL) return 1; + + if (t->ptr == NULL || q->ptr == NULL) { + ret = strcmp(t->line, q->line); + if (ret) return ret; + } else { + ret = strcmp(t->tt, q->tt); + if (ret) return ret; + + ret = strcmp(t->offset, q->offset); + if (ret) return ret; + + if ((ret = strcmp(t->ptr, q->ptr)) != 0 || + (ret = tlist_cmp_name(t->ptr, q->ptr)) != 0) + return ret; + } + q = ASN1_TAILQ_NEXT(q, members); + } + if (q != NULL) return -1; + return 0; +} + + +static const char * +tlist_find_dup(const struct tlist *tl) +{ + struct tlist *ql; + + ASN1_TAILQ_FOREACH(ql, &tlistmaster, tmembers) { + if (tlist_cmp(ql, tl) == 0) { + numdups++; + return ql->name; + } + } + return NULL; +} + + +/* + * + */ + +static struct template * +add_line(struct templatehead *t, const char *fmt, ...) +{ + struct template *q = calloc(1, sizeof(*q)); + va_list ap; + va_start(ap, fmt); + if (vasprintf(&q->line, fmt, ap) < 0 || q->line == NULL) + errx(1, "malloc"); + va_end(ap); + ASN1_TAILQ_INSERT_TAIL(t, q, members); + return q; +} + +static void +add_line_pointer(struct templatehead *t, + const char *ptr, + const char *offset, + const char *ttfmt, + ...) +{ + struct template *q; + va_list ap; + char *tt = NULL; + + va_start(ap, ttfmt); + if (vasprintf(&tt, ttfmt, ap) < 0 || tt == NULL) + errx(1, "malloc"); + va_end(ap); + + q = add_line(t, "{ %s, %s, asn1_%s }", tt, offset, ptr); + q->tt = tt; + q->offset = strdup(offset); + q->ptr = strdup(ptr); +} + +static int +use_extern(const Symbol *s) +{ + if (s->type == NULL) + return 1; + return 0; +} + +static int +is_struct(Type *t, int isstruct) +{ + size_t i; + + if (t->type == TType) + return 0; + if (t->type == TSequence || t->type == TSet || t->type == TChoice) + return 1; + if (t->type == TTag) + return is_struct(t->subtype, isstruct); + + for (i = 0; i < sizeof(types)/sizeof(types[0]); i++) { + if (t->type == types[i].type) { + if (types[i].is_struct == 0) + return 0; + else + break; + } + } + + return isstruct; +} + +static const Type * +compact_tag(const Type *t) +{ + while (t->type == TTag) + t = t->subtype; + return t; +} + +static void +template_members(struct templatehead *temp, const char *basetype, const char *name, const Type *t, int optional, int isstruct, int need_offset) +{ + char *poffset = NULL; + + if (optional && t->type != TTag && t->type != TType) + errx(1, "%s...%s is optional and not a (TTag or TType)", basetype, name); + + poffset = partial_offset(basetype, name, need_offset); + + switch (t->type) { + case TType: + if (use_extern(t->symbol)) { + add_line(temp, "{ A1_OP_TYPE_EXTERN %s, %s, &asn1_extern_%s}", + optional ? "|A1_FLAG_OPTIONAL" : "", + poffset, t->symbol->gen_name); + } else { + add_line_pointer(temp, t->symbol->gen_name, poffset, + "A1_OP_TYPE %s", optional ? "|A1_FLAG_OPTIONAL" : ""); + } + break; + case TInteger: { + char *itype = NULL; + + if (t->members) + itype = "IMEMBER"; + else if (t->range == NULL) + itype = "HEIM_INTEGER"; + else if (t->range->min == INT_MIN && t->range->max == INT_MAX) + itype = "INTEGER"; + else if (t->range->min == 0 && t->range->max == UINT_MAX) + itype = "UNSIGNED"; + else if (t->range->min == 0 && t->range->max == INT_MAX) + itype = "UNSIGNED"; + else + errx(1, "%s: unsupported range %d -> %d", + name, t->range->min, t->range->max); + + add_line(temp, "{ A1_PARSE_T(A1T_%s), %s, NULL }", itype, poffset); + break; + } + case TGeneralString: + add_line(temp, "{ A1_PARSE_T(A1T_GENERAL_STRING), %s, NULL }", poffset); + break; + case TTeletexString: + add_line(temp, "{ A1_PARSE_T(A1T_TELETEX_STRING), %s, NULL }", poffset); + break; + case TPrintableString: + add_line(temp, "{ A1_PARSE_T(A1T_PRINTABLE_STRING), %s, NULL }", poffset); + break; + case TOctetString: + add_line(temp, "{ A1_PARSE_T(A1T_OCTET_STRING), %s, NULL }", poffset); + break; + case TIA5String: + add_line(temp, "{ A1_PARSE_T(A1T_IA5_STRING), %s, NULL }", poffset); + break; + case TBMPString: + add_line(temp, "{ A1_PARSE_T(A1T_BMP_STRING), %s, NULL }", poffset); + break; + case TUniversalString: + add_line(temp, "{ A1_PARSE_T(A1T_UNIVERSAL_STRING), %s, NULL }", poffset); + break; + case TVisibleString: + add_line(temp, "{ A1_PARSE_T(A1T_VISIBLE_STRING), %s, NULL }", poffset); + break; + case TUTF8String: + add_line(temp, "{ A1_PARSE_T(A1T_UTF8_STRING), %s, NULL }", poffset); + break; + case TGeneralizedTime: + add_line(temp, "{ A1_PARSE_T(A1T_GENERALIZED_TIME), %s, NULL }", poffset); + break; + case TUTCTime: + add_line(temp, "{ A1_PARSE_T(A1T_UTC_TIME), %s, NULL }", poffset); + break; + case TBoolean: + add_line(temp, "{ A1_PARSE_T(A1T_BOOLEAN), %s, NULL }", poffset); + break; + case TOID: + add_line(temp, "{ A1_PARSE_T(A1T_OID), %s, NULL }", poffset); + break; + case TNull: + break; + case TBitString: { + struct templatehead template = ASN1_TAILQ_HEAD_INITIALIZER(template); + struct template *q; + Member *m; + size_t count = 0, i; + char *bname = NULL; + FILE *f = get_code_file(); + + if (ASN1_TAILQ_EMPTY(t->members)) { + add_line(temp, "{ A1_PARSE_T(A1T_HEIM_BIT_STRING), %s, NULL }", poffset); + break; + } + + if (asprintf(&bname, "bmember_%s_%p", name ? name : "", t) < 0 || bname == NULL) + errx(1, "malloc"); + output_name(bname); + + ASN1_TAILQ_FOREACH(m, t->members, members) { + add_line(&template, "{ 0, %d, 0 } /* %s */", m->val, m->gen_name); + } + + ASN1_TAILQ_FOREACH(q, &template, members) { + count++; + } + + fprintf(f, "static const struct asn1_template asn1_%s_%s[] = {\n", basetype, bname); + fprintf(f, "/* 0 */ { 0%s, sizeof(%s), ((void *)%lu) },\n", + rfc1510_bitstring ? "|A1_HBF_RFC1510" : "", + basetype, (unsigned long)count); + i = 1; + ASN1_TAILQ_FOREACH(q, &template, members) { + int last = (ASN1_TAILQ_LAST(&template, templatehead) == q); + fprintf(f, "/* %lu */ %s%s\n", (unsigned long)i++, q->line, last ? "" : ","); + } + fprintf(f, "};\n"); + + add_line(temp, "{ A1_OP_BMEMBER, %s, asn1_%s_%s }", poffset, basetype, bname); + + free(bname); + + break; + } + case TSequence: { + Member *m; + + ASN1_TAILQ_FOREACH(m, t->members, members) { + char *newbasename = NULL; + + if (m->ellipsis) + continue; + + if (name) { + if (asprintf(&newbasename, "%s_%s", basetype, name) < 0) + errx(1, "malloc"); + } else + newbasename = strdup(basetype); + if (newbasename == NULL) + errx(1, "malloc"); + + template_members(temp, newbasename, m->gen_name, m->type, m->optional, isstruct, 1); + + free(newbasename); + } + + break; + } + case TTag: { + char *tname = NULL, *elname = NULL; + const char *sename, *dupname; + int subtype_is_struct = is_struct(t->subtype, isstruct); + + if (subtype_is_struct) + sename = basetype; + else + sename = symbol_name(basetype, t->subtype); + + if (asprintf(&tname, "tag_%s_%p", name ? name : "", t) < 0 || tname == NULL) + errx(1, "malloc"); + output_name(tname); + + if (asprintf(&elname, "%s_%s", basetype, tname) < 0 || elname == NULL) + errx(1, "malloc"); + + generate_template_type(elname, &dupname, NULL, sename, name, + t->subtype, 0, subtype_is_struct, 0); + + add_line_pointer(temp, dupname, poffset, + "A1_TAG_T(%s,%s,%s)%s", + classname(t->tag.tagclass), + is_primitive_type(t->subtype->type) ? "PRIM" : "CONS", + valuename(t->tag.tagclass, t->tag.tagvalue), + optional ? "|A1_FLAG_OPTIONAL" : ""); + + free(tname); + free(elname); + + break; + } + case TSetOf: + case TSequenceOf: { + const char *type = NULL, *tname, *dupname; + char *sename = NULL, *elname = NULL; + int subtype_is_struct = is_struct(t->subtype, 0); + + if (name && subtype_is_struct) { + tname = "seofTstruct"; + if (asprintf(&sename, "%s_%s_val", basetype, name) < 0) + errx(1, "malloc"); + } else if (subtype_is_struct) { + tname = "seofTstruct"; + if (asprintf(&sename, "%s_val", symbol_name(basetype, t->subtype)) < 0) + errx(1, "malloc"); + } else { + if (name) + tname = name; + else + tname = "seofTstruct"; + sename = strdup(symbol_name(basetype, t->subtype)); + } + if (sename == NULL) + errx(1, "malloc"); + + if (t->type == TSetOf) type = "A1_OP_SETOF"; + else if (t->type == TSequenceOf) type = "A1_OP_SEQOF"; + else abort(); + + if (asprintf(&elname, "%s_%s_%p", basetype, tname, t) < 0 || elname == NULL) + errx(1, "malloc"); + + generate_template_type(elname, &dupname, NULL, sename, NULL, t->subtype, + 0, subtype_is_struct, need_offset); + + add_line(temp, "{ %s, %s, asn1_%s }", type, poffset, dupname); + free(sename); + break; + } + case TChoice: { + struct templatehead template = ASN1_TAILQ_HEAD_INITIALIZER(template); + struct template *q; + size_t count = 0, i; + char *tname = NULL; + FILE *f = get_code_file(); + Member *m; + int ellipsis = 0; + char *e; + + if (asprintf(&tname, "asn1_choice_%s_%s%x", + basetype, name ? name : "", (unsigned int)(uintptr_t)t) < 0 || tname == NULL) + errx(1, "malloc"); + + ASN1_TAILQ_FOREACH(m, t->members, members) { + const char *dupname; + char *elname = NULL; + char *newbasename = NULL; + int subtype_is_struct; + + if (m->ellipsis) { + ellipsis = 1; + continue; + } + + subtype_is_struct = is_struct(m->type, 0); + + if (asprintf(&elname, "%s_choice_%s", basetype, m->gen_name) < 0 || elname == NULL) + errx(1, "malloc"); + + if (subtype_is_struct) { + if (asprintf(&newbasename, "%s_%s", basetype, m->gen_name) < 0) + errx(1, "malloc"); + } else + newbasename = strdup(basetype); + + if (newbasename == NULL) + errx(1, "malloc"); + + + generate_template_type(elname, &dupname, NULL, + symbol_name(newbasename, m->type), + NULL, m->type, 0, subtype_is_struct, 1); + + add_line(&template, "{ %s, offsetof(%s%s, u.%s), asn1_%s }", + m->label, isstruct ? "struct " : "", + basetype, m->gen_name, + dupname); + + free(elname); + free(newbasename); + } + + e = NULL; + if (ellipsis) { + if (asprintf(&e, "offsetof(%s%s, u.asn1_ellipsis)", isstruct ? "struct " : "", basetype) < 0 || e == NULL) + errx(1, "malloc"); + } + + ASN1_TAILQ_FOREACH(q, &template, members) { + count++; + } + + fprintf(f, "static const struct asn1_template %s[] = {\n", tname); + fprintf(f, "/* 0 */ { %s, offsetof(%s%s, element), ((void *)%lu) },\n", + e ? e : "0", isstruct ? "struct " : "", basetype, (unsigned long)count); + i = 1; + ASN1_TAILQ_FOREACH(q, &template, members) { + int last = (ASN1_TAILQ_LAST(&template, templatehead) == q); + fprintf(f, "/* %lu */ %s%s\n", (unsigned long)i++, q->line, last ? "" : ","); + } + fprintf(f, "};\n"); + + add_line(temp, "{ A1_OP_CHOICE, %s, %s }", poffset, tname); + + free(e); + free(tname); + break; + } + default: + abort (); + } + if (poffset) + free(poffset); +} + +static void +gen_extern_stubs(FILE *f, const char *name) +{ + fprintf(f, + "static const struct asn1_type_func asn1_extern_%s = {\n" + "\t(asn1_type_encode)encode_%s,\n" + "\t(asn1_type_decode)decode_%s,\n" + "\t(asn1_type_length)length_%s,\n" + "\t(asn1_type_copy)copy_%s,\n" + "\t(asn1_type_release)free_%s,\n" + "\tsizeof(%s)\n" + "};\n", + name, name, name, name, + name, name, name); +} + +void +gen_template_import(const Symbol *s) +{ + FILE *f = get_code_file(); + + if (template_flag == 0) + return; + + gen_extern_stubs(f, s->gen_name); +} + +static void +generate_template_type(const char *varname, + const char **dupname, + const char *symname, + const char *basetype, + const char *name, + Type *type, + int optional, int isstruct, int need_offset) +{ + struct tlist *tl; + const char *dup; + int have_ellipsis = 0; + + tl = tlist_new(varname); + + template_members(&tl->template, basetype, name, type, optional, isstruct, need_offset); + + /* if its a sequence or set type, check if there is a ellipsis */ + if (type->type == TSequence || type->type == TSet) { + Member *m; + ASN1_TAILQ_FOREACH(m, type->members, members) { + if (m->ellipsis) + have_ellipsis = 1; + } + } + + if (ASN1_TAILQ_EMPTY(&tl->template) && compact_tag(type)->type != TNull) + errx(1, "Tag %s...%s with no content ?", basetype, name ? name : ""); + + tlist_header(tl, "{ 0%s%s, sizeof(%s%s), ((void *)%lu) }", + (symname && preserve_type(symname)) ? "|A1_HF_PRESERVE" : "", + have_ellipsis ? "|A1_HF_ELLIPSIS" : "", + isstruct ? "struct " : "", basetype, tlist_count(tl)); + + dup = tlist_find_dup(tl); + if (dup) { + if (strcmp(dup, tl->name) == 0) + errx(1, "found dup of ourself"); + *dupname = dup; + } else { + *dupname = tl->name; + tlist_print(tl); + tlist_add(tl); + } +} + + +void +generate_template(const Symbol *s) +{ + FILE *f = get_code_file(); + const char *dupname; + + if (use_extern(s)) { + gen_extern_stubs(f, s->gen_name); + return; + } + + generate_template_type(s->gen_name, &dupname, s->name, s->gen_name, NULL, s->type, 0, 0, 1); + + fprintf(f, + "\n" + "int\n" + "decode_%s(const unsigned char *p, size_t len, %s *data, size_t *size)\n" + "{\n" + " return _asn1_decode_top(asn1_%s, 0|%s, p, len, data, size);\n" + "}\n" + "\n", + s->gen_name, + s->gen_name, + dupname, + support_ber ? "A1_PF_ALLOW_BER" : "0"); + + fprintf(f, + "\n" + "int\n" + "encode_%s(unsigned char *p, size_t len, const %s *data, size_t *size)\n" + "{\n" + " return _asn1_encode(asn1_%s, p, len, data, size);\n" + "}\n" + "\n", + s->gen_name, + s->gen_name, + dupname); + + fprintf(f, + "\n" + "size_t\n" + "length_%s(const %s *data)\n" + "{\n" + " return _asn1_length(asn1_%s, data);\n" + "}\n" + "\n", + s->gen_name, + s->gen_name, + dupname); + + + fprintf(f, + "\n" + "void\n" + "free_%s(%s *data)\n" + "{\n" + " _asn1_free(asn1_%s, data);\n" + "}\n" + "\n", + s->gen_name, + s->gen_name, + dupname); + + fprintf(f, + "\n" + "int\n" + "copy_%s(const %s *from, %s *to)\n" + "{\n" + " return _asn1_copy_top(asn1_%s, from, to);\n" + "}\n" + "\n", + s->gen_name, + s->gen_name, + s->gen_name, + dupname); +} diff --git a/crypto/heimdal/lib/asn1/hash.c b/crypto/heimdal/lib/asn1/hash.c index eeb6b6d63dc..73b6cf97c42 100644 --- a/crypto/heimdal/lib/asn1/hash.c +++ b/crypto/heimdal/lib/asn1/hash.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* @@ -37,7 +37,7 @@ #include "gen_locl.h" -RCSID("$Id: hash.c 17016 2006-04-07 22:16:00Z lha $"); +RCSID("$Id$"); static Hashentry *_search(Hashtab * htab, /* The hash table */ void *ptr); /* And key */ diff --git a/crypto/heimdal/lib/asn1/hash.h b/crypto/heimdal/lib/asn1/hash.h index 10d8ce99b0b..f37bdbb8496 100644 --- a/crypto/heimdal/lib/asn1/hash.h +++ b/crypto/heimdal/lib/asn1/hash.h @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* * hash.h. Header file for hash table functions */ -/* $Id: hash.h 7464 1999-12-02 17:05:13Z joda $ */ +/* $Id$ */ struct hashentry { /* Entry in bucket */ struct hashentry **prev; @@ -56,7 +56,7 @@ typedef struct hashtab Hashtab; /* prototypes */ -Hashtab *hashtabnew(int sz, +Hashtab *hashtabnew(int sz, int (*cmp)(void *, void *), unsigned (*hash)(void *)); /* Make new hash table */ diff --git a/crypto/heimdal/lib/asn1/heim_asn1.h b/crypto/heimdal/lib/asn1/heim_asn1.h index afee6f42188..4eeafc20f94 100644 --- a/crypto/heimdal/lib/asn1/heim_asn1.h +++ b/crypto/heimdal/lib/asn1/heim_asn1.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifndef __HEIM_ANY_H__ diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/krb5.asn1 similarity index 72% rename from crypto/heimdal/lib/asn1/k5.asn1 rename to crypto/heimdal/lib/asn1/krb5.asn1 index 18f1e1541b5..568fe0cd04b 100644 --- a/crypto/heimdal/lib/asn1/k5.asn1 +++ b/crypto/heimdal/lib/asn1/krb5.asn1 @@ -1,7 +1,79 @@ --- $Id: k5.asn1 21965 2007-10-18 18:24:36Z lha $ +-- $Id$ KERBEROS5 DEFINITIONS ::= BEGIN +EXPORTS + AD-AND-OR, + AD-IF-RELEVANT, + AD-KDCIssued, + AD-LoginAlias, + AP-REP, + AP-REQ, + AS-REP, + AS-REQ, + AUTHDATA-TYPE, + Authenticator, + AuthorizationData, + AuthorizationDataElement, + CKSUMTYPE, + ChangePasswdDataMS, + Checksum, + ENCTYPE, + ETYPE-INFO, + ETYPE-INFO-ENTRY, + ETYPE-INFO2, + ETYPE-INFO2-ENTRY, + EncAPRepPart, + EncASRepPart, + EncKDCRepPart, + EncKrbCredPart, + EncKrbPrivPart, + EncTGSRepPart, + EncTicketPart, + EncryptedData, + EncryptionKey, + EtypeList, + HostAddress, + HostAddresses, + KDC-REQ-BODY, + KDCOptions, + KDC-REP, + KRB-CRED, + KRB-ERROR, + KRB-PRIV, + KRB-SAFE, + KRB-SAFE-BODY, + KRB5SignedPath, + KRB5SignedPathData, + KRB5SignedPathPrincipals, + KerberosString, + KerberosTime, + KrbCredInfo, + LR-TYPE, + LastReq, + METHOD-DATA, + NAME-TYPE, + PA-ClientCanonicalized, + PA-ClientCanonicalizedNames, + PA-DATA, + PA-ENC-TS-ENC, + PA-PAC-REQUEST, + PA-S4U2Self, + PA-SERVER-REFERRAL-DATA, + PA-ServerReferralData, + PA-SvrReferralData, + PADATA-TYPE, + Principal, + PrincipalName, + Principals, + Realm, + TGS-REP, + TGS-REQ, + Ticket, + TicketFlags, + TransitedEncoding, + TypedData + ; NAME-TYPE ::= INTEGER { KRB5_NT_UNKNOWN(0), -- Name type not known @@ -13,9 +85,11 @@ NAME-TYPE ::= INTEGER { KRB5_NT_X500_PRINCIPAL(6), -- PKINIT KRB5_NT_SMTP_NAME(7), -- Name in form of SMTP email name KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN + KRB5_NT_WELLKNOWN(11), -- Wellknown KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name - KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID + KRB5_NT_MS_PRINCIPAL_AND_ID(-129), -- NT style name and SID + KRB5_NT_NTLM(-1200) -- NTLM name, realm is domain } -- message types @@ -64,6 +138,10 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-GET-FROM-TYPED-DATA(22), KRB5-PADATA-SAM-ETYPE-INFO(23), KRB5-PADATA-SERVER-REFERRAL(25), + KRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov) + KRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com) + KRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com) + KRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT @@ -71,12 +149,31 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com - KRB5-PADATA-S4U2SELF(129), - KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to - -- tell KDC that is supports + KRB5-PADATA-FOR-USER(129), -- MS-KILE + KRB5-PADATA-FOR-X509-USER(130), -- MS-KILE + KRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE + KRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE + KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to + -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP - KRB5-PADATA-CLIENT-CANONICALIZED(133) -- + KRB5-PADATA-CLIENT-CANONICALIZED(133), -- referals + KRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework + KRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework + KRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework + KRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework + KRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework + KRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework + KRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com) + KRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com) + KBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com) + KRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com) + KRB5-PADATA-EPAK-AS-REQ(145), + KRB5-PADATA-EPAK-AS-REP(146), + KRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon + KRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u + KRB5-PADATA-REQ-ENC-PA-REP(149), -- + KRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE } AUTHDATA-TYPE ::= INTEGER { @@ -94,7 +191,9 @@ AUTHDATA-TYPE ::= INTEGER { KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), KRB5-AUTHDATA-WIN2K-PAC(128), KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only - KRB5-AUTHDATA-SIGNTICKET(-17) + KRB5-AUTHDATA-SIGNTICKET-OLDER(-17), + KRB5-AUTHDATA-SIGNTICKET-OLD(142), + KRB5-AUTHDATA-SIGNTICKET(512) } -- checksumtypes @@ -122,32 +221,32 @@ CKSUMTYPE ::= INTEGER { --enctypes ENCTYPE ::= INTEGER { - ETYPE_NULL(0), - ETYPE_DES_CBC_CRC(1), - ETYPE_DES_CBC_MD4(2), - ETYPE_DES_CBC_MD5(3), - ETYPE_DES3_CBC_MD5(5), - ETYPE_OLD_DES3_CBC_SHA1(7), - ETYPE_SIGN_DSA_GENERATE(8), - ETYPE_ENCRYPT_RSA_PRIV(9), - ETYPE_ENCRYPT_RSA_PUB(10), - ETYPE_DES3_CBC_SHA1(16), -- with key derivation - ETYPE_AES128_CTS_HMAC_SHA1_96(17), - ETYPE_AES256_CTS_HMAC_SHA1_96(18), - ETYPE_ARCFOUR_HMAC_MD5(23), - ETYPE_ARCFOUR_HMAC_MD5_56(24), - ETYPE_ENCTYPE_PK_CROSS(48), + KRB5_ENCTYPE_NULL(0), + KRB5_ENCTYPE_DES_CBC_CRC(1), + KRB5_ENCTYPE_DES_CBC_MD4(2), + KRB5_ENCTYPE_DES_CBC_MD5(3), + KRB5_ENCTYPE_DES3_CBC_MD5(5), + KRB5_ENCTYPE_OLD_DES3_CBC_SHA1(7), + KRB5_ENCTYPE_SIGN_DSA_GENERATE(8), + KRB5_ENCTYPE_ENCRYPT_RSA_PRIV(9), + KRB5_ENCTYPE_ENCRYPT_RSA_PUB(10), + KRB5_ENCTYPE_DES3_CBC_SHA1(16), -- with key derivation + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96(17), + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96(18), + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5(23), + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56(24), + KRB5_ENCTYPE_ENCTYPE_PK_CROSS(48), -- some "old" windows types - ETYPE_ARCFOUR_MD4(-128), - ETYPE_ARCFOUR_HMAC_OLD(-133), - ETYPE_ARCFOUR_HMAC_OLD_EXP(-135), + KRB5_ENCTYPE_ARCFOUR_MD4(-128), + KRB5_ENCTYPE_ARCFOUR_HMAC_OLD(-133), + KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP(-135), -- these are for Heimdal internal use - ETYPE_DES_CBC_NONE(-0x1000), - ETYPE_DES3_CBC_NONE(-0x1001), - ETYPE_DES_CFB64_NONE(-0x1002), - ETYPE_DES_PCBC_NONE(-0x1003), - ETYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh@padl.com - ETYPE_CRAM_MD5_NONE(-0x1005) -- private use, lukeh@padl.com + KRB5_ENCTYPE_DES_CBC_NONE(-0x1000), + KRB5_ENCTYPE_DES3_CBC_NONE(-0x1001), + KRB5_ENCTYPE_DES_CFB64_NONE(-0x1002), + KRB5_ENCTYPE_DES_PCBC_NONE(-0x1003), + KRB5_ENCTYPE_DIGEST_MD5_NONE(-0x1004), -- private use, lukeh@padl.com + KRB5_ENCTYPE_CRAM_MD5_NONE(-0x1005) -- private use, lukeh@padl.com } @@ -172,6 +271,8 @@ Principal ::= SEQUENCE { realm[1] Realm } +Principals ::= SEQUENCE OF Principal + HostAddress ::= SEQUENCE { addr-type[0] krb5int32, address[1] OCTET STRING @@ -218,7 +319,8 @@ TicketFlags ::= BIT STRING { hw-authent(11), transited-policy-checked(12), ok-as-delegate(13), - anonymous(14) + anonymous(14), + enc-pa-rep(15) } KDCOptions ::= BIT STRING { @@ -229,11 +331,7 @@ KDCOptions ::= BIT STRING { proxy(4), allow-postdate(5), postdated(6), - unused7(7), renewable(8), - unused9(9), - unused10(10), - unused11(11), request-anonymous(14), canonicalize(15), constrained-delegation(16), -- ms extension @@ -263,7 +361,7 @@ LastReq ::= SEQUENCE OF SEQUENCE { EncryptedData ::= SEQUENCE { etype[0] ENCTYPE, -- EncryptionType - kvno[1] krb5int32 OPTIONAL, + kvno[1] krb5uint32 OPTIONAL, cipher[2] OCTET STRING -- ciphertext } @@ -385,7 +483,7 @@ PA-ENC-TS-ENC ::= SEQUENCE { -- draft-brezak-win2k-krb-authz-01 PA-PAC-REQUEST ::= SEQUENCE { - include-pac[0] BOOLEAN -- Indicates whether a PAC + include-pac[0] BOOLEAN -- Indicates whether a PAC -- should be included or not } @@ -527,7 +625,7 @@ ChangePasswdDataMS ::= SEQUENCE { targrealm[2] Realm OPTIONAL } -EtypeList ::= SEQUENCE OF krb5int32 +EtypeList ::= SEQUENCE OF ENCTYPE -- the client's proposed enctype list in -- decreasing preference order, favorite choice first @@ -616,36 +714,37 @@ PA-S4U2Self ::= SEQUENCE { auth[3] GeneralString } -KRB5SignedPathPrincipals ::= SEQUENCE OF Principal - -- never encoded on the wire, just used to checksum over KRB5SignedPathData ::= SEQUENCE { - encticket[0] EncTicketPart, - delegated[1] KRB5SignedPathPrincipals OPTIONAL + client[0] Principal OPTIONAL, + authtime[1] KerberosTime, + delegated[2] Principals OPTIONAL, + method_data[3] METHOD-DATA OPTIONAL } KRB5SignedPath ::= SEQUENCE { -- DERcoded KRB5SignedPathData - -- krbtgt key (etype), KeyUsage = XXX + -- krbtgt key (etype), KeyUsage = XXX etype[0] ENCTYPE, cksum[1] Checksum, -- srvs delegated though - delegated[2] KRB5SignedPathPrincipals OPTIONAL + delegated[2] Principals OPTIONAL, + method_data[3] METHOD-DATA OPTIONAL } PA-ClientCanonicalizedNames ::= SEQUENCE{ - requested-name [0] PrincipalName, - real-name [1] PrincipalName + requested-name [0] PrincipalName, + mapped-name [1] PrincipalName } PA-ClientCanonicalized ::= SEQUENCE { - names [0] PA-ClientCanonicalizedNames, - canon-checksum [1] Checksum + names [0] PA-ClientCanonicalizedNames, + canon-checksum [1] Checksum } AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD -- - login-alias [0] PrincipalName, - checksum [1] Checksum + login-alias [0] PrincipalName, + checksum [1] Checksum } -- old ms referral @@ -654,6 +753,73 @@ PA-SvrReferralData ::= SEQUENCE { referred-realm [0] Realm } +PA-SERVER-REFERRAL-DATA ::= EncryptedData + +PA-ServerReferralData ::= SEQUENCE { + referred-realm [0] Realm OPTIONAL, + true-principal-name [1] PrincipalName OPTIONAL, + requested-principal-name [2] PrincipalName OPTIONAL, + referral-valid-until [3] KerberosTime OPTIONAL, + ... +} + +FastOptions ::= BIT STRING { + reserved(0), + hide-client-names(1), + kdc-follow--referrals(16) +} + +KrbFastReq ::= SEQUENCE { + fast-options [0] FastOptions, + padata [1] SEQUENCE OF PA-DATA, + req-body [2] KDC-REQ-BODY, + ... +} + +KrbFastArmor ::= SEQUENCE { + armor-type [0] krb5int32, + armor-value [1] OCTET STRING, + ... +} + +KrbFastArmoredReq ::= SEQUENCE { + armor [0] KrbFastArmor OPTIONAL, + req-checksum [1] Checksum, + enc-fast-req [2] EncryptedData -- KrbFastReq -- +} + +PA-FX-FAST-REQUEST ::= CHOICE { + armored-data [0] KrbFastArmoredReq, + ... +} + +KrbFastFinished ::= SEQUENCE { + timestamp [0] KerberosTime, + usec [1] krb5int32, + crealm [2] Realm, + cname [3] PrincipalName, + checksum [4] Checksum, + ticket-checksum [5] Checksum, + ... +} + +KrbFastResponse ::= SEQUENCE { + padata [0] SEQUENCE OF PA-DATA, + rep-key [1] EncryptionKey OPTIONAL, + finished [2] KrbFastFinished OPTIONAL, + ... +} + +KrbFastArmoredRep ::= SEQUENCE { + enc-fast-rep [0] EncryptedData, -- KrbFastResponse -- + ... +} + +PA-FX-FAST-REPLY ::= CHOICE { + armored-data [0] KrbFastArmoredRep, + ... +} + END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/crypto/heimdal/lib/asn1/krb5.opt b/crypto/heimdal/lib/asn1/krb5.opt new file mode 100644 index 00000000000..1d6d5e8989f --- /dev/null +++ b/crypto/heimdal/lib/asn1/krb5.opt @@ -0,0 +1,6 @@ +--encode-rfc1510-bit-string +--sequence=Principals +--sequence=AuthorizationData +--sequence=METHOD-DATA +--sequence=ETYPE-INFO +--sequence=ETYPE-INFO2 diff --git a/crypto/heimdal/lib/asn1/kx509.asn1 b/crypto/heimdal/lib/asn1/kx509.asn1 index fc6a696dab3..14ebf50ecdb 100644 --- a/crypto/heimdal/lib/asn1/kx509.asn1 +++ b/crypto/heimdal/lib/asn1/kx509.asn1 @@ -1,8 +1,19 @@ --- $Id: kx509.asn1 19546 2006-12-28 21:05:23Z lha $ +-- $Id$ KX509 DEFINITIONS ::= BEGIN +KX509-ERROR-CODE ::= INTEGER { + KX509-STATUS-GOOD(0), + KX509-STATUS-CLIENT-BAD(1), + KX509-STATUS-CLIENT-FIX(2), + KX509-STATUS-CLIENT-TEMP(3), + KX509-STATUS-SERVER-BAD(4), + KX509-STATUS-SERVER-TEMP(5), + -- 6 is used internally in the umich client, avoid that + KX509-STATUS-SERVER-KEY(7) +} + Kx509Request ::= SEQUENCE { authenticator OCTET STRING, pk-hash OCTET STRING, diff --git a/crypto/heimdal/lib/asn1/lex.c b/crypto/heimdal/lib/asn1/lex.c index 812bce16acb..3f2dc92e277 100644 --- a/crypto/heimdal/lib/asn1/lex.c +++ b/crypto/heimdal/lib/asn1/lex.c @@ -8,7 +8,7 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 +#define YY_FLEX_SUBMINOR_VERSION 35 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -30,7 +30,7 @@ /* C99 systems have . Non-C99 systems may or may not. */ -#if __STDC_VERSION__ >= 199901L +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. @@ -93,11 +93,12 @@ typedef unsigned int flex_uint32_t; #else /* ! __cplusplus */ -#if __STDC__ +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) #define YY_USE_CONST -#endif /* __STDC__ */ +#endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST @@ -151,7 +152,12 @@ typedef unsigned int flex_uint32_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif -extern int yyleng; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + +extern yy_size_t yyleng; extern FILE *yyin, *yyout; @@ -177,16 +183,6 @@ extern FILE *yyin, *yyout; #define unput(c) yyunput( c, (yytext_ptr) ) -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -204,7 +200,7 @@ struct yy_buffer_state /* Number of characters read into yy_ch_buf, not including EOB * characters. */ - int yy_n_chars; + yy_size_t yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to @@ -274,8 +270,8 @@ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; -static int yy_n_chars; /* number of characters read into yy_ch_buf */ -int yyleng; +static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ +yy_size_t yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; @@ -303,7 +299,7 @@ static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); @@ -794,39 +790,39 @@ char *yytext; #line 1 "lex.l" #line 2 "lex.l" /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include @@ -840,7 +836,7 @@ char *yytext; #endif #undef ECHO #include "symbol.h" -#include "parse.h" +#include "asn1parse.h" #include "lex.h" #include "gen_locl.h" @@ -851,7 +847,7 @@ static unsigned lineno = 1; static void unterminated(const char *, unsigned); /* This is for broken old lexes (solaris 10 and hpux) */ -#line 855 "lex.c" +#line 851 "lex.c" #define INITIAL 0 @@ -869,6 +865,35 @@ static void unterminated(const char *, unsigned); static int yy_init_globals (void ); +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int yylex_destroy (void ); + +int yyget_debug (void ); + +void yyset_debug (int debug_flag ); + +YY_EXTRA_TYPE yyget_extra (void ); + +void yyset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *yyget_in (void ); + +void yyset_in (FILE * in_str ); + +FILE *yyget_out (void ); + +void yyset_out (FILE * out_str ); + +yy_size_t yyget_leng (void ); + +char *yyget_text (void ); + +int yyget_lineno (void ); + +void yyset_lineno (int line_number ); + /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -911,7 +936,7 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -922,7 +947,7 @@ static int input (void ); if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ - size_t n; \ + yy_size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -1006,7 +1031,7 @@ YY_DECL #line 68 "lex.l" -#line 1010 "lex.c" +#line 1035 "lex.c" if ( !(yy_init) ) { @@ -1512,7 +1537,7 @@ YY_RULE_SETUP case 85: YY_RULE_SETUP #line 153 "lex.l" -{ +{ int c, start_lineno = lineno; int f = 0; while((c = input()) != EOF) { @@ -1535,7 +1560,7 @@ YY_RULE_SETUP case 86: YY_RULE_SETUP #line 172 "lex.l" -{ +{ int c, start_lineno = lineno; int level = 1; int seen_star = 0; @@ -1562,7 +1587,7 @@ YY_RULE_SETUP level++; seen_star = seen_slash = 0; continue; - } + } seen_star = 1; continue; } @@ -1579,14 +1604,14 @@ YY_RULE_SETUP case 87: YY_RULE_SETUP #line 212 "lex.l" -{ +{ int start_lineno = lineno; int c; char buf[1024]; char *p = buf; int f = 0; int skip_ws = 0; - + while((c = input()) != EOF) { if(isspace(c) && skip_ws) { if(c == '\n') @@ -1594,7 +1619,7 @@ YY_RULE_SETUP continue; } skip_ws = 0; - + if(c == '"') { if(f) { *p++ = '"'; @@ -1621,7 +1646,7 @@ YY_RULE_SETUP *p++ = '\0'; fprintf(stderr, "string -- %s\n", buf); yylval.name = estrdup(buf); - return STRING; + return STRING; } YY_BREAK case 88: @@ -1630,8 +1655,8 @@ YY_RULE_SETUP { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, &e, 0); - if(e == y) - error_message("malformed constant (%s)", yytext); + if(e == y) + lex_error_message("malformed constant (%s)", yytext); else return NUMBER; } @@ -1668,14 +1693,14 @@ YY_RULE_SETUP case 94: YY_RULE_SETUP #line 273 "lex.l" -{ error_message("Ignoring char(%c)\n", *yytext); } +{ lex_error_message("Ignoring char(%c)\n", *yytext); } YY_BREAK case 95: YY_RULE_SETUP #line 274 "lex.l" ECHO; YY_BREAK -#line 1679 "lex.c" +#line 1704 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1861,7 +1886,7 @@ static int yy_get_next_buffer (void) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) @@ -1875,7 +1900,7 @@ static int yy_get_next_buffer (void) if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1930,6 +1955,14 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; @@ -2008,7 +2041,7 @@ static int yy_get_next_buffer (void) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; + register yy_size_t number_to_move = (yy_n_chars) + 2; register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = @@ -2057,7 +2090,7 @@ static int yy_get_next_buffer (void) else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); + yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) @@ -2333,7 +2366,7 @@ void yypop_buffer_state (void) */ static void yyensure_buffer_stack (void) { - int num_to_alloc; + yy_size_t num_to_alloc; if (!(yy_buffer_stack)) { @@ -2345,7 +2378,9 @@ static void yyensure_buffer_stack (void) (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); - + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; @@ -2363,6 +2398,8 @@ static void yyensure_buffer_stack (void) ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -2407,7 +2444,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use @@ -2426,12 +2463,11 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) * * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) { YY_BUFFER_STATE b; char *buf; - yy_size_t n; - int i; + yy_size_t n, i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -2513,7 +2549,7 @@ FILE *yyget_out (void) /** Get the length of the current token. * */ -int yyget_leng (void) +yy_size_t yyget_leng (void) { return yyleng; } @@ -2667,14 +2703,14 @@ void yyfree (void * ptr ) #ifndef yywrap /* XXX */ int -yywrap () +yywrap () { return 1; } #endif void -error_message (const char *format, ...) +lex_error_message (const char *format, ...) { va_list args; @@ -2688,6 +2724,6 @@ error_message (const char *format, ...) static void unterminated(const char *type, unsigned start_lineno) { - error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); + lex_error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } diff --git a/crypto/heimdal/lib/asn1/lex.h b/crypto/heimdal/lib/asn1/lex.h index 7aececf6d7a..1ee53417899 100644 --- a/crypto/heimdal/lib/asn1/lex.h +++ b/crypto/heimdal/lib/asn1/lex.h @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: lex.h 15617 2005-07-12 06:27:42Z lha $ */ +/* $Id$ */ #include -void error_message (const char *, ...) +void lex_error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); extern int error_flag; diff --git a/crypto/heimdal/lib/asn1/lex.l b/crypto/heimdal/lib/asn1/lex.l index ec744220e9c..2d32020266c 100644 --- a/crypto/heimdal/lib/asn1/lex.l +++ b/crypto/heimdal/lib/asn1/lex.l @@ -1,38 +1,38 @@ %{ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */ +/* $Id$ */ #ifdef HAVE_CONFIG_H #include @@ -46,7 +46,7 @@ #endif #undef ECHO #include "symbol.h" -#include "parse.h" +#include "asn1parse.h" #include "lex.h" #include "gen_locl.h" @@ -150,7 +150,7 @@ WITH { return kw_WITH; } "[" { return *yytext; } "]" { return *yytext; } ::= { return EEQUAL; } --- { +-- { int c, start_lineno = lineno; int f = 0; while((c = input()) != EOF) { @@ -169,7 +169,7 @@ WITH { return kw_WITH; } if(c == EOF) unterminated("comment", start_lineno); } -\/\* { +\/\* { int c, start_lineno = lineno; int level = 1; int seen_star = 0; @@ -196,7 +196,7 @@ WITH { return kw_WITH; } level++; seen_star = seen_slash = 0; continue; - } + } seen_star = 1; continue; } @@ -209,14 +209,14 @@ WITH { return kw_WITH; } if(c == EOF) unterminated("comment", start_lineno); } -"\"" { +"\"" { int start_lineno = lineno; int c; char buf[1024]; char *p = buf; int f = 0; int skip_ws = 0; - + while((c = input()) != EOF) { if(isspace(c) && skip_ws) { if(c == '\n') @@ -224,7 +224,7 @@ WITH { return kw_WITH; } continue; } skip_ws = 0; - + if(c == '"') { if(f) { *p++ = '"'; @@ -251,14 +251,14 @@ WITH { return kw_WITH; } *p++ = '\0'; fprintf(stderr, "string -- %s\n", buf); yylval.name = estrdup(buf); - return STRING; + return STRING; } -?0x[0-9A-Fa-f]+|-?[0-9]+ { char *e, *y = yytext; yylval.constant = strtol((const char *)yytext, &e, 0); - if(e == y) - error_message("malformed constant (%s)", yytext); + if(e == y) + lex_error_message("malformed constant (%s)", yytext); else return NUMBER; } @@ -270,19 +270,19 @@ WITH { return kw_WITH; } \n { ++lineno; } \.\.\. { return ELLIPSIS; } \.\. { return RANGE; } -. { error_message("Ignoring char(%c)\n", *yytext); } +. { lex_error_message("Ignoring char(%c)\n", *yytext); } %% #ifndef yywrap /* XXX */ int -yywrap () +yywrap () { return 1; } #endif void -error_message (const char *format, ...) +lex_error_message (const char *format, ...) { va_list args; @@ -296,5 +296,5 @@ error_message (const char *format, ...) static void unterminated(const char *type, unsigned start_lineno) { - error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); + lex_error_message("unterminated %s, possibly started on line %d\n", type, start_lineno); } diff --git a/crypto/heimdal/lib/asn1/main.c b/crypto/heimdal/lib/asn1/main.c index 3b4a8122cad..f22dc8792c2 100644 --- a/crypto/heimdal/lib/asn1/main.c +++ b/crypto/heimdal/lib/asn1/main.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "gen_locl.h" #include #include "lex.h" -RCSID("$Id: main.c 20858 2007-06-03 18:56:41Z lha $"); +RCSID("$Id$"); extern FILE *yyin; @@ -62,15 +62,22 @@ seq_type(const char *p) return 0; } -int dce_fix; +int support_ber; +int template_flag; int rfc1510_bitstring; +int one_code_file; +char *option_file; int version_flag; int help_flag; struct getargs args[] = { + { "template", 0, arg_flag, &template_flag }, { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, - { "decode-dce-ber", 0, arg_flag, &dce_fix }, + { "decode-dce-ber", 0, arg_flag, &support_ber }, + { "support-ber", 0, arg_flag, &support_ber }, { "preserve-binary", 0, arg_strings, &preserve }, { "sequence", 0, arg_strings, &seq }, + { "one-code-file", 0, arg_flag, &one_code_file }, + { "option-file", 0, arg_string, &option_file }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -92,6 +99,8 @@ main(int argc, char **argv) const char *file; const char *name = NULL; int optidx = 0; + char **arg = NULL; + size_t len = 0, i; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) @@ -121,7 +130,62 @@ main(int argc, char **argv) name = argv[optidx + 1]; } + /* + * Parse extra options file + */ + if (option_file) { + char buf[1024]; + FILE *opt; + + opt = fopen(option_file, "r"); + if (opt == NULL) { + perror("open"); + exit(1); + } + + arg = calloc(2, sizeof(arg[0])); + if (arg == NULL) { + perror("calloc"); + exit(1); + } + arg[0] = option_file; + arg[1] = NULL; + len = 1; + + while (fgets(buf, sizeof(buf), opt) != NULL) { + buf[strcspn(buf, "\n\r")] = '\0'; + + arg = realloc(arg, (len + 2) * sizeof(arg[0])); + if (arg == NULL) { + perror("malloc"); + exit(1); + } + arg[len] = strdup(buf); + if (arg[len] == NULL) { + perror("strdup"); + exit(1); + } + arg[len + 1] = NULL; + len++; + } + fclose(opt); + + optidx = 0; + if(getarg(args, num_args, len, arg, &optidx)) + usage(1); + + if (len != optidx) { + fprintf(stderr, "extra args"); + exit(1); + } + } + + init_generate (file, name); + + if (one_code_file) + generate_header_of_codefile(name); + initsym (); ret = yyparse (); if(ret != 0 || error_flag != 0) @@ -129,5 +193,15 @@ main(int argc, char **argv) close_generate (); if (argc != optidx) fclose(yyin); + + if (one_code_file) + close_codefile(); + + if (arg) { + for (i = 1; i < len; i++) + free(arg[i]); + free(arg); + } + return 0; } diff --git a/crypto/heimdal/lib/asn1/pkcs12.asn1 b/crypto/heimdal/lib/asn1/pkcs12.asn1 index 37fe03e58e8..8b604c68d7e 100644 --- a/crypto/heimdal/lib/asn1/pkcs12.asn1 +++ b/crypto/heimdal/lib/asn1/pkcs12.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs12.asn1 15715 2005-07-23 11:08:47Z lha $ -- +-- $Id$ -- PKCS12 DEFINITIONS ::= @@ -50,7 +50,7 @@ PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo PKCS12-Attribute ::= SEQUENCE { attrId OBJECT IDENTIFIER, - attrValues -- SET OF -- heim_any_set + attrValues -- SET OF -- heim_any_set } PKCS12-Attributes ::= SET OF PKCS12-Attribute diff --git a/crypto/heimdal/lib/asn1/pkcs8.asn1 b/crypto/heimdal/lib/asn1/pkcs8.asn1 index 911e727c708..45a7d715dfc 100644 --- a/crypto/heimdal/lib/asn1/pkcs8.asn1 +++ b/crypto/heimdal/lib/asn1/pkcs8.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs8.asn1 16060 2005-09-13 19:41:29Z lha $ -- +-- $Id$ -- PKCS8 DEFINITIONS ::= @@ -24,7 +24,7 @@ PKCS8EncryptedData ::= OCTET STRING PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm AlgorithmIdentifier, - encryptedData PKCS8EncryptedData + encryptedData PKCS8EncryptedData } END diff --git a/crypto/heimdal/lib/asn1/pkcs9.asn1 b/crypto/heimdal/lib/asn1/pkcs9.asn1 index d985e91f3c0..50bf9dd1cd7 100644 --- a/crypto/heimdal/lib/asn1/pkcs9.asn1 +++ b/crypto/heimdal/lib/asn1/pkcs9.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs9.asn1 17202 2006-04-24 08:59:10Z lha $ -- +-- $Id$ -- PKCS9 DEFINITIONS ::= diff --git a/crypto/heimdal/lib/asn1/pkinit.asn1 b/crypto/heimdal/lib/asn1/pkinit.asn1 index 989b26581b3..f36ebf0b32f 100644 --- a/crypto/heimdal/lib/asn1/pkinit.asn1 +++ b/crypto/heimdal/lib/asn1/pkinit.asn1 @@ -17,16 +17,21 @@ id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } +id-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 } +id-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 } +id-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 } +id-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 } + id-pkinit-san OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509-sanan(2) } id-pkinit-ms-eku OBJECT IDENTIFIER ::= - { iso(1) org(3) dod(6) internet(1) private(4) + { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 20 2 2 } id-pkinit-ms-san OBJECT IDENTIFIER ::= - { iso(1) org(3) dod(6) internet(1) private(4) + { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 20 2 3 } MS-UPN-SAN ::= UTF8String @@ -147,19 +152,18 @@ TrustedCA-Win2k ::= CHOICE { issuerAndSerial [2] IssuerAndSerialNumber } -PA-PK-AS-REQ-Win2k ::= SEQUENCE { - signed-auth-pack [0] IMPLICIT OCTET STRING, - trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, - kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, +PA-PK-AS-REQ-Win2k ::= SEQUENCE { + signed-auth-pack [0] IMPLICIT OCTET STRING, + trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, + kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL } PA-PK-AS-REP-Win2k ::= CHOICE { - dhSignedData [0] IMPLICIT OCTET STRING, + dhSignedData [0] IMPLICIT OCTET STRING, encKeyPack [1] IMPLICIT OCTET STRING } - KDCDHKeyInfo-Win2k ::= SEQUENCE { nonce [0] INTEGER (-2147483648..2147483647), subjectPublicKey [2] BIT STRING @@ -171,6 +175,20 @@ ReplyKeyPack-Win2k ::= SEQUENCE { ... } +PA-PK-AS-REP-BTMM ::= SEQUENCE { + dhSignedData [0] heim_any OPTIONAL, + encKeyPack [1] heim_any OPTIONAL +} + + +PkinitSP80056AOtherInfo ::= SEQUENCE { + algorithmID AlgorithmIdentifier, + partyUInfo [0] OCTET STRING, + partyVInfo [1] OCTET STRING, + suppPubInfo [2] OCTET STRING OPTIONAL, + suppPrivInfo [3] OCTET STRING OPTIONAL +} + PkinitSuppPubInfo ::= SEQUENCE { enctype [0] INTEGER (-2147483648..2147483647), as-REQ [1] OCTET STRING, diff --git a/crypto/heimdal/lib/asn1/rfc2459.asn1 b/crypto/heimdal/lib/asn1/rfc2459.asn1 index 8e24f0740b8..5df9e41fffd 100644 --- a/crypto/heimdal/lib/asn1/rfc2459.asn1 +++ b/crypto/heimdal/lib/asn1/rfc2459.asn1 @@ -6,7 +6,7 @@ RFC2459 DEFINITIONS ::= BEGIN IMPORTS heim_any FROM heim; Version ::= INTEGER { - rfc3280_version_1(0), + rfc3280_version_1(0), rfc3280_version_2(1), rfc3280_version_3(2) } @@ -29,7 +29,7 @@ id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } -id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= +id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 2 } id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } @@ -52,9 +52,12 @@ id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 } id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26 } +id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) + oiw(14) secsig(3) algorithm(2) 29 } + id-nistAlgorithm OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } - + id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } @@ -72,9 +75,42 @@ id-dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } +-- ECC + +id-ecPublicKey OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } + +id-ecDH OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) + ecdh(12) } + +id-ecMQV OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) + ecmqv(13) } + +id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + ecdsa-with-SHA2(3) 2 } + +id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } + +-- some EC group ids + +id-ec-group-secp256r1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) + prime(1) 7 } + +id-ec-group-secp160r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) 0 8 } + +id-ec-group-secp160r2 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) 0 30 } + +-- DSA + id-x9-57 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) ansi-x942(10046) - 4 } + iso(1) member-body(2) us(840) ansi-x942(10046) 4 } id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } @@ -117,11 +153,9 @@ AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= heim_any -TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING - DirectoryString ::= CHOICE { ia5String IA5String, - teletexString TeletexStringx, + teletexString TeletexString, printableString PrintableString, universalString UniversalString, utf8String UTF8String, @@ -210,6 +244,13 @@ DomainParameters ::= SEQUENCE { validationParms ValidationParms OPTIONAL -- ValidationParms } +-- As defined by PKCS3 +DHParameter ::= SEQUENCE { + prime INTEGER, -- odd prime, p=jq +1 + base INTEGER, -- generator, g + privateValueLength INTEGER OPTIONAL +} + DHPublicKey ::= INTEGER OtherName ::= SEQUENCE { @@ -256,8 +297,8 @@ KeyIdentifier ::= OCTET STRING AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, - authorityCertIssuer [1] IMPLICIT -- GeneralName -- - SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, + authorityCertIssuer [1] IMPLICIT -- GeneralName -- + SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL } @@ -269,7 +310,7 @@ id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } BasicConstraints ::= SEQUENCE { cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, - pathLenConstraint INTEGER (0..4294967295) OPTIONAL + pathLenConstraint INTEGER (0..4294967295) OPTIONAL } id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } @@ -350,6 +391,21 @@ DSAParams ::= SEQUENCE { g INTEGER } +-- draft-ietf-pkix-ecc-subpubkeyinfo-11 + +ECPoint ::= OCTET STRING + +ECParameters ::= CHOICE { + namedCurve OBJECT IDENTIFIER + -- implicitCurve NULL + -- specifiedCurve SpecifiedECDomain +} + +ECDSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER +} + -- really pkcs1 RSAPublicKey ::= SEQUENCE { @@ -382,7 +438,7 @@ DigestInfo ::= SEQUENCE { -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: --- TemplateVersion ::= INTEGER (0..4294967295) +-- TemplateVersion ::= INTEGER (0..4294967295) -- CertificateTemplate ::= SEQUENCE { -- templateID OBJECT IDENTIFIER, @@ -393,7 +449,7 @@ DigestInfo ::= SEQUENCE { -- -- CRL --- +-- TBSCRLCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, MUST be v2 @@ -489,16 +545,16 @@ id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } --- Netscape extentions -id-netscape OBJECT IDENTIFIER ::= +id-netscape OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } --- MS extentions -id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= +id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 311 20 2 } -id-ms-client-authentication OBJECT IDENTIFIER ::= +id-ms-client-authentication OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 7 3 2 } -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 diff --git a/crypto/heimdal/lib/asn1/setchgpw2.asn1 b/crypto/heimdal/lib/asn1/setchgpw2.asn1 index 7db38542338..2f52cb1ceb1 100644 --- a/crypto/heimdal/lib/asn1/setchgpw2.asn1 +++ b/crypto/heimdal/lib/asn1/setchgpw2.asn1 @@ -1,4 +1,4 @@ --- $Id: setchgpw2.asn1 18010 2006-09-05 12:31:59Z lha $ +-- $Id$ SETCHGPW2 DEFINITIONS ::= BEGIN @@ -138,7 +138,7 @@ Op-req ::= CHOICE { get-supported-etypes[5] Req-get-supported-etypes, ... } - + Op-rep ::= CHOICE { null[0] Rep-null, change-pw[1] Rep-change-pw, diff --git a/crypto/heimdal/lib/asn1/symbol.c b/crypto/heimdal/lib/asn1/symbol.c index 9407915c19b..b05f68fa74a 100644 --- a/crypto/heimdal/lib/asn1/symbol.c +++ b/crypto/heimdal/lib/asn1/symbol.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,8 +34,6 @@ #include "gen_locl.h" #include "lex.h" -RCSID("$Id: symbol.c 15617 2005-07-12 06:27:42Z lha $"); - static Hashtab *htab; static int @@ -68,7 +66,7 @@ output_name(char *s) char *p; for (p = s; *p; ++p) - if (*p == '-') + if (*p == '-' || *p == '.') *p = '_'; } @@ -95,7 +93,7 @@ checkfunc(void *ptr, void *arg) { Symbol *s = ptr; if (s->stype == SUndefined) { - error_message("%s is still undefined\n", s->name); + lex_error_message("%s is still undefined\n", s->name); *(int *) arg = 1; } return 0; diff --git a/crypto/heimdal/lib/asn1/symbol.h b/crypto/heimdal/lib/asn1/symbol.h index d07caf55904..a39c8f46512 100644 --- a/crypto/heimdal/lib/asn1/symbol.h +++ b/crypto/heimdal/lib/asn1/symbol.h @@ -1,63 +1,64 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: symbol.h 19539 2006-12-28 17:15:05Z lha $ */ +/* $Id$ */ #ifndef _SYMBOL_H #define _SYMBOL_H #include "asn1_queue.h" -enum typetype { +enum typetype { TBitString, TBoolean, - TChoice, + TChoice, TEnumerated, - TGeneralString, - TGeneralizedTime, + TGeneralString, + TTeletexString, + TGeneralizedTime, TIA5String, - TInteger, + TInteger, TNull, - TOID, - TOctetString, + TOID, + TOctetString, TPrintableString, - TSequence, + TSequence, TSequenceOf, - TSet, + TSet, TSetOf, - TTag, - TType, - TUTCTime, + TTag, + TType, + TUTCTime, TUTF8String, TBMPString, TUniversalString, @@ -69,10 +70,10 @@ typedef enum typetype Typetype; struct type; struct value { - enum { booleanvalue, - nullvalue, - integervalue, - stringvalue, + enum { booleanvalue, + nullvalue, + integervalue, + stringvalue, objectidentifiervalue } type; union { diff --git a/crypto/heimdal/lib/asn1/template.c b/crypto/heimdal/lib/asn1/template.c new file mode 100644 index 00000000000..3e0b6932357 --- /dev/null +++ b/crypto/heimdal/lib/asn1/template.c @@ -0,0 +1,1119 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include + +#if 0 +#define ABORT_ON_ERROR() abort() +#else +#define ABORT_ON_ERROR() do { } while(0) +#endif + +#define DPOC(data,offset) ((const void *)(((const unsigned char *)data) + offset)) +#define DPO(data,offset) ((void *)(((unsigned char *)data) + offset)) + + +static struct asn1_type_func prim[] = { +#define el(name, type) { \ + (asn1_type_encode)der_put_##name, \ + (asn1_type_decode)der_get_##name, \ + (asn1_type_length)der_length_##name, \ + (asn1_type_copy)der_copy_##name, \ + (asn1_type_release)der_free_##name, \ + sizeof(type) \ + } +#define elber(name, type) { \ + (asn1_type_encode)der_put_##name, \ + (asn1_type_decode)der_get_##name##_ber, \ + (asn1_type_length)der_length_##name, \ + (asn1_type_copy)der_copy_##name, \ + (asn1_type_release)der_free_##name, \ + sizeof(type) \ + } + el(integer, int), + el(heim_integer, heim_integer), + el(integer, int), + el(unsigned, unsigned), + el(general_string, heim_general_string), + el(octet_string, heim_octet_string), + elber(octet_string, heim_octet_string), + el(ia5_string, heim_ia5_string), + el(bmp_string, heim_bmp_string), + el(universal_string, heim_universal_string), + el(printable_string, heim_printable_string), + el(visible_string, heim_visible_string), + el(utf8string, heim_utf8_string), + el(generalized_time, time_t), + el(utctime, time_t), + el(bit_string, heim_bit_string), + { (asn1_type_encode)der_put_boolean, (asn1_type_decode)der_get_boolean, + (asn1_type_length)der_length_boolean, (asn1_type_copy)der_copy_integer, + (asn1_type_release)der_free_integer, sizeof(int) + }, + el(oid, heim_oid), + el(general_string, heim_general_string), +#undef el +#undef elber +}; + +static size_t +sizeofType(const struct asn1_template *t) +{ + return t->offset; +} + +/* + * Here is abstraction to not so well evil fact of bit fields in C, + * they are endian dependent, so when getting and setting bits in the + * host local structure we need to know the endianness of the host. + * + * Its not the first time in Heimdal this have bitten us, and some day + * we'll grow up and use #defined constant, but bit fields are still + * so pretty and shiny. + */ + +static void +bmember_get_bit(const unsigned char *p, void *data, + unsigned int bit, size_t size) +{ + unsigned int localbit = bit % 8; + if ((*p >> (7 - localbit)) & 1) { +#ifdef WORDS_BIGENDIAN + *(unsigned int *)data |= (1 << ((size * 8) - bit - 1)); +#else + *(unsigned int *)data |= (1 << bit); +#endif + } +} + +static int +bmember_isset_bit(const void *data, unsigned int bit, size_t size) +{ +#ifdef WORDS_BIGENDIAN + if ((*(unsigned int *)data) & (1 << ((size * 8) - bit - 1))) + return 1; + return 0; +#else + if ((*(unsigned int *)data) & (1 << bit)) + return 1; + return 0; +#endif +} + +static void +bmember_put_bit(unsigned char *p, const void *data, unsigned int bit, + size_t size, unsigned int *bitset) +{ + unsigned int localbit = bit % 8; + + if (bmember_isset_bit(data, bit, size)) { + *p |= (1 << (7 - localbit)); + if (*bitset == 0) + *bitset = (7 - localbit) + 1; + } +} + +int +_asn1_decode(const struct asn1_template *t, unsigned flags, + const unsigned char *p, size_t len, void *data, size_t *size) +{ + size_t elements = A1_HEADER_LEN(t); + size_t oldlen = len; + int ret = 0; + const unsigned char *startp = NULL; + unsigned int template_flags = t->tt; + + /* skip over header */ + t++; + + if (template_flags & A1_HF_PRESERVE) + startp = p; + + while (elements) { + switch (t->tt & A1_OP_MASK) { + case A1_OP_TYPE: + case A1_OP_TYPE_EXTERN: { + size_t newsize, size; + void *el = DPO(data, t->offset); + void **pel = (void **)el; + + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + size = sizeofType(t->ptr); + } else { + const struct asn1_type_func *f = t->ptr; + size = f->size; + } + + if (t->tt & A1_FLAG_OPTIONAL) { + *pel = calloc(1, size); + if (*pel == NULL) + return ENOMEM; + el = *pel; + } + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + ret = _asn1_decode(t->ptr, flags, p, len, el, &newsize); + } else { + const struct asn1_type_func *f = t->ptr; + ret = (f->decode)(p, len, el, &newsize); + } + if (ret) { + if (t->tt & A1_FLAG_OPTIONAL) { + free(*pel); + *pel = NULL; + break; + } + return ret; + } + p += newsize; len -= newsize; + + break; + } + case A1_OP_TAG: { + Der_type dertype; + size_t newsize; + size_t datalen, l; + void *olddata = data; + int is_indefinite = 0; + int subflags = flags; + + ret = der_match_tag_and_length(p, len, A1_TAG_CLASS(t->tt), + &dertype, A1_TAG_TAG(t->tt), + &datalen, &l); + if (ret) { + if (t->tt & A1_FLAG_OPTIONAL) + break; + return ret; + } + + p += l; len -= l; + + /* + * Only allow indefinite encoding for OCTET STRING and BER + * for now. Should handle BIT STRING too. + */ + + if (dertype != A1_TAG_TYPE(t->tt) && (flags & A1_PF_ALLOW_BER)) { + const struct asn1_template *subtype = t->ptr; + subtype++; /* skip header */ + + if (((subtype->tt & A1_OP_MASK) == A1_OP_PARSE) && + A1_PARSE_TYPE(subtype->tt) == A1T_OCTET_STRING) + subflags |= A1_PF_INDEFINTE; + } + + if (datalen == ASN1_INDEFINITE) { + if ((flags & A1_PF_ALLOW_BER) == 0) + return ASN1_GOT_BER; + is_indefinite = 1; + datalen = len; + if (datalen < 2) + return ASN1_OVERRUN; + /* hide EndOfContent for sub-decoder, catching it below */ + datalen -= 2; + } else if (datalen > len) + return ASN1_OVERRUN; + + data = DPO(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **el = (void **)data; + size_t ellen = sizeofType(t->ptr); + + *el = calloc(1, ellen); + if (*el == NULL) + return ENOMEM; + data = *el; + } + + ret = _asn1_decode(t->ptr, subflags, p, datalen, data, &newsize); + if (ret) + return ret; + + if (newsize != datalen) + return ASN1_EXTRA_DATA; + + len -= datalen; + p += datalen; + + /* + * Indefinite encoding needs a trailing EndOfContent, + * check for that. + */ + if (is_indefinite) { + ret = der_match_tag_and_length(p, len, ASN1_C_UNIV, + &dertype, UT_EndOfContent, + &datalen, &l); + if (ret) + return ret; + if (dertype != PRIM) + return ASN1_BAD_ID; + if (datalen != 0) + return ASN1_INDEF_EXTRA_DATA; + p += l; len -= l; + } + data = olddata; + + break; + } + case A1_OP_PARSE: { + unsigned int type = A1_PARSE_TYPE(t->tt); + size_t newsize; + void *el = DPO(data, t->offset); + + /* + * INDEFINITE primitive types are one element after the + * same type but non-INDEFINITE version. + */ + if (flags & A1_PF_INDEFINTE) + type++; + + if (type >= sizeof(prim)/sizeof(prim[0])) { + ABORT_ON_ERROR(); + return ASN1_PARSE_ERROR; + } + + ret = (prim[type].decode)(p, len, el, &newsize); + if (ret) + return ret; + p += newsize; len -= newsize; + + break; + } + case A1_OP_SETOF: + case A1_OP_SEQOF: { + struct template_of *el = DPO(data, t->offset); + size_t newsize; + size_t ellen = sizeofType(t->ptr); + size_t vallength = 0; + + while (len > 0) { + void *tmp; + size_t newlen = vallength + ellen; + if (vallength > newlen) + return ASN1_OVERFLOW; + + tmp = realloc(el->val, newlen); + if (tmp == NULL) + return ENOMEM; + + memset(DPO(tmp, vallength), 0, ellen); + el->val = tmp; + + ret = _asn1_decode(t->ptr, flags & (~A1_PF_INDEFINTE), p, len, + DPO(el->val, vallength), &newsize); + if (ret) + return ret; + vallength = newlen; + el->len++; + p += newsize; len -= newsize; + } + + break; + } + case A1_OP_BMEMBER: { + const struct asn1_template *bmember = t->ptr; + size_t size = bmember->offset; + size_t elements = A1_HEADER_LEN(bmember); + size_t pos = 0; + + bmember++; + + memset(data, 0, size); + + if (len < 1) + return ASN1_OVERRUN; + p++; len--; + + while (elements && len) { + while (bmember->offset / 8 > pos / 8) { + if (len < 1) + break; + p++; len--; + pos += 8; + } + if (len) { + bmember_get_bit(p, data, bmember->offset, size); + elements--; bmember++; + } + } + len = 0; + break; + } + case A1_OP_CHOICE: { + const struct asn1_template *choice = t->ptr; + unsigned int *element = DPO(data, choice->offset); + size_t datalen; + unsigned int i; + + for (i = 1; i < A1_HEADER_LEN(choice) + 1; i++) { + /* should match first tag instead, store it in choice.tt */ + ret = _asn1_decode(choice[i].ptr, 0, p, len, + DPO(data, choice[i].offset), &datalen); + if (ret == 0) { + *element = i; + p += datalen; len -= datalen; + break; + } else if (ret != ASN1_BAD_ID && ret != ASN1_MISPLACED_FIELD && ret != ASN1_MISSING_FIELD) { + return ret; + } + } + if (i >= A1_HEADER_LEN(choice) + 1) { + if (choice->tt == 0) + return ASN1_BAD_ID; + + *element = 0; + ret = der_get_octet_string(p, len, + DPO(data, choice->tt), &datalen); + if (ret) + return ret; + p += datalen; len -= datalen; + } + + break; + } + default: + ABORT_ON_ERROR(); + return ASN1_PARSE_ERROR; + } + t++; + elements--; + } + /* if we are using padding, eat up read of context */ + if (template_flags & A1_HF_ELLIPSIS) + len = 0; + + oldlen -= len; + + if (size) + *size = oldlen; + + /* + * saved the raw bits if asked for it, useful for signature + * verification. + */ + if (startp) { + heim_octet_string *save = data; + + save->data = malloc(oldlen); + if (save->data == NULL) + return ENOMEM; + else { + save->length = oldlen; + memcpy(save->data, startp, oldlen); + } + } + return 0; +} + +int +_asn1_encode(const struct asn1_template *t, unsigned char *p, size_t len, const void *data, size_t *size) +{ + size_t elements = A1_HEADER_LEN(t); + int ret = 0; + size_t oldlen = len; + + t += A1_HEADER_LEN(t); + + while (elements) { + switch (t->tt & A1_OP_MASK) { + case A1_OP_TYPE: + case A1_OP_TYPE_EXTERN: { + size_t newsize; + const void *el = DPOC(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **pel = (void **)el; + if (*pel == NULL) + break; + el = *pel; + } + + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + ret = _asn1_encode(t->ptr, p, len, el, &newsize); + } else { + const struct asn1_type_func *f = t->ptr; + ret = (f->encode)(p, len, el, &newsize); + } + + if (ret) + return ret; + p -= newsize; len -= newsize; + + break; + } + case A1_OP_TAG: { + const void *olddata = data; + size_t l, datalen; + + data = DPOC(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **el = (void **)data; + if (*el == NULL) { + data = olddata; + break; + } + data = *el; + } + + ret = _asn1_encode(t->ptr, p, len, data, &datalen); + if (ret) + return ret; + + len -= datalen; p -= datalen; + + ret = der_put_length_and_tag(p, len, datalen, + A1_TAG_CLASS(t->tt), + A1_TAG_TYPE(t->tt), + A1_TAG_TAG(t->tt), &l); + if (ret) + return ret; + + p -= l; len -= l; + + data = olddata; + + break; + } + case A1_OP_PARSE: { + unsigned int type = A1_PARSE_TYPE(t->tt); + size_t newsize; + const void *el = DPOC(data, t->offset); + + if (type > sizeof(prim)/sizeof(prim[0])) { + ABORT_ON_ERROR(); + return ASN1_PARSE_ERROR; + } + + ret = (prim[type].encode)(p, len, el, &newsize); + if (ret) + return ret; + p -= newsize; len -= newsize; + + break; + } + case A1_OP_SETOF: { + const struct template_of *el = DPOC(data, t->offset); + size_t ellen = sizeofType(t->ptr); + struct heim_octet_string *val; + unsigned char *elptr = el->val; + size_t i, totallen; + + if (el->len == 0) + break; + + if (el->len > UINT_MAX/sizeof(val[0])) + return ERANGE; + + val = malloc(sizeof(val[0]) * el->len); + if (val == NULL) + return ENOMEM; + + for(totallen = 0, i = 0; i < el->len; i++) { + unsigned char *next; + size_t l; + + val[i].length = _asn1_length(t->ptr, elptr); + val[i].data = malloc(val[i].length); + + ret = _asn1_encode(t->ptr, DPO(val[i].data, val[i].length - 1), + val[i].length, elptr, &l); + if (ret) + break; + + next = elptr + ellen; + if (next < elptr) { + ret = ASN1_OVERFLOW; + break; + } + elptr = next; + totallen += val[i].length; + } + if (ret == 0 && totallen > len) + ret = ASN1_OVERFLOW; + if (ret) { + do { + free(val[i].data); + } while(i-- > 0); + free(val); + return ret; + } + + len -= totallen; + + qsort(val, el->len, sizeof(val[0]), _heim_der_set_sort); + + i = el->len - 1; + do { + p -= val[i].length; + memcpy(p + 1, val[i].data, val[i].length); + free(val[i].data); + } while(i-- > 0); + free(val); + + break; + + } + case A1_OP_SEQOF: { + struct template_of *el = DPO(data, t->offset); + size_t ellen = sizeofType(t->ptr); + size_t newsize; + unsigned int i; + unsigned char *elptr = el->val; + + if (el->len == 0) + break; + + elptr += ellen * (el->len - 1); + + for (i = 0; i < el->len; i++) { + ret = _asn1_encode(t->ptr, p, len, + elptr, + &newsize); + if (ret) + return ret; + p -= newsize; len -= newsize; + elptr -= ellen; + } + + break; + } + case A1_OP_BMEMBER: { + const struct asn1_template *bmember = t->ptr; + size_t size = bmember->offset; + size_t elements = A1_HEADER_LEN(bmember); + size_t pos; + unsigned char c = 0; + unsigned int bitset = 0; + int rfc1510 = (bmember->tt & A1_HBF_RFC1510); + + bmember += elements; + + if (rfc1510) + pos = 31; + else + pos = bmember->offset; + + while (elements && len) { + while (bmember->offset / 8 < pos / 8) { + if (rfc1510 || bitset || c) { + if (len < 1) + return ASN1_OVERFLOW; + *p-- = c; len--; + } + c = 0; + pos -= 8; + } + bmember_put_bit(&c, data, bmember->offset, size, &bitset); + elements--; bmember--; + } + if (rfc1510 || bitset) { + if (len < 1) + return ASN1_OVERFLOW; + *p-- = c; len--; + } + + if (len < 1) + return ASN1_OVERFLOW; + if (rfc1510 || bitset == 0) + *p-- = 0; + else + *p-- = bitset - 1; + + len--; + + break; + } + case A1_OP_CHOICE: { + const struct asn1_template *choice = t->ptr; + const unsigned int *element = DPOC(data, choice->offset); + size_t datalen; + const void *el; + + if (*element > A1_HEADER_LEN(choice)) { + printf("element: %d\n", *element); + return ASN1_PARSE_ERROR; + } + + if (*element == 0) { + ret += der_put_octet_string(p, len, + DPOC(data, choice->tt), &datalen); + } else { + choice += *element; + el = DPOC(data, choice->offset); + ret = _asn1_encode(choice->ptr, p, len, el, &datalen); + if (ret) + return ret; + } + len -= datalen; p -= datalen; + + break; + } + default: + ABORT_ON_ERROR(); + } + t--; + elements--; + } + if (size) + *size = oldlen - len; + + return 0; +} + +size_t +_asn1_length(const struct asn1_template *t, const void *data) +{ + size_t elements = A1_HEADER_LEN(t); + size_t ret = 0; + + t += A1_HEADER_LEN(t); + + while (elements) { + switch (t->tt & A1_OP_MASK) { + case A1_OP_TYPE: + case A1_OP_TYPE_EXTERN: { + const void *el = DPOC(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **pel = (void **)el; + if (*pel == NULL) + break; + el = *pel; + } + + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + ret += _asn1_length(t->ptr, el); + } else { + const struct asn1_type_func *f = t->ptr; + ret += (f->length)(el); + } + break; + } + case A1_OP_TAG: { + size_t datalen; + const void *olddata = data; + + data = DPO(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **el = (void **)data; + if (*el == NULL) { + data = olddata; + break; + } + data = *el; + } + datalen = _asn1_length(t->ptr, data); + ret += der_length_tag(A1_TAG_TAG(t->tt)) + der_length_len(datalen); + ret += datalen; + data = olddata; + break; + } + case A1_OP_PARSE: { + unsigned int type = A1_PARSE_TYPE(t->tt); + const void *el = DPOC(data, t->offset); + + if (type > sizeof(prim)/sizeof(prim[0])) { + ABORT_ON_ERROR(); + break; + } + ret += (prim[type].length)(el); + break; + } + case A1_OP_SETOF: + case A1_OP_SEQOF: { + const struct template_of *el = DPOC(data, t->offset); + size_t ellen = sizeofType(t->ptr); + const unsigned char *element = el->val; + unsigned int i; + + for (i = 0; i < el->len; i++) { + ret += _asn1_length(t->ptr, element); + element += ellen; + } + + break; + } + case A1_OP_BMEMBER: { + const struct asn1_template *bmember = t->ptr; + size_t size = bmember->offset; + size_t elements = A1_HEADER_LEN(bmember); + int rfc1510 = (bmember->tt & A1_HBF_RFC1510); + + if (rfc1510) { + ret += 5; + } else { + + ret += 1; + + bmember += elements; + + while (elements) { + if (bmember_isset_bit(data, bmember->offset, size)) { + ret += (bmember->offset / 8) + 1; + break; + } + elements--; bmember--; + } + } + break; + } + case A1_OP_CHOICE: { + const struct asn1_template *choice = t->ptr; + const unsigned int *element = DPOC(data, choice->offset); + + if (*element > A1_HEADER_LEN(choice)) + break; + + if (*element == 0) { + ret += der_length_octet_string(DPOC(data, choice->tt)); + } else { + choice += *element; + ret += _asn1_length(choice->ptr, DPOC(data, choice->offset)); + } + break; + } + default: + ABORT_ON_ERROR(); + break; + } + elements--; + t--; + } + return ret; +} + +void +_asn1_free(const struct asn1_template *t, void *data) +{ + size_t elements = A1_HEADER_LEN(t); + + if (t->tt & A1_HF_PRESERVE) + der_free_octet_string(data); + + t++; + + while (elements) { + switch (t->tt & A1_OP_MASK) { + case A1_OP_TYPE: + case A1_OP_TYPE_EXTERN: { + void *el = DPO(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **pel = (void **)el; + if (*pel == NULL) + break; + el = *pel; + } + + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + _asn1_free(t->ptr, el); + } else { + const struct asn1_type_func *f = t->ptr; + (f->release)(el); + } + if (t->tt & A1_FLAG_OPTIONAL) + free(el); + + break; + } + case A1_OP_PARSE: { + unsigned int type = A1_PARSE_TYPE(t->tt); + void *el = DPO(data, t->offset); + + if (type > sizeof(prim)/sizeof(prim[0])) { + ABORT_ON_ERROR(); + break; + } + (prim[type].release)(el); + break; + } + case A1_OP_TAG: { + void *el = DPO(data, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **pel = (void **)el; + if (*pel == NULL) + break; + el = *pel; + } + + _asn1_free(t->ptr, el); + + if (t->tt & A1_FLAG_OPTIONAL) + free(el); + + break; + } + case A1_OP_SETOF: + case A1_OP_SEQOF: { + struct template_of *el = DPO(data, t->offset); + size_t ellen = sizeofType(t->ptr); + unsigned char *element = el->val; + unsigned int i; + + for (i = 0; i < el->len; i++) { + _asn1_free(t->ptr, element); + element += ellen; + } + free(el->val); + el->val = NULL; + el->len = 0; + + break; + } + case A1_OP_BMEMBER: + break; + case A1_OP_CHOICE: { + const struct asn1_template *choice = t->ptr; + const unsigned int *element = DPOC(data, choice->offset); + + if (*element > A1_HEADER_LEN(choice)) + break; + + if (*element == 0) { + der_free_octet_string(DPO(data, choice->tt)); + } else { + choice += *element; + _asn1_free(choice->ptr, DPO(data, choice->offset)); + } + break; + } + default: + ABORT_ON_ERROR(); + break; + } + t++; + elements--; + } +} + +int +_asn1_copy(const struct asn1_template *t, const void *from, void *to) +{ + size_t elements = A1_HEADER_LEN(t); + int ret = 0; + int preserve = (t->tt & A1_HF_PRESERVE); + + t++; + + if (preserve) { + ret = der_copy_octet_string(from, to); + if (ret) + return ret; + } + + while (elements) { + switch (t->tt & A1_OP_MASK) { + case A1_OP_TYPE: + case A1_OP_TYPE_EXTERN: { + const void *fel = DPOC(from, t->offset); + void *tel = DPO(to, t->offset); + void **ptel = (void **)tel; + size_t size; + + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + size = sizeofType(t->ptr); + } else { + const struct asn1_type_func *f = t->ptr; + size = f->size; + } + + if (t->tt & A1_FLAG_OPTIONAL) { + void **pfel = (void **)fel; + if (*pfel == NULL) + break; + fel = *pfel; + + tel = *ptel = calloc(1, size); + if (tel == NULL) + return ENOMEM; + } + + if ((t->tt & A1_OP_MASK) == A1_OP_TYPE) { + ret = _asn1_copy(t->ptr, fel, tel); + } else { + const struct asn1_type_func *f = t->ptr; + ret = (f->copy)(fel, tel); + } + + if (ret) { + if (t->tt & A1_FLAG_OPTIONAL) { + free(*ptel); + *ptel = NULL; + } + return ret; + } + break; + } + case A1_OP_PARSE: { + unsigned int type = A1_PARSE_TYPE(t->tt); + const void *fel = DPOC(from, t->offset); + void *tel = DPO(to, t->offset); + + if (type > sizeof(prim)/sizeof(prim[0])) { + ABORT_ON_ERROR(); + return ASN1_PARSE_ERROR; + } + ret = (prim[type].copy)(fel, tel); + if (ret) + return ret; + break; + } + case A1_OP_TAG: { + const void *oldfrom = from; + void *oldto = to; + void **tel = NULL; + + from = DPOC(from, t->offset); + to = DPO(to, t->offset); + + if (t->tt & A1_FLAG_OPTIONAL) { + void **fel = (void **)from; + tel = (void **)to; + if (*fel == NULL) { + from = oldfrom; + to = oldto; + break; + } + from = *fel; + + to = *tel = calloc(1, sizeofType(t->ptr)); + if (to == NULL) + return ENOMEM; + } + + ret = _asn1_copy(t->ptr, from, to); + if (ret) { + if (t->tt & A1_FLAG_OPTIONAL) { + free(*tel); + *tel = NULL; + } + return ret; + } + + from = oldfrom; + to = oldto; + + break; + } + case A1_OP_SETOF: + case A1_OP_SEQOF: { + const struct template_of *fel = DPOC(from, t->offset); + struct template_of *tel = DPO(to, t->offset); + size_t ellen = sizeofType(t->ptr); + unsigned int i; + + tel->val = calloc(fel->len, ellen); + if (tel->val == NULL) + return ENOMEM; + + tel->len = fel->len; + + for (i = 0; i < fel->len; i++) { + ret = _asn1_copy(t->ptr, + DPOC(fel->val, (i * ellen)), + DPO(tel->val, (i *ellen))); + if (ret) + return ret; + } + break; + } + case A1_OP_BMEMBER: { + const struct asn1_template *bmember = t->ptr; + size_t size = bmember->offset; + memcpy(to, from, size); + break; + } + case A1_OP_CHOICE: { + const struct asn1_template *choice = t->ptr; + const unsigned int *felement = DPOC(from, choice->offset); + unsigned int *telement = DPO(to, choice->offset); + + if (*felement > A1_HEADER_LEN(choice)) + return ASN1_PARSE_ERROR; + + *telement = *felement; + + if (*felement == 0) { + ret = der_copy_octet_string(DPOC(from, choice->tt), DPO(to, choice->tt)); + } else { + choice += *felement; + ret = _asn1_copy(choice->ptr, + DPOC(from, choice->offset), + DPO(to, choice->offset)); + } + if (ret) + return ret; + break; + } + default: + ABORT_ON_ERROR(); + break; + } + t++; + elements--; + } + return 0; +} + +int +_asn1_decode_top(const struct asn1_template *t, unsigned flags, const unsigned char *p, size_t len, void *data, size_t *size) +{ + int ret; + memset(data, 0, t->offset); + ret = _asn1_decode(t, flags, p, len, data, size); + if (ret) { + _asn1_free(t, data); + memset(data, 0, t->offset); + } + + return ret; +} + +int +_asn1_copy_top(const struct asn1_template *t, const void *from, void *to) +{ + int ret; + memset(to, 0, t->offset); + ret = _asn1_copy(t, from, to); + if (ret) { + _asn1_free(t, to); + memset(to, 0, t->offset); + } + return ret; +} diff --git a/crypto/heimdal/lib/asn1/test.asn1 b/crypto/heimdal/lib/asn1/test.asn1 index b2f58a20c2c..89154e337c8 100644 --- a/crypto/heimdal/lib/asn1/test.asn1 +++ b/crypto/heimdal/lib/asn1/test.asn1 @@ -1,4 +1,4 @@ --- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ -- +-- $Id$ -- TEST DEFINITIONS ::= @@ -6,8 +6,11 @@ BEGIN IMPORTS heim_any FROM heim; +TESTuint32 ::= INTEGER (0..4294967295) + TESTLargeTag ::= SEQUENCE { - foo[127] INTEGER (-2147483648..2147483647) + foo[127] INTEGER (-2147483648..2147483647), + bar[128] INTEGER (-2147483648..2147483647) } TESTSeq ::= SEQUENCE { @@ -20,12 +23,12 @@ TESTSeq ::= SEQUENCE { TESTChoice1 ::= CHOICE { i1[1] INTEGER (-2147483648..2147483647), i2[2] INTEGER (-2147483648..2147483647), - ... + ... } TESTChoice2 ::= CHOICE { i1[1] INTEGER (-2147483648..2147483647), - ... + ... } TESTInteger ::= INTEGER (-2147483648..2147483647) @@ -35,7 +38,7 @@ TESTInteger3 ::= [5] IMPLICIT TESTInteger2 TESTImplicit ::= SEQUENCE { ti1[0] IMPLICIT INTEGER (-2147483648..2147483647), - ti2[1] IMPLICIT SEQUENCE { + ti2[1] IMPLICIT SEQUENCE { foo[127] INTEGER (-2147483648..2147483647) }, ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647) @@ -57,21 +60,26 @@ TESTAlloc ::= SEQUENCE { tagless2 heim_any OPTIONAL } +TESTOptional ::= SEQUENCE { + zero [0] INTEGER (-2147483648..2147483647) OPTIONAL, + one [1] INTEGER (-2147483648..2147483647) OPTIONAL +} + TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER ) -TESTENCODEDBY ::= OCTET STRING ( ENCODED BY +TESTENCODEDBY ::= OCTET STRING ( ENCODED BY { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } ) -TESTDer OBJECT IDENTIFIER ::= { +TESTDer OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } -TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY +TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } ) -TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( +TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY TESTDer ) @@ -92,4 +100,39 @@ TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger TESTOSSize1 ::= OCTET STRING SIZE (1..2) +TESTSeqOfSeq ::= SEQUENCE OF SEQUENCE { + zero [0] TESTInteger +} + +TESTSeqOfSeq2 ::= SEQUENCE OF SEQUENCE { + string [0] GeneralString +} + +TESTSeqOfSeq3 ::= SEQUENCE OF SEQUENCE { + zero [0] TESTInteger, + string [0] GeneralString +} + +TESTSeqOf2 ::= SEQUENCE { + strings SEQUENCE OF GeneralString +} + +TESTSeqOf3 ::= SEQUENCE { + strings SEQUENCE OF GeneralString OPTIONAL +} + +TESTPreserve ::= SEQUENCE { + zero [0] TESTInteger, + one [1] TESTInteger +} + +TESTBitString ::= BIT STRING { + zero(0), + eight(8), + thirtyone(31) +} + +TESTMechType::= OBJECT IDENTIFIER +TESTMechTypeList ::= SEQUENCE OF TESTMechType + END diff --git a/crypto/heimdal/lib/asn1/test.gen b/crypto/heimdal/lib/asn1/test.gen index d0fc7d98a44..bfb04864818 100644 --- a/crypto/heimdal/lib/asn1/test.gen +++ b/crypto/heimdal/lib/asn1/test.gen @@ -1,4 +1,4 @@ -# $Id: test.gen 15617 2005-07-12 06:27:42Z lha $ +# $Id$ # Sample for TESTSeq in test.asn1 # diff --git a/crypto/heimdal/lib/asn1/timegm.c b/crypto/heimdal/lib/asn1/timegm.c index 33b9684a5d8..d9f4adbd559 100644 --- a/crypto/heimdal/lib/asn1/timegm.c +++ b/crypto/heimdal/lib/asn1/timegm.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "der_locl.h" -RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $"); +#define ASN1_MAX_YEAR 2000 static int is_leap(unsigned y) @@ -42,7 +42,11 @@ is_leap(unsigned y) return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); } -/* +static const unsigned ndays[2][12] ={ + {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, + {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; + +/* * This is a simplifed version of timegm(3) that doesn't accept out of * bound values that timegm(3) normally accepts but those are not * valid in asn1 encodings. @@ -51,23 +55,26 @@ is_leap(unsigned y) time_t _der_timegm (struct tm *tm) { - static const unsigned ndays[2][12] ={ - {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, - {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; time_t res = 0; - unsigned i; + int i; - if (tm->tm_year < 0) + /* + * See comment in _der_gmtime + */ + if (tm->tm_year > ASN1_MAX_YEAR) + return 0; + + if (tm->tm_year < 0) return -1; - if (tm->tm_mon < 0 || tm->tm_mon > 11) + if (tm->tm_mon < 0 || tm->tm_mon > 11) return -1; - if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon]) + if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon]) return -1; - if (tm->tm_hour < 0 || tm->tm_hour > 23) + if (tm->tm_hour < 0 || tm->tm_hour > 23) return -1; - if (tm->tm_min < 0 || tm->tm_min > 59) + if (tm->tm_min < 0 || tm->tm_min > 59) return -1; - if (tm->tm_sec < 0 || tm->tm_sec > 59) + if (tm->tm_sec < 0 || tm->tm_sec > 59) return -1; for (i = 70; i < tm->tm_year; ++i) @@ -84,3 +91,46 @@ _der_timegm (struct tm *tm) res += tm->tm_sec; return res; } + +struct tm * +_der_gmtime(time_t t, struct tm *tm) +{ + time_t secday = t % (3600 * 24); + time_t days = t / (3600 * 24); + + memset(tm, 0, sizeof(*tm)); + + tm->tm_sec = secday % 60; + tm->tm_min = (secday % 3600) / 60; + tm->tm_hour = secday / 3600; + + /* + * Refuse to calculate time ~ 2000 years into the future, this is + * not possible for systems where time_t is a int32_t, however, + * when time_t is a int64_t, that can happen, and this becomes a + * denial of sevice. + */ + if (days > (ASN1_MAX_YEAR * 365)) + return NULL; + + tm->tm_year = 70; + while(1) { + unsigned dayinyear = (is_leap(tm->tm_year) ? 366 : 365); + if (days < dayinyear) + break; + tm->tm_year += 1; + days -= dayinyear; + } + tm->tm_mon = 0; + + while (1) { + unsigned daysinmonth = ndays[is_leap(tm->tm_year)][tm->tm_mon]; + if (days < daysinmonth) + break; + days -= daysinmonth; + tm->tm_mon++; + } + tm->tm_mday = days + 1; + + return tm; +} diff --git a/crypto/heimdal/lib/asn1/version-script.map b/crypto/heimdal/lib/asn1/version-script.map new file mode 100644 index 00000000000..67f9ff0983a --- /dev/null +++ b/crypto/heimdal/lib/asn1/version-script.map @@ -0,0 +1,6 @@ +# Export everything, but put a tag on is so that we make ourself incompatible with older versions + +HEIMDAL_ASN1_1.0 { + global: + *; +}; diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog deleted file mode 100644 index 1ef62c092f4..00000000000 --- a/crypto/heimdal/lib/auth/ChangeLog +++ /dev/null @@ -1,206 +0,0 @@ -2007-12-14 Love Hörnquist Åstrand - - * sia/Makefile.am: One EXTRA_DIST is enought, from dave love. - - * pam/Makefile.am: Add SRCS to EXTRA_DIST - - * afskauthlib/Makefile.am: SRCS - -2006-10-22 Love Hörnquist Åstrand - - * pam/Makefile.am: use libtool to build binaries - -2005-05-02 Dave Love - - * afskauthlib/Makefile.am (afskauthlib.so): Use libtool. - (.c.o): Use CC (like SIA module), not COMPILE. - -2005-04-19 Love Hörnquist Åstrand - - * sia/sia.c: fix getpw*_r calls, they return 0 even when the entry - isn't found and instead make it with setting return pointer to - NULL. From Luke Mewburn - -2004-09-08 Johan Danielsson - - * afskauthlib/verify.c: use krb5_appdefault_boolean instead of - krb5_config_get_bool - -2003-09-23 Love Hörnquist Åstrand - - * sia/sia.c: Add support for AFS when using Kerberos 5, From: - Sergio.Gelato@astro.su.se - -2003-07-07 Love Hörnquist Åstrand - - * pam/Makefile.am: XXX inline COMPILE since automake wont add it - - * afskauthlib/verify.c (verify_krb5): use krb5_cc_clear_mcred - -2003-05-08 Love Hörnquist Åstrand - - * sia/Makefile.am: inline COMPILE since (modern) automake doesn't - add it by itself for some reason - -2003-04-30 Love Hörnquist Åstrand - - * afskauthlib/Makefile.am: always includes kafs now that its built - -2003-03-27 Love Hörnquist Åstrand - - * sia/Makefile.am: libkafs is always built now, lets include it - -2002-05-19 Johan Danielsson - - * pam/Makefile.am: set SUFFIXES with += - -2001-10-27 Assar Westerlund - - * pam/Makefile.am: actually build the pam module - -2001-09-18 Johan Danielsson - - * sia/Makefile.am: also don't compress krb5 library, at least - siacfg fails with compressed libraries - -2001-09-13 Assar Westerlund - - * sia/sia.c: move krb5_error_code inside a ifdef KRB5 - * sia/sia_locl.h: move roken.h earlier to grab definition of - socklen_t - -2001-08-28 Johan Danielsson - - * sia/krb5_matrix.conf: athena -> heimdal - -2001-07-17 Assar Westerlund - - * sia/Makefile.am: use make-rpath to sort rpath arguments - -2001-07-15 Assar Westerlund - - * afskauthlib/Makefile.am: use LIB_des, so that we link with - libcrypto/libdes from krb4 - -2001-07-12 Assar Westerlund - - * sia/Makefile.am: use $(CC) instead of ld for linking - -2001-07-06 Assar Westerlund - - * sia/Makefile.am: use LDFLAGS, and conditional libdes - -2001-03-06 Assar Westerlund - - * sia/Makefile.am: make sure of using -rpath and not -R when - calling ld - -2001-02-15 Assar Westerlund - - * pam/pam.c (psyslog): do not log to console - -2001-01-29 Assar Westerlund - - * sia/Makefile.am (libsia_krb5.so): actually run ld in the case - shared library case - -2000-12-31 Assar Westerlund - - * sia/sia.c (siad_ses_init): handle krb5_init_context failure - consistently - * afskauthlib/verify.c (verify_krb5): handle krb5_init_context - failure consistently - -2000-11-30 Johan Danielsson - - * afskauthlib/Makefile.am: use libtool - - * afskauthlib/Makefile.am: work with krb4 only - -2000-07-30 Johan Danielsson - - * sia/Makefile.am: don't compress library, since 5.0 seems to have - a problem with this - -2000-07-02 Assar Westerlund - - * afskauthlib/verify.c: fixes for pag setting - -1999-12-30 Assar Westerlund - - * sia/Makefile.am: try to link with shared libraries if we don't - find any static ones - -1999-12-20 Johan Danielsson - - * sia/sia.c: don't use string concatenation with TKT_ROOT - -1999-11-15 Assar Westerlund - - * */lib/Makefile.in: set LIBNAME. From Enrico Scholz - - -1999-10-17 Assar Westerlund - - * afskauthlib/verify.c (verify_krb5): need realm for v5 -> v4 - -1999-10-03 Assar Westerlund - - * afskauthlib/verify.c (verify_krb5): update to new - krb524_convert_creds_kdc - -1999-09-28 Assar Westerlund - - * sia/sia.c (doauth): use krb5_get_local_realms and - krb5_verify_user_lrealm - - * afskauthlib/verify.c (verify_krb5): remove krb5_kuserok. use - krb5_verify_user_lrealm - -1999-08-27 Johan Danielsson - - * pam/Makefile.in: link with res_search/dn_expand libraries - -1999-08-11 Johan Danielsson - - * afskauthlib/verify.c: make this compile w/o krb4 - -1999-08-04 Assar Westerlund - - * afskauthlib/verify.c: incorporate patches from Miroslav Ruda - - -Thu Apr 8 14:35:34 1999 Johan Danielsson - - * sia/sia.c: remove definition of KRB_VERIFY_USER (moved to - config.h) - - * sia/Makefile.am: make it build w/o krb4 - - * afskauthlib/verify.c: add krb5 support - - * afskauthlib/Makefile.am: build afskauthlib.so - -Wed Apr 7 14:06:22 1999 Johan Danielsson - - * sia/sia.c: make it compile w/o krb4 - - * sia/Makefile.am: make it compile w/o krb4 - -Thu Apr 1 18:09:23 1999 Johan Danielsson - - * sia/sia_locl.h: POSIX_GETPWNAM_R is defined in config.h - -Sun Mar 21 14:08:30 1999 Johan Danielsson - - * sia/Makefile.in: add posix_getpw.c - - * sia/Makefile.am: makefile for sia - - * sia/posix_getpw.c: move from sia.c - - * sia/sia_locl.h: merge with krb5 version - - * sia/sia.c: merge with krb5 version - - * sia/sia5.c: remove unused variables diff --git a/crypto/heimdal/lib/auth/Makefile.am b/crypto/heimdal/lib/auth/Makefile.am deleted file mode 100644 index c62903c7d1b..00000000000 --- a/crypto/heimdal/lib/auth/Makefile.am +++ /dev/null @@ -1,6 +0,0 @@ -# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $ - -include $(top_srcdir)/Makefile.am.common - -SUBDIRS = @LIB_AUTH_SUBDIRS@ -DIST_SUBDIRS = afskauthlib pam sia diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in deleted file mode 100644 index d7200ce6a3b..00000000000 --- a/crypto/heimdal/lib/auth/Makefile.in +++ /dev/null @@ -1,815 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am 5683 1999-03-21 17:11:08Z joda $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common ChangeLog -subdir = lib/auth -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/framework-security.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ - $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ - $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ - $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DBLIB = @DBLIB@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ -DIR_hcrypto = @DIR_hcrypto@ -DIR_hdbdir = @DIR_hdbdir@ -DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -GREP = @GREP@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_hcrypto = @INCLUDE_hcrypto@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBADD_roken = @LIBADD_roken@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hcrypto = @LIB_hcrypto@ -LIB_hcrypto_a = @LIB_hcrypto_a@ -LIB_hcrypto_appl = @LIB_hcrypto_appl@ -LIB_hcrypto_so = @LIB_hcrypto_so@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ -LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ -LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_ndestroy = @LIB_res_ndestroy@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NROFF = @NROFF@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -XMKMF = @XMKMF@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__leading_dot = @am__leading_dot@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) -CP = cp -buildinclude = $(top_builddir)/include -LIB_getattr = @LIB_getattr@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_setpcred = @LIB_setpcred@ -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -SUBDIRS = @LIB_AUTH_SUBDIRS@ -DIST_SUBDIRS = afskauthlib pam sia -all: all-recursive - -.SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/auth/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ - fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - distdir) \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-recursive -all-am: Makefile all-local -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-recursive - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -info: info-recursive - -info-am: - -install-data-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-dvi: install-dvi-recursive - -install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-html: install-html-recursive - -install-info: install-info-recursive - -install-man: - -install-pdf: install-pdf-recursive - -install-ps: install-ps-recursive - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-data-am install-exec-am install-strip uninstall-am - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am all-local check check-am check-local clean \ - clean-generic clean-libtool ctags ctags-recursive dist-hook \ - distclean distclean-generic distclean-libtool distclean-tags \ - distdir dvi dvi-am html html-am info info-am install \ - install-am install-data install-data-am install-data-hook \ - install-dvi install-dvi-am install-exec install-exec-am \ - install-exec-hook install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ - uninstall uninstall-am uninstall-hook - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am b/crypto/heimdal/lib/auth/afskauthlib/Makefile.am deleted file mode 100644 index 1eec4f5d163..00000000000 --- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.am +++ /dev/null @@ -1,51 +0,0 @@ -# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $ - -include $(top_srcdir)/Makefile.am.common - -AM_CPPFLAGS += $(INCLUDE_krb4) - -DEFS = @DEFS@ - -foodir = $(libdir) -foo_DATA = afskauthlib.so - -SUFFIXES += .c .o - -SRCS = verify.c -OBJS = verify.o - -CLEANFILES = $(foo_DATA) $(OBJS) so_locations - -afskauthlib.so: $(OBJS) - $(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS) - -.c.o: - $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ - -c `test -f '$<' || echo '$(srcdir)/'`$< - -KAFS = $(top_builddir)/lib/kafs/libkafs.la - -if KRB5 -L = \ - $(KAFS) \ - $(top_builddir)/lib/krb5/libkrb5.la \ - $(top_builddir)/lib/asn1/libasn1.la \ - $(LIB_krb4) \ - $(LIB_hcrypto) \ - $(top_builddir)/lib/roken/libroken.la \ - -lc - -else - -L = \ - $(KAFS) \ - $(LIB_krb4) \ - $(LIB_hcrypto) \ - $(top_builddir)/lib/roken/libroken.la \ - -lc -endif - -$(OBJS): $(top_builddir)/include/config.h - -EXTRA_DIST = $(SRCS) diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in deleted file mode 100644 index 89c966ad813..00000000000 --- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in +++ /dev/null @@ -1,723 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am 22298 2007-12-14 06:38:06Z lha $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common -subdir = lib/auth/afskauthlib -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/framework-security.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ - $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ - $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ - $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = -SOURCES = -DIST_SOURCES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(foodir)" -fooDATA_INSTALL = $(INSTALL_DATA) -DATA = $(foo_DATA) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DBLIB = @DBLIB@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ -DIR_hcrypto = @DIR_hcrypto@ -DIR_hdbdir = @DIR_hdbdir@ -DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -GREP = @GREP@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_hcrypto = @INCLUDE_hcrypto@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBADD_roken = @LIBADD_roken@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hcrypto = @LIB_hcrypto@ -LIB_hcrypto_a = @LIB_hcrypto_a@ -LIB_hcrypto_appl = @LIB_hcrypto_appl@ -LIB_hcrypto_so = @LIB_hcrypto_so@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ -LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ -LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_ndestroy = @LIB_res_ndestroy@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NROFF = @NROFF@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -XMKMF = @XMKMF@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__leading_dot = @am__leading_dot@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) -CP = cp -buildinclude = $(top_builddir)/include -LIB_getattr = @LIB_getattr@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_setpcred = @LIB_setpcred@ -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -foodir = $(libdir) -foo_DATA = afskauthlib.so -SRCS = verify.c -OBJS = verify.o -CLEANFILES = $(foo_DATA) $(OBJS) so_locations -KAFS = $(top_builddir)/lib/kafs/libkafs.la -@KRB5_FALSE@L = \ -@KRB5_FALSE@ $(KAFS) \ -@KRB5_FALSE@ $(LIB_krb4) \ -@KRB5_FALSE@ $(LIB_hcrypto) \ -@KRB5_FALSE@ $(top_builddir)/lib/roken/libroken.la \ -@KRB5_FALSE@ -lc - -@KRB5_TRUE@L = \ -@KRB5_TRUE@ $(KAFS) \ -@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ -@KRB5_TRUE@ $(LIB_krb4) \ -@KRB5_TRUE@ $(LIB_hcrypto) \ -@KRB5_TRUE@ $(top_builddir)/lib/roken/libroken.la \ -@KRB5_TRUE@ -lc - -EXTRA_DIST = $(SRCS) -all: all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/afskauthlib/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/auth/afskauthlib/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-fooDATA: $(foo_DATA) - @$(NORMAL_INSTALL) - test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" - @list='$(foo_DATA)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ - $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ - done - -uninstall-fooDATA: - @$(NORMAL_UNINSTALL) - @list='$(foo_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ - rm -f "$(DESTDIR)$(foodir)/$$f"; \ - done -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-am -all-am: Makefile $(DATA) all-local -installdirs: - for dir in "$(DESTDIR)$(foodir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-fooDATA - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-dvi: install-dvi-am - -install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-fooDATA - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am - -.PHONY: all all-am all-local check check-am check-local clean \ - clean-generic clean-libtool dist-hook distclean \ - distclean-generic distclean-libtool distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-hook install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-fooDATA \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-fooDATA \ - uninstall-hook - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done - -afskauthlib.so: $(OBJS) - $(LIBTOOL) --mode=link $(CC) -shared -o $@ $(OBJS) $(L) $(LDFLAGS) - -.c.o: - $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ - -c `test -f '$<' || echo '$(srcdir)/'`$< - -$(OBJS): $(top_builddir)/include/config.h -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/auth/afskauthlib/verify.c b/crypto/heimdal/lib/auth/afskauthlib/verify.c deleted file mode 100644 index ff0141b2f6b..00000000000 --- a/crypto/heimdal/lib/auth/afskauthlib/verify.c +++ /dev/null @@ -1,307 +0,0 @@ -/* - * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: verify.c 14203 2004-09-08 09:02:59Z joda $"); -#endif -#include -#include -#include -#ifdef KRB5 -#include -#endif -#ifdef KRB4 -#include -#include -#endif -#include - -#ifdef KRB5 -static char krb5ccname[128]; -#endif -#ifdef KRB4 -static char krbtkfile[128]; -#endif - -/* - In some cases is afs_gettktstring called twice (once before - afs_verify and once after afs_verify). - In some cases (rlogin with access allowed via .rhosts) - afs_verify is not called! - So we can't rely on correct value in krbtkfile in some - cases! -*/ - -static int correct_tkfilename=0; -static int pag_set=0; - -#ifdef KRB4 -static void -set_krbtkfile(uid_t uid) -{ - snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid); - krb_set_tkt_string (krbtkfile); - correct_tkfilename = 1; -} -#endif - -/* XXX this has to be the default cache name, since the KRB5CCNAME - * environment variable isn't exported by login/xdm - */ - -#ifdef KRB5 -static void -set_krb5ccname(uid_t uid) -{ - snprintf (krb5ccname, sizeof(krb5ccname), "FILE:/tmp/krb5cc_%d", uid); -#ifdef KRB4 - snprintf (krbtkfile, sizeof(krbtkfile), "%s%d", TKT_ROOT, (unsigned)uid); -#endif - correct_tkfilename = 1; -} -#endif - -static void -set_spec_krbtkfile(void) -{ - int fd; -#ifdef KRB4 - snprintf (krbtkfile, sizeof(krbtkfile), "%s_XXXXXX", TKT_ROOT); - fd = mkstemp(krbtkfile); - close(fd); - unlink(krbtkfile); - krb_set_tkt_string (krbtkfile); -#endif -#ifdef KRB5 - snprintf(krb5ccname, sizeof(krb5ccname),"FILE:/tmp/krb5cc_XXXXXX"); - fd=mkstemp(krb5ccname+5); - close(fd); - unlink(krb5ccname+5); -#endif -} - -#ifdef KRB5 -static int -verify_krb5(struct passwd *pwd, - char *password, - int32_t *exp, - int quiet) -{ - krb5_context context; - krb5_error_code ret; - krb5_ccache ccache; - krb5_principal principal; - - ret = krb5_init_context(&context); - if (ret) { - syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret); - goto out; - } - - ret = krb5_parse_name (context, pwd->pw_name, &principal); - if (ret) { - syslog(LOG_AUTH|LOG_DEBUG, "krb5_parse_name: %s", - krb5_get_err_text(context, ret)); - goto out; - } - - set_krb5ccname(pwd->pw_uid); - ret = krb5_cc_resolve(context, krb5ccname, &ccache); - if(ret) { - syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_resolve: %s", - krb5_get_err_text(context, ret)); - goto out; - } - - ret = krb5_verify_user_lrealm(context, - principal, - ccache, - password, - TRUE, - NULL); - if(ret) { - syslog(LOG_AUTH|LOG_DEBUG, "krb5_verify_user: %s", - krb5_get_err_text(context, ret)); - goto out; - } - - if(chown(krb5_cc_get_name(context, ccache), pwd->pw_uid, pwd->pw_gid)) { - syslog(LOG_AUTH|LOG_DEBUG, "chown: %s", - krb5_get_err_text(context, errno)); - goto out; - } - -#ifdef KRB4 - { - krb5_realm realm = NULL; - krb5_boolean get_v4_tgt; - - krb5_get_default_realm(context, &realm); - krb5_appdefault_boolean(context, "afskauthlib", - realm, - "krb4_get_tickets", FALSE, &get_v4_tgt); - if (get_v4_tgt) { - CREDENTIALS c; - krb5_creds mcred, cred; - - krb5_cc_clear_mcred(&mcred); - - krb5_make_principal(context, &mcred.server, realm, - "krbtgt", - realm, - NULL); - ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); - if(ret == 0) { - ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c); - if(ret) - krb5_warn(context, ret, "converting creds"); - else { - set_krbtkfile(pwd->pw_uid); - tf_setup(&c, c.pname, c.pinst); - } - memset(&c, 0, sizeof(c)); - krb5_free_cred_contents(context, &cred); - } else - syslog(LOG_AUTH|LOG_DEBUG, "krb5_cc_retrieve_cred: %s", - krb5_get_err_text(context, ret)); - - krb5_free_principal(context, mcred.server); - } - free (realm); - if (!pag_set && k_hasafs()) { - k_setpag(); - pag_set = 1; - } - - if (pag_set) - krb5_afslog_uid_home(context, ccache, NULL, NULL, - pwd->pw_uid, pwd->pw_dir); - } -#endif - out: - if(ret && !quiet) - printf ("%s\n", krb5_get_err_text (context, ret)); - return ret; -} -#endif - -#ifdef KRB4 -static int -verify_krb4(struct passwd *pwd, - char *password, - int32_t *exp, - int quiet) -{ - int ret = 1; - char lrealm[REALM_SZ]; - - if (krb_get_lrealm (lrealm, 1) != KFAILURE) { - set_krbtkfile(pwd->pw_uid); - ret = krb_verify_user (pwd->pw_name, "", lrealm, password, - KRB_VERIFY_SECURE, NULL); - if (ret == KSUCCESS) { - if (!pag_set && k_hasafs()) { - k_setpag (); - pag_set = 1; - } - if (pag_set) - krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir); - } else if (!quiet) - printf ("%s\n", krb_get_err_text (ret)); - } - return ret; -} -#endif - -int -afs_verify(char *name, - char *password, - int32_t *exp, - int quiet) -{ - int ret = 1; - struct passwd *pwd = k_getpwnam (name); - - if(pwd == NULL) - return 1; - - if (!pag_set && k_hasafs()) { - k_setpag(); - pag_set=1; - } - - if (ret) - ret = unix_verify_user (name, password); -#ifdef KRB5 - if (ret) - ret = verify_krb5(pwd, password, exp, quiet); -#endif -#ifdef KRB4 - if(ret) - ret = verify_krb4(pwd, password, exp, quiet); -#endif - return ret; -} - -char * -afs_gettktstring (void) -{ - char *ptr; - struct passwd *pwd; - - if (!correct_tkfilename) { - ptr = getenv("LOGNAME"); - if (ptr != NULL && ((pwd = getpwnam(ptr)) != NULL)) { - set_krb5ccname(pwd->pw_uid); -#ifdef KRB4 - set_krbtkfile(pwd->pw_uid); - if (!pag_set && k_hasafs()) { - k_setpag(); - pag_set=1; - } -#endif - } else { - set_spec_krbtkfile(); - } - } -#ifdef KRB5 - esetenv("KRB5CCNAME",krb5ccname,1); -#endif -#ifdef KRB4 - esetenv("KRBTKFILE",krbtkfile,1); - return krbtkfile; -#else - return ""; -#endif -} diff --git a/crypto/heimdal/lib/auth/pam/Makefile.am b/crypto/heimdal/lib/auth/pam/Makefile.am deleted file mode 100644 index c4d0eb545b7..00000000000 --- a/crypto/heimdal/lib/auth/pam/Makefile.am +++ /dev/null @@ -1,69 +0,0 @@ -# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $ - -include $(top_srcdir)/Makefile.am.common - -AM_CPPFLAGS += $(INCLUDE_krb4) - -WFLAGS += $(WFLAGS_NOIMPLICITINT) - -DEFS = @DEFS@ - -## this is horribly ugly, but automake/libtool doesn't allow us to -## unconditionally build shared libraries, and it does not allow us to -## link with non-installed libraries - -if KRB4 -KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a -KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so - -L = \ - $(KAFS) \ - $(top_builddir)/lib/krb/.libs/libkrb.a \ - $(LIB_hcrypto_a) \ - $(top_builddir)/lib/roken/.libs/libroken.a \ - -lc - -L_shared = \ - $(KAFS_S) \ - $(top_builddir)/lib/krb/.libs/libkrb.so \ - $(LIB_hcrypto_so) \ - $(top_builddir)/lib/roken/.libs/libroken.so \ - $(LIB_getpwnam_r) \ - -lc - -MOD = pam_krb4.so - -endif - -foodir = $(libdir) -foo_DATA = $(MOD) - -LDFLAGS = @LDFLAGS@ - -SRCS = pam.c -OBJS = pam.o - -pam_krb4.so: $(OBJS) - @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ - echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \ - $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \ - elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ - echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \ - $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \ - else \ - echo "missing libraries"; exit 1; \ - fi - -CLEANFILES = $(MOD) $(OBJS) - -SUFFIXES += .c .o - -# XXX inline COMPILE since automake wont add it - -.c.o: - $(LIBTOOL) --mode=compile --tag=CC $(CC) \ - $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ - -c `test -f '$<' || echo '$(srcdir)/'`$< - -EXTRA_DIST = pam.conf.add $(SRCS) diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in deleted file mode 100644 index 0f9e084267b..00000000000 --- a/crypto/heimdal/lib/auth/pam/Makefile.in +++ /dev/null @@ -1,733 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am 22299 2007-12-14 06:39:19Z lha $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common -subdir = lib/auth/pam -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/framework-security.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ - $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ - $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ - $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = -SOURCES = -DIST_SOURCES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(foodir)" -fooDATA_INSTALL = $(INSTALL_DATA) -DATA = $(foo_DATA) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DBLIB = @DBLIB@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ -DIR_hcrypto = @DIR_hcrypto@ -DIR_hdbdir = @DIR_hdbdir@ -DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -GREP = @GREP@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_hcrypto = @INCLUDE_hcrypto@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBADD_roken = @LIBADD_roken@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hcrypto = @LIB_hcrypto@ -LIB_hcrypto_a = @LIB_hcrypto_a@ -LIB_hcrypto_appl = @LIB_hcrypto_appl@ -LIB_hcrypto_so = @LIB_hcrypto_so@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ -LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ -LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_ndestroy = @LIB_res_ndestroy@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NROFF = @NROFF@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT) -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -XMKMF = @XMKMF@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__leading_dot = @am__leading_dot@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) -CP = cp -buildinclude = $(top_builddir)/include -LIB_getattr = @LIB_getattr@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_setpcred = @LIB_setpcred@ -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a -@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so -@KRB4_TRUE@L = \ -@KRB4_TRUE@ $(KAFS) \ -@KRB4_TRUE@ $(top_builddir)/lib/krb/.libs/libkrb.a \ -@KRB4_TRUE@ $(LIB_hcrypto_a) \ -@KRB4_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.a \ -@KRB4_TRUE@ -lc - -@KRB4_TRUE@L_shared = \ -@KRB4_TRUE@ $(KAFS_S) \ -@KRB4_TRUE@ $(top_builddir)/lib/krb/.libs/libkrb.so \ -@KRB4_TRUE@ $(LIB_hcrypto_so) \ -@KRB4_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.so \ -@KRB4_TRUE@ $(LIB_getpwnam_r) \ -@KRB4_TRUE@ -lc - -@KRB4_TRUE@MOD = pam_krb4.so -foodir = $(libdir) -foo_DATA = $(MOD) -SRCS = pam.c -OBJS = pam.o -CLEANFILES = $(MOD) $(OBJS) -EXTRA_DIST = pam.conf.add $(SRCS) -all: all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/pam/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/auth/pam/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-fooDATA: $(foo_DATA) - @$(NORMAL_INSTALL) - test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" - @list='$(foo_DATA)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ - $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ - done - -uninstall-fooDATA: - @$(NORMAL_UNINSTALL) - @list='$(foo_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ - rm -f "$(DESTDIR)$(foodir)/$$f"; \ - done -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-am -all-am: Makefile $(DATA) all-local -installdirs: - for dir in "$(DESTDIR)$(foodir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-fooDATA - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-dvi: install-dvi-am - -install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-fooDATA - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am - -.PHONY: all all-am all-local check check-am check-local clean \ - clean-generic clean-libtool dist-hook distclean \ - distclean-generic distclean-libtool distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-hook install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-fooDATA \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-fooDATA \ - uninstall-hook - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done - -pam_krb4.so: $(OBJS) - @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ - echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L)"; \ - $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L); \ - elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ - echo "$(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared)"; \ - $(LIBTOOL) --mode=link --tag=CC $(CC) -shared -o $@ $(LDFLAGS) $(OBJS) $(L_shared); \ - else \ - echo "missing libraries"; exit 1; \ - fi - -# XXX inline COMPILE since automake wont add it - -.c.o: - $(LIBTOOL) --mode=compile --tag=CC $(CC) \ - $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ - -c `test -f '$<' || echo '$(srcdir)/'`$< -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c deleted file mode 100644 index ed5071b7885..00000000000 --- a/crypto/heimdal/lib/auth/pam/pam.c +++ /dev/null @@ -1,443 +0,0 @@ -/* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: pam.c 11417 2002-09-09 15:57:24Z joda $"); -#endif - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */ -#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR -#endif - -#include -#include -#include - -#if 0 -/* Debugging PAM modules is a royal pain, truss helps. */ -#define DEBUG(msg) (access(msg " at line", __LINE__)) -#endif - -static void -psyslog(int level, const char *format, ...) -{ - va_list args; - va_start(args, format); - openlog("pam_krb4", LOG_PID, LOG_AUTH); - vsyslog(level, format, args); - va_end(args); - closelog(); -} - -enum { - KRB4_DEBUG, - KRB4_USE_FIRST_PASS, - KRB4_TRY_FIRST_PASS, - KRB4_IGNORE_ROOT, - KRB4_NO_VERIFY, - KRB4_REAFSLOG, - KRB4_CTRLS /* Number of ctrl arguments defined. */ -}; - -#define KRB4_DEFAULTS 0 - -static int ctrl_flags = KRB4_DEFAULTS; -#define ctrl_on(x) (krb4_args[x].flag & ctrl_flags) -#define ctrl_off(x) (!ctrl_on(x)) - -typedef struct -{ - const char *token; - unsigned int flag; -} krb4_ctrls_t; - -static krb4_ctrls_t krb4_args[KRB4_CTRLS] = -{ - /* KRB4_DEBUG */ { "debug", 0x01 }, - /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 }, - /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 }, - /* KRB4_IGNORE_ROOT */ { "ignore_root", 0x08 }, - /* KRB4_NO_VERIFY */ { "no_verify", 0x10 }, - /* KRB4_REAFSLOG */ { "reafslog", 0x20 }, -}; - -static void -parse_ctrl(int argc, const char **argv) -{ - int i, j; - - ctrl_flags = KRB4_DEFAULTS; - for (i = 0; i < argc; i++) - { - for (j = 0; j < KRB4_CTRLS; j++) - if (strcmp(argv[i], krb4_args[j].token) == 0) - break; - - if (j >= KRB4_CTRLS) - psyslog(LOG_ALERT, "unrecognized option [%s]", *argv); - else - ctrl_flags |= krb4_args[j].flag; - } -} - -static void -pdeb(const char *format, ...) -{ - va_list args; - if (ctrl_off(KRB4_DEBUG)) - return; - va_start(args, format); - openlog("pam_krb4", LOG_PID, LOG_AUTH); - vsyslog(LOG_DEBUG, format, args); - va_end(args); - closelog(); -} - -#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid()) - -static void -set_tkt_string(uid_t uid) -{ - char buf[128]; - - snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid); - krb_set_tkt_string(buf); - -#if 0 - /* pam_set_data+pam_get_data are not guaranteed to work, grr. */ - pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup); - if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS) - { - pam_putenv(pamh, var); - } -#endif - - /* We don't want to inherit this variable. - * If we still do, it must have a sane value. */ - if (getenv("KRBTKFILE") != 0) - { - char *var = malloc(sizeof(buf)); - snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string()); - putenv(var); - /* free(var); XXX */ - } -} - -static int -verify_pass(pam_handle_t *pamh, - const char *name, - const char *inst, - const char *pass) -{ - char realm[REALM_SZ]; - int ret, krb_verify, old_euid, old_ruid; - - krb_get_lrealm(realm, 1); - if (ctrl_on(KRB4_NO_VERIFY)) - krb_verify = KRB_VERIFY_SECURE_FAIL; - else - krb_verify = KRB_VERIFY_SECURE; - old_ruid = getuid(); - old_euid = geteuid(); - setreuid(0, 0); - ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL); - pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s", - name, inst, realm, krb_verify, - krb_get_err_text(ret)); - setreuid(old_ruid, old_euid); - if (getuid() != old_ruid || geteuid() != old_euid) - { - psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d", - old_ruid, old_euid, __LINE__); - exit(1); - } - - switch(ret) { - case KSUCCESS: - return PAM_SUCCESS; - case KDC_PR_UNKNOWN: - return PAM_USER_UNKNOWN; - case SKDC_CANT: - case SKDC_RETRY: - case RD_AP_TIME: - return PAM_AUTHINFO_UNAVAIL; - default: - return PAM_AUTH_ERR; - } -} - -static int -krb4_auth(pam_handle_t *pamh, - int flags, - const char *name, - const char *inst, - struct pam_conv *conv) -{ - struct pam_response *resp; - char prompt[128]; - struct pam_message msg, *pmsg = &msg; - int ret; - - if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS)) - { - char *pass = 0; - ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass); - if (ret != PAM_SUCCESS) - { - psyslog(LOG_ERR , "pam_get_item returned error to get-password"); - return ret; - } - else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS) - return PAM_SUCCESS; - else if (ctrl_on(KRB4_USE_FIRST_PASS)) - return PAM_AUTHTOK_RECOVERY_ERR; /* Wrong password! */ - else - /* We tried the first password but it didn't work, cont. */; - } - - msg.msg_style = PAM_PROMPT_ECHO_OFF; - if (*inst == 0) - snprintf(prompt, sizeof(prompt), "%s's Password: ", name); - else - snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst); - msg.msg = prompt; - - ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr); - if (ret != PAM_SUCCESS) - return ret; - - ret = verify_pass(pamh, name, inst, resp->resp); - if (ret == PAM_SUCCESS) - { - memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */ - free(resp->resp); - free(resp); - } - else - { - pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */ - /* free(resp->resp); XXX */ - /* free(resp); XXX */ - } - - return ret; -} - -int -pam_sm_authenticate(pam_handle_t *pamh, - int flags, - int argc, - const char **argv) -{ - char *user; - int ret; - struct pam_conv *conv; - struct passwd *pw; - uid_t uid = -1; - const char *name, *inst; - char realm[REALM_SZ]; - realm[0] = 0; - - parse_ctrl(argc, argv); - ENTRY("pam_sm_authenticate"); - - ret = pam_get_user(pamh, &user, "login: "); - if (ret != PAM_SUCCESS) - return ret; - - if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0) - return PAM_AUTHINFO_UNAVAIL; - - ret = pam_get_item(pamh, PAM_CONV, (void*)&conv); - if (ret != PAM_SUCCESS) - return ret; - - pw = getpwnam(user); - if (pw != 0) - { - uid = pw->pw_uid; - set_tkt_string(uid); - } - - if (strcmp(user, "root") == 0 && getuid() != 0) - { - pw = getpwuid(getuid()); - if (pw != 0) - { - name = strdup(pw->pw_name); - inst = "root"; - } - } - else - { - name = user; - inst = ""; - } - - ret = krb4_auth(pamh, flags, name, inst, conv); - - /* - * The realm was lost inside krb_verify_user() so we can't simply do - * a krb_kuserok() when inst != "". - */ - if (ret == PAM_SUCCESS && inst[0] != 0) - { - uid_t old_euid = geteuid(); - uid_t old_ruid = getuid(); - - setreuid(0, 0); /* To read ticket file. */ - if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS) - ret = PAM_SERVICE_ERR; - else if (krb_kuserok(name, inst, realm, user) != KSUCCESS) - { - setreuid(0, uid); /* To read ~/.klogin. */ - if (krb_kuserok(name, inst, realm, user) != KSUCCESS) - ret = PAM_PERM_DENIED; - } - - if (ret != PAM_SUCCESS) - { - dest_tkt(); /* Passwd known, ok to kill ticket. */ - psyslog(LOG_NOTICE, - "%s.%s@%s is not allowed to log in as %s", - name, inst, realm, user); - } - - setreuid(old_ruid, old_euid); - if (getuid() != old_ruid || geteuid() != old_euid) - { - psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d", - old_ruid, old_euid, __LINE__); - exit(1); - } - } - - if (ret == PAM_SUCCESS) - { - psyslog(LOG_INFO, - "%s.%s@%s authenticated as user %s", - name, inst, realm, user); - if (chown(tkt_string(), uid, -1) == -1) - { - dest_tkt(); - psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid); - exit(1); - } - } - - /* - * Kludge alert!!! Sun dtlogin unlock screen fails to call - * pam_setcred(3) with PAM_REFRESH_CRED after a successful - * authentication attempt, sic. - * - * This hack is designed as a workaround to that problem. - */ - if (ctrl_on(KRB4_REAFSLOG)) - if (ret == PAM_SUCCESS) - pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv); - - return ret; -} - -int -pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) -{ - parse_ctrl(argc, argv); - ENTRY("pam_sm_setcred"); - - switch (flags & ~PAM_SILENT) { - case 0: - case PAM_ESTABLISH_CRED: - if (k_hasafs()) - k_setpag(); - /* Fall through, fill PAG with credentials below. */ - case PAM_REINITIALIZE_CRED: - case PAM_REFRESH_CRED: - if (k_hasafs()) - { - void *user = 0; - - if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS) - { - struct passwd *pw = getpwnam((char *)user); - if (pw != 0) - krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0, - pw->pw_uid, pw->pw_dir); - } - } - break; - case PAM_DELETE_CRED: - dest_tkt(); - if (k_hasafs()) - k_unlog(); - break; - default: - psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags); - break; - } - - return PAM_SUCCESS; -} - -int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) -{ - parse_ctrl(argc, argv); - ENTRY("pam_sm_open_session"); - - return PAM_SUCCESS; -} - - -int -pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv) -{ - parse_ctrl(argc, argv); - ENTRY("pam_sm_close_session"); - - /* This isn't really kosher, but it's handy. */ - pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv); - - return PAM_SUCCESS; -} diff --git a/crypto/heimdal/lib/auth/pam/pam.conf.add b/crypto/heimdal/lib/auth/pam/pam.conf.add deleted file mode 100644 index 7db3e3d85a3..00000000000 --- a/crypto/heimdal/lib/auth/pam/pam.conf.add +++ /dev/null @@ -1,97 +0,0 @@ -To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch: - ---- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998 -+++ /etc/pam.conf Tue Feb 15 19:39:12 2000 -@@ -4,15 +4,19 @@ - # - # Authentication management - # -+login auth sufficient /usr/athena/lib/pam_krb4.so - login auth required /usr/lib/security/pam_unix.so.1 - login auth required /usr/lib/security/pam_dial_auth.so.1 - # - rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 - rlogin auth required /usr/lib/security/pam_unix.so.1 - # -+dtlogin auth sufficient /usr/athena/lib/pam_krb4.so - dtlogin auth required /usr/lib/security/pam_unix.so.1 - # - rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 -+# Reafslog is for dtlogin lock display -+other auth sufficient /usr/athena/lib/pam_krb4.so reafslog - other auth required /usr/lib/security/pam_unix.so.1 - # - # Account management -@@ -24,6 +28,8 @@ - # - # Session management - # -+dtlogin session required /usr/athena/lib/pam_krb4.so -+login session required /usr/athena/lib/pam_krb4.so - other session required /usr/lib/security/pam_unix.so.1 - # - # Password management ---------------------------------------------------------------------------- -To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches: - ---- /etc/pam.d/login~ Tue Dec 7 12:01:35 1999 -+++ /etc/pam.d/login Wed May 31 16:27:55 2000 -@@ -1,9 +1,12 @@ - #%PAM-1.0 -+# Updated to work with kerberos -+auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 - auth required /lib/security/pam_securetty.so - auth required /lib/security/pam_pwdb.so shadow nullok - auth required /lib/security/pam_nologin.so - account required /lib/security/pam_pwdb.so - password required /lib/security/pam_cracklib.so - password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow -+session required /usr/athena/lib/pam_krb4.so.1.0.1 - session required /lib/security/pam_pwdb.so - session optional /lib/security/pam_console.so ---- /etc/pam.d/xdm~ Wed May 31 16:33:54 2000 -+++ /etc/pam.d/xdm Wed May 31 16:28:29 2000 -@@ -1,8 +1,11 @@ - #%PAM-1.0 -+# Updated to work with kerberos -+auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 - auth required /lib/security/pam_pwdb.so shadow nullok - auth required /lib/security/pam_nologin.so - account required /lib/security/pam_pwdb.so - password required /lib/security/pam_cracklib.so - password required /lib/security/pam_pwdb.so shadow nullok use_authtok -+session required /usr/athena/lib/pam_krb4.so.1.0.1 - session required /lib/security/pam_pwdb.so - session optional /lib/security/pam_console.so ---- /etc/pam.d/gdm~ Wed May 31 16:33:54 2000 -+++ /etc/pam.d/gdm Wed May 31 16:34:28 2000 -@@ -1,8 +1,11 @@ - #%PAM-1.0 -+# Updated to work with kerberos -+auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 - auth required /lib/security/pam_pwdb.so shadow nullok - auth required /lib/security/pam_nologin.so - account required /lib/security/pam_pwdb.so - password required /lib/security/pam_cracklib.so - password required /lib/security/pam_pwdb.so shadow nullok use_authtok -+session required /usr/athena/lib/pam_krb4.so.1.0.1 - session required /lib/security/pam_pwdb.so - session optional /lib/security/pam_console.so - --------------------------------------------------------------------------- - -This stuff may work under some other system. - -# To get this to work, you will have to add entries to /etc/pam.conf -# -# To make login kerberos-aware, you might change pam.conf to look -# like: - -# login authorization -login auth sufficient /lib/security/pam_krb4.so -login auth required /lib/security/pam_securetty.so -login auth required /lib/security/pam_unix_auth.so -login account required /lib/security/pam_unix_acct.so -login password required /lib/security/pam_unix_passwd.so -login session required /lib/security/pam_krb4.so -login session required /lib/security/pam_unix_session.so diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am deleted file mode 100644 index 7b6aeddf2f6..00000000000 --- a/crypto/heimdal/lib/auth/sia/Makefile.am +++ /dev/null @@ -1,116 +0,0 @@ -# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $ - -include $(top_srcdir)/Makefile.am.common - -AM_CPPFLAGS += $(INCLUDE_krb4) - -WFLAGS += $(WFLAGS_NOIMPLICITINT) - -DEFS = @DEFS@ - -## this is horribly ugly, but automake/libtool doesn't allow us to -## unconditionally build shared libraries, and it does not allow us to -## link with non-installed libraries - -KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a -KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so - -if KRB5 -L = \ - $(KAFS) \ - $(top_builddir)/lib/krb5/.libs/libkrb5.a \ - $(top_builddir)/lib/asn1/.libs/libasn1.a \ - $(LIB_krb4) \ - $(LIB_hcrypto_a) \ - $(LIB_com_err_a) \ - $(top_builddir)/lib/roken/.libs/libroken.a \ - $(LIB_getpwnam_r) \ - -lc - -L_shared = \ - $(KAFS_S) \ - $(top_builddir)/lib/krb5/.libs/libkrb5.so \ - $(top_builddir)/lib/asn1/.libs/libasn1.so \ - $(LIB_krb4) \ - $(LIB_hcrypto_so) \ - $(LIB_com_err_so) \ - $(top_builddir)/lib/roken/.libs/libroken.so \ - $(LIB_getpwnam_r) \ - -lc - -MOD = libsia_krb5.so - -else - -L = \ - $(KAFS) \ - $(top_builddir)/lib/kadm/.libs/libkadm.a \ - $(top_builddir)/lib/krb/.libs/libkrb.a \ - $(LIB_hcrypto_a) \ - $(top_builddir)/lib/com_err/.libs/libcom_err.a \ - $(top_builddir)/lib/roken/.libs/libroken.a \ - $(LIB_getpwnam_r) \ - -lc - -L_shared = \ - $(KAFS_S) \ - $(top_builddir)/lib/kadm/.libs/libkadm.so \ - $(top_builddir)/lib/krb/.libs/libkrb.so \ - $(LIB_hcrypto_so) \ - $(top_builddir)/lib/com_err/.libs/libcom_err.so \ - $(top_builddir)/lib/roken/.libs/libroken.so \ - $(LIB_getpwnam_r) \ - -lc - -MOD = libsia_krb4.so - -endif - -foodir = $(libdir) -foo_DATA = $(MOD) - -LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* - -SRCS = sia.c posix_getpw.c sia_locl.h -OBJS = sia.o posix_getpw.o - -libsia_krb5.so: $(OBJS) - @if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ - elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ - else \ - echo "missing libraries"; exit 1; \ - fi - ostrip -x $@ - -libsia_krb4.so: $(OBJS) - @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ - elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ - else \ - echo "missing libraries"; exit 1; \ - fi - ostrip -x $@ - -CLEANFILES = $(MOD) $(OBJS) so_locations - -SUFFIXES += .c .o - -# XXX inline COMPILE since automake wont add it - -.c.o: - $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ - -c `test -f '$<' || echo '$(srcdir)/'`$< - -EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \ - krb4_matrix.conf krb4+c2_matrix.conf \ - krb5_matrix.conf krb5+c2_matrix.conf \ - security.patch \ - make-rpath $(SRCS) diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in deleted file mode 100644 index 88f62579821..00000000000 --- a/crypto/heimdal/lib/auth/sia/Makefile.in +++ /dev/null @@ -1,778 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am 22304 2007-12-14 12:18:18Z lha $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common -subdir = lib/auth/sia -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/framework-security.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ - $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ - $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ - $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = -SOURCES = -DIST_SOURCES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(foodir)" -fooDATA_INSTALL = $(INSTALL_DATA) -DATA = $(foo_DATA) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DBLIB = @DBLIB@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ -DIR_hcrypto = @DIR_hcrypto@ -DIR_hdbdir = @DIR_hdbdir@ -DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -GREP = @GREP@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_hcrypto = @INCLUDE_hcrypto@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -rpath $(libdir) -Wl,-hidden -Wl,-exported_symbol -Wl,siad_\* -LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBADD_roken = @LIBADD_roken@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hcrypto = @LIB_hcrypto@ -LIB_hcrypto_a = @LIB_hcrypto_a@ -LIB_hcrypto_appl = @LIB_hcrypto_appl@ -LIB_hcrypto_so = @LIB_hcrypto_so@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ -LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ -LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_ndestroy = @LIB_res_ndestroy@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NROFF = @NROFF@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT) -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -XMKMF = @XMKMF@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__leading_dot = @am__leading_dot@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) -CP = cp -buildinclude = $(top_builddir)/include -LIB_getattr = @LIB_getattr@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_setpcred = @LIB_setpcred@ -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a -KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so -@KRB5_FALSE@L = \ -@KRB5_FALSE@ $(KAFS) \ -@KRB5_FALSE@ $(top_builddir)/lib/kadm/.libs/libkadm.a \ -@KRB5_FALSE@ $(top_builddir)/lib/krb/.libs/libkrb.a \ -@KRB5_FALSE@ $(LIB_hcrypto_a) \ -@KRB5_FALSE@ $(top_builddir)/lib/com_err/.libs/libcom_err.a \ -@KRB5_FALSE@ $(top_builddir)/lib/roken/.libs/libroken.a \ -@KRB5_FALSE@ $(LIB_getpwnam_r) \ -@KRB5_FALSE@ -lc - -@KRB5_TRUE@L = \ -@KRB5_TRUE@ $(KAFS) \ -@KRB5_TRUE@ $(top_builddir)/lib/krb5/.libs/libkrb5.a \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/.libs/libasn1.a \ -@KRB5_TRUE@ $(LIB_krb4) \ -@KRB5_TRUE@ $(LIB_hcrypto_a) \ -@KRB5_TRUE@ $(LIB_com_err_a) \ -@KRB5_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.a \ -@KRB5_TRUE@ $(LIB_getpwnam_r) \ -@KRB5_TRUE@ -lc - -@KRB5_FALSE@L_shared = \ -@KRB5_FALSE@ $(KAFS_S) \ -@KRB5_FALSE@ $(top_builddir)/lib/kadm/.libs/libkadm.so \ -@KRB5_FALSE@ $(top_builddir)/lib/krb/.libs/libkrb.so \ -@KRB5_FALSE@ $(LIB_hcrypto_so) \ -@KRB5_FALSE@ $(top_builddir)/lib/com_err/.libs/libcom_err.so \ -@KRB5_FALSE@ $(top_builddir)/lib/roken/.libs/libroken.so \ -@KRB5_FALSE@ $(LIB_getpwnam_r) \ -@KRB5_FALSE@ -lc - -@KRB5_TRUE@L_shared = \ -@KRB5_TRUE@ $(KAFS_S) \ -@KRB5_TRUE@ $(top_builddir)/lib/krb5/.libs/libkrb5.so \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/.libs/libasn1.so \ -@KRB5_TRUE@ $(LIB_krb4) \ -@KRB5_TRUE@ $(LIB_hcrypto_so) \ -@KRB5_TRUE@ $(LIB_com_err_so) \ -@KRB5_TRUE@ $(top_builddir)/lib/roken/.libs/libroken.so \ -@KRB5_TRUE@ $(LIB_getpwnam_r) \ -@KRB5_TRUE@ -lc - -@KRB5_FALSE@MOD = libsia_krb4.so -@KRB5_TRUE@MOD = libsia_krb5.so -foodir = $(libdir) -foo_DATA = $(MOD) -SRCS = sia.c posix_getpw.c sia_locl.h -OBJS = sia.o posix_getpw.o -CLEANFILES = $(MOD) $(OBJS) so_locations -EXTRA_DIST = sia.c sia_locl.h posix_getpw.c \ - krb4_matrix.conf krb4+c2_matrix.conf \ - krb5_matrix.conf krb5+c2_matrix.conf \ - security.patch \ - make-rpath $(SRCS) - -all: all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/auth/sia/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/auth/sia/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-fooDATA: $(foo_DATA) - @$(NORMAL_INSTALL) - test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" - @list='$(foo_DATA)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ - $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ - done - -uninstall-fooDATA: - @$(NORMAL_UNINSTALL) - @list='$(foo_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ - rm -f "$(DESTDIR)$(foodir)/$$f"; \ - done -tags: TAGS -TAGS: - -ctags: CTAGS -CTAGS: - - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: check-am -all-am: Makefile $(DATA) all-local -installdirs: - for dir in "$(DESTDIR)$(foodir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-generic - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-fooDATA - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-dvi: install-dvi-am - -install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-fooDATA - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am - -.PHONY: all all-am all-local check check-am check-local clean \ - clean-generic clean-libtool dist-hook distclean \ - distclean-generic distclean-libtool distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-hook install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-fooDATA \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-fooDATA \ - uninstall-hook - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done - -libsia_krb5.so: $(OBJS) - @if test -f $(top_builddir)/lib/krb5/.libs/libkrb5.a; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ - elif test -f $(top_builddir)/lib/krb5/.libs/libkrb5.so; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ - else \ - echo "missing libraries"; exit 1; \ - fi - ostrip -x $@ - -libsia_krb4.so: $(OBJS) - @if test -f $(top_builddir)/lib/krb/.libs/libkrb.a; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L)`; \ - elif test -f $(top_builddir)/lib/krb/.libs/libkrb.so; then \ - echo "$(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`"; \ - $(CC) -shared -o $@ `$(SHELL) $(srcdir)/make-rpath $(LDFLAGS) $(OBJS) $(L_shared)`; \ - else \ - echo "missing libraries"; exit 1; \ - fi - ostrip -x $@ - -# XXX inline COMPILE since automake wont add it - -.c.o: - $(CC) $(DEFS) $(DEFAULT_AM_CPPFLAGS) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ - -c `test -f '$<' || echo '$(srcdir)/'`$< -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf deleted file mode 100644 index 47b5cd4fba2..00000000000 --- a/crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright (c) 1998 Kungliga Tekniska Högskolan -# (Royal Institute of Technology, Stockholm, Sweden). -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the Institute nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. - -# $Id: krb4+c2_matrix.conf 7463 1999-12-02 16:58:55Z joda $ - -# sia matrix configuration file (Kerberos 4 + C2) - -siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_chk_invoker=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_estab=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chg_finger=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chg_shell=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_getpwent=(BSD,libc.so) -siad_getpwuid=(BSD,libc.so) -siad_getpwnam=(BSD,libc.so) -siad_setpwent=(BSD,libc.so) -siad_endpwent=(BSD,libc.so) -siad_getgrent=(BSD,libc.so) -siad_getgrgid=(BSD,libc.so) -siad_getgrnam=(BSD,libc.so) -siad_setgrent=(BSD,libc.so) -siad_endgrent=(BSD,libc.so) -siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(OSFC2,/usr/shlib/libsecurity.so) diff --git a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf b/crypto/heimdal/lib/auth/sia/krb4_matrix.conf deleted file mode 100644 index 17d6d13978a..00000000000 --- a/crypto/heimdal/lib/auth/sia/krb4_matrix.conf +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright (c) 1998 Kungliga Tekniska Högskolan -# (Royal Institute of Technology, Stockholm, Sweden). -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the Institute nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. - -# $Id: krb4_matrix.conf 7463 1999-12-02 16:58:55Z joda $ - -# sia matrix configuration file (Kerberos 4 + BSD) - -siad_init=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_chk_invoker=(BSD,libc.so) -siad_ses_init=(KRB4,/usr/athena/lib/libsia_krb4.so) -siad_ses_authent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_ses_estab=(BSD,libc.so) -siad_ses_launch=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_ses_suauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_ses_reauthent=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_chg_finger=(BSD,libc.so) -siad_chg_password=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_chg_shell=(BSD,libc.so) -siad_getpwent=(BSD,libc.so) -siad_getpwuid=(BSD,libc.so) -siad_getpwnam=(BSD,libc.so) -siad_setpwent=(BSD,libc.so) -siad_endpwent=(BSD,libc.so) -siad_getgrent=(BSD,libc.so) -siad_getgrgid=(BSD,libc.so) -siad_getgrnam=(BSD,libc.so) -siad_setgrent=(BSD,libc.so) -siad_endgrent=(BSD,libc.so) -siad_ses_release=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) -siad_chk_user=(KRB4,/usr/athena/lib/libsia_krb4.so)(BSD,libc.so) - diff --git a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf deleted file mode 100644 index ada8ba507ab..00000000000 --- a/crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf +++ /dev/null @@ -1,27 +0,0 @@ -# $Id: krb5+c2_matrix.conf 5254 1998-11-26 20:58:18Z assar $ - -# sia matrix configuration file (Kerberos 5 + C2) - -siad_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(BSD,libc.so) -siad_chk_invoker=(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_init=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_authent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_estab=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_launch=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_suauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_ses_reauthent=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chg_finger=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chg_password=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chg_shell=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_getpwent=(BSD,libc.so) -siad_getpwuid=(BSD,libc.so) -siad_getpwnam=(BSD,libc.so) -siad_setpwent=(BSD,libc.so) -siad_endpwent=(BSD,libc.so) -siad_getgrent=(BSD,libc.so) -siad_getgrgid=(BSD,libc.so) -siad_getgrnam=(BSD,libc.so) -siad_setgrent=(BSD,libc.so) -siad_endgrent=(BSD,libc.so) -siad_ses_release=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) -siad_chk_user=(KRB5,/usr/athena/lib/libsia_krb5.so)(OSFC2,/usr/shlib/libsecurity.so) diff --git a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf b/crypto/heimdal/lib/auth/sia/krb5_matrix.conf deleted file mode 100644 index ab07956fb9c..00000000000 --- a/crypto/heimdal/lib/auth/sia/krb5_matrix.conf +++ /dev/null @@ -1,27 +0,0 @@ -# $Id: krb5_matrix.conf 10576 2001-08-28 08:49:20Z joda $ - -# sia matrix configuration file (Kerberos 5 + BSD) - -siad_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) -siad_chk_invoker=(BSD,libc.so) -siad_ses_init=(KRB5,/usr/heimdal/lib/libsia_krb5.so) -siad_ses_authent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) -siad_ses_estab=(BSD,libc.so) -siad_ses_launch=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) -siad_ses_suauthent=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) -siad_ses_reauthent=(BSD,libc.so) -siad_chg_finger=(BSD,libc.so) -siad_chg_password=(BSD,libc.so) -siad_chg_shell=(BSD,libc.so) -siad_getpwent=(BSD,libc.so) -siad_getpwuid=(BSD,libc.so) -siad_getpwnam=(BSD,libc.so) -siad_setpwent=(BSD,libc.so) -siad_endpwent=(BSD,libc.so) -siad_getgrent=(BSD,libc.so) -siad_getgrgid=(BSD,libc.so) -siad_getgrnam=(BSD,libc.so) -siad_setgrent=(BSD,libc.so) -siad_endgrent=(BSD,libc.so) -siad_ses_release=(KRB5,/usr/heimdal/lib/libsia_krb5.so)(BSD,libc.so) -siad_chk_user=(BSD,libc.so) diff --git a/crypto/heimdal/lib/auth/sia/make-rpath b/crypto/heimdal/lib/auth/sia/make-rpath deleted file mode 100755 index 4aa297eeeb6..00000000000 --- a/crypto/heimdal/lib/auth/sia/make-rpath +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# $Id: make-rpath 10345 2001-07-17 15:15:31Z assar $ -rlist= -rest= -while test $# -gt 0; do -case $1 in --R|-rpath) - if test "$rlist"; then - rlist="${rlist}:$2" - else - rlist="$2" - fi - shift 2 - ;; --R*) - d=`echo $1 | sed 's,^-R,,'` - if test "$rlist"; then - rlist="${rlist}:${d}" - else - rlist="${d}" - fi - shift - ;; -*) - rest="${rest} $1" - shift - ;; -esac -done -rpath= -if test "$rlist"; then - rpath="-rpath $rlist " -fi -echo "${rpath}${rest}" diff --git a/crypto/heimdal/lib/auth/sia/posix_getpw.c b/crypto/heimdal/lib/auth/sia/posix_getpw.c deleted file mode 100644 index 65d7a2ef1d3..00000000000 --- a/crypto/heimdal/lib/auth/sia/posix_getpw.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "sia_locl.h" - -RCSID("$Id: posix_getpw.c 5680 1999-03-21 17:07:02Z joda $"); - -#ifndef POSIX_GETPWNAM_R -/* - * These functions translate from the old Digital UNIX 3.x interface - * to POSIX.1c. - */ - -int -posix_getpwnam_r(const char *name, struct passwd *pwd, - char *buffer, int len, struct passwd **result) -{ - int ret = getpwnam_r(name, pwd, buffer, len); - if(ret == 0) - *result = pwd; - else{ - *result = NULL; - ret = _Geterrno(); - if(ret == 0){ - ret = ERANGE; - _Seterrno(ret); - } - } - return ret; -} - -int -posix_getpwuid_r(uid_t uid, struct passwd *pwd, - char *buffer, int len, struct passwd **result) -{ - int ret = getpwuid_r(uid, pwd, buffer, len); - if(ret == 0) - *result = pwd; - else{ - *result = NULL; - ret = _Geterrno(); - if(ret == 0){ - ret = ERANGE; - _Seterrno(ret); - } - } - return ret; -} -#endif /* POSIX_GETPWNAM_R */ diff --git a/crypto/heimdal/lib/auth/sia/security.patch b/crypto/heimdal/lib/auth/sia/security.patch deleted file mode 100644 index c407876d636..00000000000 --- a/crypto/heimdal/lib/auth/sia/security.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- /sbin/init.d/security~ Tue Aug 20 22:44:09 1996 -+++ /sbin/init.d/security Fri Nov 1 14:52:56 1996 -@@ -49,7 +49,7 @@ - SECURITY=BASE - fi - ;; -- BASE) -+ BASE|KRB4) - ;; - *) - echo "security configuration set to default (BASE)." diff --git a/crypto/heimdal/lib/auth/sia/sia.c b/crypto/heimdal/lib/auth/sia/sia.c deleted file mode 100644 index 640b868cb61..00000000000 --- a/crypto/heimdal/lib/auth/sia/sia.c +++ /dev/null @@ -1,703 +0,0 @@ -/* - * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "sia_locl.h" - -RCSID("$Id: sia.c 14838 2005-04-19 04:41:07Z lha $"); - -int -siad_init(void) -{ - return SIADSUCCESS; -} - -int -siad_chk_invoker(void) -{ - SIA_DEBUG(("DEBUG", "siad_chk_invoker")); - return SIADFAIL; -} - -int -siad_ses_init(SIAENTITY *entity, int pkgind) -{ - struct state *s = malloc(sizeof(*s)); - - SIA_DEBUG(("DEBUG", "siad_ses_init")); - if(s == NULL) - return SIADFAIL; - memset(s, 0, sizeof(*s)); -#ifdef SIA_KRB5 - { - krb5_error_code ret; - ret = krb5_init_context(&s->context); - if (ret) - return SIADFAIL; - } -#endif - entity->mech[pkgind] = (int*)s; - return SIADSUCCESS; -} - -static int -setup_name(SIAENTITY *e, prompt_t *p) -{ - SIA_DEBUG(("DEBUG", "setup_name")); - e->name = malloc(SIANAMEMIN + 1); - if(e->name == NULL){ - SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIANAMEMIN+1)); - return SIADFAIL; - } - p->prompt = (unsigned char*)"login: "; - p->result = (unsigned char*)e->name; - p->min_result_length = 1; - p->max_result_length = SIANAMEMIN; - p->control_flags = 0; - return SIADSUCCESS; -} - -static int -setup_password(SIAENTITY *e, prompt_t *p) -{ - SIA_DEBUG(("DEBUG", "setup_password")); - e->password = malloc(SIAMXPASSWORD + 1); - if(e->password == NULL){ - SIA_DEBUG(("DEBUG", "failed to malloc %u bytes", SIAMXPASSWORD+1)); - return SIADFAIL; - } - p->prompt = (unsigned char*)"Password: "; - p->result = (unsigned char*)e->password; - p->min_result_length = 0; - p->max_result_length = SIAMXPASSWORD; - p->control_flags = SIARESINVIS; - return SIADSUCCESS; -} - - -static int -doauth(SIAENTITY *entity, int pkgind, char *name) -{ - struct passwd pw, *pwd; - char pwbuf[1024]; - struct state *s = (struct state*)entity->mech[pkgind]; -#ifdef SIA_KRB5 - krb5_realm *realms, *r; - krb5_principal principal; - krb5_ccache ccache; - krb5_error_code ret; -#endif -#ifdef SIA_KRB4 - char realm[REALM_SZ]; - char *toname, *toinst; - int ret; - struct passwd fpw, *fpwd; - char fpwbuf[1024]; - int secure; -#endif - - if(getpwnam_r(name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0 || pwd == NULL){ - SIA_DEBUG(("DEBUG", "failed to getpwnam(%s)", name)); - return SIADFAIL; - } - -#ifdef SIA_KRB5 - ret = krb5_get_default_realms(s->context, &realms); - - for (r = realms; *r != NULL; ++r) { - krb5_make_principal (s->context, &principal, *r, entity->name, NULL); - - if(krb5_kuserok(s->context, principal, entity->name)) - break; - } - krb5_free_host_realm (s->context, realms); - if (*r == NULL) - return SIADFAIL; - - sprintf(s->ticket, "FILE:/tmp/krb5_cc%d_%d", pwd->pw_uid, getpid()); - ret = krb5_cc_resolve(s->context, s->ticket, &ccache); - if(ret) - return SIADFAIL; -#endif - -#ifdef SIA_KRB4 - snprintf(s->ticket, sizeof(s->ticket), - "%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid()); - krb_get_lrealm(realm, 1); - toname = name; - toinst = ""; - if(entity->authtype == SIA_A_SUAUTH){ - uid_t ouid; -#ifdef HAVE_SIAENTITY_OUID - ouid = entity->ouid; -#else - ouid = getuid(); -#endif - if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0 || fpwd == NULL){ - SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid)); - return SIADFAIL; - } - snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d", - TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid()); - if(strcmp(pwd->pw_name, "root") == 0){ - toname = fpwd->pw_name; - toinst = pwd->pw_name; - } - } - if(entity->authtype == SIA_A_REAUTH) - snprintf(s->ticket, sizeof(s->ticket), "%s", tkt_string()); - - krb_set_tkt_string(s->ticket); - - setuid(0); /* XXX fix for fix in tf_util.c */ - if(krb_kuserok(toname, toinst, realm, name)){ - SIA_DEBUG(("DEBUG", "%s.%s@%s is not allowed to login as %s", - toname, toinst, realm, name)); - return SIADFAIL; - } -#endif -#ifdef SIA_KRB5 - ret = krb5_verify_user_lrealm(s->context, principal, ccache, - entity->password, 1, NULL); - if(ret){ - /* if this is most likely a local user (such as - root), just silently return failure when the - principal doesn't exist */ - if(ret != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && - ret != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) - SIALOG("WARNING", "krb5_verify_user(%s): %s", - entity->name, error_message(ret)); - return SIADFAIL; - } -#endif -#ifdef SIA_KRB4 - if (getuid () == 0) - secure = KRB_VERIFY_SECURE; - else - secure = KRB_VERIFY_NOT_SECURE; - - ret = krb_verify_user(toname, toinst, realm, - entity->password, secure, NULL); - if(ret){ - SIA_DEBUG(("DEBUG", "krb_verify_user: %s", krb_get_err_text(ret))); - if(ret != KDC_PR_UNKNOWN) - /* since this is most likely a local user (such as - root), just silently return failure when the - principal doesn't exist */ - SIALOG("WARNING", "krb_verify_user(%s.%s): %s", - toname, toinst, krb_get_err_text(ret)); - return SIADFAIL; - } -#endif - if(sia_make_entity_pwd(pwd, entity) == SIAFAIL) - return SIADFAIL; - s->valid = 1; - return SIADSUCCESS; -} - - -static int -common_auth(sia_collect_func_t *collect, - SIAENTITY *entity, - int siastat, - int pkgind) -{ - prompt_t prompts[2], *pr; - char *name; - - SIA_DEBUG(("DEBUG", "common_auth")); - if((siastat == SIADSUCCESS) && (geteuid() == 0)) - return SIADSUCCESS; - if(entity == NULL) { - SIA_DEBUG(("DEBUG", "entity == NULL")); - return SIADFAIL | SIADSTOP; - } - name = entity->name; - if(entity->acctname) - name = entity->acctname; - - if((collect != NULL) && entity->colinput) { - int num; - pr = prompts; - if(name == NULL){ - if(setup_name(entity, pr) != SIADSUCCESS) - return SIADFAIL; - pr++; - } - if(entity->password == NULL){ - if(setup_password(entity, pr) != SIADSUCCESS) - return SIADFAIL; - pr++; - } - num = pr - prompts; - if(num == 1){ - if((*collect)(240, SIAONELINER, (unsigned char*)"", num, - prompts) != SIACOLSUCCESS){ - SIA_DEBUG(("DEBUG", "collect failed")); - return SIADFAIL | SIADSTOP; - } - } else if(num > 0){ - if((*collect)(0, SIAFORM, (unsigned char*)"", num, - prompts) != SIACOLSUCCESS){ - SIA_DEBUG(("DEBUG", "collect failed")); - return SIADFAIL | SIADSTOP; - } - } - } - if(name == NULL) - name = entity->name; - if(name == NULL || name[0] == '\0'){ - SIA_DEBUG(("DEBUG", "name is null")); - return SIADFAIL; - } - - if(entity->password == NULL || strlen(entity->password) > SIAMXPASSWORD){ - SIA_DEBUG(("DEBUG", "entity->password is null")); - return SIADFAIL; - } - - return doauth(entity, pkgind, name); -} - - -int -siad_ses_authent(sia_collect_func_t *collect, - SIAENTITY *entity, - int siastat, - int pkgind) -{ - SIA_DEBUG(("DEBUG", "siad_ses_authent")); - return common_auth(collect, entity, siastat, pkgind); -} - -int -siad_ses_estab(sia_collect_func_t *collect, - SIAENTITY *entity, int pkgind) -{ - SIA_DEBUG(("DEBUG", "siad_ses_estab")); - return SIADFAIL; -} - -int -siad_ses_launch(sia_collect_func_t *collect, - SIAENTITY *entity, - int pkgind) -{ - static char env[MaxPathLen]; - struct state *s = (struct state*)entity->mech[pkgind]; - SIA_DEBUG(("DEBUG", "siad_ses_launch")); - if(s->valid){ -#ifdef SIA_KRB5 - chown(s->ticket + sizeof("FILE:") - 1, - entity->pwd->pw_uid, - entity->pwd->pw_gid); - snprintf(env, sizeof(env), "KRB5CCNAME=%s", s->ticket); -#endif -#ifdef SIA_KRB4 - chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid); - snprintf(env, sizeof(env), "KRBTKFILE=%s", s->ticket); -#endif - putenv(env); - } -#ifdef SIA_KRB5 - if (k_hasafs()) { - char cell[64]; - krb5_ccache ccache; - if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) { - k_setpag(); - if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0) - krb5_afslog(s->context, ccache, cell, 0); - krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir); - } - } -#endif -#ifdef SIA_KRB4 - if (k_hasafs()) { - char cell[64]; - k_setpag(); - if(k_afs_cell_of_file(entity->pwd->pw_dir, cell, sizeof(cell)) == 0) - krb_afslog(cell, 0); - krb_afslog_home(0, 0, entity->pwd->pw_dir); - } -#endif - return SIADSUCCESS; -} - -int -siad_ses_release(SIAENTITY *entity, int pkgind) -{ - SIA_DEBUG(("DEBUG", "siad_ses_release")); - if(entity->mech[pkgind]){ -#ifdef SIA_KRB5 - struct state *s = (struct state*)entity->mech[pkgind]; - krb5_free_context(s->context); -#endif - free(entity->mech[pkgind]); - } - return SIADSUCCESS; -} - -int -siad_ses_suauthent(sia_collect_func_t *collect, - SIAENTITY *entity, - int siastat, - int pkgind) -{ - SIA_DEBUG(("DEBUG", "siad_ses_suauth")); - if(geteuid() != 0) - return SIADFAIL; - if(entity->name == NULL) - return SIADFAIL; - if(entity->name[0] == '\0') { - free(entity->name); - entity->name = strdup("root"); - if (entity->name == NULL) - return SIADFAIL; - } - return common_auth(collect, entity, siastat, pkgind); -} - -int -siad_ses_reauthent (sia_collect_func_t *collect, - SIAENTITY *entity, - int siastat, - int pkgind) -{ - int ret; - SIA_DEBUG(("DEBUG", "siad_ses_reauthent")); - if(entity == NULL || entity->name == NULL) - return SIADFAIL; - ret = common_auth(collect, entity, siastat, pkgind); - if((ret & SIADSUCCESS)){ - /* launch isn't (always?) called when doing reauth, so we must - duplicate some code here... */ - struct state *s = (struct state*)entity->mech[pkgind]; - chown(s->ticket, entity->pwd->pw_uid, entity->pwd->pw_gid); -#ifdef SIA_KRB5 - if (k_hasafs()) { - char cell[64]; - krb5_ccache ccache; - if(krb5_cc_resolve(s->context, s->ticket, &ccache) == 0) { - k_setpag(); - if(k_afs_cell_of_file(entity->pwd->pw_dir, - cell, sizeof(cell)) == 0) - krb5_afslog(s->context, ccache, cell, 0); - krb5_afslog_home(s->context, ccache, 0, 0, entity->pwd->pw_dir); - } - } -#endif -#ifdef SIA_KRB4 - if(k_hasafs()) { - char cell[64]; - if(k_afs_cell_of_file(entity->pwd->pw_dir, - cell, sizeof(cell)) == 0) - krb_afslog(cell, 0); - krb_afslog_home(0, 0, entity->pwd->pw_dir); - } -#endif - } - return ret; -} - -int -siad_chg_finger (sia_collect_func_t *collect, - const char *username, - int argc, - char *argv[]) -{ - SIA_DEBUG(("DEBUG", "siad_chg_finger")); - return SIADFAIL; -} - -#ifdef SIA_KRB5 -int -siad_chg_password (sia_collect_func_t *collect, - const char *username, - int argc, - char *argv[]) -{ - return SIADFAIL; -} -#endif - -#ifdef SIA_KRB4 -static void -sia_message(sia_collect_func_t *collect, int rendition, - const char *title, const char *message) -{ - prompt_t prompt; - prompt.prompt = (unsigned char*)message; - (*collect)(0, rendition, (unsigned char*)title, 1, &prompt); -} - -static int -init_change(sia_collect_func_t *collect, krb_principal *princ) -{ - prompt_t prompt; - char old_pw[MAX_KPW_LEN+1]; - char *msg; - char tktstring[128]; - int ret; - - SIA_DEBUG(("DEBUG", "init_change")); - prompt.prompt = (unsigned char*)"Old password: "; - prompt.result = (unsigned char*)old_pw; - prompt.min_result_length = 0; - prompt.max_result_length = sizeof(old_pw) - 1; - prompt.control_flags = SIARESINVIS; - asprintf(&msg, "Changing password for %s", krb_unparse_name(princ)); - if(msg == NULL){ - SIA_DEBUG(("DEBUG", "out of memory")); - return SIADFAIL; - } - ret = (*collect)(60, SIAONELINER, (unsigned char*)msg, 1, &prompt); - free(msg); - SIA_DEBUG(("DEBUG", "ret = %d", ret)); - if(ret != SIACOLSUCCESS) - return SIADFAIL; - snprintf(tktstring, sizeof(tktstring), - "%s_cpw_%u", TKT_ROOT, (unsigned)getpid()); - krb_set_tkt_string(tktstring); - - ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm, - PWSERV_NAME, KADM_SINST, 1, old_pw); - if (ret != KSUCCESS) { - SIA_DEBUG(("DEBUG", "krb_get_pw_in_tkt: %s", krb_get_err_text(ret))); - if (ret == INTK_BADPW) - sia_message(collect, SIAWARNING, "", "Incorrect old password."); - else - sia_message(collect, SIAWARNING, "", "Kerberos error."); - memset(old_pw, 0, sizeof(old_pw)); - return SIADFAIL; - } - if(chown(tktstring, getuid(), -1) < 0){ - dest_tkt(); - return SIADFAIL; - } - memset(old_pw, 0, sizeof(old_pw)); - return SIADSUCCESS; -} - -int -siad_chg_password (sia_collect_func_t *collect, - const char *username, - int argc, - char *argv[]) -{ - prompt_t prompts[2]; - krb_principal princ; - int ret; - char new_pw1[MAX_KPW_LEN+1]; - char new_pw2[MAX_KPW_LEN+1]; - static struct et_list *et_list; - - setprogname(argv[0]); - - SIA_DEBUG(("DEBUG", "siad_chg_password")); - if(collect == NULL) - return SIADFAIL; - - if(username == NULL) - username = getlogin(); - - ret = krb_parse_name(username, &princ); - if(ret) - return SIADFAIL; - if(princ.realm[0] == '\0') - krb_get_lrealm(princ.realm, 1); - - if(et_list == NULL) { - initialize_kadm_error_table_r(&et_list); - initialize_krb_error_table_r(&et_list); - } - - ret = init_change(collect, &princ); - if(ret != SIADSUCCESS) - return ret; - -again: - prompts[0].prompt = (unsigned char*)"New password: "; - prompts[0].result = (unsigned char*)new_pw1; - prompts[0].min_result_length = MIN_KPW_LEN; - prompts[0].max_result_length = sizeof(new_pw1) - 1; - prompts[0].control_flags = SIARESINVIS; - prompts[1].prompt = (unsigned char*)"Verify new password: "; - prompts[1].result = (unsigned char*)new_pw2; - prompts[1].min_result_length = MIN_KPW_LEN; - prompts[1].max_result_length = sizeof(new_pw2) - 1; - prompts[1].control_flags = SIARESINVIS; - if((*collect)(120, SIAFORM, (unsigned char*)"", 2, prompts) != - SIACOLSUCCESS) { - dest_tkt(); - return SIADFAIL; - } - if(strcmp(new_pw1, new_pw2) != 0){ - sia_message(collect, SIAWARNING, "", "Password mismatch."); - goto again; - } - ret = kadm_check_pw(new_pw1); - if(ret) { - sia_message(collect, SIAWARNING, "", com_right(et_list, ret)); - goto again; - } - - memset(new_pw2, 0, sizeof(new_pw2)); - ret = kadm_init_link (PWSERV_NAME, KRB_MASTER, princ.realm); - if (ret != KADM_SUCCESS) - sia_message(collect, SIAWARNING, "Error initing kadmin connection", - com_right(et_list, ret)); - else { - des_cblock newkey; - char *pw_msg; /* message from server */ - - des_string_to_key(new_pw1, &newkey); - ret = kadm_change_pw_plain((unsigned char*)&newkey, new_pw1, &pw_msg); - memset(newkey, 0, sizeof(newkey)); - - if (ret == KADM_INSECURE_PW) - sia_message(collect, SIAWARNING, "Insecure password", pw_msg); - else if (ret != KADM_SUCCESS) - sia_message(collect, SIAWARNING, "Error changing password", - com_right(et_list, ret)); - } - memset(new_pw1, 0, sizeof(new_pw1)); - - if (ret != KADM_SUCCESS) - sia_message(collect, SIAWARNING, "", "Password NOT changed."); - else - sia_message(collect, SIAINFO, "", "Password changed."); - - dest_tkt(); - if(ret) - return SIADFAIL; - return SIADSUCCESS; -} -#endif - -int -siad_chg_shell (sia_collect_func_t *collect, - const char *username, - int argc, - char *argv[]) -{ - return SIADFAIL; -} - -int -siad_getpwent(struct passwd *result, - char *buf, - int bufsize, - struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_getpwuid (uid_t uid, - struct passwd *result, - char *buf, - int bufsize, - struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_getpwnam (const char *name, - struct passwd *result, - char *buf, - int bufsize, - struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_setpwent (struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_endpwent (struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_getgrent(struct group *result, - char *buf, - int bufsize, - struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_getgrgid (gid_t gid, - struct group *result, - char *buf, - int bufsize, - struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_getgrnam (const char *name, - struct group *result, - char *buf, - int bufsize, - struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_setgrent (struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_endgrent (struct sia_context *context) -{ - return SIADFAIL; -} - -int -siad_chk_user (const char *logname, int checkflag) -{ - if(checkflag != CHGPASSWD) - return SIADFAIL; - return SIADSUCCESS; -} diff --git a/crypto/heimdal/lib/auth/sia/sia_locl.h b/crypto/heimdal/lib/auth/sia/sia_locl.h deleted file mode 100644 index 81e84395792..00000000000 --- a/crypto/heimdal/lib/auth/sia/sia_locl.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -/* $Id: sia_locl.h 10688 2001-09-13 01:15:34Z assar $ */ - -#ifndef __sia_locl_h__ -#define __sia_locl_h__ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef KRB5 -#define SIA_KRB5 -#elif defined(KRB4) -#define SIA_KRB4 -#endif - -#ifdef SIA_KRB5 -#include -#include -#endif -#ifdef SIA_KRB4 -#include -#include -#include -#include -#endif -#ifdef KRB4 -#include -#endif - -#ifndef POSIX_GETPWNAM_R - -#define getpwnam_r posix_getpwnam_r -#define getpwuid_r posix_getpwuid_r - -#endif /* POSIX_GETPWNAM_R */ - -#ifndef DEBUG -#define SIA_DEBUG(X) -#else -#define SIA_DEBUG(X) SIALOG X -#endif - -struct state{ -#ifdef SIA_KRB5 - krb5_context context; - krb5_auth_context auth_context; -#endif - char ticket[MaxPathLen]; - int valid; -}; - -#endif /* __sia_locl_h__ */ diff --git a/crypto/heimdal/lib/com_err/ChangeLog b/crypto/heimdal/lib/com_err/ChangeLog index dbeb8fb6bed..ad8d3e943aa 100644 --- a/crypto/heimdal/lib/com_err/ChangeLog +++ b/crypto/heimdal/lib/com_err/ChangeLog @@ -1,34 +1,34 @@ -2007-07-17 Love Hörnquist Åstrand +2007-07-17 Love Hörnquist Ã…strand * Makefile.am: split source files in dist and nodist. -2007-07-16 Love Hörnquist Åstrand +2007-07-16 Love Hörnquist Ã…strand * Makefile.am: Only do roken rename for the library. -2007-07-15 Love Hörnquist Åstrand +2007-07-15 Love Hörnquist Ã…strand * Makefile.am: use version script. * version-script.map: use version script. -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * Makefile.am: New library version. -2006-10-19 Love Hörnquist Åstrand +2006-10-19 Love Hörnquist Ã…strand * Makefile.am (compile_et_SOURCES): add lex.h -2005-12-12 Love Hörnquist Åstrand +2005-12-12 Love Hörnquist Ã…strand * com_err.3: Document the _r functions. -2005-07-07 Love Hörnquist Åstrand +2005-07-07 Love Hörnquist Ã…strand * com_err.h: Include for va_list to help AIX 5.2. -2005-06-16 Love Hörnquist Åstrand +2005-06-16 Love Hörnquist Ã…strand * parse.y: rename base to base_id since flex defines a function with the argument base @@ -43,7 +43,7 @@ * compile_et.c: rename optind to optidx -2005-05-16 Love Hörnquist Åstrand +2005-05-16 Love Hörnquist Ã…strand * parse.y: check allocation errors @@ -57,11 +57,11 @@ * Makefile.am (LDADD): Add libcom_err.la -2005-04-24 Love Hörnquist Åstrand +2005-04-24 Love Hörnquist Ã…strand * include strlcpy and *printf and use them -2005-02-03 Love Hörnquist Åstrand +2005-02-03 Love Hörnquist Ã…strand * com_right.h: de-__P diff --git a/crypto/heimdal/lib/com_err/Makefile.am b/crypto/heimdal/lib/com_err/Makefile.am index 64d497656fe..a970b640a4b 100644 --- a/crypto/heimdal/lib/com_err/Makefile.am +++ b/crypto/heimdal/lib/com_err/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -11,19 +11,23 @@ if versionscript libcom_err_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map endif +libcom_err_la_LIBADD = $(LIB_libintl) + bin_PROGRAMS = compile_et include_HEADERS = com_err.h com_right.h compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h -libcom_err_la_CPPFLAGS = $(ROKEN_RENAME) +libcom_err_la_CPPFLAGS = $(ROKEN_RENAME) $(INCLUDE_libintl) dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h if do_roken_rename nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c endif +libcom_err_la_DEPENDENCIES = version-script.map + $(compile_et_OBJECTS): parse.h parse.c ## XXX broken automake 1.4s compile_et_LDADD = \ @@ -36,4 +40,9 @@ snprintf.c: strlcpy.c: $(LN_S) $(srcdir)/../roken/strlcpy.c . -EXTRA_DIST = version-script.map +EXTRA_DIST = \ + NTMakefile \ + compile_et-version.rc \ + libcom_err-version.rc \ + libcom_err-exports.def \ + version-script.map diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in index 2581001abd2..b8323c6e204 100644 --- a/crypto/heimdal/lib/com_err/Makefile.in +++ b/crypto/heimdal/lib/com_err/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 21619 2007-07-17 07:34:00Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -49,7 +51,7 @@ bin_PROGRAMS = compile_et$(EXEEXT) subdir = lib/com_err ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -64,7 +66,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -78,9 +80,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -88,23 +93,38 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) -libcom_err_la_LIBADD = +am__DEPENDENCIES_1 = dist_libcom_err_la_OBJECTS = libcom_err_la-error.lo \ libcom_err_la-com_err.lo @do_roken_rename_TRUE@nodist_libcom_err_la_OBJECTS = \ @@ -115,17 +135,15 @@ libcom_err_la_OBJECTS = $(dist_libcom_err_la_OBJECTS) \ libcom_err_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libcom_err_la_LDFLAGS) $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(bin_PROGRAMS) am_compile_et_OBJECTS = compile_et.$(OBJEXT) parse.$(OBJEXT) \ lex.$(OBJEXT) compile_et_OBJECTS = $(am_compile_et_OBJECTS) -am__DEPENDENCIES_1 = compile_et_DEPENDENCIES = libcom_err.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -147,7 +165,6 @@ LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ SOURCES = $(dist_libcom_err_la_SOURCES) \ $(nodist_libcom_err_la_SOURCES) $(compile_et_SOURCES) DIST_SOURCES = $(dist_libcom_err_la_SOURCES) $(compile_et_SOURCES) -includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags @@ -156,49 +173,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -222,10 +248,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -242,6 +269,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -257,31 +286,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -296,10 +339,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -340,59 +385,72 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libcom_err.la libcom_err_la_LDFLAGS = -version-info 2:3:1 $(am__append_1) +libcom_err_la_LIBADD = $(LIB_libintl) include_HEADERS = com_err.h com_right.h compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l lex.h -libcom_err_la_CPPFLAGS = $(ROKEN_RENAME) +libcom_err_la_CPPFLAGS = $(ROKEN_RENAME) $(INCLUDE_libintl) dist_libcom_err_la_SOURCES = error.c com_err.c roken_rename.h @do_roken_rename_TRUE@nodist_libcom_err_la_SOURCES = snprintf.c strlcpy.c +libcom_err_la_DEPENDENCIES = version-script.map compile_et_LDADD = \ libcom_err.la \ $(LIB_roken) \ $(LEXLIB) -EXTRA_DIST = version-script.map +EXTRA_DIST = \ + NTMakefile \ + compile_et-version.rc \ + libcom_err-version.rc \ + libcom_err-exports.def \ + version-script.map + all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/com_err/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/com_err/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/com_err/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/com_err/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -410,23 +468,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -442,31 +505,46 @@ libcom_err.la: $(libcom_err_la_OBJECTS) $(libcom_err_la_DEPENDENCIES) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list parse.h: parse.c @if test ! -f $@; then \ rm -f parse.c; \ @@ -482,26 +560,62 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compile_et.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lex.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcom_err_la-com_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcom_err_la-error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcom_err_la-snprintf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcom_err_la-strlcpy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< libcom_err_la-error.lo: error.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcom_err_la-error.lo -MD -MP -MF $(DEPDIR)/libcom_err_la-error.Tpo -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcom_err_la-error.Tpo $(DEPDIR)/libcom_err_la-error.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='error.c' object='libcom_err_la-error.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c libcom_err_la-com_err.lo: com_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcom_err_la-com_err.lo -MD -MP -MF $(DEPDIR)/libcom_err_la-com_err.Tpo -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcom_err_la-com_err.Tpo $(DEPDIR)/libcom_err_la-com_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='com_err.c' object='libcom_err_la-com_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-com_err.lo `test -f 'com_err.c' || echo '$(srcdir)/'`com_err.c libcom_err_la-snprintf.lo: snprintf.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcom_err_la-snprintf.lo -MD -MP -MF $(DEPDIR)/libcom_err_la-snprintf.Tpo -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcom_err_la-snprintf.Tpo $(DEPDIR)/libcom_err_la-snprintf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='snprintf.c' object='libcom_err_la-snprintf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c libcom_err_la-strlcpy.lo: strlcpy.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libcom_err_la-strlcpy.lo -MD -MP -MF $(DEPDIR)/libcom_err_la-strlcpy.Tpo -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libcom_err_la-strlcpy.Tpo $(DEPDIR)/libcom_err_la-strlcpy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strlcpy.c' object='libcom_err_la-strlcpy.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcom_err_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libcom_err_la-strlcpy.lo `test -f 'strlcpy.c' || echo '$(srcdir)/'`strlcpy.c .l.c: $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) @@ -517,65 +631,72 @@ clean-libtool: install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -596,13 +717,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -639,6 +764,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -652,6 +778,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -662,6 +789,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -669,26 +798,35 @@ info-am: install-data-am: install-includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -709,9 +847,8 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ @@ -800,6 +937,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -885,7 +1025,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -905,6 +1045,7 @@ snprintf.c: $(LN_S) $(srcdir)/../roken/snprintf.c . strlcpy.c: $(LN_S) $(srcdir)/../roken/strlcpy.c . + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/com_err/com_err.c b/crypto/heimdal/lib/com_err/com_err.c index faf4294cdd8..fe4cc2983c5 100644 --- a/crypto/heimdal/lib/com_err/com_err.c +++ b/crypto/heimdal/lib/com_err/com_err.c @@ -1,40 +1,39 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H + #include -RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); -#endif + #include #include #include @@ -44,7 +43,7 @@ RCSID("$Id: com_err.c 14930 2005-04-24 19:43:06Z lha $"); struct et_list *_et_list = NULL; -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL error_message (long code) { static char msg[128]; @@ -57,23 +56,23 @@ error_message (long code) } if (p != NULL && *p != '\0') { strlcpy(msg, p, sizeof(msg)); - } else + } else snprintf(msg, sizeof(msg), "Unknown error %ld", code); return msg; } -int +KRB5_LIB_FUNCTION int KRB5_LIB_CALL init_error_table(const char **msgs, long base, int count) { initialize_error_table_r(&_et_list, msgs, count, base); return 0; } -static void +static void KRB5_CALLCONV default_proc (const char *whoami, long code, const char *fmt, va_list args) __attribute__((__format__(__printf__, 3, 0))); - -static void + +static void KRB5_CALLCONV default_proc (const char *whoami, long code, const char *fmt, va_list args) { if (whoami) @@ -87,19 +86,19 @@ default_proc (const char *whoami, long code, const char *fmt, va_list args) static errf com_err_hook = default_proc; -void -com_err_va (const char *whoami, - long code, - const char *fmt, +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +com_err_va (const char *whoami, + long code, + const char *fmt, va_list args) { (*com_err_hook) (whoami, code, fmt, args); } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL com_err (const char *whoami, long code, - const char *fmt, + const char *fmt, ...) { va_list ap; @@ -108,7 +107,7 @@ com_err (const char *whoami, va_end(ap); } -errf +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL set_com_err_hook (errf new) { errf old = com_err_hook; @@ -117,12 +116,12 @@ set_com_err_hook (errf new) com_err_hook = new; else com_err_hook = default_proc; - + return old; } -errf -reset_com_err_hook (void) +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL +reset_com_err_hook (void) { return set_com_err_hook(NULL); } @@ -135,7 +134,7 @@ static const char char_set[] = static char buf[6]; -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL error_table_name(int num) { int ch; @@ -157,7 +156,7 @@ error_table_name(int num) return(buf); } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL add_to_error_table(struct et_list *new_table) { struct et_list *et; diff --git a/crypto/heimdal/lib/com_err/com_err.h b/crypto/heimdal/lib/com_err/com_err.h index bdd764f7e98..5b8b7e28f77 100644 --- a/crypto/heimdal/lib/com_err/com_err.h +++ b/crypto/heimdal/lib/com_err/com_err.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: com_err.h 15566 2005-07-07 14:58:07Z lha $ */ +/* $Id$ */ /* MIT compatible com_err library */ @@ -45,22 +45,32 @@ #define __attribute__(X) #endif -typedef void (*errf) (const char *, long, const char *, va_list); +typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); -const char * error_message (long); -int init_error_table (const char**, long, int); +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +error_message (long); -void com_err_va (const char *, long, const char *, va_list) +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +init_error_table (const char**, long, int); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +com_err_va (const char *, long, const char *, va_list) __attribute__((format(printf, 3, 0))); -void com_err (const char *, long, const char *, ...) +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +com_err (const char *, long, const char *, ...) __attribute__((format(printf, 3, 4))); -errf set_com_err_hook (errf); -errf reset_com_err_hook (void); +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL +set_com_err_hook (errf); -const char *error_table_name (int num); +KRB5_LIB_FUNCTION errf KRB5_LIB_CALL +reset_com_err_hook (void); -void add_to_error_table (struct et_list *new_table); +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +error_table_name (int num); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +add_to_error_table (struct et_list *new_table); #endif /* __COM_ERR_H__ */ diff --git a/crypto/heimdal/lib/com_err/com_right.h b/crypto/heimdal/lib/com_err/com_right.h index 4d929da866b..b0857d283ac 100644 --- a/crypto/heimdal/lib/com_err/com_right.h +++ b/crypto/heimdal/lib/com_err/com_right.h @@ -1,41 +1,61 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: com_right.h 14551 2005-02-03 08:45:13Z lha $ */ +/* $Id$ */ #ifndef __COM_RIGHT_H__ #define __COM_RIGHT_H__ +#ifndef KRB5_LIB +#ifndef KRB5_LIB_FUNCTION +#if defined(_WIN32) +#define KRB5_LIB_FUNCTION __declspec(dllimport) +#define KRB5_LIB_CALL __stdcall +#define KRB5_LIB_VARIABLE __declspec(dllimport) +#else +#define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL +#define KRB5_LIB_VARIABLE +#endif +#endif +#endif + +#ifdef _WIN32 +#define KRB5_CALLCONV __stdcall +#else +#define KRB5_CALLCONV +#endif + #ifdef __STDC__ #include #endif @@ -51,8 +71,16 @@ struct et_list { }; extern struct et_list *_et_list; -const char *com_right (struct et_list *list, long code); -void initialize_error_table_r (struct et_list **, const char **, int, long); -void free_error_table (struct et_list *); +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right (struct et_list *list, long code); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right_r (struct et_list *list, long code, char *, size_t); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +initialize_error_table_r (struct et_list **, const char **, int, long); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +free_error_table (struct et_list *); #endif /* __COM_RIGHT_H__ */ diff --git a/crypto/heimdal/lib/com_err/compile_et.c b/crypto/heimdal/lib/com_err/compile_et.c index 10576548226..c72abdecc86 100644 --- a/crypto/heimdal/lib/com_err/compile_et.c +++ b/crypto/heimdal/lib/com_err/compile_et.c @@ -1,42 +1,43 @@ /* - * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #undef ROKEN_RENAME + +#include "config.h" + #include "compile_et.h" #include -RCSID("$Id: compile_et.c 15426 2005-06-16 19:21:42Z lha $"); - #include #include #include "parse.h" @@ -75,13 +76,15 @@ generate_c(void) return 1; fprintf(c_file, "/* Generated from %s */\n", filename); - if(id_str) + if(id_str) fprintf(c_file, "/* %s */\n", id_str); fprintf(c_file, "\n"); fprintf(c_file, "#include \n"); fprintf(c_file, "#include \n"); fprintf(c_file, "#include \"%s\"\n", hfn); fprintf(c_file, "\n"); + fprintf(c_file, "#define N_(x) (x)\n"); + fprintf(c_file, "\n"); fprintf(c_file, "static const char *%s_error_strings[] = {\n", name); @@ -90,9 +93,10 @@ generate_c(void) fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n", n, name, n); n++; - + } - fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string); + fprintf(c_file, "\t/* %03d */ N_(\"%s\"),\n", + ec->number, ec->string); } fprintf(c_file, "\tNULL\n"); @@ -100,11 +104,11 @@ generate_c(void) fprintf(c_file, "\n"); fprintf(c_file, "#define num_errors %d\n", number); fprintf(c_file, "\n"); - fprintf(c_file, - "void initialize_%s_error_table_r(struct et_list **list)\n", + fprintf(c_file, + "void initialize_%s_error_table_r(struct et_list **list)\n", name); fprintf(c_file, "{\n"); - fprintf(c_file, + fprintf(c_file, " initialize_error_table_r(list, %s_error_strings, " "num_errors, ERROR_TABLE_BASE_%s);\n", name, name); fprintf(c_file, "}\n"); @@ -135,9 +139,9 @@ generate_h(void) for(p = fn; *p; p++) if(!isalnum((unsigned char)*p)) *p = '_'; - + fprintf(h_file, "/* Generated from %s */\n", filename); - if(id_str) + if(id_str) fprintf(h_file, "/* %s */\n", id_str); fprintf(h_file, "\n"); fprintf(h_file, "#ifndef %s\n", fn); @@ -145,18 +149,18 @@ generate_h(void) fprintf(h_file, "\n"); fprintf(h_file, "struct et_list;\n"); fprintf(h_file, "\n"); - fprintf(h_file, + fprintf(h_file, "void initialize_%s_error_table_r(struct et_list **);\n", name); fprintf(h_file, "\n"); fprintf(h_file, "void initialize_%s_error_table(void);\n", name); - fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", + fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n", name, name); fprintf(h_file, "\n"); fprintf(h_file, "typedef enum %s_error_number{\n", name); for(ec = codes; ec; ec = ec->next) { - fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, + fprintf(h_file, "\t%s = %ld%s\n", ec->name, base_id + ec->number, (ec->next != NULL) ? "," : ""); } @@ -164,6 +168,8 @@ generate_h(void) fprintf(h_file, "\n"); fprintf(h_file, "#define ERROR_TABLE_BASE_%s %ld\n", name, base_id); fprintf(h_file, "\n"); + fprintf(h_file, "#define COM_ERR_BINDDOMAIN_%s \"heim_com_err%ld\"\n", name, base_id); + fprintf(h_file, "\n"); fprintf(h_file, "#endif /* %s */\n", fn); @@ -208,26 +214,26 @@ main(int argc, char **argv) exit(0); } - if(optidx == argc) + if(optidx == argc) usage(1); filename = argv[optidx]; yyin = fopen(filename, "r"); if(yyin == NULL) err(1, "%s", filename); - - - p = strrchr(filename, '/'); + + + p = strrchr(filename, rk_PATH_DELIM); if(p) p++; else p = filename; strlcpy(Basename, p, sizeof(Basename)); - + Basename[strcspn(Basename, ".")] = '\0'; - + snprintf(hfn, sizeof(hfn), "%s.h", Basename); snprintf(cfn, sizeof(cfn), "%s.c", Basename); - + yyparse(); if(numerror) return 1; diff --git a/crypto/heimdal/lib/com_err/compile_et.h b/crypto/heimdal/lib/com_err/compile_et.h index 1c7de5a08b6..b0b8e21da16 100644 --- a/crypto/heimdal/lib/com_err/compile_et.h +++ b/crypto/heimdal/lib/com_err/compile_et.h @@ -1,44 +1,42 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: compile_et.h 15426 2005-06-16 19:21:42Z lha $ */ +/* $Id$ */ #ifndef __COMPILE_ET_H__ #define __COMPILE_ET_H__ -#ifdef HAVE_CONFIG_H #include -#endif #include #include diff --git a/crypto/heimdal/lib/com_err/error.c b/crypto/heimdal/lib/com_err/error.c index 051078025c5..6864e870a41 100644 --- a/crypto/heimdal/lib/com_err/error.c +++ b/crypto/heimdal/lib/com_err/error.c @@ -1,52 +1,75 @@ /* - * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H + #include -RCSID("$Id: error.c 9724 2001-02-28 20:00:13Z joda $"); -#endif + #include #include #include #include +#include -const char * +#ifdef LIBINTL +#include +#else +#define dgettext(d,s) (s) +#endif + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL com_right(struct et_list *list, long code) { struct et_list *p; - for (p = list; p; p = p->next) { + for (p = list; p; p = p->next) if (code >= p->table->base && code < p->table->base + p->table->n_msgs) return p->table->msgs[code - p->table->base]; + return NULL; +} + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right_r(struct et_list *list, long code, char *str, size_t len) +{ + struct et_list *p; + for (p = list; p; p = p->next) { + if (code >= p->table->base && code < p->table->base + p->table->n_msgs) { + const char *msg = p->table->msgs[code - p->table->base]; +#ifdef LIBINTL + char domain[12 + 20]; + snprintf(domain, sizeof(domain), "heim_com_err%d", p->table->base); +#endif + strlcpy(str, dgettext(domain, msg), len); + return str; + } } return NULL; } @@ -56,9 +79,9 @@ struct foobar { struct error_table et; }; -void -initialize_error_table_r(struct et_list **list, - const char **messages, +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +initialize_error_table_r(struct et_list **list, + const char **messages, int num_errors, long base) { @@ -78,9 +101,9 @@ initialize_error_table_r(struct et_list **list, et->next = NULL; *end = et; } - -void + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL free_error_table(struct et_list *et) { while(et){ diff --git a/crypto/heimdal/lib/com_err/lex.c b/crypto/heimdal/lib/com_err/lex.c index 8f756d39c99..42b5f64fae3 100644 --- a/crypto/heimdal/lib/com_err/lex.c +++ b/crypto/heimdal/lib/com_err/lex.c @@ -8,7 +8,7 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 +#define YY_FLEX_SUBMINOR_VERSION 35 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -30,7 +30,7 @@ /* C99 systems have . Non-C99 systems may or may not. */ -#if __STDC_VERSION__ >= 199901L +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. @@ -93,11 +93,12 @@ typedef unsigned int flex_uint32_t; #else /* ! __cplusplus */ -#if __STDC__ +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) #define YY_USE_CONST -#endif /* __STDC__ */ +#endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST @@ -151,7 +152,12 @@ typedef unsigned int flex_uint32_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif -extern int yyleng; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + +extern yy_size_t yyleng; extern FILE *yyin, *yyout; @@ -177,16 +183,6 @@ extern FILE *yyin, *yyout; #define unput(c) yyunput( c, (yytext_ptr) ) -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -204,7 +200,7 @@ struct yy_buffer_state /* Number of characters read into yy_ch_buf, not including EOB * characters. */ - int yy_n_chars; + yy_size_t yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to @@ -274,8 +270,8 @@ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; -static int yy_n_chars; /* number of characters read into yy_ch_buf */ -int yyleng; +static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ +yy_size_t yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; @@ -303,7 +299,7 @@ static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); @@ -479,36 +475,36 @@ char *yytext; #line 1 "lex.l" #line 2 "lex.l" /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* @@ -523,8 +519,6 @@ char *yytext; #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); - static unsigned lineno = 1; static int getstring(void); @@ -532,7 +526,7 @@ static int getstring(void); #undef ECHO -#line 536 "lex.c" +#line 530 "lex.c" #define INITIAL 0 @@ -550,6 +544,35 @@ static int getstring(void); static int yy_init_globals (void ); +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int yylex_destroy (void ); + +int yyget_debug (void ); + +void yyset_debug (int debug_flag ); + +YY_EXTRA_TYPE yyget_extra (void ); + +void yyset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *yyget_in (void ); + +void yyset_in (FILE * in_str ); + +FILE *yyget_out (void ); + +void yyset_out (FILE * out_str ); + +yy_size_t yyget_leng (void ); + +char *yyget_text (void ); + +int yyget_lineno (void ); + +void yyset_lineno (int line_number ); + /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -562,8 +585,6 @@ extern int yywrap (void ); #endif #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif @@ -592,7 +613,7 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -603,7 +624,7 @@ static int input (void ); if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ - size_t n; \ + yy_size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -685,9 +706,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 59 "lex.l" +#line 58 "lex.l" -#line 691 "lex.c" +#line 712 "lex.c" if ( !(yy_init) ) { @@ -772,86 +793,86 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 60 "lex.l" +#line 59 "lex.l" { return ET; } YY_BREAK case 2: YY_RULE_SETUP -#line 61 "lex.l" +#line 60 "lex.l" { return ET; } YY_BREAK case 3: YY_RULE_SETUP -#line 62 "lex.l" +#line 61 "lex.l" { return EC; } YY_BREAK case 4: YY_RULE_SETUP -#line 63 "lex.l" +#line 62 "lex.l" { return EC; } YY_BREAK case 5: YY_RULE_SETUP -#line 64 "lex.l" +#line 63 "lex.l" { return PREFIX; } YY_BREAK case 6: YY_RULE_SETUP -#line 65 "lex.l" +#line 64 "lex.l" { return INDEX; } YY_BREAK case 7: YY_RULE_SETUP -#line 66 "lex.l" +#line 65 "lex.l" { return ID; } YY_BREAK case 8: YY_RULE_SETUP -#line 67 "lex.l" +#line 66 "lex.l" { return END; } YY_BREAK case 9: YY_RULE_SETUP -#line 68 "lex.l" +#line 67 "lex.l" { yylval.number = atoi(yytext); return NUMBER; } YY_BREAK case 10: YY_RULE_SETUP -#line 69 "lex.l" +#line 68 "lex.l" ; YY_BREAK case 11: YY_RULE_SETUP -#line 70 "lex.l" +#line 69 "lex.l" ; YY_BREAK case 12: /* rule 12 can match eol */ YY_RULE_SETUP -#line 71 "lex.l" +#line 70 "lex.l" { lineno++; } YY_BREAK case 13: YY_RULE_SETUP -#line 72 "lex.l" +#line 71 "lex.l" { return getstring(); } YY_BREAK case 14: YY_RULE_SETUP -#line 73 "lex.l" +#line 72 "lex.l" { yylval.string = strdup(yytext); return STRING; } YY_BREAK case 15: YY_RULE_SETUP -#line 74 "lex.l" +#line 73 "lex.l" { return *yytext; } YY_BREAK case 16: YY_RULE_SETUP -#line 75 "lex.l" +#line 74 "lex.l" ECHO; YY_BREAK -#line 855 "lex.c" +#line 876 "lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1037,7 +1058,7 @@ static int yy_get_next_buffer (void) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) @@ -1051,7 +1072,7 @@ static int yy_get_next_buffer (void) if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1106,6 +1127,14 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; @@ -1172,43 +1201,6 @@ static int yy_get_next_buffer (void) return yy_is_jam ? 0 : yy_current_state; } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); - - /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} - #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) @@ -1233,7 +1225,7 @@ static int yy_get_next_buffer (void) else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); + yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) @@ -1509,7 +1501,7 @@ void yypop_buffer_state (void) */ static void yyensure_buffer_stack (void) { - int num_to_alloc; + yy_size_t num_to_alloc; if (!(yy_buffer_stack)) { @@ -1521,7 +1513,9 @@ static void yyensure_buffer_stack (void) (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); - + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; @@ -1539,6 +1533,8 @@ static void yyensure_buffer_stack (void) ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -1583,7 +1579,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use @@ -1602,12 +1598,11 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) * * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) { YY_BUFFER_STATE b; char *buf; - yy_size_t n; - int i; + yy_size_t n, i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -1689,7 +1684,7 @@ FILE *yyget_out (void) /** Get the length of the current token. * */ -int yyget_leng (void) +yy_size_t yyget_leng (void) { return yyleng; } @@ -1837,13 +1832,13 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 75 "lex.l" +#line 74 "lex.l" #ifndef yywrap /* XXX */ int -yywrap () +yywrap () { return 1; } @@ -1863,7 +1858,7 @@ getstring(void) continue; } if(c == '\n'){ - error_message("unterminated string"); + _lex_error_message("unterminated string"); lineno++; break; } @@ -1883,7 +1878,7 @@ getstring(void) } void -error_message (const char *format, ...) +_lex_error_message (const char *format, ...) { va_list args; diff --git a/crypto/heimdal/lib/com_err/lex.h b/crypto/heimdal/lib/com_err/lex.h index 89f0387655f..e158816bbb6 100644 --- a/crypto/heimdal/lib/com_err/lex.h +++ b/crypto/heimdal/lib/com_err/lex.h @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: lex.h 8451 2000-06-22 00:42:52Z assar $ */ +/* $Id$ */ -void error_message (const char *, ...) +void _lex_error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); int yylex(void); diff --git a/crypto/heimdal/lib/com_err/lex.l b/crypto/heimdal/lib/com_err/lex.l index 08aef516b30..eb39e0cfb83 100644 --- a/crypto/heimdal/lib/com_err/lex.l +++ b/crypto/heimdal/lib/com_err/lex.l @@ -1,35 +1,35 @@ %{ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* @@ -44,8 +44,6 @@ #include "parse.h" #include "lex.h" -RCSID("$Id: lex.l 15143 2005-05-16 08:52:54Z lha $"); - static unsigned lineno = 1; static int getstring(void); @@ -55,6 +53,7 @@ static int getstring(void); %} +%option nounput %% et { return ET; } @@ -76,7 +75,7 @@ end { return END; } #ifndef yywrap /* XXX */ int -yywrap () +yywrap () { return 1; } @@ -96,7 +95,7 @@ getstring(void) continue; } if(c == '\n'){ - error_message("unterminated string"); + _lex_error_message("unterminated string"); lineno++; break; } @@ -116,7 +115,7 @@ getstring(void) } void -error_message (const char *format, ...) +_lex_error_message (const char *format, ...) { va_list args; diff --git a/crypto/heimdal/lib/com_err/parse.c b/crypto/heimdal/lib/com_err/parse.c index 32cff630d40..ca1ef60b0f8 100644 --- a/crypto/heimdal/lib/com_err/parse.c +++ b/crypto/heimdal/lib/com_err/parse.c @@ -93,43 +93,41 @@ #line 1 "parse.y" /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); - void yyerror (char *s); static long name2number(const char *str); @@ -141,6 +139,9 @@ extern char *yytext; #define alloca(x) malloc(x) #endif +#define YYMALLOC malloc +#define YYFREE free + /* Enabling traces. */ @@ -163,13 +164,13 @@ extern char *yytext; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 54 "parse.y" { char *string; int number; } /* Line 193 of yacc.c. */ -#line 173 "parse.c" +#line 174 "parse.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -182,7 +183,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 186 "parse.c" +#line 187 "parse.c" #ifdef short # undef short @@ -469,8 +470,8 @@ static const yytype_int8 yyrhs[] = /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 64, 64, 65, 68, 69, 72, 78, 84, 93, - 94, 97, 101, 109, 116, 136 + 0, 65, 65, 66, 69, 70, 73, 79, 85, 94, + 95, 98, 102, 110, 117, 137 }; #endif @@ -1381,14 +1382,14 @@ yyreduce: switch (yyn) { case 6: -#line 73 "parse.y" +#line 74 "parse.y" { id_str = (yyvsp[(2) - (2)].string); } break; case 7: -#line 79 "parse.y" +#line 80 "parse.y" { base_id = name2number((yyvsp[(2) - (2)].string)); strlcpy(name, (yyvsp[(2) - (2)].string), sizeof(name)); @@ -1397,7 +1398,7 @@ yyreduce: break; case 8: -#line 85 "parse.y" +#line 86 "parse.y" { base_id = name2number((yyvsp[(2) - (3)].string)); strlcpy(name, (yyvsp[(3) - (3)].string), sizeof(name)); @@ -1407,14 +1408,14 @@ yyreduce: break; case 11: -#line 98 "parse.y" +#line 99 "parse.y" { number = (yyvsp[(2) - (2)].number); } break; case 12: -#line 102 "parse.y" +#line 103 "parse.y" { free(prefix); asprintf (&prefix, "%s_", (yyvsp[(2) - (2)].string)); @@ -1425,7 +1426,7 @@ yyreduce: break; case 13: -#line 110 "parse.y" +#line 111 "parse.y" { prefix = realloc(prefix, 1); if (prefix == NULL) @@ -1435,10 +1436,10 @@ yyreduce: break; case 14: -#line 117 "parse.y" +#line 118 "parse.y" { struct error_code *ec = malloc(sizeof(*ec)); - + if (ec == NULL) errx(1, "malloc"); @@ -1458,7 +1459,7 @@ yyreduce: break; case 15: -#line 137 "parse.y" +#line 138 "parse.y" { YYACCEPT; } @@ -1466,7 +1467,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1470 "parse.c" +#line 1471 "parse.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1680,7 +1681,7 @@ yyreturn: } -#line 142 "parse.y" +#line 143 "parse.y" static long @@ -1711,6 +1712,6 @@ name2number(const char *str) void yyerror (char *s) { - error_message ("%s\n", s); + _lex_error_message ("%s\n", s); } diff --git a/crypto/heimdal/lib/com_err/parse.h b/crypto/heimdal/lib/com_err/parse.h index 23d7e0c7d98..763a331f162 100644 --- a/crypto/heimdal/lib/com_err/parse.h +++ b/crypto/heimdal/lib/com_err/parse.h @@ -64,7 +64,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 53 "parse.y" +#line 54 "parse.y" { char *string; int number; diff --git a/crypto/heimdal/lib/com_err/parse.y b/crypto/heimdal/lib/com_err/parse.y index 315931389fe..0c2e5084b51 100644 --- a/crypto/heimdal/lib/com_err/parse.y +++ b/crypto/heimdal/lib/com_err/parse.y @@ -1,42 +1,40 @@ %{ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "compile_et.h" #include "lex.h" -RCSID("$Id: parse.y 15426 2005-06-16 19:21:42Z lha $"); - void yyerror (char *s); static long name2number(const char *str); @@ -48,6 +46,9 @@ extern char *yytext; #define alloca(x) malloc(x) #endif +#define YYMALLOC malloc +#define YYFREE free + %} %union { @@ -61,7 +62,7 @@ extern char *yytext; %% -file : /* */ +file : /* */ | header statements ; @@ -94,7 +95,7 @@ statements : statement | statements statement ; -statement : INDEX NUMBER +statement : INDEX NUMBER { number = $2; } @@ -116,7 +117,7 @@ statement : INDEX NUMBER | EC STRING ',' STRING { struct error_code *ec = malloc(sizeof(*ec)); - + if (ec == NULL) errx(1, "malloc"); @@ -169,5 +170,5 @@ name2number(const char *str) void yyerror (char *s) { - error_message ("%s\n", s); + _lex_error_message ("%s\n", s); } diff --git a/crypto/heimdal/lib/com_err/roken_rename.h b/crypto/heimdal/lib/com_err/roken_rename.h index 7c9b0ee10e9..3da2948a64d 100644 --- a/crypto/heimdal/lib/com_err/roken_rename.h +++ b/crypto/heimdal/lib/com_err/roken_rename.h @@ -1,61 +1,61 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: roken_rename.h 14930 2005-04-24 19:43:06Z lha $ */ +/* $Id$ */ #ifndef __roken_rename_h__ #define __roken_rename_h__ #ifndef HAVE_SNPRINTF -#define snprintf _com_err_snprintf +#define rk_snprintf _com_err_snprintf #endif #ifndef HAVE_VSNPRINTF -#define vsnprintf _com_err_vsnprintf +#define rk_vsnprintf _com_err_vsnprintf #endif #ifndef HAVE_ASPRINTF -#define asprintf _com_err_asprintf +#define rk_asprintf _com_err_asprintf #endif #ifndef HAVE_ASNPRINTF -#define asnprintf _com_err_asnprintf +#define rk_asnprintf _com_err_asnprintf #endif #ifndef HAVE_VASPRINTF -#define vasprintf _com_err_vasprintf +#define rk_vasprintf _com_err_vasprintf #endif #ifndef HAVE_VASNPRINTF -#define vasnprintf _com_err_vasnprintf +#define rk_vasnprintf _com_err_vasnprintf #endif #ifndef HAVE_STRLCPY -#define strlcpy _com_err_strlcpy +#define rk_strlcpy _com_err_strlcpy #endif diff --git a/crypto/heimdal/lib/com_err/version-script.map b/crypto/heimdal/lib/com_err/version-script.map index 43e2e020c0c..8da2fef6dd4 100644 --- a/crypto/heimdal/lib/com_err/version-script.map +++ b/crypto/heimdal/lib/com_err/version-script.map @@ -3,6 +3,7 @@ HEIMDAL_COM_ERR_1.0 { global: com_right; + com_right_r; free_error_table; initialize_error_table_r; add_to_error_table; @@ -13,6 +14,7 @@ HEIMDAL_COM_ERR_1.0 { init_error_table; reset_com_err_hook; set_com_err_hook; + _et_list; local: *; }; diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index 3a0c39f8763..5c25d699c99 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,18 +1,125 @@ -2008-01-13 Love Hörnquist Åstrand +2008-08-14 Love Hornquist Astrand + + * krb5/accept_sec_context.c: If there is a initiator subkey, copy + that to acceptor subkey to match windows behavior. From Metze. + +2008-08-02 Love Hörnquist Ã…strand + + * ntlm/init_sec_context.c: Catch error + + * krb5/inquire_sec_context_by_oid.c: Catch store failure. + + * mech/gss_canonicalize_name.c: Not init m, return never + used (overwritten later). + +2008-07-25 Love Hörnquist Ã…strand + + * ntlm/init_sec_context.c: Use krb5_cc_get_config. + +2008-07-25 Love Hörnquist Ã…strand + + * krb5/init_sec_context.c: Match the orignal patch I got from + metze, seems that DCE-STYLE is even more weirer then what I though + when I merged the patch. + +2008-06-02 Love Hörnquist Ã…strand + + * krb5/init_sec_context.c: Don't add asn1 wrapping to token when + using DCE_STYLE. Patch from Stefan Metzmacher. + +2008-05-27 Love Hörnquist Ã…strand + + * ntlm/init_sec_context.c: use krb5_get_error_message + +2008-05-05 Love Hörnquist Ã…strand + + * spnego/spnego_locl.h: Add back "mech/utils.h", its needed for + oid/buffer functions. + +2008-05-02 Love Hörnquist Ã…strand + + * spnego: Changes from doug barton to make spnego indepedant of + the heimdal version of the plugin system. + +2008-04-27 Love Hörnquist Ã…strand + + * krb5: use DES_set_key_unchecked() + +2008-04-17 Love Hörnquist Ã…strand + + * add __declspec() for windows. + +2008-04-15 Love Hörnquist Ã…strand + + * krb5/import_sec_context.c: Use tmp to read ac->flags value to + avoid warning. + +2008-04-07 Love Hörnquist Ã…strand + + * mech/gss_mech_switch.c: Use unsigned where appropriate. + +2008-03-14 Love Hörnquist Ã…strand + + * test_context.c: Add test for gsskrb5_register_acceptor_identity. + +2008-03-09 Love Hörnquist Ã…strand + + * krb5/init_sec_context.c (init_auth): use right variable to + detect if we want to free or not. + +2008-02-26 Love Hörnquist Ã…strand + + * Makefile.am: add missing \ + + * Makefile.am: reshuffle depenencies + + * Add flag to krb5 to not add GSS-API INT|CONF to the negotiation + +2008-02-21 Love Hörnquist Ã…strand + + * make the SPNEGO mech store the error itself instead, works for + everything except other stackable mechs + +2008-02-18 Love Hörnquist Ã…strand + + * spnego/init_sec_context.c (spnego_reply): if the reply token was + of length 0, make it the same as no token. Pointed out by Zeqing + Xia. + + * krb5/acquire_cred.c (acquire_initiator_cred): handle the + credential cache better, use destroy/close when appriate and for + all cases. Thanks to Michael Allen for point out the memory-leak + that I also fixed. + +2008-02-03 Love Hörnquist Ã…strand + + * spnego/accept_sec_context.c: Make error reporting somewhat more + correct for SPNEGO. + +2008-01-27 Love Hörnquist Ã…strand + + * test_common.c: Improve the error message. + +2008-01-24 Love Hörnquist Ã…strand + + * ntlm/accept_sec_context.c: Avoid free-ing type1 message before + its allocated. + +2008-01-13 Love Hörnquist Ã…strand * test_ntlm.c: Test source name (and make the acceptor in ntlm gss mech useful). -2007-12-30 Love Hörnquist Åstrand +2007-12-30 Love Hörnquist Ã…strand * ntlm/init_sec_context.c: Don't confuse target name and source name, make regressiont tests pass again. -2007-12-29 Love Hörnquist Åstrand +2007-12-29 Love Hörnquist Ã…strand * ntlm: clean up name handling -2007-12-04 Love Hörnquist Åstrand +2007-12-04 Love Hörnquist Ã…strand * ntlm/init_sec_context.c: Use credential if it was passed in. @@ -30,26 +137,26 @@ * mech/gss_release_oid_set.c: Avoid trying to deref NULL, from Phil Fisher. -2007-12-03 Love Hörnquist Åstrand +2007-12-03 Love Hörnquist Ã…strand * test_acquire_cred.c: Always try to fetch cred (even with GSS_C_NO_NAME). -2007-08-09 Love Hörnquist Åstrand +2007-08-09 Love Hörnquist Ã…strand * mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags. -2007-08-08 Love Hörnquist Åstrand +2007-08-08 Love Hörnquist Ã…strand * spnego/compat.c (_gss_spnego_internal_delete_sec_context): release ctx->target_name too From Rafal Malinowski. -2007-07-26 Love Hörnquist Åstrand +2007-07-26 Love Hörnquist Ã…strand * mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't have dlopen. From Rune of Chalmers. -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * mech/gss_duplicate_name.c: New signature of _gss_find_mn. @@ -73,7 +180,7 @@ * Makefile.am: New library version. -2007-07-04 Love Hörnquist Åstrand +2007-07-04 Love Hörnquist Ã…strand * mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from Rafal Malinowski. @@ -81,7 +188,7 @@ * spnego/spnego.asn1: Indent and make NegTokenInit and NegTokenResp extendable. -2007-06-21 Love Hörnquist Åstrand +2007-06-21 Love Hörnquist Ã…strand * ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred. @@ -90,7 +197,7 @@ * mech/context.c: If the canned string is "", its no use to the user, make it fall back to the default error string. -2007-06-20 Love Hörnquist Åstrand +2007-06-20 Love Hörnquist Ã…strand * mech/gss_display_name.c (gss_display_name): no name -> fail. From Rafal Malinswski. @@ -124,7 +231,7 @@ Rafal Malinowski, also while here moved to use NegotiationToken for decoding. -2007-06-18 Love Hörnquist Åstrand +2007-06-18 Love Hörnquist Ã…strand * krb5/prf.c (_gsskrb5_pseudo_random): add missing break. @@ -142,14 +249,14 @@ * mech/gss_krb5.c: Free memory in error case, found by beam. -2007-06-12 Love Hörnquist Åstrand +2007-06-12 Love Hörnquist Ã…strand * ntlm/inquire_context.c: Use ctx->gssflags for flags. * krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is not ment for machine consumption. -2007-06-09 Love Hörnquist Åstrand +2007-06-09 Love Hörnquist Ã…strand * ntlm/digest.c (kdc_alloc): free memory on failure, pointed out by Rafal Malinowski. @@ -160,11 +267,11 @@ * spnego/context_stubs.c (_gss_spnego_display_name): if input_name is null, fail. From Rafal Malinowski. -2007-06-04 Love Hörnquist Åstrand +2007-06-04 Love Hörnquist Ã…strand * ntlm/digest.c: Free memory when done. -2007-06-02 Love Hörnquist Åstrand +2007-06-02 Love Hörnquist Ã…strand * test_ntlm.c: Test both with and without keyex. @@ -173,7 +280,7 @@ * test_ntlm.c: Set keyex flag and calculate session key. -2007-05-31 Love Hörnquist Åstrand +2007-05-31 Love Hörnquist Ã…strand * spnego/accept_sec_context.c: Use the return value before is overwritten by later calls. From Rafal Malinowski @@ -181,14 +288,14 @@ * krb5/release_cred.c: Give an minor_status argument to gss_release_oid_set. From Rafal Malinowski -2007-05-30 Love Hörnquist Åstrand +2007-05-30 Love Hörnquist Ã…strand * ntlm/accept_sec_context.c: Catch errors and return the up the stack. * test_kcred.c: more testing of lifetimes -2007-05-17 Love Hörnquist Åstrand +2007-05-17 Love Hörnquist Ã…strand * Makefile.am: Drop the gss oid_set function for the krb5 mech, use the mech glue versions instead. Pointed out by Rafal @@ -196,22 +303,22 @@ * krb5: Use gss oid_set functions from mechglue -2007-05-14 Love Hörnquist Åstrand +2007-05-14 Love Hörnquist Ã…strand * ntlm/accept_sec_context.c: Set session key only if we are returned a session key. Found by David Love. -2007-05-13 Love Hörnquist Åstrand +2007-05-13 Love Hörnquist Ã…strand * krb5/prf.c: switched MIN to min to make compile on solaris, pointed out by David Love. -2007-05-09 Love Hörnquist Åstrand +2007-05-09 Love Hörnquist Ã…strand * krb5/inquire_cred_by_mech.c: Fill in all of the variables if they are passed in. Pointed out by Phil Fisher. -2007-05-08 Love Hörnquist Åstrand +2007-05-08 Love Hörnquist Ã…strand * krb5/inquire_cred.c: Fix copy and paste error, bug spotted by from Phil Fisher. @@ -232,7 +339,7 @@ * krb5/inquire_cred_by_mech.c: reimplement -2007-05-07 Love Hörnquist Åstrand +2007-05-07 Love Hörnquist Ã…strand * ntlm/acquire_cred.c: drop unused variable. @@ -242,19 +349,19 @@ * ntlm: split out backend ntlm server processing -2007-04-24 Love Hörnquist Åstrand +2007-04-24 Love Hörnquist Ã…strand * ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free credcache when done -2007-04-22 Love Hörnquist Åstrand +2007-04-22 Love Hörnquist Ã…strand * ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @ * ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm creds from the krb5 credential cache. -2007-04-21 Love Hörnquist Åstrand +2007-04-21 Love Hörnquist Ã…strand * ntlm/delete_sec_context.c: free the key stored in the context @@ -262,14 +369,14 @@ * test_oid.c: Switch oid to one that is exported. -2007-04-20 Love Hörnquist Åstrand +2007-04-20 Love Hörnquist Ã…strand * ntlm/init_sec_context.c: move where hash is calculated to make it easier to add ccache support. * Makefile.am: Add version-script.map to EXTRA_DIST. -2007-04-19 Love Hörnquist Åstrand +2007-04-19 Love Hörnquist Ã…strand * Makefile.am: Unconfuse newer versions of automake that doesn't know the diffrence between depenences and setting variables. foo: @@ -283,7 +390,7 @@ * version-script.map: add version script if ld supports it -2007-04-18 Love Hörnquist Åstrand +2007-04-18 Love Hörnquist Ã…strand * Makefile.am: test_acquire_cred need test_common.[ch] @@ -298,7 +405,7 @@ * mech/gss_krb5.c: reimplement gss_krb5_ccache_name -2007-04-17 Love Hörnquist Åstrand +2007-04-17 Love Hörnquist Ã…strand * spnego/cred_stubs.c: Need to import spnego name before we can use it as a gss_name_t. @@ -309,27 +416,27 @@ * mech/gss_acquire_cred.c (gss_acquire_cred): dont init cred->gc_mc every time in the loop. -2007-04-15 Love Hörnquist Åstrand +2007-04-15 Love Hörnquist Ã…strand * Makefile.am: add test_common.h -2007-02-16 Love Hörnquist Åstrand +2007-02-16 Love Hörnquist Ã…strand * gss_acquire_cred.3: Add link for gsskrb5_register_acceptor_identity. -2007-02-08 Love Hörnquist Åstrand +2007-02-08 Love Hörnquist Ã…strand * krb5/copy_ccache.c: Try to leak less memory in the failure case. -2007-01-31 Love Hörnquist Åstrand +2007-01-31 Love Hörnquist Ã…strand * mech/gss_display_status.c: Use right printf formater. * test_*.[ch]: split out the error printing function and try to return better errors -2007-01-30 Love Hörnquist Åstrand +2007-01-30 Love Hörnquist Ã…strand * krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it. @@ -337,7 +444,7 @@ This is because Kerberos always support INT|CONF, matches behavior with MS and MIT. The creates problems for the GSS-SPNEGO mech. -2007-01-24 Love Hörnquist Åstrand +2007-01-24 Love Hörnquist Ã…strand * krb5/prf.c: constrain desired_output_len @@ -364,7 +471,7 @@ * gssapi_mech.h: Add hook for gm_pseudo_random. -2007-01-17 Love Hörnquist Åstrand +2007-01-17 Love Hörnquist Ã…strand * test_context.c: Don't assume bufer from gss_display_status is ok. @@ -443,7 +550,7 @@ * mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a gss_buffer_t -2007-01-16 Love Hörnquist Åstrand +2007-01-16 Love Hörnquist Ã…strand * mech: sprinkel _gss_mg_error @@ -463,17 +570,17 @@ * gss.c: Detect NTLM. -2007-01-11 Love Hörnquist Åstrand +2007-01-11 Love Hörnquist Ã…strand * mech/gss_accept_sec_context.c: spelling -2007-01-04 Love Hörnquist Åstrand +2007-01-04 Love Hörnquist Ã…strand * Makefile.am: Include build (private) prototypes header files. * Makefile.am (ntlmsrc): add ntlm/ntlm-private.h -2006-12-28 Love Hörnquist Åstrand +2006-12-28 Love Hörnquist Ã…strand * ntlm/accept_sec_context.c: Pass signseal argument to _gss_ntlm_set_key. @@ -495,7 +602,7 @@ * ntlm/crypto.c: NTLMv2 sign and verify. -2006-12-20 Love Hörnquist Åstrand +2006-12-20 Love Hörnquist Ã…strand * ntlm/accept_sec_context.c: Don't send targetinfo now. @@ -508,7 +615,7 @@ * ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security (disable because missing sign and seal). -2006-12-19 Love Hörnquist Åstrand +2006-12-19 Love Hörnquist Ã…strand * ntlm/accept_sec_context.c: split RC4 send and recv keystreams @@ -540,7 +647,7 @@ on the opportunistic token instead of guessing the acceptor name and do gss_acquire_cred, this make SPNEGO work like before. -2006-12-18 Love Hörnquist Åstrand +2006-12-18 Love Hörnquist Ã…strand * ntlm/init_sec_context.c: Calculate the NTLM version 1 "master" key. @@ -592,11 +699,11 @@ that there are no credentials for) split NegTokenInit and NegTokenResp in acceptor -2006-12-16 Love Hörnquist Åstrand +2006-12-16 Love Hörnquist Ã…strand * ntlm/import_name.c: Allocate the buffer from the right length. -2006-12-15 Love Hörnquist Åstrand +2006-12-15 Love Hörnquist Ã…strand * ntlm/init_sec_context.c (init_sec_context): Tell the other side what domain we think we are talking to. @@ -633,33 +740,33 @@ * ntlm/accept_sec_context.c: Check after a credential to use. -2006-12-14 Love Hörnquist Åstrand +2006-12-14 Love Hörnquist Ã…strand * krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X): don't fail on success. Bug report from Stefan Metzmacher. -2006-12-13 Love Hörnquist Åstrand +2006-12-13 Love Hörnquist Ã…strand * krb5/init_sec_context.c (init_auth): only turn on GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it. From Stefan Metzmacher. -2006-12-11 Love Hörnquist Åstrand +2006-12-11 Love Hörnquist Ã…strand * Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h spnego_asn1.h. -2006-11-20 Love Hörnquist Åstrand +2006-11-20 Love Hörnquist Ã…strand * krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a context argument. -2006-11-16 Love Hörnquist Åstrand +2006-11-16 Love Hörnquist Ã…strand * test_context.c: Test that token keys are the same, return actual_mech. -2006-11-15 Love Hörnquist Åstrand +2006-11-15 Love Hörnquist Ã…strand * spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open. @@ -689,14 +796,14 @@ supported mechs list and make sure we don't select that for the preferred mechamism. -2006-11-14 Love Hörnquist Åstrand +2006-11-14 Love Hörnquist Ã…strand * mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the cred finding to its own function * krb5/wrap.c: Better error strings, from Andrew Bartlet. -2006-11-13 Love Hörnquist Åstrand +2006-11-13 Love Hörnquist Ã…strand * test_context.c: Create our own krb5_context. @@ -708,13 +815,13 @@ * mech/gss_set_cred_option.c: When calling ->gm_set_cred_option and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet. -2006-11-12 Love Hörnquist Åstrand +2006-11-12 Love Hörnquist Ã…strand * Makefile.am: Help solaris make even more. * Makefile.am: Help solaris make. -2006-11-09 Love Hörnquist Åstrand +2006-11-09 Love Hörnquist Ã…strand * Makefile.am: remove include $(srcdir)/Makefile-digest.am for now @@ -738,7 +845,7 @@ * krb5/gkrb5_err.et: Move the GSS_KRB5_S error here. -2006-11-08 Love Hörnquist Åstrand +2006-11-08 Love Hörnquist Ã…strand * mech/gss_krb5.c: Add gsskrb5_set_default_realm. @@ -749,7 +856,7 @@ * krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X -2006-11-07 Love Hörnquist Åstrand +2006-11-07 Love Hörnquist Ã…strand * test_context.c: rename krb5_[gs]et_time_wrap to krb5_[gs]et_max_time_skew @@ -784,12 +891,12 @@ * krb5/inquire_sec_context_by_oid.c: check if there is any key at all -2006-11-06 Love Hörnquist Åstrand +2006-11-06 Love Hörnquist Ã…strand * krb5/inquire_sec_context_by_oid.c: Set more error strings, use right enum for acceptor subkey. From Andrew Bartlett. -2006-11-04 Love Hörnquist Åstrand +2006-11-04 Love Hörnquist Ã…strand * test_context.c: Test gsskrb5_extract_service_keyblock, needed in PAC valication. From Andrew Bartlett @@ -802,7 +909,7 @@ * krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X -2006-11-03 Love Hörnquist Åstrand +2006-11-03 Love Hörnquist Ã…strand * test_context.c: Rename various routines and constants from canonize to canonicalize. From Andrew Bartlett @@ -819,12 +926,12 @@ * gssapi/gssapi_krb5.h: Rename various routines and constants from canonize to canonicalize. From Andrew Bartlett -2006-10-25 Love Hörnquist Åstrand +2006-10-25 Love Hörnquist Ã…strand * krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need to free ccache -2006-10-24 Love Hörnquist Åstrand +2006-10-24 Love Hörnquist Ã…strand * test_context.c (loop): free target_name @@ -843,7 +950,7 @@ * krb5/set_cred_option.c (import_cred): free sp -2006-10-22 Love Hörnquist Åstrand +2006-10-22 Love Hörnquist Ã…strand * mech/gss_add_oid_set_member.c: Use old implementation of gss_add_oid_set_member, it leaks less memory. @@ -855,7 +962,7 @@ * mech/gss_release_name.c (gss_release_name): free input_name it-self. -2006-10-21 Love Hörnquist Åstrand +2006-10-21 Love Hörnquist Ã…strand * test_context.c: Call setprogname. @@ -864,7 +971,7 @@ * gssapi/gssapi_krb5.h: add gsskrb5_extract_authtime_from_sec_context -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * krb5/inquire_sec_context_by_oid.c: Add get_authtime. @@ -883,7 +990,7 @@ * Makefile.am: more files -2006-10-19 Love Hörnquist Åstrand +2006-10-19 Love Hörnquist Ã…strand * Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/ @@ -894,7 +1001,7 @@ * gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to GSS_SASL_DIGEST_MD5_MECHANISM -2006-10-18 Love Hörnquist Åstrand +2006-10-18 Love Hörnquist Ã…strand * mech/gssapi.asn1: Make it into a heim_any_set, its doesn't except a tag. @@ -911,7 +1018,7 @@ * krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X, GSS_KRB5_GET_SUBKEY_X -2006-10-17 Love Hörnquist Åstrand +2006-10-17 Love Hörnquist Ã…strand * test_context.c: Support switching on name type oid's @@ -932,7 +1039,7 @@ * mech/gss_krb5.c: add bits to make lucid context work -2006-10-14 Love Hörnquist Åstrand +2006-10-14 Love Hörnquist Ã…strand * mech/gss_oid_to_str.c: Prefix der primitives with der_. @@ -943,7 +1050,7 @@ * mech/gss_oid_to_str.c: New der_print_heim_oid signature. -2006-10-12 Love Hörnquist Åstrand +2006-10-12 Love Hörnquist Ã…strand * Makefile.am: add test_context @@ -964,11 +1071,11 @@ * spnego/spnego_locl.h: Maybe include . -2006-10-09 Love Hörnquist Åstrand +2006-10-09 Love Hörnquist Ã…strand * mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined. -2006-10-08 Love Hörnquist Åstrand +2006-10-08 Love Hörnquist Ã…strand * Makefile.am: install gssapi_krb5.H and gssapi_spnego.h @@ -982,7 +1089,7 @@ * krb5: reference all include files using 'krb5/' -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * gssapi.h: Add file inclusion protection. @@ -997,14 +1104,14 @@ * Makefile.am: split build files into dist_ and noinst_ SOURCES -2006-10-06 Love Hörnquist Åstrand +2006-10-06 Love Hörnquist Ã…strand * gss.c: #if 0 out unused code. * mech/gss_mech_switch.c: Cast argument to ctype(3) functions to (unsigned char). -2006-10-05 Love Hörnquist Åstrand +2006-10-05 Love Hörnquist Ã…strand * mech/name.h: remove @@ -1012,7 +1119,7 @@ * mech/cred.h: remove -2006-10-02 Love Hörnquist Åstrand +2006-10-02 Love Hörnquist Ã…strand * krb5/arcfour.c: Thinker more with header lengths. @@ -1030,14 +1137,14 @@ * spnego/context_stubs.c: Make internal function static (and rename). -2006-10-01 Love Hörnquist Åstrand +2006-10-01 Love Hörnquist Ã…strand * krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald Barth. * spnego/spnego_locl.h: Include for MAXHOSTNAMELEN. -2006-09-25 Love Hörnquist Åstrand +2006-09-25 Love Hörnquist Ã…strand * krb5/arcfour.c: Add wrap support, interrop with itself but not w2k3s-sp1 @@ -1055,7 +1162,7 @@ protocol. It should be possible to detach the Kerberos DCE-style since it starts with a AP-REQ PDU, but that have to wait for now. -2006-09-22 Love Hörnquist Åstrand +2006-09-22 Love Hörnquist Ã…strand * gssapi.h: Add GSS_C flags from draft-brezak-win2k-krb-rc4-hmac-04.txt. @@ -1072,18 +1179,18 @@ initiator part from the samba patch by Stefan Metzmacher and Andrew Bartlet (still missing DCE/RPC support) -2006-08-28 Love Hörnquist Åstrand +2006-08-28 Love Hörnquist Ã…strand * gss.c (help): use sl_slc_help(). -2006-07-22 Love Hörnquist Åstrand +2006-07-22 Love Hörnquist Ã…strand * gss-commands.in: rename command to supported-mechanisms * Makefile.am: Make gss objects depend on the slc built gss-commands.h -2006-07-20 Love Hörnquist Åstrand +2006-07-20 Love Hörnquist Ã…strand * gss-commands.in: add slc commands for gss @@ -1116,7 +1223,7 @@ * mech/name.h: no need to mark _gss_find_mn extern. -2006-07-19 Love Hörnquist Åstrand +2006-07-19 Love Hörnquist Ã…strand * krb5/cfx.c: Redo the wrap length calculations. @@ -1124,7 +1231,7 @@ * mech/gss_display_status.c: Handle more error codes. -2006-07-07 Love Hörnquist Åstrand +2006-07-07 Love Hörnquist Ã…strand * mech/mech_locl.h: Include and "mechqueue.h" @@ -1146,7 +1253,7 @@ convert the name to a MN, fail with GSS_S_BAD_NAME rather then a NULL de-reference. -2006-07-06 Love Hörnquist Åstrand +2006-07-06 Love Hörnquist Ã…strand * spnego/external.c: readd gss_spnego_inquire_names_for_mech @@ -1171,7 +1278,7 @@ desired_mechs, get our own list with indicate_mechs and remove ourself. -2006-07-05 Love Hörnquist Åstrand +2006-07-05 Love Hörnquist Ã…strand * spnego/external.c: remove gss_spnego_inquire_names_for_mech, let the mechglue layer implement it @@ -1182,11 +1289,11 @@ * spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let the mechglue layer implement it -2006-07-01 Love Hörnquist Åstrand +2006-07-01 Love Hörnquist Ã…strand * mech/gss_set_cred_option.c: fix argument to gss_release_cred -2006-06-30 Love Hörnquist Åstrand +2006-06-30 Love Hörnquist Ã…strand * krb5/init_sec_context.c: Make work on compilers that are somewhat more picky then gcc4 (like gcc2.95) @@ -1232,7 +1339,7 @@ preferred_mech_type and negotiated_mech_type, they where never allocated from the begining. -2006-06-29 Love Hörnquist Åstrand +2006-06-29 Love Hörnquist Ã…strand * mech/gss_import_name.c (gss_import_name): avoid type-punned/strict aliasing rules @@ -1254,7 +1361,7 @@ * mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is NO_OID_SET, there is a need to load the mechs, so always do that. -2006-06-28 Love Hörnquist Åstrand +2006-06-28 Love Hörnquist Ã…strand * krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead pass a fullname to the credential, then resolve and @@ -1295,7 +1402,7 @@ * spnego: Import Luke Howard's SPNEGO from the mechglue branch -2006-06-22 Love Hörnquist Åstrand +2006-06-22 Love Hörnquist Ã…strand * gssapi.h: Add oid_to_str. @@ -1305,7 +1412,7 @@ * test_oid.c: Add test for gss_oid_to_str() -2006-05-13 Love Hörnquist Åstrand +2006-05-13 Love Hörnquist Ã…strand * verify_mic.c: Less pointer signedness warnings. @@ -1331,21 +1438,21 @@ * import_sec_context.c: Less pointer signedness warnings. -2006-05-09 Love Hörnquist Åstrand +2006-05-09 Love Hörnquist Ã…strand * accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From Andrew Abartlet. -2006-05-08 Love Hörnquist Åstrand +2006-05-08 Love Hörnquist Ã…strand * get_mic.c (mic_des3): make sure message_buffer doesn't point to free()ed memory on failure. Pointed out by IBM checker. -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand * Rename u_intXX_t to uintXX_t -2006-05-04 Love Hörnquist Åstrand +2006-05-04 Love Hörnquist Ã…strand * cfx.c: Less pointer signedness warnings. @@ -1355,7 +1462,7 @@ * 8003.c (gssapi_decode_*): make data argument const void * -2006-04-12 Love Hörnquist Åstrand +2006-04-12 Love Hörnquist Ã…strand * export_sec_context.c: Export sequence order element. From Wynn Wilkes . @@ -1369,12 +1476,12 @@ * test_sequence.c: Add test for import/export sequence. -2006-04-09 Love Hörnquist Åstrand +2006-04-09 Love Hörnquist Ã…strand * add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a standard conformance failure, but much better then a crash. -2006-04-02 Love Hörnquist Åstrand +2006-04-02 Love Hörnquist Ã…strand * get_mic.c (get_mic*)_: make sure message_token is cleaned on error, found by IBM checker. @@ -1382,22 +1489,22 @@ * wrap.c (wrap*): Reset output_buffer on error, found by IBM checker. -2006-02-15 Love Hörnquist Åstrand +2006-02-15 Love Hörnquist Ã…strand * import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names. -2006-01-16 Love Hörnquist Åstrand +2006-01-16 Love Hörnquist Ã…strand * delete_sec_context.c (gss_delete_sec_context): if the context handle is GSS_C_NO_CONTEXT, don't fall over. -2005-12-12 Love Hörnquist Åstrand +2005-12-12 Love Hörnquist Ã…strand * gss_acquire_cred.3: Replace gss_krb5_import_ccache with gss_krb5_import_cred and add more references -2005-12-05 Love Hörnquist Åstrand +2005-12-05 Love Hörnquist Ã…strand * gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred, it can handle keytabs too. @@ -1407,7 +1514,7 @@ * context_time.c (gssapi_lifetime_left): define the 0 lifetime as GSS_C_INDEFINITE. -2005-12-01 Love Hörnquist Åstrand +2005-12-01 Love Hörnquist Ã…strand * acquire_cred.c (acquire_acceptor_cred): only check if principal exists if we got called with principal as an argument. @@ -1415,12 +1522,12 @@ * acquire_cred.c (acquire_acceptor_cred): check that the acceptor exists in the keytab before returning ok. -2005-11-29 Love Hörnquist Åstrand +2005-11-29 Love Hörnquist Ã…strand * copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew Bartlett. -2005-11-25 Love Hörnquist Åstrand +2005-11-25 Love Hörnquist Ã…strand * test_kcred.c: Rename gss_krb5_import_ccache to gss_krb5_import_cred. @@ -1428,7 +1535,7 @@ * copy_ccache.c: Rename gss_krb5_import_ccache to gss_krb5_import_cred and let it grow code to handle keytabs too. -2005-11-02 Love Hörnquist Åstrand +2005-11-02 Love Hörnquist Ã…strand * init_sec_context.c: Change sematics of ok-as-delegate to match windows if @@ -1445,11 +1552,11 @@ * accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite to use gss_krb5_import_ccache -2005-11-01 Love Hörnquist Åstrand +2005-11-01 Love Hörnquist Ã…strand * arcfour.c: Remove signedness warnings. -2005-10-31 Love Hörnquist Åstrand +2005-10-31 Love Hörnquist Ã…strand * gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy by reference. @@ -1462,7 +1569,7 @@ * test_kcred.c: Remove memory leaks. -2005-10-26 Love Hörnquist Åstrand +2005-10-26 Love Hörnquist Ã…strand * Makefile.am: build test_kcred @@ -1484,13 +1591,13 @@ * test_kcred.c: test gss_krb5_import_ccache -2005-10-21 Love Hörnquist Åstrand +2005-10-21 Love Hörnquist Ã…strand * acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match to find a matching creditial cache, if that failes, fallback to the default cache. -2005-10-12 Love Hörnquist Åstrand +2005-10-12 Love Hörnquist Ã…strand * gssapi_locl.h: Add gssapi_krb5_set_status and gssapi_krb5_clear_status @@ -1501,17 +1608,17 @@ * display_status.c: Add gssapi_krb5_clear_status, gssapi_krb5_set_status for handling error messages. -2005-08-23 Love Hörnquist Åstrand +2005-08-23 Love Hörnquist Ã…strand * external.c: Use rk_UNCONST to avoid const warning. * display_status.c: Constify strings to avoid warnings. -2005-08-11 Love Hörnquist Åstrand +2005-08-11 Love Hörnquist Ã…strand * init_sec_context.c: avoid warnings, update (c) -2005-07-13 Love Hörnquist Åstrand +2005-07-13 Love Hörnquist Ã…strand * init_sec_context.c (spnego_initial): use NegotiationToken encoder now that we have one with the new asn1. compiler. @@ -1519,7 +1626,7 @@ * Makefile.am: the new asn.1 compiler includes the modules name in the depend file -2005-06-16 Love Hörnquist Åstrand +2005-06-16 Love Hörnquist Ã…strand * decapsulate.c: use rk_UNCONST @@ -1531,7 +1638,7 @@ * test_cred.c: rename optind to optidx -2005-05-30 Love Hörnquist Åstrand +2005-05-30 Love Hörnquist Ã…strand * init_sec_context.c (init_auth): honor ok-as-delegate if local configuration approves @@ -1540,7 +1647,7 @@ * compat.c: export check_compat as _gss_check_compat -2005-05-29 Love Hörnquist Åstrand +2005-05-29 Love Hörnquist Ã…strand * init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid problems with system headerfiles that pollute the name space. @@ -1548,13 +1655,13 @@ * accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid problems with system headerfiles that pollute the name space. -2005-05-17 Love Hörnquist Åstrand +2005-05-17 Love Hörnquist Ã…strand * init_sec_context.c (init_auth): set KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility), also while here, use krb5_auth_con_addflags -2005-05-06 Love Hörnquist Åstrand +2005-05-06 Love Hörnquist Ã…strand * arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap length. From: Tom Maher @@ -1563,12 +1670,12 @@ * test_cred.c (main): Call setprogname. -2005-04-27 Love Hörnquist Åstrand +2005-04-27 Love Hörnquist Ã…strand * prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes -2005-04-10 Love Hörnquist Åstrand +2005-04-10 Love Hörnquist Ã…strand * accept_sec_context.c: break out the processing of the delegated credential to a separate function to make error handling easier, @@ -1578,26 +1685,26 @@ * Makefile.am: add test_sequence to TESTS -2005-04-01 Love Hörnquist Åstrand +2005-04-01 Love Hörnquist Ã…strand * 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum isn't NULL From: Nicolas Pouvesle -2005-03-21 Love Hörnquist Åstrand +2005-03-21 Love Hörnquist Ã…strand * Makefile.am: use $(LIB_roken) -2005-03-16 Love Hörnquist Åstrand +2005-03-16 Love Hörnquist Ã…strand * display_status.c (gssapi_krb5_set_error_string): pass in the krb5_context to krb5_free_error_string -2005-03-15 Love Hörnquist Åstrand +2005-03-15 Love Hörnquist Ã…strand * display_status.c (gssapi_krb5_set_error_string): don't misuse the krb5_get_error_string api -2005-03-01 Love Hörnquist Åstrand +2005-03-01 Love Hörnquist Ã…strand * compat.c (_gss_DES3_get_mic_compat): don't unlock mutex here. Bug reported by Stefan Metzmacher @@ -1643,33 +1750,33 @@ * wrap.c: use gss_krb5_get_subkey(), support KEYTYPE_ARCFOUR_56 -2004-11-30 Love Hörnquist Åstrand +2004-11-30 Love Hörnquist Ã…strand * inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and gss_release_cred to avoid deadlock, from Luke Howard . -2004-09-06 Love Hörnquist Åstrand +2004-09-06 Love Hörnquist Ã…strand * gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context was renamed to gsskrb5_extract_authz_data_from_sec_context -2004-08-07 Love Hörnquist Åstrand +2004-08-07 Love Hörnquist Ã…strand * unwrap.c: mutex buglet, From: Luke Howard * arcfour.c: mutex buglet, From: Luke Howard -2004-05-06 Love Hörnquist Åstrand +2004-05-06 Love Hörnquist Ã…strand * gssapi.3: spelling from Josef El-Rayes while here, write some text about the SPNEGO situation -2004-04-08 Love Hörnquist Åstrand +2004-04-08 Love Hörnquist Ã…strand * cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/ -2004-04-07 Love Hörnquist Åstrand +2004-04-07 Love Hörnquist Ã…strand * gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke Howard @@ -1688,7 +1795,7 @@ * compat.c: add _gss_spnego_require_mechlist_mic for compatibility with MS SPNEGO, From: Luke Howard -2004-04-05 Love Hörnquist Åstrand +2004-04-05 Love Hörnquist Ã…strand * accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is an enctype, not keytype @@ -1700,7 +1807,7 @@ * init_sec_context.c (spnego_initial): handle mech_token better -2004-03-19 Love Hörnquist Åstrand +2004-03-19 Love Hörnquist Ã…strand * gssapi.h: add gss_krb5_get_tkt_flags @@ -1711,7 +1818,7 @@ * gss_acquire_cred.3: document gss_krb5_get_tkt_flags -2004-03-14 Love Hörnquist Åstrand +2004-03-14 Love Hörnquist Ã…strand * acquire_cred.c (gss_acquire_cred): check usage before even bothering to process it, add both keytab and initial tgt if @@ -1744,7 +1851,7 @@ * test_acquire_cred.c: fix comment -2004-03-07 Love Hörnquist Åstrand +2004-03-07 Love Hörnquist Ã…strand * arcfour.h: drop structures for message formats, no longer used @@ -1762,7 +1869,7 @@ * Makefile.am: spnego_files += asn1_NegotiationToken.x -2004-01-25 Love Hörnquist Åstrand +2004-01-25 Love Hörnquist Ã…strand * gssapi.h: add gss_krb5_ccache_name @@ -1776,51 +1883,51 @@ * gss_acquire_cred.3: document gss_krb5_ccache_name -2003-12-12 Love Hörnquist Åstrand +2003-12-12 Love Hörnquist Ã…strand * cfx.c: make rrc a modulus operation if its longer then the length of the message, noticed by Sam Hartman -2003-12-07 Love Hörnquist Åstrand +2003-12-07 Love Hörnquist Ã…strand * accept_sec_context.c: use krb5_auth_con_addflags -2003-12-05 Love Hörnquist Åstrand +2003-12-05 Love Hörnquist Ã…strand * cfx.c: Wrap token id was in wrong order, found by Sam Hartman -2003-12-04 Love Hörnquist Åstrand +2003-12-04 Love Hörnquist Ã…strand * cfx.c: add AcceptorSubkey (but no code understand it yet) ignore unknown token flags -2003-11-22 Love Hörnquist Åstrand +2003-11-22 Love Hörnquist Ã…strand * accept_sec_context.c: Don't require timestamp to be set on delegated token, its already protected by the outer token (and windows doesn't alway send it) Pointed out by Zi-Bin Yang on heimdal-discuss -2003-11-14 Love Hörnquist Åstrand +2003-11-14 Love Hörnquist Ã…strand * cfx.c: fix {} error, pointed out by Liqiang Zhu -2003-11-10 Love Hörnquist Åstrand +2003-11-10 Love Hörnquist Ã…strand * cfx.c: Sequence number should be stored in bigendian order From: Luke Howard -2003-11-09 Love Hörnquist Åstrand +2003-11-09 Love Hörnquist Ã…strand * delete_sec_context.c (gss_delete_sec_context): don't free ticket, krb5_free_ticket does that now -2003-11-06 Love Hörnquist Åstrand +2003-11-06 Love Hörnquist Ã…strand * cfx.c: checksum the header last in MIC token, update to -03 From: Luke Howard -2003-10-07 Love Hörnquist Åstrand +2003-10-07 Love Hörnquist Ã…strand * add_cred.c: If its a MEMORY cc, make a copy. We need to do this since now gss_release_cred will destroy the cred. This should be @@ -1833,12 +1940,12 @@ * acquire_cred.c (acquire_initiator_cred): use kret instead of ret where appropriate -2003-09-30 Love Hörnquist Åstrand +2003-09-30 Love Hörnquist Ã…strand * gss_acquire_cred.3: spelling From: jmc -2003-09-23 Love Hörnquist Åstrand +2003-09-23 Love Hörnquist Ã…strand * cfx.c: - EC and RRC are big-endian, not little-endian - The default is now to rotate regardless of GSS_C_DCE_STYLE. There are @@ -1846,7 +1953,7 @@ avoids allocating memory on the heap if rrc <= 256 From: Luke Howard -2003-09-22 Love Hörnquist Åstrand +2003-09-22 Love Hörnquist Ã…strand * cfx.[ch]: rrc_rotate() was untested and broken, fix it. Set and verify wrap Token->Filler. @@ -1854,12 +1961,12 @@ were accidentally swapped with delete tokens. From: Luke Howard -2003-09-21 Love Hörnquist Åstrand +2003-09-21 Love Hörnquist Ã…strand * cfx.[ch]: no ASN.1-ish header on per-message tokens From: Luke Howard -2003-09-19 Love Hörnquist Åstrand +2003-09-19 Love Hörnquist Ã…strand * arcfour.h: remove depenency on gss_arcfour_mic_token and gss_arcfour_warp_token @@ -1867,11 +1974,11 @@ * arcfour.c: remove depenency on gss_arcfour_mic_token and gss_arcfour_warp_token -2003-09-18 Love Hörnquist Åstrand +2003-09-18 Love Hörnquist Ã…strand * 8003.c: remove #if 0'ed code -2003-09-17 Love Hörnquist Åstrand +2003-09-17 Love Hörnquist Ã…strand * accept_sec_context.c (gsskrb5_accept_sec_context): set sequence number when not requesting mutual auth From: Luke Howard @@ -1880,7 +1987,7 @@ * init_sec_context.c (init_auth): set sequence number when not requesting mutual auth From: Luke Howard -2003-09-16 Love Hörnquist Åstrand +2003-09-16 Love Hörnquist Ã…strand * arcfour.c (*): set minor_status (gss_wrap): set conf_state to conf_req_flags on success @@ -1889,14 +1996,14 @@ * wrap.c (gss_wrap_size_limit): use existing function From: Luke Howard -2003-09-12 Love Hörnquist Åstrand +2003-09-12 Love Hörnquist Ã…strand * indicate_mechs.c (gss_indicate_mechs): in case of error, free mech_set * indicate_mechs.c (gss_indicate_mechs): add SPNEGO -2003-09-10 Love Hörnquist Åstrand +2003-09-10 Love Hörnquist Ã…strand * init_sec_context.c (spnego_initial): catch errors and return them @@ -1905,7 +2012,7 @@ the CHOICE branch encoding, also where here, free no longer used memory -2003-09-09 Love Hörnquist Åstrand +2003-09-09 Love Hörnquist Ã…strand * gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM @@ -1934,22 +2041,22 @@ * Makefile.am: build SPNEGO file -2003-09-08 Love Hörnquist Åstrand +2003-09-08 Love Hörnquist Ã…strand * external.c: SPENGO and IAKERB oids * spnego.asn1: SPENGO ASN1 -2003-09-05 Love Hörnquist Åstrand +2003-09-05 Love Hörnquist Ã…strand * cfx.c: RRC also need to be zero before wraping them From: Luke Howard -2003-09-04 Love Hörnquist Åstrand +2003-09-04 Love Hörnquist Ã…strand * encapsulate.c (gssapi_krb5_encap_length): don't return void -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * verify_mic.c: switch from the des_ to the DES_ api @@ -1965,7 +2072,7 @@ * acquire_cred.c: use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free -2003-09-01 Love Hörnquist Åstrand +2003-09-01 Love Hörnquist Ã…strand * copy_ccache.c: rename gss_krb5_extract_authz_data_from_sec_context to @@ -1974,7 +2081,7 @@ * gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to gsskrb5_extract_authz_data_from_sec_context -2003-08-31 Love Hörnquist Åstrand +2003-08-31 Love Hörnquist Ã…strand * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context): check that we have a ticket before we start to use it @@ -1991,12 +2098,12 @@ * verify_mic.c (gss_verify_mic_internal): switch type and key argument -2003-08-30 Love Hörnquist Åstrand +2003-08-30 Love Hörnquist Ã…strand * cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation From: Luke Howard -2003-08-28 Love Hörnquist Åstrand +2003-08-28 Love Hörnquist Ã…strand * arcfour.c (arcfour_mic_cksum): use free_Checksum to free the checksum @@ -2048,7 +2155,7 @@ * 8003.c: add gssapi_{en,de}code_be_om_uint32 -2003-08-27 Love Hörnquist Åstrand +2003-08-27 Love Hörnquist Ã…strand * arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right area. Swap filler check, it was reversed. @@ -2061,7 +2168,7 @@ * arcfour.h: arcfour gss-api mech, get_mic/verify_mic working -2003-08-26 Love Hörnquist Åstrand +2003-08-26 Love Hörnquist Ã…strand * gssapi_locl.h: always include cfx.h add prototype for _gssapi_decapsulate @@ -2072,7 +2179,7 @@ * decapsulate.c: add _gssapi_decapsulate, from Luke Howard -2003-08-25 Love Hörnquist Åstrand +2003-08-25 Love Hörnquist Ã…strand * unwrap.c: encap/decap now takes a oid if the enctype/keytype is arcfour, return error add hook for cfx @@ -2104,17 +2211,17 @@ * inquire_cred.c (gss_inquire_cred): handle cred_handle being GSS_C_NO_CREDENTIAL and use the default cred then. -2003-08-19 Love Hörnquist Åstrand +2003-08-19 Love Hörnquist Ã…strand * gss_acquire_cred.3: break out extensions and document gsskrb5_register_acceptor_identity -2003-08-18 Love Hörnquist Åstrand +2003-08-18 Love Hörnquist Ã…strand * test_acquire_cred.c (print_time): time is returned in seconds from now, not unix time -2003-08-17 Love Hörnquist Åstrand +2003-08-17 Love Hörnquist Ã…strand * compat.c (check_compat): avoid leaking principal when finding a match @@ -2125,7 +2232,7 @@ * acquire_cred.c (gss_acquire_cred): 4th argument to gss_test_oid_set_member is a int -2003-07-22 Love Hörnquist Åstrand +2003-07-22 Love Hörnquist Ã…strand * init_sec_context.c (repl_mutual): don't set kerberos error where there was no kerberos error @@ -2140,12 +2247,12 @@ krb5_context. Add destruction/creation functions for the thread specific storage that the error string handling is using. -2003-07-20 Love Hörnquist Åstrand +2003-07-20 Love Hörnquist Ã…strand * gss_acquire_cred.3: add missing prototype and missing .Ft arguments -2003-06-17 Love Hörnquist Åstrand +2003-06-17 Love Hörnquist Ã…strand * verify_mic.c: reorder code so sequence numbers can can be used @@ -2173,7 +2280,7 @@ * Makefile.am: can't have sequence.c in two different places -2003-06-06 Love Hörnquist Åstrand +2003-06-06 Love Hörnquist Ã…strand * test_sequence.c: check rollover, print summery @@ -2184,7 +2291,7 @@ From: Luke Howard -2003-06-05 Love Hörnquist Åstrand +2003-06-05 Love Hörnquist Ã…strand * gssapi_locl.h: add prototypes for sequence.c @@ -2194,7 +2301,7 @@ * sequence.c: sequence number checks, order and replay * test_sequence.c: sequence number checks, order and replay -2003-06-03 Love Hörnquist Åstrand +2003-06-03 Love Hörnquist Ã…strand * accept_sec_context.c (gss_accept_sec_context): make sure time is returned in seconds from now, not in kerberos time @@ -2213,7 +2320,7 @@ * verify_mic.c: make sure minor_status is always set, pointed out by Luke Howard -2003-05-21 Love Hörnquist Åstrand +2003-05-21 Love Hörnquist Ã…strand * *.[ch]: do some basic locking (no reference counting so contexts can be removed while still used) @@ -2224,16 +2331,16 @@ * gss_acquire_cred.3: document argument lifetime_rec to function gss_inquire_context -2003-05-17 Love Hörnquist Åstrand +2003-05-17 Love Hörnquist Ã…strand * test_acquire_cred.c: test gss_add_cred more then once -2003-05-06 Love Hörnquist Åstrand +2003-05-06 Love Hörnquist Ã…strand * gssapi.h: if __cplusplus, wrap the extern variable (just to be safe) and functions in extern "C" { } -2003-04-30 Love Hörnquist Åstrand +2003-04-30 Love Hörnquist Ã…strand * gssapi.3: more about the des3 mic mess @@ -2245,14 +2352,14 @@ * verify_mic.c (verify_mic_des3): If MIC verification fails, retry using the `old' MIC computation (with zero IV). -2003-04-26 Love Hörnquist Åstrand +2003-04-26 Love Hörnquist Ã…strand * gss_acquire_cred.3: more about difference between comparing IN and MN * gss_acquire_cred.3: more about name type and access control -2003-04-25 Love Hörnquist Åstrand +2003-04-25 Love Hörnquist Ã…strand * gss_acquire_cred.3: document gss_context_time @@ -2273,17 +2380,17 @@ (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if gss_krb5_compat_des3_mic exists -2003-04-24 Love Hörnquist Åstrand +2003-04-24 Love Hörnquist Ã…strand * Makefile.am: (libgssapi_la_LDFLAGS): update major version of gssapi for incompatiblity in 3des getmic support -2003-04-23 Love Hörnquist Åstrand +2003-04-23 Love Hörnquist Ã…strand * Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not ./libgssapi.la (make make -jN work) -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * gssapi.3: spelling @@ -2291,7 +2398,7 @@ header.h, from Thomas Klausner -2003-04-06 Love Hörnquist Åstrand +2003-04-06 Love Hörnquist Ã…strand * gss_acquire_cred.3: spelling @@ -2307,26 +2414,26 @@ * test_acquire_cred.c: test gss_add_cred too -2003-04-03 Love Hörnquist Åstrand +2003-04-03 Love Hörnquist Ã…strand * Makefile.am: build test_acquire_cred * test_acquire_cred.c: simple gss_acquire_cred test -2003-04-02 Love Hörnquist Åstrand +2003-04-02 Love Hörnquist Ã…strand * gss_acquire_cred.3: s/gssapi/GSS-API/ -2003-03-19 Love Hörnquist Åstrand +2003-03-19 Love Hörnquist Ã…strand * gss_acquire_cred.3: document v1 interface (and that they are obsolete) -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * gss_acquire_cred.3: list supported mechanism and nametypes -2003-03-16 Love Hörnquist Åstrand +2003-03-16 Love Hörnquist Ã…strand * gss_acquire_cred.3: text about gss_display_name @@ -2438,7 +2545,7 @@ * gssapi.h: comment out the argument names -2003-03-15 Love Hörnquist Åstrand +2003-03-15 Love Hörnquist Ã…strand * gssapi.3: add LIST OF FUNCTIONS and copyright/license @@ -2446,29 +2553,29 @@ * Makefile.am: man_MANS += gss_aquire_cred.3 -2003-03-14 Love Hörnquist Åstrand +2003-03-14 Love Hörnquist Ã…strand * gss_aquire_cred.3: the gssapi api manpage -2003-03-03 Love Hörnquist Åstrand +2003-03-03 Love Hörnquist Ã…strand * inquire_context.c: (gss_inquire_context): rename argument open to open_context * gssapi.h (gss_inquire_context): rename argument open to open_context -2003-02-27 Love Hörnquist Åstrand +2003-02-27 Love Hörnquist Ã…strand * init_sec_context.c (do_delegation): remove unused variable subkey * gssapi.3: all 0.5.x version had broken token delegation -2003-02-21 Love Hörnquist Åstrand +2003-02-21 Love Hörnquist Ã…strand * (init_auth): only generate one subkey -2003-01-27 Love Hörnquist Åstrand +2003-01-27 Love Hörnquist Ã…strand * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform to rfc (and mit kerberos), provide backward compat hook diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am index 23264828221..919799fa80b 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.am +++ b/crypto/heimdal/lib/gssapi/Makefile.am @@ -1,12 +1,18 @@ -# $Id: Makefile.am 22399 2008-01-11 14:25:47Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common AUTOMAKE_OPTIONS = subdir-objects -AM_CPPFLAGS += -I$(srcdir)/../krb5 \ +AM_CPPFLAGS += \ + -I$(srcdir)/../krb5 \ -I$(srcdir) \ + -I$(srcdir)/gssapi \ -I$(srcdir)/mech \ + -I$(srcdir)/ntlm \ + -I$(srcdir)/krb5 \ + -I$(srcdir)/spnego \ + $(INCLUDE_libintl) \ $(INCLUDE_hcrypto) \ $(INCLUDE_krb4) @@ -18,8 +24,10 @@ krb5src = \ krb5/acquire_cred.c \ krb5/add_cred.c \ krb5/address_to_krb5addr.c \ + krb5/aeap.c \ krb5/arcfour.c \ krb5/canonicalize_name.c \ + krb5/creds.c \ krb5/ccache_name.c \ krb5/cfx.c \ krb5/cfx.h \ @@ -51,17 +59,19 @@ krb5src = \ krb5/inquire_mechs_for_name.c \ krb5/inquire_names_for_mech.c \ krb5/inquire_sec_context_by_oid.c \ + krb5/pname_to_uid.c \ krb5/process_context_token.c \ krb5/prf.c \ krb5/release_buffer.c \ krb5/release_cred.c \ krb5/release_name.c \ krb5/sequence.c \ + krb5/store_cred.c \ krb5/set_cred_option.c \ krb5/set_sec_context_option.c \ krb5/ticket_flags.c \ krb5/unwrap.c \ - krb5/v1.c \ + krb5/authorize_localname.c \ krb5/verify_mic.c \ krb5/wrap.c @@ -69,25 +79,36 @@ mechsrc = \ mech/context.h \ mech/context.c \ mech/cred.h \ + mech/compat.h \ + mech/doxygen.c \ mech/gss_accept_sec_context.c \ mech/gss_acquire_cred.c \ + mech/gss_acquire_cred_ext.c \ + mech/gss_acquire_cred_with_password.c \ mech/gss_add_cred.c \ + mech/gss_add_cred_with_password.c \ mech/gss_add_oid_set_member.c \ + mech/gss_aeap.c \ mech/gss_buffer_set.c \ mech/gss_canonicalize_name.c \ mech/gss_compare_name.c \ mech/gss_context_time.c \ mech/gss_create_empty_oid_set.c \ + mech/gss_cred.c \ mech/gss_decapsulate_token.c \ + mech/gss_delete_name_attribute.c \ mech/gss_delete_sec_context.c \ mech/gss_display_name.c \ + mech/gss_display_name_ext.c \ mech/gss_display_status.c \ mech/gss_duplicate_name.c \ mech/gss_duplicate_oid.c \ mech/gss_encapsulate_token.c \ mech/gss_export_name.c \ + mech/gss_export_name_composite.c \ mech/gss_export_sec_context.c \ mech/gss_get_mic.c \ + mech/gss_get_name_attribute.c \ mech/gss_import_name.c \ mech/gss_import_sec_context.c \ mech/gss_indicate_mechs.c \ @@ -97,12 +118,16 @@ mechsrc = \ mech/gss_inquire_cred_by_mech.c \ mech/gss_inquire_cred_by_oid.c \ mech/gss_inquire_mechs_for_name.c \ + mech/gss_inquire_name.c \ mech/gss_inquire_names_for_mech.c \ mech/gss_krb5.c \ mech/gss_mech_switch.c \ + mech/gss_mo.c \ mech/gss_names.c \ + mech/gss_oid.c \ mech/gss_oid_equal.c \ mech/gss_oid_to_str.c \ + mech/gss_pname_to_uid.c \ mech/gss_process_context_token.c \ mech/gss_pseudo_random.c \ mech/gss_release_buffer.c \ @@ -112,11 +137,14 @@ mechsrc = \ mech/gss_release_oid_set.c \ mech/gss_seal.c \ mech/gss_set_cred_option.c \ + mech/gss_set_name_attribute.c \ mech/gss_set_sec_context_option.c \ mech/gss_sign.c \ + mech/gss_store_cred.c \ mech/gss_test_oid_set_member.c \ mech/gss_unseal.c \ mech/gss_unwrap.c \ + mech/gss_authorize_localname.c \ mech/gss_utils.c \ mech/gss_verify.c \ mech/gss_verify_mic.c \ @@ -146,6 +174,7 @@ ntlmsrc = \ ntlm/canonicalize_name.c \ ntlm/compare_name.c \ ntlm/context_time.c \ + ntlm/creds.c \ ntlm/crypto.c \ ntlm/delete_sec_context.c \ ntlm/display_name.c \ @@ -161,14 +190,15 @@ ntlmsrc = \ ntlm/indicate_mechs.c \ ntlm/init_sec_context.c \ ntlm/inquire_context.c \ - ntlm/inquire_cred.c \ ntlm/inquire_cred_by_mech.c \ ntlm/inquire_mechs_for_name.c \ ntlm/inquire_names_for_mech.c \ + ntlm/inquire_sec_context_by_oid.c \ + ntlm/iter_cred.c \ ntlm/process_context_token.c \ ntlm/release_cred.c \ ntlm/release_name.c \ - ntlm/digest.c + ntlm/kdc.c $(srcdir)/ntlm/ntlm-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h @@ -184,7 +214,9 @@ nodist_libgssapi_la_SOURCES = \ gkrb5_err.h \ $(BUILT_SOURCES) -libgssapi_la_LDFLAGS = -version-info 2:0:0 +libgssapi_la_DEPENDENCIES = version-script.map + +libgssapi_la_LDFLAGS = -version-info 3:0:0 if versionscript libgssapi_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map @@ -206,9 +238,12 @@ noinst_HEADERS = \ ntlm/ntlm-private.h \ spnego/spnego-private.h \ krb5/gsskrb5-private.h + nobase_include_HEADERS = \ gssapi/gssapi.h \ gssapi/gssapi_krb5.h \ + gssapi/gssapi_ntlm.h \ + gssapi/gssapi_oid.h \ gssapi/gssapi_spnego.h gssapidir = $(includedir)/gssapi @@ -227,9 +262,13 @@ spnego_files = \ asn1_NegTokenInitWin.x \ asn1_NegTokenResp.x -$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h -$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h -$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h +BUILTHEADERS = \ + $(srcdir)/krb5/gsskrb5-private.h \ + $(srcdir)/spnego/spnego-private.h \ + $(srcdir)/ntlm/ntlm-private.h + +$(libgssapi_la_OBJECTS): $(BUILTHEADERS) +$(test_context_OBJECTS): $(BUILTHEADERS) $(libgssapi_la_OBJECTS): $(srcdir)/version-script.map @@ -237,18 +276,18 @@ BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c) CLEANFILES = $(BUILT_SOURCES) \ gkrb5_err.h gkrb5_err.c \ - $(spnego_files) spnego_asn1.h spnego_asn1_files \ - $(gssapi_files) gssapi_asn1.h gssapi_asn1_files \ + $(spnego_files) spnego_asn1*.h* spnego_asn1_files spnego_asn1-template.c \ + $(gssapi_files) gssapi_asn1*.h* gssapi_asn1_files gssapi_asn1-template.c \ gss-commands.h gss-commands.c -$(spnego_files) spnego_asn1.h: spnego_asn1_files -$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files +$(spnego_files) spnego_asn1.hx spnego_asn1-priv.hx: spnego_asn1_files +$(gssapi_files) gssapi_asn1.hx gssapi_asn1-priv.hx: gssapi_asn1_files -spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1 - ../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1 +spnego_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/spnego/spnego.asn1 $(srcdir)/spnego/spnego.opt + $(ASN1_COMPILE) --option-file=$(srcdir)/spnego/spnego.opt $(srcdir)/spnego/spnego.asn1 spnego_asn1 -gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1 +gssapi_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/mech/gssapi.asn1 + $(ASN1_COMPILE) $(srcdir)/mech/gssapi.asn1 gssapi_asn1 $(srcdir)/krb5/gsskrb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h @@ -264,7 +303,7 @@ test_cfx_SOURCES = krb5/test_cfx.c check_PROGRAMS = test_acquire_cred $(TESTS) -bin_PROGRAMS = gss +bin_PROGRAMS = gsstool noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm test_context_SOURCES = test_context.c test_common.c test_common.h @@ -281,33 +320,39 @@ LDADD = libgssapi.la \ # gss -dist_gss_SOURCES = gss.c -nodist_gss_SOURCES = gss-commands.c gss-commands.h +dist_gsstool_SOURCES = gsstool.c +nodist_gsstool_SOURCES = gss-commands.c gss-commands.h -gss_LDADD = libgssapi.la \ +gsstool_LDADD = libgssapi.la \ $(top_builddir)/lib/sl/libsl.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_readline) \ $(LIB_roken) -SLC = $(top_builddir)/lib/sl/slc - gss-commands.c gss-commands.h: gss-commands.in $(SLC) $(srcdir)/gss-commands.in -$(gss_OBJECTS): gss-commands.h +$(gsstool_OBJECTS): gss-commands.h EXTRA_DIST = \ + NTMakefile \ + libgssapi-version.rc \ + libgssapi-exports.def \ $(man_MANS) \ krb5/gkrb5_err.et \ mech/gssapi.asn1 \ spnego/spnego.asn1 \ + spnego/spnego.opt \ version-script.map \ gss-commands.in -# to help stupid solaris make - -$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h +$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h gssapi_asn1-priv.h +$(libgssapi_la_OBJECTS): spnego_asn1.h spnego_asn1-priv.h +$(libgssapi_la_OBJECTS): $(srcdir)/gssapi/gssapi_oid.h gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et $(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et + +$(srcdir)/gssapi/gssapi_oid.h $(srcdir)/mech/gss_oid.c: + perl $(srcdir)/gen-oid.pl -b base -h $(srcdir)/oid.txt > $(srcdir)/gssapi/gssapi_oid.h + perl $(srcdir)/gen-oid.pl -b base $(srcdir)/oid.txt > $(srcdir)/mech/gss_oid.c diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in index 9886d49b185..46499032d33 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.in +++ b/crypto/heimdal/lib/gssapi/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22399 2008-01-11 14:25:47Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -47,13 +49,13 @@ DIST_COMMON = $(include_HEADERS) $(nobase_include_HEADERS) \ @versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map TESTS = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT) check_PROGRAMS = test_acquire_cred$(EXEEXT) $(am__EXEEXT_1) -bin_PROGRAMS = gss$(EXEEXT) +bin_PROGRAMS = gsstool$(EXEEXT) noinst_PROGRAMS = test_cred$(EXEEXT) test_kcred$(EXEEXT) \ test_context$(EXEEXT) test_ntlm$(EXEEXT) subdir = lib/gssapi ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -68,7 +70,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -82,9 +84,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -92,36 +97,47 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \ "$(DESTDIR)$(gssapidir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = -libgssapi_la_DEPENDENCIES = $(top_builddir)/lib/ntlm/libheimntlm.la \ - $(top_builddir)/lib/krb5/libkrb5.la \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am__objects_1 = krb5/8003.lo krb5/accept_sec_context.lo \ krb5/acquire_cred.lo krb5/add_cred.lo \ - krb5/address_to_krb5addr.lo krb5/arcfour.lo \ - krb5/canonicalize_name.lo krb5/ccache_name.lo krb5/cfx.lo \ - krb5/compare_name.lo krb5/compat.lo krb5/context_time.lo \ - krb5/copy_ccache.lo krb5/decapsulate.lo \ + krb5/address_to_krb5addr.lo krb5/aeap.lo krb5/arcfour.lo \ + krb5/canonicalize_name.lo krb5/creds.lo krb5/ccache_name.lo \ + krb5/cfx.lo krb5/compare_name.lo krb5/compat.lo \ + krb5/context_time.lo krb5/copy_ccache.lo krb5/decapsulate.lo \ krb5/delete_sec_context.lo krb5/display_name.lo \ krb5/display_status.lo krb5/duplicate_name.lo \ krb5/encapsulate.lo krb5/export_name.lo \ @@ -131,54 +147,66 @@ am__objects_1 = krb5/8003.lo krb5/accept_sec_context.lo \ krb5/inquire_context.lo krb5/inquire_cred.lo \ krb5/inquire_cred_by_mech.lo krb5/inquire_cred_by_oid.lo \ krb5/inquire_mechs_for_name.lo krb5/inquire_names_for_mech.lo \ - krb5/inquire_sec_context_by_oid.lo \ + krb5/inquire_sec_context_by_oid.lo krb5/pname_to_uid.lo \ krb5/process_context_token.lo krb5/prf.lo \ krb5/release_buffer.lo krb5/release_cred.lo \ - krb5/release_name.lo krb5/sequence.lo krb5/set_cred_option.lo \ - krb5/set_sec_context_option.lo krb5/ticket_flags.lo \ - krb5/unwrap.lo krb5/v1.lo krb5/verify_mic.lo krb5/wrap.lo -am__objects_2 = mech/context.lo mech/gss_accept_sec_context.lo \ - mech/gss_acquire_cred.lo mech/gss_add_cred.lo \ - mech/gss_add_oid_set_member.lo mech/gss_buffer_set.lo \ - mech/gss_canonicalize_name.lo mech/gss_compare_name.lo \ - mech/gss_context_time.lo mech/gss_create_empty_oid_set.lo \ - mech/gss_decapsulate_token.lo mech/gss_delete_sec_context.lo \ - mech/gss_display_name.lo mech/gss_display_status.lo \ + krb5/release_name.lo krb5/sequence.lo krb5/store_cred.lo \ + krb5/set_cred_option.lo krb5/set_sec_context_option.lo \ + krb5/ticket_flags.lo krb5/unwrap.lo \ + krb5/authorize_localname.lo krb5/verify_mic.lo krb5/wrap.lo +am__objects_2 = mech/context.lo mech/doxygen.lo \ + mech/gss_accept_sec_context.lo mech/gss_acquire_cred.lo \ + mech/gss_acquire_cred_ext.lo \ + mech/gss_acquire_cred_with_password.lo mech/gss_add_cred.lo \ + mech/gss_add_cred_with_password.lo \ + mech/gss_add_oid_set_member.lo mech/gss_aeap.lo \ + mech/gss_buffer_set.lo mech/gss_canonicalize_name.lo \ + mech/gss_compare_name.lo mech/gss_context_time.lo \ + mech/gss_create_empty_oid_set.lo mech/gss_cred.lo \ + mech/gss_decapsulate_token.lo \ + mech/gss_delete_name_attribute.lo \ + mech/gss_delete_sec_context.lo mech/gss_display_name.lo \ + mech/gss_display_name_ext.lo mech/gss_display_status.lo \ mech/gss_duplicate_name.lo mech/gss_duplicate_oid.lo \ mech/gss_encapsulate_token.lo mech/gss_export_name.lo \ + mech/gss_export_name_composite.lo \ mech/gss_export_sec_context.lo mech/gss_get_mic.lo \ - mech/gss_import_name.lo mech/gss_import_sec_context.lo \ - mech/gss_indicate_mechs.lo mech/gss_init_sec_context.lo \ - mech/gss_inquire_context.lo mech/gss_inquire_cred.lo \ - mech/gss_inquire_cred_by_mech.lo \ + mech/gss_get_name_attribute.lo mech/gss_import_name.lo \ + mech/gss_import_sec_context.lo mech/gss_indicate_mechs.lo \ + mech/gss_init_sec_context.lo mech/gss_inquire_context.lo \ + mech/gss_inquire_cred.lo mech/gss_inquire_cred_by_mech.lo \ mech/gss_inquire_cred_by_oid.lo \ - mech/gss_inquire_mechs_for_name.lo \ + mech/gss_inquire_mechs_for_name.lo mech/gss_inquire_name.lo \ mech/gss_inquire_names_for_mech.lo mech/gss_krb5.lo \ - mech/gss_mech_switch.lo mech/gss_names.lo \ - mech/gss_oid_equal.lo mech/gss_oid_to_str.lo \ - mech/gss_process_context_token.lo mech/gss_pseudo_random.lo \ - mech/gss_release_buffer.lo mech/gss_release_cred.lo \ - mech/gss_release_name.lo mech/gss_release_oid.lo \ - mech/gss_release_oid_set.lo mech/gss_seal.lo \ - mech/gss_set_cred_option.lo mech/gss_set_sec_context_option.lo \ - mech/gss_sign.lo mech/gss_test_oid_set_member.lo \ - mech/gss_unseal.lo mech/gss_unwrap.lo mech/gss_utils.lo \ + mech/gss_mech_switch.lo mech/gss_mo.lo mech/gss_names.lo \ + mech/gss_oid.lo mech/gss_oid_equal.lo mech/gss_oid_to_str.lo \ + mech/gss_pname_to_uid.lo mech/gss_process_context_token.lo \ + mech/gss_pseudo_random.lo mech/gss_release_buffer.lo \ + mech/gss_release_cred.lo mech/gss_release_name.lo \ + mech/gss_release_oid.lo mech/gss_release_oid_set.lo \ + mech/gss_seal.lo mech/gss_set_cred_option.lo \ + mech/gss_set_name_attribute.lo \ + mech/gss_set_sec_context_option.lo mech/gss_sign.lo \ + mech/gss_store_cred.lo mech/gss_test_oid_set_member.lo \ + mech/gss_unseal.lo mech/gss_unwrap.lo \ + mech/gss_authorize_localname.lo mech/gss_utils.lo \ mech/gss_verify.lo mech/gss_verify_mic.lo mech/gss_wrap.lo \ mech/gss_wrap_size_limit.lo \ mech/gss_inquire_sec_context_by_oid.lo am__objects_3 = ntlm/accept_sec_context.lo ntlm/acquire_cred.lo \ ntlm/add_cred.lo ntlm/canonicalize_name.lo \ - ntlm/compare_name.lo ntlm/context_time.lo ntlm/crypto.lo \ - ntlm/delete_sec_context.lo ntlm/display_name.lo \ + ntlm/compare_name.lo ntlm/context_time.lo ntlm/creds.lo \ + ntlm/crypto.lo ntlm/delete_sec_context.lo ntlm/display_name.lo \ ntlm/display_status.lo ntlm/duplicate_name.lo \ ntlm/export_name.lo ntlm/export_sec_context.lo \ ntlm/external.lo ntlm/import_name.lo \ ntlm/import_sec_context.lo ntlm/indicate_mechs.lo \ ntlm/init_sec_context.lo ntlm/inquire_context.lo \ - ntlm/inquire_cred.lo ntlm/inquire_cred_by_mech.lo \ - ntlm/inquire_mechs_for_name.lo ntlm/inquire_names_for_mech.lo \ + ntlm/inquire_cred_by_mech.lo ntlm/inquire_mechs_for_name.lo \ + ntlm/inquire_names_for_mech.lo \ + ntlm/inquire_sec_context_by_oid.lo ntlm/iter_cred.lo \ ntlm/process_context_token.lo ntlm/release_cred.lo \ - ntlm/release_name.lo ntlm/digest.lo + ntlm/release_name.lo ntlm/kdc.lo am__objects_4 = spnego/accept_sec_context.lo spnego/compat.lo \ spnego/context_stubs.lo spnego/cred_stubs.lo \ spnego/external.lo spnego/init_sec_context.lo @@ -197,13 +225,12 @@ libgssapi_la_OBJECTS = $(dist_libgssapi_la_OBJECTS) \ libgssapi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libgssapi_la_LDFLAGS) $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) am__EXEEXT_1 = test_oid$(EXEEXT) test_names$(EXEEXT) test_cfx$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) -dist_gss_OBJECTS = gss.$(OBJEXT) -nodist_gss_OBJECTS = gss-commands.$(OBJEXT) -gss_OBJECTS = $(dist_gss_OBJECTS) $(nodist_gss_OBJECTS) -gss_DEPENDENCIES = libgssapi.la $(top_builddir)/lib/sl/libsl.la \ +dist_gsstool_OBJECTS = gsstool.$(OBJEXT) +nodist_gsstool_OBJECTS = gss-commands.$(OBJEXT) +gsstool_OBJECTS = $(dist_gsstool_OBJECTS) $(nodist_gsstool_OBJECTS) +gsstool_DEPENDENCIES = libgssapi.la $(top_builddir)/lib/sl/libsl.la \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am_test_acquire_cred_OBJECTS = test_acquire_cred.$(OBJEXT) \ @@ -248,9 +275,9 @@ test_oid_OBJECTS = test_oid.$(OBJEXT) test_oid_LDADD = $(LDADD) test_oid_DEPENDENCIES = libgssapi.la \ $(top_builddir)/lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -261,72 +288,80 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(dist_libgssapi_la_SOURCES) $(nodist_libgssapi_la_SOURCES) \ - $(dist_gss_SOURCES) $(nodist_gss_SOURCES) \ + $(dist_gsstool_SOURCES) $(nodist_gsstool_SOURCES) \ $(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \ $(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \ $(test_ntlm_SOURCES) test_oid.c -DIST_SOURCES = $(dist_libgssapi_la_SOURCES) $(dist_gss_SOURCES) \ +DIST_SOURCES = $(dist_libgssapi_la_SOURCES) $(dist_gsstool_SOURCES) \ $(test_acquire_cred_SOURCES) $(test_cfx_SOURCES) \ $(test_context_SOURCES) test_cred.c test_kcred.c test_names.c \ $(test_ntlm_SOURCES) test_oid.c man3dir = $(mandir)/man3 man5dir = $(mandir)/man5 MANS = $(man_MANS) -includeHEADERS_INSTALL = $(INSTALL_HEADER) -nobase_includeHEADERS_INSTALL = $(install_sh_DATA) -nodist_gssapiHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \ $(nodist_gssapi_HEADERS) $(noinst_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -350,10 +385,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -370,6 +406,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -385,31 +423,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -424,10 +476,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -468,31 +522,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - -I$(srcdir)/../krb5 -I$(srcdir) -I$(srcdir)/mech \ +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I$(srcdir)/../krb5 -I$(srcdir) \ + -I$(srcdir)/gssapi -I$(srcdir)/mech -I$(srcdir)/ntlm \ + -I$(srcdir)/krb5 -I$(srcdir)/spnego $(INCLUDE_libintl) \ $(INCLUDE_hcrypto) $(INCLUDE_krb4) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la AUTOMAKE_OPTIONS = subdir-objects lib_LTLIBRARIES = libgssapi.la @@ -502,8 +562,10 @@ krb5src = \ krb5/acquire_cred.c \ krb5/add_cred.c \ krb5/address_to_krb5addr.c \ + krb5/aeap.c \ krb5/arcfour.c \ krb5/canonicalize_name.c \ + krb5/creds.c \ krb5/ccache_name.c \ krb5/cfx.c \ krb5/cfx.h \ @@ -535,17 +597,19 @@ krb5src = \ krb5/inquire_mechs_for_name.c \ krb5/inquire_names_for_mech.c \ krb5/inquire_sec_context_by_oid.c \ + krb5/pname_to_uid.c \ krb5/process_context_token.c \ krb5/prf.c \ krb5/release_buffer.c \ krb5/release_cred.c \ krb5/release_name.c \ krb5/sequence.c \ + krb5/store_cred.c \ krb5/set_cred_option.c \ krb5/set_sec_context_option.c \ krb5/ticket_flags.c \ krb5/unwrap.c \ - krb5/v1.c \ + krb5/authorize_localname.c \ krb5/verify_mic.c \ krb5/wrap.c @@ -553,25 +617,36 @@ mechsrc = \ mech/context.h \ mech/context.c \ mech/cred.h \ + mech/compat.h \ + mech/doxygen.c \ mech/gss_accept_sec_context.c \ mech/gss_acquire_cred.c \ + mech/gss_acquire_cred_ext.c \ + mech/gss_acquire_cred_with_password.c \ mech/gss_add_cred.c \ + mech/gss_add_cred_with_password.c \ mech/gss_add_oid_set_member.c \ + mech/gss_aeap.c \ mech/gss_buffer_set.c \ mech/gss_canonicalize_name.c \ mech/gss_compare_name.c \ mech/gss_context_time.c \ mech/gss_create_empty_oid_set.c \ + mech/gss_cred.c \ mech/gss_decapsulate_token.c \ + mech/gss_delete_name_attribute.c \ mech/gss_delete_sec_context.c \ mech/gss_display_name.c \ + mech/gss_display_name_ext.c \ mech/gss_display_status.c \ mech/gss_duplicate_name.c \ mech/gss_duplicate_oid.c \ mech/gss_encapsulate_token.c \ mech/gss_export_name.c \ + mech/gss_export_name_composite.c \ mech/gss_export_sec_context.c \ mech/gss_get_mic.c \ + mech/gss_get_name_attribute.c \ mech/gss_import_name.c \ mech/gss_import_sec_context.c \ mech/gss_indicate_mechs.c \ @@ -581,12 +656,16 @@ mechsrc = \ mech/gss_inquire_cred_by_mech.c \ mech/gss_inquire_cred_by_oid.c \ mech/gss_inquire_mechs_for_name.c \ + mech/gss_inquire_name.c \ mech/gss_inquire_names_for_mech.c \ mech/gss_krb5.c \ mech/gss_mech_switch.c \ + mech/gss_mo.c \ mech/gss_names.c \ + mech/gss_oid.c \ mech/gss_oid_equal.c \ mech/gss_oid_to_str.c \ + mech/gss_pname_to_uid.c \ mech/gss_process_context_token.c \ mech/gss_pseudo_random.c \ mech/gss_release_buffer.c \ @@ -596,11 +675,14 @@ mechsrc = \ mech/gss_release_oid_set.c \ mech/gss_seal.c \ mech/gss_set_cred_option.c \ + mech/gss_set_name_attribute.c \ mech/gss_set_sec_context_option.c \ mech/gss_sign.c \ + mech/gss_store_cred.c \ mech/gss_test_oid_set_member.c \ mech/gss_unseal.c \ mech/gss_unwrap.c \ + mech/gss_authorize_localname.c \ mech/gss_utils.c \ mech/gss_verify.c \ mech/gss_verify_mic.c \ @@ -630,6 +712,7 @@ ntlmsrc = \ ntlm/canonicalize_name.c \ ntlm/compare_name.c \ ntlm/context_time.c \ + ntlm/creds.c \ ntlm/crypto.c \ ntlm/delete_sec_context.c \ ntlm/display_name.c \ @@ -645,14 +728,15 @@ ntlmsrc = \ ntlm/indicate_mechs.c \ ntlm/init_sec_context.c \ ntlm/inquire_context.c \ - ntlm/inquire_cred.c \ ntlm/inquire_cred_by_mech.c \ ntlm/inquire_mechs_for_name.c \ ntlm/inquire_names_for_mech.c \ + ntlm/inquire_sec_context_by_oid.c \ + ntlm/iter_cred.c \ ntlm/process_context_token.c \ ntlm/release_cred.c \ ntlm/release_name.c \ - ntlm/digest.c + ntlm/kdc.c dist_libgssapi_la_SOURCES = \ $(krb5src) \ @@ -665,7 +749,8 @@ nodist_libgssapi_la_SOURCES = \ gkrb5_err.h \ $(BUILT_SOURCES) -libgssapi_la_LDFLAGS = -version-info 2:0:0 $(am__append_1) +libgssapi_la_DEPENDENCIES = version-script.map +libgssapi_la_LDFLAGS = -version-info 3:0:0 $(am__append_1) libgssapi_la_LIBADD = \ $(top_builddir)/lib/ntlm/libheimntlm.la \ $(top_builddir)/lib/krb5/libkrb5.la \ @@ -685,6 +770,8 @@ noinst_HEADERS = \ nobase_include_HEADERS = \ gssapi/gssapi.h \ gssapi/gssapi_krb5.h \ + gssapi/gssapi_ntlm.h \ + gssapi/gssapi_oid.h \ gssapi/gssapi_spnego.h gssapidir = $(includedir)/gssapi @@ -701,11 +788,16 @@ spnego_files = \ asn1_NegTokenInitWin.x \ asn1_NegTokenResp.x +BUILTHEADERS = \ + $(srcdir)/krb5/gsskrb5-private.h \ + $(srcdir)/spnego/spnego-private.h \ + $(srcdir)/ntlm/ntlm-private.h + BUILT_SOURCES = $(spnego_files:.x=.c) $(gssapi_files:.x=.c) CLEANFILES = $(BUILT_SOURCES) \ gkrb5_err.h gkrb5_err.c \ - $(spnego_files) spnego_asn1.h spnego_asn1_files \ - $(gssapi_files) gssapi_asn1.h gssapi_asn1_files \ + $(spnego_files) spnego_asn1*.h* spnego_asn1_files spnego_asn1-template.c \ + $(gssapi_files) gssapi_asn1*.h* gssapi_asn1_files gssapi_asn1-template.c \ gss-commands.h gss-commands.c # test_sequence @@ -723,20 +815,23 @@ LDADD = libgssapi.la \ # gss -dist_gss_SOURCES = gss.c -nodist_gss_SOURCES = gss-commands.c gss-commands.h -gss_LDADD = libgssapi.la \ +dist_gsstool_SOURCES = gsstool.c +nodist_gsstool_SOURCES = gss-commands.c gss-commands.h +gsstool_LDADD = libgssapi.la \ $(top_builddir)/lib/sl/libsl.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_readline) \ $(LIB_roken) -SLC = $(top_builddir)/lib/sl/slc EXTRA_DIST = \ + NTMakefile \ + libgssapi-version.rc \ + libgssapi-exports.def \ $(man_MANS) \ krb5/gkrb5_err.et \ mech/gssapi.asn1 \ spnego/spnego.asn1 \ + spnego/spnego.opt \ version-script.map \ gss-commands.in @@ -744,19 +839,19 @@ all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/gssapi/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/gssapi/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/gssapi/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/gssapi/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -774,23 +869,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -804,202 +904,384 @@ clean-libLTLIBRARIES: krb5/$(am__dirstamp): @$(MKDIR_P) krb5 @: > krb5/$(am__dirstamp) -krb5/8003.lo: krb5/$(am__dirstamp) -krb5/accept_sec_context.lo: krb5/$(am__dirstamp) -krb5/acquire_cred.lo: krb5/$(am__dirstamp) -krb5/add_cred.lo: krb5/$(am__dirstamp) -krb5/address_to_krb5addr.lo: krb5/$(am__dirstamp) -krb5/arcfour.lo: krb5/$(am__dirstamp) -krb5/canonicalize_name.lo: krb5/$(am__dirstamp) -krb5/ccache_name.lo: krb5/$(am__dirstamp) -krb5/cfx.lo: krb5/$(am__dirstamp) -krb5/compare_name.lo: krb5/$(am__dirstamp) -krb5/compat.lo: krb5/$(am__dirstamp) -krb5/context_time.lo: krb5/$(am__dirstamp) -krb5/copy_ccache.lo: krb5/$(am__dirstamp) -krb5/decapsulate.lo: krb5/$(am__dirstamp) -krb5/delete_sec_context.lo: krb5/$(am__dirstamp) -krb5/display_name.lo: krb5/$(am__dirstamp) -krb5/display_status.lo: krb5/$(am__dirstamp) -krb5/duplicate_name.lo: krb5/$(am__dirstamp) -krb5/encapsulate.lo: krb5/$(am__dirstamp) -krb5/export_name.lo: krb5/$(am__dirstamp) -krb5/export_sec_context.lo: krb5/$(am__dirstamp) -krb5/external.lo: krb5/$(am__dirstamp) -krb5/get_mic.lo: krb5/$(am__dirstamp) -krb5/import_name.lo: krb5/$(am__dirstamp) -krb5/import_sec_context.lo: krb5/$(am__dirstamp) -krb5/indicate_mechs.lo: krb5/$(am__dirstamp) -krb5/init.lo: krb5/$(am__dirstamp) -krb5/init_sec_context.lo: krb5/$(am__dirstamp) -krb5/inquire_context.lo: krb5/$(am__dirstamp) -krb5/inquire_cred.lo: krb5/$(am__dirstamp) -krb5/inquire_cred_by_mech.lo: krb5/$(am__dirstamp) -krb5/inquire_cred_by_oid.lo: krb5/$(am__dirstamp) -krb5/inquire_mechs_for_name.lo: krb5/$(am__dirstamp) -krb5/inquire_names_for_mech.lo: krb5/$(am__dirstamp) -krb5/inquire_sec_context_by_oid.lo: krb5/$(am__dirstamp) -krb5/process_context_token.lo: krb5/$(am__dirstamp) -krb5/prf.lo: krb5/$(am__dirstamp) -krb5/release_buffer.lo: krb5/$(am__dirstamp) -krb5/release_cred.lo: krb5/$(am__dirstamp) -krb5/release_name.lo: krb5/$(am__dirstamp) -krb5/sequence.lo: krb5/$(am__dirstamp) -krb5/set_cred_option.lo: krb5/$(am__dirstamp) -krb5/set_sec_context_option.lo: krb5/$(am__dirstamp) -krb5/ticket_flags.lo: krb5/$(am__dirstamp) -krb5/unwrap.lo: krb5/$(am__dirstamp) -krb5/v1.lo: krb5/$(am__dirstamp) -krb5/verify_mic.lo: krb5/$(am__dirstamp) -krb5/wrap.lo: krb5/$(am__dirstamp) +krb5/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) krb5/$(DEPDIR) + @: > krb5/$(DEPDIR)/$(am__dirstamp) +krb5/8003.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/accept_sec_context.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/acquire_cred.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/add_cred.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/address_to_krb5addr.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/aeap.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/arcfour.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/canonicalize_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/creds.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/ccache_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/cfx.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/compare_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/compat.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/context_time.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/copy_ccache.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/decapsulate.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/delete_sec_context.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/display_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/display_status.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/duplicate_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/encapsulate.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/export_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/export_sec_context.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/external.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/get_mic.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/import_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/import_sec_context.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/indicate_mechs.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/init.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/init_sec_context.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_context.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_cred.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_cred_by_mech.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_cred_by_oid.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_mechs_for_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_names_for_mech.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/inquire_sec_context_by_oid.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/pname_to_uid.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/process_context_token.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/prf.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/release_buffer.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/release_cred.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/release_name.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/sequence.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/store_cred.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/set_cred_option.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/set_sec_context_option.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/ticket_flags.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/unwrap.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) +krb5/authorize_localname.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/verify_mic.lo: krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) +krb5/wrap.lo: krb5/$(am__dirstamp) krb5/$(DEPDIR)/$(am__dirstamp) mech/$(am__dirstamp): @$(MKDIR_P) mech @: > mech/$(am__dirstamp) -mech/context.lo: mech/$(am__dirstamp) -mech/gss_accept_sec_context.lo: mech/$(am__dirstamp) -mech/gss_acquire_cred.lo: mech/$(am__dirstamp) -mech/gss_add_cred.lo: mech/$(am__dirstamp) -mech/gss_add_oid_set_member.lo: mech/$(am__dirstamp) -mech/gss_buffer_set.lo: mech/$(am__dirstamp) -mech/gss_canonicalize_name.lo: mech/$(am__dirstamp) -mech/gss_compare_name.lo: mech/$(am__dirstamp) -mech/gss_context_time.lo: mech/$(am__dirstamp) -mech/gss_create_empty_oid_set.lo: mech/$(am__dirstamp) -mech/gss_decapsulate_token.lo: mech/$(am__dirstamp) -mech/gss_delete_sec_context.lo: mech/$(am__dirstamp) -mech/gss_display_name.lo: mech/$(am__dirstamp) -mech/gss_display_status.lo: mech/$(am__dirstamp) -mech/gss_duplicate_name.lo: mech/$(am__dirstamp) -mech/gss_duplicate_oid.lo: mech/$(am__dirstamp) -mech/gss_encapsulate_token.lo: mech/$(am__dirstamp) -mech/gss_export_name.lo: mech/$(am__dirstamp) -mech/gss_export_sec_context.lo: mech/$(am__dirstamp) -mech/gss_get_mic.lo: mech/$(am__dirstamp) -mech/gss_import_name.lo: mech/$(am__dirstamp) -mech/gss_import_sec_context.lo: mech/$(am__dirstamp) -mech/gss_indicate_mechs.lo: mech/$(am__dirstamp) -mech/gss_init_sec_context.lo: mech/$(am__dirstamp) -mech/gss_inquire_context.lo: mech/$(am__dirstamp) -mech/gss_inquire_cred.lo: mech/$(am__dirstamp) -mech/gss_inquire_cred_by_mech.lo: mech/$(am__dirstamp) -mech/gss_inquire_cred_by_oid.lo: mech/$(am__dirstamp) -mech/gss_inquire_mechs_for_name.lo: mech/$(am__dirstamp) -mech/gss_inquire_names_for_mech.lo: mech/$(am__dirstamp) -mech/gss_krb5.lo: mech/$(am__dirstamp) -mech/gss_mech_switch.lo: mech/$(am__dirstamp) -mech/gss_names.lo: mech/$(am__dirstamp) -mech/gss_oid_equal.lo: mech/$(am__dirstamp) -mech/gss_oid_to_str.lo: mech/$(am__dirstamp) -mech/gss_process_context_token.lo: mech/$(am__dirstamp) -mech/gss_pseudo_random.lo: mech/$(am__dirstamp) -mech/gss_release_buffer.lo: mech/$(am__dirstamp) -mech/gss_release_cred.lo: mech/$(am__dirstamp) -mech/gss_release_name.lo: mech/$(am__dirstamp) -mech/gss_release_oid.lo: mech/$(am__dirstamp) -mech/gss_release_oid_set.lo: mech/$(am__dirstamp) -mech/gss_seal.lo: mech/$(am__dirstamp) -mech/gss_set_cred_option.lo: mech/$(am__dirstamp) -mech/gss_set_sec_context_option.lo: mech/$(am__dirstamp) -mech/gss_sign.lo: mech/$(am__dirstamp) -mech/gss_test_oid_set_member.lo: mech/$(am__dirstamp) -mech/gss_unseal.lo: mech/$(am__dirstamp) -mech/gss_unwrap.lo: mech/$(am__dirstamp) -mech/gss_utils.lo: mech/$(am__dirstamp) -mech/gss_verify.lo: mech/$(am__dirstamp) -mech/gss_verify_mic.lo: mech/$(am__dirstamp) -mech/gss_wrap.lo: mech/$(am__dirstamp) -mech/gss_wrap_size_limit.lo: mech/$(am__dirstamp) -mech/gss_inquire_sec_context_by_oid.lo: mech/$(am__dirstamp) +mech/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) mech/$(DEPDIR) + @: > mech/$(DEPDIR)/$(am__dirstamp) +mech/context.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/doxygen.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_accept_sec_context.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_acquire_cred.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_acquire_cred_ext.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_acquire_cred_with_password.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_add_cred.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_add_cred_with_password.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_add_oid_set_member.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_aeap.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_buffer_set.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_canonicalize_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_compare_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_context_time.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_create_empty_oid_set.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_cred.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_decapsulate_token.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_delete_name_attribute.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_delete_sec_context.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_display_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_display_name_ext.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_display_status.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_duplicate_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_duplicate_oid.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_encapsulate_token.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_export_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_export_name_composite.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_export_sec_context.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_get_mic.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_get_name_attribute.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_import_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_import_sec_context.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_indicate_mechs.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_init_sec_context.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_context.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_cred.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_cred_by_mech.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_cred_by_oid.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_mechs_for_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_names_for_mech.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_krb5.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_mech_switch.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_mo.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_names.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_oid.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_oid_equal.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_oid_to_str.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_pname_to_uid.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_process_context_token.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_pseudo_random.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_release_buffer.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_release_cred.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_release_name.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_release_oid.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_release_oid_set.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_seal.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_set_cred_option.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_set_name_attribute.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_set_sec_context_option.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_sign.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_store_cred.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_test_oid_set_member.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_unseal.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_unwrap.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_authorize_localname.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_utils.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_verify.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_verify_mic.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_wrap.lo: mech/$(am__dirstamp) mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_wrap_size_limit.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) +mech/gss_inquire_sec_context_by_oid.lo: mech/$(am__dirstamp) \ + mech/$(DEPDIR)/$(am__dirstamp) ntlm/$(am__dirstamp): @$(MKDIR_P) ntlm @: > ntlm/$(am__dirstamp) -ntlm/accept_sec_context.lo: ntlm/$(am__dirstamp) -ntlm/acquire_cred.lo: ntlm/$(am__dirstamp) -ntlm/add_cred.lo: ntlm/$(am__dirstamp) -ntlm/canonicalize_name.lo: ntlm/$(am__dirstamp) -ntlm/compare_name.lo: ntlm/$(am__dirstamp) -ntlm/context_time.lo: ntlm/$(am__dirstamp) -ntlm/crypto.lo: ntlm/$(am__dirstamp) -ntlm/delete_sec_context.lo: ntlm/$(am__dirstamp) -ntlm/display_name.lo: ntlm/$(am__dirstamp) -ntlm/display_status.lo: ntlm/$(am__dirstamp) -ntlm/duplicate_name.lo: ntlm/$(am__dirstamp) -ntlm/export_name.lo: ntlm/$(am__dirstamp) -ntlm/export_sec_context.lo: ntlm/$(am__dirstamp) -ntlm/external.lo: ntlm/$(am__dirstamp) -ntlm/import_name.lo: ntlm/$(am__dirstamp) -ntlm/import_sec_context.lo: ntlm/$(am__dirstamp) -ntlm/indicate_mechs.lo: ntlm/$(am__dirstamp) -ntlm/init_sec_context.lo: ntlm/$(am__dirstamp) -ntlm/inquire_context.lo: ntlm/$(am__dirstamp) -ntlm/inquire_cred.lo: ntlm/$(am__dirstamp) -ntlm/inquire_cred_by_mech.lo: ntlm/$(am__dirstamp) -ntlm/inquire_mechs_for_name.lo: ntlm/$(am__dirstamp) -ntlm/inquire_names_for_mech.lo: ntlm/$(am__dirstamp) -ntlm/process_context_token.lo: ntlm/$(am__dirstamp) -ntlm/release_cred.lo: ntlm/$(am__dirstamp) -ntlm/release_name.lo: ntlm/$(am__dirstamp) -ntlm/digest.lo: ntlm/$(am__dirstamp) +ntlm/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ntlm/$(DEPDIR) + @: > ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/accept_sec_context.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/acquire_cred.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/add_cred.lo: ntlm/$(am__dirstamp) ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/canonicalize_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/compare_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/context_time.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/creds.lo: ntlm/$(am__dirstamp) ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/crypto.lo: ntlm/$(am__dirstamp) ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/delete_sec_context.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/display_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/display_status.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/duplicate_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/export_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/export_sec_context.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/external.lo: ntlm/$(am__dirstamp) ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/import_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/import_sec_context.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/indicate_mechs.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/init_sec_context.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/inquire_context.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/inquire_cred_by_mech.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/inquire_mechs_for_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/inquire_names_for_mech.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/inquire_sec_context_by_oid.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/iter_cred.lo: ntlm/$(am__dirstamp) ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/process_context_token.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/release_cred.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/release_name.lo: ntlm/$(am__dirstamp) \ + ntlm/$(DEPDIR)/$(am__dirstamp) +ntlm/kdc.lo: ntlm/$(am__dirstamp) ntlm/$(DEPDIR)/$(am__dirstamp) spnego/$(am__dirstamp): @$(MKDIR_P) spnego @: > spnego/$(am__dirstamp) -spnego/accept_sec_context.lo: spnego/$(am__dirstamp) -spnego/compat.lo: spnego/$(am__dirstamp) -spnego/context_stubs.lo: spnego/$(am__dirstamp) -spnego/cred_stubs.lo: spnego/$(am__dirstamp) -spnego/external.lo: spnego/$(am__dirstamp) -spnego/init_sec_context.lo: spnego/$(am__dirstamp) +spnego/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) spnego/$(DEPDIR) + @: > spnego/$(DEPDIR)/$(am__dirstamp) +spnego/accept_sec_context.lo: spnego/$(am__dirstamp) \ + spnego/$(DEPDIR)/$(am__dirstamp) +spnego/compat.lo: spnego/$(am__dirstamp) \ + spnego/$(DEPDIR)/$(am__dirstamp) +spnego/context_stubs.lo: spnego/$(am__dirstamp) \ + spnego/$(DEPDIR)/$(am__dirstamp) +spnego/cred_stubs.lo: spnego/$(am__dirstamp) \ + spnego/$(DEPDIR)/$(am__dirstamp) +spnego/external.lo: spnego/$(am__dirstamp) \ + spnego/$(DEPDIR)/$(am__dirstamp) +spnego/init_sec_context.lo: spnego/$(am__dirstamp) \ + spnego/$(DEPDIR)/$(am__dirstamp) libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) $(libgssapi_la_LINK) -rpath $(libdir) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -gss$(EXEEXT): $(gss_OBJECTS) $(gss_DEPENDENCIES) - @rm -f gss$(EXEEXT) - $(LINK) $(gss_OBJECTS) $(gss_LDADD) $(LIBS) + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +gsstool$(EXEEXT): $(gsstool_OBJECTS) $(gsstool_DEPENDENCIES) + @rm -f gsstool$(EXEEXT) + $(LINK) $(gsstool_OBJECTS) $(gsstool_LDADD) $(LIBS) test_acquire_cred$(EXEEXT): $(test_acquire_cred_OBJECTS) $(test_acquire_cred_DEPENDENCIES) @rm -f test_acquire_cred$(EXEEXT) $(LINK) $(test_acquire_cred_OBJECTS) $(test_acquire_cred_LDADD) $(LIBS) -krb5/test_cfx.$(OBJEXT): krb5/$(am__dirstamp) +krb5/test_cfx.$(OBJEXT): krb5/$(am__dirstamp) \ + krb5/$(DEPDIR)/$(am__dirstamp) test_cfx$(EXEEXT): $(test_cfx_OBJECTS) $(test_cfx_DEPENDENCIES) @rm -f test_cfx$(EXEEXT) $(LINK) $(test_cfx_OBJECTS) $(test_cfx_LDADD) $(LIBS) @@ -1034,8 +1316,12 @@ mostlyclean-compile: -rm -f krb5/add_cred.lo -rm -f krb5/address_to_krb5addr.$(OBJEXT) -rm -f krb5/address_to_krb5addr.lo + -rm -f krb5/aeap.$(OBJEXT) + -rm -f krb5/aeap.lo -rm -f krb5/arcfour.$(OBJEXT) -rm -f krb5/arcfour.lo + -rm -f krb5/authorize_localname.$(OBJEXT) + -rm -f krb5/authorize_localname.lo -rm -f krb5/canonicalize_name.$(OBJEXT) -rm -f krb5/canonicalize_name.lo -rm -f krb5/ccache_name.$(OBJEXT) @@ -1050,6 +1336,8 @@ mostlyclean-compile: -rm -f krb5/context_time.lo -rm -f krb5/copy_ccache.$(OBJEXT) -rm -f krb5/copy_ccache.lo + -rm -f krb5/creds.$(OBJEXT) + -rm -f krb5/creds.lo -rm -f krb5/decapsulate.$(OBJEXT) -rm -f krb5/decapsulate.lo -rm -f krb5/delete_sec_context.$(OBJEXT) @@ -1094,6 +1382,8 @@ mostlyclean-compile: -rm -f krb5/inquire_names_for_mech.lo -rm -f krb5/inquire_sec_context_by_oid.$(OBJEXT) -rm -f krb5/inquire_sec_context_by_oid.lo + -rm -f krb5/pname_to_uid.$(OBJEXT) + -rm -f krb5/pname_to_uid.lo -rm -f krb5/prf.$(OBJEXT) -rm -f krb5/prf.lo -rm -f krb5/process_context_token.$(OBJEXT) @@ -1110,27 +1400,39 @@ mostlyclean-compile: -rm -f krb5/set_cred_option.lo -rm -f krb5/set_sec_context_option.$(OBJEXT) -rm -f krb5/set_sec_context_option.lo + -rm -f krb5/store_cred.$(OBJEXT) + -rm -f krb5/store_cred.lo -rm -f krb5/test_cfx.$(OBJEXT) -rm -f krb5/ticket_flags.$(OBJEXT) -rm -f krb5/ticket_flags.lo -rm -f krb5/unwrap.$(OBJEXT) -rm -f krb5/unwrap.lo - -rm -f krb5/v1.$(OBJEXT) - -rm -f krb5/v1.lo -rm -f krb5/verify_mic.$(OBJEXT) -rm -f krb5/verify_mic.lo -rm -f krb5/wrap.$(OBJEXT) -rm -f krb5/wrap.lo -rm -f mech/context.$(OBJEXT) -rm -f mech/context.lo + -rm -f mech/doxygen.$(OBJEXT) + -rm -f mech/doxygen.lo -rm -f mech/gss_accept_sec_context.$(OBJEXT) -rm -f mech/gss_accept_sec_context.lo -rm -f mech/gss_acquire_cred.$(OBJEXT) -rm -f mech/gss_acquire_cred.lo + -rm -f mech/gss_acquire_cred_ext.$(OBJEXT) + -rm -f mech/gss_acquire_cred_ext.lo + -rm -f mech/gss_acquire_cred_with_password.$(OBJEXT) + -rm -f mech/gss_acquire_cred_with_password.lo -rm -f mech/gss_add_cred.$(OBJEXT) -rm -f mech/gss_add_cred.lo + -rm -f mech/gss_add_cred_with_password.$(OBJEXT) + -rm -f mech/gss_add_cred_with_password.lo -rm -f mech/gss_add_oid_set_member.$(OBJEXT) -rm -f mech/gss_add_oid_set_member.lo + -rm -f mech/gss_aeap.$(OBJEXT) + -rm -f mech/gss_aeap.lo + -rm -f mech/gss_authorize_localname.$(OBJEXT) + -rm -f mech/gss_authorize_localname.lo -rm -f mech/gss_buffer_set.$(OBJEXT) -rm -f mech/gss_buffer_set.lo -rm -f mech/gss_canonicalize_name.$(OBJEXT) @@ -1141,12 +1443,18 @@ mostlyclean-compile: -rm -f mech/gss_context_time.lo -rm -f mech/gss_create_empty_oid_set.$(OBJEXT) -rm -f mech/gss_create_empty_oid_set.lo + -rm -f mech/gss_cred.$(OBJEXT) + -rm -f mech/gss_cred.lo -rm -f mech/gss_decapsulate_token.$(OBJEXT) -rm -f mech/gss_decapsulate_token.lo + -rm -f mech/gss_delete_name_attribute.$(OBJEXT) + -rm -f mech/gss_delete_name_attribute.lo -rm -f mech/gss_delete_sec_context.$(OBJEXT) -rm -f mech/gss_delete_sec_context.lo -rm -f mech/gss_display_name.$(OBJEXT) -rm -f mech/gss_display_name.lo + -rm -f mech/gss_display_name_ext.$(OBJEXT) + -rm -f mech/gss_display_name_ext.lo -rm -f mech/gss_display_status.$(OBJEXT) -rm -f mech/gss_display_status.lo -rm -f mech/gss_duplicate_name.$(OBJEXT) @@ -1157,10 +1465,14 @@ mostlyclean-compile: -rm -f mech/gss_encapsulate_token.lo -rm -f mech/gss_export_name.$(OBJEXT) -rm -f mech/gss_export_name.lo + -rm -f mech/gss_export_name_composite.$(OBJEXT) + -rm -f mech/gss_export_name_composite.lo -rm -f mech/gss_export_sec_context.$(OBJEXT) -rm -f mech/gss_export_sec_context.lo -rm -f mech/gss_get_mic.$(OBJEXT) -rm -f mech/gss_get_mic.lo + -rm -f mech/gss_get_name_attribute.$(OBJEXT) + -rm -f mech/gss_get_name_attribute.lo -rm -f mech/gss_import_name.$(OBJEXT) -rm -f mech/gss_import_name.lo -rm -f mech/gss_import_sec_context.$(OBJEXT) @@ -1179,6 +1491,8 @@ mostlyclean-compile: -rm -f mech/gss_inquire_cred_by_oid.lo -rm -f mech/gss_inquire_mechs_for_name.$(OBJEXT) -rm -f mech/gss_inquire_mechs_for_name.lo + -rm -f mech/gss_inquire_name.$(OBJEXT) + -rm -f mech/gss_inquire_name.lo -rm -f mech/gss_inquire_names_for_mech.$(OBJEXT) -rm -f mech/gss_inquire_names_for_mech.lo -rm -f mech/gss_inquire_sec_context_by_oid.$(OBJEXT) @@ -1187,12 +1501,18 @@ mostlyclean-compile: -rm -f mech/gss_krb5.lo -rm -f mech/gss_mech_switch.$(OBJEXT) -rm -f mech/gss_mech_switch.lo + -rm -f mech/gss_mo.$(OBJEXT) + -rm -f mech/gss_mo.lo -rm -f mech/gss_names.$(OBJEXT) -rm -f mech/gss_names.lo + -rm -f mech/gss_oid.$(OBJEXT) + -rm -f mech/gss_oid.lo -rm -f mech/gss_oid_equal.$(OBJEXT) -rm -f mech/gss_oid_equal.lo -rm -f mech/gss_oid_to_str.$(OBJEXT) -rm -f mech/gss_oid_to_str.lo + -rm -f mech/gss_pname_to_uid.$(OBJEXT) + -rm -f mech/gss_pname_to_uid.lo -rm -f mech/gss_process_context_token.$(OBJEXT) -rm -f mech/gss_process_context_token.lo -rm -f mech/gss_pseudo_random.$(OBJEXT) @@ -1211,10 +1531,14 @@ mostlyclean-compile: -rm -f mech/gss_seal.lo -rm -f mech/gss_set_cred_option.$(OBJEXT) -rm -f mech/gss_set_cred_option.lo + -rm -f mech/gss_set_name_attribute.$(OBJEXT) + -rm -f mech/gss_set_name_attribute.lo -rm -f mech/gss_set_sec_context_option.$(OBJEXT) -rm -f mech/gss_set_sec_context_option.lo -rm -f mech/gss_sign.$(OBJEXT) -rm -f mech/gss_sign.lo + -rm -f mech/gss_store_cred.$(OBJEXT) + -rm -f mech/gss_store_cred.lo -rm -f mech/gss_test_oid_set_member.$(OBJEXT) -rm -f mech/gss_test_oid_set_member.lo -rm -f mech/gss_unseal.$(OBJEXT) @@ -1243,12 +1567,12 @@ mostlyclean-compile: -rm -f ntlm/compare_name.lo -rm -f ntlm/context_time.$(OBJEXT) -rm -f ntlm/context_time.lo + -rm -f ntlm/creds.$(OBJEXT) + -rm -f ntlm/creds.lo -rm -f ntlm/crypto.$(OBJEXT) -rm -f ntlm/crypto.lo -rm -f ntlm/delete_sec_context.$(OBJEXT) -rm -f ntlm/delete_sec_context.lo - -rm -f ntlm/digest.$(OBJEXT) - -rm -f ntlm/digest.lo -rm -f ntlm/display_name.$(OBJEXT) -rm -f ntlm/display_name.lo -rm -f ntlm/display_status.$(OBJEXT) @@ -1271,14 +1595,18 @@ mostlyclean-compile: -rm -f ntlm/init_sec_context.lo -rm -f ntlm/inquire_context.$(OBJEXT) -rm -f ntlm/inquire_context.lo - -rm -f ntlm/inquire_cred.$(OBJEXT) - -rm -f ntlm/inquire_cred.lo -rm -f ntlm/inquire_cred_by_mech.$(OBJEXT) -rm -f ntlm/inquire_cred_by_mech.lo -rm -f ntlm/inquire_mechs_for_name.$(OBJEXT) -rm -f ntlm/inquire_mechs_for_name.lo -rm -f ntlm/inquire_names_for_mech.$(OBJEXT) -rm -f ntlm/inquire_names_for_mech.lo + -rm -f ntlm/inquire_sec_context_by_oid.$(OBJEXT) + -rm -f ntlm/inquire_sec_context_by_oid.lo + -rm -f ntlm/iter_cred.$(OBJEXT) + -rm -f ntlm/iter_cred.lo + -rm -f ntlm/kdc.$(OBJEXT) + -rm -f ntlm/kdc.lo -rm -f ntlm/process_context_token.$(OBJEXT) -rm -f ntlm/process_context_token.lo -rm -f ntlm/release_cred.$(OBJEXT) @@ -1301,14 +1629,211 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_ContextFlags.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_GSSAPIContextToken.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_MechType.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_MechTypeList.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_NegHints.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_NegTokenInit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_NegTokenInitWin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_NegTokenResp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_NegotiationToken.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_NegotiationTokenWin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gkrb5_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gss-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gsstool.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_acquire_cred.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_context.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_cred.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_kcred.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_names.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_ntlm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_oid.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/8003.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/accept_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/acquire_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/add_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/address_to_krb5addr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/aeap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/arcfour.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/authorize_localname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/canonicalize_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/ccache_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/cfx.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/compare_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/compat.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/context_time.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/copy_ccache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/decapsulate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/delete_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/display_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/display_status.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/duplicate_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/encapsulate.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/export_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/export_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/external.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/get_mic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/import_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/import_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/indicate_mechs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/init.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/init_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_cred_by_mech.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_cred_by_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_mechs_for_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_names_for_mech.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/inquire_sec_context_by_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/pname_to_uid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/prf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/process_context_token.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/release_buffer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/release_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/release_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/sequence.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/set_cred_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/set_sec_context_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/store_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/test_cfx.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/ticket_flags.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/unwrap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/verify_mic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@krb5/$(DEPDIR)/wrap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/doxygen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_accept_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_acquire_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_acquire_cred_ext.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_acquire_cred_with_password.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_add_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_add_cred_with_password.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_add_oid_set_member.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_aeap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_authorize_localname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_buffer_set.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_canonicalize_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_compare_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_context_time.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_create_empty_oid_set.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_decapsulate_token.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_delete_name_attribute.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_delete_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_display_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_display_name_ext.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_display_status.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_duplicate_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_duplicate_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_encapsulate_token.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_export_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_export_name_composite.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_export_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_get_mic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_get_name_attribute.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_import_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_import_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_indicate_mechs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_init_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_cred_by_mech.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_cred_by_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_mechs_for_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_names_for_mech.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_inquire_sec_context_by_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_krb5.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_mech_switch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_mo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_names.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_oid_equal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_oid_to_str.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_pname_to_uid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_process_context_token.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_pseudo_random.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_release_buffer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_release_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_release_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_release_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_release_oid_set.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_seal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_set_cred_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_set_name_attribute.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_set_sec_context_option.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_sign.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_store_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_test_oid_set_member.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_unseal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_unwrap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_utils.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_verify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_verify_mic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_wrap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@mech/$(DEPDIR)/gss_wrap_size_limit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/accept_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/acquire_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/add_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/canonicalize_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/compare_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/context_time.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/crypto.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/delete_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/display_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/display_status.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/duplicate_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/export_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/export_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/external.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/import_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/import_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/indicate_mechs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/init_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/inquire_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/inquire_cred_by_mech.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/inquire_mechs_for_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/inquire_names_for_mech.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/inquire_sec_context_by_oid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/iter_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/kdc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/process_context_token.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/release_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntlm/$(DEPDIR)/release_name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/accept_sec_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/compat.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/context_stubs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/cred_stubs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/external.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@spnego/$(DEPDIR)/init_sec_context.Plo@am__quote@ + .c.o: - $(COMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $< .c.obj: - $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -1319,202 +1844,203 @@ clean-libtool: -rm -rf mech/.libs mech/_libs -rm -rf ntlm/.libs ntlm/_libs -rm -rf spnego/.libs spnego/_libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done -install-man5: $(man5_MANS) $(man_MANS) + @list=''; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } +install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nobase_includeHEADERS: $(nobase_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @$(am__vpath_adj_setup) \ - list='$(nobase_include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - $(am__vpath_adj) \ - echo " $(nobase_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nobase_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \ + $(am__nobase_list) | while read dir files; do \ + xfiles=; for file in $$files; do \ + if test -f "$$file"; then xfiles="$$xfiles $$file"; \ + else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ + test -z "$$xfiles" || { \ + test "x$$dir" = x. || { \ + echo "$(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \ + $(MKDIR_P) "$(DESTDIR)$(includedir)/$$dir"; }; \ + echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(includedir)/$$dir'"; \ + $(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(includedir)/$$dir" || exit $$?; }; \ done uninstall-nobase_includeHEADERS: @$(NORMAL_UNINSTALL) - @$(am__vpath_adj_setup) \ - list='$(nobase_include_HEADERS)'; for p in $$list; do \ - $(am__vpath_adj) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \ + $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nodist_gssapiHEADERS: $(nodist_gssapi_HEADERS) @$(NORMAL_INSTALL) test -z "$(gssapidir)" || $(MKDIR_P) "$(DESTDIR)$(gssapidir)" - @list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \ + @list='$(nodist_gssapi_HEADERS)'; test -n "$(gssapidir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_gssapiHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(gssapidir)/$$f'"; \ - $(nodist_gssapiHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(gssapidir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(gssapidir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(gssapidir)" || exit $$?; \ done uninstall-nodist_gssapiHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_gssapi_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(gssapidir)/$$f'"; \ - rm -f "$(DESTDIR)$(gssapidir)/$$f"; \ - done + @list='$(nodist_gssapi_HEADERS)'; test -n "$(gssapidir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(gssapidir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(gssapidir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -1523,49 +2049,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -1576,15 +2116,32 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1600,13 +2157,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -1648,9 +2209,14 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f krb5/$(DEPDIR)/$(am__dirstamp) -rm -f krb5/$(am__dirstamp) + -rm -f mech/$(DEPDIR)/$(am__dirstamp) -rm -f mech/$(am__dirstamp) + -rm -f ntlm/$(DEPDIR)/$(am__dirstamp) -rm -f ntlm/$(am__dirstamp) + -rm -f spnego/$(DEPDIR)/$(am__dirstamp) -rm -f spnego/$(am__dirstamp) maintainer-clean-generic: @@ -1664,6 +2230,7 @@ clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) krb5/$(DEPDIR) mech/$(DEPDIR) ntlm/$(DEPDIR) spnego/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1674,6 +2241,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1682,26 +2251,35 @@ install-data-am: install-includeHEADERS install-man \ install-nobase_includeHEADERS install-nodist_gssapiHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-man5 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) krb5/$(DEPDIR) mech/$(DEPDIR) ntlm/$(DEPDIR) spnego/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1723,11 +2301,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-nobase_includeHEADERS uninstall-nodist_gssapiHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man3 uninstall-man5 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: all check check-am install install-am install-data-am \ + install-exec-am install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \ @@ -1821,6 +2398,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1906,7 +2486,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1923,20 +2503,19 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) $(srcdir)/ntlm/ntlm-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p ntlm/ntlm-private.h $(ntlmsrc) || rm -f ntlm/ntlm-private.h -$(libgssapi_la_OBJECTS): $(srcdir)/krb5/gsskrb5-private.h -$(libgssapi_la_OBJECTS): $(srcdir)/spnego/spnego-private.h -$(libgssapi_la_OBJECTS): $(srcdir)/ntlm/ntlm-private.h +$(libgssapi_la_OBJECTS): $(BUILTHEADERS) +$(test_context_OBJECTS): $(BUILTHEADERS) $(libgssapi_la_OBJECTS): $(srcdir)/version-script.map -$(spnego_files) spnego_asn1.h: spnego_asn1_files -$(gssapi_files) gssapi_asn1.h: gssapi_asn1_files +$(spnego_files) spnego_asn1.hx spnego_asn1-priv.hx: spnego_asn1_files +$(gssapi_files) gssapi_asn1.hx gssapi_asn1-priv.hx: gssapi_asn1_files -spnego_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/spnego/spnego.asn1 - ../asn1/asn1_compile$(EXEEXT) --sequence=MechTypeList $(srcdir)/spnego/spnego.asn1 spnego_asn1 +spnego_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/spnego/spnego.asn1 $(srcdir)/spnego/spnego.opt + $(ASN1_COMPILE) --option-file=$(srcdir)/spnego/spnego.opt $(srcdir)/spnego/spnego.asn1 spnego_asn1 -gssapi_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/mech/gssapi.asn1 gssapi_asn1 +gssapi_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/mech/gssapi.asn1 + $(ASN1_COMPILE) $(srcdir)/mech/gssapi.asn1 gssapi_asn1 $(srcdir)/krb5/gsskrb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5/gsskrb5-private.h $(krb5src) || rm -f krb5/gsskrb5-private.h @@ -1947,14 +2526,19 @@ $(srcdir)/spnego/spnego-private.h: gss-commands.c gss-commands.h: gss-commands.in $(SLC) $(srcdir)/gss-commands.in -$(gss_OBJECTS): gss-commands.h +$(gsstool_OBJECTS): gss-commands.h -# to help stupid solaris make - -$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h spnego_asn1.h +$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h gssapi_asn1-priv.h +$(libgssapi_la_OBJECTS): spnego_asn1.h spnego_asn1-priv.h +$(libgssapi_la_OBJECTS): $(srcdir)/gssapi/gssapi_oid.h gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et $(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et + +$(srcdir)/gssapi/gssapi_oid.h $(srcdir)/mech/gss_oid.c: + perl $(srcdir)/gen-oid.pl -b base -h $(srcdir)/oid.txt > $(srcdir)/gssapi/gssapi_oid.h + perl $(srcdir)/gen-oid.pl -b base $(srcdir)/oid.txt > $(srcdir)/mech/gss_oid.c + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/gssapi/gss-commands.in b/crypto/heimdal/lib/gssapi/gss-commands.in index 2204f2afa89..a2fc2288ee4 100644 --- a/crypto/heimdal/lib/gssapi/gss-commands.in +++ b/crypto/heimdal/lib/gssapi/gss-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,12 +30,25 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: gss-commands.in 17870 2006-07-22 14:48:58Z lha $ */ +/* $Id$ */ command = { name = "supported-mechanisms" help = "Print the supported mechanisms" } +command = { + name = "attrs-for-mech" + help = "Print the attributes for mechs" + option = { + long = "all" + type = "flag" + } + option = { + long = "mech" + type = "string" + argument = "mechanism" + } +} command = { name = "help" name = "?" diff --git a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 index d2a04d93fbb..25d7b4d7ffd 100644 --- a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 +++ b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: gss_acquire_cred.3 20235 2007-02-16 11:19:03Z lha $ +.\" $Id$ .\" .Dd October 26, 2005 .Dt GSS_ACQUIRE_CRED 3 @@ -513,7 +513,7 @@ In GSS-API an contiguous string name is stored in a .Dv gss_buffer_t . .Pp Exported names also have the property that they are specified by the -mechanism itself and compatible between diffrent GSS-API +mechanism itself and compatible between different GSS-API implementations. .El .Sh ACCESS CONTROL diff --git a/crypto/heimdal/lib/gssapi/gssapi.3 b/crypto/heimdal/lib/gssapi/gssapi.3 index 0241ee786a1..089f751e9e6 100644 --- a/crypto/heimdal/lib/gssapi/gssapi.3 +++ b/crypto/heimdal/lib/gssapi/gssapi.3 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: gssapi.3 22071 2007-11-14 20:04:50Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd April 20, 2005 .Dt GSSAPI 3 @@ -53,57 +53,52 @@ These functions constitute the gssapi library, .Em libgssapi . Declarations for these functions may be obtained from the include file .Pa gssapi.h . -.sp 2 -.nf -.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u -\fIName/Page\fP \fIDescription\fP -.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC -.sp 5p -gss_accept_sec_context.3 -gss_acquire_cred.3 -gss_add_cred.3 -gss_add_oid_set_member.3 -gss_canonicalize_name.3 -gss_compare_name.3 -gss_context_time.3 -gss_create_empty_oid_set.3 -gss_delete_sec_context.3 -gss_display_name.3 -gss_display_status.3 -gss_duplicate_name.3 -gss_export_name.3 -gss_export_sec_context.3 -gss_get_mic.3 -gss_import_name.3 -gss_import_sec_context.3 -gss_indicate_mechs.3 -gss_init_sec_context.3 -gss_inquire_context.3 -gss_inquire_cred.3 -gss_inquire_cred_by_mech.3 -gss_inquire_mechs_for_name.3 -gss_inquire_names_for_mech.3 -gss_krb5_ccache_name.3 -gss_krb5_compat_des3_mic.3 -gss_krb5_copy_ccache.3 -gss_krb5_extract_authz_data_from_sec_context.3 -gss_krb5_import_ccache.3 -gss_process_context_token.3 -gss_release_buffer.3 -gss_release_cred.3 -gss_release_name.3 -gss_release_oid_set.3 -gss_seal.3 -gss_sign.3 -gss_test_oid_set_member.3 -gss_unseal.3 -gss_unwrap.3 -gss_verify.3 -gss_verify_mic.3 -gss_wrap.3 -gss_wrap_size_limit.3 -.ta -.Fi +.Bl -column -compact +.It Sy Name/Page +.It Xr gss_accept_sec_context 3 +.It Xr gss_acquire_cred 3 +.It Xr gss_add_cred 3 +.It Xr gss_add_oid_set_member 3 +.It Xr gss_canonicalize_name 3 +.It Xr gss_compare_name 3 +.It Xr gss_context_time 3 +.It Xr gss_create_empty_oid_set 3 +.It Xr gss_delete_sec_context 3 +.It Xr gss_display_name 3 +.It Xr gss_display_status 3 +.It Xr gss_duplicate_name 3 +.It Xr gss_export_name 3 +.It Xr gss_export_sec_context 3 +.It Xr gss_get_mic 3 +.It Xr gss_import_name 3 +.It Xr gss_import_sec_context 3 +.It Xr gss_indicate_mechs 3 +.It Xr gss_init_sec_context 3 +.It Xr gss_inquire_context 3 +.It Xr gss_inquire_cred 3 +.It Xr gss_inquire_cred_by_mech 3 +.It Xr gss_inquire_mechs_for_name 3 +.It Xr gss_inquire_names_for_mech 3 +.It Xr gss_krb5_ccache_name 3 +.It Xr gss_krb5_compat_des3_mic 3 +.It Xr gss_krb5_copy_ccache 3 +.It Xr gss_krb5_extract_authz_data_from_sec_context 3 +.It Xr gss_krb5_import_ccache 3 +.It Xr gss_process_context_token 3 +.It Xr gss_release_buffer 3 +.It Xr gss_release_cred 3 +.It Xr gss_release_name 3 +.It Xr gss_release_oid_set 3 +.It Xr gss_seal 3 +.It Xr gss_sign 3 +.It Xr gss_test_oid_set_member 3 +.It Xr gss_unseal 3 +.It Xr gss_unwrap 3 +.It Xr gss_verify 3 +.It Xr gss_verify_mic 3 +.It Xr gss_wrap 3 +.It Xr gss_wrap_size_limit 3 +.El .Sh COMPATIBILITY The .Nm Heimdal @@ -147,7 +142,7 @@ the later will override. .Pp This config option modifies behaviour for both clients and servers. .Pp -Microsoft implemented SPNEGO to Windows2000, however, they manage to +Microsoft implemented SPNEGO to Windows2000, however, they managed to get it wrong, their implementation didn't fill in the MechListMIC in the reply token with the right content. There is a work around for this problem, but not all implementation diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h index ae0274fd6bb..d2f039a5d55 100644 --- a/crypto/heimdal/lib/gssapi/gssapi.h +++ b/crypto/heimdal/lib/gssapi/gssapi.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gssapi.h 18332 2006-10-07 20:57:15Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi.h index fbc638c48fc..bbb2fd54c9b 100644 --- a/crypto/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/crypto/heimdal/lib/gssapi/gssapi/gssapi.h @@ -1,38 +1,36 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gssapi.h 21004 2007-06-08 01:53:10Z lha $ */ - #ifndef GSSAPI_GSSAPI_H_ #define GSSAPI_GSSAPI_H_ @@ -43,6 +41,45 @@ #include +#ifndef BUILD_GSSAPI_LIB +#if defined(_WIN32) +#define GSSAPI_LIB_FUNCTION __declspec(dllimport) +#define GSSAPI_LIB_CALL __stdcall +#define GSSAPI_LIB_VARIABLE __declspec(dllimport) +#else +#define GSSAPI_LIB_FUNCTION +#define GSSAPI_LIB_CALL +#define GSSAPI_LIB_VARIABLE +#endif +#endif + +#ifndef GSSAPI_DEPRECATED_FUNCTION +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define GSSAPI_DEPRECATED_FUNCTION(X) __attribute__((deprecated)) +#else +#define GSSAPI_DEPRECATED_FUNCTION(X) +#endif +#endif + +/* Compatiblity with MIT Kerberos on the Mac */ +#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__)) +#pragma pack(push,2) +#endif + +#ifdef __cplusplus +#define GSSAPI_CPP_START extern "C" { +#define GSSAPI_CPP_END } +#else +#define GSSAPI_CPP_START +#define GSSAPI_CPP_END +#endif + +#ifdef _WIN32 +#define GSSAPI_CALLCONV __stdcall +#else +#define GSSAPI_CALLCONV +#endif + /* * Now define the three implementation-dependent types. */ @@ -54,29 +91,35 @@ typedef uint32_t gss_uint32; struct gss_name_t_desc_struct; typedef struct gss_name_t_desc_struct *gss_name_t; +typedef const struct gss_name_t_desc_struct *gss_const_name_t; struct gss_ctx_id_t_desc_struct; typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; +typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t; typedef struct gss_OID_desc_struct { OM_uint32 length; void *elements; } gss_OID_desc, *gss_OID; +typedef const gss_OID_desc * gss_const_OID; typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, *gss_OID_set; +typedef const gss_OID_set_desc * gss_const_OID_set; typedef int gss_cred_usage_t; struct gss_cred_id_t_desc_struct; typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; +typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t; typedef struct gss_buffer_desc_struct { size_t length; void *value; } gss_buffer_desc, *gss_buffer_t; +typedef const gss_buffer_desc * gss_const_buffer_t; typedef struct gss_channel_bindings_struct { OM_uint32 initiator_addrtype; @@ -85,6 +128,7 @@ typedef struct gss_channel_bindings_struct { gss_buffer_desc acceptor_address; gss_buffer_desc application_data; } *gss_channel_bindings_t; +typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; /* GGF extension data types */ typedef struct gss_buffer_set_desc_struct { @@ -92,11 +136,18 @@ typedef struct gss_buffer_set_desc_struct { gss_buffer_desc *elements; } gss_buffer_set_desc, *gss_buffer_set_t; +typedef struct gss_iov_buffer_desc_struct { + OM_uint32 type; + gss_buffer_desc buffer; +} gss_iov_buffer_desc, *gss_iov_buffer_t; + /* * For now, define a QOP-type as an OM_uint32 */ typedef OM_uint32 gss_qop_t; + + /* * Flag bits for context-level services. */ @@ -113,6 +164,7 @@ typedef OM_uint32 gss_qop_t; #define GSS_C_DCE_STYLE 4096 #define GSS_C_IDENTIFY_FLAG 8192 #define GSS_C_EXTENDED_ERROR_FLAG 16384 +#define GSS_C_DELEG_POLICY_FLAG 32768 /* * Credential usage options @@ -167,6 +219,7 @@ typedef OM_uint32 gss_qop_t; #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) #define GSS_C_EMPTY_BUFFER {0, NULL} +#define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0) /* * Some alternate names for a couple of the above @@ -195,9 +248,33 @@ typedef OM_uint32 gss_qop_t; */ #define GSS_C_INDEFINITE 0xfffffffful -#ifdef __cplusplus -extern "C" { -#endif +/* + * Type of gss_wrap_iov()/gss_unwrap_iov(). + */ + +#define GSS_IOV_BUFFER_TYPE_EMPTY 0 +#define GSS_IOV_BUFFER_TYPE_DATA 1 +#define GSS_IOV_BUFFER_TYPE_HEADER 2 +#define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 + +#define GSS_IOV_BUFFER_TYPE_TRAILER 7 +#define GSS_IOV_BUFFER_TYPE_PADDING 9 +#define GSS_IOV_BUFFER_TYPE_STREAM 10 +#define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 + +#define GSS_IOV_BUFFER_TYPE_FLAG_MASK 0xffff0000 +#define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 +#define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 + +#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE 0x00010000 /* old name */ +#define GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED 0x00020000 /* old name */ + +#define GSS_IOV_BUFFER_TYPE(_t) ((_t) & ~GSS_IOV_BUFFER_TYPE_FLAG_MASK) +#define GSS_IOV_BUFFER_FLAGS(_t) ((_t) & GSS_IOV_BUFFER_TYPE_FLAG_MASK) + +GSSAPI_CPP_START + +#include /* * The implementation must reserve static storage for a @@ -210,7 +287,8 @@ extern "C" { * GSS_C_NT_USER_NAME should be initialized to point * to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_USER_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_user_name_oid_desc; +#define GSS_C_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) /* * The implementation must reserve static storage for a @@ -223,7 +301,8 @@ extern gss_OID GSS_C_NT_USER_NAME; * The constant GSS_C_NT_MACHINE_UID_NAME should be * initialized to point to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_MACHINE_UID_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_machine_uid_name_oid_desc; +#define GSS_C_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) /* * The implementation must reserve static storage for a @@ -236,7 +315,8 @@ extern gss_OID GSS_C_NT_MACHINE_UID_NAME; * The constant GSS_C_NT_STRING_UID_NAME should be * initialized to point to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_STRING_UID_NAME; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_string_uid_name_oid_desc; +#define GSS_C_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) /* * The implementation must reserve static storage for a @@ -255,7 +335,8 @@ extern gss_OID GSS_C_NT_STRING_UID_NAME; * parameter, but should not be emitted by GSS-API * implementations */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_hostbased_service_x_oid_desc; +#define GSS_C_NT_HOSTBASED_SERVICE_X (&__gss_c_nt_hostbased_service_x_oid_desc) /* * The implementation must reserve static storage for a @@ -268,7 +349,8 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; * GSS_C_NT_HOSTBASED_SERVICE should be initialized * to point to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_hostbased_service_oid_desc; +#define GSS_C_NT_HOSTBASED_SERVICE (&__gss_c_nt_hostbased_service_oid_desc) /* * The implementation must reserve static storage for a @@ -280,7 +362,8 @@ extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_ANONYMOUS; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc; +#define GSS_C_NT_ANONYMOUS (&__gss_c_nt_anonymous_oid_desc) /* * The implementation must reserve static storage for a @@ -292,19 +375,8 @@ extern gss_OID GSS_C_NT_ANONYMOUS; * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ -extern gss_OID GSS_C_NT_EXPORT_NAME; - -/* - * Digest mechanism - */ - -extern gss_OID GSS_SASL_DIGEST_MD5_MECHANISM; - -/* - * NTLM mechanism - */ - -extern gss_OID GSS_NTLM_MECHANISM; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc; +#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc) /* Major status codes */ @@ -373,6 +445,12 @@ extern gss_OID GSS_NTLM_MECHANISM; #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET) + +/* + * Apparently awating spec fix. + */ +#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE /* * Supplementary info bits: @@ -387,7 +465,10 @@ extern gss_OID GSS_NTLM_MECHANISM; * Finally, function prototypes for the GSS-API routines. */ -OM_uint32 gss_acquire_cred +#define GSS_C_OPTION_MASK 0xffff +#define GSS_C_CRED_NO_UI 0x10000 + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred (OM_uint32 * /*minor_status*/, const gss_name_t /*desired_name*/, OM_uint32 /*time_req*/, @@ -398,12 +479,12 @@ OM_uint32 gss_acquire_cred OM_uint32 * /*time_rec*/ ); -OM_uint32 gss_release_cred +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_cred (OM_uint32 * /*minor_status*/, gss_cred_id_t * /*cred_handle*/ ); -OM_uint32 gss_init_sec_context +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_init_sec_context (OM_uint32 * /*minor_status*/, const gss_cred_id_t /*initiator_cred_handle*/, gss_ctx_id_t * /*context_handle*/, @@ -419,7 +500,7 @@ OM_uint32 gss_init_sec_context OM_uint32 * /*time_rec*/ ); -OM_uint32 gss_accept_sec_context +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_accept_sec_context (OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, const gss_cred_id_t /*acceptor_cred_handle*/, @@ -433,25 +514,25 @@ OM_uint32 gss_accept_sec_context gss_cred_id_t * /*delegated_cred_handle*/ ); -OM_uint32 gss_process_context_token +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_process_context_token (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t /*token_buffer*/ ); -OM_uint32 gss_delete_sec_context +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_sec_context (OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t /*output_token*/ ); -OM_uint32 gss_context_time +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_context_time (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, OM_uint32 * /*time_rec*/ ); -OM_uint32 gss_get_mic +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_mic (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, gss_qop_t /*qop_req*/, @@ -459,7 +540,7 @@ OM_uint32 gss_get_mic gss_buffer_t /*message_token*/ ); -OM_uint32 gss_verify_mic +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify_mic (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t /*message_buffer*/, @@ -467,7 +548,7 @@ OM_uint32 gss_verify_mic gss_qop_t * /*qop_state*/ ); -OM_uint32 gss_wrap +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, @@ -477,7 +558,7 @@ OM_uint32 gss_wrap gss_buffer_t /*output_message_buffer*/ ); -OM_uint32 gss_unwrap +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unwrap (OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t /*input_message_buffer*/, @@ -486,7 +567,7 @@ OM_uint32 gss_unwrap gss_qop_t * /*qop_state*/ ); -OM_uint32 gss_display_status +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_status (OM_uint32 * /*minor_status*/, OM_uint32 /*status_value*/, int /*status_type*/, @@ -495,54 +576,54 @@ OM_uint32 gss_display_status gss_buffer_t /*status_string*/ ); -OM_uint32 gss_indicate_mechs +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_indicate_mechs (OM_uint32 * /*minor_status*/, gss_OID_set * /*mech_set*/ ); -OM_uint32 gss_compare_name +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_compare_name (OM_uint32 * /*minor_status*/, const gss_name_t /*name1*/, const gss_name_t /*name2*/, int * /*name_equal*/ ); -OM_uint32 gss_display_name +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name (OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*output_name_buffer*/, gss_OID * /*output_name_type*/ ); -OM_uint32 gss_import_name +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_name (OM_uint32 * /*minor_status*/, const gss_buffer_t /*input_name_buffer*/, const gss_OID /*input_name_type*/, gss_name_t * /*output_name*/ ); -OM_uint32 gss_export_name +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name (OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*exported_name*/ ); -OM_uint32 gss_release_name +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_name (OM_uint32 * /*minor_status*/, gss_name_t * /*input_name*/ ); -OM_uint32 gss_release_buffer +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_buffer (OM_uint32 * /*minor_status*/, gss_buffer_t /*buffer*/ ); -OM_uint32 gss_release_oid_set +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_oid_set (OM_uint32 * /*minor_status*/, gss_OID_set * /*set*/ ); -OM_uint32 gss_inquire_cred +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred (OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, gss_name_t * /*name*/, @@ -551,7 +632,7 @@ OM_uint32 gss_inquire_cred gss_OID_set * /*mechanisms*/ ); -OM_uint32 gss_inquire_context ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_context ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, gss_name_t * /*src_name*/, @@ -563,7 +644,7 @@ OM_uint32 gss_inquire_context ( int * /*open_context*/ ); -OM_uint32 gss_wrap_size_limit ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap_size_limit ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, @@ -572,7 +653,7 @@ OM_uint32 gss_wrap_size_limit ( OM_uint32 * /*max_input_size*/ ); -OM_uint32 gss_add_cred ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*input_cred_handle*/, const gss_name_t /*desired_name*/, @@ -586,7 +667,7 @@ OM_uint32 gss_add_cred ( OM_uint32 * /*acceptor_time_rec*/ ); -OM_uint32 gss_inquire_cred_by_mech ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred_by_mech ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, const gss_OID /*mech_type*/, @@ -596,80 +677,81 @@ OM_uint32 gss_inquire_cred_by_mech ( gss_cred_usage_t * /*cred_usage*/ ); -OM_uint32 gss_export_sec_context ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t /*interprocess_token*/ ); -OM_uint32 gss_import_sec_context ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_import_sec_context ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*interprocess_token*/, gss_ctx_id_t * /*context_handle*/ ); -OM_uint32 gss_create_empty_oid_set ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_create_empty_oid_set ( OM_uint32 * /*minor_status*/, gss_OID_set * /*oid_set*/ ); -OM_uint32 gss_add_oid_set_member ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_oid_set_member ( OM_uint32 * /*minor_status*/, const gss_OID /*member_oid*/, gss_OID_set * /*oid_set*/ ); -OM_uint32 gss_test_oid_set_member ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_test_oid_set_member ( OM_uint32 * /*minor_status*/, const gss_OID /*member*/, const gss_OID_set /*set*/, int * /*present*/ ); -OM_uint32 gss_inquire_names_for_mech ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_names_for_mech ( OM_uint32 * /*minor_status*/, const gss_OID /*mechanism*/, gss_OID_set * /*name_types*/ ); -OM_uint32 gss_inquire_mechs_for_name ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_mechs_for_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_OID_set * /*mech_types*/ ); -OM_uint32 gss_canonicalize_name ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_canonicalize_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, const gss_OID /*mech_type*/, gss_name_t * /*output_name*/ ); -OM_uint32 gss_duplicate_name ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*src_name*/, gss_name_t * /*dest_name*/ ); -OM_uint32 gss_duplicate_oid ( +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_duplicate_oid ( OM_uint32 * /* minor_status */, gss_OID /* src_oid */, gss_OID * /* dest_oid */ ); -OM_uint32 + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_oid (OM_uint32 * /*minor_status*/, gss_OID * /* oid */ ); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_oid_to_str( OM_uint32 * /*minor_status*/, gss_OID /* oid */, gss_buffer_t /* str */ ); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_sec_context_by_oid( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -677,38 +759,38 @@ gss_inquire_sec_context_by_oid( gss_buffer_set_t *data_set ); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_sec_context_option (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_OID desired_object, const gss_buffer_t value); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_cred_option (OM_uint32 *minor_status, gss_cred_id_t *cred_handle, const gss_OID object, const gss_buffer_t value); -int -gss_oid_equal(const gss_OID a, const gss_OID b); +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_oid_equal(gss_const_OID a, gss_const_OID b); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_create_empty_buffer_set (OM_uint32 * minor_status, gss_buffer_set_t *buffer_set); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_buffer_set_member (OM_uint32 * minor_status, const gss_buffer_t member_buffer, gss_buffer_set_t *buffer_set); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_buffer_set (OM_uint32 * minor_status, gss_buffer_set_t *buffer_set); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_cred_by_oid(OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, @@ -721,7 +803,7 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status, #define GSS_C_PRF_KEY_FULL 0 #define GSS_C_PRF_KEY_PARTIAL 1 -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_pseudo_random (OM_uint32 *minor_status, gss_ctx_id_t context, @@ -731,6 +813,41 @@ gss_pseudo_random gss_buffer_t prf_out ); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_store_cred(OM_uint32 * /* minor_status */, + gss_cred_id_t /* input_cred_handle */, + gss_cred_usage_t /* cred_usage */, + const gss_OID /* desired_mech */, + OM_uint32 /* overwrite_cred */, + OM_uint32 /* default_cred */, + gss_OID_set * /* elements_stored */, + gss_cred_usage_t * /* cred_usage_stored */); + + +/* + * Query functions + */ + +typedef struct { + size_t header; /**< size of header */ + size_t trailer; /**< size of trailer */ + size_t max_msg_size; /**< maximum message size */ + size_t buffers; /**< extra GSS_IOV_BUFFER_TYPE_EMPTY buffer to pass */ + size_t blocksize; /**< Specificed optimal size of messages, also + is the maximum padding size + (GSS_IOV_BUFFER_TYPE_PADDING) */ +} gss_context_stream_sizes; + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_attr_stream_sizes_oid_desc; +#define GSS_C_ATTR_STREAM_SIZES (&__gss_c_attr_stream_sizes_oid_desc) + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_context_query_attributes(OM_uint32 * /* minor_status */, + const gss_ctx_id_t /* context_handle */, + const gss_OID /* attribute */, + void * /*data*/, + size_t /* len */); /* * The following routines are obsolete variants of gss_get_mic, * gss_verify_mic, gss_wrap and gss_unwrap. They should be @@ -742,23 +859,23 @@ gss_pseudo_random * obsolete versions of these routines and their current forms. */ -OM_uint32 gss_sign +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_sign (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*qop_req*/, gss_buffer_t /*message_buffer*/, gss_buffer_t /*message_token*/ - ); + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_get_mic"); -OM_uint32 gss_verify +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_verify (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, gss_buffer_t /*message_buffer*/, gss_buffer_t /*token_buffer*/, int * /*qop_state*/ - ); + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_verify_mic"); -OM_uint32 gss_seal +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_seal (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*conf_req_flag*/, @@ -766,44 +883,238 @@ OM_uint32 gss_seal gss_buffer_t /*input_message_buffer*/, int * /*conf_state*/, gss_buffer_t /*output_message_buffer*/ - ); + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_wrap"); -OM_uint32 gss_unseal +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_unseal (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, gss_buffer_t /*input_message_buffer*/, gss_buffer_t /*output_message_buffer*/, int * /*conf_state*/, int * /*qop_state*/ + ) GSSAPI_DEPRECATED_FUNCTION("Use gss_unwrap"); + +/** + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_encapsulate_token(gss_const_buffer_t /* input_token */, + gss_const_OID /* oid */, + gss_buffer_t /* output_token */); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_decapsulate_token(gss_const_buffer_t /* input_token */, + gss_const_OID /* oid */, + gss_buffer_t /* output_token */); + + + +/* + * AEAD support + */ + +/* + * GSS_IOV + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_iov(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *, + gss_iov_buffer_desc *, int); + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_unwrap_iov(OM_uint32 *, gss_ctx_id_t, int *, gss_qop_t *, + gss_iov_buffer_desc *, int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_iov_length(OM_uint32 *, gss_ctx_id_t, int, gss_qop_t, int *, + gss_iov_buffer_desc *, int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_iov_buffer(OM_uint32 *, gss_iov_buffer_desc *, int); + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_export_cred(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred_handle */, + gss_buffer_t /* cred_token */); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_import_cred(OM_uint32 * /* minor_status */, + gss_buffer_t /* cred_token */, + gss_cred_id_t * /* cred_handle */); + +/* + * mech option + */ + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name); + +/* + * SASL glue functions and mech inquire + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc); + +/* + * Solaris compat + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_acquire_cred_with_password + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + const gss_buffer_t /*password*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ ); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_add_cred_with_password ( + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + const gss_buffer_t /*password*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_pname_to_uid( + OM_uint32 *minor, + const gss_name_t name, + const gss_OID mech_type, + uid_t *uidOut); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_authorize_localname( + OM_uint32 *minor, + const gss_name_t name, + const gss_name_t user); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_userok(const gss_name_t name, + const char *user); + +extern GSSAPI_LIB_VARIABLE gss_buffer_desc __gss_c_attr_local_login_user; +#define GSS_C_ATTR_LOCAL_LOGIN_USER (&__gss_c_attr_local_login_user) + +/* + * Naming extensions + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_display_name_ext ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_OID, /* display_as_name_type */ + gss_buffer_t /* display_name */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_inquire_name ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int *, /* name_is_MN */ + gss_OID *, /* MN_mech */ + gss_buffer_set_t * /* attrs */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_get_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t, /* attr */ + int *, /* authenticated */ + int *, /* complete */ + gss_buffer_t, /* value */ + gss_buffer_t, /* display_value */ + int * /* more */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_set_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int, /* complete */ + gss_buffer_t, /* attr */ + gss_buffer_t /* value */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_delete_name_attribute ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* attr */ + ); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_export_name_composite ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* exp_composite_name */ + ); + /* * */ -OM_uint32 -gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_OID desired_object, - gss_buffer_set_t *data_set); +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid); -OM_uint32 -gss_encapsulate_token(gss_buffer_t /* input_token */, - gss_OID /* oid */, - gss_buffer_t /* output_token */); +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name); -OM_uint32 -gss_decapsulate_token(gss_buffer_t /* input_token */, - gss_OID /* oid */, - gss_buffer_t /* output_token */); +GSSAPI_CPP_END - - -#ifdef __cplusplus -} +#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__)) +#pragma pack(pop) #endif -#include -#include +#undef GSSAPI_DEPRECATED_FUNCTION #endif /* GSSAPI_GSSAPI_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index cca529fe26f..2f605f5ee11 100644 --- a/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -1,86 +1,73 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gssapi_krb5.h 20385 2007-04-18 08:51:32Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_KRB5_H_ #define GSSAPI_KRB5_H_ -#include +#include -#ifdef __cplusplus -extern "C" { +GSSAPI_CPP_START + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) #endif +#ifndef GSSKRB5_FUNCTION_DEPRECATED +#define GSSKRB5_FUNCTION_DEPRECATED __attribute__((deprecated)) +#endif + + /* * This is for kerberos5 names. */ -extern gss_OID GSS_KRB5_NT_PRINCIPAL_NAME; -extern gss_OID GSS_KRB5_NT_USER_NAME; -extern gss_OID GSS_KRB5_NT_MACHINE_UID_NAME; -extern gss_OID GSS_KRB5_NT_STRING_UID_NAME; +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc; +#define GSS_KRB5_NT_PRINCIPAL_NAME (&__gss_krb5_nt_principal_name_oid_desc) -extern gss_OID GSS_KRB5_MECHANISM; +#define GSS_KRB5_NT_USER_NAME (&__gss_c_nt_user_name_oid_desc) +#define GSS_KRB5_NT_MACHINE_UID_NAME (&__gss_c_nt_machine_uid_name_oid_desc) +#define GSS_KRB5_NT_STRING_UID_NAME (&__gss_c_nt_string_uid_name_oid_desc) + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc; +#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) /* for compatibility with MIT api */ #define gss_mech_krb5 GSS_KRB5_MECHANISM #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME -/* Extensions set contexts options */ -extern gss_OID GSS_KRB5_COPY_CCACHE_X; -extern gss_OID GSS_KRB5_COMPAT_DES3_MIC_X; -extern gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X; -extern gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X; -extern gss_OID GSS_KRB5_SEND_TO_KDC_X; -extern gss_OID GSS_KRB5_SET_DEFAULT_REALM_X; -extern gss_OID GSS_KRB5_CCACHE_NAME_X; -/* Extensions inquire context */ -extern gss_OID GSS_KRB5_GET_TKT_FLAGS_X; -extern gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X; -extern gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO; -extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X; -extern gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X; -extern gss_OID GSS_KRB5_GET_SUBKEY_X; -extern gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X; -extern gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X; -extern gss_OID GSS_KRB5_GET_AUTHTIME_X; -extern gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X; -/* Extensions creds */ -extern gss_OID GSS_KRB5_IMPORT_CRED_X; -extern gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X; - /* * kerberos mechanism specific functions */ @@ -89,39 +76,42 @@ struct krb5_keytab_data; struct krb5_ccache_data; struct Principal; -OM_uint32 -gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_ccache_name(OM_uint32 * /*minor_status*/, const char * /*name */, const char ** /*out_name */); -OM_uint32 gsskrb5_register_acceptor_identity - (const char */*identity*/); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity + (const char * /*identity*/); -OM_uint32 gss_krb5_copy_ccache - (OM_uint32 */*minor*/, +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL krb5_gss_register_acceptor_identity + (const char * /*identity*/); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_copy_ccache + (OM_uint32 * /*minor*/, gss_cred_id_t /*cred*/, - struct krb5_ccache_data */*out*/); + struct krb5_ccache_data * /*out*/); -OM_uint32 -gss_krb5_import_cred(OM_uint32 */*minor*/, +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_import_cred(OM_uint32 * /*minor*/, struct krb5_ccache_data * /*in*/, struct Principal * /*keytab_principal*/, struct krb5_keytab_data * /*keytab*/, - gss_cred_id_t */*out*/); + gss_cred_id_t * /*out*/); -OM_uint32 gss_krb5_get_tkt_flags - (OM_uint32 */*minor*/, +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_get_tkt_flags + (OM_uint32 * /*minor*/, gss_ctx_id_t /*context_handle*/, - OM_uint32 */*tkt_flags*/); + OM_uint32 * /*tkt_flags*/); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_extract_authz_data_from_sec_context (OM_uint32 * /*minor_status*/, gss_ctx_id_t /*context_handle*/, int /*ad_type*/, gss_buffer_t /*ad_data*/); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_set_dns_canonicalize(int); struct gsskrb5_send_to_kdc { @@ -129,30 +119,47 @@ struct gsskrb5_send_to_kdc { void *ptr; }; -OM_uint32 -gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *) + GSSKRB5_FUNCTION_DEPRECATED; -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_set_default_realm(const char *); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, time_t *); struct EncryptionKey; -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, gss_ctx_id_t context_handle, struct EncryptionKey **out); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, gss_ctx_id_t context_handle, struct EncryptionKey **out); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_get_subkey(OM_uint32 *minor_status, gss_ctx_id_t context_handle, struct EncryptionKey **out); +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_time_offset(int); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_time_offset(int *); + +struct gsskrb5_krb5_plugin { + int type; + char *name; + void *symbol; +}; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *); + + /* * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to * do GSS content token handling in-kernel. @@ -195,26 +202,24 @@ typedef struct gss_krb5_lucid_context_version { * Function declarations */ -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, OM_uint32 version, void **kctx); -OM_uint32 +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *kctx); -OM_uint32 -gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, gss_cred_id_t cred, OM_uint32 num_enctypes, int32_t *enctypes); -#ifdef __cplusplus -} -#endif +GSSAPI_CPP_END #endif /* GSSAPI_SPNEGO_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_ntlm.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_ntlm.h new file mode 100644 index 00000000000..e37c003c7db --- /dev/null +++ b/crypto/heimdal/lib/gssapi/gssapi/gssapi_ntlm.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2006 - 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef GSSAPI_NTLM_H_ +#define GSSAPI_NTLM_H_ + +#include + +#endif /* GSSAPI_NTLM_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_oid.h new file mode 100644 index 00000000000..9465efc77f4 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/gssapi/gssapi_oid.h @@ -0,0 +1,245 @@ +/* Generated file */ +#ifndef GSSAPI_GSSAPI_OID +#define GSSAPI_GSSAPI_OID 1 + + /* contact Love Hörnquist Ã…strand for new oid arcs */ + /* + * 1.2.752.43.13 Heimdal GSS-API Extentions + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc; +#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc; +#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc; +#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc; +#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc; +#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc; +#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc; +#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc; +#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc; +#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc; +#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc; +#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc; +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc; +#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc; +#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc; +#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc; +#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc; +#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc; +#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_ntlm_oid_desc; +#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_dn_oid_desc; +#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc; +#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_avguest_oid_desc; +#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v1_oid_desc; +#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v2_oid_desc; +#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_session_key_oid_desc; +#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_force_v1_oid_desc; +#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc; +#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc; +#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) + + /* glue for gss_inquire_saslname_for_mech */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc; +#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc; +#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc; +#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc) + + /* credential types */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_password_oid_desc; +#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_cred_certificate_oid_desc; +#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc) + +/* Heimdal mechanisms - 1.2.752.43.14 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc; +#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc; +#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc; +#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc; +#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc; +#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc) + +/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_win2k_pac_x_oid_desc; +#define GSS_C_INQ_WIN2K_PAC_X (&__gss_c_inq_win2k_pac_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_inq_sspi_session_key_oid_desc; +#define GSS_C_INQ_SSPI_SESSION_KEY (&__gss_c_inq_sspi_session_key_oid_desc) + +/* + * "Standard" mechs + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_mechanism_oid_desc; +#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc; +#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc; +#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc) + + /* From Luke Howard */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; +#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) + +/* + * OID mappings with name and short description and and slightly longer description + */ +/* + * RFC5587 + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_concrete_oid_desc; +#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc; +#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_composite_oid_desc; +#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_nego_oid_desc; +#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_glue_oid_desc; +#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_mech_oid_desc; +#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deprecated_oid_desc; +#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc; +#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_itok_framed_oid_desc; +#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_oid_desc; +#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_oid_desc; +#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_init_oid_desc; +#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc; +#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc; +#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc; +#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deleg_cred_oid_desc; +#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_integ_prot_oid_desc; +#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_conf_prot_oid_desc; +#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mic_oid_desc; +#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_wrap_oid_desc; +#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_prot_ready_oid_desc; +#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_replay_det_oid_desc; +#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_oos_det_oid_desc; +#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_cbindings_oid_desc; +#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_pfs_oid_desc; +#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_compress_oid_desc; +#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_ctx_trans_oid_desc; +#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc) + +#endif /* GSSAPI_GSSAPI_OID */ diff --git a/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h b/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h index fbb7906369b..dd3b2a5c3f8 100644 --- a/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h +++ b/crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h @@ -1,46 +1,44 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gssapi_spnego.h 18335 2006-10-07 22:26:21Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_SPNEGO_H_ #define GSSAPI_SPNEGO_H_ #include -#ifdef __cplusplus -extern "C" { -#endif +GSSAPI_CPP_START /* * RFC2478, SPNEGO: @@ -48,11 +46,10 @@ extern "C" { * negotiation token is identified by the Object Identifier * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ -extern gss_OID GSS_SPNEGO_MECHANISM; +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc; +#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc) #define gss_mech_spnego GSS_SPNEGO_MECHANISM -#ifdef __cplusplus -} -#endif +GSSAPI_CPP_END #endif /* GSSAPI_SPNEGO_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi_mech.h b/crypto/heimdal/lib/gssapi/gssapi_mech.h index 3704099e0f7..d8f3a188db3 100644 --- a/crypto/heimdal/lib/gssapi/gssapi_mech.h +++ b/crypto/heimdal/lib/gssapi/gssapi_mech.h @@ -31,7 +31,7 @@ #include -typedef OM_uint32 _gss_acquire_cred_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_t (OM_uint32 *, /* minor_status */ const gss_name_t, /* desired_name */ OM_uint32, /* time_req */ @@ -42,12 +42,12 @@ typedef OM_uint32 _gss_acquire_cred_t OM_uint32 * /* time_rec */ ); -typedef OM_uint32 _gss_release_cred_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_release_cred_t (OM_uint32 *, /* minor_status */ gss_cred_id_t * /* cred_handle */ ); -typedef OM_uint32 _gss_init_sec_context_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_init_sec_context_t (OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* initiator_cred_handle */ gss_ctx_id_t *, /* context_handle */ @@ -64,7 +64,7 @@ typedef OM_uint32 _gss_init_sec_context_t OM_uint32 * /* time_rec */ ); -typedef OM_uint32 _gss_accept_sec_context_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_accept_sec_context_t (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ const gss_cred_id_t, /* acceptor_cred_handle */ @@ -79,25 +79,25 @@ typedef OM_uint32 _gss_accept_sec_context_t gss_cred_id_t * /* delegated_cred_handle */ ); -typedef OM_uint32 _gss_process_context_token_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_process_context_token_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t /* token_buffer */ ); -typedef OM_uint32 _gss_delete_sec_context_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_sec_context_t (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* output_token */ ); -typedef OM_uint32 _gss_context_time_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_context_time_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ OM_uint32 * /* time_rec */ ); -typedef OM_uint32 _gss_get_mic_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_get_mic_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ @@ -105,7 +105,7 @@ typedef OM_uint32 _gss_get_mic_t gss_buffer_t /* message_token */ ); -typedef OM_uint32 _gss_verify_mic_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_verify_mic_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t, /* message_buffer */ @@ -113,7 +113,7 @@ typedef OM_uint32 _gss_verify_mic_t gss_qop_t * /* qop_state */ ); -typedef OM_uint32 _gss_wrap_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ @@ -123,7 +123,7 @@ typedef OM_uint32 _gss_wrap_t gss_buffer_t /* output_message_buffer */ ); -typedef OM_uint32 _gss_unwrap_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_unwrap_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ const gss_buffer_t, /* input_message_buffer */ @@ -132,7 +132,7 @@ typedef OM_uint32 _gss_unwrap_t gss_qop_t * /* qop_state */ ); -typedef OM_uint32 _gss_display_status_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_status_t (OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ @@ -141,44 +141,44 @@ typedef OM_uint32 _gss_display_status_t gss_buffer_t /* status_string */ ); -typedef OM_uint32 _gss_indicate_mechs_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_indicate_mechs_t (OM_uint32 *, /* minor_status */ gss_OID_set * /* mech_set */ ); -typedef OM_uint32 _gss_compare_name_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_compare_name_t (OM_uint32 *, /* minor_status */ const gss_name_t, /* name1 */ const gss_name_t, /* name2 */ int * /* name_equal */ ); -typedef OM_uint32 _gss_display_name_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_t (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID * /* output_name_type */ ); -typedef OM_uint32 _gss_import_name_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_import_name_t (OM_uint32 *, /* minor_status */ const gss_buffer_t, /* input_name_buffer */ const gss_OID, /* input_name_type */ gss_name_t * /* output_name */ ); -typedef OM_uint32 _gss_export_name_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_t (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ ); -typedef OM_uint32 _gss_release_name_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_release_name_t (OM_uint32 *, /* minor_status */ gss_name_t * /* input_name */ ); -typedef OM_uint32 _gss_inquire_cred_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_t (OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ @@ -187,7 +187,7 @@ typedef OM_uint32 _gss_inquire_cred_t gss_OID_set * /* mechanisms */ ); -typedef OM_uint32 _gss_inquire_context_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_context_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ @@ -199,7 +199,7 @@ typedef OM_uint32 _gss_inquire_context_t int * /* open */ ); -typedef OM_uint32 _gss_wrap_size_limit_t +typedef OM_uint32 GSSAPI_CALLCONV _gss_wrap_size_limit_t (OM_uint32 *, /* minor_status */ const gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ @@ -208,7 +208,7 @@ typedef OM_uint32 _gss_wrap_size_limit_t OM_uint32 * /* max_input_size */ ); -typedef OM_uint32 _gss_add_cred_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_t ( OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred_handle */ const gss_name_t, /* desired_name */ @@ -222,7 +222,7 @@ typedef OM_uint32 _gss_add_cred_t ( OM_uint32 * /* acceptor_time_rec */ ); -typedef OM_uint32 _gss_inquire_cred_by_mech_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_mech_t ( OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* cred_handle */ const gss_OID, /* mech_type */ @@ -232,65 +232,65 @@ typedef OM_uint32 _gss_inquire_cred_by_mech_t ( gss_cred_usage_t * /* cred_usage */ ); -typedef OM_uint32 _gss_export_sec_context_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_sec_context_t ( OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* interprocess_token */ ); -typedef OM_uint32 _gss_import_sec_context_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_import_sec_context_t ( OM_uint32 *, /* minor_status */ const gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); -typedef OM_uint32 _gss_inquire_names_for_mech_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_names_for_mech_t ( OM_uint32 *, /* minor_status */ const gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); -typedef OM_uint32 _gss_inquire_mechs_for_name_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_mechs_for_name_t ( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_OID_set * /* mech_types */ ); -typedef OM_uint32 _gss_canonicalize_name_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_canonicalize_name_t ( OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ const gss_OID, /* mech_type */ gss_name_t * /* output_name */ ); -typedef OM_uint32 _gss_duplicate_name_t ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_duplicate_name_t ( OM_uint32 *, /* minor_status */ const gss_name_t, /* src_name */ gss_name_t * /* dest_name */ ); -typedef OM_uint32 _gss_inquire_sec_context_by_oid ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_sec_context_by_oid ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set ); -typedef OM_uint32 _gss_inquire_cred_by_oid ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_cred_by_oid ( OM_uint32 *minor_status, const gss_cred_id_t cred, const gss_OID desired_object, gss_buffer_set_t *data_set ); -typedef OM_uint32 _gss_set_sec_context_option ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_sec_context_option ( OM_uint32 *minor_status, gss_ctx_id_t *cred_handle, const gss_OID desired_object, const gss_buffer_t value ); -typedef OM_uint32 _gss_set_cred_option ( +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_cred_option ( OM_uint32 *minor_status, gss_cred_id_t *cred_handle, const gss_OID desired_object, @@ -298,7 +298,7 @@ typedef OM_uint32 _gss_set_cred_option ( ); -typedef OM_uint32 _gss_pseudo_random( +typedef OM_uint32 GSSAPI_CALLCONV _gss_pseudo_random( OM_uint32 *minor_status, gss_ctx_id_t context, int prf_key, @@ -307,12 +307,186 @@ typedef OM_uint32 _gss_pseudo_random( gss_buffer_t prf_out ); -#define GMI_VERSION 1 +typedef OM_uint32 GSSAPI_CALLCONV +_gss_wrap_iov_t(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int * conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_unwrap_iov_t(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_wrap_iov_length_t(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_store_cred_t(OM_uint32 *minor_status, + gss_cred_id_t input_cred_handle, + gss_cred_usage_t cred_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_export_cred_t(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t cred_token); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_import_cred_t(OM_uint32 * minor_status, + gss_buffer_t cred_token, + gss_cred_id_t * cred_handle); + + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_acquire_cred_ext_t(OM_uint32 * /*minor_status */, + const gss_name_t /* desired_name */, + gss_const_OID /* credential_type */, + const void * /* credential_data */, + OM_uint32 /* time_req */, + gss_const_OID /* desired_mech */, + gss_cred_usage_t /* cred_usage */, + gss_cred_id_t * /* output_cred_handle */); + +typedef void GSSAPI_CALLCONV +_gss_iter_creds_t(OM_uint32 /* flags */, + void * /* userctx */, + void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t)); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_destroy_cred_t(OM_uint32 * /* minor_status */, + gss_cred_id_t * /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_hold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_unhold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_set_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_get_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_display_name_ext_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_OID, /* display_as_name_type */ + gss_buffer_t /* display_name */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_name_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int *, /* name_is_MN */ + gss_OID *, /* MN_mech */ + gss_buffer_set_t * /* attrs */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_get_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t, /* attr */ + int *, /* authenticated */ + int *, /* complete */ + gss_buffer_t, /* value */ + gss_buffer_t, /* display_value */ + int * /* more */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_set_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + int, /* complete */ + gss_buffer_t, /* attr */ + gss_buffer_t /* value */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_delete_name_attribute_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* attr */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_export_name_composite_t ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name */ + gss_buffer_t /* exp_composite_name */ + ); + +/* + * + */ + +typedef struct gss_mo_desc_struct gss_mo_desc; + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_mo_init (OM_uint32 *, gss_OID, gss_mo_desc **, size_t *); + + +struct gss_mo_desc_struct { + gss_OID option; + OM_uint32 flags; +#define GSS_MO_MA 1 +#define GSS_MO_MA_CRITICAL 2 + const char *name; + void *ctx; + int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t); + int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t); +}; + +typedef OM_uint32 GSSAPI_CALLCONV _gss_pname_to_uid_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* name */ + const gss_OID, /* mech_type */ + uid_t * /* uidOut */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_authorize_localname_t ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* name */ + gss_const_buffer_t, /* user */ + gss_const_OID /* user_name_type */ + ); + +/* mechglue internal */ +struct gss_mech_compat_desc_struct; + +#define GMI_VERSION 5 + +/* gm_flags */ +#define GM_USE_MG_CRED 1 /* uses mech glue credentials */ typedef struct gssapi_mech_interface_desc { unsigned gm_version; const char *gm_name; gss_OID_desc gm_mech_oid; + unsigned gm_flags; _gss_acquire_cred_t *gm_acquire_cred; _gss_release_cred_t *gm_release_cred; _gss_init_sec_context_t *gm_init_sec_context; @@ -347,13 +521,74 @@ typedef struct gssapi_mech_interface_desc { _gss_set_sec_context_option *gm_set_sec_context_option; _gss_set_cred_option *gm_set_cred_option; _gss_pseudo_random *gm_pseudo_random; + _gss_wrap_iov_t *gm_wrap_iov; + _gss_unwrap_iov_t *gm_unwrap_iov; + _gss_wrap_iov_length_t *gm_wrap_iov_length; + _gss_store_cred_t *gm_store_cred; + _gss_export_cred_t *gm_export_cred; + _gss_import_cred_t *gm_import_cred; + _gss_acquire_cred_ext_t *gm_acquire_cred_ext; + _gss_iter_creds_t *gm_iter_creds; + _gss_destroy_cred_t *gm_destroy_cred; + _gss_cred_hold_t *gm_cred_hold; + _gss_cred_unhold_t *gm_cred_unhold; + _gss_cred_label_get_t *gm_cred_label_get; + _gss_cred_label_set_t *gm_cred_label_set; + gss_mo_desc *gm_mo; + size_t gm_mo_num; + _gss_pname_to_uid_t *gm_pname_to_uid; + _gss_authorize_localname_t *gm_authorize_localname; + _gss_display_name_ext_t *gm_display_name_ext; + _gss_inquire_name_t *gm_inquire_name; + _gss_get_name_attribute_t *gm_get_name_attribute; + _gss_set_name_attribute_t *gm_set_name_attribute; + _gss_delete_name_attribute_t *gm_delete_name_attribute; + _gss_export_name_composite_t *gm_export_name_composite; + struct gss_mech_compat_desc_struct *gm_compat; } gssapi_mech_interface_desc, *gssapi_mech_interface; gssapi_mech_interface -__gss_get_mechanism(gss_OID /* oid */); +__gss_get_mechanism(gss_const_OID /* oid */); gssapi_mech_interface __gss_spnego_initialize(void); gssapi_mech_interface __gss_krb5_initialize(void); gssapi_mech_interface __gss_ntlm_initialize(void); +void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32); + +int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t); + +struct _gss_oid_name_table { + gss_OID oid; + const char *name; + const char *short_desc; + const char *long_desc; +}; + +extern struct _gss_oid_name_table _gss_ont_mech[]; +extern struct _gss_oid_name_table _gss_ont_ma[]; + +/* + * Extended credentials acqusition API, not to be exported until + * it or something equivalent has been standardised. + */ +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc; +#define GSS_C_CRED_PASSWORD (&__gss_c_cred_password_oid_desc) + +extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc; +#define GSS_C_CRED_CERTIFICATE (&__gss_c_cred_certificate_oid_desc) + +OM_uint32 _gss_acquire_cred_ext + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + gss_const_OID /*credential_type*/, + const void * /*credential_data*/, + OM_uint32 /*time_req*/, + gss_const_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/ + ); + #endif /* GSSAPI_MECH_H */ diff --git a/crypto/heimdal/lib/gssapi/gss.c b/crypto/heimdal/lib/gssapi/gsstool.c similarity index 50% rename from crypto/heimdal/lib/gssapi/gss.c rename to crypto/heimdal/lib/gssapi/gsstool.c index 739e8306363..5ce3cb04a7d 100644 --- a/crypto/heimdal/lib/gssapi/gss.c +++ b/crypto/heimdal/lib/gssapi/gsstool.c @@ -1,18 +1,20 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 - 2010 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -31,20 +33,19 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif +#include #include #include +#include +#include +#include #include -#include #include #include #include -#include -RCSID("$Id: gss.c 19922 2007-01-16 09:32:03Z lha $"); static int version_flag = 0; static int help_flag = 0; @@ -64,6 +65,11 @@ usage (int ret) #define COL_OID "OID" #define COL_NAME "Name" +#define COL_DESC "Description" +#define COL_VALUE "Value" +#define COL_MECH "Mech" +#define COL_EXPIRE "Expire" +#define COL_SASL "SASL" int supported_mechanisms(void *argptr, int argc, char **argv) @@ -86,24 +92,37 @@ supported_mechanisms(void *argptr, int argc, char **argv) rtbl_set_separator(ct, " "); rtbl_add_column(ct, COL_OID, 0); rtbl_add_column(ct, COL_NAME, 0); + rtbl_add_column(ct, COL_DESC, 0); + rtbl_add_column(ct, COL_SASL, 0); for (i = 0; i < mechs->count; i++) { - gss_buffer_desc name; + gss_buffer_desc str, sasl_name, mech_name, mech_desc; - maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &name); + maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &str); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_oid_to_str failed"); rtbl_add_column_entryv(ct, COL_OID, "%.*s", - (int)name.length, (char *)name.value); - gss_release_buffer(&min_stat, &name); + (int)str.length, (char *)str.value); + gss_release_buffer(&min_stat, &str); + + (void)gss_inquire_saslname_for_mech(&min_stat, + &mechs->elements[i], + &sasl_name, + &mech_name, + &mech_desc); + + rtbl_add_column_entryv(ct, COL_NAME, "%.*s", + (int)mech_name.length, (char *)mech_name.value); + rtbl_add_column_entryv(ct, COL_DESC, "%.*s", + (int)mech_desc.length, (char *)mech_desc.value); + rtbl_add_column_entryv(ct, COL_SASL, "%.*s", + (int)sasl_name.length, (char *)sasl_name.value); + + gss_release_buffer(&min_stat, &mech_name); + gss_release_buffer(&min_stat, &mech_desc); + gss_release_buffer(&min_stat, &sasl_name); - if (gss_oid_equal(&mechs->elements[i], GSS_KRB5_MECHANISM)) - rtbl_add_column_entry(ct, COL_NAME, "Kerberos 5"); - else if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM)) - rtbl_add_column_entry(ct, COL_NAME, "SPNEGO"); - else if (gss_oid_equal(&mechs->elements[i], GSS_NTLM_MECHANISM)) - rtbl_add_column_entry(ct, COL_NAME, "NTLM"); } gss_release_oid_set(&min_stat, &mechs); @@ -113,57 +132,88 @@ supported_mechanisms(void *argptr, int argc, char **argv) return 0; } -#if 0 -/* - * - */ +static void +print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set) +{ + gss_buffer_desc name, desc; + OM_uint32 major, minor; + rtbl_t ct; + size_t n; -#define DOVEDOT_MAJOR_VERSION 1 -#define DOVEDOT_MINOR_VERSION 0 + ct = rtbl_create(); + if (ct == NULL) + errx(1, "rtbl_create"); -/* - S: MECH mech mech-parameters - S: MECH mech mech-parameters - S: VERSION major minor - S: CPID pid - S: CUID pid - S: ... - S: DONE - C: VERSION major minor - C: CPID pid + rtbl_set_separator(ct, " "); + rtbl_add_column(ct, COL_OID, 0); + rtbl_add_column(ct, COL_DESC, 0); + if (mech) + rtbl_add_column(ct, COL_VALUE, 0); - C: AUTH id method service= resp= - C: CONT id message + for (n = 0; n < set->count; n++) { + major = gss_display_mech_attr(&minor, &set->elements[n], &name, &desc, NULL); + if (major) + continue; + + rtbl_add_column_entryv(ct, COL_OID, "%.*s", + (int)name.length, (char *)name.value); + rtbl_add_column_entryv(ct, COL_DESC, "%.*s", + (int)desc.length, (char *)desc.value); + if (mech) { + gss_buffer_desc value; + + if (gss_mo_get(mech, &set->elements[n], &value) != 0) + value.length = 0; + + if (value.length) + rtbl_add_column_entryv(ct, COL_VALUE, "%.*s", + (int)value.length, (char *)value.value); + else + rtbl_add_column_entryv(ct, COL_VALUE, "<>"); + gss_release_buffer(&minor, &value); + } + + gss_release_buffer(&minor, &name); + gss_release_buffer(&minor, &desc); + } + + printf("attributes for: %s\n", mechname); + rtbl_format(ct, stdout); + rtbl_destroy(ct); +} - S: OK id user= - S: FAIL id reason= - S: CONTINUE id message -*/ int -dovecot_server(void *argptr, int argc, char **argv) +attrs_for_mech(struct attrs_for_mech_options *opt, int argc, char **argv) { - krb5_storage *sp; - int fd = 0; + gss_OID_set mech_attr = NULL, known_mech_attrs = NULL; + gss_OID mech = GSS_C_NO_OID; + OM_uint32 major, minor; - sp = krb5_storage_from_fd(fd); - if (sp == NULL) - errx(1, "krb5_storage_from_fd"); - - krb5_store_stringnl(sp, "MECH\tGSSAPI"); - krb5_store_stringnl(sp, "VERSION\t1\t0"); - krb5_store_stringnl(sp, "DONE"); - - while (1) { - char *cmd; - if (krb5_ret_stringnl(sp, &cmd) != 0) - break; - printf("cmd: %s\n", cmd); - free(cmd); + if (opt->mech_string) { + mech = gss_name_to_oid(opt->mech_string); + if (mech == NULL) + errx(1, "mech %s is unknown", opt->mech_string); } + + major = gss_inquire_attrs_for_mech(&minor, mech, &mech_attr, &known_mech_attrs); + if (major) + errx(1, "gss_inquire_attrs_for_mech"); + + if (mech) { + print_mech_attr(opt->mech_string, mech, mech_attr); + } + + if (opt->all_flag) { + print_mech_attr("all mechs", NULL, known_mech_attrs); + } + + gss_release_oid_set(&minor, &mech_attr); + gss_release_oid_set(&minor, &known_mech_attrs); + return 0; } -#endif + /* * @@ -184,7 +234,7 @@ main(int argc, char **argv) setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/lib/gssapi/krb5/8003.c b/crypto/heimdal/lib/gssapi/krb5/8003.c index 619cbf97fcb..d4555c51042 100644 --- a/crypto/heimdal/lib/gssapi/krb5/8003.c +++ b/crypto/heimdal/lib/gssapi/krb5/8003.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: 8003.c 18334 2006-10-07 22:16:04Z lha $"); +#include "gsskrb5_locl.h" krb5_error_code _gsskrb5_encode_om_uint32(OM_uint32 n, u_char *p) @@ -76,32 +74,36 @@ hash_input_chan_bindings (const gss_channel_bindings_t b, u_char *p) { u_char num[4]; - MD5_CTX md5; + EVP_MD_CTX *ctx; + + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); - MD5_Init(&md5); _gsskrb5_encode_om_uint32 (b->initiator_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); + EVP_DigestUpdate(ctx, num, sizeof(num)); _gsskrb5_encode_om_uint32 (b->initiator_address.length, num); - MD5_Update (&md5, num, sizeof(num)); + EVP_DigestUpdate(ctx, num, sizeof(num)); if (b->initiator_address.length) - MD5_Update (&md5, - b->initiator_address.value, - b->initiator_address.length); + EVP_DigestUpdate(ctx, + b->initiator_address.value, + b->initiator_address.length); _gsskrb5_encode_om_uint32 (b->acceptor_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); + EVP_DigestUpdate(ctx, num, sizeof(num)); _gsskrb5_encode_om_uint32 (b->acceptor_address.length, num); - MD5_Update (&md5, num, sizeof(num)); + EVP_DigestUpdate(ctx, num, sizeof(num)); if (b->acceptor_address.length) - MD5_Update (&md5, - b->acceptor_address.value, - b->acceptor_address.length); + EVP_DigestUpdate(ctx, + b->acceptor_address.value, + b->acceptor_address.length); _gsskrb5_encode_om_uint32 (b->application_data.length, num); - MD5_Update (&md5, num, sizeof(num)); + EVP_DigestUpdate(ctx, num, sizeof(num)); if (b->application_data.length) - MD5_Update (&md5, - b->application_data.value, - b->application_data.length); - MD5_Final (p, &md5); + EVP_DigestUpdate(ctx, + b->application_data.value, + b->application_data.length); + EVP_DigestFinal_ex(ctx, p, NULL); + EVP_MD_CTX_destroy(ctx); + return 0; } @@ -113,7 +115,7 @@ hash_input_chan_bindings (const gss_channel_bindings_t b, OM_uint32 _gsskrb5_create_8003_checksum ( - OM_uint32 *minor_status, + OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, OM_uint32 flags, const krb5_data *fwd_data, @@ -121,20 +123,20 @@ _gsskrb5_create_8003_checksum ( { u_char *p; - /* - * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value + /* + * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value * field's format) */ result->cksumtype = CKSUMTYPE_GSSAPI; if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) result->checksum.length = 24 + 4 + fwd_data->length; - else + else result->checksum.length = 24; result->checksum.data = malloc (result->checksum.length); if (result->checksum.data == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } - + p = result->checksum.data; _gsskrb5_encode_om_uint32 (16, p); p += 4; @@ -157,7 +159,7 @@ _gsskrb5_create_8003_checksum ( p += fwd_data->length; } - + return GSS_S_COMPLETE; } @@ -168,7 +170,7 @@ _gsskrb5_create_8003_checksum ( OM_uint32 _gsskrb5_verify_8003_checksum( - OM_uint32 *minor_status, + OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, const Checksum *cksum, OM_uint32 *flags, @@ -180,40 +182,35 @@ _gsskrb5_verify_8003_checksum( int DlgOpt; static unsigned char zeros[16]; - if (cksum == NULL) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - /* XXX should handle checksums > 24 bytes */ if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } - + p = cksum->checksum.data; _gsskrb5_decode_om_uint32(p, &length); if(length != sizeof(hash)) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } - + p += 4; - + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS && memcmp(p, zeros, sizeof(zeros)) != 0) { if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } - if(memcmp(hash, p, sizeof(hash)) != 0) { + if(ct_memcmp(hash, p, sizeof(hash)) != 0) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } } - + p += sizeof(hash); - + _gsskrb5_decode_om_uint32(p, flags); p += 4; @@ -222,7 +219,7 @@ _gsskrb5_verify_8003_checksum( *minor_status = 0; return GSS_S_BAD_BINDINGS; } - + DlgOpt = (p[0] << 0) | (p[1] << 8); p += 2; if (DlgOpt != 1) { @@ -243,6 +240,6 @@ _gsskrb5_verify_8003_checksum( } memcpy(fwd_data->data, p, fwd_data->length); } - + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c index 73b93ceba4c..5a00e124c2c 100644 --- a/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -1,53 +1,71 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: accept_sec_context.c 20199 2007-02-07 22:36:39Z lha $"); +#include "gsskrb5_locl.h" HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; krb5_keytab _gsskrb5_keytab; +static krb5_error_code +validate_keytab(krb5_context context, const char *name, krb5_keytab *id) +{ + krb5_error_code ret; + + ret = krb5_kt_resolve(context, name, id); + if (ret) + return ret; + + ret = krb5_kt_have_content(context, *id); + if (ret) { + krb5_kt_close(context, *id); + *id = NULL; + } + + return ret; +} + OM_uint32 -_gsskrb5_register_acceptor_identity (const char *identity) +_gsskrb5_register_acceptor_identity(OM_uint32 *min_stat, const char *identity) { krb5_context context; krb5_error_code ret; + *min_stat = 0; + ret = _gsskrb5_init(&context); if(ret) return GSS_S_FAILURE; - + HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); if(_gsskrb5_keytab != NULL) { @@ -57,29 +75,37 @@ _gsskrb5_register_acceptor_identity (const char *identity) if (identity == NULL) { ret = krb5_kt_default(context, &_gsskrb5_keytab); } else { - char *p; - - asprintf(&p, "FILE:%s", identity); - if(p == NULL) { - HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); - return GSS_S_FAILURE; + /* + * First check if we can the keytab as is and if it has content... + */ + ret = validate_keytab(context, identity, &_gsskrb5_keytab); + /* + * if it doesn't, lets prepend FILE: and try again + */ + if (ret) { + char *p = NULL; + ret = asprintf(&p, "FILE:%s", identity); + if(ret < 0 || p == NULL) { + HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); + return GSS_S_FAILURE; + } + ret = validate_keytab(context, p, &_gsskrb5_keytab); + free(p); } - ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab); - free(p); } HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); - if(ret) + if(ret) { + *min_stat = ret; return GSS_S_FAILURE; + } return GSS_S_COMPLETE; } void -_gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx) +_gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor) { + krb5_error_code ret; krb5_keyblock *key; - int acceptor = (ctx->more_flags & LOCAL) == 0; - - *is_cfx = 0; if (acceptor) { if (ctx->auth_context->local_subkey) @@ -97,23 +123,28 @@ _gsskrb5i_is_cfx(gsskrb5_ctx ctx, int *is_cfx) if (key == NULL) return; - + switch (key->keytype) { case ETYPE_DES_CBC_CRC: case ETYPE_DES_CBC_MD4: case ETYPE_DES_CBC_MD5: case ETYPE_DES3_CBC_MD5: + case ETYPE_OLD_DES3_CBC_SHA1: case ETYPE_DES3_CBC_SHA1: case ETYPE_ARCFOUR_HMAC_MD5: case ETYPE_ARCFOUR_HMAC_MD5_56: break; default : - *is_cfx = 1; + ctx->more_flags |= IS_CFX; + if ((acceptor && ctx->auth_context->local_subkey) || (!acceptor && ctx->auth_context->remote_subkey)) ctx->more_flags |= ACCEPTOR_SUBKEY; break; } + if (ctx->crypto) + krb5_crypto_destroy(context, ctx->crypto); + ret = krb5_crypto_init(context, key, 0, &ctx->crypto); } @@ -128,7 +159,7 @@ gsskrb5_accept_delegated_token krb5_ccache ccache = NULL; krb5_error_code kret; int32_t ac_flags, ret = GSS_S_COMPLETE; - + *minor_status = 0; /* XXX Create a new delegated_cred_handle? */ @@ -136,7 +167,8 @@ gsskrb5_accept_delegated_token kret = krb5_cc_default (context, &ccache); } else { *delegated_cred_handle = NULL; - kret = krb5_cc_gen_new (context, &krb5_mcc_ops, &ccache); + kret = krb5_cc_new_unique (context, krb5_cc_type_memory, + NULL, &ccache); } if (kret) { ctx->flags &= ~GSS_C_DELEG_FLAG; @@ -148,7 +180,7 @@ gsskrb5_accept_delegated_token ctx->flags &= ~GSS_C_DELEG_FLAG; goto out; } - + krb5_auth_con_removeflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_TIME, @@ -170,16 +202,16 @@ gsskrb5_accept_delegated_token if (delegated_cred_handle) { gsskrb5_cred handle; - ret = _gsskrb5_import_cred(minor_status, - ccache, - NULL, - NULL, - delegated_cred_handle); + ret = _gsskrb5_krb5_import_cred(minor_status, + ccache, + NULL, + NULL, + delegated_cred_handle); if (ret != GSS_S_COMPLETE) goto out; handle = (gsskrb5_cred) *delegated_cred_handle; - + handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; krb5_cc_close(context, ccache); ccache = NULL; @@ -206,11 +238,12 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, int32_t seq_number; int is_cfx = 0; - krb5_auth_getremoteseqnumber (context, - ctx->auth_context, - &seq_number); + krb5_auth_con_getremoteseqnumber (context, + ctx->auth_context, + &seq_number); - _gsskrb5i_is_cfx(ctx, &is_cfx); + _gsskrb5i_is_cfx(context, ctx, 1); + is_cfx = (ctx->more_flags & IS_CFX); ret = _gssapi_msg_order_create(minor_status, &ctx->order, @@ -219,7 +252,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, if (ret) return ret; - /* + /* * If requested, set local sequence num to remote sequence if this * isn't a mutual authentication context */ @@ -250,6 +283,66 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status, return GSS_S_COMPLETE; } +static OM_uint32 +send_error_token(OM_uint32 *minor_status, + krb5_context context, + krb5_error_code kret, + krb5_principal server, + krb5_data *indata, + gss_buffer_t output_token) +{ + krb5_principal ap_req_server = NULL; + krb5_error_code ret; + krb5_data outbuf; + /* this e_data value encodes KERB_AP_ERR_TYPE_SKEW_RECOVERY which + tells windows to try again with the corrected timestamp. See + [MS-KILE] 2.2.1 KERB-ERROR-DATA */ + krb5_data e_data = { 7, rk_UNCONST("\x30\x05\xa1\x03\x02\x01\x02") }; + + /* build server from request if the acceptor had not selected one */ + if (server == NULL) { + AP_REQ ap_req; + + ret = krb5_decode_ap_req(context, indata, &ap_req); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + ret = _krb5_principalname2krb5_principal(context, + &ap_req_server, + ap_req.ticket.sname, + ap_req.ticket.realm); + free_AP_REQ(&ap_req); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + server = ap_req_server; + } + + ret = krb5_mk_error(context, kret, NULL, &e_data, NULL, + server, NULL, NULL, &outbuf); + if (ap_req_server) + krb5_free_principal(context, ap_req_server); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = _gsskrb5_encapsulate(minor_status, + &outbuf, + output_token, + "\x03\x00", + GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) + return ret; + + *minor_status = 0; + return GSS_S_CONTINUE_NEEDED; +} + + static OM_uint32 gsskrb5_acceptor_start(OM_uint32 * minor_status, gsskrb5_ctx ctx, @@ -296,7 +389,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, } else if (acceptor_cred->keytab != NULL) { keytab = acceptor_cred->keytab; } - + /* * We need to check the ticket and create the AP-REP packet */ @@ -304,6 +397,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, { krb5_rd_req_in_ctx in = NULL; krb5_rd_req_out_ctx out = NULL; + krb5_principal server = NULL; + + if (acceptor_cred) + server = acceptor_cred->principal; kret = krb5_rd_req_in_ctx_alloc(context, &in); if (kret == 0) @@ -311,30 +408,37 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if (kret) { if (in) krb5_rd_req_in_ctx_free(context, in); - ret = GSS_S_FAILURE; *minor_status = kret; - return ret; + return GSS_S_FAILURE; } kret = krb5_rd_req_ctx(context, &ctx->auth_context, &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred->principal, + server, in, &out); krb5_rd_req_in_ctx_free(context, in); - if (kret) { - ret = GSS_S_FAILURE; + if (kret == KRB5KRB_AP_ERR_SKEW || kret == KRB5KRB_AP_ERR_TKT_NYV) { + /* + * No reply in non-MUTUAL mode, but we don't know that its + * non-MUTUAL mode yet, thats inside the 8003 checksum, so + * lets only send the error token on clock skew, that + * limit when send error token for non-MUTUAL. + */ + return send_error_token(minor_status, context, kret, + server, &indata, output_token); + } else if (kret) { *minor_status = kret; - return ret; + return GSS_S_FAILURE; } /* - * We need to remember some data on the context_handle. + * we need to remember some data on the context_handle. */ kret = krb5_rd_req_out_get_ap_req_options(context, out, &ap_options); if (kret == 0) - kret = krb5_rd_req_out_get_ticket(context, out, + kret = krb5_rd_req_out_get_ticket(context, out, &ctx->ticket); if (kret == 0) kret = krb5_rd_req_out_get_keyblock(context, out, @@ -348,8 +452,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return ret; } } - - + + /* * We need to copy the principal names to the context and the * calling layer. @@ -362,7 +466,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, *minor_status = kret; } - kret = krb5_copy_principal(context, + kret = krb5_copy_principal(context, ctx->ticket->server, &ctx->target); if (kret) { @@ -370,7 +474,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, *minor_status = kret; return ret; } - + /* * We need to setup some compat stuff, this assumes that * context_handle->target is already set. @@ -393,9 +497,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, /* * We need to get the flags out of the 8003 checksum. */ + { krb5_authenticator authenticator; - + kret = krb5_auth_con_getauthenticator(context, ctx->auth_context, &authenticator); @@ -405,6 +510,12 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return ret; } + if (authenticator->cksum == NULL) { + krb5_free_authenticator(context, &authenticator); + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + if (authenticator->cksum->cksumtype == CKSUMTYPE_GSSAPI) { ret = _gsskrb5_verify_8003_checksum(minor_status, input_chan_bindings, @@ -419,8 +530,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, } else { krb5_crypto crypto; - kret = krb5_crypto_init(context, - ctx->auth_context->keyblock, + kret = krb5_crypto_init(context, + ctx->auth_context->keyblock, 0, &crypto); if(kret) { krb5_free_authenticator(context, &authenticator); @@ -430,9 +541,9 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return ret; } - /* + /* * Windows accepts Samba3's use of a kerberos, rather than - * GSSAPI checksum here + * GSSAPI checksum here */ kret = krb5_verify_checksum(context, @@ -447,28 +558,51 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return ret; } - /* - * Samba style get some flags (but not DCE-STYLE) + /* + * Samba style get some flags (but not DCE-STYLE), use + * ap_options to guess the mutual flag. */ - ctx->flags = - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + ctx->flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + if (ap_options & AP_OPTS_MUTUAL_REQUIRED) + ctx->flags |= GSS_C_MUTUAL_FLAG; } } - + if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; - - _gsskrb5i_is_cfx(ctx, &is_cfx); - - if (is_cfx != 0 - || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); - ctx->more_flags |= ACCEPTOR_SUBKEY; + int use_subkey = 0; + + _gsskrb5i_is_cfx(context, ctx, 1); + is_cfx = (ctx->more_flags & IS_CFX); + + if (is_cfx || (ap_options & AP_OPTS_USE_SUBKEY)) { + use_subkey = 1; + } else { + krb5_keyblock *rkey; + + /* + * If there is a initiator subkey, copy that to acceptor + * subkey to match Windows behavior + */ + kret = krb5_auth_con_getremotesubkey(context, + ctx->auth_context, + &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, + ctx->auth_context, + rkey); + if (kret == 0) + use_subkey = 1; + krb5_free_keyblock(context, rkey); + } } - + if (use_subkey) { + ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); + } + kret = krb5_mk_rep(context, ctx->auth_context, &outbuf); @@ -476,7 +610,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, *minor_status = kret; return GSS_S_FAILURE; } - + if (IS_DCE_STYLE(ctx)) { output_token->length = outbuf.length; output_token->value = outbuf.data; @@ -491,17 +625,17 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return ret; } } - + ctx->flags |= GSS_C_TRANS_FLAG; /* Remember the flags */ - + ctx->lifetime = ctx->ticket->ticket.endtime; ctx->more_flags |= OPEN; - + if (mech_type) *mech_type = GSS_KRB5_MECHANISM; - + if (time_rec) { ret = _gsskrb5_lifetime_left(minor_status, context, @@ -528,7 +662,7 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, return GSS_S_CONTINUE_NEEDED; } - ret = gsskrb5_acceptor_ready(minor_status, ctx, context, + ret = gsskrb5_acceptor_ready(minor_status, ctx, context, delegated_cred_handle); if (ret_flags) @@ -555,15 +689,15 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, krb5_error_code kret; krb5_data inbuf; int32_t r_seq_number, l_seq_number; - - /* + + /* * We know it's GSS_C_DCE_STYLE so we don't need to decapsulate the AP_REP */ inbuf.length = input_token_buffer->length; inbuf.data = input_token_buffer->value; - /* + /* * We need to remeber the old remote seq_number, then check if the * client has replied with our local seq_number, and then reset * the remote seq_number to the old value @@ -577,9 +711,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, return GSS_S_FAILURE; } - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; @@ -594,15 +728,15 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, } } - /* + /* * We need to verify the AP_REP, but we need to flag that this is * DCE_STYLE, so don't check the timestamps this time, but put the * flag DO_TIME back afterward. - */ + */ { krb5_ap_rep_enc_part *repl; int32_t auth_flags; - + krb5_auth_con_removeflags(context, ctx->auth_context, KRB5_AUTH_CONTEXT_DO_TIME, @@ -631,7 +765,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, if (lifetime_rec == 0) { return GSS_S_CONTEXT_EXPIRED; } - + if (time_rec) *time_rec = lifetime_rec; } @@ -657,9 +791,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { int32_t tmp_r_seq_number, tmp_l_seq_number; - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &tmp_r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &tmp_r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; @@ -689,19 +823,19 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { kret = krb5_auth_con_setremoteseqnumber(context, ctx->auth_context, - r_seq_number); + r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } } - return gsskrb5_acceptor_ready(minor_status, ctx, context, + return gsskrb5_acceptor_ready(minor_status, ctx, context, delegated_cred_handle); } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_accept_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle, const gss_cred_id_t acceptor_cred_handle, @@ -737,17 +871,17 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, if (ret) return ret; } - + ctx = (gsskrb5_ctx)*context_handle; - + /* - * TODO: check the channel_bindings + * TODO: check the channel_bindings * (above just sets them to krb5 layer) */ HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - + switch (ctx->state) { case ACCEPTOR_START: ret = gsskrb5_acceptor_start(minor_status, @@ -778,7 +912,7 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, delegated_cred_handle); break; case ACCEPTOR_READY: - /* + /* * If we get there, the caller have called * gss_accept_sec_context() one time too many. */ @@ -789,9 +923,9 @@ _gsskrb5_accept_sec_context(OM_uint32 * minor_status, ret = GSS_S_BAD_STATUS; break; } - + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - + if (GSS_ERROR(ret)) { OM_uint32 min2; _gsskrb5_delete_sec_context(&min2, context_handle, GSS_C_NO_BUFFER); diff --git a/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c b/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c index 6e13a4287b6..0f1f5f81cff 100644 --- a/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: acquire_cred.c 22124 2007-12-04 00:03:52Z lha $"); +#include "gsskrb5_locl.h" OM_uint32 __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, @@ -42,13 +40,13 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, krb5_principal principal, OM_uint32 *lifetime) { - krb5_creds in_cred, *out_cred; + krb5_creds in_cred, out_cred; krb5_const_realm realm; krb5_error_code kret; memset(&in_cred, 0, sizeof(in_cred)); in_cred.client = principal; - + realm = krb5_principal_get_realm(context, principal); if (realm == NULL) { _gsskrb5_clear_status (); @@ -56,23 +54,23 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, return GSS_S_FAILURE; } - kret = krb5_make_principal(context, &in_cred.server, + kret = krb5_make_principal(context, &in_cred.server, realm, KRB5_TGS_NAME, realm, NULL); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } - kret = krb5_get_credentials(context, 0, - id, &in_cred, &out_cred); + kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred); krb5_free_principal(context, in_cred.server); if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; + *minor_status = 0; + *lifetime = 0; + return GSS_S_COMPLETE; } - *lifetime = out_cred->times.endtime; - krb5_free_creds(context, out_cred); + *lifetime = out_cred.times.endtime; + krb5_free_cred_contents(context, &out_cred); return GSS_S_COMPLETE; } @@ -83,17 +81,18 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, static krb5_error_code get_keytab(krb5_context context, krb5_keytab *keytab) { - char kt_name[256]; krb5_error_code kret; HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); if (_gsskrb5_keytab != NULL) { - kret = krb5_kt_get_name(context, - _gsskrb5_keytab, - kt_name, sizeof(kt_name)); - if (kret == 0) - kret = krb5_kt_resolve(context, kt_name, keytab); + char *name = NULL; + + kret = krb5_kt_get_full_name(context, _gsskrb5_keytab, &name); + if (kret == 0) { + kret = krb5_kt_resolve(context, name, keytab); + krb5_xfree(name); + } } else kret = krb5_kt_default(context, keytab); @@ -105,13 +104,13 @@ get_keytab(krb5_context context, krb5_keytab *keytab) static OM_uint32 acquire_initiator_cred (OM_uint32 * minor_status, krb5_context context, + gss_const_OID credential_type, + const void *credential_data, const gss_name_t desired_name, OM_uint32 time_req, - const gss_OID_set desired_mechs, + gss_const_OID desired_mech, gss_cred_usage_t cred_usage, - gsskrb5_cred handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec + gsskrb5_cred handle ) { OM_uint32 ret; @@ -128,70 +127,100 @@ static OM_uint32 acquire_initiator_cred ret = GSS_S_FAILURE; memset(&cred, 0, sizeof(cred)); - /* If we have a preferred principal, lets try to find it in all - * caches, otherwise, fall back to default cache. Ignore - * errors. */ - if (handle->principal) + /* + * If we have a preferred principal, lets try to find it in all + * caches, otherwise, fall back to default cache, ignore all + * errors while searching. + */ + + if (credential_type != GSS_C_NO_OID && + !gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) { + kret = KRB5_NOCREDS_SUPPLIED; /* XXX */ + goto end; + } + + if (handle->principal) { kret = krb5_cc_cache_match (context, handle->principal, - NULL, &ccache); - + if (kret == 0) { + ret = GSS_S_COMPLETE; + goto found; + } + } + if (ccache == NULL) { kret = krb5_cc_default(context, &ccache); if (kret) goto end; } - kret = krb5_cc_get_principal(context, ccache, - &def_princ); + kret = krb5_cc_get_principal(context, ccache, &def_princ); if (kret != 0) { /* we'll try to use a keytab below */ - krb5_cc_destroy(context, ccache); - ccache = NULL; + krb5_cc_close(context, ccache); + def_princ = NULL; kret = 0; } else if (handle->principal == NULL) { - kret = krb5_copy_principal(context, def_princ, - &handle->principal); + kret = krb5_copy_principal(context, def_princ, &handle->principal); if (kret) goto end; } else if (handle->principal != NULL && - krb5_principal_compare(context, handle->principal, - def_princ) == FALSE) { - /* Before failing, lets check the keytab */ + krb5_principal_compare(context, handle->principal, + def_princ) == FALSE) { krb5_free_principal(context, def_princ); def_princ = NULL; + krb5_cc_close(context, ccache); + ccache = NULL; } if (def_princ == NULL) { /* We have no existing credentials cache, * so attempt to get a TGT using a keytab. */ if (handle->principal == NULL) { - kret = krb5_get_default_principal(context, - &handle->principal); + kret = krb5_get_default_principal(context, &handle->principal); if (kret) goto end; } - kret = get_keytab(context, &keytab); - if (kret) - goto end; kret = krb5_get_init_creds_opt_alloc(context, &opt); if (kret) goto end; - kret = krb5_get_init_creds_keytab(context, &cred, - handle->principal, keytab, 0, NULL, opt); + if (credential_type != GSS_C_NO_OID && + gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD)) { + gss_buffer_t password = (gss_buffer_t)credential_data; + + /* XXX are we requiring password to be NUL terminated? */ + + kret = krb5_get_init_creds_password(context, &cred, + handle->principal, + password->value, + NULL, NULL, 0, NULL, opt); + } else { + kret = get_keytab(context, &keytab); + if (kret) { + krb5_get_init_creds_opt_free(context, opt); + goto end; + } + kret = krb5_get_init_creds_keytab(context, &cred, + handle->principal, keytab, + 0, NULL, opt); + } krb5_get_init_creds_opt_free(context, opt); if (kret) goto end; - kret = krb5_cc_gen_new(context, &krb5_mcc_ops, - &ccache); + kret = krb5_cc_new_unique(context, krb5_cc_type_memory, + NULL, &ccache); if (kret) goto end; kret = krb5_cc_initialize(context, ccache, cred.client); - if (kret) + if (kret) { + krb5_cc_destroy(context, ccache); goto end; + } kret = krb5_cc_store_cred(context, ccache, &cred); - if (kret) + if (kret) { + krb5_cc_destroy(context, ccache); goto end; + } handle->lifetime = cred.times.endtime; handle->cred_flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; } else { @@ -201,11 +230,13 @@ static OM_uint32 acquire_initiator_cred ccache, handle->principal, &handle->lifetime); - if (ret != GSS_S_COMPLETE) + if (ret != GSS_S_COMPLETE) { + krb5_cc_close(context, ccache); goto end; + } kret = 0; } - + found: handle->ccache = ccache; ret = GSS_S_COMPLETE; @@ -216,49 +247,49 @@ end: krb5_free_principal(context, def_princ); if (keytab != NULL) krb5_kt_close(context, keytab); - if (ret != GSS_S_COMPLETE) { - if (ccache != NULL) - krb5_cc_close(context, ccache); - if (kret != 0) { - *minor_status = kret; - } - } + if (ret != GSS_S_COMPLETE && kret != 0) + *minor_status = kret; return (ret); } static OM_uint32 acquire_acceptor_cred (OM_uint32 * minor_status, krb5_context context, + gss_const_OID credential_type, + const void *credential_data, const gss_name_t desired_name, OM_uint32 time_req, - const gss_OID_set desired_mechs, + gss_const_OID desired_mech, gss_cred_usage_t cred_usage, - gsskrb5_cred handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec + gsskrb5_cred handle ) { OM_uint32 ret; krb5_error_code kret; - kret = 0; ret = GSS_S_FAILURE; + + if (credential_type != GSS_C_NO_OID) { + kret = EINVAL; + goto end; + } + kret = get_keytab(context, &handle->keytab); if (kret) goto end; - + /* check that the requested principal exists in the keytab */ if (handle->principal) { krb5_keytab_entry entry; - kret = krb5_kt_get_entry(context, handle->keytab, + kret = krb5_kt_get_entry(context, handle->keytab, handle->principal, 0, 0, &entry); if (kret) goto end; krb5_kt_free_entry(context, &entry); ret = GSS_S_COMPLETE; } else { - /* + /* * Check if there is at least one entry in the keytab before * declaring it as an useful keytab. */ @@ -273,7 +304,7 @@ static OM_uint32 acquire_acceptor_cred ret = GSS_S_COMPLETE; /* ok found one entry */ } krb5_kt_end_seq_get (context, handle->keytab, &c); - } + } end: if (ret != GSS_S_COMPLETE) { if (handle->keytab != NULL) @@ -285,7 +316,7 @@ end: return (ret); } -OM_uint32 _gsskrb5_acquire_cred +OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred (OM_uint32 * minor_status, const gss_name_t desired_name, OM_uint32 time_req, @@ -295,11 +326,61 @@ OM_uint32 _gsskrb5_acquire_cred gss_OID_set * actual_mechs, OM_uint32 * time_rec ) +{ + OM_uint32 ret; + + if (desired_mechs) { + int present = 0; + + ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); + if (ret) + return ret; + if (!present) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + } + + ret = _gsskrb5_acquire_cred_ext(minor_status, + desired_name, + GSS_C_NO_OID, + NULL, + time_req, + GSS_KRB5_MECHANISM, + cred_usage, + output_cred_handle); + if (ret) + return ret; + + + ret = _gsskrb5_inquire_cred(minor_status, *output_cred_handle, + NULL, time_rec, NULL, actual_mechs); + if (ret) { + OM_uint32 tmp; + _gsskrb5_release_cred(&tmp, output_cred_handle); + } + + return ret; +} + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred_ext +(OM_uint32 * minor_status, + const gss_name_t desired_name, + gss_const_OID credential_type, + const void *credential_data, + OM_uint32 time_req, + gss_const_OID desired_mech, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle + ) { krb5_context context; gsskrb5_cred handle; OM_uint32 ret; + cred_usage &= GSS_C_OPTION_MASK; + if (cred_usage != GSS_C_ACCEPT && cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) { *minor_status = GSS_KRB5_S_G_BAD_USAGE; return GSS_S_FAILURE; @@ -308,23 +389,6 @@ OM_uint32 _gsskrb5_acquire_cred GSSAPI_KRB5_INIT(&context); *output_cred_handle = NULL; - if (time_rec) - *time_rec = 0; - if (actual_mechs) - *actual_mechs = GSS_C_NO_OID_SET; - - if (desired_mechs) { - int present = 0; - - ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - desired_mechs, &present); - if (ret) - return ret; - if (!present) { - *minor_status = 0; - return GSS_S_BAD_MECH; - } - } handle = calloc(1, sizeof(*handle)); if (handle == NULL) { @@ -335,20 +399,19 @@ OM_uint32 _gsskrb5_acquire_cred HEIMDAL_MUTEX_init(&handle->cred_id_mutex); if (desired_name != GSS_C_NO_NAME) { - krb5_principal name = (krb5_principal)desired_name; - ret = krb5_copy_principal(context, name, &handle->principal); + ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, + desired_name, &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); - *minor_status = ret; free(handle); - return GSS_S_FAILURE; + return ret; } } if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { ret = acquire_initiator_cred(minor_status, context, + credential_type, credential_data, desired_name, time_req, - desired_mechs, cred_usage, handle, - actual_mechs, time_rec); + desired_mech, cred_usage, handle); if (ret != GSS_S_COMPLETE) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); krb5_free_principal(context, handle->principal); @@ -358,8 +421,9 @@ OM_uint32 _gsskrb5_acquire_cred } if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { ret = acquire_acceptor_cred(minor_status, context, + credential_type, credential_data, desired_name, time_req, - desired_mechs, cred_usage, handle, actual_mechs, time_rec); + desired_mech, cred_usage, handle); if (ret != GSS_S_COMPLETE) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); krb5_free_principal(context, handle->principal); @@ -371,9 +435,6 @@ OM_uint32 _gsskrb5_acquire_cred if (ret == GSS_S_COMPLETE) ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)handle, - NULL, time_rec, NULL, actual_mechs); if (ret != GSS_S_COMPLETE) { if (handle->mechanisms != NULL) gss_release_oid_set(NULL, &handle->mechanisms); @@ -381,18 +442,9 @@ OM_uint32 _gsskrb5_acquire_cred krb5_free_principal(context, handle->principal); free(handle); return (ret); - } - *minor_status = 0; - if (time_rec) { - ret = _gsskrb5_lifetime_left(minor_status, - context, - handle->lifetime, - time_rec); - - if (ret) - return ret; } handle->usage = cred_usage; + *minor_status = 0; *output_cred_handle = (gss_cred_id_t)handle; return (GSS_S_COMPLETE); } diff --git a/crypto/heimdal/lib/gssapi/krb5/add_cred.c b/crypto/heimdal/lib/gssapi/krb5/add_cred.c index 9a1045a889f..00cf55f62d6 100644 --- a/crypto/heimdal/lib/gssapi/krb5/add_cred.c +++ b/crypto/heimdal/lib/gssapi/krb5/add_cred.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: add_cred.c 20688 2007-05-17 18:44:31Z lha $"); - -OM_uint32 _gsskrb5_add_cred ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred ( OM_uint32 *minor_status, const gss_cred_id_t input_cred_handle, const gss_name_t desired_name, @@ -74,7 +72,7 @@ OM_uint32 _gsskrb5_add_cred ( return GSS_S_NO_CRED; } - /* check if requested output usage is compatible with output usage */ + /* check if requested output usage is compatible with output usage */ if (output_cred_handle != NULL) { HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) { @@ -83,10 +81,10 @@ OM_uint32 _gsskrb5_add_cred ( return(GSS_S_FAILURE); } } - + /* check that we have the same name */ if (dname != NULL && - krb5_principal_compare(context, dname, + krb5_principal_compare(context, dname, cred->principal) != FALSE) { if (output_cred_handle) HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); @@ -112,7 +110,7 @@ OM_uint32 _gsskrb5_add_cred ( handle->ccache = NULL; handle->mechanisms = NULL; HEIMDAL_MUTEX_init(&handle->cred_id_mutex); - + ret = GSS_S_FAILURE; kret = krb5_copy_principal(context, cred->principal, @@ -125,23 +123,11 @@ OM_uint32 _gsskrb5_add_cred ( } if (cred->keytab) { - char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; - int len; - + char *name = NULL; + ret = GSS_S_FAILURE; - kret = krb5_kt_get_type(context, cred->keytab, - name, KRB5_KT_PREFIX_MAX_LEN); - if (kret) { - *minor_status = kret; - goto failure; - } - len = strlen(name); - name[len++] = ':'; - - kret = krb5_kt_get_name(context, cred->keytab, - name + len, - sizeof(name) - len); + kret = krb5_kt_get_full_name(context, cred->keytab, &name); if (kret) { *minor_status = kret; goto failure; @@ -149,6 +135,7 @@ OM_uint32 _gsskrb5_add_cred ( kret = krb5_kt_resolve(context, name, &handle->keytab); + krb5_xfree(name); if (kret){ *minor_status = kret; goto failure; @@ -157,7 +144,7 @@ OM_uint32 _gsskrb5_add_cred ( if (cred->ccache) { const char *type, *name; - char *type_name; + char *type_name = NULL; ret = GSS_S_FAILURE; @@ -168,8 +155,8 @@ OM_uint32 _gsskrb5_add_cred ( } if (strcmp(type, "MEMORY") == 0) { - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, - &handle->ccache); + ret = krb5_cc_new_unique(context, type, + NULL, &handle->ccache); if (ret) { *minor_status = ret; goto failure; @@ -188,20 +175,20 @@ OM_uint32 _gsskrb5_add_cred ( *minor_status = ENOMEM; goto failure; } - - asprintf(&type_name, "%s:%s", type, name); - if (type_name == NULL) { + + kret = asprintf(&type_name, "%s:%s", type, name); + if (kret < 0 || type_name == NULL) { *minor_status = ENOMEM; goto failure; } - + kret = krb5_cc_resolve(context, type_name, &handle->ccache); free(type_name); if (kret) { *minor_status = kret; goto failure; - } + } } } ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); @@ -216,7 +203,7 @@ OM_uint32 _gsskrb5_add_cred ( HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); - ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred, + ret = _gsskrb5_inquire_cred(minor_status, (gss_cred_id_t)cred, NULL, &lifetime, NULL, actual_mechs); if (ret) goto failure; diff --git a/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c index 18a90fe9a76..fa115d964a8 100644 --- a/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c +++ b/crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c @@ -1,37 +1,37 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" #include @@ -46,32 +46,32 @@ _gsskrb5i_address_to_krb5addr(krb5_context context, struct sockaddr sa; krb5_socklen_t sa_size = sizeof(sa); krb5_error_code problem; - + if (gss_addr == NULL) - return GSS_S_FAILURE; - + return GSS_S_FAILURE; + switch (gss_addr_type) { #ifdef HAVE_IPV6 case GSS_C_AF_INET6: addr_type = AF_INET6; break; #endif /* HAVE_IPV6 */ - + case GSS_C_AF_INET: addr_type = AF_INET; break; default: return GSS_S_FAILURE; } - + problem = krb5_h_addr2sockaddr (context, addr_type, - gss_addr->value, - &sa, - &sa_size, + gss_addr->value, + &sa, + &sa_size, port); if (problem) return GSS_S_FAILURE; problem = krb5_sockaddr2address (context, &sa, address); - return problem; + return problem; } diff --git a/crypto/heimdal/lib/gssapi/krb5/aeap.c b/crypto/heimdal/lib/gssapi/krb5/aeap.c new file mode 100644 index 00000000000..e2f1b372760 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/krb5/aeap.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gsskrb5_locl.h" + +#include + +#if 0 +OM_uint32 GSSAPI_CALLCONV +_gk_wrap_iov(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int * conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + krb5_context context; + + GSSAPI_KRB5_INIT (&context); + + if (ctx->more_flags & IS_CFX) + return _gssapi_wrap_cfx_iov(minor_status, ctx, context, + conf_req_flag, conf_state, + iov, iov_count); + + return GSS_S_FAILURE; +} + +OM_uint32 GSSAPI_CALLCONV +_gk_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + krb5_context context; + + GSSAPI_KRB5_INIT (&context); + + if (ctx->more_flags & IS_CFX) + return _gssapi_unwrap_cfx_iov(minor_status, ctx, context, + conf_state, qop_state, iov, iov_count); + + return GSS_S_FAILURE; +} +#endif + +OM_uint32 GSSAPI_CALLCONV +_gk_wrap_iov_length(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + krb5_context context; + + GSSAPI_KRB5_INIT (&context); + + if (ctx->more_flags & IS_CFX) + return _gssapi_wrap_iov_length_cfx(minor_status, ctx, context, + conf_req_flag, qop_req, conf_state, + iov, iov_count); + + return GSS_S_FAILURE; +} diff --git a/crypto/heimdal/lib/gssapi/krb5/arcfour.c b/crypto/heimdal/lib/gssapi/krb5/arcfour.c index 032da36ebc8..15b1b343409 100644 --- a/crypto/heimdal/lib/gssapi/krb5/arcfour.c +++ b/crypto/heimdal/lib/gssapi/krb5/arcfour.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: arcfour.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" /* * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt @@ -75,20 +73,20 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key, void *key6_data, size_t key6_size) { krb5_error_code ret; - + Checksum cksum_k5; krb5_keyblock key5; char k5_data[16]; - + Checksum cksum_k6; - + char T[4]; memset(T, 0, 4); cksum_k5.checksum.data = k5_data; cksum_k5.checksum.length = sizeof(k5_data); - if (key->keytype == KEYTYPE_ARCFOUR_56) { + if (key->keytype == ENCTYPE_ARCFOUR_HMAC_MD5_56) { char L40[14] = "fortybits"; memcpy(L40 + 10, T, sizeof(T)); @@ -102,7 +100,7 @@ arcfour_mic_key(krb5_context context, krb5_keyblock *key, if (ret) return ret; - key5.keytype = KEYTYPE_ARCFOUR; + key5.keytype = ENCTYPE_ARCFOUR_HMAC_MD5; key5.keyvalue = cksum_k5.checksum; cksum_k6.checksum.data = key6_data; @@ -126,7 +124,7 @@ arcfour_mic_cksum(krb5_context context, size_t len; krb5_crypto crypto; krb5_error_code ret; - + assert(sgn_cksum_sz == 8); len = l1 + l2 + l3; @@ -138,13 +136,13 @@ arcfour_mic_cksum(krb5_context context, memcpy(ptr, v1, l1); memcpy(ptr + l1, v2, l2); memcpy(ptr + l1 + l2, v3, l3); - + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free(ptr); return ret; } - + ret = krb5_create_checksum(context, crypto, usage, @@ -175,22 +173,22 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, int32_t seq_number; size_t len, total_len; u_char k6_data[16], *p0, *p; - RC4_KEY rc4_key; - + EVP_CIPHER_CTX rc4_key; + _gsskrb5_encap_length (22, &len, &total_len, GSS_KRB5_MECHANISM); - + message_token->length = total_len; message_token->value = malloc (total_len); if (message_token->value == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } - + p0 = _gssapi_make_mech_header(message_token->value, len, GSS_KRB5_MECHANISM); p = p0; - + *p++ = 0x01; /* TOK_ID */ *p++ = 0x01; *p++ = 0x11; /* SGN_ALG */ @@ -229,20 +227,21 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, &seq_number); p = p0 + 8; /* SND_SEQ */ _gsskrb5_encode_be_om_uint32(seq_number, p); - + krb5_auth_con_setlocalseqnumber (context, context_handle->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - + memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p, p); - - memset(&rc4_key, 0, sizeof(rc4_key)); + EVP_CIPHER_CTX_init(&rc4_key); + EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(&rc4_key, p, p, 8); + EVP_CIPHER_CTX_cleanup(&rc4_key); + memset(k6_data, 0, sizeof(k6_data)); - + *minor_status = 0; return GSS_S_COMPLETE; } @@ -256,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, const gss_buffer_t token_buffer, gss_qop_t * qop_state, krb5_keyblock *key, - char *type) + const char *type) { krb5_error_code ret; uint32_t seq_number; @@ -264,18 +263,18 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, u_char SND_SEQ[8], cksum_data[8], *p; char k6_data[16]; int cmp; - + if (qop_state) *qop_state = 0; p = token_buffer->value; omret = _gsskrb5_verify_header (&p, token_buffer->length, - (u_char *)type, + type, GSS_KRB5_MECHANISM); if (omret) return omret; - + if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ return GSS_S_BAD_SIG; p += 2; @@ -302,19 +301,20 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, return GSS_S_FAILURE; } - cmp = memcmp(cksum_data, p + 8, 8); + cmp = ct_memcmp(cksum_data, p + 8, 8); if (cmp) { *minor_status = 0; return GSS_S_BAD_MIC; } { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), (void*)k6_data); - RC4 (&rc4_key, 8, p, SND_SEQ); - - memset(&rc4_key, 0, sizeof(rc4_key)); + EVP_CIPHER_CTX rc4_key; + + EVP_CIPHER_CTX_init(&rc4_key); + EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, (void *)k6_data, NULL, 0); + EVP_Cipher(&rc4_key, SND_SEQ, p, 8); + EVP_CIPHER_CTX_cleanup(&rc4_key); + memset(k6_data, 0, sizeof(k6_data)); } @@ -330,7 +330,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, *minor_status = 0; return GSS_S_BAD_MIC; } - + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); omret = _gssapi_msg_order_check(context_handle->order, seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -379,7 +379,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, *minor_status = ENOMEM; return GSS_S_FAILURE; } - + p0 = _gssapi_make_mech_header(output_message_buffer->value, len, GSS_KRB5_MECHANISM); @@ -418,7 +418,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, 4); krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */ - + /* p points to data */ p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; memcpy(p, input_message_buffer->value, input_message_buffer->length); @@ -428,10 +428,10 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, ret = arcfour_mic_cksum(context, key, KRB5_KU_USAGE_SEAL, - p0 + 16, 8, /* SGN_CKSUM */ + p0 + 16, 8, /* SGN_CKSUM */ p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */ p0 + 24, 8, /* Confounder */ - p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, + p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); if (ret) { *minor_status = ret; @@ -461,12 +461,12 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, if(conf_req_flag) { - RC4_KEY rc4_key; + EVP_CIPHER_CTX rc4_key; - RC4_set_key (&rc4_key, sizeof(k6_data), (void *)k6_data); - /* XXX ? */ - RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */ - memset(&rc4_key, 0, sizeof(rc4_key)); + EVP_CIPHER_CTX_init(&rc4_key); + EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(&rc4_key, p0 + 24, p0 + 24, 8 + datalen); + EVP_CIPHER_CTX_cleanup(&rc4_key); } memset(k6_data, 0, sizeof(k6_data)); @@ -480,11 +480,12 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, } { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */ - memset(&rc4_key, 0, sizeof(rc4_key)); + EVP_CIPHER_CTX rc4_key; + + EVP_CIPHER_CTX_init(&rc4_key); + EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); + EVP_CIPHER_CTX_cleanup(&rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -516,7 +517,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, int cmp; int conf_flag; size_t padlen = 0, len; - + if (conf_state) *conf_state = 0; if (qop_state) @@ -525,7 +526,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, p0 = input_message_buffer->value; if (IS_DCE_STYLE(context_handle)) { - len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE; if (input_message_buffer->length < len) return GSS_S_BAD_MECH; @@ -540,7 +541,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, return omret; /* length of mech header */ - len = (p0 - (u_char *)input_message_buffer->value) + + len = (p0 - (u_char *)input_message_buffer->value) + GSS_ARCFOUR_WRAP_TOKEN_SIZE; if (len > input_message_buffer->length) @@ -579,11 +580,12 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, } { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */ - memset(&rc4_key, 0, sizeof(rc4_key)); + EVP_CIPHER_CTX rc4_key; + + EVP_CIPHER_CTX_init(&rc4_key); + EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8); + EVP_CIPHER_CTX_cleanup(&rc4_key); memset(k6_data, 0, sizeof(k6_data)); } @@ -626,16 +628,16 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, output_message_buffer->length = datalen; if(conf_flag) { - RC4_KEY rc4_key; + EVP_CIPHER_CTX rc4_key; - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */ - RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - output_message_buffer->value); - memset(&rc4_key, 0, sizeof(rc4_key)); + EVP_CIPHER_CTX_init(&rc4_key); + EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); + EVP_Cipher(&rc4_key, Confounder, p0 + 24, 8); + EVP_Cipher(&rc4_key, output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); + EVP_CIPHER_CTX_cleanup(&rc4_key); } else { memcpy(Confounder, p0 + 24, 8); /* Confounder */ - memcpy(output_message_buffer->value, + memcpy(output_message_buffer->value, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, datalen); } @@ -654,9 +656,9 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, ret = arcfour_mic_cksum(context, key, KRB5_KU_USAGE_SEAL, cksum_data, sizeof(cksum_data), - p0, 8, + p0, 8, Confounder, sizeof(Confounder), - output_message_buffer->value, + output_message_buffer->value, output_message_buffer->length + padlen); if (ret) { _gsskrb5_release_buffer(minor_status, output_message_buffer); @@ -664,7 +666,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, return GSS_S_FAILURE; } - cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ + cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ if (cmp) { _gsskrb5_release_buffer(minor_status, output_message_buffer); *minor_status = 0; @@ -690,10 +692,10 @@ max_wrap_length_arcfour(const gsskrb5_ctx ctx, size_t input_length, OM_uint32 *max_input_size) { - /* + /* * if GSS_C_DCE_STYLE is in use: * - we only need to encapsulate the WRAP token - * However, since this is a fixed since, we just + * However, since this is a fixed since, we just */ if (IS_DCE_STYLE(ctx)) { size_t len, total_len; diff --git a/crypto/heimdal/lib/gssapi/krb5/authorize_localname.c b/crypto/heimdal/lib/gssapi/krb5/authorize_localname.c new file mode 100644 index 00000000000..4bab062ac4c --- /dev/null +++ b/crypto/heimdal/lib/gssapi/krb5/authorize_localname.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gsskrb5_locl.h" + +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_authorize_localname(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_const_buffer_t user_name, + gss_const_OID user_name_type) +{ + krb5_context context; + krb5_principal princ = (krb5_principal)input_name; + char *user; + int user_ok; + + if (!gss_oid_equal(user_name_type, GSS_C_NT_USER_NAME)) + return GSS_S_BAD_NAMETYPE; + + GSSAPI_KRB5_INIT(&context); + + user = malloc(user_name->length + 1); + if (user == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy(user, user_name->value, user_name->length); + user[user_name->length] = '\0'; + + *minor_status = 0; + user_ok = krb5_kuserok(context, princ, user); + + free(user); + + return user_ok ? GSS_S_COMPLETE : GSS_S_UNAUTHORIZED; +} diff --git a/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c b/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c index c1744abd3be..7fc921bac09 100644 --- a/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c @@ -1,46 +1,58 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: canonicalize_name.c 18334 2006-10-07 22:16:04Z lha $"); - -OM_uint32 _gsskrb5_canonicalize_name ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_canonicalize_name ( OM_uint32 * minor_status, const gss_name_t input_name, const gss_OID mech_type, gss_name_t * output_name ) { - return _gsskrb5_duplicate_name (minor_status, input_name, output_name); + krb5_context context; + krb5_principal name; + OM_uint32 ret; + + *output_name = NULL; + + GSSAPI_KRB5_INIT (&context); + + ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, input_name, &name); + if (ret) + return ret; + + *output_name = (gss_name_t)name; + + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/ccache_name.c b/crypto/heimdal/lib/gssapi/krb5/ccache_name.c index 6f332463553..1577fb20ddb 100644 --- a/crypto/heimdal/lib/gssapi/krb5/ccache_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/ccache_name.c @@ -1,44 +1,42 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: ccache_name.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" char *last_out_name; OM_uint32 -_gsskrb5_krb5_ccache_name(OM_uint32 *minor_status, +_gsskrb5_krb5_ccache_name(OM_uint32 *minor_status, const char *name, const char **out_name) { diff --git a/crypto/heimdal/lib/gssapi/krb5/cfx.c b/crypto/heimdal/lib/gssapi/krb5/cfx.c index 6452f802ab8..28cf47bdbdd 100644 --- a/crypto/heimdal/lib/gssapi/krb5/cfx.c +++ b/crypto/heimdal/lib/gssapi/krb5/cfx.c @@ -30,12 +30,10 @@ * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: cfx.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" /* - * Implementation of draft-ietf-krb-wg-gssapi-cfx-06.txt + * Implementation of RFC 4121 */ #define CFXSentByAcceptor (1 << 0) @@ -46,6 +44,7 @@ krb5_error_code _gsskrb5cfx_wrap_length_cfx(krb5_context context, krb5_crypto crypto, int conf_req_flag, + int dce_style, size_t input_length, size_t *output_length, size_t *cksumsize, @@ -72,7 +71,11 @@ _gsskrb5cfx_wrap_length_cfx(krb5_context context, /* Header is concatenated with data before encryption */ input_length += sizeof(gss_cfx_wrap_token_desc); - ret = krb5_crypto_getpadsize(context, crypto, &padsize); + if (dce_style) { + ret = krb5_crypto_getblocksize(context, crypto, &padsize); + } else { + ret = krb5_crypto_getpadsize(context, crypto, &padsize); + } if (ret) { return ret; } @@ -96,49 +99,48 @@ _gsskrb5cfx_wrap_length_cfx(krb5_context context, return 0; } -krb5_error_code -_gsskrb5cfx_max_wrap_length_cfx(krb5_context context, - krb5_crypto crypto, - int conf_req_flag, - size_t input_length, - OM_uint32 *output_length) +OM_uint32 +_gssapi_wrap_size_cfx(OM_uint32 *minor_status, + const gsskrb5_ctx ctx, + krb5_context context, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) { krb5_error_code ret; - *output_length = 0; + *max_input_size = 0; /* 16-byte header is always first */ - if (input_length < 16) + if (req_output_size < 16) return 0; - input_length -= 16; + req_output_size -= 16; if (conf_req_flag) { size_t wrapped_size, sz; - wrapped_size = input_length + 1; + wrapped_size = req_output_size + 1; do { wrapped_size--; - sz = krb5_get_wrapped_length(context, - crypto, wrapped_size); - } while (wrapped_size && sz > input_length); - if (wrapped_size == 0) { - *output_length = 0; + sz = krb5_get_wrapped_length(context, + ctx->crypto, wrapped_size); + } while (wrapped_size && sz > req_output_size); + if (wrapped_size == 0) return 0; - } /* inner header */ - if (wrapped_size < 16) { - *output_length = 0; + if (wrapped_size < 16) return 0; - } + wrapped_size -= 16; - *output_length = wrapped_size; + *max_input_size = wrapped_size; } else { krb5_cksumtype type; size_t cksumsize; - ret = krb5_crypto_get_checksum_type(context, crypto, &type); + ret = krb5_crypto_get_checksum_type(context, ctx->crypto, &type); if (ret) return ret; @@ -146,48 +148,16 @@ _gsskrb5cfx_max_wrap_length_cfx(krb5_context context, if (ret) return ret; - if (input_length < cksumsize) + if (req_output_size < cksumsize) return 0; /* Checksum is concatenated with data */ - *output_length = input_length - cksumsize; + *max_input_size = req_output_size - cksumsize; } return 0; } - -OM_uint32 _gssapi_wrap_size_cfx(OM_uint32 *minor_status, - const gsskrb5_ctx context_handle, - krb5_context context, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 *max_input_size, - krb5_keyblock *key) -{ - krb5_error_code ret; - krb5_crypto crypto; - - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret != 0) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = _gsskrb5cfx_max_wrap_length_cfx(context, crypto, conf_req_flag, - req_output_size, max_input_size); - if (ret != 0) { - *minor_status = ret; - krb5_crypto_destroy(context, crypto); - return GSS_S_FAILURE; - } - - krb5_crypto_destroy(context, crypto); - - return GSS_S_COMPLETE; -} - /* * Rotate "rrc" bytes to the front or back */ @@ -212,10 +182,10 @@ rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate) tmp = buf; } else { tmp = malloc(rrc); - if (tmp == NULL) + if (tmp == NULL) return ENOMEM; } - + if (unrotate) { memcpy(tmp, data, rrc); memmove(data, (u_char *)data + rrc, left); @@ -226,23 +196,975 @@ rrc_rotate(void *data, size_t len, uint16_t rrc, krb5_boolean unrotate) memcpy(data, tmp, rrc); } - if (rrc > sizeof(buf)) + if (rrc > sizeof(buf)) free(tmp); return 0; } +gss_iov_buffer_desc * +_gk_find_buffer(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type) +{ + int i; + + for (i = 0; i < iov_count; i++) + if (type == GSS_IOV_BUFFER_TYPE(iov[i].type)) + return &iov[i]; + return NULL; +} + +OM_uint32 +_gk_allocate_buffer(OM_uint32 *minor_status, gss_iov_buffer_desc *buffer, size_t size) +{ + if (buffer->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + if (buffer->buffer.length == size) + return GSS_S_COMPLETE; + free(buffer->buffer.value); + } + + buffer->buffer.value = malloc(size); + buffer->buffer.length = size; + if (buffer->buffer.value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + buffer->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED; + + return GSS_S_COMPLETE; +} + + +OM_uint32 +_gk_verify_buffers(OM_uint32 *minor_status, + const gsskrb5_ctx ctx, + const gss_iov_buffer_desc *header, + const gss_iov_buffer_desc *padding, + const gss_iov_buffer_desc *trailer) +{ + if (header == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (IS_DCE_STYLE(ctx)) { + /* + * In DCE style mode we reject having a padding or trailer buffer + */ + if (padding) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + if (trailer) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } else { + /* + * In non-DCE style mode we require having a padding buffer + */ + if (padding == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +#if 0 +OM_uint32 +_gssapi_wrap_cfx_iov(OM_uint32 *minor_status, + gsskrb5_ctx ctx, + krb5_context context, + int conf_req_flag, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 major_status, junk; + gss_iov_buffer_desc *header, *trailer, *padding; + size_t gsshsize, k5hsize; + size_t gsstsize, k5tsize; + size_t rrc = 0, ec = 0; + int i; + gss_cfx_wrap_token token; + krb5_error_code ret; + int32_t seq_number; + unsigned usage; + krb5_crypto_iov *data = NULL; + + header = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + if (header == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + if (padding != NULL) { + padding->buffer.length = 0; + } + + trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + + major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer); + if (major_status != GSS_S_COMPLETE) { + return major_status; + } + + if (conf_req_flag) { + size_t k5psize = 0; + size_t k5pbase = 0; + size_t k5bsize = 0; + size_t size = 0; + + for (i = 0; i < iov_count; i++) { + switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) { + case GSS_IOV_BUFFER_TYPE_DATA: + size += iov[i].buffer.length; + break; + default: + break; + } + } + + size += sizeof(gss_cfx_wrap_token_desc); + + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_HEADER, + &k5hsize); + if (*minor_status) + return GSS_S_FAILURE; + + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_TRAILER, + &k5tsize); + if (*minor_status) + return GSS_S_FAILURE; + + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_PADDING, + &k5pbase); + if (*minor_status) + return GSS_S_FAILURE; + + if (k5pbase > 1) { + k5psize = k5pbase - (size % k5pbase); + } else { + k5psize = 0; + } + + if (k5psize == 0 && IS_DCE_STYLE(ctx)) { + *minor_status = krb5_crypto_getblocksize(context, ctx->crypto, + &k5bsize); + if (*minor_status) + return GSS_S_FAILURE; + ec = k5bsize; + } else { + ec = k5psize; + } + + gsshsize = sizeof(gss_cfx_wrap_token_desc) + k5hsize; + gsstsize = sizeof(gss_cfx_wrap_token_desc) + ec + k5tsize; + } else { + if (IS_DCE_STYLE(ctx)) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + k5hsize = 0; + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_CHECKSUM, + &k5tsize); + if (*minor_status) + return GSS_S_FAILURE; + + gsshsize = sizeof(gss_cfx_wrap_token_desc); + gsstsize = k5tsize; + } + + /* + * + */ + + if (trailer == NULL) { + rrc = gsstsize; + if (IS_DCE_STYLE(ctx)) + rrc -= ec; + gsshsize += gsstsize; + gsstsize = 0; + } else if (GSS_IOV_BUFFER_FLAGS(trailer->type) & GSS_IOV_BUFFER_FLAG_ALLOCATE) { + major_status = _gk_allocate_buffer(minor_status, trailer, gsstsize); + if (major_status) + goto failure; + } else if (trailer->buffer.length < gsstsize) { + *minor_status = KRB5_BAD_MSIZE; + major_status = GSS_S_FAILURE; + goto failure; + } else + trailer->buffer.length = gsstsize; + + /* + * + */ + + if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_FLAG_ALLOCATE) { + major_status = _gk_allocate_buffer(minor_status, header, gsshsize); + if (major_status != GSS_S_COMPLETE) + goto failure; + } else if (header->buffer.length < gsshsize) { + *minor_status = KRB5_BAD_MSIZE; + major_status = GSS_S_FAILURE; + goto failure; + } else + header->buffer.length = gsshsize; + + token = (gss_cfx_wrap_token)header->buffer.value; + + token->TOK_ID[0] = 0x05; + token->TOK_ID[1] = 0x04; + token->Flags = 0; + token->Filler = 0xFF; + + if ((ctx->more_flags & LOCAL) == 0) + token->Flags |= CFXSentByAcceptor; + + if (ctx->more_flags & ACCEPTOR_SUBKEY) + token->Flags |= CFXAcceptorSubkey; + + if (ctx->more_flags & LOCAL) + usage = KRB5_KU_USAGE_INITIATOR_SEAL; + else + usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; + + if (conf_req_flag) { + /* + * In Wrap tokens with confidentiality, the EC field is + * used to encode the size (in bytes) of the random filler. + */ + token->Flags |= CFXSealed; + token->EC[0] = (ec >> 8) & 0xFF; + token->EC[1] = (ec >> 0) & 0xFF; + + } else { + /* + * In Wrap tokens without confidentiality, the EC field is + * used to encode the size (in bytes) of the trailing + * checksum. + * + * This is not used in the checksum calcuation itself, + * because the checksum length could potentially vary + * depending on the data length. + */ + token->EC[0] = 0; + token->EC[1] = 0; + } + + /* + * In Wrap tokens that provide for confidentiality, the RRC + * field in the header contains the hex value 00 00 before + * encryption. + * + * In Wrap tokens that do not provide for confidentiality, + * both the EC and RRC fields in the appended checksum + * contain the hex value 00 00 for the purpose of calculating + * the checksum. + */ + token->RRC[0] = 0; + token->RRC[1] = 0; + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + krb5_auth_con_getlocalseqnumber(context, + ctx->auth_context, + &seq_number); + _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); + _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); + krb5_auth_con_setlocalseqnumber(context, + ctx->auth_context, + ++seq_number); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + data = calloc(iov_count + 3, sizeof(data[0])); + if (data == NULL) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto failure; + } + + if (conf_req_flag) { + /* + plain packet: + + {"header" | encrypt(plaintext-data | ec-padding | E"header")} + + Expanded, this is with with RRC = 0: + + {"header" | krb5-header | plaintext-data | ec-padding | E"header" | krb5-trailer } + + In DCE-RPC mode == no trailer: RRC = gss "trailer" == length(ec-padding | E"header" | krb5-trailer) + + {"header" | ec-padding | E"header" | krb5-trailer | krb5-header | plaintext-data } + */ + + i = 0; + data[i].flags = KRB5_CRYPTO_TYPE_HEADER; + data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize; + data[i].data.length = k5hsize; + + for (i = 1; i < iov_count + 1; i++) { + switch (GSS_IOV_BUFFER_TYPE(iov[i - 1].type)) { + case GSS_IOV_BUFFER_TYPE_DATA: + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + break; + case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: + data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + break; + default: + data[i].flags = KRB5_CRYPTO_TYPE_EMPTY; + break; + } + data[i].data.length = iov[i - 1].buffer.length; + data[i].data.data = iov[i - 1].buffer.value; + } + + /* + * Any necessary padding is added here to ensure that the + * encrypted token header is always at the end of the + * ciphertext. + */ + + /* encrypted CFX header in trailer (or after the header if in + DCE mode). Copy in header into E"header" + */ + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + if (trailer) + data[i].data.data = trailer->buffer.value; + else + data[i].data.data = ((uint8_t *)header->buffer.value) + sizeof(*token); + + data[i].data.length = ec + sizeof(*token); + memset(data[i].data.data, 0xFF, ec); + memcpy(((uint8_t *)data[i].data.data) + ec, token, sizeof(*token)); + i++; + + /* Kerberos trailer comes after the gss trailer */ + data[i].flags = KRB5_CRYPTO_TYPE_TRAILER; + data[i].data.data = ((uint8_t *)data[i-1].data.data) + ec + sizeof(*token); + data[i].data.length = k5tsize; + i++; + + ret = krb5_encrypt_iov_ivec(context, ctx->crypto, usage, data, i, NULL); + if (ret != 0) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto failure; + } + + if (rrc) { + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; + } + + } else { + /* + plain packet: + + {data | "header" | gss-trailer (krb5 checksum) + + don't do RRC != 0 + + */ + + for (i = 0; i < iov_count; i++) { + switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) { + case GSS_IOV_BUFFER_TYPE_DATA: + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + break; + case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: + data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + break; + default: + data[i].flags = KRB5_CRYPTO_TYPE_EMPTY; + break; + } + data[i].data.length = iov[i].buffer.length; + data[i].data.data = iov[i].buffer.value; + } + + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + data[i].data.data = header->buffer.value; + data[i].data.length = sizeof(gss_cfx_wrap_token_desc); + i++; + + data[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + if (trailer) { + data[i].data.data = trailer->buffer.value; + } else { + data[i].data.data = (uint8_t *)header->buffer.value + + sizeof(gss_cfx_wrap_token_desc); + } + data[i].data.length = k5tsize; + i++; + + ret = krb5_create_checksum_iov(context, ctx->crypto, usage, data, i, NULL); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto failure; + } + + if (rrc) { + token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[1] = (rrc >> 0) & 0xFF; + } + + token->EC[0] = (k5tsize >> 8) & 0xFF; + token->EC[1] = (k5tsize >> 0) & 0xFF; + } + + if (conf_state != NULL) + *conf_state = conf_req_flag; + + free(data); + + *minor_status = 0; + return GSS_S_COMPLETE; + + failure: + if (data) + free(data); + + gss_release_iov_buffer(&junk, iov, iov_count); + + return major_status; +} +#endif + +/* This is slowpath */ +static OM_uint32 +unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int iov_count) +{ + uint8_t *p, *q; + size_t len = 0, skip; + int i; + + for (i = 0; i < iov_count; i++) + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER) + len += iov[i].buffer.length; + + p = malloc(len); + if (p == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + q = p; + + /* copy up */ + + for (i = 0; i < iov_count; i++) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER) + { + memcpy(q, iov[i].buffer.value, iov[i].buffer.length); + q += iov[i].buffer.length; + } + } + assert((size_t)(q - p) == len); + + /* unrotate first part */ + q = p + rrc; + skip = rrc; + for (i = 0; i < iov_count; i++) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER) + { + if (iov[i].buffer.length <= skip) { + skip -= iov[i].buffer.length; + } else { + memcpy(((uint8_t *)iov[i].buffer.value) + skip, q, iov[i].buffer.length - skip); + q += iov[i].buffer.length - skip; + skip = 0; + } + } + } + /* copy trailer */ + q = p; + skip = rrc; + for (i = 0; i < iov_count; i++) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_PADDING || + GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_TRAILER) + { + memcpy(q, iov[i].buffer.value, min(iov[i].buffer.length, skip)); + if (iov[i].buffer.length > skip) + break; + skip -= iov[i].buffer.length; + q += iov[i].buffer.length; + } + } + return GSS_S_COMPLETE; +} + +#if 0 + +OM_uint32 +_gssapi_unwrap_cfx_iov(OM_uint32 *minor_status, + gsskrb5_ctx ctx, + krb5_context context, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 seq_number_lo, seq_number_hi, major_status, junk; + gss_iov_buffer_desc *header, *trailer, *padding; + gss_cfx_wrap_token token, ttoken; + u_char token_flags; + krb5_error_code ret; + unsigned usage; + uint16_t ec, rrc; + krb5_crypto_iov *data = NULL; + int i, j; + + *minor_status = 0; + + header = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + if (header == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (header->buffer.length < sizeof(*token)) /* we check exact below */ + return GSS_S_DEFECTIVE_TOKEN; + + padding = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + if (padding != NULL && padding->buffer.length != 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + trailer = _gk_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + + major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer); + if (major_status != GSS_S_COMPLETE) { + return major_status; + } + + token = (gss_cfx_wrap_token)header->buffer.value; + + if (token->TOK_ID[0] != 0x05 || token->TOK_ID[1] != 0x04) + return GSS_S_DEFECTIVE_TOKEN; + + /* Ignore unknown flags */ + token_flags = token->Flags & + (CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey); + + if (token_flags & CFXSentByAcceptor) { + if ((ctx->more_flags & LOCAL) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (ctx->more_flags & ACCEPTOR_SUBKEY) { + if ((token_flags & CFXAcceptorSubkey) == 0) + return GSS_S_DEFECTIVE_TOKEN; + } else { + if (token_flags & CFXAcceptorSubkey) + return GSS_S_DEFECTIVE_TOKEN; + } + + if (token->Filler != 0xFF) + return GSS_S_DEFECTIVE_TOKEN; + + if (conf_state != NULL) + *conf_state = (token_flags & CFXSealed) ? 1 : 0; + + ec = (token->EC[0] << 8) | token->EC[1]; + rrc = (token->RRC[0] << 8) | token->RRC[1]; + + /* + * Check sequence number + */ + _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[0], &seq_number_hi); + _gsskrb5_decode_be_om_uint32(&token->SND_SEQ[4], &seq_number_lo); + if (seq_number_hi) { + /* no support for 64-bit sequence numbers */ + *minor_status = ERANGE; + return GSS_S_UNSEQ_TOKEN; + } + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gssapi_msg_order_check(ctx->order, seq_number_lo); + if (ret != 0) { + *minor_status = 0; + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + return ret; + } + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); + + /* + * Decrypt and/or verify checksum + */ + + if (ctx->more_flags & LOCAL) { + usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; + } else { + usage = KRB5_KU_USAGE_INITIATOR_SEAL; + } + + data = calloc(iov_count + 3, sizeof(data[0])); + if (data == NULL) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto failure; + } + + if (token_flags & CFXSealed) { + size_t k5tsize, k5hsize; + + krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_HEADER, &k5hsize); + krb5_crypto_length(context, ctx->crypto, KRB5_CRYPTO_TYPE_TRAILER, &k5tsize); + + /* Rotate by RRC; bogus to do this in-place XXX */ + /* Check RRC */ + + if (trailer == NULL) { + size_t gsstsize = k5tsize + sizeof(*token); + size_t gsshsize = k5hsize + sizeof(*token); + + if (rrc != gsstsize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto failure; + } + + if (IS_DCE_STYLE(ctx)) + gsstsize += ec; + + gsshsize += gsstsize; + + if (header->buffer.length != gsshsize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto failure; + } + } else if (trailer->buffer.length != sizeof(*token) + k5tsize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto failure; + } else if (header->buffer.length != sizeof(*token) + k5hsize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto failure; + } else if (rrc != 0) { + /* go though slowpath */ + major_status = unrotate_iov(minor_status, rrc, iov, iov_count); + if (major_status) + goto failure; + } + + i = 0; + data[i].flags = KRB5_CRYPTO_TYPE_HEADER; + data[i].data.data = ((uint8_t *)header->buffer.value) + header->buffer.length - k5hsize; + data[i].data.length = k5hsize; + i++; + + for (j = 0; j < iov_count; i++, j++) { + switch (GSS_IOV_BUFFER_TYPE(iov[j].type)) { + case GSS_IOV_BUFFER_TYPE_DATA: + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + break; + case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: + data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + break; + default: + data[i].flags = KRB5_CRYPTO_TYPE_EMPTY; + break; + } + data[i].data.length = iov[j].buffer.length; + data[i].data.data = iov[j].buffer.value; + } + + /* encrypted CFX header in trailer (or after the header if in + DCE mode). Copy in header into E"header" + */ + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + if (trailer) { + data[i].data.data = trailer->buffer.value; + } else { + data[i].data.data = ((uint8_t *)header->buffer.value) + + header->buffer.length - k5hsize - k5tsize - ec- sizeof(*token); + } + + data[i].data.length = ec + sizeof(*token); + ttoken = (gss_cfx_wrap_token)(((uint8_t *)data[i].data.data) + ec); + i++; + + /* Kerberos trailer comes after the gss trailer */ + data[i].flags = KRB5_CRYPTO_TYPE_TRAILER; + data[i].data.data = ((uint8_t *)data[i-1].data.data) + ec + sizeof(*token); + data[i].data.length = k5tsize; + i++; + + ret = krb5_decrypt_iov_ivec(context, ctx->crypto, usage, data, i, NULL); + if (ret != 0) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto failure; + } + + ttoken->RRC[0] = token->RRC[0]; + ttoken->RRC[1] = token->RRC[1]; + + /* Check the integrity of the header */ + if (ct_memcmp(ttoken, token, sizeof(*token)) != 0) { + major_status = GSS_S_BAD_MIC; + goto failure; + } + } else { + size_t gsstsize = ec; + size_t gsshsize = sizeof(*token); + + if (trailer == NULL) { + /* Check RRC */ + if (rrc != gsstsize) { + *minor_status = EINVAL; + major_status = GSS_S_FAILURE; + goto failure; + } + + gsshsize += gsstsize; + gsstsize = 0; + } else if (trailer->buffer.length != gsstsize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto failure; + } else if (rrc != 0) { + /* Check RRC */ + *minor_status = EINVAL; + major_status = GSS_S_FAILURE; + goto failure; + } + + if (header->buffer.length != gsshsize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto failure; + } + + for (i = 0; i < iov_count; i++) { + switch (GSS_IOV_BUFFER_TYPE(iov[i].type)) { + case GSS_IOV_BUFFER_TYPE_DATA: + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + break; + case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: + data[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + break; + default: + data[i].flags = KRB5_CRYPTO_TYPE_EMPTY; + break; + } + data[i].data.length = iov[i].buffer.length; + data[i].data.data = iov[i].buffer.value; + } + + data[i].flags = KRB5_CRYPTO_TYPE_DATA; + data[i].data.data = header->buffer.value; + data[i].data.length = sizeof(*token); + i++; + + data[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + if (trailer) { + data[i].data.data = trailer->buffer.value; + } else { + data[i].data.data = (uint8_t *)header->buffer.value + + sizeof(*token); + } + data[i].data.length = ec; + i++; + + token = (gss_cfx_wrap_token)header->buffer.value; + token->EC[0] = 0; + token->EC[1] = 0; + token->RRC[0] = 0; + token->RRC[1] = 0; + + ret = krb5_verify_checksum_iov(context, ctx->crypto, usage, data, i, NULL); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto failure; + } + } + + if (qop_state != NULL) { + *qop_state = GSS_C_QOP_DEFAULT; + } + + free(data); + + *minor_status = 0; + return GSS_S_COMPLETE; + + failure: + if (data) + free(data); + + gss_release_iov_buffer(&junk, iov, iov_count); + + return major_status; +} +#endif + +OM_uint32 +_gssapi_wrap_iov_length_cfx(OM_uint32 *minor_status, + gsskrb5_ctx ctx, + krb5_context context, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 major_status; + size_t size; + int i; + gss_iov_buffer_desc *header = NULL; + gss_iov_buffer_desc *padding = NULL; + gss_iov_buffer_desc *trailer = NULL; + size_t gsshsize = 0; + size_t gsstsize = 0; + size_t k5hsize = 0; + size_t k5tsize = 0; + + GSSAPI_KRB5_INIT (&context); + *minor_status = 0; + + for (size = 0, i = 0; i < iov_count; i++) { + switch(GSS_IOV_BUFFER_TYPE(iov[i].type)) { + case GSS_IOV_BUFFER_TYPE_EMPTY: + break; + case GSS_IOV_BUFFER_TYPE_DATA: + size += iov[i].buffer.length; + break; + case GSS_IOV_BUFFER_TYPE_HEADER: + if (header != NULL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + header = &iov[i]; + break; + case GSS_IOV_BUFFER_TYPE_TRAILER: + if (trailer != NULL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + trailer = &iov[i]; + break; + case GSS_IOV_BUFFER_TYPE_PADDING: + if (padding != NULL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + padding = &iov[i]; + break; + case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: + break; + default: + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } + + major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer); + if (major_status != GSS_S_COMPLETE) { + return major_status; + } + + if (conf_req_flag) { + size_t k5psize = 0; + size_t k5pbase = 0; + size_t k5bsize = 0; + size_t ec = 0; + + size += sizeof(gss_cfx_wrap_token_desc); + + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_HEADER, + &k5hsize); + if (*minor_status) + return GSS_S_FAILURE; + + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_TRAILER, + &k5tsize); + if (*minor_status) + return GSS_S_FAILURE; + + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_PADDING, + &k5pbase); + if (*minor_status) + return GSS_S_FAILURE; + + if (k5pbase > 1) { + k5psize = k5pbase - (size % k5pbase); + } else { + k5psize = 0; + } + + if (k5psize == 0 && IS_DCE_STYLE(ctx)) { + *minor_status = krb5_crypto_getblocksize(context, ctx->crypto, + &k5bsize); + if (*minor_status) + return GSS_S_FAILURE; + + ec = k5bsize; + } else { + ec = k5psize; + } + + gsshsize = sizeof(gss_cfx_wrap_token_desc) + k5hsize; + gsstsize = sizeof(gss_cfx_wrap_token_desc) + ec + k5tsize; + } else { + *minor_status = krb5_crypto_length(context, ctx->crypto, + KRB5_CRYPTO_TYPE_CHECKSUM, + &k5tsize); + if (*minor_status) + return GSS_S_FAILURE; + + gsshsize = sizeof(gss_cfx_wrap_token_desc); + gsstsize = k5tsize; + } + + if (trailer != NULL) { + trailer->buffer.length = gsstsize; + } else { + gsshsize += gsstsize; + } + + header->buffer.length = gsshsize; + + if (padding) { + /* padding is done via EC and is contained in the header or trailer */ + padding->buffer.length = 0; + } + + if (conf_state) { + *conf_state = conf_req_flag; + } + + return GSS_S_COMPLETE; +} + + + + OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, - const gsskrb5_ctx context_handle, + const gsskrb5_ctx ctx, krb5_context context, int conf_req_flag, - gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key) + gss_buffer_t output_message_buffer) { - krb5_crypto crypto; gss_cfx_wrap_token token; krb5_error_code ret; unsigned usage; @@ -252,19 +1174,13 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, int32_t seq_number; u_char *p; - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret != 0) { - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = _gsskrb5cfx_wrap_length_cfx(context, - crypto, conf_req_flag, + ctx->crypto, conf_req_flag, + IS_DCE_STYLE(ctx), input_message_buffer->length, &wrapped_len, &cksumsize, &padlength); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -275,7 +1191,6 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, output_message_buffer->value = malloc(output_message_buffer->length); if (output_message_buffer->value == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -285,9 +1200,9 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, token->TOK_ID[1] = 0x04; token->Flags = 0; token->Filler = 0xFF; - if ((context_handle->more_flags & LOCAL) == 0) + if ((ctx->more_flags & LOCAL) == 0) token->Flags |= CFXSentByAcceptor; - if (context_handle->more_flags & ACCEPTOR_SUBKEY) + if (ctx->more_flags & ACCEPTOR_SUBKEY) token->Flags |= CFXAcceptorSubkey; if (conf_req_flag) { /* @@ -324,16 +1239,16 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, token->RRC[0] = 0; token->RRC[1] = 0; - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); krb5_auth_con_getlocalseqnumber(context, - context_handle->auth_context, + ctx->auth_context, &seq_number); _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); krb5_auth_con_setlocalseqnumber(context, - context_handle->auth_context, + ctx->auth_context, ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); /* * If confidentiality is requested, the token header is @@ -344,7 +1259,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, * calculated over the plaintext concatenated with the * token header. */ - if (context_handle->more_flags & LOCAL) { + if (ctx->more_flags & LOCAL) { usage = KRB5_KU_USAGE_INITIATOR_SEAL; } else { usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; @@ -365,25 +1280,31 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, memcpy(p + input_message_buffer->length + padlength, token, sizeof(*token)); - ret = krb5_encrypt(context, crypto, + ret = krb5_encrypt(context, ctx->crypto, usage, p, input_message_buffer->length + padlength + sizeof(*token), &cipher); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_FAILURE; } assert(sizeof(*token) + cipher.length == wrapped_len); - token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[0] = (rrc >> 8) & 0xFF; token->RRC[1] = (rrc >> 0) & 0xFF; - ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); + /* + * this is really ugly, but needed against windows + * for DCERPC, as windows rotates by EC+RRC. + */ + if (IS_DCE_STYLE(ctx)) { + ret = rrc_rotate(cipher.data, cipher.length, rrc+padlength, FALSE); + } else { + ret = rrc_rotate(cipher.data, cipher.length, rrc, FALSE); + } if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_FAILURE; } @@ -396,21 +1317,19 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, buf = malloc(input_message_buffer->length + sizeof(*token)); if (buf == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_FAILURE; } memcpy(buf, input_message_buffer->value, input_message_buffer->length); memcpy(buf + input_message_buffer->length, token, sizeof(*token)); - ret = krb5_create_checksum(context, crypto, - usage, 0, buf, + ret = krb5_create_checksum(context, ctx->crypto, + usage, 0, buf, input_message_buffer->length + - sizeof(*token), + sizeof(*token), &cksum); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); free(buf); return GSS_S_FAILURE; @@ -421,7 +1340,7 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, assert(cksum.checksum.length == cksumsize); token->EC[0] = (cksum.checksum.length >> 8) & 0xFF; token->EC[1] = (cksum.checksum.length >> 0) & 0xFF; - token->RRC[0] = (rrc >> 8) & 0xFF; + token->RRC[0] = (rrc >> 8) & 0xFF; token->RRC[1] = (rrc >> 0) & 0xFF; p += sizeof(*token); @@ -433,7 +1352,6 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, input_message_buffer->length + cksum.checksum.length, rrc, FALSE); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); free_Checksum(&cksum); return GSS_S_FAILURE; @@ -441,8 +1359,6 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, free_Checksum(&cksum); } - krb5_crypto_destroy(context, crypto); - if (conf_state != NULL) { *conf_state = conf_req_flag; } @@ -452,15 +1368,13 @@ OM_uint32 _gssapi_wrap_cfx(OM_uint32 *minor_status, } OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, - const gsskrb5_ctx context_handle, + const gsskrb5_ctx ctx, krb5_context context, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key) + gss_qop_t *qop_state) { - krb5_crypto crypto; gss_cfx_wrap_token token; u_char token_flags; krb5_error_code ret; @@ -490,11 +1404,11 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, (CFXSentByAcceptor | CFXSealed | CFXAcceptorSubkey); if (token_flags & CFXSentByAcceptor) { - if ((context_handle->more_flags & LOCAL) == 0) + if ((ctx->more_flags & LOCAL) == 0) return GSS_S_DEFECTIVE_TOKEN; } - if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if (ctx->more_flags & ACCEPTOR_SUBKEY) { if ((token_flags & CFXAcceptorSubkey) == 0) return GSS_S_DEFECTIVE_TOKEN; } else { @@ -524,26 +1438,21 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, return GSS_S_UNSEQ_TOKEN; } - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gssapi_msg_order_check(ctx->order, seq_number_lo); if (ret != 0) { *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); _gsskrb5_release_buffer(minor_status, output_message_buffer); return ret; } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); /* * Decrypt and/or verify checksum */ - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret != 0) { - *minor_status = ret; - return GSS_S_FAILURE; - } - if (context_handle->more_flags & LOCAL) { + if (ctx->more_flags & LOCAL) { usage = KRB5_KU_USAGE_ACCEPTOR_SEAL; } else { usage = KRB5_KU_USAGE_INITIATOR_SEAL; @@ -553,25 +1462,29 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, len = input_message_buffer->length; len -= (p - (u_char *)input_message_buffer->value); - /* Rotate by RRC; bogus to do this in-place XXX */ - *minor_status = rrc_rotate(p, len, rrc, TRUE); - if (*minor_status != 0) { - krb5_crypto_destroy(context, crypto); - return GSS_S_FAILURE; - } - if (token_flags & CFXSealed) { - ret = krb5_decrypt(context, crypto, usage, + /* + * this is really ugly, but needed against windows + * for DCERPC, as windows rotates by EC+RRC. + */ + if (IS_DCE_STYLE(ctx)) { + *minor_status = rrc_rotate(p, len, rrc+ec, TRUE); + } else { + *minor_status = rrc_rotate(p, len, rrc, TRUE); + } + if (*minor_status != 0) { + return GSS_S_FAILURE; + } + + ret = krb5_decrypt(context, ctx->crypto, usage, p, len, &data); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); return GSS_S_BAD_MIC; } /* Check that there is room for the pad and token header */ if (data.length < ec + sizeof(*token)) { - krb5_crypto_destroy(context, crypto); krb5_data_free(&data); return GSS_S_DEFECTIVE_TOKEN; } @@ -583,8 +1496,7 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, ((gss_cfx_wrap_token)p)->RRC[1] = token->RRC[1]; /* Check the integrity of the header */ - if (memcmp(p, token, sizeof(*token)) != 0) { - krb5_crypto_destroy(context, crypto); + if (ct_memcmp(p, token, sizeof(*token)) != 0) { krb5_data_free(&data); return GSS_S_BAD_MIC; } @@ -594,12 +1506,18 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, } else { Checksum cksum; + /* Rotate by RRC; bogus to do this in-place XXX */ + *minor_status = rrc_rotate(p, len, rrc, TRUE); + if (*minor_status != 0) { + return GSS_S_FAILURE; + } + /* Determine checksum type */ ret = krb5_crypto_get_checksum_type(context, - crypto, &cksum.cksumtype); + ctx->crypto, + &cksum.cksumtype); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -608,7 +1526,6 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, /* Check we have at least as much data as the checksum */ if (len < cksum.checksum.length) { *minor_status = ERANGE; - krb5_crypto_destroy(context, crypto); return GSS_S_BAD_MIC; } @@ -620,13 +1537,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, output_message_buffer->value = malloc(len + sizeof(*token)); if (output_message_buffer->value == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } /* Checksum is over (plaintext-data | "header") */ memcpy(output_message_buffer->value, p, len); - memcpy((u_char *)output_message_buffer->value + len, + memcpy((u_char *)output_message_buffer->value + len, token, sizeof(*token)); /* EC is not included in checksum calculation */ @@ -637,21 +1553,18 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, token->RRC[0] = 0; token->RRC[1] = 0; - ret = krb5_verify_checksum(context, crypto, + ret = krb5_verify_checksum(context, ctx->crypto, usage, output_message_buffer->value, len + sizeof(*token), &cksum); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); _gsskrb5_release_buffer(minor_status, output_message_buffer); return GSS_S_BAD_MIC; } } - krb5_crypto_destroy(context, crypto); - if (qop_state != NULL) { *qop_state = GSS_C_QOP_DEFAULT; } @@ -661,14 +1574,12 @@ OM_uint32 _gssapi_unwrap_cfx(OM_uint32 *minor_status, } OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, - const gsskrb5_ctx context_handle, + const gsskrb5_ctx ctx, krb5_context context, gss_qop_t qop_req, const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key) + gss_buffer_t message_token) { - krb5_crypto crypto; gss_cfx_mic_token token; krb5_error_code ret; unsigned usage; @@ -677,17 +1588,10 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, size_t len; int32_t seq_number; - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret != 0) { - *minor_status = ret; - return GSS_S_FAILURE; - } - len = message_buffer->length + sizeof(*token); buf = malloc(len); if (buf == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } @@ -697,38 +1601,36 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, token->TOK_ID[0] = 0x04; token->TOK_ID[1] = 0x04; token->Flags = 0; - if ((context_handle->more_flags & LOCAL) == 0) + if ((ctx->more_flags & LOCAL) == 0) token->Flags |= CFXSentByAcceptor; - if (context_handle->more_flags & ACCEPTOR_SUBKEY) + if (ctx->more_flags & ACCEPTOR_SUBKEY) token->Flags |= CFXAcceptorSubkey; memset(token->Filler, 0xFF, 5); - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); krb5_auth_con_getlocalseqnumber(context, - context_handle->auth_context, + ctx->auth_context, &seq_number); _gsskrb5_encode_be_om_uint32(0, &token->SND_SEQ[0]); _gsskrb5_encode_be_om_uint32(seq_number, &token->SND_SEQ[4]); krb5_auth_con_setlocalseqnumber(context, - context_handle->auth_context, + ctx->auth_context, ++seq_number); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - if (context_handle->more_flags & LOCAL) { + if (ctx->more_flags & LOCAL) { usage = KRB5_KU_USAGE_INITIATOR_SIGN; } else { usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; } - ret = krb5_create_checksum(context, crypto, + ret = krb5_create_checksum(context, ctx->crypto, usage, 0, buf, len, &cksum); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); free(buf); return GSS_S_FAILURE; } - krb5_crypto_destroy(context, crypto); /* Determine MIC length */ message_token->length = sizeof(*token) + cksum.checksum.length; @@ -753,14 +1655,12 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, } OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, - const gsskrb5_ctx context_handle, + const gsskrb5_ctx ctx, krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, - gss_qop_t *qop_state, - krb5_keyblock *key) + gss_qop_t *qop_state) { - krb5_crypto crypto; gss_cfx_mic_token token; u_char token_flags; krb5_error_code ret; @@ -787,10 +1687,10 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, token_flags = token->Flags & (CFXSentByAcceptor | CFXAcceptorSubkey); if (token_flags & CFXSentByAcceptor) { - if ((context_handle->more_flags & LOCAL) == 0) + if ((ctx->more_flags & LOCAL) == 0) return GSS_S_DEFECTIVE_TOKEN; } - if (context_handle->more_flags & ACCEPTOR_SUBKEY) { + if (ctx->more_flags & ACCEPTOR_SUBKEY) { if ((token_flags & CFXAcceptorSubkey) == 0) return GSS_S_DEFECTIVE_TOKEN; } else { @@ -798,7 +1698,7 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, return GSS_S_DEFECTIVE_TOKEN; } - if (memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { + if (ct_memcmp(token->Filler, "\xff\xff\xff\xff\xff", 5) != 0) { return GSS_S_DEFECTIVE_TOKEN; } @@ -812,36 +1712,29 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, return GSS_S_UNSEQ_TOKEN; } - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - ret = _gssapi_msg_order_check(context_handle->order, seq_number_lo); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gssapi_msg_order_check(ctx->order, seq_number_lo); if (ret != 0) { *minor_status = 0; - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; } - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); /* * Verify checksum */ - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret != 0) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_crypto_get_checksum_type(context, crypto, + ret = krb5_crypto_get_checksum_type(context, ctx->crypto, &cksum.cksumtype); if (ret != 0) { *minor_status = ret; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } cksum.checksum.data = p + sizeof(*token); cksum.checksum.length = token_buffer->length - sizeof(*token); - if (context_handle->more_flags & LOCAL) { + if (ctx->more_flags & LOCAL) { usage = KRB5_KU_USAGE_ACCEPTOR_SIGN; } else { usage = KRB5_KU_USAGE_INITIATOR_SIGN; @@ -850,18 +1743,16 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, buf = malloc(message_buffer->length + sizeof(*token)); if (buf == NULL) { *minor_status = ENOMEM; - krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } memcpy(buf, message_buffer->value, message_buffer->length); memcpy(buf + message_buffer->length, token, sizeof(*token)); - ret = krb5_verify_checksum(context, crypto, + ret = krb5_verify_checksum(context, ctx->crypto, usage, buf, sizeof(*token) + message_buffer->length, &cksum); - krb5_crypto_destroy(context, crypto); if (ret != 0) { *minor_status = ret; free(buf); diff --git a/crypto/heimdal/lib/gssapi/krb5/cfx.h b/crypto/heimdal/lib/gssapi/krb5/cfx.h index 672704a8418..c30ed07840e 100644 --- a/crypto/heimdal/lib/gssapi/krb5/cfx.h +++ b/crypto/heimdal/lib/gssapi/krb5/cfx.h @@ -30,7 +30,7 @@ * SUCH DAMAGE. */ -/* $Id: cfx.h 19031 2006-11-13 18:02:57Z lha $ */ +/* $Id$ */ #ifndef GSSAPI_CFX_H_ #define GSSAPI_CFX_H_ 1 diff --git a/crypto/heimdal/lib/gssapi/krb5/compare_name.c b/crypto/heimdal/lib/gssapi/krb5/compare_name.c index 3f3b59d1162..7409d45fcb8 100644 --- a/crypto/heimdal/lib/gssapi/krb5/compare_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/compare_name.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: compare_name.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 _gsskrb5_compare_name +OM_uint32 GSSAPI_CALLCONV _gsskrb5_compare_name (OM_uint32 * minor_status, const gss_name_t name1, const gss_name_t name2, diff --git a/crypto/heimdal/lib/gssapi/krb5/compat.c b/crypto/heimdal/lib/gssapi/krb5/compat.c index a0f075621a4..3381dffa19e 100644 --- a/crypto/heimdal/lib/gssapi/krb5/compat.c +++ b/crypto/heimdal/lib/gssapi/krb5/compat.c @@ -1,45 +1,42 @@ /* - * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: compat.c 19031 2006-11-13 18:02:57Z lha $"); - +#include "gsskrb5_locl.h" static krb5_error_code -check_compat(OM_uint32 *minor_status, - krb5_context context, krb5_const_principal name, - const char *option, krb5_boolean *compat, +check_compat(OM_uint32 *minor_status, + krb5_context context, krb5_const_principal name, + const char *option, krb5_boolean *compat, krb5_boolean match_val) { krb5_error_code ret = 0; @@ -62,7 +59,7 @@ check_compat(OM_uint32 *minor_status, *compat = match_val; break; } - + krb5_free_principal(context, match); match = NULL; } @@ -92,11 +89,11 @@ _gss_DES3_get_mic_compat(OM_uint32 *minor_status, OM_uint32 ret; if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { - ret = check_compat(minor_status, context, ctx->target, + ret = check_compat(minor_status, context, ctx->target, "broken_des3_mic", &use_compat, TRUE); if (ret) return ret; - ret = check_compat(minor_status, context, ctx->target, + ret = check_compat(minor_status, context, ctx->target, "correct_des3_mic", &use_compat, FALSE); if (ret) return ret; diff --git a/crypto/heimdal/lib/gssapi/krb5/context_time.c b/crypto/heimdal/lib/gssapi/krb5/context_time.c index b57ac7854e6..cb1550011cd 100644 --- a/crypto/heimdal/lib/gssapi/krb5/context_time.c +++ b/crypto/heimdal/lib/gssapi/krb5/context_time.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: context_time.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" OM_uint32 -_gsskrb5_lifetime_left(OM_uint32 *minor_status, +_gsskrb5_lifetime_left(OM_uint32 *minor_status, krb5_context context, OM_uint32 lifetime, OM_uint32 *lifetime_rec) @@ -55,7 +53,7 @@ _gsskrb5_lifetime_left(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (lifetime < timeret) + if (lifetime < timeret) *lifetime_rec = 0; else *lifetime_rec = lifetime - timeret; @@ -64,7 +62,7 @@ _gsskrb5_lifetime_left(OM_uint32 *minor_status, } -OM_uint32 _gsskrb5_context_time +OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, OM_uint32 * time_rec @@ -90,6 +88,6 @@ OM_uint32 _gsskrb5_context_time if (*time_rec == 0) return GSS_S_CONTEXT_EXPIRED; - + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c b/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c index 66d797c1993..e332d29c84a 100644 --- a/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c +++ b/crypto/heimdal/lib/gssapi/krb5/copy_ccache.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: copy_ccache.c 20688 2007-05-17 18:44:31Z lha $"); +#include "gsskrb5_locl.h" #if 0 OM_uint32 @@ -65,11 +63,11 @@ gss_krb5_copy_ccache(OM_uint32 *minor_status, OM_uint32 -_gsskrb5_import_cred(OM_uint32 *minor_status, - krb5_ccache id, - krb5_principal keytab_principal, - krb5_keytab keytab, - gss_cred_id_t *cred) +_gsskrb5_krb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) { krb5_context context; krb5_error_code kret; @@ -102,7 +100,7 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, *minor_status = kret; return GSS_S_FAILURE; } - + if (keytab_principal) { krb5_boolean match; @@ -147,8 +145,8 @@ _gsskrb5_import_cred(OM_uint32 *minor_status, handle->usage |= GSS_C_ACCEPT; if (keytab_principal && handle->principal == NULL) { - kret = krb5_copy_principal(context, - keytab_principal, + kret = krb5_copy_principal(context, + keytab_principal, &handle->principal); if (kret) goto out; diff --git a/crypto/heimdal/lib/gssapi/krb5/creds.c b/crypto/heimdal/lib/gssapi/krb5/creds.c new file mode 100644 index 00000000000..fa45d19b981 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/krb5/creds.c @@ -0,0 +1,255 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gsskrb5_locl.h" + +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_export_cred(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t cred_token) +{ + gsskrb5_cred handle = (gsskrb5_cred)cred_handle; + krb5_context context; + krb5_error_code ret; + krb5_storage *sp; + krb5_data data, mech; + const char *type; + char *str; + + GSSAPI_KRB5_INIT (&context); + + if (handle->usage != GSS_C_INITIATE && handle->usage != GSS_C_BOTH) { + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return GSS_S_FAILURE; + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + type = krb5_cc_get_type(context, handle->ccache); + if (strcmp(type, "MEMORY") == 0) { + krb5_creds *creds; + ret = krb5_store_uint32(sp, 0); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = _krb5_get_krbtgt(context, handle->ccache, + handle->principal->realm, + &creds); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_store_creds(sp, creds); + krb5_free_creds(context, creds); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + } else { + ret = krb5_store_uint32(sp, 1); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_cc_get_full_name(context, handle->ccache, &str); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_store_string(sp, str); + free(str); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + } + ret = krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_data_free(&data); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + mech.data = GSS_KRB5_MECHANISM->elements; + mech.length = GSS_KRB5_MECHANISM->length; + + ret = krb5_store_data(sp, mech); + if (ret) { + krb5_data_free(&data); + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_store_data(sp, data); + krb5_data_free(&data); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + cred_token->value = data.data; + cred_token->length = data.length; + + return GSS_S_COMPLETE; +} + +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_import_cred(OM_uint32 * minor_status, + gss_buffer_t cred_token, + gss_cred_id_t * cred_handle) +{ + krb5_context context; + krb5_error_code ret; + gsskrb5_cred handle; + krb5_ccache id; + krb5_storage *sp; + char *str; + uint32_t type; + int flags = 0; + + *cred_handle = GSS_C_NO_CREDENTIAL; + + GSSAPI_KRB5_INIT (&context); + + sp = krb5_storage_from_mem(cred_token->value, cred_token->length); + if (sp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ret = krb5_ret_uint32(sp, &type); + if (ret) { + krb5_storage_free(sp); + *minor_status = ret; + return GSS_S_FAILURE; + } + switch (type) { + case 0: { + krb5_creds creds; + + ret = krb5_ret_creds(sp, &creds); + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_cc_initialize(context, id, creds.client); + if (ret) { + krb5_cc_destroy(context, id); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_cc_store_cred(context, id, &creds); + krb5_free_cred_contents(context, &creds); + + flags |= GSS_CF_DESTROY_CRED_ON_RELEASE; + + break; + } + case 1: + ret = krb5_ret_string(sp, &str); + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_cc_resolve(context, str, &id); + krb5_xfree(str); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + break; + + default: + krb5_storage_free(sp); + *minor_status = 0; + return GSS_S_NO_CRED; + } + + handle = calloc(1, sizeof(*handle)); + if (handle == NULL) { + krb5_cc_close(context, id); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + handle->usage = GSS_C_INITIATE; + krb5_cc_get_principal(context, id, &handle->principal); + handle->ccache = id; + handle->cred_flags = flags; + + *cred_handle = (gss_cred_id_t)handle; + + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/krb5/decapsulate.c b/crypto/heimdal/lib/gssapi/krb5/decapsulate.c index 39176faff44..640c064d0bf 100644 --- a/crypto/heimdal/lib/gssapi/krb5/decapsulate.c +++ b/crypto/heimdal/lib/gssapi/krb5/decapsulate.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: decapsulate.c 18334 2006-10-07 22:16:04Z lha $"); +#include "gsskrb5_locl.h" /* * return the length of the mechanism in token or -1 @@ -82,9 +80,9 @@ _gssapi_verify_mech_header(u_char **str, if (mech_len != mech->length) return GSS_S_BAD_MECH; - if (memcmp(p, - mech->elements, - mech->length) != 0) + if (ct_memcmp(p, + mech->elements, + mech->length) != 0) return GSS_S_BAD_MECH; p += mech_len; *str = rk_UNCONST(p); @@ -110,7 +108,7 @@ _gsskrb5_verify_header(u_char **str, if (len < 2) return GSS_S_DEFECTIVE_TOKEN; - if (memcmp (*str, type, 2) != 0) + if (ct_memcmp (*str, type, 2) != 0) return GSS_S_DEFECTIVE_TOKEN; *str += 2; @@ -154,7 +152,7 @@ _gssapi_decapsulate( */ OM_uint32 -_gsskrb5_decapsulate(OM_uint32 *minor_status, +_gsskrb5_decapsulate(OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, const void *type, @@ -184,7 +182,7 @@ _gsskrb5_decapsulate(OM_uint32 *minor_status, */ OM_uint32 -_gssapi_verify_pad(gss_buffer_t wrapped_token, +_gssapi_verify_pad(gss_buffer_t wrapped_token, size_t datalen, size_t *padlen) { diff --git a/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c index abad9865502..83a66cc0ca0 100644 --- a/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c +++ b/crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: delete_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_delete_sec_context(OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token) @@ -61,6 +59,9 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status, HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); krb5_auth_con_free (context, ctx->auth_context); + krb5_auth_con_free (context, ctx->deleg_auth_context); + if (ctx->kcred) + krb5_free_creds(context, ctx->kcred); if(ctx->source) krb5_free_principal (context, ctx->source); if(ctx->target) @@ -72,6 +73,8 @@ _gsskrb5_delete_sec_context(OM_uint32 * minor_status, if (ctx->service_keyblock) krb5_free_keyblock (context, ctx->service_keyblock); krb5_data_free(&ctx->fwd_data); + if (ctx->crypto) + krb5_crypto_destroy(context, ctx->crypto); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); diff --git a/crypto/heimdal/lib/gssapi/krb5/display_name.c b/crypto/heimdal/lib/gssapi/krb5/display_name.c index 727c447d2a0..a296399ceca 100644 --- a/crypto/heimdal/lib/gssapi/krb5/display_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/display_name.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: display_name.c 21077 2007-06-12 22:42:56Z lha $"); - -OM_uint32 _gsskrb5_display_name +OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_name (OM_uint32 * minor_status, const gss_name_t input_name, gss_buffer_t output_name_buffer, diff --git a/crypto/heimdal/lib/gssapi/krb5/display_status.c b/crypto/heimdal/lib/gssapi/krb5/display_status.c index c0192522a72..c50200672aa 100644 --- a/crypto/heimdal/lib/gssapi/krb5/display_status.c +++ b/crypto/heimdal/lib/gssapi/krb5/display_status.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1998 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: display_status.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" static const char * calling_error(OM_uint32 v) @@ -118,29 +116,30 @@ _gsskrb5_clear_status (void) if (_gsskrb5_init (&context) != 0) return; - krb5_clear_error_string(context); + krb5_clear_error_message(context); } void -_gsskrb5_set_status (const char *fmt, ...) +_gsskrb5_set_status (int ret, const char *fmt, ...) { krb5_context context; va_list args; char *str; + int e; if (_gsskrb5_init (&context) != 0) return; va_start(args, fmt); - vasprintf(&str, fmt, args); + e = vasprintf(&str, fmt, args); va_end(args); - if (str) { - krb5_set_error_string(context, str); + if (e >= 0 && str) { + krb5_set_error_message(context, ret, "%s", str); free(str); } } -OM_uint32 _gsskrb5_display_status +OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_status (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, @@ -149,7 +148,8 @@ OM_uint32 _gsskrb5_display_status gss_buffer_t status_string) { krb5_context context; - char *buf; + char *buf = NULL; + int e = 0; GSSAPI_KRB5_INIT (&context); @@ -164,28 +164,27 @@ OM_uint32 _gsskrb5_display_status if (status_type == GSS_C_GSS_CODE) { if (GSS_SUPPLEMENTARY_INFO(status_value)) - asprintf(&buf, "%s", - supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); + e = asprintf(&buf, "%s", + supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); else - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); + e = asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); } else if (status_type == GSS_C_MECH_CODE) { - buf = krb5_get_error_string(context); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (context, status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", + const char *buf2 = krb5_get_error_message(context, status_value); + if (buf2) { + buf = strdup(buf2); + krb5_free_error_message(context, buf2); + } else { + e = asprintf(&buf, "unknown mech error-code %u", (unsigned)status_value); - else - buf = strdup(tmp); } } else { *minor_status = EINVAL; return GSS_S_BAD_STATUS; } - if (buf == NULL) { + if (e < 0 || buf == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -195,6 +194,6 @@ OM_uint32 _gsskrb5_display_status status_string->length = strlen(buf); status_string->value = buf; - + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c b/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c index 7337f1ab72b..0bc57e8a03e 100644 --- a/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/duplicate_name.c @@ -1,58 +1,57 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: duplicate_name.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 _gsskrb5_duplicate_name ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_duplicate_name ( OM_uint32 * minor_status, const gss_name_t src_name, gss_name_t * dest_name ) { - krb5_context context; krb5_const_principal src = (krb5_const_principal)src_name; - krb5_principal *dest = (krb5_principal *)dest_name; + krb5_context context; + krb5_principal dest; krb5_error_code kret; GSSAPI_KRB5_INIT (&context); - kret = krb5_copy_principal (context, src, dest); + kret = krb5_copy_principal (context, src, &dest); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } else { + *dest_name = (gss_name_t)dest; *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/encapsulate.c b/crypto/heimdal/lib/gssapi/krb5/encapsulate.c index 58dcb5c9c4b..fe5dac7c60b 100644 --- a/crypto/heimdal/lib/gssapi/krb5/encapsulate.c +++ b/crypto/heimdal/lib/gssapi/krb5/encapsulate.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: encapsulate.c 18459 2006-10-14 10:12:16Z lha $"); +#include "gsskrb5_locl.h" void _gssapi_encap_length (size_t data_len, @@ -110,13 +108,13 @@ _gssapi_encapsulate( void *p; _gssapi_encap_length (in_data->length, &len, &outer_len, mech); - + output_token->length = outer_len; output_token->value = malloc (outer_len); if (output_token->value == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; - } + } p = _gssapi_make_mech_header (output_token->value, len, mech); memcpy (p, in_data->data, in_data->length); @@ -130,7 +128,7 @@ _gssapi_encapsulate( OM_uint32 _gsskrb5_encapsulate( - OM_uint32 *minor_status, + OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, const void *type, @@ -141,13 +139,13 @@ _gsskrb5_encapsulate( u_char *p; _gsskrb5_encap_length (in_data->length, &len, &outer_len, mech); - + output_token->length = outer_len; output_token->value = malloc (outer_len); if (output_token->value == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; - } + } p = _gsskrb5_make_header (output_token->value, len, type, mech); memcpy (p, in_data->data, in_data->length); diff --git a/crypto/heimdal/lib/gssapi/krb5/export_name.c b/crypto/heimdal/lib/gssapi/krb5/export_name.c index efa45a2638b..32368d3ccef 100644 --- a/crypto/heimdal/lib/gssapi/krb5/export_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/export_name.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: export_name.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 _gsskrb5_export_name +OM_uint32 GSSAPI_CALLCONV _gsskrb5_export_name (OM_uint32 * minor_status, const gss_name_t input_name, gss_buffer_t exported_name diff --git a/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c index 00218617a07..eeb2743b432 100644 --- a/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c +++ b/crypto/heimdal/lib/gssapi/krb5/export_sec_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_export_sec_context ( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, diff --git a/crypto/heimdal/lib/gssapi/krb5/external.c b/crypto/heimdal/lib/gssapi/krb5/external.c index 03fe61dc574..60a9f75b076 100644 --- a/crypto/heimdal/lib/gssapi/krb5/external.c +++ b/crypto/heimdal/lib/gssapi/krb5/external.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" #include -RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $"); - /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value @@ -48,10 +46,8 @@ RCSID("$Id: external.c 22128 2007-12-04 00:56:55Z lha $"); * to that gss_OID_desc. */ -static gss_OID_desc gss_c_nt_user_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; - -gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc = + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; /* * The implementation must reserve static storage for a @@ -65,10 +61,8 @@ gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; * initialized to point to that gss_OID_desc. */ -static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; - -gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc = + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; /* * The implementation must reserve static storage for a @@ -82,10 +76,8 @@ gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; * initialized to point to that gss_OID_desc. */ -static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; - -gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc = + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; /* * The implementation must reserve static storage for a @@ -105,10 +97,8 @@ gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; * implementations */ -static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc = + {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; /* * The implementation must reserve static storage for a @@ -121,10 +111,8 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; * GSS_C_NT_HOSTBASED_SERVICE should be initialized * to point to that gss_OID_desc. */ -static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc = + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; /* * The implementation must reserve static storage for a @@ -137,10 +125,8 @@ gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; * to that gss_OID_desc. */ -static gss_OID_desc gss_c_nt_anonymous_oid_desc = -{6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; - -gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc = + {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; /* * The implementation must reserve static storage for a @@ -153,10 +139,8 @@ gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; * to that gss_OID_desc. */ -static gss_OID_desc gss_c_nt_export_name_oid_desc = -{6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; - -gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = + {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; /* * This name form shall be represented by the Object Identifier {iso(1) @@ -165,66 +149,8 @@ gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; * is "GSS_KRB5_NT_PRINCIPAL_NAME". */ -static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = -{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; - -gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -#if 0 /* This is the old OID */ - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{5, rk_UNCONST("\x2b\x05\x01\x05\x02")}; - -#endif - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; - -gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; /* * draft-ietf-cat-iakerb-09, IAKERB: @@ -239,141 +165,109 @@ gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; * iakerbMinimumMessagesProtocol(2)}. */ -static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc = -{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc = + {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; -gss_OID GSS_IAKERB_PROXY_MECHANISM = &gss_iakerb_proxy_mechanism_oid_desc; - -static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc = -{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; - -gss_OID GSS_IAKERB_MIN_MSG_MECHANISM = &gss_iakerb_min_msg_mechanism_oid_desc; - -/* - * - */ - -static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc = -{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; - -gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; - -/* - * 1.2.752.43.13 Heimdal GSS-API Extentions - */ - -/* 1.2.752.43.13.1 */ -static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")}; - -gss_OID GSS_KRB5_COPY_CCACHE_X = &gss_krb5_copy_ccache_x_oid_desc; - -/* 1.2.752.43.13.2 */ -static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")}; - -gss_OID GSS_KRB5_GET_TKT_FLAGS_X = &gss_krb5_get_tkt_flags_x_oid_desc; - -/* 1.2.752.43.13.3 */ -static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")}; - -gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X = &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; - -/* 1.2.752.43.13.4 */ -static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")}; - -gss_OID GSS_KRB5_COMPAT_DES3_MIC_X = &gss_krb5_compat_des3_mic_x_oid_desc; - -/* 1.2.752.43.13.5 */ -static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")}; - -gss_OID GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X = &gss_krb5_register_acceptor_identity_x_desc; - -/* 1.2.752.43.13.6 */ -static gss_OID_desc gss_krb5_export_lucid_context_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")}; - -gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_X = &gss_krb5_export_lucid_context_x_desc; - -/* 1.2.752.43.13.6.1 */ -static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc = -{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")}; - -gss_OID GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X = &gss_krb5_export_lucid_context_v1_x_desc; - -/* 1.2.752.43.13.7 */ -static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")}; - -gss_OID GSS_KRB5_SET_DNS_CANONICALIZE_X = &gss_krb5_set_dns_canonicalize_x_desc; - -/* 1.2.752.43.13.8 */ -static gss_OID_desc gss_krb5_get_subkey_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")}; - -gss_OID GSS_KRB5_GET_SUBKEY_X = &gss_krb5_get_subkey_x_desc; - -/* 1.2.752.43.13.9 */ -static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")}; - -gss_OID GSS_KRB5_GET_INITIATOR_SUBKEY_X = &gss_krb5_get_initiator_subkey_x_desc; - -/* 1.2.752.43.13.10 */ -static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")}; - -gss_OID GSS_KRB5_GET_ACCEPTOR_SUBKEY_X = &gss_krb5_get_acceptor_subkey_x_desc; - -/* 1.2.752.43.13.11 */ -static gss_OID_desc gss_krb5_send_to_kdc_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")}; - -gss_OID GSS_KRB5_SEND_TO_KDC_X = &gss_krb5_send_to_kdc_x_desc; - -/* 1.2.752.43.13.12 */ -static gss_OID_desc gss_krb5_get_authtime_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")}; - -gss_OID GSS_KRB5_GET_AUTHTIME_X = &gss_krb5_get_authtime_x_desc; - -/* 1.2.752.43.13.13 */ -static gss_OID_desc gss_krb5_get_service_keyblock_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; - -gss_OID GSS_KRB5_GET_SERVICE_KEYBLOCK_X = &gss_krb5_get_service_keyblock_x_desc; - -/* 1.2.752.43.13.14 */ -static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")}; - -gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_desc; - -/* 1.2.752.43.13.15 */ -static gss_OID_desc gss_krb5_set_default_realm_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")}; - -gss_OID GSS_KRB5_SET_DEFAULT_REALM_X = &gss_krb5_set_default_realm_x_desc; - -/* 1.2.752.43.13.16 */ -static gss_OID_desc gss_krb5_ccache_name_x_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; - -gss_OID GSS_KRB5_CCACHE_NAME_X = &gss_krb5_ccache_name_x_desc; - -/* 1.2.752.43.14.1 */ -static gss_OID_desc gss_sasl_digest_md5_mechanism_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; - -gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = + {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; /* * Context for krb5 calls. */ +#if 0 +static gss_mo_desc krb5_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + rk_UNCONST("GS2-KRB5"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + rk_UNCONST("KRB5"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + rk_UNCONST("Heimdal Kerberos 5 mech"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_CONCRETE, + GSS_MO_MA + }, + { + GSS_C_MA_ITOK_FRAMED, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_TARG, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT_ANON, + GSS_MO_MA + }, + { + GSS_C_MA_DELEG_CRED, + GSS_MO_MA + }, + { + GSS_C_MA_INTEG_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_CONF_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_MIC, + GSS_MO_MA + }, + { + GSS_C_MA_WRAP, + GSS_MO_MA + }, + { + GSS_C_MA_PROT_READY, + GSS_MO_MA + }, + { + GSS_C_MA_REPLAY_DET, + GSS_MO_MA + }, + { + GSS_C_MA_OOS_DET, + GSS_MO_MA + }, + { + GSS_C_MA_CBINDINGS, + GSS_MO_MA + }, + { + GSS_C_MA_PFS, + GSS_MO_MA + }, + { + GSS_C_MA_CTX_TRANS, + GSS_MO_MA + } +}; +#endif + /* * */ @@ -381,7 +275,8 @@ gss_OID GSS_SASL_DIGEST_MD5_MECHANISM = &gss_sasl_digest_md5_mechanism_desc; static gssapi_mech_interface_desc krb5_mech = { GMI_VERSION, "kerberos 5", - {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }, + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }, + 0, _gsskrb5_acquire_cred, _gsskrb5_release_cred, _gsskrb5_init_sec_context, @@ -415,7 +310,42 @@ static gssapi_mech_interface_desc krb5_mech = { _gsskrb5_inquire_cred_by_oid, _gsskrb5_set_sec_context_option, _gsskrb5_set_cred_option, - _gsskrb5_pseudo_random + _gsskrb5_pseudo_random, +#if 0 + _gk_wrap_iov, + _gk_unwrap_iov, + _gk_wrap_iov_length, +#else + NULL, + NULL, + NULL, +#endif + _gsskrb5_store_cred, + _gsskrb5_export_cred, + _gsskrb5_import_cred, + _gsskrb5_acquire_cred_ext, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#if 0 + krb5_mo, + sizeof(krb5_mo) / sizeof(krb5_mo[0]), +#else + NULL, + 0, +#endif + _gsskrb5_pname_to_uid, + _gsskrb5_authorize_localname, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; gssapi_mech_interface diff --git a/crypto/heimdal/lib/gssapi/krb5/get_mic.c b/crypto/heimdal/lib/gssapi/krb5/get_mic.c index 133481ffe17..0109ca7c6e7 100644 --- a/crypto/heimdal/lib/gssapi/krb5/get_mic.c +++ b/crypto/heimdal/lib/gssapi/krb5/get_mic.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: get_mic.c 19031 2006-11-13 18:02:57Z lha $"); +#ifdef HEIM_WEAK_CRYPTO static OM_uint32 mic_des @@ -47,9 +47,10 @@ mic_des ) { u_char *p; - MD5_CTX md5; + EVP_MD_CTX *md5; u_char hash[16]; DES_key_schedule schedule; + EVP_CIPHER_CTX des_ctx; DES_cblock deskey; DES_cblock zero; int32_t seq_number; @@ -68,7 +69,7 @@ mic_des p = _gsskrb5_make_header(message_token->value, len, "\x01\x01", /* TOK_ID */ - GSS_KRB5_MECHANISM); + GSS_KRB5_MECHANISM); memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ p += 2; @@ -81,14 +82,16 @@ mic_des p += 16; /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, message_buffer->length); - MD5_Final (hash, &md5); + md5 = EVP_MD_CTX_create(); + EVP_DigestInit_ex(md5, EVP_md5(), NULL); + EVP_DigestUpdate(md5, p - 24, 8); + EVP_DigestUpdate(md5, message_buffer->value, message_buffer->length); + EVP_DigestFinal_ex(md5, hash, NULL); + EVP_MD_CTX_destroy(md5); memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); memcpy (p - 8, hash, 8); /* SGN_CKSUM */ @@ -108,21 +111,23 @@ mic_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); + EVP_CIPHER_CTX_init(&des_ctx); + EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); + EVP_Cipher(&des_ctx, p, p, 8); + EVP_CIPHER_CTX_cleanup(&des_ctx); krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - + memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); - + *minor_status = 0; return GSS_S_COMPLETE; } +#endif static OM_uint32 mic_des3 @@ -252,7 +257,7 @@ mic_des3 *minor_status = kret; return GSS_S_FAILURE; } - + assert (encdata.length == 8); memcpy (p, encdata.data, encdata.length); @@ -262,13 +267,13 @@ mic_des3 ctx->auth_context, ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - + free_Checksum (&cksum); *minor_status = 0; return GSS_S_COMPLETE; } -OM_uint32 _gsskrb5_get_mic +OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, @@ -284,6 +289,10 @@ OM_uint32 _gsskrb5_get_mic GSSAPI_KRB5_INIT (&context); + if (ctx->more_flags & IS_CFX) + return _gssapi_mic_cfx (minor_status, ctx, context, qop_req, + message_buffer, message_token); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -295,8 +304,12 @@ OM_uint32 _gsskrb5_get_mic switch (keytype) { case KEYTYPE_DES : +#ifdef HEIM_WEAK_CRYPTO ret = mic_des (minor_status, ctx, context, qop_req, message_buffer, message_token, key); +#else + ret = GSS_S_FAILURE; +#endif break; case KEYTYPE_DES3 : ret = mic_des3 (minor_status, ctx, context, qop_req, @@ -308,8 +321,7 @@ OM_uint32 _gsskrb5_get_mic message_buffer, message_token, key); break; default : - ret = _gssapi_mic_cfx (minor_status, ctx, context, qop_req, - message_buffer, message_token, key); + abort(); break; } krb5_free_keyblock (context, key); diff --git a/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et b/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et index dbfdbdf2f12..3c23412a6ae 100644 --- a/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et +++ b/crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et @@ -2,7 +2,7 @@ # extended gss krb5 error messages # -id "$Id: gkrb5_err.et 20049 2007-01-24 00:14:24Z lha $" +id "$Id$" error_table gk5 diff --git a/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h b/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h index c2239f13462..2a669d867f1 100644 --- a/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h +++ b/crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h @@ -15,6 +15,55 @@ __gsskrb5_ccache_lifetime ( krb5_principal /*principal*/, OM_uint32 */*lifetime*/); +OM_uint32 +_gk_allocate_buffer ( + OM_uint32 */*minor_status*/, + gss_iov_buffer_desc */*buffer*/, + size_t /*size*/); + +gss_iov_buffer_desc * +_gk_find_buffer ( + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/, + OM_uint32 /*type*/); + +OM_uint32 GSSAPI_CALLCONV +_gk_unwrap_iov ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int */*conf_state*/, + gss_qop_t */*qop_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); + +OM_uint32 +_gk_verify_buffers ( + OM_uint32 */*minor_status*/, + const gsskrb5_ctx /*ctx*/, + const gss_iov_buffer_desc */*header*/, + const gss_iov_buffer_desc */*padding*/, + const gss_iov_buffer_desc */*trailer*/); + +OM_uint32 GSSAPI_CALLCONV +_gk_wrap_iov ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + int * /*conf_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); + +OM_uint32 GSSAPI_CALLCONV +_gk_wrap_iov_length ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + int */*conf_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); + OM_uint32 _gss_DES3_get_mic_compat ( OM_uint32 */*minor_status*/, @@ -61,12 +110,11 @@ _gssapi_make_mech_header ( OM_uint32 _gssapi_mic_cfx ( OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, + const gsskrb5_ctx /*ctx*/, krb5_context /*context*/, gss_qop_t /*qop_req*/, const gss_buffer_t /*message_buffer*/, - gss_buffer_t /*message_token*/, - krb5_keyblock */*key*/); + gss_buffer_t /*message_token*/); OM_uint32 _gssapi_msg_order_check ( @@ -113,13 +161,22 @@ _gssapi_unwrap_arcfour ( OM_uint32 _gssapi_unwrap_cfx ( OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, + const gsskrb5_ctx /*ctx*/, krb5_context /*context*/, const gss_buffer_t /*input_message_buffer*/, gss_buffer_t /*output_message_buffer*/, int */*conf_state*/, + gss_qop_t */*qop_state*/); + +OM_uint32 +_gssapi_unwrap_cfx_iov ( + OM_uint32 */*minor_status*/, + gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, + int */*conf_state*/, gss_qop_t */*qop_state*/, - krb5_keyblock */*key*/); + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); OM_uint32 _gssapi_verify_mech_header ( @@ -136,17 +193,16 @@ _gssapi_verify_mic_arcfour ( const gss_buffer_t /*token_buffer*/, gss_qop_t * /*qop_state*/, krb5_keyblock */*key*/, - char */*type*/); + const char */*type*/); OM_uint32 _gssapi_verify_mic_cfx ( OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, + const gsskrb5_ctx /*ctx*/, krb5_context /*context*/, const gss_buffer_t /*message_buffer*/, const gss_buffer_t /*token_buffer*/, - gss_qop_t */*qop_state*/, - krb5_keyblock */*key*/); + gss_qop_t */*qop_state*/); OM_uint32 _gssapi_verify_pad ( @@ -169,14 +225,33 @@ _gssapi_wrap_arcfour ( OM_uint32 _gssapi_wrap_cfx ( OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, + const gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, + int /*conf_req_flag*/, + const gss_buffer_t /*input_message_buffer*/, + int */*conf_state*/, + gss_buffer_t /*output_message_buffer*/); + +OM_uint32 +_gssapi_wrap_cfx_iov ( + OM_uint32 */*minor_status*/, + gsskrb5_ctx /*ctx*/, + krb5_context /*context*/, + int /*conf_req_flag*/, + int */*conf_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); + +OM_uint32 +_gssapi_wrap_iov_length_cfx ( + OM_uint32 */*minor_status*/, + gsskrb5_ctx /*ctx*/, krb5_context /*context*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, - const gss_buffer_t /*input_message_buffer*/, int */*conf_state*/, - gss_buffer_t /*output_message_buffer*/, - krb5_keyblock */*key*/); + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); OM_uint32 _gssapi_wrap_size_arcfour ( @@ -192,15 +267,14 @@ _gssapi_wrap_size_arcfour ( OM_uint32 _gssapi_wrap_size_cfx ( OM_uint32 */*minor_status*/, - const gsskrb5_ctx /*context_handle*/, + const gsskrb5_ctx /*ctx*/, krb5_context /*context*/, int /*conf_req_flag*/, gss_qop_t /*qop_req*/, OM_uint32 /*req_output_size*/, - OM_uint32 */*max_input_size*/, - krb5_keyblock */*key*/); + OM_uint32 */*max_input_size*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_accept_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, @@ -214,7 +288,7 @@ _gsskrb5_accept_sec_context ( OM_uint32 * /*time_rec*/, gss_cred_id_t * /*delegated_cred_handle*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_acquire_cred ( OM_uint32 * /*minor_status*/, const gss_name_t /*desired_name*/, @@ -225,7 +299,18 @@ _gsskrb5_acquire_cred ( gss_OID_set * /*actual_mechs*/, OM_uint32 * time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_acquire_cred_ext ( + OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + gss_const_OID /*credential_type*/, + const void */*credential_data*/, + OM_uint32 /*time_req*/, + gss_const_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * output_cred_handle ); + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred ( OM_uint32 */*minor_status*/, const gss_cred_id_t /*input_cred_handle*/, @@ -239,7 +324,23 @@ _gsskrb5_add_cred ( OM_uint32 */*initiator_time_rec*/, OM_uint32 */*acceptor_time_rec*/); +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_authorize_localname ( + OM_uint32 */*minor_status*/, + const gss_name_t /*input_name*/, + gss_const_buffer_t /*user_name*/, + gss_const_OID /*user_name_type*/); + OM_uint32 +_gsskrb5_canon_name ( + OM_uint32 */*minor_status*/, + krb5_context /*context*/, + int /*use_dns*/, + krb5_const_principal /*sourcename*/, + gss_name_t /*targetname*/, + krb5_principal */*out*/); + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_canonicalize_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, @@ -249,14 +350,14 @@ _gsskrb5_canonicalize_name ( void _gsskrb5_clear_status (void); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_compare_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*name1*/, const gss_name_t /*name2*/, int * name_equal ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -296,20 +397,20 @@ _gsskrb5_decode_om_uint32 ( const void */*ptr*/, OM_uint32 */*n*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_delete_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t /*output_token*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*output_name_buffer*/, gss_OID * output_name_type ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_display_status ( OM_uint32 */*minor_status*/, OM_uint32 /*status_value*/, @@ -318,7 +419,7 @@ _gsskrb5_display_status ( OM_uint32 */*message_context*/, gss_buffer_t /*status_string*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_duplicate_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*src_name*/, @@ -349,13 +450,19 @@ _gsskrb5_encode_om_uint32 ( OM_uint32 /*n*/, u_char */*p*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_export_cred ( + OM_uint32 */*minor_status*/, + gss_cred_id_t /*cred_handle*/, + gss_buffer_t /*cred_token*/); + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_export_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t exported_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_export_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, @@ -367,7 +474,7 @@ _gsskrb5_get_mech ( size_t /*total_len*/, const u_char **/*mech_ret*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -381,28 +488,26 @@ _gsskrb5_get_tkt_flags ( gsskrb5_ctx /*ctx*/, OM_uint32 */*tkt_flags*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_cred ( - OM_uint32 */*minor_status*/, - krb5_ccache /*id*/, - krb5_principal /*keytab_principal*/, - krb5_keytab /*keytab*/, - gss_cred_id_t */*cred*/); + OM_uint32 * /*minor_status*/, + gss_buffer_t /*cred_token*/, + gss_cred_id_t * /*cred_handle*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_name ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*input_name_buffer*/, const gss_OID /*input_name_type*/, gss_name_t * output_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_sec_context ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*interprocess_token*/, gss_ctx_id_t * context_handle ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_indicate_mechs ( OM_uint32 * /*minor_status*/, gss_OID_set * mech_set ); @@ -410,10 +515,10 @@ _gsskrb5_indicate_mechs ( krb5_error_code _gsskrb5_init (krb5_context */*context*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context ( OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*initiator_cred_handle*/, + const gss_cred_id_t /*cred_handle*/, gss_ctx_id_t * /*context_handle*/, const gss_name_t /*target_name*/, const gss_OID /*mech_type*/, @@ -426,7 +531,7 @@ _gsskrb5_init_sec_context ( OM_uint32 * /*ret_flags*/, OM_uint32 * time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_context ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -438,7 +543,7 @@ _gsskrb5_inquire_context ( int * /*locally_initiated*/, int * open_context ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, @@ -447,7 +552,7 @@ _gsskrb5_inquire_cred ( gss_cred_usage_t * /*cred_usage*/, gss_OID_set * mechanisms ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_mech ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, @@ -457,26 +562,26 @@ _gsskrb5_inquire_cred_by_mech ( OM_uint32 * /*acceptor_lifetime*/, gss_cred_usage_t * cred_usage ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_oid ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t */*data_set*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_mechs_for_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_OID_set * mech_types ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_names_for_mech ( OM_uint32 * /*minor_status*/, const gss_OID /*mechanism*/, gss_OID_set * name_types ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid ( OM_uint32 */*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -489,6 +594,14 @@ _gsskrb5_krb5_ccache_name ( const char */*name*/, const char **/*out_name*/); +OM_uint32 +_gsskrb5_krb5_import_cred ( + OM_uint32 */*minor_status*/, + krb5_ccache /*id*/, + krb5_principal /*keytab_principal*/, + krb5_keytab /*keytab*/, + gss_cred_id_t */*cred*/); + OM_uint32 _gsskrb5_lifetime_left ( OM_uint32 */*minor_status*/, @@ -503,13 +616,20 @@ _gsskrb5_make_header ( const void */*type*/, const gss_OID /*mech*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_pname_to_uid ( + OM_uint32 */*minor_status*/, + const gss_name_t /*pname*/, + const gss_OID /*mech_type*/, + uid_t */*uidp*/); + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token ( OM_uint32 */*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t token_buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_pseudo_random ( OM_uint32 */*minor_status*/, gss_ctx_id_t /*context_handle*/, @@ -519,41 +639,33 @@ _gsskrb5_pseudo_random ( gss_buffer_t /*prf_out*/); OM_uint32 -_gsskrb5_register_acceptor_identity (const char */*identity*/); +_gsskrb5_register_acceptor_identity ( + OM_uint32 */*min_stat*/, + const char */*identity*/); OM_uint32 _gsskrb5_release_buffer ( OM_uint32 * /*minor_status*/, gss_buffer_t buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_release_cred ( OM_uint32 * /*minor_status*/, gss_cred_id_t * cred_handle ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_release_name ( OM_uint32 * /*minor_status*/, gss_name_t * input_name ); -OM_uint32 -_gsskrb5_seal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - int /*qop_req*/, - gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t output_message_buffer ); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_set_cred_option ( OM_uint32 */*minor_status*/, gss_cred_id_t */*cred_handle*/, const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_set_sec_context_option ( OM_uint32 */*minor_status*/, gss_ctx_id_t */*context_handle*/, @@ -562,27 +674,22 @@ _gsskrb5_set_sec_context_option ( void _gsskrb5_set_status ( + int /*ret*/, const char */*fmt*/, ...); -OM_uint32 -_gsskrb5_sign ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*qop_req*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t message_token ); +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_store_cred ( + OM_uint32 */*minor_status*/, + gss_cred_id_t /*input_cred_handle*/, + gss_cred_usage_t /*cred_usage*/, + const gss_OID /*desired_mech*/, + OM_uint32 /*overwrite_cred*/, + OM_uint32 /*default_cred*/, + gss_OID_set */*elements_stored*/, + gss_cred_usage_t */*cred_usage_stored*/); -OM_uint32 -_gsskrb5_unseal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - int * qop_state ); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -591,14 +698,6 @@ _gsskrb5_unwrap ( int * /*conf_state*/, gss_qop_t * qop_state ); -OM_uint32 -_gsskrb5_verify ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t /*token_buffer*/, - int * qop_state ); - OM_uint32 _gsskrb5_verify_8003_checksum ( OM_uint32 */*minor_status*/, @@ -614,7 +713,7 @@ _gsskrb5_verify_header ( const void */*type*/, gss_OID /*oid*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_verify_mic ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -625,14 +724,14 @@ _gsskrb5_verify_mic ( OM_uint32 _gsskrb5_verify_mic_internal ( OM_uint32 * /*minor_status*/, - const gsskrb5_ctx /*context_handle*/, + const gsskrb5_ctx /*ctx*/, krb5_context /*context*/, const gss_buffer_t /*message_buffer*/, const gss_buffer_t /*token_buffer*/, gss_qop_t * /*qop_state*/, - char * type ); + const char * type ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_wrap ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -642,7 +741,7 @@ _gsskrb5_wrap ( int * /*conf_state*/, gss_buffer_t output_message_buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_wrap_size_limit ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -651,19 +750,12 @@ _gsskrb5_wrap_size_limit ( OM_uint32 /*req_output_size*/, OM_uint32 * max_input_size ); -krb5_error_code -_gsskrb5cfx_max_wrap_length_cfx ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - int /*conf_req_flag*/, - size_t /*input_length*/, - OM_uint32 */*output_length*/); - krb5_error_code _gsskrb5cfx_wrap_length_cfx ( krb5_context /*context*/, krb5_crypto /*crypto*/, int /*conf_req_flag*/, + int /*dce_style*/, size_t /*input_length*/, size_t */*output_length*/, size_t */*cksumsize*/, @@ -697,7 +789,8 @@ _gsskrb5i_get_token_key ( void _gsskrb5i_is_cfx ( + krb5_context /*context*/, gsskrb5_ctx /*ctx*/, - int */*is_cfx*/); + int /*acceptor*/); #endif /* __gsskrb5_private_h__ */ diff --git a/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h b/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h index 6ffb6070352..6b9b03f3490 100644 --- a/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h +++ b/crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h @@ -1,49 +1,48 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: gsskrb5_locl.h 20324 2007-04-12 16:46:01Z lha $ */ +/* $Id$ */ #ifndef GSSKRB5_LOCL_H #define GSSKRB5_LOCL_H -#ifdef HAVE_CONFIG_H #include -#endif #include #include #include #include +#include #include #include "cfx.h" @@ -54,19 +53,24 @@ struct gss_msg_order; -typedef struct { +typedef struct gsskrb5_ctx { struct krb5_auth_context_data *auth_context; + struct krb5_auth_context_data *deleg_auth_context; krb5_principal source, target; #define IS_DCE_STYLE(ctx) (((ctx)->flags & GSS_C_DCE_STYLE) != 0) OM_uint32 flags; - enum { LOCAL = 1, OPEN = 2, + enum { LOCAL = 1, OPEN = 2, COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8, - ACCEPTOR_SUBKEY = 16 + ACCEPTOR_SUBKEY = 16, + RETRIED = 32, + CLOSE_CCACHE = 64, + IS_CFX = 128 } more_flags; enum gss_ctx_id_t_state { /* initiator states */ INITIATOR_START, + INITIATOR_RESTART, INITIATOR_WAIT_FOR_MUTAL, INITIATOR_READY, /* acceptor states */ @@ -74,18 +78,22 @@ typedef struct { ACCEPTOR_WAIT_FOR_DCESTYLE, ACCEPTOR_READY } state; + krb5_creds *kcred; + krb5_ccache ccache; struct krb5_ticket *ticket; OM_uint32 lifetime; HEIMDAL_MUTEX ctx_id_mutex; struct gss_msg_order *order; krb5_keyblock *service_keyblock; krb5_data fwd_data; + krb5_crypto crypto; } *gsskrb5_ctx; typedef struct { krb5_principal principal; int cred_flags; #define GSS_CF_DESTROY_CRED_ON_RELEASE 1 +#define GSS_CF_NO_CI_FLAGS 2 struct krb5_keytab_data *keytab; OM_uint32 lifetime; gss_cred_usage_t usage; @@ -104,16 +112,11 @@ typedef struct Principal *gsskrb5_name; extern krb5_keytab _gsskrb5_keytab; extern HEIMDAL_MUTEX gssapi_keytab_mutex; -struct gssapi_thr_context { - HEIMDAL_MUTEX mutex; - char *error_string; -}; - /* * Prototypes */ -#include +#include #define GSSAPI_KRB5_INIT(ctx) do { \ krb5_error_code kret_gss_init; \ @@ -131,4 +134,7 @@ struct gssapi_thr_context { #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +/* type to signal that that dns canon maybe should be done */ +#define MAGIC_HOSTBASED_NAME_TYPE 4711 + #endif diff --git a/crypto/heimdal/lib/gssapi/krb5/import_name.c b/crypto/heimdal/lib/gssapi/krb5/import_name.c index bf31db92325..5fe512672f9 100644 --- a/crypto/heimdal/lib/gssapi/krb5/import_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/import_name.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: import_name.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" static OM_uint32 parse_krb5_name (OM_uint32 *minor_status, @@ -83,18 +81,61 @@ import_krb5_name (OM_uint32 *minor_status, return ret; } +OM_uint32 +_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context, + int use_dns, krb5_const_principal sourcename, gss_name_t targetname, + krb5_principal *out) +{ + krb5_principal p = (krb5_principal)targetname; + krb5_error_code ret; + char *hostname = NULL, *service; + + *minor_status = 0; + + /* If its not a hostname */ + if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) { + ret = krb5_copy_principal(context, p, out); + } else if (!use_dns) { + ret = krb5_copy_principal(context, p, out); + if (ret) + goto out; + krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST); + if (sourcename) + ret = krb5_principal_set_realm(context, *out, sourcename->realm); + } else { + if (p->name.name_string.len == 0) + return GSS_S_BAD_NAME; + else if (p->name.name_string.len > 1) + hostname = p->name.name_string.val[1]; + + service = p->name.name_string.val[0]; + + ret = krb5_sname_to_principal(context, + hostname, + service, + KRB5_NT_SRV_HST, + out); + } + + out: + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + + static OM_uint32 import_hostbased_name (OM_uint32 *minor_status, krb5_context context, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { - krb5_error_code kerr; - char *tmp; - char *p; - char *host; - char local_hostname[MAXHOSTNAMELEN]; krb5_principal princ = NULL; + krb5_error_code kerr; + char *tmp, *p, *host = NULL; tmp = malloc (input_name_buffer->length + 1); if (tmp == NULL) { @@ -110,31 +151,20 @@ import_hostbased_name (OM_uint32 *minor_status, if (p != NULL) { *p = '\0'; host = p + 1; - } else { - if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { - *minor_status = errno; - free (tmp); - return GSS_S_FAILURE; - } - host = local_hostname; } - kerr = krb5_sname_to_principal (context, - host, - tmp, - KRB5_NT_SRV_HST, - &princ); + kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL); free (tmp); *minor_status = kerr; - if (kerr == 0) { - *output_name = (gss_name_t)princ; - return GSS_S_COMPLETE; - } - if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) return GSS_S_BAD_NAME; + else if (kerr) + return GSS_S_FAILURE; - return GSS_S_FAILURE; + krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE); + *output_name = (gss_name_t)princ; + + return 0; } static OM_uint32 @@ -159,7 +189,7 @@ import_export_name (OM_uint32 *minor_status, p[3] != GSS_KRB5_MECHANISM->length + 2 || p[4] != 0x06 || p[5] != GSS_KRB5_MECHANISM->length || - memcmp(&p[6], GSS_KRB5_MECHANISM->elements, + memcmp(&p[6], GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length) != 0) return GSS_S_BAD_NAME; @@ -185,7 +215,7 @@ import_export_name (OM_uint32 *minor_status, return ret; } -OM_uint32 _gsskrb5_import_name +OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_name (OM_uint32 * minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, @@ -196,7 +226,7 @@ OM_uint32 _gsskrb5_import_name *minor_status = 0; *output_name = GSS_C_NO_NAME; - + GSSAPI_KRB5_INIT (&context); if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) || @@ -205,7 +235,7 @@ OM_uint32 _gsskrb5_import_name context, input_name_buffer, output_name); - else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) + else if (input_name_type == GSS_C_NO_OID || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) /* default printable syntax */ @@ -216,7 +246,7 @@ OM_uint32 _gsskrb5_import_name else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { return import_export_name(minor_status, context, - input_name_buffer, + input_name_buffer, output_name); } else { *minor_status = 0; diff --git a/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c index 3300036a81b..3bab1802b3c 100644 --- a/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c +++ b/crypto/heimdal/lib/gssapi/krb5/import_sec_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: import_sec_context.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_sec_context ( OM_uint32 * minor_status, const gss_buffer_t interprocess_token, @@ -52,8 +50,7 @@ _gsskrb5_import_sec_context ( krb5_data data; gss_buffer_desc buffer; krb5_keyblock keyblock; - int32_t tmp; - int32_t flags; + int32_t flags, tmp; gsskrb5_ctx ctx; gss_name_t name; @@ -96,8 +93,9 @@ _gsskrb5_import_sec_context ( /* retrieve the auth context */ ac = ctx->auth_context; - if (krb5_ret_uint32 (sp, &ac->flags) != 0) + if (krb5_ret_int32 (sp, &tmp) != 0) goto failure; + ac->flags = tmp; if (flags & SC_LOCAL_ADDRESS) { if (krb5_ret_address (sp, localp = &local) != 0) goto failure; @@ -184,7 +182,7 @@ _gsskrb5_import_sec_context ( krb5_data_free (&data); goto failure; } - } + } ctx->target = (krb5_principal)name; krb5_data_free (&data); @@ -200,10 +198,12 @@ _gsskrb5_import_sec_context ( ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order); if (ret) - goto failure; - + goto failure; + krb5_storage_free (sp); + _gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0); + *context_handle = (gss_ctx_id_t)ctx; return GSS_S_COMPLETE; diff --git a/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c b/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c index eb886c24d34..620137884ae 100644 --- a/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c +++ b/crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: indicate_mechs.c 20688 2007-05-17 18:44:31Z lha $"); - -OM_uint32 _gsskrb5_indicate_mechs +OM_uint32 GSSAPI_CALLCONV _gsskrb5_indicate_mechs (OM_uint32 * minor_status, gss_OID_set * mech_set ) diff --git a/crypto/heimdal/lib/gssapi/krb5/init.c b/crypto/heimdal/lib/gssapi/krb5/init.c index 3bbdcc8ff1a..3a22c33ed69 100644 --- a/crypto/heimdal/lib/gssapi/krb5/init.c +++ b/crypto/heimdal/lib/gssapi/krb5/init.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2001, 2003, 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: init.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; static int created_key; diff --git a/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c b/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c index 05f7978e433..5f8b01b7270 100644 --- a/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: init_sec_context.c 22071 2007-11-14 20:04:50Z lha $"); +#include "gsskrb5_locl.h" /* * copy the addresses from `input_chan_bindings' (if any) to @@ -43,14 +41,14 @@ RCSID("$Id: init_sec_context.c 22071 2007-11-14 20:04:50Z lha $"); static OM_uint32 set_addresses (krb5_context context, krb5_auth_context ac, - const gss_channel_bindings_t input_chan_bindings) + const gss_channel_bindings_t input_chan_bindings) { - /* Port numbers are expected to be in application_data.value, - * initator's port first */ + /* Port numbers are expected to be in application_data.value, + * initator's port first */ krb5_address initiator_addr, acceptor_addr; krb5_error_code kret; - + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS || input_chan_bindings->application_data.length != 2 * sizeof(ac->local_port)) @@ -58,13 +56,13 @@ set_addresses (krb5_context context, memset(&initiator_addr, 0, sizeof(initiator_addr)); memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - + ac->local_port = *(int16_t *) input_chan_bindings->application_data.value; - + ac->remote_port = *((int16_t *) input_chan_bindings->application_data.value + 1); - + kret = _gsskrb5i_address_to_krb5addr(context, input_chan_bindings->acceptor_addrtype, &input_chan_bindings->acceptor_address, @@ -72,7 +70,7 @@ set_addresses (krb5_context context, &acceptor_addr); if (kret) return kret; - + kret = _gsskrb5i_address_to_krb5addr(context, input_chan_bindings->initiator_addrtype, &input_chan_bindings->initiator_address, @@ -82,15 +80,15 @@ set_addresses (krb5_context context, krb5_free_address (context, &acceptor_addr); return kret; } - + kret = krb5_auth_con_setaddrs(context, ac, &initiator_addr, /* local address */ &acceptor_addr); /* remote address */ - + krb5_free_address (context, &initiator_addr); krb5_free_address (context, &acceptor_addr); - + #if 0 free(input_chan_bindings->application_data.value); input_chan_bindings->application_data.value = NULL; @@ -119,8 +117,11 @@ _gsskrb5_create_ctx( return GSS_S_FAILURE; } ctx->auth_context = NULL; + ctx->deleg_auth_context = NULL; ctx->source = NULL; ctx->target = NULL; + ctx->kcred = NULL; + ctx->ccache = NULL; ctx->state = state; ctx->flags = 0; ctx->more_flags = 0; @@ -129,14 +130,21 @@ _gsskrb5_create_ctx( krb5_data_zero(&ctx->fwd_data); ctx->lifetime = GSS_C_INDEFINITE; ctx->order = NULL; + ctx->crypto = NULL; HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex); kret = krb5_auth_con_init (context, &ctx->auth_context); if (kret) { *minor_status = kret; - HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); - + return GSS_S_FAILURE; + } + + kret = krb5_auth_con_init (context, &ctx->deleg_auth_context); + if (kret) { + *minor_status = kret; + krb5_auth_con_free(context, ctx->auth_context); + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); return GSS_S_FAILURE; } @@ -144,9 +152,22 @@ _gsskrb5_create_ctx( if (kret) { *minor_status = kret; + krb5_auth_con_free(context, ctx->auth_context); + krb5_auth_con_free(context, ctx->deleg_auth_context); + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + return GSS_S_BAD_BINDINGS; + } + + kret = set_addresses(context, ctx->deleg_auth_context, input_chan_bindings); + if (kret) { + *minor_status = kret; + krb5_auth_con_free(context, ctx->auth_context); + krb5_auth_con_free(context, ctx->deleg_auth_context); + + HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); return GSS_S_BAD_BINDINGS; } @@ -161,6 +182,16 @@ _gsskrb5_create_ctx( KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, NULL); + /* + * We need a sequence number + */ + + krb5_auth_con_addflags(context, + ctx->deleg_auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE | + KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, + NULL); + *context_handle = (gss_ctx_id_t)ctx; return GSS_S_COMPLETE; @@ -173,17 +204,29 @@ gsskrb5_get_creds( krb5_context context, krb5_ccache ccache, gsskrb5_ctx ctx, - krb5_const_principal target_name, + const gss_name_t target_name, + int use_dns, OM_uint32 time_req, - OM_uint32 * time_rec, - krb5_creds ** cred) + OM_uint32 * time_rec) { OM_uint32 ret; krb5_error_code kret; krb5_creds this_cred; OM_uint32 lifetime_rec; - *cred = NULL; + if (ctx->target) { + krb5_free_principal(context, ctx->target); + ctx->target = NULL; + } + if (ctx->kcred) { + krb5_free_creds(context, ctx->kcred); + ctx->kcred = NULL; + } + + ret = _gsskrb5_canon_name(minor_status, context, use_dns, + ctx->source, target_name, &ctx->target); + if (ret) + return ret; memset(&this_cred, 0, sizeof(this_cred)); this_cred.client = ctx->source; @@ -204,13 +247,13 @@ gsskrb5_get_creds( 0, ccache, &this_cred, - cred); + &ctx->kcred); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } - ctx->lifetime = (*cred)->times.endtime; + ctx->lifetime = ctx->kcred->times.endtime; ret = _gsskrb5_lifetime_left(minor_status, context, ctx->lifetime, &lifetime_rec); @@ -232,27 +275,33 @@ gsskrb5_initiator_ready( gsskrb5_ctx ctx, krb5_context context) { - OM_uint32 ret; - int32_t seq_number; - int is_cfx = 0; - OM_uint32 flags = ctx->flags; + OM_uint32 ret; + int32_t seq_number; + int is_cfx = 0; + OM_uint32 flags = ctx->flags; - krb5_auth_getremoteseqnumber (context, - ctx->auth_context, - &seq_number); + krb5_free_creds(context, ctx->kcred); + ctx->kcred = NULL; - _gsskrb5i_is_cfx(ctx, &is_cfx); + if (ctx->more_flags & CLOSE_CCACHE) + krb5_cc_close(context, ctx->ccache); + ctx->ccache = NULL; - ret = _gssapi_msg_order_create(minor_status, - &ctx->order, - _gssapi_msg_order_f(flags), - seq_number, 0, is_cfx); - if (ret) return ret; + krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number); - ctx->state = INITIATOR_READY; - ctx->more_flags |= OPEN; + _gsskrb5i_is_cfx(context, ctx, 0); + is_cfx = (ctx->more_flags & IS_CFX); - return GSS_S_COMPLETE; + ret = _gssapi_msg_order_create(minor_status, + &ctx->order, + _gssapi_msg_order_f(flags), + seq_number, 0, is_cfx); + if (ret) return ret; + + ctx->state = INITIATOR_READY; + ctx->more_flags |= OPEN; + + return GSS_S_COMPLETE; } /* @@ -266,39 +315,39 @@ do_delegation (krb5_context context, krb5_creds *cred, krb5_const_principal name, krb5_data *fwd_data, + uint32_t flagmask, uint32_t *flags) { krb5_creds creds; KDCOptions fwd_flags; krb5_error_code kret; - + memset (&creds, 0, sizeof(creds)); krb5_data_zero (fwd_data); - + kret = krb5_cc_get_principal(context, ccache, &creds.client); - if (kret) - goto out; - - kret = krb5_build_principal(context, - &creds.server, - strlen(creds.client->realm), - creds.client->realm, - KRB5_TGS_NAME, - creds.client->realm, - NULL); if (kret) - goto out; - + goto out; + + kret = krb5_make_principal(context, + &creds.server, + creds.client->realm, + KRB5_TGS_NAME, + creds.client->realm, + NULL); + if (kret) + goto out; + creds.times.endtime = 0; - + memset(&fwd_flags, 0, sizeof(fwd_flags)); fwd_flags.forwarded = 1; fwd_flags.forwardable = 1; - + if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ - name->name.name_string.len < 2) + name->name.name_string.len < 2) goto out; - + kret = krb5_get_forwarded_creds(context, ac, ccache, @@ -306,13 +355,13 @@ do_delegation (krb5_context context, name->name.name_string.val[1], &creds, fwd_data); - + out: if (kret) - *flags &= ~GSS_C_DELEG_FLAG; + *flags &= ~flagmask; else - *flags |= GSS_C_DELEG_FLAG; - + *flags |= flagmask; + if (creds.client) krb5_free_principal(context, creds.client); if (creds.server) @@ -326,13 +375,143 @@ do_delegation (krb5_context context, static OM_uint32 init_auth (OM_uint32 * minor_status, - gsskrb5_cred initiator_cred_handle, + gsskrb5_cred cred, gsskrb5_ctx ctx, krb5_context context, - krb5_const_principal name, + gss_name_t name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + krb5_error_code kret; + krb5_data outbuf; + krb5_data fwd_data; + OM_uint32 lifetime_rec; + int allow_dns = 1; + + krb5_data_zero(&outbuf); + krb5_data_zero(&fwd_data); + + *minor_status = 0; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + + if (cred == NULL) { + kret = krb5_cc_default (context, &ctx->ccache); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + ctx->more_flags |= CLOSE_CCACHE; + } else + ctx->ccache = cred->ccache; + + kret = krb5_cc_get_principal (context, ctx->ccache, &ctx->source); + if (kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + /* + * This is hideous glue for (NFS) clients that wants to limit the + * available enctypes to what it can support (encryption in + * kernel). If there is no enctypes selected for this credential, + * reset it to the default set of enctypes. + */ + { + krb5_enctype *enctypes = NULL; + + if (cred && cred->enctypes) + enctypes = cred->enctypes; + krb5_set_default_in_tkt_etypes(context, enctypes); + } + + /* canon name if needed for client + target realm */ + kret = krb5_cc_get_config(context, ctx->ccache, NULL, + "realm-config", &outbuf); + if (kret == 0) { + /* XXX 2 is no server canon */ + if (outbuf.length < 1 || ((((unsigned char *)outbuf.data)[0]) & 2)) + allow_dns = 0; + krb5_data_free(&outbuf); + } + + /* + * First we try w/o dns, hope that the KDC have register alias + * (and referrals if cross realm) for this principal. If that + * fails and if we are allowed to using this realm try again with + * DNS canonicalizion. + */ + ret = gsskrb5_get_creds(minor_status, context, ctx->ccache, + ctx, name, 0, time_req, + time_rec); + if (ret && allow_dns) + ret = gsskrb5_get_creds(minor_status, context, ctx->ccache, + ctx, name, 1, time_req, + time_rec); + if (ret) + goto failure; + + ctx->lifetime = ctx->kcred->times.endtime; + + ret = _gss_DES3_get_mic_compat(minor_status, ctx, context); + if (ret) + goto failure; + + ret = _gsskrb5_lifetime_left(minor_status, + context, + ctx->lifetime, + &lifetime_rec); + if (ret) + goto failure; + + if (lifetime_rec == 0) { + *minor_status = 0; + ret = GSS_S_CONTEXT_EXPIRED; + goto failure; + } + + krb5_auth_con_setkey(context, + ctx->auth_context, + &ctx->kcred->session); + + kret = krb5_auth_con_generatelocalsubkey(context, + ctx->auth_context, + &ctx->kcred->session); + if(kret) { + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + + return GSS_S_COMPLETE; + +failure: + if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE)) + krb5_cc_close(context, ctx->ccache); + ctx->ccache = NULL; + + return ret; + +} + +static OM_uint32 +init_auth_restart +(OM_uint32 * minor_status, + gsskrb5_cred cred, + gsskrb5_ctx ctx, + krb5_context context, + OM_uint32 req_flags, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID * actual_mech_type, @@ -344,142 +523,70 @@ init_auth OM_uint32 ret = GSS_S_FAILURE; krb5_error_code kret; krb5_flags ap_options; - krb5_creds *cred = NULL; krb5_data outbuf; - krb5_ccache ccache = NULL; uint32_t flags; krb5_data authenticator; Checksum cksum; krb5_enctype enctype; - krb5_data fwd_data; - OM_uint32 lifetime_rec; + krb5_data fwd_data, timedata; + int32_t offset = 0, oldoffset = 0; + uint32_t flagmask; krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); *minor_status = 0; - if (actual_mech_type) - *actual_mech_type = GSS_KRB5_MECHANISM; - - if (initiator_cred_handle == NULL) { - kret = krb5_cc_default (context, &ccache); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - } else - ccache = initiator_cred_handle->ccache; - - kret = krb5_cc_get_principal (context, ccache, &ctx->source); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_copy_principal (context, name, &ctx->target); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - ret = _gss_DES3_get_mic_compat(minor_status, ctx, context); - if (ret) - goto failure; - - /* - * This is hideous glue for (NFS) clients that wants to limit the - * available enctypes to what it can support (encryption in - * kernel). If there is no enctypes selected for this credential, - * reset it to the default set of enctypes. + * If the credential doesn't have ok-as-delegate, check if there + * is a realm setting and use that. */ - { - krb5_enctype *enctypes = NULL; + if (!ctx->kcred->flags.b.ok_as_delegate) { + krb5_data data; - if (initiator_cred_handle && initiator_cred_handle->enctypes) - enctypes = initiator_cred_handle->enctypes; - krb5_set_default_in_tkt_etypes(context, enctypes); + ret = krb5_cc_get_config(context, ctx->ccache, NULL, + "realm-config", &data); + if (ret == 0) { + /* XXX 1 is use ok-as-delegate */ + if (data.length < 1 || ((((unsigned char *)data.data)[0]) & 1) == 0) + req_flags &= ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG); + krb5_data_free(&data); + } } - ret = gsskrb5_get_creds(minor_status, - context, - ccache, - ctx, - ctx->target, - time_req, - time_rec, - &cred); - if (ret) - goto failure; + flagmask = 0; - ctx->lifetime = cred->times.endtime; + /* if we used GSS_C_DELEG_POLICY_FLAG, trust KDC */ + if ((req_flags & GSS_C_DELEG_POLICY_FLAG) + && ctx->kcred->flags.b.ok_as_delegate) + flagmask |= GSS_C_DELEG_FLAG | GSS_C_DELEG_POLICY_FLAG; + /* if there still is a GSS_C_DELEG_FLAG, use that */ + if (req_flags & GSS_C_DELEG_FLAG) + flagmask |= GSS_C_DELEG_FLAG; - ret = _gsskrb5_lifetime_left(minor_status, - context, - ctx->lifetime, - &lifetime_rec); - if (ret) { - goto failure; - } - - if (lifetime_rec == 0) { - *minor_status = 0; - ret = GSS_S_CONTEXT_EXPIRED; - goto failure; - } - - krb5_auth_con_setkey(context, - ctx->auth_context, - &cred->session); - - kret = krb5_auth_con_generatelocalsubkey(context, - ctx->auth_context, - &cred->session); - if(kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - /* - * If the credential doesn't have ok-as-delegate, check what local - * policy say about ok-as-delegate, default is FALSE that makes - * code ignore the KDC setting and follow what the application - * requested. If it is TRUE, strip of the GSS_C_DELEG_FLAG if the - * KDC doesn't set ok-as-delegate. - */ - if (!cred->flags.b.ok_as_delegate) { - krb5_boolean delegate; - - krb5_appdefault_boolean(context, - "gssapi", name->realm, - "ok-as-delegate", FALSE, &delegate); - if (delegate) - req_flags &= ~GSS_C_DELEG_FLAG; - } flags = 0; ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) + if (flagmask & GSS_C_DELEG_FLAG) { do_delegation (context, - ctx->auth_context, - ccache, cred, name, &fwd_data, &flags); - + ctx->deleg_auth_context, + ctx->ccache, ctx->kcred, ctx->target, + &fwd_data, flagmask, &flags); + } + if (req_flags & GSS_C_MUTUAL_FLAG) { flags |= GSS_C_MUTUAL_FLAG; ap_options |= AP_OPTS_MUTUAL_REQUIRED; } - + if (req_flags & GSS_C_REPLAY_FLAG) flags |= GSS_C_REPLAY_FLAG; if (req_flags & GSS_C_SEQUENCE_FLAG) flags |= GSS_C_SEQUENCE_FLAG; +#if 0 if (req_flags & GSS_C_ANON_FLAG) ; /* XXX */ +#endif if (req_flags & GSS_C_DCE_STYLE) { /* GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG */ flags |= GSS_C_DCE_STYLE | GSS_C_MUTUAL_FLAG; @@ -490,15 +597,23 @@ init_auth if (req_flags & GSS_C_EXTENDED_ERROR_FLAG) flags |= GSS_C_EXTENDED_ERROR_FLAG; - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; + if (req_flags & GSS_C_CONF_FLAG) { + flags |= GSS_C_CONF_FLAG; + } + if (req_flags & GSS_C_INTEG_FLAG) { + flags |= GSS_C_INTEG_FLAG; + } + if (cred == NULL || !(cred->cred_flags & GSS_CF_NO_CI_FLAGS)) { + flags |= GSS_C_CONF_FLAG; + flags |= GSS_C_INTEG_FLAG; + } flags |= GSS_C_TRANS_FLAG; - + if (ret_flags) *ret_flags = flags; ctx->flags = flags; ctx->more_flags |= LOCAL; - + ret = _gsskrb5_create_8003_checksum (minor_status, input_chan_bindings, flags, @@ -510,16 +625,32 @@ init_auth enctype = ctx->auth_context->keyblock->keytype; - kret = krb5_build_authenticator (context, + ret = krb5_cc_get_config(context, ctx->ccache, ctx->target, + "time-offset", &timedata); + if (ret == 0) { + if (timedata.length == 4) { + const u_char *p = timedata.data; + offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); + } + krb5_data_free(&timedata); + } + + if (offset) { + krb5_get_kdc_sec_offset (context, &oldoffset, NULL); + krb5_set_kdc_sec_offset (context, offset, -1); + } + + kret = _krb5_build_authenticator(context, ctx->auth_context, enctype, - cred, + ctx->kcred, &cksum, - NULL, &authenticator, KRB5_KU_AP_REQ_AUTH); if (kret) { + if (offset) + krb5_set_kdc_sec_offset (context, oldoffset, -1); *minor_status = kret; ret = GSS_S_FAILURE; goto failure; @@ -527,27 +658,31 @@ init_auth kret = krb5_build_ap_req (context, enctype, - cred, + ctx->kcred, ap_options, authenticator, &outbuf); - + if (offset) + krb5_set_kdc_sec_offset (context, oldoffset, -1); if (kret) { *minor_status = kret; ret = GSS_S_FAILURE; goto failure; } - ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, - (u_char *)"\x01\x00", GSS_KRB5_MECHANISM); - if (ret) - goto failure; + if (flags & GSS_C_DCE_STYLE) { + output_token->value = outbuf.data; + output_token->length = outbuf.length; + } else { + ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, + (u_char *)(intptr_t)"\x01\x00", + GSS_KRB5_MECHANISM); + krb5_data_free (&outbuf); + if (ret) + goto failure; + } - krb5_data_free (&outbuf); - krb5_free_creds(context, cred); free_Checksum(&cksum); - if (initiator_cred_handle == NULL) - krb5_cc_close(context, ccache); if (flags & GSS_C_MUTUAL_FLAG) { ctx->state = INITIATOR_WAIT_FOR_MUTAL; @@ -556,15 +691,52 @@ init_auth return gsskrb5_initiator_ready(minor_status, ctx, context); failure: - if(cred) - krb5_free_creds(context, cred); - if (ccache && initiator_cred_handle == NULL) - krb5_cc_close(context, ccache); + if (ctx->ccache && (ctx->more_flags & CLOSE_CCACHE)) + krb5_cc_close(context, ctx->ccache); + ctx->ccache = NULL; return ret; - } +static krb5_error_code +handle_error_packet(krb5_context context, + gsskrb5_ctx ctx, + krb5_data indata) +{ + krb5_error_code kret; + KRB_ERROR error; + + kret = krb5_rd_error(context, &indata, &error); + if (kret == 0) { + kret = krb5_error_from_rd_error(context, &error, NULL); + + /* save the time skrew for this host */ + if (kret == KRB5KRB_AP_ERR_SKEW) { + krb5_data timedata; + unsigned char p[4]; + int32_t t = error.stime - time(NULL); + + p[0] = (t >> 24) & 0xFF; + p[1] = (t >> 16) & 0xFF; + p[2] = (t >> 8) & 0xFF; + p[3] = (t >> 0) & 0xFF; + + timedata.data = p; + timedata.length = sizeof(p); + + krb5_cc_set_config(context, ctx->ccache, ctx->target, + "time-offset", &timedata); + + if ((ctx->more_flags & RETRIED) == 0) + ctx->state = INITIATOR_RESTART; + ctx->more_flags |= RETRIED; + } + free_KRB_ERROR (&error); + } + return kret; +} + + static OM_uint32 repl_mutual (OM_uint32 * minor_status, @@ -585,7 +757,6 @@ repl_mutual krb5_error_code kret; krb5_data indata; krb5_ap_rep_enc_part *repl; - int is_cfx = 0; output_token->length = 0; output_token->value = NULL; @@ -593,46 +764,57 @@ repl_mutual if (actual_mech_type) *actual_mech_type = GSS_KRB5_MECHANISM; - if (ctx->flags & GSS_C_DCE_STYLE) { + if (IS_DCE_STYLE(ctx)) { /* There is no OID wrapping. */ indata.length = input_token->length; indata.data = input_token->value; + kret = krb5_rd_rep(context, + ctx->auth_context, + &indata, + &repl); + if (kret) { + ret = _gsskrb5_decapsulate(minor_status, + input_token, + &indata, + "\x03\x00", + GSS_KRB5_MECHANISM); + if (ret == GSS_S_COMPLETE) { + *minor_status = handle_error_packet(context, ctx, indata); + } else { + *minor_status = kret; + } + return GSS_S_FAILURE; + } } else { ret = _gsskrb5_decapsulate (minor_status, input_token, &indata, "\x02\x00", GSS_KRB5_MECHANISM); - if (ret) { - /* XXX - Handle AP_ERROR */ - return ret; + if (ret == GSS_S_DEFECTIVE_TOKEN) { + /* check if there is an error token sent instead */ + ret = _gsskrb5_decapsulate (minor_status, + input_token, + &indata, + "\x03\x00", + GSS_KRB5_MECHANISM); + if (ret == GSS_S_COMPLETE) { + *minor_status = handle_error_packet(context, ctx, indata); + return GSS_S_FAILURE; + } + } + kret = krb5_rd_rep (context, + ctx->auth_context, + &indata, + &repl); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; } } - kret = krb5_rd_rep (context, - ctx->auth_context, - &indata, - &repl); - if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; - } krb5_free_ap_rep_enc_part (context, repl); - - _gsskrb5i_is_cfx(ctx, &is_cfx); - if (is_cfx) { - krb5_keyblock *key = NULL; - - kret = krb5_auth_con_getremotesubkey(context, - ctx->auth_context, - &key); - if (kret == 0 && key != NULL) { - ctx->more_flags |= ACCEPTOR_SUBKEY; - krb5_free_keyblock (context, key); - } - } - *minor_status = 0; if (time_rec) { @@ -647,30 +829,31 @@ repl_mutual *ret_flags = ctx->flags; if (req_flags & GSS_C_DCE_STYLE) { - int32_t con_flags; + int32_t local_seq, remote_seq; krb5_data outbuf; - /* Do don't do sequence number for the mk-rep */ - krb5_auth_con_removeflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - &con_flags); + /* + * So DCE_STYLE is strange. The client echos the seq number + * that the server used in the server's mk_rep in its own + * mk_rep(). After when done, it resets to it's own seq number + * for the gss_wrap calls. + */ - kret = krb5_mk_rep(context, - ctx->auth_context, - &outbuf); + krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq); + krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); + krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); + + kret = krb5_mk_rep(context, ctx->auth_context, &outbuf); if (kret) { *minor_status = kret; return GSS_S_FAILURE; } - + + /* reset local seq number */ + krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, local_seq); + output_token->length = outbuf.length; output_token->value = outbuf.data; - - krb5_auth_con_removeflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE, - NULL); } return gsskrb5_initiator_ready(minor_status, ctx, context); @@ -680,9 +863,9 @@ repl_mutual * gss_init_sec_context */ -OM_uint32 _gsskrb5_init_sec_context +OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, + const gss_cred_id_t cred_handle, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -697,8 +880,7 @@ OM_uint32 _gsskrb5_init_sec_context ) { krb5_context context; - gsskrb5_cred cred = (gsskrb5_cred)initiator_cred_handle; - krb5_const_principal name = (krb5_const_principal)target_name; + gsskrb5_cred cred = (gsskrb5_cred)cred_handle; gsskrb5_ctx ctx; OM_uint32 ret; @@ -724,25 +906,25 @@ OM_uint32 _gsskrb5_init_sec_context return GSS_S_BAD_NAME; } - if (mech_type != GSS_C_NO_OID && + if (mech_type != GSS_C_NO_OID && !gss_oid_equal(mech_type, GSS_KRB5_MECHANISM)) return GSS_S_BAD_MECH; if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { - OM_uint32 ret; + OM_uint32 ret1; if (*context_handle != GSS_C_NO_CONTEXT) { *minor_status = 0; return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE; } - - ret = _gsskrb5_create_ctx(minor_status, + + ret1 = _gsskrb5_create_ctx(minor_status, context_handle, context, input_chan_bindings, INITIATOR_START); - if (ret) - return ret; + if (ret1) + return ret1; } if (*context_handle == GSS_C_NO_CONTEXT) { @@ -754,22 +936,37 @@ OM_uint32 _gsskrb5_init_sec_context HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + again: switch (ctx->state) { case INITIATOR_START: ret = init_auth(minor_status, cred, ctx, context, - name, + target_name, mech_type, req_flags, time_req, - input_chan_bindings, input_token, actual_mech_type, output_token, ret_flags, time_rec); + if (ret != GSS_S_COMPLETE) + break; + /* FALL THOUGH */ + case INITIATOR_RESTART: + ret = init_auth_restart(minor_status, + cred, + ctx, + context, + req_flags, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); break; case INITIATOR_WAIT_FOR_MUTAL: ret = repl_mutual(minor_status, @@ -784,17 +981,24 @@ OM_uint32 _gsskrb5_init_sec_context output_token, ret_flags, time_rec); + if (ctx->state == INITIATOR_RESTART) + goto again; break; case INITIATOR_READY: - /* + /* * If we get there, the caller have called * gss_init_sec_context() one time too many. */ - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "init_sec_context " + "called one time too many"); + *minor_status = EINVAL; ret = GSS_S_BAD_STATUS; break; default: - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "init_sec_context " + "invalid state %d for client", + (int)ctx->state); + *minor_status = EINVAL; ret = GSS_S_BAD_STATUS; break; } diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_context.c b/crypto/heimdal/lib/gssapi/krb5/inquire_context.c index 41430568b00..ade8ec4b9cb 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_context.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: inquire_context.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 _gsskrb5_inquire_context ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_context ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_name_t * src_name, @@ -76,7 +74,7 @@ OM_uint32 _gsskrb5_inquire_context ( } if (lifetime_rec) { - ret = _gsskrb5_lifetime_left(minor_status, + ret = _gsskrb5_lifetime_left(minor_status, context, ctx->lifetime, lifetime_rec); diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c index 47bf71e686f..f88199692cd 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: inquire_cred.c 20688 2007-05-17 18:44:31Z lha $"); - -OM_uint32 _gsskrb5_inquire_cred +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred (OM_uint32 * minor_status, const gss_cred_id_t cred_handle, gss_name_t * output_name, @@ -60,7 +58,7 @@ OM_uint32 _gsskrb5_inquire_cred GSSAPI_KRB5_INIT (&context); if (cred_handle == GSS_C_NO_CREDENTIAL) { - ret = _gsskrb5_acquire_cred(minor_status, + ret = _gsskrb5_acquire_cred(minor_status, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, @@ -71,7 +69,7 @@ OM_uint32 _gsskrb5_inquire_cred if (ret == GSS_S_COMPLETE) acred = (gsskrb5_cred)aqcred_accept; - ret = _gsskrb5_acquire_cred(minor_status, + ret = _gsskrb5_acquire_cred(minor_status, GSS_C_NO_NAME, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, @@ -97,19 +95,19 @@ OM_uint32 _gsskrb5_inquire_cred if (output_name != NULL) { if (icred && icred->principal != NULL) { gss_name_t name; - + if (acred && acred->principal) name = (gss_name_t)acred->principal; else name = (gss_name_t)icred->principal; - + ret = _gsskrb5_duplicate_name(minor_status, name, output_name); if (ret) goto out; } else if (acred && acred->usage == GSS_C_ACCEPT) { krb5_principal princ; *minor_status = krb5_sname_to_principal(context, NULL, - NULL, KRB5_NT_SRV_HST, + NULL, KRB5_NT_SRV_HST, &princ); if (*minor_status) { ret = GSS_S_FAILURE; @@ -133,7 +131,7 @@ OM_uint32 _gsskrb5_inquire_cred if (acred) alife = acred->lifetime; if (icred) ilife = icred->lifetime; - ret = _gsskrb5_lifetime_left(minor_status, + ret = _gsskrb5_lifetime_left(minor_status, context, min(alife,ilife), lifetime); diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c index a8af2145bea..7bd9c11c605 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003, 2006, 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_mech.c 20634 2007-05-09 15:33:01Z lha $"); - -OM_uint32 _gsskrb5_inquire_cred_by_mech ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_mech ( OM_uint32 * minor_status, const gss_cred_id_t cred_handle, const gss_OID mech_type, @@ -49,7 +47,7 @@ OM_uint32 _gsskrb5_inquire_cred_by_mech ( OM_uint32 maj_stat; OM_uint32 lifetime; - maj_stat = + maj_stat = _gsskrb5_inquire_cred (minor_status, cred_handle, name, &lifetime, &usage, NULL); if (maj_stat) @@ -61,7 +59,7 @@ OM_uint32 _gsskrb5_inquire_cred_by_mech ( else *initiator_lifetime = 0; } - + if (acceptor_lifetime) { if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) *acceptor_lifetime = lifetime; diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c index da50b11d934..d560ed4ba1c 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c @@ -30,11 +30,9 @@ * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: inquire_cred_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 _gsskrb5_inquire_cred_by_oid +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_oid (OM_uint32 * minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c index 0ce051f19c0..6197a81b40a 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: inquire_mechs_for_name.c 20688 2007-05-17 18:44:31Z lha $"); - -OM_uint32 _gsskrb5_inquire_mechs_for_name ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_mechs_for_name ( OM_uint32 * minor_status, const gss_name_t input_name, gss_OID_set * mech_types diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c index 64abd3c34a9..65bd49c971b 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c @@ -1,50 +1,47 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: inquire_names_for_mech.c 20688 2007-05-17 18:44:31Z lha $"); - - -static gss_OID *name_list[] = { - &GSS_C_NT_HOSTBASED_SERVICE, - &GSS_C_NT_USER_NAME, - &GSS_KRB5_NT_PRINCIPAL_NAME, - &GSS_C_NT_EXPORT_NAME, +static gss_OID name_list[] = { + GSS_C_NT_HOSTBASED_SERVICE, + GSS_C_NT_USER_NAME, + GSS_KRB5_NT_PRINCIPAL_NAME, + GSS_C_NT_EXPORT_NAME, NULL }; -OM_uint32 _gsskrb5_inquire_names_for_mech ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_names_for_mech ( OM_uint32 * minor_status, const gss_OID mechanism, gss_OID_set * name_types @@ -64,10 +61,10 @@ OM_uint32 _gsskrb5_inquire_names_for_mech ( ret = gss_create_empty_oid_set(minor_status, name_types); if (ret != GSS_S_COMPLETE) return ret; - + for (i = 0; name_list[i] != NULL; i++) { - ret = gss_add_oid_set_member(minor_status, - *(name_list[i]), + ret = gss_add_oid_set_member(minor_status, + name_list[i], name_types); if (ret != GSS_S_COMPLETE) break; @@ -75,6 +72,6 @@ OM_uint32 _gsskrb5_inquire_names_for_mech ( if (ret != GSS_S_COMPLETE) gss_release_oid_set(NULL, name_types); - + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 5ca7536e6a3..b57217a4e83 100644 --- a/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -30,9 +30,7 @@ * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: inquire_sec_context_by_oid.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" static int oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) @@ -40,7 +38,7 @@ oid_prefix_equal(gss_OID oid_enc, gss_OID prefix_enc, unsigned *suffix) int ret; heim_oid oid; heim_oid prefix; - + *suffix = 0; ret = der_get_oid(oid_enc->elements, oid_enc->length, @@ -84,7 +82,7 @@ static OM_uint32 inquire_sec_context_tkt_flags if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - _gsskrb5_set_status("No ticket from which to obtain flags"); + _gsskrb5_set_status(EINVAL, "No ticket from which to obtain flags"); *minor_status = EINVAL; return GSS_S_BAD_MECH; } @@ -137,15 +135,15 @@ static OM_uint32 inquire_sec_context_get_subkey ret = _gsskrb5i_get_token_key(context_handle, context, &key); break; default: - _gsskrb5_set_status("%d is not a valid subkey type", keytype); + _gsskrb5_set_status(EINVAL, "%d is not a valid subkey type", keytype); ret = EINVAL; break; } HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - if (ret) + if (ret) goto out; if (key == NULL) { - _gsskrb5_set_status("have no subkey of type %d", keytype); + _gsskrb5_set_status(EINVAL, "have no subkey of type %d", keytype); ret = EINVAL; goto out; } @@ -161,10 +159,10 @@ static OM_uint32 inquire_sec_context_get_subkey { gss_buffer_desc value; - + value.length = data.length; value.value = data.data; - + maj_stat = gss_add_buffer_set_member(minor_status, &value, data_set); @@ -181,6 +179,46 @@ out: return maj_stat; } +static OM_uint32 inquire_sec_context_get_sspi_session_key + (OM_uint32 *minor_status, + const gsskrb5_ctx context_handle, + krb5_context context, + gss_buffer_set_t *data_set) +{ + krb5_keyblock *key; + OM_uint32 maj_stat = GSS_S_COMPLETE; + krb5_error_code ret; + gss_buffer_desc value; + + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(context_handle, context, &key); + HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + + if (ret) + goto out; + if (key == NULL) { + ret = EINVAL; + goto out; + } + + value.length = key->keyvalue.length; + value.value = key->keyvalue.data; + + maj_stat = gss_add_buffer_set_member(minor_status, + &value, + data_set); + krb5_free_keyblock(context, key); + + /* MIT also returns the enctype encoded as an OID in data_set[1] */ + +out: + if (ret) { + *minor_status = ret; + maj_stat = GSS_S_FAILURE; + } + return maj_stat; +} + static OM_uint32 inquire_sec_context_authz_data (OM_uint32 *minor_status, const gsskrb5_ctx context_handle, @@ -199,7 +237,7 @@ static OM_uint32 inquire_sec_context_authz_data if (context_handle->ticket == NULL) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); *minor_status = EINVAL; - _gsskrb5_set_status("No ticket to obtain authz data from"); + _gsskrb5_set_status(EINVAL, "No ticket to obtain authz data from"); return GSS_S_NO_CONTEXT; } @@ -242,7 +280,7 @@ static OM_uint32 inquire_sec_context_has_updated_spnego * mechanism. */ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - _gsskrb5i_is_cfx(context_handle, &is_updated); + is_updated = (context_handle->more_flags & IS_CFX); if (is_updated == 0) { krb5_keyblock *acceptor_subkey; @@ -277,12 +315,12 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, int32_t number; int is_cfx; krb5_data data; - + *minor_status = 0; HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - _gsskrb5i_is_cfx(context_handle, &is_cfx); + is_cfx = (context_handle->more_flags & IS_CFX); sp = krb5_storage_emem(); if (sp == NULL) { @@ -301,12 +339,16 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, context_handle->auth_context, &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); - krb5_auth_getremoteseqnumber (context, - context_handle->auth_context, - &number); + if (ret) goto out; + krb5_auth_con_getremoteseqnumber (context, + context_handle->auth_context, + &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ + if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); + if (ret) goto out; ret = krb5_store_int32(sp, (is_cfx) ? 1 : 0); if (ret) goto out; @@ -390,7 +432,7 @@ out: static OM_uint32 get_authtime(OM_uint32 *minor_status, - gsskrb5_ctx ctx, + gsskrb5_ctx ctx, gss_buffer_set_t *data_set) { @@ -401,13 +443,13 @@ get_authtime(OM_uint32 *minor_status, HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->ticket == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - _gsskrb5_set_status("No ticket to obtain auth time from"); + _gsskrb5_set_status(EINVAL, "No ticket to obtain auth time from"); *minor_status = EINVAL; return GSS_S_FAILURE; } - + authtime = ctx->ticket->ticket.authtime; - + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); _gsskrb5_encode_om_uint32(authtime, buf); @@ -420,17 +462,17 @@ get_authtime(OM_uint32 *minor_status, } -static OM_uint32 +static OM_uint32 get_service_keyblock (OM_uint32 *minor_status, - gsskrb5_ctx ctx, + gsskrb5_ctx ctx, gss_buffer_set_t *data_set) { krb5_storage *sp = NULL; krb5_data data; OM_uint32 maj_stat = GSS_S_COMPLETE; krb5_error_code ret = EINVAL; - + sp = krb5_storage_emem(); if (sp == NULL) { _gsskrb5_clear_status(); @@ -441,9 +483,10 @@ get_service_keyblock HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->service_keyblock == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - _gsskrb5_set_status("No service keyblock on gssapi context"); + krb5_storage_free(sp); + _gsskrb5_set_status(EINVAL, "No service keyblock on gssapi context"); *minor_status = EINVAL; - return GSS_S_FAILURE; + return GSS_S_FAILURE; } krb5_data_zero(&data); @@ -461,10 +504,10 @@ get_service_keyblock { gss_buffer_desc value; - + value.length = data.length; value.value = data.data; - + maj_stat = gss_add_buffer_set_member(minor_status, &value, data_set); @@ -484,7 +527,7 @@ out: * */ -OM_uint32 _gsskrb5_inquire_sec_context_by_oid +OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, @@ -527,6 +570,11 @@ OM_uint32 _gsskrb5_inquire_sec_context_by_oid context, ACCEPTOR_KEY, data_set); + } else if (gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) { + return inquire_sec_context_get_sspi_session_key(minor_status, + ctx, + context, + data_set); } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_AUTHTIME_X)) { return get_authtime(minor_status, ctx, data_set); } else if (oid_prefix_equal(desired_object, diff --git a/crypto/heimdal/lib/gssapi/krb5/pname_to_uid.c b/crypto/heimdal/lib/gssapi/krb5/pname_to_uid.c new file mode 100644 index 00000000000..ff754e77981 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/krb5/pname_to_uid.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gsskrb5_locl.h" + +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_pname_to_uid(OM_uint32 *minor_status, + const gss_name_t pname, + const gss_OID mech_type, + uid_t *uidp) +{ +#ifdef NO_LOCALNAME + *minor_status = KRB5_NO_LOCALNAME; + return GSS_S_FAILURE; +#else + krb5_error_code ret; + krb5_context context; + krb5_const_principal princ = (krb5_const_principal)pname; + char localname[256]; +#ifdef POSIX_GETPWNAM_R + char pwbuf[2048]; + struct passwd pw, *pwd; +#else + struct passwd *pwd; +#endif + + GSSAPI_KRB5_INIT(&context); + + *minor_status = 0; + + ret = krb5_aname_to_localname(context, princ, + sizeof(localname), localname); + if (ret != 0) { + *minor_status = ret; + return GSS_S_FAILURE; + } + +#ifdef POSIX_GETPWNAM_R + if (getpwnam_r(localname, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) { + *minor_status = KRB5_NO_LOCALNAME; + return GSS_S_FAILURE; + } +#else + pwd = getpwnam(localname); +#endif + + if (pwd == NULL) { + *minor_status = KRB5_NO_LOCALNAME; + return GSS_S_FAILURE; + } + + *uidp = pwd->pw_uid; + + return GSS_S_COMPLETE; +#endif /* NO_LOCALNAME */ +} diff --git a/crypto/heimdal/lib/gssapi/krb5/prf.c b/crypto/heimdal/lib/gssapi/krb5/prf.c index f79c9374a9c..162a3097099 100644 --- a/crypto/heimdal/lib/gssapi/krb5/prf.c +++ b/crypto/heimdal/lib/gssapi/krb5/prf.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: prf.c 21129 2007-06-18 20:28:44Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int prf_key, @@ -49,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, krb5_crypto crypto; krb5_data input, output; uint32_t num; + OM_uint32 junk; unsigned char *p; krb5_keyblock *key = NULL; + size_t dol; if (ctx == NULL) { *minor_status = 0; return GSS_S_NO_CONTEXT; } - if (desired_output_len <= 0) { + if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) { *minor_status = 0; return GSS_S_FAILURE; } + dol = desired_output_len; GSSAPI_KRB5_INIT (&context); @@ -72,14 +73,14 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, _gsskrb5i_get_initiator_subkey(ctx, context, &key); break; default: - _gsskrb5_set_status("unknown kerberos prf_key"); - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "unknown kerberos prf_key"); + *minor_status = EINVAL; return GSS_S_FAILURE; } if (key == NULL) { - _gsskrb5_set_status("no prf_key found"); - *minor_status = 0; + _gsskrb5_set_status(EINVAL, "no prf_key found"); + *minor_status = EINVAL; return GSS_S_FAILURE; } @@ -90,37 +91,38 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, return GSS_S_FAILURE; } - prf_out->value = malloc(desired_output_len); + prf_out->value = malloc(dol); if (prf_out->value == NULL) { - _gsskrb5_set_status("Out of memory"); + _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } - prf_out->length = desired_output_len; + prf_out->length = dol; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); input.length = prf_in->length + 4; input.data = malloc(prf_in->length + 4); if (input.data == NULL) { - OM_uint32 junk; - _gsskrb5_set_status("Out of memory"); + _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; gss_release_buffer(&junk, prf_out); krb5_crypto_destroy(context, crypto); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_FAILURE; } - memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length); + memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length); num = 0; p = prf_out->value; - while(desired_output_len > 0) { + while(dol > 0) { + size_t tsize; + _gsskrb5_encode_om_uint32(num, input.data); + ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { - OM_uint32 junk; *minor_status = ret; free(input.data); gss_release_buffer(&junk, prf_out); @@ -128,12 +130,15 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_FAILURE; } - memcpy(p, output.data, min(desired_output_len, output.length)); + + tsize = min(dol, output.length); + memcpy(p, output.data, tsize); p += output.length; - desired_output_len -= output.length; + dol -= tsize; krb5_data_free(&output); num++; } + free(input.data); krb5_crypto_destroy(context, crypto); diff --git a/crypto/heimdal/lib/gssapi/krb5/process_context_token.c b/crypto/heimdal/lib/gssapi/krb5/process_context_token.c index 15638f57fcc..0cc1c07cfbe 100644 --- a/crypto/heimdal/lib/gssapi/krb5/process_context_token.c +++ b/crypto/heimdal/lib/gssapi/krb5/process_context_token.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: process_context_token.c 19031 2006-11-13 18:02:57Z lha $"); - -OM_uint32 _gsskrb5_process_context_token ( +OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer @@ -44,20 +42,18 @@ OM_uint32 _gsskrb5_process_context_token ( krb5_context context; OM_uint32 ret = GSS_S_FAILURE; gss_buffer_desc empty_buffer; - gss_qop_t qop_state; empty_buffer.length = 0; empty_buffer.value = NULL; GSSAPI_KRB5_INIT (&context); - qop_state = GSS_C_QOP_DEFAULT; - - ret = _gsskrb5_verify_mic_internal(minor_status, + ret = _gsskrb5_verify_mic_internal(minor_status, (gsskrb5_ctx)context_handle, context, token_buffer, &empty_buffer, - GSS_C_QOP_DEFAULT, "\x01\x02"); + GSS_C_QOP_DEFAULT, + "\x01\x02"); if (ret == GSS_S_COMPLETE) ret = _gsskrb5_delete_sec_context(minor_status, diff --git a/crypto/heimdal/lib/gssapi/krb5/release_buffer.c b/crypto/heimdal/lib/gssapi/krb5/release_buffer.c index 5dff62631ab..b704e001ebd 100644 --- a/crypto/heimdal/lib/gssapi/krb5/release_buffer.c +++ b/crypto/heimdal/lib/gssapi/krb5/release_buffer.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: release_buffer.c 18334 2006-10-07 22:16:04Z lha $"); +#include "gsskrb5_locl.h" OM_uint32 _gsskrb5_release_buffer (OM_uint32 * minor_status, diff --git a/crypto/heimdal/lib/gssapi/krb5/release_cred.c b/crypto/heimdal/lib/gssapi/krb5/release_cred.c index ab5695b097b..105a7a6eb22 100644 --- a/crypto/heimdal/lib/gssapi/krb5/release_cred.c +++ b/crypto/heimdal/lib/gssapi/krb5/release_cred.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: release_cred.c 20753 2007-05-31 22:50:06Z lha $"); - -OM_uint32 _gsskrb5_release_cred +OM_uint32 GSSAPI_CALLCONV _gsskrb5_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle ) @@ -46,7 +44,7 @@ OM_uint32 _gsskrb5_release_cred *minor_status = 0; - if (*cred_handle == NULL) + if (*cred_handle == NULL) return GSS_S_COMPLETE; cred = (gsskrb5_cred)*cred_handle; @@ -61,11 +59,9 @@ OM_uint32 _gsskrb5_release_cred if (cred->keytab != NULL) krb5_kt_close(context, cred->keytab); if (cred->ccache != NULL) { - const krb5_cc_ops *ops; - ops = krb5_cc_get_ops(context, cred->ccache); if (cred->cred_flags & GSS_CF_DESTROY_CRED_ON_RELEASE) krb5_cc_destroy(context, cred->ccache); - else + else krb5_cc_close(context, cred->ccache); } gss_release_oid_set(&junk, &cred->mechanisms); diff --git a/crypto/heimdal/lib/gssapi/krb5/release_name.c b/crypto/heimdal/lib/gssapi/krb5/release_name.c index 80b91930fd3..57fc8a4e45e 100644 --- a/crypto/heimdal/lib/gssapi/krb5/release_name.c +++ b/crypto/heimdal/lib/gssapi/krb5/release_name.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: release_name.c 21128 2007-06-18 20:26:50Z lha $"); - -OM_uint32 _gsskrb5_release_name +OM_uint32 GSSAPI_CALLCONV _gsskrb5_release_name (OM_uint32 * minor_status, gss_name_t * input_name ) diff --git a/crypto/heimdal/lib/gssapi/krb5/sequence.c b/crypto/heimdal/lib/gssapi/krb5/sequence.c index 677a3c8d077..2e0e7b20f92 100644 --- a/crypto/heimdal/lib/gssapi/krb5/sequence.c +++ b/crypto/heimdal/lib/gssapi/krb5/sequence.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: sequence.c 18334 2006-10-07 22:16:04Z lha $"); +#include "gsskrb5_locl.h" #define DEFAULT_JITTER_WINDOW 20 @@ -57,19 +55,19 @@ msg_order_alloc(OM_uint32 *minor_status, OM_uint32 jitter_window) { size_t len; - + len = jitter_window * sizeof((*o)->elem[0]); len += sizeof(**o); len -= sizeof((*o)->elem[0]); - + *o = calloc(1, len); if (*o == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; - } - + } + *minor_status = 0; - return GSS_S_COMPLETE; + return GSS_S_COMPLETE; } /* @@ -78,9 +76,9 @@ msg_order_alloc(OM_uint32 *minor_status, OM_uint32 _gssapi_msg_order_create(OM_uint32 *minor_status, - struct gss_msg_order **o, - OM_uint32 flags, - OM_uint32 seq_num, + struct gss_msg_order **o, + OM_uint32 flags, + OM_uint32 seq_num, OM_uint32 jitter_window, int use_64) { @@ -118,7 +116,7 @@ elem_set(struct gss_msg_order *o, unsigned int slot, OM_uint32 val) } static void -elem_insert(struct gss_msg_order *o, +elem_insert(struct gss_msg_order *o, unsigned int after_slot, OM_uint32 seq_num) { @@ -143,7 +141,7 @@ OM_uint32 _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) { OM_uint32 r; - int i; + size_t i; if (o == NULL) return GSS_S_COMPLETE; @@ -159,11 +157,11 @@ _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) r = (o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG))==GSS_C_REPLAY_FLAG; - /* sequence number larger then largest sequence number + /* sequence number larger then largest sequence number * or smaller then the first sequence number */ if (seq_num > o->elem[0] || seq_num < o->first_seq - || o->length == 0) + || o->length == 0) { elem_insert(o, 0, seq_num); if (r) { @@ -217,7 +215,7 @@ _gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o) { krb5_error_code kret; OM_uint32 i; - + kret = krb5_store_int32(sp, o->flags); if (kret) return kret; @@ -233,51 +231,51 @@ _gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o) kret = krb5_store_int32(sp, o->first_seq); if (kret) return kret; - + for (i = 0; i < o->jitter_window; i++) { kret = krb5_store_int32(sp, o->elem[i]); if (kret) return kret; } - + return 0; } OM_uint32 _gssapi_msg_order_import(OM_uint32 *minor_status, - krb5_storage *sp, + krb5_storage *sp, struct gss_msg_order **o) { OM_uint32 ret; krb5_error_code kret; int32_t i, flags, start, length, jitter_window, first_seq; - + kret = krb5_ret_int32(sp, &flags); if (kret) goto failed; - ret = krb5_ret_int32(sp, &start); + kret = krb5_ret_int32(sp, &start); if (kret) goto failed; - ret = krb5_ret_int32(sp, &length); + kret = krb5_ret_int32(sp, &length); if (kret) goto failed; - ret = krb5_ret_int32(sp, &jitter_window); + kret = krb5_ret_int32(sp, &jitter_window); if (kret) goto failed; - ret = krb5_ret_int32(sp, &first_seq); + kret = krb5_ret_int32(sp, &first_seq); if (kret) goto failed; - + ret = msg_order_alloc(minor_status, o, jitter_window); if (ret != GSS_S_COMPLETE) return ret; - + (*o)->flags = flags; (*o)->start = start; (*o)->length = length; (*o)->jitter_window = jitter_window; (*o)->first_seq = first_seq; - + for( i = 0; i < jitter_window; i++ ) { kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i])); if (kret) diff --git a/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c b/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c index d0ca1c4d95d..bd387167510 100644 --- a/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/crypto/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -30,14 +30,7 @@ * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $"); - -static gss_OID_desc gss_krb5_import_cred_x_oid_desc = -{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */ - -gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc; +#include "gsskrb5_locl.h" static OM_uint32 import_cred(OM_uint32 *minor_status, @@ -112,8 +105,8 @@ import_cred(OM_uint32 *minor_status, free(str); str = NULL; - major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal, - keytab, cred_handle); + major_stat = _gsskrb5_krb5_import_cred(minor_status, id, keytab_principal, + keytab, cred_handle); out: if (id) krb5_cc_close(context, id); @@ -201,8 +194,29 @@ out: return major_stat; } +static OM_uint32 +no_ci_flags(OM_uint32 *minor_status, + krb5_context context, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + gsskrb5_cred cred; -OM_uint32 + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_FAILURE; + } + + cred = (gsskrb5_cred)*cred_handle; + cred->cred_flags |= GSS_CF_NO_CI_FLAGS; + + *minor_status = 0; + return GSS_S_COMPLETE; + +} + + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_set_cred_option (OM_uint32 *minor_status, gss_cred_id_t *cred_handle, @@ -224,6 +238,11 @@ _gsskrb5_set_cred_option if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X)) return allowed_enctypes(minor_status, context, cred_handle, value); + if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) { + return no_ci_flags(minor_status, context, cred_handle, value); + } + + *minor_status = EINVAL; return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c b/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c index 50441a11ad3..141ff722fb6 100644 --- a/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c +++ b/crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c @@ -34,9 +34,7 @@ * glue routine for _gsskrb5_inquire_sec_context_by_oid */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: set_sec_context_option.c 20384 2007-04-18 08:51:06Z lha $"); +#include "gsskrb5_locl.h" static OM_uint32 get_bool(OM_uint32 *minor_status, @@ -70,7 +68,37 @@ get_string(OM_uint32 *minor_status, return GSS_S_COMPLETE; } -OM_uint32 +static OM_uint32 +get_int32(OM_uint32 *minor_status, + const gss_buffer_t value, + OM_uint32 *ret) +{ + *minor_status = 0; + if (value == NULL || value->length == 0) + *ret = 0; + else if (value->length == sizeof(*ret)) + memcpy(ret, value->value, sizeof(*ret)); + else + return GSS_S_UNAVAILABLE; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +set_int32(OM_uint32 *minor_status, + const gss_buffer_t value, + OM_uint32 set) +{ + *minor_status = 0; + if (value->length == sizeof(set)) + memcpy(value->value, &set, sizeof(set)); + else + return GSS_S_UNAVAILABLE; + + return GSS_S_COMPLETE; +} + +OM_uint32 GSSAPI_CALLCONV _gsskrb5_set_sec_context_option (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, @@ -126,11 +154,10 @@ _gsskrb5_set_sec_context_option if (maj_stat != GSS_S_COMPLETE) return maj_stat; - _gsskrb5_register_acceptor_identity(str); + maj_stat = _gsskrb5_register_acceptor_identity(minor_status, str); free(str); - *minor_status = 0; - return GSS_S_COMPLETE; + return maj_stat; } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_DEFAULT_REALM_X)) { char *str; @@ -162,7 +189,7 @@ _gsskrb5_set_sec_context_option } memcpy(&c, value->value, sizeof(c)); krb5_set_send_to_kdc_func(context, - (krb5_send_to_kdc_func)c.func, + (krb5_send_to_kdc_func)c.func, c.ptr); } @@ -185,6 +212,47 @@ _gsskrb5_set_sec_context_option return GSS_S_FAILURE; return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_SET_TIME_OFFSET_X)) { + OM_uint32 offset; + time_t t; + + maj_stat = get_int32(minor_status, value, &offset); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + t = time(NULL) + offset; + + krb5_set_real_time(context, t, 0); + + *minor_status = 0; + return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_GET_TIME_OFFSET_X)) { + krb5_timestamp sec; + int32_t usec; + time_t t; + + t = time(NULL); + + krb5_us_timeofday (context, &sec, &usec); + + maj_stat = set_int32(minor_status, value, sec - t); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + *minor_status = 0; + return GSS_S_COMPLETE; + } else if (gss_oid_equal(desired_object, GSS_KRB5_PLUGIN_REGISTER_X)) { + struct gsskrb5_krb5_plugin c; + + if (value->length != sizeof(c)) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + memcpy(&c, value->value, sizeof(c)); + krb5_plugin_register(context, c.type, c.name, c.symbol); + + *minor_status = 0; + return GSS_S_COMPLETE; } *minor_status = EINVAL; diff --git a/crypto/heimdal/lib/gssapi/krb5/store_cred.c b/crypto/heimdal/lib/gssapi/krb5/store_cred.c new file mode 100644 index 00000000000..a3aa2fb83e7 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/krb5/store_cred.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gsskrb5_locl.h" + +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_store_cred(OM_uint32 *minor_status, + gss_cred_id_t input_cred_handle, + gss_cred_usage_t cred_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored) +{ + krb5_context context; + krb5_error_code ret; + gsskrb5_cred cred; + krb5_ccache id; + int destroy = 0; + + *minor_status = 0; + + if (cred_usage != GSS_C_INITIATE) { + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return GSS_S_FAILURE; + } + + if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) + return GSS_S_BAD_MECH; + + cred = (gsskrb5_cred)input_cred_handle; + if (cred == NULL) + return GSS_S_NO_CRED; + + GSSAPI_KRB5_INIT (&context); + + HEIMDAL_MUTEX_lock(&cred->cred_id_mutex); + if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return(GSS_S_FAILURE); + } + + if (cred->principal == NULL) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = GSS_KRB5_S_KG_TGT_MISSING; + return(GSS_S_FAILURE); + } + + /* write out cred to credential cache */ + + ret = krb5_cc_cache_match(context, cred->principal, &id); + if (ret) { + ret = krb5_cc_new_unique(context, NULL, NULL, &id); + if (ret) { + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = ret; + return(GSS_S_FAILURE); + } + destroy = 1; + } + + ret = krb5_cc_initialize(context, id, cred->principal); + if (ret == 0) + ret = krb5_cc_copy_match_f(context, cred->ccache, id, NULL, NULL, NULL); + if (ret) { + if (destroy) + krb5_cc_destroy(context, id); + else + krb5_cc_close(context, id); + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + *minor_status = ret; + return(GSS_S_FAILURE); + } + + if (default_cred) + krb5_cc_switch(context, id); + + krb5_cc_close(context, id); + + HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex); + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/krb5/test_cfx.c b/crypto/heimdal/lib/gssapi/krb5/test_cfx.c index b4536228a6e..0b196fcad24 100644 --- a/crypto/heimdal/lib/gssapi/krb5/test_cfx.c +++ b/crypto/heimdal/lib/gssapi/krb5/test_cfx.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -31,9 +31,7 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: test_cfx.c 19031 2006-11-13 18:02:57Z lha $"); +#include "gsskrb5_locl.h" struct range { size_t lower; @@ -49,22 +47,28 @@ struct range tests[] = { }; static void -test_range(const struct range *r, int integ, +test_range(const struct range *r, int integ, krb5_context context, krb5_crypto crypto) { krb5_error_code ret; size_t size, rsize; + struct gsskrb5_ctx ctx; for (size = r->lower; size < r->upper; size++) { - OM_uint32 max_wrap_size; size_t cksumsize; uint16_t padsize; + OM_uint32 minor; + OM_uint32 max_wrap_size; - ret = _gsskrb5cfx_max_wrap_length_cfx(context, - crypto, - integ, - size, - &max_wrap_size); + ctx.crypto = crypto; + + ret = _gssapi_wrap_size_cfx(&minor, + &ctx, + context, + integ, + 0, + size, + &max_wrap_size); if (ret) krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret); if (max_wrap_size == 0) @@ -73,13 +77,14 @@ test_range(const struct range *r, int integ, ret = _gsskrb5cfx_wrap_length_cfx(context, crypto, integ, + 0, max_wrap_size, &rsize, &cksumsize, &padsize); if (ret) krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret); if (size < rsize) - krb5_errx(context, 1, + krb5_errx(context, 1, "size (%d) < rsize (%d) for max_wrap_size %d", (int)size, (int)rsize, (int)max_wrap_size); } @@ -94,25 +99,34 @@ test_special(krb5_context context, krb5_crypto crypto, OM_uint32 max_wrap_size; size_t cksumsize; uint16_t padsize; + struct gsskrb5_ctx ctx; + OM_uint32 minor; - ret = _gsskrb5cfx_max_wrap_length_cfx(context, - crypto, - integ, - testsize, - &max_wrap_size); + ctx.crypto = crypto; + + ret = _gssapi_wrap_size_cfx(&minor, + &ctx, + context, + integ, + 0, + testsize, + &max_wrap_size); + if (ret) + krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret); if (ret) krb5_errx(context, 1, "_gsskrb5cfx_max_wrap_length_cfx: %d", ret); - + ret = _gsskrb5cfx_wrap_length_cfx(context, crypto, integ, + 0, max_wrap_size, &rsize, &cksumsize, &padsize); if (ret) krb5_errx(context, 1, "_gsskrb5cfx_wrap_length_cfx: %d", ret); - + if (testsize < rsize) - krb5_errx(context, 1, + krb5_errx(context, 1, "testsize (%d) < rsize (%d) for max_wrap_size %d", (int)testsize, (int)rsize, (int)max_wrap_size); } @@ -132,8 +146,8 @@ main(int argc, char **argv) ret = krb5_init_context(&context); if (ret) errx(1, "krb5_context_init: %d", ret); - - ret = krb5_generate_random_keyblock(context, + + ret = krb5_generate_random_keyblock(context, ENCTYPE_AES256_CTS_HMAC_SHA1_96, &keyblock); if (ret) diff --git a/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c b/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c index 51d8159262a..df5f11d8f73 100644 --- a/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c +++ b/crypto/heimdal/lib/gssapi/krb5/ticket_flags.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: ticket_flags.c 18334 2006-10-07 22:16:04Z lha $"); +#include "gsskrb5_locl.h" OM_uint32 _gsskrb5_get_tkt_flags(OM_uint32 *minor_status, diff --git a/crypto/heimdal/lib/gssapi/krb5/unwrap.c b/crypto/heimdal/lib/gssapi/krb5/unwrap.c index d0a33d86fbf..d6bc2047778 100644 --- a/crypto/heimdal/lib/gssapi/krb5/unwrap.c +++ b/crypto/heimdal/lib/gssapi/krb5/unwrap.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: unwrap.c 19031 2006-11-13 18:02:57Z lha $"); +#ifdef HEIM_WEAK_CRYPTO static OM_uint32 unwrap_des @@ -48,21 +48,29 @@ unwrap_des { u_char *p, *seq; size_t len; - MD5_CTX md5; + EVP_MD_CTX *md5; u_char hash[16]; + EVP_CIPHER_CTX des_ctx; DES_key_schedule schedule; DES_cblock deskey; DES_cblock zero; - int i; + size_t i; uint32_t seq_number; size_t padlength; OM_uint32 ret; int cstate; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 22 + 8 + 15; /* 45 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -90,49 +98,56 @@ unwrap_des if(cstate) { /* decrypt data */ memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); + memset (&zero, 0, sizeof(zero)); for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; - DES_set_key (&deskey, &schedule); - memset (&zero, 0, sizeof(zero)); - DES_cbc_encrypt ((void *)p, - (void *)p, - input_message_buffer->length - len, - &schedule, - &zero, - DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); + + + EVP_CIPHER_CTX_init(&des_ctx); + EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 0); + EVP_Cipher(&des_ctx, p, p, input_message_buffer->length - len); + EVP_CIPHER_CTX_cleanup(&des_ctx); + memset (&schedule, 0, sizeof(schedule)); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, input_message_buffer->length - len); - MD5_Final (hash, &md5); + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } + + md5 = EVP_MD_CTX_create(); + EVP_DigestInit_ex(md5, EVP_md5(), NULL); + EVP_DigestUpdate(md5, p - 24, 8); + EVP_DigestUpdate(md5, p, input_message_buffer->length - len); + EVP_DigestFinal_ex(md5, hash, NULL); + EVP_MD_CTX_destroy(md5); memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) + if (ct_memcmp (p - 8, hash, 8) != 0) return GSS_S_BAD_MIC; /* verify sequence number */ - + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)hash, DES_DECRYPT); + + EVP_CIPHER_CTX_init(&des_ctx); + EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); + EVP_Cipher(&des_ctx, p, p, 8); + EVP_CIPHER_CTX_cleanup(&des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); @@ -141,9 +156,9 @@ unwrap_des _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); if (cmp != 0) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -170,6 +185,7 @@ unwrap_des output_message_buffer->length); return GSS_S_COMPLETE; } +#endif static OM_uint32 unwrap_des3 @@ -195,10 +211,17 @@ unwrap_des3 krb5_crypto crypto; Checksum csum; int cmp; + int token_len; + + if (IS_DCE_STYLE(context_handle)) { + token_len = 34 + 8 + 15; /* 57 */ + } else { + token_len = input_message_buffer->length; + } p = input_message_buffer->value; ret = _gsskrb5_verify_header (&p, - input_message_buffer->length, + token_len, "\x02\x01", GSS_KRB5_MECHANISM); if (ret) @@ -207,16 +230,16 @@ unwrap_des3 if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; p += 2; - if (memcmp (p, "\x02\x00", 2) == 0) { + if (ct_memcmp (p, "\x02\x00", 2) == 0) { cstate = 1; - } else if (memcmp (p, "\xff\xff", 2) == 0) { + } else if (ct_memcmp (p, "\xff\xff", 2) == 0) { cstate = 0; } else return GSS_S_BAD_MIC; p += 2; if(conf_state != NULL) *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) + if (ct_memcmp (p, "\xff\xff", 2) != 0) return GSS_S_DEFECTIVE_TOKEN; p += 2; p += 28; @@ -245,15 +268,20 @@ unwrap_des3 memcpy (p, tmp.data, tmp.length); krb5_data_free(&tmp); } - /* check pad */ - ret = _gssapi_verify_pad(input_message_buffer, - input_message_buffer->length - len, - &padlength); - if (ret) - return ret; + + if (IS_DCE_STYLE(context_handle)) { + padlength = 0; + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, + input_message_buffer->length - len, + &padlength); + if (ret) + return ret; + } /* verify sequence number */ - + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 28; @@ -292,10 +320,10 @@ unwrap_des3 _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); - + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); + krb5_data_free (&seq_data); if (cmp != 0) { *minor_status = 0; @@ -352,7 +380,7 @@ unwrap_des3 return GSS_S_COMPLETE; } -OM_uint32 _gsskrb5_unwrap +OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, @@ -369,11 +397,16 @@ OM_uint32 _gsskrb5_unwrap output_message_buffer->value = NULL; output_message_buffer->length = 0; + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; GSSAPI_KRB5_INIT (&context); - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; + if (ctx->more_flags & IS_CFX) + return _gssapi_unwrap_cfx (minor_status, ctx, context, + input_message_buffer, output_message_buffer, + conf_state, qop_state); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -387,9 +420,13 @@ OM_uint32 _gsskrb5_unwrap switch (keytype) { case KEYTYPE_DES : +#ifdef HEIM_WEAK_CRYPTO ret = unwrap_des (minor_status, ctx, input_message_buffer, output_message_buffer, conf_state, qop_state, key); +#else + ret = GSS_S_FAILURE; +#endif break; case KEYTYPE_DES3 : ret = unwrap_des3 (minor_status, ctx, context, @@ -403,9 +440,7 @@ OM_uint32 _gsskrb5_unwrap conf_state, qop_state, key); break; default : - ret = _gssapi_unwrap_cfx (minor_status, ctx, context, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); + abort(); break; } krb5_free_keyblock (context, key); diff --git a/crypto/heimdal/lib/gssapi/krb5/v1.c b/crypto/heimdal/lib/gssapi/krb5/v1.c deleted file mode 100644 index c5ebeb9dd77..00000000000 --- a/crypto/heimdal/lib/gssapi/krb5/v1.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: v1.c 18334 2006-10-07 22:16:04Z lha $"); - -/* These functions are for V1 compatibility */ - -OM_uint32 _gsskrb5_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token - ) -{ - return _gsskrb5_get_mic(minor_status, - context_handle, - (gss_qop_t)qop_req, - message_buffer, - message_token); -} - -OM_uint32 _gsskrb5_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state - ) -{ - return _gsskrb5_verify_mic(minor_status, - context_handle, - message_buffer, - token_buffer, - (gss_qop_t *)qop_state); -} - -OM_uint32 _gsskrb5_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) -{ - return _gsskrb5_wrap(minor_status, - context_handle, - conf_req_flag, - (gss_qop_t)qop_req, - input_message_buffer, - conf_state, - output_message_buffer); -} - -OM_uint32 _gsskrb5_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state - ) -{ - return _gsskrb5_unwrap(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - (gss_qop_t *)qop_state); -} diff --git a/crypto/heimdal/lib/gssapi/krb5/verify_mic.c b/crypto/heimdal/lib/gssapi/krb5/verify_mic.c index 52381afcc28..3123787ff47 100644 --- a/crypto/heimdal/lib/gssapi/krb5/verify_mic.c +++ b/crypto/heimdal/lib/gssapi/krb5/verify_mic.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" +#include "gsskrb5_locl.h" -RCSID("$Id: verify_mic.c 19031 2006-11-13 18:02:57Z lha $"); +#ifdef HEIM_WEAK_CRYPTO static OM_uint32 verify_mic_des @@ -44,13 +44,14 @@ verify_mic_des const gss_buffer_t token_buffer, gss_qop_t * qop_state, krb5_keyblock *key, - char *type + const char *type ) { u_char *p; - MD5_CTX md5; + EVP_MD_CTX *md5; u_char hash[16], *seq; DES_key_schedule schedule; + EVP_CIPHER_CTX des_ctx; DES_cblock zero; DES_cblock deskey; uint32_t seq_number; @@ -74,32 +75,35 @@ verify_mic_des p += 16; /* verify checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, - message_buffer->length); - MD5_Final (hash, &md5); + md5 = EVP_MD_CTX_create(); + EVP_DigestInit_ex(md5, EVP_md5(), NULL); + EVP_DigestUpdate(md5, p - 24, 8); + EVP_DigestUpdate(md5, message_buffer->value, message_buffer->length); + EVP_DigestFinal_ex(md5, hash, NULL); + EVP_MD_CTX_destroy(md5); memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) { + if (ct_memcmp (p - 8, hash, 8) != 0) { memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); return GSS_S_BAD_MIC; } /* verify sequence number */ - + HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); p -= 16; - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)hash, DES_DECRYPT); + + EVP_CIPHER_CTX_init(&des_ctx); + EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, hash, 0); + EVP_Cipher(&des_ctx, p, p, 8); + EVP_CIPHER_CTX_cleanup(&des_ctx); memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); @@ -108,9 +112,9 @@ verify_mic_des _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); if (cmp != 0) { HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); @@ -127,6 +131,7 @@ verify_mic_des return GSS_S_COMPLETE; } +#endif static OM_uint32 verify_mic_des3 @@ -137,7 +142,7 @@ verify_mic_des3 const gss_buffer_t token_buffer, gss_qop_t * qop_state, krb5_keyblock *key, - char *type + const char *type ) { u_char *p; @@ -150,7 +155,7 @@ verify_mic_des3 Checksum csum; char *tmp; char ivec[8]; - + p = token_buffer->value; ret = _gsskrb5_verify_header (&p, token_buffer->length, @@ -209,9 +214,9 @@ retry: _gsskrb5_decode_om_uint32(seq, &seq_number); if (context_handle->more_flags & LOCAL) - cmp = memcmp(&seq[4], "\xff\xff\xff\xff", 4); + cmp = ct_memcmp(&seq[4], "\xff\xff\xff\xff", 4); else - cmp = memcmp(&seq[4], "\x00\x00\x00\x00", 4); + cmp = ct_memcmp(&seq[4], "\x00\x00\x00\x00", 4); krb5_data_free (&seq_data); if (cmp != 0) { @@ -266,21 +271,26 @@ retry: OM_uint32 _gsskrb5_verify_mic_internal (OM_uint32 * minor_status, - const gsskrb5_ctx context_handle, + const gsskrb5_ctx ctx, krb5_context context, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, - char * type + const char * type ) { krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; - HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex); - ret = _gsskrb5i_get_token_key(context_handle, context, &key); - HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); + if (ctx->more_flags & IS_CFX) + return _gssapi_verify_mic_cfx (minor_status, ctx, + context, message_buffer, token_buffer, + qop_state); + + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); + ret = _gsskrb5i_get_token_key(ctx, context, &key); + HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); if (ret) { *minor_status = ret; return GSS_S_FAILURE; @@ -289,35 +299,35 @@ _gsskrb5_verify_mic_internal krb5_enctype_to_keytype (context, key->keytype, &keytype); switch (keytype) { case KEYTYPE_DES : - ret = verify_mic_des (minor_status, context_handle, context, +#ifdef HEIM_WEAK_CRYPTO + ret = verify_mic_des (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); +#else + ret = GSS_S_FAILURE; +#endif break; case KEYTYPE_DES3 : - ret = verify_mic_des3 (minor_status, context_handle, context, + ret = verify_mic_des3 (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); break; case KEYTYPE_ARCFOUR : case KEYTYPE_ARCFOUR_56 : - ret = _gssapi_verify_mic_arcfour (minor_status, context_handle, + ret = _gssapi_verify_mic_arcfour (minor_status, ctx, context, message_buffer, token_buffer, qop_state, key, type); break; default : - ret = _gssapi_verify_mic_cfx (minor_status, context_handle, - context, - message_buffer, token_buffer, qop_state, - key); - break; + abort(); } krb5_free_keyblock (context, key); - + return ret; } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_verify_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -334,11 +344,11 @@ _gsskrb5_verify_mic if (qop_state != NULL) *qop_state = GSS_C_QOP_DEFAULT; - ret = _gsskrb5_verify_mic_internal(minor_status, + ret = _gsskrb5_verify_mic_internal(minor_status, (gsskrb5_ctx)context_handle, context, message_buffer, token_buffer, - qop_state, "\x01\x01"); + qop_state, (void *)(intptr_t)"\x01\x01"); return ret; } diff --git a/crypto/heimdal/lib/gssapi/krb5/wrap.c b/crypto/heimdal/lib/gssapi/krb5/wrap.c index d41379870ae..1026e41914e 100644 --- a/crypto/heimdal/lib/gssapi/krb5/wrap.c +++ b/crypto/heimdal/lib/gssapi/krb5/wrap.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "krb5/gsskrb5_locl.h" - -RCSID("$Id: wrap.c 19035 2006-11-14 09:49:56Z lha $"); +#include "gsskrb5_locl.h" /* * Return initiator subkey, or if that doesn't exists, the subkey. @@ -49,19 +47,19 @@ _gsskrb5i_get_initiator_subkey(const gsskrb5_ctx ctx, if (ctx->more_flags & LOCAL) { ret = krb5_auth_con_getlocalsubkey(context, - ctx->auth_context, + ctx->auth_context, key); } else { ret = krb5_auth_con_getremotesubkey(context, - ctx->auth_context, + ctx->auth_context, key); } if (ret == 0 && *key == NULL) ret = krb5_auth_con_getkey(context, - ctx->auth_context, + ctx->auth_context, key); if (ret == 0 && *key == NULL) { - krb5_set_error_string(context, "No initiator subkey available"); + krb5_set_error_message(context, 0, "No initiator subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; @@ -77,15 +75,15 @@ _gsskrb5i_get_acceptor_subkey(const gsskrb5_ctx ctx, if (ctx->more_flags & LOCAL) { ret = krb5_auth_con_getremotesubkey(context, - ctx->auth_context, + ctx->auth_context, key); } else { ret = krb5_auth_con_getlocalsubkey(context, - ctx->auth_context, + ctx->auth_context, key); } if (ret == 0 && *key == NULL) { - krb5_set_error_string(context, "No acceptor subkey available"); + krb5_set_error_message(context, 0, "No acceptor subkey available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return ret; @@ -106,7 +104,7 @@ _gsskrb5i_get_token_key(const gsskrb5_ctx ctx, _gsskrb5i_get_initiator_subkey(ctx, context, key); } if (*key == NULL) { - krb5_set_error_string(context, "No token key available"); + krb5_set_error_message(context, 0, "No token key available"); return GSS_KRB5_S_KG_NO_SUBKEY; } return 0; @@ -120,7 +118,7 @@ sub_wrap_size ( int extrasize ) { - size_t len, total_len; + size_t len, total_len; len = 8 + req_output_size + blocksize + extrasize; @@ -136,7 +134,7 @@ sub_wrap_size ( return GSS_S_COMPLETE; } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gsskrb5_wrap_size_limit ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -154,6 +152,11 @@ _gsskrb5_wrap_size_limit ( GSSAPI_KRB5_INIT (&context); + if (ctx->more_flags & IS_CFX) + return _gssapi_wrap_size_cfx(minor_status, ctx, context, + conf_req_flag, qop_req, + req_output_size, max_input_size); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -165,21 +168,23 @@ _gsskrb5_wrap_size_limit ( switch (keytype) { case KEYTYPE_DES : +#ifdef HEIM_WEAK_CRYPTO ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); +#else + ret = GSS_S_FAILURE; +#endif break; - case KEYTYPE_ARCFOUR: - case KEYTYPE_ARCFOUR_56: + case ENCTYPE_ARCFOUR_HMAC_MD5: + case ENCTYPE_ARCFOUR_HMAC_MD5_56: ret = _gssapi_wrap_size_arcfour(minor_status, ctx, context, - conf_req_flag, qop_req, + conf_req_flag, qop_req, req_output_size, max_input_size, key); break; case KEYTYPE_DES3 : ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); break; default : - ret = _gssapi_wrap_size_cfx(minor_status, ctx, context, - conf_req_flag, qop_req, - req_output_size, max_input_size, key); + abort(); break; } krb5_free_keyblock (context, key); @@ -187,6 +192,8 @@ _gsskrb5_wrap_size_limit ( return ret; } +#ifdef HEIM_WEAK_CRYPTO + static OM_uint32 wrap_des (OM_uint32 * minor_status, @@ -201,19 +208,29 @@ wrap_des ) { u_char *p; - MD5_CTX md5; + EVP_MD_CTX *md5; u_char hash[16]; DES_key_schedule schedule; + EVP_CIPHER_CTX des_ctx; DES_cblock deskey; DES_cblock zero; - int i; + size_t i; int32_t seq_number; size_t len, total_len, padlength, datalen; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 22 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 22; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -252,14 +269,16 @@ wrap_des memset (p + 8 + input_message_buffer->length, padlength, padlength); /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, datalen); - MD5_Final (hash, &md5); + md5 = EVP_MD_CTX_create(); + EVP_DigestInit_ex(md5, EVP_md5(), NULL); + EVP_DigestUpdate(md5, p - 24, 8); + EVP_DigestUpdate(md5, p, datalen); + EVP_DigestFinal_ex(md5, hash, NULL); + EVP_MD_CTX_destroy(md5); memset (&zero, 0, sizeof(zero)); memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key (&deskey, &schedule); + DES_set_key_unchecked (&deskey, &schedule); DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); memcpy (p - 8, hash, 8); @@ -279,9 +298,10 @@ wrap_des (ctx->more_flags & LOCAL) ? 0 : 0xFF, 4); - DES_set_key (&deskey, &schedule); - DES_cbc_encrypt ((void *)p, (void *)p, 8, - &schedule, (DES_cblock *)(p + 8), DES_ENCRYPT); + EVP_CIPHER_CTX_init(&des_ctx); + EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, key->keyvalue.data, p + 8, 1); + EVP_Cipher(&des_ctx, p, p, 8); + EVP_CIPHER_CTX_cleanup(&des_ctx); krb5_auth_con_setlocalseqnumber (context, ctx->auth_context, @@ -296,14 +316,11 @@ wrap_des for (i = 0; i < sizeof(deskey); ++i) deskey[i] ^= 0xf0; - DES_set_key (&deskey, &schedule); - memset (&zero, 0, sizeof(zero)); - DES_cbc_encrypt ((void *)p, - (void *)p, - datalen, - &schedule, - &zero, - DES_ENCRYPT); + + EVP_CIPHER_CTX_init(&des_ctx); + EVP_CipherInit_ex(&des_ctx, EVP_des_cbc(), NULL, deskey, zero, 1); + EVP_Cipher(&des_ctx, p, p, datalen); + EVP_CIPHER_CTX_cleanup(&des_ctx); } memset (deskey, 0, sizeof(deskey)); memset (&schedule, 0, sizeof(schedule)); @@ -314,6 +331,8 @@ wrap_des return GSS_S_COMPLETE; } +#endif + static OM_uint32 wrap_des3 (OM_uint32 * minor_status, @@ -336,10 +355,19 @@ wrap_des3 Checksum cksum; krb5_data encdata; - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + if (IS_DCE_STYLE(ctx)) { + padlength = 0; + datalen = input_message_buffer->length; + len = 34 + 8; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + total_len += datalen; + datalen += 8; + } else { + padlength = 8 - (input_message_buffer->length % 8); + datalen = input_message_buffer->length + padlength + 8; + len = datalen + 34; + _gsskrb5_encap_length (len, &len, &total_len, GSS_KRB5_MECHANISM); + } output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); @@ -352,7 +380,7 @@ wrap_des3 p = _gsskrb5_make_header(output_message_buffer->value, len, "\x02\x01", /* TOK_ID */ - GSS_KRB5_MECHANISM); + GSS_KRB5_MECHANISM); /* SGN_ALG */ memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ @@ -449,7 +477,7 @@ wrap_des3 *minor_status = ret; return GSS_S_FAILURE; } - + assert (encdata.length == 8); memcpy (p, encdata.data, encdata.length); @@ -496,7 +524,8 @@ wrap_des3 return GSS_S_COMPLETE; } -OM_uint32 _gsskrb5_wrap +OM_uint32 GSSAPI_CALLCONV +_gsskrb5_wrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -512,8 +541,16 @@ OM_uint32 _gsskrb5_wrap krb5_keytype keytype; const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle; + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + GSSAPI_KRB5_INIT (&context); + if (ctx->more_flags & IS_CFX) + return _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag, + input_message_buffer, conf_state, + output_message_buffer); + HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); ret = _gsskrb5i_get_token_key(ctx, context, &key); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); @@ -525,9 +562,13 @@ OM_uint32 _gsskrb5_wrap switch (keytype) { case KEYTYPE_DES : +#ifdef HEIM_WEAK_CRYPTO ret = wrap_des (minor_status, ctx, context, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, key); +#else + ret = GSS_S_FAILURE; +#endif break; case KEYTYPE_DES3 : ret = wrap_des3 (minor_status, ctx, context, conf_req_flag, @@ -541,9 +582,7 @@ OM_uint32 _gsskrb5_wrap output_message_buffer, key); break; default : - ret = _gssapi_wrap_cfx (minor_status, ctx, context, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); + abort(); break; } krb5_free_keyblock (context, key); diff --git a/crypto/heimdal/lib/gssapi/mech/compat.h b/crypto/heimdal/lib/gssapi/mech/compat.h new file mode 100644 index 00000000000..e63f1e53430 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/compat.h @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_saslname_for_mech_t ( + OM_uint32 *, /* minor_status */ + const gss_OID, /* desired_mech */ + gss_buffer_t, /* sasl_mech_name */ + gss_buffer_t, /* mech_name */ + gss_buffer_t /* mech_description */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_mech_for_saslname_t ( + OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* sasl_mech_name */ + gss_OID * /* mech_type */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_inquire_attrs_for_mech_t ( + OM_uint32 *, /* minor_status */ + gss_const_OID, /* mech */ + gss_OID_set *, /* mech_attrs */ + gss_OID_set * /* known_mech_attrs */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_acquire_cred_with_password_t + (OM_uint32 *, /* minor_status */ + const gss_name_t, /* desired_name */ + const gss_buffer_t, /* password */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + ); + +typedef OM_uint32 GSSAPI_CALLCONV _gss_add_cred_with_password_t ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* input_cred_handle */ + const gss_name_t, /* desired_name */ + const gss_OID, /* desired_mech */ + const gss_buffer_t, /* password */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + +/* + * API-as-SPI compatibility for compatibility with MIT mechanisms; + * native Heimdal mechanisms should not use these. + */ +struct gss_mech_compat_desc_struct { + _gss_inquire_saslname_for_mech_t *gmc_inquire_saslname_for_mech; + _gss_inquire_mech_for_saslname_t *gmc_inquire_mech_for_saslname; + _gss_inquire_attrs_for_mech_t *gmc_inquire_attrs_for_mech; + _gss_acquire_cred_with_password_t *gmc_acquire_cred_with_password; +#if 0 + _gss_add_cred_with_password_t *gmc_add_cred_with_password; +#endif +}; + diff --git a/crypto/heimdal/lib/gssapi/mech/context.c b/crypto/heimdal/lib/gssapi/mech/context.c new file mode 100644 index 00000000000..5ea0ac466b7 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/context.c @@ -0,0 +1,163 @@ +#include "mech_locl.h" +#include "heim_threads.h" + +struct mg_thread_ctx { + gss_OID mech; + OM_uint32 maj_stat; + OM_uint32 min_stat; + gss_buffer_desc maj_error; + gss_buffer_desc min_error; +}; + +static HEIMDAL_MUTEX context_mutex = HEIMDAL_MUTEX_INITIALIZER; +static int created_key; +static HEIMDAL_thread_key context_key; + + +static void +destroy_context(void *ptr) +{ + struct mg_thread_ctx *mg = ptr; + OM_uint32 junk; + + if (mg == NULL) + return; + + gss_release_buffer(&junk, &mg->maj_error); + gss_release_buffer(&junk, &mg->min_error); + free(mg); +} + + +static struct mg_thread_ctx * +_gss_mechglue_thread(void) +{ + struct mg_thread_ctx *ctx; + int ret = 0; + + HEIMDAL_MUTEX_lock(&context_mutex); + + if (!created_key) { + HEIMDAL_key_create(&context_key, destroy_context, ret); + if (ret) { + HEIMDAL_MUTEX_unlock(&context_mutex); + return NULL; + } + created_key = 1; + } + HEIMDAL_MUTEX_unlock(&context_mutex); + + ctx = HEIMDAL_getspecific(context_key); + if (ctx == NULL) { + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) + return NULL; + HEIMDAL_setspecific(context_key, ctx, ret); + if (ret) { + free(ctx); + return NULL; + } + } + return ctx; +} + +OM_uint32 +_gss_mg_get_error(const gss_OID mech, OM_uint32 type, + OM_uint32 value, gss_buffer_t string) +{ + struct mg_thread_ctx *mg; + + mg = _gss_mechglue_thread(); + if (mg == NULL) + return GSS_S_BAD_STATUS; + +#if 0 + /* + * We cant check the mech here since a pseudo-mech might have + * called an lower layer and then the mech info is all broken + */ + if (mech != NULL && gss_oid_equal(mg->mech, mech) == 0) + return GSS_S_BAD_STATUS; +#endif + + switch (type) { + case GSS_C_GSS_CODE: { + if (value != mg->maj_stat || mg->maj_error.length == 0) + break; + string->value = malloc(mg->maj_error.length + 1); + string->length = mg->maj_error.length; + memcpy(string->value, mg->maj_error.value, mg->maj_error.length); + ((char *) string->value)[string->length] = '\0'; + return GSS_S_COMPLETE; + } + case GSS_C_MECH_CODE: { + if (value != mg->min_stat || mg->min_error.length == 0) + break; + string->value = malloc(mg->min_error.length + 1); + string->length = mg->min_error.length; + memcpy(string->value, mg->min_error.value, mg->min_error.length); + ((char *) string->value)[string->length] = '\0'; + return GSS_S_COMPLETE; + } + } + string->value = NULL; + string->length = 0; + return GSS_S_BAD_STATUS; +} + +void +_gss_mg_error(gssapi_mech_interface m, OM_uint32 maj, OM_uint32 min) +{ + OM_uint32 major_status, minor_status; + OM_uint32 message_content; + struct mg_thread_ctx *mg; + + /* + * Mechs without gss_display_status() does + * gss_mg_collect_error() by themself. + */ + if (m->gm_display_status == NULL) + return ; + + mg = _gss_mechglue_thread(); + if (mg == NULL) + return; + + gss_release_buffer(&minor_status, &mg->maj_error); + gss_release_buffer(&minor_status, &mg->min_error); + + mg->mech = &m->gm_mech_oid; + mg->maj_stat = maj; + mg->min_stat = min; + + major_status = m->gm_display_status(&minor_status, + maj, + GSS_C_GSS_CODE, + &m->gm_mech_oid, + &message_content, + &mg->maj_error); + if (GSS_ERROR(major_status)) { + mg->maj_error.value = NULL; + mg->maj_error.length = 0; + } + major_status = m->gm_display_status(&minor_status, + min, + GSS_C_MECH_CODE, + &m->gm_mech_oid, + &message_content, + &mg->min_error); + if (GSS_ERROR(major_status)) { + mg->min_error.value = NULL; + mg->min_error.length = 0; + } +} + +void +gss_mg_collect_error(gss_OID mech, OM_uint32 maj, OM_uint32 min) +{ + gssapi_mech_interface m = __gss_get_mechanism(mech); + if (m == NULL) + return; + _gss_mg_error(m, maj, min); +} diff --git a/crypto/heimdal/lib/gssapi/mech/context.h b/crypto/heimdal/lib/gssapi/mech/context.h new file mode 100644 index 00000000000..f2a7009cdad --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/context.h @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/context.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id$ + */ + +#include + +struct _gss_context { + gssapi_mech_interface gc_mech; + gss_ctx_id_t gc_ctx; +}; + +void +_gss_mg_error(gssapi_mech_interface, OM_uint32, OM_uint32); + +OM_uint32 +_gss_mg_get_error(const gss_OID, OM_uint32, OM_uint32, gss_buffer_t); diff --git a/crypto/heimdal/lib/gssapi/mech/cred.h b/crypto/heimdal/lib/gssapi/mech/cred.h new file mode 100644 index 00000000000..5661b532395 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/cred.h @@ -0,0 +1,57 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/cred.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id$ + */ + +struct _gss_mechanism_cred { + HEIM_SLIST_ENTRY(_gss_mechanism_cred) gmc_link; + gssapi_mech_interface gmc_mech; /* mechanism ops for MC */ + gss_OID gmc_mech_oid; /* mechanism oid for MC */ + gss_cred_id_t gmc_cred; /* underlying MC */ +}; +HEIM_SLIST_HEAD(_gss_mechanism_cred_list, _gss_mechanism_cred); + +struct _gss_cred { + struct _gss_mechanism_cred_list gc_mc; +}; + +struct _gss_mechanism_cred * +_gss_copy_cred(struct _gss_mechanism_cred *mc); + +struct _gss_mechanism_name; + +OM_uint32 +_gss_acquire_mech_cred(OM_uint32 *minor_status, + gssapi_mech_interface m, + const struct _gss_mechanism_name *mn, + gss_const_OID credential_type, + const void *credential_data, + OM_uint32 time_req, + gss_const_OID desired_mech, + gss_cred_usage_t cred_usage, + struct _gss_mechanism_cred **output_cred_handle); + diff --git a/crypto/heimdal/lib/gssapi/mech/doxygen.c b/crypto/heimdal/lib/gssapi/mech/doxygen.c new file mode 100644 index 00000000000..a341cba2dac --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/doxygen.c @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/*! @mainpage Heimdal GSS-API Library + * + * Heimdal implements the following mechanisms: + * + * - Kerberos 5 + * - SPNEGO + * - NTLM + * + * See @ref gssapi_mechs for more describtion about these mechanisms. + * + * The project web page: http://www.h5l.org/ + * + * - @ref gssapi_services_intro + * - @ref gssapi_mechs + * - @ref gssapi_api_INvsMN + */ + +/** + * @page gssapi_services_intro Introduction to GSS-API services + * @section gssapi_services GSS-API services + * + * @subsection gssapi_services_context Context creation + * + * - delegation + * - mutual authentication + * - anonymous + * - use per message before context creation has completed + * + * return status: + * - support conf + * - support int + * + * @subsection gssapi_context_flags Context creation flags + * + * - GSS_C_DELEG_FLAG + * - GSS_C_MUTUAL_FLAG + * - GSS_C_REPLAY_FLAG + * - GSS_C_SEQUENCE_FLAG + * - GSS_C_CONF_FLAG + * - GSS_C_INTEG_FLAG + * - GSS_C_ANON_FLAG + * - GSS_C_PROT_READY_FLAG + * - GSS_C_TRANS_FLAG + * - GSS_C_DCE_STYLE + * - GSS_C_IDENTIFY_FLAG + * - GSS_C_EXTENDED_ERROR_FLAG + * - GSS_C_DELEG_POLICY_FLAG + * + * + * @subsection gssapi_services_permessage Per-message services + * + * - conf + * - int + * - message integrity + * - replay detection + * - out of sequence + * + */ + +/** + * @page gssapi_mechs_intro GSS-API mechanisms + * @section gssapi_mechs GSS-API mechanisms + * + * - Kerberos 5 - GSS_KRB5_MECHANISM + * - SPNEGO - GSS_SPNEGO_MECHANISM + * - NTLM - GSS_NTLM_MECHANISM + + */ + + +/** + * @page internalVSmechname Internal names and mechanism names + * @section gssapi_api_INvsMN Name forms + * + * There are two forms of name in GSS-API, Internal form and + * Contiguous string ("flat") form. gss_export_name() and + * gss_import_name() can be used to convert between the two forms. + * + * - The contiguous string form is described by an oid specificing the + * type and an octet string. A special form of the contiguous + * string form is the exported name object. The exported name + * defined for each mechanism, is something that can be stored and + * complared later. The exported name is what should be used for + * ACLs comparisons. + * + * - The Internal form + * + * There is also special form of the Internal Name (IN), and that is + * the Mechanism Name (MN). In the mechanism name all the generic + * information is stripped of and only contain the information for + * one mechanism. In GSS-API some function return MN and some + * require MN as input. Each of these function is marked up as such. + * + * + * Describe relationship between import_name, canonicalize_name, + * export_name and friends. + */ + +/** @defgroup gssapi Heimdal GSS-API functions */ diff --git a/crypto/heimdal/lib/gssapi/mech/gss_accept_sec_context.c b/crypto/heimdal/lib/gssapi/mech/gss_accept_sec_context.c new file mode 100644 index 00000000000..bf7ea03f72e --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_accept_sec_context.c @@ -0,0 +1,308 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_accept_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +static OM_uint32 +parse_header(const gss_buffer_t input_token, gss_OID mech_oid) +{ + unsigned char *p = input_token->value; + size_t len = input_token->length; + size_t a, b; + + /* + * Token must start with [APPLICATION 0] SEQUENCE. + * But if it doesn't assume it is DCE-STYLE Kerberos! + */ + if (len == 0) + return (GSS_S_DEFECTIVE_TOKEN); + + p++; + len--; + + /* + * Decode the length and make sure it agrees with the + * token length. + */ + if (len == 0) + return (GSS_S_DEFECTIVE_TOKEN); + if ((*p & 0x80) == 0) { + a = *p; + p++; + len--; + } else { + b = *p & 0x7f; + p++; + len--; + if (len < b) + return (GSS_S_DEFECTIVE_TOKEN); + a = 0; + while (b) { + a = (a << 8) | *p; + p++; + len--; + b--; + } + } + if (a != len) + return (GSS_S_DEFECTIVE_TOKEN); + + /* + * Decode the OID for the mechanism. Simplify life by + * assuming that the OID length is less than 128 bytes. + */ + if (len < 2 || *p != 0x06) + return (GSS_S_DEFECTIVE_TOKEN); + if ((p[1] & 0x80) || p[1] > (len - 2)) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid->length = p[1]; + p += 2; + len -= 2; + mech_oid->elements = p; + + return GSS_S_COMPLETE; +} + +static gss_OID_desc krb5_mechanism = + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")}; +static gss_OID_desc ntlm_mechanism = + {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a")}; +static gss_OID_desc spnego_mechanism = + {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02")}; + +static OM_uint32 +choose_mech(const gss_buffer_t input, gss_OID mech_oid) +{ + OM_uint32 status; + + /* + * First try to parse the gssapi token header and see if it's a + * correct header, use that in the first hand. + */ + + status = parse_header(input, mech_oid); + if (status == GSS_S_COMPLETE) + return GSS_S_COMPLETE; + + /* + * Lets guess what mech is really is, callback function to mech ?? + */ + + if (input->length > 8 && + memcmp((const char *)input->value, "NTLMSSP\x00", 8) == 0) + { + *mech_oid = ntlm_mechanism; + return GSS_S_COMPLETE; + } else if (input->length != 0 && + ((const char *)input->value)[0] == 0x6E) + { + /* Could be a raw AP-REQ (check for APPLICATION tag) */ + *mech_oid = krb5_mechanism; + return GSS_S_COMPLETE; + } else if (input->length == 0) { + /* + * There is the a wierd mode of SPNEGO (in CIFS and + * SASL GSS-SPENGO where the first token is zero + * length and the acceptor returns a mech_list, lets + * hope that is what is happening now. + * + * http://msdn.microsoft.com/en-us/library/cc213114.aspx + * "NegTokenInit2 Variation for Server-Initiation" + */ + *mech_oid = spnego_mechanism; + return GSS_S_COMPLETE; + } + return status; +} + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_accept_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle) +{ + OM_uint32 major_status, mech_ret_flags, junk; + gssapi_mech_interface m; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle; + struct _gss_mechanism_cred *mc; + gss_cred_id_t acceptor_mc, delegated_mc; + gss_name_t src_mn; + gss_OID mech_ret_type = NULL; + + *minor_status = 0; + if (src_name) + *src_name = GSS_C_NO_NAME; + if (mech_type) + *mech_type = GSS_C_NO_OID; + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + if (delegated_cred_handle) + *delegated_cred_handle = GSS_C_NO_CREDENTIAL; + _mg_buffer_zero(output_token); + + + /* + * If this is the first call (*context_handle is NULL), we must + * parse the input token to figure out the mechanism to use. + */ + if (*context_handle == GSS_C_NO_CONTEXT) { + gss_OID_desc mech_oid; + + major_status = choose_mech(input_token, &mech_oid); + if (major_status != GSS_S_COMPLETE) + return major_status; + + /* + * Now that we have a mechanism, we can find the + * implementation. + */ + ctx = malloc(sizeof(struct _gss_context)); + if (!ctx) { + *minor_status = ENOMEM; + return (GSS_S_DEFECTIVE_TOKEN); + } + memset(ctx, 0, sizeof(struct _gss_context)); + m = ctx->gc_mech = __gss_get_mechanism(&mech_oid); + if (!m) { + free(ctx); + return (GSS_S_BAD_MECH); + } + *context_handle = (gss_ctx_id_t) ctx; + } else { + m = ctx->gc_mech; + } + + if (cred) { + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) + if (mc->gmc_mech == m) + break; + if (!mc) { + gss_delete_sec_context(&junk, context_handle, NULL); + return (GSS_S_BAD_MECH); + } + acceptor_mc = mc->gmc_cred; + } else { + acceptor_mc = GSS_C_NO_CREDENTIAL; + } + delegated_mc = GSS_C_NO_CREDENTIAL; + + mech_ret_flags = 0; + major_status = m->gm_accept_sec_context(minor_status, + &ctx->gc_ctx, + acceptor_mc, + input_token, + input_chan_bindings, + &src_mn, + &mech_ret_type, + output_token, + &mech_ret_flags, + time_rec, + &delegated_mc); + if (major_status != GSS_S_COMPLETE && + major_status != GSS_S_CONTINUE_NEEDED) + { + _gss_mg_error(m, major_status, *minor_status); + gss_delete_sec_context(&junk, context_handle, NULL); + return (major_status); + } + + if (mech_type) + *mech_type = mech_ret_type; + + if (src_name && src_mn) { + /* + * Make a new name and mark it as an MN. + */ + struct _gss_name *name = _gss_make_name(m, src_mn); + + if (!name) { + m->gm_release_name(minor_status, &src_mn); + gss_delete_sec_context(&junk, context_handle, NULL); + return (GSS_S_FAILURE); + } + *src_name = (gss_name_t) name; + } else if (src_mn) { + m->gm_release_name(minor_status, &src_mn); + } + + if (mech_ret_flags & GSS_C_DELEG_FLAG) { + if (!delegated_cred_handle) { + m->gm_release_cred(minor_status, &delegated_mc); + mech_ret_flags &= + ~(GSS_C_DELEG_FLAG|GSS_C_DELEG_POLICY_FLAG); + } else if (gss_oid_equal(mech_ret_type, &m->gm_mech_oid) == 0) { + /* + * If the returned mech_type is not the same + * as the mech, assume its pseudo mech type + * and the returned type is already a + * mech-glue object + */ + *delegated_cred_handle = delegated_mc; + + } else if (delegated_mc) { + struct _gss_cred *dcred; + struct _gss_mechanism_cred *dmc; + + dcred = malloc(sizeof(struct _gss_cred)); + if (!dcred) { + *minor_status = ENOMEM; + gss_delete_sec_context(&junk, context_handle, NULL); + return (GSS_S_FAILURE); + } + HEIM_SLIST_INIT(&dcred->gc_mc); + dmc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!dmc) { + free(dcred); + *minor_status = ENOMEM; + gss_delete_sec_context(&junk, context_handle, NULL); + return (GSS_S_FAILURE); + } + dmc->gmc_mech = m; + dmc->gmc_mech_oid = &m->gm_mech_oid; + dmc->gmc_cred = delegated_mc; + HEIM_SLIST_INSERT_HEAD(&dcred->gc_mc, dmc, gmc_link); + + *delegated_cred_handle = (gss_cred_id_t) dcred; + } + } + + if (ret_flags) + *ret_flags = mech_ret_flags; + return (major_status); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred.c b/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred.c new file mode 100644 index 00000000000..ade65df8ec8 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred.c @@ -0,0 +1,168 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_acquire_cred(OM_uint32 *minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + OM_uint32 major_status; + gss_OID_set mechs = desired_mechs; + gss_OID_set_desc set; + struct _gss_name *name = (struct _gss_name *) desired_name; + gssapi_mech_interface m; + struct _gss_cred *cred; + struct _gss_mechanism_cred *mc; + OM_uint32 min_time, cred_time; + size_t i; + + *minor_status = 0; + if (output_cred_handle == NULL) + return GSS_S_CALL_INACCESSIBLE_READ; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + if (time_rec) + *time_rec = 0; + + _gss_load_mech(); + + /* + * First make sure that at least one of the requested + * mechanisms is one that we support. + */ + if (mechs) { + for (i = 0; i < mechs->count; i++) { + int t; + gss_test_oid_set_member(minor_status, + &mechs->elements[i], _gss_mech_oids, &t); + if (t) + break; + } + if (i == mechs->count) { + *minor_status = 0; + return (GSS_S_BAD_MECH); + } + } + + if (actual_mechs) { + major_status = gss_create_empty_oid_set(minor_status, + actual_mechs); + if (major_status) + return (major_status); + } + + cred = malloc(sizeof(struct _gss_cred)); + if (!cred) { + if (actual_mechs) + gss_release_oid_set(minor_status, actual_mechs); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIM_SLIST_INIT(&cred->gc_mc); + + if (mechs == GSS_C_NO_OID_SET) + mechs = _gss_mech_oids; + + set.count = 1; + min_time = GSS_C_INDEFINITE; + for (i = 0; i < mechs->count; i++) { + struct _gss_mechanism_name *mn = NULL; + + m = __gss_get_mechanism(&mechs->elements[i]); + if (!m) + continue; + + if (desired_name != GSS_C_NO_NAME) { + major_status = _gss_find_mn(minor_status, name, + &mechs->elements[i], &mn); + if (major_status != GSS_S_COMPLETE) + continue; + } + + mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!mc) { + continue; + } + mc->gmc_mech = m; + mc->gmc_mech_oid = &m->gm_mech_oid; + + /* + * XXX Probably need to do something with actual_mechs. + */ + set.elements = &mechs->elements[i]; + major_status = m->gm_acquire_cred(minor_status, + (desired_name != GSS_C_NO_NAME + ? mn->gmn_name : GSS_C_NO_NAME), + time_req, &set, cred_usage, + &mc->gmc_cred, NULL, &cred_time); + if (major_status) { + free(mc); + continue; + } + if (cred_time < min_time) + min_time = cred_time; + + if (actual_mechs) { + major_status = gss_add_oid_set_member(minor_status, + mc->gmc_mech_oid, actual_mechs); + if (major_status) { + m->gm_release_cred(minor_status, + &mc->gmc_cred); + free(mc); + continue; + } + } + + HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); + } + + /* + * If we didn't manage to create a single credential, return + * an error. + */ + if (!HEIM_SLIST_FIRST(&cred->gc_mc)) { + free(cred); + if (actual_mechs) + gss_release_oid_set(minor_status, actual_mechs); + *minor_status = 0; + return (GSS_S_NO_CRED); + } + + if (time_rec) + *time_rec = min_time; + *output_cred_handle = (gss_cred_id_t) cred; + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred_ext.c b/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred_ext.c new file mode 100644 index 00000000000..1cbb29f141f --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred_ext.c @@ -0,0 +1,193 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Portions Copyright (c) 2011 PADL Software Pty Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +OM_uint32 +_gss_acquire_mech_cred(OM_uint32 *minor_status, + gssapi_mech_interface m, + const struct _gss_mechanism_name *mn, + gss_const_OID credential_type, + const void *credential_data, + OM_uint32 time_req, + gss_const_OID desired_mech, + gss_cred_usage_t cred_usage, + struct _gss_mechanism_cred **output_cred_handle) +{ + OM_uint32 major_status; + struct _gss_mechanism_cred *mc; + gss_OID_set_desc set2; + + *output_cred_handle = NULL; + + mc = calloc(1, sizeof(struct _gss_mechanism_cred)); + if (mc == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + mc->gmc_mech = m; + mc->gmc_mech_oid = &m->gm_mech_oid; + + set2.count = 1; + set2.elements = mc->gmc_mech_oid; + + if (m->gm_acquire_cred_ext) { + major_status = m->gm_acquire_cred_ext(minor_status, + mn->gmn_name, + credential_type, + credential_data, + time_req, + mc->gmc_mech_oid, + cred_usage, + &mc->gmc_cred); + } else if (gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD) && + m->gm_compat && + m->gm_compat->gmc_acquire_cred_with_password) { + /* + * Shim for mechanisms that adhere to API-as-SPI and do not + * implement gss_acquire_cred_ext(). + */ + + major_status = m->gm_compat->gmc_acquire_cred_with_password(minor_status, + mn->gmn_name, + (const gss_buffer_t)credential_data, + time_req, + &set2, + cred_usage, + &mc->gmc_cred, + NULL, + NULL); + } else if (credential_type == GSS_C_NO_OID) { + major_status = m->gm_acquire_cred(minor_status, + mn->gmn_name, + time_req, + &set2, + cred_usage, + &mc->gmc_cred, + NULL, + NULL); + } else { + major_status = GSS_S_UNAVAILABLE; + free(mc); + mc= NULL; + } + + *output_cred_handle = mc; + return major_status; +} + +OM_uint32 +_gss_acquire_cred_ext(OM_uint32 *minor_status, + const gss_name_t desired_name, + gss_const_OID credential_type, + const void *credential_data, + OM_uint32 time_req, + gss_const_OID desired_mech, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) desired_name; + gssapi_mech_interface m; + struct _gss_cred *cred; + gss_OID_set_desc set, *mechs; + size_t i; + + *minor_status = 0; + if (output_cred_handle == NULL) + return GSS_S_CALL_INACCESSIBLE_READ; + + _gss_load_mech(); + + if (desired_mech != GSS_C_NO_OID) { + int match = 0; + + gss_test_oid_set_member(minor_status, (gss_OID)desired_mech, + _gss_mech_oids, &match); + if (!match) + return GSS_S_BAD_MECH; + + set.count = 1; + set.elements = (gss_OID)desired_mech; + mechs = &set; + } else + mechs = _gss_mech_oids; + + cred = calloc(1, sizeof(*cred)); + if (cred == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + HEIM_SLIST_INIT(&cred->gc_mc); + + for (i = 0; i < mechs->count; i++) { + struct _gss_mechanism_name *mn = NULL; + struct _gss_mechanism_cred *mc = NULL; + gss_name_t desired_mech_name = GSS_C_NO_NAME; + + m = __gss_get_mechanism(&mechs->elements[i]); + if (!m) + continue; + + if (desired_name != GSS_C_NO_NAME) { + major_status = _gss_find_mn(minor_status, name, + &mechs->elements[i], &mn); + if (major_status != GSS_S_COMPLETE) + continue; + + desired_mech_name = mn->gmn_name; + } + + major_status = _gss_acquire_mech_cred(minor_status, m, mn, + credential_type, credential_data, + time_req, desired_mech, cred_usage, + &mc); + if (GSS_ERROR(major_status)) + continue; + + HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); + } + + /* + * If we didn't manage to create a single credential, return + * an error. + */ + if (!HEIM_SLIST_FIRST(&cred->gc_mc)) { + free(cred); + *minor_status = 0; + return GSS_S_NO_CRED; + } + + *output_cred_handle = (gss_cred_id_t) cred; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred_with_password.c b/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred_with_password.c new file mode 100644 index 00000000000..8c2a6488f8a --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_acquire_cred_with_password.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_acquire_cred_with_password(OM_uint32 *minor_status, + const gss_name_t desired_name, + const gss_buffer_t password, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + OM_uint32 major_status, tmp_minor; + + if (desired_mechs == GSS_C_NO_OID_SET) { + major_status = _gss_acquire_cred_ext(minor_status, + desired_name, + GSS_C_CRED_PASSWORD, + password, + time_req, + GSS_C_NO_OID, + cred_usage, + output_cred_handle); + if (GSS_ERROR(major_status)) + return major_status; + } else { + size_t i; + struct _gss_cred *new_cred; + + new_cred = calloc(1, sizeof(*new_cred)); + if (new_cred == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIM_SLIST_INIT(&new_cred->gc_mc); + + for (i = 0; i < desired_mechs->count; i++) { + struct _gss_cred *tmp_cred = NULL; + struct _gss_mechanism_cred *mc; + + major_status = _gss_acquire_cred_ext(minor_status, + desired_name, + GSS_C_CRED_PASSWORD, + password, + time_req, + &desired_mechs->elements[i], + cred_usage, + (gss_cred_id_t *)&tmp_cred); + if (GSS_ERROR(major_status)) + continue; + + mc = HEIM_SLIST_FIRST(&tmp_cred->gc_mc); + if (mc) { + HEIM_SLIST_REMOVE_HEAD(&tmp_cred->gc_mc, gmc_link); + HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link); + } + + gss_release_cred(&tmp_minor, (gss_cred_id_t *)&tmp_cred); + } + + if (!HEIM_SLIST_FIRST(&new_cred->gc_mc)) { + free(new_cred); + *minor_status = 0; + return GSS_S_NO_CRED; + } + + *output_cred_handle = (gss_cred_id_t)new_cred; + } + + if (actual_mechs != NULL || time_rec != NULL) { + major_status = gss_inquire_cred(minor_status, + *output_cred_handle, + NULL, + time_rec, + NULL, + actual_mechs); + if (GSS_ERROR(major_status)) { + gss_release_cred(&tmp_minor, output_cred_handle); + return major_status; + } + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_add_cred.c b/crypto/heimdal/lib/gssapi/mech/gss_add_cred.c new file mode 100644 index 00000000000..a998bc60ff8 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_add_cred.c @@ -0,0 +1,186 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_add_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +struct _gss_mechanism_cred * +_gss_copy_cred(struct _gss_mechanism_cred *mc) +{ + struct _gss_mechanism_cred *new_mc; + gssapi_mech_interface m = mc->gmc_mech; + OM_uint32 major_status, minor_status; + gss_name_t name; + gss_cred_id_t cred; + OM_uint32 initiator_lifetime, acceptor_lifetime; + gss_cred_usage_t cred_usage; + + major_status = m->gm_inquire_cred_by_mech(&minor_status, + mc->gmc_cred, mc->gmc_mech_oid, + &name, &initiator_lifetime, &acceptor_lifetime, &cred_usage); + if (major_status) { + _gss_mg_error(m, major_status, minor_status); + return (0); + } + + major_status = m->gm_add_cred(&minor_status, + GSS_C_NO_CREDENTIAL, name, mc->gmc_mech_oid, + cred_usage, initiator_lifetime, acceptor_lifetime, + &cred, 0, 0, 0); + m->gm_release_name(&minor_status, &name); + + if (major_status) { + _gss_mg_error(m, major_status, minor_status); + return (0); + } + + new_mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!new_mc) { + m->gm_release_cred(&minor_status, &cred); + return (0); + } + new_mc->gmc_mech = m; + new_mc->gmc_mech_oid = &m->gm_mech_oid; + new_mc->gmc_cred = cred; + + return (new_mc); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_add_cred(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle; + struct _gss_cred *new_cred; + gss_cred_id_t release_cred; + struct _gss_mechanism_cred *mc, *target_mc, *copy_mc; + struct _gss_mechanism_name *mn; + OM_uint32 junk; + + *minor_status = 0; + *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (initiator_time_rec) + *initiator_time_rec = 0; + if (acceptor_time_rec) + *acceptor_time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + + new_cred = malloc(sizeof(struct _gss_cred)); + if (!new_cred) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIM_SLIST_INIT(&new_cred->gc_mc); + + /* + * We go through all the mc attached to the input_cred_handle + * and check the mechanism. If it matches, we call + * gss_add_cred for that mechanism, otherwise we copy the mc + * to new_cred. + */ + target_mc = 0; + if (cred) { + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) { + target_mc = mc; + } + copy_mc = _gss_copy_cred(mc); + if (!copy_mc) { + release_cred = (gss_cred_id_t)new_cred; + gss_release_cred(&junk, &release_cred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, copy_mc, gmc_link); + } + } + + /* + * Figure out a suitable mn, if any. + */ + if (desired_name) { + major_status = _gss_find_mn(minor_status, + (struct _gss_name *) desired_name, + desired_mech, + &mn); + if (major_status != GSS_S_COMPLETE) { + free(new_cred); + return major_status; + } + } else { + mn = 0; + } + + m = __gss_get_mechanism(desired_mech); + + mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (!mc) { + release_cred = (gss_cred_id_t)new_cred; + gss_release_cred(&junk, &release_cred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + mc->gmc_mech = m; + mc->gmc_mech_oid = &m->gm_mech_oid; + + major_status = m->gm_add_cred(minor_status, + target_mc ? target_mc->gmc_cred : GSS_C_NO_CREDENTIAL, + desired_name ? mn->gmn_name : GSS_C_NO_NAME, + desired_mech, + cred_usage, + initiator_time_req, + acceptor_time_req, + &mc->gmc_cred, + actual_mechs, + initiator_time_rec, + acceptor_time_rec); + + if (major_status) { + _gss_mg_error(m, major_status, *minor_status); + release_cred = (gss_cred_id_t)new_cred; + gss_release_cred(&junk, &release_cred); + free(mc); + return (major_status); + } + HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link); + *output_cred_handle = (gss_cred_id_t) new_cred; + + return (GSS_S_COMPLETE); +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_add_cred_with_password.c b/crypto/heimdal/lib/gssapi/mech/gss_add_cred_with_password.c new file mode 100644 index 00000000000..f966305cfb1 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_add_cred_with_password.c @@ -0,0 +1,150 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_add_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_add_cred_with_password(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + const gss_buffer_t password, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle; + struct _gss_cred *new_cred; + struct _gss_mechanism_cred *mc; + struct _gss_mechanism_name *mn = NULL; + OM_uint32 junk, time_req; + + *minor_status = 0; + *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (initiator_time_rec) + *initiator_time_rec = 0; + if (acceptor_time_rec) + *acceptor_time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + + m = __gss_get_mechanism(desired_mech); + if (m == NULL) { + *minor_status = 0; + return (GSS_S_BAD_MECH); + } + + new_cred = calloc(1, sizeof(struct _gss_cred)); + if (new_cred == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIM_SLIST_INIT(&new_cred->gc_mc); + + /* + * Copy credentials from un-desired mechanisms to the new credential. + */ + if (cred) { + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + struct _gss_mechanism_cred *copy_mc; + + if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) { + continue; + } + copy_mc = _gss_copy_cred(mc); + if (copy_mc == NULL) { + gss_release_cred(&junk, (gss_cred_id_t *)&new_cred); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, copy_mc, gmc_link); + } + } + + /* + * Figure out a suitable mn, if any. + */ + if (desired_name != GSS_C_NO_NAME) { + major_status = _gss_find_mn(minor_status, + (struct _gss_name *) desired_name, + desired_mech, + &mn); + if (major_status != GSS_S_COMPLETE) { + gss_release_cred(&junk, (gss_cred_id_t *)&new_cred); + return (major_status); + } + } + + if (cred_usage == GSS_C_BOTH) + time_req = initiator_time_req > acceptor_time_req ? acceptor_time_req : initiator_time_req; + else if (cred_usage == GSS_C_INITIATE) + time_req = initiator_time_req; + else + time_req = acceptor_time_req; + + major_status = _gss_acquire_mech_cred(minor_status, m, mn, + GSS_C_CRED_PASSWORD, password, + time_req, desired_mech, + cred_usage, &mc); + if (major_status != GSS_S_COMPLETE) { + gss_release_cred(&junk, (gss_cred_id_t *)&new_cred); + return (major_status); + } + + HEIM_SLIST_INSERT_HEAD(&new_cred->gc_mc, mc, gmc_link); + + if (actual_mechs || initiator_time_rec || acceptor_time_rec) { + OM_uint32 time_rec; + + major_status = gss_inquire_cred(minor_status, + (gss_cred_id_t)new_cred, + NULL, + &time_rec, + NULL, + actual_mechs); + if (GSS_ERROR(major_status)) { + gss_release_cred(&junk, (gss_cred_id_t *)&new_cred); + return (major_status); + } + if (initiator_time_rec && + (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)) + *initiator_time_rec = time_rec; + if (acceptor_time_rec && + (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)) + *acceptor_time_rec = time_rec; + } + + *output_cred_handle = (gss_cred_id_t) new_cred; + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c b/crypto/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c new file mode 100644 index 00000000000..a23270511eb --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_add_oid_set_member.c @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +/** + * Add a oid to the oid set, function does not make a copy of the oid, + * so the pointer to member_oid needs to be stable for the whole time + * oid_set is used. + * + * If there is a duplicate member of the oid, the new member is not + * added to to the set. + * + * @param minor_status minor status code. + * @param member_oid member to add to the oid set + * @param oid_set oid set to add the member too + * + * @returns a gss_error code, see gss_display_status() about printing + * the error code. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_add_oid_set_member (OM_uint32 * minor_status, + const gss_OID member_oid, + gss_OID_set * oid_set) +{ + gss_OID tmp; + size_t n; + OM_uint32 res; + int present; + + res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present); + if (res != GSS_S_COMPLETE) + return res; + + if (present) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + + n = (*oid_set)->count + 1; + tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); + if (tmp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + (*oid_set)->elements = tmp; + (*oid_set)->count = n; + (*oid_set)->elements[n-1] = *member_oid; + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_aeap.c b/crypto/heimdal/lib/gssapi/mech/gss_aeap.c new file mode 100644 index 00000000000..3008c0d3448 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_aeap.c @@ -0,0 +1,216 @@ +/* + * AEAD support + */ + +#include "mech_locl.h" + +/** + * Encrypts or sign the data. + * + * This is a more complicated version of gss_wrap(), it allows the + * caller to use AEAD data (signed header/trailer) and allow greater + * controll over where the encrypted data is placed. + * + * The maximum packet size is gss_context_stream_sizes.max_msg_size. + * + * The caller needs provide the folloing buffers when using in conf_req_flag=1 mode: + * + * - HEADER (of size gss_context_stream_sizes.header) + * { DATA or SIGN_ONLY } (optional, zero or more) + * PADDING (of size gss_context_stream_sizes.blocksize, if zero padding is zero, can be omitted) + * TRAILER (of size gss_context_stream_sizes.trailer) + * + * - on DCE-RPC mode, the caller can skip PADDING and TRAILER if the + * DATA elements is padded to a block bountry and header is of at + * least size gss_context_stream_sizes.header + gss_context_stream_sizes.trailer. + * + * HEADER, PADDING, TRAILER will be shrunken to the size required to transmit any of them too large. + * + * To generate gss_wrap() compatible packets, use: HEADER | DATA | PADDING | TRAILER + * + * When used in conf_req_flag=0, + * + * - HEADER (of size gss_context_stream_sizes.header) + * { DATA or SIGN_ONLY } (optional, zero or more) + * PADDING (of size gss_context_stream_sizes.blocksize, if zero padding is zero, can be omitted) + * TRAILER (of size gss_context_stream_sizes.trailer) + * + * + * The input sizes of HEADER, PADDING and TRAILER can be fetched using gss_wrap_iov_length() or + * gss_context_query_attributes(). + * + * @ingroup gssapi + */ + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_iov(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int * conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + if (minor_status) + *minor_status = 0; + if (conf_state) + *conf_state = 0; + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + if (iov == NULL && iov_count != 0) + return GSS_S_CALL_INACCESSIBLE_READ; + + m = ctx->gc_mech; + + if (m->gm_wrap_iov == NULL) + return GSS_S_UNAVAILABLE; + + return (m->gm_wrap_iov)(minor_status, ctx->gc_ctx, + conf_req_flag, qop_req, conf_state, + iov, iov_count); +} + +/** + * Decrypt or verifies the signature on the data. + * + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + if (minor_status) + *minor_status = 0; + if (conf_state) + *conf_state = 0; + if (qop_state) + *qop_state = 0; + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + if (iov == NULL && iov_count != 0) + return GSS_S_CALL_INACCESSIBLE_READ; + + m = ctx->gc_mech; + + if (m->gm_unwrap_iov == NULL) + return GSS_S_UNAVAILABLE; + + return (m->gm_unwrap_iov)(minor_status, ctx->gc_ctx, + conf_state, qop_state, + iov, iov_count); +} + +/** + * Update the length fields in iov buffer for the types: + * - GSS_IOV_BUFFER_TYPE_HEADER + * - GSS_IOV_BUFFER_TYPE_PADDING + * - GSS_IOV_BUFFER_TYPE_TRAILER + * + * Consider using gss_context_query_attributes() to fetch the data instead. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_iov_length(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + if (minor_status) + *minor_status = 0; + if (conf_state) + *conf_state = 0; + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + if (iov == NULL && iov_count != 0) + return GSS_S_CALL_INACCESSIBLE_READ; + + m = ctx->gc_mech; + + if (m->gm_wrap_iov_length == NULL) + return GSS_S_UNAVAILABLE; + + return (m->gm_wrap_iov_length)(minor_status, ctx->gc_ctx, + conf_req_flag, qop_req, conf_state, + iov, iov_count); +} + +/** + * Free all buffer allocated by gss_wrap_iov() or gss_unwrap_iov() by + * looking at the GSS_IOV_BUFFER_FLAG_ALLOCATED flag. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_iov_buffer(OM_uint32 *minor_status, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 junk; + int i; + + if (minor_status) + *minor_status = 0; + if (iov == NULL && iov_count != 0) + return GSS_S_CALL_INACCESSIBLE_READ; + + for (i = 0; i < iov_count; i++) { + if ((iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) == 0) + continue; + gss_release_buffer(&junk, &iov[i].buffer); + iov[i].type &= ~GSS_IOV_BUFFER_FLAG_ALLOCATED; + } + return GSS_S_COMPLETE; +} + +/** + * Query the context for parameters. + * + * SSPI equivalent if this function is QueryContextAttributes. + * + * - GSS_C_ATTR_STREAM_SIZES data is a gss_context_stream_sizes. + * + * @ingroup gssapi + */ + +gss_OID_desc GSSAPI_LIB_FUNCTION __gss_c_attr_stream_sizes_oid_desc = + {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")}; + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_context_query_attributes(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID attribute, + void *data, + size_t len) +{ + if (minor_status) + *minor_status = 0; + + if (gss_oid_equal(GSS_C_ATTR_STREAM_SIZES, attribute)) { + memset(data, 0, len); + return GSS_S_COMPLETE; + } + + return GSS_S_FAILURE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_authorize_localname.c b/crypto/heimdal/lib/gssapi/mech/gss_authorize_localname.c new file mode 100644 index 00000000000..a0ad065da88 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_authorize_localname.c @@ -0,0 +1,187 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +gss_buffer_desc GSSAPI_LIB_VARIABLE __gss_c_attr_local_login_user = { + sizeof("local-login-user") - 1, + "local-login-user" +}; + +static OM_uint32 +mech_authorize_localname(OM_uint32 *minor_status, + const struct _gss_name *name, + const struct _gss_name *user) +{ + OM_uint32 major_status = GSS_S_NAME_NOT_MN; + struct _gss_mechanism_name *mn; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (m->gm_authorize_localname == NULL) { + major_status = GSS_S_UNAVAILABLE; + continue; + } + + major_status = m->gm_authorize_localname(minor_status, + mn->gmn_name, + &user->gn_value, + &user->gn_type); + if (major_status != GSS_S_UNAUTHORIZED) + break; + } + + return major_status; +} + +/* + * Naming extensions based local login authorization. + */ +static OM_uint32 +attr_authorize_localname(OM_uint32 *minor_status, + const struct _gss_name *name, + const struct _gss_name *user) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + int more = -1; + + if (!gss_oid_equal(&user->gn_type, GSS_C_NT_USER_NAME)) + return GSS_S_BAD_NAMETYPE; + + while (more != 0 && major_status != GSS_S_COMPLETE) { + OM_uint32 tmpMajor, tmpMinor; + gss_buffer_desc value; + gss_buffer_desc display_value; + int authenticated = 0, complete = 0; + + tmpMajor = gss_get_name_attribute(minor_status, + (gss_name_t)name, + GSS_C_ATTR_LOCAL_LOGIN_USER, + &authenticated, + &complete, + &value, + &display_value, + &more); + if (GSS_ERROR(tmpMajor)) { + major_status = tmpMajor; + break; + } + + /* If attribute is present, return an authoritative error code. */ + if (authenticated && + value.length == user->gn_value.length && + memcmp(value.value, user->gn_value.value, user->gn_value.length) == 0) + major_status = GSS_S_COMPLETE; + else + major_status = GSS_S_UNAUTHORIZED; + + gss_release_buffer(&tmpMinor, &value); + gss_release_buffer(&tmpMinor, &display_value); + } + + return major_status; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_authorize_localname(OM_uint32 *minor_status, + const gss_name_t gss_name, + const gss_name_t gss_user) + +{ + OM_uint32 major_status; + const struct _gss_name *name = (const struct _gss_name *) gss_name; + const struct _gss_name *user = (const struct _gss_name *) gss_user; + int mechAvailable = 0; + + *minor_status = 0; + + if (gss_name == GSS_C_NO_NAME || gss_user == GSS_C_NO_NAME) + return GSS_S_CALL_INACCESSIBLE_READ; + + /* + * We should check that the user name is not a mechanism name, but + * as Heimdal always calls the mechanism's gss_import_name(), it's + * not possible to make this check. + */ +#if 0 + if (HEIM_SLIST_FIRST(&user->gn_mn) != NULL) + return GSS_S_BAD_NAME; +#endif + + /* If mech returns yes, we return yes */ + major_status = mech_authorize_localname(minor_status, name, user); + if (major_status == GSS_S_COMPLETE) + return GSS_S_COMPLETE; + else if (major_status != GSS_S_UNAVAILABLE) + mechAvailable = 1; + + /* If attribute exists, it is authoritative */ + major_status = attr_authorize_localname(minor_status, name, user); + if (major_status == GSS_S_COMPLETE || major_status == GSS_S_UNAUTHORIZED) + return major_status; + + /* If mechanism did not implement SPI, compare the local name */ + if (mechAvailable == 0) { + int match = 0; + + major_status = gss_compare_name(minor_status, gss_name, + gss_user, &match); + if (major_status == GSS_S_COMPLETE && match == 0) + major_status = GSS_S_UNAUTHORIZED; + } + + return major_status; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_userok(const gss_name_t name, + const char *user) +{ + OM_uint32 major_status, minor_status; + gss_buffer_desc userBuf; + gss_name_t userName; + + userBuf.value = (void *)user; + userBuf.length = strlen(user); + + major_status = gss_import_name(&minor_status, &userBuf, + GSS_C_NT_USER_NAME, &userName); + if (GSS_ERROR(major_status)) + return 0; + + major_status = gss_authorize_localname(&minor_status, name, userName); + + gss_release_name(&minor_status, &userName); + + return (major_status == GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_buffer_set.c b/crypto/heimdal/lib/gssapi/mech/gss_buffer_set.c new file mode 100644 index 00000000000..48fb720ad09 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_buffer_set.c @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + + set = (gss_buffer_set_desc *) malloc(sizeof(*set)); + if (set == GSS_C_NO_BUFFER_SET) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + set->count = 0; + set->elements = NULL; + + *buffer_set = set; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + gss_buffer_t p; + OM_uint32 ret; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) { + ret = gss_create_empty_buffer_set(minor_status, + buffer_set); + if (ret) { + return ret; + } + } + + set = *buffer_set; + set->elements = realloc(set->elements, + (set->count + 1) * sizeof(set->elements[0])); + if (set->elements == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = &set->elements[set->count]; + + p->value = malloc(member_buffer->length); + if (p->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(p->value, member_buffer->value, member_buffer->length); + p->length = member_buffer->length; + + set->count++; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_buffer_set(OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + size_t i; + OM_uint32 minor; + + *minor_status = 0; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) + return GSS_S_COMPLETE; + + for (i = 0; i < (*buffer_set)->count; i++) + gss_release_buffer(&minor, &((*buffer_set)->elements[i])); + + free((*buffer_set)->elements); + + (*buffer_set)->elements = NULL; + (*buffer_set)->count = 0; + + free(*buffer_set); + *buffer_set = GSS_C_NO_BUFFER_SET; + + return GSS_S_COMPLETE; +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_canonicalize_name.c b/crypto/heimdal/lib/gssapi/mech/gss_canonicalize_name.c new file mode 100644 index 00000000000..bd8ff521207 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_canonicalize_name.c @@ -0,0 +1,111 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_canonicalize_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +/** + * gss_canonicalize_name takes a Internal Name (IN) and converts in into a + * mechanism specific Mechanism Name (MN). + * + * The input name may multiple name, or generic name types. + * + * If the input_name if of the GSS_C_NT_USER_NAME, and the Kerberos + * mechanism is specified, the resulting MN type is a + * GSS_KRB5_NT_PRINCIPAL_NAME. + * + * For more information about @ref internalVSmechname. + * + * @param minor_status minor status code. + * @param input_name name to covert, unchanged by gss_canonicalize_name(). + * @param mech_type the type to convert Name too. + * @param output_name the resulting type, release with + * gss_release_name(), independent of input_name. + * + * @returns a gss_error code, see gss_display_status() about printing + * the error code. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_canonicalize_name(OM_uint32 *minor_status, + const gss_name_t input_name, + const gss_OID mech_type, + gss_name_t *output_name) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + gssapi_mech_interface m; + gss_name_t new_canonical_name; + + *minor_status = 0; + *output_name = 0; + + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (major_status) + return major_status; + + m = mn->gmn_mech; + major_status = m->gm_canonicalize_name(minor_status, + mn->gmn_name, mech_type, &new_canonical_name); + if (major_status) { + _gss_mg_error(m, major_status, *minor_status); + return (major_status); + } + + /* + * Now we make a new name and mark it as an MN. + */ + *minor_status = 0; + name = malloc(sizeof(struct _gss_name)); + if (!name) { + m->gm_release_name(minor_status, &new_canonical_name); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(name, 0, sizeof(struct _gss_name)); + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + m->gm_release_name(minor_status, &new_canonical_name); + free(name); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + HEIM_SLIST_INIT(&name->gn_mn); + mn->gmn_mech = m; + mn->gmn_mech_oid = &m->gm_mech_oid; + mn->gmn_name = new_canonical_name; + HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + + *output_name = (gss_name_t) name; + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_compare_name.c b/crypto/heimdal/lib/gssapi/mech/gss_compare_name.c new file mode 100644 index 00000000000..70b4b1c2067 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_compare_name.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_compare_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_compare_name(OM_uint32 *minor_status, + const gss_name_t name1_arg, + const gss_name_t name2_arg, + int *name_equal) +{ + struct _gss_name *name1 = (struct _gss_name *) name1_arg; + struct _gss_name *name2 = (struct _gss_name *) name2_arg; + + /* + * First check the implementation-independant name if both + * names have one. Otherwise, try to find common mechanism + * names and compare them. + */ + if (name1->gn_value.value && name2->gn_value.value) { + *name_equal = 1; + if (!gss_oid_equal(&name1->gn_type, &name2->gn_type)) { + *name_equal = 0; + } else if (name1->gn_value.length != name2->gn_value.length || + memcmp(name1->gn_value.value, name1->gn_value.value, + name1->gn_value.length)) { + *name_equal = 0; + } + } else { + struct _gss_mechanism_name *mn1; + struct _gss_mechanism_name *mn2; + + HEIM_SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) { + OM_uint32 major_status; + + major_status = _gss_find_mn(minor_status, name2, + mn1->gmn_mech_oid, &mn2); + if (major_status == GSS_S_COMPLETE) { + return (mn1->gmn_mech->gm_compare_name( + minor_status, + mn1->gmn_name, + mn2->gmn_name, + name_equal)); + } + } + *name_equal = 0; + } + + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_context_time.c b/crypto/heimdal/lib/gssapi/mech/gss_context_time.c new file mode 100644 index 00000000000..69434ee898e --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_context_time.c @@ -0,0 +1,40 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_context_time.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_context_time(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + OM_uint32 *time_rec) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_context_time(minor_status, ctx->gc_ctx, time_rec)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c b/crypto/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c new file mode 100644 index 00000000000..8d880f55116 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_create_empty_oid_set.c @@ -0,0 +1,51 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_create_empty_oid_set.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_create_empty_oid_set(OM_uint32 *minor_status, + gss_OID_set *oid_set) +{ + gss_OID_set set; + + *minor_status = 0; + *oid_set = GSS_C_NO_OID_SET; + + set = malloc(sizeof(gss_OID_set_desc)); + if (!set) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + set->count = 0; + set->elements = 0; + *oid_set = set; + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_cred.c b/crypto/heimdal/lib/gssapi/mech/gss_cred.c new file mode 100644 index 00000000000..99de68776e2 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_cred.c @@ -0,0 +1,224 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "mech_locl.h" +#include + +/* + * format: any number of: + * mech-len: int32 + * mech-data: char * (not alligned) + * cred-len: int32 + * cred-data char * (not alligned) +*/ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_export_cred(OM_uint32 * minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t token) +{ + struct _gss_cred *cred = (struct _gss_cred *)cred_handle; + struct _gss_mechanism_cred *mc; + gss_buffer_desc buffer; + krb5_error_code ret; + krb5_storage *sp; + OM_uint32 major; + krb5_data data; + + _mg_buffer_zero(token); + + if (cred == NULL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + if (mc->gmc_mech->gm_export_cred == NULL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + + major = mc->gmc_mech->gm_export_cred(minor_status, + mc->gmc_cred, &buffer); + if (major) { + krb5_storage_free(sp); + return major; + } + + ret = krb5_storage_write(sp, buffer.value, buffer.length); + if (ret < 0 || (size_t)ret != buffer.length) { + gss_release_buffer(minor_status, &buffer); + krb5_storage_free(sp); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + gss_release_buffer(minor_status, &buffer); + } + + ret = krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + token->value = data.data; + token->length = data.length; + + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_import_cred(OM_uint32 * minor_status, + gss_buffer_t token, + gss_cred_id_t * cred_handle) +{ + gssapi_mech_interface m; + krb5_error_code ret; + struct _gss_cred *cred; + krb5_storage *sp = NULL; + OM_uint32 major, junk; + krb5_data data; + + *cred_handle = GSS_C_NO_CREDENTIAL; + + if (token->length == 0) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + sp = krb5_storage_from_readonly_mem(token->value, token->length); + if (sp == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + cred = calloc(1, sizeof(struct _gss_cred)); + if (cred == NULL) { + krb5_storage_free(sp); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + HEIM_SLIST_INIT(&cred->gc_mc); + + *cred_handle = (gss_cred_id_t)cred; + + while(1) { + struct _gss_mechanism_cred *mc; + gss_buffer_desc buffer; + gss_cred_id_t mcred; + gss_OID_desc oid; + + ret = krb5_ret_data(sp, &data); + if (ret == HEIM_ERR_EOF) { + break; + } else if (ret) { + *minor_status = ret; + major = GSS_S_FAILURE; + goto out; + } + oid.elements = data.data; + oid.length = data.length; + + m = __gss_get_mechanism(&oid); + krb5_data_free(&data); + if (!m) { + *minor_status = 0; + major = GSS_S_BAD_MECH; + goto out; + } + + if (m->gm_import_cred == NULL) { + *minor_status = 0; + major = GSS_S_BAD_MECH; + goto out; + } + + ret = krb5_ret_data(sp, &data); + if (ret) { + *minor_status = ret; + major = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + major = m->gm_import_cred(minor_status, + &buffer, &mcred); + krb5_data_free(&data); + if (major) { + goto out; + } + + mc = malloc(sizeof(struct _gss_mechanism_cred)); + if (mc == NULL) { + *minor_status = EINVAL; + major = GSS_S_FAILURE; + goto out; + } + + mc->gmc_mech = m; + mc->gmc_mech_oid = &m->gm_mech_oid; + mc->gmc_cred = mcred; + + HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); + } + krb5_storage_free(sp); + sp = NULL; + + if (HEIM_SLIST_EMPTY(&cred->gc_mc)) { + major = GSS_S_NO_CRED; + goto out; + } + + return GSS_S_COMPLETE; + + out: + if (sp) + krb5_storage_free(sp); + + gss_release_cred(&junk, cred_handle); + + return major; + +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_decapsulate_token.c b/crypto/heimdal/lib/gssapi/mech/gss_decapsulate_token.c new file mode 100644 index 00000000000..3f2974e8ca5 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_decapsulate_token.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_decapsulate_token(gss_const_buffer_t input_token, + gss_const_OID oid, + gss_buffer_t output_token) +{ + GSSAPIContextToken ct; + heim_oid o; + OM_uint32 status; + int ret; + size_t size; + + _mg_buffer_zero(output_token); + + ret = der_get_oid (oid->elements, oid->length, &o, &size); + if (ret) + return GSS_S_FAILURE; + + ret = decode_GSSAPIContextToken(input_token->value, input_token->length, + &ct, NULL); + if (ret) { + der_free_oid(&o); + return GSS_S_FAILURE; + } + + if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) { + status = GSS_S_COMPLETE; + output_token->value = ct.innerContextToken.data; + output_token->length = ct.innerContextToken.length; + der_free_oid(&ct.thisMech); + } else { + free_GSSAPIContextToken(&ct); + status = GSS_S_FAILURE; + } + der_free_oid(&o); + + return status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_delete_name_attribute.c b/crypto/heimdal/lib/gssapi/mech/gss_delete_name_attribute.c new file mode 100644 index 00000000000..cb35dd0eb16 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_delete_name_attribute.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_delete_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (!m->gm_delete_name_attribute) + continue; + + major_status = m->gm_delete_name_attribute(minor_status, + mn->gmn_name, + attr); + if (GSS_ERROR(major_status)) + _gss_mg_error(m, major_status, *minor_status); + else + break; + } + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_delete_sec_context.c b/crypto/heimdal/lib/gssapi/mech/gss_delete_sec_context.c new file mode 100644 index 00000000000..ce57a76682a --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_delete_sec_context.c @@ -0,0 +1,57 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_delete_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_delete_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token) +{ + OM_uint32 major_status; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + + if (output_token) + _mg_buffer_zero(output_token); + + *minor_status = 0; + if (ctx) { + /* + * If we have an implementation ctx, delete it, + * otherwise fake an empty token. + */ + if (ctx->gc_ctx) { + major_status = ctx->gc_mech->gm_delete_sec_context( + minor_status, &ctx->gc_ctx, output_token); + } + free(ctx); + *context_handle = GSS_C_NO_CONTEXT; + } + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_display_name.c b/crypto/heimdal/lib/gssapi/mech/gss_display_name.c new file mode 100644 index 00000000000..524a586fbef --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_display_name.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_display_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + _mg_buffer_zero(output_name_buffer); + if (output_name_type) + *output_name_type = GSS_C_NO_OID; + + if (name == NULL) { + *minor_status = 0; + return (GSS_S_BAD_NAME); + } + + /* + * If we know it, copy the buffer used to import the name in + * the first place. Otherwise, ask all the MNs in turn if + * they can display the thing. + */ + if (name->gn_value.value) { + output_name_buffer->value = malloc(name->gn_value.length); + if (!output_name_buffer->value) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + output_name_buffer->length = name->gn_value.length; + memcpy(output_name_buffer->value, name->gn_value.value, + output_name_buffer->length); + if (output_name_type) + *output_name_type = &name->gn_type; + + *minor_status = 0; + return (GSS_S_COMPLETE); + } else { + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + major_status = mn->gmn_mech->gm_display_name( + minor_status, mn->gmn_name, + output_name_buffer, + output_name_type); + if (major_status == GSS_S_COMPLETE) + return (GSS_S_COMPLETE); + } + } + + *minor_status = 0; + return (GSS_S_FAILURE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_display_name_ext.c b/crypto/heimdal/lib/gssapi/mech/gss_display_name_ext.c new file mode 100644 index 00000000000..6c0e5f332ca --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_display_name_ext.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_name_ext(OM_uint32 *minor_status, + gss_name_t input_name, + gss_OID display_as_name_type, + gss_buffer_t display_name) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + _mg_buffer_zero(display_name); + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (!m->gm_display_name_ext) + continue; + + major_status = m->gm_display_name_ext(minor_status, + mn->gmn_name, + display_as_name_type, + display_name); + if (GSS_ERROR(major_status)) + _gss_mg_error(m, major_status, *minor_status); + else + break; + } + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_display_status.c b/crypto/heimdal/lib/gssapi/mech/gss_display_status.c new file mode 100644 index 00000000000..1e508caa9ba --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_display_status.c @@ -0,0 +1,211 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_display_status.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ +/* + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +static const char * +calling_error(OM_uint32 v) +{ + static const char *msgs[] = { + NULL, /* 0 */ + "A required input parameter could not be read.", /* */ + "A required output parameter could not be written.", /* */ + "A parameter was malformed" + }; + + v >>= GSS_C_CALLING_ERROR_OFFSET; + + if (v == 0) + return ""; + else if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown calling error"; + else + return msgs[v]; +} + +static const char * +routine_error(OM_uint32 v) +{ + static const char *msgs[] = { + "Function completed successfully", /* 0 */ + "An unsupported mechanism was requested", + "An invalid name was supplied", + "A supplied name was of an unsupported type", + "Incorrect channel bindings were supplied", + "An invalid status code was supplied", + "A token had an invalid MIC", + "No credentials were supplied, " + "or the credentials were unavailable or inaccessible.", + "No context has been established", + "A token was invalid", + "A credential was invalid", + "The referenced credentials have expired", + "The context has expired", + "Miscellaneous failure (see text)", + "The quality-of-protection requested could not be provide", + "The operation is forbidden by local security policy", + "The operation or option is not available", + "The requested credential element already exists", + "The provided name was not a mechanism name.", + }; + + v >>= GSS_C_ROUTINE_ERROR_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + +static const char * +supplementary_error(OM_uint32 v) +{ + static const char *msgs[] = { + "normal completion", + "continuation call to routine required", + "duplicate per-message token detected", + "timed-out per-message token detected", + "reordered (early) per-message token detected", + "skipped predecessor token(s) detected" + }; + + v >>= GSS_C_SUPPLEMENTARY_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_status(OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_content, + gss_buffer_t status_string) +{ + OM_uint32 major_status; + + _mg_buffer_zero(status_string); + *message_content = 0; + + major_status = _gss_mg_get_error(mech_type, status_type, + status_value, status_string); + if (major_status == GSS_S_COMPLETE) { + + *message_content = 0; + *minor_status = 0; + return GSS_S_COMPLETE; + } + + *minor_status = 0; + switch (status_type) { + case GSS_C_GSS_CODE: { + char *buf = NULL; + int e; + + if (GSS_SUPPLEMENTARY_INFO(status_value)) + e = asprintf(&buf, "%s", supplementary_error( + GSS_SUPPLEMENTARY_INFO(status_value))); + else + e = asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); + + if (e < 0 || buf == NULL) + break; + + status_string->length = strlen(buf); + status_string->value = buf; + + return GSS_S_COMPLETE; + } + case GSS_C_MECH_CODE: { + OM_uint32 maj_junk, min_junk; + gss_buffer_desc oid; + char *buf = NULL; + int e; + + maj_junk = gss_oid_to_str(&min_junk, mech_type, &oid); + if (maj_junk != GSS_S_COMPLETE) { + oid.value = rk_UNCONST("unknown"); + oid.length = 7; + } + + e = asprintf (&buf, "unknown mech-code %lu for mech %.*s", + (unsigned long)status_value, + (int)oid.length, (char *)oid.value); + if (maj_junk == GSS_S_COMPLETE) + gss_release_buffer(&min_junk, &oid); + + if (e < 0 || buf == NULL) + break; + + status_string->length = strlen(buf); + status_string->value = buf; + + return GSS_S_COMPLETE; + } + } + _mg_buffer_zero(status_string); + return (GSS_S_BAD_STATUS); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_duplicate_name.c b/crypto/heimdal/lib/gssapi/mech/gss_duplicate_name.c new file mode 100644 index 00000000000..a76c87cb852 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_duplicate_name.c @@ -0,0 +1,95 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_duplicate_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_duplicate_name(OM_uint32 *minor_status, + const gss_name_t src_name, + gss_name_t *dest_name) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) src_name; + struct _gss_name *new_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + *dest_name = GSS_C_NO_NAME; + + /* + * If this name has a value (i.e. it didn't come from + * gss_canonicalize_name(), we re-import the thing. Otherwise, + * we make copy of each mech names. + */ + if (name->gn_value.value) { + major_status = gss_import_name(minor_status, + &name->gn_value, &name->gn_type, dest_name); + if (major_status != GSS_S_COMPLETE) + return (major_status); + new_name = (struct _gss_name *) *dest_name; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + struct _gss_mechanism_name *mn2; + _gss_find_mn(minor_status, new_name, + mn->gmn_mech_oid, &mn2); + } + } else { + new_name = malloc(sizeof(struct _gss_name)); + if (!new_name) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(new_name, 0, sizeof(struct _gss_name)); + HEIM_SLIST_INIT(&new_name->gn_mn); + *dest_name = (gss_name_t) new_name; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + struct _gss_mechanism_name *new_mn; + + new_mn = malloc(sizeof(*new_mn)); + if (!new_mn) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + new_mn->gmn_mech = mn->gmn_mech; + new_mn->gmn_mech_oid = mn->gmn_mech_oid; + + major_status = + mn->gmn_mech->gm_duplicate_name(minor_status, + mn->gmn_name, &new_mn->gmn_name); + if (major_status != GSS_S_COMPLETE) { + free(new_mn); + continue; + } + HEIM_SLIST_INSERT_HEAD(&new_name->gn_mn, new_mn, gmn_link); + } + + } + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_duplicate_oid.c b/crypto/heimdal/lib/gssapi/mech/gss_duplicate_oid.c new file mode 100644 index 00000000000..10a20004869 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_duplicate_oid.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_duplicate_oid ( + OM_uint32 *minor_status, + gss_OID src_oid, + gss_OID *dest_oid + ) +{ + *minor_status = 0; + + if (src_oid == GSS_C_NO_OID) { + *dest_oid = GSS_C_NO_OID; + return GSS_S_COMPLETE; + } + + *dest_oid = malloc(sizeof(**dest_oid)); + if (*dest_oid == GSS_C_NO_OID) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + (*dest_oid)->elements = malloc(src_oid->length); + if ((*dest_oid)->elements == NULL) { + free(*dest_oid); + *dest_oid = GSS_C_NO_OID; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy((*dest_oid)->elements, src_oid->elements, src_oid->length); + (*dest_oid)->length = src_oid->length; + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_encapsulate_token.c b/crypto/heimdal/lib/gssapi/mech/gss_encapsulate_token.c new file mode 100644 index 00000000000..1b1f973eaaa --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_encapsulate_token.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_encapsulate_token(gss_const_buffer_t input_token, + gss_const_OID oid, + gss_buffer_t output_token) +{ + GSSAPIContextToken ct; + int ret; + size_t size; + + ret = der_get_oid (oid->elements, oid->length, &ct.thisMech, &size); + if (ret) { + _mg_buffer_zero(output_token); + return GSS_S_FAILURE; + } + + ct.innerContextToken.data = input_token->value; + ct.innerContextToken.length = input_token->length; + + ASN1_MALLOC_ENCODE(GSSAPIContextToken, + output_token->value, output_token->length, + &ct, &size, ret); + der_free_oid(&ct.thisMech); + if (ret) { + _mg_buffer_zero(output_token); + return GSS_S_FAILURE; + } + if (output_token->length != size) + abort(); + + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_export_name.c b/crypto/heimdal/lib/gssapi/mech/gss_export_name.c new file mode 100644 index 00000000000..3e6e6268191 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_export_name.c @@ -0,0 +1,54 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_export_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_export_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name) +{ + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + _mg_buffer_zero(exported_name); + + /* + * If this name already has any attached MNs, export the first + * one, otherwise export based on the first mechanism in our + * list. + */ + mn = HEIM_SLIST_FIRST(&name->gn_mn); + if (!mn) { + *minor_status = 0; + return (GSS_S_NAME_NOT_MN); + } + + return mn->gmn_mech->gm_export_name(minor_status, + mn->gmn_name, exported_name); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_export_name_composite.c b/crypto/heimdal/lib/gssapi/mech/gss_export_name_composite.c new file mode 100644 index 00000000000..530a905aa7e --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_export_name_composite.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_export_name_composite(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t exp_composite_name) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + _mg_buffer_zero(exp_composite_name); + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (!m->gm_export_name_composite) + continue; + + major_status = m->gm_export_name_composite(minor_status, + mn->gmn_name, + exp_composite_name); + if (GSS_ERROR(major_status)) + _gss_mg_error(m, major_status, *minor_status); + else + break; + } + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_export_sec_context.c b/crypto/heimdal/lib/gssapi/mech/gss_export_sec_context.c new file mode 100644 index 00000000000..369f3a22570 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_export_sec_context.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_export_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_export_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t interprocess_token) +{ + OM_uint32 major_status; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + gssapi_mech_interface m = ctx->gc_mech; + gss_buffer_desc buf; + + _mg_buffer_zero(interprocess_token); + + major_status = m->gm_export_sec_context(minor_status, + &ctx->gc_ctx, &buf); + + if (major_status == GSS_S_COMPLETE) { + unsigned char *p; + + free(ctx); + *context_handle = GSS_C_NO_CONTEXT; + interprocess_token->length = buf.length + + 2 + m->gm_mech_oid.length; + interprocess_token->value = malloc(interprocess_token->length); + if (!interprocess_token->value) { + /* + * We are in trouble here - the context is + * already gone. This is allowed as long as we + * set the caller's context_handle to + * GSS_C_NO_CONTEXT, which we did above. + * Return GSS_S_FAILURE. + */ + _mg_buffer_zero(interprocess_token); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + p = interprocess_token->value; + p[0] = m->gm_mech_oid.length >> 8; + p[1] = m->gm_mech_oid.length; + memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length); + memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length); + gss_release_buffer(minor_status, &buf); + } else { + _gss_mg_error(m, major_status, *minor_status); + } + + return (major_status); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_get_mic.c b/crypto/heimdal/lib/gssapi/mech/gss_get_mic.c new file mode 100644 index 00000000000..6eebfe0bbb0 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_get_mic.c @@ -0,0 +1,51 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_get_mic.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_get_mic(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + _mg_buffer_zero(message_token); + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + m = ctx->gc_mech; + + return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req, + message_buffer, message_token)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_get_name_attribute.c b/crypto/heimdal/lib/gssapi/mech/gss_get_name_attribute.c new file mode 100644 index 00000000000..450bbac46e9 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_get_name_attribute.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_get_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr, + int *authenticated, + int *complete, + gss_buffer_t value, + gss_buffer_t display_value, + int *more) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + if (authenticated != NULL) + *authenticated = 0; + if (complete != NULL) + *complete = 0; + _mg_buffer_zero(value); + _mg_buffer_zero(display_value); + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (!m->gm_get_name_attribute) + continue; + + major_status = m->gm_get_name_attribute(minor_status, + mn->gmn_name, + attr, + authenticated, + complete, + value, + display_value, + more); + if (GSS_ERROR(major_status)) + _gss_mg_error(m, major_status, *minor_status); + else + break; + } + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_import_name.c b/crypto/heimdal/lib/gssapi/mech/gss_import_name.c new file mode 100644 index 00000000000..d1b3dc95b4a --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_import_name.c @@ -0,0 +1,291 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_import_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +static OM_uint32 +_gss_import_export_name(OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + OM_uint32 major_status; + unsigned char *p = input_name_buffer->value; + size_t len = input_name_buffer->length; + size_t t; + gss_OID_desc mech_oid; + gssapi_mech_interface m; + struct _gss_name *name; + gss_name_t new_canonical_name; + int composite = 0; + + *minor_status = 0; + *output_name = 0; + + /* + * Make sure that TOK_ID is {4, 1}. + */ + if (len < 2) + return (GSS_S_BAD_NAME); + if (p[0] != 4) + return (GSS_S_BAD_NAME); + switch (p[1]) { + case 1: /* non-composite name */ + break; + case 2: /* composite name */ + composite = 1; + break; + default: + return (GSS_S_BAD_NAME); + } + p += 2; + len -= 2; + + /* + * Get the mech length and the name length and sanity + * check the size of of the buffer. + */ + if (len < 2) + return (GSS_S_BAD_NAME); + t = (p[0] << 8) + p[1]; + p += 2; + len -= 2; + + /* + * Check the DER encoded OID to make sure it agrees with the + * length we just decoded. + */ + if (p[0] != 6) /* 6=OID */ + return (GSS_S_BAD_NAME); + p++; + len--; + t--; + if (p[0] & 0x80) { + int digits = p[0]; + p++; + len--; + t--; + mech_oid.length = 0; + while (digits--) { + mech_oid.length = (mech_oid.length << 8) | p[0]; + p++; + len--; + t--; + } + } else { + mech_oid.length = p[0]; + p++; + len--; + t--; + } + if (mech_oid.length != t) + return (GSS_S_BAD_NAME); + + mech_oid.elements = p; + + if (len < t + 4) + return (GSS_S_BAD_NAME); + p += t; + len -= t; + + t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + len -= 4; + + if (!composite && len != t) + return (GSS_S_BAD_NAME); + + m = __gss_get_mechanism(&mech_oid); + if (!m) + return (GSS_S_BAD_MECH); + + /* + * Ask the mechanism to import the name. + */ + major_status = m->gm_import_name(minor_status, + input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); + return major_status; + } + + /* + * Now we make a new name and mark it as an MN. + */ + name = _gss_make_name(m, new_canonical_name); + if (!name) { + m->gm_release_name(minor_status, &new_canonical_name); + return (GSS_S_FAILURE); + } + + *output_name = (gss_name_t) name; + + *minor_status = 0; + return (GSS_S_COMPLETE); +} + +/** + * Import a name internal or mechanism name + * + * Type of name and their format: + * - GSS_C_NO_OID + * - GSS_C_NT_USER_NAME + * - GSS_C_NT_HOSTBASED_SERVICE + * - GSS_C_NT_EXPORT_NAME + * - GSS_C_NT_ANONYMOUS + * - GSS_KRB5_NT_PRINCIPAL_NAME + * + * For more information about @ref internalVSmechname. + * + * @param minor_status minor status code + * @param input_name_buffer import name buffer + * @param input_name_type type of the import name buffer + * @param output_name the resulting type, release with + * gss_release_name(), independent of input_name + * + * @returns a gss_error code, see gss_display_status() about printing + * the error code. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_import_name(OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t *output_name) +{ + struct _gss_mechanism_name *mn; + gss_OID name_type = input_name_type; + OM_uint32 major_status, ms; + struct _gss_name *name; + struct _gss_mech_switch *m; + gss_name_t rname; + + *output_name = GSS_C_NO_NAME; + + if (input_name_buffer->length == 0) { + *minor_status = 0; + return (GSS_S_BAD_NAME); + } + + _gss_load_mech(); + + /* + * Use GSS_NT_USER_NAME as default name type. + */ + if (name_type == GSS_C_NO_OID) + name_type = GSS_C_NT_USER_NAME; + + /* + * If this is an exported name, we need to parse it to find + * the mechanism and then import it as an MN. See RFC 2743 + * section 3.2 for a description of the format. + */ + if (gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { + return _gss_import_export_name(minor_status, + input_name_buffer, output_name); + } + + + *minor_status = 0; + name = calloc(1, sizeof(struct _gss_name)); + if (!name) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + HEIM_SLIST_INIT(&name->gn_mn); + + major_status = _gss_copy_oid(minor_status, + name_type, &name->gn_type); + if (major_status) { + free(name); + return (GSS_S_FAILURE); + } + + major_status = _gss_copy_buffer(minor_status, + input_name_buffer, &name->gn_value); + if (major_status) + goto out; + + /* + * Walk over the mechs and import the name into a mech name + * for those supported this nametype. + */ + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + int present = 0; + + major_status = gss_test_oid_set_member(minor_status, + name_type, m->gm_name_types, &present); + + if (major_status || present == 0) + continue; + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto out; + } + + major_status = (*m->gm_mech.gm_import_name)(minor_status, + &name->gn_value, + (name->gn_type.elements + ? &name->gn_type : GSS_C_NO_OID), + &mn->gmn_name); + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(&m->gm_mech, major_status, *minor_status); + free(mn); + goto out; + } + + mn->gmn_mech = &m->gm_mech; + mn->gmn_mech_oid = &m->gm_mech_oid; + HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } + + /* + * If we can't find a mn for the name, bail out already here. + */ + + mn = HEIM_SLIST_FIRST(&name->gn_mn); + if (!mn) { + *minor_status = 0; + major_status = GSS_S_NAME_NOT_MN; + goto out; + } + + *output_name = (gss_name_t) name; + return (GSS_S_COMPLETE); + + out: + rname = (gss_name_t)name; + gss_release_name(&ms, &rname); + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_import_sec_context.c b/crypto/heimdal/lib/gssapi/mech/gss_import_sec_context.c new file mode 100644 index 00000000000..9865db78d41 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_import_sec_context.c @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_import_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_import_sec_context(OM_uint32 *minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_context *ctx; + gss_OID_desc mech_oid; + gss_buffer_desc buf; + unsigned char *p; + size_t len; + + *minor_status = 0; + *context_handle = GSS_C_NO_CONTEXT; + + /* + * We added an oid to the front of the token in + * gss_export_sec_context. + */ + p = interprocess_token->value; + len = interprocess_token->length; + if (len < 2) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid.length = (p[0] << 8) | p[1]; + if (len < mech_oid.length + 2) + return (GSS_S_DEFECTIVE_TOKEN); + mech_oid.elements = p + 2; + buf.length = len - 2 - mech_oid.length; + buf.value = p + 2 + mech_oid.length; + + m = __gss_get_mechanism(&mech_oid); + if (!m) + return (GSS_S_DEFECTIVE_TOKEN); + + ctx = malloc(sizeof(struct _gss_context)); + if (!ctx) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + ctx->gc_mech = m; + major_status = m->gm_import_sec_context(minor_status, + &buf, &ctx->gc_ctx); + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); + free(ctx); + } else { + *context_handle = (gss_ctx_id_t) ctx; + } + + return (major_status); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_indicate_mechs.c b/crypto/heimdal/lib/gssapi/mech/gss_indicate_mechs.c new file mode 100644 index 00000000000..8fd53d956d5 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_indicate_mechs.c @@ -0,0 +1,64 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_indicate_mechs.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs(OM_uint32 *minor_status, + gss_OID_set *mech_set) +{ + struct _gss_mech_switch *m; + OM_uint32 major_status; + gss_OID_set set; + size_t i; + + _gss_load_mech(); + + major_status = gss_create_empty_oid_set(minor_status, mech_set); + if (major_status) + return (major_status); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_indicate_mechs) { + major_status = m->gm_mech.gm_indicate_mechs( + minor_status, &set); + if (major_status) + continue; + for (i = 0; i < set->count; i++) + major_status = gss_add_oid_set_member( + minor_status, &set->elements[i], mech_set); + gss_release_oid_set(minor_status, &set); + } else { + major_status = gss_add_oid_set_member( + minor_status, &m->gm_mech_oid, mech_set); + } + } + + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_init_sec_context.c b/crypto/heimdal/lib/gssapi/mech/gss_init_sec_context.c new file mode 100644 index 00000000000..af0170a50a5 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_init_sec_context.c @@ -0,0 +1,212 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_init_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +static gss_cred_id_t +_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) +{ + struct _gss_cred *cred = (struct _gss_cred *)cred_handle; + struct _gss_mechanism_cred *mc; + + if (cred == NULL) + return GSS_C_NO_CREDENTIAL; + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + if (gss_oid_equal(mech_type, mc->gmc_mech_oid)) + return mc->gmc_cred; + } + return GSS_C_NO_CREDENTIAL; +} + +/** + * As the initiator build a context with an acceptor. + * + * Returns in the major + * - GSS_S_COMPLETE - if the context if build + * - GSS_S_CONTINUE_NEEDED - if the caller needs to continue another + * round of gss_i nit_sec_context + * - error code - any other error code + * + * @param minor_status minor status code. + * + * @param initiator_cred_handle the credential to use when building + * the context, if GSS_C_NO_CREDENTIAL is passed, the default + * credential for the mechanism will be used. + * + * @param context_handle a pointer to a context handle, will be + * returned as long as there is not an error. + * + * @param target_name the target name of acceptor, created using + * gss_import_name(). The name is can be of any name types the + * mechanism supports, check supported name types with + * gss_inquire_names_for_mech(). + * + * @param input_mech_type mechanism type to use, if GSS_C_NO_OID is + * used, Kerberos (GSS_KRB5_MECHANISM) will be tried. Other + * available mechanism are listed in the @ref gssapi_mechs_intro + * section. + * + * @param req_flags flags using when building the context, see @ref + * gssapi_context_flags + * + * @param time_req time requested this context should be valid in + * seconds, common used value is GSS_C_INDEFINITE + * + * @param input_chan_bindings Channel bindings used, if not exepected + * otherwise, used GSS_C_NO_CHANNEL_BINDINGS + * + * @param input_token input token sent from the acceptor, for the + * initial packet the buffer of { NULL, 0 } should be used. + * + * @param actual_mech_type the actual mech used, MUST NOT be freed + * since it pointing to static memory. + * + * @param output_token if there is an output token, regardless of + * complete, continue_needed, or error it should be sent to the + * acceptor + * + * @param ret_flags return what flags was negotitated, caller should + * check if they are accetable. For example, if + * GSS_C_MUTUAL_FLAG was negotiated with the acceptor or not. + * + * @param time_rec amount of time this context is valid for + * + * @returns a gss_error code, see gss_display_status() about printing + * the error code. + * + * @ingroup gssapi + */ + + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_init_sec_context(OM_uint32 * minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + const gss_name_t target_name, + const gss_OID input_mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_name *name = (struct _gss_name *) target_name; + struct _gss_mechanism_name *mn; + struct _gss_context *ctx = (struct _gss_context *) *context_handle; + gss_cred_id_t cred_handle; + int allocated_ctx; + gss_OID mech_type = input_mech_type; + + *minor_status = 0; + + _mg_buffer_zero(output_token); + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + + /* + * If we haven't allocated a context yet, do so now and lookup + * the mechanism switch table. If we have one already, make + * sure we use the same mechanism switch as before. + */ + if (!ctx) { + if (mech_type == NULL) + mech_type = GSS_KRB5_MECHANISM; + + ctx = malloc(sizeof(struct _gss_context)); + if (!ctx) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + memset(ctx, 0, sizeof(struct _gss_context)); + m = ctx->gc_mech = __gss_get_mechanism(mech_type); + if (!m) { + free(ctx); + return (GSS_S_BAD_MECH); + } + allocated_ctx = 1; + } else { + m = ctx->gc_mech; + mech_type = &ctx->gc_mech->gm_mech_oid; + allocated_ctx = 0; + } + + /* + * Find the MN for this mechanism. + */ + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (major_status != GSS_S_COMPLETE) { + if (allocated_ctx) + free(ctx); + return major_status; + } + + /* + * If we have a cred, find the cred for this mechanism. + */ + if (m->gm_flags & GM_USE_MG_CRED) + cred_handle = initiator_cred_handle; + else + cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type); + + major_status = m->gm_init_sec_context(minor_status, + cred_handle, + &ctx->gc_ctx, + mn->gmn_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + + if (major_status != GSS_S_COMPLETE + && major_status != GSS_S_CONTINUE_NEEDED) { + if (allocated_ctx) + free(ctx); + _mg_buffer_zero(output_token); + _gss_mg_error(m, major_status, *minor_status); + } else { + *context_handle = (gss_ctx_id_t) ctx; + } + + return (major_status); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_context.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_context.c new file mode 100644 index 00000000000..2568075988f --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_context.c @@ -0,0 +1,105 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_context(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *xopen) +{ + OM_uint32 major_status; + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + struct _gss_name *name; + gss_name_t src_mn, targ_mn; + + if (locally_initiated) + *locally_initiated = 0; + if (xopen) + *xopen = 0; + if (lifetime_rec) + *lifetime_rec = 0; + + if (src_name) + *src_name = GSS_C_NO_NAME; + if (targ_name) + *targ_name = GSS_C_NO_NAME; + if (mech_type) + *mech_type = GSS_C_NO_OID; + src_mn = targ_mn = GSS_C_NO_NAME; + + major_status = m->gm_inquire_context(minor_status, + ctx->gc_ctx, + src_name ? &src_mn : NULL, + targ_name ? &targ_mn : NULL, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + xopen); + + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); + return (major_status); + } + + if (src_name) { + name = _gss_make_name(m, src_mn); + if (!name) { + if (mech_type) + *mech_type = GSS_C_NO_OID; + m->gm_release_name(minor_status, &src_mn); + *minor_status = 0; + return (GSS_S_FAILURE); + } + *src_name = (gss_name_t) name; + } + + if (targ_name) { + name = _gss_make_name(m, targ_mn); + if (!name) { + if (mech_type) + *mech_type = GSS_C_NO_OID; + if (src_name) + gss_release_name(minor_status, src_name); + m->gm_release_name(minor_status, &targ_mn); + *minor_status = 0; + return (GSS_S_FAILURE); + } + *targ_name = (gss_name_t) name; + } + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred.c new file mode 100644 index 00000000000..1db0f233033 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred.c @@ -0,0 +1,195 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +#define AUSAGE 1 +#define IUSAGE 2 + +static void +updateusage(gss_cred_usage_t usage, int *usagemask) +{ + if (usage == GSS_C_BOTH) + *usagemask |= AUSAGE | IUSAGE; + else if (usage == GSS_C_ACCEPT) + *usagemask |= AUSAGE; + else if (usage == GSS_C_INITIATE) + *usagemask |= IUSAGE; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_cred(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + gss_name_t *name_ret, + OM_uint32 *lifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms) +{ + OM_uint32 major_status; + struct _gss_mech_switch *m; + struct _gss_cred *cred = (struct _gss_cred *) cred_handle; + struct _gss_name *name; + struct _gss_mechanism_name *mn; + OM_uint32 min_lifetime; + int found = 0; + int usagemask = 0; + gss_cred_usage_t usage; + + _gss_load_mech(); + + *minor_status = 0; + if (name_ret) + *name_ret = GSS_C_NO_NAME; + if (lifetime) + *lifetime = 0; + if (cred_usage) + *cred_usage = 0; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + + if (name_ret) { + name = calloc(1, sizeof(*name)); + if (name == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + HEIM_SLIST_INIT(&name->gn_mn); + } else { + name = NULL; + } + + if (mechanisms) { + major_status = gss_create_empty_oid_set(minor_status, + mechanisms); + if (major_status) { + if (name) free(name); + return (major_status); + } + } + + min_lifetime = GSS_C_INDEFINITE; + if (cred) { + struct _gss_mechanism_cred *mc; + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + gss_name_t mc_name; + OM_uint32 mc_lifetime; + + major_status = mc->gmc_mech->gm_inquire_cred(minor_status, + mc->gmc_cred, &mc_name, &mc_lifetime, &usage, NULL); + if (major_status) + continue; + + updateusage(usage, &usagemask); + if (name) { + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + mc->gmc_mech->gm_release_name(minor_status, + &mc_name); + continue; + } + mn->gmn_mech = mc->gmc_mech; + mn->gmn_mech_oid = mc->gmc_mech_oid; + mn->gmn_name = mc_name; + HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } else { + mc->gmc_mech->gm_release_name(minor_status, + &mc_name); + } + + if (mc_lifetime < min_lifetime) + min_lifetime = mc_lifetime; + + if (mechanisms) + gss_add_oid_set_member(minor_status, + mc->gmc_mech_oid, mechanisms); + found++; + } + } else { + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + gss_name_t mc_name; + OM_uint32 mc_lifetime; + + major_status = m->gm_mech.gm_inquire_cred(minor_status, + GSS_C_NO_CREDENTIAL, &mc_name, &mc_lifetime, + &usage, NULL); + if (major_status) + continue; + + updateusage(usage, &usagemask); + if (name && mc_name) { + mn = malloc( + sizeof(struct _gss_mechanism_name)); + if (!mn) { + m->gm_mech.gm_release_name( + minor_status, &mc_name); + continue; + } + mn->gmn_mech = &m->gm_mech; + mn->gmn_mech_oid = &m->gm_mech_oid; + mn->gmn_name = mc_name; + HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } else if (mc_name) { + m->gm_mech.gm_release_name(minor_status, + &mc_name); + } + + if (mc_lifetime < min_lifetime) + min_lifetime = mc_lifetime; + + if (mechanisms) + gss_add_oid_set_member(minor_status, + &m->gm_mech_oid, mechanisms); + found++; + } + } + + if (found == 0) { + gss_name_t n = (gss_name_t)name; + if (n) + gss_release_name(minor_status, &n); + gss_release_oid_set(minor_status, mechanisms); + *minor_status = 0; + return (GSS_S_NO_CRED); + } + + *minor_status = 0; + if (name_ret) + *name_ret = (gss_name_t) name; + if (lifetime) + *lifetime = min_lifetime; + if (cred_usage) { + if ((usagemask & (AUSAGE|IUSAGE)) == (AUSAGE|IUSAGE)) + *cred_usage = GSS_C_BOTH; + else if (usagemask & IUSAGE) + *cred_usage = GSS_C_INITIATE; + else if (usagemask & AUSAGE) + *cred_usage = GSS_C_ACCEPT; + } + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c new file mode 100644 index 00000000000..e7746e46578 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred_by_mech.c @@ -0,0 +1,92 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_cred_by_mech.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_cred_by_mech(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t *cred_name, + OM_uint32 *initiator_lifetime, + OM_uint32 *acceptor_lifetime, + gss_cred_usage_t *cred_usage) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_mechanism_cred *mcp; + gss_cred_id_t mc; + gss_name_t mn; + struct _gss_name *name; + + *minor_status = 0; + if (cred_name) + *cred_name = GSS_C_NO_NAME; + if (initiator_lifetime) + *initiator_lifetime = 0; + if (acceptor_lifetime) + *acceptor_lifetime = 0; + if (cred_usage) + *cred_usage = 0; + + m = __gss_get_mechanism(mech_type); + if (!m) + return (GSS_S_NO_CRED); + + if (cred_handle != GSS_C_NO_CREDENTIAL) { + struct _gss_cred *cred = (struct _gss_cred *) cred_handle; + HEIM_SLIST_FOREACH(mcp, &cred->gc_mc, gmc_link) + if (mcp->gmc_mech == m) + break; + if (!mcp) + return (GSS_S_NO_CRED); + mc = mcp->gmc_cred; + } else { + mc = GSS_C_NO_CREDENTIAL; + } + + major_status = m->gm_inquire_cred_by_mech(minor_status, mc, mech_type, + &mn, initiator_lifetime, acceptor_lifetime, cred_usage); + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); + return (major_status); + } + + if (cred_name) { + name = _gss_make_name(m, mn); + if (!name) { + m->gm_release_name(minor_status, &mn); + return (GSS_S_NO_CRED); + } + *cred_name = (gss_name_t) name; + } else + m->gm_release_name(minor_status, &mn); + + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c new file mode 100644 index 00000000000..e674dd48f3e --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_cred_by_oid (OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + struct _gss_cred *cred = (struct _gss_cred *) cred_handle; + OM_uint32 status = GSS_S_COMPLETE; + struct _gss_mechanism_cred *mc; + gssapi_mech_interface m; + gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; + + *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; + + if (cred == NULL) + return GSS_S_NO_CRED; + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET; + size_t i; + + m = mc->gmc_mech; + if (m == NULL) { + gss_release_buffer_set(minor_status, &set); + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + if (m->gm_inquire_cred_by_oid == NULL) + continue; + + status = m->gm_inquire_cred_by_oid(minor_status, + mc->gmc_cred, desired_object, &rset); + if (status != GSS_S_COMPLETE) + continue; + + for (i = 0; i < rset->count; i++) { + status = gss_add_buffer_set_member(minor_status, + &rset->elements[i], &set); + if (status != GSS_S_COMPLETE) + break; + } + gss_release_buffer_set(minor_status, &rset); + } + if (set == GSS_C_NO_BUFFER_SET) + status = GSS_S_FAILURE; + *data_set = set; + *minor_status = 0; + return status; +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c new file mode 100644 index 00000000000..f8eab82dc1c --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_mechs_for_name.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_mechs_for_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mechs_for_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_OID_set *mech_types) +{ + OM_uint32 major_status; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mech_switch *m; + gss_OID_set name_types; + int present; + + *minor_status = 0; + + _gss_load_mech(); + + major_status = gss_create_empty_oid_set(minor_status, mech_types); + if (major_status) + return (major_status); + + /* + * We go through all the loaded mechanisms and see if this + * name's type is supported by the mechanism. If it is, add + * the mechanism to the set. + */ + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + major_status = gss_inquire_names_for_mech(minor_status, + &m->gm_mech_oid, &name_types); + if (major_status) { + gss_release_oid_set(minor_status, mech_types); + return (major_status); + } + gss_test_oid_set_member(minor_status, + &name->gn_type, name_types, &present); + gss_release_oid_set(minor_status, &name_types); + if (present) { + major_status = gss_add_oid_set_member(minor_status, + &m->gm_mech_oid, mech_types); + if (major_status) { + gss_release_oid_set(minor_status, mech_types); + return (major_status); + } + } + } + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_name.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_name.c new file mode 100644 index 00000000000..10acaaae19c --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_name.c @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_name(OM_uint32 *minor_status, + gss_name_t input_name, + int *name_is_MN, + gss_OID *MN_mech, + gss_buffer_set_t *attrs) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + if (name_is_MN != NULL) + *name_is_MN = 0; + if (MN_mech != NULL) + *MN_mech = GSS_C_NO_OID; + if (attrs != NULL) + *attrs = GSS_C_NO_BUFFER_SET; + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (!m->gm_inquire_name) + continue; + + major_status = m->gm_inquire_name(minor_status, + mn->gmn_name, + NULL, + MN_mech, + attrs); + if (major_status == GSS_S_COMPLETE) { + if (name_is_MN != NULL) + *name_is_MN = 1; + if (MN_mech != NULL && *MN_mech == GSS_C_NO_OID) + *MN_mech = &m->gm_mech_oid; + break; + } + _gss_mg_error(m, major_status, *minor_status); + } + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c new file mode 100644 index 00000000000..595ab737f96 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_names_for_mech.c @@ -0,0 +1,73 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_inquire_names_for_mech.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_names_for_mech(OM_uint32 *minor_status, + const gss_OID mechanism, + gss_OID_set *name_types) +{ + OM_uint32 major_status; + gssapi_mech_interface m = __gss_get_mechanism(mechanism); + + *minor_status = 0; + *name_types = GSS_C_NO_OID_SET; + if (!m) + return (GSS_S_BAD_MECH); + + /* + * If the implementation can do it, ask it for a list of + * names, otherwise fake it. + */ + if (m->gm_inquire_names_for_mech) { + return (m->gm_inquire_names_for_mech(minor_status, + mechanism, name_types)); + } else { + major_status = gss_create_empty_oid_set(minor_status, + name_types); + if (major_status) + return (major_status); + major_status = gss_add_oid_set_member(minor_status, + GSS_C_NT_HOSTBASED_SERVICE, name_types); + if (major_status) { + OM_uint32 junk; + gss_release_oid_set(&junk, name_types); + return (major_status); + } + major_status = gss_add_oid_set_member(minor_status, + GSS_C_NT_USER_NAME, name_types); + if (major_status) { + OM_uint32 junk; + gss_release_oid_set(&junk, name_types); + return (major_status); + } + } + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c b/crypto/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c new file mode 100644 index 00000000000..cc6e5c9cb6e --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_inquire_sec_context_by_oid.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + OM_uint32 major_status; + gssapi_mech_interface m; + + *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + m = ctx->gc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_inquire_sec_context_by_oid != NULL) { + major_status = m->gm_inquire_sec_context_by_oid(minor_status, + ctx->gc_ctx, desired_object, data_set); + if (major_status != GSS_S_COMPLETE) + _gss_mg_error(m, major_status, *minor_status); + } else + major_status = GSS_S_BAD_MECH; + + return major_status; +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_krb5.c b/crypto/heimdal/lib/gssapi/mech/gss_krb5.c new file mode 100644 index 00000000000..fe88a384b5f --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_krb5.c @@ -0,0 +1,941 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_krb5.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +#include +#include + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_ccache out) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + krb5_context context; + krb5_error_code kret; + krb5_ccache id; + OM_uint32 ret; + char *str = NULL; + + ret = gss_inquire_cred_by_oid(minor_status, + cred, + GSS_KRB5_COPY_CCACHE_X, + &data_set); + if (ret) + return ret; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count < 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + kret = krb5_init_context(&context); + if (kret) { + *minor_status = kret; + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_FAILURE; + } + + kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length, + (char *)data_set->elements[0].value); + gss_release_buffer_set(minor_status, &data_set); + if (kret < 0 || str == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + kret = krb5_cc_resolve(context, str, &id); + free(str); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_cc_copy_cache(context, id, out); + krb5_cc_close(context, id); + krb5_free_context(context); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + return ret; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) +{ + gss_buffer_desc buffer; + OM_uint32 major_status; + krb5_context context; + krb5_error_code ret; + krb5_storage *sp; + krb5_data data; + char *str; + + *cred = GSS_C_NO_CREDENTIAL; + + ret = krb5_init_context(&context); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto out; + } + + if (id) { + ret = krb5_cc_get_full_name(context, id, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + ret = krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + if (keytab_principal) { + ret = krb5_unparse_name(context, keytab_principal, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + + if (keytab) { + ret = krb5_kt_get_full_name(context, keytab, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + major_status = gss_set_cred_option(minor_status, + cred, + GSS_KRB5_IMPORT_CRED_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + krb5_free_context(context); + return major_status; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_register_acceptor_identity(const char *identity) +{ + gssapi_mech_interface m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + buffer.value = rk_UNCONST(identity); + buffer.length = strlen(identity); + + m = __gss_get_mechanism(GSS_KRB5_MECHANISM); + if (m == NULL || m->gm_set_sec_context_option == NULL) + return GSS_S_FAILURE; + + return m->gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +krb5_gss_register_acceptor_identity(const char *identity) +{ + return gsskrb5_register_acceptor_identity(identity); +} + + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_dns_canonicalize(int flag) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + char b = (flag != 0); + + _gss_load_mech(); + + buffer.value = &b; + buffer.length = sizeof(b); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + + + +static krb5_error_code +set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key) +{ + key->type = keyblock->keytype; + key->length = keyblock->keyvalue.length; + key->data = malloc(key->length); + if (key->data == NULL && key->length != 0) + return ENOMEM; + memcpy(key->data, keyblock->keyvalue.data, key->length); + return 0; +} + +static void +free_key(gss_krb5_lucid_key_t *key) +{ + memset(key->data, 0, key->length); + free(key->data); + memset(key, 0, sizeof(*key)); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **rctx) +{ + krb5_context context = NULL; + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + gss_krb5_lucid_context_v1_t *ctx = NULL; + krb5_storage *sp = NULL; + uint32_t num; + + if (context_handle == NULL + || *context_handle == GSS_C_NO_CONTEXT + || version != 1) + { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + *context_handle, + GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if (ret) + goto out; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + ret = ENOMEM; + goto out; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + if (num != 1) { + ret = EINVAL; + goto out; + } + ctx->version = 1; + /* initiator */ + ret = krb5_ret_uint32(sp, &ctx->initiate); + if (ret) goto out; + /* endtime */ + ret = krb5_ret_uint32(sp, &ctx->endtime); + if (ret) goto out; + /* send_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq |= num; + /* recv_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq |= num; + /* protocol */ + ret = krb5_ret_uint32(sp, &ctx->protocol); + if (ret) goto out; + if (ctx->protocol == 0) { + krb5_keyblock key; + + /* sign_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg); + if (ret) goto out; + /* seal_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->rfc1964_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } else if (ctx->protocol == 1) { + krb5_keyblock key; + + /* acceptor_subkey */ + ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + /* acceptor_subkey */ + if (ctx->cfx_kd.have_acceptor_subkey) { + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } + } else { + ret = EINVAL; + goto out; + } + + *rctx = ctx; + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (context) + krb5_free_context(context); + + if (ret) { + if (ctx) + gss_krb5_free_lucid_sec_context(NULL, ctx); + + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) +{ + gss_krb5_lucid_context_v1_t *ctx = c; + + if (ctx->version != 1) { + if (minor_status) + *minor_status = 0; + return GSS_S_FAILURE; + } + + if (ctx->protocol == 0) { + free_key(&ctx->rfc1964_kd.ctx_key); + } else if (ctx->protocol == 1) { + free_key(&ctx->cfx_kd.ctx_key); + if (ctx->cfx_kd.have_acceptor_subkey) + free_key(&ctx->cfx_kd.acceptor_subkey); + } + free(ctx); + if (minor_status) + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_enctypes, + int32_t *enctypes) +{ + krb5_error_code ret; + OM_uint32 maj_status; + gss_buffer_desc buffer; + krb5_storage *sp; + krb5_data data; + size_t i; + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + maj_status = GSS_S_FAILURE; + goto out; + } + + for (i = 0; i < num_enctypes; i++) { + ret = krb5_store_int32(sp, enctypes[i]); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + maj_status = gss_set_cred_option(minor_status, + &cred, + GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + return maj_status; +} + +/* + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + if (c) { + buffer.value = c; + buffer.length = sizeof(*c); + } else { + buffer.value = NULL; + buffer.length = 0; + } + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SEND_TO_KDC_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + +/* + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_ccache_name(OM_uint32 *minor_status, + const char *name, + const char **out_name) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + if (out_name) + *out_name = NULL; + + buffer.value = rk_UNCONST(name); + buffer.length = strlen(name); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_CCACHE_NAME_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + + +/* + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + time_t *authtime) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + maj_stat = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_AUTHTIME_X, + &data_set); + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->elements[0].length != 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + unsigned char *buf = data_set->elements[0].value; + *authtime = (buf[3] <<24) | (buf[2] << 16) | + (buf[1] << 8) | (buf[0] << 0); + } + + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + gss_OID_desc oid_flat; + heim_oid baseoid, oid; + size_t size; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + /* All this to append an integer to an oid... */ + + if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, + &baseoid, NULL) != 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + oid.length = baseoid.length + 1; + oid.components = calloc(oid.length, sizeof(*oid.components)); + if (oid.components == NULL) { + der_free_oid(&baseoid); + + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy(oid.components, baseoid.components, + baseoid.length * sizeof(*baseoid.components)); + + der_free_oid(&baseoid); + + oid.components[oid.length - 1] = ad_type; + + oid_flat.length = der_length_oid(&oid); + oid_flat.elements = malloc(oid_flat.length); + if (oid_flat.elements == NULL) { + free(oid.components); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, + oid_flat.length, &oid, &size) != 0) { + free(oid.components); + free(oid_flat.elements); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + if (oid_flat.length != size) + abort(); + + free(oid.components); + + /* FINALLY, we have the OID */ + + maj_stat = gss_inquire_sec_context_by_oid (minor_status, + context_handle, + &oid_flat, + &data_set); + + free(oid_flat.elements); + + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ad_data->value = malloc(data_set->elements[0].length); + if (ad_data->value == NULL) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ad_data->length = data_set->elements[0].length; + memcpy(ad_data->value, data_set->elements[0].value, ad_data->length); + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +static OM_uint32 +gsskrb5_extract_key(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + const gss_OID oid, + krb5_keyblock **keyblock) +{ + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + krb5_context context = NULL; + krb5_storage *sp = NULL; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if(ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + oid, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + *keyblock = calloc(1, sizeof(**keyblock)); + if (keyblock == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_keyblock(sp, *keyblock); + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (ret && keyblock) { + krb5_free_keyblock(context, *keyblock); + *keyblock = NULL; + } + if (context) + krb5_free_context(context); + + *minor_status = ret; + if (ret) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; +} + +/* + * + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SERVICE_KEYBLOCK_X, + keyblock); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_INITIATOR_SUBKEY_X, + keyblock); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SUBKEY_X, + keyblock); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_default_realm(const char *realm) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + buffer.value = rk_UNCONST(realm); + buffer.length = strlen(realm); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DEFAULT_REALM_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_krb5_get_tkt_flags(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + OM_uint32 *tkt_flags) +{ + + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_TKT_FLAGS_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length < 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + const u_char *p = data_set->elements[0].value; + *tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + } + + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_set_time_offset(int offset) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + int32_t o = offset; + + _gss_load_mech(); + + buffer.value = &o; + buffer.length = sizeof(o); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_TIME_OFFSET_X, &buffer); + } + + return (GSS_S_COMPLETE); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_get_time_offset(int *offset) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 maj_stat, junk; + int32_t o; + + _gss_load_mech(); + + buffer.value = &o; + buffer.length = sizeof(o); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + maj_stat = m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_GET_TIME_OFFSET_X, &buffer); + + if (maj_stat == GSS_S_COMPLETE) { + *offset = o; + return maj_stat; + } + } + + return (GSS_S_UNAVAILABLE); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *c) +{ + struct _gss_mech_switch *m; + gss_buffer_desc buffer; + OM_uint32 junk; + + _gss_load_mech(); + + buffer.value = c; + buffer.length = sizeof(*c); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (m->gm_mech.gm_set_sec_context_option == NULL) + continue; + m->gm_mech.gm_set_sec_context_option(&junk, NULL, + GSS_KRB5_PLUGIN_REGISTER_X, &buffer); + } + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_mech_switch.c b/crypto/heimdal/lib/gssapi/mech/gss_mech_switch.c new file mode 100644 index 00000000000..55e01094ff9 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -0,0 +1,438 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_mech_switch.c,v 1.2 2006/02/04 09:40:21 dfr Exp $ + */ + +#include "mech_locl.h" +#include + +#ifndef _PATH_GSS_MECH +#define _PATH_GSS_MECH "/etc/gss/mech" +#endif + +struct _gss_mech_switch_list _gss_mechs = { NULL } ; +gss_OID_set _gss_mech_oids; +static HEIMDAL_MUTEX _gss_mech_mutex = HEIMDAL_MUTEX_INITIALIZER; + +/* + * Convert a string containing an OID in 'dot' form + * (e.g. 1.2.840.113554.1.2.2) to a gss_OID. + */ +static int +_gss_string_to_oid(const char* s, gss_OID oid) +{ + int number_count, i, j; + size_t byte_count; + const char *p, *q; + char *res; + + oid->length = 0; + oid->elements = NULL; + + /* + * First figure out how many numbers in the oid, then + * calculate the compiled oid size. + */ + number_count = 0; + for (p = s; p; p = q) { + q = strchr(p, '.'); + if (q) q = q + 1; + number_count++; + } + + /* + * The first two numbers are in the first byte and each + * subsequent number is encoded in a variable byte sequence. + */ + if (number_count < 2) + return (EINVAL); + + /* + * We do this in two passes. The first pass, we just figure + * out the size. Second time around, we actually encode the + * number. + */ + res = 0; + for (i = 0; i < 2; i++) { + byte_count = 0; + for (p = s, j = 0; p; p = q, j++) { + unsigned int number = 0; + + /* + * Find the end of this number. + */ + q = strchr(p, '.'); + if (q) q = q + 1; + + /* + * Read the number of of the string. Don't + * bother with anything except base ten. + */ + while (*p && *p != '.') { + number = 10 * number + (*p - '0'); + p++; + } + + /* + * Encode the number. The first two numbers + * are packed into the first byte. Subsequent + * numbers are encoded in bytes seven bits at + * a time with the last byte having the high + * bit set. + */ + if (j == 0) { + if (res) + *res = number * 40; + } else if (j == 1) { + if (res) { + *res += number; + res++; + } + byte_count++; + } else if (j >= 2) { + /* + * The number is encoded in seven bit chunks. + */ + unsigned int t; + unsigned int bytes; + + bytes = 0; + for (t = number; t; t >>= 7) + bytes++; + if (bytes == 0) bytes = 1; + while (bytes) { + if (res) { + int bit = 7*(bytes-1); + + *res = (number >> bit) & 0x7f; + if (bytes != 1) + *res |= 0x80; + res++; + } + byte_count++; + bytes--; + } + } + } + if (!res) { + res = malloc(byte_count); + if (!res) + return (ENOMEM); + oid->length = byte_count; + oid->elements = res; + } + } + + return (0); +} + +#define SYM(name) \ +do { \ + m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \ + if (!m->gm_mech.gm_ ## name || \ + m->gm_mech.gm_ ##name == gss_ ## name) { \ + fprintf(stderr, "can't find symbol gss_" #name "\n"); \ + goto bad; \ + } \ +} while (0) + +#define OPTSYM(name) \ +do { \ + m->gm_mech.gm_ ## name = dlsym(so, "gss_" #name); \ + if (m->gm_mech.gm_ ## name == gss_ ## name) \ + m->gm_mech.gm_ ## name = NULL; \ +} while (0) + +#define OPTSPISYM(name) \ +do { \ + m->gm_mech.gm_ ## name = dlsym(so, "gssspi_" #name); \ +} while (0) + +#define COMPATSYM(name) \ +do { \ + m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gss_" #name); \ + if (m->gm_mech.gm_compat->gmc_ ## name == gss_ ## name) \ + m->gm_mech.gm_compat->gmc_ ## name = NULL; \ +} while (0) + +#define COMPATSPISYM(name) \ +do { \ + m->gm_mech.gm_compat->gmc_ ## name = dlsym(so, "gssspi_" #name);\ + if (m->gm_mech.gm_compat->gmc_ ## name == gss_ ## name) \ + m->gm_mech.gm_compat->gmc_ ## name = NULL; \ +} while (0) + +/* + * + */ +static int +add_builtin(gssapi_mech_interface mech) +{ + struct _gss_mech_switch *m; + OM_uint32 minor_status; + + /* not registering any mech is ok */ + if (mech == NULL) + return 0; + + m = calloc(1, sizeof(*m)); + if (m == NULL) + return ENOMEM; + m->gm_so = NULL; + m->gm_mech = *mech; + m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ + gss_add_oid_set_member(&minor_status, + &m->gm_mech.gm_mech_oid, &_gss_mech_oids); + + /* pick up the oid sets of names */ + + if (m->gm_mech.gm_inquire_names_for_mech) + (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, + &m->gm_mech.gm_mech_oid, &m->gm_name_types); + + if (m->gm_name_types == NULL) + gss_create_empty_oid_set(&minor_status, &m->gm_name_types); + + HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); + return 0; +} + +/* + * Load the mechanisms file (/etc/gss/mech). + */ +void +_gss_load_mech(void) +{ + OM_uint32 major_status, minor_status; + FILE *fp; + char buf[256]; + char *p; + char *name, *oid, *lib, *kobj; + struct _gss_mech_switch *m; + void *so; + gss_OID_desc mech_oid; + int found; + + + HEIMDAL_MUTEX_lock(&_gss_mech_mutex); + + if (HEIM_SLIST_FIRST(&_gss_mechs)) { + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); + return; + } + + major_status = gss_create_empty_oid_set(&minor_status, + &_gss_mech_oids); + if (major_status) { + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); + return; + } + + add_builtin(__gss_krb5_initialize()); + add_builtin(__gss_spnego_initialize()); + add_builtin(__gss_ntlm_initialize()); + +#ifdef HAVE_DLOPEN + fp = fopen(_PATH_GSS_MECH, "r"); + if (!fp) { + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); + return; + } + rk_cloexec_file(fp); + + while (fgets(buf, sizeof(buf), fp)) { + _gss_mo_init *mi; + + if (*buf == '#') + continue; + p = buf; + name = strsep(&p, "\t\n "); + if (p) while (isspace((unsigned char)*p)) p++; + oid = strsep(&p, "\t\n "); + if (p) while (isspace((unsigned char)*p)) p++; + lib = strsep(&p, "\t\n "); + if (p) while (isspace((unsigned char)*p)) p++; + kobj = strsep(&p, "\t\n "); + if (!name || !oid || !lib || !kobj) + continue; + + if (_gss_string_to_oid(oid, &mech_oid)) + continue; + + /* + * Check for duplicates, already loaded mechs. + */ + found = 0; + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) { + found = 1; + free(mech_oid.elements); + break; + } + } + if (found) + continue; + +#ifndef RTLD_LOCAL +#define RTLD_LOCAL 0 +#endif + +#ifndef RTLD_GROUP +#define RTLD_GROUP 0 +#endif + + so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP); + if (so == NULL) { +/* fprintf(stderr, "dlopen: %s\n", dlerror()); */ + goto bad; + } + + m = calloc(1, sizeof(*m)); + if (m == NULL) + goto bad; + + m->gm_so = so; + m->gm_mech.gm_mech_oid = mech_oid; + m->gm_mech.gm_flags = 0; + m->gm_mech.gm_compat = calloc(1, sizeof(struct gss_mech_compat_desc_struct)); + if (m->gm_mech.gm_compat == NULL) + goto bad; + + major_status = gss_add_oid_set_member(&minor_status, + &m->gm_mech.gm_mech_oid, &_gss_mech_oids); + if (GSS_ERROR(major_status)) + goto bad; + + SYM(acquire_cred); + SYM(release_cred); + SYM(init_sec_context); + SYM(accept_sec_context); + SYM(process_context_token); + SYM(delete_sec_context); + SYM(context_time); + SYM(get_mic); + SYM(verify_mic); + SYM(wrap); + SYM(unwrap); + SYM(display_status); + SYM(indicate_mechs); + SYM(compare_name); + SYM(display_name); + SYM(import_name); + SYM(export_name); + SYM(release_name); + SYM(inquire_cred); + SYM(inquire_context); + SYM(wrap_size_limit); + SYM(add_cred); + SYM(inquire_cred_by_mech); + SYM(export_sec_context); + SYM(import_sec_context); + SYM(inquire_names_for_mech); + SYM(inquire_mechs_for_name); + SYM(canonicalize_name); + SYM(duplicate_name); + OPTSYM(inquire_cred_by_oid); + OPTSYM(inquire_sec_context_by_oid); + OPTSYM(set_sec_context_option); + OPTSPISYM(set_cred_option); + OPTSYM(pseudo_random); + OPTSYM(wrap_iov); + OPTSYM(unwrap_iov); + OPTSYM(wrap_iov_length); + OPTSYM(store_cred); + OPTSYM(export_cred); + OPTSYM(import_cred); +#if 0 + OPTSYM(acquire_cred_ext); + OPTSYM(iter_creds); + OPTSYM(destroy_cred); + OPTSYM(cred_hold); + OPTSYM(cred_unhold); + OPTSYM(cred_label_get); + OPTSYM(cred_label_set); +#endif + OPTSYM(display_name_ext); + OPTSYM(inquire_name); + OPTSYM(get_name_attribute); + OPTSYM(set_name_attribute); + OPTSYM(delete_name_attribute); + OPTSYM(export_name_composite); + OPTSYM(pname_to_uid); + OPTSPISYM(authorize_localname); + + mi = dlsym(so, "gss_mo_init"); + if (mi != NULL) { + major_status = mi(&minor_status, &mech_oid, + &m->gm_mech.gm_mo, &m->gm_mech.gm_mo_num); + if (GSS_ERROR(major_status)) + goto bad; + } else { + /* API-as-SPI compatibility */ + COMPATSYM(inquire_saslname_for_mech); + COMPATSYM(inquire_mech_for_saslname); + COMPATSYM(inquire_attrs_for_mech); + COMPATSPISYM(acquire_cred_with_password); + } + + /* pick up the oid sets of names */ + + if (m->gm_mech.gm_inquire_names_for_mech) + (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, + &m->gm_mech.gm_mech_oid, &m->gm_name_types); + + if (m->gm_name_types == NULL) + gss_create_empty_oid_set(&minor_status, &m->gm_name_types); + + HEIM_SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); + continue; + + bad: + if (m != NULL) { + free(m->gm_mech.gm_compat); + free(m->gm_mech.gm_mech_oid.elements); + free(m); + } + dlclose(so); + continue; + } + fclose(fp); +#endif + HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); +} + +gssapi_mech_interface +__gss_get_mechanism(gss_const_OID mech) +{ + struct _gss_mech_switch *m; + + _gss_load_mech(); + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, mech)) + return &m->gm_mech; + } + return NULL; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_mo.c b/crypto/heimdal/lib/gssapi/mech/gss_mo.c new file mode 100644 index 00000000000..ad74d9237a2 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_mo.c @@ -0,0 +1,635 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * Portions Copyright (c) 2010 PADL Software Pty Ltd. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +#include + +static int +get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return def; +} + +int +_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return get_option_def(1, mech, mo, value); +} + +int +_gss_mo_get_option_0(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return get_option_def(0, mech, mo, value); +} + +int +_gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + if (value) { + value->value = strdup((char *)mo->ctx); + if (value->value == NULL) + return GSS_S_FAILURE; + value->length = strlen((char *)mo->ctx); + } + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value) +{ + gssapi_mech_interface m; + size_t n; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) + if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set) + return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value); + + return GSS_S_UNAVAILABLE; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value) +{ + gssapi_mech_interface m; + size_t n; + + _mg_buffer_zero(value); + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) + if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get) + return m->gm_mo[n].get(mech, &m->gm_mo[n], value); + + return GSS_S_UNAVAILABLE; +} + +static void +add_all_mo(gssapi_mech_interface m, gss_OID_set *options, OM_uint32 mask) +{ + OM_uint32 minor; + size_t n; + + for (n = 0; n < m->gm_mo_num; n++) + if ((m->gm_mo[n].flags & mask) == mask) + gss_add_oid_set_member(&minor, m->gm_mo[n].option, options); +} + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options) +{ + gssapi_mech_interface m; + OM_uint32 major, minor; + + if (options == NULL) + return; + + *options = GSS_C_NO_OID_SET; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return; + + major = gss_create_empty_oid_set(&minor, options); + if (major != GSS_S_COMPLETE) + return; + + add_all_mo(m, options, 0); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +{ + gssapi_mech_interface m; + size_t n; + + if (name == NULL) + return GSS_S_BAD_NAME; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) { + if (gss_oid_equal(option, m->gm_mo[n].option)) { + /* + * If there is no name, its because its a GSS_C_MA and + * there is already a table for that. + */ + if (m->gm_mo[n].name) { + name->value = strdup(m->gm_mo[n].name); + if (name->value == NULL) + return GSS_S_BAD_NAME; + name->length = strlen(m->gm_mo[n].name); + return GSS_S_COMPLETE; + } else { + OM_uint32 junk; + return gss_display_mech_attr(&junk, option, + NULL, name, NULL); + } + } + } + return GSS_S_BAD_NAME; +} + +/* + * Helper function to allow NULL name + */ + +static OM_uint32 +mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +{ + if (name == NULL) + return GSS_S_COMPLETE; + + return gss_mo_get(mech, option, name); +} + +/* code derived from draft-ietf-cat-sasl-gssapi-01 */ +static char basis_32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; + +static OM_uint32 +make_sasl_name(OM_uint32 *minor, const gss_OID mech, char sasl_name[16]) +{ + EVP_MD_CTX *ctx; + char *p = sasl_name; + u_char hdr[2], hash[20], *h = hash; + + if (mech->length > 127) + return GSS_S_BAD_MECH; + + hdr[0] = 0x06; + hdr[1] = mech->length; + + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(ctx, hdr, 2); + EVP_DigestUpdate(ctx, mech->elements, mech->length); + EVP_DigestFinal_ex(ctx, hash, NULL); + + memcpy(p, "GS2-", 4); + p += 4; + + *p++ = basis_32[(h[0] >> 3)]; + *p++ = basis_32[((h[0] & 7) << 2) | (h[1] >> 6)]; + *p++ = basis_32[(h[1] & 0x3f) >> 1]; + *p++ = basis_32[((h[1] & 1) << 4) | (h[2] >> 4)]; + *p++ = basis_32[((h[2] & 0xf) << 1) | (h[3] >> 7)]; + *p++ = basis_32[(h[3] & 0x7f) >> 2]; + *p++ = basis_32[((h[3] & 3) << 3) | (h[4] >> 5)]; + *p++ = basis_32[(h[4] & 0x1f)]; + *p++ = basis_32[(h[5] >> 3)]; + *p++ = basis_32[((h[5] & 7) << 2) | (h[6] >> 6)]; + *p++ = basis_32[(h[6] & 0x3f) >> 1]; + + *p = '\0'; + + return GSS_S_COMPLETE; +} + +/* + * gss_inquire_saslname_for_mech() wrapper that uses MIT SPI + */ +static OM_uint32 +inquire_saslname_for_mech_compat(OM_uint32 *minor, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description) +{ + struct gss_mech_compat_desc_struct *gmc; + gssapi_mech_interface m; + OM_uint32 major; + + m = __gss_get_mechanism(desired_mech); + if (m == NULL) + return GSS_S_BAD_MECH; + + gmc = m->gm_compat; + + if (gmc != NULL && gmc->gmc_inquire_saslname_for_mech != NULL) { + major = gmc->gmc_inquire_saslname_for_mech(minor, + desired_mech, + sasl_mech_name, + mech_name, + mech_description); + } else { + major = GSS_S_UNAVAILABLE; + } + + return major; +} + +/** + * Returns different protocol names and description of the mechanism. + * + * @param minor_status minor status code + * @param desired_mech mech list query + * @param sasl_mech_name SASL GS2 protocol name + * @param mech_name gssapi protocol name + * @param mech_description description of gssapi mech + * + * @return returns GSS_S_COMPLETE or a error code. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description) +{ + OM_uint32 major; + + _mg_buffer_zero(sasl_mech_name); + _mg_buffer_zero(mech_name); + _mg_buffer_zero(mech_description); + + if (minor_status) + *minor_status = 0; + + if (desired_mech == NULL) + return GSS_S_BAD_MECH; + + major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name); + if (major == GSS_S_COMPLETE) { + /* Native SPI */ + major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name); + if (GSS_ERROR(major)) + return major; + + major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description); + if (GSS_ERROR(major)) + return major; + } + + if (GSS_ERROR(major)) { + /* API-as-SPI compatibility */ + major = inquire_saslname_for_mech_compat(minor_status, + desired_mech, + sasl_mech_name, + mech_name, + mech_description); + } + + if (GSS_ERROR(major)) { + /* Algorithmically dervied SASL mechanism name */ + char buf[16]; + gss_buffer_desc tmp = { sizeof(buf) - 1, buf }; + + major = make_sasl_name(minor_status, desired_mech, buf); + if (GSS_ERROR(major)) + return major; + + major = _gss_copy_buffer(minor_status, &tmp, sasl_mech_name); + if (GSS_ERROR(major)) + return major; + } + + return major; +} + +/** + * Find a mech for a sasl name + * + * @param minor_status minor status code + * @param sasl_mech_name + * @param mech_type + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type) +{ + struct _gss_mech_switch *m; + gss_buffer_desc name; + OM_uint32 major, junk; + char buf[16]; + + _gss_load_mech(); + + *mech_type = NULL; + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + struct gss_mech_compat_desc_struct *gmc; + + /* Native SPI */ + major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name); + if (major == GSS_S_COMPLETE && + name.length == sasl_mech_name->length && + memcmp(name.value, sasl_mech_name->value, name.length) == 0) { + gss_release_buffer(&junk, &name); + *mech_type = &m->gm_mech_oid; + return GSS_S_COMPLETE; + } + gss_release_buffer(&junk, &name); + + if (GSS_ERROR(major)) { + /* API-as-SPI compatibility */ + gmc = m->gm_mech.gm_compat; + if (gmc && gmc->gmc_inquire_mech_for_saslname) { + major = gmc->gmc_inquire_mech_for_saslname(minor_status, + sasl_mech_name, + mech_type); + if (major == GSS_S_COMPLETE) + return GSS_S_COMPLETE; + } + } + + if (GSS_ERROR(major)) { + /* Algorithmically dervied SASL mechanism name */ + if (sasl_mech_name->length == 16 && + make_sasl_name(minor_status, &m->gm_mech_oid, buf) == GSS_S_COMPLETE && + memcmp(buf, sasl_mech_name->value, 16) == 0) { + *mech_type = &m->gm_mech_oid; + return GSS_S_COMPLETE; + } + } + } + + return GSS_S_BAD_MECH; +} + +/* + * Test mechanism against indicated attributes using both Heimdal and + * MIT SPIs. + */ +static int +test_mech_attrs(gssapi_mech_interface mi, + gss_const_OID_set mech_attrs, + gss_const_OID_set against_attrs, + int except) +{ + size_t n, m; + int eq = 0; + + if (against_attrs == GSS_C_NO_OID_SET) + return 1; + + for (n = 0; n < against_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) { + eq = gss_oid_equal(mi->gm_mo[m].option, + &against_attrs->elements[n]); + if (eq) + break; + } + if (mech_attrs != GSS_C_NO_OID_SET) { + for (m = 0; m < mech_attrs->count; m++) { + eq = gss_oid_equal(&mech_attrs->elements[m], + &against_attrs->elements[n]); + if (eq) + break; + } + } + if (!eq ^ except) + return 0; + } + + return 1; +} + +/** + * Return set of mechanism that fullfill the criteria + * + * @param minor_status minor status code + * @param desired_mech_attrs + * @param except_mech_attrs + * @param critical_mech_attrs + * @param mechs returned mechs, free with gss_release_oid_set(). + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs) +{ + struct _gss_mech_switch *ms; + gss_OID_set mech_attrs = GSS_C_NO_OID_SET; + gss_OID_set known_mech_attrs = GSS_C_NO_OID_SET; + OM_uint32 major; + + major = gss_create_empty_oid_set(minor_status, mechs); + if (GSS_ERROR(major)) + return major; + + _gss_load_mech(); + + HEIM_SLIST_FOREACH(ms, &_gss_mechs, gm_link) { + gssapi_mech_interface mi = &ms->gm_mech; + struct gss_mech_compat_desc_struct *gmc = mi->gm_compat; + OM_uint32 tmp; + + if (gmc && gmc->gmc_inquire_attrs_for_mech) { + major = gmc->gmc_inquire_attrs_for_mech(minor_status, + &mi->gm_mech_oid, + &mech_attrs, + &known_mech_attrs); + if (GSS_ERROR(major)) + continue; + } + + /* + * Test mechanism supports all of desired_mech_attrs; + * none of except_mech_attrs; + * and knows of all critical_mech_attrs. + */ + if (test_mech_attrs(mi, mech_attrs, desired_mech_attrs, 0) && + test_mech_attrs(mi, mech_attrs, except_mech_attrs, 1) && + test_mech_attrs(mi, known_mech_attrs, critical_mech_attrs, 0)) { + major = gss_add_oid_set_member(minor_status, &mi->gm_mech_oid, mechs); + } + + gss_release_oid_set(&tmp, &mech_attrs); + gss_release_oid_set(&tmp, &known_mech_attrs); + + if (GSS_ERROR(major)) + break; + } + + return major; +} + +/** + * List support attributes for a mech and/or all mechanisms. + * + * @param minor_status minor status code + * @param mech given together with mech_attr will return the list of + * attributes for mechanism, can optionally be GSS_C_NO_OID. + * @param mech_attr see mech parameter, can optionally be NULL, + * release with gss_release_oid_set(). + * @param known_mech_attrs all attributes for mechanisms supported, + * release with gss_release_oid_set(). + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs) +{ + OM_uint32 major, junk; + + if (known_mech_attrs) + *known_mech_attrs = GSS_C_NO_OID_SET; + + if (mech_attr && mech) { + gssapi_mech_interface m; + struct gss_mech_compat_desc_struct *gmc; + + if ((m = __gss_get_mechanism(mech)) == NULL) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + gmc = m->gm_compat; + + if (gmc && gmc->gmc_inquire_attrs_for_mech) { + major = gmc->gmc_inquire_attrs_for_mech(minor_status, + mech, + mech_attr, + known_mech_attrs); + } else { + major = gss_create_empty_oid_set(minor_status, mech_attr); + if (major == GSS_S_COMPLETE) + add_all_mo(m, mech_attr, GSS_MO_MA); + } + if (GSS_ERROR(major)) + return major; + } + + if (known_mech_attrs) { + struct _gss_mech_switch *m; + + if (*known_mech_attrs == GSS_C_NO_OID_SET) { + major = gss_create_empty_oid_set(minor_status, known_mech_attrs); + if (GSS_ERROR(major)) { + if (mech_attr) + gss_release_oid_set(&junk, mech_attr); + return major; + } + } + + _gss_load_mech(); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) + add_all_mo(&m->gm_mech, known_mech_attrs, GSS_MO_MA); + } + + + return GSS_S_COMPLETE; +} + +/** + * Return names and descriptions of mech attributes + * + * @param minor_status minor status code + * @param mech_attr + * @param name + * @param short_desc + * @param long_desc + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc) +{ + struct _gss_oid_name_table *ma = NULL; + OM_uint32 major; + size_t n; + + _mg_buffer_zero(name); + _mg_buffer_zero(short_desc); + _mg_buffer_zero(long_desc); + + if (minor_status) + *minor_status = 0; + + for (n = 0; ma == NULL && _gss_ont_ma[n].oid; n++) + if (gss_oid_equal(mech_attr, _gss_ont_ma[n].oid)) + ma = &_gss_ont_ma[n]; + + if (ma == NULL) + return GSS_S_BAD_MECH_ATTR; + + if (name) { + gss_buffer_desc bd; + bd.value = rk_UNCONST(ma->name); + bd.length = strlen(ma->name); + major = _gss_copy_buffer(minor_status, &bd, name); + if (major != GSS_S_COMPLETE) + return major; + } + + if (short_desc) { + gss_buffer_desc bd; + bd.value = rk_UNCONST(ma->short_desc); + bd.length = strlen(ma->short_desc); + major = _gss_copy_buffer(minor_status, &bd, short_desc); + if (major != GSS_S_COMPLETE) + return major; + } + + if (long_desc) { + gss_buffer_desc bd; + bd.value = rk_UNCONST(ma->long_desc); + bd.length = strlen(ma->long_desc); + major = _gss_copy_buffer(minor_status, &bd, long_desc); + if (major != GSS_S_COMPLETE) + return major; + } + + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_names.c b/crypto/heimdal/lib/gssapi/mech/gss_names.c new file mode 100644 index 00000000000..43e0e2a85cb --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_names.c @@ -0,0 +1,110 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_names.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +OM_uint32 +_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, + struct _gss_mechanism_name **output_mn) +{ + OM_uint32 major_status; + gssapi_mech_interface m; + struct _gss_mechanism_name *mn; + + *output_mn = NULL; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + if (gss_oid_equal(mech, mn->gmn_mech_oid)) + break; + } + + if (!mn) { + /* + * If this name is canonical (i.e. there is only an + * MN but it is from a different mech), give up now. + */ + if (!name->gn_value.value) + return GSS_S_BAD_NAME; + + m = __gss_get_mechanism(mech); + if (!m) + return (GSS_S_BAD_MECH); + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) + return GSS_S_FAILURE; + + major_status = m->gm_import_name(minor_status, + &name->gn_value, + (name->gn_type.elements + ? &name->gn_type : GSS_C_NO_OID), + &mn->gmn_name); + if (major_status != GSS_S_COMPLETE) { + _gss_mg_error(m, major_status, *minor_status); + free(mn); + return major_status; + } + + mn->gmn_mech = m; + mn->gmn_mech_oid = &m->gm_mech_oid; + HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + } + *output_mn = mn; + return 0; +} + + +/* + * Make a name from an MN. + */ +struct _gss_name * +_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn) +{ + struct _gss_name *name; + struct _gss_mechanism_name *mn; + + name = malloc(sizeof(struct _gss_name)); + if (!name) + return (0); + memset(name, 0, sizeof(struct _gss_name)); + + mn = malloc(sizeof(struct _gss_mechanism_name)); + if (!mn) { + free(name); + return (0); + } + + HEIM_SLIST_INIT(&name->gn_mn); + mn->gmn_mech = m; + mn->gmn_mech_oid = &m->gm_mech_oid; + mn->gmn_name = new_mn; + HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); + + return (name); +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_oid.c b/crypto/heimdal/lib/gssapi/mech/gss_oid.c new file mode 100644 index 00000000000..916d1e4dda5 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_oid.c @@ -0,0 +1,266 @@ +/* Generated file */ +#include "mech_locl.h" + +/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") }; + +/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") }; + +/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") }; + +/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") }; + +/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") }; + +/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") }; + +/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") }; + +/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") }; + +/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") }; + +/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") }; + +/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") }; + +/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") }; + +/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") }; + +/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") }; + +/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") }; + +/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") }; + +/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") }; + +/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") }; + +/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") }; + +/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") }; + +/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") }; + +/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") }; + +/* GSS_C_NT_DN - 1.2.752.43.13.22 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") }; + +/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") }; + +/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") }; + +/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") }; + +/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") }; + +/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") }; + +/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") }; + +/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") }; + +/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") }; + +/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") }; + +/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") }; + +/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") }; + +/* GSS_C_CRED_PASSWORD - 1.2.752.43.13.200 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_password_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x48" }; + +/* GSS_C_CRED_CERTIFICATE - 1.2.752.43.13.201 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_cred_certificate_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x81\x49" }; + +/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; + +/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") }; + +/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") }; + +/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") }; + +/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") }; + +/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") }; + +/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") }; + +/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; + +/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }; + +/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") }; + +/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") }; + +/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") }; + +/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") }; + +/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") }; + +/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") }; + +/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") }; + +/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") }; + +/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") }; + +/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") }; + +/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") }; + +/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") }; + +/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") }; + +/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") }; + +/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") }; + +/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") }; + +/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") }; + +/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") }; + +/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") }; + +/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") }; + +/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") }; + +/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") }; + +/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") }; + +/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") }; + +/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") }; + +/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") }; + +/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") }; + +/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") }; + +/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") }; + +struct _gss_oid_name_table _gss_ont_ma[] = { + { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" }, + { GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" }, + { GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" }, + { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" }, + { GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" }, + { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" }, + { GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" }, + { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" }, + { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" }, + { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" }, + { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" }, + { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" }, + { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" }, + { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" }, + { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" }, + { GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" }, + { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" }, + { GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" }, + { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" }, + { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" }, + { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" }, + { GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" }, + { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" }, + { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" }, + { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" }, + { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" }, + { GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" }, + { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" }, + { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" }, + { GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, + { NULL } +}; + +struct _gss_oid_name_table _gss_ont_mech[] = { + { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, + { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" }, + { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" }, + { NULL } +}; + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_oid_equal.c b/crypto/heimdal/lib/gssapi/mech/gss_oid_equal.c new file mode 100644 index 00000000000..b125ede66fa --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +/** + * Compare two GSS-API OIDs with each other. + * + * GSS_C_NO_OID matches nothing, not even it-self. + * + * @param a first oid to compare + * @param b second oid to compare + * + * @return non-zero when both oid are the same OID, zero when they are + * not the same. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_oid_equal(gss_const_OID a, gss_const_OID b) +{ + if (a == b && a != GSS_C_NO_OID) + return 1; + if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) + return 0; + return memcmp(a->elements, b->elements, a->length) == 0; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/crypto/heimdal/lib/gssapi/mech/gss_oid_to_str.c new file mode 100644 index 00000000000..a1d77687724 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) +{ + int ret; + size_t size; + heim_oid o; + char *p; + + _mg_buffer_zero(oid_str); + + if (oid == GSS_C_NULL_OID) + return GSS_S_FAILURE; + + ret = der_get_oid (oid->elements, oid->length, &o, &size); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = der_print_heim_oid(&o, ' ', &p); + der_free_oid(&o); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + oid_str->value = p; + oid_str->length = strlen(p); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid) +{ + size_t i; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (gss_oid_equal(oid, _gss_ont_mech[i].oid)) + return _gss_ont_mech[i].name; + } + return NULL; +} + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name) +{ + size_t i, partial = (size_t)-1; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0) + return _gss_ont_mech[i].oid; + if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) { + if (partial != (size_t)-1) + return NULL; + partial = i; + } + } + if (partial != (size_t)-1) + return _gss_ont_mech[partial].oid; + return NULL; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_pname_to_uid.c b/crypto/heimdal/lib/gssapi/mech/gss_pname_to_uid.c new file mode 100644 index 00000000000..c5f26949f2a --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_pname_to_uid.c @@ -0,0 +1,167 @@ +/* + * Copyright (c) 2011, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +static OM_uint32 +mech_pname_to_uid(OM_uint32 *minor_status, + struct _gss_mechanism_name *mn, + uid_t *uidp) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + + *minor_status = 0; + + if (mn->gmn_mech->gm_pname_to_uid == NULL) + return GSS_S_UNAVAILABLE; + + major_status = mn->gmn_mech->gm_pname_to_uid(minor_status, + mn->gmn_name, + mn->gmn_mech_oid, + uidp); + if (GSS_ERROR(major_status)) + _gss_mg_error(mn->gmn_mech, major_status, *minor_status); + + return major_status; +} + +static OM_uint32 +attr_pname_to_uid(OM_uint32 *minor_status, + struct _gss_mechanism_name *mn, + uid_t *uidp) +{ +#ifdef NO_LOCALNAME + return GSS_S_UNAVAILABLE; +#else + OM_uint32 major_status = GSS_S_UNAVAILABLE; + OM_uint32 tmpMinor; + int more = -1; + + *minor_status = 0; + + if (mn->gmn_mech->gm_get_name_attribute == NULL) + return GSS_S_UNAVAILABLE; + + while (more != 0) { + gss_buffer_desc value; + gss_buffer_desc display_value; + int authenticated = 0, complete = 0; +#ifdef POSIX_GETPWNAM_R + char pwbuf[2048]; + struct passwd pw, *pwd; +#else + struct passwd *pwd; +#endif + char *localname; + + major_status = mn->gmn_mech->gm_get_name_attribute(minor_status, + mn->gmn_name, + GSS_C_ATTR_LOCAL_LOGIN_USER, + &authenticated, + &complete, + &value, + &display_value, + &more); + if (GSS_ERROR(major_status)) { + _gss_mg_error(mn->gmn_mech, major_status, *minor_status); + break; + } + + localname = malloc(value.length + 1); + if (localname == NULL) { + major_status = GSS_S_FAILURE; + *minor_status = ENOMEM; + break; + } + + memcpy(localname, value.value, value.length); + localname[value.length] = '\0'; + +#ifdef POSIX_GETPWNAM_R + if (getpwnam_r(localname, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) + pwd = NULL; +#else + pwd = getpwnam(localname); +#endif + + free(localname); + gss_release_buffer(&tmpMinor, &value); + gss_release_buffer(&tmpMinor, &display_value); + + if (pwd != NULL) { + *uidp = pwd->pw_uid; + major_status = GSS_S_COMPLETE; + *minor_status = 0; + break; + } else + major_status = GSS_S_UNAVAILABLE; + } + + return major_status; +#endif /* NO_LOCALNAME */ +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_pname_to_uid(OM_uint32 *minor_status, + const gss_name_t pname, + const gss_OID mech_type, + uid_t *uidp) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) pname; + struct _gss_mechanism_name *mn = NULL; + + *minor_status = 0; + + if (mech_type != GSS_C_NO_OID) { + major_status = _gss_find_mn(minor_status, name, mech_type, &mn); + if (GSS_ERROR(major_status)) + return major_status; + + major_status = mech_pname_to_uid(minor_status, mn, uidp); + if (major_status != GSS_S_COMPLETE) + major_status = attr_pname_to_uid(minor_status, mn, uidp); + } else { + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + major_status = mech_pname_to_uid(minor_status, mn, uidp); + if (major_status != GSS_S_COMPLETE) + major_status = attr_pname_to_uid(minor_status, mn, uidp); + if (major_status != GSS_S_UNAVAILABLE) + break; + } + } + + if (major_status != GSS_S_COMPLETE && mn != NULL) + _gss_mg_error(mn->gmn_mech, major_status, *minor_status); + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_process_context_token.c b/crypto/heimdal/lib/gssapi/mech/gss_process_context_token.c new file mode 100644 index 00000000000..e8e9b56cdc7 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_process_context_token.c @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_process_context_token.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_process_context_token(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_buffer) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_process_context_token(minor_status, ctx->gc_ctx, + token_buffer)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_pseudo_random.c b/crypto/heimdal/lib/gssapi/mech/gss_pseudo_random.c new file mode 100644 index 00000000000..ce4f9a4136a --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_pseudo_random.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + struct _gss_context *ctx = (struct _gss_context *) context; + gssapi_mech_interface m; + OM_uint32 major_status; + + _mg_buffer_zero(prf_out); + *minor_status = 0; + + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + m = ctx->gc_mech; + + if (m->gm_pseudo_random == NULL) + return GSS_S_UNAVAILABLE; + + major_status = (*m->gm_pseudo_random)(minor_status, ctx->gc_ctx, + prf_key, prf_in, desired_output_len, + prf_out); + if (major_status != GSS_S_COMPLETE) + _gss_mg_error(m, major_status, *minor_status); + + return major_status; +} diff --git a/kerberos5/lib/libgssapi_spnego/prefix.c b/crypto/heimdal/lib/gssapi/mech/gss_release_buffer.c similarity index 72% rename from kerberos5/lib/libgssapi_spnego/prefix.c rename to crypto/heimdal/lib/gssapi/mech/gss_release_buffer.c index 575c951d0fb..c3dd4575b6f 100644 --- a/kerberos5/lib/libgssapi_spnego/prefix.c +++ b/crypto/heimdal/lib/gssapi/mech/gss_release_buffer.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2008 Doug Rabson + * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -23,23 +23,20 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: src/lib/libgssapi/gss_release_buffer.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ */ -#include +#include "mech_locl.h" -static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc = -{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; - -gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; - -gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; - -const char * -_gss_name_prefix(void) +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_buffer(OM_uint32 *minor_status, + gss_buffer_t buffer) { - return "_gss_spnego"; + + *minor_status = 0; + if (buffer->value) + free(buffer->value); + _mg_buffer_zero(buffer); + + return (GSS_S_COMPLETE); } diff --git a/crypto/heimdal/lib/gssapi/mech/gss_release_cred.c b/crypto/heimdal/lib/gssapi/mech/gss_release_cred.c new file mode 100644 index 00000000000..341f9f658cc --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_release_cred.c @@ -0,0 +1,73 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +/** + * Release a credentials + * + * Its ok to release the GSS_C_NO_CREDENTIAL/NULL credential, it will + * return a GSS_S_COMPLETE error code. On return cred_handle is set ot + * GSS_C_NO_CREDENTIAL. + * + * Example: + * + * @code + * gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; + * major = gss_release_cred(&minor, &cred); + * @endcode + * + * @param minor_status minor status return code, mech specific + * @param cred_handle a pointer to the credential too release + * + * @return an gssapi error code + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) +{ + struct _gss_cred *cred = (struct _gss_cred *) *cred_handle; + struct _gss_mechanism_cred *mc; + + if (*cred_handle == GSS_C_NO_CREDENTIAL) + return (GSS_S_COMPLETE); + + while (HEIM_SLIST_FIRST(&cred->gc_mc)) { + mc = HEIM_SLIST_FIRST(&cred->gc_mc); + HEIM_SLIST_REMOVE_HEAD(&cred->gc_mc, gmc_link); + mc->gmc_mech->gm_release_cred(minor_status, &mc->gmc_cred); + free(mc); + } + free(cred); + + *minor_status = 0; + *cred_handle = GSS_C_NO_CREDENTIAL; + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_release_name.c b/crypto/heimdal/lib/gssapi/mech/gss_release_name.c new file mode 100644 index 00000000000..fd0b5df36be --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_release_name.c @@ -0,0 +1,74 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +/** + * Free a name + * + * import_name can point to NULL or be NULL, or a pointer to a + * gss_name_t structure. If it was a pointer to gss_name_t, the + * pointer will be set to NULL on success and failure. + * + * @param minor_status minor status code + * @param input_name name to free + * + * @returns a gss_error code, see gss_display_status() about printing + * the error code. + * + * @ingroup gssapi + */ +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_name(OM_uint32 *minor_status, + gss_name_t *input_name) +{ + struct _gss_name *name; + + *minor_status = 0; + + if (input_name == NULL || *input_name == NULL) + return GSS_S_COMPLETE; + + name = (struct _gss_name *) *input_name; + + if (name->gn_type.elements) + free(name->gn_type.elements); + while (HEIM_SLIST_FIRST(&name->gn_mn)) { + struct _gss_mechanism_name *mn; + mn = HEIM_SLIST_FIRST(&name->gn_mn); + HEIM_SLIST_REMOVE_HEAD(&name->gn_mn, gmn_link); + mn->gmn_mech->gm_release_name(minor_status, + &mn->gmn_name); + free(mn); + } + gss_release_buffer(minor_status, &name->gn_value); + free(name); + *input_name = GSS_C_NO_NAME; + + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/sl/ss.h b/crypto/heimdal/lib/gssapi/mech/gss_release_oid.c similarity index 55% rename from crypto/heimdal/lib/sl/ss.h rename to crypto/heimdal/lib/gssapi/mech/gss_release_oid.c index 15e1f88cb64..610daf229c4 100644 --- a/crypto/heimdal/lib/sl/ss.h +++ b/crypto/heimdal/lib/gssapi/mech/gss_release_oid.c @@ -1,57 +1,58 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: ss.h 8294 2000-05-25 00:15:21Z assar $ */ -/* SS compatibility for SL */ +#include "mech_locl.h" -#ifndef __ss_h__ -#define __ss_h__ -#include +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) +{ + gss_OID o = *oid; -typedef SL_cmd ss_request_table; + *oid = GSS_C_NO_OID; -int ss_create_invocation (const char *, const char *, const char*, - ss_request_table*, int*); + if (minor_status != NULL) + *minor_status = 0; -void ss_error (int, long, const char*, ...); -int ss_execute_command (int, char**); -int ss_execute_line (int, const char*); -int ss_list_requests (int argc, char**); -int ss_listen (int); -void ss_perror (int, long, const char*); -int ss_quit (int argc, char**); + if (o == GSS_C_NO_OID) + return GSS_S_COMPLETE; -#define SS_ET_COMMAND_NOT_FOUND (-1) + if (o->elements != NULL) { + free(o->elements); + o->elements = NULL; + } + o->length = 0; + free(o); -#endif /* __ss_h__ */ + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c b/crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c new file mode 100644 index 00000000000..183ddf8c751 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_release_oid_set.c @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_release_oid_set.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_release_oid_set(OM_uint32 *minor_status, + gss_OID_set *set) +{ + + *minor_status = 0; + if (set && *set) { + if ((*set)->elements) + free((*set)->elements); + free(*set); + *set = GSS_C_NO_OID_SET; + } + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_seal.c b/crypto/heimdal/lib/gssapi/mech/gss_seal.c new file mode 100644 index 00000000000..26c65dafc98 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_seal.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_seal.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_seal(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + int qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + + return (gss_wrap(minor_status, + context_handle, conf_req_flag, qop_req, + input_message_buffer, conf_state, + output_message_buffer)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_set_cred_option.c b/crypto/heimdal/lib/gssapi/mech/gss_set_cred_option.c new file mode 100644 index 00000000000..d33453d92fe --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_set_cred_option.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_set_cred_option (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID object, + const gss_buffer_t value) +{ + struct _gss_cred *cred = (struct _gss_cred *) *cred_handle; + OM_uint32 major_status = GSS_S_COMPLETE; + struct _gss_mechanism_cred *mc; + int one_ok = 0; + + *minor_status = 0; + + _gss_load_mech(); + + if (cred == NULL) { + struct _gss_mech_switch *m; + + cred = malloc(sizeof(*cred)); + if (cred == NULL) + return GSS_S_FAILURE; + + HEIM_SLIST_INIT(&cred->gc_mc); + + HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { + + if (m->gm_mech.gm_set_cred_option == NULL) + continue; + + mc = malloc(sizeof(*mc)); + if (mc == NULL) { + *cred_handle = (gss_cred_id_t)cred; + gss_release_cred(minor_status, cred_handle); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + mc->gmc_mech = &m->gm_mech; + mc->gmc_mech_oid = &m->gm_mech_oid; + mc->gmc_cred = GSS_C_NO_CREDENTIAL; + + major_status = m->gm_mech.gm_set_cred_option( + minor_status, &mc->gmc_cred, object, value); + + if (major_status) { + free(mc); + continue; + } + one_ok = 1; + HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); + } + *cred_handle = (gss_cred_id_t)cred; + if (!one_ok) { + OM_uint32 junk; + gss_release_cred(&junk, cred_handle); + } + } else { + gssapi_mech_interface m; + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + m = mc->gmc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_set_cred_option == NULL) + continue; + + major_status = m->gm_set_cred_option(minor_status, + &mc->gmc_cred, object, value); + if (major_status == GSS_S_COMPLETE) + one_ok = 1; + else + _gss_mg_error(m, major_status, *minor_status); + + } + } + if (one_ok) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + return major_status; +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_set_name_attribute.c b/crypto/heimdal/lib/gssapi/mech/gss_set_name_attribute.c new file mode 100644 index 00000000000..ada7a0612ec --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_set_name_attribute.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2010, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_set_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + int complete, + gss_buffer_t attr, + gss_buffer_t value) +{ + OM_uint32 major_status = GSS_S_UNAVAILABLE; + struct _gss_name *name = (struct _gss_name *) input_name; + struct _gss_mechanism_name *mn; + + *minor_status = 0; + + if (input_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + HEIM_SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { + gssapi_mech_interface m = mn->gmn_mech; + + if (!m->gm_set_name_attribute) + continue; + + major_status = m->gm_set_name_attribute(minor_status, + mn->gmn_name, + complete, + attr, + value); + if (GSS_ERROR(major_status)) + _gss_mg_error(m, major_status, *minor_status); + else + break; + } + + return major_status; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c b/crypto/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c new file mode 100644 index 00000000000..6efe1a0b171 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_set_sec_context_option.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2004, PADL Software Pty Ltd. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID object, + const gss_buffer_t value) +{ + struct _gss_context *ctx; + OM_uint32 major_status; + gssapi_mech_interface m; + + *minor_status = 0; + + if (context_handle == NULL) + return GSS_S_NO_CONTEXT; + + ctx = (struct _gss_context *) *context_handle; + + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + m = ctx->gc_mech; + + if (m == NULL) + return GSS_S_BAD_MECH; + + if (m->gm_set_sec_context_option != NULL) { + major_status = m->gm_set_sec_context_option(minor_status, + &ctx->gc_ctx, object, value); + if (major_status != GSS_S_COMPLETE) + _gss_mg_error(m, major_status, *minor_status); + } else + major_status = GSS_S_BAD_MECH; + + return major_status; +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_sign.c b/crypto/heimdal/lib/gssapi/mech/gss_sign.c new file mode 100644 index 00000000000..4ef99c19878 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_sign.c @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_sign.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_sign(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int qop_req, + gss_buffer_t message_buffer, + gss_buffer_t message_token) +{ + + return gss_get_mic(minor_status, + context_handle, qop_req, message_buffer, message_token); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_store_cred.c b/crypto/heimdal/lib/gssapi/mech/gss_store_cred.c new file mode 100644 index 00000000000..4d2bfdec8b1 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_store_cred.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_store_cred(OM_uint32 *minor_status, + gss_cred_id_t input_cred_handle, + gss_cred_usage_t cred_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored) +{ + struct _gss_cred *cred = (struct _gss_cred *) input_cred_handle; + struct _gss_mechanism_cred *mc; + OM_uint32 maj, junk; + + if (minor_status == NULL) + return GSS_S_FAILURE; + if (elements_stored) + *elements_stored = NULL; + if (cred_usage_stored) + *cred_usage_stored = 0; + + if (cred == NULL) + return GSS_S_NO_CONTEXT; + + if (elements_stored) { + maj = gss_create_empty_oid_set(minor_status, elements_stored); + if (maj != GSS_S_COMPLETE) + return maj; + } + + HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { + gssapi_mech_interface m = mc->gmc_mech; + + if (m == NULL || m->gm_store_cred == NULL) + continue; + + if (desired_mech) { + maj = gss_oid_equal(&m->gm_mech_oid, desired_mech); + if (maj != 0) + continue; + } + + maj = (m->gm_store_cred)(minor_status, mc->gmc_cred, + cred_usage, desired_mech, overwrite_cred, + default_cred, NULL, cred_usage_stored); + if (maj != GSS_S_COMPLETE) { + gss_release_oid_set(&junk, elements_stored); + return maj; + } + + if (elements_stored) { + gss_add_oid_set_member(&junk, + &m->gm_mech_oid, + elements_stored); + } + + } + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c b/crypto/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c new file mode 100644 index 00000000000..715d34bf066 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_test_oid_set_member.c @@ -0,0 +1,46 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_test_oid_set_member.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_test_oid_set_member(OM_uint32 *minor_status, + const gss_OID member, + const gss_OID_set set, + int *present) +{ + size_t i; + + *present = 0; + for (i = 0; i < set->count; i++) + if (gss_oid_equal(member, &set->elements[i])) + *present = 1; + + *minor_status = 0; + return (GSS_S_COMPLETE); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_unseal.c b/crypto/heimdal/lib/gssapi/mech/gss_unseal.c new file mode 100644 index 00000000000..0add03d4ddb --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_unseal.c @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_unseal.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_unseal(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + int *qop_state) +{ + + return (gss_unwrap(minor_status, + context_handle, input_message_buffer, + output_message_buffer, conf_state, (gss_qop_t *)qop_state)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_unwrap.c b/crypto/heimdal/lib/gssapi/mech/gss_unwrap.c new file mode 100644 index 00000000000..d0d18aca25b --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_unwrap.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_unwrap.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_unwrap(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m = ctx->gc_mech; + + return (m->gm_unwrap(minor_status, ctx->gc_ctx, + input_message_buffer, output_message_buffer, + conf_state, qop_state)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_utils.c b/crypto/heimdal/lib/gssapi/mech/gss_utils.c new file mode 100644 index 00000000000..2071621b230 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_utils.c @@ -0,0 +1,78 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_utils.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +OM_uint32 +_gss_copy_oid(OM_uint32 *minor_status, + const gss_OID from_oid, gss_OID to_oid) +{ + size_t len = from_oid->length; + + *minor_status = 0; + to_oid->elements = malloc(len); + if (!to_oid->elements) { + to_oid->length = 0; + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + to_oid->length = len; + memcpy(to_oid->elements, from_oid->elements, len); + return (GSS_S_COMPLETE); +} + +OM_uint32 +_gss_free_oid(OM_uint32 *minor_status, gss_OID oid) +{ + *minor_status = 0; + if (oid->elements) { + free(oid->elements); + oid->elements = NULL; + oid->length = 0; + } + return (GSS_S_COMPLETE); +} + +OM_uint32 +_gss_copy_buffer(OM_uint32 *minor_status, + const gss_buffer_t from_buf, gss_buffer_t to_buf) +{ + size_t len = from_buf->length; + + *minor_status = 0; + to_buf->value = malloc(len); + if (!to_buf->value) { + *minor_status = ENOMEM; + to_buf->length = 0; + return GSS_S_FAILURE; + } + to_buf->length = len; + memcpy(to_buf->value, from_buf->value, len); + return (GSS_S_COMPLETE); +} + diff --git a/crypto/heimdal/lib/gssapi/mech/gss_verify.c b/crypto/heimdal/lib/gssapi/mech/gss_verify.c new file mode 100644 index 00000000000..dd53ddbae90 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_verify.c @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_verify.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_verify(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t message_buffer, + gss_buffer_t token_buffer, + int *qop_state) +{ + + return (gss_verify_mic(minor_status, + context_handle, message_buffer, token_buffer, + (gss_qop_t *)qop_state)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_verify_mic.c b/crypto/heimdal/lib/gssapi/mech/gss_verify_mic.c new file mode 100644 index 00000000000..a791dc73276 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_verify_mic.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_verify_mic.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_verify_mic(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t *qop_state) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + if (qop_state) + *qop_state = 0; + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + m = ctx->gc_mech; + + return (m->gm_verify_mic(minor_status, ctx->gc_ctx, + message_buffer, token_buffer, qop_state)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_wrap.c b/crypto/heimdal/lib/gssapi/mech/gss_wrap.c new file mode 100644 index 00000000000..d9864b36ccb --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_wrap.c @@ -0,0 +1,71 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_wrap.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +/** + * Wrap a message using either confidentiality (encryption + + * signature) or sealing (signature). + * + * @param minor_status minor status code. + * @param context_handle context handle. + * @param conf_req_flag if non zero, confidentiality is requestd. + * @param qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in. + * @param input_message_buffer messages to wrap + * @param conf_state returns non zero if confidentiality was honoured. + * @param output_message_buffer the resulting buffer, release with gss_release_buffer(). + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + if (conf_state) + *conf_state = 0; + _mg_buffer_zero(output_message_buffer); + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + m = ctx->gc_mech; + + return (m->gm_wrap(minor_status, ctx->gc_ctx, + conf_req_flag, qop_req, input_message_buffer, + conf_state, output_message_buffer)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c b/crypto/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c new file mode 100644 index 00000000000..9bebcf6cf08 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gss_wrap_size_limit.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/gss_wrap_size_limit.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ + */ + +#include "mech_locl.h" + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_wrap_size_limit(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) +{ + struct _gss_context *ctx = (struct _gss_context *) context_handle; + gssapi_mech_interface m; + + *max_input_size = 0; + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + m = ctx->gc_mech; + + return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx, + conf_req_flag, qop_req, req_output_size, max_input_size)); +} diff --git a/crypto/heimdal/lib/gssapi/mech/gssapi.asn1 b/crypto/heimdal/lib/gssapi/mech/gssapi.asn1 new file mode 100644 index 00000000000..1ba7b40637b --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/gssapi.asn1 @@ -0,0 +1,12 @@ +-- $Id$ + +GSS-API DEFINITIONS ::= BEGIN + +IMPORTS heim_any_set FROM heim; + +GSSAPIContextToken ::= [APPLICATION 0] IMPLICIT SEQUENCE { + thisMech OBJECT IDENTIFIER, + innerContextToken heim_any_set +} + +END \ No newline at end of file diff --git a/crypto/heimdal/lib/gssapi/mech/mech.5 b/crypto/heimdal/lib/gssapi/mech/mech.5 new file mode 100644 index 00000000000..e7b083d3158 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/mech.5 @@ -0,0 +1,94 @@ +.\" Copyright (c) 2005 Doug Rabson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libgssapi/mech.5,v 1.1 2005/12/29 14:40:20 dfr Exp $ +.Dd November 14, 2005 +.Dt MECH 5 +.Os +.Sh NAME +.Nm mech , +.Nm qop +.Nd "GSS-API Mechanism and QOP files" +.Sh SYNOPSIS +.Pa "/etc/gss/mech" +.Pa "/etc/gss/qop" +.Sh DESCRIPTION +The +.Pa "/etc/gss/mech" +file contains a list of installed GSS-API security mechanisms. +Each line of the file either contains a comment if the first character +is '#' or it contains five fields with the following meanings: +.Bl -tag +.It Name +The name of this GSS-API mechanism. +.It Object identifier +The OID for this mechanism. +.It Library +A shared library containing the implementation of this mechanism. +.It Kernel module (optional) +A kernel module containing the implementation of this mechanism (not +yet supported in FreeBSD). +.It Library options (optional) +Optionsal parameters interpreted by the mechanism. Library options +must be enclosed in brackets ([ ]) to differentiate them from the +optional kernel module entry. +.El +.Pp +The +.Pa "/etc/gss/qop" +file contains a list of Quality of Protection values for use with +GSS-API. +Each line of the file either contains a comment if the first character +is '#' or it contains three fields with the following meanings: +.Bl -tag +.It QOP string +The name of this Quality of Protection algorithm. +.It QOP value +The numeric value used to select this algorithm for use with GSS-API +functions such as +.Xr gss_get_mic 3 . +.It Mechanism name +The GSS-API mechanism name that corresponds to this algorithm. +.El +.Sh EXAMPLES +This is a typical entry from +.Pa "/etc/gss/mech" : +.Bd -literal +kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.8 - +.Ed +.Pp +This is a typical entry from +.Pa "/etc/gss/qop" : +.Bd -literal +GSS_KRB5_CONF_C_QOP_DES 0x0100 kerberosv5 +.Ed +.Sh HISTORY +The +.Nm +manual page example first appeared in +.Fx 7.0 . +.Sh AUTHORS +This +manual page was written by +.An Doug Rabson Aq dfr@FreeBSD.org . diff --git a/crypto/heimdal/lib/gssapi/mech/mech.cat5 b/crypto/heimdal/lib/gssapi/mech/mech.cat5 new file mode 100644 index 00000000000..821a193df6e --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/mech.cat5 @@ -0,0 +1,61 @@ + +MECH(5) BSD File Formats Manual MECH(5) + +NNAAMMEE + mmeecchh, qqoopp -- GSS-API Mechanism and QOP files + +SSYYNNOOPPSSIISS + _/_e_t_c_/_g_s_s_/_m_e_c_h _/_e_t_c_/_g_s_s_/_q_o_p + +DDEESSCCRRIIPPTTIIOONN + The _/_e_t_c_/_g_s_s_/_m_e_c_h file contains a list of installed GSS-API security + mechanisms. Each line of the file either contains a comment if the first + character is '#' or it contains five fields with the following meanings: + + Name The name of this GSS-API mechanism. + + Object identifier + The OID for this mechanism. + + Library A shared library containing the implementation of this + mechanism. + + Kernel module (optional) + A kernel module containing the implementation of this mech- + anism (not yet supported in FreeBSD). + + Library options (optional) + Optionsal parameters interpreted by the mechanism. Library + options must be enclosed in brackets ([ ]) to differentiate + them from the optional kernel module entry. + + The _/_e_t_c_/_g_s_s_/_q_o_p file contains a list of Quality of Protection values for + use with GSS-API. Each line of the file either contains a comment if the + first character is '#' or it contains three fields with the following + meanings: + + QOP string The name of this Quality of Protection algorithm. + + QOP value The numeric value used to select this algorithm for use + with GSS-API functions such as gss_get_mic(3). + + Mechanism name + The GSS-API mechanism name that corresponds to this algo- + rithm. + +EEXXAAMMPPLLEESS + This is a typical entry from _/_e_t_c_/_g_s_s_/_m_e_c_h: + + kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.8 - + + This is a typical entry from _/_e_t_c_/_g_s_s_/_q_o_p: + + GSS_KRB5_CONF_C_QOP_DES 0x0100 kerberosv5 + +HHIISSTTOORRYY + The mmeecchh manual page example first appeared in FreeBSD 7.0. + +AAUUTTHHOORRSS + This manual page was written by Doug Rabson . + +BSD November 14, 2005 BSD diff --git a/crypto/heimdal/lib/sl/make_cmds.h b/crypto/heimdal/lib/gssapi/mech/mech_locl.h similarity index 54% rename from crypto/heimdal/lib/sl/make_cmds.h rename to crypto/heimdal/lib/gssapi/mech/mech_locl.h index 818e5e85940..6c23ac5256b 100644 --- a/crypto/heimdal/lib/sl/make_cmds.h +++ b/crypto/heimdal/lib/gssapi/mech/mech_locl.h @@ -1,76 +1,81 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: make_cmds.h 8467 2000-06-27 02:36:56Z assar $ */ +/* $Id$ */ -#ifndef __MAKE_CMDS_H__ -#define __MAKE_CMDS_H__ - -#ifdef HAVE_CONFIG_H #include -#endif + +#include + +#include #include -#include #include -#include +#include +#include +#include +#include + +#include +#include #include -extern char *filename; -extern char *table_name; -extern int numerror; +#include +#include +#include -struct command_list { - char *function; - char *help; - struct string_list *aliases; - unsigned flags; - struct command_list *next; - struct command_list **tail; -}; +#include "mechqueue.h" -struct string_list { - char *string; - struct string_list *next; - struct string_list **tail; -}; +#include "context.h" +#include "cred.h" +#include "mech_switch.h" +#include "name.h" +#include "utils.h" +#include "compat.h" -void add_command(char*, char*, struct string_list*, unsigned); +#define _mg_buffer_zero(buffer) \ + do { \ + if (buffer) { \ + (buffer)->value = NULL; \ + (buffer)->length = 0; \ + } \ + } while(0) -void error_message(const char *, ...) - __attribute__ ((format (printf, 1,2))); - -int yylex (void); - -#endif /* __MAKE_CMDS_H__ */ +#define _mg_oid_set_zero(oid_set) \ + do { \ + if (oid_set) { \ + (oid_set)->elements = NULL; \ + (oid_set)->count = 0; \ + } \ + } while(0) diff --git a/crypto/heimdal/lib/gssapi/mech/mech_switch.h b/crypto/heimdal/lib/gssapi/mech/mech_switch.h new file mode 100644 index 00000000000..7ed3d4d4aa3 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/mech_switch.h @@ -0,0 +1,43 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/mech_switch.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id$ + */ + +#include + +struct _gss_mech_switch { + HEIM_SLIST_ENTRY(_gss_mech_switch) gm_link; + gss_OID_desc gm_mech_oid; + gss_OID_set gm_name_types; + void *gm_so; + gssapi_mech_interface_desc gm_mech; +}; +HEIM_SLIST_HEAD(_gss_mech_switch_list, _gss_mech_switch); +extern struct _gss_mech_switch_list _gss_mechs; +extern gss_OID_set _gss_mech_oids; + +void _gss_load_mech(void); diff --git a/crypto/heimdal/lib/gssapi/mech/mechqueue.h b/crypto/heimdal/lib/gssapi/mech/mechqueue.h new file mode 100644 index 00000000000..95941bab7e8 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/mechqueue.h @@ -0,0 +1,97 @@ +/* $NetBSD: queue.h,v 1.39 2004/04/18 14:25:34 lukem Exp $ */ + +/* + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)queue.h 8.5 (Berkeley) 8/20/94 + */ + +#ifndef _MECHQUEUE_H_ +#define _MECHQUEUE_H_ + +/* + * Singly-linked List definitions. + */ +#define HEIM_SLIST_HEAD(name, type) \ +struct name { \ + struct type *slh_first; /* first element */ \ +} + +#define HEIM_SLIST_HEAD_INITIALIZER(head) \ + { NULL } + +#define HEIM_SLIST_ENTRY(type) \ +struct { \ + struct type *sle_next; /* next element */ \ +} + +/* + * Singly-linked List functions. + */ +#define HEIM_SLIST_INIT(head) do { \ + (head)->slh_first = NULL; \ +} while (/*CONSTCOND*/0) + +#define HEIM_SLIST_INSERT_AFTER(slistelm, elm, field) do { \ + (elm)->field.sle_next = (slistelm)->field.sle_next; \ + (slistelm)->field.sle_next = (elm); \ +} while (/*CONSTCOND*/0) + +#define HEIM_SLIST_INSERT_HEAD(head, elm, field) do { \ + (elm)->field.sle_next = (head)->slh_first; \ + (head)->slh_first = (elm); \ +} while (/*CONSTCOND*/0) + +#define HEIM_SLIST_REMOVE_HEAD(head, field) do { \ + (head)->slh_first = (head)->slh_first->field.sle_next; \ +} while (/*CONSTCOND*/0) + +#define HEIM_SLIST_REMOVE(head, elm, type, field) do { \ + if ((head)->slh_first == (elm)) { \ + HEIM_SLIST_REMOVE_HEAD((head), field); \ + } \ + else { \ + struct type *curelm = (head)->slh_first; \ + while(curelm->field.sle_next != (elm)) \ + curelm = curelm->field.sle_next; \ + curelm->field.sle_next = \ + curelm->field.sle_next->field.sle_next; \ + } \ +} while (/*CONSTCOND*/0) + +#define HEIM_SLIST_FOREACH(var, head, field) \ + for((var) = (head)->slh_first; (var); (var) = (var)->field.sle_next) + +/* + * Singly-linked List access methods. + */ +#define HEIM_SLIST_EMPTY(head) ((head)->slh_first == NULL) +#define HEIM_SLIST_FIRST(head) ((head)->slh_first) +#define HEIM_SLIST_NEXT(elm, field) ((elm)->field.sle_next) + +#endif /* !_MECHQUEUE_H_ */ diff --git a/crypto/heimdal/lib/gssapi/mech/name.h b/crypto/heimdal/lib/gssapi/mech/name.h new file mode 100644 index 00000000000..4baeebf36a8 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/name.h @@ -0,0 +1,48 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id$ + */ + +struct _gss_mechanism_name { + HEIM_SLIST_ENTRY(_gss_mechanism_name) gmn_link; + gssapi_mech_interface gmn_mech; /* mechanism ops for MN */ + gss_OID gmn_mech_oid; /* mechanism oid for MN */ + gss_name_t gmn_name; /* underlying MN */ +}; +HEIM_SLIST_HEAD(_gss_mechanism_name_list, _gss_mechanism_name); + +struct _gss_name { + gss_OID_desc gn_type; /* type of name */ + gss_buffer_desc gn_value; /* value (as imported) */ + struct _gss_mechanism_name_list gn_mn; /* list of MNs */ +}; + +OM_uint32 + _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID, + struct _gss_mechanism_name **); +struct _gss_name * + _gss_make_name(gssapi_mech_interface m, gss_name_t new_mn); diff --git a/crypto/heimdal/lib/gssapi/mech/utils.h b/crypto/heimdal/lib/gssapi/mech/utils.h new file mode 100644 index 00000000000..7b27d38f3cd --- /dev/null +++ b/crypto/heimdal/lib/gssapi/mech/utils.h @@ -0,0 +1,33 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/lib/libgssapi/utils.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ + * $Id$ + */ + +OM_uint32 _gss_free_oid(OM_uint32 *, gss_OID); +OM_uint32 _gss_copy_oid(OM_uint32 *, const gss_OID, gss_OID); +OM_uint32 _gss_copy_buffer(OM_uint32 *minor_status, + const gss_buffer_t from_buf, gss_buffer_t to_buf); diff --git a/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c index 79fc53826de..533fc15df8f 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" - -RCSID("$Id: accept_sec_context.c 22521 2008-01-24 11:53:18Z lha $"); +#include "ntlm.h" /* * @@ -43,10 +41,17 @@ OM_uint32 _gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx) { OM_uint32 maj_stat; + struct ntlm_server_interface *ns_interface = NULL; + +#ifdef DIGEST + ns_interface = &ntlmsspi_kdc_digest; +#endif + if (ns_interface == NULL) + return GSS_S_FAILURE; *ctx = calloc(1, sizeof(**ctx)); - (*ctx)->server = &ntlmsspi_kdc_digest; + (*ctx)->server = ns_interface; maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx); if (maj_stat != GSS_S_COMPLETE) @@ -59,7 +64,7 @@ _gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx) * */ -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_accept_sec_context (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, @@ -76,6 +81,7 @@ _gss_ntlm_accept_sec_context { krb5_error_code ret; struct ntlm_buf data; + OM_uint32 junk; ntlm_ctx ctx; output_token->value = NULL; @@ -85,7 +91,7 @@ _gss_ntlm_accept_sec_context if (context_handle == NULL) return GSS_S_FAILURE; - + if (input_token_buffer == GSS_C_NO_BUFFER) return GSS_S_FAILURE; @@ -110,7 +116,7 @@ _gss_ntlm_accept_sec_context if (major_status) return major_status; *context_handle = (gss_ctx_id_t)ctx; - + /* check if the mechs is allowed by remote service */ major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL); if (major_status) { @@ -120,7 +126,7 @@ _gss_ntlm_accept_sec_context data.data = input_token_buffer->value; data.length = input_token_buffer->length; - + ret = heim_ntlm_decode_type1(&data, &type1); if (ret) { _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); @@ -149,15 +155,15 @@ _gss_ntlm_accept_sec_context &out); heim_ntlm_free_type1(&type1); if (major_status != GSS_S_COMPLETE) { - OM_uint32 junk; - _gss_ntlm_delete_sec_context(&junk, context_handle, NULL); + OM_uint32 gunk; + _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL); return major_status; } output_token->value = malloc(out.length); - if (output_token->value == NULL) { - OM_uint32 junk; - _gss_ntlm_delete_sec_context(&junk, context_handle, NULL); + if (output_token->value == NULL && out.length != 0) { + OM_uint32 gunk; + _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL); *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -201,27 +207,31 @@ _gss_ntlm_accept_sec_context n->domain = strdup(type3.targetname); } if (n == NULL || n->user == NULL || n->domain == NULL) { + gss_name_t tempn = (gss_name_t)n; + _gss_ntlm_release_name(&junk, &tempn); heim_ntlm_free_type3(&type3); - _gss_ntlm_delete_sec_context(minor_status, + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); return maj_stat; } *src_name = (gss_name_t)n; - } + } heim_ntlm_free_type3(&type3); - ret = krb5_data_copy(&ctx->sessionkey, + ret = krb5_data_copy(&ctx->sessionkey, session.data, session.length); - if (ret) { + if (ret) { + if (src_name) + _gss_ntlm_release_name(&junk, src_name); _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = ret; return GSS_S_FAILURE; } - + if (session.length != 0) { - ctx->status |= STATUS_SESSIONKEY; + ctx->status |= STATUS_SESSIONKEY; if (ctx->flags & NTLM_NEG_NTLM2_SESSION) { _gss_ntlm_set_key(&ctx->u.v2.send, 1, @@ -233,10 +243,10 @@ _gss_ntlm_accept_sec_context ctx->sessionkey.data, ctx->sessionkey.length); } else { - RC4_set_key(&ctx->u.v1.crypto_send.key, + RC4_set_key(&ctx->u.v1.crypto_send.key, ctx->sessionkey.length, ctx->sessionkey.data); - RC4_set_key(&ctx->u.v1.crypto_recv.key, + RC4_set_key(&ctx->u.v1.crypto_recv.key, ctx->sessionkey.length, ctx->sessionkey.data); } diff --git a/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c b/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c index 8e17d4fb182..b186271f590 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: acquire_cred.c 22380 2007-12-29 18:42:56Z lha $"); - -OM_uint32 _gss_ntlm_acquire_cred +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_acquire_cred (OM_uint32 * min_stat, const gss_name_t desired_name, OM_uint32 time_req, @@ -51,8 +49,7 @@ OM_uint32 _gss_ntlm_acquire_cred ntlm_ctx ctx; *min_stat = 0; - if (output_cred_handle) - *output_cred_handle = GSS_C_NO_CREDENTIAL; + *output_cred_handle = GSS_C_NO_CREDENTIAL; if (actual_mechs) *actual_mechs = GSS_C_NO_OID_SET; if (time_rec) @@ -66,19 +63,17 @@ OM_uint32 _gss_ntlm_acquire_cred maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx); if (maj_stat != GSS_S_COMPLETE) return maj_stat; - - maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, + + maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, name->domain); - - if (maj_stat) - return maj_stat; - { gss_ctx_id_t context = (gss_ctx_id_t)ctx; - _gss_ntlm_delete_sec_context(min_stat, &context, NULL); - *min_stat = 0; + OM_uint32 junk; + _gss_ntlm_delete_sec_context(&junk, &context, NULL); } - } + if (maj_stat) + return maj_stat; + } if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) { ntlm_cred cred; diff --git a/crypto/heimdal/lib/gssapi/ntlm/add_cred.c b/crypto/heimdal/lib/gssapi/ntlm/add_cred.c index 11a25811116..7c6b5ba255a 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/add_cred.c +++ b/crypto/heimdal/lib/gssapi/ntlm/add_cred.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: add_cred.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_add_cred ( +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_add_cred ( OM_uint32 *minor_status, const gss_cred_id_t input_cred_handle, const gss_name_t desired_name, diff --git a/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c b/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c index 8eaa8702fb8..0ea64299dd0 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: canonicalize_name.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_canonicalize_name ( +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_canonicalize_name ( OM_uint32 * minor_status, const gss_name_t input_name, const gss_OID mech_type, diff --git a/crypto/heimdal/lib/gssapi/ntlm/compare_name.c b/crypto/heimdal/lib/gssapi/ntlm/compare_name.c index d2c2d8b2132..6e095bdee2a 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/compare_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/compare_name.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: compare_name.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_compare_name +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_compare_name (OM_uint32 * minor_status, const gss_name_t name1, const gss_name_t name2, diff --git a/crypto/heimdal/lib/gssapi/ntlm/context_time.c b/crypto/heimdal/lib/gssapi/ntlm/context_time.c index a6895cbe872..73debda4832 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/context_time.c +++ b/crypto/heimdal/lib/gssapi/ntlm/context_time.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: context_time.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_context_time +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_context_time (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, OM_uint32 * time_rec diff --git a/crypto/heimdal/lib/gssapi/ntlm/creds.c b/crypto/heimdal/lib/gssapi/ntlm/creds.c new file mode 100644 index 00000000000..ffbf35504ee --- /dev/null +++ b/crypto/heimdal/lib/gssapi/ntlm/creds.c @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_cred + (OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + gss_name_t * name, + OM_uint32 * lifetime, + gss_cred_usage_t * cred_usage, + gss_OID_set * mechanisms + ) +{ + OM_uint32 ret, junk; + + *minor_status = 0; + + if (cred_handle == NULL) + return GSS_S_NO_CRED; + + if (name) { + ntlm_name n = calloc(1, sizeof(*n)); + ntlm_cred c = (ntlm_cred)cred_handle; + if (n) { + n->user = strdup(c->username); + n->domain = strdup(c->domain); + } + if (n == NULL || n->user == NULL || n->domain == NULL) { + if (n) + free(n->user); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *name = (gss_name_t)n; + } + if (lifetime) + *lifetime = GSS_C_INDEFINITE; + if (cred_usage) + *cred_usage = 0; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_NO_CRED; + + if (mechanisms) { + ret = gss_create_empty_oid_set(minor_status, mechanisms); + if (ret) + goto out; + ret = gss_add_oid_set_member(minor_status, + GSS_NTLM_MECHANISM, + mechanisms); + if (ret) + goto out; + } + + return GSS_S_COMPLETE; +out: + gss_release_oid_set(&junk, mechanisms); + return ret; +} + +#ifdef HAVE_KCM +static OM_uint32 +_gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle) +{ + krb5_storage *request, *response; + krb5_data response_data; + krb5_context context; + krb5_error_code ret; + ntlm_cred cred; + + cred = (ntlm_cred)*cred_handle; + + ret = krb5_init_context(&context); + if (ret) + return ret; + + ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request); + if (ret) + goto out; + + ret = krb5_store_stringz(request, cred->username); + if (ret) + goto out; + + ret = krb5_store_stringz(request, cred->domain); + if (ret) + goto out; + + ret = krb5_kcm_call(context, request, &response, &response_data); + if (ret) + goto out; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + out: + krb5_free_context(context); + + return ret; +} +#endif /* HAVE_KCM */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_destroy_cred(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle) +{ +#ifdef HAVE_KCM + krb5_error_code ret; +#endif + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_COMPLETE; + +#ifdef HAVE_KCM + ret = _gss_ntlm_destroy_kcm_cred(cred_handle); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } +#endif + + return _gss_ntlm_release_cred(minor_status, cred_handle); +} diff --git a/crypto/heimdal/lib/gssapi/ntlm/crypto.c b/crypto/heimdal/lib/gssapi/ntlm/crypto.c index b05246ca52f..85dc638dda5 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/crypto.c +++ b/crypto/heimdal/lib/gssapi/ntlm/crypto.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" - -RCSID("$Id: crypto.c 19535 2006-12-28 14:49:01Z lha $"); +#include "ntlm.h" uint32_t _krb5_crc_update (const char *p, size_t len, uint32_t res); @@ -80,7 +78,7 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign, unsigned char *data, size_t len) { unsigned char out[16]; - MD5_CTX ctx; + EVP_MD_CTX *ctx; const char *signmagic; const char *sealmagic; @@ -94,15 +92,17 @@ _gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign, key->seq = 0; - MD5_Init(&ctx); - MD5_Update(&ctx, data, len); - MD5_Update(&ctx, signmagic, strlen(signmagic) + 1); - MD5_Final(key->signkey, &ctx); + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, data, len); + EVP_DigestUpdate(ctx, signmagic, strlen(signmagic) + 1); + EVP_DigestFinal_ex(ctx, key->signkey, NULL); - MD5_Init(&ctx); - MD5_Update(&ctx, data, len); - MD5_Update(&ctx, sealmagic, strlen(sealmagic) + 1); - MD5_Final(out, &ctx); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, data, len); + EVP_DigestUpdate(ctx, sealmagic, strlen(sealmagic) + 1); + EVP_DigestFinal_ex(ctx, out, NULL); + EVP_MD_CTX_destroy(ctx); RC4_set_key(&key->sealkey, 16, out); if (sealsign) @@ -121,20 +121,20 @@ v1_sign_message(gss_buffer_t in, { unsigned char sigature[12]; uint32_t crc; - + _krb5_crc_init_table(); crc = _krb5_crc_update(in->value, in->length, 0); - + encode_le_uint32(0, &sigature[0]); encode_le_uint32(crc, &sigature[4]); encode_le_uint32(seq, &sigature[8]); - + encode_le_uint32(1, out); /* version */ RC4(signkey, sizeof(sigature), sigature, out + 4); - + if (RAND_bytes(out + 4, 4) != 1) return GSS_S_UNAVAILABLE; - + return 0; } @@ -152,7 +152,7 @@ v2_sign_message(gss_buffer_t in, HMAC_CTX_init(&c); HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL); - + encode_le_uint32(seq, hmac); HMAC_Update(&c, hmac, 4); HMAC_Update(&c, in->value, in->length); @@ -188,7 +188,7 @@ v2_verify_message(gss_buffer_t in, return GSS_S_BAD_MIC; return GSS_S_COMPLETE; -} +} static OM_uint32 v2_seal_message(const gss_buffer_t in, @@ -259,8 +259,9 @@ v2_unseal_message(gss_buffer_t in, /* * */ - -OM_uint32 _gss_ntlm_get_mic + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_get_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, @@ -271,12 +272,7 @@ OM_uint32 _gss_ntlm_get_mic ntlm_ctx ctx = (ntlm_ctx)context_handle; OM_uint32 junk; - if (minor_status) - *minor_status = 0; - if (message_token) { - message_token->length = 0; - message_token->value = NULL; - } + *minor_status = 0; message_token->value = malloc(16); message_token->length = 16; @@ -339,7 +335,7 @@ OM_uint32 _gss_ntlm_get_mic * */ -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_verify_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -388,7 +384,7 @@ _gss_ntlm_verify_mic ((unsigned char *)token_buffer->value) + 4, sigature); _krb5_crc_init_table(); - crc = _krb5_crc_update(message_buffer->value, + crc = _krb5_crc_update(message_buffer->value, message_buffer->length, 0); /* skip first 4 bytes in the encrypted checksum */ decode_le_uint32(&sigature[4], &num); @@ -425,7 +421,7 @@ _gss_ntlm_verify_mic * */ -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_wrap_size_limit ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, @@ -456,7 +452,8 @@ _gss_ntlm_wrap_size_limit ( * */ -OM_uint32 _gss_ntlm_wrap +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_wrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -469,14 +466,13 @@ OM_uint32 _gss_ntlm_wrap ntlm_ctx ctx = (ntlm_ctx)context_handle; OM_uint32 ret; - if (minor_status) - *minor_status = 0; + *minor_status = 0; if (conf_state) *conf_state = 0; if (output_message_buffer == GSS_C_NO_BUFFER) return GSS_S_FAILURE; - + if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) { return v2_seal_message(input_message_buffer, @@ -499,7 +495,7 @@ OM_uint32 _gss_ntlm_wrap RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length, input_message_buffer->value, output_message_buffer->value); - + ret = _gss_ntlm_get_mic(minor_status, context_handle, 0, input_message_buffer, &trailer); @@ -512,7 +508,7 @@ OM_uint32 _gss_ntlm_wrap gss_release_buffer(&junk, &trailer); return GSS_S_FAILURE; } - memcpy(((unsigned char *)output_message_buffer->value) + + memcpy(((unsigned char *)output_message_buffer->value) + input_message_buffer->length, trailer.value, trailer.length); gss_release_buffer(&junk, &trailer); @@ -527,7 +523,8 @@ OM_uint32 _gss_ntlm_wrap * */ -OM_uint32 _gss_ntlm_unwrap +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_unwrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, @@ -539,12 +536,10 @@ OM_uint32 _gss_ntlm_unwrap ntlm_ctx ctx = (ntlm_ctx)context_handle; OM_uint32 ret; - if (minor_status) - *minor_status = 0; - if (output_message_buffer) { - output_message_buffer->value = NULL; - output_message_buffer->length = 0; - } + *minor_status = 0; + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + if (conf_state) *conf_state = 0; if (qop_state) @@ -572,10 +567,10 @@ OM_uint32 _gss_ntlm_unwrap output_message_buffer->length = 0; return GSS_S_FAILURE; } - + RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length, input_message_buffer->value, output_message_buffer->value); - + trailer.value = ((unsigned char *)input_message_buffer->value) + output_message_buffer->length; trailer.length = 16; diff --git a/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c index c51f227051f..41c30b76f1a 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c +++ b/crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: delete_sec_context.c 22163 2007-12-04 21:25:06Z lha $"); - -OM_uint32 _gss_ntlm_delete_sec_context +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_delete_sec_context (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t output_token diff --git a/crypto/heimdal/lib/gssapi/ntlm/display_name.c b/crypto/heimdal/lib/gssapi/ntlm/display_name.c index a04d96c4510..4f8e3e6828c 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/display_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/display_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: display_name.c 22373 2007-12-28 18:36:06Z lha $"); - -OM_uint32 _gss_ntlm_display_name +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_display_name (OM_uint32 * minor_status, const gss_name_t input_name, gss_buffer_t output_name_buffer, @@ -49,9 +48,9 @@ OM_uint32 _gss_ntlm_display_name if (output_name_buffer) { ntlm_name n = (ntlm_name)input_name; - char *str; + char *str = NULL; int len; - + output_name_buffer->length = 0; output_name_buffer->value = NULL; @@ -61,7 +60,7 @@ OM_uint32 _gss_ntlm_display_name } len = asprintf(&str, "%s@%s", n->user, n->domain); - if (str == NULL) { + if (len < 0 || str == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/ntlm/display_status.c b/crypto/heimdal/lib/gssapi/ntlm/display_status.c index 70be5ebe498..c9e1792d31f 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/display_status.c +++ b/crypto/heimdal/lib/gssapi/ntlm/display_status.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: display_status.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_display_status +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_display_status (OM_uint32 *minor_status, OM_uint32 status_value, int status_type, diff --git a/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c b/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c index 2b2f7dd65fe..4ef574fb50e 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: duplicate_name.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_duplicate_name ( +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_duplicate_name ( OM_uint32 * minor_status, const gss_name_t src_name, gss_name_t * dest_name diff --git a/crypto/heimdal/lib/gssapi/ntlm/export_name.c b/crypto/heimdal/lib/gssapi/ntlm/export_name.c index f0941b1ce62..8fe69aaaf45 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/export_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/export_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: export_name.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_export_name +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_export_name (OM_uint32 * minor_status, const gss_name_t input_name, gss_buffer_t exported_name diff --git a/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c index 99a7be19ab2..027a9210ebd 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c +++ b/crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: export_sec_context.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_export_sec_context ( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, diff --git a/crypto/heimdal/lib/gssapi/ntlm/external.c b/crypto/heimdal/lib/gssapi/ntlm/external.c index 8f86032796a..ee15c3e0496 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/external.c +++ b/crypto/heimdal/lib/gssapi/ntlm/external.c @@ -1,44 +1,73 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: external.c 19359 2006-12-15 20:01:48Z lha $"); +#if 0 +static gss_mo_desc ntlm_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + rk_UNCONST("NTLM"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + rk_UNCONST("NTLMSPP"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + rk_UNCONST("Heimdal NTLMSSP Mechanism"), + _gss_mo_get_ctx_as_string, + NULL + } +}; + +#endif static gssapi_mech_interface_desc ntlm_mech = { GMI_VERSION, "ntlm", {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }, + 0, _gss_ntlm_acquire_cred, _gss_ntlm_release_cred, _gss_ntlm_init_sec_context, @@ -67,7 +96,38 @@ static gssapi_mech_interface_desc ntlm_mech = { _gss_ntlm_inquire_names_for_mech, _gss_ntlm_inquire_mechs_for_name, _gss_ntlm_canonicalize_name, - _gss_ntlm_duplicate_name + _gss_ntlm_duplicate_name, + _gss_ntlm_inquire_sec_context_by_oid, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + _gss_ntlm_iter_creds_f, + _gss_ntlm_destroy_cred, + NULL, + NULL, + NULL, + NULL, +#if 0 + ntlm_mo, + sizeof(ntlm_mo) / sizeof(ntlm_mo[0]), +#else + NULL, + 0, +#endif + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface @@ -75,8 +135,3 @@ __gss_ntlm_initialize(void) { return &ntlm_mech; } - -static gss_OID_desc _gss_ntlm_mechanism_desc = -{10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }; - -gss_OID GSS_NTLM_MECHANISM = &_gss_ntlm_mechanism_desc; diff --git a/crypto/heimdal/lib/gssapi/ntlm/import_name.c b/crypto/heimdal/lib/gssapi/ntlm/import_name.c index 91cba082ead..e75388d91e7 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/import_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/import_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: import_name.c 22373 2007-12-28 18:36:06Z lha $"); - -OM_uint32 _gss_ntlm_import_name +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_import_name (OM_uint32 * minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, @@ -43,14 +42,21 @@ OM_uint32 _gss_ntlm_import_name ) { char *name, *p, *p2; + int is_hostnamed; + int is_username; ntlm_name n; *minor_status = 0; - if (output_name) - *output_name = GSS_C_NO_NAME; + if (output_name == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; - if (!gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) + *output_name = GSS_C_NO_NAME; + + is_hostnamed = gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE); + is_username = gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME); + + if (!is_hostnamed && !is_username) return GSS_S_BAD_NAMETYPE; name = malloc(input_name_buffer->length + 1); @@ -63,21 +69,25 @@ OM_uint32 _gss_ntlm_import_name /* find "domain" part of the name and uppercase it */ p = strchr(name, '@'); - if (p == NULL) + if (p == NULL) { + free(name); return GSS_S_BAD_NAME; + } p[0] = '\0'; p++; p2 = strchr(p, '.'); if (p2 && p2[1] != '\0') { - p = p2 + 1; - p2 = strchr(p, '.'); + if (is_hostnamed) { + p = p2 + 1; + p2 = strchr(p, '.'); + } if (p2) *p2 = '\0'; } strupr(p); - + n = calloc(1, sizeof(*n)); - if (name == NULL) { + if (n == NULL) { free(name); *minor_status = ENOMEM; return GSS_S_FAILURE; diff --git a/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c index cde0a011f0c..fe637c0775e 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c +++ b/crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: import_sec_context.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_import_sec_context ( OM_uint32 * minor_status, const gss_buffer_t interprocess_token, diff --git a/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c b/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c index 64171631edc..7cda4758099 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c +++ b/crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" - -RCSID("$Id: indicate_mechs.c 19334 2006-12-14 12:17:34Z lha $"); +#include "ntlm.h" OM_uint32 _gss_ntlm_indicate_mechs (OM_uint32 * minor_status, diff --git a/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c b/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c index 140dbece843..bae04e17406 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c @@ -1,50 +1,49 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" - -RCSID("$Id: init_sec_context.c 22382 2007-12-30 12:13:17Z lha $"); +#include "ntlm.h" static int -from_file(const char *fn, const char *target_domain, +from_file(const char *fn, const char *target_domain, char **username, struct ntlm_buf *key) -{ +{ char *str, buf[1024]; FILE *f; f = fopen(fn, "r"); if (f == NULL) return ENOENT; + rk_cloexec_file(f); while (fgets(buf, sizeof(buf), f) != NULL) { char *d, *u, *p; @@ -74,7 +73,7 @@ from_file(const char *fn, const char *target_domain, } static int -get_user_file(const ntlm_name target_name, +get_user_file(const ntlm_name target_name, char **username, struct ntlm_buf *key) { const char *fn; @@ -98,19 +97,18 @@ get_user_file(const ntlm_name target_name, static int get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key) { - krb5_principal client; krb5_context context = NULL; - krb5_error_code ret; + krb5_principal client; krb5_ccache id = NULL; - krb5_creds mcreds, creds; + krb5_error_code ret; + char *confname; + krb5_data data; *username = NULL; + krb5_data_zero(&data); key->length = 0; key->data = NULL; - memset(&creds, 0, sizeof(creds)); - memset(&mcreds, 0, sizeof(mcreds)); - ret = krb5_init_context(&context); if (ret) return ret; @@ -126,47 +124,36 @@ get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key) ret = krb5_unparse_name_flags(context, client, KRB5_PRINCIPAL_UNPARSE_NO_REALM, username); - if (ret) - goto out; - - ret = krb5_make_principal(context, &mcreds.server, - krb5_principal_get_realm(context, client), - "@ntlm-key", name->domain, NULL); krb5_free_principal(context, client); if (ret) goto out; - mcreds.session.keytype = ENCTYPE_ARCFOUR_HMAC_MD5; - ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_MATCH_KEYTYPE, - &mcreds, &creds); - if (ret) { - char *s = krb5_get_error_message(context, ret); - krb5_free_error_string(context, s); + asprintf(&confname, "ntlm-key-%s", name->domain); + if (confname == NULL) { + krb5_clear_error_message(context); + ret = ENOMEM; goto out; } - key->data = malloc(creds.session.keyvalue.length); - if (key->data == NULL) + ret = krb5_cc_get_config(context, id, NULL, + confname, &data); + if (ret) goto out; - key->length = creds.session.keyvalue.length; - memcpy(key->data, creds.session.keyvalue.data, key->length); - krb5_free_cred_contents(context, &creds); - - return 0; - -out: - if (*username) { - free(*username); - *username = NULL; + key->data = malloc(data.length); + if (key->data == NULL) { + ret = ENOMEM; + goto out; } - krb5_free_cred_contents(context, &creds); - if (mcreds.server) - krb5_free_principal(context, mcreds.server); + key->length = data.length; + memcpy(key->data, data.data, data.length); + + out: + krb5_data_free(&data); if (id) krb5_cc_close(context, id); - if (context) - krb5_free_context(context); + + krb5_free_context(context); return ret; } @@ -177,11 +164,11 @@ _gss_ntlm_get_user_cred(const ntlm_name target_name, { ntlm_cred cred; int ret; - + cred = calloc(1, sizeof(*cred)); if (cred == NULL) return ENOMEM; - + ret = get_user_file(target_name, &cred->username, &cred->key); if (ret) ret = get_user_ccache(target_name, &cred->username, &cred->key); @@ -189,7 +176,7 @@ _gss_ntlm_get_user_cred(const ntlm_name target_name, free(cred); return ret; } - + cred->domain = strdup(target_name->domain); *rcred = cred; @@ -199,7 +186,7 @@ _gss_ntlm_get_user_cred(const ntlm_name target_name, static int _gss_copy_cred(ntlm_cred from, ntlm_cred *to) { - *to = calloc(1, sizeof(*to)); + *to = calloc(1, sizeof(**to)); if (*to == NULL) return ENOMEM; (*to)->username = strdup(from->username); @@ -226,7 +213,7 @@ _gss_copy_cred(ntlm_cred from, ntlm_cred *to) return 0; } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_init_sec_context (OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle, @@ -260,7 +247,7 @@ _gss_ntlm_init_sec_context struct ntlm_buf data; uint32_t flags = 0; int ret; - + ctx = calloc(1, sizeof(*ctx)); if (ctx == NULL) { *minor_status = EINVAL; @@ -293,23 +280,23 @@ _gss_ntlm_init_sec_context flags |= NTLM_NEG_KEYEX; memset(&type1, 0, sizeof(type1)); - + type1.flags = flags; type1.domain = name->domain; type1.hostname = NULL; type1.os[0] = 0; type1.os[1] = 0; - + ret = heim_ntlm_encode_type1(&type1, &data); if (ret) { _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = ret; return GSS_S_FAILURE; } - + output_token->value = data.data; output_token->length = data.length; - + return GSS_S_CONTINUE_NEEDED; } else { krb5_error_code ret; @@ -331,7 +318,7 @@ _gss_ntlm_init_sec_context ctx->flags = type2.flags; - /* XXX check that type2.targetinfo matches `target_name´ */ + /* XXX check that type2.targetinfo matches `target_name´ */ /* XXX check verify targetinfo buffer */ memset(&type3, 0, sizeof(type3)); @@ -352,21 +339,21 @@ _gss_ntlm_init_sec_context unsigned char nonce[8]; if (RAND_bytes(nonce, sizeof(nonce)) != 1) { - _gss_ntlm_delete_sec_context(minor_status, + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = EINVAL; return GSS_S_FAILURE; } ret = heim_ntlm_calculate_ntlm2_sess(nonce, - type2.challange, + type2.challenge, ctx->client->key.data, &type3.lm, &type3.ntlm); } else { - ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data, + ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data, ctx->client->key.length, - type2.challange, + type2.challenge, &type3.ntlm); } @@ -376,7 +363,7 @@ _gss_ntlm_init_sec_context return GSS_S_FAILURE; } - ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data, + ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data, ctx->client->key.length, &sessionkey, &type3.sessionkey); @@ -390,7 +377,7 @@ _gss_ntlm_init_sec_context return GSS_S_FAILURE; } - ret = krb5_data_copy(&ctx->sessionkey, + ret = krb5_data_copy(&ctx->sessionkey, sessionkey.data, sessionkey.length); free(sessionkey.data); if (ret) { @@ -402,7 +389,7 @@ _gss_ntlm_init_sec_context *minor_status = ret; return GSS_S_FAILURE; } - ctx->status |= STATUS_SESSIONKEY; + ctx->status |= STATUS_SESSIONKEY; } else { struct ntlm_buf sessionkey; @@ -410,17 +397,17 @@ _gss_ntlm_init_sec_context struct ntlm_targetinfo ti; /* verify infotarget */ - + ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti); if(ret) { - _gss_ntlm_delete_sec_context(minor_status, + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = ret; return GSS_S_FAILURE; } if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) { - _gss_ntlm_delete_sec_context(minor_status, + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = EINVAL; return GSS_S_FAILURE; @@ -430,12 +417,12 @@ _gss_ntlm_init_sec_context ctx->client->key.length, ctx->client->username, name->domain, - type2.challange, + type2.challenge, &type2.targetinfo, ntlmv2, &type3.ntlm); if (ret) { - _gss_ntlm_delete_sec_context(minor_status, + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = ret; return GSS_S_FAILURE; @@ -446,21 +433,27 @@ _gss_ntlm_init_sec_context &type3.sessionkey); memset(ntlmv2, 0, sizeof(ntlmv2)); if (ret) { - _gss_ntlm_delete_sec_context(minor_status, + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); *minor_status = ret; return GSS_S_FAILURE; } - + ctx->flags |= NTLM_NEG_NTLM2_SESSION; - ret = krb5_data_copy(&ctx->sessionkey, + ret = krb5_data_copy(&ctx->sessionkey, sessionkey.data, sessionkey.length); free(sessionkey.data); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } } if (ctx->flags & NTLM_NEG_NTLM2_SESSION) { - ctx->status |= STATUS_SESSIONKEY; + ctx->status |= STATUS_SESSIONKEY; _gss_ntlm_set_key(&ctx->u.v2.send, 0, (ctx->flags & NTLM_NEG_KEYEX), ctx->sessionkey.data, ctx->sessionkey.length); @@ -468,15 +461,15 @@ _gss_ntlm_init_sec_context ctx->sessionkey.data, ctx->sessionkey.length); } else { - ctx->status |= STATUS_SESSIONKEY; - RC4_set_key(&ctx->u.v1.crypto_recv.key, + ctx->status |= STATUS_SESSIONKEY; + RC4_set_key(&ctx->u.v1.crypto_recv.key, ctx->sessionkey.length, ctx->sessionkey.data); - RC4_set_key(&ctx->u.v1.crypto_send.key, + RC4_set_key(&ctx->u.v1.crypto_send.key, ctx->sessionkey.length, ctx->sessionkey.data); } - + ret = heim_ntlm_encode_type3(&type3, &data); diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c index fe6b32272f7..fd0cb879963 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c +++ b/crypto/heimdal/lib/gssapi/ntlm/inquire_context.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: inquire_context.c 21079 2007-06-13 00:25:25Z lha $"); - -OM_uint32 _gss_ntlm_inquire_context ( +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_context ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_name_t * src_name, diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c deleted file mode 100644 index 1d49b5070d8..00000000000 --- a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "ntlm/ntlm.h" - -RCSID("$Id: inquire_cred.c 22148 2007-12-04 17:59:29Z lha $"); - -OM_uint32 _gss_ntlm_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms - ) -{ - OM_uint32 ret, junk; - - if (minor_status) - *minor_status = 0; - if (name) - *name = GSS_C_NO_NAME; - if (lifetime) - *lifetime = GSS_C_INDEFINITE; - if (cred_usage) - *cred_usage = 0; - if (mechanisms) - *mechanisms = GSS_C_NO_OID_SET; - - if (cred_handle == GSS_C_NO_CREDENTIAL) - return GSS_S_NO_CRED; - - if (mechanisms) { - ret = gss_create_empty_oid_set(minor_status, mechanisms); - if (ret) - goto out; - ret = gss_add_oid_set_member(minor_status, - GSS_NTLM_MECHANISM, - mechanisms); - if (ret) - goto out; - } - - return GSS_S_COMPLETE; -out: - gss_release_oid_set(&junk, mechanisms); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c index 572c6fef759..b5976b99d72 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c +++ b/crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: inquire_cred_by_mech.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_inquire_cred_by_mech ( +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_cred_by_mech ( OM_uint32 * minor_status, const gss_cred_id_t cred_handle, const gss_OID mech_type, diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c index 8bee4836d3f..4fd5380946a 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: inquire_mechs_for_name.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_inquire_mechs_for_name ( +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_mechs_for_name ( OM_uint32 * minor_status, const gss_name_t input_name, gss_OID_set * mech_types diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c index ebf624de762..7f49b33caa4 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c +++ b/crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: inquire_names_for_mech.c 19334 2006-12-14 12:17:34Z lha $"); - - -OM_uint32 _gss_ntlm_inquire_names_for_mech ( +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_names_for_mech ( OM_uint32 * minor_status, const gss_OID mechanism, gss_OID_set * name_types diff --git a/crypto/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c b/crypto/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c new file mode 100644 index 00000000000..ee791b15adf --- /dev/null +++ b/crypto/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_sec_context_by_oid(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + if (gss_oid_equal(desired_object, GSS_NTLM_GET_SESSION_KEY_X) || + gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) { + gss_buffer_desc value; + + value.length = ctx->sessionkey.length; + value.value = ctx->sessionkey.data; + + return gss_add_buffer_set_member(minor_status, + &value, + data_set); + } else if (gss_oid_equal(desired_object, GSS_C_INQ_WIN2K_PAC_X)) { + if (ctx->pac.length == 0) { + *minor_status = ENOENT; + return GSS_S_FAILURE; + } + + return gss_add_buffer_set_member(minor_status, + &ctx->pac, + data_set); + + } else if (gss_oid_equal(desired_object, GSS_C_NTLM_AVGUEST)) { + gss_buffer_desc value; + uint32_t num; + + if (ctx->kcmflags & KCM_NTLM_FLAG_AV_GUEST) + num = 1; + else + num = 0; + + value.length = sizeof(num); + value.value = # + + return gss_add_buffer_set_member(minor_status, + &value, + data_set); + } else { + *minor_status = 0; + return GSS_S_FAILURE; + } +} diff --git a/crypto/heimdal/lib/gssapi/ntlm/iter_cred.c b/crypto/heimdal/lib/gssapi/ntlm/iter_cred.c new file mode 100644 index 00000000000..34456db5da8 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/ntlm/iter_cred.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +void GSSAPI_CALLCONV +_gss_ntlm_iter_creds_f(OM_uint32 flags, + void *userctx , + void (*cred_iter)(void *, gss_OID, gss_cred_id_t)) +{ +#ifdef HAVE_KCM + krb5_error_code ret; + krb5_context context = NULL; + krb5_storage *request, *response; + krb5_data response_data; + + ret = krb5_init_context(&context); + if (ret) + goto done; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_NTLM_USER_LIST, &request); + if (ret) + goto done; + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + goto done; + + while (1) { + uint32_t morep; + char *user = NULL, *domain = NULL; + ntlm_cred dn; + + ret = krb5_ret_uint32(response, &morep); + if (ret) goto out; + + if (!morep) goto out; + + ret = krb5_ret_stringz(response, &user); + if (ret) goto out; + ret = krb5_ret_stringz(response, &domain); + if (ret) { + free(user); + goto out; + } + + dn = calloc(1, sizeof(*dn)); + if (dn == NULL) { + free(user); + free(domain); + goto out; + } + dn->username = user; + dn->domain = domain; + + cred_iter(userctx, GSS_NTLM_MECHANISM, (gss_cred_id_t)dn); + } + out: + krb5_storage_free(response); + krb5_data_free(&response_data); + done: + if (context) + krb5_free_context(context); +#endif /* HAVE_KCM */ + (*cred_iter)(userctx, NULL, NULL); +} diff --git a/crypto/heimdal/lib/gssapi/ntlm/digest.c b/crypto/heimdal/lib/gssapi/ntlm/kdc.c similarity index 87% rename from crypto/heimdal/lib/gssapi/ntlm/digest.c rename to crypto/heimdal/lib/gssapi/ntlm/kdc.c index fecf4a5b279..7d56c7510fb 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/digest.c +++ b/crypto/heimdal/lib/gssapi/ntlm/kdc.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: digest.c 22169 2007-12-04 22:19:16Z lha $"); +#ifdef DIGEST /* * @@ -66,7 +66,7 @@ get_ccache(krb5_context context, int *destroy, krb5_ccache *id) krb5_keytab kt = NULL; *id = NULL; - + if (!issuid()) { const char *cache; @@ -79,15 +79,15 @@ get_ccache(krb5_context context, int *destroy, krb5_ccache *id) } } - ret = krb5_sname_to_principal(context, NULL, "host", + ret = krb5_sname_to_principal(context, NULL, "host", KRB5_NT_SRV_HST, &principal); if (ret) goto out; - - ret = krb5_cc_cache_match(context, principal, NULL, id); + + ret = krb5_cc_cache_match(context, principal, id); if (ret == 0) return 0; - + /* did not find in default credcache, lets try default keytab */ ret = krb5_kt_default(context, &kt); if (ret) @@ -129,16 +129,17 @@ get_ccache(krb5_context context, int *destroy, krb5_ccache *id) } krb5_kt_close(context, kt); - + return 0; out: - if (*destroy) - krb5_cc_destroy(context, *id); - else - krb5_cc_close(context, *id); - - *id = NULL; + if (*id) { + if (*destroy) + krb5_cc_destroy(context, *id); + else + krb5_cc_close(context, *id); + *id = NULL; + } if (kt) krb5_kt_close(context, kt); @@ -201,7 +202,7 @@ kdc_probe(OM_uint32 *minor, void *ctx, const char *realm) ret = krb5_digest_probe(c->context, rk_UNCONST(realm), c->id, &flags); if (ret) return ret; - + if ((flags & (1|2|4)) == 0) return EINVAL; @@ -253,13 +254,13 @@ kdc_type2(OM_uint32 *minor_status, krb5_data challange; struct ntlm_buf data; krb5_data ti; - + memset(&type2, 0, sizeof(type2)); - + /* * Request data for type 2 packet from the KDC. */ - ret = krb5_ntlm_init_request(c->context, + ret = krb5_ntlm_init_request(c->context, c->ntlm, NULL, c->id, @@ -298,11 +299,11 @@ kdc_type2(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (challange.length != sizeof(type2.challange)) { + if (challange.length != sizeof(type2.challenge)) { *minor_status = EINVAL; return GSS_S_FAILURE; } - memcpy(type2.challange, challange.data, sizeof(type2.challange)); + memcpy(type2.challenge, challange.data, sizeof(type2.challenge)); krb5_data_free(&challange); ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm, @@ -321,7 +322,7 @@ kdc_type2(OM_uint32 *minor_status, type2.targetinfo.data = ti.data; type2.targetinfo.length = ti.length; - + ret = heim_ntlm_encode_type2(&type2, &data); free(type2.targetname); krb5_data_free(&ti); @@ -329,7 +330,7 @@ kdc_type2(OM_uint32 *minor_status, *minor_status = ret; return GSS_S_FAILURE; } - + out->data = data.data; out->length = data.length; @@ -356,13 +357,13 @@ kdc_type3(OM_uint32 *minor_status, if (ret) goto out; ret = krb5_ntlm_req_set_username(c->context, c->ntlm, type3->username); if (ret) goto out; - ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm, + ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm, type3->targetname); if (ret) goto out; - ret = krb5_ntlm_req_set_lm(c->context, c->ntlm, + ret = krb5_ntlm_req_set_lm(c->context, c->ntlm, type3->lm.data, type3->lm.length); if (ret) goto out; - ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm, + ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm, type3->ntlm.data, type3->ntlm.length); if (ret) goto out; ret = krb5_ntlm_req_set_opaque(c->context, c->ntlm, &c->opaque); @@ -378,7 +379,7 @@ kdc_type3(OM_uint32 *minor_status, /* * Verify with the KDC the type3 packet is ok */ - ret = krb5_ntlm_request(c->context, + ret = krb5_ntlm_request(c->context, c->ntlm, NULL, c->id); @@ -391,7 +392,7 @@ kdc_type3(OM_uint32 *minor_status, } if (type3->sessionkey.length) { - ret = krb5_ntlm_rep_get_sessionkey(c->context, + ret = krb5_ntlm_rep_get_sessionkey(c->context, c->ntlm, &c->sessionkey); if (ret) @@ -433,3 +434,5 @@ struct ntlm_server_interface ntlmsspi_kdc_digest = { kdc_type3, kdc_free_buffer }; + +#endif /* DIGEST */ diff --git a/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h b/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h index cc6c4007856..0c62b353393 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h +++ b/crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h @@ -7,7 +7,7 @@ gssapi_mech_interface __gss_ntlm_initialize (void); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_accept_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, @@ -21,7 +21,7 @@ _gss_ntlm_accept_sec_context ( OM_uint32 * /*time_rec*/, gss_cred_id_t * delegated_cred_handle ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_acquire_cred ( OM_uint32 * /*min_stat*/, const gss_name_t /*desired_name*/, @@ -32,7 +32,7 @@ _gss_ntlm_acquire_cred ( gss_OID_set * /*actual_mechs*/, OM_uint32 * time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_add_cred ( OM_uint32 */*minor_status*/, const gss_cred_id_t /*input_cred_handle*/, @@ -51,40 +51,45 @@ _gss_ntlm_allocate_ctx ( OM_uint32 */*minor_status*/, ntlm_ctx */*ctx*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_canonicalize_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, const gss_OID /*mech_type*/, gss_name_t * output_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_compare_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*name1*/, const gss_name_t /*name2*/, int * name_equal ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_context_time ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, OM_uint32 * time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_delete_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t output_token ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_destroy_cred ( + OM_uint32 */*minor_status*/, + gss_cred_id_t */*cred_handle*/); + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_display_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*output_name_buffer*/, gss_OID * output_name_type ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_display_status ( OM_uint32 */*minor_status*/, OM_uint32 /*status_value*/, @@ -93,25 +98,25 @@ _gss_ntlm_display_status ( OM_uint32 */*message_context*/, gss_buffer_t /*status_string*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_duplicate_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*src_name*/, gss_name_t * dest_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_export_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t exported_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_export_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t interprocess_token ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_get_mic ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -124,14 +129,14 @@ _gss_ntlm_get_user_cred ( const ntlm_name /*target_name*/, ntlm_cred */*rcred*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_import_name ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*input_name_buffer*/, const gss_OID /*input_name_type*/, gss_name_t * output_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_import_sec_context ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*interprocess_token*/, @@ -142,7 +147,7 @@ _gss_ntlm_indicate_mechs ( OM_uint32 * /*minor_status*/, gss_OID_set * mech_set ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_init_sec_context ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*initiator_cred_handle*/, @@ -158,7 +163,7 @@ _gss_ntlm_init_sec_context ( OM_uint32 * /*ret_flags*/, OM_uint32 * time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_context ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -170,7 +175,7 @@ _gss_ntlm_inquire_context ( int * /*locally_initiated*/, int * open_context ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_cred ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, @@ -179,7 +184,7 @@ _gss_ntlm_inquire_cred ( gss_cred_usage_t * /*cred_usage*/, gss_OID_set * mechanisms ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_cred_by_mech ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, @@ -189,30 +194,43 @@ _gss_ntlm_inquire_cred_by_mech ( OM_uint32 * /*acceptor_lifetime*/, gss_cred_usage_t * cred_usage ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_mechs_for_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_OID_set * mech_types ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_inquire_names_for_mech ( OM_uint32 * /*minor_status*/, const gss_OID /*mechanism*/, gss_OID_set * name_types ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_sec_context_by_oid ( + OM_uint32 */*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t */*data_set*/); + +void GSSAPI_CALLCONV +_gss_ntlm_iter_creds_f ( + OM_uint32 /*flags*/, + void *userctx , + void (*/*cred_iter*/)(void *, gss_OID, gss_cred_id_t)); + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_process_context_token ( OM_uint32 */*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t token_buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_release_cred ( OM_uint32 * /*minor_status*/, gss_cred_id_t * cred_handle ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_release_name ( OM_uint32 * /*minor_status*/, gss_name_t * input_name ); @@ -225,7 +243,7 @@ _gss_ntlm_set_key ( unsigned char */*data*/, size_t /*len*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_unwrap ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -234,7 +252,7 @@ _gss_ntlm_unwrap ( int * /*conf_state*/, gss_qop_t * qop_state ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_verify_mic ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -242,7 +260,7 @@ _gss_ntlm_verify_mic ( const gss_buffer_t /*token_buffer*/, gss_qop_t * qop_state ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_wrap ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -252,7 +270,7 @@ _gss_ntlm_wrap ( int * /*conf_state*/, gss_buffer_t output_message_buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_wrap_size_limit ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, diff --git a/crypto/heimdal/lib/gssapi/ntlm/ntlm.h b/crypto/heimdal/lib/gssapi/ntlm/ntlm.h index 5713b72e2b3..1ed12d5ca6d 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/ntlm.h +++ b/crypto/heimdal/lib/gssapi/ntlm/ntlm.h @@ -1,44 +1,42 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: ntlm.h 22373 2007-12-28 18:36:06Z lha $ */ +/* $Id$ */ #ifndef NTLM_NTLM_H #define NTLM_NTLM_H -#ifdef HAVE_CONFIG_H #include -#endif #include #include @@ -46,15 +44,20 @@ #include #include +#include + #include +#include #include +#include #include -#include +#include #include #include +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" typedef OM_uint32 @@ -108,6 +111,7 @@ typedef struct { void *ictx; ntlm_cred client; OM_uint32 gssflags; + uint32_t kcmflags; uint32_t flags; uint32_t status; #define STATUS_OPEN 1 @@ -115,6 +119,8 @@ typedef struct { #define STATUS_SESSIONKEY 4 krb5_data sessionkey; + gss_buffer_desc pac; + union { struct { struct { @@ -133,7 +139,7 @@ typedef struct { char *domain; } *ntlm_name; -#include +#include #endif /* NTLM_NTLM_H */ diff --git a/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c b/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c index 33c1072208a..16efcd1525d 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c +++ b/crypto/heimdal/lib/gssapi/ntlm/process_context_token.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: process_context_token.c 19334 2006-12-14 12:17:34Z lha $"); - -OM_uint32 _gss_ntlm_process_context_token ( +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_process_context_token ( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer diff --git a/crypto/heimdal/lib/gssapi/ntlm/release_cred.c b/crypto/heimdal/lib/gssapi/ntlm/release_cred.c index a63e5687408..49d88a2b26e 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/release_cred.c +++ b/crypto/heimdal/lib/gssapi/ntlm/release_cred.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: release_cred.c 22163 2007-12-04 21:25:06Z lha $"); - -OM_uint32 _gss_ntlm_release_cred +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle ) diff --git a/crypto/heimdal/lib/gssapi/ntlm/release_name.c b/crypto/heimdal/lib/gssapi/ntlm/release_name.c index 687d9fde50c..86c1da36473 100644 --- a/crypto/heimdal/lib/gssapi/ntlm/release_name.c +++ b/crypto/heimdal/lib/gssapi/ntlm/release_name.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "ntlm/ntlm.h" +#include "ntlm.h" -RCSID("$Id: release_name.c 22373 2007-12-28 18:36:06Z lha $"); - -OM_uint32 _gss_ntlm_release_name +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_release_name (OM_uint32 * minor_status, gss_name_t * input_name ) diff --git a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c index 34e58a38bb3..3a51dd3a0a6 100644 --- a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * Portions Copyright (c) 2004 PADL Software Pty Ltd. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "spnego/spnego_locl.h" - -RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $"); -/* $FreeBSD$ */ +#include "spnego_locl.h" static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -54,7 +51,7 @@ send_reject (OM_uint32 *minor_status, nt.u.negTokenResp.supportedMech = NULL; nt.u.negTokenResp.responseToken = NULL; nt.u.negTokenResp.mechListMIC = NULL; - + ASN1_MALLOC_ENCODE(NegotiationToken, output_token->value, output_token->length, &nt, &size, *minor_status); @@ -77,14 +74,14 @@ acceptor_approved(gss_name_t target_name, gss_OID mech) gss_create_empty_oid_set(&junk, &oidset); gss_add_oid_set_member(&junk, mech, &oidset); - + ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset, GSS_C_ACCEPT, &cred, NULL, NULL); gss_release_oid_set(&junk, &oidset); if (ret != GSS_S_COMPLETE) return ret; gss_release_cred(&junk, &cred); - + return GSS_S_COMPLETE; } @@ -93,13 +90,7 @@ send_supported_mechs (OM_uint32 *minor_status, gss_buffer_t output_token) { NegotiationTokenWin nt; - char hostname[MAXHOSTNAMELEN + 1], *p; - gss_buffer_desc name_buf; - gss_OID name_type; - gss_name_t target_princ; - gss_name_t canon_princ; - OM_uint32 minor; - size_t buf_len; + size_t buf_len = 0; gss_buffer_desc data; OM_uint32 ret; @@ -117,62 +108,9 @@ send_supported_mechs (OM_uint32 *minor_status, return ret; } - memset(&target_princ, 0, sizeof(target_princ)); - if (gethostname(hostname, sizeof(hostname) - 2) != 0) { - *minor_status = errno; - free_NegotiationTokenWin(&nt); - return GSS_S_FAILURE; - } - hostname[sizeof(hostname) - 1] = '\0'; - - /* Send the constructed SAM name for this host */ - for (p = hostname; *p != '\0' && *p != '.'; p++) { - *p = toupper((unsigned char)*p); - } - *p++ = '$'; - *p = '\0'; - - name_buf.length = strlen(hostname); - name_buf.value = hostname; - - ret = gss_import_name(minor_status, &name_buf, - GSS_C_NO_OID, - &target_princ); - if (ret != GSS_S_COMPLETE) { - free_NegotiationTokenWin(&nt); - return ret; - } - - name_buf.length = 0; - name_buf.value = NULL; - - /* Canonicalize the name using the preferred mechanism */ - ret = gss_canonicalize_name(minor_status, - target_princ, - GSS_C_NO_OID, - &canon_princ); - if (ret != GSS_S_COMPLETE) { - free_NegotiationTokenWin(&nt); - gss_release_name(&minor, &target_princ); - return ret; - } - - ret = gss_display_name(minor_status, canon_princ, - &name_buf, &name_type); - if (ret != GSS_S_COMPLETE) { - free_NegotiationTokenWin(&nt); - gss_release_name(&minor, &canon_princ); - gss_release_name(&minor, &target_princ); - return ret; - } - - gss_release_name(&minor, &canon_princ); - gss_release_name(&minor, &target_princ); - ALLOC(nt.u.negTokenInit.negHints, 1); if (nt.u.negTokenInit.negHints == NULL) { *minor_status = ENOMEM; - gss_release_buffer(&minor, &name_buf); free_NegotiationTokenWin(&nt); return GSS_S_FAILURE; } @@ -180,23 +118,24 @@ send_supported_mechs (OM_uint32 *minor_status, ALLOC(nt.u.negTokenInit.negHints->hintName, 1); if (nt.u.negTokenInit.negHints->hintName == NULL) { *minor_status = ENOMEM; - gss_release_buffer(&minor, &name_buf); free_NegotiationTokenWin(&nt); return GSS_S_FAILURE; } - *(nt.u.negTokenInit.negHints->hintName) = name_buf.value; - name_buf.value = NULL; + *nt.u.negTokenInit.negHints->hintName = strdup("not_defined_in_RFC4178@please_ignore"); nt.u.negTokenInit.negHints->hintAddress = NULL; - ASN1_MALLOC_ENCODE(NegotiationTokenWin, + ASN1_MALLOC_ENCODE(NegotiationTokenWin, data.value, data.length, &nt, &buf_len, ret); free_NegotiationTokenWin(&nt); if (ret) { - return ret; + *minor_status = ret; + return GSS_S_FAILURE; } - if (data.length != buf_len) + if (data.length != buf_len) { abort(); + UNREACHABLE(return GSS_S_FAILURE); + } ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token); @@ -308,7 +247,7 @@ send_accept (OM_uint32 *minor_status, } else nt.u.negTokenResp.mechListMIC = NULL; - + ASN1_MALLOC_ENCODE(NegotiationToken, output_token->value, output_token->length, &nt, &size, ret); @@ -379,7 +318,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, gss_OID_desc oid; gss_OID oidp; gss_OID_set mechs; - int i; + size_t i; OM_uint32 ret, junk; ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, @@ -431,11 +370,16 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, host = getenv("GSSAPI_SPNEGO_NAME"); if (host == NULL || issuid()) { + int rv; if (gethostname(hostname, sizeof(hostname)) != 0) { *minor_status = errno; return GSS_S_FAILURE; } - asprintf(&str, "host@%s", hostname); + rv = asprintf(&str, "host@%s", hostname); + if (rv < 0 || str == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } host = str; } @@ -469,20 +413,16 @@ acceptor_complete(OM_uint32 * minor_status, { OM_uint32 ret; int require_mic, verify_mic; - gss_buffer_desc buf; - - buf.length = 0; - buf.value = NULL; ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic); if (ret) return ret; - + ctx->require_mic = require_mic; if (mic != NULL) require_mic = 1; - + if (ctx->open && require_mic) { if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */ verify_mic = 1; @@ -494,44 +434,39 @@ acceptor_complete(OM_uint32 * minor_status, verify_mic = 0; *get_mic = 1; } - - if (verify_mic || get_mic) { + + if (verify_mic || *get_mic) { int eret; - size_t buf_len; - - ASN1_MALLOC_ENCODE(MechTypeList, + size_t buf_len = 0; + + ASN1_MALLOC_ENCODE(MechTypeList, mech_buf->value, mech_buf->length, &ctx->initiator_mech_types, &buf_len, eret); if (eret) { *minor_status = eret; return GSS_S_FAILURE; } - if (buf.length != buf_len) - abort(); + heim_assert(mech_buf->length == buf_len, "Internal ASN.1 error"); + UNREACHABLE(return GSS_S_FAILURE); } - + if (verify_mic) { ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic); if (ret) { - if (get_mic) + if (*get_mic) send_reject (minor_status, output_token); - if (buf.value) - free(buf.value); return ret; } ctx->verified_mic = 1; } - if (buf.value) - free(buf.value); - } else - *get_mic = verify_mic = 0; - + *get_mic = 0; + return GSS_S_COMPLETE; } -static OM_uint32 +static OM_uint32 GSSAPI_CALLCONV acceptor_start (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, @@ -546,18 +481,16 @@ acceptor_start gss_cred_id_t *delegated_cred_handle ) { - OM_uint32 ret, junk, minor; + OM_uint32 ret, junk; NegotiationToken nt; size_t nt_len; NegTokenInit *ni; - int i; gss_buffer_desc data; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_desc mech_output_token; gss_buffer_desc mech_buf; gss_OID preferred_mech_type = GSS_C_NO_OID; gssspnego_ctx ctx; - gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle; int get_mic = 0; int first_ok = 0; @@ -567,7 +500,7 @@ acceptor_start if (input_token_buffer->length == 0) return send_supported_mechs (minor_status, output_token); - + ret = _gss_spnego_alloc_sec_context(minor_status, context_handle); if (ret != GSS_S_COMPLETE) return ret; @@ -615,38 +548,28 @@ acceptor_start /* * First we try the opportunistic token if we have support for it, * don't try to verify we have credential for the token, - * gss_accept_sec_context will (hopefully) tell us that. - * If that failes, + * gss_accept_sec_context() will (hopefully) tell us that. + * If that failes, */ ret = select_mech(minor_status, - &ni->mechTypes.val[0], + &ni->mechTypes.val[0], 0, &preferred_mech_type); if (ret == 0 && ni->mechToken != NULL) { - gss_cred_id_t mech_delegated_cred = GSS_C_NO_CREDENTIAL; - gss_cred_id_t mech_cred; gss_buffer_desc ibuf; ibuf.length = ni->mechToken->length; ibuf.value = ni->mechToken->data; mech_input_token = &ibuf; - if (acceptor_cred != NULL) - mech_cred = acceptor_cred->negotiated_cred_id; - else - mech_cred = GSS_C_NO_CREDENTIAL; - if (ctx->mech_src_name != GSS_C_NO_NAME) - gss_release_name(&minor, &ctx->mech_src_name); - - if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) - _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); - - ret = gss_accept_sec_context(&minor, + gss_release_name(&junk, &ctx->mech_src_name); + + ret = gss_accept_sec_context(minor_status, &ctx->negotiated_ctx_id, - mech_cred, + acceptor_cred_handle, mech_input_token, input_chan_bindings, &ctx->mech_src_name, @@ -654,20 +577,13 @@ acceptor_start &mech_output_token, &ctx->mech_flags, &ctx->mech_time_rec, - &mech_delegated_cred); + delegated_cred_handle); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { ctx->preferred_mech_type = preferred_mech_type; - ctx->negotiated_mech_type = preferred_mech_type; if (ret == GSS_S_COMPLETE) ctx->open = 1; - if (mech_delegated_cred && delegated_cred_handle) - ret = _gss_spnego_alloc_cred(minor_status, - mech_delegated_cred, - delegated_cred_handle); - else - gss_release_cred(&junk, &mech_delegated_cred); - ret = acceptor_complete(minor_status, ctx, &get_mic, @@ -680,6 +596,8 @@ acceptor_start goto out; first_ok = 1; + } else { + gss_mg_collect_error(preferred_mech_type, ret, *minor_status); } } @@ -687,12 +605,15 @@ acceptor_start * If opportunistic token failed, lets try the other mechs. */ - if (!first_ok) { + if (!first_ok && ni->mechToken != NULL) { + size_t j; + + preferred_mech_type = GSS_C_NO_OID; /* Call glue layer to find first mech we support */ - for (i = 1; i < ni->mechTypes.len; ++i) { + for (j = 1; j < ni->mechTypes.len; ++j) { ret = select_mech(minor_status, - &ni->mechTypes.val[i], + &ni->mechTypes.val[j], 1, &preferred_mech_type); if (ret == 0) @@ -701,11 +622,10 @@ acceptor_start if (preferred_mech_type == GSS_C_NO_OID) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); free_NegotiationToken(&nt); - return GSS_S_BAD_MECH; + return ret; } ctx->preferred_mech_type = preferred_mech_type; - ctx->negotiated_mech_type = preferred_mech_type; } /* @@ -720,10 +640,10 @@ acceptor_start output_token); if (ret) goto out; - + out: if (mech_output_token.value != NULL) - gss_release_buffer(&minor, &mech_output_token); + gss_release_buffer(&junk, &mech_output_token); if (mech_buf.value != NULL) { free(mech_buf.value); mech_buf.value = NULL; @@ -742,12 +662,8 @@ out: *src_name = (gss_name_t)name; } } - if (delegated_cred_handle != NULL) { - *delegated_cred_handle = ctx->delegated_cred_id; - ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; - } } - + if (mech_type != NULL) *mech_type = ctx->negotiated_mech_type; if (ret_flags != NULL) @@ -760,14 +676,14 @@ out: return ret; } - _gss_spnego_internal_delete_sec_context(&minor, context_handle, + _gss_spnego_internal_delete_sec_context(&junk, context_handle, GSS_C_NO_BUFFER); - + return ret; } -static OM_uint32 +static OM_uint32 GSSAPI_CALLCONV acceptor_continue (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, @@ -791,7 +707,6 @@ acceptor_continue gss_buffer_t mech_output_token = GSS_C_NO_BUFFER; gss_buffer_desc mech_buf; gssspnego_ctx ctx; - gssspnego_cred acceptor_cred = (gssspnego_cred)acceptor_cred_handle; mech_buf.value = NULL; @@ -802,7 +717,7 @@ acceptor_continue * context token (negTokenInit). */ - ret = decode_NegotiationToken(input_token_buffer->value, + ret = decode_NegotiationToken(input_token_buffer->value, input_token_buffer->length, &nt, &nt_len); if (ret) { @@ -837,31 +752,13 @@ acceptor_continue } if (mech_input_token != GSS_C_NO_BUFFER) { - gss_cred_id_t mech_cred; - gss_cred_id_t mech_delegated_cred; - gss_cred_id_t *mech_delegated_cred_p; - - if (acceptor_cred != NULL) - mech_cred = acceptor_cred->negotiated_cred_id; - else - mech_cred = GSS_C_NO_CREDENTIAL; - - if (delegated_cred_handle != NULL) { - mech_delegated_cred = GSS_C_NO_CREDENTIAL; - mech_delegated_cred_p = &mech_delegated_cred; - } else { - mech_delegated_cred_p = NULL; - } if (ctx->mech_src_name != GSS_C_NO_NAME) gss_release_name(&minor, &ctx->mech_src_name); - if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL) - _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); - ret = gss_accept_sec_context(&minor, &ctx->negotiated_ctx_id, - mech_cred, + acceptor_cred_handle, mech_input_token, input_chan_bindings, &ctx->mech_src_name, @@ -869,20 +766,14 @@ acceptor_continue &obuf, &ctx->mech_flags, &ctx->mech_time_rec, - mech_delegated_cred_p); + delegated_cred_handle); + if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) { - if (mech_delegated_cred_p != NULL && - mech_delegated_cred != GSS_C_NO_CREDENTIAL) { - ret2 = _gss_spnego_alloc_cred(minor_status, - mech_delegated_cred, - &ctx->delegated_cred_id); - if (ret2 != GSS_S_COMPLETE) - ret = ret2; - } mech_output_token = &obuf; } if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) { free_NegotiationToken(&nt); + gss_mg_collect_error(ctx->negotiated_mech_type, ret, minor); send_reject (minor_status, output_token); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return ret; @@ -892,7 +783,7 @@ acceptor_continue } else ret = GSS_S_COMPLETE; - ret2 = _gss_spnego_require_mechlist_mic(minor_status, + ret2 = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic); if (ret2) @@ -959,10 +850,6 @@ acceptor_continue *src_name = (gss_name_t)name; } } - if (delegated_cred_handle != NULL) { - *delegated_cred_handle = ctx->delegated_cred_id; - ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; - } } if (mech_type != NULL) @@ -983,7 +870,7 @@ acceptor_continue return ret; } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_accept_sec_context (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, @@ -1017,11 +904,11 @@ _gss_spnego_accept_sec_context *delegated_cred_handle = GSS_C_NO_CREDENTIAL; - if (*context_handle == GSS_C_NO_CONTEXT) + if (*context_handle == GSS_C_NO_CONTEXT) func = acceptor_start; else func = acceptor_continue; - + return (*func)(minor_status, context_handle, acceptor_cred_handle, input_token_buffer, input_chan_bindings, diff --git a/crypto/heimdal/lib/gssapi/spnego/compat.c b/crypto/heimdal/lib/gssapi/spnego/compat.c index 287f4f760ed..cf5ee30a84a 100644 --- a/crypto/heimdal/lib/gssapi/spnego/compat.c +++ b/crypto/heimdal/lib/gssapi/spnego/compat.c @@ -30,9 +30,7 @@ * SUCH DAMAGE. */ -#include "spnego/spnego_locl.h" - -RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $"); +#include "spnego_locl.h" /* * Apparently Microsoft got the OID wrong, and used @@ -43,16 +41,17 @@ RCSID("$Id: compat.c 21866 2007-08-08 11:31:29Z lha $"); * Kerberos mechanism. */ gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc = - {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"}; + {9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")}; gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc = - {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")}; /* * Allocate a SPNEGO context handle */ -OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, - gss_ctx_id_t *context_handle) +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_alloc_sec_context (OM_uint32 * minor_status, + gss_ctx_id_t *context_handle) { gssspnego_ctx ctx; @@ -76,7 +75,6 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, ctx->mech_flags = 0; ctx->mech_time_rec = 0; ctx->mech_src_name = GSS_C_NO_NAME; - ctx->delegated_cred_id = GSS_C_NO_CREDENTIAL; ctx->open = 0; ctx->local = 0; @@ -94,7 +92,7 @@ OM_uint32 _gss_spnego_alloc_sec_context (OM_uint32 * minor_status, * Free a SPNEGO context handle. The caller must have acquired * the lock before this is called. */ -OM_uint32 _gss_spnego_internal_delete_sec_context +OM_uint32 GSSAPI_CALLCONV _gss_spnego_internal_delete_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token @@ -124,8 +122,6 @@ OM_uint32 _gss_spnego_internal_delete_sec_context if (ctx->initiator_mech_types.val != NULL) free_MechTypeList(&ctx->initiator_mech_types); - _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id); - gss_release_oid(&minor, &ctx->preferred_mech_type); ctx->negotiated_mech_type = GSS_C_NO_OID; @@ -145,7 +141,6 @@ OM_uint32 _gss_spnego_internal_delete_sec_context HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); free(ctx); - *context_handle = NULL; return ret; } @@ -156,7 +151,7 @@ OM_uint32 _gss_spnego_internal_delete_sec_context * a non-preferred mechanism was negotiated */ -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_require_mechlist_mic(OM_uint32 *minor_status, gssspnego_ctx ctx, int *require_mic) @@ -234,26 +229,26 @@ add_mech_type(gss_OID mech_type, } -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, gss_name_t target_name, OM_uint32 (*func)(gss_name_t, gss_OID), int includeMSCompatOID, - const gssspnego_cred cred_handle, + const gss_cred_id_t cred_handle, MechTypeList *mechtypelist, gss_OID *preferred_mech) { gss_OID_set supported_mechs = GSS_C_NO_OID_SET; gss_OID first_mech = GSS_C_NO_OID; OM_uint32 ret; - int i; + size_t i; mechtypelist->len = 0; mechtypelist->val = NULL; - if (cred_handle != NULL) { + if (cred_handle) { ret = gss_inquire_cred(minor_status, - cred_handle->negotiated_cred_id, + cred_handle, NULL, NULL, NULL, diff --git a/crypto/heimdal/lib/gssapi/spnego/context_stubs.c b/crypto/heimdal/lib/gssapi/spnego/context_stubs.c index 3535c7bb359..70ca72875e9 100644 --- a/crypto/heimdal/lib/gssapi/spnego/context_stubs.c +++ b/crypto/heimdal/lib/gssapi/spnego/context_stubs.c @@ -30,16 +30,14 @@ * SUCH DAMAGE. */ -#include "spnego/spnego_locl.h" - -RCSID("$Id: context_stubs.c 21035 2007-06-09 15:32:47Z lha $"); +#include "spnego_locl.h" static OM_uint32 spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) { OM_uint32 ret, junk; gss_OID_set m; - int i; + size_t i; ret = gss_indicate_mechs(minor_status, &m); if (ret != GSS_S_COMPLETE) @@ -62,12 +60,13 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) return ret; } } + gss_release_oid_set(&junk, &m); return ret; } -OM_uint32 _gss_spnego_process_context_token +OM_uint32 GSSAPI_CALLCONV _gss_spnego_process_context_token (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer @@ -100,7 +99,7 @@ OM_uint32 _gss_spnego_process_context_token GSS_C_NO_BUFFER); } -OM_uint32 _gss_spnego_delete_sec_context +OM_uint32 GSSAPI_CALLCONV _gss_spnego_delete_sec_context (OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token @@ -120,7 +119,7 @@ OM_uint32 _gss_spnego_delete_sec_context output_token); } -OM_uint32 _gss_spnego_context_time +OM_uint32 GSSAPI_CALLCONV _gss_spnego_context_time (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, OM_uint32 *time_rec @@ -144,7 +143,7 @@ OM_uint32 _gss_spnego_context_time time_rec); } -OM_uint32 _gss_spnego_get_mic +OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, @@ -170,7 +169,7 @@ OM_uint32 _gss_spnego_get_mic qop_req, message_buffer, message_token); } -OM_uint32 _gss_spnego_verify_mic +OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer, @@ -199,7 +198,7 @@ OM_uint32 _gss_spnego_verify_mic qop_state); } -OM_uint32 _gss_spnego_wrap +OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -232,7 +231,7 @@ OM_uint32 _gss_spnego_wrap output_message_buffer); } -OM_uint32 _gss_spnego_unwrap +OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t input_message_buffer, @@ -263,19 +262,7 @@ OM_uint32 _gss_spnego_unwrap qop_state); } -OM_uint32 _gss_spnego_display_status - (OM_uint32 * minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 * message_context, - gss_buffer_t status_string - ) -{ - return GSS_S_FAILURE; -} - -OM_uint32 _gss_spnego_compare_name +OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name (OM_uint32 *minor_status, const gss_name_t name1, const gss_name_t name2, @@ -299,7 +286,7 @@ OM_uint32 _gss_spnego_compare_name return GSS_S_COMPLETE; } -OM_uint32 _gss_spnego_display_name +OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name (OM_uint32 * minor_status, const gss_name_t input_name, gss_buffer_t output_name_buffer, @@ -317,7 +304,7 @@ OM_uint32 _gss_spnego_display_name output_name_buffer, output_name_type); } -OM_uint32 _gss_spnego_import_name +OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_name (OM_uint32 * minor_status, const gss_buffer_t name_buffer, const gss_OID name_type, @@ -334,13 +321,13 @@ OM_uint32 _gss_spnego_import_name *minor_status = ENOMEM; return GSS_S_FAILURE; } - + maj_stat = _gss_copy_oid(minor_status, name_type, &name->type); if (maj_stat) { free(name); return GSS_S_FAILURE; } - + maj_stat = _gss_copy_buffer(minor_status, name_buffer, &name->value); if (maj_stat) { gss_name_t rname = (gss_name_t)name; @@ -353,7 +340,7 @@ OM_uint32 _gss_spnego_import_name return GSS_S_COMPLETE; } -OM_uint32 _gss_spnego_export_name +OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name (OM_uint32 * minor_status, const gss_name_t input_name, gss_buffer_t exported_name @@ -372,7 +359,7 @@ OM_uint32 _gss_spnego_export_name return gss_export_name(minor_status, name->mech, exported_name); } -OM_uint32 _gss_spnego_release_name +OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name (OM_uint32 * minor_status, gss_name_t * input_name ) @@ -393,7 +380,7 @@ OM_uint32 _gss_spnego_release_name return GSS_S_COMPLETE; } -OM_uint32 _gss_spnego_inquire_context ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_name_t * src_name, @@ -406,31 +393,61 @@ OM_uint32 _gss_spnego_inquire_context ( ) { gssspnego_ctx ctx; + OM_uint32 maj_stat, junk; + gss_name_t src_mn, targ_mn; *minor_status = 0; - if (context_handle == GSS_C_NO_CONTEXT) { + if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } ctx = (gssspnego_ctx)context_handle; - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } - return gss_inquire_context(minor_status, - ctx->negotiated_ctx_id, - src_name, - targ_name, - lifetime_rec, - mech_type, - ctx_flags, - locally_initiated, - open_context); + maj_stat = gss_inquire_context(minor_status, + ctx->negotiated_ctx_id, + &src_mn, + &targ_mn, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open_context); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + if (src_name) { + spnego_name name = calloc(1, sizeof(*name)); + if (name == NULL) + goto enomem; + name->mech = src_mn; + *src_name = (gss_name_t)name; + } else + gss_release_name(&junk, &src_mn); + + if (targ_name) { + spnego_name name = calloc(1, sizeof(*name)); + if (name == NULL) { + gss_release_name(minor_status, src_name); + goto enomem; + } + name->mech = targ_mn; + *targ_name = (gss_name_t)name; + } else + gss_release_name(&junk, &targ_mn); + + return GSS_S_COMPLETE; + +enomem: + gss_release_name(&junk, &targ_mn); + gss_release_name(&junk, &src_mn); + *minor_status = ENOMEM; + return GSS_S_FAILURE; } -OM_uint32 _gss_spnego_wrap_size_limit ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit ( OM_uint32 * minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -461,7 +478,7 @@ OM_uint32 _gss_spnego_wrap_size_limit ( max_input_size); } -OM_uint32 _gss_spnego_export_sec_context ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_sec_context ( OM_uint32 * minor_status, gss_ctx_id_t * context_handle, gss_buffer_t interprocess_token @@ -504,7 +521,7 @@ OM_uint32 _gss_spnego_export_sec_context ( return ret; } -OM_uint32 _gss_spnego_import_sec_context ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context ( OM_uint32 * minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle @@ -540,7 +557,7 @@ OM_uint32 _gss_spnego_import_sec_context ( return GSS_S_COMPLETE; } -OM_uint32 _gss_spnego_inquire_names_for_mech ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech ( OM_uint32 * minor_status, const gss_OID mechanism, gss_OID_set * name_types @@ -548,7 +565,7 @@ OM_uint32 _gss_spnego_inquire_names_for_mech ( { gss_OID_set mechs, names, n; OM_uint32 ret, junk; - int i, j; + size_t i, j; *name_types = NULL; @@ -580,10 +597,10 @@ out: gss_release_oid_set(&junk, &mechs); - return GSS_S_COMPLETE; + return ret; } -OM_uint32 _gss_spnego_inquire_mechs_for_name ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_mechs_for_name ( OM_uint32 * minor_status, const gss_name_t input_name, gss_OID_set * mech_types @@ -604,7 +621,7 @@ OM_uint32 _gss_spnego_inquire_mechs_for_name ( return ret; } -OM_uint32 _gss_spnego_canonicalize_name ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_canonicalize_name ( OM_uint32 * minor_status, const gss_name_t input_name, const gss_OID mech_type, @@ -615,7 +632,7 @@ OM_uint32 _gss_spnego_canonicalize_name ( return gss_duplicate_name(minor_status, input_name, output_name); } -OM_uint32 _gss_spnego_duplicate_name ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_duplicate_name ( OM_uint32 * minor_status, const gss_name_t src_name, gss_name_t * dest_name @@ -624,207 +641,74 @@ OM_uint32 _gss_spnego_duplicate_name ( return gss_duplicate_name(minor_status, src_name, dest_name); } -OM_uint32 _gss_spnego_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token - ) +#if 0 +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_wrap_iov(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int * conf_state, + gss_iov_buffer_desc *iov, + int iov_count) { - gssspnego_ctx ctx; + gssspnego_ctx ctx = (gssspnego_ctx)context_handle; *minor_status = 0; - if (context_handle == GSS_C_NO_CONTEXT) { + if (ctx == NULL || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } - ctx = (gssspnego_ctx)context_handle; - - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - return gss_sign(minor_status, - ctx->negotiated_ctx_id, - qop_req, - message_buffer, - message_token); + return gss_wrap_iov(minor_status, ctx->negotiated_ctx_id, + conf_req_flag, qop_req, conf_state, + iov, iov_count); } -OM_uint32 _gss_spnego_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state - ) +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) { - gssspnego_ctx ctx; + gssspnego_ctx ctx = (gssspnego_ctx)context_handle; *minor_status = 0; - if (context_handle == GSS_C_NO_CONTEXT) { + if (ctx == NULL || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } - ctx = (gssspnego_ctx)context_handle; - - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - return gss_verify(minor_status, - ctx->negotiated_ctx_id, - message_buffer, - token_buffer, - qop_state); + return gss_unwrap_iov(minor_status, + ctx->negotiated_ctx_id, + conf_state, qop_state, + iov, iov_count); } -OM_uint32 _gss_spnego_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_wrap_iov_length(OM_uint32 * minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) { - gssspnego_ctx ctx; + gssspnego_ctx ctx = (gssspnego_ctx)context_handle; *minor_status = 0; - if (context_handle == GSS_C_NO_CONTEXT) { + if (ctx == NULL || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - } - ctx = (gssspnego_ctx)context_handle; - - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - return gss_seal(minor_status, - ctx->negotiated_ctx_id, - conf_req_flag, - qop_req, - input_message_buffer, - conf_state, - output_message_buffer); + return gss_wrap_iov_length(minor_status, ctx->negotiated_ctx_id, + conf_req_flag, qop_req, conf_state, + iov, iov_count); } -OM_uint32 _gss_spnego_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state - ) -{ - gssspnego_ctx ctx; - - *minor_status = 0; - - if (context_handle == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - ctx = (gssspnego_ctx)context_handle; - - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - return gss_unseal(minor_status, - ctx->negotiated_ctx_id, - input_message_buffer, - output_message_buffer, - conf_state, - qop_state); -} +#endif #if 0 -OM_uint32 _gss_spnego_unwrap_ex - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t token_header_buffer, - const gss_buffer_t associated_data_buffer, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state) -{ - gssspnego_ctx ctx; - - *minor_status = 0; - - if (context_handle == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - ctx = (gssspnego_ctx)context_handle; - - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - return gss_unwrap_ex(minor_status, - ctx->negotiated_ctx_id, - token_header_buffer, - associated_data_buffer, - input_message_buffer, - output_message_buffer, - conf_state, - qop_state); -} - -OM_uint32 _gss_spnego_wrap_ex - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t associated_data_buffer, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_token_buffer, - gss_buffer_t output_message_buffer - ) -{ - gssspnego_ctx ctx; - - *minor_status = 0; - - if (context_handle == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - ctx = (gssspnego_ctx)context_handle; - - if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { - return GSS_S_NO_CONTEXT; - } - - if ((ctx->mech_flags & GSS_C_DCE_STYLE) == 0 && - associated_data_buffer->length != input_message_buffer->length) { - *minor_status = EINVAL; - return GSS_S_BAD_QOP; - } - - return gss_wrap_ex(minor_status, - ctx->negotiated_ctx_id, - conf_req_flag, - qop_req, - associated_data_buffer, - input_message_buffer, - conf_state, - output_token_buffer, - output_message_buffer); -} - -OM_uint32 _gss_spnego_complete_auth_token +OM_uint32 GSSAPI_CALLCONV _gss_spnego_complete_auth_token (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer) @@ -849,7 +733,7 @@ OM_uint32 _gss_spnego_complete_auth_token } #endif -OM_uint32 _gss_spnego_inquire_sec_context_by_oid +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_sec_context_by_oid (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, @@ -875,7 +759,7 @@ OM_uint32 _gss_spnego_inquire_sec_context_by_oid data_set); } -OM_uint32 _gss_spnego_set_sec_context_option +OM_uint32 GSSAPI_CALLCONV _gss_spnego_set_sec_context_option (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, const gss_OID desired_object, @@ -889,7 +773,7 @@ OM_uint32 _gss_spnego_set_sec_context_option return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_ctx)*context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -901,3 +785,31 @@ OM_uint32 _gss_spnego_set_sec_context_option value); } + +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + gssspnego_ctx ctx; + + *minor_status = 0; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + ctx = (gssspnego_ctx)context_handle; + + if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + return gss_pseudo_random(minor_status, + ctx->negotiated_ctx_id, + prf_key, + prf_in, + desired_output_len, + prf_out); +} diff --git a/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c b/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c index 2362e990196..353c312076c 100644 --- a/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c +++ b/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c @@ -30,63 +30,31 @@ * SUCH DAMAGE. */ -#include "spnego/spnego_locl.h" +#include "spnego_locl.h" -RCSID("$Id: cred_stubs.c 20619 2007-05-08 13:43:45Z lha $"); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) { - gssspnego_cred cred; OM_uint32 ret; - + *minor_status = 0; - if (*cred_handle == GSS_C_NO_CREDENTIAL) { + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) return GSS_S_COMPLETE; - } - cred = (gssspnego_cred)*cred_handle; - ret = gss_release_cred(minor_status, &cred->negotiated_cred_id); + ret = gss_release_cred(minor_status, cred_handle); - free(cred); *cred_handle = GSS_C_NO_CREDENTIAL; return ret; } -OM_uint32 -_gss_spnego_alloc_cred(OM_uint32 *minor_status, - gss_cred_id_t mech_cred_handle, - gss_cred_id_t *cred_handle) -{ - gssspnego_cred cred; - - if (*cred_handle != GSS_C_NO_CREDENTIAL) { - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - cred = calloc(1, sizeof(*cred)); - if (cred == NULL) { - *cred_handle = GSS_C_NO_CREDENTIAL; - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - cred->negotiated_cred_id = mech_cred_handle; - - *cred_handle = (gss_cred_id_t)cred; - - return GSS_S_COMPLETE; -} - /* * For now, just a simple wrapper that avoids recursion. When * we support gss_{get,set}_neg_mechs() we will need to expose * more functionality. */ -OM_uint32 _gss_spnego_acquire_cred +OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred (OM_uint32 *minor_status, const gss_name_t desired_name, OM_uint32 time_req, @@ -102,9 +70,7 @@ OM_uint32 _gss_spnego_acquire_cred OM_uint32 ret, tmp; gss_OID_set_desc actual_desired_mechs; gss_OID_set mechs; - int i, j; - gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL; - gssspnego_cred cred; + size_t i, j; *output_cred_handle = GSS_C_NO_CREDENTIAL; @@ -114,7 +80,7 @@ OM_uint32 _gss_spnego_acquire_cred return ret; } } - + ret = gss_indicate_mechs(minor_status, &mechs); if (ret != GSS_S_COMPLETE) { gss_release_name(minor_status, &name); @@ -140,22 +106,14 @@ OM_uint32 _gss_spnego_acquire_cred } actual_desired_mechs.count = j; - ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL, - &cred_handle); - if (ret != GSS_S_COMPLETE) - goto out; - - cred = (gssspnego_cred)cred_handle; ret = gss_acquire_cred(minor_status, name, time_req, &actual_desired_mechs, cred_usage, - &cred->negotiated_cred_id, + output_cred_handle, actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) goto out; - *output_cred_handle = cred_handle; - out: gss_release_name(minor_status, &name); gss_release_oid_set(&tmp, &mechs); @@ -163,13 +121,13 @@ out: free(actual_desired_mechs.elements); } if (ret != GSS_S_COMPLETE) { - _gss_spnego_release_cred(&tmp, &cred_handle); + _gss_spnego_release_cred(&tmp, output_cred_handle); } return ret; } -OM_uint32 _gss_spnego_inquire_cred +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred (OM_uint32 * minor_status, const gss_cred_id_t cred_handle, gss_name_t * name, @@ -178,7 +136,6 @@ OM_uint32 _gss_spnego_inquire_cred gss_OID_set * mechanisms ) { - gssspnego_cred cred; spnego_name sname = NULL; OM_uint32 ret; @@ -195,10 +152,8 @@ OM_uint32 _gss_spnego_inquire_cred } } - cred = (gssspnego_cred)cred_handle; - ret = gss_inquire_cred(minor_status, - cred->negotiated_cred_id, + cred_handle, sname ? &sname->mech : NULL, lifetime, cred_usage, @@ -214,56 +169,7 @@ OM_uint32 _gss_spnego_inquire_cred return ret; } -OM_uint32 _gss_spnego_add_cred ( - OM_uint32 * minor_status, - const gss_cred_id_t input_cred_handle, - const gss_name_t desired_name, - const gss_OID desired_mech, - gss_cred_usage_t cred_usage, - OM_uint32 initiator_time_req, - OM_uint32 acceptor_time_req, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * initiator_time_rec, - OM_uint32 * acceptor_time_rec - ) -{ - gss_cred_id_t spnego_output_cred_handle = GSS_C_NO_CREDENTIAL; - OM_uint32 ret, tmp; - gssspnego_cred input_cred, output_cred; - - *output_cred_handle = GSS_C_NO_CREDENTIAL; - - ret = _gss_spnego_alloc_cred(minor_status, GSS_C_NO_CREDENTIAL, - &spnego_output_cred_handle); - if (ret) - return ret; - - input_cred = (gssspnego_cred)input_cred_handle; - output_cred = (gssspnego_cred)spnego_output_cred_handle; - - ret = gss_add_cred(minor_status, - input_cred->negotiated_cred_id, - desired_name, - desired_mech, - cred_usage, - initiator_time_req, - acceptor_time_req, - &output_cred->negotiated_cred_id, - actual_mechs, - initiator_time_rec, - acceptor_time_rec); - if (ret) { - _gss_spnego_release_cred(&tmp, &spnego_output_cred_handle); - return ret; - } - - *output_cred_handle = spnego_output_cred_handle; - - return GSS_S_COMPLETE; -} - -OM_uint32 _gss_spnego_inquire_cred_by_mech ( +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech ( OM_uint32 * minor_status, const gss_cred_id_t cred_handle, const gss_OID mech_type, @@ -273,7 +179,6 @@ OM_uint32 _gss_spnego_inquire_cred_by_mech ( gss_cred_usage_t * cred_usage ) { - gssspnego_cred cred; spnego_name sname = NULL; OM_uint32 ret; @@ -290,10 +195,8 @@ OM_uint32 _gss_spnego_inquire_cred_by_mech ( } } - cred = (gssspnego_cred)cred_handle; - ret = gss_inquire_cred_by_mech(minor_status, - cred->negotiated_cred_id, + cred_handle, mech_type, sname ? &sname->mech : NULL, initiator_lifetime, @@ -311,26 +214,60 @@ OM_uint32 _gss_spnego_inquire_cred_by_mech ( return GSS_S_COMPLETE; } -OM_uint32 _gss_spnego_inquire_cred_by_oid +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid (OM_uint32 * minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, gss_buffer_set_t *data_set) { - gssspnego_cred cred; OM_uint32 ret; if (cred_handle == GSS_C_NO_CREDENTIAL) { *minor_status = 0; return GSS_S_NO_CRED; } - cred = (gssspnego_cred)cred_handle; ret = gss_inquire_cred_by_oid(minor_status, - cred->negotiated_cred_id, + cred_handle, desired_object, data_set); return ret; } +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_set_cred_option (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID object, + const gss_buffer_t value) +{ + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + return gss_set_cred_option(minor_status, + cred_handle, + object, + value); +} + +#if 0 + +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_export_cred (OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_buffer_t value) +{ + return gss_export_cred(minor_status, cred_handle, value); +} + +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_import_cred (OM_uint32 *minor_status, + gss_buffer_t value, + gss_cred_id_t *cred_handle) +{ + return gss_import_cred(minor_status, value, cred_handle); +} + +#endif diff --git a/crypto/heimdal/lib/gssapi/spnego/external.c b/crypto/heimdal/lib/gssapi/spnego/external.c index fbc231f3aeb..e1d74e5ace5 100644 --- a/crypto/heimdal/lib/gssapi/spnego/external.c +++ b/crypto/heimdal/lib/gssapi/spnego/external.c @@ -30,22 +30,57 @@ * SUCH DAMAGE. */ -#include "spnego/spnego_locl.h" +#include "spnego_locl.h" #include -RCSID("$Id: external.c 18336 2006-10-07 22:27:13Z lha $"); - /* * RFC2478, SPNEGO: * The security mechanism of the initial * negotiation token is identified by the Object Identifier * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ +#if 0 +static gss_mo_desc spnego_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + rk_UNCONST("SPNEGO"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + rk_UNCONST("SPNEGO"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + rk_UNCONST("Heimdal SPNEGO Mechanism"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NEGO, + GSS_MO_MA + }, + { + GSS_C_MA_MECH_PSEUDO, + GSS_MO_MA + } +}; +#endif static gssapi_mech_interface_desc spnego_mech = { GMI_VERSION, "spnego", - {6, (void *)"\x2b\x06\x01\x05\x05\x02"}, + {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") }, + 0, _gss_spnego_acquire_cred, _gss_spnego_release_cred, _gss_spnego_init_sec_context, @@ -57,8 +92,8 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_verify_mic, _gss_spnego_wrap, _gss_spnego_unwrap, - _gss_spnego_display_status, - NULL, + NULL, /* gm_display_status */ + NULL, /* gm_indicate_mechs */ _gss_spnego_compare_name, _gss_spnego_display_name, _gss_spnego_import_name, @@ -67,14 +102,56 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_inquire_cred, _gss_spnego_inquire_context, _gss_spnego_wrap_size_limit, - _gss_spnego_add_cred, + gss_add_cred, _gss_spnego_inquire_cred_by_mech, _gss_spnego_export_sec_context, _gss_spnego_import_sec_context, - _gss_spnego_inquire_names_for_mech, + NULL /* _gss_spnego_inquire_names_for_mech */, _gss_spnego_inquire_mechs_for_name, _gss_spnego_canonicalize_name, - _gss_spnego_duplicate_name + _gss_spnego_duplicate_name, + _gss_spnego_inquire_sec_context_by_oid, + _gss_spnego_inquire_cred_by_oid, + _gss_spnego_set_sec_context_option, + _gss_spnego_set_cred_option, + _gss_spnego_pseudo_random, +#if 0 + _gss_spnego_wrap_iov, + _gss_spnego_unwrap_iov, + _gss_spnego_wrap_iov_length, +#else + NULL, + NULL, + NULL, +#endif + NULL, +#if 0 + _gss_spnego_export_cred, + _gss_spnego_import_cred, +#else + NULL, + NULL, +#endif + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, +#if 0 + spnego_mo, + sizeof(spnego_mo) / sizeof(spnego_mo[0]), +#else + NULL, + 0, +#endif + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface @@ -82,8 +159,3 @@ __gss_spnego_initialize(void) { return &spnego_mech; } - -static gss_OID_desc _gss_spnego_mechanism_desc = - {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; - -gss_OID GSS_SPNEGO_MECHANISM = &_gss_spnego_mechanism_desc; diff --git a/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c index 7c74981e664..b4b1bcefc5e 100644 --- a/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/spnego/init_sec_context.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * Portions Copyright (c) 2004 PADL Software Pty Ltd. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include "spnego/spnego_locl.h" - -RCSID("$Id: init_sec_context.c 19411 2006-12-18 15:42:03Z lha $"); +#include "spnego_locl.h" /* - * Is target_name an sane target for `mech´. + * Is target_name an sane target for `mech´. */ static OM_uint32 @@ -45,7 +43,7 @@ initiator_approved(gss_name_t target_name, gss_OID mech) OM_uint32 min_stat, maj_stat; gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; gss_buffer_desc out; - + maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &ctx, @@ -59,8 +57,10 @@ initiator_approved(gss_name_t target_name, gss_OID mech) &out, NULL, NULL); - if (GSS_ERROR(maj_stat)) + if (GSS_ERROR(maj_stat)) { + gss_mg_collect_error(mech, maj_stat, min_stat); return GSS_S_BAD_MECH; + } gss_release_buffer(&min_stat, &out); gss_delete_sec_context(&min_stat, &ctx, NULL); @@ -177,7 +177,7 @@ spnego_reply_internal(OM_uint32 *minor_status, static OM_uint32 spnego_initial (OM_uint32 * minor_status, - gssspnego_cred cred, + gss_cred_id_t cred, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -230,7 +230,7 @@ spnego_initial return sub; } - sub = _gss_spnego_indicate_mechtypelist(&minor, + sub = _gss_spnego_indicate_mechtypelist(&minor, ctx->target_name, initiator_approved, 0, @@ -252,8 +252,7 @@ spnego_initial /* generate optimistic token */ sub = gss_init_sec_context(&minor, - (cred != NULL) ? cred->negotiated_cred_id : - GSS_C_NO_CREDENTIAL, + cred, &ctx->negotiated_ctx_id, ctx->target_name, ctx->preferred_mech_type, @@ -268,6 +267,7 @@ spnego_initial if (GSS_ERROR(sub)) { free_NegTokenInit(&ni); *minor_status = minor; + gss_mg_collect_error(ctx->preferred_mech_type, sub, minor); _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return sub; } @@ -344,7 +344,7 @@ spnego_initial ctx->initiator_mech_types.val = ni.mechTypes.val; ni.mechTypes.len = 0; ni.mechTypes.val = NULL; - + free_NegTokenInit(&ni); sub = gss_encapsulate_token(&data, @@ -374,7 +374,7 @@ spnego_initial static OM_uint32 spnego_reply (OM_uint32 * minor_status, - const gssspnego_cred cred, + const gss_cred_id_t cred, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, @@ -389,11 +389,10 @@ spnego_reply ) { OM_uint32 ret, minor; - NegTokenResp resp; - size_t len, taglen; + NegotiationToken resp; gss_OID_desc mech; int require_mic; - size_t buf_len; + size_t buf_len = 0; gss_buffer_desc mic_buf, mech_buf; gss_buffer_desc mech_output_token; gssspnego_ctx ctx; @@ -411,27 +410,23 @@ spnego_reply mech_buf.value = NULL; mech_buf.length = 0; - ret = der_match_tag_and_length(input_token->value, input_token->length, - ASN1_C_CONTEXT, CONS, 1, &len, &taglen); + ret = decode_NegotiationToken(input_token->value, input_token->length, + &resp, NULL); if (ret) - return ret; + return ret; - if (len > input_token->length - taglen) - return ASN1_OVERRUN; - - ret = decode_NegTokenResp((const unsigned char *)input_token->value+taglen, - len, &resp, NULL); - if (ret) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; + if (resp.element != choice_NegotiationToken_negTokenResp) { + free_NegotiationToken(&resp); + *minor_status = 0; + return GSS_S_BAD_MECH; } - if (resp.negResult == NULL - || *(resp.negResult) == reject - /* || resp.supportedMech == NULL */ + if (resp.u.negTokenResp.negResult == NULL + || *(resp.u.negTokenResp.negResult) == reject + /* || resp.u.negTokenResp.supportedMech == NULL */ ) { - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); return GSS_S_BAD_MECH; } @@ -442,16 +437,16 @@ spnego_reply HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); - if (resp.supportedMech) { + if (resp.u.negTokenResp.supportedMech) { if (ctx->oidlen) { - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_BAD_MECH; } ret = der_put_oid(ctx->oidbuf + sizeof(ctx->oidbuf) - 1, sizeof(ctx->oidbuf), - resp.supportedMech, + resp.u.negTokenResp.supportedMech, &ctx->oidlen); /* Avoid recursively embedded SPNEGO */ if (ret || (ctx->oidlen == GSS_SPNEGO_MECHANISM->length && @@ -459,7 +454,7 @@ spnego_reply GSS_SPNEGO_MECHANISM->elements, ctx->oidlen) == 0)) { - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_BAD_MECH; } @@ -470,23 +465,24 @@ spnego_reply ctx->preferred_mech_type->elements, ctx->oidlen) != 0) { - gss_delete_sec_context(&minor, &ctx->negotiated_ctx_id, + gss_delete_sec_context(&minor, &ctx->negotiated_ctx_id, GSS_C_NO_BUFFER); ctx->negotiated_ctx_id = GSS_C_NO_CONTEXT; } } else if (ctx->oidlen == 0) { - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_BAD_MECH; } - if (resp.responseToken != NULL || + /* if a token (of non zero length), or no context, pass to underlaying mech */ + if ((resp.u.negTokenResp.responseToken != NULL && resp.u.negTokenResp.responseToken->length) || ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { gss_buffer_desc mech_input_token; - if (resp.responseToken) { - mech_input_token.length = resp.responseToken->length; - mech_input_token.value = resp.responseToken->data; + if (resp.u.negTokenResp.responseToken) { + mech_input_token.length = resp.u.negTokenResp.responseToken->length; + mech_input_token.value = resp.u.negTokenResp.responseToken->data; } else { mech_input_token.length = 0; mech_input_token.value = NULL; @@ -499,8 +495,7 @@ spnego_reply /* Fall through as if the negotiated mechanism was requested explicitly */ ret = gss_init_sec_context(&minor, - (cred != NULL) ? cred->negotiated_cred_id : - GSS_C_NO_CREDENTIAL, + cred, &ctx->negotiated_ctx_id, ctx->target_name, &mech, @@ -514,19 +509,20 @@ spnego_reply &ctx->mech_time_rec); if (GSS_ERROR(ret)) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); + gss_mg_collect_error(&mech, ret, minor); *minor_status = minor; return ret; } if (ret == GSS_S_COMPLETE) { ctx->open = 1; } - } else if (*(resp.negResult) == accept_completed) { + } else if (*(resp.u.negTokenResp.negResult) == accept_completed) { if (ctx->maybe_open) ctx->open = 1; } - if (*(resp.negResult) == request_mic) { + if (*(resp.u.negTokenResp.negResult) == request_mic) { ctx->require_mic = 1; } @@ -535,14 +531,14 @@ spnego_reply * Verify the mechListMIC if one was provided or CFX was * used and a non-preferred mechanism was selected */ - if (resp.mechListMIC != NULL) { + if (resp.u.negTokenResp.mechListMIC != NULL) { require_mic = 1; } else { ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic); if (ret) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); gss_release_buffer(&minor, &mech_output_token); return ret; } @@ -556,23 +552,25 @@ spnego_reply &ctx->initiator_mech_types, &buf_len, ret); if (ret) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); gss_release_buffer(&minor, &mech_output_token); *minor_status = ret; return GSS_S_FAILURE; } - if (mech_buf.length != buf_len) + if (mech_buf.length != buf_len) { abort(); + UNREACHABLE(return GSS_S_FAILURE); + } - if (resp.mechListMIC == NULL) { + if (resp.u.negTokenResp.mechListMIC == NULL) { HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); free(mech_buf.value); - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - mic_buf.length = resp.mechListMIC->length; - mic_buf.value = resp.mechListMIC->data; + mic_buf.length = resp.u.negTokenResp.mechListMIC->length; + mic_buf.value = resp.u.negTokenResp.mechListMIC->data; if (mech_output_token.length == 0) { ret = gss_verify_mic(minor_status, @@ -584,7 +582,7 @@ spnego_reply HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); free(mech_buf.value); gss_release_buffer(&minor, &mech_output_token); - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); return GSS_S_DEFECTIVE_TOKEN; } ctx->verified_mic = 1; @@ -599,7 +597,7 @@ spnego_reply if (mech_buf.value != NULL) free(mech_buf.value); - free_NegTokenResp(&resp); + free_NegotiationToken(&resp); gss_release_buffer(&minor, &mech_output_token); if (actual_mech_type) @@ -613,7 +611,8 @@ spnego_reply return ret; } -OM_uint32 _gss_spnego_init_sec_context +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_init_sec_context (OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t * context_handle, @@ -629,11 +628,9 @@ OM_uint32 _gss_spnego_init_sec_context OM_uint32 * time_rec ) { - gssspnego_cred cred = (gssspnego_cred)initiator_cred_handle; - if (*context_handle == GSS_C_NO_CONTEXT) return spnego_initial (minor_status, - cred, + initiator_cred_handle, context_handle, target_name, mech_type, @@ -647,7 +644,7 @@ OM_uint32 _gss_spnego_init_sec_context time_rec); else return spnego_reply (minor_status, - cred, + initiator_cred_handle, context_handle, target_name, mech_type, diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego-private.h b/crypto/heimdal/lib/gssapi/spnego/spnego-private.h index d80db0018ad..f50574d7ed3 100644 --- a/crypto/heimdal/lib/gssapi/spnego/spnego-private.h +++ b/crypto/heimdal/lib/gssapi/spnego/spnego-private.h @@ -7,7 +7,7 @@ gssapi_mech_interface __gss_spnego_initialize (void); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_accept_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, @@ -21,7 +21,7 @@ _gss_spnego_accept_sec_context ( OM_uint32 * /*time_rec*/, gss_cred_id_t *delegated_cred_handle ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred ( OM_uint32 */*minor_status*/, const gss_name_t /*desired_name*/, @@ -32,92 +32,69 @@ _gss_spnego_acquire_cred ( gss_OID_set * /*actual_mechs*/, OM_uint32 * time_rec ); -OM_uint32 -_gss_spnego_add_cred ( - OM_uint32 * /*minor_status*/, - const gss_cred_id_t /*input_cred_handle*/, - const gss_name_t /*desired_name*/, - const gss_OID /*desired_mech*/, - gss_cred_usage_t /*cred_usage*/, - OM_uint32 /*initiator_time_req*/, - OM_uint32 /*acceptor_time_req*/, - gss_cred_id_t * /*output_cred_handle*/, - gss_OID_set * /*actual_mechs*/, - OM_uint32 * /*initiator_time_rec*/, - OM_uint32 * acceptor_time_rec ); - -OM_uint32 -_gss_spnego_alloc_cred ( - OM_uint32 */*minor_status*/, - gss_cred_id_t /*mech_cred_handle*/, - gss_cred_id_t */*cred_handle*/); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_alloc_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t */*context_handle*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_canonicalize_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, const gss_OID /*mech_type*/, gss_name_t * output_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_compare_name ( OM_uint32 */*minor_status*/, const gss_name_t /*name1*/, const gss_name_t /*name2*/, int * name_equal ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_context_time ( OM_uint32 */*minor_status*/, const gss_ctx_id_t /*context_handle*/, OM_uint32 *time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_delete_sec_context ( OM_uint32 */*minor_status*/, gss_ctx_id_t */*context_handle*/, gss_buffer_t output_token ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_display_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t /*output_name_buffer*/, gss_OID * output_name_type ); -OM_uint32 -_gss_spnego_display_status ( - OM_uint32 * /*minor_status*/, - OM_uint32 /*status_value*/, - int /*status_type*/, - const gss_OID /*mech_type*/, - OM_uint32 * /*message_context*/, - gss_buffer_t status_string ); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_duplicate_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*src_name*/, gss_name_t * dest_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_export_cred ( + OM_uint32 */*minor_status*/, + gss_cred_id_t /*cred_handle*/, + gss_buffer_t /*value*/); + +OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_buffer_t exported_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_sec_context ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, gss_buffer_t interprocess_token ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic ( OM_uint32 */*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -125,30 +102,36 @@ _gss_spnego_get_mic ( const gss_buffer_t /*message_buffer*/, gss_buffer_t message_token ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_import_cred ( + OM_uint32 */*minor_status*/, + gss_buffer_t /*value*/, + gss_cred_id_t */*cred_handle*/); + +OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_name ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*name_buffer*/, const gss_OID /*name_type*/, gss_name_t * output_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context ( OM_uint32 * /*minor_status*/, const gss_buffer_t /*interprocess_token*/, gss_ctx_id_t *context_handle ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_indicate_mechtypelist ( OM_uint32 */*minor_status*/, gss_name_t /*target_name*/, OM_uint32 (*/*func*/)(gss_name_t, gss_OID), int /*includeMSCompatOID*/, - const gssspnego_cred /*cred_handle*/, + const gss_cred_id_t /*cred_handle*/, MechTypeList */*mechtypelist*/, gss_OID */*preferred_mech*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_init_sec_context ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*initiator_cred_handle*/, @@ -164,7 +147,7 @@ _gss_spnego_init_sec_context ( OM_uint32 * /*ret_flags*/, OM_uint32 * time_rec ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -176,7 +159,7 @@ _gss_spnego_inquire_context ( int * /*locally_initiated*/, int * open_context ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, @@ -185,7 +168,7 @@ _gss_spnego_inquire_cred ( gss_cred_usage_t * /*cred_usage*/, gss_OID_set * mechanisms ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, @@ -195,95 +178,84 @@ _gss_spnego_inquire_cred_by_mech ( OM_uint32 * /*acceptor_lifetime*/, gss_cred_usage_t * cred_usage ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid ( OM_uint32 * /*minor_status*/, const gss_cred_id_t /*cred_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t */*data_set*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_mechs_for_name ( OM_uint32 * /*minor_status*/, const gss_name_t /*input_name*/, gss_OID_set * mech_types ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech ( OM_uint32 * /*minor_status*/, const gss_OID /*mechanism*/, gss_OID_set * name_types ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_sec_context_by_oid ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_OID /*desired_object*/, gss_buffer_set_t */*data_set*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_internal_delete_sec_context ( OM_uint32 */*minor_status*/, gss_ctx_id_t */*context_handle*/, gss_buffer_t output_token ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_process_context_token ( OM_uint32 */*minor_status*/, const gss_ctx_id_t /*context_handle*/, const gss_buffer_t token_buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_pseudo_random ( + OM_uint32 */*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*prf_key*/, + const gss_buffer_t /*prf_in*/, + ssize_t /*desired_output_len*/, + gss_buffer_t /*prf_out*/); + +OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_cred ( OM_uint32 */*minor_status*/, gss_cred_id_t */*cred_handle*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_release_name ( OM_uint32 * /*minor_status*/, gss_name_t * input_name ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_require_mechlist_mic ( OM_uint32 */*minor_status*/, gssspnego_ctx /*ctx*/, int */*require_mic*/); -OM_uint32 -_gss_spnego_seal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*conf_req_flag*/, - int /*qop_req*/, - gss_buffer_t /*input_message_buffer*/, - int * /*conf_state*/, - gss_buffer_t output_message_buffer ); +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_set_cred_option ( + OM_uint32 */*minor_status*/, + gss_cred_id_t */*cred_handle*/, + const gss_OID /*object*/, + const gss_buffer_t /*value*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_set_sec_context_option ( OM_uint32 * /*minor_status*/, gss_ctx_id_t * /*context_handle*/, const gss_OID /*desired_object*/, const gss_buffer_t /*value*/); -OM_uint32 -_gss_spnego_sign ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - int /*qop_req*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t message_token ); - -OM_uint32 -_gss_spnego_unseal ( - OM_uint32 * /*minor_status*/, - gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*input_message_buffer*/, - gss_buffer_t /*output_message_buffer*/, - int * /*conf_state*/, - int * qop_state ); - -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -292,15 +264,16 @@ _gss_spnego_unwrap ( int * /*conf_state*/, gss_qop_t * qop_state ); -OM_uint32 -_gss_spnego_verify ( - OM_uint32 * /*minor_status*/, +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_unwrap_iov ( + OM_uint32 */*minor_status*/, gss_ctx_id_t /*context_handle*/, - gss_buffer_t /*message_buffer*/, - gss_buffer_t /*token_buffer*/, - int * qop_state ); + int */*conf_state*/, + gss_qop_t */*qop_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -308,7 +281,7 @@ _gss_spnego_verify_mic ( const gss_buffer_t /*token_buffer*/, gss_qop_t * qop_state ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, @@ -318,7 +291,27 @@ _gss_spnego_wrap ( int * /*conf_state*/, gss_buffer_t output_message_buffer ); -OM_uint32 +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_wrap_iov ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + int * /*conf_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); + +OM_uint32 GSSAPI_CALLCONV +_gss_spnego_wrap_iov_length ( + OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + int */*conf_state*/, + gss_iov_buffer_desc */*iov*/, + int /*iov_count*/); + +OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit ( OM_uint32 * /*minor_status*/, const gss_ctx_id_t /*context_handle*/, diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego.asn1 b/crypto/heimdal/lib/gssapi/spnego/spnego.asn1 index 058f10ba3ad..048e86bb43d 100644 --- a/crypto/heimdal/lib/gssapi/spnego/spnego.asn1 +++ b/crypto/heimdal/lib/gssapi/spnego/spnego.asn1 @@ -1,4 +1,4 @@ --- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $ +-- $Id$ SPNEGO DEFINITIONS ::= BEGIN diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego.opt b/crypto/heimdal/lib/gssapi/spnego/spnego.opt new file mode 100644 index 00000000000..cbf2f2341db --- /dev/null +++ b/crypto/heimdal/lib/gssapi/spnego/spnego.opt @@ -0,0 +1 @@ +--sequence=MechTypeList diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h index 1ec1704776f..3e151c7c2a4 100644 --- a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -30,15 +30,12 @@ * SUCH DAMAGE. */ -/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */ -/* $FreeBSD$ */ +/* $Id$ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H -#ifdef HAVE_CONFIG_H #include -#endif #ifdef HAVE_SYS_TYPES_H #include @@ -47,12 +44,15 @@ #include #endif +#include + #ifdef HAVE_PTHREAD_H #include #endif -#include #include +#include +#include #include #include #include @@ -68,16 +68,13 @@ #include #include "spnego_asn1.h" +#include "utils.h" #include -#include +#include #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) -typedef struct { - gss_cred_id_t negotiated_cred_id; -} *gssspnego_cred; - typedef struct { MechTypeList initiator_mech_types; gss_OID preferred_mech_type; @@ -86,7 +83,6 @@ typedef struct { OM_uint32 mech_flags; OM_uint32 mech_time_rec; gss_name_t mech_src_name; - gss_cred_id_t delegated_cred_id; unsigned int open : 1; unsigned int local : 1; unsigned int require_mic : 1; @@ -110,6 +106,6 @@ typedef struct { extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc; extern gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc; -#include +#include #endif /* SPNEGO_LOCL_H */ diff --git a/crypto/heimdal/lib/gssapi/test_acquire_cred.c b/crypto/heimdal/lib/gssapi/test_acquire_cred.c index fd2bc32dd52..e1a929bf962 100644 --- a/crypto/heimdal/lib/gssapi/test_acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/test_acquire_cred.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -35,19 +35,19 @@ #include #endif +#include #include #include #include #include #include +#include +#include #include -#include #include #include "test_common.h" -RCSID("$Id: test_acquire_cred.c 22129 2007-12-04 01:13:13Z lha $"); - static void print_time(OM_uint32 time_rec) { @@ -79,7 +79,7 @@ test_add(gss_cred_id_t cred_handle) NULL, &time_rec, NULL); - + if (GSS_ERROR(major_status)) errx(1, "add_cred failed"); @@ -98,7 +98,7 @@ copy_cred(void) gss_cred_id_t cred_handle; OM_uint32 time_rec; - major_status = gss_acquire_cred(&minor_status, + major_status = gss_acquire_cred(&minor_status, GSS_C_NO_NAME, 0, NULL, @@ -108,7 +108,7 @@ copy_cred(void) &time_rec); if (GSS_ERROR(major_status)) errx(1, "acquire_cred failed"); - + print_time(time_rec); test_add(cred_handle); @@ -122,9 +122,10 @@ copy_cred(void) } #endif -static void +static gss_cred_id_t acquire_cred_service(const char *service, gss_OID nametype, + gss_OID_set oidset, int flags) { OM_uint32 major_status, minor_status; @@ -136,7 +137,7 @@ acquire_cred_service(const char *service, if (service) { name_buffer.value = rk_UNCONST(service); name_buffer.length = strlen(service); - + major_status = gss_import_name(&minor_status, &name_buffer, nametype, @@ -145,18 +146,18 @@ acquire_cred_service(const char *service, errx(1, "import_name failed"); } - major_status = gss_acquire_cred(&minor_status, + major_status = gss_acquire_cred(&minor_status, name, 0, - NULL, + oidset, flags, &cred_handle, NULL, &time_rec); if (GSS_ERROR(major_status)) { - warnx("acquire_cred failed: %s", + warnx("acquire_cred failed: %s", gssapi_err(major_status, minor_status, GSS_C_NO_OID)); - } else { + } else { print_time(time_rec); gss_release_cred(&minor_status, &cred_handle); } @@ -166,18 +167,28 @@ acquire_cred_service(const char *service, if (GSS_ERROR(major_status)) exit(1); + + return cred_handle; } static int version_flag = 0; static int help_flag = 0; +static int kerberos_flag = 0; +static int enctype = 0; static char *acquire_name; static char *acquire_type; +static char *target_name; static char *name_type; static char *ccache; +static int num_loops = 1; static struct getargs args[] = { {"acquire-name", 0, arg_string, &acquire_name, "name", NULL }, {"acquire-type", 0, arg_string, &acquire_type, "type", NULL }, + {"enctype", 0, arg_integer, &enctype, "enctype-num", NULL }, + {"loops", 0, arg_integer, &num_loops, "enctype-num", NULL }, + {"kerberos", 0, arg_flag, &kerberos_flag, "enctype-num", NULL }, + {"target-name", 0, arg_string, &target_name, "name", NULL }, {"ccache", 0, arg_string, &ccache, "name", NULL }, {"name-type", 0, arg_string, &name_type, "type", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, @@ -194,14 +205,19 @@ usage (int ret) int main(int argc, char **argv) { - int optidx = 0; + gss_OID_set oidset = GSS_C_NULL_OID_SET; + gss_OID mechoid = GSS_C_NO_OID; + OM_uint32 maj_stat, min_stat; + gss_cred_id_t cred; + gss_name_t target = GSS_C_NO_NAME; + int i, optidx = 0; OM_uint32 flag; gss_OID type; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -227,7 +243,7 @@ main(int argc, char **argv) errx(1, "unknown type %s", acquire_type); } else flag = GSS_C_ACCEPT; - + if (name_type) { if (strcasecmp("hostbased-service", name_type) == 0) type = GSS_C_NT_HOSTBASED_SERVICE; @@ -239,15 +255,75 @@ main(int argc, char **argv) type = GSS_C_NT_HOSTBASED_SERVICE; if (ccache) { - OM_uint32 major_status, minor_status; - major_status = gss_krb5_ccache_name(&minor_status, - ccache, NULL); - if (GSS_ERROR(major_status)) - errx(1, "gss_krb5_ccache_name %s", - gssapi_err(major_status, minor_status, GSS_C_NO_OID)); + maj_stat = gss_krb5_ccache_name(&min_stat, ccache, NULL); + if (GSS_ERROR(maj_stat)) + errx(1, "gss_krb5_ccache_name %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (kerberos_flag) { + mechoid = GSS_KRB5_MECHANISM; + + maj_stat = gss_create_empty_oid_set(&min_stat, &oidset); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_create_empty_oid_set: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + + maj_stat = gss_add_oid_set_member(&min_stat, GSS_KRB5_MECHANISM, &oidset); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_add_oid_set_member: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (target_name) { + gss_buffer_desc name; + + name.value = target_name; + name.length = strlen(target_name); + maj_stat = gss_import_name(&min_stat, &name, + GSS_C_NT_HOSTBASED_SERVICE, &target); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + for (i = 0; i < num_loops; i++) { + + cred = acquire_cred_service(acquire_name, type, oidset, flag); + + if (enctype) { + int32_t enctypelist = enctype; + + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, cred, + 1, &enctypelist); + if (maj_stat) + errx(1, "gss_krb5_set_allowable_enctypes: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (target) { + gss_ctx_id_t context = GSS_C_NO_CONTEXT; + gss_buffer_desc out; + + out.length = 0; + out.value = NULL; + + maj_stat = gss_init_sec_context(&min_stat, + cred, &context, + target, mechoid, + GSS_C_MUTUAL_FLAG, 0, NULL, + GSS_C_NO_BUFFER, NULL, + &out, NULL, NULL); + if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) + errx(1, "init_sec_context failed: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + + gss_release_buffer(&min_stat, &out); + gss_delete_sec_context(&min_stat, &context, NULL); + } + gss_release_cred(&min_stat, &cred); } - acquire_cred_service(acquire_name, type, flag); return 0; } diff --git a/crypto/heimdal/lib/gssapi/test_common.c b/crypto/heimdal/lib/gssapi/test_common.c index 329180f2338..8251aef867c 100644 --- a/crypto/heimdal/lib/gssapi/test_common.c +++ b/crypto/heimdal/lib/gssapi/test_common.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -35,8 +35,6 @@ #include #include "test_common.h" -RCSID("$Id: test_common.c 20075 2007-01-31 06:05:19Z lha $"); - char * gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech) { @@ -51,20 +49,21 @@ gssapi_err(OM_uint32 maj_stat, OM_uint32 min_stat, gss_OID mech) maj_error_message.value = NULL; min_error_message.length = 0; min_error_message.value = NULL; - - disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, + + disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE, mech, &msg_ctx, &maj_error_message); disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE, mech, &msg_ctx, &min_error_message); - asprintf(&ret, "gss-code: %lu %.*s\nmech-code: %lu %.*s", - (unsigned long)maj_stat, - (int)maj_error_message.length, - (char *)maj_error_message.value, - (unsigned long)min_stat, - (int)min_error_message.length, - (char *)min_error_message.value); + if (asprintf(&ret, "gss-code: %lu %.*s -- mech-code: %lu %.*s", + (unsigned long)maj_stat, + (int)maj_error_message.length, + (char *)maj_error_message.value, + (unsigned long)min_stat, + (int)min_error_message.length, + (char *)min_error_message.value) < 0 || ret == NULL) + errx(1, "malloc"); gss_release_buffer(&disp_min_stat, &maj_error_message); gss_release_buffer(&disp_min_stat, &min_error_message); diff --git a/crypto/heimdal/lib/gssapi/test_common.h b/crypto/heimdal/lib/gssapi/test_common.h index 8e78a5d30ec..fda2949609a 100644 --- a/crypto/heimdal/lib/gssapi/test_common.h +++ b/crypto/heimdal/lib/gssapi/test_common.h @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -31,6 +31,6 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: test_common.h 20075 2007-01-31 06:05:19Z lha $ */ +/* $Id$ */ char * gssapi_err(OM_uint32, OM_uint32, gss_OID); diff --git a/crypto/heimdal/lib/gssapi/test_context.c b/crypto/heimdal/lib/gssapi/test_context.c index e02535aec22..5bdf474d9b9 100644 --- a/crypto/heimdal/lib/gssapi/test_context.c +++ b/crypto/heimdal/lib/gssapi/test_context.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,41 +34,67 @@ #include "krb5/gsskrb5_locl.h" #include #include +#include +#include +#include +#include #include "test_common.h" -RCSID("$Id: test_context.c 20075 2007-01-31 06:05:19Z lha $"); - static char *type_string; static char *mech_string; static char *ret_mech_string; +static char *client_name; +static char *client_password; static int dns_canon_flag = -1; static int mutual_auth_flag = 0; static int dce_style_flag = 0; static int wrapunwrap_flag = 0; +static int iov_flag = 0; static int getverifymic_flag = 0; static int deleg_flag = 0; +static int policy_deleg_flag = 0; +static int server_no_deleg_flag = 0; +static int ei_flag = 0; +static char *gsskrb5_acceptor_identity = NULL; +static char *session_enctype_string = NULL; +static int client_time_offset = 0; +static int server_time_offset = 0; +static int max_loops = 0; +static char *limit_enctype_string = NULL; static int version_flag = 0; static int verbose_flag = 0; static int help_flag = 0; +static krb5_context context; +static krb5_enctype limit_enctype = 0; + static struct { const char *name; - gss_OID *oid; + gss_OID oid; } o2n[] = { - { "krb5", &GSS_KRB5_MECHANISM }, - { "spnego", &GSS_SPNEGO_MECHANISM }, - { "ntlm", &GSS_NTLM_MECHANISM }, - { "sasl-digest-md5", &GSS_SASL_DIGEST_MD5_MECHANISM } + { "krb5", NULL /* GSS_KRB5_MECHANISM */ }, + { "spnego", NULL /* GSS_SPNEGO_MECHANISM */ }, + { "ntlm", NULL /* GSS_NTLM_MECHANISM */ }, + { "sasl-digest-md5", NULL /* GSS_SASL_DIGEST_MD5_MECHANISM */ } }; +static void +init_o2n(void) +{ + o2n[0].oid = GSS_KRB5_MECHANISM; + o2n[1].oid = GSS_SPNEGO_MECHANISM; + o2n[2].oid = GSS_NTLM_MECHANISM; + o2n[3].oid = GSS_SASL_DIGEST_MD5_MECHANISM; +} + static gss_OID string_to_oid(const char *name) { int i; for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++) if (strcasecmp(name, o2n[i].name) == 0) - return *o2n[i].oid; - errx(1, "name %s not unknown", name); + return o2n[i].oid; + errx(1, "name '%s' not unknown", name); } static const char * @@ -76,7 +102,7 @@ oid_to_string(const gss_OID oid) { int i; for (i = 0; i < sizeof(o2n)/sizeof(o2n[0]); i++) - if (gss_oid_equal(oid, *o2n[i].oid)) + if (gss_oid_equal(oid, o2n[i].oid)) return o2n[i].name; return "unknown oid"; } @@ -86,16 +112,17 @@ loop(gss_OID mechoid, gss_OID nameoid, const char *target, gss_cred_id_t init_cred, gss_ctx_id_t *sctx, gss_ctx_id_t *cctx, - gss_OID *actual_mech, + gss_OID *actual_mech, gss_cred_id_t *deleg_cred) { int server_done = 0, client_done = 0; + int num_loops = 0; OM_uint32 maj_stat, min_stat; gss_name_t gss_target_name; gss_buffer_desc input_token, output_token; OM_uint32 flags = 0, ret_cflags, ret_sflags; - gss_OID actual_mech_client; - gss_OID actual_mech_server; + gss_OID actual_mech_client; + gss_OID actual_mech_server; *actual_mech = GSS_C_NO_OID; @@ -108,6 +135,8 @@ loop(gss_OID mechoid, flags |= GSS_C_DCE_STYLE; if (deleg_flag) flags |= GSS_C_DELEG_FLAG; + if (policy_deleg_flag) + flags |= GSS_C_DELEG_POLICY_FLAG; input_token.value = rk_UNCONST(target); input_token.length = strlen(target); @@ -123,14 +152,17 @@ loop(gss_OID mechoid, input_token.value = NULL; while (!server_done || !client_done) { + num_loops++; + + gsskrb5_set_time_offset(client_time_offset); maj_stat = gss_init_sec_context(&min_stat, init_cred, cctx, gss_target_name, - mechoid, + mechoid, flags, - 0, + 0, NULL, &input_token, &actual_mech_client, @@ -145,12 +177,16 @@ loop(gss_OID mechoid, else client_done = 1; + gsskrb5_get_time_offset(&client_time_offset); + if (client_done && server_done) break; if (input_token.length != 0) gss_release_buffer(&min_stat, &input_token); + gsskrb5_set_time_offset(server_time_offset); + maj_stat = gss_accept_sec_context(&min_stat, sctx, GSS_C_NO_CREDENTIAL, @@ -166,8 +202,7 @@ loop(gss_OID mechoid, errx(1, "accept_sec_context: %s", gssapi_err(maj_stat, min_stat, actual_mech_server)); - if (verbose_flag) - printf("%.*s", (int)input_token.length, (char *)input_token.value); + gsskrb5_get_time_offset(&server_time_offset); if (output_token.length != 0) gss_release_buffer(&min_stat, &output_token); @@ -176,24 +211,42 @@ loop(gss_OID mechoid, ; else server_done = 1; - } + } if (output_token.length != 0) gss_release_buffer(&min_stat, &output_token); if (input_token.length != 0) gss_release_buffer(&min_stat, &input_token); gss_release_name(&min_stat, &gss_target_name); + if (deleg_flag || policy_deleg_flag) { + if (server_no_deleg_flag) { + if (*deleg_cred != GSS_C_NO_CREDENTIAL) + errx(1, "got delegated cred but didn't expect one"); + } else if (*deleg_cred == GSS_C_NO_CREDENTIAL) + errx(1, "asked for delegarated cred but did get one"); + } else if (*deleg_cred != GSS_C_NO_CREDENTIAL) + errx(1, "got deleg_cred cred but didn't ask"); + if (gss_oid_equal(actual_mech_server, actual_mech_client) == 0) errx(1, "mech mismatch"); *actual_mech = actual_mech_server; + + if (max_loops && num_loops > max_loops) + errx(1, "num loops %d was lager then max loops %d", + num_loops, max_loops); + + if (verbose_flag) { + printf("server time offset: %d\n", server_time_offset); + printf("client time offset: %d\n", client_time_offset); + printf("num loops %d\n", num_loops); + } } static void -wrapunwrap(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid) +wrapunwrap(gss_ctx_id_t cctx, gss_ctx_id_t sctx, int flags, gss_OID mechoid) { gss_buffer_desc input_token, output_token, output_token2; OM_uint32 min_stat, maj_stat; - int32_t flags = 0; gss_qop_t qop_state; int conf_state; @@ -211,6 +264,155 @@ wrapunwrap(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid) if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_unwrap failed: %s", gssapi_err(maj_stat, min_stat, mechoid)); + + gss_release_buffer(&min_stat, &output_token); + gss_release_buffer(&min_stat, &output_token2); + +#if 0 /* doesn't work for NTLM yet */ + if (!!conf_state != !!flags) + errx(1, "conf_state mismatch"); +#endif +} + +#define USE_CONF 1 +#define USE_HEADER_ONLY 2 +#define USE_SIGN_ONLY 4 +#define FORCE_IOV 8 + +static void +wrapunwrap_iov(gss_ctx_id_t cctx, gss_ctx_id_t sctx, int flags, gss_OID mechoid) +{ + krb5_data token, header, trailer; + OM_uint32 min_stat, maj_stat; + gss_qop_t qop_state; + int conf_state, conf_state2; + gss_iov_buffer_desc iov[6]; + unsigned char *p; + int iov_len; + char header_data[9] = "ABCheader"; + char trailer_data[10] = "trailerXYZ"; + + char token_data[16] = "0123456789abcdef"; + + memset(&iov, 0, sizeof(iov)); + + if (flags & USE_SIGN_ONLY) { + header.data = header_data; + header.length = 9; + trailer.data = trailer_data; + trailer.length = 10; + } else { + header.data = NULL; + header.length = 0; + trailer.data = NULL; + trailer.length = 0; + } + + token.data = token_data; + token.length = 16; + + iov_len = sizeof(iov)/sizeof(iov[0]); + + memset(iov, 0, sizeof(iov)); + + iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + + if (header.length != 0) { + iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[1].buffer.length = header.length; + iov[1].buffer.value = header.data; + } else { + iov[1].type = GSS_IOV_BUFFER_TYPE_EMPTY; + iov[1].buffer.length = 0; + iov[1].buffer.value = NULL; + } + iov[2].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[2].buffer.length = token.length; + iov[2].buffer.value = token.data; + if (trailer.length != 0) { + iov[3].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[3].buffer.length = trailer.length; + iov[3].buffer.value = trailer.data; + } else { + iov[3].type = GSS_IOV_BUFFER_TYPE_EMPTY; + iov[3].buffer.length = 0; + iov[3].buffer.value = NULL; + } + if (dce_style_flag) { + iov[4].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } else { + iov[4].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + } + iov[4].buffer.length = 0; + iov[4].buffer.value = 0; + if (dce_style_flag) { + iov[5].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } else if (flags & USE_HEADER_ONLY) { + iov[5].type = GSS_IOV_BUFFER_TYPE_EMPTY; + } else { + iov[5].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE; + } + iov[5].buffer.length = 0; + iov[5].buffer.value = 0; + + maj_stat = gss_wrap_iov(&min_stat, cctx, dce_style_flag || flags & USE_CONF, 0, &conf_state, + iov, iov_len); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_wrap_iov failed"); + + token.length = + iov[0].buffer.length + + iov[1].buffer.length + + iov[2].buffer.length + + iov[3].buffer.length + + iov[4].buffer.length + + iov[5].buffer.length; + token.data = emalloc(token.length); + + p = token.data; + memcpy(p, iov[0].buffer.value, iov[0].buffer.length); + p += iov[0].buffer.length; + memcpy(p, iov[1].buffer.value, iov[1].buffer.length); + p += iov[1].buffer.length; + memcpy(p, iov[2].buffer.value, iov[2].buffer.length); + p += iov[2].buffer.length; + memcpy(p, iov[3].buffer.value, iov[3].buffer.length); + p += iov[3].buffer.length; + memcpy(p, iov[4].buffer.value, iov[4].buffer.length); + p += iov[4].buffer.length; + memcpy(p, iov[5].buffer.value, iov[5].buffer.length); + p += iov[5].buffer.length; + + assert(p - ((unsigned char *)token.data) == token.length); + + if ((flags & (USE_SIGN_ONLY|FORCE_IOV)) == 0) { + gss_buffer_desc input, output; + + input.value = token.data; + input.length = token.length; + + maj_stat = gss_unwrap(&min_stat, sctx, &input, + &output, &conf_state2, &qop_state); + + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_unwrap from gss_wrap_iov failed: %s", + gssapi_err(maj_stat, min_stat, mechoid)); + + gss_release_buffer(&min_stat, &output); + } else { + maj_stat = gss_unwrap_iov(&min_stat, sctx, &conf_state2, &qop_state, + iov, iov_len); + + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_unwrap_iov failed: %x %s", flags, + gssapi_err(maj_stat, min_stat, mechoid)); + + } + if (conf_state2 != conf_state) + errx(1, "conf state wrong for iov: %x", flags); + + + free(token.data); } static void @@ -234,8 +436,24 @@ getverifymic(gss_ctx_id_t cctx, gss_ctx_id_t sctx, gss_OID mechoid) if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_verify_mic failed: %s", gssapi_err(maj_stat, min_stat, mechoid)); + + gss_release_buffer(&min_stat, &output_token); } +static void +empty_release(void) +{ + gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; + gss_cred_id_t cred = GSS_C_NO_CREDENTIAL; + gss_name_t name = GSS_C_NO_NAME; + gss_OID_set oidset = GSS_C_NO_OID_SET; + OM_uint32 junk; + + gss_delete_sec_context(&junk, &ctx, NULL); + gss_release_cred(&junk, &cred); + gss_release_name(&junk, &name); + gss_release_oid_set(&junk, &oidset); +} /* * @@ -246,14 +464,27 @@ static struct getargs args[] = { {"mech-type",0, arg_string, &mech_string, "type of mech", NULL }, {"ret-mech-type",0, arg_string, &ret_mech_string, "type of return mech", NULL }, - {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag, + {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag, "use dns to canonicalize", NULL }, {"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL }, + {"client-name", 0, arg_string, &client_name, "client name", NULL }, + {"client-password", 0, arg_string, &client_password, "client password", NULL }, + {"limit-enctype",0, arg_string, &limit_enctype_string, "enctype", NULL }, {"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL }, {"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL }, - {"getverifymic",0, arg_flag, &getverifymic_flag, + {"iov", 0, arg_flag, &iov_flag, "wrap/unwrap iov", NULL }, + {"getverifymic",0, arg_flag, &getverifymic_flag, "get and verify mic", NULL }, {"delegate",0, arg_flag, &deleg_flag, "delegate credential", NULL }, + {"policy-delegate",0, arg_flag, &policy_deleg_flag, "policy delegate credential", NULL }, + {"server-no-delegate",0, arg_flag, &server_no_deleg_flag, + "server should get a credential", NULL }, + {"export-import-cred",0, arg_flag, &ei_flag, "test export/import cred", NULL }, + {"gsskrb5-acceptor-identity", 0, arg_string, &gsskrb5_acceptor_identity, "keytab", NULL }, + {"session-enctype", 0, arg_string, &session_enctype_string, "enctype", NULL }, + {"client-time-offset", 0, arg_integer, &client_time_offset, "time", NULL }, + {"server-time-offset", 0, arg_integer, &server_time_offset, "time", NULL }, + {"max-loops", 0, arg_integer, &max_loops, "time", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, {"verbose", 'v', arg_flag, &verbose_flag, "verbose", NULL }, {"help", 0, arg_flag, &help_flag, NULL, NULL } @@ -274,16 +505,23 @@ main(int argc, char **argv) OM_uint32 min_stat, maj_stat; gss_ctx_id_t cctx, sctx; void *ctx; - gss_OID nameoid, mechoid, actual_mech; - gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; + gss_OID nameoid, mechoid, actual_mech, actual_mech2; + gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL; + gss_name_t cname = GSS_C_NO_NAME; + gss_buffer_desc credential_data = GSS_C_EMPTY_BUFFER; setprogname(argv[0]); + init_o2n(); + + if (krb5_init_context(&context)) + errx(1, "krb5_init_context"); + cctx = sctx = GSS_C_NO_CONTEXT; if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); - + if (help_flag) usage (0); @@ -312,12 +550,85 @@ main(int argc, char **argv) if (mech_string == NULL) mechoid = GSS_KRB5_MECHANISM; - else + else mechoid = string_to_oid(mech_string); - loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL, + if (gsskrb5_acceptor_identity) { + maj_stat = gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity); + if (maj_stat) + errx(1, "gsskrb5_acceptor_identity: %s", + gssapi_err(maj_stat, 0, GSS_C_NO_OID)); + } + + if (client_password) { + credential_data.value = client_password; + credential_data.length = strlen(client_password); + } + + if (client_name) { + gss_buffer_desc cn; + + cn.value = client_name; + cn.length = strlen(client_name); + + maj_stat = gss_import_name(&min_stat, &cn, GSS_C_NT_USER_NAME, &cname); + if (maj_stat) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (client_password) { + maj_stat = gss_acquire_cred_with_password(&min_stat, + cname, + &credential_data, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &client_cred, + NULL, + NULL); + if (GSS_ERROR(maj_stat)) + errx(1, "gss_acquire_cred_with_password: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } else { + maj_stat = gss_acquire_cred(&min_stat, + cname, + GSS_C_INDEFINITE, + GSS_C_NO_OID_SET, + GSS_C_INITIATE, + &client_cred, + NULL, + NULL); + if (GSS_ERROR(maj_stat)) + errx(1, "gss_acquire_cred: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + if (limit_enctype_string) { + krb5_error_code ret; + + ret = krb5_string_to_enctype(context, + limit_enctype_string, + &limit_enctype); + if (ret) + krb5_err(context, 1, ret, "krb5_string_to_enctype"); + } + + + if (limit_enctype) { + if (client_cred == NULL) + errx(1, "client_cred missing"); + + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, client_cred, + 1, &limit_enctype); + if (maj_stat) + errx(1, "gss_krb5_set_allowable_enctypes: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + loop(mechoid, nameoid, argv[0], client_cred, &sctx, &cctx, &actual_mech, &deleg_cred); - + if (verbose_flag) printf("resulting mech: %s\n", oid_to_string(actual_mech)); @@ -327,43 +638,38 @@ main(int argc, char **argv) retoid = string_to_oid(ret_mech_string); if (gss_oid_equal(retoid, actual_mech) == 0) - errx(1, "actual_mech mech is not the expected type %s", + errx(1, "actual_mech mech is not the expected type %s", ret_mech_string); } /* XXX should be actual_mech */ - if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { - krb5_context context; - time_t time, skew; + if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { + time_t time; gss_buffer_desc authz_data; gss_buffer_desc in, out1, out2; krb5_keyblock *keyblock, *keyblock2; krb5_timestamp now; krb5_error_code ret; - ret = krb5_init_context(&context); - if (ret) - errx(1, "krb5_init_context"); - ret = krb5_timeofday(context, &now); - if (ret) - errx(1, "krb5_timeofday failed"); - + if (ret) + errx(1, "krb5_timeofday failed"); + /* client */ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &cctx, 1, /* version */ &ctx); if (maj_stat != GSS_S_COMPLETE) - errx(1, "gss_krb5_export_lucid_sec_context failed: %s", - gssapi_err(maj_stat, min_stat, actual_mech)); - - + errx(1, "gss_krb5_export_lucid_sec_context failed: %s", + gssapi_err(maj_stat, min_stat, actual_mech)); + + maj_stat = gss_krb5_free_lucid_sec_context(&maj_stat, ctx); if (maj_stat != GSS_S_COMPLETE) errx(1, "gss_krb5_free_lucid_sec_context failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); - + /* server */ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &sctx, @@ -384,13 +690,10 @@ main(int argc, char **argv) errx(1, "gsskrb5_extract_authtime_from_sec_context failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); - skew = abs(time - now); - if (skew > krb5_get_max_time_skew(context)) { + if (time > now) errx(1, "gsskrb5_extract_authtime_from_sec_context failed: " - "time skew too great %llu > %llu", - (unsigned long long)skew, - (unsigned long long)krb5_get_max_time_skew(context)); - } + "time authtime is before now: %ld %ld", + (long)time, (long)now); maj_stat = gsskrb5_extract_service_keyblock(&min_stat, sctx, @@ -404,24 +707,28 @@ main(int argc, char **argv) maj_stat = gsskrb5_get_subkey(&min_stat, sctx, &keyblock); - if (maj_stat != GSS_S_COMPLETE + if (maj_stat != GSS_S_COMPLETE && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY))) errx(1, "gsskrb5_get_subkey server failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); if (maj_stat != GSS_S_COMPLETE) keyblock = NULL; - + else if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_subkey wrong enctype"); + maj_stat = gsskrb5_get_subkey(&min_stat, cctx, &keyblock2); - if (maj_stat != GSS_S_COMPLETE + if (maj_stat != GSS_S_COMPLETE && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY))) errx(1, "gsskrb5_get_subkey client failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); if (maj_stat != GSS_S_COMPLETE) keyblock2 = NULL; + else if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_subkey wrong enctype"); if (keyblock || keyblock2) { if (keyblock == NULL) @@ -433,11 +740,26 @@ main(int argc, char **argv) errx(1, "enctype mismatch"); if (keyblock->keyvalue.length != keyblock2->keyvalue.length) errx(1, "key length mismatch"); - if (memcmp(keyblock->keyvalue.data, keyblock2->keyvalue.data, + if (memcmp(keyblock->keyvalue.data, keyblock2->keyvalue.data, keyblock2->keyvalue.length) != 0) errx(1, "key data mismatch"); } + if (session_enctype_string) { + krb5_enctype enctype; + + ret = krb5_string_to_enctype(context, + session_enctype_string, + &enctype); + + if (ret) + krb5_err(context, 1, ret, "krb5_string_to_enctype"); + + if (enctype != keyblock->keytype) + errx(1, "keytype is not the expected %d != %d", + (int)enctype, (int)keyblock2->keytype); + } + if (keyblock) krb5_free_keyblock(context, keyblock); if (keyblock2) @@ -446,13 +768,17 @@ main(int argc, char **argv) maj_stat = gsskrb5_get_initiator_subkey(&min_stat, sctx, &keyblock); - if (maj_stat != GSS_S_COMPLETE + if (maj_stat != GSS_S_COMPLETE && (!(maj_stat == GSS_S_FAILURE && min_stat == GSS_KRB5_S_KG_NO_SUBKEY))) errx(1, "gsskrb5_get_initiator_subkey failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); - if (maj_stat == GSS_S_COMPLETE) + if (maj_stat == GSS_S_COMPLETE) { + + if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_initiator_subkey wrong enctype"); krb5_free_keyblock(context, keyblock); + } maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat, sctx, @@ -461,8 +787,6 @@ main(int argc, char **argv) if (maj_stat == GSS_S_COMPLETE) gss_release_buffer(&min_stat, &authz_data); - krb5_free_context(context); - memset(&out1, 0, sizeof(out1)); memset(&out2, 0, sizeof(out2)); @@ -470,19 +794,19 @@ main(int argc, char **argv) in.value = "foo"; in.length = 3; - gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, + gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, 100, &out1); - gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_FULL, &in, + gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_FULL, &in, 100, &out2); if (out1.length != out2.length) errx(1, "prf len mismatch"); if (memcmp(out1.value, out2.value, out1.length) != 0) errx(1, "prf data mismatch"); - + gss_release_buffer(&min_stat, &out1); - gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, + gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_FULL, &in, 100, &out1); if (out1.length != out2.length) @@ -496,9 +820,9 @@ main(int argc, char **argv) in.value = "bar"; in.length = 3; - gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_PARTIAL, &in, + gss_pseudo_random(&min_stat, sctx, GSS_C_PRF_KEY_PARTIAL, &in, 100, &out1); - gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_PARTIAL, &in, + gss_pseudo_random(&min_stat, cctx, GSS_C_PRF_KEY_PARTIAL, &in, 100, &out2); if (out1.length != out2.length) @@ -514,11 +838,48 @@ main(int argc, char **argv) } if (wrapunwrap_flag) { - wrapunwrap(cctx, sctx, actual_mech); - wrapunwrap(cctx, sctx, actual_mech); - wrapunwrap(sctx, cctx, actual_mech); - wrapunwrap(sctx, cctx, actual_mech); + wrapunwrap(cctx, sctx, 0, actual_mech); + wrapunwrap(cctx, sctx, 1, actual_mech); + wrapunwrap(sctx, cctx, 0, actual_mech); + wrapunwrap(sctx, cctx, 1, actual_mech); } + + if (iov_flag) { + wrapunwrap_iov(cctx, sctx, 0, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY, actual_mech); + + wrapunwrap_iov(cctx, sctx, FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|USE_SIGN_ONLY|FORCE_IOV, actual_mech); + +/* works */ + wrapunwrap_iov(cctx, sctx, 0, actual_mech); + wrapunwrap_iov(cctx, sctx, FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_CONF, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_SIGN_ONLY|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_SIGN_ONLY|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_HEADER_ONLY|FORCE_IOV, actual_mech); + + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY, actual_mech); + wrapunwrap_iov(cctx, sctx, USE_CONF|USE_HEADER_ONLY|FORCE_IOV, actual_mech); + } + if (getverifymic_flag) { getverifymic(cctx, sctx, actual_mech); getverifymic(cctx, sctx, actual_mech); @@ -526,17 +887,84 @@ main(int argc, char **argv) getverifymic(sctx, cctx, actual_mech); } + gss_delete_sec_context(&min_stat, &cctx, NULL); gss_delete_sec_context(&min_stat, &sctx, NULL); if (deleg_cred != GSS_C_NO_CREDENTIAL) { + gss_cred_id_t cred2 = GSS_C_NO_CREDENTIAL; + gss_buffer_desc cb; - loop(mechoid, nameoid, argv[0], deleg_cred, &cctx, &sctx, &actual_mech, NULL); + if (verbose_flag) + printf("checking actual mech (%s) on delegated cred\n", + oid_to_string(actual_mech)); + loop(actual_mech, nameoid, argv[0], deleg_cred, &sctx, &cctx, &actual_mech2, &cred2); gss_delete_sec_context(&min_stat, &cctx, NULL); gss_delete_sec_context(&min_stat, &sctx, NULL); + gss_release_cred(&min_stat, &cred2); + + /* try again using SPNEGO */ + if (verbose_flag) + printf("checking spnego on delegated cred\n"); + loop(GSS_SPNEGO_MECHANISM, nameoid, argv[0], deleg_cred, &sctx, &cctx, + &actual_mech2, &cred2); + + gss_delete_sec_context(&min_stat, &cctx, NULL); + gss_delete_sec_context(&min_stat, &sctx, NULL); + + gss_release_cred(&min_stat, &cred2); + + /* check export/import */ + if (ei_flag) { + + maj_stat = gss_export_cred(&min_stat, deleg_cred, &cb); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "export failed: %s", + gssapi_err(maj_stat, min_stat, NULL)); + + maj_stat = gss_import_cred(&min_stat, &cb, &cred2); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "import failed: %s", + gssapi_err(maj_stat, min_stat, NULL)); + + gss_release_buffer(&min_stat, &cb); + gss_release_cred(&min_stat, &deleg_cred); + + if (verbose_flag) + printf("checking actual mech (%s) on export/imported cred\n", + oid_to_string(actual_mech)); + loop(actual_mech, nameoid, argv[0], cred2, &sctx, &cctx, + &actual_mech2, &deleg_cred); + + gss_release_cred(&min_stat, &deleg_cred); + + gss_delete_sec_context(&min_stat, &cctx, NULL); + gss_delete_sec_context(&min_stat, &sctx, NULL); + + /* try again using SPNEGO */ + if (verbose_flag) + printf("checking SPNEGO on export/imported cred\n"); + loop(GSS_SPNEGO_MECHANISM, nameoid, argv[0], cred2, &sctx, &cctx, + &actual_mech2, &deleg_cred); + + gss_release_cred(&min_stat, &deleg_cred); + + gss_delete_sec_context(&min_stat, &cctx, NULL); + gss_delete_sec_context(&min_stat, &sctx, NULL); + + gss_release_cred(&min_stat, &cred2); + + } else { + gss_release_cred(&min_stat, &deleg_cred); + } + } + empty_release(); + + krb5_free_context(context); + return 0; } diff --git a/crypto/heimdal/lib/gssapi/test_cred.c b/crypto/heimdal/lib/gssapi/test_cred.c index 5ecc89f360f..23428050d1e 100644 --- a/crypto/heimdal/lib/gssapi/test_cred.c +++ b/crypto/heimdal/lib/gssapi/test_cred.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -35,17 +35,17 @@ #include #endif +#include #include #include #include #include #include +#include +#include #include -#include #include -RCSID("$Id: test_cred.c 17750 2006-06-30 11:55:28Z lha $"); - static void gss_print_errors (int min_stat) { @@ -62,7 +62,8 @@ gss_print_errors (int min_stat) &msg_ctx, &status_string); if (!GSS_ERROR(ret)) { - fprintf (stderr, "%s\n", (char *)status_string.value); + fprintf (stderr, "%.*s\n", (int)status_string.length, + (char *)status_string.value); gss_release_buffer (&new_stat, &status_string); } } while (!GSS_ERROR(ret) && msg_ctx != 0); @@ -96,12 +97,12 @@ acquire_release_loop(gss_name_t name, int counter, gss_cred_usage_t usage) NULL, NULL); if (maj_stat != GSS_S_COMPLETE) - gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE", + gss_err(1, min_stat, "aquire %d %d != GSS_S_COMPLETE", i, (int)maj_stat); - + maj_stat = gss_release_cred(&min_stat, &cred); if (maj_stat != GSS_S_COMPLETE) - gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE", + gss_err(1, min_stat, "release %d %d != GSS_S_COMPLETE", i, (int)maj_stat); } } @@ -122,7 +123,7 @@ acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage) NULL); if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "aquire %d != GSS_S_COMPLETE", (int)maj_stat); - + maj_stat = gss_add_cred(&min_stat, cred, GSS_C_NO_NAME, @@ -134,7 +135,7 @@ acquire_add_release_add(gss_name_t name, gss_cred_usage_t usage) NULL, NULL, NULL); - + if (maj_stat != GSS_S_COMPLETE) gss_err(1, min_stat, "add_cred %d != GSS_S_COMPLETE", (int)maj_stat); @@ -191,7 +192,7 @@ main(int argc, char **argv) setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/lib/gssapi/test_kcred.c b/crypto/heimdal/lib/gssapi/test_kcred.c index b774b0431ff..a22d4ec9b8b 100644 --- a/crypto/heimdal/lib/gssapi/test_kcred.c +++ b/crypto/heimdal/lib/gssapi/test_kcred.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -35,18 +35,18 @@ #include #endif +#include #include #include #include #include #include +#include +#include #include #include -#include #include -RCSID("$Id: test_kcred.c 20694 2007-05-30 13:58:46Z lha $"); - static int version_flag = 0; static int help_flag = 0; @@ -79,9 +79,9 @@ copy_import(void) if (ret) errx(1, "krb5_init_context"); - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); if (ret) - krb5_err(context, 1, ret, "krb5_cc_gen_new"); + krb5_err(context, 1, ret, "krb5_cc_new_unique"); maj_stat = gss_krb5_copy_ccache(&min_stat, cred1, id); if (maj_stat != GSS_S_COMPLETE) @@ -101,7 +101,7 @@ copy_import(void) errx(1, "gss_compare_name"); if (!equal) errx(1, "names not equal"); - + if (lifetime1 != lifetime2) errx(1, "lifetime not equal %lu != %lu", (unsigned long)lifetime1, (unsigned long)lifetime2); @@ -125,7 +125,7 @@ copy_import(void) errx(1, "gss_compare_name"); if (!equal) errx(1, "names not equal"); - + if (lifetime1 != lifetime2) errx(1, "lifetime not equal %lu != %lu", (unsigned long)lifetime1, (unsigned long)lifetime2); @@ -168,7 +168,7 @@ main(int argc, char **argv) setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/lib/gssapi/test_names.c b/crypto/heimdal/lib/gssapi/test_names.c index abc47690b00..65466115395 100644 --- a/crypto/heimdal/lib/gssapi/test_names.c +++ b/crypto/heimdal/lib/gssapi/test_names.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -35,17 +35,17 @@ #include #endif +#include #include #include #include #include #include +#include +#include #include -#include #include -RCSID("$Id: test_names.c 17856 2006-07-20 05:13:25Z lha $"); - static void gss_print_errors (int min_stat) { @@ -62,7 +62,8 @@ gss_print_errors (int min_stat) &msg_ctx, &status_string); if (!GSS_ERROR(ret)) { - fprintf (stderr, "%s\n", (char *)status_string.value); + fprintf (stderr, "%.*s\n", (int)status_string.length, + (char *)status_string.value); gss_release_buffer (&new_stat, &status_string); } } while (!GSS_ERROR(ret) && msg_ctx != 0); @@ -110,7 +111,7 @@ main(int argc, char **argv) setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -122,12 +123,15 @@ main(int argc, char **argv) argc -= optidx; argv += optidx; + gsskrb5_set_default_realm("MIT.EDU"); + /* * test import/export */ + str = NULL; len = asprintf(&str, "ftp@freeze-arrow.mit.edu"); - if (len == -1) + if (len < 0 || str == NULL) errx(1, "asprintf"); name_buffer.value = str; @@ -180,8 +184,9 @@ main(int argc, char **argv) * Dovecot SASL lib does this. */ + str = NULL; len = asprintf(&str, "lha"); - if (len == -1) + if (len < 0 || str == NULL) errx(1, "asprintf"); name_buffer.value = str; diff --git a/crypto/heimdal/lib/gssapi/test_ntlm.c b/crypto/heimdal/lib/gssapi/test_ntlm.c index 9bd0d1ee1cf..9b289c27bd3 100644 --- a/crypto/heimdal/lib/gssapi/test_ntlm.c +++ b/crypto/heimdal/lib/gssapi/test_ntlm.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,22 +33,20 @@ #include "config.h" +#include #include #include #include -#include #include #include "test_common.h" -RCSID("$Id: test_ntlm.c 22423 2008-01-13 09:45:03Z lha $"); - #include #include static int test_libntlm_v1(int flags) { - const char *user = "foo", + const char *user = "foo", *domain = "mydomain", *password = "digestpassword"; OM_uint32 maj_stat, min_stat; @@ -60,7 +58,7 @@ test_libntlm_v1(int flags) struct ntlm_buf data; krb5_error_code ret; gss_name_t src_name = GSS_C_NO_NAME; - + memset(&type1, 0, sizeof(type1)); memset(&type2, 0, sizeof(type2)); memset(&type3, 0, sizeof(type3)); @@ -120,7 +118,7 @@ test_libntlm_v1(int flags) heim_ntlm_nt_key(password, &key); heim_ntlm_calculate_ntlm1(key.data, key.length, - type2.challange, + type2.challenge, &type3.ntlm); if (flags & NTLM_NEG_KEYEX) { @@ -175,7 +173,7 @@ test_libntlm_v1(int flags) static int test_libntlm_v2(int flags) { - const char *user = "foo", + const char *user = "foo", *domain = "mydomain", *password = "digestpassword"; OM_uint32 maj_stat, min_stat; @@ -186,7 +184,7 @@ test_libntlm_v2(int flags) struct ntlm_type3 type3; struct ntlm_buf data; krb5_error_code ret; - + memset(&type1, 0, sizeof(type1)); memset(&type2, 0, sizeof(type2)); memset(&type3, 0, sizeof(type3)); @@ -247,7 +245,7 @@ test_libntlm_v2(int flags) heim_ntlm_calculate_ntlm2(key.data, key.length, user, type2.targetname, - type2.challange, + type2.challenge, &type2.targetinfo, ntlmv2, &type3.ntlm); @@ -317,7 +315,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/lib/gssapi/test_oid.c b/crypto/heimdal/lib/gssapi/test_oid.c index 3beb30cb0a2..db5b7f7d11b 100644 --- a/crypto/heimdal/lib/gssapi/test_oid.c +++ b/crypto/heimdal/lib/gssapi/test_oid.c @@ -1,46 +1,46 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include #endif +#include #include #include +#include +#include #include -#include - -RCSID("$Id: test_oid.c 20488 2007-04-21 06:29:11Z lha $"); int main(int argc, char **argv) @@ -53,7 +53,7 @@ main(int argc, char **argv) if (GSS_ERROR(maj_stat)) errx(1, "gss_oid_to_str failed"); - ret = strcmp(data.value, "1 2 840 113554 1 2 2"); + ret = strncmp(data.value, "1 2 840 113554 1 2 2", data.length); gss_release_buffer(&maj_stat, &data); if (ret) return 1; @@ -62,7 +62,7 @@ main(int argc, char **argv) if (GSS_ERROR(maj_stat)) errx(1, "gss_oid_to_str failed"); - ret = strcmp(data.value, "1 3 6 1 5 6 4"); + ret = strncmp(data.value, "1 3 6 1 5 6 4", data.length); gss_release_buffer(&maj_stat, &data); if (ret) return 1; diff --git a/crypto/heimdal/lib/gssapi/version-script.map b/crypto/heimdal/lib/gssapi/version-script.map index 43ea73fdb09..bcb79bf8f76 100644 --- a/crypto/heimdal/lib/gssapi/version-script.map +++ b/crypto/heimdal/lib/gssapi/version-script.map @@ -1,96 +1,195 @@ -# $Id: version-script.map 20493 2007-04-21 07:56:20Z lha $ +# $Id$ -HEIMDAL_GSS_1.0 { +HEIMDAL_GSS_2.0 { global: - GSS_KRB5_MECHANISM; - GSS_NTLM_MECHANISM; - GSS_SPNEGO_MECHANISM; - GSS_SASL_DIGEST_MD5_MECHANISM; - GSS_C_NT_ANONYMOUS; - GSS_C_NT_EXPORT_NAME; - GSS_C_NT_HOSTBASED_SERVICE; - GSS_C_NT_HOSTBASED_SERVICE_X; - GSS_C_NT_MACHINE_UID_NAME; - GSS_C_NT_STRING_UID_NAME; - GSS_C_NT_USER_NAME; - GSS_KRB5_NT_PRINCIPAL_NAME; - GSS_KRB5_NT_USER_NAME; - GSS_KRB5_NT_MACHINE_UID_NAME; - GSS_KRB5_NT_STRING_UID_NAME; - gss_acquire_cred; - gss_release_cred; - gss_init_sec_context; +# __gss_c_nt_anonymous; + __gss_c_nt_anonymous_oid_desc; + __gss_c_nt_export_name_oid_desc; + __gss_c_nt_hostbased_service_oid_desc; + __gss_c_nt_hostbased_service_x_oid_desc; + __gss_c_nt_machine_uid_name_oid_desc; + __gss_c_nt_string_uid_name_oid_desc; + __gss_c_nt_user_name_oid_desc; + __gss_krb5_nt_principal_name_oid_desc; + __gss_c_attr_stream_sizes_oid_desc; + __gss_c_cred_password_oid_desc; + __gss_c_cred_certificate_oid_desc; + __gss_c_attr_local_login_user; gss_accept_sec_context; - gss_process_context_token; - gss_delete_sec_context; - gss_context_time; - gss_get_mic; - gss_verify_mic; - gss_wrap; - gss_unwrap; - gss_display_status; - gss_indicate_mechs; - gss_compare_name; - gss_display_name; - gss_import_name; - gss_export_name; - gss_release_name; - gss_release_buffer; - gss_release_oid_set; - gss_inquire_cred; - gss_inquire_context; - gss_wrap_size_limit; + gss_acquire_cred; + gss_acquire_cred_with_password; + gss_add_buffer_set_member; gss_add_cred; - gss_inquire_cred_by_mech; - gss_export_sec_context; - gss_import_sec_context; - gss_create_empty_oid_set; + gss_add_cred_with_password; gss_add_oid_set_member; - gss_test_oid_set_member; - gss_inquire_names_for_mech; - gss_inquire_mechs_for_name; + gss_authorize_localname; gss_canonicalize_name; + gss_compare_name; + gss_context_query_attributes; + gss_context_time; + gss_create_empty_buffer_set; + gss_create_empty_oid_set; + gss_decapsulate_token; + gss_delete_name_attribute; + gss_delete_sec_context; + gss_display_name; + gss_display_name_ext; + gss_display_status; gss_duplicate_name; gss_duplicate_oid; - gss_release_oid; - gss_oid_to_str; - gss_inquire_sec_context_by_oid; - gss_set_sec_context_option; - gss_set_cred_option; - gss_oid_equal; - gss_create_empty_buffer_set; - gss_add_buffer_set_member; - gss_release_buffer_set; - gss_inquire_cred_by_oid; - gss_pseudo_random; - gss_sign; - gss_verify; - gss_seal; - gss_unseal; - gss_inquire_sec_context_by_oid; gss_encapsulate_token; - gss_decapsulate_token; + gss_export_cred; + gss_export_name; + gss_export_name_composite; + gss_export_sec_context; + gss_get_mic; + gss_get_name_attribute; + gss_import_cred; + gss_import_name; + gss_import_sec_context; + gss_indicate_mechs; + gss_init_sec_context; + gss_inquire_context; + gss_inquire_cred; + gss_inquire_cred_by_mech; + gss_inquire_cred_by_oid; + gss_inquire_mechs_for_name; + gss_inquire_name; + gss_inquire_names_for_mech; + gss_inquire_sec_context_by_oid; + gss_inquire_sec_context_by_oid; gss_krb5_ccache_name; - gsskrb5_register_acceptor_identity; gss_krb5_copy_ccache; - gss_krb5_import_cred; + gss_krb5_export_lucid_sec_context; + gss_krb5_free_lucid_sec_context; gss_krb5_get_tkt_flags; - gsskrb5_extract_authz_data_from_sec_context; - gsskrb5_set_dns_canonicalize; - gsskrb5_set_send_to_kdc; - gsskrb5_set_default_realm; + gss_krb5_import_cred; + gss_krb5_set_allowable_enctypes; + gss_mg_collect_error; + gss_oid_equal; + gss_oid_to_str; + gss_pname_to_uid; + gss_process_context_token; + gss_pseudo_random; + gss_release_buffer; + gss_release_buffer_set; + gss_release_cred; + gss_release_iov_buffer; + gss_release_name; + gss_release_oid; + gss_release_oid_set; + gss_seal; + gss_set_cred_option; + gss_set_name_attribute; + gss_set_sec_context_option; + gss_sign; + gss_store_cred; + gss_test_oid_set_member; + gss_unseal; + gss_unwrap; + gss_unwrap_iov; + gss_userok; + gss_verify; + gss_verify_mic; + gss_wrap; + gss_wrap_iov; + gss_wrap_iov_length; + gss_wrap_size_limit; gsskrb5_extract_authtime_from_sec_context; + gsskrb5_extract_authz_data_from_sec_context; gsskrb5_extract_service_keyblock; gsskrb5_get_initiator_subkey; gsskrb5_get_subkey; - gss_krb5_export_lucid_sec_context; - gss_krb5_free_lucid_sec_context; - gss_krb5_set_allowable_enctypes; + gsskrb5_get_time_offset; + gsskrb5_register_acceptor_identity; + gsskrb5_set_default_realm; + gsskrb5_set_dns_canonicalize; + gsskrb5_set_send_to_kdc; + gsskrb5_set_time_offset; + krb5_gss_register_acceptor_identity; + gss_display_mech_attr; + gss_inquire_attrs_for_mech; + gss_indicate_mechs_by_attrs; + gss_inquire_mech_for_saslname; + gss_inquire_saslname_for_mech; + gss_mo_get; + gss_mo_set; + gss_mo_list; + gss_mo_name; + gss_name_to_oid; + gss_oid_to_name; # _gsskrb5cfx_ are really internal symbols, but export # then now to make testing easier. - _gsskrb5cfx_max_wrap_length_cfx; _gsskrb5cfx_wrap_length_cfx; + _gssapi_wrap_size_cfx; + + __gss_krb5_copy_ccache_x_oid_desc; + __gss_krb5_get_tkt_flags_x_oid_desc; + __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; + __gss_krb5_compat_des3_mic_x_oid_desc; + __gss_krb5_register_acceptor_identity_x_oid_desc; + __gss_krb5_export_lucid_context_x_oid_desc; + __gss_krb5_export_lucid_context_v1_x_oid_desc; + __gss_krb5_set_dns_canonicalize_x_oid_desc; + __gss_krb5_get_subkey_x_oid_desc; + __gss_krb5_get_initiator_subkey_x_oid_desc; + __gss_krb5_get_acceptor_subkey_x_oid_desc; + __gss_krb5_send_to_kdc_x_oid_desc; + __gss_krb5_get_authtime_x_oid_desc; + __gss_krb5_get_service_keyblock_x_oid_desc; + __gss_krb5_set_allowable_enctypes_x_oid_desc; + __gss_krb5_set_default_realm_x_oid_desc; + __gss_krb5_ccache_name_x_oid_desc; + __gss_krb5_set_time_offset_x_oid_desc; + __gss_krb5_get_time_offset_x_oid_desc; + __gss_krb5_plugin_register_x_oid_desc; + __gss_ntlm_get_session_key_x_oid_desc; + __gss_c_nt_ntlm_oid_desc; + __gss_c_nt_dn_oid_desc; + __gss_krb5_nt_principal_name_referral_oid_desc; + __gss_c_ntlm_avguest_oid_desc; + __gss_c_ntlm_v1_oid_desc; + __gss_c_ntlm_v2_oid_desc; + __gss_c_ntlm_session_key_oid_desc; + __gss_c_ntlm_force_v1_oid_desc; + __gss_krb5_cred_no_ci_flags_x_oid_desc; + __gss_krb5_import_cred_x_oid_desc; + __gss_c_ma_sasl_mech_name_oid_desc; + __gss_c_ma_mech_name_oid_desc; + __gss_c_ma_mech_description_oid_desc; + __gss_sasl_digest_md5_mechanism_oid_desc; + __gss_krb5_mechanism_oid_desc; + __gss_ntlm_mechanism_oid_desc; + __gss_spnego_mechanism_oid_desc; + __gss_c_peer_has_updated_spnego_oid_desc; + __gss_c_ma_mech_concrete_oid_desc; + __gss_c_ma_mech_pseudo_oid_desc; + __gss_c_ma_mech_composite_oid_desc; + __gss_c_ma_mech_nego_oid_desc; + __gss_c_ma_mech_glue_oid_desc; + __gss_c_ma_not_mech_oid_desc; + __gss_c_ma_deprecated_oid_desc; + __gss_c_ma_not_dflt_mech_oid_desc; + __gss_c_ma_itok_framed_oid_desc; + __gss_c_ma_auth_init_oid_desc; + __gss_c_ma_auth_targ_oid_desc; + __gss_c_ma_auth_init_init_oid_desc; + __gss_c_ma_auth_targ_init_oid_desc; + __gss_c_ma_auth_init_anon_oid_desc; + __gss_c_ma_auth_targ_anon_oid_desc; + __gss_c_ma_deleg_cred_oid_desc; + __gss_c_ma_integ_prot_oid_desc; + __gss_c_ma_conf_prot_oid_desc; + __gss_c_ma_mic_oid_desc; + __gss_c_ma_wrap_oid_desc; + __gss_c_ma_prot_ready_oid_desc; + __gss_c_ma_replay_det_oid_desc; + __gss_c_ma_oos_det_oid_desc; + __gss_c_ma_cbindings_oid_desc; + __gss_c_ma_pfs_oid_desc; + __gss_c_ma_compress_oid_desc; + __gss_c_ma_ctx_trans_oid_desc; local: *; diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am index f66cd06fec0..b629f56258d 100644 --- a/crypto/heimdal/lib/hdb/Makefile.am +++ b/crypto/heimdal/lib/hdb/Makefile.am @@ -1,8 +1,15 @@ -# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_hcrypto) +AM_CPPFLAGS += $(INCLUDE_openldap) -DHDB_DB_DIR=\"$(DIR_hdbdir)\" +AM_CPPFLAGS += -I$(srcdir)/../krb5 +AM_CPPFLAGS += $(INCLUDE_sqlite3) +AM_CPPFLAGS += $(INCLUDE_libintl) +if HAVE_DBHEADER +AM_CPPFLAGS += -I$(DBHEADER) +endif BUILT_SOURCES = \ $(gen_files_hdb:.x=.c) \ @@ -16,6 +23,7 @@ gen_files_hdb = \ asn1_HDBFlags.x \ asn1_GENERATION.x \ asn1_HDB_Ext_PKINIT_acl.x \ + asn1_HDB_Ext_PKINIT_cert.x \ asn1_HDB_Ext_PKINIT_hash.x \ asn1_HDB_Ext_Constrained_delegation_acl.x \ asn1_HDB_Ext_Lan_Manager_OWF.x \ @@ -24,27 +32,33 @@ gen_files_hdb = \ asn1_HDB_extension.x \ asn1_HDB_extensions.x \ asn1_hdb_entry.x \ - asn1_hdb_entry_alias.x + asn1_hdb_entry_alias.x \ + asn1_hdb_keyset.x -CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files +CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) \ + hdb_asn1{,-priv}.h* hdb_asn1_files hdb_asn1-template.c* LDADD = libhdb.la \ $(LIB_openldap) \ + $(LIB_libintl) \ ../krb5/libkrb5.la \ ../asn1/libasn1.la \ $(LIB_hcrypto) \ $(LIB_roken) \ $(LIB_ldopen) + if OPENLDAP_MODULE ldap_so = hdb_ldap.la hdb_ldap_la_SOURCES = hdb-ldap.c -hdb_ldap_la_LDFLAGS = -module +hdb_ldap_la_LDFLAGS = -module -avoid-version +hdb_ldap_la_LIBADD = $(LIB_openldap) libhdb.la else ldap = hdb-ldap.c +ldap_lib = $(LIB_openldap) endif @@ -52,7 +66,11 @@ endif lib_LTLIBRARIES = libhdb.la $(ldap_so) libhdb_la_LDFLAGS = -version-info 11:0:2 -noinst_PROGRAMS = test_dbinfo +if versionscript +libhdb_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif + +noinst_PROGRAMS = test_dbinfo test_hdbkeys test_mkey dist_libhdb_la_SOURCES = \ common.c \ @@ -61,6 +79,9 @@ dist_libhdb_la_SOURCES = \ ext.c \ $(ldap) \ hdb.c \ + hdb-sqlite.c \ + hdb-keytab.c \ + hdb-mitdb.c \ hdb_locl.h \ hdb-private.h \ keys.c \ @@ -72,24 +93,24 @@ dist_libhdb_la_SOURCES = \ nodist_libhdb_la_SOURCES = $(BUILT_SOURCES) -AM_CPPFLAGS += $(INCLUDE_openldap) +libhdb_la_DEPENDENCIES = version-script.map include_HEADERS = hdb.h hdb-protos.h nodist_include_HEADERS = hdb_err.h hdb_asn1.h -libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\" - libhdb_la_LIBADD = \ $(LIB_com_err) \ ../krb5/libkrb5.la \ ../asn1/libasn1.la \ + $(LIB_sqlite3) \ $(LIBADD_roken) \ - $(LIB_openldap) \ + $(ldap_lib) \ $(LIB_dlopen) \ $(DBLIB) \ $(LIB_NDBM) $(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h +$(libhdb_la_OBJECTS): hdb_asn1.h hdb_asn1-priv.h hdb_err.h $(srcdir)/hdb-protos.h: cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h @@ -97,19 +118,27 @@ $(srcdir)/hdb-protos.h: $(srcdir)/hdb-private.h: cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h -$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files +$(gen_files_hdb) hdb_asn1.hx hdb_asn1-priv.hx: hdb_asn1_files -hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1 - -$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h - -test_dbinfo_SOURCES = test_dbinfo.c +hdb_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/hdb.asn1 + $(ASN1_COMPILE) $(srcdir)/hdb.asn1 hdb_asn1 test_dbinfo_LIBS = libhdb.la +test_hdbkeys_LIBS = ../krb5/libkrb5.la libhdb.la +test_mkey_LIBS = $(test_hdbkeys_LIBS) + # to help stupid solaris make hdb_err.h: hdb_err.et -EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema +EXTRA_DIST = \ + NTMakefile \ + libhdb-version.rc \ + libhdb-exports.def \ + hdb.asn1 \ + hdb_err.et \ + hdb.schema \ + version-script.map \ + data-mkey.mit.des3.le \ + data-mkey.mit.des3.be diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in index cb0f9169c42..9fcd77000c4 100644 --- a/crypto/heimdal/lib/hdb/Makefile.in +++ b/crypto/heimdal/lib/hdb/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -43,11 +45,14 @@ host_triplet = @host@ DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common -noinst_PROGRAMS = test_dbinfo$(EXEEXT) +@HAVE_DBHEADER_TRUE@am__append_1 = -I$(DBHEADER) +@versionscript_TRUE@am__append_2 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +noinst_PROGRAMS = test_dbinfo$(EXEEXT) test_hdbkeys$(EXEEXT) \ + test_mkey$(EXEEXT) subdir = lib/hdb ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -62,7 +67,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -76,9 +81,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -86,23 +94,40 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \ "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) -hdb_ldap_la_LIBADD = +am__DEPENDENCIES_1 = +@OPENLDAP_MODULE_TRUE@hdb_ldap_la_DEPENDENCIES = \ +@OPENLDAP_MODULE_TRUE@ $(am__DEPENDENCIES_1) libhdb.la am__hdb_ldap_la_SOURCES_DIST = hdb-ldap.c @OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_OBJECTS = hdb-ldap.lo hdb_ldap_la_OBJECTS = $(am_hdb_ldap_la_OBJECTS) @@ -110,33 +135,24 @@ hdb_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(hdb_ldap_la_LDFLAGS) $(LDFLAGS) -o $@ @OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_rpath = -rpath $(libdir) -am__DEPENDENCIES_1 = -libhdb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \ - ../asn1/libasn1.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) +@OPENLDAP_MODULE_FALSE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) am__dist_libhdb_la_SOURCES_DIST = common.c db.c db3.c ext.c hdb-ldap.c \ - hdb.c hdb_locl.h hdb-private.h keys.c keytab.c dbinfo.c mkey.c \ - ndbm.c print.c -@OPENLDAP_MODULE_FALSE@am__objects_1 = libhdb_la-hdb-ldap.lo -dist_libhdb_la_OBJECTS = libhdb_la-common.lo libhdb_la-db.lo \ - libhdb_la-db3.lo libhdb_la-ext.lo $(am__objects_1) \ - libhdb_la-hdb.lo libhdb_la-keys.lo libhdb_la-keytab.lo \ - libhdb_la-dbinfo.lo libhdb_la-mkey.lo libhdb_la-ndbm.lo \ - libhdb_la-print.lo -am__objects_2 = libhdb_la-asn1_Salt.lo libhdb_la-asn1_Key.lo \ - libhdb_la-asn1_Event.lo libhdb_la-asn1_HDBFlags.lo \ - libhdb_la-asn1_GENERATION.lo \ - libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo \ - libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo \ - libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo \ - libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo \ - libhdb_la-asn1_HDB_Ext_Password.lo \ - libhdb_la-asn1_HDB_Ext_Aliases.lo \ - libhdb_la-asn1_HDB_extension.lo \ - libhdb_la-asn1_HDB_extensions.lo libhdb_la-asn1_hdb_entry.lo \ - libhdb_la-asn1_hdb_entry_alias.lo -am__objects_3 = $(am__objects_2) libhdb_la-hdb_err.lo + hdb.c hdb-sqlite.c hdb-keytab.c hdb-mitdb.c hdb_locl.h \ + hdb-private.h keys.c keytab.c dbinfo.c mkey.c ndbm.c print.c +@OPENLDAP_MODULE_FALSE@am__objects_1 = hdb-ldap.lo +dist_libhdb_la_OBJECTS = common.lo db.lo db3.lo ext.lo \ + $(am__objects_1) hdb.lo hdb-sqlite.lo hdb-keytab.lo \ + hdb-mitdb.lo keys.lo keytab.lo dbinfo.lo mkey.lo ndbm.lo \ + print.lo +am__objects_2 = asn1_Salt.lo asn1_Key.lo asn1_Event.lo \ + asn1_HDBFlags.lo asn1_GENERATION.lo asn1_HDB_Ext_PKINIT_acl.lo \ + asn1_HDB_Ext_PKINIT_cert.lo asn1_HDB_Ext_PKINIT_hash.lo \ + asn1_HDB_Ext_Constrained_delegation_acl.lo \ + asn1_HDB_Ext_Lan_Manager_OWF.lo asn1_HDB_Ext_Password.lo \ + asn1_HDB_Ext_Aliases.lo asn1_HDB_extension.lo \ + asn1_HDB_extensions.lo asn1_hdb_entry.lo \ + asn1_hdb_entry_alias.lo asn1_hdb_keyset.lo +am__objects_3 = $(am__objects_2) hdb_err.lo nodist_libhdb_la_OBJECTS = $(am__objects_3) libhdb_la_OBJECTS = $(dist_libhdb_la_OBJECTS) \ $(nodist_libhdb_la_OBJECTS) @@ -144,15 +160,27 @@ libhdb_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libhdb_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(noinst_PROGRAMS) -am_test_dbinfo_OBJECTS = test_dbinfo.$(OBJEXT) -test_dbinfo_OBJECTS = $(am_test_dbinfo_OBJECTS) +test_dbinfo_SOURCES = test_dbinfo.c +test_dbinfo_OBJECTS = test_dbinfo.$(OBJEXT) test_dbinfo_LDADD = $(LDADD) test_dbinfo_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \ - ../krb5/libkrb5.la ../asn1/libasn1.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(am__DEPENDENCIES_1) ../krb5/libkrb5.la ../asn1/libasn1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +test_hdbkeys_SOURCES = test_hdbkeys.c +test_hdbkeys_OBJECTS = test_hdbkeys.$(OBJEXT) +test_hdbkeys_LDADD = $(LDADD) +test_hdbkeys_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) ../krb5/libkrb5.la ../asn1/libasn1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +test_mkey_SOURCES = test_mkey.c +test_mkey_OBJECTS = test_mkey.$(OBJEXT) +test_mkey_LDADD = $(LDADD) +test_mkey_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) ../krb5/libkrb5.la ../asn1/libasn1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -163,11 +191,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(hdb_ldap_la_SOURCES) $(dist_libhdb_la_SOURCES) \ - $(nodist_libhdb_la_SOURCES) $(test_dbinfo_SOURCES) + $(nodist_libhdb_la_SOURCES) test_dbinfo.c test_hdbkeys.c \ + test_mkey.c DIST_SOURCES = $(am__hdb_ldap_la_SOURCES_DIST) \ - $(am__dist_libhdb_la_SOURCES_DIST) $(test_dbinfo_SOURCES) -includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) + $(am__dist_libhdb_la_SOURCES_DIST) test_dbinfo.c \ + test_hdbkeys.c test_mkey.c HEADERS = $(include_HEADERS) $(nodist_include_HEADERS) ETAGS = etags CTAGS = ctags @@ -176,49 +204,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -242,10 +279,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -262,6 +300,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -277,31 +317,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -316,10 +370,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -360,30 +416,37 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 \ - -I$(srcdir)/../asn1 $(INCLUDE_hcrypto) $(INCLUDE_openldap) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) -I../asn1 -I$(srcdir)/../asn1 \ + $(INCLUDE_hcrypto) $(INCLUDE_openldap) \ + -DHDB_DB_DIR=\"$(DIR_hdbdir)\" -I$(srcdir)/../krb5 \ + $(INCLUDE_sqlite3) $(INCLUDE_libintl) $(am__append_1) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la BUILT_SOURCES = \ $(gen_files_hdb:.x=.c) \ @@ -397,6 +460,7 @@ gen_files_hdb = \ asn1_HDBFlags.x \ asn1_GENERATION.x \ asn1_HDB_Ext_PKINIT_acl.x \ + asn1_HDB_Ext_PKINIT_cert.x \ asn1_HDB_Ext_PKINIT_hash.x \ asn1_HDB_Ext_Constrained_delegation_acl.x \ asn1_HDB_Ext_Lan_Manager_OWF.x \ @@ -405,11 +469,15 @@ gen_files_hdb = \ asn1_HDB_extension.x \ asn1_HDB_extensions.x \ asn1_hdb_entry.x \ - asn1_hdb_entry_alias.x + asn1_hdb_entry_alias.x \ + asn1_hdb_keyset.x + +CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) \ + hdb_asn1{,-priv}.h* hdb_asn1_files hdb_asn1-template.c* -CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files LDADD = libhdb.la \ $(LIB_openldap) \ + $(LIB_libintl) \ ../krb5/libkrb5.la \ ../asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -418,10 +486,12 @@ LDADD = libhdb.la \ @OPENLDAP_MODULE_TRUE@ldap_so = hdb_ldap.la @OPENLDAP_MODULE_TRUE@hdb_ldap_la_SOURCES = hdb-ldap.c -@OPENLDAP_MODULE_TRUE@hdb_ldap_la_LDFLAGS = -module +@OPENLDAP_MODULE_TRUE@hdb_ldap_la_LDFLAGS = -module -avoid-version +@OPENLDAP_MODULE_TRUE@hdb_ldap_la_LIBADD = $(LIB_openldap) libhdb.la @OPENLDAP_MODULE_FALSE@ldap = hdb-ldap.c +@OPENLDAP_MODULE_FALSE@ldap_lib = $(LIB_openldap) lib_LTLIBRARIES = libhdb.la $(ldap_so) -libhdb_la_LDFLAGS = -version-info 11:0:2 +libhdb_la_LDFLAGS = -version-info 11:0:2 $(am__append_2) dist_libhdb_la_SOURCES = \ common.c \ db.c \ @@ -429,6 +499,9 @@ dist_libhdb_la_SOURCES = \ ext.c \ $(ldap) \ hdb.c \ + hdb-sqlite.c \ + hdb-keytab.c \ + hdb-mitdb.c \ hdb_locl.h \ hdb-private.h \ keys.c \ @@ -439,39 +512,51 @@ dist_libhdb_la_SOURCES = \ print.c nodist_libhdb_la_SOURCES = $(BUILT_SOURCES) +libhdb_la_DEPENDENCIES = version-script.map include_HEADERS = hdb.h hdb-protos.h nodist_include_HEADERS = hdb_err.h hdb_asn1.h -libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\" libhdb_la_LIBADD = \ $(LIB_com_err) \ ../krb5/libkrb5.la \ ../asn1/libasn1.la \ + $(LIB_sqlite3) \ $(LIBADD_roken) \ - $(LIB_openldap) \ + $(ldap_lib) \ $(LIB_dlopen) \ $(DBLIB) \ $(LIB_NDBM) -test_dbinfo_SOURCES = test_dbinfo.c test_dbinfo_LIBS = libhdb.la -EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema +test_hdbkeys_LIBS = ../krb5/libkrb5.la libhdb.la +test_mkey_LIBS = $(test_hdbkeys_LIBS) +EXTRA_DIST = \ + NTMakefile \ + libhdb-version.rc \ + libhdb-exports.def \ + hdb.asn1 \ + hdb_err.et \ + hdb.schema \ + version-script.map \ + data-mkey.mit.des3.le \ + data-mkey.mit.des3.be + all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/hdb/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/hdb/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/hdb/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/hdb/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -489,23 +574,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -522,14 +612,22 @@ libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES) $(libhdb_la_LINK) -rpath $(libdir) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list test_dbinfo$(EXEEXT): $(test_dbinfo_OBJECTS) $(test_dbinfo_DEPENDENCIES) @rm -f test_dbinfo$(EXEEXT) $(LINK) $(test_dbinfo_OBJECTS) $(test_dbinfo_LDADD) $(LIBS) +test_hdbkeys$(EXEEXT): $(test_hdbkeys_OBJECTS) $(test_hdbkeys_DEPENDENCIES) + @rm -f test_hdbkeys$(EXEEXT) + $(LINK) $(test_hdbkeys_OBJECTS) $(test_hdbkeys_LDADD) $(LIBS) +test_mkey$(EXEEXT): $(test_mkey_OBJECTS) $(test_mkey_DEPENDENCIES) + @rm -f test_mkey$(EXEEXT) + $(LINK) $(test_mkey_OBJECTS) $(test_mkey_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -537,98 +635,63 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_Event.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_GENERATION.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDBFlags.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_Aliases.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_Constrained_delegation_acl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_Lan_Manager_OWF.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_PKINIT_acl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_PKINIT_cert.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_PKINIT_hash.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_Ext_Password.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_extension.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_HDB_extensions.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_Key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_Salt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_hdb_entry.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_hdb_entry_alias.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_hdb_keyset.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dbinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hdb-keytab.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hdb-ldap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hdb-mitdb.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hdb-sqlite.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hdb.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hdb_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keytab.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ndbm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/print.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_dbinfo.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_hdbkeys.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_mkey.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< - -libhdb_la-common.lo: common.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-common.lo `test -f 'common.c' || echo '$(srcdir)/'`common.c - -libhdb_la-db.lo: db.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c - -libhdb_la-db3.lo: db3.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db3.lo `test -f 'db3.c' || echo '$(srcdir)/'`db3.c - -libhdb_la-ext.lo: ext.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ext.lo `test -f 'ext.c' || echo '$(srcdir)/'`ext.c - -libhdb_la-hdb-ldap.lo: hdb-ldap.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb-ldap.lo `test -f 'hdb-ldap.c' || echo '$(srcdir)/'`hdb-ldap.c - -libhdb_la-hdb.lo: hdb.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb.lo `test -f 'hdb.c' || echo '$(srcdir)/'`hdb.c - -libhdb_la-keys.lo: keys.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keys.lo `test -f 'keys.c' || echo '$(srcdir)/'`keys.c - -libhdb_la-keytab.lo: keytab.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c - -libhdb_la-dbinfo.lo: dbinfo.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-dbinfo.lo `test -f 'dbinfo.c' || echo '$(srcdir)/'`dbinfo.c - -libhdb_la-mkey.lo: mkey.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-mkey.lo `test -f 'mkey.c' || echo '$(srcdir)/'`mkey.c - -libhdb_la-ndbm.lo: ndbm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ndbm.lo `test -f 'ndbm.c' || echo '$(srcdir)/'`ndbm.c - -libhdb_la-print.lo: print.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c - -libhdb_la-asn1_Salt.lo: asn1_Salt.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Salt.lo `test -f 'asn1_Salt.c' || echo '$(srcdir)/'`asn1_Salt.c - -libhdb_la-asn1_Key.lo: asn1_Key.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Key.lo `test -f 'asn1_Key.c' || echo '$(srcdir)/'`asn1_Key.c - -libhdb_la-asn1_Event.lo: asn1_Event.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Event.lo `test -f 'asn1_Event.c' || echo '$(srcdir)/'`asn1_Event.c - -libhdb_la-asn1_HDBFlags.lo: asn1_HDBFlags.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDBFlags.lo `test -f 'asn1_HDBFlags.c' || echo '$(srcdir)/'`asn1_HDBFlags.c - -libhdb_la-asn1_GENERATION.lo: asn1_GENERATION.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_GENERATION.lo `test -f 'asn1_GENERATION.c' || echo '$(srcdir)/'`asn1_GENERATION.c - -libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo: asn1_HDB_Ext_PKINIT_acl.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo `test -f 'asn1_HDB_Ext_PKINIT_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_acl.c - -libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo: asn1_HDB_Ext_PKINIT_hash.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo `test -f 'asn1_HDB_Ext_PKINIT_hash.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_hash.c - -libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo: asn1_HDB_Ext_Constrained_delegation_acl.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo `test -f 'asn1_HDB_Ext_Constrained_delegation_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Constrained_delegation_acl.c - -libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo: asn1_HDB_Ext_Lan_Manager_OWF.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo `test -f 'asn1_HDB_Ext_Lan_Manager_OWF.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Lan_Manager_OWF.c - -libhdb_la-asn1_HDB_Ext_Password.lo: asn1_HDB_Ext_Password.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Password.lo `test -f 'asn1_HDB_Ext_Password.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Password.c - -libhdb_la-asn1_HDB_Ext_Aliases.lo: asn1_HDB_Ext_Aliases.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Aliases.lo `test -f 'asn1_HDB_Ext_Aliases.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Aliases.c - -libhdb_la-asn1_HDB_extension.lo: asn1_HDB_extension.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extension.lo `test -f 'asn1_HDB_extension.c' || echo '$(srcdir)/'`asn1_HDB_extension.c - -libhdb_la-asn1_HDB_extensions.lo: asn1_HDB_extensions.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extensions.lo `test -f 'asn1_HDB_extensions.c' || echo '$(srcdir)/'`asn1_HDB_extensions.c - -libhdb_la-asn1_hdb_entry.lo: asn1_hdb_entry.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry.lo `test -f 'asn1_hdb_entry.c' || echo '$(srcdir)/'`asn1_hdb_entry.c - -libhdb_la-asn1_hdb_entry_alias.lo: asn1_hdb_entry_alias.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry_alias.lo `test -f 'asn1_hdb_entry_alias.c' || echo '$(srcdir)/'`asn1_hdb_entry_alias.c - -libhdb_la-hdb_err.lo: hdb_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb_err.lo `test -f 'hdb_err.c' || echo '$(srcdir)/'`hdb_err.c +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -638,82 +701,92 @@ clean-libtool: install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -734,13 +807,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -778,6 +855,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -789,6 +867,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -799,6 +878,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -806,26 +887,35 @@ info-am: install-data-am: install-includeHEADERS install-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -846,9 +936,8 @@ uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ uninstall-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: all check check-am install install-am install-data-am \ + install-exec-am install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libLTLIBRARIES clean-libtool \ @@ -938,6 +1027,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1023,7 +1115,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1038,6 +1130,7 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) done $(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h +$(libhdb_la_OBJECTS): hdb_asn1.h hdb_asn1-priv.h hdb_err.h $(srcdir)/hdb-protos.h: cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h @@ -1045,16 +1138,15 @@ $(srcdir)/hdb-protos.h: $(srcdir)/hdb-private.h: cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h -$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files +$(gen_files_hdb) hdb_asn1.hx hdb_asn1-priv.hx: hdb_asn1_files -hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1 - -$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h +hdb_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/hdb.asn1 + $(ASN1_COMPILE) $(srcdir)/hdb.asn1 hdb_asn1 # to help stupid solaris make hdb_err.h: hdb_err.et + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c index 680b666564b..2715adf63dc 100644 --- a/crypto/heimdal/lib/hdb/common.c +++ b/crypto/heimdal/lib/hdb/common.c @@ -1,49 +1,47 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" -RCSID("$Id: common.c 20236 2007-02-16 23:52:29Z lha $"); - int hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key) { Principal new; - size_t len; + size_t len = 0; int ret; ret = copy_Principal(p, &new); - if(ret) + if(ret) return ret; new.name.name_type = 0; @@ -63,9 +61,9 @@ hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p) int hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value) { - size_t len; + size_t len = 0; int ret; - + ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret); if (ret == 0 && value->length != len) krb5_abortx(context, "internal asn.1 encoder error"); @@ -79,14 +77,14 @@ hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent) } int -hdb_entry_alias2value(krb5_context context, +hdb_entry_alias2value(krb5_context context, const hdb_entry_alias *alias, krb5_data *value) { - size_t len; + size_t len = 0; int ret; - - ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length, + + ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length, alias, &len, ret); if (ret == 0 && value->length != len) krb5_abortx(context, "internal asn.1 encoder error"); @@ -94,20 +92,39 @@ hdb_entry_alias2value(krb5_context context, } int -hdb_value2entry_alias(krb5_context context, krb5_data *value, +hdb_value2entry_alias(krb5_context context, krb5_data *value, hdb_entry_alias *ent) { return decode_hdb_entry_alias(value->data, value->length, ent, NULL); } krb5_error_code -_hdb_fetch(krb5_context context, HDB *db, krb5_const_principal principal, - unsigned flags, hdb_entry_ex *entry) +_hdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, + unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry) { + krb5_principal enterprise_principal = NULL; krb5_data key, value; + krb5_error_code ret; int code; + if (principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (principal->name.name_string.len != 1) { + ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, "malformed principal: " + "enterprise name with %d name components", + principal->name.name_string.len); + return ret; + } + ret = krb5_parse_name(context, principal->name.name_string.val[0], + &enterprise_principal); + if (ret) + return ret; + principal = enterprise_principal; + } + hdb_principal2key(context, principal, &key); + if (enterprise_principal) + krb5_free_principal(context, enterprise_principal); code = db->hdb__get(context, db, key, &value); krb5_data_free(&key); if(code) @@ -154,14 +171,14 @@ hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key) krb5_error_code code; hdb_entry oldentry; krb5_data value; - int i; + size_t i; code = db->hdb__get(context, db, *key, &value); if (code == HDB_ERR_NOENTRY) return 0; else if (code) return code; - + code = hdb_value2entry(context, &value, &oldentry); krb5_data_free(&value); if (code) @@ -188,22 +205,22 @@ hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key) } static krb5_error_code -hdb_add_aliases(krb5_context context, HDB *db, +hdb_add_aliases(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { const HDB_Ext_Aliases *aliases; krb5_error_code code; krb5_data key, value; - int i; - + size_t i; + code = hdb_entry_get_aliases(&entry->entry, &aliases); if (code || aliases == NULL) return code; - + for (i = 0; i < aliases->aliases.len; i++) { hdb_entry_alias entryalias; entryalias.principal = entry->entry.principal; - + hdb_principal2key(context, &aliases->aliases.val[i], &key); code = hdb_entry_alias2value(context, &entryalias, &value); if (code) { @@ -219,17 +236,64 @@ hdb_add_aliases(krb5_context context, HDB *db, return 0; } +static krb5_error_code +hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry) +{ + const HDB_Ext_Aliases *aliases; + int code; + size_t i; + + /* check if new aliases already is used */ + + code = hdb_entry_get_aliases(&entry->entry, &aliases); + if (code) + return code; + + for (i = 0; aliases && i < aliases->aliases.len; i++) { + hdb_entry_alias alias; + krb5_data akey, value; + + hdb_principal2key(context, &aliases->aliases.val[i], &akey); + code = db->hdb__get(context, db, akey, &value); + krb5_data_free(&akey); + if (code == HDB_ERR_NOENTRY) + continue; + else if (code) + return code; + + code = hdb_value2entry_alias(context, &value, &alias); + krb5_data_free(&value); + + if (code == ASN1_BAD_ID) + return HDB_ERR_EXISTS; + else if (code) + return code; + + code = krb5_principal_compare(context, alias.principal, + entry->entry.principal); + free_hdb_entry_alias(&alias); + if (code == 0) + return HDB_ERR_EXISTS; + } + return 0; +} + krb5_error_code _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) { krb5_data key, value; int code; + /* check if new aliases already is used */ + code = hdb_check_aliases(context, db, entry); + if (code) + return code; + if(entry->entry.generation == NULL) { struct timeval t; entry->entry.generation = malloc(sizeof(*entry->entry.generation)); if(entry->entry.generation == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } gettimeofday(&t, NULL); @@ -238,12 +302,12 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) entry->entry.generation->gen = 0; } else entry->entry.generation->gen++; - hdb_principal2key(context, entry->entry.principal, &key); + code = hdb_seal_keys(context, db, &entry->entry); - if (code) { - krb5_data_free(&key); + if (code) return code; - } + + hdb_principal2key(context, entry->entry.principal, &key); /* remove aliases */ code = hdb_remove_aliases(context, db, &key); diff --git a/crypto/heimdal/lib/hdb/db.c b/crypto/heimdal/lib/hdb/db.c index 870f0431cf3..69940edf89d 100644 --- a/crypto/heimdal/lib/hdb/db.c +++ b/crypto/heimdal/lib/hdb/db.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" -RCSID("$Id: db.c 20215 2007-02-09 21:59:53Z lha $"); - #if HAVE_DB1 #if defined(HAVE_DB_185_H) @@ -68,8 +66,8 @@ DB_lock(krb5_context context, HDB *db, int operation) DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); if(fd < 0) { - krb5_set_error_string(context, - "Can't lock database: %s", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't lock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; } return hdb_lock(fd, operation); @@ -81,8 +79,8 @@ DB_unlock(krb5_context context, HDB *db) DB *d = (DB*)db->hdb_db; int fd = (*d->fd)(d); if(fd < 0) { - krb5_set_error_string(context, - "Can't unlock database: %s", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't unlock database: %s", db->hdb_name); return HDB_ERR_CANT_LOCK_DB; } return hdb_unlock(fd); @@ -100,19 +98,19 @@ DB_seq(krb5_context context, HDB *db, code = db->hdb_lock(context, db, HDB_RLOCK); if(code == -1) { - krb5_set_error_string(context, "Database %s in use", db->hdb_name); + krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name); return HDB_ERR_DB_INUSE; } code = (*d->seq)(d, &key, &value, flag); db->hdb_unlock(context, db); /* XXX check value */ if(code == -1) { code = errno; - krb5_set_error_string(context, "Database %s seq error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s seq error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return HDB_ERR_NOENTRY; } @@ -131,8 +129,8 @@ DB_seq(krb5_context context, HDB *db, if (code == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); code = ENOMEM; + krb5_set_error_message(context, code, "malloc: out of memory"); hdb_free_entry (context, entry); } else { hdb_key2principal(context, &key_data, entry->entry.principal); @@ -168,7 +166,7 @@ DB_rename(krb5_context context, HDB *db, const char *new_name) free(new); if(ret) return errno; - + free(db->hdb_name); db->hdb_name = strdup(new_name); return 0; @@ -190,21 +188,21 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) db->hdb_unlock(context, db); if(code < 0) { code = errno; - krb5_set_error_string(context, "Database %s get error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s get error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return HDB_ERR_NOENTRY; } - + krb5_data_copy(reply, v.data, v.size); return 0; } static krb5_error_code -DB__put(krb5_context context, HDB *db, int replace, +DB__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { DB *d = (DB*)db->hdb_db; @@ -222,12 +220,12 @@ DB__put(krb5_context context, HDB *db, int replace, db->hdb_unlock(context, db); if(code < 0) { code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); return code; } if(code == 1) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return HDB_ERR_EXISTS; } return 0; @@ -248,8 +246,8 @@ DB__del(krb5_context context, HDB *db, krb5_data key) db->hdb_unlock(context, db); if(code == 1) { code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); return code; } if(code < 0) @@ -265,7 +263,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) asprintf(&fn, "%s.db", db->hdb_name); if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); @@ -275,7 +273,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); if(db->hdb_db == NULL) { ret = errno; - krb5_set_error_string(context, "dbopen (%s): %s", + krb5_set_error_message(context, ret, "dbopen (%s): %s", db->hdb_name, strerror(ret)); return ret; } @@ -284,42 +282,43 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) else ret = hdb_init_db(context, db); if(ret == HDB_ERR_NOENTRY) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return 0; } if (ret) { DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", db->hdb_name); } return ret; } krb5_error_code -hdb_db_create(krb5_context context, HDB **db, +hdb_db_create(krb5_context context, HDB **db, const char *filename) { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; (*db)->hdb_openp = 0; + (*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL; (*db)->hdb_open = DB_open; (*db)->hdb_close = DB_close; - (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_fetch_kvno = _hdb_fetch_kvno; (*db)->hdb_store = _hdb_store; (*db)->hdb_remove = _hdb_remove; (*db)->hdb_firstkey = DB_firstkey; diff --git a/crypto/heimdal/lib/hdb/db3.c b/crypto/heimdal/lib/hdb/db3.c index 45ccbef7919..58f892ff677 100644 --- a/crypto/heimdal/lib/hdb/db3.c +++ b/crypto/heimdal/lib/hdb/db3.c @@ -1,45 +1,47 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" -RCSID("$Id: db3.c 21610 2007-07-17 07:10:45Z lha $"); - #if HAVE_DB3 -#ifdef HAVE_DB4_DB_H +#ifdef HAVE_DBHEADER +#include +#elif HAVE_DB5_DB_H +#include +#elif HAVE_DB4_DB_H #include -#elif defined(HAVE_DB3_DB_H) +#elif HAVE_DB3_DB_H #include #else #include @@ -125,7 +127,7 @@ DB_seq(krb5_context context, HDB *db, entry->entry.principal = malloc(sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } else { hdb_key2principal(context, &key_data, entry->entry.principal); @@ -161,7 +163,7 @@ DB_rename(krb5_context context, HDB *db, const char *new_name) free(new); if(ret) return errno; - + free(db->hdb_name); db->hdb_name = strdup(new_name); return 0; @@ -193,7 +195,7 @@ DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) } static krb5_error_code -DB__put(krb5_context context, HDB *db, int replace, +DB__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { DB *d = (DB*)db->hdb_db; @@ -264,10 +266,14 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) asprintf(&fn, "%s.db", db->hdb_name); if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + if (db_create(&d, NULL, 0) != 0) { + free(fn); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - db_create(&d, NULL, 0); db->hdb_db = d; #if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1) @@ -282,14 +288,14 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE, myflags, mode); #else - ret = (*d->open)(db->hdb_db, db->hdb_name, NULL, DB_BTREE, + ret = (*d->open)(db->hdb_db, db->hdb_name, NULL, DB_BTREE, myflags, mode); #endif } if (ret) { free(fn); - krb5_set_error_string(context, "opening %s: %s", + krb5_set_error_message(context, ret, "opening %s: %s", db->hdb_name, strerror(ret)); return ret; } @@ -297,7 +303,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) ret = (*d->cursor)(d, NULL, &dbc, 0); if (ret) { - krb5_set_error_string(context, "d->cursor: %s", strerror(ret)); + krb5_set_error_message(context, ret, "d->cursor: %s", strerror(ret)); return ret; } db->hdb_dbc = dbc; @@ -310,38 +316,39 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) return 0; if (ret) { DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); } return ret; } krb5_error_code -hdb_db_create(krb5_context context, HDB **db, +hdb_db_create(krb5_context context, HDB **db, const char *filename) { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; (*db)->hdb_openp = 0; + (*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL; (*db)->hdb_open = DB_open; (*db)->hdb_close = DB_close; - (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_fetch_kvno = _hdb_fetch_kvno; (*db)->hdb_store = _hdb_store; (*db)->hdb_remove = _hdb_remove; (*db)->hdb_firstkey = DB_firstkey; diff --git a/crypto/heimdal/lib/hdb/dbinfo.c b/crypto/heimdal/lib/hdb/dbinfo.c index d43e31b39ad..52e394106ec 100644 --- a/crypto/heimdal/lib/hdb/dbinfo.c +++ b/crypto/heimdal/lib/hdb/dbinfo.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" -RCSID("$Id: dbinfo.c 22306 2007-12-14 12:22:38Z lha $"); - struct hdb_dbinfo { char *label; char *realm; @@ -63,7 +61,7 @@ get_dbinfo(krb5_context context, di = calloc(1, sizeof(*di)); if (di == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } di->label = strdup(label); @@ -104,24 +102,24 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) dt = NULL; databases = NULL; - db_binding = krb5_config_get(context, NULL, krb5_config_list, - "kdc", - "database", - NULL); + db_binding = krb5_config_get_list(context, NULL, + "kdc", + "database", + NULL); if (db_binding) { ret = get_dbinfo(context, db_binding, "default", &di); if (ret == 0 && di) { databases = di; dt = &di->next; - } + } for ( ; db_binding != NULL; db_binding = db_binding->next) { if (db_binding->type != krb5_config_list) continue; - ret = get_dbinfo(context, db_binding->u.list, + ret = get_dbinfo(context, db_binding->u.list, db_binding->name, &di); if (ret) krb5_err(context, 1, ret, "failed getting realm"); @@ -159,7 +157,7 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) else /* the filename is something.else, replace .else with .mkey */ - asprintf(&di->mkey_file, "%.*s.mkey", + asprintf(&di->mkey_file, "%.*s.mkey", (int)(p - di->dbname), di->dbname); } if(di->acl_file == NULL) @@ -228,10 +226,12 @@ hdb_free_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) for(di = *dbp; di != NULL; di = ndi) { ndi = di->next; + free (di->label); free (di->realm); free (di->dbname); - if (di->mkey_file) - free (di->mkey_file); + free (di->mkey_file); + free (di->acl_file); + free (di->log_file); free(di); } *dbp = NULL; diff --git a/crypto/heimdal/lib/hdb/ext.c b/crypto/heimdal/lib/hdb/ext.c index 5f60999946b..d2a4373b9b3 100644 --- a/crypto/heimdal/lib/hdb/ext.c +++ b/crypto/heimdal/lib/hdb/ext.c @@ -1,60 +1,59 @@ /* - * Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" #include -RCSID("$Id: ext.c 21113 2007-06-18 12:59:32Z lha $"); - krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) { - int i; + size_t i; if (ent->extensions == NULL) return 0; - /* + /* * check for unknown extensions and if they where tagged mandatory */ for (i = 0; i < ent->extensions->len; i++) { - if (ent->extensions->val[i].data.element != + if (ent->extensions->val[i].data.element != choice_HDB_extension_data_asn1_ellipsis) continue; if (ent->extensions->val[i].mandatory) { - krb5_set_error_string(context, "Principal have unknown " - "mandatory extension"); + krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION, + "Principal have unknown " + "mandatory extension"); return HDB_ERR_MANDATORY_OPTION; } } @@ -64,13 +63,13 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) HDB_extension * hdb_find_extension(const hdb_entry *entry, int type) { - int i; + size_t i; if (entry->extensions == NULL) return NULL; for (i = 0; i < entry->extensions->len; i++) - if (entry->extensions->val[i].data.element == type) + if (entry->extensions->val[i].data.element == (unsigned)type) return &entry->extensions->val[i]; return NULL; } @@ -82,8 +81,8 @@ hdb_find_extension(const hdb_entry *entry, int type) */ krb5_error_code -hdb_replace_extension(krb5_context context, - hdb_entry *entry, +hdb_replace_extension(krb5_context context, + hdb_entry *entry, const HDB_extension *ext) { HDB_extension *ext2; @@ -95,13 +94,13 @@ hdb_replace_extension(krb5_context context, if (entry->extensions == NULL) { entry->extensions = calloc(1, sizeof(*entry->extensions)); if (entry->extensions == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { ext2 = hdb_find_extension(entry, ext->data.element); } else { - /* + /* * This is an unknown extention, and we are asked to replace a * possible entry in `entry' that is of the same type. This * might seem impossible, but ASN.1 CHOICE comes to our @@ -113,15 +112,15 @@ hdb_replace_extension(krb5_context context, Der_type replace_type, list_type; unsigned int replace_tag, list_tag; size_t size; - int i; + size_t i; ret = der_get_tag(ext->data.u.asn1_ellipsis.data, ext->data.u.asn1_ellipsis.length, &replace_class, &replace_type, &replace_tag, &size); if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "replacement hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to decode " + "replacement hdb extention"); return ret; } @@ -136,8 +135,8 @@ hdb_replace_extension(krb5_context context, &list_class, &list_type, &list_tag, &size); if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "present hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to decode " + "present hdb extention"); return ret; } @@ -153,15 +152,15 @@ hdb_replace_extension(krb5_context context, free_HDB_extension(ext2); ret = copy_HDB_extension(ext, ext2); if (ret) - krb5_set_error_string(context, "hdb: failed to copy replacement " - "hdb extention"); + krb5_set_error_message(context, ret, "hdb: failed to copy replacement " + "hdb extention"); return ret; } - es = realloc(entry->extensions->val, + es = realloc(entry->extensions->val, (entry->extensions->len+1)*sizeof(entry->extensions->val[0])); if (es == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } entry->extensions->val = es; @@ -171,23 +170,23 @@ hdb_replace_extension(krb5_context context, if (ret == 0) entry->extensions->len++; else - krb5_set_error_string(context, "hdb: failed to copy new extension"); + krb5_set_error_message(context, ret, "hdb: failed to copy new extension"); return ret; } krb5_error_code -hdb_clear_extension(krb5_context context, - hdb_entry *entry, +hdb_clear_extension(krb5_context context, + hdb_entry *entry, int type) { - int i; + size_t i; if (entry->extensions == NULL) return 0; for (i = 0; i < entry->extensions->len; i++) { - if (entry->extensions->val[i].data.element == type) { + if (entry->extensions->val[i].data.element == (unsigned)type) { free_HDB_extension(&entry->extensions->val[i]); memmove(&entry->extensions->val[i], &entry->extensions->val[i + 1], @@ -233,6 +232,20 @@ hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a) return 0; } +krb5_error_code +hdb_entry_get_pkinit_cert(const hdb_entry *entry, const HDB_Ext_PKINIT_cert **a) +{ + const HDB_extension *ext; + + ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert); + if (ext) + *a = &ext->data.u.pkinit_cert; + else + *a = NULL; + + return 0; +} + krb5_error_code hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t) { @@ -248,7 +261,7 @@ hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t) } krb5_error_code -hdb_entry_set_pw_change_time(krb5_context context, +hdb_entry_set_pw_change_time(krb5_context context, hdb_entry *entry, time_t t) { @@ -264,7 +277,7 @@ hdb_entry_set_pw_change_time(krb5_context context, } int -hdb_entry_get_password(krb5_context context, HDB *db, +hdb_entry_get_password(krb5_context context, HDB *db, const hdb_entry *entry, char **p) { HDB_extension *ext; @@ -273,18 +286,19 @@ hdb_entry_get_password(krb5_context context, HDB *db, ext = hdb_find_extension(entry, choice_HDB_extension_data_password); if (ext) { - heim_utf8_string str; + heim_utf8_string xstr; heim_octet_string pw; if (db->hdb_master_key_set && ext->data.u.password.mkvno) { hdb_master_key key; - key = _hdb_find_master_key(ext->data.u.password.mkvno, + key = _hdb_find_master_key(ext->data.u.password.mkvno, db->hdb_master_key); if (key == NULL) { - krb5_set_error_string(context, "master key %d missing", - *ext->data.u.password.mkvno); + krb5_set_error_message(context, HDB_ERR_NO_MKEY, + "master key %d missing", + *ext->data.u.password.mkvno); return HDB_ERR_NO_MKEY; } @@ -296,21 +310,21 @@ hdb_entry_get_password(krb5_context context, HDB *db, ret = der_copy_octet_string(&ext->data.u.password.password, &pw); } if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } - str = pw.data; - if (str[pw.length - 1] != '\0') { - krb5_set_error_string(context, "password malformated"); + xstr = pw.data; + if (xstr[pw.length - 1] != '\0') { + krb5_set_error_message(context, EINVAL, "malformed password"); return EINVAL; } - *p = strdup(str); + *p = strdup(xstr); der_free_octet_string(&pw); if (*p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } return 0; @@ -318,16 +332,17 @@ hdb_entry_get_password(krb5_context context, HDB *db, ret = krb5_unparse_name(context, entry->principal, &str); if (ret == 0) { - krb5_set_error_string(context, "no password attributefor %s", str); + krb5_set_error_message(context, ENOENT, + "no password attribute for %s", str); free(str); - } else - krb5_clear_error_string(context); + } else + krb5_clear_error_message(context); return ENOENT; } int -hdb_entry_set_password(krb5_context context, HDB *db, +hdb_entry_set_password(krb5_context context, HDB *db, hdb_entry *entry, const char *p) { HDB_extension ext; @@ -341,22 +356,23 @@ hdb_entry_set_password(krb5_context context, HDB *db, key = _hdb_find_master_key(NULL, db->hdb_master_key); if (key == NULL) { - krb5_set_error_string(context, "hdb_entry_set_password: " - "failed to find masterkey"); + krb5_set_error_message(context, HDB_ERR_NO_MKEY, + "hdb_entry_set_password: " + "failed to find masterkey"); return HDB_ERR_NO_MKEY; } ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY, - p, strlen(p) + 1, + p, strlen(p) + 1, &ext.data.u.password.password); if (ret) return ret; - ext.data.u.password.mkvno = + ext.data.u.password.mkvno = malloc(sizeof(*ext.data.u.password.mkvno)); if (ext.data.u.password.mkvno == NULL) { free_HDB_extension(&ext); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } *ext.data.u.password.mkvno = _hdb_mkey_version(key); @@ -364,10 +380,10 @@ hdb_entry_set_password(krb5_context context, HDB *db, } else { ext.data.u.password.mkvno = NULL; - ret = krb5_data_copy(&ext.data.u.password.password, + ret = krb5_data_copy(&ext.data.u.password.password, p, strlen(p) + 1); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); free_HDB_extension(&ext); return ret; } @@ -383,17 +399,17 @@ hdb_entry_set_password(krb5_context context, HDB *db, int hdb_entry_clear_password(krb5_context context, hdb_entry *entry) { - return hdb_clear_extension(context, entry, + return hdb_clear_extension(context, entry, choice_HDB_extension_data_password); } krb5_error_code -hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, +hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, const HDB_Ext_Constrained_delegation_acl **a) { const HDB_extension *ext; - ext = hdb_find_extension(entry, + ext = hdb_find_extension(entry, choice_HDB_extension_data_allowed_to_delegate_to); if (ext) *a = &ext->data.u.allowed_to_delegate_to; diff --git a/crypto/heimdal/lib/hdb/hdb-keytab.c b/crypto/heimdal/lib/hdb/hdb-keytab.c new file mode 100644 index 00000000000..ab2afb5d74b --- /dev/null +++ b/crypto/heimdal/lib/hdb/hdb-keytab.c @@ -0,0 +1,231 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" +#include + +typedef struct { + char *path; + krb5_keytab keytab; +} *hdb_keytab; + +/* + * + */ + +static krb5_error_code +hkt_close(krb5_context context, HDB *db) +{ + hdb_keytab k = (hdb_keytab)db->hdb_db; + krb5_error_code ret; + + assert(k->keytab); + + ret = krb5_kt_close(context, k->keytab); + k->keytab = NULL; + + return ret; +} + +static krb5_error_code +hkt_destroy(krb5_context context, HDB *db) +{ + hdb_keytab k = (hdb_keytab)db->hdb_db; + krb5_error_code ret; + + ret = hdb_clear_master_key (context, db); + + free(k->path); + free(k); + + free(db->hdb_name); + free(db); + return ret; +} + +static krb5_error_code +hkt_lock(krb5_context context, HDB *db, int operation) +{ + return 0; +} + +static krb5_error_code +hkt_unlock(krb5_context context, HDB *db) +{ + return 0; +} + +static krb5_error_code +hkt_firstkey(krb5_context context, HDB *db, + unsigned flags, hdb_entry_ex *entry) +{ + return HDB_ERR_DB_INUSE; +} + +static krb5_error_code +hkt_nextkey(krb5_context context, HDB * db, unsigned flags, + hdb_entry_ex * entry) +{ + return HDB_ERR_DB_INUSE; +} + +static krb5_error_code +hkt_open(krb5_context context, HDB * db, int flags, mode_t mode) +{ + hdb_keytab k = (hdb_keytab)db->hdb_db; + krb5_error_code ret; + + assert(k->keytab == NULL); + + ret = krb5_kt_resolve(context, k->path, &k->keytab); + if (ret) + return ret; + + return 0; +} + +static krb5_error_code +hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, + unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry) +{ + hdb_keytab k = (hdb_keytab)db->hdb_db; + krb5_error_code ret; + krb5_keytab_entry ktentry; + + if (!(flags & HDB_F_KVNO_SPECIFIED)) { + /* Preserve previous behaviour if no kvno specified */ + kvno = 0; + } + + memset(&ktentry, 0, sizeof(ktentry)); + + entry->entry.flags.server = 1; + entry->entry.flags.forwardable = 1; + entry->entry.flags.renewable = 1; + + /* Not recorded in the OD backend, make something up */ + ret = krb5_parse_name(context, "hdb/keytab@WELL-KNOWN:KEYTAB-BACKEND", + &entry->entry.created_by.principal); + if (ret) + goto out; + + /* + * XXX really needs to try all enctypes and just not pick the + * first one, even if that happens to be des3-cbc-sha1 (ie best + * enctype) in the Apple case. A while loop over all known + * enctypes should work. + */ + + ret = krb5_kt_get_entry(context, k->keytab, principal, kvno, 0, &ktentry); + if (ret) { + ret = HDB_ERR_NOENTRY; + goto out; + } + + ret = krb5_copy_principal(context, principal, &entry->entry.principal); + if (ret) + goto out; + + ret = _hdb_keytab2hdb_entry(context, &ktentry, entry); + + out: + if (ret) { + free_hdb_entry(&entry->entry); + memset(&entry->entry, 0, sizeof(entry->entry)); + } + krb5_kt_free_entry(context, &ktentry); + + return ret; +} + +static krb5_error_code +hkt_store(krb5_context context, HDB * db, unsigned flags, + hdb_entry_ex * entry) +{ + return HDB_ERR_DB_INUSE; +} + + +krb5_error_code +hdb_keytab_create(krb5_context context, HDB ** db, const char *arg) +{ + hdb_keytab k; + + *db = calloc(1, sizeof(**db)); + if (*db == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + memset(*db, 0, sizeof(**db)); + + k = calloc(1, sizeof(*k)); + if (k == NULL) { + free(*db); + *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + + k->path = strdup(arg); + if (k->path == NULL) { + free(k); + free(*db); + *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + + + (*db)->hdb_db = k; + + (*db)->hdb_master_key_set = 0; + (*db)->hdb_openp = 0; + (*db)->hdb_open = hkt_open; + (*db)->hdb_close = hkt_close; + (*db)->hdb_fetch_kvno = hkt_fetch_kvno; + (*db)->hdb_store = hkt_store; + (*db)->hdb_remove = NULL; + (*db)->hdb_firstkey = hkt_firstkey; + (*db)->hdb_nextkey = hkt_nextkey; + (*db)->hdb_lock = hkt_lock; + (*db)->hdb_unlock = hkt_unlock; + (*db)->hdb_rename = NULL; + (*db)->hdb__get = NULL; + (*db)->hdb__put = NULL; + (*db)->hdb__del = NULL; + (*db)->hdb_destroy = hkt_destroy; + + return 0; +} diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c index c9f3d37cd33..1b4024aa540 100644 --- a/crypto/heimdal/lib/hdb/hdb-ldap.c +++ b/crypto/heimdal/lib/hdb/hdb-ldap.c @@ -1,7 +1,7 @@ /* * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. * Copyright (c) 2004, Andrew Bartlett. - * Copyright (c) 2003 - 2007, Kungliga Tekniska Högskolan. + * Copyright (c) 2003 - 2008, Kungliga Tekniska Högskolan. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,8 +34,6 @@ #include "hdb_locl.h" -RCSID("$Id: hdb-ldap.c 22071 2007-11-14 20:04:50Z lha $"); - #ifdef OPENLDAP #include @@ -48,7 +46,7 @@ static krb5_error_code LDAP_close(krb5_context context, HDB *); static krb5_error_code LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, - hdb_entry_ex * ent); + int flags, hdb_entry_ex * ent); static const char *default_structural_object = "account"; static char *structural_object; @@ -74,7 +72,7 @@ struct hdbldapdb { * */ -static char * krb5kdcentry_attrs[] = { +static char * krb5kdcentry_attrs[] = { "cn", "createTimestamp", "creatorsName", @@ -121,8 +119,9 @@ LDAP_no_size_limit(krb5_context context, LDAP *lp) ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit); if (ret != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(ret)); + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "ldap_set_option: %s", + ldap_err2string(ret)); return HDB_ERR_BADVERSION; } return 0; @@ -222,7 +221,7 @@ LDAP_addmod_len(LDAPMod *** modlist, int modop, const char *attribute, (*modlist)[cMods]->mod_bvalues = bv; - bv[i] = ber_memalloc(sizeof(*bv));; + bv[i] = ber_memalloc(sizeof(**bv));; if (bv[i] == NULL) return ENOMEM; @@ -295,8 +294,9 @@ LDAP_addmod_integer(krb5_context context, ret = asprintf(&buf, "%ld", l); if (ret < 0) { - krb5_set_error_string(context, "asprintf: out of memory:"); - return ret; + krb5_set_error_message(context, ENOMEM, + "asprintf: out of memory:"); + return ENOMEM; } ret = LDAP_addmod(mods, modop, attribute, buf); free (buf); @@ -307,38 +307,40 @@ static krb5_error_code LDAP_get_string_value(HDB * db, LDAPMessage * entry, const char *attribute, char **ptr) { - char **vals; - int ret; + struct berval **vals; - vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); - if (vals == NULL) { + vals = ldap_get_values_len(HDB2LDAP(db), entry, attribute); + if (vals == NULL || vals[0] == NULL) { *ptr = NULL; return HDB_ERR_NOENTRY; } - *ptr = strdup(vals[0]); - if (*ptr == NULL) - ret = ENOMEM; - else - ret = 0; + *ptr = malloc(vals[0]->bv_len + 1); + if (*ptr == NULL) { + ldap_value_free_len(vals); + return ENOMEM; + } - ldap_value_free(vals); + memcpy(*ptr, vals[0]->bv_val, vals[0]->bv_len); + (*ptr)[vals[0]->bv_len] = 0; - return ret; + ldap_value_free_len(vals); + + return 0; } static krb5_error_code LDAP_get_integer_value(HDB * db, LDAPMessage * entry, const char *attribute, int *ptr) { - char **vals; + krb5_error_code ret; + char *val; - vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); - if (vals == NULL) - return HDB_ERR_NOENTRY; - - *ptr = atoi(vals[0]); - ldap_value_free(vals); + ret = LDAP_get_string_value(db, entry, attribute, &val); + if (ret) + return ret; + *ptr = atoi(val); + free(val); return 0; } @@ -369,6 +371,14 @@ LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry, return 0; } +static int +bervalstrcmp(struct berval *v, const char *str) +{ + size_t len = strlen(str); + return (v->bv_len == len) && strncasecmp(str, (char *)v->bv_val, len) == 0; +} + + static krb5_error_code LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, LDAPMessage * msg, LDAPMod *** pmods) @@ -386,40 +396,39 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, krb5_boolean is_heimdal_entry = FALSE; krb5_boolean is_heimdal_principal = FALSE; - char **values; + struct berval **vals; *pmods = NULL; if (msg != NULL) { - ret = LDAP_message2entry(context, db, msg, &orig); + ret = LDAP_message2entry(context, db, msg, 0, &orig); if (ret) goto out; is_new_entry = FALSE; - - values = ldap_get_values(HDB2LDAP(db), msg, "objectClass"); - if (values) { - int num_objectclasses = ldap_count_values(values); + + vals = ldap_get_values_len(HDB2LDAP(db), msg, "objectClass"); + if (vals) { + int num_objectclasses = ldap_count_values_len(vals); for (i=0; i < num_objectclasses; i++) { - if (strcasecmp(values[i], "sambaSamAccount") == 0) { + if (bervalstrcmp(vals[i], "sambaSamAccount")) is_samba_account = TRUE; - } else if (strcasecmp(values[i], structural_object) == 0) { + else if (bervalstrcmp(vals[i], structural_object)) is_account = TRUE; - } else if (strcasecmp(values[i], "krb5Principal") == 0) { + else if (bervalstrcmp(vals[i], "krb5Principal")) is_heimdal_principal = TRUE; - } else if (strcasecmp(values[i], "krb5KDCEntry") == 0) { + else if (bervalstrcmp(vals[i], "krb5KDCEntry")) is_heimdal_entry = TRUE; - } } - ldap_value_free(values); + ldap_value_free_len(vals); } /* * If this is just a "account" entry and no other objectclass * is hanging on this entry, it's really a new entry. */ - if (is_samba_account == FALSE && is_heimdal_principal == FALSE && + if (is_samba_account == FALSE && is_heimdal_principal == FALSE && is_heimdal_entry == FALSE) { if (is_account == TRUE) { is_new_entry = TRUE; @@ -440,10 +449,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top"); if (ret) goto out; - + /* account is the structural object class */ if (is_account == FALSE) { - ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", + ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", structural_object); is_account = TRUE; if (ret) @@ -461,7 +470,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, goto out; } - if (is_new_entry || + if (is_new_entry || krb5_principal_compare(context, ent->entry.principal, orig.entry.principal) == FALSE) { @@ -495,7 +504,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, if (is_heimdal_entry && (ent->entry.kvno != orig.entry.kvno || is_new_entry)) { ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "krb5KeyVersionNumber", + "krb5KeyVersionNumber", ent->entry.kvno); if (ret) goto out; @@ -514,7 +523,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, if (ent->entry.valid_end) { if (orig.entry.valid_end == NULL || (*(ent->entry.valid_end) != *(orig.entry.valid_end))) { - if (is_heimdal_entry) { + if (is_heimdal_entry) { ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE, "krb5ValidEnd", ent->entry.valid_end); @@ -523,7 +532,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, } if (is_samba_account) { ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "sambaKickoffTime", + "sambaKickoffTime", *(ent->entry.valid_end)); if (ret) goto out; @@ -543,7 +552,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, if (is_samba_account) { ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "sambaPwdMustChange", + "sambaPwdMustChange", *(ent->entry.pw_end)); if (ret) goto out; @@ -556,7 +565,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, if (is_samba_account && ent->entry.last_pw_change) { if (orig.entry.last_pw_change == NULL || (*(ent->entry.last_pw_change) != *(orig.entry.last_pw_change))) { ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "sambaPwdLastSet", + "sambaPwdLastSet", *(ent->entry.last_pw_change)); if (ret) goto out; @@ -569,7 +578,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, || (*(ent->entry.max_life) != *(orig.entry.max_life))) { ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "krb5MaxLife", + "krb5MaxLife", *(ent->entry.max_life)); if (ret) goto out; @@ -602,9 +611,9 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, /* Remove keys if they exists, and then replace keys. */ if (!is_new_entry && orig.entry.keys.len > 0) { - values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key"); - if (values) { - ldap_value_free(values); + vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key"); + if (vals) { + ldap_value_free_len(vals); ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); if (ret) @@ -618,38 +627,43 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { char *ntHexPassword; char *nt; - + time_t now = time(NULL); + /* the key might have been 'sealed', but samba passwords are clear in the directory */ ret = hdb_unseal_key(context, db, &ent->entry.keys.val[i]); if (ret) goto out; - + nt = ent->entry.keys.val[i].key.keyvalue.data; /* store in ntPassword, not krb5key */ ret = hex_encode(nt, 16, &ntHexPassword); if (ret < 0) { - krb5_set_error_string(context, "hdb-ldap: failed to " - "hex encode key"); ret = ENOMEM; + krb5_set_error_message(context, ret, "hdb-ldap: failed to " + "hex encode key"); goto out; } - ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", + ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", ntHexPassword); free(ntHexPassword); if (ret) goto out; - + ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, + "sambaPwdLastSet", now); + if (ret) + goto out; + /* have to kill the LM passwod if it exists */ - values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword"); - if (values) { - ldap_value_free(values); + vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword"); + if (vals) { + ldap_value_free_len(vals); ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "sambaLMPassword", NULL); if (ret) goto out; } - + } else if (is_heimdal_entry) { unsigned char *buf; size_t len, buf_size; @@ -670,15 +684,15 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, if (ent->entry.etypes) { int add_krb5EncryptionType = 0; - /* + /* * Only add/modify krb5EncryptionType if it's a new heimdal * entry or krb5EncryptionType already exists on the entry. */ if (!is_new_entry) { - values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); - if (values) { - ldap_value_free(values); + vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType"); + if (vals) { + ldap_value_free_len(vals); ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", NULL); if (ret) @@ -690,7 +704,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, if (add_krb5EncryptionType) { for (i = 0; i < ent->entry.etypes->len; i++) { - if (is_samba_account && + if (is_samba_account && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { ; @@ -730,20 +744,22 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn, krb5_error_code ret; int rc; const char *filter = "(objectClass=krb5Principal)"; - char **values; LDAPMessage *res = NULL, *e; + char *p; ret = LDAP_no_size_limit(context, HDB2LDAP(db)); if (ret) goto out; - rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE, - filter, krb5principal_attrs, - 0, &res); + rc = ldap_search_ext_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE, + filter, krb5principal_attrs, 0, + NULL, NULL, NULL, + 0, &res); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_search_s: filter: %s error: %s", - filter, ldap_err2string(rc)); ret = HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, "ldap_search_ext_s: " + "filter: %s error: %s", + filter, ldap_err2string(rc)); goto out; } @@ -753,14 +769,14 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn, goto out; } - values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName"); - if (values == NULL) { + ret = LDAP_get_string_value(db, e, "krb5PrincipalName", &p); + if (ret) { ret = HDB_ERR_NOENTRY; goto out; } - ret = krb5_parse_name(context, values[0], principal); - ldap_value_free(values); + ret = krb5_parse_name(context, p, principal); + free(p); out: if (res) @@ -769,6 +785,49 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn, return ret; } +static int +need_quote(unsigned char c) +{ + return (c & 0x80) || + (c < 32) || + (c == '(') || + (c == ')') || + (c == '*') || + (c == '\\') || + (c == 0x7f); +} + +const static char hexchar[] = "0123456789ABCDEF"; + +static krb5_error_code +escape_value(krb5_context context, const unsigned char *unquoted, char **quoted) +{ + size_t i, len; + + for (i = 0, len = 0; unquoted[i] != '\0'; i++, len++) { + if (need_quote((unsigned char)unquoted[i])) + len += 2; + } + + *quoted = malloc(len + 1); + if (*quoted == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + + for (i = 0; unquoted[0] ; unquoted++) { + if (need_quote((unsigned char *)unquoted[0])) { + (*quoted)[i++] = '\\'; + (*quoted)[i++] = hexchar[(unquoted[0] >> 4) & 0xf]; + (*quoted)[i++] = hexchar[(unquoted[0] ) & 0xf]; + } else + (*quoted)[i++] = (char)unquoted[0]; + } + (*quoted)[i] = '\0'; + return 0; +} + + static krb5_error_code LDAP__lookup_princ(krb5_context context, HDB *db, @@ -778,18 +837,29 @@ LDAP__lookup_princ(krb5_context context, { krb5_error_code ret; int rc; - char *filter = NULL; + char *quote, *filter = NULL; ret = LDAP__connect(context, db); if (ret) return ret; + /* + * Quote searches that contain filter language, this quote + * searches for *@REALM, which takes very long time. + */ + + ret = escape_value(context, princname, "e); + if (ret) + goto out; + rc = asprintf(&filter, "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))", - princname); + quote); + free(quote); + if (rc < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } @@ -797,12 +867,16 @@ LDAP__lookup_princ(krb5_context context, if (ret) goto out; - rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter, - krb5kdcentry_attrs, 0, msg); + rc = ldap_search_ext_s(HDB2LDAP(db), HDB2BASE(db), + LDAP_SCOPE_SUBTREE, filter, + krb5kdcentry_attrs, 0, + NULL, NULL, NULL, + 0, msg); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_search_s: filter: %s - error: %s", - filter, ldap_err2string(rc)); ret = HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, "ldap_search_ext_s: " + "filter: %s - error: %s", + filter, ldap_err2string(rc)); goto out; } @@ -811,27 +885,34 @@ LDAP__lookup_princ(krb5_context context, filter = NULL; ldap_msgfree(*msg); *msg = NULL; - + + ret = escape_value(context, userid, "e); + if (ret) + goto out; + rc = asprintf(&filter, "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))", - structural_object, userid); + structural_object, quote); + free(quote); if (rc < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "asprintf: out of memory"); goto out; } - + ret = LDAP_no_size_limit(context, HDB2LDAP(db)); if (ret) goto out; - rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, - filter, krb5kdcentry_attrs, 0, msg); + rc = ldap_search_ext_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, + filter, krb5kdcentry_attrs, 0, + NULL, NULL, NULL, + 0, msg); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, - "ldap_search_s: filter: %s error: %s", - filter, ldap_err2string(rc)); ret = HDB_ERR_NOENTRY; + krb5_set_error_message(context, ret, + "ldap_search_ext_s: filter: %s error: %s", + filter, ldap_err2string(rc)); goto out; } } @@ -889,14 +970,13 @@ LDAP_principal2message(krb5_context context, HDB * db, */ static krb5_error_code LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, - hdb_entry_ex * ent) + int flags, hdb_entry_ex * ent) { char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; char *samba_acct_flags = NULL; - unsigned long tmp; struct berval **keys; - char **values; - int tmp_time, i, ret, have_arcfour = 0; + struct berval **vals; + int tmp, tmp_time, i, ret, have_arcfour = 0; memset(ent, 0, sizeof(*ent)); ent->entry.flags = int2HDBFlags(0); @@ -914,7 +994,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ret) goto out; } else { - krb5_set_error_string(context, "hdb-ldap: ldap entry missing" + krb5_set_error_message(context, HDB_ERR_NOENTRY, + "hdb-ldap: ldap entry missing" "principal name"); return HDB_ERR_NOENTRY; } @@ -938,8 +1019,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.keys.len = ldap_count_values_len(keys); ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key)); if (ent->entry.keys.val == NULL) { - krb5_set_error_string(context, "calloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "calloc: out of memory"); goto out; } for (i = 0; i < ent->entry.keys.len; i++) { @@ -962,27 +1043,39 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, #endif } - values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); - if (values != NULL) { + vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType"); + if (vals != NULL) { int i; ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); if (ent->entry.etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret,"malloc: out of memory"); goto out; } - ent->entry.etypes->len = ldap_count_values(values); + ent->entry.etypes->len = ldap_count_values_len(vals); ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); if (ent->entry.etypes->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + ent->entry.etypes->len = 0; goto out; } for (i = 0; i < ent->entry.etypes->len; i++) { - ent->entry.etypes->val[i] = atoi(values[i]); + char *buf; + + buf = malloc(vals[i]->bv_len + 1); + if (buf == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + memcpy(buf, vals[i]->bv_val, vals[i]->bv_len); + buf[vals[i]->bv_len] = '\0'; + ent->entry.etypes->val[i] = atoi(buf); + free(buf); } - ldap_value_free(values); + ldap_value_free_len(vals); } for (i = 0; i < ent->entry.keys.len; i++) { @@ -1003,8 +1096,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0])); if (keys == NULL) { free(ntPasswordIN); - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ent->entry.keys.val = keys; @@ -1012,7 +1105,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5; ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, "malloc: out of memory"); free(ntPasswordIN); ret = ENOMEM; goto out; @@ -1024,8 +1117,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ent->entry.etypes == NULL) { ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); if (ent->entry.etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ent->entry.etypes->val = NULL; @@ -1037,16 +1130,16 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, break; /* If there is no ARCFOUR enctype, add one */ if (i == ent->entry.etypes->len) { - etypes = realloc(ent->entry.etypes->val, - (ent->entry.etypes->len + 1) * + etypes = realloc(ent->entry.etypes->val, + (ent->entry.etypes->len + 1) * sizeof(ent->entry.etypes->val[0])); if (etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - goto out; + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; } ent->entry.etypes->val = etypes; - ent->entry.etypes->val[ent->entry.etypes->len] = + ent->entry.etypes->val[ent->entry.etypes->len] = ETYPE_ARCFOUR_HMAC_MD5; ent->entry.etypes->len++; } @@ -1059,37 +1152,38 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.created_by.principal = NULL; - ret = LDAP_get_string_value(db, msg, "creatorsName", &dn); - if (ret == 0) { - if (LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal) - != 0) { - ent->entry.created_by.principal = NULL; + if (flags & HDB_F_ADMIN_DATA) { + ret = LDAP_get_string_value(db, msg, "creatorsName", &dn); + if (ret == 0) { + LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal); + free(dn); } - free(dn); - } - ent->entry.modified_by = (Event *) malloc(sizeof(Event)); - if (ent->entry.modified_by == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp", - &ent->entry.modified_by->time); - if (ret == 0) { - ret = LDAP_get_string_value(db, msg, "modifiersName", &dn); - if (LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal)) - ent->entry.modified_by->principal = NULL; - free(dn); - } else { - free(ent->entry.modified_by); - ent->entry.modified_by = NULL; + ent->entry.modified_by = calloc(1, sizeof(*ent->entry.modified_by)); + if (ent->entry.modified_by == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + + ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp", + &ent->entry.modified_by->time); + if (ret == 0) { + ret = LDAP_get_string_value(db, msg, "modifiersName", &dn); + if (ret == 0) { + LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal); + free(dn); + } else { + free(ent->entry.modified_by); + ent->entry.modified_by = NULL; + } + } } ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start)); if (ent->entry.valid_start == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart", @@ -1099,11 +1193,11 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, free(ent->entry.valid_start); ent->entry.valid_start = NULL; } - + ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); if (ent->entry.valid_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd", @@ -1119,8 +1213,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, if (ent->entry.valid_end == NULL) { ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); if (ent->entry.valid_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1129,8 +1223,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); if (ent->entry.pw_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd", @@ -1141,13 +1235,34 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.pw_end = NULL; } + ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time); + if (ret == 0) { + time_t delta; + + if (ent->entry.pw_end == NULL) { + ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); + if (ent->entry.pw_end == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + } + + delta = krb5_config_get_time_default(context, NULL, + 365 * 24 * 60 * 60, + "kadmin", + "password_lifetime", + NULL); + *ent->entry.pw_end = tmp_time + delta; + } + ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time); if (ret == 0) { if (ent->entry.pw_end == NULL) { ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); if (ent->entry.pw_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } } @@ -1164,8 +1279,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.max_life = malloc(sizeof(*ent->entry.max_life)); if (ent->entry.max_life == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life); @@ -1181,8 +1296,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew)); if (ent->entry.max_renew == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew); @@ -1193,18 +1308,9 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, *ent->entry.max_renew = max_renew; } - values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags"); - if (values != NULL) { - errno = 0; - tmp = strtoul(values[0], (char **) NULL, 10); - if (tmp == ULONG_MAX && errno == ERANGE) { - krb5_set_error_string(context, "strtoul: could not convert flag"); - ret = ERANGE; - goto out; - } - } else { + ret = LDAP_get_integer_value(db, msg, "krb5KDCFlags", &tmp); + if (ret) tmp = 0; - } ent->entry.flags = int2HDBFlags(tmp); @@ -1212,29 +1318,29 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, ret = LDAP_get_string_value(db, msg, "sambaAcctFlags", &samba_acct_flags); if (ret == 0) { /* parse the [UXW...] string: - - 'N' No password - 'D' Disabled - 'H' Homedir required - 'T' Temp account. - 'U' User account (normal) - 'M' MNS logon user account - what is this ? - 'W' Workstation account - 'S' Server account - 'L' Locked account - 'X' No Xpiry on password - 'I' Interdomain trust account - - */ - + + 'N' No password + 'D' Disabled + 'H' Homedir required + 'T' Temp account. + 'U' User account (normal) + 'M' MNS logon user account - what is this ? + 'W' Workstation account + 'S' Server account + 'L' Locked account + 'X' No Xpiry on password + 'I' Interdomain trust account + + */ + int i; int flags_len = strlen(samba_acct_flags); if (flags_len < 2) goto out2; - if (samba_acct_flags[0] != '[' - || samba_acct_flags[flags_len - 1] != ']') + if (samba_acct_flags[0] != '[' + || samba_acct_flags[flags_len - 1] != ']') goto out2; /* Allow forwarding */ @@ -1307,7 +1413,7 @@ LDAP_close(krb5_context context, HDB * db) ldap_unbind_ext(HDB2LDAP(db), NULL, NULL); ((struct hdbldapdb *)db->hdb_db)->h_lp = NULL; } - + return 0; } @@ -1343,7 +1449,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) break; case LDAP_RES_SEARCH_ENTRY: /* We have an entry. Parse it. */ - ret = LDAP_message2entry(context, db, e, entry); + ret = LDAP_message2entry(context, db, e, flags, entry); ldap_msgfree(e); break; case LDAP_RES_SEARCH_RESULT: @@ -1351,13 +1457,13 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) parserc = ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL, NULL, NULL, 1); + ret = HDB_ERR_NOENTRY; if (parserc != LDAP_SUCCESS && parserc != LDAP_MORE_RESULTS_TO_RETURN) { - krb5_set_error_string(context, "ldap_parse_result: %s", - ldap_err2string(parserc)); - ldap_abandon(HDB2LDAP(db), msgid); + krb5_set_error_message(context, ret, "ldap_parse_result: %s", + ldap_err2string(parserc)); + ldap_abandon_ext(HDB2LDAP(db), msgid, NULL, NULL); } - ret = HDB_ERR_NOENTRY; HDBSETMSGID(db, -1); break; case LDAP_SERVER_DOWN: @@ -1369,7 +1475,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) default: /* Some unspecified error (timeout?). Abandon. */ ldap_msgfree(e); - ldap_abandon(HDB2LDAP(db), msgid); + ldap_abandon_ext(HDB2LDAP(db), msgid, NULL, NULL); ret = HDB_ERR_NOENTRY; HDBSETMSGID(db, -1); break; @@ -1402,10 +1508,11 @@ LDAP_firstkey(krb5_context context, HDB *db, unsigned flags, if (ret) return ret; - msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db), + ret = ldap_search_ext(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, "(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))", - krb5kdcentry_attrs, 0); + krb5kdcentry_attrs, 0, + NULL, NULL, NULL, 0, &msgid); if (msgid < 0) return HDB_ERR_NOENTRY; @@ -1451,16 +1558,16 @@ LDAP__connect(krb5_context context, HDB * db) rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db)); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_initialize: %s", - ldap_err2string(rc)); + krb5_set_error_message(context, HDB_ERR_NOENTRY, "ldap_initialize: %s", + ldap_err2string(rc)); return HDB_ERR_NOENTRY; } rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION, (const void *)&version); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(rc)); + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "ldap_set_option: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } @@ -1468,8 +1575,8 @@ LDAP__connect(krb5_context context, HDB * db) rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv, NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_sasl_bind_s: %s", - ldap_err2string(rc)); + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "ldap_sasl_bind_s: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } @@ -1497,8 +1604,8 @@ LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode) } static krb5_error_code -LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal, - unsigned flags, hdb_entry_ex * entry) +LDAP_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, + unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry) { LDAPMessage *msg, *e; krb5_error_code ret; @@ -1513,7 +1620,7 @@ LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal, goto out; } - ret = LDAP_message2entry(context, db, e, entry); + ret = LDAP_message2entry(context, db, e, flags, entry); if (ret == 0) { if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { ret = hdb_unseal_keys(context, db, &entry->entry); @@ -1528,6 +1635,14 @@ LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal, return ret; } +static krb5_error_code +LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal, + unsigned flags, hdb_entry_ex * entry) +{ + return LDAP_fetch_kvno(context, db, principal, + flags & (~HDB_F_KVNO_SPECIFIED), 0, entry); +} + static krb5_error_code LDAP_store(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) @@ -1561,8 +1676,8 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags, if (e == NULL) { ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db)); if (ret < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, "asprintf: out of memory"); goto out; } } else if (flags & HDB_F_REPLACE) { @@ -1577,21 +1692,21 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags, /* write entry into directory */ if (e == NULL) { /* didn't exist before */ - rc = ldap_add_s(HDB2LDAP(db), dn, mods); - errfn = "ldap_add_s"; + rc = ldap_add_ext_s(HDB2LDAP(db), dn, mods, NULL, NULL ); + errfn = "ldap_add_ext_s"; } else { /* already existed, send deltas only */ - rc = ldap_modify_s(HDB2LDAP(db), dn, mods); - errfn = "ldap_modify_s"; + rc = ldap_modify_ext_s(HDB2LDAP(db), dn, mods, NULL, NULL ); + errfn = "ldap_modify_ext_s"; } if (check_ldap(context, db, rc)) { char *ld_error = NULL; ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING, &ld_error); - krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s", - errfn, name, dn, ldap_err2string(rc), ld_error); ret = HDB_ERR_CANT_LOCK_DB; + krb5_set_error_message(context, ret, "%s: %s (DN=%s) %s: %s", + errfn, name, dn, ldap_err2string(rc), ld_error); } else ret = 0; @@ -1635,17 +1750,17 @@ LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal) rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit); if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(rc)); ret = HDB_ERR_BADVERSION; + krb5_set_error_message(context, ret, "ldap_set_option: %s", + ldap_err2string(rc)); goto out; } - rc = ldap_delete_s(HDB2LDAP(db), dn); + rc = ldap_delete_ext_s(HDB2LDAP(db), dn, NULL, NULL ); if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_delete_s: %s", - ldap_err2string(rc)); ret = HDB_ERR_CANT_LOCK_DB; + krb5_set_error_message(context, ret, "ldap_delete_ext_s: %s", + ldap_err2string(rc)); } else ret = 0; @@ -1680,7 +1795,7 @@ LDAP_destroy(krb5_context context, HDB * db) return ret; } -krb5_error_code +static krb5_error_code hdb_ldap_common(krb5_context context, HDB ** db, const char *search_base, @@ -1690,40 +1805,40 @@ hdb_ldap_common(krb5_context context, const char *create_base = NULL; if (search_base == NULL && search_base[0] == '\0') { - krb5_set_error_string(context, "ldap search base not configured"); + krb5_set_error_message(context, ENOMEM, "ldap search base not configured"); return ENOMEM; /* XXX */ } if (structural_object == NULL) { const char *p; - p = krb5_config_get_string(context, NULL, "kdc", + p = krb5_config_get_string(context, NULL, "kdc", "hdb-ldap-structural-object", NULL); if (p == NULL) p = default_structural_object; structural_object = strdup(p); if (structural_object == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } - samba_forwardable = + samba_forwardable = krb5_config_get_bool_default(context, NULL, TRUE, "kdc", "hdb-samba-forwardable", NULL); *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memset(*db, 0, sizeof(**db)); h = calloc(1, sizeof(*h)); if (h == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = h; @@ -1731,8 +1846,8 @@ hdb_ldap_common(krb5_context context, /* XXX */ if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) { LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "strdup: out of memory"); return ENOMEM; } @@ -1740,12 +1855,12 @@ hdb_ldap_common(krb5_context context, h->h_base = strdup(search_base); if (h->h_url == NULL || h->h_base == NULL) { LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "strdup: out of memory"); return ENOMEM; } - create_base = krb5_config_get_string(context, NULL, "kdc", + create_base = krb5_config_get_string(context, NULL, "kdc", "hdb-ldap-create-base", NULL); if (create_base == NULL) create_base = h->h_base; @@ -1753,16 +1868,17 @@ hdb_ldap_common(krb5_context context, h->h_createbase = strdup(create_base); if (h->h_createbase == NULL) { LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "strdup: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; (*db)->hdb_openp = 0; + (*db)->hdb_capability_flags = 0; (*db)->hdb_open = LDAP_open; (*db)->hdb_close = LDAP_close; - (*db)->hdb_fetch = LDAP_fetch; + (*db)->hdb_fetch_kvno = LDAP_fetch_kvno; (*db)->hdb_store = LDAP_store; (*db)->hdb_remove = LDAP_remove; (*db)->hdb_firstkey = LDAP_firstkey; @@ -1792,14 +1908,15 @@ hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg) asprintf(&p, "ldapi:%s", arg); if (p == NULL) { - krb5_set_error_string(context, "out of memory"); *db = NULL; + krb5_set_error_message(context, ENOMEM, "out of memory"); return ENOMEM; } search_base = strchr(p + strlen("ldapi://"), ':'); if (search_base == NULL) { - krb5_set_error_string(context, "search base missing"); *db = NULL; + krb5_set_error_message(context, HDB_ERR_BADVERSION, + "search base missing"); return HDB_ERR_BADVERSION; } *search_base = '\0'; diff --git a/crypto/heimdal/lib/hdb/hdb-mitdb.c b/crypto/heimdal/lib/hdb/hdb-mitdb.c new file mode 100644 index 00000000000..cd619b3b8eb --- /dev/null +++ b/crypto/heimdal/lib/hdb/hdb-mitdb.c @@ -0,0 +1,818 @@ +/* + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001 +#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002 +#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004 +#define KRB5_KDB_DISALLOW_RENEWABLE 0x00000008 +#define KRB5_KDB_DISALLOW_PROXIABLE 0x00000010 +#define KRB5_KDB_DISALLOW_DUP_SKEY 0x00000020 +#define KRB5_KDB_DISALLOW_ALL_TIX 0x00000040 +#define KRB5_KDB_REQUIRES_PRE_AUTH 0x00000080 +#define KRB5_KDB_REQUIRES_HW_AUTH 0x00000100 +#define KRB5_KDB_REQUIRES_PWCHANGE 0x00000200 +#define KRB5_KDB_DISALLOW_SVR 0x00001000 +#define KRB5_KDB_PWCHANGE_SERVICE 0x00002000 +#define KRB5_KDB_SUPPORT_DESMD5 0x00004000 +#define KRB5_KDB_NEW_PRINC 0x00008000 + +/* + +key: krb5_unparse_name + NUL + + 16: baselength + 32: attributes + 32: max time + 32: max renewable time + 32: client expire + 32: passwd expire + 32: last successful passwd + 32: last failed attempt + 32: num of failed attempts + 16: num tl data + 16: num data data + 16: principal length + length: principal + for num tl data times + 16: tl data type + 16: tl data length + length: length + for num key data times + 16: version (num keyblocks) + 16: kvno + for version times: + 16: type + 16: length + length: keydata + + +key_data_contents[0] + + int16: length + read-of-data: key-encrypted, key-usage 0, master-key + +salt: + version2 = salt in key_data->key_data_contents[1] + else default salt. + +*/ + +#include "hdb_locl.h" + +#define KDB_V1_BASE_LENGTH 38 + +#if HAVE_DB1 + +#if defined(HAVE_DB_185_H) +#include +#elif defined(HAVE_DB_H) +#include +#endif + +#define CHECK(x) do { if ((x)) goto out; } while(0) + +static krb5_error_code +mdb_principal2key(krb5_context context, + krb5_const_principal principal, + krb5_data *key) +{ + krb5_error_code ret; + char *str; + + ret = krb5_unparse_name(context, principal, &str); + if (ret) + return ret; + key->data = str; + key->length = strlen(str) + 1; + return 0; +} + +#define KRB5_KDB_SALTTYPE_NORMAL 0 +#define KRB5_KDB_SALTTYPE_V4 1 +#define KRB5_KDB_SALTTYPE_NOREALM 2 +#define KRB5_KDB_SALTTYPE_ONLYREALM 3 +#define KRB5_KDB_SALTTYPE_SPECIAL 4 +#define KRB5_KDB_SALTTYPE_AFS3 5 +#define KRB5_KDB_SALTTYPE_CERTHASH 6 + +static krb5_error_code +fix_salt(krb5_context context, hdb_entry *ent, int key_num) +{ + krb5_error_code ret; + Salt *salt = ent->keys.val[key_num].salt; + /* fix salt type */ + switch((int)salt->type) { + case KRB5_KDB_SALTTYPE_NORMAL: + salt->type = KRB5_PADATA_PW_SALT; + break; + case KRB5_KDB_SALTTYPE_V4: + krb5_data_free(&salt->salt); + salt->type = KRB5_PADATA_PW_SALT; + break; + case KRB5_KDB_SALTTYPE_NOREALM: + { + size_t len; + size_t i; + char *p; + + len = 0; + for (i = 0; i < ent->principal->name.name_string.len; ++i) + len += strlen(ent->principal->name.name_string.val[i]); + ret = krb5_data_alloc (&salt->salt, len); + if (ret) + return ret; + p = salt->salt.data; + for (i = 0; i < ent->principal->name.name_string.len; ++i) { + memcpy (p, + ent->principal->name.name_string.val[i], + strlen(ent->principal->name.name_string.val[i])); + p += strlen(ent->principal->name.name_string.val[i]); + } + + salt->type = KRB5_PADATA_PW_SALT; + break; + } + case KRB5_KDB_SALTTYPE_ONLYREALM: + krb5_data_free(&salt->salt); + ret = krb5_data_copy(&salt->salt, + ent->principal->realm, + strlen(ent->principal->realm)); + if(ret) + return ret; + salt->type = KRB5_PADATA_PW_SALT; + break; + case KRB5_KDB_SALTTYPE_SPECIAL: + salt->type = KRB5_PADATA_PW_SALT; + break; + case KRB5_KDB_SALTTYPE_AFS3: + krb5_data_free(&salt->salt); + ret = krb5_data_copy(&salt->salt, + ent->principal->realm, + strlen(ent->principal->realm)); + if(ret) + return ret; + salt->type = KRB5_PADATA_AFS3_SALT; + break; + case KRB5_KDB_SALTTYPE_CERTHASH: + krb5_data_free(&salt->salt); + free(ent->keys.val[key_num].salt); + ent->keys.val[key_num].salt = NULL; + break; + default: + abort(); + } + return 0; +} + + +static krb5_error_code +mdb_value2entry(krb5_context context, krb5_data *data, krb5_kvno kvno, hdb_entry *entry) +{ + krb5_error_code ret; + krb5_storage *sp; + uint32_t u32; + uint16_t u16, num_keys, num_tl; + size_t i, j; + char *p; + + sp = krb5_storage_from_data(data); + if (sp == NULL) { + krb5_set_error_message(context, ENOMEM, "out of memory"); + return ENOMEM; + } + + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + + /* + * 16: baselength + * + * The story here is that these 16 bits have to be a constant: + * KDB_V1_BASE_LENGTH. Once upon a time a different value here + * would have been used to indicate the presence of "extra data" + * between the "base" contents and the {principal name, TL data, + * keys} that follow it. Nothing supports such "extra data" + * nowadays, so neither do we here. + * + * XXX But... surely we ought to log about this extra data, or skip + * it, or something, in case anyone has MIT KDBs with ancient + * entries in them... Logging would allow the admin to know which + * entries to dump with MIT krb5's kdb5_util. + */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + if (u16 != KDB_V1_BASE_LENGTH) { ret = EINVAL; goto out; } + /* 32: attributes */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + entry->flags.postdate = !(u32 & KRB5_KDB_DISALLOW_POSTDATED); + entry->flags.forwardable = !(u32 & KRB5_KDB_DISALLOW_FORWARDABLE); + entry->flags.initial = !!(u32 & KRB5_KDB_DISALLOW_TGT_BASED); + entry->flags.renewable = !(u32 & KRB5_KDB_DISALLOW_RENEWABLE); + entry->flags.proxiable = !(u32 & KRB5_KDB_DISALLOW_PROXIABLE); + /* DUP_SKEY */ + entry->flags.invalid = !!(u32 & KRB5_KDB_DISALLOW_ALL_TIX); + entry->flags.require_preauth =!!(u32 & KRB5_KDB_REQUIRES_PRE_AUTH); + entry->flags.require_hwauth =!!(u32 & KRB5_KDB_REQUIRES_HW_AUTH); + entry->flags.server = !(u32 & KRB5_KDB_DISALLOW_SVR); + entry->flags.change_pw = !!(u32 & KRB5_KDB_PWCHANGE_SERVICE); + entry->flags.client = 1; /* XXX */ + + /* 32: max time */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + if (u32) { + entry->max_life = malloc(sizeof(*entry->max_life)); + *entry->max_life = u32; + } + /* 32: max renewable time */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + if (u32) { + entry->max_renew = malloc(sizeof(*entry->max_renew)); + *entry->max_renew = u32; + } + /* 32: client expire */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + if (u32) { + entry->valid_end = malloc(sizeof(*entry->valid_end)); + *entry->valid_end = u32; + } + /* 32: passwd expire */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + if (u32) { + entry->pw_end = malloc(sizeof(*entry->pw_end)); + *entry->pw_end = u32; + } + /* 32: last successful passwd */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + /* 32: last failed attempt */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + /* 32: num of failed attempts */ + CHECK(ret = krb5_ret_uint32(sp, &u32)); + /* 16: num tl data */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + num_tl = u16; + /* 16: num key data */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + num_keys = u16; + /* 16: principal length */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + /* length: principal */ + { + /* + * Note that the principal name includes the NUL in the entry, + * but we don't want to take chances, so we add an extra NUL. + */ + p = malloc(u16 + 1); + if (p == NULL) { + ret = ENOMEM; + goto out; + } + krb5_storage_read(sp, p, u16); + p[u16] = '\0'; + CHECK(ret = krb5_parse_name(context, p, &entry->principal)); + free(p); + } + /* for num tl data times + 16: tl data type + 16: tl data length + length: length */ + for (i = 0; i < num_tl; i++) { + /* 16: TL data type */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + /* 16: TL data length */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + krb5_storage_seek(sp, u16, SEEK_CUR); + } + /* + * for num key data times + * 16: "version" + * 16: kvno + * for version times: + * 16: type + * 16: length + * length: keydata + * + * "version" here is really 1 or 2, the first meaning there's only + * keys for this kvno, the second meaning there's keys and salt[s?]. + * That's right... hold that gag reflex, you can do it. + */ + for (i = 0; i < num_keys; i++) { + int keep = 0; + uint16_t version; + void *ptr; + + CHECK(ret = krb5_ret_uint16(sp, &u16)); + version = u16; + CHECK(ret = krb5_ret_uint16(sp, &u16)); + + /* + * First time through, and until we find one matching key, + * entry->kvno == 0. + */ + if ((entry->kvno < u16) && (kvno == 0 || kvno == u16)) { + keep = 1; + entry->kvno = u16; + /* + * Found a higher kvno than earlier, so free the old highest + * kvno keys. + * + * XXX Of course, we actually want to extract the old kvnos + * as well, for some of the kadm5 APIs. We shouldn't free + * these keys, but keep them elsewhere. + */ + for (j = 0; j < entry->keys.len; j++) + free_Key(&entry->keys.val[j]); + free(entry->keys.val); + entry->keys.len = 0; + entry->keys.val = NULL; + } else if (entry->kvno == u16) + /* Accumulate keys */ + keep = 1; + + if (keep) { + Key *k; + + ptr = realloc(entry->keys.val, sizeof(entry->keys.val[0]) * (entry->keys.len + 1)); + if (ptr == NULL) { + ret = ENOMEM; + goto out; + } + entry->keys.val = ptr; + + /* k points to current Key */ + k = &entry->keys.val[entry->keys.len]; + + memset(k, 0, sizeof(*k)); + entry->keys.len += 1; + + k->mkvno = malloc(sizeof(*k->mkvno)); + if (k->mkvno == NULL) { + ret = ENOMEM; + goto out; + } + *k->mkvno = 1; + + for (j = 0; j < version; j++) { + uint16_t type; + CHECK(ret = krb5_ret_uint16(sp, &type)); + CHECK(ret = krb5_ret_uint16(sp, &u16)); + if (j == 0) { + /* This "version" means we have a key */ + k->key.keytype = type; + if (u16 < 2) { + ret = EINVAL; + goto out; + } + /* + * MIT stores keys encrypted keys as {16-bit length + * of plaintext key, {encrypted key}}. The reason + * for this is that the Kerberos cryptosystem is not + * length-preserving. Heimdal's approach is to + * truncate the plaintext to the expected length of + * the key given its enctype, so we ignore this + * 16-bit length-of-plaintext-key field. + */ + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */ + k->key.keyvalue.length = u16 - 2; /* adjust cipher len */ + k->key.keyvalue.data = malloc(k->key.keyvalue.length); + krb5_storage_read(sp, k->key.keyvalue.data, + k->key.keyvalue.length); + } else if (j == 1) { + /* This "version" means we have a salt */ + k->salt = calloc(1, sizeof(*k->salt)); + if (k->salt == NULL) { + ret = ENOMEM; + goto out; + } + k->salt->type = type; + if (u16 != 0) { + k->salt->salt.data = malloc(u16); + if (k->salt->salt.data == NULL) { + ret = ENOMEM; + goto out; + } + k->salt->salt.length = u16; + krb5_storage_read(sp, k->salt->salt.data, k->salt->salt.length); + } + fix_salt(context, entry, entry->keys.len - 1); + } else { + /* + * Whatever this "version" might be, we skip it + * + * XXX A krb5.conf parameter requesting that we log + * about strangeness like this, or return an error + * from here, might be nice. + */ + krb5_storage_seek(sp, u16, SEEK_CUR); + } + } + } else { + /* + * XXX For now we skip older kvnos, but we should extract + * them... + */ + for (j = 0; j < version; j++) { + /* enctype */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + /* encrypted key (or plaintext salt) */ + CHECK(ret = krb5_ret_uint16(sp, &u16)); + krb5_storage_seek(sp, u16, SEEK_CUR); + } + } + } + + if (entry->kvno == 0 && kvno != 0) { + ret = HDB_ERR_NOT_FOUND_HERE; + goto out; + } + + return 0; + out: + if (ret == HEIM_ERR_EOF) + /* Better error code than "end of file" */ + ret = HEIM_ERR_BAD_HDBENT_ENCODING; + return ret; +} + +#if 0 +static krb5_error_code +mdb_entry2value(krb5_context context, hdb_entry *entry, krb5_data *data) +{ + return EINVAL; +} +#endif + + +static krb5_error_code +mdb_close(krb5_context context, HDB *db) +{ + DB *d = (DB*)db->hdb_db; + (*d->close)(d); + return 0; +} + +static krb5_error_code +mdb_destroy(krb5_context context, HDB *db) +{ + krb5_error_code ret; + + ret = hdb_clear_master_key (context, db); + free(db->hdb_name); + free(db); + return ret; +} + +static krb5_error_code +mdb_lock(krb5_context context, HDB *db, int operation) +{ + DB *d = (DB*)db->hdb_db; + int fd = (*d->fd)(d); + if(fd < 0) { + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't lock database: %s", db->hdb_name); + return HDB_ERR_CANT_LOCK_DB; + } + return hdb_lock(fd, operation); +} + +static krb5_error_code +mdb_unlock(krb5_context context, HDB *db) +{ + DB *d = (DB*)db->hdb_db; + int fd = (*d->fd)(d); + if(fd < 0) { + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "Can't unlock database: %s", db->hdb_name); + return HDB_ERR_CANT_LOCK_DB; + } + return hdb_unlock(fd); +} + + +static krb5_error_code +mdb_seq(krb5_context context, HDB *db, + unsigned flags, hdb_entry_ex *entry, int flag) +{ + DB *d = (DB*)db->hdb_db; + DBT key, value; + krb5_data key_data, data; + int code; + + code = db->hdb_lock(context, db, HDB_RLOCK); + if(code == -1) { + krb5_set_error_message(context, HDB_ERR_DB_INUSE, "Database %s in use", db->hdb_name); + return HDB_ERR_DB_INUSE; + } + code = (*d->seq)(d, &key, &value, flag); + db->hdb_unlock(context, db); /* XXX check value */ + if(code == -1) { + code = errno; + krb5_set_error_message(context, code, "Database %s seq error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code == 1) { + krb5_clear_error_message(context); + return HDB_ERR_NOENTRY; + } + + key_data.data = key.data; + key_data.length = key.size; + data.data = value.data; + data.length = value.size; + memset(entry, 0, sizeof(*entry)); + + if (mdb_value2entry(context, &data, 0, &entry->entry)) + return mdb_seq(context, db, flags, entry, R_NEXT); + + if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { + code = hdb_unseal_keys (context, db, &entry->entry); + if (code) + hdb_free_entry (context, entry); + } + + return code; +} + + +static krb5_error_code +mdb_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + return mdb_seq(context, db, flags, entry, R_FIRST); +} + + +static krb5_error_code +mdb_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + return mdb_seq(context, db, flags, entry, R_NEXT); +} + +static krb5_error_code +mdb_rename(krb5_context context, HDB *db, const char *new_name) +{ + int ret; + char *old, *new; + + asprintf(&old, "%s.db", db->hdb_name); + asprintf(&new, "%s.db", new_name); + ret = rename(old, new); + free(old); + free(new); + if(ret) + return errno; + + free(db->hdb_name); + db->hdb_name = strdup(new_name); + return 0; +} + +static krb5_error_code +mdb__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) +{ + DB *d = (DB*)db->hdb_db; + DBT k, v; + int code; + + k.data = key.data; + k.size = key.length; + code = db->hdb_lock(context, db, HDB_RLOCK); + if(code) + return code; + code = (*d->get)(d, &k, &v, 0); + db->hdb_unlock(context, db); + if(code < 0) { + code = errno; + krb5_set_error_message(context, code, "Database %s get error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code == 1) { + krb5_clear_error_message(context); + return HDB_ERR_NOENTRY; + } + + krb5_data_copy(reply, v.data, v.size); + return 0; +} + +static krb5_error_code +mdb__put(krb5_context context, HDB *db, int replace, + krb5_data key, krb5_data value) +{ + DB *d = (DB*)db->hdb_db; + DBT k, v; + int code; + + k.data = key.data; + k.size = key.length; + v.data = value.data; + v.size = value.length; + code = db->hdb_lock(context, db, HDB_WLOCK); + if(code) + return code; + code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE); + db->hdb_unlock(context, db); + if(code < 0) { + code = errno; + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code == 1) { + krb5_clear_error_message(context); + return HDB_ERR_EXISTS; + } + return 0; +} + +static krb5_error_code +mdb__del(krb5_context context, HDB *db, krb5_data key) +{ + DB *d = (DB*)db->hdb_db; + DBT k; + krb5_error_code code; + k.data = key.data; + k.size = key.length; + code = db->hdb_lock(context, db, HDB_WLOCK); + if(code) + return code; + code = (*d->del)(d, &k, 0); + db->hdb_unlock(context, db); + if(code == 1) { + code = errno; + krb5_set_error_message(context, code, "Database %s put error: %s", + db->hdb_name, strerror(code)); + return code; + } + if(code < 0) + return errno; + return 0; +} + +static krb5_error_code +mdb_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, + unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry) +{ + krb5_data key, value; + krb5_error_code code; + + code = mdb_principal2key(context, principal, &key); + if (code) + return code; + code = db->hdb__get(context, db, key, &value); + krb5_data_free(&key); + if(code) + return code; + code = mdb_value2entry(context, &value, kvno, &entry->entry); + krb5_data_free(&value); + if (code) + return code; + + if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { + code = hdb_unseal_keys (context, db, &entry->entry); + if (code) + hdb_free_entry(context, entry); + } + + return 0; +} + +static krb5_error_code +mdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + krb5_set_error_message(context, EINVAL, "can't set principal in mdb"); + return EINVAL; +} + +static krb5_error_code +mdb_remove(krb5_context context, HDB *db, krb5_const_principal principal) +{ + krb5_error_code code; + krb5_data key; + + mdb_principal2key(context, principal, &key); + code = db->hdb__del(context, db, key); + krb5_data_free(&key); + return code; +} + +static krb5_error_code +mdb_open(krb5_context context, HDB *db, int flags, mode_t mode) +{ + char *fn; + krb5_error_code ret; + + asprintf(&fn, "%s.db", db->hdb_name); + if (fn == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); + free(fn); + + if (db->hdb_db == NULL) { + switch (errno) { +#ifdef EFTYPE + case EFTYPE: +#endif + case EINVAL: + db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); + } + } + + /* try to open without .db extension */ + if(db->hdb_db == NULL && errno == ENOENT) + db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); + if(db->hdb_db == NULL) { + ret = errno; + krb5_set_error_message(context, ret, "dbopen (%s): %s", + db->hdb_name, strerror(ret)); + return ret; + } + if((flags & O_ACCMODE) == O_RDONLY) + ret = hdb_check_db_format(context, db); + else + ret = hdb_init_db(context, db); + if(ret == HDB_ERR_NOENTRY) { + krb5_clear_error_message(context); + return 0; + } + if (ret) { + mdb_close(context, db); + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); + } + return ret; +} + +krb5_error_code +hdb_mdb_create(krb5_context context, HDB **db, + const char *filename) +{ + *db = calloc(1, sizeof(**db)); + if (*db == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + + (*db)->hdb_db = NULL; + (*db)->hdb_name = strdup(filename); + if ((*db)->hdb_name == NULL) { + free(*db); + *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + (*db)->hdb_master_key_set = 0; + (*db)->hdb_openp = 0; + (*db)->hdb_capability_flags = 0; + (*db)->hdb_open = mdb_open; + (*db)->hdb_close = mdb_close; + (*db)->hdb_fetch_kvno = mdb_fetch_kvno; + (*db)->hdb_store = mdb_store; + (*db)->hdb_remove = mdb_remove; + (*db)->hdb_firstkey = mdb_firstkey; + (*db)->hdb_nextkey= mdb_nextkey; + (*db)->hdb_lock = mdb_lock; + (*db)->hdb_unlock = mdb_unlock; + (*db)->hdb_rename = mdb_rename; + (*db)->hdb__get = mdb__get; + (*db)->hdb__put = mdb__put; + (*db)->hdb__del = mdb__del; + (*db)->hdb_destroy = mdb_destroy; + return 0; +} + +#endif /* HAVE_DB1 */ diff --git a/crypto/heimdal/lib/hdb/hdb-private.h b/crypto/heimdal/lib/hdb/hdb-private.h index 5147d8b90bd..8a748694424 100644 --- a/crypto/heimdal/lib/hdb/hdb-private.h +++ b/crypto/heimdal/lib/hdb/hdb-private.h @@ -5,11 +5,12 @@ #include krb5_error_code -_hdb_fetch ( +_hdb_fetch_kvno ( krb5_context /*context*/, HDB */*db*/, krb5_const_principal /*principal*/, unsigned /*flags*/, + krb5_kvno /*kvno*/, hdb_entry_ex */*entry*/); hdb_master_key @@ -17,6 +18,12 @@ _hdb_find_master_key ( uint32_t */*mkvno*/, hdb_master_key /*mkey*/); +krb5_error_code +_hdb_keytab2hdb_entry ( + krb5_context /*context*/, + const krb5_keytab_entry */*ktentry*/, + hdb_entry_ex */*entry*/); + int _hdb_mkey_decrypt ( krb5_context /*context*/, diff --git a/crypto/heimdal/lib/hdb/hdb-protos.h b/crypto/heimdal/lib/hdb/hdb-protos.h index 4c3d3eb1ab1..44a1bddc762 100644 --- a/crypto/heimdal/lib/hdb/hdb-protos.h +++ b/crypto/heimdal/lib/hdb/hdb-protos.h @@ -145,6 +145,11 @@ hdb_entry_get_pkinit_acl ( const hdb_entry */*entry*/, const HDB_Ext_PKINIT_acl **/*a*/); +krb5_error_code +hdb_entry_get_pkinit_cert ( + const hdb_entry */*entry*/, + const HDB_Ext_PKINIT_cert **/*a*/); + krb5_error_code hdb_entry_get_pkinit_hash ( const hdb_entry */*entry*/, @@ -238,11 +243,10 @@ hdb_key2principal ( krb5_principal /*p*/); krb5_error_code -hdb_ldap_common ( +hdb_keytab_create ( krb5_context /*context*/, HDB ** /*db*/, - const char */*search_base*/, - const char */*url*/); + const char */*arg*/); krb5_error_code hdb_ldap_create ( @@ -266,6 +270,12 @@ hdb_lock ( int /*fd*/, int /*operation*/); +krb5_error_code +hdb_mdb_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*filename*/); + krb5_error_code hdb_ndbm_create ( krb5_context /*context*/, @@ -348,6 +358,12 @@ hdb_set_master_keyfile ( HDB */*db*/, const char */*keyfile*/); +krb5_error_code +hdb_sqlite_create ( + krb5_context /*context*/, + HDB **/*db*/, + const char */*argument*/); + krb5_error_code hdb_unlock (int /*fd*/); diff --git a/crypto/heimdal/lib/hdb/hdb-sqlite.c b/crypto/heimdal/lib/hdb/hdb-sqlite.c new file mode 100644 index 00000000000..e063588874a --- /dev/null +++ b/crypto/heimdal/lib/hdb/hdb-sqlite.c @@ -0,0 +1,879 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hdb_locl.h" +#include "sqlite3.h" + +#define MAX_RETRIES 10 + +typedef struct hdb_sqlite_db { + double version; + sqlite3 *db; + char *db_file; + + sqlite3_stmt *get_version; + sqlite3_stmt *fetch; + sqlite3_stmt *get_ids; + sqlite3_stmt *add_entry; + sqlite3_stmt *add_principal; + sqlite3_stmt *add_alias; + sqlite3_stmt *delete_aliases; + sqlite3_stmt *update_entry; + sqlite3_stmt *remove; + sqlite3_stmt *get_all_entries; + +} hdb_sqlite_db; + +/* This should be used to mark updates which make the code incompatible + * with databases created with previous versions. Don't update it if + * compatibility is not broken. */ +#define HDBSQLITE_VERSION 0.1 + +#define _HDBSQLITE_STRINGIFY(x) #x +#define HDBSQLITE_STRINGIFY(x) _HDBSQLITE_STRINGIFY(x) + +#define HDBSQLITE_CREATE_TABLES \ + " BEGIN TRANSACTION;" \ + " CREATE TABLE Version (number REAL);" \ + " INSERT INTO Version (number)" \ + " VALUES (" HDBSQLITE_STRINGIFY(HDBSQLITE_VERSION) ");" \ + " CREATE TABLE Principal" \ + " (id INTEGER PRIMARY KEY," \ + " principal TEXT UNIQUE NOT NULL," \ + " canonical INTEGER," \ + " entry INTEGER);" \ + " CREATE TABLE Entry" \ + " (id INTEGER PRIMARY KEY," \ + " data BLOB);" \ + " COMMIT" +#define HDBSQLITE_CREATE_TRIGGERS \ + " CREATE TRIGGER remove_principals AFTER DELETE ON Entry" \ + " BEGIN" \ + " DELETE FROM Principal" \ + " WHERE entry = OLD.id;" \ + " END" +#define HDBSQLITE_GET_VERSION \ + " SELECT number FROM Version" +#define HDBSQLITE_FETCH \ + " SELECT Entry.data FROM Principal, Entry" \ + " WHERE Principal.principal = ? AND" \ + " Entry.id = Principal.entry" +#define HDBSQLITE_GET_IDS \ + " SELECT id, entry FROM Principal" \ + " WHERE principal = ?" +#define HDBSQLITE_ADD_ENTRY \ + " INSERT INTO Entry (data) VALUES (?)" +#define HDBSQLITE_ADD_PRINCIPAL \ + " INSERT INTO Principal (principal, entry, canonical)" \ + " VALUES (?, last_insert_rowid(), 1)" +#define HDBSQLITE_ADD_ALIAS \ + " INSERT INTO Principal (principal, entry, canonical)" \ + " VALUES(?, ?, 0)" +#define HDBSQLITE_DELETE_ALIASES \ + " DELETE FROM Principal" \ + " WHERE entry = ? AND canonical = 0" +#define HDBSQLITE_UPDATE_ENTRY \ + " UPDATE Entry SET data = ?" \ + " WHERE id = ?" +#define HDBSQLITE_REMOVE \ + " DELETE FROM ENTRY WHERE id = " \ + " (SELECT entry FROM Principal" \ + " WHERE principal = ?)" +#define HDBSQLITE_GET_ALL_ENTRIES \ + " SELECT data FROM Entry" + +/** + * Wrapper around sqlite3_prepare_v2. + * + * @param context The current krb5 context + * @param statement Where to store the pointer to the statement + * after preparing it + * @param str SQL code for the statement + * + * @return 0 if OK, an error code if not + */ +static krb5_error_code +hdb_sqlite_prepare_stmt(krb5_context context, + sqlite3 *db, + sqlite3_stmt **statement, + const char *str) +{ + int ret, tries = 0; + + ret = sqlite3_prepare_v2(db, str, -1, statement, NULL); + while((tries++ < MAX_RETRIES) && + ((ret == SQLITE_BUSY) || + (ret == SQLITE_IOERR_BLOCKED) || + (ret == SQLITE_LOCKED))) { + krb5_warnx(context, "hdb-sqlite: prepare busy"); + sleep(1); + ret = sqlite3_prepare_v2(db, str, -1, statement, NULL); + } + + if (ret != SQLITE_OK) { + krb5_set_error_message(context, EINVAL, + "Failed to prepare stmt %s: %s", + str, sqlite3_errmsg(db)); + return EINVAL; + } + + return 0; +} + +/** + * A wrapper around sqlite3_exec. + * + * @param context The current krb5 context + * @param database An open sqlite3 database handle + * @param statement SQL code to execute + * @param error_code What to return if the statement fails + * + * @return 0 if OK, else error_code + */ +static krb5_error_code +hdb_sqlite_exec_stmt(krb5_context context, + sqlite3 *database, + const char *statement, + krb5_error_code error_code) +{ + int ret; + + ret = sqlite3_exec(database, statement, NULL, NULL, NULL); + + while(((ret == SQLITE_BUSY) || + (ret == SQLITE_IOERR_BLOCKED) || + (ret == SQLITE_LOCKED))) { + krb5_warnx(context, "hdb-sqlite: exec busy: %d", (int)getpid()); + sleep(1); + ret = sqlite3_exec(database, statement, NULL, NULL, NULL); + } + + if (ret != SQLITE_OK && error_code) { + krb5_set_error_message(context, error_code, + "Execute %s: %s", statement, + sqlite3_errmsg(database)); + return error_code; + } + + return 0; +} + +/** + * Opens an sqlite3 database handle to a file, may create the + * database file depending on flags. + * + * @param context The current krb5 context + * @param db Heimdal database handle + * @param flags Controls whether or not the file may be created, + * may be 0 or SQLITE_OPEN_CREATE + */ +static krb5_error_code +hdb_sqlite_open_database(krb5_context context, HDB *db, int flags) +{ + int ret; + hdb_sqlite_db *hsdb = (hdb_sqlite_db*) db->hdb_db; + + ret = sqlite3_open_v2(hsdb->db_file, &hsdb->db, + SQLITE_OPEN_READWRITE | flags, NULL); + + if (ret) { + if (hsdb->db) { + ret = ENOENT; + krb5_set_error_message(context, ret, + "Error opening sqlite database %s: %s", + hsdb->db_file, sqlite3_errmsg(hsdb->db)); + sqlite3_close(hsdb->db); + hsdb->db = NULL; + } else + ret = krb5_enomem(context); + return ret; + } + + return 0; +} + +static int +hdb_sqlite_step(krb5_context context, sqlite3 *db, sqlite3_stmt *stmt) +{ + int ret; + + ret = sqlite3_step(stmt); + while(((ret == SQLITE_BUSY) || + (ret == SQLITE_IOERR_BLOCKED) || + (ret == SQLITE_LOCKED))) { + krb5_warnx(context, "hdb-sqlite: step busy: %d", (int)getpid()); + sleep(1); + ret = sqlite3_step(stmt); + } + return ret; +} + +/** + * Closes the database and frees memory allocated for statements. + * + * @param context The current krb5 context + * @param db Heimdal database handle + */ +static krb5_error_code +hdb_sqlite_close_database(krb5_context context, HDB *db) +{ + hdb_sqlite_db *hsdb = (hdb_sqlite_db *) db->hdb_db; + + sqlite3_finalize(hsdb->get_version); + sqlite3_finalize(hsdb->fetch); + sqlite3_finalize(hsdb->get_ids); + sqlite3_finalize(hsdb->add_entry); + sqlite3_finalize(hsdb->add_principal); + sqlite3_finalize(hsdb->add_alias); + sqlite3_finalize(hsdb->delete_aliases); + sqlite3_finalize(hsdb->update_entry); + sqlite3_finalize(hsdb->remove); + sqlite3_finalize(hsdb->get_all_entries); + + sqlite3_close(hsdb->db); + + return 0; +} + +/** + * Opens an sqlite database file and prepares it for use. + * If the file does not exist it will be created. + * + * @param context The current krb5_context + * @param db The heimdal database handle + * @param filename Where to store the database file + * + * @return 0 if everything worked, an error code if not + */ +static krb5_error_code +hdb_sqlite_make_database(krb5_context context, HDB *db, const char *filename) +{ + int ret; + int created_file = 0; + hdb_sqlite_db *hsdb = (hdb_sqlite_db *) db->hdb_db; + + hsdb->db_file = strdup(filename); + if(hsdb->db_file == NULL) + return ENOMEM; + + ret = hdb_sqlite_open_database(context, db, 0); + if (ret) { + ret = hdb_sqlite_open_database(context, db, SQLITE_OPEN_CREATE); + if (ret) goto out; + + created_file = 1; + + ret = hdb_sqlite_exec_stmt(context, hsdb->db, + HDBSQLITE_CREATE_TABLES, + EINVAL); + if (ret) goto out; + + ret = hdb_sqlite_exec_stmt(context, hsdb->db, + HDBSQLITE_CREATE_TRIGGERS, + EINVAL); + if (ret) goto out; + } + + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->get_version, + HDBSQLITE_GET_VERSION); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->fetch, + HDBSQLITE_FETCH); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->get_ids, + HDBSQLITE_GET_IDS); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->add_entry, + HDBSQLITE_ADD_ENTRY); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->add_principal, + HDBSQLITE_ADD_PRINCIPAL); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->add_alias, + HDBSQLITE_ADD_ALIAS); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->delete_aliases, + HDBSQLITE_DELETE_ALIASES); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->update_entry, + HDBSQLITE_UPDATE_ENTRY); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->remove, + HDBSQLITE_REMOVE); + if (ret) goto out; + ret = hdb_sqlite_prepare_stmt(context, hsdb->db, + &hsdb->get_all_entries, + HDBSQLITE_GET_ALL_ENTRIES); + if (ret) goto out; + + ret = hdb_sqlite_step(context, hsdb->db, hsdb->get_version); + if(ret == SQLITE_ROW) { + hsdb->version = sqlite3_column_double(hsdb->get_version, 0); + } + sqlite3_reset(hsdb->get_version); + ret = 0; + + if(hsdb->version != HDBSQLITE_VERSION) { + ret = EINVAL; + krb5_set_error_message(context, ret, "HDBSQLITE_VERSION mismatch"); + } + + if(ret) goto out; + + return 0; + + out: + if (hsdb->db) + sqlite3_close(hsdb->db); + if (created_file) + unlink(hsdb->db_file); + + return ret; +} + +/** + * Retrieves an entry by searching for the given + * principal in the Principal database table, both + * for canonical principals and aliases. + * + * @param context The current krb5_context + * @param db Heimdal database handle + * @param principal The principal whose entry to search for + * @param flags Currently only for HDB_F_DECRYPT + * @param kvno kvno to fetch is HDB_F_KVNO_SPECIFIED use used + * + * @return 0 if everything worked, an error code if not + */ +static krb5_error_code +hdb_sqlite_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal principal, + unsigned flags, krb5_kvno kvno, hdb_entry_ex *entry) +{ + int sqlite_error; + krb5_error_code ret; + char *principal_string; + hdb_sqlite_db *hsdb = (hdb_sqlite_db*)(db->hdb_db); + sqlite3_stmt *fetch = hsdb->fetch; + krb5_data value; + + ret = krb5_unparse_name(context, principal, &principal_string); + if (ret) { + free(principal_string); + return ret; + } + + sqlite3_bind_text(fetch, 1, principal_string, -1, SQLITE_STATIC); + + sqlite_error = hdb_sqlite_step(context, hsdb->db, fetch); + if (sqlite_error != SQLITE_ROW) { + if(sqlite_error == SQLITE_DONE) { + ret = HDB_ERR_NOENTRY; + goto out; + } else { + ret = EINVAL; + krb5_set_error_message(context, ret, + "sqlite fetch failed: %d", + sqlite_error); + goto out; + } + } + + value.length = sqlite3_column_bytes(fetch, 0); + value.data = (void *) sqlite3_column_blob(fetch, 0); + + ret = hdb_value2entry(context, &value, &entry->entry); + if(ret) + goto out; + + if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { + ret = hdb_unseal_keys(context, db, &entry->entry); + if(ret) { + hdb_free_entry(context, entry); + goto out; + } + } + + ret = 0; + +out: + + sqlite3_clear_bindings(fetch); + sqlite3_reset(fetch); + + free(principal_string); + + return ret; +} + +/** + * Convenience function to step a prepared statement with no + * value once. + * + * @param context The current krb5_context + * @param statement A prepared sqlite3 statement + * + * @return 0 if everything worked, an error code if not + */ +static krb5_error_code +hdb_sqlite_step_once(krb5_context context, HDB *db, sqlite3_stmt *statement) +{ + int ret; + hdb_sqlite_db *hsdb = (hdb_sqlite_db *) db->hdb_db; + + ret = hdb_sqlite_step(context, hsdb->db, statement); + sqlite3_clear_bindings(statement); + sqlite3_reset(statement); + + return ret; +} + + +/** + * Stores an hdb_entry in the database. If flags contains HDB_F_REPLACE + * a previous entry may be replaced. + * + * @param context The current krb5_context + * @param db Heimdal database handle + * @param flags May currently only contain HDB_F_REPLACE + * @param entry The data to store + * + * @return 0 if everything worked, an error code if not + */ +static krb5_error_code +hdb_sqlite_store(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + int ret; + int i; + sqlite_int64 entry_id; + char *principal_string = NULL; + char *alias_string; + const HDB_Ext_Aliases *aliases; + + hdb_sqlite_db *hsdb = (hdb_sqlite_db *)(db->hdb_db); + krb5_data value; + sqlite3_stmt *get_ids = hsdb->get_ids; + + ret = hdb_sqlite_exec_stmt(context, hsdb->db, + "BEGIN IMMEDIATE TRANSACTION", EINVAL); + if(ret != SQLITE_OK) { + ret = EINVAL; + krb5_set_error_message(context, ret, + "SQLite BEGIN TRANSACTION failed: %s", + sqlite3_errmsg(hsdb->db)); + goto rollback; + } + + ret = krb5_unparse_name(context, + entry->entry.principal, &principal_string); + if (ret) { + goto rollback; + } + + ret = hdb_seal_keys(context, db, &entry->entry); + if(ret) { + goto rollback; + } + + ret = hdb_entry2value(context, &entry->entry, &value); + if(ret) { + goto rollback; + } + + sqlite3_bind_text(get_ids, 1, principal_string, -1, SQLITE_STATIC); + ret = hdb_sqlite_step(context, hsdb->db, get_ids); + + if(ret == SQLITE_DONE) { /* No such principal */ + + sqlite3_bind_blob(hsdb->add_entry, 1, + value.data, value.length, SQLITE_STATIC); + ret = hdb_sqlite_step(context, hsdb->db, hsdb->add_entry); + sqlite3_clear_bindings(hsdb->add_entry); + sqlite3_reset(hsdb->add_entry); + if(ret != SQLITE_DONE) + goto rollback; + + sqlite3_bind_text(hsdb->add_principal, 1, + principal_string, -1, SQLITE_STATIC); + ret = hdb_sqlite_step(context, hsdb->db, hsdb->add_principal); + sqlite3_clear_bindings(hsdb->add_principal); + sqlite3_reset(hsdb->add_principal); + if(ret != SQLITE_DONE) + goto rollback; + + entry_id = sqlite3_column_int64(get_ids, 1); + + } else if(ret == SQLITE_ROW) { /* Found a principal */ + + if(! (flags & HDB_F_REPLACE)) /* Not allowed to replace it */ + goto rollback; + + entry_id = sqlite3_column_int64(get_ids, 1); + + sqlite3_bind_int64(hsdb->delete_aliases, 1, entry_id); + ret = hdb_sqlite_step_once(context, db, hsdb->delete_aliases); + if(ret != SQLITE_DONE) + goto rollback; + + sqlite3_bind_blob(hsdb->update_entry, 1, + value.data, value.length, SQLITE_STATIC); + sqlite3_bind_int64(hsdb->update_entry, 2, entry_id); + ret = hdb_sqlite_step_once(context, db, hsdb->update_entry); + if(ret != SQLITE_DONE) + goto rollback; + + } else { + /* Error! */ + goto rollback; + } + + ret = hdb_entry_get_aliases(&entry->entry, &aliases); + if(ret || aliases == NULL) + goto commit; + + for(i = 0; i < aliases->aliases.len; i++) { + + ret = krb5_unparse_name(context, &aliases->aliases.val[i], + &alias_string); + if (ret) { + free(alias_string); + goto rollback; + } + + sqlite3_bind_text(hsdb->add_alias, 1, alias_string, + -1, SQLITE_STATIC); + sqlite3_bind_int64(hsdb->add_alias, 2, entry_id); + ret = hdb_sqlite_step_once(context, db, hsdb->add_alias); + + free(alias_string); + + if(ret != SQLITE_DONE) + goto rollback; + } + + ret = 0; + +commit: + + free(principal_string); + + krb5_data_free(&value); + + sqlite3_clear_bindings(get_ids); + sqlite3_reset(get_ids); + + ret = hdb_sqlite_exec_stmt(context, hsdb->db, "COMMIT", EINVAL); + if(ret != SQLITE_OK) + krb5_warnx(context, "hdb-sqlite: COMMIT problem: %d: %s", + ret, sqlite3_errmsg(hsdb->db)); + + return ret; + +rollback: + + krb5_warnx(context, "hdb-sqlite: store rollback problem: %d: %s", + ret, sqlite3_errmsg(hsdb->db)); + + free(principal_string); + + ret = hdb_sqlite_exec_stmt(context, hsdb->db, + "ROLLBACK", EINVAL); + return ret; +} + +/** + * This may be called often by other code, since the BDB backends + * can not have several open connections. SQLite can handle + * many processes with open handles to the database file + * and closing/opening the handle is an expensive operation. + * Hence, this function does nothing. + * + * @param context The current krb5 context + * @param db Heimdal database handle + * + * @return Always returns 0 + */ +static krb5_error_code +hdb_sqlite_close(krb5_context context, HDB *db) +{ + return 0; +} + +/** + * The opposite of hdb_sqlite_close. Since SQLite accepts + * many open handles to the database file the handle does not + * need to be closed, or reopened. + * + * @param context The current krb5 context + * @param db Heimdal database handle + * @param flags + * @param mode_t + * + * @return Always returns 0 + */ +static krb5_error_code +hdb_sqlite_open(krb5_context context, HDB *db, int flags, mode_t mode) +{ + return 0; +} + +/** + * Closes the databse and frees all resources. + * + * @param context The current krb5 context + * @param db Heimdal database handle + * + * @return 0 on success, an error code if not + */ +static krb5_error_code +hdb_sqlite_destroy(krb5_context context, HDB *db) +{ + int ret; + hdb_sqlite_db *hsdb; + + ret = hdb_clear_master_key(context, db); + + hdb_sqlite_close_database(context, db); + + hsdb = (hdb_sqlite_db*)(db->hdb_db); + + free(hsdb->db_file); + free(db->hdb_db); + free(db); + + return ret; +} + +/* + * Not sure if this is needed. + */ +static krb5_error_code +hdb_sqlite_lock(krb5_context context, HDB *db, int operation) +{ + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "lock not implemented"); + return HDB_ERR_CANT_LOCK_DB; +} + +/* + * Not sure if this is needed. + */ +static krb5_error_code +hdb_sqlite_unlock(krb5_context context, HDB *db) +{ + krb5_set_error_message(context, HDB_ERR_CANT_LOCK_DB, + "unlock not implemented"); + return HDB_ERR_CANT_LOCK_DB; +} + +/* + * Should get the next entry, to allow iteration over all entries. + */ +static krb5_error_code +hdb_sqlite_nextkey(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + krb5_error_code ret = 0; + int sqlite_error; + krb5_data value; + + hdb_sqlite_db *hsdb = (hdb_sqlite_db *) db->hdb_db; + + sqlite_error = hdb_sqlite_step(context, hsdb->db, hsdb->get_all_entries); + if(sqlite_error == SQLITE_ROW) { + /* Found an entry */ + value.length = sqlite3_column_bytes(hsdb->get_all_entries, 0); + value.data = (void *) sqlite3_column_blob(hsdb->get_all_entries, 0); + memset(entry, 0, sizeof(*entry)); + ret = hdb_value2entry(context, &value, &entry->entry); + } + else if(sqlite_error == SQLITE_DONE) { + /* No more entries */ + ret = HDB_ERR_NOENTRY; + sqlite3_reset(hsdb->get_all_entries); + } + else { + /* XXX SQLite error. Should be handled in some way. */ + ret = EINVAL; + } + + return ret; +} + +/* + * Should get the first entry in the database. + * What is flags used for? + */ +static krb5_error_code +hdb_sqlite_firstkey(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + hdb_sqlite_db *hsdb = (hdb_sqlite_db *) db->hdb_db; + krb5_error_code ret; + + sqlite3_reset(hsdb->get_all_entries); + + ret = hdb_sqlite_nextkey(context, db, flags, entry); + if(ret) + return ret; + + return 0; +} + +/* + * Renames the database file. + */ +static krb5_error_code +hdb_sqlite_rename(krb5_context context, HDB *db, const char *new_name) +{ + hdb_sqlite_db *hsdb = (hdb_sqlite_db *) db->hdb_db; + int ret; + + krb5_warnx(context, "hdb_sqlite_rename"); + + if (strncasecmp(new_name, "sqlite:", 7) == 0) + new_name += 7; + + hdb_sqlite_close_database(context, db); + + ret = rename(hsdb->db_file, new_name); + free(hsdb->db_file); + + hdb_sqlite_make_database(context, db, new_name); + + return ret; +} + +/* + * Removes a principal, including aliases and associated entry. + */ +static krb5_error_code +hdb_sqlite_remove(krb5_context context, HDB *db, + krb5_const_principal principal) +{ + krb5_error_code ret; + char *principal_string; + hdb_sqlite_db *hsdb = (hdb_sqlite_db*)(db->hdb_db); + sqlite3_stmt *remove = hsdb->remove; + + ret = krb5_unparse_name(context, principal, &principal_string); + if (ret) { + free(principal_string); + return ret; + } + + sqlite3_bind_text(remove, 1, principal_string, -1, SQLITE_STATIC); + + ret = hdb_sqlite_step(context, hsdb->db, remove); + if (ret != SQLITE_DONE) { + ret = EINVAL; + krb5_set_error_message(context, ret, + "sqlite remove failed: %d", + ret); + } else + ret = 0; + + sqlite3_clear_bindings(remove); + sqlite3_reset(remove); + + return ret; +} + +/** + * Create SQLITE object, and creates the on disk database if its doesn't exists. + * + * @param context A Kerberos 5 context. + * @param db a returned database handle. + * @param argument filename + * + * @return 0 on success, an error code if not + */ + +krb5_error_code +hdb_sqlite_create(krb5_context context, HDB **db, const char *argument) +{ + krb5_error_code ret; + hdb_sqlite_db *hsdb; + + *db = calloc(1, sizeof (**db)); + if (*db == NULL) + return krb5_enomem(context); + + hsdb = (hdb_sqlite_db*) calloc(1, sizeof (*hsdb)); + if (hsdb == NULL) { + free(*db); + *db = NULL; + return krb5_enomem(context); + } + + (*db)->hdb_db = hsdb; + + /* XXX make_database should make sure everything else is freed on error */ + ret = hdb_sqlite_make_database(context, *db, argument); + if (ret) { + free((*db)->hdb_db); + free(*db); + + return ret; + } + + (*db)->hdb_master_key_set = 0; + (*db)->hdb_openp = 0; + (*db)->hdb_capability_flags = 0; + + (*db)->hdb_open = hdb_sqlite_open; + (*db)->hdb_close = hdb_sqlite_close; + + (*db)->hdb_lock = hdb_sqlite_lock; + (*db)->hdb_unlock = hdb_sqlite_unlock; + (*db)->hdb_firstkey = hdb_sqlite_firstkey; + (*db)->hdb_nextkey = hdb_sqlite_nextkey; + (*db)->hdb_fetch_kvno = hdb_sqlite_fetch_kvno; + (*db)->hdb_store = hdb_sqlite_store; + (*db)->hdb_remove = hdb_sqlite_remove; + (*db)->hdb_destroy = hdb_sqlite_destroy; + (*db)->hdb_rename = hdb_sqlite_rename; + (*db)->hdb__get = NULL; + (*db)->hdb__put = NULL; + (*db)->hdb__del = NULL; + + return 0; +} diff --git a/crypto/heimdal/lib/hdb/hdb.asn1 b/crypto/heimdal/lib/hdb/hdb.asn1 index acd8f61d7e8..a72851c9f20 100644 --- a/crypto/heimdal/lib/hdb/hdb.asn1 +++ b/crypto/heimdal/lib/hdb/hdb.asn1 @@ -1,4 +1,4 @@ --- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $ +-- $Id$ HDB DEFINITIONS ::= BEGIN @@ -13,7 +13,8 @@ hdb-afs3-salt INTEGER ::= 10 Salt ::= SEQUENCE { type[0] INTEGER (0..4294967295), - salt[1] OCTET STRING + salt[1] OCTET STRING, + opaque[2] OCTET STRING OPTIONAL } Key ::= SEQUENCE { @@ -44,7 +45,9 @@ HDBFlags ::= BIT STRING { immutable(13), -- may not be deleted trusted-for-delegation(14), -- Trusted to print forwardabled tickets allow-kerberos4(15), -- Allow Kerberos 4 requests - allow-digest(16) -- Allow digest requests + allow-digest(16), -- Allow digest requests + locked-out(17) -- Account is locked out, + -- authentication will be denied } GENERATION ::= SEQUENCE { @@ -64,6 +67,10 @@ HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE { digest[1] OCTET STRING } +HDB-Ext-PKINIT-cert ::= SEQUENCE OF SEQUENCE { + cert[0] OCTET STRING +} + HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal -- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA @@ -94,6 +101,7 @@ HDB-extension ::= SEQUENCE { password[5] HDB-Ext-Password, aliases[6] HDB-Ext-Aliases, last-pw-change[7] KerberosTime, + pkinit-cert[8] HDB-Ext-PKINIT-cert, ... }, ... @@ -101,6 +109,10 @@ HDB-extension ::= SEQUENCE { HDB-extensions ::= SEQUENCE OF HDB-extension +hdb_keyset ::= SEQUENCE { + kvno[1] INTEGER (0..4294967295), + keys[0] SEQUENCE OF Key +} hdb_entry ::= SEQUENCE { principal[0] Principal OPTIONAL, -- this is optional only diff --git a/crypto/heimdal/lib/hdb/hdb.c b/crypto/heimdal/lib/hdb/hdb.c index a515709639c..ca05cc4a178 100644 --- a/crypto/heimdal/lib/hdb/hdb.c +++ b/crypto/heimdal/lib/hdb/hdb.c @@ -1,70 +1,95 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ +#include "krb5_locl.h" #include "hdb_locl.h" -RCSID("$Id: hdb.c 20214 2007-02-09 21:51:10Z lha $"); - #ifdef HAVE_DLFCN_H #include #endif -struct hdb_method { - const char *prefix; - krb5_error_code (*create)(krb5_context, HDB **, const char *filename); -}; +/*! @mainpage Heimdal database backend library + * + * @section intro Introduction + * + * Heimdal libhdb library provides the backend support for Heimdal kdc + * and kadmind. Its here where plugins for diffrent database engines + * can be pluged in and extend support for here Heimdal get the + * principal and policy data from. + * + * Example of Heimdal backend are: + * - Berkeley DB 1.85 + * - Berkeley DB 3.0 + * - Berkeley DB 4.0 + * - New Berkeley DB + * - LDAP + * + * + * The project web page: http://www.h5l.org/ + * + */ + +const int hdb_interface_version = HDB_INTERFACE_VERSION; static struct hdb_method methods[] = { #if HAVE_DB1 || HAVE_DB3 - {"db:", hdb_db_create}, + { HDB_INTERFACE_VERSION, "db:", hdb_db_create}, +#endif +#if HAVE_DB1 + { HDB_INTERFACE_VERSION, "mit-db:", hdb_mdb_create}, #endif #if HAVE_NDBM - {"ndbm:", hdb_ndbm_create}, + { HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create}, #endif + { HDB_INTERFACE_VERSION, "keytab:", hdb_keytab_create}, #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) - {"ldap:", hdb_ldap_create}, - {"ldapi:", hdb_ldapi_create}, + { HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create}, + { HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create}, #endif -#ifdef HAVE_LDB /* Used for integrated samba build */ - {"ldb:", hdb_ldb_create}, +#ifdef HAVE_SQLITE3 + { HDB_INTERFACE_VERSION, "sqlite:", hdb_sqlite_create}, #endif - {NULL, NULL} + {0, NULL, NULL} }; #if HAVE_DB1 || HAVE_DB3 -static struct hdb_method dbmetod = {"", hdb_db_create }; +static struct hdb_method dbmetod = + { HDB_INTERFACE_VERSION, "", hdb_db_create }; #elif defined(HAVE_NDBM) -static struct hdb_method dbmetod = {"", hdb_ndbm_create }; +static struct hdb_method dbmetod = + { HDB_INTERFACE_VERSION, "", hdb_ndbm_create }; #endif @@ -75,25 +100,26 @@ hdb_next_enctype2key(krb5_context context, Key **key) { Key *k; - + for (k = *key ? (*key) + 1 : e->keys.val; - k < e->keys.val + e->keys.len; - k++) + k < e->keys.val + e->keys.len; + k++) { if(k->key.keytype == enctype){ *key = k; return 0; } } - krb5_set_error_string(context, "No next enctype %d for hdb-entry", + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "No next enctype %d for hdb-entry", (int)enctype); return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ } krb5_error_code -hdb_enctype2key(krb5_context context, - hdb_entry *e, - krb5_enctype enctype, +hdb_enctype2key(krb5_context context, + hdb_entry *e, + krb5_enctype enctype, Key **key) { *key = NULL; @@ -103,7 +129,7 @@ hdb_enctype2key(krb5_context context, void hdb_free_key(Key *key) { - memset(key->key.keyvalue.data, + memset(key->key.keyvalue.data, 0, key->key.keyvalue.length); free_Key(key); @@ -142,7 +168,7 @@ hdb_unlock(int fd) void hdb_free_entry(krb5_context context, hdb_entry_ex *ent) { - int i; + size_t i; if (ent->free_entry) (*ent->free_entry)(context, ent); @@ -166,7 +192,7 @@ hdb_foreach(krb5_context context, hdb_entry_ex entry; ret = db->hdb_firstkey(context, db, flags, &entry); if (ret == 0) - krb5_clear_error_string(context); + krb5_clear_error_message(context); while(ret == 0){ ret = (*func)(context, db, &entry, data); hdb_free_entry(context, &entry); @@ -191,7 +217,7 @@ hdb_check_db_format(krb5_context context, HDB *db) if (ret) return ret; - tag.data = HDB_DB_FORMAT_ENTRY; + tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); ret = (*db->hdb__get)(context, db, tag, &version); ret2 = db->hdb_unlock(context, db); @@ -215,16 +241,16 @@ hdb_init_db(krb5_context context, HDB *db) krb5_data tag; krb5_data version; char ver[32]; - + ret = hdb_check_db_format(context, db); if(ret != HDB_ERR_NOENTRY) return ret; - + ret = db->hdb_lock(context, db, HDB_WLOCK); if (ret) return ret; - tag.data = HDB_DB_FORMAT_ENTRY; + tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT); version.data = ver; @@ -233,7 +259,7 @@ hdb_init_db(krb5_context context, HDB *db) ret2 = db->hdb_unlock(context, db); if (ret) { if (ret2) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } return ret2; @@ -248,7 +274,7 @@ hdb_init_db(krb5_context context, HDB *db) static const struct hdb_method * find_dynamic_method (krb5_context context, - const char *filename, + const char *filename, const char **rest) { static struct hdb_method method; @@ -257,7 +283,7 @@ find_dynamic_method (krb5_context context, const char *p; void *dl; size_t len; - + p = strchr(filename, ':'); /* if no prefix, don't know what module to load, just ignore it */ @@ -266,11 +292,12 @@ find_dynamic_method (krb5_context context, len = p - filename; *rest = filename + len + 1; - - prefix = strndup(filename, len); + + prefix = malloc(len + 1); if (prefix == NULL) krb5_errx(context, 1, "out of memory"); - + strlcpy(prefix, filename, len + 1); + if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1) krb5_errx(context, 1, "out of memory"); @@ -289,13 +316,13 @@ find_dynamic_method (krb5_context context, free(path); return NULL; } - + if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1) krb5_errx(context, 1, "out of memory"); - - mso = dlsym(dl, symbol); + + mso = (struct hdb_so_method *) dlsym(dl, symbol); if (mso == NULL) { - krb5_warnx(context, "error finding symbol %s in %s: %s\n", + krb5_warnx(context, "error finding symbol %s in %s: %s\n", symbol, path, dlerror()); dlclose(dl); free(symbol); @@ -307,9 +334,9 @@ find_dynamic_method (krb5_context context, free(symbol); if (mso->version != HDB_INTERFACE_VERSION) { - krb5_warnx(context, + krb5_warnx(context, "error wrong version in shared module %s " - "version: %d should have been %d\n", + "version: %d should have been %d\n", prefix, mso->version, HDB_INTERFACE_VERSION); dlclose(dl); free(prefix); @@ -378,7 +405,7 @@ hdb_list_builtin(krb5_context context, char **list) len += 1; buf = malloc(len); if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } buf[0] = '\0'; @@ -392,16 +419,66 @@ hdb_list_builtin(krb5_context context, char **list) return 0; } +krb5_error_code +_hdb_keytab2hdb_entry(krb5_context context, + const krb5_keytab_entry *ktentry, + hdb_entry_ex *entry) +{ + entry->entry.kvno = ktentry->vno; + entry->entry.created_by.time = ktentry->timestamp; + + entry->entry.keys.val = calloc(1, sizeof(entry->entry.keys.val[0])); + if (entry->entry.keys.val == NULL) + return ENOMEM; + entry->entry.keys.len = 1; + + entry->entry.keys.val[0].mkvno = NULL; + entry->entry.keys.val[0].salt = NULL; + + return krb5_copy_keyblock_contents(context, + &ktentry->keyblock, + &entry->entry.keys.val[0].key); +} + +/** + * Create a handle for a Kerberos database + * + * Create a handle for a Kerberos database backend specified by a + * filename. Doesn't create a file if its doesn't exists, you have to + * use O_CREAT to tell the backend to create the file. + */ + krb5_error_code hdb_create(krb5_context context, HDB **db, const char *filename) { const struct hdb_method *h; const char *residual; + krb5_error_code ret; + struct krb5_plugin *list = NULL, *e; if(filename == NULL) filename = HDB_DEFAULT_DB; krb5_add_et_list(context, initialize_hdb_error_table_r); h = find_method (filename, &residual); + + if (h == NULL) { + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "hdb", &list); + if(ret == 0 && list != NULL) { + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + h = _krb5_plugin_get_symbol(e); + if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0 + && h->interface_version == HDB_INTERFACE_VERSION) { + residual = filename + strlen(h->prefix); + break; + } + } + if (e == NULL) { + h = NULL; + _krb5_plugin_free(list); + } + } + } + #ifdef HAVE_DLOPEN if (h == NULL) h = find_dynamic_method (context, filename, &residual); diff --git a/crypto/heimdal/lib/hdb/hdb.h b/crypto/heimdal/lib/hdb/hdb.h index 742b92405d4..a1692ce82ca 100644 --- a/crypto/heimdal/lib/hdb/hdb.h +++ b/crypto/heimdal/lib/hdb/hdb.h @@ -1,41 +1,43 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */ +/* $Id$ */ #ifndef __HDB_H__ #define __HDB_H__ +#include + #include #include @@ -53,12 +55,36 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; #define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */ #define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ #define HDB_F_CANON 32 /* want canonicalition */ +#define HDB_F_ADMIN_DATA 64 /* want data that kdc don't use */ +#define HDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ +#define HDB_F_CURRENT_KVNO 256 /* we want the current KVNO */ +/* 512, 1024, 2048 are reserved for kvno operations that is not part of the 1.5 branch */ +#define HDB_F_ALL_KVNOS 2048 /* we want all the keys, live or not */ +#define HDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */ +#define HDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */ + +/* hdb_capability_flags */ +#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1 +#define HDB_CAP_F_HANDLE_PASSWORDS 2 +#define HDB_CAP_F_PASSWORD_UPDATE_KEYS 4 + +/* auth status values */ +#define HDB_AUTH_SUCCESS 0 +#define HDB_AUTH_WRONG_PASSWORD 1 +#define HDB_AUTH_INVALID_SIGNATURE 2 /* key usage for master key */ #define HDB_KU_MKEY 0x484442 typedef struct hdb_master_key_data *hdb_master_key; +/** + * hdb_entry_ex is a wrapper structure around the hdb_entry structure + * that allows backends to keep a pointer to the backing store, ie in + * ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to + * ->hdb_store(), the backend doesn't need to lookup the entry again. + */ + typedef struct hdb_entry_ex { void *ctx; hdb_entry entry; @@ -66,68 +92,173 @@ typedef struct hdb_entry_ex { } hdb_entry_ex; +/** + * HDB backend function pointer structure + * + * The HDB structure is what the KDC and kadmind framework uses to + * query the backend database when talking about principals. + */ + typedef struct HDB{ void *hdb_db; - void *hdb_dbc; + void *hdb_dbc; /** don't use, only for DB3 */ char *hdb_name; int hdb_master_key_set; hdb_master_key hdb_master_key; int hdb_openp; - - krb5_error_code (*hdb_open)(krb5_context, - struct HDB*, - int, - mode_t); - krb5_error_code (*hdb_close)(krb5_context, - struct HDB*); - void (*hdb_free)(krb5_context, - struct HDB*, - hdb_entry_ex*); - krb5_error_code (*hdb_fetch)(krb5_context, - struct HDB*, - krb5_const_principal, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_store)(krb5_context, - struct HDB*, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_remove)(krb5_context, - struct HDB*, + int hdb_capability_flags; + /** + * Open (or create) the a Kerberos database. + * + * Open (or create) the a Kerberos database that was resolved with + * hdb_create(). The third and fourth flag to the function are the + * same as open(), thus passing O_CREAT will create the data base + * if it doesn't exists. + * + * Then done the caller should call hdb_close(), and to release + * all resources hdb_destroy(). + */ + krb5_error_code (*hdb_open)(krb5_context, struct HDB*, int, mode_t); + /** + * Close the database for transaction + * + * Closes the database for further transactions, wont release any + * permanant resources. the database can be ->hdb_open-ed again. + */ + krb5_error_code (*hdb_close)(krb5_context, struct HDB*); + /** + * Free an entry after use. + */ + void (*hdb_free)(krb5_context, struct HDB*, hdb_entry_ex*); + /** + * Fetch an entry from the backend + * + * Fetch an entry from the backend, flags are what type of entry + * should be fetch: client, server, krbtgt. + * knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get + */ + krb5_error_code (*hdb_fetch_kvno)(krb5_context, struct HDB*, + krb5_const_principal, unsigned, krb5_kvno, + hdb_entry_ex*); + /** + * Store an entry to database + */ + krb5_error_code (*hdb_store)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + /** + * Remove an entry from the database. + */ + krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, krb5_const_principal); - krb5_error_code (*hdb_firstkey)(krb5_context, - struct HDB*, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_nextkey)(krb5_context, - struct HDB*, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_lock)(krb5_context, - struct HDB*, - int operation); - krb5_error_code (*hdb_unlock)(krb5_context, - struct HDB*); - krb5_error_code (*hdb_rename)(krb5_context, - struct HDB*, - const char*); - krb5_error_code (*hdb__get)(krb5_context, - struct HDB*, - krb5_data, - krb5_data*); - krb5_error_code (*hdb__put)(krb5_context, - struct HDB*, - int, - krb5_data, - krb5_data); - krb5_error_code (*hdb__del)(krb5_context, - struct HDB*, - krb5_data); - krb5_error_code (*hdb_destroy)(krb5_context, - struct HDB*); + /** + * As part of iteration, fetch one entry + */ + krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + /** + * As part of iteration, fetch next entry + */ + krb5_error_code (*hdb_nextkey)(krb5_context, struct HDB*, + unsigned, hdb_entry_ex*); + /** + * Lock database + * + * A lock can only be held by one consumers. Transaction can still + * happen on the database while the lock is held, so the entry is + * only useful for syncroning creation of the database and renaming of the database. + */ + krb5_error_code (*hdb_lock)(krb5_context, struct HDB*, int); + /** + * Unlock database + */ + krb5_error_code (*hdb_unlock)(krb5_context, struct HDB*); + /** + * Rename the data base. + * + * Assume that the database is not hdb_open'ed and not locked. + */ + krb5_error_code (*hdb_rename)(krb5_context, struct HDB*, const char*); + /** + * Get an hdb_entry from a classical DB backend + * + * If the database is a classical DB (ie BDB, NDBM, GDBM, etc) + * backend, this function will take a principal key (krb5_data) + * and return all data related to principal in the return + * krb5_data. The returned encoded entry is of type hdb_entry or + * hdb_entry_alias. + */ + krb5_error_code (*hdb__get)(krb5_context, struct HDB*, + krb5_data, krb5_data*); + /** + * Store an hdb_entry from a classical DB backend + * + * Same discussion as in @ref HDB::hdb__get + */ + krb5_error_code (*hdb__put)(krb5_context, struct HDB*, int, + krb5_data, krb5_data); + /** + * Delete and hdb_entry from a classical DB backend + * + * Same discussion as in @ref HDB::hdb__get + */ + krb5_error_code (*hdb__del)(krb5_context, struct HDB*, krb5_data); + /** + * Destroy the handle to the database. + * + * Destroy the handle to the database, deallocate all memory and + * related resources. Does not remove any permanent data. Its the + * logical reverse of hdb_create() function that is the entry + * point for the module. + */ + krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); + /** + * Get the list of realms this backend handles. + * This call is optional to support. The returned realms are used + * for announcing the realms over bonjour. Free returned array + * with krb5_free_host_realm(). + */ + krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **); + /** + * Change password. + * + * Will update keys for the entry when given password. The new + * keys must be written into the entry and will then later be + * ->hdb_store() into the database. The backend will still perform + * all other operations, increasing the kvno, and update + * modification timestamp. + * + * The backend needs to call _kadm5_set_keys() and perform password + * quality checks. + */ + krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int); + + /** + * Auth feedback + * + * This is a feedback call that allows backends that provides + * lockout functionality to register failure and/or successes. + * + * In case the entry is locked out, the backend should set the + * hdb_entry.flags.locked-out flag. + */ + krb5_error_code (*hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int); + /** + * Check if delegation is allowed. + */ + krb5_error_code (*hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); + + /** + * Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins + */ + krb5_error_code (*hdb_check_pkinit_ms_upn_match)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); + + /** + * Check if s4u2self is allowed from this client to this server + */ + krb5_error_code (*hdb_check_s4u2self)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); }HDB; -#define HDB_INTERFACE_VERSION 4 +#define HDB_INTERFACE_VERSION 7 struct hdb_so_method { int version; @@ -139,6 +270,14 @@ typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; +struct hdb_method { + int interface_version; + const char *prefix; + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); +}; + +extern const int hdb_interface_version; + #include #endif /* __HDB_H__ */ diff --git a/crypto/heimdal/lib/hdb/hdb.schema b/crypto/heimdal/lib/hdb/hdb.schema index 6e5c0f7fd87..57303900dce 100644 --- a/crypto/heimdal/lib/hdb/hdb.schema +++ b/crypto/heimdal/lib/hdb/hdb.schema @@ -1,6 +1,6 @@ # Definitions for a Kerberos V KDC schema # -# $Id: hdb.schema 14958 2005-04-25 17:33:40Z lha $ +# $Id$ # # This version is compatible with OpenLDAP 1.8 # diff --git a/crypto/heimdal/lib/hdb/hdb_err.et b/crypto/heimdal/lib/hdb/hdb_err.et index 5c5b80bb366..2cad4daba41 100644 --- a/crypto/heimdal/lib/hdb/hdb_err.et +++ b/crypto/heimdal/lib/hdb/hdb_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $" +id "$Id$" error_table hdb @@ -24,5 +24,7 @@ error_code EXISTS, "Entry already exists in database" error_code BADVERSION, "Wrong database version" error_code NO_MKEY, "No correct master key" error_code MANDATORY_OPTION, "Entry contains unknown mandatory extension" +error_code NO_WRITE_SUPPORT, "HDB backend doesn't contain write support" +error_code NOT_FOUND_HERE, "The secret for this entry is not replicated to this database" end diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h index 0a67e5485d9..e896b580257 100644 --- a/crypto/heimdal/lib/hdb/hdb_locl.h +++ b/crypto/heimdal/lib/hdb/hdb_locl.h @@ -1,38 +1,37 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */ -/* $FreeBSD$ */ +/* $Id$ */ #ifndef __HDB_LOCL_H__ #define __HDB_LOCL_H__ diff --git a/crypto/heimdal/lib/hdb/keys.c b/crypto/heimdal/lib/hdb/keys.c index 60a58677fef..3d0b9d7c1b3 100644 --- a/crypto/heimdal/lib/hdb/keys.c +++ b/crypto/heimdal/lib/hdb/keys.c @@ -1,40 +1,39 @@ + /* - * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" -RCSID("$Id: keys.c 22071 2007-11-14 20:04:50Z lha $"); - /* * free all the memory used by (len, keys) */ @@ -57,7 +56,7 @@ hdb_free_keys (krb5_context context, int len, Key *keys) free (keys); } -/* +/* * for each entry in `default_keys' try to parse it as a sequence * of etype:salttype:salt, syntax of this if something like: * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it @@ -68,19 +67,21 @@ hdb_free_keys (krb5_context context, int len, Key *keys) * afs or afs3 == des:afs3-salt */ -/* the 3 DES types must be first */ -static const krb5_enctype all_etypes[] = { +static const krb5_enctype des_etypes[] = { ETYPE_DES_CBC_MD5, ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC, + ETYPE_DES_CBC_CRC +}; + +static const krb5_enctype all_etypes[] = { ETYPE_AES256_CTS_HMAC_SHA1_96, ETYPE_ARCFOUR_HMAC_MD5, ETYPE_DES3_CBC_SHA1 }; static krb5_error_code -parse_key_set(krb5_context context, const char *key, - krb5_enctype **ret_enctypes, size_t *ret_num_enctypes, +parse_key_set(krb5_context context, const char *key, + krb5_enctype **ret_enctypes, size_t *ret_num_enctypes, krb5_salt *salt, krb5_principal principal) { const char *p; @@ -90,7 +91,7 @@ parse_key_set(krb5_context context, const char *key, krb5_enctype e; const krb5_enctype *enctypes = NULL; krb5_error_code ret; - + p = key; *ret_enctypes = NULL; @@ -110,8 +111,8 @@ parse_key_set(krb5_context context, const char *key, /* XXX there should be a string_to_etypes handling special cases like `des' and `all' */ if(strcmp(buf[i], "des") == 0) { - enctypes = all_etypes; - num_enctypes = 3; + enctypes = des_etypes; + num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]); } else if(strcmp(buf[i], "des3") == 0) { e = ETYPE_DES3_CBC_SHA1; enctypes = &e; @@ -139,8 +140,8 @@ parse_key_set(krb5_context context, const char *key, salt->salttype = KRB5_PW_SALT; } else if(strcmp(buf[i], "afs3-salt") == 0) { if(enctypes == NULL) { - enctypes = all_etypes; - num_enctypes = 3; + enctypes = des_etypes; + num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]); } salt->salttype = KRB5_AFS3_SALT; } @@ -153,39 +154,40 @@ parse_key_set(krb5_context context, const char *key, v4 compat, and a cell name for afs compat */ salt->saltvalue.data = strdup(buf[i]); if (salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } salt->saltvalue.length = strlen(buf[i]); } } - + if(enctypes == NULL || salt->salttype == 0) { - krb5_set_error_string(context, "bad value for default_keys `%s'", key); + krb5_set_error_message(context, EINVAL, "bad value for default_keys `%s'", key); return EINVAL; } - + /* if no salt was specified make up default salt */ if(salt->saltvalue.data == NULL) { if(salt->salttype == KRB5_PW_SALT) ret = krb5_get_pw_salt(context, principal, salt); else if(salt->salttype == KRB5_AFS3_SALT) { - krb5_realm *realm = krb5_princ_realm(context, principal); - salt->saltvalue.data = strdup(*realm); + krb5_const_realm realm = krb5_principal_get_realm(context, principal); + salt->saltvalue.data = strdup(realm); if(salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory while " - "parsing salt specifiers"); + krb5_set_error_message(context, ENOMEM, + "out of memory while " + "parsing salt specifiers"); return ENOMEM; } strlwr(salt->saltvalue.data); - salt->saltvalue.length = strlen(*realm); + salt->saltvalue.length = strlen(realm); } } *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes); if (*ret_enctypes == NULL) { krb5_free_salt(context, *salt); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes); @@ -195,7 +197,7 @@ parse_key_set(krb5_context context, const char *key, } static krb5_error_code -add_enctype_to_key_set(Key **key_set, size_t *nkeyset, +add_enctype_to_key_set(Key **key_set, size_t *nkeyset, krb5_enctype enctype, krb5_salt *salt) { krb5_error_code ret; @@ -206,25 +208,25 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset, tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0])); if (tmp == NULL) return ENOMEM; - + *key_set = tmp; key.key.keytype = enctype; key.key.keyvalue.length = 0; key.key.keyvalue.data = NULL; - + if (salt) { - key.salt = malloc(sizeof(*key.salt)); + key.salt = calloc(1, sizeof(*key.salt)); if (key.salt == NULL) { free_Key(&key); return ENOMEM; } - + key.salt->type = salt->salttype; krb5_data_zero (&key.salt->salt); - - ret = krb5_data_copy(&key.salt->salt, - salt->saltvalue.data, + + ret = krb5_data_copy(&key.salt->salt, + salt->saltvalue.data, salt->saltvalue.length); if (ret) { free_Key(&key); @@ -232,9 +234,9 @@ add_enctype_to_key_set(Key **key_set, size_t *nkeyset, } } else key.salt = NULL; - + (*key_set)[*nkeyset] = key; - + *nkeyset += 1; return 0; @@ -254,28 +256,24 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, char **ktypes, **kp; krb5_error_code ret; Key *k, *key_set; - int i, j; - char *default_keytypes[] = { - "des:pw-salt", + size_t i, j; + static const char *default_keytypes[] = { "aes256-cts-hmac-sha1-96:pw-salt", "des3-cbc-sha1:pw-salt", "arcfour-hmac-md5:pw-salt", NULL }; - + ktypes = krb5_config_get_strings(context, NULL, "kadmin", "default_keys", NULL); if (ktypes == NULL) - ktypes = default_keytypes; - - if (ktypes == NULL) - abort(); + ktypes = (char **)(intptr_t)default_keytypes; *ret_key_set = key_set = NULL; *nkeyset = 0; ret = 0; - + for(kp = ktypes; kp && *kp; kp++) { const char *p; krb5_salt salt; @@ -292,7 +290,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, p = "des:afs3-salt"; else if (strcmp(p, "arcfour-hmac-md5") == 0) p = "arcfour-hmac-md5:pw-salt"; - + memset(&salt, 0, sizeof(salt)); ret = parse_key_set(context, p, @@ -316,14 +314,14 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, break; if (k->salt->type == salt.salttype && k->salt->salt.length == salt.saltvalue.length && - memcmp(k->salt->salt.data, salt.saltvalue.data, + memcmp(k->salt->salt.data, salt.saltvalue.data, salt.saltvalue.length) == 0) break; } } /* not a duplicate, lets add it */ if (j == *nkeyset) { - ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i], + ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i], no_salt ? NULL : &salt); if (ret) { free(enctypes); @@ -335,22 +333,22 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, free(enctypes); krb5_free_salt(context, salt); } - + *ret_key_set = key_set; out: - if (ktypes != default_keytypes) + if (ktypes != (char **)(intptr_t)default_keytypes) krb5_config_free_strings(ktypes); if (ret) { - krb5_warn(context, ret, + krb5_warn(context, ret, "failed to parse the [kadmin]default_keys values"); for (i = 0; i < *nkeyset; i++) free_Key(&key_set[i]); free(key_set); } else if (*nkeyset == 0) { - krb5_warnx(context, + krb5_warnx(context, "failed to parse any of the [kadmin]default_keys values"); ret = EINVAL; /* XXX */ } @@ -360,13 +358,13 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, krb5_error_code -hdb_generate_key_set_password(krb5_context context, - krb5_principal principal, - const char *password, - Key **keys, size_t *num_keys) +hdb_generate_key_set_password(krb5_context context, + krb5_principal principal, + const char *password, + Key **keys, size_t *num_keys) { krb5_error_code ret; - int i; + size_t i; ret = hdb_generate_key_set(context, principal, keys, num_keys, 0); diff --git a/crypto/heimdal/lib/hdb/keytab.c b/crypto/heimdal/lib/hdb/keytab.c index e319bb50315..c72b797dab4 100644 --- a/crypto/heimdal/lib/hdb/keytab.c +++ b/crypto/heimdal/lib/hdb/keytab.c @@ -1,53 +1,58 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" /* keytab backend for HDB databases */ -RCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $"); - struct hdb_data { char *dbname; char *mkey; }; +struct hdb_cursor { + HDB *db; + hdb_entry_ex hdb_entry; + int first, next; + int key_idx; +}; + /* * the format for HDB keytabs is: - * HDB:[database:file:mkey] + * HDB:[HDBFORMAT:database-specific-data[:mkey=mkey-file]] */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_resolve(krb5_context context, const char *name, krb5_keytab id) { struct hdb_data *d; @@ -55,41 +60,38 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) d = malloc(sizeof(*d)); if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } db = name; - mkey = strchr(name, ':'); - if(mkey == NULL || mkey[1] == '\0') { + mkey = strstr(name, ":mkey="); + if(mkey == NULL || mkey[5] == '\0') { if(*name == '\0') d->dbname = NULL; else { d->dbname = strdup(name); if(d->dbname == NULL) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } d->mkey = NULL; } else { - if((mkey - db) == 0) { - d->dbname = NULL; - } else { - d->dbname = malloc(mkey - db + 1); - if(d->dbname == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memmove(d->dbname, db, mkey - db); - d->dbname[mkey - db] = '\0'; + d->dbname = malloc(mkey - db + 1); + if(d->dbname == NULL) { + free(d); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; } - d->mkey = strdup(mkey + 1); + memmove(d->dbname, db, mkey - db); + d->dbname[mkey - db] = '\0'; + + d->mkey = strdup(mkey + 5); if(d->mkey == NULL) { free(d->dbname); free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } } @@ -97,7 +99,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_close(krb5_context context, krb5_keytab id) { struct hdb_data *d = id->data; @@ -108,76 +110,58 @@ hdb_close(krb5_context context, krb5_keytab id) return 0; } -static krb5_error_code -hdb_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code KRB5_CALLCONV +hdb_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t namesize) { struct hdb_data *d = id->data; - snprintf(name, namesize, "%s%s%s", + snprintf(name, namesize, "%s%s%s", d->dbname ? d->dbname : "", (d->dbname || d->mkey) ? ":" : "", d->mkey ? d->mkey : ""); return 0; } -static void -set_config (krb5_context context, - const krb5_config_binding *binding, - const char **dbname, - const char **mkey) -{ - *dbname = krb5_config_get_string(context, binding, "dbname", NULL); - *mkey = krb5_config_get_string(context, binding, "mkey_file", NULL); -} - /* * try to figure out the database (`dbname') and master-key (`mkey') * that should be used for `principal'. */ -static void +static krb5_error_code find_db (krb5_context context, - const char **dbname, - const char **mkey, + char **dbname, + char **mkey, krb5_const_principal principal) { - const krb5_config_binding *top_bind = NULL; - const krb5_config_binding *default_binding = NULL; - const krb5_config_binding *db; - krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal)); + krb5_const_realm realm = krb5_principal_get_realm(context, principal); + krb5_error_code ret; + struct hdb_dbinfo *head, *dbinfo = NULL; *dbname = *mkey = NULL; - while ((db = - krb5_config_get_next(context, - NULL, - &top_bind, - krb5_config_list, - "kdc", - "database", - NULL)) != NULL) { - const char *p; - - p = krb5_config_get_string (context, db, "realm", NULL); - if (p == NULL) { - if(default_binding) { - krb5_warnx(context, "WARNING: more than one realm-less " - "database specification"); - krb5_warnx(context, "WARNING: using the first encountered"); - } else - default_binding = db; - } else if (strcmp (*prealm, p) == 0) { - set_config (context, db, dbname, mkey); + ret = hdb_get_dbinfo(context, &head); + if (ret) + return ret; + + while ((dbinfo = hdb_dbinfo_get_next(head, dbinfo)) != NULL) { + const char *p = hdb_dbinfo_get_realm(context, dbinfo); + if (p && strcmp (realm, p) == 0) { + p = hdb_dbinfo_get_dbname(context, dbinfo); + if (p) + *dbname = strdup(p); + p = hdb_dbinfo_get_mkey_file(context, dbinfo); + if (p) + *mkey = strdup(p); break; } } - if (*dbname == NULL && default_binding != NULL) - set_config (context, default_binding, dbname, mkey); + hdb_free_dbinfo(context, &head); if (*dbname == NULL) - *dbname = HDB_DEFAULT_DB; + *dbname = strdup(HDB_DEFAULT_DB); + return 0; } /* @@ -185,7 +169,7 @@ find_db (krb5_context context, * it in `entry'. return 0 or an error code */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV hdb_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, @@ -196,34 +180,41 @@ hdb_get_entry(krb5_context context, hdb_entry_ex ent; krb5_error_code ret; struct hdb_data *d = id->data; - int i; - HDB *db; const char *dbname = d->dbname; const char *mkey = d->mkey; + char *fdbname = NULL, *fmkey = NULL; + HDB *db; + size_t i; memset(&ent, 0, sizeof(ent)); - if (dbname == NULL) - find_db (context, &dbname, &mkey, principal); + if (dbname == NULL) { + ret = find_db(context, &fdbname, &fmkey, principal); + if (ret) + return ret; + dbname = fdbname; + mkey = fmkey; + } ret = hdb_create (context, &db, dbname); if (ret) - return ret; + goto out2; ret = hdb_set_master_keyfile (context, db, mkey); if (ret) { (*db->hdb_destroy)(context, db); - return ret; + goto out2; } - + ret = (*db->hdb_open)(context, db, O_RDONLY, 0); if (ret) { (*db->hdb_destroy)(context, db); - return ret; + goto out2; } - ret = (*db->hdb_fetch)(context, db, principal, - HDB_F_DECRYPT| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &ent); + + ret = (*db->hdb_fetch_kvno)(context, db, principal, + HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + kvno, &ent); if(ret == HDB_ERR_NOENTRY) { ret = KRB5_KT_NOTFOUND; @@ -231,7 +222,7 @@ hdb_get_entry(krb5_context context, }else if(ret) goto out; - if(kvno && ent.entry.kvno != kvno) { + if(kvno && (krb5_kvno)ent.entry.kvno != kvno) { hdb_free_entry(context, &ent); ret = KRB5_KT_NOTFOUND; goto out; @@ -244,29 +235,190 @@ hdb_get_entry(krb5_context context, if(ent.entry.keys.val[i].key.keytype == enctype) { krb5_copy_principal(context, principal, &entry->principal); entry->vno = ent.entry.kvno; - krb5_copy_keyblock_contents(context, - &ent.entry.keys.val[i].key, + krb5_copy_keyblock_contents(context, + &ent.entry.keys.val[i].key, &entry->keyblock); ret = 0; break; } } hdb_free_entry(context, &ent); -out: + out: (*db->hdb_close)(context, db); (*db->hdb_destroy)(context, db); + out2: + free(fdbname); + free(fmkey); return ret; } +/* + * find the keytab entry in `id' for `principal, kvno, enctype' and return + * it in `entry'. return 0 or an error code + */ + +static krb5_error_code KRB5_CALLCONV +hdb_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + krb5_error_code ret; + struct hdb_cursor *c; + struct hdb_data *d = id->data; + const char *dbname = d->dbname; + const char *mkey = d->mkey; + HDB *db; + + if (dbname == NULL) { + /* + * We don't support enumerating without being told what + * backend to enumerate on + */ + ret = KRB5_KT_NOTFOUND; + return ret; + } + + ret = hdb_create (context, &db, dbname); + if (ret) + return ret; + ret = hdb_set_master_keyfile (context, db, mkey); + if (ret) { + (*db->hdb_destroy)(context, db); + return ret; + } + + ret = (*db->hdb_open)(context, db, O_RDONLY, 0); + if (ret) { + (*db->hdb_destroy)(context, db); + return ret; + } + + cursor->data = c = malloc (sizeof(*c)); + if(c == NULL){ + (*db->hdb_close)(context, db); + (*db->hdb_destroy)(context, db); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + + c->db = db; + c->first = TRUE; + c->next = TRUE; + c->key_idx = 0; + + cursor->data = c; + return ret; +} + +static int KRB5_CALLCONV +hdb_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor) +{ + struct hdb_cursor *c = cursor->data; + krb5_error_code ret; + + memset(entry, 0, sizeof(*entry)); + + if (c->first) { + c->first = FALSE; + ret = (c->db->hdb_firstkey)(context, c->db, + HDB_F_DECRYPT| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + &c->hdb_entry); + if (ret == HDB_ERR_NOENTRY) + return KRB5_KT_END; + else if (ret) + return ret; + + if (c->hdb_entry.entry.keys.len == 0) + hdb_free_entry(context, &c->hdb_entry); + else + c->next = FALSE; + } + + while (c->next) { + ret = (c->db->hdb_nextkey)(context, c->db, + HDB_F_DECRYPT| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + &c->hdb_entry); + if (ret == HDB_ERR_NOENTRY) + return KRB5_KT_END; + else if (ret) + return ret; + + /* If no keys on this entry, try again */ + if (c->hdb_entry.entry.keys.len == 0) + hdb_free_entry(context, &c->hdb_entry); + else + c->next = FALSE; + } + + /* + * Return next enc type (keytabs are one slot per key, while + * hdb is one record per principal. + */ + + ret = krb5_copy_principal(context, + c->hdb_entry.entry.principal, + &entry->principal); + if (ret) + return ret; + + entry->vno = c->hdb_entry.entry.kvno; + ret = krb5_copy_keyblock_contents(context, + &c->hdb_entry.entry.keys.val[c->key_idx].key, + &entry->keyblock); + if (ret) { + krb5_free_principal(context, entry->principal); + memset(entry, 0, sizeof(*entry)); + return ret; + } + c->key_idx++; + + /* + * Once we get to the end of the list, signal that we want the + * next entry + */ + + if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) { + hdb_free_entry(context, &c->hdb_entry); + c->next = TRUE; + c->key_idx = 0; + } + + return 0; +} + + +static int KRB5_CALLCONV +hdb_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + struct hdb_cursor *c = cursor->data; + + if (!c->next) + hdb_free_entry(context, &c->hdb_entry); + + (c->db->hdb_close)(context, c->db); + (c->db->hdb_destroy)(context, c->db); + + free(c); + return 0; +} + krb5_kt_ops hdb_kt_ops = { "HDB", hdb_resolve, hdb_get_name, hdb_close, + NULL, /* destroy */ hdb_get_entry, - NULL, /* start_seq_get */ - NULL, /* next_entry */ - NULL, /* end_seq_get */ + hdb_start_seq_get, + hdb_next_entry, + hdb_end_seq_get, NULL, /* add */ NULL /* remove */ }; diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c index 05cf71c5931..9eb98fca32c 100644 --- a/crypto/heimdal/lib/hdb/mkey.c +++ b/crypto/heimdal/lib/hdb/mkey.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" @@ -36,8 +36,6 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c 21745 2007-07-31 16:11:25Z lha $"); - struct hdb_master_key_data { krb5_keytab_entry keytab; krb5_crypto crypto; @@ -67,7 +65,7 @@ hdb_process_master_key(krb5_context context, *mkey = calloc(1, sizeof(**mkey)); if(*mkey == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*mkey)->keytab.vno = kvno; @@ -110,7 +108,7 @@ hdb_add_master_key(krb5_context context, krb5_keyblock *key, } static krb5_error_code -read_master_keytab(krb5_context context, const char *filename, +read_master_keytab(krb5_context context, const char *filename, hdb_master_key *mkey) { krb5_error_code ret; @@ -118,7 +116,7 @@ read_master_keytab(krb5_context context, const char *filename, krb5_kt_cursor cursor; krb5_keytab_entry entry; hdb_master_key p; - + ret = krb5_kt_resolve(context, filename, &id); if(ret) return ret; @@ -147,20 +145,20 @@ read_master_keytab(krb5_context context, const char *filename, /* read a MIT master keyfile */ static krb5_error_code -read_master_mit(krb5_context context, const char *filename, - hdb_master_key *mkey) +read_master_mit(krb5_context context, const char *filename, + int byteorder, hdb_master_key *mkey) { int fd; krb5_error_code ret; krb5_storage *sp; int16_t enctype; krb5_keyblock key; - + fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", filename, - strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } sp = krb5_storage_from_fd(fd); @@ -168,25 +166,22 @@ read_master_mit(krb5_context context, const char *filename, close(fd); return errno; } - krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER); -#if 0 + krb5_storage_set_flags(sp, byteorder); /* could possibly use ret_keyblock here, but do it with more checks for now */ - ret = krb5_ret_keyblock(sp, &key); -#else - ret = krb5_ret_int16(sp, &enctype); - if((htons(enctype) & 0xff00) == 0x3000) { - krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", - filename, htons(enctype), 0x3000); - ret = HEIM_ERR_BAD_MKEY; - goto out; + { + ret = krb5_ret_int16(sp, &enctype); + if (ret) + goto out; + ret = krb5_enctype_valid(context, enctype); + if (ret) + goto out; + key.keytype = enctype; + ret = krb5_ret_data(sp, &key.keyvalue); + if(ret) + goto out; } - key.keytype = enctype; - ret = krb5_ret_data(sp, &key.keyvalue); - if(ret) - goto out; -#endif - ret = hdb_process_master_key(context, 0, &key, 0, mkey); + ret = hdb_process_master_key(context, 1, &key, 0, mkey); krb5_free_keyblock_contents(context, &key); out: krb5_storage_free(sp); @@ -196,7 +191,7 @@ read_master_mit(krb5_context context, const char *filename, /* read an old master key file */ static krb5_error_code -read_master_encryptionkey(krb5_context context, const char *filename, +read_master_encryptionkey(krb5_context context, const char *filename, hdb_master_key *mkey) { int fd; @@ -205,20 +200,20 @@ read_master_encryptionkey(krb5_context context, const char *filename, unsigned char buf[256]; ssize_t len; size_t ret_len; - + fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", + krb5_set_error_message(context, save_errno, "failed to open %s: %s", filename, strerror(save_errno)); return save_errno; } - + len = read(fd, buf, sizeof(buf)); close(fd); if(len < 0) { int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", + krb5_set_error_message(context, save_errno, "error reading %s: %s", filename, strerror(save_errno)); return save_errno; } @@ -233,9 +228,9 @@ read_master_encryptionkey(krb5_context context, const char *filename, should cover all cases, but will break if someone has hacked this code to really use des-cbc-md5 -- but then that's not my problem. */ - if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5) + if(key.keytype == ETYPE_DES_CBC_CRC || key.keytype == ETYPE_DES_CBC_MD5) key.keytype = ETYPE_DES_CFB64_NONE; - + ret = hdb_process_master_key(context, 0, &key, 0, mkey); krb5_free_keyblock_contents(context, &key); return ret; @@ -243,7 +238,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, /* read a krb4 /.k style file */ static krb5_error_code -read_master_krb4(krb5_context context, const char *filename, +read_master_krb4(krb5_context context, const char *filename, hdb_master_key *mkey) { int fd; @@ -251,25 +246,26 @@ read_master_krb4(krb5_context context, const char *filename, krb5_error_code ret; unsigned char buf[256]; ssize_t len; - + fd = open(filename, O_RDONLY | O_BINARY); if(fd < 0) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } - + len = read(fd, buf, sizeof(buf)); close(fd); if(len < 0) { int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "error reading %s: %s", + filename, strerror(save_errno)); return save_errno; } if(len != 8) { - krb5_set_error_string(context, "bad contents of %s", filename); + krb5_set_error_message(context, HEIM_ERR_EOF, + "bad contents of %s", filename); return HEIM_ERR_EOF; /* XXX file might be too large */ } @@ -277,7 +273,7 @@ read_master_krb4(krb5_context context, const char *filename, key.keytype = ETYPE_DES_PCBC_NONE; ret = krb5_data_copy(&key.keyvalue, buf, len); memset(buf, 0, sizeof(buf)); - if(ret) + if(ret) return ret; ret = hdb_process_master_key(context, 0, &key, 0, mkey); @@ -286,7 +282,7 @@ read_master_krb4(krb5_context context, const char *filename, } krb5_error_code -hdb_read_master_key(krb5_context context, const char *filename, +hdb_read_master_key(krb5_context context, const char *filename, hdb_master_key *mkey) { FILE *f; @@ -303,26 +299,26 @@ hdb_read_master_key(krb5_context context, const char *filename, f = fopen(filename, "r"); if(f == NULL) { int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); + krb5_set_error_message(context, save_errno, "failed to open %s: %s", + filename, strerror(save_errno)); return save_errno; } - + if(fread(buf, 1, 2, f) != 2) { - krb5_set_error_string(context, "end of file reading %s", filename); fclose(f); + krb5_set_error_message(context, HEIM_ERR_EOF, "end of file reading %s", filename); return HEIM_ERR_EOF; } - + fseek(f, 0, SEEK_END); len = ftell(f); if(fclose(f) != 0) return errno; - + if(len < 0) return errno; - + if(len == 8) { ret = read_master_krb4(context, filename, mkey); } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) { @@ -330,13 +326,20 @@ hdb_read_master_key(krb5_context context, const char *filename, } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) { ret = read_master_keytab(context, filename, mkey); } else { - ret = read_master_mit(context, filename, mkey); + /* + * Check both LittleEndian and BigEndian since they key file + * might be moved from a machine with diffrent byte order, or + * its running on MacOS X that always uses BE master keys. + */ + ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_LE, mkey); + if (ret) + ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_BE, mkey); } return ret; } krb5_error_code -hdb_write_master_key(krb5_context context, const char *filename, +hdb_write_master_key(krb5_context context, const char *filename, hdb_master_key mkey) { krb5_error_code ret; @@ -369,7 +372,7 @@ _hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey) if(mkvno == NULL) { if(ret == NULL || mkey->keytab.vno > ret->keytab.vno) ret = mkey; - } else if(mkey->keytab.vno == *mkvno) + } else if((uint32_t)mkey->keytab.vno == *mkvno) return mkey; mkey = mkey->next; } @@ -401,9 +404,9 @@ _hdb_mkey_encrypt(krb5_context context, hdb_master_key key, } krb5_error_code -hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) +hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) { - + krb5_error_code ret; krb5_data res; size_t keysize; @@ -412,7 +415,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) if(k->mkvno == NULL) return 0; - + key = _hdb_find_master_key(k->mkvno, mkey); if (key == NULL) @@ -428,7 +431,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) k->key.keyvalue.data, k->key.keyvalue.length, &res); - } + } if (ret) return ret; @@ -456,13 +459,13 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) krb5_error_code hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) { - int i; + size_t i; for(i = 0; i < ent->keys.len; i++){ krb5_error_code ret; ret = hdb_unseal_key_mkey(context, &ent->keys.val[i], mkey); - if (ret) + if (ret) return ret; } return 0; @@ -516,14 +519,14 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) return ENOMEM; } *k->mkvno = key->keytab.vno; - + return 0; } krb5_error_code hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) { - int i; + size_t i; for(i = 0; i < ent->keys.len; i++){ krb5_error_code ret; @@ -539,7 +542,7 @@ hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent) { if (db->hdb_master_key_set == 0) return 0; - + return hdb_seal_keys_mkey(context, ent, db->hdb_master_key); } @@ -548,7 +551,7 @@ hdb_seal_key(krb5_context context, HDB *db, Key *k) { if (db->hdb_master_key_set == 0) return 0; - + return hdb_seal_key_mkey(context, k, db->hdb_master_key); } @@ -583,7 +586,7 @@ hdb_set_master_keyfile (krb5_context context, if (ret) { if (ret != ENOENT) return ret; - krb5_clear_error_string(context); + krb5_clear_error_message(context); return 0; } db->hdb_master_key = key; diff --git a/crypto/heimdal/lib/hdb/ndbm.c b/crypto/heimdal/lib/hdb/ndbm.c index 6575b8a4171..5b2c07e5f64 100644 --- a/crypto/heimdal/lib/hdb/ndbm.c +++ b/crypto/heimdal/lib/hdb/ndbm.c @@ -1,47 +1,47 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" -RCSID("$Id: ndbm.c 16395 2005-12-13 11:54:10Z lha $"); - #if HAVE_NDBM #if defined(HAVE_GDBM_NDBM_H) #include +#define WRITE_SUPPORT 1 #elif defined(HAVE_NDBM_H) #include #elif defined(HAVE_DBM_H) +#define WRITE_SUPPORT 1 #include #endif @@ -53,9 +53,7 @@ struct ndbm_db { static krb5_error_code NDBM_destroy(krb5_context context, HDB *db) { - krb5_error_code ret; - - ret = hdb_clear_master_key (context, db); + hdb_clear_master_key (context, db); free(db->hdb_name); free(db); return 0; @@ -76,7 +74,7 @@ NDBM_unlock(krb5_context context, HDB *db) } static krb5_error_code -NDBM_seq(krb5_context context, HDB *db, +NDBM_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry, int first) { @@ -110,9 +108,9 @@ NDBM_seq(krb5_context context, HDB *db, if (ret == 0 && entry->entry.principal == NULL) { entry->entry.principal = malloc (sizeof(*entry->entry.principal)); if (entry->entry.principal == NULL) { - ret = ENOMEM; hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); } else { hdb_key2principal (context, &key_data, entry->entry.principal); } @@ -135,40 +133,59 @@ NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry) } static krb5_error_code -NDBM_rename(krb5_context context, HDB *db, const char *new_name) +open_lock_file(krb5_context context, const char *db_name, int *fd) { - /* XXX this function will break */ - struct ndbm_db *d = db->hdb_db; - - int ret; - char *old_dir, *old_pag, *new_dir, *new_pag; - char *new_lock; - int lock_fd; + char *lock_file; /* lock old and new databases */ - ret = db->hdb_lock(context, db, HDB_WLOCK); - if(ret) - return ret; - asprintf(&new_lock, "%s.lock", new_name); - if(new_lock == NULL) { - db->hdb_unlock(context, db); - krb5_set_error_string(context, "malloc: out of memory"); + asprintf(&lock_file, "%s.lock", db_name); + if(lock_file == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600); - if(lock_fd < 0) { - ret = errno; - db->hdb_unlock(context, db); - krb5_set_error_string(context, "open(%s): %s", new_lock, - strerror(ret)); - free(new_lock); + + *fd = open(lock_file, O_RDWR | O_CREAT, 0600); + free(lock_file); + if(*fd < 0) { + int ret = errno; + krb5_set_error_message(context, ret, "open(%s): %s", lock_file, + strerror(ret)); return ret; } - free(new_lock); - ret = hdb_lock(lock_fd, HDB_WLOCK); + return 0; +} + + +static krb5_error_code +NDBM_rename(krb5_context context, HDB *db, const char *new_name) +{ + int ret; + char *old_dir, *old_pag, *new_dir, *new_pag; + int old_lock_fd, new_lock_fd; + + /* lock old and new databases */ + ret = open_lock_file(context, db->hdb_name, &old_lock_fd); + if (ret) + return ret; + + ret = hdb_lock(old_lock_fd, HDB_WLOCK); if(ret) { - db->hdb_unlock(context, db); - close(lock_fd); + close(old_lock_fd); + return ret; + } + + ret = open_lock_file(context, new_name, &new_lock_fd); + if (ret) { + hdb_unlock(old_lock_fd); + close(old_lock_fd); + return ret; + } + + ret = hdb_lock(new_lock_fd, HDB_WLOCK); + if(ret) { + hdb_unlock(old_lock_fd); + close(old_lock_fd); + close(new_lock_fd); return ret; } @@ -178,23 +195,26 @@ NDBM_rename(krb5_context context, HDB *db, const char *new_name) asprintf(&new_pag, "%s.pag", new_name); ret = rename(old_dir, new_dir) || rename(old_pag, new_pag); + if (ret) { + ret = errno; + if (ret == 0) + ret = EPERM; + krb5_set_error_message(context, ret, "rename: %s", strerror(ret)); + } + free(old_dir); free(old_pag); free(new_dir); free(new_pag); - hdb_unlock(lock_fd); - db->hdb_unlock(context, db); - if(ret) { - ret = errno; - close(lock_fd); - krb5_set_error_string(context, "rename: %s", strerror(ret)); + hdb_unlock(new_lock_fd); + hdb_unlock(old_lock_fd); + close(new_lock_fd); + close(old_lock_fd); + + if(ret) return ret; - } - close(d->lock_fd); - d->lock_fd = lock_fd; - free(db->hdb_name); db->hdb_name = strdup(new_name); return 0; @@ -222,9 +242,10 @@ NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) } static krb5_error_code -NDBM__put(krb5_context context, HDB *db, int replace, +NDBM__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { +#ifdef WRITE_SUPPORT struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; datum k, v; int code; @@ -244,6 +265,9 @@ NDBM__put(krb5_context context, HDB *db, int replace, if (code < 0) return code; return 0; +#else + return HDB_ERR_NO_WRITE_SUPPORT; +#endif } static krb5_error_code @@ -281,38 +305,31 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) { krb5_error_code ret; struct ndbm_db *d = malloc(sizeof(*d)); - char *lock_file; if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - asprintf(&lock_file, "%s.lock", (char*)db->hdb_name); - if(lock_file == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } + d->db = dbm_open((char*)db->hdb_name, flags, mode); if(d->db == NULL){ ret = errno; free(d); - free(lock_file); - krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name, - strerror(ret)); + krb5_set_error_message(context, ret, "dbm_open(%s): %s", db->hdb_name, + strerror(ret)); return ret; } - d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600); - if(d->lock_fd < 0){ + + ret = open_lock_file(context, db->hdb_name, &d->lock_fd); + if (ret) { ret = errno; dbm_close(d->db); free(d); - krb5_set_error_string(context, "open(%s): %s", lock_file, - strerror(ret)); - free(lock_file); + krb5_set_error_message(context, ret, "open(lock file): %s", + strerror(ret)); return ret; } - free(lock_file); + db->hdb_db = d; if((flags & O_ACCMODE) == O_RDONLY) ret = hdb_check_db_format(context, db); @@ -322,37 +339,38 @@ NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) return 0; if (ret) { NDBM_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); + krb5_set_error_message(context, ret, "hdb_open: failed %s database %s", + (flags & O_ACCMODE) == O_RDONLY ? + "checking format of" : "initialize", + db->hdb_name); } return ret; } krb5_error_code -hdb_ndbm_create(krb5_context context, HDB **db, +hdb_ndbm_create(krb5_context context, HDB **db, const char *filename) { *db = calloc(1, sizeof(**db)); if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_db = NULL; (*db)->hdb_name = strdup(filename); if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); free(*db); *db = NULL; + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } (*db)->hdb_master_key_set = 0; (*db)->hdb_openp = 0; + (*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL; (*db)->hdb_open = NDBM_open; (*db)->hdb_close = NDBM_close; - (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_fetch_kvno = _hdb_fetch_kvno; (*db)->hdb_store = _hdb_store; (*db)->hdb_remove = _hdb_remove; (*db)->hdb_firstkey = NDBM_firstkey; diff --git a/crypto/heimdal/lib/hdb/print.c b/crypto/heimdal/lib/hdb/print.c index 60b7e8db7b6..697d32d2909 100644 --- a/crypto/heimdal/lib/hdb/print.c +++ b/crypto/heimdal/lib/hdb/print.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,9 +34,7 @@ #include #include -RCSID("$Id: print.c 16378 2005-12-12 12:40:12Z lha $"); - -/* +/* This is the present contents of a dump line. This might change at any time. Fields are separated by white space. @@ -69,7 +67,7 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...) vasprintf(&s, fmt, ap); va_end(ap); if(s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = krb5_storage_write(sp, s, strlen(s)); @@ -80,7 +78,8 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...) static krb5_error_code append_hex(krb5_context context, krb5_storage *sp, krb5_data *data) { - int i, printable = 1; + int printable = 1; + size_t i; char *p; p = data->data; @@ -128,7 +127,7 @@ static krb5_error_code entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) { char *p; - int i; + size_t i; krb5_error_code ret; /* --- principal */ @@ -143,11 +142,11 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) for(i = 0; i < ent->keys.len; i++){ /* --- mkvno, keytype */ if(ent->keys.val[i].mkvno) - append_string(context, sp, ":%d:%d:", - *ent->keys.val[i].mkvno, + append_string(context, sp, ":%d:%d:", + *ent->keys.val[i].mkvno, ent->keys.val[i].key.keytype); else - append_string(context, sp, "::%d:", + append_string(context, sp, "::%d:", ent->keys.val[i].key.keytype); /* --- keydata */ append_hex(context, sp, &ent->keys.val[i].key.keyvalue); @@ -176,7 +175,7 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) append_string(context, sp, "%s ", time2str(*ent->valid_end)); else append_string(context, sp, "- "); - + /* --- password ends */ if(ent->pw_end) append_string(context, sp, "%s ", time2str(*ent->pw_end)); @@ -194,7 +193,7 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) append_string(context, sp, "%d ", *ent->max_renew); else append_string(context, sp, "- "); - + /* --- flags */ append_string(context, sp, "%d ", HDBFlags2int(ent->flags)); @@ -210,12 +209,12 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) if(ent->extensions && ent->extensions->len > 0) { for(i = 0; i < ent->extensions->len; i++) { void *d; - size_t size, sz; + size_t size, sz = 0; ASN1_MALLOC_ENCODE(HDB_extension, d, size, &ent->extensions->val[i], &sz, ret); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if(size != sz) @@ -223,19 +222,19 @@ entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) if (hex_encode(d, size, &p) < 0) { free(d); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } free(d); - append_string(context, sp, "%s%s", p, + append_string(context, sp, "%s%s", p, ent->extensions->len - 1 != i ? ":" : ""); free(p); } } else append_string(context, sp, "-"); - + return 0; } @@ -248,10 +247,10 @@ hdb_entry2string (krb5_context context, hdb_entry *ent, char **str) sp = krb5_storage_emem(); if(sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - + ret = entry2string_int(context, sp, ent); if(ret) { krb5_storage_free(sp); @@ -278,10 +277,10 @@ hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data) fflush(f); sp = krb5_storage_from_fd(fileno(f)); if(sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - + ret = entry2string_int(context, sp, &entry->entry); if(ret) { krb5_storage_free(sp); diff --git a/crypto/heimdal/lib/hdb/test_dbinfo.c b/crypto/heimdal/lib/hdb/test_dbinfo.c index d92a5381b3a..efe50afb6a2 100644 --- a/crypto/heimdal/lib/hdb/test_dbinfo.c +++ b/crypto/heimdal/lib/hdb/test_dbinfo.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hdb_locl.h" #include -RCSID("$Id: test_dbinfo.c 20575 2007-04-27 20:20:32Z lha $"); - static int help_flag; static int version_flag; @@ -60,7 +58,7 @@ main(int argc, char **argv) if(help_flag) krb5_std_usage(0, args, num_args); - + if(version_flag){ print_version(NULL); exit(0); @@ -76,11 +74,17 @@ main(int argc, char **argv) d = NULL; while ((d = hdb_dbinfo_get_next(info, d)) != NULL) { - printf("label: %s\n", hdb_dbinfo_get_label(context, d)); - printf("\trealm: %s\n", hdb_dbinfo_get_realm(context, d)); - printf("\tdbname: %s\n", hdb_dbinfo_get_dbname(context, d)); - printf("\tmkey_file: %s\n", hdb_dbinfo_get_mkey_file(context, d)); - printf("\tacl_file: %s\n", hdb_dbinfo_get_acl_file(context, d)); + const char *s; + s = hdb_dbinfo_get_label(context, d); + printf("label: %s\n", s ? s : "no label"); + s = hdb_dbinfo_get_realm(context, d); + printf("\trealm: %s\n", s ? s : "no realm"); + s = hdb_dbinfo_get_dbname(context, d); + printf("\tdbname: %s\n", s ? s : "no dbname"); + s = hdb_dbinfo_get_mkey_file(context, d); + printf("\tmkey_file: %s\n", s ? s : "no mkey file"); + s = hdb_dbinfo_get_acl_file(context, d); + printf("\tacl_file: %s\n", s ? s : "no acl file"); } hdb_free_dbinfo(context, &info); diff --git a/crypto/heimdal/lib/hdb/version-script.map b/crypto/heimdal/lib/hdb/version-script.map new file mode 100644 index 00000000000..50a36cec0aa --- /dev/null +++ b/crypto/heimdal/lib/hdb/version-script.map @@ -0,0 +1,107 @@ +# $Id$ + +HEIMDAL_HDB_1.0 { + global: + encode_hdb_keyset; + hdb_add_master_key; + hdb_check_db_format; + hdb_clear_extension; + hdb_clear_master_key; + hdb_create; + hdb_db_dir; + hdb_dbinfo_get_acl_file; + hdb_dbinfo_get_binding; + hdb_dbinfo_get_dbname; + hdb_dbinfo_get_label; + hdb_dbinfo_get_log_file; + hdb_dbinfo_get_mkey_file; + hdb_dbinfo_get_next; + hdb_dbinfo_get_realm; + hdb_default_db; + hdb_enctype2key; + hdb_entry2string; + hdb_entry2value; + hdb_entry_alias2value; + hdb_entry_check_mandatory; + hdb_entry_clear_password; + hdb_entry_get_ConstrainedDelegACL; + hdb_entry_get_aliases; + hdb_entry_get_password; + hdb_entry_get_pkinit_acl; + hdb_entry_get_pkinit_cert; + hdb_entry_get_pkinit_hash; + hdb_entry_get_pw_change_time; + hdb_entry_set_password; + hdb_entry_set_pw_change_time; + hdb_find_extension; + hdb_foreach; + hdb_free_dbinfo; + hdb_free_entry; + hdb_free_key; + hdb_free_keys; + hdb_free_master_key; + hdb_generate_key_set; + hdb_generate_key_set_password; + hdb_get_dbinfo; + hdb_init_db; + hdb_key2principal; + hdb_list_builtin; + hdb_lock; + hdb_next_enctype2key; + hdb_principal2key; + hdb_print_entry; + hdb_process_master_key; + hdb_read_master_key; + hdb_replace_extension; + hdb_seal_key; + hdb_seal_key_mkey; + hdb_seal_keys; + hdb_seal_keys_mkey; + hdb_set_master_key; + hdb_set_master_keyfile; + hdb_unlock; + hdb_unseal_key; + hdb_unseal_key_mkey; + hdb_unseal_keys; + hdb_unseal_keys_mkey; + hdb_value2entry; + hdb_value2entry_alias; + hdb_write_master_key; + length_hdb_keyset; + hdb_interface_version; + initialize_hdb_error_table_r; + + hdb_kt_ops; + + # some random bits needed for libkadm + HDBFlags2int; + asn1_HDBFlags_units; + copy_Event; + copy_HDB_extensions; + copy_Key; + copy_Salt; + decode_HDB_Ext_Aliases; + decode_HDB_Ext_PKINIT_acl; + decode_HDB_extension; + decode_Key; + encode_HDB_Ext_Aliases; + encode_HDB_Ext_PKINIT_acl; + encode_HDB_extension; + encode_Key; + free_Event; + free_HDB_Ext_Aliases; + free_HDB_Ext_PKINIT_acl; + free_HDB_extension; + free_HDB_extensions; + free_Key; + free_Salt; + free_hdb_entry; + int2HDBFlags; + length_HDB_Ext_Aliases; + length_HDB_Ext_PKINIT_acl; + length_HDB_extension; + length_Key; + + local: + *; +}; diff --git a/crypto/heimdal/lib/heimdal/NTMakefile b/crypto/heimdal/lib/heimdal/NTMakefile new file mode 100644 index 00000000000..833f4ebe212 --- /dev/null +++ b/crypto/heimdal/lib/heimdal/NTMakefile @@ -0,0 +1,93 @@ +######################################################################## +# +# Copyright (c) 2009, 2010 Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR = lib\heimdal + +!include ../../windows/NTMakefile.w32 + +!ifndef STATICLIBS + +DLLDEPS= \ + $(LIBASN1) \ + $(LIBCOMERR) \ + $(LIBHCRYPTO) \ + $(LIBHX509) \ + $(LIBKRB5) \ + $(LIBROKEN) \ + $(LIBSQLITE) \ + $(LIBWIND) \ + $(LIBLTM) \ + $(LIBHEIMBASE) + +DLLSDKDEPS= \ + $(PTHREAD_LIB) \ + secur32.lib \ + shell32.lib \ + dnsapi.lib \ + shlwapi.lib + +DEF=$(OBJ)\heimdal.def + +RES=$(OBJ)\heimdal-version.res + +DEFSRC= ..\asn1\libasn1-exports.def \ + ..\wind\libwind-exports.def \ + ..\hcrypto\libhcrypto-exports.def \ + ..\hx509\libhx509-exports.def \ + $(OBJDIR)\lib\krb5\libkrb5-exports.def + +$(DEF): $(DEFSRC) + copy $(DEFSRC: = + ) $(DEF) + +DLL=$(BINDIR)\heimdal.dll + +$(LIBHEIMDAL): $(BINDIR)\heimdal.dll + +$(DLL): $(DLLDEPS) $(DEF) $(RES) + $(DLLGUILINK_C) $(DLLDEPS) $(DLLSDKDEPS) $(RES) \ + -def:$(DEF) -out:$(DLL) \ + -implib:$(LIBHEIMDAL) + $(DLLPREP_NODIST) + +clean:: + -$(RM) $(BINDIR)\heimdal.* + +!else + +$(LIBHEIMDAL): $(LIBASN1) $(LIBWIND) $(LIBHCRYPTO) $(LIBHX509) $(LIBKRB5) $(LIBHEIMBASE) + $(LIBCON) + +!endif + +all:: $(LIBHEIMDAL) + +clean:: + -$(RM) $(LIBHEIMDAL) diff --git a/crypto/heimdal/lib/heimdal/dllmain.c b/crypto/heimdal/lib/heimdal/dllmain.c new file mode 100644 index 00000000000..3f4d9b3ef0b --- /dev/null +++ b/crypto/heimdal/lib/heimdal/dllmain.c @@ -0,0 +1,40 @@ +/*********************************************************************** + * Copyright (c) 2009, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#include + +BOOL WINAPI +DllMain(__in HINSTANCE hinstDLL, + __in DWORD fdwReason, + __in LPVOID lpvReserved) +{ + return TRUE; +} diff --git a/crypto/heimdal/lib/heimdal/heimdal-version.rc b/crypto/heimdal/lib/heimdal/heimdal-version.rc new file mode 100644 index 00000000000..1da512cfb01 --- /dev/null +++ b/crypto/heimdal/lib/heimdal/heimdal-version.rc @@ -0,0 +1,36 @@ +/*********************************************************************** + * Copyright (c) 2010, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#define RC_FILE_TYPE VFT_DLL +#define RC_FILE_DESC_0409 "Heimdal Kerberos Library" +#define RC_FILE_ORIG_0409 "heimdal.dll" + +#include "../../windows/version.rc" diff --git a/crypto/heimdal/lib/hx509/ChangeLog b/crypto/heimdal/lib/hx509/ChangeLog index cb29cee4e18..d00f1f3c7c7 100644 --- a/crypto/heimdal/lib/hx509/ChangeLog +++ b/crypto/heimdal/lib/hx509/ChangeLog @@ -1,12 +1,120 @@ -2008-01-21 Love Hörnquist Åstrand +2008-07-14 Love Hörnquist Ã…strand + + * hxtool.c: Break out print_eval_types(). + +2008-06-21 Love Hörnquist Ã…strand + + * ks_p12.c: pass in time_now to unevelope + + * cms.c: Pass in time_now to unevelope, us verify context time in + verify_signed. + +2008-05-23 Love Hörnquist Ã…strand + + * hx_locl.h: Include for TYPE_MAX defines. + +2008-04-29 Love Hörnquist Ã…strand + + * sel-lex.l: Use _hx509_sel_yyerror() instead of error_message(). + +2008-04-20 Love Hörnquist Ã…strand + + * sel-lex.l: Include + +2008-04-17 Love Hörnquist Ã…strand + + * Makefile.am: Update make-proto usage. + +2008-04-15 Love Hörnquist Ã…strand + + * ca.c: BasicConstraints.pathLenConstraint unsigned int. + + * sel-lex.l: Prefix sel_error with _hx509_ since its global on + platforms w/o symbol versioning. + + * sel.h: rename yyerror to sel_yyerror in the whole library, not + just the lexer + + * sel-lex.l: rename yyerror to sel_yyerror in the whole library, + not just the lexer + +2008-04-14 Love Hörnquist Ã…strand + + * sel-lex.l: Rename yyerror to sel_yyerror and make it static. + +2008-04-08 Love Hörnquist Ã…strand + + * hx509.h: Make self-standing by including missing files. + +2008-04-07 Love Hörnquist Ã…strand + + * ks_p11.c: Use unsigned where appropriate. + + * softp11.c: call va_start before using vsnprintf. + + * crypto.c: make refcount slightly more sane. + + * keyset.c: make refcount slightly more sane. + + * cert.c: make refcount slightly more sane. + +2008-03-19 Love Hörnquist Ã…strand + + * test_nist2.in: Try to find unzip. + +2008-03-16 Love Hörnquist Ã…strand + + * version-script.map: add missing symbols + + * spnego: Make delegated credentials delegated directly, Oleg + Sharoiko pointed out that it always didnt work with the old + code. Also add som missing cred and context pass-thou functions in + the SPNEGO layer. + +2008-03-14 Love Hörnquist Ã…strand + + * rename to be more consistent, export for teting + + * Add language to support querying certificates to find a + match. Support constructs like "1.3.6.1.5.2.3.5" IN + %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE". + +2008-02-26 Love Hörnquist Ã…strand + + * version-script.map: add hx509_pem_read + + * hxtool-commands.in: Add --pem to cms-verify-sd. + + * test_cms.in: Test verifying PEM signature files. + + * hxtool.c: Support verifying PEM signature files. + +2008-02-25 Love Hörnquist Ã…strand + + * Makefile.am: libhx509_la_OBJECTS depends on hx_locl.h + +2008-02-11 Love Hörnquist Ã…strand + + * Use ldap-prep (with libwind) to compare names + +2008-01-27 Love Hörnquist Ã…strand + + * cert.c (hx509_query_match_eku): update to support the NULL + eku (reset), clearify the old behaivor with regards repetitive + calls. + + * Add matching on EKU, validate EKUs, add hxtool matching glue, + add check. Adapted from pach from Tim Miller of Mitre + +2008-01-21 Love Hörnquist Ã…strand * test_soft_pkcs11.c: use func for more C_ functions. -2008-01-18 Love Hörnquist Åstrand +2008-01-18 Love Hörnquist Ã…strand * version-script.map: Export hx509_free_error_string(). -2008-01-17 Love Hörnquist Åstrand +2008-01-17 Love Hörnquist Ã…strand * version-script.map: only export C_GetFunctionList @@ -17,7 +125,7 @@ * softp11.c: Add option app-fatal to control if softtoken should abort() on erroneous input from applications. -2008-01-16 Love Hörnquist Åstrand +2008-01-16 Love Hörnquist Ã…strand * test_pkcs11.in: Test password less certificates too @@ -29,7 +137,7 @@ * test_soft_pkcs11.c: Only log in if needed. -2008-01-15 Love Hörnquist Åstrand +2008-01-15 Love Hörnquist Ã…strand * softp11.c: Support PINs to login to the store. @@ -45,20 +153,20 @@ * softp11.c: Add more glue to figure out what keytype this certificate is using. -2008-01-14 Love Hörnquist Åstrand +2008-01-14 Love Hörnquist Ã…strand * test_pkcs11.in: test debug * Add a PKCS11 provider supporting signing and verifing sigatures. -2008-01-13 Love Hörnquist Åstrand +2008-01-13 Love Hörnquist Ã…strand * version-script.map: Replace hx509_name_to_der_name with hx509_name_binary. * print.c: make print_func static -2007-12-26 Love Hörnquist Åstrand +2007-12-26 Love Hörnquist Ã…strand * print.c: doxygen @@ -68,15 +176,15 @@ * ca.c: doxygen. -2007-12-17 Love Hörnquist Åstrand +2007-12-17 Love Hörnquist Ã…strand * ca.c: doxygen -2007-12-16 Love Hörnquist Åstrand +2007-12-16 Love Hörnquist Ã…strand * error.c: doxygen -2007-12-15 Love Hörnquist Åstrand +2007-12-15 Love Hörnquist Ã…strand * More documentation @@ -86,17 +194,17 @@ * cms.c: Doxygen documentation. -2007-12-11 Love Hörnquist Åstrand +2007-12-11 Love Hörnquist Ã…strand * *.[ch]: More documentation -2007-12-09 Love Hörnquist Åstrand +2007-12-09 Love Hörnquist Ã…strand * handle refcount on NULL. * test_nist_pkcs12.in: drop echo -n, doesn't work with posix sh -2007-12-08 Love Hörnquist Åstrand +2007-12-08 Love Hörnquist Ã…strand * test_nist2.in: Print that this is version 2 of the tests @@ -118,20 +226,20 @@ * revoke.c (_hx509_revoke_ref): new function. -2007-11-16 Love Hörnquist Åstrand +2007-11-16 Love Hörnquist Ã…strand * ks_keychain.c: Check if SecKeyGetCSPHandle needs prototype. -2007-08-16 Love Hörnquist Åstrand +2007-08-16 Love Hörnquist Ã…strand * data/nist-data: Make work on case senstive filesystems too. -2007-08-09 Love Hörnquist Åstrand +2007-08-09 Love Hörnquist Ã…strand * cert.c: match rfc822 contrains better, provide better error strings. -2007-08-08 Love Hörnquist Åstrand +2007-08-08 Love Hörnquist Ã…strand * cert.c: "self-signed doesn't count" doesn't apply to trust anchor certificate. make trust anchor check consistant. @@ -145,7 +253,7 @@ * cert.c: Fix NC, comment on how to use _hx509_check_key_usage. -2007-08-03 Love Hörnquist Åstrand +2007-08-03 Love Hörnquist Ã…strand * test_nist2.in, Makefile, test/nist*: Add nist pkits tests. @@ -160,12 +268,12 @@ * revoke.c: Search for the right issuer when looking for the issuer of the CRL signer. -2007-08-02 Love Hörnquist Åstrand +2007-08-02 Love Hörnquist Ã…strand * revoke.c: Handle CRL signing certificate better, try to not revalidate invalid CRLs over and over. -2007-08-01 Love Hörnquist Åstrand +2007-08-01 Love Hörnquist Ã…strand * cms.c: remove stale comment. @@ -177,21 +285,21 @@ * Makefile.am: clean PKITS_data -2007-07-16 Love Hörnquist Åstrand +2007-07-16 Love Hörnquist Ã…strand * Makefile.am: Add version-script.map to EXTRA_DIST -2007-07-12 Love Hörnquist Åstrand +2007-07-12 Love Hörnquist Ã…strand * Makefile.am: Add depenency on asn1_compile for asn1 built files. -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * peer.c: update (c), indent. * Makefile.am: New library version. -2007-06-28 Love Hörnquist Åstrand +2007-06-28 Love Hörnquist Ã…strand * ks_p11.c: Add sha2 types. @@ -207,7 +315,7 @@ * print.c: Rename proxyCertInfo oid. -2007-06-26 Love Hörnquist Åstrand +2007-06-26 Love Hörnquist Ã…strand * test_ca.in: Adapt to new request handling. @@ -231,7 +339,7 @@ * version-script.map: add missing ; -2007-06-25 Love Hörnquist Åstrand +2007-06-25 Love Hörnquist Ã…strand * cms.c: Use hx509_crypto_random_iv. @@ -285,7 +393,7 @@ * hxtool.c: Verify hostname and test max-depth. -2007-06-24 Love Hörnquist Åstrand +2007-06-24 Love Hörnquist Ã…strand * test_cms.in: Test --id-by-name. @@ -302,7 +410,7 @@ * cert.c (match_general_name): more strict rfc822Name matching. (hx509_verify_hostname): add hostname type for matching. -2007-06-19 Love Hörnquist Åstrand +2007-06-19 Love Hörnquist Ã…strand * hxtool.c: Make compile again. @@ -317,7 +425,7 @@ * test_cert.in: more cert and keyset tests. -2007-06-18 Love Hörnquist Åstrand +2007-06-18 Love Hörnquist Ã…strand * revoke.c: Avoid stomping on NULL. @@ -333,7 +441,7 @@ * crypto.c: Free memory in failure case. -2007-06-12 Love Hörnquist Åstrand +2007-06-12 Love Hörnquist Ã…strand * *.c: Add hx509_cert_init_data and use everywhere @@ -352,13 +460,13 @@ * cert.c: Change logic for default trust anchors, make it be either default trust anchor, the user supplied, or non at all. -2007-06-08 Love Hörnquist Åstrand +2007-06-08 Love Hörnquist Ã…strand * Makefile.am: Add data/j.pem. * Makefile.am: Add test_windows.in. -2007-06-06 Love Hörnquist Åstrand +2007-06-06 Love Hörnquist Ã…strand * ks_keychain.c: rename functions, leaks less memory and more paranoia. @@ -383,7 +491,7 @@ * Makefile.am: add wcrl.crl -2007-06-05 Love Hörnquist Åstrand +2007-06-05 Love Hörnquist Ã…strand * hx_locl.h: Disable KEYCHAIN for now, its slow. @@ -407,7 +515,7 @@ special and be the system X509Anchors file. By not specifing any keychain ("KEYCHAIN:"), all keychains are probed. -2007-06-04 Love Hörnquist Åstrand +2007-06-04 Love Hörnquist Ã…strand * hxtool.c (verify): Friendlier error message. @@ -465,7 +573,7 @@ * name.c: Reset name before parsing it. -2007-06-03 Love Hörnquist Åstrand +2007-06-03 Love Hörnquist Ã…strand * revoke.c (hx509_crl_*): fix sizeof() mistakes to fix memory corruption. @@ -491,7 +599,7 @@ * cert.c (hx509_context_free): free querystat -2007-06-02 Love Hörnquist Åstrand +2007-06-02 Love Hörnquist Ã…strand * test_chain.in: test ocsp-verify @@ -505,7 +613,7 @@ * hxtool-commands.in: New command ocsp-verify. -2007-06-01 Love Hörnquist Åstrand +2007-06-01 Love Hörnquist Ã…strand * test_ca.in: Create crl and verify that is works. @@ -558,7 +666,7 @@ * ca.c (hx509_ca_tbs_add_crl_dp_uri): plug memory leak -2007-05-31 Love Hörnquist Åstrand +2007-05-31 Love Hörnquist Ã…strand * print.c: print utf8 type SAN's @@ -577,7 +685,7 @@ * hxtool-commands.in: make ca and alias of certificate-sign -2007-05-30 Love Hörnquist Åstrand +2007-05-30 Love Hörnquist Ã…strand * crypto.c (hx509_crypto_select): copy AI to the right place. @@ -608,11 +716,11 @@ * hx509.h: Add HX509_SELECT_SECRET_ENC. -2007-05-13 Love Hörnquist Åstrand +2007-05-13 Love Hörnquist Ã…strand * ks_p11.c: add more mechtypes -2007-05-10 Love Hörnquist Åstrand +2007-05-10 Love Hörnquist Ã…strand * print.c: Indent. @@ -632,17 +740,17 @@ * ks_p11.c: Add some more hashes. -2007-04-24 Love Hörnquist Åstrand +2007-04-24 Love Hörnquist Ã…strand * hxtool.c (crypto_select): stop memory leak -2007-04-19 Love Hörnquist Åstrand +2007-04-19 Love Hörnquist Ã…strand * peer.c (hx509_peer_info_free): free memory used too * hxtool.c (crypto_select): only free peer if it was used. -2007-04-18 Love Hörnquist Åstrand +2007-04-18 Love Hörnquist Ã…strand * hxtool.c: free template @@ -663,18 +771,18 @@ * ks_mem.c (mem_getkeys): allocate one more the we have elements so its possible to store the NULL pointer at the end. -2007-04-16 Love Hörnquist Åstrand +2007-04-16 Love Hörnquist Ã…strand * Makefile.am: CLEANFILES += cert-null.pem cert-sub-ca2.pem -2007-02-05 Love Hörnquist Åstrand +2007-02-05 Love Hörnquist Ã…strand * ca.c: Disable CRLDistributionPoints for now, its IMPLICIT code in the asn1 parser. * print.c: Add some more \n's. -2007-02-03 Love Hörnquist Åstrand +2007-02-03 Love Hörnquist Ã…strand * file.c: Allow mapping using heim_octet_string. @@ -693,7 +801,7 @@ * cert.c: Fix printing and plug leak-on-error. -2007-01-31 Love Hörnquist Åstrand +2007-01-31 Love Hörnquist Ã…strand * test_ca.in: Add test for ca --crl-uri. @@ -710,27 +818,27 @@ * cert.c (is_proxy_cert): free info if we wont return it. -2007-01-30 Love Hörnquist Åstrand +2007-01-30 Love Hörnquist Ã…strand * hxtool.c: Try to help how to use this command. -2007-01-21 Love Hörnquist Åstrand +2007-01-21 Love Hörnquist Ã…strand * switch to sha256 as default digest for signing -2007-01-20 Love Hörnquist Åstrand +2007-01-20 Love Hörnquist Ã…strand * test_ca.in: Really test sub-ca code, add basic constraints tests -2007-01-17 Love Hörnquist Åstrand +2007-01-17 Love Hörnquist Ã…strand * Makefile.am: Fix makefile problem. -2007-01-16 Love Hörnquist Åstrand +2007-01-16 Love Hörnquist Ã…strand * hxtool.c: Set num of bits before we generate the key. -2007-01-15 Love Hörnquist Åstrand +2007-01-15 Love Hörnquist Ã…strand * cms.c (hx509_cms_create_signed_1): use hx509_cert_binary @@ -741,7 +849,7 @@ * cert.c (hx509_cert_binary): return binary encoded certificate (DER format) -2007-01-14 Love Hörnquist Åstrand +2007-01-14 Love Hörnquist Ã…strand * ca.c (hx509_ca_tbs_subject_expand): new function. @@ -763,7 +871,7 @@ * cert.c: Export more stuff from certificate. -2007-01-13 Love Hörnquist Åstrand +2007-01-13 Love Hörnquist Ã…strand * ca.c: update (c) @@ -782,7 +890,7 @@ * env.c: key-value pair help functions -2007-01-12 Love Hörnquist Åstrand +2007-01-12 Love Hörnquist Ã…strand * ca.c: Don't issue certs with subject DN that is NULL and have no SANs @@ -808,7 +916,7 @@ * print.c: Print id-pkix-on-xmppAddr OtherName. -2007-01-11 Love Hörnquist Åstrand +2007-01-11 Love Hörnquist Ã…strand * no random, no RSA/DH tests @@ -838,7 +946,7 @@ * Makefile.am: add data/test-nopw.p12 to EXTRA_DIST -2007-01-10 Love Hörnquist Åstrand +2007-01-10 Love Hörnquist Ã…strand * print.c: BasicConstraints vs criticality bit is complicated and not really possible to evaluate on its own, silly RFC3280. @@ -851,7 +959,7 @@ * name.c (hx509_name_cmp): add -2007-01-09 Love Hörnquist Åstrand +2007-01-09 Love Hörnquist Ã…strand * ks_p11.c (collect_private_key): Missing CKA_MODULUS is ok too (XXX why should these be fetched given they are not used). @@ -867,11 +975,11 @@ * data/gen-req.sh: Generate a no password pkcs12 file. -2007-01-08 Love Hörnquist Åstrand +2007-01-08 Love Hörnquist Ã…strand * cms.c: Check for internal ASN1 encoder error. -2007-01-05 Love Hörnquist Åstrand +2007-01-05 Love Hörnquist Ã…strand * Makefile.am: Drop most of the pkcs11 files. @@ -888,7 +996,7 @@ * ref: Replace with Marcus Brinkmann of g10 Code GmbH pkcs11 headerfile that is compatible with GPL (file taken from scute) -2007-01-04 Love Hörnquist Åstrand +2007-01-04 Love Hörnquist Ã…strand * test_ca.in: Test to generate key and use them. @@ -914,7 +1022,7 @@ * hxtool.c (pcert_verify): Fix format string. -2006-12-31 Love Hörnquist Åstrand +2006-12-31 Love Hörnquist Ã…strand * hxtool.c: Allow setting path length @@ -944,7 +1052,7 @@ * name.c: Split building RDN to a separate function. -2006-12-30 Love Hörnquist Åstrand +2006-12-30 Love Hörnquist Ã…strand * Makefile.am: clean test_ca files. @@ -987,7 +1095,7 @@ * ocsp.asn1: remove id-kp-OCSPSigning, its in rfc2459.asn1 now -2006-12-29 Love Hörnquist Åstrand +2006-12-29 Love Hörnquist Ã…strand * ca.c: Add KeyUsage extension. @@ -1008,21 +1116,21 @@ * ca.c: Naive certificate signer. -2006-12-28 Love Hörnquist Åstrand +2006-12-28 Love Hörnquist Ã…strand * hxtool.c: add hxtool_hex -2006-12-22 Love Hörnquist Åstrand +2006-12-22 Love Hörnquist Ã…strand * Makefile.am: use top_builddir for libasn1.la -2006-12-11 Love Hörnquist Åstrand +2006-12-11 Love Hörnquist Ã…strand * hxtool.c (print_certificate): print serial number. * name.c (no): add S=stateOrProvinceName -2006-12-09 Love Hörnquist Åstrand +2006-12-09 Love Hörnquist Ã…strand * crypto.c (_hx509_private_key_assign_rsa): set a default sig alg @@ -1030,7 +1138,7 @@ uses to do sigatures so there is no need to hardcode RSA into this function. -2006-12-08 Love Hörnquist Åstrand +2006-12-08 Love Hörnquist Ã…strand * ks_file.c: Pass filename to the parse functions and use it in the error messages @@ -1050,7 +1158,7 @@ * cert.c: Clairfy and make proxy cert handling work for multiple levels, before it was too restrictive. More helpful error message. -2006-12-07 Love Hörnquist Åstrand +2006-12-07 Love Hörnquist Ã…strand * cert.c (check_key_usage): tell what keyusages are missing @@ -1061,7 +1169,7 @@ * Makefile.am: CLEANFILES += test -2006-12-06 Love Hörnquist Åstrand +2006-12-06 Love Hörnquist Ã…strand * Makefile.am (EXTRA_DIST): add data/pkinit-proxy* files @@ -1094,7 +1202,7 @@ * test_cms.in: Tests for CMS SignedData with incomplete chain from the signer. -2006-11-28 Love Hörnquist Åstrand +2006-11-28 Love Hörnquist Ã…strand * cms.c (hx509_cms_verify_signed): specify what signature we failed to verify @@ -1116,7 +1224,7 @@ * crypto.c: use unsigned int as counter to fit better with the asn1 compiler -2006-11-27 Love Hörnquist Åstrand +2006-11-27 Love Hörnquist Ã…strand * cms.c: Remove trailing white space. @@ -1142,7 +1250,7 @@ * crypto.c (hx509_crypto_select): improve (hx509_crypto_available): new function -2006-11-26 Love Hörnquist Åstrand +2006-11-26 Love Hörnquist Ã…strand * cert.c: Sprinkle more error string and hx509_contexts. @@ -1168,17 +1276,17 @@ * cert.c: Handle that _hx509_verify_signature takes a context. -2006-11-25 Love Hörnquist Åstrand +2006-11-25 Love Hörnquist Ã…strand * cms.c: Sprinkle error strings. * crypto.c: Sprinkle context and error strings. -2006-11-24 Love Hörnquist Åstrand +2006-11-24 Love Hörnquist Ã…strand * name.c: Handle printing and parsing raw oids in name. -2006-11-23 Love Hörnquist Åstrand +2006-11-23 Love Hörnquist Ã…strand * cert.c (_hx509_calculate_path): allow to calculate optimistic path when we don't know the trust anchors, just follow the chain @@ -1192,27 +1300,27 @@ * data/gen-req.sh: Build pk-init proxy cert. -2006-11-16 Love Hörnquist Åstrand +2006-11-16 Love Hörnquist Ã…strand * error.c (hx509_get_error_string): Put ", " between strings in error message. -2006-11-13 Love Hörnquist Åstrand +2006-11-13 Love Hörnquist Ã…strand * data/openssl.cnf: Change realm to TEST.H5L.SE -2006-11-07 Love Hörnquist Åstrand +2006-11-07 Love Hörnquist Ã…strand * revoke.c: Sprinkle error strings. -2006-11-04 Love Hörnquist Åstrand +2006-11-04 Love Hörnquist Ã…strand * hx_locl.h: add context variable to cmp function. * cert.c (hx509_query_match_cmp_func): allow setting the match function. -2006-10-24 Love Hörnquist Åstrand +2006-10-24 Love Hörnquist Ã…strand * ks_p11.c: Return less EINVAL. @@ -1243,7 +1351,7 @@ * cert.c (hx509_cert_get_base_subject): one less EINVAL (_hx509_cert_private_decrypt): one less EINVAL -2006-10-22 Love Hörnquist Åstrand +2006-10-22 Love Hörnquist Ã…strand * collector.c: indent @@ -1255,7 +1363,7 @@ * req.c: Try to not leak memory. -2006-10-21 Love Hörnquist Åstrand +2006-10-21 Love Hörnquist Ã…strand * test_crypto.in: Read 50 kilobyte random data @@ -1273,22 +1381,22 @@ * cms.c: Try harder to free certificate. -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * Makefile.am: Add make check data. -2006-10-19 Love Hörnquist Åstrand +2006-10-19 Love Hörnquist Ã…strand * ks_p11.c (p11_list_keys): make element of search_data[0] constants and set them later * Makefile.am: Add more files. -2006-10-17 Love Hörnquist Åstrand +2006-10-17 Love Hörnquist Ã…strand * ks_file.c: set ret, remember to free ivdata -2006-10-16 Love Hörnquist Åstrand +2006-10-16 Love Hörnquist Ã…strand * hx_locl.h: Include . @@ -1307,7 +1415,7 @@ * ks_p11.c: Remember to release certs. -2006-10-14 Love Hörnquist Åstrand +2006-10-14 Love Hörnquist Ã…strand * prefix der primitives with der_ @@ -1315,7 +1423,7 @@ * hx_locl.h: Drop heim_any.h -2006-10-11 Love Hörnquist Åstrand +2006-10-11 Love Hörnquist Ã…strand * ks_p11.c (p11_release_module): j needs to be used as inter loop index. From Douglas Engert. @@ -1323,12 +1431,12 @@ * ks_file.c (parse_rsa_private_key): try all passwords and prompter. -2006-10-10 Love Hörnquist Åstrand +2006-10-10 Love Hörnquist Ã…strand * test_*.in: Parameterise the invocation of hxtool, so we can make it run under TESTS_ENVIRONMENT. From Andrew Bartlett -2006-10-08 Love Hörnquist Åstrand +2006-10-08 Love Hörnquist Ã…strand * test_crypto.in: Put all test stuck at 2006-09-25 since all their chains where valied then. @@ -1348,14 +1456,14 @@ keystore related error. Patched based on code from Douglas Engert. -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: Make depenency for slc built files just like everywhere else. * cert.c: Add all openssl algs and init asn1 et -2006-10-06 Love Hörnquist Åstrand +2006-10-06 Love Hörnquist Ã…strand * ks_file.c (parse_rsa_private_key): free type earlier. @@ -1363,18 +1471,18 @@ * name.c (_hx509_Name_to_string): remove dup const -2006-10-02 Love Hörnquist Åstrand +2006-10-02 Love Hörnquist Ã…strand * Makefile.am: Add more libs to libhx509 -2006-10-01 Love Hörnquist Åstrand +2006-10-01 Love Hörnquist Ã…strand * ks_p11.c: Fix double free's, NULL ptr de-reference, and conform better to pkcs11. From Douglas Engert. * ref: remove ^M, it breaks solaris 10s cc. From Harald Barth -2006-09-19 Love Hörnquist Åstrand +2006-09-19 Love Hörnquist Ã…strand * test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp Weinmann and Andrew Pyshkin, pad right. @@ -1382,7 +1490,7 @@ * data: starfield test root cert and Ralf-Philipp and Andreis correctly padded bad cert -2006-09-15 Love Hörnquist Åstrand +2006-09-15 Love Hörnquist Ã…strand * test_crypto.in: Add test for yutaka certs. @@ -1393,12 +1501,12 @@ * hxtool.c: Improve printing and error reporting. -2006-09-13 Love Hörnquist Åstrand +2006-09-13 Love Hörnquist Ã…strand * test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem: test bleichenbacher from eay -2006-09-12 Love Hörnquist Åstrand +2006-09-12 Love Hörnquist Ã…strand * hxtool.c: Make common function for all getarg_strings and hx509_certs_append commonly used. @@ -1406,7 +1514,7 @@ * cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative flag, treat it was such. -2006-09-11 Love Hörnquist Åstrand +2006-09-11 Love Hörnquist Ã…strand * req.c: Use the new add_GeneralNames function. @@ -1419,14 +1527,14 @@ * cms.c: Allow passing in encryptedContent and flag. Add new flag HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT. -2006-09-08 Love Hörnquist Åstrand +2006-09-08 Love Hörnquist Ã…strand * ks_p11.c: cast void * to char * when using it for %s formating in printf. * name.c: New function _hx509_Name_to_string. -2006-09-07 Love Hörnquist Åstrand +2006-09-07 Love Hörnquist Ã…strand * ks_file.c: Sprinkle error messages. @@ -1440,7 +1548,7 @@ * ks_p11.c: Don't build most of the pkcs11 module if there are no dlopen(). -2006-09-06 Love Hörnquist Åstrand +2006-09-06 Love Hörnquist Ã…strand * cms.c (hx509_cms_unenvelope): try to save the error string from find_CMSIdentifier so we have one more bit of information what @@ -1455,7 +1563,7 @@ * ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the friendlyname for the certificate. -2006-09-05 Love Hörnquist Åstrand +2006-09-05 Love Hörnquist Ã…strand * crypto.c: check that there are no extra bytes in the checksum and that the parameters are NULL or the NULL-type. All to avoid @@ -1482,7 +1590,7 @@ * ks_p11.c (p11_get_session): return better error messages -2006-09-04 Love Hörnquist Åstrand +2006-09-04 Love Hörnquist Ã…strand * ref: update to pkcs11 reference files 2.20 @@ -1517,12 +1625,12 @@ * crypto.c: Start to hang the private key operations of the private key, pass hx509_context to create_checksum. -2006-05-29 Love Hörnquist Åstrand +2006-05-29 Love Hörnquist Ã…strand * ks_p11.c: Iterate over all slots, not just the first/selected one. -2006-05-27 Love Hörnquist Åstrand +2006-05-27 Love Hörnquist Ã…strand * cert.c: Add release function for certifiates so backend knowns when its no longer used. @@ -1532,11 +1640,11 @@ * cms.c: sprinkle more hx509_clear_error_string -2006-05-22 Love Hörnquist Åstrand +2006-05-22 Love Hörnquist Ã…strand * ks_p11.c: Sprinkle some hx509_set_error_strings -2006-05-13 Love Hörnquist Åstrand +2006-05-13 Love Hörnquist Ã…strand * hxtool.c: Avoid shadowing. @@ -1546,7 +1654,7 @@ * cert.c: Avoid shadowing. -2006-05-12 Love Hörnquist Åstrand +2006-05-12 Love Hörnquist Ã…strand * lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning @@ -1557,7 +1665,7 @@ * revoke.c (hx509_revoke_free): allow free of NULL. -2006-05-11 Love Hörnquist Åstrand +2006-05-11 Love Hörnquist Ã…strand * ks_file.c (file_init): Avoid shadowing ret (and thus avoiding crashing). @@ -1566,7 +1674,7 @@ * ks_p11.c: Catch more errors. -2006-05-08 Love Hörnquist Åstrand +2006-05-08 Love Hörnquist Ã…strand * crypto.c (hx509_crypto_encrypt): free correctly in error path. From Andrew Bartlett. @@ -1574,11 +1682,11 @@ * crypto.c: If RAND_bytes fails, then we will attempt to double-free crypt->key.data. From Andrew Bartlett. -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand * name.c: Rename u_intXX_t to uintXX_t -2006-05-03 Love Hörnquist Åstrand +2006-05-03 Love Hörnquist Ã…strand * TODO: More to do about the about the PKCS11 code. @@ -1589,7 +1697,7 @@ * hx509.h: Make hx509_prompt.reply not a pointer. -2006-05-02 Love Hörnquist Åstrand +2006-05-02 Love Hörnquist Ã…strand * keyset.c: Sprinkle setting error strings. @@ -1599,7 +1707,7 @@ * cms.c: Sprinkle setting error strings. -2006-05-01 Love Hörnquist Åstrand +2006-05-01 Love Hörnquist Ã…strand * test_name.c: renamed one error code @@ -1638,7 +1746,7 @@ * keyset.c (hx509_certs_init): pass the right error code back -2006-04-30 Love Hörnquist Åstrand +2006-04-30 Love Hörnquist Ã…strand * revoke.c: Revert previous patch. (hx509_ocsp_verify): new function that returns the expiration of @@ -1656,7 +1764,7 @@ * cert.c: remove _hx509_cert_private_sigature -2006-04-29 Love Hörnquist Åstrand +2006-04-29 Love Hörnquist Ã…strand * name.c: Expose more of Name. @@ -1670,7 +1778,7 @@ copy_octet_string (hx509_cert_find_subjectAltName_otherName): make work -2006-04-28 Love Hörnquist Åstrand +2006-04-28 Love Hörnquist Ã…strand * data/{pkinit,kdc}.{crt,key}: pkinit certificates @@ -1680,11 +1788,11 @@ * cert.c (hx509_verify_hostname): implement stub function -2006-04-27 Love Hörnquist Åstrand +2006-04-27 Love Hörnquist Ã…strand * TODO: CRL delta support -2006-04-26 Love Hörnquist Åstrand +2006-04-26 Love Hörnquist Ã…strand * data/.cvsignore: ignore leftover from OpenSSL cert generation @@ -1757,7 +1865,7 @@ * cert.c: Initial support for proxy certificates. -2006-04-24 Love Hörnquist Åstrand +2006-04-24 Love Hörnquist Ã…strand * hxtool.c: some error checking @@ -1765,7 +1873,7 @@ * TODO: merge with old todo file -2006-04-23 Love Hörnquist Åstrand +2006-04-23 Love Hörnquist Ã…strand * test_query.in: make quiet @@ -1779,7 +1887,7 @@ * test_nist.in: SKIP test if there is no RSA support. -2006-04-22 Love Hörnquist Åstrand +2006-04-22 Love Hörnquist Ã…strand * hxtool-commands.in: Allow passing in pool and anchor to signedData @@ -1814,7 +1922,7 @@ * cert.c (hx509_query_match_friendly_name): New function. -2006-04-21 Love Hörnquist Åstrand +2006-04-21 Love Hörnquist Ã…strand * ks_p11.c: Add support for parsing slot-number. @@ -1861,7 +1969,7 @@ * crypto.c: Handle rsa private keys better. -2006-04-20 Love Hörnquist Åstrand +2006-04-20 Love Hörnquist Ã…strand * hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo @@ -1875,14 +1983,14 @@ * crypto.c: Use the right length for the sha256 checksums. -2006-04-15 Love Hörnquist Åstrand +2006-04-15 Love Hörnquist Ã…strand * crypto.c: Fix breakage from sha256 code. * crypto.c: Add SHA256 support, and symbols for the other new SHA-2 types. -2006-04-14 Love Hörnquist Åstrand +2006-04-14 Love Hörnquist Ã…strand * test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data @@ -1893,13 +2001,13 @@ * crypto.c: Break out the parameter handling code for encrypting data to handle RC2. Needed for Windows 2k pk-init support. -2006-04-04 Love Hörnquist Åstrand +2006-04-04 Love Hörnquist Ã…strand * Makefile.am: Split libhx509_la_SOURCES into build file and distributed files so we can avoid building prototypes for build-files. -2006-04-03 Love Hörnquist Åstrand +2006-04-03 Love Hörnquist Ã…strand * TODO: split certificate request into pkcs10 and CRMF @@ -1951,7 +2059,7 @@ * crypto.c: Add _hx509_private_key2SPKI and support functions (only support RSA for now). -2006-04-02 Love Hörnquist Åstrand +2006-04-02 Love Hörnquist Ã…strand * hxtool-commands.in: Add pkcs10-create command. @@ -1968,7 +2076,7 @@ * name.c (hx509_name_copy): new function. -2006-04-01 Love Hörnquist Åstrand +2006-04-01 Love Hörnquist Ã…strand * TODO: fill out what do @@ -2049,7 +2157,7 @@ * cert.c: Add ocsp glue, use new _hx509_verify_signature_bitstring, add eku checking function. -2006-03-31 Love Hörnquist Åstrand +2006-03-31 Love Hörnquist Ã…strand * Makefile.am: add id_kp_OCSPSigning.x @@ -2076,17 +2184,17 @@ * hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue -2006-03-30 Love Hörnquist Åstrand +2006-03-30 Love Hörnquist Ã…strand * hx_locl.h: Add to make it compile on Solaris, from Alex V. Labuta. -2006-03-28 Love Hörnquist Åstrand +2006-03-28 Love Hörnquist Ã…strand * crypto.c (_hx509_pbe_decrypt): try all passwords, not just the first one. -2006-03-27 Love Hörnquist Åstrand +2006-03-27 Love Hörnquist Ã…strand * print.c (check_altName): Print the othername oid. @@ -2110,7 +2218,7 @@ * cms.c: Check for signature error, check consitency of error -2006-03-26 Love Hörnquist Åstrand +2006-03-26 Love Hörnquist Ã…strand * collector.c (_hx509_collector_alloc): handle errors @@ -2138,7 +2246,7 @@ * hx509.h: Add hx509_query. -2006-02-22 Love Hörnquist Åstrand +2006-02-22 Love Hörnquist Ã…strand * cert.c: Add exceptions for null (empty) subjectNames @@ -2157,17 +2265,17 @@ If the name restrictions are merged to a list, the certificate will pass this test. -2006-02-14 Love Hörnquist Åstrand +2006-02-14 Love Hörnquist Ã…strand * cert.c: Handle more name constraints cases. * crypto.c (dsa_verify_signature): if test if malloc failed -2006-01-31 Love Hörnquist Åstrand +2006-01-31 Love Hörnquist Ã…strand * cms.c: Drop partial pkcs12 string2key implementation. -2006-01-20 Love Hörnquist Åstrand +2006-01-20 Love Hörnquist Ã…strand * data/nist-data: Add commited out DSA tests (they fail). @@ -2191,7 +2299,7 @@ * test_nist_cert.in: test parse all nist certs -2006-01-19 Love Hörnquist Åstrand +2006-01-19 Love Hörnquist Ã…strand * hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION. @@ -2228,7 +2336,7 @@ * test_cms.in: Use static file, add --missing-crl. -2006-01-18 Love Hörnquist Åstrand +2006-01-18 Love Hörnquist Ã…strand * print.c: Its cRLReason, not cRLReasons. @@ -2246,17 +2354,17 @@ * hx509.h: Add hx509_revoke_ctx. -2006-01-13 Love Hörnquist Åstrand +2006-01-13 Love Hörnquist Ã…strand * delete crypto_headers.h, use global file instead. * crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen -2006-01-12 Love Hörnquist Åstrand +2006-01-12 Love Hörnquist Ã…strand * crypto_headers.h: Need BN_is_negative too. -2006-01-11 Love Hörnquist Åstrand +2006-01-11 Love Hörnquist Ã…strand * ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide it. PKCS11 can't do public_decrypt, it support verify though. All @@ -2265,7 +2373,7 @@ * crypto_headers.h: Provide glue to compile with less warnings with OpenSSL -2006-01-08 Love Hörnquist Åstrand +2006-01-08 Love Hörnquist Ã…strand * Makefile.am: Depend on LIB_des @@ -2282,7 +2390,7 @@ and use "crypto-headers.h". -2006-01-04 Love Hörnquist Åstrand +2006-01-04 Love Hörnquist Ã…strand * add a hx509_context where we can store configuration @@ -2337,7 +2445,7 @@ * hxtool.c (print_f): print if there is a friendly name and if there is a private key -2006-01-03 Love Hörnquist Åstrand +2006-01-03 Love Hörnquist Ã…strand * name.c: Avoid warning from missing __attribute__((noreturn)) @@ -2380,7 +2488,7 @@ * name.c: use _hx509_abort -2006-01-02 Love Hörnquist Åstrand +2006-01-02 Love Hörnquist Ã…strand * name.c (hx509_name_to_string): don't cut bmpString in half. @@ -2404,7 +2512,7 @@ * ks_dir.c: Add new keystore that treats all files in a directory a keystore, useful for regression tests. -2005-12-12 Love Hörnquist Åstrand +2005-12-12 Love Hörnquist Ã…strand * test_nist_pkcs12.in: Test parse PKCS12 files from NIST. @@ -2412,16 +2520,16 @@ * hxtool.c: Print error code on failure. -2005-10-29 Love Hörnquist Åstrand +2005-10-29 Love Hörnquist Ã…strand * crypto.c: Support DSA signature operations. -2005-10-04 Love Hörnquist Åstrand +2005-10-04 Love Hörnquist Ã…strand * print.c: Validate that issuerAltName and subjectAltName isn't empty. -2005-09-14 Love Hörnquist Åstrand +2005-09-14 Love Hörnquist Ã…strand * p11.c: Cast to unsigned char to avoid warning. @@ -2431,7 +2539,7 @@ * ks_p11.c: Starting point of a pkcs11 module. -2005-09-04 Love Hörnquist Åstrand +2005-09-04 Love Hörnquist Ã…strand * lock.c: Implement prompter. @@ -2447,7 +2555,7 @@ * name.c: Add DC, handle all Directory strings, fix signless problems. -2005-09-03 Love Hörnquist Åstrand +2005-09-03 Love Hörnquist Ã…strand * test_query.in: Pass in --pass to all commands. @@ -2473,11 +2581,11 @@ * test_query.in: Use echo, the function check isn't defined here. -2005-08-11 Love Hörnquist Åstrand +2005-08-11 Love Hörnquist Ã…strand * hxtool-commands.in: Add more options that was missing. -2005-07-28 Love Hörnquist Åstrand +2005-07-28 Love Hörnquist Ã…strand * test_cms.in: Use --certificate= for enveloped/unenvelope. @@ -2498,7 +2606,7 @@ * crypto.c: add "new" RC2 oid -2005-07-27 Love Hörnquist Åstrand +2005-07-27 Love Hörnquist Ã…strand * hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows caller to match by function, note that this doesn't not work @@ -2571,7 +2679,7 @@ * hxtool.c,Makefile.am,hxtool-commands.in: switch to slc -2005-07-26 Love Hörnquist Åstrand +2005-07-26 Love Hörnquist Ã…strand * cert.c (hx509_verify_destroy_ctx): add @@ -2579,7 +2687,7 @@ * name.c (_hx509_name_ds_cmp): make sure all strings are not equal -2005-07-25 Love Hörnquist Åstrand +2005-07-25 Love Hörnquist Ã…strand * hxtool.c: return error @@ -2618,7 +2726,7 @@ * cert.c: more checks on KeyUsage, allow to query on them too -2005-07-24 Love Hörnquist Åstrand +2005-07-24 Love Hörnquist Ã…strand * cms.c: Add missing break. diff --git a/crypto/heimdal/lib/hx509/Makefile.am b/crypto/heimdal/lib/hx509/Makefile.am index 3144a71676a..53669cb7c52 100644 --- a/crypto/heimdal/lib/hx509/Makefile.am +++ b/crypto/heimdal/lib/hx509/Makefile.am @@ -1,11 +1,10 @@ -# $Id: Makefile.am 22459 2008-01-15 21:46:20Z lha $ - include $(top_srcdir)/Makefile.am.common lib_LTLIBRARIES = libhx509.la -libhx509_la_LDFLAGS = -version-info 3:0:0 +libhx509_la_LDFLAGS = -version-info 5:0:0 BUILT_SOURCES = \ + sel-gram.h \ $(gen_files_ocsp:.x=.c) \ $(gen_files_pkcs10:.x=.c) \ hx509_err.c \ @@ -50,9 +49,12 @@ gen_files_crmf = \ asn1_ProofOfPossession.x \ asn1_SubsequentMessage.x +AM_YFLAGS = -d + dist_libhx509_la_SOURCES = \ ca.c \ cert.c \ + char_map.h \ cms.c \ collector.c \ crypto.c \ @@ -64,6 +66,10 @@ dist_libhx509_la_SOURCES = \ hx509-protos.h \ hx509.h \ hx_locl.h \ + sel.c \ + sel.h \ + sel-gram.y \ + sel-lex.l \ keyset.c \ ks_dir.c \ ks_file.c \ @@ -81,10 +87,15 @@ dist_libhx509_la_SOURCES = \ req.c \ revoke.c +sel-lex.c: sel-gram.h + +libhx509_la_DEPENDENCIES = version-script.map + libhx509_la_LIBADD = \ $(LIB_com_err) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la \ $(LIBADD_roken) \ $(LIB_dlopen) @@ -95,39 +106,45 @@ endif if versionscript libhx509_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map endif -$(libhx509_la_OBJECTS): $(srcdir)/version-script.map +$(libhx509_la_OBJECTS): $(srcdir)/version-script.map $(nodist_include_HEADERS) $(priv_headers) libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto) nodist_libhx509_la_SOURCES = $(BUILT_SOURCES) -$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files -$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files -$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files +$(gen_files_ocsp) ocsp_asn1.hx ocsp_asn1-priv.hx: ocsp_asn1_files +$(gen_files_pkcs10) pkcs10_asn1.hx pkcs10_asn1-priv.hx: pkcs10_asn1_files +$(gen_files_crmf) crmf_asn1.hx crmf_asn1-priv.hx: crmf_asn1_files -asn1_compile = ../asn1/asn1_compile$(EXEEXT) +dist_include_HEADERS = hx509.h hx509-protos.h -ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1 - $(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1) +nodist_include_HEADERS = hx509_err.h +nodist_include_HEADERS += ocsp_asn1.h +nodist_include_HEADERS += pkcs10_asn1.h +nodist_include_HEADERS += crmf_asn1.h -pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1 - $(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1) +priv_headers = ocsp_asn1-priv.h +priv_headers += pkcs10_asn1-priv.h +priv_headers += crmf_asn1-priv.h -crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1 - $(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1) -$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h +ocsp_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/ocsp.asn1 $(srcdir)/ocsp.opt + $(ASN1_COMPILE) --option-file=$(srcdir)/ocsp.opt $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1) + +pkcs10_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/pkcs10.asn1 $(srcdir)/pkcs10.opt + $(ASN1_COMPILE) --option-file=$(srcdir)/pkcs10.opt $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1) + +crmf_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/crmf.asn1 + $(ASN1_COMPILE) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1) + +$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h $(srcdir)/hx_locl.h +$(libhx509_la_OBJECTS): ocsp_asn1.h pkcs10_asn1.h $(srcdir)/hx509-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h $(srcdir)/hx509-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h -dist_include_HEADERS = hx509.h hx509-protos.h -nodist_include_HEADERS = hx509_err.h - -SLC = $(top_builddir)/lib/sl/slc - bin_PROGRAMS = hxtool hxtool-commands.c hxtool-commands.h: hxtool-commands.in $(SLC) @@ -146,14 +163,18 @@ hxtool_LDADD = \ $(LIB_roken) \ $(top_builddir)/lib/sl/libsl.la -CLEANFILES = $(BUILT_SOURCES) \ - $(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \ - $(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \ - $(gen_files_crmf) crmf_asn1_files crmf_asn1.h \ +CLEANFILES = $(BUILT_SOURCES) sel-gram.c sel-lex.c \ + $(gen_files_ocsp) ocsp_asn1_files ocsp_asn1{,-priv}.h* \ + ocsp_asn1-template.[ch]* \ + $(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1{,-priv}.h* \ + pkcs10_asn1-template.[ch]* \ + $(gen_files_crmf) crmf_asn1_files crmf_asn1{,-priv}.h* \ + crmf_asn1-template.[ch]* \ $(TESTS) \ hxtool-commands.c hxtool-commands.h *.tmp \ request.out \ out.pem out2.pem \ + sd sd.pem \ sd.data sd.data.out \ ev.data ev.data.out \ cert-null.pem cert-sub-ca2.pem \ @@ -180,10 +201,14 @@ LDADD = libhx509.la test_soft_pkcs11_LDADD = libhx509.la test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref +test_name_CPPFLAGS = $(INCLUDE_hcrypto) +test_name_LDADD = libhx509.la $(LIB_roken) + TESTS = $(SCRIPT_TESTS) $(PROGRAM_TESTS) PROGRAM_TESTS = \ - test_name + test_name \ + test_expr SCRIPT_TESTS = \ test_ca \ @@ -202,7 +227,8 @@ SCRIPT_TESTS = \ test_query do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ - -e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g' + -e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g' \ + -e 's,[@]egrep[@],$(EGREP),g' test_ca: test_ca.in Makefile $(do_subst) < $(srcdir)/test_ca.in > test_ca.tmp @@ -275,13 +301,18 @@ test_query: test_query.in Makefile mv test_query.tmp test_query EXTRA_DIST = \ + NTMakefile \ + hxtool-version.rc \ + libhx509-exports.def \ version-script.map \ crmf.asn1 \ - data/bleichenbacher-bad.pem \ hx509_err.et \ hxtool-commands.in \ + quote.py \ ocsp.asn1 \ + ocsp.opt \ pkcs10.asn1 \ + pkcs10.opt \ test_ca.in \ test_chain.in \ test_cert.in \ @@ -307,6 +338,17 @@ EXTRA_DIST = \ tst-crypto-select5 \ tst-crypto-select6 \ tst-crypto-select7 \ + data/n0ll.pem \ + data/secp160r1TestCA.cert.pem \ + data/secp160r1TestCA.key.pem \ + data/secp160r1TestCA.pem \ + data/secp160r2TestClient.cert.pem \ + data/secp160r2TestClient.key.pem \ + data/secp160r2TestClient.pem \ + data/secp160r2TestServer.cert.pem \ + data/secp160r2TestServer.key.pem \ + data/secp160r2TestServer.pem \ + data/bleichenbacher-bad.pem \ data/bleichenbacher-good.pem \ data/bleichenbacher-sf-pad-correct.pem \ data/ca.crt \ @@ -342,6 +384,8 @@ EXTRA_DIST = \ data/pkinit-pw.key \ data/pkinit.crt \ data/pkinit.key \ + data/pkinit-ec.crt \ + data/pkinit-ec.key \ data/proxy-level-test.crt \ data/proxy-level-test.key \ data/proxy-test.crt \ @@ -377,10 +421,14 @@ EXTRA_DIST = \ data/test-signed-data \ data/test-signed-data-noattr \ data/test-signed-data-noattr-nocerts \ + data/test-signed-sha-1 \ + data/test-signed-sha-256 \ + data/test-signed-sha-512 \ data/test.combined.crt \ data/test.crt \ data/test.key \ data/test.p12 \ + data/win-u16-in-printablestring.der \ data/yutaka-pad-broken-ca.pem \ data/yutaka-pad-broken-cert.pem \ data/yutaka-pad-ok-ca.pem \ diff --git a/crypto/heimdal/lib/hx509/Makefile.in b/crypto/heimdal/lib/hx509/Makefile.in index b564a490306..98de7d540dd 100644 --- a/crypto/heimdal/lib/hx509/Makefile.in +++ b/crypto/heimdal/lib/hx509/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 22459 2008-01-15 21:46:20Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -42,7 +42,8 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common ChangeLog TODO + $(top_srcdir)/cf/Makefile.am.common ChangeLog TODO sel-gram.c \ + sel-gram.h sel-lex.c @FRAMEWORK_SECURITY_TRUE@am__append_1 = -framework Security -framework CoreFoundation @versionscript_TRUE@am__append_2 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map bin_PROGRAMS = hxtool$(EXEEXT) @@ -51,7 +52,7 @@ TESTS = $(SCRIPT_TESTS) $(am__EXEEXT_1) subdir = lib/hx509 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -66,7 +67,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -80,9 +81,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -90,36 +94,50 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = -libhx509_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) dist_libhx509_la_OBJECTS = libhx509_la-ca.lo libhx509_la-cert.lo \ libhx509_la-cms.lo libhx509_la-collector.lo \ libhx509_la-crypto.lo libhx509_la-doxygen.lo \ libhx509_la-error.lo libhx509_la-env.lo libhx509_la-file.lo \ - libhx509_la-keyset.lo libhx509_la-ks_dir.lo \ - libhx509_la-ks_file.lo libhx509_la-ks_mem.lo \ - libhx509_la-ks_null.lo libhx509_la-ks_p11.lo \ - libhx509_la-ks_p12.lo libhx509_la-ks_keychain.lo \ - libhx509_la-lock.lo libhx509_la-name.lo libhx509_la-peer.lo \ - libhx509_la-print.lo libhx509_la-softp11.lo libhx509_la-req.lo \ + libhx509_la-sel.lo libhx509_la-sel-gram.lo \ + libhx509_la-sel-lex.lo libhx509_la-keyset.lo \ + libhx509_la-ks_dir.lo libhx509_la-ks_file.lo \ + libhx509_la-ks_mem.lo libhx509_la-ks_null.lo \ + libhx509_la-ks_p11.lo libhx509_la-ks_p12.lo \ + libhx509_la-ks_keychain.lo libhx509_la-lock.lo \ + libhx509_la-name.lo libhx509_la-peer.lo libhx509_la-print.lo \ + libhx509_la-softp11.lo libhx509_la-req.lo \ libhx509_la-revoke.lo am__objects_1 = libhx509_la-asn1_OCSPBasicOCSPResponse.lo \ libhx509_la-asn1_OCSPCertID.lo \ @@ -149,8 +167,7 @@ libhx509_la_OBJECTS = $(dist_libhx509_la_OBJECTS) \ libhx509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libhx509_la_LDFLAGS) $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -am__EXEEXT_1 = test_name$(EXEEXT) +am__EXEEXT_1 = test_name$(EXEEXT) test_expr$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) dist_hxtool_OBJECTS = hxtool-hxtool.$(OBJEXT) nodist_hxtool_OBJECTS = hxtool-hxtool-commands.$(OBJEXT) @@ -158,17 +175,20 @@ hxtool_OBJECTS = $(dist_hxtool_OBJECTS) $(nodist_hxtool_OBJECTS) hxtool_DEPENDENCIES = libhx509.la $(top_builddir)/lib/asn1/libasn1.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/sl/libsl.la +test_expr_SOURCES = test_expr.c +test_expr_OBJECTS = test_expr.$(OBJEXT) +test_expr_LDADD = $(LDADD) +test_expr_DEPENDENCIES = libhx509.la test_name_SOURCES = test_name.c -test_name_OBJECTS = test_name.$(OBJEXT) -test_name_LDADD = $(LDADD) -test_name_DEPENDENCIES = libhx509.la +test_name_OBJECTS = test_name-test_name.$(OBJEXT) +test_name_DEPENDENCIES = libhx509.la $(am__DEPENDENCIES_1) test_soft_pkcs11_SOURCES = test_soft_pkcs11.c test_soft_pkcs11_OBJECTS = \ test_soft_pkcs11-test_soft_pkcs11.$(OBJEXT) test_soft_pkcs11_DEPENDENCIES = libhx509.la -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -178,64 +198,82 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ +@MAINTAINER_MODE_FALSE@am__skiplex = test -f $@ || +LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS) +LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) +YLWRAP = $(top_srcdir)/ylwrap +@MAINTAINER_MODE_FALSE@am__skipyacc = test -f $@ || +YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) +LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) SOURCES = $(dist_libhx509_la_SOURCES) $(nodist_libhx509_la_SOURCES) \ - $(dist_hxtool_SOURCES) $(nodist_hxtool_SOURCES) test_name.c \ - test_soft_pkcs11.c -DIST_SOURCES = $(dist_libhx509_la_SOURCES) $(dist_hxtool_SOURCES) \ + $(dist_hxtool_SOURCES) $(nodist_hxtool_SOURCES) test_expr.c \ test_name.c test_soft_pkcs11.c -dist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) +DIST_SOURCES = $(dist_libhx509_la_SOURCES) $(dist_hxtool_SOURCES) \ + test_expr.c test_name.c test_soft_pkcs11.c HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -259,10 +297,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -279,6 +318,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -294,31 +335,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -333,10 +388,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -377,34 +434,40 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libhx509.la -libhx509_la_LDFLAGS = -version-info 3:0:0 $(am__append_1) \ +libhx509_la_LDFLAGS = -version-info 5:0:0 $(am__append_1) \ $(am__append_2) BUILT_SOURCES = \ + sel-gram.h \ $(gen_files_ocsp:.x=.c) \ $(gen_files_pkcs10:.x=.c) \ hx509_err.c \ @@ -449,9 +512,11 @@ gen_files_crmf = \ asn1_ProofOfPossession.x \ asn1_SubsequentMessage.x +AM_YFLAGS = -d dist_libhx509_la_SOURCES = \ ca.c \ cert.c \ + char_map.h \ cms.c \ collector.c \ crypto.c \ @@ -463,6 +528,10 @@ dist_libhx509_la_SOURCES = \ hx509-protos.h \ hx509.h \ hx_locl.h \ + sel.c \ + sel.h \ + sel-gram.y \ + sel-lex.l \ keyset.c \ ks_dir.c \ ks_file.c \ @@ -480,19 +549,21 @@ dist_libhx509_la_SOURCES = \ req.c \ revoke.c +libhx509_la_DEPENDENCIES = version-script.map libhx509_la_LIBADD = \ $(LIB_com_err) \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la \ $(LIBADD_roken) \ $(LIB_dlopen) libhx509_la_CPPFLAGS = -I$(srcdir)/ref $(INCLUDE_hcrypto) nodist_libhx509_la_SOURCES = $(BUILT_SOURCES) -asn1_compile = ../asn1/asn1_compile$(EXEEXT) dist_include_HEADERS = hx509.h hx509-protos.h -nodist_include_HEADERS = hx509_err.h -SLC = $(top_builddir)/lib/sl/slc +nodist_include_HEADERS = hx509_err.h ocsp_asn1.h pkcs10_asn1.h \ + crmf_asn1.h +priv_headers = ocsp_asn1-priv.h pkcs10_asn1-priv.h crmf_asn1-priv.h dist_hxtool_SOURCES = hxtool.c nodist_hxtool_SOURCES = hxtool-commands.c hxtool-commands.h hxtool_CPPFLAGS = $(INCLUDE_hcrypto) @@ -503,14 +574,18 @@ hxtool_LDADD = \ $(LIB_roken) \ $(top_builddir)/lib/sl/libsl.la -CLEANFILES = $(BUILT_SOURCES) \ - $(gen_files_ocsp) ocsp_asn1_files ocsp_asn1.h \ - $(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1.h \ - $(gen_files_crmf) crmf_asn1_files crmf_asn1.h \ +CLEANFILES = $(BUILT_SOURCES) sel-gram.c sel-lex.c \ + $(gen_files_ocsp) ocsp_asn1_files ocsp_asn1{,-priv}.h* \ + ocsp_asn1-template.[ch]* \ + $(gen_files_pkcs10) pkcs10_asn1_files pkcs10_asn1{,-priv}.h* \ + pkcs10_asn1-template.[ch]* \ + $(gen_files_crmf) crmf_asn1_files crmf_asn1{,-priv}.h* \ + crmf_asn1-template.[ch]* \ $(TESTS) \ hxtool-commands.c hxtool-commands.h *.tmp \ request.out \ out.pem out2.pem \ + sd sd.pem \ sd.data sd.data.out \ ev.data ev.data.out \ cert-null.pem cert-sub-ca2.pem \ @@ -530,8 +605,11 @@ check_SCRIPTS = $(SCRIPT_TESTS) LDADD = libhx509.la test_soft_pkcs11_LDADD = libhx509.la test_soft_pkcs11_CPPFLAGS = -I$(srcdir)/ref +test_name_CPPFLAGS = $(INCLUDE_hcrypto) +test_name_LDADD = libhx509.la $(LIB_roken) PROGRAM_TESTS = \ - test_name + test_name \ + test_expr SCRIPT_TESTS = \ test_ca \ @@ -550,16 +628,22 @@ SCRIPT_TESTS = \ test_query do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ - -e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g' + -e 's,[@]objdir[@],$(top_builddir)/lib/hx509,g' \ + -e 's,[@]egrep[@],$(EGREP),g' EXTRA_DIST = \ + NTMakefile \ + hxtool-version.rc \ + libhx509-exports.def \ version-script.map \ crmf.asn1 \ - data/bleichenbacher-bad.pem \ hx509_err.et \ hxtool-commands.in \ + quote.py \ ocsp.asn1 \ + ocsp.opt \ pkcs10.asn1 \ + pkcs10.opt \ test_ca.in \ test_chain.in \ test_cert.in \ @@ -585,6 +669,17 @@ EXTRA_DIST = \ tst-crypto-select5 \ tst-crypto-select6 \ tst-crypto-select7 \ + data/n0ll.pem \ + data/secp160r1TestCA.cert.pem \ + data/secp160r1TestCA.key.pem \ + data/secp160r1TestCA.pem \ + data/secp160r2TestClient.cert.pem \ + data/secp160r2TestClient.key.pem \ + data/secp160r2TestClient.pem \ + data/secp160r2TestServer.cert.pem \ + data/secp160r2TestServer.key.pem \ + data/secp160r2TestServer.pem \ + data/bleichenbacher-bad.pem \ data/bleichenbacher-good.pem \ data/bleichenbacher-sf-pad-correct.pem \ data/ca.crt \ @@ -620,6 +715,8 @@ EXTRA_DIST = \ data/pkinit-pw.key \ data/pkinit.crt \ data/pkinit.key \ + data/pkinit-ec.crt \ + data/pkinit-ec.key \ data/proxy-level-test.crt \ data/proxy-level-test.key \ data/proxy-test.crt \ @@ -655,10 +752,14 @@ EXTRA_DIST = \ data/test-signed-data \ data/test-signed-data-noattr \ data/test-signed-data-noattr-nocerts \ + data/test-signed-sha-1 \ + data/test-signed-sha-256 \ + data/test-signed-sha-512 \ data/test.combined.crt \ data/test.crt \ data/test.key \ data/test.p12 \ + data/win-u16-in-printablestring.der \ data/yutaka-pad-broken-ca.pem \ data/yutaka-pad-broken-cert.pem \ data/yutaka-pad-ok-ca.pem \ @@ -669,19 +770,19 @@ all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/hx509/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/hx509/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/hx509/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/hx509/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -699,23 +800,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -726,46 +832,71 @@ clean-libLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done +sel-gram.h: sel-gram.c + @if test ! -f $@; then \ + rm -f sel-gram.c; \ + $(MAKE) $(AM_MAKEFLAGS) sel-gram.c; \ + else :; fi libhx509.la: $(libhx509_la_OBJECTS) $(libhx509_la_DEPENDENCIES) $(libhx509_la_LINK) -rpath $(libdir) $(libhx509_la_OBJECTS) $(libhx509_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list hxtool$(EXEEXT): $(hxtool_OBJECTS) $(hxtool_DEPENDENCIES) @rm -f hxtool$(EXEEXT) $(LINK) $(hxtool_OBJECTS) $(hxtool_LDADD) $(LIBS) +test_expr$(EXEEXT): $(test_expr_OBJECTS) $(test_expr_DEPENDENCIES) + @rm -f test_expr$(EXEEXT) + $(LINK) $(test_expr_OBJECTS) $(test_expr_LDADD) $(LIBS) test_name$(EXEEXT): $(test_name_OBJECTS) $(test_name_DEPENDENCIES) @rm -f test_name$(EXEEXT) $(LINK) $(test_name_OBJECTS) $(test_name_LDADD) $(LIBS) @@ -779,167 +910,478 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hxtool-hxtool-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hxtool-hxtool.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_CertificationRequest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_CertificationRequestInfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPBasicOCSPResponse.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPCertID.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPCertStatus.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPInnerRequest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPKeyHash.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPRequest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPResponderID.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPResponse.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPResponseBytes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPResponseData.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPResponseStatus.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPSignature.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPSingleResponse.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPTBSRequest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_OCSPVersion.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_basic.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_nonce.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ca.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-cert.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-cms.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-collector.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-crypto.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-doxygen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-env.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-file.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-hx509_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-keyset.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_dir.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_file.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_keychain.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_mem.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_null.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_p11.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-ks_p12.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-lock.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-name.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-peer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-print.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-revoke.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-sel-gram.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-sel-lex.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-sel.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libhx509_la-softp11.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_expr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_name-test_name.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< libhx509_la-ca.lo: ca.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ca.lo `test -f 'ca.c' || echo '$(srcdir)/'`ca.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ca.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ca.Tpo -c -o libhx509_la-ca.lo `test -f 'ca.c' || echo '$(srcdir)/'`ca.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ca.Tpo $(DEPDIR)/libhx509_la-ca.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ca.c' object='libhx509_la-ca.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ca.lo `test -f 'ca.c' || echo '$(srcdir)/'`ca.c libhx509_la-cert.lo: cert.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cert.lo `test -f 'cert.c' || echo '$(srcdir)/'`cert.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-cert.lo -MD -MP -MF $(DEPDIR)/libhx509_la-cert.Tpo -c -o libhx509_la-cert.lo `test -f 'cert.c' || echo '$(srcdir)/'`cert.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-cert.Tpo $(DEPDIR)/libhx509_la-cert.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='cert.c' object='libhx509_la-cert.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cert.lo `test -f 'cert.c' || echo '$(srcdir)/'`cert.c libhx509_la-cms.lo: cms.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cms.lo `test -f 'cms.c' || echo '$(srcdir)/'`cms.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-cms.lo -MD -MP -MF $(DEPDIR)/libhx509_la-cms.Tpo -c -o libhx509_la-cms.lo `test -f 'cms.c' || echo '$(srcdir)/'`cms.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-cms.Tpo $(DEPDIR)/libhx509_la-cms.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='cms.c' object='libhx509_la-cms.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-cms.lo `test -f 'cms.c' || echo '$(srcdir)/'`cms.c libhx509_la-collector.lo: collector.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-collector.lo `test -f 'collector.c' || echo '$(srcdir)/'`collector.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-collector.lo -MD -MP -MF $(DEPDIR)/libhx509_la-collector.Tpo -c -o libhx509_la-collector.lo `test -f 'collector.c' || echo '$(srcdir)/'`collector.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-collector.Tpo $(DEPDIR)/libhx509_la-collector.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='collector.c' object='libhx509_la-collector.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-collector.lo `test -f 'collector.c' || echo '$(srcdir)/'`collector.c libhx509_la-crypto.lo: crypto.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-crypto.lo -MD -MP -MF $(DEPDIR)/libhx509_la-crypto.Tpo -c -o libhx509_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-crypto.Tpo $(DEPDIR)/libhx509_la-crypto.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libhx509_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c libhx509_la-doxygen.lo: doxygen.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-doxygen.lo -MD -MP -MF $(DEPDIR)/libhx509_la-doxygen.Tpo -c -o libhx509_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-doxygen.Tpo $(DEPDIR)/libhx509_la-doxygen.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='doxygen.c' object='libhx509_la-doxygen.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c libhx509_la-error.lo: error.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-error.lo -MD -MP -MF $(DEPDIR)/libhx509_la-error.Tpo -c -o libhx509_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-error.Tpo $(DEPDIR)/libhx509_la-error.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='error.c' object='libhx509_la-error.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-error.lo `test -f 'error.c' || echo '$(srcdir)/'`error.c libhx509_la-env.lo: env.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-env.lo -MD -MP -MF $(DEPDIR)/libhx509_la-env.Tpo -c -o libhx509_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-env.Tpo $(DEPDIR)/libhx509_la-env.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='env.c' object='libhx509_la-env.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-env.lo `test -f 'env.c' || echo '$(srcdir)/'`env.c libhx509_la-file.lo: file.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-file.lo -MD -MP -MF $(DEPDIR)/libhx509_la-file.Tpo -c -o libhx509_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-file.Tpo $(DEPDIR)/libhx509_la-file.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='file.c' object='libhx509_la-file.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c + +libhx509_la-sel.lo: sel.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-sel.lo -MD -MP -MF $(DEPDIR)/libhx509_la-sel.Tpo -c -o libhx509_la-sel.lo `test -f 'sel.c' || echo '$(srcdir)/'`sel.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-sel.Tpo $(DEPDIR)/libhx509_la-sel.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sel.c' object='libhx509_la-sel.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-sel.lo `test -f 'sel.c' || echo '$(srcdir)/'`sel.c + +libhx509_la-sel-gram.lo: sel-gram.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-sel-gram.lo -MD -MP -MF $(DEPDIR)/libhx509_la-sel-gram.Tpo -c -o libhx509_la-sel-gram.lo `test -f 'sel-gram.c' || echo '$(srcdir)/'`sel-gram.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-sel-gram.Tpo $(DEPDIR)/libhx509_la-sel-gram.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sel-gram.c' object='libhx509_la-sel-gram.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-sel-gram.lo `test -f 'sel-gram.c' || echo '$(srcdir)/'`sel-gram.c + +libhx509_la-sel-lex.lo: sel-lex.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-sel-lex.lo -MD -MP -MF $(DEPDIR)/libhx509_la-sel-lex.Tpo -c -o libhx509_la-sel-lex.lo `test -f 'sel-lex.c' || echo '$(srcdir)/'`sel-lex.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-sel-lex.Tpo $(DEPDIR)/libhx509_la-sel-lex.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sel-lex.c' object='libhx509_la-sel-lex.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-sel-lex.lo `test -f 'sel-lex.c' || echo '$(srcdir)/'`sel-lex.c libhx509_la-keyset.lo: keyset.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-keyset.lo `test -f 'keyset.c' || echo '$(srcdir)/'`keyset.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-keyset.lo -MD -MP -MF $(DEPDIR)/libhx509_la-keyset.Tpo -c -o libhx509_la-keyset.lo `test -f 'keyset.c' || echo '$(srcdir)/'`keyset.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-keyset.Tpo $(DEPDIR)/libhx509_la-keyset.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keyset.c' object='libhx509_la-keyset.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-keyset.lo `test -f 'keyset.c' || echo '$(srcdir)/'`keyset.c libhx509_la-ks_dir.lo: ks_dir.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_dir.lo `test -f 'ks_dir.c' || echo '$(srcdir)/'`ks_dir.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_dir.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_dir.Tpo -c -o libhx509_la-ks_dir.lo `test -f 'ks_dir.c' || echo '$(srcdir)/'`ks_dir.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_dir.Tpo $(DEPDIR)/libhx509_la-ks_dir.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_dir.c' object='libhx509_la-ks_dir.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_dir.lo `test -f 'ks_dir.c' || echo '$(srcdir)/'`ks_dir.c libhx509_la-ks_file.lo: ks_file.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_file.lo `test -f 'ks_file.c' || echo '$(srcdir)/'`ks_file.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_file.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_file.Tpo -c -o libhx509_la-ks_file.lo `test -f 'ks_file.c' || echo '$(srcdir)/'`ks_file.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_file.Tpo $(DEPDIR)/libhx509_la-ks_file.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_file.c' object='libhx509_la-ks_file.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_file.lo `test -f 'ks_file.c' || echo '$(srcdir)/'`ks_file.c libhx509_la-ks_mem.lo: ks_mem.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_mem.lo `test -f 'ks_mem.c' || echo '$(srcdir)/'`ks_mem.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_mem.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_mem.Tpo -c -o libhx509_la-ks_mem.lo `test -f 'ks_mem.c' || echo '$(srcdir)/'`ks_mem.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_mem.Tpo $(DEPDIR)/libhx509_la-ks_mem.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_mem.c' object='libhx509_la-ks_mem.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_mem.lo `test -f 'ks_mem.c' || echo '$(srcdir)/'`ks_mem.c libhx509_la-ks_null.lo: ks_null.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_null.lo `test -f 'ks_null.c' || echo '$(srcdir)/'`ks_null.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_null.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_null.Tpo -c -o libhx509_la-ks_null.lo `test -f 'ks_null.c' || echo '$(srcdir)/'`ks_null.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_null.Tpo $(DEPDIR)/libhx509_la-ks_null.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_null.c' object='libhx509_la-ks_null.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_null.lo `test -f 'ks_null.c' || echo '$(srcdir)/'`ks_null.c libhx509_la-ks_p11.lo: ks_p11.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p11.lo `test -f 'ks_p11.c' || echo '$(srcdir)/'`ks_p11.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_p11.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_p11.Tpo -c -o libhx509_la-ks_p11.lo `test -f 'ks_p11.c' || echo '$(srcdir)/'`ks_p11.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_p11.Tpo $(DEPDIR)/libhx509_la-ks_p11.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_p11.c' object='libhx509_la-ks_p11.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p11.lo `test -f 'ks_p11.c' || echo '$(srcdir)/'`ks_p11.c libhx509_la-ks_p12.lo: ks_p12.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p12.lo `test -f 'ks_p12.c' || echo '$(srcdir)/'`ks_p12.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_p12.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_p12.Tpo -c -o libhx509_la-ks_p12.lo `test -f 'ks_p12.c' || echo '$(srcdir)/'`ks_p12.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_p12.Tpo $(DEPDIR)/libhx509_la-ks_p12.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_p12.c' object='libhx509_la-ks_p12.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_p12.lo `test -f 'ks_p12.c' || echo '$(srcdir)/'`ks_p12.c libhx509_la-ks_keychain.lo: ks_keychain.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_keychain.lo `test -f 'ks_keychain.c' || echo '$(srcdir)/'`ks_keychain.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-ks_keychain.lo -MD -MP -MF $(DEPDIR)/libhx509_la-ks_keychain.Tpo -c -o libhx509_la-ks_keychain.lo `test -f 'ks_keychain.c' || echo '$(srcdir)/'`ks_keychain.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-ks_keychain.Tpo $(DEPDIR)/libhx509_la-ks_keychain.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ks_keychain.c' object='libhx509_la-ks_keychain.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-ks_keychain.lo `test -f 'ks_keychain.c' || echo '$(srcdir)/'`ks_keychain.c libhx509_la-lock.lo: lock.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-lock.lo `test -f 'lock.c' || echo '$(srcdir)/'`lock.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-lock.lo -MD -MP -MF $(DEPDIR)/libhx509_la-lock.Tpo -c -o libhx509_la-lock.lo `test -f 'lock.c' || echo '$(srcdir)/'`lock.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-lock.Tpo $(DEPDIR)/libhx509_la-lock.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='lock.c' object='libhx509_la-lock.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-lock.lo `test -f 'lock.c' || echo '$(srcdir)/'`lock.c libhx509_la-name.lo: name.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-name.lo `test -f 'name.c' || echo '$(srcdir)/'`name.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-name.lo -MD -MP -MF $(DEPDIR)/libhx509_la-name.Tpo -c -o libhx509_la-name.lo `test -f 'name.c' || echo '$(srcdir)/'`name.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-name.Tpo $(DEPDIR)/libhx509_la-name.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='name.c' object='libhx509_la-name.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-name.lo `test -f 'name.c' || echo '$(srcdir)/'`name.c libhx509_la-peer.lo: peer.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-peer.lo `test -f 'peer.c' || echo '$(srcdir)/'`peer.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-peer.lo -MD -MP -MF $(DEPDIR)/libhx509_la-peer.Tpo -c -o libhx509_la-peer.lo `test -f 'peer.c' || echo '$(srcdir)/'`peer.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-peer.Tpo $(DEPDIR)/libhx509_la-peer.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='peer.c' object='libhx509_la-peer.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-peer.lo `test -f 'peer.c' || echo '$(srcdir)/'`peer.c libhx509_la-print.lo: print.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-print.lo -MD -MP -MF $(DEPDIR)/libhx509_la-print.Tpo -c -o libhx509_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-print.Tpo $(DEPDIR)/libhx509_la-print.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='print.c' object='libhx509_la-print.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c libhx509_la-softp11.lo: softp11.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-softp11.lo `test -f 'softp11.c' || echo '$(srcdir)/'`softp11.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-softp11.lo -MD -MP -MF $(DEPDIR)/libhx509_la-softp11.Tpo -c -o libhx509_la-softp11.lo `test -f 'softp11.c' || echo '$(srcdir)/'`softp11.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-softp11.Tpo $(DEPDIR)/libhx509_la-softp11.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='softp11.c' object='libhx509_la-softp11.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-softp11.lo `test -f 'softp11.c' || echo '$(srcdir)/'`softp11.c libhx509_la-req.lo: req.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-req.lo `test -f 'req.c' || echo '$(srcdir)/'`req.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-req.lo -MD -MP -MF $(DEPDIR)/libhx509_la-req.Tpo -c -o libhx509_la-req.lo `test -f 'req.c' || echo '$(srcdir)/'`req.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-req.Tpo $(DEPDIR)/libhx509_la-req.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='req.c' object='libhx509_la-req.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-req.lo `test -f 'req.c' || echo '$(srcdir)/'`req.c libhx509_la-revoke.lo: revoke.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-revoke.lo `test -f 'revoke.c' || echo '$(srcdir)/'`revoke.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-revoke.lo -MD -MP -MF $(DEPDIR)/libhx509_la-revoke.Tpo -c -o libhx509_la-revoke.lo `test -f 'revoke.c' || echo '$(srcdir)/'`revoke.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-revoke.Tpo $(DEPDIR)/libhx509_la-revoke.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='revoke.c' object='libhx509_la-revoke.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-revoke.lo `test -f 'revoke.c' || echo '$(srcdir)/'`revoke.c libhx509_la-asn1_OCSPBasicOCSPResponse.lo: asn1_OCSPBasicOCSPResponse.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPBasicOCSPResponse.lo `test -f 'asn1_OCSPBasicOCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPBasicOCSPResponse.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPBasicOCSPResponse.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPBasicOCSPResponse.Tpo -c -o libhx509_la-asn1_OCSPBasicOCSPResponse.lo `test -f 'asn1_OCSPBasicOCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPBasicOCSPResponse.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPBasicOCSPResponse.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPBasicOCSPResponse.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPBasicOCSPResponse.c' object='libhx509_la-asn1_OCSPBasicOCSPResponse.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPBasicOCSPResponse.lo `test -f 'asn1_OCSPBasicOCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPBasicOCSPResponse.c libhx509_la-asn1_OCSPCertID.lo: asn1_OCSPCertID.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertID.lo `test -f 'asn1_OCSPCertID.c' || echo '$(srcdir)/'`asn1_OCSPCertID.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPCertID.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPCertID.Tpo -c -o libhx509_la-asn1_OCSPCertID.lo `test -f 'asn1_OCSPCertID.c' || echo '$(srcdir)/'`asn1_OCSPCertID.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPCertID.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPCertID.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPCertID.c' object='libhx509_la-asn1_OCSPCertID.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertID.lo `test -f 'asn1_OCSPCertID.c' || echo '$(srcdir)/'`asn1_OCSPCertID.c libhx509_la-asn1_OCSPCertStatus.lo: asn1_OCSPCertStatus.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertStatus.lo `test -f 'asn1_OCSPCertStatus.c' || echo '$(srcdir)/'`asn1_OCSPCertStatus.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPCertStatus.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPCertStatus.Tpo -c -o libhx509_la-asn1_OCSPCertStatus.lo `test -f 'asn1_OCSPCertStatus.c' || echo '$(srcdir)/'`asn1_OCSPCertStatus.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPCertStatus.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPCertStatus.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPCertStatus.c' object='libhx509_la-asn1_OCSPCertStatus.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPCertStatus.lo `test -f 'asn1_OCSPCertStatus.c' || echo '$(srcdir)/'`asn1_OCSPCertStatus.c libhx509_la-asn1_OCSPInnerRequest.lo: asn1_OCSPInnerRequest.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPInnerRequest.lo `test -f 'asn1_OCSPInnerRequest.c' || echo '$(srcdir)/'`asn1_OCSPInnerRequest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPInnerRequest.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPInnerRequest.Tpo -c -o libhx509_la-asn1_OCSPInnerRequest.lo `test -f 'asn1_OCSPInnerRequest.c' || echo '$(srcdir)/'`asn1_OCSPInnerRequest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPInnerRequest.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPInnerRequest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPInnerRequest.c' object='libhx509_la-asn1_OCSPInnerRequest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPInnerRequest.lo `test -f 'asn1_OCSPInnerRequest.c' || echo '$(srcdir)/'`asn1_OCSPInnerRequest.c libhx509_la-asn1_OCSPKeyHash.lo: asn1_OCSPKeyHash.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPKeyHash.lo `test -f 'asn1_OCSPKeyHash.c' || echo '$(srcdir)/'`asn1_OCSPKeyHash.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPKeyHash.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPKeyHash.Tpo -c -o libhx509_la-asn1_OCSPKeyHash.lo `test -f 'asn1_OCSPKeyHash.c' || echo '$(srcdir)/'`asn1_OCSPKeyHash.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPKeyHash.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPKeyHash.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPKeyHash.c' object='libhx509_la-asn1_OCSPKeyHash.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPKeyHash.lo `test -f 'asn1_OCSPKeyHash.c' || echo '$(srcdir)/'`asn1_OCSPKeyHash.c libhx509_la-asn1_OCSPRequest.lo: asn1_OCSPRequest.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPRequest.lo `test -f 'asn1_OCSPRequest.c' || echo '$(srcdir)/'`asn1_OCSPRequest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPRequest.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPRequest.Tpo -c -o libhx509_la-asn1_OCSPRequest.lo `test -f 'asn1_OCSPRequest.c' || echo '$(srcdir)/'`asn1_OCSPRequest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPRequest.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPRequest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPRequest.c' object='libhx509_la-asn1_OCSPRequest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPRequest.lo `test -f 'asn1_OCSPRequest.c' || echo '$(srcdir)/'`asn1_OCSPRequest.c libhx509_la-asn1_OCSPResponderID.lo: asn1_OCSPResponderID.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponderID.lo `test -f 'asn1_OCSPResponderID.c' || echo '$(srcdir)/'`asn1_OCSPResponderID.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPResponderID.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPResponderID.Tpo -c -o libhx509_la-asn1_OCSPResponderID.lo `test -f 'asn1_OCSPResponderID.c' || echo '$(srcdir)/'`asn1_OCSPResponderID.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPResponderID.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPResponderID.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPResponderID.c' object='libhx509_la-asn1_OCSPResponderID.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponderID.lo `test -f 'asn1_OCSPResponderID.c' || echo '$(srcdir)/'`asn1_OCSPResponderID.c libhx509_la-asn1_OCSPResponse.lo: asn1_OCSPResponse.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponse.lo `test -f 'asn1_OCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPResponse.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPResponse.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPResponse.Tpo -c -o libhx509_la-asn1_OCSPResponse.lo `test -f 'asn1_OCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPResponse.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPResponse.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPResponse.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPResponse.c' object='libhx509_la-asn1_OCSPResponse.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponse.lo `test -f 'asn1_OCSPResponse.c' || echo '$(srcdir)/'`asn1_OCSPResponse.c libhx509_la-asn1_OCSPResponseBytes.lo: asn1_OCSPResponseBytes.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseBytes.lo `test -f 'asn1_OCSPResponseBytes.c' || echo '$(srcdir)/'`asn1_OCSPResponseBytes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPResponseBytes.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPResponseBytes.Tpo -c -o libhx509_la-asn1_OCSPResponseBytes.lo `test -f 'asn1_OCSPResponseBytes.c' || echo '$(srcdir)/'`asn1_OCSPResponseBytes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPResponseBytes.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPResponseBytes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPResponseBytes.c' object='libhx509_la-asn1_OCSPResponseBytes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseBytes.lo `test -f 'asn1_OCSPResponseBytes.c' || echo '$(srcdir)/'`asn1_OCSPResponseBytes.c libhx509_la-asn1_OCSPResponseData.lo: asn1_OCSPResponseData.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseData.lo `test -f 'asn1_OCSPResponseData.c' || echo '$(srcdir)/'`asn1_OCSPResponseData.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPResponseData.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPResponseData.Tpo -c -o libhx509_la-asn1_OCSPResponseData.lo `test -f 'asn1_OCSPResponseData.c' || echo '$(srcdir)/'`asn1_OCSPResponseData.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPResponseData.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPResponseData.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPResponseData.c' object='libhx509_la-asn1_OCSPResponseData.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseData.lo `test -f 'asn1_OCSPResponseData.c' || echo '$(srcdir)/'`asn1_OCSPResponseData.c libhx509_la-asn1_OCSPResponseStatus.lo: asn1_OCSPResponseStatus.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseStatus.lo `test -f 'asn1_OCSPResponseStatus.c' || echo '$(srcdir)/'`asn1_OCSPResponseStatus.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPResponseStatus.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPResponseStatus.Tpo -c -o libhx509_la-asn1_OCSPResponseStatus.lo `test -f 'asn1_OCSPResponseStatus.c' || echo '$(srcdir)/'`asn1_OCSPResponseStatus.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPResponseStatus.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPResponseStatus.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPResponseStatus.c' object='libhx509_la-asn1_OCSPResponseStatus.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPResponseStatus.lo `test -f 'asn1_OCSPResponseStatus.c' || echo '$(srcdir)/'`asn1_OCSPResponseStatus.c libhx509_la-asn1_OCSPSignature.lo: asn1_OCSPSignature.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSignature.lo `test -f 'asn1_OCSPSignature.c' || echo '$(srcdir)/'`asn1_OCSPSignature.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPSignature.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPSignature.Tpo -c -o libhx509_la-asn1_OCSPSignature.lo `test -f 'asn1_OCSPSignature.c' || echo '$(srcdir)/'`asn1_OCSPSignature.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPSignature.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPSignature.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPSignature.c' object='libhx509_la-asn1_OCSPSignature.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSignature.lo `test -f 'asn1_OCSPSignature.c' || echo '$(srcdir)/'`asn1_OCSPSignature.c libhx509_la-asn1_OCSPSingleResponse.lo: asn1_OCSPSingleResponse.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSingleResponse.lo `test -f 'asn1_OCSPSingleResponse.c' || echo '$(srcdir)/'`asn1_OCSPSingleResponse.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPSingleResponse.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPSingleResponse.Tpo -c -o libhx509_la-asn1_OCSPSingleResponse.lo `test -f 'asn1_OCSPSingleResponse.c' || echo '$(srcdir)/'`asn1_OCSPSingleResponse.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPSingleResponse.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPSingleResponse.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPSingleResponse.c' object='libhx509_la-asn1_OCSPSingleResponse.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPSingleResponse.lo `test -f 'asn1_OCSPSingleResponse.c' || echo '$(srcdir)/'`asn1_OCSPSingleResponse.c libhx509_la-asn1_OCSPTBSRequest.lo: asn1_OCSPTBSRequest.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPTBSRequest.lo `test -f 'asn1_OCSPTBSRequest.c' || echo '$(srcdir)/'`asn1_OCSPTBSRequest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPTBSRequest.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPTBSRequest.Tpo -c -o libhx509_la-asn1_OCSPTBSRequest.lo `test -f 'asn1_OCSPTBSRequest.c' || echo '$(srcdir)/'`asn1_OCSPTBSRequest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPTBSRequest.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPTBSRequest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPTBSRequest.c' object='libhx509_la-asn1_OCSPTBSRequest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPTBSRequest.lo `test -f 'asn1_OCSPTBSRequest.c' || echo '$(srcdir)/'`asn1_OCSPTBSRequest.c libhx509_la-asn1_OCSPVersion.lo: asn1_OCSPVersion.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPVersion.lo `test -f 'asn1_OCSPVersion.c' || echo '$(srcdir)/'`asn1_OCSPVersion.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_OCSPVersion.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_OCSPVersion.Tpo -c -o libhx509_la-asn1_OCSPVersion.lo `test -f 'asn1_OCSPVersion.c' || echo '$(srcdir)/'`asn1_OCSPVersion.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_OCSPVersion.Tpo $(DEPDIR)/libhx509_la-asn1_OCSPVersion.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_OCSPVersion.c' object='libhx509_la-asn1_OCSPVersion.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_OCSPVersion.lo `test -f 'asn1_OCSPVersion.c' || echo '$(srcdir)/'`asn1_OCSPVersion.c libhx509_la-asn1_id_pkix_ocsp.lo: asn1_id_pkix_ocsp.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp.lo `test -f 'asn1_id_pkix_ocsp.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_id_pkix_ocsp.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp.Tpo -c -o libhx509_la-asn1_id_pkix_ocsp.lo `test -f 'asn1_id_pkix_ocsp.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp.Tpo $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_id_pkix_ocsp.c' object='libhx509_la-asn1_id_pkix_ocsp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp.lo `test -f 'asn1_id_pkix_ocsp.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp.c libhx509_la-asn1_id_pkix_ocsp_basic.lo: asn1_id_pkix_ocsp_basic.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_basic.lo `test -f 'asn1_id_pkix_ocsp_basic.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_basic.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_id_pkix_ocsp_basic.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_basic.Tpo -c -o libhx509_la-asn1_id_pkix_ocsp_basic.lo `test -f 'asn1_id_pkix_ocsp_basic.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_basic.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_basic.Tpo $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_basic.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_id_pkix_ocsp_basic.c' object='libhx509_la-asn1_id_pkix_ocsp_basic.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_basic.lo `test -f 'asn1_id_pkix_ocsp_basic.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_basic.c libhx509_la-asn1_id_pkix_ocsp_nonce.lo: asn1_id_pkix_ocsp_nonce.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_nonce.lo `test -f 'asn1_id_pkix_ocsp_nonce.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_nonce.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_id_pkix_ocsp_nonce.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_nonce.Tpo -c -o libhx509_la-asn1_id_pkix_ocsp_nonce.lo `test -f 'asn1_id_pkix_ocsp_nonce.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_nonce.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_nonce.Tpo $(DEPDIR)/libhx509_la-asn1_id_pkix_ocsp_nonce.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_id_pkix_ocsp_nonce.c' object='libhx509_la-asn1_id_pkix_ocsp_nonce.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_id_pkix_ocsp_nonce.lo `test -f 'asn1_id_pkix_ocsp_nonce.c' || echo '$(srcdir)/'`asn1_id_pkix_ocsp_nonce.c libhx509_la-asn1_CertificationRequestInfo.lo: asn1_CertificationRequestInfo.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequestInfo.lo `test -f 'asn1_CertificationRequestInfo.c' || echo '$(srcdir)/'`asn1_CertificationRequestInfo.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_CertificationRequestInfo.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_CertificationRequestInfo.Tpo -c -o libhx509_la-asn1_CertificationRequestInfo.lo `test -f 'asn1_CertificationRequestInfo.c' || echo '$(srcdir)/'`asn1_CertificationRequestInfo.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_CertificationRequestInfo.Tpo $(DEPDIR)/libhx509_la-asn1_CertificationRequestInfo.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_CertificationRequestInfo.c' object='libhx509_la-asn1_CertificationRequestInfo.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequestInfo.lo `test -f 'asn1_CertificationRequestInfo.c' || echo '$(srcdir)/'`asn1_CertificationRequestInfo.c libhx509_la-asn1_CertificationRequest.lo: asn1_CertificationRequest.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequest.lo `test -f 'asn1_CertificationRequest.c' || echo '$(srcdir)/'`asn1_CertificationRequest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-asn1_CertificationRequest.lo -MD -MP -MF $(DEPDIR)/libhx509_la-asn1_CertificationRequest.Tpo -c -o libhx509_la-asn1_CertificationRequest.lo `test -f 'asn1_CertificationRequest.c' || echo '$(srcdir)/'`asn1_CertificationRequest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-asn1_CertificationRequest.Tpo $(DEPDIR)/libhx509_la-asn1_CertificationRequest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_CertificationRequest.c' object='libhx509_la-asn1_CertificationRequest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-asn1_CertificationRequest.lo `test -f 'asn1_CertificationRequest.c' || echo '$(srcdir)/'`asn1_CertificationRequest.c libhx509_la-hx509_err.lo: hx509_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-hx509_err.lo `test -f 'hx509_err.c' || echo '$(srcdir)/'`hx509_err.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libhx509_la-hx509_err.lo -MD -MP -MF $(DEPDIR)/libhx509_la-hx509_err.Tpo -c -o libhx509_la-hx509_err.lo `test -f 'hx509_err.c' || echo '$(srcdir)/'`hx509_err.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libhx509_la-hx509_err.Tpo $(DEPDIR)/libhx509_la-hx509_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hx509_err.c' object='libhx509_la-hx509_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhx509_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhx509_la-hx509_err.lo `test -f 'hx509_err.c' || echo '$(srcdir)/'`hx509_err.c hxtool-hxtool.o: hxtool.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.o `test -f 'hxtool.c' || echo '$(srcdir)/'`hxtool.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hxtool-hxtool.o -MD -MP -MF $(DEPDIR)/hxtool-hxtool.Tpo -c -o hxtool-hxtool.o `test -f 'hxtool.c' || echo '$(srcdir)/'`hxtool.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/hxtool-hxtool.Tpo $(DEPDIR)/hxtool-hxtool.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hxtool.c' object='hxtool-hxtool.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.o `test -f 'hxtool.c' || echo '$(srcdir)/'`hxtool.c hxtool-hxtool.obj: hxtool.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.obj `if test -f 'hxtool.c'; then $(CYGPATH_W) 'hxtool.c'; else $(CYGPATH_W) '$(srcdir)/hxtool.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hxtool-hxtool.obj -MD -MP -MF $(DEPDIR)/hxtool-hxtool.Tpo -c -o hxtool-hxtool.obj `if test -f 'hxtool.c'; then $(CYGPATH_W) 'hxtool.c'; else $(CYGPATH_W) '$(srcdir)/hxtool.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/hxtool-hxtool.Tpo $(DEPDIR)/hxtool-hxtool.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hxtool.c' object='hxtool-hxtool.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool.obj `if test -f 'hxtool.c'; then $(CYGPATH_W) 'hxtool.c'; else $(CYGPATH_W) '$(srcdir)/hxtool.c'; fi` hxtool-hxtool-commands.o: hxtool-commands.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.o `test -f 'hxtool-commands.c' || echo '$(srcdir)/'`hxtool-commands.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hxtool-hxtool-commands.o -MD -MP -MF $(DEPDIR)/hxtool-hxtool-commands.Tpo -c -o hxtool-hxtool-commands.o `test -f 'hxtool-commands.c' || echo '$(srcdir)/'`hxtool-commands.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/hxtool-hxtool-commands.Tpo $(DEPDIR)/hxtool-hxtool-commands.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hxtool-commands.c' object='hxtool-hxtool-commands.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.o `test -f 'hxtool-commands.c' || echo '$(srcdir)/'`hxtool-commands.c hxtool-hxtool-commands.obj: hxtool-commands.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.obj `if test -f 'hxtool-commands.c'; then $(CYGPATH_W) 'hxtool-commands.c'; else $(CYGPATH_W) '$(srcdir)/hxtool-commands.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hxtool-hxtool-commands.obj -MD -MP -MF $(DEPDIR)/hxtool-hxtool-commands.Tpo -c -o hxtool-hxtool-commands.obj `if test -f 'hxtool-commands.c'; then $(CYGPATH_W) 'hxtool-commands.c'; else $(CYGPATH_W) '$(srcdir)/hxtool-commands.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/hxtool-hxtool-commands.Tpo $(DEPDIR)/hxtool-hxtool-commands.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hxtool-commands.c' object='hxtool-hxtool-commands.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(hxtool_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hxtool-hxtool-commands.obj `if test -f 'hxtool-commands.c'; then $(CYGPATH_W) 'hxtool-commands.c'; else $(CYGPATH_W) '$(srcdir)/hxtool-commands.c'; fi` + +test_name-test_name.o: test_name.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_name_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_name-test_name.o -MD -MP -MF $(DEPDIR)/test_name-test_name.Tpo -c -o test_name-test_name.o `test -f 'test_name.c' || echo '$(srcdir)/'`test_name.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_name-test_name.Tpo $(DEPDIR)/test_name-test_name.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_name.c' object='test_name-test_name.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_name_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_name-test_name.o `test -f 'test_name.c' || echo '$(srcdir)/'`test_name.c + +test_name-test_name.obj: test_name.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_name_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_name-test_name.obj -MD -MP -MF $(DEPDIR)/test_name-test_name.Tpo -c -o test_name-test_name.obj `if test -f 'test_name.c'; then $(CYGPATH_W) 'test_name.c'; else $(CYGPATH_W) '$(srcdir)/test_name.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_name-test_name.Tpo $(DEPDIR)/test_name-test_name.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_name.c' object='test_name-test_name.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_name_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_name-test_name.obj `if test -f 'test_name.c'; then $(CYGPATH_W) 'test_name.c'; else $(CYGPATH_W) '$(srcdir)/test_name.c'; fi` test_soft_pkcs11-test_soft_pkcs11.o: test_soft_pkcs11.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.o `test -f 'test_soft_pkcs11.c' || echo '$(srcdir)/'`test_soft_pkcs11.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_soft_pkcs11-test_soft_pkcs11.o -MD -MP -MF $(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Tpo -c -o test_soft_pkcs11-test_soft_pkcs11.o `test -f 'test_soft_pkcs11.c' || echo '$(srcdir)/'`test_soft_pkcs11.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Tpo $(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_soft_pkcs11.c' object='test_soft_pkcs11-test_soft_pkcs11.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.o `test -f 'test_soft_pkcs11.c' || echo '$(srcdir)/'`test_soft_pkcs11.c test_soft_pkcs11-test_soft_pkcs11.obj: test_soft_pkcs11.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.obj `if test -f 'test_soft_pkcs11.c'; then $(CYGPATH_W) 'test_soft_pkcs11.c'; else $(CYGPATH_W) '$(srcdir)/test_soft_pkcs11.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_soft_pkcs11-test_soft_pkcs11.obj -MD -MP -MF $(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Tpo -c -o test_soft_pkcs11-test_soft_pkcs11.obj `if test -f 'test_soft_pkcs11.c'; then $(CYGPATH_W) 'test_soft_pkcs11.c'; else $(CYGPATH_W) '$(srcdir)/test_soft_pkcs11.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Tpo $(DEPDIR)/test_soft_pkcs11-test_soft_pkcs11.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_soft_pkcs11.c' object='test_soft_pkcs11-test_soft_pkcs11.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(test_soft_pkcs11_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_soft_pkcs11-test_soft_pkcs11.obj `if test -f 'test_soft_pkcs11.c'; then $(CYGPATH_W) 'test_soft_pkcs11.c'; else $(CYGPATH_W) '$(srcdir)/test_soft_pkcs11.c'; fi` + +.l.c: + $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) + +.y.c: + $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) mostlyclean-libtool: -rm -f *.lo @@ -949,90 +1391,101 @@ clean-libtool: install-dist_includeHEADERS: $(dist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(dist_include_HEADERS)'; for p in $$list; do \ + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-dist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(dist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -1041,49 +1494,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -1094,11 +1561,15 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi @@ -1118,13 +1589,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -1165,10 +1640,14 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -rm -f sel-gram.c + -rm -f sel-gram.h + -rm -f sel-lex.c -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am @@ -1176,6 +1655,7 @@ clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \ clean-libLTLIBRARIES clean-libtool clean-local mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1186,6 +1666,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1194,26 +1676,35 @@ install-data-am: install-dist_includeHEADERS \ install-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1234,9 +1725,8 @@ uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \ uninstall-libLTLIBRARIES uninstall-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: all check check-am install install-am install-data-am \ + install-exec-am install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \ @@ -1327,6 +1817,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1412,7 +1905,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1425,25 +1918,28 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ fi ; \ done -$(libhx509_la_OBJECTS): $(srcdir)/version-script.map -$(gen_files_ocsp) ocsp_asn1.h: ocsp_asn1_files -$(gen_files_pkcs10) pkcs10_asn1.h: pkcs10_asn1_files -$(gen_files_crmf) crmf_asn1.h: crmf_asn1_files +sel-lex.c: sel-gram.h +$(libhx509_la_OBJECTS): $(srcdir)/version-script.map $(nodist_include_HEADERS) $(priv_headers) -ocsp_asn1_files: $(asn1_compile) $(srcdir)/ocsp.asn1 - $(asn1_compile) --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1) +$(gen_files_ocsp) ocsp_asn1.hx ocsp_asn1-priv.hx: ocsp_asn1_files +$(gen_files_pkcs10) pkcs10_asn1.hx pkcs10_asn1-priv.hx: pkcs10_asn1_files +$(gen_files_crmf) crmf_asn1.hx crmf_asn1-priv.hx: crmf_asn1_files -pkcs10_asn1_files: $(asn1_compile) $(srcdir)/pkcs10.asn1 - $(asn1_compile) --preserve-binary=CertificationRequestInfo $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1) +ocsp_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/ocsp.asn1 $(srcdir)/ocsp.opt + $(ASN1_COMPILE) --option-file=$(srcdir)/ocsp.opt $(srcdir)/ocsp.asn1 ocsp_asn1 || (rm -f ocsp_asn1_files ; exit 1) -crmf_asn1_files: $(asn1_compile) $(srcdir)/crmf.asn1 - $(asn1_compile) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1) +pkcs10_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/pkcs10.asn1 $(srcdir)/pkcs10.opt + $(ASN1_COMPILE) --option-file=$(srcdir)/pkcs10.opt $(srcdir)/pkcs10.asn1 pkcs10_asn1 || (rm -f pkcs10_asn1_files ; exit 1) -$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h +crmf_asn1_files: $(ASN1_COMPILE_DEP) $(srcdir)/crmf.asn1 + $(ASN1_COMPILE) $(srcdir)/crmf.asn1 crmf_asn1 || (rm -f crmf_asn1_files ; exit 1) + +$(libhx509_la_OBJECTS): $(srcdir)/hx509-protos.h $(srcdir)/hx509-private.h $(srcdir)/hx_locl.h +$(libhx509_la_OBJECTS): ocsp_asn1.h pkcs10_asn1.h $(srcdir)/hx509-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB_FUNCTION -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -R '^(_|^C)' -E HX509_LIB -q -P comment -o hx509-protos.h $(dist_libhx509_la_SOURCES) || rm -f hx509-protos.h $(srcdir)/hx509-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p hx509-private.h $(dist_libhx509_la_SOURCES) || rm -f hx509-private.h @@ -1525,6 +2021,7 @@ test_query: test_query.in Makefile $(do_subst) < $(srcdir)/test_query.in > test_query.tmp chmod +x test_query.tmp mv test_query.tmp test_query + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/hx509/ca.c b/crypto/heimdal/lib/hx509/ca.c index 40260700b3f..cb5a7be62cc 100644 --- a/crypto/heimdal/lib/hx509/ca.c +++ b/crypto/heimdal/lib/hx509/ca.c @@ -1,39 +1,38 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" #include -RCSID("$Id: ca.c 22456 2008-01-15 20:22:53Z lha $"); /** * @page page_ca Hx509 CA functions @@ -54,11 +53,15 @@ struct hx509_ca_tbs { unsigned int key:1; unsigned int serial:1; unsigned int domaincontroller:1; + unsigned int xUniqueID:1; } flags; time_t notBefore; time_t notAfter; int pathLenConstraint; /* both for CA and Proxy */ CRLDistributionPoints crldp; + heim_bit_string subjectUniqueID; + heim_bit_string issuerUniqueID; + }; /** @@ -81,15 +84,6 @@ hx509_ca_tbs_init(hx509_context context, hx509_ca_tbs *tbs) if (*tbs == NULL) return ENOMEM; - (*tbs)->subject = NULL; - (*tbs)->san.len = 0; - (*tbs)->san.val = NULL; - (*tbs)->eku.len = 0; - (*tbs)->eku.val = NULL; - (*tbs)->pathLenConstraint = 0; - (*tbs)->crldp.len = 0; - (*tbs)->crldp.val = NULL; - return 0; } @@ -112,7 +106,8 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs) free_ExtKeyUsage(&(*tbs)->eku); der_free_heim_integer(&(*tbs)->serial); free_CRLDistributionPoints(&(*tbs)->crldp); - + der_free_bit_string(&(*tbs)->subjectUniqueID); + der_free_bit_string(&(*tbs)->issuerUniqueID); hx509_name_free(&(*tbs)->subject); memset(*tbs, 0, sizeof(**tbs)); @@ -236,7 +231,7 @@ hx509_ca_tbs_set_template(hx509_context context, hx509_name_free(&tbs->subject); ret = hx509_cert_get_subject(cert, &tbs->subject); if (ret) { - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Failed to get subject from template"); return ret; } @@ -246,7 +241,7 @@ hx509_ca_tbs_set_template(hx509_context context, ret = hx509_cert_get_serialnumber(cert, &tbs->serial); tbs->flags.serial = !ret; if (ret) { - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Failed to copy serial number"); return ret; } @@ -271,7 +266,7 @@ hx509_ca_tbs_set_template(hx509_context context, } if (flags & HX509_CA_TEMPLATE_EKU) { ExtKeyUsage eku; - int i; + size_t i; ret = _hx509_cert_get_eku(context, cert, &eku); if (ret) return ret; @@ -473,7 +468,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, int ret; memset(&dp, 0, sizeof(dp)); - + dp.distributionPoint = ecalloc(1, sizeof(*dp.distributionPoint)); { @@ -486,10 +481,11 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, name.u.fullName.val = &gn; gn.element = choice_GeneralName_uniformResourceIdentifier; - gn.u.uniformResourceIdentifier = rk_UNCONST(uri); + gn.u.uniformResourceIdentifier.data = rk_UNCONST(uri); + gn.u.uniformResourceIdentifier.length = strlen(uri); - ASN1_MALLOC_ENCODE(DistributionPointName, - dp.distributionPoint->data, + ASN1_MALLOC_ENCODE(DistributionPointName, + dp.distributionPoint->data, dp.distributionPoint->length, &name, &size, ret); if (ret) { @@ -509,7 +505,7 @@ hx509_ca_tbs_add_crl_dp_uri(hx509_context context, hx509_set_error_string(context, 0, EINVAL, "CRLDistributionPoints.name.issuername not yet supported"); return EINVAL; -#else +#else GeneralNames *crlissuer; GeneralName gn; Name n; @@ -579,7 +575,7 @@ hx509_ca_tbs_add_san_otherName(hx509_context context, gn.element = choice_GeneralName_otherName; gn.u.otherName.type_id = *oid; gn.u.otherName.value = *os; - + return add_GeneralNames(&tbs->san, &gn); } @@ -614,14 +610,14 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, const char *str; char *q; int n; - + /* count number of component */ n = 1; for(str = principal; *str != '\0' && *str != '@'; str++){ if(*str=='\\'){ if(str[1] == '\0' || str[1] == '@') { ret = HX509_PARSING_NAME_FAILED; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "trailing \\ in principal name"); goto out; } @@ -629,7 +625,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, } else if(*str == '/') n++; } - p.principalName.name_string.val = + p.principalName.name_string.val = calloc(n, sizeof(*p.principalName.name_string.val)); if (p.principalName.name_string.val == NULL) { ret = ENOMEM; @@ -637,7 +633,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, goto out; } p.principalName.name_string.len = n; - + p.principalName.name_type = KRB5_NT_PRINCIPAL; q = s = strdup(principal); if (q == NULL) { @@ -661,7 +657,7 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, *q++ = '\0'; } } - + ASN1_MALLOC_ENCODE(KRB5PrincipalName, os.data, os.length, &p, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -669,10 +665,10 @@ hx509_ca_tbs_add_san_pkinit(hx509_context context, } if (size != os.length) _hx509_abort("internal ASN.1 encoder error"); - + ret = hx509_ca_tbs_add_san_otherName(context, tbs, - oid_id_pkinit_san(), + &asn1_oid_id_pkinit_san, &os); free(os.data); out: @@ -682,7 +678,7 @@ out: free(s); return ret; } - + /* * */ @@ -693,7 +689,7 @@ add_utf8_san(hx509_context context, const heim_oid *oid, const char *string) { - const PKIXXmppAddr ustring = (const PKIXXmppAddr)string; + const PKIXXmppAddr ustring = (const PKIXXmppAddr)(intptr_t)string; heim_octet_string os; size_t size; int ret; @@ -708,7 +704,7 @@ add_utf8_san(hx509_context context, } if (size != os.length) _hx509_abort("internal ASN.1 encoder error"); - + ret = hx509_ca_tbs_add_san_otherName(context, tbs, oid, @@ -736,7 +732,7 @@ hx509_ca_tbs_add_san_ms_upn(hx509_context context, hx509_ca_tbs tbs, const char *principal) { - return add_utf8_san(context, tbs, oid_id_pkinit_ms_san(), principal); + return add_utf8_san(context, tbs, &asn1_oid_id_pkinit_ms_san, principal); } /** @@ -757,7 +753,7 @@ hx509_ca_tbs_add_san_jid(hx509_context context, hx509_ca_tbs tbs, const char *jid) { - return add_utf8_san(context, tbs, oid_id_pkix_on_xmppAddr(), jid); + return add_utf8_san(context, tbs, &asn1_oid_id_pkix_on_xmppAddr, jid); } @@ -786,8 +782,9 @@ hx509_ca_tbs_add_san_hostname(hx509_context context, memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_dNSName; - gn.u.dNSName = rk_UNCONST(dnsname); - + gn.u.dNSName.data = rk_UNCONST(dnsname); + gn.u.dNSName.length = strlen(dnsname); + return add_GeneralNames(&tbs->san, &gn); } @@ -813,8 +810,9 @@ hx509_ca_tbs_add_san_rfc822name(hx509_context context, memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_rfc822Name; - gn.u.rfc822Name = rk_UNCONST(rfc822Name); - + gn.u.rfc822Name.data = rk_UNCONST(rfc822Name); + gn.u.rfc822Name.length = strlen(rfc822Name); + return add_GeneralNames(&tbs->san, &gn); } @@ -840,6 +838,50 @@ hx509_ca_tbs_set_subject(hx509_context context, return hx509_name_copy(context, subject, &tbs->subject); } +/** + * Set the issuerUniqueID and subjectUniqueID + * + * These are only supposed to be used considered with version 2 + * certificates, replaced by the two extensions SubjectKeyIdentifier + * and IssuerKeyIdentifier. This function is to allow application + * using legacy protocol to issue them. + * + * @param context A hx509 context. + * @param tbs object to be signed. + * @param issuerUniqueID to be set + * @param subjectUniqueID to be set + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_ca + */ + +int +hx509_ca_tbs_set_unique(hx509_context context, + hx509_ca_tbs tbs, + const heim_bit_string *subjectUniqueID, + const heim_bit_string *issuerUniqueID) +{ + int ret; + + der_free_bit_string(&tbs->subjectUniqueID); + der_free_bit_string(&tbs->issuerUniqueID); + + if (subjectUniqueID) { + ret = der_copy_bit_string(subjectUniqueID, &tbs->subjectUniqueID); + if (ret) + return ret; + } + + if (issuerUniqueID) { + ret = der_copy_bit_string(issuerUniqueID, &tbs->issuerUniqueID); + if (ret) + return ret; + } + + return 0; +} + /** * Expand the the subject name in the to-be-signed certificate object * using hx509_name_expand(). @@ -862,6 +904,10 @@ hx509_ca_tbs_subject_expand(hx509_context context, return hx509_name_expand(context, tbs->subject, env); } +/* + * + */ + static int add_extension(hx509_context context, TBSCertificate *tbsc, @@ -926,7 +972,7 @@ build_proxy_prefix(hx509_context context, const Name *issuer, Name *subject) return ENOMEM; } /* prefix with CN=,...*/ - ret = _hx509_name_modify(context, subject, 1, oid_id_at_commonName(), tstr); + ret = _hx509_name_modify(context, subject, 1, &asn1_oid_id_at_commonName, tstr); free(tstr); if (ret) free_Name(subject); @@ -1005,7 +1051,7 @@ ca_sign(hx509_context context, return EINVAL; } if (hx509_name_is_null_p(tbs->subject) && tbs->san.len == 0) { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "NULL subject and no SubjectAltNames"); return EINVAL; } @@ -1017,7 +1063,7 @@ ca_sign(hx509_context context, } if (tbs->flags.proxy) { if (tbs->san.len > 0) { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "Proxy certificate is not allowed " "to have SubjectAltNames"); return EINVAL; @@ -1091,7 +1137,35 @@ ca_sign(hx509_context context, goto out; } /* issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL */ + if (tbs->issuerUniqueID.length) { + tbsc->issuerUniqueID = calloc(1, sizeof(*tbsc->issuerUniqueID)); + if (tbsc->issuerUniqueID == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + ret = der_copy_bit_string(&tbs->issuerUniqueID, tbsc->issuerUniqueID); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + } /* subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL */ + if (tbs->subjectUniqueID.length) { + tbsc->subjectUniqueID = calloc(1, sizeof(*tbsc->subjectUniqueID)); + if (tbsc->subjectUniqueID == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + + ret = der_copy_bit_string(&tbs->subjectUniqueID, tbsc->subjectUniqueID); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + } + /* extensions [3] EXPLICIT Extensions OPTIONAL */ tbsc->extensions = calloc(1, sizeof(*tbsc->extensions)); if (tbsc->extensions == NULL) { @@ -1099,7 +1173,7 @@ ca_sign(hx509_context context, hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; } - + /* Add the text BMP string Domaincontroller to the cert */ if (tbs->flags.domaincontroller) { data.data = rk_UNCONST("\x1e\x20\x00\x44\x00\x6f\x00\x6d" @@ -1110,7 +1184,7 @@ ca_sign(hx509_context context, data.length = 34; ret = add_extension(context, tbsc, 0, - oid_id_ms_cert_enroll_domaincontroller(), + &asn1_oid_id_ms_cert_enroll_domaincontroller, &data); if (ret) goto out; @@ -1129,7 +1203,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 1, - oid_id_x509_ce_keyUsage(), &data); + &asn1_oid_id_x509_ce_keyUsage, &data); free(data.data); if (ret) goto out; @@ -1137,7 +1211,7 @@ ca_sign(hx509_context context, /* add ExtendedKeyUsage */ if (tbs->eku.len > 0) { - ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, + ASN1_MALLOC_ENCODE(ExtKeyUsage, data.data, data.length, &tbs->eku, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1146,7 +1220,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_x509_ce_extKeyUsage(), &data); + &asn1_oid_id_x509_ce_extKeyUsage, &data); free(data.data); if (ret) goto out; @@ -1154,7 +1228,7 @@ ca_sign(hx509_context context, /* add Subject Alternative Name */ if (tbs->san.len > 0) { - ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, + ASN1_MALLOC_ENCODE(GeneralNames, data.data, data.length, &tbs->san, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1163,7 +1237,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_x509_ce_subjectAltName(), + &asn1_oid_id_x509_ce_subjectAltName, &data); free(data.data); if (ret) @@ -1172,7 +1246,7 @@ ca_sign(hx509_context context, /* Add Authority Key Identifier */ if (ai) { - ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, + ASN1_MALLOC_ENCODE(AuthorityKeyIdentifier, data.data, data.length, ai, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1181,7 +1255,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_x509_ce_authorityKeyIdentifier(), + &asn1_oid_id_x509_ce_authorityKeyIdentifier, &data); free(data.data); if (ret) @@ -1194,18 +1268,20 @@ ca_sign(hx509_context context, unsigned char hash[SHA_DIGEST_LENGTH]; { - SHA_CTX m; - - SHA1_Init(&m); - SHA1_Update(&m, tbs->spki.subjectPublicKey.data, - tbs->spki.subjectPublicKey.length / 8); - SHA1_Final (hash, &m); + EVP_MD_CTX *ctx; + + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestUpdate(ctx, tbs->spki.subjectPublicKey.data, + tbs->spki.subjectPublicKey.length / 8); + EVP_DigestFinal_ex(ctx, hash, NULL); + EVP_MD_CTX_destroy(ctx); } si.data = hash; si.length = sizeof(hash); - ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, + ASN1_MALLOC_ENCODE(SubjectKeyIdentifier, data.data, data.length, &si, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1214,18 +1290,18 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_x509_ce_subjectKeyIdentifier(), + &asn1_oid_id_x509_ce_subjectKeyIdentifier, &data); free(data.data); if (ret) goto out; } - /* Add BasicConstraints */ + /* Add BasicConstraints */ { BasicConstraints bc; int aCA = 1; - uint32_t path; + unsigned int path; memset(&bc, 0, sizeof(bc)); @@ -1237,7 +1313,7 @@ ca_sign(hx509_context context, } } - ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, + ASN1_MALLOC_ENCODE(BasicConstraints, data.data, data.length, &bc, &size, ret); if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); @@ -1247,7 +1323,7 @@ ca_sign(hx509_context context, _hx509_abort("internal ASN.1 encoder error"); /* Critical if this is a CA */ ret = add_extension(context, tbsc, tbs->flags.ca, - oid_id_x509_ce_basicConstraints(), + &asn1_oid_id_x509_ce_basicConstraints, &data); free(data.data); if (ret) @@ -1261,7 +1337,7 @@ ca_sign(hx509_context context, memset(&info, 0, sizeof(info)); if (tbs->pathLenConstraint >= 0) { - info.pCPathLenConstraint = + info.pCPathLenConstraint = malloc(sizeof(*info.pCPathLenConstraint)); if (info.pCPathLenConstraint == NULL) { ret = ENOMEM; @@ -1271,7 +1347,7 @@ ca_sign(hx509_context context, *info.pCPathLenConstraint = tbs->pathLenConstraint; } - ret = der_copy_oid(oid_id_pkix_ppl_inheritAll(), + ret = der_copy_oid(&asn1_oid_id_pkix_ppl_inheritAll, &info.proxyPolicy.policyLanguage); if (ret) { free_ProxyCertInfo(&info); @@ -1279,7 +1355,7 @@ ca_sign(hx509_context context, goto out; } - ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, + ASN1_MALLOC_ENCODE(ProxyCertInfo, data.data, data.length, &info, &size, ret); free_ProxyCertInfo(&info); if (ret) { @@ -1289,7 +1365,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_pkix_pe_proxyCertInfo(), + &asn1_oid_id_pkix_pe_proxyCertInfo, &data); free(data.data); if (ret) @@ -1307,7 +1383,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, FALSE, - oid_id_x509_ce_cRLDistributionPoints(), + &asn1_oid_id_x509_ce_cRLDistributionPoints, &data); free(data.data); if (ret) @@ -1377,14 +1453,14 @@ get_AuthorityKeyIdentifier(hx509_context context, memset(&gns, 0, sizeof(gns)); memset(&name, 0, sizeof(name)); - ai->authorityCertIssuer = + ai->authorityCertIssuer = calloc(1, sizeof(*ai->authorityCertIssuer)); if (ai->authorityCertIssuer == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; } - ai->authorityCertSerialNumber = + ai->authorityCertSerialNumber = calloc(1, sizeof(*ai->authorityCertSerialNumber)); if (ai->authorityCertSerialNumber == NULL) { ret = ENOMEM; @@ -1392,22 +1468,21 @@ get_AuthorityKeyIdentifier(hx509_context context, goto out; } - /* + /* * XXX unbreak when asn1 compiler handle IMPLICIT * * This is so horrible. */ ret = copy_Name(&certificate->tbsCertificate.subject, &name); - if (ai->authorityCertSerialNumber == NULL) { - ret = ENOMEM; + if (ret) { hx509_set_error_string(context, 0, ret, "Out of memory"); goto out; } memset(&gn, 0, sizeof(gn)); gn.element = choice_GeneralName_directoryName; - gn.u.directoryName.element = + gn.u.directoryName.element = choice_GeneralName_directoryName_rdnSequence; gn.u.directoryName.u.rdnSequence = name.u.rdnSequence; @@ -1436,7 +1511,7 @@ out: /** - * Sign a to-be-signed certificate object with a issuer certificate. + * Sign a to-be-signed certificate object with a issuer certificate. * * The caller needs to at least have called the following functions on the * to-be-signed certificate object: @@ -1478,7 +1553,7 @@ hx509_ca_sign(hx509_context context, goto out; ret = ca_sign(context, - tbs, + tbs, _hx509_cert_private_key(signer), &ai, &signer_cert->tbsCertificate.subject, @@ -1510,7 +1585,7 @@ hx509_ca_sign_self(hx509_context context, hx509_cert *certificate) { return ca_sign(context, - tbs, + tbs, signer, NULL, NULL, diff --git a/crypto/heimdal/lib/hx509/cert.c b/crypto/heimdal/lib/hx509/cert.c index 1520e23cb1d..70e57560377 100644 --- a/crypto/heimdal/lib/hx509/cert.c +++ b/crypto/heimdal/lib/hx509/cert.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: cert.c 22450 2008-01-15 19:39:14Z lha $"); #include "crypto-headers.h" #include @@ -59,6 +58,7 @@ struct hx509_verify_ctx_data { #define HX509_VERIFY_CTX_F_REQUIRE_RFC3280 4 #define HX509_VERIFY_CTX_F_CHECK_TRUST_ANCHORS 8 #define HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS 16 +#define HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK 32 time_t time_now; unsigned int max_depth; #define HX509_VERIFY_MAX_DEPTH 30 @@ -138,10 +138,10 @@ hx509_context_init(hx509_context *context) /** * Selects if the hx509_revoke_verify() function is going to require - * the existans of a revokation method (OSCP, CRL) or not. Note that + * the existans of a revokation method (OCSP, CRL) or not. Note that * hx509_verify_path(), hx509_cms_verify_signed(), and other function * call hx509_revoke_verify(). - * + * * @param context hx509 context to change the flag for. * @param flag zero, revokation method required, non zero missing * revokation method ok @@ -160,7 +160,7 @@ hx509_context_set_missing_revoke(hx509_context context, int flag) /** * Free the context allocated by hx509_context_init(). - * + * * @param context context to be freed. * * @ingroup hx509 @@ -205,7 +205,7 @@ _hx509_cert_get_version(const Certificate *t) /** * Allocate and init an hx509 certificate object from the decoded - * certificate `c´. + * certificate `c´. * * @param context A hx509 context. * @param c @@ -268,7 +268,7 @@ hx509_cert_init(hx509_context context, const Certificate *c, hx509_cert *cert) */ int -hx509_cert_init_data(hx509_context context, +hx509_cert_init_data(hx509_context context, const void *ptr, size_t len, hx509_cert *cert) @@ -283,6 +283,7 @@ hx509_cert_init_data(hx509_context context, return ret; } if (size != len) { + free_Certificate(&t); hx509_set_error_string(context, 0, HX509_EXTRA_DATA_AFTER_STRUCTURE, "Extra data after certificate"); return HX509_EXTRA_DATA_AFTER_STRUCTURE; @@ -294,7 +295,7 @@ hx509_cert_init_data(hx509_context context, } void -_hx509_cert_set_release(hx509_cert cert, +_hx509_cert_set_release(hx509_cert cert, _hx509_cert_release_func release, void *ctx) { @@ -309,7 +310,7 @@ int _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key) { if (cert->private_key) - _hx509_private_key_free(&cert->private_key); + hx509_private_key_free(&cert->private_key); cert->private_key = _hx509_private_key_ref(private_key); return 0; } @@ -326,7 +327,7 @@ _hx509_cert_assign_key(hx509_cert cert, hx509_private_key private_key) void hx509_cert_free(hx509_cert cert) { - int i; + size_t i; if (cert == NULL) return; @@ -340,7 +341,7 @@ hx509_cert_free(hx509_cert cert) (cert->release)(cert, cert->ctx); if (cert->private_key) - _hx509_private_key_free(&cert->private_key); + hx509_private_key_free(&cert->private_key); free_Certificate(cert->data); free(cert->data); @@ -354,7 +355,7 @@ hx509_cert_free(hx509_cert cert) free(cert->friendlyname); if (cert->basename) hx509_name_free(&cert->basename); - memset(cert, 0, sizeof(cert)); + memset(cert, 0, sizeof(*cert)); free(cert); } @@ -383,7 +384,7 @@ hx509_cert_ref(hx509_cert cert) /** * Allocate an verification context that is used fo control the - * verification process. + * verification process. * * @param context A hx509 context. * @param ctx returns a pointer to a hx509_verify_ctx object. @@ -405,7 +406,7 @@ hx509_verify_init_ctx(hx509_context context, hx509_verify_ctx *ctx) c->max_depth = HX509_VERIFY_MAX_DEPTH; *ctx = c; - + return 0; } @@ -432,6 +433,7 @@ hx509_verify_destroy_ctx(hx509_verify_ctx ctx) * Set the trust anchors in the verification context, makes an * reference to the keyset, so the consumer can free the keyset * independent of the destruction of the verification context (ctx). + * If there already is a keyset attached, it's released. * * @param ctx a verification context * @param set a keyset containing the trust anchors. @@ -442,7 +444,9 @@ hx509_verify_destroy_ctx(hx509_verify_ctx ctx) void hx509_verify_attach_anchors(hx509_verify_ctx ctx, hx509_certs set) { - ctx->trust_anchors = _hx509_certs_ref(set); + if (ctx->trust_anchors) + hx509_certs_free(&ctx->trust_anchors); + ctx->trust_anchors = hx509_certs_ref(set); } /** @@ -485,6 +489,12 @@ hx509_verify_set_time(hx509_verify_ctx ctx, time_t t) ctx->time_now = t; } +time_t +_hx509_verify_get_time(hx509_verify_ctx ctx) +{ + return ctx->time_now; +} + /** * Set the maximum depth of the certificate chain that the path * builder is going to try. @@ -563,14 +573,24 @@ hx509_verify_ctx_f_allow_default_trustanchors(hx509_verify_ctx ctx, int boolean) ctx->flags |= HX509_VERIFY_CTX_F_NO_DEFAULT_ANCHORS; } +void +hx509_verify_ctx_f_allow_best_before_signature_algs(hx509_context ctx, + int boolean) +{ + if (boolean) + ctx->flags &= ~HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK; + else + ctx->flags |= HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK; +} + static const Extension * -find_extension(const Certificate *cert, const heim_oid *oid, int *idx) +find_extension(const Certificate *cert, const heim_oid *oid, size_t *idx) { const TBSCertificate *c = &cert->tbsCertificate; if (c->version == NULL || *c->version < 2 || c->extensions == NULL) return NULL; - + for (;*idx < c->extensions->len; (*idx)++) { if (der_heim_oid_cmp(&c->extensions->val[*idx].extnID, oid) == 0) return &c->extensions->val[(*idx)++]; @@ -579,21 +599,21 @@ find_extension(const Certificate *cert, const heim_oid *oid, int *idx) } static int -find_extension_auth_key_id(const Certificate *subject, +find_extension_auth_key_id(const Certificate *subject, AuthorityKeyIdentifier *ai) { const Extension *e; size_t size; - int i = 0; + size_t i = 0; memset(ai, 0, sizeof(*ai)); - e = find_extension(subject, oid_id_x509_ce_authorityKeyIdentifier(), &i); + e = find_extension(subject, &asn1_oid_id_x509_ce_authorityKeyIdentifier, &i); if (e == NULL) return HX509_EXTENSION_NOT_FOUND; - - return decode_AuthorityKeyIdentifier(e->extnValue.data, - e->extnValue.length, + + return decode_AuthorityKeyIdentifier(e->extnValue.data, + e->extnValue.length, ai, &size); } @@ -603,40 +623,40 @@ _hx509_find_extension_subject_key_id(const Certificate *issuer, { const Extension *e; size_t size; - int i = 0; + size_t i = 0; memset(si, 0, sizeof(*si)); - e = find_extension(issuer, oid_id_x509_ce_subjectKeyIdentifier(), &i); + e = find_extension(issuer, &asn1_oid_id_x509_ce_subjectKeyIdentifier, &i); if (e == NULL) return HX509_EXTENSION_NOT_FOUND; - - return decode_SubjectKeyIdentifier(e->extnValue.data, + + return decode_SubjectKeyIdentifier(e->extnValue.data, e->extnValue.length, si, &size); } static int -find_extension_name_constraints(const Certificate *subject, +find_extension_name_constraints(const Certificate *subject, NameConstraints *nc) { const Extension *e; size_t size; - int i = 0; + size_t i = 0; memset(nc, 0, sizeof(*nc)); - e = find_extension(subject, oid_id_x509_ce_nameConstraints(), &i); + e = find_extension(subject, &asn1_oid_id_x509_ce_nameConstraints, &i); if (e == NULL) return HX509_EXTENSION_NOT_FOUND; - - return decode_NameConstraints(e->extnValue.data, - e->extnValue.length, + + return decode_NameConstraints(e->extnValue.data, + e->extnValue.length, nc, &size); } static int -find_extension_subject_alt_name(const Certificate *cert, int *i, +find_extension_subject_alt_name(const Certificate *cert, size_t *i, GeneralNames *sa) { const Extension *e; @@ -644,11 +664,11 @@ find_extension_subject_alt_name(const Certificate *cert, int *i, memset(sa, 0, sizeof(*sa)); - e = find_extension(cert, oid_id_x509_ce_subjectAltName(), i); + e = find_extension(cert, &asn1_oid_id_x509_ce_subjectAltName, i); if (e == NULL) return HX509_EXTENSION_NOT_FOUND; - - return decode_GeneralNames(e->extnValue.data, + + return decode_GeneralNames(e->extnValue.data, e->extnValue.length, sa, &size); } @@ -658,15 +678,15 @@ find_extension_eku(const Certificate *cert, ExtKeyUsage *eku) { const Extension *e; size_t size; - int i = 0; + size_t i = 0; memset(eku, 0, sizeof(*eku)); - e = find_extension(cert, oid_id_x509_ce_extKeyUsage(), &i); + e = find_extension(cert, &asn1_oid_id_x509_ce_extKeyUsage, &i); if (e == NULL) return HX509_EXTENSION_NOT_FOUND; - - return decode_ExtKeyUsage(e->extnValue.data, + + return decode_ExtKeyUsage(e->extnValue.data, e->extnValue.length, eku, &size); } @@ -700,7 +720,7 @@ add_to_list(hx509_octet_string_list *list, const heim_octet_string *entry) void hx509_free_octet_string_list(hx509_octet_string_list *list) { - int i; + size_t i; for (i = 0; i < list->len; i++) der_free_octet_string(&list->val[i]); free(list->val); @@ -710,7 +730,7 @@ hx509_free_octet_string_list(hx509_octet_string_list *list) /** * Return a list of subjectAltNames specified by oid in the - * certificate. On error the + * certificate. On error the * * The returned list of octet string should be freed with * hx509_free_octet_string_list(). @@ -732,7 +752,8 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context, hx509_octet_string_list *list) { GeneralNames sa; - int ret, i, j; + int ret; + size_t i, j; list->val = NULL; list->len = 0; @@ -742,8 +763,7 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context, ret = find_extension_subject_alt_name(_hx509_get_cert(cert), &i, &sa); i++; if (ret == HX509_EXTENSION_NOT_FOUND) { - ret = 0; - break; + return 0; } else if (ret != 0) { hx509_set_error_string(context, 0, ret, "Error searching for SAN"); hx509_free_octet_string_list(list); @@ -752,11 +772,11 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context, for (j = 0; j < sa.len; j++) { if (sa.val[j].element == choice_GeneralName_otherName && - der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0) + der_heim_oid_cmp(&sa.val[j].u.otherName.type_id, oid) == 0) { ret = add_to_list(list, &sa.val[j].u.otherName.value); if (ret) { - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Error adding an exra SAN to " "return list"); hx509_free_octet_string_list(list); @@ -767,24 +787,24 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context, } free_GeneralNames(&sa); } - return 0; } static int -check_key_usage(hx509_context context, const Certificate *cert, +check_key_usage(hx509_context context, const Certificate *cert, unsigned flags, int req_present) { const Extension *e; KeyUsage ku; size_t size; - int ret, i = 0; + int ret; + size_t i = 0; unsigned ku_flags; if (_hx509_cert_get_version(cert) < 3) return 0; - e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i); + e = find_extension(cert, &asn1_oid_id_x509_ce_keyUsage, &i); if (e == NULL) { if (req_present) { hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING, @@ -794,7 +814,7 @@ check_key_usage(hx509_context context, const Certificate *cert, } return 0; } - + ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, &ku, &size); if (ret) return ret; @@ -821,7 +841,7 @@ check_key_usage(hx509_context context, const Certificate *cert, */ int -_hx509_check_key_usage(hx509_context context, hx509_cert cert, +_hx509_check_key_usage(hx509_context context, hx509_cert cert, unsigned flags, int req_present) { return check_key_usage(context, _hx509_get_cert(cert), flags, req_present); @@ -830,18 +850,19 @@ _hx509_check_key_usage(hx509_context context, hx509_cert cert, enum certtype { PROXY_CERT, EE_CERT, CA_CERT }; static int -check_basic_constraints(hx509_context context, const Certificate *cert, - enum certtype type, int depth) +check_basic_constraints(hx509_context context, const Certificate *cert, + enum certtype type, size_t depth) { BasicConstraints bc; const Extension *e; size_t size; - int ret, i = 0; + int ret; + size_t i = 0; if (_hx509_cert_get_version(cert) < 3) return 0; - e = find_extension(cert, oid_id_x509_ce_basicConstraints(), &i); + e = find_extension(cert, &asn1_oid_id_x509_ce_basicConstraints, &i); if (e == NULL) { switch(type) { case PROXY_CERT: @@ -859,8 +880,8 @@ check_basic_constraints(hx509_context context, const Certificate *cert, } } } - - ret = decode_BasicConstraints(e->extnValue.data, + + ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length, &bc, &size); if (ret) @@ -893,13 +914,16 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, int diff; AuthorityKeyIdentifier ai; SubjectKeyIdentifier si; - int ret_ai, ret_si; + int ret_ai, ret_si, ret; - diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, - &subject->tbsCertificate.issuer); + ret = _hx509_name_cmp(&issuer->tbsCertificate.subject, + &subject->tbsCertificate.issuer, + &diff); + if (ret) + return ret; if (diff) return diff; - + memset(&ai, 0, sizeof(ai)); memset(&si, 0, sizeof(si)); @@ -928,7 +952,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, goto out; } } - + if (ai.keyIdentifier == NULL) { Name name; @@ -937,7 +961,7 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, if (ai.authorityCertSerialNumber == NULL) return -1; - diff = der_heim_integer_cmp(ai.authorityCertSerialNumber, + diff = der_heim_integer_cmp(ai.authorityCertSerialNumber, &issuer->tbsCertificate.serialNumber); if (diff) return diff; @@ -945,14 +969,17 @@ _hx509_cert_is_parent_cmp(const Certificate *subject, return -1; if (ai.authorityCertIssuer->val[0].element != choice_GeneralName_directoryName) return -1; - - name.element = + + name.element = ai.authorityCertIssuer->val[0].u.directoryName.element; - name.u.rdnSequence = + name.u.rdnSequence = ai.authorityCertIssuer->val[0].u.directoryName.u.rdnSequence; - diff = _hx509_name_cmp(&issuer->tbsCertificate.subject, - &name); + ret = _hx509_name_cmp(&issuer->tbsCertificate.subject, + &name, + &diff); + if (ret) + return ret; if (diff) return diff; diff = 0; @@ -991,10 +1018,21 @@ certificate_is_anchor(hx509_context context, } static int -certificate_is_self_signed(const Certificate *cert) +certificate_is_self_signed(hx509_context context, + const Certificate *cert, + int *self_signed) { - return _hx509_name_cmp(&cert->tbsCertificate.subject, - &cert->tbsCertificate.issuer) == 0; + int ret, diff; + ret = _hx509_name_cmp(&cert->tbsCertificate.subject, + &cert->tbsCertificate.issuer, &diff); + *self_signed = (diff == 0); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to check if self signed"); + } else + ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm); + + return ret; } /* @@ -1013,7 +1051,7 @@ find_parent(hx509_context context, time_t time_now, hx509_certs trust_anchors, hx509_path *path, - hx509_certs pool, + hx509_certs pool, hx509_cert current, hx509_cert *parent) { @@ -1023,7 +1061,7 @@ find_parent(hx509_context context, *parent = NULL; memset(&ai, 0, sizeof(ai)); - + _hx509_query_clear(&q); if (!subject_null_p(current->data)) { @@ -1088,7 +1126,7 @@ find_parent(hx509_context context, hx509_clear_error_string(context); return HX509_ISSUER_NOT_FOUND; } - + hx509_set_error_string(context, 0, HX509_ISSUER_NOT_FOUND, "Failed to find issuer for " "certificate with subject: '%s'", str); @@ -1102,26 +1140,27 @@ find_parent(hx509_context context, */ static int -is_proxy_cert(hx509_context context, - const Certificate *cert, +is_proxy_cert(hx509_context context, + const Certificate *cert, ProxyCertInfo *rinfo) { ProxyCertInfo info; const Extension *e; size_t size; - int ret, i = 0; + int ret; + size_t i = 0; if (rinfo) memset(rinfo, 0, sizeof(*rinfo)); - e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i); + e = find_extension(cert, &asn1_oid_id_pkix_pe_proxyCertInfo, &i); if (e == NULL) { hx509_clear_error_string(context); return HX509_EXTENSION_NOT_FOUND; } - ret = decode_ProxyCertInfo(e->extnValue.data, - e->extnValue.length, + ret = decode_ProxyCertInfo(e->extnValue.data, + e->extnValue.length, &info, &size); if (ret) { @@ -1131,7 +1170,7 @@ is_proxy_cert(hx509_context context, if (size != e->extnValue.length) { free_ProxyCertInfo(&info); hx509_clear_error_string(context); - return HX509_EXTRA_DATA_AFTER_STRUCTURE; + return HX509_EXTRA_DATA_AFTER_STRUCTURE; } if (rinfo == NULL) free_ProxyCertInfo(&info); @@ -1167,7 +1206,7 @@ void _hx509_path_free(hx509_path *path) { unsigned i; - + for (i = 0; i < path->len; i++) hx509_cert_free(path->val[i]); free(path->val); @@ -1188,7 +1227,7 @@ _hx509_path_free(hx509_path *path) * The path includes a path from the top certificate to the anchor * certificate. * - * The caller needs to free `path´ both on successful built path and + * The caller needs to free `path´ both on successful built path and * failure. */ @@ -1216,7 +1255,7 @@ _hx509_calculate_path(hx509_context context, while (!certificate_is_anchor(context, anchors, current)) { - ret = find_parent(context, time_now, anchors, path, + ret = find_parent(context, time_now, anchors, path, pool, current, &parent); hx509_cert_free(current); if (ret) @@ -1236,8 +1275,8 @@ _hx509_calculate_path(hx509_context context, } } - if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) && - path->len > 0 && + if ((flags & HX509_CALCULATE_PATH_NO_ANCHOR) && + path->len > 0 && certificate_is_anchor(context, anchors, path->val[path->len - 1])) { hx509_cert_free(path->val[path->len - 1]); @@ -1277,7 +1316,7 @@ _hx509_Certificate_cmp(const Certificate *p, const Certificate *q) diff = der_heim_bit_string_cmp(&p->signatureValue, &q->signatureValue); if (diff) return diff; - diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm, + diff = _hx509_AlgorithmIdentifier_cmp(&p->signatureAlgorithm, &q->signatureAlgorithm); if (diff) return diff; @@ -1452,7 +1491,9 @@ hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *s * @param context a hx509 context. * @param p a hx509 certificate object. * @param alg AlgorithmIdentifier, should be freed with - * free_AlgorithmIdentifier(). + * free_AlgorithmIdentifier(). The algorithmidentifier is + * typicly rsaEncryption, or id-ecPublicKey, or some other + * public key mechanism. * * @return An hx509 error code, see hx509_get_error_string(). * @@ -1461,7 +1502,7 @@ hx509_cert_get_SPKI(hx509_context context, hx509_cert p, SubjectPublicKeyInfo *s int hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context, - hx509_cert p, + hx509_cert p, AlgorithmIdentifier *alg) { int ret; @@ -1473,6 +1514,65 @@ hx509_cert_get_SPKI_AlgorithmIdentifier(hx509_context context, return ret; } +static int +get_x_unique_id(hx509_context context, const char *name, + const heim_bit_string *cert, heim_bit_string *subject) +{ + int ret; + + if (cert == NULL) { + ret = HX509_EXTENSION_NOT_FOUND; + hx509_set_error_string(context, 0, ret, "%s unique id doesn't exists", name); + return ret; + } + ret = der_copy_bit_string(cert, subject); + if (ret) { + hx509_set_error_string(context, 0, ret, "malloc out of memory", name); + return ret; + } + return 0; +} + +/** + * Get a copy of the Issuer Unique ID + * + * @param context a hx509_context + * @param p a hx509 certificate + * @param issuer the issuer id returned, free with der_free_bit_string() + * + * @return An hx509 error code, see hx509_get_error_string(). The + * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate + * doesn't have a issuerUniqueID + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_issuer_unique_id(hx509_context context, hx509_cert p, heim_bit_string *issuer) +{ + return get_x_unique_id(context, "issuer", p->data->tbsCertificate.issuerUniqueID, issuer); +} + +/** + * Get a copy of the Subect Unique ID + * + * @param context a hx509_context + * @param p a hx509 certificate + * @param subject the subject id returned, free with der_free_bit_string() + * + * @return An hx509 error code, see hx509_get_error_string(). The + * error code HX509_EXTENSION_NOT_FOUND is returned if the certificate + * doesn't have a subjectUniqueID + * + * @ingroup hx509_cert + */ + +int +hx509_cert_get_subject_unique_id(hx509_context context, hx509_cert p, heim_bit_string *subject) +{ + return get_x_unique_id(context, "subject", p->data->tbsCertificate.subjectUniqueID, subject); +} + hx509_private_key _hx509_cert_private_key(hx509_cert p) @@ -1511,15 +1611,15 @@ _hx509_cert_private_decrypt(hx509_context context, return HX509_PRIVATE_KEY_MISSING; } - return _hx509_private_key_private_decrypt(context, + return hx509_private_key_private_decrypt(context, ciphertext, encryption_oid, - p->private_key, + p->private_key, cleartext); } int -_hx509_cert_public_encrypt(hx509_context context, +hx509_cert_public_encrypt(hx509_context context, const heim_octet_string *cleartext, const hx509_cert p, heim_oid *encryption_oid, @@ -1599,15 +1699,20 @@ static int match_RDN(const RelativeDistinguishedName *c, const RelativeDistinguishedName *n) { - int i; + size_t i; if (c->len != n->len) return HX509_NAME_CONSTRAINT_ERROR; - + for (i = 0; i < n->len; i++) { + int diff, ret; + if (der_heim_oid_cmp(&c->val[i].type, &n->val[i].type) != 0) return HX509_NAME_CONSTRAINT_ERROR; - if (_hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value) != 0) + ret = _hx509_name_ds_cmp(&c->val[i].value, &n->val[i].value, &diff); + if (ret) + return ret; + if (diff != 0) return HX509_NAME_CONSTRAINT_ERROR; } return 0; @@ -1616,7 +1721,8 @@ match_RDN(const RelativeDistinguishedName *c, static int match_X501Name(const Name *c, const Name *n) { - int i, ret; + size_t i; + int ret; if (c->element != choice_Name_rdnSequence || n->element != choice_Name_rdnSequence) @@ -1629,13 +1735,13 @@ match_X501Name(const Name *c, const Name *n) return ret; } return 0; -} +} static int match_general_name(const GeneralName *c, const GeneralName *n, int *match) { - /* + /* * Name constraints only apply to the same name type, see RFC3280, * 4.2.1.11. */ @@ -1654,19 +1760,20 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match) case choice_GeneralName_rfc822Name: { const char *s; size_t len1, len2; - s = strchr(c->u.rfc822Name, '@'); + s = memchr(c->u.rfc822Name.data, '@', c->u.rfc822Name.length); if (s) { - if (strcasecmp(c->u.rfc822Name, n->u.rfc822Name) != 0) + if (der_printable_string_cmp(&c->u.rfc822Name, &n->u.rfc822Name) != 0) return HX509_NAME_CONSTRAINT_ERROR; } else { - s = strchr(n->u.rfc822Name, '@'); + s = memchr(n->u.rfc822Name.data, '@', n->u.rfc822Name.length); if (s == NULL) return HX509_NAME_CONSTRAINT_ERROR; - len1 = strlen(c->u.rfc822Name); - len2 = strlen(s + 1); + len1 = c->u.rfc822Name.length; + len2 = n->u.rfc822Name.length - + (s - ((char *)n->u.rfc822Name.data)); if (len1 > len2) return HX509_NAME_CONSTRAINT_ERROR; - if (strcasecmp(s + 1 + len2 - len1, c->u.rfc822Name) != 0) + if (memcmp(s + 1 + len2 - len1, c->u.rfc822Name.data, len1) != 0) return HX509_NAME_CONSTRAINT_ERROR; if (len1 < len2 && s[len2 - len1 + 1] != '.') return HX509_NAME_CONSTRAINT_ERROR; @@ -1676,14 +1783,16 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match) } case choice_GeneralName_dNSName: { size_t lenc, lenn; + char *ptr; - lenc = strlen(c->u.dNSName); - lenn = strlen(n->u.dNSName); + lenc = c->u.dNSName.length; + lenn = n->u.dNSName.length; if (lenc > lenn) return HX509_NAME_CONSTRAINT_ERROR; - if (strcasecmp(&n->u.dNSName[lenn - lenc], c->u.dNSName) != 0) + ptr = n->u.dNSName.data; + if (memcmp(&ptr[lenn - lenc], c->u.dNSName.data, lenc) != 0) return HX509_NAME_CONSTRAINT_ERROR; - if (lenc != lenn && n->u.dNSName[lenn - lenc - 1] != '.') + if (lenn != lenc && ptr[lenn - lenc - 1] != '.') return HX509_NAME_CONSTRAINT_ERROR; *match = 1; return 0; @@ -1716,11 +1825,12 @@ match_general_name(const GeneralName *c, const GeneralName *n, int *match) } static int -match_alt_name(const GeneralName *n, const Certificate *c, +match_alt_name(const GeneralName *n, const Certificate *c, int *same, int *match) { GeneralNames sa; - int ret, i, j; + int ret; + size_t i, j; i = 0; do { @@ -1765,14 +1875,14 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match) && !subject_null_p(c)) { GeneralName certname; - + memset(&certname, 0, sizeof(certname)); certname.element = choice_GeneralName_directoryName; - certname.u.directoryName.element = + certname.u.directoryName.element = c->tbsCertificate.subject.element; - certname.u.directoryName.u.rdnSequence = + certname.u.directoryName.u.rdnSequence = c->tbsCertificate.subject.u.rdnSequence; - + ret = match_general_name(&t->val[i].base, &certname, &name); } @@ -1789,12 +1899,12 @@ match_tree(const GeneralSubtrees *t, const Certificate *c, int *match) } static int -check_name_constraints(hx509_context context, +check_name_constraints(hx509_context context, const hx509_name_constraints *nc, const Certificate *c) { int match, ret; - int i; + size_t i; for (i = 0 ; i < nc->len; i++) { GeneralSubtrees gs; @@ -1837,7 +1947,7 @@ check_name_constraints(hx509_context context, static void free_name_constraints(hx509_name_constraints *nc) { - int i; + size_t i; for (i = 0 ; i < nc->len; i++) free_NameConstraints(&nc->val[i]); @@ -1867,10 +1977,8 @@ hx509_verify_path(hx509_context context, { hx509_name_constraints nc; hx509_path path; -#if 0 - const AlgorithmIdentifier *alg_id; -#endif - int ret, i, proxy_cert_depth, selfsigned_depth; + int ret, proxy_cert_depth, selfsigned_depth, diff; + size_t i, k; enum certtype type; Name proxy_issuer; hx509_certs anchors = NULL; @@ -1878,7 +1986,7 @@ hx509_verify_path(hx509_context context, memset(&proxy_issuer, 0, sizeof(proxy_issuer)); ret = init_name_constraints(&nc); - if (ret) + if (ret) return ret; path.val = NULL; @@ -1891,9 +1999,9 @@ hx509_verify_path(hx509_context context, * */ if (ctx->trust_anchors) - anchors = _hx509_certs_ref(ctx->trust_anchors); + anchors = hx509_certs_ref(ctx->trust_anchors); else if (context->default_trust_anchors && ALLOW_DEF_TA(ctx)) - anchors = _hx509_certs_ref(context->default_trust_anchors); + anchors = hx509_certs_ref(context->default_trust_anchors); else { ret = hx509_certs_init(context, "MEMORY:no-TA", 0, NULL, &anchors); if (ret) @@ -1910,10 +2018,6 @@ hx509_verify_path(hx509_context context, if (ret) goto out; -#if 0 - alg_id = path.val[path->len - 1]->data->tbsCertificate.signature; -#endif - /* * Check CA and proxy certificate chain from the top of the * certificate chain. Also check certificate is valid with respect @@ -1934,7 +2038,7 @@ hx509_verify_path(hx509_context context, time_t t; c = _hx509_get_cert(path.val[i]); - + /* * Lets do some basic check on issuer like * keyUsage.keyCertSign and basicConstraints.cA bit depending @@ -1943,6 +2047,7 @@ hx509_verify_path(hx509_context context, switch (type) { case CA_CERT: + /* XXX make constants for keyusage */ ret = check_key_usage(context, c, 1 << 5, REQUIRE_RFC3280(ctx) ? TRUE : FALSE); @@ -1952,15 +2057,23 @@ hx509_verify_path(hx509_context context, goto out; } - if (i + 1 != path.len && certificate_is_self_signed(c)) - selfsigned_depth++; + /* self signed cert doesn't add to path length */ + if (i + 1 != path.len) { + int selfsigned; + + ret = certificate_is_self_signed(context, c, &selfsigned); + if (ret) + goto out; + if (selfsigned) + selfsigned_depth++; + } break; case PROXY_CERT: { - ProxyCertInfo info; + ProxyCertInfo info; if (is_proxy_cert(context, c, &info) == 0) { - int j; + size_t j; if (info.pCPathLenConstraint != NULL && *info.pCPathLenConstraint < i) @@ -1974,26 +2087,26 @@ hx509_verify_path(hx509_context context, } /* XXX MUST check info.proxyPolicy */ free_ProxyCertInfo(&info); - + j = 0; - if (find_extension(c, oid_id_x509_ce_subjectAltName(), &j)) { + if (find_extension(c, &asn1_oid_id_x509_ce_subjectAltName, &j)) { ret = HX509_PROXY_CERT_INVALID; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Proxy certificate have explicity " "forbidden subjectAltName"); goto out; } j = 0; - if (find_extension(c, oid_id_x509_ce_issuerAltName(), &j)) { + if (find_extension(c, &asn1_oid_id_x509_ce_issuerAltName, &j)) { ret = HX509_PROXY_CERT_INVALID; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Proxy certificate have explicity " "forbidden issuerAltName"); goto out; } - - /* + + /* * The subject name of the proxy certificate should be * CN=XXX,, prune of CN and check if its * the same over the whole chain of proxy certs and @@ -2001,8 +2114,12 @@ hx509_verify_path(hx509_context context, */ if (proxy_cert_depth) { - ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject); + ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.subject, &diff); if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (diff) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_set_error_string(context, 0, ret, "Base proxy name not right"); @@ -2019,10 +2136,10 @@ hx509_verify_path(hx509_context context, } j = proxy_issuer.u.rdnSequence.len; - if (proxy_issuer.u.rdnSequence.len < 2 + if (proxy_issuer.u.rdnSequence.len < 2 || proxy_issuer.u.rdnSequence.val[j - 1].len > 1 || der_heim_oid_cmp(&proxy_issuer.u.rdnSequence.val[j - 1].val[0].type, - oid_id_at_commonName())) + &asn1_oid_id_at_commonName)) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_set_error_string(context, 0, ret, @@ -2035,8 +2152,12 @@ hx509_verify_path(hx509_context context, free_RelativeDistinguishedName(&proxy_issuer.u.rdnSequence.val[j - 1]); proxy_issuer.u.rdnSequence.len -= 1; - ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer); - if (ret != 0) { + ret = _hx509_name_cmp(&proxy_issuer, &c->tbsCertificate.issuer, &diff); + if (ret) { + hx509_set_error_string(context, 0, ret, "Out of memory"); + goto out; + } + if (diff != 0) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_set_error_string(context, 0, ret, "Proxy issuer name not as expected"); @@ -2045,7 +2166,7 @@ hx509_verify_path(hx509_context context, break; } else { - /* + /* * Now we are done with the proxy certificates, this * cert was an EE cert and we we will fall though to * EE checking below. @@ -2063,15 +2184,19 @@ hx509_verify_path(hx509_context context, if (proxy_cert_depth) { ret = _hx509_name_cmp(&proxy_issuer, - &c->tbsCertificate.subject); + &c->tbsCertificate.subject, &diff); if (ret) { + hx509_set_error_string(context, 0, ret, "out of memory"); + goto out; + } + if (diff) { ret = HX509_PROXY_CERT_NAME_WRONG; hx509_clear_error_string(context); goto out; } if (cert->basename) hx509_name_free(&cert->basename); - + ret = _hx509_name_from_Name(&proxy_issuer, &cert->basename); if (ret) { hx509_clear_error_string(context); @@ -2082,11 +2207,11 @@ hx509_verify_path(hx509_context context, break; } - ret = check_basic_constraints(context, c, type, + ret = check_basic_constraints(context, c, type, i - proxy_cert_depth - selfsigned_depth); if (ret) goto out; - + /* * Don't check the trust anchors expiration time since they * are transported out of band, from RFC3820. @@ -2118,13 +2243,19 @@ hx509_verify_path(hx509_context context, * checked in the right order. */ - for (ret = 0, i = path.len - 1; i >= 0; i--) { + for (ret = 0, k = path.len; k > 0; k--) { Certificate *c; + int selfsigned; + i = k - 1; c = _hx509_get_cert(path.val[i]); + ret = certificate_is_self_signed(context, c, &selfsigned); + if (ret) + goto out; + /* verify name constraints, not for selfsigned and anchor */ - if (!certificate_is_self_signed(c) || i + 1 != path.len) { + if (!selfsigned || i + 1 != path.len) { ret = check_name_constraints(context, &nc, c); if (ret) { goto out; @@ -2164,10 +2295,10 @@ hx509_verify_path(hx509_context context, } for (i = 0; i < path.len - 1; i++) { - int parent = (i < path.len - 1) ? i + 1 : i; + size_t parent = (i < path.len - 1) ? i + 1 : i; ret = hx509_revoke_verify(context, - ctx->revoke_ctx, + ctx->revoke_ctx, certs, ctx->time_now, path.val[i], @@ -2185,21 +2316,29 @@ hx509_verify_path(hx509_context context, * parameter is passed up from the anchor up though the chain. */ - for (i = path.len - 1; i >= 0; i--) { - Certificate *signer, *c; + for (k = path.len; k > 0; k--) { + hx509_cert signer; + Certificate *c; + i = k - 1; c = _hx509_get_cert(path.val[i]); /* is last in chain (trust anchor) */ if (i + 1 == path.len) { - signer = path.val[i]->data; + int selfsigned; + + signer = path.val[i]; + + ret = certificate_is_self_signed(context, signer->data, &selfsigned); + if (ret) + goto out; /* if trust anchor is not self signed, don't check sig */ - if (!certificate_is_self_signed(signer)) + if (!selfsigned) continue; } else { /* take next certificate in chain */ - signer = path.val[i + 1]->data; + signer = path.val[i + 1]; } /* verify signatureValue */ @@ -2213,6 +2352,24 @@ hx509_verify_path(hx509_context context, "Failed to verify signature of certificate"); goto out; } + /* + * Verify that the sigature algorithm "best-before" date is + * before the creation date of the certificate, do this for + * trust anchors too, since any trust anchor that is created + * after a algorithm is known to be bad deserved to be invalid. + * + * Skip the leaf certificate for now... + */ + + if (i != 0 && (ctx->flags & HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK) == 0) { + time_t notBefore = + _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore); + ret = _hx509_signature_best_before(context, + &c->signatureAlgorithm, + notBefore); + if (ret) + goto out; + } } out: @@ -2245,9 +2402,31 @@ hx509_verify_signature(hx509_context context, const heim_octet_string *data, const heim_octet_string *sig) { - return _hx509_verify_signature(context, signer->data, alg, data, sig); + return _hx509_verify_signature(context, signer, alg, data, sig); } +int +_hx509_verify_signature_bitstring(hx509_context context, + const hx509_cert signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_bit_string *sig) +{ + heim_octet_string os; + + if (sig->length & 7) { + hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, + "signature not multiple of 8 bits"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + os.data = sig->data; + os.length = sig->length / 8; + + return _hx509_verify_signature(context, signer, alg, data, &os); +} + + /** * Verify that the certificate is allowed to be used for the hostname @@ -2276,10 +2455,12 @@ hx509_verify_hostname(hx509_context context, hx509_hostname_type type, const char *hostname, const struct sockaddr *sa, - /* XXX krb5_socklen_t */ int sa_size) + /* XXX krb5_socklen_t */ int sa_size) { GeneralNames san; - int ret, i, j; + const Name *name; + int ret; + size_t i, j, k; if (sa && sa_size <= 0) return EINVAL; @@ -2289,20 +2470,24 @@ hx509_verify_hostname(hx509_context context, i = 0; do { ret = find_extension_subject_alt_name(cert->data, &i, &san); - if (ret == HX509_EXTENSION_NOT_FOUND) { - ret = 0; - break; - } else if (ret != 0) + if (ret == HX509_EXTENSION_NOT_FOUND) break; + else if (ret != 0) + return HX509_PARSING_NAME_FAILED; for (j = 0; j < san.len; j++) { switch (san.val[j].element) { - case choice_GeneralName_dNSName: - if (strcasecmp(san.val[j].u.dNSName, hostname) == 0) { + case choice_GeneralName_dNSName: { + heim_printable_string hn; + hn.data = rk_UNCONST(hostname); + hn.length = strlen(hostname); + + if (der_printable_string_cmp(&san.val[j].u.dNSName, &hn) == 0) { free_GeneralNames(&san); return 0; } break; + } default: break; } @@ -2310,31 +2495,42 @@ hx509_verify_hostname(hx509_context context, free_GeneralNames(&san); } while (1); - { - Name *name = &cert->data->tbsCertificate.subject; + name = &cert->data->tbsCertificate.subject; - /* match if first component is a CN= */ - if (name->u.rdnSequence.len > 0 - && name->u.rdnSequence.val[0].len == 1 - && der_heim_oid_cmp(&name->u.rdnSequence.val[0].val[0].type, - oid_id_at_commonName()) == 0) - { - DirectoryString *ds = &name->u.rdnSequence.val[0].val[0].value; + /* Find first CN= in the name, and try to match the hostname on that */ + for (ret = 0, k = name->u.rdnSequence.len; ret == 0 && k > 0; k--) { + i = k - 1; + for (j = 0; ret == 0 && j < name->u.rdnSequence.val[i].len; j++) { + AttributeTypeAndValue *n = &name->u.rdnSequence.val[i].val[j]; - switch (ds->element) { - case choice_DirectoryString_printableString: - if (strcasecmp(ds->u.printableString, hostname) == 0) - return 0; - break; - case choice_DirectoryString_ia5String: - if (strcasecmp(ds->u.ia5String, hostname) == 0) - return 0; - break; - case choice_DirectoryString_utf8String: - if (strcasecmp(ds->u.utf8String, hostname) == 0) - return 0; - default: - break; + if (der_heim_oid_cmp(&n->type, &asn1_oid_id_at_commonName) == 0) { + DirectoryString *ds = &n->value; + switch (ds->element) { + case choice_DirectoryString_printableString: { + heim_printable_string hn; + hn.data = rk_UNCONST(hostname); + hn.length = strlen(hostname); + + if (der_printable_string_cmp(&ds->u.printableString, &hn) == 0) + return 0; + break; + } + case choice_DirectoryString_ia5String: { + heim_ia5_string hn; + hn.data = rk_UNCONST(hostname); + hn.length = strlen(hostname); + + if (der_ia5_string_cmp(&ds->u.ia5String, &hn) == 0) + return 0; + break; + } + case choice_DirectoryString_utf8String: + if (strcasecmp(ds->u.utf8String, hostname) == 0) + return 0; + default: + break; + } + ret = HX509_NAME_CONSTRAINT_ERROR; } } } @@ -2347,8 +2543,8 @@ hx509_verify_hostname(hx509_context context, int _hx509_set_cert_attribute(hx509_context context, - hx509_cert cert, - const heim_oid *oid, + hx509_cert cert, + const heim_oid *oid, const heim_octet_string *attr) { hx509_cert_attribute a; @@ -2357,7 +2553,7 @@ _hx509_set_cert_attribute(hx509_context context, if (hx509_cert_get_attribute(cert, oid) != NULL) return 0; - d = realloc(cert->attrs.val, + d = realloc(cert->attrs.val, sizeof(cert->attrs.val[0]) * (cert->attrs.len + 1)); if (d == NULL) { hx509_clear_error_string(context); @@ -2371,7 +2567,7 @@ _hx509_set_cert_attribute(hx509_context context, der_copy_octet_string(attr, &a->data); der_copy_oid(oid, &a->oid); - + cert->attrs.val[cert->attrs.len] = a; cert->attrs.len++; @@ -2394,7 +2590,7 @@ _hx509_set_cert_attribute(hx509_context context, hx509_cert_attribute hx509_cert_get_attribute(hx509_cert cert, const heim_oid *oid) { - int i; + size_t i; for (i = 0; i < cert->attrs.len; i++) if (der_heim_oid_cmp(oid, &cert->attrs.val[i]->oid) == 0) return cert->attrs.val[i]; @@ -2440,32 +2636,41 @@ hx509_cert_get_friendly_name(hx509_cert cert) hx509_cert_attribute a; PKCS9_friendlyName n; size_t sz; - int ret, i; + int ret; + size_t i; if (cert->friendlyname) return cert->friendlyname; - a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_friendlyName()); + a = hx509_cert_get_attribute(cert, &asn1_oid_id_pkcs_9_at_friendlyName); if (a == NULL) { - /* XXX use subject name ? */ - return NULL; + hx509_name name; + + ret = hx509_cert_get_subject(cert, &name); + if (ret) + return NULL; + ret = hx509_name_to_string(name, &cert->friendlyname); + hx509_name_free(&name); + if (ret) + return NULL; + return cert->friendlyname; } ret = decode_PKCS9_friendlyName(a->data.data, a->data.length, &n, &sz); if (ret) return NULL; - + if (n.len != 1) { free_PKCS9_friendlyName(&n); return NULL; } - + cert->friendlyname = malloc(n.val[0].length + 1); if (cert->friendlyname == NULL) { free_PKCS9_friendlyName(&n); return NULL; } - + for (i = 0; i < n.val[0].length; i++) { if (n.val[0].data[i] <= 0xff) cert->friendlyname[i] = n.val[0].data[i] & 0xff; @@ -2504,6 +2709,7 @@ hx509_query_alloc(hx509_context context, hx509_query **q) return 0; } + /** * Set match options for the hx509 query controller. * @@ -2552,7 +2758,7 @@ hx509_query_match_option(hx509_query *q, hx509_query_option option) int hx509_query_match_issuer_serial(hx509_query *q, - const Name *issuer, + const Name *issuer, const heim_integer *serialNumber) { int ret; @@ -2609,6 +2815,69 @@ hx509_query_match_friendly_name(hx509_query *q, const char *name) return 0; } +/** + * Set the query controller to require an one specific EKU (extended + * key usage). Any previous EKU matching is overwitten. If NULL is + * passed in as the eku, the EKU requirement is reset. + * + * @param q a hx509 query controller. + * @param eku an EKU to match on. + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_cert + */ + +int +hx509_query_match_eku(hx509_query *q, const heim_oid *eku) +{ + int ret; + + if (eku == NULL) { + if (q->eku) { + der_free_oid(q->eku); + free(q->eku); + q->eku = NULL; + } + q->match &= ~HX509_QUERY_MATCH_EKU; + } else { + if (q->eku) { + der_free_oid(q->eku); + } else { + q->eku = calloc(1, sizeof(*q->eku)); + if (q->eku == NULL) + return ENOMEM; + } + ret = der_copy_oid(eku, q->eku); + if (ret) { + free(q->eku); + q->eku = NULL; + return ret; + } + q->match |= HX509_QUERY_MATCH_EKU; + } + return 0; +} + +int +hx509_query_match_expr(hx509_context context, hx509_query *q, const char *expr) +{ + if (q->expr) { + _hx509_expr_free(q->expr); + q->expr = NULL; + } + + if (expr == NULL) { + q->match &= ~HX509_QUERY_MATCH_EXPR; + } else { + q->expr = _hx509_expr_parse(expr); + if (q->expr) + q->match |= HX509_QUERY_MATCH_EXPR; + } + + return 0; +} + /** * Set the query controller to match using a specific match function. * @@ -2624,7 +2893,7 @@ hx509_query_match_friendly_name(hx509_query *q, const char *name) int hx509_query_match_cmp_func(hx509_query *q, - int (*func)(void *, hx509_cert), + int (*func)(hx509_context, hx509_cert, void *), void *ctx) { if (func) @@ -2648,20 +2917,27 @@ hx509_query_match_cmp_func(hx509_query *q, void hx509_query_free(hx509_context context, hx509_query *q) { + if (q == NULL) + return; + if (q->serial) { der_free_heim_integer(q->serial); free(q->serial); - q->serial = NULL; } if (q->issuer_name) { free_Name(q->issuer_name); free(q->issuer_name); - q->issuer_name = NULL; } - if (q) { + if (q->eku) { + der_free_oid(q->eku); + free(q->eku); + } + if (q->friendlyname) free(q->friendlyname); - memset(q, 0, sizeof(*q)); - } + if (q->expr) + _hx509_expr_free(q->expr); + + memset(q, 0, sizeof(*q)); free(q); } @@ -2669,6 +2945,7 @@ int _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert cert) { Certificate *c = _hx509_get_cert(cert); + int ret, diff; _hx509_query_statistic(context, 1, q); @@ -2684,17 +2961,20 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert && der_heim_integer_cmp(&c->tbsCertificate.serialNumber, q->serial) != 0) return 0; - if ((q->match & HX509_QUERY_MATCH_ISSUER_NAME) - && _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name) != 0) - return 0; + if (q->match & HX509_QUERY_MATCH_ISSUER_NAME) { + ret = _hx509_name_cmp(&c->tbsCertificate.issuer, q->issuer_name, &diff); + if (ret || diff) + return 0; + } - if ((q->match & HX509_QUERY_MATCH_SUBJECT_NAME) - && _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name) != 0) - return 0; + if (q->match & HX509_QUERY_MATCH_SUBJECT_NAME) { + ret = _hx509_name_cmp(&c->tbsCertificate.subject, q->subject_name, &diff); + if (ret || diff) + return 0; + } if (q->match & HX509_QUERY_MATCH_SUBJECT_KEY_ID) { SubjectKeyIdentifier si; - int ret; ret = _hx509_find_extension_subject_key_id(c, &si); if (ret == 0) { @@ -2707,7 +2987,7 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert } if ((q->match & HX509_QUERY_MATCH_ISSUER_ID)) return 0; - if ((q->match & HX509_QUERY_PRIVATE_KEY) && + if ((q->match & HX509_QUERY_PRIVATE_KEY) && _hx509_cert_private_key(cert) == NULL) return 0; @@ -2736,7 +3016,7 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert if (q->match & HX509_QUERY_MATCH_LOCAL_KEY_ID) { hx509_cert_attribute a; - a = hx509_cert_get_attribute(cert, oid_id_pkcs_9_at_localKeyId()); + a = hx509_cert_get_attribute(cert, &asn1_oid_id_pkcs_9_at_localKeyId); if (a == NULL) return 0; if (der_heim_octet_string_cmp(&a->data, q->local_key_id) != 0) @@ -2758,17 +3038,16 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert return 0; } if (q->match & HX509_QUERY_MATCH_FUNCTION) { - int ret = (*q->cmp_func)(q->cmp_func_ctx, cert); + ret = (*q->cmp_func)(context, cert, q->cmp_func_ctx); if (ret != 0) return 0; } if (q->match & HX509_QUERY_MATCH_KEY_HASH_SHA1) { heim_octet_string os; - int ret; os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; - os.length = + os.length = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; ret = _hx509_verify_signature(context, @@ -2790,6 +3069,24 @@ _hx509_query_match_cert(hx509_context context, const hx509_query *q, hx509_cert return 0; } + /* If an EKU is required, check the cert for it. */ + if ((q->match & HX509_QUERY_MATCH_EKU) && + hx509_cert_check_eku(context, cert, q->eku, 0)) + return 0; + + if ((q->match & HX509_QUERY_MATCH_EXPR)) { + hx509_env env = NULL; + + ret = _hx509_cert_to_env(context, cert, &env); + if (ret) + return 0; + + ret = _hx509_expr_eval(context, env, q->expr); + hx509_env_free(&env); + if (ret == 0) + return 0; + } + if (q->match & ~HX509_QUERY_MASK) return 0; @@ -2822,6 +3119,7 @@ _hx509_query_statistic(hx509_context context, int type, const hx509_query *q) f = fopen(context->querystat, "a"); if (f == NULL) return; + rk_cloexec_file(f); fprintf(f, "%d %d\n", type, q->match); fclose(f); } @@ -2880,7 +3178,8 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) { rtbl_t t; FILE *f; - int type, mask, i, num; + int type, mask, num; + size_t i; unsigned long multiqueries = 0, totalqueries = 0; struct stat_el stats[32]; @@ -2888,11 +3187,12 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) return; f = fopen(context->querystat, "r"); if (f == NULL) { - fprintf(out, "No statistic file %s: %s.\n", + fprintf(out, "No statistic file %s: %s.\n", context->querystat, strerror(errno)); return; } - + rk_cloexec_file(f); + for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) { stats[i].index = i; stats[i].stats = 0; @@ -2923,7 +3223,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) errx(1, "out of memory"); rtbl_set_separator (t, " "); - + rtbl_add_column_by_id (t, 0, "Name", 0); rtbl_add_column_by_id (t, 1, "Counter", 0); @@ -2931,7 +3231,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) for (i = 0; i < sizeof(stats)/sizeof(stats[0]); i++) { char str[10]; - if (stats[i].index < sizeof(statname)/sizeof(statname[0])) + if (stats[i].index < sizeof(statname)/sizeof(statname[0])) rtbl_add_column_entry_by_id (t, 0, statname[stats[i].index]); else { snprintf(str, sizeof(str), "%d", stats[i].index); @@ -2944,7 +3244,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out) rtbl_format(t, out); rtbl_destroy(t); - fprintf(out, "\nQueries: multi %lu total %lu\n", + fprintf(out, "\nQueries: multi %lu total %lu\n", multiqueries, totalqueries); } @@ -2967,7 +3267,8 @@ hx509_cert_check_eku(hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku) { ExtKeyUsage e; - int ret, i; + int ret; + size_t i; ret = find_extension_eku(_hx509_get_cert(cert), &e); if (ret) { @@ -3002,7 +3303,8 @@ _hx509_cert_get_keyusage(hx509_context context, Certificate *cert; const Extension *e; size_t size; - int ret, i = 0; + int ret; + size_t i = 0; memset(ku, 0, sizeof(*ku)); @@ -3011,10 +3313,10 @@ _hx509_cert_get_keyusage(hx509_context context, if (_hx509_cert_get_version(cert) < 3) return 0; - e = find_extension(cert, oid_id_x509_ce_keyUsage(), &i); + e = find_extension(cert, &asn1_oid_id_x509_ce_keyUsage, &i); if (e == NULL) return HX509_KU_CERT_MISSING; - + ret = decode_KeyUsage(e->extnValue.data, e->extnValue.length, ku, &size); if (ret) return ret; @@ -3044,7 +3346,7 @@ _hx509_cert_get_eku(hx509_context context, * @param context A hx509 context. * @param c the certificate to encode. * @param os the encode certificate, set to NULL, 0 on case of - * error. Free the returned structure with hx509_xfree(). + * error. Free the os->data with hx509_xfree(). * * @return An hx509 error code, see hx509_get_error_string(). * @@ -3060,7 +3362,7 @@ hx509_cert_binary(hx509_context context, hx509_cert c, heim_octet_string *os) os->data = NULL; os->length = 0; - ASN1_MALLOC_ENCODE(Certificate, os->data, os->length, + ASN1_MALLOC_ENCODE(Certificate, os->data, os->length, _hx509_get_cert(c), &size, ret); if (ret) { os->data = NULL; @@ -3106,3 +3408,205 @@ hx509_xfree(void *ptr) { free(ptr); } + +/** + * + */ + +int +_hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env) +{ + ExtKeyUsage eku; + hx509_name name; + char *buf; + int ret; + hx509_env envcert = NULL; + + *env = NULL; + + /* version */ + asprintf(&buf, "%d", _hx509_cert_get_version(_hx509_get_cert(cert))); + ret = hx509_env_add(context, &envcert, "version", buf); + free(buf); + if (ret) + goto out; + + /* subject */ + ret = hx509_cert_get_subject(cert, &name); + if (ret) + goto out; + + ret = hx509_name_to_string(name, &buf); + if (ret) { + hx509_name_free(&name); + goto out; + } + + ret = hx509_env_add(context, &envcert, "subject", buf); + hx509_name_free(&name); + if (ret) + goto out; + + /* issuer */ + ret = hx509_cert_get_issuer(cert, &name); + if (ret) + goto out; + + ret = hx509_name_to_string(name, &buf); + hx509_name_free(&name); + if (ret) + goto out; + + ret = hx509_env_add(context, &envcert, "issuer", buf); + hx509_xfree(buf); + if (ret) + goto out; + + /* eku */ + + ret = _hx509_cert_get_eku(context, cert, &eku); + if (ret == HX509_EXTENSION_NOT_FOUND) + ; + else if (ret != 0) + goto out; + else { + size_t i; + hx509_env enveku = NULL; + + for (i = 0; i < eku.len; i++) { + + ret = der_print_heim_oid(&eku.val[i], '.', &buf); + if (ret) { + free_ExtKeyUsage(&eku); + hx509_env_free(&enveku); + goto out; + } + ret = hx509_env_add(context, &enveku, buf, "oid-name-here"); + free(buf); + if (ret) { + free_ExtKeyUsage(&eku); + hx509_env_free(&enveku); + goto out; + } + } + free_ExtKeyUsage(&eku); + + ret = hx509_env_add_binding(context, &envcert, "eku", enveku); + if (ret) { + hx509_env_free(&enveku); + goto out; + } + } + + { + Certificate *c = _hx509_get_cert(cert); + heim_octet_string os, sig; + hx509_env envhash = NULL; + + os.data = c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; + os.length = + c->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; + + ret = _hx509_create_signature(context, + NULL, + hx509_signature_sha1(), + &os, + NULL, + &sig); + if (ret != 0) + goto out; + + ret = hex_encode(sig.data, sig.length, &buf); + der_free_octet_string(&sig); + if (ret < 0) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, + "Out of memory"); + goto out; + } + + ret = hx509_env_add(context, &envhash, "sha1", buf); + free(buf); + if (ret) + goto out; + + ret = hx509_env_add_binding(context, &envcert, "hash", envhash); + if (ret) { + hx509_env_free(&envhash); + goto out; + } + } + + ret = hx509_env_add_binding(context, env, "certificate", envcert); + if (ret) + goto out; + + return 0; + +out: + hx509_env_free(&envcert); + return ret; +} + +/** + * Print a simple representation of a certificate + * + * @param context A hx509 context, can be NULL + * @param cert certificate to print + * @param out the stdio output stream, if NULL, stdout is used + * + * @return An hx509 error code + * + * @ingroup hx509_cert + */ + +int +hx509_print_cert(hx509_context context, hx509_cert cert, FILE *out) +{ + hx509_name name; + char *str; + int ret; + + if (out == NULL) + out = stderr; + + ret = hx509_cert_get_issuer(cert, &name); + if (ret) + return ret; + hx509_name_to_string(name, &str); + hx509_name_free(&name); + fprintf(out, " issuer: \"%s\"\n", str); + free(str); + + ret = hx509_cert_get_subject(cert, &name); + if (ret) + return ret; + hx509_name_to_string(name, &str); + hx509_name_free(&name); + fprintf(out, " subject: \"%s\"\n", str); + free(str); + + { + heim_integer serialNumber; + + ret = hx509_cert_get_serialnumber(cert, &serialNumber); + if (ret) + return ret; + ret = der_print_hex_heim_integer(&serialNumber, &str); + if (ret) + return ret; + der_free_heim_integer(&serialNumber); + fprintf(out, " serial: %s\n", str); + free(str); + } + + printf(" keyusage: "); + ret = hx509_cert_keyusage_print(context, cert, &str); + if (ret == 0) { + fprintf(out, "%s\n", str); + free(str); + } else + fprintf(out, "no"); + + return 0; +} diff --git a/crypto/heimdal/lib/hx509/char_map.h b/crypto/heimdal/lib/hx509/char_map.h new file mode 100644 index 00000000000..8a3026c7e63 --- /dev/null +++ b/crypto/heimdal/lib/hx509/char_map.h @@ -0,0 +1,45 @@ +#define Q_CONTROL_CHAR 1 +#define Q_PRINTABLE 2 +#define Q_RFC2253_QUOTE_FIRST 4 +#define Q_RFC2253_QUOTE_LAST 8 +#define Q_RFC2253_QUOTE 16 +#define Q_RFC2253_HEX 32 + +#define Q_RFC2253 (Q_RFC2253_QUOTE_FIRST|Q_RFC2253_QUOTE_LAST|Q_RFC2253_QUOTE|Q_RFC2253_HEX) + + + +unsigned char char_map[] = { + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x06 , 0x00 , 0x00 , 0x10 , 0x00 , 0x00 , 0x00 , 0x00 , + 0x00 , 0x00 , 0x00 , 0x12 , 0x12 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x10 , 0x10 , 0x12 , 0x10 , 0x02 , + 0x00 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , + 0x00 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , 0x02 , + 0x02 , 0x02 , 0x02 , 0x00 , 0x00 , 0x00 , 0x00 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , + 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 , 0x21 +}; diff --git a/crypto/heimdal/lib/hx509/cms.c b/crypto/heimdal/lib/hx509/cms.c index 80bcaac6c98..4e0a2e03fcb 100644 --- a/crypto/heimdal/lib/hx509/cms.c +++ b/crypto/heimdal/lib/hx509/cms.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,13 +32,12 @@ */ #include "hx_locl.h" -RCSID("$Id: cms.c 22327 2007-12-15 04:49:37Z lha $"); /** * @page page_cms CMS/PKCS7 message functions. * * CMS is defined in RFC 3369 and is an continuation of the RSA Labs - * standard PKCS7. The basic messages in CMS is + * standard PKCS7. The basic messages in CMS is * * - SignedData * Data signed with private key (RSA, DSA, ECDSA) or secret @@ -68,7 +67,7 @@ RCSID("$Id: cms.c 22327 2007-12-15 04:49:37Z lha $"); * der_free_octet_string(). * * @return Returns an hx509 error code. - * + * * @ingroup hx509_cms */ @@ -122,7 +121,7 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid, * diffrence between no data and the zero length data. * * @return Returns an hx509 error code. - * + * * @ingroup hx509_cms */ @@ -260,6 +259,7 @@ static int find_CMSIdentifier(hx509_context context, CMSIdentifier *client, hx509_certs certs, + time_t time_now, hx509_cert *signer_cert, int match) { @@ -292,7 +292,10 @@ find_CMSIdentifier(hx509_context context, q.match |= match; q.match |= HX509_QUERY_MATCH_TIME; - q.timenow = time(NULL); + if (time_now) + q.timenow = time_now; + else + q.timenow = time(NULL); ret = hx509_certs_find(context, certs, &q, &cert); if (ret == HX509_CERT_NOT_FOUND) { @@ -333,6 +336,7 @@ find_CMSIdentifier(hx509_context context, * @param length length of the data that data point to. * @param encryptedContent in case of detached signature, this * contains the actual encrypted data, othersize its should be NULL. + * @param time_now set the current time, if zero the library uses now as the date. * @param contentType output type oid, should be freed with der_free_oid(). * @param content the data, free with der_free_octet_string(). * @@ -346,6 +350,7 @@ hx509_cms_unenvelope(hx509_context context, const void *data, size_t length, const heim_octet_string *encryptedContent, + time_t time_now, heim_oid *contentType, heim_octet_string *content) { @@ -357,7 +362,8 @@ hx509_cms_unenvelope(hx509_context context, heim_octet_string *params, params_data; heim_octet_string ivec; size_t size; - int ret, i, matched = 0, findflags = 0; + int ret, matched = 0, findflags = 0; + size_t i; memset(&key, 0, sizeof(key)); @@ -407,7 +413,8 @@ hx509_cms_unenvelope(hx509_context context, ri = &ed.recipientInfos.val[i]; - ret = find_CMSIdentifier(context, &ri->rid, certs, &cert, + ret = find_CMSIdentifier(context, &ri->rid, certs, + time_now, &cert, HX509_QUERY_PRIVATE_KEY|findflags); if (ret) continue; @@ -466,7 +473,10 @@ hx509_cms_unenvelope(hx509_context context, ret = hx509_crypto_init(context, NULL, &ai->algorithm, &crypto); if (ret) goto out; - + + if (flags & HX509_CMS_UE_ALLOW_WEAK) + hx509_crypto_allow_weak(crypto); + if (params) { ret = hx509_crypto_set_params(context, crypto, params, &ivec); if (ret) { @@ -483,7 +493,7 @@ hx509_cms_unenvelope(hx509_context context, "of EnvelopedData"); goto out; } - + ret = hx509_crypto_decrypt(crypto, enccontent->data, enccontent->length, @@ -520,7 +530,10 @@ out: * used to RSA. * * @param context A hx509 context. - * @param flags flags to control the behavior, no flags today + * @param flags flags to control the behavior. + * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate + * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo + * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number * @param cert Certificate to encrypt the EnvelopedData encryption key * with. * @param data pointer the data to encrypt. @@ -548,9 +561,9 @@ hx509_cms_envelope_1(hx509_context context, heim_octet_string ivec; heim_octet_string key; hx509_crypto crypto = NULL; + int ret, cmsidflag; EnvelopedData ed; size_t size; - int ret; memset(&ivec, 0, sizeof(ivec)); memset(&key, 0, sizeof(key)); @@ -558,16 +571,21 @@ hx509_cms_envelope_1(hx509_context context, memset(content, 0, sizeof(*content)); if (encryption_type == NULL) - encryption_type = oid_id_aes_256_cbc(); + encryption_type = &asn1_oid_id_aes_256_cbc; - ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE); - if (ret) - goto out; + if ((flags & HX509_CMS_EV_NO_KU_CHECK) == 0) { + ret = _hx509_check_key_usage(context, cert, 1 << 2, TRUE); + if (ret) + goto out; + } ret = hx509_crypto_init(context, NULL, encryption_type, &crypto); if (ret) goto out; + if (flags & HX509_CMS_EV_ALLOW_WEAK) + hx509_crypto_allow_weak(crypto); + ret = hx509_crypto_set_random_key(crypto, &key); if (ret) { hx509_set_error_string(context, 0, ret, @@ -602,7 +620,7 @@ hx509_cms_envelope_1(hx509_context context, "Failed to set crypto oid " "for EnvelopedData"); goto out; - } + } ALLOC(enc_alg->parameters, 1); if (enc_alg->parameters == NULL) { ret = ENOMEM; @@ -632,8 +650,15 @@ hx509_cms_envelope_1(hx509_context context, ri = &ed.recipientInfos.val[0]; - ri->version = 0; - ret = fill_CMSIdentifier(cert, CMS_ID_SKI, &ri->rid); + if (flags & HX509_CMS_EV_ID_NAME) { + ri->version = 0; + cmsidflag = CMS_ID_NAME; + } else { + ri->version = 2; + cmsidflag = CMS_ID_SKI; + } + + ret = fill_CMSIdentifier(cert, cmsidflag, &ri->rid); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to set CMS identifier info " @@ -641,7 +666,7 @@ hx509_cms_envelope_1(hx509_context context, goto out; } - ret = _hx509_cert_public_encrypt(context, + ret = hx509_cert_public_encrypt(context, &key, cert, &ri->keyEncryptionAlgorithm.algorithm, &ri->encryptedKey); @@ -694,7 +719,8 @@ out: static int any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) { - int ret, i; + int ret; + size_t i; if (sd->certificates == NULL) return 0; @@ -702,8 +728,8 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) for (i = 0; i < sd->certificates->len; i++) { hx509_cert c; - ret = hx509_cert_init_data(context, - sd->certificates->val[i].data, + ret = hx509_cert_init_data(context, + sd->certificates->val[i].data, sd->certificates->val[i].length, &c); if (ret) @@ -720,7 +746,7 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) static const Attribute * find_attribute(const CMSAttributes *attr, const heim_oid *oid) { - int i; + size_t i; for (i = 0; i < attr->len; i++) if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0) return &attr->val[i]; @@ -731,12 +757,16 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid) * Decode SignedData and verify that the signature is correct. * * @param context A hx509 context. - * @param ctx a hx509 version context - * @param data + * @param ctx a hx509 verify context. + * @param flags to control the behaivor of the function. + * - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage + * - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch + * - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below. + * @param data pointer to CMS SignedData encoded data. * @param length length of the data that data point to. - * @param signedContent + * @param signedContent external data used for signature. * @param pool certificate pool to build certificates paths. - * @param contentType free with der_free_oid() + * @param contentType free with der_free_oid(). * @param content the output of the function, free with * der_free_octet_string(). * @param signer_certs list of the cerficates used to sign this @@ -748,6 +778,7 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid) int hx509_cms_verify_signed(hx509_context context, hx509_verify_ctx ctx, + unsigned int flags, const void *data, size_t length, const heim_octet_string *signedContent, @@ -761,7 +792,8 @@ hx509_cms_verify_signed(hx509_context context, hx509_certs certs = NULL; SignedData sd; size_t size; - int ret, i, found_valid_sig; + int ret, found_valid_sig; + size_t i; *signer_certs = NULL; content->data = NULL; @@ -790,8 +822,15 @@ hx509_cms_verify_signed(hx509_context context, "Both external and internal SignedData"); goto out; } + if (sd.encapContentInfo.eContent) - signedContent = sd.encapContentInfo.eContent; + ret = der_copy_octet_string(sd.encapContentInfo.eContent, content); + else + ret = der_copy_octet_string(signedContent, content); + if (ret) { + hx509_set_error_string(context, 0, ret, "malloc: out of memory"); + goto out; + } ret = hx509_certs_init(context, "MEMORY:cms-cert-buffer", 0, NULL, &certs); @@ -816,7 +855,7 @@ hx509_cms_verify_signed(hx509_context context, } for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) { - heim_octet_string *signed_data; + heim_octet_string signed_data; const heim_oid *match_oid; heim_oid decode_oid; @@ -831,14 +870,29 @@ hx509_cms_verify_signed(hx509_context context, continue; } - ret = find_CMSIdentifier(context, &signer_info->sid, certs, &cert, + ret = find_CMSIdentifier(context, &signer_info->sid, certs, + _hx509_verify_get_time(ctx), &cert, HX509_QUERY_KU_DIGITALSIGNATURE); - if (ret) - continue; + if (ret) { + /** + * If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal + * search for matching certificates by not considering + * KeyUsage bits on the certificates. + */ + if ((flags & HX509_CMS_VS_NO_KU_CHECK) == 0) + continue; + + ret = find_CMSIdentifier(context, &signer_info->sid, certs, + _hx509_verify_get_time(ctx), &cert, + 0); + if (ret) + continue; + + } if (signer_info->signedAttrs) { const Attribute *attr; - + CMSAttributes sa; heim_octet_string os; @@ -846,7 +900,7 @@ hx509_cms_verify_signed(hx509_context context, sa.len = signer_info->signedAttrs->len; /* verify that sigature exists */ - attr = find_attribute(&sa, oid_id_pkcs9_messageDigest()); + attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest); if (attr == NULL) { ret = HX509_CRYPTO_SIGNATURE_MISSING; hx509_set_error_string(context, 0, ret, @@ -862,7 +916,7 @@ hx509_cms_verify_signed(hx509_context context, "messageDigest (signature)"); goto next_sigature; } - + ret = decode_MessageDigest(attr->value.val[0].data, attr->value.val[0].length, &os, @@ -877,7 +931,7 @@ hx509_cms_verify_signed(hx509_context context, ret = _hx509_verify_signature(context, NULL, &signer_info->digestAlgorithm, - signedContent, + content, &os); der_free_octet_string(&os); if (ret) { @@ -890,9 +944,9 @@ hx509_cms_verify_signed(hx509_context context, * Fetch content oid inside signedAttrs or set it to * id-pkcs7-data. */ - attr = find_attribute(&sa, oid_id_pkcs9_contentType()); + attr = find_attribute(&sa, &asn1_oid_id_pkcs9_contentType); if (attr == NULL) { - match_oid = oid_id_pkcs7_data(); + match_oid = &asn1_oid_id_pkcs7_data; } else { if (attr->value.len != 1) { ret = HX509_CMS_DATA_OID_MISMATCH; @@ -914,36 +968,36 @@ hx509_cms_verify_signed(hx509_context context, match_oid = &decode_oid; } - ALLOC(signed_data, 1); - if (signed_data == NULL) { - if (match_oid == &decode_oid) - der_free_oid(&decode_oid); - ret = ENOMEM; - hx509_clear_error_string(context); - goto next_sigature; - } - ASN1_MALLOC_ENCODE(CMSAttributes, - signed_data->data, - signed_data->length, + signed_data.data, + signed_data.length, &sa, &size, ret); if (ret) { if (match_oid == &decode_oid) der_free_oid(&decode_oid); - free(signed_data); hx509_clear_error_string(context); goto next_sigature; } - if (size != signed_data->length) + if (size != signed_data.length) _hx509_abort("internal ASN.1 encoder error"); } else { - signed_data = rk_UNCONST(signedContent); - match_oid = oid_id_pkcs7_data(); + signed_data.data = content->data; + signed_data.length = content->length; + match_oid = &asn1_oid_id_pkcs7_data; } - if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType)) { + /** + * If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow + * encapContentInfo mismatch with the oid in signedAttributes + * (or if no signedAttributes where use, pkcs7-data oid). + * This is only needed to work with broken CMS implementations + * that doesn't follow CMS signedAttributes rules. + */ + + if (der_heim_oid_cmp(match_oid, &sd.encapContentInfo.eContentType) && + (flags & HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH) == 0) { ret = HX509_CMS_DATA_OID_MISMATCH; hx509_set_error_string(context, 0, ret, "Oid in message mismatch from the expected"); @@ -955,23 +1009,28 @@ hx509_cms_verify_signed(hx509_context context, ret = hx509_verify_signature(context, cert, &signer_info->signatureAlgorithm, - signed_data, + &signed_data, &signer_info->signature); if (ret) hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "Failed to verify sigature in " + "Failed to verify signature in " "CMS SignedData"); } - if (signed_data != signedContent) { - der_free_octet_string(signed_data); - free(signed_data); - } + if (signer_info->signedAttrs) + free(signed_data.data); if (ret) goto next_sigature; - ret = hx509_verify_path(context, ctx, cert, certs); - if (ret) - goto next_sigature; + /** + * If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the + * signing certificates and leave that up to the caller. + */ + + if ((flags & HX509_CMS_VS_NO_VALIDATE) == 0) { + ret = hx509_verify_path(context, ctx, cert, certs); + if (ret) + goto next_sigature; + } ret = hx509_certs_add(context, *signer_certs, cert); if (ret) @@ -984,7 +1043,18 @@ hx509_cms_verify_signed(hx509_context context, hx509_cert_free(cert); cert = NULL; } - if (found_valid_sig == 0) { + /** + * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty + * SignerInfo (no signatures). If SignedData have no signatures, + * the function will return 0 with signer_certs set to NULL. Zero + * signers is allowed by the standard, but since its only useful + * in corner cases, it make into a flag that the caller have to + * turn on. + */ + if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) { + if (*signer_certs) + hx509_certs_free(signer_certs); + } else if (found_valid_sig == 0) { if (ret == 0) { ret = HX509_CMS_SIGNER_NOT_FOUND; hx509_set_error_string(context, 0, ret, @@ -999,20 +1069,13 @@ hx509_cms_verify_signed(hx509_context context, goto out; } - content->data = malloc(signedContent->length); - if (content->data == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; - } - content->length = signedContent->length; - memcpy(content->data, signedContent->data, content->length); - out: free_SignedData(&sd); if (certs) hx509_certs_free(&certs); if (ret) { + if (content->data) + der_free_octet_string(content); if (*signer_certs) hx509_certs_free(signer_certs); der_free_oid(contentType); @@ -1053,7 +1116,7 @@ add_one_attribute(Attribute **attr, return 0; } - + /** * Decode SignedData and verify that the signature is correct. * @@ -1089,26 +1152,56 @@ hx509_cms_create_signed_1(hx509_context context, hx509_certs pool, heim_octet_string *signed_data) { - AlgorithmIdentifier digest; - hx509_name name; - SignerInfo *signer_info; - heim_octet_string buf, content, sigdata = { 0, NULL }; + hx509_certs certs; + int ret = 0; + + signed_data->data = NULL; + signed_data->length = 0; + + ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs); + if (ret) + return ret; + ret = hx509_certs_add(context, certs, cert); + if (ret) + goto out; + + ret = hx509_cms_create_signed(context, flags, eContentType, data, length, + digest_alg, certs, peer, anchors, pool, + signed_data); + + out: + hx509_certs_free(&certs); + return ret; +} + +struct sigctx { SignedData sd; - int ret; + const AlgorithmIdentifier *digest_alg; + const heim_oid *eContentType; + heim_octet_string content; + hx509_peer_info peer; + int cmsidflag; + int leafonly; + hx509_certs certs; + hx509_certs anchors; + hx509_certs pool; +}; + +static int +sig_process(hx509_context context, void *ctx, hx509_cert cert) +{ + struct sigctx *sigctx = ctx; + heim_octet_string buf, sigdata = { 0, NULL }; + SignerInfo *signer_info = NULL; + AlgorithmIdentifier digest; size_t size; + void *ptr; + int ret; + SignedData *sd = &sigctx->sd; hx509_path path; - int cmsidflag = CMS_ID_SKI; - memset(&sd, 0, sizeof(sd)); - memset(&name, 0, sizeof(name)); - memset(&path, 0, sizeof(path)); memset(&digest, 0, sizeof(digest)); - - content.data = rk_UNCONST(data); - content.length = length; - - if (flags & HX509_CMS_SIGATURE_ID_NAME) - cmsidflag = CMS_ID_NAME; + memset(&path, 0, sizeof(path)); if (_hx509_cert_private_key(cert) == NULL) { hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, @@ -1116,64 +1209,45 @@ hx509_cms_create_signed_1(hx509_context context, return HX509_PRIVATE_KEY_MISSING; } - if (digest_alg == NULL) { - ret = hx509_crypto_select(context, HX509_SELECT_DIGEST, - _hx509_cert_private_key(cert), peer, &digest); - } else { - ret = copy_AlgorithmIdentifier(digest_alg, &digest); + if (sigctx->digest_alg) { + ret = copy_AlgorithmIdentifier(sigctx->digest_alg, &digest); if (ret) hx509_clear_error_string(context); + } else { + ret = hx509_crypto_select(context, HX509_SELECT_DIGEST, + _hx509_cert_private_key(cert), + sigctx->peer, &digest); } if (ret) goto out; - sd.version = CMSVersion_v3; + /* + * Allocate on more signerInfo and do the signature processing + */ - if (eContentType == NULL) - eContentType = oid_id_pkcs7_data(); - - der_copy_oid(eContentType, &sd.encapContentInfo.eContentType); - - /* */ - if ((flags & HX509_CMS_SIGATURE_DETACHED) == 0) { - ALLOC(sd.encapContentInfo.eContent, 1); - if (sd.encapContentInfo.eContent == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; - } - - sd.encapContentInfo.eContent->data = malloc(length); - if (sd.encapContentInfo.eContent->data == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; - } - memcpy(sd.encapContentInfo.eContent->data, data, length); - sd.encapContentInfo.eContent->length = length; - } - - ALLOC_SEQ(&sd.signerInfos, 1); - if (sd.signerInfos.val == NULL) { - hx509_clear_error_string(context); + ptr = realloc(sd->signerInfos.val, + (sd->signerInfos.len + 1) * sizeof(sd->signerInfos.val[0])); + if (ptr == NULL) { ret = ENOMEM; goto out; } + sd->signerInfos.val = ptr; - signer_info = &sd.signerInfos.val[0]; + signer_info = &sd->signerInfos.val[sd->signerInfos.len]; + + memset(signer_info, 0, sizeof(*signer_info)); signer_info->version = 1; - ret = fill_CMSIdentifier(cert, cmsidflag, &signer_info->sid); + ret = fill_CMSIdentifier(cert, sigctx->cmsidflag, &signer_info->sid); if (ret) { hx509_clear_error_string(context); goto out; - } + } signer_info->signedAttrs = NULL; signer_info->unsignedAttrs = NULL; - ret = copy_AlgorithmIdentifier(&digest, &signer_info->digestAlgorithm); if (ret) { hx509_clear_error_string(context); @@ -1184,8 +1258,8 @@ hx509_cms_create_signed_1(hx509_context context, * If it isn't pkcs7-data send signedAttributes */ - if (der_heim_oid_cmp(eContentType, oid_id_pkcs7_data()) != 0) { - CMSAttributes sa; + if (der_heim_oid_cmp(sigctx->eContentType, &asn1_oid_id_pkcs7_data) != 0) { + CMSAttributes sa; heim_octet_string sig; ALLOC(signer_info->signedAttrs, 1); @@ -1197,7 +1271,7 @@ hx509_cms_create_signed_1(hx509_context context, ret = _hx509_create_signature(context, NULL, &digest, - &content, + &sigctx->content, NULL, &sig); if (ret) @@ -1219,9 +1293,10 @@ hx509_cms_create_signed_1(hx509_context context, ret = add_one_attribute(&signer_info->signedAttrs->val, &signer_info->signedAttrs->len, - oid_id_pkcs9_messageDigest(), + &asn1_oid_id_pkcs9_messageDigest, &buf); if (ret) { + free(buf.data); hx509_clear_error_string(context); goto out; } @@ -1230,7 +1305,7 @@ hx509_cms_create_signed_1(hx509_context context, ASN1_MALLOC_ENCODE(ContentType, buf.data, buf.length, - eContentType, + sigctx->eContentType, &size, ret); if (ret) @@ -1240,16 +1315,17 @@ hx509_cms_create_signed_1(hx509_context context, ret = add_one_attribute(&signer_info->signedAttrs->val, &signer_info->signedAttrs->len, - oid_id_pkcs9_contentType(), + &asn1_oid_id_pkcs9_contentType, &buf); if (ret) { + free(buf.data); hx509_clear_error_string(context); goto out; } sa.val = signer_info->signedAttrs->val; sa.len = signer_info->signedAttrs->len; - + ASN1_MALLOC_ENCODE(CMSAttributes, sigdata.data, sigdata.length, @@ -1263,16 +1339,15 @@ hx509_cms_create_signed_1(hx509_context context, if (size != sigdata.length) _hx509_abort("internal ASN.1 encoder error"); } else { - sigdata.data = content.data; - sigdata.length = content.length; + sigdata.data = sigctx->content.data; + sigdata.length = sigctx->content.length; } - { AlgorithmIdentifier sigalg; ret = hx509_crypto_select(context, HX509_SELECT_PUBLIC_SIG, - _hx509_cert_private_key(cert), peer, + _hx509_cert_private_key(cert), sigctx->peer, &sigalg); if (ret) goto out; @@ -1288,54 +1363,30 @@ hx509_cms_create_signed_1(hx509_context context, goto out; } - ALLOC_SEQ(&sd.digestAlgorithms, 1); - if (sd.digestAlgorithms.val == NULL) { - ret = ENOMEM; - hx509_clear_error_string(context); - goto out; - } - - ret = copy_AlgorithmIdentifier(&digest, &sd.digestAlgorithms.val[0]); - if (ret) { - hx509_clear_error_string(context); - goto out; - } + sigctx->sd.signerInfos.len++; + signer_info = NULL; /* * Provide best effort path */ - if (pool) { - _hx509_calculate_path(context, - HX509_CALCULATE_PATH_NO_ANCHOR, - time(NULL), - anchors, - 0, - cert, - pool, - &path); - } else - _hx509_path_append(context, &path, cert); + if (sigctx->certs) { + unsigned int i; - - if (path.len) { - int i; - - ALLOC(sd.certificates, 1); - if (sd.certificates == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; - } - ALLOC_SEQ(sd.certificates, path.len); - if (sd.certificates->val == NULL) { - hx509_clear_error_string(context); - ret = ENOMEM; - goto out; - } + if (sigctx->pool && sigctx->leafonly == 0) { + _hx509_calculate_path(context, + HX509_CALCULATE_PATH_NO_ANCHOR, + time(NULL), + sigctx->anchors, + 0, + cert, + sigctx->pool, + &path); + } else + _hx509_path_append(context, &path, cert); for (i = 0; i < path.len; i++) { - ret = hx509_cert_binary(context, path.val[i], - &sd.certificates->val[i]); + /* XXX remove dups */ + ret = hx509_certs_add(context, sigctx->certs, path.val[i]); if (ret) { hx509_clear_error_string(context); goto out; @@ -1343,9 +1394,180 @@ hx509_cms_create_signed_1(hx509_context context, } } + out: + if (signer_info) + free_SignerInfo(signer_info); + if (sigdata.data != sigctx->content.data) + der_free_octet_string(&sigdata); + _hx509_path_free(&path); + free_AlgorithmIdentifier(&digest); + + return ret; +} + +static int +cert_process(hx509_context context, void *ctx, hx509_cert cert) +{ + struct sigctx *sigctx = ctx; + const unsigned int i = sigctx->sd.certificates->len; + void *ptr; + int ret; + + ptr = realloc(sigctx->sd.certificates->val, + (i + 1) * sizeof(sigctx->sd.certificates->val[0])); + if (ptr == NULL) + return ENOMEM; + sigctx->sd.certificates->val = ptr; + + ret = hx509_cert_binary(context, cert, + &sigctx->sd.certificates->val[i]); + if (ret == 0) + sigctx->sd.certificates->len++; + + return ret; +} + +static int +cmp_AlgorithmIdentifier(const AlgorithmIdentifier *p, const AlgorithmIdentifier *q) +{ + return der_heim_oid_cmp(&p->algorithm, &q->algorithm); +} + +int +hx509_cms_create_signed(hx509_context context, + int flags, + const heim_oid *eContentType, + const void *data, size_t length, + const AlgorithmIdentifier *digest_alg, + hx509_certs certs, + hx509_peer_info peer, + hx509_certs anchors, + hx509_certs pool, + heim_octet_string *signed_data) +{ + unsigned int i, j; + hx509_name name; + int ret; + size_t size; + struct sigctx sigctx; + + memset(&sigctx, 0, sizeof(sigctx)); + memset(&name, 0, sizeof(name)); + + if (eContentType == NULL) + eContentType = &asn1_oid_id_pkcs7_data; + + sigctx.digest_alg = digest_alg; + sigctx.content.data = rk_UNCONST(data); + sigctx.content.length = length; + sigctx.eContentType = eContentType; + sigctx.peer = peer; + /** + * Use HX509_CMS_SIGNATURE_ID_NAME to preferred use of issuer name + * and serial number if possible. Otherwise subject key identifier + * will preferred. + */ + if (flags & HX509_CMS_SIGNATURE_ID_NAME) + sigctx.cmsidflag = CMS_ID_NAME; + else + sigctx.cmsidflag = CMS_ID_SKI; + + /** + * Use HX509_CMS_SIGNATURE_LEAF_ONLY to only request leaf + * certificates to be added to the SignedData. + */ + sigctx.leafonly = (flags & HX509_CMS_SIGNATURE_LEAF_ONLY) ? 1 : 0; + + /** + * Use HX509_CMS_NO_CERTS to make the SignedData contain no + * certificates, overrides HX509_CMS_SIGNATURE_LEAF_ONLY. + */ + + if ((flags & HX509_CMS_SIGNATURE_NO_CERTS) == 0) { + ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &sigctx.certs); + if (ret) + return ret; + } + + sigctx.anchors = anchors; + sigctx.pool = pool; + + sigctx.sd.version = CMSVersion_v3; + + der_copy_oid(eContentType, &sigctx.sd.encapContentInfo.eContentType); + + /** + * Use HX509_CMS_SIGNATURE_DETACHED to create detached signatures. + */ + if ((flags & HX509_CMS_SIGNATURE_DETACHED) == 0) { + ALLOC(sigctx.sd.encapContentInfo.eContent, 1); + if (sigctx.sd.encapContentInfo.eContent == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + sigctx.sd.encapContentInfo.eContent->data = malloc(length); + if (sigctx.sd.encapContentInfo.eContent->data == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + memcpy(sigctx.sd.encapContentInfo.eContent->data, data, length); + sigctx.sd.encapContentInfo.eContent->length = length; + } + + /** + * Use HX509_CMS_SIGNATURE_NO_SIGNER to create no sigInfo (no + * signatures). + */ + if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) { + ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx); + if (ret) + goto out; + } + + if (sigctx.sd.signerInfos.len) { + + /* + * For each signerInfo, collect all different digest types. + */ + for (i = 0; i < sigctx.sd.signerInfos.len; i++) { + AlgorithmIdentifier *di = + &sigctx.sd.signerInfos.val[i].digestAlgorithm; + + for (j = 0; j < sigctx.sd.digestAlgorithms.len; j++) + if (cmp_AlgorithmIdentifier(di, &sigctx.sd.digestAlgorithms.val[j]) == 0) + break; + if (j == sigctx.sd.digestAlgorithms.len) { + ret = add_DigestAlgorithmIdentifiers(&sigctx.sd.digestAlgorithms, di); + if (ret) { + hx509_clear_error_string(context); + goto out; + } + } + } + } + + /* + * Add certs we think are needed, build as part of sig_process + */ + if (sigctx.certs) { + ALLOC(sigctx.sd.certificates, 1); + if (sigctx.sd.certificates == NULL) { + hx509_clear_error_string(context); + ret = ENOMEM; + goto out; + } + + ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx); + if (ret) + goto out; + } + ASN1_MALLOC_ENCODE(SignedData, signed_data->data, signed_data->length, - &sd, &size, ret); + &sigctx.sd, &size, ret); if (ret) { hx509_clear_error_string(context); goto out; @@ -1354,11 +1576,8 @@ hx509_cms_create_signed_1(hx509_context context, _hx509_abort("internal ASN.1 encoder error"); out: - if (sigdata.data != content.data) - der_free_octet_string(&sigdata); - free_AlgorithmIdentifier(&digest); - _hx509_path_free(&path); - free_SignedData(&sd); + hx509_certs_free(&sigctx.certs); + free_SignedData(&sigctx.sd); return ret; } diff --git a/crypto/heimdal/lib/hx509/collector.c b/crypto/heimdal/lib/hx509/collector.c index 8b6ffcb9456..15f8163f809 100644 --- a/crypto/heimdal/lib/hx509/collector.c +++ b/crypto/heimdal/lib/hx509/collector.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: collector.c 20778 2007-06-01 22:04:13Z lha $"); struct private_key { AlgorithmIdentifier alg; @@ -106,14 +105,14 @@ free_private_key(struct private_key *key) { free_AlgorithmIdentifier(&key->alg); if (key->private_key) - _hx509_private_key_free(&key->private_key); + hx509_private_key_free(&key->private_key); der_free_octet_string(&key->localKeyId); free(key); } int _hx509_collector_private_key_add(hx509_context context, - struct hx509_collector *c, + struct hx509_collector *c, const AlgorithmIdentifier *alg, hx509_private_key private_key, const heim_octet_string *key_data, @@ -134,7 +133,7 @@ _hx509_collector_private_key_add(hx509_context context, return ENOMEM; } c->val.data = d; - + ret = copy_AlgorithmIdentifier(alg, &key->alg); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to copy " @@ -144,8 +143,9 @@ _hx509_collector_private_key_add(hx509_context context, if (private_key) { key->private_key = private_key; } else { - ret = _hx509_parse_private_key(context, &alg->algorithm, + ret = hx509_parse_private_key(context, alg, key_data->data, key_data->length, + HX509_KEY_FORMAT_DER, &key->private_key); if (ret) goto out; @@ -153,7 +153,7 @@ _hx509_collector_private_key_add(hx509_context context, if (localKeyId) { ret = der_copy_octet_string(localKeyId, &key->localKeyId); if (ret) { - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Failed to copy localKeyId"); goto out; } @@ -187,12 +187,12 @@ match_localkeyid(hx509_context context, _hx509_query_clear(&q); q.match |= HX509_QUERY_MATCH_LOCAL_KEY_ID; - + q.local_key_id = &value->localKeyId; - + ret = hx509_certs_find(context, certs, &q, &cert); if (ret == 0) { - + if (value->private_key) _hx509_cert_assign_key(cert, value->private_key); hx509_cert_free(cert); @@ -208,7 +208,7 @@ match_keys(hx509_context context, struct private_key *value, hx509_certs certs) int ret, found = HX509_CERT_NOT_FOUND; if (value->private_key == NULL) { - hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, + hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, "No private key to compare with"); return HX509_PRIVATE_KEY_MISSING; } @@ -248,12 +248,13 @@ match_keys(hx509_context context, struct private_key *value, hx509_certs certs) } int -_hx509_collector_collect_certs(hx509_context context, +_hx509_collector_collect_certs(hx509_context context, struct hx509_collector *c, hx509_certs *ret_certs) { hx509_certs certs; - int ret, i; + int ret; + size_t i; *ret_certs = NULL; @@ -282,11 +283,11 @@ _hx509_collector_collect_certs(hx509_context context, } int -_hx509_collector_collect_private_keys(hx509_context context, +_hx509_collector_collect_private_keys(hx509_context context, struct hx509_collector *c, hx509_private_key **keys) { - int i, nkeys; + size_t i, nkeys; *keys = NULL; @@ -306,7 +307,7 @@ _hx509_collector_collect_private_keys(hx509_context context, c->val.data[i]->private_key = NULL; } } - (*keys)[nkeys++] = NULL; + (*keys)[nkeys] = NULL; return 0; } @@ -315,7 +316,7 @@ _hx509_collector_collect_private_keys(hx509_context context, void _hx509_collector_free(struct hx509_collector *c) { - int i; + size_t i; if (c->unenvelop_certs) hx509_certs_free(&c->unenvelop_certs); diff --git a/crypto/heimdal/lib/hx509/crmf.asn1 b/crypto/heimdal/lib/hx509/crmf.asn1 index 97ade264ae2..3d8403c8e86 100644 --- a/crypto/heimdal/lib/hx509/crmf.asn1 +++ b/crypto/heimdal/lib/hx509/crmf.asn1 @@ -1,4 +1,4 @@ --- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $ +-- $Id$ PKCS10 DEFINITIONS ::= BEGIN diff --git a/crypto/heimdal/lib/hx509/crypto.c b/crypto/heimdal/lib/hx509/crypto.c index e0f00ad7b45..4559a9c4939 100644 --- a/crypto/heimdal/lib/hx509/crypto.c +++ b/crypto/heimdal/lib/hx509/crypto.c @@ -1,47 +1,42 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: crypto.c 22435 2008-01-14 20:53:56Z lha $"); struct hx509_crypto; struct signature_alg; -enum crypto_op_type { - COT_SIGN -}; - struct hx509_generate_private_context { const heim_oid *key_oid; int isCA; @@ -50,40 +45,23 @@ struct hx509_generate_private_context { struct hx509_private_key_ops { const char *pemtype; - const heim_oid *(*key_oid)(void); + const heim_oid *key_oid; + int (*available)(const hx509_private_key, + const AlgorithmIdentifier *); int (*get_spki)(hx509_context, const hx509_private_key, SubjectPublicKeyInfo *); int (*export)(hx509_context context, const hx509_private_key, + hx509_key_format_t, heim_octet_string *); - int (*import)(hx509_context, - const void *data, - size_t len, - hx509_private_key private_key); + int (*import)(hx509_context, const AlgorithmIdentifier *, + const void *, size_t, hx509_key_format_t, + hx509_private_key); int (*generate_private_key)(hx509_context, struct hx509_generate_private_context *, hx509_private_key); BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *); - int (*handle_alg)(const hx509_private_key, - const AlgorithmIdentifier *, - enum crypto_op_type); - int (*sign)(hx509_context context, - const hx509_private_key, - const AlgorithmIdentifier *, - const heim_octet_string *, - AlgorithmIdentifier *, - heim_octet_string *); -#if 0 - const AlgorithmIdentifier *(*preferred_sig_alg) - (const hx509_private_key, - const hx509_peer_info); - int (*unwrap)(hx509_context context, - const hx509_private_key, - const AlgorithmIdentifier *, - const heim_octet_string *, - heim_octet_string *); -#endif }; struct hx509_private_key { @@ -93,8 +71,10 @@ struct hx509_private_key { union { RSA *rsa; void *keydata; +#ifdef HAVE_OPENSSL + EC_KEY *ecdsa; +#endif } private_key; - /* new crypto layer */ hx509_private_key_ops *ops; }; @@ -104,13 +84,14 @@ struct hx509_private_key { struct signature_alg { const char *name; - const heim_oid *(*sig_oid)(void); - const AlgorithmIdentifier *(*sig_alg)(void); - const heim_oid *(*key_oid)(void); - const heim_oid *(*digest_oid)(void); + const heim_oid *sig_oid; + const AlgorithmIdentifier *sig_alg; + const heim_oid *key_oid; + const AlgorithmIdentifier *digest_alg; int flags; -#define PROVIDE_CONF 1 -#define REQUIRE_SIGNER 2 +#define PROVIDE_CONF 0x1 +#define REQUIRE_SIGNER 0x2 +#define SELF_SIGNED_OK 0x4 #define SIG_DIGEST 0x100 #define SIG_PUBLIC_SIG 0x200 @@ -118,7 +99,8 @@ struct signature_alg { #define RA_RSA_USES_DIGEST_INFO 0x1000000 - + time_t best_before; /* refuse signature made after best before date */ + const EVP_MD *(*evp_md)(void); int (*verify_signature)(hx509_context context, const struct signature_alg *, const Certificate *, @@ -132,6 +114,106 @@ struct signature_alg { const heim_octet_string *, AlgorithmIdentifier *, heim_octet_string *); + int digest_size; +}; + +static const struct signature_alg * +find_sig_alg(const heim_oid *oid); + +/* + * + */ + +static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") }; + +static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; +const AlgorithmIdentifier _hx509_signature_sha512_data = { + { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 }; +const AlgorithmIdentifier _hx509_signature_sha384_data = { + { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; +const AlgorithmIdentifier _hx509_signature_sha256_data = { + { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 }; +const AlgorithmIdentifier _hx509_signature_sha1_data = { + { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 }; +const AlgorithmIdentifier _hx509_signature_md5_data = { + { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid) +}; + +static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 }; +const AlgorithmIdentifier _hx509_signature_ecPublicKey = { + { 6, rk_UNCONST(ecPublicKey) }, NULL +}; + +static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 }; +const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = { + { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL +}; + +static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 }; +const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = { + { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL +}; + +static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { + { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL +}; + +static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = { + { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL +}; + +static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = { + { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL +}; + +static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = { + { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL +}; + +static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 }; +const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { + { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL +}; + +static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 }; +const AlgorithmIdentifier _hx509_signature_rsa_data = { + { 7, rk_UNCONST(rsa_oid) }, NULL +}; + +static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 }; +const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = { + { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL +}; + +static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 }; +const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = { + { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL +}; + +static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 }; +const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = { + { 9, rk_UNCONST(aes128_cbc_oid) }, NULL +}; + +static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 }; +const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = { + { 9, rk_UNCONST(aes256_cbc_oid) }, NULL }; /* @@ -184,6 +266,265 @@ set_digest_alg(DigestAlgorithmIdentifier *id, return 0; } +#ifdef HAVE_OPENSSL + +static int +heim_oid2ecnid(heim_oid *oid) +{ + /* + * Now map to openssl OID fun + */ + + if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0) + return NID_X9_62_prime256v1; + else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0) + return NID_secp160r1; + else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0) + return NID_secp160r2; + + return -1; +} + +static int +parse_ECParameters(hx509_context context, + heim_octet_string *parameters, int *nid) +{ + ECParameters ecparam; + size_t size; + int ret; + + if (parameters == NULL) { + ret = HX509_PARSING_KEY_FAILED; + hx509_set_error_string(context, 0, ret, + "EC parameters missing"); + return ret; + } + + ret = decode_ECParameters(parameters->data, parameters->length, + &ecparam, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode EC parameters"); + return ret; + } + + if (ecparam.element != choice_ECParameters_namedCurve) { + free_ECParameters(&ecparam); + hx509_set_error_string(context, 0, ret, + "EC parameters is not a named curve"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + *nid = heim_oid2ecnid(&ecparam.u.namedCurve); + free_ECParameters(&ecparam); + if (*nid == -1) { + hx509_set_error_string(context, 0, ret, + "Failed to find matcing NID for EC curve"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + return 0; +} + + +/* + * + */ + +static int +ecdsa_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ + const AlgorithmIdentifier *digest_alg; + const SubjectPublicKeyInfo *spi; + heim_octet_string digest; + int ret; + EC_KEY *key = NULL; + int groupnid; + EC_GROUP *group; + const unsigned char *p; + long len; + + digest_alg = sig_alg->digest_alg; + + ret = _hx509_create_signature(context, + NULL, + digest_alg, + data, + NULL, + &digest); + if (ret) + return ret; + + /* set up EC KEY */ + spi = &signer->tbsCertificate.subjectPublicKeyInfo; + + if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0) + return HX509_CRYPTO_SIG_INVALID_FORMAT; + +#ifdef HAVE_OPENSSL + /* + * Find the group id + */ + + ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid); + if (ret) { + der_free_octet_string(&digest); + return ret; + } + + /* + * Create group, key, parse key + */ + + key = EC_KEY_new(); + group = EC_GROUP_new_by_curve_name(groupnid); + EC_KEY_set_group(key, group); + EC_GROUP_free(group); + + p = spi->subjectPublicKey.data; + len = spi->subjectPublicKey.length / 8; + + if (o2i_ECPublicKey(&key, &p, len) == NULL) { + EC_KEY_free(key); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } +#else + key = SubjectPublicKeyInfo2EC_KEY(spi); +#endif + + ret = ECDSA_verify(-1, digest.data, digest.length, + sig->data, sig->length, key); + der_free_octet_string(&digest); + EC_KEY_free(key); + if (ret != 1) { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + return ret; + } + + return 0; +} + +static int +ecdsa_create_signature(hx509_context context, + const struct signature_alg *sig_alg, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_octet_string *sig) +{ + const AlgorithmIdentifier *digest_alg; + heim_octet_string indata; + const heim_oid *sig_oid; + unsigned int siglen; + int ret; + + if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0) + _hx509_abort("internal error passing private key to wrong ops"); + + sig_oid = sig_alg->sig_oid; + digest_alg = sig_alg->digest_alg; + + if (signatureAlgorithm) { + ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2); + if (ret) { + hx509_clear_error_string(context); + goto error; + } + } + + ret = _hx509_create_signature(context, + NULL, + digest_alg, + data, + NULL, + &indata); + if (ret) { + if (signatureAlgorithm) + free_AlgorithmIdentifier(signatureAlgorithm); + goto error; + } + + sig->length = ECDSA_size(signer->private_key.ecdsa); + sig->data = malloc(sig->length); + if (sig->data == NULL) { + der_free_octet_string(&indata); + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto error; + } + + siglen = sig->length; + + ret = ECDSA_sign(-1, indata.data, indata.length, + sig->data, &siglen, signer->private_key.ecdsa); + der_free_octet_string(&indata); + if (ret != 1) { + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + hx509_set_error_string(context, 0, ret, + "ECDSA sign failed: %d", ret); + goto error; + } + if (siglen > sig->length) + _hx509_abort("ECDSA signature prelen longer the output len"); + + sig->length = siglen; + + return 0; + error: + if (signatureAlgorithm) + free_AlgorithmIdentifier(signatureAlgorithm); + return ret; +} + +static int +ecdsa_available(const hx509_private_key signer, + const AlgorithmIdentifier *sig_alg) +{ + const struct signature_alg *sig; + const EC_GROUP *group; + BN_CTX *bnctx = NULL; + BIGNUM *order = NULL; + int ret = 0; + + if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0) + _hx509_abort("internal error passing private key to wrong ops"); + + sig = find_sig_alg(&sig_alg->algorithm); + + if (sig == NULL || sig->digest_size == 0) + return 0; + + group = EC_KEY_get0_group(signer->private_key.ecdsa); + if (group == NULL) + return 0; + + bnctx = BN_CTX_new(); + order = BN_new(); + if (order == NULL) + goto err; + + if (EC_GROUP_get_order(group, order, bnctx) != 1) + goto err; + + if (BN_num_bytes(order) > sig->digest_size) + ret = 1; + err: + if (bnctx) + BN_CTX_free(bnctx); + if (order) + BN_clear_free(order); + + return ret; +} + + +#endif /* HAVE_OPENSSL */ + /* * */ @@ -202,32 +543,18 @@ rsa_verify_signature(hx509_context context, int tosize, retsize; int ret; RSA *rsa; - RSAPublicKey pk; size_t size; + const unsigned char *p; memset(&di, 0, sizeof(di)); spi = &signer->tbsCertificate.subjectPublicKeyInfo; - rsa = RSA_new(); + p = spi->subjectPublicKey.data; + size = spi->subjectPublicKey.length / 8; + + rsa = d2i_RSAPublicKey(NULL, &p, size); if (rsa == NULL) { - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); - return ENOMEM; - } - ret = decode_RSAPublicKey(spi->subjectPublicKey.data, - spi->subjectPublicKey.length / 8, - &pk, &size); - if (ret) { - hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey"); - goto out; - } - - rsa->n = heim_int2BN(&pk.modulus); - rsa->e = heim_int2BN(&pk.publicExponent); - - free_RSAPublicKey(&pk); - - if (rsa->n == NULL || rsa->e == NULL) { ret = ENOMEM; hx509_set_error_string(context, 0, ret, "out of memory"); goto out; @@ -241,11 +568,11 @@ rsa_verify_signature(hx509_context context, goto out; } - retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data, + retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data, to, rsa, RSA_PKCS1_PADDING); if (retsize <= 0) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "RSA public decrypt failed: %d", retsize); free(to); goto out; @@ -260,23 +587,23 @@ rsa_verify_signature(hx509_context context, if (ret) { goto out; } - + /* Check for extra data inside the sigature */ - if (size != retsize) { + if (size != (size_t)retsize) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); goto out; } - - if (sig_alg->digest_oid && - der_heim_oid_cmp(&di.digestAlgorithm.algorithm, - (*sig_alg->digest_oid)()) != 0) + + if (sig_alg->digest_alg && + der_heim_oid_cmp(&di.digestAlgorithm.algorithm, + &sig_alg->digest_alg->algorithm) != 0) { ret = HX509_CRYPTO_OID_MISMATCH; hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch"); goto out; } - + /* verify that the parameters are NULL or the NULL-type */ if (di.digestAlgorithm.parameters != NULL && (di.digestAlgorithm.parameters->length != 2 || @@ -293,8 +620,8 @@ rsa_verify_signature(hx509_context context, data, &di.digest); } else { - if (retsize != data->length || - memcmp(to, data->data, retsize) != 0) + if ((size_t)retsize != data->length || + ct_memcmp(to, data->data, retsize) != 0) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; hx509_set_error_string(context, 0, ret, "RSA Signature incorrect"); @@ -302,10 +629,12 @@ rsa_verify_signature(hx509_context context, } free(to); } + ret = 0; out: free_DigestInfo(&di); - RSA_free(rsa); + if (rsa) + RSA_free(rsa); return ret; } @@ -323,25 +652,32 @@ rsa_create_signature(hx509_context context, const heim_oid *sig_oid; size_t size; int ret; - + + if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) + return HX509_ALG_NOT_SUPP; + if (alg) sig_oid = &alg->algorithm; else sig_oid = signer->signature_alg; - if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) { + if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION) == 0) { + digest_alg = hx509_signature_sha512(); + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION) == 0) { + digest_alg = hx509_signature_sha384(); + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_sha256(); - } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_sha1(); - } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_md5(); - } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { digest_alg = hx509_signature_md5(); - } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) { digest_alg = hx509_signature_sha1(); - } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { digest_alg = hx509_signature_sha1(); - } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) { + } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) { digest_alg = NULL; } else return HX509_ALG_NOT_SUPP; @@ -391,8 +727,8 @@ rsa_create_signature(hx509_context context, return ENOMEM; } - ret = RSA_private_encrypt(indata.length, indata.data, - sig->data, + ret = RSA_private_encrypt(indata.length, indata.data, + sig->data, signer->private_key.rsa, RSA_PKCS1_PADDING); if (indata.data != data->data) @@ -400,33 +736,43 @@ rsa_create_signature(hx509_context context, if (ret <= 0) { ret = HX509_CMS_FAILED_CREATE_SIGATURE; hx509_set_error_string(context, 0, ret, - "RSA private decrypt failed: %d", ret); + "RSA private encrypt failed: %d", ret); return ret; } - if (ret > sig->length) + if ((size_t)ret > sig->length) _hx509_abort("RSA signature prelen longer the output len"); sig->length = ret; - + return 0; } static int rsa_private_key_import(hx509_context context, + const AlgorithmIdentifier *keyai, const void *data, size_t len, + hx509_key_format_t format, hx509_private_key private_key) { - const unsigned char *p = data; + switch (format) { + case HX509_KEY_FORMAT_DER: { + const unsigned char *p = data; + + private_key->private_key.rsa = + d2i_RSAPrivateKey(NULL, &p, len); + if (private_key->private_key.rsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse RSA key"); + return HX509_PARSING_KEY_FAILED; + } + private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; + break; - private_key->private_key.rsa = - d2i_RSAPrivateKey(NULL, &p, len); - if (private_key->private_key.rsa == NULL) { - hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, - "Failed to parse RSA key"); - return HX509_PARSING_KEY_FAILED; } - private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); + default: + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; + } return 0; } @@ -449,7 +795,7 @@ rsa_private_key2SPKI(hx509_context context, } spki->subjectPublicKey.length = len * 8; - ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(), + ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION, "\x05\x00", 2); if (ret) { hx509_set_error_string(context, 0, ret, "malloc - out of memory"); @@ -468,7 +814,7 @@ rsa_private_key2SPKI(hx509_context context, } static int -rsa_generate_private_key(hx509_context context, +rsa_generate_private_key(hx509_context context, struct hx509_generate_private_context *ctx, hx509_private_key private_key) { @@ -477,7 +823,7 @@ rsa_generate_private_key(hx509_context context, unsigned long bits; static const int default_rsa_e = 65537; - static const int default_rsa_bits = 1024; + static const int default_rsa_bits = 2048; private_key->private_key.rsa = RSA_new(); if (private_key->private_key.rsa == NULL) { @@ -485,7 +831,7 @@ rsa_generate_private_key(hx509_context context, "Failed to generate RSA key"); return HX509_PARSING_KEY_FAILED; } - + e = BN_new(); BN_set_word(e, default_rsa_e); @@ -493,8 +839,6 @@ rsa_generate_private_key(hx509_context context, if (ctx->num_bits) bits = ctx->num_bits; - else if (ctx->isCA) - bits *= 2; ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL); BN_free(e); @@ -503,14 +847,15 @@ rsa_generate_private_key(hx509_context context, "Failed to generate RSA key"); return HX509_PARSING_KEY_FAILED; } - private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); + private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; return 0; } -static int +static int rsa_private_key_export(hx509_context context, const hx509_private_key key, + hx509_key_format_t format, heim_octet_string *data) { int ret; @@ -518,32 +863,41 @@ rsa_private_key_export(hx509_context context, data->data = NULL; data->length = 0; - ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL); - if (ret <= 0) { - ret = EINVAL; - hx509_set_error_string(context, 0, ret, - "Private key is not exportable"); - return ret; - } + switch (format) { + case HX509_KEY_FORMAT_DER: - data->data = malloc(ret); - if (data->data == NULL) { - ret = ENOMEM; - hx509_set_error_string(context, 0, ret, "malloc out of memory"); - return ret; - } - data->length = ret; - - { - unsigned char *p = data->data; - i2d_RSAPrivateKey(key->private_key.rsa, &p); + ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL); + if (ret <= 0) { + ret = EINVAL; + hx509_set_error_string(context, 0, ret, + "Private key is not exportable"); + return ret; + } + + data->data = malloc(ret); + if (data->data == NULL) { + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "malloc out of memory"); + return ret; + } + data->length = ret; + + { + unsigned char *p = data->data; + i2d_RSAPrivateKey(key->private_key.rsa, &p); + } + break; + default: + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; } return 0; } static BIGNUM * -rsa_get_internal(hx509_context context, hx509_private_key key, const char *type) +rsa_get_internal(hx509_context context, + hx509_private_key key, + const char *type) { if (strcasecmp(type, "rsa-modulus") == 0) { return BN_dup(key->private_key.rsa->n); @@ -557,7 +911,8 @@ rsa_get_internal(hx509_context context, hx509_private_key key, const char *type) static hx509_private_key_ops rsa_private_key_ops = { "RSA PRIVATE KEY", - oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + NULL, rsa_private_key2SPKI, rsa_private_key_export, rsa_private_key_import, @@ -565,6 +920,114 @@ static hx509_private_key_ops rsa_private_key_ops = { rsa_get_internal }; +#ifdef HAVE_OPENSSL + +static int +ecdsa_private_key2SPKI(hx509_context context, + hx509_private_key private_key, + SubjectPublicKeyInfo *spki) +{ + memset(spki, 0, sizeof(*spki)); + return ENOMEM; +} + +static int +ecdsa_private_key_export(hx509_context context, + const hx509_private_key key, + hx509_key_format_t format, + heim_octet_string *data) +{ + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; +} + +static int +ecdsa_private_key_import(hx509_context context, + const AlgorithmIdentifier *keyai, + const void *data, + size_t len, + hx509_key_format_t format, + hx509_private_key private_key) +{ + const unsigned char *p = data; + EC_KEY **pkey = NULL; + + if (keyai->parameters) { + EC_GROUP *group; + int groupnid; + EC_KEY *key; + int ret; + + ret = parse_ECParameters(context, keyai->parameters, &groupnid); + if (ret) + return ret; + + key = EC_KEY_new(); + if (key == NULL) + return ENOMEM; + + group = EC_GROUP_new_by_curve_name(groupnid); + if (group == NULL) { + EC_KEY_free(key); + return ENOMEM; + } + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(key, group) == 0) { + EC_KEY_free(key); + EC_GROUP_free(group); + return ENOMEM; + } + EC_GROUP_free(group); + pkey = &key; + } + + switch (format) { + case HX509_KEY_FORMAT_DER: + + private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len); + if (private_key->private_key.ecdsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse EC private key"); + return HX509_PARSING_KEY_FAILED; + } + private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256; + break; + + default: + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; + } + + return 0; +} + +static int +ecdsa_generate_private_key(hx509_context context, + struct hx509_generate_private_context *ctx, + hx509_private_key private_key) +{ + return ENOMEM; +} + +static BIGNUM * +ecdsa_get_internal(hx509_context context, + hx509_private_key key, + const char *type) +{ + return NULL; +} + + +static hx509_private_key_ops ecdsa_private_key_ops = { + "EC PRIVATE KEY", + ASN1_OID_ID_ECPUBLICKEY, + ecdsa_available, + ecdsa_private_key2SPKI, + ecdsa_private_key_export, + ecdsa_private_key_import, + ecdsa_generate_private_key, + ecdsa_get_internal +}; + +#endif /* HAVE_OPENSSL */ /* * @@ -664,11 +1127,11 @@ dsa_parse_private_key(hx509_context context, { const unsigned char *p = data; - private_key->private_key.dsa = + private_key->private_key.dsa = d2i_DSAPrivateKey(NULL, &p, len); if (private_key->private_key.dsa == NULL) return EINVAL; - private_key->signature_alg = oid_id_dsa_with_sha1(); + private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1; return 0; /* else */ @@ -678,39 +1141,8 @@ dsa_parse_private_key(hx509_context context, } #endif - static int -sha1_verify_signature(hx509_context context, - const struct signature_alg *sig_alg, - const Certificate *signer, - const AlgorithmIdentifier *alg, - const heim_octet_string *data, - const heim_octet_string *sig) -{ - unsigned char digest[SHA_DIGEST_LENGTH]; - SHA_CTX m; - - if (sig->length != SHA_DIGEST_LENGTH) { - hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, - "SHA1 sigature have wrong length"); - return HX509_CRYPTO_SIG_INVALID_FORMAT; - } - - SHA1_Init(&m); - SHA1_Update(&m, data->data, data->length); - SHA1_Final (digest, &m); - - if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) { - hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, - "Bad SHA1 sigature"); - return HX509_CRYPTO_BAD_SIGNATURE; - } - - return 0; -} - -static int -sha256_create_signature(hx509_context context, +evp_md_create_signature(hx509_context context, const struct signature_alg *sig_alg, const hx509_private_key signer, const AlgorithmIdentifier *alg, @@ -718,339 +1150,448 @@ sha256_create_signature(hx509_context context, AlgorithmIdentifier *signatureAlgorithm, heim_octet_string *sig) { - SHA256_CTX m; - + size_t sigsize = EVP_MD_size(sig_alg->evp_md()); + EVP_MD_CTX *ctx; + memset(sig, 0, sizeof(*sig)); if (signatureAlgorithm) { int ret; - ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), + ret = set_digest_alg(signatureAlgorithm, sig_alg->sig_oid, "\x05\x00", 2); if (ret) return ret; } - - sig->data = malloc(SHA256_DIGEST_LENGTH); + + sig->data = malloc(sigsize); if (sig->data == NULL) { sig->length = 0; return ENOMEM; } - sig->length = SHA256_DIGEST_LENGTH; + sig->length = sigsize; + + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL); + EVP_DigestUpdate(ctx, data->data, data->length); + EVP_DigestFinal_ex(ctx, sig->data, NULL); + EVP_MD_CTX_destroy(ctx); - SHA256_Init(&m); - SHA256_Update(&m, data->data, data->length); - SHA256_Final (sig->data, &m); return 0; } static int -sha256_verify_signature(hx509_context context, +evp_md_verify_signature(hx509_context context, const struct signature_alg *sig_alg, const Certificate *signer, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig) { - unsigned char digest[SHA256_DIGEST_LENGTH]; - SHA256_CTX m; - - if (sig->length != SHA256_DIGEST_LENGTH) { + unsigned char digest[EVP_MAX_MD_SIZE]; + EVP_MD_CTX *ctx; + size_t sigsize = EVP_MD_size(sig_alg->evp_md()); + + if (sig->length != sigsize || sigsize > sizeof(digest)) { hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, "SHA256 sigature have wrong length"); return HX509_CRYPTO_SIG_INVALID_FORMAT; } - SHA256_Init(&m); - SHA256_Update(&m, data->data, data->length); - SHA256_Final (digest, &m); - - if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) { + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL); + EVP_DigestUpdate(ctx, data->data, data->length); + EVP_DigestFinal_ex(ctx, digest, NULL); + EVP_MD_CTX_destroy(ctx); + + if (ct_memcmp(digest, sig->data, sigsize) != 0) { hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, - "Bad SHA256 sigature"); + "Bad %s sigature", sig_alg->name); return HX509_CRYPTO_BAD_SIGNATURE; } return 0; } -static int -sha1_create_signature(hx509_context context, - const struct signature_alg *sig_alg, - const hx509_private_key signer, - const AlgorithmIdentifier *alg, - const heim_octet_string *data, - AlgorithmIdentifier *signatureAlgorithm, - heim_octet_string *sig) -{ - SHA_CTX m; - - memset(sig, 0, sizeof(*sig)); +#ifdef HAVE_OPENSSL - if (signatureAlgorithm) { - int ret; - ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), - "\x05\x00", 2); - if (ret) - return ret; - } - +static const struct signature_alg ecdsa_with_sha256_alg = { + "ecdsa-with-sha256", + ASN1_OID_ID_ECDSA_WITH_SHA256, + &_hx509_signature_ecdsa_with_sha256_data, + ASN1_OID_ID_ECPUBLICKEY, + &_hx509_signature_sha256_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + ecdsa_verify_signature, + ecdsa_create_signature, + 32 +}; - sig->data = malloc(SHA_DIGEST_LENGTH); - if (sig->data == NULL) { - sig->length = 0; - return ENOMEM; - } - sig->length = SHA_DIGEST_LENGTH; +static const struct signature_alg ecdsa_with_sha1_alg = { + "ecdsa-with-sha1", + ASN1_OID_ID_ECDSA_WITH_SHA1, + &_hx509_signature_ecdsa_with_sha1_data, + ASN1_OID_ID_ECPUBLICKEY, + &_hx509_signature_sha1_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + ecdsa_verify_signature, + ecdsa_create_signature, + 20 +}; - SHA1_Init(&m); - SHA1_Update(&m, data->data, data->length); - SHA1_Final (sig->data, &m); - - return 0; -} - -static int -md5_verify_signature(hx509_context context, - const struct signature_alg *sig_alg, - const Certificate *signer, - const AlgorithmIdentifier *alg, - const heim_octet_string *data, - const heim_octet_string *sig) -{ - unsigned char digest[MD5_DIGEST_LENGTH]; - MD5_CTX m; - - if (sig->length != MD5_DIGEST_LENGTH) { - hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, - "MD5 sigature have wrong length"); - return HX509_CRYPTO_SIG_INVALID_FORMAT; - } - - MD5_Init(&m); - MD5_Update(&m, data->data, data->length); - MD5_Final (digest, &m); - - if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) { - hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, - "Bad MD5 sigature"); - return HX509_CRYPTO_BAD_SIGNATURE; - } - - return 0; -} - -static int -md2_verify_signature(hx509_context context, - const struct signature_alg *sig_alg, - const Certificate *signer, - const AlgorithmIdentifier *alg, - const heim_octet_string *data, - const heim_octet_string *sig) -{ - unsigned char digest[MD2_DIGEST_LENGTH]; - MD2_CTX m; - - if (sig->length != MD2_DIGEST_LENGTH) { - hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, - "MD2 sigature have wrong length"); - return HX509_CRYPTO_SIG_INVALID_FORMAT; - } - - MD2_Init(&m); - MD2_Update(&m, data->data, data->length); - MD2_Final (digest, &m); - - if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) { - hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, - "Bad MD2 sigature"); - return HX509_CRYPTO_BAD_SIGNATURE; - } - - return 0; -} +#endif static const struct signature_alg heim_rsa_pkcs1_x509 = { "rsa-pkcs1-x509", - oid_id_heim_rsa_pkcs1_x509, - hx509_signature_rsa_pkcs1_x509, - oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_HEIM_RSA_PKCS1_X509, + &_hx509_signature_rsa_pkcs1_x509_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, NULL, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + 0, + NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg pkcs1_rsa_sha1_alg = { "rsa", - oid_id_pkcs1_rsaEncryption, - hx509_signature_rsa_with_sha1, - oid_id_pkcs1_rsaEncryption, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_rsa_with_sha1_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + NULL, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, NULL, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 +}; + +static const struct signature_alg rsa_with_sha512_alg = { + "rsa-with-sha512", + ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION, + &_hx509_signature_rsa_with_sha512_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_sha512_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + rsa_verify_signature, + rsa_create_signature, + 0 +}; + +static const struct signature_alg rsa_with_sha384_alg = { + "rsa-with-sha384", + ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION, + &_hx509_signature_rsa_with_sha384_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_sha384_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + rsa_verify_signature, + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha256_alg = { "rsa-with-sha256", - oid_id_pkcs1_sha256WithRSAEncryption, - hx509_signature_rsa_with_sha256, - oid_id_pkcs1_rsaEncryption, - oid_id_sha256, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION, + &_hx509_signature_rsa_with_sha256_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_sha256_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha1_alg = { "rsa-with-sha1", - oid_id_pkcs1_sha1WithRSAEncryption, - hx509_signature_rsa_with_sha1, - oid_id_pkcs1_rsaEncryption, - oid_id_secsig_sha_1, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION, + &_hx509_signature_rsa_with_sha1_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_sha1_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 +}; + +static const struct signature_alg rsa_with_sha1_alg_secsig = { + "rsa-with-sha1", + ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION, + &_hx509_signature_rsa_with_sha1_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_sha1_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + rsa_verify_signature, + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_md5_alg = { "rsa-with-md5", - oid_id_pkcs1_md5WithRSAEncryption, - hx509_signature_rsa_with_md5, - oid_id_pkcs1_rsaEncryption, - oid_id_rsa_digest_md5, + ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION, + &_hx509_signature_rsa_with_md5_data, + ASN1_OID_ID_PKCS1_RSAENCRYPTION, + &_hx509_signature_md5_data, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, + 1230739889, + NULL, rsa_verify_signature, - rsa_create_signature -}; - -static const struct signature_alg rsa_with_md2_alg = { - "rsa-with-md2", - oid_id_pkcs1_md2WithRSAEncryption, - hx509_signature_rsa_with_md2, - oid_id_pkcs1_rsaEncryption, - oid_id_rsa_digest_md2, - PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, - rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg dsa_sha1_alg = { "dsa-with-sha1", - oid_id_dsa_with_sha1, + ASN1_OID_ID_DSA_WITH_SHA1, NULL, - oid_id_dsa, - oid_id_secsig_sha_1, + ASN1_OID_ID_DSA, + &_hx509_signature_sha1_data, PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, + 0, + NULL, dsa_verify_signature, /* create_signature */ NULL, + 0 +}; + +static const struct signature_alg sha512_alg = { + "sha-512", + ASN1_OID_ID_SHA512, + &_hx509_signature_sha512_data, + NULL, + NULL, + SIG_DIGEST, + 0, + EVP_sha512, + evp_md_verify_signature, + evp_md_create_signature, + 0 +}; + +static const struct signature_alg sha384_alg = { + "sha-384", + ASN1_OID_ID_SHA512, + &_hx509_signature_sha384_data, + NULL, + NULL, + SIG_DIGEST, + 0, + EVP_sha384, + evp_md_verify_signature, + evp_md_create_signature, + 0 }; static const struct signature_alg sha256_alg = { "sha-256", - oid_id_sha256, - hx509_signature_sha256, + ASN1_OID_ID_SHA256, + &_hx509_signature_sha256_data, NULL, NULL, SIG_DIGEST, - sha256_verify_signature, - sha256_create_signature + 0, + EVP_sha256, + evp_md_verify_signature, + evp_md_create_signature, + 0 }; static const struct signature_alg sha1_alg = { "sha1", - oid_id_secsig_sha_1, - hx509_signature_sha1, + ASN1_OID_ID_SECSIG_SHA_1, + &_hx509_signature_sha1_data, NULL, NULL, SIG_DIGEST, - sha1_verify_signature, - sha1_create_signature + 0, + EVP_sha1, + evp_md_verify_signature, + evp_md_create_signature, + 0 }; static const struct signature_alg md5_alg = { "rsa-md5", - oid_id_rsa_digest_md5, - hx509_signature_md5, + ASN1_OID_ID_RSA_DIGEST_MD5, + &_hx509_signature_md5_data, NULL, NULL, SIG_DIGEST, - md5_verify_signature + 0, + EVP_md5, + evp_md_verify_signature, + NULL, + 0 }; -static const struct signature_alg md2_alg = { - "rsa-md2", - oid_id_rsa_digest_md2, - hx509_signature_md2, - NULL, - NULL, - SIG_DIGEST, - md2_verify_signature -}; - -/* +/* * Order matter in this structure, "best" first for each "key - * compatible" type (type is RSA, DSA, none, etc) + * compatible" type (type is ECDSA, RSA, DSA, none, etc) */ static const struct signature_alg *sig_algs[] = { +#ifdef HAVE_OPENSSL + &ecdsa_with_sha256_alg, + &ecdsa_with_sha1_alg, +#endif + &rsa_with_sha512_alg, + &rsa_with_sha384_alg, &rsa_with_sha256_alg, &rsa_with_sha1_alg, + &rsa_with_sha1_alg_secsig, &pkcs1_rsa_sha1_alg, &rsa_with_md5_alg, - &rsa_with_md2_alg, &heim_rsa_pkcs1_x509, &dsa_sha1_alg, + &sha512_alg, + &sha384_alg, &sha256_alg, &sha1_alg, &md5_alg, - &md2_alg, NULL }; static const struct signature_alg * find_sig_alg(const heim_oid *oid) { - int i; + unsigned int i; for (i = 0; sig_algs[i]; i++) - if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0) + if (der_heim_oid_cmp(sig_algs[i]->sig_oid, oid) == 0) return sig_algs[i]; return NULL; } +static const AlgorithmIdentifier * +alg_for_privatekey(const hx509_private_key pk, int type) +{ + const heim_oid *keytype; + unsigned int i; + + if (pk->ops == NULL) + return NULL; + + keytype = pk->ops->key_oid; + + for (i = 0; sig_algs[i]; i++) { + if (sig_algs[i]->key_oid == NULL) + continue; + if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0) + continue; + if (pk->ops->available && + pk->ops->available(pk, sig_algs[i]->sig_alg) == 0) + continue; + if (type == HX509_SELECT_PUBLIC_SIG) + return sig_algs[i]->sig_alg; + if (type == HX509_SELECT_DIGEST) + return sig_algs[i]->digest_alg; + + return NULL; + } + return NULL; +} + /* * */ static struct hx509_private_key_ops *private_algs[] = { &rsa_private_key_ops, +#ifdef HAVE_OPENSSL + &ecdsa_private_key_ops, +#endif NULL }; -static hx509_private_key_ops * -find_private_alg(const heim_oid *oid) +hx509_private_key_ops * +hx509_find_private_alg(const heim_oid *oid) { int i; for (i = 0; private_algs[i]; i++) { if (private_algs[i]->key_oid == NULL) continue; - if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0) + if (der_heim_oid_cmp(private_algs[i]->key_oid, oid) == 0) return private_algs[i]; } return NULL; } +/* + * Check if the algorithm `alg' have a best before date, and if it + * des, make sure the its before the time `t'. + */ + +int +_hx509_signature_best_before(hx509_context context, + const AlgorithmIdentifier *alg, + time_t t) +{ + const struct signature_alg *md; + + md = find_sig_alg(&alg->algorithm); + if (md == NULL) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_NO_SUPPORTED; + } + if (md->best_before && md->best_before < t) { + hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE, + "Algorithm %s has passed it best before date", + md->name); + return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; + } + return 0; +} + +int +_hx509_self_signed_valid(hx509_context context, + const AlgorithmIdentifier *alg) +{ + const struct signature_alg *md; + + md = find_sig_alg(&alg->algorithm); + if (md == NULL) { + hx509_clear_error_string(context); + return HX509_SIG_ALG_NO_SUPPORTED; + } + if ((md->flags & SELF_SIGNED_OK) == 0) { + hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE, + "Algorithm %s not trusted for self signatures", + md->name); + return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; + } + return 0; +} + int _hx509_verify_signature(hx509_context context, - const Certificate *signer, + const hx509_cert cert, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig) { const struct signature_alg *md; + const Certificate *signer = NULL; + + if (cert) + signer = _hx509_get_cert(cert); md = find_sig_alg(&alg->algorithm); if (md == NULL) { @@ -1069,7 +1610,7 @@ _hx509_verify_signature(hx509_context context, const SubjectPublicKeyInfo *spi; spi = &signer->tbsCertificate.subjectPublicKeyInfo; - if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) { + if (der_heim_oid_cmp(&spi->algorithm.algorithm, md->key_oid) != 0) { hx509_clear_error_string(context); return HX509_SIG_ALG_DONT_MATCH_KEY_ALG; } @@ -1077,27 +1618,6 @@ _hx509_verify_signature(hx509_context context, return (*md->verify_signature)(context, md, signer, alg, data, sig); } -int -_hx509_verify_signature_bitstring(hx509_context context, - const Certificate *signer, - const AlgorithmIdentifier *alg, - const heim_octet_string *data, - const heim_bit_string *sig) -{ - heim_octet_string os; - - if (sig->length & 7) { - hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, - "signature not multiple of 8 bits"); - return HX509_CRYPTO_SIG_INVALID_FORMAT; - } - - os.data = sig->data; - os.length = sig->length / 8; - - return _hx509_verify_signature(context, signer, alg, data, &os); -} - int _hx509_create_signature(hx509_context context, const hx509_private_key signer, @@ -1108,13 +1628,6 @@ _hx509_create_signature(hx509_context context, { const struct signature_alg *md; - if (signer && signer->ops && signer->ops->handle_alg && - (*signer->ops->handle_alg)(signer, alg, COT_SIGN)) - { - return (*signer->ops->sign)(context, signer, alg, data, - signatureAlgorithm, sig); - } - md = find_sig_alg(&alg->algorithm); if (md == NULL) { hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED, @@ -1128,7 +1641,7 @@ _hx509_create_signature(hx509_context context, return HX509_CRYPTO_SIG_NO_CONF; } - return (*md->create_signature)(context, md, signer, alg, data, + return (*md->create_signature)(context, md, signer, alg, data, signatureAlgorithm, sig); } @@ -1164,39 +1677,23 @@ _hx509_public_encrypt(hx509_context context, int tosize; int ret; RSA *rsa; - RSAPublicKey pk; size_t size; + const unsigned char *p; ciphertext->data = NULL; ciphertext->length = 0; spi = &cert->tbsCertificate.subjectPublicKeyInfo; - rsa = RSA_new(); + p = spi->subjectPublicKey.data; + size = spi->subjectPublicKey.length / 8; + + rsa = d2i_RSAPublicKey(NULL, &p, size); if (rsa == NULL) { hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } - ret = decode_RSAPublicKey(spi->subjectPublicKey.data, - spi->subjectPublicKey.length / 8, - &pk, &size); - if (ret) { - RSA_free(rsa); - hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure"); - return ret; - } - rsa->n = heim_int2BN(&pk.modulus); - rsa->e = heim_int2BN(&pk.publicExponent); - - free_RSAPublicKey(&pk); - - if (rsa->n == NULL || rsa->e == NULL) { - RSA_free(rsa); - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); - return ENOMEM; - } - tosize = RSA_size(rsa); to = malloc(tosize); if (to == NULL) { @@ -1205,8 +1702,8 @@ _hx509_public_encrypt(hx509_context context, return ENOMEM; } - ret = RSA_public_encrypt(cleartext->length, - (unsigned char *)cleartext->data, + ret = RSA_public_encrypt(cleartext->length, + (unsigned char *)cleartext->data, to, rsa, RSA_PKCS1_PADDING); RSA_free(rsa); if (ret <= 0) { @@ -1221,7 +1718,7 @@ _hx509_public_encrypt(hx509_context context, ciphertext->length = ret; ciphertext->data = to; - ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid); + ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid); if (ret) { der_free_octet_string(ciphertext); hx509_set_error_string(context, 0, ENOMEM, "out of memory"); @@ -1232,7 +1729,7 @@ _hx509_public_encrypt(hx509_context context, } int -_hx509_private_key_private_decrypt(hx509_context context, +hx509_private_key_private_decrypt(hx509_context context, const heim_octet_string *ciphertext, const heim_oid *encryption_oid, hx509_private_key p, @@ -1265,7 +1762,7 @@ _hx509_private_key_private_decrypt(hx509_context context, "Failed to decrypt using private key: %d", ret); return HX509_CRYPTO_RSA_PRIVATE_DECRYPT; } - if (cleartext->length < ret) + if (cleartext->length < (size_t)ret) _hx509_abort("internal rsa decryption failure: ret > tosize"); cleartext->length = ret; @@ -1275,10 +1772,11 @@ _hx509_private_key_private_decrypt(hx509_context context, int -_hx509_parse_private_key(hx509_context context, - const heim_oid *key_oid, +hx509_parse_private_key(hx509_context context, + const AlgorithmIdentifier *keyai, const void *data, size_t len, + hx509_key_format_t format, hx509_private_key *private_key) { struct hx509_private_key_ops *ops; @@ -1286,21 +1784,21 @@ _hx509_parse_private_key(hx509_context context, *private_key = NULL; - ops = find_private_alg(key_oid); + ops = hx509_find_private_alg(&keyai->algorithm); if (ops == NULL) { hx509_clear_error_string(context); return HX509_SIG_ALG_NO_SUPPORTED; } - ret = _hx509_private_key_init(private_key, ops, NULL); + ret = hx509_private_key_init(private_key, ops, NULL); if (ret) { hx509_set_error_string(context, 0, ret, "out of memory"); return ret; } - ret = (*ops->import)(context, data, len, *private_key); + ret = (*ops->import)(context, keyai, data, len, format, *private_key); if (ret) - _hx509_private_key_free(private_key); + hx509_private_key_free(private_key); return ret; } @@ -1310,7 +1808,7 @@ _hx509_parse_private_key(hx509_context context, */ int -_hx509_private_key2SPKI(hx509_context context, +hx509_private_key2SPKI(hx509_context context, hx509_private_key private_key, SubjectPublicKeyInfo *spki) { @@ -1330,8 +1828,8 @@ _hx509_generate_private_key_init(hx509_context context, { *ctx = NULL; - if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) { - hx509_set_error_string(context, 0, EINVAL, + if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) { + hx509_set_error_string(context, 0, EINVAL, "private key not an RSA key"); return EINVAL; } @@ -1381,13 +1879,13 @@ _hx509_generate_private_key(hx509_context context, *private_key = NULL; - ops = find_private_alg(ctx->key_oid); + ops = hx509_find_private_alg(ctx->key_oid); if (ops == NULL) { hx509_clear_error_string(context); return HX509_SIG_ALG_NO_SUPPORTED; } - ret = _hx509_private_key_init(private_key, ops, NULL); + ret = hx509_private_key_init(private_key, ops, NULL); if (ret) { hx509_set_error_string(context, 0, ret, "out of memory"); return ret; @@ -1395,103 +1893,15 @@ _hx509_generate_private_key(hx509_context context, ret = (*ops->generate_private_key)(context, ctx, *private_key); if (ret) - _hx509_private_key_free(private_key); + hx509_private_key_free(private_key); return ret; } - /* * */ -static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") }; - -static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; -const AlgorithmIdentifier _hx509_signature_sha512_data = { - { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid) -}; - -static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 }; -const AlgorithmIdentifier _hx509_signature_sha384_data = { - { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid) -}; - -static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; -const AlgorithmIdentifier _hx509_signature_sha256_data = { - { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid) -}; - -static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 }; -const AlgorithmIdentifier _hx509_signature_sha1_data = { - { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid) -}; - -static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 }; -const AlgorithmIdentifier _hx509_signature_md5_data = { - { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid) -}; - -static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 }; -const AlgorithmIdentifier _hx509_signature_md2_data = { - { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid) -}; - -static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 }; -const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { - { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL -}; - -static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 }; -const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = { - { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL -}; - -static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 }; -const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = { - { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL -}; - -static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 }; -const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = { - { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL -}; - -static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 }; -const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { - { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL -}; - -static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 }; -const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = { - { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL -}; - -static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 }; -const AlgorithmIdentifier _hx509_signature_rsa_data = { - { 7, rk_UNCONST(rsa_oid) }, NULL -}; - -static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 }; -const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = { - { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL -}; - -static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 }; -const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = { - { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL -}; - -static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 }; -const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = { - { 9, rk_UNCONST(aes128_cbc_oid) }, NULL -}; - -static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 }; -const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = { - { 9, rk_UNCONST(aes256_cbc_oid) }, NULL -}; - const AlgorithmIdentifier * hx509_signature_sha512(void) { return &_hx509_signature_sha512_data; } @@ -1513,8 +1923,16 @@ hx509_signature_md5(void) { return &_hx509_signature_md5_data; } const AlgorithmIdentifier * -hx509_signature_md2(void) -{ return &_hx509_signature_md2_data; } +hx509_signature_ecPublicKey(void) +{ return &_hx509_signature_ecPublicKey; } + +const AlgorithmIdentifier * +hx509_signature_ecdsa_with_sha256(void) +{ return &_hx509_signature_ecdsa_with_sha256_data; } + +const AlgorithmIdentifier * +hx509_signature_ecdsa_with_sha1(void) +{ return &_hx509_signature_ecdsa_with_sha1_data; } const AlgorithmIdentifier * hx509_signature_rsa_with_sha512(void) @@ -1536,10 +1954,6 @@ const AlgorithmIdentifier * hx509_signature_rsa_with_md5(void) { return &_hx509_signature_rsa_with_md5_data; } -const AlgorithmIdentifier * -hx509_signature_rsa_with_md2(void) -{ return &_hx509_signature_rsa_with_md2_data; } - const AlgorithmIdentifier * hx509_signature_rsa(void) { return &_hx509_signature_rsa_data; } @@ -1564,11 +1978,11 @@ hx509_crypto_aes256_cbc(void) * */ -const AlgorithmIdentifier * _hx509_crypto_default_sig_alg = - &_hx509_signature_rsa_with_sha1_data; -const AlgorithmIdentifier * _hx509_crypto_default_digest_alg = - &_hx509_signature_sha1_data; -const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = +const AlgorithmIdentifier * _hx509_crypto_default_sig_alg = + &_hx509_signature_rsa_with_sha256_data; +const AlgorithmIdentifier * _hx509_crypto_default_digest_alg = + &_hx509_signature_sha256_data; +const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = &_hx509_crypto_aes128_cbc_data; /* @@ -1576,7 +1990,7 @@ const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = */ int -_hx509_private_key_init(hx509_private_key *key, +hx509_private_key_init(hx509_private_key *key, hx509_private_key_ops *ops, void *keydata) { @@ -1592,11 +2006,11 @@ _hx509_private_key_init(hx509_private_key *key, hx509_private_key _hx509_private_key_ref(hx509_private_key key) { - if (key->ref <= 0) - _hx509_abort("refcount <= 0"); - key->ref++; if (key->ref == 0) - _hx509_abort("refcount == 0"); + _hx509_abort("key refcount <= 0 on ref"); + key->ref++; + if (key->ref == UINT_MAX) + _hx509_abort("key refcount == UINT_MAX on ref"); return key; } @@ -1607,18 +2021,25 @@ _hx509_private_pem_name(hx509_private_key key) } int -_hx509_private_key_free(hx509_private_key *key) +hx509_private_key_free(hx509_private_key *key) { if (key == NULL || *key == NULL) return 0; - if ((*key)->ref <= 0) - _hx509_abort("refcount <= 0"); + if ((*key)->ref == 0) + _hx509_abort("key refcount == 0 on free"); if (--(*key)->ref > 0) return 0; - if ((*key)->private_key.rsa) - RSA_free((*key)->private_key.rsa); + if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { + if ((*key)->private_key.rsa) + RSA_free((*key)->private_key.rsa); +#ifdef HAVE_OPENSSL + } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) { + if ((*key)->private_key.ecdsa) + EC_KEY_free((*key)->private_key.ecdsa); +#endif + } (*key)->private_key.rsa = NULL; free(*key); *key = NULL; @@ -1626,22 +2047,22 @@ _hx509_private_key_free(hx509_private_key *key) } void -_hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) +hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) { if (key->private_key.rsa) RSA_free(key->private_key.rsa); key->private_key.rsa = ptr; - key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption(); + key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; key->md = &pkcs1_rsa_sha1_alg; } -int +int _hx509_private_key_oid(hx509_context context, const hx509_private_key key, heim_oid *data) { int ret; - ret = der_copy_oid((*key->ops->key_oid)(), data); + ret = der_copy_oid(key->ops->key_oid, data); if (ret) hx509_set_error_string(context, 0, ret, "malloc out of memory"); return ret; @@ -1657,7 +2078,7 @@ _hx509_private_key_exportable(hx509_private_key key) BIGNUM * _hx509_private_key_get_internal(hx509_context context, - hx509_private_key key, + hx509_private_key key, const char *type) { if (key->ops->get_internal == NULL) @@ -1665,16 +2086,17 @@ _hx509_private_key_get_internal(hx509_context context, return (*key->ops->get_internal)(context, key, type); } -int +int _hx509_private_key_export(hx509_context context, const hx509_private_key key, + hx509_key_format_t format, heim_octet_string *data) { if (key->ops->export == NULL) { hx509_clear_error_string(context); return HX509_UNIMPLEMENTED_OPERATION; } - return (*key->ops->export)(context, key, data); + return (*key->ops->export)(context, key, format, data); } /* @@ -1683,17 +2105,25 @@ _hx509_private_key_export(hx509_context context, struct hx509cipher { const char *name; - const heim_oid *(*oid_func)(void); + int flags; +#define CIPHER_WEAK 1 + const heim_oid *oid; const AlgorithmIdentifier *(*ai_func)(void); const EVP_CIPHER *(*evp_func)(void); int (*get_params)(hx509_context, const hx509_crypto, const heim_octet_string *, heim_octet_string *); - int (*set_params)(hx509_context, const heim_octet_string *, + int (*set_params)(hx509_context, const heim_octet_string *, hx509_crypto, heim_octet_string *); }; struct hx509_crypto_data { char *name; + int flags; +#define ALLOW_WEAK 1 + +#define PADDING_NONE 2 +#define PADDING_PKCS7 4 +#define PADDING_FLAGS (2|4) const struct hx509cipher *cipher; const EVP_CIPHER *c; heim_octet_string key; @@ -1705,15 +2135,10 @@ struct hx509_crypto_data { * */ -static const heim_oid * -oid_private_rc2_40(void) -{ - static unsigned oid_data[] = { 127, 1 }; - static const heim_oid oid = { 2, oid_data }; - - return &oid; -} +static unsigned private_rc2_40_oid_data[] = { 127, 1 }; +static heim_oid asn1_oid_private_rc2_40 = + { 2, private_rc2_40_oid_data }; /* * @@ -1853,7 +2278,8 @@ CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param, static const struct hx509cipher ciphers[] = { { "rc2-cbc", - oid_id_pkcs3_rc2_cbc, + CIPHER_WEAK, + ASN1_OID_ID_PKCS3_RC2_CBC, NULL, EVP_rc2_cbc, CMSRC2CBCParam_get, @@ -1861,7 +2287,8 @@ static const struct hx509cipher ciphers[] = { }, { "rc2-cbc", - oid_id_rsadsi_rc2_cbc, + CIPHER_WEAK, + ASN1_OID_ID_RSADSI_RC2_CBC, NULL, EVP_rc2_cbc, CMSRC2CBCParam_get, @@ -1869,7 +2296,8 @@ static const struct hx509cipher ciphers[] = { }, { "rc2-40-cbc", - oid_private_rc2_40, + CIPHER_WEAK, + &asn1_oid_private_rc2_40, NULL, EVP_rc2_40_cbc, CMSRC2CBCParam_get, @@ -1877,7 +2305,8 @@ static const struct hx509cipher ciphers[] = { }, { "des-ede3-cbc", - oid_id_pkcs3_des_ede3_cbc, + 0, + ASN1_OID_ID_PKCS3_DES_EDE3_CBC, NULL, EVP_des_ede3_cbc, CMSCBCParam_get, @@ -1885,7 +2314,8 @@ static const struct hx509cipher ciphers[] = { }, { "des-ede3-cbc", - oid_id_rsadsi_des_ede3_cbc, + 0, + ASN1_OID_ID_RSADSI_DES_EDE3_CBC, hx509_crypto_des_rsdi_ede3_cbc, EVP_des_ede3_cbc, CMSCBCParam_get, @@ -1893,7 +2323,8 @@ static const struct hx509cipher ciphers[] = { }, { "aes-128-cbc", - oid_id_aes_128_cbc, + 0, + ASN1_OID_ID_AES_128_CBC, hx509_crypto_aes128_cbc, EVP_aes_128_cbc, CMSCBCParam_get, @@ -1901,7 +2332,8 @@ static const struct hx509cipher ciphers[] = { }, { "aes-192-cbc", - oid_id_aes_192_cbc, + 0, + ASN1_OID_ID_AES_192_CBC, NULL, EVP_aes_192_cbc, CMSCBCParam_get, @@ -1909,7 +2341,8 @@ static const struct hx509cipher ciphers[] = { }, { "aes-256-cbc", - oid_id_aes_256_cbc, + 0, + ASN1_OID_ID_AES_256_CBC, hx509_crypto_aes256_cbc, EVP_aes_256_cbc, CMSCBCParam_get, @@ -1920,10 +2353,10 @@ static const struct hx509cipher ciphers[] = { static const struct hx509cipher * find_cipher_by_oid(const heim_oid *oid) { - int i; + size_t i; for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) - if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0) + if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0) return &ciphers[i]; return NULL; @@ -1932,7 +2365,7 @@ find_cipher_by_oid(const heim_oid *oid) static const struct hx509cipher * find_cipher_by_name(const char *name) { - int i; + size_t i; for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) if (strcasecmp(name, ciphers[i].name) == 0) @@ -1950,7 +2383,7 @@ hx509_crypto_enctype_by_name(const char *name) cipher = find_cipher_by_name(name); if (cipher == NULL) return NULL; - return (*cipher->oid_func)(); + return cipher->oid; } int @@ -1976,6 +2409,7 @@ hx509_crypto_init(hx509_context context, return ENOMEM; } + (*crypto)->flags = PADDING_PKCS7; (*crypto)->cipher = cipher; (*crypto)->c = (*cipher->evp_func)(); @@ -2015,10 +2449,33 @@ hx509_crypto_set_key_name(hx509_crypto crypto, const char *name) return 0; } +void +hx509_crypto_allow_weak(hx509_crypto crypto) +{ + crypto->flags |= ALLOW_WEAK; +} + +void +hx509_crypto_set_padding(hx509_crypto crypto, int padding_type) +{ + switch (padding_type) { + case HX509_CRYPTO_PADDING_PKCS7: + crypto->flags &= ~PADDING_FLAGS; + crypto->flags |= PADDING_PKCS7; + break; + case HX509_CRYPTO_PADDING_NONE: + crypto->flags &= ~PADDING_FLAGS; + crypto->flags |= PADDING_NONE; + break; + default: + _hx509_abort("Invalid padding"); + } +} + int hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length) { - if (EVP_CIPHER_key_length(crypto->c) > length) + if (EVP_CIPHER_key_length(crypto->c) > (int)length) return HX509_CRYPTO_INTERNAL_ERROR; if (crypto->key.data) { @@ -2063,7 +2520,7 @@ hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key) int hx509_crypto_set_params(hx509_context context, - hx509_crypto crypto, + hx509_crypto crypto, const heim_octet_string *param, heim_octet_string *ivec) { @@ -2072,7 +2529,7 @@ hx509_crypto_set_params(hx509_context context, int hx509_crypto_get_params(hx509_context context, - hx509_crypto crypto, + hx509_crypto crypto, const heim_octet_string *ivec, heim_octet_string *param) { @@ -2106,12 +2563,16 @@ hx509_crypto_encrypt(hx509_crypto crypto, heim_octet_string **ciphertext) { EVP_CIPHER_CTX evp; - size_t padsize; + size_t padsize, bsize; int ret; *ciphertext = NULL; - assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length); + if ((crypto->cipher->flags & CIPHER_WEAK) && + (crypto->flags & ALLOW_WEAK) == 0) + return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; + + assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length); EVP_CIPHER_CTX_init(&evp); @@ -2128,23 +2589,30 @@ hx509_crypto_encrypt(hx509_crypto crypto, ret = ENOMEM; goto out; } - - if (EVP_CIPHER_block_size(crypto->c) == 1) { - padsize = 0; - } else { - int bsize = EVP_CIPHER_block_size(crypto->c); - padsize = bsize - (length % bsize); + + assert(crypto->flags & PADDING_FLAGS); + + bsize = EVP_CIPHER_block_size(crypto->c); + padsize = 0; + + if (crypto->flags & PADDING_NONE) { + if (bsize != 1 && (length % bsize) != 0) + return HX509_CMS_PADDING_ERROR; + } else if (crypto->flags & PADDING_PKCS7) { + if (bsize != 1) + padsize = bsize - (length % bsize); } + (*ciphertext)->length = length + padsize; (*ciphertext)->data = malloc(length + padsize); if ((*ciphertext)->data == NULL) { ret = ENOMEM; goto out; } - + memcpy((*ciphertext)->data, data, length); if (padsize) { - int i; + size_t i; unsigned char *p = (*ciphertext)->data; p += length; for (i = 0; i < padsize; i++) @@ -2189,7 +2657,11 @@ hx509_crypto_decrypt(hx509_crypto crypto, clear->data = NULL; clear->length = 0; - if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length) + if ((crypto->cipher->flags & CIPHER_WEAK) && + (crypto->flags & ALLOW_WEAK) == 0) + return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; + + if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length) return HX509_CRYPTO_INTERNAL_ERROR; if (crypto->key.data == NULL) @@ -2220,12 +2692,12 @@ hx509_crypto_decrypt(hx509_crypto crypto, } EVP_CIPHER_CTX_cleanup(&evp); - if (EVP_CIPHER_block_size(crypto->c) > 1) { + if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) { int padsize; - unsigned char *p; + unsigned char *p; int j, bsize = EVP_CIPHER_block_size(crypto->c); - if (clear->length < bsize) { + if ((int)clear->length < bsize) { ret = HX509_CMS_PADDING_ERROR; goto out; } @@ -2259,7 +2731,7 @@ hx509_crypto_decrypt(hx509_crypto crypto, typedef int (*PBE_string2key_func)(hx509_context, const char *, const heim_octet_string *, - hx509_crypto *, heim_octet_string *, + hx509_crypto *, heim_octet_string *, heim_octet_string *, const heim_oid *, const EVP_MD *); @@ -2267,7 +2739,7 @@ static int PBE_string2key(hx509_context context, const char *password, const heim_octet_string *parameters, - hx509_crypto *crypto, + hx509_crypto *crypto, heim_octet_string *key, heim_octet_string *iv, const heim_oid *enc_oid, const EVP_MD *md) @@ -2296,13 +2768,13 @@ PBE_string2key(hx509_context context, salt = p12params.salt.data; saltlen = p12params.salt.length; - if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, + if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, PKCS12_KEY_ID, iter, key->length, key->data, md)) { ret = HX509_CRYPTO_INTERNAL_ERROR; goto out; } - - if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, + + if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, PKCS12_IV_ID, iter, iv->length, iv->data, md)) { ret = HX509_CRYPTO_INTERNAL_ERROR; goto out; @@ -2312,6 +2784,8 @@ PBE_string2key(hx509_context context, if (ret) goto out; + hx509_crypto_allow_weak(c); + ret = hx509_crypto_set_key_data(c, key->data, key->length); if (ret) { hx509_crypto_destroy(c); @@ -2325,38 +2799,38 @@ out: } static const heim_oid * -find_string2key(const heim_oid *oid, - const EVP_CIPHER **c, +find_string2key(const heim_oid *oid, + const EVP_CIPHER **c, const EVP_MD **md, PBE_string2key_func *s2k) { - if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) { + if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) { *c = EVP_rc2_40_cbc(); *md = EVP_sha1(); *s2k = PBE_string2key; - return oid_private_rc2_40(); - } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) { + return &asn1_oid_private_rc2_40; + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) { *c = EVP_rc2_cbc(); *md = EVP_sha1(); *s2k = PBE_string2key; - return oid_id_pkcs3_rc2_cbc(); + return ASN1_OID_ID_PKCS3_RC2_CBC; #if 0 - } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) { *c = EVP_rc4_40(); *md = EVP_sha1(); *s2k = PBE_string2key; return NULL; - } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) { *c = EVP_rc4(); *md = EVP_sha1(); *s2k = PBE_string2key; - return oid_id_pkcs3_rc4(); + return ASN1_OID_ID_PKCS3_RC4; #endif - } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) { + } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) { *c = EVP_des_ede3_cbc(); *md = EVP_sha1(); *s2k = PBE_string2key; - return oid_id_pkcs3_des_ede3_cbc(); + return ASN1_OID_ID_PKCS3_DES_EDE3_CBC; } return NULL; @@ -2394,7 +2868,8 @@ _hx509_pbe_decrypt(hx509_context context, const EVP_CIPHER *c; const EVP_MD *md; PBE_string2key_func s2k; - int i, ret = 0; + int ret = 0; + size_t i; memset(&key, 0, sizeof(key)); memset(&iv, 0, sizeof(iv)); @@ -2439,7 +2914,7 @@ _hx509_pbe_decrypt(hx509_context context, else password = NULL; - ret = (*s2k)(context, password, ai->parameters, &crypto, + ret = (*s2k)(context, password, ai->parameters, &crypto, &key, &iv, enc_oid, md); if (ret) goto out; @@ -2452,7 +2927,7 @@ _hx509_pbe_decrypt(hx509_context context, hx509_crypto_destroy(crypto); if (ret == 0) goto out; - + } out: if (key.data) @@ -2467,8 +2942,8 @@ out: */ -int -_hx509_match_keys(hx509_cert c, hx509_private_key private_key) +static int +match_keys_rsa(hx509_cert c, hx509_private_key private_key) { const Certificate *cert; const SubjectPublicKeyInfo *spi; @@ -2510,7 +2985,7 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key) rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1); rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp); - if (rsa->n == NULL || rsa->e == NULL || + if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL) { RSA_free(rsa); @@ -2523,6 +2998,25 @@ _hx509_match_keys(hx509_cert c, hx509_private_key private_key) return ret == 1; } +static int +match_keys_ec(hx509_cert c, hx509_private_key private_key) +{ + return 1; /* XXX use EC_KEY_check_key */ +} + + +int +_hx509_match_keys(hx509_cert c, hx509_private_key key) +{ + if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) + return match_keys_rsa(c, key); + if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) + return match_keys_ec(c, key); + return 0; + +} + + static const heim_oid * find_keytype(const hx509_private_key key) { @@ -2534,10 +3028,9 @@ find_keytype(const hx509_private_key key) md = find_sig_alg(key->signature_alg); if (md == NULL) return NULL; - return (*md->key_oid)(); + return md->key_oid; } - int hx509_crypto_select(const hx509_context context, int type, @@ -2545,7 +3038,7 @@ hx509_crypto_select(const hx509_context context, hx509_peer_info peer, AlgorithmIdentifier *selected) { - const AlgorithmIdentifier *def; + const AlgorithmIdentifier *def = NULL; size_t i, j; int ret, bits; @@ -2553,16 +3046,22 @@ hx509_crypto_select(const hx509_context context, if (type == HX509_SELECT_DIGEST) { bits = SIG_DIGEST; - def = _hx509_crypto_default_digest_alg; + if (source) + def = alg_for_privatekey(source, type); + if (def == NULL) + def = _hx509_crypto_default_digest_alg; } else if (type == HX509_SELECT_PUBLIC_SIG) { bits = SIG_PUBLIC_SIG; - /* XXX depend on `source´ and `peer´ */ - def = _hx509_crypto_default_sig_alg; + /* XXX depend on `source´ and `peer´ */ + if (source) + def = alg_for_privatekey(source, type); + if (def == NULL) + def = _hx509_crypto_default_sig_alg; } else if (type == HX509_SELECT_SECRET_ENC) { bits = SIG_SECRET; def = _hx509_crypto_default_secret_alg; } else { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "Unknown type %d of selection", type); return EINVAL; } @@ -2576,11 +3075,11 @@ hx509_crypto_select(const hx509_context context, for (j = 0; sig_algs[j]; j++) { if ((sig_algs[j]->flags & bits) != bits) continue; - if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(), + if (der_heim_oid_cmp(sig_algs[j]->sig_oid, &peer->val[i].algorithm) != 0) continue; - if (keytype && sig_algs[j]->key_oid && - der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)())) + if (keytype && sig_algs[j]->key_oid && + der_heim_oid_cmp(keytype, sig_algs[j]->key_oid)) continue; /* found one, use that */ @@ -2633,7 +3132,7 @@ hx509_crypto_available(hx509_context context, } else if (type == HX509_SELECT_PUBLIC_SIG) { bits = SIG_PUBLIC_SIG; } else { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "Unknown type %d of available", type); return EINVAL; } @@ -2647,8 +3146,8 @@ hx509_crypto_available(hx509_context context, continue; if (sig_algs[i]->sig_alg == NULL) continue; - if (keytype && sig_algs[i]->key_oid && - der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype)) + if (keytype && sig_algs[i]->key_oid && + der_heim_oid_cmp(sig_algs[i]->key_oid, keytype)) continue; /* found one, add that to the list */ @@ -2657,7 +3156,7 @@ hx509_crypto_available(hx509_context context, goto out; *val = ptr; - ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]); + ret = copy_AlgorithmIdentifier(sig_algs[i]->sig_alg, &(*val)[len]); if (ret) goto out; len++; @@ -2667,7 +3166,9 @@ hx509_crypto_available(hx509_context context, if (bits & SIG_SECRET) { for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) { - + + if (ciphers[i].flags & CIPHER_WEAK) + continue; if (ciphers[i].ai_func == NULL) continue; @@ -2675,7 +3176,7 @@ hx509_crypto_available(hx509_context context, if (ptr == NULL) goto out; *val = ptr; - + ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]); if (ret) goto out; @@ -2703,4 +3204,4 @@ hx509_crypto_free_algs(AlgorithmIdentifier *val, for (i = 0; i < len; i++) free_AlgorithmIdentifier(&val[i]); free(val); -} +} diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem deleted file mode 100644 index 2c71932bc9a..00000000000 --- a/crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD -VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa -Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs -YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy -IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD -hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u -12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU -DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ -e20sRA== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem deleted file mode 100644 index 409147bd5e4..00000000000 --- a/crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD -VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa -Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs -YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy -IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD -hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u -12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2 -4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z -rHX/kw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem b/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem deleted file mode 100644 index 3e73f5d6143..00000000000 --- a/crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp -U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw -ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w -DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7 -rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg -QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns -Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW -Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed -ST8AUooI0ey599t84P20gGRuOYIjr7c= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/ca.crt b/crypto/heimdal/lib/hx509/data/ca.crt deleted file mode 100644 index 76fa2c4d952..00000000000 --- a/crypto/heimdal/lib/hx509/data/ca.crt +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIJALeUXoWyGYBYMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNV -BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMDcxMTE1MDY1 -ODU2WhcNMTcxMTEyMDY1ODU2WjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg -Q0ExCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHcvJb -yJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9Lv4VjQQfltNK0aovyLJa -UdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7WULaaXxBgHo1owzmhc1Qj -F9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQABo4GZMIGWMB0GA1UdDgQW -BBSM5w21xd5phXUsCKHeUxUwnKHoADBaBgNVHSMEUzBRgBSM5w21xd5phXUsCKHe -UxUwnKHoAKEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENBMQswCQYD -VQQGEwJTRYIJALeUXoWyGYBYMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G -CSqGSIb3DQEBBQUAA4GBAIBa6mq1aytlbhixD6q4PROg7P1OGX6nr5CkC96CC+Xp -5UTLZEVIddkrBswNAAS0p5eEorO8xD9eT5ztZ0oYITymsO1sEIfDLks+LhdBoyF7 -TX24INRwjlqsC8UlbRFoClxIMNhrMwcC3oZ4oLddV2OmA0IOG6yHXvEOQq0sTotr ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/ca.key b/crypto/heimdal/lib/hx509/data/ca.key deleted file mode 100644 index 924c52dbafc..00000000000 --- a/crypto/heimdal/lib/hx509/data/ca.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDHcvJbyJXPhM9HHq1hU6d2Cu1fW9o1CvObirn1SNZg+pTnQgO9 -Lv4VjQQfltNK0aovyLJaUdbAbsRCfH+79YY2tU76x8aXpUri0DfUv5PGscIZzW7W -ULaaXxBgHo1owzmhc1QjF9JDEurJXGFEZaDsPcEwY40RjrKDL8SXzEoEwwIDAQAB -AoGAcRFgBdpr224eF+JzRganm8rMENBAnutreRUnIL+/ENFd0tBg0EIwtsTvvnzB -odvEkDxFp+BXT1Y8Grj7rPGeuKq7537J43Go02fSC7z4i3HDhSmv1SXE59hiES4F -ktyR2D7N+A/RPCckS4JM/zG4ZkucqKg/NnVpbdTpl0P2oSkCQQDoDkPde5vfWeXG -wmAgm5HPbyEmDBXQMlYDgNd448TmObRpjr0dyyr5zDgFJkOpOmv6WUMUxGILam3k -hCDqQqHPAkEA3AdgsMafqkR+OJmZT/gIDYb+mU8DFH6+WcUPxk+qbAa8JWg4VD30 -tpOKwZu4an1kExHnsVTqKOoW1cYmtYDuzQJAJ+78gsrYwhDoV9HvVO0wpG/NVozR -3CgtYSD085rOsYfQojGsHcputNoN8eTp09934Xcm8hXxgWFpU9/hAi9BRQJACKG1 -dlnka56SQRAthoiZcEZqeIM0ALrUJttnOgVoDyLYgLMs+okPr5XsLJo6StsucN0T -9M36/a3pRWunmxk6xQJBAOaD3sdIMLtGpFFOIQgkNUD9rOqXpi87h3ecmJCuG82w -B6kRNvpZz33U2FowFQtGBdvUBsbzlRzYDMrWniC6YKc= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/crl1.crl b/crypto/heimdal/lib/hx509/data/crl1.crl deleted file mode 100644 index 14aecf4c3dc..00000000000 --- a/crypto/heimdal/lib/hx509/data/crl1.crl +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN X509 CRL----- -MIIBBDBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v -dCBDQTELMAkGA1UEBhMCU0UXDTA3MTExNTA2NTkwMFoXDTE3MDkyMzA2NTkwMFow -FDASAgEDFw0wNzExMTUwNjU5MDBaMA0GCSqGSIb3DQEBBQUAA4GBAGYUroSt3oVI -0mjphSYqtpzDavF6xVM7bQrQEW+ZhzG7VynJdJaPgaJRaEHj9CNlJT1GF5WOY180 -wWuZEqXUV144snZ7YkSdsNOQRSmnHp8Fl6Sjdya3G55FoJHmhZ2JvscyZpb/Vh8N -NoMICB27iYqCzVlK9NkT5neCmomv/mDn ------END X509 CRL----- diff --git a/crypto/heimdal/lib/hx509/data/crl1.der b/crypto/heimdal/lib/hx509/data/crl1.der deleted file mode 100644 index 6d29196fc7b..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/crl1.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/gen-req.sh b/crypto/heimdal/lib/hx509/data/gen-req.sh deleted file mode 100644 index 4926399d4ea..00000000000 --- a/crypto/heimdal/lib/hx509/data/gen-req.sh +++ /dev/null @@ -1,316 +0,0 @@ -#!/bin/sh -# $Id: gen-req.sh 21786 2007-08-01 19:37:45Z lha $ -# -# This script need openssl 0.9.8a or newer, so it can parse the -# otherName section for pkinit certificates. -# - -openssl=$HOME/src/openssl/openssl-0.9.8e/apps/openssl - -gen_cert() -{ - ${openssl} req \ - -new \ - -subj "$1" \ - -config openssl.cnf \ - -newkey rsa:1024 \ - -sha1 \ - -nodes \ - -keyout out.key \ - -out cert.req > /dev/null 2>/dev/null - - if [ "$3" = "ca" ] ; then - ${openssl} x509 \ - -req \ - -days 3650 \ - -in cert.req \ - -extfile openssl.cnf \ - -extensions $4 \ - -signkey out.key \ - -out cert.crt - - ln -s ca.crt `${openssl} x509 -hash -noout -in cert.crt`.0 - - name=$3 - - elif [ "$3" = "proxy" ] ; then - - ${openssl} x509 \ - -req \ - -in cert.req \ - -days 3650 \ - -out cert.crt \ - -CA $2.crt \ - -CAkey $2.key \ - -CAcreateserial \ - -extfile openssl.cnf \ - -extensions $4 - - name=$5 - else - - ${openssl} ca \ - -name $4 \ - -days 3650 \ - -cert $2.crt \ - -keyfile $2.key \ - -in cert.req \ - -out cert.crt \ - -outdir . \ - -batch \ - -config openssl.cnf - - name=$3 - fi - - mv cert.crt $name.crt - mv out.key $name.key -} - -echo "01" > serial -> index.txt -rm -f *.0 - -gen_cert "/CN=hx509 Test Root CA/C=SE" "root" "ca" "v3_ca" -gen_cert "/CN=OCSP responder/C=SE" "ca" "ocsp-responder" "ocsp" -gen_cert "/CN=Test cert/C=SE" "ca" "test" "usr" -gen_cert "/CN=Revoke cert/C=SE" "ca" "revoke" "usr" -gen_cert "/CN=Test cert KeyEncipherment/C=SE" "ca" "test-ke-only" "usr_ke" -gen_cert "/CN=Test cert DigitalSignature/C=SE" "ca" "test-ds-only" "usr_ds" -gen_cert "/CN=pkinit/C=SE" "ca" "pkinit" "pkinit_client" -gen_cert "/C=SE/CN=pkinit/CN=pkinit-proxy" "pkinit" "proxy" "proxy_cert" pkinit-proxy -gen_cert "/CN=kdc/C=SE" "ca" "kdc" "pkinit_kdc" -gen_cert "/CN=www.test.h5l.se/C=SE" "ca" "https" "https" -gen_cert "/CN=Sub CA/C=SE" "ca" "sub-ca" "subca" -gen_cert "/CN=Test sub cert/C=SE" "sub-ca" "sub-cert" "usr" -gen_cert "/C=SE/CN=Test cert/CN=proxy" "test" "proxy" "proxy_cert" proxy-test -gen_cert "/C=SE/CN=Test cert/CN=proxy/CN=child" "proxy-test" "proxy" "proxy_cert" proxy-level-test -gen_cert "/C=SE/CN=Test cert/CN=no-proxy" "test" "proxy" "usr_cert" no-proxy-test -gen_cert "/C=SE/CN=Test cert/CN=proxy10" "test" "proxy" "proxy10_cert" proxy10-test -gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child" "proxy10-test" "proxy" "proxy10_cert" proxy10-child-test -gen_cert "/C=SE/CN=Test cert/CN=proxy10/CN=child/CN=child" "proxy10-child-test" "proxy" "proxy10_cert" proxy10-child-child-test - - -# combine -cat sub-ca.crt ca.crt > sub-ca-combined.crt -cat test.crt test.key > test.combined.crt -cat pkinit-proxy.crt pkinit.crt > pkinit-proxy-chain.crt - -# password protected key -${openssl} rsa -in test.key -aes256 -passout pass:foobar -out test-pw.key -${openssl} rsa -in pkinit.key -aes256 -passout pass:foo -out pkinit-pw.key - - -${openssl} ca \ - -name usr \ - -cert ca.crt \ - -keyfile ca.key \ - -revoke revoke.crt \ - -config openssl.cnf - -${openssl} pkcs12 \ - -export \ - -in test.crt \ - -inkey test.key \ - -passout pass:foobar \ - -out test.p12 \ - -name "friendlyname-test" \ - -certfile ca.crt \ - -caname ca - -${openssl} pkcs12 \ - -export \ - -in sub-cert.crt \ - -inkey sub-cert.key \ - -passout pass:foobar \ - -out sub-cert.p12 \ - -name "friendlyname-sub-cert" \ - -certfile sub-ca-combined.crt \ - -caname sub-ca \ - -caname ca - -${openssl} pkcs12 \ - -keypbe NONE \ - -certpbe NONE \ - -export \ - -in test.crt \ - -inkey test.key \ - -passout pass:foobar \ - -out test-nopw.p12 \ - -name "friendlyname-cert" \ - -certfile ca.crt \ - -caname ca - -${openssl} smime \ - -sign \ - -nodetach \ - -binary \ - -in static-file \ - -signer test.crt \ - -inkey test.key \ - -outform DER \ - -out test-signed-data - -${openssl} smime \ - -sign \ - -nodetach \ - -binary \ - -in static-file \ - -signer test.crt \ - -inkey test.key \ - -noattr \ - -outform DER \ - -out test-signed-data-noattr - -${openssl} smime \ - -sign \ - -nodetach \ - -binary \ - -in static-file \ - -signer test.crt \ - -inkey test.key \ - -noattr \ - -nocerts \ - -outform DER \ - -out test-signed-data-noattr-nocerts - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-rc2-40 \ - -rc2-40 \ - test.crt - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-rc2-64 \ - -rc2-64 \ - test.crt - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-rc2-128 \ - -rc2-128 \ - test.crt - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-des \ - -des \ - test.crt - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-des-ede3 \ - -des3 \ - test.crt - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-aes-128 \ - -aes128 \ - test.crt - -${openssl} smime \ - -encrypt \ - -nodetach \ - -binary \ - -in static-file \ - -outform DER \ - -out test-enveloped-aes-256 \ - -aes256 \ - test.crt - -echo ocsp requests - -${openssl} ocsp \ - -issuer ca.crt \ - -cert test.crt \ - -reqout ocsp-req1.der - -${openssl} ocsp \ - -index index.txt \ - -rsigner ocsp-responder.crt \ - -rkey ocsp-responder.key \ - -CA ca.crt \ - -reqin ocsp-req1.der \ - -noverify \ - -respout ocsp-resp1-ocsp.der - -${openssl} ocsp \ - -index index.txt \ - -rsigner ca.crt \ - -rkey ca.key \ - -CA ca.crt \ - -reqin ocsp-req1.der \ - -noverify \ - -respout ocsp-resp1-ca.der - -${openssl} ocsp \ - -index index.txt \ - -rsigner ocsp-responder.crt \ - -rkey ocsp-responder.key \ - -CA ca.crt \ - -resp_no_certs \ - -reqin ocsp-req1.der \ - -noverify \ - -respout ocsp-resp1-ocsp-no-cert.der - -${openssl} ocsp \ - -index index.txt \ - -rsigner ocsp-responder.crt \ - -rkey ocsp-responder.key \ - -CA ca.crt \ - -reqin ocsp-req1.der \ - -resp_key_id \ - -noverify \ - -respout ocsp-resp1-keyhash.der - -${openssl} ocsp \ - -issuer ca.crt \ - -cert revoke.crt \ - -reqout ocsp-req2.der - -${openssl} ocsp \ - -index index.txt \ - -rsigner ocsp-responder.crt \ - -rkey ocsp-responder.key \ - -CA ca.crt \ - -reqin ocsp-req2.der \ - -noverify \ - -respout ocsp-resp2.der - -${openssl} ca \ - -gencrl \ - -name usr \ - -crldays 3600 \ - -keyfile ca.key \ - -cert ca.crt \ - -crl_reason superseded \ - -out crl1.crl \ - -config openssl.cnf - -${openssl} crl -in crl1.crl -outform der -out crl1.der diff --git a/crypto/heimdal/lib/hx509/data/j.pem b/crypto/heimdal/lib/hx509/data/j.pem deleted file mode 100644 index 45ae8e81477..00000000000 --- a/crypto/heimdal/lib/hx509/data/j.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEajCCA1KgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJKUDEN -MAsGA1UECgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24g -Rm9yIEpQS0kxETAPBgNVBAsMCEJyaWRnZUNBMB4XDTAzMTIyNzA1MDgxNVoXDTEz -MTIyNjE0NTk1OVowWjELMAkGA1UEBhMCSlAxDTALBgNVBAoMBEpQS0kxKTAnBgNV -BAsMIFByZWZlY3R1cmFsIEFzc29jaWF0aW9uIEZvciBKUEtJMREwDwYDVQQLDAhC -cmlkZ2VDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANTnUmg7K3m8 -52vd77kwkq156euwoWm5no8E8kmaTSc7x2RABPpqNTlMKdZ6ttsyYrqREeDkcvPL -yF7yf/I8+innasNtsytcTAy8xY8Avsbd4JkCGW9dyPjk9pzzc3yLQ64Rx2fujRn2 -agcEVdPCr/XpJygX8FD5bbhkZ0CVoiASBmlHOcC3YpFlfbT1QcpOSOb7o+VdKVEi -MMfbBuU2IlYIaSr/R1nO7RPNtkqkFWJ1/nKjKHyzZje7j70qSxb+BTGcNgTHa1YA -UrogKB+UpBftmb4ds+XlkEJ1dvwokiSbCDaWFKD+YD4B2s0bvjCbw8xuZFYGhNyR -/2D5XfN1s2MCAwEAAaOCATkwggE1MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E -BTADAQH/MG0GA1UdHwRmMGQwYqBgoF6kXDBaMQswCQYDVQQGEwJKUDENMAsGA1UE -CgwESlBLSTEpMCcGA1UECwwgUHJlZmVjdHVyYWwgQXNzb2NpYXRpb24gRm9yIEpQ -S0kxETAPBgNVBAsMCEJyaWRnZUNBMIGDBgNVHREEfDB6pHgwdjELMAkGA1UEBhMC -SlAxJzAlBgNVBAoMHuWFrOeahOWAi+S6uuiqjeiovOOCteODvOODk+OCuTEeMBwG -A1UECwwV6YO96YGT5bqc55yM5Y2U6K2w5LyaMR4wHAYDVQQLDBXjg5bjg6rjg4Pj -grjoqo3oqLzlsYAwHQYDVR0OBBYEFNQXMiCqQNkR2OaZmQgLtf8mR8p8MA0GCSqG -SIb3DQEBBQUAA4IBAQATjJo4reTNPC5CsvAKu1RYT8PyXFVYHbKsEpGt4GR8pDCg -HEGAiAhHSNrGh9CagZMXADvlG0gmMOnXowriQQixrtpkmx0TB8tNAlZptZWkZC+R -8TnjOkHrk2nFAEC3ezbdK0R7MR4tJLDQCnhEWbg50rf0wZ/aF8uAaVeEtHXa6W0M -Xq3dSe0XAcrLbX4zZHQTaWvdpLAIjl6DZ3SCieRMyoWUL+LXaLFdTP5WBCd+No58 -IounD9X4xxze2aeRVaiV/WnQ0OSPNS7n7YXy6xQdnaOU4KRW/Lne1EDf5IfWC/ih -bVAmhZMbcrkWWcsR6aCPG+2mV3zTD6AUzuKPal8Y ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/kdc.crt b/crypto/heimdal/lib/hx509/data/kdc.crt deleted file mode 100644 index 7dc38359c8f..00000000000 --- a/crypto/heimdal/lib/hx509/data/kdc.crt +++ /dev/null @@ -1,59 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 7 (0x7) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:58 2007 GMT - Not After : Nov 12 06:58:58 2017 GMT - Subject: C=SE, CN=kdc - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:bb:fa:14:24:35:9f:cb:82:91:20:b9:44:ec:4d: - f8:e4:1b:68:3f:6a:4d:d1:56:3e:28:25:6e:ab:aa: - 8b:6b:9c:59:ce:67:cc:27:61:4f:ff:18:a5:56:81: - a1:94:c4:33:f9:20:54:e5:1f:5a:47:43:ee:8f:52: - 8a:9f:97:6b:73:92:a3:e1:fd:9e:0b:04:36:2b:b2: - 72:bd:80:ff:ae:5a:e1:9b:bb:d8:77:c8:fe:f8:3b: - 3f:b9:51:56:6e:97:c2:2a:76:ea:56:d8:46:67:45: - 33:6f:b1:74:cf:2b:dd:11:32:1f:d7:a9:e9:2a:e2: - 0f:a8:dd:b1:94:85:87:dd:b5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Extended Key Usage: - pkkdcekuoid - X509v3 Subject Key Identifier: - 51:75:26:1A:E0:16:0F:69:A8:B4:98:80:EB:C8:49:A6:D0:C6:24:C1 - X509v3 Subject Alternative Name: - othername: - Signature Algorithm: sha1WithRSAEncryption - 7a:f7:7c:cf:2d:87:aa:93:49:b1:05:2a:ea:ee:75:97:22:02: - 5a:a1:2c:e3:e1:9d:be:48:0c:75:26:e0:84:f0:2a:90:5a:15: - dd:7c:58:65:ab:79:05:85:40:54:35:e1:57:58:96:aa:32:68: - f2:bd:cc:b5:9a:1c:f5:d7:49:01:44:ce:fc:22:55:3c:86:d6: - c2:ed:46:e6:dc:a7:c5:48:3f:ac:0c:10:ba:b9:e2:e8:78:37: - 79:f7:d5:da:c0:8e:74:09:64:ff:bb:36:24:d4:c7:4d:c3:93: - c2:d7:3a:32:97:b9:e1:79:ea:82:3a:42:69:ec:e4:ec:48:d5: - 3f:90 ------BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OFoXDTE3 -MTExMjA2NTg1OFowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEAu/oUJDWfy4KRILlE7E345BtoP2pN0VY+KCVu -q6qLa5xZzmfMJ2FP/xilVoGhlMQz+SBU5R9aR0Puj1KKn5drc5Kj4f2eCwQ2K7Jy -vYD/rlrhm7vYd8j++Ds/uVFWbpfCKnbqVthGZ0Uzb7F0zyvdETIf16npKuIPqN2x -lIWH3bUCAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DASBgNVHSUE -CzAJBgcrBgEFAgMFMB0GA1UdDgQWBBRRdSYa4BYPaai0mIDryEmm0MYkwTBIBgNV -HREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMCAQGhFzAV -GwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4GBAHr3fM8th6qT -SbEFKurudZciAlqhLOPhnb5IDHUm4ITwKpBaFd18WGWreQWFQFQ14VdYlqoyaPK9 -zLWaHPXXSQFEzvwiVTyG1sLtRubcp8VIP6wMELq54uh4N3n31drAjnQJZP+7NiTU -x03Dk8LXOjKXueF56oI6Qmns5OxI1T+Q ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/kdc.key b/crypto/heimdal/lib/hx509/data/kdc.key deleted file mode 100644 index 01fca6542c2..00000000000 --- a/crypto/heimdal/lib/hx509/data/kdc.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC7+hQkNZ/LgpEguUTsTfjkG2g/ak3RVj4oJW6rqotrnFnOZ8wn -YU//GKVWgaGUxDP5IFTlH1pHQ+6PUoqfl2tzkqPh/Z4LBDYrsnK9gP+uWuGbu9h3 -yP74Oz+5UVZul8IqdupW2EZnRTNvsXTPK90RMh/Xqekq4g+o3bGUhYfdtQIDAQAB -AoGBAJXwJO65A0v+SqqyfSKME1JH9kBXF9k5lHzLVtqBP5JHdW7pZnOm8HtG+mLl -JbCXS+mUe4MDHiyoJ/qUWVRxIFgBBEQpaYxdyW8d+SpCnR53hBa3t0yxr3yZ0XCc -u4lkKaCCQM5aPZqlbEkyR0Hm+lXPKbW+Sgm18fm2zPJ/2EXhAkEA8RO+dydMR7LV -8PdOvMkENwwnkUQTI3YjoRy0yV9UV+x3JDdBufOOjObrXIg/jDkg3PyOE5JBo/EZ -u1OyFFbyPQJBAMec4B3+ZyOPeH1OodSWfL/0AFCSZyOs1UgEC7vorMJ8i0eHDIsT -Uie1xNlrfrjnXTvMG7woFZOvNXBJkxCXKNkCQQCyMX/lnxyZGq1csdB3ZrZA4jEV -BRaIbbikTA2tk1NKsjTWhimFA2xo5f8upF8kjM2nyt5RxRfT0FDO0Gye8C2ZAkBq -CJYwuJwXErZBcgya/dmEqduk8TAijkO5fpSxG7bxlPDzbPSnx/qjJ3ZKvERTemtX -QWQWPgDAM5kibaLWdEV5AkAJn7iP495Cbac0y3zihgK/M70M9y1WB0TbumpTVpg2 -taw3NwTjQlGnFj64dJIj+hgCOGYJ7H1Gt7JOi10NRtbd ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/key.der b/crypto/heimdal/lib/hx509/data/key.der deleted file mode 100644 index e7c665e3005..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/key.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/key2.der b/crypto/heimdal/lib/hx509/data/key2.der deleted file mode 100644 index fe3f413c0aa..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/key2.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/nist-data b/crypto/heimdal/lib/hx509/data/nist-data deleted file mode 100644 index 80333bbfc40..00000000000 --- a/crypto/heimdal/lib/hx509/data/nist-data +++ /dev/null @@ -1,91 +0,0 @@ -# $Id: nist-data 21917 2007-08-16 13:54:25Z lha $ -# id verify cert hxtool-verify-arguments... -# p(ass) f(ail) -# Those id's that end with i are invariants of the orignal test -# -# 4.1 Signature Verification -# -4.1.1 p ValidCertificatePathTest1EE.crt GoodCACert.crt GoodCACRL.crl -4.1.2 f InvalidCASignatureTest2EE.crt BadSignedCACert.crt BadSignedCACRL.crl -4.1.3 f InvalidEESignatureTest3EE.crt GoodCACert.crt GoodCACRL.crl -#4.1.4 p ValidDSASignaturesTest4EE.crt DSACACert.crt DSACACRL.crl -#4.1.5 p ValidDSAParameterInheritanceTest5EE.crl DSAParametersInheritedCACert.crt DSAParametersInheritedCACRL.crl DSACACert.crt DSACACRL.crl -#4.1.6 f InvalidDSASignaturesTest6EE.crt DSACACert.crt DSACACRL.crl -# -# 4.2 Validity Periods -# -4.2.1 f InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt BadnotBeforeDateCACRL.crl -4.2.2 f InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt GoodCACRL.crl -4.2.3 p Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt GoodCACRL.crl -4.2.4 p ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt GoodCACRL.crl -4.2.5 f InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt BadnotAfterDateCACRL.crl -4.2.6 f InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt GoodCACRL.crl -4.2.7 f Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt GoodCACRL.crl -#4.2.8 p ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt GoodCACRL.crl -# -# 4.4 CRtests -# -4.4.1 f InvalidMissingCRLTest1EE.crt NoCRLCACert.crt -4.4.1i p InvalidMissingCRLTest1EE.crt --missing-revoke NoCRLCACert.crt -4.4.2 f InvalidRevokedEETest3EE.crt GoodCACert.crt InvalidRevokedCATest2EE.crt GoodCACRL.crl RevokedsubCACRL.crl -4.4.2i p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt InvalidRevokedCATest2EE.crt -4.4.3 f InvalidRevokedEETest3EE.crt GoodCACert.crt GoodCACRL.crl -4.4.3i p InvalidRevokedEETest3EE.crt --missing-revoke GoodCACert.crt -4.4.4 f InvalidBadCRLSignatureTest4EE.crt BadCRLSignatureCACert.crt BadCRLSignatureCACRL.crl -4.4.4i p InvalidBadCRLSignatureTest4EE.crt --missing-revoke BadCRLSignatureCACert.crt -4.4.5 f InvalidBadCRLIssuerNameTest5EE.crt BadCRLIssuerNameCACert.crt BadCRLIssuerNameCACRL.crl -4.4.5i p InvalidBadCRLIssuerNameTest5EE.crt --missing-revoke BadCRLIssuerNameCACert.crt -4.4.6 f InvalidWrongCRLTest6EE.crt WrongCRLCACert.crt WrongCRLCACRL.crl -4.4.7 p ValidTwoCRLsTest7EE.crt TwoCRLsCACert.crt TwoCRLsCAGoodCRL.crl TwoCRLsCABadCRL.crl -4.4.8 f InvalidUnknownCRLEntryExtensionTest8EE.crt UnknownCRLEntryExtensionCACert.crt UnknownCRLEntryExtensionCACRL.crl -4.4.9 f InvalidUnknownCRLExtensionTest9EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl -4.4.10 f InvalidUnknownCRLExtensionTest10EE.crt UnknownCRLExtensionCACert.crt UnknownCRLExtensionCACRL.crl -4.4.11 f InvalidOldCRLnextUpdateTest11EE.crt OldCRLnextUpdateCACert.crt OldCRLnextUpdateCACRL.crl -4.4.12 f Invalidpre2000CRLnextUpdateTest12EE.crt pre2000CRLnextUpdateCACert.crt pre2000CRLnextUpdateCACRL.crl -#4.4.13-xxx s ValidGeneralizedTimeCRLnextUpdateTest13EE.crt GeneralizedTimeCRLnextUpdateCACert.crt GeneralizedTimeCRLnextUpdateCACRL.crl -4.4.14 p ValidNegativeSerialNumberTest14EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl -4.4.15 f InvalidNegativeSerialNumberTest15EE.crt NegativeSerialNumberCACert.crt NegativeSerialNumberCACRL.crl -4.4.16 p ValidLongSerialNumberTest16EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl -4.4.17 p ValidLongSerialNumberTest17EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl -4.4.18 f InvalidLongSerialNumberTest18EE.crt LongSerialNumberCACert.crt LongSerialNumberCACRL.crl -# -# -# 4.8 Ceificate Policies -incomplete4.8.2 p AllCertificatesNoPoliciesTest2EE.crt NoPoliciesCACert.crt NoPoliciesCACRL.crl -incomplete4.8.10 p AllCertificatesSamePoliciesTest10EE.crt PoliciesP12CACert.crt PoliciesP12CACRL.crl -incomplete4.8.13 p AllCertificatesSamePoliciesTest13EE.crt PoliciesP123CACert.crt PoliciesP123CACRL.crl -incomplete4.8.11 p AllCertificatesanyPolicyTest11EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl -unknown p AnyPolicyTest14EE.crt anyPolicyCACert.crt anyPolicyCACRL.crl -unknown f BadSignedCACert.crt -unknown f BadnotAfterDateCACert.crt -unknown f BadnotBeforeDateCACert.crt -# -# 4.13 Name Constraints -# -4.13.1 p ValidDNnameConstraintsTest1EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.2 f InvalidDNnameConstraintsTest2EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.3 f InvalidDNnameConstraintsTest3EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.4 p ValidDNnameConstraintsTest4EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.5 p ValidDNnameConstraintsTest5EE.crt nameConstraintsDN2CACert.crt nameConstraintsDN2CACRL.crl -4.13.6 p ValidDNnameConstraintsTest6EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl -4.13.7 f InvalidDNnameConstraintsTest7EE.crt nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl -4.13.8 f InvalidDNnameConstraintsTest8EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl -4.13.9 f InvalidDNnameConstraintsTest9EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACRL.crl -4.13.10 f InvalidDNnameConstraintsTest10EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl -4.13.11 p ValidDNnameConstraintsTest11EE.crt nameConstraintsDN5CACert.crt nameConstraintsDN5CACRL.crl -4.13.12 f InvalidDNnameConstraintsTest12EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.13 f InvalidDNnameConstraintsTest13EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1subCA1CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.14 p ValidDNnameConstraintsTest14EE.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1subCA2CRL.crl nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -4.13.15 f InvalidDNnameConstraintsTest15EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl -4.13.16 f InvalidDNnameConstraintsTest16EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3subCA1CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl -4.13.17 f InvalidDNnameConstraintsTest17EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl -4.13.18 p ValidDNnameConstraintsTest18EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3subCA2CRL.crl nameConstraintsDN3CACert.crt nameConstraintsDN3CACRL.crl -# -# no crl for self issued cert -# -#4.13.19 p ValidDNnameConstraintsTest19EE.crt nameConstraintsDN1SelfIssuedCACert.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -# ?? -4.13.20 f InvalidDNnameConstraintsTest20EE.crt nameConstraintsDN1CACert.crt nameConstraintsDN1CACRL.crl -#4.13.21 p ValidRFC822nameConstraintsTest21EE.crt nameConstraintsRFC822CA1Cert.crt nameConstraintsRFC822CA1CRL.crl -#page 74 -end diff --git a/crypto/heimdal/lib/hx509/data/nist-data2 b/crypto/heimdal/lib/hx509/data/nist-data2 deleted file mode 100644 index 491beacfb6b..00000000000 --- a/crypto/heimdal/lib/hx509/data/nist-data2 +++ /dev/null @@ -1,291 +0,0 @@ -# 4.1.1 Valid Signatures Test1 - Validate Successfully -0 ValidCertificatePathTest1EE.crt -# 4.1.2 Invalid CA Signature Test2 - Reject - Invalid signature on intermediate certificate -1 InvalidCASignatureTest2EE.crt -# 4.1.3 Invalid EE Signature Test3 - Reject - Invalid signature on end entity certificate -1 InvalidEESignatureTest3EE.crt -# 4.1.4 Valid DSA Signatures Test4 - Reject - Application can not process DSA signatures -1 ValidDSASignaturesTest4EE.crt -# 4.2.1 Invalid CA notBefore Date Test1 - Reject - notBefore date in intermediate certificate is after the current date -1 InvalidCAnotBeforeDateTest1EE.crt -# 4.2.2 Invalid EE notBefore Date Test2 - Reject - notBefore date in end entity certificate is after the current date -1 InvalidEEnotBeforeDateTest2EE.crt -# 4.2.3 Valid pre2000 UTC notBefore Date Test3 - Validate Successfully -0 Validpre2000UTCnotBeforeDateTest3EE.crt -# 4.2.4 Valid GeneralizedTime notBefore Date Test4 - Validate Successfully -0 ValidGeneralizedTimenotBeforeDateTest4EE.crt -# 4.2.5 Invalid CA notAfter Date Test5 - Reject - notAfter date in intermediate certificate is before the current date -1 InvalidCAnotAfterDateTest5EE.crt -# 4.2.6 Invalid EE notAfter Date Test6 - Reject - notAfter date in end entity certificate is before the current date -1 InvalidEEnotAfterDateTest6EE.crt -# 4.2.7 Invalid pre2000 UTC EE notAfter Date Test7 - Reject - notAfter date in end entity certificate is before the current date -1 Invalidpre2000UTCEEnotAfterDateTest7EE.crt -# 4.2.8 Valid GeneralizedTime notAfter Date Test8 - Validate Successfully -0 ValidGeneralizedTimenotAfterDateTest8EE.crt -# 4.3.1 Invalid Name Chaining EE Test1 - Reject - names do not chain -1 InvalidNameChainingTest1EE.crt -# 4.3.2 Invalid Name Chaining Order Test2 - Reject - names do not chain -1 InvalidNameChainingOrderTest2EE.crt -# 4.3.3 Valid Name Chaining Whitespace Test3 - Validate Successfully -0 ValidNameChainingWhitespaceTest3EE.crt -# 4.3.4 Valid Name Chaining Whitespace Test4 - Validate Successfully -0 ValidNameChainingWhitespaceTest4EE.crt -# 4.3.5 Valid Name Chaining Capitalization Test5 - Validate Successfully -0 ValidNameChainingCapitalizationTest5EE.crt -# 4.3.6 Valid Name Chaining UIDs Test6 - Validate Successfully -0 ValidNameUIDsTest6EE.crt -# 4.3.9 Valid UTF8String Encoded Names Test9 - Validate Successfully -0 ValidUTF8StringEncodedNamesTest9EE.crt -# 4.4.1 Missing CRL Test1 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidMissingCRLTest1EE.crt -# 4.4.2 Invalid Revoked CA Test2 - Reject - an intermediate certificate has been revoked. -2 InvalidRevokedCATest2EE.crt -# 4.4.3 Invalid Revoked EE Test3 - Reject - the end entity certificate has been revoked -2 InvalidRevokedEETest3EE.crt -# 4.4.4. Invalid Bad CRL Signature Test4 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidBadCRLSignatureTest4EE.crt -# 4.4.5 Invalid Bad CRL Issuer Name Test5 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidBadCRLIssuerNameTest5EE.crt -# 4.4.6 Invalid Wrong CRL Test6 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidWrongCRLTest6EE.crt -# 4.4.7 Valid Two CRLs Test7 - Validate Successfully -0 ValidTwoCRLsTest7EE.crt -# 4.4.8 Invalid Unknown CRL Entry Extension Test8 - Reject - the end entity certificate has been revoked -2 InvalidUnknownCRLEntryExtensionTest8EE.crt -# 4.4.9 Invalid Unknown CRL Extension Test9 - Reject - the end entity certificate has been revoked -2 InvalidUnknownCRLExtensionTest9EE.crt -# 4.4.10 Invalid Unknown CRL Extension Test10 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidUnknownCRLExtensionTest10EE.crt -# 4.4.11 Invalid Old CRL nextUpdate Test11 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidOldCRLnextUpdateTest11EE.crt -# 4.4.12 Invalid pre2000 CRL nextUpdate Tesst12 - Reject or Warn - status of end entity certificate can not be determined -3 Invalidpre2000CRLnextUpdateTest12EE.crt -# 4.4.13 Valid GeneralizedTime CRL nextUpdate Test13 - Validate Successfully -0 ValidGeneralizedTimeCRLnextUpdateTest13EE.crt -# 4.4.14 Valid Negative Serial Number Test14 - Validate Successfully -0 ValidNegativeSerialNumberTest14EE.crt -# 4.4.15 Invalid Negative Serial Number Test15 - Reject - the end entity certificate has been revoked -2 InvalidNegativeSerialNumberTest15EE.crt -# 4.4.16 Valid Long Serial Number Test16 - Validate Successfully -0 ValidLongSerialNumberTest16EE.crt -# 4.4.17 Valid Long Serial Number Test17 - Validate Successfully -0 ValidLongSerialNumberTest17EE.crt -# 4.4.18 Invalid Long Serial Number Test18 - Reject - the end entity certificate has been revoked -2 InvalidLongSerialNumberTest18EE.crt -# 4.4.19 Valid Separate Certificate and CRL Keys Test19 - Validate Successfully -0 ValidSeparateCertificateandCRLKeysTest19EE.crt -# 4.4.20 Invalid Separate Certificate and CRL Keys Test20 - Reject - the end entity certificate has been revoked -2 InvalidSeparateCertificateandCRLKeysTest20EE.crt -# 4.4.21 Invalid Separate Certificate and CRL Keys Test21 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidSeparateCertificateandCRLKeysTest21EE.crt -# 4.5.1 Valid Basic Self-Issued Old With New Test1 - Validate Successfully -0 ValidBasicSelfIssuedOldWithNewTest1EE.crt -# 4.5.2 Invalid Basic Self-Issued Old With New Test2 - Reject - the end entity certificate has been revoked -2 InvalidBasicSelfIssuedOldWithNewTest2EE.crt -# 4.5.3 Valid Basic Self-Issued New With Old Test3 - Validate Successfully -0 ValidBasicSelfIssuedNewWithOldTest3EE.crt -# 4.5.4 Valid Basic Self-Issued New With Old Test4 - Validate Successfully -0 ValidBasicSelfIssuedNewWithOldTest4EE.crt -# 4.5.5 Invalid Basic Self-Issued New With Old Test5 - Reject - the end entity certificate has been revoked -2 InvalidBasicSelfIssuedNewWithOldTest5EE.crt -# 4.5.6 Valid Basic Self-Issued CRL Signing Key Test6 - Validate Successfully -0 ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt -# 4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7 - Reject - the end entity certificate has been revoked -2 InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt -# 4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8 - Reject - invalid certification path -1 InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt -# 4.6.1 Invalid Missing basicConstraints Test1 - Reject - invalid certification path -1 InvalidMissingbasicConstraintsTest1EE.crt -# 4.6.2 Invalid cA False Test2 - Reject - invalid certification path -1 InvalidcAFalseTest2EE.crt -# 4.6.3 Invalid cA False Test3 - Reject - invalid certification path -1 InvalidcAFalseTest3EE.crt -# 4.6.4 Valid basicConstraints Not Critical Test4 - Validate Successfully -0 ValidbasicConstraintsNotCriticalTest4EE.crt -# 4.6.5 Invalid pathLenConstraint Test5 - Reject - invalid certification path -1 InvalidpathLenConstraintTest5EE.crt -# 4.6.6 Invalid pathLenConstraint Test6 - Reject - invalid certification path -1 InvalidpathLenConstraintTest6EE.crt -# 4.6.7 Valid pathLenConstraint Test7 - Validate Successfully -0 ValidpathLenConstraintTest7EE.crt -# 4.6.8 Valid pathLenConstraint Test8 - Validate Successfully -0 ValidpathLenConstraintTest8EE.crt -# 4.6.9 Invalid pathLenConstraint Test9 - Reject - invalid certification path -1 InvalidpathLenConstraintTest9EE.crt -# 4.6.10 Invalid pathLenConstraint Test10 - Reject - invalid certification path -1 InvalidpathLenConstraintTest10EE.crt -# 4.6.11 Invalid pathLenConstraint Test11 - Reject - invalid certification path -1 InvalidpathLenConstraintTest11EE.crt -# 4.6.12 Invalid pathLenConstraint Test12 - Reject - invalid certification path -1 InvalidpathLenConstraintTest12EE.crt -# 4.6.13 Valid pathLenConstraint Test13 - Validate Successfully -0 ValidpathLenConstraintTest13EE.crt -# 4.6.14 Valid pathLenConstraint Test14 - Validate Successfully -0 ValidpathLenConstraintTest14EE.crt -# 4.6.15 Valid Self-Issued pathLenConstraint Test15 - Validate Successfully -0 ValidSelfIssuedpathLenConstraintTest15EE.crt -# 4.6.16 Invalid Self-Issued pathLenConstraint Test16 - Reject - invalid certification path -1 InvalidSelfIssuedpathLenConstraintTest16EE.crt -# 4.6.17 Valid Self-Issued pathLenConstraint Test17 - Validate Successfully -0 ValidSelfIssuedpathLenConstraintTest17EE.crt -# 4.7.1 Invalid keyUsage Critical keyCertSign False Test1 - Reject - invalid certification path -1 InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt -# 4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2 - Reject - invalid certification path -1 InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt -# 4.7.3 Valid keyUsage Not Critical Test3 - Validate Successfully -0 ValidkeyUsageNotCriticalTest3EE.crt -# 4.7.4 Invalid keyUsage Critical cRLSign False Test4 - Reject - invalid certification path -1 InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt -# 4.7.5 Invalid keyUsage Not Critical cRLSign False Test5 - Reject - invalid certification path -1 InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt -0 UserNoticeQualifierTest19EE.crt -# 4.10.1 Valid Policy Mapping Test1, subtest 1 - Reject - unrecognized critical extension [Test using the default settings (i.e., initial-policy-set = any-policy) -1 InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt -# 4.11.2 Valid inhibitPolicyMapping Test2 - Reject - unrecognized critical extension -1 ValidinhibitPolicyMappingTest2EE.crt -# 4.12.2 Valid inhibitAnyPolicy Test2 - Reject - unrecognized critical extension -1 ValidinhibitAnyPolicyTest2EE.crt -# 4.13.1 Valid DN nameConstraints Test1 - Validate Successfully -0 ValidDNnameConstraintsTest1EE.crt -# 4.13.2 Invalid DN nameConstraints Test2 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest2EE.crt -# 4.13.3 Invalid DN nameConstraints Test3 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest3EE.crt -# 4.13.4 Valid DN nameConstraints Test4 - Validate Successfully -0 ValidDNnameConstraintsTest4EE.crt -# 4.13.5 Valid DN nameConstraints Test5 - Validate Successfully -0 ValidDNnameConstraintsTest5EE.crt -# 4.13.6 Valid DN nameConstraints Test6 - Validate Successfully -0 ValidDNnameConstraintsTest6EE.crt -# 4.13.7 Invalid DN nameConstraints Test7 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest7EE.crt -# 4.13.8 Invalid DN nameConstraints Test8 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest8EE.crt -# 4.13.9 Invalid DN nameConstraints Test9 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest9EE.crt -# 4.13.10 Invalid DN nameConstraints Test10 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest10EE.crt -# 4.13.11 Valid DN nameConstraints Test11 - Validate Successfully -0 ValidDNnameConstraintsTest11EE.crt -# 4.13.12 Invalid DN nameConstraints Test12 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest12EE.crt -# 4.13.13 Invalid DN nameConstraints Test13 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest13EE.crt -# 4.13.14 Valid DN nameConstraints Test14 - Validate Successfully -0 ValidDNnameConstraintsTest14EE.crt -# 4.13.15 Invalid DN nameConstraints Test15 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest15EE.crt -# 4.13.16 Invalid DN nameConstraints Test16 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest16EE.crt -# 4.13.17 Invalid DN nameConstraints Test17 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest17EE.crt -# 4.13.18 Valid DN nameConstraints Test18 - Validate Successfully -0 ValidDNnameConstraintsTest18EE.crt -# 4.13.19 Valid Self-Issued DN nameConstraints Test19 - Validate Successfully -0 ValidDNnameConstraintsTest19EE.crt -# 4.13.20 Invalid Self-Issued DN nameConstraints Test20 - Reject - name constraints violation -1 InvalidDNnameConstraintsTest20EE.crt -# 4.13.21 Valid RFC822 nameConstraints Test21 - Validate Successfully -0 ValidRFC822nameConstraintsTest21EE.crt -# 4.13.22 Invalid RFC822 nameConstraints Test22 - Reject - name constraints violation -1 InvalidRFC822nameConstraintsTest22EE.crt -# 4.13.23 Valid RFC822 nameConstraints Test23 - Validate Successfully -0 ValidRFC822nameConstraintsTest23EE.crt -# 4.13.24 Invalid RFC822 nameConstraints Test24 - Reject - name constraints violation -1 InvalidRFC822nameConstraintsTest24EE.crt -# 4.13.25 Valid RFC822 nameConstraints Test25 - Validate Successfully -0 ValidRFC822nameConstraintsTest25EE.crt -# 4.13.26 Invalid RFC822 nameConstraints Test26 - Reject - name constraints violation -1 InvalidRFC822nameConstraintsTest26EE.crt -# 4.13.27 Valid DN and RFC822 nameConstraints Test27 - Validate Successfully -0 ValidDNandRFC822nameConstraintsTest27EE.crt -# 4.13.28 Invalid DN and RFC822 nameConstraints Test28 - Reject - name constraints violation -1 InvalidDNandRFC822nameConstraintsTest28EE.crt -# 4.13.29 Invalid DN and RFC822 nameConstraints Test29 - Reject - name constraints violation -1 InvalidDNandRFC822nameConstraintsTest29EE.crt -# 4.13.30 Valid DNS nameConstraints Test30 - Validate Successfully -0 ValidDNSnameConstraintsTest30EE.crt -# 4.13.31 Invalid DNS nameConstraints Test31 - Reject - name constraints violation -1 InvalidDNSnameConstraintsTest31EE.crt -# 4.13.32 Valid DNS nameConstraints Test32 - Validate Successfully -0 ValidDNSnameConstraintsTest32EE.crt -# 4.13.33 Invalid DNS nameConstraints Test33 - Reject - name constraints violation -1 InvalidDNSnameConstraintsTest33EE.crt -# 4.13.34 Valid URI nameConstraints Test34 - Validate Successfully -0 ValidURInameConstraintsTest34EE.crt -# 4.13.35 Invalid URI nameConstraints Test35 - Reject - name constraints violation -1 InvalidURInameConstraintsTest35EE.crt -# 4.13.36 Valid URI nameConstraints Test36 - Validate Successfully -0 ValidURInameConstraintsTest36EE.crt -# 4.13.37 Invalid URI nameConstraints Test37 - Reject - name constraints violation -1 InvalidURInameConstraintsTest37EE.crt -# 4.13.38 Invalid DNS nameConstraints Test38 - Reject - name constraints violation -1 InvalidDNSnameConstraintsTest38EE.crt -# 4.14.1 Valid distributionPoint Test1 - Validate Successfully -0 ValiddistributionPointTest1EE.crt -# 4.14.2 Invalid distributionPoint Test2 - Reject - end entity certificate has been revoked -2 InvaliddistributionPointTest2EE.crt -# 4.14.3 Invalid distributionPoint Test3 - Reject or Warn - status of end entity certificate can not be determined -3 InvaliddistributionPointTest3EE.crt -# 4.14.4 Valid distributionPoint Test4 - Validate Successfully -0 ValiddistributionPointTest4EE.crt -# 4.14.5 Valid distributionPoint Test5 - Validate Successfully -0 ValiddistributionPointTest5EE.crt -# 4.14.6 Invalid distributionPoint Test6 - Reject - end entity certificate has been revoked -2 InvaliddistributionPointTest6EE.crt -# 4.14.7 Valid distributionPoint Test7 - Validate Successfully -0 ValiddistributionPointTest7EE.crt -# 4.14.8 Invalid distributionPoint Test8 - Reject or Warn - status of end entity certificate can not be determined -3 InvaliddistributionPointTest8EE.crt -# 4.14.9 Invalid distributionPoint Test9 - Reject or Warn - status of end entity certificate can not be determined -3 InvaliddistributionPointTest9EE.crt -# 4.14.10 Valid No issuingDistributionPoint Test10 - Validate Successfully -0 ValidNoissuingDistributionPointTest10EE.crt -# 4.14.11 Invalid onlyContainsUserCerts CRL Test11 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidonlyContainsUserCertsTest11EE.crt -# 4.14.12 Invalid onlyContainsCACerts CRL Test12 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidonlyContainsCACertsTest12EE.crt -# 4.14.13 Valid onlyContainsCACerts CRL Test13 - Validate Successfully -0 ValidonlyContainsCACertsTest13EE.crt -# 4.14.14 Invalid onlyContainsAttributeCerts Test14 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidonlyContainsAttributeCertsTest14EE.crt -# 4.14.15 Invalid onlySomeReasons Test15 - Reject - end entity certificate has been revoked -2 InvalidonlySomeReasonsTest15EE.crt -# 4.14.16 Invalid onlySomeReasons Test16 - Reject - end entity certificate is on hold -2 InvalidonlySomeReasonsTest16EE.crt -# 4.14.17 Invalid onlySomeReasons Test17 - Reject or Warn - status of end entity certificate can not be determined -3 InvalidonlySomeReasonsTest17EE.crt -# 4.14.18 Valid onlySomeReasons Test18 - Validate Successfully -0 ValidonlySomeReasonsTest18EE.crt -# 4.14.19 Valid onlySomeReasons Test19 - Validate Successfully -0 ValidonlySomeReasonsTest19EE.crt -# 4.14.20 Invalid onlySomeReasons Test20 - Reject - end entity certificate has been revoked -2 InvalidonlySomeReasonsTest20EE.crt -# 4.14.21 Invalid onlySomeReasons Test21 - Reject - end entity certificate has been revoked -2 InvalidonlySomeReasonsTest21EE.crt -# 4.14.24 Valid IDP with indirectCRL Test24 - Reject or Warn - status of end entity certificate can not be determined -3 ValidIDPwithindirectCRLTest24EE.crt -# 4.15.1 Invalid deltaCRLIndicator No Base Test1 - Reject or Warn - status of end entity certificate can not be determined -3 InvaliddeltaCRLIndicatorNoBaseTest1EE.crt -# 4.15.2 Valid delta-CRL Test2 - Validate Successfully -0 ValiddeltaCRLTest2EE.crt -# 4.15.3 Invalid delta-CRL Test3 - Reject - end entity certificate has been revoked -2 InvaliddeltaCRLTest3EE.crt -# 4.15.4 Invalid delta-CRL Test4 - Reject - end entity certificate has been revoked -2 InvaliddeltaCRLTest4EE.crt -# 4.15.5 Valid delta-CRL Test5 - Validate Successfully -0 ValiddeltaCRLTest5EE.crt -# 4.15.6 Invalid delta-CRL Test6 - Reject - end entity certificate has been revoked -2 InvaliddeltaCRLTest6EE.crt -# 4.15.7 Valid delta-CRL Test7 - Validate Successfully -0 ValiddeltaCRLTest7EE.crt -# 4.15.8 Valid delta-CRL Test8 - Validate Successfully -0 ValiddeltaCRLTest8EE.crt -# 4.15.9 Invalid delta-CRL Test9 - Reject - end entity certificate has been revoked -2 InvaliddeltaCRLTest9EE.crt -# 4.15.10 Invalid delta-CRL Test10 - Reject or Warn - status of end entity certificate can not be determined -3 InvaliddeltaCRLTest10EE.crt -# 4.16.1 Valid Unknown Not Critical Certificate Extension Test1 - Validate Successfully -0 ValidUnknownNotCriticalCertificateExtensionTest1EE.crt -# 4.16.2 Invalid Unknown Critical Certificate Extension Test2 - Reject - unrecognized critical extension -1 InvalidUnknownCriticalCertificateExtensionTest2EE.crt diff --git a/crypto/heimdal/lib/hx509/data/no-proxy-test.crt b/crypto/heimdal/lib/hx509/data/no-proxy-test.crt deleted file mode 100644 index d57802e4469..00000000000 --- a/crypto/heimdal/lib/hx509/data/no-proxy-test.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICDDCCAXWgAwIBAgIJAI8UaHGQmUvOMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx -MTEyMDY1ODU5WjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw -DwYDVQQDDAhuby1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvF58 -Sgq1QTZwsXyFvMTo2Iit/NLZupuIlJgctZJ51EOaFBmTfqt/PgxQKmgqQhgFW+HT -8WPdvvfUxjwe4BiIORYoCX8pl/wGFCa70zUC7/5IoMmhb9XBrecOxswRNK8EvGhF -67z2uDUS4LASuy7ng8HSuAM0PCHYnGmqeYrR6jUCAwEAAaM5MDcwCQYDVR0TBAIw -ADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFJ+WD/mqMrbcBts4x0tXv0CflIcZMA0G -CSqGSIb3DQEBBQUAA4GBAEAODiL2ZL2ZhkklFbHXSg/ZEkUs1Oewpg+bDO6xjute -hnarKTrWFWiSgQ9yhZMa8klaNCdHjDo0Q5borQeVzp027cemLdnLyxusSuIJRqy+ -mZtNl7533q+oKWydZtvNmXRlGi5HmJV5JAjEXbadqUnlRJ/CdN1WvdwLWfvbW5DL ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/no-proxy-test.key b/crypto/heimdal/lib/hx509/data/no-proxy-test.key deleted file mode 100644 index 1c479375667..00000000000 --- a/crypto/heimdal/lib/hx509/data/no-proxy-test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC8XnxKCrVBNnCxfIW8xOjYiK380tm6m4iUmBy1knnUQ5oUGZN+ -q38+DFAqaCpCGAVb4dPxY92+99TGPB7gGIg5FigJfymX/AYUJrvTNQLv/kigyaFv -1cGt5w7GzBE0rwS8aEXrvPa4NRLgsBK7LueDwdK4AzQ8Idicaap5itHqNQIDAQAB -AoGBAJt0CnR8U8tGp0gCMMhxZIvWeGfOhnr3AodG5WJ/SGWBiLWPyeZel7rYJIxq -vH0hH8MNIoDy3rxMAN+8G+rqs/elE8zeYv8FCP4jahz+HPKeJIjFm1MBOHZQspq7 -Y4OfoBH+EgqJjBRxuBIeCUqVhyluSsYHQFihurp3a76dHvxBAkEA7c4KjJ6mka9C -9X+Tp2EKW+h8npEEXbLIvHet9p0pzD5PhE2aVvSEAXEqxdbuFAb4LVApUdd4Quec -PXa0EOF7UQJBAMrIIV317rGPlmEXqt681KkHo30C2e6SpM6by42r+csTs+6KDZdf -uDWZKb4o9bLTj+A0LC73ySESv4PlGC+8v6UCQEIRnJy091JCfzf12fAG5fni/byQ -TcY6hcrW9V4vDA3SwgTgCqFeDc7Ywil1LXAi/5CXVOOIGcF818u7zwthmgECQCm+ -Rvgjr05IA6nbCGavsotVMjeCxcAR2fFaKu3wEAzY8npRWvjlUHNgIzKtFd8JJB4A -P3Qvt+yiAmCxYWg6T60CQHvGW0M/usmQXEGWMx+KCkm71UKcKCxDEKzZ8mI3jQ3H -b6Whs1NdsQJwIEXHB2Sb2GmTIlFjXczw7fp/ub3Dx84= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/ocsp-req1.der b/crypto/heimdal/lib/hx509/data/ocsp-req1.der deleted file mode 100644 index 869a7dc87d3..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-req1.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-req2.der b/crypto/heimdal/lib/hx509/data/ocsp-req2.der deleted file mode 100644 index c1481e186db..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-req2.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der deleted file mode 100644 index 98d88e4bf26..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1-2.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der deleted file mode 100644 index 4c650162f79..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1-3.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der deleted file mode 100644 index 24501689151..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der deleted file mode 100644 index 19cf6c80cc9..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der deleted file mode 100644 index 460b5f7ea15..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der deleted file mode 100644 index 87173ff610a..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp1.der b/crypto/heimdal/lib/hx509/data/ocsp-resp1.der deleted file mode 100644 index 8546eba86f6..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp1.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-resp2.der b/crypto/heimdal/lib/hx509/data/ocsp-resp2.der deleted file mode 100644 index 0ba588a8086..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/ocsp-resp2.der and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/ocsp-responder.crt b/crypto/heimdal/lib/hx509/data/ocsp-responder.crt deleted file mode 100644 index fb55a8a5393..00000000000 --- a/crypto/heimdal/lib/hx509/data/ocsp-responder.crt +++ /dev/null @@ -1,56 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:56 2007 GMT - Not After : Nov 12 06:58:56 2017 GMT - Subject: C=SE, CN=OCSP responder - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d9:10:2f:04:de:99:10:61:02:ff:4e:b5:54:6f: - 98:80:70:fb:a1:e0:97:ee:a9:0f:74:47:a9:8c:a5: - 86:ff:b8:ea:80:d9:ae:45:07:bd:33:93:e2:f4:f1: - dd:dc:86:6e:9a:6c:b7:67:11:50:ad:9c:b0:0f:68: - 5d:4d:74:2a:24:4e:5e:c6:c0:9e:6a:a2:ed:80:31: - d9:ac:79:c7:09:07:1f:9c:c3:12:33:88:72:9d:99: - c5:f4:fd:c6:a1:9f:09:04:e0:7d:b0:ed:1f:91:4c: - 8e:de:9b:6d:7d:cb:2e:83:32:0e:32:57:f1:16:07: - ed:69:fc:0e:a8:2a:ad:82:9d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Extended Key Usage: - OCSP No Check, OCSP Signing - X509v3 Subject Key Identifier: - 9C:BE:33:AF:C2:52:C6:F2:46:5F:A8:67:71:02:F1:70:4B:A7:B7:14 - Signature Algorithm: sha1WithRSAEncryption - 8b:c5:8e:d6:dc:ba:e3:77:da:66:2b:be:c4:a6:4c:b0:30:6d: - fd:26:3d:8d:1d:ad:c5:8c:88:61:86:0a:da:48:e8:39:cf:c5: - 83:98:e7:f9:ff:92:a7:ba:fe:b4:b4:6c:bb:84:17:fd:e3:71: - 9e:a7:39:af:d3:08:0b:1f:05:29:cf:ef:e4:3c:82:7e:ee:aa: - 4a:19:3b:17:e6:e9:2d:b4:f7:4f:e2:f3:6b:04:20:58:42:fa: - e2:b6:d4:80:c4:db:22:32:ce:cb:59:23:8b:df:ba:87:bb:bf: - 4e:ea:b0:1e:7a:73:b4:c9:06:aa:f1:59:cf:d3:28:db:d2:6c: - a0:dd ------BEGIN CERTIFICATE----- -MIICHzCCAYigAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3 -MTExMjA2NTg1NlowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u -ZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZEC8E3pkQYQL/TrVUb5iA -cPuh4JfuqQ90R6mMpYb/uOqA2a5FB70zk+L08d3chm6abLdnEVCtnLAPaF1NdCok -Tl7GwJ5qou2AMdmseccJBx+cwxIziHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6D -Mg4yV/EWB+1p/A6oKq2CnQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF -4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQWBBScvjOv -wlLG8kZfqGdxAvFwS6e3FDANBgkqhkiG9w0BAQUFAAOBgQCLxY7W3Lrjd9pmK77E -pkywMG39Jj2NHa3FjIhhhgraSOg5z8WDmOf5/5Knuv60tGy7hBf943Gepzmv0wgL -HwUpz+/kPIJ+7qpKGTsX5ukttPdP4vNrBCBYQvrittSAxNsiMs7LWSOL37qHu79O -6rAeenO0yQaq8VnP0yjb0myg3Q== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/ocsp-responder.key b/crypto/heimdal/lib/hx509/data/ocsp-responder.key deleted file mode 100644 index 24369bc1cbf..00000000000 --- a/crypto/heimdal/lib/hx509/data/ocsp-responder.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDZEC8E3pkQYQL/TrVUb5iAcPuh4JfuqQ90R6mMpYb/uOqA2a5F -B70zk+L08d3chm6abLdnEVCtnLAPaF1NdCokTl7GwJ5qou2AMdmseccJBx+cwxIz -iHKdmcX0/cahnwkE4H2w7R+RTI7em219yy6DMg4yV/EWB+1p/A6oKq2CnQIDAQAB -AoGBALXDXowmVmgnxFnEMAWvmTVc5unL5437VayaYbkb1ysGTqBtKAg4DdBF81QH -wS/sBmwbw4x0LGnk/m04iIDWWH4ZTH0HHthLxTiIrGHenS01V4Ucq1EjhYNJW/bk -8FGf91UDknZrEnvPFQxvdSLHVSB+WHgqkX8WXPc7MwoJ7HblAkEA9pmjB8TXxeky -B8+0G65u3QDWMzmfw12oHgKHnHxKyL/gamHERNPJ0NsFE4BtsSF1LJQYCw189s8m -GDpa0uW0iwJBAOFWUiJSYYVTSdcmfjI99XUCo9rXEkaJXY0etjK5q+rK21mrkWNQ -M7fWVZDbQZfbTP1LiUak+qjz64J9/iOogncCQEXUT6Qdi3RRiodHu5qzFFWkrQMo -aCMsXDTTRo97arnaC7RUJv3OczGfM5rIHUexT7rl3MEUerRxCDqIG7voq+0CQQDE -806sgvaLsoVqkFFilnbwg5M1lh96GVv0GTDEWzZg7FcWI/faJuJdPu/gwVKuaNX8 -2cWtQkt32mIw1vCGuCT3AkAfubHAXeiBHHE95jLtQ98s4KzOaZtFnQfn14c8nGS0 -2qUv1RHYZEVHYnsOZs3pLyOdxrZOlOSE6gKHCGVHoUKJ ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/openssl.cnf b/crypto/heimdal/lib/hx509/data/openssl.cnf deleted file mode 100644 index 7fe3b649dbf..00000000000 --- a/crypto/heimdal/lib/hx509/data/openssl.cnf +++ /dev/null @@ -1,182 +0,0 @@ -oid_section = new_oids - -[ new_oids ] -pkkdcekuoid = 1.3.6.1.5.2.3.5 - -[ca] - -default_ca = user - -[usr] -database = index.txt -serial = serial -x509_extensions = usr_cert -default_md=sha1 -policy = policy_match -certs = . - -[ocsp] -database = index.txt -serial = serial -x509_extensions = ocsp_cert -default_md=sha1 -policy = policy_match -certs = . - -[usr_ke] -database = index.txt -serial = serial -x509_extensions = usr_cert_ke -default_md=sha1 -policy = policy_match -certs = . - -[usr_ds] -database = index.txt -serial = serial -x509_extensions = usr_cert_ds -default_md=sha1 -policy = policy_match -certs = . - -[pkinit_client] -database = index.txt -serial = serial -x509_extensions = pkinit_client_cert -default_md=sha1 -policy = policy_match -certs = . - -[pkinit_kdc] -database = index.txt -serial = serial -x509_extensions = pkinit_kdc_cert -default_md=sha1 -policy = policy_match -certs = . - -[https] -database = index.txt -serial = serial -x509_extensions = https_cert -default_md=sha1 -policy = policy_match -certs = . - -[subca] -database = index.txt -serial = serial -x509_extensions = v3_ca -default_md=sha1 -policy = policy_match -certs = . - - -[ req ] -distinguished_name = req_distinguished_name -x509_extensions = v3_ca # The extentions to add to the self signed cert - -string_mask = utf8only - -[ v3_ca ] - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true -keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature - -[ usr_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash - -[ usr_cert_ke ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, keyEncipherment -subjectKeyIdentifier = hash - -[ proxy_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo - -[pkinitc_princ_name] -realm = EXP:0, GeneralString:TEST.H5L.SE -principal_name = EXP:1, SEQUENCE:pkinitc_principal_seq - -[ pkinit_client_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name - -[pkinitc_principal_seq] -name_type = EXP:0, INTEGER:1 -name_string = EXP:1, SEQUENCE:pkinitc_principals - -[pkinitc_principals] -princ1 = GeneralString:bar - -[ https_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -#extendedKeyUsage = https-server XXX -subjectKeyIdentifier = hash - -[ pkinit_kdc_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = pkkdcekuoid -subjectKeyIdentifier = hash -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name - -[pkinitkdc_princ_name] -realm = EXP:0, GeneralString:TEST.H5L.SE -principal_name = EXP:1, SEQUENCE:pkinitkdc_principal_seq - -[pkinitkdc_principal_seq] -name_type = EXP:0, INTEGER:1 -name_string = EXP:1, SEQUENCE:pkinitkdc_principals - -[pkinitkdc_principals] -princ1 = GeneralString:krbtgt -princ2 = GeneralString:TEST.H5L.SE - -[ proxy10_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo - -[ usr_cert_ds ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature -subjectKeyIdentifier = hash - -[ ocsp_cert ] -basicConstraints=CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -# ocsp-nocheck and kp-OCSPSigning -extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9 -subjectKeyIdentifier = hash - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = SE -countryName_min = 2 -countryName_max = 2 - -organizationalName = Organizational Unit Name (eg, section) - -commonName = Common Name (eg, YOUR name) -commonName_max = 64 - -#[ req_attributes ] -#challengePassword = A challenge password -#challengePassword_min = 4 -#challengePassword_max = 20 - -[ policy_match ] -countryName = match -commonName = supplied diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt b/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt deleted file mode 100644 index 7349a624176..00000000000 --- a/crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt +++ /dev/null @@ -1,70 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV -BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy -MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD -DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF -ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf -5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU -eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr -BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF -AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8 -KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn -eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ== ------END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 6 (0x6) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:57 2007 GMT - Not After : Nov 12 06:58:57 2017 GMT - Subject: C=SE, CN=pkinit - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1: - f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b: - b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60: - ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5: - b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8: - 10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4: - e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81: - 75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d: - a5:76:f2:f9:30:68:ec:e8:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - 66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F - X509v3 Subject Alternative Name: - othername: - Signature Algorithm: sha1WithRSAEncryption - 1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff: - da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80: - e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf: - b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f: - d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd: - 81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b: - ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2: - 43:43 ------BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3 -MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9 -Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L -FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l -dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O -BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw -IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF -AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l -q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B -rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt b/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt deleted file mode 100644 index 3867a892f87..00000000000 --- a/crypto/heimdal/lib/hx509/data/pkinit-proxy.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIJAJWfAgX+rDGvMA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV -BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDcxMTE1MDY1ODU3WhcNMTcxMTEy -MDY1ODU3WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD -DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJk+5riF -ML9djk75CGm9WUN37N+EKXZvLS1/jLsQbxOWPnfZ/bHPpnI2I4EEavSQUgrlbpLf -5IZsxlAFtokSROpef1MQ3oyJFom8c1Ut37zEJL13m4pjUZjr8Ky+OUsWNVieRIXU -eHw2+Ny8a5y3XOygCJWDzaCTcm+nvfTmVsr9AgMBAAGjYDBeMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQRgztmDHmF1DecOPint9iafFNckDAlBggr -BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF -AAOBgQCYm9bHTRfvEpjnKXQz9t8Uh9L+prU2+BMDClnDHsBE/Pb1vH40rOIT2sV8 -KQnjo+TVlvHXDxUy/HMY5O/5umLbzP4xr6mWwP5B2K5y566WHThz2ltcRgcmbRrn -eOzN87+Gt1XqrTIlFftvxGX9U0PxyxFTASAOiv0hFvZN5GxYzQ== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/pkinit-proxy.key b/crypto/heimdal/lib/hx509/data/pkinit-proxy.key deleted file mode 100644 index d04b0091e77..00000000000 --- a/crypto/heimdal/lib/hx509/data/pkinit-proxy.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCZPua4hTC/XY5O+QhpvVlDd+zfhCl2by0tf4y7EG8Tlj532f2x -z6ZyNiOBBGr0kFIK5W6S3+SGbMZQBbaJEkTqXn9TEN6MiRaJvHNVLd+8xCS9d5uK -Y1GY6/CsvjlLFjVYnkSF1Hh8NvjcvGuct1zsoAiVg82gk3Jvp7305lbK/QIDAQAB -AoGAKH4TbuxariYlZT6ud2o9/PLiV0lPv2ivEleiswcrooxPo1GplGNfAszFYuDs -9gRweUqYhhy9ALwbRqfLzLpUFQUBzQ1cZlO23m48GsCPL4XJxlzE9+w/wLWWaqsK -syFax5T//iokYVa07AvFZxWpEUixewirJrhNyUafdKk8W8ECQQDKpH/pvljO6e9J -jC65aTYPzMXAUp54DMWu1+FXUyELxGp+GjAwwhESpSLEaAnZH97H6ZtTiJku3Z0n -pMsrH7WtAkEAwZi2sV8I/MjFPpti/zf6OHEJo89/SgTYIHmL6pE3tuNWhw/9Dorc -N45cMGAiGep2HQdfZFGD0OekzLGeGBj0kQJAPFdNi5HVqg945IKsqyNMKNpGDGXN -sFvFRbIc9L7ZOULMny43KV2wbcfkmW2NeS0HTqoeSXqEerMdB+AHa5jupQJADALP -gt2kjxpdsm6ti6wLaCkLMhCTkyINzqX72ke8LyqXmbWSO669zuyUJ6QvOXBkd5SX -hH/SL8nPXau/ZTtXIQJBAICcJBlgxhrUn5C12wwuQw/BZi6qK9KdVcWTapnhE7eQ -Z6k/Pbi53/aI2g1EXq7G3RrQvAhV43AW5foJWqijDdA= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/pkinit-pw.key b/crypto/heimdal/lib/hx509/data/pkinit-pw.key deleted file mode 100644 index 563ccf11209..00000000000 --- a/crypto/heimdal/lib/hx509/data/pkinit-pw.key +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,1698161265C4033B32CEB819B5D78953 - -vQnkfeICkS2/gIEv1zrJ+WaUOeRvKfUUFM6uH4/xm5Abp4DqGlkCvwb4u9dZuRUj -arlvgRc0e0CoBuQ/3gmBDlmQp+4ByiypERku8MAxsUV6LEmv2f1YfhecQSntDoJH -fNOXna8caCy4W1xhmsYgWYSVS98QkNXdLjBjLJ4/MrwzdR2SMqAzyg6eNwhWAMe1 -aUh/M9JYB04sfRUtqD67oeyBfHVhDd9kByXuRYWyNE0SW5wlmVehhnEb/YHREKHr -yOa3eRGtA4MHi7NXww4NBzOG10N9Ajq55ouMKnejFroCpevC332ijBzjTI+fo4SX -hegNDXzAIqRueGZlmBzHjkTzA8tEPM1dsbviJ5BYO3iZgWE8J1rIBx51HOZmlREC -3EWflJPhd666BnBepODMBXldkmfcfxhZxuoOrrXer+NZCsXE0z0DOLsNARR/7JvW -Ie81eQijvkur1QJO63SwT0kNm5IMJZr2Ul0QLysvjY2G/nV0bzHb8KsWqNoUPNvJ -lBUGQ2yvpeVRNR9CMm39U/CcnkLOl+z2oLUC86TdodaY6FEBmIBaakZ1rHkANWK4 -HMcN0FgdGbcRLg5PHji84g4tT+SOZa1hWEC4PC7lmRxAZP+o8Pe0tpiJzIbLPTRb -3rvnEEG3IawMIGcoUGcgIUPvHH93EMpDrflVYdXmvapzST3U8xBDzpkXZRof7APG -qAFsEB4psQEDG6KmOJ245aVWN0SBjHTLlIhUTx+m7OYl34MDoyv6Yk12i9PpKQN5 -W++QayfkJzQpV4EsR08UO615+XYCzMhCU3eozH+P39RF58rYnMLv9owjx1wL0z5R ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/pkinit.crt b/crypto/heimdal/lib/hx509/data/pkinit.crt deleted file mode 100644 index e8d485e616d..00000000000 --- a/crypto/heimdal/lib/hx509/data/pkinit.crt +++ /dev/null @@ -1,56 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 6 (0x6) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:57 2007 GMT - Not After : Nov 12 06:58:57 2017 GMT - Subject: C=SE, CN=pkinit - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a3:44:b1:8a:42:9d:d0:3f:30:de:e8:66:42:c1: - f1:c9:98:8f:d2:bd:eb:59:67:3d:5e:0e:35:ca:3b: - b8:91:b0:fc:e5:22:3a:2d:62:81:56:bb:51:77:60: - ac:83:43:75:87:ce:f1:f6:bd:ab:f2:07:c5:8d:d5: - b8:56:9e:8e:45:93:bd:c6:ac:5d:20:3e:cb:14:e8: - 10:07:b9:5e:07:ac:56:13:48:1b:84:c7:30:62:f4: - e4:19:67:b5:1b:3a:ac:af:0b:92:e2:00:90:2f:81: - 75:b6:63:3f:43:a5:e9:76:ee:33:75:74:b2:76:5d: - a5:76:f2:f9:30:68:ec:e8:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - 66:BB:EC:4F:F0:52:7E:D1:F4:F4:F9:CD:E9:B6:C7:C4:FC:2A:2F:4F - X509v3 Subject Alternative Name: - othername: - Signature Algorithm: sha1WithRSAEncryption - 1f:bd:87:72:d7:85:93:f9:96:97:6f:25:2f:89:1f:09:64:ff: - da:44:92:d0:59:6e:4f:cf:29:d7:5a:78:64:40:1c:3d:a5:80: - e9:b9:92:85:44:2e:25:ab:5c:8d:35:4b:5b:47:c6:79:61:cf: - b9:75:55:0b:20:6a:ad:ec:f5:0f:47:1e:e7:72:b0:b6:61:0f: - d6:84:e3:e4:29:05:4d:d1:7c:7b:a6:7b:6f:b2:af:9a:6b:dd: - 81:ae:5d:c1:7b:74:11:86:18:2e:38:eb:ed:33:03:f6:05:4b: - ec:d7:7d:53:6c:71:01:86:fb:fb:63:dd:5b:cb:10:85:96:f2: - 43:43 ------BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3 -MTExMjA2NTg1N1owHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo0SxikKd0D8w3uhmQsHxyZiP0r3rWWc9 -Xg41yju4kbD85SI6LWKBVrtRd2Csg0N1h87x9r2r8gfFjdW4Vp6ORZO9xqxdID7L -FOgQB7leB6xWE0gbhMcwYvTkGWe1GzqsrwuS4gCQL4F1tmM/Q6Xpdu4zdXSydl2l -dvL5MGjs6EcCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O -BBYEFGa77E/wUn7R9PT5zem2x8T8Ki9PMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw -IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF -AAOBgQAfvYdy14WT+ZaXbyUviR8JZP/aRJLQWW5PzynXWnhkQBw9pYDpuZKFRC4l -q1yNNUtbR8Z5Yc+5dVULIGqt7PUPRx7ncrC2YQ/WhOPkKQVN0Xx7pntvsq+aa92B -rl3Be3QRhhguOOvtMwP2BUvs131TbHEBhvv7Y91byxCFlvJDQw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/pkinit.key b/crypto/heimdal/lib/hx509/data/pkinit.key deleted file mode 100644 index 12b41689a2d..00000000000 --- a/crypto/heimdal/lib/hx509/data/pkinit.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCjRLGKQp3QPzDe6GZCwfHJmI/SvetZZz1eDjXKO7iRsPzlIjot -YoFWu1F3YKyDQ3WHzvH2vavyB8WN1bhWno5Fk73GrF0gPssU6BAHuV4HrFYTSBuE -xzBi9OQZZ7UbOqyvC5LiAJAvgXW2Yz9Dpel27jN1dLJ2XaV28vkwaOzoRwIDAQAB -AoGAQTAxTwnwJvDEG4xhIDB90MdITZWk/YpaF07HLVsRA6LOJtK2td5J1A5wpaCE -4NgzeikntSPgHn/54fq+Yl9mYEAM1Uv6SimudiKe3Qk0M+bS4m/SMMlmV0eFjEh6 -ZG4NNRZmmzoaQbUiVa27fZ6362xtFGbGXJ8BjxOoTeaRn6kCQQDUwJafoKPN2dsq -ewSCjGQhVGezw12ho2eaxj7VyNWU7V4LW2LdLClbXovSnpQ7bgHEopx1e97G2du7 -1ak3BxejAkEAxHUCpbFSbBBoIdnt+VGS/8hCWl8/6YniOFOk9Qp22moaNVVZYyTT -Xpu45FeDKfm/xDwvPP9If0PDoM38tBvHDQJBAMTcmAOI/0lhRv1d62RpR9XXZkXe -huskap+6xTXIqmkt4xGbNDX3wST8rWDsv7jmJ9itpxzGy/Mwb7S1FekHNQUCQDDw -jTZFlCjDdY1pQrUnMx1w/8aPj9ZXuPkbLS616qHCaMD8gAYIuHcLB+YqPsyIINN7 -wrDJT4AUm3lFlzwu50kCQELkMFUM6rb9q/cOUQxsf023nPbObm3xJ0X4FtVhXuGi -oUAOklX1xDLSqvWySOrTXfvfF4c3qCw9DAoDtKpbCgk= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/proxy-level-test.crt b/crypto/heimdal/lib/hx509/data/proxy-level-test.crt deleted file mode 100644 index 0cab380563d..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy-level-test.crt +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUDCCAbmgAwIBAgIJAKfbLM8p28MgMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxDjAMBgNVBAMMBXByb3h5MB4XDTA3 -MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVowQTELMAkGA1UEBhMCU0UxEjAQBgNV -BAMMCVRlc3QgY2VydDEOMAwGA1UEAwwFcHJveHkxDjAMBgNVBAMMBWNoaWxkMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZM -OGOhTtMnNlCpA/OKEpwMPIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUa -klBRKHZm+UCJ8L6X4MgahNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q -9oZgim2zMwvVBQIDAQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV -HQ4EFgQUQGqZ5v4NSB5Iwo17DynPRufgbF0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEA -MA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEFBQADgYEAxQjN9RrCdZHhGAyS -y3/1EAyWIvmz8wKW0q4kSfNV7DAcUCKmQQ45oCEVnyTEbP8ltdIaHyIK1ujxKQC1 -QLDzjHkBBQGBrCH+gyIdpT9OZu2gT8f2j4u01YwbjLTcU2yEXVkkH18SZiawq2DF -ETkEd/u6TKzhpwFPuZPKUeFexPA= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/proxy-level-test.key b/crypto/heimdal/lib/hx509/data/proxy-level-test.key deleted file mode 100644 index c697b1b6499..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy-level-test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC0hrvRoael03J8Y5gvtDMq0ZGm5ZZMOGOhTtMnNlCpA/OKEpwM -PIxiWr625wFwD7YUupvUZ7qLodf5yTN1wkbpVD2NbAUaklBRKHZm+UCJ8L6X4Mga -hNy+Y1uj6m14a50B9GtCi+RspP7p9pNKx9hnA8+dRs6Q9oZgim2zMwvVBQIDAQAB -AoGBAI7cPM/1ZK1W+rezPSErMn7FH8V61Ij26ukhbvoOAqDuLpFqjrEkTVgcReaK -QtoCpO4ciur5N2f+qOLUNXQQTXpMN+nRxkKxLMhG99Hej+vmzPjMdimEtTJiRfKF -KU4rKUOCPdmu9fMe/kniOKbDmq1FFP+SqCU4hRiZZv0GMdDhAkEA8I6Du8UvTZ8I -04o05s/BlMiErASTZgq27UM6rWl2FNy5Av2suayBW7xJczdGEtbT982KwQmk0Mg9 -Hj5pWi5MDQJBAMAdorBVTMD4iFvfRhN6aSD3PzG/fsEexRuxvx2iBrrMZQ+6mS26 -8myNHPMASAiwt5H2T7Y/dNMB64iod5gFVtkCQDMJ+ddQKg4tDQFdFIZYVDlOJiAd -RGzlHxTOK9f5RU19219QFWK7wCKHm4nvk1WR8R1lpef5NNf7dERDd7Tjl80CQAx6 -oFO15rtuKWVWVnXzcJq8lLVFjBU9S25mGFTzbl554mKoK0UGLLMSY3wBW6x81h+8 -ESd0bcE7EbKZxtLwHdkCQQDYB5HxhlPZdquY+yg7vqxUF9Lf6+smlVv3PjfhXztg -2aV717UGinyqZgcn2J+ADWocRI3JnOhU0lswsGc+oVXp ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/proxy-test.crt b/crypto/heimdal/lib/hx509/data/proxy-test.crt deleted file mode 100644 index d0d3135a58e..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy-test.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICMDCCAZmgAwIBAgIJAI8UaHGQmUvNMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1ODU5WhcNMTcx -MTEyMDY1ODU5WjAxMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MQ4w -DAYDVQQDDAVwcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzeKelgMO -dEHFmfEANkv6k+HkOduzT2It++ma7Kg+6+eOWpBqWcY3AOEbSE2UJM6H+StDhNNS -cldPd3LoZayywckvgD3/NZjB9drsxF9GGClHew+fKjiekjNR3aUuAjysJYfr9AYd -E6AFft2qKphuPKlEjPDeOZ4RpjvQOgFRB28CAwEAAaNgMF4wCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFOGuL3xdInqdArsxly/BbLmYbzDTMCUGCCsG -AQUFBwEOAQH/BBYwFAIBADAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUA -A4GBADOZurVQ/lXeLADFOZbTmbRt0Nv3aPHniG1yovlSDEuNjMczeRMMIsef+jpJ -4Z0rt65i3qpX3uXZdCgGtIbusIlM7fBLCRI5vJ27jqs2PnCvodWO05e/aL3XxRwr -42wDWTioZuGm8Sz4hpHv74Fz/7PgvZPMFSo15ujdOTWMXj08 ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/proxy-test.key b/crypto/heimdal/lib/hx509/data/proxy-test.key deleted file mode 100644 index 93b609b7516..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy-test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDN4p6WAw50QcWZ8QA2S/qT4eQ527NPYi376ZrsqD7r545akGpZ -xjcA4RtITZQkzof5K0OE01JyV093cuhlrLLByS+APf81mMH12uzEX0YYKUd7D58q -OJ6SM1HdpS4CPKwlh+v0Bh0ToAV+3aoqmG48qUSM8N45nhGmO9A6AVEHbwIDAQAB -AoGAaAv+2RDyXQ5gLkv9L3N2TwX5sMO2+odDdeu4v6DHK7D54ArbtELXyTn577BF -DdTSIroahSXGpMI7BsKrb7a3Hw+lnbEsag0a71yMM+E/zN9e0BgZwb7ZpeezVG2O -kaXCuVPQlmDys8UH001FWP/XxqhLfCjy25ynaXi990k0AwECQQDwI64IquGE0OCO -bI15Z+qLM5aRQgkNPokU7bZ1oSp9Ctx0pI9IzN6DcXe1QcXBDUJrZ0medNmNjqkG -KPkiAieDAkEA23vDr6+iiSTOIUAGj+NDY9ydk48j8oWYUeQPL8Y7hJrckJrqqfNL -MGZUKnF/RFPRbfS543xiqlXs4j3C61cwpQJAS9DH+l6Q8tDLhMvK4sCnMSmpaNTz -bKYIu33NdFfcxTuvnHfz8OUVf2RMigJo/+lCxgwHFysHIIUg4hv/g/gwJwJBAIfx -UHMwxetL8KCHl4jnqoXfz3nl3s4IESAnsYBVt+eaQ6MNUOuS1a9UsizXv4wCnmUM -f1Z3ZGU8c0xuFJzPlEECQAs9UM+v0WxhUY8iVltgaLxGP282Mg+p+pIoqXbn8Mt7 -gOomlisP+s0Hh+c+YFPIAaAeH6j7n4AxydI0Z9fKIZA= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt deleted file mode 100644 index 95abe018b12..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICdDCCAd2gAwIBAgIJAN27BSQHOOO6MA0GCSqGSIb3DQEBBQUAMEMxCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAxDjAM -BgNVBAMMBWNoaWxkMB4XDTA3MTExNTA2NTkwMFoXDTE3MTExMjA2NTkwMFowUzEL -MAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDEQMA4GA1UEAwwHcHJveHkx -MDEOMAwGA1UEAwwFY2hpbGQxDjAMBgNVBAMMBWNoaWxkMIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWR -Dwek7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlV -JljkmB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wID -AQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUNBaggvaD -C/Amnb2M8g60WKxwGn0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUA -BANmb28wDQYJKoZIhvcNAQEFBQADgYEAmT5WYZ6FM6ceyyxTKiusYLDPJ04D7dVk -VVMnu1q9dATMje/RKrncT0+KNEMdLWLpZgeHj4E2bi1507l3/zOUwOPpdI9MrvpY -Or6ssQ3sZAZI60ruZ91ml6cYt+rbE1F2J+y1CM0rW/wnAIT1v2vP2Wd7PrEm8RsM -QGbyuzcrAL4= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key b/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key deleted file mode 100644 index 247f6165363..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCw3LymYPXq7FKF1yumUvZTEbyMNszUYmoaMXgfnOgu8TWRDwek -7ome68yHYYkc4fj1jG2ugdQ+/LgpJ10c+lHa1MeE7QHbJu6tNhRcCgxnAtlVJljk -mB24Ne/UjQwVVT73rUrvaigby8Ai0ujDtPJDqfUQvh8lwEFFWuafq9Ms1wIDAQAB -AoGAHRo1cKtDzARXD+74H8ZHAiRJAkmCKvCGxQie25TWH+NRDS2L9HfL7XqfjSdf -iIEmlkElSzHR2wt6wkrX54zJKxMNayc88UfInQ03a4XwFzAksTf05zpdGPbkKohi -eeQcf3Raq+Swe4pTEwyEU8mDidM/rKJst+zMiE4UMeVGTQECQQDZPFrVTyJwGBcS -sxJly0zXmZ8tvvsxIuplwAvbfCWbhEEgeO3LAKjcpb5HVOLfTe8+2ZO00ALidVCH -N6/ae+iLAkEA0GwPxjlbKnL1VcpKdsegntACxlHD0TonvIEINKv9PiKzHIhQo8xJ -Rt/2aBRAOJn+zB3FJxfQ+o6vEUwvBfEKZQJBANHMLTlG9M5nJZlkogb3YZ3y+j0W -7cdVniRoZcsySau4/aDbyWO9nleCJpMDUxwwSzdasAD2x2JnxD7itA4AjuMCQQCP -a+0m8M0lVtowYPYA6rpCzs05/4YKckRp2Tj2Vev8WBB87+jd7nP2S6PaVyUiTgYi -G9JRZnguEwWxl4U8R3RpAkA5QpGHFhXNI2xA0ZKYH1tgmYfLBAAiVrIDKJddtOf/ -rKceL88RXsjnA6PTN9AdpnJ4sTToR3HDeEwAQrNHMC2M ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt deleted file mode 100644 index c45074102e1..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy10-child-test.crt +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIJAITDCg/e+gWyMA0GCSqGSIb3DQEBBQUAMDMxCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAwHhcN -MDcxMTE1MDY1OTAwWhcNMTcxMTEyMDY1OTAwWjBDMQswCQYDVQQGEwJTRTESMBAG -A1UEAwwJVGVzdCBjZXJ0MRAwDgYDVQQDDAdwcm94eTEwMQ4wDAYDVQQDDAVjaGls -ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAroEn/MX0t84+NLivDSbN0y5r -ZRxaiTDYkmvbdvJuBryCCLkzUT+/eh3pEK52BODXZWD4oiEMJLubH/pz+/6eAb4T -ReAWft/wMFaOSZ37a7iLWr8vFaRfBjQREpEm0rCp7dPvWYrraRIIjMRJzAUwygXN -KSS4f5VZkMwNfT9wwE8CAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw -HQYDVR0OBBYEFJrcQRDczQ1P+84ND71GVT99a/2mMCUGCCsGAQUFBwEOAQH/BBYw -FAIBCjAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUAA4GBALIbzPSyUE5Q -4TWAUfATVsADj131V1Xe+HHgwXebWbnNCJIe3OyWoFqK3X5ATKzi6MzHzA+UngFK -KGl8m8Ogx9dYQKzP2LIw0GuvpMyc3azb/cvbWv3vmM55UEdBlqxSTFynqLdpJqtn -9dXq2wCNdUtbGEOpaRVOiZ0wjvpTB4wA ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/proxy10-child-test.key b/crypto/heimdal/lib/hx509/data/proxy10-child-test.key deleted file mode 100644 index 70cea5d344a..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy10-child-test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCugSf8xfS3zj40uK8NJs3TLmtlHFqJMNiSa9t28m4GvIIIuTNR -P796HekQrnYE4NdlYPiiIQwku5sf+nP7/p4BvhNF4BZ+3/AwVo5JnftruItavy8V -pF8GNBESkSbSsKnt0+9ZiutpEgiMxEnMBTDKBc0pJLh/lVmQzA19P3DATwIDAQAB -AoGAaYkc+Odzd9IYluP2ojqMkiJpuu2p53yODgeC4+38EsDg14vB+GpYT+9U68zG -/W5JdjtuQwc/g9ueFnnuuUEkpyMIKDdAl00ZJQU5Vvz+ooZdxp/iYm3axkV2Gc2l -mbulzUxgpomflDd/B3RXO1jY4ZttpVHTNUvjm7DtypiqsAkCQQDgIIRBtSipM3F6 -GYKgnmsjK+19YxUdMbHS6fyfg0TDIrSrBi5EqyjgA4MzxfzimvfKCiV6SSqFnU3G -MIWDLh2dAkEAx1IaAAi+DmED08rarKRU2Ma7KRQWlxjXTp6c9OrbzuCJrqZgscxJ -vBjmHzbXCKumRZwqWgzM5mRxPVX6npyn2wJBALrWQIqqI3hRuzJnG78b8QJD91nE -hHBu4eeKSZ8MBgGJ6AR+RYnXCV8dbn11eifJufECXlW/sqPqC1DBWDuP8P0CQFxg -utglNSCo6gMw0ySMjR5jDL8/JjElPDSd4pTIfNNm0aj2R35f9hSNXao92m+UTl2Y -wTA3Gof1KV6KCLuWU10CQCeGYU3SFAy5QLVqR0B0u19wWyS8ZMl06DjOslmu7Zp+ -x1GxxFu1MNFvcKwmFeeYcNU1t9X0tC7EhUIaLQk2kqM= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/proxy10-test.crt b/crypto/heimdal/lib/hx509/data/proxy10-test.crt deleted file mode 100644 index 331c3ea33aa..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy10-test.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICMjCCAZugAwIBAgIJAI8UaHGQmUvPMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDcxMTE1MDY1OTAwWhcNMTcx -MTEyMDY1OTAwWjAzMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MRAw -DgYDVQQDDAdwcm94eTEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTeTGh -PIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa610EeaRhB36lLhIS3aEtoG -LKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8ZJADEe1kfMuFgKd49l4y -PNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQABo2AwXjAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUe24gc/gLyB6DW4gELVL3axuZTbkwJQYI -KwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEF -BQADgYEABlvvmLwl6ZjaLdTGmxDD2eHN4/IbjYj1Vta2zQOKKA/W4qrkhmSNpy0x -+v9tqf2fumNSpspqF+g814pXbqSMuObHEE1IeUmiGwVPC7AMWVXd2skMdkjEqhLM -8qvDrPt+c5rGnnqM9AqrT/xDgXm7XnPLSFcrX/q8xVKVztskgEU= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/proxy10-test.key b/crypto/heimdal/lib/hx509/data/proxy10-test.key deleted file mode 100644 index 3bc0b4582f1..00000000000 --- a/crypto/heimdal/lib/hx509/data/proxy10-test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXwIBAAKBgQDTeTGhPIY39c75rcek77oZeDKnvO9zmsU2nlPnKpNsQ/QYEa61 -0EeaRhB36lLhIS3aEtoGLKgHeDF+jxasog3GNWZ7/EF5x5VwIbXo659ZbDwnT8c8 -ZJADEe1kfMuFgKd49l4yPNCqN4LX2DdAh2HIb7x1iw7Fnu7s0Xnipgq0twIDAQAB -AoGBANDEIiSklXQFLFD8J81CBBxEtu007cbYkbx7zSS2uVb2NrDUM/+1IBrC9FsN -bshlctiIJ8hUqYTGOUZRh/bg/GpVOgTRAgaMBEBOYXra7r7TVcUUxpC8CzX9hevl -H42T6Ez6+Ednfg0RX6rZTiFeCNV3ADkguO07mlgSppiQJmlxAkEA/ICw/Ar/GtJH -/EK8jrbxzakNzFxtHUtVNwSALsiWZUfJWJgf7jDsl0XB8w/HhVDrdwfc+Aiexxc9 -SPJKKqdpswJBANZnBfxEucE1SWu9elvPNWIMYBXinfMvfnkSt81KH3AfObiUj93d -LCii1sF/x2aDeKJseFiUycy9xQXhQMF5vu0CQQCPECs24tQfUj1PBFDpW2YtbDdR -Lpz0GBa0EWy/FQ+BWucNt0OAJWAnZXK6UJpvQqXmzyG3tsqfat9iUUUMXcZZAkEA -vc+PePrPCMHIMl4ZCVa0iA00s6tg8n7FlSKBHnnUw0qhq0u64kyAX6lqPvyE57jU -/9bP5Hw0+9G1r7LvxVmnMQJBAMdphUdEYRlIZ0GTnIETDzjm3lge06cXzLvXFIps -nCANLV4OXJZVaTUrnDINLJVHu5d+Mx1pTw6GOF+v0+LjbF4= ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/revoke.crt b/crypto/heimdal/lib/hx509/data/revoke.crt deleted file mode 100644 index 0adcc2d1b4f..00000000000 --- a/crypto/heimdal/lib/hx509/data/revoke.crt +++ /dev/null @@ -1,53 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:56 2007 GMT - Not After : Nov 12 06:58:56 2017 GMT - Subject: C=SE, CN=Revoke cert - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b3:24:de:14:fc:b6:80:e2:34:59:81:1f:ec:cb: - 00:21:75:e5:34:88:09:5e:5e:8e:f8:91:6b:ab:09: - 34:f8:6c:69:14:00:c5:47:f2:d7:de:a0:32:00:02: - 63:79:3c:14:1a:a9:4d:d1:1d:c0:fc:a7:50:72:26: - 96:53:d1:9f:a9:5f:f4:82:4d:4b:17:3b:fe:14:60: - 42:94:22:93:3e:c5:14:97:c8:a3:6a:8e:bd:90:03: - 22:12:9e:41:ca:a5:de:4f:57:f4:bf:f1:9e:f8:63: - 4f:c0:9e:c8:3c:e1:8b:89:60:3a:2b:5c:a7:b7:6e: - a0:48:34:49:58:61:a0:34:6d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - F3:E2:96:20:28:53:21:92:67:A8:5C:B5:2C:7E:87:CF:7A:07:3D:84 - Signature Algorithm: sha1WithRSAEncryption - 90:39:f3:a6:fe:92:b9:92:4c:75:58:b2:51:36:11:07:f5:a2: - 71:dc:90:d7:2b:b5:bc:37:c8:30:4f:a4:6b:41:11:63:3e:53: - 42:ae:6f:59:7d:f8:b0:59:01:2f:50:4f:2d:21:7e:6a:58:bd: - 74:f1:69:c5:62:3d:8f:fa:1a:c8:7e:a4:30:dc:01:8b:c9:f8: - 77:44:5c:d3:a4:ab:9a:50:cc:45:d0:65:00:5c:fe:d3:b5:a3: - 7a:f1:b1:5c:25:0f:06:16:5f:cf:e2:5d:0b:87:c0:fe:14:b8: - 0a:10:17:55:34:15:4d:44:6b:60:80:6e:af:7b:81:30:47:5c: - f3:fe ------BEGIN CERTIFICATE----- -MIIB/DCCAWWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3 -MTExMjA2NTg1NlowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMMC1Jldm9rZSBjZXJ0 -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJN4U/LaA4jRZgR/sywAhdeU0 -iAleXo74kWurCTT4bGkUAMVH8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SC -TUsXO/4UYEKUIpM+xRSXyKNqjr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDor -XKe3bqBINElYYaA0bQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd -BgNVHQ4EFgQU8+KWIChTIZJnqFy1LH6Hz3oHPYQwDQYJKoZIhvcNAQEFBQADgYEA -kDnzpv6SuZJMdViyUTYRB/WicdyQ1yu1vDfIME+ka0ERYz5TQq5vWX34sFkBL1BP -LSF+ali9dPFpxWI9j/oayH6kMNwBi8n4d0Rc06SrmlDMRdBlAFz+07WjevGxXCUP -BhZfz+JdC4fA/hS4ChAXVTQVTURrYIBur3uBMEdc8/4= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/revoke.key b/crypto/heimdal/lib/hx509/data/revoke.key deleted file mode 100644 index a4c68aed196..00000000000 --- a/crypto/heimdal/lib/hx509/data/revoke.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCzJN4U/LaA4jRZgR/sywAhdeU0iAleXo74kWurCTT4bGkUAMVH -8tfeoDIAAmN5PBQaqU3RHcD8p1ByJpZT0Z+pX/SCTUsXO/4UYEKUIpM+xRSXyKNq -jr2QAyISnkHKpd5PV/S/8Z74Y0/Ansg84YuJYDorXKe3bqBINElYYaA0bQIDAQAB -AoGAIDHl/5uTKQJ+Kf+8vw+UjG7lrFUuadlQlHd+BBT5ghPppoCk89M+3HGpyrqj -KeyUKF5477YLMtzW5kztA09PBBJvMjSm92dI2uCYfipkIWZZUlq64AStI15pgeVd -cH61hxOUCm47tqhtkaO11DnKkoJBXaAVIe2ySG2sIZQH+gECQQDjhMdCWkaO+HUe -utqKJCq6pUkwSelgLEINDVoRVgJ+qUHb0nN06DmPfcfxwqfgP/vS6baKkGIBCiZJ -n9Kfd23BAkEAyZHXY5iGSq9qc2ern0CcyitNozvtm6eEZYVvJxVMsVBQRo23EmGF -68SJlHjpY+nHyPWEkbG99R/CMdr3FV9JrQJBAOG/hoKk1mvXxUYXeu4kkq0dgXBD -diex4lvXCq423ETXJny55UtzfGGPGUwdq7rLYc/VjAUS29tSOclFppQJyUECQQDA -J7P5UhHTaN5GHfJR4rqVUCq3Dg45cLyaO1X3ICr4bePZHogDkcylMbsmOw3jHZ5D -SSqT6al44Em0VVVunmQRAkBUAQzHGGJnMKI9ZSdD3J6scWCVIjHVgaehYe9a8DlK -DeZ4KYGG0+1aUdkqeYE8c6Qqp+pdjPmRMdooww6y+Xk1 ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/sf-class2-root.pem b/crypto/heimdal/lib/hx509/data/sf-class2-root.pem deleted file mode 100644 index d552e65dddb..00000000000 --- a/crypto/heimdal/lib/hx509/data/sf-class2-root.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp -U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw -NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE -ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp -ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 -DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf -8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN -+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 -X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa -K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA -1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G -A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR -zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 -YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD -bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w -DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 -L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D -eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp -VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY -WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/static-file b/crypto/heimdal/lib/hx509/data/static-file deleted file mode 100644 index 2216857ccca..00000000000 --- a/crypto/heimdal/lib/hx509/data/static-file +++ /dev/null @@ -1,84 +0,0 @@ -This is a static file don't change the content, it is used in the test - -#!/bin/sh -# -# Copyright (c) 2005 Kungliga Tekniska Högskolan -# (Royal Institute of Technology, Stockholm, Sweden). -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the Institute nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# - -srcdir="@srcdir@" - -echo "try printing" -./hxtool print \ - --pass=PASS:foobar \ - PKCS12:$srcdir/data/test.p12 || exit 1 - -echo "make sure entry is found (friendlyname)" -./hxtool query \ - --pass=PASS:foobar \ - --friendlyname=friendlyname-test \ - PKCS12:$srcdir/data/test.p12 || exit 1 - -echo "make sure entry is not found (friendlyname)" -./hxtool query \ - --pass=PASS:foobar \ - --friendlyname=friendlyname-test-not \ - PKCS12:$srcdir/data/test.p12 && exit 1 - -echo "check for ca cert (friendlyname)" -./hxtool query \ - --pass=PASS:foobar \ - --friendlyname=ca \ - PKCS12:$srcdir/data/test.p12 || exit 1 - -echo "make sure entry is not found (friendlyname)" -./hxtool query \ - --pass=PASS:foobar \ - --friendlyname=friendlyname-test \ - PKCS12:$srcdir/data/sub-cert.p12 && exit 1 - -echo "make sure entry is found (friendlyname|private key)" -./hxtool query \ - --pass=PASS:foobar \ - --friendlyname=friendlyname-test \ - --private-key \ - PKCS12:$srcdir/data/test.p12 || exit 1 - -echo "make sure entry is not found (friendlyname|private key)" -./hxtool query \ - --pass=PASS:foobar \ - --friendlyname=ca \ - --private-key \ - PKCS12:$srcdir/data/test.p12 && exit 1 - -exit 0 - diff --git a/crypto/heimdal/lib/hx509/data/sub-ca.crt b/crypto/heimdal/lib/hx509/data/sub-ca.crt deleted file mode 100644 index 6cb485ab188..00000000000 --- a/crypto/heimdal/lib/hx509/data/sub-ca.crt +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 9 (0x9) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:59 2007 GMT - Not After : Nov 12 06:58:59 2017 GMT - Subject: C=SE, CN=Sub CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:f3:ab:db:06:fa:f9:a1:84:35:a6:fb:a4:a9:39: - 5f:54:10:a2:a4:3f:1a:ae:2c:7e:bd:dd:aa:63:4a: - 7a:62:99:07:25:af:eb:62:b4:20:93:67:46:59:b4: - 30:85:81:24:41:9d:49:97:fb:a3:ce:74:61:f7:ff: - d5:9e:b1:9b:d3:5a:8b:59:51:76:99:69:2a:73:02: - e9:2d:39:3f:21:b8:2f:f1:af:91:1f:f1:c3:e3:4d: - c0:e4:87:95:df:e7:d2:e7:27:a6:cd:c4:cf:97:e6: - b8:24:31:d1:66:d3:af:f8:06:8b:9c:81:bf:66:54: - 53:08:0a:ee:15:71:b2:a5:a5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 36:04:CF:AD:8B:30:E2:5D:C0:43:8C:09:0B:4D:50:7B:1F:39:41:17 - X509v3 Authority Key Identifier: - keyid:8C:E7:0D:B5:C5:DE:69:85:75:2C:08:A1:DE:53:15:30:9C:A1:E8:00 - DirName:/CN=hx509 Test Root CA/C=SE - serial:B7:94:5E:85:B2:19:80:58 - - X509v3 Basic Constraints: - CA:TRUE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign - Signature Algorithm: sha1WithRSAEncryption - 5b:f9:bb:2c:d2:d6:4d:bb:20:b1:05:fc:67:45:de:9c:5e:83: - 35:24:9a:f6:33:bc:3d:ca:27:dc:be:3c:cb:c6:d7:c5:b4:d3: - 9e:c4:c2:60:4d:dc:21:2c:f4:88:ec:dd:41:37:58:63:45:d6: - 9b:32:7d:f8:e0:d1:41:0f:f3:30:20:7d:15:af:49:15:2b:cb: - db:fe:90:6e:db:84:fa:92:a3:ac:83:25:5a:ab:49:7a:1e:2b: - dc:c9:74:7b:9f:2b:62:a9:6f:ef:b9:89:72:4b:ea:02:5a:27: - 93:b7:9d:fd:e2:a3:73:04:52:d0:98:5a:a3:23:f5:02:56:b6: - c6:8f ------BEGIN CERTIFICATE----- -MIICWDCCAcGgAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1OVoXDTE3 -MTExMjA2NTg1OVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBlN1YiBDQTCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA86vbBvr5oYQ1pvukqTlfVBCipD8arix+ -vd2qY0p6YpkHJa/rYrQgk2dGWbQwhYEkQZ1Jl/ujznRh9//VnrGb01qLWVF2mWkq -cwLpLTk/Ibgv8a+RH/HD403A5IeV3+fS5yemzcTPl+a4JDHRZtOv+AaLnIG/ZlRT -CAruFXGypaUCAwEAAaOBmTCBljAdBgNVHQ4EFgQUNgTPrYsw4l3AQ4wJC01Qex85 -QRcwWgYDVR0jBFMwUYAUjOcNtcXeaYV1LAih3lMVMJyh6AChLqQsMCoxGzAZBgNV -BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0WCCQC3lF6FshmAWDAM -BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB5jANBgkqhkiG9w0BAQUFAAOBgQBb+bss -0tZNuyCxBfxnRd6cXoM1JJr2M7w9yifcvjzLxtfFtNOexMJgTdwhLPSI7N1BN1hj -RdabMn344NFBD/MwIH0Vr0kVK8vb/pBu24T6kqOsgyVaq0l6HivcyXR7nytiqW/v -uYlyS+oCWieTt5394qNzBFLQmFqjI/UCVrbGjw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/sub-ca.key b/crypto/heimdal/lib/hx509/data/sub-ca.key deleted file mode 100644 index 070d21d00af..00000000000 --- a/crypto/heimdal/lib/hx509/data/sub-ca.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDzq9sG+vmhhDWm+6SpOV9UEKKkPxquLH693apjSnpimQclr+ti -tCCTZ0ZZtDCFgSRBnUmX+6POdGH3/9WesZvTWotZUXaZaSpzAuktOT8huC/xr5Ef -8cPjTcDkh5Xf59LnJ6bNxM+X5rgkMdFm06/4Boucgb9mVFMICu4VcbKlpQIDAQAB -AoGBAIoiQmgSnrERYdjnjtDf1Uqyo4C4xUc3siGwJ4diET8TwRl8QNQTiOQHB7qS -i28jZopLwAyIerPvBhqwzUjJJqvu1z+5/MjwBJ/aonmJjJ9e3nqk/KE658xGg5E8 -V64DYRif0YboZEYJo5yzU9UEdEPI4zTyhFlR21TmOZkidnwBAkEA/IIRCcGs/FNR -q9tEW8ARK1DEeerXhoV9Xye9xYb5UNyH4f6J31NdkvYOMA4F0+0lKecaKmPtKsu7 -gQrFZYwt/QJBAPcKgUVOJox/s/o1PXRGjifl1haehcawWNLtN/UnFZcUKslyMkxh -qyCJJ0SuX7quQqy+++hFj/DwNdECaFRd0skCQBocdRiWL4Y0M3jbBrmaJexdwMN+ -tmTRvwItAOHBMFzdQSvsf2NZoo6E5Tiw6odcuYAYxsrlZGwNf0k7zOfQVB0CQQDy -GWdqZhY9JoFYuYhKRULXMtTGQgBUIUpLG5L1O6Ja9rafyLwmQqkUL5U+J61FI7XP -2TLCBDn2I1J6TGO2GmSRAkAIFsFpkrq4q+lbJ3Vr3UpfhRJsTVOD5SgZx1umn63l -jEz5/r4HCg/Q0/yiPiYaTHutfnsChg3/AfbmWcA6j4NU ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.crt b/crypto/heimdal/lib/hx509/data/sub-cert.crt deleted file mode 100644 index fe23a373a1f..00000000000 --- a/crypto/heimdal/lib/hx509/data/sub-cert.crt +++ /dev/null @@ -1,53 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 10 (0xa) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=SE, CN=Sub CA - Validity - Not Before: Nov 15 06:58:59 2007 GMT - Not After : Nov 12 06:58:59 2017 GMT - Subject: C=SE, CN=Test sub cert - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:da:41:57:e1:62:23:1b:bf:ac:1c:a9:06:c8:98: - 77:38:dc:33:a3:03:c0:02:6d:d8:6d:68:95:b1:ea: - 60:c0:c2:96:23:34:91:fb:32:44:44:cd:72:40:5b: - a3:cf:57:94:3c:8d:a9:30:11:73:61:15:17:10:a6: - 17:7d:9d:27:f0:58:23:ee:a4:83:3c:b1:0f:20:0c: - a4:3d:01:ef:de:93:cb:b5:02:c1:1e:b4:54:35:6a: - 8f:55:7b:5d:76:0a:f9:6d:b1:31:25:4c:fb:e2:d6: - 6e:94:e9:8a:c4:cc:4e:28:6b:bd:4c:80:85:2c:87: - eb:31:88:6d:27:2a:d3:df:1f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - D3:5F:89:9B:31:E6:2A:E0:C6:64:27:9F:A4:E5:42:8C:70:99:96:25 - Signature Algorithm: sha1WithRSAEncryption - 34:f9:9f:c5:6f:44:55:6a:15:8f:51:ab:c1:44:18:0e:eb:9a: - d0:c4:64:ce:ab:24:2b:77:82:f3:88:e3:9e:1f:9c:8d:28:a6: - be:3d:d5:3e:5e:95:01:c8:b9:d4:e2:b5:17:06:1d:10:0b:a5: - 64:29:d9:45:b0:fd:16:ec:5d:3c:3f:58:55:25:90:d0:e4:4f: - 3f:9f:9c:5f:d5:1e:0c:73:a5:1a:7c:71:10:b5:a3:d5:fb:0f: - d3:de:fc:9a:06:bc:0b:8c:72:eb:bc:fc:d1:47:87:68:44:25: - 25:ab:51:e9:af:d8:9e:1b:04:f2:1c:4f:4c:27:a0:87:11:4a: - 69:67 ------BEGIN CERTIFICATE----- -MIIB8jCCAVugAwIBAgIBCjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJTRTEP -MA0GA1UEAwwGU3ViIENBMB4XDTA3MTExNTA2NTg1OVoXDTE3MTExMjA2NTg1OVow -JTELMAkGA1UEBhMCU0UxFjAUBgNVBAMMDVRlc3Qgc3ViIGNlcnQwgZ8wDQYJKoZI -hvcNAQEBBQADgY0AMIGJAoGBANpBV+FiIxu/rBypBsiYdzjcM6MDwAJt2G1olbHq -YMDCliM0kfsyRETNckBbo89XlDyNqTARc2EVFxCmF32dJ/BYI+6kgzyxDyAMpD0B -796Ty7UCwR60VDVqj1V7XXYK+W2xMSVM++LWbpTpisTMTihrvUyAhSyH6zGIbScq -098fAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTT -X4mbMeYq4MZkJ5+k5UKMcJmWJTANBgkqhkiG9w0BAQUFAAOBgQA0+Z/Fb0RVahWP -UavBRBgO65rQxGTOqyQrd4LziOOeH5yNKKa+PdU+XpUByLnU4rUXBh0QC6VkKdlF -sP0W7F08P1hVJZDQ5E8/n5xf1R4Mc6UafHEQtaPV+w/T3vyaBrwLjHLrvPzRR4do -RCUlq1Hpr9ieGwTyHE9MJ6CHEUppZw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.key b/crypto/heimdal/lib/hx509/data/sub-cert.key deleted file mode 100644 index b9faa56eb2e..00000000000 --- a/crypto/heimdal/lib/hx509/data/sub-cert.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDaQVfhYiMbv6wcqQbImHc43DOjA8ACbdhtaJWx6mDAwpYjNJH7 -MkREzXJAW6PPV5Q8jakwEXNhFRcQphd9nSfwWCPupIM8sQ8gDKQ9Ae/ek8u1AsEe -tFQ1ao9Ve112CvltsTElTPvi1m6U6YrEzE4oa71MgIUsh+sxiG0nKtPfHwIDAQAB -AoGBAMPvk4h4BNK9gTL9n2RoU+fM7+Jx1GeZ24llMbZWlmOWjRiv8joTx2wJEH+s -hWP32NF/z5qin/VQ7LL6mO4hLx8RbPysfZH2PGwGLBsL6yFKrpVLEb6Gze7bfaNC -Zxqz2zBaUup5IN5IoQbYmhYgo7h+uca2FKZMtWZlvxsNb22hAkEA/QCwdBhlf7w9 -BUWezxxm5o/laKhvP7RYem43eJNKj1tenB1MnbjM6R3Ckp0ykbKQIEL3mjTEUR+/ -31yfSjKRrwJBANzXRXmowoaKFrjkRFjfKrSk6cIa5/32U4Shy3/1LRoHv1qcsyEv -0Acn5aE8vdiYK4J/OqiS87KFYH6WISCEFZECQQDg4xH1wBHIfvwGiaHmGyrkWpfi -dYWdrKLRANNR3Cr0TpVEU07dC30o4YkoZY6jr4MpCh2o9qpiKcSVuHDmtRiFAkBE -AsvznqRhuK8su6fM0tWdElinHZAqpyyrYQSB4KjGJnKo3i9QXiArw/60/DbfOGXV -54bSGYeRh//inCuRjvvxAkBv9rarlopkpj29aAM4e4gs5W4ssl0uOjnSBiSH+Zn/ -j/oYrQgvpITFLCdF48D44GWtupw5zCLiJAREySaNma4Z ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/sub-cert.p12 b/crypto/heimdal/lib/hx509/data/sub-cert.p12 deleted file mode 100644 index 90def937974..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/sub-cert.p12 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-ds-only.crt b/crypto/heimdal/lib/hx509/data/test-ds-only.crt deleted file mode 100644 index 78559c662e3..00000000000 --- a/crypto/heimdal/lib/hx509/data/test-ds-only.crt +++ /dev/null @@ -1,53 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 5 (0x5) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:57 2007 GMT - Not After : Nov 12 06:58:57 2017 GMT - Subject: C=SE, CN=Test cert DigitalSignature - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c7:40:d0:87:47:81:b2:4e:4b:36:7c:c9:8d:9d: - eb:dc:65:13:20:dc:72:0f:bf:5e:44:36:aa:18:fc: - 09:54:8c:1a:4e:15:5a:c5:c3:0c:95:f7:55:1c:b0: - 93:d2:80:92:eb:7e:67:b4:2e:9c:0c:fd:65:6a:9c: - d6:35:d2:c2:62:3f:a2:6c:90:9e:a6:5a:59:33:e1: - 3a:13:9a:9d:9a:7e:2b:a2:44:96:41:87:b3:e2:b8: - 62:1b:88:46:08:39:c5:7a:90:83:42:22:c9:73:9f: - 41:51:1d:40:34:0f:94:0e:2a:ee:27:76:6d:6d:44: - d2:e7:90:ad:9c:da:f8:7f:87 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation - X509v3 Subject Key Identifier: - B9:41:3E:C9:AB:F2:37:75:F1:F8:C7:86:BB:54:78:76:15:16:D9:BB - Signature Algorithm: sha1WithRSAEncryption - 72:fc:ea:ad:ec:08:be:45:34:5e:d0:1b:d0:0d:fc:2f:70:89: - 8e:58:fb:15:ce:7b:78:8f:db:e9:97:cc:89:10:e6:10:f5:22: - f9:e9:c6:0d:4e:f9:35:c6:e2:5f:ab:28:47:e3:d6:94:d0:80: - db:44:4a:a9:8b:86:8b:c6:09:7b:d5:eb:07:ef:92:5a:ac:9a: - a7:04:c5:e2:c5:3f:01:d0:c1:92:c1:14:90:50:bd:0f:38:09: - 0e:c5:9f:96:bd:42:8b:87:ac:b1:62:ca:bc:79:1d:fc:23:06: - 55:b3:55:f2:b8:49:67:8e:d7:63:1f:52:aa:b9:19:e0:1f:18: - 11:ac ------BEGIN CERTIFICATE----- -MIICCzCCAXSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3 -MTExMjA2NTg1N1owMjELMAkGA1UEBhMCU0UxIzAhBgNVBAMMGlRlc3QgY2VydCBE -aWdpdGFsU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHQNCH -R4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrFwwyV91UcsJPSgJLrfme0 -LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZBh7PiuGIbiEYIOcV6kINC -Islzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQABozkwNzAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUuUE+yavyN3Xx+MeGu1R4dhUW2bswDQYJ -KoZIhvcNAQEFBQADgYEAcvzqrewIvkU0XtAb0A38L3CJjlj7Fc57eI/b6ZfMiRDm -EPUi+enGDU75NcbiX6soR+PWlNCA20RKqYuGi8YJe9XrB++SWqyapwTF4sU/AdDB -ksEUkFC9DzgJDsWflr1Ci4essWLKvHkd/CMGVbNV8rhJZ47XYx9SqrkZ4B8YEaw= ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/test-ds-only.key b/crypto/heimdal/lib/hx509/data/test-ds-only.key deleted file mode 100644 index 1233c34b1b2..00000000000 --- a/crypto/heimdal/lib/hx509/data/test-ds-only.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDHQNCHR4GyTks2fMmNnevcZRMg3HIPv15ENqoY/AlUjBpOFVrF -wwyV91UcsJPSgJLrfme0LpwM/WVqnNY10sJiP6JskJ6mWlkz4ToTmp2afiuiRJZB -h7PiuGIbiEYIOcV6kINCIslzn0FRHUA0D5QOKu4ndm1tRNLnkK2c2vh/hwIDAQAB -AoGAPa3Ln0S8WjSwRaKlRahP/b5wCGkVCdjkVltRlkBWpwxjjC5CFhvFxpp0h1gF -ulDAqhNMCNOwzLiX70Ozb5/ZOcK6eIYolFDf8ldc5fSJMTIZF2V6CzICNNKFGWpI -z5QFhfQDqru6ZaWtPuK4sJIcmBx1nMTu4z9rNjvnGqJV/ckCQQDm8HfOI6f5Dlgg -QI9My7uDshfF2j6lo8wX32Vsgfb2PO+a6BGCCQhSjlKSZoiOH+KNz1/fp0/sbeGY -ZbdJSMg9AkEA3OAZrLlgKId6Gs5EjDfvq2njJf4dAOk5aH8HB1u18VuRvdkWxEwo -A7zrFZz+l1U52OMNKazPuPLju7foen9fEwJAR1URfG/RC4HdwKCQYsUvN1+ELk3a -OemdOeZ7+ocuVCLAU9XIyqSlmHJzmNro5RV+MhVS5M9WRY4vN5Z7hbxgdQJBAJG3 -NrkAwzN5zVCJ7Cclb/SCMt0JvFCxjLInu5dbJblJU+kPozl1lKCCrgTgQgXMsBEq -GbD41UGK3DsnpTPLfAkCQQCeZlgPiddfNhyg3SQOgj1M/3NBEfJFnX3FqlF32Pvz -0U29o0iMSP4q2j+cyUxAmlp9I7clhq7bBRTfCHKIHETg ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128 b/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128 deleted file mode 100644 index c706839a3fb..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-128 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256 b/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256 deleted file mode 100644 index 1d5ef41ec42..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-aes-256 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-des b/crypto/heimdal/lib/hx509/data/test-enveloped-des deleted file mode 100644 index 85a08d901a4..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-des and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3 b/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3 deleted file mode 100644 index deb5fe1ce4b..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128 deleted file mode 100644 index ebe0b5faa05..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40 deleted file mode 100644 index c664b81c3db..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64 b/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64 deleted file mode 100644 index 24bd3681800..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-ke-only.crt b/crypto/heimdal/lib/hx509/data/test-ke-only.crt deleted file mode 100644 index 9239de47255..00000000000 --- a/crypto/heimdal/lib/hx509/data/test-ke-only.crt +++ /dev/null @@ -1,53 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:57 2007 GMT - Not After : Nov 12 06:58:57 2017 GMT - Subject: C=SE, CN=Test cert KeyEncipherment - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:bd:6a:09:6d:65:fd:2f:a6:02:74:48:59:5a:d6: - b1:cf:d2:30:60:21:92:bf:ed:94:d1:df:e9:de:b7: - c2:c5:5d:c8:7b:a7:f2:b3:e0:1b:78:ba:a8:ba:4b: - ee:95:5c:06:77:10:39:be:e5:4c:4a:f0:1e:96:a0: - df:77:7a:7a:06:ce:95:b0:d9:fd:ac:4b:85:45:b1: - 7c:a5:51:af:b8:c3:82:6f:21:09:37:03:b0:61:e0: - 04:46:a8:71:56:a6:36:67:79:42:e1:ef:bf:28:1d: - a0:ef:02:6e:26:60:e1:fe:05:95:72:87:b9:c1:08: - 8e:ed:dc:fd:71:06:15:80:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - 17:F3:F4:8B:D1:CD:D4:A3:D9:9D:A0:0E:6E:52:EE:11:03:85:32:6F - Signature Algorithm: sha1WithRSAEncryption - 5f:1d:86:c2:bd:eb:c7:75:ad:b6:ec:c8:10:96:4f:8b:b2:36: - b4:7b:ba:c4:b5:6c:1c:2e:80:eb:d0:97:5f:71:48:8a:79:f7: - 05:ee:2b:96:ef:b9:68:0d:fa:86:73:c7:30:3f:22:81:ea:cf: - 46:3a:4b:4d:31:39:29:5d:1a:b8:44:ae:12:f1:18:ea:de:55: - 47:f4:1c:77:07:34:41:cf:1c:f1:1c:f8:0d:63:c1:e8:b4:98: - e7:cb:c1:2d:96:b3:5a:21:6e:fa:e7:e1:15:87:84:c9:71:31: - 5f:6f:93:98:7f:ca:00:d3:8d:96:bb:b5:03:af:c0:4d:4e:a2: - a5:97 ------BEGIN CERTIFICATE----- -MIICCjCCAXOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1N1oXDTE3 -MTExMjA2NTg1N1owMTELMAkGA1UEBhMCU0UxIjAgBgNVBAMMGVRlc3QgY2VydCBL -ZXlFbmNpcGhlcm1lbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1qCW1l -/S+mAnRIWVrWsc/SMGAhkr/tlNHf6d63wsVdyHun8rPgG3i6qLpL7pVcBncQOb7l -TErwHpag33d6egbOlbDZ/axLhUWxfKVRr7jDgm8hCTcDsGHgBEaocVamNmd5QuHv -vygdoO8CbiZg4f4FlXKHucEIju3c/XEGFYB5AgMBAAGjOTA3MAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgVgMB0GA1UdDgQWBBQX8/SL0c3Uo9mdoA5uUu4RA4UybzANBgkq -hkiG9w0BAQUFAAOBgQBfHYbCvevHda227MgQlk+Lsja0e7rEtWwcLoDr0JdfcUiK -efcF7iuW77loDfqGc8cwPyKB6s9GOktNMTkpXRq4RK4S8Rjq3lVH9Bx3BzRBzxzx -HPgNY8HotJjny8EtlrNaIW765+EVh4TJcTFfb5OYf8oA042Wu7UDr8BNTqKllw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/test-ke-only.key b/crypto/heimdal/lib/hx509/data/test-ke-only.key deleted file mode 100644 index 878267e0156..00000000000 --- a/crypto/heimdal/lib/hx509/data/test-ke-only.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC9agltZf0vpgJ0SFla1rHP0jBgIZK/7ZTR3+net8LFXch7p/Kz -4Bt4uqi6S+6VXAZ3EDm+5UxK8B6WoN93enoGzpWw2f2sS4VFsXylUa+4w4JvIQk3 -A7Bh4ARGqHFWpjZneULh778oHaDvAm4mYOH+BZVyh7nBCI7t3P1xBhWAeQIDAQAB -AoGASR2vee1OqJ/6foyXAXuys7g9OD59eVzqf4Fhs7lXk/w5sZIJG+o8cIQNMayx -8jHNxRQcVlYI9zxtclOzL1m11FPRgP6oVicPdIbKf/9JQhjlq/RgX/N66iBSPOW3 -80RtZ0G9pI+9RQN3sG1t39sXyMZJz5ApkcrsIfkX7Ej8tAkCQQD1mqP32MjUIpDc -x15ybBXib7E/27f/aM04Zg4D1WLkYANmUKFLiNeKKEIy+R6iQ9bqcWdh/u2Pu08e -I9eusolbAkEAxW6GQOihK5hsmKY7QdrORP6I6g8nqu/esiN1/LMtIVZdHtuaLxea -3XUIewnK1h5d2eKXyWjMgT8o5y/XtT5xuwJAVW7mbJeHPGuNso7TZr/8WNj7cjgu -5/R/toehhmnazZAsfpG7mbfPKirY5DxOEKnCf6jVCnyQDHhejCBxrT5DkwJBALrW -MW7Tt1JOWNbM2V8k9fcM+fymgt+dSJ5EOK//0EGwPUeqgmr2Z7QTwQbO6YlgC2ja -qtILvxzA7LB78iKvCWkCQQCOPkDbIzy5JM8AZtUFYb7PqJBb5fHDg3wiKWXiTh8+ -eaBxDdbBxCsamPLwfP2cguCvVv9yz3ODA9Aopny9iAv3 ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/test-nopw.p12 b/crypto/heimdal/lib/hx509/data/test-nopw.p12 deleted file mode 100644 index 49db084e623..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-nopw.p12 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-pw.key b/crypto/heimdal/lib/hx509/data/test-pw.key deleted file mode 100644 index e844a98bbc0..00000000000 --- a/crypto/heimdal/lib/hx509/data/test-pw.key +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,B9B1B14B38E4ED57E3F9D8DFA7FEB086 - -mgUkuZfb6TTZ+69kLKbHpwfSYmY1tRMeIuuqcY6qdNpF70kiZ6BylMYzGG29OZJQ -ttiYmYz1zFYVhWrnpGnK7Raa7CHaohlcPfiUBD2lRzNmj6xYAJdooiR9kWNnZZe5 -JTOpLuokpSWSqgS58AB1BLkK67JGTEhF3iDwPff/oVBjW5X/VMRd62RfDk32MJmd -nd+xNdBeKk7nXwMITZyv3n5KayVohNSpFblIAwl/k8BDLavIKboZtJDqw9LyRpWC -KLtToAWTO7pvZcOoK9yIhM5TtbZkp7pQrebGjoYkvdF84i4oVS85q8swwsw7BFq5 -s8AVbdC0kcj5tfSaJYxFonyj5BHiEc1k1CLkcn0Aff1DhW/vR93W28UgQBT11Lxf -bvHxCSIGp6TKut7Jr1FGs6tzU5eTI2AlWeWJBoANDD2HaKnouRQfDEf8pHP9Odxg -nOQ4HinpwpylimqisYqHbeocO5izz1xioze82SxYQTUGj+gCViSBIBesVaZ31DGm -3ECN94ItCm9z6zAeMNtUdLkTY6rPeetwrXXcrWddD7p5c1HdWEEQHU1HilunQc6N -I39udeWfW0HlINxKu7IgOepNipdw9EFUPtY1LGP+2Xa3ezi8saXPbsq0i/0looWf -dhjvWke/uwi16zwDKL25pNSmSAKyhD+P46f5pcf1yk1MbMkFbfTrHzcxOIN1Fd5m -rFVJTUnVonQinb8cEyqgg/2ufvOe6AnaIqjsKdFUQthYrCg6Voupis+SXRbIefhr -diiBsOoIu8O38I9R6KmSs+CYTBeChWmt1sAJudRIgZ3v5vTm734qwlxijL4sSkYQ ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data b/crypto/heimdal/lib/hx509/data/test-signed-data deleted file mode 100644 index ae27556a0ae..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-signed-data and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr b/crypto/heimdal/lib/hx509/data/test-signed-data-noattr deleted file mode 100644 index 11b008eb3d4..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts b/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts deleted file mode 100644 index 0c94ab9f2be..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocerts and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/test.combined.crt b/crypto/heimdal/lib/hx509/data/test.combined.crt deleted file mode 100644 index 05c1e74bdc8..00000000000 --- a/crypto/heimdal/lib/hx509/data/test.combined.crt +++ /dev/null @@ -1,68 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:56 2007 GMT - Not After : Nov 12 06:58:56 2017 GMT - Subject: C=SE, CN=Test cert - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49: - 65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4: - ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3: - 48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db: - 35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52: - 43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa: - b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10: - 93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37: - 3a:45:71:fa:62:af:90:5e:c3 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB - Signature Algorithm: sha1WithRSAEncryption - 88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5: - 79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd: - f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4: - 71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be: - 14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71: - 07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df: - 98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b: - 43:7a ------BEGIN CERTIFICATE----- -MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3 -MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW -DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU -pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R -/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD -VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4 -7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa -Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL -fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6 ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3 -LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN -/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB -AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt -4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI -0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+ -iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU -pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4 -aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU -RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA -1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD -OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle -r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw== ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/test.crt b/crypto/heimdal/lib/hx509/data/test.crt deleted file mode 100644 index 607605b01df..00000000000 --- a/crypto/heimdal/lib/hx509/data/test.crt +++ /dev/null @@ -1,53 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=hx509 Test Root CA, C=SE - Validity - Not Before: Nov 15 06:58:56 2007 GMT - Not After : Nov 12 06:58:56 2017 GMT - Subject: C=SE, CN=Test cert - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e8:bd:c6:8e:de:37:d8:f3:43:23:c3:27:b6:49: - 65:33:a8:b2:a9:f0:16:0d:90:49:47:7b:90:98:e4: - ae:de:dd:64:b6:3b:48:b7:2e:0b:02:18:1f:85:f3: - 48:af:78:4b:54:34:63:62:06:30:f0:b5:a2:e9:db: - 35:6c:c7:55:f5:30:27:a0:66:54:a5:e8:52:27:52: - 43:4e:90:04:11:6a:e8:2b:52:e4:8d:fe:fd:c4:aa: - b0:4e:63:c6:aa:2d:0a:4e:1d:ae:1c:0d:c8:12:10: - 93:af:5c:e5:31:30:df:2c:0d:d7:c4:9e:d1:fd:37: - 3a:45:71:fa:62:af:90:5e:c3 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Key Usage: - Digital Signature, Non Repudiation, Key Encipherment - X509v3 Subject Key Identifier: - D0:9B:77:9A:88:C7:AD:71:07:17:56:E1:0C:4D:B2:23:85:81:D1:EB - Signature Algorithm: sha1WithRSAEncryption - 88:f8:ee:7d:35:36:1c:a9:71:e4:c5:64:b9:c9:c2:2d:9d:d5: - 79:67:25:12:d7:96:28:4c:dd:92:6a:19:6b:ce:bc:fa:78:bd: - f3:d2:c4:5c:a9:d9:4a:b7:ef:40:8f:c8:e2:1a:67:90:58:a4: - 71:76:87:c2:66:9e:69:57:37:c9:15:b8:c7:d9:fa:3f:32:be: - 14:5e:7b:41:5c:7f:c2:54:1b:f1:1b:15:20:8c:0a:62:7c:71: - 07:ff:7d:df:71:75:0c:4b:7d:b8:a1:59:e1:5a:4e:b7:c1:df: - 98:3b:cf:c9:de:e3:73:6f:fa:2d:fa:39:c5:59:92:08:c4:6b: - 43:7a ------BEGIN CERTIFICATE----- -MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA3MTExNTA2NTg1NloXDTE3 -MTExMjA2NTg1NlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6L3Gjt432PNDI8MntkllM6iyqfAW -DZBJR3uQmOSu3t1ktjtIty4LAhgfhfNIr3hLVDRjYgYw8LWi6ds1bMdV9TAnoGZU -pehSJ1JDTpAEEWroK1Lkjf79xKqwTmPGqi0KTh2uHA3IEhCTr1zlMTDfLA3XxJ7R -/Tc6RXH6Yq+QXsMCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD -VR0OBBYEFNCbd5qIx61xBxdW4QxNsiOFgdHrMA0GCSqGSIb3DQEBBQUAA4GBAIj4 -7n01NhypceTFZLnJwi2d1XlnJRLXlihM3ZJqGWvOvPp4vfPSxFyp2Uq370CPyOIa -Z5BYpHF2h8JmnmlXN8kVuMfZ+j8yvhRee0Fcf8JUG/EbFSCMCmJ8cQf/fd9xdQxL -fbihWeFaTrfB35g7z8ne43Nv+i36OcVZkgjEa0N6 ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/test.key b/crypto/heimdal/lib/hx509/data/test.key deleted file mode 100644 index 5251ceb74d3..00000000000 --- a/crypto/heimdal/lib/hx509/data/test.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDovcaO3jfY80Mjwye2SWUzqLKp8BYNkElHe5CY5K7e3WS2O0i3 -LgsCGB+F80iveEtUNGNiBjDwtaLp2zVsx1X1MCegZlSl6FInUkNOkAQRaugrUuSN -/v3EqrBOY8aqLQpOHa4cDcgSEJOvXOUxMN8sDdfEntH9NzpFcfpir5BewwIDAQAB -AoGBAKS3WsVWBBRo5cVzorFh9FvBMuEOZ60lxpbunoF2p0RXT6WhA2+RCH1s8TJt -4a0956IqiYOgehaBllEHsSHRWcUZ0P96qhZbVn1fWem0/U1VGb6d9WFftqPCOgYI -0joyDn+mmS1nhILexQARULyM67JyhX1xVbgFQUeTtr2WGIdBAkEA9hQURHdgxsu+ -iqe+93I1mA0LccKI3Mmb9jM0DBW1+NeGw17xE39u2DTLsFTIXkcpGzbaJYPaaOhU -pcpLX7haMQJBAPIgCT9cwEhX/MQq4eViCXd7blg4FxlDJDrD8sC8E0xss2N9Kpk4 -aJBtd4leOlzDwCanlWHrMCKo/NuE2b58FzMCQQDLTMtxxS6vDqTc6LlctX6RoDVU -RuPLhMTVInhdg5JTg7xSrJ1+/kkVVojxpRnkyeWsFiUj2UsYYNmOHxMmgagBAkEA -1to8uoAolEmXn89Zsv3C3salzRzAyob84DS+9e4uxdNzf+Yy5dHbX8Xzm+8EpQqD -OQnekgxsI2WHM5h4zAI7ZwJAefxLT1ljFxZmp1612/jqDaeNmmUHIN2aMpDinIle -r2S7S+UC+m573YcLZoYy9QAcTjnvgs/99zXjewfIQSQOmw== ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/data/test.p12 b/crypto/heimdal/lib/hx509/data/test.p12 deleted file mode 100644 index ad3e90acaa2..00000000000 Binary files a/crypto/heimdal/lib/hx509/data/test.p12 and /dev/null differ diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem deleted file mode 100644 index 32685d1fe8a..00000000000 --- a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV -BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx -LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK -UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd -MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28 -dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r -VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S -z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh -tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV -BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx -LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH -aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK -y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8 -uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem deleted file mode 100644 index b0726eac1d6..00000000000 --- a/crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV -BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx -LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK -UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV -BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG -6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf -M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV -HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp -Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU -340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK -EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN -BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O -Kw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem deleted file mode 100644 index 32685d1fe8a..00000000000 --- a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV -BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx -LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK -UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd -MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28 -dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r -VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S -z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh -tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV -BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx -LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH -aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK -y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8 -uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem b/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem deleted file mode 100644 index 9a89e59e2ad..00000000000 --- a/crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV -BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx -LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK -UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV -BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG -6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf -M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV -HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp -Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU -340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK -EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN -BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU -cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7 -Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg -Dw== ------END CERTIFICATE----- diff --git a/crypto/heimdal/lib/hx509/data/yutaka-pad.key b/crypto/heimdal/lib/hx509/data/yutaka-pad.key deleted file mode 100644 index 1763623880c..00000000000 --- a/crypto/heimdal/lib/hx509/data/yutaka-pad.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC9KlnqKD0Ol4oHrSHuKLVGK026+Sfgg058ReMKM9IXCYhsYmqf -Ja8pOIwrOC4RiQboJkBuzHji3eS+xUN5R3lZkFGAyh5B3W00kFTgFfE4DxtXN3Cy -3No95659C1kO8p8zh6P5+j+P2Vgf250K6DWG5o3JtwK2KPMaieR11fgkRQIDAQAB -AoGBAJCYvwJun713uNsFTNpv46EvmMtDiWfk9ymnglVaJ03Uy6ON11Kvy6UGxJ6E -4zIkPFNYaghH5GAGncP1pg4exHKRGJTNcQbMf9iOsCTOuvKSWbBZpnJcFllKyESK -PTt72D6x/cuzDXVTeWvQMoOILa09szW7aqFNIdxae4Vq7a4BAkEA6MoehuRtZ4N9 -Jtc9cIpSKOOatZ1UajWEFV2yVHaDED2kkWxKjppPzRn06LzX8LWm1RT0qe3Zyasi -iXCXlno/+QJBANAGvY+k/+OvzWnv1yTKO8OmrMqkSzh3KAhFbiVWdQaqMSCWtKYk -GoOKnq0PB73ExhdbTFmxC4KBPHTC2guOca0CQCD78pNebnoKUYNdYCFAGCAfD97H -6hwadRqp6gi5uhxk/5pzY6UNDF2dXexURayfsIHktD4Xq5I9o2kiAPibXdECQQDC -KihwlL9K02JVSMl0y1XxDfclxSd4cq9o2PUv4HymVeA43LGMiRI+SPpF6Ut+ctW6 -IzsmVDu7+chl6yD9vFyZAkA3Auv9UxKL3kPtvu5G/lrCVmwzVfAzuwtnmSfp1+M5 -yTYBz+VFSsYrdlDZ3jdLnFzVOMiIm9pZca/L93QjmXJ+ ------END RSA PRIVATE KEY----- diff --git a/crypto/heimdal/lib/hx509/doxygen.c b/crypto/heimdal/lib/hx509/doxygen.c index 488ae4b9bbb..0c7dd780aed 100644 --- a/crypto/heimdal/lib/hx509/doxygen.c +++ b/crypto/heimdal/lib/hx509/doxygen.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /** @mainpage Heimdal PKIX/X.509 library @@ -37,7 +37,7 @@ * * Heimdal libhx509 library is a implementation of the PKIX/X.509 and * related protocols. - * + * * PKIX/X.509 is ... * * @@ -70,7 +70,7 @@ * See the @ref page_cms for description and examples. */ /** @defgroup hx509_crypto hx509 crypto functions */ /** @defgroup hx509_misc hx509 misc functions */ -/** @defgroup hx509_name hx509 name functions +/** @defgroup hx509_name hx509 name functions * See the @ref page_name for description and examples. */ /** @defgroup hx509_revoke hx509 revokation checking functions * See the @ref page_revoke for description and examples. */ diff --git a/crypto/heimdal/lib/hx509/env.c b/crypto/heimdal/lib/hx509/env.c index f868c22488c..7598aebaae7 100644 --- a/crypto/heimdal/lib/hx509/env.c +++ b/crypto/heimdal/lib/hx509/env.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $"); /** * @page page_env Hx509 enviroment functions @@ -40,36 +39,6 @@ RCSID("$Id: env.c 22349 2007-12-26 19:32:49Z lha $"); * See the library functions here: @ref hx509_env */ -struct hx509_env { - struct { - char *key; - char *value; - } *val; - size_t len; -}; - -/** - * Allocate a new hx509_env container object. - * - * @param context A hx509 context. - * @param env return a hx509_env structure, free with hx509_env_free(). - * - * @return An hx509 error code, see hx509_get_error_string(). - * - * @ingroup hx509_env - */ - -int -hx509_env_init(hx509_context context, hx509_env *env) -{ - *env = calloc(1, sizeof(**env)); - if (*env == NULL) { - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); - return ENOMEM; - } - return 0; -} - /** * Add a new key/value pair to the hx509_env. * @@ -84,34 +53,92 @@ hx509_env_init(hx509_context context, hx509_env *env) */ int -hx509_env_add(hx509_context context, hx509_env env, +hx509_env_add(hx509_context context, hx509_env *env, const char *key, const char *value) { - void *ptr; + hx509_env n; - ptr = realloc(env->val, sizeof(env->val[0]) * (env->len + 1)); - if (ptr == NULL) { + n = malloc(sizeof(*n)); + if (n == NULL) { hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } - env->val = ptr; - env->val[env->len].key = strdup(key); - if (env->val[env->len].key == NULL) { - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + + n->type = env_string; + n->next = NULL; + n->name = strdup(key); + if (n->name == NULL) { + free(n); return ENOMEM; } - env->val[env->len].value = strdup(value); - if (env->val[env->len].value == NULL) { - free(env->val[env->len].key); - hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + n->u.string = strdup(value); + if (n->u.string == NULL) { + free(n->name); + free(n); return ENOMEM; } - env->len++; + + /* add to tail */ + if (*env) { + hx509_env e = *env; + while (e->next) + e = e->next; + e->next = n; + } else + *env = n; + return 0; } /** - * Search the hx509_env for a key. + * Add a new key/binding pair to the hx509_env. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to add + * @param list binding list to add + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_env + */ + +int +hx509_env_add_binding(hx509_context context, hx509_env *env, + const char *key, hx509_env list) +{ + hx509_env n; + + n = malloc(sizeof(*n)); + if (n == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + + n->type = env_list; + n->next = NULL; + n->name = strdup(key); + if (n->name == NULL) { + free(n); + return ENOMEM; + } + n->u.list = list; + + /* add to tail */ + if (*env) { + hx509_env e = *env; + while (e->next) + e = e->next; + e->next = n; + } else + *env = n; + + return 0; +} + + +/** + * Search the hx509_env for a length based key. * * @param context A hx509 context. * @param env enviroment to add the enviroment variable too. @@ -127,16 +154,80 @@ const char * hx509_env_lfind(hx509_context context, hx509_env env, const char *key, size_t len) { - size_t i; - - for (i = 0; i < env->len; i++) { - char *s = env->val[i].key; - if (strncmp(key, s, len) == 0 && s[len] == '\0') - return env->val[i].value; + while(env) { + if (strncmp(key, env->name ,len) == 0 + && env->name[len] == '\0' && env->type == env_string) + return env->u.string; + env = env->next; } return NULL; } +/** + * Search the hx509_env for a key. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to search for. + * + * @return the value if the key is found, NULL otherwise. + * + * @ingroup hx509_env + */ + +const char * +hx509_env_find(hx509_context context, hx509_env env, const char *key) +{ + while(env) { + if (strcmp(key, env->name) == 0 && env->type == env_string) + return env->u.string; + env = env->next; + } + return NULL; +} + +/** + * Search the hx509_env for a binding. + * + * @param context A hx509 context. + * @param env enviroment to add the enviroment variable too. + * @param key key to search for. + * + * @return the binding if the key is found, NULL if not found. + * + * @ingroup hx509_env + */ + +hx509_env +hx509_env_find_binding(hx509_context context, + hx509_env env, + const char *key) +{ + while(env) { + if (strcmp(key, env->name) == 0 && env->type == env_list) + return env->u.list; + env = env->next; + } + return NULL; +} + +static void +env_free(hx509_env b) +{ + while(b) { + hx509_env next = b->next; + + if (b->type == env_string) + free(b->u.string); + else if (b->type == env_list) + env_free(b->u.list); + + free(b->name); + free(b); + b = next; + } +} + /** * Free an hx509_env enviroment context. * @@ -148,14 +239,7 @@ hx509_env_lfind(hx509_context context, hx509_env env, void hx509_env_free(hx509_env *env) { - size_t i; - - for (i = 0; i < (*env)->len; i++) { - free((*env)->val[i].key); - free((*env)->val[i].value); - } - free((*env)->val); - free(*env); + if (*env) + env_free(*env); *env = NULL; } - diff --git a/crypto/heimdal/lib/hx509/error.c b/crypto/heimdal/lib/hx509/error.c index 25119ed2883..fc3cf90b325 100644 --- a/crypto/heimdal/lib/hx509/error.c +++ b/crypto/heimdal/lib/hx509/error.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: error.c 22332 2007-12-17 01:03:22Z lha $"); /** * @page page_error Hx509 error reporting functions @@ -68,8 +67,10 @@ free_error_string(hx509_error msg) void hx509_clear_error_string(hx509_context context) { - free_error_string(context->error); - context->error = NULL; + if (context) { + free_error_string(context->error); + context->error = NULL; + } } /** @@ -87,11 +88,14 @@ hx509_clear_error_string(hx509_context context) */ void -hx509_set_error_stringv(hx509_context context, int flags, int code, +hx509_set_error_stringv(hx509_context context, int flags, int code, const char *fmt, va_list ap) { hx509_error msg; + if (context == NULL) + return; + msg = calloc(1, sizeof(*msg)); if (msg == NULL) { hx509_clear_error_string(context); @@ -115,7 +119,7 @@ hx509_set_error_stringv(hx509_context context, int flags, int code, } /** - * See hx509_set_error_stringv(). + * See hx509_set_error_stringv(). * * @param context A hx509 context. * @param flags @@ -172,7 +176,7 @@ hx509_get_error_string(hx509_context context, int error_code) } for (msg = context->error; msg; msg = msg->next) - p = rk_strpoolprintf(p, "%s%s", msg->msg, + p = rk_strpoolprintf(p, "%s%s", msg->msg, msg->next != NULL ? "; " : ""); return rk_strpoolcollect(p); @@ -205,7 +209,7 @@ hx509_free_error_string(char *str) */ void -hx509_err(hx509_context context, int exit_code, +hx509_err(hx509_context context, int exit_code, int error_code, const char *fmt, ...) { va_list ap; diff --git a/crypto/heimdal/lib/hx509/file.c b/crypto/heimdal/lib/hx509/file.c index b076b74f44d..4f7e87f070a 100644 --- a/crypto/heimdal/lib/hx509/file.c +++ b/crypto/heimdal/lib/hx509/file.c @@ -1,47 +1,46 @@ /* - * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$ID$"); int -_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) +_hx509_map_file_os(const char *fn, heim_octet_string *os) { size_t length; void *data; int ret; - ret = _hx509_map_file(fn, &data, &length, rsb); + ret = rk_undumpdata(fn, &data, &length); os->data = data; os->length = length; @@ -52,86 +51,13 @@ _hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) void _hx509_unmap_file_os(heim_octet_string *os) { - _hx509_unmap_file(os->data, os->length); -} - -int -_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb) -{ - struct stat sb; - size_t len; - ssize_t l; - int ret; - void *d; - int fd; - - *data = NULL; - *length = 0; - - fd = open(fn, O_RDONLY); - if (fd < 0) - return errno; - - if (fstat(fd, &sb) < 0) { - ret = errno; - close(fd); - return ret; - } - - len = sb.st_size; - - d = malloc(len); - if (d == NULL) { - close(fd); - return ENOMEM; - } - - l = read(fd, d, len); - close(fd); - if (l < 0 || l != len) { - free(d); - return EINVAL; - } - - if (rsb) - *rsb = sb; - *data = d; - *length = len; - return 0; -} - -void -_hx509_unmap_file(void *data, size_t len) -{ - free(data); + rk_xfree(os->data); } int _hx509_write_file(const char *fn, const void *data, size_t length) { - ssize_t sz; - const unsigned char *p = data; - int fd; - - fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644); - if (fd < 0) - return errno; - - do { - sz = write(fd, p, length); - if (sz < 0) { - int saved_errno = errno; - close(fd); - return saved_errno; - } - if (sz == 0) - break; - length -= sz; - } while (length > 0); - - if (close(fd) == -1) - return errno; - + rk_dumpdata(fn, data, length); return 0; } @@ -140,13 +66,13 @@ _hx509_write_file(const char *fn, const void *data, size_t length) */ static void -header(FILE *f, const char *type, const char *str) +print_pem_stamp(FILE *f, const char *type, const char *str) { fprintf(f, "-----%s %s-----\n", type, str); } int -hx509_pem_write(hx509_context context, const char *type, +hx509_pem_write(hx509_context context, const char *type, hx509_pem_header *headers, FILE *f, const void *data, size_t size) { @@ -155,11 +81,11 @@ hx509_pem_write(hx509_context context, const char *type, char *line; #define ENCODE_LINE_LENGTH 54 - - header(f, "BEGIN", type); + + print_pem_stamp(f, "BEGIN", type); while (headers) { - fprintf(f, "%s: %s\n%s", + fprintf(f, "%s: %s\n%s", headers->header, headers->value, headers->next ? "" : "\n"); headers = headers->next; @@ -167,11 +93,11 @@ hx509_pem_write(hx509_context context, const char *type, while (size > 0) { ssize_t l; - + length = size; if (length > ENCODE_LINE_LENGTH) length = ENCODE_LINE_LENGTH; - + l = base64_encode(p, length, &line); if (l < 0) { hx509_set_error_string(context, 0, ENOMEM, @@ -184,7 +110,7 @@ hx509_pem_write(hx509_context context, const char *type, free(line); } - header(f, "END", type); + print_pem_stamp(f, "END", type); return 0; } @@ -194,7 +120,7 @@ hx509_pem_write(hx509_context context, const char *type, */ int -hx509_pem_add_header(hx509_pem_header **headers, +hx509_pem_add_header(hx509_pem_header **headers, const char *header, const char *value) { hx509_pem_header *h; @@ -255,7 +181,7 @@ hx509_pem_find_header(const hx509_pem_header *h, const char *header) int hx509_pem_read(hx509_context context, - FILE *f, + FILE *f, hx509_pem_read_func func, void *ctx) { @@ -285,7 +211,7 @@ hx509_pem_read(hx509_context context, if (i > 0) i--; } - + switch (where) { case BEFORE: if (strncmp("-----BEGIN ", buf, 11) == 0) { @@ -334,7 +260,7 @@ hx509_pem_read(hx509_context context, free(p); goto out; } - + data = erealloc(data, len + i); memcpy(((char *)data) + len, p, i); free(p); diff --git a/crypto/heimdal/lib/hx509/hx509-private.h b/crypto/heimdal/lib/hx509/hx509-private.h index 67bb843df59..60891f27fca 100644 --- a/crypto/heimdal/lib/hx509/hx509-private.h +++ b/crypto/heimdal/lib/hx509/hx509-private.h @@ -30,7 +30,7 @@ void _hx509_abort ( const char */*fmt*/, ...) - __attribute__ ((noreturn, format (printf, 1, 2))); + __attribute__ ((noreturn, format (printf, 1, 2))); int _hx509_calculate_path ( @@ -83,20 +83,18 @@ _hx509_cert_private_key (hx509_cert /*p*/); int _hx509_cert_private_key_exportable (hx509_cert /*p*/); -int -_hx509_cert_public_encrypt ( - hx509_context /*context*/, - const heim_octet_string */*cleartext*/, - const hx509_cert /*p*/, - heim_oid */*encryption_oid*/, - heim_octet_string */*ciphertext*/); - void _hx509_cert_set_release ( hx509_cert /*cert*/, _hx509_cert_release_func /*release*/, void */*ctx*/); +int +_hx509_cert_to_env ( + hx509_context /*context*/, + hx509_cert /*cert*/, + hx509_env */*env*/); + int _hx509_certs_keys_add ( hx509_context /*context*/, @@ -114,9 +112,6 @@ _hx509_certs_keys_get ( hx509_certs /*certs*/, hx509_private_key **/*keys*/); -hx509_certs -_hx509_certs_ref (hx509_certs /*certs*/); - int _hx509_check_key_usage ( hx509_context /*context*/, @@ -181,6 +176,18 @@ _hx509_create_signature_bitstring ( AlgorithmIdentifier */*signatureAlgorithm*/, heim_bit_string */*sig*/); +int +_hx509_expr_eval ( + hx509_context /*context*/, + hx509_env /*env*/, + struct hx_expr */*expr*/); + +void +_hx509_expr_free (struct hx_expr */*expr*/); + +struct hx_expr * +_hx509_expr_parse (const char */*buf*/); + int _hx509_find_extension_subject_key_id ( const Certificate */*issuer*/, @@ -253,33 +260,33 @@ _hx509_lock_get_passwords (hx509_lock /*lock*/); hx509_certs _hx509_lock_unlock_certs (hx509_lock /*lock*/); -int -_hx509_map_file ( - const char */*fn*/, - void **/*data*/, - size_t */*length*/, - struct stat */*rsb*/); +struct hx_expr * +_hx509_make_expr ( + enum hx_expr_op /*op*/, + void */*arg1*/, + void */*arg2*/); int _hx509_map_file_os ( const char */*fn*/, - heim_octet_string */*os*/, - struct stat */*rsb*/); + heim_octet_string */*os*/); int _hx509_match_keys ( hx509_cert /*c*/, - hx509_private_key /*private_key*/); + hx509_private_key /*key*/); int _hx509_name_cmp ( const Name */*n1*/, - const Name */*n2*/); + const Name */*n2*/, + int */*c*/); int _hx509_name_ds_cmp ( const DirectoryString */*ds1*/, - const DirectoryString */*ds2*/); + const DirectoryString */*ds2*/, + int */*diff*/); int _hx509_name_from_Name ( @@ -294,14 +301,6 @@ _hx509_name_modify ( const heim_oid */*oid*/, const char */*str*/); -int -_hx509_parse_private_key ( - hx509_context /*context*/, - const heim_oid */*key_oid*/, - const void */*data*/, - size_t /*len*/, - hx509_private_key */*private_key*/); - int _hx509_path_append ( hx509_context /*context*/, @@ -334,55 +333,28 @@ _hx509_pi_printf ( const char */*fmt*/, ...); -int -_hx509_private_key2SPKI ( - hx509_context /*context*/, - hx509_private_key /*private_key*/, - SubjectPublicKeyInfo */*spki*/); - -void -_hx509_private_key_assign_rsa ( - hx509_private_key /*key*/, - void */*ptr*/); - int _hx509_private_key_export ( hx509_context /*context*/, const hx509_private_key /*key*/, + hx509_key_format_t /*format*/, heim_octet_string */*data*/); int _hx509_private_key_exportable (hx509_private_key /*key*/); -int -_hx509_private_key_free (hx509_private_key */*key*/); - BIGNUM * _hx509_private_key_get_internal ( hx509_context /*context*/, hx509_private_key /*key*/, const char */*type*/); -int -_hx509_private_key_init ( - hx509_private_key */*key*/, - hx509_private_key_ops */*ops*/, - void */*keydata*/); - int _hx509_private_key_oid ( hx509_context /*context*/, const hx509_private_key /*key*/, heim_oid */*data*/); -int -_hx509_private_key_private_decrypt ( - hx509_context /*context*/, - const heim_octet_string */*ciphertext*/, - const heim_oid */*encryption_oid*/, - hx509_private_key /*p*/, - heim_octet_string */*cleartext*/); - hx509_private_key _hx509_private_key_ref (hx509_private_key /*key*/); @@ -430,26 +402,6 @@ _hx509_request_add_email ( hx509_request /*req*/, const char */*email*/); -void -_hx509_request_free (hx509_request */*req*/); - -int -_hx509_request_get_SubjectPublicKeyInfo ( - hx509_context /*context*/, - hx509_request /*req*/, - SubjectPublicKeyInfo */*key*/); - -int -_hx509_request_get_name ( - hx509_context /*context*/, - hx509_request /*req*/, - hx509_name */*name*/); - -int -_hx509_request_init ( - hx509_context /*context*/, - hx509_request */*req*/); - int _hx509_request_parse ( hx509_context /*context*/, @@ -462,18 +414,6 @@ _hx509_request_print ( hx509_request /*req*/, FILE */*f*/); -int -_hx509_request_set_SubjectPublicKeyInfo ( - hx509_context /*context*/, - hx509_request /*req*/, - const SubjectPublicKeyInfo */*key*/); - -int -_hx509_request_set_name ( - hx509_context /*context*/, - hx509_request /*req*/, - hx509_name /*name*/); - int _hx509_request_to_pkcs10 ( hx509_context /*context*/, @@ -484,6 +424,14 @@ _hx509_request_to_pkcs10 ( hx509_revoke_ctx _hx509_revoke_ref (hx509_revoke_ctx /*ctx*/); +void +_hx509_sel_yyerror (const char */*s*/); + +int +_hx509_self_signed_valid ( + hx509_context /*context*/, + const AlgorithmIdentifier */*alg*/); + int _hx509_set_cert_attribute ( hx509_context /*context*/, @@ -491,10 +439,11 @@ _hx509_set_cert_attribute ( const heim_oid */*oid*/, const heim_octet_string */*attr*/); -void -_hx509_unmap_file ( - void */*data*/, - size_t /*len*/); +int +_hx509_signature_best_before ( + hx509_context /*context*/, + const AlgorithmIdentifier */*alg*/, + time_t /*t*/); void _hx509_unmap_file_os (heim_octet_string */*os*/); @@ -504,10 +453,13 @@ _hx509_unparse_Name ( const Name */*aname*/, char **/*str*/); +time_t +_hx509_verify_get_time (hx509_verify_ctx /*ctx*/); + int _hx509_verify_signature ( hx509_context /*context*/, - const Certificate */*signer*/, + const hx509_cert /*cert*/, const AlgorithmIdentifier */*alg*/, const heim_octet_string */*data*/, const heim_octet_string */*sig*/); @@ -515,7 +467,7 @@ _hx509_verify_signature ( int _hx509_verify_signature_bitstring ( hx509_context /*context*/, - const Certificate */*signer*/, + const hx509_cert /*signer*/, const AlgorithmIdentifier */*alg*/, const heim_octet_string */*data*/, const heim_bit_string */*sig*/); diff --git a/crypto/heimdal/lib/hx509/hx509-protos.h b/crypto/heimdal/lib/hx509/hx509-protos.h index 50ce1b3df17..d03c7767e54 100644 --- a/crypto/heimdal/lib/hx509/hx509-protos.h +++ b/crypto/heimdal/lib/hx509/hx509-protos.h @@ -8,14 +8,19 @@ extern "C" { #endif +#ifndef HX509_LIB #ifndef HX509_LIB_FUNCTION #if defined(_WIN32) -#define HX509_LIB_FUNCTION _stdcall +#define HX509_LIB_FUNCTION __declspec(dllimport) +#define HX509_LIB_CALL __stdcall +#define HX509_LIB_VARIABLE __declspec(dllimport) #else #define HX509_LIB_FUNCTION +#define HX509_LIB_CALL +#define HX509_LIB_VARIABLE +#endif #endif #endif - void hx509_bitstring_print ( const heim_bit_string */*b*/, @@ -154,6 +159,13 @@ hx509_ca_tbs_set_template ( int /*flags*/, hx509_cert /*cert*/); +int +hx509_ca_tbs_set_unique ( + hx509_context /*context*/, + hx509_ca_tbs /*tbs*/, + const heim_bit_string */*subjectUniqueID*/, + const heim_bit_string */*issuerUniqueID*/); + int hx509_ca_tbs_subject_expand ( hx509_context /*context*/, @@ -222,6 +234,12 @@ hx509_cert_get_issuer ( hx509_cert /*p*/, hx509_name */*name*/); +int +hx509_cert_get_issuer_unique_id ( + hx509_context /*context*/, + hx509_cert /*p*/, + heim_bit_string */*issuer*/); + time_t hx509_cert_get_notAfter (hx509_cert /*p*/); @@ -238,6 +256,12 @@ hx509_cert_get_subject ( hx509_cert /*p*/, hx509_name */*name*/); +int +hx509_cert_get_subject_unique_id ( + hx509_context /*context*/, + hx509_cert /*p*/, + heim_bit_string */*subject*/); + int hx509_cert_have_private_key (hx509_cert /*p*/); @@ -260,6 +284,14 @@ hx509_cert_keyusage_print ( hx509_cert /*c*/, char **/*s*/); +int +hx509_cert_public_encrypt ( + hx509_context /*context*/, + const heim_octet_string */*cleartext*/, + const hx509_cert /*p*/, + heim_oid */*encryption_oid*/, + heim_octet_string */*ciphertext*/); + hx509_cert hx509_cert_ref (hx509_cert /*cert*/); @@ -287,6 +319,13 @@ hx509_certs_end_seq ( hx509_certs /*certs*/, hx509_cursor /*cursor*/); +int +hx509_certs_filter ( + hx509_context /*context*/, + hx509_certs /*certs*/, + const hx509_query */*q*/, + hx509_certs */*result*/); + int hx509_certs_find ( hx509_context /*context*/, @@ -312,8 +351,16 @@ hx509_certs_init ( hx509_lock /*lock*/, hx509_certs */*certs*/); +#ifdef __BLOCKS__ int hx509_certs_iter ( + hx509_context /*context*/, + hx509_certs /*certs*/, + int (^func)(hx509_cert)); +#endif /* __BLOCKS__ */ + +int +hx509_certs_iter_f ( hx509_context /*context*/, hx509_certs /*certs*/, int (*/*func*/)(hx509_context, void *, hx509_cert), @@ -332,6 +379,9 @@ hx509_certs_next_cert ( hx509_cursor /*cursor*/, hx509_cert */*cert*/); +hx509_certs +hx509_certs_ref (hx509_certs /*certs*/); + int hx509_certs_start_seq ( hx509_context /*context*/, @@ -354,6 +404,20 @@ hx509_ci_print_names ( void hx509_clear_error_string (hx509_context /*context*/); +int +hx509_cms_create_signed ( + hx509_context /*context*/, + int /*flags*/, + const heim_oid */*eContentType*/, + const void */*data*/, + size_t /*length*/, + const AlgorithmIdentifier */*digest_alg*/, + hx509_certs /*certs*/, + hx509_peer_info /*peer*/, + hx509_certs /*anchors*/, + hx509_certs /*pool*/, + heim_octet_string */*signed_data*/); + int hx509_cms_create_signed_1 ( hx509_context /*context*/, @@ -396,6 +460,7 @@ hx509_cms_unenvelope ( const void */*data*/, size_t /*length*/, const heim_octet_string */*encryptedContent*/, + time_t /*time_now*/, heim_oid */*contentType*/, heim_octet_string */*content*/); @@ -410,6 +475,7 @@ int hx509_cms_verify_signed ( hx509_context /*context*/, hx509_verify_ctx /*ctx*/, + unsigned int /*flags*/, const void */*data*/, size_t /*length*/, const heim_octet_string */*signedContent*/, @@ -470,6 +536,9 @@ hx509_crypto_aes128_cbc (void); const AlgorithmIdentifier * hx509_crypto_aes256_cbc (void); +void +hx509_crypto_allow_weak (hx509_crypto /*crypto*/); + int hx509_crypto_available ( hx509_context /*context*/, @@ -549,6 +618,11 @@ hx509_crypto_set_key_name ( hx509_crypto /*crypto*/, const char */*name*/); +void +hx509_crypto_set_padding ( + hx509_crypto /*crypto*/, + int /*padding_type*/); + int hx509_crypto_set_params ( hx509_context /*context*/, @@ -564,18 +638,32 @@ hx509_crypto_set_random_key ( int hx509_env_add ( hx509_context /*context*/, - hx509_env /*env*/, + hx509_env */*env*/, const char */*key*/, const char */*value*/); +int +hx509_env_add_binding ( + hx509_context /*context*/, + hx509_env */*env*/, + const char */*key*/, + hx509_env /*list*/); + +const char * +hx509_env_find ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/); + +hx509_env +hx509_env_find_binding ( + hx509_context /*context*/, + hx509_env /*env*/, + const char */*key*/); + void hx509_env_free (hx509_env */*env*/); -int -hx509_env_init ( - hx509_context /*context*/, - hx509_env */*env*/); - const char * hx509_env_lfind ( hx509_context /*context*/, @@ -591,6 +679,9 @@ hx509_err ( const char */*fmt*/, ...); +hx509_private_key_ops * +hx509_find_private_alg (const heim_oid */*oid*/); + void hx509_free_error_string (char */*str*/); @@ -745,6 +836,21 @@ hx509_parse_name ( const char */*str*/, hx509_name */*name*/); +int +hx509_parse_private_key ( + hx509_context /*context*/, + const AlgorithmIdentifier */*keyai*/, + const void */*data*/, + size_t /*len*/, + hx509_key_format_t /*format*/, + hx509_private_key */*private_key*/); + +int +hx509_peer_info_add_cms_alg ( + hx509_context /*context*/, + hx509_peer_info /*peer*/, + const AlgorithmIdentifier */*val*/); + int hx509_peer_info_alloc ( hx509_context /*context*/, @@ -795,12 +901,46 @@ hx509_pem_write ( const void */*data*/, size_t /*size*/); +int +hx509_print_cert ( + hx509_context /*context*/, + hx509_cert /*cert*/, + FILE */*out*/); + void hx509_print_stdout ( void */*ctx*/, const char */*fmt*/, va_list /*va*/); +int +hx509_private_key2SPKI ( + hx509_context /*context*/, + hx509_private_key /*private_key*/, + SubjectPublicKeyInfo */*spki*/); + +void +hx509_private_key_assign_rsa ( + hx509_private_key /*key*/, + void */*ptr*/); + +int +hx509_private_key_free (hx509_private_key */*key*/); + +int +hx509_private_key_init ( + hx509_private_key */*key*/, + hx509_private_key_ops */*ops*/, + void */*keydata*/); + +int +hx509_private_key_private_decrypt ( + hx509_context /*context*/, + const heim_octet_string */*ciphertext*/, + const heim_oid */*encryption_oid*/, + hx509_private_key /*p*/, + heim_octet_string */*cleartext*/); + int hx509_prompt_hidden (hx509_prompt_type /*type*/); @@ -817,9 +957,20 @@ hx509_query_free ( int hx509_query_match_cmp_func ( hx509_query */*q*/, - int (*/*func*/)(void *, hx509_cert), + int (*/*func*/)(hx509_context, hx509_cert, void *), void */*ctx*/); +int +hx509_query_match_eku ( + hx509_query */*q*/, + const heim_oid */*eku*/); + +int +hx509_query_match_expr ( + hx509_context /*context*/, + hx509_query */*q*/, + const char */*expr*/); + int hx509_query_match_friendly_name ( hx509_query */*q*/, @@ -847,6 +998,38 @@ hx509_query_unparse_stats ( int /*printtype*/, FILE */*out*/); +void +hx509_request_free (hx509_request */*req*/); + +int +hx509_request_get_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + SubjectPublicKeyInfo */*key*/); + +int +hx509_request_get_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name */*name*/); + +int +hx509_request_init ( + hx509_context /*context*/, + hx509_request */*req*/); + +int +hx509_request_set_SubjectPublicKeyInfo ( + hx509_context /*context*/, + hx509_request /*req*/, + const SubjectPublicKeyInfo */*key*/); + +int +hx509_request_set_name ( + hx509_context /*context*/, + hx509_request /*req*/, + hx509_name /*name*/); + int hx509_revoke_add_crl ( hx509_context /*context*/, @@ -899,7 +1082,13 @@ hx509_set_error_stringv ( va_list /*ap*/); const AlgorithmIdentifier * -hx509_signature_md2 (void); +hx509_signature_ecPublicKey (void); + +const AlgorithmIdentifier * +hx509_signature_ecdsa_with_sha1 (void); + +const AlgorithmIdentifier * +hx509_signature_ecdsa_with_sha256 (void); const AlgorithmIdentifier * hx509_signature_md5 (void); @@ -910,9 +1099,6 @@ hx509_signature_rsa (void); const AlgorithmIdentifier * hx509_signature_rsa_pkcs1_x509 (void); -const AlgorithmIdentifier * -hx509_signature_rsa_with_md2 (void); - const AlgorithmIdentifier * hx509_signature_rsa_with_md5 (void); @@ -981,6 +1167,11 @@ hx509_verify_attach_revoke ( hx509_verify_ctx /*ctx*/, hx509_revoke_ctx /*revoke_ctx*/); +void +hx509_verify_ctx_f_allow_best_before_signature_algs ( + hx509_context /*ctx*/, + int /*boolean*/); + void hx509_verify_ctx_f_allow_default_trustanchors ( hx509_verify_ctx /*ctx*/, @@ -1042,6 +1233,9 @@ hx509_verify_signature ( void hx509_xfree (void */*ptr*/); +int +yywrap (void); + #ifdef __cplusplus } #endif diff --git a/crypto/heimdal/lib/hx509/hx509.h b/crypto/heimdal/lib/hx509/hx509.h index be02f634749..3954b54b1c0 100644 --- a/crypto/heimdal/lib/hx509/hx509.h +++ b/crypto/heimdal/lib/hx509/hx509.h @@ -1,37 +1,44 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: hx509.h 22464 2008-01-16 14:24:50Z lha $ */ +/* $Id$ */ + +#ifndef HEIMDAL_HX509_H +#define HEIMDAL_HX509_H 1 + +#include +#include +#include typedef struct hx509_cert_attribute_data *hx509_cert_attribute; typedef struct hx509_cert_data *hx509_cert; @@ -41,6 +48,7 @@ typedef struct hx509_crypto_data *hx509_crypto; typedef struct hx509_lock_data *hx509_lock; typedef struct hx509_name_data *hx509_name; typedef struct hx509_private_key *hx509_private_key; +typedef struct hx509_private_key_ops hx509_private_key_ops; typedef struct hx509_validate_ctx_data *hx509_validate_ctx; typedef struct hx509_verify_ctx_data *hx509_verify_ctx; typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx; @@ -50,7 +58,7 @@ typedef struct hx509_request_data *hx509_request; typedef struct hx509_error_data *hx509_error; typedef struct hx509_peer_info *hx509_peer_info; typedef struct hx509_ca_tbs *hx509_ca_tbs; -typedef struct hx509_env *hx509_env; +typedef struct hx509_env_data *hx509_env; typedef struct hx509_crl *hx509_crl; typedef void (*hx509_vprint_func)(void *, const char *, va_list); @@ -64,6 +72,18 @@ enum { HX509_VALIDATE_F_VERBOSE = 2 }; +enum { + HX509_CRYPTO_PADDING_PKCS7 = 0, + HX509_CRYPTO_PADDING_NONE = 1 +}; + +enum { + HX509_KEY_FORMAT_GUESS = 0, + HX509_KEY_FORMAT_DER = 1, + HX509_KEY_FORMAT_WIN_BACKUPKEY = 2 +}; +typedef uint32_t hx509_key_format_t; + struct hx509_cert_attribute_data { heim_oid oid; heim_octet_string data; @@ -118,6 +138,18 @@ typedef enum { /* flags to hx509_cms_unenvelope */ #define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01 +#define HX509_CMS_UE_ALLOW_WEAK 0x02 + +/* flags to hx509_cms_envelope_1 */ +#define HX509_CMS_EV_NO_KU_CHECK 0x01 +#define HX509_CMS_EV_ALLOW_WEAK 0x02 +#define HX509_CMS_EV_ID_NAME 0x04 + +/* flags to hx509_cms_verify_signed */ +#define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01 +#define HX509_CMS_VS_NO_KU_CHECK 0x02 +#define HX509_CMS_VS_ALLOW_ZERO_SIGNER 0x04 +#define HX509_CMS_VS_NO_VALIDATE 0x08 /* selectors passed to hx509_crypto_select and hx509_crypto_available */ #define HX509_SELECT_ALL 0 @@ -136,8 +168,11 @@ typedef enum { #define HX509_CA_TEMPLATE_EKU 64 /* flags hx509_cms_create_signed* */ -#define HX509_CMS_SIGATURE_DETACHED 1 -#define HX509_CMS_SIGATURE_ID_NAME 2 +#define HX509_CMS_SIGNATURE_DETACHED 0x01 +#define HX509_CMS_SIGNATURE_ID_NAME 0x02 +#define HX509_CMS_SIGNATURE_NO_SIGNER 0x04 +#define HX509_CMS_SIGNATURE_LEAF_ONLY 0x08 +#define HX509_CMS_SIGNATURE_NO_CERTS 0x10 /* hx509_verify_hostname nametype */ typedef enum { @@ -146,3 +181,6 @@ typedef enum { } hx509_hostname_type; #include +#include + +#endif /* HEIMDAL_HX509_H */ diff --git a/crypto/heimdal/lib/hx509/hx509_err.et b/crypto/heimdal/lib/hx509/hx509_err.et index 8fc5cb8f2f7..6225f125fb2 100644 --- a/crypto/heimdal/lib/hx509/hx509_err.et +++ b/crypto/heimdal/lib/hx509/hx509_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: hx509_err.et 22329 2007-12-15 05:13:14Z lha $" +id "$Id$" error_table hx prefix HX509 @@ -62,9 +62,11 @@ error_code OID_MISMATCH, "Mismatch bewteen oids" error_code NO_PROMPTER, "No prompter function defined" error_code SIGNATURE_WITHOUT_SIGNER, "Signature require signer, but non available" error_code RSA_PUBLIC_ENCRYPT, "RSA public encyption failed" -error_code RSA_PRIVATE_ENCRYPT, "RSA public encyption failed" -error_code RSA_PUBLIC_DECRYPT, "RSA private decryption failed" +error_code RSA_PRIVATE_ENCRYPT, "RSA private encyption failed" +error_code RSA_PUBLIC_DECRYPT, "RSA public decryption failed" error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed" +error_code ALGORITHM_BEST_BEFORE, "Algorithm has passed its best before date" +error_code KEY_FORMAT_UNSUPPORTED, "Key format is unsupported" # revoke related errors index 96 diff --git a/crypto/heimdal/lib/hx509/hx_locl.h b/crypto/heimdal/lib/hx509/hx_locl.h index 145bfcc006d..a0a5235c758 100644 --- a/crypto/heimdal/lib/hx509/hx_locl.h +++ b/crypto/heimdal/lib/hx509/hx_locl.h @@ -1,54 +1,57 @@ /* - * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: hx_locl.h 21083 2007-06-13 02:11:19Z lha $ */ +/* $Id$ */ -#ifdef HAVE_CONFIG_H #include -#endif #include #include #include #include +#ifdef HAVE_STRINGS_H #include +#endif #include #include #include +#include + +#include + #include #include #include -#include #include #include #include @@ -67,6 +70,7 @@ #include +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" struct hx509_keyset_ops; @@ -78,7 +82,8 @@ typedef struct hx509_path hx509_path; typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *); -typedef struct hx509_private_key_ops hx509_private_key_ops; + +#include "sel.h" #include #include @@ -128,7 +133,9 @@ struct hx509_query_data { #define HX509_QUERY_MATCH_FUNCTION 0x080000 #define HX509_QUERY_MATCH_KEY_HASH_SHA1 0x100000 #define HX509_QUERY_MATCH_TIME 0x200000 -#define HX509_QUERY_MASK 0x3fffff +#define HX509_QUERY_MATCH_EKU 0x400000 +#define HX509_QUERY_MATCH_EXPR 0x800000 +#define HX509_QUERY_MASK 0xffffff Certificate *subject; Certificate *certificate; heim_integer *serial; @@ -138,26 +145,28 @@ struct hx509_query_data { Name *subject_name; hx509_path *path; char *friendlyname; - int (*cmp_func)(void *, hx509_cert); + int (*cmp_func)(hx509_context, hx509_cert, void *); void *cmp_func_ctx; heim_octet_string *keyhash_sha1; time_t timenow; + heim_oid *eku; + struct hx_expr *expr; }; struct hx509_keyset_ops { const char *name; int flags; - int (*init)(hx509_context, hx509_certs, void **, + int (*init)(hx509_context, hx509_certs, void **, int, const char *, hx509_lock); int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock); int (*free)(hx509_certs, void *); int (*add)(hx509_context, hx509_certs, void *, hx509_cert); - int (*query)(hx509_context, hx509_certs, void *, + int (*query)(hx509_context, hx509_certs, void *, const hx509_query *, hx509_cert *); int (*iter_start)(hx509_context, hx509_certs, void *, void **); int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *); int (*iter_end)(hx509_context, hx509_certs, void *, void *); - int (*printinfo)(hx509_context, hx509_certs, + int (*printinfo)(hx509_context, hx509_certs, void *, int (*)(void *, const char *), void *); int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **); int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key); @@ -186,6 +195,18 @@ struct hx509_context_data { /* _hx509_calculate_path flag field */ #define HX509_CALCULATE_PATH_NO_ANCHOR 1 +/* environment */ +struct hx509_env_data { + enum { env_string, env_list } type; + char *name; + struct hx509_env_data *next; + union { + char *string; + struct hx509_env_data *list; + } u; +}; + + extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg; extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg; extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg; diff --git a/crypto/heimdal/lib/hx509/hxtool-commands.in b/crypto/heimdal/lib/hx509/hxtool-commands.in index b648ecf584a..ab517224ecd 100644 --- a/crypto/heimdal/lib/hx509/hxtool-commands.in +++ b/crypto/heimdal/lib/hx509/hxtool-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,10 +30,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: hxtool-commands.in 21343 2007-06-26 14:21:55Z lha $ */ +/* $Id$ */ command = { name = "cms-create-sd" + name = "cms-sign" option = { long = "certificate" short = "c" @@ -93,12 +94,27 @@ command = { type = "flag" help = "create a detached signature" } + option = { + long = "signer" + type = "-flag" + help = "do not sign" + } option = { long = "id-by-name" type = "flag" help = "use subject name for CMS Identifier" } - min_args="2" + option = { + long = "embedded-certs" + type = "-flag" + help = "dont embedded certficiates" + } + option = { + long = "embed-leaf-only" + type = "flag" + help = "only embed leaf certificate" + } + min_args="1" max_args="2" argument="in-file out-file" help = "Wrap a file within a SignedData object" @@ -107,6 +123,7 @@ command = { name = "cms-verify-sd" option = { long = "anchors" + short = "D" type = "strings" argument = "certificate-store" help = "trust anchors" @@ -134,14 +151,29 @@ command = { type = "flag" help = "unwrap in-data that's in a ContentInfo" } + option = { + long = "pem" + type = "flag" + help = "unwrap in-data from PEM armor" + } + option = { + long = "signer-allowed" + type = "-flag" + help = "allow no signer" + } + option = { + long = "allow-wrong-oid" + type = "flag" + help = "allow wrong oid flag" + } option = { long = "signed-content" type = "string" help = "file containing content" } - min_args="2" + min_args="1" max_args="2" - argument="in-file out-file" + argument="in-file [out-file]" help = "Verify a file within a SignedData object" } command = { @@ -164,6 +196,11 @@ command = { type = "flag" help = "wrapped out-data in a ContentInfo" } + option = { + long = "allow-weak-crypto" + type = "flag" + help = "allow weak crypto" + } min_args="2" argument="in-file out-file" help = "Unenvelope a file containing a EnvelopedData object" @@ -201,6 +238,11 @@ command = { type = "flag" help = "wrapped out-data in a ContentInfo" } + option = { + long = "allow-weak-crypto" + type = "flag" + help = "allow weak crypto" + } min_args="2" argument="in-file out-file" help = "Envelope a file containing a EnvelopedData object" @@ -262,6 +304,11 @@ command = { type = "flag" help = "print the content of the certificates" } + option = { + long = "never-fail" + type = "flag" + help = "never fail with an error code" + } option = { long = "info" type = "flag" @@ -437,6 +484,18 @@ command = { argument = "name" help = "match on friendly name" } + option = { + long = "eku" + type = "string" + argument = "oid-string" + help = "match on EKU" + } + option = { + long = "expr" + type = "string" + argument = "expression" + help = "match on expression" + } option = { long = "keyEncipherment" type = "flag" @@ -557,7 +616,7 @@ command = { option = { long = "type" type = "strings" - help = "Type of certificate to issue" + help = "Types of certificate to issue (can be used more then once)" } option = { long = "lifetime" diff --git a/crypto/heimdal/lib/hx509/hxtool.c b/crypto/heimdal/lib/hx509/hxtool.c index 55410b1da75..4bd467f4284 100644 --- a/crypto/heimdal/lib/hx509/hxtool.c +++ b/crypto/heimdal/lib/hx509/hxtool.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: hxtool.c 22333 2007-12-17 01:03:43Z lha $"); #include #include +#include #include static hx509_context context; @@ -45,9 +45,9 @@ static int version_flag; static int help_flag; struct getargs args[] = { - { "statistic-file", 0, arg_string, &stat_file_string }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "statistic-file", 0, arg_string, &stat_file_string, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -70,7 +70,7 @@ lock_strings(hx509_lock lock, getarg_strings *pass) for (i = 0; i < pass->num_strings; i++) { int ret = hx509_lock_command_string(lock, pass->strings[i]); if (ret) - errx(1, "hx509_lock_command_string: %s: %d", + errx(1, "hx509_lock_command_string: %s: %d", pass->strings[i], ret); } } @@ -80,15 +80,15 @@ lock_strings(hx509_lock lock, getarg_strings *pass) */ static void -certs_strings(hx509_context context, const char *type, hx509_certs certs, +certs_strings(hx509_context contextp, const char *type, hx509_certs certs, hx509_lock lock, const getarg_strings *s) { int i, ret; for (i = 0; i < s->num_strings; i++) { - ret = hx509_certs_append(context, certs, lock, s->strings[i]); + ret = hx509_certs_append(contextp, certs, lock, s->strings[i]); if (ret) - hx509_err(context, 1, ret, + hx509_err(contextp, 1, ret, "hx509_certs_append: %s %s", type, s->strings[i]); } } @@ -114,33 +114,63 @@ parse_oid(const char *str, const heim_oid *def, heim_oid *oid) */ static void -peer_strings(hx509_context context, - hx509_peer_info *peer, +peer_strings(hx509_context contextp, + hx509_peer_info *peer, const getarg_strings *s) { AlgorithmIdentifier *val; int ret, i; - - ret = hx509_peer_info_alloc(context, peer); + + ret = hx509_peer_info_alloc(contextp, peer); if (ret) - hx509_err(context, 1, ret, "hx509_peer_info_alloc"); - + hx509_err(contextp, 1, ret, "hx509_peer_info_alloc"); + val = calloc(s->num_strings, sizeof(*val)); if (val == NULL) err(1, "malloc"); for (i = 0; i < s->num_strings; i++) parse_oid(s->strings[i], NULL, &val[i].algorithm); - - ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings); + + ret = hx509_peer_info_set_cms_algs(contextp, *peer, val, s->num_strings); if (ret) - hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs"); + hx509_err(contextp, 1, ret, "hx509_peer_info_set_cms_algs"); for (i = 0; i < s->num_strings; i++) free_AlgorithmIdentifier(&val[i]); free(val); } +/* + * + */ + +struct pem_data { + heim_octet_string *os; + int detached_data; +}; + +static int +pem_reader(hx509_context contextp, const char *type, + const hx509_pem_header *headers, + const void *data , size_t length, void *ctx) +{ + struct pem_data *p = (struct pem_data *)ctx; + const char *h; + + p->os->data = malloc(length); + if (p->os->data == NULL) + return ENOMEM; + memcpy(p->os->data, data, length); + p->os->length = length; + + h = hx509_pem_find_header(headers, "Content-disposition"); + if (h && strcasecmp(h, "detached") == 0) + p->detached_data = 1; + + return 0; +} + /* * */ @@ -155,10 +185,10 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) hx509_certs signers = NULL; hx509_certs anchors = NULL; hx509_lock lock; - int ret; + int ret, flags = 0; size_t sz; - void *p; + void *p = NULL; if (opt->missing_revoke_flag) hx509_context_set_missing_revoke(context, 1); @@ -166,27 +196,66 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - ret = _hx509_map_file(argv[0], &p, &sz, NULL); - if (ret) - err(1, "map_file: %s: %d", argv[0], ret); - - if (opt->signed_content_string) { - ret = _hx509_map_file_os(opt->signed_content_string, &signeddata, NULL); - if (ret) - err(1, "map_file: %s: %d", opt->signed_content_string, ret); - sd = &signeddata; - } - ret = hx509_verify_init_ctx(context, &ctx); + if (ret) + hx509_err(context, 1, ret, "hx509_verify_init_ctx"); ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors); + if (ret) + hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); + if (ret) + hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings); certs_strings(context, "store", store, lock, &opt->certificate_strings); - co.data = p; - co.length = sz; + if (opt->pem_flag) { + struct pem_data pd; + FILE *f; + + pd.os = &co; + pd.detached_data = 0; + + f = fopen(argv[0], "r"); + if (f == NULL) + err(1, "Failed to open file %s", argv[0]); + + ret = hx509_pem_read(context, f, pem_reader, &pd); + fclose(f); + if (ret) + errx(1, "PEM reader failed: %d", ret); + + if (pd.detached_data && opt->signed_content_string == NULL) { + char *r = strrchr(argv[0], '.'); + if (r && strcasecmp(r, ".pem") == 0) { + char *s = strdup(argv[0]); + if (s == NULL) + errx(1, "malloc: out of memory"); + s[r - argv[0]] = '\0'; + ret = _hx509_map_file_os(s, &signeddata); + if (ret) + errx(1, "map_file: %s: %d", s, ret); + free(s); + sd = &signeddata; + } + } + + } else { + ret = rk_undumpdata(argv[0], &p, &sz); + if (ret) + err(1, "map_file: %s: %d", argv[0], ret); + + co.data = p; + co.length = sz; + } + + if (opt->signed_content_string) { + ret = _hx509_map_file_os(opt->signed_content_string, &signeddata); + if (ret) + errx(1, "map_file: %s: %d", opt->signed_content_string, ret); + sd = &signeddata; + } if (opt->content_info_flag) { heim_octet_string uwco; @@ -196,19 +265,32 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) if (ret) errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret); - if (der_heim_oid_cmp(&oid, oid_id_pkcs7_signedData()) != 0) + if (der_heim_oid_cmp(&oid, &asn1_oid_id_pkcs7_signedData) != 0) errx(1, "Content is not SignedData"); der_free_oid(&oid); + if (p == NULL) + der_free_octet_string(&co); + else { + rk_xfree(p); + p = NULL; + } co = uwco; } hx509_verify_attach_anchors(ctx, anchors); - ret = hx509_cms_verify_signed(context, ctx, co.data, co.length, sd, + if (!opt->signer_allowed_flag) + flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER; + if (opt->allow_wrong_oid_flag) + flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; + + ret = hx509_cms_verify_signed(context, ctx, flags, co.data, co.length, sd, store, &type, &c, &signers); - if (co.data != p) + if (p != co.data) der_free_octet_string(&co); + else + rk_xfree(p); if (ret) hx509_err(context, 1, ret, "hx509_cms_verify_signed"); @@ -219,8 +301,12 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) free(str); der_free_oid(&type); } - printf("signers:\n"); - hx509_certs_iter(context, signers, hx509_ci_print_names, stdout); + if (signers == NULL) { + printf("unsigned\n"); + } else { + printf("signers:\n"); + hx509_certs_iter_f(context, signers, hx509_ci_print_names, stdout); + } hx509_verify_destroy_ctx(ctx); @@ -230,18 +316,43 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) hx509_lock_free(lock); - ret = _hx509_write_file(argv[1], c.data, c.length); - if (ret) - errx(1, "hx509_write_file: %d", ret); + if (argc > 1) { + ret = _hx509_write_file(argv[1], c.data, c.length); + if (ret) + errx(1, "hx509_write_file: %d", ret); + } der_free_octet_string(&c); - _hx509_unmap_file(p, sz); + if (sd) _hx509_unmap_file_os(sd); return 0; } +static int +print_signer(hx509_context contextp, void *ctx, hx509_cert cert) +{ + hx509_pem_header **header = ctx; + char *signer_name = NULL; + hx509_name name; + int ret; + + ret = hx509_cert_get_subject(cert, &name); + if (ret) + errx(1, "hx509_cert_get_subject"); + + ret = hx509_name_to_string(name, &signer_name); + hx509_name_free(&name); + if (ret) + errx(1, "hx509_name_to_string"); + + hx509_pem_add_header(header, "Signer", signer_name); + + free(signer_name); + return 0; +} + int cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) { @@ -250,96 +361,100 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) heim_octet_string o; hx509_query *q; hx509_lock lock; - hx509_certs store, pool, anchors; - hx509_cert cert; + hx509_certs store, pool, anchors, signer = NULL; size_t sz; void *p; int ret, flags = 0; - char *signer_name = NULL; + char *infile, *outfile = NULL; memset(&contentType, 0, sizeof(contentType)); - if (argc < 2) - errx(1, "argc < 2"); + infile = argv[0]; + + if (argc < 2) { + asprintf(&outfile, "%s.%s", infile, + opt->pem_flag ? "pem" : "cms-signeddata"); + if (outfile == NULL) + errx(1, "out of memory"); + } else + outfile = argv[1]; hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &store); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); ret = hx509_certs_init(context, "MEMORY:cert-pool", 0, NULL, &pool); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); certs_strings(context, "store", store, lock, &opt->certificate_strings); certs_strings(context, "pool", pool, lock, &opt->pool_strings); if (opt->anchors_strings.num_strings) { - ret = hx509_certs_init(context, "MEMORY:cert-anchors", + ret = hx509_certs_init(context, "MEMORY:cert-anchors", 0, NULL, &anchors); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); certs_strings(context, "anchors", anchors, lock, &opt->anchors_strings); } else anchors = NULL; if (opt->detached_signature_flag) - flags |= HX509_CMS_SIGATURE_DETACHED; + flags |= HX509_CMS_SIGNATURE_DETACHED; if (opt->id_by_name_flag) - flags |= HX509_CMS_SIGATURE_ID_NAME; + flags |= HX509_CMS_SIGNATURE_ID_NAME; + if (!opt->signer_flag) { + flags |= HX509_CMS_SIGNATURE_NO_SIGNER; - ret = hx509_query_alloc(context, &q); + } + + if (opt->signer_flag) { + ret = hx509_query_alloc(context, &q); + if (ret) + errx(1, "hx509_query_alloc: %d", ret); + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + + if (opt->signer_string) + hx509_query_match_friendly_name(q, opt->signer_string); + + ret = hx509_certs_filter(context, store, q, &signer); + hx509_query_free(context, q); + if (ret) + hx509_err(context, 1, ret, "hx509_certs_find"); + } + if (!opt->embedded_certs_flag) + flags |= HX509_CMS_SIGNATURE_NO_CERTS; + if (opt->embed_leaf_only_flag) + flags |= HX509_CMS_SIGNATURE_LEAF_ONLY; + + ret = rk_undumpdata(infile, &p, &sz); if (ret) - errx(1, "hx509_query_alloc: %d", ret); - - hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); - hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - - if (opt->signer_string) - hx509_query_match_friendly_name(q, opt->signer_string); - - ret = hx509_certs_find(context, store, q, &cert); - hx509_query_free(context, q); - if (ret) - hx509_err(context, 1, ret, "hx509_certs_find"); - - ret = _hx509_map_file(argv[0], &p, &sz, NULL); - if (ret) - err(1, "map_file: %s: %d", argv[0], ret); + err(1, "map_file: %s: %d", infile, ret); if (opt->peer_alg_strings.num_strings) peer_strings(context, &peer, &opt->peer_alg_strings); - parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType); + parse_oid(opt->content_type_string, &asn1_oid_id_pkcs7_data, &contentType); - ret = hx509_cms_create_signed_1(context, - flags, - &contentType, - p, - sz, - NULL, - cert, - peer, - anchors, - pool, - &o); + ret = hx509_cms_create_signed(context, + flags, + &contentType, + p, + sz, + NULL, + signer, + peer, + anchors, + pool, + &o); if (ret) - errx(1, "hx509_cms_create_signed: %d", ret); - - { - hx509_name name; - - ret = hx509_cert_get_subject(cert, &name); - if (ret) - errx(1, "hx509_cert_get_subject"); - - ret = hx509_name_to_string(name, &signer_name); - hx509_name_free(&name); - if (ret) - errx(1, "hx509_name_to_string"); - } - + hx509_err(context, 1, ret, "hx509_cms_create_signed: %d", ret); hx509_certs_free(&anchors); hx509_certs_free(&pool); - hx509_cert_free(cert); hx509_certs_free(&store); - _hx509_unmap_file(p, sz); + rk_xfree(p); hx509_lock_free(lock); hx509_peer_info_free(peer); der_free_oid(&contentType); @@ -347,7 +462,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) if (opt->content_info_flag) { heim_octet_string wo; - ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &o, &wo); + ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &o, &wo); if (ret) errx(1, "hx509_cms_wrap_ContentInfo: %d", ret); @@ -359,15 +474,20 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) hx509_pem_header *header = NULL; FILE *f; - hx509_pem_add_header(&header, "Content-disposition", - opt->detached_signature_flag ? "detached" : "inline"); - hx509_pem_add_header(&header, "Signer", signer_name); + hx509_pem_add_header(&header, "Content-disposition", + opt->detached_signature_flag ? + "detached" : "inline"); + if (signer) { + ret = hx509_certs_iter_f(context, signer, print_signer, header); + if (ret) + hx509_err(context, 1, ret, "print signer"); + } - f = fopen(argv[1], "w"); + f = fopen(outfile, "w"); if (f == NULL) - err(1, "open %s", argv[1]); - - ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f, + err(1, "open %s", outfile); + + ret = hx509_pem_write(context, "CMS SIGNEDDATA", header, f, o.data, o.length); fclose(f); hx509_pem_free_header(header); @@ -375,12 +495,12 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) errx(1, "hx509_pem_write: %d", ret); } else { - ret = _hx509_write_file(argv[1], o.data, o.length); + ret = _hx509_write_file(outfile, o.data, o.length); if (ret) errx(1, "hx509_write_file: %d", ret); } - free(signer_name); + hx509_certs_free(&signer); free(o.data); return 0; @@ -396,11 +516,12 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) void *p; int ret; hx509_lock lock; + int flags = 0; hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - ret = _hx509_map_file(argv[0], &p, &sz, NULL); + ret = rk_undumpdata(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); @@ -415,7 +536,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) if (ret) errx(1, "hx509_cms_unwrap_ContentInfo: %d", ret); - if (der_heim_oid_cmp(&oid, oid_id_pkcs7_envelopedData()) != 0) + if (der_heim_oid_cmp(&oid, &asn1_oid_id_pkcs7_envelopedData) != 0) errx(1, "Content is not SignedData"); der_free_oid(&oid); @@ -428,14 +549,17 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) certs_strings(context, "store", certs, lock, &opt->certificate_strings); - ret = hx509_cms_unenvelope(context, certs, 0, co.data, co.length, - NULL, &contentType, &o); + if (opt->allow_weak_crypto_flag) + flags |= HX509_CMS_UE_ALLOW_WEAK; + + ret = hx509_cms_unenvelope(context, certs, flags, co.data, co.length, + NULL, 0, &contentType, &o); if (co.data != p) der_free_octet_string(&co); if (ret) hx509_err(context, 1, ret, "hx509_cms_unenvelope"); - _hx509_unmap_file(p, sz); + rk_xfree(p); hx509_lock_free(lock); hx509_certs_free(&certs); der_free_oid(&contentType); @@ -462,24 +586,29 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) size_t sz; void *p; hx509_lock lock; + int flags = 0; memset(&contentType, 0, sizeof(contentType)); hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - ret = _hx509_map_file(argv[0], &p, &sz, NULL); + ret = rk_undumpdata(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); certs_strings(context, "store", certs, lock, &opt->certificate_strings); + if (opt->allow_weak_crypto_flag) + flags |= HX509_CMS_EV_ALLOW_WEAK; + if (opt->encryption_type_string) { enctype = hx509_crypto_enctype_by_name(opt->encryption_type_string); if (enctype == NULL) - errx(1, "encryption type: %s no found", + errx(1, "encryption type: %s no found", opt->encryption_type_string); } @@ -494,22 +623,22 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) if (ret) errx(1, "hx509_certs_find: %d", ret); - parse_oid(opt->content_type_string, oid_id_pkcs7_data(), &contentType); + parse_oid(opt->content_type_string, &asn1_oid_id_pkcs7_data, &contentType); - ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype, + ret = hx509_cms_envelope_1(context, flags, cert, p, sz, enctype, &contentType, &o); if (ret) errx(1, "hx509_cms_envelope_1: %d", ret); hx509_cert_free(cert); hx509_certs_free(&certs); - _hx509_unmap_file(p, sz); + rk_xfree(p); der_free_oid(&contentType); if (opt->content_info_flag) { heim_octet_string wo; - ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_envelopedData(), &o, &wo); + ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_envelopedData, &o, &wo); if (ret) errx(1, "hx509_cms_wrap_ContentInfo: %d", ret); @@ -531,46 +660,18 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) static void print_certificate(hx509_context hxcontext, hx509_cert cert, int verbose) { - hx509_name name; const char *fn; - char *str; int ret; - + fn = hx509_cert_get_friendly_name(cert); if (fn) printf(" friendly name: %s\n", fn); - printf(" private key: %s\n", + printf(" private key: %s\n", _hx509_cert_private_key(cert) ? "yes" : "no"); - ret = hx509_cert_get_issuer(cert, &name); - hx509_name_to_string(name, &str); - hx509_name_free(&name); - printf(" issuer: \"%s\"\n", str); - free(str); - - ret = hx509_cert_get_subject(cert, &name); - hx509_name_to_string(name, &str); - hx509_name_free(&name); - printf(" subject: \"%s\"\n", str); - free(str); - - { - heim_integer serialNumber; - - hx509_cert_get_serialnumber(cert, &serialNumber); - der_print_hex_heim_integer(&serialNumber, &str); - der_free_heim_integer(&serialNumber); - printf(" serial: %s\n", str); - free(str); - } - - printf(" keyusage: "); - ret = hx509_cert_keyusage_print(hxcontext, cert, &str); - if (ret == 0) { - printf("%s\n", str); - free(str); - } else - printf("no"); + ret = hx509_print_cert(hxcontext, cert, NULL); + if (ret) + errx(1, "failed to print cert"); if (verbose) { hx509_validate_ctx vctx; @@ -579,7 +680,7 @@ print_certificate(hx509_context hxcontext, hx509_cert cert, int verbose) hx509_validate_ctx_set_print(vctx, hx509_print_stdout, stdout); hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VALIDATE); hx509_validate_ctx_add_flags(vctx, HX509_VALIDATE_F_VERBOSE); - + hx509_validate_cert(hxcontext, vctx, cert); hx509_validate_ctx_free(vctx); @@ -596,7 +697,7 @@ static int print_f(hx509_context hxcontext, void *ctx, hx509_cert cert) { struct print_s *s = ctx; - + printf("cert: %d\n", s->counter++); print_certificate(context, cert, s->verbose); @@ -619,11 +720,16 @@ pcert_print(struct print_options *opt, int argc, char **argv) while(argc--) { int ret; ret = hx509_certs_init(context, argv[0], 0, lock, &certs); - if (ret) + if (ret) { + if (opt->never_fail_flag) { + printf("ignoreing failure: %d\n", ret); + continue; + } hx509_err(context, 1, ret, "hx509_certs_init"); + } if (opt->info_flag) hx509_certs_info(context, certs, NULL, NULL); - hx509_certs_iter(context, certs, print_f, &s); + hx509_certs_iter_f(context, certs, print_f, &s); hx509_certs_free(&certs); argv++; } @@ -660,7 +766,7 @@ pcert_validate(struct validate_options *opt, int argc, char **argv) ret = hx509_certs_init(context, argv[0], 0, lock, &certs); if (ret) errx(1, "hx509_certs_init: %d", ret); - hx509_certs_iter(context, certs, validate_f, ctx); + hx509_certs_iter_f(context, certs, validate_f, ctx); hx509_certs_free(&certs); argv++; } @@ -675,31 +781,40 @@ int certificate_copy(struct certificate_copy_options *opt, int argc, char **argv) { hx509_certs certs; - hx509_lock lock; + hx509_lock inlock, outlock = NULL; int ret; - hx509_lock_init(context, &lock); - lock_strings(lock, &opt->in_pass_strings); + hx509_lock_init(context, &inlock); + lock_strings(inlock, &opt->in_pass_strings); - ret = hx509_certs_init(context, argv[argc - 1], - HX509_CERTS_CREATE, lock, &certs); + if (opt->out_pass_string) { + hx509_lock_init(context, &outlock); + ret = hx509_lock_command_string(outlock, opt->out_pass_string); + if (ret) + errx(1, "hx509_lock_command_string: %s: %d", + opt->out_pass_string, ret); + } + + ret = hx509_certs_init(context, argv[argc - 1], + HX509_CERTS_CREATE, inlock, &certs); if (ret) hx509_err(context, 1, ret, "hx509_certs_init"); while(argc-- > 1) { - int ret; - ret = hx509_certs_append(context, certs, lock, argv[0]); - if (ret) - hx509_err(context, 1, ret, "hx509_certs_append"); + int retx; + retx = hx509_certs_append(context, certs, inlock, argv[0]); + if (retx) + hx509_err(context, 1, retx, "hx509_certs_append"); argv++; } - ret = hx509_certs_store(context, certs, 0, NULL); + ret = hx509_certs_store(context, certs, 0, outlock); if (ret) hx509_err(context, 1, ret, "hx509_certs_store"); hx509_certs_free(&certs); - hx509_lock_free(lock); + hx509_lock_free(inlock); + hx509_lock_free(outlock); return 0; } @@ -709,6 +824,7 @@ struct verify { hx509_certs chain; const char *hostname; int errors; + int count; }; static int @@ -723,8 +839,10 @@ verify_f(hx509_context hxcontext, void *ctx, hx509_cert c) printf("verify_path: %s: %d\n", s, ret); hx509_free_error_string(s); v->errors++; - } else + } else { + v->count++; printf("path ok\n"); + } if (v->hostname) { ret = hx509_verify_hostname(hxcontext, c, 0, HX509_HN_HOSTNAME, @@ -753,9 +871,17 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) hx509_context_set_missing_revoke(context, 1); ret = hx509_verify_init_ctx(context, &ctx); + if (ret) + hx509_err(context, 1, ret, "hx509_verify_init_ctx"); ret = hx509_certs_init(context, "MEMORY:anchors", 0, NULL, &anchors); + if (ret) + hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); ret = hx509_certs_init(context, "MEMORY:chain", 0, NULL, &chain); + if (ret) + hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); ret = hx509_certs_init(context, "MEMORY:certs", 0, NULL, &certs); + if (ret) + hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); if (opt->allow_proxy_certificate_flag) hx509_verify_set_proxy_certificate(ctx, 1); @@ -771,7 +897,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) if (p == NULL) errx(1, "Failed to parse time %s, need to be on format %%Y-%%m-%%d", opt->time_string); - + t = tm2time (tm, 0); hx509_verify_set_time(ctx, t); @@ -808,7 +934,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) ret = hx509_certs_append(context, certs, NULL, s); if (ret) - hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d", + hx509_err(context, 1, ret, "hx509_certs_append: certs: %s: %d", s, ret); } else if (strncmp(s, "crl:", 4) == 0) { @@ -836,7 +962,7 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) v.ctx = ctx; v.chain = chain; - hx509_certs_iter(context, certs, verify_f, &v); + hx509_certs_iter_f(context, certs, verify_f, &v); hx509_verify_destroy_ctx(ctx); @@ -846,6 +972,12 @@ pcert_verify(struct verify_options *opt, int argc, char **argv) hx509_revoke_free(&revoke_ctx); + + if (v.count == 0) { + printf("no certs verify at all\n"); + return 1; + } + if (v.errors) { printf("failed verifing %d checks\n", v.errors); return 1; @@ -871,6 +1003,7 @@ query(struct query_options *opt, int argc, char **argv) lock_strings(lock, &opt->pass_strings); ret = hx509_certs_init(context, "MEMORY:cert-store", 0, NULL, &certs); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); while (argc > 0) { @@ -885,6 +1018,17 @@ query(struct query_options *opt, int argc, char **argv) if (opt->friendlyname_string) hx509_query_match_friendly_name(q, opt->friendlyname_string); + if (opt->eku_string) { + heim_oid oid; + + parse_oid(opt->eku_string, NULL, &oid); + + ret = hx509_query_match_eku(q, &oid); + if (ret) + errx(1, "hx509_query_match_eku: %d", ret); + der_free_oid(&oid); + } + if (opt->private_key_flag) hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); @@ -894,6 +1038,9 @@ query(struct query_options *opt, int argc, char **argv) if (opt->digitalSignature_flag) hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + if (opt->expr_string) + hx509_query_match_expr(context, q, opt->expr_string); + ret = hx509_certs_find(context, certs, q, &c); hx509_query_free(context, q); if (ret) @@ -935,12 +1082,14 @@ ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv) url = opt->url_path_string; ret = hx509_certs_init(context, "MEMORY:ocsp-pool", 0, NULL, &pool); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); certs_strings(context, "ocsp-pool", pool, lock, &opt->pool_strings); file = argv[0]; ret = hx509_certs_init(context, "MEMORY:ocsp-req", 0, NULL, &reqcerts); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); for (i = 1; i < argc; i++) { ret = hx509_certs_append(context, reqcerts, lock, argv[i]); @@ -951,7 +1100,7 @@ ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv) ret = hx509_ocsp_request(context, reqcerts, pool, NULL, NULL, &req, nonce); if (ret) errx(1, "hx509_ocsp_request: req: %d", ret); - + { FILE *f; @@ -959,7 +1108,7 @@ ocsp_fetch(struct ocsp_fetch_options *opt, int argc, char **argv) if (f == NULL) abort(); - fprintf(f, + fprintf(f, "POST %s HTTP/1.0\r\n" "Content-Type: application/ocsp-request\r\n" "Content-Length: %ld\r\n" @@ -997,7 +1146,7 @@ verify_o(hx509_context hxcontext, void *ctx, hx509_cert c) time_t expiration; int ret; - ret = hx509_ocsp_verify(context, 0, c, 0, + ret = hx509_ocsp_verify(context, 0, c, 0, os->data, os->length, &expiration); if (ret) { char *s = hx509_get_error_string(hxcontext, ret); @@ -1017,17 +1166,18 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv) hx509_certs certs; int ret, i; heim_octet_string os; - + hx509_lock_init(context, &lock); if (opt->ocsp_file_string == NULL) errx(1, "no ocsp file given"); - ret = _hx509_map_file(opt->ocsp_file_string, &os.data, &os.length, NULL); + ret = _hx509_map_file_os(opt->ocsp_file_string, &os); if (ret) err(1, "map_file: %s: %d", argv[0], ret); - + ret = hx509_certs_init(context, "MEMORY:test-certs", 0, NULL, &certs); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); for (i = 0; i < argc; i++) { ret = hx509_certs_append(context, certs, lock, argv[i]); @@ -1035,10 +1185,10 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv) hx509_err(context, 1, ret, "hx509_certs_append: %s", argv[i]); } - ret = hx509_certs_iter(context, certs, verify_o, &os); + ret = hx509_certs_iter_f(context, certs, verify_o, &os); hx509_certs_free(&certs); - _hx509_unmap_file(os.data, os.length); + _hx509_unmap_file_os(&os); hx509_lock_free(lock); return ret; @@ -1050,7 +1200,7 @@ read_private_key(const char *fn, hx509_private_key *key) hx509_private_key *keys; hx509_certs certs; int ret; - + *key = NULL; ret = hx509_certs_init(context, fn, 0, NULL, &certs); @@ -1085,10 +1235,10 @@ get_key(const char *fn, const char *type, int optbits, if (fn == NULL) errx(1, "no key argument, don't know here to store key"); - + if (strcasecmp(type, "rsa") != 0) errx(1, "can only handle rsa keys for now"); - + e = BN_new(); BN_set_word(e, 0x10001); @@ -1110,13 +1260,13 @@ get_key(const char *fn, const char *type, int optbits, p0 = p = malloc(len); if (p == NULL) errx(1, "out of memory"); - + i2d_RSAPrivateKey(rsa, &p); rk_dumpdata(fn, p0, len); memset(p0, 0, len); free(p0); - + RSA_free(rsa); } else if (fn == NULL) @@ -1139,12 +1289,12 @@ request_create(struct request_create_options *opt, int argc, char **argv) memset(&key, 0, sizeof(key)); - get_key(opt->key_string, + get_key(opt->key_string, opt->generate_key_string, opt->key_bits_integer, &signer); - - _hx509_request_init(context, &req); + + hx509_request_init(context, &req); if (opt->subject_string) { hx509_name name = NULL; @@ -1152,7 +1302,7 @@ request_create(struct request_create_options *opt, int argc, char **argv) ret = hx509_parse_name(context, opt->subject_string, &name); if (ret) errx(1, "hx509_parse_name: %d\n", ret); - _hx509_request_set_name(context, req, name); + hx509_request_set_name(context, req, name); if (opt->verbose_flag) { char *s; @@ -1163,26 +1313,30 @@ request_create(struct request_create_options *opt, int argc, char **argv) } for (i = 0; i < opt->email_strings.num_strings; i++) { - ret = _hx509_request_add_email(context, req, + ret = _hx509_request_add_email(context, req, opt->email_strings.strings[i]); + if (ret) + hx509_err(context, 1, ret, "hx509_request_add_email"); } for (i = 0; i < opt->dnsname_strings.num_strings; i++) { - ret = _hx509_request_add_dns_name(context, req, + ret = _hx509_request_add_dns_name(context, req, opt->dnsname_strings.strings[i]); + if (ret) + hx509_err(context, 1, ret, "hx509_request_add_dns_name"); } - ret = _hx509_private_key2SPKI(context, signer, &key); + ret = hx509_private_key2SPKI(context, signer, &key); if (ret) - errx(1, "_hx509_private_key2SPKI: %d\n", ret); + errx(1, "hx509_private_key2SPKI: %d\n", ret); - ret = _hx509_request_set_SubjectPublicKeyInfo(context, + ret = hx509_request_set_SubjectPublicKeyInfo(context, req, &key); free_SubjectPublicKeyInfo(&key); if (ret) - hx509_err(context, 1, ret, "_hx509_request_set_SubjectPublicKeyInfo"); + hx509_err(context, 1, ret, "hx509_request_set_SubjectPublicKeyInfo"); ret = _hx509_request_to_pkcs10(context, req, @@ -1191,8 +1345,8 @@ request_create(struct request_create_options *opt, int argc, char **argv) if (ret) hx509_err(context, 1, ret, "_hx509_request_to_pkcs10"); - _hx509_private_key_free(&signer); - _hx509_request_free(&req); + hx509_private_key_free(&signer); + hx509_request_free(&req); if (ret == 0) rk_dumpdata(outfile, request.data, request.length); @@ -1216,7 +1370,7 @@ request_print(struct request_print_options *opt, int argc, char **argv) hx509_err(context, 1, ret, "parse_request: %s", argv[i]); ret = _hx509_request_print(context, req, stdout); - _hx509_request_free(&req); + hx509_request_free(&req); if (ret) hx509_err(context, 1, ret, "Failed to print file %s", argv[i]); } @@ -1240,6 +1394,15 @@ info(void *opt, int argc, char **argv) if (m != NULL) printf("dh: %s\n", m->name); } +#ifdef HAVE_OPENSSL + { + printf("ecdsa: ECDSA_METHOD-not-export\n"); + } +#else + { + printf("ecdsa: hcrypto null\n"); + } +#endif { int ret = RAND_status(); printf("rand: %s\n", ret == 1 ? "ok" : "not available"); @@ -1286,7 +1449,7 @@ crypto_available(struct crypto_available_options *opt, int argc, char **argv) { AlgorithmIdentifier *val; unsigned int len, i; - int ret, type; + int ret, type = HX509_SELECT_ALL; if (opt->type_string) { if (strcmp(opt->type_string, "all") == 0) @@ -1299,8 +1462,7 @@ crypto_available(struct crypto_available_options *opt, int argc, char **argv) type = HX509_SELECT_SECRET_ENC; else errx(1, "unknown type: %s", opt->type_string); - } else - type = HX509_SELECT_ALL; + } ret = hx509_crypto_available(context, type, NULL, &val, &len); if (ret) @@ -1323,7 +1485,7 @@ crypto_select(struct crypto_select_options *opt, int argc, char **argv) { hx509_peer_info peer = NULL; AlgorithmIdentifier selected; - int ret, type; + int ret, type = HX509_SELECT_DIGEST; char *s; if (opt->type_string) { @@ -1335,8 +1497,7 @@ crypto_select(struct crypto_select_options *opt, int argc, char **argv) type = HX509_SELECT_SECRET_ENC; else errx(1, "unknown type: %s", opt->type_string); - } else - type = HX509_SELECT_DIGEST; + } if (opt->peer_cmstype_strings.num_strings) peer_strings(context, &peer, &opt->peer_cmstype_strings); @@ -1371,15 +1532,17 @@ hxtool_hex(struct hex_options *opt, int argc, char **argv) len = hex_decode(p, buf2, strlen(p)); if (len < 0) errx(1, "hex_decode failed"); - if (fwrite(buf2, 1, len, stdout) != len) + if (fwrite(buf2, 1, len, stdout) != (size_t)len) errx(1, "fwrite failed"); } } else { - char buf[28], *p; - size_t len; + char buf[28], *p; + ssize_t len; while((len = fread(buf, 1, sizeof(buf), stdin)) != 0) { len = hex_encode(buf, len, &p); + if (len < 0) + continue; fprintf(stdout, "%s\n", p); free(p); } @@ -1387,112 +1550,193 @@ hxtool_hex(struct hex_options *opt, int argc, char **argv) return 0; } +struct cert_type_opt { + int pkinit; +}; + + static int -eval_types(hx509_context context, +https_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) +{ + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth); +} + +static int +https_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) +{ + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_clientAuth); +} + +static int +peap_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) +{ + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth); +} + +static int +pkinit_kdc(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) +{ + opt->pkinit++; + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkkdcekuoid); +} + +static int +pkinit_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) +{ + int ret; + + opt->pkinit++; + + ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkekuoid); + if (ret) + return ret; + + ret = hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_ms_client_authentication); + if (ret) + return ret; + + return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkinit_ms_eku); +} + +static int +email_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) +{ + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_emailProtection); +} + +struct { + const char *type; + const char *desc; + int (*eval)(hx509_context, hx509_ca_tbs, struct cert_type_opt *); +} certtypes[] = { + { + "https-server", + "Used for HTTPS server and many other TLS server certificate types", + https_server + }, + { + "https-client", + "Used for HTTPS client certificates", + https_client + }, + { + "email-client", + "Certificate will be use for email", + email_client + }, + { + "pkinit-client", + "Certificate used for Kerberos PK-INIT client certificates", + pkinit_client + }, + { + "pkinit-kdc", + "Certificates used for Kerberos PK-INIT KDC certificates", + pkinit_kdc + }, + { + "peap-server", + "Certificate used for Radius PEAP (Protected EAP)", + peap_server + } +}; + +static void +print_eval_types(FILE *out) +{ + rtbl_t table; + unsigned i; + + table = rtbl_create(); + rtbl_add_column_by_id (table, 0, "Name", 0); + rtbl_add_column_by_id (table, 1, "Description", 0); + + for (i = 0; i < sizeof(certtypes)/sizeof(certtypes[0]); i++) { + rtbl_add_column_entry_by_id(table, 0, certtypes[i].type); + rtbl_add_column_entry_by_id(table, 1, certtypes[i].desc); + } + + rtbl_format (table, out); + rtbl_destroy (table); +} + +static int +eval_types(hx509_context contextp, hx509_ca_tbs tbs, const struct certificate_sign_options *opt) { - int pkinit = 0; - int i, ret; + struct cert_type_opt ctopt; + int i; + size_t j; + int ret; + + memset(&ctopt, 0, sizeof(ctopt)); for (i = 0; i < opt->type_strings.num_strings; i++) { const char *type = opt->type_strings.strings[i]; - - if (strcmp(type, "https-server") == 0) { - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkix_kp_serverAuth()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - } else if (strcmp(type, "https-client") == 0) { - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkix_kp_clientAuth()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - } else if (strcmp(type, "peap-server") == 0) { - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkix_kp_serverAuth()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - } else if (strcmp(type, "pkinit-kdc") == 0) { - pkinit++; - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkkdcekuoid()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - } else if (strcmp(type, "pkinit-client") == 0) { - pkinit++; - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkekuoid()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_ms_client_authentication()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkinit_ms_eku()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - - } else if (strcmp(type, "email") == 0) { - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkix_kp_emailProtection()); - if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); - } else - errx(1, "unknown type %s", type); + for (j = 0; j < sizeof(certtypes)/sizeof(certtypes[0]); j++) { + if (strcasecmp(type, certtypes[j].type) == 0) { + ret = (*certtypes[j].eval)(contextp, tbs, &ctopt); + if (ret) + hx509_err(contextp, 1, ret, + "Failed to evaluate cert type %s", type); + break; + } + } + if (j >= sizeof(certtypes)/sizeof(certtypes[0])) { + fprintf(stderr, "Unknown certificate type %s\n\n", type); + fprintf(stderr, "Available types:\n"); + print_eval_types(stderr); + exit(1); + } } - if (pkinit > 1) - errx(1, "More the one PK-INIT type given"); - if (opt->pk_init_principal_string) { - if (!pkinit) + if (!ctopt.pkinit) errx(1, "pk-init principal given but no pk-init oid"); - ret = hx509_ca_tbs_add_san_pkinit(context, tbs, + ret = hx509_ca_tbs_add_san_pkinit(contextp, tbs, opt->pk_init_principal_string); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_pkinit"); } if (opt->ms_upn_string) { - if (!pkinit) - errx(1, "MS up given but no pk-init oid"); + if (!ctopt.pkinit) + errx(1, "MS upn given but no pk-init oid"); - ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string); + ret = hx509_ca_tbs_add_san_ms_upn(contextp, tbs, opt->ms_upn_string); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_ms_upn"); } - + for (i = 0; i < opt->hostname_strings.num_strings; i++) { const char *hostname = opt->hostname_strings.strings[i]; - ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname); + ret = hx509_ca_tbs_add_san_hostname(contextp, tbs, hostname); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname"); } for (i = 0; i < opt->email_strings.num_strings; i++) { const char *email = opt->email_strings.strings[i]; - ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email); + ret = hx509_ca_tbs_add_san_rfc822name(contextp, tbs, email); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname"); - - ret = hx509_ca_tbs_add_eku(context, tbs, - oid_id_pkix_kp_emailProtection()); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname"); + + ret = hx509_ca_tbs_add_eku(contextp, tbs, + &asn1_oid_id_pkix_kp_emailProtection); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_eku"); } if (opt->jid_string) { - ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string); + ret = hx509_ca_tbs_add_san_jid(contextp, tbs, opt->jid_string); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_jid"); } return 0; @@ -1557,6 +1801,9 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) if (opt->generate_key_string == NULL && opt->ca_private_key_string == NULL) errx(1, "no signing private key"); + + if (opt->req_string) + errx(1, "can't be self-signing and have a request at the same time"); } else errx(1, "missing ca key"); @@ -1566,9 +1813,9 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) if (ret) err(1, "read_private_key"); - ret = _hx509_private_key2SPKI(context, private_key, &spki); + ret = hx509_private_key2SPKI(context, private_key, &spki); if (ret) - errx(1, "_hx509_private_key2SPKI: %d\n", ret); + errx(1, "hx509_private_key2SPKI: %d\n", ret); if (opt->self_signed_flag) cert_key = private_key; @@ -1580,21 +1827,23 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) ret = _hx509_request_parse(context, opt->req_string, &req); if (ret) hx509_err(context, 1, ret, "parse_request: %s", opt->req_string); - ret = _hx509_request_get_name(context, req, &subject); + ret = hx509_request_get_name(context, req, &subject); if (ret) hx509_err(context, 1, ret, "get name"); - ret = _hx509_request_get_SubjectPublicKeyInfo(context, req, &spki); + ret = hx509_request_get_SubjectPublicKeyInfo(context, req, &spki); if (ret) hx509_err(context, 1, ret, "get spki"); - _hx509_request_free(&req); + hx509_request_free(&req); } if (opt->generate_key_string) { struct hx509_generate_private_context *keyctx; - ret = _hx509_generate_private_key_init(context, - oid_id_pkcs1_rsaEncryption(), + ret = _hx509_generate_private_key_init(context, + &asn1_oid_id_pkcs1_rsaEncryption, &keyctx); + if (ret) + hx509_err(context, 1, ret, "generate private key"); if (opt->issue_ca_flag) _hx509_generate_private_key_is_ca(context, keyctx); @@ -1608,10 +1857,10 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) _hx509_generate_private_key_free(&keyctx); if (ret) hx509_err(context, 1, ret, "generate private key"); - - ret = _hx509_private_key2SPKI(context, cert_key, &spki); + + ret = hx509_private_key2SPKI(context, cert_key, &spki); if (ret) - errx(1, "_hx509_private_key2SPKI: %d\n", ret); + errx(1, "hx509_private_key2SPKI: %d\n", ret); if (opt->self_signed_flag) private_key = cert_key; @@ -1638,7 +1887,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) ret = hx509_ca_tbs_init(context, &tbs); if (ret) hx509_err(context, 1, ret, "hx509_ca_tbs_init"); - + if (opt->template_certificate_string) { hx509_cert template; hx509_certs tcerts; @@ -1656,7 +1905,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) if (ret) hx509_err(context, 1, ret, "no template certificate found"); - flags = parse_units(opt->template_fields_string, + flags = parse_units(opt->template_fields_string, hx509_ca_tbs_template_units(), ""); ret = hx509_ca_tbs_set_template(context, tbs, flags, template); @@ -1692,7 +1941,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) } if (opt->crl_uri_string) { - ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs, + ret = hx509_ca_tbs_add_crl_dp_uri(context, tbs, opt->crl_uri_string, NULL); if (ret) hx509_err(context, 1, ret, "hx509_ca_tbs_add_crl_dp_uri"); @@ -1720,7 +1969,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta); if (ret) hx509_err(context, 1, ret, "hx509_ca_tbs_set_notAfter_lifetime"); - } + } if (opt->self_signed_flag) { ret = hx509_ca_sign_self(context, tbs, private_key, &cert); @@ -1736,12 +1985,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) ret = _hx509_cert_assign_key(cert, cert_key); if (ret) hx509_err(context, 1, ret, "_hx509_cert_assign_key"); - } + } { hx509_certs certs; - ret = hx509_certs_init(context, opt->certificate_string, + ret = hx509_certs_init(context, opt->certificate_string, HX509_CERTS_CREATE, NULL, &certs); if (ret) hx509_err(context, 1, ret, "hx509_certs_init"); @@ -1765,8 +2014,8 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv) free_SubjectPublicKeyInfo(&spki); if (private_key != cert_key) - _hx509_private_key_free(&private_key); - _hx509_private_key_free(&cert_key); + hx509_private_key_free(&private_key); + hx509_private_key_free(&cert_key); hx509_ca_tbs_free(&tbs); @@ -1790,7 +2039,7 @@ test_one_cert(hx509_context hxcontext, void *ctx, hx509_cert cert) if (ret) errx(1, "hx509_cms_create_signed_1"); - ret = hx509_cms_verify_signed(context, vctx, sd.data, sd.length, + ret = hx509_cms_verify_signed(context, vctx, 0, sd.data, sd.length, NULL, NULL, &type, &c, &signer); free(sd.data); if (ret) @@ -1815,6 +2064,7 @@ test_crypto(struct test_crypto_options *opt, int argc, char ** argv) lock_strings(lock, &opt->pass_strings); ret = hx509_certs_init(context, "MEMORY:test-crypto", 0, NULL, &certs); + if (ret) hx509_err(context, 1, ret, "hx509_certs_init: MEMORY"); for (i = 0; i < argc; i++) { ret = hx509_certs_append(context, certs, lock, argv[i]); @@ -1828,7 +2078,9 @@ test_crypto(struct test_crypto_options *opt, int argc, char ** argv) hx509_verify_attach_anchors(vctx, certs); - ret = hx509_certs_iter(context, certs, test_one_cert, vctx); + ret = hx509_certs_iter_f(context, certs, test_one_cert, vctx); + if (ret) + hx509_err(context, 1, ret, "hx509_cert_iter"); hx509_certs_free(&certs); @@ -1880,7 +2132,7 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv) ret = hx509_certs_init(context, opt->signer_string, 0, NULL, &certs); if (ret) - hx509_err(context, 1, ret, + hx509_err(context, 1, ret, "hx509_certs_init: %s", opt->signer_string); ret = hx509_query_alloc(context, &q); @@ -1912,6 +2164,9 @@ crl_sign(struct crl_sign_options *opt, int argc, char **argv) ret = hx509_certs_init(context, "MEMORY:revoked-certs", 0, NULL, &revoked); + if (ret) + hx509_err(context, 1, ret, + "hx509_certs_init: MEMORY cert"); for (i = 0; i < argc; i++) { ret = hx509_certs_append(context, revoked, lock, argv[i]); diff --git a/crypto/heimdal/lib/hx509/keyset.c b/crypto/heimdal/lib/hx509/keyset.c index 2fcff7b03b3..c0275d949d0 100644 --- a/crypto/heimdal/lib/hx509/keyset.c +++ b/crypto/heimdal/lib/hx509/keyset.c @@ -1,38 +1,39 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $"); /** * @page page_keyset Certificate store operations @@ -40,7 +41,7 @@ RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $"); * Type of certificates store: * - MEMORY * In memory based format. Doesnt support storing. - * - FILE + * - FILE * FILE supports raw DER certicates and PEM certicates. When PEM is * used the file can contain may certificates and match private * keys. Support storing the certificates. DER format only supports @@ -59,7 +60,7 @@ RCSID("$Id: keyset.c 22466 2008-01-16 14:26:35Z lha $"); */ struct hx509_certs_data { - int ref; + unsigned int ref; struct hx509_keyset_ops *ops; void *ops_data; }; @@ -84,7 +85,7 @@ _hx509_ks_register(hx509_context context, struct hx509_keyset_ops *ops) if (_hx509_ks_type(context, ops->name)) return; - val = realloc(context->ks_ops, + val = realloc(context->ks_ops, (context->ks_num_ops + 1) * sizeof(context->ks_ops[0])); if (val == NULL) return; @@ -138,10 +139,10 @@ hx509_certs_init(hx509_context context, hx509_clear_error_string(context); return ENOMEM; } - + ops = _hx509_ks_type(context, type); if (ops == NULL) { - hx509_set_error_string(context, 0, ENOENT, + hx509_set_error_string(context, 0, ENOENT, "Keyset type %s is not supported", type); free(type); return ENOENT; @@ -199,15 +200,15 @@ hx509_certs_store(hx509_context context, hx509_certs -_hx509_certs_ref(hx509_certs certs) +hx509_certs_ref(hx509_certs certs) { if (certs == NULL) return NULL; - if (certs->ref <= 0) - _hx509_abort("certs refcount <= 0"); - certs->ref++; if (certs->ref == 0) - _hx509_abort("certs refcount == 0"); + _hx509_abort("certs refcount == 0 on ref"); + if (certs->ref == UINT_MAX) + _hx509_abort("certs refcount == UINT_MAX on ref"); + certs->ref++; return certs; } @@ -223,8 +224,8 @@ void hx509_certs_free(hx509_certs *certs) { if (*certs) { - if ((*certs)->ref <= 0) - _hx509_abort("refcount <= 0"); + if ((*certs)->ref == 0) + _hx509_abort("cert refcount == 0 on free"); if (--(*certs)->ref > 0) return; @@ -257,8 +258,8 @@ hx509_certs_start_seq(hx509_context context, int ret; if (certs->ops->iter_start == NULL) { - hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, - "Keyset type %s doesn't support iteration", + hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION, + "Keyset type %s doesn't support iteration", certs->ops->name); return HX509_UNSUPPORTED_OPERATION; } @@ -324,7 +325,7 @@ hx509_certs_end_seq(hx509_context context, * @param certs certificate store to iterate over. * @param func function to call for each certificate. The function * should return non-zero to abort the iteration, that value is passed - * back to te caller of hx509_certs_iter(). + * back to the caller of hx509_certs_iter_f(). * @param ctx context variable that will passed to the function. * * @return Returns an hx509 error code. @@ -333,10 +334,10 @@ hx509_certs_end_seq(hx509_context context, */ int -hx509_certs_iter(hx509_context context, - hx509_certs certs, - int (*func)(hx509_context, void *, hx509_cert), - void *ctx) +hx509_certs_iter_f(hx509_context context, + hx509_certs certs, + int (*func)(hx509_context, void *, hx509_cert), + void *ctx) { hx509_cursor cursor; hx509_cert c; @@ -345,7 +346,7 @@ hx509_certs_iter(hx509_context context, ret = hx509_certs_start_seq(context, certs, &cursor); if (ret) return ret; - + while (1) { ret = hx509_certs_next_cert(context, certs, cursor, &c); if (ret) @@ -365,13 +366,61 @@ hx509_certs_iter(hx509_context context, return ret; } - /** - * Function to use to hx509_certs_iter() as a function argument, the - * ctx variable to hx509_certs_iter() should be a FILE file descriptor. + * Iterate over all certificates in a keystore and call an function + * for each fo them. * * @param context a hx509 context. - * @param ctx used by hx509_certs_iter(). + * @param certs certificate store to iterate over. + * @param func function to call for each certificate. The function + * should return non-zero to abort the iteration, that value is passed + * back to the caller of hx509_certs_iter(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +#ifdef __BLOCKS__ + +static int +certs_iter(hx509_context context, void *ctx, hx509_cert cert) +{ + int (^func)(hx509_cert) = ctx; + return func(cert); +} + +/** + * Iterate over all certificates in a keystore and call an block + * for each fo them. + * + * @param context a hx509 context. + * @param certs certificate store to iterate over. + * @param func block to call for each certificate. The function + * should return non-zero to abort the iteration, that value is passed + * back to the caller of hx509_certs_iter(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_iter(hx509_context context, + hx509_certs certs, + int (^func)(hx509_cert)) +{ + return hx509_certs_iter_f(context, certs, certs_iter, func); +} +#endif + + +/** + * Function to use to hx509_certs_iter_f() as a function argument, the + * ctx variable to hx509_certs_iter_f() should be a FILE file descriptor. + * + * @param context a hx509 context. + * @param ctx used by hx509_certs_iter_f(). * @param c a certificate * * @return Returns an hx509 error code. @@ -420,8 +469,8 @@ int hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert) { if (certs->ops->add == NULL) { - hx509_set_error_string(context, 0, ENOENT, - "Keyset type %s doesn't support add operation", + hx509_set_error_string(context, 0, ENOENT, + "Keyset type %s doesn't support add operation", certs->ops->name); return ENOENT; } @@ -445,7 +494,7 @@ hx509_certs_add(hx509_context context, hx509_certs certs, hx509_cert cert) int hx509_certs_find(hx509_context context, - hx509_certs certs, + hx509_certs certs, const hx509_query *q, hx509_cert *r) { @@ -481,6 +530,10 @@ hx509_certs_find(hx509_context context, hx509_certs_end_seq(context, certs, cursor); if (ret) return ret; + /** + * Return HX509_CERT_NOT_FOUND if no certificate in certs matched + * the query. + */ if (c == NULL) { hx509_clear_error_string(context); return HX509_CERT_NOT_FOUND; @@ -489,6 +542,77 @@ hx509_certs_find(hx509_context context, return 0; } +/** + * Filter certificate matching the query. + * + * @param context a hx509 context. + * @param certs certificate store to search. + * @param q query allocated with @ref hx509_query functions. + * @param result the filtered certificate store, caller must free with + * hx509_certs_free(). + * + * @return Returns an hx509 error code. + * + * @ingroup hx509_keyset + */ + +int +hx509_certs_filter(hx509_context context, + hx509_certs certs, + const hx509_query *q, + hx509_certs *result) +{ + hx509_cursor cursor; + hx509_cert c; + int ret, found = 0; + + _hx509_query_statistic(context, 0, q); + + ret = hx509_certs_init(context, "MEMORY:filter-certs", 0, + NULL, result); + if (ret) + return ret; + + ret = hx509_certs_start_seq(context, certs, &cursor); + if (ret) { + hx509_certs_free(result); + return ret; + } + + c = NULL; + while (1) { + ret = hx509_certs_next_cert(context, certs, cursor, &c); + if (ret) + break; + if (c == NULL) + break; + if (_hx509_query_match_cert(context, q, c)) { + hx509_certs_add(context, *result, c); + found = 1; + } + hx509_cert_free(c); + } + + hx509_certs_end_seq(context, certs, cursor); + if (ret) { + hx509_certs_free(result); + return ret; + } + + /** + * Return HX509_CERT_NOT_FOUND if no certificate in certs matched + * the query. + */ + if (!found) { + hx509_certs_free(result); + hx509_clear_error_string(context); + return HX509_CERT_NOT_FOUND; + } + + return 0; +} + + static int certs_merge_func(hx509_context context, void *ctx, hx509_cert c) { @@ -513,7 +637,7 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from) { if (from == NULL) return 0; - return hx509_certs_iter(context, from, certs_merge_func, to); + return hx509_certs_iter_f(context, from, certs_merge_func, to); } /** @@ -604,7 +728,7 @@ certs_info_stdio(void *ctx, const char *str) */ int -hx509_certs_info(hx509_context context, +hx509_certs_info(hx509_context context, hx509_certs certs, int (*func)(void *, const char *), void *ctx) @@ -639,8 +763,8 @@ _hx509_pi_printf(int (*func)(void *, const char *), void *ctx, } int -_hx509_certs_keys_get(hx509_context context, - hx509_certs certs, +_hx509_certs_keys_get(hx509_context context, + hx509_certs certs, hx509_private_key **keys) { if (certs->ops->getkeys == NULL) { @@ -651,8 +775,8 @@ _hx509_certs_keys_get(hx509_context context, } int -_hx509_certs_keys_add(hx509_context context, - hx509_certs certs, +_hx509_certs_keys_add(hx509_context context, + hx509_certs certs, hx509_private_key key) { if (certs->ops->addkey == NULL) { @@ -672,6 +796,6 @@ _hx509_certs_keys_free(hx509_context context, { int i; for (i = 0; keys[i]; i++) - _hx509_private_key_free(&keys[i]); + hx509_private_key_free(&keys[i]); free(keys); } diff --git a/crypto/heimdal/lib/hx509/ks_dir.c b/crypto/heimdal/lib/hx509/ks_dir.c index a0bc875e5b8..264b1bf552d 100644 --- a/crypto/heimdal/lib/hx509/ks_dir.c +++ b/crypto/heimdal/lib/hx509/ks_dir.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: ks_dir.c 19778 2007-01-09 10:52:13Z lha $"); #include /* @@ -55,7 +54,7 @@ struct dircursor { static int dir_init(hx509_context context, - hx509_certs certs, void **data, int flags, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { *data = NULL; @@ -71,7 +70,7 @@ dir_init(hx509_context context, return ENOENT; } - if ((sb.st_mode & S_IFDIR) == 0) { + if (!S_ISDIR(sb.st_mode)) { hx509_set_error_string(context, 0, ENOTDIR, "%s is not a directory", residue); return ENOTDIR; @@ -94,9 +93,7 @@ dir_free(hx509_certs certs, void *data) return 0; } - - -static int +static int dir_iter_start(hx509_context context, hx509_certs certs, void *data, void **cursor) { @@ -116,6 +113,7 @@ dir_iter_start(hx509_context context, free(d); return errno; } + rk_cloexec_dir(d->dir); d->certs = NULL; d->iter = NULL; @@ -129,7 +127,7 @@ dir_iter(hx509_context context, { struct dircursor *d = iter; int ret = 0; - + *cert = NULL; do { @@ -160,10 +158,10 @@ dir_iter(hx509_context context, } if (strcmp(dir->d_name, ".") == 0 || strcmp(dir->d_name, "..") == 0) continue; - + if (asprintf(&fn, "FILE:%s/%s", (char *)data, dir->d_name) == -1) return ENOMEM; - + ret = hx509_certs_init(context, fn, 0, NULL, &d->certs); if (ret == 0) { diff --git a/crypto/heimdal/lib/hx509/ks_file.c b/crypto/heimdal/lib/hx509/ks_file.c index 87b97af401c..d21d8892870 100644 --- a/crypto/heimdal/lib/hx509/ks_file.c +++ b/crypto/heimdal/lib/hx509/ks_file.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: ks_file.c 22465 2008-01-16 14:25:24Z lha $"); typedef enum { USE_PEM, USE_DER } outformat; @@ -47,10 +46,11 @@ struct ks_file { */ static int -parse_certificate(hx509_context context, const char *fn, - struct hx509_collector *c, +parse_certificate(hx509_context context, const char *fn, + struct hx509_collector *c, const hx509_pem_header *headers, - const void *data, size_t len) + const void *data, size_t len, + const AlgorithmIdentifier *ai) { hx509_cert cert; int ret; @@ -112,7 +112,7 @@ try_decrypt(hx509_context context, EVP_CipherInit_ex(&ctx, c, NULL, key, ivdata, 0); EVP_Cipher(&ctx, clear.data, cipher, len); EVP_CIPHER_CTX_cleanup(&ctx); - } + } ret = _hx509_collector_private_key_add(context, collector, @@ -130,10 +130,40 @@ out: } static int -parse_rsa_private_key(hx509_context context, const char *fn, - struct hx509_collector *c, +parse_pkcs8_private_key(hx509_context context, const char *fn, + struct hx509_collector *c, + const hx509_pem_header *headers, + const void *data, size_t length, + const AlgorithmIdentifier *ai) +{ + PKCS8PrivateKeyInfo ki; + heim_octet_string keydata; + + int ret; + + ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL); + if (ret) + return ret; + + keydata.data = rk_UNCONST(data); + keydata.length = length; + + ret = _hx509_collector_private_key_add(context, + c, + &ki.privateKeyAlgorithm, + NULL, + &ki.privateKey, + &keydata); + free_PKCS8PrivateKeyInfo(&ki); + return ret; +} + +static int +parse_pem_private_key(hx509_context context, const char *fn, + struct hx509_collector *c, const hx509_pem_header *headers, - const void *data, size_t len) + const void *data, size_t len, + const AlgorithmIdentifier *ai) { int ret = 0; const char *enc; @@ -147,7 +177,8 @@ parse_rsa_private_key(hx509_context context, const char *fn, const EVP_CIPHER *cipher; const struct _hx509_password *pw; hx509_lock lock; - int i, decrypted = 0; + int decrypted = 0; + size_t i; lock = _hx509_collector_get_lock(c); if (lock == NULL) { @@ -159,7 +190,7 @@ parse_rsa_private_key(hx509_context context, const char *fn, if (strcmp(enc, "4,ENCRYPTED") != 0) { hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, - "RSA key encrypted in unknown method %s " + "Private key encrypted in unknown method %s " "in file", enc, fn); hx509_clear_error_string(context); @@ -169,7 +200,7 @@ parse_rsa_private_key(hx509_context context, const char *fn, dek = hx509_pem_find_header(headers, "DEK-Info"); if (dek == NULL) { hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, - "Encrypted RSA missing DEK-Info"); + "Encrypted private key missing DEK-Info"); return HX509_PARSING_KEY_FAILED; } @@ -201,7 +232,7 @@ parse_rsa_private_key(hx509_context context, const char *fn, if (cipher == NULL) { free(ivdata); hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, - "RSA key encrypted with " + "Private key encrypted with " "unsupported cipher: %s", type); free(type); @@ -218,10 +249,11 @@ parse_rsa_private_key(hx509_context context, const char *fn, if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) { free(ivdata); hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, - "Salt have wrong length in RSA key file"); + "Salt have wrong length in " + "private key file"); return HX509_PARSING_KEY_FAILED; } - + pw = _hx509_lock_get_passwords(lock); if (pw != NULL) { const void *password; @@ -230,10 +262,9 @@ parse_rsa_private_key(hx509_context context, const char *fn, for (i = 0; i < pw->len; i++) { password = pw->val[i]; passwordlen = strlen(password); - - ret = try_decrypt(context, c, hx509_signature_rsa(), - cipher, ivdata, password, passwordlen, - data, len); + + ret = try_decrypt(context, c, ai, cipher, ivdata, + password, passwordlen, data, len); if (ret == 0) { decrypted = 1; break; @@ -253,9 +284,8 @@ parse_rsa_private_key(hx509_context context, const char *fn, ret = hx509_lock_prompt(lock, &prompt); if (ret == 0) - ret = try_decrypt(context, c, hx509_signature_rsa(), - cipher, ivdata, password, strlen(password), - data, len); + ret = try_decrypt(context, c, ai, cipher, ivdata, password, + strlen(password), data, len); /* XXX add password to lock password collection ? */ memset(password, 0, sizeof(password)); } @@ -267,12 +297,8 @@ parse_rsa_private_key(hx509_context context, const char *fn, keydata.data = rk_UNCONST(data); keydata.length = len; - ret = _hx509_collector_private_key_add(context, - c, - hx509_signature_rsa(), - NULL, - &keydata, - NULL); + ret = _hx509_collector_private_key_add(context, c, ai, NULL, + &keydata, NULL); } return ret; @@ -281,11 +307,15 @@ parse_rsa_private_key(hx509_context context, const char *fn, struct pem_formats { const char *name; - int (*func)(hx509_context, const char *, struct hx509_collector *, - const hx509_pem_header *, const void *, size_t); + int (*func)(hx509_context, const char *, struct hx509_collector *, + const hx509_pem_header *, const void *, size_t, + const AlgorithmIdentifier *); + const AlgorithmIdentifier *(*ai)(void); } formats[] = { - { "CERTIFICATE", parse_certificate }, - { "RSA PRIVATE KEY", parse_rsa_private_key } + { "CERTIFICATE", parse_certificate, NULL }, + { "PRIVATE KEY", parse_pkcs8_private_key, NULL }, + { "RSA PRIVATE KEY", parse_pem_private_key, hx509_signature_rsa }, + { "EC PRIVATE KEY", parse_pem_private_key, hx509_signature_ecPublicKey } }; @@ -300,14 +330,24 @@ pem_func(hx509_context context, const char *type, const void *data, size_t len, void *ctx) { struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx; - int ret = 0, j; + int ret = 0; + size_t j; for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { const char *q = formats[j].name; if (strcasecmp(type, q) == 0) { - ret = (*formats[j].func)(context, NULL, pem_ctx->c, header, data, len); - if (ret == 0) - break; + const AlgorithmIdentifier *ai = NULL; + if (formats[j].ai != NULL) + ai = (*formats[j].ai)(); + + ret = (*formats[j].func)(context, NULL, pem_ctx->c, + header, data, len, ai); + if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL)) { + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "Failed parseing PEM format %s", type); + return ret; + } + break; } } if (j == sizeof(formats)/sizeof(formats[0])) { @@ -316,8 +356,6 @@ pem_func(hx509_context context, const char *type, "Found no matching PEM format for %s", type); return ret; } - if (ret && (pem_ctx->flags & HX509_CERTS_UNPROTECT_ALL)) - return ret; return 0; } @@ -327,11 +365,11 @@ pem_func(hx509_context context, const char *type, static int file_init_common(hx509_context context, - hx509_certs certs, void **data, int flags, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock, outformat format) { char *p, *pnext; - struct ks_file *f = NULL; + struct ks_file *ksf = NULL; hx509_private_key *keys = NULL; int ret; struct pem_ctx pem_ctx; @@ -344,31 +382,31 @@ file_init_common(hx509_context context, if (lock == NULL) lock = _hx509_empty_lock; - f = calloc(1, sizeof(*f)); - if (f == NULL) { + ksf = calloc(1, sizeof(*ksf)); + if (ksf == NULL) { hx509_clear_error_string(context); return ENOMEM; } - f->format = format; + ksf->format = format; - f->fn = strdup(residue); - if (f->fn == NULL) { + ksf->fn = strdup(residue); + if (ksf->fn == NULL) { hx509_clear_error_string(context); ret = ENOMEM; goto out; } - /* + /* * XXX this is broken, the function should parse the file before * overwriting it */ if (flags & HX509_CERTS_CREATE) { - ret = hx509_certs_init(context, "MEMORY:ks-file-create", - 0, lock, &f->certs); + ret = hx509_certs_init(context, "MEMORY:ks-file-create", + 0, lock, &ksf->certs); if (ret) goto out; - *data = f; + *data = ksf; return 0; } @@ -376,49 +414,56 @@ file_init_common(hx509_context context, if (ret) goto out; - for (p = f->fn; p != NULL; p = pnext) { + for (p = ksf->fn; p != NULL; p = pnext) { FILE *f; pnext = strchr(p, ','); if (pnext) *pnext++ = '\0'; - + if ((f = fopen(p, "r")) == NULL) { ret = ENOENT; - hx509_set_error_string(context, 0, ret, - "Failed to open PEM file \"%s\": %s", + hx509_set_error_string(context, 0, ret, + "Failed to open PEM file \"%s\": %s", p, strerror(errno)); goto out; } + rk_cloexec_file(f); ret = hx509_pem_read(context, f, pem_func, &pem_ctx); - fclose(f); + fclose(f); if (ret != 0 && ret != HX509_PARSING_KEY_FAILED) goto out; else if (ret == HX509_PARSING_KEY_FAILED) { size_t length; void *ptr; - int i; + size_t i; - ret = _hx509_map_file(p, &ptr, &length, NULL); + ret = rk_undumpdata(p, &ptr, &length); if (ret) { hx509_clear_error_string(context); goto out; } for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) { - ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length); + const AlgorithmIdentifier *ai = NULL; + if (formats[i].ai != NULL) + ai = (*formats[i].ai)(); + + ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length, ai); if (ret == 0) break; } - _hx509_unmap_file(ptr, length); - if (ret) + rk_xfree(ptr); + if (ret) { + hx509_clear_error_string(context); goto out; + } } } - ret = _hx509_collector_collect_certs(context, pem_ctx.c, &f->certs); + ret = _hx509_collector_collect_certs(context, pem_ctx.c, &ksf->certs); if (ret) goto out; @@ -427,17 +472,17 @@ file_init_common(hx509_context context, int i; for (i = 0; keys[i]; i++) - _hx509_certs_keys_add(context, f->certs, keys[i]); + _hx509_certs_keys_add(context, ksf->certs, keys[i]); _hx509_certs_keys_free(context, keys); } out: if (ret == 0) - *data = f; + *data = ksf; else { - if (f->fn) - free(f->fn); - free(f); + if (ksf->fn) + free(ksf->fn); + free(ksf); } if (pem_ctx.c) _hx509_collector_free(pem_ctx.c); @@ -447,7 +492,7 @@ out: static int file_init_pem(hx509_context context, - hx509_certs certs, void **data, int flags, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { return file_init_common(context, certs, data, flags, residue, lock, USE_PEM); @@ -455,7 +500,7 @@ file_init_pem(hx509_context context, static int file_init_der(hx509_context context, - hx509_certs certs, void **data, int flags, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { return file_init_common(context, certs, data, flags, residue, lock, USE_DER); @@ -464,10 +509,10 @@ file_init_der(hx509_context context, static int file_free(hx509_certs certs, void *data) { - struct ks_file *f = data; - hx509_certs_free(&f->certs); - free(f->fn); - free(f); + struct ks_file *ksf = data; + hx509_certs_free(&ksf->certs); + free(ksf->fn); + free(ksf); return 0; } @@ -486,19 +531,20 @@ store_func(hx509_context context, void *ctx, hx509_cert c) ret = hx509_cert_binary(context, c, &data); if (ret) return ret; - + switch (sc->format) { case USE_DER: fwrite(data.data, data.length, 1, sc->f); free(data.data); break; case USE_PEM: - hx509_pem_write(context, "CERTIFICATE", NULL, sc->f, + hx509_pem_write(context, "CERTIFICATE", NULL, sc->f, data.data, data.length); free(data.data); if (_hx509_cert_private_key_exportable(c)) { hx509_private_key key = _hx509_cert_private_key(c); - ret = _hx509_private_key_export(context, key, &data); + ret = _hx509_private_key_export(context, key, + HX509_KEY_FORMAT_DER, &data); if (ret) break; hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f, @@ -512,47 +558,48 @@ store_func(hx509_context context, void *ctx, hx509_cert c) } static int -file_store(hx509_context context, +file_store(hx509_context context, hx509_certs certs, void *data, int flags, hx509_lock lock) { - struct ks_file *f = data; + struct ks_file *ksf = data; struct store_ctx sc; int ret; - sc.f = fopen(f->fn, "w"); + sc.f = fopen(ksf->fn, "w"); if (sc.f == NULL) { hx509_set_error_string(context, 0, ENOENT, "Failed to open file %s for writing"); return ENOENT; } - sc.format = f->format; + rk_cloexec_file(sc.f); + sc.format = ksf->format; - ret = hx509_certs_iter(context, f->certs, store_func, &sc); + ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc); fclose(sc.f); return ret; } -static int +static int file_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) { - struct ks_file *f = data; - return hx509_certs_add(context, f->certs, c); + struct ks_file *ksf = data; + return hx509_certs_add(context, ksf->certs, c); } -static int +static int file_iter_start(hx509_context context, hx509_certs certs, void *data, void **cursor) { - struct ks_file *f = data; - return hx509_certs_start_seq(context, f->certs, cursor); + struct ks_file *ksf = data; + return hx509_certs_start_seq(context, ksf->certs, cursor); } static int file_iter(hx509_context context, hx509_certs certs, void *data, void *iter, hx509_cert *cert) { - struct ks_file *f = data; - return hx509_certs_next_cert(context, f->certs, iter, cert); + struct ks_file *ksf = data; + return hx509_certs_next_cert(context, ksf->certs, iter, cert); } static int @@ -561,8 +608,8 @@ file_iter_end(hx509_context context, void *data, void *cursor) { - struct ks_file *f = data; - return hx509_certs_end_seq(context, f->certs, cursor); + struct ks_file *ksf = data; + return hx509_certs_end_seq(context, ksf->certs, cursor); } static int @@ -571,8 +618,8 @@ file_getkeys(hx509_context context, void *data, hx509_private_key **keys) { - struct ks_file *f = data; - return _hx509_certs_keys_get(context, f->certs, keys); + struct ks_file *ksf = data; + return _hx509_certs_keys_get(context, ksf->certs, keys); } static int @@ -581,8 +628,8 @@ file_addkey(hx509_context context, void *data, hx509_private_key key) { - struct ks_file *f = data; - return _hx509_certs_keys_add(context, f->certs, key); + struct ks_file *ksf = data; + return _hx509_certs_keys_add(context, ksf->certs, key); } static struct hx509_keyset_ops keyset_file = { diff --git a/crypto/heimdal/lib/hx509/ks_keychain.c b/crypto/heimdal/lib/hx509/ks_keychain.c index f8181975d9d..0552d8f7e97 100644 --- a/crypto/heimdal/lib/hx509/ks_keychain.c +++ b/crypto/heimdal/lib/hx509/ks_keychain.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: ks_keychain.c 22084 2007-11-16 20:12:30Z lha $"); #ifdef HAVE_FRAMEWORK_SECURITY @@ -44,13 +43,14 @@ OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *); OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG, int, const CSSM_ACCESS_CREDENTIALS **); #define kSecCredentialTypeDefault 0 +#define CSSM_SIZE uint32_t #endif static int getAttribute(SecKeychainItemRef itemRef, SecItemAttr item, SecKeychainAttributeList **attrs) -{ +{ SecKeychainAttributeInfo attrInfo; UInt32 attrFormat = 0; OSStatus ret; @@ -60,7 +60,7 @@ getAttribute(SecKeychainItemRef itemRef, SecItemAttr item, attrInfo.count = 1; attrInfo.tag = &item; attrInfo.format = &attrFormat; - + ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL, attrs, NULL, NULL); if (ret) @@ -101,7 +101,7 @@ kc_rsa_public_decrypt(int flen, static int -kc_rsa_private_encrypt(int flen, +kc_rsa_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, @@ -119,6 +119,8 @@ kc_rsa_private_encrypt(int flen, CSSM_DATA sig, in; int fret = 0; + if (padding != RSA_PKCS1_PADDING) + return -1; cret = SecKeyGetCSSMKey(privKeyRef, &cssmKey); if(cret) abort(); @@ -136,10 +138,10 @@ kc_rsa_private_encrypt(int flen, in.Data = (uint8 *)from; in.Length = flen; - + sig.Data = (uint8 *)to; sig.Length = kc->keysize; - + cret = CSSM_SignData(sigHandle, &in, 1, CSSM_ALGID_NONE, &sig); if(cret) { /* cssmErrorString(cret); */ @@ -157,10 +159,65 @@ static int kc_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA * rsa, int padding) { - return -1; + struct kc_rsa *kc = RSA_get_app_data(rsa); + + CSSM_RETURN cret; + OSStatus ret; + const CSSM_ACCESS_CREDENTIALS *creds; + SecKeyRef privKeyRef = (SecKeyRef)kc->item; + CSSM_CSP_HANDLE cspHandle; + const CSSM_KEY *cssmKey; + CSSM_CC_HANDLE handle = 0; + CSSM_DATA out, in, rem; + int fret = 0; + CSSM_SIZE outlen = 0; + char remdata[1024]; + + if (padding != RSA_PKCS1_PADDING) + return -1; + + cret = SecKeyGetCSSMKey(privKeyRef, &cssmKey); + if(cret) abort(); + + cret = SecKeyGetCSPHandle(privKeyRef, &cspHandle); + if(cret) abort(); + + ret = SecKeyGetCredentials(privKeyRef, CSSM_ACL_AUTHORIZATION_DECRYPT, + kSecCredentialTypeDefault, &creds); + if(ret) abort(); + + + ret = CSSM_CSP_CreateAsymmetricContext (cspHandle, + CSSM_ALGID_RSA, + creds, + cssmKey, + CSSM_PADDING_PKCS1, + &handle); + if(ret) abort(); + + in.Data = (uint8 *)from; + in.Length = flen; + + out.Data = (uint8 *)to; + out.Length = kc->keysize; + + rem.Data = (uint8 *)remdata; + rem.Length = sizeof(remdata); + + cret = CSSM_DecryptData(handle, &in, 1, &out, 1, &outlen, &rem); + if(cret) { + /* cssmErrorString(cret); */ + fret = -1; + } else + fret = out.Length; + + if(handle) + CSSM_DeleteContext(handle); + + return fret; } -static int +static int kc_rsa_init(RSA *rsa) { return 1; @@ -202,7 +259,7 @@ set_private_key(hx509_context context, RSA *rsa; int ret; - ret = _hx509_private_key_init(&key, NULL, NULL); + ret = hx509_private_key_init(&key, NULL, NULL); if (ret) return ret; @@ -245,7 +302,7 @@ set_private_key(hx509_context context, if (ret != 1) _hx509_abort("RSA_set_app_data"); - _hx509_private_key_assign_rsa(key, rsa); + hx509_private_key_assign_rsa(key, rsa); _hx509_cert_assign_key(cert, key); return 0; @@ -281,12 +338,12 @@ keychain_init(hx509_context context, ret = SecKeychainOpen(residue + 5, &ctx->keychain); if (ret != noErr) { - hx509_set_error_string(context, 0, ENOENT, + hx509_set_error_string(context, 0, ENOENT, "Failed to open %s", residue); return ENOENT; } } else { - hx509_set_error_string(context, 0, ENOENT, + hx509_set_error_string(context, 0, ENOENT, "Unknown subtype %s", residue); return ENOENT; } @@ -321,7 +378,7 @@ struct iter { SecKeychainSearchRef searchRef; }; -static int +static int keychain_iter_start(hx509_context context, hx509_certs certs, void *data, void **cursor) { @@ -339,7 +396,7 @@ keychain_iter_start(hx509_context context, int ret; int i; - ret = hx509_certs_init(context, "MEMORY:ks-file-create", + ret = hx509_certs_init(context, "MEMORY:ks-file-create", 0, NULL, &iter->certs); if (ret) { free(iter); @@ -350,12 +407,12 @@ keychain_iter_start(hx509_context context, if (ret != 0) { hx509_certs_free(&iter->certs); free(iter); - hx509_set_error_string(context, 0, ENOMEM, + hx509_set_error_string(context, 0, ENOMEM, "Can't get trust anchors from Keychain"); return ENOMEM; } for (i = 0; i < CFArrayGetCount(anchors); i++) { - SecCertificateRef cr; + SecCertificateRef cr; hx509_cert cert; CSSM_DATA cssm; @@ -390,7 +447,7 @@ keychain_iter_start(hx509_context context, &iter->searchRef); if (ret) { free(iter); - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "Failed to start search for attributes"); return ENOMEM; } @@ -428,7 +485,7 @@ keychain_iter(hx509_context context, return 0; else if (ret != 0) return EINVAL; - + /* * Pick out certificate and matching "keyid" */ @@ -438,7 +495,7 @@ keychain_iter(hx509_context context, attrInfo.count = 1; attrInfo.tag = item; attrInfo.format = attrFormat; - + ret = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, NULL, &attrs, &len, &ptr); if (ret) @@ -448,7 +505,7 @@ keychain_iter(hx509_context context, if (ret) goto out; - /* + /* * Find related private key if there is one by looking at * kSecPublicKeyHashItemAttr == kSecKeyLabel */ @@ -460,7 +517,7 @@ keychain_iter(hx509_context context, attrKeyid.tag = kSecKeyLabel; attrKeyid.length = attrs->attr[0].length; attrKeyid.data = attrs->attr[0].data; - + attrList.count = 1; attrList.attr = &attrKeyid; @@ -504,8 +561,7 @@ keychain_iter_end(hx509_context context, struct iter *iter = cursor; if (iter->certs) { - int ret; - ret = hx509_certs_end_seq(context, iter->certs, iter->cursor); + hx509_certs_end_seq(context, iter->certs, iter->cursor); hx509_certs_free(&iter->certs); } else { CFRelease(iter->searchRef); diff --git a/crypto/heimdal/lib/hx509/ks_mem.c b/crypto/heimdal/lib/hx509/ks_mem.c index efa19eb19c5..684acb0adf3 100644 --- a/crypto/heimdal/lib/hx509/ks_mem.c +++ b/crypto/heimdal/lib/hx509/ks_mem.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("Id$"); /* * Should use two hash/tree certificates intead of a array. Criteria @@ -74,12 +73,12 @@ mem_free(hx509_certs certs, void *data) { struct mem_data *mem = data; unsigned long i; - + for (i = 0; i < mem->certs.len; i++) hx509_cert_free(mem->certs.val[i]); free(mem->certs.val); for (i = 0; mem->keys && mem->keys[i]; i++) - _hx509_private_key_free(&mem->keys[i]); + hx509_private_key_free(&mem->keys[i]); free(mem->keys); free(mem->name); free(mem); @@ -87,13 +86,13 @@ mem_free(hx509_certs certs, void *data) return 0; } -static int +static int mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) { struct mem_data *mem = data; hx509_cert *val; - val = realloc(mem->certs.val, + val = realloc(mem->certs.val, (mem->certs.len + 1) * sizeof(mem->certs.val[0])); if (val == NULL) return ENOMEM; @@ -105,7 +104,7 @@ mem_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) return 0; } -static int +static int mem_iter_start(hx509_context context, hx509_certs certs, void *data, @@ -125,7 +124,7 @@ mem_iter_start(hx509_context context, static int mem_iter(hx509_context contexst, hx509_certs certs, - void *data, + void *data, void *cursor, hx509_cert *cert) { @@ -168,11 +167,11 @@ mem_getkeys(hx509_context context, (*keys)[i] = _hx509_private_key_ref(mem->keys[i]); if ((*keys)[i] == NULL) { while (--i >= 0) - _hx509_private_key_free(&(*keys)[i]); + hx509_private_key_free(&(*keys)[i]); hx509_set_error_string(context, 0, ENOMEM, "out of memory"); return ENOMEM; } - } + } (*keys)[i] = NULL; return 0; } @@ -195,8 +194,8 @@ mem_addkey(hx509_context context, return ENOMEM; } mem->keys = ptr; - mem->keys[i++] = _hx509_private_key_ref(key); - mem->keys[i++] = NULL; + mem->keys[i] = _hx509_private_key_ref(key); + mem->keys[i + 1] = NULL; return 0; } diff --git a/crypto/heimdal/lib/hx509/ks_null.c b/crypto/heimdal/lib/hx509/ks_null.c index 3be259fc605..136d2d43459 100644 --- a/crypto/heimdal/lib/hx509/ks_null.c +++ b/crypto/heimdal/lib/hx509/ks_null.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: ks_null.c 20901 2007-06-04 23:14:08Z lha $"); static int @@ -51,7 +50,7 @@ null_free(hx509_certs certs, void *data) return 0; } -static int +static int null_iter_start(hx509_context context, hx509_certs certs, void *data, void **cursor) { diff --git a/crypto/heimdal/lib/hx509/ks_p11.c b/crypto/heimdal/lib/hx509/ks_p11.c index 0d7c312c724..120bf43ef43 100644 --- a/crypto/heimdal/lib/hx509/ks_p11.c +++ b/crypto/heimdal/lib/hx509/ks_p11.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 22071 2007-11-14 20:04:50Z lha $"); #ifdef HAVE_DLFCN_H #include #endif @@ -65,7 +64,7 @@ struct p11_module { void *dl_handle; CK_FUNCTION_LIST_PTR funcs; CK_ULONG num_slots; - unsigned int refcount; + unsigned int ref; struct p11_slot *slot; }; @@ -83,7 +82,7 @@ static void p11_release_module(struct p11_module *); static int p11_list_keys(hx509_context, struct p11_module *, - struct p11_slot *, + struct p11_slot *, CK_SESSION_HANDLE, hx509_lock, hx509_certs *); @@ -121,7 +120,7 @@ p11_rsa_public_decrypt(int flen, static int -p11_rsa_private_encrypt(int flen, +p11_rsa_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, @@ -152,8 +151,8 @@ p11_rsa_private_encrypt(int flen, return -1; } - ret = P11FUNC(p11rsa->p, Sign, - (session, (CK_BYTE *)from, flen, to, &ck_sigsize)); + ret = P11FUNC(p11rsa->p, Sign, + (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize)); p11_put_session(p11rsa->p, p11rsa->slot, session); if (ret != CKR_OK) return -1; @@ -190,8 +189,8 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, return -1; } - ret = P11FUNC(p11rsa->p, Decrypt, - (session, (CK_BYTE *)from, flen, to, &ck_sigsize)); + ret = P11FUNC(p11rsa->p, Decrypt, + (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize)); p11_put_session(p11rsa->p, p11rsa->slot, session); if (ret != CKR_OK) return -1; @@ -199,7 +198,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, return ck_sigsize; } -static int +static int p11_rsa_init(RSA *rsa) { return 1; @@ -299,7 +298,7 @@ p11_mech_info(hx509_context context, } static int -p11_init_slot(hx509_context context, +p11_init_slot(hx509_context context, struct p11_module *p, hx509_lock lock, CK_SLOT_ID id, @@ -309,7 +308,8 @@ p11_init_slot(hx509_context context, CK_SESSION_HANDLE session; CK_SLOT_INFO slot_info; CK_TOKEN_INFO token_info; - int ret, i; + size_t i; + int ret; slot->certs = NULL; slot->id = id; @@ -331,7 +331,7 @@ p11_init_slot(hx509_context context, } asprintf(&slot->name, "%.*s", - i, slot_info.slotDescription); + (int)i, slot_info.slotDescription); if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0) return 0; @@ -375,14 +375,14 @@ p11_get_session(hx509_context context, if (slot->flags & P11_SESSION_IN_USE) _hx509_abort("slot already in session"); - + if (slot->flags & P11_SESSION) { slot->flags |= P11_SESSION_IN_USE; *psession = slot->session; return 0; } - ret = P11FUNC(p, OpenSession, (slot->id, + ret = P11FUNC(p, OpenSession, (slot->id, CKF_SERIAL_SESSION, NULL, NULL, @@ -395,10 +395,10 @@ p11_get_session(hx509_context context, (int)slot->id, ret); return HX509_PKCS11_OPEN_SESSION; } - + slot->flags |= P11_SESSION; - - /* + + /* * If we have have to login, and haven't tried before and have a * prompter or known to work pin code. * @@ -418,8 +418,6 @@ p11_get_session(hx509_context context, char pin[20]; char *str; - slot->flags |= P11_LOGIN_DONE; - if (slot->pin == NULL) { memset(&prompt, 0, sizeof(prompt)); @@ -429,7 +427,7 @@ p11_get_session(hx509_context context, prompt.type = HX509_PROMPT_TYPE_PASSWORD; prompt.reply.data = pin; prompt.reply.length = sizeof(pin); - + ret = hx509_lock_prompt(lock, &prompt); if (ret) { free(str); @@ -453,16 +451,16 @@ p11_get_session(hx509_context context, "Failed to login on slot id %d " "with error: 0x%08x", (int)slot->id, ret); - p11_put_session(p, slot, slot->session); return HX509_PKCS11_LOGIN; - } + } else + slot->flags |= P11_LOGIN_DONE; + if (slot->pin == NULL) { slot->pin = strdup(pin); if (slot->pin == NULL) { if (context) hx509_set_error_string(context, 0, ENOMEM, "out of memory"); - p11_put_session(p, slot, slot->session); return ENOMEM; } } @@ -478,7 +476,7 @@ p11_get_session(hx509_context context, static int p11_put_session(struct p11_module *p, - struct p11_slot *slot, + struct p11_slot *slot, CK_SESSION_HANDLE session) { if ((slot->flags & P11_SESSION_IN_USE) == 0) @@ -502,7 +500,7 @@ iterate_entries(hx509_context context, { CK_OBJECT_HANDLE object; CK_ULONG object_count; - int ret, i; + int ret, ret2, i; ret = P11FUNC(p, FindObjectsInit, (session, search_data, num_search_data)); if (ret != CKR_OK) { @@ -515,11 +513,11 @@ iterate_entries(hx509_context context, } if (object_count == 0) break; - + for (i = 0; i < num_query; i++) query[i].pValue = NULL; - ret = P11FUNC(p, GetAttributeValue, + ret = P11FUNC(p, GetAttributeValue, (session, object, query, num_query)); if (ret != CKR_OK) { return -1; @@ -537,7 +535,7 @@ iterate_entries(hx509_context context, ret = -1; goto out; } - + ret = (*func)(context, p, slot, session, object, ptr, query, num_query); if (ret) goto out; @@ -556,20 +554,19 @@ iterate_entries(hx509_context context, query[i].pValue = NULL; } - ret = P11FUNC(p, FindObjectsFinal, (session)); - if (ret != CKR_OK) { - return -2; + ret2 = P11FUNC(p, FindObjectsFinal, (session)); + if (ret2 != CKR_OK) { + return ret2; } - - return 0; + return ret; } - + static BIGNUM * getattr_bn(struct p11_module *p, struct p11_slot *slot, CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, + CK_OBJECT_HANDLE object, unsigned int type) { CK_ATTRIBUTE query; @@ -580,14 +577,14 @@ getattr_bn(struct p11_module *p, query.pValue = NULL; query.ulValueLen = 0; - ret = P11FUNC(p, GetAttributeValue, + ret = P11FUNC(p, GetAttributeValue, (session, object, &query, 1)); if (ret != CKR_OK) return NULL; query.pValue = malloc(query.ulValueLen); - ret = P11FUNC(p, GetAttributeValue, + ret = P11FUNC(p, GetAttributeValue, (session, object, &query, 1)); if (ret != CKR_OK) { free(query.pValue); @@ -616,7 +613,7 @@ collect_private_key(hx509_context context, localKeyId.data = query[0].pValue; localKeyId.length = query[0].ulValueLen; - ret = _hx509_private_key_init(&key, NULL, NULL); + ret = hx509_private_key_init(&key, NULL, NULL); if (ret) return ret; @@ -624,7 +621,7 @@ collect_private_key(hx509_context context, if (rsa == NULL) _hx509_abort("out of memory"); - /* + /* * The exponent and modulus should always be present according to * the pkcs11 specification, but some smartcards leaves it out, * let ignore any failure to fetch it. @@ -639,17 +636,19 @@ collect_private_key(hx509_context context, p11rsa->p = p; p11rsa->slot = slot; p11rsa->private_key = object; - - p->refcount++; - if (p->refcount == 0) - _hx509_abort("pkcs11 refcount to high"); + + if (p->ref == 0) + _hx509_abort("pkcs11 ref == 0 on alloc"); + p->ref++; + if (p->ref == UINT_MAX) + _hx509_abort("pkcs11 ref == UINT_MAX on alloc"); RSA_set_method(rsa, &p11_rsa_pkcs1_method); ret = RSA_set_app_data(rsa, p11rsa); if (ret != 1) _hx509_abort("RSA_set_app_data"); - _hx509_private_key_assign_rsa(key, rsa); + hx509_private_key_assign_rsa(key, rsa); ret = _hx509_collector_private_key_add(context, collector, @@ -659,7 +658,7 @@ collect_private_key(hx509_context context, &localKeyId); if (ret) { - _hx509_private_key_free(&key); + hx509_private_key_free(&key); return ret; } return 0; @@ -674,7 +673,7 @@ p11_cert_release(hx509_cert cert, void *ctx) static int -collect_cert(hx509_context context, +collect_cert(hx509_context context, struct p11_module *p, struct p11_slot *slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, @@ -685,31 +684,33 @@ collect_cert(hx509_context context, int ret; if ((CK_LONG)query[0].ulValueLen == -1 || - (CK_LONG)query[1].ulValueLen == -1) + (CK_LONG)query[1].ulValueLen == -1) { return 0; } - ret = hx509_cert_init_data(context, query[1].pValue, + ret = hx509_cert_init_data(context, query[1].pValue, query[1].ulValueLen, &cert); if (ret) return ret; - p->refcount++; - if (p->refcount == 0) - _hx509_abort("pkcs11 refcount to high"); + if (p->ref == 0) + _hx509_abort("pkcs11 ref == 0 on alloc"); + p->ref++; + if (p->ref == UINT_MAX) + _hx509_abort("pkcs11 ref to high"); _hx509_cert_set_release(cert, p11_cert_release, p); { heim_octet_string data; - + data.data = query[0].pValue; data.length = query[0].ulValueLen; - + _hx509_set_cert_attribute(context, cert, - oid_id_pkcs_9_at_localKeyId(), + &asn1_oid_id_pkcs_9_at_localKeyId, &data); } @@ -734,7 +735,7 @@ collect_cert(hx509_context context, static int p11_list_keys(hx509_context context, struct p11_module *p, - struct p11_slot *slot, + struct p11_slot *slot, CK_SESSION_HANDLE session, hx509_lock lock, hx509_certs *certs) @@ -788,7 +789,7 @@ out: static int p11_init(hx509_context context, - hx509_certs certs, void **data, int flags, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { CK_C_GetFunctionList getFuncs; @@ -808,7 +809,7 @@ p11_init(hx509_context context, return ENOMEM; } - p->refcount = 1; + p->ref = 1; str = strchr(list, ','); if (str) @@ -834,11 +835,11 @@ p11_init(hx509_context context, goto out; } - getFuncs = dlsym(p->dl_handle, "C_GetFunctionList"); + getFuncs = (CK_C_GetFunctionList) dlsym(p->dl_handle, "C_GetFunctionList"); if (getFuncs == NULL) { ret = HX509_PKCS11_LOAD; hx509_set_error_string(context, 0, ret, - "C_GetFunctionList missing in %s: %s", + "C_GetFunctionList missing in %s: %s", list, dlerror()); goto out; } @@ -877,7 +878,8 @@ p11_init(hx509_context context, { CK_SLOT_ID_PTR slot_ids; - int i, num_tokens = 0; + int num_tokens = 0; + size_t i; slot_ids = malloc(p->num_slots * sizeof(*slot_ids)); if (slot_ids == NULL) { @@ -904,7 +906,7 @@ p11_init(hx509_context context, ret = ENOMEM; goto out; } - + for (i = 0; i < p->num_slots; i++) { ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]); if (ret) @@ -924,7 +926,7 @@ p11_init(hx509_context context, *data = p; return 0; - out: + out: p11_release_module(p); return ret; } @@ -932,22 +934,18 @@ p11_init(hx509_context context, static void p11_release_module(struct p11_module *p) { - int i; + size_t i; - if (p->refcount == 0) - _hx509_abort("pkcs11 refcount to low"); - if (--p->refcount > 0) + if (p->ref == 0) + _hx509_abort("pkcs11 ref to low"); + if (--p->ref > 0) return; for (i = 0; i < p->num_slots; i++) { if (p->slot[i].flags & P11_SESSION_IN_USE) _hx509_abort("pkcs11 module release while session in use"); if (p->slot[i].flags & P11_SESSION) { - int ret; - - ret = P11FUNC(p, CloseSession, (p->slot[i].session)); - if (ret != CKR_OK) - ; + P11FUNC(p, CloseSession, (p->slot[i].session)); } if (p->slot[i].name) @@ -960,7 +958,7 @@ p11_release_module(struct p11_module *p) free(p->slot[i].mechs.list); if (p->slot[i].mechs.infos) { - int j; + size_t j; for (j = 0 ; j < p->slot[i].mechs.num ; j++) free(p->slot[i].mechs.infos[j]); @@ -984,7 +982,7 @@ static int p11_free(hx509_certs certs, void *data) { struct p11_module *p = data; - int i; + size_t i; for (i = 0; i < p->num_slots; i++) { if (p->slot[i].certs) @@ -999,13 +997,14 @@ struct p11_cursor { void *cursor; }; -static int +static int p11_iter_start(hx509_context context, hx509_certs certs, void *data, void **cursor) { struct p11_module *p = data; struct p11_cursor *c; - int ret, i; + int ret; + size_t i; c = malloc(sizeof(*c)); if (c == NULL) { @@ -1099,16 +1098,16 @@ static struct units mechflags[] = { #undef MECHFLAG static int -p11_printinfo(hx509_context context, - hx509_certs certs, +p11_printinfo(hx509_context context, + hx509_certs certs, void *data, int (*func)(void *, const char *), void *ctx) { struct p11_module *p = data; - int i, j; - - _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", + size_t i, j; + + _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", p->num_slots, p->num_slots > 1 ? "s" : ""); for (i = 0; i < p->num_slots; i++) { @@ -1117,7 +1116,7 @@ p11_printinfo(hx509_context context, _hx509_pi_printf(func, ctx, "slot %d: id: %d name: %s flags: %08x", i, (int)s->id, s->name, s->flags); - _hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu", + _hx509_pi_printf(func, ctx, "number of supported mechanisms: %lu", (unsigned long)s->mechs.num); for (j = 0; j < s->mechs.num; j++) { const char *mechname = "unknown"; @@ -1142,7 +1141,6 @@ p11_printinfo(hx509_context context, MECHNAME(CKM_SHA256, "sha256"); MECHNAME(CKM_SHA_1, "sha1"); MECHNAME(CKM_MD5, "md5"); - MECHNAME(CKM_MD2, "md2"); MECHNAME(CKM_RIPEMD160, "ripemd-160"); MECHNAME(CKM_DES_ECB, "des-ecb"); MECHNAME(CKM_DES_CBC, "des-cbc"); @@ -1151,13 +1149,13 @@ p11_printinfo(hx509_context context, MECHNAME(CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen"); default: snprintf(unknownname, sizeof(unknownname), - "unknown-mech-%lu", + "unknown-mech-%lu", (unsigned long)s->mechs.list[j]); mechname = unknownname; break; } #undef MECHNAME - unparse_flags(s->mechs.infos[j]->flags, mechflags, + unparse_flags(s->mechs.infos[j]->flags, mechflags, flags, sizeof(flags)); _hx509_pi_printf(func, ctx, " %s: %s", mechname, flags); diff --git a/crypto/heimdal/lib/hx509/ks_p12.c b/crypto/heimdal/lib/hx509/ks_p12.c index 12756e6c071..0ca13de1eb3 100644 --- a/crypto/heimdal/lib/hx509/ks_p12.c +++ b/crypto/heimdal/lib/hx509/ks_p12.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: ks_p12.c 21146 2007-06-18 21:37:25Z lha $"); struct ks_pkcs12 { hx509_certs certs; @@ -45,19 +44,19 @@ typedef int (*collector_func)(hx509_context, const PKCS12_Attributes *); struct type { - const heim_oid * (*oid)(void); + const heim_oid *oid; collector_func func; }; static void -parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, +parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, const void *, size_t, const PKCS12_Attributes *); static const PKCS12_Attribute * find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid) { - int i; + size_t i; if (attrs == NULL) return NULL; for (i = 0; i < attrs->len; i++) @@ -68,7 +67,7 @@ find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid) static int keyBag_parser(hx509_context context, - struct hx509_collector *c, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -77,14 +76,14 @@ keyBag_parser(hx509_context context, const heim_octet_string *os = NULL; int ret; - attr = find_attribute(attrs, oid_id_pkcs_9_at_localKeyId()); + attr = find_attribute(attrs, &asn1_oid_id_pkcs_9_at_localKeyId); if (attr) os = &attr->attrValues; ret = decode_PKCS8PrivateKeyInfo(data, length, &ki, NULL); if (ret) return ret; - + _hx509_collector_private_key_add(context, c, &ki.privateKeyAlgorithm, @@ -97,16 +96,16 @@ keyBag_parser(hx509_context context, static int ShroudedKeyBag_parser(hx509_context context, - struct hx509_collector *c, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { PKCS8EncryptedPrivateKeyInfo pk; heim_octet_string content; int ret; - + memset(&pk, 0, sizeof(pk)); - + ret = decode_PKCS8EncryptedPrivateKeyInfo(data, length, &pk, NULL); if (ret) return ret; @@ -127,7 +126,7 @@ ShroudedKeyBag_parser(hx509_context context, static int certBag_parser(hx509_context context, - struct hx509_collector *c, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -140,12 +139,12 @@ certBag_parser(hx509_context context, if (ret) return ret; - if (der_heim_oid_cmp(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType)) { + if (der_heim_oid_cmp(&asn1_oid_id_pkcs_9_at_certTypes_x509, &cb.certType)) { free_PKCS12_CertBag(&cb); return 0; } - ret = decode_PKCS12_OctetString(cb.certValue.data, + ret = decode_PKCS12_OctetString(cb.certValue.data, cb.certValue.length, &os, NULL); @@ -166,18 +165,18 @@ certBag_parser(hx509_context context, { const PKCS12_Attribute *attr; - const heim_oid * (*oids[])(void) = { - oid_id_pkcs_9_at_localKeyId, oid_id_pkcs_9_at_friendlyName + const heim_oid *oids[] = { + &asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName }; - int i; + size_t i; - for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) { - const heim_oid *oid = (*(oids[i]))(); + for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) { + const heim_oid *oid = oids[i]; attr = find_attribute(attrs, oid); if (attr) _hx509_set_cert_attribute(context, cert, oid, &attr->attrValues); - } + } } hx509_cert_free(cert); @@ -187,11 +186,12 @@ certBag_parser(hx509_context context, static int parse_safe_content(hx509_context context, - struct hx509_collector *c, + struct hx509_collector *c, const unsigned char *p, size_t len) { PKCS12_SafeContents sc; - int ret, i; + int ret; + size_t i; memset(&sc, 0, sizeof(sc)); @@ -213,7 +213,7 @@ parse_safe_content(hx509_context context, static int safeContent_parser(hx509_context context, - struct hx509_collector *c, + struct hx509_collector *c, const void *data, size_t length, const PKCS12_Attributes *attrs) { @@ -237,7 +237,7 @@ encryptedData_parser(hx509_context context, heim_octet_string content; heim_oid contentType; int ret; - + memset(&contentType, 0, sizeof(contentType)); ret = hx509_cms_decrypt_encrypted(context, @@ -248,7 +248,7 @@ encryptedData_parser(hx509_context context, if (ret) return ret; - if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) + if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkcs7_data) == 0) ret = parse_safe_content(context, c, content.data, content.length); der_free_octet_string(&content); @@ -266,7 +266,7 @@ envelopedData_parser(hx509_context context, heim_oid contentType; hx509_lock lock; int ret; - + memset(&contentType, 0, sizeof(contentType)); lock = _hx509_collector_get_lock(c); @@ -276,15 +276,16 @@ envelopedData_parser(hx509_context context, 0, data, length, NULL, + 0, &contentType, &content); if (ret) { - hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, "PKCS12 failed to unenvelope"); return ret; } - if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) == 0) + if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkcs7_data) == 0) ret = parse_safe_content(context, c, content.data, content.length); der_free_octet_string(&content); @@ -295,31 +296,31 @@ envelopedData_parser(hx509_context context, struct type bagtypes[] = { - { oid_id_pkcs12_keyBag, keyBag_parser }, - { oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser }, - { oid_id_pkcs12_certBag, certBag_parser }, - { oid_id_pkcs7_data, safeContent_parser }, - { oid_id_pkcs7_encryptedData, encryptedData_parser }, - { oid_id_pkcs7_envelopedData, envelopedData_parser } + { &asn1_oid_id_pkcs12_keyBag, keyBag_parser }, + { &asn1_oid_id_pkcs12_pkcs8ShroudedKeyBag, ShroudedKeyBag_parser }, + { &asn1_oid_id_pkcs12_certBag, certBag_parser }, + { &asn1_oid_id_pkcs7_data, safeContent_parser }, + { &asn1_oid_id_pkcs7_encryptedData, encryptedData_parser }, + { &asn1_oid_id_pkcs7_envelopedData, envelopedData_parser } }; static void parse_pkcs12_type(hx509_context context, struct hx509_collector *c, - const heim_oid *oid, + const heim_oid *oid, const void *data, size_t length, const PKCS12_Attributes *attrs) { - int i; + size_t i; for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) - if (der_heim_oid_cmp((*bagtypes[i].oid)(), oid) == 0) + if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0) (*bagtypes[i].func)(context, c, data, length, attrs); } static int p12_init(hx509_context context, - hx509_certs certs, void **data, int flags, + hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { struct ks_pkcs12 *p12; @@ -327,7 +328,8 @@ p12_init(hx509_context context, void *buf; PKCS12_PFX pfx; PKCS12_AuthenticatedSafe as; - int ret, i; + int ret; + size_t i; struct hx509_collector *c; *data = NULL; @@ -361,21 +363,21 @@ p12_init(hx509_context context, goto out; } - ret = _hx509_map_file(residue, &buf, &len, NULL); + ret = rk_undumpdata(residue, &buf, &len); if (ret) { hx509_clear_error_string(context); goto out; } ret = decode_PKCS12_PFX(buf, len, &pfx, NULL); - _hx509_unmap_file(buf, len); + rk_xfree(buf); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to decode the PFX in %s", residue); goto out; } - if (der_heim_oid_cmp(&pfx.authSafe.contentType, oid_id_pkcs7_data()) != 0) { + if (der_heim_oid_cmp(&pfx.authSafe.contentType, &asn1_oid_id_pkcs7_data) != 0) { free_PKCS12_PFX(&pfx); ret = EINVAL; hx509_set_error_string(context, 0, ret, @@ -403,7 +405,7 @@ p12_init(hx509_context context, hx509_clear_error_string(context); goto out; } - ret = decode_PKCS12_AuthenticatedSafe(asdata.data, + ret = decode_PKCS12_AuthenticatedSafe(asdata.data, asdata.length, &as, NULL); @@ -464,7 +466,7 @@ addBag(hx509_context context, hx509_set_error_string(context, 0, ret, "out of memory"); return ret; } - + as->val[as->len].content = calloc(1, sizeof(*as->val[0].content)); if (as->val[as->len].content == NULL) { der_free_oid(&as->val[as->len].contentType); @@ -505,7 +507,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c) free(os.data); if (ret) goto out; - ret = der_copy_oid(oid_id_pkcs_9_at_certTypes_x509(), &cb.certType); + ret = der_copy_oid(&asn1_oid_id_pkcs_9_at_certTypes_x509, &cb.certType); if (ret) { free_PKCS12_CertBag(&cb); goto out; @@ -516,7 +518,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c) if (ret) goto out; - ret = addBag(context, as, oid_id_pkcs12_certBag(), os.data, os.length); + ret = addBag(context, as, &asn1_oid_id_pkcs12_certBag, os.data, os.length); if (_hx509_cert_private_key_exportable(c)) { hx509_private_key key = _hx509_cert_private_key(c); @@ -527,7 +529,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c) ret = der_parse_hex_heim_integer("00", &pki.version); if (ret) return ret; - ret = _hx509_private_key_oid(context, key, + ret = _hx509_private_key_oid(context, key, &pki.privateKeyAlgorithm.algorithm); if (ret) { free_PKCS8PrivateKeyInfo(&pki); @@ -535,12 +537,13 @@ store_func(hx509_context context, void *ctx, hx509_cert c) } ret = _hx509_private_key_export(context, _hx509_cert_private_key(c), + HX509_KEY_FORMAT_DER, &pki.privateKey); if (ret) { free_PKCS8PrivateKeyInfo(&pki); return ret; } - /* set attribute, oid_id_pkcs_9_at_localKeyId() */ + /* set attribute, asn1_oid_id_pkcs_9_at_localKeyId */ ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length, &pki, &size, ret); @@ -548,7 +551,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c) if (ret) return ret; - ret = addBag(context, as, oid_id_pkcs12_keyBag(), os.data, os.length); + ret = addBag(context, as, &asn1_oid_id_pkcs12_keyBag, os.data, os.length); if (ret) return ret; } @@ -558,7 +561,7 @@ out: } static int -p12_store(hx509_context context, +p12_store(hx509_context context, hx509_certs certs, void *data, int flags, hx509_lock lock) { struct ks_pkcs12 *p12 = data; @@ -571,7 +574,7 @@ p12_store(hx509_context context, memset(&as, 0, sizeof(as)); memset(&pfx, 0, sizeof(pfx)); - ret = hx509_certs_iter(context, p12->certs, store_func, &as); + ret = hx509_certs_iter_f(context, p12->certs, store_func, &as); if (ret) goto out; @@ -580,7 +583,7 @@ p12_store(hx509_context context, free_PKCS12_AuthenticatedSafe(&as); if (ret) return ret; - + ret = der_parse_hex_heim_integer("03", &pfx.version); if (ret) { free(asdata.data); @@ -589,7 +592,7 @@ p12_store(hx509_context context, pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content)); - ASN1_MALLOC_ENCODE(PKCS12_OctetString, + ASN1_MALLOC_ENCODE(PKCS12_OctetString, pfx.authSafe.content->data, pfx.authSafe.content->length, &asdata, &size, ret); @@ -597,7 +600,7 @@ p12_store(hx509_context context, if (ret) goto out; - ret = der_copy_oid(oid_id_pkcs7_data(), &pfx.authSafe.contentType); + ret = der_copy_oid(&asn1_oid_id_pkcs7_data, &pfx.authSafe.contentType); if (ret) goto out; @@ -646,14 +649,14 @@ p12_free(hx509_certs certs, void *data) return 0; } -static int +static int p12_add(hx509_context context, hx509_certs certs, void *data, hx509_cert c) { struct ks_pkcs12 *p12 = data; return hx509_certs_add(context, p12->certs, c); } -static int +static int p12_iter_start(hx509_context context, hx509_certs certs, void *data, diff --git a/crypto/heimdal/lib/hx509/lock.c b/crypto/heimdal/lib/hx509/lock.c index e835aee35af..b72d45962b6 100644 --- a/crypto/heimdal/lib/hx509/lock.c +++ b/crypto/heimdal/lib/hx509/lock.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: lock.c 22327 2007-12-15 04:49:37Z lha $"); /** * @page page_lock Locking and unlocking certificates and encrypted data. @@ -69,8 +68,8 @@ hx509_lock_init(hx509_context context, hx509_lock *lock) if (l == NULL) return ENOMEM; - ret = hx509_certs_init(context, - "MEMORY:locks-internal", + ret = hx509_certs_init(context, + "MEMORY:locks-internal", 0, NULL, &l->certs); @@ -122,7 +121,7 @@ _hx509_lock_unlock_certs(hx509_lock lock) void hx509_lock_reset_passwords(hx509_lock lock) { - int i; + size_t i; for (i = 0; i < lock->password.len; i++) free(lock->password.val[i]); free(lock->password.val); @@ -147,8 +146,8 @@ hx509_lock_reset_certs(hx509_context context, hx509_lock lock) { hx509_certs certs = lock->certs; int ret; - - ret = hx509_certs_init(context, + + ret = hx509_certs_init(context, "MEMORY:locks-internal", 0, NULL, @@ -181,7 +180,7 @@ hx509_lock_reset_promper(hx509_lock lock) lock->prompt_data = NULL; } -static int +static int default_prompter(void *data, const hx509_prompt *prompter) { if (hx509_prompt_hidden(prompter->type)) { @@ -215,10 +214,12 @@ hx509_lock_prompt(hx509_lock lock, hx509_prompt *prompt) void hx509_lock_free(hx509_lock lock) { - hx509_certs_free(&lock->certs); - hx509_lock_reset_passwords(lock); - memset(lock, 0, sizeof(*lock)); - free(lock); + if (lock) { + hx509_certs_free(&lock->certs); + hx509_lock_reset_passwords(lock); + memset(lock, 0, sizeof(*lock)); + free(lock); + } } int diff --git a/crypto/heimdal/lib/hx509/name.c b/crypto/heimdal/lib/hx509/name.c index 69fafe1b8a1..efd7b703422 100644 --- a/crypto/heimdal/lib/hx509/name.c +++ b/crypto/heimdal/lib/hx509/name.c @@ -1,38 +1,39 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: name.c 22432 2008-01-13 14:08:03Z lha $"); +#include +#include "char_map.h" /** * @page page_name PKIX/X.509 Names @@ -43,7 +44,7 @@ RCSID("$Id: name.c 22432 2008-01-13 14:08:03Z lha $"); * (RDN). Each RDN consists of an unordered list of typed strings. The * types are defined by OID and have long and short description. For * example id-at-commonName (2.5.4.3) have the long name CommonName - * and short name CN. The string itself can be of serveral encoding, + * and short name CN. The string itself can be of several encoding, * UTF8, UTF16, Teltex string, etc. The type limit what encoding * should be used. * @@ -62,27 +63,28 @@ RCSID("$Id: name.c 22432 2008-01-13 14:08:03Z lha $"); static const struct { const char *n; - const heim_oid *(*o)(void); + const heim_oid *o; + wind_profile_flags flags; } no[] = { - { "C", oid_id_at_countryName }, - { "CN", oid_id_at_commonName }, - { "DC", oid_id_domainComponent }, - { "L", oid_id_at_localityName }, - { "O", oid_id_at_organizationName }, - { "OU", oid_id_at_organizationalUnitName }, - { "S", oid_id_at_stateOrProvinceName }, - { "STREET", oid_id_at_streetAddress }, - { "UID", oid_id_Userid }, - { "emailAddress", oid_id_pkcs9_emailAddress }, - { "serialNumber", oid_id_at_serialNumber } + { "C", &asn1_oid_id_at_countryName, 0 }, + { "CN", &asn1_oid_id_at_commonName, 0 }, + { "DC", &asn1_oid_id_domainComponent, 0 }, + { "L", &asn1_oid_id_at_localityName, 0 }, + { "O", &asn1_oid_id_at_organizationName, 0 }, + { "OU", &asn1_oid_id_at_organizationalUnitName, 0 }, + { "S", &asn1_oid_id_at_stateOrProvinceName, 0 }, + { "STREET", &asn1_oid_id_at_streetAddress, 0 }, + { "UID", &asn1_oid_id_Userid, 0 }, + { "emailAddress", &asn1_oid_id_pkcs9_emailAddress, 0 }, + { "serialNumber", &asn1_oid_id_at_serialNumber, 0 } }; static char * -quote_string(const char *f, size_t len, size_t *rlen) +quote_string(const char *f, size_t len, int flags, size_t *rlen) { size_t i, j, tolen; - const char *from = f; - char *to; + const unsigned char *from = (const unsigned char *)f; + unsigned char *to; tolen = len * 3 + 1; to = malloc(tolen); @@ -90,37 +92,40 @@ quote_string(const char *f, size_t len, size_t *rlen) return NULL; for (i = 0, j = 0; i < len; i++) { - if (from[i] == ' ' && i + 1 < len) - to[j++] = from[i]; - else if (from[i] == ',' || from[i] == '=' || from[i] == '+' || - from[i] == '<' || from[i] == '>' || from[i] == '#' || - from[i] == ';' || from[i] == ' ') - { + unsigned char map = char_map[from[i]] & flags; + if (i == 0 && (map & Q_RFC2253_QUOTE_FIRST)) { to[j++] = '\\'; to[j++] = from[i]; - } else if (((unsigned char)from[i]) >= 32 && ((unsigned char)from[i]) <= 127) { + } else if ((i + 1) == len && (map & Q_RFC2253_QUOTE_LAST)) { + + to[j++] = '\\'; to[j++] = from[i]; - } else { - int l = snprintf(&to[j], tolen - j - 1, + } else if (map & Q_RFC2253_QUOTE) { + to[j++] = '\\'; + to[j++] = from[i]; + } else if (map & Q_RFC2253_HEX) { + int l = snprintf((char *)&to[j], tolen - j - 1, "#%02x", (unsigned char)from[i]); j += l; + } else { + to[j++] = from[i]; } } to[j] = '\0'; assert(j < tolen); *rlen = j; - return to; + return (char *)to; } static int -append_string(char **str, size_t *total_len, const char *ss, +append_string(char **str, size_t *total_len, const char *ss, size_t len, int quote) { char *s, *qs; if (quote) - qs = quote_string(ss, len, &len); + qs = quote_string(ss, len, Q_RFC2253, &len); else qs = rk_UNCONST(ss); @@ -141,9 +146,9 @@ oidtostring(const heim_oid *type) { char *s; size_t i; - + for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) { - if (der_heim_oid_cmp((*no[i].o)(), type) == 0) + if (der_heim_oid_cmp(no[i].o, type) == 0) return strdup(no[i].n); } if (der_print_heim_oid(type, '.', &s) != 0) @@ -154,14 +159,15 @@ oidtostring(const heim_oid *type) static int stringtooid(const char *name, size_t len, heim_oid *oid) { - int i, ret; + int ret; + size_t i; char *s; - + memset(oid, 0, sizeof(*oid)); for (i = 0; i < sizeof(no)/sizeof(no[0]); i++) { if (strncasecmp(no[i].n, name, len) == 0) - return der_copy_oid((*no[i].o)(), oid); + return der_copy_oid(no[i].o, oid); } s = malloc(len + 1); if (s == NULL) @@ -195,63 +201,81 @@ int _hx509_Name_to_string(const Name *n, char **str) { size_t total_len = 0; - int i, j; + size_t i, j, m; + int ret; *str = strdup(""); if (*str == NULL) return ENOMEM; - for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) { - int len; + for (m = n->u.rdnSequence.len; m > 0; m--) { + size_t len; + i = m - 1; for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value; char *oidname; char *ss; - + oidname = oidtostring(&n->u.rdnSequence.val[i].val[j].type); switch(ds->element) { case choice_DirectoryString_ia5String: - ss = ds->u.ia5String; + ss = ds->u.ia5String.data; + len = ds->u.ia5String.length; break; case choice_DirectoryString_printableString: - ss = ds->u.printableString; + ss = ds->u.printableString.data; + len = ds->u.printableString.length; break; case choice_DirectoryString_utf8String: ss = ds->u.utf8String; + len = strlen(ss); break; case choice_DirectoryString_bmpString: { - uint16_t *bmp = ds->u.bmpString.data; + const uint16_t *bmp = ds->u.bmpString.data; size_t bmplen = ds->u.bmpString.length; size_t k; - ss = malloc(bmplen + 1); + ret = wind_ucs2utf8_length(bmp, bmplen, &k); + if (ret) + return ret; + + ss = malloc(k + 1); if (ss == NULL) _hx509_abort("allocation failure"); /* XXX */ - for (k = 0; k < bmplen; k++) - ss[k] = bmp[k] & 0xff; /* XXX */ + ret = wind_ucs2utf8(bmp, bmplen, ss, NULL); + if (ret) { + free(ss); + return ret; + } ss[k] = '\0'; + len = k; break; } case choice_DirectoryString_teletexString: - ss = malloc(ds->u.teletexString.length + 1); - if (ss == NULL) - _hx509_abort("allocation failure"); /* XXX */ - memcpy(ss, ds->u.teletexString.data, ds->u.teletexString.length); - ss[ds->u.teletexString.length] = '\0'; + ss = ds->u.teletexString; + len = strlen(ss); break; case choice_DirectoryString_universalString: { - uint32_t *uni = ds->u.universalString.data; + const uint32_t *uni = ds->u.universalString.data; size_t unilen = ds->u.universalString.length; size_t k; - ss = malloc(unilen + 1); + ret = wind_ucs4utf8_length(uni, unilen, &k); + if (ret) + return ret; + + ss = malloc(k + 1); if (ss == NULL) _hx509_abort("allocation failure"); /* XXX */ - for (k = 0; k < unilen; k++) - ss[k] = uni[k] & 0xff; /* XXX */ + ret = wind_ucs4utf8(uni, unilen, ss, NULL); + if (ret) { + free(ss); + return ret; + } ss[k] = '\0'; + len = k; break; } default: @@ -261,11 +285,9 @@ _hx509_Name_to_string(const Name *n, char **str) append_string(str, &total_len, oidname, strlen(oidname), 0); free(oidname); append_string(str, &total_len, "=", 1, 0); - len = strlen(ss); append_string(str, &total_len, ss, len, 1); - if (ds->element == choice_DirectoryString_universalString || - ds->element == choice_DirectoryString_bmpString || - ds->element == choice_DirectoryString_teletexString) + if (ds->element == choice_DirectoryString_bmpString || + ds->element == choice_DirectoryString_universalString) { free(ss); } @@ -279,95 +301,174 @@ _hx509_Name_to_string(const Name *n, char **str) return 0; } -/* - * XXX this function is broken, it needs to compare code points, not - * bytes. - */ +#define COPYCHARARRAY(_ds,_el,_l,_n) \ + (_l) = strlen(_ds->u._el); \ + (_n) = malloc((_l) * sizeof((_n)[0])); \ + if ((_n) == NULL) \ + return ENOMEM; \ + for (i = 0; i < (_l); i++) \ + (_n)[i] = _ds->u._el[i] -static void -prune_space(const unsigned char **s) + +#define COPYVALARRAY(_ds,_el,_l,_n) \ + (_l) = _ds->u._el.length; \ + (_n) = malloc((_l) * sizeof((_n)[0])); \ + if ((_n) == NULL) \ + return ENOMEM; \ + for (i = 0; i < (_l); i++) \ + (_n)[i] = _ds->u._el.data[i] + +#define COPYVOIDARRAY(_ds,_el,_l,_n) \ + (_l) = _ds->u._el.length; \ + (_n) = malloc((_l) * sizeof((_n)[0])); \ + if ((_n) == NULL) \ + return ENOMEM; \ + for (i = 0; i < (_l); i++) \ + (_n)[i] = ((unsigned char *)_ds->u._el.data)[i] + + + +static int +dsstringprep(const DirectoryString *ds, uint32_t **rname, size_t *rlen) { - while (**s == ' ') - (*s)++; -} + wind_profile_flags flags; + size_t i, len; + int ret; + uint32_t *name; -int -_hx509_name_ds_cmp(const DirectoryString *ds1, const DirectoryString *ds2) -{ - int c; + *rname = NULL; + *rlen = 0; - c = ds1->element - ds2->element; - if (c) - return c; - - switch(ds1->element) { + switch(ds->element) { case choice_DirectoryString_ia5String: - c = strcmp(ds1->u.ia5String, ds2->u.ia5String); + flags = WIND_PROFILE_LDAP; + COPYVOIDARRAY(ds, ia5String, len, name); + break; + case choice_DirectoryString_printableString: + flags = WIND_PROFILE_LDAP; + flags |= WIND_PROFILE_LDAP_CASE_EXACT_ATTRIBUTE; + COPYVOIDARRAY(ds, printableString, len, name); break; case choice_DirectoryString_teletexString: - c = der_heim_octet_string_cmp(&ds1->u.teletexString, - &ds2->u.teletexString); - break; - case choice_DirectoryString_printableString: { - const unsigned char *s1 = (unsigned char*)ds1->u.printableString; - const unsigned char *s2 = (unsigned char*)ds2->u.printableString; - prune_space(&s1); prune_space(&s2); - while (*s1 && *s2) { - if (toupper(*s1) != toupper(*s2)) { - c = toupper(*s1) - toupper(*s2); - break; - } - if (*s1 == ' ') { prune_space(&s1); prune_space(&s2); } - else { s1++; s2++; } - } - prune_space(&s1); prune_space(&s2); - c = *s1 - *s2; - break; - } - case choice_DirectoryString_utf8String: - c = strcmp(ds1->u.utf8String, ds2->u.utf8String); - break; - case choice_DirectoryString_universalString: - c = der_heim_universal_string_cmp(&ds1->u.universalString, - &ds2->u.universalString); + flags = WIND_PROFILE_LDAP_CASE; + COPYCHARARRAY(ds, teletexString, len, name); break; case choice_DirectoryString_bmpString: - c = der_heim_bmp_string_cmp(&ds1->u.bmpString, - &ds2->u.bmpString); + flags = WIND_PROFILE_LDAP; + COPYVALARRAY(ds, bmpString, len, name); + break; + case choice_DirectoryString_universalString: + flags = WIND_PROFILE_LDAP; + COPYVALARRAY(ds, universalString, len, name); + break; + case choice_DirectoryString_utf8String: + flags = WIND_PROFILE_LDAP; + ret = wind_utf8ucs4_length(ds->u.utf8String, &len); + if (ret) + return ret; + name = malloc(len * sizeof(name[0])); + if (name == NULL) + return ENOMEM; + ret = wind_utf8ucs4(ds->u.utf8String, name, &len); + if (ret) { + free(name); + return ret; + } break; default: - c = 1; - break; + _hx509_abort("unknown directory type: %d", ds->element); } - return c; + + *rlen = len; + /* try a couple of times to get the length right, XXX gross */ + for (i = 0; i < 4; i++) { + *rlen = *rlen * 2; + *rname = malloc(*rlen * sizeof((*rname)[0])); + + ret = wind_stringprep(name, len, *rname, rlen, flags); + if (ret == WIND_ERR_OVERRUN) { + free(*rname); + *rname = NULL; + continue; + } else + break; + } + free(name); + if (ret) { + if (*rname) + free(*rname); + *rname = NULL; + *rlen = 0; + return ret; + } + + return 0; } int -_hx509_name_cmp(const Name *n1, const Name *n2) +_hx509_name_ds_cmp(const DirectoryString *ds1, + const DirectoryString *ds2, + int *diff) { - int i, j, c; + uint32_t *ds1lp, *ds2lp; + size_t ds1len, ds2len, i; + int ret; - c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; - if (c) - return c; + ret = dsstringprep(ds1, &ds1lp, &ds1len); + if (ret) + return ret; + ret = dsstringprep(ds2, &ds2lp, &ds2len); + if (ret) { + free(ds1lp); + return ret; + } - for (i = 0 ; i < n1->u.rdnSequence.len; i++) { - c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len; - if (c) - return c; - - for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) { - c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type, - &n1->u.rdnSequence.val[i].val[j].type); - if (c) - return c; - - c = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value, - &n2->u.rdnSequence.val[i].val[j].value); - if (c) - return c; + if (ds1len != ds2len) + *diff = ds1len - ds2len; + else { + for (i = 0; i < ds1len; i++) { + *diff = ds1lp[i] - ds2lp[i]; + if (*diff) + break; } } + free(ds1lp); + free(ds2lp); + + return 0; +} + +int +_hx509_name_cmp(const Name *n1, const Name *n2, int *c) +{ + int ret; + size_t i, j; + + *c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; + if (*c) + return 0; + + for (i = 0 ; i < n1->u.rdnSequence.len; i++) { + *c = n1->u.rdnSequence.val[i].len - n2->u.rdnSequence.val[i].len; + if (*c) + return 0; + + for (j = 0; j < n1->u.rdnSequence.val[i].len; j++) { + *c = der_heim_oid_cmp(&n1->u.rdnSequence.val[i].val[j].type, + &n1->u.rdnSequence.val[i].val[j].type); + if (*c) + return 0; + + ret = _hx509_name_ds_cmp(&n1->u.rdnSequence.val[i].val[j].value, + &n2->u.rdnSequence.val[i].val[j].value, + c); + if (ret) + return ret; + if (*c) + return 0; + } + } + *c = 0; return 0; } @@ -386,7 +487,11 @@ _hx509_name_cmp(const Name *n1, const Name *n2) int hx509_name_cmp(hx509_name n1, hx509_name n2) { - return _hx509_name_cmp(&n1->der_name, &n2->der_name); + int ret, diff; + ret = _hx509_name_cmp(&n1->der_name, &n2->der_name, &diff); + if (ret) + return ret; + return diff; } @@ -407,17 +512,17 @@ _hx509_name_from_Name(const Name *n, hx509_name *name) int _hx509_name_modify(hx509_context context, - Name *name, + Name *name, int append, - const heim_oid *oid, + const heim_oid *oid, const char *str) { RelativeDistinguishedName *rdn; int ret; void *ptr; - ptr = realloc(name->u.rdnSequence.val, - sizeof(name->u.rdnSequence.val[0]) * + ptr = realloc(name->u.rdnSequence.val, + sizeof(name->u.rdnSequence.val[0]) * (name->u.rdnSequence.len + 1)); if (ptr == NULL) { hx509_set_error_string(context, 0, ENOMEM, "Out of memory"); @@ -430,9 +535,9 @@ _hx509_name_modify(hx509_context context, } else { memmove(&name->u.rdnSequence.val[1], &name->u.rdnSequence.val[0], - name->u.rdnSequence.len * + name->u.rdnSequence.len * sizeof(name->u.rdnSequence.val[0])); - + rdn = &name->u.rdnSequence.val[0]; } rdn->val = malloc(sizeof(rdn->val[0])); @@ -504,12 +609,12 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name) } if (q == p) { ret = HX509_PARSING_NAME_FAILED; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "missing name before = in %s", p); goto out; } - - if ((q - p) > len) { + + if ((size_t)(q - p) > len) { ret = HX509_PARSING_NAME_FAILED; hx509_set_error_string(context, 0, ret, " = after , in %s", p); goto out; @@ -518,16 +623,16 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name) ret = stringtooid(p, q - p, &oid); if (ret) { ret = HX509_PARSING_NAME_FAILED; - hx509_set_error_string(context, 0, ret, + hx509_set_error_string(context, 0, ret, "unknown type: %.*s", (int)(q - p), p); goto out; } - + { size_t pstr_len = len - (q - p) - 1; const char *pstr = p + (q - p) + 1; char *r; - + r = malloc(pstr_len + 1); if (r == NULL) { der_free_oid(&oid); @@ -626,7 +731,7 @@ hx509_name_expand(hx509_context context, hx509_env env) { Name *n = &name->der_name; - int i, j; + size_t i, j; if (env == NULL) return 0; @@ -658,8 +763,8 @@ hx509_name_expand(hx509_context context, } p = strstr(ds->u.utf8String, "${"); if (p) { - strpool = rk_strpoolprintf(strpool, "%.*s", - (int)(p - ds->u.utf8String), + strpool = rk_strpoolprintf(strpool, "%.*s", + (int)(p - ds->u.utf8String), ds->u.utf8String); if (strpool == NULL) { hx509_set_error_string(context, 0, ENOMEM, "out of memory"); @@ -678,7 +783,7 @@ hx509_name_expand(hx509_context context, p += 2; value = hx509_env_lfind(context, env, p, p2 - p); if (value == NULL) { - hx509_set_error_string(context, 0, EINVAL, + hx509_set_error_string(context, 0, EINVAL, "variable %.*s missing", (int)(p2 - p), p); rk_strpoolfree(strpool); @@ -693,7 +798,7 @@ hx509_name_expand(hx509_context context, p = strstr(p2, "${"); if (p) - strpool = rk_strpoolprintf(strpool, "%.*s", + strpool = rk_strpoolprintf(strpool, "%.*s", (int)(p - p2), p2); else strpool = rk_strpoolprintf(strpool, "%s", p2); @@ -824,7 +929,7 @@ hx509_name_is_null_p(const hx509_name name) * @param name the name to print * @param str an allocated string returns the name in string form * - * @return An hx509 error code, see krb5_get_error_string(). + * @return An hx509 error code, see hx509_get_error_string(). * * @ingroup hx509_name */ @@ -838,21 +943,23 @@ hx509_general_name_unparse(GeneralName *name, char **str) switch (name->element) { case choice_GeneralName_otherName: { - char *str; - hx509_oid_sprint(&name->u.otherName.type_id, &str); - if (str == NULL) + char *oid; + hx509_oid_sprint(&name->u.otherName.type_id, &oid); + if (oid == NULL) return ENOMEM; - strpool = rk_strpoolprintf(strpool, "otherName: %s", str); - free(str); + strpool = rk_strpoolprintf(strpool, "otherName: %s", oid); + free(oid); break; } case choice_GeneralName_rfc822Name: - strpool = rk_strpoolprintf(strpool, "rfc822Name: %s\n", - name->u.rfc822Name); + strpool = rk_strpoolprintf(strpool, "rfc822Name: %.*s\n", + (int)name->u.rfc822Name.length, + (char *)name->u.rfc822Name.data); break; case choice_GeneralName_dNSName: - strpool = rk_strpoolprintf(strpool, "dNSName: %s\n", - name->u.dNSName); + strpool = rk_strpoolprintf(strpool, "dNSName: %.*s\n", + (int)name->u.dNSName.length, + (char *)name->u.dNSName.data); break; case choice_GeneralName_directoryName: { Name dir; @@ -869,8 +976,9 @@ hx509_general_name_unparse(GeneralName *name, char **str) break; } case choice_GeneralName_uniformResourceIdentifier: - strpool = rk_strpoolprintf(strpool, "URI: %s", - name->u.uniformResourceIdentifier); + strpool = rk_strpoolprintf(strpool, "URI: %.*s", + (int)name->u.uniformResourceIdentifier.length, + (char *)name->u.uniformResourceIdentifier.data); break; case choice_GeneralName_iPAddress: { unsigned char *a = name->u.iPAddress.data; @@ -879,31 +987,31 @@ hx509_general_name_unparse(GeneralName *name, char **str) if (strpool == NULL) break; if (name->u.iPAddress.length == 4) - strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d", + strpool = rk_strpoolprintf(strpool, "%d.%d.%d.%d", a[0], a[1], a[2], a[3]); else if (name->u.iPAddress.length == 16) - strpool = rk_strpoolprintf(strpool, + strpool = rk_strpoolprintf(strpool, "%02X:%02X:%02X:%02X:" "%02X:%02X:%02X:%02X:" "%02X:%02X:%02X:%02X:" - "%02X:%02X:%02X:%02X", + "%02X:%02X:%02X:%02X", a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14], a[15]); else - strpool = rk_strpoolprintf(strpool, + strpool = rk_strpoolprintf(strpool, "unknown IP address of length %lu", (unsigned long)name->u.iPAddress.length); break; } case choice_GeneralName_registeredID: { - char *str; - hx509_oid_sprint(&name->u.registeredID, &str); - if (str == NULL) + char *oid; + hx509_oid_sprint(&name->u.registeredID, &oid); + if (oid == NULL) return ENOMEM; - strpool = rk_strpoolprintf(strpool, "registeredID: %s", str); - free(str); + strpool = rk_strpoolprintf(strpool, "registeredID: %s", oid); + free(oid); break; } default: diff --git a/crypto/heimdal/lib/hx509/ocsp.asn1 b/crypto/heimdal/lib/hx509/ocsp.asn1 index d8ecd66ccf7..eb090a4cc76 100644 --- a/crypto/heimdal/lib/hx509/ocsp.asn1 +++ b/crypto/heimdal/lib/hx509/ocsp.asn1 @@ -1,5 +1,5 @@ -- From rfc2560 --- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $ +-- $Id$ OCSP DEFINITIONS EXPLICIT TAGS::= BEGIN diff --git a/crypto/heimdal/lib/hx509/ocsp.opt b/crypto/heimdal/lib/hx509/ocsp.opt new file mode 100644 index 00000000000..697aa03e19e --- /dev/null +++ b/crypto/heimdal/lib/hx509/ocsp.opt @@ -0,0 +1,2 @@ +--preserve-binary=OCSPTBSRequest +--preserve-binary=OCSPResponseData diff --git a/crypto/heimdal/lib/hx509/peer.c b/crypto/heimdal/lib/hx509/peer.c index eb0ecd2bdef..457f6c4d04b 100644 --- a/crypto/heimdal/lib/hx509/peer.c +++ b/crypto/heimdal/lib/hx509/peer.c @@ -1,38 +1,39 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: peer.c 22345 2007-12-26 19:03:51Z lha $"); /** * @page page_peer Hx509 crypto selecting functions @@ -120,6 +121,40 @@ hx509_peer_info_set_cert(hx509_peer_info peer, return 0; } +/** + * Add an additional algorithm that the peer supports. + * + * @param context A hx509 context. + * @param peer the peer to set the new algorithms for + * @param val an AlgorithmsIdentier to add + * + * @return An hx509 error code, see hx509_get_error_string(). + * + * @ingroup hx509_peer + */ + +int +hx509_peer_info_add_cms_alg(hx509_context context, + hx509_peer_info peer, + const AlgorithmIdentifier *val) +{ + void *ptr; + int ret; + + ptr = realloc(peer->val, sizeof(peer->val[0]) * (peer->len + 1)); + if (ptr == NULL) { + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } + peer->val = ptr; + ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]); + if (ret == 0) + peer->len += 1; + else + hx509_set_error_string(context, 0, ret, "out of memory"); + return ret; +} + /** * Set the algorithms that the peer supports. * diff --git a/crypto/heimdal/lib/hx509/pkcs10.asn1 b/crypto/heimdal/lib/hx509/pkcs10.asn1 index 518fe3bfa36..f3fe37b1bf9 100644 --- a/crypto/heimdal/lib/hx509/pkcs10.asn1 +++ b/crypto/heimdal/lib/hx509/pkcs10.asn1 @@ -1,4 +1,4 @@ --- $Id: pkcs10.asn1 16918 2006-04-01 09:46:57Z lha $ +-- $Id$ PKCS10 DEFINITIONS ::= BEGIN diff --git a/crypto/heimdal/lib/hx509/pkcs10.opt b/crypto/heimdal/lib/hx509/pkcs10.opt new file mode 100644 index 00000000000..499fab2f6ba --- /dev/null +++ b/crypto/heimdal/lib/hx509/pkcs10.opt @@ -0,0 +1 @@ +--preserve-binary=CertificationRequestInfo diff --git a/crypto/heimdal/lib/hx509/print.c b/crypto/heimdal/lib/hx509/print.c index 78ebbafb2f6..1e8bcabfa7e 100644 --- a/crypto/heimdal/lib/hx509/print.c +++ b/crypto/heimdal/lib/hx509/print.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: print.c 22420 2008-01-13 09:42:35Z lha $"); /** * @page page_print Hx509 printing functions @@ -114,7 +113,7 @@ print_func(hx509_vprint_func func, void *ctx, const char *fmt, ...) /** * Print a oid to a string. - * + * * @param oid oid to print * @param str allocated string, free with hx509_xfree(). * @@ -132,7 +131,7 @@ hx509_oid_sprint(const heim_oid *oid, char **str) /** * Print a oid using a hx509_vprint_func function. To print to stdout * use hx509_print_stdout(). - * + * * @param oid oid to print * @param func hx509_vprint_func to print with. * @param ctx context variable to hx509_vprint_func function. @@ -152,7 +151,7 @@ hx509_oid_print(const heim_oid *oid, hx509_vprint_func func, void *ctx) /** * Print a bitstring using a hx509_vprint_func function. To print to * stdout use hx509_print_stdout(). - * + * * @param b bit string to print. * @param func hx509_vprint_func to print with. * @param ctx context variable to hx509_vprint_func function. @@ -164,11 +163,11 @@ void hx509_bitstring_print(const heim_bit_string *b, hx509_vprint_func func, void *ctx) { - int i; + size_t i; print_func(func, ctx, "\tlength: %d\n\t", b->length); for (i = 0; i < (b->length + 7) / 8; i++) print_func(func, ctx, "%02x%s%s", - ((unsigned char *)b->data)[i], + ((unsigned char *)b->data)[i], i < (b->length - 7) / 8 && (i == 0 || (i % 16) != 15) ? ":" : "", i != 0 && (i % 16) == 15 ? @@ -177,7 +176,7 @@ hx509_bitstring_print(const heim_bit_string *b, /** * Print certificate usage for a certificate to a string. - * + * * @param context A hx509 context. * @param c a certificate print the keyusage for. * @param s the return string with the keysage printed in to, free @@ -234,7 +233,7 @@ validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...) va_end(va); } -/* +/* * Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical, * MUST NOT critical */ @@ -275,7 +274,7 @@ check_Null(hx509_validate_ctx ctx, } static int -check_subjectKeyIdentifier(hx509_validate_ctx ctx, +check_subjectKeyIdentifier(hx509_validate_ctx ctx, struct cert_status *status, enum critical_flag cf, const Extension *e) @@ -287,7 +286,7 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx, status->haveSKI = 1; check_Null(ctx, status, cf, e); - ret = decode_SubjectKeyIdentifier(e->extnValue.data, + ret = decode_SubjectKeyIdentifier(e->extnValue.data, e->extnValue.length, &si, &size); if (ret) { @@ -323,7 +322,7 @@ check_subjectKeyIdentifier(hx509_validate_ctx ctx, } static int -check_authorityKeyIdentifier(hx509_validate_ctx ctx, +check_authorityKeyIdentifier(hx509_validate_ctx ctx, struct cert_status *status, enum critical_flag cf, const Extension *e) @@ -335,10 +334,7 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx, status->haveAKI = 1; check_Null(ctx, status, cf, e); - status->haveSKI = 1; - check_Null(ctx, status, cf, e); - - ret = decode_AuthorityKeyIdentifier(e->extnValue.data, + ret = decode_AuthorityKeyIdentifier(e->extnValue.data, e->extnValue.length, &ai, &size); if (ret) { @@ -365,6 +361,56 @@ check_authorityKeyIdentifier(hx509_validate_ctx ctx, return 0; } +static int +check_extKeyUsage(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + ExtKeyUsage eku; + size_t size, i; + int ret; + + check_Null(ctx, status, cf, e); + + ret = decode_ExtKeyUsage(e->extnValue.data, + e->extnValue.length, + &eku, &size); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Decoding ExtKeyUsage failed: %d", ret); + return 1; + } + if (size != e->extnValue.length) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "Padding data in EKU"); + free_ExtKeyUsage(&eku); + return 1; + } + if (eku.len == 0) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "ExtKeyUsage length is 0"); + return 1; + } + + for (i = 0; i < eku.len; i++) { + char *str; + ret = der_print_heim_oid (&eku.val[i], '.', &str); + if (ret) { + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + "\tEKU: failed to print oid %d", i); + free_ExtKeyUsage(&eku); + return 1; + } + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\teku-%d: %s\n", i, str);; + free(str); + } + + free_ExtKeyUsage(&eku); + + return 0; +} static int check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) @@ -389,7 +435,7 @@ check_pkinit_san(hx509_validate_ctx ctx, heim_any *a) /* print kerberos principal, add code to quote / within components */ for (i = 0; i < kn.principalName.name_string.len; i++) { - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s", kn.principalName.name_string.val[i]); if (i + 1 < kn.principalName.name_string.len) validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "/"); @@ -428,18 +474,19 @@ check_altnull(hx509_validate_ctx ctx, heim_any *a) } static int -check_CRLDistributionPoints(hx509_validate_ctx ctx, +check_CRLDistributionPoints(hx509_validate_ctx ctx, struct cert_status *status, enum critical_flag cf, const Extension *e) { CRLDistributionPoints dp; size_t size; - int ret, i; + int ret; + size_t i; check_Null(ctx, status, cf, e); - ret = decode_CRLDistributionPoints(e->extnValue.data, + ret = decode_CRLDistributionPoints(e->extnValue.data, e->extnValue.length, &dp, &size); if (ret) { @@ -453,12 +500,12 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx, if (dp.val[i].distributionPoint) { DistributionPointName dpname; heim_any *data = dp.val[i].distributionPoint; - int j; - + size_t j; + ret = decode_DistributionPointName(data->data, data->length, &dpname, NULL); if (ret) { - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Failed to parse CRL Distribution Point Name: %d\n", ret); continue; } @@ -466,7 +513,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx, switch (dpname.element) { case choice_DistributionPointName_fullName: validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Fullname:\n"); - + for (j = 0 ; j < dpname.u.fullName.len; j++) { char *s; GeneralName *name = &dpname.u.fullName.val[j]; @@ -500,14 +547,14 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx, struct { const char *name; - const heim_oid *(*oid)(void); + const heim_oid *oid; int (*func)(hx509_validate_ctx, heim_any *); -} check_altname[] = { - { "pk-init", oid_id_pkinit_san, check_pkinit_san }, - { "jabber", oid_id_pkix_on_xmppAddr, check_utf8_string_san }, - { "dns-srv", oid_id_pkix_on_dnsSRV, check_altnull }, - { "card-id", oid_id_uspkicommon_card_id, check_altnull }, - { "Microsoft NT-PRINCIPAL-NAME", oid_id_pkinit_ms_san, check_utf8_string_san } +} altname_types[] = { + { "pk-init", &asn1_oid_id_pkinit_san, check_pkinit_san }, + { "jabber", &asn1_oid_id_pkix_on_xmppAddr, check_utf8_string_san }, + { "dns-srv", &asn1_oid_id_pkix_on_dnsSRV, check_altnull }, + { "card-id", &asn1_oid_id_uspkicommon_card_id, check_altnull }, + { "Microsoft NT-PRINCIPAL-NAME", &asn1_oid_id_pkinit_ms_san, check_utf8_string_san } }; static int @@ -519,7 +566,8 @@ check_altName(hx509_validate_ctx ctx, { GeneralNames gn; size_t size; - int ret, i; + int ret; + size_t i; check_Null(ctx, status, cf, e); @@ -532,7 +580,7 @@ check_altName(hx509_validate_ctx ctx, &gn, &size); if (ret) { validate_print(ctx, HX509_VALIDATE_F_VALIDATE, - "\tret = %d while decoding %s GeneralNames\n", + "\tret = %d while decoding %s GeneralNames\n", ret, name); return 1; } @@ -550,17 +598,17 @@ check_altName(hx509_validate_ctx ctx, validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%sAltName otherName ", name); - for (j = 0; j < sizeof(check_altname)/sizeof(check_altname[0]); j++) { - if (der_heim_oid_cmp((*check_altname[j].oid)(), + for (j = 0; j < sizeof(altname_types)/sizeof(altname_types[0]); j++) { + if (der_heim_oid_cmp(altname_types[j].oid, &gn.val[i].u.otherName.type_id) != 0) continue; - - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ", - check_altname[j].name); - (*check_altname[j].func)(ctx, &gn.val[i].u.otherName.value); + + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "%s: ", + altname_types[j].name); + (*altname_types[j].func)(ctx, &gn.val[i].u.otherName.value); break; } - if (j == sizeof(check_altname)/sizeof(check_altname[0])) { + if (j == sizeof(altname_types)/sizeof(altname_types[0])) { hx509_oid_print(&gn.val[i].u.otherName.type_id, validate_vprint, ctx); validate_print(ctx, HX509_VALIDATE_F_VERBOSE, " unknown"); @@ -610,9 +658,9 @@ check_issuerAltName(hx509_validate_ctx ctx, static int -check_basicConstraints(hx509_validate_ctx ctx, +check_basicConstraints(hx509_validate_ctx ctx, struct cert_status *status, - enum critical_flag cf, + enum critical_flag cf, const Extension *e) { BasicConstraints b; @@ -620,7 +668,7 @@ check_basicConstraints(hx509_validate_ctx ctx, int ret; check_Null(ctx, status, cf, e); - + ret = decode_BasicConstraints(e->extnValue.data, e->extnValue.length, &b, &size); if (ret) { @@ -653,9 +701,9 @@ check_basicConstraints(hx509_validate_ctx ctx, } static int -check_proxyCertInfo(hx509_validate_ctx ctx, +check_proxyCertInfo(hx509_validate_ctx ctx, struct cert_status *status, - enum critical_flag cf, + enum critical_flag cf, const Extension *e) { check_Null(ctx, status, cf, e); @@ -664,18 +712,19 @@ check_proxyCertInfo(hx509_validate_ctx ctx, } static int -check_authorityInfoAccess(hx509_validate_ctx ctx, +check_authorityInfoAccess(hx509_validate_ctx ctx, struct cert_status *status, - enum critical_flag cf, + enum critical_flag cf, const Extension *e) { AuthorityInfoAccessSyntax aia; size_t size; - int ret, i; + int ret; + size_t i; check_Null(ctx, status, cf, e); - ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, + ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, e->extnValue.length, &aia, &size); if (ret) { @@ -704,14 +753,14 @@ check_authorityInfoAccess(hx509_validate_ctx ctx, struct { const char *name; - const heim_oid *(*oid)(void); - int (*func)(hx509_validate_ctx ctx, + const heim_oid *oid; + int (*func)(hx509_validate_ctx ctx, struct cert_status *status, - enum critical_flag cf, + enum critical_flag cf, const Extension *); enum critical_flag cf; } check_extension[] = { -#define ext(name, checkname) #name, &oid_id_x509_ce_##name, check_##checkname +#define ext(name, checkname) #name, &asn1_oid_id_x509_ce_##name, check_##checkname { ext(subjectDirectoryAttributes, Null), M_N_C }, { ext(subjectKeyIdentifier, subjectKeyIdentifier), M_N_C }, { ext(keyUsage, Null), S_C }, @@ -727,28 +776,28 @@ struct { { ext(certificateIssuer, Null), M_C }, { ext(nameConstraints, Null), M_C }, { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C }, - { ext(certificatePolicies, Null) }, + { ext(certificatePolicies, Null), 0 }, { ext(policyMappings, Null), M_N_C }, { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C }, { ext(policyConstraints, Null), D_C }, - { ext(extKeyUsage, Null), D_C }, + { ext(extKeyUsage, extKeyUsage), D_C }, { ext(freshestCRL, Null), M_N_C }, { ext(inhibitAnyPolicy, Null), M_C }, #undef ext -#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname +#define ext(name, checkname) #name, &asn1_oid_id_pkix_pe_##name, check_##checkname { ext(proxyCertInfo, proxyCertInfo), M_C }, { ext(authorityInfoAccess, authorityInfoAccess), M_C }, #undef ext - { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, + { "US Fed PKI - PIV Interim", &asn1_oid_id_uspkicommon_piv_interim, check_Null, D_C }, - { "Netscape cert comment", oid_id_netscape_cert_comment, + { "Netscape cert comment", &asn1_oid_id_netscape_cert_comment, check_Null, D_C }, - { NULL } + { NULL, NULL, NULL, 0 } }; /** * Allocate a hx509 validation/printing context. - * + * * @param context A hx509 context. * @param ctx a new allocated hx509 validation context, free with * hx509_validate_ctx_free(). @@ -770,7 +819,7 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx) /** * Set the printing functions for the validation context. - * + * * @param ctx a hx509 valication context. * @param func the printing function to usea. * @param c the context variable to the printing function. @@ -781,7 +830,7 @@ hx509_validate_ctx_init(hx509_context context, hx509_validate_ctx *ctx) */ void -hx509_validate_ctx_set_print(hx509_validate_ctx ctx, +hx509_validate_ctx_set_print(hx509_validate_ctx ctx, hx509_vprint_func func, void *c) { @@ -792,7 +841,7 @@ hx509_validate_ctx_set_print(hx509_validate_ctx ctx, /** * Add flags to control the behaivor of the hx509_validate_cert() * function. - * + * * @param ctx A hx509 validation context. * @param flags flags to add to the validation context. * @@ -809,7 +858,7 @@ hx509_validate_ctx_add_flags(hx509_validate_ctx ctx, int flags) /** * Free an hx509 validate context. - * + * * @param ctx the hx509 validate context to free. * * @ingroup hx509_print @@ -823,7 +872,7 @@ hx509_validate_ctx_free(hx509_validate_ctx ctx) /** * Validate/Print the status of the certificate. - * + * * @param context A hx509 context. * @param ctx A hx509 validation context. * @param cert the cerificate to validate/print. @@ -850,11 +899,11 @@ hx509_validate_cert(hx509_context context, if (_hx509_cert_get_version(c) != 3) validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Not version 3 certificate\n"); - + if ((t->version == NULL || *t->version < 2) && t->extensions) validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Not version 3 certificate with extensions\n"); - + if (_hx509_cert_get_version(c) >= 3 && t->extensions == NULL) validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Version 3 certificate without extensions\n"); @@ -890,7 +939,7 @@ hx509_validate_cert(hx509_context context, free(str); if (t->extensions) { - int i, j; + size_t i, j; if (t->extensions->len == 0) { validate_print(ctx, @@ -902,7 +951,7 @@ hx509_validate_cert(hx509_context context, for (i = 0; i < t->extensions->len; i++) { for (j = 0; check_extension[j].name; j++) - if (der_heim_oid_cmp((*check_extension[j].oid)(), + if (der_heim_oid_cmp(check_extension[j].oid, &t->extensions->val[i].extnID) == 0) break; if (check_extension[j].name == NULL) { @@ -913,7 +962,7 @@ hx509_validate_cert(hx509_context context, if (t->extensions->val[i].critical) validate_print(ctx, flags, "and is CRITICAL "); if (ctx->flags & flags) - hx509_oid_print(&t->extensions->val[i].extnID, + hx509_oid_print(&t->extensions->val[i].extnID, validate_vprint, ctx); validate_print(ctx, flags, " is\n"); continue; @@ -929,57 +978,57 @@ hx509_validate_cert(hx509_context context, } } else validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "no extentions\n"); - + if (status.isca) { if (!status.haveSKI) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "CA certificate have no SubjectKeyIdentifier\n"); } else { if (!status.haveAKI) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Is not CA and doesn't have " "AuthorityKeyIdentifier\n"); } - + if (!status.haveSKI) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Doesn't have SubjectKeyIdentifier\n"); if (status.isproxy && status.isca) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Proxy and CA at the same time!\n"); if (status.isproxy) { if (status.haveSAN) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Proxy and have SAN\n"); if (status.haveIAN) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Proxy and have IAN\n"); } if (hx509_name_is_null_p(subject) && !status.haveSAN) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "NULL subject DN and doesn't have a SAN\n"); if (!status.selfsigned && !status.haveCRLDP) - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Not a CA nor PROXY and doesn't have" "CRL Dist Point\n"); if (status.selfsigned) { ret = _hx509_verify_signature_bitstring(context, - c, + cert, &c->signatureAlgorithm, &c->tbsCertificate._save, &c->signatureValue); if (ret == 0) - validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, "Self-signed certificate was self-signed\n"); else - validate_print(ctx, HX509_VALIDATE_F_VALIDATE, + validate_print(ctx, HX509_VALIDATE_F_VALIDATE, "Self-signed certificate NOT really self-signed!\n"); } diff --git a/crypto/heimdal/lib/hx509/quote.py b/crypto/heimdal/lib/hx509/quote.py new file mode 100644 index 00000000000..41887e5d448 --- /dev/null +++ b/crypto/heimdal/lib/hx509/quote.py @@ -0,0 +1,101 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (c) 2010 Kungliga Tekniska Högskolan +# (Royal Institute of Technology, Stockholm, Sweden). +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the Institute nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# + +CONTROL_CHAR = 1 +PRINTABLE = 2 +RFC2253_QUOTE_FIRST = 4 +RFC2253_QUOTE_LAST = 8 +RFC2253_QUOTE = 16 +RFC2253_HEX = 32 + +chars = [] + +for i in range(0, 256): + chars.append(0); + +for i in range(0, 256): + if (i < 32 or i > 126): + chars[i] |= CONTROL_CHAR | RFC2253_HEX; + +for i in range(ord("A"), ord("Z") + 1): + chars[i] |= PRINTABLE +for i in range(ord("a"), ord("z") + 1): + chars[i] |= PRINTABLE +for i in range(ord("0"), ord("9") + 1): + chars[i] |= PRINTABLE + +chars[ord(' ')] |= PRINTABLE +chars[ord('+')] |= PRINTABLE +chars[ord(',')] |= PRINTABLE +chars[ord('-')] |= PRINTABLE +chars[ord('.')] |= PRINTABLE +chars[ord('/')] |= PRINTABLE +chars[ord(':')] |= PRINTABLE +chars[ord('=')] |= PRINTABLE +chars[ord('?')] |= PRINTABLE + +chars[ord(' ')] |= RFC2253_QUOTE_FIRST | RFC2253_QUOTE_FIRST + +chars[ord(',')] |= RFC2253_QUOTE +chars[ord('=')] |= RFC2253_QUOTE +chars[ord('+')] |= RFC2253_QUOTE +chars[ord('<')] |= RFC2253_QUOTE +chars[ord('>')] |= RFC2253_QUOTE +chars[ord('#')] |= RFC2253_QUOTE +chars[ord(';')] |= RFC2253_QUOTE + +print "#define Q_CONTROL_CHAR 1" +print "#define Q_PRINTABLE 2" +print "#define Q_RFC2253_QUOTE_FIRST 4" +print "#define Q_RFC2253_QUOTE_LAST 8" +print "#define Q_RFC2253_QUOTE 16" +print "#define Q_RFC2253_HEX 32" +print "" +print "#define Q_RFC2253 (Q_RFC2253_QUOTE_FIRST|Q_RFC2253_QUOTE_LAST|Q_RFC2253_QUOTE|Q_RFC2253_HEX)" +print "\n" * 2 + + + + +print "unsigned char char_map[] = {\n\t", +for x in range(0, 256): + if (x % 8) == 0 and x != 0: + print "\n\t", + print "0x%(char)02x" % { 'char' : chars[x] }, + if x < 255: + print ", ", + else: + print "" +print "};" diff --git a/crypto/heimdal/lib/hx509/req.c b/crypto/heimdal/lib/hx509/req.c index d7a85e1cecd..e70ab4b6cce 100644 --- a/crypto/heimdal/lib/hx509/req.c +++ b/crypto/heimdal/lib/hx509/req.c @@ -1,39 +1,38 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" #include -RCSID("$Id: req.c 21344 2007-06-26 14:22:34Z lha $"); struct hx509_request_data { hx509_name name; @@ -47,7 +46,7 @@ struct hx509_request_data { */ int -_hx509_request_init(hx509_context context, hx509_request *req) +hx509_request_init(hx509_context context, hx509_request *req) { *req = calloc(1, sizeof(**req)); if (*req == NULL) @@ -57,7 +56,7 @@ _hx509_request_init(hx509_context context, hx509_request *req) } void -_hx509_request_free(hx509_request *req) +hx509_request_free(hx509_request *req) { if ((*req)->name) hx509_name_free(&(*req)->name); @@ -70,7 +69,7 @@ _hx509_request_free(hx509_request *req) } int -_hx509_request_set_name(hx509_context context, +hx509_request_set_name(hx509_context context, hx509_request req, hx509_name name) { @@ -85,7 +84,7 @@ _hx509_request_set_name(hx509_context context, } int -_hx509_request_get_name(hx509_context context, +hx509_request_get_name(hx509_context context, hx509_request req, hx509_name *name) { @@ -97,7 +96,7 @@ _hx509_request_get_name(hx509_context context, } int -_hx509_request_set_SubjectPublicKeyInfo(hx509_context context, +hx509_request_set_SubjectPublicKeyInfo(hx509_context context, hx509_request req, const SubjectPublicKeyInfo *key) { @@ -106,7 +105,7 @@ _hx509_request_set_SubjectPublicKeyInfo(hx509_context context, } int -_hx509_request_get_SubjectPublicKeyInfo(hx509_context context, +hx509_request_get_SubjectPublicKeyInfo(hx509_context context, hx509_request req, SubjectPublicKeyInfo *key) { @@ -144,7 +143,8 @@ _hx509_request_add_dns_name(hx509_context context, memset(&name, 0, sizeof(name)); name.element = choice_GeneralName_dNSName; - name.u.dNSName = rk_UNCONST(hostname); + name.u.dNSName.data = rk_UNCONST(hostname); + name.u.dNSName.length = strlen(hostname); return add_GeneralNames(&req->san, &name); } @@ -158,7 +158,8 @@ _hx509_request_add_email(hx509_context context, memset(&name, 0, sizeof(name)); name.element = choice_GeneralName_rfc822Name; - name.u.dNSName = rk_UNCONST(email); + name.u.dNSName.data = rk_UNCONST(email); + name.u.dNSName.length = strlen(email); return add_GeneralNames(&req->san, &name); } @@ -195,14 +196,14 @@ _hx509_request_to_pkcs10(hx509_context context, &r.certificationRequestInfo.subjectPKInfo); if (ret) goto out; - r.certificationRequestInfo.attributes = + r.certificationRequestInfo.attributes = calloc(1, sizeof(*r.certificationRequestInfo.attributes)); if (r.certificationRequestInfo.attributes == NULL) { ret = ENOMEM; goto out; } - ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length, + ASN1_MALLOC_ENCODE(CertificationRequestInfo, data.data, data.length, &r.certificationRequestInfo, &size, ret); if (ret) goto out; @@ -237,7 +238,7 @@ out: } int -_hx509_request_parse(hx509_context context, +_hx509_request_parse(hx509_context context, const char *path, hx509_request *req) { @@ -257,20 +258,20 @@ _hx509_request_parse(hx509_context context, /* XXX PEM request */ - ret = _hx509_map_file(path, &p, &len, NULL); + ret = rk_undumpdata(path, &p, &len); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to map file %s", path); return ret; } ret = decode_CertificationRequest(p, len, &r, &size); - _hx509_unmap_file(p, len); + rk_xfree(p); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to decode %s", path); return ret; } - ret = _hx509_request_init(context, req); + ret = hx509_request_init(context, req); if (ret) { free_CertificationRequest(&r); return ret; @@ -278,25 +279,25 @@ _hx509_request_parse(hx509_context context, rinfo = &r.certificationRequestInfo; - ret = _hx509_request_set_SubjectPublicKeyInfo(context, *req, + ret = hx509_request_set_SubjectPublicKeyInfo(context, *req, &rinfo->subjectPKInfo); if (ret) { free_CertificationRequest(&r); - _hx509_request_free(req); + hx509_request_free(req); return ret; } ret = _hx509_name_from_Name(&rinfo->subject, &subject); if (ret) { free_CertificationRequest(&r); - _hx509_request_free(req); + hx509_request_free(req); return ret; } - ret = _hx509_request_set_name(context, *req, subject); + ret = hx509_request_set_name(context, *req, subject); hx509_name_free(&subject); free_CertificationRequest(&r); if (ret) { - _hx509_request_free(req); + hx509_request_free(req); return ret; } @@ -319,7 +320,7 @@ _hx509_request_print(hx509_context context, hx509_request req, FILE *f) fprintf(f, "name: %s\n", subject); free(subject); } - + return 0; } diff --git a/crypto/heimdal/lib/hx509/revoke.c b/crypto/heimdal/lib/hx509/revoke.c index cfde4396a1d..29322807487 100644 --- a/crypto/heimdal/lib/hx509/revoke.c +++ b/crypto/heimdal/lib/hx509/revoke.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /** @@ -50,7 +50,6 @@ */ #include "hx_locl.h" -RCSID("$Id: revoke.c 22275 2007-12-11 11:02:11Z lha $"); struct revoke_crl { char *path; @@ -70,7 +69,7 @@ struct revoke_ocsp { struct hx509_revoke_ctx_data { - unsigned ref; + unsigned int ref; struct { struct revoke_crl *val; size_t len; @@ -113,11 +112,11 @@ _hx509_revoke_ref(hx509_revoke_ctx ctx) { if (ctx == NULL) return NULL; - if (ctx->ref <= 0) - _hx509_abort("revoke ctx refcount <= 0"); - ctx->ref++; if (ctx->ref == 0) - _hx509_abort("revoke ctx refcount == 0"); + _hx509_abort("revoke ctx refcount == 0 on ref"); + ctx->ref++; + if (ctx->ref == UINT_MAX) + _hx509_abort("revoke ctx refcount == UINT_MAX on ref"); return ctx; } @@ -146,8 +145,8 @@ hx509_revoke_free(hx509_revoke_ctx *ctx) if (ctx == NULL || *ctx == NULL) return; - if ((*ctx)->ref <= 0) - _hx509_abort("revoke ctx refcount <= 0 on free"); + if ((*ctx)->ref == 0) + _hx509_abort("revoke ctx refcount == 0 on free"); if (--(*ctx)->ref > 0) return; @@ -177,9 +176,9 @@ verify_ocsp(hx509_context context, hx509_cert signer = NULL; hx509_query q; int ret; - + _hx509_query_clear(&q); - + /* * Need to match on issuer too in case there are two CA that have * issued the same name to a certificate. One example of this is @@ -199,7 +198,7 @@ verify_ocsp(hx509_context context, q.keyhash_sha1 = &ocsp->ocsp.tbsResponseData.responderID.u.byKey; break; } - + ret = hx509_certs_find(context, certs, &q, &signer); if (ret && ocsp->certs) ret = hx509_certs_find(context, ocsp->certs, &q, &signer); @@ -218,36 +217,36 @@ verify_ocsp(hx509_context context, ret = _hx509_cert_is_parent_cmp(s, p, 0); if (ret != 0) { ret = HX509_PARENT_NOT_CA; - hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is " + hx509_set_error_string(context, 0, ret, "Revoke OCSP signer is " "doesn't have CA as signer certificate"); goto out; } ret = _hx509_verify_signature_bitstring(context, - p, + parent, &s->signatureAlgorithm, &s->tbsCertificate._save, &s->signatureValue); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "OSCP signer signature invalid"); + "OCSP signer signature invalid"); goto out; } - ret = hx509_cert_check_eku(context, signer, - oid_id_pkix_kp_OCSPSigning(), 0); + ret = hx509_cert_check_eku(context, signer, + &asn1_oid_id_pkix_kp_OCSPSigning, 0); if (ret) goto out; } ret = _hx509_verify_signature_bitstring(context, - _hx509_get_cert(signer), + signer, &ocsp->ocsp.signatureAlgorithm, &ocsp->ocsp.tbsResponseData._save, &ocsp->ocsp.signature); if (ret) { - hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "OSCP signature invalid"); + hx509_set_error_string(context, HX509_ERROR_APPEND, ret, + "OCSP signature invalid"); goto out; } @@ -294,8 +293,8 @@ parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic) return EINVAL; } - ret = der_heim_oid_cmp(&resp.responseBytes->responseType, - oid_id_pkix_ocsp_basic()); + ret = der_heim_oid_cmp(&resp.responseBytes->responseType, + &asn1_oid_id_pkix_ocsp_basic); if (ret != 0) { free_OCSPResponse(&resp); return HX509_REVOKE_WRONG_DATA; @@ -333,12 +332,16 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) void *data; int ret; - ret = _hx509_map_file(ocsp->path, &data, &length, &sb); + ret = rk_undumpdata(ocsp->path, &data, &length); if (ret) return ret; + ret = stat(ocsp->path, &sb); + if (ret) + return errno; + ret = parse_ocsp_basic(data, length, &basic); - _hx509_unmap_file(data, length); + rk_xfree(data); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to parse OCSP response"); @@ -346,9 +349,9 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) } if (basic.certs) { - int i; + size_t i; - ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, + ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, NULL, &certs); if (ret) { free_OCSPBasicOCSPResponse(&basic); @@ -357,11 +360,11 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) for (i = 0; i < basic.certs->len; i++) { hx509_cert c; - + ret = hx509_cert_init(context, &basic.certs->val[i], &c); if (ret) continue; - + ret = hx509_certs_add(context, certs, c); hx509_cert_free(c); if (ret) @@ -416,7 +419,7 @@ hx509_revoke_add_ocsp(hx509_context context, return 0; } - data = realloc(ctx->ocsps.val, + data = realloc(ctx->ocsps.val, (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0])); if (data == NULL) { hx509_clear_error_string(context); @@ -425,7 +428,7 @@ hx509_revoke_add_ocsp(hx509_context context, ctx->ocsps.val = data; - memset(&ctx->ocsps.val[ctx->ocsps.len], 0, + memset(&ctx->ocsps.val[ctx->ocsps.len], 0, sizeof(ctx->ocsps.val[0])); ctx->ocsps.val[ctx->ocsps.len].path = strdup(path); @@ -460,7 +463,7 @@ verify_crl(hx509_context context, hx509_query q; time_t t; int ret; - + t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate); if (t > time_now) { hx509_set_error_string(context, 0, HX509_CRL_USED_BEFORE_TIME, @@ -482,7 +485,7 @@ verify_crl(hx509_context context, } _hx509_query_clear(&q); - + /* * If it's the signer have CRLSIGN bit set, use that as the signer * cert for the certificate, otherwise, search for a certificate. @@ -493,7 +496,7 @@ verify_crl(hx509_context context, q.match = HX509_QUERY_MATCH_SUBJECT_NAME; q.match |= HX509_QUERY_KU_CRLSIGN; q.subject_name = &crl->tbsCertList.issuer; - + ret = hx509_certs_find(context, certs, &q, &signer); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, @@ -503,7 +506,7 @@ verify_crl(hx509_context context, } ret = _hx509_verify_signature_bitstring(context, - _hx509_get_cert(signer), + signer, &crl->signatureAlgorithm, &crl->tbsCertList._save, &crl->signatureValue); @@ -513,7 +516,7 @@ verify_crl(hx509_context context, goto out; } - /* + /* * If signer is not CA cert, need to check revoke status of this * CRL signing cert too, this include all parent CRL signer cert * up to the root *sigh*, assume root at least hve CERTSIGN flag @@ -523,11 +526,11 @@ verify_crl(hx509_context context, hx509_cert crl_parent; _hx509_query_clear(&q); - + q.match = HX509_QUERY_MATCH_SUBJECT_NAME; q.match |= HX509_QUERY_KU_CRLSIGN; q.subject_name = &_hx509_get_cert(signer)->tbsCertificate.issuer; - + ret = hx509_certs_find(context, certs, &q, &crl_parent); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, @@ -536,7 +539,7 @@ verify_crl(hx509_context context, } ret = hx509_revoke_verify(context, - ctx, + ctx, certs, time_now, signer, @@ -567,14 +570,18 @@ load_crl(const char *path, time_t *t, CRLCertificateList *crl) memset(crl, 0, sizeof(*crl)); - ret = _hx509_map_file(path, &data, &length, &sb); + ret = rk_undumpdata(path, &data, &length); if (ret) return ret; + ret = stat(path, &sb); + if (ret) + return errno; + *t = sb.st_mtime; ret = decode_CRLCertificateList(data, length, crl, &size); - _hx509_unmap_file(data, length); + rk_xfree(data); if (ret) return ret; @@ -613,7 +620,7 @@ hx509_revoke_add_crl(hx509_context context, return HX509_UNSUPPORTED_OPERATION; } - + path += 5; for (i = 0; i < ctx->crls.len; i++) { @@ -621,7 +628,7 @@ hx509_revoke_add_crl(hx509_context context, return 0; } - data = realloc(ctx->crls.val, + data = realloc(ctx->crls.val, (ctx->crls.len + 1) * sizeof(ctx->crls.val[0])); if (data == NULL) { hx509_clear_error_string(context); @@ -637,7 +644,7 @@ hx509_revoke_add_crl(hx509_context context, return ENOMEM; } - ret = load_crl(path, + ret = load_crl(path, &ctx->crls.val[ctx->crls.len].last_modfied, &ctx->crls.val[ctx->crls.len].crl); if (ret) { @@ -711,7 +718,7 @@ hx509_revoke_verify(hx509_context context, &c->tbsCertificate.serialNumber); if (ret != 0) continue; - + /* verify issuer hashes hash */ ret = _hx509_verify_signature(context, NULL, @@ -736,7 +743,7 @@ hx509_revoke_verify(hx509_context context, case choice_OCSPCertStatus_good: break; case choice_OCSPCertStatus_revoked: - hx509_set_error_string(context, 0, + hx509_set_error_string(context, 0, HX509_CERT_REVOKED, "Certificate revoked by issuer in OCSP"); return HX509_CERT_REVOKED; @@ -745,7 +752,7 @@ hx509_revoke_verify(hx509_context context, } /* don't allow the update to be in the future */ - if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate > + if (ocsp->ocsp.tbsResponseData.responses.val[j].thisUpdate > now + context->ocsp_time_diff) continue; @@ -753,8 +760,7 @@ hx509_revoke_verify(hx509_context context, if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) { if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now) continue; - } else - /* Should force a refetch, but can we ? */; + } /* else should force a refetch, but can we ? */ return 0; } @@ -763,11 +769,12 @@ hx509_revoke_verify(hx509_context context, for (i = 0; i < ctx->crls.len; i++) { struct revoke_crl *crl = &ctx->crls.val[i]; struct stat sb; + int diff; /* check if cert.issuer == crls.val[i].crl.issuer */ - ret = _hx509_name_cmp(&c->tbsCertificate.issuer, - &crl->crl.tbsCertList.issuer); - if (ret) + ret = _hx509_name_cmp(&c->tbsCertificate.issuer, + &crl->crl.tbsCertList.issuer, &diff); + if (ret || diff) continue; ret = stat(crl->path, &sb); @@ -798,7 +805,7 @@ hx509_revoke_verify(hx509_context context, if (crl->crl.tbsCertList.crlExtensions) { for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) { if (crl->crl.tbsCertList.crlExtensions->val[j].critical) { - hx509_set_error_string(context, 0, + hx509_set_error_string(context, 0, HX509_CRL_UNKNOWN_EXTENSION, "Unknown CRL extension"); return HX509_CRL_UNKNOWN_EXTENSION; @@ -821,13 +828,13 @@ hx509_revoke_verify(hx509_context context, t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate); if (t > now) continue; - + if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions) for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++) if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical) return HX509_CRL_UNKNOWN_EXTENSION; - - hx509_set_error_string(context, 0, + + hx509_set_error_string(context, 0, HX509_CERT_REVOKED, "Certificate revoked by issuer in CRL"); return HX509_CERT_REVOKED; @@ -839,7 +846,7 @@ hx509_revoke_verify(hx509_context context, if (context->flags & HX509_CTX_VERIFY_MISSING_OK) return 0; - hx509_set_error_string(context, HX509_ERROR_APPEND, + hx509_set_error_string(context, HX509_ERROR_APPEND, HX509_REVOKE_STATUS_MISSING, "No revoke status found for " "certificates"); @@ -865,13 +872,13 @@ add_to_req(hx509_context context, void *ptr, hx509_cert cert) hx509_query q; void *d; - d = realloc(ctx->req->requestList.val, + d = realloc(ctx->req->requestList.val, sizeof(ctx->req->requestList.val[0]) * (ctx->req->requestList.len + 1)); if (d == NULL) return ENOMEM; ctx->req->requestList.val = d; - + one = &ctx->req->requestList.val[ctx->req->requestList.len]; memset(one, 0, sizeof(*one)); @@ -911,7 +918,7 @@ add_to_req(hx509_context context, void *ptr, hx509_cert cert) goto out; os.data = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; - os.length = + os.length = p->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.length / 8; ret = _hx509_create_signature(context, @@ -981,13 +988,13 @@ hx509_ocsp_request(hx509_context context, ctx.digest = digest; ctx.parent = NULL; - ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx); + ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx); hx509_cert_free(ctx.parent); if (ret) goto out; - + if (nonce) { - req.tbsRequest.requestExtensions = + req.tbsRequest.requestExtensions = calloc(1, sizeof(*req.tbsRequest.requestExtensions)); if (req.tbsRequest.requestExtensions == NULL) { ret = ENOMEM; @@ -995,15 +1002,14 @@ hx509_ocsp_request(hx509_context context, } es = req.tbsRequest.requestExtensions; - + es->val = calloc(es->len, sizeof(es->val[0])); if (es->val == NULL) { ret = ENOMEM; goto out; } es->len = 1; - - ret = der_copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID); + ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID); if (ret) { free_OCSPRequest(&req); return ret; @@ -1015,7 +1021,7 @@ hx509_ocsp_request(hx509_context context, goto out; } es->val[0].extnValue.length = 10; - + ret = RAND_bytes(es->val[0].extnValue.data, es->val[0].extnValue.length); if (ret != 1) { @@ -1048,8 +1054,13 @@ static char * printable_time(time_t t) { static char s[128]; - strlcpy(s, ctime(&t)+ 4, sizeof(s)); - s[20] = 0; + char *p; + if ((p = ctime(&t)) == NULL) + strlcpy(s, "?", sizeof(s)); + else { + strlcpy(s, p + 4, sizeof(s)); + s[20] = 0; + } return s; } @@ -1069,8 +1080,9 @@ int hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) { struct revoke_ocsp ocsp; - int ret, i; - + int ret; + size_t i; + if (out == NULL) out = stdout; @@ -1113,7 +1125,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) break; } - fprintf(out, "producedAt: %s\n", + fprintf(out, "producedAt: %s\n", printable_time(ocsp.ocsp.tbsResponseData.producedAt)); fprintf(out, "replies: %d\n", ocsp.ocsp.tbsResponseData.responses.len); @@ -1134,19 +1146,19 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) status = "element unknown"; } - fprintf(out, "\t%d. status: %s\n", i, status); + fprintf(out, "\t%zu. status: %s\n", i, status); - fprintf(out, "\tthisUpdate: %s\n", + fprintf(out, "\tthisUpdate: %s\n", printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); if (ocsp.ocsp.tbsResponseData.responses.val[i].nextUpdate) - fprintf(out, "\tproducedAt: %s\n", + fprintf(out, "\tproducedAt: %s\n", printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); } fprintf(out, "appended certs:\n"); if (ocsp.certs) - ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out); + ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out); free_ocsp(&ocsp); return ret; @@ -1181,7 +1193,8 @@ hx509_ocsp_verify(hx509_context context, { const Certificate *c = _hx509_get_cert(cert); OCSPBasicOCSPResponse basic; - int ret, i; + int ret; + size_t i; if (now == 0) now = time(NULL); @@ -1201,7 +1214,7 @@ hx509_ocsp_verify(hx509_context context, &c->tbsCertificate.serialNumber); if (ret != 0) continue; - + /* verify issuer hashes hash */ ret = _hx509_verify_signature(context, NULL, @@ -1220,7 +1233,7 @@ hx509_ocsp_verify(hx509_context context, } /* don't allow the update to be in the future */ - if (basic.tbsResponseData.responses.val[i].thisUpdate > + if (basic.tbsResponseData.responses.val[i].thisUpdate > now + context->ocsp_time_diff) continue; @@ -1241,7 +1254,7 @@ hx509_ocsp_verify(hx509_context context, { hx509_name name; char *subject; - + ret = hx509_cert_get_subject(cert, &name); if (ret) { hx509_clear_error_string(context); @@ -1314,7 +1327,7 @@ hx509_crl_alloc(hx509_context context, hx509_crl *crl) int hx509_crl_add_revoked_certs(hx509_context context, - hx509_crl crl, + hx509_crl crl, hx509_certs certs) { return hx509_certs_merge(context, crl->revoked, certs); @@ -1377,13 +1390,13 @@ add_revoked(hx509_context context, void *ctx, hx509_cert cert) } c->revokedCertificates->val = ptr; - ret = hx509_cert_get_serialnumber(cert, + ret = hx509_cert_get_serialnumber(cert, &c->revokedCertificates->val[num].userCertificate); if (ret) { hx509_clear_error_string(context); return ret; } - c->revokedCertificates->val[num].revocationDate.element = + c->revokedCertificates->val[num].revocationDate.element = choice_Time_generalTime; c->revokedCertificates->val[num].revocationDate.u.generalTime = time(NULL) - 3600 * 24; @@ -1392,7 +1405,7 @@ add_revoked(hx509_context context, void *ctx, hx509_cert cert) c->revokedCertificates->len++; return 0; -} +} /** * Sign a CRL and return an encode certificate. @@ -1470,7 +1483,7 @@ hx509_crl_sign(hx509_context context, c.tbsCertList.nextUpdate->u.generalTime = next; } - c.tbsCertList.revokedCertificates = + c.tbsCertList.revokedCertificates = calloc(1, sizeof(*c.tbsCertList.revokedCertificates)); if (c.tbsCertList.revokedCertificates == NULL) { hx509_set_error_string(context, 0, ENOMEM, "out of memory"); @@ -1479,7 +1492,7 @@ hx509_crl_sign(hx509_context context, } c.tbsCertList.crlExtensions = NULL; - ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList); + ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList); if (ret) goto out; @@ -1506,10 +1519,13 @@ hx509_crl_sign(hx509_context context, &c.signatureAlgorithm, &c.signatureValue); free(os->data); + if (ret) { + hx509_set_error_string(context, 0, ret, "Failed to sign CRL"); + goto out; + } ASN1_MALLOC_ENCODE(CRLCertificateList, os->data, os->length, &c, &size, ret); - free_CRLCertificateList(&c); if (ret) { hx509_set_error_string(context, 0, ret, "failed to encode CRL"); goto out; @@ -1517,6 +1533,8 @@ hx509_crl_sign(hx509_context context, if (size != os->length) _hx509_abort("internal ASN.1 encoder error"); + free_CRLCertificateList(&c); + return 0; out: diff --git a/crypto/heimdal/lib/hx509/sel-gram.y b/crypto/heimdal/lib/hx509/sel-gram.y new file mode 100644 index 00000000000..7f7c9980e03 --- /dev/null +++ b/crypto/heimdal/lib/hx509/sel-gram.y @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +%{ +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include + + +%} + +%union { + char *string; + struct hx_expr *expr; +} + +%token kw_TRUE +%token kw_FALSE +%token kw_AND +%token kw_OR +%token kw_IN +%token kw_TAILMATCH + +%type expr +%type comp +%type word words +%type number +%type string +%type function +%type variable variables + +%token NUMBER +%token STRING +%token IDENTIFIER + +%start start + +%% + +start: expr { _hx509_expr_input.expr = $1; } + +expr : kw_TRUE { $$ = _hx509_make_expr(op_TRUE, NULL, NULL); } + | kw_FALSE { $$ = _hx509_make_expr(op_FALSE, NULL, NULL); } + | '!' expr { $$ = _hx509_make_expr(op_NOT, $2, NULL); } + | expr kw_AND expr { $$ = _hx509_make_expr(op_AND, $1, $3); } + | expr kw_OR expr { $$ = _hx509_make_expr(op_OR, $1, $3); } + | '(' expr ')' { $$ = $2; } + | comp { $$ = _hx509_make_expr(op_COMP, $1, NULL); } + ; + +words : word { $$ = _hx509_make_expr(expr_WORDS, $1, NULL); } + | word ',' words { $$ = _hx509_make_expr(expr_WORDS, $1, $3); } + ; + +comp : word '=' '=' word { $$ = _hx509_make_expr(comp_EQ, $1, $4); } + | word '!' '=' word { $$ = _hx509_make_expr(comp_NE, $1, $4); } + | word kw_TAILMATCH word { $$ = _hx509_make_expr(comp_TAILEQ, $1, $3); } + | word kw_IN '(' words ')' { $$ = _hx509_make_expr(comp_IN, $1, $4); } + | word kw_IN variable { $$ = _hx509_make_expr(comp_IN, $1, $3); } + ; + +word : number { $$ = $1; } + | string { $$ = $1; } + | function { $$ = $1; } + | variable { $$ = $1; } + ; + +number : NUMBER { $$ = _hx509_make_expr(expr_NUMBER, $1, NULL); }; +string : STRING { $$ = _hx509_make_expr(expr_STRING, $1, NULL); }; + +function: IDENTIFIER '(' words ')' { + $$ = _hx509_make_expr(expr_FUNCTION, $1, $3); } + ; +variable: '%' '{' variables '}' { $$ = $3; } + ; + +variables: IDENTIFIER '.' variables { + $$ = _hx509_make_expr(expr_VAR, $1, $3); } + | IDENTIFIER { + $$ = _hx509_make_expr(expr_VAR, $1, NULL); } + ; diff --git a/crypto/heimdal/lib/hx509/sel-lex.l b/crypto/heimdal/lib/hx509/sel-lex.l new file mode 100644 index 00000000000..4c9396750a3 --- /dev/null +++ b/crypto/heimdal/lib/hx509/sel-lex.l @@ -0,0 +1,139 @@ +%{ +/* + * Copyright (c) 2004, 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#undef ECHO + +#include +#include +#include +#include +#include "sel.h" +#include "sel-gram.h" +unsigned lineno = 1; + +static char * handle_string(void); +static int lex_input(char *, int); + +struct hx_expr_input _hx509_expr_input; + +#ifndef YY_NULL +#define YY_NULL 0 +#endif + +#define YY_NO_UNPUT 1 + +#undef YY_INPUT +#define YY_INPUT(buf,res,maxsize) (res = lex_input(buf, maxsize)) + +#undef ECHO + +%} +%% + +TRUE { return kw_TRUE; } +FALSE { return kw_FALSE; } +AND { return kw_AND; } +OR { return kw_OR; } +IN { return kw_IN; } +TAILMATCH { return kw_TAILMATCH; } + +[A-Za-z][-A-Za-z0-9_]* { + yylval.string = strdup ((const char *)yytext); + return IDENTIFIER; + } +"\"" { yylval.string = handle_string(); return STRING; } +\n { ++lineno; } +[,.!={}()%] { return *yytext; } +[ \t] ; +%% + +static char * +handle_string(void) +{ + char x[1024]; + int i = 0; + int c; + int quote = 0; + while((c = input()) != EOF){ + if(quote) { + x[i++] = '\\'; + x[i++] = c; + quote = 0; + continue; + } + if(c == '\n'){ + _hx509_sel_yyerror("unterminated string"); + lineno++; + break; + } + if(c == '\\'){ + quote++; + continue; + } + if(c == '\"') + break; + x[i++] = c; + } + x[i] = '\0'; + return strdup(x); +} + +int +yywrap () +{ + return 1; +} + +static int +lex_input(char *buf, int max_size) +{ + int n; + + n = _hx509_expr_input.length - _hx509_expr_input.offset; + if (max_size < n) + n = max_size; + if (n <= 0) + return YY_NULL; + + memcpy(buf, _hx509_expr_input.buf + _hx509_expr_input.offset, n); + _hx509_expr_input.offset += n; + + return n; +} diff --git a/crypto/heimdal/lib/hx509/sel.c b/crypto/heimdal/lib/hx509/sel.c new file mode 100644 index 00000000000..6930b50f7cd --- /dev/null +++ b/crypto/heimdal/lib/hx509/sel.c @@ -0,0 +1,233 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hx_locl.h" + +struct hx_expr * +_hx509_make_expr(enum hx_expr_op op, void *arg1, void *arg2) +{ + struct hx_expr *expr; + + expr = malloc(sizeof(*expr)); + if (expr == NULL) + return NULL; + expr->op = op; + expr->arg1 = arg1; + expr->arg2 = arg2; + + return expr; +} + +static const char * +eval_word(hx509_context context, hx509_env env, struct hx_expr *word) +{ + switch (word->op) { + case expr_STRING: + return word->arg1; + case expr_VAR: + if (word->arg2 == NULL) + return hx509_env_find(context, env, word->arg1); + + env = hx509_env_find_binding(context, env, word->arg1); + if (env == NULL) + return NULL; + + return eval_word(context, env, word->arg2); + default: + return NULL; + } +} + +static hx509_env +find_variable(hx509_context context, hx509_env env, struct hx_expr *word) +{ + assert(word->op == expr_VAR); + + if (word->arg2 == NULL) + return hx509_env_find_binding(context, env, word->arg1); + + env = hx509_env_find_binding(context, env, word->arg1); + if (env == NULL) + return NULL; + return find_variable(context, env, word->arg2); +} + +static int +eval_comp(hx509_context context, hx509_env env, struct hx_expr *expr) +{ + switch (expr->op) { + case comp_NE: + case comp_EQ: + case comp_TAILEQ: { + const char *s1, *s2; + int ret; + + s1 = eval_word(context, env, expr->arg1); + s2 = eval_word(context, env, expr->arg2); + + if (s1 == NULL || s2 == NULL) + return FALSE; + + if (expr->op == comp_TAILEQ) { + size_t len1 = strlen(s1); + size_t len2 = strlen(s2); + + if (len1 < len2) + return 0; + ret = strcmp(s1 + (len1 - len2), s2) == 0; + } else { + ret = strcmp(s1, s2) == 0; + if (expr->op == comp_NE) + ret = !ret; + } + return ret; + } + case comp_IN: { + struct hx_expr *subexpr; + const char *w, *s1; + + w = eval_word(context, env, expr->arg1); + + subexpr = expr->arg2; + + if (subexpr->op == expr_WORDS) { + while (subexpr) { + s1 = eval_word(context, env, subexpr->arg1); + if (strcmp(w, s1) == 0) + return TRUE; + subexpr = subexpr->arg2; + } + } else if (subexpr->op == expr_VAR) { + hx509_env subenv; + + subenv = find_variable(context, env, subexpr); + if (subenv == NULL) + return FALSE; + + while (subenv) { + if (subenv->type != env_string) + continue; + if (strcmp(w, subenv->name) == 0) + return TRUE; + if (strcmp(w, subenv->u.string) == 0) + return TRUE; + subenv = subenv->next; + } + + } else + _hx509_abort("hx509 eval IN unknown op: %d", (int)subexpr->op); + + return FALSE; + } + default: + _hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op); + } + return FALSE; +} + +int +_hx509_expr_eval(hx509_context context, hx509_env env, struct hx_expr *expr) +{ + switch (expr->op) { + case op_TRUE: + return 1; + case op_FALSE: + return 0; + case op_NOT: + return ! _hx509_expr_eval(context, env, expr->arg1); + case op_AND: + return _hx509_expr_eval(context, env, expr->arg1) && + _hx509_expr_eval(context, env, expr->arg2); + case op_OR: + return _hx509_expr_eval(context, env, expr->arg1) || + _hx509_expr_eval(context, env, expr->arg2); + case op_COMP: + return eval_comp(context, env, expr->arg1); + default: + _hx509_abort("hx509 eval expr with unknown op: %d", (int)expr->op); + UNREACHABLE(return 0); + } +} + +void +_hx509_expr_free(struct hx_expr *expr) +{ + switch (expr->op) { + case expr_STRING: + case expr_NUMBER: + free(expr->arg1); + break; + case expr_WORDS: + case expr_FUNCTION: + case expr_VAR: + free(expr->arg1); + if (expr->arg2) + _hx509_expr_free(expr->arg2); + break; + default: + if (expr->arg1) + _hx509_expr_free(expr->arg1); + if (expr->arg2) + _hx509_expr_free(expr->arg2); + break; + } + free(expr); +} + +struct hx_expr * +_hx509_expr_parse(const char *buf) +{ + _hx509_expr_input.buf = buf; + _hx509_expr_input.length = strlen(buf); + _hx509_expr_input.offset = 0; + _hx509_expr_input.expr = NULL; + + if (_hx509_expr_input.error) { + free(_hx509_expr_input.error); + _hx509_expr_input.error = NULL; + } + + yyparse(); + + return _hx509_expr_input.expr; +} + +void +_hx509_sel_yyerror (const char *s) +{ + if (_hx509_expr_input.error) + free(_hx509_expr_input.error); + + _hx509_expr_input.error = strdup(s); +} + diff --git a/crypto/heimdal/lib/hx509/sel.h b/crypto/heimdal/lib/hx509/sel.h new file mode 100644 index 00000000000..177ec0a65b2 --- /dev/null +++ b/crypto/heimdal/lib/hx509/sel.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +enum hx_expr_op { + op_TRUE, + op_FALSE, + op_NOT, + op_AND, + op_OR, + op_COMP, + + comp_EQ, + comp_NE, + comp_IN, + comp_TAILEQ, + + expr_NUMBER, + expr_STRING, + expr_FUNCTION, + expr_VAR, + expr_WORDS +}; + +struct hx_expr { + enum hx_expr_op op; + void *arg1; + void *arg2; +}; + +struct hx_expr_input { + const char *buf; + size_t length; + size_t offset; + struct hx_expr *expr; + char *error; +}; + +extern struct hx_expr_input _hx509_expr_input; + +#define yyparse _hx509_sel_yyparse +#define yylex _hx509_sel_yylex +#define yyerror _hx509_sel_yyerror +#define yylval _hx509_sel_yylval +#define yychar _hx509_sel_yychar +#define yydebug _hx509_sel_yydebug +#define yynerrs _hx509_sel_yynerrs +#define yywrap _hx509_sel_yywrap + +int _hx509_sel_yyparse(void); +int _hx509_sel_yylex(void); +void _hx509_sel_yyerror(const char *); + diff --git a/crypto/heimdal/lib/hx509/softp11.c b/crypto/heimdal/lib/hx509/softp11.c index 86bb1d6dbe7..38f587e0fea 100644 --- a/crypto/heimdal/lib/hx509/softp11.c +++ b/crypto/heimdal/lib/hx509/softp11.c @@ -1,36 +1,38 @@ /* - * Copyright (c) 2004 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ +#define CRYPTOKI_EXPORTS 1 + #include "hx_locl.h" #include "pkcs11.h" @@ -38,6 +40,14 @@ #define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK) #define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle) +#ifndef HAVE_RANDOM +#define random() rand() +#define srandom(s) srand(s) +#endif + +#ifdef _WIN32 +#include +#endif struct st_attr { CK_ATTRIBUTE attribute; @@ -127,11 +137,12 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) { int len; va_list ap; + va_start(ap, fmt); len = vsnprintf(str, size, fmt, ap); va_end(ap); - if (len < 0 || len > size) + if (len < 0 || (size_t)len > size) return; - while(len < size) + while ((size_t)len < size) str[len++] = fillchar; } @@ -141,9 +152,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) #define VERIFY_SESSION_HANDLE(s, state) \ { \ - CK_RV ret; \ - ret = verify_session_handle(s, state); \ - if (ret != CKR_OK) { \ + CK_RV xret; \ + xret = verify_session_handle(s, state); \ + if (xret != CKR_OK) { \ /* return CKR_OK */; \ } \ } @@ -152,7 +163,7 @@ static CK_RV verify_session_handle(CK_SESSION_HANDLE hSession, struct session_state **state) { - int i; + size_t i; for (i = 0; i < MAX_NUM_SESSION; i++){ if (soft_token.state[i].session_handle == hSession) @@ -295,13 +306,10 @@ add_st_object(void) struct st_object *o, **objs; int i; - o = malloc(sizeof(*o)); + o = calloc(1, sizeof(*o)); if (o == NULL) return NULL; - memset(o, 0, sizeof(*o)); - o->attrs = NULL; - o->num_attributes = 0; - + for (i = 0; i < soft_token.object.num_objs; i++) { if (soft_token.object.objs == NULL) { soft_token.object.objs[i] = o; @@ -317,7 +325,7 @@ add_st_object(void) } soft_token.object.objs = objs; soft_token.object.objs[soft_token.object.num_objs++] = o; - } + } soft_token.object.objs[i]->object_handle = (random() & (~OBJECT_ID_MASK)) | i; @@ -325,7 +333,7 @@ add_st_object(void) } static CK_RV -add_object_attribute(struct st_object *o, +add_object_attribute(struct st_object *o, int secret, CK_ATTRIBUTE_TYPE type, CK_VOID_PTR pValue, @@ -361,14 +369,14 @@ add_pubkey_info(hx509_context hxctx, struct st_object *o, CK_ULONG modulus_bits = 0; CK_BYTE *exponent = NULL; size_t exponent_len = 0; - + if (key_type != CKK_RSA) return CKR_OK; if (_hx509_cert_private_key(cert) == NULL) return CKR_OK; - num = _hx509_private_key_get_internal(context, - _hx509_cert_private_key(cert), + num = _hx509_private_key_get_internal(context, + _hx509_cert_private_key(cert), "rsa-modulus"); if (num == NULL) return CKR_GENERAL_ERROR; @@ -384,9 +392,9 @@ add_pubkey_info(hx509_context hxctx, struct st_object *o, &modulus_bits, sizeof(modulus_bits)); free(modulus); - - num = _hx509_private_key_get_internal(context, - _hx509_cert_private_key(cert), + + num = _hx509_private_key_get_internal(context, + _hx509_cert_private_key(cert), "rsa-exponent"); if (num == NULL) return CKR_GENERAL_ERROR; @@ -413,6 +421,7 @@ struct foo { static int add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) { + static char empty[] = ""; struct foo *foo = (struct foo *)ctx; struct st_object *o = NULL; CK_OBJECT_CLASS type; @@ -512,8 +521,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id)); - add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ - add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ + add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */ + add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); mech_type = CKM_RSA_X_509; @@ -549,8 +558,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id)); - add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ - add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ + add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */ + add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); mech_type = CKM_RSA_X_509; @@ -621,7 +630,7 @@ add_certificate(const char *cert_file, return CKR_GENERAL_ERROR; } - ret = hx509_certs_iter(context, certs, add_cert, &foo); + ret = hx509_certs_iter_f(context, certs, add_cert, &foo); hx509_certs_free(&certs); if (ret) { st_logf("failed adding certs from file %s\n", cert_file); @@ -685,40 +694,43 @@ static CK_RV read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin) { char buf[1024], *type, *s, *p; - int anchor; FILE *f; CK_RV ret = CKR_OK; CK_RV failed = CKR_OK; + if (fn == NULL) { + st_logf("Can't open configuration file. No file specified\n"); + return CKR_GENERAL_ERROR; + } + f = fopen(fn, "r"); if (f == NULL) { st_logf("can't open configuration file %s\n", fn); return CKR_GENERAL_ERROR; } + rk_cloexec_file(f); while(fgets(buf, sizeof(buf), f) != NULL) { buf[strcspn(buf, "\n")] = '\0'; - anchor = 0; - st_logf("line: %s\n", buf); p = buf; - while (isspace(*p)) + while (isspace((unsigned char)*p)) p++; if (*p == '#') continue; - while (isspace(*p)) + while (isspace((unsigned char)*p)) p++; s = NULL; type = strtok_r(p, "\t", &s); if (type == NULL) continue; - + if (strcasecmp("certificate", type) == 0) { char *cert, *id, *label; - + id = strtok_r(NULL, "\t", &s); if (id == NULL) { st_logf("no id\n"); @@ -735,9 +747,9 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin) st_logf("no certfiicate store\n"); continue; } - + st_logf("adding: %s: %s in file %s\n", id, label, cert); - + ret = add_certificate(cert, pin, id, label); if (ret) failed = ret; @@ -755,11 +767,14 @@ read_conf_file(const char *fn, CK_USER_TYPE userType, const char *pin) if (strcasecmp(name, "stdout") == 0) soft_token.logfile = stdout; - else + else { soft_token.logfile = fopen(name, "a"); + if (soft_token.logfile) + rk_cloexec_file(soft_token.logfile); + } if (soft_token.logfile == NULL) st_logf("failed to open file: %s\n", name); - + } else if (strcasecmp("app-fatal", type) == 0) { char *name; @@ -793,12 +808,59 @@ func_not_supported(void) return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV +static char * +get_config_file_for_user(void) +{ + char *fn = NULL; + +#ifndef _WIN32 + char *home = NULL; + + if (!issuid()) { + fn = getenv("SOFTPKCS11RC"); + if (fn) + fn = strdup(fn); + home = getenv("HOME"); + } + if (fn == NULL && home == NULL) { + struct passwd *pw = getpwuid(getuid()); + if(pw != NULL) + home = pw->pw_dir; + } + if (fn == NULL) { + if (home) + asprintf(&fn, "%s/.soft-token.rc", home); + else + fn = strdup("/etc/soft-token.rc"); + } +#else /* Windows */ + + char appdatafolder[MAX_PATH]; + + fn = getenv("SOFTPKCS11RC"); + + /* Retrieve the roaming AppData folder for the current user. The + current user is the user account represented by the current + thread token. */ + + if (fn == NULL && + SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, SHGFP_TYPE_CURRENT, appdatafolder))) { + + asprintf(&fn, "%s\\.soft-token.rc", appdatafolder); + } + +#endif /* _WIN32 */ + + return fn; +} + + +CK_RV CK_SPEC C_Initialize(CK_VOID_PTR a) { CK_C_INITIALIZE_ARGS_PTR args = a; CK_RV ret; - int i; + size_t i; st_logf("Initialize\n"); @@ -806,7 +868,7 @@ C_Initialize(CK_VOID_PTR a) OpenSSL_add_all_algorithms(); - srandom(getpid() ^ time(NULL)); + srandom(getpid() ^ (int) time(NULL)); for (i = 0; i < MAX_NUM_SESSION; i++) { soft_token.state[i].session_handle = CK_INVALID_HANDLE; @@ -822,7 +884,7 @@ C_Initialize(CK_VOID_PTR a) soft_token.object.objs = NULL; soft_token.object.num_objs = 0; - + soft_token.logfile = NULL; #if 0 soft_token.logfile = stdout; @@ -839,29 +901,7 @@ C_Initialize(CK_VOID_PTR a) st_logf("\tFlags\t%04x\n", (unsigned int)args->flags); } - { - char *fn = NULL, *home = NULL; - - if (getuid() == geteuid()) { - fn = getenv("SOFTPKCS11RC"); - if (fn) - fn = strdup(fn); - home = getenv("HOME"); - } - if (fn == NULL && home == NULL) { - struct passwd *pw = getpwuid(getuid()); - if(pw != NULL) - home = pw->pw_dir; - } - if (fn == NULL) { - if (home) - asprintf(&fn, "%s/.soft-token.rc", home); - else - fn = strdup("/etc/soft-token.rc"); - } - - soft_token.config_file = fn; - } + soft_token.config_file = get_config_file_for_user(); /* * This operations doesn't return CKR_OK if any of the @@ -877,7 +917,7 @@ C_Initialize(CK_VOID_PTR a) CK_RV C_Finalize(CK_VOID_PTR args) { - int i; + size_t i; INIT_CONTEXT(); @@ -904,11 +944,11 @@ C_GetInfo(CK_INFO_PTR args) memset(args, 17, sizeof(*args)); args->cryptokiVersion.major = 2; args->cryptokiVersion.minor = 10; - snprintf_fill((char *)args->manufacturerID, + snprintf_fill((char *)args->manufacturerID, sizeof(args->manufacturerID), ' ', "Heimdal hx509 SoftToken"); - snprintf_fill((char *)args->libraryDescription, + snprintf_fill((char *)args->libraryDescription, sizeof(args->libraryDescription), ' ', "Heimdal hx509 SoftToken"); args->libraryVersion.major = 2; @@ -954,7 +994,7 @@ C_GetSlotInfo(CK_SLOT_ID slotID, if (slotID != 1) return CKR_ARGUMENTS_BAD; - snprintf_fill((char *)pInfo->slotDescription, + snprintf_fill((char *)pInfo->slotDescription, sizeof(pInfo->slotDescription), ' ', "Heimdal hx509 SoftToken (slot)"); @@ -969,7 +1009,7 @@ C_GetSlotInfo(CK_SLOT_ID slotID, pInfo->hardwareVersion.minor = 0; pInfo->firmwareVersion.major = 1; pInfo->firmwareVersion.minor = 0; - + return CKR_OK; } @@ -978,15 +1018,15 @@ C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) { INIT_CONTEXT(); - st_logf("GetTokenInfo: %s\n", has_session()); + st_logf("GetTokenInfo: %s\n", has_session()); memset(pInfo, 19, sizeof(*pInfo)); - snprintf_fill((char *)pInfo->label, + snprintf_fill((char *)pInfo->label, sizeof(pInfo->label), ' ', "Heimdal hx509 SoftToken (token)"); - snprintf_fill((char *)pInfo->manufacturerID, + snprintf_fill((char *)pInfo->manufacturerID, sizeof(pInfo->manufacturerID), ' ', "Heimdal hx509 SoftToken (token)"); @@ -994,12 +1034,12 @@ C_GetTokenInfo(CK_SLOT_ID slotID, sizeof(pInfo->model), ' ', "Heimdal hx509 SoftToken (token)"); - snprintf_fill((char *)pInfo->serialNumber, + snprintf_fill((char *)pInfo->serialNumber, sizeof(pInfo->serialNumber), ' ', "4711"); - pInfo->flags = - CKF_TOKEN_INITIALIZED | + pInfo->flags = + CKF_TOKEN_INITIALIZED | CKF_USER_PIN_INITIALIZED; if (soft_token.flags.login_done == 0) @@ -1073,10 +1113,10 @@ C_OpenSession(CK_SLOT_ID slotID, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession) { - int i; + size_t i; INIT_CONTEXT(); st_logf("OpenSession: slot: %d\n", (int)slotID); - + if (soft_token.open_sessions == MAX_NUM_SESSION) return CKR_SESSION_COUNT; @@ -1116,7 +1156,7 @@ C_CloseSession(CK_SESSION_HANDLE hSession) CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) { - int i; + size_t i; INIT_CONTEXT(); st_logf("CloseAllSessions\n"); @@ -1134,7 +1174,7 @@ C_GetSessionInfo(CK_SESSION_HANDLE hSession, { st_logf("GetSessionInfo\n"); INIT_CONTEXT(); - + VERIFY_SESSION_HANDLE(hSession, NULL); memset(pInfo, 20, sizeof(*pInfo)); @@ -1178,7 +1218,7 @@ C_Login(CK_SESSION_HANDLE hSession, soft_token.flags.login_done = 1; free(pin); - + return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT; } @@ -1276,12 +1316,12 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, print_attributes(pTemplate, ulCount); - state->find.attributes = + state->find.attributes = calloc(1, ulCount * sizeof(state->find.attributes[0])); if (state->find.attributes == NULL) return CKR_DEVICE_MEMORY; for (i = 0; i < ulCount; i++) { - state->find.attributes[i].pValue = + state->find.attributes[i].pValue = malloc(pTemplate[i].ulValueLen); if (state->find.attributes[i].pValue == NULL) { find_object_final(state); @@ -1390,7 +1430,7 @@ commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len, static CK_RV -dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) +dup_mechanism(CK_MECHANISM_PTR *dp, const CK_MECHANISM_PTR pMechanism) { CK_MECHANISM_PTR p; @@ -1398,9 +1438,9 @@ dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) if (p == NULL) return CKR_DEVICE_MEMORY; - if (*dup) - free(*dup); - *dup = p; + if (*dp) + free(*dp); + *dp = p; memcpy(p, pMechanism, sizeof(*p)); return CKR_OK; @@ -1433,15 +1473,15 @@ C_SignInit(CK_SESSION_HANDLE hSession, INIT_CONTEXT(); st_logf("SignInit\n"); VERIFY_SESSION_HANDLE(hSession, &state); - - ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), + + ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), mechs, sizeof(mechs)/sizeof(mechs[0]), pMechanism, hKey, &o); if (ret) return ret; ret = dup_mechanism(&state->sign_mechanism, pMechanism); - if (ret == CKR_OK) + if (ret == CKR_OK) state->sign_object = OBJECT_ID(o); return CKR_OK; @@ -1457,7 +1497,7 @@ C_Sign(CK_SESSION_HANDLE hSession, struct session_state *state; struct st_object *o; CK_RV ret; - uint hret; + int hret; const AlgorithmIdentifier *alg; heim_octet_string sig, data; @@ -1498,7 +1538,7 @@ C_Sign(CK_SESSION_HANDLE hSession, ret = CKR_FUNCTION_NOT_SUPPORTED; goto out; } - + data.data = pData; data.length = ulDataLen; @@ -1566,17 +1606,17 @@ C_VerifyInit(CK_SESSION_HANDLE hSession, INIT_CONTEXT(); st_logf("VerifyInit\n"); VERIFY_SESSION_HANDLE(hSession, &state); - - ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), + + ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]), mechs, sizeof(mechs)/sizeof(mechs[0]), pMechanism, hKey, &o); if (ret) return ret; ret = dup_mechanism(&state->verify_mechanism, pMechanism); - if (ret == CKR_OK) + if (ret == CKR_OK) state->verify_object = OBJECT_ID(o); - + return ret; } @@ -1618,7 +1658,7 @@ C_Verify(CK_SESSION_HANDLE hSession, data.length = ulSignatureLen; hret = _hx509_verify_signature(context, - _hx509_get_cert(o->cert), + o->cert, alg, &data, &sig); diff --git a/crypto/heimdal/lib/hx509/test_ca.in b/crypto/heimdal/lib/hx509/test_ca.in index 5cc124d3bc7..2ca294ea79e 100644 --- a/crypto/heimdal/lib/hx509/test_ca.in +++ b/crypto/heimdal/lib/hx509/test_ca.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan +# Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_ca.in 21345 2007-06-26 14:22:57Z lha $ +# $Id$ # srcdir="@srcdir@" diff --git a/crypto/heimdal/lib/hx509/test_cert.in b/crypto/heimdal/lib/hx509/test_cert.in index ed04bfac3b7..6cbf21bf057 100644 --- a/crypto/heimdal/lib/hx509/test_cert.in +++ b/crypto/heimdal/lib/hx509/test_cert.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2007 Kungliga Tekniska Högskolan +# Copyright (c) 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -65,5 +65,20 @@ ${hxtool} certificate-copy DER-FILE:cert-der.tmp PEM-FILE:cert-pem2.tmp || exit cmp cert-pem.tmp cert-pem2.tmp || exit 1 +echo "verify n0ll cert (fail)" +${hxtool} verify --missing-revoke \ + --hostname=foo.com \ + cert:FILE:$srcdir/data/n0ll.pem \ + anchor:FILE:$srcdir/data/n0ll.pem && exit 1 + +echo "verify n0ll cert (fail)" +${hxtool} verify --missing-revoke \ + cert:FILE:$srcdir/data/n0ll.pem \ + anchor:FILE:$srcdir/data/n0ll.pem && exit 1 + +echo "check that windows cert with utf16 in printable string works" +${hxtool} verify --missing-revoke \ + cert:FILE:$srcdir/data/win-u16-in-printablestring.der \ + anchor:FILE:$srcdir/data/win-u16-in-printablestring.der || exit 1 exit 0 diff --git a/crypto/heimdal/lib/hx509/test_chain.in b/crypto/heimdal/lib/hx509/test_chain.in index a99ae5e4cb5..df551d9c0a9 100644 --- a/crypto/heimdal/lib/hx509/test_chain.in +++ b/crypto/heimdal/lib/hx509/test_chain.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan +# Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_chain.in 21278 2007-06-25 04:54:43Z lha $ +# $Id$ # srcdir="@srcdir@" @@ -187,6 +187,20 @@ ${hxtool} verify \ anchor:FILE:$srcdir/data/ca.crt \ crl:FILE:$srcdir/data/crl1.der > /dev/null && exit 1 +if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then + echo "not testing ECDSA since hcrypto doesnt support ECDSA" +else + echo "eccert -> root" + ${hxtool} verify --missing-revoke \ + cert:FILE:$srcdir/data/secp160r2TestServer.cert.pem \ + anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1 + + echo "eccert -> root" + ${hxtool} verify --missing-revoke \ + cert:FILE:$srcdir/data/secp160r2TestClient.cert.pem \ + anchor:FILE:$srcdir/data/secp160r1TestCA.cert.pem > /dev/null || exit 1 +fi + echo "proxy cert" ${hxtool} verify --missing-revoke \ --allow-proxy-certificate \ diff --git a/crypto/heimdal/lib/hx509/test_cms.in b/crypto/heimdal/lib/hx509/test_cms.in index a89e8102353..d519d25a22b 100644 --- a/crypto/heimdal/lib/hx509/test_cms.in +++ b/crypto/heimdal/lib/hx509/test_cms.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2005 Kungliga Tekniska Högskolan +# Copyright (c) 2005 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_cms.in 21311 2007-06-25 18:26:37Z lha $ +# $Id$ # srcdir="@srcdir@" @@ -48,6 +48,23 @@ if ${hxtool} info | grep 'rand: not available' > /dev/null ; then exit 77 fi +if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then + echo "not testing ECDSA since hcrypto doesnt support ECDSA" +else + echo "create signed data (ec)" + ${hxtool} cms-create-sd \ + --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \ + "$srcdir/test_chain.in" \ + sd.data > /dev/null || exit 1 + + echo "verify signed data (ec)" + ${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \ + sd.data sd.data.out > /dev/null || exit 1 + cmp "$srcdir/test_chain.in" sd.data.out || exit 1 +fi + echo "create signed data" ${hxtool} cms-create-sd \ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ @@ -61,6 +78,29 @@ ${hxtool} cms-verify-sd \ sd.data sd.data.out > /dev/null || exit 1 cmp "$srcdir/test_chain.in" sd.data.out || exit 1 +echo "create signed data (no signer)" +${hxtool} cms-create-sd \ + --no-signer \ + --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ + "$srcdir/test_chain.in" \ + sd.data > /dev/null || exit 1 + +echo "verify signed data (no signer)" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --no-signer-allowed \ + --anchors=FILE:$srcdir/data/ca.crt \ + sd.data sd.data.out > signer.tmp || exit 1 +cmp "$srcdir/test_chain.in" sd.data.out || exit 1 +grep "unsigned" signer.tmp > /dev/null || exit 1 + +echo "verify signed data (no signer) (test failure)" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/ca.crt \ + sd.data sd.data.out 2> signer.tmp && exit 1 +grep "No signers where found" signer.tmp > /dev/null || exit 1 + echo "create signed data (id-by-name)" ${hxtool} cms-create-sd \ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ @@ -145,6 +185,14 @@ ${hxtool} cms-create-sd \ "$srcdir/test_chain.in" \ sd.data > /dev/null || exit 1 +echo "verify signed data (pem)" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/ca.crt \ + --pem \ + sd.data sd.data.out > /dev/null +cmp "$srcdir/test_chain.in" sd.data.out || exit 1 + echo "create signed data (pem, detached)" ${hxtool} cms-create-sd \ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ @@ -153,6 +201,15 @@ ${hxtool} cms-create-sd \ "$srcdir/test_chain.in" \ sd.data > /dev/null || exit 1 +echo "verify signed data (pem, detached)" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/ca.crt \ + --pem \ + --signed-content="$srcdir/test_chain.in" \ + sd.data sd.data.out > /dev/null +cmp "$srcdir/test_chain.in" sd.data.out || exit 1 + echo "create signed data (p12)" ${hxtool} cms-create-sd \ --pass=PASS:foobar \ @@ -195,6 +252,31 @@ ${hxtool} cms-verify-sd \ sd.data.out > /dev/null || exit 1 cmp "$srcdir/data/static-file" sd.data.out || exit 1 +echo "verify signed data - sha1" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/ca.crt \ + --content-info \ + "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1 +cmp "$srcdir/data/static-file" sd.data.out || exit 1 + +echo "verify signed data - sha256" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/ca.crt \ + --content-info \ + "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1 +cmp "$srcdir/data/static-file" sd.data.out || exit 1 + +#echo "verify signed data - sha512" +#${hxtool} cms-verify-sd \ +# --missing-revoke \ +# --anchors=FILE:$srcdir/data/ca.crt \ +# --content-info \ +# "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1 +#cmp "$srcdir/data/static-file" sd.data.out || exit 1 + + echo "create signed data (subcert, no certs)" ${hxtool} cms-create-sd \ --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ @@ -317,6 +399,60 @@ ${hxtool} cms-verify-sd \ sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 cmp "$srcdir/test_chain.in" sd.data.out || exit 1 +echo "create signed data (pem, detached)" +cp "$srcdir/test_chain.in" sd +${hxtool} cms-sign \ + --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ + --detached-signature \ + --pem \ + sd > /dev/null || exit 1 + +echo "verify signed data (pem, detached)" +${hxtool} cms-verify-sd \ + --missing-revoke \ + --anchors=FILE:$srcdir/data/ca.crt \ + --pem \ + sd.pem > /dev/null + +echo "create signed data (no certs, detached sig)" +cp "$srcdir/test_chain.in" sd +${hxtool} cms-sign \ + --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ + --detached-signature \ + --no-embedded-certs \ + "$srcdir/data/static-file" \ + sd > /dev/null || exit 1 + +echo "create signed data (leif only, detached sig)" +cp "$srcdir/test_chain.in" sd +${hxtool} cms-sign \ + --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ + --detached-signature \ + --embed-leaf-only \ + "$srcdir/data/static-file" \ + sd > /dev/null || exit 1 + +echo "create signed data (no certs, detached sig, 2 signers)" +cp "$srcdir/test_chain.in" sd +${hxtool} cms-sign \ + --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ + --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ + --detached-signature \ + --no-embedded-certs \ + "$srcdir/data/static-file" \ + sd > /dev/null || exit 1 + +echo "create signed data (no certs, detached sig, 3 signers)" +cp "$srcdir/test_chain.in" sd +${hxtool} cms-sign \ + --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ + --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ + --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ + --detached-signature \ + --no-embedded-certs \ + "$srcdir/data/static-file" \ + sd > /dev/null || exit 1 + echo "envelope data (content-type)" ${hxtool} cms-envelope \ --certificate=FILE:$srcdir/data/test.crt \ @@ -370,6 +506,7 @@ for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do ${hxtool} cms-unenvelope \ --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ --content-info \ + --allow-weak \ "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 cmp "$srcdir/data/static-file" ev.data.out || exit 1 done diff --git a/crypto/heimdal/lib/hx509/test_crypto.in b/crypto/heimdal/lib/hx509/test_crypto.in index 31b5233fe9e..9206031bef7 100644 --- a/crypto/heimdal/lib/hx509/test_crypto.in +++ b/crypto/heimdal/lib/hx509/test_crypto.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2006 Kungliga Tekniska Högskolan +# Copyright (c) 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_crypto.in 20898 2007-06-04 23:07:46Z lha $ +# $Id$ # srcdir="@srcdir@" @@ -144,12 +144,12 @@ ${hxtool} crypto-select \ cmp test ${srcdir}/tst-crypto-select7 > /dev/null || \ { echo "select7 failure"; exit 1; } -echo "crypto available1" -${hxtool} crypto-available \ - --type=all \ - > test || { echo "available1"; exit 1; } -cmp test ${srcdir}/tst-crypto-available1 > /dev/null || \ - { echo "available1 failure"; exit 1; } +#echo "crypto available1" +#${hxtool} crypto-available \ +# --type=all \ +# > test || { echo "available1"; exit 1; } +#cmp test ${srcdir}/tst-crypto-available1 > /dev/null || \ +# { echo "available1 failure"; exit 1; } echo "crypto available2" ${hxtool} crypto-available \ @@ -158,12 +158,12 @@ ${hxtool} crypto-available \ cmp test ${srcdir}/tst-crypto-available2 > /dev/null || \ { echo "available2 failure"; exit 1; } -echo "crypto available3" -${hxtool} crypto-available \ - --type=public-sig \ - > test || { echo "available3"; exit 1; } -cmp test ${srcdir}/tst-crypto-available3 > /dev/null || \ - { echo "available3 failure"; exit 1; } +#echo "crypto available3" +#${hxtool} crypto-available \ +# --type=public-sig \ +# > test || { echo "available3"; exit 1; } +#cmp test ${srcdir}/tst-crypto-available3 > /dev/null || \ +# { echo "available3 failure"; exit 1; } echo "copy keystore FILE existing -> FILE" ${hxtool} certificate-copy \ @@ -184,4 +184,9 @@ echo "print certificate with utf8" ${hxtool} print \ FILE:$srcdir/data/j.pem >/dev/null 2>/dev/null || exit 1 +echo "Make sure that we can parse EC private keys" +${hxtool} print --content \ + FILE:$srcdir/data/pkinit-ec.crt,$srcdir/data/pkinit-ec.key \ + > /dev/null || exit 1 + exit 0 diff --git a/crypto/heimdal/lib/hx509/test_java_pkcs11.in b/crypto/heimdal/lib/hx509/test_java_pkcs11.in index 35f61e61aa3..9a843a4888d 100644 --- a/crypto/heimdal/lib/hx509/test_java_pkcs11.in +++ b/crypto/heimdal/lib/hx509/test_java_pkcs11.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2008 Kungliga Tekniska Högskolan +# Copyright (c) 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # diff --git a/crypto/heimdal/lib/hx509/test_name.c b/crypto/heimdal/lib/hx509/test_name.c index 2c6dd516cb8..d932221ddf0 100644 --- a/crypto/heimdal/lib/hx509/test_name.c +++ b/crypto/heimdal/lib/hx509/test_name.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" -RCSID("$Id: test_name.c 19882 2007-01-13 01:02:57Z lha $"); static int test_name(hx509_context context, const char *name) @@ -72,13 +71,12 @@ test_name_fail(hx509_context context, const char *name) static int test_expand(hx509_context context, const char *name, const char *expected) { - hx509_env env; + hx509_env env = NULL; hx509_name n; char *s; int ret; - hx509_env_init(context, &env); - hx509_env_add(context, env, "uid", "lha"); + hx509_env_add(context, &env, "uid", "lha"); ret = hx509_parse_name(context, name, &n); if (ret) @@ -93,7 +91,7 @@ test_expand(hx509_context context, const char *name, const char *expected) hx509_name_free(&n); if (ret) return 1; - + ret = strcmp(s, expected) != 0; free(s); if (ret) @@ -102,6 +100,256 @@ test_expand(hx509_context context, const char *name, const char *expected) return 0; } +char certdata1[] = + "\x30\x82\x04\x1d\x30\x82\x03\x05\xa0\x03\x02\x01\x02\x02\x10\x4e" + "\x81\x2d\x8a\x82\x65\xe0\x0b\x02\xee\x3e\x35\x02\x46\xe5\x3d\x30" + "\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81" + "\x81\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b" + "\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65\x61\x74\x65\x72" + "\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06" + "\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30" + "\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f\x44\x4f\x20\x43" + "\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x27\x30\x25\x06\x03\x55" + "\x04\x03\x13\x1e\x43\x4f\x4d\x4f\x44\x4f\x20\x43\x65\x72\x74\x69" + "\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69" + "\x74\x79\x30\x1e\x17\x0d\x30\x36\x31\x32\x30\x31\x30\x30\x30\x30" + "\x30\x30\x5a\x17\x0d\x32\x39\x31\x32\x33\x31\x32\x33\x35\x39\x35" + "\x39\x5a\x30\x81\x81\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02" + "\x47\x42\x31\x1b\x30\x19\x06\x03\x55\x04\x08\x13\x12\x47\x72\x65" + "\x61\x74\x65\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31" + "\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x53\x61\x6c\x66\x6f\x72" + "\x64\x31\x1a\x30\x18\x06\x03\x55\x04\x0a\x13\x11\x43\x4f\x4d\x4f" + "\x44\x4f\x20\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x27\x30" + "\x25\x06\x03\x55\x04\x03\x13\x1e\x43\x4f\x4d\x4f\x44\x4f\x20\x43" + "\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e\x20\x41\x75\x74" + "\x68\x6f\x72\x69\x74\x79\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86" + "\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82" + "\x01\x0a\x02\x82\x01\x01\x00\xd0\x40\x8b\x8b\x72\xe3\x91\x1b\xf7" + "\x51\xc1\x1b\x54\x04\x98\xd3\xa9\xbf\xc1\xe6\x8a\x5d\x3b\x87\xfb" + "\xbb\x88\xce\x0d\xe3\x2f\x3f\x06\x96\xf0\xa2\x29\x50\x99\xae\xdb" + "\x3b\xa1\x57\xb0\x74\x51\x71\xcd\xed\x42\x91\x4d\x41\xfe\xa9\xc8" + "\xd8\x6a\x86\x77\x44\xbb\x59\x66\x97\x50\x5e\xb4\xd4\x2c\x70\x44" + "\xcf\xda\x37\x95\x42\x69\x3c\x30\xc4\x71\xb3\x52\xf0\x21\x4d\xa1" + "\xd8\xba\x39\x7c\x1c\x9e\xa3\x24\x9d\xf2\x83\x16\x98\xaa\x16\x7c" + "\x43\x9b\x15\x5b\xb7\xae\x34\x91\xfe\xd4\x62\x26\x18\x46\x9a\x3f" + "\xeb\xc1\xf9\xf1\x90\x57\xeb\xac\x7a\x0d\x8b\xdb\x72\x30\x6a\x66" + "\xd5\xe0\x46\xa3\x70\xdc\x68\xd9\xff\x04\x48\x89\x77\xde\xb5\xe9" + "\xfb\x67\x6d\x41\xe9\xbc\x39\xbd\x32\xd9\x62\x02\xf1\xb1\xa8\x3d" + "\x6e\x37\x9c\xe2\x2f\xe2\xd3\xa2\x26\x8b\xc6\xb8\x55\x43\x88\xe1" + "\x23\x3e\xa5\xd2\x24\x39\x6a\x47\xab\x00\xd4\xa1\xb3\xa9\x25\xfe" + "\x0d\x3f\xa7\x1d\xba\xd3\x51\xc1\x0b\xa4\xda\xac\x38\xef\x55\x50" + "\x24\x05\x65\x46\x93\x34\x4f\x2d\x8d\xad\xc6\xd4\x21\x19\xd2\x8e" + "\xca\x05\x61\x71\x07\x73\x47\xe5\x8a\x19\x12\xbd\x04\x4d\xce\x4e" + "\x9c\xa5\x48\xac\xbb\x26\xf7\x02\x03\x01\x00\x01\xa3\x81\x8e\x30" + "\x81\x8b\x30\x1d\x06\x03\x55\x1d\x0e\x04\x16\x04\x14\x0b\x58\xe5" + "\x8b\xc6\x4c\x15\x37\xa4\x40\xa9\x30\xa9\x21\xbe\x47\x36\x5a\x56" + "\xff\x30\x0e\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01" + "\x06\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01" + "\x01\xff\x30\x49\x06\x03\x55\x1d\x1f\x04\x42\x30\x40\x30\x3e\xa0" + "\x3c\xa0\x3a\x86\x38\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e" + "\x63\x6f\x6d\x6f\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x43\x4f\x4d" + "\x4f\x44\x4f\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f\x6e" + "\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x2e\x63\x72\x6c\x30\x0d\x06" + "\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01" + "\x00\x3e\x98\x9e\x9b\xf6\x1b\xe9\xd7\x39\xb7\x78\xae\x1d\x72\x18" + "\x49\xd3\x87\xe4\x43\x82\xeb\x3f\xc9\xaa\xf5\xa8\xb5\xef\x55\x7c" + "\x21\x52\x65\xf9\xd5\x0d\xe1\x6c\xf4\x3e\x8c\x93\x73\x91\x2e\x02" + "\xc4\x4e\x07\x71\x6f\xc0\x8f\x38\x61\x08\xa8\x1e\x81\x0a\xc0\x2f" + "\x20\x2f\x41\x8b\x91\xdc\x48\x45\xbc\xf1\xc6\xde\xba\x76\x6b\x33" + "\xc8\x00\x2d\x31\x46\x4c\xed\xe7\x9d\xcf\x88\x94\xff\x33\xc0\x56" + "\xe8\x24\x86\x26\xb8\xd8\x38\x38\xdf\x2a\x6b\xdd\x12\xcc\xc7\x3f" + "\x47\x17\x4c\xa2\xc2\x06\x96\x09\xd6\xdb\xfe\x3f\x3c\x46\x41\xdf" + "\x58\xe2\x56\x0f\x3c\x3b\xc1\x1c\x93\x35\xd9\x38\x52\xac\xee\xc8" + "\xec\x2e\x30\x4e\x94\x35\xb4\x24\x1f\x4b\x78\x69\xda\xf2\x02\x38" + "\xcc\x95\x52\x93\xf0\x70\x25\x59\x9c\x20\x67\xc4\xee\xf9\x8b\x57" + "\x61\xf4\x92\x76\x7d\x3f\x84\x8d\x55\xb7\xe8\xe5\xac\xd5\xf1\xf5" + "\x19\x56\xa6\x5a\xfb\x90\x1c\xaf\x93\xeb\xe5\x1c\xd4\x67\x97\x5d" + "\x04\x0e\xbe\x0b\x83\xa6\x17\x83\xb9\x30\x12\xa0\xc5\x33\x15\x05" + "\xb9\x0d\xfb\xc7\x05\x76\xe3\xd8\x4a\x8d\xfc\x34\x17\xa3\xc6\x21" + "\x28\xbe\x30\x45\x31\x1e\xc7\x78\xbe\x58\x61\x38\xac\x3b\xe2\x01" + "\x65"; + +char certdata2[] = + "\x30\x82\x03\x02\x30\x82\x02\x6b\x02\x10\x39\xca\x54\x89\xfe\x50" + "\x22\x32\xfe\x32\xd9\xdb\xfb\x1b\x84\x19\x30\x0d\x06\x09\x2a\x86" + "\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xc1\x31\x0b\x30\x09" + "\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55" + "\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e" + "\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13\x33\x43\x6c\x61" + "\x73\x73\x20\x31\x20\x50\x75\x62\x6c\x69\x63\x20\x50\x72\x69\x6d" + "\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6f" + "\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20\x2d\x20\x47\x32" + "\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28\x63\x29\x20\x31" + "\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e" + "\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74\x68\x6f\x72\x69" + "\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79\x31\x1f\x30\x1d" + "\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20" + "\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x30\x1e\x17" + "\x0d\x39\x38\x30\x35\x31\x38\x30\x30\x30\x30\x30\x30\x5a\x17\x0d" + "\x31\x38\x30\x35\x31\x38\x32\x33\x35\x39\x35\x39\x5a\x30\x81\xc1" + "\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30" + "\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e" + "\x2c\x20\x49\x6e\x63\x2e\x31\x3c\x30\x3a\x06\x03\x55\x04\x0b\x13" + "\x33\x43\x6c\x61\x73\x73\x20\x31\x20\x50\x75\x62\x6c\x69\x63\x20" + "\x50\x72\x69\x6d\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63" + "\x61\x74\x69\x6f\x6e\x20\x41\x75\x74\x68\x6f\x72\x69\x74\x79\x20" + "\x2d\x20\x47\x32\x31\x3a\x30\x38\x06\x03\x55\x04\x0b\x13\x31\x28" + "\x63\x29\x20\x31\x39\x39\x38\x20\x56\x65\x72\x69\x53\x69\x67\x6e" + "\x2c\x20\x49\x6e\x63\x2e\x20\x2d\x20\x46\x6f\x72\x20\x61\x75\x74" + "\x68\x6f\x72\x69\x7a\x65\x64\x20\x75\x73\x65\x20\x6f\x6e\x6c\x79" + "\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53" + "\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72" + "\x6b\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01" + "\x01\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xaa\xd0" + "\xba\xbe\x16\x2d\xb8\x83\xd4\xca\xd2\x0f\xbc\x76\x31\xca\x94\xd8" + "\x1d\x93\x8c\x56\x02\xbc\xd9\x6f\x1a\x6f\x52\x36\x6e\x75\x56\x0a" + "\x55\xd3\xdf\x43\x87\x21\x11\x65\x8a\x7e\x8f\xbd\x21\xde\x6b\x32" + "\x3f\x1b\x84\x34\x95\x05\x9d\x41\x35\xeb\x92\xeb\x96\xdd\xaa\x59" + "\x3f\x01\x53\x6d\x99\x4f\xed\xe5\xe2\x2a\x5a\x90\xc1\xb9\xc4\xa6" + "\x15\xcf\xc8\x45\xeb\xa6\x5d\x8e\x9c\x3e\xf0\x64\x24\x76\xa5\xcd" + "\xab\x1a\x6f\xb6\xd8\x7b\x51\x61\x6e\xa6\x7f\x87\xc8\xe2\xb7\xe5" + "\x34\xdc\x41\x88\xea\x09\x40\xbe\x73\x92\x3d\x6b\xe7\x75\x02\x03" + "\x01\x00\x01\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05" + "\x05\x00\x03\x81\x81\x00\x8b\xf7\x1a\x10\xce\x76\x5c\x07\xab\x83" + "\x99\xdc\x17\x80\x6f\x34\x39\x5d\x98\x3e\x6b\x72\x2c\xe1\xc7\xa2" + "\x7b\x40\x29\xb9\x78\x88\xba\x4c\xc5\xa3\x6a\x5e\x9e\x6e\x7b\xe3" + "\xf2\x02\x41\x0c\x66\xbe\xad\xfb\xae\xa2\x14\xce\x92\xf3\xa2\x34" + "\x8b\xb4\xb2\xb6\x24\xf2\xe5\xd5\xe0\xc8\xe5\x62\x6d\x84\x7b\xcb" + "\xbe\xbb\x03\x8b\x7c\x57\xca\xf0\x37\xa9\x90\xaf\x8a\xee\x03\xbe" + "\x1d\x28\x9c\xd9\x26\x76\xa0\xcd\xc4\x9d\x4e\xf0\xae\x07\x16\xd5" + "\xbe\xaf\x57\x08\x6a\xd0\xa0\x42\x42\x42\x1e\xf4\x20\xcc\xa5\x78" + "\x82\x95\x26\x38\x8a\x47"; + +char certdata3[] = + "\x30\x82\x04\x43\x30\x82\x03\x2b\xa0\x03\x02\x01\x02\x02\x01\x01" + "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30" + "\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31\x1b" + "\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65\x72" + "\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e\x06" + "\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a\x30" + "\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20\x43" + "\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03\x55" + "\x04\x03\x0c\x1c\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72\x74" + "\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65\x73" + "\x30\x1e\x17\x0d\x30\x34\x30\x31\x30\x31\x30\x30\x30\x30\x30\x30" + "\x5a\x17\x0d\x32\x38\x31\x32\x33\x31\x32\x33\x35\x39\x35\x39\x5a" + "\x30\x7f\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x42\x31" + "\x1b\x30\x19\x06\x03\x55\x04\x08\x0c\x12\x47\x72\x65\x61\x74\x65" + "\x72\x20\x4d\x61\x6e\x63\x68\x65\x73\x74\x65\x72\x31\x10\x30\x0e" + "\x06\x03\x55\x04\x07\x0c\x07\x53\x61\x6c\x66\x6f\x72\x64\x31\x1a" + "\x30\x18\x06\x03\x55\x04\x0a\x0c\x11\x43\x6f\x6d\x6f\x64\x6f\x20" + "\x43\x41\x20\x4c\x69\x6d\x69\x74\x65\x64\x31\x25\x30\x23\x06\x03" + "\x55\x04\x03\x0c\x1c\x54\x72\x75\x73\x74\x65\x64\x20\x43\x65\x72" + "\x74\x69\x66\x69\x63\x61\x74\x65\x20\x53\x65\x72\x76\x69\x63\x65" + "\x73\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01" + "\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01" + "\x01\x00\xdf\x71\x6f\x36\x58\x53\x5a\xf2\x36\x54\x57\x80\xc4\x74" + "\x08\x20\xed\x18\x7f\x2a\x1d\xe6\x35\x9a\x1e\x25\xac\x9c\xe5\x96" + "\x7e\x72\x52\xa0\x15\x42\xdb\x59\xdd\x64\x7a\x1a\xd0\xb8\x7b\xdd" + "\x39\x15\xbc\x55\x48\xc4\xed\x3a\x00\xea\x31\x11\xba\xf2\x71\x74" + "\x1a\x67\xb8\xcf\x33\xcc\xa8\x31\xaf\xa3\xe3\xd7\x7f\xbf\x33\x2d" + "\x4c\x6a\x3c\xec\x8b\xc3\x92\xd2\x53\x77\x24\x74\x9c\x07\x6e\x70" + "\xfc\xbd\x0b\x5b\x76\xba\x5f\xf2\xff\xd7\x37\x4b\x4a\x60\x78\xf7" + "\xf0\xfa\xca\x70\xb4\xea\x59\xaa\xa3\xce\x48\x2f\xa9\xc3\xb2\x0b" + "\x7e\x17\x72\x16\x0c\xa6\x07\x0c\x1b\x38\xcf\xc9\x62\xb7\x3f\xa0" + "\x93\xa5\x87\x41\xf2\xb7\x70\x40\x77\xd8\xbe\x14\x7c\xe3\xa8\xc0" + "\x7a\x8e\xe9\x63\x6a\xd1\x0f\x9a\xc6\xd2\xf4\x8b\x3a\x14\x04\x56" + "\xd4\xed\xb8\xcc\x6e\xf5\xfb\xe2\x2c\x58\xbd\x7f\x4f\x6b\x2b\xf7" + "\x60\x24\x58\x24\xce\x26\xef\x34\x91\x3a\xd5\xe3\x81\xd0\xb2\xf0" + "\x04\x02\xd7\x5b\xb7\x3e\x92\xac\x6b\x12\x8a\xf9\xe4\x05\xb0\x3b" + "\x91\x49\x5c\xb2\xeb\x53\xea\xf8\x9f\x47\x86\xee\xbf\x95\xc0\xc0" + "\x06\x9f\xd2\x5b\x5e\x11\x1b\xf4\xc7\x04\x35\x29\xd2\x55\x5c\xe4" + "\xed\xeb\x02\x03\x01\x00\x01\xa3\x81\xc9\x30\x81\xc6\x30\x1d\x06" + "\x03\x55\x1d\x0e\x04\x16\x04\x14\xc5\x7b\x58\xbd\xed\xda\x25\x69" + "\xd2\xf7\x59\x16\xa8\xb3\x32\xc0\x7b\x27\x5b\xf4\x30\x0e\x06\x03" + "\x55\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x06\x30\x0f\x06\x03" + "\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff\x30\x81\x83" + "\x06\x03\x55\x1d\x1f\x04\x7c\x30\x7a\x30\x3c\xa0\x3a\xa0\x38\x86" + "\x36\x68\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f" + "\x64\x6f\x63\x61\x2e\x63\x6f\x6d\x2f\x54\x72\x75\x73\x74\x65\x64" + "\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69" + "\x63\x65\x73\x2e\x63\x72\x6c\x30\x3a\xa0\x38\xa0\x36\x86\x34\x68" + "\x74\x74\x70\x3a\x2f\x2f\x63\x72\x6c\x2e\x63\x6f\x6d\x6f\x64\x6f" + "\x2e\x6e\x65\x74\x2f\x54\x72\x75\x73\x74\x65\x64\x43\x65\x72\x74" + "\x69\x66\x69\x63\x61\x74\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2e" + "\x63\x72\x6c\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05" + "\x05\x00\x03\x82\x01\x01\x00\xc8\x93\x81\x3b\x89\xb4\xaf\xb8\x84" + "\x12\x4c\x8d\xd2\xf0\xdb\x70\xba\x57\x86\x15\x34\x10\xb9\x2f\x7f" + "\x1e\xb0\xa8\x89\x60\xa1\x8a\xc2\x77\x0c\x50\x4a\x9b\x00\x8b\xd8" + "\x8b\xf4\x41\xe2\xd0\x83\x8a\x4a\x1c\x14\x06\xb0\xa3\x68\x05\x70" + "\x31\x30\xa7\x53\x9b\x0e\xe9\x4a\xa0\x58\x69\x67\x0e\xae\x9d\xf6" + "\xa5\x2c\x41\xbf\x3c\x06\x6b\xe4\x59\xcc\x6d\x10\xf1\x96\x6f\x1f" + "\xdf\xf4\x04\x02\xa4\x9f\x45\x3e\xc8\xd8\xfa\x36\x46\x44\x50\x3f" + "\x82\x97\x91\x1f\x28\xdb\x18\x11\x8c\x2a\xe4\x65\x83\x57\x12\x12" + "\x8c\x17\x3f\x94\x36\xfe\x5d\xb0\xc0\x04\x77\x13\xb8\xf4\x15\xd5" + "\x3f\x38\xcc\x94\x3a\x55\xd0\xac\x98\xf5\xba\x00\x5f\xe0\x86\x19" + "\x81\x78\x2f\x28\xc0\x7e\xd3\xcc\x42\x0a\xf5\xae\x50\xa0\xd1\x3e" + "\xc6\xa1\x71\xec\x3f\xa0\x20\x8c\x66\x3a\x89\xb4\x8e\xd4\xd8\xb1" + "\x4d\x25\x47\xee\x2f\x88\xc8\xb5\xe1\x05\x45\xc0\xbe\x14\x71\xde" + "\x7a\xfd\x8e\x7b\x7d\x4d\x08\x96\xa5\x12\x73\xf0\x2d\xca\x37\x27" + "\x74\x12\x27\x4c\xcb\xb6\x97\xe9\xd9\xae\x08\x6d\x5a\x39\x40\xdd" + "\x05\x47\x75\x6a\x5a\x21\xb3\xa3\x18\xcf\x4e\xf7\x2e\x57\xb7\x98" + "\x70\x5e\xc8\xc4\x78\xb0\x62"; + + +static int +compare_subject(hx509_cert c1, hx509_cert c2, int *l) +{ + hx509_name n1, n2; + int ret; + + ret = hx509_cert_get_subject(c1, &n1); + if (ret) return 1; + ret = hx509_cert_get_subject(c2, &n2); + if (ret) return 1; + + *l = hx509_name_cmp(n1, n2); + hx509_name_free(&n1); + hx509_name_free(&n2); + + return 0; +} + +static int +test_compare(hx509_context context) +{ + int ret; + hx509_cert c1, c2, c3; + int l0, l1, l2, l3; + + /* check transative properties of name compare function */ + + ret = hx509_cert_init_data(context, certdata1, sizeof(certdata1) - 1, &c1); + if (ret) return 1; + + ret = hx509_cert_init_data(context, certdata2, sizeof(certdata2) - 1, &c2); + if (ret) return 1; + + ret = hx509_cert_init_data(context, certdata3, sizeof(certdata3) - 1, &c3); + if (ret) return 1; + + ret = compare_subject(c1, c1, &l0); + if (ret) return 1; + ret = compare_subject(c1, c2, &l1); + if (ret) return 1; + ret = compare_subject(c1, c3, &l2); + if (ret) return 1; + ret = compare_subject(c2, c3, &l3); + if (ret) return 1; + + if (l0 != 0) return 1; + if (l2 < l1) return 1; + if (l3 < l2) return 1; + if (l3 < l1) return 1; + + hx509_cert_free(c1); + hx509_cert_free(c2); + hx509_cert_free(c3); + + return 0; +} + + int main(int argc, char **argv) { @@ -126,6 +374,8 @@ main(int argc, char **argv) ret += test_expand(context, "UID=${uid}${uid},C=SE", "UID=lhalha,C=SE"); ret += test_expand(context, "UID=${uid}{uid},C=SE", "UID=lha{uid},C=SE"); + ret += test_compare(context); + hx509_context_free(&context); return ret; diff --git a/crypto/heimdal/lib/hx509/test_nist.in b/crypto/heimdal/lib/hx509/test_nist.in index 8306283fc9e..9dffbe69177 100644 --- a/crypto/heimdal/lib/hx509/test_nist.in +++ b/crypto/heimdal/lib/hx509/test_nist.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan +# Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_nist.in 22240 2007-12-08 22:55:03Z lha $ +# $Id$ # srcdir="@srcdir@" @@ -96,7 +96,7 @@ while read id verify cert arg1 arg2 arg3 arg4 arg5 ; do args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl" args="$args cert:FILE:$nistdir/certs/$cert" - if ${hxtool} verify $args > /dev/null; then + if ${hxtool} verify --time=2008-05-20 $args > /dev/null; then if test "$verify" = "f"; then echo "verify passed on fail: $id $cert" exit 1 diff --git a/crypto/heimdal/lib/hx509/test_nist2.in b/crypto/heimdal/lib/hx509/test_nist2.in index 66161298953..0c4276b07af 100644 --- a/crypto/heimdal/lib/hx509/test_nist2.in +++ b/crypto/heimdal/lib/hx509/test_nist2.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan +# Copyright (c) 2004 - 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -38,6 +38,7 @@ srcdir="@srcdir@" objdir="@objdir@" nistdir=${objdir}/PKITS_data nistzip=${srcdir}/data/PKITS_data.zip +egrep="@egrep@" limit="${1:-nolimit}" @@ -55,6 +56,22 @@ if ${hxtool} info | grep 'rand: not available' > /dev/null ; then exit 77 fi +#--------- Try to find unzip + +oldifs=$IFS +IFS=: +set -- $PATH +IFS=$oldifs +found= + +for p in "$@" ; do + test -x "$p/unzip" && { found=1 ; break; } +done +test "X$found" = "X" && exit 77 + +#--------- + + echo "nist tests, version 2" if [ ! -d "$nistdir" ] ; then @@ -80,13 +97,12 @@ while read result cert other ; do args="$args cert:FILE:$nistdir/certs/$cert" args="$args chain:DIR:$nistdir/certs" args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt" -# args="$args crl:FILE:$nistdir/crls/TrustAnchorRootCRL.crl" for a in $nistdir/crls/*.crl; do args="$args crl:FILE:$a" done - cmd="${hxtool} verify $args" + cmd="${hxtool} verify --time=2008-05-20 $args" eval ${cmd} > /dev/null res=$? @@ -97,12 +113,14 @@ while read result cert other ; do [123],*) r="PASSf";; *) echo="unknown result ${result},${res}" ; exit 1 ;; esac - if grep "${name} FAIL" $srcdir/data/nist-result2 > /dev/null; then + if ${egrep} "^${name} FAIL" $srcdir/data/nist-result2 > /dev/null; then if expr "$r" : "PASS" >/dev/null; then echo "${name} passed when expected not to" echo "# ${description}" > nist2-passed-${name}.tmp ec=1 fi + elif ${egrep} "^${name} EITHER" $srcdir/data/nist-result2 > /dev/null; then + : elif expr "$r" : "FAIL.*" >/dev/null ; then echo "$r ${name} ${description}" echo "# ${description}" > nist2-failed-${name}.tmp diff --git a/crypto/heimdal/lib/hx509/test_nist_cert.in b/crypto/heimdal/lib/hx509/test_nist_cert.in index 2d2bbe1f198..8c683d6b8b1 100644 --- a/crypto/heimdal/lib/hx509/test_nist_cert.in +++ b/crypto/heimdal/lib/hx509/test_nist_cert.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2006 Kungliga Tekniska Högskolan +# Copyright (c) 2006 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_nist_cert.in 21823 2007-08-03 15:13:37Z lha $ +# $Id$ # srcdir="@srcdir@" diff --git a/crypto/heimdal/lib/hx509/test_nist_pkcs12.in b/crypto/heimdal/lib/hx509/test_nist_pkcs12.in index fe595f28478..7898eee2e1c 100644 --- a/crypto/heimdal/lib/hx509/test_nist_pkcs12.in +++ b/crypto/heimdal/lib/hx509/test_nist_pkcs12.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan +# Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_nist_pkcs12.in 22256 2007-12-09 06:04:02Z lha $ +# $Id$ # srcdir="@srcdir@" diff --git a/crypto/heimdal/lib/hx509/test_pkcs11.in b/crypto/heimdal/lib/hx509/test_pkcs11.in index 0a315bf5eaf..278296ae66d 100644 --- a/crypto/heimdal/lib/hx509/test_pkcs11.in +++ b/crypto/heimdal/lib/hx509/test_pkcs11.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2008 Kungliga Tekniska Högskolan +# Copyright (c) 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # diff --git a/crypto/heimdal/lib/hx509/test_query.in b/crypto/heimdal/lib/hx509/test_query.in index 01e0c312337..d29d78a2397 100644 --- a/crypto/heimdal/lib/hx509/test_query.in +++ b/crypto/heimdal/lib/hx509/test_query.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan +# Copyright (c) 2005 - 2008 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_query.in 20782 2007-06-02 00:46:00Z lha $ +# $Id$ # srcdir="@srcdir@" @@ -44,8 +44,15 @@ hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" echo "try printing" ${hxtool} print \ --pass=PASS:foobar \ + --info --content \ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null || exit 1 +echo "try printing" +${hxtool} print \ + --pass=PASS:foobar \ + --info --content \ + FILE:$srcdir/data/kdc.crt >/dev/null 2>/dev/null || exit 1 + ${hxtool} print \ --pass=PASS:foobar \ --info \ @@ -63,6 +70,16 @@ ${hxtool} query \ --friendlyname=friendlyname-test-not \ PKCS12:$srcdir/data/test.p12 >/dev/null 2>/dev/null && exit 1 +echo "make sure entry is found (eku)" +${hxtool} query \ + --eku=1.3.6.1.5.2.3.5 \ + FILE:$srcdir/data/kdc.crt >/dev/null 2>/dev/null || exit 1 + +echo "make sure entry is not found (eku)" +${hxtool} query \ + --eku=1.3.6.1.5.2.3.6 \ + FILE:$srcdir/data/kdc.crt >/dev/null 2>/dev/null && exit 1 + echo "make sure entry is found (friendlyname, no-pw)" ${hxtool} query \ --friendlyname=friendlyname-cert \ @@ -142,5 +159,45 @@ ${hxtool} query \ --keyEncipherment \ FILE:$srcdir/data/test-ke-only.crt >/dev/null 2>/dev/null && exit 1 -exit 0 +echo "make sure entry is found (eku) in query language" +${hxtool} query \ + --expr='"1.3.6.1.5.2.3.5" IN %{certificate.eku}' \ + FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 +echo "make sure entry is not found (eku) in query language" +${hxtool} query \ + --expr='"1.3.6.1.5.2.3.6" IN %{certificate.eku}' \ + FILE:$srcdir/data/kdc.crt > /dev/null && exit 1 + +echo "make sure entry is found (subject) in query language" +${hxtool} query \ + --expr='%{certificate.subject} == "CN=kdc,C=SE"' \ + FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 + +echo "make sure entry is found using TAILMATCH (subject) in query language" +${hxtool} query \ + --expr='%{certificate.subject} TAILMATCH "C=SE"' \ + FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 + +echo "make sure entry is not found using TAILMATCH (subject) in query language" +${hxtool} query \ + --expr='%{certificate.subject} TAILMATCH "C=FI"' \ + FILE:$srcdir/data/kdc.crt > /dev/null && exit 1 + +echo "make sure entry is found (issuer) in query language" +${hxtool} query \ + --expr='%{certificate.issuer} == "C=SE,CN=hx509 Test Root CA"' \ + FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 + +echo "make sure entry match with EKU and TAILMATCH in query language" +${hxtool} query \ + --expr='"1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"' \ + FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 + +echo "make sure entry match with hash.sha1" +${hxtool} query \ + --expr='"%{certificate.hash.sha1}EQ "412120212A2CBFD777DE5499ECB4724345F33F16"' \ + FILE:$srcdir/data/kdc.crt > /dev/null || exit 1 + + +exit 0 diff --git a/crypto/heimdal/lib/hx509/test_req.in b/crypto/heimdal/lib/hx509/test_req.in index 2109ceb26dc..49919d918fa 100644 --- a/crypto/heimdal/lib/hx509/test_req.in +++ b/crypto/heimdal/lib/hx509/test_req.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan +# Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_req.in 21341 2007-06-26 14:20:56Z lha $ +# $Id$ # srcdir="@srcdir@" diff --git a/crypto/heimdal/lib/hx509/test_soft_pkcs11.c b/crypto/heimdal/lib/hx509/test_soft_pkcs11.c index e76f7720156..c8fc2448ee7 100644 --- a/crypto/heimdal/lib/hx509/test_soft_pkcs11.c +++ b/crypto/heimdal/lib/hx509/test_soft_pkcs11.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "hx_locl.h" @@ -39,9 +39,9 @@ static CK_FUNCTION_LIST_PTR func; static CK_RV -find_object(CK_SESSION_HANDLE session, +find_object(CK_SESSION_HANDLE session, char *id, - CK_OBJECT_CLASS key_class, + CK_OBJECT_CLASS key_class, CK_OBJECT_HANDLE_PTR object) { CK_ULONG object_count; @@ -119,11 +119,11 @@ main(int argc, char **argv) if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0) errx(1, "no token present"); - ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION, + ret = (*func->C_OpenSession)(slot, CKF_SERIAL_SESSION, NULL, NULL, &session); if (ret != CKR_OK) errx(1, "C_OpenSession failed: %d", (int)ret); - + ret = (*func->C_GetTokenInfo)(slot, &token_info); if (ret) errx(1, "C_GetTokenInfo1 failed: %d", (int)ret); @@ -159,7 +159,7 @@ main(int argc, char **argv) ret = (*func->C_SignInit)(session, &mechanism, private); if (ret != CKR_OK) return 1; - + ck_sigsize = sizeof(signature); ret = (*func->C_Sign)(session, (CK_BYTE *)sighash, strlen(sighash), (CK_BYTE *)signature, &ck_sigsize); @@ -172,7 +172,7 @@ main(int argc, char **argv) if (ret != CKR_OK) return 1; - ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize, + ret = (*func->C_Verify)(session, (CK_BYTE *)signature, ck_sigsize, (CK_BYTE *)sighash, strlen(sighash)); if (ret != CKR_OK) { printf("message: %d\n", (int)ret); @@ -192,7 +192,7 @@ main(int argc, char **argv) ret = (*func->C_EncryptInit)(session, &mechanism, public); if (ret != CKR_OK) return 1; - + ck_sigsize = sizeof(signature); ret = (*func->C_Encrypt)(session, (CK_BYTE *)sighash, strlen(sighash), (CK_BYTE *)signature, &ck_sigsize); @@ -206,14 +206,14 @@ main(int argc, char **argv) return 1; outsize = sizeof(outdata); - ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize, + ret = (*func->C_Decrypt)(session, (CK_BYTE *)signature, ck_sigsize, (CK_BYTE *)outdata, &outsize); if (ret != CKR_OK) { printf("message: %d\n", (int)ret); return 1; } - if (memcmp(sighash, outdata, strlen(sighash)) != 0) + if (ct_memcmp(sighash, outdata, strlen(sighash)) != 0) return 1; } #endif diff --git a/crypto/heimdal/lib/hx509/test_windows.in b/crypto/heimdal/lib/hx509/test_windows.in index 86145449a7f..c617f81322e 100644 --- a/crypto/heimdal/lib/hx509/test_windows.in +++ b/crypto/heimdal/lib/hx509/test_windows.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2007 Kungliga Tekniska Högskolan +# Copyright (c) 2007 Kungliga Tekniska Högskolan # (Royal Institute of Technology, Stockholm, Sweden). # All rights reserved. # @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: test_windows.in 21004 2007-06-08 01:53:10Z lha $ +# $Id$ # srcdir="@srcdir@" diff --git a/crypto/heimdal/lib/hx509/tst-crypto-available2 b/crypto/heimdal/lib/hx509/tst-crypto-available2 index b3f76e376f0..22c09206f03 100644 --- a/crypto/heimdal/lib/hx509/tst-crypto-available2 +++ b/crypto/heimdal/lib/hx509/tst-crypto-available2 @@ -1,4 +1,5 @@ +2.16.840.1.101.3.4.2.3 +2.16.840.1.101.3.4.2.2 2.16.840.1.101.3.4.2.1 1.3.14.3.2.26 1.2.840.113549.2.5 -1.2.840.113549.2.2 diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select1 b/crypto/heimdal/lib/hx509/tst-crypto-select1 index eb0d095adf6..c343b570823 100644 --- a/crypto/heimdal/lib/hx509/tst-crypto-select1 +++ b/crypto/heimdal/lib/hx509/tst-crypto-select1 @@ -1 +1 @@ -1.3.14.3.2.26 +2.16.840.1.101.3.4.2.1 diff --git a/crypto/heimdal/lib/hx509/tst-crypto-select2 b/crypto/heimdal/lib/hx509/tst-crypto-select2 index 749a54905dc..399c883a923 100644 --- a/crypto/heimdal/lib/hx509/tst-crypto-select2 +++ b/crypto/heimdal/lib/hx509/tst-crypto-select2 @@ -1 +1 @@ -1.2.840.113549.1.1.5 +1.2.840.113549.1.1.11 diff --git a/crypto/heimdal/lib/hx509/version-script.map b/crypto/heimdal/lib/hx509/version-script.map index 68ef73e8ecc..b05198c42c5 100644 --- a/crypto/heimdal/lib/hx509/version-script.map +++ b/crypto/heimdal/lib/hx509/version-script.map @@ -1,8 +1,31 @@ # $Id$ -HEIMDAL_X509_1.0 { +HEIMDAL_X509_1.2 { global: - initialize_hx_error_table_r; + _hx509_cert_assign_key; + _hx509_cert_private_key; + _hx509_certs_keys_free; + _hx509_certs_keys_get; + _hx509_expr_eval; + _hx509_expr_free; + _hx509_expr_parse; + _hx509_generate_private_key; + _hx509_generate_private_key_bits; + _hx509_generate_private_key_free; + _hx509_generate_private_key_init; + _hx509_generate_private_key_is_ca; + _hx509_map_file_os; + _hx509_name_from_Name; + _hx509_private_key_ref; + _hx509_request_add_dns_name; + _hx509_request_add_email; + _hx509_request_parse; + _hx509_request_print; + _hx509_request_set_email; + _hx509_request_to_pkcs10; + _hx509_request_to_pkcs10; + _hx509_unmap_file_os; + _hx509_write_file; hx509_bitstring_print; hx509_ca_sign; hx509_ca_sign_self; @@ -26,15 +49,18 @@ HEIMDAL_X509_1.0 { hx509_ca_tbs_set_spki; hx509_ca_tbs_set_subject; hx509_ca_tbs_set_template; + hx509_ca_tbs_set_unique; hx509_ca_tbs_subject_expand; hx509_ca_tbs_template_units; + hx509_cert; + hx509_cert_attribute; hx509_cert_binary; hx509_cert_check_eku; hx509_cert_cmp; hx509_cert_find_subjectAltName_otherName; hx509_cert_free; hx509_cert_get_SPKI; - hx509_cert_attribute; + hx509_cert_get_SPKI_AlgorithmIdentifier; hx509_cert_get_attribute; hx509_cert_get_base_subject; hx509_cert_get_friendly_name; @@ -43,26 +69,32 @@ HEIMDAL_X509_1.0 { hx509_cert_get_notBefore; hx509_cert_get_serialnumber; hx509_cert_get_subject; + hx509_cert_get_issuer_unique_id; + hx509_cert_get_subject_unique_id; hx509_cert_init; hx509_cert_init_data; hx509_cert_keyusage_print; - hx509_cert; + hx509_cert_public_encrypt; hx509_cert_ref; hx509_cert_set_friendly_name; hx509_certs_add; hx509_certs_append; hx509_certs_end_seq; + hx509_certs_ref; + hx509_certs_filter; hx509_certs_find; hx509_certs_free; hx509_certs_info; hx509_certs_init; hx509_certs_iter; + hx509_certs_iter_f; hx509_certs_merge; hx509_certs_next_cert; hx509_certs_start_seq; hx509_certs_store; hx509_ci_print_names; hx509_clear_error_string; + hx509_cms_create_signed; hx509_cms_create_signed_1; hx509_cms_decrypt_encrypted; hx509_cms_envelope_1; @@ -80,6 +112,7 @@ HEIMDAL_X509_1.0 { hx509_crl_sign; hx509_crypto_aes128_cbc; hx509_crypto_aes256_cbc; + hx509_crypto_allow_weak; hx509_crypto_available; hx509_crypto_decrypt; hx509_crypto_des_rsdi_ede3_cbc; @@ -93,15 +126,20 @@ HEIMDAL_X509_1.0 { hx509_crypto_select; hx509_crypto_set_key_data; hx509_crypto_set_key_name; + hx509_crypto_set_padding; hx509_crypto_set_params; hx509_crypto_set_random_key; hx509_env_add; + hx509_env_add_binding; + hx509_env_find; + hx509_env_find_binding; hx509_env_free; hx509_env_init; hx509_env_lfind; hx509_err; hx509_free_error_string; hx509_free_octet_string_list; + hx509_find_private_alg; hx509_general_name_unparse; hx509_get_error_string; hx509_get_one_cert; @@ -116,6 +154,7 @@ HEIMDAL_X509_1.0 { hx509_lock_reset_passwords; hx509_lock_reset_promper; hx509_lock_set_prompter; + hx509_name_binary; hx509_name_cmp; hx509_name_copy; hx509_name_expand; @@ -123,27 +162,47 @@ HEIMDAL_X509_1.0 { hx509_name_is_null_p; hx509_name_normalize; hx509_name_to_Name; - hx509_name_binary; hx509_name_to_string; hx509_ocsp_request; hx509_ocsp_verify; hx509_oid_print; hx509_oid_sprint; hx509_parse_name; + hx509_parse_private_key; + hx509_peer_info_add_cms_alg; hx509_peer_info_alloc; hx509_peer_info_free; hx509_peer_info_set_cert; hx509_peer_info_set_cms_algs; + hx509_pem_add_header; + hx509_pem_find_header; + hx509_pem_free_header; + hx509_pem_read; + hx509_pem_write; hx509_print_stdout; + hx509_print_cert; + hx509_private_key_assign_rsa; + hx509_private_key_free; + hx509_private_key_private_decrypt; + hx509_private_key_init; + hx509_private_key2SPKI; hx509_prompt_hidden; hx509_query_alloc; hx509_query_free; hx509_query_match_cmp_func; + hx509_query_match_eku; + hx509_query_match_expr; hx509_query_match_friendly_name; hx509_query_match_issuer_serial; hx509_query_match_option; hx509_query_statistic_file; hx509_query_unparse_stats; + hx509_request_get_name; + hx509_request_get_SubjectPublicKeyInfo; + hx509_request_free; + hx509_request_init; + hx509_request_set_name; + hx509_request_set_SubjectPublicKeyInfo; hx509_revoke_add_crl; hx509_revoke_add_ocsp; hx509_revoke_free; @@ -152,10 +211,8 @@ HEIMDAL_X509_1.0 { hx509_revoke_verify; hx509_set_error_string; hx509_set_error_stringv; - hx509_signature_md2; hx509_signature_md5; hx509_signature_rsa; - hx509_signature_rsa_with_md2; hx509_signature_rsa_with_md5; hx509_signature_rsa_with_sha1; hx509_signature_rsa_with_sha256; @@ -183,42 +240,8 @@ HEIMDAL_X509_1.0 { hx509_verify_set_strict_rfc3280_verification; hx509_verify_set_time; hx509_verify_signature; - hx509_pem_write; - hx509_pem_add_header; - hx509_pem_find_header; - hx509_pem_free_header; hx509_xfree; - _hx509_write_file; - _hx509_map_file; - _hx509_map_file_os; - _hx509_unmap_file; - _hx509_unmap_file_os; - _hx509_certs_keys_free; - _hx509_certs_keys_get; - _hx509_request_init; - _hx509_request_add_dns_name; - _hx509_request_add_email; - _hx509_request_get_name; - _hx509_request_set_name; - _hx509_request_set_email; - _hx509_request_get_SubjectPublicKeyInfo; - _hx509_request_set_SubjectPublicKeyInfo; - _hx509_request_to_pkcs10; - _hx509_request_to_pkcs10; - _hx509_request_free; - _hx509_request_print; - _hx509_request_parse; - _hx509_private_key_ref; - _hx509_private_key_free; - _hx509_private_key2SPKI; - _hx509_generate_private_key_init; - _hx509_generate_private_key_is_ca; - _hx509_generate_private_key_bits; - _hx509_generate_private_key; - _hx509_generate_private_key_free; - _hx509_cert_assign_key; - _hx509_cert_private_key; - _hx509_name_from_Name; + initialize_hx_error_table_r; # pkcs11 symbols C_GetFunctionList; local: diff --git a/crypto/heimdal/lib/ipc/Makefile.am b/crypto/heimdal/lib/ipc/Makefile.am new file mode 100644 index 00000000000..fc3ba469d48 --- /dev/null +++ b/crypto/heimdal/lib/ipc/Makefile.am @@ -0,0 +1,67 @@ +include $(top_srcdir)/Makefile.am.common + +noinst_LTLIBRARIES = libheim-ipcc.la libheim-ipcs.la + +dist_libheim_ipcc_la_SOURCES = hi_locl.h heim_ipc_types.h client.c common.c +dist_libheim_ipcs_la_SOURCES = hi_locl.h heim_ipc_types.h server.c common.c + +include_HEADERS = heim-ipc.h + +## +## Enable when this is not a noinst_ library +## +#libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 +#libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 +# +#if versionscript +#libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map +#libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map +#endif + +libheim_ipcc_la_LIBADD = \ + $(LIB_heimbase) \ + $(LIB_roken) \ + $(PTHREAD_LIBADD) + +libheim_ipcs_la_LIBADD = $(libheim_ipcc_la_LIBADD) + +TESTS = $(check_PROGRAMS) + +noinst_PROGRAMS = tc ts ts-http + +ts_LDADD = libheim-ipcs.la $(LIB_roken) +ts_http_LDADD = $(ts_LDADD) +tc_LDADD = libheim-ipcc.la $(LIB_roken) + +if have_gcd + +EXTRA_DIST = heim_ipc.defs heim_ipc_async.defs heim_ipc_reply.defs + +heim_ipc.h heim_ipcUser.c heim_ipcServer.c heim_ipcServer.h: heim_ipc.defs + mig -header heim_ipc.h -user heim_ipcUser.c -sheader heim_ipcServer.h -server heim_ipcServer.c -I$(srcdir) $(srcdir)/heim_ipc.defs + +heim_ipc_async.h heim_ipc_asyncUser.c heim_ipc_asyncServer.c heim_ipc_asyncServer.h: heim_ipc_async.defs + mig -header heim_ipc_async.h -user heim_ipc_asyncUser.c -sheader heim_ipc_asyncServer.h -server heim_ipc_asyncServer.c -I$(srcdir) $(srcdir)/heim_ipc_async.defs + +heim_ipc_reply.h heim_ipc_replyUser.c: heim_ipc_reply.defs + mig -header heim_ipc_reply.h -user heim_ipc_replyUser.c -sheader /dev/null -server /dev/null -I$(srcdir) $(srcdir)/heim_ipc_reply.defs + +built_ipcc = heim_ipc.h heim_ipcUser.c +built_ipcc += heim_ipc_asyncServer.c heim_ipc_asyncServer.h + +nodist_libheim_ipcc_la_SOURCES = $(built_ipcc) + +built_ipcs = heim_ipcServer.c heim_ipcServer.h +built_ipcs += heim_ipc_asyncUser.c heim_ipc_async.h +built_ipcs += heim_ipc_reply.h heim_ipc_replyUser.c + +nodist_libheim_ipcs_la_SOURCES = $(built_ipcs) + +libheim_ipcs_la_LIBADD += -lbsm + +CLEANFILES = $(built_ipcc) $(built_ipcs) + +$(srcdir)/client.c: $(built_ipcc) +$(srcdir)/server.c: $(built_ipcs) + +endif \ No newline at end of file diff --git a/crypto/heimdal/tests/kdc/Makefile.in b/crypto/heimdal/lib/ipc/Makefile.in similarity index 56% rename from crypto/heimdal/tests/kdc/Makefile.in rename to crypto/heimdal/lib/ipc/Makefile.in index cf6f6d8489c..1fd0c227bd6 100644 --- a/crypto/heimdal/tests/kdc/Makefile.in +++ b/crypto/heimdal/lib/ipc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,16 +15,17 @@ @SET_MAKE@ -# $Id: Makefile.am 22447 2008-01-15 06:05:17Z lha $ +# $Id$ + +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -38,14 +40,16 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ +DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common -check_PROGRAMS = ap-req$(EXEEXT) -subdir = tests/kdc +TESTS = +noinst_PROGRAMS = tc$(EXEEXT) ts$(EXEEXT) ts-http$(EXEEXT) +@have_gcd_TRUE@am__append_1 = -lbsm +subdir = lib/ipc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +64,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +78,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,20 +91,46 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -ap_req_SOURCES = ap-req.c -ap_req_OBJECTS = ap-req.$(OBJEXT) -ap_req_LDADD = $(LDADD) +CONFIG_CLEAN_VPATH_FILES = +LTLIBRARIES = $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = -ap_req_DEPENDENCIES = ../../lib/krb5/libkrb5.la $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +libheim_ipcc_la_DEPENDENCIES = $(LIB_heimbase) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +dist_libheim_ipcc_la_OBJECTS = client.lo common.lo +@have_gcd_TRUE@am__objects_1 = heim_ipcUser.lo heim_ipc_asyncServer.lo +@have_gcd_TRUE@nodist_libheim_ipcc_la_OBJECTS = $(am__objects_1) +libheim_ipcc_la_OBJECTS = $(dist_libheim_ipcc_la_OBJECTS) \ + $(nodist_libheim_ipcc_la_OBJECTS) +am__DEPENDENCIES_2 = $(LIB_heimbase) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +libheim_ipcs_la_DEPENDENCIES = $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_1) +dist_libheim_ipcs_la_OBJECTS = server.lo common.lo +@have_gcd_TRUE@am__objects_2 = heim_ipcServer.lo heim_ipc_asyncUser.lo \ +@have_gcd_TRUE@ heim_ipc_replyUser.lo +@have_gcd_TRUE@nodist_libheim_ipcs_la_OBJECTS = $(am__objects_2) +libheim_ipcs_la_OBJECTS = $(dist_libheim_ipcs_la_OBJECTS) \ + $(nodist_libheim_ipcs_la_OBJECTS) +PROGRAMS = $(noinst_PROGRAMS) +tc_SOURCES = tc.c +tc_OBJECTS = tc.$(OBJEXT) +tc_DEPENDENCIES = libheim-ipcc.la $(am__DEPENDENCIES_1) +ts_SOURCES = ts.c +ts_OBJECTS = ts.$(OBJEXT) +ts_DEPENDENCIES = libheim-ipcs.la $(am__DEPENDENCIES_1) +ts_http_SOURCES = ts-http.c +ts_http_OBJECTS = ts-http.$(OBJEXT) +am__DEPENDENCIES_3 = libheim-ipcs.la $(am__DEPENDENCIES_1) +ts_http_DEPENDENCIES = $(am__DEPENDENCIES_3) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,59 +140,96 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = ap-req.c -DIST_SOURCES = ap-req.c -DATA = $(noinst_DATA) +SOURCES = $(dist_libheim_ipcc_la_SOURCES) \ + $(nodist_libheim_ipcc_la_SOURCES) \ + $(dist_libheim_ipcs_la_SOURCES) \ + $(nodist_libheim_ipcs_la_SOURCES) tc.c ts.c ts-http.c +DIST_SOURCES = $(dist_libheim_ipcc_la_SOURCES) \ + $(dist_libheim_ipcs_la_SOURCES) tc.c ts.c ts-http.c +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(includedir)" +HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -183,10 +253,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -203,6 +274,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -218,31 +291,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -257,10 +344,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -301,135 +390,81 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -noinst_DATA = \ - krb5.conf \ - krb5-pkinit.conf \ - krb5-pkinit-win.conf \ - krb5-slave.conf +noinst_LTLIBRARIES = libheim-ipcc.la libheim-ipcs.la +dist_libheim_ipcc_la_SOURCES = hi_locl.h heim_ipc_types.h client.c common.c +dist_libheim_ipcs_la_SOURCES = hi_locl.h heim_ipc_types.h server.c common.c +include_HEADERS = heim-ipc.h -check_SCRIPTS = $(SCRIPT_TESTS) -SCRIPT_TESTS = \ - check-digest \ - check-kadmin \ - check-kdc \ - check-keys \ - check-pkinit \ - check-iprop \ - check-referral \ - check-uu - -TESTS = $(SCRIPT_TESTS) -port = 49188 -admport = 49189 -@HAVE_DLOPEN_FALSE@do_dlopen = -e 's,[@]DLOPEN[@],false,g' -@HAVE_DLOPEN_TRUE@do_dlopen = -e 's,[@]DLOPEN[@],true,g' -do_subst = sed $(do_dlopen) \ - -e 's,[@]srcdir[@],$(srcdir),g' \ - -e 's,[@]port[@],$(port),g' \ - -e 's,[@]admport[@],$(admport),g' \ - -e 's,[@]objdir[@],$(top_builddir)/tests/kdc,g' \ - -e 's,[@]EGREP[@],$(EGREP),g' - -LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken) -CLEANFILES = \ - $(TESTS) \ - iprop-stats \ - barpassword \ - cache.krb5 \ - cdigest-reply \ - *.tmp \ - client-cache \ - current-db* \ - current*.log \ - iprop.keytab \ - digest-reply \ - foopassword \ - krb5.conf \ - krb5-slave.conf \ - krb5-pkinit.conf \ - krb5-pkinit-win.conf \ - krb5.conf.keys \ - signal \ - messages.log \ - o2cache.krb5 \ - o2digest-reply \ - ocache.krb5 \ - s2digest-reply \ - sdigest-init \ - sdigest-reply \ - server.keytab \ - req-pkinit.der \ - req-pkinit2.der \ - req-kdc.der \ - pkinit.crt \ - pkinit2.crt \ - pkinit3.crt \ - kdc.crt \ - ca.crt \ - uuserver.log \ - tempfile \ - test-rc-file.rc - -EXTRA_DIST = \ - check-kadmin.in \ - check-kdc.in \ - check-keys.in \ - check-referral.in \ - check-uu.in \ - check-pkinit.in \ - check-iprop.in \ - check-digest.in \ - heimdal.acl \ - krb5.conf.in \ - krb5.conf.keys.in \ - krb5-pkinit.conf.in \ - iprop-acl \ - wait-kdc.sh \ - pki-mapping \ - ntlm-user-file.txt \ - uuserver.txt \ - donotexists.txt +#libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 +#libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 +# +#if versionscript +#libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map +#libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map +#endif +libheim_ipcc_la_LIBADD = \ + $(LIB_heimbase) \ + $(LIB_roken) \ + $(PTHREAD_LIBADD) +libheim_ipcs_la_LIBADD = $(libheim_ipcc_la_LIBADD) $(am__append_1) +ts_LDADD = libheim-ipcs.la $(LIB_roken) +ts_http_LDADD = $(ts_LDADD) +tc_LDADD = libheim-ipcc.la $(LIB_roken) +@have_gcd_TRUE@EXTRA_DIST = heim_ipc.defs heim_ipc_async.defs heim_ipc_reply.defs +@have_gcd_TRUE@built_ipcc = heim_ipc.h heim_ipcUser.c \ +@have_gcd_TRUE@ heim_ipc_asyncServer.c heim_ipc_asyncServer.h +@have_gcd_TRUE@nodist_libheim_ipcc_la_SOURCES = $(built_ipcc) +@have_gcd_TRUE@built_ipcs = heim_ipcServer.c heim_ipcServer.h \ +@have_gcd_TRUE@ heim_ipc_asyncUser.c heim_ipc_async.h \ +@have_gcd_TRUE@ heim_ipc_reply.h heim_ipc_replyUser.c +@have_gcd_TRUE@nodist_libheim_ipcs_la_SOURCES = $(built_ipcs) +@have_gcd_TRUE@CLEANFILES = $(built_ipcc) $(built_ipcs) all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/kdc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps tests/kdc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/ipc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/ipc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -447,16 +482,38 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): -clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ done -ap-req$(EXEEXT): $(ap_req_OBJECTS) $(ap_req_DEPENDENCIES) - @rm -f ap-req$(EXEEXT) - $(LINK) $(ap_req_OBJECTS) $(ap_req_LDADD) $(LIBS) +libheim-ipcc.la: $(libheim_ipcc_la_OBJECTS) $(libheim_ipcc_la_DEPENDENCIES) + $(LINK) $(libheim_ipcc_la_OBJECTS) $(libheim_ipcc_la_LIBADD) $(LIBS) +libheim-ipcs.la: $(libheim_ipcs_la_OBJECTS) $(libheim_ipcs_la_DEPENDENCIES) + $(LINK) $(libheim_ipcs_la_OBJECTS) $(libheim_ipcs_la_LIBADD) $(LIBS) + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +tc$(EXEEXT): $(tc_OBJECTS) $(tc_DEPENDENCIES) + @rm -f tc$(EXEEXT) + $(LINK) $(tc_OBJECTS) $(tc_LDADD) $(LIBS) +ts$(EXEEXT): $(ts_OBJECTS) $(ts_DEPENDENCIES) + @rm -f ts$(EXEEXT) + $(LINK) $(ts_OBJECTS) $(ts_LDADD) $(LIBS) +ts-http$(EXEEXT): $(ts_http_OBJECTS) $(ts_http_DEPENDENCIES) + @rm -f ts-http$(EXEEXT) + $(LINK) $(ts_http_OBJECTS) $(ts_http_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -464,73 +521,122 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/heim_ipcServer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/heim_ipcUser.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/heim_ipc_asyncServer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/heim_ipc_asyncUser.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/heim_ipc_replyUser.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts-http.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs +install-includeHEADERS: $(include_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ + done + +uninstall-includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -539,49 +645,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -592,11 +712,15 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi @@ -616,13 +740,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -630,11 +758,13 @@ distdir: $(DISTFILES) top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_SCRIPTS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local check: check-am -all-am: Makefile $(DATA) all-local +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local installdirs: + for dir in "$(DESTDIR)$(includedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done install: install-am install-exec: install-exec-am install-data: install-data-am @@ -656,16 +786,18 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -676,33 +808,44 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: -install-data-am: +install-data-am: install-includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -719,27 +862,28 @@ ps: ps-am ps-am: -uninstall-am: +uninstall-am: uninstall-includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ - check-local clean clean-checkPROGRAMS clean-generic \ - clean-libtool ctags dist-hook distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-data-hook install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ - uninstall-am uninstall-hook + check-local clean clean-generic clean-libtool \ + clean-noinstLTLIBRARIES clean-noinstPROGRAMS ctags dist-hook \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-includeHEADERS install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-hook \ + uninstall-includeHEADERS install-suid-programs: @@ -810,6 +954,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -895,7 +1042,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -909,63 +1056,18 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -check-kdc: check-kdc.in Makefile - $(do_subst) < $(srcdir)/check-kdc.in > check-kdc.tmp - chmod +x check-kdc.tmp - mv check-kdc.tmp check-kdc +@have_gcd_TRUE@heim_ipc.h heim_ipcUser.c heim_ipcServer.c heim_ipcServer.h: heim_ipc.defs +@have_gcd_TRUE@ mig -header heim_ipc.h -user heim_ipcUser.c -sheader heim_ipcServer.h -server heim_ipcServer.c -I$(srcdir) $(srcdir)/heim_ipc.defs -check-keys: check-keys.in Makefile - $(do_subst) < $(srcdir)/check-keys.in > check-keys.tmp - chmod +x check-keys.tmp - mv check-keys.tmp check-keys +@have_gcd_TRUE@heim_ipc_async.h heim_ipc_asyncUser.c heim_ipc_asyncServer.c heim_ipc_asyncServer.h: heim_ipc_async.defs +@have_gcd_TRUE@ mig -header heim_ipc_async.h -user heim_ipc_asyncUser.c -sheader heim_ipc_asyncServer.h -server heim_ipc_asyncServer.c -I$(srcdir) $(srcdir)/heim_ipc_async.defs -check-kadmin: check-kadmin.in Makefile - $(do_subst) < $(srcdir)/check-kadmin.in > check-kadmin.tmp - chmod +x check-kadmin.tmp - mv check-kadmin.tmp check-kadmin +@have_gcd_TRUE@heim_ipc_reply.h heim_ipc_replyUser.c: heim_ipc_reply.defs +@have_gcd_TRUE@ mig -header heim_ipc_reply.h -user heim_ipc_replyUser.c -sheader /dev/null -server /dev/null -I$(srcdir) $(srcdir)/heim_ipc_reply.defs -check-uu: check-uu.in Makefile - $(do_subst) < $(srcdir)/check-uu.in > check-uu.tmp - chmod +x check-uu.tmp - mv check-uu.tmp check-uu +@have_gcd_TRUE@$(srcdir)/client.c: $(built_ipcc) +@have_gcd_TRUE@$(srcdir)/server.c: $(built_ipcs) -check-pkinit: check-pkinit.in Makefile krb5-pkinit.conf - $(do_subst) < $(srcdir)/check-pkinit.in > check-pkinit.tmp - chmod +x check-pkinit.tmp - mv check-pkinit.tmp check-pkinit - -check-iprop: check-iprop.in Makefile krb5.conf krb5-slave.conf - $(do_subst) < $(srcdir)/check-iprop.in > check-iprop.tmp - chmod +x check-iprop.tmp - mv check-iprop.tmp check-iprop - -check-digest: check-digest.in Makefile - $(do_subst) < $(srcdir)/check-digest.in > check-digest.tmp - chmod +x check-digest.tmp - mv check-digest.tmp check-digest - -check-referral: check-referral.in Makefile - $(do_subst) < $(srcdir)/check-referral.in > check-referral.tmp - chmod +x check-referral.tmp - mv check-referral.tmp check-referral - -krb5.conf: krb5.conf.in Makefile - $(do_subst) \ - -e 's,[@]kdc[@],,g' < $(srcdir)/krb5.conf.in > krb5.conf.tmp - mv krb5.conf.tmp krb5.conf - -krb5-slave.conf: krb5.conf.in Makefile - $(do_subst) \ - -e 's,[@]kdc[@],.slave,g' < $(srcdir)/krb5.conf.in > krb5-slave.conf.tmp - mv krb5-slave.conf.tmp krb5-slave.conf - -krb5-pkinit.conf: krb5-pkinit.conf.in Makefile - $(do_subst) -e 's,[@]w2k[@],no,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit.conf.tmp - mv krb5-pkinit.conf.tmp krb5-pkinit.conf - -krb5-pkinit-win.conf: krb5-pkinit.conf.in Makefile - $(do_subst) -e 's,[@]w2k[@],yes,g' < $(srcdir)/krb5-pkinit.conf.in > krb5-pkinit-win.conf.tmp - mv krb5-pkinit-win.conf.tmp krb5-pkinit-win.conf # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/ipc/client.c b/crypto/heimdal/lib/ipc/client.c new file mode 100644 index 00000000000..bb7d9750bff --- /dev/null +++ b/crypto/heimdal/lib/ipc/client.c @@ -0,0 +1,574 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hi_locl.h" + +#if defined(__APPLE__) && defined(HAVE_GCD) + +#include "heim_ipc.h" +#include "heim_ipc_asyncServer.h" + +#include +#include + +static dispatch_once_t jobqinited = 0; +static dispatch_queue_t jobq = NULL; +static dispatch_queue_t syncq; + +struct mach_ctx { + mach_port_t server; + char *name; +}; + +static int +mach_release(void *ctx); + +static int +mach_init(const char *service, void **ctx) +{ + struct mach_ctx *ipc; + mach_port_t sport; + int ret; + + dispatch_once(&jobqinited, ^{ + jobq = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0); + syncq = dispatch_queue_create("heim-ipc-syncq", NULL); + }); + + ret = bootstrap_look_up(bootstrap_port, service, &sport); + if (ret) + return ret; + + ipc = malloc(sizeof(*ipc)); + if (ipc == NULL) { + mach_port_destroy(mach_task_self(), sport); + return ENOMEM; + } + + ipc->server = sport; + ipc->name = strdup(service); + if (ipc->name == NULL) { + mach_release(ipc); + return ENOMEM; + } + + *ctx = ipc; + + return 0; +} + +static int +mach_ipc(void *ctx, + const heim_idata *request, heim_idata *response, + heim_icred *cred) +{ + struct mach_ctx *ipc = ctx; + heim_ipc_message_inband_t requestin; + mach_msg_type_number_t requestin_length = 0; + heim_ipc_message_outband_t requestout = NULL; + mach_msg_type_number_t requestout_length = 0; + heim_ipc_message_inband_t replyin; + mach_msg_type_number_t replyin_length; + heim_ipc_message_outband_t replyout; + mach_msg_type_number_t replyout_length; + int ret, errorcode, retries = 0; + + memcpy(requestin, request->data, request->length); + requestin_length = request->length; + + while (retries < 2) { + __block mach_port_t sport; + + dispatch_sync(syncq, ^{ sport = ipc->server; }); + + ret = mheim_ipc_call(sport, + requestin, requestin_length, + requestout, requestout_length, + &errorcode, + replyin, &replyin_length, + &replyout, &replyout_length); + if (ret == MACH_SEND_INVALID_DEST) { + mach_port_t nport; + /* race other threads to get a new port */ + ret = bootstrap_look_up(bootstrap_port, ipc->name, &nport); + if (ret) + return ret; + dispatch_sync(syncq, ^{ + /* check if we lost the race to lookup the port */ + if (sport != ipc->server) { + mach_port_deallocate(mach_task_self(), nport); + } else { + mach_port_deallocate(mach_task_self(), ipc->server); + ipc->server = nport; + } + }); + retries++; + } else if (ret) { + return ret; + } else + break; + } + if (retries >= 2) + return EINVAL; + + if (errorcode) { + if (replyout_length) + vm_deallocate (mach_task_self (), (vm_address_t) replyout, + replyout_length); + return errorcode; + } + + if (replyout_length) { + response->data = malloc(replyout_length); + if (response->data == NULL) { + vm_deallocate (mach_task_self (), (vm_address_t) replyout, + replyout_length); + return ENOMEM; + } + memcpy(response->data, replyout, replyout_length); + response->length = replyout_length; + vm_deallocate (mach_task_self (), (vm_address_t) replyout, + replyout_length); + } else { + response->data = malloc(replyin_length); + if (response->data == NULL) + return ENOMEM; + memcpy(response->data, replyin, replyin_length); + response->length = replyin_length; + } + + return 0; +} + +struct async_client { + mach_port_t mp; + dispatch_source_t source; + dispatch_queue_t queue; + void (*func)(void *, int, heim_idata *, heim_icred); + void *userctx; +}; + +kern_return_t +mheim_ado_acall_reply(mach_port_t server_port, + audit_token_t client_creds, + int returnvalue, + heim_ipc_message_inband_t replyin, + mach_msg_type_number_t replyinCnt, + heim_ipc_message_outband_t replyout, + mach_msg_type_number_t replyoutCnt) +{ + struct async_client *c = dispatch_get_context(dispatch_get_current_queue()); + heim_idata response; + + if (returnvalue) { + response.data = NULL; + response.length = 0; + } else if (replyoutCnt) { + response.data = replyout; + response.length = replyoutCnt; + } else { + response.data = replyin; + response.length = replyinCnt; + } + + (*c->func)(c->userctx, returnvalue, &response, NULL); + + if (replyoutCnt) + vm_deallocate (mach_task_self (), (vm_address_t) replyout, replyoutCnt); + + dispatch_source_cancel(c->source); + + return 0; + + +} + + +static int +mach_async(void *ctx, const heim_idata *request, void *userctx, + void (*func)(void *, int, heim_idata *, heim_icred)) +{ + struct mach_ctx *ipc = ctx; + heim_ipc_message_inband_t requestin; + mach_msg_type_number_t requestin_length = 0; + heim_ipc_message_outband_t requestout = NULL; + mach_msg_type_number_t requestout_length = 0; + int ret, retries = 0; + kern_return_t kr; + struct async_client *c; + + /* first create the service that will catch the reply from the server */ + /* XXX these object should be cached and reused */ + + c = malloc(sizeof(*c)); + if (c == NULL) + return ENOMEM; + + kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &c->mp); + if (kr != KERN_SUCCESS) + return EINVAL; + + c->queue = dispatch_queue_create("heim-ipc-async-client", NULL); + c->source = dispatch_source_create(DISPATCH_SOURCE_TYPE_MACH_RECV, c->mp, 0, c->queue); + dispatch_set_context(c->queue, c); + + dispatch_source_set_event_handler(c->source, ^{ + dispatch_mig_server(c->source, + sizeof(union __RequestUnion__mheim_ado_mheim_aipc_subsystem), + mheim_aipc_server); + }); + + dispatch_source_set_cancel_handler(c->source, ^{ + mach_port_mod_refs(mach_task_self(), c->mp, + MACH_PORT_RIGHT_RECEIVE, -1); + dispatch_release(c->queue); + dispatch_release(c->source); + free(c); + }); + + c->func = func; + c->userctx = userctx; + + dispatch_resume(c->source); + + /* ok, send the message */ + + memcpy(requestin, request->data, request->length); + requestin_length = request->length; + + while (retries < 2) { + __block mach_port_t sport; + + dispatch_sync(syncq, ^{ sport = ipc->server; }); + + ret = mheim_ipc_call_request(sport, c->mp, + requestin, requestin_length, + requestout, requestout_length); + if (ret == MACH_SEND_INVALID_DEST) { + ret = bootstrap_look_up(bootstrap_port, ipc->name, &sport); + if (ret) { + dispatch_source_cancel(c->source); + return ret; + } + mach_port_deallocate(mach_task_self(), ipc->server); + ipc->server = sport; + retries++; + } else if (ret) { + dispatch_source_cancel(c->source); + return ret; + } else + break; + } + if (retries >= 2) { + dispatch_source_cancel(c->source); + return EINVAL; + } + + return 0; +} + +static int +mach_release(void *ctx) +{ + struct mach_ctx *ipc = ctx; + if (ipc->server != MACH_PORT_NULL) + mach_port_deallocate(mach_task_self(), ipc->server); + free(ipc->name); + free(ipc); + return 0; +} + +#endif + +struct path_ctx { + char *path; + int fd; +}; + +static int common_release(void *); + +static int +connect_unix(struct path_ctx *s) +{ + struct sockaddr_un addr; + + addr.sun_family = AF_UNIX; + strlcpy(addr.sun_path, s->path, sizeof(addr.sun_path)); + + s->fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (s->fd < 0) + return errno; + rk_cloexec(s->fd); + + if (connect(s->fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) { + close(s->fd); + return errno; + } + + return 0; +} + +static int +common_path_init(const char *service, + const char *file, + void **ctx) +{ + struct path_ctx *s; + + s = malloc(sizeof(*s)); + if (s == NULL) + return ENOMEM; + s->fd = -1; + + asprintf(&s->path, "/var/run/.heim_%s-%s", service, file); + + *ctx = s; + + return 0; +} + +static int +unix_socket_init(const char *service, + void **ctx) +{ + int ret; + + ret = common_path_init(service, "socket", ctx); + if (ret) + return ret; + ret = connect_unix(*ctx); + if (ret) + common_release(*ctx); + + return ret; +} + +static int +unix_socket_ipc(void *ctx, + const heim_idata *req, heim_idata *rep, + heim_icred *cred) +{ + struct path_ctx *s = ctx; + uint32_t len = htonl(req->length); + uint32_t rv; + int retval; + + if (cred) + *cred = NULL; + + rep->data = NULL; + rep->length = 0; + + if (net_write(s->fd, &len, sizeof(len)) != sizeof(len)) + return -1; + if (net_write(s->fd, req->data, req->length) != (ssize_t)req->length) + return -1; + + if (net_read(s->fd, &len, sizeof(len)) != sizeof(len)) + return -1; + if (net_read(s->fd, &rv, sizeof(rv)) != sizeof(rv)) + return -1; + retval = ntohl(rv); + + rep->length = ntohl(len); + if (rep->length > 0) { + rep->data = malloc(rep->length); + if (rep->data == NULL) + return -1; + if (net_read(s->fd, rep->data, rep->length) != (ssize_t)rep->length) + return -1; + } else + rep->data = NULL; + + return retval; +} + +int +common_release(void *ctx) +{ + struct path_ctx *s = ctx; + if (s->fd >= 0) + close(s->fd); + free(s->path); + free(s); + return 0; +} + +#ifdef HAVE_DOOR + +static int +door_init(const char *service, + void **ctx) +{ + ret = common_path_init(context, service, "door", ctx); + if (ret) + return ret; + ret = connect_door(*ctx); + if (ret) + common_release(*ctx); + return ret; +} + +static int +door_ipc(void *ctx, + const heim_idata *request, heim_idata *response, + heim_icred *cred) +{ + door_arg_t arg; + int ret; + + arg.data_ptr = request->data; + arg.data_size = request->length; + arg.desc_ptr = NULL; + arg.desc_num = 0; + arg.rbuf = NULL; + arg.rsize = 0; + + ret = door_call(fd, &arg); + close(fd); + if (ret != 0) + return errno; + + response->data = malloc(arg.rsize); + if (response->data == NULL) { + munmap(arg.rbuf, arg.rsize); + return ENOMEM; + } + memcpy(response->data, arg.rbuf, arg.rsize); + response->length = arg.rsize; + munmap(arg.rbuf, arg.rsize); + + return ret; +} + +#endif + +struct hipc_ops { + const char *prefix; + int (*init)(const char *, void **); + int (*release)(void *); + int (*ipc)(void *,const heim_idata *, heim_idata *, heim_icred *); + int (*async)(void *, const heim_idata *, void *, + void (*)(void *, int, heim_idata *, heim_icred)); +}; + +struct hipc_ops ipcs[] = { +#if defined(__APPLE__) && defined(HAVE_GCD) + { "MACH", mach_init, mach_release, mach_ipc, mach_async }, +#endif +#ifdef HAVE_DOOR + { "DOOR", door_init, common_release, door_ipc, NULL } +#endif + { "UNIX", unix_socket_init, common_release, unix_socket_ipc, NULL } +}; + +struct heim_ipc { + struct hipc_ops *ops; + void *ctx; +}; + + +int +heim_ipc_init_context(const char *name, heim_ipc *ctx) +{ + unsigned int i; + int ret, any = 0; + + for(i = 0; i < sizeof(ipcs)/sizeof(ipcs[0]); i++) { + size_t prefix_len = strlen(ipcs[i].prefix); + heim_ipc c; + if(strncmp(ipcs[i].prefix, name, prefix_len) == 0 + && name[prefix_len] == ':') { + } else if (strncmp("ANY:", name, 4) == 0) { + prefix_len = 3; + any = 1; + } else + continue; + + c = calloc(1, sizeof(*c)); + if (c == NULL) + return ENOMEM; + + c->ops = &ipcs[i]; + + ret = (c->ops->init)(name + prefix_len + 1, &c->ctx); + if (ret) { + free(c); + if (any) + continue; + return ret; + } + + *ctx = c; + return 0; + } + + return ENOENT; +} + +void +heim_ipc_free_context(heim_ipc ctx) +{ + (ctx->ops->release)(ctx->ctx); + free(ctx); +} + +int +heim_ipc_call(heim_ipc ctx, const heim_idata *snd, heim_idata *rcv, + heim_icred *cred) +{ + if (cred) + *cred = NULL; + return (ctx->ops->ipc)(ctx->ctx, snd, rcv, cred); +} + +int +heim_ipc_async(heim_ipc ctx, const heim_idata *snd, void *userctx, + void (*func)(void *, int, heim_idata *, heim_icred)) +{ + if (ctx->ops->async == NULL) { + heim_idata rcv; + heim_icred cred = NULL; + int ret; + + ret = (ctx->ops->ipc)(ctx->ctx, snd, &rcv, &cred); + (*func)(userctx, ret, &rcv, cred); + heim_ipc_free_cred(cred); + free(rcv.data); + return ret; + } else { + return (ctx->ops->async)(ctx->ctx, snd, userctx, func); + } +} diff --git a/crypto/heimdal/lib/ipc/common.c b/crypto/heimdal/lib/ipc/common.c new file mode 100644 index 00000000000..0e8f36dd209 --- /dev/null +++ b/crypto/heimdal/lib/ipc/common.c @@ -0,0 +1,204 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hi_locl.h" +#ifdef HAVE_GCD +#include +#else +#include "heim_threads.h" +#endif + +struct heim_icred { + uid_t uid; + gid_t gid; + pid_t pid; + pid_t session; +}; + +void +heim_ipc_free_cred(heim_icred cred) +{ + free(cred); +} + +uid_t +heim_ipc_cred_get_uid(heim_icred cred) +{ + return cred->uid; +} + +gid_t +heim_ipc_cred_get_gid(heim_icred cred) +{ + return cred->gid; +} + +pid_t +heim_ipc_cred_get_pid(heim_icred cred) +{ + return cred->pid; +} + +pid_t +heim_ipc_cred_get_session(heim_icred cred) +{ + return cred->session; +} + + +int +_heim_ipc_create_cred(uid_t uid, gid_t gid, pid_t pid, pid_t session, heim_icred *cred) +{ + *cred = calloc(1, sizeof(**cred)); + if (*cred == NULL) + return ENOMEM; + (*cred)->uid = uid; + (*cred)->gid = gid; + (*cred)->pid = pid; + (*cred)->session = session; + return 0; +} + +#ifndef HAVE_GCD +struct heim_isemaphore { + HEIMDAL_MUTEX mutex; + pthread_cond_t cond; + long counter; +}; +#endif + +heim_isemaphore +heim_ipc_semaphore_create(long value) +{ +#ifdef HAVE_GCD + return (heim_isemaphore)dispatch_semaphore_create(value); +#elif !defined(ENABLE_PTHREAD_SUPPORT) + heim_assert(0, "no semaphore support w/o pthreads"); + return NULL; +#else + heim_isemaphore s = malloc(sizeof(*s)); + if (s == NULL) + return NULL; + HEIMDAL_MUTEX_init(&s->mutex); + pthread_cond_init(&s->cond, NULL); + s->counter = value; + return s; +#endif +} + +long +heim_ipc_semaphore_wait(heim_isemaphore s, time_t t) +{ +#ifdef HAVE_GCD + uint64_t timeout; + if (t == HEIM_IPC_WAIT_FOREVER) + timeout = DISPATCH_TIME_FOREVER; + else + timeout = (uint64_t)t * NSEC_PER_SEC; + + return dispatch_semaphore_wait((dispatch_semaphore_t)s, timeout); +#elif !defined(ENABLE_PTHREAD_SUPPORT) + heim_assert(0, "no semaphore support w/o pthreads"); + return 0; +#else + HEIMDAL_MUTEX_lock(&s->mutex); + /* if counter hits below zero, we get to wait */ + if (--s->counter < 0) { + int ret; + + if (t == HEIM_IPC_WAIT_FOREVER) + ret = pthread_cond_wait(&s->cond, &s->mutex); + else { + struct timespec ts; + ts.tv_sec = t; + ts.tv_nsec = 0; + ret = pthread_cond_timedwait(&s->cond, &s->mutex, &ts); + } + if (ret) { + HEIMDAL_MUTEX_unlock(&s->mutex); + return errno; + } + } + HEIMDAL_MUTEX_unlock(&s->mutex); + + return 0; +#endif +} + +long +heim_ipc_semaphore_signal(heim_isemaphore s) +{ +#ifdef HAVE_GCD + return dispatch_semaphore_signal((dispatch_semaphore_t)s); +#elif !defined(ENABLE_PTHREAD_SUPPORT) + heim_assert(0, "no semaphore support w/o pthreads"); + return EINVAL; +#else + int wakeup; + HEIMDAL_MUTEX_lock(&s->mutex); + wakeup = (++s->counter == 0) ; + HEIMDAL_MUTEX_unlock(&s->mutex); + if (wakeup) + pthread_cond_signal(&s->cond); + return 0; +#endif +} + +void +heim_ipc_semaphore_release(heim_isemaphore s) +{ +#ifdef HAVE_GCD + dispatch_release((dispatch_semaphore_t)s); +#elif !defined(ENABLE_PTHREAD_SUPPORT) + heim_assert(0, "no semaphore support w/o pthreads"); +#else + HEIMDAL_MUTEX_lock(&s->mutex); + if (s->counter != 0) + abort(); + HEIMDAL_MUTEX_unlock(&s->mutex); + HEIMDAL_MUTEX_destroy(&s->mutex); + pthread_cond_destroy(&s->cond); + free(s); +#endif +} + +void +heim_ipc_free_data(heim_idata *data) +{ + if (data->data) + free(data->data); + data->data = NULL; + data->length = 0; +} diff --git a/crypto/heimdal/lib/ipc/heim-ipc.h b/crypto/heimdal/lib/ipc/heim-ipc.h new file mode 100644 index 00000000000..6fbf309f7cd --- /dev/null +++ b/crypto/heimdal/lib/ipc/heim-ipc.h @@ -0,0 +1,130 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +typedef struct heim_ipc *heim_ipc; +typedef struct heim_sipc *heim_sipc; +typedef struct heim_icred *heim_icred; +typedef struct heim_isemaphore *heim_isemaphore; +typedef struct heim_octet_string heim_idata; +typedef struct heim_sipc_call *heim_sipc_call; + +/* common */ + +void +heim_ipc_free_cred(heim_icred); + +uid_t +heim_ipc_cred_get_uid(heim_icred); + +gid_t +heim_ipc_cred_get_gid(heim_icred); + +pid_t +heim_ipc_cred_get_pid(heim_icred); + +pid_t +heim_ipc_cred_get_session(heim_icred); + +void +heim_ipc_main(void); + +heim_isemaphore +heim_ipc_semaphore_create(long); + +long +heim_ipc_semaphore_wait(heim_isemaphore, time_t); + +long +heim_ipc_semaphore_signal(heim_isemaphore); + +void +heim_ipc_semaphore_release(heim_isemaphore); + +#define HEIM_IPC_WAIT_FOREVER ((time_t)-1) + +void +heim_ipc_free_data(heim_idata *); + +/* client */ + +int +heim_ipc_init_context(const char *, heim_ipc *); + +void +heim_ipc_free_context(heim_ipc); + +int +heim_ipc_call(heim_ipc, const heim_idata *, heim_idata *, heim_icred *); + +int +heim_ipc_async(heim_ipc, const heim_idata *, void *, void (*func)(void *, int, heim_idata *, heim_icred)); + +/* server */ + +#define HEIM_SIPC_TYPE_IPC 1 +#define HEIM_SIPC_TYPE_UINT32 2 +#define HEIM_SIPC_TYPE_HTTP 4 + +typedef void +(*heim_ipc_complete)(heim_sipc_call, int, heim_idata *); + +typedef void +(*heim_ipc_callback)(void *, const heim_idata *, + const heim_icred, heim_ipc_complete, heim_sipc_call); + + +int +heim_sipc_launchd_mach_init(const char *, heim_ipc_callback, + void *, heim_sipc *); + +int +heim_sipc_stream_listener(int, int, heim_ipc_callback, + void *, heim_sipc *); + +int +heim_sipc_service_unix(const char *, heim_ipc_callback, + void *, heim_sipc *); + + +void +heim_sipc_timeout(time_t); + +void +heim_sipc_set_timeout_handler(void (*)(void)); + +void +heim_sipc_free_context(heim_sipc); diff --git a/crypto/heimdal/lib/ipc/heim_ipc.defs b/crypto/heimdal/lib/ipc/heim_ipc.defs new file mode 100644 index 00000000000..ae84791375d --- /dev/null +++ b/crypto/heimdal/lib/ipc/heim_ipc.defs @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +type heim_ipc_message_inband_t = array [ * : 2048 ] of char; +type heim_ipc_message_outband_t = array [] of char; + +import "heim_ipc_types.h"; + +subsystem mheim_ipc 1; +userprefix mheim_ipc_; +serverprefix mheim_do_; + +routine call( + server_port : mach_port_t; + ServerAuditToken client_creds : audit_token_t; + sreplyport reply_port : mach_port_make_send_once_t; + in requestin : heim_ipc_message_inband_t; + in requestout : heim_ipc_message_outband_t; + out returnvalue : int; + out replyin : heim_ipc_message_inband_t; + out replyout : heim_ipc_message_outband_t, dealloc); + +simpleroutine call_request( + server_port : mach_port_t; + ServerAuditToken client_creds : audit_token_t; + in reply_to : mach_port_make_send_once_t; + in requestin : heim_ipc_message_inband_t; + in requestout : heim_ipc_message_outband_t); + + + diff --git a/crypto/heimdal/lib/ipc/heim_ipc_async.defs b/crypto/heimdal/lib/ipc/heim_ipc_async.defs new file mode 100644 index 00000000000..73157c0d1ae --- /dev/null +++ b/crypto/heimdal/lib/ipc/heim_ipc_async.defs @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +type heim_ipc_message_inband_t = array [ * : 2048 ] of char; +type heim_ipc_message_outband_t = array [] of char; + +import "heim_ipc_types.h"; + +subsystem mheim_aipc 201; +userprefix mheim_aipc_; +serverprefix mheim_ado_; + +simpleroutine acall_reply( + server_port : mach_port_move_send_once_t; + ServerAuditToken client_creds : audit_token_t; + in returnvalue : int; + in requestin : heim_ipc_message_inband_t; + in requestout : heim_ipc_message_outband_t); + + + diff --git a/crypto/heimdal/lib/ipc/heim_ipc_reply.defs b/crypto/heimdal/lib/ipc/heim_ipc_reply.defs new file mode 100644 index 00000000000..8209485562f --- /dev/null +++ b/crypto/heimdal/lib/ipc/heim_ipc_reply.defs @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +type heim_ipc_message_inband_t = array [ * : 2048 ] of char; +type heim_ipc_message_outband_t = array [] of char; + +import "heim_ipc_types.h"; + +subsystem heim_ipc 101; +userprefix mheim_ripc_; + +simpleroutine call_reply( + reply_port : mach_port_move_send_once_t; + returnvalue : int; + replyin : heim_ipc_message_inband_t; + replyout : heim_ipc_message_outband_t, dealloc); diff --git a/crypto/heimdal/lib/ipc/heim_ipc_types.h b/crypto/heimdal/lib/ipc/heim_ipc_types.h new file mode 100644 index 00000000000..c853610f1a4 --- /dev/null +++ b/crypto/heimdal/lib/ipc/heim_ipc_types.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _HEIM_IPC_TYPES_H_ +#define _HEIM_IPC_TYPES_H_ + +#define HEIM_KCM_BOOTSTRAP_NAME "org.h5l.Kerberos.kcm" + +typedef char heim_ipc_message_inband_t[2048]; +typedef char *heim_ipc_message_outband_t; + +#endif diff --git a/crypto/heimdal/lib/ipc/hi_locl.h b/crypto/heimdal/lib/ipc/hi_locl.h new file mode 100644 index 00000000000..7efe6ca841e --- /dev/null +++ b/crypto/heimdal/lib/ipc/hi_locl.h @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#ifdef HAVE_SYS_UN_H +#include +#endif + +#include + +#include +#include +#include +#include +#include + +#ifdef HAVE_GETPEERUCRED +#include +#endif + +#include +#include + +#include +#include + +#include + +#if defined(__APPLE__) && defined(HAVE_GCD) +#include +#include +#include +#include + +#ifndef __APPLE_PRIVATE__ /* awe, using private interface */ +typedef boolean_t (*dispatch_mig_callback_t)(mach_msg_header_t *message, mach_msg_header_t *reply); + +mach_msg_return_t +dispatch_mig_server(dispatch_source_t ds, size_t maxmsgsz, dispatch_mig_callback_t callback); +#endif + +#endif + + +#include + +int +_heim_ipc_create_cred(uid_t, gid_t, pid_t, pid_t, heim_icred *); diff --git a/crypto/heimdal/lib/ipc/server.c b/crypto/heimdal/lib/ipc/server.c new file mode 100644 index 00000000000..e4cb03ce275 --- /dev/null +++ b/crypto/heimdal/lib/ipc/server.c @@ -0,0 +1,1187 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "hi_locl.h" +#include + +#define MAX_PACKET_SIZE (128 * 1024) + +struct heim_sipc { + int (*release)(heim_sipc ctx); + heim_ipc_callback callback; + void *userctx; + void *mech; +}; + +#if defined(__APPLE__) && defined(HAVE_GCD) + +#include "heim_ipcServer.h" +#include "heim_ipc_reply.h" +#include "heim_ipc_async.h" + +static dispatch_source_t timer; +static dispatch_queue_t timerq; +static uint64_t timeoutvalue; + +static dispatch_queue_t eventq; + +static dispatch_queue_t workq; + +static void +default_timer_ev(void) +{ + exit(0); +} + +static void (*timer_ev)(void) = default_timer_ev; + +static void +set_timer(void) +{ + dispatch_source_set_timer(timer, + dispatch_time(DISPATCH_TIME_NOW, + timeoutvalue * NSEC_PER_SEC), + timeoutvalue * NSEC_PER_SEC, 1000000); +} + +static void +init_globals(void) +{ + static dispatch_once_t once; + dispatch_once(&once, ^{ + timerq = dispatch_queue_create("hiem-sipc-timer-q", NULL); + timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, timerq); + dispatch_source_set_event_handler(timer, ^{ timer_ev(); } ); + + workq = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0); + eventq = dispatch_queue_create("heim-ipc.event-queue", NULL); + }); +} + +static void +suspend_timer(void) +{ + dispatch_suspend(timer); +} + +static void +restart_timer(void) +{ + dispatch_sync(timerq, ^{ set_timer(); }); + dispatch_resume(timer); +} + +struct mach_service { + mach_port_t sport; + dispatch_source_t source; + dispatch_queue_t queue; +}; + +struct mach_call_ctx { + mach_port_t reply_port; + heim_icred cred; + heim_idata req; +}; + + +static void +mach_complete_sync(heim_sipc_call ctx, int returnvalue, heim_idata *reply) +{ + struct mach_call_ctx *s = (struct mach_call_ctx *)ctx; + heim_ipc_message_inband_t replyin; + mach_msg_type_number_t replyinCnt; + heim_ipc_message_outband_t replyout; + mach_msg_type_number_t replyoutCnt; + kern_return_t kr; + + if (returnvalue) { + /* on error, no reply */ + replyinCnt = 0; + replyout = 0; replyoutCnt = 0; + kr = KERN_SUCCESS; + } else if (reply->length < 2048) { + replyinCnt = reply->length; + memcpy(replyin, reply->data, replyinCnt); + replyout = 0; replyoutCnt = 0; + kr = KERN_SUCCESS; + } else { + replyinCnt = 0; + kr = vm_read(mach_task_self(), + (vm_address_t)reply->data, reply->length, + (vm_address_t *)&replyout, &replyoutCnt); + } + + mheim_ripc_call_reply(s->reply_port, returnvalue, + replyin, replyinCnt, + replyout, replyoutCnt); + + heim_ipc_free_cred(s->cred); + free(s->req.data); + free(s); + restart_timer(); +} + +static void +mach_complete_async(heim_sipc_call ctx, int returnvalue, heim_idata *reply) +{ + struct mach_call_ctx *s = (struct mach_call_ctx *)ctx; + heim_ipc_message_inband_t replyin; + mach_msg_type_number_t replyinCnt; + heim_ipc_message_outband_t replyout; + mach_msg_type_number_t replyoutCnt; + kern_return_t kr; + + if (returnvalue) { + /* on error, no reply */ + replyinCnt = 0; + replyout = 0; replyoutCnt = 0; + kr = KERN_SUCCESS; + } else if (reply->length < 2048) { + replyinCnt = reply->length; + memcpy(replyin, reply->data, replyinCnt); + replyout = 0; replyoutCnt = 0; + kr = KERN_SUCCESS; + } else { + replyinCnt = 0; + kr = vm_read(mach_task_self(), + (vm_address_t)reply->data, reply->length, + (vm_address_t *)&replyout, &replyoutCnt); + } + + kr = mheim_aipc_acall_reply(s->reply_port, returnvalue, + replyin, replyinCnt, + replyout, replyoutCnt); + heim_ipc_free_cred(s->cred); + free(s->req.data); + free(s); + restart_timer(); +} + + +kern_return_t +mheim_do_call(mach_port_t server_port, + audit_token_t client_creds, + mach_port_t reply_port, + heim_ipc_message_inband_t requestin, + mach_msg_type_number_t requestinCnt, + heim_ipc_message_outband_t requestout, + mach_msg_type_number_t requestoutCnt, + int *returnvalue, + heim_ipc_message_inband_t replyin, + mach_msg_type_number_t *replyinCnt, + heim_ipc_message_outband_t *replyout, + mach_msg_type_number_t *replyoutCnt) +{ + heim_sipc ctx = dispatch_get_context(dispatch_get_current_queue()); + struct mach_call_ctx *s; + kern_return_t kr; + uid_t uid; + gid_t gid; + pid_t pid; + au_asid_t session; + + *replyout = NULL; + *replyoutCnt = 0; + *replyinCnt = 0; + + s = malloc(sizeof(*s)); + if (s == NULL) + return KERN_MEMORY_FAILURE; /* XXX */ + + s->reply_port = reply_port; + + audit_token_to_au32(client_creds, NULL, &uid, &gid, NULL, NULL, &pid, &session, NULL); + + kr = _heim_ipc_create_cred(uid, gid, pid, session, &s->cred); + if (kr) { + free(s); + return kr; + } + + suspend_timer(); + + if (requestinCnt) { + s->req.data = malloc(requestinCnt); + memcpy(s->req.data, requestin, requestinCnt); + s->req.length = requestinCnt; + } else { + s->req.data = malloc(requestoutCnt); + memcpy(s->req.data, requestout, requestoutCnt); + s->req.length = requestoutCnt; + } + + dispatch_async(workq, ^{ + (ctx->callback)(ctx->userctx, &s->req, s->cred, + mach_complete_sync, (heim_sipc_call)s); + }); + + return MIG_NO_REPLY; +} + +kern_return_t +mheim_do_call_request(mach_port_t server_port, + audit_token_t client_creds, + mach_port_t reply_port, + heim_ipc_message_inband_t requestin, + mach_msg_type_number_t requestinCnt, + heim_ipc_message_outband_t requestout, + mach_msg_type_number_t requestoutCnt) +{ + heim_sipc ctx = dispatch_get_context(dispatch_get_current_queue()); + struct mach_call_ctx *s; + kern_return_t kr; + uid_t uid; + gid_t gid; + pid_t pid; + au_asid_t session; + + s = malloc(sizeof(*s)); + if (s == NULL) + return KERN_MEMORY_FAILURE; /* XXX */ + + s->reply_port = reply_port; + + audit_token_to_au32(client_creds, NULL, &uid, &gid, NULL, NULL, &pid, &session, NULL); + + kr = _heim_ipc_create_cred(uid, gid, pid, session, &s->cred); + if (kr) { + free(s); + return kr; + } + + suspend_timer(); + + if (requestinCnt) { + s->req.data = malloc(requestinCnt); + memcpy(s->req.data, requestin, requestinCnt); + s->req.length = requestinCnt; + } else { + s->req.data = malloc(requestoutCnt); + memcpy(s->req.data, requestout, requestoutCnt); + s->req.length = requestoutCnt; + } + + dispatch_async(workq, ^{ + (ctx->callback)(ctx->userctx, &s->req, s->cred, + mach_complete_async, (heim_sipc_call)s); + }); + + return KERN_SUCCESS; +} + +static int +mach_init(const char *service, mach_port_t sport, heim_sipc ctx) +{ + struct mach_service *s; + char *name; + + init_globals(); + + s = calloc(1, sizeof(*s)); + if (s == NULL) + return ENOMEM; + + asprintf(&name, "heim-ipc-mach-%s", service); + + s->queue = dispatch_queue_create(name, NULL); + free(name); + s->sport = sport; + + s->source = dispatch_source_create(DISPATCH_SOURCE_TYPE_MACH_RECV, + s->sport, 0, s->queue); + if (s->source == NULL) { + dispatch_release(s->queue); + free(s); + return ENOMEM; + } + ctx->mech = s; + + dispatch_set_context(s->queue, ctx); + dispatch_set_context(s->source, s); + + dispatch_source_set_event_handler(s->source, ^{ + dispatch_mig_server(s->source, sizeof(union __RequestUnion__mheim_do_mheim_ipc_subsystem), mheim_ipc_server); + }); + + dispatch_source_set_cancel_handler(s->source, ^{ + heim_sipc ctx = dispatch_get_context(dispatch_get_current_queue()); + struct mach_service *st = ctx->mech; + mach_port_mod_refs(mach_task_self(), st->sport, + MACH_PORT_RIGHT_RECEIVE, -1); + dispatch_release(st->queue); + dispatch_release(st->source); + free(st); + free(ctx); + }); + + dispatch_resume(s->source); + + return 0; +} + +static int +mach_release(heim_sipc ctx) +{ + struct mach_service *s = ctx->mech; + dispatch_source_cancel(s->source); + dispatch_release(s->source); + return 0; +} + +static mach_port_t +mach_checkin_or_register(const char *service) +{ + mach_port_t mp; + kern_return_t kr; + + kr = bootstrap_check_in(bootstrap_port, service, &mp); + if (kr == KERN_SUCCESS) + return mp; + +#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 1050 + /* Pre SnowLeopard version */ + kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &mp); + if (kr != KERN_SUCCESS) + return MACH_PORT_NULL; + + kr = mach_port_insert_right(mach_task_self(), mp, mp, + MACH_MSG_TYPE_MAKE_SEND); + if (kr != KERN_SUCCESS) { + mach_port_destroy(mach_task_self(), mp); + return MACH_PORT_NULL; + } + + kr = bootstrap_register(bootstrap_port, rk_UNCONST(service), mp); + if (kr != KERN_SUCCESS) { + mach_port_destroy(mach_task_self(), mp); + return MACH_PORT_NULL; + } + + return mp; +#else + return MACH_PORT_NULL; +#endif +} + + +#endif /* __APPLE__ && HAVE_GCD */ + + +int +heim_sipc_launchd_mach_init(const char *service, + heim_ipc_callback callback, + void *user, heim_sipc *ctx) +{ +#if defined(__APPLE__) && defined(HAVE_GCD) + mach_port_t sport = MACH_PORT_NULL; + heim_sipc c = NULL; + int ret; + + *ctx = NULL; + + sport = mach_checkin_or_register(service); + if (sport == MACH_PORT_NULL) { + ret = ENOENT; + goto error; + } + + c = calloc(1, sizeof(*c)); + if (c == NULL) { + ret = ENOMEM; + goto error; + } + c->release = mach_release; + c->userctx = user; + c->callback = callback; + + ret = mach_init(service, sport, c); + if (ret) + goto error; + + *ctx = c; + return 0; + error: + if (c) + free(c); + if (sport != MACH_PORT_NULL) + mach_port_mod_refs(mach_task_self(), sport, + MACH_PORT_RIGHT_RECEIVE, -1); + return ret; +#else /* !(__APPLE__ && HAVE_GCD) */ + *ctx = NULL; + return EINVAL; +#endif /* __APPLE__ && HAVE_GCD */ +} + +struct client { + int fd; + heim_ipc_callback callback; + void *userctx; + int flags; +#define LISTEN_SOCKET 1 +#define WAITING_READ 2 +#define WAITING_WRITE 4 +#define WAITING_CLOSE 8 + +#define HTTP_REPLY 16 + +#define INHERIT_MASK 0xffff0000 +#define INCLUDE_ERROR_CODE (1 << 16) +#define ALLOW_HTTP (1<<17) +#define UNIX_SOCKET (1<<18) + unsigned calls; + size_t ptr, len; + uint8_t *inmsg; + size_t olen; + uint8_t *outmsg; +#ifdef HAVE_GCD + dispatch_source_t in; + dispatch_source_t out; +#endif + struct { + uid_t uid; + gid_t gid; + pid_t pid; + } unixrights; +}; + +#ifndef HAVE_GCD +static unsigned num_clients = 0; +static struct client **clients = NULL; +#endif + +static void handle_read(struct client *); +static void handle_write(struct client *); +static int maybe_close(struct client *); + +/* + * Update peer credentials from socket. + * + * SCM_CREDS can only be updated the first time there is read data to + * read from the filedescriptor, so if we read do it before this + * point, the cred data might not be is not there yet. + */ + +static int +update_client_creds(struct client *c) +{ +#ifdef HAVE_GETPEERUCRED + /* Solaris 10 */ + { + ucred_t *peercred; + + if (getpeerucred(c->fd, &peercred) != 0) { + c->unixrights.uid = ucred_geteuid(peercred); + c->unixrights.gid = ucred_getegid(peercred); + c->unixrights.pid = 0; + ucred_free(peercred); + return 1; + } + } +#endif +#ifdef HAVE_GETPEEREID + /* FreeBSD, OpenBSD */ + { + uid_t uid; + gid_t gid; + + if (getpeereid(c->fd, &uid, &gid) == 0) { + c->unixrights.uid = uid; + c->unixrights.gid = gid; + c->unixrights.pid = 0; + return 1; + } + } +#endif +#ifdef SO_PEERCRED + /* Linux */ + { + struct ucred pc; + socklen_t pclen = sizeof(pc); + + if (getsockopt(c->fd, SOL_SOCKET, SO_PEERCRED, (void *)&pc, &pclen) == 0) { + c->unixrights.uid = pc.uid; + c->unixrights.gid = pc.gid; + c->unixrights.pid = pc.pid; + return 1; + } + } +#endif +#if defined(LOCAL_PEERCRED) && defined(XUCRED_VERSION) + { + struct xucred peercred; + socklen_t peercredlen = sizeof(peercred); + + if (getsockopt(c->fd, LOCAL_PEERCRED, 1, + (void *)&peercred, &peercredlen) == 0 + && peercred.cr_version == XUCRED_VERSION) + { + c->unixrights.uid = peercred.cr_uid; + c->unixrights.gid = peercred.cr_gid; + c->unixrights.pid = 0; + return 1; + } + } +#endif +#if defined(SOCKCREDSIZE) && defined(SCM_CREDS) + /* NetBSD */ + if (c->unixrights.uid == (uid_t)-1) { + struct msghdr msg; + socklen_t crmsgsize; + void *crmsg; + struct cmsghdr *cmp; + struct sockcred *sc; + + memset(&msg, 0, sizeof(msg)); + crmsgsize = CMSG_SPACE(SOCKCREDSIZE(CMGROUP_MAX)); + if (crmsgsize == 0) + return 1 ; + + crmsg = malloc(crmsgsize); + if (crmsg == NULL) + goto failed_scm_creds; + + memset(crmsg, 0, crmsgsize); + + msg.msg_control = crmsg; + msg.msg_controllen = crmsgsize; + + if (recvmsg(c->fd, &msg, 0) < 0) { + free(crmsg); + goto failed_scm_creds; + } + + if (msg.msg_controllen == 0 || (msg.msg_flags & MSG_CTRUNC) != 0) { + free(crmsg); + goto failed_scm_creds; + } + + cmp = CMSG_FIRSTHDR(&msg); + if (cmp->cmsg_level != SOL_SOCKET || cmp->cmsg_type != SCM_CREDS) { + free(crmsg); + goto failed_scm_creds; + } + + sc = (struct sockcred *)(void *)CMSG_DATA(cmp); + + c->unixrights.uid = sc->sc_euid; + c->unixrights.gid = sc->sc_egid; + c->unixrights.pid = 0; + + free(crmsg); + return 1; + } else { + /* we already got the cred, just return it */ + return 1; + } + failed_scm_creds: +#endif + return 0; +} + + +static struct client * +add_new_socket(int fd, + int flags, + heim_ipc_callback callback, + void *userctx) +{ + struct client *c; + int fileflags; + + c = calloc(1, sizeof(*c)); + if (c == NULL) + return NULL; + + if (flags & LISTEN_SOCKET) { + c->fd = fd; + } else { + c->fd = accept(fd, NULL, NULL); + if(c->fd < 0) { + free(c); + return NULL; + } + } + + c->flags = flags; + c->callback = callback; + c->userctx = userctx; + + fileflags = fcntl(c->fd, F_GETFL, 0); + fcntl(c->fd, F_SETFL, fileflags | O_NONBLOCK); + +#ifdef HAVE_GCD + init_globals(); + + c->in = dispatch_source_create(DISPATCH_SOURCE_TYPE_READ, + c->fd, 0, eventq); + c->out = dispatch_source_create(DISPATCH_SOURCE_TYPE_WRITE, + c->fd, 0, eventq); + + dispatch_source_set_event_handler(c->in, ^{ + int rw = (c->flags & WAITING_WRITE); + handle_read(c); + if (rw == 0 && (c->flags & WAITING_WRITE)) + dispatch_resume(c->out); + if ((c->flags & WAITING_READ) == 0) + dispatch_suspend(c->in); + maybe_close(c); + }); + dispatch_source_set_event_handler(c->out, ^{ + handle_write(c); + if ((c->flags & WAITING_WRITE) == 0) { + dispatch_suspend(c->out); + } + maybe_close(c); + }); + + dispatch_resume(c->in); +#else + clients = erealloc(clients, sizeof(clients[0]) * (num_clients + 1)); + clients[num_clients] = c; + num_clients++; +#endif + + return c; +} + +static int +maybe_close(struct client *c) +{ + if (c->calls != 0) + return 0; + if (c->flags & (WAITING_READ|WAITING_WRITE)) + return 0; + +#ifdef HAVE_GCD + dispatch_source_cancel(c->in); + if ((c->flags & WAITING_READ) == 0) + dispatch_resume(c->in); + dispatch_release(c->in); + + dispatch_source_cancel(c->out); + if ((c->flags & WAITING_WRITE) == 0) + dispatch_resume(c->out); + dispatch_release(c->out); +#endif + close(c->fd); /* ref count fd close */ + free(c); + return 1; +} + + +struct socket_call { + heim_idata in; + struct client *c; + heim_icred cred; +}; + +static void +output_data(struct client *c, const void *data, size_t len) +{ + if (c->olen + len < c->olen) + abort(); + c->outmsg = erealloc(c->outmsg, c->olen + len); + memcpy(&c->outmsg[c->olen], data, len); + c->olen += len; + c->flags |= WAITING_WRITE; +} + +static void +socket_complete(heim_sipc_call ctx, int returnvalue, heim_idata *reply) +{ + struct socket_call *sc = (struct socket_call *)ctx; + struct client *c = sc->c; + + /* double complete ? */ + if (c == NULL) + abort(); + + if ((c->flags & WAITING_CLOSE) == 0) { + uint32_t u32; + + /* length */ + u32 = htonl(reply->length); + output_data(c, &u32, sizeof(u32)); + + /* return value */ + if (c->flags & INCLUDE_ERROR_CODE) { + u32 = htonl(returnvalue); + output_data(c, &u32, sizeof(u32)); + } + + /* data */ + output_data(c, reply->data, reply->length); + + /* if HTTP, close connection */ + if (c->flags & HTTP_REPLY) { + c->flags |= WAITING_CLOSE; + c->flags &= ~WAITING_READ; + } + } + + c->calls--; + if (sc->cred) + heim_ipc_free_cred(sc->cred); + free(sc->in.data); + sc->c = NULL; /* so we can catch double complete */ + free(sc); + + maybe_close(c); +} + +/* remove HTTP %-quoting from buf */ +static int +de_http(char *buf) +{ + unsigned char *p, *q; + for(p = q = (unsigned char *)buf; *p; p++, q++) { + if(*p == '%' && isxdigit(p[1]) && isxdigit(p[2])) { + unsigned int x; + if(sscanf((char *)p + 1, "%2x", &x) != 1) + return -1; + *q = x; + p += 2; + } else + *q = *p; + } + *q = '\0'; + return 0; +} + +static struct socket_call * +handle_http_tcp(struct client *c) +{ + struct socket_call *cs; + char *s, *p, *t; + void *data; + char *proto; + int len; + + s = (char *)c->inmsg; + + p = strstr(s, "\r\n"); + if (p == NULL) + return NULL; + + *p = 0; + + p = NULL; + t = strtok_r(s, " \t", &p); + if (t == NULL) + return NULL; + + t = strtok_r(NULL, " \t", &p); + if (t == NULL) + return NULL; + + data = malloc(strlen(t)); + if (data == NULL) + return NULL; + + if(*t == '/') + t++; + if(de_http(t) != 0) { + free(data); + return NULL; + } + proto = strtok_r(NULL, " \t", &p); + if (proto == NULL) { + free(data); + return NULL; + } + len = base64_decode(t, data); + if(len <= 0){ + const char *msg = + " 404 Not found\r\n" + "Server: Heimdal/" VERSION "\r\n" + "Cache-Control: no-cache\r\n" + "Pragma: no-cache\r\n" + "Content-type: text/html\r\n" + "Content-transfer-encoding: 8bit\r\n\r\n" + "404 Not found\r\n" + "

404 Not found

\r\n" + "That page doesn't exist, maybe you are looking for " + "Heimdal?\r\n"; + free(data); + output_data(c, proto, strlen(proto)); + output_data(c, msg, strlen(msg)); + return NULL; + } + + cs = emalloc(sizeof(*cs)); + cs->c = c; + cs->in.data = data; + cs->in.length = len; + c->ptr = 0; + + { + const char *msg = + " 200 OK\r\n" + "Server: Heimdal/" VERSION "\r\n" + "Cache-Control: no-cache\r\n" + "Pragma: no-cache\r\n" + "Content-type: application/octet-stream\r\n" + "Content-transfer-encoding: binary\r\n\r\n"; + output_data(c, proto, strlen(proto)); + output_data(c, msg, strlen(msg)); + } + + return cs; +} + + +static void +handle_read(struct client *c) +{ + ssize_t len; + uint32_t dlen; + + if (c->flags & LISTEN_SOCKET) { + add_new_socket(c->fd, + WAITING_READ | (c->flags & INHERIT_MASK), + c->callback, + c->userctx); + return; + } + + if (c->ptr - c->len < 1024) { + c->inmsg = erealloc(c->inmsg, + c->len + 1024); + c->len += 1024; + } + + len = read(c->fd, c->inmsg + c->ptr, c->len - c->ptr); + if (len <= 0) { + c->flags |= WAITING_CLOSE; + c->flags &= ~WAITING_READ; + return; + } + c->ptr += len; + if (c->ptr > c->len) + abort(); + + while (c->ptr >= sizeof(dlen)) { + struct socket_call *cs; + + if((c->flags & ALLOW_HTTP) && c->ptr >= 4 && + strncmp((char *)c->inmsg, "GET ", 4) == 0 && + strncmp((char *)c->inmsg + c->ptr - 4, "\r\n\r\n", 4) == 0) { + + /* remove the trailing \r\n\r\n so the string is NUL terminated */ + c->inmsg[c->ptr - 4] = '\0'; + + c->flags |= HTTP_REPLY; + + cs = handle_http_tcp(c); + if (cs == NULL) { + c->flags |= WAITING_CLOSE; + c->flags &= ~WAITING_READ; + break; + } + } else { + memcpy(&dlen, c->inmsg, sizeof(dlen)); + dlen = ntohl(dlen); + + if (dlen > MAX_PACKET_SIZE) { + c->flags |= WAITING_CLOSE; + c->flags &= ~WAITING_READ; + return; + } + if (dlen > c->ptr - sizeof(dlen)) { + break; + } + + cs = emalloc(sizeof(*cs)); + cs->c = c; + cs->in.data = emalloc(dlen); + memcpy(cs->in.data, c->inmsg + sizeof(dlen), dlen); + cs->in.length = dlen; + + c->ptr -= sizeof(dlen) + dlen; + memmove(c->inmsg, + c->inmsg + sizeof(dlen) + dlen, + c->ptr); + } + + c->calls++; + + if ((c->flags & UNIX_SOCKET) != 0) { + if (update_client_creds(c)) + _heim_ipc_create_cred(c->unixrights.uid, c->unixrights.gid, + c->unixrights.pid, -1, &cs->cred); + } + + c->callback(c->userctx, &cs->in, + cs->cred, socket_complete, + (heim_sipc_call)cs); + } +} + +static void +handle_write(struct client *c) +{ + ssize_t len; + + len = write(c->fd, c->outmsg, c->olen); + if (len <= 0) { + c->flags |= WAITING_CLOSE; + c->flags &= ~(WAITING_WRITE); + } else if (c->olen != (size_t)len) { + memmove(&c->outmsg[0], &c->outmsg[len], c->olen - len); + c->olen -= len; + } else { + c->olen = 0; + free(c->outmsg); + c->outmsg = NULL; + c->flags &= ~(WAITING_WRITE); + } +} + + +#ifndef HAVE_GCD + +static void +process_loop(void) +{ + struct pollfd *fds; + unsigned n; + unsigned num_fds; + + while(num_clients > 0) { + + fds = malloc(num_clients * sizeof(fds[0])); + if(fds == NULL) + abort(); + + num_fds = num_clients; + + for (n = 0 ; n < num_fds; n++) { + fds[n].fd = clients[n]->fd; + fds[n].events = 0; + if (clients[n]->flags & WAITING_READ) + fds[n].events |= POLLIN; + if (clients[n]->flags & WAITING_WRITE) + fds[n].events |= POLLOUT; + + fds[n].revents = 0; + } + + poll(fds, num_fds, -1); + + for (n = 0 ; n < num_fds; n++) { + if (clients[n] == NULL) + continue; + if (fds[n].revents & POLLERR) { + clients[n]->flags |= WAITING_CLOSE; + continue; + } + + if (fds[n].revents & POLLIN) + handle_read(clients[n]); + if (fds[n].revents & POLLOUT) + handle_write(clients[n]); + } + + n = 0; + while (n < num_clients) { + struct client *c = clients[n]; + if (maybe_close(c)) { + if (n < num_clients - 1) + clients[n] = clients[num_clients - 1]; + num_clients--; + } else + n++; + } + + free(fds); + } +} + +#endif + +static int +socket_release(heim_sipc ctx) +{ + struct client *c = ctx->mech; + c->flags |= WAITING_CLOSE; + return 0; +} + +int +heim_sipc_stream_listener(int fd, int type, + heim_ipc_callback callback, + void *user, heim_sipc *ctx) +{ + heim_sipc ct = calloc(1, sizeof(*ct)); + struct client *c; + + if ((type & HEIM_SIPC_TYPE_IPC) && (type & (HEIM_SIPC_TYPE_UINT32|HEIM_SIPC_TYPE_HTTP))) + return EINVAL; + + switch (type) { + case HEIM_SIPC_TYPE_IPC: + c = add_new_socket(fd, LISTEN_SOCKET|WAITING_READ|INCLUDE_ERROR_CODE, callback, user); + break; + case HEIM_SIPC_TYPE_UINT32: + c = add_new_socket(fd, LISTEN_SOCKET|WAITING_READ, callback, user); + break; + case HEIM_SIPC_TYPE_HTTP: + case HEIM_SIPC_TYPE_UINT32|HEIM_SIPC_TYPE_HTTP: + c = add_new_socket(fd, LISTEN_SOCKET|WAITING_READ|ALLOW_HTTP, callback, user); + break; + default: + free(ct); + return EINVAL; + } + + ct->mech = c; + ct->release = socket_release; + + c->unixrights.uid = (uid_t) -1; + c->unixrights.gid = (gid_t) -1; + c->unixrights.pid = (pid_t) 0; + + *ctx = ct; + return 0; +} + +int +heim_sipc_service_unix(const char *service, + heim_ipc_callback callback, + void *user, heim_sipc *ctx) +{ + struct sockaddr_un un; + int fd, ret; + + un.sun_family = AF_UNIX; + + snprintf(un.sun_path, sizeof(un.sun_path), + "/var/run/.heim_%s-socket", service); + fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + return errno; + + socket_set_reuseaddr(fd, 1); +#ifdef LOCAL_CREDS + { + int one = 1; + setsockopt(fd, 0, LOCAL_CREDS, (void *)&one, sizeof(one)); + } +#endif + + unlink(un.sun_path); + + if (bind(fd, (struct sockaddr *)&un, sizeof(un)) < 0) { + close(fd); + return errno; + } + + if (listen(fd, SOMAXCONN) < 0) { + close(fd); + return errno; + } + + chmod(un.sun_path, 0666); + + ret = heim_sipc_stream_listener(fd, HEIM_SIPC_TYPE_IPC, + callback, user, ctx); + if (ret == 0) { + struct client *c = (*ctx)->mech; + c->flags |= UNIX_SOCKET; + } + + return ret; +} + +/** + * Set the idle timeout value + + * The timeout event handler is triggered recurrently every idle + * period `t'. The default action is rather draconian and just calls + * exit(0), so you might want to change this to something more + * graceful using heim_sipc_set_timeout_handler(). + */ + +void +heim_sipc_timeout(time_t t) +{ +#ifdef HAVE_GCD + static dispatch_once_t timeoutonce; + init_globals(); + dispatch_sync(timerq, ^{ + timeoutvalue = t; + set_timer(); + }); + dispatch_once(&timeoutonce, ^{ dispatch_resume(timer); }); +#else + abort(); +#endif +} + +/** + * Set the timeout event handler + * + * Replaces the default idle timeout action. + */ + +void +heim_sipc_set_timeout_handler(void (*func)(void)) +{ +#ifdef HAVE_GCD + init_globals(); + dispatch_sync(timerq, ^{ timer_ev = func; }); +#else + abort(); +#endif +} + + +void +heim_sipc_free_context(heim_sipc ctx) +{ + (ctx->release)(ctx); +} + +void +heim_ipc_main(void) +{ +#ifdef HAVE_GCD + dispatch_main(); +#else + process_loop(); +#endif +} + diff --git a/crypto/heimdal/lib/ipc/tc.c b/crypto/heimdal/lib/ipc/tc.c new file mode 100644 index 00000000000..8b56d21aa47 --- /dev/null +++ b/crypto/heimdal/lib/ipc/tc.c @@ -0,0 +1,127 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +static int help_flag; +static int version_flag; + +static struct getargs args[] = { + { "help", 'h', arg_flag, &help_flag }, + { "version", 'v', arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int ret) +{ + arg_printusage (args, num_args, NULL, ""); + exit (ret); +} + +static void +reply(void *ctx, int errorcode, heim_idata *reply, heim_icred cred) +{ + printf("got reply\n"); + heim_ipc_semaphore_signal((heim_isemaphore)ctx); /* tell caller we are done */ +} + +static void +test_ipc(const char *service) +{ + heim_isemaphore s; + heim_idata req, rep; + heim_ipc ipc; + int ret; + + ret = heim_ipc_init_context(service, &ipc); + if (ret) + errx(1, "heim_ipc_init_context: %d", ret); + + req.length = 0; + req.data = NULL; + + ret = heim_ipc_call(ipc, &req, &rep, NULL); + if (ret) + errx(1, "heim_ipc_call: %d", ret); + + s = heim_ipc_semaphore_create(0); + if (s == NULL) + errx(1, "heim_ipc_semaphore_create"); + + ret = heim_ipc_async(ipc, &req, s, reply); + if (ret) + errx(1, "heim_ipc_async: %d", ret); + + heim_ipc_semaphore_wait(s, HEIM_IPC_WAIT_FOREVER); /* wait for reply to complete the work */ + + heim_ipc_free_context(ipc); +} + + +int +main(int argc, char **argv) +{ + int optidx = 0; + + setprogname(argv[0]); + + if (getarg(args, num_args, argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage(0); + + if (version_flag) { + print_version(NULL); + exit(0); + } + +#ifdef __APPLE__ + test_ipc("MACH:org.h5l.test-ipc"); +#endif + test_ipc("ANY:org.h5l.test-ipc"); + test_ipc("UNIX:org.h5l.test-ipc"); + + return 0; +} diff --git a/crypto/heimdal/lib/ipc/ts-http.c b/crypto/heimdal/lib/ipc/ts-http.c new file mode 100644 index 00000000000..b493079d94a --- /dev/null +++ b/crypto/heimdal/lib/ipc/ts-http.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include + +static int help_flag; +static int version_flag; + +static struct getargs args[] = { + { "help", 'h', arg_flag, &help_flag }, + { "version", 'v', arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int ret) +{ + arg_printusage (args, num_args, NULL, ""); + exit (ret); +} + +static void +test_service(void *ctx, const heim_idata *req, + const heim_icred cred, + heim_ipc_complete complete, + heim_sipc_call cctx) +{ + heim_idata rep; + printf("got request\n"); + rep.length = 3; + rep.data = strdup("hej"); + (*complete)(cctx, 0, &rep); +} + + +static void +setup_sockets(void) +{ + struct addrinfo hints, *res, *res0; + int ret, s; + heim_sipc u; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + ret = getaddrinfo(NULL, "8080", &hints, &res0); + if (ret) + errx(1, "%s", gai_strerror(ret)); + + for (res = res0; res ; res = res->ai_next) { + s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (s < 0) { + warn("socket"); + continue; + } + socket_set_reuseaddr(s, 1); + socket_set_ipv6only(s, 1); + + if (bind(s, res->ai_addr, res->ai_addrlen) < 0) { + warn("bind"); + close(s); + continue; + } + listen(s, 5); + ret = heim_sipc_stream_listener(s, HEIM_SIPC_TYPE_HTTP, + test_service, NULL, &u); + if (ret) + errx(1, "heim_sipc_stream_listener: %d", ret); + } + freeaddrinfo(res0); +} + + +int +main(int argc, char **argv) +{ + int optidx = 0; + + setprogname(argv[0]); + + if (getarg(args, num_args, argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage(0); + + if (version_flag) { + print_version(NULL); + exit(0); + } + + setup_sockets(); + + heim_ipc_main(); + + return 0; +} diff --git a/crypto/heimdal/lib/ipc/ts.c b/crypto/heimdal/lib/ipc/ts.c new file mode 100644 index 00000000000..680d77bc913 --- /dev/null +++ b/crypto/heimdal/lib/ipc/ts.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include + +static int help_flag; +static int version_flag; + +static struct getargs args[] = { + { "help", 'h', arg_flag, &help_flag }, + { "version", 'v', arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int ret) +{ + arg_printusage (args, num_args, NULL, ""); + exit (ret); +} + +static void +test_service(void *ctx, const heim_idata *req, + const heim_icred cred, + heim_ipc_complete complete, + heim_sipc_call cctx) +{ + heim_idata rep; + printf("got request\n"); + rep.length = 0; + rep.data = NULL; + (*complete)(cctx, 0, &rep); +} + + +int +main(int argc, char **argv) +{ + heim_sipc u; + int optidx = 0; + + setprogname(argv[0]); + + if (getarg(args, num_args, argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage(0); + + if (version_flag) { + print_version(NULL); + exit(0); + } + +#if __APPLE__ + { + heim_sipc mach; + heim_sipc_launchd_mach_init("org.h5l.test-ipc", + test_service, NULL, &mach); + } +#endif + heim_sipc_service_unix("org.h5l.test-ipc", + test_service, NULL, &u); + heim_ipc_main(); + + return 0; +} diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog index 9b1235cf308..50168279cf9 100644 --- a/crypto/heimdal/lib/kadm5/ChangeLog +++ b/crypto/heimdal/lib/kadm5/ChangeLog @@ -1,13 +1,19 @@ -2008-01-21 Love Hörnquist Åstrand +2008-04-23 Love Hörnquist Ã…strand + + * ipropd_master.c: Only log "sending AYT" once, pointed out by Dr + A V Le Blanc. + + +2008-01-21 Love Hörnquist Ã…strand * default_keys.c: Use hdb_free_keys(). -2008-01-11 Love Hörnquist Åstrand +2008-01-11 Love Hörnquist Ã…strand * Makefile.am: add check-cracklib.pl, flush.c, sample_passwd_check.c -2007-12-07 Love Hörnquist Åstrand +2007-12-07 Love Hörnquist Ã…strand * use hdb_db_dir() and hdb_default_db() @@ -16,11 +22,11 @@ * init_c.c: We are getting default_client, not client. this way the user can override the result. -2007-09-29 Love Hörnquist Åstrand +2007-09-29 Love Hörnquist Ã…strand * iprop.8: fix spelling, From Antoine Jacoutt. -2007-08-16 Love Hörnquist Åstrand +2007-08-16 Love Hörnquist Ã…strand * version-script.map: export _kadm5_unmarshal_params, _kadm5_acl_check_permission @@ -29,26 +35,26 @@ * log.c: Unexport the specific log replay operations. -2007-08-10 Love Hörnquist Åstrand +2007-08-10 Love Hörnquist Ã…strand * Makefile.am: build sample_passwd_check.la as part of noinst. * sample_passwd_check.c: Add missing prototype for check_length(). -2007-08-07 Love Hörnquist Åstrand +2007-08-07 Love Hörnquist Ã…strand * log.c: Sprinkle krb5_set_error_string(). * ipropd_slave.c: Provide better error why kadm5_log_replay failed. -2007-08-06 Love Hörnquist Åstrand +2007-08-06 Love Hörnquist Ã…strand * ipropd_master.c: - don't push whole database to the new client every time. - make slaves get the whole new database if they have a newer log the the master (and thus have them go back in time). -2007-08-03 Love Hörnquist Åstrand +2007-08-03 Love Hörnquist Ã…strand * ipropd_slave.c: make more sane. @@ -63,12 +69,12 @@ * ipropd_master.c: Start the server at the current version, not 0. -2007-08-02 Love Hörnquist Åstrand +2007-08-02 Love Hörnquist Ã…strand * ipropd_master.c: Add more logging, to figure out what is happening in the master. -2007-08-01 Love Hörnquist Åstrand +2007-08-01 Love Hörnquist Ã…strand * Makefile.am: add version-script for libkadm5srv.la @@ -81,42 +87,42 @@ hostname, catch signals and print why we are quiting, make nop cause one new version, not two -2007-07-30 Love Hörnquist Åstrand +2007-07-30 Love Hörnquist Ã…strand * ipropd_master.c (send_diffs): make current slave's version uptodate when diff have been sent. -2007-07-27 Love Hörnquist Åstrand +2007-07-27 Love Hörnquist Ã…strand * ipropd_slave.c: More comments and some more error checking. -2007-07-26 Love Hörnquist Åstrand +2007-07-26 Love Hörnquist Ã…strand * init_c.c (get_cache_principal): make sure id is reset if we fail. From Benjamin Bennet. -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * context_s.c (find_db_spec): match realm-less as the default realm. * Makefile.am: New library version. -2007-07-05 Love Hörnquist Åstrand +2007-07-05 Love Hörnquist Ã…strand * context_s.c: Use hdb_get_dbinfo to pick up configuration. ctx->config.realm can be NULL, check for that, from Bjorn S. -2007-07-04 Love Hörnquist Åstrand +2007-07-04 Love Hörnquist Ã…strand * init_c.c: Try harder to use the right principal. -2007-06-20 Love Hörnquist Åstrand +2007-06-20 Love Hörnquist Ã…strand * ipropd_slave.c: Catch return value from krb5_program_setup. From Steven Luo. -2007-05-08 Love Hörnquist Åstrand +2007-05-08 Love Hörnquist Ã…strand * delete_s.c: Write log entry after store is successful, rename out goto statments. @@ -131,7 +137,7 @@ * create_s.c: Write log entry after store is successful. -2007-05-07 Love Hörnquist Åstrand +2007-05-07 Love Hörnquist Ã…strand * iprop-commands.in: Add default values to make this working again. @@ -151,7 +157,7 @@ * log.c (kadm5_log_previous): document assumptions and make less broken. Bug report from Ronny Blomme. -2007-02-17 Love Hörnquist Åstrand +2007-02-17 Love Hörnquist Ã…strand * admin.h: add support to get aliases @@ -161,22 +167,22 @@ * iprop-log.8: Small fixes, from David Love. -2006-12-15 Love Hörnquist Åstrand +2006-12-15 Love Hörnquist Ã…strand * init_c.c: if the user have a kadmin/admin initial ticket, don't ask for password, just use the credential instead. -2006-12-06 Love Hörnquist Åstrand +2006-12-06 Love Hörnquist Ã…strand * ipropd_master.c: Use strcspn to remove \n from string returned - by fgets. From Björn Sandell + by fgets. From Björn Sandell -2006-11-30 Love Hörnquist Åstrand +2006-11-30 Love Hörnquist Ã…strand * init_c.c (kadm_connect): clear error string before trying to print a errno, this way we don't pick up a random failure code -2006-11-20 Love Hörnquist Åstrand +2006-11-20 Love Hörnquist Ã…strand * ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context argument. @@ -184,15 +190,15 @@ * init_c.c: Make krb5_get_init_creds_opt_free take a context argument. -2006-10-22 Love Hörnquist Åstrand +2006-10-22 Love Hörnquist Ã…strand * ent_setup.c: Try to not leak memory. -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: split build files into dist_ and noinst_ SOURCES -2006-08-24 Love Hörnquist Åstrand +2006-08-24 Love Hörnquist Ã…strand * get_s.c: Add KRB5_KDB_ALLOW_DIGEST @@ -200,12 +206,12 @@ * admin.h: Add KRB5_KDB_ALLOW_DIGEST -2006-06-16 Love Hörnquist Åstrand +2006-06-16 Love Hörnquist Ã…strand * check-cracklib.pl: Add password reuse checking. From Harald Barth. -2006-06-14 Love Hörnquist Åstrand +2006-06-14 Love Hörnquist Ã…strand * ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4 @@ -213,31 +219,31 @@ * admin.h: Add KRB5_KDB_ALLOW_KERBEROS4 -2006-06-06 Love Hörnquist Åstrand +2006-06-06 Love Hörnquist Ã…strand * ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION -2006-05-30 Love Hörnquist Åstrand +2006-05-30 Love Hörnquist Ã…strand * password_quality.c (kadm5_check_password_quality): set error message in context. -2006-05-13 Love Hörnquist Åstrand +2006-05-13 Love Hörnquist Ã…strand * iprop-log.c: Avoid shadowing. * rename_s.c: Avoid shadowing. -2006-05-08 Love Hörnquist Åstrand +2006-05-08 Love Hörnquist Ã…strand * privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it that way. -2006-05-05 Love Hörnquist Åstrand +2006-05-05 Love Hörnquist Ã…strand * Rename u_intXX_t to uintXX_t -2006-04-27 Love Hörnquist Åstrand +2006-04-27 Love Hörnquist Ã…strand * chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c: Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for @@ -265,12 +271,12 @@ * chpass_s.c: Break out the that we request from principal from the entry and pass it in as a separate argument. -2006-04-25 Love Hörnquist Åstrand +2006-04-25 Love Hörnquist Ã…strand * create_s.c (create_principal*): If client doesn't send kvno, make sure to set it to 1. -2006-04-10 Love Hörnquist Åstrand +2006-04-10 Love Hörnquist Ã…strand * log.c: (kadm5_log_rename): handle errors better Fixes Coverity, NetBSD CID#628 @@ -285,39 +291,39 @@ * init_c.c (_kadm5_c_get_cred_cache): Free client principal in case of error. Coverity NetBSD CID#1908 -2006-02-02 Love Hörnquist Åstrand +2006-02-02 Love Hörnquist Ã…strand * kadm5_err.et: (PASS_REUSE): Spelling, - from Václav H?la + from Václav H?la -2006-01-25 Love Hörnquist Åstrand +2006-01-25 Love Hörnquist Ã…strand * send_recv.c: Clear error-string when introducing new errors. * *_c.c: Clear error-string when introducing new errors. -2006-01-15 Love Hörnquist Åstrand +2006-01-15 Love Hörnquist Ã…strand * Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove dependency -2005-12-13 Love Hörnquist Åstrand +2005-12-13 Love Hörnquist Ã…strand * memset hdb_entry_ex before use -2005-12-12 Love Hörnquist Åstrand +2005-12-12 Love Hörnquist Ã…strand * Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet -2005-11-30 Love Hörnquist Åstrand +2005-11-30 Love Hörnquist Ã…strand * context_s.c (set_field): try another way to calculate the path to the database/logfile/signal-socket * log.c (kadm5_log_init): set error string on failures -2005-09-08 Love Hörnquist Åstrand +2005-09-08 Love Hörnquist Ã…strand * Constify password. @@ -327,11 +333,11 @@ * get_s.c (kadm5_s_get_principal): clear error string -2005-08-25 Love Hörnquist Åstrand +2005-08-25 Love Hörnquist Ã…strand * iprop-log.8: More text about iprop-log. -2005-08-24 Love Hörnquist Åstrand +2005-08-24 Love Hörnquist Ã…strand * iprop.8: SEE ALSO iprop-log. @@ -343,7 +349,7 @@ iprop-log. * log.c (kadm5_log_foreach): add a context variable and pass it - down to `func´. + down to `func´. * iprop-commands.in: Move truncate_log and replay_log into iprop-log. @@ -371,7 +377,7 @@ * Makefile.am: New program iprop-log that incorperates dump_log as a subcommand, truncate_log and replay_log soon to come after. -2005-08-11 Love Hörnquist Åstrand +2005-08-11 Love Hörnquist Ã…strand * get_s.c: Implement KADM5_LAST_PWD_CHANGE. @@ -393,7 +399,7 @@ * admin.h: Add more TL types (password and extension). -2005-06-17 Love Hörnquist Åstrand +2005-06-17 Love Hörnquist Ã…strand * constify @@ -414,7 +420,7 @@ * common_glue.c: rename variable exp to expression -2005-05-30 Love Hörnquist Åstrand +2005-05-30 Love Hörnquist Ã…strand * ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE @@ -422,7 +428,7 @@ * admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags -2005-05-25 Love Hörnquist Åstrand +2005-05-25 Love Hörnquist Ã…strand * kadm5_pwcheck.3: please mdoclint @@ -441,7 +447,7 @@ * ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it. -2005-05-13 Love Hörnquist Åstrand +2005-05-13 Love Hörnquist Ã…strand * init_c.c (_kadm5_c_init_context): fix memory leak in case of failure @@ -454,12 +460,12 @@ * test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check and kadm5_add_passwd_quality_verifier. -2005-04-30 Love Hörnquist Åstrand +2005-04-30 Love Hörnquist Ã…strand * default_keys.c: #include , only print salt it its longer then 0, use krb5_err instead of errx where appropriate -2005-04-25 Love Hörnquist Åstrand +2005-04-25 Love Hörnquist Ã…strand * ipropd_slave.c: add the documented option --port @@ -467,25 +473,25 @@ * dump_log.c: use the newly generated units function -2005-04-24 Love Hörnquist Åstrand +2005-04-24 Love Hörnquist Ã…strand * dump_log.c: use strlcpy * password_quality.c: don't use sizeof(pointer) -2005-04-15 Love Hörnquist Åstrand +2005-04-15 Love Hörnquist Ã…strand * check-cracklib.pl: external password verifier sample * password_quality.c (kadm5_add_passwd_quality_verifier): if NULL is passed in, load defaults -2005-04-14 Love Hörnquist Åstrand +2005-04-14 Love Hörnquist Ã…strand * password_quality.c: add an end tag to the external password quality check protocol -2005-04-13 Love Hörnquist Åstrand +2005-04-13 Love Hörnquist Ã…strand * password_quality.c: add external passsword quality check builtin module @@ -497,7 +503,7 @@ To approve password a, make the test program return APPROVED on stderr and fail with exit code 0. -2004-10-12 Love Hörnquist Åstrand +2004-10-12 Love Hörnquist Ã…strand * Makefile.am: bump version to 7:7:0 and 6:5:2 @@ -511,7 +517,7 @@ * ipropd_master.c: add help strings to some options -2004-09-12 Love Hörnquist Åstrand +2004-09-12 Love Hörnquist Ã…strand * chpass_s.c: deal with changed prototype for _kadm5_free_keys @@ -522,7 +528,7 @@ (function) static variable and returned allocated memory (_kadm5_generate_key_set): free enctypes returned by parse_key_set -2004-09-06 Love Hörnquist Åstrand +2004-09-06 Love Hörnquist Ã…strand * set_keys.c: Fix memory leak, don't return stack variables From Andrew Bartlett @@ -530,7 +536,7 @@ * set_keys.c: make all_etypes const and move outside function to avoid returning data on stack -2004-08-26 Love Hörnquist Åstrand +2004-08-26 Love Hörnquist Ã…strand * acl.c (fetch_acl): use " \t\n" instead of just "\n" for the delim of the third element, this is so we can match @@ -539,7 +545,7 @@ what really happen was that the last was stamped out, and the it never strtok_r never needed to parse over it. -2004-08-25 Love Hörnquist Åstrand +2004-08-25 Love Hörnquist Ã…strand * set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is without salting, some people tries to add the string @@ -550,17 +556,17 @@ * ipropd_slave.c: add --detach -2004-07-06 Love Hörnquist Åstrand +2004-07-06 Love Hörnquist Ã…strand * ad.c: use new tsasl interface remove debug printf add upn to computer-accounts -2004-06-28 Love Hörnquist Åstrand +2004-06-28 Love Hörnquist Ã…strand * ad.c: implement kadm5_ad_init_with_password_ctx set more error strings -2004-06-21 Love Hörnquist Åstrand +2004-06-21 Love Hörnquist Ã…strand * Makefile.am: man_MANS = kadm5_pwcheck.3 @@ -571,22 +577,22 @@ * kadm5-pwcheck.h: new password check interface -2004-06-08 Love Hörnquist Åstrand +2004-06-08 Love Hörnquist Ã…strand * ipropd_master.c (main): process all slaves, not just up to the last slave sending data - (bug report from Björn Sandell ) + (bug report from Björn Sandell ) (*): only send one ARE_YOU_THERE -2004-06-02 Love Hörnquist Åstrand +2004-06-02 Love Hörnquist Ã…strand * ad.c: use krb5_set_password_using_ccache -2004-06-01 Love Hörnquist Åstrand +2004-06-01 Love Hörnquist Ã…strand * ad.c: try handle spn's better -2004-05-31 Love Hörnquist Åstrand +2004-05-31 Love Hörnquist Ã…strand * ad.c: add expiration time @@ -594,7 +600,7 @@ * ad.c: handle create and delete -2004-05-27 Love Hörnquist Åstrand +2004-05-27 Love Hörnquist Ã…strand * ad.c: more code for get, handle attributes @@ -603,7 +609,7 @@ * ad.c: more code for get, only fetches kvno for now -2004-05-26 Love Hörnquist Åstrand +2004-05-26 Love Hörnquist Ã…strand * ad.c: add support for tsasl @@ -618,12 +624,12 @@ * ad.c: framework for windows AD backend -2004-03-07 Love Hörnquist Åstrand +2004-03-07 Love Hörnquist Ã…strand * create_s.c (kadm5_s_create_principal): remove old XXX command and related code, _kadm5_set_keys will do all this now -2004-02-29 Love Hörnquist Åstrand +2004-02-29 Love Hörnquist Ã…strand * set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy enctype for des keys From: Andrew Bartlett @@ -640,27 +646,27 @@ * set_keys.c (_kadm5_set_*): don't change the kvno, let the callee to that -2003-12-30 Love Hörnquist Åstrand +2003-12-30 Love Hörnquist Ã…strand * chpass_s.c (change): fix same-password-again by decrypting keys and setting an error code From: Buck Huppmann -2003-12-21 Love Hörnquist Åstrand +2003-12-21 Love Hörnquist Ã…strand * init_c.c (_kadm5_c_init_context): catch errors from strdup and other krb5_ functions -2003-12-08 Love Hörnquist Åstrand +2003-12-08 Love Hörnquist Ã…strand * rename_s.c (kadm5_s_rename_principal): allow principal to change realm From Panasas Inc -2003-12-07 Love Hörnquist Åstrand +2003-12-07 Love Hörnquist Ã…strand * destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas, Inc -2003-11-23 Love Hörnquist Åstrand +2003-11-23 Love Hörnquist Ã…strand * iprop.h: don't include @@ -670,7 +676,7 @@ * ipropd_master.c: stop using krb5 lib private byte-frobbing functions and replace them with with krb5_storage -2003-11-19 Love Hörnquist Åstrand +2003-11-19 Love Hörnquist Ã…strand * ipropd_slave.c (receive_loop): when seeking over the entries we already have, skip over the trailer. From: Jeffrey Hutzelman @@ -680,14 +686,14 @@ replay_log.c,truncate_log.c: parse kdc.conf From: Jeffrey Hutzelman -2003-10-10 Love Hörnquist Åstrand +2003-10-10 Love Hörnquist Ã…strand * Makefile.am: += test_pw_quality * test_pw_quality.c: test program for verifying password quality function -2003-09-03 Love Hörnquist Åstrand +2003-09-03 Love Hörnquist Ã…strand * Makefile.am: add and enable check program default_keys @@ -696,61 +702,61 @@ * init_c.c: use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free -2003-08-17 Love Hörnquist Åstrand +2003-08-17 Love Hörnquist Ã…strand * set_keys.c (_kadm5_set_keys_randomly): remove dup return * ipropd_master.c (main): make sure current_version is initialized -2003-08-15 Love Hörnquist Åstrand +2003-08-15 Love Hörnquist Ã…strand * set_keys.c: use default_keys for the both random keys and password derived keys if its defined -2003-07-24 Love Hörnquist Åstrand +2003-07-24 Love Hörnquist Ã…strand * ipropd_slave.c (receive_everything): switch close and rename From: Alf Wachsmann -2003-07-03 Love Hörnquist Åstrand +2003-07-03 Love Hörnquist Ã…strand * iprop.h, ipropd_master.c, ipropd_slave.c: Add probing from the server that the client is still there, also make the client check that the server is probing. -2003-07-02 Love Hörnquist Åstrand +2003-07-02 Love Hörnquist Ã…strand * truncate_log.c (main): add missing ``if (ret)'' -2003-06-26 Love Hörnquist Åstrand +2003-06-26 Love Hörnquist Ã…strand * set_keys.c (make_keys): add AES support * set_keys.c: fix off by one in the aes case, pointed out by Ken Raeburn -2003-04-30 Love Hörnquist Åstrand +2003-04-30 Love Hörnquist Ã…strand * set_keys.c (_kadm5_set_keys_randomly): add ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes support -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * send_recv.c: check return values from krb5_data_alloc * log.c: check return values from krb5_data_alloc -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * dump_log.c (print_entry): check return values from krb5_data_alloc -2003-04-01 Love Hörnquist Åstrand +2003-04-01 Love Hörnquist Ã…strand * init_c.c (kadm_connect): if a context realm was passed in, use that to form the kadmin/admin principal -2003-03-19 Love Hörnquist Åstrand +2003-03-19 Love Hörnquist Ã…strand * ipropd_master.c (main): make sure we don't consider dead slave for select processing diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am index 66ffd375c49..e25ccd11784 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.am +++ b/crypto/heimdal/lib/kadm5/Makefile.am @@ -1,9 +1,7 @@ -# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -SLC = $(top_builddir)/lib/sl/slc - lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la libkadm5srv_la_LDFLAGS = -version-info 8:1:0 libkadm5clnt_la_LDFLAGS = -version-info 7:1:0 @@ -34,7 +32,9 @@ default_keys_SOURCES = default_keys.c kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h +dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h +dist_kadm5include_HEADERS += kadm5-protos.h kadm5-private.h + nodist_kadm5include_HEADERS = kadm5_err.h install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS) @@ -71,7 +71,6 @@ dist_libkadm5clnt_la_SOURCES = \ randkey_c.c \ rename_c.c \ send_recv.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5clnt_la_SOURCES = \ @@ -108,13 +107,15 @@ dist_libkadm5srv_la_SOURCES = \ server_glue.c \ set_keys.c \ set_modifier.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5srv_la_SOURCES = \ kadm5_err.c \ kadm5_err.h +libkadm5srv_la_DEPENDENCIES = \ + version-script.map + dist_iprop_log_SOURCES = iprop-log.c nodist_iprop_log_SOURCES = iprop-commands.c @@ -127,7 +128,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -139,7 +139,6 @@ LDADD = \ iprop_log_LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -183,6 +182,12 @@ $(srcdir)/kadm5-private.h: || rm -f kadm5-private.h EXTRA_DIST = \ + NTMakefile \ + iprop-log-version.rc \ + ipropd-master-version.rc \ + ipropd-slave-version.rc \ + libkadm5srv-version.rc \ + libkadm5srv-exports.def \ kadm5_err.et \ iprop-commands.in \ $(man_MANS) \ diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in index 81f1ced3d9e..71f7659c248 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.in +++ b/crypto/heimdal/lib/kadm5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22403 2008-01-11 14:37:26Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -51,7 +53,7 @@ libexec_PROGRAMS = ipropd-master$(EXEEXT) ipropd-slave$(EXEEXT) subdir = lib/kadm5 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -66,7 +68,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -80,9 +82,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -90,23 +95,38 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man3dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(kadm5includedir)" \ "$(DESTDIR)$(kadm5includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = libkadm5clnt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @@ -121,8 +141,6 @@ libkadm5clnt_la_OBJECTS = $(dist_libkadm5clnt_la_OBJECTS) \ libkadm5clnt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libkadm5clnt_la_LDFLAGS) $(LDFLAGS) -o $@ -libkadm5srv_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \ - ../hdb/libhdb.la $(am__DEPENDENCIES_1) dist_libkadm5srv_la_OBJECTS = acl.lo bump_pw_expire.lo chpass_s.lo \ common_glue.lo context_s.lo create_s.lo delete_s.lo \ destroy_s.lo ent_setup.lo error.lo flush_s.lo free.lo \ @@ -141,14 +159,12 @@ sample_passwd_check_la_OBJECTS = $(am_sample_passwd_check_la_OBJECTS) sample_passwd_check_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(sample_passwd_check_la_LDFLAGS) $(LDFLAGS) -o $@ -libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) am_default_keys_OBJECTS = default_keys.$(OBJEXT) default_keys_OBJECTS = $(am_default_keys_OBJECTS) default_keys_LDADD = $(LDADD) default_keys_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -158,7 +174,7 @@ nodist_iprop_log_OBJECTS = iprop-commands.$(OBJEXT) iprop_log_OBJECTS = $(dist_iprop_log_OBJECTS) \ $(nodist_iprop_log_OBJECTS) iprop_log_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(top_builddir)/lib/sl/libsl.la $(am__DEPENDENCIES_1) \ @@ -169,7 +185,7 @@ am_ipropd_master_OBJECTS = ipropd_master.$(OBJEXT) \ ipropd_master_OBJECTS = $(am_ipropd_master_OBJECTS) ipropd_master_LDADD = $(LDADD) ipropd_master_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -179,7 +195,7 @@ am_ipropd_slave_OBJECTS = ipropd_slave.$(OBJEXT) \ ipropd_slave_OBJECTS = $(am_ipropd_slave_OBJECTS) ipropd_slave_LDADD = $(LDADD) ipropd_slave_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -188,14 +204,14 @@ test_pw_quality_SOURCES = test_pw_quality.c test_pw_quality_OBJECTS = test_pw_quality.$(OBJEXT) test_pw_quality_LDADD = $(LDADD) test_pw_quality_DEPENDENCIES = libkadm5srv.la \ - $(top_builddir)/lib/hdb/libhdb.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -221,8 +237,6 @@ DIST_SOURCES = $(dist_libkadm5clnt_la_SOURCES) \ man3dir = $(mandir)/man3 man8dir = $(mandir)/man8 MANS = $(man_MANS) -dist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_kadm5includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS) ETAGS = etags CTAGS = ctags @@ -231,49 +245,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -297,10 +320,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -317,6 +341,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -332,31 +358,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -371,10 +411,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -415,31 +457,35 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -SLC = $(top_builddir)/lib/sl/slc lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la libkadm5srv_la_LDFLAGS = -version-info 8:1:0 $(am__append_1) libkadm5clnt_la_LDFLAGS = -version-info 7:1:0 @@ -456,7 +502,8 @@ libkadm5clnt_la_LIBADD = \ default_keys_SOURCES = default_keys.c kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h +dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h \ + kadm5-protos.h kadm5-private.h nodist_kadm5include_HEADERS = kadm5_err.h dist_libkadm5clnt_la_SOURCES = \ ad.c \ @@ -479,7 +526,6 @@ dist_libkadm5clnt_la_SOURCES = \ randkey_c.c \ rename_c.c \ send_recv.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5clnt_la_SOURCES = \ @@ -516,13 +562,15 @@ dist_libkadm5srv_la_SOURCES = \ server_glue.c \ set_keys.c \ set_modifier.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5srv_la_SOURCES = \ kadm5_err.c \ kadm5_err.h +libkadm5srv_la_DEPENDENCIES = \ + version-script.map + dist_iprop_log_SOURCES = iprop-log.c nodist_iprop_log_SOURCES = iprop-commands.c ipropd_master_SOURCES = ipropd_master.c ipropd_common.c iprop.h kadm5_locl.h @@ -531,7 +579,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -543,7 +590,6 @@ LDADD = \ iprop_log_LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -557,6 +603,12 @@ iprop_log_LDADD = \ CLEANFILES = kadm5_err.c kadm5_err.h iprop-commands.h iprop-commands.c proto_opts = -q -R '^(_|kadm5_c_|kadm5_s_|kadm5_log)' -P comment EXTRA_DIST = \ + NTMakefile \ + iprop-log-version.rc \ + ipropd-master-version.rc \ + ipropd-slave-version.rc \ + libkadm5srv-version.rc \ + libkadm5srv-exports.def \ kadm5_err.et \ iprop-commands.in \ $(man_MANS) \ @@ -568,19 +620,19 @@ EXTRA_DIST = \ all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/kadm5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/kadm5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kadm5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/kadm5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -598,23 +650,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -642,74 +699,108 @@ sample_passwd_check.la: $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_ $(sample_passwd_check_la_LINK) $(sample_passwd_check_la_OBJECTS) $(sample_passwd_check_la_LIBADD) $(LIBS) clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-libexecPROGRAMS: $(libexec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-libexecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(libexecdir)/$$f"; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files clean-libexecPROGRAMS: - @list='$(libexec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(sbinPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(sbindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list default_keys$(EXEEXT): $(default_keys_OBJECTS) $(default_keys_DEPENDENCIES) @rm -f default_keys$(EXEEXT) $(LINK) $(default_keys_OBJECTS) $(default_keys_LDADD) $(LIBS) @@ -732,194 +823,266 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ad.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bump_pw_expire.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpass_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chpass_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/context_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/create_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/create_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/default_keys.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destroy_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destroy_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ent_setup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/flush_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/flush_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/free.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_princs_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_princs_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/get_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iprop-commands.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iprop-log.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipropd_common.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipropd_master.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipropd_slave.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kadm5_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/marshall.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/modify_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/modify_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/password_quality.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privs_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privs_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randkey_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randkey_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename_c.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rename_s.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sample_passwd_check.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_recv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_modifier.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_pw_quality.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-dist_kadm5includeHEADERS: $(dist_kadm5include_HEADERS) @$(NORMAL_INSTALL) test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)" - @list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \ + @list='$(dist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(dist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - $(dist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(kadm5includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(kadm5includedir)" || exit $$?; \ done uninstall-dist_kadm5includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(dist_kadm5include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \ - done + @list='$(dist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(kadm5includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(kadm5includedir)" && rm -f $$files install-nodist_kadm5includeHEADERS: $(nodist_kadm5include_HEADERS) @$(NORMAL_INSTALL) test -z "$(kadm5includedir)" || $(MKDIR_P) "$(DESTDIR)$(kadm5includedir)" - @list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_kadm5includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - $(nodist_kadm5includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(kadm5includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(kadm5includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(kadm5includedir)" || exit $$?; \ done uninstall-nodist_kadm5includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_kadm5include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(kadm5includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(kadm5includedir)/$$f"; \ - done + @list='$(nodist_kadm5include_HEADERS)'; test -n "$(kadm5includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(kadm5includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(kadm5includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -935,13 +1098,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -979,6 +1146,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -990,6 +1158,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1000,6 +1169,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1008,27 +1179,36 @@ install-data-am: install-dist_kadm5includeHEADERS install-man \ install-nodist_kadm5includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \ install-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1051,11 +1231,10 @@ uninstall-am: uninstall-dist_kadm5includeHEADERS \ uninstall-sbinPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man3 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ @@ -1150,6 +1329,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1235,7 +1417,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1288,6 +1470,7 @@ $(srcdir)/kadm5-private.h: $(dist_libkadm5clnt_la_SOURCES) \ $(dist_libkadm5srv_la_SOURCES) \ || rm -f kadm5-private.h + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/kadm5/acl.c b/crypto/heimdal/lib/kadm5/acl.c index 9a2f75b6cbf..5e263a32513 100644 --- a/crypto/heimdal/lib/kadm5/acl.c +++ b/crypto/heimdal/lib/kadm5/acl.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: acl.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); static struct units acl_units[] = { { "all", KADM5_PRIV_ALL }, @@ -44,7 +44,7 @@ static struct units acl_units[] = { { "modify", KADM5_PRIV_MODIFY }, { "add", KADM5_PRIV_ADD }, { "get", KADM5_PRIV_GET }, - { NULL } + { NULL, 0 } }; kadm5_ret_t @@ -103,7 +103,7 @@ fetch_acl (kadm5_server_context *context, ret = krb5_parse_name(context->context, p, &this_princ); if(ret) break; - if(!krb5_principal_compare(context->context, + if(!krb5_principal_compare(context->context, context->caller, this_princ)) { krb5_free_principal(context->context, this_princ); continue; @@ -150,7 +150,7 @@ _kadm5_acl_init(kadm5_server_context *context) { krb5_principal princ; krb5_error_code ret; - + ret = krb5_parse_name(context->context, KADM5_ADMIN_SERVICE, &princ); if (ret) return ret; diff --git a/crypto/heimdal/lib/kadm5/ad.c b/crypto/heimdal/lib/kadm5/ad.c index 72288d978ea..4ea5cdb08e8 100644 --- a/crypto/heimdal/lib/kadm5/ad.c +++ b/crypto/heimdal/lib/kadm5/ad.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #define HAVE_TSASL 1 @@ -47,7 +47,7 @@ #include #endif -RCSID("$Id: ad.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #ifdef OPENLDAP @@ -141,7 +141,7 @@ ldap_tsasl_bind_s(LDAP *ld, rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &m0); if (rc != LDAP_SUCCESS) goto out; - + m = ldap_first_entry(ld, m0); if (m == NULL) { ldap_msgfree(m0); @@ -175,7 +175,7 @@ ldap_tsasl_bind_s(LDAP *ld, ret = tsasl_request(peer, &in, &out); if (in.tb_size != 0) { free(in.tb_data); - in.tb_data = NULL; + in.tb_data = NULL; in.tb_size = 0; } if (ret != TSASL_DONE && ret != TSASL_CONTINUE) { @@ -278,23 +278,23 @@ _kadm5_ad_connect(void *server_handle) asprintf(&domain, "_ldap._tcp.%s", context->realm); if (domain == NULL) { - krb5_set_error_string(context->context, "malloc"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "malloc"); return KADM5_NO_SRV; } r = dns_lookup(domain, "SRV"); free(domain); if (r == NULL) { - krb5_set_error_string(context->context, "Didn't find ldap dns"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "Didn't find ldap dns"); return KADM5_NO_SRV; - } + } for (rr = r->head ; rr != NULL; rr = rr->next) { - if (rr->type != T_SRV) + if (rr->type != rk_ns_t_srv) continue; s = realloc(servers, sizeof(*servers) * (num_servers + 1)); if (s == NULL) { - krb5_set_error_string(context->context, "malloc"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "malloc"); dns_free_data(r); goto fail; } @@ -307,7 +307,7 @@ _kadm5_ad_connect(void *server_handle) } if (num_servers == 0) { - krb5_set_error_string(context->context, "No AD server found in DNS"); + krb5_set_error_message(context->context, KADM5_NO_SRV, "No AD server found in DNS"); return KADM5_NO_SRV; } @@ -318,29 +318,29 @@ _kadm5_ad_connect(void *server_handle) lp = ldap_init(servers[i].server, servers[i].port); if (lp == NULL) continue; - + if (ldap_set_option(lp, LDAP_OPT_PROTOCOL_VERSION, &version)) { ldap_unbind(lp); continue; } - + if (ldap_set_option(lp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF)) { ldap_unbind(lp); continue; } - + #ifdef HAVE_TSASL lret = ldap_tsasl_bind_s(lp, NULL, NULL, NULL, servers[i].server); - + #else - lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL, + lret = ldap_sasl_interactive_bind_s(lp, NULL, NULL, NULL, NULL, LDAP_SASL_QUIET, sasl_interact, NULL); #endif if (lret != LDAP_SUCCESS) { - krb5_set_error_string(context->context, - "Couldn't contact any AD servers: %s", - ldap_err2string(lret)); + krb5_set_error_message(context->context, 0, + "Couldn't contact any AD servers: %s", + ldap_err2string(lret)); ldap_unbind(lp); continue; } @@ -358,10 +358,10 @@ _kadm5_ad_connect(void *server_handle) int attrlen = 0; char **vals; int ret; - + laddattr(&attr, &attrlen, "defaultNamingContext"); - ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE, + ret = ldap_search_s(CTX2LP(context), "", LDAP_SCOPE_BASE, "objectclass=*", attr, 0, &m); free(attr); if (check_ldap(context, ret)) @@ -370,16 +370,16 @@ _kadm5_ad_connect(void *server_handle) if (ldap_count_entries(CTX2LP(context), m) > 0) { m0 = ldap_first_entry(CTX2LP(context), m); if (m0 == NULL) { - krb5_set_error_string(context->context, - "Error in AD ldap responce"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, + "Error in AD ldap responce"); ldap_msgfree(m); goto fail; } - vals = ldap_get_values(CTX2LP(context), + vals = ldap_get_values(CTX2LP(context), m0, "defaultNamingContext"); if (vals == NULL) { - krb5_set_error_string(context->context, - "No naming context found"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, + "No naming context found"); goto fail; } context->base_dn = strdup(vals[0]); @@ -444,7 +444,7 @@ ad_find_entry(kadm5_ad_context *context, *name = NULL; if (fqdn) - asprintf(&filter, + asprintf(&filter, "(&(objectClass=computer)(|(dNSHostName=%s)(servicePrincipalName=%s)))", fqdn, pn); else if(pn) @@ -453,7 +453,7 @@ ad_find_entry(kadm5_ad_context *context, return KADM5_RPC_ERROR; ret = ldap_search_s(CTX2LP(context), CTX2BASE(context), - LDAP_SCOPE_SUBTREE, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &m); free(filter); if (check_ldap(context, ret)) @@ -496,7 +496,7 @@ ad_get_cred(kadm5_ad_context *context, const char *password) ret = _kadm5_c_get_cred_cache(context->context, context->client_name, service, - password, krb5_prompter_posix, + password, krb5_prompter_posix, NULL, NULL, &cc); free(service); if(ret) @@ -522,14 +522,14 @@ kadm5_ad_chpass_principal(void *server_handle, krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); - ret = krb5_set_password_using_ccache (context->context, + ret = krb5_set_password_using_ccache (context->context, context->ccache, password, principal, &result_code, &result_code_string, &result_string); - + krb5_data_free (&result_code_string); krb5_data_free (&result_string); @@ -548,7 +548,7 @@ get_fqdn(krb5_context context, const krb5_principal p) s = krb5_principal_get_comp_string(context, p, 0); if (p == NULL) return NULL; - + for (i = 0; i < sizeof(hosttypes)/sizeof(hosttypes[0]); i++) { if (strcasecmp(s, hosttypes[i]) == 0) return krb5_principal_get_comp_string(context, p, 1); @@ -574,42 +574,42 @@ kadm5_ad_create_principal(void *server_handle, #ifdef OPENLDAP LDAPMod *attrs[8], rattrs[7], *a; - char *useraccvals[2] = { NULL, NULL }, + char *useraccvals[2] = { NULL, NULL }, *samvals[2], *dnsvals[2], *spnvals[5], *upnvals[2], *tv[2]; - char *ocvals_spn[] = { "top", "person", "organizationalPerson", - "user", "computer", NULL}; + char *ocvals_spn[] = { "top", "person", "organizationalPerson", + "user", "computer", NULL}; char *p, *realmless_p, *p_msrealm = NULL, *dn = NULL; const char *fqdn; char *s, *samname = NULL, *short_spn = NULL; int ret, i; int32_t uf_flags = 0; - + if ((mask & KADM5_PRINCIPAL) == 0) return KADM5_BAD_MASK; for (i = 0; i < sizeof(rattrs)/sizeof(rattrs[0]); i++) attrs[i] = &rattrs[i]; attrs[i] = NULL; - + ret = ad_get_cred(context, NULL); if (ret) return ret; - + ret = _kadm5_ad_connect(server_handle); if (ret) return ret; - + fqdn = get_fqdn(context->context, entry->principal); - + ret = krb5_unparse_name(context->context, entry->principal, &p); if (ret) return ret; - + if (ad_find_entry(context, fqdn, p, NULL) == 0) { free(p); return KADM5_DUP; } - + if (mask & KADM5_ATTRIBUTES) { if (entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX) uf_flags |= UF_ACCOUNTDISABLE|UF_LOCKOUT; @@ -618,7 +618,7 @@ kadm5_ad_create_principal(void *server_handle, if (entry->attributes & KRB5_KDB_REQUIRES_HW_AUTH) uf_flags |= UF_SMARTCARD_REQUIRED; } - + realmless_p = strdup(p); if (realmless_p == NULL) { ret = ENOMEM; @@ -627,7 +627,7 @@ kadm5_ad_create_principal(void *server_handle, s = strrchr(realmless_p, '@'); if (s) *s = '\0'; - + if (fqdn) { /* create computer account */ asprintf(&samname, "%s$", fqdn); @@ -640,7 +640,7 @@ kadm5_ad_create_principal(void *server_handle, s[0] = '$'; s[1] = '\0'; } - + short_spn = strdup(p); if (short_spn == NULL) { errno = ENOMEM; @@ -733,12 +733,12 @@ kadm5_ad_create_principal(void *server_handle, } else { /* create user account */ - + a = &rattrs[0]; a->mod_op = LDAP_MOD_ADD; a->mod_type = "userAccountControl"; a->mod_values = useraccvals; - asprintf(&useraccvals[0], "%d", + asprintf(&useraccvals[0], "%d", uf_flags | UF_PASSWD_NOT_EXPIRE); useraccvals[1] = NULL; @@ -788,7 +788,7 @@ kadm5_ad_create_principal(void *server_handle, return 0; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -830,7 +830,7 @@ kadm5_ad_delete_principal(void *server_handle, krb5_principal principal) return KADM5_RPC_ERROR; return 0; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -864,19 +864,14 @@ static kadm5_ret_t kadm5_ad_flush(void *server_handle) { kadm5_ad_context *context = server_handle; -#ifdef OPENLDAP - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; -#else - krb5_set_error_string(context->context, "Function not implemented"); - return KADM5_RPC_ERROR; -#endif } static kadm5_ret_t kadm5_ad_get_principal(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t entry, + krb5_principal principal, + kadm5_principal_ent_t entry, uint32_t mask) { kadm5_ad_context *context = server_handle; @@ -921,14 +916,14 @@ kadm5_ad_get_principal(void *server_handle, if (q && (p != q && *(q - 1) != '\\')) *q = '/'; - asprintf(&filter, + asprintf(&filter, "(|(userPrincipalName=%s)(servicePrincipalName=%s)(servicePrincipalName=%s))", u, p, u); free(p); free(u); ret = ldap_search_s(CTX2LP(context), CTX2BASE(context), - LDAP_SCOPE_SUBTREE, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &m); free(attr); if (check_ldap(context, ret)) @@ -995,7 +990,7 @@ kadm5_ad_get_principal(void *server_handle, } } if (mask & KADM5_KVNO) { - vals = ldap_get_values(CTX2LP(context), m0, + vals = ldap_get_values(CTX2LP(context), m0, "msDS-KeyVersionNumber"); if (vals) entry->kvno = atoi(vals[0]); @@ -1014,7 +1009,7 @@ kadm5_ad_get_principal(void *server_handle, fail: return KADM5_RPC_ERROR; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1042,10 +1037,10 @@ kadm5_ad_get_principals(void *server_handle, if (ret) return ret; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1054,7 +1049,7 @@ static kadm5_ret_t kadm5_ad_get_privs(void *server_handle, uint32_t*privs) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } @@ -1065,7 +1060,7 @@ kadm5_ad_modify_principal(void *server_handle, { kadm5_ad_context *context = server_handle; - /* + /* * KADM5_ATTRIBUTES * KRB5_KDB_DISALLOW_ALL_TIX (| KADM5_KVNO) */ @@ -1109,14 +1104,14 @@ kadm5_ad_modify_principal(void *server_handle, if (q && (p != q && *(q - 1) != '\\')) *q = '\0'; - asprintf(&filter, + asprintf(&filter, "(|(userPrincipalName=%s)(servicePrincipalName=%s))", s, s); free(p); free(s); ret = ldap_search_s(CTX2LP(context), CTX2BASE(context), - LDAP_SCOPE_SUBTREE, + LDAP_SCOPE_SUBTREE, filter, attr, 0, &m); free(attr); free(filter); @@ -1199,7 +1194,7 @@ kadm5_ad_modify_principal(void *server_handle, a->mod_values = tv; a++; } - + vals = ldap_get_values(CTX2LP(context), m0, "distinguishedName"); if (vals == NULL) { ret = KADM5_RPC_ERROR; @@ -1224,7 +1219,7 @@ kadm5_ad_modify_principal(void *server_handle, free(tv[0]); return ret; #else - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1267,7 +1262,7 @@ kadm5_ad_randkey_principal(void *server_handle, krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); - ret = krb5_set_password_using_ccache (context->context, + ret = krb5_set_password_using_ccache (context->context, context->ccache, password, principal, @@ -1308,7 +1303,7 @@ kadm5_ad_randkey_principal(void *server_handle, *keys = NULL; *n_keys = 0; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; #endif } @@ -1319,18 +1314,18 @@ kadm5_ad_rename_principal(void *server_handle, krb5_principal to) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } static kadm5_ret_t -kadm5_ad_chpass_principal_with_key(void *server_handle, +kadm5_ad_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) { kadm5_ad_context *context = server_handle; - krb5_set_error_string(context->context, "Function not implemented"); + krb5_set_error_message(context->context, KADM5_RPC_ERROR, "Function not implemented"); return KADM5_RPC_ERROR; } @@ -1352,7 +1347,7 @@ set_funcs(kadm5_ad_context *c) SET(c, rename_principal); } -kadm5_ret_t +kadm5_ret_t kadm5_ad_init_with_password_ctx(krb5_context context, const char *client_name, const char *password, @@ -1415,7 +1410,7 @@ kadm5_ad_init_with_password_ctx(krb5_context context, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_ad_init_with_password(const char *client_name, const char *password, const char *service_name, @@ -1431,7 +1426,7 @@ kadm5_ad_init_with_password(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_ad_init_with_password_ctx(context, + ret = kadm5_ad_init_with_password_ctx(context, client_name, password, service_name, diff --git a/crypto/heimdal/lib/kadm5/admin.h b/crypto/heimdal/lib/kadm5/admin.h index 30d68d82379..e3e6755c361 100644 --- a/crypto/heimdal/lib/kadm5/admin.h +++ b/crypto/heimdal/lib/kadm5/admin.h @@ -1,36 +1,36 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: admin.h 20237 2007-02-16 23:54:34Z lha $ */ +/* $Id$ */ #ifndef __KADM5_ADMIN_H__ #define __KADM5_ADMIN_H__ @@ -104,7 +104,7 @@ #define KADM5_HIST_PRINCIPAL "kadmin/history" #define KADM5_CHANGEPW_SERVICE "kadmin/changepw" -typedef struct _krb5_key_data { +typedef struct { int16_t key_data_ver; /* Version */ int16_t key_data_kvno; /* Key Version */ int16_t key_data_type[2]; /* Array of types */ @@ -114,9 +114,9 @@ typedef struct _krb5_key_data { typedef struct _krb5_tl_data { struct _krb5_tl_data* tl_data_next; - int16_t tl_data_type; - int16_t tl_data_length; - void* tl_data_contents; + int16_t tl_data_type; + int16_t tl_data_length; + void* tl_data_contents; } krb5_tl_data; #define KRB5_TL_LAST_PWD_CHANGE 0x0001 @@ -223,7 +223,7 @@ typedef krb5_error_code kadm5_ret_t; #if 0 /* unimplemented functions */ -kadm5_ret_t +kadm5_ret_t kadm5_decrypt_key(void *server_handle, kadm5_principal_ent_t entry, int32_t ktype, int32_t stype, int32_t @@ -232,7 +232,7 @@ kadm5_decrypt_key(void *server_handle, kadm5_ret_t kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t policy, uint32_t mask); + kadm5_policy_ent_t policy, uint32_t mask); kadm5_ret_t kadm5_delete_policy(void *server_handle, char *policy); @@ -240,17 +240,17 @@ kadm5_delete_policy(void *server_handle, char *policy); kadm5_ret_t kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t policy, + kadm5_policy_ent_t policy, uint32_t mask); kadm5_ret_t -kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); +kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); kadm5_ret_t kadm5_get_policies(void *server_handle, char *exp, char ***pols, int *count); -void +void kadm5_free_policy_ent(kadm5_policy_ent_t policy); #endif diff --git a/crypto/heimdal/lib/kadm5/bump_pw_expire.c b/crypto/heimdal/lib/kadm5/bump_pw_expire.c index 17bd5e103ce..5d72360df91 100644 --- a/crypto/heimdal/lib/kadm5/bump_pw_expire.c +++ b/crypto/heimdal/lib/kadm5/bump_pw_expire.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: bump_pw_expire.c 8797 2000-07-24 03:47:54Z assar $"); +RCSID("$Id$"); /* * extend password_expiration if it's defined diff --git a/crypto/heimdal/lib/kadm5/check-cracklib.pl b/crypto/heimdal/lib/kadm5/check-cracklib.pl index 229cc7f0a9b..a6fbd4c82d4 100755 --- a/crypto/heimdal/lib/kadm5/check-cracklib.pl +++ b/crypto/heimdal/lib/kadm5/check-cracklib.pl @@ -29,7 +29,7 @@ # policies = builtin:external-check # external_program = /check-cracklib.pl # -# $Id: check-cracklib.pl 20578 2007-05-07 22:21:51Z lha $ +# $Id$ use strict; use Crypt::Cracklib; @@ -40,6 +40,9 @@ my $database = '/usr/lib/cracklib_dict'; my $historydb = '/var/heimdal/historydb'; # NEED TO CHANGE THESE TO MATCH YOUR SYSTEM +# seconds password reuse allowed (to catch retries from clients) +my $reusetime = 60; + my %params; sub check_basic @@ -60,6 +63,7 @@ sub check_repeat my $result = 'Do not reuse passwords'; my %DB; my $md5context = new Digest::MD5; + my $timenow = scalar(time()); $md5context->reset(); $md5context->add($principal, ":", $passwd); @@ -67,8 +71,10 @@ sub check_repeat my $key=$md5context->hexdigest(); dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb"; - $result = "ok" if (!$DB{$key}); - $DB{$key}=scalar(time()); + if (!$DB{$key} || ($timenow - $DB{$key} < $reusetime)) { + $result = "ok"; + $DB{$key}=$timenow; + } dbmclose(%DB) or die "Internal: Could not close $historydb"; return $result; } @@ -80,7 +86,7 @@ sub badpassword exit 0 } -while (<>) { +while () { last if /^end$/; if (!/^([^:]+): (.+)$/) { die "key value pair not correct: $_"; diff --git a/crypto/heimdal/lib/kadm5/chpass_c.c b/crypto/heimdal/lib/kadm5/chpass_c.c index 5319ce9045b..af4328c9c4f 100644 --- a/crypto/heimdal/lib/kadm5/chpass_c.c +++ b/crypto/heimdal/lib/kadm5/chpass_c.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: chpass_c.c 16661 2006-01-25 12:50:10Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_chpass_principal(void *server_handle, +kadm5_c_chpass_principal(void *server_handle, krb5_principal princ, const char *password) { @@ -53,7 +53,7 @@ kadm5_c_chpass_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_chpass); @@ -61,24 +61,26 @@ kadm5_c_chpass_principal(void *server_handle, krb5_store_string(sp, password); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; } kadm5_ret_t -kadm5_c_chpass_principal_with_key(void *server_handle, +kadm5_c_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) @@ -97,7 +99,7 @@ kadm5_c_chpass_principal_with_key(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_chpass_with_key); @@ -107,17 +109,19 @@ kadm5_c_chpass_principal_with_key(void *server_handle, kadm5_store_key_data (sp, &key_data[i]); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/chpass_s.c b/crypto/heimdal/lib/kadm5/chpass_s.c index abef28c2550..d5407d1549f 100644 --- a/crypto/heimdal/lib/kadm5/chpass_s.c +++ b/crypto/heimdal/lib/kadm5/chpass_s.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: chpass_s.c 20608 2007-05-08 07:11:48Z lha $"); +RCSID("$Id$"); static kadm5_ret_t -change(void *server_handle, +change(void *server_handle, krb5_principal princ, const char *password, int cond) @@ -46,39 +46,55 @@ change(void *server_handle, kadm5_ret_t ret; Key *keys; size_t num_keys; - int cmp = 1; + int existsp = 0; memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); - if(ret == HDB_ERR_NOENTRY) + + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); + if(ret) goto out; - num_keys = ent.entry.keys.len; - keys = ent.entry.keys.val; + if (context->db->hdb_capability_flags & HDB_CAP_F_HANDLE_PASSWORDS) { + ret = context->db->hdb_password(context->context, context->db, + &ent, password, cond); + if (ret) + goto out2; + } else { - ent.entry.keys.len = 0; - ent.entry.keys.val = NULL; + num_keys = ent.entry.keys.len; + keys = ent.entry.keys.val; - ret = _kadm5_set_keys(context, &ent.entry, password); - if(ret) { + ent.entry.keys.len = 0; + ent.entry.keys.val = NULL; + + ret = _kadm5_set_keys(context, &ent.entry, password); + if(ret) { + _kadm5_free_keys (context->context, num_keys, keys); + goto out2; + } + + if (cond) + existsp = _kadm5_exists_keys (ent.entry.keys.val, + ent.entry.keys.len, + keys, num_keys); _kadm5_free_keys (context->context, num_keys, keys); - goto out2; + + if (existsp) { + ret = KADM5_PASS_REUSE; + krb5_set_error_message(context->context, ret, + "Password reuse forbidden"); + goto out2; + } + + ret = hdb_seal_keys(context->context, context->db, &ent.entry); + if (ret) + goto out2; } ent.entry.kvno++; - if (cond) - cmp = _kadm5_cmp_keys (ent.entry.keys.val, ent.entry.keys.len, - keys, num_keys); - _kadm5_free_keys (context->context, num_keys, keys); - - if (cmp == 0) { - krb5_set_error_string(context->context, "Password reuse forbidden"); - ret = KADM5_PASS_REUSE; - goto out2; - } ret = _kadm5_set_modifier(context, &ent.entry); if(ret) @@ -88,11 +104,7 @@ change(void *server_handle, if (ret) goto out2; - ret = hdb_seal_keys(context->context, context->db, &ent.entry); - if (ret) - goto out2; - - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; @@ -117,7 +129,7 @@ out: */ kadm5_ret_t -kadm5_s_chpass_principal_cond(void *server_handle, +kadm5_s_chpass_principal_cond(void *server_handle, krb5_principal princ, const char *password) { @@ -129,7 +141,7 @@ kadm5_s_chpass_principal_cond(void *server_handle, */ kadm5_ret_t -kadm5_s_chpass_principal(void *server_handle, +kadm5_s_chpass_principal(void *server_handle, krb5_principal princ, const char *password) { @@ -141,7 +153,7 @@ kadm5_s_chpass_principal(void *server_handle, */ kadm5_ret_t -kadm5_s_chpass_principal_with_key(void *server_handle, +kadm5_s_chpass_principal_with_key(void *server_handle, krb5_principal princ, int n_key_data, krb5_key_data *key_data) @@ -154,8 +166,8 @@ kadm5_s_chpass_principal_with_key(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, 0, + HDB_F_GET_ANY|HDB_F_ADMIN_DATA, &ent); if(ret == HDB_ERR_NOENTRY) goto out; ret = _kadm5_set_keys2(context, &ent.entry, n_key_data, key_data); @@ -173,7 +185,7 @@ kadm5_s_chpass_principal_with_key(void *server_handle, if (ret) goto out2; - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; diff --git a/crypto/heimdal/lib/kadm5/client_glue.c b/crypto/heimdal/lib/kadm5/client_glue.c index 24d91b3f0d6..2783a9a4bec 100644 --- a/crypto/heimdal/lib/kadm5/client_glue.c +++ b/crypto/heimdal/lib/kadm5/client_glue.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: client_glue.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t kadm5_init_with_password(const char *client_name, diff --git a/crypto/heimdal/lib/kadm5/common_glue.c b/crypto/heimdal/lib/kadm5/common_glue.c index 48d9d845c0a..59579223373 100644 --- a/crypto/heimdal/lib/kadm5/common_glue.c +++ b/crypto/heimdal/lib/kadm5/common_glue.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: common_glue.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); #define __CALL(F, P) (*((kadm5_common_context*)server_handle)->funcs.F)P; diff --git a/crypto/heimdal/lib/kadm5/context_s.c b/crypto/heimdal/lib/kadm5/context_s.c index 6ac7a9cf2d1..e121a48994b 100644 --- a/crypto/heimdal/lib/kadm5/context_s.c +++ b/crypto/heimdal/lib/kadm5/context_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: context_s.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); static void set_funcs(kadm5_server_context *c) @@ -53,6 +53,8 @@ set_funcs(kadm5_server_context *c) SET(c, rename_principal); } +#ifndef NO_UNIX_SOCKETS + static void set_socket_name(krb5_context context, struct sockaddr_un *un) { @@ -61,7 +63,17 @@ set_socket_name(krb5_context context, struct sockaddr_un *un) memset(un, 0, sizeof(*un)); un->sun_family = AF_UNIX; strlcpy (un->sun_path, fn, sizeof(un->sun_path)); + } +#else + +static void +set_socket_info(krb5_context context, struct addrinfo **info) +{ + kadm5_log_signal_socket_info(context, 0, info); +} + +#endif static kadm5_ret_t find_db_spec(kadm5_server_context *ctx) @@ -75,27 +87,27 @@ find_db_spec(kadm5_server_context *ctx) ret = hdb_get_dbinfo(context, &info); if (ret) return ret; - + d = NULL; while ((d = hdb_dbinfo_get_next(info, d)) != NULL) { const char *p = hdb_dbinfo_get_realm(context, d); - + /* match default (realm-less) */ if(p != NULL && strcmp(ctx->config.realm, p) != 0) continue; - + p = hdb_dbinfo_get_dbname(context, d); if (p) ctx->config.dbname = strdup(p); - + p = hdb_dbinfo_get_acl_file(context, d); if (p) ctx->config.acl_file = strdup(p); - + p = hdb_dbinfo_get_mkey_file(context, d); if (p) ctx->config.stash_file = strdup(p); - + p = hdb_dbinfo_get_log_file(context, d); if (p) ctx->log_context.log_file = strdup(p); @@ -115,13 +127,17 @@ find_db_spec(kadm5_server_context *ctx) if (ctx->log_context.log_file == NULL) asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context)); +#ifndef NO_UNIX_SOCKETS set_socket_name(context, &ctx->log_context.socket_name); +#else + set_socket_info(context, &ctx->log_context.socket_info); +#endif return 0; } kadm5_ret_t -_kadm5_s_init_context(kadm5_server_context **ctx, +_kadm5_s_init_context(kadm5_server_context **ctx, kadm5_config_params *params, krb5_context context) { @@ -143,11 +159,11 @@ _kadm5_s_init_context(kadm5_server_context **ctx, (*ctx)->config.acl_file = strdup(params->acl_file); if(is_set(STASH_FILE)) (*ctx)->config.stash_file = strdup(params->stash_file); - + find_db_spec(*ctx); - + /* PROFILE can't be specified for now */ - /* KADMIND_PORT is supposed to be used on the server also, + /* KADMIND_PORT is supposed to be used on the server also, but this doesn't make sense */ /* ADMIN_SERVER is client only */ /* ADNAME is not used at all (as far as I can tell) */ diff --git a/crypto/heimdal/lib/kadm5/create_c.c b/crypto/heimdal/lib/kadm5/create_c.c index 903a06af486..e36b2969cf1 100644 --- a/crypto/heimdal/lib/kadm5/create_c.c +++ b/crypto/heimdal/lib/kadm5/create_c.c @@ -1,43 +1,43 @@ /* - * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000, 2005-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: create_c.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_create_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask, const char *password) { @@ -54,7 +54,7 @@ kadm5_c_create_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_create); @@ -63,17 +63,19 @@ kadm5_c_create_principal(void *server_handle, krb5_store_string(sp, password); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/create_s.c b/crypto/heimdal/lib/kadm5/create_s.c index 9465310cb58..04312c024ed 100644 --- a/crypto/heimdal/lib/kadm5/create_s.c +++ b/crypto/heimdal/lib/kadm5/create_s.c @@ -1,53 +1,53 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: create_s.c 20607 2007-05-08 07:11:11Z lha $"); +RCSID("$Id$"); static kadm5_ret_t -get_default(kadm5_server_context *context, krb5_principal princ, +get_default(kadm5_server_context *context, krb5_principal princ, kadm5_principal_ent_t def) { kadm5_ret_t ret; krb5_principal def_principal; - krb5_realm *realm = krb5_princ_realm(context->context, princ); + krb5_const_realm realm = krb5_principal_get_realm(context->context, princ); - ret = krb5_make_principal(context->context, &def_principal, - *realm, "default", NULL); + ret = krb5_make_principal(context->context, &def_principal, + realm, "default", NULL); if (ret) return ret; - ret = kadm5_s_get_principal(context, def_principal, def, + ret = kadm5_s_get_principal(context, def_principal, def, KADM5_PRINCIPAL_NORMAL_MASK); krb5_free_principal (context->context, def_principal); return ret; @@ -64,7 +64,7 @@ create_principal(kadm5_server_context *context, kadm5_ret_t ret; kadm5_principal_ent_rec defrec, *defent; uint32_t def_mask; - + if((mask & required_mask) != required_mask) return KADM5_BAD_MASK; if((mask & forbidden_mask)) @@ -73,11 +73,11 @@ create_principal(kadm5_server_context *context, /* XXX no real policies for now */ return KADM5_UNK_POLICY; memset(ent, 0, sizeof(*ent)); - ret = krb5_copy_principal(context->context, princ->principal, + ret = krb5_copy_principal(context->context, princ->principal, &ent->entry.principal); if(ret) return ret; - + defent = &defrec; ret = get_default(context, princ->principal, defent); if(ret) { @@ -93,12 +93,13 @@ create_principal(kadm5_server_context *context, defent, def_mask); if(defent) kadm5_free_principal_ent(context, defent); - - ent->entry.created_by.time = time(NULL); - ret = krb5_copy_principal(context->context, context->caller, - &ent->entry.created_by.principal); + if (ret) + return ret; - return ret; + ent->entry.created_by.time = time(NULL); + + return krb5_copy_principal(context->context, context->caller, + &ent->entry.created_by.principal); } kadm5_ret_t @@ -112,10 +113,10 @@ kadm5_s_create_principal_with_key(void *server_handle, ret = create_principal(context, princ, mask, &ent, KADM5_PRINCIPAL | KADM5_KEY_DATA, - KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME - | KADM5_MOD_NAME | KADM5_MKVNO - | KADM5_AUX_ATTRIBUTES - | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO + | KADM5_AUX_ATTRIBUTES + | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT); if(ret) goto out; @@ -126,7 +127,7 @@ kadm5_s_create_principal_with_key(void *server_handle, ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; - + ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) goto out; @@ -140,11 +141,11 @@ out: hdb_free_entry(context->context, &ent); return _kadm5_error_code(ret); } - + kadm5_ret_t kadm5_s_create_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask, const char *password) { @@ -154,10 +155,10 @@ kadm5_s_create_principal(void *server_handle, ret = create_principal(context, princ, mask, &ent, KADM5_PRINCIPAL, - KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME - | KADM5_MOD_NAME | KADM5_MKVNO + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_KEY_DATA - | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS + | KADM5_POLICY_CLR | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT); if(ret) goto out; @@ -175,7 +176,7 @@ kadm5_s_create_principal(void *server_handle, ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out; - + ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) goto out; diff --git a/crypto/heimdal/lib/kadm5/default_keys.c b/crypto/heimdal/lib/kadm5/default_keys.c index 2a851cd8bab..6719e38461d 100644 --- a/crypto/heimdal/lib/kadm5/default_keys.c +++ b/crypto/heimdal/lib/kadm5/default_keys.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include -RCSID("$Id: default_keys.c 22494 2008-01-21 11:56:44Z lha $"); +RCSID("$Id$"); static void print_keys(krb5_context context, Key *keys, size_t nkeys) @@ -72,7 +72,7 @@ print_keys(krb5_context context, Key *keys, size_t nkeys) if (keys[i].salt->salt.length) printf("%.*s", (int)keys[i].salt->salt.length, (char *)keys[i].salt->salt.data); - } + } printf("\n"); } printf("end keys:\n"); @@ -102,7 +102,7 @@ main(int argc, char **argv) krb5_principal principal; ret = krb5_init_context(&context); - if (ret) + if (ret) errx(1, "krb5_init_context"); ret = krb5_parse_name(context, "lha@SU.SE", &principal); diff --git a/crypto/heimdal/lib/kadm5/delete_c.c b/crypto/heimdal/lib/kadm5/delete_c.c index 5018fd6cbf1..2c4ed77494d 100644 --- a/crypto/heimdal/lib/kadm5/delete_c.c +++ b/crypto/heimdal/lib/kadm5/delete_c.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: delete_c.c 16661 2006-01-25 12:50:10Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_delete_principal(void *server_handle, krb5_principal princ) @@ -51,7 +51,7 @@ kadm5_c_delete_principal(void *server_handle, krb5_principal princ) sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_delete); @@ -65,12 +65,12 @@ kadm5_c_delete_principal(void *server_handle, krb5_principal princ) return ret; sp = krb5_storage_from_data (&reply); if(sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/delete_s.c b/crypto/heimdal/lib/kadm5/delete_s.c index b4e5a37467f..7f8f537b06c 100644 --- a/crypto/heimdal/lib/kadm5/delete_s.c +++ b/crypto/heimdal/lib/kadm5/delete_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: delete_s.c 20612 2007-05-08 07:13:45Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_s_delete_principal(void *server_handle, krb5_principal princ) @@ -48,15 +48,15 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) krb5_warn(context->context, ret, "opening database"); return ret; } - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret == HDB_ERR_NOENTRY) goto out; if(ent.entry.flags.immutable) { ret = KADM5_PROTECT_PRINCIPAL; goto out2; } - + ret = hdb_seal_keys(context->context, context->db, &ent.entry); if (ret) goto out2; diff --git a/crypto/heimdal/lib/kadm5/destroy_c.c b/crypto/heimdal/lib/kadm5/destroy_c.c index 9ae2e9d17cb..06a08025694 100644 --- a/crypto/heimdal/lib/kadm5/destroy_c.c +++ b/crypto/heimdal/lib/kadm5/destroy_c.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: destroy_c.c 13198 2003-12-07 19:01:39Z lha $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_c_destroy(void *server_handle) { kadm5_client_context *context = server_handle; diff --git a/crypto/heimdal/lib/kadm5/destroy_s.c b/crypto/heimdal/lib/kadm5/destroy_s.c index edfc6b53b9c..25fc48ba214 100644 --- a/crypto/heimdal/lib/kadm5/destroy_s.c +++ b/crypto/heimdal/lib/kadm5/destroy_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: destroy_s.c 12880 2003-09-19 00:25:35Z lha $"); +RCSID("$Id$"); /* * dealloc a `kadm5_config_params' @@ -56,14 +56,20 @@ static void destroy_kadm5_log_context (kadm5_log_context *c) { free (c->log_file); - close (c->socket_fd); + rk_closesocket (c->socket_fd); +#ifdef NO_UNIX_SOCKETS + if (c->socket_info) { + freeaddrinfo(c->socket_info); + c->socket_info = NULL; + } +#endif } /* * destroy a kadm5 handle */ -kadm5_ret_t +kadm5_ret_t kadm5_s_destroy(void *server_handle) { kadm5_ret_t ret; diff --git a/crypto/heimdal/lib/kadm5/ent_setup.c b/crypto/heimdal/lib/kadm5/ent_setup.c index dfc4a9b5aae..f2d1f2f285b 100644 --- a/crypto/heimdal/lib/kadm5/ent_setup.c +++ b/crypto/heimdal/lib/kadm5/ent_setup.c @@ -1,39 +1,41 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: ent_setup.c 18823 2006-10-22 10:15:53Z lha $"); +RCSID("$Id$"); #define set_value(X, V) do { if((X) == NULL) (X) = malloc(sizeof(*(X))); *(X) = V; } while(0) #define set_null(X) do { if((X) != NULL) free((X)); (X) = NULL; } while (0) @@ -66,7 +68,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags) static kadm5_ret_t perform_tl_data(krb5_context context, HDB *db, - hdb_entry_ex *ent, + hdb_entry_ex *ent, const krb5_tl_data *tl_data) { kadm5_ret_t ret = 0; @@ -101,7 +103,7 @@ perform_tl_data(krb5_context context, NULL); if (ret) return KADM5_BAD_TL_TYPE; - + ret = hdb_replace_extension(context, &ent->entry, &ext); free_HDB_extension(&ext); } else { @@ -110,6 +112,17 @@ perform_tl_data(krb5_context context, return ret; } +static void +default_flags(hdb_entry_ex *ent, int server) +{ + ent->entry.flags.client = 1; + ent->entry.flags.server = !!server; + ent->entry.flags.forwardable = 1; + ent->entry.flags.proxiable = 1; + ent->entry.flags.renewable = 1; + ent->entry.flags.postdate = 1; +} + /* * Create the hdb entry `ent' based on data from `princ' with @@ -121,7 +134,7 @@ kadm5_ret_t _kadm5_setup_entry(kadm5_server_context *context, hdb_entry_ex *ent, uint32_t mask, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t princ_mask, kadm5_principal_ent_t def, uint32_t def_mask) @@ -147,14 +160,10 @@ _kadm5_setup_entry(kadm5_server_context *context, attr_to_flags(def->attributes, &ent->entry.flags); ent->entry.flags.invalid = 0; } else { - ent->entry.flags.client = 1; - ent->entry.flags.server = 1; - ent->entry.flags.forwardable = 1; - ent->entry.flags.proxiable = 1; - ent->entry.flags.renewable = 1; - ent->entry.flags.postdate = 1; + default_flags(ent, 1); } } + if(mask & KADM5_MAX_LIFE) { if(princ_mask & KADM5_MAX_LIFE) { if(princ->max_life) diff --git a/crypto/heimdal/lib/kadm5/error.c b/crypto/heimdal/lib/kadm5/error.c index 46211d2b111..e6a6dec5601 100644 --- a/crypto/heimdal/lib/kadm5/error.c +++ b/crypto/heimdal/lib/kadm5/error.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: error.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t _kadm5_error_code(kadm5_ret_t code) diff --git a/crypto/heimdal/lib/kadm5/flush.c b/crypto/heimdal/lib/kadm5/flush.c index ad1574f0288..4409fe6dc06 100644 --- a/crypto/heimdal/lib/kadm5/flush.c +++ b/crypto/heimdal/lib/kadm5/flush.c @@ -1,47 +1,47 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: flush.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_s_flush(void *server_handle) { return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_c_flush(void *server_handle) { return 0; diff --git a/crypto/heimdal/lib/kadm5/flush_c.c b/crypto/heimdal/lib/kadm5/flush_c.c index 748a49a8e2c..c1a2a0a1cba 100644 --- a/crypto/heimdal/lib/kadm5/flush_c.c +++ b/crypto/heimdal/lib/kadm5/flush_c.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,9 +32,9 @@ #include "kadm5_locl.h" -RCSID("$Id: flush_c.c 5723 1999-03-23 18:23:37Z joda $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_c_flush(void *server_handle) { return 0; diff --git a/crypto/heimdal/lib/kadm5/flush_s.c b/crypto/heimdal/lib/kadm5/flush_s.c index 9bed0c6ce0b..9a52458310f 100644 --- a/crypto/heimdal/lib/kadm5/flush_s.c +++ b/crypto/heimdal/lib/kadm5/flush_s.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,9 +32,9 @@ #include "kadm5_locl.h" -RCSID("$Id: flush_s.c 5723 1999-03-23 18:23:37Z joda $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t kadm5_s_flush(void *server_handle) { return 0; diff --git a/crypto/heimdal/lib/kadm5/free.c b/crypto/heimdal/lib/kadm5/free.c index 1f1740d1eb1..670bc2c2aba 100644 --- a/crypto/heimdal/lib/kadm5/free.c +++ b/crypto/heimdal/lib/kadm5/free.c @@ -1,49 +1,49 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: free.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); -void +void kadm5_free_key_data(void *server_handle, - int16_t *n_key_data, + int16_t *n_key_data, krb5_key_data *key_data) { int i; for(i = 0; i < *n_key_data; i++){ if(key_data[i].key_data_contents[0]){ - memset(key_data[i].key_data_contents[0], + memset(key_data[i].key_data_contents[0], 0, key_data[i].key_data_length[0]); free(key_data[i].key_data_contents[0]); @@ -55,7 +55,7 @@ kadm5_free_key_data(void *server_handle, } -void +void kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t princ) { @@ -78,9 +78,9 @@ kadm5_free_principal_ent(void *server_handle, free (princ->key_data); } -void +void kadm5_free_name_list(void *server_handle, - char **names, + char **names, int *count) { int i; diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c index 5f9724f86f8..3c31a515b2f 100644 --- a/crypto/heimdal/lib/kadm5/get_c.c +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_c.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_get_principal(void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, +kadm5_c_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, uint32_t mask) { kadm5_client_context *context = server_handle; @@ -54,7 +54,7 @@ kadm5_c_get_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_get); @@ -69,13 +69,13 @@ kadm5_c_get_principal(void *server_handle, return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); ret = tmp; - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); if(ret == 0) kadm5_ret_principal_ent(sp, out); krb5_storage_free(sp); diff --git a/crypto/heimdal/lib/kadm5/get_princs_c.c b/crypto/heimdal/lib/kadm5/get_princs_c.c index 81a3cfdb7b1..d5e3461d844 100644 --- a/crypto/heimdal/lib/kadm5/get_princs_c.c +++ b/crypto/heimdal/lib/kadm5/get_princs_c.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_princs_c.c 15484 2005-06-17 05:21:07Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_get_principals(void *server_handle, +kadm5_c_get_principals(void *server_handle, const char *expression, - char ***princs, + char ***princs, int *count) { kadm5_client_context *context = server_handle; @@ -61,6 +61,8 @@ kadm5_c_get_principals(void *server_handle, krb5_store_string(sp, expression); ret = _kadm5_client_send(context, sp); krb5_storage_free(sp); + if (ret) + return ret; ret = _kadm5_client_recv(context, &reply); if(ret) return ret; diff --git a/crypto/heimdal/lib/kadm5/get_princs_s.c b/crypto/heimdal/lib/kadm5/get_princs_s.c index cab6ef7467c..55c8f2e98b6 100644 --- a/crypto/heimdal/lib/kadm5/get_princs_s.c +++ b/crypto/heimdal/lib/kadm5/get_princs_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_princs_s.c 16378 2005-12-12 12:40:12Z lha $"); +RCSID("$Id$"); struct foreach_data { const char *exp; @@ -77,9 +77,9 @@ foreach(krb5_context context, HDB *db, hdb_entry_ex *ent, void *data) } kadm5_ret_t -kadm5_s_get_principals(void *server_handle, +kadm5_s_get_principals(void *server_handle, const char *expression, - char ***princs, + char ***princs, int *count) { struct foreach_data d; @@ -99,7 +99,7 @@ kadm5_s_get_principals(void *server_handle, } d.princs = NULL; d.count = 0; - ret = hdb_foreach(context->context, context->db, 0, foreach, &d); + ret = hdb_foreach(context->context, context->db, HDB_F_ADMIN_DATA, foreach, &d); context->db->hdb_close(context->context, context->db); if(ret == 0) ret = add_princ(&d, NULL); diff --git a/crypto/heimdal/lib/kadm5/get_s.c b/crypto/heimdal/lib/kadm5/get_s.c index 5d0db9bc82a..e03585e222a 100644 --- a/crypto/heimdal/lib/kadm5/get_s.c +++ b/crypto/heimdal/lib/kadm5/get_s.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: get_s.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); static kadm5_ret_t -add_tl_data(kadm5_principal_ent_t ent, int16_t type, +add_tl_data(kadm5_principal_ent_t ent, int16_t type, const void *data, size_t size) { krb5_tl_data *tl; @@ -48,7 +48,7 @@ add_tl_data(kadm5_principal_ent_t ent, int16_t type, tl->tl_data_type = type; tl->tl_data_length = size; tl->tl_data_contents = malloc(size); - if (tl->tl_data_contents == NULL) { + if (tl->tl_data_contents == NULL && size != 0) { free(tl); return _kadm5_error_code(ENOMEM); } @@ -61,32 +61,32 @@ add_tl_data(kadm5_principal_ent_t ent, int16_t type, return 0; } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_put_int(void *buffer, unsigned long value, size_t size); /* XXX */ kadm5_ret_t -kadm5_s_get_principal(void *server_handle, - krb5_principal princ, - kadm5_principal_ent_t out, +kadm5_s_get_principal(void *server_handle, + krb5_principal princ, + kadm5_principal_ent_t out, uint32_t mask) { kadm5_server_context *context = server_handle; kadm5_ret_t ret; hdb_entry_ex ent; - + memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDONLY, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); context->db->hdb_close(context->context, context->db); if(ret) return _kadm5_error_code(ret); memset(out, 0, sizeof(*out)); if(mask & KADM5_PRINCIPAL) - ret = krb5_copy_principal(context->context, ent.entry.principal, + ret = krb5_copy_principal(context->context, ent.entry.principal, &out->principal); if(ret) goto out; @@ -126,11 +126,11 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_MOD_NAME) { if(ent.entry.modified_by) { if (ent.entry.modified_by->principal != NULL) - ret = krb5_copy_principal(context->context, + ret = krb5_copy_principal(context->context, ent.entry.modified_by->principal, &out->mod_name); } else if(ent.entry.created_by.principal != NULL) - ret = krb5_copy_principal(context->context, + ret = krb5_copy_principal(context->context, ent.entry.created_by.principal, &out->mod_name); else @@ -142,7 +142,7 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_KVNO) out->kvno = ent.entry.kvno; if(mask & KADM5_MKVNO) { - int n; + size_t n; out->mkvno = 0; /* XXX */ for(n = 0; n < ent.entry.keys.len; n++) if(ent.entry.keys.val[n].mkvno) { @@ -150,8 +150,16 @@ kadm5_s_get_principal(void *server_handle, break; } } +#if 0 /* XXX implement */ if(mask & KADM5_AUX_ATTRIBUTES) - /* XXX implement */; + ; + if(mask & KADM5_LAST_SUCCESS) + ; + if(mask & KADM5_LAST_FAILED) + ; + if(mask & KADM5_FAIL_AUTH_COUNT) + ; +#endif if(mask & KADM5_POLICY) out->policy = NULL; if(mask & KADM5_MAX_RLIFE) { @@ -160,21 +168,15 @@ kadm5_s_get_principal(void *server_handle, else out->max_renewable_life = INT_MAX; } - if(mask & KADM5_LAST_SUCCESS) - /* XXX implement */; - if(mask & KADM5_LAST_FAILED) - /* XXX implement */; - if(mask & KADM5_FAIL_AUTH_COUNT) - /* XXX implement */; if(mask & KADM5_KEY_DATA){ - int i; + size_t i; Key *key; krb5_key_data *kd; krb5_salt salt; krb5_data *sp; krb5_get_pw_salt(context->context, ent.entry.principal, &salt); out->key_data = malloc(ent.entry.keys.len * sizeof(*out->key_data)); - if (out->key_data == NULL) { + if (out->key_data == NULL && ent.entry.keys.len != 0) { ret = ENOMEM; goto out; } @@ -191,11 +193,11 @@ kadm5_s_get_principal(void *server_handle, /* setup key */ kd->key_data_length[0] = key->key.keyvalue.length; kd->key_data_contents[0] = malloc(kd->key_data_length[0]); - if(kd->key_data_contents[0] == NULL){ + if(kd->key_data_contents[0] == NULL && kd->key_data_length[0] != 0){ ret = ENOMEM; break; } - memcpy(kd->key_data_contents[0], key->key.keyvalue.data, + memcpy(kd->key_data_contents[0], key->key.keyvalue.data, kd->key_data_length[0]); /* setup salt */ if(key->salt) @@ -221,6 +223,7 @@ kadm5_s_get_principal(void *server_handle, } if(mask & KADM5_TL_DATA) { time_t last_pw_expire; + const HDB_Ext_PKINIT_acl *acl; const HDB_Ext_Aliases *aliases; ret = hdb_entry_get_pw_change_time(&ent.entry, &last_pw_expire); @@ -233,21 +236,46 @@ kadm5_s_get_principal(void *server_handle, kadm5_free_principal_ent(context, out); goto out; } - /* + /* * If the client was allowed to get key data, let it have the * password too. */ if(mask & KADM5_KEY_DATA) { heim_utf8_string pw; - ret = hdb_entry_get_password(context->context, + ret = hdb_entry_get_password(context->context, context->db, &ent.entry, &pw); if (ret == 0) { ret = add_tl_data(out, KRB5_TL_PASSWORD, pw, strlen(pw) + 1); free(pw); } - krb5_clear_error_string(context->context); - ret = 0; + krb5_clear_error_message(context->context); + } + + ret = hdb_entry_get_pkinit_acl(&ent.entry, &acl); + if (ret == 0 && acl) { + krb5_data buf; + size_t len; + + ASN1_MALLOC_ENCODE(HDB_Ext_PKINIT_acl, buf.data, buf.length, + acl, &len, ret); + if (ret) { + kadm5_free_principal_ent(context, out); + goto out; + } + if (len != buf.length) + krb5_abortx(context->context, + "internal ASN.1 encoder error"); + ret = add_tl_data(out, KRB5_TL_PKINIT_ACL, buf.data, buf.length); + free(buf.data); + if (ret) { + kadm5_free_principal_ent(context, out); + goto out; + } + } + if(ret){ + kadm5_free_principal_ent(context, out); + goto out; } ret = hdb_entry_get_aliases(&ent.entry, &aliases); diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c index be539924b4b..1623ed1a995 100644 --- a/crypto/heimdal/lib/kadm5/init_c.c +++ b/crypto/heimdal/lib/kadm5/init_c.c @@ -1,43 +1,49 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include +#ifdef HAVE_SYS_SOCKET_H #include +#endif +#ifdef HAVE_NETINET_IN_H #include +#endif +#ifdef HAVE_NETDB_H #include +#endif -RCSID("$Id: init_c.c 21972 2007-10-18 19:11:15Z lha $"); +RCSID("$Id$"); static void set_funcs(kadm5_client_context *c) @@ -58,7 +64,7 @@ set_funcs(kadm5_client_context *c) } kadm5_ret_t -_kadm5_c_init_context(kadm5_client_context **ctx, +_kadm5_c_init_context(kadm5_client_context **ctx, kadm5_config_params *params, krb5_context context) { @@ -117,7 +123,7 @@ _kadm5_c_init_context(kadm5_client_context **ctx, (*ctx)->kadmind_port = htons(strtol (colon, &end, 0)); } if ((*ctx)->kadmind_port == 0) - (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", + (*ctx)->kadmind_port = krb5_getportbyname (context, "kerberos-adm", "tcp", 749); return 0; } @@ -130,11 +136,11 @@ get_kadm_ticket(krb5_context context, { krb5_error_code ret; krb5_creds in, *out; - + memset(&in, 0, sizeof(in)); in.client = client; ret = krb5_parse_name(context, server_name, &in.server); - if(ret) + if(ret) return ret; ret = krb5_get_credentials(context, 0, id, &in, &out); if(ret == 0) @@ -156,14 +162,14 @@ get_new_cache(krb5_context context, krb5_creds cred; krb5_get_init_creds_opt *opt; krb5_ccache id; - + ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) return ret; - krb5_get_init_creds_opt_set_default_flags(context, "kadmin", - krb5_principal_get_realm(context, - client), + krb5_get_init_creds_opt_set_default_flags(context, "kadmin", + krb5_principal_get_realm(context, + client), opt); @@ -210,7 +216,7 @@ get_new_cache(krb5_context context, default: return ret; } - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); if(ret) return ret; ret = krb5_cc_initialize (context, id, cred.client); @@ -225,7 +231,7 @@ get_new_cache(krb5_context context, } /* - * Check the credential cache `id´ to figure out what principal to use + * Check the credential cache `id´ to figure out what principal to use * when talking to the kadmind. If there is a initial kadmin/admin@ * credential in the cache, use that client principal. Otherwise, use * the client principals first component and add /admin to the @@ -246,7 +252,7 @@ get_cache_principal(krb5_context context, *id = NULL; return ret; } - + ret = krb5_cc_get_principal(context, *id, &p1); if(ret) { krb5_cc_close(context, *id); @@ -254,7 +260,7 @@ get_cache_principal(krb5_context context, return ret; } - ret = krb5_make_principal(context, &p2, NULL, + ret = krb5_make_principal(context, &p2, NULL, "kadmin", "admin", NULL); if (ret) { krb5_cc_close(context, *id); @@ -319,16 +325,16 @@ _kadm5_c_get_cred_cache(krb5_context context, krb5_error_code ret; krb5_ccache id = NULL; krb5_principal default_client = NULL, client = NULL; - + /* treat empty password as NULL */ if(password && *password == '\0') password = NULL; if(server_name == NULL) server_name = KADM5_ADMIN_SERVICE; - + if(client_name != NULL) { ret = krb5_parse_name(context, client_name, &client); - if(ret) + if(ret) return ret; } @@ -342,7 +348,7 @@ _kadm5_c_get_cred_cache(krb5_context context, ret = get_cache_principal(context, &id, &default_client); if (ret) { - /* + /* * No client was specified by the caller and we cannot * determine the client from a credentials cache. */ @@ -351,10 +357,10 @@ _kadm5_c_get_cred_cache(krb5_context context, user = get_default_username (); if(user == NULL) { - krb5_set_error_string(context, "Unable to find local user name"); + krb5_set_error_message(context, KADM5_FAILURE, "Unable to find local user name"); return KADM5_FAILURE; } - ret = krb5_make_principal(context, &default_client, + ret = krb5_make_principal(context, &default_client, NULL, user, "admin", NULL); if(ret) return ret; @@ -369,9 +375,9 @@ _kadm5_c_get_cred_cache(krb5_context context, if (client == NULL && default_client != NULL) client = default_client; - - if(id && (default_client == NULL || - krb5_principal_compare(context, client, default_client))) { + + if(id && client && (default_client == NULL || + krb5_principal_compare(context, client, default_client) != 0)) { ret = get_kadm_ticket(context, id, client, server_name); if(ret == 0) { *ret_cache = id; @@ -390,7 +396,7 @@ _kadm5_c_get_cred_cache(krb5_context context, if (client != default_client) krb5_free_principal(context, default_client); - ret = get_new_cache(context, client, password, prompter, keytab, + ret = get_new_cache(context, client, password, prompter, keytab, server_name, ret_cache); krb5_free_principal(context, client); return ret; @@ -402,7 +408,7 @@ kadm_connect(kadm5_client_context *ctx) kadm5_ret_t ret; krb5_principal server; krb5_ccache cc; - int s; + rk_socket_t s = rk_INVALID_SOCKET; struct addrinfo *ai, *a; struct addrinfo hints; int error; @@ -414,7 +420,7 @@ kadm_connect(kadm5_client_context *ctx) memset (&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = IPPROTO_TCP; - + snprintf (portstr, sizeof(portstr), "%u", ntohs(ctx->kadmind_port)); hostname = ctx->admin_server; @@ -424,37 +430,37 @@ kadm_connect(kadm5_client_context *ctx) error = getaddrinfo (hostname, portstr, &hints, &ai); if (error) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KADM5_BAD_SERVER_NAME; } - + for (a = ai; a != NULL; a = a->ai_next) { s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) continue; if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_warn (context, errno, "connect(%s)", hostname); - close (s); + rk_closesocket (s); continue; } break; } if (a == NULL) { freeaddrinfo (ai); - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_warnx (context, "failed to contact %s", hostname); return KADM5_FAILURE; } ret = _kadm5_c_get_cred_cache(context, - ctx->client_name, - ctx->service_name, - NULL, ctx->prompter, ctx->keytab, + ctx->client_name, + ctx->service_name, + NULL, ctx->prompter, ctx->keytab, ctx->ccache, &cc); - + if(ret) { freeaddrinfo (ai); - close(s); + rk_closesocket(s); return ret; } @@ -465,8 +471,8 @@ kadm_connect(kadm5_client_context *ctx) if (service_name == NULL) { freeaddrinfo (ai); - close(s); - krb5_clear_error_string(context); + rk_closesocket(s); + krb5_clear_error_message(context); return ENOMEM; } @@ -476,14 +482,14 @@ kadm_connect(kadm5_client_context *ctx) freeaddrinfo (ai); if(ctx->ccache == NULL) krb5_cc_close(context, cc); - close(s); + rk_closesocket(s); return ret; } ctx->ac = NULL; - ret = krb5_sendauth(context, &ctx->ac, &s, - KADMIN_APPL_VERSION, NULL, - server, AP_OPTS_MUTUAL_REQUIRED, + ret = krb5_sendauth(context, &ctx->ac, &s, + KADMIN_APPL_VERSION, NULL, + server, AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, cc, NULL, NULL, NULL); if(ret == 0) { krb5_data params; @@ -494,47 +500,47 @@ kadm_connect(kadm5_client_context *ctx) p.realm = ctx->realm; } ret = _kadm5_marshal_params(context, &p, ¶ms); - + ret = krb5_write_priv_message(context, ctx->ac, &s, ¶ms); krb5_data_free(¶ms); if(ret) { freeaddrinfo (ai); - close(s); + rk_closesocket(s); if(ctx->ccache == NULL) krb5_cc_close(context, cc); return ret; } } else if(ret == KRB5_SENDAUTH_BADAPPLVERS) { - close(s); + rk_closesocket(s); s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) { freeaddrinfo (ai); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return errno; } if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - close (s); + rk_closesocket (s); freeaddrinfo (ai); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return errno; } - ret = krb5_sendauth(context, &ctx->ac, &s, - KADMIN_OLD_APPL_VERSION, NULL, - server, AP_OPTS_MUTUAL_REQUIRED, + ret = krb5_sendauth(context, &ctx->ac, &s, + KADMIN_OLD_APPL_VERSION, NULL, + server, AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, cc, NULL, NULL, NULL); } freeaddrinfo (ai); if(ret) { - close(s); + rk_closesocket(s); return ret; } - + krb5_free_principal(context, server); if(ctx->ccache == NULL) krb5_cc_close(context, cc); ctx->sock = s; - + return 0; } @@ -547,9 +553,9 @@ _kadm5_connect(void *handle) return 0; } -static kadm5_ret_t +static kadm5_ret_t kadm5_c_init_with_context(krb5_context context, - const char *client_name, + const char *client_name, const char *password, krb5_prompter_fct prompter, const char *keytab, @@ -569,15 +575,15 @@ kadm5_c_init_with_context(krb5_context context, return ret; if(password != NULL && *password != '\0') { - ret = _kadm5_c_get_cred_cache(context, + ret = _kadm5_c_get_cred_cache(context, client_name, - service_name, + service_name, password, prompter, keytab, ccache, &cc); if(ret) return ret; /* XXX */ ccache = cc; } - + if (client_name != NULL) ctx->client_name = strdup(client_name); @@ -592,13 +598,13 @@ kadm5_c_init_with_context(krb5_context context, ctx->ccache = ccache; /* maybe we should copy the params here */ ctx->sock = -1; - + *server_handle = ctx; return 0; } -static kadm5_ret_t -init_context(const char *client_name, +static kadm5_ret_t +init_context(const char *client_name, const char *password, krb5_prompter_fct prompter, const char *keytab, @@ -612,7 +618,7 @@ init_context(const char *client_name, krb5_context context; kadm5_ret_t ret; kadm5_server_context *ctx; - + ret = krb5_init_context(&context); if (ret) return ret; @@ -636,9 +642,9 @@ init_context(const char *client_name, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_password_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -659,8 +665,8 @@ kadm5_c_init_with_password_ctx(krb5_context context, server_handle); } -kadm5_ret_t -kadm5_c_init_with_password(const char *client_name, +kadm5_ret_t +kadm5_c_init_with_password(const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -668,21 +674,21 @@ kadm5_c_init_with_password(const char *client_name, unsigned long api_version, void **server_handle) { - return init_context(client_name, - password, + return init_context(client_name, + password, krb5_prompter_posix, NULL, NULL, - service_name, - realm_params, - struct_version, - api_version, + service_name, + realm_params, + struct_version, + api_version, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_skey_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *keytab, const char *service_name, kadm5_config_params *realm_params, @@ -704,8 +710,8 @@ kadm5_c_init_with_skey_ctx(krb5_context context, } -kadm5_ret_t -kadm5_c_init_with_skey(const char *client_name, +kadm5_ret_t +kadm5_c_init_with_skey(const char *client_name, const char *keytab, const char *service_name, kadm5_config_params *realm_params, @@ -713,19 +719,19 @@ kadm5_c_init_with_skey(const char *client_name, unsigned long api_version, void **server_handle) { - return init_context(client_name, + return init_context(client_name, NULL, NULL, keytab, NULL, - service_name, - realm_params, - struct_version, - api_version, + service_name, + realm_params, + struct_version, + api_version, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_creds_ctx(krb5_context context, const char *client_name, krb5_ccache ccache, @@ -748,7 +754,7 @@ kadm5_c_init_with_creds_ctx(krb5_context context, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_c_init_with_creds(const char *client_name, krb5_ccache ccache, const char *service_name, @@ -757,20 +763,20 @@ kadm5_c_init_with_creds(const char *client_name, unsigned long api_version, void **server_handle) { - return init_context(client_name, + return init_context(client_name, NULL, NULL, NULL, ccache, - service_name, - realm_params, - struct_version, - api_version, + service_name, + realm_params, + struct_version, + api_version, server_handle); } #if 0 -kadm5_ret_t +kadm5_ret_t kadm5_init(char *client_name, char *pass, char *service_name, kadm5_config_params *realm_params, diff --git a/crypto/heimdal/lib/kadm5/init_s.c b/crypto/heimdal/lib/kadm5/init_s.c index dee464b4b9a..1001fce6ddc 100644 --- a/crypto/heimdal/lib/kadm5/init_s.c +++ b/crypto/heimdal/lib/kadm5/init_s.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: init_s.c 9441 2000-12-31 08:01:16Z assar $"); +RCSID("$Id$"); -static kadm5_ret_t +static kadm5_ret_t kadm5_s_init_with_context(krb5_context context, - const char *client_name, + const char *client_name, const char *service_name, kadm5_config_params *realm_params, unsigned long struct_version, @@ -55,19 +55,29 @@ kadm5_s_init_with_context(krb5_context context, assert(ctx->config.stash_file != NULL); assert(ctx->config.acl_file != NULL); assert(ctx->log_context.log_file != NULL); +#ifndef NO_UNIX_SOCKETS assert(ctx->log_context.socket_name.sun_path[0] != '\0'); +#else + assert(ctx->log_context.socket_info != NULL); +#endif ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname); if(ret) return ret; - ret = hdb_set_master_keyfile (ctx->context, + ret = hdb_set_master_keyfile (ctx->context, ctx->db, ctx->config.stash_file); if(ret) return ret; ctx->log_context.log_fd = -1; +#ifndef NO_UNIX_SOCKETS ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0); +#else + ctx->log_context.socket_fd = socket (ctx->log_context.socket_info->ai_family, + ctx->log_context.socket_info->ai_socktype, + ctx->log_context.socket_info->ai_protocol); +#endif ret = krb5_parse_name(ctx->context, client_name, &ctx->caller); if(ret) @@ -76,14 +86,14 @@ kadm5_s_init_with_context(krb5_context context, ret = _kadm5_acl_init(ctx); if(ret) return ret; - + *server_handle = ctx; return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_password_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -100,8 +110,8 @@ kadm5_s_init_with_password_ctx(krb5_context context, server_handle); } -kadm5_ret_t -kadm5_s_init_with_password(const char *client_name, +kadm5_ret_t +kadm5_s_init_with_password(const char *client_name, const char *password, const char *service_name, kadm5_config_params *realm_params, @@ -116,13 +126,13 @@ kadm5_s_init_with_password(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_s_init_with_password_ctx(context, - client_name, - password, - service_name, - realm_params, - struct_version, - api_version, + ret = kadm5_s_init_with_password_ctx(context, + client_name, + password, + service_name, + realm_params, + struct_version, + api_version, server_handle); if(ret){ krb5_free_context(context); @@ -133,9 +143,9 @@ kadm5_s_init_with_password(const char *client_name, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_skey_ctx(krb5_context context, - const char *client_name, + const char *client_name, const char *keytab, const char *service_name, kadm5_config_params *realm_params, @@ -152,7 +162,7 @@ kadm5_s_init_with_skey_ctx(krb5_context context, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_skey(const char *client_name, const char *keytab, const char *service_name, @@ -168,13 +178,13 @@ kadm5_s_init_with_skey(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_s_init_with_skey_ctx(context, - client_name, - keytab, - service_name, - realm_params, - struct_version, - api_version, + ret = kadm5_s_init_with_skey_ctx(context, + client_name, + keytab, + service_name, + realm_params, + struct_version, + api_version, server_handle); if(ret){ krb5_free_context(context); @@ -185,7 +195,7 @@ kadm5_s_init_with_skey(const char *client_name, return 0; } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_creds_ctx(krb5_context context, const char *client_name, krb5_ccache ccache, @@ -204,7 +214,7 @@ kadm5_s_init_with_creds_ctx(krb5_context context, server_handle); } -kadm5_ret_t +kadm5_ret_t kadm5_s_init_with_creds(const char *client_name, krb5_ccache ccache, const char *service_name, @@ -220,13 +230,13 @@ kadm5_s_init_with_creds(const char *client_name, ret = krb5_init_context(&context); if (ret) return ret; - ret = kadm5_s_init_with_creds_ctx(context, - client_name, - ccache, - service_name, - realm_params, - struct_version, - api_version, + ret = kadm5_s_init_with_creds_ctx(context, + client_name, + ccache, + service_name, + realm_params, + struct_version, + api_version, server_handle); if(ret){ krb5_free_context(context); diff --git a/crypto/heimdal/lib/kadm5/iprop-commands.in b/crypto/heimdal/lib/kadm5/iprop-commands.in index 438594e01f5..78d88c9e36e 100644 --- a/crypto/heimdal/lib/kadm5/iprop-commands.in +++ b/crypto/heimdal/lib/kadm5/iprop-commands.in @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: iprop-commands.in 20602 2007-05-08 03:08:35Z lha $ */ +/* $Id$ */ command = { name = "dump" diff --git a/crypto/heimdal/lib/kadm5/iprop-log.8 b/crypto/heimdal/lib/kadm5/iprop-log.8 index 599046b93fc..7f84b0909d3 100644 --- a/crypto/heimdal/lib/kadm5/iprop-log.8 +++ b/crypto/heimdal/lib/kadm5/iprop-log.8 @@ -1,110 +1,98 @@ -.\" $Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $ -.\" -.\" Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan +.\" $Id$ +.\" +.\" Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" -.\" $Id: iprop-log.8 21713 2007-07-27 14:38:49Z lha $ +.\" $Id$ .\" .Dd February 18, 2007 .Dt IPROP-LOG 8 .Os Heimdal .Sh NAME .Nm iprop-log -.Nd -maintain the iprop log file +.Nd maintain the iprop log file .Sh SYNOPSIS .Nm -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl Fl version +.Op Fl h | Fl Fl help .Ar command .Pp .Nm iprop-log truncate .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Pp .Nm iprop-log dump .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Pp .Nm iprop-log replay -.Op Fl -start-version= Ns Ar version-number -.Op Fl -end-version= Ns Ar version-number +.Op Fl Fl start-version= Ns Ar version-number +.Op Fl Fl end-version= Ns Ar version-number .Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file +.Fl Fl config-file= Ns Ar file .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc -.Op Fl h | Fl -help +.Op Fl h | Fl Fl help .Sh DESCRIPTION Supported options: .Bl -tag -width Ds -.It Xo -.Fl -version -.Xc -.It Xo -.Fl h , -.Fl -help -.Xc +.It Fl Fl version +.It Fl h , Fl Fl help .El .Pp command can be one of the following: .Bl -tag -width truncate .It truncate .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp @@ -113,38 +101,27 @@ last entry of the old log. If the log is truncted by emptying the file, the log will start over at the first version (0). .It dump .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file .It Xo .Fl r Ar string , -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc realm .El .Pp -Print out all entires in the log to standard output. +Print out all entries in the log to standard output. .It replay .Bl -tag -width Ds -.It Xo -.Fl -start-version= Ns Ar version-number -.Xc +.It Fl Fl start-version= Ns Ar version-number start replay with this version .It Xo -.Fl -end-version= Ns Ar version-number +.Fl Fl end-version= Ns Ar version-number .Xc end replay with this version -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp @@ -152,15 +129,9 @@ Replay the changes from specified entries (or all if none is specified) in the transaction log to the database. .It last-version .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl Fl config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl Fl realm= Ns Ar string realm .El .Pp diff --git a/crypto/heimdal/lib/kadm5/iprop-log.c b/crypto/heimdal/lib/kadm5/iprop-log.c index 7b43076832c..b201de66d1f 100644 --- a/crypto/heimdal/lib/kadm5/iprop-log.c +++ b/crypto/heimdal/lib/kadm5/iprop-log.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" @@ -36,7 +36,7 @@ #include #include "iprop-commands.h" -RCSID("$Id: iprop-log.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); static krb5_context context; @@ -75,7 +75,7 @@ get_kadmin_context(const char *config_file, char *realm) KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -119,12 +119,12 @@ print_entry(kadm5_server_context *server_context, krb5_context scontext = server_context->context; off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len; - + krb5_error_code ret; strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp)); - if(op < kadm_get || op > kadm_nop) { + if((int)op < (int)kadm_get || (int)op > (int)kadm_nop) { printf("unknown op: %d\n", op); krb5_storage_seek(sp, end, SEEK_SET); return; @@ -184,7 +184,7 @@ print_entry(kadm5_server_context *server_context, if(ent.valid_end == NULL) { strlcpy(t, "never", sizeof(t)); } else { - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(ent.valid_end)); } printf(" expires = %s\n", t); @@ -193,7 +193,7 @@ print_entry(kadm5_server_context *server_context, if(ent.pw_end == NULL) { strlcpy(t, "never", sizeof(t)); } else { - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", + strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(ent.pw_end)); } printf(" password exp = %s\n", t); @@ -201,7 +201,7 @@ print_entry(kadm5_server_context *server_context, if(mask & KADM5_LAST_PWD_CHANGE) { } if(mask & KADM5_ATTRIBUTES) { - unparse_flags(HDBFlags2int(ent.flags), + unparse_flags(HDBFlags2int(ent.flags), asn1_HDBFlags_units(), t, sizeof(t)); printf(" attributes = %s\n", t); } @@ -271,7 +271,7 @@ iprop_dump(struct dump_options *opt, int argc, char **argv) kadm5_server_context *server_context; krb5_error_code ret; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_init (server_context); @@ -294,7 +294,7 @@ iprop_truncate(struct truncate_options *opt, int argc, char **argv) kadm5_server_context *server_context; krb5_error_code ret; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_truncate (server_context); @@ -311,7 +311,7 @@ last_version(struct last_version_options *opt, int argc, char **argv) krb5_error_code ret; uint32_t version; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = kadm5_log_init (server_context); @@ -344,14 +344,14 @@ apply_entry(kadm5_server_context *server_context, time_t timestamp, enum kadm_ops op, uint32_t len, - krb5_storage *sp, + krb5_storage *sp, void *ctx) { struct replay_options *opt = ctx; krb5_error_code ret; - if((opt->start_version_integer != -1 && ver < opt->start_version_integer) || - (opt->end_version_integer != -1 && ver > opt->end_version_integer)) { + if((opt->start_version_integer != -1 && ver < (uint32_t)opt->start_version_integer) || + (opt->end_version_integer != -1 && ver > (uint32_t)opt->end_version_integer)) { /* XXX skip this entry */ krb5_storage_seek(sp, len, SEEK_CUR); return; @@ -363,7 +363,7 @@ apply_entry(kadm5_server_context *server_context, op, ver, len, sp); if (ret) krb5_warn (server_context->context, ret, "kadm5_log_replay"); - + printf ("done\n"); } @@ -373,7 +373,7 @@ iprop_replay(struct replay_options *opt, int argc, char **argv) kadm5_server_context *server_context; krb5_error_code ret; - server_context = get_kadmin_context(opt->config_file_string, + server_context = get_kadmin_context(opt->config_file_string, opt->realm_string); ret = server_context->db->hdb_open(context, @@ -404,9 +404,9 @@ static int version_flag; static struct getargs args[] = { { "version", 0, arg_flag, &version_flag, - NULL, NULL - }, - { "help", 'h', arg_flag, &help_flag, + NULL, NULL + }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; @@ -426,8 +426,11 @@ help(void *opt, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + static char shelp[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = shelp; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/crypto/heimdal/lib/kadm5/iprop.8 b/crypto/heimdal/lib/kadm5/iprop.8 index d1e55cc6131..6be1f110c45 100644 --- a/crypto/heimdal/lib/kadm5/iprop.8 +++ b/crypto/heimdal/lib/kadm5/iprop.8 @@ -1,35 +1,35 @@ -.\" $Id: iprop.8 21940 2007-09-28 22:28:09Z lha $ -.\" -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" $Id$ +.\" +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. .\" .Dd May 24, 2005 .Dt IPROP 8 @@ -38,51 +38,49 @@ .Nm iprop , .Nm ipropd-master , .Nm ipropd-slave -.Nd -propagate changes to a Heimdal Kerberos master KDC to slave KDCs +.Nd propagate changes to a Heimdal Kerberos master KDC to slave KDCs .Sh SYNOPSIS .Nm ipropd-master .Oo Fl c Ar string \*(Ba Xo -.Fl -config-file= Ns Ar string +.Fl Fl config-file= Ns Ar string .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Ar file +.Fl Fl database= Ns Ar file .Xc .Oc -.Op Fl -slave-stats-file= Ns Ar file -.Op Fl -time-missing= Ns Ar time -.Op Fl -time-gone= Ns Ar time -.Op Fl -detach -.Op Fl -version -.Op Fl -help +.Op Fl Fl slave-stats-file= Ns Ar file +.Op Fl Fl time-missing= Ns Ar time +.Op Fl Fl time-gone= Ns Ar time +.Op Fl Fl detach +.Op Fl Fl version +.Op Fl Fl help .Nm ipropd-slave .Oo Fl c Ar string \*(Ba Xo -.Fl -config-file= Ns Ar string +.Fl Fl config-file= Ns Ar string .Xc .Oc .Oo Fl r Ar string \*(Ba Xo -.Fl -realm= Ns Ar string +.Fl Fl realm= Ns Ar string .Xc .Oc .Oo Fl k Ar kspec \*(Ba Xo -.Fl -keytab= Ns Ar kspec +.Fl Fl keytab= Ns Ar kspec .Xc .Oc -.Op Fl -time-lost= Ns Ar time -.Op Fl -detach -.Op Fl -version -.Op Fl -help +.Op Fl Fl time-lost= Ns Ar time +.Op Fl Fl detach +.Op Fl Fl version +.Op Fl Fl help .Ar master -.Pp .Sh DESCRIPTION .Nm ipropd-master is used to propagate changes to a Heimdal Kerberos database from the @@ -96,9 +94,9 @@ file in the KDC's database directory, e.g.\& .Pa /var/heimdal/slaves . This has principals one per-line of the form .Dl iprop/ Ns Ar slave Ns @ Ns Ar REALM -where -.Ar slave -is the hostname of the slave server in the given +where +.Ar slave +is the hostname of the slave server in the given .Ar REALM , e.g.\& .Dl iprop/kerberos-1.example.com@EXAMPLE.COM @@ -110,20 +108,23 @@ In contrast to .Xr hprop 8 , which sends the whole database to the slaves regularly, .Nm -normally sends only the changes as they happen on the master. The -master keeps track of all the changes by assigning a version number to -every change to the database. The slaves know which was the latest -version they saw, and in this way it can be determined if they are in -sync or not. A log of all the changes is kept on the master. When a -slave is at an older version than the oldest one in the log, the whole -database has to be sent. +normally sends only the changes as they happen on the master. +The master keeps track of all the changes by assigning a version +number to every change to the database. +The slaves know which was the latest version they saw, and in this +way it can be determined if they are in sync or not. +A log of all the changes is kept on the master. +When a slave is at an older version than the oldest one in the log, +the whole database has to be sent. .Pp The changes are propagated over a secure channel (on port 2121 by -default). This should normally be defined as +default). +This should normally be defined as .Dq iprop/tcp in .Pa /etc/services -or another source of the services database. The master and slaves +or another source of the services database. +The master and slaves must each have access to a keytab with keys for the .Nm iprop service principal on the local host. @@ -136,78 +137,37 @@ file (e.g.\& Supported options for .Nm ipropd-master : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl Fl config-file= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl Fl database= Ns Ar file Database (default per KDC) -.It Xo -.Fl -slave-stats-file= Ns Ar file -.Xc +.It Fl Fl slave-stats-file= Ns Ar file file for slave status information -.It Xo -.Fl -time-missing= Ns Ar time -.Xc +.It Fl Fl time-missing= Ns Ar time time before slave is polled for presence (default 2 min) -.It Xo -.Fl -time-gone= Ns Ar time -.Xc +.It Fl Fl time-gone= Ns Ar time time of inactivity after which a slave is considered gone (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl version +.It Fl Fl help .El .Pp Supported options for .Nm ipropd-slave : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl Fl config-file= Ns Ar string +.It Fl r Ar string , Fl Fl realm= Ns Ar string +.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl -time-lost= Ns Ar time -.Xc +.It Fl Fl time-lost= Ns Ar time time before server is considered lost (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl Fl detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl Fl version +.It Fl Fl help .El Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds. @@ -216,8 +176,8 @@ like 5 min, 300 s, or simply a number of seconds. .Pa slave-stats in the database directory. .Sh SEE ALSO -.Xr hpropd 8 , +.Xr krb5.conf 5 , .Xr hprop 8 , -.Xr krb5.conf 8 , -.Xr kdc 8 , -.Xr iprop-log 8 . +.Xr hpropd 8 , +.Xr iprop-log 8 , +.Xr kdc 8 . diff --git a/crypto/heimdal/lib/kadm5/iprop.h b/crypto/heimdal/lib/kadm5/iprop.h index beb54142f2b..32a80cec92e 100644 --- a/crypto/heimdal/lib/kadm5/iprop.h +++ b/crypto/heimdal/lib/kadm5/iprop.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1998-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: iprop.h 22211 2007-12-07 19:27:27Z lha $ */ +/* $Id$ */ #ifndef __IPROP_H__ #define __IPROP_H__ diff --git a/crypto/heimdal/lib/kadm5/ipropd_common.c b/crypto/heimdal/lib/kadm5/ipropd_common.c index e6561596d11..2e3d94107c9 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_common.c +++ b/crypto/heimdal/lib/kadm5/ipropd_common.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" @@ -63,7 +63,11 @@ setup_signal(void) #else signal(SIGINT, sigterm); signal(SIGTERM, sigterm); +#ifndef NO_SIGXCPU signal(SIGXCPU, sigterm); +#endif +#ifndef NO_SIGPIPE signal(SIGPIPE, SIG_IGN); #endif +#endif } diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c index bd8f71fd7b3..492bbadbd2c 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_master.c +++ b/crypto/heimdal/lib/kadm5/ipropd_master.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" #include -RCSID("$Id: ipropd_master.c 22211 2007-12-07 19:27:27Z lha $"); - static krb5_log_facility *log_facility; const char *slave_stats_file; @@ -47,12 +45,13 @@ static int time_before_gone; const char *master_hostname; -static int +static krb5_socket_t make_signal_socket (krb5_context context) { +#ifndef NO_UNIX_SOCKETS struct sockaddr_un addr; const char *fn; - int fd; + krb5_socket_t fd; fn = kadm5_log_signal_socket(context); @@ -66,25 +65,39 @@ make_signal_socket (krb5_context context) if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) krb5_err (context, 1, errno, "bind %s", addr.sun_path); return fd; +#else + struct addrinfo *ai = NULL; + krb5_socket_t fd; + + kadm5_log_signal_socket_info(context, 1, &ai); + + fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (rk_IS_BAD_SOCKET(fd)) + krb5_err (context, 1, rk_SOCK_ERRNO, "socket AF=%d", ai->ai_family); + + if (rk_IS_SOCKET_ERROR( bind (fd, ai->ai_addr, ai->ai_addrlen) )) + krb5_err (context, 1, rk_SOCK_ERRNO, "bind"); + return fd; +#endif } -static int +static krb5_socket_t make_listen_socket (krb5_context context, const char *port_str) { - int fd; + krb5_socket_t fd; int one = 1; struct sockaddr_in addr; fd = socket (AF_INET, SOCK_STREAM, 0); - if (fd < 0) - krb5_err (context, 1, errno, "socket AF_INET"); + if (rk_IS_BAD_SOCKET(fd)) + krb5_err (context, 1, rk_SOCK_ERRNO, "socket AF_INET"); setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)); memset (&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; if (port_str) { addr.sin_port = krb5_getportbyname (context, - port_str, "tcp", + port_str, "tcp", 0); if (addr.sin_port == 0) { char *ptr; @@ -96,7 +109,7 @@ make_listen_socket (krb5_context context, const char *port_str) addr.sin_port = htons(port); } } else { - addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, + addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, "tcp", IPROP_PORT); } if(bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) @@ -107,7 +120,7 @@ make_listen_socket (krb5_context context, const char *port_str) } struct slave { - int fd; + krb5_socket_t fd; struct sockaddr_in addr; char *name; krb5_auth_context ac; @@ -128,9 +141,11 @@ check_acl (krb5_context context, const char *name) FILE *fp; char buf[256]; int ret = 1; - char *slavefile; + char *slavefile = NULL; - asprintf(&slavefile, "%s/slaves", hdb_db_dir(context)); + if (asprintf(&slavefile, "%s/slaves", hdb_db_dir(context)) == -1 + || slavefile == NULL) + errx(1, "out of memory"); fn = krb5_config_get_string_default(context, NULL, @@ -182,9 +197,9 @@ slave_dead(krb5_context context, slave *s) { krb5_warnx(context, "slave %s dead", s->name); - if (s->fd >= 0) { - close (s->fd); - s->fd = -1; + if (!rk_IS_BAD_SOCKET(s->fd)) { + rk_closesocket (s->fd); + s->fd = rk_INVALID_SOCKET; } s->flags |= SLAVE_F_DEAD; slave_seen(s); @@ -195,8 +210,8 @@ remove_slave (krb5_context context, slave *s, slave **root) { slave **p; - if (s->fd >= 0) - close (s->fd); + if (!rk_IS_BAD_SOCKET(s->fd)) + rk_closesocket (s->fd); if (s->name) free (s->name); if (s->ac) @@ -211,7 +226,8 @@ remove_slave (krb5_context context, slave *s, slave **root) } static void -add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) +add_slave (krb5_context context, krb5_keytab keytab, slave **root, + krb5_socket_t fd) { krb5_principal server; krb5_error_code ret; @@ -230,8 +246,8 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) addr_len = sizeof(s->addr); s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len); - if (s->fd < 0) { - krb5_warn (context, errno, "accept"); + if (rk_IS_BAD_SOCKET(s->fd)) { + krb5_warn (context, rk_SOCK_ERRNO, "accept"); goto error; } if (master_hostname) @@ -254,6 +270,7 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) goto error; } ret = krb5_unparse_name (context, ticket->client, &s->name); + krb5_free_ticket (context, ticket); if (ret) { krb5_warn (context, ret, "krb5_unparse_name"); goto error; @@ -262,8 +279,6 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd) krb5_warnx (context, "%s not in acl", s->name); goto error; } - krb5_free_ticket (context, ticket); - ticket = NULL; { slave *l = *root; @@ -297,7 +312,7 @@ error: struct prop_context { krb5_auth_context auth_context; - int fd; + krb5_socket_t fd; }; static int @@ -364,7 +379,7 @@ send_complete (krb5_context context, slave *s, return ret; } - ret = hdb_foreach (context, db, 0, prop_one, s); + ret = hdb_foreach (context, db, HDB_F_ADMIN_DATA, prop_one, s); if (ret) { krb5_warn (context, ret, "hdb_foreach"); slave_dead(context, s); @@ -408,6 +423,8 @@ send_are_you_there (krb5_context context, slave *s) if (s->flags & (SLAVE_F_DEAD|SLAVE_F_AYT)) return 0; + krb5_warnx(context, "slave %s missing, sending AYT", s->name); + s->flags |= SLAVE_F_AYT; data.data = buf; @@ -467,7 +484,7 @@ send_diffs (krb5_context context, slave *s, int log_fd, for (;;) { ret = kadm5_log_previous (context, sp, &ver, ×tamp, &op, &len); if (ret) - krb5_err(context, 1, ret, + krb5_err(context, 1, ret, "send_diffs: failed to find previous entry"); left = krb5_storage_seek(sp, -16, SEEK_CUR); if (ver == s->version) @@ -475,6 +492,7 @@ send_diffs (krb5_context context, slave *s, int log_fd, if (ver == s->version + 1) break; if (left == 0) { + krb5_storage_free(sp); krb5_warnx(context, "slave %s (version %lu) out of sync with master " "(first version in log %lu), sending complete database", @@ -490,6 +508,7 @@ send_diffs (krb5_context context, slave *s, int log_fd, ret = krb5_data_alloc (&data, right - left + 4); if (ret) { + krb5_storage_free(sp); krb5_warn (context, ret, "send_diffs: krb5_data_alloc"); slave_dead(context, s); return 1; @@ -556,14 +575,15 @@ process_msg (krb5_context context, slave *s, int log_fd, } /* new started slave that have old log */ if (s->version == 0 && tmp != 0) { - if (s->version < tmp) { - krb5_warnx (context, "Slave %s have later version the master " - "OUT OF SYNC", s->name); - } else { - s->version = tmp; + if (current_version < (uint32_t)tmp) { + krb5_warnx (context, "Slave %s (version %lu) have later version " + "the master (version %lu) OUT OF SYNC", + s->name, (unsigned long)tmp, + (unsigned long)current_version); } + s->version = tmp; } - if (tmp < s->version) { + if ((uint32_t)tmp < s->version) { krb5_warnx (context, "Slave claims to not have " "version we already sent to it"); } else { @@ -580,6 +600,7 @@ process_msg (krb5_context context, slave *s, int log_fd, } krb5_data_free (&out); + krb5_storage_free (sp); slave_seen(s); @@ -627,7 +648,7 @@ write_master_down(krb5_context context) fp = open_stats(context); if (fp == NULL) return; - krb5_format_time(context, t, str, sizeof(str), TRUE); + krb5_format_time(context, t, str, sizeof(str), TRUE); fprintf(fp, "master down at %s\n", str); fclose(fp); @@ -645,7 +666,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) if (fp == NULL) return; - krb5_format_time(context, t, str, sizeof(str), TRUE); + krb5_format_time(context, t, str, sizeof(str), TRUE); fprintf(fp, "Status for slaves, last updated: %s\n\n", str); fprintf(fp, "Master version: %lu\n\n", (unsigned long)current_version); @@ -669,7 +690,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) krb5_address addr; krb5_error_code ret; rtbl_add_column_entry(tbl, SLAVE_NAME, slaves->name); - ret = krb5_sockaddr2address (context, + ret = krb5_sockaddr2address (context, (struct sockaddr*)&slaves->addr, &addr); if(ret == 0) { krb5_print_address(&addr, str, sizeof(str), NULL); @@ -677,7 +698,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) rtbl_add_column_entry(tbl, SLAVE_ADDRESS, str); } else rtbl_add_column_entry(tbl, SLAVE_ADDRESS, ""); - + snprintf(str, sizeof(str), "%u", (unsigned)slaves->version); rtbl_add_column_entry(tbl, SLAVE_VERSION, str); @@ -686,7 +707,7 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) else rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up"); - ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE); + ret = krb5_format_time(context, slaves->seen, str, sizeof(str), TRUE); rtbl_add_column_entry(tbl, SLAVE_SEEN, str); slaves = slaves->next; @@ -699,35 +720,40 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) } +static char sHDB[] = "HDB:"; static char *realm; static int version_flag; static int help_flag; -static char *keytab_str = "HDB:"; +static char *keytab_str = sHDB; static char *database; static char *config_file; static char *port_str; +#ifdef SUPPORT_DETACH static int detach_from_console = 0; +#endif static struct getargs args[] = { - { "config-file", 'c', arg_string, &config_file }, - { "realm", 'r', arg_string, &realm }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, + { "realm", 'r', arg_string, &realm, NULL, NULL }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "database", 'd', arg_string, &database, "database", "file"}, - { "slave-stats-file", 0, arg_string, &slave_stats_file, + { "slave-stats-file", 0, arg_string, rk_UNCONST(&slave_stats_file), "file for slave status information", "file"}, - { "time-missing", 0, arg_string, &slave_time_missing, + { "time-missing", 0, arg_string, rk_UNCONST(&slave_time_missing), "time before slave is polled for presence", "time"}, - { "time-gone", 0, arg_string, &slave_time_gone, + { "time-gone", 0, arg_string, rk_UNCONST(&slave_time_gone), "time of inactivity after which a slave is considered gone", "time"}, { "port", 0, arg_string, &port_str, "port ipropd will listen to", "port"}, - { "detach", 0, arg_flag, &detach_from_console, - "detach from console" }, - { "hostname", 0, arg_string, &master_hostname, +#ifdef SUPPORT_DETACH + { "detach", 0, arg_flag, &detach_from_console, + "detach from console", NULL }, +#endif + { "hostname", 0, arg_string, rk_UNCONST(&master_hostname), "hostname of master (if not same as hostname)", "hostname" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -739,16 +765,16 @@ main(int argc, char **argv) void *kadm_handle; kadm5_server_context *server_context; kadm5_config_params conf; - int signal_fd, listen_fd; + krb5_socket_t signal_fd, listen_fd; int log_fd; slave *slaves = NULL; uint32_t current_version = 0, old_version = 0; krb5_keytab keytab; int optidx; char **files; - + optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag) { @@ -780,8 +806,10 @@ main(int argc, char **argv) if (time_before_missing < 0) krb5_errx (context, 1, "couldn't parse time: %s", slave_time_missing); +#ifdef SUPPORT_DETACH if (detach_from_console) daemon(0, 0); +#endif pidfile (NULL); krb5_openlog (context, "ipropd-master", &log_facility); krb5_set_warn_dest(context, log_facility); @@ -793,7 +821,7 @@ main(int argc, char **argv) ret = krb5_kt_resolve(context, keytab_str, &keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_resolve: %s", keytab_str); - + memset(&conf, 0, sizeof(conf)); if(realm) { conf.mask |= KADM5_CONFIG_REALM; @@ -803,7 +831,7 @@ main(int argc, char **argv) KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -820,7 +848,7 @@ main(int argc, char **argv) kadm5_log_get_version_fd (log_fd, ¤t_version); - krb5_warnx(context, "ipropd-master started at version: %lu", + krb5_warnx(context, "ipropd-master started at version: %lu", (unsigned long)current_version); while(exit_flag == 0){ @@ -830,8 +858,10 @@ main(int argc, char **argv) struct timeval to = {30, 0}; uint32_t vers; +#ifndef NO_LIMIT_FD_SETSIZE if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE) krb5_errx (context, 1, "fd too large"); +#endif FD_ZERO(&readset); FD_SET(signal_fd, &readset); @@ -860,7 +890,7 @@ main(int argc, char **argv) kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) { - krb5_warnx(context, + krb5_warnx(context, "Missed a signal, updating slaves %lu to %lu", (unsigned long)old_version, (unsigned long)current_version); @@ -873,7 +903,11 @@ main(int argc, char **argv) } if (ret && FD_ISSET(signal_fd, &readset)) { +#ifndef NO_UNIX_SOCKETS struct sockaddr_un peer_addr; +#else + struct sockaddr_storage peer_addr; +#endif socklen_t peer_len = sizeof(peer_addr); if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0, @@ -886,14 +920,17 @@ main(int argc, char **argv) old_version = current_version; kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) { - krb5_warnx(context, + krb5_warnx(context, "Got a signal, updating slaves %lu to %lu", (unsigned long)old_version, (unsigned long)current_version); - for (p = slaves; p != NULL; p = p->next) + for (p = slaves; p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; send_diffs (context, p, log_fd, database, current_version); + } } else { - krb5_warnx(context, + krb5_warnx(context, "Got a signal, but no update in log version %lu", (unsigned long)current_version); } @@ -909,10 +946,8 @@ main(int argc, char **argv) slave_dead(context, p); } else if (slave_gone_p (p)) slave_dead(context, p); - else if (slave_missing_p (p)) { - krb5_warnx(context, "slave %s missing, sending AYT", p->name); + else if (slave_missing_p (p)) send_are_you_there (context, p); - } } if (ret && FD_ISSET(listen_fd, &readset)) { @@ -923,13 +958,15 @@ main(int argc, char **argv) write_stats(context, slaves, current_version); } - if(exit_flag == SIGXCPU) - krb5_warnx(context, "%s CPU time limit exceeded", getprogname()); - else if(exit_flag == SIGINT || exit_flag == SIGTERM) + if(exit_flag == SIGINT || exit_flag == SIGTERM) krb5_warnx(context, "%s terminated", getprogname()); +#ifdef SIGXCPU + else if(exit_flag == SIGXCPU) + krb5_warnx(context, "%s CPU time limit exceeded", getprogname()); +#endif else - krb5_warnx(context, "%s unexpected exit reason: %d", - getprogname(), exit_flag); + krb5_warnx(context, "%s unexpected exit reason: %ld", + getprogname(), (long)exit_flag); write_master_down(context); diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c index 482a3f7a409..38e9a7b7108 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_slave.c +++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c @@ -1,42 +1,45 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "iprop.h" -RCSID("$Id: ipropd_slave.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); + +static const char *config_name = "ipropd-slave"; static krb5_log_facility *log_facility; -static char *server_time_lost = "5 min"; +static char five_min[] = "5 min"; +static char *server_time_lost = five_min; static int time_before_lost; const char *slave_str = NULL; @@ -44,39 +47,53 @@ static int connect_to_master (krb5_context context, const char *master, const char *port_str) { - int fd; - struct sockaddr_in addr; - struct hostent *he; + char port[NI_MAXSERV]; + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; + int s = -1; - fd = socket (AF_INET, SOCK_STREAM, 0); - if (fd < 0) - krb5_err (context, 1, errno, "socket AF_INET"); - memset (&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - if (port_str) { - addr.sin_port = krb5_getportbyname (context, - port_str, "tcp", - 0); - if (addr.sin_port == 0) { - char *ptr; - long port; - - port = strtol (port_str, &ptr, 10); - if (port == 0 && ptr == port_str) - krb5_errx (context, 1, "bad port `%s'", port_str); - addr.sin_port = htons(port); - } - } else { - addr.sin_port = krb5_getportbyname (context, IPROP_SERVICE, - "tcp", IPROP_PORT); + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + + if (port_str == NULL) { + snprintf(port, sizeof(port), "%u", IPROP_PORT); + port_str = port; } - he = roken_gethostbyname (master); - if (he == NULL) - krb5_errx (context, 1, "gethostbyname: %s", hstrerror(h_errno)); - memcpy (&addr.sin_addr, he->h_addr, sizeof(addr.sin_addr)); - if(connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) - krb5_err (context, 1, errno, "connect"); - return fd; + + error = getaddrinfo (master, port_str, &hints, &ai); + if (error) { + krb5_warnx(context, "Failed to get address of to %s: %s", + master, gai_strerror(error)); + return -1; + } + + for (a = ai; a != NULL; a = a->ai_next) { + char node[NI_MAXHOST]; + error = getnameinfo(a->ai_addr, a->ai_addrlen, + node, sizeof(node), NULL, 0, NI_NUMERICHOST); + if (error) + strlcpy(node, "[unknown-addr]", sizeof(node)); + + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + krb5_warn(context, errno, "connection failed to %s[%s]", + master, node); + close (s); + continue; + } + krb5_warnx(context, "connection successful " + "to master: %s[%s]", master, node); + break; + } + freeaddrinfo (ai); + + if (a == NULL) + return -1; + + return s; } static void @@ -90,7 +107,7 @@ get_creds(krb5_context context, const char *keytab_str, krb5_creds creds; char *server; char keytab_buf[256]; - + if (keytab_str == NULL) { ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)); if (ret) @@ -101,7 +118,7 @@ get_creds(krb5_context context, const char *keytab_str, ret = krb5_kt_resolve(context, keytab_str, &keytab); if(ret) krb5_err(context, 1, ret, "%s", keytab_str); - + ret = krb5_sname_to_principal (context, slave_str, IPROP_NAME, KRB5_NT_SRV_HST, &client); @@ -119,21 +136,24 @@ get_creds(krb5_context context, const char *keytab_str, free (server); krb5_get_init_creds_opt_free(context, init_opts); if(ret) krb5_err(context, 1, ret, "krb5_get_init_creds"); - + ret = krb5_kt_close(context, keytab); if(ret) krb5_err(context, 1, ret, "krb5_kt_close"); - - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, cache); - if(ret) krb5_err(context, 1, ret, "krb5_cc_gen_new"); + + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, cache); + if(ret) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_initialize(context, *cache, client); if(ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); ret = krb5_cc_store_cred(context, *cache, &creds); if(ret) krb5_err(context, 1, ret, "krb5_cc_store_cred"); + + krb5_free_cred_contents(context, &creds); + krb5_free_principal(context, client); } -static void +static krb5_error_code ihave (krb5_context context, krb5_auth_context auth_context, int fd, uint32_t version) { @@ -148,10 +168,11 @@ ihave (krb5_context context, krb5_auth_context auth_context, krb5_storage_free (sp); data.length = 8; data.data = buf; - + ret = krb5_write_priv_message(context, auth_context, &fd, &data); if (ret) - krb5_err (context, 1, ret, "krb5_write_priv_message"); + krb5_warn (context, ret, "krb5_write_message"); + return ret; } static void @@ -178,9 +199,9 @@ receive_loop (krb5_context context, krb5_ret_int32 (sp, &tmp); op = tmp; krb5_ret_int32 (sp, &len); - if (vers <= server_context->log_context.version) + if ((uint32_t)vers <= server_context->log_context.version) krb5_storage_seek(sp, len + 8, SEEK_CUR); - } while(vers <= server_context->log_context.version); + } while((uint32_t)vers <= server_context->log_context.version); /* * Read up rest of the entires into the memory... @@ -226,8 +247,8 @@ receive_loop (krb5_context context, if (ret) krb5_errx(context, 1, "entry %ld: too short", (long)vers); if (len < 0) krb5_errx(context, 1, "log is corrupted, " - "negative length of entry version %ld: %ld", - (long)vers, (long)len); + "negative length of entry version %ld: %ld", + (long)vers, (long)len); cur = krb5_storage_seek(sp, 0, SEEK_CUR); krb5_warnx (context, "replaying entry %d", (int)vers); @@ -235,22 +256,22 @@ receive_loop (krb5_context context, ret = kadm5_log_replay (server_context, op, vers, len, sp); if (ret) { - char *s = krb5_get_error_message(server_context->context, ret); + const char *s = krb5_get_error_message(server_context->context, ret); krb5_warnx (context, - "kadm5_log_replay: %ld. Lost entry entry, " - "Database out of sync ?: %s (%d)", + "kadm5_log_replay: %ld. Lost entry entry, " + "Database out of sync ?: %s (%d)", (long)vers, s ? s : "unknown error", ret); - krb5_xfree(s); + krb5_free_error_message(context, s); } { - /* + /* * Make sure the krb5_log_replay does the right thing wrt * reading out data from the sp. */ cur2 = krb5_storage_seek(sp, 0, SEEK_CUR); if (cur + len != cur2) - krb5_errx(context, 1, + krb5_errx(context, 1, "kadm5_log_reply version: %ld didn't read the whole entry", (long)vers); } @@ -318,20 +339,20 @@ send_im_here (krb5_context context, int fd, krb5_err (context, 1, ret, "krb5_write_priv_message"); } -static void +static krb5_error_code receive_everything (krb5_context context, int fd, kadm5_server_context *server_context, krb5_auth_context auth_context) { int ret; krb5_data data; - int32_t vno; + int32_t vno = 0; int32_t opcode; krb5_storage *sp; char *dbname; HDB *mydb; - + krb5_warnx(context, "receive complete database"); asprintf(&dbname, "%s-NEW", server_context->db->hdb_name); @@ -339,12 +360,12 @@ receive_everything (krb5_context context, int fd, if(ret) krb5_err(context,1, ret, "hdb_create"); free(dbname); - + ret = hdb_set_master_keyfile (context, mydb, server_context->config.stash_file); if(ret) krb5_err(context,1, ret, "hdb_set_master_keyfile"); - + /* I really want to use O_EXCL here, but given that I can't easily clean up on error, I won't */ ret = mydb->hdb_open(context, mydb, O_RDWR | O_CREAT | O_TRUNC, 0600); @@ -355,8 +376,10 @@ receive_everything (krb5_context context, int fd, do { ret = krb5_read_priv_message(context, auth_context, &fd, &data); - if (ret) - krb5_err (context, 1, ret, "krb5_read_priv_message"); + if (ret) { + krb5_warn (context, ret, "krb5_read_priv_message"); + goto cleanup; + } sp = krb5_storage_from_data (&data); if (sp == NULL) @@ -408,12 +431,13 @@ receive_everything (krb5_context context, int fd, if (ret) krb5_err (context, 1, ret, "kadm5_log_nop"); - krb5_data_free (&data); - ret = mydb->hdb_rename (context, mydb, server_context->db->hdb_name); if (ret) krb5_err (context, 1, ret, "db->rename"); + cleanup: + krb5_data_free (&data); + ret = mydb->hdb_close (context, mydb); if (ret) krb5_err (context, 1, ret, "db->close"); @@ -423,6 +447,7 @@ receive_everything (krb5_context context, int fd, krb5_err (context, 1, ret, "db->destroy"); krb5_warnx(context, "receive complete database, version %ld", (long)vno); + return ret; } static char *config_file; @@ -431,27 +456,38 @@ static int version_flag; static int help_flag; static char *keytab_str; static char *port_str; +#ifdef SUPPORT_DETACH static int detach_from_console = 0; +#endif static struct getargs args[] = { - { "config-file", 'c', arg_string, &config_file }, - { "realm", 'r', arg_string, &realm }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, + { "realm", 'r', arg_string, &realm, NULL, NULL }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "time-lost", 0, arg_string, &server_time_lost, "time before server is considered lost", "time" }, { "port", 0, arg_string, &port_str, "port ipropd-slave will connect to", "port"}, - { "detach", 0, arg_flag, &detach_from_console, - "detach from console" }, - { "hostname", 0, arg_string, &slave_str, +#ifdef SUPPORT_DETACH + { "detach", 0, arg_flag, &detach_from_console, + "detach from console", NULL }, +#endif + { "hostname", 0, arg_string, rk_UNCONST(&slave_str), "hostname of slave (if not same as hostname)", "hostname" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); +static void +usage(int status) +{ + arg_printusage(args, num_args, NULL, "master"); + exit(status); +} + int main(int argc, char **argv) { @@ -465,24 +501,36 @@ main(int argc, char **argv) krb5_ccache ccache; krb5_principal server; char **files; - int optidx; + int optidx = 0; + time_t reconnect_min; + time_t backoff; + time_t reconnect_max; + time_t reconnect; + time_t before = 0; const char *master; - - optidx = krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + + setprogname(argv[0]); + + if(getarg(args, num_args, argc, argv, &optidx)) + usage(1); + if(help_flag) - krb5_std_usage(0, args, num_args); + usage(0); if(version_flag) { print_version(NULL); exit(0); } + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + setup_signal(); if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + if (asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)) == -1 + || config_file == NULL) errx(1, "out of memory"); } @@ -499,12 +547,14 @@ main(int argc, char **argv) argv += optidx; if (argc != 1) - krb5_std_usage(1, args, num_args); + usage(1); master = argv[0]; +#ifdef SUPPORT_DETACH if (detach_from_console) daemon(0, 0); +#endif pidfile (NULL); krb5_openlog (context, "ipropd-slave", &log_facility); krb5_set_warn_dest(context, log_facility); @@ -526,7 +576,7 @@ main(int argc, char **argv) KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, - &conf, 0, 0, + &conf, 0, 0, &kadm_handle); if (ret) krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); @@ -539,94 +589,160 @@ main(int argc, char **argv) get_creds(context, keytab_str, &ccache, master); - master_fd = connect_to_master (context, master, port_str); - ret = krb5_sname_to_principal (context, master, IPROP_NAME, KRB5_NT_SRV_HST, &server); if (ret) krb5_err (context, 1, ret, "krb5_sname_to_principal"); auth_context = NULL; - ret = krb5_sendauth (context, &auth_context, &master_fd, - IPROP_VERSION, NULL, server, - AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, - ccache, NULL, NULL, NULL); - if (ret) - krb5_err (context, 1, ret, "krb5_sendauth"); + master_fd = -1; - krb5_warnx(context, "ipropd-slave started at version: %ld", - (long)server_context->log_context.version); + krb5_appdefault_time(context, config_name, NULL, "reconnect-min", + 10, &reconnect_min); + krb5_appdefault_time(context, config_name, NULL, "reconnect-max", + 300, &reconnect_max); + krb5_appdefault_time(context, config_name, NULL, "reconnect-backoff", + 10, &backoff); + reconnect = reconnect_min; - ihave (context, auth_context, master_fd, - server_context->log_context.version); + while (!exit_flag) { + time_t now, elapsed; + int connected = FALSE; - while (exit_flag == 0) { - krb5_data out; - krb5_storage *sp; - int32_t tmp; - fd_set readset; - struct timeval to; + now = time(NULL); + elapsed = now - before; - if (master_fd >= FD_SETSIZE) - krb5_errx (context, 1, "fd too large"); - - FD_ZERO(&readset); - FD_SET(master_fd, &readset); - - to.tv_sec = time_before_lost; - to.tv_usec = 0; - - ret = select (master_fd + 1, - &readset, NULL, NULL, &to); - if (ret < 0) { - if (errno == EINTR) - continue; - else - krb5_err (context, 1, errno, "select"); + if (elapsed < reconnect) { + time_t left = reconnect - elapsed; + krb5_warnx(context, "sleeping %d seconds before " + "retrying to connect", (int)left); + sleep(left); } - if (ret == 0) - krb5_errx (context, 1, "server didn't send a message " - "in %d seconds", time_before_lost); + before = now; - ret = krb5_read_priv_message(context, auth_context, &master_fd, &out); + master_fd = connect_to_master (context, master, port_str); + if (master_fd < 0) + goto retry; + reconnect = reconnect_min; + + if (auth_context) { + krb5_auth_con_free(context, auth_context); + auth_context = NULL; + krb5_cc_destroy(context, ccache); + get_creds(context, keytab_str, &ccache, master); + } + ret = krb5_sendauth (context, &auth_context, &master_fd, + IPROP_VERSION, NULL, server, + AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, + ccache, NULL, NULL, NULL); + if (ret) { + krb5_warn (context, ret, "krb5_sendauth"); + goto retry; + } + + krb5_warnx(context, "ipropd-slave started at version: %ld", + (long)server_context->log_context.version); + + ret = ihave (context, auth_context, master_fd, + server_context->log_context.version); if (ret) - krb5_err (context, 1, ret, "krb5_read_priv_message"); + goto retry; + + connected = TRUE; + + while (connected && !exit_flag) { + krb5_data out; + krb5_storage *sp; + int32_t tmp; + fd_set readset; + struct timeval to; + +#ifndef NO_LIMIT_FD_SETSIZE + if (master_fd >= FD_SETSIZE) + krb5_errx (context, 1, "fd too large"); +#endif + + FD_ZERO(&readset); + FD_SET(master_fd, &readset); + + to.tv_sec = time_before_lost; + to.tv_usec = 0; + + ret = select (master_fd + 1, + &readset, NULL, NULL, &to); + if (ret < 0) { + if (errno == EINTR) + continue; + else + krb5_err (context, 1, errno, "select"); + } + if (ret == 0) + krb5_errx (context, 1, "server didn't send a message " + "in %d seconds", time_before_lost); + + ret = krb5_read_priv_message(context, auth_context, &master_fd, &out); + if (ret) { + krb5_warn (context, ret, "krb5_read_priv_message"); + connected = FALSE; + continue; + } + + sp = krb5_storage_from_mem (out.data, out.length); + krb5_ret_int32 (sp, &tmp); + switch (tmp) { + case FOR_YOU : + receive (context, sp, server_context); + ret = ihave (context, auth_context, master_fd, + server_context->log_context.version); + if (ret) + connected = FALSE; + break; + case TELL_YOU_EVERYTHING : + ret = receive_everything (context, master_fd, server_context, + auth_context); + if (ret) + connected = FALSE; + break; + case ARE_YOU_THERE : + send_im_here (context, master_fd, auth_context); + break; + case NOW_YOU_HAVE : + case I_HAVE : + case ONE_PRINC : + case I_AM_HERE : + default : + krb5_warnx (context, "Ignoring command %d", tmp); + break; + } + krb5_storage_free (sp); + krb5_data_free (&out); - sp = krb5_storage_from_mem (out.data, out.length); - krb5_ret_int32 (sp, &tmp); - switch (tmp) { - case FOR_YOU : - receive (context, sp, server_context); - ihave (context, auth_context, master_fd, - server_context->log_context.version); - break; - case TELL_YOU_EVERYTHING : - receive_everything (context, master_fd, server_context, - auth_context); - break; - case ARE_YOU_THERE : - send_im_here (context, master_fd, auth_context); - break; - case NOW_YOU_HAVE : - case I_HAVE : - case ONE_PRINC : - case I_AM_HERE : - default : - krb5_warnx (context, "Ignoring command %d", tmp); - break; } - krb5_storage_free (sp); - krb5_data_free (&out); + retry: + if (connected == FALSE) + krb5_warnx (context, "disconnected for server"); + if (exit_flag) + krb5_warnx (context, "got an exit signal"); + + if (master_fd >= 0) + close(master_fd); + + reconnect += backoff; + if (reconnect > reconnect_max) + reconnect = reconnect_max; } - - if(exit_flag == SIGXCPU) + + if (0); +#ifndef NO_SIGXCPU + else if(exit_flag == SIGXCPU) krb5_warnx(context, "%s CPU time limit exceeded", getprogname()); +#endif else if(exit_flag == SIGINT || exit_flag == SIGTERM) krb5_warnx(context, "%s terminated", getprogname()); else - krb5_warnx(context, "%s unexpected exit reason: %d", - getprogname(), exit_flag); + krb5_warnx(context, "%s unexpected exit reason: %ld", + getprogname(), (long)exit_flag); return 0; } diff --git a/crypto/heimdal/lib/kadm5/kadm5-private.h b/crypto/heimdal/lib/kadm5/kadm5-private.h index 56b2b3252d8..ab8d694dda7 100644 --- a/crypto/heimdal/lib/kadm5/kadm5-private.h +++ b/crypto/heimdal/lib/kadm5/kadm5-private.h @@ -45,19 +45,19 @@ _kadm5_client_send ( kadm5_client_context */*context*/, krb5_storage */*sp*/); -int -_kadm5_cmp_keys ( - Key */*keys1*/, - int /*len1*/, - Key */*keys2*/, - int /*len2*/); - kadm5_ret_t _kadm5_connect (void */*handle*/); kadm5_ret_t _kadm5_error_code (kadm5_ret_t /*code*/); +int +_kadm5_exists_keys ( + Key */*keys1*/, + int /*len1*/, + Key */*keys2*/, + int /*len2*/); + void _kadm5_free_keys ( krb5_context /*context*/, @@ -353,6 +353,12 @@ kadm5_log_set_version ( const char * kadm5_log_signal_socket (krb5_context /*context*/); +kadm5_ret_t +kadm5_log_signal_socket_info ( + krb5_context /*context*/, + int /*server_end*/, + struct addrinfo **/*ret_addrs*/); + kadm5_ret_t kadm5_log_truncate (kadm5_server_context */*server_context*/); diff --git a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h b/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h index 96f3f1849f2..70cbae51f95 100644 --- a/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h +++ b/crypto/heimdal/lib/kadm5/kadm5-pwcheck.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kadm5-pwcheck.h 15489 2005-06-17 06:45:52Z lha $ */ +/* $Id$ */ #ifndef KADM5_PWCHECK_H #define KADM5_PWCHECK_H 1 @@ -44,7 +44,7 @@ typedef const char* (*kadm5_passwd_quality_check_func_v0)(krb5_context, krb5_principal, krb5_data*); -/* +/* * The 4th argument, is a tuning parameter for the quality check * function, the lib/caller will providing it for the password quality * module. diff --git a/crypto/heimdal/lib/kadm5/kadm5_err.et b/crypto/heimdal/lib/kadm5/kadm5_err.et index 1ac624a9ef9..ae7847275c5 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_err.et +++ b/crypto/heimdal/lib/kadm5/kadm5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: kadm5_err.et 16683 2006-02-02 13:11:47Z lha $" +id "$Id$" error_table ovk kadm5 diff --git a/crypto/heimdal/lib/kadm5/kadm5_locl.h b/crypto/heimdal/lib/kadm5/kadm5_locl.h index c79e6442f1f..68b6a5ebf02 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_locl.h +++ b/crypto/heimdal/lib/kadm5/kadm5_locl.h @@ -1,44 +1,43 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: kadm5_locl.h 8579 2000-07-08 11:57:40Z assar $ */ +/* $Id$ */ #ifndef __KADM5_LOCL_H__ #define __KADM5_LOCL_H__ -#ifdef HAVE_CONFIG_H #include -#endif +#include #include #include @@ -78,7 +77,6 @@ #include "kadm5_err.h" #include #include -#include #include #include "private.h" diff --git a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 b/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 index ee045c9e773..5174d9b9283 100644 --- a/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 +++ b/crypto/heimdal/lib/kadm5/kadm5_pwcheck.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: kadm5_pwcheck.3 15237 2005-05-25 13:16:27Z lha $ +.\" $Id$ .\" .Dd February 29, 2004 .Dt KADM5_PWCHECK 3 @@ -77,16 +77,17 @@ library. .Pp There are two versions of the shared object API; the old version (0) is deprecated, but still supported. The new version (1) supports -multiple password quality checking modules in the same shared object. +multiple password quality checking policies in the same shared object. See below for details. .Pp -The password quality checker will run over all tests that are -configured by the user. +The password quality checker will run all policies that are +configured by the user. If any policy rejects the password, the password +will be rejected. .Pp -Module names are of the form -.Ql vendor:test-name -or, if the the test name is unique enough, just -.Ql test-name . +Policy names are of the form +.Ql module-name:policy-name +or, if the the policy name is unique enough, just +.Ql policy-name . .Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT (This refers to the version 1 API only.) .Pp @@ -101,10 +102,16 @@ Its .Ft name and .Ft vendor -fields should be contain the obvious information and +fields should contain the obvious information. +.Ft name +must match the +.Ql module-name +portion of the policy name (the part before the colon), if the policy name +contains a colon, or the policy will not be run. .Ft version should be .Dv KADM5_PASSWD_VERSION_V1 . +.Pp .Ft funcs contains an array of .Ft "struct kadm5_pw_policy_check_func" @@ -113,8 +120,14 @@ structures that is terminated with an entry whose component is .Dv NULL . The +.Ft name +field of the array must match the +.Ql policy-name +portion of a policy name (the part after the colon, or the complete policy +name if there is no colon) specified by the user or the policy will not be +run. The .Ft func -Fields of the array elements are functions that are exported by the +fields of the array elements are functions that are exported by the module to be called to check the password. They get the following arguments: the Kerberos context, principal, password, a tuning parameter, and a pointer to a message buffer and its length. The tuning parameter diff --git a/crypto/heimdal/lib/kadm5/keys.c b/crypto/heimdal/lib/kadm5/keys.c index 2521fae2438..d46b8db7386 100644 --- a/crypto/heimdal/lib/kadm5/keys.c +++ b/crypto/heimdal/lib/kadm5/keys.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: keys.c 14297 2004-10-11 23:50:25Z lha $"); +RCSID("$Id$"); /* * free all the memory used by (len, keys) @@ -64,37 +64,39 @@ _kadm5_init_keys (Key *keys, int len) } /* - * return 0 iff `keys1, len1' and `keys2, len2' are identical + * return 1 if any key in `keys1, len1' exists in `keys2, len2' */ int -_kadm5_cmp_keys(Key *keys1, int len1, Key *keys2, int len2) +_kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2) { - int i; - - if (len1 != len2) - return 1; + int i, j; for (i = 0; i < len1; ++i) { - if ((keys1[i].salt != NULL && keys2[i].salt == NULL) - || (keys1[i].salt == NULL && keys2[i].salt != NULL)) + for (j = 0; j < len2; j++) { + if ((keys1[i].salt != NULL && keys2[j].salt == NULL) + || (keys1[i].salt == NULL && keys2[j].salt != NULL)) + continue; + + if (keys1[i].salt != NULL) { + if (keys1[i].salt->type != keys2[j].salt->type) + continue; + if (keys1[i].salt->salt.length != keys2[j].salt->salt.length) + continue; + if (memcmp (keys1[i].salt->salt.data, keys2[j].salt->salt.data, + keys1[i].salt->salt.length) != 0) + continue; + } + if (keys1[i].key.keytype != keys2[j].key.keytype) + continue; + if (keys1[i].key.keyvalue.length != keys2[j].key.keyvalue.length) + continue; + if (memcmp (keys1[i].key.keyvalue.data, keys2[j].key.keyvalue.data, + keys1[i].key.keyvalue.length) != 0) + continue; + return 1; - if (keys1[i].salt != NULL) { - if (keys1[i].salt->type != keys2[i].salt->type) - return 1; - if (keys1[i].salt->salt.length != keys2[i].salt->salt.length) - return 1; - if (memcmp (keys1[i].salt->salt.data, keys2[i].salt->salt.data, - keys1[i].salt->salt.length) != 0) - return 1; } - if (keys1[i].key.keytype != keys2[i].key.keytype) - return 1; - if (keys1[i].key.keyvalue.length != keys2[i].key.keyvalue.length) - return 1; - if (memcmp (keys1[i].key.keyvalue.data, keys2[i].key.keyvalue.data, - keys1[i].key.keyvalue.length) != 0) - return 1; } return 0; } diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c index 5c4aaefe707..05b84b1e07c 100644 --- a/crypto/heimdal/lib/kadm5/log.c +++ b/crypto/heimdal/lib/kadm5/log.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include "heim_threads.h" -RCSID("$Id: log.c 22211 2007-12-07 19:27:27Z lha $"); +RCSID("$Id$"); /* * A log record consists of: @@ -99,13 +99,15 @@ kadm5_log_init (kadm5_server_context *context) return 0; fd = open (log_context->log_file, O_RDWR | O_CREAT, 0600); if (fd < 0) { - krb5_set_error_string(context->context, "kadm5_log_init: open %s", + ret = errno; + krb5_set_error_message(context->context, ret, "kadm5_log_init: open %s", log_context->log_file); - return errno; + return ret; } if (flock (fd, LOCK_EX) < 0) { - krb5_set_error_string(context->context, "kadm5_log_init: flock %s", - log_context->log_file); + ret = errno; + krb5_set_error_message(context->context, ret, "kadm5_log_init: flock %s", + log_context->log_file); close (fd); return errno; } @@ -191,12 +193,12 @@ kadm5_log_flush (kadm5_log_context *log_context, { krb5_data data; size_t len; - int ret; + ssize_t ret; krb5_storage_to_data(sp, &data); len = data.length; ret = write (log_context->log_fd, data.data, len); - if (ret != len) { + if (ret < 0 || (size_t)ret != len) { krb5_data_free(&data); return errno; } @@ -204,15 +206,25 @@ kadm5_log_flush (kadm5_log_context *log_context, krb5_data_free(&data); return errno; } + /* * Try to send a signal to any running `ipropd-master' */ +#ifndef NO_UNIX_SOCKETS sendto (log_context->socket_fd, (void *)&log_context->version, sizeof(log_context->version), 0, (struct sockaddr *)&log_context->socket_name, sizeof(log_context->socket_name)); +#else + sendto (log_context->socket_fd, + (void *)&log_context->version, + sizeof(log_context->version), + 0, + log_context->socket_info->ai_addr, + log_context->socket_info->ai_addrlen); +#endif krb5_data_free(&data); return 0; @@ -279,15 +291,15 @@ kadm5_log_replay_create (kadm5_server_context *context, ret = krb5_data_alloc (&data, len); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent.entry); krb5_data_free(&data); if (ret) { - krb5_set_error_string(context->context, - "Unmarshaling hdb entry failed"); + krb5_set_error_message(context->context, ret, + "Unmarshaling hdb entry failed"); return ret; } ret = context->db->hdb_store(context->context, context->db, 0, &ent); @@ -358,8 +370,8 @@ kadm5_log_replay_delete (kadm5_server_context *context, ret = krb5_ret_principal (sp, &principal); if (ret) { - krb5_set_error_string(context->context, "Failed to read deleted " - "principal from log version: %ld", (long)ver); + krb5_set_error_message(context->context, ret, "Failed to read deleted " + "principal from log version: %ld", (long)ver); return ret; } @@ -456,8 +468,8 @@ kadm5_log_replay_rename (kadm5_server_context *context, off = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_ret_principal (sp, &source); if (ret) { - krb5_set_error_string(context->context, "Failed to read renamed " - "principal in log, version: %ld", (long)ver); + krb5_set_error_message(context->context, ret, "Failed to read renamed " + "principal in log, version: %ld", (long)ver); return ret; } princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; @@ -474,7 +486,7 @@ kadm5_log_replay_rename (kadm5_server_context *context, krb5_free_principal (context->context, source); return ret; } - ret = context->db->hdb_store (context->context, context->db, + ret = context->db->hdb_store (context->context, context->db, 0, &target_ent); hdb_free_entry (context->context, &target_ent); if (ret) { @@ -561,7 +573,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, len -= 4; ret = krb5_data_alloc (&value, len); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); return ret; } krb5_storage_read (sp, value.data, len); @@ -571,9 +583,9 @@ kadm5_log_replay_modify (kadm5_server_context *context, return ret; memset(&ent, 0, sizeof(ent)); - ret = context->db->hdb_fetch(context->context, context->db, - log_ent.entry.principal, - HDB_F_DECRYPT|HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, + log_ent.entry.principal, + HDB_F_DECRYPT|HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if (ret) goto out; if (mask & KADM5_PRINC_EXPIRE_TIME) { @@ -583,8 +595,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.valid_end == NULL) { ent.entry.valid_end = malloc(sizeof(*ent.entry.valid_end)); if (ent.entry.valid_end == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -598,8 +610,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.pw_end == NULL) { ent.entry.pw_end = malloc(sizeof(*ent.entry.pw_end)); if (ent.entry.pw_end == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -619,8 +631,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.max_life == NULL) { ent.entry.max_life = malloc (sizeof(*ent.entry.max_life)); if (ent.entry.max_life == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -631,15 +643,15 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.modified_by == NULL) { ent.entry.modified_by = malloc(sizeof(*ent.entry.modified_by)); if (ent.entry.modified_by == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } else free_Event(ent.entry.modified_by); ret = copy_Event(log_ent.entry.modified_by, ent.entry.modified_by); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -665,8 +677,8 @@ kadm5_log_replay_modify (kadm5_server_context *context, if (ent.entry.max_renew == NULL) { ent.entry.max_renew = malloc (sizeof(*ent.entry.max_renew)); if (ent.entry.max_renew == NULL) { - krb5_set_error_string(context->context, "out of memory"); ret = ENOMEM; + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -684,7 +696,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, } if (mask & KADM5_KEY_DATA) { size_t num; - int i; + size_t i; for (i = 0; i < ent.entry.keys.len; ++i) free_Key(&ent.entry.keys.val[i]); @@ -695,14 +707,14 @@ kadm5_log_replay_modify (kadm5_server_context *context, ent.entry.keys.len = num; ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val)); if (ent.entry.keys.val == NULL) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ENOMEM, "out of memory"); return ENOMEM; } for (i = 0; i < ent.entry.keys.len; ++i) { ret = copy_Key(&log_ent.entry.keys.val[i], &ent.entry.keys.val[i]); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); goto out; } } @@ -717,7 +729,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, ret = copy_HDB_extensions(log_ent.entry.extensions, ent.entry.extensions); if (ret) { - krb5_set_error_string(context->context, "out of memory"); + krb5_set_error_message(context->context, ret, "out of memory"); free(ent.entry.extensions); ent.entry.extensions = es; goto out; @@ -727,7 +739,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, free(es); } } - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); out: hdb_free_entry (context->context, &ent); @@ -834,9 +846,9 @@ kadm5_log_goto_end (int fd) /* * Return previous log entry. - * - * The pointer in `sp´ is assumed to be at the top of the entry before - * previous entry. On success, the `sp´ pointer is set to data portion + * + * The pointer in `sp´ is assumed to be at the top of the entry before + * previous entry. On success, the `sp´ pointer is set to data portion * of previous entry. In case of error, it's not changed at all. */ @@ -860,16 +872,22 @@ kadm5_log_previous (krb5_context context, goto end_of_storage; *len = tmp; ret = krb5_ret_int32 (sp, &tmp); + if (ret) + goto end_of_storage; *ver = tmp; off = 24 + *len; krb5_storage_seek(sp, -off, SEEK_CUR); ret = krb5_ret_int32 (sp, &tmp); if (ret) goto end_of_storage; - if (tmp != *ver) { + if ((uint32_t)tmp != *ver) { krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: log entry " - "have consistency failure, version number wrong"); + krb5_set_error_message(context, KADM5_BAD_DB, + "kadm5_log_previous: log entry " + "have consistency failure, version number wrong " + "(tmp %lu ver %lu)", + (unsigned long)tmp, + (unsigned long)*ver); return KADM5_BAD_DB; } ret = krb5_ret_int32 (sp, &tmp); @@ -877,22 +895,25 @@ kadm5_log_previous (krb5_context context, goto end_of_storage; *timestamp = tmp; ret = krb5_ret_int32 (sp, &tmp); + if (ret) + goto end_of_storage; *op = tmp; ret = krb5_ret_int32 (sp, &tmp); if (ret) goto end_of_storage; - if (tmp != *len) { + if ((uint32_t)tmp != *len) { krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: log entry " - "have consistency failure, length wrong"); + krb5_set_error_message(context, KADM5_BAD_DB, + "kadm5_log_previous: log entry " + "have consistency failure, length wrong"); return KADM5_BAD_DB; } return 0; end_of_storage: krb5_storage_seek(sp, oldoff, SEEK_SET); - krb5_set_error_string(context, "kadm5_log_previous: end of storage " - "reached before end"); + krb5_set_error_message(context, ret, "kadm5_log_previous: end of storage " + "reached before end"); return ret; } @@ -919,8 +940,8 @@ kadm5_log_replay (kadm5_server_context *context, case kadm_nop : return kadm5_log_replay_nop (context, ver, len, sp); default : - krb5_set_error_string(context->context, - "Unsupported replay op %d", (int)op); + krb5_set_error_message(context->context, KADM5_FAILURE, + "Unsupported replay op %d", (int)op); return KADM5_FAILURE; } } @@ -962,6 +983,8 @@ kadm5_log_truncate (kadm5_server_context *server_context) } +#ifndef NO_UNIX_SOCKETS + static char *default_signal = NULL; static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -980,3 +1003,55 @@ kadm5_log_signal_socket(krb5_context context) "signal_socket", NULL); } + +#else /* NO_UNIX_SOCKETS */ + +#define SIGNAL_SOCKET_HOST "127.0.0.1" +#define SIGNAL_SOCKET_PORT "12701" + +kadm5_ret_t +kadm5_log_signal_socket_info(krb5_context context, + int server_end, + struct addrinfo **ret_addrs) +{ + struct addrinfo hints; + struct addrinfo *addrs = NULL; + kadm5_ret_t ret = KADM5_FAILURE; + int wsret; + + memset(&hints, 0, sizeof(hints)); + + hints.ai_flags = AI_NUMERICHOST; + if (server_end) + hints.ai_flags |= AI_PASSIVE; + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + wsret = getaddrinfo(SIGNAL_SOCKET_HOST, + SIGNAL_SOCKET_PORT, + &hints, &addrs); + + if (wsret != 0) { + krb5_set_error_message(context, KADM5_FAILURE, + "%s", gai_strerror(wsret)); + goto done; + } + + if (addrs == NULL) { + krb5_set_error_message(context, KADM5_FAILURE, + "getaddrinfo() failed to return address list"); + goto done; + } + + *ret_addrs = addrs; + addrs = NULL; + ret = 0; + + done: + if (addrs) + freeaddrinfo(addrs); + return ret; +} + +#endif diff --git a/crypto/heimdal/lib/kadm5/marshall.c b/crypto/heimdal/lib/kadm5/marshall.c index 05ca33ffaa0..65804afbf92 100644 --- a/crypto/heimdal/lib/kadm5/marshall.c +++ b/crypto/heimdal/lib/kadm5/marshall.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: marshall.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_store_key_data(krb5_storage *sp, @@ -189,7 +189,7 @@ ret_principal_ent(krb5_storage *sp, if (mask & KADM5_PRINCIPAL) krb5_ret_principal(sp, &princ->principal); - + if (mask & KADM5_PRINC_EXPIRE_TIME) { krb5_ret_int32(sp, &tmp); princ->princ_expire_time = tmp; @@ -260,7 +260,7 @@ ret_principal_ent(krb5_storage *sp, krb5_ret_int32(sp, &tmp); princ->n_key_data = tmp; princ->key_data = malloc(princ->n_key_data * sizeof(*princ->key_data)); - if (princ->key_data == NULL) + if (princ->key_data == NULL && princ->n_key_data != 0) return ENOMEM; for(i = 0; i < princ->n_key_data; i++) kadm5_ret_key_data(sp, &princ->key_data[i]); @@ -301,14 +301,14 @@ kadm5_ret_principal_ent_mask(krb5_storage *sp, } kadm5_ret_t -_kadm5_marshal_params(krb5_context context, - kadm5_config_params *params, +_kadm5_marshal_params(krb5_context context, + kadm5_config_params *params, krb5_data *out) { krb5_storage *sp = krb5_storage_emem(); - + krb5_store_int32(sp, params->mask & (KADM5_CONFIG_REALM)); - + if(params->mask & KADM5_CONFIG_REALM) krb5_store_string(sp, params->realm); krb5_storage_to_data(sp, out); @@ -322,15 +322,23 @@ _kadm5_unmarshal_params(krb5_context context, krb5_data *in, kadm5_config_params *params) { - krb5_storage *sp = krb5_storage_from_data(in); + krb5_error_code ret; + krb5_storage *sp; int32_t mask; - - krb5_ret_int32(sp, &mask); + + sp = krb5_storage_from_data(in); + if (sp == NULL) + return ENOMEM; + + ret = krb5_ret_int32(sp, &mask); + if (ret) + goto out; params->mask = mask; - + if(params->mask & KADM5_CONFIG_REALM) - krb5_ret_string(sp, ¶ms->realm); + ret = krb5_ret_string(sp, ¶ms->realm); + out: krb5_storage_free(sp); - return 0; + return ret; } diff --git a/crypto/heimdal/lib/kadm5/modify_c.c b/crypto/heimdal/lib/kadm5/modify_c.c index ed399b3ce8d..dd96ae2742c 100644 --- a/crypto/heimdal/lib/kadm5/modify_c.c +++ b/crypto/heimdal/lib/kadm5/modify_c.c @@ -1,43 +1,43 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: modify_c.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask) { kadm5_client_context *context = server_handle; @@ -53,7 +53,7 @@ kadm5_c_modify_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_modify); @@ -68,12 +68,12 @@ kadm5_c_modify_principal(void *server_handle, return ret; sp = krb5_storage_from_data (&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sp); krb5_data_free (&reply); return tmp; diff --git a/crypto/heimdal/lib/kadm5/modify_s.c b/crypto/heimdal/lib/kadm5/modify_s.c index 449f6195cca..7907995ec3b 100644 --- a/crypto/heimdal/lib/kadm5/modify_s.c +++ b/crypto/heimdal/lib/kadm5/modify_s.c @@ -1,43 +1,43 @@ /* - * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001, 2003, 2005-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: modify_s.c 20610 2007-05-08 07:12:37Z lha $"); +RCSID("$Id$"); static kadm5_ret_t modify_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask, uint32_t forbidden_mask) { @@ -48,13 +48,13 @@ modify_principal(void *server_handle, return KADM5_BAD_MASK; if((mask & KADM5_POLICY) && strcmp(princ->policy, "default")) return KADM5_UNK_POLICY; - + memset(&ent, 0, sizeof(ent)); ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, - princ->principal, HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, + princ->principal, HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret) goto out; ret = _kadm5_setup_entry(context, &ent, mask, princ, mask, NULL, 0); @@ -68,7 +68,7 @@ modify_principal(void *server_handle, if (ret) goto out2; - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; @@ -87,12 +87,12 @@ out: kadm5_ret_t kadm5_s_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, + kadm5_principal_ent_t princ, uint32_t mask) { - return modify_principal(server_handle, princ, mask, - KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME - | KADM5_MOD_NAME | KADM5_MKVNO + return modify_principal(server_handle, princ, mask, + KADM5_LAST_PWD_CHANGE | KADM5_MOD_TIME + | KADM5_MOD_NAME | KADM5_MKVNO | KADM5_AUX_ATTRIBUTES | KADM5_LAST_SUCCESS | KADM5_LAST_FAILED); } diff --git a/crypto/heimdal/lib/kadm5/password_quality.c b/crypto/heimdal/lib/kadm5/password_quality.c index 2610ce87849..a6f0b3ef67e 100644 --- a/crypto/heimdal/lib/kadm5/password_quality.c +++ b/crypto/heimdal/lib/kadm5/password_quality.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000, 2003-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include "kadm5-pwcheck.h" -RCSID("$Id: password_quality.c 17595 2006-05-30 21:51:55Z lha $"); +RCSID("$Id$"); #ifdef HAVE_SYS_WAIT_H #include @@ -95,8 +95,8 @@ char_class_passwd_quality (krb5_context context, "1234567890", "!@#$%^&*()/?<>,.{[]}\\|'~`\" " }; - int i, counter = 0, req_classes; - size_t len; + int counter = 0, req_classes; + size_t i, len; char *pw; req_classes = krb5_config_get_int_default(context, NULL, 3, @@ -148,7 +148,7 @@ external_passwd_quality (krb5_context context, char reply[1024]; FILE *in = NULL, *out = NULL, *error = NULL; - if (memchr(pwd->data, pwd->length, '\n') != NULL) { + if (memchr(pwd->data, '\n', pwd->length) != NULL) { snprintf(message, length, "password contains newline, " "not valid for external test"); return 1; @@ -170,7 +170,7 @@ external_passwd_quality (krb5_context context, return 1; } - child = pipe_execv(&in, &out, &error, program, p, NULL); + child = pipe_execv(&in, &out, &error, program, program, p, NULL); if (child < 0) { snprintf(message, length, "external password quality " "program failed to execute for principal %s", p); @@ -182,7 +182,7 @@ external_passwd_quality (krb5_context context, "new-password: %.*s\n" "end\n", p, (int)pwd->length, (char *)pwd->data); - + fclose(in); if (fgets(reply, sizeof(reply), out) == NULL) { @@ -199,7 +199,7 @@ external_passwd_quality (krb5_context context, fclose(out); fclose(error); - waitpid(child, &status, 0); + wait_for_process(child); return 1; } reply[strcspn(reply, "\n")] = '\0'; @@ -207,12 +207,9 @@ external_passwd_quality (krb5_context context, fclose(out); fclose(error); - if (waitpid(child, &status, 0) < 0) { - snprintf(message, length, "external program failed: %s", reply); - free(p); - return 1; - } - if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + status = wait_for_process(child); + + if (SE_IS_ERROR(status) || SE_PROCSTATUS(status) != 0) { snprintf(message, length, "external program failed: %s", reply); free(p); return 1; @@ -230,18 +227,18 @@ external_passwd_quality (krb5_context context, } -static kadm5_passwd_quality_check_func_v0 passwd_quality_check = +static kadm5_passwd_quality_check_func_v0 passwd_quality_check = min_length_passwd_quality_v0; struct kadm5_pw_policy_check_func builtin_funcs[] = { { "minimum-length", min_length_passwd_quality }, { "character-class", char_class_passwd_quality }, { "external-check", external_passwd_quality }, - { NULL } + { NULL, NULL } }; struct kadm5_pw_policy_verifier builtin_verifier = { - "builtin", - KADM5_PASSWD_VERSION_V1, + "builtin", + KADM5_PASSWD_VERSION_V1, "Heimdal builtin", builtin_funcs }; @@ -269,17 +266,17 @@ kadm5_setup_passwd_quality_check(krb5_context context, const char *tmp; if(check_library == NULL) { - tmp = krb5_config_get_string(context, NULL, - "password_quality", - "check_library", + tmp = krb5_config_get_string(context, NULL, + "password_quality", + "check_library", NULL); if(tmp != NULL) check_library = tmp; } if(check_function == NULL) { - tmp = krb5_config_get_string(context, NULL, - "password_quality", - "check_function", + tmp = krb5_config_get_string(context, NULL, + "password_quality", + "check_function", NULL); if(tmp != NULL) check_function = tmp; @@ -294,7 +291,7 @@ kadm5_setup_passwd_quality_check(krb5_context context, krb5_warnx(context, "failed to open `%s'", check_library); return; } - version = dlsym(handle, "version"); + version = (int *) dlsym(handle, "version"); if(version == NULL) { krb5_warnx(context, "didn't find `version' symbol in `%s'", check_library); @@ -310,8 +307,8 @@ kadm5_setup_passwd_quality_check(krb5_context context, } sym = dlsym(handle, check_function); if(sym == NULL) { - krb5_warnx(context, - "didn't find `%s' symbol in `%s'", + krb5_warnx(context, + "didn't find `%s' symbol in `%s'", check_function, check_library); dlclose(handle); return; @@ -334,7 +331,7 @@ add_verifier(krb5_context context, const char *check_library) krb5_warnx(context, "failed to open `%s'", check_library); return ENOENT; } - v = dlsym(handle, "kadm5_password_verifier"); + v = (struct kadm5_pw_policy_verifier *) dlsym(handle, "kadm5_password_verifier"); if(v == NULL) { krb5_warnx(context, "didn't find `kadm5_password_verifier' symbol " @@ -385,21 +382,23 @@ kadm5_add_passwd_quality_verifier(krb5_context context, krb5_error_code ret; char **tmp; - tmp = krb5_config_get_strings(context, NULL, - "password_quality", - "policy_libraries", + tmp = krb5_config_get_strings(context, NULL, + "password_quality", + "policy_libraries", NULL); - if(tmp == NULL) + if(tmp == NULL || *tmp == NULL) return 0; - while(tmp) { + while (*tmp) { ret = add_verifier(context, *tmp); if (ret) return ret; tmp++; } + return 0; + } else { + return add_verifier(context, check_library); } - return add_verifier(context, check_library); #else return 0; #endif /* HAVE_DLOPEN */ @@ -419,10 +418,12 @@ find_func(krb5_context context, const char *name) p = strchr(name, ':'); if (p) { + size_t len = p - name + 1; func = p + 1; - module = strndup(name, p - name); + module = malloc(len); if (module == NULL) return NULL; + strlcpy(module, name, len); } else func = name; @@ -431,7 +432,7 @@ find_func(krb5_context context, const char *name) if (module && strcmp(module, verifiers[i]->name) != 0) continue; for (f = verifiers[i]->funcs; f->name ; f++) - if (strcmp(name, f->name) == 0) { + if (strcmp(func, f->name) == 0) { if (module) free(module); return f; @@ -466,13 +467,13 @@ kadm5_check_password_quality (krb5_context context, * Check if we should use the old version of policy function. */ - v = krb5_config_get_strings(context, NULL, - "password_quality", - "policies", + v = krb5_config_get_strings(context, NULL, + "password_quality", + "policies", NULL); if (v == NULL) { msg = (*passwd_quality_check) (context, principal, pwd_data); - krb5_set_error_string(context, "password policy failed: %s", msg); + krb5_set_error_message(context, 0, "password policy failed: %s", msg); return msg; } @@ -483,16 +484,16 @@ kadm5_check_password_quality (krb5_context context, proc = find_func(context, *vp); if (proc == NULL) { msg = "failed to find password verifier function"; - krb5_set_error_string(context, "Failed to find password policy " - "function: %s", *vp); + krb5_set_error_message(context, 0, "Failed to find password policy " + "function: %s", *vp); break; } ret = (proc->func)(context, principal, pwd_data, NULL, error_msg, sizeof(error_msg)); if (ret) { - krb5_set_error_string(context, "Password policy " - "%s failed with %s", - proc->name, error_msg); + krb5_set_error_message(context, 0, "Password policy " + "%s failed with %s", + proc->name, error_msg); msg = error_msg; break; } @@ -504,9 +505,9 @@ kadm5_check_password_quality (krb5_context context, if (msg == NULL && passwd_quality_check != min_length_passwd_quality_v0) { msg = (*passwd_quality_check) (context, principal, pwd_data); if (msg) - krb5_set_error_string(context, "(old) password policy " - "failed with %s", msg); - + krb5_set_error_message(context, 0, "(old) password policy " + "failed with %s", msg); + } return msg; } diff --git a/crypto/heimdal/lib/kadm5/private.h b/crypto/heimdal/lib/kadm5/private.h index d5e1380752a..7c5b27f1769 100644 --- a/crypto/heimdal/lib/kadm5/private.h +++ b/crypto/heimdal/lib/kadm5/private.h @@ -1,54 +1,54 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: private.h 22211 2007-12-07 19:27:27Z lha $ */ +/* $Id$ */ #ifndef __kadm5_privatex_h__ #define __kadm5_privatex_h__ struct kadm_func { kadm5_ret_t (*chpass_principal) (void *, krb5_principal, const char*); - kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, + kadm5_ret_t (*create_principal) (void*, kadm5_principal_ent_t, uint32_t, const char*); kadm5_ret_t (*delete_principal) (void*, krb5_principal); kadm5_ret_t (*destroy) (void*); kadm5_ret_t (*flush) (void*); - kadm5_ret_t (*get_principal) (void*, krb5_principal, + kadm5_ret_t (*get_principal) (void*, krb5_principal, kadm5_principal_ent_t, uint32_t); kadm5_ret_t (*get_principals) (void*, const char*, char***, int*); kadm5_ret_t (*get_privs) (void*, uint32_t*); kadm5_ret_t (*modify_principal) (void*, kadm5_principal_ent_t, uint32_t); - kadm5_ret_t (*randkey_principal) (void*, krb5_principal, + kadm5_ret_t (*randkey_principal) (void*, krb5_principal, krb5_keyblock**, int*); kadm5_ret_t (*rename_principal) (void*, krb5_principal, krb5_principal); kadm5_ret_t (*chpass_principal_with_key) (void *, krb5_principal, @@ -74,8 +74,12 @@ typedef struct kadm5_log_context { char *log_file; int log_fd; uint32_t version; +#ifndef NO_UNIX_SOCKETS struct sockaddr_un socket_name; - int socket_fd; +#else + struct addrinfo *socket_info; +#endif + krb5_socket_t socket_fd; } kadm5_log_context; typedef struct kadm5_server_context { diff --git a/crypto/heimdal/lib/kadm5/privs_c.c b/crypto/heimdal/lib/kadm5/privs_c.c index 58e6824dc11..60facf68e5e 100644 --- a/crypto/heimdal/lib/kadm5/privs_c.c +++ b/crypto/heimdal/lib/kadm5/privs_c.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: privs_c.c 17512 2006-05-08 13:43:17Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_c_get_privs(void *server_handle, uint32_t *privs) @@ -53,7 +53,7 @@ kadm5_c_get_privs(void *server_handle, uint32_t *privs) sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_get_privs); @@ -66,12 +66,12 @@ kadm5_c_get_privs(void *server_handle, uint32_t *privs) return ret; sp = krb5_storage_from_data(&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } krb5_ret_int32(sp, &tmp); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); ret = tmp; if(ret == 0){ krb5_ret_uint32(sp, privs); diff --git a/crypto/heimdal/lib/kadm5/privs_s.c b/crypto/heimdal/lib/kadm5/privs_s.c index 9c345e3c0f0..bfe298d2f73 100644 --- a/crypto/heimdal/lib/kadm5/privs_s.c +++ b/crypto/heimdal/lib/kadm5/privs_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: privs_s.c 17445 2006-05-05 10:37:46Z lha $"); +RCSID("$Id$"); kadm5_ret_t kadm5_s_get_privs(void *server_handle, uint32_t *privs) diff --git a/crypto/heimdal/lib/kadm5/randkey_c.c b/crypto/heimdal/lib/kadm5/randkey_c.c index 60a3f53e113..bfa12084f7e 100644 --- a/crypto/heimdal/lib/kadm5/randkey_c.c +++ b/crypto/heimdal/lib/kadm5/randkey_c.c @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: randkey_c.c 16662 2006-01-25 12:53:09Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_randkey_principal(void *server_handle, +kadm5_c_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_keys, + krb5_keyblock **new_keys, int *n_keys) { kadm5_client_context *context = server_handle; @@ -54,7 +54,7 @@ kadm5_c_randkey_principal(void *server_handle, sp = krb5_storage_from_mem(buf, sizeof(buf)); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } krb5_store_int32(sp, kadm_randkey); @@ -68,11 +68,11 @@ kadm5_c_randkey_principal(void *server_handle, return ret; sp = krb5_storage_from_data(&reply); if (sp == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free (&reply); return ENOMEM; } - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_ret_int32(sp, &tmp); ret = tmp; if(ret == 0){ diff --git a/crypto/heimdal/lib/kadm5/randkey_s.c b/crypto/heimdal/lib/kadm5/randkey_s.c index cb0f0fab24b..dcb179aac40 100644 --- a/crypto/heimdal/lib/kadm5/randkey_s.c +++ b/crypto/heimdal/lib/kadm5/randkey_s.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001, 2003-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: randkey_s.c 20611 2007-05-08 07:13:07Z lha $"); +RCSID("$Id$"); /* * Set the keys of `princ' to random values, returning the random keys @@ -41,9 +41,9 @@ RCSID("$Id: randkey_s.c 20611 2007-05-08 07:13:07Z lha $"); */ kadm5_ret_t -kadm5_s_randkey_principal(void *server_handle, +kadm5_s_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_keys, + krb5_keyblock **new_keys, int *n_keys) { kadm5_server_context *context = server_handle; @@ -54,8 +54,8 @@ kadm5_s_randkey_principal(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, princ, - HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, princ, + HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret) goto out; @@ -78,7 +78,7 @@ kadm5_s_randkey_principal(void *server_handle, if (ret) goto out2; - ret = context->db->hdb_store(context->context, context->db, + ret = context->db->hdb_store(context->context, context->db, HDB_F_REPLACE, &ent); if (ret) goto out2; diff --git a/crypto/heimdal/lib/kadm5/rename_c.c b/crypto/heimdal/lib/kadm5/rename_c.c index cec2fd3d48d..25fcea2f16c 100644 --- a/crypto/heimdal/lib/kadm5/rename_c.c +++ b/crypto/heimdal/lib/kadm5/rename_c.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: rename_c.c 8655 2000-07-11 16:00:19Z joda $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_c_rename_principal(void *server_handle, +kadm5_c_rename_principal(void *server_handle, krb5_principal source, krb5_principal target) { diff --git a/crypto/heimdal/lib/kadm5/rename_s.c b/crypto/heimdal/lib/kadm5/rename_s.c index 2a19426a8b5..08351290c9a 100644 --- a/crypto/heimdal/lib/kadm5/rename_s.c +++ b/crypto/heimdal/lib/kadm5/rename_s.c @@ -1,42 +1,42 @@ /* - * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003, 2005 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: rename_s.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); kadm5_ret_t -kadm5_s_rename_principal(void *server_handle, +kadm5_s_rename_principal(void *server_handle, krb5_principal source, krb5_principal target) { @@ -51,8 +51,8 @@ kadm5_s_rename_principal(void *server_handle, ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0); if(ret) return ret; - ret = context->db->hdb_fetch(context->context, context->db, - source, HDB_F_GET_ANY, &ent); + ret = context->db->hdb_fetch_kvno(context->context, context->db, + source, HDB_F_GET_ANY|HDB_F_ADMIN_DATA, 0, &ent); if(ret){ context->db->hdb_close(context->context, context->db); goto out; @@ -62,15 +62,16 @@ kadm5_s_rename_principal(void *server_handle, goto out2; { /* fix salt */ - int i; + size_t i; Salt salt; krb5_salt salt2; + memset(&salt, 0, sizeof(salt)); krb5_get_pw_salt(context->context, source, &salt2); salt.type = hdb_pw_salt; salt.salt = salt2.saltvalue; for(i = 0; i < ent.entry.keys.len; i++){ if(ent.entry.keys.val[i].salt == NULL){ - ent.entry.keys.val[i].salt = + ent.entry.keys.val[i].salt = malloc(sizeof(*ent.entry.keys.val[i].salt)); if(ent.entry.keys.val[i].salt == NULL) return ENOMEM; diff --git a/crypto/heimdal/lib/kadm5/sample_passwd_check.c b/crypto/heimdal/lib/kadm5/sample_passwd_check.c index 1a21c1099f8..6df9513e3f7 100644 --- a/crypto/heimdal/lib/kadm5/sample_passwd_check.c +++ b/crypto/heimdal/lib/kadm5/sample_passwd_check.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,7 +30,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* $Id: sample_passwd_check.c 21901 2007-08-10 06:05:35Z lha $ */ +/* $Id$ */ #include #include diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c index b64bbfec634..cd63293f9e4 100644 --- a/crypto/heimdal/lib/kadm5/send_recv.c +++ b/crypto/heimdal/lib/kadm5/send_recv.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997-2003, 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2003, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: send_recv.c 17311 2006-04-27 11:10:07Z lha $"); +RCSID("$Id$"); -kadm5_ret_t +kadm5_ret_t _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) { krb5_data msg, out; @@ -48,27 +48,27 @@ _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) len = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_data_alloc(&msg, len); if (ret) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ret; } krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_read(sp, msg.data, msg.length); - + ret = krb5_mk_priv(context->context, context->ac, &msg, &out, NULL); krb5_data_free(&msg); if(ret) return ret; - + sock = krb5_storage_from_fd(context->sock); if(sock == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_data_free(&out); return ENOMEM; } - + ret = krb5_store_data(sock, out); if (ret) - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); krb5_storage_free(sock); krb5_data_free(&out); return ret; @@ -83,12 +83,12 @@ _kadm5_client_recv(kadm5_client_context *context, krb5_data *reply) sock = krb5_storage_from_fd(context->sock); if(sock == NULL) { - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); return ENOMEM; } ret = krb5_ret_data(sock, &data); krb5_storage_free(sock); - krb5_clear_error_string(context->context); + krb5_clear_error_message(context->context); if(ret == KRB5_CC_END) return KADM5_RPC_ERROR; else if(ret) diff --git a/crypto/heimdal/lib/kadm5/server_glue.c b/crypto/heimdal/lib/kadm5/server_glue.c index 2862c36613a..4b430b699c1 100644 --- a/crypto/heimdal/lib/kadm5/server_glue.c +++ b/crypto/heimdal/lib/kadm5/server_glue.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: server_glue.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t kadm5_init_with_password(const char *client_name, diff --git a/crypto/heimdal/lib/kadm5/set_keys.c b/crypto/heimdal/lib/kadm5/set_keys.c index ee4de3b093f..ea0b816c136 100644 --- a/crypto/heimdal/lib/kadm5/set_keys.c +++ b/crypto/heimdal/lib/kadm5/set_keys.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: set_keys.c 15888 2005-08-11 13:40:35Z lha $"); +RCSID("$Id$"); /* * Set the keys of `ent' to the string-to-key of `password' @@ -41,7 +41,7 @@ RCSID("$Id: set_keys.c 15888 2005-08-11 13:40:35Z lha $"); kadm5_ret_t _kadm5_set_keys(kadm5_server_context *context, - hdb_entry *ent, + hdb_entry *ent, const char *password) { Key *keys; @@ -49,7 +49,7 @@ _kadm5_set_keys(kadm5_server_context *context, kadm5_ret_t ret; ret = hdb_generate_key_set_password(context->context, - ent->principal, + ent->principal, password, &keys, &num_keys); if (ret) return ret; @@ -60,7 +60,7 @@ _kadm5_set_keys(kadm5_server_context *context, hdb_entry_set_pw_change_time(context->context, ent, 0); - if (krb5_config_get_bool_default(context->context, NULL, FALSE, + if (krb5_config_get_bool_default(context->context, NULL, FALSE, "kadmin", "save-password", NULL)) { ret = hdb_entry_set_password(context->context, context->db, @@ -78,8 +78,8 @@ _kadm5_set_keys(kadm5_server_context *context, kadm5_ret_t _kadm5_set_keys2(kadm5_server_context *context, - hdb_entry *ent, - int16_t n_key_data, + hdb_entry *ent, + int16_t n_key_data, krb5_key_data *key_data) { krb5_error_code ret; @@ -89,7 +89,7 @@ _kadm5_set_keys2(kadm5_server_context *context, len = n_key_data; keys = malloc (len * sizeof(*keys)); - if (keys == NULL) + if (keys == NULL && len != 0) return ENOMEM; _kadm5_init_keys (keys, len); @@ -105,14 +105,14 @@ _kadm5_set_keys2(kadm5_server_context *context, if(key_data[i].key_data_ver == 2) { Salt *salt; - salt = malloc(sizeof(*salt)); + salt = calloc(1, sizeof(*salt)); if(salt == NULL) { ret = ENOMEM; goto out; } keys[i].salt = salt; salt->type = key_data[i].key_data_type[1]; - krb5_data_copy(&salt->salt, + krb5_data_copy(&salt->salt, key_data[i].key_data_contents[1], key_data[i].key_data_length[1]); } else @@ -148,7 +148,7 @@ _kadm5_set_keys3(kadm5_server_context *context, len = n_keys; keys = malloc (len * sizeof(*keys)); - if (keys == NULL) + if (keys == NULL && len != 0) return ENOMEM; _kadm5_init_keys (keys, len); @@ -201,8 +201,8 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, { krb5_keyblock *kblock = NULL; kadm5_ret_t ret = 0; - int i, des_keyblock; - size_t num_keys; + int des_keyblock; + size_t i, num_keys; Key *keys; ret = hdb_generate_key_set(context->context, ent->principal, @@ -221,7 +221,7 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, des_keyblock = -1; for (i = 0; i < num_keys; i++) { - /* + /* * To make sure all des keys are the the same we generate only * the first one and then copy key to all other des keys. */ @@ -259,7 +259,7 @@ out: _kadm5_free_keys (context->context, num_keys, keys); return ret; } - + _kadm5_free_keys (context->context, ent->keys.len, ent->keys.val); ent->keys.val = keys; ent->keys.len = num_keys; diff --git a/crypto/heimdal/lib/kadm5/set_modifier.c b/crypto/heimdal/lib/kadm5/set_modifier.c index 62965191bd7..ee4d4a8a683 100644 --- a/crypto/heimdal/lib/kadm5/set_modifier.c +++ b/crypto/heimdal/lib/kadm5/set_modifier.c @@ -1,39 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" -RCSID("$Id: set_modifier.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); kadm5_ret_t _kadm5_set_modifier(kadm5_server_context *context, @@ -47,7 +47,7 @@ _kadm5_set_modifier(kadm5_server_context *context, } else free_Event(ent->modified_by); ent->modified_by->time = time(NULL); - ret = krb5_copy_principal(context->context, context->caller, + ret = krb5_copy_principal(context->context, context->caller, &ent->modified_by->principal); return ret; } diff --git a/crypto/heimdal/lib/kadm5/test_pw_quality.c b/crypto/heimdal/lib/kadm5/test_pw_quality.c index 745e03edc4c..e3c8d2f0f43 100644 --- a/crypto/heimdal/lib/kadm5/test_pw_quality.c +++ b/crypto/heimdal/lib/kadm5/test_pw_quality.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2003, 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003, 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kadm5_locl.h" #include -RCSID("$Id: test_pw_quality.c 15105 2005-05-09 19:13:29Z lha $"); +RCSID("$Id$"); static int version_flag; static int help_flag; @@ -59,7 +59,7 @@ main(int argc, char **argv) krb5_data pw_data; krb5_program_setup(&context, argc, argv, args, num_args, NULL); - + if(help_flag) krb5_std_usage(0, args, num_args); if(version_flag) { diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog index 861796a930a..302146adc92 100644 --- a/crypto/heimdal/lib/kafs/ChangeLog +++ b/crypto/heimdal/lib/kafs/ChangeLog @@ -1,30 +1,40 @@ -2007-07-10 Love Hörnquist Åstrand +2008-07-17 Love Hörnquist Ã…strand + + * common.c: Try afs/cell@REALM before afs@REALM since that is what + OpenAFS folks have been saying is best pratices for some time + now. Patch from Derrick Brashear. + +2008-04-15 Love Hörnquist Ã…strand + * afssys.c: Avoid using entry points depending on _IOWR if there + is no _IOWR (on cygwin). + +2007-07-10 Love Hörnquist Ã…strand * Makefile.am: New library version. -2007-05-10 Love Hörnquist Åstrand +2007-05-10 Love Hörnquist Ã…strand * kafs.h: Add VIOCSETTOK2 -2006-10-21 Love Hörnquist Åstrand +2006-10-21 Love Hörnquist Ã…strand * Makefile.am: unbreak previous * Makefile.am: split dist and nodist sources -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * Makefile.am: add more files -2006-05-01 Love Hörnquist Åstrand +2006-05-01 Love Hörnquist Ã…strand - * kafs.3: Spelling, from Björn Sandell. + * kafs.3: Spelling, from Björn Sandell. -2006-04-11 Love Hörnquist Åstrand +2006-04-11 Love Hörnquist Ã…strand * afssys.c: use afs_ioctlnum, From Tomas Olsson -2006-04-10 Love Hörnquist Åstrand +2006-04-10 Love Hörnquist Ã…strand * afssys.c: Try harder to get the pioctl to work via the /proc or /dev interface, OpenAFS choose to reuse the same ioctl number, @@ -34,13 +44,13 @@ * afskrb5.c (afslog_uid_int): use the simpler krb5_principal_get_realm function. -2005-12-21 Love Hörnquist Åstrand +2005-12-21 Love Hörnquist Ã…strand * Makefile.am: Remove dependency on config.h, breaks IRIX build, could depend on libkafs_la_OBJECTS, but that is just asking for trubble. -2005-10-20 Love Hörnquist Åstrand +2005-10-20 Love Hörnquist Ã…strand * afssys.c (k_hasafs_recheck): new function, allow rechecking if AFS client have started now, internaly it resets the internal @@ -48,7 +58,7 @@ with calling k_hasaf() is that is plays around with signals, and that cases problem for some systems/applications. -2005-10-02 Love Hörnquist Åstrand +2005-10-02 Love Hörnquist Ã…strand * kafs_locl.h: Maybe include . @@ -57,22 +67,22 @@ version. Every after 10.0 (darwin 8.0) uses the /dev/ version of the pioctl. -2005-10-01 Love Hörnquist Åstrand +2005-10-01 Love Hörnquist Ã…strand * afssys.c: Support the new MacOS X 10.4 ioctl interface that is a device node. Patched from Tomas Olson . -2005-08-26 Love Hörnquist Åstrand +2005-08-26 Love Hörnquist Ã…strand * afskrb5.c: Default to use 2b tokens. -2005-06-17 Love Hörnquist Åstrand +2005-06-17 Love Hörnquist Ã…strand * common.c: rename index to idx * afssys.c (k_afs_cell_of_file): unconst path -2005-06-02 Love Hörnquist Åstrand +2005-06-02 Love Hörnquist Ã…strand * use struct kafs_data everywhere, don't mix with the typedef kafs_data @@ -82,19 +92,19 @@ * afssys.c: Don't building map_syscall_name_to_number where its not used. -2005-02-24 Love Hörnquist Åstrand +2005-02-24 Love Hörnquist Ã…strand * Makefile.am: bump version to 4:1:4 -2005-02-03 Love Hörnquist Åstrand +2005-02-03 Love Hörnquist Ã…strand * kafs.h: de-__P -2004-12-06 Love Hörnquist Åstrand +2004-12-06 Love Hörnquist Ã…strand * afskrb5.c: s/KEYTYPE_DES/ETYPE_DES_CBC_CRC/ -2004-08-09 Love Hörnquist Åstrand +2004-08-09 Love Hörnquist Ã…strand * afssysdefs.h: ifdef protect AFS_SYSCALL for DragonFly since they still define __FreeBSD__ (and __FreeBSD_version), but claim that @@ -102,14 +112,14 @@ * afssysdefs.h: dragonflybsd uses 339 just like freebsd5 -2004-06-22 Love Hörnquist Åstrand +2004-06-22 Love Hörnquist Ã…strand * afssys.c: s/arla/nnpfs/ * afssys.c: support the linux /proc/fs/mumel/afs_ioctl afs "syscall" interface -2004-01-22 Love Hörnquist Åstrand +2004-01-22 Love Hörnquist Ã…strand * common.c: search paths for AFS configuration files for the OpenAFS MacOS X, fix comment @@ -117,42 +127,42 @@ * kafs.h: search paths for AFS configuration files for the OpenAFS MacOS X -2003-12-02 Love Hörnquist Åstrand +2003-12-02 Love Hörnquist Ã…strand * common.c: add _PATH_ARLA_OPENBSD & c/o * kafs.h: add _PATH_ARLA_OPENBSD & c/o -2003-11-14 Love Hörnquist Åstrand +2003-11-14 Love Hörnquist Ã…strand * common.c: typo, Bruno Rohee -2003-11-08 Love Hörnquist Åstrand +2003-11-08 Love Hörnquist Ã…strand * kafs.3: spelling, partly from jmc -2003-09-30 Love Hörnquist Åstrand +2003-09-30 Love Hörnquist Ã…strand * afskrb5.c (krb5_afslog_uid_home): be even more friendly to the user and fetch context and id ourself -2003-09-23 Love Hörnquist Åstrand +2003-09-23 Love Hörnquist Ã…strand * afskrb5.c (afslog_uid_int): just belive that realm hint the user passed us -2003-07-23 Love Hörnquist Åstrand +2003-07-23 Love Hörnquist Ã…strand * Makefile.am: always include v4 symbols * afskrb.c: provide dummy krb_ function to there is no need to bump major -2003-06-22 Love Hörnquist Åstrand +2003-06-22 Love Hörnquist Ã…strand * afskrb5.c (v5_convert): rename one of the two c to cred4 -2003-04-23 Love Hörnquist Åstrand +2003-04-23 Love Hörnquist Ã…strand * common.c, kafs.h: drop the int argument (the error code) from the logging function @@ -162,12 +172,12 @@ * afskrb5.c (v5_convert): better match what other functions do with values from krb5.conf, like case insensitivity -2003-04-16 Love Hörnquist Åstrand +2003-04-16 Love Hörnquist Ã…strand * kafs.3: Change .Fd #include to .In header.h from Thomas Klausner -2003-04-14 Love Hörnquist Åstrand +2003-04-14 Love Hörnquist Ã…strand * Makefile.am: (libkafs_la_LDFLAGS): update version @@ -192,7 +202,7 @@ * kafs_locl.h (kafs_data): add name (_kafs_foldup): internally export -2003-04-11 Love Hörnquist Åstrand +2003-04-11 Love Hörnquist Ã…strand * kafs.3: tell that cell-name is uppercased @@ -204,18 +214,18 @@ have updated their servers but not afs/cell@REALM. Add constant KAFS_RXKAD_2B_KVNO. -2003-04-06 Love Hörnquist Åstrand +2003-04-06 Love Hörnquist Ã…strand * kafs.3: s/kerberos/Kerberos/ -2003-03-19 Love Hörnquist Åstrand +2003-03-19 Love Hörnquist Ã…strand * kafs.3: spelling, from * kafs.3: document the kafs_settoken functions write about the krb5_appdefault option for kerberos 5 afs tokens fix prototypes -2003-03-18 Love Hörnquist Åstrand +2003-03-18 Love Hörnquist Ã…strand * afskrb5.c (kafs_settoken5): change signature to include a krb5_context, use v5_convert @@ -254,7 +264,7 @@ internal structure struct kafs_token that carries around for rxkad data that is independant of kerberos version -2003-02-18 Love Hörnquist Åstrand +2003-02-18 Love Hörnquist Ã…strand * dlfcn.h: s/intialize/initialize, from @@ -263,7 +273,7 @@ * afssysdefs.h: fix FreeBSD section -2003-02-06 Love Hörnquist Åstrand +2003-02-06 Love Hörnquist Ã…strand * afssysdefs.h: use syscall 208 on openbsd (all version) use syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am index 15282f0fd69..34a6144c7a1 100644 --- a/crypto/heimdal/lib/kafs/Makefile.am +++ b/crypto/heimdal/lib/kafs/Makefile.am @@ -1,18 +1,9 @@ -# $Id: Makefile.am 21446 2007-07-10 12:45:36Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) -if KRB4 -DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto) -krb4_am_workaround = $(INCLUDE_krb4) -else -DEPLIB_krb4 = -krb4_am_workaround = -endif # KRB4 -AM_CPPFLAGS += $(krb4_am_workaround) - if KRB5 DEPLIB_krb5 = ../krb5/libkrb5.la krb5_am_workaround = $(INCLUDE_hcrypto) -I$(top_srcdir)/lib/krb5 @@ -33,11 +24,7 @@ AFS_EXTRA_LD = -e _nostart endif if AIX_DYNAMIC_AFS -if HAVE_DLOPEN AIX_SRC = -else -AIX_SRC = dlfcn.c -endif AFS_EXTRA_LIBS = afslib.so AFS_EXTRA_DEFS = else @@ -51,7 +38,7 @@ AFSL_EXP = AIX_SRC = endif # AIX -libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4) +libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) lib_LTLIBRARIES = libkafs.la libkafs_la_LDFLAGS = -version-info 5:1:5 @@ -64,7 +51,7 @@ CLEANFILES= $(AFS_EXTRA_LIBS) $(ROKEN_SRCS) include_HEADERS = kafs.h if KRB5 -afskrb5_c = afskrb5.c +afskrb5_c = endif if do_roken_rename @@ -73,8 +60,7 @@ endif dist_libkafs_la_SOURCES = \ afssys.c \ - afskrb.c \ - $(afskrb5_c) \ + afskrb5.c \ common.c \ $(AIX_SRC) \ kafs_locl.h \ @@ -83,9 +69,9 @@ dist_libkafs_la_SOURCES = \ nodist_libkafs_la_SOURCES = $(ROKEN_SRCS) -EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h +EXTRA_libkafs_la_SOURCES = afskrb5.c afslib.c -EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS) +EXTRA_DIST = NTMakefile afsl.exp afslib.exp $(man_MANS) man_MANS = kafs.3 diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in index ae9a12a60ff..07356bce6c1 100644 --- a/crypto/heimdal/lib/kafs/Makefile.in +++ b/crypto/heimdal/lib/kafs/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 21446 2007-07-10 12:45:36Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -46,7 +48,7 @@ DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ subdir = lib/kafs ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -61,7 +63,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -75,9 +77,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -85,48 +90,56 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \ "$(DESTDIR)$(foodir)" "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) @KRB5_TRUE@am__DEPENDENCIES_1 = ../krb5/libkrb5.la am__DEPENDENCIES_2 = -@KRB4_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \ -@KRB4_TRUE@ $(am__DEPENDENCIES_2) -libkafs_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(am__DEPENDENCIES_3) -am__dist_libkafs_la_SOURCES_DIST = afssys.c afskrb.c afskrb5.c \ - common.c afslib.c dlfcn.c kafs_locl.h afssysdefs.h \ - roken_rename.h -@KRB5_TRUE@am__objects_1 = afskrb5.lo -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_2 = afslib.lo -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@am__objects_2 = \ -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@ dlfcn.lo -dist_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_1) \ - common.lo $(am__objects_2) -@do_roken_rename_TRUE@am__objects_3 = resolve.lo strtok_r.lo \ +libkafs_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) +am__dist_libkafs_la_SOURCES_DIST = afssys.c afskrb5.c common.c \ + afslib.c kafs_locl.h afssysdefs.h roken_rename.h +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_1 = afslib.lo +dist_libkafs_la_OBJECTS = afssys.lo afskrb5.lo common.lo \ + $(am__objects_1) +@do_roken_rename_TRUE@am__objects_2 = resolve.lo strtok_r.lo \ @do_roken_rename_TRUE@ strlcpy.lo strsep.lo -nodist_libkafs_la_OBJECTS = $(am__objects_3) +nodist_libkafs_la_OBJECTS = $(am__objects_2) libkafs_la_OBJECTS = $(dist_libkafs_la_OBJECTS) \ $(nodist_libkafs_la_OBJECTS) libkafs_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libkafs_la_LDFLAGS) $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -142,9 +155,7 @@ DIST_SOURCES = $(EXTRA_libkafs_la_SOURCES) \ $(am__dist_libkafs_la_SOURCES_DIST) man3dir = $(mandir)/man3 MANS = $(man_MANS) -fooDATA_INSTALL = $(INSTALL_DATA) DATA = $(foo_DATA) -includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags @@ -153,49 +164,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -219,10 +239,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -239,6 +260,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -254,31 +277,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -293,10 +330,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -337,36 +376,36 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) \ +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) \ $(krb5_am_workaround) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KRB4_FALSE@DEPLIB_krb4 = -@KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_hcrypto) -@KRB4_FALSE@krb4_am_workaround = -@KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4) @KRB5_FALSE@DEPLIB_krb5 = @KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la @KRB5_FALSE@krb5_am_workaround = @@ -376,14 +415,13 @@ LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @AIX4_FALSE@@AIX_TRUE@AFS_EXTRA_LD = -e _nostart @AIX4_TRUE@@AIX_TRUE@AFS_EXTRA_LD = -bnoentry @AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AIX_SRC = afslib.c -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@AIX_SRC = dlfcn.c -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@AIX_SRC = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AIX_SRC = @AIX_FALSE@AIX_SRC = @AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_LIBS = @AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_LIBS = afslib.so @AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS @AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_DEFS = -libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) $(DEPLIB_krb4) +libkafs_la_LIBADD = $(DEPLIB_krb5) $(LIBADD_roken) lib_LTLIBRARIES = libkafs.la libkafs_la_LDFLAGS = -version-info 5:1:5 foodir = $(libdir) @@ -391,12 +429,11 @@ foo_DATA = $(AFS_EXTRA_LIBS) # EXTRA_DATA = afslib.so CLEANFILES = $(AFS_EXTRA_LIBS) $(ROKEN_SRCS) include_HEADERS = kafs.h -@KRB5_TRUE@afskrb5_c = afskrb5.c +@KRB5_TRUE@afskrb5_c = @do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c dist_libkafs_la_SOURCES = \ afssys.c \ - afskrb.c \ - $(afskrb5_c) \ + afskrb5.c \ common.c \ $(AIX_SRC) \ kafs_locl.h \ @@ -404,25 +441,25 @@ dist_libkafs_la_SOURCES = \ roken_rename.h nodist_libkafs_la_SOURCES = $(ROKEN_SRCS) -EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h -EXTRA_DIST = README.dlfcn afsl.exp afslib.exp $(man_MANS) +EXTRA_libkafs_la_SOURCES = afskrb5.c afslib.c +EXTRA_DIST = NTMakefile afsl.exp afslib.exp $(man_MANS) man_MANS = kafs.3 all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/kafs/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/kafs/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/kafs/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/kafs/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -440,23 +477,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -476,149 +518,186 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/afskrb5.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/afslib.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/afssys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlcpy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strsep.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strtok_r.Plo@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done + @list=''; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } install-fooDATA: $(foo_DATA) @$(NORMAL_INSTALL) test -z "$(foodir)" || $(MKDIR_P) "$(DESTDIR)$(foodir)" - @list='$(foo_DATA)'; for p in $$list; do \ + @list='$(foo_DATA)'; test -n "$(foodir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(fooDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(foodir)/$$f'"; \ - $(fooDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(foodir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(foodir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(foodir)" || exit $$?; \ done uninstall-fooDATA: @$(NORMAL_UNINSTALL) - @list='$(foo_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(foodir)/$$f'"; \ - rm -f "$(DESTDIR)$(foodir)/$$f"; \ - done + @list='$(foo_DATA)'; test -n "$(foodir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(foodir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(foodir)" && rm -f $$files install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -634,13 +713,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -676,6 +759,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -686,6 +770,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -696,6 +781,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -703,26 +790,35 @@ info-am: install-data-am: install-fooDATA install-includeHEADERS install-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -743,11 +839,10 @@ uninstall-am: uninstall-fooDATA uninstall-includeHEADERS \ uninstall-libLTLIBRARIES uninstall-man @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man3 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ clean clean-generic clean-libLTLIBRARIES clean-libtool ctags \ @@ -836,6 +931,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -921,7 +1019,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -951,6 +1049,7 @@ strlcpy.c: strsep.c: $(LN_S) $(srcdir)/../roken/strsep.c . + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/kafs/README.dlfcn b/crypto/heimdal/lib/kafs/README.dlfcn deleted file mode 100644 index cee1b751939..00000000000 --- a/crypto/heimdal/lib/kafs/README.dlfcn +++ /dev/null @@ -1,246 +0,0 @@ -Copyright (c) 1992,1993,1995,1996, Jens-Uwe Mager, Helios Software GmbH -Not derived from licensed software. - -Permission is granted to freely use, copy, modify, and redistribute -this software, provided that the author is not construed to be liable -for any results of using the software, alterations are clearly marked -as such, and this notice is not modified. - -libdl.a -------- - -This is an emulation library to emulate the SunOS/System V.4 functions -to access the runtime linker. The functions are emulated by using the -AIX load() function and by reading the .loader section of the loaded -module to find the exports. The to be loaded module should be linked as -follows (if using AIX 3): - - cc -o module.so -bM:SRE -bE:module.exp -e _nostart $(OBJS) - -For AIX 4: - - cc -o module.so -bM:SRE -bE:module.exp -bnoentry $(OBJS) - -If you want to reference symbols from the main part of the program in a -loaded module, you will have to link against the export file of the -main part: - - cc -o main -bE:main.exp $(MAIN_OBJS) - cc -o module.so -bM:SRE -bI:main.exp -bE:module.exp -bnoentry $(OBJS) - -Note that you explicitely have to specify what functions are supposed -to be accessible from your loaded modules, this is different from -SunOS/System V.4 where any global is automatically exported. If you -want to export all globals, the following script might be of help: - -#!/bin/sh -/usr/ucb/nm -g $* | awk '$2 == "B" || $2 == "D" { print $3 }' - -The module export file contains the symbols to be exported. Because -this library uses the loader section, the final module.so file can be -stripped. C++ users should build their shared objects using the script -makeC++SharedLib (part of the IBM C++ compiler), this will make sure -that constructors and destructors for static and global objects will be -called upon loading and unloading the module. GNU C++ users should use -the -shared option to g++ to link the shared object: - - g++ -o module.so -shared $(OBJS) - -If the shared object does have permissions for anybody, the shared -object will be loaded into the shared library segment and it will stay -there even if the main application terminates. If you rebuild your -shared object after a bugfix and you want to make sure that you really -get the newest version you will have to use the "slibclean" command -before starting the application again to garbage collect the shared -library segment. If the performance utilities (bosperf) are installed -you can use the following command to see what shared objects are -loaded: - -/usr/lpp/bosperf/genkld | sort | uniq - -For easier debugging you can avoid loading the shared object into the -shared library segment alltogether by removing permissions for others -from the module.so file: - -chmod o-rwx module.so - -This will ensure you get a fresh copy of the shared object for every -dlopen() call which is loaded into the application's data segment. - -Usage ------ - -void *dlopen(const char *path, int mode); - -This routine loads the module pointed to by path and reads its export -table. If the path does not contain a '/' character, dlopen will search -for the module using the LIBPATH environment variable. It returns an -opaque handle to the module or NULL on error. The mode parameter can be -either RTLD_LAZY (for lazy function binding) or RTLD_NOW for immediate -function binding. The AIX implementation currently does treat RTLD_NOW -the same as RTLD_LAZY. The flag RTLD_GLOBAL might be or'ed into the -mode parameter to allow loaded modules to bind to global variables or -functions in other loaded modules loaded by dlopen(). If RTLD_GLOBAL is -not specified, only globals from the main part of the executable or -shared libraries are used to look for undefined symbols in loaded -modules. - - -void *dlsym(void *handle, const char *symbol); - -This routine searches for the symbol in the module referred to by -handle and returns its address. If the symbol could not be found, the -function returns NULL. The return value must be casted to a proper -function pointer before it can be used. SunOS/System V.4 allows handle -to be a NULL pointer to refer to the module the call is made from, this -is not implemented. - -int dlclose(void *handle); - -This routine unloads the module referred to by the handle and disposes -of any local storage. this function returns -1 on failure. Any function -pointers obtained through dlsym() should be considered invalid after -closing a module. - -As AIX caches shared objects in the shared library segment, function -pointers obtained through dlsym() might still work even though the -module has been unloaded. This can introduce subtle bugs that will -segment fault later if AIX garbage collects or immediatly on -SunOS/System V.4 as the text segment is unmapped. - -char *dlerror(void); - -This routine can be used to retrieve a text message describing the most -recent error that occured on on of the above routines. This function -returns NULL if there is no error information. - -Initialization and termination handlers ---------------------------------------- - -The emulation provides for an initialization and a termination -handler. The dlfcn.h file contains a structure declaration named -dl_info with following members: - - void (*init)(void); - void (*fini)(void); - -The init function is called upon first referencing the library. The -fini function is called at dlclose() time or when the process exits. -The module should declare a variable named dl_info that contains this -structure which must be exported. These functions correspond to the -documented _init() and _fini() functions of SunOS 4.x, but these are -appearently not implemented in SunOS. When using SunOS 5.0, these -correspond to #pragma init and #pragma fini respectively. At the same -time any static or global C++ object's constructors or destructors will -be called. - -BUGS ----- - -Please note that there is currently a problem with implicitely loaded -shared C++ libaries: if you refer to a shared C++ library from a loaded -module that is not yet used by the main program, the dlopen() emulator -does not notice this and does not call the static constructors for the -implicitely loaded library. This can be easily demonstrated by -referencing the C++ standard streams from a loaded module if the main -program is a plain C program. - -Jens-Uwe Mager - -HELIOS Software GmbH -Lavesstr. 80 -30159 Hannover -Germany - -Phone: +49 511 36482-0 -FAX: +49 511 36482-69 -AppleLink: helios.de/jum -Internet: jum@helios.de - -Revison History ---------------- - -SCCS/s.dlfcn.h: - -D 1.4 95/04/25 09:36:52 jum 4 3 00018/00004/00028 -MRs: -COMMENTS: -added RTLD_GLOBAL, include and C++ guards - -D 1.3 92/12/27 20:58:32 jum 3 2 00001/00001/00031 -MRs: -COMMENTS: -we always have prototypes on RS/6000 - -D 1.2 92/08/16 17:45:11 jum 2 1 00009/00000/00023 -MRs: -COMMENTS: -added dl_info structure to implement initialize and terminate functions - -D 1.1 92/08/02 18:08:45 jum 1 0 00023/00000/00000 -MRs: -COMMENTS: -Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum - -SCCS/s.dlfcn.c: - -D 1.11 96/04/10 20:12:51 jum 13 12 00037/00000/00533 -MRs: -COMMENTS: -Integrated the changes from John W. Eaton to initialize -g++ generated shared objects. - -D 1.10 96/02/15 17:42:44 jum 12 10 00012/00007/00521 -MRs: -COMMENTS: -the C++ constructor and destructor chains are now called properly for either -xlC 2 or xlC 3 (CSet++). - -D 1.9 95/09/22 11:09:38 markus 10 9 00001/00008/00527 -MRs: -COMMENTS: -Fix version number - -D 1.8 95/09/22 10:14:34 markus 9 8 00008/00001/00527 -MRs: -COMMENTS: -Added version number for dl lib - -D 1.7 95/08/14 19:08:38 jum 8 6 00026/00004/00502 -MRs: -COMMENTS: -Integrated the fixes from Kirk Benell (kirk@rsinc.com) to allow loading of -shared objects generated under AIX 4. Fixed bug that symbols with exactly -8 characters would use garbage characters from the following symbol value. - -D 1.6 95/04/25 09:38:03 jum 6 5 00046/00006/00460 -MRs: -COMMENTS: -added handling of C++ static constructors and destructors, added RTLD_GLOBAL to bind against other loaded modules - -D 1.5 93/02/14 20:14:17 jum 5 4 00002/00000/00464 -MRs: -COMMENTS: -added path to dlopen error message to make clear where there error occured. - -D 1.4 93/01/03 19:13:56 jum 4 3 00061/00005/00403 -MRs: -COMMENTS: -to allow calling symbols in the main module call load with L_NOAUTODEFER and -do a loadbind later with the main module. - -D 1.3 92/12/27 20:59:55 jum 3 2 00066/00008/00342 -MRs: -COMMENTS: -added search by L_GETINFO if module got loaded by LIBPATH - -D 1.2 92/08/16 17:45:43 jum 2 1 00074/00006/00276 -MRs: -COMMENTS: -implemented initialize and terminate functions, added reference counting to avoid multiple loads of the same library - -D 1.1 92/08/02 18:08:45 jum 1 0 00282/00000/00000 -MRs: -COMMENTS: -Erstellungsdatum und -uhrzeit 92/08/02 18:08:45 von jum - diff --git a/crypto/heimdal/lib/kafs/afskrb.c b/crypto/heimdal/lib/kafs/afskrb.c deleted file mode 100644 index f5516a8b526..00000000000 --- a/crypto/heimdal/lib/kafs/afskrb.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kafs_locl.h" - -RCSID("$Id: afskrb.c 15342 2005-06-02 07:38:22Z lha $"); - -#ifdef KRB4 - -struct krb_kafs_data { - const char *realm; -}; - -static int -get_cred(struct kafs_data *data, const char *name, const char *inst, - const char *realm, uid_t uid, struct kafs_token *kt) -{ - CREDENTIALS c; - KTEXT_ST tkt; - int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c); - - if (ret) { - ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0); - if (ret == KSUCCESS) - ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c); - } - if (ret == 0) - ret = _kafs_v4_to_kt(&c, uid, kt); - return ret; -} - -static int -afslog_uid_int(struct kafs_data *data, - const char *cell, - const char *realm_hint, - uid_t uid, - const char *homedir) -{ - int ret; - struct kafs_token kt; - char name[ANAME_SZ]; - char inst[INST_SZ]; - char realm[REALM_SZ]; - - kt.ticket = NULL; - - if (cell == 0 || cell[0] == 0) - return _kafs_afslog_all_local_cells (data, uid, homedir); - - /* Extract realm from ticket file. */ - ret = krb_get_tf_fullname(tkt_string(), name, inst, realm); - if (ret != KSUCCESS) - return ret; - - kt.ticket = NULL; - ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt); - - if (ret == 0) { - ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); - free(kt.ticket); - } - return ret; -} - -static char * -get_realm(struct kafs_data *data, const char *host) -{ - char *r = krb_realmofhost(host); - if(r != NULL) - return strdup(r); - else - return NULL; -} - -int -krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid, - const char *homedir) -{ - struct kafs_data kd; - - kd.name = "krb4"; - kd.afslog_uid = afslog_uid_int; - kd.get_cred = get_cred; - kd.get_realm = get_realm; - kd.data = 0; - return afslog_uid_int(&kd, cell, realm_hint, uid, homedir); -} - -int -krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid) -{ - return krb_afslog_uid_home(cell, realm_hint, uid, NULL); -} - -int -krb_afslog(const char *cell, const char *realm_hint) -{ - return krb_afslog_uid(cell, realm_hint, getuid()); -} - -int -krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir) -{ - return krb_afslog_uid_home(cell, realm_hint, getuid(), homedir); -} - -/* - * - */ - -int -krb_realm_of_cell(const char *cell, char **realm) -{ - struct kafs_data kd; - - kd.name = "krb4"; - kd.get_realm = get_realm; - return _kafs_realm_of_cell(&kd, cell, realm); -} - -int -kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) -{ - struct kafs_token kt; - int ret; - - kt.ticket = NULL; - - ret = _kafs_v4_to_kt(c, uid, &kt); - if (ret) - return ret; - - if (kt.ct.EndTimestamp < time(NULL)) { - free(kt.ticket); - return 0; - } - - ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); - free(kt.ticket); - return ret; -} - -#else /* KRB4 */ - -#define KAFS_KRBET_KDC_SERVICE_EXP 39525378 - -int -krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid, - const char *homedir) -{ - return KAFS_KRBET_KDC_SERVICE_EXP; -} - -int -krb_afslog_uid(const char *cell, const char *realm_hint, uid_t uid) -{ - return KAFS_KRBET_KDC_SERVICE_EXP; -} - -int -krb_afslog_home(const char *cell, const char *realm_hint, const char *homedir) -{ - return KAFS_KRBET_KDC_SERVICE_EXP; -} - -int -krb_afslog(const char *cell, const char *realm_hint) -{ - return KAFS_KRBET_KDC_SERVICE_EXP; -} - -int -krb_realm_of_cell(const char *cell, char **realm) -{ - *realm = NULL; - return KAFS_KRBET_KDC_SERVICE_EXP; -} - -int kafs_settoken (const char*, uid_t, struct credentials *); - -int -kafs_settoken(const char *cell, uid_t uid, struct credentials *c) -{ - return KAFS_KRBET_KDC_SERVICE_EXP; -} - -#endif /* KRB4 */ diff --git a/crypto/heimdal/lib/kafs/afskrb5.c b/crypto/heimdal/lib/kafs/afskrb5.c index 2b052672ffd..c04f43abbc2 100644 --- a/crypto/heimdal/lib/kafs/afskrb5.c +++ b/crypto/heimdal/lib/kafs/afskrb5.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,15 +33,13 @@ #include "kafs_locl.h" -RCSID("$Id: afskrb5.c 17032 2006-04-10 08:45:04Z lha $"); - struct krb5_kafs_data { krb5_context context; krb5_ccache id; krb5_const_realm realm; }; -enum { +enum { KAFS_RXKAD_2B_KVNO = 213, KAFS_RXKAD_K5_KVNO = 256 }; @@ -113,7 +111,7 @@ v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524) static krb5_error_code v5_convert(krb5_context context, krb5_ccache id, - krb5_creds *cred, uid_t uid, + krb5_creds *cred, uid_t uid, const char *cell, struct kafs_token *kt) { @@ -129,26 +127,12 @@ v5_convert(krb5_context context, krb5_ccache id, "afs-use-524", "2b", &val); free(c); - if (strcasecmp(val, "local") == 0 || + if (strcasecmp(val, "local") == 0 || strcasecmp(val, "2b") == 0) ret = v5_to_kt(cred, uid, kt, 1); - else if(strcasecmp(val, "yes") == 0 || - strcasecmp(val, "true") == 0 || - atoi(val)) { - struct credentials cred4; - - if (id == NULL) - ret = krb524_convert_creds_kdc(context, cred, &cred4); - else - ret = krb524_convert_creds_kdc_ccache(context, id, cred, &cred4); - if (ret) - goto out; - - ret = _kafs_v4_to_kt(&cred4, uid, kt); - } else + else ret = v5_to_kt(cred, uid, kt, 0); - out: free(val); return ret; } @@ -159,16 +143,18 @@ v5_convert(krb5_context context, krb5_ccache id, */ static int -get_cred(struct kafs_data *data, const char *name, const char *inst, +get_cred(struct kafs_data *data, const char *name, const char *inst, const char *realm, uid_t uid, struct kafs_token *kt) { krb5_error_code ret; krb5_creds in_creds, *out_creds; struct krb5_kafs_data *d = data->data; + int invalid; memset(&in_creds, 0, sizeof(in_creds)); - ret = krb5_425_conv_principal(d->context, name, inst, realm, - &in_creds.server); + + ret = krb5_make_principal(d->context, &in_creds.server, + realm, name, inst, NULL); if(ret) return ret; ret = krb5_cc_get_principal(d->context, d->id, &in_creds.client); @@ -176,20 +162,49 @@ get_cred(struct kafs_data *data, const char *name, const char *inst, krb5_free_principal(d->context, in_creds.server); return ret; } + in_creds.session.keytype = ETYPE_DES_CBC_CRC; + + /* check if des is disable, and in that case enable it for afs */ + invalid = krb5_enctype_valid(d->context, in_creds.session.keytype); + if (invalid) + krb5_enctype_enable(d->context, in_creds.session.keytype); + ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds); + if (ret) { + in_creds.session.keytype = ETYPE_DES_CBC_MD5; + ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds); + } + + if (invalid) + krb5_enctype_disable(d->context, in_creds.session.keytype); + krb5_free_principal(d->context, in_creds.server); krb5_free_principal(d->context, in_creds.client); if(ret) return ret; - ret = v5_convert(d->context, d->id, out_creds, uid, + ret = v5_convert(d->context, d->id, out_creds, uid, (inst != NULL && inst[0] != '\0') ? inst : realm, kt); krb5_free_creds(d->context, out_creds); return ret; } +static const char * +get_error(struct kafs_data *data, int error) +{ + struct krb5_kafs_data *d = data->data; + return krb5_get_error_message(d->context, error); +} + +static void +free_error(struct kafs_data *data, const char *str) +{ + struct krb5_kafs_data *d = data->data; + krb5_free_error_message(d->context, str); +} + static krb5_error_code afslog_uid_int(struct kafs_data *data, const char *cell, const char *rh, uid_t uid, const char *homedir) @@ -199,7 +214,7 @@ afslog_uid_int(struct kafs_data *data, const char *cell, const char *rh, krb5_principal princ; const char *trealm; /* ticket realm */ struct krb5_kafs_data *d = data->data; - + if (cell == 0 || cell[0] == 0) return _kafs_afslog_all_local_cells (data, uid, homedir); @@ -212,7 +227,7 @@ afslog_uid_int(struct kafs_data *data, const char *cell, const char *rh, kt.ticket = NULL; ret = _kafs_get_cred(data, cell, d->realm, trealm, uid, &kt); krb5_free_principal (d->context, princ); - + if(ret == 0) { ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); free(kt.ticket); @@ -249,6 +264,8 @@ krb5_afslog_uid_home(krb5_context context, kd.afslog_uid = afslog_uid_int; kd.get_cred = get_cred; kd.get_realm = get_realm; + kd.get_error = get_error; + kd.free_error = free_error; kd.data = &d; if (context == NULL) { ret = krb5_init_context(&d.context); @@ -284,7 +301,7 @@ krb5_afslog_uid(krb5_context context, krb5_error_code krb5_afslog(krb5_context context, - krb5_ccache id, + krb5_ccache id, const char *cell, krb5_const_realm realm) { @@ -293,7 +310,7 @@ krb5_afslog(krb5_context context, krb5_error_code krb5_afslog_home(krb5_context context, - krb5_ccache id, + krb5_ccache id, const char *cell, krb5_const_realm realm, const char *homedir) @@ -312,6 +329,8 @@ krb5_realm_of_cell(const char *cell, char **realm) kd.name = "krb5"; kd.get_realm = get_realm; + kd.get_error = get_error; + kd.free_error = free_error; return _kafs_realm_of_cell(&kd, cell, realm); } diff --git a/crypto/heimdal/lib/kafs/afslib.c b/crypto/heimdal/lib/kafs/afslib.c index 4845b7f36b7..f2ef8481ed8 100644 --- a/crypto/heimdal/lib/kafs/afslib.c +++ b/crypto/heimdal/lib/kafs/afslib.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,12 @@ * SUCH DAMAGE. */ -/* - * This file is only used with AIX +/* + * This file is only used with AIX */ #include "kafs_locl.h" -RCSID("$Id: afslib.c 7463 1999-12-02 16:58:55Z joda $"); - int aix_pioctl(char *a_path, int o_opcode, diff --git a/crypto/heimdal/lib/kafs/afssys.c b/crypto/heimdal/lib/kafs/afssys.c index d9c6b8066aa..740df045058 100644 --- a/crypto/heimdal/lib/kafs/afssys.c +++ b/crypto/heimdal/lib/kafs/afssys.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2000, 2002, 2004, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000, 2002, 2004, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -33,8 +33,6 @@ #include "kafs_locl.h" -RCSID("$Id: afssys.c 17050 2006-04-11 08:12:29Z lha $"); - struct procdata { unsigned long param4; unsigned long param3; @@ -54,8 +52,10 @@ struct devdata { unsigned long param6; unsigned long retval; }; +#ifdef _IOWR #define VIOC_SYSCALL_DEV _IOWR('C', 2, struct devdata) #define VIOC_SYSCALL_DEV_OPENAFS _IOWR('C', 1, struct devdata) +#endif int _kafs_debug; /* this should be done in a better way */ @@ -103,7 +103,7 @@ try_aix(void) strlcpy(path, p, sizeof(path)); else snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); - + ptr = dlopen(path, RTLD_NOW); if(ptr == NULL) { if(_kafs_debug) { @@ -115,7 +115,7 @@ try_aix(void) return 1; } Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); - Pioctl = (int (*)(char*, int, + Pioctl = (int (*)(char*, int, struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl"); #endif afs_entry_point = AIX_ENTRY_POINTS; @@ -123,9 +123,9 @@ try_aix(void) } #endif /* _AIX */ -/* +/* * This probably only works under Solaris and could get confused if - * there's a /etc/name_to_sysnum file. + * there's a /etc/name_to_sysnum file. */ #if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) @@ -163,7 +163,7 @@ map_syscall_name_to_number (const char *str, int *res) } #endif -static int +static int try_ioctlpath(const char *path, unsigned long ioctlnum, int entrypoint) { int fd, ret, saved_errno; @@ -189,13 +189,13 @@ try_ioctlpath(const char *path, unsigned long ioctlnum, int entrypoint) } saved_errno = errno; close(fd); - /* + /* * Be quite liberal in what error are ok, the first is the one * that should trigger given that params is NULL. */ - if (ret && + if (ret && (saved_errno != EFAULT && - saved_errno != EDOM && + saved_errno != EDOM && saved_errno != ENOTCONN)) return 1; afs_ioctlnum = ioctlnum; @@ -253,23 +253,23 @@ k_pioctl(char *a_path, case MACOS_DEV_POINT: { struct devdata data = { AFSCALL_PIOCTL, 0, 0, 0, 0, 0, 0, 0 }; int ret; - + data.param1 = (unsigned long)a_path; data.param2 = (unsigned long)o_opcode; data.param3 = (unsigned long)a_paramsP; data.param4 = (unsigned long)a_followSymlinks; - + ret = do_ioctl(&data); if (ret) return ret; - + return data.retval; } #ifdef _AIX case AIX_ENTRY_POINTS: return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); #endif - } + } errno = ENOSYS; #ifdef SIGSYS kill(getpid(), SIGSYS); /* You lose! */ @@ -328,7 +328,7 @@ k_setpag(void) return Setpag(); #endif } - + errno = ENOSYS; #ifdef SIGSYS kill(getpid(), SIGSYS); /* You lose! */ @@ -413,7 +413,7 @@ k_hasafs(void) if (!issuid()) env = getenv ("AFS_SYSCALL"); - + /* * Already checked presence of AFS syscalls? */ @@ -426,7 +426,7 @@ k_hasafs(void) * If the syscall is absent we recive a SIGSYS. */ afs_entry_point = NO_ENTRY_POINT; - + saved_errno = errno; #ifndef NO_AFS #ifdef SIGSYS @@ -439,10 +439,14 @@ k_hasafs(void) goto done; } if (strncmp("/dev/", env, 5) == 0) { +#ifdef VIOC_SYSCALL_DEV if (try_ioctlpath(env, VIOC_SYSCALL_DEV, MACOS_DEV_POINT) == 0) goto done; +#endif +#ifdef VIOC_SYSCALL_DEV_OPENAFS if (try_ioctlpath(env,VIOC_SYSCALL_DEV_OPENAFS,MACOS_DEV_POINT) ==0) goto done; +#endif } } @@ -450,18 +454,22 @@ k_hasafs(void) VIOC_SYSCALL_PROC, LINUX_PROC_POINT); if (ret == 0) goto done; - ret = try_ioctlpath("/proc/fs/nnpfs/afs_ioctl", + ret = try_ioctlpath("/proc/fs/nnpfs/afs_ioctl", VIOC_SYSCALL_PROC, LINUX_PROC_POINT); if (ret == 0) goto done; - ret = try_ioctlpath("/dev/openafs_ioctl", +#ifdef VIOC_SYSCALL_DEV_OPENAFS + ret = try_ioctlpath("/dev/openafs_ioctl", VIOC_SYSCALL_DEV_OPENAFS, MACOS_DEV_POINT); if (ret == 0) goto done; +#endif +#ifdef VIOC_SYSCALL_DEV ret = try_ioctlpath("/dev/nnpfs_ioctl", VIOC_SYSCALL_DEV, MACOS_DEV_POINT); if (ret == 0) goto done; +#endif #if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) { diff --git a/crypto/heimdal/lib/kafs/afssysdefs.h b/crypto/heimdal/lib/kafs/afssysdefs.h index dd52a214bee..9143bbdf7ee 100644 --- a/crypto/heimdal/lib/kafs/afssysdefs.h +++ b/crypto/heimdal/lib/kafs/afssysdefs.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: afssysdefs.h 14102 2004-08-09 13:41:32Z lha $ */ +/* $Id$ */ /* * This section is for machines using single entry point AFS syscalls! diff --git a/crypto/heimdal/lib/kafs/common.c b/crypto/heimdal/lib/kafs/common.c index 3466d950d74..a14eea8dd2d 100644 --- a/crypto/heimdal/lib/kafs/common.c +++ b/crypto/heimdal/lib/kafs/common.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kafs_locl.h" -RCSID("$Id: common.c 15461 2005-06-16 22:52:33Z lha $"); - #define AUTH_SUPERUSER "afs" /* @@ -75,7 +73,7 @@ kafs_settoken_rxkad(const char *cell, struct ClearToken *ct, struct ViceIoctl parms; char buf[2048], *t; int32_t sizeof_x; - + t = buf; /* * length of secret token followed by secret token @@ -141,47 +139,18 @@ _kafs_fixup_viceid(struct ClearToken *ct, uid_t uid) } } - -int -_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt) -{ - kt->ticket = NULL; - - if (c->ticket_st.length > MAX_KTXT_LEN) - return EINVAL; - - kt->ticket = malloc(c->ticket_st.length); - if (kt->ticket == NULL) - return ENOMEM; - kt->ticket_len = c->ticket_st.length; - memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len); - - /* - * Build a struct ClearToken - */ - kt->ct.AuthHandle = c->kvno; - memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session)); - kt->ct.ViceId = uid; - kt->ct.BeginTimestamp = c->issue_date; - kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime); - - _kafs_fixup_viceid(&kt->ct, uid); - - return 0; -} - /* Try to get a db-server for an AFS cell from a AFSDB record */ static int dns_find_cell(const char *cell, char *dbserver, size_t len) { - struct dns_reply *r; + struct rk_dns_reply *r; int ok = -1; - r = dns_lookup(cell, "afsdb"); + r = rk_dns_lookup(cell, "afsdb"); if(r){ - struct resource_record *rr = r->head; + struct rk_resource_record *rr = r->head; while(rr){ - if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ + if(rr->type == rk_ns_t_afsdb && rr->u.afsdb->preference == 1){ strlcpy(dbserver, rr->u.afsdb->domain, len); @@ -190,7 +159,7 @@ dns_find_cell(const char *cell, char *dbserver, size_t len) } rr = rr->next; } - dns_free_data(r); + rk_dns_free_data(r); } return ok; } @@ -282,7 +251,7 @@ _kafs_afslog_all_local_cells(struct kafs_data *data, find_cells(_PATH_ARLA_DEBIAN_THISCELL, &cells, &idx); find_cells(_PATH_ARLA_OPENBSD_THESECELLS, &cells, &idx); find_cells(_PATH_ARLA_OPENBSD_THISCELL, &cells, &idx); - + ret = afslog_cells(data, cells, idx, uid, homedir); while(idx > 0) free(cells[--idx]); @@ -292,7 +261,7 @@ _kafs_afslog_all_local_cells(struct kafs_data *data, static int -file_find_cell(struct kafs_data *data, +file_find_cell(struct kafs_data *data, const char *cell, char **realm, int exact) { FILE *F; @@ -378,11 +347,14 @@ _kafs_try_get_cred(struct kafs_data *data, const char *user, const char *cell, ret = (*data->get_cred)(data, user, cell, realm, uid, kt); if (kafs_verbose) { + const char *estr = (*data->get_error)(data, ret); char *str; - asprintf(&str, "%s tried afs%s%s@%s -> %d", - data->name, cell[0] == '\0' ? "" : "/", - cell, realm, ret); + asprintf(&str, "%s tried afs%s%s@%s -> %s (%d)", + data->name, cell ? "/" : "", + cell ? cell : "", realm, estr ? estr : "unknown", ret); (*kafs_verbose)(kafs_verbose_ctx, str); + if (estr) + (*data->free_error)(data, estr); free(str); } @@ -392,7 +364,7 @@ _kafs_try_get_cred(struct kafs_data *data, const char *user, const char *cell, int _kafs_get_cred(struct kafs_data *data, - const char *cell, + const char *cell, const char *realm_hint, const char *realm, uid_t uid, @@ -419,44 +391,43 @@ _kafs_get_cred(struct kafs_data *data, * really a long shot. * */ - + /* comments on the ordering of these tests */ /* If the user passes a realm, she probably knows something we don't * know and we should try afs@realm_hint. */ - + if (realm_hint) { ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, cell, realm_hint, uid, kt); if (ret == 0) return 0; ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, - "", realm_hint, uid, kt); + NULL, realm_hint, uid, kt); if (ret == 0) return 0; } _kafs_foldup(CELL, cell); + /* + * If the AFS servers have a file /usr/afs/etc/krb.conf containing + * REALM we still don't have to resort to cross-cell authentication. + * Try afs.cell@REALM. + */ + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, realm, uid, kt); + if (ret == 0) return 0; + /* * If cell == realm we don't need no cross-cell authentication. * Try afs@REALM. */ if (strcmp(CELL, realm) == 0) { ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, - "", realm, uid, kt); + NULL, realm, uid, kt); if (ret == 0) return 0; - /* Try afs.cell@REALM below. */ } - /* - * If the AFS servers have a file /usr/afs/etc/krb.conf containing - * REALM we still don't have to resort to cross-cell authentication. - * Try afs.cell@REALM. - */ - ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, - cell, realm, uid, kt); - if (ret == 0) return 0; - /* * We failed to get ``first class tickets'' for afs, * fall back to cross-cell authentication. @@ -464,9 +435,9 @@ _kafs_get_cred(struct kafs_data *data, * Try afs.cell@CELL. */ ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, - "", CELL, uid, kt); + NULL, CELL, uid, kt); if (ret == 0) return 0; - ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, cell, CELL, uid, kt); if (ret == 0) return 0; @@ -483,7 +454,7 @@ _kafs_get_cred(struct kafs_data *data, cell, vl_realm, uid, kt); if (ret) ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, - "", vl_realm, uid, kt); + NULL, vl_realm, uid, kt); free(vl_realm); if (ret == 0) return 0; } diff --git a/crypto/heimdal/lib/kafs/dlfcn.c b/crypto/heimdal/lib/kafs/dlfcn.c deleted file mode 100644 index 728cf5cdd76..00000000000 --- a/crypto/heimdal/lib/kafs/dlfcn.c +++ /dev/null @@ -1,581 +0,0 @@ -/* - * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51 - * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH - * 30159 Hannover, Germany - */ - -/* - * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton - * to support g++ and/or use with Octave. - */ - -/* - * This makes my life easier with Octave. --jwe - */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include "dlfcn.h" - -/* - * We simulate dlopen() et al. through a call to load. Because AIX has - * no call to find an exported symbol we read the loader section of the - * loaded module and build a list of exported symbols and their virtual - * address. - */ - -typedef struct { - char *name; /* the symbols's name */ - void *addr; /* its relocated virtual address */ -} Export, *ExportPtr; - -/* - * xlC uses the following structure to list its constructors and - * destructors. This is gleaned from the output of munch. - */ -typedef struct { - void (*init)(void); /* call static constructors */ - void (*term)(void); /* call static destructors */ -} Cdtor, *CdtorPtr; - -typedef void (*GccCDtorPtr)(void); - -/* - * The void * handle returned from dlopen is actually a ModulePtr. - */ -typedef struct Module { - struct Module *next; - char *name; /* module name for refcounting */ - int refCnt; /* the number of references */ - void *entry; /* entry point from load */ - struct dl_info *info; /* optional init/terminate functions */ - CdtorPtr cdtors; /* optional C++ constructors */ - GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */ - GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */ - int nExports; /* the number of exports found */ - ExportPtr exports; /* the array of exports */ -} Module, *ModulePtr; - -/* - * We keep a list of all loaded modules to be able to call the fini - * handlers and destructors at atexit() time. - */ -static ModulePtr modList; - -/* - * The last error from one of the dl* routines is kept in static - * variables here. Each error is returned only once to the caller. - */ -static char errbuf[BUFSIZ]; -static int errvalid; - -/* - * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for - * strdup(). --jwe - */ -#ifndef HAVE_STRDUP -extern char *strdup(const char *); -#endif -static void caterr(char *); -static int readExports(ModulePtr); -static void terminate(void); -static void *findMain(void); - -void *dlopen(const char *path, int mode) -{ - ModulePtr mp; - static void *mainModule; - - /* - * Upon the first call register a terminate handler that will - * close all libraries. Also get a reference to the main module - * for use with loadbind. - */ - if (!mainModule) { - if ((mainModule = findMain()) == NULL) - return NULL; - atexit(terminate); - } - /* - * Scan the list of modules if we have the module already loaded. - */ - for (mp = modList; mp; mp = mp->next) - if (strcmp(mp->name, path) == 0) { - mp->refCnt++; - return mp; - } - if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno)); - return NULL; - } - if ((mp->name = strdup(path)) == NULL) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno)); - free(mp); - return NULL; - } - /* - * load should be declared load(const char *...). Thus we - * cast the path to a normal char *. Ugly. - */ - if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) { - free(mp->name); - free(mp); - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "dlopen: %s: ", path); - /* - * If AIX says the file is not executable, the error - * can be further described by querying the loader about - * the last error. - */ - if (errno == ENOEXEC) { - char *tmp[BUFSIZ/sizeof(char *)]; - if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1) - strlcpy(errbuf, - strerror(errno), - sizeof(errbuf)); - else { - char **p; - for (p = tmp; *p; p++) - caterr(*p); - } - } else - strlcat(errbuf, - strerror(errno), - sizeof(errbuf)); - return NULL; - } - mp->refCnt = 1; - mp->next = modList; - modList = mp; - if (loadbind(0, mainModule, mp->entry) == -1) { - dlclose(mp); - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "loadbind: %s", strerror(errno)); - return NULL; - } - /* - * If the user wants global binding, loadbind against all other - * loaded modules. - */ - if (mode & RTLD_GLOBAL) { - ModulePtr mp1; - for (mp1 = mp->next; mp1; mp1 = mp1->next) - if (loadbind(0, mp1->entry, mp->entry) == -1) { - dlclose(mp); - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "loadbind: %s", - strerror(errno)); - return NULL; - } - } - if (readExports(mp) == -1) { - dlclose(mp); - return NULL; - } - /* - * If there is a dl_info structure, call the init function. - */ - if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) { - if (mp->info->init) - (*mp->info->init)(); - } else - errvalid = 0; - /* - * If the shared object was compiled using xlC we will need - * to call static constructors (and later on dlclose destructors). - */ - if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) { - CdtorPtr cp = mp->cdtors; - while (cp->init || cp->term) { - if (cp->init && cp->init != (void (*)(void))0xffffffff) - (*cp->init)(); - cp++; - } - /* - * If the shared object was compiled using g++, we will need - * to call global constructors using the _GLOBAL__DI function, - * and later, global destructors using the _GLOBAL_DD - * funciton. --jwe - */ - } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) { - (*mp->gcc_ctor)(); - mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); - } else - errvalid = 0; - return mp; -} - -/* - * Attempt to decipher an AIX loader error message and append it - * to our static error message buffer. - */ -static void caterr(char *s) -{ - char *p = s; - - while (*p >= '0' && *p <= '9') - p++; - switch(atoi(s)) { - case L_ERROR_TOOMANY: - strlcat(errbuf, "to many errors", sizeof(errbuf)); - break; - case L_ERROR_NOLIB: - strlcat(errbuf, "can't load library", sizeof(errbuf)); - strlcat(errbuf, p, sizeof(errbuf)); - break; - case L_ERROR_UNDEF: - strlcat(errbuf, "can't find symbol", sizeof(errbuf)); - strlcat(errbuf, p, sizeof(errbuf)); - break; - case L_ERROR_RLDBAD: - strlcat(errbuf, "bad RLD", sizeof(errbuf)); - strlcat(errbuf, p, sizeof(errbuf)); - break; - case L_ERROR_FORMAT: - strlcat(errbuf, "bad exec format in", sizeof(errbuf)); - strlcat(errbuf, p, sizeof(errbuf)); - break; - case L_ERROR_ERRNO: - strlcat(errbuf, strerror(atoi(++p)), sizeof(errbuf)); - break; - default: - strlcat(errbuf, s, sizeof(errbuf)); - break; - } -} - -void *dlsym(void *handle, const char *symbol) -{ - ModulePtr mp = (ModulePtr)handle; - ExportPtr ep; - int i; - - /* - * Could speed up the search, but I assume that one assigns - * the result to function pointers anyways. - */ - for (ep = mp->exports, i = mp->nExports; i; i--, ep++) - if (strcmp(ep->name, symbol) == 0) - return ep->addr; - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "dlsym: undefined symbol %s", symbol); - return NULL; -} - -char *dlerror(void) -{ - if (errvalid) { - errvalid = 0; - return errbuf; - } - return NULL; -} - -int dlclose(void *handle) -{ - ModulePtr mp = (ModulePtr)handle; - int result; - ModulePtr mp1; - - if (--mp->refCnt > 0) - return 0; - if (mp->info && mp->info->fini) - (*mp->info->fini)(); - if (mp->cdtors) { - CdtorPtr cp = mp->cdtors; - while (cp->init || cp->term) { - if (cp->term && cp->init != (void (*)(void))0xffffffff) - (*cp->term)(); - cp++; - } - /* - * If the function to handle global destructors for g++ - * exists, call it. --jwe - */ - } else if (mp->gcc_dtor) { - (*mp->gcc_dtor)(); - } - result = unload(mp->entry); - if (result == -1) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "%s", strerror(errno)); - } - if (mp->exports) { - ExportPtr ep; - int i; - for (ep = mp->exports, i = mp->nExports; i; i--, ep++) - if (ep->name) - free(ep->name); - free(mp->exports); - } - if (mp == modList) - modList = mp->next; - else { - for (mp1 = modList; mp1; mp1 = mp1->next) - if (mp1->next == mp) { - mp1->next = mp->next; - break; - } - } - free(mp->name); - free(mp); - return result; -} - -static void terminate(void) -{ - while (modList) - dlclose(modList); -} - -/* - * Build the export table from the XCOFF .loader section. - */ -static int readExports(ModulePtr mp) -{ - LDFILE *ldp = NULL; - SCNHDR sh, shdata; - LDHDR *lhp; - char *ldbuf; - LDSYM *ls; - int i; - ExportPtr ep; - - if ((ldp = ldopen(mp->name, ldp)) == NULL) { - struct ld_info *lp; - char *buf; - int size = 4*1024; - if (errno != ENOENT) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: %s", - strerror(errno)); - return -1; - } - /* - * The module might be loaded due to the LIBPATH - * environment variable. Search for the loaded - * module using L_GETINFO. - */ - if ((buf = malloc(size)) == NULL) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: %s", - strerror(errno)); - return -1; - } - while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { - free(buf); - size += 4*1024; - if ((buf = malloc(size)) == NULL) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: %s", - strerror(errno)); - return -1; - } - } - if (i == -1) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: %s", - strerror(errno)); - free(buf); - return -1; - } - /* - * Traverse the list of loaded modules. The entry point - * returned by load() does actually point to the data - * segment origin. - */ - lp = (struct ld_info *)buf; - while (lp) { - if (lp->ldinfo_dataorg == mp->entry) { - ldp = ldopen(lp->ldinfo_filename, ldp); - break; - } - if (lp->ldinfo_next == 0) - lp = NULL; - else - lp = (struct ld_info *)((char *)lp + lp->ldinfo_next); - } - free(buf); - if (!ldp) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "readExports: %s", strerror(errno)); - return -1; - } - } - if (TYPE(ldp) != U802TOCMAGIC) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), "readExports: bad magic"); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - /* - * Get the padding for the data section. This is needed for - * AIX 4.1 compilers. This is used when building the final - * function pointer to the exported symbol. - */ - if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: cannot read data section header"); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: cannot read loader section header"); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - /* - * We read the complete loader section in one chunk, this makes - * finding long symbol names residing in the string table easier. - */ - if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "readExports: %s", strerror(errno)); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: cannot seek to loader section"); - free(ldbuf); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) { - errvalid++; - snprintf(errbuf, sizeof(errbuf), - "readExports: cannot read loader section"); - free(ldbuf); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - lhp = (LDHDR *)ldbuf; - ls = (LDSYM *)(ldbuf+LDHDRSZ); - /* - * Count the number of exports to include in our export table. - */ - for (i = lhp->l_nsyms; i; i--, ls++) { - if (!LDR_EXPORT(*ls)) - continue; - mp->nExports++; - } - if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "readExports: %s", strerror(errno)); - free(ldbuf); - while(ldclose(ldp) == FAILURE) - ; - return -1; - } - /* - * Fill in the export table. All entries are relative to - * the entry point we got from load. - */ - ep = mp->exports; - ls = (LDSYM *)(ldbuf+LDHDRSZ); - for (i = lhp->l_nsyms; i; i--, ls++) { - char *symname; - char tmpsym[SYMNMLEN+1]; - if (!LDR_EXPORT(*ls)) - continue; - if (ls->l_zeroes == 0) - symname = ls->l_offset+lhp->l_stoff+ldbuf; - else { - /* - * The l_name member is not zero terminated, we - * must copy the first SYMNMLEN chars and make - * sure we have a zero byte at the end. - */ - strlcpy (tmpsym, ls->l_name, - SYMNMLEN + 1); - symname = tmpsym; - } - ep->name = strdup(symname); - ep->addr = (void *)((unsigned long)mp->entry + - ls->l_value - shdata.s_vaddr); - ep++; - } - free(ldbuf); - while(ldclose(ldp) == FAILURE) - ; - return 0; -} - -/* - * Find the main modules entry point. This is used as export pointer - * for loadbind() to be able to resolve references to the main part. - */ -static void * findMain(void) -{ - struct ld_info *lp; - char *buf; - int size = 4*1024; - int i; - void *ret; - - if ((buf = malloc(size)) == NULL) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "findMail: %s", strerror(errno)); - return NULL; - } - while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { - free(buf); - size += 4*1024; - if ((buf = malloc(size)) == NULL) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "findMail: %s", strerror(errno)); - return NULL; - } - } - if (i == -1) { - errvalid++; - snprintf (errbuf, sizeof(errbuf), - "findMail: %s", strerror(errno)); - free(buf); - return NULL; - } - /* - * The first entry is the main module. The entry point - * returned by load() does actually point to the data - * segment origin. - */ - lp = (struct ld_info *)buf; - ret = lp->ldinfo_dataorg; - free(buf); - return ret; -} diff --git a/crypto/heimdal/lib/kafs/dlfcn.h b/crypto/heimdal/lib/kafs/dlfcn.h deleted file mode 100644 index b8dfd985a53..00000000000 --- a/crypto/heimdal/lib/kafs/dlfcn.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * @(#)dlfcn.h 1.4 revision of 95/04/25 09:36:52 - * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH - * 30159 Hannover, Germany - */ - -#ifndef __dlfcn_h__ -#define __dlfcn_h__ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Mode flags for the dlopen routine. - */ -#define RTLD_LAZY 1 /* lazy function call binding */ -#define RTLD_NOW 2 /* immediate function call binding */ -#define RTLD_GLOBAL 0x100 /* allow symbols to be global */ - -/* - * To be able to initialize, a library may provide a dl_info structure - * that contains functions to be called to initialize and terminate. - */ -struct dl_info { - void (*init)(void); - void (*fini)(void); -}; - -#if __STDC__ || defined(_IBMR2) -void *dlopen(const char *path, int mode); -void *dlsym(void *handle, const char *symbol); -char *dlerror(void); -int dlclose(void *handle); -#else -void *dlopen(); -void *dlsym(); -char *dlerror(); -int dlclose(); -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* __dlfcn_h__ */ diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3 index cd5b1fd5a07..d44e35e8c98 100644 --- a/crypto/heimdal/lib/kafs/kafs.3 +++ b/crypto/heimdal/lib/kafs/kafs.3 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1998 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1998 - 2006 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kafs.3 17380 2006-05-01 07:01:18Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd May 1, 2006 .Os HEIMDAL @@ -161,7 +161,7 @@ and .Pp .Fn krb5_afslog , .Fn kafs_settoken5 -can be configured to behave differently via a +can be configured to behave differently via a .Nm krb5_appdefault option .Li afs-use-524 @@ -279,6 +279,18 @@ usually (depending on the operating system) receive a SIGSYS signal. .%T File Server/Cache Manager Interface .%D 1991 .Re +.Sh FILES +libkafs will search for +.Pa ThisCell and +.Pa TheseCells +in the following locations: +.Pa /usr/vice/etc , +.Pa /etc/openafs , +.Pa /var/db/openafs/etc , +.Pa /usr/arla/etc , +.Pa /etc/arla , +and +.Pa /etc/afs .Sh BUGS .Ev AFS_SYSCALL has no effect under AIX. diff --git a/crypto/heimdal/lib/kafs/kafs.h b/crypto/heimdal/lib/kafs/kafs.h index d478039693e..dd20cab5204 100644 --- a/crypto/heimdal/lib/kafs/kafs.h +++ b/crypto/heimdal/lib/kafs/kafs.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kafs.h 20652 2007-05-10 19:30:18Z lha $ */ +/* $Id$ */ #ifndef __KAFS_H #define __KAFS_H @@ -82,15 +82,15 @@ #define VIOC_AFS_SYSNAME _VICEIOCTL(38) #define VIOC_EXPORTAFS _VICEIOCTL(39) #define VIOCGETCACHEPARAMS _VICEIOCTL(40) -#define VIOC_GCPAGS _VICEIOCTL(48) +#define VIOC_GCPAGS _VICEIOCTL(48) #define VIOCGETTOK2 _AFSCIOCTL(7) #define VIOCSETTOK2 _AFSCIOCTL(8) struct ViceIoctl { caddr_t in, out; - short in_size; - short out_size; + unsigned short in_size; + unsigned short out_size; }; struct ClearToken { @@ -157,7 +157,7 @@ krb5_error_code krb5_afslog_uid (krb5_context context, krb5_const_realm realm, uid_t uid); krb5_error_code krb5_afslog (krb5_context context, - krb5_ccache id, + krb5_ccache id, const char *cell, krb5_const_realm realm); krb5_error_code krb5_afslog_uid_home (krb5_context context, diff --git a/crypto/heimdal/lib/kafs/kafs_locl.h b/crypto/heimdal/lib/kafs/kafs_locl.h index a564104a294..ea670f31388 100644 --- a/crypto/heimdal/lib/kafs/kafs_locl.h +++ b/crypto/heimdal/lib/kafs/kafs_locl.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kafs_locl.h 16116 2005-10-02 03:14:47Z lha $ */ +/* $Id$ */ #ifndef __KAFS_LOCL_H__ #define __KAFS_LOCL_H__ @@ -94,15 +94,11 @@ #ifdef KRB5 #include #endif -#ifdef KRB4 -#include -#else #ifdef KRB5 #include "crypto-headers.h" #include typedef struct credentials CREDENTIALS; #endif /* KRB5 */ -#endif /* KRB4 */ #include #include @@ -117,7 +113,7 @@ typedef int (*afslog_uid_func_t)(struct kafs_data *, uid_t, const char *); -typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, +typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, const char*, uid_t, struct kafs_token *); typedef char* (*get_realm_func_t)(struct kafs_data*, const char*); @@ -127,6 +123,8 @@ struct kafs_data { afslog_uid_func_t afslog_uid; get_cred_func_t get_cred; get_realm_func_t get_realm; + const char *(*get_error)(struct kafs_data *, int); + void (*free_error)(struct kafs_data *, const char *); void *data; }; @@ -140,7 +138,7 @@ void _kafs_foldup(char *, const char *); int _kafs_afslog_all_local_cells(struct kafs_data*, uid_t, const char*); -int _kafs_get_cred(struct kafs_data*, const char*, const char*, const char *, +int _kafs_get_cred(struct kafs_data*, const char*, const char*, const char *, uid_t, struct kafs_token *); int diff --git a/crypto/heimdal/lib/kafs/roken_rename.h b/crypto/heimdal/lib/kafs/roken_rename.h index 6eb61fa3189..26da2656777 100644 --- a/crypto/heimdal/lib/kafs/roken_rename.h +++ b/crypto/heimdal/lib/kafs/roken_rename.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: roken_rename.h 15341 2005-06-02 07:35:45Z lha $ */ +/* $Id$ */ #ifndef __roken_rename_h__ #define __roken_rename_h__ @@ -52,13 +52,13 @@ #define rk_dns_parse_reply _kafs_dns_parse_reply #ifndef HAVE_STRTOK_R -#define strtok_r _kafs_strtok_r +#define rk_strtok_r _kafs_strtok_r #endif #ifndef HAVE_STRLCPY -#define strlcpy _kafs_strlcpy +#define rk_strlcpy _kafs_strlcpy #endif #ifndef HAVE_STRSEP -#define strsep _kafs_strsep +#define rk_strsep _kafs_strsep #endif #endif /* __roken_rename_h__ */ diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index ced9616e162..9429535eb96 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,25 +1,29 @@ -# $Id: Makefile.am 22501 2008-01-21 15:43:21Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err +AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err $(INCLUDE_sqlite3) $(INCLUDE_libintl) bin_PROGRAMS = verify_krb5_conf noinst_PROGRAMS = \ krbhst-test \ + test_gic \ test_alname \ test_crypto \ + test_rfc3961 \ test_get_addrs \ test_kuserok \ test_renew \ test_forward +noinst_LTLIBRARIES = \ + librfc3961.la + TESTS = \ aes-test \ derived-key-test \ n-fold-test \ - name-45-test \ parse-name-test \ store-test \ string-to-key-test \ @@ -27,6 +31,7 @@ TESTS = \ test_addr \ test_cc \ test_config \ + test_fx \ test_prf \ test_store \ test_crypto_wrapping \ @@ -36,25 +41,54 @@ TESTS = \ test_plugin \ test_princ \ test_pkinit_dh2key \ - test_time + test_pknistkdf \ + test_time \ + test_x500 -check_PROGRAMS = $(TESTS) test_hostname +check_DATA = test_config_strings.out + +check_PROGRAMS = $(TESTS) test_hostname test_ap-req LDADD = libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la \ $(LIB_roken) if PKINIT LIB_pkinit = ../hx509/libhx509.la endif +if have_scc +use_sqlite = $(LIB_sqlite3) +endif + libkrb5_la_LIBADD = \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ipc/libheim-ipcc.la \ + $(top_builddir)/lib/wind/libwind.la \ + $(top_builddir)/base/libheimbase.la \ $(LIB_pkinit) \ + $(use_sqlite) \ $(LIB_com_err) \ $(LIB_hcrypto) \ - $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_libintl) \ $(LIBADD_roken) \ + $(PTHREAD_LIBADD) \ + $(LIB_door_create) \ + $(LIB_dlopen) + +librfc3961_la_LIBADD = \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ipc/libheim-ipcc.la \ + $(top_builddir)/lib/wind/libwind.la \ + $(LIB_pkinit) \ + $(use_sqlite) \ + $(LIB_com_err) \ + $(LIB_hcrypto) \ + $(LIB_libintl) \ + $(LIBADD_roken) \ + $(PTHREAD_LIBADD) \ $(LIB_door_create) \ $(LIB_dlopen) @@ -62,7 +96,15 @@ lib_LTLIBRARIES = libkrb5.la ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c -libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS) +libkrb5_la_CPPFLAGS = \ + -DBUILD_KRB5_LIB \ + $(AM_CPPFLAGS) \ + -DHEIMDAL_LOCALEDIR='"$(localedir)"' + +librfc3961_la_CPPFLAGS = \ + -DBUILD_KRB5_LIB \ + $(AM_CPPFLAGS) \ + -DHEIMDAL_LOCALEDIR='"$(localedir)"' dist_libkrb5_la_SOURCES = \ acache.c \ @@ -79,7 +121,6 @@ dist_libkrb5_la_SOURCES = \ changepw.c \ codec.c \ config_file.c \ - config_file_netinfo.c \ convert_creds.c \ constants.c \ context.c \ @@ -87,12 +128,25 @@ dist_libkrb5_la_SOURCES = \ crc.c \ creds.c \ crypto.c \ + crypto.h \ + crypto-aes.c \ + crypto-algs.c \ + crypto-arcfour.c \ + crypto-des.c \ + crypto-des-common.c \ + crypto-des3.c \ + crypto-evp.c \ + crypto-null.c \ + crypto-pk.c \ + crypto-rand.c \ doxygen.c \ data.c \ + deprecated.c \ digest.c \ eai_to_heim_errno.c \ error_string.c \ expand_hostname.c \ + expand_path.c \ fcache.c \ free.c \ free_host_realm.c \ @@ -105,11 +159,7 @@ dist_libkrb5_la_SOURCES = \ get_for_creds.c \ get_host_realm.c \ get_in_tkt.c \ - get_in_tkt_pw.c \ - get_in_tkt_with_keytab.c \ - get_in_tkt_with_skey.c \ get_port.c \ - heim_threads.h \ init_creds.c \ init_creds_pw.c \ kcm.c \ @@ -119,7 +169,6 @@ dist_libkrb5_la_SOURCES = \ keytab_any.c \ keytab_file.c \ keytab_keyfile.c \ - keytab_krb4.c \ keytab_memory.c \ krb5_locl.h \ krb5-v4compat.h \ @@ -140,6 +189,7 @@ dist_libkrb5_la_SOURCES = \ n-fold.c \ pac.c \ padata.c \ + pcache.c \ pkinit.c \ principal.c \ prog_setup.c \ @@ -153,11 +203,18 @@ dist_libkrb5_la_SOURCES = \ read_message.c \ recvauth.c \ replay.c \ + salt.c \ + salt-aes.c \ + salt-arcfour.c \ + salt-des.c \ + salt-des3.c \ + scache.c \ send_to_kdc.c \ sendauth.c \ set_default_realm.c \ sock_principal.c \ store.c \ + store-int.c \ store-int.h \ store_emem.c \ store_fd.c \ @@ -166,7 +223,6 @@ dist_libkrb5_la_SOURCES = \ ticket.c \ time.c \ transited.c \ - v4_glue.c \ verify_init.c \ verify_user.c \ version.c \ @@ -176,45 +232,73 @@ dist_libkrb5_la_SOURCES = \ nodist_libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 24:0:0 +libkrb5_la_DEPENDENCIES = \ + version-script.map + +libkrb5_la_LDFLAGS = -version-info 26:0:0 if versionscript libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map endif -$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h +$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS) $(librfc3961_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h krb5_err.h heim_err.h k524_err.h krb5_err.h krb_err.h k524_err.h + +librfc3961_la_SOURCES = \ + crc.c \ + crypto.c \ + crypto.h \ + crypto-aes.c \ + crypto-algs.c \ + crypto-arcfour.c \ + crypto-des.c \ + crypto-des-common.c \ + crypto-des3.c \ + crypto-evp.c \ + crypto-null.c \ + crypto-pk.c \ + crypto-rand.c \ + crypto-stubs.c \ + data.c \ + error_string.c \ + keyblock.c \ + n-fold.c \ + salt.c \ + salt-aes.c \ + salt-arcfour.c \ + salt-des.c \ + salt-des3.c \ + store-int.c \ + warn.c + +test_rfc3961_LDADD = \ + librfc3961.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la \ + $(LIB_hcrypto) \ + $(LIB_roken) $(srcdir)/krb5-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h $(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h man_MANS = \ kerberos.8 \ - krb5.3 \ krb5.conf.5 \ krb524_convert_creds_kdc.3 \ krb5_425_conv_principal.3 \ krb5_acl_match_file.3 \ - krb5_address.3 \ krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_c_make_checksum.3 \ - krb5_ccache.3 \ krb5_check_transited.3 \ - krb5_compare_creds.3 \ - krb5_config.3 \ - krb5_context.3 \ krb5_create_checksum.3 \ krb5_creds.3 \ - krb5_crypto_init.3 \ - krb5_data.3 \ krb5_digest.3 \ krb5_eai_to_heim_errno.3 \ krb5_encrypt.3 \ - krb5_expand_hostname.3 \ krb5_find_padata.3 \ krb5_generate_random_block.3 \ krb5_get_all_client_addrs.3 \ @@ -227,10 +311,7 @@ man_MANS = \ krb5_getportbyname.3 \ krb5_init_context.3 \ krb5_is_thread_safe.3 \ - krb5_keyblock.3 \ - krb5_keytab.3 \ krb5_krbhst_init.3 \ - krb5_kuserok.3 \ krb5_mk_req.3 \ krb5_mk_safe.3 \ krb5_openlog.3 \ @@ -241,14 +322,10 @@ man_MANS = \ krb5_rd_safe.3 \ krb5_set_default_realm.3 \ krb5_set_password.3 \ - krb5_storage.3 \ krb5_string_to_key.3 \ - krb5_ticket.3 \ krb5_timeofday.3 \ - krb5_unparse_name.3 \ krb5_verify_init_creds.3 \ krb5_verify_user.3 \ - krb5_warn.3 \ verify_krb5_conf.8 dist_include_HEADERS = \ @@ -257,18 +334,19 @@ dist_include_HEADERS = \ krb5-private.h \ krb5_ccapi.h -nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h +nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h # XXX use nobase_include_HEADERS = krb5/locate_plugin.h krb5dir = $(includedir)/krb5 -krb5_HEADERS = locate_plugin.h +krb5_HEADERS = locate_plugin.h send_to_kdc_plugin.h ccache_plugin.h build_HEADERZ = \ - heim_threads.h \ $(krb5_HEADERS) \ krb_err.h CLEANFILES = \ + test_config_strings.out \ + test-store-data \ krb5_err.c krb5_err.h \ krb_err.c krb_err.h \ heim_err.c heim_err.h \ @@ -276,13 +354,19 @@ CLEANFILES = \ $(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h +test_config_strings.out: test_config_strings.cfg + $(CP) $(srcdir)/test_config_strings.cfg test_config_strings.out + EXTRA_DIST = \ + NTMakefile \ + verify_krb5_conf-version.rc \ krb5_err.et \ krb_err.et \ heim_err.et \ k524_err.et \ $(man_MANS) \ version-script.map \ + test_config_strings.cfg \ krb5.moduli #sysconf_DATA = krb5.moduli diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 60e09251227..2473eb2cae5 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22501 2008-01-21 15:43:21Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -45,26 +47,28 @@ DIST_COMMON = $(dist_include_HEADERS) $(krb5_HEADERS) \ $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common bin_PROGRAMS = verify_krb5_conf$(EXEEXT) -noinst_PROGRAMS = krbhst-test$(EXEEXT) test_alname$(EXEEXT) \ - test_crypto$(EXEEXT) test_get_addrs$(EXEEXT) \ +noinst_PROGRAMS = krbhst-test$(EXEEXT) test_gic$(EXEEXT) \ + test_alname$(EXEEXT) test_crypto$(EXEEXT) \ + test_rfc3961$(EXEEXT) test_get_addrs$(EXEEXT) \ test_kuserok$(EXEEXT) test_renew$(EXEEXT) \ test_forward$(EXEEXT) TESTS = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \ - n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \ - parse-name-test$(EXEEXT) store-test$(EXEEXT) \ - string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \ - test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \ - test_prf$(EXEEXT) test_store$(EXEEXT) \ - test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \ - test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \ - test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \ - test_time$(EXEEXT) -check_PROGRAMS = $(am__EXEEXT_1) test_hostname$(EXEEXT) + n-fold-test$(EXEEXT) parse-name-test$(EXEEXT) \ + store-test$(EXEEXT) string-to-key-test$(EXEEXT) \ + test_acl$(EXEEXT) test_addr$(EXEEXT) test_cc$(EXEEXT) \ + test_config$(EXEEXT) test_fx$(EXEEXT) test_prf$(EXEEXT) \ + test_store$(EXEEXT) test_crypto_wrapping$(EXEEXT) \ + test_keytab$(EXEEXT) test_mem$(EXEEXT) test_pac$(EXEEXT) \ + test_plugin$(EXEEXT) test_princ$(EXEEXT) \ + test_pkinit_dh2key$(EXEEXT) test_pknistkdf$(EXEEXT) \ + test_time$(EXEEXT) test_x500$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_1) test_hostname$(EXEEXT) \ + test_ap-req$(EXEEXT) @versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map subdir = lib/krb5 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -79,7 +83,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -93,9 +97,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -103,79 +110,97 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)" \ "$(DESTDIR)$(krb5dir)" "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) -LTLIBRARIES = $(lib_LTLIBRARIES) +LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = -libkrb5_la_DEPENDENCIES = $(LIB_pkinit) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(top_builddir)/lib/asn1/libasn1.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) +@have_scc_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) dist_libkrb5_la_OBJECTS = libkrb5_la-acache.lo libkrb5_la-acl.lo \ libkrb5_la-add_et_list.lo libkrb5_la-addr_families.lo \ libkrb5_la-aname_to_localname.lo libkrb5_la-appdefault.lo \ libkrb5_la-asn1_glue.lo libkrb5_la-auth_context.lo \ libkrb5_la-build_ap_req.lo libkrb5_la-build_auth.lo \ libkrb5_la-cache.lo libkrb5_la-changepw.lo libkrb5_la-codec.lo \ - libkrb5_la-config_file.lo libkrb5_la-config_file_netinfo.lo \ - libkrb5_la-convert_creds.lo libkrb5_la-constants.lo \ - libkrb5_la-context.lo libkrb5_la-copy_host_realm.lo \ - libkrb5_la-crc.lo libkrb5_la-creds.lo libkrb5_la-crypto.lo \ - libkrb5_la-doxygen.lo libkrb5_la-data.lo libkrb5_la-digest.lo \ + libkrb5_la-config_file.lo libkrb5_la-convert_creds.lo \ + libkrb5_la-constants.lo libkrb5_la-context.lo \ + libkrb5_la-copy_host_realm.lo libkrb5_la-crc.lo \ + libkrb5_la-creds.lo libkrb5_la-crypto.lo \ + libkrb5_la-crypto-aes.lo libkrb5_la-crypto-algs.lo \ + libkrb5_la-crypto-arcfour.lo libkrb5_la-crypto-des.lo \ + libkrb5_la-crypto-des-common.lo libkrb5_la-crypto-des3.lo \ + libkrb5_la-crypto-evp.lo libkrb5_la-crypto-null.lo \ + libkrb5_la-crypto-pk.lo libkrb5_la-crypto-rand.lo \ + libkrb5_la-doxygen.lo libkrb5_la-data.lo \ + libkrb5_la-deprecated.lo libkrb5_la-digest.lo \ libkrb5_la-eai_to_heim_errno.lo libkrb5_la-error_string.lo \ - libkrb5_la-expand_hostname.lo libkrb5_la-fcache.lo \ - libkrb5_la-free.lo libkrb5_la-free_host_realm.lo \ + libkrb5_la-expand_hostname.lo libkrb5_la-expand_path.lo \ + libkrb5_la-fcache.lo libkrb5_la-free.lo \ + libkrb5_la-free_host_realm.lo \ libkrb5_la-generate_seq_number.lo \ libkrb5_la-generate_subkey.lo libkrb5_la-get_addrs.lo \ libkrb5_la-get_cred.lo libkrb5_la-get_default_principal.lo \ libkrb5_la-get_default_realm.lo libkrb5_la-get_for_creds.lo \ libkrb5_la-get_host_realm.lo libkrb5_la-get_in_tkt.lo \ - libkrb5_la-get_in_tkt_pw.lo \ - libkrb5_la-get_in_tkt_with_keytab.lo \ - libkrb5_la-get_in_tkt_with_skey.lo libkrb5_la-get_port.lo \ - libkrb5_la-init_creds.lo libkrb5_la-init_creds_pw.lo \ - libkrb5_la-kcm.lo libkrb5_la-keyblock.lo libkrb5_la-keytab.lo \ + libkrb5_la-get_port.lo libkrb5_la-init_creds.lo \ + libkrb5_la-init_creds_pw.lo libkrb5_la-kcm.lo \ + libkrb5_la-keyblock.lo libkrb5_la-keytab.lo \ libkrb5_la-keytab_any.lo libkrb5_la-keytab_file.lo \ - libkrb5_la-keytab_keyfile.lo libkrb5_la-keytab_krb4.lo \ - libkrb5_la-keytab_memory.lo libkrb5_la-krbhst.lo \ - libkrb5_la-kuserok.lo libkrb5_la-log.lo libkrb5_la-mcache.lo \ - libkrb5_la-misc.lo libkrb5_la-mk_error.lo \ + libkrb5_la-keytab_keyfile.lo libkrb5_la-keytab_memory.lo \ + libkrb5_la-krbhst.lo libkrb5_la-kuserok.lo libkrb5_la-log.lo \ + libkrb5_la-mcache.lo libkrb5_la-misc.lo libkrb5_la-mk_error.lo \ libkrb5_la-mk_priv.lo libkrb5_la-mk_rep.lo \ libkrb5_la-mk_req.lo libkrb5_la-mk_req_ext.lo \ libkrb5_la-mk_safe.lo libkrb5_la-mit_glue.lo \ libkrb5_la-net_read.lo libkrb5_la-net_write.lo \ libkrb5_la-n-fold.lo libkrb5_la-pac.lo libkrb5_la-padata.lo \ - libkrb5_la-pkinit.lo libkrb5_la-principal.lo \ - libkrb5_la-prog_setup.lo libkrb5_la-prompter_posix.lo \ - libkrb5_la-rd_cred.lo libkrb5_la-rd_error.lo \ - libkrb5_la-rd_priv.lo libkrb5_la-rd_rep.lo \ - libkrb5_la-rd_req.lo libkrb5_la-rd_safe.lo \ - libkrb5_la-read_message.lo libkrb5_la-recvauth.lo \ - libkrb5_la-replay.lo libkrb5_la-send_to_kdc.lo \ + libkrb5_la-pcache.lo libkrb5_la-pkinit.lo \ + libkrb5_la-principal.lo libkrb5_la-prog_setup.lo \ + libkrb5_la-prompter_posix.lo libkrb5_la-rd_cred.lo \ + libkrb5_la-rd_error.lo libkrb5_la-rd_priv.lo \ + libkrb5_la-rd_rep.lo libkrb5_la-rd_req.lo \ + libkrb5_la-rd_safe.lo libkrb5_la-read_message.lo \ + libkrb5_la-recvauth.lo libkrb5_la-replay.lo libkrb5_la-salt.lo \ + libkrb5_la-salt-aes.lo libkrb5_la-salt-arcfour.lo \ + libkrb5_la-salt-des.lo libkrb5_la-salt-des3.lo \ + libkrb5_la-scache.lo libkrb5_la-send_to_kdc.lo \ libkrb5_la-sendauth.lo libkrb5_la-set_default_realm.lo \ libkrb5_la-sock_principal.lo libkrb5_la-store.lo \ - libkrb5_la-store_emem.lo libkrb5_la-store_fd.lo \ - libkrb5_la-store_mem.lo libkrb5_la-plugin.lo \ - libkrb5_la-ticket.lo libkrb5_la-time.lo \ - libkrb5_la-transited.lo libkrb5_la-v4_glue.lo \ - libkrb5_la-verify_init.lo libkrb5_la-verify_user.lo \ - libkrb5_la-version.lo libkrb5_la-warn.lo \ - libkrb5_la-write_message.lo + libkrb5_la-store-int.lo libkrb5_la-store_emem.lo \ + libkrb5_la-store_fd.lo libkrb5_la-store_mem.lo \ + libkrb5_la-plugin.lo libkrb5_la-ticket.lo libkrb5_la-time.lo \ + libkrb5_la-transited.lo libkrb5_la-verify_init.lo \ + libkrb5_la-verify_user.lo libkrb5_la-version.lo \ + libkrb5_la-warn.lo libkrb5_la-write_message.lo am__objects_1 = libkrb5_la-krb5_err.lo libkrb5_la-krb_err.lo \ libkrb5_la-heim_err.lo libkrb5_la-k524_err.lo nodist_libkrb5_la_OBJECTS = $(am__objects_1) @@ -184,171 +209,251 @@ libkrb5_la_OBJECTS = $(dist_libkrb5_la_OBJECTS) \ libkrb5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libkrb5_la_LDFLAGS) $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +librfc3961_la_DEPENDENCIES = $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ipc/libheim-ipcc.la \ + $(top_builddir)/lib/wind/libwind.la $(LIB_pkinit) \ + $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am_librfc3961_la_OBJECTS = librfc3961_la-crc.lo \ + librfc3961_la-crypto.lo librfc3961_la-crypto-aes.lo \ + librfc3961_la-crypto-algs.lo librfc3961_la-crypto-arcfour.lo \ + librfc3961_la-crypto-des.lo librfc3961_la-crypto-des-common.lo \ + librfc3961_la-crypto-des3.lo librfc3961_la-crypto-evp.lo \ + librfc3961_la-crypto-null.lo librfc3961_la-crypto-pk.lo \ + librfc3961_la-crypto-rand.lo librfc3961_la-crypto-stubs.lo \ + librfc3961_la-data.lo librfc3961_la-error_string.lo \ + librfc3961_la-keyblock.lo librfc3961_la-n-fold.lo \ + librfc3961_la-salt.lo librfc3961_la-salt-aes.lo \ + librfc3961_la-salt-arcfour.lo librfc3961_la-salt-des.lo \ + librfc3961_la-salt-des3.lo librfc3961_la-store-int.lo \ + librfc3961_la-warn.lo +librfc3961_la_OBJECTS = $(am_librfc3961_la_OBJECTS) am__EXEEXT_1 = aes-test$(EXEEXT) derived-key-test$(EXEEXT) \ - n-fold-test$(EXEEXT) name-45-test$(EXEEXT) \ - parse-name-test$(EXEEXT) store-test$(EXEEXT) \ - string-to-key-test$(EXEEXT) test_acl$(EXEEXT) \ - test_addr$(EXEEXT) test_cc$(EXEEXT) test_config$(EXEEXT) \ - test_prf$(EXEEXT) test_store$(EXEEXT) \ - test_crypto_wrapping$(EXEEXT) test_keytab$(EXEEXT) \ - test_mem$(EXEEXT) test_pac$(EXEEXT) test_plugin$(EXEEXT) \ - test_princ$(EXEEXT) test_pkinit_dh2key$(EXEEXT) \ - test_time$(EXEEXT) + n-fold-test$(EXEEXT) parse-name-test$(EXEEXT) \ + store-test$(EXEEXT) string-to-key-test$(EXEEXT) \ + test_acl$(EXEEXT) test_addr$(EXEEXT) test_cc$(EXEEXT) \ + test_config$(EXEEXT) test_fx$(EXEEXT) test_prf$(EXEEXT) \ + test_store$(EXEEXT) test_crypto_wrapping$(EXEEXT) \ + test_keytab$(EXEEXT) test_mem$(EXEEXT) test_pac$(EXEEXT) \ + test_plugin$(EXEEXT) test_princ$(EXEEXT) \ + test_pkinit_dh2key$(EXEEXT) test_pknistkdf$(EXEEXT) \ + test_time$(EXEEXT) test_x500$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) aes_test_SOURCES = aes-test.c aes_test_OBJECTS = aes-test.$(OBJEXT) aes_test_LDADD = $(LDADD) aes_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) derived_key_test_SOURCES = derived-key-test.c derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) derived_key_test_LDADD = $(LDADD) derived_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) krbhst_test_SOURCES = krbhst-test.c krbhst_test_OBJECTS = krbhst-test.$(OBJEXT) krbhst_test_LDADD = $(LDADD) krbhst_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) n_fold_test_SOURCES = n-fold-test.c n_fold_test_OBJECTS = n-fold-test.$(OBJEXT) n_fold_test_LDADD = $(LDADD) n_fold_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) -name_45_test_SOURCES = name-45-test.c -name_45_test_OBJECTS = name-45-test.$(OBJEXT) -name_45_test_LDADD = $(LDADD) -name_45_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) parse_name_test_SOURCES = parse-name-test.c parse_name_test_OBJECTS = parse-name-test.$(OBJEXT) parse_name_test_LDADD = $(LDADD) parse_name_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) store_test_SOURCES = store-test.c store_test_OBJECTS = store-test.$(OBJEXT) store_test_LDADD = $(LDADD) store_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) string_to_key_test_SOURCES = string-to-key-test.c string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT) string_to_key_test_LDADD = $(LDADD) string_to_key_test_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_acl_SOURCES = test_acl.c test_acl_OBJECTS = test_acl.$(OBJEXT) test_acl_LDADD = $(LDADD) test_acl_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_addr_SOURCES = test_addr.c test_addr_OBJECTS = test_addr.$(OBJEXT) test_addr_LDADD = $(LDADD) test_addr_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_alname_SOURCES = test_alname.c test_alname_OBJECTS = test_alname.$(OBJEXT) test_alname_LDADD = $(LDADD) test_alname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +test_ap_req_SOURCES = test_ap-req.c +test_ap_req_OBJECTS = test_ap-req.$(OBJEXT) +test_ap_req_LDADD = $(LDADD) +test_ap_req_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_cc_SOURCES = test_cc.c test_cc_OBJECTS = test_cc.$(OBJEXT) test_cc_LDADD = $(LDADD) test_cc_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_config_SOURCES = test_config.c test_config_OBJECTS = test_config.$(OBJEXT) test_config_LDADD = $(LDADD) test_config_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_crypto_SOURCES = test_crypto.c test_crypto_OBJECTS = test_crypto.$(OBJEXT) test_crypto_LDADD = $(LDADD) test_crypto_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_crypto_wrapping_SOURCES = test_crypto_wrapping.c test_crypto_wrapping_OBJECTS = test_crypto_wrapping.$(OBJEXT) test_crypto_wrapping_LDADD = $(LDADD) test_crypto_wrapping_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_forward_SOURCES = test_forward.c test_forward_OBJECTS = test_forward.$(OBJEXT) test_forward_LDADD = $(LDADD) test_forward_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +test_fx_SOURCES = test_fx.c +test_fx_OBJECTS = test_fx.$(OBJEXT) +test_fx_LDADD = $(LDADD) +test_fx_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_get_addrs_SOURCES = test_get_addrs.c test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT) test_get_addrs_LDADD = $(LDADD) test_get_addrs_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +test_gic_SOURCES = test_gic.c +test_gic_OBJECTS = test_gic.$(OBJEXT) +test_gic_LDADD = $(LDADD) +test_gic_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_hostname_SOURCES = test_hostname.c test_hostname_OBJECTS = test_hostname.$(OBJEXT) test_hostname_LDADD = $(LDADD) test_hostname_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_keytab_SOURCES = test_keytab.c test_keytab_OBJECTS = test_keytab.$(OBJEXT) test_keytab_LDADD = $(LDADD) test_keytab_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_kuserok_SOURCES = test_kuserok.c test_kuserok_OBJECTS = test_kuserok.$(OBJEXT) test_kuserok_LDADD = $(LDADD) test_kuserok_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_mem_SOURCES = test_mem.c test_mem_OBJECTS = test_mem.$(OBJEXT) test_mem_LDADD = $(LDADD) test_mem_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_pac_SOURCES = test_pac.c test_pac_OBJECTS = test_pac.$(OBJEXT) test_pac_LDADD = $(LDADD) test_pac_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_pkinit_dh2key_SOURCES = test_pkinit_dh2key.c test_pkinit_dh2key_OBJECTS = test_pkinit_dh2key.$(OBJEXT) test_pkinit_dh2key_LDADD = $(LDADD) test_pkinit_dh2key_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +test_pknistkdf_SOURCES = test_pknistkdf.c +test_pknistkdf_OBJECTS = test_pknistkdf.$(OBJEXT) +test_pknistkdf_LDADD = $(LDADD) +test_pknistkdf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_plugin_SOURCES = test_plugin.c test_plugin_OBJECTS = test_plugin.$(OBJEXT) test_plugin_LDADD = $(LDADD) test_plugin_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_prf_SOURCES = test_prf.c test_prf_OBJECTS = test_prf.$(OBJEXT) test_prf_LDADD = $(LDADD) test_prf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_princ_SOURCES = test_princ.c test_princ_OBJECTS = test_princ.$(OBJEXT) test_princ_LDADD = $(LDADD) test_princ_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_renew_SOURCES = test_renew.c test_renew_OBJECTS = test_renew.$(OBJEXT) test_renew_LDADD = $(LDADD) test_renew_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +test_rfc3961_SOURCES = test_rfc3961.c +test_rfc3961_OBJECTS = test_rfc3961.$(OBJEXT) +test_rfc3961_DEPENDENCIES = librfc3961.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) test_store_SOURCES = test_store.c test_store_OBJECTS = test_store.$(OBJEXT) test_store_LDADD = $(LDADD) test_store_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) test_time_SOURCES = test_time.c test_time_OBJECTS = test_time.$(OBJEXT) test_time_LDADD = $(LDADD) test_time_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +test_x500_SOURCES = test_x500.c +test_x500_OBJECTS = test_x500.$(OBJEXT) +test_x500_LDADD = $(LDADD) +test_x500_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) verify_krb5_conf_SOURCES = verify_krb5_conf.c verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT) verify_krb5_conf_LDADD = $(LDADD) verify_krb5_conf_DEPENDENCIES = libkrb5.la $(am__DEPENDENCIES_1) \ - $(top_builddir)/lib/asn1/libasn1.la $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -359,82 +464,93 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(dist_libkrb5_la_SOURCES) $(nodist_libkrb5_la_SOURCES) \ - aes-test.c derived-key-test.c krbhst-test.c n-fold-test.c \ - name-45-test.c parse-name-test.c store-test.c \ + $(librfc3961_la_SOURCES) aes-test.c derived-key-test.c \ + krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \ string-to-key-test.c test_acl.c test_addr.c test_alname.c \ - test_cc.c test_config.c test_crypto.c test_crypto_wrapping.c \ - test_forward.c test_get_addrs.c test_hostname.c test_keytab.c \ + test_ap-req.c test_cc.c test_config.c test_crypto.c \ + test_crypto_wrapping.c test_forward.c test_fx.c \ + test_get_addrs.c test_gic.c test_hostname.c test_keytab.c \ test_kuserok.c test_mem.c test_pac.c test_pkinit_dh2key.c \ - test_plugin.c test_prf.c test_princ.c test_renew.c \ - test_store.c test_time.c verify_krb5_conf.c -DIST_SOURCES = $(dist_libkrb5_la_SOURCES) aes-test.c \ - derived-key-test.c krbhst-test.c n-fold-test.c name-45-test.c \ + test_pknistkdf.c test_plugin.c test_prf.c test_princ.c \ + test_renew.c test_rfc3961.c test_store.c test_time.c \ + test_x500.c verify_krb5_conf.c +DIST_SOURCES = $(dist_libkrb5_la_SOURCES) $(librfc3961_la_SOURCES) \ + aes-test.c derived-key-test.c krbhst-test.c n-fold-test.c \ parse-name-test.c store-test.c string-to-key-test.c test_acl.c \ - test_addr.c test_alname.c test_cc.c test_config.c \ - test_crypto.c test_crypto_wrapping.c test_forward.c \ - test_get_addrs.c test_hostname.c test_keytab.c test_kuserok.c \ - test_mem.c test_pac.c test_pkinit_dh2key.c test_plugin.c \ - test_prf.c test_princ.c test_renew.c test_store.c test_time.c \ - verify_krb5_conf.c + test_addr.c test_alname.c test_ap-req.c test_cc.c \ + test_config.c test_crypto.c test_crypto_wrapping.c \ + test_forward.c test_fx.c test_get_addrs.c test_gic.c \ + test_hostname.c test_keytab.c test_kuserok.c test_mem.c \ + test_pac.c test_pkinit_dh2key.c test_pknistkdf.c test_plugin.c \ + test_prf.c test_princ.c test_renew.c test_rfc3961.c \ + test_store.c test_time.c test_x500.c verify_krb5_conf.c man3dir = $(mandir)/man3 man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 MANS = $(man_MANS) -dist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -krb5HEADERS_INSTALL = $(INSTALL_HEADER) -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(dist_include_HEADERS) $(krb5_HEADERS) \ $(nodist_include_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -458,10 +574,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -478,6 +595,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -493,31 +612,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -532,10 +665,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -576,50 +711,90 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err \ - -I$(srcdir)/../com_err +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_hcrypto) \ + -I../com_err -I$(srcdir)/../com_err $(INCLUDE_sqlite3) \ + $(INCLUDE_libintl) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +noinst_LTLIBRARIES = \ + librfc3961.la + +check_DATA = test_config_strings.out LDADD = libkrb5.la \ $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la \ $(LIB_roken) @PKINIT_TRUE@LIB_pkinit = ../hx509/libhx509.la +@have_scc_TRUE@use_sqlite = $(LIB_sqlite3) libkrb5_la_LIBADD = \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ipc/libheim-ipcc.la \ + $(top_builddir)/lib/wind/libwind.la \ + $(top_builddir)/base/libheimbase.la \ $(LIB_pkinit) \ + $(use_sqlite) \ $(LIB_com_err) \ $(LIB_hcrypto) \ - $(top_builddir)/lib/asn1/libasn1.la \ + $(LIB_libintl) \ $(LIBADD_roken) \ + $(PTHREAD_LIBADD) \ + $(LIB_door_create) \ + $(LIB_dlopen) + +librfc3961_la_LIBADD = \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/ipc/libheim-ipcc.la \ + $(top_builddir)/lib/wind/libwind.la \ + $(LIB_pkinit) \ + $(use_sqlite) \ + $(LIB_com_err) \ + $(LIB_hcrypto) \ + $(LIB_libintl) \ + $(LIBADD_roken) \ + $(PTHREAD_LIBADD) \ $(LIB_door_create) \ $(LIB_dlopen) lib_LTLIBRARIES = libkrb5.la ERR_FILES = krb5_err.c krb_err.c heim_err.c k524_err.c -libkrb5_la_CPPFLAGS = -DBUILD_KRB5_LIB $(AM_CPPFLAGS) +libkrb5_la_CPPFLAGS = \ + -DBUILD_KRB5_LIB \ + $(AM_CPPFLAGS) \ + -DHEIMDAL_LOCALEDIR='"$(localedir)"' + +librfc3961_la_CPPFLAGS = \ + -DBUILD_KRB5_LIB \ + $(AM_CPPFLAGS) \ + -DHEIMDAL_LOCALEDIR='"$(localedir)"' + dist_libkrb5_la_SOURCES = \ acache.c \ acl.c \ @@ -635,7 +810,6 @@ dist_libkrb5_la_SOURCES = \ changepw.c \ codec.c \ config_file.c \ - config_file_netinfo.c \ convert_creds.c \ constants.c \ context.c \ @@ -643,12 +817,25 @@ dist_libkrb5_la_SOURCES = \ crc.c \ creds.c \ crypto.c \ + crypto.h \ + crypto-aes.c \ + crypto-algs.c \ + crypto-arcfour.c \ + crypto-des.c \ + crypto-des-common.c \ + crypto-des3.c \ + crypto-evp.c \ + crypto-null.c \ + crypto-pk.c \ + crypto-rand.c \ doxygen.c \ data.c \ + deprecated.c \ digest.c \ eai_to_heim_errno.c \ error_string.c \ expand_hostname.c \ + expand_path.c \ fcache.c \ free.c \ free_host_realm.c \ @@ -661,11 +848,7 @@ dist_libkrb5_la_SOURCES = \ get_for_creds.c \ get_host_realm.c \ get_in_tkt.c \ - get_in_tkt_pw.c \ - get_in_tkt_with_keytab.c \ - get_in_tkt_with_skey.c \ get_port.c \ - heim_threads.h \ init_creds.c \ init_creds_pw.c \ kcm.c \ @@ -675,7 +858,6 @@ dist_libkrb5_la_SOURCES = \ keytab_any.c \ keytab_file.c \ keytab_keyfile.c \ - keytab_krb4.c \ keytab_memory.c \ krb5_locl.h \ krb5-v4compat.h \ @@ -696,6 +878,7 @@ dist_libkrb5_la_SOURCES = \ n-fold.c \ pac.c \ padata.c \ + pcache.c \ pkinit.c \ principal.c \ prog_setup.c \ @@ -709,11 +892,18 @@ dist_libkrb5_la_SOURCES = \ read_message.c \ recvauth.c \ replay.c \ + salt.c \ + salt-aes.c \ + salt-arcfour.c \ + salt-des.c \ + salt-des3.c \ + scache.c \ send_to_kdc.c \ sendauth.c \ set_default_realm.c \ sock_principal.c \ store.c \ + store-int.c \ store-int.h \ store_emem.c \ store_fd.c \ @@ -722,7 +912,6 @@ dist_libkrb5_la_SOURCES = \ ticket.c \ time.c \ transited.c \ - v4_glue.c \ verify_init.c \ verify_user.c \ version.c \ @@ -732,32 +921,60 @@ dist_libkrb5_la_SOURCES = \ nodist_libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 24:0:0 $(am__append_1) +libkrb5_la_DEPENDENCIES = \ + version-script.map + +libkrb5_la_LDFLAGS = -version-info 26:0:0 $(am__append_1) +librfc3961_la_SOURCES = \ + crc.c \ + crypto.c \ + crypto.h \ + crypto-aes.c \ + crypto-algs.c \ + crypto-arcfour.c \ + crypto-des.c \ + crypto-des-common.c \ + crypto-des3.c \ + crypto-evp.c \ + crypto-null.c \ + crypto-pk.c \ + crypto-rand.c \ + crypto-stubs.c \ + data.c \ + error_string.c \ + keyblock.c \ + n-fold.c \ + salt.c \ + salt-aes.c \ + salt-arcfour.c \ + salt-des.c \ + salt-des3.c \ + store-int.c \ + warn.c + +test_rfc3961_LDADD = \ + librfc3961.la \ + $(top_builddir)/lib/asn1/libasn1.la \ + $(top_builddir)/lib/wind/libwind.la \ + $(LIB_hcrypto) \ + $(LIB_roken) + man_MANS = \ kerberos.8 \ - krb5.3 \ krb5.conf.5 \ krb524_convert_creds_kdc.3 \ krb5_425_conv_principal.3 \ krb5_acl_match_file.3 \ - krb5_address.3 \ krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_c_make_checksum.3 \ - krb5_ccache.3 \ krb5_check_transited.3 \ - krb5_compare_creds.3 \ - krb5_config.3 \ - krb5_context.3 \ krb5_create_checksum.3 \ krb5_creds.3 \ - krb5_crypto_init.3 \ - krb5_data.3 \ krb5_digest.3 \ krb5_eai_to_heim_errno.3 \ krb5_encrypt.3 \ - krb5_expand_hostname.3 \ krb5_find_padata.3 \ krb5_generate_random_block.3 \ krb5_get_all_client_addrs.3 \ @@ -770,10 +987,7 @@ man_MANS = \ krb5_getportbyname.3 \ krb5_init_context.3 \ krb5_is_thread_safe.3 \ - krb5_keyblock.3 \ - krb5_keytab.3 \ krb5_krbhst_init.3 \ - krb5_kuserok.3 \ krb5_mk_req.3 \ krb5_mk_safe.3 \ krb5_openlog.3 \ @@ -784,14 +998,10 @@ man_MANS = \ krb5_rd_safe.3 \ krb5_set_default_realm.3 \ krb5_set_password.3 \ - krb5_storage.3 \ krb5_string_to_key.3 \ - krb5_ticket.3 \ krb5_timeofday.3 \ - krb5_unparse_name.3 \ krb5_verify_init_creds.3 \ krb5_verify_user.3 \ - krb5_warn.3 \ verify_krb5_conf.8 dist_include_HEADERS = \ @@ -800,47 +1010,51 @@ dist_include_HEADERS = \ krb5-private.h \ krb5_ccapi.h -nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h +nodist_include_HEADERS = krb5_err.h heim_err.h k524_err.h # XXX use nobase_include_HEADERS = krb5/locate_plugin.h krb5dir = $(includedir)/krb5 -krb5_HEADERS = locate_plugin.h +krb5_HEADERS = locate_plugin.h send_to_kdc_plugin.h ccache_plugin.h build_HEADERZ = \ - heim_threads.h \ $(krb5_HEADERS) \ krb_err.h CLEANFILES = \ + test_config_strings.out \ + test-store-data \ krb5_err.c krb5_err.h \ krb_err.c krb_err.h \ heim_err.c heim_err.h \ k524_err.c k524_err.h EXTRA_DIST = \ + NTMakefile \ + verify_krb5_conf-version.rc \ krb5_err.et \ krb_err.et \ heim_err.et \ k524_err.et \ $(man_MANS) \ version-script.map \ + test_config_strings.cfg \ krb5.moduli all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/krb5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/krb5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/krb5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/krb5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -858,23 +1072,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -885,50 +1104,80 @@ clean-libLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) $(libkrb5_la_LINK) -rpath $(libdir) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS) +librfc3961.la: $(librfc3961_la_OBJECTS) $(librfc3961_la_DEPENDENCIES) + $(LINK) $(librfc3961_la_OBJECTS) $(librfc3961_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) @rm -f aes-test$(EXEEXT) $(LINK) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS) @@ -941,9 +1190,6 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) @rm -f n-fold-test$(EXEEXT) $(LINK) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) -name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) - @rm -f name-45-test$(EXEEXT) - $(LINK) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS) parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) @rm -f parse-name-test$(EXEEXT) $(LINK) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS) @@ -962,6 +1208,9 @@ test_addr$(EXEEXT): $(test_addr_OBJECTS) $(test_addr_DEPENDENCIES) test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) @rm -f test_alname$(EXEEXT) $(LINK) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS) +test_ap-req$(EXEEXT): $(test_ap_req_OBJECTS) $(test_ap_req_DEPENDENCIES) + @rm -f test_ap-req$(EXEEXT) + $(LINK) $(test_ap_req_OBJECTS) $(test_ap_req_LDADD) $(LIBS) test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) @rm -f test_cc$(EXEEXT) $(LINK) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS) @@ -977,9 +1226,15 @@ test_crypto_wrapping$(EXEEXT): $(test_crypto_wrapping_OBJECTS) $(test_crypto_wra test_forward$(EXEEXT): $(test_forward_OBJECTS) $(test_forward_DEPENDENCIES) @rm -f test_forward$(EXEEXT) $(LINK) $(test_forward_OBJECTS) $(test_forward_LDADD) $(LIBS) +test_fx$(EXEEXT): $(test_fx_OBJECTS) $(test_fx_DEPENDENCIES) + @rm -f test_fx$(EXEEXT) + $(LINK) $(test_fx_OBJECTS) $(test_fx_LDADD) $(LIBS) test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) @rm -f test_get_addrs$(EXEEXT) $(LINK) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS) +test_gic$(EXEEXT): $(test_gic_OBJECTS) $(test_gic_DEPENDENCIES) + @rm -f test_gic$(EXEEXT) + $(LINK) $(test_gic_OBJECTS) $(test_gic_LDADD) $(LIBS) test_hostname$(EXEEXT): $(test_hostname_OBJECTS) $(test_hostname_DEPENDENCIES) @rm -f test_hostname$(EXEEXT) $(LINK) $(test_hostname_OBJECTS) $(test_hostname_LDADD) $(LIBS) @@ -998,6 +1253,9 @@ test_pac$(EXEEXT): $(test_pac_OBJECTS) $(test_pac_DEPENDENCIES) test_pkinit_dh2key$(EXEEXT): $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_DEPENDENCIES) @rm -f test_pkinit_dh2key$(EXEEXT) $(LINK) $(test_pkinit_dh2key_OBJECTS) $(test_pkinit_dh2key_LDADD) $(LIBS) +test_pknistkdf$(EXEEXT): $(test_pknistkdf_OBJECTS) $(test_pknistkdf_DEPENDENCIES) + @rm -f test_pknistkdf$(EXEEXT) + $(LINK) $(test_pknistkdf_OBJECTS) $(test_pknistkdf_LDADD) $(LIBS) test_plugin$(EXEEXT): $(test_plugin_OBJECTS) $(test_plugin_DEPENDENCIES) @rm -f test_plugin$(EXEEXT) $(LINK) $(test_plugin_OBJECTS) $(test_plugin_LDADD) $(LIBS) @@ -1010,12 +1268,18 @@ test_princ$(EXEEXT): $(test_princ_OBJECTS) $(test_princ_DEPENDENCIES) test_renew$(EXEEXT): $(test_renew_OBJECTS) $(test_renew_DEPENDENCIES) @rm -f test_renew$(EXEEXT) $(LINK) $(test_renew_OBJECTS) $(test_renew_LDADD) $(LIBS) +test_rfc3961$(EXEEXT): $(test_rfc3961_OBJECTS) $(test_rfc3961_DEPENDENCIES) + @rm -f test_rfc3961$(EXEEXT) + $(LINK) $(test_rfc3961_OBJECTS) $(test_rfc3961_LDADD) $(LIBS) test_store$(EXEEXT): $(test_store_OBJECTS) $(test_store_DEPENDENCIES) @rm -f test_store$(EXEEXT) $(LINK) $(test_store_OBJECTS) $(test_store_LDADD) $(LIBS) test_time$(EXEEXT): $(test_time_OBJECTS) $(test_time_DEPENDENCIES) @rm -f test_time$(EXEEXT) $(LINK) $(test_time_OBJECTS) $(test_time_LDADD) $(LIBS) +test_x500$(EXEEXT): $(test_x500_OBJECTS) $(test_x500_DEPENDENCIES) + @rm -f test_x500$(EXEEXT) + $(LINK) $(test_x500_OBJECTS) $(test_x500_LDADD) $(LIBS) verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) @rm -f verify_krb5_conf$(EXEEXT) $(LINK) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS) @@ -1026,577 +1290,1452 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/derived-key-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/krbhst-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-acache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-acl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-add_et_list.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-addr_families.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-aname_to_localname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-appdefault.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-asn1_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-auth_context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-build_ap_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-build_auth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-cache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-changepw.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-codec.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-config_file.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-constants.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-context.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-convert_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-copy_host_realm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-aes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-algs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-arcfour.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-des-common.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-des.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-des3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-evp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-null.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-pk.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto-rand.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-crypto.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-deprecated.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-digest.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-doxygen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-eai_to_heim_errno.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-error_string.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-expand_hostname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-expand_path.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-fcache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-free.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-free_host_realm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-generate_seq_number.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-generate_subkey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_addrs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_default_principal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_default_realm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_for_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_host_realm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_in_tkt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-get_port.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-heim_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-init_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-init_creds_pw.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-k524_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-kcm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-keyblock.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-keytab.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-keytab_any.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-keytab_file.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-keytab_keyfile.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-keytab_memory.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-krb5_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-krb_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-krbhst.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-kuserok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-log.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mcache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-misc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mit_glue.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mk_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mk_priv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mk_rep.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mk_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mk_req_ext.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-mk_safe.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-n-fold.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-net_read.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-net_write.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-pac.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-padata.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-pcache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-pkinit.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-principal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-prog_setup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-prompter_posix.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-rd_cred.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-rd_error.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-rd_priv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-rd_rep.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-rd_req.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-rd_safe.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-read_message.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-recvauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-replay.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-salt-aes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-salt-arcfour.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-salt-des.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-salt-des3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-salt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-scache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-send_to_kdc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-sendauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-set_default_realm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-sock_principal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-store-int.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-store.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-store_emem.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-store_fd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-store_mem.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-ticket.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-time.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-transited.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-verify_init.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-verify_user.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-version.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-warn.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libkrb5_la-write_message.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-aes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-algs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-arcfour.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-des-common.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-des.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-des3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-evp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-null.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-pk.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-rand.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto-stubs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-crypto.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-data.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-error_string.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-keyblock.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-n-fold.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-salt-aes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-salt-arcfour.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-salt-des.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-salt-des3.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-salt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-store-int.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/librfc3961_la-warn.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/n-fold-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse-name-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/store-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string-to-key-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_acl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_addr.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_alname.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_ap-req.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_cc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_config.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_crypto.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_crypto_wrapping.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_forward.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_fx.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_get_addrs.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_gic.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_hostname.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_keytab.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_kuserok.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_mem.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_pac.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_pkinit_dh2key.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_pknistkdf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_plugin.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_prf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_princ.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_renew.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_rfc3961.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_store.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_time.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_x500.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify_krb5_conf.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< libkrb5_la-acache.lo: acache.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acache.lo `test -f 'acache.c' || echo '$(srcdir)/'`acache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-acache.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-acache.Tpo -c -o libkrb5_la-acache.lo `test -f 'acache.c' || echo '$(srcdir)/'`acache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-acache.Tpo $(DEPDIR)/libkrb5_la-acache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='acache.c' object='libkrb5_la-acache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acache.lo `test -f 'acache.c' || echo '$(srcdir)/'`acache.c libkrb5_la-acl.lo: acl.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acl.lo `test -f 'acl.c' || echo '$(srcdir)/'`acl.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-acl.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-acl.Tpo -c -o libkrb5_la-acl.lo `test -f 'acl.c' || echo '$(srcdir)/'`acl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-acl.Tpo $(DEPDIR)/libkrb5_la-acl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='acl.c' object='libkrb5_la-acl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-acl.lo `test -f 'acl.c' || echo '$(srcdir)/'`acl.c libkrb5_la-add_et_list.lo: add_et_list.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-add_et_list.lo `test -f 'add_et_list.c' || echo '$(srcdir)/'`add_et_list.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-add_et_list.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-add_et_list.Tpo -c -o libkrb5_la-add_et_list.lo `test -f 'add_et_list.c' || echo '$(srcdir)/'`add_et_list.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-add_et_list.Tpo $(DEPDIR)/libkrb5_la-add_et_list.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='add_et_list.c' object='libkrb5_la-add_et_list.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-add_et_list.lo `test -f 'add_et_list.c' || echo '$(srcdir)/'`add_et_list.c libkrb5_la-addr_families.lo: addr_families.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-addr_families.lo `test -f 'addr_families.c' || echo '$(srcdir)/'`addr_families.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-addr_families.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-addr_families.Tpo -c -o libkrb5_la-addr_families.lo `test -f 'addr_families.c' || echo '$(srcdir)/'`addr_families.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-addr_families.Tpo $(DEPDIR)/libkrb5_la-addr_families.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='addr_families.c' object='libkrb5_la-addr_families.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-addr_families.lo `test -f 'addr_families.c' || echo '$(srcdir)/'`addr_families.c libkrb5_la-aname_to_localname.lo: aname_to_localname.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-aname_to_localname.lo `test -f 'aname_to_localname.c' || echo '$(srcdir)/'`aname_to_localname.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-aname_to_localname.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-aname_to_localname.Tpo -c -o libkrb5_la-aname_to_localname.lo `test -f 'aname_to_localname.c' || echo '$(srcdir)/'`aname_to_localname.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-aname_to_localname.Tpo $(DEPDIR)/libkrb5_la-aname_to_localname.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='aname_to_localname.c' object='libkrb5_la-aname_to_localname.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-aname_to_localname.lo `test -f 'aname_to_localname.c' || echo '$(srcdir)/'`aname_to_localname.c libkrb5_la-appdefault.lo: appdefault.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-appdefault.lo `test -f 'appdefault.c' || echo '$(srcdir)/'`appdefault.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-appdefault.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-appdefault.Tpo -c -o libkrb5_la-appdefault.lo `test -f 'appdefault.c' || echo '$(srcdir)/'`appdefault.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-appdefault.Tpo $(DEPDIR)/libkrb5_la-appdefault.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='appdefault.c' object='libkrb5_la-appdefault.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-appdefault.lo `test -f 'appdefault.c' || echo '$(srcdir)/'`appdefault.c libkrb5_la-asn1_glue.lo: asn1_glue.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-asn1_glue.lo `test -f 'asn1_glue.c' || echo '$(srcdir)/'`asn1_glue.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-asn1_glue.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-asn1_glue.Tpo -c -o libkrb5_la-asn1_glue.lo `test -f 'asn1_glue.c' || echo '$(srcdir)/'`asn1_glue.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-asn1_glue.Tpo $(DEPDIR)/libkrb5_la-asn1_glue.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1_glue.c' object='libkrb5_la-asn1_glue.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-asn1_glue.lo `test -f 'asn1_glue.c' || echo '$(srcdir)/'`asn1_glue.c libkrb5_la-auth_context.lo: auth_context.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-auth_context.lo `test -f 'auth_context.c' || echo '$(srcdir)/'`auth_context.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-auth_context.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-auth_context.Tpo -c -o libkrb5_la-auth_context.lo `test -f 'auth_context.c' || echo '$(srcdir)/'`auth_context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-auth_context.Tpo $(DEPDIR)/libkrb5_la-auth_context.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='auth_context.c' object='libkrb5_la-auth_context.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-auth_context.lo `test -f 'auth_context.c' || echo '$(srcdir)/'`auth_context.c libkrb5_la-build_ap_req.lo: build_ap_req.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_ap_req.lo `test -f 'build_ap_req.c' || echo '$(srcdir)/'`build_ap_req.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-build_ap_req.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-build_ap_req.Tpo -c -o libkrb5_la-build_ap_req.lo `test -f 'build_ap_req.c' || echo '$(srcdir)/'`build_ap_req.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-build_ap_req.Tpo $(DEPDIR)/libkrb5_la-build_ap_req.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='build_ap_req.c' object='libkrb5_la-build_ap_req.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_ap_req.lo `test -f 'build_ap_req.c' || echo '$(srcdir)/'`build_ap_req.c libkrb5_la-build_auth.lo: build_auth.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_auth.lo `test -f 'build_auth.c' || echo '$(srcdir)/'`build_auth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-build_auth.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-build_auth.Tpo -c -o libkrb5_la-build_auth.lo `test -f 'build_auth.c' || echo '$(srcdir)/'`build_auth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-build_auth.Tpo $(DEPDIR)/libkrb5_la-build_auth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='build_auth.c' object='libkrb5_la-build_auth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-build_auth.lo `test -f 'build_auth.c' || echo '$(srcdir)/'`build_auth.c libkrb5_la-cache.lo: cache.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-cache.lo `test -f 'cache.c' || echo '$(srcdir)/'`cache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-cache.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-cache.Tpo -c -o libkrb5_la-cache.lo `test -f 'cache.c' || echo '$(srcdir)/'`cache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-cache.Tpo $(DEPDIR)/libkrb5_la-cache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='cache.c' object='libkrb5_la-cache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-cache.lo `test -f 'cache.c' || echo '$(srcdir)/'`cache.c libkrb5_la-changepw.lo: changepw.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-changepw.lo `test -f 'changepw.c' || echo '$(srcdir)/'`changepw.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-changepw.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-changepw.Tpo -c -o libkrb5_la-changepw.lo `test -f 'changepw.c' || echo '$(srcdir)/'`changepw.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-changepw.Tpo $(DEPDIR)/libkrb5_la-changepw.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='changepw.c' object='libkrb5_la-changepw.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-changepw.lo `test -f 'changepw.c' || echo '$(srcdir)/'`changepw.c libkrb5_la-codec.lo: codec.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-codec.lo `test -f 'codec.c' || echo '$(srcdir)/'`codec.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-codec.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-codec.Tpo -c -o libkrb5_la-codec.lo `test -f 'codec.c' || echo '$(srcdir)/'`codec.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-codec.Tpo $(DEPDIR)/libkrb5_la-codec.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='codec.c' object='libkrb5_la-codec.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-codec.lo `test -f 'codec.c' || echo '$(srcdir)/'`codec.c libkrb5_la-config_file.lo: config_file.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file.lo `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c - -libkrb5_la-config_file_netinfo.lo: config_file_netinfo.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file_netinfo.lo `test -f 'config_file_netinfo.c' || echo '$(srcdir)/'`config_file_netinfo.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-config_file.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-config_file.Tpo -c -o libkrb5_la-config_file.lo `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-config_file.Tpo $(DEPDIR)/libkrb5_la-config_file.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config_file.c' object='libkrb5_la-config_file.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-config_file.lo `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c libkrb5_la-convert_creds.lo: convert_creds.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-convert_creds.lo `test -f 'convert_creds.c' || echo '$(srcdir)/'`convert_creds.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-convert_creds.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-convert_creds.Tpo -c -o libkrb5_la-convert_creds.lo `test -f 'convert_creds.c' || echo '$(srcdir)/'`convert_creds.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-convert_creds.Tpo $(DEPDIR)/libkrb5_la-convert_creds.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='convert_creds.c' object='libkrb5_la-convert_creds.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-convert_creds.lo `test -f 'convert_creds.c' || echo '$(srcdir)/'`convert_creds.c libkrb5_la-constants.lo: constants.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-constants.lo `test -f 'constants.c' || echo '$(srcdir)/'`constants.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-constants.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-constants.Tpo -c -o libkrb5_la-constants.lo `test -f 'constants.c' || echo '$(srcdir)/'`constants.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-constants.Tpo $(DEPDIR)/libkrb5_la-constants.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='constants.c' object='libkrb5_la-constants.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-constants.lo `test -f 'constants.c' || echo '$(srcdir)/'`constants.c libkrb5_la-context.lo: context.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-context.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-context.Tpo -c -o libkrb5_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-context.Tpo $(DEPDIR)/libkrb5_la-context.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='context.c' object='libkrb5_la-context.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c libkrb5_la-copy_host_realm.lo: copy_host_realm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-copy_host_realm.lo `test -f 'copy_host_realm.c' || echo '$(srcdir)/'`copy_host_realm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-copy_host_realm.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-copy_host_realm.Tpo -c -o libkrb5_la-copy_host_realm.lo `test -f 'copy_host_realm.c' || echo '$(srcdir)/'`copy_host_realm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-copy_host_realm.Tpo $(DEPDIR)/libkrb5_la-copy_host_realm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='copy_host_realm.c' object='libkrb5_la-copy_host_realm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-copy_host_realm.lo `test -f 'copy_host_realm.c' || echo '$(srcdir)/'`copy_host_realm.c libkrb5_la-crc.lo: crc.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crc.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crc.Tpo -c -o libkrb5_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crc.Tpo $(DEPDIR)/libkrb5_la-crc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crc.c' object='libkrb5_la-crc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c libkrb5_la-creds.lo: creds.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-creds.lo `test -f 'creds.c' || echo '$(srcdir)/'`creds.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-creds.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-creds.Tpo -c -o libkrb5_la-creds.lo `test -f 'creds.c' || echo '$(srcdir)/'`creds.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-creds.Tpo $(DEPDIR)/libkrb5_la-creds.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='creds.c' object='libkrb5_la-creds.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-creds.lo `test -f 'creds.c' || echo '$(srcdir)/'`creds.c libkrb5_la-crypto.lo: crypto.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto.Tpo -c -o libkrb5_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto.Tpo $(DEPDIR)/libkrb5_la-crypto.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libkrb5_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c + +libkrb5_la-crypto-aes.lo: crypto-aes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-aes.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-aes.Tpo -c -o libkrb5_la-crypto-aes.lo `test -f 'crypto-aes.c' || echo '$(srcdir)/'`crypto-aes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-aes.Tpo $(DEPDIR)/libkrb5_la-crypto-aes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-aes.c' object='libkrb5_la-crypto-aes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-aes.lo `test -f 'crypto-aes.c' || echo '$(srcdir)/'`crypto-aes.c + +libkrb5_la-crypto-algs.lo: crypto-algs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-algs.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-algs.Tpo -c -o libkrb5_la-crypto-algs.lo `test -f 'crypto-algs.c' || echo '$(srcdir)/'`crypto-algs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-algs.Tpo $(DEPDIR)/libkrb5_la-crypto-algs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-algs.c' object='libkrb5_la-crypto-algs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-algs.lo `test -f 'crypto-algs.c' || echo '$(srcdir)/'`crypto-algs.c + +libkrb5_la-crypto-arcfour.lo: crypto-arcfour.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-arcfour.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-arcfour.Tpo -c -o libkrb5_la-crypto-arcfour.lo `test -f 'crypto-arcfour.c' || echo '$(srcdir)/'`crypto-arcfour.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-arcfour.Tpo $(DEPDIR)/libkrb5_la-crypto-arcfour.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-arcfour.c' object='libkrb5_la-crypto-arcfour.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-arcfour.lo `test -f 'crypto-arcfour.c' || echo '$(srcdir)/'`crypto-arcfour.c + +libkrb5_la-crypto-des.lo: crypto-des.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-des.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-des.Tpo -c -o libkrb5_la-crypto-des.lo `test -f 'crypto-des.c' || echo '$(srcdir)/'`crypto-des.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-des.Tpo $(DEPDIR)/libkrb5_la-crypto-des.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-des.c' object='libkrb5_la-crypto-des.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-des.lo `test -f 'crypto-des.c' || echo '$(srcdir)/'`crypto-des.c + +libkrb5_la-crypto-des-common.lo: crypto-des-common.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-des-common.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-des-common.Tpo -c -o libkrb5_la-crypto-des-common.lo `test -f 'crypto-des-common.c' || echo '$(srcdir)/'`crypto-des-common.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-des-common.Tpo $(DEPDIR)/libkrb5_la-crypto-des-common.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-des-common.c' object='libkrb5_la-crypto-des-common.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-des-common.lo `test -f 'crypto-des-common.c' || echo '$(srcdir)/'`crypto-des-common.c + +libkrb5_la-crypto-des3.lo: crypto-des3.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-des3.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-des3.Tpo -c -o libkrb5_la-crypto-des3.lo `test -f 'crypto-des3.c' || echo '$(srcdir)/'`crypto-des3.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-des3.Tpo $(DEPDIR)/libkrb5_la-crypto-des3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-des3.c' object='libkrb5_la-crypto-des3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-des3.lo `test -f 'crypto-des3.c' || echo '$(srcdir)/'`crypto-des3.c + +libkrb5_la-crypto-evp.lo: crypto-evp.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-evp.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-evp.Tpo -c -o libkrb5_la-crypto-evp.lo `test -f 'crypto-evp.c' || echo '$(srcdir)/'`crypto-evp.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-evp.Tpo $(DEPDIR)/libkrb5_la-crypto-evp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-evp.c' object='libkrb5_la-crypto-evp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-evp.lo `test -f 'crypto-evp.c' || echo '$(srcdir)/'`crypto-evp.c + +libkrb5_la-crypto-null.lo: crypto-null.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-null.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-null.Tpo -c -o libkrb5_la-crypto-null.lo `test -f 'crypto-null.c' || echo '$(srcdir)/'`crypto-null.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-null.Tpo $(DEPDIR)/libkrb5_la-crypto-null.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-null.c' object='libkrb5_la-crypto-null.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-null.lo `test -f 'crypto-null.c' || echo '$(srcdir)/'`crypto-null.c + +libkrb5_la-crypto-pk.lo: crypto-pk.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-pk.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-pk.Tpo -c -o libkrb5_la-crypto-pk.lo `test -f 'crypto-pk.c' || echo '$(srcdir)/'`crypto-pk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-pk.Tpo $(DEPDIR)/libkrb5_la-crypto-pk.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-pk.c' object='libkrb5_la-crypto-pk.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-pk.lo `test -f 'crypto-pk.c' || echo '$(srcdir)/'`crypto-pk.c + +libkrb5_la-crypto-rand.lo: crypto-rand.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-crypto-rand.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-crypto-rand.Tpo -c -o libkrb5_la-crypto-rand.lo `test -f 'crypto-rand.c' || echo '$(srcdir)/'`crypto-rand.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-crypto-rand.Tpo $(DEPDIR)/libkrb5_la-crypto-rand.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-rand.c' object='libkrb5_la-crypto-rand.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-crypto-rand.lo `test -f 'crypto-rand.c' || echo '$(srcdir)/'`crypto-rand.c libkrb5_la-doxygen.lo: doxygen.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-doxygen.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-doxygen.Tpo -c -o libkrb5_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-doxygen.Tpo $(DEPDIR)/libkrb5_la-doxygen.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='doxygen.c' object='libkrb5_la-doxygen.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c libkrb5_la-data.lo: data.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-data.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-data.Tpo -c -o libkrb5_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-data.Tpo $(DEPDIR)/libkrb5_la-data.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='data.c' object='libkrb5_la-data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c + +libkrb5_la-deprecated.lo: deprecated.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-deprecated.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-deprecated.Tpo -c -o libkrb5_la-deprecated.lo `test -f 'deprecated.c' || echo '$(srcdir)/'`deprecated.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-deprecated.Tpo $(DEPDIR)/libkrb5_la-deprecated.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='deprecated.c' object='libkrb5_la-deprecated.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-deprecated.lo `test -f 'deprecated.c' || echo '$(srcdir)/'`deprecated.c libkrb5_la-digest.lo: digest.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-digest.lo `test -f 'digest.c' || echo '$(srcdir)/'`digest.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-digest.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-digest.Tpo -c -o libkrb5_la-digest.lo `test -f 'digest.c' || echo '$(srcdir)/'`digest.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-digest.Tpo $(DEPDIR)/libkrb5_la-digest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digest.c' object='libkrb5_la-digest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-digest.lo `test -f 'digest.c' || echo '$(srcdir)/'`digest.c libkrb5_la-eai_to_heim_errno.lo: eai_to_heim_errno.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-eai_to_heim_errno.lo `test -f 'eai_to_heim_errno.c' || echo '$(srcdir)/'`eai_to_heim_errno.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-eai_to_heim_errno.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-eai_to_heim_errno.Tpo -c -o libkrb5_la-eai_to_heim_errno.lo `test -f 'eai_to_heim_errno.c' || echo '$(srcdir)/'`eai_to_heim_errno.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-eai_to_heim_errno.Tpo $(DEPDIR)/libkrb5_la-eai_to_heim_errno.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='eai_to_heim_errno.c' object='libkrb5_la-eai_to_heim_errno.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-eai_to_heim_errno.lo `test -f 'eai_to_heim_errno.c' || echo '$(srcdir)/'`eai_to_heim_errno.c libkrb5_la-error_string.lo: error_string.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-error_string.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-error_string.Tpo -c -o libkrb5_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-error_string.Tpo $(DEPDIR)/libkrb5_la-error_string.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='error_string.c' object='libkrb5_la-error_string.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c libkrb5_la-expand_hostname.lo: expand_hostname.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-expand_hostname.lo `test -f 'expand_hostname.c' || echo '$(srcdir)/'`expand_hostname.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-expand_hostname.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-expand_hostname.Tpo -c -o libkrb5_la-expand_hostname.lo `test -f 'expand_hostname.c' || echo '$(srcdir)/'`expand_hostname.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-expand_hostname.Tpo $(DEPDIR)/libkrb5_la-expand_hostname.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='expand_hostname.c' object='libkrb5_la-expand_hostname.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-expand_hostname.lo `test -f 'expand_hostname.c' || echo '$(srcdir)/'`expand_hostname.c + +libkrb5_la-expand_path.lo: expand_path.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-expand_path.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-expand_path.Tpo -c -o libkrb5_la-expand_path.lo `test -f 'expand_path.c' || echo '$(srcdir)/'`expand_path.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-expand_path.Tpo $(DEPDIR)/libkrb5_la-expand_path.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='expand_path.c' object='libkrb5_la-expand_path.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-expand_path.lo `test -f 'expand_path.c' || echo '$(srcdir)/'`expand_path.c libkrb5_la-fcache.lo: fcache.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-fcache.lo `test -f 'fcache.c' || echo '$(srcdir)/'`fcache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-fcache.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-fcache.Tpo -c -o libkrb5_la-fcache.lo `test -f 'fcache.c' || echo '$(srcdir)/'`fcache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-fcache.Tpo $(DEPDIR)/libkrb5_la-fcache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fcache.c' object='libkrb5_la-fcache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-fcache.lo `test -f 'fcache.c' || echo '$(srcdir)/'`fcache.c libkrb5_la-free.lo: free.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free.lo `test -f 'free.c' || echo '$(srcdir)/'`free.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-free.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-free.Tpo -c -o libkrb5_la-free.lo `test -f 'free.c' || echo '$(srcdir)/'`free.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-free.Tpo $(DEPDIR)/libkrb5_la-free.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='free.c' object='libkrb5_la-free.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free.lo `test -f 'free.c' || echo '$(srcdir)/'`free.c libkrb5_la-free_host_realm.lo: free_host_realm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free_host_realm.lo `test -f 'free_host_realm.c' || echo '$(srcdir)/'`free_host_realm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-free_host_realm.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-free_host_realm.Tpo -c -o libkrb5_la-free_host_realm.lo `test -f 'free_host_realm.c' || echo '$(srcdir)/'`free_host_realm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-free_host_realm.Tpo $(DEPDIR)/libkrb5_la-free_host_realm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='free_host_realm.c' object='libkrb5_la-free_host_realm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-free_host_realm.lo `test -f 'free_host_realm.c' || echo '$(srcdir)/'`free_host_realm.c libkrb5_la-generate_seq_number.lo: generate_seq_number.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_seq_number.lo `test -f 'generate_seq_number.c' || echo '$(srcdir)/'`generate_seq_number.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-generate_seq_number.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-generate_seq_number.Tpo -c -o libkrb5_la-generate_seq_number.lo `test -f 'generate_seq_number.c' || echo '$(srcdir)/'`generate_seq_number.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-generate_seq_number.Tpo $(DEPDIR)/libkrb5_la-generate_seq_number.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='generate_seq_number.c' object='libkrb5_la-generate_seq_number.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_seq_number.lo `test -f 'generate_seq_number.c' || echo '$(srcdir)/'`generate_seq_number.c libkrb5_la-generate_subkey.lo: generate_subkey.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_subkey.lo `test -f 'generate_subkey.c' || echo '$(srcdir)/'`generate_subkey.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-generate_subkey.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-generate_subkey.Tpo -c -o libkrb5_la-generate_subkey.lo `test -f 'generate_subkey.c' || echo '$(srcdir)/'`generate_subkey.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-generate_subkey.Tpo $(DEPDIR)/libkrb5_la-generate_subkey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='generate_subkey.c' object='libkrb5_la-generate_subkey.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-generate_subkey.lo `test -f 'generate_subkey.c' || echo '$(srcdir)/'`generate_subkey.c libkrb5_la-get_addrs.lo: get_addrs.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_addrs.lo `test -f 'get_addrs.c' || echo '$(srcdir)/'`get_addrs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_addrs.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_addrs.Tpo -c -o libkrb5_la-get_addrs.lo `test -f 'get_addrs.c' || echo '$(srcdir)/'`get_addrs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_addrs.Tpo $(DEPDIR)/libkrb5_la-get_addrs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_addrs.c' object='libkrb5_la-get_addrs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_addrs.lo `test -f 'get_addrs.c' || echo '$(srcdir)/'`get_addrs.c libkrb5_la-get_cred.lo: get_cred.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_cred.lo `test -f 'get_cred.c' || echo '$(srcdir)/'`get_cred.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_cred.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_cred.Tpo -c -o libkrb5_la-get_cred.lo `test -f 'get_cred.c' || echo '$(srcdir)/'`get_cred.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_cred.Tpo $(DEPDIR)/libkrb5_la-get_cred.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_cred.c' object='libkrb5_la-get_cred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_cred.lo `test -f 'get_cred.c' || echo '$(srcdir)/'`get_cred.c libkrb5_la-get_default_principal.lo: get_default_principal.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_principal.lo `test -f 'get_default_principal.c' || echo '$(srcdir)/'`get_default_principal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_default_principal.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_default_principal.Tpo -c -o libkrb5_la-get_default_principal.lo `test -f 'get_default_principal.c' || echo '$(srcdir)/'`get_default_principal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_default_principal.Tpo $(DEPDIR)/libkrb5_la-get_default_principal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_default_principal.c' object='libkrb5_la-get_default_principal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_principal.lo `test -f 'get_default_principal.c' || echo '$(srcdir)/'`get_default_principal.c libkrb5_la-get_default_realm.lo: get_default_realm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_realm.lo `test -f 'get_default_realm.c' || echo '$(srcdir)/'`get_default_realm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_default_realm.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_default_realm.Tpo -c -o libkrb5_la-get_default_realm.lo `test -f 'get_default_realm.c' || echo '$(srcdir)/'`get_default_realm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_default_realm.Tpo $(DEPDIR)/libkrb5_la-get_default_realm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_default_realm.c' object='libkrb5_la-get_default_realm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_default_realm.lo `test -f 'get_default_realm.c' || echo '$(srcdir)/'`get_default_realm.c libkrb5_la-get_for_creds.lo: get_for_creds.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_for_creds.lo `test -f 'get_for_creds.c' || echo '$(srcdir)/'`get_for_creds.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_for_creds.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_for_creds.Tpo -c -o libkrb5_la-get_for_creds.lo `test -f 'get_for_creds.c' || echo '$(srcdir)/'`get_for_creds.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_for_creds.Tpo $(DEPDIR)/libkrb5_la-get_for_creds.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_for_creds.c' object='libkrb5_la-get_for_creds.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_for_creds.lo `test -f 'get_for_creds.c' || echo '$(srcdir)/'`get_for_creds.c libkrb5_la-get_host_realm.lo: get_host_realm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_host_realm.lo `test -f 'get_host_realm.c' || echo '$(srcdir)/'`get_host_realm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_host_realm.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_host_realm.Tpo -c -o libkrb5_la-get_host_realm.lo `test -f 'get_host_realm.c' || echo '$(srcdir)/'`get_host_realm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_host_realm.Tpo $(DEPDIR)/libkrb5_la-get_host_realm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_host_realm.c' object='libkrb5_la-get_host_realm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_host_realm.lo `test -f 'get_host_realm.c' || echo '$(srcdir)/'`get_host_realm.c libkrb5_la-get_in_tkt.lo: get_in_tkt.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt.lo `test -f 'get_in_tkt.c' || echo '$(srcdir)/'`get_in_tkt.c - -libkrb5_la-get_in_tkt_pw.lo: get_in_tkt_pw.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_pw.lo `test -f 'get_in_tkt_pw.c' || echo '$(srcdir)/'`get_in_tkt_pw.c - -libkrb5_la-get_in_tkt_with_keytab.lo: get_in_tkt_with_keytab.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_keytab.lo `test -f 'get_in_tkt_with_keytab.c' || echo '$(srcdir)/'`get_in_tkt_with_keytab.c - -libkrb5_la-get_in_tkt_with_skey.lo: get_in_tkt_with_skey.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt_with_skey.lo `test -f 'get_in_tkt_with_skey.c' || echo '$(srcdir)/'`get_in_tkt_with_skey.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_in_tkt.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_in_tkt.Tpo -c -o libkrb5_la-get_in_tkt.lo `test -f 'get_in_tkt.c' || echo '$(srcdir)/'`get_in_tkt.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_in_tkt.Tpo $(DEPDIR)/libkrb5_la-get_in_tkt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_in_tkt.c' object='libkrb5_la-get_in_tkt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_in_tkt.lo `test -f 'get_in_tkt.c' || echo '$(srcdir)/'`get_in_tkt.c libkrb5_la-get_port.lo: get_port.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_port.lo `test -f 'get_port.c' || echo '$(srcdir)/'`get_port.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-get_port.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-get_port.Tpo -c -o libkrb5_la-get_port.lo `test -f 'get_port.c' || echo '$(srcdir)/'`get_port.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-get_port.Tpo $(DEPDIR)/libkrb5_la-get_port.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_port.c' object='libkrb5_la-get_port.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-get_port.lo `test -f 'get_port.c' || echo '$(srcdir)/'`get_port.c libkrb5_la-init_creds.lo: init_creds.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds.lo `test -f 'init_creds.c' || echo '$(srcdir)/'`init_creds.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-init_creds.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-init_creds.Tpo -c -o libkrb5_la-init_creds.lo `test -f 'init_creds.c' || echo '$(srcdir)/'`init_creds.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-init_creds.Tpo $(DEPDIR)/libkrb5_la-init_creds.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='init_creds.c' object='libkrb5_la-init_creds.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds.lo `test -f 'init_creds.c' || echo '$(srcdir)/'`init_creds.c libkrb5_la-init_creds_pw.lo: init_creds_pw.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds_pw.lo `test -f 'init_creds_pw.c' || echo '$(srcdir)/'`init_creds_pw.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-init_creds_pw.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-init_creds_pw.Tpo -c -o libkrb5_la-init_creds_pw.lo `test -f 'init_creds_pw.c' || echo '$(srcdir)/'`init_creds_pw.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-init_creds_pw.Tpo $(DEPDIR)/libkrb5_la-init_creds_pw.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='init_creds_pw.c' object='libkrb5_la-init_creds_pw.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-init_creds_pw.lo `test -f 'init_creds_pw.c' || echo '$(srcdir)/'`init_creds_pw.c libkrb5_la-kcm.lo: kcm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kcm.lo `test -f 'kcm.c' || echo '$(srcdir)/'`kcm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-kcm.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-kcm.Tpo -c -o libkrb5_la-kcm.lo `test -f 'kcm.c' || echo '$(srcdir)/'`kcm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-kcm.Tpo $(DEPDIR)/libkrb5_la-kcm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kcm.c' object='libkrb5_la-kcm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kcm.lo `test -f 'kcm.c' || echo '$(srcdir)/'`kcm.c libkrb5_la-keyblock.lo: keyblock.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-keyblock.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-keyblock.Tpo -c -o libkrb5_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-keyblock.Tpo $(DEPDIR)/libkrb5_la-keyblock.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keyblock.c' object='libkrb5_la-keyblock.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c libkrb5_la-keytab.lo: keytab.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-keytab.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-keytab.Tpo -c -o libkrb5_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-keytab.Tpo $(DEPDIR)/libkrb5_la-keytab.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytab.c' object='libkrb5_la-keytab.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c libkrb5_la-keytab_any.lo: keytab_any.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_any.lo `test -f 'keytab_any.c' || echo '$(srcdir)/'`keytab_any.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-keytab_any.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-keytab_any.Tpo -c -o libkrb5_la-keytab_any.lo `test -f 'keytab_any.c' || echo '$(srcdir)/'`keytab_any.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-keytab_any.Tpo $(DEPDIR)/libkrb5_la-keytab_any.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytab_any.c' object='libkrb5_la-keytab_any.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_any.lo `test -f 'keytab_any.c' || echo '$(srcdir)/'`keytab_any.c libkrb5_la-keytab_file.lo: keytab_file.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_file.lo `test -f 'keytab_file.c' || echo '$(srcdir)/'`keytab_file.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-keytab_file.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-keytab_file.Tpo -c -o libkrb5_la-keytab_file.lo `test -f 'keytab_file.c' || echo '$(srcdir)/'`keytab_file.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-keytab_file.Tpo $(DEPDIR)/libkrb5_la-keytab_file.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytab_file.c' object='libkrb5_la-keytab_file.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_file.lo `test -f 'keytab_file.c' || echo '$(srcdir)/'`keytab_file.c libkrb5_la-keytab_keyfile.lo: keytab_keyfile.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_keyfile.lo `test -f 'keytab_keyfile.c' || echo '$(srcdir)/'`keytab_keyfile.c - -libkrb5_la-keytab_krb4.lo: keytab_krb4.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_krb4.lo `test -f 'keytab_krb4.c' || echo '$(srcdir)/'`keytab_krb4.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-keytab_keyfile.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-keytab_keyfile.Tpo -c -o libkrb5_la-keytab_keyfile.lo `test -f 'keytab_keyfile.c' || echo '$(srcdir)/'`keytab_keyfile.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-keytab_keyfile.Tpo $(DEPDIR)/libkrb5_la-keytab_keyfile.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytab_keyfile.c' object='libkrb5_la-keytab_keyfile.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_keyfile.lo `test -f 'keytab_keyfile.c' || echo '$(srcdir)/'`keytab_keyfile.c libkrb5_la-keytab_memory.lo: keytab_memory.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_memory.lo `test -f 'keytab_memory.c' || echo '$(srcdir)/'`keytab_memory.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-keytab_memory.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-keytab_memory.Tpo -c -o libkrb5_la-keytab_memory.lo `test -f 'keytab_memory.c' || echo '$(srcdir)/'`keytab_memory.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-keytab_memory.Tpo $(DEPDIR)/libkrb5_la-keytab_memory.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytab_memory.c' object='libkrb5_la-keytab_memory.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-keytab_memory.lo `test -f 'keytab_memory.c' || echo '$(srcdir)/'`keytab_memory.c libkrb5_la-krbhst.lo: krbhst.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krbhst.lo `test -f 'krbhst.c' || echo '$(srcdir)/'`krbhst.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-krbhst.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-krbhst.Tpo -c -o libkrb5_la-krbhst.lo `test -f 'krbhst.c' || echo '$(srcdir)/'`krbhst.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-krbhst.Tpo $(DEPDIR)/libkrb5_la-krbhst.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='krbhst.c' object='libkrb5_la-krbhst.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krbhst.lo `test -f 'krbhst.c' || echo '$(srcdir)/'`krbhst.c libkrb5_la-kuserok.lo: kuserok.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kuserok.lo `test -f 'kuserok.c' || echo '$(srcdir)/'`kuserok.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-kuserok.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-kuserok.Tpo -c -o libkrb5_la-kuserok.lo `test -f 'kuserok.c' || echo '$(srcdir)/'`kuserok.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-kuserok.Tpo $(DEPDIR)/libkrb5_la-kuserok.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kuserok.c' object='libkrb5_la-kuserok.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-kuserok.lo `test -f 'kuserok.c' || echo '$(srcdir)/'`kuserok.c libkrb5_la-log.lo: log.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-log.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-log.Tpo -c -o libkrb5_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-log.Tpo $(DEPDIR)/libkrb5_la-log.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='libkrb5_la-log.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c libkrb5_la-mcache.lo: mcache.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mcache.lo `test -f 'mcache.c' || echo '$(srcdir)/'`mcache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mcache.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mcache.Tpo -c -o libkrb5_la-mcache.lo `test -f 'mcache.c' || echo '$(srcdir)/'`mcache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mcache.Tpo $(DEPDIR)/libkrb5_la-mcache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mcache.c' object='libkrb5_la-mcache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mcache.lo `test -f 'mcache.c' || echo '$(srcdir)/'`mcache.c libkrb5_la-misc.lo: misc.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-misc.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-misc.Tpo -c -o libkrb5_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-misc.Tpo $(DEPDIR)/libkrb5_la-misc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='misc.c' object='libkrb5_la-misc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c libkrb5_la-mk_error.lo: mk_error.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_error.lo `test -f 'mk_error.c' || echo '$(srcdir)/'`mk_error.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mk_error.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mk_error.Tpo -c -o libkrb5_la-mk_error.lo `test -f 'mk_error.c' || echo '$(srcdir)/'`mk_error.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mk_error.Tpo $(DEPDIR)/libkrb5_la-mk_error.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mk_error.c' object='libkrb5_la-mk_error.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_error.lo `test -f 'mk_error.c' || echo '$(srcdir)/'`mk_error.c libkrb5_la-mk_priv.lo: mk_priv.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_priv.lo `test -f 'mk_priv.c' || echo '$(srcdir)/'`mk_priv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mk_priv.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mk_priv.Tpo -c -o libkrb5_la-mk_priv.lo `test -f 'mk_priv.c' || echo '$(srcdir)/'`mk_priv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mk_priv.Tpo $(DEPDIR)/libkrb5_la-mk_priv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mk_priv.c' object='libkrb5_la-mk_priv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_priv.lo `test -f 'mk_priv.c' || echo '$(srcdir)/'`mk_priv.c libkrb5_la-mk_rep.lo: mk_rep.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_rep.lo `test -f 'mk_rep.c' || echo '$(srcdir)/'`mk_rep.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mk_rep.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mk_rep.Tpo -c -o libkrb5_la-mk_rep.lo `test -f 'mk_rep.c' || echo '$(srcdir)/'`mk_rep.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mk_rep.Tpo $(DEPDIR)/libkrb5_la-mk_rep.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mk_rep.c' object='libkrb5_la-mk_rep.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_rep.lo `test -f 'mk_rep.c' || echo '$(srcdir)/'`mk_rep.c libkrb5_la-mk_req.lo: mk_req.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req.lo `test -f 'mk_req.c' || echo '$(srcdir)/'`mk_req.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mk_req.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mk_req.Tpo -c -o libkrb5_la-mk_req.lo `test -f 'mk_req.c' || echo '$(srcdir)/'`mk_req.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mk_req.Tpo $(DEPDIR)/libkrb5_la-mk_req.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mk_req.c' object='libkrb5_la-mk_req.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req.lo `test -f 'mk_req.c' || echo '$(srcdir)/'`mk_req.c libkrb5_la-mk_req_ext.lo: mk_req_ext.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req_ext.lo `test -f 'mk_req_ext.c' || echo '$(srcdir)/'`mk_req_ext.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mk_req_ext.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mk_req_ext.Tpo -c -o libkrb5_la-mk_req_ext.lo `test -f 'mk_req_ext.c' || echo '$(srcdir)/'`mk_req_ext.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mk_req_ext.Tpo $(DEPDIR)/libkrb5_la-mk_req_ext.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mk_req_ext.c' object='libkrb5_la-mk_req_ext.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_req_ext.lo `test -f 'mk_req_ext.c' || echo '$(srcdir)/'`mk_req_ext.c libkrb5_la-mk_safe.lo: mk_safe.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_safe.lo `test -f 'mk_safe.c' || echo '$(srcdir)/'`mk_safe.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mk_safe.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mk_safe.Tpo -c -o libkrb5_la-mk_safe.lo `test -f 'mk_safe.c' || echo '$(srcdir)/'`mk_safe.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mk_safe.Tpo $(DEPDIR)/libkrb5_la-mk_safe.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mk_safe.c' object='libkrb5_la-mk_safe.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mk_safe.lo `test -f 'mk_safe.c' || echo '$(srcdir)/'`mk_safe.c libkrb5_la-mit_glue.lo: mit_glue.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mit_glue.lo `test -f 'mit_glue.c' || echo '$(srcdir)/'`mit_glue.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-mit_glue.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-mit_glue.Tpo -c -o libkrb5_la-mit_glue.lo `test -f 'mit_glue.c' || echo '$(srcdir)/'`mit_glue.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-mit_glue.Tpo $(DEPDIR)/libkrb5_la-mit_glue.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mit_glue.c' object='libkrb5_la-mit_glue.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-mit_glue.lo `test -f 'mit_glue.c' || echo '$(srcdir)/'`mit_glue.c libkrb5_la-net_read.lo: net_read.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-net_read.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-net_read.Tpo -c -o libkrb5_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-net_read.Tpo $(DEPDIR)/libkrb5_la-net_read.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='net_read.c' object='libkrb5_la-net_read.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c libkrb5_la-net_write.lo: net_write.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-net_write.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-net_write.Tpo -c -o libkrb5_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-net_write.Tpo $(DEPDIR)/libkrb5_la-net_write.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='net_write.c' object='libkrb5_la-net_write.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c libkrb5_la-n-fold.lo: n-fold.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-n-fold.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-n-fold.Tpo -c -o libkrb5_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-n-fold.Tpo $(DEPDIR)/libkrb5_la-n-fold.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='n-fold.c' object='libkrb5_la-n-fold.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c libkrb5_la-pac.lo: pac.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pac.lo `test -f 'pac.c' || echo '$(srcdir)/'`pac.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-pac.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-pac.Tpo -c -o libkrb5_la-pac.lo `test -f 'pac.c' || echo '$(srcdir)/'`pac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-pac.Tpo $(DEPDIR)/libkrb5_la-pac.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pac.c' object='libkrb5_la-pac.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pac.lo `test -f 'pac.c' || echo '$(srcdir)/'`pac.c libkrb5_la-padata.lo: padata.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-padata.lo `test -f 'padata.c' || echo '$(srcdir)/'`padata.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-padata.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-padata.Tpo -c -o libkrb5_la-padata.lo `test -f 'padata.c' || echo '$(srcdir)/'`padata.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-padata.Tpo $(DEPDIR)/libkrb5_la-padata.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='padata.c' object='libkrb5_la-padata.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-padata.lo `test -f 'padata.c' || echo '$(srcdir)/'`padata.c + +libkrb5_la-pcache.lo: pcache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-pcache.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-pcache.Tpo -c -o libkrb5_la-pcache.lo `test -f 'pcache.c' || echo '$(srcdir)/'`pcache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-pcache.Tpo $(DEPDIR)/libkrb5_la-pcache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pcache.c' object='libkrb5_la-pcache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pcache.lo `test -f 'pcache.c' || echo '$(srcdir)/'`pcache.c libkrb5_la-pkinit.lo: pkinit.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pkinit.lo `test -f 'pkinit.c' || echo '$(srcdir)/'`pkinit.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-pkinit.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-pkinit.Tpo -c -o libkrb5_la-pkinit.lo `test -f 'pkinit.c' || echo '$(srcdir)/'`pkinit.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-pkinit.Tpo $(DEPDIR)/libkrb5_la-pkinit.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pkinit.c' object='libkrb5_la-pkinit.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-pkinit.lo `test -f 'pkinit.c' || echo '$(srcdir)/'`pkinit.c libkrb5_la-principal.lo: principal.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-principal.lo `test -f 'principal.c' || echo '$(srcdir)/'`principal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-principal.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-principal.Tpo -c -o libkrb5_la-principal.lo `test -f 'principal.c' || echo '$(srcdir)/'`principal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-principal.Tpo $(DEPDIR)/libkrb5_la-principal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='principal.c' object='libkrb5_la-principal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-principal.lo `test -f 'principal.c' || echo '$(srcdir)/'`principal.c libkrb5_la-prog_setup.lo: prog_setup.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prog_setup.lo `test -f 'prog_setup.c' || echo '$(srcdir)/'`prog_setup.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-prog_setup.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-prog_setup.Tpo -c -o libkrb5_la-prog_setup.lo `test -f 'prog_setup.c' || echo '$(srcdir)/'`prog_setup.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-prog_setup.Tpo $(DEPDIR)/libkrb5_la-prog_setup.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='prog_setup.c' object='libkrb5_la-prog_setup.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prog_setup.lo `test -f 'prog_setup.c' || echo '$(srcdir)/'`prog_setup.c libkrb5_la-prompter_posix.lo: prompter_posix.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prompter_posix.lo `test -f 'prompter_posix.c' || echo '$(srcdir)/'`prompter_posix.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-prompter_posix.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-prompter_posix.Tpo -c -o libkrb5_la-prompter_posix.lo `test -f 'prompter_posix.c' || echo '$(srcdir)/'`prompter_posix.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-prompter_posix.Tpo $(DEPDIR)/libkrb5_la-prompter_posix.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='prompter_posix.c' object='libkrb5_la-prompter_posix.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-prompter_posix.lo `test -f 'prompter_posix.c' || echo '$(srcdir)/'`prompter_posix.c libkrb5_la-rd_cred.lo: rd_cred.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_cred.lo `test -f 'rd_cred.c' || echo '$(srcdir)/'`rd_cred.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-rd_cred.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-rd_cred.Tpo -c -o libkrb5_la-rd_cred.lo `test -f 'rd_cred.c' || echo '$(srcdir)/'`rd_cred.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-rd_cred.Tpo $(DEPDIR)/libkrb5_la-rd_cred.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rd_cred.c' object='libkrb5_la-rd_cred.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_cred.lo `test -f 'rd_cred.c' || echo '$(srcdir)/'`rd_cred.c libkrb5_la-rd_error.lo: rd_error.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_error.lo `test -f 'rd_error.c' || echo '$(srcdir)/'`rd_error.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-rd_error.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-rd_error.Tpo -c -o libkrb5_la-rd_error.lo `test -f 'rd_error.c' || echo '$(srcdir)/'`rd_error.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-rd_error.Tpo $(DEPDIR)/libkrb5_la-rd_error.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rd_error.c' object='libkrb5_la-rd_error.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_error.lo `test -f 'rd_error.c' || echo '$(srcdir)/'`rd_error.c libkrb5_la-rd_priv.lo: rd_priv.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_priv.lo `test -f 'rd_priv.c' || echo '$(srcdir)/'`rd_priv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-rd_priv.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-rd_priv.Tpo -c -o libkrb5_la-rd_priv.lo `test -f 'rd_priv.c' || echo '$(srcdir)/'`rd_priv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-rd_priv.Tpo $(DEPDIR)/libkrb5_la-rd_priv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rd_priv.c' object='libkrb5_la-rd_priv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_priv.lo `test -f 'rd_priv.c' || echo '$(srcdir)/'`rd_priv.c libkrb5_la-rd_rep.lo: rd_rep.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_rep.lo `test -f 'rd_rep.c' || echo '$(srcdir)/'`rd_rep.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-rd_rep.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-rd_rep.Tpo -c -o libkrb5_la-rd_rep.lo `test -f 'rd_rep.c' || echo '$(srcdir)/'`rd_rep.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-rd_rep.Tpo $(DEPDIR)/libkrb5_la-rd_rep.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rd_rep.c' object='libkrb5_la-rd_rep.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_rep.lo `test -f 'rd_rep.c' || echo '$(srcdir)/'`rd_rep.c libkrb5_la-rd_req.lo: rd_req.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_req.lo `test -f 'rd_req.c' || echo '$(srcdir)/'`rd_req.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-rd_req.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-rd_req.Tpo -c -o libkrb5_la-rd_req.lo `test -f 'rd_req.c' || echo '$(srcdir)/'`rd_req.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-rd_req.Tpo $(DEPDIR)/libkrb5_la-rd_req.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rd_req.c' object='libkrb5_la-rd_req.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_req.lo `test -f 'rd_req.c' || echo '$(srcdir)/'`rd_req.c libkrb5_la-rd_safe.lo: rd_safe.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_safe.lo `test -f 'rd_safe.c' || echo '$(srcdir)/'`rd_safe.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-rd_safe.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-rd_safe.Tpo -c -o libkrb5_la-rd_safe.lo `test -f 'rd_safe.c' || echo '$(srcdir)/'`rd_safe.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-rd_safe.Tpo $(DEPDIR)/libkrb5_la-rd_safe.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rd_safe.c' object='libkrb5_la-rd_safe.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-rd_safe.lo `test -f 'rd_safe.c' || echo '$(srcdir)/'`rd_safe.c libkrb5_la-read_message.lo: read_message.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-read_message.lo `test -f 'read_message.c' || echo '$(srcdir)/'`read_message.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-read_message.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-read_message.Tpo -c -o libkrb5_la-read_message.lo `test -f 'read_message.c' || echo '$(srcdir)/'`read_message.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-read_message.Tpo $(DEPDIR)/libkrb5_la-read_message.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='read_message.c' object='libkrb5_la-read_message.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-read_message.lo `test -f 'read_message.c' || echo '$(srcdir)/'`read_message.c libkrb5_la-recvauth.lo: recvauth.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-recvauth.lo `test -f 'recvauth.c' || echo '$(srcdir)/'`recvauth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-recvauth.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-recvauth.Tpo -c -o libkrb5_la-recvauth.lo `test -f 'recvauth.c' || echo '$(srcdir)/'`recvauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-recvauth.Tpo $(DEPDIR)/libkrb5_la-recvauth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='recvauth.c' object='libkrb5_la-recvauth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-recvauth.lo `test -f 'recvauth.c' || echo '$(srcdir)/'`recvauth.c libkrb5_la-replay.lo: replay.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-replay.lo `test -f 'replay.c' || echo '$(srcdir)/'`replay.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-replay.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-replay.Tpo -c -o libkrb5_la-replay.lo `test -f 'replay.c' || echo '$(srcdir)/'`replay.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-replay.Tpo $(DEPDIR)/libkrb5_la-replay.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='replay.c' object='libkrb5_la-replay.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-replay.lo `test -f 'replay.c' || echo '$(srcdir)/'`replay.c + +libkrb5_la-salt.lo: salt.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-salt.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-salt.Tpo -c -o libkrb5_la-salt.lo `test -f 'salt.c' || echo '$(srcdir)/'`salt.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-salt.Tpo $(DEPDIR)/libkrb5_la-salt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt.c' object='libkrb5_la-salt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-salt.lo `test -f 'salt.c' || echo '$(srcdir)/'`salt.c + +libkrb5_la-salt-aes.lo: salt-aes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-salt-aes.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-salt-aes.Tpo -c -o libkrb5_la-salt-aes.lo `test -f 'salt-aes.c' || echo '$(srcdir)/'`salt-aes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-salt-aes.Tpo $(DEPDIR)/libkrb5_la-salt-aes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-aes.c' object='libkrb5_la-salt-aes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-salt-aes.lo `test -f 'salt-aes.c' || echo '$(srcdir)/'`salt-aes.c + +libkrb5_la-salt-arcfour.lo: salt-arcfour.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-salt-arcfour.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-salt-arcfour.Tpo -c -o libkrb5_la-salt-arcfour.lo `test -f 'salt-arcfour.c' || echo '$(srcdir)/'`salt-arcfour.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-salt-arcfour.Tpo $(DEPDIR)/libkrb5_la-salt-arcfour.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-arcfour.c' object='libkrb5_la-salt-arcfour.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-salt-arcfour.lo `test -f 'salt-arcfour.c' || echo '$(srcdir)/'`salt-arcfour.c + +libkrb5_la-salt-des.lo: salt-des.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-salt-des.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-salt-des.Tpo -c -o libkrb5_la-salt-des.lo `test -f 'salt-des.c' || echo '$(srcdir)/'`salt-des.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-salt-des.Tpo $(DEPDIR)/libkrb5_la-salt-des.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-des.c' object='libkrb5_la-salt-des.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-salt-des.lo `test -f 'salt-des.c' || echo '$(srcdir)/'`salt-des.c + +libkrb5_la-salt-des3.lo: salt-des3.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-salt-des3.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-salt-des3.Tpo -c -o libkrb5_la-salt-des3.lo `test -f 'salt-des3.c' || echo '$(srcdir)/'`salt-des3.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-salt-des3.Tpo $(DEPDIR)/libkrb5_la-salt-des3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-des3.c' object='libkrb5_la-salt-des3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-salt-des3.lo `test -f 'salt-des3.c' || echo '$(srcdir)/'`salt-des3.c + +libkrb5_la-scache.lo: scache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-scache.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-scache.Tpo -c -o libkrb5_la-scache.lo `test -f 'scache.c' || echo '$(srcdir)/'`scache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-scache.Tpo $(DEPDIR)/libkrb5_la-scache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='scache.c' object='libkrb5_la-scache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-scache.lo `test -f 'scache.c' || echo '$(srcdir)/'`scache.c libkrb5_la-send_to_kdc.lo: send_to_kdc.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-send_to_kdc.lo `test -f 'send_to_kdc.c' || echo '$(srcdir)/'`send_to_kdc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-send_to_kdc.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-send_to_kdc.Tpo -c -o libkrb5_la-send_to_kdc.lo `test -f 'send_to_kdc.c' || echo '$(srcdir)/'`send_to_kdc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-send_to_kdc.Tpo $(DEPDIR)/libkrb5_la-send_to_kdc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='send_to_kdc.c' object='libkrb5_la-send_to_kdc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-send_to_kdc.lo `test -f 'send_to_kdc.c' || echo '$(srcdir)/'`send_to_kdc.c libkrb5_la-sendauth.lo: sendauth.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sendauth.lo `test -f 'sendauth.c' || echo '$(srcdir)/'`sendauth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-sendauth.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-sendauth.Tpo -c -o libkrb5_la-sendauth.lo `test -f 'sendauth.c' || echo '$(srcdir)/'`sendauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-sendauth.Tpo $(DEPDIR)/libkrb5_la-sendauth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sendauth.c' object='libkrb5_la-sendauth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sendauth.lo `test -f 'sendauth.c' || echo '$(srcdir)/'`sendauth.c libkrb5_la-set_default_realm.lo: set_default_realm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-set_default_realm.lo `test -f 'set_default_realm.c' || echo '$(srcdir)/'`set_default_realm.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-set_default_realm.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-set_default_realm.Tpo -c -o libkrb5_la-set_default_realm.lo `test -f 'set_default_realm.c' || echo '$(srcdir)/'`set_default_realm.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-set_default_realm.Tpo $(DEPDIR)/libkrb5_la-set_default_realm.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='set_default_realm.c' object='libkrb5_la-set_default_realm.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-set_default_realm.lo `test -f 'set_default_realm.c' || echo '$(srcdir)/'`set_default_realm.c libkrb5_la-sock_principal.lo: sock_principal.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sock_principal.lo `test -f 'sock_principal.c' || echo '$(srcdir)/'`sock_principal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-sock_principal.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-sock_principal.Tpo -c -o libkrb5_la-sock_principal.lo `test -f 'sock_principal.c' || echo '$(srcdir)/'`sock_principal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-sock_principal.Tpo $(DEPDIR)/libkrb5_la-sock_principal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sock_principal.c' object='libkrb5_la-sock_principal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-sock_principal.lo `test -f 'sock_principal.c' || echo '$(srcdir)/'`sock_principal.c libkrb5_la-store.lo: store.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store.lo `test -f 'store.c' || echo '$(srcdir)/'`store.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-store.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-store.Tpo -c -o libkrb5_la-store.lo `test -f 'store.c' || echo '$(srcdir)/'`store.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-store.Tpo $(DEPDIR)/libkrb5_la-store.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='store.c' object='libkrb5_la-store.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store.lo `test -f 'store.c' || echo '$(srcdir)/'`store.c + +libkrb5_la-store-int.lo: store-int.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-store-int.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-store-int.Tpo -c -o libkrb5_la-store-int.lo `test -f 'store-int.c' || echo '$(srcdir)/'`store-int.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-store-int.Tpo $(DEPDIR)/libkrb5_la-store-int.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='store-int.c' object='libkrb5_la-store-int.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store-int.lo `test -f 'store-int.c' || echo '$(srcdir)/'`store-int.c libkrb5_la-store_emem.lo: store_emem.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_emem.lo `test -f 'store_emem.c' || echo '$(srcdir)/'`store_emem.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-store_emem.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-store_emem.Tpo -c -o libkrb5_la-store_emem.lo `test -f 'store_emem.c' || echo '$(srcdir)/'`store_emem.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-store_emem.Tpo $(DEPDIR)/libkrb5_la-store_emem.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='store_emem.c' object='libkrb5_la-store_emem.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_emem.lo `test -f 'store_emem.c' || echo '$(srcdir)/'`store_emem.c libkrb5_la-store_fd.lo: store_fd.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_fd.lo `test -f 'store_fd.c' || echo '$(srcdir)/'`store_fd.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-store_fd.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-store_fd.Tpo -c -o libkrb5_la-store_fd.lo `test -f 'store_fd.c' || echo '$(srcdir)/'`store_fd.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-store_fd.Tpo $(DEPDIR)/libkrb5_la-store_fd.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='store_fd.c' object='libkrb5_la-store_fd.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_fd.lo `test -f 'store_fd.c' || echo '$(srcdir)/'`store_fd.c libkrb5_la-store_mem.lo: store_mem.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_mem.lo `test -f 'store_mem.c' || echo '$(srcdir)/'`store_mem.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-store_mem.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-store_mem.Tpo -c -o libkrb5_la-store_mem.lo `test -f 'store_mem.c' || echo '$(srcdir)/'`store_mem.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-store_mem.Tpo $(DEPDIR)/libkrb5_la-store_mem.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='store_mem.c' object='libkrb5_la-store_mem.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-store_mem.lo `test -f 'store_mem.c' || echo '$(srcdir)/'`store_mem.c libkrb5_la-plugin.lo: plugin.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-plugin.lo `test -f 'plugin.c' || echo '$(srcdir)/'`plugin.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-plugin.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-plugin.Tpo -c -o libkrb5_la-plugin.lo `test -f 'plugin.c' || echo '$(srcdir)/'`plugin.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-plugin.Tpo $(DEPDIR)/libkrb5_la-plugin.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='plugin.c' object='libkrb5_la-plugin.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-plugin.lo `test -f 'plugin.c' || echo '$(srcdir)/'`plugin.c libkrb5_la-ticket.lo: ticket.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-ticket.lo `test -f 'ticket.c' || echo '$(srcdir)/'`ticket.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-ticket.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-ticket.Tpo -c -o libkrb5_la-ticket.lo `test -f 'ticket.c' || echo '$(srcdir)/'`ticket.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-ticket.Tpo $(DEPDIR)/libkrb5_la-ticket.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ticket.c' object='libkrb5_la-ticket.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-ticket.lo `test -f 'ticket.c' || echo '$(srcdir)/'`ticket.c libkrb5_la-time.lo: time.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-time.lo `test -f 'time.c' || echo '$(srcdir)/'`time.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-time.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-time.Tpo -c -o libkrb5_la-time.lo `test -f 'time.c' || echo '$(srcdir)/'`time.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-time.Tpo $(DEPDIR)/libkrb5_la-time.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='time.c' object='libkrb5_la-time.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-time.lo `test -f 'time.c' || echo '$(srcdir)/'`time.c libkrb5_la-transited.lo: transited.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-transited.lo `test -f 'transited.c' || echo '$(srcdir)/'`transited.c - -libkrb5_la-v4_glue.lo: v4_glue.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-v4_glue.lo `test -f 'v4_glue.c' || echo '$(srcdir)/'`v4_glue.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-transited.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-transited.Tpo -c -o libkrb5_la-transited.lo `test -f 'transited.c' || echo '$(srcdir)/'`transited.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-transited.Tpo $(DEPDIR)/libkrb5_la-transited.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='transited.c' object='libkrb5_la-transited.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-transited.lo `test -f 'transited.c' || echo '$(srcdir)/'`transited.c libkrb5_la-verify_init.lo: verify_init.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_init.lo `test -f 'verify_init.c' || echo '$(srcdir)/'`verify_init.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-verify_init.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-verify_init.Tpo -c -o libkrb5_la-verify_init.lo `test -f 'verify_init.c' || echo '$(srcdir)/'`verify_init.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-verify_init.Tpo $(DEPDIR)/libkrb5_la-verify_init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='verify_init.c' object='libkrb5_la-verify_init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_init.lo `test -f 'verify_init.c' || echo '$(srcdir)/'`verify_init.c libkrb5_la-verify_user.lo: verify_user.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_user.lo `test -f 'verify_user.c' || echo '$(srcdir)/'`verify_user.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-verify_user.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-verify_user.Tpo -c -o libkrb5_la-verify_user.lo `test -f 'verify_user.c' || echo '$(srcdir)/'`verify_user.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-verify_user.Tpo $(DEPDIR)/libkrb5_la-verify_user.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='verify_user.c' object='libkrb5_la-verify_user.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-verify_user.lo `test -f 'verify_user.c' || echo '$(srcdir)/'`verify_user.c libkrb5_la-version.lo: version.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-version.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-version.Tpo -c -o libkrb5_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-version.Tpo $(DEPDIR)/libkrb5_la-version.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='version.c' object='libkrb5_la-version.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c libkrb5_la-warn.lo: warn.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-warn.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-warn.Tpo -c -o libkrb5_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-warn.Tpo $(DEPDIR)/libkrb5_la-warn.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='warn.c' object='libkrb5_la-warn.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c libkrb5_la-write_message.lo: write_message.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-write_message.lo `test -f 'write_message.c' || echo '$(srcdir)/'`write_message.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-write_message.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-write_message.Tpo -c -o libkrb5_la-write_message.lo `test -f 'write_message.c' || echo '$(srcdir)/'`write_message.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-write_message.Tpo $(DEPDIR)/libkrb5_la-write_message.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='write_message.c' object='libkrb5_la-write_message.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-write_message.lo `test -f 'write_message.c' || echo '$(srcdir)/'`write_message.c libkrb5_la-krb5_err.lo: krb5_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb5_err.lo `test -f 'krb5_err.c' || echo '$(srcdir)/'`krb5_err.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-krb5_err.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-krb5_err.Tpo -c -o libkrb5_la-krb5_err.lo `test -f 'krb5_err.c' || echo '$(srcdir)/'`krb5_err.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-krb5_err.Tpo $(DEPDIR)/libkrb5_la-krb5_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='krb5_err.c' object='libkrb5_la-krb5_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb5_err.lo `test -f 'krb5_err.c' || echo '$(srcdir)/'`krb5_err.c libkrb5_la-krb_err.lo: krb_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb_err.lo `test -f 'krb_err.c' || echo '$(srcdir)/'`krb_err.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-krb_err.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-krb_err.Tpo -c -o libkrb5_la-krb_err.lo `test -f 'krb_err.c' || echo '$(srcdir)/'`krb_err.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-krb_err.Tpo $(DEPDIR)/libkrb5_la-krb_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='krb_err.c' object='libkrb5_la-krb_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-krb_err.lo `test -f 'krb_err.c' || echo '$(srcdir)/'`krb_err.c libkrb5_la-heim_err.lo: heim_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-heim_err.lo `test -f 'heim_err.c' || echo '$(srcdir)/'`heim_err.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-heim_err.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-heim_err.Tpo -c -o libkrb5_la-heim_err.lo `test -f 'heim_err.c' || echo '$(srcdir)/'`heim_err.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-heim_err.Tpo $(DEPDIR)/libkrb5_la-heim_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='heim_err.c' object='libkrb5_la-heim_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-heim_err.lo `test -f 'heim_err.c' || echo '$(srcdir)/'`heim_err.c libkrb5_la-k524_err.lo: k524_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-k524_err.lo `test -f 'k524_err.c' || echo '$(srcdir)/'`k524_err.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libkrb5_la-k524_err.lo -MD -MP -MF $(DEPDIR)/libkrb5_la-k524_err.Tpo -c -o libkrb5_la-k524_err.lo `test -f 'k524_err.c' || echo '$(srcdir)/'`k524_err.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libkrb5_la-k524_err.Tpo $(DEPDIR)/libkrb5_la-k524_err.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='k524_err.c' object='libkrb5_la-k524_err.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libkrb5_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libkrb5_la-k524_err.lo `test -f 'k524_err.c' || echo '$(srcdir)/'`k524_err.c + +librfc3961_la-crc.lo: crc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crc.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crc.Tpo -c -o librfc3961_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crc.Tpo $(DEPDIR)/librfc3961_la-crc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crc.c' object='librfc3961_la-crc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crc.lo `test -f 'crc.c' || echo '$(srcdir)/'`crc.c + +librfc3961_la-crypto.lo: crypto.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto.Tpo -c -o librfc3961_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto.Tpo $(DEPDIR)/librfc3961_la-crypto.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='librfc3961_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c + +librfc3961_la-crypto-aes.lo: crypto-aes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-aes.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-aes.Tpo -c -o librfc3961_la-crypto-aes.lo `test -f 'crypto-aes.c' || echo '$(srcdir)/'`crypto-aes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-aes.Tpo $(DEPDIR)/librfc3961_la-crypto-aes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-aes.c' object='librfc3961_la-crypto-aes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-aes.lo `test -f 'crypto-aes.c' || echo '$(srcdir)/'`crypto-aes.c + +librfc3961_la-crypto-algs.lo: crypto-algs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-algs.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-algs.Tpo -c -o librfc3961_la-crypto-algs.lo `test -f 'crypto-algs.c' || echo '$(srcdir)/'`crypto-algs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-algs.Tpo $(DEPDIR)/librfc3961_la-crypto-algs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-algs.c' object='librfc3961_la-crypto-algs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-algs.lo `test -f 'crypto-algs.c' || echo '$(srcdir)/'`crypto-algs.c + +librfc3961_la-crypto-arcfour.lo: crypto-arcfour.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-arcfour.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-arcfour.Tpo -c -o librfc3961_la-crypto-arcfour.lo `test -f 'crypto-arcfour.c' || echo '$(srcdir)/'`crypto-arcfour.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-arcfour.Tpo $(DEPDIR)/librfc3961_la-crypto-arcfour.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-arcfour.c' object='librfc3961_la-crypto-arcfour.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-arcfour.lo `test -f 'crypto-arcfour.c' || echo '$(srcdir)/'`crypto-arcfour.c + +librfc3961_la-crypto-des.lo: crypto-des.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-des.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-des.Tpo -c -o librfc3961_la-crypto-des.lo `test -f 'crypto-des.c' || echo '$(srcdir)/'`crypto-des.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-des.Tpo $(DEPDIR)/librfc3961_la-crypto-des.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-des.c' object='librfc3961_la-crypto-des.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-des.lo `test -f 'crypto-des.c' || echo '$(srcdir)/'`crypto-des.c + +librfc3961_la-crypto-des-common.lo: crypto-des-common.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-des-common.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-des-common.Tpo -c -o librfc3961_la-crypto-des-common.lo `test -f 'crypto-des-common.c' || echo '$(srcdir)/'`crypto-des-common.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-des-common.Tpo $(DEPDIR)/librfc3961_la-crypto-des-common.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-des-common.c' object='librfc3961_la-crypto-des-common.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-des-common.lo `test -f 'crypto-des-common.c' || echo '$(srcdir)/'`crypto-des-common.c + +librfc3961_la-crypto-des3.lo: crypto-des3.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-des3.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-des3.Tpo -c -o librfc3961_la-crypto-des3.lo `test -f 'crypto-des3.c' || echo '$(srcdir)/'`crypto-des3.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-des3.Tpo $(DEPDIR)/librfc3961_la-crypto-des3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-des3.c' object='librfc3961_la-crypto-des3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-des3.lo `test -f 'crypto-des3.c' || echo '$(srcdir)/'`crypto-des3.c + +librfc3961_la-crypto-evp.lo: crypto-evp.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-evp.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-evp.Tpo -c -o librfc3961_la-crypto-evp.lo `test -f 'crypto-evp.c' || echo '$(srcdir)/'`crypto-evp.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-evp.Tpo $(DEPDIR)/librfc3961_la-crypto-evp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-evp.c' object='librfc3961_la-crypto-evp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-evp.lo `test -f 'crypto-evp.c' || echo '$(srcdir)/'`crypto-evp.c + +librfc3961_la-crypto-null.lo: crypto-null.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-null.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-null.Tpo -c -o librfc3961_la-crypto-null.lo `test -f 'crypto-null.c' || echo '$(srcdir)/'`crypto-null.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-null.Tpo $(DEPDIR)/librfc3961_la-crypto-null.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-null.c' object='librfc3961_la-crypto-null.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-null.lo `test -f 'crypto-null.c' || echo '$(srcdir)/'`crypto-null.c + +librfc3961_la-crypto-pk.lo: crypto-pk.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-pk.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-pk.Tpo -c -o librfc3961_la-crypto-pk.lo `test -f 'crypto-pk.c' || echo '$(srcdir)/'`crypto-pk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-pk.Tpo $(DEPDIR)/librfc3961_la-crypto-pk.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-pk.c' object='librfc3961_la-crypto-pk.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-pk.lo `test -f 'crypto-pk.c' || echo '$(srcdir)/'`crypto-pk.c + +librfc3961_la-crypto-rand.lo: crypto-rand.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-rand.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-rand.Tpo -c -o librfc3961_la-crypto-rand.lo `test -f 'crypto-rand.c' || echo '$(srcdir)/'`crypto-rand.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-rand.Tpo $(DEPDIR)/librfc3961_la-crypto-rand.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-rand.c' object='librfc3961_la-crypto-rand.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-rand.lo `test -f 'crypto-rand.c' || echo '$(srcdir)/'`crypto-rand.c + +librfc3961_la-crypto-stubs.lo: crypto-stubs.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-crypto-stubs.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-crypto-stubs.Tpo -c -o librfc3961_la-crypto-stubs.lo `test -f 'crypto-stubs.c' || echo '$(srcdir)/'`crypto-stubs.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-crypto-stubs.Tpo $(DEPDIR)/librfc3961_la-crypto-stubs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto-stubs.c' object='librfc3961_la-crypto-stubs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-crypto-stubs.lo `test -f 'crypto-stubs.c' || echo '$(srcdir)/'`crypto-stubs.c + +librfc3961_la-data.lo: data.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-data.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-data.Tpo -c -o librfc3961_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-data.Tpo $(DEPDIR)/librfc3961_la-data.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='data.c' object='librfc3961_la-data.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-data.lo `test -f 'data.c' || echo '$(srcdir)/'`data.c + +librfc3961_la-error_string.lo: error_string.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-error_string.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-error_string.Tpo -c -o librfc3961_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-error_string.Tpo $(DEPDIR)/librfc3961_la-error_string.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='error_string.c' object='librfc3961_la-error_string.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-error_string.lo `test -f 'error_string.c' || echo '$(srcdir)/'`error_string.c + +librfc3961_la-keyblock.lo: keyblock.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-keyblock.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-keyblock.Tpo -c -o librfc3961_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-keyblock.Tpo $(DEPDIR)/librfc3961_la-keyblock.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keyblock.c' object='librfc3961_la-keyblock.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-keyblock.lo `test -f 'keyblock.c' || echo '$(srcdir)/'`keyblock.c + +librfc3961_la-n-fold.lo: n-fold.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-n-fold.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-n-fold.Tpo -c -o librfc3961_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-n-fold.Tpo $(DEPDIR)/librfc3961_la-n-fold.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='n-fold.c' object='librfc3961_la-n-fold.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-n-fold.lo `test -f 'n-fold.c' || echo '$(srcdir)/'`n-fold.c + +librfc3961_la-salt.lo: salt.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-salt.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-salt.Tpo -c -o librfc3961_la-salt.lo `test -f 'salt.c' || echo '$(srcdir)/'`salt.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-salt.Tpo $(DEPDIR)/librfc3961_la-salt.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt.c' object='librfc3961_la-salt.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-salt.lo `test -f 'salt.c' || echo '$(srcdir)/'`salt.c + +librfc3961_la-salt-aes.lo: salt-aes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-salt-aes.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-salt-aes.Tpo -c -o librfc3961_la-salt-aes.lo `test -f 'salt-aes.c' || echo '$(srcdir)/'`salt-aes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-salt-aes.Tpo $(DEPDIR)/librfc3961_la-salt-aes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-aes.c' object='librfc3961_la-salt-aes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-salt-aes.lo `test -f 'salt-aes.c' || echo '$(srcdir)/'`salt-aes.c + +librfc3961_la-salt-arcfour.lo: salt-arcfour.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-salt-arcfour.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-salt-arcfour.Tpo -c -o librfc3961_la-salt-arcfour.lo `test -f 'salt-arcfour.c' || echo '$(srcdir)/'`salt-arcfour.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-salt-arcfour.Tpo $(DEPDIR)/librfc3961_la-salt-arcfour.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-arcfour.c' object='librfc3961_la-salt-arcfour.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-salt-arcfour.lo `test -f 'salt-arcfour.c' || echo '$(srcdir)/'`salt-arcfour.c + +librfc3961_la-salt-des.lo: salt-des.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-salt-des.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-salt-des.Tpo -c -o librfc3961_la-salt-des.lo `test -f 'salt-des.c' || echo '$(srcdir)/'`salt-des.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-salt-des.Tpo $(DEPDIR)/librfc3961_la-salt-des.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-des.c' object='librfc3961_la-salt-des.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-salt-des.lo `test -f 'salt-des.c' || echo '$(srcdir)/'`salt-des.c + +librfc3961_la-salt-des3.lo: salt-des3.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-salt-des3.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-salt-des3.Tpo -c -o librfc3961_la-salt-des3.lo `test -f 'salt-des3.c' || echo '$(srcdir)/'`salt-des3.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-salt-des3.Tpo $(DEPDIR)/librfc3961_la-salt-des3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='salt-des3.c' object='librfc3961_la-salt-des3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-salt-des3.lo `test -f 'salt-des3.c' || echo '$(srcdir)/'`salt-des3.c + +librfc3961_la-store-int.lo: store-int.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-store-int.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-store-int.Tpo -c -o librfc3961_la-store-int.lo `test -f 'store-int.c' || echo '$(srcdir)/'`store-int.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-store-int.Tpo $(DEPDIR)/librfc3961_la-store-int.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='store-int.c' object='librfc3961_la-store-int.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-store-int.lo `test -f 'store-int.c' || echo '$(srcdir)/'`store-int.c + +librfc3961_la-warn.lo: warn.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT librfc3961_la-warn.lo -MD -MP -MF $(DEPDIR)/librfc3961_la-warn.Tpo -c -o librfc3961_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/librfc3961_la-warn.Tpo $(DEPDIR)/librfc3961_la-warn.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='warn.c' object='librfc3961_la-warn.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librfc3961_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o librfc3961_la-warn.lo `test -f 'warn.c' || echo '$(srcdir)/'`warn.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done -install-man5: $(man5_MANS) $(man_MANS) + @list=''; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } +install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-dist_includeHEADERS: $(dist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(dist_include_HEADERS)'; for p in $$list; do \ + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-dist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(dist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-krb5HEADERS: $(krb5_HEADERS) @$(NORMAL_INSTALL) test -z "$(krb5dir)" || $(MKDIR_P) "$(DESTDIR)$(krb5dir)" - @list='$(krb5_HEADERS)'; for p in $$list; do \ + @list='$(krb5_HEADERS)'; test -n "$(krb5dir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(krb5HEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(krb5dir)/$$f'"; \ - $(krb5HEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(krb5dir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(krb5dir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(krb5dir)" || exit $$?; \ done uninstall-krb5HEADERS: @$(NORMAL_UNINSTALL) - @list='$(krb5_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(krb5dir)/$$f'"; \ - rm -f "$(DESTDIR)$(krb5dir)/$$f"; \ - done + @list='$(krb5_HEADERS)'; test -n "$(krb5dir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(krb5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(krb5dir)" && rm -f $$files install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -1605,49 +2744,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -1658,15 +2811,32 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1682,13 +2852,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -1696,7 +2870,7 @@ distdir: $(DISTFILES) top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_DATA) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) \ @@ -1728,6 +2902,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1735,10 +2910,11 @@ maintainer-clean-generic: clean: clean-am clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ - mostlyclean-am + clean-libLTLIBRARIES clean-libtool clean-noinstLTLIBRARIES \ + clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1749,6 +2925,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1757,26 +2935,35 @@ install-data-am: install-dist_includeHEADERS install-krb5HEADERS \ install-man install-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-man5 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1798,24 +2985,24 @@ uninstall-am: uninstall-binPROGRAMS uninstall-dist_includeHEADERS \ uninstall-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-binPROGRAMS clean-checkPROGRAMS \ clean-generic clean-libLTLIBRARIES clean-libtool \ - clean-noinstPROGRAMS ctags dist-hook distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-binPROGRAMS install-data \ - install-data-am install-data-hook install-dist_includeHEADERS \ - install-dvi install-dvi-am install-exec install-exec-am \ - install-exec-hook install-html install-html-am install-info \ - install-info-am install-krb5HEADERS install-libLTLIBRARIES \ - install-man install-man3 install-man5 install-man8 \ + clean-noinstLTLIBRARIES clean-noinstPROGRAMS ctags dist-hook \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-data-hook \ + install-dist_includeHEADERS install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am \ + install-krb5HEADERS install-libLTLIBRARIES install-man \ + install-man3 install-man5 install-man8 \ install-nodist_includeHEADERS install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -1896,6 +3083,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1981,7 +3171,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1995,16 +3185,19 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h +$(libkrb5_la_OBJECTS) $(verify_krb5_conf_OBJECTS) $(librfc3961_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h krb5_err.h heim_err.h k524_err.h krb5_err.h krb_err.h k524_err.h $(srcdir)/krb5-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB_FUNCTION -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -E KRB5_LIB -q -P comment -o krb5-protos.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-protos.h $(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(dist_libkrb5_la_SOURCES) || rm -f krb5-private.h $(libkrb5_la_OBJECTS): krb5_err.h krb_err.h heim_err.h k524_err.h +test_config_strings.out: test_config_strings.cfg + $(CP) $(srcdir)/test_config_strings.cfg test_config_strings.out + #sysconf_DATA = krb5.moduli # to help stupid solaris make @@ -2016,6 +3209,7 @@ krb_err.h: krb_err.et heim_err.h: heim_err.et k524_err.h: k524_err.et + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/krb5/acache.c b/crypto/heimdal/lib/krb5/acache.c index 30a6d90c345..19eeecda429 100644 --- a/crypto/heimdal/lib/krb5/acache.c +++ b/crypto/heimdal/lib/krb5/acache.c @@ -1,34 +1,36 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -37,14 +39,15 @@ #include #endif -RCSID("$Id: acache.c 22099 2007-12-03 17:14:34Z lha $"); +#ifndef KCM_IS_API_CACHE -/* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; static cc_initialize_func init_func; +static void (KRB5_CALLCONV *set_target_uid)(uid_t); +static void (KRB5_CALLCONV *clear_target)(void); #ifdef HAVE_DLOPEN -static void *cc_handle; +static void *cc_handle; #endif typedef struct krb5_acc { @@ -53,7 +56,7 @@ typedef struct krb5_acc { cc_ccache_t ccache; } krb5_acc; -static krb5_error_code acc_close(krb5_context, krb5_ccache); +static krb5_error_code KRB5_CALLCONV acc_close(krb5_context, krb5_ccache); #define ACACHE(X) ((krb5_acc *)(X)->data.data) @@ -68,14 +71,15 @@ static const struct { { ccIteratorEnd, KRB5_CC_END }, { ccErrNoMem, KRB5_CC_NOMEM }, { ccErrServerUnavailable, KRB5_CC_NOSUPP }, + { ccErrInvalidCCache, KRB5_CC_BADNAME }, { ccNoError, 0 } }; static krb5_error_code translate_cc_error(krb5_context context, cc_int32 error) { - int i; - krb5_clear_error_string(context); + size_t i; + krb5_clear_error_message(context); for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++) if (cc_errors[i].error == error) return cc_errors[i].ret; @@ -85,21 +89,25 @@ translate_cc_error(krb5_context context, cc_int32 error) static krb5_error_code init_ccapi(krb5_context context) { - const char *lib; + const char *lib = NULL; HEIMDAL_MUTEX_lock(&acc_mutex); if (init_func) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_clear_error_string(context); + if (context) + krb5_clear_error_message(context); return 0; } - lib = krb5_config_get_string(context, NULL, - "libdefaults", "ccapi_library", - NULL); + if (context) + lib = krb5_config_get_string(context, NULL, + "libdefaults", "ccapi_library", + NULL); if (lib == NULL) { #ifdef __APPLE__ lib = "/System/Library/Frameworks/Kerberos.framework/Kerberos"; +#elif defined(KRB5_USE_PATH_TOKENS) && defined(_WIN32) + lib = "%{LIBDIR}/libkrb5_cc.dll"; #else lib = "/usr/lib/libkrb5_cc.so"; #endif @@ -109,20 +117,43 @@ init_ccapi(krb5_context context) #ifndef RTLD_LAZY #define RTLD_LAZY 0 +#endif +#ifndef RTLD_LOCAL +#define RTLD_LOCAL 0 +#endif + +#ifdef KRB5_USE_PATH_TOKENS + { + char * explib = NULL; + if (_krb5_expand_path_tokens(context, lib, &explib) == 0) { + cc_handle = dlopen(explib, RTLD_LAZY|RTLD_LOCAL); + free(explib); + } + } +#else + cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL); #endif - cc_handle = dlopen(lib, RTLD_LAZY); if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_string(context, "Failed to load %s", lib); + if (context) + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to load API cache module %s", "file"), + lib); return KRB5_CC_NOSUPP; } init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); + set_target_uid = (void (KRB5_CALLCONV *)(uid_t)) + dlsym(cc_handle, "krb5_ipc_client_set_target_uid"); + clear_target = (void (KRB5_CALLCONV *)(void)) + dlsym(cc_handle, "krb5_ipc_client_clear_target"); HEIMDAL_MUTEX_unlock(&acc_mutex); if (init_func == NULL) { - krb5_set_error_string(context, "Failed to find cc_initialize" - "in %s: %s", lib, dlerror()); + if (context) + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to find cc_initialize" + "in %s: %s", "file, error"), lib, dlerror()); dlclose(cc_handle); return KRB5_CC_NOSUPP; } @@ -130,10 +161,28 @@ init_ccapi(krb5_context context) return 0; #else HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_string(context, "no support for shared object"); + if (context) + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("no support for shared object", "")); return KRB5_CC_NOSUPP; #endif -} +} + +void +_heim_krb5_ipc_client_set_target_uid(uid_t uid) +{ + init_ccapi(NULL); + if (set_target_uid != NULL) + (*set_target_uid)(uid); +} + +void +_heim_krb5_ipc_client_clear_target(void) +{ + init_ccapi(NULL); + if (clear_target != NULL) + (*clear_target)(); +} static krb5_error_code make_cred_from_ccred(krb5_context context, @@ -141,7 +190,7 @@ make_cred_from_ccred(krb5_context context, krb5_creds *cred) { krb5_error_code ret; - int i; + unsigned int i; memset(cred, 0, sizeof(*cred)); @@ -180,13 +229,13 @@ make_cred_from_ccred(krb5_context context, cred->authdata.val = NULL; cred->authdata.len = 0; - + cred->addresses.val = NULL; cred->addresses.len = 0; - + for (i = 0; incred->authdata && incred->authdata[i]; i++) ; - + if (i) { cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0])); if (cred->authdata.val == NULL) @@ -201,16 +250,16 @@ make_cred_from_ccred(krb5_context context, goto nomem; } } - + for (i = 0; incred->addresses && incred->addresses[i]; i++) ; - + if (i) { cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0])); if (cred->addresses.val == NULL) goto nomem; cred->addresses.len = i; - + for (i = 0; i < cred->addresses.len; i++) { cred->addresses.val[i].addr_type = incred->addresses[i]->type; ret = krb5_data_copy(&cred->addresses.val[i].address, @@ -220,7 +269,7 @@ make_cred_from_ccred(krb5_context context, goto nomem; } } - + cred->flags.i = 0; if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE) cred->flags.b.forwardable = 1; @@ -252,11 +301,11 @@ make_cred_from_ccred(krb5_context context, cred->flags.b.anonymous = 1; return 0; - + nomem: ret = ENOMEM; - krb5_set_error_string(context, "malloc - out of memory"); - + krb5_set_error_message(context, ret, N_("malloc: out of memory", "malloc")); + fail: krb5_free_cred_contents(context, cred); return ret; @@ -288,7 +337,7 @@ make_ccred_from_cred(krb5_context context, cc_credentials_v5_t *cred) { krb5_error_code ret; - int i; + size_t i; memset(cred, 0, sizeof(*cred)); @@ -317,8 +366,8 @@ make_ccred_from_cred(krb5_context context, /* XXX this one should also be filled in */ cred->authdata = NULL; - - cred->addresses = calloc(incred->addresses.len + 1, + + cred->addresses = calloc(incred->addresses.len + 1, sizeof(cred->addresses[0])); if (cred->addresses == NULL) { @@ -337,10 +386,11 @@ make_ccred_from_cred(krb5_context context, addr->length = incred->addresses.val[i].address.length; addr->data = malloc(addr->length); if (addr->data == NULL) { + free(addr); ret = ENOMEM; goto fail; } - memcpy(addr->data, incred->addresses.val[i].address.data, + memcpy(addr->data, incred->addresses.val[i].address.data, addr->length); cred->addresses[i] = addr; } @@ -378,49 +428,69 @@ make_ccred_from_cred(krb5_context context, return 0; -fail: +fail: free_ccred(cred); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } -static char * -get_cc_name(cc_ccache_t cache) +static cc_int32 +get_cc_name(krb5_acc *a) { cc_string_t name; cc_int32 error; - char *str; - error = (*cache->func->get_name)(cache, &name); + error = (*a->ccache->func->get_name)(a->ccache, &name); if (error) - return NULL; + return error; - str = strdup(name->data); + a->cache_name = strdup(name->data); (*name->func->release)(name); - return str; + if (a->cache_name == NULL) + return ccErrNoMem; + return ccNoError; } -static const char* +static const char* KRB5_CALLCONV acc_get_name(krb5_context context, krb5_ccache id) { krb5_acc *a = ACACHE(id); - static char n[255]; - char *name; + int32_t error; - name = get_cc_name(a->ccache); - if (name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return NULL; + if (a->cache_name == NULL) { + krb5_error_code ret; + krb5_principal principal; + char *name; + + ret = _krb5_get_default_principal_local(context, &principal); + if (ret) + return NULL; + + ret = krb5_unparse_name(context, principal, &name); + krb5_free_principal(context, principal); + if (ret) + return NULL; + + error = (*a->context->func->create_new_ccache)(a->context, + cc_credentials_v5, + name, + &a->ccache); + krb5_xfree(name); + if (error) + return NULL; + + error = get_cc_name(a); + if (error) + return NULL; } - strlcpy(n, name, sizeof(n)); - free(name); - return n; + + return a->cache_name; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_alloc(krb5_context context, krb5_ccache *id) { krb5_error_code ret; @@ -433,10 +503,10 @@ acc_alloc(krb5_context context, krb5_ccache *id) ret = krb5_data_alloc(&(*id)->data, sizeof(*a)); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } - + a = ACACHE(*id); error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL); @@ -450,7 +520,7 @@ acc_alloc(krb5_context context, krb5_ccache *id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_resolve(krb5_context context, krb5_ccache *id, const char *res) { krb5_error_code ret; @@ -463,20 +533,25 @@ acc_resolve(krb5_context context, krb5_ccache *id, const char *res) a = ACACHE(*id); - error = (*a->context->func->open_ccache)(a->context, res, - &a->ccache); - if (error == 0) { - a->cache_name = get_cc_name(a->ccache); - if (a->cache_name == NULL) { + error = (*a->context->func->open_ccache)(a->context, res, &a->ccache); + if (error == ccNoError) { + cc_time_t offset; + error = get_cc_name(a); + if (error != ccNoError) { acc_close(context, *id); *id = NULL; - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + return translate_cc_error(context, error); } + + error = (*a->ccache->func->get_kdc_time_offset)(a->ccache, + cc_credentials_v5, + &offset); + if (error == 0) + context->kdc_sec_offset = offset; + } else if (error == ccErrCCacheNotFound) { a->ccache = NULL; a->cache_name = NULL; - error = 0; } else { *id = NULL; return translate_cc_error(context, error); @@ -485,7 +560,7 @@ acc_resolve(krb5_context context, krb5_ccache *id, const char *res) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_gen_new(krb5_context context, krb5_ccache *id) { krb5_error_code ret; @@ -503,7 +578,7 @@ acc_gen_new(krb5_context context, krb5_ccache *id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) @@ -517,16 +592,47 @@ acc_initialize(krb5_context context, if (ret) return ret; - error = (*a->context->func->create_new_ccache)(a->context, - cc_credentials_v5, - name, - &a->ccache); - free(name); + if (a->cache_name == NULL) { + error = (*a->context->func->create_new_ccache)(a->context, + cc_credentials_v5, + name, + &a->ccache); + free(name); + if (error == ccNoError) + error = get_cc_name(a); + } else { + cc_credentials_iterator_t iter; + cc_credentials_t ccred; + + error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); + if (error) { + free(name); + return translate_cc_error(context, error); + } + + while (1) { + error = (*iter->func->next)(iter, &ccred); + if (error) + break; + (*a->ccache->func->remove_credentials)(a->ccache, ccred); + (*ccred->func->release)(ccred); + } + (*iter->func->release)(iter); + + error = (*a->ccache->func->set_principal)(a->ccache, + cc_credentials_v5, + name); + } + + if (error == 0 && context->kdc_sec_offset) + error = (*a->ccache->func->set_kdc_time_offset)(a->ccache, + cc_credentials_v5, + context->kdc_sec_offset); return translate_cc_error(context, error); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_close(krb5_context context, krb5_ccache id) { @@ -540,13 +646,15 @@ acc_close(krb5_context context, free(a->cache_name); a->cache_name = NULL; } - (*a->context->func->release)(a->context); - a->context = NULL; + if (a->context) { + (*a->context->func->release)(a->context); + a->context = NULL; + } krb5_data_free(&id->data); return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_destroy(krb5_context context, krb5_ccache id) { @@ -564,7 +672,7 @@ acc_destroy(krb5_context context, return translate_cc_error(context, error); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) @@ -574,16 +682,17 @@ acc_store_cred(krb5_context context, cc_credentials_v5_t v5cred; krb5_error_code ret; cc_int32 error; - + if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } cred.version = cc_credentials_v5; cred.credentials.credentials_v5 = &v5cred; - ret = make_ccred_from_cred(context, + ret = make_ccred_from_cred(context, creds, &v5cred); if (ret) @@ -598,7 +707,7 @@ acc_store_cred(krb5_context context, return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) @@ -609,7 +718,8 @@ acc_get_principal(krb5_context context, cc_string_t name; if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } @@ -618,14 +728,14 @@ acc_get_principal(krb5_context context, &name); if (error) return translate_cc_error(context, error); - + ret = krb5_parse_name(context, name->data, principal); - + (*name->func->release)(name); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_get_first (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) @@ -633,15 +743,16 @@ acc_get_first (krb5_context context, cc_credentials_iterator_t iter; krb5_acc *a = ACACHE(id); int32_t error; - + if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); if (error) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOENT; } *cursor = iter; @@ -649,7 +760,7 @@ acc_get_first (krb5_context context, } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, @@ -669,14 +780,14 @@ acc_get_next (krb5_context context, (*cred->func->release)(cred); } - ret = make_cred_from_ccred(context, + ret = make_cred_from_ccred(context, cred->data->credentials.credentials_v5, creds); (*cred->func->release)(cred); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) @@ -686,7 +797,7 @@ acc_end_get (krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, @@ -698,9 +809,10 @@ acc_remove_cred(krb5_context context, krb5_error_code ret; cc_int32 error; char *client, *server; - + if (a->ccache == NULL) { - krb5_set_error_string(context, "No API credential found"); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } @@ -752,15 +864,16 @@ acc_remove_cred(krb5_context context, (*iter->func->release)(iter); if (ret) - krb5_set_error_string(context, "Can't find credential %s in cache", - server); + krb5_set_error_message(context, ret, + N_("Can't find credential %s in cache", + "principal"), server); free(server); free(client); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) @@ -768,19 +881,19 @@ acc_set_flags(krb5_context context, return 0; } -static krb5_error_code +static int KRB5_CALLCONV acc_get_version(krb5_context context, krb5_ccache id) { return 0; } - + struct cache_iter { cc_context_t context; cc_ccache_iterator_t iter; }; -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) { struct cache_iter *iter; @@ -793,7 +906,7 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -807,14 +920,14 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) &iter->iter); if (error) { free(iter); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOENT; } *cursor = iter; return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) { struct cache_iter *iter = cursor; @@ -843,17 +956,16 @@ acc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) a = ACACHE(*id); a->ccache = cache; - a->cache_name = get_cc_name(a->ccache); - if (a->cache_name == NULL) { + error = get_cc_name(a); + if (error) { acc_close(context, *id); *id = NULL; - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } + return translate_cc_error(context, error); + } return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) { struct cache_iter *iter = cursor; @@ -866,7 +978,7 @@ acc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_acc *afrom = ACACHE(from); @@ -881,7 +993,7 @@ acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) &name); if (error) return translate_cc_error(context, error); - + error = (*ato->context->func->create_new_ccache)(ato->context, cc_credentials_v5, name->data, @@ -891,13 +1003,15 @@ acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) return translate_cc_error(context, error); } - error = (*ato->ccache->func->move)(afrom->ccache, ato->ccache); + + acc_destroy(context, from); + return translate_cc_error(context, error); } -static krb5_error_code -acc_default_name(krb5_context context, char **str) +static krb5_error_code KRB5_CALLCONV +acc_get_default_name(krb5_context context, char **str) { krb5_error_code ret; cc_context_t cc; @@ -917,18 +1031,58 @@ acc_default_name(krb5_context context, char **str) (*cc->func->release)(cc); return translate_cc_error(context, error); } - - asprintf(str, "API:%s", name->data); + + error = asprintf(str, "API:%s", name->data); (*name->func->release)(name); (*cc->func->release)(cc); - if (*str == NULL) { - krb5_set_error_string(context, "out of memory"); + if (error < 0 || *str == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } +static krb5_error_code KRB5_CALLCONV +acc_set_default(krb5_context context, krb5_ccache id) +{ + krb5_acc *a = ACACHE(id); + cc_int32 error; + + if (a->ccache == NULL) { + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); + return KRB5_CC_NOTFOUND; + } + + error = (*a->ccache->func->set_default)(a->ccache); + if (error) + return translate_cc_error(context, error); + + return 0; +} + +static krb5_error_code KRB5_CALLCONV +acc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + krb5_acc *a = ACACHE(id); + cc_int32 error; + cc_time_t t; + + if (a->ccache == NULL) { + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); + return KRB5_CC_NOTFOUND; + } + + error = (*a->ccache->func->get_change_time)(a->ccache, &t); + if (error) + return translate_cc_error(context, error); + + *mtime = t; + + return 0; +} /** * Variable containing the API based credential cache implemention. @@ -936,7 +1090,8 @@ acc_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_acc_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = { + KRB5_CC_OPS_VERSION, "API", acc_get_name, acc_resolve, @@ -957,5 +1112,11 @@ const krb5_cc_ops krb5_acc_ops = { acc_get_cache_next, acc_end_cache_get, acc_move, - acc_default_name + acc_get_default_name, + acc_set_default, + acc_lastchange, + NULL, + NULL, }; + +#endif diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c index cab68367f80..c94aae361b8 100644 --- a/crypto/heimdal/lib/krb5/acl.c +++ b/crypto/heimdal/lib/krb5/acl.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000 - 2002, 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2002, 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -34,8 +34,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: acl.c 22119 2007-12-03 22:02:48Z lha $"); - struct acl_field { enum { acl_string, acl_fnmatch, acl_retval } type; union { @@ -83,7 +81,8 @@ acl_parse_format(krb5_context context, for(p = format; *p != '\0'; p++) { tmp = malloc(sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); acl_free_list(acl, 0); return ENOMEM; } @@ -98,8 +97,9 @@ acl_parse_format(krb5_context context, tmp->u.retv = va_arg(ap, char **); *tmp->u.retv = NULL; } else { - krb5_set_error_string(context, "acl_parse_format: " - "unknown format specifier %c", *p); + krb5_set_error_message(context, EINVAL, + N_("Unknown format specifier %c while " + "parsing ACL", "specifier"), *p); acl_free_list(acl, 0); free(tmp); return EINVAL; @@ -180,7 +180,7 @@ acl_match_acl(krb5_context context, * * @code * char *s; - * + * * ret = krb5_acl_match_string(context, "foo", "s", "foo"); * if (ret) * krb5_errx(context, 1, "acl didn't match"); @@ -198,7 +198,7 @@ acl_match_acl(krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string(krb5_context context, const char *string, const char *format, @@ -220,11 +220,11 @@ krb5_acl_match_string(krb5_context context, if (found) { return 0; } else { - krb5_set_error_string(context, "ACL did not match"); + krb5_set_error_message(context, EACCES, N_("ACL did not match", "")); return EACCES; } } - + /** * krb5_acl_match_file matches ACL format against each line in a file * using krb5_acl_match_string(). Lines starting with # are treated @@ -241,7 +241,7 @@ krb5_acl_match_string(krb5_context context, * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file(krb5_context context, const char *file, const char *format, @@ -257,11 +257,13 @@ krb5_acl_match_file(krb5_context context, f = fopen(file, "r"); if(f == NULL) { int save_errno = errno; - - krb5_set_error_string(context, "open(%s): %s", file, - strerror(save_errno)); + rk_strerror_r(save_errno, buf, sizeof(buf)); + krb5_set_error_message(context, save_errno, + N_("open(%s): %s", "file, errno"), + file, buf); return save_errno; } + rk_cloexec_file(f); va_start(ap, format); ret = acl_parse_format(context, &acl, format, ap); @@ -287,7 +289,7 @@ krb5_acl_match_file(krb5_context context, if (found) { return 0; } else { - krb5_set_error_string(context, "ACL did not match"); + krb5_set_error_message(context, EACCES, N_("ACL did not match", "")); return EACCES; } } diff --git a/crypto/heimdal/lib/krb5/add_et_list.c b/crypto/heimdal/lib/krb5/add_et_list.c index a6005c68590..082014e107a 100644 --- a/crypto/heimdal/lib/krb5/add_et_list.c +++ b/crypto/heimdal/lib/krb5/add_et_list.c @@ -1,47 +1,53 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: add_et_list.c 13713 2004-04-13 14:33:45Z lha $"); - -/* +/** * Add a specified list of error messages to the et list in context. * Call func (probably a comerr-generated function) with a pointer to * the current et_list. + * + * @param context A kerberos context. + * @param func The generated com_err et function. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list (krb5_context context, void (*func)(struct et_list **)) { diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c index f364f5974d4..5d321a7e917 100644 --- a/crypto/heimdal/lib/krb5/addr_families.c +++ b/crypto/heimdal/lib/krb5/addr_families.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: addr_families.c 22039 2007-11-10 11:47:35Z lha $"); - struct addr_operations { int af; krb5_address_type atype; @@ -46,14 +44,15 @@ struct addr_operations { void (*h_addr2sockaddr)(const char *, struct sockaddr *, krb5_socklen_t *, int); krb5_error_code (*h_addr2addr)(const char *, krb5_address *); krb5_boolean (*uninteresting)(const struct sockaddr *); + krb5_boolean (*is_loopback)(const struct sockaddr *); void (*anyaddr)(struct sockaddr *, krb5_socklen_t *, int); int (*print_addr)(const krb5_address *, char *, size_t); int (*parse_addr)(krb5_context, const char*, krb5_address *); int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*); int (*free_addr)(krb5_context, krb5_address*); int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*); - int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, - krb5_address*, krb5_address*); + int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, + krb5_address*, krb5_address*); }; /* @@ -138,6 +137,17 @@ ipv4_uninteresting (const struct sockaddr *sa) return FALSE; } +static krb5_boolean +ipv4_is_loopback (const struct sockaddr *sa) +{ + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + + if ((ntohl(sin4->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET) + return TRUE; + + return FALSE; +} + static void ipv4_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port) { @@ -177,16 +187,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr) return -1; } else p = address; -#ifdef HAVE_INET_ATON if(inet_aton(p, &a) == 0) return -1; -#elif defined(HAVE_INET_ADDR) - a.s_addr = inet_addr(p); - if(a.s_addr == INADDR_NONE) - return -1; -#else - return -1; -#endif addr->addr_type = KRB5_ADDRESS_INET; if(krb5_data_alloc(&addr->address, 4) != 0) return -1; @@ -202,7 +204,8 @@ ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr, uint32_t l, h, m = 0xffffffff; if (len > 32) { - krb5_set_error_string(context, "IPv4 prefix too large (%ld)", len); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + N_("IPv4 prefix too large (%ld)", "len"), len); return KRB5_PROG_ATYPE_NOSUPP; } m = m << (32 - len); @@ -310,7 +313,7 @@ ipv6_h_addr2addr (const char *addr, } /* - * + * */ static krb5_boolean @@ -318,12 +321,20 @@ ipv6_uninteresting (const struct sockaddr *sa) { const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr; - - return - IN6_IS_ADDR_LINKLOCAL(in6) + + return IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6); } +static krb5_boolean +ipv6_is_loopback (const struct sockaddr *sa) +{ + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr; + + return (IN6_IS_ADDR_LOOPBACK(in6)); +} + static void ipv6_anyaddr (struct sockaddr *sa, krb5_socklen_t *sa_size, int port) { @@ -340,12 +351,10 @@ static int ipv6_print_addr (const krb5_address *addr, char *str, size_t len) { char buf[128], buf2[3]; -#ifdef HAVE_INET_NTOP if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) -#endif { /* XXX this is pretty ugly, but better than abort() */ - int i; + size_t i; unsigned char *p = addr->address.data; buf[0] = '\0'; for(i = 0; i < addr->address.length; i++) { @@ -395,12 +404,14 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, int i, sub_len; if (len > 128) { - krb5_set_error_string(context, "IPv6 prefix too large (%ld)", len); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + N_("IPv6 prefix too large (%ld)", "length"), len); return KRB5_PROG_ATYPE_NOSUPP; } if (inaddr->address.length != sizeof(addr)) { - krb5_set_error_string(context, "IPv6 addr bad length"); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + N_("IPv6 addr bad length", "")); return KRB5_PROG_ATYPE_NOSUPP; } @@ -410,7 +421,7 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, sub_len = min(8, len); m = 0xff << (8 - sub_len); - + laddr.s6_addr[i] = addr.s6_addr[i] & m; haddr.s6_addr[i] = (addr.s6_addr[i] & m) | ~m; @@ -437,6 +448,8 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, #endif /* IPv6 */ +#ifndef HEIMDAL_SMALLER + /* * table */ @@ -449,17 +462,17 @@ struct arange { }; static int -arange_parse_addr (krb5_context context, +arange_parse_addr (krb5_context context, const char *address, krb5_address *addr) { char buf[1024], *p; krb5_address low0, high0; struct arange *a; krb5_error_code ret; - + if(strncasecmp(address, "RANGE:", 6) != 0) return -1; - + address += 6; p = strrchr(address, '/'); @@ -478,7 +491,7 @@ arange_parse_addr (krb5_context context, krb5_free_addresses(context, &addrmask); return -1; } - + address += p - address + 1; num = strtol(address, &q, 10); @@ -495,7 +508,7 @@ arange_parse_addr (krb5_context context, } else { krb5_addresses low, high; - + strsep_copy(&address, "-", buf, sizeof(buf)); ret = krb5_parse_address(context, buf, &low); if(ret) @@ -504,14 +517,14 @@ arange_parse_addr (krb5_context context, krb5_free_addresses(context, &low); return -1; } - + strsep_copy(&address, "-", buf, sizeof(buf)); ret = krb5_parse_address(context, buf, &high); if(ret) { krb5_free_addresses(context, &low); return ret; } - + if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) { krb5_free_addresses(context, &low); krb5_free_addresses(context, &high); @@ -557,7 +570,7 @@ arange_free (krb5_context context, krb5_address *addr) static int -arange_copy (krb5_context context, const krb5_address *inaddr, +arange_copy (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr) { krb5_error_code ret; @@ -597,7 +610,7 @@ arange_print_addr (const krb5_address *addr, char *str, size_t len) if (l > len) l = len; size = l; - + ret = krb5_print_address (&a->low, str + size, len - size, &l); if (ret) return ret; @@ -623,8 +636,8 @@ arange_print_addr (const krb5_address *addr, char *str, size_t len) } static int -arange_order_addr(krb5_context context, - const krb5_address *addr1, +arange_order_addr(krb5_context context, + const krb5_address *addr1, const krb5_address *addr2) { int tmp1, tmp2, sign; @@ -639,9 +652,11 @@ arange_order_addr(krb5_context context, a = addr2->address.data; a2 = addr1; sign = -1; - } else + } else { abort(); - + UNREACHABLE(return 0); + } + if(a2->addr_type == KRB5_ADDRESS_ARANGE) { struct arange *b = a2->address.data; tmp1 = krb5_address_order(context, &a->low, &b->low); @@ -661,6 +676,8 @@ arange_order_addr(krb5_context context, } } +#endif /* HEIMDAL_SMALLER */ + static int addrport_print_addr (const krb5_address *addr, char *str, size_t len) { @@ -671,6 +688,9 @@ addrport_print_addr (const krb5_address *addr, char *str, size_t len) krb5_storage *sp; sp = krb5_storage_from_data((krb5_data*)rk_UNCONST(&addr->address)); + if (sp == NULL) + return ENOMEM; + /* for totally obscure reasons, these are not in network byteorder */ krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -709,32 +729,78 @@ addrport_print_addr (const krb5_address *addr, char *str, size_t len) } static struct addr_operations at[] = { - {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), - ipv4_sockaddr2addr, - ipv4_sockaddr2port, - ipv4_addr2sockaddr, - ipv4_h_addr2sockaddr, - ipv4_h_addr2addr, - ipv4_uninteresting, ipv4_anyaddr, ipv4_print_addr, ipv4_parse_addr, - NULL, NULL, NULL, ipv4_mask_boundary }, + { + AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), + ipv4_sockaddr2addr, + ipv4_sockaddr2port, + ipv4_addr2sockaddr, + ipv4_h_addr2sockaddr, + ipv4_h_addr2addr, + ipv4_uninteresting, + ipv4_is_loopback, + ipv4_anyaddr, + ipv4_print_addr, + ipv4_parse_addr, + NULL, + NULL, + NULL, + ipv4_mask_boundary + }, #ifdef HAVE_IPV6 - {AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6), - ipv6_sockaddr2addr, - ipv6_sockaddr2port, - ipv6_addr2sockaddr, - ipv6_h_addr2sockaddr, - ipv6_h_addr2addr, - ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr, - NULL, NULL, NULL, ipv6_mask_boundary } , + { + AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6), + ipv6_sockaddr2addr, + ipv6_sockaddr2port, + ipv6_addr2sockaddr, + ipv6_h_addr2sockaddr, + ipv6_h_addr2addr, + ipv6_uninteresting, + ipv6_is_loopback, + ipv6_anyaddr, + ipv6_print_addr, + ipv6_parse_addr, + NULL, + NULL, + NULL, + ipv6_mask_boundary + } , #endif - {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, - NULL, NULL, NULL, NULL, NULL, - NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }, +#ifndef HEIMDAL_SMALLER /* fake address type */ - {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), - NULL, NULL, NULL, NULL, NULL, NULL, NULL, - arange_print_addr, arange_parse_addr, - arange_order_addr, arange_free, arange_copy } + { + KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + arange_print_addr, + arange_parse_addr, + arange_order_addr, + arange_free, + arange_copy, + NULL + }, +#endif + { + KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + addrport_print_addr, + NULL, + NULL, + NULL, + NULL + } }; static int num_addrs = sizeof(at) / sizeof(at[0]); @@ -757,7 +823,7 @@ find_af(int af) } static struct addr_operations * -find_atype(int atype) +find_atype(krb5_address_type atype) { struct addr_operations *a; @@ -769,7 +835,7 @@ find_atype(int atype) /** * krb5_sockaddr2address stores a address a "struct sockaddr" sa in - * the krb5_address addr. + * the krb5_address addr. * * @param context a Keberos context * @param sa a struct sockaddr to extract the address from @@ -780,14 +846,15 @@ find_atype(int atype) * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address (krb5_context context, const struct sockaddr *sa, krb5_address *addr) { struct addr_operations *a = find_af(sa->sa_family); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - sa->sa_family); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d not supported", ""), + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->sockaddr2addr)(sa, addr); @@ -807,14 +874,15 @@ krb5_sockaddr2address (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port (krb5_context context, const struct sockaddr *sa, int16_t *port) { struct addr_operations *a = find_af(sa->sa_family); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - sa->sa_family); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d not supported", ""), + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->sockaddr2port)(sa, port); @@ -841,7 +909,7 @@ krb5_sockaddr2port (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr (krb5_context context, const krb5_address *addr, struct sockaddr *sa, @@ -851,14 +919,17 @@ krb5_addr2sockaddr (krb5_context context, struct addr_operations *a = find_atype(addr->addr_type); if (a == NULL) { - krb5_set_error_string (context, "Address type %d not supported", - addr->addr_type); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address type %d not supported", + "krb5_address type"), + addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } if (a->addr2sockaddr == NULL) { - krb5_set_error_string (context, - "Can't convert address type %d to sockaddr", - addr->addr_type); + krb5_set_error_message (context, + KRB5_PROG_ATYPE_NOSUPP, + N_("Can't convert address type %d to sockaddr", ""), + addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } (*a->addr2sockaddr)(addr, sa, sa_size, port); @@ -874,7 +945,7 @@ krb5_addr2sockaddr (krb5_context context, * @ingroup krb5_address */ -size_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void) { if (max_sockaddr_size == 0) { @@ -898,7 +969,7 @@ krb5_max_sockaddr_size (void) * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting(const struct sockaddr *sa) { struct addr_operations *a = find_af(sa->sa_family); @@ -907,6 +978,15 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) return (*a->uninteresting)(sa); } +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_sockaddr_is_loopback(const struct sockaddr *sa) +{ + struct addr_operations *a = find_af(sa->sa_family); + if (a == NULL || a->is_loopback == NULL) + return TRUE; + return (*a->is_loopback)(sa); +} + /** * krb5_h_addr2sockaddr initializes a "struct sockaddr sa" from af and * the "struct hostent" (see gethostbyname(3) ) h_addr_list @@ -926,7 +1006,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr (krb5_context context, int af, const char *addr, struct sockaddr *sa, @@ -935,7 +1015,8 @@ krb5_h_addr2sockaddr (krb5_context context, { struct addr_operations *a = find_af(af); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", af); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; } (*a->h_addr2sockaddr)(addr, sa, sa_size, port); @@ -956,14 +1037,15 @@ krb5_h_addr2sockaddr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr (krb5_context context, int af, const char *haddr, krb5_address *addr) { struct addr_operations *a = find_af(af); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", af); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d not supported", ""), af); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->h_addr2addr)(haddr, addr); @@ -986,7 +1068,7 @@ krb5_h_addr2addr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr (krb5_context context, int af, struct sockaddr *sa, @@ -996,7 +1078,8 @@ krb5_anyaddr (krb5_context context, struct addr_operations *a = find_af (af); if (a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", af); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d not supported", ""), af); return KRB5_PROG_ATYPE_NOSUPP; } @@ -1020,8 +1103,8 @@ krb5_anyaddr (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_print_address (const krb5_address *addr, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_print_address (const krb5_address *addr, char *str, size_t len, size_t *ret_len) { struct addr_operations *a = find_atype(addr->addr_type); @@ -1030,17 +1113,17 @@ krb5_print_address (const krb5_address *addr, if (a == NULL || a->print_addr == NULL) { char *s; int l; - int i; + size_t i; s = str; l = snprintf(s, len, "TYPE_%d:", addr->addr_type); - if (l < 0 || l >= len) + if (l < 0 || (size_t)l >= len) return EINVAL; s += l; len -= l; for(i = 0; i < addr->address.length; i++) { l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]); - if (l < 0 || l >= len) + if (l < 0 || (size_t)l >= len) return EINVAL; len -= l; s += l; @@ -1070,7 +1153,7 @@ krb5_print_address (const krb5_address *addr, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address(krb5_context context, const char *string, krb5_addresses *addresses) @@ -1089,7 +1172,8 @@ krb5_parse_address(krb5_context context, if((*at[i].parse_addr)(context, string, &addr) == 0) { ALLOC_SEQ(addresses, 1); if (addresses->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } addresses->val[0] = addr; @@ -1100,18 +1184,22 @@ krb5_parse_address(krb5_context context, error = getaddrinfo (string, NULL, NULL, &ai); if (error) { + krb5_error_code ret2; save_errno = errno; - krb5_set_error_string (context, "%s: %s", string, gai_strerror(error)); - return krb5_eai_to_heim_errno(error, save_errno); + ret2 = krb5_eai_to_heim_errno(error, save_errno); + krb5_set_error_message (context, ret2, "%s: %s", + string, gai_strerror(error)); + return ret2; } - + n = 0; for (a = ai; a != NULL; a = a->ai_next) ++n; ALLOC_SEQ(addresses, n); if (addresses->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); freeaddrinfo(ai); return ENOMEM; } @@ -1120,10 +1208,12 @@ krb5_parse_address(krb5_context context, for (a = ai, i = 0; a != NULL; a = a->ai_next) { if (krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i])) continue; - if(krb5_address_search(context, &addresses->val[i], addresses)) + if(krb5_address_search(context, &addresses->val[i], addresses)) { + krb5_free_address(context, &addresses->val[i]); continue; - addresses->len = i; + } i++; + addresses->len = i; } freeaddrinfo (ai); return 0; @@ -1132,7 +1222,7 @@ krb5_parse_address(krb5_context context, /** * krb5_address_order compares the addresses addr1 and addr2 so that * it can be used for sorting addresses. If the addresses are the same - * address krb5_address_order will return 0. Behavies like memcmp(2). + * address krb5_address_order will return 0. Behavies like memcmp(2). * * @param context a Keberos context * @param addr1 krb5_address to compare @@ -1144,7 +1234,7 @@ krb5_parse_address(krb5_context context, * @ingroup krb5_address */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) @@ -1152,21 +1242,23 @@ krb5_address_order(krb5_context context, /* this sucks; what if both addresses have order functions, which should we call? this works for now, though */ struct addr_operations *a; - a = find_atype(addr1->addr_type); + a = find_atype(addr1->addr_type); if(a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - addr1->addr_type); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d not supported", ""), + addr1->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } - if(a->order_addr != NULL) - return (*a->order_addr)(context, addr1, addr2); - a = find_atype(addr2->addr_type); + if(a->order_addr != NULL) + return (*a->order_addr)(context, addr1, addr2); + a = find_atype(addr2->addr_type); if(a == NULL) { - krb5_set_error_string (context, "Address family %d not supported", - addr2->addr_type); + krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d not supported", ""), + addr2->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } - if(a->order_addr != NULL) + if(a->order_addr != NULL) return (*a->order_addr)(context, addr1, addr2); if(addr1->addr_type != addr2->addr_type) @@ -1191,7 +1283,7 @@ krb5_address_order(krb5_context context, * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) @@ -1212,12 +1304,12 @@ krb5_address_compare(krb5_context context, * @ingroup krb5_address */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search(krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist) { - int i; + size_t i; for (i = 0; i < addrlist->len; ++i) if (krb5_address_compare (context, addr, &addrlist->val[i])) @@ -1237,7 +1329,7 @@ krb5_address_search(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address(krb5_context context, krb5_address *address) { @@ -1261,11 +1353,11 @@ krb5_free_address(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses(krb5_context context, krb5_addresses *addresses) { - int i; + size_t i; for(i = 0; i < addresses->len; i++) krb5_free_address(context, &addresses->val[i]); free(addresses->val); @@ -1287,7 +1379,7 @@ krb5_free_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address(krb5_context context, const krb5_address *inaddr, krb5_address *outaddr) @@ -1311,12 +1403,12 @@ krb5_copy_address(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses(krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr) { - int i; + size_t i; ALLOC_SEQ(outaddr, inaddr->len); if(inaddr->len > 0 && outaddr->val == NULL) return ENOMEM; @@ -1338,18 +1430,19 @@ krb5_copy_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses(krb5_context context, krb5_addresses *dest, const krb5_addresses *source) { krb5_address *tmp; krb5_error_code ret; - int i; + size_t i; if(source->len > 0) { tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string(context, "realloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } dest->val = tmp; @@ -1357,8 +1450,8 @@ krb5_append_addresses(krb5_context context, /* skip duplicates */ if(krb5_address_search(context, &source->val[i], dest)) continue; - ret = krb5_copy_address(context, - &source->val[i], + ret = krb5_copy_address(context, + &source->val[i], &dest->val[dest->len]); if(ret) return ret; @@ -1381,7 +1474,7 @@ krb5_append_addresses(krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport (krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port) { @@ -1391,13 +1484,15 @@ krb5_make_addrport (krb5_context context, *res = malloc (sizeof(**res)); if (*res == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; ret = krb5_data_alloc (&(*res)->address, len); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message (context, ret, + N_("malloc: out of memory", "")); free (*res); *res = NULL; return ret; @@ -1427,7 +1522,6 @@ krb5_make_addrport (krb5_context context, *p++ = (2 >> 24) & 0xFF; memcpy (p, &port, 2); - p += 2; return 0; } @@ -1447,7 +1541,7 @@ krb5_make_addrport (krb5_context context, * @ingroup krb5_address */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary(krb5_context context, const krb5_address *inaddr, unsigned long prefixlen, @@ -1457,7 +1551,9 @@ krb5_address_prefixlen_boundary(krb5_context context, struct addr_operations *a = find_atype (inaddr->addr_type); if(a != NULL && a->mask_boundary != NULL) return (*a->mask_boundary)(context, inaddr, prefixlen, low, high); - krb5_set_error_string(context, "Address family %d doesn't support " - "address mask operation", inaddr->addr_type); + krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, + N_("Address family %d doesn't support " + "address mask operation", ""), + inaddr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c index 82b3431add5..19b0ddd0750 100644 --- a/crypto/heimdal/lib/krb5/aes-test.c +++ b/crypto/heimdal/lib/krb5/aes-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,13 +33,12 @@ #include "krb5_locl.h" #include #include +#include #ifdef HAVE_OPENSSL #include #endif -RCSID("$Id: aes-test.c 18301 2006-10-07 13:50:34Z lha $"); - static int verbose = 0; static void @@ -62,16 +61,16 @@ struct { char *pbkdf2; char *key; } keys[] = { - { + { "password", "ATHENA.MIT.EDUraeburn", -1, - 1, + 1, ETYPE_AES128_CTS_HMAC_SHA1_96, 16, "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15", "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15" }, { "password", "ATHENA.MIT.EDUraeburn", -1, - 1, + 1, ETYPE_AES256_CTS_HMAC_SHA1_96, 32, "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15" "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37", @@ -87,7 +86,7 @@ struct { }, { "password", "ATHENA.MIT.EDUraeburn", -1, - 2, + 2, ETYPE_AES256_CTS_HMAC_SHA1_96, 32, "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d" "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86", @@ -96,14 +95,14 @@ struct { }, { "password", "ATHENA.MIT.EDUraeburn", -1, - 1200, + 1200, ETYPE_AES128_CTS_HMAC_SHA1_96, 16, "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a" }, { "password", "ATHENA.MIT.EDUraeburn", -1, - 1200, + 1200, ETYPE_AES256_CTS_HMAC_SHA1_96, 32, "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", @@ -180,14 +179,14 @@ struct { "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e" }, { - "foo", "", -1, + "foo", "", -1, 0, ETYPE_ARCFOUR_HMAC_MD5, 16, NULL, "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc" }, { - "test", "", -1, + "test", "", -1, 0, ETYPE_ARCFOUR_HMAC_MD5, 16, NULL, @@ -215,11 +214,11 @@ string_to_key_test(krb5_context context) salt.saltvalue.length = strlen(salt.saltvalue.data); else salt.saltvalue.length = keys[i].saltlen; - + opaque.data = iter; opaque.length = sizeof(iter); _krb5_put_int(iter, keys[i].iterations, 4); - + if (keys[i].pbkdf2) { unsigned char keyout[32]; @@ -228,15 +227,15 @@ string_to_key_test(krb5_context context) PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, salt.saltvalue.data, salt.saltvalue.length, - keys[i].iterations, + keys[i].iterations, keys[i].keylen, keyout); - + if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) { krb5_warnx(context, "%d: pbkdf2", i); val = 1; continue; } - + if (verbose) { printf("PBKDF2:\n"); hex_dump_data(keyout, keys[i].keylen); @@ -248,31 +247,31 @@ string_to_key_test(krb5_context context) ret = krb5_string_to_key_data_salt_opaque (context, keys[i].enctype, - password, - salt, - opaque, + password, + salt, + opaque, &key); if (ret) { - krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", + krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", i); val = 1; continue; } - + if (key.keyvalue.length != keys[i].keylen) { krb5_warnx(context, "%d: key wrong length (%lu/%lu)", - i, (unsigned long)key.keyvalue.length, + i, (unsigned long)key.keyvalue.length, (unsigned long)keys[i].keylen); val = 1; continue; } - + if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) { krb5_warnx(context, "%d: key wrong", i); val = 1; continue; } - + if (verbose) { printf("key:\n"); hex_dump_data(key.keyvalue.data, key.keyvalue.length); @@ -283,295 +282,11 @@ string_to_key_test(krb5_context context) return val; } -struct enc_test { - size_t len; - char *input; - char *output; - char *nextiv; -}; - -struct enc_test encs1[] = { - { - 17, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20", - "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" - "\x97", - "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" - }, - { - 31, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", - "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" - "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", - "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" - }, - { - 32, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", - "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" - "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", - "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" - }, - { - 47, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", - "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" - "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" - "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", - "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" - }, - { - 48, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20", - "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" - "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" - "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", - "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" - }, - { - 64, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", - "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" - "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" - "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" - "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", - "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" - } -}; - - -struct enc_test encs2[] = { - { - 17, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20", - "\x5c\x13\x26\x27\xc4\xcb\xca\x04\x14\x43\x8a\xb5\x97\x97\x7c\x10" - "\x16" - }, - { - 31, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", - "\x16\xb3\xd8\xe5\xcd\x93\xe6\x2c\x28\x70\xa0\x36\x6e\x9a\xb9\x74" - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53" - }, - { - 32, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - }, - { - 47, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\xe5\x56\xb4\x88\x41\xb9\xde\x27\xf0\x07\xa1\x6e\x89\x94\x47\xf1" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff" - }, - { - 48, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - }, - { - 64, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67" - "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30" - }, - { - 78, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e" - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30" - "\x73\xfb\x2c\x36\x76\xaf\xcf\x31\xff\xe3\x8a\x89\x0c\x7e\x99\x3f" - "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62" - }, - { - 83, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e" - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" - "\x41\x41\x41", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30" - "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67" - "\x65\x39\x3a\xdb\x92\x05\x4d\x4f\x08\xa1\xfa\x59\xda\x56\x58\x0e" - "\x3b\xac\x12" - }, - { - 92, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e" - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30" - "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67" - "\x0c\xff\xd7\x63\x50\xf8\x4e\xf9\xec\x56\x1c\x79\xc5\xc8\xfe\x50" - "\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f" - }, - { - 96, - "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" - "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" - "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" - "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e" - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41", - "\x16\xc1\xee\xdf\x39\xc8\x3f\xfb\xc5\xf6\x72\xe9\xc1\x6e\x53\x0c" - "\x69\xde\xce\x59\x83\x6a\x82\xe1\xcd\x21\x93\xd0\x9e\x2a\xff\xc8" - "\xfd\x68\xd1\x56\x32\x23\x7b\xfa\xb0\x09\x86\x3b\x17\x53\xfa\x30" - "\x70\x29\xf2\x6f\x7c\x79\xc1\x77\x91\xad\x94\xb0\x78\x62\x27\x67" - "\x08\x28\x49\xad\xfc\x2d\x8e\x86\xae\x69\xa5\xa8\xd9\x29\x9e\xe4" - "\x3b\xac\x12\x6e\xd3\x2d\x02\xc4\xe5\x06\x43\x5f\x4c\x41\xd1\xb8" - } -}; - - - -char *aes_key1 = - "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"; - -char *aes_key2 = - "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69" - "\x2c\x20\x79\x75\x6d\x6d\x79\x20\x79\x75\x6d\x6d\x79\x21\x21\x21"; - - -static int -samep(int testn, char *type, const void *pp1, const void *pp2, size_t len) -{ - const unsigned char *p1 = pp1, *p2 = pp2; - size_t i; - int val = 1; - - for (i = 0; i < len; i++) { - if (p1[i] != p2[i]) { - if (verbose) - printf("M"); - val = 0; - } else { - if (verbose) - printf("."); - } - } - if (verbose) - printf("\n"); - return val; -} - -static int -encryption_test(krb5_context context, const void *key, size_t keylen, - struct enc_test *enc, int numenc) -{ - unsigned char iv[AES_BLOCK_SIZE]; - int i, val, failed = 0; - AES_KEY ekey, dkey; - unsigned char *p; - - AES_set_encrypt_key(key, keylen, &ekey); - AES_set_decrypt_key(key, keylen, &dkey); - - for (i = 0; i < numenc; i++) { - val = 0; - - if (verbose) - printf("test: %d\n", i); - memset(iv, 0, sizeof(iv)); - - p = malloc(enc[i].len + 1); - if (p == NULL) - krb5_errx(context, 1, "malloc"); - - p[enc[i].len] = '\0'; - - memcpy(p, enc[i].input, enc[i].len); - - _krb5_aes_cts_encrypt(p, p, enc[i].len, - &ekey, iv, AES_ENCRYPT); - - if (p[enc[i].len] != '\0') { - krb5_warnx(context, "%d: encrypt modified off end", i); - val = 1; - } - - if (!samep(i, "cipher", p, enc[i].output, enc[i].len)) { - krb5_warnx(context, "%d: cipher", i); - val = 1; - } - - if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/ - krb5_warnx(context, "%d: iv", i); - val = 1; - } - - memset(iv, 0, sizeof(iv)); - - _krb5_aes_cts_encrypt(p, p, enc[i].len, - &dkey, iv, AES_DECRYPT); - - if (p[enc[i].len] != '\0') { - krb5_warnx(context, "%d: decrypt modified off end", i); - val = 1; - } - - if (!samep(i, "clear", p, enc[i].input, enc[i].len)) - val = 1; - - if (enc[i].nextiv && !samep(i, "iv", iv, enc[i].nextiv, 16)){ /*XXX*/ - krb5_warnx(context, "%d: iv", i); - val = 1; - } - - free(p); - - if (val) { - printf("test %d failed\n", i); - failed = 1; - } - val = 0; - } - return failed; -} - static int krb_enc(krb5_context context, - krb5_crypto crypto, + krb5_crypto crypto, unsigned usage, - krb5_data *cipher, + krb5_data *cipher, krb5_data *clear) { krb5_data decrypt; @@ -602,14 +317,214 @@ krb_enc(krb5_context context, return 0; } +static int +krb_enc_iov2(krb5_context context, + krb5_crypto crypto, + unsigned usage, + size_t cipher_len, + krb5_data *clear) +{ + krb5_crypto_iov iov[4]; + krb5_data decrypt; + int ret; + char *p, *q; + size_t len, i; + + p = clear->data; + len = clear->length; + + iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; + krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); + iov[0].data.data = emalloc(iov[0].data.length); + + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data.length = len; + iov[1].data.data = emalloc(iov[1].data.length); + memcpy(iov[1].data.data, p, iov[1].data.length); + + /* padding buffer */ + iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; + krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_PADDING, &iov[2].data.length); + iov[2].data.data = emalloc(iov[2].data.length); + + iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; + krb5_crypto_length(context, crypto, iov[3].flags, &iov[3].data.length); + iov[3].data.data = emalloc(iov[3].data.length); + + ret = krb5_encrypt_iov_ivec(context, crypto, usage, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + errx(1, "encrypt iov failed: %d", ret); + + /* check len */ + for (i = 0, len = 0; i < sizeof(iov)/sizeof(iov[0]); i++) + len += iov[i].data.length; + if (len != cipher_len) + errx(1, "cipher len wrong"); + + /* + * Plain decrypt + */ + + p = q = emalloc(len); + for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { + memcpy(q, iov[i].data.data, iov[i].data.length); + q += iov[i].data.length; + } + + ret = krb5_decrypt(context, crypto, usage, p, len, &decrypt); + if (ret) + krb5_err(context, 1, ret, "krb5_decrypt"); + else + krb5_data_free(&decrypt); + + free(p); + + /* + * Now decrypt use iov + */ + + /* padding turn into data */ + p = q = emalloc(iov[1].data.length + iov[2].data.length); + + memcpy(q, iov[1].data.data, iov[1].data.length); + q += iov[1].data.length; + memcpy(q, iov[2].data.data, iov[2].data.length); + + free(iov[1].data.data); + free(iov[2].data.data); + + iov[1].data.data = p; + iov[1].data.length += iov[2].data.length; + + iov[2].flags = KRB5_CRYPTO_TYPE_EMPTY; + iov[2].data.length = 0; + + ret = krb5_decrypt_iov_ivec(context, crypto, usage, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + free(iov[0].data.data); + free(iov[3].data.data); + + if (ret) + krb5_err(context, 1, ret, "decrypt iov failed: %d", ret); + + if (clear->length != iov[1].data.length) + errx(1, "length incorrect"); + + p = clear->data; + if (memcmp(iov[1].data.data, p, iov[1].data.length) != 0) + errx(1, "iov[1] incorrect"); + + free(iov[1].data.data); + + return 0; +} + + +static int +krb_enc_iov(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_data *cipher, + krb5_data *clear) +{ + krb5_crypto_iov iov[3]; + int ret; + char *p; + size_t len; + + p = cipher->data; + len = cipher->length; + + iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; + krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); + iov[0].data.data = emalloc(iov[0].data.length); + memcpy(iov[0].data.data, p, iov[0].data.length); + p += iov[0].data.length; + len -= iov[0].data.length; + + iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER; + krb5_crypto_length(context, crypto, iov[1].flags, &iov[1].data.length); + iov[1].data.data = emalloc(iov[1].data.length); + memcpy(iov[1].data.data, p + len - iov[1].data.length, iov[1].data.length); + len -= iov[1].data.length; + + iov[2].flags = KRB5_CRYPTO_TYPE_DATA; + iov[2].data.length = len; + iov[2].data.data = emalloc(len); + memcpy(iov[2].data.data, p, len); + + ret = krb5_decrypt_iov_ivec(context, crypto, usage, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb_enc_iov decrypt iov failed: %d", ret); + + if (clear->length != iov[2].data.length) + errx(1, "length incorrect"); + + p = clear->data; + if (memcmp(iov[2].data.data, p, iov[2].data.length) != 0) + errx(1, "iov[2] incorrect"); + + free(iov[0].data.data); + free(iov[1].data.data); + free(iov[2].data.data); + + + return 0; +} + +static int +krb_checksum_iov(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_data *plain) +{ + krb5_crypto_iov iov[4]; + int ret; + char *p; + size_t len; + + p = plain->data; + len = plain->length; + + iov[0].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + krb5_crypto_length(context, crypto, iov[0].flags, &iov[0].data.length); + iov[0].data.data = emalloc(iov[0].data.length); + + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data.length = len; + iov[1].data.data = p; + + iov[2].flags = KRB5_CRYPTO_TYPE_TRAILER; + krb5_crypto_length(context, crypto, iov[0].flags, &iov[2].data.length); + iov[2].data.data = malloc(iov[2].data.length); + + ret = krb5_create_checksum_iov(context, crypto, usage, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_create_checksum_iov failed"); + + ret = krb5_verify_checksum_iov(context, crypto, usage, iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_verify_checksum_iov"); + + free(iov[0].data.data); + free(iov[2].data.data); + + return 0; +} + + static int krb_enc_mit(krb5_context context, krb5_enctype enctype, krb5_keyblock *key, unsigned usage, - krb5_data *cipher, + krb5_data *cipher, krb5_data *clear) { +#ifndef HEIMDAL_SMALLER krb5_error_code ret; krb5_enc_data e; krb5_data decrypt; @@ -640,7 +555,7 @@ krb_enc_mit(krb5_context context, (unsigned long)len, (unsigned long)cipher->length); return EINVAL; } - +#endif /* HEIMDAL_SMALLER */ return 0; } @@ -655,10 +570,10 @@ struct { size_t plen; void *pdata; } krbencs[] = { - { + { ETYPE_AES256_CTS_HMAC_SHA1_96, 7, - 32, + 32, "\x47\x75\x69\x64\x65\x6c\x69\x6e\x65\x73\x20\x74\x6f\x20\x41\x75" "\x74\x68\x6f\x72\x73\x20\x6f\x66\x20\x49\x6e\x74\x65\x72\x6e\x65", 44, @@ -678,7 +593,7 @@ krb_enc_test(krb5_context context) krb5_crypto crypto; krb5_keyblock kb; krb5_data cipher, plain; - int i, failed = 0; + int i; for (i = 0; i < sizeof(krbencs)/sizeof(krbencs[0]); i++) { @@ -692,27 +607,216 @@ krb_enc_test(krb5_context context) cipher.data = krbencs[i].edata; plain.length = krbencs[i].plen; plain.data = krbencs[i].pdata; - + ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain); - - if (ret) { - failed = 1; - printf("krb_enc failed with %d\n", ret); - } + + if (ret) + errx(1, "krb_enc failed with %d for test %d", ret, i); + + ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain); + if (ret) + errx(1, "krb_enc_iov failed with %d for test %d", ret, i); + + ret = krb_enc_iov2(context, crypto, krbencs[i].usage, + cipher.length, &plain); + if (ret) + errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i); + + ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain); + if (ret) + errx(1, "krb_checksum_iov failed with %d for test %d", ret, i); + krb5_crypto_destroy(context, crypto); - ret = krb_enc_mit(context, krbencs[i].enctype, &kb, + ret = krb_enc_mit(context, krbencs[i].enctype, &kb, krbencs[i].usage, &cipher, &plain); - if (ret) { - failed = 1; - printf("krb_enc_mit failed with %d\n", ret); - } - + if (ret) + errx(1, "krb_enc_mit failed with %d for test %d", ret, i); } - return failed; + return 0; } +static int +iov_test(krb5_context context) +{ + krb5_enctype enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + krb5_error_code ret; + krb5_crypto crypto; + krb5_keyblock key; + krb5_data signonly, in, in2; + krb5_crypto_iov iov[6]; + size_t len, i; + unsigned char *base, *p; + + ret = krb5_generate_random_keyblock(context, enctype, &key); + if (ret) + krb5_err(context, 1, ret, "krb5_generate_random_keyblock"); + + ret = krb5_crypto_init(context, &key, 0, &crypto); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_init"); + + + ret = krb5_crypto_length(context, crypto, KRB5_CRYPTO_TYPE_HEADER, &len); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_length"); + + signonly.data = "This should be signed"; + signonly.length = strlen(signonly.data); + in.data = "inputdata"; + in.length = strlen(in.data); + + in2.data = "INPUTDATA"; + in2.length = strlen(in2.data); + + + memset(iov, 0, sizeof(iov)); + + iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data = in; + iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + iov[2].data = signonly; + iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY; + iov[4].flags = KRB5_CRYPTO_TYPE_PADDING; + iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER; + + ret = krb5_crypto_length_iov(context, crypto, iov, + sizeof(iov)/sizeof(iov[0])); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_length_iov"); + + for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { + if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += iov[i].data.length; + } + + base = emalloc(len); + + /* + * Allocate data for the fields + */ + + for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { + if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue;; + iov[i].data.data = p; + p += iov[i].data.length; + } + assert(iov[1].data.length == in.length); + memcpy(iov[1].data.data, in.data, iov[1].data.length); + + /* + * Encrypt + */ + + ret = krb5_encrypt_iov_ivec(context, crypto, 7, iov, + sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec"); + + /* + * Decrypt + */ + + ret = krb5_decrypt_iov_ivec(context, crypto, 7, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec"); + + /* + * Verify data + */ + + if (krb5_data_cmp(&iov[1].data, &in) != 0) + krb5_errx(context, 1, "decrypted data not same"); + + /* + * Free memory + */ + + free(base); + + /* Set up for second try */ + + iov[3].flags = KRB5_CRYPTO_TYPE_DATA; + iov[3].data = in; + + ret = krb5_crypto_length_iov(context, crypto, + iov, sizeof(iov)/sizeof(iov[0])); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_length_iov"); + + for (len = 0, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { + if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += iov[i].data.length; + } + + base = emalloc(len); + + /* + * Allocate data for the fields + */ + + for (p = base, i = 0; i < sizeof(iov)/sizeof(iov[0]); i++) { + if (iov[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue;; + iov[i].data.data = p; + p += iov[i].data.length; + } + assert(iov[1].data.length == in.length); + memcpy(iov[1].data.data, in.data, iov[1].data.length); + + assert(iov[3].data.length == in2.length); + memcpy(iov[3].data.data, in2.data, iov[3].data.length); + + + + /* + * Encrypt + */ + + ret = krb5_encrypt_iov_ivec(context, crypto, 7, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_encrypt_iov_ivec"); + + /* + * Decrypt + */ + + ret = krb5_decrypt_iov_ivec(context, crypto, 7, + iov, sizeof(iov)/sizeof(iov[0]), NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_decrypt_iov_ivec"); + + /* + * Verify data + */ + + if (krb5_data_cmp(&iov[1].data, &in) != 0) + krb5_errx(context, 1, "decrypted data 2.1 not same"); + + if (krb5_data_cmp(&iov[3].data, &in2) != 0) + krb5_errx(context, 1, "decrypted data 2.2 not same"); + + /* + * Free memory + */ + + free(base); + + krb5_crypto_destroy(context, crypto); + + krb5_free_keyblock_contents(context, &key); + + return 0; +} + + static int random_to_key(krb5_context context) @@ -746,26 +850,22 @@ random_to_key(krb5_context context) return 0; } - int main(int argc, char **argv) { krb5_error_code ret; krb5_context context; int val = 0; - + ret = krb5_init_context (&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); val |= string_to_key_test(context); - val |= encryption_test(context, aes_key1, 128, - encs1, sizeof(encs1)/sizeof(encs1[0])); - val |= encryption_test(context, aes_key2, 256, - encs2, sizeof(encs2)/sizeof(encs2[0])); val |= krb_enc_test(context); val |= random_to_key(context); + val |= iov_test(context); if (verbose && val == 0) printf("all ok\n"); diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c index 5800404d981..7bfd861da94 100644 --- a/crypto/heimdal/lib/krb5/aname_to_localname.c +++ b/crypto/heimdal/lib/krb5/aname_to_localname.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 1999, 2002 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999, 2002 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: aname_to_localname.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_aname_to_localname (krb5_context context, krb5_const_principal aname, size_t lnsize, @@ -74,7 +72,7 @@ krb5_aname_to_localname (krb5_context context, ret = krb5_copy_principal(context, aname, &rootprinc); if (ret) return ret; - + userok = krb5_kuserok(context, rootprinc, res); krb5_free_principal(context, rootprinc); if (!userok) diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c index b0bb171f4a1..d4e963d74ab 100644 --- a/crypto/heimdal/lib/krb5/appdefault.c +++ b/crypto/heimdal/lib/krb5/appdefault.c @@ -1,118 +1,116 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $"); - -void KRB5_LIB_FUNCTION -krb5_appdefault_boolean(krb5_context context, const char *appname, +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_appdefault_boolean(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, krb5_boolean def_val, krb5_boolean *ret_val) { - + if(appname == NULL) appname = getprogname(); - def_val = krb5_config_get_bool_default(context, NULL, def_val, + def_val = krb5_config_get_bool_default(context, NULL, def_val, "libdefaults", option, NULL); if(realm != NULL) - def_val = krb5_config_get_bool_default(context, NULL, def_val, + def_val = krb5_config_get_bool_default(context, NULL, def_val, "realms", realm, option, NULL); - - def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - option, + + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + option, NULL); if(realm != NULL) def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - realm, - option, + "appdefaults", + realm, + option, NULL); if(appname != NULL) { - def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - appname, - option, + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + appname, + option, NULL); if(realm != NULL) def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - appname, - realm, - option, + "appdefaults", + appname, + realm, + option, NULL); } *ret_val = def_val; } -void KRB5_LIB_FUNCTION -krb5_appdefault_string(krb5_context context, const char *appname, +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_appdefault_string(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, const char *def_val, char **ret_val) { if(appname == NULL) appname = getprogname(); - def_val = krb5_config_get_string_default(context, NULL, def_val, + def_val = krb5_config_get_string_default(context, NULL, def_val, "libdefaults", option, NULL); if(realm != NULL) - def_val = krb5_config_get_string_default(context, NULL, def_val, + def_val = krb5_config_get_string_default(context, NULL, def_val, "realms", realm, option, NULL); - def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - option, + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + option, NULL); if(realm != NULL) def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - realm, - option, + "appdefaults", + realm, + option, NULL); if(appname != NULL) { - def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - appname, - option, + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + appname, + option, NULL); if(realm != NULL) def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - appname, - realm, - option, + "appdefaults", + appname, + realm, + option, NULL); } if(def_val != NULL) @@ -121,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname, *ret_val = NULL; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_time(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, time_t def_val, time_t *ret_val) diff --git a/crypto/heimdal/lib/krb5/asn1_glue.c b/crypto/heimdal/lib/krb5/asn1_glue.c index b3f775b4bea..a821faff93e 100644 --- a/crypto/heimdal/lib/krb5/asn1_glue.c +++ b/crypto/heimdal/lib/krb5/asn1_glue.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* @@ -37,28 +37,36 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principal2principalname (PrincipalName *p, const krb5_principal from) { return copy_PrincipalName(&from->name, p); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principalname2krb5_principal (krb5_context context, krb5_principal *principal, const PrincipalName from, const Realm realm) { - krb5_principal p = malloc(sizeof(*p)); + krb5_error_code ret; + krb5_principal p; + + p = malloc(sizeof(*p)); if (p == NULL) return ENOMEM; - copy_PrincipalName(&from, &p->name); + ret = copy_PrincipalName(&from, &p->name); + if (ret) { + free(p); + return ret; + } p->realm = strdup(realm); - if (p->realm == NULL) + if (p->realm == NULL) { + free_PrincipalName(&p->name); + free(p); return ENOMEM; + } *principal = p; return 0; } diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c index 323f17a2453..25ae15cf0f3 100644 --- a/crypto/heimdal/lib/krb5/auth_context.c +++ b/crypto/heimdal/lib/krb5/auth_context.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: auth_context.c 21745 2007-07-31 16:11:25Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context) { @@ -43,13 +41,13 @@ krb5_auth_con_init(krb5_context context, ALLOC(p, 1); if(!p) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memset(p, 0, sizeof(*p)); ALLOC(p->authenticator, 1); if (!p->authenticator) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(p); return ENOMEM; } @@ -60,13 +58,13 @@ krb5_auth_con_init(krb5_context context, p->remote_address = NULL; p->local_port = 0; p->remote_port = 0; - p->keytype = KEYTYPE_NULL; + p->keytype = ENCTYPE_NULL; p->cksumtype = CKSUMTYPE_NONE; *auth_context = p; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) { @@ -88,7 +86,7 @@ krb5_auth_con_free(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, int32_t flags) @@ -98,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, int32_t *flags) @@ -107,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_addflags(krb5_context context, krb5_auth_context auth_context, int32_t addflags, @@ -119,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_removeflags(krb5_context context, krb5_auth_context auth_context, int32_t removeflags, @@ -131,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, @@ -156,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_genaddrs(krb5_context context, - krb5_auth_context auth_context, - int fd, int flags) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_genaddrs(krb5_context context, + krb5_auth_context auth_context, + krb5_socket_t fd, int flags) { krb5_error_code ret; krb5_address local_k_address, remote_k_address; @@ -172,10 +170,11 @@ krb5_auth_con_genaddrs(krb5_context context, if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) { if (auth_context->local_address == NULL) { len = sizeof(ss_local); - if(getsockname(fd, local, &len) < 0) { - ret = errno; - krb5_set_error_string (context, "getsockname: %s", - strerror(ret)); + if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) { + char buf[128]; + ret = rk_SOCK_ERRNO; + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, "getsockname: %s", buf); goto out; } ret = krb5_sockaddr2address (context, local, &local_k_address); @@ -189,9 +188,11 @@ krb5_auth_con_genaddrs(krb5_context context, } if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { len = sizeof(ss_remote); - if(getpeername(fd, remote, &len) < 0) { - ret = errno; - krb5_set_error_string (context, "getpeername: %s", strerror(ret)); + if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { + char buf[128]; + ret = rk_SOCK_ERRNO; + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, "getpeername: %s", buf); goto out; } ret = krb5_sockaddr2address (context, remote, &remote_k_address); @@ -215,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs_from_fd (krb5_context context, krb5_auth_context auth_context, void *p_fd) { - int fd = *(int*)p_fd; + krb5_socket_t fd = *(krb5_socket_t *)p_fd; int flags = 0; if(auth_context->local_address == NULL) flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR; @@ -229,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context, return krb5_auth_con_genaddrs(context, auth_context, fd, flags); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, @@ -239,7 +240,7 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_free_address (context, *local_addr); *local_addr = malloc (sizeof(**local_addr)); if (*local_addr == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_copy_address(context, @@ -250,7 +251,7 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_free_address (context, *remote_addr); *remote_addr = malloc (sizeof(**remote_addr)); if (*remote_addr == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); krb5_free_address (context, *local_addr); *local_addr = NULL; return ENOMEM; @@ -261,6 +262,7 @@ krb5_auth_con_getaddrs(krb5_context context, return 0; } +/* coverity[+alloc : arg-*2] */ static krb5_error_code copy_key(krb5_context context, krb5_keyblock *in, @@ -272,7 +274,7 @@ copy_key(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -280,7 +282,7 @@ krb5_auth_con_getkey(krb5_context context, return copy_key(context, auth_context->keyblock, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -288,7 +290,8 @@ krb5_auth_con_getlocalsubkey(krb5_context context, return copy_key(context, auth_context->local_subkey, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +/* coverity[+alloc : arg-*2] */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock) @@ -296,7 +299,7 @@ krb5_auth_con_getremotesubkey(krb5_context context, return copy_key(context, auth_context->remote_subkey, keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -306,7 +309,7 @@ krb5_auth_con_setkey(krb5_context context, return copy_key(context, keyblock, &auth_context->keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -316,7 +319,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context, return copy_key(context, keyblock, &auth_context->local_subkey); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_generatelocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *key) @@ -336,7 +339,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -346,7 +349,7 @@ krb5_auth_con_setremotesubkey(krb5_context context, return copy_key(context, keyblock, &auth_context->remote_subkey); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setcksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype) @@ -355,7 +358,7 @@ krb5_auth_con_setcksumtype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getcksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype *cksumtype) @@ -364,7 +367,7 @@ krb5_auth_con_getcksumtype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkeytype (krb5_context context, krb5_auth_context auth_context, krb5_keytype keytype) @@ -373,7 +376,7 @@ krb5_auth_con_setkeytype (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkeytype (krb5_context context, krb5_auth_context auth_context, krb5_keytype *keytype) @@ -383,7 +386,7 @@ krb5_auth_con_getkeytype (krb5_context context, } #if 0 -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setenctype(krb5_context context, krb5_auth_context auth_context, krb5_enctype etype) @@ -397,7 +400,7 @@ krb5_auth_con_setenctype(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getenctype(krb5_context context, krb5_auth_context auth_context, krb5_enctype *etype) @@ -406,7 +409,7 @@ krb5_auth_con_getenctype(krb5_context context, } #endif -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) @@ -415,7 +418,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) @@ -424,16 +427,16 @@ krb5_auth_con_setlocalseqnumber (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_getremoteseqnumber(krb5_context context, - krb5_auth_context auth_context, - int32_t *seqnumber) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getremoteseqnumber(krb5_context context, + krb5_auth_context auth_context, + int32_t *seqnumber) { *seqnumber = auth_context->remote_seqnumber; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) @@ -443,14 +446,14 @@ krb5_auth_con_setremoteseqnumber (krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator *authenticator) { *authenticator = malloc(sizeof(**authenticator)); if (*authenticator == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -460,7 +463,7 @@ krb5_auth_con_getauthenticator(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_authenticator(krb5_context context, krb5_authenticator *authenticator) { @@ -470,7 +473,7 @@ krb5_free_authenticator(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setuserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) @@ -480,7 +483,7 @@ krb5_auth_con_setuserkey(krb5_context context, return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache) @@ -489,7 +492,7 @@ krb5_auth_con_getrcache(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache) @@ -500,7 +503,7 @@ krb5_auth_con_setrcache(krb5_context context, #if 0 /* not implemented */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) { @@ -508,7 +511,7 @@ krb5_auth_con_initivector(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setivector(krb5_context context, krb5_auth_context auth_context, krb5_pointer ivector) diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c index b1968fe817b..d56a0a194e1 100644 --- a/crypto/heimdal/lib/krb5/build_ap_req.c +++ b/crypto/heimdal/lib/krb5/build_ap_req.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_ap_req (krb5_context context, krb5_enctype enctype, krb5_creds *cred, @@ -47,13 +45,13 @@ krb5_build_ap_req (krb5_context context, AP_REQ ap; Ticket t; size_t len; - + ap.pvno = 5; ap.msg_type = krb_ap_req; memset(&ap.ap_options, 0, sizeof(ap.ap_options)); ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0; ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0; - + ap.ticket.tkt_vno = 5; copy_Realm(&cred->server->realm, &ap.ticket.realm); copy_PrincipalName(&cred->server->name, &ap.ticket.sname); diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c index f8739c044d1..01145a28c60 100644 --- a/crypto/heimdal/lib/krb5/build_auth.c +++ b/crypto/heimdal/lib/krb5/build_auth.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: build_auth.c 17033 2006-04-10 08:53:21Z lha $"); +#include "krb5_locl.h" static krb5_error_code make_etypelist(krb5_context context, @@ -43,10 +41,12 @@ make_etypelist(krb5_context context, krb5_error_code ret; krb5_authdata ad; u_char *buf; - size_t len; + size_t len = 0; size_t buf_size; - - ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL); + + ret = _krb5_init_etype(context, KRB5_PDU_NONE, + &etypes.len, &etypes.val, + NULL); if (ret) return ret; @@ -62,7 +62,7 @@ make_etypelist(krb5_context context, ALLOC_SEQ(&ad, 1); if (ad.val == NULL) { free(buf); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -74,21 +74,23 @@ make_etypelist(krb5_context context, if (ret) { free_AuthorizationData(&ad); return ret; - } + } if(buf_size != len) krb5_abortx(context, "internal error in ASN.1 encoder"); free_AuthorizationData(&ad); ALLOC(*auth_data, 1); if (*auth_data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + free(buf); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ALLOC_SEQ(*auth_data, 1); if ((*auth_data)->val == NULL) { + free(*auth_data); free(buf); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -99,71 +101,76 @@ make_etypelist(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_authenticator (krb5_context context, - krb5_auth_context auth_context, - krb5_enctype enctype, - krb5_creds *cred, - Checksum *cksum, - Authenticator **auth_result, - krb5_data *result, - krb5_key_usage usage) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_build_authenticator (krb5_context context, + krb5_auth_context auth_context, + krb5_enctype enctype, + krb5_creds *cred, + Checksum *cksum, + krb5_data *result, + krb5_key_usage usage) { - Authenticator *auth; + Authenticator auth; u_char *buf = NULL; size_t buf_size; - size_t len; + size_t len = 0; krb5_error_code ret; krb5_crypto crypto; - auth = calloc(1, sizeof(*auth)); - if (auth == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } + memset(&auth, 0, sizeof(auth)); - auth->authenticator_vno = 5; - copy_Realm(&cred->client->realm, &auth->crealm); - copy_PrincipalName(&cred->client->name, &auth->cname); + auth.authenticator_vno = 5; + copy_Realm(&cred->client->realm, &auth.crealm); + copy_PrincipalName(&cred->client->name, &auth.cname); - krb5_us_timeofday (context, &auth->ctime, &auth->cusec); - - ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey); + krb5_us_timeofday (context, &auth.ctime, &auth.cusec); + + ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth.subkey); if(ret) goto fail; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { if(auth_context->local_seqnumber == 0) krb5_generate_seq_number (context, - &cred->session, + &cred->session, &auth_context->local_seqnumber); - ALLOC(auth->seq_number, 1); - if(auth->seq_number == NULL) { + ALLOC(auth.seq_number, 1); + if(auth.seq_number == NULL) { ret = ENOMEM; goto fail; } - *auth->seq_number = auth_context->local_seqnumber; + *auth.seq_number = auth_context->local_seqnumber; } else - auth->seq_number = NULL; - auth->authorization_data = NULL; - auth->cksum = cksum; + auth.seq_number = NULL; + auth.authorization_data = NULL; - if (cksum != NULL && cksum->cksumtype == CKSUMTYPE_GSSAPI) { - /* - * This is not GSS-API specific, we only enable it for - * GSS for now - */ - ret = make_etypelist(context, &auth->authorization_data); + if (cksum) { + ALLOC(auth.cksum, 1); + if (auth.cksum == NULL) { + ret = ENOMEM; + goto fail; + } + ret = copy_Checksum(cksum, auth.cksum); if (ret) goto fail; + + if (auth.cksum->cksumtype == CKSUMTYPE_GSSAPI) { + /* + * This is not GSS-API specific, we only enable it for + * GSS for now + */ + ret = make_etypelist(context, &auth.authorization_data); + if (ret) + goto fail; + } } /* XXX - Copy more to auth_context? */ - auth_context->authenticator->ctime = auth->ctime; - auth_context->authenticator->cusec = auth->cusec; + auth_context->authenticator->ctime = auth.ctime; + auth_context->authenticator->cusec = auth.cusec; - ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); + ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, &auth, &len, ret); if (ret) goto fail; if(buf_size != len) @@ -175,7 +182,7 @@ krb5_build_authenticator (krb5_context context, ret = krb5_encrypt (context, crypto, usage /* KRB5_KU_AP_REQ_AUTH */, - buf + buf_size - len, + buf, len, result); krb5_crypto_destroy(context, crypto); @@ -183,20 +190,9 @@ krb5_build_authenticator (krb5_context context, if (ret) goto fail; + fail: + free_Authenticator (&auth); free (buf); - if (auth_result) - *auth_result = auth; - else { - /* Don't free the `cksum', it's allocated by the caller */ - auth->cksum = NULL; - free_Authenticator (auth); - free (auth); - } - return ret; - fail: - free_Authenticator (auth); - free (auth); - free (buf); return ret; } diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c index 5db6d2b2cf8..88040cbc6f3 100644 --- a/crypto/heimdal/lib/krb5/cache.c +++ b/crypto/heimdal/lib/krb5/cache.c @@ -1,39 +1,104 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: cache.c 22127 2007-12-04 00:54:37Z lha $"); +/** + * @page krb5_ccache_intro The credential cache functions + * @section section_krb5_ccache Kerberos credential caches + * + * krb5_ccache structure holds a Kerberos credential cache. + * + * Heimdal support the follow types of credential caches: + * + * - SCC + * Store the credential in a database + * - FILE + * Store the credential in memory + * - MEMORY + * Store the credential in memory + * - API + * A credential cache server based solution for Mac OS X + * - KCM + * A credential cache server based solution for all platforms + * + * @subsection Example + * + * This is a minimalistic version of klist: +@code +#include + +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_cc_cursor cursor; + krb5_error_code ret; + krb5_ccache id; + krb5_creds creds; + + if (krb5_init_context (&context) != 0) + errx(1, "krb5_context"); + + ret = krb5_cc_default (context, &id); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_default"); + + ret = krb5_cc_start_seq_get(context, id, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_start_seq_get"); + + while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){ + char *principal; + + krb5_unparse_name(context, creds.server, &principal); + printf("principal: %s\\n", principal); + free(principal); + krb5_free_cred_contents (context, &creds); + } + ret = krb5_cc_end_seq_get(context, id, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_end_seq_get"); + + krb5_cc_close(context, id); + + krb5_free_context(context); + return 0; +} +* @endcode +*/ /** * Add a new ccache type with operations `ops', overwriting any @@ -44,43 +109,44 @@ RCSID("$Id: cache.c 22127 2007-12-04 00:54:37Z lha $"); * @param override flag to select if the registration is to overide * an existing ops with the same name. * - * @return Return an error code or 0. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_register(krb5_context context, - const krb5_cc_ops *ops, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_register(krb5_context context, + const krb5_cc_ops *ops, krb5_boolean override) { int i; - for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { - if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { + for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) { + if(strcmp(context->cc_ops[i]->prefix, ops->prefix) == 0) { if(!override) { - krb5_set_error_string(context, - "ccache type %s already exists", - ops->prefix); + krb5_set_error_message(context, + KRB5_CC_TYPE_EXISTS, + N_("cache type %s already exists", "type"), + ops->prefix); return KRB5_CC_TYPE_EXISTS; } break; } } if(i == context->num_cc_ops) { - krb5_cc_ops *o = realloc(context->cc_ops, - (context->num_cc_ops + 1) * - sizeof(*context->cc_ops)); + const krb5_cc_ops **o = realloc(rk_UNCONST(context->cc_ops), + (context->num_cc_ops + 1) * + sizeof(context->cc_ops[0])); if(o == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } - context->num_cc_ops++; context->cc_ops = o; - memset(context->cc_ops + i, 0, - (context->num_cc_ops - i) * sizeof(*context->cc_ops)); + context->cc_ops[context->num_cc_ops] = NULL; + context->num_cc_ops++; } - memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); + context->cc_ops[i] = ops; return 0; } @@ -90,7 +156,7 @@ krb5_cc_register(krb5_context context, */ krb5_error_code -_krb5_cc_allocate(krb5_context context, +_krb5_cc_allocate(krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) { @@ -98,7 +164,8 @@ _krb5_cc_allocate(krb5_context context, p = malloc (sizeof(*p)); if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } p->ops = ops; @@ -119,16 +186,58 @@ allocate_ccache (krb5_context context, krb5_ccache *id) { krb5_error_code ret; +#ifdef KRB5_USE_PATH_TOKENS + char * exp_residual = NULL; - ret = _krb5_cc_allocate(context, ops, id); + ret = _krb5_expand_path_tokens(context, residual, &exp_residual); if (ret) return ret; + + residual = exp_residual; +#endif + + ret = _krb5_cc_allocate(context, ops, id); + if (ret) { +#ifdef KRB5_USE_PATH_TOKENS + if (exp_residual) + free(exp_residual); +#endif + return ret; + } + ret = (*id)->ops->resolve(context, id, residual); - if(ret) + if(ret) { free(*id); + *id = NULL; + } + +#ifdef KRB5_USE_PATH_TOKENS + if (exp_residual) + free(exp_residual); +#endif + return ret; } +static int +is_possible_path_name(const char * name) +{ + const char * colon; + + if ((colon = strchr(name, ':')) == NULL) + return TRUE; + +#ifdef _WIN32 + /* :\path\to\cache ? */ + + if (colon == name + 1 && + strchr(colon + 1, ':') == NULL) + return TRUE; +#endif + + return FALSE; +} + /** * Find and allocate a ccache in `id' from the specification in `residual'. * If the ccache name doesn't contain any colon, interpret it as a file name. @@ -138,13 +247,13 @@ allocate_ccache (krb5_context context, * @param id return pointer to a found credential cache. * * @return Return 0 or an error code. In case of an error, id is set - * to NULL. + * to NULL, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve(krb5_context context, const char *name, krb5_ccache *id) @@ -153,41 +262,25 @@ krb5_cc_resolve(krb5_context context, *id = NULL; - for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { - size_t prefix_len = strlen(context->cc_ops[i].prefix); + for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) { + size_t prefix_len = strlen(context->cc_ops[i]->prefix); - if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0 + if(strncmp(context->cc_ops[i]->prefix, name, prefix_len) == 0 && name[prefix_len] == ':') { - return allocate_ccache (context, &context->cc_ops[i], + return allocate_ccache (context, context->cc_ops[i], name + prefix_len + 1, id); } } - if (strchr (name, ':') == NULL) + if (is_possible_path_name(name)) return allocate_ccache (context, &krb5_fcc_ops, name, id); else { - krb5_set_error_string(context, "unknown ccache type %s", name); + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + N_("unknown ccache type %s", "name"), name); return KRB5_CC_UNKNOWN_TYPE; } } -/** - * Generate a new ccache of type `ops' in `id'. - * - * @return Return 0 or an error code. - * - * @ingroup krb5_ccache - */ - - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_gen_new(krb5_context context, - const krb5_cc_ops *ops, - krb5_ccache *id) -{ - return krb5_cc_new_unique(context, ops->prefix, NULL, id); -} - /** * Generates a new unique ccache of `type` in `id'. If `type' is NULL, * the library chooses the default credential cache type. The supplied @@ -195,31 +288,34 @@ krb5_cc_gen_new(krb5_context context, * type can use to base the name of the credential on, this is to make * it easier for the user to differentiate the credentials. * - * @return Returns 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_new_unique(krb5_context context, const char *type, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id) { - const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE; + const krb5_cc_ops *ops; krb5_error_code ret; - if (type) { - ops = krb5_cc_get_prefix_ops(context, type); - if (ops == NULL) { - krb5_set_error_string(context, - "Credential cache type %s is unknown", type); - return KRB5_CC_UNKNOWN_TYPE; - } + ops = krb5_cc_get_prefix_ops(context, type); + if (ops == NULL) { + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "Credential cache type %s is unknown", type); + return KRB5_CC_UNKNOWN_TYPE; } ret = _krb5_cc_allocate(context, ops, id); if (ret) return ret; - return (*id)->ops->gen_new(context, id); + ret = (*id)->ops->gen_new(context, id); + if (ret) { + free(*id); + *id = NULL; + } + return ret; } /** @@ -229,7 +325,7 @@ krb5_cc_new_unique(krb5_context context, const char *type, */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name(krb5_context context, krb5_ccache id) { @@ -243,7 +339,7 @@ krb5_cc_get_name(krb5_context context, */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type(krb5_context context, krb5_ccache id) { @@ -251,15 +347,19 @@ krb5_cc_get_type(krb5_context context, } /** - * Return the complete resolvable name the ccache `id' in `str´. - * `str` should be freed with free(3). - * Returns 0 or an error (and then *str is set to NULL). + * Return the complete resolvable name the cache + + * @param context a Keberos context + * @param id return pointer to a found credential cache + * @param str the returned name of a credential cache, free with krb5_xfree() + * + * @return Returns 0 or an error (and then *str is set to NULL). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name(krb5_context context, krb5_ccache id, char **str) @@ -270,18 +370,20 @@ krb5_cc_get_full_name(krb5_context context, type = krb5_cc_get_type(context, id); if (type == NULL) { - krb5_set_error_string(context, "cache have no name of type"); + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "cache have no name of type"); return KRB5_CC_UNKNOWN_TYPE; } name = krb5_cc_get_name(context, id); if (name == NULL) { - krb5_set_error_string(context, "cache of type %s have no name", type); + krb5_set_error_message(context, KRB5_CC_BADNAME, + "cache of type %s have no name", type); return KRB5_CC_BADNAME; } - + if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); *str = NULL; return ENOMEM; } @@ -295,7 +397,7 @@ krb5_cc_get_full_name(krb5_context context, */ -const krb5_cc_ops * +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_ops(krb5_context context, krb5_ccache id) { return id->ops; @@ -308,68 +410,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id) krb5_error_code _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) { - size_t tlen, len = 0; - char *tmp, *tmp2, *append; - - *res = NULL; - - while (str && *str) { - tmp = strstr(str, "%{"); - if (tmp && tmp != str) { - append = malloc((tmp - str) + 1); - if (append) { - memcpy(append, str, tmp - str); - append[tmp - str] = '\0'; - } - str = tmp; - } else if (tmp) { - tmp2 = strchr(tmp, '}'); - if (tmp2 == NULL) { - free(*res); - *res = NULL; - krb5_set_error_string(context, "variable missing }"); - return KRB5_CONFIG_BADFORMAT; - } - if (strncasecmp(tmp, "%{uid}", 6) == 0) - asprintf(&append, "%u", (unsigned)getuid()); - else if (strncasecmp(tmp, "%{null}", 7) == 0) - append = strdup(""); - else { - free(*res); - *res = NULL; - krb5_set_error_string(context, - "expand default cache unknown " - "variable \"%.*s\"", - (int)(tmp2 - tmp) - 2, tmp + 2); - return KRB5_CONFIG_BADFORMAT; - } - str = tmp2 + 1; - } else { - append = strdup(str); - str = NULL; - } - if (append == NULL) { - free(*res); - *res = NULL; - krb5_set_error_string(context, "malloc - out of memory"); - return ENOMEM; - } - - tlen = strlen(append); - tmp = realloc(*res, len + tlen + 1); - if (tmp == NULL) { - free(append); - free(*res); - *res = NULL; - krb5_set_error_string(context, "malloc - out of memory"); - return ENOMEM; - } - *res = tmp; - memcpy(*res + len, append, tlen + 1); - len = len + tlen; - free(append); - } - return 0; + return _krb5_expand_path_tokens(context, str, res); } /* @@ -386,6 +427,12 @@ environment_changed(krb5_context context) if (context->default_cc_name_set) return 0; + /* XXX performance: always ask KCM/API if default name has changed */ + if (context->default_cc_name && + (strncmp(context->default_cc_name, "KCM:", 4) == 0 || + strncmp(context->default_cc_name, "API:", 4) == 0)) + return 1; + if(issuid()) return 0; @@ -405,18 +452,56 @@ environment_changed(krb5_context context) return 0; } +/** + * Switch the default default credential cache for a specific + * credcache type (and name for some implementations). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_switch(krb5_context context, krb5_ccache id) +{ +#ifdef _WIN32 + _krb5_set_default_cc_name_to_registry(context, id); +#endif + + if (id->ops->set_default == NULL) + return 0; + + return (*id->ops->set_default)(context, id); +} + +/** + * Return true if the default credential cache support switch + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_cc_support_switch(krb5_context context, const char *type) +{ + const krb5_cc_ops *ops; + + ops = krb5_cc_get_prefix_ops(context, type); + if (ops && ops->set_default) + return 1; + return FALSE; +} + /** * Set the default cc name for `context' to `name'. * * @ingroup krb5_ccache */ - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name(krb5_context context, const char *name) { krb5_error_code ret = 0; - char *p; + char *p = NULL, *exp_p = NULL; if (name == NULL) { const char *e = NULL; @@ -430,6 +515,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name) context->default_cc_name_env = strdup(e); } } + +#ifdef _WIN32 + if (e == NULL) { + e = p = _krb5_get_default_cc_name_from_registry(context); + } +#endif if (e == NULL) { e = krb5_config_get_string(context, NULL, "libdefaults", "default_cc_name", NULL); @@ -440,7 +531,19 @@ krb5_cc_set_default_name(krb5_context context, const char *name) } if (e == NULL) { const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE; - ret = (*ops->default_name)(context, &p); + e = krb5_config_get_string(context, NULL, "libdefaults", + "default_cc_type", NULL); + if (e) { + ops = krb5_cc_get_prefix_ops(context, e); + if (ops == NULL) { + krb5_set_error_message(context, + KRB5_CC_UNKNOWN_TYPE, + "Credential cache type %s " + "is unknown", e); + return KRB5_CC_UNKNOWN_TYPE; + } + } + ret = (*ops->get_default_name)(context, &p); if (ret) return ret; } @@ -452,16 +555,21 @@ krb5_cc_set_default_name(krb5_context context, const char *name) } if (p == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } + ret = _krb5_expand_path_tokens(context, p, &exp_p); + free(p); + if (ret) + return ret; + if (context->default_cc_name) free(context->default_cc_name); - context->default_cc_name = p; + context->default_cc_name = exp_p; - return ret; + return 0; } /** @@ -474,7 +582,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name(krb5_context context) { if (context->default_cc_name == NULL || environment_changed(context)) @@ -486,20 +594,20 @@ krb5_cc_default_name(krb5_context context) /** * Open the default ccache in `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default(krb5_context context, krb5_ccache *id) { const char *p = krb5_cc_default_name(context); if (p == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return krb5_cc_resolve(context, p, id); @@ -508,13 +616,13 @@ krb5_cc_default(krb5_context context, /** * Create a new ccache in `id' for `primary_principal'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) @@ -526,13 +634,13 @@ krb5_cc_initialize(krb5_context context, /** * Remove the ccache `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy(krb5_context context, krb5_ccache id) { @@ -546,13 +654,13 @@ krb5_cc_destroy(krb5_context context, /** * Stop using the ccache `id' and free the related resources. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close(krb5_context context, krb5_ccache id) { @@ -565,13 +673,13 @@ krb5_cc_close(krb5_context context, /** * Store `creds' in the ccache `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) @@ -584,13 +692,20 @@ krb5_cc_store_cred(krb5_context context, * from `id' in `creds'. 'creds' must be free by the caller using * krb5_free_cred_contents. * - * @return Return 0 or an error code. + * @param context A Kerberos 5 context + * @param id a Kerberos 5 credential cache + * @param whichfields what fields to use for matching credentials, same + * flags as whichfields in krb5_compare_creds() + * @param mcreds template credential to use for comparing + * @param creds returned credential, free with krb5_free_cred_contents() + * + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred(krb5_context context, krb5_ccache id, krb5_flags whichfields, @@ -622,13 +737,13 @@ krb5_cc_retrieve_cred(krb5_context context, /** * Return the principal of `id' in `principal'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) @@ -638,15 +753,15 @@ krb5_cc_get_principal(krb5_context context, /** * Start iterating over `id', `cursor' is initialized to the - * beginning. + * beginning. Caller must free the cursor with krb5_cc_end_seq_get(). * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) @@ -658,13 +773,13 @@ krb5_cc_start_seq_get (krb5_context context, * Retrieve the next cred pointed to by (`id', `cursor') in `creds' * and advance `cursor'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor, @@ -673,32 +788,6 @@ krb5_cc_next_cred (krb5_context context, return (*id->ops->get_next)(context, id, cursor, creds); } -/** - * Like krb5_cc_next_cred, but allow for selective retrieval - * - * @ingroup krb5_ccache - */ - - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_next_cred_match(krb5_context context, - const krb5_ccache id, - krb5_cc_cursor * cursor, - krb5_creds * creds, - krb5_flags whichfields, - const krb5_creds * mcreds) -{ - krb5_error_code ret; - while (1) { - ret = krb5_cc_next_cred(context, id, cursor, creds); - if (ret) - return ret; - if (mcreds == NULL || krb5_compare_creds(context, whichfields, mcreds, creds)) - return 0; - krb5_free_cred_contents(context, creds); - } -} - /** * Destroy the cursor `cursor'. * @@ -706,7 +795,7 @@ krb5_cc_next_cred_match(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get (krb5_context context, const krb5_ccache id, krb5_cc_cursor *cursor) @@ -721,16 +810,17 @@ krb5_cc_end_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred) { if(id->ops->remove_cred == NULL) { - krb5_set_error_string(context, - "ccache %s does not support remove_cred", - id->ops->prefix); + krb5_set_error_message(context, + EACCES, + "ccache %s does not support remove_cred", + id->ops->prefix); return EACCES; /* XXX */ } return (*id->ops->remove_cred)(context, id, which, cred); @@ -743,34 +833,61 @@ krb5_cc_remove_cred(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { return (*id->ops->set_flags)(context, id, flags); } - + /** - * Copy the contents of `from' to `to'. + * Get the flags of `id', store them in `flags'. * * @ingroup krb5_ccache */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_flags(krb5_context context, + krb5_ccache id, + krb5_flags *flags) +{ + *flags = 0; + return 0; +} -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_copy_cache_match(krb5_context context, - const krb5_ccache from, - krb5_ccache to, - krb5_flags whichfields, - const krb5_creds * mcreds, - unsigned int *matched) +/** + * Copy the contents of `from' to `to' if the given match function + * return true. + * + * @param context A Kerberos 5 context. + * @param from the cache to copy data from. + * @param to the cache to copy data to. + * @param match a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied. + * @param matchctx context passed to match function. + * @param matched set to true if there was a credential that matched, may be NULL. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_match_f(krb5_context context, + const krb5_ccache from, + krb5_ccache to, + krb5_boolean (*match)(krb5_context, void *, const krb5_creds *), + void *matchctx, + unsigned int *matched) { krb5_error_code ret; krb5_cc_cursor cursor; krb5_creds cred; krb5_principal princ; + if (matched) + *matched = 0; + ret = krb5_cc_get_principal(context, from, &princ); if (ret) return ret; @@ -784,34 +901,36 @@ krb5_cc_copy_cache_match(krb5_context context, krb5_free_principal(context, princ); return ret; } - if (matched) - *matched = 0; - while (ret == 0 && - krb5_cc_next_cred_match(context, from, &cursor, &cred, - whichfields, mcreds) == 0) { - if (matched) - (*matched)++; - ret = krb5_cc_store_cred(context, to, &cred); - krb5_free_cred_contents(context, &cred); + + while ((ret = krb5_cc_next_cred(context, from, &cursor, &cred)) == 0) { + if (match == NULL || (*match)(context, matchctx, &cred) == 0) { + if (matched) + (*matched)++; + ret = krb5_cc_store_cred(context, to, &cred); + if (ret) + break; + } + krb5_free_cred_contents(context, &cred); } krb5_cc_end_seq_get(context, from, &cursor); krb5_free_principal(context, princ); + if (ret == KRB5_CC_END) + ret = 0; return ret; } /** - * Just like krb5_cc_copy_cache_match, but copy everything. + * Just like krb5_cc_copy_match_f(), but copy everything. * - * @ingroup krb5_ccache + * @ingroup @krb5_ccache */ - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache(krb5_context context, const krb5_ccache from, krb5_ccache to) { - return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL); + return krb5_cc_copy_match_f(context, from, to, NULL, NULL, NULL); } /** @@ -821,7 +940,7 @@ krb5_cc_copy_cache(krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version(krb5_context context, const krb5_ccache id) { @@ -838,7 +957,7 @@ krb5_cc_get_version(krb5_context context, */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred(krb5_creds *mcred) { memset(mcred, 0, sizeof(*mcred)); @@ -846,37 +965,41 @@ krb5_cc_clear_mcred(krb5_creds *mcred) /** * Get the cc ops that is registered in `context' to handle the - * `prefix'. `prefix' can be a complete credential cache name or a + * prefix. prefix can be a complete credential cache name or a * prefix, the function will only use part up to the first colon (:) - * if there is one. - * Returns NULL if ops not found. + * if there is one. If prefix the argument is NULL, the default ccache + * implemtation is returned. + * + * @return Returns NULL if ops not found. * * @ingroup krb5_ccache */ -const krb5_cc_ops * +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) { char *p, *p1; int i; - + + if (prefix == NULL) + return KRB5_DEFAULT_CCTYPE; if (prefix[0] == '/') return &krb5_fcc_ops; p = strdup(prefix); if (p == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return NULL; } p1 = strchr(p, ':'); if (p1) *p1 = '\0'; - for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { - if(strcmp(context->cc_ops[i].prefix, p) == 0) { + for(i = 0; i < context->num_cc_ops && context->cc_ops[i]->prefix; i++) { + if(strcmp(context->cc_ops[i]->prefix, p) == 0) { free(p); - return &context->cc_ops[i]; + return context->cc_ops[i]; } } free(p); @@ -889,16 +1012,20 @@ struct krb5_cc_cache_cursor_data { }; /** - * Start iterating over all caches of `type'. If `type' is NULL, the - * default type is * used. `cursor' is initialized to the beginning. + * Start iterating over all caches of specified type. See also + * krb5_cccol_cursor_new(). + + * @param context A Kerberos 5 context + * @param type optional type to iterate over, if NULL, the default cache is used. + * @param cursor cursor should be freed with krb5_cc_cache_end_seq_get(). * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first (krb5_context context, const char *type, krb5_cc_cache_cursor *cursor) @@ -911,20 +1038,23 @@ krb5_cc_cache_get_first (krb5_context context, ops = krb5_cc_get_prefix_ops(context, type); if (ops == NULL) { - krb5_set_error_string(context, "Unknown type \"%s\" when iterating " - "trying to iterate the credential caches", type); + krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, + "Unknown type \"%s\" when iterating " + "trying to iterate the credential caches", type); return KRB5_CC_UNKNOWN_TYPE; } if (ops->get_cache_first == NULL) { - krb5_set_error_string(context, "Credential cache type %s doesn't support " - "iterations over caches", ops->prefix); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Credential cache type %s doesn't support " + "iterations over caches", "type"), + ops->prefix); return KRB5_CC_NOSUPP; } *cursor = calloc(1, sizeof(**cursor)); if (*cursor == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -942,13 +1072,18 @@ krb5_cc_cache_get_first (krb5_context context, * Retrieve the next cache pointed to by (`cursor') in `id' * and advance `cursor'. * - * @return Return 0 or an error code. + * @param context A Kerberos 5 context + * @param cursor the iterator cursor, returned by krb5_cc_cache_get_first() + * @param id next ccache + * + * @return Return 0 or an error code. Returns KRB5_CC_END when the end + * of caches is reached, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next (krb5_context context, krb5_cc_cache_cursor cursor, krb5_ccache *id) @@ -959,13 +1094,13 @@ krb5_cc_cache_next (krb5_context context, /** * Destroy the cursor `cursor'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_cursor cursor) { @@ -977,10 +1112,13 @@ krb5_cc_cache_end_seq_get (krb5_context context, } /** - * Search for a matching credential cache of type `type' that have the - * `principal' as the default principal. If NULL is used for `type', - * the default type is used. On success, `id' needs to be freed with - * krb5_cc_close or krb5_cc_destroy. + * Search for a matching credential cache that have the + * `principal' as the default principal. On success, `id' needs to be + * freed with krb5_cc_close() or krb5_cc_destroy(). + * + * @param context A Kerberos 5 context + * @param client The principal to search for + * @param id the returned credential cache * * @return On failure, error code is returned and `id' is set to NULL. * @@ -988,29 +1126,28 @@ krb5_cc_cache_end_seq_get (krb5_context context, */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match (krb5_context context, krb5_principal client, - const char *type, krb5_ccache *id) { - krb5_cc_cache_cursor cursor; + krb5_cccol_cursor cursor; krb5_error_code ret; krb5_ccache cache = NULL; *id = NULL; - ret = krb5_cc_cache_get_first (context, type, &cursor); + ret = krb5_cccol_cursor_new (context, &cursor); if (ret) return ret; - while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) { + while (krb5_cccol_cursor_next (context, cursor, &cache) == 0 && cache != NULL) { krb5_principal principal; ret = krb5_cc_get_principal(context, cache, &principal); if (ret == 0) { krb5_boolean match; - + match = krb5_principal_compare(context, principal, client); krb5_free_principal(context, principal); if (match) @@ -1021,15 +1158,17 @@ krb5_cc_cache_match (krb5_context context, cache = NULL; } - krb5_cc_cache_end_seq_get(context, cursor); + krb5_cccol_cursor_free(context, &cursor); if (cache == NULL) { char *str; krb5_unparse_name(context, client, &str); - krb5_set_error_string(context, "Principal %s not found in a " - "credential cache", str ? str : ""); + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("Principal %s not found in any " + "credential cache", ""), + str ? str : ""); if (str) free(str); return KRB5_CC_NOTFOUND; @@ -1041,26 +1180,27 @@ krb5_cc_cache_match (krb5_context context, /** * Move the content from one credential cache to another. The - * operation is an atomic switch. + * operation is an atomic switch. * * @param context a Keberos context * @param from the credential cache to move the content from * @param to the credential cache to move the content to * @return On sucess, from is freed. On failure, error code is - * returned and from and to are both still allocated. + * returned and from and to are both still allocated, see krb5_get_error_message(). * * @ingroup krb5_ccache */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_error_code ret; if (strcmp(from->ops->prefix, to->ops->prefix) != 0) { - krb5_set_error_string(context, "Moving credentials between diffrent " - "types not yet supported"); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Moving credentials between diffrent " + "types not yet supported", "")); return KRB5_CC_NOSUPP; } @@ -1071,3 +1211,553 @@ krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) } return ret; } + +#define KRB5_CONF_NAME "krb5_ccache_conf_data" +#define KRB5_REALM_NAME "X-CACHECONF:" + +static krb5_error_code +build_conf_principals(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_creds *cred) +{ + krb5_principal client; + krb5_error_code ret; + char *pname = NULL; + + memset(cred, 0, sizeof(*cred)); + + ret = krb5_cc_get_principal(context, id, &client); + if (ret) + return ret; + + if (principal) { + ret = krb5_unparse_name(context, principal, &pname); + if (ret) + return ret; + } + + ret = krb5_make_principal(context, &cred->server, + KRB5_REALM_NAME, + KRB5_CONF_NAME, name, pname, NULL); + free(pname); + if (ret) { + krb5_free_principal(context, client); + return ret; + } + ret = krb5_copy_principal(context, client, &cred->client); + krb5_free_principal(context, client); + return ret; +} + +/** + * Return TRUE (non zero) if the principal is a configuration + * principal (generated part of krb5_cc_set_config()). Returns FALSE + * (zero) if not a configuration principal. + * + * @param context a Keberos context + * @param principal principal to check if it a configuration principal + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_is_config_principal(krb5_context context, + krb5_const_principal principal) +{ + if (strcmp(principal->realm, KRB5_REALM_NAME) != 0) + return FALSE; + + if (principal->name.name_string.len == 0 || + strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0) + return FALSE; + + return TRUE; +} + +/** + * Store some configuration for the credential cache in the cache. + * Existing configuration under the same name is over-written. + * + * @param context a Keberos context + * @param id the credential cache to store the data for + * @param principal configuration for a specific principal, if + * NULL, global for the whole cache. + * @param name name under which the configuraion is stored. + * @param data data to store, if NULL, configure is removed. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_config(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_data *data) +{ + krb5_error_code ret; + krb5_creds cred; + + ret = build_conf_principals(context, id, principal, name, &cred); + if (ret) + goto out; + + /* Remove old configuration */ + ret = krb5_cc_remove_cred(context, id, 0, &cred); + if (ret && ret != KRB5_CC_NOTFOUND) + goto out; + + if (data) { + /* not that anyone care when this expire */ + cred.times.authtime = time(NULL); + cred.times.endtime = cred.times.authtime + 3600 * 24 * 30; + + ret = krb5_data_copy(&cred.ticket, data->data, data->length); + if (ret) + goto out; + + ret = krb5_cc_store_cred(context, id, &cred); + } + +out: + krb5_free_cred_contents (context, &cred); + return ret; +} + +/** + * Get some configuration for the credential cache in the cache. + * + * @param context a Keberos context + * @param id the credential cache to store the data for + * @param principal configuration for a specific principal, if + * NULL, global for the whole cache. + * @param name name under which the configuraion is stored. + * @param data data to fetched, free with krb5_data_free() + * + * @ingroup krb5_ccache + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_config(krb5_context context, krb5_ccache id, + krb5_const_principal principal, + const char *name, krb5_data *data) +{ + krb5_creds mcred, cred; + krb5_error_code ret; + + memset(&cred, 0, sizeof(cred)); + krb5_data_zero(data); + + ret = build_conf_principals(context, id, principal, name, &mcred); + if (ret) + goto out; + + ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); + if (ret) + goto out; + + ret = krb5_data_copy(data, cred.ticket.data, cred.ticket.length); + +out: + krb5_free_cred_contents (context, &cred); + krb5_free_cred_contents (context, &mcred); + return ret; +} + +/* + * + */ + +struct krb5_cccol_cursor_data { + int idx; + krb5_cc_cache_cursor cursor; +}; + +/** + * Get a new cache interation cursor that will interate over all + * credentials caches independent of type. + * + * @param context a Keberos context + * @param cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free(). + * + * @return Returns 0 or and error code, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) +{ + *cursor = calloc(1, sizeof(**cursor)); + if (*cursor == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + (*cursor)->idx = 0; + (*cursor)->cursor = NULL; + + return 0; +} + +/** + * Get next credential cache from the iteration. + * + * @param context A Kerberos 5 context + * @param cursor the iteration cursor + * @param cache the returned cursor, pointer is set to NULL on failure + * and a cache on success. The returned cache needs to be freed + * with krb5_cc_close() or destroyed with krb5_cc_destroy(). + * MIT Kerberos behavies slightly diffrent and sets cache to NULL + * when all caches are iterated over and return 0. + * + * @return Return 0 or and error, KRB5_CC_END is returned at the end + * of iteration. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, + krb5_ccache *cache) +{ + krb5_error_code ret; + + *cache = NULL; + + while (cursor->idx < context->num_cc_ops) { + + if (cursor->cursor == NULL) { + ret = krb5_cc_cache_get_first (context, + context->cc_ops[cursor->idx]->prefix, + &cursor->cursor); + if (ret) { + cursor->idx++; + continue; + } + } + ret = krb5_cc_cache_next(context, cursor->cursor, cache); + if (ret == 0) + break; + + krb5_cc_cache_end_seq_get(context, cursor->cursor); + cursor->cursor = NULL; + if (ret != KRB5_CC_END) + break; + + cursor->idx++; + } + if (cursor->idx >= context->num_cc_ops) { + krb5_set_error_message(context, KRB5_CC_END, + N_("Reached end of credential caches", "")); + return KRB5_CC_END; + } + + return 0; +} + +/** + * End an iteration and free all resources, can be done before end is reached. + * + * @param context A Kerberos 5 context + * @param cursor the iteration cursor to be freed. + * + * @return Return 0 or and error, KRB5_CC_END is returned at the end + * of iteration. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) +{ + krb5_cccol_cursor c = *cursor; + + *cursor = NULL; + if (c) { + if (c->cursor) + krb5_cc_cache_end_seq_get(context, c->cursor); + free(c); + } + return 0; +} + +/** + * Return the last time the credential cache was modified. + * + * @param context A Kerberos 5 context + * @param id The credential cache to probe + * @param mtime the last modification time, set to 0 on error. + + * @return Return 0 or and error. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_last_change_time(krb5_context context, + krb5_ccache id, + krb5_timestamp *mtime) +{ + *mtime = 0; + return (*id->ops->lastchange)(context, id, mtime); +} + +/** + * Return the last modfication time for a cache collection. The query + * can be limited to a specific cache type. If the function return 0 + * and mtime is 0, there was no credentials in the caches. + * + * @param context A Kerberos 5 context + * @param type The credential cache to probe, if NULL, all type are traversed. + * @param mtime the last modification time, set to 0 on error. + + * @return Return 0 or and error. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_last_change_time(krb5_context context, + const char *type, + krb5_timestamp *mtime) +{ + krb5_cccol_cursor cursor; + krb5_error_code ret; + krb5_ccache id; + krb5_timestamp t = 0; + + *mtime = 0; + + ret = krb5_cccol_cursor_new (context, &cursor); + if (ret) + return ret; + + while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) { + + if (type && strcmp(krb5_cc_get_type(context, id), type) != 0) + continue; + + ret = krb5_cc_last_change_time(context, id, &t); + krb5_cc_close(context, id); + if (ret) + continue; + if (t > *mtime) + *mtime = t; + } + + krb5_cccol_cursor_free(context, &cursor); + + return 0; +} +/** + * Return a friendly name on credential cache. Free the result with krb5_xfree(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_friendly_name(krb5_context context, + krb5_ccache id, + char **name) +{ + krb5_error_code ret; + krb5_data data; + + ret = krb5_cc_get_config(context, id, NULL, "FriendlyName", &data); + if (ret) { + krb5_principal principal; + ret = krb5_cc_get_principal(context, id, &principal); + if (ret) + return ret; + ret = krb5_unparse_name(context, principal, name); + krb5_free_principal(context, principal); + } else { + ret = asprintf(name, "%.*s", (int)data.length, (char *)data.data); + krb5_data_free(&data); + if (ret <= 0) { + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + } else + ret = 0; + } + + return ret; +} + +/** + * Set the friendly name on credential cache. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_friendly_name(krb5_context context, + krb5_ccache id, + const char *name) +{ + krb5_data data; + + data.data = rk_UNCONST(name); + data.length = strlen(name); + + return krb5_cc_set_config(context, id, NULL, "FriendlyName", &data); +} + +/** + * Get the lifetime of the initial ticket in the cache + * + * Get the lifetime of the initial ticket in the cache, if the initial + * ticket was not found, the error code KRB5_CC_END is returned. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param t the relative lifetime of the initial ticket + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) +{ + krb5_cc_cursor cursor; + krb5_error_code ret; + krb5_creds cred; + time_t now; + + *t = 0; + now = time(NULL); + + ret = krb5_cc_start_seq_get(context, id, &cursor); + if (ret) + return ret; + + while ((ret = krb5_cc_next_cred(context, id, &cursor, &cred)) == 0) { + if (cred.flags.b.initial) { + if (now < cred.times.endtime) + *t = cred.times.endtime - now; + krb5_free_cred_contents(context, &cred); + break; + } + krb5_free_cred_contents(context, &cred); + } + + krb5_cc_end_seq_get(context, id, &cursor); + + return ret; +} + +/** + * Set the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset) +{ + if (id->ops->set_kdc_offset == NULL) { + context->kdc_sec_offset = offset; + context->kdc_usec_offset = 0; + return 0; + } + return (*id->ops->set_kdc_offset)(context, id, offset); +} + +/** + * Get the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset) +{ + if (id->ops->get_kdc_offset == NULL) { + *offset = context->kdc_sec_offset; + return 0; + } + return (*id->ops->get_kdc_offset)(context, id, offset); +} + + +#ifdef _WIN32 + +#define REGPATH_MIT_KRB5 "SOFTWARE\\MIT\\Kerberos5" +char * +_krb5_get_default_cc_name_from_registry(krb5_context context) +{ + HKEY hk_k5 = 0; + LONG code; + char * ccname = NULL; + + code = RegOpenKeyEx(HKEY_CURRENT_USER, + REGPATH_MIT_KRB5, + 0, KEY_READ, &hk_k5); + + if (code != ERROR_SUCCESS) + return NULL; + + ccname = _krb5_parse_reg_value_as_string(context, hk_k5, "ccname", + REG_NONE, 0); + + RegCloseKey(hk_k5); + + return ccname; +} + +int +_krb5_set_default_cc_name_to_registry(krb5_context context, krb5_ccache id) +{ + HKEY hk_k5 = 0; + LONG code; + int ret = -1; + char * ccname = NULL; + + code = RegOpenKeyEx(HKEY_CURRENT_USER, + REGPATH_MIT_KRB5, + 0, KEY_READ|KEY_WRITE, &hk_k5); + + if (code != ERROR_SUCCESS) + return -1; + + ret = asprintf(&ccname, "%s:%s", krb5_cc_get_type(context, id), krb5_cc_get_name(context, id)); + if (ret < 0) + goto cleanup; + + ret = _krb5_store_string_to_reg_value(context, hk_k5, "ccname", + REG_SZ, ccname, -1, 0); + + cleanup: + + if (ccname) + free(ccname); + + RegCloseKey(hk_k5); + + return ret; +} + +#endif diff --git a/crypto/heimdal/lib/krb5/ccache_plugin.h b/crypto/heimdal/lib/krb5/ccache_plugin.h new file mode 100644 index 00000000000..f6871d65d16 --- /dev/null +++ b/crypto/heimdal/lib/krb5/ccache_plugin.h @@ -0,0 +1,39 @@ +/*********************************************************************** + * Copyright (c) 2010, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#ifndef HEIMDAL_KRB5_CCACHE_PLUGIN_H +#define HEIMDAL_KRB5_CCACHE_PLUGIN_H 1 + +#include + +#define KRB5_PLUGIN_CCACHE "ccache_ops" + +#endif /* HEIMDAL_KRB5_CCACHE_PLUGIN_H */ diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index 703cf43eb6f..1e7cd0d464f 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -1,39 +1,41 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" + +#undef __attribute__ +#define __attribute__(X) -RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $"); static void str2data (krb5_data *d, @@ -57,7 +59,7 @@ str2data (krb5_data *d, /* * Change password protocol defined by * draft-ietf-cat-kerb-chg-password-02.txt - * + * * Share the response part of the protocol with MS set password * (RFC3244) */ @@ -68,7 +70,7 @@ chgpw_send_request (krb5_context context, krb5_creds *creds, krb5_principal targprinc, int is_stream, - int sock, + rk_socket_t sock, const char *passwd, const char *host) { @@ -78,7 +80,6 @@ chgpw_send_request (krb5_context context, krb5_data passwd_data; size_t len; u_char header[6]; - u_char *p; struct iovec iov[3]; struct msghdr msghdr; @@ -114,13 +115,12 @@ chgpw_send_request (krb5_context context, goto out2; len = 6 + ap_req_data.length + krb_priv_data.length; - p = header; - *p++ = (len >> 8) & 0xFF; - *p++ = (len >> 0) & 0xFF; - *p++ = 0; - *p++ = 1; - *p++ = (ap_req_data.length >> 8) & 0xFF; - *p++ = (ap_req_data.length >> 0) & 0xFF; + header[0] = (len >> 8) & 0xFF; + header[1] = (len >> 0) & 0xFF; + header[2] = 0; + header[3] = 1; + header[4] = (ap_req_data.length >> 8) & 0xFF; + header[5] = (ap_req_data.length >> 0) & 0xFF; memset(&msghdr, 0, sizeof(msghdr)); msghdr.msg_name = NULL; @@ -139,9 +139,10 @@ chgpw_send_request (krb5_context context, iov[2].iov_base = krb_priv_data.data; iov[2].iov_len = krb_priv_data.length; - if (sendmsg (sock, &msghdr, 0) < 0) { - ret = errno; - krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) { + ret = rk_SOCK_ERRNO; + krb5_set_error_message(context, ret, "sendmsg %s: %s", + host, strerror(ret)); } krb5_data_free (&krb_priv_data); @@ -161,7 +162,7 @@ setpw_send_request (krb5_context context, krb5_creds *creds, krb5_principal targprinc, int is_stream, - int sock, + rk_socket_t sock, const char *passwd, const char *host) { @@ -170,7 +171,7 @@ setpw_send_request (krb5_context context, krb5_data krb_priv_data; krb5_data pwd_data; ChangePasswdDataMS chpw; - size_t len; + size_t len = 0; u_char header[4 + 6]; u_char *p; struct iovec iov[3]; @@ -196,7 +197,7 @@ setpw_send_request (krb5_context context, chpw.targname = NULL; chpw.targrealm = NULL; } - + ASN1_MALLOC_ENCODE(ChangePasswdDataMS, pwd_data.data, pwd_data.length, &chpw, &len, ret); if (ret) { @@ -226,7 +227,7 @@ setpw_send_request (krb5_context context, *p++ = 0xff; *p++ = 0x80; *p++ = (ap_req_data.length >> 8) & 0xFF; - *p++ = (ap_req_data.length >> 0) & 0xFF; + *p = (ap_req_data.length >> 0) & 0xFF; memset(&msghdr, 0, sizeof(msghdr)); msghdr.msg_name = NULL; @@ -248,9 +249,10 @@ setpw_send_request (krb5_context context, iov[2].iov_base = krb_priv_data.data; iov[2].iov_len = krb_priv_data.length; - if (sendmsg (sock, &msghdr, 0) < 0) { - ret = errno; - krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) { + ret = rk_SOCK_ERRNO; + krb5_set_error_message(context, ret, "sendmsg %s: %s", + host, strerror(ret)); } krb5_data_free (&krb_priv_data); @@ -264,7 +266,7 @@ static krb5_error_code process_reply (krb5_context context, krb5_auth_context auth_context, int is_stream, - int sock, + rk_socket_t sock, int *result_code, krb5_data *result_code_string, krb5_data *result_string, @@ -272,7 +274,7 @@ process_reply (krb5_context context, { krb5_error_code ret; u_char reply[1024 * 3]; - ssize_t len; + size_t len; uint16_t pkt_len, pkt_ver; krb5_data ap_rep_data; int save_errno; @@ -282,15 +284,16 @@ process_reply (krb5_context context, while (len < sizeof(reply)) { unsigned long size; - ret = recvfrom (sock, reply + len, sizeof(reply) - len, + ret = recvfrom (sock, reply + len, sizeof(reply) - len, 0, NULL, NULL); - if (ret < 0) { - save_errno = errno; - krb5_set_error_string(context, "recvfrom %s: %s", - host, strerror(save_errno)); + if (rk_IS_SOCKET_ERROR(ret)) { + save_errno = rk_SOCK_ERRNO; + krb5_set_error_message(context, save_errno, + "recvfrom %s: %s", + host, strerror(save_errno)); return save_errno; } else if (ret == 0) { - krb5_set_error_string(context, "recvfrom timeout %s", host); + krb5_set_error_message(context, 1,"recvfrom timeout %s", host); return 1; } len += ret; @@ -299,21 +302,23 @@ process_reply (krb5_context context, _krb5_get_int(reply, &size, 4); if (size + 4 < len) continue; - memmove(reply, reply + 4, size); + memmove(reply, reply + 4, size); len = size; break; } if (len == sizeof(reply)) { - krb5_set_error_string(context, "message too large from %s", - host); + krb5_set_error_message(context, ENOMEM, + N_("Message too large from %s", "host"), + host); return ENOMEM; } } else { ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); - if (ret < 0) { - save_errno = errno; - krb5_set_error_string(context, "recvfrom %s: %s", - host, strerror(save_errno)); + if (rk_IS_SOCKET_ERROR(ret)) { + save_errno = rk_SOCK_ERRNO; + krb5_set_error_message(context, save_errno, + "recvfrom %s: %s", + host, strerror(save_errno)); return save_errno; } len = ret; @@ -321,7 +326,7 @@ process_reply (krb5_context context, if (len < 6) { str2data (result_string, "server %s sent to too short message " - "(%ld bytes)", host, (long)len); + "(%zu bytes)", host, len); *result_code = KRB5_KPASSWD_MALFORMED; return 0; } @@ -352,7 +357,7 @@ process_reply (krb5_context context, *result_code = (p[0] << 8) | p[1]; if (error.e_data->length == 2) str2data(result_string, "server only sent error code"); - else + else krb5_data_copy (result_string, p + 2, error.e_data->length - 2); @@ -374,7 +379,7 @@ process_reply (krb5_context context, ap_rep_data.data = reply + 6; ap_rep_data.length = (reply[4] << 8) | (reply[5]); - + if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) { str2data (result_string, "client: wrong AP len in reply"); *result_code = KRB5_KPASSWD_MALFORMED; @@ -416,7 +421,7 @@ process_reply (krb5_context context, } p = result_code_string->data; - + *result_code = (p[0] << 8) | p[1]; krb5_data_copy (result_string, (unsigned char*)result_code_string->data + 2, @@ -426,7 +431,7 @@ process_reply (krb5_context context, KRB_ERROR error; size_t size; u_char *p; - + ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size); if (ret) { return ret; @@ -457,13 +462,13 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context, krb5_creds *, krb5_principal, int, - int, + rk_socket_t, const char *, const char *); typedef krb5_error_code (*kpwd_process_reply) (krb5_context, krb5_auth_context, int, - int, + rk_socket_t, int *, krb5_data *, krb5_data *, @@ -478,9 +483,9 @@ static struct kpwd_proc { kpwd_process_reply process_rep; } procs[] = { { - "MS set password", + "MS set password", SUPPORT_TCP|SUPPORT_UDP, - setpw_send_request, + setpw_send_request, process_reply }, { @@ -489,20 +494,9 @@ static struct kpwd_proc { chgpw_send_request, process_reply }, - { NULL } + { NULL, 0, NULL, NULL } }; -static struct kpwd_proc * -find_chpw_proto(const char *name) -{ - struct kpwd_proc *p; - for (p = procs; p->name != NULL; p++) { - if (strcmp(p->name, name) == 0) - return p; - } - return NULL; -} - /* * */ @@ -521,8 +515,8 @@ change_password_loop (krb5_context context, krb5_auth_context auth_context = NULL; krb5_krbhst_handle handle = NULL; krb5_krbhst_info *hi; - int sock; - int i; + rk_socket_t sock; + unsigned int i; int done = 0; krb5_realm realm; @@ -568,20 +562,21 @@ change_password_loop (krb5_context context, for (a = ai; !done && a != NULL; a = a->ai_next) { int replied = 0; - sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); - if (sock < 0) + sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); + if (rk_IS_BAD_SOCKET(sock)) continue; + rk_cloexec(sock); ret = connect(sock, a->ai_addr, a->ai_addrlen); - if (ret < 0) { - close (sock); + if (rk_IS_SOCKET_ERROR(ret)) { + rk_closesocket (sock); goto out; } ret = krb5_auth_con_genaddrs (context, auth_context, sock, KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR); if (ret) { - close (sock); + rk_closesocket (sock); goto out; } @@ -591,7 +586,7 @@ change_password_loop (krb5_context context, if (!replied) { replied = 0; - + ret = (*proc->send_req) (context, &auth_context, creds, @@ -601,17 +596,20 @@ change_password_loop (krb5_context context, newpw, hi->hostname); if (ret) { - close(sock); + rk_closesocket(sock); goto out; } } - + +#ifndef NO_LIMIT_FD_SETSIZE if (sock >= FD_SETSIZE) { - krb5_set_error_string(context, "fd %d too large", sock); ret = ERANGE; - close (sock); + krb5_set_error_message(context, ret, + "fd %d too large", sock); + rk_closesocket (sock); goto out; } +#endif FD_ZERO(&fdset); FD_SET(sock, &fdset); @@ -619,8 +617,8 @@ change_password_loop (krb5_context context, tv.tv_sec = 1 + (1 << i); ret = select (sock + 1, &fdset, NULL, NULL, &tv); - if (ret < 0 && errno != EINTR) { - close(sock); + if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) { + rk_closesocket(sock); goto out; } if (ret == 1) { @@ -640,40 +638,60 @@ change_password_loop (krb5_context context, ret = KRB5_KDC_UNREACH; } } - close (sock); + rk_closesocket (sock); } } out: krb5_krbhst_free (context, handle); krb5_auth_con_free (context, auth_context); - if (done) - return 0; - else { - if (ret == KRB5_KDC_UNREACH) { - krb5_set_error_string(context, - "unable to reach any changepw server " - " in realm %s", realm); - *result_code = KRB5_KPASSWD_HARDERROR; - } - return ret; + + if (ret == KRB5_KDC_UNREACH) { + krb5_set_error_message(context, + ret, + N_("Unable to reach any changepw server " + " in realm %s", "realm"), realm); + *result_code = KRB5_KPASSWD_HARDERROR; } + return ret; } +#ifndef HEIMDAL_SMALLER -/* - * change the password using the credentials in `creds' (for the - * principal indicated in them) to `newpw', storing the result of - * the operation in `result_*' and an error code or 0. +static struct kpwd_proc * +find_chpw_proto(const char *name) +{ + struct kpwd_proc *p; + for (p = procs; p->name != NULL; p++) { + if (strcmp(p->name, name) == 0) + return p; + } + return NULL; +} + +/** + * Deprecated: krb5_change_password() is deprecated, use krb5_set_password(). + * + * @param context a Keberos context + * @param creds + * @param newpw + * @param result_code + * @param result_code_string + * @param result_string + * + * @return On sucess password is changed. + + * @ingroup @krb5_deprecated */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password (krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string) + KRB5_DEPRECATED_FUNCTION("Use X instead") { struct kpwd_proc *p = find_chpw_proto("change password"); @@ -684,16 +702,31 @@ krb5_change_password (krb5_context context, if (p == NULL) return KRB5_KPASSWD_MALFORMED; - return change_password_loop(context, creds, NULL, newpw, - result_code, result_code_string, + return change_password_loop(context, creds, NULL, newpw, + result_code, result_code_string, result_string, p); } +#endif /* HEIMDAL_SMALLER */ -/* +/** + * Change password using creds. * + * @param context a Keberos context + * @param creds The initial kadmin/passwd for the principal or an admin principal + * @param newpw The new password to set + * @param targprinc if unset, the default principal is used. + * @param result_code Result code, KRB5_KPASSWD_SUCCESS is when password is changed. + * @param result_code_string binary message from the server, contains + * at least the result_code. + * @param result_string A message from the kpasswd service or the + * library in human printable form. The string is NUL terminated. + * + * @return On sucess and *result_code is KRB5_KPASSWD_SUCCESS, the password is changed. + + * @ingroup @krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password(krb5_context context, krb5_creds *creds, const char *newpw, @@ -707,8 +740,8 @@ krb5_set_password(krb5_context context, int i; *result_code = KRB5_KPASSWD_MALFORMED; - result_code_string->data = result_string->data = NULL; - result_code_string->length = result_string->length = 0; + krb5_data_zero(result_code_string); + krb5_data_zero(result_string); if (targprinc == NULL) { ret = krb5_get_default_principal(context, &principal); @@ -719,9 +752,9 @@ krb5_set_password(krb5_context context, for (i = 0; procs[i].name != NULL; i++) { *result_code = 0; - ret = change_password_loop(context, creds, principal, newpw, - result_code, result_code_string, - result_string, + ret = change_password_loop(context, creds, principal, newpw, + result_code, result_code_string, + result_string, &procs[i]); if (ret == 0 && *result_code == 0) break; @@ -736,7 +769,7 @@ krb5_set_password(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, const char *newpw, @@ -762,7 +795,7 @@ krb5_set_password_using_ccache(krb5_context context, } else principal = targprinc; - ret = krb5_make_principal(context, &creds.server, + ret = krb5_make_principal(context, &creds.server, krb5_principal_get_realm(context, principal), "kadmin", "changepw", NULL); if (ret) @@ -788,7 +821,7 @@ krb5_set_password_using_ccache(krb5_context context, result_code_string, result_string); - krb5_free_creds(context, credsp); + krb5_free_creds(context, credsp); return ret; out: @@ -801,7 +834,7 @@ krb5_set_password_using_ccache(krb5_context context, * */ -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_passwd_result_to_string (krb5_context context, int result) { diff --git a/crypto/heimdal/lib/krb5/codec.c b/crypto/heimdal/lib/krb5/codec.c index 0d36b4b4426..5e754c60cba 100644 --- a/crypto/heimdal/lib/krb5/codec.c +++ b/crypto/heimdal/lib/krb5/codec.c @@ -1,196 +1,214 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $"); +#ifndef HEIMDAL_SMALLER -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTicketPart (krb5_context context, const void *data, size_t length, EncTicketPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_EncTicketPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTicketPart (krb5_context context, void *data, size_t length, EncTicketPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_EncTicketPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncASRepPart (krb5_context context, const void *data, size_t length, EncASRepPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_EncASRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncASRepPart (krb5_context context, void *data, size_t length, EncASRepPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_EncASRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTGSRepPart (krb5_context context, const void *data, size_t length, EncTGSRepPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_EncTGSRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTGSRepPart (krb5_context context, void *data, size_t length, EncTGSRepPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_EncTGSRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncAPRepPart (krb5_context context, const void *data, size_t length, EncAPRepPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_EncAPRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncAPRepPart (krb5_context context, void *data, size_t length, EncAPRepPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_EncAPRepPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_Authenticator (krb5_context context, const void *data, size_t length, Authenticator *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_Authenticator(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_Authenticator (krb5_context context, void *data, size_t length, Authenticator *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_Authenticator(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncKrbCredPart (krb5_context context, const void *data, size_t length, EncKrbCredPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_EncKrbCredPart(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncKrbCredPart (krb5_context context, void *data, size_t length, EncKrbCredPart *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_EncKrbCredPart (data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO (krb5_context context, const void *data, size_t length, ETYPE_INFO *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_ETYPE_INFO(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO (krb5_context context, void *data, size_t length, ETYPE_INFO *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_ETYPE_INFO (data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO2 (krb5_context context, const void *data, size_t length, ETYPE_INFO2 *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return decode_ETYPE_INFO2(data, length, t, len); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO2 (krb5_context context, void *data, size_t length, ETYPE_INFO2 *t, size_t *len) + KRB5_DEPRECATED_FUNCTION("Use X instead") { return encode_ETYPE_INFO2 (data, length, t, len); } + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c index ac5eba39dcf..4ac25ae2870 100644 --- a/crypto/heimdal/lib/krb5/config_file.c +++ b/crypto/heimdal/lib/krb5/config_file.c @@ -1,40 +1,43 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: config_file.c 19213 2006-12-04 23:36:36Z lha $"); -#ifndef HAVE_NETINFO +#ifdef __APPLE__ +#include +#endif /* Gaah! I want a portable funopen */ struct fileptr { @@ -58,7 +61,7 @@ config_fgets(char *str, size_t len, struct fileptr *ptr) p = ptr->s + strcspn(ptr->s, "\n"); if(*p == '\n') p++; - l = min(len, p - ptr->s); + l = min(len, (size_t)(p - ptr->s)); if(len > 0) { memcpy(str, ptr->s, l); str[l] = '\0'; @@ -70,23 +73,23 @@ config_fgets(char *str, size_t len, struct fileptr *ptr) static krb5_error_code parse_section(char *p, krb5_config_section **s, krb5_config_section **res, - const char **error_message); + const char **err_message); static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p, krb5_config_binding **b, krb5_config_binding **parent, - const char **error_message); + const char **err_message); static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, - const char **error_message); + const char **err_message); -static krb5_config_section * -get_entry(krb5_config_section **parent, const char *name, int type) +krb5_config_section * +_krb5_config_get_entry(krb5_config_section **parent, const char *name, int type) { krb5_config_section **q; for(q = parent; *q != NULL; q = &(*q)->next) - if(type == krb5_config_list && - type == (*q)->type && + if(type == krb5_config_list && + (unsigned)type == (*q)->type && strcmp(name, (*q)->name) == 0) return *q; *q = calloc(1, sizeof(**q)); @@ -111,28 +114,28 @@ get_entry(krb5_config_section **parent, const char *name, int type) * a * } * ... - * + * * starting at the line in `p', storing the resulting structure in * `s' and hooking it into `parent'. - * Store the error message in `error_message'. + * Store the error message in `err_message'. */ static krb5_error_code parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, - const char **error_message) + const char **err_message) { char *p1; krb5_config_section *tmp; p1 = strchr (p + 1, ']'); if (p1 == NULL) { - *error_message = "missing ]"; + *err_message = "missing ]"; return KRB5_CONFIG_BADFORMAT; } *p1 = '\0'; - tmp = get_entry(parent, p + 1, krb5_config_list); + tmp = _krb5_config_get_entry(parent, p + 1, krb5_config_list); if(tmp == NULL) { - *error_message = "out of memory"; + *err_message = "out of memory"; return KRB5_CONFIG_BADFORMAT; } *s = tmp; @@ -142,14 +145,14 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, /* * Parse a brace-enclosed list from `f', hooking in the structure at * `parent'. - * Store the error message in `error_message'. + * Store the error message in `err_message'. */ static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, - const char **error_message) + const char **err_message) { - char buf[BUFSIZ]; + char buf[KRB5_BUFSIZ]; krb5_error_code ret; krb5_config_binding *b = NULL; unsigned beg_lineno = *lineno; @@ -170,12 +173,12 @@ parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, return 0; if (*p == '\0') continue; - ret = parse_binding (f, lineno, p, &b, parent, error_message); + ret = parse_binding (f, lineno, p, &b, parent, err_message); if (ret) return ret; } *lineno = beg_lineno; - *error_message = "unclosed {"; + *err_message = "unclosed {"; return KRB5_CONFIG_BADFORMAT; } @@ -186,7 +189,7 @@ parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, static krb5_error_code parse_binding(struct fileptr *f, unsigned *lineno, char *p, krb5_config_binding **b, krb5_config_binding **parent, - const char **error_message) + const char **err_message) { krb5_config_binding *tmp; char *p1, *p2; @@ -196,14 +199,14 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p, while (*p && *p != '=' && !isspace((unsigned char)*p)) ++p; if (*p == '\0') { - *error_message = "missing ="; + *err_message = "missing ="; return KRB5_CONFIG_BADFORMAT; } p2 = p; while (isspace((unsigned char)*p)) ++p; if (*p != '=') { - *error_message = "missing ="; + *err_message = "missing ="; return KRB5_CONFIG_BADFORMAT; } ++p; @@ -211,16 +214,16 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p, ++p; *p2 = '\0'; if (*p == '{') { - tmp = get_entry(parent, p1, krb5_config_list); + tmp = _krb5_config_get_entry(parent, p1, krb5_config_list); if (tmp == NULL) { - *error_message = "out of memory"; + *err_message = "out of memory"; return KRB5_CONFIG_BADFORMAT; } - ret = parse_list (f, lineno, &tmp->u.list, error_message); + ret = parse_list (f, lineno, &tmp->u.list, err_message); } else { - tmp = get_entry(parent, p1, krb5_config_string); + tmp = _krb5_config_get_entry(parent, p1, krb5_config_string); if (tmp == NULL) { - *error_message = "out of memory"; + *err_message = "out of memory"; return KRB5_CONFIG_BADFORMAT; } p1 = p; @@ -234,20 +237,120 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p, return ret; } +#if defined(__APPLE__) + +#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 +#define HAVE_CFPROPERTYLISTCREATEWITHSTREAM 1 +#endif + +static char * +cfstring2cstring(CFStringRef string) +{ + CFIndex len; + char *str; + + str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8); + if (str) + return strdup(str); + + len = CFStringGetLength(string); + len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8); + str = malloc(len); + if (str == NULL) + return NULL; + + if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) { + free (str); + return NULL; + } + return str; +} + +static void +convert_content(const void *key, const void *value, void *context) +{ + krb5_config_section *tmp, **parent = context; + char *k; + + if (CFGetTypeID(key) != CFStringGetTypeID()) + return; + + k = cfstring2cstring(key); + if (k == NULL) + return; + + if (CFGetTypeID(value) == CFStringGetTypeID()) { + tmp = _krb5_config_get_entry(parent, k, krb5_config_string); + tmp->u.string = cfstring2cstring(value); + } else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) { + tmp = _krb5_config_get_entry(parent, k, krb5_config_list); + CFDictionaryApplyFunction(value, convert_content, &tmp->u.list); + } else { + /* log */ + } + free(k); +} + +static krb5_error_code +parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent) +{ + CFReadStreamRef s; + CFDictionaryRef d; + CFURLRef url; + + url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE); + if (url == NULL) { + krb5_clear_error_message(context); + return ENOMEM; + } + + s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url); + CFRelease(url); + if (s == NULL) { + krb5_clear_error_message(context); + return ENOMEM; + } + + if (!CFReadStreamOpen(s)) { + CFRelease(s); + krb5_clear_error_message(context); + return ENOENT; + } + +#ifdef HAVE_CFPROPERTYLISTCREATEWITHSTREAM + d = (CFDictionaryRef)CFPropertyListCreateWithStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL); +#else + d = (CFDictionaryRef)CFPropertyListCreateFromStream(NULL, s, 0, kCFPropertyListImmutable, NULL, NULL); +#endif + CFRelease(s); + if (d == NULL) { + krb5_clear_error_message(context); + return ENOENT; + } + + CFDictionaryApplyFunction(d, convert_content, parent); + CFRelease(d); + + return 0; +} + +#endif + + /* * Parse the config file `fname', generating the structures into `res' - * returning error messages in `error_message' + * returning error messages in `err_message' */ static krb5_error_code krb5_config_parse_debug (struct fileptr *f, krb5_config_section **res, unsigned *lineno, - const char **error_message) + const char **err_message) { krb5_config_section *s = NULL; krb5_config_binding *b = NULL; - char buf[BUFSIZ]; + char buf[KRB5_BUFSIZ]; krb5_error_code ret; while (config_fgets(buf, sizeof(buf), f) != NULL) { @@ -261,19 +364,19 @@ krb5_config_parse_debug (struct fileptr *f, if (*p == '#' || *p == ';') continue; if (*p == '[') { - ret = parse_section(p, &s, res, error_message); - if (ret) + ret = parse_section(p, &s, res, err_message); + if (ret) return ret; b = NULL; } else if (*p == '}') { - *error_message = "unmatched }"; + *err_message = "unmatched }"; return EINVAL; /* XXX */ } else if(*p != '\0') { if (s == NULL) { - *error_message = "binding before section"; + *err_message = "binding before section"; return EINVAL; } - ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message); + ret = parse_binding(f, lineno, p, &b, &s->u.list, err_message); if (ret) return ret; } @@ -281,53 +384,142 @@ krb5_config_parse_debug (struct fileptr *f, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_string_multi(krb5_context context, - const char *string, - krb5_config_section **res) +static int +is_plist_file(const char *fname) { - const char *str; - unsigned lineno = 0; - krb5_error_code ret; - struct fileptr f; - f.f = NULL; - f.s = string; - - ret = krb5_config_parse_debug (&f, res, &lineno, &str); - if (ret) { - krb5_set_error_string (context, "%s:%u: %s", "", lineno, str); - return ret; - } - return 0; + size_t len = strlen(fname); + char suffix[] = ".plist"; + if (len < sizeof(suffix)) + return 0; + if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0) + return 0; + return 1; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Parse a configuration file and add the result into res. This + * interface can be used to parse several configuration files into one + * resulting krb5_config_section by calling it repeatably. + * + * @param context a Kerberos 5 context. + * @param fname a file name to a Kerberos configuration file + * @param res the returned result, must be free with krb5_free_config_files(). + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char *fname, krb5_config_section **res) { const char *str; + char *newfname = NULL; unsigned lineno = 0; krb5_error_code ret; struct fileptr f; - f.f = fopen(fname, "r"); - f.s = NULL; - if(f.f == NULL) { - ret = errno; - krb5_set_error_string (context, "open %s: %s", fname, strerror(ret)); - return ret; + + /** + * If the fname starts with "~/" parse configuration file in the + * current users home directory. The behavior can be disabled and + * enabled by calling krb5_set_home_dir_access(). + */ + if (fname[0] == '~' && fname[1] == '/') { +#ifndef KRB5_USE_PATH_TOKENS + const char *home = NULL; + + if (!_krb5_homedir_access(context)) { + krb5_set_error_message(context, EPERM, + "Access to home directory not allowed"); + return EPERM; + } + + if(!issuid()) + home = getenv("HOME"); + + if (home == NULL) { + struct passwd *pw = getpwuid(getuid()); + if(pw != NULL) + home = pw->pw_dir; + } + if (home) { + asprintf(&newfname, "%s%s", home, &fname[1]); + if (newfname == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + fname = newfname; + } +#else /* KRB5_USE_PATH_TOKENS */ + if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 || + newfname == NULL) + { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + fname = newfname; +#endif } - ret = krb5_config_parse_debug (&f, res, &lineno, &str); - fclose(f.f); - if (ret) { - krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str); - return ret; + if (is_plist_file(fname)) { +#ifdef __APPLE__ + ret = parse_plist_config(context, fname, res); + if (ret) { + krb5_set_error_message(context, ret, + "Failed to parse plist %s", fname); + if (newfname) + free(newfname); + return ret; + } +#else + krb5_set_error_message(context, ENOENT, + "no support for plist configuration files"); + return ENOENT; +#endif + } else { +#ifdef KRB5_USE_PATH_TOKENS + char * exp_fname = NULL; + + ret = _krb5_expand_path_tokens(context, fname, &exp_fname); + if (ret) { + if (newfname) + free(newfname); + return ret; + } + + if (newfname) + free(newfname); + fname = newfname = exp_fname; +#endif + + f.f = fopen(fname, "r"); + f.s = NULL; + if(f.f == NULL) { + ret = errno; + krb5_set_error_message (context, ret, "open %s: %s", + fname, strerror(ret)); + if (newfname) + free(newfname); + return ret; + } + + ret = krb5_config_parse_debug (&f, res, &lineno, &str); + fclose(f.f); + if (ret) { + krb5_set_error_message (context, ret, "%s:%u: %s", + fname, lineno, str); + if (newfname) + free(newfname); + return ret; + } } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file (krb5_context context, const char *fname, krb5_config_section **res) @@ -336,8 +528,6 @@ krb5_config_parse_file (krb5_context context, return krb5_config_parse_file_multi(context, fname, res); } -#endif /* !HAVE_NETINFO */ - static void free_binding (krb5_context context, krb5_config_binding *b) { @@ -350,7 +540,7 @@ free_binding (krb5_context context, krb5_config_binding *b) else if (b->type == krb5_config_list) free_binding (context, b->u.list); else - krb5_abortx(context, "unknown binding type (%d) in free_binding", + krb5_abortx(context, "unknown binding type (%d) in free_binding", b->type); next_b = b->next; free (b); @@ -358,25 +548,76 @@ free_binding (krb5_context context, krb5_config_binding *b) } } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Free configuration file section, the result of + * krb5_config_parse_file() and krb5_config_parse_file_multi(). + * + * @param context A Kerberos 5 context + * @param s the configuration section to free + * + * @return returns 0 on successes, otherwise an error code, see + * krb5_get_error_message() + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free (krb5_context context, krb5_config_section *s) { free_binding (context, s); return 0; } -const void * -krb5_config_get_next (krb5_context context, - const krb5_config_section *c, - const krb5_config_binding **pointer, - int type, - ...) +#ifndef HEIMDAL_SMALLER + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_config_copy(krb5_context context, + krb5_config_section *c, + krb5_config_section **head) +{ + krb5_config_binding *d, *previous = NULL; + + *head = NULL; + + while (c) { + d = calloc(1, sizeof(*d)); + + if (*head == NULL) + *head = d; + + d->name = strdup(c->name); + d->type = c->type; + if (d->type == krb5_config_string) + d->u.string = strdup(c->u.string); + else if (d->type == krb5_config_list) + _krb5_config_copy (context, c->u.list, &d->u.list); + else + krb5_abortx(context, + "unknown binding type (%d) in krb5_config_copy", + d->type); + if (previous) + previous->next = d; + + previous = d; + c = c->next; + } + return 0; +} + +#endif /* HEIMDAL_SMALLER */ + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_get_next (krb5_context context, + const krb5_config_section *c, + const krb5_config_binding **pointer, + int type, + ...) { const char *ret; va_list args; va_start(args, type); - ret = krb5_config_vget_next (context, c, pointer, type, args); + ret = _krb5_config_vget_next (context, c, pointer, type, args); va_end(args); return ret; } @@ -392,7 +633,7 @@ vget_next(krb5_context context, const char *p = va_arg(args, const char *); while(b != NULL) { if(strcmp(b->name, name) == 0) { - if(b->type == type && p == NULL) { + if(b->type == (unsigned)type && p == NULL) { *pointer = b; return b->u.generic; } else if(b->type == krb5_config_list && p != NULL) { @@ -404,12 +645,12 @@ vget_next(krb5_context context, return NULL; } -const void * -krb5_config_vget_next (krb5_context context, - const krb5_config_section *c, - const krb5_config_binding **pointer, - int type, - va_list args) +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_vget_next (krb5_context context, + const krb5_config_section *c, + const krb5_config_binding **pointer, + int type, + va_list args) { const krb5_config_binding *b; const char *p; @@ -432,7 +673,7 @@ krb5_config_vget_next (krb5_context context, /* we were called again, so just look for more entries with the same name and type */ for (b = (*pointer)->next; b != NULL; b = b->next) { - if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) { + if(strcmp(b->name, (*pointer)->name) == 0 && b->type == (unsigned)type) { *pointer = b; return b->u.generic; } @@ -440,33 +681,46 @@ krb5_config_vget_next (krb5_context context, return NULL; } -const void * -krb5_config_get (krb5_context context, - const krb5_config_section *c, - int type, - ...) +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_get (krb5_context context, + const krb5_config_section *c, + int type, + ...) { const void *ret; va_list args; va_start(args, type); - ret = krb5_config_vget (context, c, type, args); + ret = _krb5_config_vget (context, c, type, args); va_end(args); return ret; } + const void * -krb5_config_vget (krb5_context context, - const krb5_config_section *c, - int type, - va_list args) +_krb5_config_vget (krb5_context context, + const krb5_config_section *c, + int type, + va_list args) { const krb5_config_binding *foo = NULL; - return krb5_config_vget_next (context, c, &foo, type, args); + return _krb5_config_vget_next (context, c, &foo, type, args); } -const krb5_config_binding * +/** + * Get a list of configuration binding list for more processing + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return NULL if configuration list is not found, a list otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_get_list (krb5_context context, const krb5_config_section *c, ...) @@ -480,15 +734,42 @@ krb5_config_get_list (krb5_context context, return ret; } -const krb5_config_binding * +/** + * Get a list of configuration binding list for more processing + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return NULL if configuration list is not found, a list otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_vget_list (krb5_context context, const krb5_config_section *c, va_list args) { - return krb5_config_vget (context, c, krb5_config_list, args); + return _krb5_config_vget (context, c, krb5_config_list, args); } -const char* KRB5_LIB_FUNCTION +/** + * Returns a "const char *" to a string in the configuration database. + * The string may not be valid after a reload of the configuration + * database so a caller should make a local copy if it needs to keep + * the string. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return NULL if configuration string not found, a string otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string (krb5_context context, const krb5_config_section *c, ...) @@ -502,15 +783,42 @@ krb5_config_get_string (krb5_context context, return ret; } -const char* KRB5_LIB_FUNCTION +/** + * Like krb5_config_get_string(), but uses a va_list instead of ... + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return NULL if configuration string not found, a string otherwise + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string (krb5_context context, const krb5_config_section *c, va_list args) { - return krb5_config_vget (context, c, krb5_config_string, args); + return _krb5_config_vget (context, c, krb5_config_string, args); } -const char* KRB5_LIB_FUNCTION +/** + * Like krb5_config_vget_string(), but instead of returning NULL, + * instead return a default value. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param args a va_list of arguments + * + * @return a configuration string + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, @@ -524,7 +832,22 @@ krb5_config_vget_string_default (krb5_context context, return ret; } -const char* KRB5_LIB_FUNCTION +/** + * Like krb5_config_get_string(), but instead of returning NULL, + * instead return a default value. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param ... a list of names, terminated with NULL. + * + * @return a configuration string + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default (krb5_context context, const krb5_config_section *c, const char *def_value, @@ -539,7 +862,64 @@ krb5_config_get_string_default (krb5_context context, return ret; } -char ** KRB5_LIB_FUNCTION +static char * +next_component_string(char * begin, const char * delims, char **state) +{ + char * end; + + if (begin == NULL) + begin = *state; + + if (*begin == '\0') + return NULL; + + end = begin; + while (*end == '"') { + char * t = strchr(end + 1, '"'); + + if (t) + end = ++t; + else + end += strlen(end); + } + + if (*end != '\0') { + size_t pos; + + pos = strcspn(end, delims); + end = end + pos; + } + + if (*end != '\0') { + *end = '\0'; + *state = end + 1; + if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) { + begin++; *(end - 1) = '\0'; + } + return begin; + } + + *state = end; + if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) { + begin++; *(end - 1) = '\0'; + } + return begin; +} + +/** + * Get a list of configuration strings, free the result with + * krb5_config_free_strings(). + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL krb5_config_vget_strings(krb5_context context, const krb5_config_section *c, va_list args) @@ -549,14 +929,14 @@ krb5_config_vget_strings(krb5_context context, const krb5_config_binding *b = NULL; const char *p; - while((p = krb5_config_vget_next(context, c, &b, - krb5_config_string, args))) { + while((p = _krb5_config_vget_next(context, c, &b, + krb5_config_string, args))) { char *tmp = strdup(p); char *pos = NULL; char *s; if(tmp == NULL) goto cleanup; - s = strtok_r(tmp, " \t", &pos); + s = next_component_string(tmp, " \t", &pos); while(s){ char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings)); if(tmp2 == NULL) @@ -566,7 +946,7 @@ krb5_config_vget_strings(krb5_context context, nstr++; if(strings[nstr-1] == NULL) goto cleanup; - s = strtok_r(NULL, " \t", &pos); + s = next_component_string(NULL, " \t", &pos); } free(tmp); } @@ -586,7 +966,20 @@ cleanup: } -char** +/** + * Get a list of configuration strings, free the result with + * krb5_config_free_strings(). + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings(krb5_context context, const krb5_config_section *c, ...) @@ -599,7 +992,16 @@ krb5_config_get_strings(krb5_context context, return ret; } -void KRB5_LIB_FUNCTION +/** + * Free the resulting strings from krb5_config-get_strings() and + * krb5_config_vget_strings(). + * + * @param strings strings to free + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings(char **strings) { char **s = strings; @@ -610,7 +1012,25 @@ krb5_config_free_strings(char **strings) free(strings); } -krb5_boolean KRB5_LIB_FUNCTION +/** + * Like krb5_config_get_bool_default() but with a va_list list of + * configuration selection. + * + * Configuration value to a boolean value, where yes/true and any + * non-zero number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param args a va_list of arguments + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, @@ -626,7 +1046,21 @@ krb5_config_vget_bool_default (krb5_context context, return FALSE; } -krb5_boolean KRB5_LIB_FUNCTION +/** + * krb5_config_get_bool() will convert the configuration + * option value to a boolean value, where yes/true and any non-zero + * number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool (krb5_context context, const krb5_config_section *c, va_list args) @@ -634,7 +1068,23 @@ krb5_config_vget_bool (krb5_context context, return krb5_config_vget_bool_default (context, c, FALSE, args); } -krb5_boolean KRB5_LIB_FUNCTION +/** + * krb5_config_get_bool_default() will convert the configuration + * option value to a boolean value, where yes/true and any non-zero + * number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param ... a list of names, terminated with NULL. + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default (krb5_context context, const krb5_config_section *c, krb5_boolean def_value, @@ -648,7 +1098,23 @@ krb5_config_get_bool_default (krb5_context context, return ret; } -krb5_boolean KRB5_LIB_FUNCTION +/** + * Like krb5_config_get_bool() but with a va_list list of + * configuration selection. + * + * Configuration value to a boolean value, where yes/true and any + * non-zero number means TRUE and other value is FALSE. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return TRUE or FALSE + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool (krb5_context context, const krb5_config_section *c, ...) @@ -661,7 +1127,24 @@ krb5_config_get_bool (krb5_context context, return ret; } -int KRB5_LIB_FUNCTION +/** + * Get the time from the configuration file using a relative time. + * + * Like krb5_config_get_time_default() but with a va_list list of + * configuration selection. + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param args a va_list of arguments + * + * @return parsed the time (or def_value on parse error) + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -678,7 +1161,19 @@ krb5_config_vget_time_default (krb5_context context, return t; } -int KRB5_LIB_FUNCTION +/** + * Get the time from the configuration file using a relative time, for example: 1h30s + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param args a va_list of arguments + * + * @return parsed the time or -1 on error + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time (krb5_context context, const krb5_config_section *c, va_list args) @@ -686,7 +1181,21 @@ krb5_config_vget_time (krb5_context context, return krb5_config_vget_time_default (context, c, -1, args); } -int KRB5_LIB_FUNCTION +/** + * Get the time from the configuration file using a relative time, for example: 1h30s + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param def_value the default value to return if no configuration + * found in the database. + * @param ... a list of names, terminated with NULL. + * + * @return parsed the time (or def_value on parse error) + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -700,7 +1209,19 @@ krb5_config_get_time_default (krb5_context context, return ret; } -int KRB5_LIB_FUNCTION +/** + * Get the time from the configuration file using a relative time, for example: 1h30s + * + * @param context A Kerberos 5 context. + * @param c a configuration section, or NULL to use the section from context + * @param ... a list of names, terminated with NULL. + * + * @return parsed the time or -1 on error + * + * @ingroup krb5_support + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time (krb5_context context, const krb5_config_section *c, ...) @@ -714,7 +1235,7 @@ krb5_config_get_time (krb5_context context, } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -724,18 +1245,18 @@ krb5_config_vget_int_default (krb5_context context, str = krb5_config_vget_string (context, c, args); if(str == NULL) return def_value; - else { - char *endptr; - long l; - l = strtol(str, &endptr, 0); - if (endptr == str) - return def_value; - else + else { + char *endptr; + long l; + l = strtol(str, &endptr, 0); + if (endptr == str) + return def_value; + else return l; } } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int (krb5_context context, const krb5_config_section *c, va_list args) @@ -743,7 +1264,7 @@ krb5_config_vget_int (krb5_context context, return krb5_config_vget_int_default (context, c, -1, args); } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int_default (krb5_context context, const krb5_config_section *c, int def_value, @@ -757,7 +1278,7 @@ krb5_config_get_int_default (krb5_context context, return ret; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int (krb5_context context, const krb5_config_section *c, ...) @@ -769,3 +1290,36 @@ krb5_config_get_int (krb5_context context, va_end(ap); return ret; } + + +#ifndef HEIMDAL_SMALLER + +/** + * Deprecated: configuration files are not strings + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_config_parse_string_multi(krb5_context context, + const char *string, + krb5_config_section **res) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + const char *str; + unsigned lineno = 0; + krb5_error_code ret; + struct fileptr f; + f.f = NULL; + f.s = string; + + ret = krb5_config_parse_debug (&f, res, &lineno, &str); + if (ret) { + krb5_set_error_message (context, ret, "%s:%u: %s", + "", lineno, str); + return ret; + } + return 0; +} + +#endif diff --git a/crypto/heimdal/lib/krb5/config_file_netinfo.c b/crypto/heimdal/lib/krb5/config_file_netinfo.c deleted file mode 100644 index 1e01e7c5ffb..00000000000 --- a/crypto/heimdal/lib/krb5/config_file_netinfo.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" -RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $"); - -/* - * Netinfo implementation from Luke Howard - */ - -#ifdef HAVE_NETINFO -#include -static ni_status -ni_proplist2binding(ni_proplist *pl, krb5_config_section **ret) -{ - int i, j; - krb5_config_section **next = NULL; - - for (i = 0; i < pl->ni_proplist_len; i++) { - if (!strcmp(pl->nipl_val[i].nip_name, "name")) - continue; - - for (j = 0; j < pl->nipl_val[i].nip_val.ni_namelist_len; j++) { - krb5_config_binding *b; - - b = malloc(sizeof(*b)); - if (b == NULL) - return NI_FAILED; - - b->next = NULL; - b->type = krb5_config_string; - b->name = ni_name_dup(pl->nipl_val[i].nip_name); - b->u.string = ni_name_dup(pl->nipl_val[i].nip_val.ninl_val[j]); - - if (next == NULL) { - *ret = b; - } else { - *next = b; - } - next = &b->next; - } - } - return NI_OK; -} - -static ni_status -ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret) -{ - int i; - ni_status nis; - krb5_config_section **next; - - for (i = 0; i < idlist->ni_idlist_len; i++) { - ni_proplist pl; - ni_id nid; - ni_idlist children; - krb5_config_binding *b; - ni_index index; - - nid.nii_instance = 0; - nid.nii_object = idlist->ni_idlist_val[i]; - - nis = ni_read(ni, &nid, &pl); - - if (nis != NI_OK) { - return nis; - } - index = ni_proplist_match(pl, "name", NULL); - b = malloc(sizeof(*b)); - if (b == NULL) return NI_FAILED; - - if (i == 0) { - *ret = b; - } else { - *next = b; - } - - b->type = krb5_config_list; - b->name = ni_name_dup(pl.nipl_val[index].nip_val.ninl_val[0]); - b->next = NULL; - b->u.list = NULL; - - /* get the child directories */ - nis = ni_children(ni, &nid, &children); - if (nis == NI_OK) { - nis = ni_idlist2binding(ni, &children, &b->u.list); - if (nis != NI_OK) { - return nis; - } - } - - nis = ni_proplist2binding(&pl, b->u.list == NULL ? &b->u.list : &b->u.list->next); - ni_proplist_free(&pl); - if (nis != NI_OK) { - return nis; - } - next = &b->next; - } - ni_idlist_free(idlist); - return NI_OK; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_file (krb5_context context, - const char *fname, - krb5_config_section **res) -{ - void *ni = NULL, *lastni = NULL; - int i; - ni_status nis; - ni_id nid; - ni_idlist children; - - krb5_config_section *s; - int ret; - - s = NULL; - - for (i = 0; i < 256; i++) { - if (i == 0) { - nis = ni_open(NULL, ".", &ni); - } else { - if (lastni != NULL) ni_free(lastni); - lastni = ni; - nis = ni_open(lastni, "..", &ni); - } - if (nis != NI_OK) - break; - nis = ni_pathsearch(ni, &nid, "/locations/kerberos"); - if (nis == NI_OK) { - nis = ni_children(ni, &nid, &children); - if (nis != NI_OK) - break; - nis = ni_idlist2binding(ni, &children, &s); - break; - } - } - - if (ni != NULL) ni_free(ni); - if (ni != lastni && lastni != NULL) ni_free(lastni); - - ret = (nis == NI_OK) ? 0 : -1; - if (ret == 0) { - *res = s; - } else { - *res = NULL; - } - return ret; -} -#endif /* HAVE_NETINFO */ diff --git a/crypto/heimdal/lib/krb5/constants.c b/crypto/heimdal/lib/krb5/constants.c index 5188a1d3a86..bbb4832657f 100644 --- a/crypto/heimdal/lib/krb5/constants.c +++ b/crypto/heimdal/lib/krb5/constants.c @@ -1,43 +1,61 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: constants.c 14253 2004-09-23 07:57:37Z joda $"); - -const char *krb5_config_file = +KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ -"/Library/Preferences/edu.mit.Kerberos:" +"~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP +"/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP +"~/Library/Preferences/edu.mit.Kerberos" PATH_SEP +"/Library/Preferences/edu.mit.Kerberos" PATH_SEP +#endif /* __APPLE__ */ +"~/.krb5/config" PATH_SEP +SYSCONFDIR "/krb5.conf" +#ifdef _WIN32 +PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf" +PATH_SEP "%{WINDOWS}/krb5.ini" +#else +PATH_SEP "/etc/krb5.conf" #endif -SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; -const char *krb5_defkeyname = KEYTAB_DEFAULT; +; + +KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT; + +KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API"; +KRB5_LIB_VARIABLE const char *krb5_cc_type_file = "FILE"; +KRB5_LIB_VARIABLE const char *krb5_cc_type_memory = "MEMORY"; +KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm = "KCM"; +KRB5_LIB_VARIABLE const char *krb5_cc_type_scc = "SCC"; diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 256783310e9..99bf1b419b0 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -1,41 +1,42 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" +#include #include -RCSID("$Id: context.c 22293 2007-12-14 05:25:59Z lha $"); - #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ "libdefaults", F, NULL) @@ -60,7 +61,7 @@ set_etypes (krb5_context context, char **etypes_str; krb5_enctype *etypes = NULL; - etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", + etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", name, NULL); if(etypes_str){ int i, j, k; @@ -68,7 +69,7 @@ set_etypes (krb5_context context, etypes = malloc((i+1) * sizeof(*etypes)); if (etypes == NULL) { krb5_config_free_strings (etypes_str); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } for(j = 0, k = 0; j < i; j++) { @@ -81,7 +82,7 @@ set_etypes (krb5_context context, } etypes[k] = ETYPE_NULL; krb5_config_free_strings(etypes_str); - } + } *ret_enctypes = etypes; return 0; } @@ -95,6 +96,7 @@ init_context_from_config_file(krb5_context context) { krb5_error_code ret; const char * tmp; + char **s; krb5_enctype *tmptypes; INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); @@ -102,19 +104,49 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, int, max_retries, 3, "max_retries"); INIT_FIELD(context, string, http_proxy, NULL, "http_proxy"); - + + ret = krb5_config_get_bool_default(context, NULL, FALSE, + "libdefaults", + "allow_weak_crypto", NULL); + if (ret) { + krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); + krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); + krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); + krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); + } + ret = set_etypes (context, "default_etypes", &tmptypes); if(ret) return ret; free(context->etypes); context->etypes = tmptypes; - + ret = set_etypes (context, "default_etypes_des", &tmptypes); if(ret) return ret; free(context->etypes_des); context->etypes_des = tmptypes; + ret = set_etypes (context, "default_as_etypes", &tmptypes); + if(ret) + return ret; + free(context->as_etypes); + context->as_etypes = tmptypes; + + ret = set_etypes (context, "default_tgs_etypes", &tmptypes); + if(ret) + return ret; + free(context->tgs_etypes); + context->tgs_etypes = tmptypes; + + ret = set_etypes (context, "permitted_enctypes", &tmptypes); + if(ret) + return ret; + free(context->permitted_enctypes); + context->permitted_enctypes = tmptypes; + /* default keytab name */ tmp = NULL; if(!issuid()) @@ -122,27 +154,27 @@ init_context_from_config_file(krb5_context context) if(tmp != NULL) context->default_keytab = tmp; else - INIT_FIELD(context, string, default_keytab, + INIT_FIELD(context, string, default_keytab, KEYTAB_DEFAULT, "default_keytab_name"); - INIT_FIELD(context, string, default_keytab_modify, + INIT_FIELD(context, string, default_keytab_modify, NULL, "default_keytab_modify_name"); - INIT_FIELD(context, string, time_fmt, + INIT_FIELD(context, string, time_fmt, "%Y-%m-%dT%H:%M:%S", "time_format"); - INIT_FIELD(context, string, date_fmt, + INIT_FIELD(context, string, date_fmt, "%Y-%m-%d", "date_format"); - INIT_FIELD(context, bool, log_utc, + INIT_FIELD(context, bool, log_utc, FALSE, "log_utc"); - + /* init dns-proxy slime */ - tmp = krb5_config_get_string(context, NULL, "libdefaults", + tmp = krb5_config_get_string(context, NULL, "libdefaults", "dns_proxy", NULL); - if(tmp) + if(tmp) roken_gethostby_setup(context->http_proxy, tmp); krb5_free_host_realm (context, context->default_realms); context->default_realms = NULL; @@ -152,9 +184,9 @@ init_context_from_config_file(krb5_context context) char **adr, **a; krb5_set_extra_addresses(context, NULL); - adr = krb5_config_get_strings(context, NULL, - "libdefaults", - "extra_addresses", + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "extra_addresses", NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { @@ -167,9 +199,9 @@ init_context_from_config_file(krb5_context context) krb5_config_free_strings(adr); krb5_set_ignore_addresses(context, NULL); - adr = krb5_config_get_strings(context, NULL, - "libdefaults", - "ignore_addresses", + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "ignore_addresses", NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { @@ -181,7 +213,7 @@ init_context_from_config_file(krb5_context context) } krb5_config_free_strings(adr); } - + INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); /* prefer dns_lookup_kdc over srv_lookup. */ @@ -192,9 +224,138 @@ init_context_from_config_file(krb5_context context) INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); context->default_cc_name = NULL; context->default_cc_name_set = 0; + + s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL); + if(s) { + char **p; + krb5_initlog(context, "libkrb5", &context->debug_dest); + for(p = s; *p; p++) + krb5_addlog_dest(context, context->debug_dest, *p); + krb5_config_free_strings(s); + } + + tmp = krb5_config_get_string(context, NULL, "libdefaults", + "check-rd-req-server", NULL); + if (tmp == NULL && !issuid()) + tmp = getenv("KRB5_CHECK_RD_REQ_SERVER"); + if(tmp) { + if (strcasecmp(tmp, "ignore") == 0) + context->flags |= KRB5_CTX_F_RD_REQ_IGNORE; + } + return 0; } +static krb5_error_code +cc_ops_register(krb5_context context) +{ + context->cc_ops = NULL; + context->num_cc_ops = 0; + +#ifndef KCM_IS_API_CACHE + krb5_cc_register(context, &krb5_acc_ops, TRUE); +#endif + krb5_cc_register(context, &krb5_fcc_ops, TRUE); + krb5_cc_register(context, &krb5_mcc_ops, TRUE); +#ifdef HAVE_SCC + krb5_cc_register(context, &krb5_scc_ops, TRUE); +#endif +#ifdef HAVE_KCM +#ifdef KCM_IS_API_CACHE + krb5_cc_register(context, &krb5_akcm_ops, TRUE); +#endif + krb5_cc_register(context, &krb5_kcm_ops, TRUE); +#endif + _krb5_load_ccache_plugins(context); + return 0; +} + +static krb5_error_code +cc_ops_copy(krb5_context context, const krb5_context src_context) +{ + const krb5_cc_ops **cc_ops; + + context->cc_ops = NULL; + context->num_cc_ops = 0; + + if (src_context->num_cc_ops == 0) + return 0; + + cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops); + if (cc_ops == NULL) { + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); + return KRB5_CC_NOMEM; + } + + memcpy(rk_UNCONST(cc_ops), src_context->cc_ops, + sizeof(cc_ops[0]) * src_context->num_cc_ops); + context->cc_ops = cc_ops; + context->num_cc_ops = src_context->num_cc_ops; + + return 0; +} + +static krb5_error_code +kt_ops_register(krb5_context context) +{ + context->num_kt_types = 0; + context->kt_types = NULL; + + krb5_kt_register (context, &krb5_fkt_ops); + krb5_kt_register (context, &krb5_wrfkt_ops); + krb5_kt_register (context, &krb5_javakt_ops); + krb5_kt_register (context, &krb5_mkt_ops); +#ifndef HEIMDAL_SMALLER + krb5_kt_register (context, &krb5_akf_ops); +#endif + krb5_kt_register (context, &krb5_any_ops); + return 0; +} + +static krb5_error_code +kt_ops_copy(krb5_context context, const krb5_context src_context) +{ + context->num_kt_types = 0; + context->kt_types = NULL; + + if (src_context->num_kt_types == 0) + return 0; + + context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types); + if (context->kt_types == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + context->num_kt_types = src_context->num_kt_types; + memcpy(context->kt_types, src_context->kt_types, + sizeof(context->kt_types[0]) * src_context->num_kt_types); + + return 0; +} + +static const char *sysplugin_dirs[] = { + LIBDIR "/plugin/krb5", +#ifdef __APPLE__ + "/Library/KerberosPlugins/KerberosFrameworkPlugins", + "/System/Library/KerberosPlugins/KerberosFrameworkPlugins", +#endif + NULL +}; + +static void +init_context_once(void *ctx) +{ + krb5_context context = ctx; + + _krb5_load_plugins(context, "krb5", sysplugin_dirs); + + bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); +} + + /** * Initializes the context structure and reads the configuration file * /etc/krb5.conf. The structure should be freed by calling @@ -210,9 +371,10 @@ init_context_from_config_file(krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context(krb5_context *context) { + static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT; krb5_context p; krb5_error_code ret; char **files; @@ -230,55 +392,181 @@ krb5_init_context(krb5_context *context) } HEIMDAL_MUTEX_init(p->mutex); + p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS; + ret = krb5_get_default_config_files(&files); - if(ret) + if(ret) goto out; ret = krb5_set_config_files(p, files); krb5_free_config_files(files); - if(ret) + if(ret) goto out; /* init error tables */ krb5_init_ets(p); + cc_ops_register(p); + kt_ops_register(p); - p->cc_ops = NULL; - p->num_cc_ops = 0; - krb5_cc_register(p, &krb5_acc_ops, TRUE); - krb5_cc_register(p, &krb5_fcc_ops, TRUE); - krb5_cc_register(p, &krb5_mcc_ops, TRUE); -#ifdef HAVE_KCM - krb5_cc_register(p, &krb5_kcm_ops, TRUE); +#ifdef PKINIT + ret = hx509_context_init(&p->hx509ctx); + if (ret) + goto out; #endif - - p->num_kt_types = 0; - p->kt_types = NULL; - krb5_kt_register (p, &krb5_fkt_ops); - krb5_kt_register (p, &krb5_wrfkt_ops); - krb5_kt_register (p, &krb5_javakt_ops); - krb5_kt_register (p, &krb5_mkt_ops); - krb5_kt_register (p, &krb5_akf_ops); - krb5_kt_register (p, &krb4_fkt_ops); - krb5_kt_register (p, &krb5_srvtab_fkt_ops); - krb5_kt_register (p, &krb5_any_ops); + if (rk_SOCK_INIT()) + p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED; out: if(ret) { krb5_free_context(p); p = NULL; + } else { + heim_base_once_f(&init_context, p, init_context_once); } *context = p; return ret; } +#ifndef HEIMDAL_SMALLER + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_permitted_enctypes(krb5_context context, + krb5_enctype **etypes) +{ + return krb5_get_default_in_tkt_etypes(context, KRB5_PDU_NONE, etypes); +} + +/* + * + */ + +static krb5_error_code +copy_etypes (krb5_context context, + krb5_enctype *enctypes, + krb5_enctype **ret_enctypes) +{ + unsigned int i; + + for (i = 0; enctypes[i]; i++) + ; + i++; + + *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i); + if (*ret_enctypes == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i); + return 0; +} + +/** + * Make a copy for the Kerberos 5 context, the new krb5_context shoud + * be freed with krb5_free_context(). + * + * @param context the Kerberos context to copy + * @param out the copy of the Kerberos, set to NULL error. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_context(krb5_context context, krb5_context *out) +{ + krb5_error_code ret; + krb5_context p; + + *out = NULL; + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + p->mutex = malloc(sizeof(HEIMDAL_MUTEX)); + if (p->mutex == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + free(p); + return ENOMEM; + } + HEIMDAL_MUTEX_init(p->mutex); + + + if (context->default_cc_name) + p->default_cc_name = strdup(context->default_cc_name); + if (context->default_cc_name_env) + p->default_cc_name_env = strdup(context->default_cc_name_env); + + if (context->etypes) { + ret = copy_etypes(context, context->etypes, &p->etypes); + if (ret) + goto out; + } + if (context->etypes_des) { + ret = copy_etypes(context, context->etypes_des, &p->etypes_des); + if (ret) + goto out; + } + + if (context->default_realms) { + ret = krb5_copy_host_realm(context, + context->default_realms, &p->default_realms); + if (ret) + goto out; + } + + ret = _krb5_config_copy(context, context->cf, &p->cf); + if (ret) + goto out; + + /* XXX should copy */ + krb5_init_ets(p); + + cc_ops_copy(p, context); + kt_ops_copy(p, context); + +#if 0 /* XXX */ + if(context->warn_dest != NULL) + ; + if(context->debug_dest != NULL) + ; +#endif + + ret = krb5_set_extra_addresses(p, context->extra_addresses); + if (ret) + goto out; + ret = krb5_set_extra_addresses(p, context->ignore_addresses); + if (ret) + goto out; + + ret = _krb5_copy_send_to_kdc_func(p, context); + if (ret) + goto out; + + *out = p; + + return 0; + + out: + krb5_free_context(p); + return ret; +} + +#endif + /** * Frees the krb5_context allocated by krb5_init_context(). * * @param context context to be freed. * - * @ingroup krb5 -*/ + * @ingroup krb5 + */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context(krb5_context context) { if (context->default_cc_name) @@ -290,18 +578,28 @@ krb5_free_context(krb5_context context) krb5_free_host_realm (context, context->default_realms); krb5_config_file_free (context, context->cf); free_error_table (context->et_list); - free(context->cc_ops); + free(rk_UNCONST(context->cc_ops)); free(context->kt_types); - krb5_clear_error_string(context); + krb5_clear_error_message(context); if(context->warn_dest != NULL) krb5_closelog(context, context->warn_dest); + if(context->debug_dest != NULL) + krb5_closelog(context, context->debug_dest); krb5_set_extra_addresses(context, NULL); krb5_set_ignore_addresses(context, NULL); krb5_set_send_to_kdc_func(context, NULL, NULL); - if (context->mutex != NULL) { - HEIMDAL_MUTEX_destroy(context->mutex); - free(context->mutex); + +#ifdef PKINIT + if (context->hx509ctx) + hx509_context_free(&context->hx509ctx); +#endif + + HEIMDAL_MUTEX_destroy(context->mutex); + free(context->mutex); + if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { + rk_SOCK_EXIT(); } + memset(context, 0, sizeof(*context)); free(context); } @@ -318,14 +616,14 @@ krb5_free_context(krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files(krb5_context context, char **filenames) { krb5_error_code ret; krb5_config_binding *tmp = NULL; while(filenames != NULL && *filenames != NULL && **filenames != '\0') { ret = krb5_config_parse_file_multi(context, *filenames, &tmp); - if(ret != 0 && ret != ENOENT && ret != EACCES) { + if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) { krb5_config_file_free(context, tmp); return ret; } @@ -337,6 +635,11 @@ krb5_set_config_files(krb5_context context, char **filenames) if(tmp == NULL) return ENXIO; #endif + +#ifdef _WIN32 + _krb5_load_config_from_registry(context, &tmp); +#endif + krb5_config_file_free(context, context->cf); context->cf = tmp; ret = init_context_from_config_file(context); @@ -373,7 +676,7 @@ add_file(char ***pfilenames, int *len, char *file) * `pq' isn't free, it's up the the caller */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) { krb5_error_code ret; @@ -389,7 +692,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) while(1) { ssize_t l; q = p; - l = strsep_copy(&q, ":", NULL, 0); + l = strsep_copy(&q, PATH_SEP, NULL, 0); if(l == -1) break; fn = malloc(l + 1); @@ -397,7 +700,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) krb5_free_config_files(pp); return ENOMEM; } - l = strsep_copy(&p, ":", fn, l + 1); + (void)strsep_copy(&p, PATH_SEP, fn, l + 1); ret = add_file(&pp, &len, fn); if (ret) { krb5_free_config_files(pp); @@ -438,12 +741,12 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) { krb5_error_code ret; char **defpp, **pp = NULL; - + ret = krb5_get_default_config_files(&defpp); if (ret) return ret; @@ -452,11 +755,50 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) krb5_free_config_files(defpp); if (ret) { return ret; - } + } *pfilenames = pp; return 0; } +#ifdef _WIN32 + +/** + * Checks the registry for configuration file location + * + * Kerberos for Windows and other legacy Kerberos applications expect + * to find the configuration file location in the + * SOFTWARE\MIT\Kerberos registry key under the value "config". + */ +char * +_krb5_get_default_config_config_files_from_registry() +{ + static const char * KeyName = "Software\\MIT\\Kerberos"; + char *config_file = NULL; + LONG rcode; + HKEY key; + + rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key); + if (rcode == ERROR_SUCCESS) { + config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config", + REG_NONE, 0, PATH_SEP); + RegCloseKey(key); + } + + if (config_file) + return config_file; + + rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key); + if (rcode == ERROR_SUCCESS) { + config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config", + REG_NONE, 0, PATH_SEP); + RegCloseKey(key); + } + + return config_file; +} + +#endif + /** * Get the global configuration list. * @@ -468,7 +810,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files(char ***pfilenames) { const char *files = NULL; @@ -477,6 +819,22 @@ krb5_get_default_config_files(char ***pfilenames) return EINVAL; if(!issuid()) files = getenv("KRB5_CONFIG"); + +#ifdef _WIN32 + if (files == NULL) { + char * reg_files; + reg_files = _krb5_get_default_config_config_files_from_registry(); + if (reg_files != NULL) { + krb5_error_code code; + + code = krb5_prepend_config_files(reg_files, NULL, pfilenames); + free(reg_files); + + return code; + } + } +#endif + if (files == NULL) files = krb5_config_file; @@ -486,7 +844,8 @@ krb5_get_default_config_files(char ***pfilenames) /** * Free a list of configuration files. * - * @param filenames list to be freed. + * @param filenames list, terminated with a NULL pointer, to be + * freed. NULL is an valid argument. * * @return Returns 0 to indicate success. Otherwise an kerberos et * error code is returned, see krb5_get_error_message(). @@ -494,11 +853,11 @@ krb5_get_default_config_files(char ***pfilenames) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files(char **filenames) { char **p; - for(p = filenames; *p != NULL; p++) + for(p = filenames; p && *p != NULL; p++) free(*p); free(filenames); } @@ -516,7 +875,7 @@ krb5_free_config_files(char **filenames) * @ingroup krb5 */ -const krb5_enctype * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL krb5_kerberos_enctypes(krb5_context context) { static const krb5_enctype p[] = { @@ -533,6 +892,41 @@ krb5_kerberos_enctypes(krb5_context context) return p; } +/* + * + */ + +static krb5_error_code +copy_enctypes(krb5_context context, + const krb5_enctype *in, + krb5_enctype **out) +{ + krb5_enctype *p = NULL; + size_t m, n; + + for (n = 0; in[n]; n++) + ; + n++; + ALLOC(p, n); + if(p == NULL) + return krb5_enomem(context); + for (n = 0, m = 0; in[n]; n++) { + if (krb5_enctype_valid(context, in[n]) != 0) + continue; + p[m++] = in[n]; + } + p[m] = KRB5_ENCTYPE_NULL; + if (m == 0) { + free(p); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("no valid enctype set", "")); + return KRB5_PROG_ETYPE_NOSUPP; + } + *out = p; + return 0; +} + + /* * set `etype' to a malloced list of the default enctypes */ @@ -540,28 +934,8 @@ krb5_kerberos_enctypes(krb5_context context) static krb5_error_code default_etypes(krb5_context context, krb5_enctype **etype) { - const krb5_enctype *p; - krb5_enctype *e = NULL, *ep; - int i, n = 0; - - p = krb5_kerberos_enctypes(context); - - for (i = 0; p[i] != ETYPE_NULL; i++) { - if (krb5_enctype_valid(context, p[i]) != 0) - continue; - ep = realloc(e, (n + 2) * sizeof(*e)); - if (ep == NULL) { - free(e); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - e = ep; - e[n] = p[i]; - e[n + 1] = ETYPE_NULL; - n++; - } - *etype = e; - return 0; + const krb5_enctype *p = krb5_kerberos_enctypes(context); + return copy_enctypes(context, p, etype); } /** @@ -577,27 +951,17 @@ default_etypes(krb5_context context, krb5_enctype **etype) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_in_tkt_etypes(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_default_in_tkt_etypes(krb5_context context, const krb5_enctype *etypes) { + krb5_error_code ret; krb5_enctype *p = NULL; - int i; if(etypes) { - for (i = 0; etypes[i]; ++i) { - krb5_error_code ret; - ret = krb5_enctype_valid(context, etypes[i]); - if (ret) - return ret; - } - ++i; - ALLOC(p, i); - if(!p) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memmove(p, etypes, i * sizeof(krb5_enctype)); + ret = copy_enctypes(context, etypes, &p); + if (ret) + return ret; } if(context->etypes) free(context->etypes); @@ -619,75 +983,69 @@ krb5_set_default_in_tkt_etypes(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes(krb5_context context, + krb5_pdu pdu_type, krb5_enctype **etypes) { - krb5_enctype *p; - int i; - krb5_error_code ret; + krb5_enctype *enctypes = NULL; + krb5_error_code ret; + krb5_enctype *p; - if(context->etypes) { - for(i = 0; context->etypes[i]; i++); - ++i; - ALLOC(p, i); - if(!p) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + heim_assert(pdu_type == KRB5_PDU_AS_REQUEST || + pdu_type == KRB5_PDU_TGS_REQUEST || + pdu_type == KRB5_PDU_NONE, "pdu contant not as expected"); + + if (pdu_type == KRB5_PDU_AS_REQUEST && context->as_etypes != NULL) + enctypes = context->as_etypes; + else if (pdu_type == KRB5_PDU_TGS_REQUEST && context->tgs_etypes != NULL) + enctypes = context->tgs_etypes; + else if (context->etypes != NULL) + enctypes = context->etypes; + + if (enctypes != NULL) { + ret = copy_enctypes(context, enctypes, &p); + if (ret) + return ret; + } else { + ret = default_etypes(context, &p); + if (ret) + return ret; } - memmove(p, context->etypes, i * sizeof(krb5_enctype)); - } else { - ret = default_etypes(context, &p); - if (ret) - return ret; - } - *etypes = p; - return 0; + *etypes = p; + return 0; } /** - * Return the error string for the error code. The caller must not - * free the string. - * - * @param context Kerberos 5 context. - * @param code Kerberos error code. - * - * @return the error message matching code - * - * @ingroup krb5 - */ - -const char* KRB5_LIB_FUNCTION -krb5_get_err_text(krb5_context context, krb5_error_code code) -{ - const char *p = NULL; - if(context != NULL) - p = com_right(context->et_list, code); - if(p == NULL) - p = strerror(code); - if (p == NULL) - p = "Unknown error"; - return p; -} - -/** - * Init the built-in ets in the Kerberos library. + * Init the built-in ets in the Kerberos library. * * @param context kerberos context to add the ets too * * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ krb5_add_et_list(context, initialize_krb5_error_table_r); krb5_add_et_list(context, initialize_asn1_error_table_r); krb5_add_et_list(context, initialize_heim_error_table_r); + krb5_add_et_list(context, initialize_k524_error_table_r); + +#ifdef COM_ERR_BINDDOMAIN_krb5 + bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR); + bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR); + bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR); + bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR); +#endif + #ifdef PKINIT krb5_add_et_list(context, initialize_hx_error_table_r); +#ifdef COM_ERR_BINDDOMAIN_hx + bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR); +#endif #endif } } @@ -701,7 +1059,7 @@ krb5_init_ets(krb5_context context) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) { context->use_admin_kdc = flag; @@ -717,7 +1075,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context context) { return context->use_admin_kdc; @@ -736,12 +1094,12 @@ krb5_get_use_admin_kdc (krb5_context context) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) { if(context->extra_addresses) - return krb5_append_addresses(context, + return krb5_append_addresses(context, context->extra_addresses, addresses); else return krb5_set_extra_addresses(context, addresses); @@ -760,7 +1118,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->extra_addresses) @@ -776,7 +1134,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); if(context->extra_addresses == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } } @@ -796,7 +1154,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) { if(context->extra_addresses == NULL) { @@ -819,12 +1177,12 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) { if(context->ignore_addresses) - return krb5_append_addresses(context, + return krb5_append_addresses(context, context->ignore_addresses, addresses); else return krb5_set_ignore_addresses(context, addresses); @@ -843,7 +1201,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->ignore_addresses) @@ -858,7 +1216,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) if(context->ignore_addresses == NULL) { context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); if(context->ignore_addresses == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } } @@ -878,7 +1236,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) { if(context->ignore_addresses == NULL) { @@ -900,7 +1258,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version(krb5_context context, int version) { context->fcache_vno = version; @@ -919,7 +1277,7 @@ krb5_set_fcache_version(krb5_context context, int version) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version(krb5_context context, int *version) { *version = context->fcache_vno; @@ -935,7 +1293,7 @@ krb5_get_fcache_version(krb5_context context, int *version) */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe(void) { #ifdef ENABLE_PTHREAD_SUPPORT @@ -954,7 +1312,7 @@ krb5_is_thread_safe(void) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) { if (flag) @@ -973,7 +1331,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context context) { return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0; @@ -986,12 +1344,12 @@ krb5_get_dns_canonicalize_hostname (krb5_context context) * @param sec seconds part of offset. * @param usec micro seconds part of offset. * - * @return return non zero if the library uses DNS to canonicalize hostnames. + * @return returns zero * * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) { if (sec) @@ -1001,6 +1359,27 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) return 0; } +/** + * Set current offset in time to the KDC. + * + * @param context Kerberos 5 context. + * @param sec seconds part of offset. + * @param usec micro seconds part of offset. + * + * @return returns zero + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) +{ + context->kdc_sec_offset = sec; + if (usec >= 0) + context->kdc_usec_offset = usec; + return 0; +} + /** * Get max time skew allowed. * @@ -1011,7 +1390,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) * @ingroup krb5 */ -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context context) { return context->max_skew; @@ -1026,8 +1405,112 @@ krb5_get_max_time_skew (krb5_context context) * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew (krb5_context context, time_t t) { context->max_skew = t; } + +/* + * Init encryption types in len, val with etypes. + * + * @param context Kerberos 5 context. + * @param pdu_type type of pdu + * @param len output length of val. + * @param val output array of enctypes. + * @param etypes etypes to set val and len to, if NULL, use default enctypes. + + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_init_etype(krb5_context context, + krb5_pdu pdu_type, + unsigned *len, + krb5_enctype **val, + const krb5_enctype *etypes) +{ + krb5_error_code ret; + + if (etypes == NULL) + ret = krb5_get_default_in_tkt_etypes(context, pdu_type, val); + else + ret = copy_enctypes(context, etypes, val); + if (ret) + return ret; + + if (len) { + *len = 0; + while ((*val)[*len] != KRB5_ENCTYPE_NULL) + (*len)++; + } + return 0; +} + +/* + * Allow homedir accces + */ + +static HEIMDAL_MUTEX homedir_mutex = HEIMDAL_MUTEX_INITIALIZER; +static krb5_boolean allow_homedir = TRUE; + +krb5_boolean +_krb5_homedir_access(krb5_context context) +{ + krb5_boolean allow; + +#ifdef HAVE_GETEUID + /* is never allowed for root */ + if (geteuid() == 0) + return FALSE; +#endif + + if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0) + return FALSE; + + HEIMDAL_MUTEX_lock(&homedir_mutex); + allow = allow_homedir; + HEIMDAL_MUTEX_unlock(&homedir_mutex); + return allow; +} + +/** + * Enable and disable home directory access on either the global state + * or the krb5_context state. By calling krb5_set_home_dir_access() + * with context set to NULL, the global state is configured otherwise + * the state for the krb5_context is modified. + * + * For home directory access to be allowed, both the global state and + * the krb5_context state have to be allowed. + * + * Administrator (root user), never uses the home directory. + * + * @param context a Kerberos 5 context or NULL + * @param allow allow if TRUE home directory + * @return the old value + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_set_home_dir_access(krb5_context context, krb5_boolean allow) +{ + krb5_boolean old; + if (context) { + old = (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) ? TRUE : FALSE; + if (allow) + context->flags |= KRB5_CTX_F_HOMEDIR_ACCESS; + else + context->flags &= ~KRB5_CTX_F_HOMEDIR_ACCESS; + } else { + HEIMDAL_MUTEX_lock(&homedir_mutex); + old = allow_homedir; + allow_homedir = allow; + HEIMDAL_MUTEX_unlock(&homedir_mutex); + } + + return old; +} diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index b2af0187eac..fc371c63776 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -1,46 +1,40 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c 22050 2007-11-11 11:20:46Z lha $"); - #include "krb5-v4compat.h" -static krb5_error_code -check_ticket_flags(TicketFlags f) -{ - return 0; /* maybe add some more tests here? */ -} +#ifndef HEIMDAL_SMALLER /** * Convert the v5 credentials in in_cred to v4-dito in v4creds. This @@ -58,90 +52,16 @@ check_ticket_flags(TicketFlags f) * @ingroup krb5_v4compat */ -krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) + KRB5_DEPRECATED_FUNCTION("Use X instead") { - krb5_error_code ret; - krb5_data reply; - krb5_storage *sp; - int32_t tmp; - krb5_data ticket; - char realm[REALM_SZ]; - krb5_creds *v5_creds = in_cred; - - ret = check_ticket_flags(v5_creds->flags.b); - if(ret) - goto out2; - - { - krb5_krbhst_handle handle; - - ret = krb5_krbhst_init(context, - krb5_principal_get_realm(context, - v5_creds->server), - KRB5_KRBHST_KRB524, - &handle); - if (ret) - goto out2; - - ret = krb5_sendto (context, - &v5_creds->ticket, - handle, - &reply); - krb5_krbhst_free(context, handle); - if (ret) - goto out2; - } - sp = krb5_storage_from_mem(reply.data, reply.length); - if(sp == NULL) { - ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); - goto out2; - } - krb5_ret_int32(sp, &tmp); - ret = tmp; - if(ret == 0) { - memset(v4creds, 0, sizeof(*v4creds)); - ret = krb5_ret_int32(sp, &tmp); - if(ret) - goto out; - v4creds->kvno = tmp; - ret = krb5_ret_data(sp, &ticket); - if(ret) - goto out; - v4creds->ticket_st.length = ticket.length; - memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); - krb5_data_free(&ticket); - ret = krb5_524_conv_principal(context, - v5_creds->server, - v4creds->service, - v4creds->instance, - v4creds->realm); - if(ret) - goto out; - v4creds->issue_date = v5_creds->times.starttime; - v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, - v5_creds->times.endtime); - ret = krb5_524_conv_principal(context, v5_creds->client, - v4creds->pname, - v4creds->pinst, - realm); - if(ret) - goto out; - memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); - } else { - krb5_set_error_string(context, "converting credentials: %s", - krb5_get_err_text(context, ret)); - } -out: - krb5_storage_free(sp); - krb5_data_free(&reply); -out2: - if (v5_creds != in_cred) - krb5_free_creds (context, v5_creds); - return ret; + memset(v4creds, 0, sizeof(*v4creds)); + krb5_set_error_message(context, EINVAL, + N_("krb524_convert_creds_kdc not supported", "")); + return EINVAL; } /** @@ -159,46 +79,17 @@ out2: * @ingroup krb5_v4compat */ -krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc_ccache(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) + KRB5_DEPRECATED_FUNCTION("Use X instead") { - krb5_error_code ret; - krb5_creds *v5_creds = in_cred; - krb5_keytype keytype; - - keytype = v5_creds->session.keytype; - - if (keytype != ENCTYPE_DES_CBC_CRC) { - /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, - so go get one */ - krb5_creds template; - - memset (&template, 0, sizeof(template)); - template.session.keytype = ENCTYPE_DES_CBC_CRC; - ret = krb5_copy_principal (context, in_cred->client, &template.client); - if (ret) { - krb5_free_cred_contents (context, &template); - return ret; - } - ret = krb5_copy_principal (context, in_cred->server, &template.server); - if (ret) { - krb5_free_cred_contents (context, &template); - return ret; - } - - ret = krb5_get_credentials (context, 0, ccache, - &template, &v5_creds); - krb5_free_cred_contents (context, &template); - if (ret) - return ret; - } - - ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); - - if (v5_creds != in_cred) - krb5_free_creds (context, v5_creds); - return ret; + memset(v4creds, 0, sizeof(*v4creds)); + krb5_set_error_message(context, EINVAL, + N_("krb524_convert_creds_kdc_ccache not supported", "")); + return EINVAL; } + +#endif diff --git a/crypto/heimdal/lib/krb5/copy_host_realm.c b/crypto/heimdal/lib/krb5/copy_host_realm.c index 8c4f39b4ac4..73bc117f12a 100644 --- a/crypto/heimdal/lib/krb5/copy_host_realm.c +++ b/crypto/heimdal/lib/krb5/copy_host_realm.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c 22057 2007-11-11 15:13:13Z lha $"); - /** * Copy the list of realms from `from' to `to'. * @@ -48,29 +46,30 @@ RCSID("$Id: copy_host_realm.c 22057 2007-11-11 15:13:13Z lha $"); * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm(krb5_context context, const krb5_realm *from, krb5_realm **to) { - int n, i; + unsigned int n, i; const krb5_realm *p; - for (n = 0, p = from; *p != NULL; ++p) + for (n = 1, p = from; *p != NULL; ++p) ++n; - ++n; - *to = malloc (n * sizeof(**to)); + + *to = calloc (n, sizeof(**to)); if (*to == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - for (i = 0; i < n; ++i) - (*to)[i] = NULL; + for (i = 0, p = from; *p != NULL; ++p, ++i) { (*to)[i] = strdup(*p); if ((*to)[i] == NULL) { krb5_free_host_realm (context, *to); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } } diff --git a/crypto/heimdal/lib/krb5/crc.c b/crypto/heimdal/lib/krb5/crc.c index 072c29d6897..eab946541db 100644 --- a/crypto/heimdal/lib/krb5/crc.c +++ b/crypto/heimdal/lib/krb5/crc.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: crc.c 17442 2006-05-05 09:31:15Z lha $"); - static u_long table[256]; #define CRC_GEN 0xEDB88320L @@ -44,8 +42,8 @@ _krb5_crc_init_table(void) { static int flag = 0; unsigned long crc, poly; - int i, j; - + unsigned int i, j; + if(flag) return; poly = CRC_GEN; for (i = 0; i < 256; i++) { diff --git a/crypto/heimdal/lib/krb5/creds.c b/crypto/heimdal/lib/krb5/creds.c index 17ef46dfa3b..7ef8eb96095 100644 --- a/crypto/heimdal/lib/krb5/creds.c +++ b/crypto/heimdal/lib/krb5/creds.c @@ -1,50 +1,38 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: creds.c 22062 2007-11-11 15:41:50Z lha $"); - -#undef __attribute__ -#define __attribute__(X) - -/* keep this for compatibility with older code */ -krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated)) -krb5_free_creds_contents (krb5_context context, krb5_creds *c) -{ - return krb5_free_cred_contents (context, c); -} - /** * Free content of krb5_creds. * @@ -57,7 +45,7 @@ krb5_free_creds_contents (krb5_context context, krb5_creds *c) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents (krb5_context context, krb5_creds *c) { krb5_free_principal (context, c->client); @@ -86,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents (krb5_context context, const krb5_creds *incred, krb5_creds *c) @@ -143,7 +131,7 @@ fail: * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds (krb5_context context, const krb5_creds *incred, krb5_creds **outcred) @@ -152,7 +140,8 @@ krb5_copy_creds (krb5_context context, c = malloc (sizeof (*c)); if (c == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memset (c, 0, sizeof(*c)); @@ -172,7 +161,7 @@ krb5_copy_creds (krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds (krb5_context context, krb5_creds *c) { krb5_free_cred_contents (context, c); @@ -194,6 +183,18 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b) * Return TRUE if `mcreds' and `creds' are equal (`whichfields' * determines what equal means). * + * + * The following flags, set in whichfields affects the comparison: + * - KRB5_TC_MATCH_SRV_NAMEONLY Consider all realms equal when comparing the service principal. + * - KRB5_TC_MATCH_KEYTYPE Compare enctypes. + * - KRB5_TC_MATCH_FLAGS_EXACT Make sure that the ticket flags are identical. + * - KRB5_TC_MATCH_FLAGS Make sure that all ticket flags set in mcreds are also present in creds . + * - KRB5_TC_MATCH_TIMES_EXACT Compares the ticket times exactly. + * - KRB5_TC_MATCH_TIMES Compares only the expiration times of the creds. + * - KRB5_TC_MATCH_AUTHDATA Compares the authdata fields. + * - KRB5_TC_MATCH_2ND_TKT Compares the second tickets (used by user-to-user authentication). + * - KRB5_TC_MATCH_IS_SKEY Compares the existance of the second ticket. + * * @param context Kerberos 5 context. * @param whichfields which fields to compare. * @param mcreds cred to compare with. @@ -204,34 +205,32 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b) * @ingroup krb5 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds(krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds) { krb5_boolean match = TRUE; - + if (match && mcreds->server) { - if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) - match = krb5_principal_compare_any_realm (context, mcreds->server, + if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) + match = krb5_principal_compare_any_realm (context, mcreds->server, creds->server); else - match = krb5_principal_compare (context, mcreds->server, + match = krb5_principal_compare (context, mcreds->server, creds->server); } if (match && mcreds->client) { if(whichfields & KRB5_TC_DONT_MATCH_REALM) - match = krb5_principal_compare_any_realm (context, mcreds->client, + match = krb5_principal_compare_any_realm (context, mcreds->client, creds->client); else - match = krb5_principal_compare (context, mcreds->client, + match = krb5_principal_compare (context, mcreds->client, creds->client); } - + if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE)) - match = krb5_enctypes_compatible_keys(context, - mcreds->session.keytype, - creds->session.keytype); + match = mcreds->session.keytype == creds->session.keytype; if (match && (whichfields & KRB5_TC_MATCH_FLAGS_EXACT)) match = mcreds->flags.i == creds->flags.i; @@ -241,7 +240,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT)) match = krb5_times_equal(&mcreds->times, &creds->times); - + if (match && (whichfields & KRB5_TC_MATCH_TIMES)) /* compare only expiration times */ match = (mcreds->times.renew_till <= creds->times.renew_till) && @@ -253,7 +252,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, match = FALSE; else for(i = 0; match && i < mcreds->authdata.len; i++) - match = (mcreds->authdata.val[i].ad_type == + match = (mcreds->authdata.val[i].ad_type == creds->authdata.val[i].ad_type) && (krb5_data_cmp(&mcreds->authdata.val[i].ad_data, &creds->authdata.val[i].ad_data) == 0); @@ -262,8 +261,25 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0); if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY)) - match = ((mcreds->second_ticket.length == 0) == + match = ((mcreds->second_ticket.length == 0) == (creds->second_ticket.length == 0)); return match; } + +/** + * Returns the ticket flags for the credentials in creds. + * See also krb5_ticket_get_flags(). + * + * @param creds credential to get ticket flags from + * + * @return ticket flags + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL +krb5_creds_get_ticket_flags(krb5_creds *creds) +{ + return TicketFlags2int(creds->flags.b); +} diff --git a/crypto/heimdal/lib/krb5/crypto-aes.c b/crypto/heimdal/lib/krb5/crypto-aes.c new file mode 100644 index 00000000000..b97854206ce --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-aes.c @@ -0,0 +1,170 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +/* + * AES + */ + +static struct _krb5_key_type keytype_aes128 = { + ENCTYPE_AES128_CTS_HMAC_SHA1_96, + "aes-128", + 128, + 16, + sizeof(struct _krb5_evp_schedule), + NULL, + _krb5_evp_schedule, + _krb5_AES_salt, + NULL, + _krb5_evp_cleanup, + EVP_aes_128_cbc +}; + +static struct _krb5_key_type keytype_aes256 = { + ENCTYPE_AES256_CTS_HMAC_SHA1_96, + "aes-256", + 256, + 32, + sizeof(struct _krb5_evp_schedule), + NULL, + _krb5_evp_schedule, + _krb5_AES_salt, + NULL, + _krb5_evp_cleanup, + EVP_aes_256_cbc +}; + +struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = { + CKSUMTYPE_HMAC_SHA1_96_AES_128, + "hmac-sha1-96-aes128", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + _krb5_SP_HMAC_SHA1_checksum, + NULL +}; + +struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = { + CKSUMTYPE_HMAC_SHA1_96_AES_256, + "hmac-sha1-96-aes256", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + _krb5_SP_HMAC_SHA1_checksum, + NULL +}; + +static krb5_error_code +AES_PRF(krb5_context context, + krb5_crypto crypto, + const krb5_data *in, + krb5_data *out) +{ + struct _krb5_checksum_type *ct = crypto->et->checksum; + krb5_error_code ret; + Checksum result; + krb5_keyblock *derived; + + result.cksumtype = ct->type; + ret = krb5_data_alloc(&result.checksum, ct->checksumsize); + if (ret) { + krb5_set_error_message(context, ret, N_("malloc: out memory", "")); + return ret; + } + + ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + if (ret) { + krb5_data_free(&result.checksum); + return ret; + } + + if (result.checksum.length < crypto->et->blocksize) + krb5_abortx(context, "internal prf error"); + + derived = NULL; + ret = krb5_derive_key(context, crypto->key.key, + crypto->et->type, "prf", 3, &derived); + if (ret) + krb5_abortx(context, "krb5_derive_key"); + + ret = krb5_data_alloc(out, crypto->et->blocksize); + if (ret) + krb5_abortx(context, "malloc failed"); + + { + const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); + EVP_CIPHER_CTX ctx; + + EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ + EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); + EVP_Cipher(&ctx, out->data, result.checksum.data, + crypto->et->blocksize); + EVP_CIPHER_CTX_cleanup(&ctx); + } + + krb5_data_free(&result.checksum); + krb5_free_keyblock(context, derived); + + return ret; +} + +struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = { + ETYPE_AES128_CTS_HMAC_SHA1_96, + "aes128-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes128, + &_krb5_checksum_sha1, + &_krb5_checksum_hmac_sha1_aes128, + F_DERIVED, + _krb5_evp_encrypt_cts, + 16, + AES_PRF +}; + +struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = { + ETYPE_AES256_CTS_HMAC_SHA1_96, + "aes256-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes256, + &_krb5_checksum_sha1, + &_krb5_checksum_hmac_sha1_aes256, + F_DERIVED, + _krb5_evp_encrypt_cts, + 16, + AES_PRF +}; diff --git a/crypto/heimdal/lib/krb5/crypto-algs.c b/crypto/heimdal/lib/krb5/crypto-algs.c new file mode 100644 index 00000000000..ed31377bd07 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-algs.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifndef HEIMDAL_SMALLER +#define DES3_OLD_ENCTYPE 1 +#endif + +struct _krb5_checksum_type *_krb5_checksum_types[] = { + &_krb5_checksum_none, +#ifdef HEIM_WEAK_CRYPTO + &_krb5_checksum_crc32, + &_krb5_checksum_rsa_md4, + &_krb5_checksum_rsa_md4_des, + &_krb5_checksum_rsa_md5_des, +#endif +#ifdef DES3_OLD_ENCTYPE + &_krb5_checksum_rsa_md5_des3, +#endif + &_krb5_checksum_rsa_md5, + &_krb5_checksum_sha1, + &_krb5_checksum_hmac_sha1_des3, + &_krb5_checksum_hmac_sha1_aes128, + &_krb5_checksum_hmac_sha1_aes256, + &_krb5_checksum_hmac_md5 +}; + +int _krb5_num_checksums + = sizeof(_krb5_checksum_types) / sizeof(_krb5_checksum_types[0]); + +/* + * these should currently be in reverse preference order. + * (only relevant for !F_PSEUDO) */ + +struct _krb5_encryption_type *_krb5_etypes[] = { + &_krb5_enctype_aes256_cts_hmac_sha1, + &_krb5_enctype_aes128_cts_hmac_sha1, + &_krb5_enctype_des3_cbc_sha1, + &_krb5_enctype_des3_cbc_none, /* used by the gss-api mech */ + &_krb5_enctype_arcfour_hmac_md5, +#ifdef DES3_OLD_ENCTYPE + &_krb5_enctype_des3_cbc_md5, + &_krb5_enctype_old_des3_cbc_sha1, +#endif +#ifdef HEIM_WEAK_CRYPTO + &_krb5_enctype_des_cbc_md5, + &_krb5_enctype_des_cbc_md4, + &_krb5_enctype_des_cbc_crc, + &_krb5_enctype_des_cbc_none, + &_krb5_enctype_des_cfb64_none, + &_krb5_enctype_des_pcbc_none, +#endif + &_krb5_enctype_null +}; + +int _krb5_num_etypes = sizeof(_krb5_etypes) / sizeof(_krb5_etypes[0]); diff --git a/crypto/heimdal/lib/krb5/crypto-arcfour.c b/crypto/heimdal/lib/krb5/crypto-arcfour.c new file mode 100644 index 00000000000..1b369d2fda1 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-arcfour.c @@ -0,0 +1,325 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * ARCFOUR + */ + +#include "krb5_locl.h" + +static struct _krb5_key_type keytype_arcfour = { + ENCTYPE_ARCFOUR_HMAC_MD5, + "arcfour", + 128, + 16, + sizeof(struct _krb5_evp_schedule), + NULL, + _krb5_evp_schedule, + _krb5_arcfour_salt, + NULL, + _krb5_evp_cleanup, + EVP_rc4 +}; + +/* + * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt + */ + +krb5_error_code +_krb5_HMAC_MD5_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) +{ + EVP_MD_CTX *m; + struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); + const char signature[] = "signaturekey"; + Checksum ksign_c; + struct _krb5_key_data ksign; + krb5_keyblock kb; + unsigned char t[4]; + unsigned char tmp[16]; + unsigned char ksign_c_data[16]; + krb5_error_code ret; + + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + ksign_c.checksum.length = sizeof(ksign_c_data); + ksign_c.checksum.data = ksign_c_data; + ret = _krb5_internal_hmac(context, c, signature, sizeof(signature), + 0, key, &ksign_c); + if (ret) { + EVP_MD_CTX_destroy(m); + return ret; + } + ksign.key = &kb; + kb.keyvalue = ksign_c.checksum; + EVP_DigestInit_ex(m, EVP_md5(), NULL); + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + EVP_DigestUpdate(m, t, 4); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, tmp, NULL); + EVP_MD_CTX_destroy(m); + + ret = _krb5_internal_hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); + if (ret) + return ret; + return 0; +} + +struct _krb5_checksum_type _krb5_checksum_hmac_md5 = { + CKSUMTYPE_HMAC_MD5, + "hmac-md5", + 64, + 16, + F_KEYED | F_CPROOF, + _krb5_HMAC_MD5_checksum, + NULL +}; + +/* + * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 + * + * warning: not for small children + */ + +static krb5_error_code +ARCFOUR_subencrypt(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + unsigned usage, + void *ivec) +{ + EVP_CIPHER_CTX ctx; + struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); + Checksum k1_c, k2_c, k3_c, cksum; + struct _krb5_key_data ke; + krb5_keyblock kb; + unsigned char t[4]; + unsigned char *cdata = data; + unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; + krb5_error_code ret; + + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + + k1_c.checksum.length = sizeof(k1_c_data); + k1_c.checksum.data = k1_c_data; + + ret = _krb5_internal_hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); + + k2_c.checksum.length = sizeof(k2_c_data); + k2_c.checksum.data = k2_c_data; + + ke.key = &kb; + kb.keyvalue = k2_c.checksum; + + cksum.checksum.length = 16; + cksum.checksum.data = data; + + ret = _krb5_internal_hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + if (ret) + krb5_abortx(context, "hmac failed"); + + ke.key = &kb; + kb.keyvalue = k1_c.checksum; + + k3_c.checksum.length = sizeof(k3_c_data); + k3_c.checksum.data = k3_c_data; + + ret = _krb5_internal_hmac(NULL, c, data, 16, 0, &ke, &k3_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + EVP_CIPHER_CTX_init(&ctx); + + EVP_CipherInit_ex(&ctx, EVP_rc4(), NULL, k3_c.checksum.data, NULL, 1); + EVP_Cipher(&ctx, cdata + 16, cdata + 16, len - 16); + EVP_CIPHER_CTX_cleanup(&ctx); + + memset (k1_c_data, 0, sizeof(k1_c_data)); + memset (k2_c_data, 0, sizeof(k2_c_data)); + memset (k3_c_data, 0, sizeof(k3_c_data)); + return 0; +} + +static krb5_error_code +ARCFOUR_subdecrypt(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + unsigned usage, + void *ivec) +{ + EVP_CIPHER_CTX ctx; + struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5); + Checksum k1_c, k2_c, k3_c, cksum; + struct _krb5_key_data ke; + krb5_keyblock kb; + unsigned char t[4]; + unsigned char *cdata = data; + unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; + unsigned char cksum_data[16]; + krb5_error_code ret; + + t[0] = (usage >> 0) & 0xFF; + t[1] = (usage >> 8) & 0xFF; + t[2] = (usage >> 16) & 0xFF; + t[3] = (usage >> 24) & 0xFF; + + k1_c.checksum.length = sizeof(k1_c_data); + k1_c.checksum.data = k1_c_data; + + ret = _krb5_internal_hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); + + k2_c.checksum.length = sizeof(k2_c_data); + k2_c.checksum.data = k2_c_data; + + ke.key = &kb; + kb.keyvalue = k1_c.checksum; + + k3_c.checksum.length = sizeof(k3_c_data); + k3_c.checksum.data = k3_c_data; + + ret = _krb5_internal_hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); + if (ret) + krb5_abortx(context, "hmac failed"); + + EVP_CIPHER_CTX_init(&ctx); + EVP_CipherInit_ex(&ctx, EVP_rc4(), NULL, k3_c.checksum.data, NULL, 0); + EVP_Cipher(&ctx, cdata + 16, cdata + 16, len - 16); + EVP_CIPHER_CTX_cleanup(&ctx); + + ke.key = &kb; + kb.keyvalue = k2_c.checksum; + + cksum.checksum.length = 16; + cksum.checksum.data = cksum_data; + + ret = _krb5_internal_hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + if (ret) + krb5_abortx(context, "hmac failed"); + + memset (k1_c_data, 0, sizeof(k1_c_data)); + memset (k2_c_data, 0, sizeof(k2_c_data)); + memset (k3_c_data, 0, sizeof(k3_c_data)); + + if (ct_memcmp (cksum.checksum.data, data, 16) != 0) { + krb5_clear_error_message (context); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + } else { + return 0; + } +} + +/* + * convert the usage numbers used in + * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in + * draft-brezak-win2k-krb-rc4-hmac-04.txt + */ + +krb5_error_code +_krb5_usage2arcfour(krb5_context context, unsigned *usage) +{ + switch (*usage) { + case KRB5_KU_AS_REP_ENC_PART : /* 3 */ + *usage = 8; + return 0; + case KRB5_KU_USAGE_SEAL : /* 22 */ + *usage = 13; + return 0; + case KRB5_KU_USAGE_SIGN : /* 23 */ + *usage = 15; + return 0; + case KRB5_KU_USAGE_SEQ: /* 24 */ + *usage = 0; + return 0; + default : + return 0; + } +} + +static krb5_error_code +ARCFOUR_encrypt(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + krb5_error_code ret; + unsigned keyusage = usage; + + if((ret = _krb5_usage2arcfour (context, &keyusage)) != 0) + return ret; + + if (encryptp) + return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec); + else + return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec); +} + +struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5 = { + ETYPE_ARCFOUR_HMAC_MD5, + "arcfour-hmac-md5", + 1, + 1, + 8, + &keytype_arcfour, + &_krb5_checksum_hmac_md5, + NULL, + F_SPECIAL, + ARCFOUR_encrypt, + 0, + NULL +}; diff --git a/crypto/heimdal/lib/krb5/crypto-des-common.c b/crypto/heimdal/lib/krb5/crypto-des-common.c new file mode 100644 index 00000000000..f8313952dc7 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-des-common.c @@ -0,0 +1,152 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Functions which are used by both single and triple DES enctypes */ + +#include "krb5_locl.h" + +/* + * A = A xor B. A & B are 8 bytes. + */ + +void +_krb5_xor (DES_cblock *key, const unsigned char *b) +{ + unsigned char *a = (unsigned char*)key; + a[0] ^= b[0]; + a[1] ^= b[1]; + a[2] ^= b[2]; + a[3] ^= b[3]; + a[4] ^= b[4]; + a[5] ^= b[5]; + a[6] ^= b[6]; + a[7] ^= b[7]; +} + +#if defined(DES3_OLD_ENCTYPE) || defined(HEIM_WEAK_CRYPTO) +krb5_error_code +_krb5_des_checksum(krb5_context context, + const EVP_MD *evp_md, + struct _krb5_key_data *key, + const void *data, + size_t len, + Checksum *cksum) +{ + struct _krb5_evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; + DES_cblock ivec; + unsigned char *p = cksum->checksum.data; + + krb5_generate_random_block(p, 8); + + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, p, 8); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, p + 8, NULL); + EVP_MD_CTX_destroy(m); + memset (&ivec, 0, sizeof(ivec)); + EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->ectx, p, p, 24); + + return 0; +} + +krb5_error_code +_krb5_des_verify(krb5_context context, + const EVP_MD *evp_md, + struct _krb5_key_data *key, + const void *data, + size_t len, + Checksum *C) +{ + struct _krb5_evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; + unsigned char tmp[24]; + unsigned char res[16]; + DES_cblock ivec; + krb5_error_code ret = 0; + + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + memset(&ivec, 0, sizeof(ivec)); + EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, tmp, 8); /* confounder */ + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, res, NULL); + EVP_MD_CTX_destroy(m); + if(ct_memcmp(res, tmp + 8, sizeof(res)) != 0) { + krb5_clear_error_message (context); + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } + memset(tmp, 0, sizeof(tmp)); + memset(res, 0, sizeof(res)); + return ret; +} + +#endif + +static krb5_error_code +RSA_MD5_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1) + krb5_abortx(context, "md5 checksum failed"); + return 0; +} + +struct _krb5_checksum_type _krb5_checksum_rsa_md5 = { + CKSUMTYPE_RSA_MD5, + "rsa-md5", + 64, + 16, + F_CPROOF, + RSA_MD5_checksum, + NULL +}; diff --git a/crypto/heimdal/lib/krb5/crypto-des.c b/crypto/heimdal/lib/krb5/crypto-des.c new file mode 100644 index 00000000000..f6f1c6881c9 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-des.c @@ -0,0 +1,377 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifdef HEIM_WEAK_CRYPTO + + +static void +krb5_DES_random_key(krb5_context context, + krb5_keyblock *key) +{ + DES_cblock *k = key->keyvalue.data; + do { + krb5_generate_random_block(k, sizeof(DES_cblock)); + DES_set_odd_parity(k); + } while(DES_is_weak_key(k)); +} + +static void +krb5_DES_schedule_old(krb5_context context, + struct _krb5_key_type *kt, + struct _krb5_key_data *key) +{ + DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); +} + +static void +krb5_DES_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + DES_cblock *k = key->keyvalue.data; + memcpy(k, data, key->keyvalue.length); + DES_set_odd_parity(k); + if(DES_is_weak_key(k)) + _krb5_xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); +} + +static struct _krb5_key_type keytype_des_old = { + ETYPE_DES_CBC_CRC, + "des-old", + 56, + 8, + sizeof(DES_key_schedule), + krb5_DES_random_key, + krb5_DES_schedule_old, + _krb5_des_salt, + krb5_DES_random_to_key, + NULL, + NULL +}; + +static struct _krb5_key_type keytype_des = { + ETYPE_DES_CBC_CRC, + "des", + 56, + 8, + sizeof(struct _krb5_evp_schedule), + krb5_DES_random_key, + _krb5_evp_schedule, + _krb5_des_salt, + krb5_DES_random_to_key, + _krb5_evp_cleanup, + EVP_des_cbc +}; + +static krb5_error_code +CRC32_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + uint32_t crc; + unsigned char *r = C->checksum.data; + _krb5_crc_init_table (); + crc = _krb5_crc_update (data, len, 0); + r[0] = crc & 0xff; + r[1] = (crc >> 8) & 0xff; + r[2] = (crc >> 16) & 0xff; + r[3] = (crc >> 24) & 0xff; + return 0; +} + +static krb5_error_code +RSA_MD4_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1) + krb5_abortx(context, "md4 checksum failed"); + return 0; +} + +static krb5_error_code +RSA_MD4_DES_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *cksum) +{ + return _krb5_des_checksum(context, EVP_md4(), key, data, len, cksum); +} + +static krb5_error_code +RSA_MD4_DES_verify(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return _krb5_des_verify(context, EVP_md4(), key, data, len, C); +} + +static krb5_error_code +RSA_MD5_DES_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return _krb5_des_checksum(context, EVP_md5(), key, data, len, C); +} + +static krb5_error_code +RSA_MD5_DES_verify(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return _krb5_des_verify(context, EVP_md5(), key, data, len, C); +} + +struct _krb5_checksum_type _krb5_checksum_crc32 = { + CKSUMTYPE_CRC32, + "crc32", + 1, + 4, + 0, + CRC32_checksum, + NULL +}; + +struct _krb5_checksum_type _krb5_checksum_rsa_md4 = { + CKSUMTYPE_RSA_MD4, + "rsa-md4", + 64, + 16, + F_CPROOF, + RSA_MD4_checksum, + NULL +}; + +struct _krb5_checksum_type _krb5_checksum_rsa_md4_des = { + CKSUMTYPE_RSA_MD4_DES, + "rsa-md4-des", + 64, + 24, + F_KEYED | F_CPROOF | F_VARIANT, + RSA_MD4_DES_checksum, + RSA_MD4_DES_verify +}; + +struct _krb5_checksum_type _krb5_checksum_rsa_md5_des = { + CKSUMTYPE_RSA_MD5_DES, + "rsa-md5-des", + 64, + 24, + F_KEYED | F_CPROOF | F_VARIANT, + RSA_MD5_DES_checksum, + RSA_MD5_DES_verify +}; + +static krb5_error_code +evp_des_encrypt_null_ivec(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + struct _krb5_evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; + DES_cblock ivec; + memset(&ivec, 0, sizeof(ivec)); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; +} + +static krb5_error_code +evp_des_encrypt_key_ivec(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + struct _krb5_evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; + DES_cblock ivec; + memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; +} + +static krb5_error_code +DES_CFB64_encrypt_null_ivec(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + DES_cblock ivec; + int num = 0; + DES_key_schedule *s = key->schedule->data; + memset(&ivec, 0, sizeof(ivec)); + + DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp); + return 0; +} + +static krb5_error_code +DES_PCBC_encrypt_key_ivec(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ignore_ivec) +{ + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; + memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); + + DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); + return 0; +} + +struct _krb5_encryption_type _krb5_enctype_des_cbc_crc = { + ETYPE_DES_CBC_CRC, + "des-cbc-crc", + 8, + 8, + 8, + &keytype_des, + &_krb5_checksum_crc32, + NULL, + F_DISABLED|F_WEAK, + evp_des_encrypt_key_ivec, + 0, + NULL +}; + +struct _krb5_encryption_type _krb5_enctype_des_cbc_md4 = { + ETYPE_DES_CBC_MD4, + "des-cbc-md4", + 8, + 8, + 8, + &keytype_des, + &_krb5_checksum_rsa_md4, + &_krb5_checksum_rsa_md4_des, + F_DISABLED|F_WEAK, + evp_des_encrypt_null_ivec, + 0, + NULL +}; + +struct _krb5_encryption_type _krb5_enctype_des_cbc_md5 = { + ETYPE_DES_CBC_MD5, + "des-cbc-md5", + 8, + 8, + 8, + &keytype_des, + &_krb5_checksum_rsa_md5, + &_krb5_checksum_rsa_md5_des, + F_DISABLED|F_WEAK, + evp_des_encrypt_null_ivec, + 0, + NULL +}; + +struct _krb5_encryption_type _krb5_enctype_des_cbc_none = { + ETYPE_DES_CBC_NONE, + "des-cbc-none", + 8, + 8, + 0, + &keytype_des, + &_krb5_checksum_none, + NULL, + F_PSEUDO|F_DISABLED|F_WEAK, + evp_des_encrypt_null_ivec, + 0, + NULL +}; + +struct _krb5_encryption_type _krb5_enctype_des_cfb64_none = { + ETYPE_DES_CFB64_NONE, + "des-cfb64-none", + 1, + 1, + 0, + &keytype_des_old, + &_krb5_checksum_none, + NULL, + F_PSEUDO|F_DISABLED|F_WEAK, + DES_CFB64_encrypt_null_ivec, + 0, + NULL +}; + +struct _krb5_encryption_type _krb5_enctype_des_pcbc_none = { + ETYPE_DES_PCBC_NONE, + "des-pcbc-none", + 8, + 8, + 0, + &keytype_des_old, + &_krb5_checksum_none, + NULL, + F_PSEUDO|F_DISABLED|F_WEAK, + DES_PCBC_encrypt_key_ivec, + 0, + NULL +}; +#endif /* HEIM_WEAK_CRYPTO */ diff --git a/crypto/heimdal/lib/krb5/crypto-des3.c b/crypto/heimdal/lib/krb5/crypto-des3.c new file mode 100644 index 00000000000..43806038b71 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-des3.c @@ -0,0 +1,226 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +/* + * + */ + +static void +DES3_random_key(krb5_context context, + krb5_keyblock *key) +{ + DES_cblock *k = key->keyvalue.data; + do { + krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); + DES_set_odd_parity(&k[0]); + DES_set_odd_parity(&k[1]); + DES_set_odd_parity(&k[2]); + } while(DES_is_weak_key(&k[0]) || + DES_is_weak_key(&k[1]) || + DES_is_weak_key(&k[2])); +} + + +#ifdef DES3_OLD_ENCTYPE +static struct _krb5_key_type keytype_des3 = { + ETYPE_OLD_DES3_CBC_SHA1, + "des3", + 168, + 24, + sizeof(struct _krb5_evp_schedule), + DES3_random_key, + _krb5_evp_schedule, + _krb5_des3_salt, + _krb5_DES3_random_to_key, + _krb5_evp_cleanup, + EVP_des_ede3_cbc +}; +#endif + +static struct _krb5_key_type keytype_des3_derived = { + ETYPE_OLD_DES3_CBC_SHA1, + "des3", + 168, + 24, + sizeof(struct _krb5_evp_schedule), + DES3_random_key, + _krb5_evp_schedule, + _krb5_des3_salt_derived, + _krb5_DES3_random_to_key, + _krb5_evp_cleanup, + EVP_des_ede3_cbc +}; + +#ifdef DES3_OLD_ENCTYPE +static krb5_error_code +RSA_MD5_DES3_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return _krb5_des_checksum(context, EVP_md5(), key, data, len, C); +} + +static krb5_error_code +RSA_MD5_DES3_verify(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return _krb5_des_verify(context, EVP_md5(), key, data, len, C); +} + +struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = { + CKSUMTYPE_RSA_MD5_DES3, + "rsa-md5-des3", + 64, + 24, + F_KEYED | F_CPROOF | F_VARIANT, + RSA_MD5_DES3_checksum, + RSA_MD5_DES3_verify +}; +#endif + +struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = { + CKSUMTYPE_HMAC_SHA1_DES3, + "hmac-sha1-des3", + 64, + 20, + F_KEYED | F_CPROOF | F_DERIVED, + _krb5_SP_HMAC_SHA1_checksum, + NULL +}; + +#ifdef DES3_OLD_ENCTYPE +struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = { + ETYPE_DES3_CBC_MD5, + "des3-cbc-md5", + 8, + 8, + 8, + &keytype_des3, + &_krb5_checksum_rsa_md5, + &_krb5_checksum_rsa_md5_des3, + 0, + _krb5_evp_encrypt, + 0, + NULL +}; +#endif + +struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = { + ETYPE_DES3_CBC_SHA1, + "des3-cbc-sha1", + 8, + 8, + 8, + &keytype_des3_derived, + &_krb5_checksum_sha1, + &_krb5_checksum_hmac_sha1_des3, + F_DERIVED, + _krb5_evp_encrypt, + 0, + NULL +}; + +#ifdef DES3_OLD_ENCTYPE +struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = { + ETYPE_OLD_DES3_CBC_SHA1, + "old-des3-cbc-sha1", + 8, + 8, + 8, + &keytype_des3, + &_krb5_checksum_sha1, + &_krb5_checksum_hmac_sha1_des3, + 0, + _krb5_evp_encrypt, + 0, + NULL +}; +#endif + +struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = { + ETYPE_DES3_CBC_NONE, + "des3-cbc-none", + 8, + 8, + 0, + &keytype_des3_derived, + &_krb5_checksum_none, + NULL, + F_PSEUDO, + _krb5_evp_encrypt, + 0, + NULL +}; + +void +_krb5_DES3_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + unsigned char *x = key->keyvalue.data; + const u_char *q = data; + DES_cblock *k; + int i, j; + + memset(key->keyvalue.data, 0, key->keyvalue.length); + for (i = 0; i < 3; ++i) { + unsigned char foo; + for (j = 0; j < 7; ++j) { + unsigned char b = q[7 * i + j]; + + x[8 * i + j] = b; + } + foo = 0; + for (j = 6; j >= 0; --j) { + foo |= q[7 * i + j] & 1; + foo <<= 1; + } + x[8 * i + 7] = foo; + } + k = key->keyvalue.data; + for (i = 0; i < 3; i++) { + DES_set_odd_parity(&k[i]); + if(DES_is_weak_key(&k[i])) + _krb5_xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + } +} diff --git a/crypto/heimdal/lib/krb5/crypto-evp.c b/crypto/heimdal/lib/krb5/crypto-evp.c new file mode 100644 index 00000000000..e8fb1caf6ae --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-evp.c @@ -0,0 +1,182 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +void +_krb5_evp_schedule(krb5_context context, + struct _krb5_key_type *kt, + struct _krb5_key_data *kd) +{ + struct _krb5_evp_schedule *key = kd->schedule->data; + const EVP_CIPHER *c = (*kt->evp)(); + + EVP_CIPHER_CTX_init(&key->ectx); + EVP_CIPHER_CTX_init(&key->dctx); + + EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1); + EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0); +} + +void +_krb5_evp_cleanup(krb5_context context, struct _krb5_key_data *kd) +{ + struct _krb5_evp_schedule *key = kd->schedule->data; + EVP_CIPHER_CTX_cleanup(&key->ectx); + EVP_CIPHER_CTX_cleanup(&key->dctx); +} + +krb5_error_code +_krb5_evp_encrypt(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + struct _krb5_evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; + c = encryptp ? &ctx->ectx : &ctx->dctx; + if (ivec == NULL) { + /* alloca ? */ + size_t len2 = EVP_CIPHER_CTX_iv_length(c); + void *loiv = malloc(len2); + if (loiv == NULL) { + krb5_clear_error_message(context); + return ENOMEM; + } + memset(loiv, 0, len2); + EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); + free(loiv); + } else + EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; +} + +static const unsigned char zero_ivec[EVP_MAX_BLOCK_LENGTH] = { 0 }; + +krb5_error_code +_krb5_evp_encrypt_cts(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + size_t i, blocksize; + struct _krb5_evp_schedule *ctx = key->schedule->data; + unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH]; + EVP_CIPHER_CTX *c; + unsigned char *p; + + c = encryptp ? &ctx->ectx : &ctx->dctx; + + blocksize = EVP_CIPHER_CTX_block_size(c); + + if (len < blocksize) { + krb5_set_error_message(context, EINVAL, + "message block too short"); + return EINVAL; + } else if (len == blocksize) { + EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; + } + + if (ivec) + EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); + else + EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1); + + if (encryptp) { + + p = data; + i = ((len - 1) / blocksize) * blocksize; + EVP_Cipher(c, p, p, i); + p += i - blocksize; + len -= i; + memcpy(ivec2, p, blocksize); + + for (i = 0; i < len; i++) + tmp[i] = p[i + blocksize] ^ ivec2[i]; + for (; i < blocksize; i++) + tmp[i] = 0 ^ ivec2[i]; + + EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1); + EVP_Cipher(c, p, tmp, blocksize); + + memcpy(p + blocksize, ivec2, len); + if (ivec) + memcpy(ivec, p, blocksize); + } else { + unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH]; + + p = data; + if (len > blocksize * 2) { + /* remove last two blocks and round up, decrypt this with cbc, then do cts dance */ + i = ((((len - blocksize * 2) + blocksize - 1) / blocksize) * blocksize); + memcpy(ivec2, p + i - blocksize, blocksize); + EVP_Cipher(c, p, p, i); + p += i; + len -= i + blocksize; + } else { + if (ivec) + memcpy(ivec2, ivec, blocksize); + else + memcpy(ivec2, zero_ivec, blocksize); + len -= blocksize; + } + + memcpy(tmp, p, blocksize); + EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1); + EVP_Cipher(c, tmp2, p, blocksize); + + memcpy(tmp3, p + blocksize, len); + memcpy(tmp3 + len, tmp2 + len, blocksize - len); /* xor 0 */ + + for (i = 0; i < len; i++) + p[i + blocksize] = tmp2[i] ^ tmp3[i]; + + EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1); + EVP_Cipher(c, p, tmp3, blocksize); + + for (i = 0; i < blocksize; i++) + p[i] ^= ivec2[i]; + if (ivec) + memcpy(ivec, tmp, blocksize); + } + return 0; +} diff --git a/crypto/heimdal/lib/krb5/crypto-null.c b/crypto/heimdal/lib/krb5/crypto-null.c new file mode 100644 index 00000000000..3b643123f52 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-null.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifndef HEIMDAL_SMALLER +#define DES3_OLD_ENCTYPE 1 +#endif + +static struct _krb5_key_type keytype_null = { + ENCTYPE_NULL, + "null", + 0, + 0, + 0, + NULL, + NULL, + NULL +}; + +static krb5_error_code +NONE_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return 0; +} + +struct _krb5_checksum_type _krb5_checksum_none = { + CKSUMTYPE_NONE, + "none", + 1, + 0, + 0, + NONE_checksum, + NULL +}; + +static krb5_error_code +NULL_encrypt(krb5_context context, + struct _krb5_key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + return 0; +} + +struct _krb5_encryption_type _krb5_enctype_null = { + ETYPE_NULL, + "null", + 1, + 1, + 0, + &keytype_null, + &_krb5_checksum_none, + NULL, + F_DISABLED, + NULL_encrypt, + 0, + NULL +}; diff --git a/crypto/heimdal/lib/krb5/crypto-pk.c b/crypto/heimdal/lib/krb5/crypto-pk.c new file mode 100644 index 00000000000..7fedb65c9ed --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-pk.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#include + +krb5_error_code +_krb5_pk_octetstring2key(krb5_context context, + krb5_enctype type, + const void *dhdata, + size_t dhsize, + const heim_octet_string *c_n, + const heim_octet_string *k_n, + krb5_keyblock *key) +{ + struct _krb5_encryption_type *et = _krb5_find_enctype(type); + krb5_error_code ret; + size_t keylen, offset; + void *keydata; + unsigned char counter; + unsigned char shaoutput[SHA_DIGEST_LENGTH]; + EVP_MD_CTX *m; + + if(et == NULL) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + keylen = (et->keytype->bits + 7) / 8; + + keydata = malloc(keylen); + if (keydata == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + m = EVP_MD_CTX_create(); + if (m == NULL) { + free(keydata); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + counter = 0; + offset = 0; + do { + + EVP_DigestInit_ex(m, EVP_sha1(), NULL); + EVP_DigestUpdate(m, &counter, 1); + EVP_DigestUpdate(m, dhdata, dhsize); + + if (c_n) + EVP_DigestUpdate(m, c_n->data, c_n->length); + if (k_n) + EVP_DigestUpdate(m, k_n->data, k_n->length); + + EVP_DigestFinal_ex(m, shaoutput, NULL); + + memcpy((unsigned char *)keydata + offset, + shaoutput, + min(keylen - offset, sizeof(shaoutput))); + + offset += sizeof(shaoutput); + counter++; + } while(offset < keylen); + memset(shaoutput, 0, sizeof(shaoutput)); + + EVP_MD_CTX_destroy(m); + + ret = krb5_random_to_key(context, type, keydata, keylen, key); + memset(keydata, 0, sizeof(keylen)); + free(keydata); + return ret; +} + +static krb5_error_code +encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data) +{ + KRB5PrincipalName pn; + krb5_error_code ret; + size_t size = 0; + + pn.principalName = p->name; + pn.realm = p->realm; + + ASN1_MALLOC_ENCODE(KRB5PrincipalName, data->data, data->length, + &pn, &size, ret); + if (ret) { + krb5_data_zero(data); + krb5_set_error_message(context, ret, + N_("Failed to encode KRB5PrincipalName", "")); + return ret; + } + if (data->length != size) + krb5_abortx(context, "asn1 compiler internal error"); + return 0; +} + +static krb5_error_code +encode_otherinfo(krb5_context context, + const AlgorithmIdentifier *ai, + krb5_const_principal client, + krb5_const_principal server, + krb5_enctype enctype, + const krb5_data *as_req, + const krb5_data *pk_as_rep, + const Ticket *ticket, + krb5_data *other) +{ + PkinitSP80056AOtherInfo otherinfo; + PkinitSuppPubInfo pubinfo; + krb5_error_code ret; + krb5_data pub; + size_t size = 0; + + krb5_data_zero(other); + memset(&otherinfo, 0, sizeof(otherinfo)); + memset(&pubinfo, 0, sizeof(pubinfo)); + + pubinfo.enctype = enctype; + pubinfo.as_REQ = *as_req; + pubinfo.pk_as_rep = *pk_as_rep; + pubinfo.ticket = *ticket; + ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length, + &pubinfo, &size, ret); + if (ret) { + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + return ret; + } + if (pub.length != size) + krb5_abortx(context, "asn1 compiler internal error"); + + ret = encode_uvinfo(context, client, &otherinfo.partyUInfo); + if (ret) { + free(pub.data); + return ret; + } + ret = encode_uvinfo(context, server, &otherinfo.partyVInfo); + if (ret) { + free(otherinfo.partyUInfo.data); + free(pub.data); + return ret; + } + + otherinfo.algorithmID = *ai; + otherinfo.suppPubInfo = &pub; + + ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length, + &otherinfo, &size, ret); + free(otherinfo.partyUInfo.data); + free(otherinfo.partyVInfo.data); + free(pub.data); + if (ret) { + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + return ret; + } + if (other->length != size) + krb5_abortx(context, "asn1 compiler internal error"); + + return 0; +} + + + +krb5_error_code +_krb5_pk_kdf(krb5_context context, + const struct AlgorithmIdentifier *ai, + const void *dhdata, + size_t dhsize, + krb5_const_principal client, + krb5_const_principal server, + krb5_enctype enctype, + const krb5_data *as_req, + const krb5_data *pk_as_rep, + const Ticket *ticket, + krb5_keyblock *key) +{ + struct _krb5_encryption_type *et; + krb5_error_code ret; + krb5_data other; + size_t keylen, offset; + uint32_t counter; + unsigned char *keydata; + unsigned char shaoutput[SHA512_DIGEST_LENGTH]; + const EVP_MD *md; + EVP_MD_CTX *m; + + if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha1, &ai->algorithm) == 0) { + md = EVP_sha1(); + } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha256, &ai->algorithm) == 0) { + md = EVP_sha256(); + } else if (der_heim_oid_cmp(&asn1_oid_id_pkinit_kdf_ah_sha512, &ai->algorithm) == 0) { + md = EVP_sha512(); + } else { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("KDF not supported", "")); + return KRB5_PROG_ETYPE_NOSUPP; + } + if (ai->parameters != NULL && + (ai->parameters->length != 2 || + memcmp(ai->parameters->data, "\x05\x00", 2) != 0)) + { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("kdf params not NULL or the NULL-type", + "")); + return KRB5_PROG_ETYPE_NOSUPP; + } + + et = _krb5_find_enctype(enctype); + if(et == NULL) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + keylen = (et->keytype->bits + 7) / 8; + + keydata = malloc(keylen); + if (keydata == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + ret = encode_otherinfo(context, ai, client, server, + enctype, as_req, pk_as_rep, ticket, &other); + if (ret) { + free(keydata); + return ret; + } + + m = EVP_MD_CTX_create(); + if (m == NULL) { + free(keydata); + free(other.data); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + offset = 0; + counter = 1; + do { + unsigned char cdata[4]; + + EVP_DigestInit_ex(m, md, NULL); + _krb5_put_int(cdata, counter, 4); + EVP_DigestUpdate(m, cdata, 4); + EVP_DigestUpdate(m, dhdata, dhsize); + EVP_DigestUpdate(m, other.data, other.length); + + EVP_DigestFinal_ex(m, shaoutput, NULL); + + memcpy((unsigned char *)keydata + offset, + shaoutput, + min(keylen - offset, EVP_MD_CTX_size(m))); + + offset += EVP_MD_CTX_size(m); + counter++; + } while(offset < keylen); + memset(shaoutput, 0, sizeof(shaoutput)); + + EVP_MD_CTX_destroy(m); + free(other.data); + + ret = krb5_random_to_key(context, enctype, keydata, keylen, key); + memset(keydata, 0, sizeof(keylen)); + free(keydata); + + return ret; +} diff --git a/crypto/heimdal/lib/krb5/crypto-rand.c b/crypto/heimdal/lib/krb5/crypto-rand.c new file mode 100644 index 00000000000..49bd6793625 --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-rand.c @@ -0,0 +1,109 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#define ENTROPY_NEEDED 128 + +static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; + +static int +seed_something(void) +{ + char buf[1024], seedfile[256]; + + /* If there is a seed file, load it. But such a file cannot be trusted, + so use 0 for the entropy estimate */ + if (RAND_file_name(seedfile, sizeof(seedfile))) { + int fd; + fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC); + if (fd >= 0) { + ssize_t ret; + rk_cloexec(fd); + ret = read(fd, buf, sizeof(buf)); + if (ret > 0) + RAND_add(buf, ret, 0.0); + close(fd); + } else + seedfile[0] = '\0'; + } else + seedfile[0] = '\0'; + + /* Calling RAND_status() will try to use /dev/urandom if it exists so + we do not have to deal with it. */ + if (RAND_status() != 1) { +#ifndef _WIN32 + krb5_context context; + const char *p; + + /* Try using egd */ + if (!krb5_init_context(&context)) { + p = krb5_config_get_string(context, NULL, "libdefaults", + "egd_socket", NULL); + if (p != NULL) + RAND_egd_bytes(p, ENTROPY_NEEDED); + krb5_free_context(context); + } +#else + /* TODO: Once a Windows CryptoAPI RAND method is defined, we + can use that and failover to another method. */ +#endif + } + + if (RAND_status() == 1) { + /* Update the seed file */ + if (seedfile[0]) + RAND_write_file(seedfile); + + return 0; + } else + return -1; +} + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_generate_random_block(void *buf, size_t len) +{ + static int rng_initialized = 0; + + HEIMDAL_MUTEX_lock(&crypto_mutex); + if (!rng_initialized) { + if (seed_something()) + krb5_abortx(NULL, "Fatal: could not seed the " + "random number generator"); + + rng_initialized = 1; + } + HEIMDAL_MUTEX_unlock(&crypto_mutex); + if (RAND_bytes(buf, len) <= 0) + krb5_abortx(NULL, "Failed to generate random block"); +} diff --git a/crypto/heimdal/lib/krb5/crypto-stubs.c b/crypto/heimdal/lib/krb5/crypto-stubs.c new file mode 100644 index 00000000000..b462680643f --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto-stubs.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +/* These are stub functions for the standalone RFC3961 crypto library */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_context(krb5_context *context) +{ + krb5_context p; + + *context = NULL; + + /* should have a run_once */ + bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); + + p = calloc(1, sizeof(*p)); + if(!p) + return ENOMEM; + + p->mutex = malloc(sizeof(HEIMDAL_MUTEX)); + if (p->mutex == NULL) { + free(p); + return ENOMEM; + } + HEIMDAL_MUTEX_init(p->mutex); + + *context = p; + return 0; +} + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_context(krb5_context context) +{ + krb5_clear_error_message(context); + + HEIMDAL_MUTEX_destroy(context->mutex); + free(context->mutex); + if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { + rk_SOCK_EXIT(); + } + + memset(context, 0, sizeof(*context)); + free(context); +} + +krb5_boolean +_krb5_homedir_access(krb5_context context) { + return 0; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_log(krb5_context context, + krb5_log_facility *fac, + int level, + const char *fmt, + ...) +{ + return 0; +} + +/* This function is currently just used to get the location of the EGD + * socket. If we're not using an EGD, then we can just return NULL */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_config_get_string (krb5_context context, + const krb5_config_section *c, + ...) +{ + return NULL; +} diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index 21d10261bd7..4b66035155d 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,1135 +1,146 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $"); -/* RCSID("$FreeBSD$"); */ -#undef CRYPTO_DEBUG -#ifdef CRYPTO_DEBUG -static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); -#endif - - -struct key_data { - krb5_keyblock *key; - krb5_data *schedule; -}; - -struct key_usage { +struct _krb5_key_usage { unsigned usage; - struct key_data key; + struct _krb5_key_data key; }; -struct krb5_crypto_data { - struct encryption_type *et; - struct key_data key; - int num_key_usage; - struct key_usage *key_usage; -}; -#define CRYPTO_ETYPE(C) ((C)->et->type) - -/* bits for `flags' below */ -#define F_KEYED 1 /* checksum is keyed */ -#define F_CPROOF 2 /* checksum is collision proof */ -#define F_DERIVED 4 /* uses derived keys */ -#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ -#define F_PSEUDO 16 /* not a real protocol type */ -#define F_SPECIAL 32 /* backwards */ -#define F_DISABLED 64 /* enctype/checksum disabled */ - -struct salt_type { - krb5_salttype type; - const char *name; - krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, - krb5_salt, krb5_data, krb5_keyblock*); -}; - -struct key_type { - krb5_keytype type; /* XXX */ - const char *name; - size_t bits; - size_t size; - size_t schedule_size; -#if 0 - krb5_enctype best_etype; -#endif - void (*random_key)(krb5_context, krb5_keyblock*); - void (*schedule)(krb5_context, struct key_data *); - struct salt_type *string_to_key; - void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); -}; - -struct checksum_type { - krb5_cksumtype type; - const char *name; - size_t blocksize; - size_t checksumsize; - unsigned flags; - void (*checksum)(krb5_context context, - struct key_data *key, - const void *buf, size_t len, - unsigned usage, - Checksum *csum); - krb5_error_code (*verify)(krb5_context context, - struct key_data *key, - const void *buf, size_t len, - unsigned usage, - Checksum *csum); -}; - -struct encryption_type { - krb5_enctype type; - const char *name; - heim_oid *oid; - size_t blocksize; - size_t padsize; - size_t confoundersize; - struct key_type *keytype; - struct checksum_type *checksum; - struct checksum_type *keyed_checksum; - unsigned flags; - krb5_error_code (*encrypt)(krb5_context context, - struct key_data *key, - void *data, size_t len, - krb5_boolean encryptp, - int usage, - void *ivec); - size_t prf_length; - krb5_error_code (*prf)(krb5_context, - krb5_crypto, const krb5_data *, krb5_data *); -}; - -#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) -#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) -#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) - -static struct checksum_type *_find_checksum(krb5_cksumtype type); -static struct encryption_type *_find_enctype(krb5_enctype type); -static struct key_type *_find_keytype(krb5_keytype type); -static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, - unsigned, struct key_data**); -static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); -static krb5_error_code derive_key(krb5_context context, - struct encryption_type *et, - struct key_data *key, - const void *constant, - size_t len); -static krb5_error_code hmac(krb5_context context, - struct checksum_type *cm, - const void *data, - size_t len, - unsigned usage, - struct key_data *keyblock, - Checksum *result); -static void free_key_data(krb5_context context, struct key_data *key); -static krb5_error_code usage2arcfour (krb5_context, unsigned *); -static void xor (DES_cblock *, const unsigned char *); - -/************************************************************ - * * - ************************************************************/ - -static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; - - -static void -krb5_DES_random_key(krb5_context context, - krb5_keyblock *key) -{ - DES_cblock *k = key->keyvalue.data; - do { - krb5_generate_random_block(k, sizeof(DES_cblock)); - DES_set_odd_parity(k); - } while(DES_is_weak_key(k)); -} - -static void -krb5_DES_schedule(krb5_context context, - struct key_data *key) -{ - DES_set_key(key->key->keyvalue.data, key->schedule->data); -} - -#ifdef ENABLE_AFS_STRING_TO_KEY - -/* This defines the Andrew string_to_key function. It accepts a password - * string as input and converts it via a one-way encryption algorithm to a DES - * encryption key. It is compatible with the original Andrew authentication - * service password database. - */ - -/* - * Short passwords, i.e 8 characters or less. - */ -static void -krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, - krb5_data cell, - DES_cblock *key) -{ - char password[8+1]; /* crypt is limited to 8 chars anyway */ - int i; - - for(i = 0; i < 8; i++) { - char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ - ((i < cell.length) ? - tolower(((unsigned char*)cell.data)[i]) : 0); - password[i] = c ? c : 'X'; - } - password[8] = '\0'; - - memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); - - /* parity is inserted into the LSB so left shift each byte up one - bit. This allows ascii characters with a zero MSB to retain as - much significance as possible. */ - for (i = 0; i < sizeof(DES_cblock); i++) - ((unsigned char*)key)[i] <<= 1; - DES_set_odd_parity (key); -} - -/* - * Long passwords, i.e 9 characters or more. - */ -static void -krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, - krb5_data cell, - DES_cblock *key) -{ - DES_key_schedule schedule; - DES_cblock temp_key; - DES_cblock ivec; - char password[512]; - size_t passlen; - - memcpy(password, pw.data, min(pw.length, sizeof(password))); - if(pw.length < sizeof(password)) { - int len = min(cell.length, sizeof(password) - pw.length); - int i; - - memcpy(password + pw.length, cell.data, len); - for (i = pw.length; i < pw.length + len; ++i) - password[i] = tolower((unsigned char)password[i]); - } - passlen = min(sizeof(password), pw.length + cell.length); - memcpy(&ivec, "kerberos", 8); - memcpy(&temp_key, "kerberos", 8); - DES_set_odd_parity (&temp_key); - DES_set_key (&temp_key, &schedule); - DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); - - memcpy(&temp_key, &ivec, 8); - DES_set_odd_parity (&temp_key); - DES_set_key (&temp_key, &schedule); - DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); - memset(&schedule, 0, sizeof(schedule)); - memset(&temp_key, 0, sizeof(temp_key)); - memset(&ivec, 0, sizeof(ivec)); - memset(password, 0, sizeof(password)); - - DES_set_odd_parity (key); -} - -static krb5_error_code -DES_AFS3_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - DES_cblock tmp; - if(password.length > 8) - krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); - else - krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp); - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); - memset(&key, 0, sizeof(key)); - return 0; -} -#endif /* ENABLE_AFS_STRING_TO_KEY */ - -static void -DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) -{ - DES_key_schedule schedule; - int i; - int reverse = 0; - unsigned char *p; - - unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, - 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; - memset(key, 0, 8); - - p = (unsigned char*)key; - for (i = 0; i < length; i++) { - unsigned char tmp = data[i]; - if (!reverse) - *p++ ^= (tmp << 1); - else - *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; - if((i % 8) == 7) - reverse = !reverse; - } - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; - DES_set_key(key, &schedule); - DES_cbc_cksum((void*)data, key, length, &schedule, key); - memset(&schedule, 0, sizeof(schedule)); - DES_set_odd_parity(key); - if(DES_is_weak_key(key)) - (*key)[7] ^= 0xF0; -} - -static krb5_error_code -krb5_DES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - unsigned char *s; - size_t len; - DES_cblock tmp; - -#ifdef ENABLE_AFS_STRING_TO_KEY - if (opaque.length == 1) { - unsigned long v; - _krb5_get_int(opaque.data, &v, 1); - if (v == 1) - return DES_AFS3_string_to_key(context, enctype, password, - salt, opaque, key); - } +#ifndef HEIMDAL_SMALLER +#define DES3_OLD_ENCTYPE 1 #endif - len = password.length + salt.saltvalue.length; - s = malloc(len); - if(len > 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(s, password.data, password.length); - memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - DES_string_to_key_int(s, len, &tmp); - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); - memset(&tmp, 0, sizeof(tmp)); - memset(s, 0, len); - free(s); - return 0; -} +static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, + unsigned, struct _krb5_key_data**); +static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); -static void -krb5_DES_random_to_key(krb5_context context, - krb5_keyblock *key, - const void *data, - size_t size) -{ - DES_cblock *k = key->keyvalue.data; - memcpy(k, data, key->keyvalue.length); - DES_set_odd_parity(k); - if(DES_is_weak_key(k)) - xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); -} +static void free_key_schedule(krb5_context, + struct _krb5_key_data *, + struct _krb5_encryption_type *); -/* - * +/* + * Converts etype to a user readable string and sets as a side effect + * the krb5_error_message containing this string. Returns + * KRB5_PROG_ETYPE_NOSUPP in not the conversion of the etype failed in + * which case the error code of the etype convesion is returned. */ -static void -DES3_random_key(krb5_context context, - krb5_keyblock *key) -{ - DES_cblock *k = key->keyvalue.data; - do { - krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); - DES_set_odd_parity(&k[0]); - DES_set_odd_parity(&k[1]); - DES_set_odd_parity(&k[2]); - } while(DES_is_weak_key(&k[0]) || - DES_is_weak_key(&k[1]) || - DES_is_weak_key(&k[2])); -} - -static void -DES3_schedule(krb5_context context, - struct key_data *key) -{ - DES_cblock *k = key->key->keyvalue.data; - DES_key_schedule *s = key->schedule->data; - DES_set_key(&k[0], &s[0]); - DES_set_key(&k[1], &s[1]); - DES_set_key(&k[2], &s[2]); -} - -/* - * A = A xor B. A & B are 8 bytes. - */ - -static void -xor (DES_cblock *key, const unsigned char *b) -{ - unsigned char *a = (unsigned char*)key; - a[0] ^= b[0]; - a[1] ^= b[1]; - a[2] ^= b[2]; - a[3] ^= b[3]; - a[4] ^= b[4]; - a[5] ^= b[5]; - a[6] ^= b[6]; - a[7] ^= b[7]; -} - static krb5_error_code -DES3_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - char *str; - size_t len; - unsigned char tmp[24]; - DES_cblock keys[3]; - krb5_error_code ret; - - len = password.length + salt.saltvalue.length; - str = malloc(len); - if(len != 0 && str == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(str, password.data, password.length); - memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); - { - DES_cblock ivec; - DES_key_schedule s[3]; - int i; - - ret = _krb5_n_fold(str, len, tmp, 24); - if (ret) { - memset(str, 0, len); - free(str); - krb5_set_error_string(context, "out of memory"); - return ret; - } - - for(i = 0; i < 3; i++){ - memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); - DES_set_odd_parity(keys + i); - if(DES_is_weak_key(keys + i)) - xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); - DES_set_key(keys + i, &s[i]); - } - memset(&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(tmp, - tmp, sizeof(tmp), - &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); - memset(s, 0, sizeof(s)); - memset(&ivec, 0, sizeof(ivec)); - for(i = 0; i < 3; i++){ - memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); - DES_set_odd_parity(keys + i); - if(DES_is_weak_key(keys + i)) - xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); - } - memset(tmp, 0, sizeof(tmp)); - } - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); - memset(keys, 0, sizeof(keys)); - memset(str, 0, len); - free(str); - return 0; -} - -static krb5_error_code -DES3_string_to_key_derived(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) +unsupported_enctype(krb5_context context, krb5_enctype etype) { krb5_error_code ret; - size_t len = password.length + salt.saltvalue.length; - char *s; + char *name; - s = malloc(len); - if(len != 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(s, password.data, password.length); - memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - ret = krb5_string_to_key_derived(context, - s, - len, - enctype, - key); - memset(s, 0, len); - free(s); - return ret; -} - -static void -DES3_random_to_key(krb5_context context, - krb5_keyblock *key, - const void *data, - size_t size) -{ - unsigned char *x = key->keyvalue.data; - const u_char *q = data; - DES_cblock *k; - int i, j; - - memset(x, 0, sizeof(x)); - for (i = 0; i < 3; ++i) { - unsigned char foo; - for (j = 0; j < 7; ++j) { - unsigned char b = q[7 * i + j]; - - x[8 * i + j] = b; - } - foo = 0; - for (j = 6; j >= 0; --j) { - foo |= q[7 * i + j] & 1; - foo <<= 1; - } - x[8 * i + 7] = foo; - } - k = key->keyvalue.data; - for (i = 0; i < 3; i++) { - DES_set_odd_parity(&k[i]); - if(DES_is_weak_key(&k[i])) - xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); - } -} - -/* - * ARCFOUR - */ - -static void -ARCFOUR_schedule(krb5_context context, - struct key_data *kd) -{ - RC4_set_key (kd->schedule->data, - kd->key->keyvalue.length, kd->key->keyvalue.data); -} - -static krb5_error_code -ARCFOUR_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - char *s, *p; - size_t len; - int i; - MD4_CTX m; - krb5_error_code ret; - - len = 2 * password.length; - s = malloc (len); - if (len != 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - for (p = s, i = 0; i < password.length; ++i) { - *p++ = ((char *)password.data)[i]; - *p++ = 0; - } - MD4_Init (&m); - MD4_Update (&m, s, len); - key->keytype = enctype; - ret = krb5_data_alloc (&key->keyvalue, 16); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - goto out; - } - MD4_Final (key->keyvalue.data, &m); - memset (s, 0, len); - ret = 0; -out: - free (s); - return ret; -} - -/* - * AES - */ - -int _krb5_AES_string_to_default_iterator = 4096; - -static krb5_error_code -AES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - krb5_error_code ret; - uint32_t iter; - struct encryption_type *et; - struct key_data kd; - - if (opaque.length == 0) - iter = _krb5_AES_string_to_default_iterator; - else if (opaque.length == 4) { - unsigned long v; - _krb5_get_int(opaque.data, &v, 4); - iter = ((uint32_t)v); - } else - return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ - - et = _find_enctype(enctype); - if (et == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - - kd.schedule = NULL; - ALLOC(kd.key, 1); - if(kd.key == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - kd.key->keytype = enctype; - ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); - if (ret) { - krb5_set_error_string(context, "Failed to allocate pkcs5 key"); - return ret; - } - - ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, - salt.saltvalue.data, salt.saltvalue.length, - iter, - et->keytype->size, kd.key->keyvalue.data); - if (ret != 1) { - free_key_data(context, &kd); - krb5_set_error_string(context, "Error calculating s2k"); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); - if (ret == 0) - ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); - - return ret; -} - -struct krb5_aes_schedule { - AES_KEY ekey; - AES_KEY dkey; -}; - -static void -AES_schedule(krb5_context context, - struct key_data *kd) -{ - struct krb5_aes_schedule *key = kd->schedule->data; - int bits = kd->key->keyvalue.length * 8; - - memset(key, 0, sizeof(*key)); - AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); - AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); -} - -/* - * - */ - -static struct salt_type des_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - krb5_DES_string_to_key - }, -#ifdef ENABLE_AFS_STRING_TO_KEY - { - KRB5_AFS3_SALT, - "afs3-salt", - DES_AFS3_string_to_key - }, -#endif - { 0 } -}; - -static struct salt_type des3_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - DES3_string_to_key - }, - { 0 } -}; - -static struct salt_type des3_salt_derived[] = { - { - KRB5_PW_SALT, - "pw-salt", - DES3_string_to_key_derived - }, - { 0 } -}; - -static struct salt_type AES_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - AES_string_to_key - }, - { 0 } -}; - -static struct salt_type arcfour_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - ARCFOUR_string_to_key - }, - { 0 } -}; - -/* - * - */ - -static struct key_type keytype_null = { - KEYTYPE_NULL, - "null", - 0, - 0, - 0, - NULL, - NULL, - NULL -}; - -static struct key_type keytype_des = { - KEYTYPE_DES, - "des", - 56, - sizeof(DES_cblock), - sizeof(DES_key_schedule), - krb5_DES_random_key, - krb5_DES_schedule, - des_salt, - krb5_DES_random_to_key -}; - -static struct key_type keytype_des3 = { - KEYTYPE_DES3, - "des3", - 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), - DES3_random_key, - DES3_schedule, - des3_salt, - DES3_random_to_key -}; - -static struct key_type keytype_des3_derived = { - KEYTYPE_DES3, - "des3", - 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), - DES3_random_key, - DES3_schedule, - des3_salt_derived, - DES3_random_to_key -}; - -static struct key_type keytype_aes128 = { - KEYTYPE_AES128, - "aes-128", - 128, - 16, - sizeof(struct krb5_aes_schedule), - NULL, - AES_schedule, - AES_salt -}; - -static struct key_type keytype_aes256 = { - KEYTYPE_AES256, - "aes-256", - 256, - 32, - sizeof(struct krb5_aes_schedule), - NULL, - AES_schedule, - AES_salt -}; - -static struct key_type keytype_arcfour = { - KEYTYPE_ARCFOUR, - "arcfour", - 128, - 16, - sizeof(RC4_KEY), - NULL, - ARCFOUR_schedule, - arcfour_salt -}; - -static struct key_type *keytypes[] = { - &keytype_null, - &keytype_des, - &keytype_des3_derived, - &keytype_des3, - &keytype_aes128, - &keytype_aes256, - &keytype_arcfour -}; - -static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]); - -static struct key_type * -_find_keytype(krb5_keytype type) -{ - int i; - for(i = 0; i < num_keytypes; i++) - if(keytypes[i]->type == type) - return keytypes[i]; - return NULL; -} - - -krb5_error_code KRB5_LIB_FUNCTION -krb5_salttype_to_string (krb5_context context, - krb5_enctype etype, - krb5_salttype stype, - char **string) -{ - struct encryption_type *e; - struct salt_type *st; - - e = _find_enctype (etype); - if (e == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; - } - for (st = e->keytype->string_to_key; st && st->type; st++) { - if (st->type == stype) { - *string = strdup (st->name); - if (*string == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - return 0; - } - } - krb5_set_error_string(context, "salttype %d not supported", stype); - return HEIM_ERR_SALTTYPE_NOSUPP; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_salttype (krb5_context context, - krb5_enctype etype, - const char *string, - krb5_salttype *salttype) -{ - struct encryption_type *e; - struct salt_type *st; - - e = _find_enctype (etype); - if (e == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; - } - for (st = e->keytype->string_to_key; st && st->type; st++) { - if (strcasecmp (st->name, string) == 0) { - *salttype = st->type; - return 0; - } - } - krb5_set_error_string(context, "salttype %s not supported", string); - return HEIM_ERR_SALTTYPE_NOSUPP; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_pw_salt(krb5_context context, - krb5_const_principal principal, - krb5_salt *salt) -{ - size_t len; - int i; - krb5_error_code ret; - char *p; - - salt->salttype = KRB5_PW_SALT; - len = strlen(principal->realm); - for (i = 0; i < principal->name.name_string.len; ++i) - len += strlen(principal->name.name_string.val[i]); - ret = krb5_data_alloc (&salt->saltvalue, len); + ret = krb5_enctype_to_string(context, etype, &name); if (ret) return ret; - p = salt->saltvalue.data; - memcpy (p, principal->realm, strlen(principal->realm)); - p += strlen(principal->realm); - for (i = 0; i < principal->name.name_string.len; ++i) { - memcpy (p, - principal->name.name_string.val[i], - strlen(principal->name.name_string.val[i])); - p += strlen(principal->name.name_string.val[i]); - } - return 0; -} -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_salt(krb5_context context, - krb5_salt salt) -{ - krb5_data_free(&salt.saltvalue); - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data (krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_principal principal, - krb5_keyblock *key) -{ - krb5_error_code ret; - krb5_salt salt; - - ret = krb5_get_pw_salt(context, principal, &salt); - if(ret) - return ret; - ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key); - krb5_free_salt(context, salt); - return ret; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key (krb5_context context, - krb5_enctype enctype, - const char *password, - krb5_principal principal, - krb5_keyblock *key) -{ - krb5_data pw; - pw.data = rk_UNCONST(password); - pw.length = strlen(password); - return krb5_string_to_key_data(context, enctype, pw, principal, key); -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data_salt (krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_keyblock *key) -{ - krb5_data opaque; - krb5_data_zero(&opaque); - return krb5_string_to_key_data_salt_opaque(context, enctype, password, - salt, opaque, key); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("Encryption type %s not supported", ""), + name); + free(name); + return KRB5_PROG_ETYPE_NOSUPP; } /* - * Do a string -> key for encryption type `enctype' operation on - * `password' (with salt `salt' and the enctype specific data string - * `opaque'), returning the resulting key in `key' + * */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data_salt_opaque (krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - struct encryption_type *et =_find_enctype(enctype); - struct salt_type *st; - if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - enctype); - return KRB5_PROG_ETYPE_NOSUPP; - } - for(st = et->keytype->string_to_key; st && st->type; st++) - if(st->type == salt.salttype) - return (*st->string_to_key)(context, enctype, password, - salt, opaque, key); - krb5_set_error_string(context, "salt type %d not supported", - salt.salttype); - return HEIM_ERR_SALTTYPE_NOSUPP; -} - -/* - * Do a string -> key for encryption type `enctype' operation on the - * string `password' (with salt `salt'), returning the resulting key - * in `key' - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_salt (krb5_context context, - krb5_enctype enctype, - const char *password, - krb5_salt salt, - krb5_keyblock *key) -{ - krb5_data pw; - pw.data = rk_UNCONST(password); - pw.length = strlen(password); - return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_salt_opaque (krb5_context context, - krb5_enctype enctype, - const char *password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - krb5_data pw; - pw.data = rk_UNCONST(password); - pw.length = strlen(password); - return krb5_string_to_key_data_salt_opaque(context, enctype, - pw, salt, opaque, key); -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_string(krb5_context context, - krb5_keytype keytype, - char **string) -{ - struct key_type *kt = _find_keytype(keytype); - if(kt == NULL) { - krb5_set_error_string(context, "key type %d not supported", keytype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - *string = strdup(kt->name); - if(*string == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_keytype(krb5_context context, - const char *string, - krb5_keytype *keytype) -{ - int i; - for(i = 0; i < num_keytypes; i++) - if(strcasecmp(keytypes[i]->name, string) == 0){ - *keytype = keytypes[i]->type; - return 0; - } - krb5_set_error_string(context, "key type %s not supported", string); - return KRB5_PROG_KEYTYPE_NOSUPP; -} - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keysize(krb5_context context, krb5_enctype type, size_t *keysize) { - struct encryption_type *et = _find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, type); } *keysize = et->keytype->size; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keybits(krb5_context context, krb5_enctype type, size_t *keybits) { - struct encryption_type *et = _find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, type); } *keybits = et->keytype->bits; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) { krb5_error_code ret; - struct encryption_type *et = _find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, type); } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); - if(ret) + if(ret) return ret; key->keytype = type; if(et->keytype->random_key) (*et->keytype->random_key)(context, key); else - krb5_generate_random_block(key->keyvalue.data, + krb5_generate_random_block(key->keyvalue.data, key->keyvalue.length); return 0; } static krb5_error_code _key_schedule(krb5_context context, - struct key_data *key) + struct _krb5_key_data *key) { krb5_error_code ret; - struct encryption_type *et = _find_enctype(key->key->keytype); - struct key_type *kt = et->keytype; + struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype); + struct _krb5_key_type *kt; + + if (et == NULL) { + return unsupported_enctype (context, + key->key->keytype); + } + + kt = et->keytype; if(kt->schedule == NULL) return 0; @@ -1137,7 +148,7 @@ _key_schedule(krb5_context context, return 0; ALLOC(key->schedule, 1); if(key->schedule == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_data_alloc(key->schedule, kt->schedule_size); @@ -1146,7 +157,7 @@ _key_schedule(krb5_context context, key->schedule = NULL; return ret; } - (*kt->schedule)(context, key); + (*kt->schedule)(context, kt, key); return 0; } @@ -1154,277 +165,34 @@ _key_schedule(krb5_context context, * * ************************************************************/ -static void -NONE_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ -} - -static void -CRC32_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - uint32_t crc; - unsigned char *r = C->checksum.data; - _krb5_crc_init_table (); - crc = _krb5_crc_update (data, len, 0); - r[0] = crc & 0xff; - r[1] = (crc >> 8) & 0xff; - r[2] = (crc >> 16) & 0xff; - r[3] = (crc >> 24) & 0xff; -} - -static void -RSA_MD4_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD4_CTX m; - - MD4_Init (&m); - MD4_Update (&m, data, len); - MD4_Final (C->checksum.data, &m); -} - -static void -RSA_MD4_DES_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *cksum) -{ - MD4_CTX md4; - DES_cblock ivec; - unsigned char *p = cksum->checksum.data; - - krb5_generate_random_block(p, 8); - MD4_Init (&md4); - MD4_Update (&md4, p, 8); - MD4_Update (&md4, data, len); - MD4_Final (p + 8, &md4); - memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); -} - static krb5_error_code -RSA_MD4_DES_verify(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD4_CTX md4; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - key->schedule->data, - &ivec, - DES_DECRYPT); - MD4_Init (&md4); - MD4_Update (&md4, tmp, 8); /* confounder */ - MD4_Update (&md4, data, len); - MD4_Final (res, &md4); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; -} - -static void -RSA_MD5_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD5_CTX m; - - MD5_Init (&m); - MD5_Update(&m, data, len); - MD5_Final (C->checksum.data, &m); -} - -static void -RSA_MD5_DES_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); -} - -static krb5_error_code -RSA_MD5_DES_verify(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; -} - -static void -RSA_MD5_DES3_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - DES_key_schedule *sched = key->schedule->data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(p, - p, - 24, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_ENCRYPT); -} - -static krb5_error_code -RSA_MD5_DES3_verify(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) -{ - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; -} - -static void SHA1_checksum(krb5_context context, - struct key_data *key, + struct _krb5_key_data *key, const void *data, size_t len, unsigned usage, Checksum *C) { - SHA_CTX m; - - SHA1_Init(&m); - SHA1_Update(&m, data, len); - SHA1_Final(C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1) + krb5_abortx(context, "sha1 checksum failed"); + return 0; } /* HMAC according to RFC2104 */ -static krb5_error_code -hmac(krb5_context context, - struct checksum_type *cm, - const void *data, - size_t len, - unsigned usage, - struct key_data *keyblock, - Checksum *result) +krb5_error_code +_krb5_internal_hmac(krb5_context context, + struct _krb5_checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct _krb5_key_data *keyblock, + Checksum *result) { unsigned char *ipad, *opad; unsigned char *key; size_t key_len; - int i; - + size_t i; + ipad = malloc(cm->blocksize + len); if (ipad == NULL) return ENOMEM; @@ -1437,10 +205,10 @@ hmac(krb5_context context, memset(opad, 0x5c, cm->blocksize); if(keyblock->key->keyvalue.length > cm->blocksize){ - (*cm->checksum)(context, - keyblock, - keyblock->key->keyvalue.data, - keyblock->key->keyvalue.length, + (*cm->checksum)(context, + keyblock, + keyblock->key->keyvalue.data, + keyblock->key->keyvalue.length, usage, result); key = result->checksum.data; @@ -1456,9 +224,9 @@ hmac(krb5_context context, memcpy(ipad + cm->blocksize, data, len); (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, usage, result); - memcpy(opad + cm->blocksize, result->checksum.data, + memcpy(opad + cm->blocksize, result->checksum.data, result->checksum.length); - (*cm->checksum)(context, keyblock, opad, + (*cm->checksum)(context, keyblock, opad, cm->blocksize + cm->checksumsize, usage, result); memset(ipad, 0, cm->blocksize + len); free(ipad); @@ -1468,45 +236,46 @@ hmac(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_hmac(krb5_context context, krb5_cksumtype cktype, const void *data, size_t len, - unsigned usage, + unsigned usage, krb5_keyblock *key, Checksum *result) { - struct checksum_type *c = _find_checksum(cktype); - struct key_data kd; + struct _krb5_checksum_type *c = _krb5_find_checksum(cktype); + struct _krb5_key_data kd; krb5_error_code ret; if (c == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - cktype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + cktype); return KRB5_PROG_SUMTYPE_NOSUPP; } kd.key = key; kd.schedule = NULL; - ret = hmac(context, c, data, len, usage, &kd, result); + ret = _krb5_internal_hmac(context, c, data, len, usage, &kd, result); if (kd.schedule) krb5_free_data(context, kd.schedule); return ret; - } +} -static void -SP_HMAC_SHA1_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) +krb5_error_code +_krb5_SP_HMAC_SHA1_checksum(krb5_context context, + struct _krb5_key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) { - struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); + struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1); Checksum res; char sha1_data[20]; krb5_error_code ret; @@ -1514,183 +283,14 @@ SP_HMAC_SHA1_checksum(krb5_context context, res.checksum.data = sha1_data; res.checksum.length = sizeof(sha1_data); - ret = hmac(context, c, data, len, usage, key, &res); + ret = _krb5_internal_hmac(context, c, data, len, usage, key, &res); if (ret) krb5_abortx(context, "hmac failed"); memcpy(result->checksum.data, res.checksum.data, result->checksum.length); + return 0; } -/* - * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt - */ - -static void -HMAC_MD5_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) -{ - MD5_CTX md5; - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - const char signature[] = "signaturekey"; - Checksum ksign_c; - struct key_data ksign; - krb5_keyblock kb; - unsigned char t[4]; - unsigned char tmp[16]; - unsigned char ksign_c_data[16]; - krb5_error_code ret; - - ksign_c.checksum.length = sizeof(ksign_c_data); - ksign_c.checksum.data = ksign_c_data; - ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); - ksign.key = &kb; - kb.keyvalue = ksign_c.checksum; - MD5_Init (&md5); - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - MD5_Update (&md5, t, 4); - MD5_Update (&md5, data, len); - MD5_Final (tmp, &md5); - ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); - if (ret) - krb5_abortx(context, "hmac failed"); -} - -/* - * same as previous but being used while encrypting. - */ - -static void -HMAC_MD5_checksum_enc(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) -{ - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - Checksum ksign_c; - struct key_data ksign; - krb5_keyblock kb; - unsigned char t[4]; - unsigned char ksign_c_data[16]; - krb5_error_code ret; - - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - - ksign_c.checksum.length = sizeof(ksign_c_data); - ksign_c.checksum.data = ksign_c_data; - ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); - ksign.key = &kb; - kb.keyvalue = ksign_c.checksum; - ret = hmac(context, c, data, len, 0, &ksign, result); - if (ret) - krb5_abortx(context, "hmac failed"); -} - -static struct checksum_type checksum_none = { - CKSUMTYPE_NONE, - "none", - 1, - 0, - 0, - NONE_checksum, - NULL -}; -static struct checksum_type checksum_crc32 = { - CKSUMTYPE_CRC32, - "crc32", - 1, - 4, - 0, - CRC32_checksum, - NULL -}; -static struct checksum_type checksum_rsa_md4 = { - CKSUMTYPE_RSA_MD4, - "rsa-md4", - 64, - 16, - F_CPROOF, - RSA_MD4_checksum, - NULL -}; -static struct checksum_type checksum_rsa_md4_des = { - CKSUMTYPE_RSA_MD4_DES, - "rsa-md4-des", - 64, - 24, - F_KEYED | F_CPROOF | F_VARIANT, - RSA_MD4_DES_checksum, - RSA_MD4_DES_verify -}; -#if 0 -static struct checksum_type checksum_des_mac = { - CKSUMTYPE_DES_MAC, - "des-mac", - 0, - 0, - 0, - DES_MAC_checksum -}; -static struct checksum_type checksum_des_mac_k = { - CKSUMTYPE_DES_MAC_K, - "des-mac-k", - 0, - 0, - 0, - DES_MAC_K_checksum -}; -static struct checksum_type checksum_rsa_md4_des_k = { - CKSUMTYPE_RSA_MD4_DES_K, - "rsa-md4-des-k", - 0, - 0, - 0, - RSA_MD4_DES_K_checksum, - RSA_MD4_DES_K_verify -}; -#endif -static struct checksum_type checksum_rsa_md5 = { - CKSUMTYPE_RSA_MD5, - "rsa-md5", - 64, - 16, - F_CPROOF, - RSA_MD5_checksum, - NULL -}; -static struct checksum_type checksum_rsa_md5_des = { - CKSUMTYPE_RSA_MD5_DES, - "rsa-md5-des", - 64, - 24, - F_KEYED | F_CPROOF | F_VARIANT, - RSA_MD5_DES_checksum, - RSA_MD5_DES_verify -}; -static struct checksum_type checksum_rsa_md5_des3 = { - CKSUMTYPE_RSA_MD5_DES3, - "rsa-md5-des3", - 64, - 24, - F_KEYED | F_CPROOF | F_VARIANT, - RSA_MD5_DES3_checksum, - RSA_MD5_DES3_verify -}; -static struct checksum_type checksum_sha1 = { +struct _krb5_checksum_type _krb5_checksum_sha1 = { CKSUMTYPE_SHA1, "sha1", 64, @@ -1699,115 +299,43 @@ static struct checksum_type checksum_sha1 = { SHA1_checksum, NULL }; -static struct checksum_type checksum_hmac_sha1_des3 = { - CKSUMTYPE_HMAC_SHA1_DES3, - "hmac-sha1-des3", - 64, - 20, - F_KEYED | F_CPROOF | F_DERIVED, - SP_HMAC_SHA1_checksum, - NULL -}; -static struct checksum_type checksum_hmac_sha1_aes128 = { - CKSUMTYPE_HMAC_SHA1_96_AES_128, - "hmac-sha1-96-aes128", - 64, - 12, - F_KEYED | F_CPROOF | F_DERIVED, - SP_HMAC_SHA1_checksum, - NULL -}; - -static struct checksum_type checksum_hmac_sha1_aes256 = { - CKSUMTYPE_HMAC_SHA1_96_AES_256, - "hmac-sha1-96-aes256", - 64, - 12, - F_KEYED | F_CPROOF | F_DERIVED, - SP_HMAC_SHA1_checksum, - NULL -}; - -static struct checksum_type checksum_hmac_md5 = { - CKSUMTYPE_HMAC_MD5, - "hmac-md5", - 64, - 16, - F_KEYED | F_CPROOF, - HMAC_MD5_checksum, - NULL -}; - -static struct checksum_type checksum_hmac_md5_enc = { - CKSUMTYPE_HMAC_MD5_ENC, - "hmac-md5-enc", - 64, - 16, - F_KEYED | F_CPROOF | F_PSEUDO, - HMAC_MD5_checksum_enc, - NULL -}; - -static struct checksum_type *checksum_types[] = { - &checksum_none, - &checksum_crc32, - &checksum_rsa_md4, - &checksum_rsa_md4_des, -#if 0 - &checksum_des_mac, - &checksum_des_mac_k, - &checksum_rsa_md4_des_k, -#endif - &checksum_rsa_md5, - &checksum_rsa_md5_des, - &checksum_rsa_md5_des3, - &checksum_sha1, - &checksum_hmac_sha1_des3, - &checksum_hmac_sha1_aes128, - &checksum_hmac_sha1_aes256, - &checksum_hmac_md5, - &checksum_hmac_md5_enc -}; - -static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); - -static struct checksum_type * -_find_checksum(krb5_cksumtype type) +struct _krb5_checksum_type * +_krb5_find_checksum(krb5_cksumtype type) { int i; - for(i = 0; i < num_checksums; i++) - if(checksum_types[i]->type == type) - return checksum_types[i]; + for(i = 0; i < _krb5_num_checksums; i++) + if(_krb5_checksum_types[i]->type == type) + return _krb5_checksum_types[i]; return NULL; } static krb5_error_code -get_checksum_key(krb5_context context, +get_checksum_key(krb5_context context, krb5_crypto crypto, unsigned usage, /* not krb5_key_usage */ - struct checksum_type *ct, - struct key_data **key) + struct _krb5_checksum_type *ct, + struct _krb5_key_data **key) { krb5_error_code ret = 0; if(ct->flags & F_DERIVED) ret = _get_derived_key(context, crypto, usage, key); else if(ct->flags & F_VARIANT) { - int i; + size_t i; *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); if(*key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key); - if(ret) + if(ret) return ret; for(i = 0; i < (*key)->key->keyvalue.length; i++) ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0; } else { - *key = &crypto->key; + *key = &crypto->key; } if(ret == 0) ret = _key_schedule(context, *key); @@ -1816,7 +344,7 @@ get_checksum_key(krb5_context context, static krb5_error_code create_checksum (krb5_context context, - struct checksum_type *ct, + struct _krb5_checksum_type *ct, krb5_crypto crypto, unsigned usage, void *data, @@ -1824,18 +352,19 @@ create_checksum (krb5_context context, Checksum *result) { krb5_error_code ret; - struct key_data *dkey; + struct _krb5_key_data *dkey; int keyed_checksum; - + if (ct->flags & F_DISABLED) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_PROG_SUMTYPE_NOSUPP; } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_set_error_string (context, "Checksum type %s is keyed " - "but no crypto context (key) was passed in", - ct->name); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("Checksum type %s is keyed but no " + "crypto context (key) was passed in", ""), + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) { @@ -1848,18 +377,17 @@ create_checksum (krb5_context context, ret = krb5_data_alloc(&result->checksum, ct->checksumsize); if (ret) return (ret); - (*ct->checksum)(context, dkey, data, len, usage, result); - return 0; + return (*ct->checksum)(context, dkey, data, len, usage, result); } static int -arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) +arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto) { return (ct->type == CKSUMTYPE_HMAC_MD5) && (crypto->key.key->keytype == KEYTYPE_ARCFOUR); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1868,12 +396,12 @@ krb5_create_checksum(krb5_context context, size_t len, Checksum *result) { - struct checksum_type *ct = NULL; + struct _krb5_checksum_type *ct = NULL; unsigned keyusage; /* type 0 -> pick from crypto */ if (type) { - ct = _find_checksum(type); + ct = _krb5_find_checksum(type); } else if (crypto) { ct = crypto->et->keyed_checksum; if (ct == NULL) @@ -1881,14 +409,15 @@ krb5_create_checksum(krb5_context context, } if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + type); return KRB5_PROG_SUMTYPE_NOSUPP; } if (arcfour_checksum_p(ct, crypto)) { keyusage = usage; - usage2arcfour(context, &keyusage); + _krb5_usage2arcfour(context, &keyusage); } else keyusage = CHECKSUM_USAGE(usage); @@ -1905,45 +434,85 @@ verify_checksum(krb5_context context, Checksum *cksum) { krb5_error_code ret; - struct key_data *dkey; + struct _krb5_key_data *dkey; int keyed_checksum; Checksum c; - struct checksum_type *ct; + struct _krb5_checksum_type *ct; - ct = _find_checksum(cksum->cksumtype); + ct = _krb5_find_checksum(cksum->cksumtype); if (ct == NULL || (ct->flags & F_DISABLED)) { - krb5_set_error_string (context, "checksum type %d not supported", - cksum->cksumtype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; } if(ct->checksumsize != cksum->checksum.length) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); + krb5_set_error_message(context, KRB5KRB_AP_ERR_BAD_INTEGRITY, + N_("Decrypt integrity check failed for checksum type %s, " + "length was %u, expected %u", ""), + ct->name, (unsigned)cksum->checksum.length, + (unsigned)ct->checksumsize); + return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; - if(keyed_checksum && crypto == NULL) { - krb5_set_error_string (context, "Checksum type %s is keyed " - "but no crypto context (key) was passed in", - ct->name); - return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ - } - if(keyed_checksum) + if(keyed_checksum) { + struct _krb5_checksum_type *kct; + if (crypto == NULL) { + krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("Checksum type %s is keyed but no " + "crypto context (key) was passed in", ""), + ct->name); + return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ + } + kct = crypto->et->keyed_checksum; + if (kct != NULL && kct->type != ct->type) { + krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("Checksum type %s is keyed, but " + "the key type %s passed didnt have that checksum " + "type as the keyed type", ""), + ct->name, crypto->et->name); + return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ + } + ret = get_checksum_key(context, crypto, usage, ct, &dkey); - else + if (ret) + return ret; + } else dkey = NULL; - if(ct->verify) - return (*ct->verify)(context, dkey, data, len, usage, cksum); + + /* + * If checksum have a verify function, lets use that instead of + * calling ->checksum and then compare result. + */ + + if(ct->verify) { + ret = (*ct->verify)(context, dkey, data, len, usage, cksum); + if (ret) + krb5_set_error_message(context, ret, + N_("Decrypt integrity check failed for checksum " + "type %s, key type %s", ""), + ct->name, (crypto != NULL)? crypto->et->name : "(none)"); + return ret; + } ret = krb5_data_alloc (&c.checksum, ct->checksumsize); if (ret) return ret; - (*ct->checksum)(context, dkey, data, len, usage, &c); + ret = (*ct->checksum)(context, dkey, data, len, usage, &c); + if (ret) { + krb5_data_free(&c.checksum); + return ret; + } - if(c.checksum.length != cksum->checksum.length || - memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { - krb5_clear_error_string (context); + if(krb5_data_ct_cmp(&c.checksum, &cksum->checksum) != 0) { ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + krb5_set_error_message(context, ret, + N_("Decrypt integrity check failed for checksum " + "type %s, key type %s", ""), + ct->name, crypto ? crypto->et->name : "(unkeyed)"); } else { ret = 0; } @@ -1951,27 +520,28 @@ verify_checksum(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum(krb5_context context, krb5_crypto crypto, - krb5_key_usage usage, + krb5_key_usage usage, void *data, size_t len, Checksum *cksum) { - struct checksum_type *ct; + struct _krb5_checksum_type *ct; unsigned keyusage; - ct = _find_checksum(cksum->cksumtype); + ct = _krb5_find_checksum(cksum->cksumtype); if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - cksum->cksumtype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; } if (arcfour_checksum_p(ct, crypto)) { keyusage = usage; - usage2arcfour(context, &keyusage); + _krb5_usage2arcfour(context, &keyusage); } else keyusage = CHECKSUM_USAGE(usage); @@ -1979,82 +549,87 @@ krb5_verify_checksum(krb5_context context, data, len, cksum); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_get_checksum_type(krb5_context context, krb5_crypto crypto, krb5_cksumtype *type) { - struct checksum_type *ct = NULL; - + struct _krb5_checksum_type *ct = NULL; + if (crypto != NULL) { ct = crypto->et->keyed_checksum; if (ct == NULL) ct = crypto->et->checksum; } - + if (ct == NULL) { - krb5_set_error_string (context, "checksum type not found"); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type not found", "")); return KRB5_PROG_SUMTYPE_NOSUPP; - } + } *type = ct->type; - - return 0; + + return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksumsize(krb5_context context, krb5_cksumtype type, size_t *size) { - struct checksum_type *ct = _find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + type); return KRB5_PROG_SUMTYPE_NOSUPP; } *size = ct->checksumsize; return 0; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_keyed(krb5_context context, krb5_cksumtype type) { - struct checksum_type *ct = _find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { if (context) - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + type); return KRB5_PROG_SUMTYPE_NOSUPP; } return ct->flags & F_KEYED; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_collision_proof(krb5_context context, krb5_cksumtype type) { - struct checksum_type *ct = _find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { if (context) - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + type); return KRB5_PROG_SUMTYPE_NOSUPP; } return ct->flags & F_CPROOF; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksum_disable(krb5_context context, krb5_cksumtype type) { - struct checksum_type *ct = _find_checksum(type); + struct _krb5_checksum_type *ct = _krb5_find_checksum(type); if(ct == NULL) { if (context) - krb5_set_error_string (context, "checksum type %d not supported", - type); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + type); return KRB5_PROG_SUMTYPE_NOSUPP; } ct->flags |= F_DISABLED; @@ -2065,912 +640,157 @@ krb5_checksum_disable(krb5_context context, * * ************************************************************/ -static krb5_error_code -NULL_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - return 0; -} - -static krb5_error_code -DES_CBC_encrypt_null_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ignore_ivec) -{ - DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; - memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); - return 0; -} - -static krb5_error_code -DES_CBC_encrypt_key_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ignore_ivec) -{ - DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; - memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); - return 0; -} - -static krb5_error_code -DES3_CBC_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - DES_cblock local_ivec; - DES_key_schedule *s = key->schedule->data; - if(ivec == NULL) { - ivec = &local_ivec; - memset(local_ivec, 0, sizeof(local_ivec)); - } - DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp); - return 0; -} - -static krb5_error_code -DES_CFB64_encrypt_null_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ignore_ivec) -{ - DES_cblock ivec; - int num = 0; - DES_key_schedule *s = key->schedule->data; - memset(&ivec, 0, sizeof(ivec)); - - DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp); - return 0; -} - -static krb5_error_code -DES_PCBC_encrypt_key_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ignore_ivec) -{ - DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; - memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - - DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); - return 0; -} - -/* - * AES draft-raeburn-krb-rijndael-krb-02 - */ - -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int encryptp) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - /* - * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. - */ - - if (encryptp) { - - while(len > AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ ivec[i]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - for (i = 0; i < len; i++) - tmp[i] = in[i] ^ ivec[i]; - for (; i < AES_BLOCK_SIZE; i++) - tmp[i] = 0 ^ ivec[i]; - - AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); - - memcpy(out, ivec, len); - memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - } else { - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - - while(len > AES_BLOCK_SIZE * 2) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - len -= AES_BLOCK_SIZE; - - memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ - AES_decrypt(in, tmp2, key); - - memcpy(tmp3, in + AES_BLOCK_SIZE, len); - memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ - - for (i = 0; i < len; i++) - out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; - - AES_decrypt(tmp3, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } -} - -static krb5_error_code -AES_CTS_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - struct krb5_aes_schedule *aeskey = key->schedule->data; - char local_ivec[AES_BLOCK_SIZE]; - AES_KEY *k; - - if (encryptp) - k = &aeskey->ekey; - else - k = &aeskey->dkey; - - if (len < AES_BLOCK_SIZE) - krb5_abortx(context, "invalid use of AES_CTS_encrypt"); - if (len == AES_BLOCK_SIZE) { - if (encryptp) - AES_encrypt(data, data, k); - else - AES_decrypt(data, data, k); - } else { - if(ivec == NULL) { - memset(local_ivec, 0, sizeof(local_ivec)); - ivec = local_ivec; - } - _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp); - } - - return 0; -} - -/* - * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 - * - * warning: not for small children - */ - -static krb5_error_code -ARCFOUR_subencrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - unsigned usage, - void *ivec) -{ - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - Checksum k1_c, k2_c, k3_c, cksum; - struct key_data ke; - krb5_keyblock kb; - unsigned char t[4]; - RC4_KEY rc4_key; - unsigned char *cdata = data; - unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; - krb5_error_code ret; - - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - - k1_c.checksum.length = sizeof(k1_c_data); - k1_c.checksum.data = k1_c_data; - - ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); - if (ret) - krb5_abortx(context, "hmac failed"); - - memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); - - k2_c.checksum.length = sizeof(k2_c_data); - k2_c.checksum.data = k2_c_data; - - ke.key = &kb; - kb.keyvalue = k2_c.checksum; - - cksum.checksum.length = 16; - cksum.checksum.data = data; - - ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); - if (ret) - krb5_abortx(context, "hmac failed"); - - ke.key = &kb; - kb.keyvalue = k1_c.checksum; - - k3_c.checksum.length = sizeof(k3_c_data); - k3_c.checksum.data = k3_c_data; - - ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c); - if (ret) - krb5_abortx(context, "hmac failed"); - - RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); - RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); - memset (k1_c_data, 0, sizeof(k1_c_data)); - memset (k2_c_data, 0, sizeof(k2_c_data)); - memset (k3_c_data, 0, sizeof(k3_c_data)); - return 0; -} - -static krb5_error_code -ARCFOUR_subdecrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - unsigned usage, - void *ivec) -{ - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - Checksum k1_c, k2_c, k3_c, cksum; - struct key_data ke; - krb5_keyblock kb; - unsigned char t[4]; - RC4_KEY rc4_key; - unsigned char *cdata = data; - unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; - unsigned char cksum_data[16]; - krb5_error_code ret; - - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - - k1_c.checksum.length = sizeof(k1_c_data); - k1_c.checksum.data = k1_c_data; - - ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); - if (ret) - krb5_abortx(context, "hmac failed"); - - memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); - - k2_c.checksum.length = sizeof(k2_c_data); - k2_c.checksum.data = k2_c_data; - - ke.key = &kb; - kb.keyvalue = k1_c.checksum; - - k3_c.checksum.length = sizeof(k3_c_data); - k3_c.checksum.data = k3_c_data; - - ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); - if (ret) - krb5_abortx(context, "hmac failed"); - - RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); - RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); - - ke.key = &kb; - kb.keyvalue = k2_c.checksum; - - cksum.checksum.length = 16; - cksum.checksum.data = cksum_data; - - ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); - if (ret) - krb5_abortx(context, "hmac failed"); - - memset (k1_c_data, 0, sizeof(k1_c_data)); - memset (k2_c_data, 0, sizeof(k2_c_data)); - memset (k3_c_data, 0, sizeof(k3_c_data)); - - if (memcmp (cksum.checksum.data, data, 16) != 0) { - krb5_clear_error_string (context); - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - } else { - return 0; - } -} - -/* - * convert the usage numbers used in - * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in - * draft-brezak-win2k-krb-rc4-hmac-04.txt - */ - -static krb5_error_code -usage2arcfour (krb5_context context, unsigned *usage) -{ - switch (*usage) { - case KRB5_KU_AS_REP_ENC_PART : /* 3 */ - case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */ - *usage = 8; - return 0; - case KRB5_KU_USAGE_SEAL : /* 22 */ - *usage = 13; - return 0; - case KRB5_KU_USAGE_SIGN : /* 23 */ - *usage = 15; - return 0; - case KRB5_KU_USAGE_SEQ: /* 24 */ - *usage = 0; - return 0; - default : - return 0; - } -} - -static krb5_error_code -ARCFOUR_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - krb5_error_code ret; - unsigned keyusage = usage; - - if((ret = usage2arcfour (context, &keyusage)) != 0) - return ret; - - if (encryptp) - return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec); - else - return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec); -} - - -/* - * - */ - -static krb5_error_code -AES_PRF(krb5_context context, - krb5_crypto crypto, - const krb5_data *in, - krb5_data *out) -{ - struct checksum_type *ct = crypto->et->checksum; - krb5_error_code ret; - Checksum result; - krb5_keyblock *derived; - - result.cksumtype = ct->type; - ret = krb5_data_alloc(&result.checksum, ct->checksumsize); - if (ret) { - krb5_set_error_string(context, "out memory"); - return ret; - } - - (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); - - if (result.checksum.length < crypto->et->blocksize) - krb5_abortx(context, "internal prf error"); - - derived = NULL; - ret = krb5_derive_key(context, crypto->key.key, - crypto->et->type, "prf", 3, &derived); - if (ret) - krb5_abortx(context, "krb5_derive_key"); - - ret = krb5_data_alloc(out, crypto->et->blocksize); - if (ret) - krb5_abortx(context, "malloc failed"); - - { - AES_KEY key; - - AES_set_encrypt_key(derived->keyvalue.data, - crypto->et->keytype->bits, &key); - AES_encrypt(result.checksum.data, out->data, &key); - memset(&key, 0, sizeof(key)); - } - - krb5_data_free(&result.checksum); - krb5_free_keyblock(context, derived); - - return ret; -} - -/* - * these should currently be in reverse preference order. - * (only relevant for !F_PSEUDO) */ - -static struct encryption_type enctype_null = { - ETYPE_NULL, - "null", - NULL, - 1, - 1, - 0, - &keytype_null, - &checksum_none, - NULL, - F_DISABLED, - NULL_encrypt, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_crc = { - ETYPE_DES_CBC_CRC, - "des-cbc-crc", - NULL, - 8, - 8, - 8, - &keytype_des, - &checksum_crc32, - NULL, - 0, - DES_CBC_encrypt_key_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md4 = { - ETYPE_DES_CBC_MD4, - "des-cbc-md4", - NULL, - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md4, - &checksum_rsa_md4_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md5 = { - ETYPE_DES_CBC_MD5, - "des-cbc-md5", - NULL, - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md5, - &checksum_rsa_md5_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_arcfour_hmac_md5 = { - ETYPE_ARCFOUR_HMAC_MD5, - "arcfour-hmac-md5", - NULL, - 1, - 1, - 8, - &keytype_arcfour, - &checksum_hmac_md5, - NULL, - F_SPECIAL, - ARCFOUR_encrypt, - 0, - NULL -}; -static struct encryption_type enctype_des3_cbc_md5 = { - ETYPE_DES3_CBC_MD5, - "des3-cbc-md5", - NULL, - 8, - 8, - 8, - &keytype_des3, - &checksum_rsa_md5, - &checksum_rsa_md5_des3, - 0, - DES3_CBC_encrypt, - 0, - NULL -}; -static struct encryption_type enctype_des3_cbc_sha1 = { - ETYPE_DES3_CBC_SHA1, - "des3-cbc-sha1", - NULL, - 8, - 8, - 8, - &keytype_des3_derived, - &checksum_sha1, - &checksum_hmac_sha1_des3, - F_DERIVED, - DES3_CBC_encrypt, - 0, - NULL -}; -static struct encryption_type enctype_old_des3_cbc_sha1 = { - ETYPE_OLD_DES3_CBC_SHA1, - "old-des3-cbc-sha1", - NULL, - 8, - 8, - 8, - &keytype_des3, - &checksum_sha1, - &checksum_hmac_sha1_des3, - 0, - DES3_CBC_encrypt, - 0, - NULL -}; -static struct encryption_type enctype_aes128_cts_hmac_sha1 = { - ETYPE_AES128_CTS_HMAC_SHA1_96, - "aes128-cts-hmac-sha1-96", - NULL, - 16, - 1, - 16, - &keytype_aes128, - &checksum_sha1, - &checksum_hmac_sha1_aes128, - F_DERIVED, - AES_CTS_encrypt, - 16, - AES_PRF -}; -static struct encryption_type enctype_aes256_cts_hmac_sha1 = { - ETYPE_AES256_CTS_HMAC_SHA1_96, - "aes256-cts-hmac-sha1-96", - NULL, - 16, - 1, - 16, - &keytype_aes256, - &checksum_sha1, - &checksum_hmac_sha1_aes256, - F_DERIVED, - AES_CTS_encrypt, - 16, - AES_PRF -}; -static struct encryption_type enctype_des_cbc_none = { - ETYPE_DES_CBC_NONE, - "des-cbc-none", - NULL, - 8, - 8, - 0, - &keytype_des, - &checksum_none, - NULL, - F_PSEUDO, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cfb64_none = { - ETYPE_DES_CFB64_NONE, - "des-cfb64-none", - NULL, - 1, - 1, - 0, - &keytype_des, - &checksum_none, - NULL, - F_PSEUDO, - DES_CFB64_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_pcbc_none = { - ETYPE_DES_PCBC_NONE, - "des-pcbc-none", - NULL, - 8, - 8, - 0, - &keytype_des, - &checksum_none, - NULL, - F_PSEUDO, - DES_PCBC_encrypt_key_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des3_cbc_none = { - ETYPE_DES3_CBC_NONE, - "des3-cbc-none", - NULL, - 8, - 8, - 0, - &keytype_des3_derived, - &checksum_none, - NULL, - F_PSEUDO, - DES3_CBC_encrypt, - 0, - NULL -}; - -static struct encryption_type *etypes[] = { - &enctype_null, - &enctype_des_cbc_crc, - &enctype_des_cbc_md4, - &enctype_des_cbc_md5, - &enctype_arcfour_hmac_md5, - &enctype_des3_cbc_md5, - &enctype_des3_cbc_sha1, - &enctype_old_des3_cbc_sha1, - &enctype_aes128_cts_hmac_sha1, - &enctype_aes256_cts_hmac_sha1, - &enctype_des_cbc_none, - &enctype_des_cfb64_none, - &enctype_des_pcbc_none, - &enctype_des3_cbc_none -}; - -static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); - - -static struct encryption_type * -_find_enctype(krb5_enctype type) +struct _krb5_encryption_type * +_krb5_find_enctype(krb5_enctype type) { int i; - for(i = 0; i < num_etypes; i++) - if(etypes[i]->type == type) - return etypes[i]; + for(i = 0; i < _krb5_num_etypes; i++) + if(_krb5_etypes[i]->type == type) + return _krb5_etypes[i]; return NULL; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_string(krb5_context context, krb5_enctype etype, char **string) { - struct encryption_type *e; - e = _find_enctype(etype); + struct _krb5_encryption_type *e; + e = _krb5_find_enctype(etype); if(e == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + etype); *string = NULL; return KRB5_PROG_ETYPE_NOSUPP; } *string = strdup(e->name); if(*string == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_enctype(krb5_context context, const char *string, krb5_enctype *etype) { int i; - for(i = 0; i < num_etypes; i++) - if(strcasecmp(etypes[i]->name, string) == 0){ - *etype = etypes[i]->type; + for(i = 0; i < _krb5_num_etypes; i++) + if(strcasecmp(_krb5_etypes[i]->name, string) == 0){ + *etype = _krb5_etypes[i]->type; return 0; } - krb5_set_error_string (context, "encryption type %s not supported", - string); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %s not supported", ""), + string); return KRB5_PROG_ETYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION -_krb5_enctype_to_oid(krb5_context context, - krb5_enctype etype, - heim_oid *oid) -{ - struct encryption_type *et = _find_enctype(etype); - if(et == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; - } - if(et->oid == NULL) { - krb5_set_error_string (context, "%s have not oid", et->name); - return KRB5_PROG_ETYPE_NOSUPP; - } - krb5_clear_error_string(context); - return der_copy_oid(et->oid, oid); -} - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_oid_to_enctype(krb5_context context, - const heim_oid *oid, - krb5_enctype *etype) -{ - int i; - for(i = 0; i < num_etypes; i++) { - if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) { - *etype = etypes[i]->type; - return 0; - } - } - krb5_set_error_string(context, "enctype for oid not supported"); - return KRB5_PROG_ETYPE_NOSUPP; -} - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_keytype(krb5_context context, krb5_enctype etype, krb5_keytype *keytype) { - struct encryption_type *e = _find_enctype(etype); + struct _krb5_encryption_type *e = _krb5_find_enctype(etype); if(e == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, etype); } *keytype = e->keytype->type; /* XXX */ return 0; } -#if 0 -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctype(krb5_context context, - krb5_keytype keytype, - krb5_enctype *etype) -{ - struct key_type *kt = _find_keytype(keytype); - krb5_warnx(context, "krb5_keytype_to_enctype(%u)", keytype); - if(kt == NULL) - return KRB5_PROG_KEYTYPE_NOSUPP; - *etype = kt->best_etype; - return 0; -} -#endif - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes (krb5_context context, - krb5_keytype keytype, - unsigned *len, - krb5_enctype **val) -{ - int i; - unsigned n = 0; - krb5_enctype *ret; - - for (i = num_etypes - 1; i >= 0; --i) { - if (etypes[i]->keytype->type == keytype - && !(etypes[i]->flags & F_PSEUDO)) - ++n; - } - ret = malloc(n * sizeof(*ret)); - if (ret == NULL && n != 0) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - n = 0; - for (i = num_etypes - 1; i >= 0; --i) { - if (etypes[i]->keytype->type == keytype - && !(etypes[i]->flags & F_PSEUDO)) - ret[n++] = etypes[i]->type; - } - *len = n; - *val = ret; - return 0; -} - -/* - * First take the configured list of etypes for `keytype' if available, - * else, do `krb5_keytype_to_enctypes'. +/** + * Check if a enctype is valid, return 0 if it is. + * + * @param context Kerberos context + * @param etype enctype to check if its valid or not + * + * @return Return an error code for an failure or 0 on success (enctype valid). + * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes_default (krb5_context context, - krb5_keytype keytype, - unsigned *len, - krb5_enctype **val) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_valid(krb5_context context, + krb5_enctype etype) { - int i, n; - krb5_enctype *ret; - - if (keytype != KEYTYPE_DES || context->etypes_des == NULL) - return krb5_keytype_to_enctypes (context, keytype, len, val); - - for (n = 0; context->etypes_des[n]; ++n) - ; - ret = malloc (n * sizeof(*ret)); - if (ret == NULL && n != 0) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - for (i = 0; i < n; ++i) - ret[i] = context->etypes_des[i]; - *len = n; - *val = ret; - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_valid(krb5_context context, - krb5_enctype etype) -{ - struct encryption_type *e = _find_enctype(etype); + struct _krb5_encryption_type *e = _krb5_find_enctype(etype); + if(e && (e->flags & F_DISABLED) == 0) + return 0; + if (context == NULL) + return KRB5_PROG_ETYPE_NOSUPP; if(e == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, etype); } - if (e->flags & F_DISABLED) { - krb5_set_error_string (context, "encryption type %s is disabled", - e->name); - return KRB5_PROG_ETYPE_NOSUPP; - } - return 0; + /* Must be (e->flags & F_DISABLED) */ + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %s is disabled", ""), + e->name); + return KRB5_PROG_ETYPE_NOSUPP; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_cksumtype_valid(krb5_context context, +/** + * Return the coresponding encryption type for a checksum type. + * + * @param context Kerberos context + * @param ctype The checksum type to get the result enctype for + * @param etype The returned encryption, when the matching etype is + * not found, etype is set to ETYPE_NULL. + * + * @return Return an error code for an failure or 0 on success. + * @ingroup krb5_crypto + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cksumtype_to_enctype(krb5_context context, + krb5_cksumtype ctype, + krb5_enctype *etype) +{ + int i; + + *etype = ETYPE_NULL; + + for(i = 0; i < _krb5_num_etypes; i++) { + if(_krb5_etypes[i]->keyed_checksum && + _krb5_etypes[i]->keyed_checksum->type == ctype) + { + *etype = _krb5_etypes[i]->type; + return 0; + } + } + + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + (int)ctype); + return KRB5_PROG_SUMTYPE_NOSUPP; +} + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cksumtype_valid(krb5_context context, krb5_cksumtype ctype) { - struct checksum_type *c = _find_checksum(ctype); + struct _krb5_checksum_type *c = _krb5_find_checksum(ctype); if (c == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - ctype); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %d not supported", ""), + ctype); return KRB5_PROG_SUMTYPE_NOSUPP; } if (c->flags & F_DISABLED) { - krb5_set_error_string (context, "checksum type %s is disabled", - c->name); + krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, + N_("checksum type %s is disabled", ""), + c->name); return KRB5_PROG_SUMTYPE_NOSUPP; } return 0; } -/* if two enctypes have compatible keys */ -krb5_boolean KRB5_LIB_FUNCTION -krb5_enctypes_compatible_keys(krb5_context context, - krb5_enctype etype1, - krb5_enctype etype2) -{ - struct encryption_type *e1 = _find_enctype(etype1); - struct encryption_type *e2 = _find_enctype(etype2); - return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype; -} - static krb5_boolean derived_crypto(krb5_context context, krb5_crypto crypto) @@ -3001,9 +821,9 @@ encrypt_internal_derived(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - struct key_data *dkey; - const struct encryption_type *et = crypto->et; - + struct _krb5_key_data *dkey; + const struct _krb5_encryption_type *et = crypto->et; + checksum_sz = CHECKSUMSIZE(et->keyed_checksum); sz = et->confoundersize + len; @@ -3011,25 +831,25 @@ encrypt_internal_derived(krb5_context context, total_sz = block_sz + checksum_sz; p = calloc(1, total_sz); if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - + q = p; krb5_generate_random_block(q, et->confoundersize); /* XXX */ q += et->confoundersize; memcpy(q, data, len); - - ret = create_checksum(context, + + ret = create_checksum(context, et->keyed_checksum, - crypto, + crypto, INTEGRITY_USAGE(usage), - p, + p, block_sz, &cksum); if(ret == 0 && cksum.checksum.length != checksum_sz) { free_Checksum (&cksum); - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5_CRYPTO_INTERNAL; } if(ret) @@ -3042,9 +862,6 @@ encrypt_internal_derived(krb5_context context, ret = _key_schedule(context, dkey); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); if (ret) goto fail; @@ -3070,18 +887,18 @@ encrypt_internal(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - const struct encryption_type *et = crypto->et; - + const struct _krb5_encryption_type *et = crypto->et; + checksum_sz = CHECKSUMSIZE(et->checksum); - + sz = et->confoundersize + checksum_sz + len; block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ p = calloc(1, block_sz); if(p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - + q = p; krb5_generate_random_block(q, et->confoundersize); /* XXX */ q += et->confoundersize; @@ -3089,15 +906,15 @@ encrypt_internal(krb5_context context, q += checksum_sz; memcpy(q, data, len); - ret = create_checksum(context, + ret = create_checksum(context, et->checksum, crypto, 0, - p, + p, block_sz, &cksum); if(ret == 0 && cksum.checksum.length != checksum_sz) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); free_Checksum(&cksum); ret = KRB5_CRYPTO_INTERNAL; } @@ -3108,9 +925,6 @@ encrypt_internal(krb5_context context, ret = _key_schedule(context, &crypto->key); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); if (ret) { memset(p, 0, block_sz); @@ -3135,7 +949,7 @@ encrypt_internal_special(krb5_context context, krb5_data *result, void *ivec) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t cksum_sz = CHECKSUMSIZE(et->checksum); size_t sz = len + cksum_sz + et->confoundersize; char *tmp, *p; @@ -3143,7 +957,7 @@ encrypt_internal_special(krb5_context context, tmp = malloc (sz); if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } p = tmp; @@ -3176,25 +990,26 @@ decrypt_internal_derived(krb5_context context, Checksum cksum; unsigned char *p; krb5_error_code ret; - struct key_data *dkey; - struct encryption_type *et = crypto->et; + struct _krb5_key_data *dkey; + struct _krb5_encryption_type *et = crypto->et; unsigned long l; - + checksum_sz = CHECKSUMSIZE(et->keyed_checksum); if (len < checksum_sz + et->confoundersize) { - krb5_set_error_string(context, "Encrypted data shorter then " - "checksum + confunder"); + krb5_set_error_message(context, KRB5_BAD_MSIZE, + N_("Encrypted data shorter then " + "checksum + confunder", "")); return KRB5_BAD_MSIZE; } if (((len - checksum_sz) % et->padsize) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_BAD_MSIZE; } p = malloc(len); if(len != 0 && p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(p, data, len); @@ -3211,9 +1026,6 @@ decrypt_internal_derived(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); if (ret) { free(p); @@ -3239,7 +1051,7 @@ decrypt_internal_derived(krb5_context context, result->data = realloc(p, l); if(result->data == NULL && l != 0) { free(p); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } result->length = l; @@ -3258,29 +1070,32 @@ decrypt_internal(krb5_context context, unsigned char *p; Checksum cksum; size_t checksum_sz, l; - struct encryption_type *et = crypto->et; - + struct _krb5_encryption_type *et = crypto->et; + if ((len % et->padsize) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); + return KRB5_BAD_MSIZE; + } + checksum_sz = CHECKSUMSIZE(et->checksum); + if (len < checksum_sz + et->confoundersize) { + krb5_set_error_message(context, KRB5_BAD_MSIZE, + N_("Encrypted data shorter then " + "checksum + confunder", "")); return KRB5_BAD_MSIZE; } - checksum_sz = CHECKSUMSIZE(et->checksum); p = malloc(len); if(len != 0 && p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(p, data, len); - + ret = _key_schedule(context, &crypto->key); if(ret) { free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); if (ret) { free(p); @@ -3304,7 +1119,7 @@ decrypt_internal(krb5_context context, result->data = realloc(p, l); if(result->data == NULL && l != 0) { free(p); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } result->length = l; @@ -3320,24 +1135,30 @@ decrypt_internal_special(krb5_context context, krb5_data *result, void *ivec) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t cksum_sz = CHECKSUMSIZE(et->checksum); size_t sz = len - cksum_sz - et->confoundersize; unsigned char *p; krb5_error_code ret; if ((len % et->padsize) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); + return KRB5_BAD_MSIZE; + } + if (len < cksum_sz + et->confoundersize) { + krb5_set_error_message(context, KRB5_BAD_MSIZE, + N_("Encrypted data shorter then " + "checksum + confunder", "")); return KRB5_BAD_MSIZE; } p = malloc (len); if (p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(p, data, len); - + ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec); if (ret) { free(p); @@ -3348,15 +1169,583 @@ decrypt_internal_special(krb5_context context, result->data = realloc(p, sz); if(result->data == NULL && sz != 0) { free(p); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } result->length = sz; return 0; } +static krb5_crypto_iov * +find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type) +{ + size_t i; + for (i = 0; i < num_data; i++) + if (data[i].flags == type) + return &data[i]; + return NULL; +} -krb5_error_code KRB5_LIB_FUNCTION +/** + * Inline encrypt a kerberos message + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * Kerberos encrypted data look like this: + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. array [1,...] KRB5_CRYPTO_TYPE_DATA and array [0,...] + * KRB5_CRYPTO_TYPE_SIGN_ONLY in any order, however the receiver + * have to aware of the order. KRB5_CRYPTO_TYPE_SIGN_ONLY is + * commonly used headers and trailers. + * 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 + * 4. KRB5_CRYPTO_TYPE_TRAILER + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + int num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + int i; + size_t sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct _krb5_key_data *dkey; + const struct _krb5_encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *piv, *hiv; + + if (num_data < 0) { + krb5_clear_error_message(context); + return KRB5_CRYPTO_INTERNAL; + } + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + len += data[i].data.length; + } + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length != headersz) + return KRB5_BAD_MSIZE; + + krb5_generate_random_block(hiv->data.data, hiv->data.length); + + /* padding */ + piv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_PADDING); + /* its ok to have no TYPE_PADDING if there is no padding */ + if (piv == NULL && pad_sz != 0) + return KRB5_BAD_MSIZE; + if (piv) { + if (piv->data.length < pad_sz) + return KRB5_BAD_MSIZE; + piv->data.length = pad_sz; + if (pad_sz) + memset(piv->data.data, pad_sz, pad_sz); + else + piv = NULL; + } + + /* trailer */ + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length != trailersz) + return KRB5_BAD_MSIZE; + + /* + * XXX replace with EVP_Sign? at least make create_checksum an iov + * function. + * XXX CTS EVP is broken, can't handle multi buffers :( + */ + + len = block_sz; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + if (piv) + memset(q, 0, piv->data.length); + + ret = create_checksum(context, + et->keyed_checksum, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret == 0 && cksum.checksum.length != trailersz) { + free_Checksum (&cksum); + krb5_clear_error_message (context); + ret = KRB5_CRYPTO_INTERNAL; + } + if(ret) + return ret; + + /* save cksum at end */ + memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + + /* XXX replace with EVP_Cipher */ + p = q = malloc(block_sz); + if(p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + if (piv) + memset(q, 0, piv->data.length); + + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* now copy data back to buffers */ + q = p; + + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + } + if (piv) + memcpy(piv->data.data, q, pad_sz); + + free(p); + + return ret; +} + +/** + * Inline decrypt a Kerberos message. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. one KRB5_CRYPTO_TYPE_DATA and array [0,...] of KRB5_CRYPTO_TYPE_SIGN_ONLY in + * any order, however the receiver have to aware of the + * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted + * protocol headers and trailers. The output data will be of same + * size as the input data or shorter. + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + unsigned int num_data, + void *ivec) +{ + unsigned int i; + size_t headersz, trailersz, len; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct _krb5_key_data *dkey; + struct _krb5_encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length != headersz) + return KRB5_BAD_MSIZE; + + /* trailer */ + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv->data.length != trailersz) + return KRB5_BAD_MSIZE; + + /* Find length of data we will decrypt */ + + len = headersz; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + len += data[i].data.length; + } + + if ((len % et->padsize) != 0) { + krb5_clear_error_message(context); + return KRB5_BAD_MSIZE; + } + + /* XXX replace with EVP_Cipher */ + + p = q = malloc(len); + if (p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* copy data back to buffers */ + memcpy(hiv->data.data, p, hiv->data.length); + q = p + hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + } + + free(p); + + /* check signature */ + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if (p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + cksum.checksum.data = tiv->data.data; + cksum.checksum.length = tiv->data.length; + cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); + + ret = verify_checksum(context, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + return ret; +} + +/** + * Create a Kerberos message checksum. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param type output data + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_create_checksum_iov(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + unsigned int num_data, + krb5_cksumtype *type) +{ + Checksum cksum; + krb5_crypto_iov *civ; + krb5_error_code ret; + size_t i; + size_t len; + char *p, *q; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); + return KRB5_CRYPTO_INTERNAL; + } + + civ = find_iv(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM); + if (civ == NULL) + return KRB5_BAD_MSIZE; + + len = 0; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum); + free(p); + if (ret) + return ret; + + if (type) + *type = cksum.cksumtype; + + if (cksum.checksum.length > civ->data.length) { + krb5_set_error_message(context, KRB5_BAD_MSIZE, + N_("Checksum larger then input buffer", "")); + free_Checksum(&cksum); + return KRB5_BAD_MSIZE; + } + + civ->data.length = cksum.checksum.length; + memcpy(civ->data.data, cksum.checksum.data, civ->data.length); + free_Checksum(&cksum); + + return 0; +} + +/** + * Verify a Kerberos message checksum. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param type return checksum type if not NULL + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_checksum_iov(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + unsigned int num_data, + krb5_cksumtype *type) +{ + struct _krb5_encryption_type *et = crypto->et; + Checksum cksum; + krb5_crypto_iov *civ; + krb5_error_code ret; + size_t i; + size_t len; + char *p, *q; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); + return KRB5_CRYPTO_INTERNAL; + } + + civ = find_iv(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM); + if (civ == NULL) + return KRB5_BAD_MSIZE; + + len = 0; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); + cksum.checksum.length = civ->data.length; + cksum.checksum.data = civ->data.data; + + ret = krb5_verify_checksum(context, crypto, usage, p, len, &cksum); + free(p); + + if (ret == 0 && type) + *type = cksum.cksumtype; + + return ret; +} + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_length(krb5_context context, + krb5_crypto crypto, + int type, + size_t *len) +{ + if (!derived_crypto(context, crypto)) { + krb5_set_error_message(context, EINVAL, "not a derived crypto"); + return EINVAL; + } + + switch(type) { + case KRB5_CRYPTO_TYPE_EMPTY: + *len = 0; + return 0; + case KRB5_CRYPTO_TYPE_HEADER: + *len = crypto->et->blocksize; + return 0; + case KRB5_CRYPTO_TYPE_DATA: + case KRB5_CRYPTO_TYPE_SIGN_ONLY: + /* len must already been filled in */ + return 0; + case KRB5_CRYPTO_TYPE_PADDING: + if (crypto->et->padsize > 1) + *len = crypto->et->padsize; + else + *len = 0; + return 0; + case KRB5_CRYPTO_TYPE_TRAILER: + *len = CHECKSUMSIZE(crypto->et->keyed_checksum); + return 0; + case KRB5_CRYPTO_TYPE_CHECKSUM: + if (crypto->et->keyed_checksum) + *len = CHECKSUMSIZE(crypto->et->keyed_checksum); + else + *len = CHECKSUMSIZE(crypto->et->checksum); + return 0; + } + krb5_set_error_message(context, EINVAL, + "%d not a supported type", type); + return EINVAL; +} + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_length_iov(krb5_context context, + krb5_crypto crypto, + krb5_crypto_iov *data, + unsigned int num_data) +{ + krb5_error_code ret; + size_t i; + + for (i = 0; i < num_data; i++) { + ret = krb5_crypto_length(context, crypto, + data[i].flags, + &data[i].data.length); + if (ret) + return ret; + } + return 0; +} + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3366,7 +1755,7 @@ krb5_encrypt_ivec(krb5_context context, void *ivec) { if(derived_crypto(context, crypto)) - return encrypt_internal_derived(context, crypto, usage, + return encrypt_internal_derived(context, crypto, usage, data, len, result, ivec); else if (special_crypto(context, crypto)) return encrypt_internal_special (context, crypto, usage, @@ -3375,7 +1764,7 @@ krb5_encrypt_ivec(krb5_context context, return encrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3386,7 +1775,7 @@ krb5_encrypt(krb5_context context, return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3404,7 +1793,7 @@ krb5_encrypt_EncryptedData(krb5_context context, return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3414,7 +1803,7 @@ krb5_decrypt_ivec(krb5_context context, void *ivec) { if(derived_crypto(context, crypto)) - return decrypt_internal_derived(context, crypto, usage, + return decrypt_internal_derived(context, crypto, usage, data, len, result, ivec); else if (special_crypto (context, crypto)) return decrypt_internal_special(context, crypto, usage, @@ -3423,7 +1812,7 @@ krb5_decrypt_ivec(krb5_context context, return decrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3435,14 +1824,14 @@ krb5_decrypt(krb5_context context, NULL); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, const EncryptedData *e, krb5_data *result) { - return krb5_decrypt(context, crypto, usage, + return krb5_decrypt(context, crypto, usage, e->cipher.data, e->cipher.length, result); } @@ -3450,96 +1839,17 @@ krb5_decrypt_EncryptedData(krb5_context context, * * ************************************************************/ -#define ENTROPY_NEEDED 128 - -static int -seed_something(void) +krb5_error_code +_krb5_derive_key(krb5_context context, + struct _krb5_encryption_type *et, + struct _krb5_key_data *key, + const void *constant, + size_t len) { - char buf[1024], seedfile[256]; - - /* If there is a seed file, load it. But such a file cannot be trusted, - so use 0 for the entropy estimate */ - if (RAND_file_name(seedfile, sizeof(seedfile))) { - int fd; - fd = open(seedfile, O_RDONLY); - if (fd >= 0) { - ssize_t ret; - ret = read(fd, buf, sizeof(buf)); - if (ret > 0) - RAND_add(buf, ret, 0.0); - close(fd); - } else - seedfile[0] = '\0'; - } else - seedfile[0] = '\0'; - - /* Calling RAND_status() will try to use /dev/urandom if it exists so - we do not have to deal with it. */ - if (RAND_status() != 1) { - krb5_context context; - const char *p; - - /* Try using egd */ - if (!krb5_init_context(&context)) { - p = krb5_config_get_string(context, NULL, "libdefaults", - "egd_socket", NULL); - if (p != NULL) - RAND_egd_bytes(p, ENTROPY_NEEDED); - krb5_free_context(context); - } - } - - if (RAND_status() == 1) { - /* Update the seed file */ - if (seedfile[0]) - RAND_write_file(seedfile); - - return 0; - } else - return -1; -} - -void KRB5_LIB_FUNCTION -krb5_generate_random_block(void *buf, size_t len) -{ - static int rng_initialized = 0; - - HEIMDAL_MUTEX_lock(&crypto_mutex); - if (!rng_initialized) { - if (seed_something()) - krb5_abortx(NULL, "Fatal: could not seed the " - "random number generator"); - - rng_initialized = 1; - } - HEIMDAL_MUTEX_unlock(&crypto_mutex); - if (RAND_bytes(buf, len) != 1) - krb5_abortx(NULL, "Failed to generate random block"); -} - -static void -DES3_postproc(krb5_context context, - unsigned char *k, size_t len, struct key_data *key) -{ - DES3_random_to_key(context, key->key, k, len); - - if (key->schedule) { - krb5_free_data(context, key->schedule); - key->schedule = NULL; - } -} - -static krb5_error_code -derive_key(krb5_context context, - struct encryption_type *et, - struct key_data *key, - const void *constant, - size_t len) -{ - unsigned char *k; + unsigned char *k = NULL; unsigned int nblocks = 0, i; krb5_error_code ret = 0; - struct key_type *kt = et->keytype; + struct _krb5_key_type *kt = et->keytype; ret = _key_schedule(context, key); if(ret) @@ -3548,18 +1858,19 @@ derive_key(krb5_context context, nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); k = malloc(nblocks * et->blocksize); if(k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; } ret = _krb5_n_fold(constant, len, k, et->blocksize); if (ret) { - free(k); - krb5_set_error_string(context, "out of memory"); - return ret; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; } + for(i = 0; i < nblocks; i++) { if(i > 0) - memcpy(k + i * et->blocksize, + memcpy(k + i * et->blocksize, k + (i - 1) * et->blocksize, et->blocksize); (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize, @@ -3571,55 +1882,59 @@ derive_key(krb5_context context, size_t res_len = (kt->bits + 7) / 8; if(len != 0 && c == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; } memcpy(c, constant, len); (*et->encrypt)(context, key, c, len, 1, 0, NULL); k = malloc(res_len); if(res_len != 0 && k == NULL) { free(c); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; } ret = _krb5_n_fold(c, len, k, res_len); - if (ret) { - free(k); - krb5_set_error_string(context, "out of memory"); - return ret; - } free(c); + if (ret) { + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; + } } - + /* XXX keytype dependent post-processing */ switch(kt->type) { - case KEYTYPE_DES3: - DES3_postproc(context, k, nblocks * et->blocksize, key); + case ETYPE_OLD_DES3_CBC_SHA1: + _krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize); break; - case KEYTYPE_AES128: - case KEYTYPE_AES256: + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); break; default: - krb5_set_error_string(context, - "derive_key() called with unknown keytype (%u)", - kt->type); ret = KRB5_CRYPTO_INTERNAL; + krb5_set_error_message(context, ret, + N_("derive_key() called with unknown keytype (%u)", ""), + kt->type); break; } + out: if (key->schedule) { - krb5_free_data(context, key->schedule); + free_key_schedule(context, key, et); key->schedule = NULL; } - memset(k, 0, nblocks * et->blocksize); - free(k); + if (k) { + memset(k, 0, nblocks * et->blocksize); + free(k); + } return ret; } -static struct key_data * +static struct _krb5_key_data * _new_derived_key(krb5_crypto crypto, unsigned usage) { - struct key_usage *d = crypto->key_usage; + struct _krb5_key_usage *d = crypto->key_usage; d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d)); if(d == NULL) return NULL; @@ -3630,7 +1945,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage) return &d->key; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_derive_key(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -3639,16 +1954,14 @@ krb5_derive_key(krb5_context context, krb5_keyblock **derived_key) { krb5_error_code ret; - struct encryption_type *et; - struct key_data d; + struct _krb5_encryption_type *et; + struct _krb5_key_data d; *derived_key = NULL; - et = _find_enctype (etype); + et = _krb5_find_enctype (etype); if (et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype (context, etype); } ret = krb5_copy_keyblock(context, key, &d.key); @@ -3656,21 +1969,21 @@ krb5_derive_key(krb5_context context, return ret; d.schedule = NULL; - ret = derive_key(context, et, &d, constant, constant_len); + ret = _krb5_derive_key(context, et, &d, constant, constant_len); if (ret == 0) ret = krb5_copy_keyblock(context, d.key, derived_key); - free_key_data(context, &d); + _krb5_free_key_data(context, &d, et); return ret; } static krb5_error_code -_get_derived_key(krb5_context context, - krb5_crypto crypto, - unsigned usage, - struct key_data **key) +_get_derived_key(krb5_context context, + krb5_crypto crypto, + unsigned usage, + struct _krb5_key_data **key) { int i; - struct key_data *d; + struct _krb5_key_data *d; unsigned char constant[5]; for(i = 0; i < crypto->num_key_usage; i++) @@ -3680,18 +1993,35 @@ _get_derived_key(krb5_context context, } d = _new_derived_key(crypto, usage); if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_copy_keyblock(context, crypto->key.key, &d->key); _krb5_put_int(constant, usage, 5); - derive_key(context, crypto->et, d, constant, sizeof(constant)); + _krb5_derive_key(context, crypto->et, d, constant, sizeof(constant)); *key = d; return 0; } +/** + * Create a crypto context used for all encryption and signature + * operation. The encryption type to use is taken from the key, but + * can be overridden with the enctype parameter. This can be useful + * for encryptions types which is compatiable (DES for example). + * + * To free the crypto context, use krb5_crypto_destroy(). + * + * @param context Kerberos context + * @param key the key block information with all key data + * @param etype the encryption type + * @param crypto the resulting crypto context + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -3700,23 +2030,22 @@ krb5_crypto_init(krb5_context context, krb5_error_code ret; ALLOC(*crypto, 1); if(*crypto == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } if(etype == ETYPE_NULL) etype = key->keytype; - (*crypto)->et = _find_enctype(etype); + (*crypto)->et = _krb5_find_enctype(etype); if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { free(*crypto); *crypto = NULL; - krb5_set_error_string (context, "encryption type %d not supported", - etype); - return KRB5_PROG_ETYPE_NOSUPP; + return unsupported_enctype(context, etype); } if((*crypto)->et->keytype->size != key->keyvalue.length) { free(*crypto); *crypto = NULL; - krb5_set_error_string (context, "encryption key has bad length"); + krb5_set_error_message (context, KRB5_BAD_KEYSIZE, + "encryption key has bad length"); return KRB5_BAD_KEYSIZE; } ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key); @@ -3732,36 +2061,72 @@ krb5_crypto_init(krb5_context context, } static void -free_key_data(krb5_context context, struct key_data *key) +free_key_schedule(krb5_context context, + struct _krb5_key_data *key, + struct _krb5_encryption_type *et) +{ + if (et->keytype->cleanup) + (*et->keytype->cleanup)(context, key); + memset(key->schedule->data, 0, key->schedule->length); + krb5_free_data(context, key->schedule); +} + +void +_krb5_free_key_data(krb5_context context, struct _krb5_key_data *key, + struct _krb5_encryption_type *et) { krb5_free_keyblock(context, key->key); if(key->schedule) { - memset(key->schedule->data, 0, key->schedule->length); - krb5_free_data(context, key->schedule); + free_key_schedule(context, key, et); + key->schedule = NULL; } } static void -free_key_usage(krb5_context context, struct key_usage *ku) +free_key_usage(krb5_context context, struct _krb5_key_usage *ku, + struct _krb5_encryption_type *et) { - free_key_data(context, &ku->key); + _krb5_free_key_data(context, &ku->key, et); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Free a crypto context created by krb5_crypto_init(). + * + * @param context Kerberos context + * @param crypto crypto context to free + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy(krb5_context context, krb5_crypto crypto) { int i; - + for(i = 0; i < crypto->num_key_usage; i++) - free_key_usage(context, &crypto->key_usage[i]); + free_key_usage(context, &crypto->key_usage[i], crypto->et); free(crypto->key_usage); - free_key_data(context, &crypto->key); + _krb5_free_key_data(context, &crypto->key, crypto->et); free (crypto); return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Return the blocksize used algorithm referenced by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param blocksize the resulting blocksize + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize(krb5_context context, krb5_crypto crypto, size_t *blocksize) @@ -3770,25 +2135,61 @@ krb5_crypto_getblocksize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Return the encryption type used by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param enctype the resulting encryption type + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype(krb5_context context, krb5_crypto crypto, krb5_enctype *enctype) { *enctype = crypto->et->type; - return 0; + return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Return the padding size used by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param padsize the return padding size + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize(krb5_context context, krb5_crypto crypto, - size_t *padsize) + size_t *padsize) { *padsize = crypto->et->padsize; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Return the confounder size used by the crypto context + * + * @param context Kerberos context + * @param crypto crypto context to query + * @param confoundersize the returned confounder size + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize(krb5_context context, krb5_crypto crypto, size_t *confoundersize) @@ -3797,76 +2198,86 @@ krb5_crypto_getconfoundersize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION + +/** + * Disable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable(krb5_context context, krb5_enctype enctype) { - struct encryption_type *et = _find_enctype(enctype); + struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); if(et == NULL) { if (context) - krb5_set_error_string (context, "encryption type %d not supported", - enctype); + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + enctype); return KRB5_PROG_ETYPE_NOSUPP; } et->flags |= F_DISABLED; return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_derived(krb5_context context, - const void *str, - size_t len, - krb5_enctype etype, - krb5_keyblock *key) -{ - struct encryption_type *et = _find_enctype(etype); - krb5_error_code ret; - struct key_data kd; - size_t keylen; - u_char *tmp; +/** + * Enable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to enable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_enable(krb5_context context, + krb5_enctype enctype) +{ + struct _krb5_encryption_type *et = _krb5_find_enctype(enctype); if(et == NULL) { - krb5_set_error_string (context, "encryption type %d not supported", - etype); + if (context) + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + enctype); return KRB5_PROG_ETYPE_NOSUPP; } - keylen = et->keytype->bits / 8; + et->flags &= ~F_DISABLED; + return 0; +} - ALLOC(kd.key, 1); - if(kd.key == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); - if(ret) { - free(kd.key); - return ret; - } - kd.key->keytype = etype; - tmp = malloc (keylen); - if(tmp == NULL) { - krb5_free_keyblock(context, kd.key); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = _krb5_n_fold(str, len, tmp, keylen); - if (ret) { - free(tmp); - krb5_set_error_string(context, "out of memory"); - return ret; - } - kd.schedule = NULL; - DES3_postproc (context, tmp, keylen, &kd); /* XXX */ - memset(tmp, 0, keylen); - free(tmp); - ret = derive_key(context, - et, - &kd, - "kerberos", /* XXX well known constant */ - strlen("kerberos")); - ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); - return ret; +/** + * Enable or disable all weak encryption types + * + * @param context Kerberos 5 context + * @param enable true to enable, false to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_allow_weak_crypto(krb5_context context, + krb5_boolean enable) +{ + int i; + + for(i = 0; i < _krb5_num_etypes; i++) + if(_krb5_etypes[i]->flags & F_WEAK) { + if(enable) + _krb5_etypes[i]->flags &= ~F_DISABLED; + else + _krb5_etypes[i]->flags |= F_DISABLED; + } + return 0; } static size_t @@ -3874,7 +2285,7 @@ wrapped_length (krb5_context context, krb5_crypto crypto, size_t data_len) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t padsize = et->padsize; size_t checksumsize = CHECKSUMSIZE(et->checksum); size_t res; @@ -3889,7 +2300,7 @@ wrapped_length_dervied (krb5_context context, krb5_crypto crypto, size_t data_len) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t padsize = et->padsize; size_t res; @@ -3906,7 +2317,7 @@ wrapped_length_dervied (krb5_context context, * Return the size of an encrypted packet of length `data_len' */ -size_t +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_get_wrapped_length (krb5_context context, krb5_crypto crypto, size_t data_len) @@ -3925,7 +2336,7 @@ static size_t crypto_overhead (krb5_context context, krb5_crypto crypto) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t res; res = CHECKSUMSIZE(et->checksum); @@ -3939,7 +2350,7 @@ static size_t crypto_overhead_dervied (krb5_context context, krb5_crypto crypto) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; size_t res; if (et->keyed_checksum) @@ -3952,7 +2363,7 @@ crypto_overhead_dervied (krb5_context context, return res; } -size_t +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) { if (derived_crypto (context, crypto)) @@ -3961,7 +2372,24 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) return crypto_overhead (context, crypto); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Converts the random bytestring to a protocol key according to + * Kerberos crypto frame work. It may be assumed that all the bits of + * the input string are equally random, even though the entropy + * present in the random source may be limited. + * + * @param context Kerberos 5 context + * @param type the enctype resulting key will be of + * @param data input random data to convert to a key + * @param size size of input random data, at least krb5_enctype_keysize() long + * @param key key, output key, free with krb5_free_keyblock_contents() + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key(krb5_context context, krb5_enctype type, const void *data, @@ -3969,20 +2397,23 @@ krb5_random_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - struct encryption_type *et = _find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + type); return KRB5_PROG_ETYPE_NOSUPP; } if ((et->keytype->bits + 7) / 8 > size) { - krb5_set_error_string(context, "encryption key %s needs %d bytes " - "of random to make an encryption key out of it", - et->name, (int)et->keytype->size); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption key %s needs %d bytes " + "of random to make an encryption key " + "out of it", ""), + et->name, (int)et->keytype->size); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); - if(ret) + if(ret) return ret; key->keytype = type; if (et->keytype->random_to_key) @@ -3993,74 +2424,19 @@ krb5_random_to_key(krb5_context context, return 0; } -krb5_error_code -_krb5_pk_octetstring2key(krb5_context context, - krb5_enctype type, - const void *dhdata, - size_t dhsize, - const heim_octet_string *c_n, - const heim_octet_string *k_n, - krb5_keyblock *key) -{ - struct encryption_type *et = _find_enctype(type); - krb5_error_code ret; - size_t keylen, offset; - void *keydata; - unsigned char counter; - unsigned char shaoutput[20]; - if(et == NULL) { - krb5_set_error_string(context, "encryption type %d not supported", - type); - return KRB5_PROG_ETYPE_NOSUPP; - } - keylen = (et->keytype->bits + 7) / 8; - keydata = malloc(keylen); - if (keydata == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - counter = 0; - offset = 0; - do { - SHA_CTX m; - - SHA1_Init(&m); - SHA1_Update(&m, &counter, 1); - SHA1_Update(&m, dhdata, dhsize); - if (c_n) - SHA1_Update(&m, c_n->data, c_n->length); - if (k_n) - SHA1_Update(&m, k_n->data, k_n->length); - SHA1_Final(shaoutput, &m); - - memcpy((unsigned char *)keydata + offset, - shaoutput, - min(keylen - offset, sizeof(shaoutput))); - - offset += sizeof(shaoutput); - counter++; - } while(offset < keylen); - memset(shaoutput, 0, sizeof(shaoutput)); - - ret = krb5_random_to_key(context, type, keydata, keylen, key); - memset(keydata, 0, sizeof(keylen)); - free(keydata); - return ret; -} - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf_length(krb5_context context, krb5_enctype type, size_t *length) { - struct encryption_type *et = _find_enctype(type); + struct _krb5_encryption_type *et = _krb5_find_enctype(type); if(et == NULL || et->prf_length == 0) { - krb5_set_error_string(context, "encryption type %d not supported", - type); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + type); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4068,126 +2444,207 @@ krb5_crypto_prf_length(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf(krb5_context context, const krb5_crypto crypto, - const krb5_data *input, + const krb5_data *input, krb5_data *output) { - struct encryption_type *et = crypto->et; + struct _krb5_encryption_type *et = crypto->et; krb5_data_zero(output); if(et->prf == NULL) { - krb5_set_error_string(context, "kerberos prf for %s not supported", - et->name); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "kerberos prf for %s not supported", + et->name); return KRB5_PROG_ETYPE_NOSUPP; } return (*et->prf)(context, crypto, input, output); } - - - - -#ifdef CRYPTO_DEBUG static krb5_error_code -krb5_get_keyid(krb5_context context, - krb5_keyblock *key, - uint32_t *keyid) +krb5_crypto_prfplus(krb5_context context, + const krb5_crypto crypto, + const krb5_data *input, + size_t length, + krb5_data *output) { - MD5_CTX md5; - unsigned char tmp[16]; - - MD5_Init (&md5); - MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length); - MD5_Final (tmp, &md5); - *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; - return 0; -} - -static void -krb5_crypto_debug(krb5_context context, - int encryptp, - size_t len, - krb5_keyblock *key) -{ - uint32_t keyid; - char *kt; - krb5_get_keyid(context, key, &keyid); - krb5_enctype_to_string(context, key->keytype, &kt); - krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", - encryptp ? "encrypting" : "decrypting", - (unsigned long)len, - keyid, - kt); - free(kt); -} - -#endif /* CRYPTO_DEBUG */ - -#if 0 -int -main() -{ -#if 0 - int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - char constant[4]; - unsigned usage = ENCRYPTION_USAGE(3); krb5_error_code ret; + krb5_data input2; + unsigned char i = 1; + unsigned char *p; - ret = krb5_init_context(&context); + krb5_data_zero(&input2); + krb5_data_zero(output); + + krb5_clear_error_message(context); + + ret = krb5_data_alloc(output, length); + if (ret) goto out; + ret = krb5_data_alloc(&input2, input->length + 1); + if (ret) goto out; + + krb5_clear_error_message(context); + + memcpy(((unsigned char *)input2.data) + 1, input->data, input->length); + + p = output->data; + + while (length) { + krb5_data block; + + ((unsigned char *)input2.data)[0] = i++; + + ret = krb5_crypto_prf(context, crypto, &input2, &block); + if (ret) + goto out; + + if (block.length < length) { + memcpy(p, block.data, block.length); + length -= block.length; + } else { + memcpy(p, block.data, length); + length = 0; + } + p += block.length; + krb5_data_free(&block); + } + + out: + krb5_data_free(&input2); if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8" - "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e" - "\xc8\xdf\xab\x26\x86\x64\x15\x25"; - key.keyvalue.length = 24; - - krb5_crypto_init(context, &key, 0, &crypto); - - d = _new_derived_key(crypto, usage); - if(d == NULL) - krb5_errx(context, 1, "_new_derived_key failed"); - krb5_copy_keyblock(context, crypto->key.key, &d->key); - _krb5_put_int(constant, usage, 4); - derive_key(context, crypto->et, d, constant, sizeof(constant)); + krb5_data_free(output); return 0; -#else - int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - krb5_error_code ret; - Checksum res; - - char *data = "what do ya want for nothing?"; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "Jefe"; - /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ - key.keyvalue.length = 4; - - d = ecalloc(1, sizeof(*d)); - d->key = &key; - res.checksum.length = 20; - res.checksum.data = emalloc(res.checksum.length); - SP_HMAC_SHA1_checksum(context, d, data, 28, &res); - - return 0; -#endif } -#endif + +/** + * The FX-CF2 key derivation function, used in FAST and preauth framework. + * + * @param context Kerberos 5 context + * @param crypto1 first key to combine + * @param crypto2 second key to combine + * @param pepper1 factor to combine with first key to garante uniqueness + * @param pepper2 factor to combine with second key to garante uniqueness + * @param enctype the encryption type of the resulting key + * @param res allocated key, free with krb5_free_keyblock_contents() + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_fx_cf2(krb5_context context, + const krb5_crypto crypto1, + const krb5_crypto crypto2, + krb5_data *pepper1, + krb5_data *pepper2, + krb5_enctype enctype, + krb5_keyblock *res) +{ + krb5_error_code ret; + krb5_data os1, os2; + size_t i, keysize; + + memset(res, 0, sizeof(*res)); + + ret = krb5_enctype_keysize(context, enctype, &keysize); + if (ret) + return ret; + + ret = krb5_data_alloc(&res->keyvalue, keysize); + if (ret) + goto out; + ret = krb5_crypto_prfplus(context, crypto1, pepper1, keysize, &os1); + if (ret) + goto out; + ret = krb5_crypto_prfplus(context, crypto2, pepper2, keysize, &os2); + if (ret) + goto out; + + res->keytype = enctype; + { + unsigned char *p1 = os1.data, *p2 = os2.data, *p3 = res->keyvalue.data; + for (i = 0; i < keysize; i++) + p3[i] = p1[i] ^ p2[i]; + } + out: + if (ret) + krb5_data_free(&res->keyvalue); + krb5_data_free(&os1); + krb5_data_free(&os2); + + return ret; +} + + + +#ifndef HEIMDAL_SMALLER + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keytype_to_enctypes (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + int i; + unsigned n = 0; + krb5_enctype *ret; + + for (i = _krb5_num_etypes - 1; i >= 0; --i) { + if (_krb5_etypes[i]->keytype->type == keytype + && !(_krb5_etypes[i]->flags & F_PSEUDO) + && krb5_enctype_valid(context, _krb5_etypes[i]->type) == 0) + ++n; + } + if (n == 0) { + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "Keytype have no mapping"); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + ret = malloc(n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + n = 0; + for (i = _krb5_num_etypes - 1; i >= 0; --i) { + if (_krb5_etypes[i]->keytype->type == keytype + && !(_krb5_etypes[i]->flags & F_PSEUDO) + && krb5_enctype_valid(context, _krb5_etypes[i]->type) == 0) + ret[n++] = _krb5_etypes[i]->type; + } + *len = n; + *val = ret; + return 0; +} + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +/* if two enctypes have compatible keys */ +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_enctypes_compatible_keys(krb5_context context, + krb5_enctype etype1, + krb5_enctype etype2) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1); + struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2); + return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype; +} + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/crypto.h b/crypto/heimdal/lib/krb5/crypto.h new file mode 100644 index 00000000000..9b95b8f0cbc --- /dev/null +++ b/crypto/heimdal/lib/krb5/crypto.h @@ -0,0 +1,179 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HEIMDAL_SMALLER +#define DES3_OLD_ENCTYPE 1 +#endif + +struct _krb5_key_data { + krb5_keyblock *key; + krb5_data *schedule; +}; + +struct _krb5_key_usage; + +struct krb5_crypto_data { + struct _krb5_encryption_type *et; + struct _krb5_key_data key; + int num_key_usage; + struct _krb5_key_usage *key_usage; +}; + +#define CRYPTO_ETYPE(C) ((C)->et->type) + +/* bits for `flags' below */ +#define F_KEYED 1 /* checksum is keyed */ +#define F_CPROOF 2 /* checksum is collision proof */ +#define F_DERIVED 4 /* uses derived keys */ +#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ +#define F_PSEUDO 16 /* not a real protocol type */ +#define F_SPECIAL 32 /* backwards */ +#define F_DISABLED 64 /* enctype/checksum disabled */ +#define F_WEAK 128 /* enctype is considered weak */ + +struct salt_type { + krb5_salttype type; + const char *name; + krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, + krb5_salt, krb5_data, krb5_keyblock*); +}; + +struct _krb5_key_type { + krb5_enctype type; + const char *name; + size_t bits; + size_t size; + size_t schedule_size; + void (*random_key)(krb5_context, krb5_keyblock*); + void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *); + struct salt_type *string_to_key; + void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); + void (*cleanup)(krb5_context, struct _krb5_key_data *); + const EVP_CIPHER *(*evp)(void); +}; + +struct _krb5_checksum_type { + krb5_cksumtype type; + const char *name; + size_t blocksize; + size_t checksumsize; + unsigned flags; + krb5_error_code (*checksum)(krb5_context context, + struct _krb5_key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); + krb5_error_code (*verify)(krb5_context context, + struct _krb5_key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); +}; + +struct _krb5_encryption_type { + krb5_enctype type; + const char *name; + size_t blocksize; + size_t padsize; + size_t confoundersize; + struct _krb5_key_type *keytype; + struct _krb5_checksum_type *checksum; + struct _krb5_checksum_type *keyed_checksum; + unsigned flags; + krb5_error_code (*encrypt)(krb5_context context, + struct _krb5_key_data *key, + void *data, size_t len, + krb5_boolean encryptp, + int usage, + void *ivec); + size_t prf_length; + krb5_error_code (*prf)(krb5_context, + krb5_crypto, const krb5_data *, krb5_data *); +}; + +#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) +#define INTEGRITY_USAGE(U) (((U) << 8) | 0x55) +#define CHECKSUM_USAGE(U) (((U) << 8) | 0x99) + +/* Checksums */ + +extern struct _krb5_checksum_type _krb5_checksum_none; +extern struct _krb5_checksum_type _krb5_checksum_crc32; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md4; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3; +extern struct _krb5_checksum_type _krb5_checksum_rsa_md5; +extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3; +extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128; +extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256; +extern struct _krb5_checksum_type _krb5_checksum_hmac_md5; +extern struct _krb5_checksum_type _krb5_checksum_sha1; + +extern struct _krb5_checksum_type *_krb5_checksum_types[]; +extern int _krb5_num_checksums; + +/* Salts */ + +extern struct salt_type _krb5_AES_salt[]; +extern struct salt_type _krb5_arcfour_salt[]; +extern struct salt_type _krb5_des_salt[]; +extern struct salt_type _krb5_des3_salt[]; +extern struct salt_type _krb5_des3_salt_derived[]; + +/* Encryption types */ + +extern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1; +extern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1; +extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1; +extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5; +extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none; +extern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; +extern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5; +extern struct _krb5_encryption_type _krb5_enctype_des_cbc_none; +extern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none; +extern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none; +extern struct _krb5_encryption_type _krb5_enctype_null; + +extern struct _krb5_encryption_type *_krb5_etypes[]; +extern int _krb5_num_etypes; + +/* Interface to the EVP crypto layer provided by hcrypto */ +struct _krb5_evp_schedule { + EVP_CIPHER_CTX ectx; + EVP_CIPHER_CTX dctx; +}; diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c index eda1a8b2598..f62a5532ab6 100644 --- a/crypto/heimdal/lib/krb5/data.c +++ b/crypto/heimdal/lib/krb5/data.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: data.c 22064 2007-11-11 16:28:14Z lha $"); - /** * Reset the (potentially uninitalized) krb5_data structure. * @@ -43,7 +41,7 @@ RCSID("$Id: data.c 22064 2007-11-11 16:28:14Z lha $"); * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero(krb5_data *p) { p->length = 0; @@ -52,14 +50,16 @@ krb5_data_zero(krb5_data *p) /** * Free the content of krb5_data structure, its ok to free a zeroed - * structure. When done, the structure will be zeroed. - * + * structure (with memset() or krb5_data_zero()). When done, the + * structure will be zeroed. The same function is called + * krb5_free_data_contents() in MIT Kerberos. + * * @param p krb5_data to free. * * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free(krb5_data *p) { if(p->data != NULL) @@ -67,31 +67,16 @@ krb5_data_free(krb5_data *p) krb5_data_zero(p); } -/** - * Same as krb5_data_free(). - * - * @param context Kerberos 5 context. - * @param data krb5_data to free. - * - * @ingroup krb5 - */ - -void KRB5_LIB_FUNCTION -krb5_free_data_contents(krb5_context context, krb5_data *data) -{ - krb5_data_free(data); -} - /** * Free krb5_data (and its content). - * + * * @param context Kerberos 5 context. * @param p krb5_data to free. * * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data(krb5_context context, krb5_data *p) { @@ -101,8 +86,8 @@ krb5_free_data(krb5_context context, /** * Allocate data of and krb5_data. - * - * @param p krb5_data to free. + * + * @param p krb5_data to allocate. * @param len size to allocate. * * @return Returns 0 to indicate success. Otherwise an kerberos et @@ -111,7 +96,7 @@ krb5_free_data(krb5_context context, * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc(krb5_data *p, int len) { p->data = malloc(len); @@ -123,7 +108,7 @@ krb5_data_alloc(krb5_data *p, int len) /** * Grow (or shrink) the content of krb5_data to a new size. - * + * * @param p krb5_data to free. * @param len new size. * @@ -133,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc(krb5_data *p, int len) { void *tmp; @@ -147,7 +132,7 @@ krb5_data_realloc(krb5_data *p, int len) /** * Copy the data of len into the krb5_data. - * + * * @param p krb5_data to copy into. * @param data data to copy.. * @param len new size. @@ -158,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy(krb5_data *p, const void *data, size_t len) { if (len) { @@ -173,7 +158,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) /** * Copy the data into a newly allocated krb5_data. - * + * * @param context Kerberos 5 context. * @param indata the krb5_data data to copy * @param outdata new krb5_date to copy too. Free with krb5_free_data(). @@ -184,20 +169,20 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_data(krb5_context context, - const krb5_data *indata, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_data(krb5_context context, + const krb5_data *indata, krb5_data **outdata) { krb5_error_code ret; ALLOC(*outdata, 1); if(*outdata == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } ret = der_copy_octet_string(indata, *outdata); if(ret) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); free(*outdata); *outdata = NULL; } @@ -206,7 +191,7 @@ krb5_copy_data(krb5_context context, /** * Compare to data. - * + * * @param data1 krb5_data to compare * @param data2 krb5_data to compare * @@ -215,10 +200,29 @@ krb5_copy_data(krb5_context context, * @ingroup krb5 */ -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) { if (data1->length != data2->length) return data1->length - data2->length; return memcmp(data1->data, data2->data, data1->length); } + +/** + * Compare to data not exposing timing information from the checksum data + * + * @param data1 krb5_data to compare + * @param data2 krb5_data to compare + * + * @return returns zero for same data, otherwise non zero. + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_data_ct_cmp(const krb5_data *data1, const krb5_data *data2) +{ + if (data1->length != data2->length) + return data1->length - data2->length; + return ct_memcmp(data1->data, data2->data, data1->length); +} diff --git a/crypto/heimdal/lib/krb5/deprecated.c b/crypto/heimdal/lib/krb5/deprecated.c new file mode 100644 index 00000000000..1d44d21b170 --- /dev/null +++ b/crypto/heimdal/lib/krb5/deprecated.c @@ -0,0 +1,609 @@ +/* + * Copyright (c) 1997 - 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#undef __attribute__ +#define __attribute__(x) + +#ifndef HEIMDAL_SMALLER + +/** + * Same as krb5_data_free(). MIT compat. + * + * Deprecated: use krb5_data_free(). + * + * @param context Kerberos 5 context. + * @param data krb5_data to free. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_data_contents(krb5_context context, krb5_data *data) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_data_free(data); +} + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keytype_to_enctypes_default (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + unsigned int i, n; + krb5_enctype *ret; + + if (keytype != KEYTYPE_DES || context->etypes_des == NULL) + return krb5_keytype_to_enctypes (context, keytype, len, val); + + for (n = 0; context->etypes_des[n]; ++n) + ; + ret = malloc (n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + for (i = 0; i < n; ++i) + ret[i] = context->etypes_des[i]; + *len = n; + *val = ret; + return 0; +} + + +static struct { + const char *name; + krb5_keytype type; +} keys[] = { + { "null", ENCTYPE_NULL }, + { "des", ETYPE_DES_CBC_CRC }, + { "des3", ETYPE_OLD_DES3_CBC_SHA1 }, + { "aes-128", ETYPE_AES128_CTS_HMAC_SHA1_96 }, + { "aes-256", ETYPE_AES256_CTS_HMAC_SHA1_96 }, + { "arcfour", ETYPE_ARCFOUR_HMAC_MD5 }, + { "arcfour-56", ETYPE_ARCFOUR_HMAC_MD5_56 } +}; + +static int num_keys = sizeof(keys) / sizeof(keys[0]); + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes in + * most cases, use krb5_enctype_to_string(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_keytype_to_string(krb5_context context, + krb5_keytype keytype, + char **string) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + const char *name = NULL; + int i; + + for(i = 0; i < num_keys; i++) { + if(keys[i].type == keytype) { + name = keys[i].name; + break; + } + } + + if(i >= num_keys) { + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %d not supported", keytype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + *string = strdup(name); + if(*string == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + return 0; +} + +/** + * Deprecated: keytypes doesn't exists, they are really enctypes in + * most cases, use krb5_string_to_enctype(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_keytype(krb5_context context, + const char *string, + krb5_keytype *keytype) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + char *end; + int i; + + for(i = 0; i < num_keys; i++) + if(strcasecmp(keys[i].name, string) == 0){ + *keytype = keys[i].type; + return 0; + } + + /* check if the enctype is a number */ + *keytype = strtol(string, &end, 0); + if(*end == '\0' && *keytype != 0) { + if (krb5_enctype_valid(context, *keytype) == 0) + return 0; + } + + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %s not supported", string); + return KRB5_PROG_KEYTYPE_NOSUPP; +} + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV +krb5_password_key_proc (krb5_context context, + krb5_enctype type, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_error_code ret; + const char *password = (const char *)keyseed; + char buf[BUFSIZ]; + + *key = malloc (sizeof (**key)); + if (*key == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + if (password == NULL) { + if(UI_UTIL_read_pw_string (buf, sizeof(buf), "Password: ", 0)) { + free (*key); + krb5_clear_error_message(context); + return KRB5_LIBOS_PWDINTR; + } + password = buf; + } + ret = krb5_string_to_key_salt (context, type, password, salt, *key); + memset (buf, 0, sizeof(buf)); + return ret; +} + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt_with_password (krb5_context context, + krb5_flags options, + krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *pre_auth_types, + const char *password, + krb5_ccache ccache, + krb5_creds *creds, + krb5_kdc_rep *ret_as_reply) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + return krb5_get_in_tkt (context, + options, + addrs, + etypes, + pre_auth_types, + krb5_password_key_proc, + password, + NULL, + NULL, + creds, + ccache, + ret_as_reply); +} + +static krb5_error_code KRB5_CALLCONV +krb5_skey_key_proc (krb5_context context, + krb5_enctype type, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) +{ + return krb5_copy_keyblock (context, keyseed, key); +} + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt_with_skey (krb5_context context, + krb5_flags options, + krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *pre_auth_types, + const krb5_keyblock *key, + krb5_ccache ccache, + krb5_creds *creds, + krb5_kdc_rep *ret_as_reply) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + if(key == NULL) + return krb5_get_in_tkt_with_keytab (context, + options, + addrs, + etypes, + pre_auth_types, + NULL, + ccache, + creds, + ret_as_reply); + else + return krb5_get_in_tkt (context, + options, + addrs, + etypes, + pre_auth_types, + krb5_skey_key_proc, + key, + NULL, + NULL, + creds, + ccache, + ret_as_reply); +} + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV +krb5_keytab_key_proc (krb5_context context, + krb5_enctype enctype, + krb5_salt salt, + krb5_const_pointer keyseed, + krb5_keyblock **key) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_keytab_key_proc_args *args = rk_UNCONST(keyseed); + krb5_keytab keytab = args->keytab; + krb5_principal principal = args->principal; + krb5_error_code ret; + krb5_keytab real_keytab; + krb5_keytab_entry entry; + + if(keytab == NULL) + krb5_kt_default(context, &real_keytab); + else + real_keytab = keytab; + + ret = krb5_kt_get_entry (context, real_keytab, principal, + 0, enctype, &entry); + + if (keytab == NULL) + krb5_kt_close (context, real_keytab); + + if (ret) + return ret; + + ret = krb5_copy_keyblock (context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + return ret; +} + +/** + * Deprecated: use krb5_get_init_creds() and friends. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_in_tkt_with_keytab (krb5_context context, + krb5_flags options, + krb5_addresses *addrs, + const krb5_enctype *etypes, + const krb5_preauthtype *pre_auth_types, + krb5_keytab keytab, + krb5_ccache ccache, + krb5_creds *creds, + krb5_kdc_rep *ret_as_reply) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_keytab_key_proc_args a; + + a.principal = creds->client; + a.keytab = keytab; + + return krb5_get_in_tkt (context, + options, + addrs, + etypes, + pre_auth_types, + krb5_keytab_key_proc, + &a, + NULL, + NULL, + creds, + ccache, + ret_as_reply); +} + +/** + * Generate a new ccache of type `ops' in `id'. + * + * Deprecated: use krb5_cc_new_unique() instead. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_gen_new(krb5_context context, + const krb5_cc_ops *ops, + krb5_ccache *id) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + return krb5_cc_new_unique(context, ops->prefix, NULL, id); +} + +/** + * Deprecated: use krb5_principal_get_realm() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_realm * KRB5_LIB_CALL +krb5_princ_realm(krb5_context context, + krb5_principal principal) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + return &principal->realm; +} + + +/** + * Deprecated: use krb5_principal_set_realm() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_princ_set_realm(krb5_context context, + krb5_principal principal, + krb5_realm *realm) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + principal->realm = *realm; +} + +/** + * Deprecated: use krb5_free_cred_contents() + * + * @ingroup krb5_deprecated + */ + +/* keep this for compatibility with older code */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_creds_contents (krb5_context context, krb5_creds *c) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + return krb5_free_cred_contents (context, c); +} + +/** + * Free the error message returned by krb5_get_error_string(). + * + * Deprecated: use krb5_free_error_message() + * + * @param context Kerberos context + * @param str error message to free + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error_string(krb5_context context, char *str) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_free_error_message(context, str); +} + +/** + * Set the error message returned by krb5_get_error_string(). + * + * Deprecated: use krb5_get_error_message() + * + * @param context Kerberos context + * @param fmt error message to free + * + * @return Return an error code or 0. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_error_string(krb5_context context, const char *fmt, ...) + __attribute__((format (printf, 2, 3))) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + va_list ap; + + va_start(ap, fmt); + krb5_vset_error_message (context, 0, fmt, ap); + va_end(ap); + return 0; +} + +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * Deprecated: use krb5_vset_error_message() + * + * @param context Kerberos context + * @param msg error message to free + * + * @return Return an error code or 0. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) + __attribute__ ((format (printf, 2, 0))) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_vset_error_message(context, 0, fmt, args); + return 0; +} + +/** + * Clear the error message returned by krb5_get_error_string(). + * + * Deprecated: use krb5_clear_error_message() + * + * @param context Kerberos context + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_clear_error_string(krb5_context context) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_clear_error_message(context); +} + +/** + * Deprecated: use krb5_get_credentials_with_flags(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_cred_from_kdc_opt(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts, + krb5_flags flags) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_kdc_flags f; + f.i = flags; + return _krb5_get_cred_kdc_any(context, f, ccache, + in_creds, NULL, NULL, + out_creds, ret_tgts); +} + +/** + * Deprecated: use krb5_get_credentials_with_flags(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_cred_from_kdc(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + return krb5_get_cred_from_kdc_opt(context, ccache, + in_creds, out_creds, ret_tgts, 0); +} + +/** + * Deprecated: use krb5_xfree(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_unparsed_name(krb5_context context, char *str) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + krb5_xfree(str); +} + +/** + * Deprecated: use krb5_generate_subkey_extended() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_generate_subkey(krb5_context context, + const krb5_keyblock *key, + krb5_keyblock **subkey) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + return krb5_generate_subkey_extended(context, key, ETYPE_NULL, subkey); +} + +/** + * Deprecated: use krb5_auth_con_getremoteseqnumber() + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_getremoteseqnumber(krb5_context context, + krb5_auth_context auth_context, + int32_t *seqnumber) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + *seqnumber = auth_context->remote_seqnumber; + return 0; +} + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/derived-key-test.c b/crypto/heimdal/lib/krb5/derived-key-test.c index debadb8bb95..a67c95a54cb 100644 --- a/crypto/heimdal/lib/krb5/derived-key-test.c +++ b/crypto/heimdal/lib/krb5/derived-key-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: derived-key-test.c 16342 2005-12-02 14:14:43Z lha $"); - enum { MAXSIZE = 24 }; static struct testcase { @@ -77,7 +75,7 @@ static struct testcase { {0} }; -int KRB5_LIB_FUNCTION +int main(int argc, char **argv) { struct testcase *t; diff --git a/crypto/heimdal/lib/krb5/digest.c b/crypto/heimdal/lib/krb5/digest.c index 6e612ed6bbb..ef3267b3a76 100644 --- a/crypto/heimdal/lib/krb5/digest.c +++ b/crypto/heimdal/lib/krb5/digest.c @@ -1,40 +1,41 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: digest.c 22156 2007-12-04 20:02:49Z lha $"); #include "digest_asn1.h" +#ifndef HEIMDAL_SMALLER + struct krb5_digest_data { char *cbtype; char *cbbinding; @@ -45,7 +46,7 @@ struct krb5_digest_data { DigestResponse response; }; -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_alloc(krb5_context context, krb5_digest *digest) { krb5_digest d; @@ -53,7 +54,7 @@ krb5_digest_alloc(krb5_context context, krb5_digest *digest) d = calloc(1, sizeof(*d)); if (d == NULL) { *digest = NULL; - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest = d; @@ -61,7 +62,7 @@ krb5_digest_alloc(krb5_context context, krb5_digest *digest) return 0; } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_digest_free(krb5_digest digest) { if (digest == NULL) @@ -75,14 +76,15 @@ krb5_digest_free(krb5_digest digest) return; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_cb(krb5_context context, krb5_digest digest, const char *type, const char *binding) { if (digest->init.channel) { - krb5_set_error_string(context, "server channel binding already set"); + krb5_set_error_message(context, EINVAL, + N_("server channel binding already set", "")); return EINVAL; } digest->init.channel = calloc(1, sizeof(*digest->init.channel)); @@ -94,54 +96,54 @@ krb5_digest_set_server_cb(krb5_context context, goto error; digest->init.channel->cb_binding = strdup(binding); - if (digest->init.channel->cb_binding == NULL) + if (digest->init.channel->cb_binding == NULL) goto error; return 0; -error: + error: if (digest->init.channel) { free(digest->init.channel->cb_type); free(digest->init.channel->cb_binding); free(digest->init.channel); digest->init.channel = NULL; } - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_type(krb5_context context, krb5_digest digest, const char *type) { if (digest->init.type) { - krb5_set_error_string(context, "client type already set"); + krb5_set_error_message(context, EINVAL, "client type already set"); return EINVAL; } digest->init.type = strdup(type); if (digest->init.type == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_hostname(krb5_context context, krb5_digest digest, const char *hostname) { if (digest->init.hostname) { - krb5_set_error_string(context, "server hostname already set"); + krb5_set_error_message(context, EINVAL, "server hostname already set"); return EINVAL; } digest->init.hostname = malloc(sizeof(*digest->init.hostname)); if (digest->init.hostname == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->init.hostname = strdup(hostname); if (*digest->init.hostname == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->init.hostname); digest->init.hostname = NULL; return ENOMEM; @@ -149,55 +151,55 @@ krb5_digest_set_hostname(krb5_context context, return 0; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_server_nonce(krb5_context context, krb5_digest digest) { return digest->initReply.nonce; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_nonce(krb5_context context, krb5_digest digest, const char *nonce) { if (digest->request.serverNonce) { - krb5_set_error_string(context, "nonce already set"); + krb5_set_error_message(context, EINVAL, N_("nonce already set", "")); return EINVAL; } digest->request.serverNonce = strdup(nonce); if (digest->request.serverNonce == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_opaque(krb5_context context, krb5_digest digest) { return digest->initReply.opaque; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_opaque(krb5_context context, krb5_digest digest, const char *opaque) { if (digest->request.opaque) { - krb5_set_error_string(context, "opaque already set"); + krb5_set_error_message(context, EINVAL, "opaque already set"); return EINVAL; } digest->request.opaque = strdup(opaque); if (digest->request.opaque == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_identifier(krb5_context context, krb5_digest digest) { @@ -206,23 +208,23 @@ krb5_digest_get_identifier(krb5_context context, return *digest->initReply.identifier; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_identifier(krb5_context context, krb5_digest digest, const char *id) { if (digest->request.identifier) { - krb5_set_error_string(context, "identifier already set"); + krb5_set_error_message(context, EINVAL, N_("identifier already set", "")); return EINVAL; } digest->request.identifier = calloc(1, sizeof(*digest->request.identifier)); if (digest->request.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.identifier = strdup(id); if (*digest->request.identifier == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.identifier); digest->request.identifier = NULL; return ENOMEM; @@ -242,7 +244,7 @@ digest_request(krb5_context context, DigestREP rep; krb5_error_code ret; krb5_data data, data2; - size_t size; + size_t size = 0; krb5_crypto crypto = NULL; krb5_auth_context ac = NULL; krb5_principal principal = NULL; @@ -272,7 +274,7 @@ digest_request(krb5_context context, * */ - ret = krb5_make_principal(context, &principal, + ret = krb5_make_principal(context, &principal, r, KRB5_DIGEST_NAME, r, NULL); if (ret) goto out; @@ -280,14 +282,14 @@ digest_request(krb5_context context, ASN1_MALLOC_ENCODE(DigestReqInner, data.data, data.length, ireq, &size, ret); if (ret) { - krb5_set_error_string(context, - "Failed to encode digest inner request"); + krb5_set_error_message(context, ret, + N_("Failed to encode digest inner request", "")); goto out; } if (size != data.length) krb5_abortx(context, "ASN.1 internal encoder error"); - ret = krb5_mk_req_exact(context, &ac, + ret = krb5_mk_req_exact(context, &ac, AP_OPTS_USE_SUBKEY|AP_OPTS_MUTUAL_REQUIRED, principal, NULL, id, &req.apReq); if (ret) @@ -300,8 +302,9 @@ digest_request(krb5_context context, if (ret) goto out; if (key == NULL) { - krb5_set_error_string(context, "Digest failed to get local subkey"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("Digest failed to get local subkey", "")); goto out; } @@ -312,7 +315,7 @@ digest_request(krb5_context context, } ret = krb5_encrypt_EncryptedData(context, crypto, usage, - data.data, data.length, 0, + data.data, data.length, 0, &req.innerReq); if (ret) goto out; @@ -322,7 +325,8 @@ digest_request(krb5_context context, ASN1_MALLOC_ENCODE(DigestREQ, data.data, data.length, &req, &size, ret); if (ret) { - krb5_set_error_string(context, "Failed to encode DigestREQest"); + krb5_set_error_message(context, ret, + N_("Failed to encode DigestREQest", "")); goto out; } if (size != data.length) @@ -334,7 +338,8 @@ digest_request(krb5_context context, ret = decode_DigestREP(data2.data, data2.length, &rep, NULL); if (ret) { - krb5_set_error_string(context, "Failed to parse digest response"); + krb5_set_error_message(context, ret, + N_("Failed to parse digest response", "")); goto out; } @@ -355,8 +360,8 @@ digest_request(krb5_context context, goto out; if (key == NULL) { ret = EINVAL; - krb5_set_error_string(context, - "Digest reply have no remote subkey"); + krb5_set_error_message(context, ret, + N_("Digest reply have no remote subkey", "")); goto out; } @@ -372,14 +377,15 @@ digest_request(krb5_context context, &rep.innerRep, &data); if (ret) goto out; - + ret = decode_DigestRepInner(data.data, data.length, irep, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode digest inner reply"); + krb5_set_error_message(context, ret, + N_("Failed to decode digest inner reply", "")); goto out; } -out: + out: if (ccache == NULL && id) krb5_cc_close(context, id); if (realm == NULL && r) @@ -400,7 +406,7 @@ out: return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_init_request(krb5_context context, krb5_digest digest, krb5_realm realm, @@ -414,7 +420,8 @@ krb5_digest_init_request(krb5_context context, memset(&irep, 0, sizeof(irep)); if (digest->init.type == NULL) { - krb5_set_error_string(context, "Type missing from init req"); + krb5_set_error_message(context, EINVAL, + N_("Type missing from init req", "")); return EINVAL; } @@ -427,49 +434,52 @@ krb5_digest_init_request(krb5_context context, goto out; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest init error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, N_("Digest init error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_initReply) { - krb5_set_error_string(context, "digest reply not an initReply"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("digest reply not an initReply", "")); goto out; } ret = copy_DigestInitReply(&irep.u.initReply, &digest->initReply); if (ret) { - krb5_set_error_string(context, "Failed to copy initReply"); + krb5_set_error_message(context, ret, + N_("Failed to copy initReply", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_client_nonce(krb5_context context, krb5_digest digest, const char *nonce) { if (digest->request.clientNonce) { - krb5_set_error_string(context, "clientNonce already set"); + krb5_set_error_message(context, EINVAL, + N_("clientNonce already set", "")); return EINVAL; } - digest->request.clientNonce = + digest->request.clientNonce = calloc(1, sizeof(*digest->request.clientNonce)); if (digest->request.clientNonce == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.clientNonce = strdup(nonce); if (*digest->request.clientNonce == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.clientNonce); digest->request.clientNonce = NULL; return ENOMEM; @@ -477,57 +487,58 @@ krb5_digest_set_client_nonce(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_digest(krb5_context context, krb5_digest digest, const char *dgst) { if (digest->request.digest) { - krb5_set_error_string(context, "digest already set"); + krb5_set_error_message(context, EINVAL, + N_("digest already set", "")); return EINVAL; } digest->request.digest = strdup(dgst); if (digest->request.digest == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_username(krb5_context context, krb5_digest digest, const char *username) { if (digest->request.username) { - krb5_set_error_string(context, "username already set"); + krb5_set_error_message(context, EINVAL, "username already set"); return EINVAL; } digest->request.username = strdup(username); if (digest->request.username == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authid(krb5_context context, krb5_digest digest, const char *authid) { if (digest->request.authid) { - krb5_set_error_string(context, "authid already set"); + krb5_set_error_message(context, EINVAL, "authid already set"); return EINVAL; } digest->request.authid = malloc(sizeof(*digest->request.authid)); if (digest->request.authid == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.authid = strdup(authid); if (*digest->request.authid == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.authid); digest->request.authid = NULL; return ENOMEM; @@ -535,7 +546,7 @@ krb5_digest_set_authid(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authentication_user(krb5_context context, krb5_digest digest, krb5_principal authentication_user) @@ -543,36 +554,35 @@ krb5_digest_set_authentication_user(krb5_context context, krb5_error_code ret; if (digest->request.authentication_user) { - krb5_set_error_string(context, "authentication_user already set"); + krb5_set_error_message(context, EINVAL, + N_("authentication_user already set", "")); return EINVAL; } ret = krb5_copy_principal(context, authentication_user, &digest->request.authentication_user); - if (digest->request.authentication_user == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (ret) + return ret; return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_realm(krb5_context context, krb5_digest digest, const char *realm) { if (digest->request.realm) { - krb5_set_error_string(context, "realm already set"); + krb5_set_error_message(context, EINVAL, "realm already set"); return EINVAL; } digest->request.realm = malloc(sizeof(*digest->request.realm)); if (digest->request.realm == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.realm = strdup(realm); if (*digest->request.realm == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.realm); digest->request.realm = NULL; return ENOMEM; @@ -580,23 +590,24 @@ krb5_digest_set_realm(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_method(krb5_context context, krb5_digest digest, const char *method) { if (digest->request.method) { - krb5_set_error_string(context, "method already set"); + krb5_set_error_message(context, EINVAL, + N_("method already set", "")); return EINVAL; } digest->request.method = malloc(sizeof(*digest->request.method)); if (digest->request.method == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.method = strdup(method); if (*digest->request.method == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.method); digest->request.method = NULL; return ENOMEM; @@ -604,23 +615,23 @@ krb5_digest_set_method(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_uri(krb5_context context, krb5_digest digest, const char *uri) { if (digest->request.uri) { - krb5_set_error_string(context, "uri already set"); + krb5_set_error_message(context, EINVAL, N_("uri already set", "")); return EINVAL; } digest->request.uri = malloc(sizeof(*digest->request.uri)); if (digest->request.uri == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.uri = strdup(uri); if (*digest->request.uri == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.uri); digest->request.uri = NULL; return ENOMEM; @@ -628,24 +639,25 @@ krb5_digest_set_uri(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_nonceCount(krb5_context context, krb5_digest digest, const char *nonce_count) { if (digest->request.nonceCount) { - krb5_set_error_string(context, "nonceCount already set"); + krb5_set_error_message(context, EINVAL, + N_("nonceCount already set", "")); return EINVAL; } - digest->request.nonceCount = + digest->request.nonceCount = malloc(sizeof(*digest->request.nonceCount)); if (digest->request.nonceCount == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.nonceCount = strdup(nonce_count); if (*digest->request.nonceCount == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.nonceCount); digest->request.nonceCount = NULL; return ENOMEM; @@ -653,23 +665,23 @@ krb5_digest_set_nonceCount(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_qop(krb5_context context, krb5_digest digest, const char *qop) { if (digest->request.qop) { - krb5_set_error_string(context, "qop already set"); + krb5_set_error_message(context, EINVAL, "qop already set"); return EINVAL; } digest->request.qop = malloc(sizeof(*digest->request.qop)); if (digest->request.qop == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } *digest->request.qop = strdup(qop); if (*digest->request.qop == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(digest->request.qop); digest->request.qop = NULL; return ENOMEM; @@ -677,20 +689,20 @@ krb5_digest_set_qop(krb5_context context, return 0; } -int +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_digest_set_responseData(krb5_context context, krb5_digest digest, const char *response) { digest->request.responseData = strdup(response); if (digest->request.responseData == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_request(krb5_context context, krb5_digest digest, krb5_realm realm, @@ -708,14 +720,17 @@ krb5_digest_request(krb5_context context, if (digest->request.type == NULL) { if (digest->init.type == NULL) { - krb5_set_error_string(context, "Type missing from req"); + krb5_set_error_message(context, EINVAL, + N_("Type missing from req", "")); return EINVAL; } ireq.u.digestRequest.type = digest->init.type; } - if (ireq.u.digestRequest.digest == NULL) - ireq.u.digestRequest.digest = "md5"; + if (ireq.u.digestRequest.digest == NULL) { + static char md5[] = "md5"; + ireq.u.digestRequest.digest = md5; + } ret = digest_request(context, realm, ccache, KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep); @@ -723,38 +738,41 @@ krb5_digest_request(krb5_context context, return ret; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest response error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, + N_("Digest response error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_response) { - krb5_set_error_string(context, "digest reply not an DigestResponse"); + krb5_set_error_message(context, EINVAL, + N_("digest reply not an DigestResponse", "")); ret = EINVAL; goto out; } ret = copy_DigestResponse(&irep.u.response, &digest->response); if (ret) { - krb5_set_error_string(context, "Failed to copy initReply"); + krb5_set_error_message(context, ret, + N_("Failed to copy initReply,", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_boolean -krb5_digest_rep_get_status(krb5_context context, +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_digest_rep_get_status(krb5_context context, krb5_digest digest) { return digest->response.success ? TRUE : FALSE; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_rsp(krb5_context context, krb5_digest digest) { @@ -763,7 +781,7 @@ krb5_digest_get_rsp(krb5_context context, return *digest->response.rsp; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_tickets(krb5_context context, krb5_digest digest, Ticket **tickets) @@ -773,7 +791,7 @@ krb5_digest_get_tickets(krb5_context context, } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_client_binding(krb5_context context, krb5_digest digest, char **type, @@ -785,7 +803,7 @@ krb5_digest_get_client_binding(krb5_context context, if (*type == NULL || *binding == NULL) { free(*type); free(*binding); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } } else { @@ -795,7 +813,7 @@ krb5_digest_get_client_binding(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_session_key(krb5_context context, krb5_digest digest, krb5_data *data) @@ -807,7 +825,7 @@ krb5_digest_get_session_key(krb5_context context, return 0; ret = der_copy_octet_string(digest->response.session_key, data); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } @@ -819,19 +837,19 @@ struct krb5_ntlm_data { NTLMResponse response; }; -krb5_error_code -krb5_ntlm_alloc(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_alloc(krb5_context context, krb5_ntlm *ntlm) { *ntlm = calloc(1, sizeof(**ntlm)); if (*ntlm == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm) { free_NTLMInit(&ntlm->init); @@ -844,8 +862,8 @@ krb5_ntlm_free(krb5_context context, krb5_ntlm ntlm) } -krb5_error_code -krb5_ntlm_init_request(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_init_request(krb5_context context, krb5_ntlm ntlm, krb5_realm realm, krb5_ccache ccache, @@ -879,31 +897,33 @@ krb5_ntlm_init_request(krb5_context context, goto out; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest init error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, N_("Digest init error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_ntlmInitReply) { - krb5_set_error_string(context, "ntlm reply not an initReply"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("ntlm reply not an initReply", "")); goto out; } ret = copy_NTLMInitReply(&irep.u.ntlmInitReply, &ntlm->initReply); if (ret) { - krb5_set_error_string(context, "Failed to copy initReply"); + krb5_set_error_message(context, ret, + N_("Failed to copy initReply", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_flags(krb5_context context, krb5_ntlm ntlm, uint32_t *flags) @@ -912,7 +932,7 @@ krb5_ntlm_init_get_flags(krb5_context context, return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_challange(krb5_context context, krb5_ntlm ntlm, krb5_data *challange) @@ -921,12 +941,12 @@ krb5_ntlm_init_get_challange(krb5_context context, ret = der_copy_octet_string(&ntlm->initReply.challange, challange); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_opaque(krb5_context context, krb5_ntlm ntlm, krb5_data *opaque) @@ -935,25 +955,25 @@ krb5_ntlm_init_get_opaque(krb5_context context, ret = der_copy_octet_string(&ntlm->initReply.opaque, opaque); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetname(krb5_context context, krb5_ntlm ntlm, char **name) { *name = strdup(ntlm->initReply.targetname); if (*name == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetinfo(krb5_context context, krb5_ntlm ntlm, krb5_data *data) @@ -969,14 +989,14 @@ krb5_ntlm_init_get_targetinfo(krb5_context context, ntlm->initReply.targetinfo->data, ntlm->initReply.targetinfo->length); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_request(krb5_context context, krb5_ntlm ntlm, krb5_realm realm, @@ -998,32 +1018,35 @@ krb5_ntlm_request(krb5_context context, return ret; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "NTLM response error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, + N_("NTLM response error: %s", ""), + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_ntlmResponse) { - krb5_set_error_string(context, "NTLM reply not an NTLMResponse"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("NTLM reply not an NTLMResponse", "")); goto out; } ret = copy_NTLMResponse(&irep.u.ntlmResponse, &ntlm->response); if (ret) { - krb5_set_error_string(context, "Failed to copy NTLMResponse"); + krb5_set_error_message(context, ret, + N_("Failed to copy NTLMResponse", "")); goto out; } -out: + out: free_DigestRepInner(&irep); return ret; } -krb5_error_code -krb5_ntlm_req_set_flags(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_flags(krb5_context context, krb5_ntlm ntlm, uint32_t flags) { @@ -1031,40 +1054,40 @@ krb5_ntlm_req_set_flags(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_username(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_username(krb5_context context, krb5_ntlm ntlm, const char *username) { ntlm->request.username = strdup(username); if (ntlm->request.username == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code -krb5_ntlm_req_set_targetname(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_targetname(krb5_context context, krb5_ntlm ntlm, const char *targetname) { ntlm->request.targetname = strdup(targetname); if (ntlm->request.targetname == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -krb5_error_code -krb5_ntlm_req_set_lm(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_lm(krb5_context context, krb5_ntlm ntlm, void *hash, size_t len) { ntlm->request.lm.data = malloc(len); - if (ntlm->request.lm.data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.lm.data == NULL && len != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.lm.length = len; @@ -1072,14 +1095,14 @@ krb5_ntlm_req_set_lm(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_ntlm(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_ntlm(krb5_context context, krb5_ntlm ntlm, void *hash, size_t len) { ntlm->request.ntlm.data = malloc(len); - if (ntlm->request.ntlm.data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.ntlm.data == NULL && len != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.ntlm.length = len; @@ -1087,14 +1110,14 @@ krb5_ntlm_req_set_ntlm(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_opaque(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_opaque(krb5_context context, krb5_ntlm ntlm, krb5_data *opaque) { ntlm->request.opaque.data = malloc(opaque->length); - if (ntlm->request.opaque.data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.opaque.data == NULL && opaque->length != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.opaque.length = opaque->length; @@ -1102,19 +1125,19 @@ krb5_ntlm_req_set_opaque(krb5_context context, return 0; } -krb5_error_code -krb5_ntlm_req_set_session(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_req_set_session(krb5_context context, krb5_ntlm ntlm, void *sessionkey, size_t length) { ntlm->request.sessionkey = calloc(1, sizeof(*ntlm->request.sessionkey)); if (ntlm->request.sessionkey == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ntlm->request.sessionkey->data = malloc(length); - if (ntlm->request.sessionkey->data == NULL) { - krb5_set_error_string(context, "out of memory"); + if (ntlm->request.sessionkey->data == NULL && length != 0) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(ntlm->request.sessionkey->data, sessionkey, length); @@ -1122,23 +1145,24 @@ krb5_ntlm_req_set_session(krb5_context context, return 0; } -krb5_boolean -krb5_ntlm_rep_get_status(krb5_context context, +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_ntlm_rep_get_status(krb5_context context, krb5_ntlm ntlm) { return ntlm->response.success ? TRUE : FALSE; } -krb5_error_code -krb5_ntlm_rep_get_sessionkey(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_ntlm_rep_get_sessionkey(krb5_context context, krb5_ntlm ntlm, krb5_data *data) { if (ntlm->response.sessionkey == NULL) { - krb5_set_error_string(context, "no ntlm session key"); + krb5_set_error_message(context, EINVAL, + N_("no ntlm session key", "")); return EINVAL; } - krb5_clear_error_string(context); + krb5_clear_error_message(context); return krb5_data_copy(data, ntlm->response.sessionkey->data, ntlm->response.sessionkey->length); @@ -1157,7 +1181,7 @@ krb5_ntlm_rep_get_sessionkey(krb5_context context, * @ingroup krb5_digest */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe(krb5_context context, krb5_realm realm, krb5_ccache ccache, @@ -1178,22 +1202,24 @@ krb5_digest_probe(krb5_context context, goto out; if (irep.element == choice_DigestRepInner_error) { - krb5_set_error_string(context, "Digest probe error: %s", - irep.u.error.reason); ret = irep.u.error.code; + krb5_set_error_message(context, ret, "Digest probe error: %s", + irep.u.error.reason); goto out; } if (irep.element != choice_DigestRepInner_supportedMechs) { - krb5_set_error_string(context, "Digest reply not an probe"); ret = EINVAL; + krb5_set_error_message(context, ret, "Digest reply not an probe"); goto out; } *flags = DigestTypes2int(irep.u.supportedMechs); -out: + out: free_DigestRepInner(&irep); return ret; } + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/doxygen.c b/crypto/heimdal/lib/krb5/doxygen.c index b7c6f8fcfdd..fec9a671930 100644 --- a/crypto/heimdal/lib/krb5/doxygen.c +++ b/crypto/heimdal/lib/krb5/doxygen.c @@ -1,67 +1,700 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007-2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id$"); /** - * + * */ -/*! \mainpage Heimdal Kerberos 5 library +/*! @mainpage Heimdal Kerberos 5 library * - * \section intro Introduction + * @section intro Introduction * * Heimdal libkrb5 library is a implementation of the Kerberos * protocol. - * + * * Kerberos is a system for authenticating users and services on a * network. It is built upon the assumption that the network is * ``unsafe''. For example, data sent over the network can be * eavesdropped and altered, and addresses can also be faked. * Therefore they cannot be used for authentication purposes. * - * The project web page:\n - * http://www.h5l.org/ + * + * - @ref krb5_introduction + * - @ref krb5_principal_intro + * - @ref krb5_ccache_intro + * - @ref krb5_keytab_intro + * + * If you want to know more about the file formats that is used by + * Heimdal, please see: @ref krb5_fileformats + * + * The project web page: http://www.h5l.org/ * */ /** @defgroup krb5 Heimdal Kerberos 5 library */ /** @defgroup krb5_address Heimdal Kerberos 5 address functions */ +/** @defgroup krb5_principal Heimdal Kerberos 5 principal functions */ /** @defgroup krb5_ccache Heimdal Kerberos 5 credential cache functions */ +/** @defgroup krb5_crypto Heimdal Kerberos 5 cryptography functions */ /** @defgroup krb5_credential Heimdal Kerberos 5 credential handing functions */ /** @defgroup krb5_deprecated Heimdal Kerberos 5 deprecated functions */ /** @defgroup krb5_digest Heimdal Kerberos 5 digest service */ /** @defgroup krb5_error Heimdal Kerberos 5 error reporting functions */ +/** @defgroup krb5_keytab Heimdal Kerberos 5 keytab handling functions */ +/** @defgroup krb5_ticket Heimdal Kerberos 5 ticket functions */ +/** @defgroup krb5_pac Heimdal Kerberos 5 PAC handling functions */ /** @defgroup krb5_v4compat Heimdal Kerberos 4 compatiblity functions */ +/** @defgroup krb5_storage Heimdal Kerberos 5 storage functions */ /** @defgroup krb5_support Heimdal Kerberos 5 support functions */ +/** @defgroup krb5_auth Heimdal Kerberos 5 authentication functions */ + + +/** + * @page krb5_introduction Introduction to the Kerberos 5 API + * @section api_overview Kerberos 5 API Overview + * + * All functions are documented in manual pages. This section tries + * to give an overview of the major components used in Kerberos + * library, and point to where to look for a specific function. + * + * @subsection intro_krb5_context Kerberos context + * + * A kerberos context (krb5_context) holds all per thread state. All + * global variables that are context specific are stored in this + * structure, including default encryption types, credential cache + * (for example, a ticket file), and default realms. + * + * The internals of the structure should never be accessed directly, + * functions exist for extracting information. + * + * See the manual page for krb5_init_context() how to create a context + * and module @ref krb5 for more information about the functions. + * + * @subsection intro_krb5_auth_context Kerberos authentication context + * + * Kerberos authentication context (krb5_auth_context) holds all + * context related to an authenticated connection, in a similar way to + * the kerberos context that holds the context for the thread or + * process. + * + * The krb5_auth_context is used by various functions that are + * directly related to authentication between the + * server/client. Example of data that this structure contains are + * various flags, addresses of client and server, port numbers, + * keyblocks (and subkeys), sequence numbers, replay cache, and + * checksum types. + * + * @subsection intro_krb5_principal Kerberos principal + * + * The Kerberos principal is the structure that identifies a user or + * service in Kerberos. The structure that holds the principal is the + * krb5_principal. There are function to extract the realm and + * elements of the principal, but most applications have no reason to + * inspect the content of the structure. + * + * The are several ways to create a principal (with different degree of + * portability), and one way to free it. + * + * See also the page @ref krb5_principal_intro for more information and also + * module @ref krb5_principal. + * + * @subsection intro_krb5_ccache Credential cache + * + * A credential cache holds the tickets for a user. A given user can + * have several credential caches, one for each realm where the user + * have the initial tickets (the first krbtgt). + * + * The credential cache data can be stored internally in different + * way, each of them for different proposes. File credential (FILE) + * caches and processes based (KCM) caches are for permanent + * storage. While memory caches (MEMORY) are local caches to the local + * process. + * + * Caches are opened with krb5_cc_resolve() or created with + * krb5_cc_new_unique(). + * + * If the cache needs to be opened again (using krb5_cc_resolve()) + * krb5_cc_close() will close the handle, but not the remove the + * cache. krb5_cc_destroy() will zero out the cache, remove the cache + * so it can no longer be referenced. + * + * See also @ref krb5_ccache_intro and @ref krb5_ccache . + * + * @subsection intro_krb5_error_code Kerberos errors + * + * Kerberos errors are based on the com_err library. All error codes are + * 32-bit signed numbers, the first 24 bits define what subsystem the + * error originates from, and last 8 bits are 255 error codes within the + * library. Each error code have fixed string associated with it. For + * example, the error-code -1765328383 have the symbolic name + * KRB5KDC_ERR_NAME_EXP, and associated error string ``Client's entry in + * database has expired''. + * + * This is a great improvement compared to just getting one of the unix + * error-codes back. However, Heimdal have an extention to pass back + * customised errors messages. Instead of getting ``Key table entry not + * found'', the user might back ``failed to find + * host/host.example.com\@EXAMLE.COM(kvno 3) in keytab /etc/krb5.keytab + * (des-cbc-crc)''. This improves the chance that the user find the + * cause of the error so you should use the customised error message + * whenever it's available. + * + * See also module @ref krb5_error . + * + * + * @subsection intro_krb5_keytab Keytab management + * + * A keytab is a storage for locally stored keys. Heimdal includes keytab + * support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, + * and for storing keys in memory. + * + * Keytabs are used for servers and long-running services. + * + * See also @ref krb5_keytab_intro and @ref krb5_keytab . + * + * @subsection intro_krb5_crypto Kerberos crypto + * + * Heimdal includes a implementation of the Kerberos crypto framework, + * all crypto operations. To create a crypto context call krb5_crypto_init(). + * + * See also module @ref krb5_crypto . + * + * @section kerberos5_client Walkthrough of a sample Kerberos 5 client + * + * This example contains parts of a sample TCP Kerberos 5 clients, if you + * want a real working client, please look in appl/test directory in + * the Heimdal distribution. + * + * All Kerberos error-codes that are returned from kerberos functions in + * this program are passed to krb5_err, that will print a + * descriptive text of the error code and exit. Graphical programs can + * convert error-code to a human readable error-string with the + * krb5_get_error_message() function. + * + * Note that you should not use any Kerberos function before + * krb5_init_context() have completed successfully. That is the + * reason err() is used when krb5_init_context() fails. + * + * First the client needs to call krb5_init_context to initialise + * the Kerberos 5 library. This is only needed once per thread + * in the program. If the function returns a non-zero value it indicates + * that either the Kerberos implementation is failing or it's disabled on + * this host. + * + * @code + * #include + * + * int + * main(int argc, char **argv) + * { + * krb5_context context; + * + * if (krb5_init_context(&context)) + * errx (1, "krb5_context"); + * @endcode + * + * Now the client wants to connect to the host at the other end. The + * preferred way of doing this is using getaddrinfo (for + * operating system that have this function implemented), since getaddrinfo + * is neutral to the address type and can use any protocol that is available. + * + * @code + * struct addrinfo *ai, *a; + * struct addrinfo hints; + * int error; + * + * memset (&hints, 0, sizeof(hints)); + * hints.ai_socktype = SOCK_STREAM; + * hints.ai_protocol = IPPROTO_TCP; + * + * error = getaddrinfo (hostname, "pop3", &hints, &ai); + * if (error) + * errx (1, "%s: %s", hostname, gai_strerror(error)); + * + * for (a = ai; a != NULL; a = a->ai_next) { + * int s; + * + * s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + * if (s < 0) + * continue; + * if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + * warn ("connect(%s)", hostname); + * close (s); + * continue; + * } + * freeaddrinfo (ai); + * ai = NULL; + * } + * if (ai) { + * freeaddrinfo (ai); + * errx ("failed to contact %s", hostname); + * } + * @endcode + * + * Before authenticating, an authentication context needs to be + * created. This context keeps all information for one (to be) authenticated + * connection (see krb5_auth_context). + * + * @code + * status = krb5_auth_con_init (context, &auth_context); + * if (status) + * krb5_err (context, 1, status, "krb5_auth_con_init"); + * @endcode + * + * For setting the address in the authentication there is a help function + * krb5_auth_con_setaddrs_from_fd() that does everything that is needed + * when given a connected file descriptor to the socket. + * + * @code + * status = krb5_auth_con_setaddrs_from_fd (context, + * auth_context, + * &sock); + * if (status) + * krb5_err (context, 1, status, + * "krb5_auth_con_setaddrs_from_fd"); + * @endcode + * + * The next step is to build a server principal for the service we want + * to connect to. (See also krb5_sname_to_principal().) + * + * @code + * status = krb5_sname_to_principal (context, + * hostname, + * service, + * KRB5_NT_SRV_HST, + * &server); + * if (status) + * krb5_err (context, 1, status, "krb5_sname_to_principal"); + * @endcode + * + * The client principal is not passed to krb5_sendauth() + * function, this causes the krb5_sendauth() function to try to figure it + * out itself. + * + * The server program is using the function krb5_recvauth() to + * receive the Kerberos 5 authenticator. + * + * In this case, mutual authentication will be tried. That means that the server + * will authenticate to the client. Using mutual authentication + * is good since it enables the user to verify that they are talking to the + * right server (a server that knows the key). + * + * If you are using a non-blocking socket you will need to do all work of + * krb5_sendauth() yourself. Basically you need to send over the + * authenticator from krb5_mk_req() and, in case of mutual + * authentication, verifying the result from the server with + * krb5_rd_rep(). + * + * @code + * status = krb5_sendauth (context, + * &auth_context, + * &sock, + * VERSION, + * NULL, + * server, + * AP_OPTS_MUTUAL_REQUIRED, + * NULL, + * NULL, + * NULL, + * NULL, + * NULL, + * NULL); + * if (status) + * krb5_err (context, 1, status, "krb5_sendauth"); + * @endcode + * + * Once authentication has been performed, it is time to send some + * data. First we create a krb5_data structure, then we sign it with + * krb5_mk_safe() using the auth_context that contains the + * session-key that was exchanged in the + * krb5_sendauth()/krb5_recvauth() authentication + * sequence. + * + * @code + * data.data = "hej"; + * data.length = 3; + * + * krb5_data_zero (&packet); + * + * status = krb5_mk_safe (context, + * auth_context, + * &data, + * &packet, + * NULL); + * if (status) + * krb5_err (context, 1, status, "krb5_mk_safe"); + * @endcode + * + * And send it over the network. + * + * @code + * len = packet.length; + * net_len = htonl(len); + * + * if (krb5_net_write (context, &sock, &net_len, 4) != 4) + * err (1, "krb5_net_write"); + * if (krb5_net_write (context, &sock, packet.data, len) != len) + * err (1, "krb5_net_write"); + * @endcode + * + * To send encrypted (and signed) data krb5_mk_priv() should be + * used instead. krb5_mk_priv() works the same way as + * krb5_mk_safe(), with the exception that it encrypts the data + * in addition to signing it. + * + * @code + * data.data = "hemligt"; + * data.length = 7; + * + * krb5_data_free (&packet); + * + * status = krb5_mk_priv (context, + * auth_context, + * &data, + * &packet, + * NULL); + * if (status) + * krb5_err (context, 1, status, "krb5_mk_priv"); + * @endcode + * + * And send it over the network. + * + * @code + * len = packet.length; + * net_len = htonl(len); + * + * if (krb5_net_write (context, &sock, &net_len, 4) != 4) + * err (1, "krb5_net_write"); + * if (krb5_net_write (context, &sock, packet.data, len) != len) + * err (1, "krb5_net_write"); + * + * @endcode + * + * The server is using krb5_rd_safe() and + * krb5_rd_priv() to verify the signature and decrypt the packet. + * + * @section intro_krb5_verify_user Validating a password in an application + * + * See the manual page for krb5_verify_user(). + * + * @section mit_differences API differences to MIT Kerberos + * + * This section is somewhat disorganised, but so far there is no overall + * structure to the differences, though some of the have their root in + * that Heimdal uses an ASN.1 compiler and MIT doesn't. + * + * @subsection mit_krb5_principal Principal and realms + * + * Heimdal stores the realm as a krb5_realm, that is a char *. + * MIT Kerberos uses a krb5_data to store a realm. + * + * In Heimdal krb5_principal doesn't contain the component + * name_type; it's instead stored in component + * name.name_type. To get and set the nametype in Heimdal, use + * krb5_principal_get_type() and + * krb5_principal_set_type(). + * + * For more information about principal and realms, see + * krb5_principal. + * + * @subsection mit_krb5_error_code Error messages + * + * To get the error string, Heimdal uses + * krb5_get_error_message(). This is to return custom error messages + * (like ``Can't find host/datan.example.com\@CODE.COM in + * /etc/krb5.conf.'' instead of a ``Key table entry not found'' that + * error_message returns. + * + * Heimdal uses a threadsafe(r) version of the com_err interface; the + * global com_err table isn't initialised. Then + * error_message returns quite a boring error string (just + * the error code itself). + * + * + */ + +/** + * + * + * @page krb5_fileformats File formats + * + * @section fileformats File formats + * + * This section documents the diffrent file formats that are used in + * Heimdal and other Kerberos implementations. + * + * @subsection file_keytab keytab + * + * The keytab binary format is not a standard format. The format has + * evolved and may continue to. It is however understood by several + * Kerberos implementations including Heimdal, MIT, Sun's Java ktab and + * are created by the ktpass.exe utility from Windows. So it has + * established itself as the defacto format for storing Kerberos keys. + * + * The following C-like structure definitions illustrate the MIT keytab + * file format. All values are in network byte order. All text is ASCII. + * + * @code + * keytab { + * uint16_t file_format_version; # 0x502 + * keytab_entry entries[*]; + * }; + * + * keytab_entry { + * int32_t size; + * uint16_t num_components; # subtract 1 if version 0x501 + * counted_octet_string realm; + * counted_octet_string components[num_components]; + * uint32_t name_type; # not present if version 0x501 + * uint32_t timestamp; + * uint8_t vno8; + * keyblock key; + * uint32_t vno; #only present if >= 4 bytes left in entry + * uint32_t flags; #only present if >= 4 bytes left in entry + * }; + * + * counted_octet_string { + * uint16_t length; + * uint8_t data[length]; + * }; + * + * keyblock { + * uint16_t type; + * counted_octet_string; + * }; + * @endcode + * + * All numbers are stored in network byteorder (big endian) format. + * + * The keytab file format begins with the 16 bit file_format_version which + * at the time this document was authored is 0x502. The format of older + * keytabs is described at the end of this document. + * + * The file_format_version is immediately followed by an array of + * keytab_entry structures which are prefixed with a 32 bit size indicating + * the number of bytes that follow in the entry. Note that the size should be + * evaluated as signed. This is because a negative value indicates that the + * entry is in fact empty (e.g. it has been deleted) and that the negative + * value of that negative value (which is of course a positive value) is + * the offset to the next keytab_entry. Based on these size values alone + * the entire keytab file can be traversed. + * + * The size is followed by a 16 bit num_components field indicating the + * number of counted_octet_string components in the components array. + * + * The num_components field is followed by a counted_octet_string + * representing the realm of the principal. + * + * A counted_octet_string is simply an array of bytes prefixed with a 16 + * bit length. For the realm and name components, the counted_octet_string + * bytes are ASCII encoded text with no zero terminator. + * + * Following the realm is the components array that represents the name of + * the principal. The text of these components may be joined with slashs + * to construct the typical SPN representation. For example, the service + * principal HTTP/www.foo.net\@FOO.NET would consist of name components + * "HTTP" followed by "www.foo.net". + * + * Following the components array is the 32 bit name_type (e.g. 1 is + * KRB5_NT_PRINCIPAL, 2 is KRB5_NT_SRV_INST, 5 is KRB5_NT_UID, etc). In + * practice the name_type is almost certainly 1 meaning KRB5_NT_PRINCIPAL. + * + * The 32 bit timestamp indicates the time the key was established for that + * principal. The value represents the number of seconds since Jan 1, 1970. + * + * The 8 bit vno8 field is the version number of the key. This value is + * overridden by the 32 bit vno field if it is present. The vno8 field is + * filled with the lower 8 bits of the 32 bit protocol kvno field. + * + * The keyblock structure consists of a 16 bit value indicating the + * encryption type and is a counted_octet_string containing the key. The + * encryption type is the same as the Kerberos standard (e.g. 3 is + * des-cbc-md5, 23 is arcfour-hmac-md5, etc). + * + * The last field of the keytab_entry structure is optional. If the size of + * the keytab_entry indicates that there are at least 4 bytes remaining, + * a 32 bit value representing the key version number is present. This + * value supersedes the 8 bit vno8 value preceeding the keyblock. + * + * Older keytabs with a file_format_version of 0x501 are different in + * three ways: + * + * - All integers are in host byte order [1]. + * - The num_components field is 1 too large (i.e. after decoding, decrement by 1). + * - The 32 bit name_type field is not present. + * + * [1] The file_format_version field should really be treated as two + * separate 8 bit quantities representing the major and minor version + * number respectively. + * + * @subsection file_hdb_dump Heimdal database dump file + * + * Format of the Heimdal text dump file as of Heimdal 0.6.3: + * + * Each line in the dump file is one entry in the database. + * + * Each field of a line is separated by one or more spaces, with the + * exception of fields consisting of principals containing spaces, where + * space can be quoted with \ and \ is quoted by \. + * + * Fields and their types are: + * + * @code + * Quoted princial (quote character is \) [string] + * Keys [keys] + * Created by [event] + * Modified by [event optional] + * Valid start time [time optional] + * Valid end time [time optional] + * Password end valid time [time optional] + * Max lifetime of ticket [time optional] + * Max renew time of ticket [integer optional] + * Flags [hdb flags] + * Generation number [generation optional] + * Extensions [extentions optional] + * @endcode + * + * Fields following these silently are ignored. + * + * All optional fields will be skipped if they fail to parse (or comprise + * the optional field marker of "-", w/o quotes). + * + * Example: + * + * @code + * fred\@CODE.COM 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- 20020415130120:admin\@CODE.COM 20041221112428:fred\@CODE.COM - - - 86400 604800 126 20020415130120:793707:28 - + * @endcode + * + * Encoding of types are as follows: + * + * - keys + * + * @code + * kvno:[masterkvno:keytype:keydata:salt]{zero or more separated by :} + * @endcode + * + * kvno is the key version number. + * + * keydata is hex-encoded + * + * masterkvno is the kvno of the database master key. If this field is + * empty, the kadmin load and merge operations will encrypt the key data + * with the master key if there is one. Otherwise the key data will be + * imported asis. + * + * salt is encoded as "-" (no/default salt) or + * + * @code + * salt-type / + * salt-type / "string" + * salt-type / hex-encoded-data + * @endcode + * + * keytype is the protocol enctype number; see enum ENCTYPE in + * include/krb5_asn1.h for values. + * + * Example: + * @code + * 27:1:16:e8b4c8fc7e60b9e641dcf4cff3f08a701d982a2f89ba373733d26ca59ba6c789666f6b8bfcf169412bb1e5dceb9b33cda29f3412:-:1:3:4498a933881178c744f4232172dcd774c64e81fa6d05ecdf643a7e390624a0ebf3c7407a:-:1:2:b01934b13eb795d76f3a80717d469639b4da0cfb644161340ef44fdeb375e54d684dbb85:-:1:1:ea8e16d8078bf60c781da90f508d4deccba70595258b9d31888d33987cd31af0c9cced2e:- + * @endcode + * + * + * @code + * kvno=27,{key: masterkvno=1,keytype=des3-cbc-sha1,keydata=..., default salt}... + * @endcode + * + * - time + * + * Format of the time is: YYYYmmddHHMMSS, corresponding to strftime + * format "%Y%m%d%k%M%S". + * + * Time is expressed in UTC. + * + * Time can be optional (using -), when the time 0 is used. + * + * Example: + * + * @code + * 20041221112428 + * @endcode + * + * - event + * + * @code + * time:principal + * @endcode + * + * time is as given in format time + * + * principal is a string. Not quoting it may not work in earlier + * versions of Heimdal. + * + * Example: + * @code + * 20041221112428:bloggs\@CODE.COM + * @endcode + * + * - hdb flags + * + * Integer encoding of HDB flags, see HDBFlags in lib/hdb/hdb.asn1. Each + * bit in the integer is the same as the bit in the specification. + * + * - generation: + * + * @code + * time:usec:gen + * @endcode + * + * + * usec is a the microsecond, integer. + * gen is generation number, integer. + * + * The generation can be defaulted (using '-') or the empty string + * + * - extensions: + * + * @code + * first-hex-encoded-HDB-Extension[:second-...] + * @endcode + * + * HDB-extension is encoded the DER encoded HDB-Extension from + * lib/hdb/hdb.asn1. Consumers HDB extensions should be aware that + * unknown entires needs to be preserved even thought the ASN.1 data + * content might be unknown. There is a critical flag in the data to show + * to the KDC that the entry MUST be understod if the entry is to be + * used. + * + * + */ diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c index 19315cea867..ef11e370f44 100644 --- a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $"); +#include "krb5_locl.h" /** * Convert the getaddrinfo() error code to a Kerberos et error code. @@ -46,7 +44,7 @@ RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $"); * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno(int eai_errno, int system_error) { switch(eai_errno) { @@ -76,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) return HEIM_EAI_SERVICE; case EAI_SOCKTYPE: return HEIM_EAI_SOCKTYPE; +#ifdef EAI_SYSTEM case EAI_SYSTEM: return system_error; +#endif default: return HEIM_EAI_UNKNOWN; /* XXX */ } @@ -94,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error) * @ingroup krb5_error */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno(int eai_errno) { switch(eai_errno) { diff --git a/crypto/heimdal/lib/krb5/error_string.c b/crypto/heimdal/lib/krb5/error_string.c index ff6e98a3dca..1bfbad0bfb0 100644 --- a/crypto/heimdal/lib/krb5/error_string.c +++ b/crypto/heimdal/lib/krb5/error_string.c @@ -1,91 +1,196 @@ /* - * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: error_string.c 22142 2007-12-04 16:56:02Z lha $"); - #undef __attribute__ -#define __attribute__(X) +#define __attribute__(x) -void KRB5_LIB_FUNCTION -krb5_free_error_string(krb5_context context, char *str) +/** + * Clears the error message from the Kerberos 5 context. + * + * @param context The Kerberos 5 context to clear + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_clear_error_message(krb5_context context) { HEIMDAL_MUTEX_lock(context->mutex); - if (str != context->error_buf) - free(str); - HEIMDAL_MUTEX_unlock(context->mutex); -} - -void KRB5_LIB_FUNCTION -krb5_clear_error_string(krb5_context context) -{ - HEIMDAL_MUTEX_lock(context->mutex); - if (context->error_string != NULL - && context->error_string != context->error_buf) + if (context->error_string) free(context->error_string); + context->error_code = 0; context->error_string = NULL; HEIMDAL_MUTEX_unlock(context->mutex); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_error_string(krb5_context context, const char *fmt, ...) - __attribute__((format (printf, 2, 3))) +/** + * Set the context full error string for a specific error code. + * The error that is stored should be internationalized. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param ... printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_set_error_message(krb5_context context, krb5_error_code ret, + const char *fmt, ...) + __attribute__ ((format (printf, 3, 4))) { - krb5_error_code ret; va_list ap; va_start(ap, fmt); - ret = krb5_vset_error_string (context, fmt, ap); + krb5_vset_error_message (context, ret, fmt, ap); va_end(ap); - return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) - __attribute__ ((format (printf, 2, 0))) +/** + * Set the context full error string for a specific error code. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param args printf(3) style parameters. + * + * @ingroup krb5_error + */ + + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_vset_error_message (krb5_context context, krb5_error_code ret, + const char *fmt, va_list args) + __attribute__ ((format (printf, 3, 0))) { - krb5_clear_error_string(context); + int r; + + if (context == NULL) + return; + HEIMDAL_MUTEX_lock(context->mutex); - vasprintf(&context->error_string, fmt, args); - if(context->error_string == NULL) { - vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args); - context->error_string = context->error_buf; + if (context->error_string) { + free(context->error_string); + context->error_string = NULL; } + context->error_code = ret; + r = vasprintf(&context->error_string, fmt, args); + if (r < 0) + context->error_string = NULL; HEIMDAL_MUTEX_unlock(context->mutex); - return 0; } +/** + * Prepend the context full error string for a specific error code. + * The error that is stored should be internationalized. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param ... printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_prepend_error_message(krb5_context context, krb5_error_code ret, + const char *fmt, ...) + __attribute__ ((format (printf, 3, 4))) +{ + va_list ap; + + va_start(ap, fmt); + krb5_vprepend_error_message(context, ret, fmt, ap); + va_end(ap); +} + +/** + * Prepend the contexts's full error string for a specific error code. + * + * The if context is NULL, no error string is stored. + * + * @param context Kerberos 5 context + * @param ret The error code + * @param fmt Error string for the error code + * @param args printf(3) style parameters. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_vprepend_error_message(krb5_context context, krb5_error_code ret, + const char *fmt, va_list args) + __attribute__ ((format (printf, 3, 0))) +{ + char *str = NULL, *str2 = NULL; + + if (context == NULL) + return; + + HEIMDAL_MUTEX_lock(context->mutex); + if (context->error_code != ret) { + HEIMDAL_MUTEX_unlock(context->mutex); + return; + } + if (vasprintf(&str, fmt, args) < 0 || str == NULL) { + HEIMDAL_MUTEX_unlock(context->mutex); + return; + } + if (context->error_string) { + int e; + + e = asprintf(&str2, "%s: %s", str, context->error_string); + free(context->error_string); + if (e < 0 || str2 == NULL) + context->error_string = NULL; + else + context->error_string = str2; + free(str); + } else + context->error_string = str; + HEIMDAL_MUTEX_unlock(context->mutex); +} + + /** * Return the error message in context. On error or no error string, * the function returns NULL. @@ -93,12 +198,12 @@ krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) * @param context Kerberos 5 context * * @return an error string, needs to be freed with - * krb5_free_error_string(). The functions return NULL on error. + * krb5_free_error_message(). The functions return NULL on error. * * @ingroup krb5_error */ -char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL krb5_get_error_string(krb5_context context) { char *ret = NULL; @@ -110,7 +215,7 @@ krb5_get_error_string(krb5_context context) return ret; } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_have_error_string(krb5_context context) { char *str; @@ -121,35 +226,117 @@ krb5_have_error_string(krb5_context context) } /** - * Return the error message for `code' in context. On error the - * function returns NULL. + * Return the error message for `code' in context. On memory + * allocation error the function returns NULL. * * @param context Kerberos 5 context * @param code Error code related to the error * * @return an error string, needs to be freed with - * krb5_free_error_string(). The functions return NULL on error. + * krb5_free_error_message(). The functions return NULL on error. * * @ingroup krb5_error */ -char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_get_error_message(krb5_context context, krb5_error_code code) { - const char *cstr; - char *str; + char *str = NULL; + const char *cstr = NULL; + char buf[128]; + int free_context = 0; - str = krb5_get_error_string(context); - if (str) - return str; + if (code == 0) + return strdup("Success"); + + /* + * The MIT version of this function ignores the krb5_context + * and several widely deployed applications call krb5_get_error_message() + * with a NULL context in order to translate an error code as a + * replacement for error_message(). Another reason a NULL context + * might be provided is if the krb5_init_context() call itself + * failed. + */ + if (context) + { + HEIMDAL_MUTEX_lock(context->mutex); + if (context->error_string && + (code == context->error_code || context->error_code == 0)) + { + str = strdup(context->error_string); + } + HEIMDAL_MUTEX_unlock(context->mutex); + + if (str) + return str; + } + else + { + if (krb5_init_context(&context) == 0) + free_context = 1; + } + + if (context) + cstr = com_right_r(context->et_list, code, buf, sizeof(buf)); + + if (free_context) + krb5_free_context(context); - cstr = krb5_get_err_text(context, code); if (cstr) - return strdup(cstr); + return strdup(cstr); - if (asprintf(&str, "", code) == -1) + cstr = error_message(code); + if (cstr) + return strdup(cstr); + + if (asprintf(&str, "", (int)code) == -1 || str == NULL) return NULL; return str; } + +/** + * Free the error message returned by krb5_get_error_message(). + * + * @param context Kerberos context + * @param msg error message to free, returned byg + * krb5_get_error_message(). + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error_message(krb5_context context, const char *msg) +{ + free(rk_UNCONST(msg)); +} + + +/** + * Return the error string for the error code. The caller must not + * free the string. + * + * This function is deprecated since its not threadsafe. + * + * @param context Kerberos 5 context. + * @param code Kerberos error code. + * + * @return the error message matching code + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL +krb5_get_err_text(krb5_context context, krb5_error_code code) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + const char *p = NULL; + if(context != NULL) + p = com_right(context->et_list, code); + if(p == NULL) + p = strerror(code); + if (p == NULL) + p = "Unknown error"; + return p; +} diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c index 28e39afb42f..7b638d5f017 100644 --- a/crypto/heimdal/lib/krb5/expand_hostname.c +++ b/crypto/heimdal/lib/krb5/expand_hostname.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c 22229 2007-12-08 21:40:59Z lha $"); - static krb5_error_code copy_hostname(krb5_context context, const char *orig_hostname, @@ -42,19 +40,30 @@ copy_hostname(krb5_context context, { *new_hostname = strdup (orig_hostname); if (*new_hostname == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } strlwr (*new_hostname); return 0; } -/* - * Try to make `orig_hostname' into a more canonical one in the newly - * allocated space returned in `new_hostname'. +/** + * krb5_expand_hostname() tries to make orig_hostname into a more + * canonical one in the newly allocated space returned in + * new_hostname. + + * @param context a Keberos context + * @param orig_hostname hostname to canonicalise. + * @param new_hostname output hostname, caller must free hostname with + * krb5_xfree(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname (krb5_context context, const char *orig_hostname, char **new_hostname) @@ -76,7 +85,8 @@ krb5_expand_hostname (krb5_context context, *new_hostname = strdup (a->ai_canonname); freeaddrinfo (ai); if (*new_hostname == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } else { return 0; @@ -112,12 +122,25 @@ vanilla_hostname (krb5_context context, return 0; } -/* - * expand `hostname' to a name we believe to be a hostname in newly - * allocated space in `host' and return realms in `realms'. +/** + * krb5_expand_hostname_realms() expands orig_hostname to a name we + * believe to be a hostname in newly allocated space in new_hostname + * and return the realms new_hostname is believed to belong to in + * realms. + * + * @param context a Keberos context + * @param orig_hostname hostname to canonicalise. + * @param new_hostname output hostname, caller must free hostname with + * krb5_xfree(). + * @param realms output possible realms, is an array that is terminated + * with NULL. Caller must free with krb5_free_host_realm(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms (krb5_context context, const char *orig_hostname, char **new_hostname, diff --git a/crypto/heimdal/lib/krb5/expand_path.c b/crypto/heimdal/lib/krb5/expand_path.c new file mode 100644 index 00000000000..4c4898a79ea --- /dev/null +++ b/crypto/heimdal/lib/krb5/expand_path.c @@ -0,0 +1,500 @@ + +/*********************************************************************** + * Copyright (c) 2009, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#include "krb5_locl.h" + +typedef int PTYPE; + +#ifdef _WIN32 +#include +#include + +/* + * Expand a %{TEMP} token + * + * The %{TEMP} token expands to the temporary path for the current + * user as returned by GetTempPath(). + * + * @note: Since the GetTempPath() function relies on the TMP or TEMP + * environment variables, this function will failover to the system + * temporary directory until the user profile is loaded. In addition, + * the returned path may or may not exist. + */ +static int +_expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char **ret) +{ + TCHAR tpath[MAX_PATH]; + size_t len; + + if (!GetTempPath(sizeof(tpath)/sizeof(tpath[0]), tpath)) { + if (context) + krb5_set_error_message(context, EINVAL, + "Failed to get temporary path (GLE=%d)", + GetLastError()); + return EINVAL; + } + + len = strlen(tpath); + + if (len > 0 && tpath[len - 1] == '\\') + tpath[len - 1] = '\0'; + + *ret = strdup(tpath); + + if (*ret == NULL) { + if (context) + krb5_set_error_message(context, ENOMEM, "strdup - Out of memory"); + return ENOMEM; + } + + return 0; +} + +extern HINSTANCE _krb5_hInstance; + +/* + * Expand a %{BINDIR} token + * + * This is also used to expand a few other tokens on Windows, since + * most of the executable binaries end up in the same directory. The + * "bin" directory is considered to be the directory in which the + * krb5.dll is located. + */ +static int +_expand_bin_dir(krb5_context context, PTYPE param, const char *postfix, char **ret) +{ + TCHAR path[MAX_PATH]; + TCHAR *lastSlash; + DWORD nc; + + nc = GetModuleFileName(_krb5_hInstance, path, sizeof(path)/sizeof(path[0])); + if (nc == 0 || + nc == sizeof(path)/sizeof(path[0])) { + return EINVAL; + } + + lastSlash = strrchr(path, '\\'); + if (lastSlash != NULL) { + TCHAR *fslash = strrchr(lastSlash, '/'); + + if (fslash != NULL) + lastSlash = fslash; + + *lastSlash = '\0'; + } + + if (postfix) { + if (strlcat(path, postfix, sizeof(path)/sizeof(path[0])) >= sizeof(path)/sizeof(path[0])) + return EINVAL; + } + + *ret = strdup(path); + if (*ret == NULL) + return ENOMEM; + + return 0; +} + +/* + * Expand a %{USERID} token + * + * The %{USERID} token expands to the string representation of the + * user's SID. The user account that will be used is the account + * corresponding to the current thread's security token. This means + * that: + * + * - If the current thread token has the anonymous impersonation + * level, the call will fail. + * + * - If the current thread is impersonating a token at + * SecurityIdentification level the call will fail. + * + */ +static int +_expand_userid(krb5_context context, PTYPE param, const char *postfix, char **ret) +{ + int rv = EINVAL; + HANDLE hThread = NULL; + HANDLE hToken = NULL; + PTOKEN_OWNER pOwner = NULL; + DWORD len = 0; + LPTSTR strSid = NULL; + + hThread = GetCurrentThread(); + + if (!OpenThreadToken(hThread, TOKEN_QUERY, + FALSE, /* Open the thread token as the + current thread user. */ + &hToken)) { + + DWORD le = GetLastError(); + + if (le == ERROR_NO_TOKEN) { + HANDLE hProcess = GetCurrentProcess(); + + le = 0; + if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) + le = GetLastError(); + } + + if (le != 0) { + if (context) + krb5_set_error_message(context, rv, + "Can't open thread token (GLE=%d)", le); + goto _exit; + } + } + + if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len)) { + if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + if (context) + krb5_set_error_message(context, rv, + "Unexpected error reading token information (GLE=%d)", + GetLastError()); + goto _exit; + } + + if (len == 0) { + if (context) + krb5_set_error_message(context, rv, + "GetTokenInformation() returned truncated buffer"); + goto _exit; + } + + pOwner = malloc(len); + if (pOwner == NULL) { + if (context) + krb5_set_error_message(context, rv, "Out of memory"); + goto _exit; + } + } else { + if (context) + krb5_set_error_message(context, rv, "GetTokenInformation() returned truncated buffer"); + goto _exit; + } + + if (!GetTokenInformation(hToken, TokenOwner, pOwner, len, &len)) { + if (context) + krb5_set_error_message(context, rv, "GetTokenInformation() failed. GLE=%d", GetLastError()); + goto _exit; + } + + if (!ConvertSidToStringSid(pOwner->Owner, &strSid)) { + if (context) + krb5_set_error_message(context, rv, "Can't convert SID to string. GLE=%d", GetLastError()); + goto _exit; + } + + *ret = strdup(strSid); + if (*ret == NULL && context) + krb5_set_error_message(context, rv, "Out of memory"); + + rv = 0; + + _exit: + if (hToken != NULL) + CloseHandle(hToken); + + if (pOwner != NULL) + free (pOwner); + + if (strSid != NULL) + LocalFree(strSid); + + return rv; +} + +/* + * Expand a folder identified by a CSIDL + */ + +static int +_expand_csidl(krb5_context context, PTYPE folder, const char *postfix, char **ret) +{ + TCHAR path[MAX_PATH]; + size_t len; + + if (SHGetFolderPath(NULL, folder, NULL, SHGFP_TYPE_CURRENT, path) != S_OK) { + if (context) + krb5_set_error_message(context, EINVAL, "Unable to determine folder path"); + return EINVAL; + } + + len = strlen(path); + + if (len > 0 && path[len - 1] == '\\') + path[len - 1] = '\0'; + + if (postfix && + strlcat(path, postfix, sizeof(path)/sizeof(path[0])) >= sizeof(path)/sizeof(path[0])) { + return ENOMEM; + } + + *ret = strdup(path); + if (*ret == NULL) { + if (context) + krb5_set_error_message(context, ENOMEM, "Out of memory"); + return ENOMEM; + } + return 0; +} + +#else + +static int +_expand_path(krb5_context context, PTYPE param, const char *postfix, char **ret) +{ + *ret = strdup(postfix); + if (*ret == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + return ENOMEM; + } + return 0; +} + +static int +_expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char **ret) +{ + const char *p = NULL; + + if (issuid()) + p = getenv("TEMP"); + if (p) + *ret = strdup(p); + else + *ret = strdup("/tmp"); + if (*ret == NULL) + return ENOMEM; + return 0; +} + +static int +_expand_userid(krb5_context context, PTYPE param, const char *postfix, char **str) +{ + int ret = asprintf(str, "%ld", (unsigned long)getuid()); + if (ret < 0 || *str == NULL) + return ENOMEM; + return 0; +} + + +#endif /* _WIN32 */ + +/** + * Expand a %{null} token + * + * The expansion of a %{null} token is always the empty string. + */ + +static int +_expand_null(krb5_context context, PTYPE param, const char *postfix, char **ret) +{ + *ret = strdup(""); + if (*ret == NULL) { + if (context) + krb5_set_error_message(context, ENOMEM, "Out of memory"); + return ENOMEM; + } + return 0; +} + + +static const struct token { + const char * tok; + int ftype; +#define FTYPE_CSIDL 0 +#define FTYPE_SPECIAL 1 + + PTYPE param; + const char * postfix; + + int (*exp_func)(krb5_context, PTYPE, const char *, char **); + +#define SPECIALP(f, P) FTYPE_SPECIAL, 0, P, f +#define SPECIAL(f) SPECIALP(f, NULL) + +} tokens[] = { +#ifdef _WIN32 +#define CSIDLP(C,P) FTYPE_CSIDL, C, P, _expand_csidl +#define CSIDL(C) CSIDLP(C, NULL) + + {"APPDATA", CSIDL(CSIDL_APPDATA)}, /* Roaming application data (for current user) */ + {"COMMON_APPDATA", CSIDL(CSIDL_COMMON_APPDATA)}, /* Application data (all users) */ + {"LOCAL_APPDATA", CSIDL(CSIDL_LOCAL_APPDATA)}, /* Local application data (for current user) */ + {"SYSTEM", CSIDL(CSIDL_SYSTEM)}, /* Windows System folder (e.g. %WINDIR%\System32) */ + {"WINDOWS", CSIDL(CSIDL_WINDOWS)}, /* Windows folder */ + {"USERCONFIG", CSIDLP(CSIDL_APPDATA, "\\" PACKAGE)}, /* Per user Heimdal configuration file path */ + {"COMMONCONFIG", CSIDLP(CSIDL_COMMON_APPDATA, "\\" PACKAGE)}, /* Common Heimdal configuration file path */ + {"LIBDIR", SPECIAL(_expand_bin_dir)}, + {"BINDIR", SPECIAL(_expand_bin_dir)}, + {"LIBEXEC", SPECIAL(_expand_bin_dir)}, + {"SBINDIR", SPECIAL(_expand_bin_dir)}, +#else + {"LIBDIR", FTYPE_SPECIAL, 0, LIBDIR, _expand_path}, + {"BINDIR", FTYPE_SPECIAL, 0, BINDIR, _expand_path}, + {"LIBEXEC", FTYPE_SPECIAL, 0, LIBEXECDIR, _expand_path}, + {"SBINDIR", FTYPE_SPECIAL, 0, SBINDIR, _expand_path}, +#endif + {"TEMP", SPECIAL(_expand_temp_folder)}, + {"USERID", SPECIAL(_expand_userid)}, + {"uid", SPECIAL(_expand_userid)}, + {"null", SPECIAL(_expand_null)} +}; + +static int +_expand_token(krb5_context context, + const char *token, + const char *token_end, + char **ret) +{ + size_t i; + + *ret = NULL; + + if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' || + token_end - token <= 2) { + if (context) + krb5_set_error_message(context, EINVAL,"Invalid token."); + return EINVAL; + } + + for (i = 0; i < sizeof(tokens)/sizeof(tokens[0]); i++) { + if (!strncmp(token+2, tokens[i].tok, (token_end - token) - 2)) + return tokens[i].exp_func(context, tokens[i].param, + tokens[i].postfix, ret); + } + + if (context) + krb5_set_error_message(context, EINVAL, "Invalid token."); + return EINVAL; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_path_tokens(krb5_context context, + const char *path_in, + char **ppath_out) +{ + char *tok_begin, *tok_end, *append; + const char *path_left; + size_t len = 0; + + if (path_in == NULL || *path_in == '\0') { + *ppath_out = strdup(""); + return 0; + } + + *ppath_out = NULL; + + for (path_left = path_in; path_left && *path_left; ) { + + tok_begin = strstr(path_left, "%{"); + + if (tok_begin && tok_begin != path_left) { + + append = malloc((tok_begin - path_left) + 1); + if (append) { + memcpy(append, path_left, tok_begin - path_left); + append[tok_begin - path_left] = '\0'; + } + path_left = tok_begin; + + } else if (tok_begin) { + + tok_end = strchr(tok_begin, '}'); + if (tok_end == NULL) { + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + if (context) + krb5_set_error_message(context, EINVAL, "variable missing }"); + return EINVAL; + } + + if (_expand_token(context, tok_begin, tok_end, &append)) { + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + return EINVAL; + } + + path_left = tok_end + 1; + } else { + + append = strdup(path_left); + path_left = NULL; + + } + + if (append == NULL) { + + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + if (context) + krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + return ENOMEM; + + } + + { + size_t append_len = strlen(append); + char * new_str = realloc(*ppath_out, len + append_len + 1); + + if (new_str == NULL) { + free(append); + if (*ppath_out) + free(*ppath_out); + *ppath_out = NULL; + if (context) + krb5_set_error_message(context, ENOMEM, "malloc - out of memory"); + return ENOMEM; + } + + *ppath_out = new_str; + memcpy(*ppath_out + len, append, append_len + 1); + len = len + append_len; + free(append); + } + } + +#ifdef _WIN32 + /* Also deal with slashes */ + if (*ppath_out) { + char * c; + for (c = *ppath_out; *c; c++) + if (*c == '/') + *c = '\\'; + } +#endif + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c index 3857b58bf67..731f2934146 100644 --- a/crypto/heimdal/lib/krb5/fcache.c +++ b/crypto/heimdal/lib/krb5/fcache.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: fcache.c 22522 2008-01-24 11:56:25Z lha $"); - typedef struct krb5_fcache{ char *filename; int version; @@ -58,10 +58,13 @@ struct fcc_cursor { #define FCC_CURSOR(C) ((struct fcc_cursor*)(C)) -static const char* +static const char* KRB5_CALLCONV fcc_get_name(krb5_context context, krb5_ccache id) { + if (FCACHE(id) == NULL) + return NULL; + return FILENAME(id); } @@ -90,17 +93,22 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, case 0: break; case EINVAL: /* filesystem doesn't support locking, let the user have it */ - ret = 0; + ret = 0; break; case EAGAIN: - krb5_set_error_string(context, "timed out locking cache file %s", - filename); + krb5_set_error_message(context, ret, + N_("timed out locking cache file %s", "file"), + filename); break; - default: - krb5_set_error_string(context, "error locking cache file %s: %s", - filename, strerror(ret)); + default: { + char buf[128]; + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, + N_("error locking cache file %s: %s", + "file, error"), filename, buf); break; } + } return ret; } @@ -124,42 +132,72 @@ _krb5_xunlock(krb5_context context, int fd) case 0: break; case EINVAL: /* filesystem doesn't support locking, let the user have it */ - ret = 0; + ret = 0; break; - default: - krb5_set_error_string(context, - "Failed to unlock file: %s", strerror(ret)); + default: { + char buf[128]; + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, + N_("Failed to unlock file: %s", ""), buf); break; } + } return ret; } static krb5_error_code +write_storage(krb5_context context, krb5_storage *sp, int fd) +{ + krb5_error_code ret; + krb5_data data; + ssize_t sret; + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + return ret; + } + sret = write(fd, data.data, data.length); + ret = (sret != (ssize_t)data.length); + krb5_data_free(&data); + if (ret) { + ret = errno; + krb5_set_error_message(context, ret, + N_("Failed to write FILE credential data", "")); + return ret; + } + return 0; +} + + +static krb5_error_code KRB5_CALLCONV fcc_lock(krb5_context context, krb5_ccache id, int fd, krb5_boolean exclusive) { return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id)); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_unlock(krb5_context context, int fd) { return _krb5_xunlock(context, fd); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) { krb5_fcache *f; f = malloc(sizeof(*f)); if(f == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } f->filename = strdup(res); if(f->filename == NULL){ free(f); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } f->version = 0; @@ -185,13 +223,17 @@ scrub_file (int fd) return errno; memset(buf, 0, sizeof(buf)); while(pos > 0) { - ssize_t tmp = write(fd, buf, min(sizeof(buf), pos)); + ssize_t tmp = write(fd, buf, min((off_t)sizeof(buf), pos)); if (tmp < 0) return errno; pos -= tmp; } +#ifdef _MSC_VER + _commit (fd); +#else fsync (fd); +#endif return 0; } @@ -202,8 +244,8 @@ scrub_file (int fd) * hardlink) */ -static krb5_error_code -erase_file(const char *filename) +krb5_error_code +_krb5_erase_file(krb5_context context, const char *filename) { int fd; struct stat sb1, sb2; @@ -220,12 +262,20 @@ erase_file(const char *filename) else return errno; } + rk_cloexec(fd); + ret = _krb5_xlock(context, fd, 1, filename); + if (ret) { + close(fd); + return ret; + } if (unlink(filename) < 0) { + _krb5_xunlock(context, fd); close (fd); return errno; } ret = fstat (fd, &sb2); if (ret < 0) { + _krb5_xunlock(context, fd); close (fd); return errno; } @@ -233,6 +283,7 @@ erase_file(const char *filename) /* check if someone was playing with symlinks */ if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) { + _krb5_xunlock(context, fd); close (fd); return EPERM; } @@ -240,43 +291,60 @@ erase_file(const char *filename) /* there are still hard links to this file */ if (sb2.st_nlink != 0) { + _krb5_xunlock(context, fd); close (fd); return 0; } ret = scrub_file (fd); + if (ret) { + _krb5_xunlock(context, fd); + close(fd); + return ret; + } + ret = _krb5_xunlock(context, fd); close (fd); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_gen_new(krb5_context context, krb5_ccache *id) { + char *file = NULL, *exp_file = NULL; + krb5_error_code ret; krb5_fcache *f; int fd; - char *file; f = malloc(sizeof(*f)); if(f == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } - asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); - if(file == NULL) { + ret = asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); + if(ret < 0 || file == NULL) { free(f); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } - fd = mkstemp(file); - if(fd < 0) { - int ret = errno; - krb5_set_error_string(context, "mkstemp %s", file); - free(f); - free(file); + ret = _krb5_expand_path_tokens(context, file, &exp_file); + free(file); + if (ret) return ret; + + file = exp_file; + + fd = mkstemp(exp_file); + if(fd < 0) { + int xret = errno; + krb5_set_error_message(context, xret, N_("mkstemp %s failed", ""), exp_file); + free(f); + free(exp_file); + return xret; } close(fd); - f->filename = file; + f->filename = exp_file; f->version = 0; (*id)->data.data = f; (*id)->data.length = sizeof(*f); @@ -302,13 +370,13 @@ storage_set_flags(krb5_context context, krb5_storage *sp, int vno) case KRB5_FCC_FVNO_4: break; default: - krb5_abortx(context, + krb5_abortx(context, "storage_set_flags called with bad vno (%x)", vno); } krb5_storage_set_flags(sp, flags); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_open(krb5_context context, krb5_ccache id, int *fd_ret, @@ -318,16 +386,25 @@ fcc_open(krb5_context context, krb5_boolean exclusive = ((flags | O_WRONLY) == flags || (flags | O_RDWR) == flags); krb5_error_code ret; - const char *filename = FILENAME(id); + const char *filename; int fd; + + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + + filename = FILENAME(id); + fd = open(filename, flags, mode); if(fd < 0) { + char buf[128]; ret = errno; - krb5_set_error_string(context, "open(%s): %s", filename, - strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), + filename, buf); return ret; } - + rk_cloexec(fd); + if((ret = fcc_lock(context, id, fd, exclusive)) != 0) { close(fd); return ret; @@ -336,7 +413,7 @@ fcc_open(krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) @@ -344,16 +421,18 @@ fcc_initialize(krb5_context context, krb5_fcache *f = FCACHE(id); int ret = 0; int fd; - char *filename = f->filename; - unlink (filename); - - ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (f == NULL) + return krb5_einval(context, 2); + + unlink (f->filename); + + ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) return ret; { - krb5_storage *sp; - sp = krb5_storage_from_fd(fd); + krb5_storage *sp; + sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); if(context->fcache_vno != 0) f->version = context->fcache_vno; @@ -375,37 +454,47 @@ fcc_initialize(krb5_context context, } } ret |= krb5_store_principal(sp, primary_principal); - + + ret |= write_storage(context, sp, fd); + krb5_storage_free(sp); } fcc_unlock(context, fd); if (close(fd) < 0) if (ret == 0) { + char buf[128]; ret = errno; - krb5_set_error_string (context, "close %s: %s", - FILENAME(id), strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message (context, ret, N_("close %s: %s", ""), + FILENAME(id), buf); } return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_close(krb5_context context, krb5_ccache id) { + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + free (FILENAME(id)); krb5_data_free(&id->data); return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_destroy(krb5_context context, krb5_ccache id) { - erase_file(FILENAME(id)); + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + + _krb5_erase_file(context, FILENAME(id)); return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) @@ -413,12 +502,13 @@ fcc_store_cred(krb5_context context, int ret; int fd; - ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; { krb5_storage *sp; - sp = krb5_storage_from_fd(fd); + + sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); storage_set_flags(context, sp, FCACHE(id)->version); if (!krb5_config_get_bool_default(context, NULL, TRUE, @@ -427,15 +517,20 @@ fcc_store_cred(krb5_context context, NULL)) krb5_storage_set_flags(sp, KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER); ret = krb5_store_creds(sp, creds); + if (ret == 0) + ret = write_storage(context, sp, fd); krb5_storage_free(sp); } fcc_unlock(context, fd); - if (close(fd) < 0) + if (close(fd) < 0) { if (ret == 0) { + char buf[128]; + rk_strerror_r(ret, buf, sizeof(buf)); ret = errno; - krb5_set_error_string (context, "close %s: %s", - FILENAME(id), strerror(ret)); + krb5_set_error_message (context, ret, N_("close %s: %s", ""), + FILENAME(id), buf); } + } return ret; } @@ -443,20 +538,24 @@ static krb5_error_code init_fcc (krb5_context context, krb5_ccache id, krb5_storage **ret_sp, - int *ret_fd) + int *ret_fd, + krb5_deltat *kdc_offset) { int fd; int8_t pvno, tag; krb5_storage *sp; krb5_error_code ret; - ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0); + if (kdc_offset) + *kdc_offset = 0; + + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; - + sp = krb5_storage_from_fd(fd); if(sp == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -464,25 +563,28 @@ init_fcc (krb5_context context, ret = krb5_ret_int8(sp, &pvno); if(ret != 0) { if(ret == KRB5_CC_END) { - krb5_set_error_string(context, "Empty credential cache file: %s", - FILENAME(id)); ret = ENOENT; + krb5_set_error_message(context, ret, + N_("Empty credential cache file: %s", ""), + FILENAME(id)); } else - krb5_set_error_string(context, "Error reading pvno in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, N_("Error reading pvno " + "in cache file: %s", ""), + FILENAME(id)); goto out; } if(pvno != 5) { - krb5_set_error_string(context, "Bad version number in credential " - "cache file: %s", FILENAME(id)); ret = KRB5_CCACHE_BADVNO; + krb5_set_error_message(context, ret, N_("Bad version number in credential " + "cache file: %s", ""), + FILENAME(id)); goto out; } ret = krb5_ret_int8(sp, &tag); /* should not be host byte order */ if(ret != 0) { - krb5_set_error_string(context, "Error reading tag in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, "Error reading tag in " + "cache file: %s", FILENAME(id)); goto out; } FCACHE(id)->version = tag; @@ -494,8 +596,9 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &length); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_string(context, "Error reading tag length in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, + N_("Error reading tag length in " + "cache file: %s", ""), FILENAME(id)); goto out; } while(length > 0) { @@ -505,43 +608,49 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &dtag); if(ret) { - krb5_set_error_string(context, "Error reading dtag in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, N_("Error reading dtag in " + "cache file: %s", ""), + FILENAME(id)); goto out; } ret = krb5_ret_int16 (sp, &data_len); if(ret) { - krb5_set_error_string(context, "Error reading dlength in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, + N_("Error reading dlength " + "in cache file: %s",""), + FILENAME(id)); goto out; } switch (dtag) { - case FCC_TAG_DELTATIME : - ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); + case FCC_TAG_DELTATIME : { + int32_t offset; + + ret = krb5_ret_int32 (sp, &offset); + ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset); if(ret) { - krb5_set_error_string(context, "Error reading kdc_sec in " - "cache file: %s", FILENAME(id)); - ret = KRB5_CC_FORMAT; - goto out; - } - ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); - if(ret) { - krb5_set_error_string(context, "Error reading kdc_usec in " - "cache file: %s", FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, + N_("Error reading kdc_sec in " + "cache file: %s", ""), + FILENAME(id)); goto out; } + context->kdc_sec_offset = offset; + if (kdc_offset) + *kdc_offset = offset; break; + } default : for (i = 0; i < data_len; ++i) { ret = krb5_ret_int8 (sp, &dummy); if(ret) { - krb5_set_error_string(context, "Error reading unknown " - "tag in cache file: %s", - FILENAME(id)); ret = KRB5_CC_FORMAT; + krb5_set_error_message(context, ret, + N_("Error reading unknown " + "tag in cache file: %s", ""), + FILENAME(id)); goto out; } } @@ -557,14 +666,15 @@ init_fcc (krb5_context context, break; default : ret = KRB5_CCACHE_BADVNO; - krb5_set_error_string(context, "Unknown version number (%d) in " - "credential cache file: %s", - (int)tag, FILENAME(id)); + krb5_set_error_message(context, ret, + N_("Unknown version number (%d) in " + "credential cache file: %s", ""), + (int)tag, FILENAME(id)); goto out; } *ret_sp = sp; *ret_fd = fd; - + return 0; out: if(sp != NULL) @@ -574,7 +684,7 @@ init_fcc (krb5_context context, return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) @@ -583,24 +693,24 @@ fcc_get_principal(krb5_context context, int fd; krb5_storage *sp; - ret = init_fcc (context, id, &sp, &fd); + ret = init_fcc (context, id, &sp, &fd, NULL); if (ret) return ret; ret = krb5_ret_principal(sp, principal); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_storage_free(sp); fcc_unlock(context, fd); close(fd); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor); -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_get_first (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) @@ -608,15 +718,18 @@ fcc_get_first (krb5_context context, krb5_error_code ret; krb5_principal principal; + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + *cursor = malloc(sizeof(struct fcc_cursor)); if (*cursor == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memset(*cursor, 0, sizeof(struct fcc_cursor)); - ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, - &FCC_CURSOR(*cursor)->fd); + ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, + &FCC_CURSOR(*cursor)->fd, NULL); if (ret) { free(*cursor); *cursor = NULL; @@ -624,7 +737,7 @@ fcc_get_first (krb5_context context, } ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); fcc_end_get(context, id, cursor); return ret; } @@ -633,29 +746,43 @@ fcc_get_first (krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_error_code ret; + + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + + if (FCC_CURSOR(*cursor) == NULL) + return krb5_einval(context, 3); + if((ret = fcc_lock(context, id, FCC_CURSOR(*cursor)->fd, FALSE)) != 0) return ret; ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); fcc_unlock(context, FCC_CURSOR(*cursor)->fd); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { + + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + + if (FCC_CURSOR(*cursor) == NULL) + return krb5_einval(context, 3); + krb5_storage_free(FCC_CURSOR(*cursor)->sp); close (FCC_CURSOR(*cursor)->fd); free(*cursor); @@ -663,16 +790,21 @@ fcc_end_get (krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, krb5_creds *cred) { krb5_error_code ret; - krb5_ccache copy; + krb5_ccache copy, newfile; + char *newname = NULL; + int fd; - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, ©); + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, ©); if (ret) return ret; @@ -688,49 +820,86 @@ fcc_remove_cred(krb5_context context, return ret; } - fcc_destroy(context, id); + ret = asprintf(&newname, "FILE:%s.XXXXXX", FILENAME(id)); + if (ret < 0 || newname == NULL) { + krb5_cc_destroy(context, copy); + return ENOMEM; + } - ret = krb5_cc_copy_cache(context, copy, id); + fd = mkstemp(&newname[5]); + if (fd < 0) { + ret = errno; + krb5_cc_destroy(context, copy); + return ret; + } + close(fd); + + ret = krb5_cc_resolve(context, newname, &newfile); + if (ret) { + unlink(&newname[5]); + free(newname); + krb5_cc_destroy(context, copy); + return ret; + } + + ret = krb5_cc_copy_cache(context, copy, newfile); krb5_cc_destroy(context, copy); + if (ret) { + free(newname); + krb5_cc_destroy(context, newfile); + return ret; + } + + ret = rk_rename(&newname[5], FILENAME(id)); + if (ret) + ret = errno; + free(newname); + krb5_cc_close(context, newfile); return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { + if (FCACHE(id) == NULL) + return krb5_einval(context, 2); + return 0; /* XXX */ } -static krb5_error_code +static int KRB5_CALLCONV fcc_get_version(krb5_context context, krb5_ccache id) { + if (FCACHE(id) == NULL) + return -1; + return FCACHE(id)->version; } - + struct fcache_iter { int first; }; -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) { struct fcache_iter *iter; iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; - } + } iter->first = 1; *cursor = iter; return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) { struct fcache_iter *iter = cursor; @@ -738,47 +907,68 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) const char *fn; char *expandedfn = NULL; + if (iter == NULL) + return krb5_einval(context, 2); + if (!iter->first) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_CC_END; } iter->first = 0; fn = krb5_cc_default_name(context); - if (strncasecmp(fn, "FILE:", 5) != 0) { - ret = _krb5_expand_default_cc_name(context, + if (fn == NULL || strncasecmp(fn, "FILE:", 5) != 0) { + ret = _krb5_expand_default_cc_name(context, KRB5_DEFAULT_CCNAME_FILE, &expandedfn); if (ret) return ret; + fn = expandedfn; + } + /* check if file exists, don't return a non existant "next" */ + if (strncasecmp(fn, "FILE:", 5) == 0) { + struct stat sb; + ret = stat(fn + 5, &sb); + if (ret) { + ret = KRB5_CC_END; + goto out; + } } ret = krb5_cc_resolve(context, fn, id); + out: if (expandedfn) free(expandedfn); - + return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) { struct fcache_iter *iter = cursor; + + if (iter == NULL) + return krb5_einval(context, 2); + free(iter); return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_error_code ret = 0; - ret = rename(FILENAME(from), FILENAME(to)); + ret = rk_rename(FILENAME(from), FILENAME(to)); + if (ret && errno != EXDEV) { + char buf[128]; ret = errno; - krb5_set_error_string(context, - "Rename of file from %s to %s failed: %s", - FILENAME(from), FILENAME(to), - strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, + N_("Rename of file from %s " + "to %s failed: %s", ""), + FILENAME(from), FILENAME(to), buf); return ret; } else if (ret && errno == EXDEV) { /* make a copy and delete the orignal */ @@ -786,14 +976,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) int fd1, fd2; char buf[BUFSIZ]; - ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; unlink(FILENAME(to)); - ret = fcc_open(context, to, &fd2, - O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600); + ret = fcc_open(context, to, &fd2, + O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) goto out1; @@ -801,21 +991,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) sz2 = write(fd2, buf, sz1); if (sz1 != sz2) { ret = EIO; - krb5_set_error_string(context, - "Failed to write data from one file " - "credential cache to the other"); + krb5_set_error_message(context, ret, + N_("Failed to write data from one file " + "credential cache to the other", "")); goto out2; } } if (sz1 < 0) { ret = EIO; - krb5_set_error_string(context, - "Failed to read data from one file " - "credential cache to the other"); + krb5_set_error_message(context, ret, + N_("Failed to read data from one file " + "credential cache to the other", "")); goto out2; } - erase_file(FILENAME(from)); - out2: fcc_unlock(context, fd2); close(fd2); @@ -824,8 +1012,10 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) fcc_unlock(context, fd1); close(fd1); + _krb5_erase_file(context, FILENAME(from)); + if (ret) { - erase_file(FILENAME(to)); + _krb5_erase_file(context, FILENAME(to)); return ret; } } @@ -834,29 +1024,78 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_storage *sp; int fd; - ret = init_fcc (context, to, &sp, &fd); - krb5_storage_free(sp); - fcc_unlock(context, fd); - close(fd); - } + if ((ret = init_fcc (context, to, &sp, &fd, NULL)) == 0) { + if (sp) + krb5_storage_free(sp); + fcc_unlock(context, fd); + close(fd); + } + } + + fcc_close(context, from); + return ret; } -static krb5_error_code -fcc_default_name(krb5_context context, char **str) +static krb5_error_code KRB5_CALLCONV +fcc_get_default_name(krb5_context context, char **str) { - return _krb5_expand_default_cc_name(context, + return _krb5_expand_default_cc_name(context, KRB5_DEFAULT_CCNAME_FILE, str); } +static krb5_error_code KRB5_CALLCONV +fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + krb5_error_code ret; + struct stat sb; + int fd; + + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); + if(ret) + return ret; + ret = fstat(fd, &sb); + close(fd); + if (ret) { + ret = errno; + krb5_set_error_message(context, ret, N_("Failed to stat cache file", "")); + return ret; + } + *mtime = sb.st_mtime; + return 0; +} + +static krb5_error_code KRB5_CALLCONV +fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) +{ + return 0; +} + +static krb5_error_code KRB5_CALLCONV +fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) +{ + krb5_error_code ret; + krb5_storage *sp = NULL; + int fd; + ret = init_fcc(context, id, &sp, &fd, kdc_offset); + if (sp) + krb5_storage_free(sp); + fcc_unlock(context, fd); + close(fd); + + return ret; +} + + /** * Variable containing the FILE based credential cache implemention. * * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_fcc_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = { + KRB5_CC_OPS_VERSION, "FILE", fcc_get_name, fcc_resolve, @@ -877,5 +1116,9 @@ const krb5_cc_ops krb5_fcc_ops = { fcc_get_cache_next, fcc_end_cache_get, fcc_move, - fcc_default_name + fcc_get_default_name, + NULL, + fcc_lastchange, + fcc_set_kdc_offset, + fcc_get_kdc_offset }; diff --git a/crypto/heimdal/lib/krb5/free.c b/crypto/heimdal/lib/krb5/free.c index 1b0bd05412f..5bb33b443cb 100644 --- a/crypto/heimdal/lib/krb5/free.c +++ b/crypto/heimdal/lib/krb5/free.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) { free_KDC_REP(&rep->kdc_rep); @@ -45,7 +43,7 @@ krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_xfree (void *ptr) { free (ptr); diff --git a/crypto/heimdal/lib/krb5/free_host_realm.c b/crypto/heimdal/lib/krb5/free_host_realm.c index 6b13ce7d0e0..0932674e9be 100644 --- a/crypto/heimdal/lib/krb5/free_host_realm.c +++ b/crypto/heimdal/lib/krb5/free_host_realm.c @@ -1,45 +1,50 @@ /* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); - -/* +/** * Free all memory allocated by `realmlist' + * + * @param context A Kerberos 5 context. + * @param realmlist realmlist to free, NULL is ok + * + * @return a Kerberos error code, always 0. + * + * @ingroup krb5_support */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm(krb5_context context, krb5_realm *realmlist) { diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c index 8a04f048c8c..6001d692613 100644 --- a/crypto/heimdal/lib/krb5/generate_seq_number.c +++ b/crypto/heimdal/lib/krb5/generate_seq_number.c @@ -1,62 +1,48 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, uint32_t *seqno) { - krb5_error_code ret; - krb5_keyblock *subkey; - uint32_t q; - u_char *p; - int i; - - ret = krb5_generate_subkey (context, key, &subkey); - if (ret) - return ret; - - q = 0; - for (p = (u_char *)subkey->keyvalue.data, i = 0; - i < subkey->keyvalue.length; - ++i, ++p) - q = (q << 8) | *p; - q &= 0xffffffff; - *seqno = q; - krb5_free_keyblock (context, subkey); + if (RAND_bytes((void *)seqno, sizeof(*seqno)) <= 0) + krb5_abortx(context, "Failed to generate random block"); + /* MIT used signed numbers, lets not stomp into that space directly */ + *seqno &= 0x3fffffff; + if (*seqno == 0) + *seqno = 1; return 0; } diff --git a/crypto/heimdal/lib/krb5/generate_subkey.c b/crypto/heimdal/lib/krb5/generate_subkey.c index fb99cbbf3f7..e09dc2a9168 100644 --- a/crypto/heimdal/lib/krb5/generate_subkey.c +++ b/crypto/heimdal/lib/krb5/generate_subkey.c @@ -1,49 +1,52 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: generate_subkey.c 14455 2005-01-05 02:39:21Z lukeh $"); +/** + * Generate subkey, from keyblock + * + * @param context kerberos context + * @param key session key + * @param etype encryption type of subkey, if ETYPE_NULL, use key's enctype + * @param subkey returned new, free with krb5_free_keyblock(). + * + * @return 0 on success or a Kerberos 5 error code + * +* @ingroup krb5_crypto + */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_subkey(krb5_context context, - const krb5_keyblock *key, - krb5_keyblock **subkey) -{ - return krb5_generate_subkey_extended(context, key, key->keytype, subkey); -} - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -53,7 +56,7 @@ krb5_generate_subkey_extended(krb5_context context, ALLOC(*subkey, 1); if (*subkey == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM,N_("malloc: out of memory", "")); return ENOMEM; } diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c index a7fd2ea84b1..0e2bfcf66f9 100644 --- a/crypto/heimdal/lib/krb5/get_addrs.c +++ b/crypto/heimdal/lib/krb5/get_addrs.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: get_addrs.c 13863 2004-05-25 21:46:46Z lha $"); - #ifdef __osf__ /* hate */ struct rtentry; @@ -54,20 +52,20 @@ gethostname_fallback (krb5_context context, krb5_addresses *res) if (gethostname (hostname, sizeof(hostname))) { ret = errno; - krb5_set_error_string (context, "gethostname: %s", strerror(ret)); + krb5_set_error_message(context, ret, "gethostname: %s", strerror(ret)); return ret; } hostent = roken_gethostbyname (hostname); if (hostent == NULL) { ret = errno; - krb5_set_error_string (context, "gethostbyname %s: %s", - hostname, strerror(ret)); + krb5_set_error_message (context, ret, "gethostbyname %s: %s", + hostname, strerror(ret)); return ret; } res->len = 1; res->val = malloc (sizeof(*res->val)); if (res->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } res->val[0].addr_type = hostent->h_addrtype; @@ -84,8 +82,8 @@ gethostname_fallback (krb5_context context, krb5_addresses *res) } enum { - LOOP = 1, /* do include loopback interfaces */ - LOOP_IF_NONE = 2, /* include loopback if no other if's */ + LOOP = 1, /* do include loopback addrs */ + LOOP_IF_NONE = 2, /* include loopback addrs if no others */ EXTRA_ADDRESSES = 4, /* include extra addresses */ SCAN_INTERFACES = 8 /* scan interfaces for addresses */ }; @@ -100,15 +98,13 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) { struct sockaddr sa_zero; struct ifaddrs *ifa0, *ifa; - krb5_error_code ret = ENXIO; - int num, idx; + krb5_error_code ret = ENXIO; + unsigned int num, idx; krb5_addresses ignore_addresses; - res->val = NULL; - if (getifaddrs(&ifa0) == -1) { ret = errno; - krb5_set_error_string(context, "getifaddrs: %s", strerror(ret)); + krb5_set_error_message(context, ret, "getifaddrs: %s", strerror(ret)); return (ret); } @@ -120,7 +116,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) if (num == 0) { freeifaddrs(ifa0); - krb5_set_error_string(context, "no addresses found"); + krb5_set_error_message(context, ENXIO, N_("no addresses found", "")); return (ENXIO); } @@ -136,8 +132,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) if (res->val == NULL) { krb5_free_addresses(context, &ignore_addresses); freeifaddrs(ifa0); - krb5_set_error_string (context, "malloc: out of memory"); - return (ENOMEM); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; } /* Now traverse the list. */ @@ -150,11 +146,9 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) continue; - if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { + if (krb5_sockaddr_is_loopback(ifa->ifa_addr) && (flags & LOOP) == 0) /* We'll deal with the LOOP_IF_NONE case later. */ - if ((flags & LOOP) == 0) - continue; - } + continue; ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]); if (ret) { @@ -167,7 +161,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; } /* possibly skip this address? */ - if((flags & EXTRA_ADDRESSES) && + if((flags & EXTRA_ADDRESSES) && krb5_address_search(context, &res->val[idx], &ignore_addresses)) { krb5_free_address(context, &res->val[idx]); flags &= ~LOOP_IF_NONE; /* we actually found an address, @@ -193,33 +187,32 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) continue; - - if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { - ret = krb5_sockaddr2address(context, - ifa->ifa_addr, &res->val[idx]); - if (ret) { - /* - * See comment above. - */ - continue; - } - if((flags & EXTRA_ADDRESSES) && - krb5_address_search(context, &res->val[idx], - &ignore_addresses)) { - krb5_free_address(context, &res->val[idx]); - continue; - } - idx++; + if (!krb5_sockaddr_is_loopback(ifa->ifa_addr)) + continue; + if ((ifa->ifa_flags & IFF_LOOPBACK) == 0) + /* Presumably loopback addrs are only used on loopback ifs! */ + continue; + ret = krb5_sockaddr2address(context, + ifa->ifa_addr, &res->val[idx]); + if (ret) + continue; /* We don't consider this failure fatal */ + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], + &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + continue; } + idx++; } } if (flags & EXTRA_ADDRESSES) krb5_free_addresses(context, &ignore_addresses); freeifaddrs(ifa0); - if (ret) + if (ret) { free(res->val); - else + res->val = NULL; + } else res->len = idx; /* Now a count. */ return (ret); } @@ -229,13 +222,14 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) { krb5_error_code ret = -1; + res->len = 0; + res->val = NULL; + if (flags & SCAN_INTERFACES) { ret = find_all_addresses (context, res, flags); if(ret || res->len == 0) ret = gethostname_fallback (context, res); } else { - res->len = 0; - res->val = NULL; ret = 0; } @@ -268,7 +262,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) * Only include loopback address if there are no other. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) { int flags = LOOP_IF_NONE | EXTRA_ADDRESSES; @@ -284,7 +278,7 @@ krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) * If that fails, we return the address corresponding to `hostname'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) { return get_addrs_int (context, res, LOOP | SCAN_INTERFACES); diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index ce0ec6d2928..e3bb23a2e9d 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -1,39 +1,45 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" +#include -RCSID("$Id: get_cred.c 21668 2007-07-22 11:28:05Z lha $"); +static krb5_error_code +get_cred_kdc_capath(krb5_context, krb5_kdc_flags, + krb5_ccache, krb5_creds *, krb5_principal, + Ticket *, krb5_creds **, krb5_creds ***); /* * Take the `body' and encode it into `padata' using the credentials @@ -41,16 +47,15 @@ RCSID("$Id: get_cred.c 21668 2007-07-22 11:28:05Z lha $"); */ static krb5_error_code -make_pa_tgs_req(krb5_context context, +make_pa_tgs_req(krb5_context context, krb5_auth_context ac, KDC_REQ_BODY *body, PA_DATA *padata, - krb5_creds *creds, - krb5_key_usage usage) + krb5_creds *creds) { u_char *buf; size_t buf_size; - size_t len; + size_t len = 0; krb5_data in_data; krb5_error_code ret; @@ -65,8 +70,7 @@ make_pa_tgs_req(krb5_context context, ret = _krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, - usage - /* KRB5_KU_TGS_REQ_AUTH */); + KRB5_KU_TGS_REQ_AUTH); out: free (buf); if(ret) @@ -83,10 +87,10 @@ static krb5_error_code set_auth_data (krb5_context context, KDC_REQ_BODY *req_body, krb5_authdata *authdata, - krb5_keyblock *key) + krb5_keyblock *subkey) { if(authdata->len) { - size_t len, buf_size; + size_t len = 0, buf_size; unsigned char *buf; krb5_crypto crypto; krb5_error_code ret; @@ -101,20 +105,20 @@ set_auth_data (krb5_context context, ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { free (buf); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - ret = krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, subkey, 0, &crypto); if (ret) { free (buf); free (req_body->enc_authorization_data); req_body->enc_authorization_data = NULL; return ret; } - krb5_encrypt_EncryptedData(context, + krb5_encrypt_EncryptedData(context, crypto, - KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, - /* KRB5_KU_TGS_REQ_AUTH_DAT_SESSION? */ + KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, buf, len, 0, @@ -125,7 +129,7 @@ set_auth_data (krb5_context context, req_body->enc_authorization_data = NULL; } return 0; -} +} /* * Create a tgs-req in `t' with `addresses', `flags', `second_ticket' @@ -144,9 +148,9 @@ init_tgs_req (krb5_context context, unsigned nonce, const METHOD_DATA *padata, krb5_keyblock **subkey, - TGS_REQ *t, - krb5_key_usage usage) + TGS_REQ *t) { + krb5_auth_context ac = NULL; krb5_error_code ret = 0; memset(t, 0, sizeof(*t)); @@ -156,15 +160,17 @@ init_tgs_req (krb5_context context, ALLOC_SEQ(&t->req_body.etype, 1); if(t->req_body.etype.val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } t->req_body.etype.val[0] = in_creds->session.keytype; } else { - ret = krb5_init_etype(context, - &t->req_body.etype.len, - &t->req_body.etype.val, - NULL); + ret = _krb5_init_etype(context, + KRB5_PDU_TGS_REQUEST, + &t->req_body.etype.len, + &t->req_body.etype.val, + NULL); } if (ret) goto fail; @@ -176,7 +182,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.sname, 1); if (t->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -192,107 +198,83 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.till, 1); if(t->req_body.till == NULL){ ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *t->req_body.till = in_creds->times.endtime; - + t->req_body.nonce = nonce; if(second_ticket){ ALLOC(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } ALLOC_SEQ(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets->val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } - ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); + ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); if (ret) goto fail; } ALLOC(t->padata, 1); if (t->padata == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } ALLOC_SEQ(t->padata, 1 + padata->len); if (t->padata->val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } { - int i; + size_t i; for (i = 0; i < padata->len; i++) { ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]); if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } } } - { - krb5_auth_context ac; - krb5_keyblock *key = NULL; + ret = krb5_auth_con_init(context, &ac); + if(ret) + goto fail; - ret = krb5_auth_con_init(context, &ac); - if(ret) - goto fail; + ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session); + if (ret) + goto fail; - if (krb5_config_get_bool_default(context, NULL, FALSE, - "realms", - krbtgt->server->realm, - "tgs_require_subkey", - NULL)) - { - ret = krb5_generate_subkey (context, &krbtgt->session, &key); - if (ret) { - krb5_auth_con_free (context, ac); - goto fail; - } + ret = set_auth_data (context, &t->req_body, &in_creds->authdata, + ac->local_subkey); + if (ret) + goto fail; - ret = krb5_auth_con_setlocalsubkey(context, ac, key); - if (ret) { - if (key) - krb5_free_keyblock (context, key); - krb5_auth_con_free (context, ac); - goto fail; - } - } + ret = make_pa_tgs_req(context, + ac, + &t->req_body, + &t->padata->val[0], + krbtgt); + if(ret) + goto fail; - ret = set_auth_data (context, &t->req_body, &in_creds->authdata, - key ? key : &krbtgt->session); - if (ret) { - if (key) - krb5_free_keyblock (context, key); - krb5_auth_con_free (context, ac); - goto fail; - } + ret = krb5_auth_con_getlocalsubkey(context, ac, subkey); + if (ret) + goto fail; - ret = make_pa_tgs_req(context, - ac, - &t->req_body, - &t->padata->val[0], - krbtgt, - usage); - if(ret) { - if (key) - krb5_free_keyblock (context, key); - krb5_auth_con_free(context, ac); - goto fail; - } - *subkey = key; - - krb5_auth_con_free(context, ac); - } fail: + if (ac) + krb5_auth_con_free(context, ac); if (ret) { t->req_body.addresses = NULL; free_TGS_REQ (t); @@ -315,7 +297,7 @@ _krb5_get_krbtgt(krb5_context context, if (ret) return ret; - ret = krb5_make_principal(context, + ret = krb5_make_principal(context, &tmp_cred.server, realm, KRB5_TGS_NAME, @@ -338,29 +320,27 @@ _krb5_get_krbtgt(krb5_context context, } /* DCE compatible decrypt proc */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV decrypt_tkt_with_subkey (krb5_context context, krb5_keyblock *key, krb5_key_usage usage, - krb5_const_pointer subkey, + krb5_const_pointer skey, krb5_kdc_rep *dec_rep) { - krb5_error_code ret; + const krb5_keyblock *subkey = skey; + krb5_error_code ret = 0; krb5_data data; size_t size; krb5_crypto crypto; - - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) - return ret; - ret = krb5_decrypt_EncryptedData (context, - crypto, - usage, - &dec_rep->kdc_rep.enc_part, - &data); - krb5_crypto_destroy(context, crypto); - if(ret && subkey){ - /* DCE compat -- try to decrypt with subkey */ + + assert(usage == 0); + + krb5_data_zero(&data); + + /* + * start out with trying with subkey if we have one + */ + if (subkey) { ret = krb5_crypto_init(context, subkey, 0, &crypto); if (ret) return ret; @@ -369,37 +349,59 @@ decrypt_tkt_with_subkey (krb5_context context, KRB5_KU_TGS_REP_ENC_PART_SUB_KEY, &dec_rep->kdc_rep.enc_part, &data); + /* + * If the is Windows 2000 DC, we need to retry with key usage + * 8 when doing ARCFOUR. + */ + if (ret && subkey->keytype == ETYPE_ARCFOUR_HMAC_MD5) { + ret = krb5_decrypt_EncryptedData(context, + crypto, + 8, + &dec_rep->kdc_rep.enc_part, + &data); + } + krb5_crypto_destroy(context, crypto); + } + if (subkey == NULL || ret) { + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + ret = krb5_decrypt_EncryptedData (context, + crypto, + KRB5_KU_TGS_REP_ENC_PART_SESSION, + &dec_rep->kdc_rep.enc_part, + &data); krb5_crypto_destroy(context, crypto); } if (ret) return ret; - - ret = krb5_decode_EncASRepPart(context, - data.data, + + ret = decode_EncASRepPart(data.data, + data.length, + &dec_rep->enc_part, + &size); + if (ret) + ret = decode_EncTGSRepPart(data.data, data.length, - &dec_rep->enc_part, + &dec_rep->enc_part, &size); if (ret) - ret = krb5_decode_EncTGSRepPart(context, - data.data, - data.length, - &dec_rep->enc_part, - &size); + krb5_set_error_message(context, ret, + N_("Failed to decode encpart in ticket", "")); krb5_data_free (&data); return ret; } static krb5_error_code -get_cred_kdc_usage(krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - krb5_creds *in_creds, - krb5_creds *krbtgt, - krb5_principal impersonate_principal, - Ticket *second_ticket, - krb5_creds *out_creds, - krb5_key_usage usage) +get_cred_kdc(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds *out_creds) { TGS_REQ req; krb5_data enc; @@ -409,10 +411,10 @@ get_cred_kdc_usage(krb5_context context, krb5_error_code ret; unsigned nonce; krb5_keyblock *subkey = NULL; - size_t len; + size_t len = 0; Ticket second_ticket_data; METHOD_DATA padata; - + krb5_data_zero(&resp); krb5_data_zero(&enc); padata.val = NULL; @@ -420,10 +422,10 @@ get_cred_kdc_usage(krb5_context context, krb5_generate_random_block(&nonce, sizeof(nonce)); nonce &= 0xffffffff; - + if(flags.b.enc_tkt_in_skey && second_ticket == NULL){ - ret = decode_Ticket(in_creds->second_ticket.data, - in_creds->second_ticket.length, + ret = decode_Ticket(in_creds->second_ticket.data, + in_creds->second_ticket.length, &second_ticket_data, &len); if(ret) return ret; @@ -436,12 +438,12 @@ get_cred_kdc_usage(krb5_context context, PA_S4U2Self self; krb5_data data; void *buf; - size_t size; + size_t size = 0; self.name = impersonate_principal->name; self.realm = impersonate_principal->realm; self.auth = estrdup("Kerberos"); - + ret = _krb5_s4u2self_to_checksumdata(context, &self, &data); if (ret) { free(self.auth); @@ -460,7 +462,7 @@ get_cred_kdc_usage(krb5_context context, KRB5_KU_OTHER_CKSUM, 0, data.data, - data.length, + data.length, &self.cksum); krb5_crypto_destroy(context, crypto); krb5_data_free(&data); @@ -476,8 +478,8 @@ get_cred_kdc_usage(krb5_context context, goto out; if (len != size) krb5_abortx(context, "internal asn1 error"); - - ret = krb5_padata_add(context, &padata, KRB5_PADATA_S4U2SELF, buf, len); + + ret = krb5_padata_add(context, &padata, KRB5_PADATA_FOR_USER, buf, len); if (ret) goto out; } @@ -491,14 +493,13 @@ get_cred_kdc_usage(krb5_context context, krbtgt, nonce, &padata, - &subkey, - &req, - usage); + &subkey, + &req); if (ret) goto out; ASN1_MALLOC_ENCODE(TGS_REQ, enc.data, enc.length, &req, &len, ret); - if (ret) + if (ret) goto out; if(enc.length != len) krb5_abortx(context, "internal error in ASN.1 encoder"); @@ -526,42 +527,48 @@ get_cred_kdc_usage(krb5_context context, goto out; memset(&rep, 0, sizeof(rep)); - if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0){ - ret = krb5_copy_principal(context, - in_creds->client, + if(decode_TGS_REP(resp.data, resp.length, &rep.kdc_rep, &len) == 0) { + unsigned eflags = 0; + + ret = krb5_copy_principal(context, + in_creds->client, &out_creds->client); if(ret) - goto out; - ret = krb5_copy_principal(context, - in_creds->server, + goto out2; + ret = krb5_copy_principal(context, + in_creds->server, &out_creds->server); if(ret) - goto out; + goto out2; /* this should go someplace else */ out_creds->times.endtime = in_creds->times.endtime; + /* XXX should do better testing */ + if (flags.b.constrained_delegation || impersonate_principal) + eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; + ret = _krb5_extract_ticket(context, &rep, out_creds, &krbtgt->session, NULL, - KRB5_KU_TGS_REP_ENC_PART_SESSION, + 0, &krbtgt->addresses, nonce, - EXTRACT_TICKET_ALLOW_CNAME_MISMATCH| - EXTRACT_TICKET_ALLOW_SERVER_MISMATCH, + eflags, decrypt_tkt_with_subkey, subkey); + out2: krb5_free_kdc_rep(context, &rep); } else if(krb5_rd_error(context, &resp, &error) == 0) { ret = krb5_error_from_rd_error(context, &error, in_creds); krb5_free_error_contents(context, &error); - } else if(resp.data && ((char*)resp.data)[0] == 4) { + } else if(resp.length > 0 && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; - krb5_clear_error_string(context); + krb5_clear_error_message(context); } else { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string(context); + krb5_clear_error_message(context); } out: @@ -570,62 +577,58 @@ out: free_METHOD_DATA(&padata); krb5_data_free(&resp); krb5_data_free(&enc); - if(subkey){ - krb5_free_keyblock_contents(context, subkey); - free(subkey); - } + if(subkey) + krb5_free_keyblock(context, subkey); return ret; - + } +/* + * same as above, just get local addresses first if the krbtgt have + * them and the realm is not addressless + */ + static krb5_error_code -get_cred_kdc(krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - krb5_creds *in_creds, - krb5_creds *krbtgt, - krb5_principal impersonate_principal, - Ticket *second_ticket, - krb5_creds *out_creds) +get_cred_kdc_address(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addrs, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds *out_creds) { krb5_error_code ret; + krb5_addresses addresses = { 0, NULL }; - ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, - krbtgt, impersonate_principal, second_ticket, - out_creds, KRB5_KU_TGS_REQ_AUTH); - if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - krb5_clear_error_string (context); - ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, - krbtgt, impersonate_principal, second_ticket, - out_creds, KRB5_KU_AP_REQ_AUTH); + /* + * Inherit the address-ness of the krbtgt if the address is not + * specified. + */ + + if (addrs == NULL && krbtgt->addresses.len != 0) { + krb5_boolean noaddr; + + krb5_appdefault_boolean(context, NULL, krbtgt->server->realm, + "no-addresses", FALSE, &noaddr); + + if (!noaddr) { + krb5_get_all_client_addrs(context, &addresses); + /* XXX this sucks. */ + addrs = &addresses; + if(addresses.len == 0) + addrs = NULL; + } } - return ret; -} - -/* same as above, just get local addresses first */ - -static krb5_error_code -get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, - krb5_creds *in_creds, krb5_creds *krbtgt, - krb5_principal impersonate_principal, Ticket *second_ticket, - krb5_creds *out_creds) -{ - krb5_error_code ret; - krb5_addresses addresses, *addrs = &addresses; - - krb5_get_all_client_addrs(context, &addresses); - /* XXX this sucks. */ - if(addresses.len == 0) - addrs = NULL; - ret = get_cred_kdc(context, id, flags, addrs, - in_creds, krbtgt, impersonate_principal, second_ticket, - out_creds); + ret = get_cred_kdc(context, id, flags, addrs, in_creds, + krbtgt, impersonate_principal, + second_ticket, out_creds); krb5_free_addresses(context, &addresses); return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_cred(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, @@ -640,7 +643,8 @@ krb5_get_kdc_cred(krb5_context context, *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = _krb5_get_krbtgt (context, @@ -649,29 +653,34 @@ krb5_get_kdc_cred(krb5_context context, &krbtgt); if(ret) { free(*out_creds); + *out_creds = NULL; return ret; } - ret = get_cred_kdc(context, id, flags, addresses, + ret = get_cred_kdc(context, id, flags, addresses, in_creds, krbtgt, NULL, NULL, *out_creds); krb5_free_creds (context, krbtgt); - if(ret) + if(ret) { free(*out_creds); + *out_creds = NULL; + } return ret; } -static void -not_found(krb5_context context, krb5_const_principal p) +static int +not_found(krb5_context context, krb5_const_principal p, krb5_error_code code) { krb5_error_code ret; char *str; ret = krb5_unparse_name(context, p, &str); if(ret) { - krb5_clear_error_string(context); - return; + krb5_clear_error_message(context); + return code; } - krb5_set_error_string(context, "Matching credential (%s) not found", str); + krb5_set_error_message(context, code, + N_("Matching credential (%s) not found", ""), str); free(str); + return code; } static krb5_error_code @@ -686,24 +695,23 @@ find_cred(krb5_context context, krb5_cc_clear_mcred(&mcreds); mcreds.server = server; - ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, + ret = krb5_cc_retrieve_cred(context, id, KRB5_TC_DONT_MATCH_REALM, &mcreds, out_creds); if(ret == 0) return 0; while(tgts && *tgts){ - if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, + if(krb5_compare_creds(context, KRB5_TC_DONT_MATCH_REALM, &mcreds, *tgts)){ ret = krb5_copy_creds_contents(context, *tgts, out_creds); return ret; } tgts++; } - not_found(context, server); - return KRB5_CC_NOTFOUND; + return not_found(context, server, KRB5_CC_NOTFOUND); } static krb5_error_code -add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) +add_cred(krb5_context context, krb5_creds const *tkt, krb5_creds ***tgts) { int i; krb5_error_code ret; @@ -712,7 +720,8 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) for(i = 0; tmp && tmp[i]; i++); /* XXX */ tmp = realloc(tmp, (i+2)*sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *tgts = tmp; @@ -721,6 +730,141 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) return ret; } +static krb5_error_code +get_cred_kdc_capath_worker(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_const_realm try_realm, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) +{ + krb5_error_code ret; + krb5_creds *tgt, tmp_creds; + krb5_const_realm client_realm, server_realm; + int ok_as_delegate = 1; + + *out_creds = NULL; + + client_realm = krb5_principal_get_realm(context, in_creds->client); + server_realm = krb5_principal_get_realm(context, in_creds->server); + memset(&tmp_creds, 0, sizeof(tmp_creds)); + ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client); + if(ret) + return ret; + + ret = krb5_make_principal(context, + &tmp_creds.server, + try_realm, + KRB5_TGS_NAME, + server_realm, + NULL); + if(ret){ + krb5_free_principal(context, tmp_creds.client); + return ret; + } + { + krb5_creds tgts; + + ret = find_cred(context, ccache, tmp_creds.server, + *ret_tgts, &tgts); + if(ret == 0){ + /* only allow implicit ok_as_delegate if the realm is the clients realm */ + if (strcmp(try_realm, client_realm) != 0 || strcmp(try_realm, server_realm) != 0) + ok_as_delegate = tgts.flags.b.ok_as_delegate; + + *out_creds = calloc(1, sizeof(**out_creds)); + if(*out_creds == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + } else { + ret = get_cred_kdc_address(context, ccache, flags, NULL, + in_creds, &tgts, + impersonate_principal, + second_ticket, + *out_creds); + if (ret) { + free (*out_creds); + *out_creds = NULL; + } else if (ok_as_delegate == 0) + (*out_creds)->flags.b.ok_as_delegate = 0; + } + krb5_free_cred_contents(context, &tgts); + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + } + if(krb5_realm_compare(context, in_creds->client, in_creds->server)) + return not_found(context, in_creds->server, KRB5_CC_NOTFOUND); + + /* XXX this can loop forever */ + while(1){ + heim_general_string tgt_inst; + + ret = get_cred_kdc_capath(context, flags, ccache, &tmp_creds, + NULL, NULL, &tgt, ret_tgts); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + /* + * if either of the chain or the ok_as_delegate was stripped + * by the kdc, make sure we strip it too. + */ + if (ok_as_delegate == 0 || tgt->flags.b.ok_as_delegate == 0) { + ok_as_delegate = 0; + tgt->flags.b.ok_as_delegate = 0; + } + + ret = add_cred(context, tgt, ret_tgts); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + tgt_inst = tgt->server->name.name_string.val[1]; + if(strcmp(tgt_inst, server_realm) == 0) + break; + krb5_free_principal(context, tmp_creds.server); + ret = krb5_make_principal(context, &tmp_creds.server, + tgt_inst, KRB5_TGS_NAME, server_realm, NULL); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + ret = krb5_free_creds(context, tgt); + if(ret) { + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + return ret; + } + } + + krb5_free_principal(context, tmp_creds.server); + krb5_free_principal(context, tmp_creds.client); + *out_creds = calloc(1, sizeof(**out_creds)); + if(*out_creds == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + } else { + ret = get_cred_kdc_address (context, ccache, flags, NULL, + in_creds, tgt, impersonate_principal, + second_ticket, *out_creds); + if (ret) { + free (*out_creds); + *out_creds = NULL; + } + } + krb5_free_creds(context, tgt); + return ret; +} + /* get_cred(server) creds = cc_get_cred(server) @@ -737,187 +881,243 @@ get_cred(server) */ static krb5_error_code -get_cred_from_kdc_flags(krb5_context context, - krb5_kdc_flags flags, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_principal impersonate_principal, - Ticket *second_ticket, - krb5_creds **out_creds, - krb5_creds ***ret_tgts) +get_cred_kdc_capath(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) { krb5_error_code ret; - krb5_creds *tgt, tmp_creds; krb5_const_realm client_realm, server_realm, try_realm; + client_realm = krb5_principal_get_realm(context, in_creds->client); + server_realm = krb5_principal_get_realm(context, in_creds->server); + + try_realm = client_realm; + ret = get_cred_kdc_capath_worker(context, flags, ccache, in_creds, try_realm, + impersonate_principal, second_ticket, out_creds, + ret_tgts); + + if (ret == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) { + try_realm = krb5_config_get_string(context, NULL, "capaths", + client_realm, server_realm, NULL); + + if (try_realm != NULL && strcmp(try_realm, client_realm)) { + ret = get_cred_kdc_capath_worker(context, flags, ccache, in_creds, + try_realm, impersonate_principal, + second_ticket, out_creds, ret_tgts); + } + } + + return ret; +} + +static krb5_error_code +get_cred_kdc_referral(krb5_context context, + krb5_kdc_flags flags, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, + krb5_creds **out_creds, + krb5_creds ***ret_tgts) +{ + krb5_const_realm client_realm; + krb5_error_code ret; + krb5_creds tgt, referral, ticket; + int loop = 0; + int ok_as_delegate = 1; + + if (in_creds->server->name.name_string.len < 2 && !flags.b.canonicalize) { + krb5_set_error_message(context, KRB5KDC_ERR_PATH_NOT_ACCEPTED, + N_("Name too short to do referals, skipping", "")); + return KRB5KDC_ERR_PATH_NOT_ACCEPTED; + } + + memset(&tgt, 0, sizeof(tgt)); + memset(&ticket, 0, sizeof(ticket)); + + flags.b.canonicalize = 1; + *out_creds = NULL; client_realm = krb5_principal_get_realm(context, in_creds->client); - server_realm = krb5_principal_get_realm(context, in_creds->server); - memset(&tmp_creds, 0, sizeof(tmp_creds)); - ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client); - if(ret) - return ret; - try_realm = krb5_config_get_string(context, NULL, "capaths", - client_realm, server_realm, NULL); - -#if 1 - /* XXX remove in future release */ - if(try_realm == NULL) - try_realm = krb5_config_get_string(context, NULL, "libdefaults", - "capath", server_realm, NULL); -#endif - - if (try_realm == NULL) - try_realm = client_realm; - - ret = krb5_make_principal(context, - &tmp_creds.server, - try_realm, - KRB5_TGS_NAME, - server_realm, - NULL); - if(ret){ - krb5_free_principal(context, tmp_creds.client); - return ret; - } + /* find tgt for the clients base realm */ { - krb5_creds tgts; - /* XXX try krb5_cc_retrieve_cred first? */ - ret = find_cred(context, ccache, tmp_creds.server, - *ret_tgts, &tgts); - if(ret == 0){ - *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - } else { - krb5_boolean noaddr; + krb5_principal tgtname; - krb5_appdefault_boolean(context, NULL, tgts.server->realm, - "no-addresses", FALSE, &noaddr); - - if (noaddr) - ret = get_cred_kdc(context, ccache, flags, NULL, - in_creds, &tgts, - impersonate_principal, - second_ticket, - *out_creds); - else - ret = get_cred_kdc_la(context, ccache, flags, - in_creds, &tgts, - impersonate_principal, - second_ticket, - *out_creds); - if (ret) { - free (*out_creds); - *out_creds = NULL; - } - } - krb5_free_cred_contents(context, &tgts); - krb5_free_principal(context, tmp_creds.server); - krb5_free_principal(context, tmp_creds.client); + ret = krb5_make_principal(context, &tgtname, + client_realm, + KRB5_TGS_NAME, + client_realm, + NULL); + if(ret) + return ret; + + ret = find_cred(context, ccache, tgtname, *ret_tgts, &tgt); + krb5_free_principal(context, tgtname); + if (ret) return ret; - } } - if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { - not_found(context, in_creds->server); - return KRB5_CC_NOTFOUND; - } - /* XXX this can loop forever */ - while(1){ - heim_general_string tgt_inst; - ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds, - NULL, NULL, &tgt, ret_tgts); - if(ret) { - krb5_free_principal(context, tmp_creds.server); - krb5_free_principal(context, tmp_creds.client); - return ret; - } - ret = add_cred(context, ret_tgts, tgt); - if(ret) { - krb5_free_principal(context, tmp_creds.server); - krb5_free_principal(context, tmp_creds.client); - return ret; - } - tgt_inst = tgt->server->name.name_string.val[1]; - if(strcmp(tgt_inst, server_realm) == 0) - break; - krb5_free_principal(context, tmp_creds.server); - ret = krb5_make_principal(context, &tmp_creds.server, - tgt_inst, KRB5_TGS_NAME, server_realm, NULL); - if(ret) { - krb5_free_principal(context, tmp_creds.server); - krb5_free_principal(context, tmp_creds.client); - return ret; - } - ret = krb5_free_creds(context, tgt); - if(ret) { - krb5_free_principal(context, tmp_creds.server); - krb5_free_principal(context, tmp_creds.client); - return ret; - } + referral = *in_creds; + ret = krb5_copy_principal(context, in_creds->server, &referral.server); + if (ret) { + krb5_free_cred_contents(context, &tgt); + return ret; + } + ret = krb5_principal_set_realm(context, referral.server, client_realm); + if (ret) { + krb5_free_cred_contents(context, &tgt); + krb5_free_principal(context, referral.server); + return ret; } - - krb5_free_principal(context, tmp_creds.server); - krb5_free_principal(context, tmp_creds.client); - *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - } else { - krb5_boolean noaddr; - krb5_appdefault_boolean(context, NULL, tgt->server->realm, - "no-addresses", KRB5_ADDRESSLESS_DEFAULT, - &noaddr); - if (noaddr) - ret = get_cred_kdc (context, ccache, flags, NULL, - in_creds, tgt, NULL, NULL, - *out_creds); - else - ret = get_cred_kdc_la(context, ccache, flags, - in_creds, tgt, NULL, NULL, - *out_creds); + while (loop++ < 17) { + krb5_creds **tickets; + krb5_creds mcreds; + char *referral_realm; + + /* Use cache if we are not doing impersonation or contrainte deleg */ + if (impersonate_principal == NULL || flags.b.constrained_delegation) { + krb5_cc_clear_mcred(&mcreds); + mcreds.server = referral.server; + ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcreds, &ticket); + } else + ret = EINVAL; + if (ret) { - free (*out_creds); - *out_creds = NULL; + ret = get_cred_kdc_address(context, ccache, flags, NULL, + &referral, &tgt, impersonate_principal, + second_ticket, &ticket); + if (ret) + goto out; } + + /* Did we get the right ticket ? */ + if (krb5_principal_compare_any_realm(context, + referral.server, + ticket.server)) + break; + + if (!krb5_principal_is_krbtgt(context, ticket.server)) { + krb5_set_error_message(context, KRB5KRB_AP_ERR_NOT_US, + N_("Got back an non krbtgt " + "ticket referrals", "")); + ret = KRB5KRB_AP_ERR_NOT_US; + goto out; + } + + referral_realm = ticket.server->name.name_string.val[1]; + + /* check that there are no referrals loops */ + tickets = *ret_tgts; + + krb5_cc_clear_mcred(&mcreds); + mcreds.server = ticket.server; + + while(tickets && *tickets){ + if(krb5_compare_creds(context, + KRB5_TC_DONT_MATCH_REALM, + &mcreds, + *tickets)) + { + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + N_("Referral from %s " + "loops back to realm %s", ""), + tgt.server->realm, + referral_realm); + ret = KRB5_GET_IN_TKT_LOOP; + goto out; + } + tickets++; + } + + /* + * if either of the chain or the ok_as_delegate was stripped + * by the kdc, make sure we strip it too. + */ + + if (ok_as_delegate == 0 || ticket.flags.b.ok_as_delegate == 0) { + ok_as_delegate = 0; + ticket.flags.b.ok_as_delegate = 0; + } + + ret = add_cred(context, &ticket, ret_tgts); + if (ret) + goto out; + + /* try realm in the referral */ + ret = krb5_principal_set_realm(context, + referral.server, + referral_realm); + krb5_free_cred_contents(context, &tgt); + tgt = ticket; + memset(&ticket, 0, sizeof(ticket)); + if (ret) + goto out; } - krb5_free_creds(context, tgt); + + ret = krb5_copy_creds(context, &ticket, out_creds); + +out: + krb5_free_principal(context, referral.server); + krb5_free_cred_contents(context, &tgt); + krb5_free_cred_contents(context, &ticket); return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_cred_from_kdc_opt(krb5_context context, - krb5_ccache ccache, - krb5_creds *in_creds, - krb5_creds **out_creds, - krb5_creds ***ret_tgts, - krb5_flags flags) -{ - krb5_kdc_flags f; - f.i = flags; - return get_cred_from_kdc_flags(context, f, ccache, - in_creds, NULL, NULL, - out_creds, ret_tgts); -} -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_cred_from_kdc(krb5_context context, +/* + * Glue function between referrals version and old client chasing + * codebase. + */ + +krb5_error_code +_krb5_get_cred_kdc_any(krb5_context context, + krb5_kdc_flags flags, krb5_ccache ccache, krb5_creds *in_creds, + krb5_principal impersonate_principal, + Ticket *second_ticket, krb5_creds **out_creds, krb5_creds ***ret_tgts) { - return krb5_get_cred_from_kdc_opt(context, ccache, - in_creds, out_creds, ret_tgts, 0); -} - + krb5_error_code ret; + krb5_deltat offset; -krb5_error_code KRB5_LIB_FUNCTION + ret = krb5_cc_get_kdc_offset(context, ccache, &offset); + if (ret) { + context->kdc_sec_offset = offset; + context->kdc_usec_offset = 0; + } + + ret = get_cred_kdc_referral(context, + flags, + ccache, + in_creds, + impersonate_principal, + second_ticket, + out_creds, + ret_tgts); + if (ret == 0 || flags.b.canonicalize) + return ret; + return get_cred_kdc_capath(context, + flags, + ccache, + in_creds, + impersonate_principal, + second_ticket, + out_creds, + ret_tgts); +} + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials_with_flags(krb5_context context, krb5_flags options, krb5_kdc_flags flags, @@ -929,18 +1129,25 @@ krb5_get_credentials_with_flags(krb5_context context, krb5_creds **tgts; krb5_creds *res_creds; int i; - + + if (in_creds->session.keytype) { + ret = krb5_enctype_valid(context, in_creds->session.keytype); + if (ret) + return ret; + } + *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); if (res_creds == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if (in_creds->session.keytype) options |= KRB5_TC_MATCH_KEYTYPE; - /* + /* * If we got a credential, check if credential is expired before * returning it. */ @@ -949,7 +1156,7 @@ krb5_get_credentials_with_flags(krb5_context context, in_creds->session.keytype ? KRB5_TC_MATCH_KEYTYPE : 0, in_creds, res_creds); - /* + /* * If we got a credential, check if credential is expired before * returning it, but only if KRB5_GC_EXPIRED_OK is not set. */ @@ -961,7 +1168,7 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = res_creds; return 0; } - + krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; @@ -975,18 +1182,17 @@ krb5_get_credentials_with_flags(krb5_context context, return ret; } free(res_creds); - if(options & KRB5_GC_CACHED) { - not_found(context, in_creds->server); - return KRB5_CC_NOTFOUND; - } + if(options & KRB5_GC_CACHED) + return not_found(context, in_creds->server, KRB5_CC_NOTFOUND); + if(options & KRB5_GC_USER_USER) flags.b.enc_tkt_in_skey = 1; if (flags.b.enc_tkt_in_skey) options |= KRB5_GC_NO_STORE; tgts = NULL; - ret = get_cred_from_kdc_flags(context, flags, ccache, - in_creds, NULL, NULL, out_creds, &tgts); + ret = _krb5_get_cred_kdc_any(context, flags, ccache, + in_creds, NULL, NULL, out_creds, &tgts); for(i = 0; tgts && tgts[i]; i++) { krb5_cc_store_cred(context, ccache, tgts[i]); krb5_free_creds(context, tgts[i]); @@ -997,7 +1203,7 @@ krb5_get_credentials_with_flags(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, @@ -1018,27 +1224,32 @@ struct krb5_get_creds_opt_data { }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) { *opt = calloc(1, sizeof(**opt)); if (*opt == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_free(krb5_context context, krb5_get_creds_opt opt) { if (opt->self) krb5_free_principal(context, opt->self); + if (opt->ticket) { + free_Ticket(opt->ticket); + free(opt->ticket); + } memset(opt, 0, sizeof(*opt)); free(opt); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options) @@ -1046,7 +1257,7 @@ krb5_get_creds_opt_set_options(krb5_context context, opt->options = options; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_add_options(krb5_context context, krb5_get_creds_opt opt, krb5_flags options) @@ -1054,7 +1265,7 @@ krb5_get_creds_opt_add_options(krb5_context context, opt->options |= options; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_enctype(krb5_context context, krb5_get_creds_opt opt, krb5_enctype enctype) @@ -1062,7 +1273,7 @@ krb5_get_creds_opt_set_enctype(krb5_context context, opt->enctype = enctype; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_impersonate(krb5_context context, krb5_get_creds_opt opt, krb5_const_principal self) @@ -1072,7 +1283,7 @@ krb5_get_creds_opt_set_impersonate(krb5_context context, return krb5_copy_principal(context, self, &opt->self); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_ticket(krb5_context context, krb5_get_creds_opt opt, const Ticket *ticket) @@ -1087,14 +1298,16 @@ krb5_get_creds_opt_set_ticket(krb5_context context, opt->ticket = malloc(sizeof(*ticket)); if (opt->ticket == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_Ticket(ticket, opt->ticket); if (ret) { free(opt->ticket); opt->ticket = NULL; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); return ret; } } @@ -1103,7 +1316,7 @@ krb5_get_creds_opt_set_ticket(krb5_context context, -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds(krb5_context context, krb5_get_creds_opt opt, krb5_ccache ccache, @@ -1117,7 +1330,13 @@ krb5_get_creds(krb5_context context, krb5_creds **tgts; krb5_creds *res_creds; int i; - + + if (opt && opt->enctype) { + ret = krb5_enctype_valid(context, opt->enctype); + if (ret) + return ret; + } + memset(&in_creds, 0, sizeof(in_creds)); in_creds.server = rk_UNCONST(inprinc); @@ -1125,31 +1344,35 @@ krb5_get_creds(krb5_context context, if (ret) return ret; - options = opt->options; + if (opt) + options = opt->options; + else + options = 0; flags.i = 0; *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); if (res_creds == NULL) { krb5_free_principal(context, in_creds.client); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - if (opt->enctype) { + if (opt && opt->enctype) { in_creds.session.keytype = opt->enctype; options |= KRB5_TC_MATCH_KEYTYPE; } - /* + /* * If we got a credential, check if credential is expired before * returning it. */ ret = krb5_cc_retrieve_cred(context, ccache, - opt->enctype ? KRB5_TC_MATCH_KEYTYPE : 0, + options & KRB5_TC_MATCH_KEYTYPE, &in_creds, res_creds); - /* + /* * If we got a credential, check if credential is expired before * returning it, but only if KRB5_GC_EXPIRED_OK is not set. */ @@ -1160,14 +1383,14 @@ krb5_get_creds(krb5_context context, if(options & KRB5_GC_EXPIRED_OK) { *out_creds = res_creds; krb5_free_principal(context, in_creds.client); - return 0; + goto out; } - + krb5_timeofday(context, &timeret); if(res_creds->times.endtime > timeret) { *out_creds = res_creds; krb5_free_principal(context, in_creds.client); - return 0; + goto out; } if(options & KRB5_GC_CACHED) krb5_cc_remove_cred(context, ccache, 0, res_creds); @@ -1175,13 +1398,13 @@ krb5_get_creds(krb5_context context, } else if(ret != KRB5_CC_END) { free(res_creds); krb5_free_principal(context, in_creds.client); - return ret; + goto out; } free(res_creds); if(options & KRB5_GC_CACHED) { - not_found(context, in_creds.server); krb5_free_principal(context, in_creds.client); - return KRB5_CC_NOTFOUND; + ret = not_found(context, in_creds.server, KRB5_CC_NOTFOUND); + goto out; } if(options & KRB5_GC_USER_USER) { flags.b.enc_tkt_in_skey = 1; @@ -1195,11 +1418,13 @@ krb5_get_creds(krb5_context context, flags.b.request_anonymous = 1; /* XXX ARGH confusion */ flags.b.constrained_delegation = 1; } + if (options & KRB5_GC_CANONICALIZE) + flags.b.canonicalize = 1; tgts = NULL; - ret = get_cred_from_kdc_flags(context, flags, ccache, - &in_creds, opt->self, opt->ticket, - out_creds, &tgts); + ret = _krb5_get_cred_kdc_any(context, flags, ccache, + &in_creds, opt->self, opt->ticket, + out_creds, &tgts); krb5_free_principal(context, in_creds.client); for(i = 0; tgts && tgts[i]; i++) { krb5_cc_store_cred(context, ccache, tgts[i]); @@ -1208,6 +1433,10 @@ krb5_get_creds(krb5_context context, free(tgts); if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0) krb5_cc_store_cred(context, ccache, *out_creds); + + out: + _krb5_debug(context, 5, "krb5_get_creds: ret = %d", ret); + return ret; } @@ -1215,7 +1444,7 @@ krb5_get_creds(krb5_context context, * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_const_principal client, @@ -1241,7 +1470,7 @@ krb5_get_renewed_creds(krb5_context context, } } else { const char *realm = krb5_principal_get_realm(context, client); - + ret = krb5_make_principal(context, &in.server, realm, KRB5_TGS_NAME, realm, NULL); if (ret) { diff --git a/crypto/heimdal/lib/krb5/get_default_principal.c b/crypto/heimdal/lib/krb5/get_default_principal.c index 83fb2b0fa98..44baa6d1c2c 100644 --- a/crypto/heimdal/lib/krb5/get_default_principal.c +++ b/crypto/heimdal/lib/krb5/get_default_principal.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c 14870 2005-04-20 20:53:29Z lha $"); - /* * Try to find out what's a reasonable default principal. */ @@ -50,6 +48,8 @@ get_env_user(void) return user; } +#ifndef _WIN32 + /* * Will only use operating-system dependant operation to get the * default principal, for use of functions that in ccache layer to @@ -57,7 +57,7 @@ get_env_user(void) */ krb5_error_code -_krb5_get_default_principal_local (krb5_context context, +_krb5_get_default_principal_local (krb5_context context, krb5_principal *princ) { krb5_error_code ret; @@ -66,7 +66,7 @@ _krb5_get_default_principal_local (krb5_context context, *princ = NULL; - uid = getuid(); + uid = getuid(); if(uid == 0) { user = getlogin(); if(user == NULL) @@ -76,7 +76,7 @@ _krb5_get_default_principal_local (krb5_context context, else ret = krb5_make_principal(context, princ, NULL, "root", NULL); } else { - struct passwd *pw = getpwuid(uid); + struct passwd *pw = getpwuid(uid); if(pw != NULL) user = pw->pw_name; else { @@ -85,8 +85,9 @@ _krb5_get_default_principal_local (krb5_context context, user = getlogin(); } if(user == NULL) { - krb5_set_error_string(context, - "unable to figure out current principal"); + krb5_set_error_message(context, ENOTTY, + N_("unable to figure out current " + "principal", "")); return ENOTTY; /* XXX */ } ret = krb5_make_principal(context, princ, NULL, user, NULL); @@ -94,7 +95,56 @@ _krb5_get_default_principal_local (krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +#else /* _WIN32 */ + +#define SECURITY_WIN32 +#include + +krb5_error_code +_krb5_get_default_principal_local(krb5_context context, + krb5_principal *princ) +{ + /* See if we can get the principal first. We only expect this to + work if logged into a domain. */ + { + char username[1024]; + ULONG sz = sizeof(username); + + if (GetUserNameEx(NameUserPrincipal, username, &sz)) { + return krb5_parse_name_flags(context, username, + KRB5_PRINCIPAL_PARSE_ENTERPRISE, + princ); + } + } + + /* Just get the Windows username. This should pretty much always + work. */ + { + char username[1024]; + DWORD dsz = sizeof(username); + + if (GetUserName(username, &dsz)) { + return krb5_make_principal(context, princ, NULL, username, NULL); + } + } + + /* Failing that, we look at the environment */ + { + const char * username = get_env_user(); + + if (username == NULL) { + krb5_set_error_string(context, + "unable to figure out current principal"); + return ENOTTY; /* Really? */ + } + + return krb5_make_principal(context, princ, NULL, username, NULL); + } +} + +#endif + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_principal (krb5_context context, krb5_principal *princ) { diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c index 09c8577b260..2a4933a62a7 100644 --- a/crypto/heimdal/lib/krb5/get_default_realm.c +++ b/crypto/heimdal/lib/krb5/get_default_realm.c @@ -1,46 +1,44 @@ /* - * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c 13863 2004-05-25 21:46:46Z lha $"); - /* * Return a NULL-terminated list of default realms in `realms'. * Free this memory with krb5_free_host_realm. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realms (krb5_context context, krb5_realm **realms) { @@ -59,7 +57,7 @@ krb5_get_default_realms (krb5_context context, * Return the first default realm. For compatibility. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realm(krb5_context context, krb5_realm *realm) { @@ -68,7 +66,7 @@ krb5_get_default_realm(krb5_context context, if (context->default_realms == NULL || context->default_realms[0] == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = krb5_set_default_realm (context, NULL); if (ret) return ret; @@ -76,7 +74,8 @@ krb5_get_default_realm(krb5_context context, res = strdup (context->default_realms[0]); if (res == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *realm = res; diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c index cb8b7c8641a..979fc9b0ae9 100644 --- a/crypto/heimdal/lib/krb5/get_for_creds.c +++ b/crypto/heimdal/lib/krb5/get_for_creds.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: get_for_creds.c 22504 2008-01-21 15:49:58Z lha $"); +#include "krb5_locl.h" static krb5_error_code add_addrs(krb5_context context, @@ -51,8 +49,8 @@ add_addrs(krb5_context context, tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val)); if (tmp == NULL && (addr->len + n) != 0) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } addr->val = tmp; @@ -72,7 +70,7 @@ add_addrs(krb5_context context, addr->val[i++] = ad; } else if (ret == KRB5_PROG_ATYPE_NOSUPP) - krb5_clear_error_string (context); + krb5_clear_error_message (context); else goto fail; addr->len = i; @@ -102,7 +100,7 @@ fail: * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds (krb5_context context, krb5_auth_context auth_context, const char *hostname, @@ -129,23 +127,22 @@ krb5_fwd_tgt_creds (krb5_context context, if (inst != NULL && strcmp(inst, "host") == 0 && - host != NULL && + host != NULL && krb5_principal_get_comp_string(context, server, 2) == NULL) hostname = host; } client_realm = krb5_principal_get_realm(context, client); - + memset (&creds, 0, sizeof(creds)); creds.client = client; - ret = krb5_build_principal(context, - &creds.server, - strlen(client_realm), - client_realm, - KRB5_TGS_NAME, - client_realm, - NULL); + ret = krb5_make_principal(context, + &creds.server, + client_realm, + KRB5_TGS_NAME, + client_realm, + NULL); if (ret) return ret; @@ -163,7 +160,7 @@ krb5_fwd_tgt_creds (krb5_context context, * Gets tickets forwarded to hostname. If the tickets that are * forwarded are address-less, the forwarded tickets will also be * address-less. - * + * * If the ticket have any address, hostname will be used for figure * out the address to forward the ticket too. This since this might * use DNS, its insecure and also doesn't represent configured all @@ -186,7 +183,7 @@ krb5_fwd_tgt_creds (krb5_context context, * @ingroup krb5_credential */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, @@ -207,7 +204,6 @@ krb5_get_forwarded_creds (krb5_context context, krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; - int save_errno; krb5_creds *ticket; paddrs = NULL; @@ -222,14 +218,14 @@ krb5_get_forwarded_creds (krb5_context context, } else { krb5_boolean noaddr; krb5_appdefault_boolean(context, NULL, - krb5_principal_get_realm(context, + krb5_principal_get_realm(context, in_creds->client), "no-addresses", KRB5_ADDRESSLESS_DEFAULT, &noaddr); if (!noaddr) paddrs = &addrs; } - + /* * If tickets have addresses, get the address of the remote host. */ @@ -238,18 +234,20 @@ krb5_get_forwarded_creds (krb5_context context, ret = getaddrinfo (hostname, NULL, NULL, &ai); if (ret) { - save_errno = errno; - krb5_set_error_string(context, "resolving %s: %s", + krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, errno); + krb5_set_error_message(context, ret2, + N_("resolving host %s failed: %s", + "hostname, error"), hostname, gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); + return ret2; } - + ret = add_addrs (context, &addrs, ai); freeaddrinfo (ai); if (ret) return ret; } - + kdc_flags.b = int2KDCOptions(flags); ret = krb5_get_kdc_cred (context, @@ -269,7 +267,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&cred.tickets, 1); if (cred.tickets.val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out2; } ret = decode_Ticket(out_creds->ticket.data, @@ -282,27 +280,27 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); if (enc_krb_cred_part.ticket_info.val == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out4; } - + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { krb5_timestamp sec; int32_t usec; - + krb5_us_timeofday (context, &sec, &usec); - + ALLOC(enc_krb_cred_part.timestamp, 1); if (enc_krb_cred_part.timestamp == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out4; } *enc_krb_cred_part.timestamp = sec; ALLOC(enc_krb_cred_part.usec, 1); if (enc_krb_cred_part.usec == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out4; } *enc_krb_cred_part.usec = usec; @@ -346,7 +344,8 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.r_address, 1); if (enc_krb_cred_part.r_address == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out4; } @@ -389,7 +388,7 @@ krb5_get_forwarded_creds (krb5_context context, /* encode EncKrbCredPart */ - ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, &enc_krb_cred_part, &len, ret); free_EncKrbCredPart (&enc_krb_cred_part); if (ret) { @@ -413,13 +412,13 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - /* + /* * Here older versions then 0.7.2 of Heimdal used the local or * remote subkey. That is wrong, the session key should be * used. Heimdal 0.7.2 and newer have code to try both in the * receiving end. */ - + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) { free(buf); diff --git a/crypto/heimdal/lib/krb5/get_host_realm.c b/crypto/heimdal/lib/krb5/get_host_realm.c index d709e4b38d1..ed7f54b3d69 100644 --- a/crypto/heimdal/lib/krb5/get_host_realm.c +++ b/crypto/heimdal/lib/krb5/get_host_realm.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include -RCSID("$Id: get_host_realm.c 18541 2006-10-17 19:28:36Z lha $"); - /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with * the name of your realm, like this: @@ -51,14 +49,14 @@ RCSID("$Id: get_host_realm.c 18541 2006-10-17 19:28:36Z lha $"); */ static int -copy_txt_to_realms (struct resource_record *head, +copy_txt_to_realms (struct rk_resource_record *head, krb5_realm **realms) { - struct resource_record *rr; - int n, i; + struct rk_resource_record *rr; + unsigned int n, i; for(n = 0, rr = head; rr; rr = rr->next) - if (rr->type == T_TXT) + if (rr->type == rk_ns_t_txt) ++n; if (n == 0) @@ -72,7 +70,7 @@ copy_txt_to_realms (struct resource_record *head, (*realms)[i] = NULL; for (i = 0, rr = head; rr; rr = rr->next) { - if (rr->type == T_TXT) { + if (rr->type == rk_ns_t_txt) { char *tmp; tmp = strdup(rr->u.txt); @@ -96,11 +94,11 @@ dns_find_realm(krb5_context context, { static const char *default_labels[] = { "_kerberos", NULL }; char dom[MAXHOSTNAMELEN]; - struct dns_reply *r; + struct rk_dns_reply *r; const char **labels; char **config_labels; int i, ret; - + config_labels = krb5_config_get_strings(context, NULL, "libdefaults", "dns_lookup_realm_labels", NULL); if(config_labels != NULL) @@ -111,15 +109,15 @@ dns_find_realm(krb5_context context, domain++; for (i = 0; labels[i] != NULL; i++) { ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain); - if(ret < 0 || ret >= sizeof(dom)) { + if(ret < 0 || (size_t)ret >= sizeof(dom)) { if (config_labels) krb5_config_free_strings(config_labels); return -1; } - r = dns_lookup(dom, "TXT"); + r = rk_dns_lookup(dom, "TXT"); if(r != NULL) { ret = copy_txt_to_realms (r->head, realms); - dns_free_data(r); + rk_dns_free_data(r); if(ret == 0) { if (config_labels) krb5_config_free_strings(config_labels); @@ -138,8 +136,8 @@ dns_find_realm(krb5_context context, */ static int -config_find_realm(krb5_context context, - const char *domain, +config_find_realm(krb5_context context, + const char *domain, krb5_realm **realms) { char **tmp = krb5_config_get_strings (context, NULL, @@ -160,7 +158,7 @@ config_find_realm(krb5_context context, * fall back to guessing */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_get_host_realm_int (krb5_context context, const char *host, krb5_boolean use_dns, @@ -178,8 +176,8 @@ _krb5_get_host_realm_int (krb5_context context, for (q = host; q != NULL; q = strchr(q + 1, '.')) if(dns_find_realm(context, q, realms) == 0) return 0; - continue; - } else + continue; + } else return 0; } else if(use_dns && dns_locate_enable) { @@ -192,21 +190,23 @@ _krb5_get_host_realm_int (krb5_context context, p++; *realms = malloc(2 * sizeof(krb5_realm)); if (*realms == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } (*realms)[0] = strdup(p); if((*realms)[0] == NULL) { free(*realms); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } strupr((*realms)[0]); (*realms)[1] = NULL; return 0; } - krb5_set_error_string(context, "unable to find realm of host %s", host); + krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, + N_("unable to find realm of host %s", ""), + host); return KRB5_ERR_HOST_REALM_UNKNOWN; } @@ -215,7 +215,7 @@ _krb5_get_host_realm_int (krb5_context context, * `realms'. Free `realms' with krb5_free_host_realm(). */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_host_realm(krb5_context context, const char *targethost, krb5_realm **realms) @@ -233,7 +233,7 @@ krb5_get_host_realm(krb5_context context, host = hostname; } - /* + /* * If our local hostname is without components, don't even try to dns. */ @@ -248,8 +248,9 @@ krb5_get_host_realm(krb5_context context, */ ret = krb5_get_default_realms(context, realms); if (ret) { - krb5_set_error_string(context, "Unable to find realm of host %s", - host); + krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, + N_("Unable to find realm of host %s", ""), + host); return KRB5_ERR_HOST_REALM_UNKNOWN; } } diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index ffd4ca2b04e..41618b9616a 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -1,331 +1,54 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c 20226 2007-02-16 03:31:50Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_etype (krb5_context context, - unsigned *len, - krb5_enctype **val, - const krb5_enctype *etypes) -{ - int i; - krb5_error_code ret; - krb5_enctype *tmp = NULL; - - ret = 0; - if (etypes == NULL) { - ret = krb5_get_default_in_tkt_etypes(context, - &tmp); - if (ret) - return ret; - etypes = tmp; - } - - for (i = 0; etypes[i]; ++i) - ; - *len = i; - *val = malloc(i * sizeof(**val)); - if (i != 0 && *val == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); - goto cleanup; - } - memmove (*val, - etypes, - i * sizeof(*tmp)); -cleanup: - if (tmp != NULL) - free (tmp); - return ret; -} - +#ifndef HEIMDAL_SMALLER static krb5_error_code -decrypt_tkt (krb5_context context, - krb5_keyblock *key, - krb5_key_usage usage, - krb5_const_pointer decrypt_arg, - krb5_kdc_rep *dec_rep) -{ - krb5_error_code ret; - krb5_data data; - size_t size; - krb5_crypto crypto; - - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) - return ret; - - ret = krb5_decrypt_EncryptedData (context, - crypto, - usage, - &dec_rep->kdc_rep.enc_part, - &data); - krb5_crypto_destroy(context, crypto); - - if (ret) - return ret; - - ret = krb5_decode_EncASRepPart(context, - data.data, - data.length, - &dec_rep->enc_part, - &size); - if (ret) - ret = krb5_decode_EncTGSRepPart(context, - data.data, - data.length, - &dec_rep->enc_part, - &size); - krb5_data_free (&data); - if (ret) - return ret; - return 0; -} - -int -_krb5_extract_ticket(krb5_context context, - krb5_kdc_rep *rep, - krb5_creds *creds, - krb5_keyblock *key, - krb5_const_pointer keyseed, - krb5_key_usage key_usage, - krb5_addresses *addrs, - unsigned nonce, - unsigned flags, - krb5_decrypt_proc decrypt_proc, - krb5_const_pointer decryptarg) -{ - krb5_error_code ret; - krb5_principal tmp_principal; - int tmp; - size_t len; - time_t tmp_time; - krb5_timestamp sec_now; - - ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, - rep->kdc_rep.cname, - rep->kdc_rep.crealm); - if (ret) - goto out; - - /* compare client */ - - if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0){ - tmp = krb5_principal_compare (context, tmp_principal, creds->client); - if (!tmp) { - krb5_free_principal (context, tmp_principal); - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_MODIFIED; - goto out; - } - } - - krb5_free_principal (context, creds->client); - creds->client = tmp_principal; - - /* extract ticket */ - ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, - &rep->kdc_rep.ticket, &len, ret); - if(ret) - goto out; - if (creds->ticket.length != len) - krb5_abortx(context, "internal error in ASN.1 encoder"); - creds->second_ticket.length = 0; - creds->second_ticket.data = NULL; - - /* compare server */ - - ret = _krb5_principalname2krb5_principal (context, - &tmp_principal, - rep->kdc_rep.ticket.sname, - rep->kdc_rep.ticket.realm); - if (ret) - goto out; - if(flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH){ - krb5_free_principal(context, creds->server); - creds->server = tmp_principal; - tmp_principal = NULL; - } else { - tmp = krb5_principal_compare (context, tmp_principal, - creds->server); - krb5_free_principal (context, tmp_principal); - if (!tmp) { - ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_clear_error_string (context); - goto out; - } - } - - /* decrypt */ - - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - - ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); - if (ret) - goto out; - - /* verify names */ - if(flags & EXTRACT_TICKET_MATCH_REALM){ - const char *srealm = krb5_principal_get_realm(context, creds->server); - const char *crealm = krb5_principal_get_realm(context, creds->client); - - if (strcmp(rep->enc_part.srealm, srealm) != 0 || - strcmp(rep->enc_part.srealm, crealm) != 0) - { - ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_clear_error_string(context); - goto out; - } - } - - /* compare nonces */ - - if (nonce != rep->enc_part.nonce) { - ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_set_error_string(context, "malloc: out of memory"); - goto out; - } - - /* set kdc-offset */ - - krb5_timeofday (context, &sec_now); - if (rep->enc_part.flags.initial - && context->kdc_sec_offset == 0 - && krb5_config_get_bool (context, NULL, - "libdefaults", - "kdc_timesync", - NULL)) { - context->kdc_sec_offset = rep->enc_part.authtime - sec_now; - krb5_timeofday (context, &sec_now); - } - - /* check all times */ - - if (rep->enc_part.starttime) { - tmp_time = *rep->enc_part.starttime; - } else - tmp_time = rep->enc_part.authtime; - - if (creds->times.starttime == 0 - && abs(tmp_time - sec_now) > context->max_skew) { - ret = KRB5KRB_AP_ERR_SKEW; - krb5_set_error_string (context, - "time skew (%d) larger than max (%d)", - abs(tmp_time - sec_now), - (int)context->max_skew); - goto out; - } - - if (creds->times.starttime != 0 - && tmp_time != creds->times.starttime) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_MODIFIED; - goto out; - } - - creds->times.starttime = tmp_time; - - if (rep->enc_part.renew_till) { - tmp_time = *rep->enc_part.renew_till; - } else - tmp_time = 0; - - if (creds->times.renew_till != 0 - && tmp_time > creds->times.renew_till) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_MODIFIED; - goto out; - } - - creds->times.renew_till = tmp_time; - - creds->times.authtime = rep->enc_part.authtime; - - if (creds->times.endtime != 0 - && rep->enc_part.endtime > creds->times.endtime) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_MODIFIED; - goto out; - } - - creds->times.endtime = rep->enc_part.endtime; - - if(rep->enc_part.caddr) - krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses); - else if(addrs) - krb5_copy_addresses (context, addrs, &creds->addresses); - else { - creds->addresses.len = 0; - creds->addresses.val = NULL; - } - creds->flags.b = rep->enc_part.flags; - - creds->authdata.len = 0; - creds->authdata.val = NULL; - creds->session.keyvalue.length = 0; - creds->session.keyvalue.data = NULL; - creds->session.keytype = rep->enc_part.key.keytype; - ret = krb5_data_copy (&creds->session.keyvalue, - rep->enc_part.key.keyvalue.data, - rep->enc_part.key.keyvalue.length); - -out: - memset (rep->enc_part.key.keyvalue.data, 0, - rep->enc_part.key.keyvalue.length); - return ret; -} - - -static krb5_error_code -make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, +make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; unsigned char *buf; size_t buf_size; - size_t len; + size_t len = 0; EncryptedData encdata; krb5_error_code ret; int32_t usec; int usec2; krb5_crypto crypto; - + krb5_us_timeofday (context, &p.patimestamp, &usec); usec2 = usec; p.pausec = &usec2; @@ -340,7 +63,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, free(buf); return ret; } - ret = krb5_encrypt_EncryptedData(context, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, buf, @@ -351,7 +74,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_crypto_destroy(context, crypto); if (ret) return ret; - + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) @@ -366,7 +89,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, static krb5_error_code add_padata(krb5_context context, - METHOD_DATA *md, + METHOD_DATA *md, krb5_principal client, krb5_key_proc key_proc, krb5_const_pointer keyseed, @@ -378,11 +101,13 @@ add_padata(krb5_context context, PA_DATA *pa2; krb5_salt salt2; krb5_enctype *ep; - int i; - + size_t i; + if(salt == NULL) { /* default to standard salt */ ret = krb5_get_pw_salt (context, client, &salt2); + if (ret) + return ret; salt = &salt2; } if (!enctypes) { @@ -393,7 +118,7 @@ add_padata(krb5_context context, } pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); if (pa2 == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } md->val = pa2; @@ -440,13 +165,13 @@ init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } ret = _krb5_principal2principalname (a->req_body.cname, creds->client); @@ -463,7 +188,7 @@ init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.from = creds->times.starttime; @@ -476,13 +201,14 @@ init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.rtime = creds->times.renew_till; } a->req_body.nonce = nonce; - ret = krb5_init_etype (context, + ret = _krb5_init_etype(context, + KRB5_PDU_AS_REQUEST, &a->req_body.etype.len, &a->req_body.etype.val, etypes); @@ -499,7 +225,7 @@ init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -520,18 +246,18 @@ init_as_req (krb5_context context, a->req_body.additional_tickets = NULL; if(preauth != NULL) { - int i; + size_t i; ALLOC(a->padata, 1); if(a->padata == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->padata->val = NULL; a->padata->len = 0; for(i = 0; i < preauth->len; i++) { if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){ - int j; + size_t j; for(j = 0; j < preauth->val[i].info.len; j++) { krb5_salt *sp = &salt; @@ -546,8 +272,8 @@ init_as_req (krb5_context context, sp = NULL; else krb5_data_zero(&salt.saltvalue); - ret = add_padata(context, a->padata, creds->client, - key_proc, keyseed, + ret = add_padata(context, a->padata, creds->client, + key_proc, keyseed, &preauth->val[i].info.val[j].etype, 1, sp); if (ret == 0) @@ -555,7 +281,7 @@ init_as_req (krb5_context context, } } } - } else + } else /* not sure this is the way to use `ptypes' */ if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE) a->padata = NULL; @@ -563,27 +289,28 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if (a->padata == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->padata->len = 0; a->padata->val = NULL; /* make a v5 salted pa-data */ - add_padata(context, a->padata, creds->client, + add_padata(context, a->padata, creds->client, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, NULL); - + /* make a v4 salted pa-data */ salt.salttype = KRB5_PW_SALT; krb5_data_zero(&salt.saltvalue); - add_padata(context, a->padata, creds->client, + add_padata(context, a->padata, creds->client, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); } else { - krb5_set_error_string (context, "pre-auth type %d not supported", - *ptypes); ret = KRB5_PREAUTH_BAD_TYPE; + krb5_set_error_message (context, ret, + N_("pre-auth type %d not supported", ""), + *ptypes); goto fail; } return 0; @@ -594,7 +321,7 @@ fail: static int set_ptypes(krb5_context context, - KRB_ERROR *error, + KRB_ERROR *error, const krb5_preauthtype **ptypes, krb5_preauthdata **preauth) { @@ -603,10 +330,10 @@ set_ptypes(krb5_context context, if(error->e_data) { METHOD_DATA md; - int i; - decode_METHOD_DATA(error->e_data->data, - error->e_data->length, - &md, + size_t i; + decode_METHOD_DATA(error->e_data->data, + error->e_data->length, + &md, NULL); for(i = 0; i < md.len; i++){ switch(md.val[i].padata_type){ @@ -617,11 +344,10 @@ set_ptypes(krb5_context context, *preauth = &preauth2; ALLOC_SEQ(*preauth, 1); (*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP; - krb5_decode_ETYPE_INFO(context, - md.val[i].padata_value.data, - md.val[i].padata_value.length, - &(*preauth)->val[0].info, - NULL); + decode_ETYPE_INFO(md.val[i].padata_value.data, + md.val[i].padata_value.length, + &(*preauth)->val[0].info, + NULL); break; default: break; @@ -634,7 +360,7 @@ set_ptypes(krb5_context context, return(1); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_cred(krb5_context context, krb5_flags options, const krb5_addresses *addrs, @@ -647,12 +373,13 @@ krb5_get_in_cred(krb5_context context, krb5_const_pointer decryptarg, krb5_creds *creds, krb5_kdc_rep *ret_as_reply) + KRB5_DEPRECATED_FUNCTION("Use X instead") { krb5_error_code ret; AS_REQ a; krb5_kdc_rep rep; krb5_data req, resp; - size_t len; + size_t len = 0; krb5_salt salt; krb5_keyblock *key; size_t size; @@ -725,7 +452,7 @@ krb5_get_in_cred(krb5_context context, done = 0; preauth = my_preauth; krb5_free_error_contents(context, &error); - krb5_clear_error_string(context); + krb5_clear_error_message(context); continue; } if(ret_as_reply) @@ -738,29 +465,29 @@ krb5_get_in_cred(krb5_context context, } krb5_data_free(&resp); } while(!done); - + pa = NULL; etype = rep.kdc_rep.enc_part.etype; if(rep.kdc_rep.padata){ int i = 0; - pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, + pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, KRB5_PADATA_PW_SALT, &i); if(pa == NULL) { i = 0; - pa = krb5_find_padata(rep.kdc_rep.padata->val, - rep.kdc_rep.padata->len, + pa = krb5_find_padata(rep.kdc_rep.padata->val, + rep.kdc_rep.padata->len, KRB5_PADATA_AFS3_SALT, &i); } } if(pa) { - salt.salttype = pa->padata_type; + salt.salttype = (krb5_salttype)pa->padata_type; salt.saltvalue = pa->padata_value; - + ret = (*key_proc)(context, etype, salt, keyseed, &key); } else { /* make a v5 salted pa-data */ ret = krb5_get_pw_salt (context, creds->client, &salt); - + if (ret) goto out; ret = (*key_proc)(context, etype, salt, keyseed, &key); @@ -768,22 +495,22 @@ krb5_get_in_cred(krb5_context context, } if (ret) goto out; - + { - unsigned flags = 0; + unsigned flags = EXTRACT_TICKET_TIMESYNC; if (opts.request_anonymous) flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - ret = _krb5_extract_ticket(context, - &rep, - creds, - key, - keyseed, + ret = _krb5_extract_ticket(context, + &rep, + creds, + key, + keyseed, KRB5_KU_AS_REP_ENC_PART, - NULL, - nonce, + NULL, + nonce, flags, - decrypt_proc, + decrypt_proc, decryptarg); } memset (key->keyvalue.data, 0, key->keyvalue.length); @@ -798,7 +525,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt(krb5_context context, krb5_flags options, const krb5_addresses *addrs, @@ -811,9 +538,10 @@ krb5_get_in_tkt(krb5_context context, krb5_creds *creds, krb5_ccache ccache, krb5_kdc_rep *ret_as_reply) + KRB5_DEPRECATED_FUNCTION("Use X instead") { krb5_error_code ret; - + ret = krb5_get_in_cred (context, options, addrs, @@ -826,9 +554,11 @@ krb5_get_in_tkt(krb5_context context, decryptarg, creds, ret_as_reply); - if(ret) + if(ret) return ret; if (ccache) ret = krb5_cc_store_cred (context, ccache, creds); return ret; } + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c deleted file mode 100644 index 21b27c61b47..00000000000 --- a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: get_in_tkt_pw.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_password_key_proc (krb5_context context, - krb5_enctype type, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key) -{ - krb5_error_code ret; - const char *password = (const char *)keyseed; - char buf[BUFSIZ]; - - *key = malloc (sizeof (**key)); - if (*key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - if (password == NULL) { - if(UI_UTIL_read_pw_string (buf, sizeof(buf), "Password: ", 0)) { - free (*key); - krb5_clear_error_string(context); - return KRB5_LIBOS_PWDINTR; - } - password = buf; - } - ret = krb5_string_to_key_salt (context, type, password, salt, *key); - memset (buf, 0, sizeof(buf)); - return ret; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_password (krb5_context context, - krb5_flags options, - krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *pre_auth_types, - const char *password, - krb5_ccache ccache, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply) -{ - return krb5_get_in_tkt (context, - options, - addrs, - etypes, - pre_auth_types, - krb5_password_key_proc, - password, - NULL, - NULL, - creds, - ccache, - ret_as_reply); -} diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c deleted file mode 100644 index 52f95c4bc45..00000000000 --- a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytab_key_proc (krb5_context context, - krb5_enctype enctype, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key) -{ - krb5_keytab_key_proc_args *args = rk_UNCONST(keyseed); - krb5_keytab keytab = args->keytab; - krb5_principal principal = args->principal; - krb5_error_code ret; - krb5_keytab real_keytab; - krb5_keytab_entry entry; - - if(keytab == NULL) - krb5_kt_default(context, &real_keytab); - else - real_keytab = keytab; - - ret = krb5_kt_get_entry (context, real_keytab, principal, - 0, enctype, &entry); - - if (keytab == NULL) - krb5_kt_close (context, real_keytab); - - if (ret) - return ret; - - ret = krb5_copy_keyblock (context, &entry.keyblock, key); - krb5_kt_free_entry(context, &entry); - return ret; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_keytab (krb5_context context, - krb5_flags options, - krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *pre_auth_types, - krb5_keytab keytab, - krb5_ccache ccache, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply) -{ - krb5_keytab_key_proc_args a; - - a.principal = creds->client; - a.keytab = keytab; - - return krb5_get_in_tkt (context, - options, - addrs, - etypes, - pre_auth_types, - krb5_keytab_key_proc, - &a, - NULL, - NULL, - creds, - ccache, - ret_as_reply); -} diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c deleted file mode 100644 index 1936fa16645..00000000000 --- a/crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: get_in_tkt_with_skey.c 13863 2004-05-25 21:46:46Z lha $"); - -static krb5_error_code -krb5_skey_key_proc (krb5_context context, - krb5_enctype type, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key) -{ - return krb5_copy_keyblock (context, keyseed, key); -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_skey (krb5_context context, - krb5_flags options, - krb5_addresses *addrs, - const krb5_enctype *etypes, - const krb5_preauthtype *pre_auth_types, - const krb5_keyblock *key, - krb5_ccache ccache, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply) -{ - if(key == NULL) - return krb5_get_in_tkt_with_keytab (context, - options, - addrs, - etypes, - pre_auth_types, - NULL, - ccache, - creds, - ret_as_reply); - else - return krb5_get_in_tkt (context, - options, - addrs, - etypes, - pre_auth_types, - krb5_skey_key_proc, - key, - NULL, - NULL, - creds, - ccache, - ret_as_reply); -} diff --git a/crypto/heimdal/lib/krb5/get_port.c b/crypto/heimdal/lib/krb5/get_port.c index 85587ea7662..93d9433cd03 100644 --- a/crypto/heimdal/lib/krb5/get_port.c +++ b/crypto/heimdal/lib/krb5/get_port.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $"); - -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_getportbyname (krb5_context context, const char *service, const char *proto, @@ -45,7 +43,7 @@ krb5_getportbyname (krb5_context context, if ((sp = roken_getservbyname (service, proto)) == NULL) { #if 0 - krb5_warnx(context, "%s/%s unknown service, using default port %d", + krb5_warnx(context, "%s/%s unknown service, using default port %d", service, proto, default_port); #endif return htons(default_port); diff --git a/crypto/heimdal/lib/krb5/heim_err.et b/crypto/heimdal/lib/krb5/heim_err.et index 1b8ab49bc11..c47f77092f1 100644 --- a/crypto/heimdal/lib/krb5/heim_err.et +++ b/crypto/heimdal/lib/krb5/heim_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $" +id "$Id$" error_table heim @@ -17,6 +17,9 @@ error_code OPNOTSUPP, "Operation not supported" error_code EOF, "End of file" error_code BAD_MKEY, "Failed to get the master key" error_code SERVICE_NOMATCH, "Unacceptable service used" +error_code NOT_SEEKABLE, "File descriptor not seekable" +error_code TOO_BIG, "Offset too large" +error_code BAD_HDBENT_ENCODING, "Invalid HDB entry encoding" index 64 prefix HEIM_PKINIT diff --git a/crypto/heimdal/lib/krb5/init_creds.c b/crypto/heimdal/lib/krb5/init_creds.c index a59c903bd9e..25bef0f3404 100644 --- a/crypto/heimdal/lib/krb5/init_creds.c +++ b/crypto/heimdal/lib/krb5/init_creds.c @@ -1,8 +1,10 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,32 +35,41 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 21711 2007-07-27 14:22:02Z lha $"); +#undef __attribute__ +#define __attribute__(x) -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) -{ - memset (opt, 0, sizeof(*opt)); - opt->flags = 0; - opt->opt_private = NULL; -} +/** + * @page krb5_init_creds_intro The initial credential handing functions + * @section section_krb5_init_creds Initial credential + * + * Functions to get initial credentials: @ref krb5_credential . + */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_alloc(krb5_context context, +/** + * Allocate a new krb5_get_init_creds_opt structure, free with + * krb5_get_init_creds_opt_free(). + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) { krb5_get_init_creds_opt *o; - + *opt = NULL; o = calloc(1, sizeof(*o)); if (o == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - krb5_get_init_creds_opt_init(o); + o->opt_private = calloc(1, sizeof(*o->opt_private)); if (o->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); free(o); return ENOMEM; } @@ -67,69 +78,13 @@ krb5_get_init_creds_opt_alloc(krb5_context context, return 0; } -krb5_error_code -_krb5_get_init_creds_opt_copy(krb5_context context, - const krb5_get_init_creds_opt *in, - krb5_get_init_creds_opt **out) -{ - krb5_get_init_creds_opt *opt; +/** + * Free krb5_get_init_creds_opt structure. + * + * @ingroup krb5_credential + */ - *out = NULL; - opt = calloc(1, sizeof(*opt)); - if (opt == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } - if (in) - *opt = *in; - if(opt->opt_private == NULL) { - opt->opt_private = calloc(1, sizeof(*opt->opt_private)); - if (opt->opt_private == NULL) { - krb5_set_error_string(context, "out of memory"); - free(opt); - return ENOMEM; - } - opt->opt_private->refcount = 1; - } else - opt->opt_private->refcount++; - *out = opt; - return 0; -} - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt) -{ - if (opt->opt_private == NULL || opt->opt_private->error == NULL) - return; - free_KRB_ERROR(opt->opt_private->error); - free(opt->opt_private->error); - opt->opt_private->error = NULL; -} - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_set_krb5_error(krb5_context context, - krb5_get_init_creds_opt *opt, - const KRB_ERROR *error) -{ - krb5_error_code ret; - - if (opt->opt_private == NULL) - return; - - _krb5_get_init_creds_opt_free_krb5_error(opt); - - opt->opt_private->error = malloc(sizeof(*opt->opt_private->error)); - if (opt->opt_private->error == NULL) - return; - ret = copy_KRB_ERROR(error, opt->opt_private->error); - if (ret) { - free(opt->opt_private->error); - opt->opt_private->error = NULL; - } -} - - -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free(krb5_context context, krb5_get_init_creds_opt *opt) { @@ -138,7 +93,6 @@ krb5_get_init_creds_opt_free(krb5_context context, if (opt->opt_private->refcount < 1) /* abort ? */ return; if (--opt->opt_private->refcount == 0) { - _krb5_get_init_creds_opt_free_krb5_error(opt); _krb5_get_init_creds_opt_free_pkinit(opt); free(opt->opt_private); } @@ -172,20 +126,21 @@ get_config_time (krb5_context context, static krb5_boolean get_config_bool (krb5_context context, + krb5_boolean def_value, const char *realm, const char *name) { - return krb5_config_get_bool (context, - NULL, - "realms", - realm, - name, - NULL) - || krb5_config_get_bool (context, - NULL, - "libdefaults", - name, - NULL); + krb5_boolean b; + + b = krb5_config_get_bool_default(context, NULL, def_value, + "realms", realm, name, NULL); + if (b != def_value) + return b; + b = krb5_config_get_bool_default (context, NULL, def_value, + "libdefaults", name, NULL); + if (b != def_value) + return b; + return def_value; } /* @@ -195,7 +150,7 @@ get_config_bool (krb5_context context, * [realms] or [libdefaults] for some of the values. */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_default_flags(krb5_context context, const char *appname, krb5_const_realm realm, @@ -204,11 +159,12 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, krb5_boolean b; time_t t; - b = get_config_bool (context, realm, "forwardable"); + b = get_config_bool (context, KRB5_FORWARDABLE_DEFAULT, + realm, "forwardable"); krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b); krb5_get_init_creds_opt_set_forwardable(opt, b); - b = get_config_bool (context, realm, "proxiable"); + b = get_config_bool (context, FALSE, realm, "proxiable"); krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b); krb5_get_init_creds_opt_set_proxiable (opt, b); @@ -224,7 +180,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, if(t != 0) krb5_get_init_creds_opt_set_renew_life(opt, t); - krb5_appdefault_boolean(context, appname, realm, "no-addresses", + krb5_appdefault_boolean(context, appname, realm, "no-addresses", KRB5_ADDRESSLESS_DEFAULT, &b); krb5_get_init_creds_opt_set_addressless (context, opt, b); @@ -245,7 +201,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) { @@ -253,7 +209,7 @@ krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, opt->tkt_life = tkt_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life) { @@ -261,7 +217,7 @@ krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, opt->renew_life = renew_life; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable) { @@ -269,7 +225,7 @@ krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, opt->forwardable = forwardable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable) { @@ -277,7 +233,7 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, opt->proxiable = proxiable; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) @@ -287,7 +243,7 @@ krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, opt->etype_list_length = etype_list_length; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_addresses *addresses) { @@ -295,7 +251,7 @@ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, opt->address_list = addresses; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) @@ -305,7 +261,7 @@ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, opt->preauth_list = preauth_list; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt) { @@ -313,7 +269,7 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, opt->salt = salt; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, int anonymous) { @@ -327,13 +283,14 @@ require_ext_opt(krb5_context context, const char *type) { if (opt->opt_private == NULL) { - krb5_set_error_string(context, "%s on non extendable opt", type); + krb5_set_error_message(context, EINVAL, + N_("%s on non extendable opt", ""), type); return EINVAL; } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pa_password(krb5_context context, krb5_get_init_creds_opt *opt, const char *password, @@ -348,7 +305,7 @@ krb5_get_init_creds_opt_set_pa_password(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req_pac) @@ -363,36 +320,7 @@ krb5_get_init_creds_opt_set_pac_request(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_get_error(krb5_context context, - krb5_get_init_creds_opt *opt, - KRB_ERROR **error) -{ - krb5_error_code ret; - - *error = NULL; - - ret = require_ext_opt(context, opt, "init_creds_opt_get_error"); - if (ret) - return ret; - - if (opt->opt_private->error == NULL) - return 0; - - *error = malloc(sizeof(**error)); - if (*error == NULL) { - krb5_set_error_string(context, "malloc - out memory"); - return ENOMEM; - } - - ret = copy_KRB_ERROR(opt->opt_private->error, *error); - if (ret) - krb5_clear_error_string(context); - - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_addressless(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean addressless) @@ -408,7 +336,7 @@ krb5_get_init_creds_opt_set_addressless(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_canonicalize(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -424,7 +352,7 @@ krb5_get_init_creds_opt_set_canonicalize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_win2k(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req) @@ -433,10 +361,74 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context, ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k"); if (ret) return ret; - if (req) + if (req) { opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK; - else + opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + } else { opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK; + opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + } return 0; } + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_process_last_req(krb5_context context, + krb5_get_init_creds_opt *opt, + krb5_gic_process_last_req func, + void *ctx) +{ + krb5_error_code ret; + ret = require_ext_opt(context, opt, "init_creds_opt_set_win2k"); + if (ret) + return ret; + + opt->opt_private->lr.func = func; + opt->opt_private->lr.ctx = ctx; + + return 0; +} + + +#ifndef HEIMDAL_SMALLER + +/** + * Deprecated: use krb5_get_init_creds_opt_alloc(). + * + * The reason krb5_get_init_creds_opt_init() is deprecated is that + * krb5_get_init_creds_opt is a static structure and for ABI reason it + * can't grow, ie can't add new functionality. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + memset (opt, 0, sizeof(*opt)); +} + +/** + * Deprecated: use the new krb5_init_creds_init() and + * krb5_init_creds_get_error(). + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_get_error(krb5_context context, + krb5_get_init_creds_opt *opt, + KRB_ERROR **error) + KRB5_DEPRECATED_FUNCTION("Use X instead") +{ + *error = calloc(1, sizeof(**error)); + if (*error == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + return 0; +} + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index 441adff8fdf..37f4147c372 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -1,47 +1,47 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 21931 2007-08-27 14:11:55Z lha $"); - typedef struct krb5_get_init_creds_ctx { KDCOptions flags; krb5_creds cred; krb5_addresses *addrs; krb5_enctype *etypes; krb5_preauthtype *pre_auth_types; - const char *in_tkt_service; + char *in_tkt_service; unsigned nonce; unsigned pk_nonce; @@ -49,17 +49,53 @@ typedef struct krb5_get_init_creds_ctx { AS_REQ as_req; int pa_counter; - const char *password; - krb5_s2k_proc key_proc; + /* password and keytab_data is freed on completion */ + char *password; + krb5_keytab_key_proc_args *keytab_data; + + krb5_pointer *keyseed; + krb5_s2k_proc keyproc; krb5_get_init_creds_tristate req_pac; krb5_pk_init_ctx pk_init_ctx; int ic_flags; + + int used_pa_types; +#define USED_PKINIT 1 +#define USED_PKINIT_W2K 2 +#define USED_ENC_TS_GUESS 4 +#define USED_ENC_TS_INFO 8 + + METHOD_DATA md; + KRB_ERROR error; + AS_REP as_rep; + EncKDCRepPart enc_part; + + krb5_prompter_fct prompter; + void *prompter_data; + + struct pa_info_data *ppaid; + } krb5_get_init_creds_ctx; -static krb5_error_code -default_s2k_func(krb5_context context, krb5_enctype type, + +struct pa_info_data { + krb5_enctype etype; + krb5_salt salt; + krb5_data *s2kparams; +}; + +static void +free_paid(krb5_context context, struct pa_info_data *ppaid) +{ + krb5_free_salt(context, ppaid->salt); + if (ppaid->s2kparams) + krb5_free_data(context, ppaid->s2kparams); +} + +static krb5_error_code KRB5_CALLCONV +default_s2k_func(krb5_context context, krb5_enctype type, krb5_const_pointer keyseed, krb5_salt salt, krb5_data *s2kparms, krb5_keyblock **key) @@ -68,13 +104,15 @@ default_s2k_func(krb5_context context, krb5_enctype type, krb5_data password; krb5_data opaque; + _krb5_debug(context, 5, "krb5_get_init_creds: using default_s2k_func"); + password.data = rk_UNCONST(keyseed); password.length = strlen(keyseed); if (s2kparms) opaque = *s2kparms; else krb5_data_zero(&opaque); - + *key = malloc(sizeof(**key)); if (*key == NULL) return ENOMEM; @@ -88,14 +126,32 @@ default_s2k_func(krb5_context context, krb5_enctype type, } static void -free_init_creds_ctx(krb5_context context, krb5_get_init_creds_ctx *ctx) +free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) { if (ctx->etypes) free(ctx->etypes); if (ctx->pre_auth_types) free (ctx->pre_auth_types); + if (ctx->in_tkt_service) + free(ctx->in_tkt_service); + if (ctx->keytab_data) + free(ctx->keytab_data); + if (ctx->password) { + memset(ctx->password, 0, strlen(ctx->password)); + free(ctx->password); + } + krb5_data_free(&ctx->req_buffer); + krb5_free_cred_contents(context, &ctx->cred); + free_METHOD_DATA(&ctx->md); + free_AS_REP(&ctx->as_rep); + free_EncKDCRepPart(&ctx->enc_part); + free_KRB_ERROR(&ctx->error); free_AS_REQ(&ctx->as_req); - memset(&ctx->as_req, 0, sizeof(ctx->as_req)); + if (ctx->ppaid) { + free_paid(context, ctx->ppaid); + free(ctx->ppaid); + } + memset(ctx, 0, sizeof(*ctx)); } static int @@ -127,18 +183,16 @@ init_cred (krb5_context context, krb5_creds *cred, krb5_principal client, krb5_deltat start_time, - const char *in_tkt_service, krb5_get_init_creds_opt *options) { krb5_error_code ret; - krb5_const_realm client_realm; int tmp; krb5_timestamp now; krb5_timeofday (context, &now); memset (cred, 0, sizeof(*cred)); - + if (client) krb5_copy_principal(context, client, &cred->client); else { @@ -148,8 +202,6 @@ init_cred (krb5_context context, goto out; } - client_realm = krb5_principal_get_realm (context, cred->client); - if (start_time) cred->times.starttime = now + start_time; @@ -164,22 +216,6 @@ init_cred (krb5_context context, cred->times.renew_till = now + options->renew_life; } - if (in_tkt_service) { - krb5_realm server_realm; - - ret = krb5_parse_name (context, in_tkt_service, &cred->server); - if (ret) - goto out; - server_realm = strdup (client_realm); - free (*krb5_princ_realm(context, cred->server)); - krb5_princ_set_realm (context, cred->server, &server_realm); - } else { - ret = krb5_make_principal(context, &cred->server, - client_realm, KRB5_TGS_NAME, client_realm, - NULL); - if (ret) - goto out; - } return 0; out: @@ -198,29 +234,73 @@ report_expiration (krb5_context context, const char *str, time_t now) { - char *p; - - asprintf (&p, "%s%s", str, ctime(&now)); - (*prompter) (context, data, NULL, p, 0, NULL); - free (p); + char *p = NULL; + + if (asprintf(&p, "%s%s", str, ctime(&now)) < 0 || p == NULL) + return; + (*prompter)(context, data, NULL, p, 0, NULL); + free(p); } /* - * Parse the last_req data and show it to the user if it's interesting + * Check the context, and in the case there is a expiration warning, + * use the prompter to print the warning. + * + * @param context A Kerberos 5 context. + * @param options An GIC options structure + * @param ctx The krb5_init_creds_context check for expiration. */ -static void -print_expire (krb5_context context, - krb5_const_realm realm, - krb5_kdc_rep *rep, - krb5_prompter_fct prompter, - krb5_data *data) +static krb5_error_code +process_last_request(krb5_context context, + krb5_get_init_creds_opt *options, + krb5_init_creds_context ctx) { - int i; - LastReq *lr = &rep->enc_part.last_req; + krb5_const_realm realm; + LastReq *lr; + krb5_boolean reported = FALSE; krb5_timestamp sec; time_t t; - krb5_boolean reported = FALSE; + size_t i; + + /* + * First check if there is a API consumer. + */ + + realm = krb5_principal_get_realm (context, ctx->cred.client); + lr = &ctx->enc_part.last_req; + + if (options && options->opt_private && options->opt_private->lr.func) { + krb5_last_req_entry **lre; + + lre = calloc(lr->len + 1, sizeof(**lre)); + if (lre == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + for (i = 0; i < lr->len; i++) { + lre[i] = calloc(1, sizeof(*lre[i])); + if (lre[i] == NULL) + break; + lre[i]->lr_type = lr->val[i].lr_type; + lre[i]->value = lr->val[i].lr_value; + } + + (*options->opt_private->lr.func)(context, lre, + options->opt_private->lr.ctx); + + for (i = 0; i < lr->len; i++) + free(lre[i]); + free(lre); + } + + /* + * Now check if we should prompt the user + */ + + if (ctx->prompter == NULL) + return 0; krb5_timeofday (context, &sec); @@ -233,13 +313,15 @@ print_expire (krb5_context context, if (lr->val[i].lr_value <= t) { switch (abs(lr->val[i].lr_type)) { case LR_PW_EXPTIME : - report_expiration(context, prompter, data, + report_expiration(context, ctx->prompter, + ctx->prompter_data, "Your password will expire at ", lr->val[i].lr_value); reported = TRUE; break; case LR_ACCT_EXPTIME : - report_expiration(context, prompter, data, + report_expiration(context, ctx->prompter, + ctx->prompter_data, "Your account will expire at ", lr->val[i].lr_value); reported = TRUE; @@ -249,12 +331,14 @@ print_expire (krb5_context context, } if (!reported - && rep->enc_part.key_expiration - && *rep->enc_part.key_expiration <= t) { - report_expiration(context, prompter, data, + && ctx->enc_part.key_expiration + && *ctx->enc_part.key_expiration <= t) { + report_expiration(context, ctx->prompter, + ctx->prompter_data, "Your password/account will expire at ", - *rep->enc_part.key_expiration); + *ctx->enc_part.key_expiration); } + return 0; } static krb5_addresses no_addrs = { 0, NULL }; @@ -263,11 +347,10 @@ static krb5_error_code get_init_creds_common(krb5_context context, krb5_principal client, krb5_deltat start_time, - const char *in_tkt_service, krb5_get_init_creds_opt *options, - krb5_get_init_creds_ctx *ctx) + krb5_init_creds_context ctx) { - krb5_get_init_creds_opt default_opt; + krb5_get_init_creds_opt *default_opt = NULL; krb5_error_code ret; krb5_enctype *etypes; krb5_preauthtype *pre_auth_types; @@ -275,37 +358,51 @@ get_init_creds_common(krb5_context context, memset(ctx, 0, sizeof(*ctx)); if (options == NULL) { - krb5_get_init_creds_opt_init (&default_opt); - options = &default_opt; - } else { - _krb5_get_init_creds_opt_free_krb5_error(options); + const char *realm = krb5_principal_get_realm(context, client); + + krb5_get_init_creds_opt_alloc (context, &default_opt); + options = default_opt; + krb5_get_init_creds_opt_set_default_flags(context, NULL, realm, options); } if (options->opt_private) { - ctx->password = options->opt_private->password; - ctx->key_proc = options->opt_private->key_proc; + if (options->opt_private->password) { + ret = krb5_init_creds_set_password(context, ctx, + options->opt_private->password); + if (ret) + goto out; + } + + ctx->keyproc = options->opt_private->key_proc; ctx->req_pac = options->opt_private->req_pac; ctx->pk_init_ctx = options->opt_private->pk_init_ctx; ctx->ic_flags = options->opt_private->flags; } else ctx->req_pac = KRB5_INIT_CREDS_TRISTATE_UNSET; - if (ctx->key_proc == NULL) - ctx->key_proc = default_s2k_func; + if (ctx->keyproc == NULL) + ctx->keyproc = default_s2k_func; - if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) + /* Enterprise name implicitly turns on canonicalize */ + if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) || + krb5_principal_get_type(context, client) == KRB5_NT_ENTERPRISE_PRINCIPAL) ctx->flags.canonicalize = 1; ctx->pre_auth_types = NULL; ctx->addrs = NULL; ctx->etypes = NULL; ctx->pre_auth_types = NULL; - ctx->in_tkt_service = in_tkt_service; - ret = init_cred (context, &ctx->cred, client, start_time, - in_tkt_service, options); - if (ret) + ret = init_cred(context, &ctx->cred, client, start_time, options); + if (ret) { + if (default_opt) + krb5_get_init_creds_opt_free(context, default_opt); return ret; + } + + ret = krb5_init_creds_set_service(context, ctx, NULL); + if (ret) + goto out; if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE) ctx->flags.forwardable = options->forwardable; @@ -337,11 +434,15 @@ get_init_creds_common(krb5_context context, } } if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { + if (ctx->etypes) + free(ctx->etypes); + etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); if (etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; } memcpy (etypes, options->etype_list, options->etype_list_length * sizeof(krb5_enctype)); @@ -352,19 +453,24 @@ get_init_creds_common(krb5_context context, pre_auth_types = malloc((options->preauth_list_length + 1) * sizeof(krb5_preauthtype)); if (pre_auth_types == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; } memcpy (pre_auth_types, options->preauth_list, options->preauth_list_length * sizeof(krb5_preauthtype)); pre_auth_types[options->preauth_list_length] = KRB5_PADATA_NONE; ctx->pre_auth_types = pre_auth_types; } - if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT) - ; /* XXX */ if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS) ctx->flags.request_anonymous = options->anonymous; + if (default_opt) + krb5_get_init_creds_opt_free(context, default_opt); return 0; + out: + if (default_opt) + krb5_get_init_creds_opt_free(context, default_opt); + return ret; } static krb5_error_code @@ -386,18 +492,20 @@ change_password (krb5_context context, krb5_data result_code_string; krb5_data result_string; char *p; - krb5_get_init_creds_opt options; + krb5_get_init_creds_opt *options; memset (&cpw_cred, 0, sizeof(cpw_cred)); - krb5_get_init_creds_opt_init (&options); - krb5_get_init_creds_opt_set_tkt_life (&options, 60); - krb5_get_init_creds_opt_set_forwardable (&options, FALSE); - krb5_get_init_creds_opt_set_proxiable (&options, FALSE); + ret = krb5_get_init_creds_opt_alloc(context, &options); + if (ret) + return ret; + krb5_get_init_creds_opt_set_tkt_life (options, 60); + krb5_get_init_creds_opt_set_forwardable (options, FALSE); + krb5_get_init_creds_opt_set_proxiable (options, FALSE); if (old_options && old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) - krb5_get_init_creds_opt_set_preauth_list (&options, + krb5_get_init_creds_opt_set_preauth_list (options, old_options->preauth_list, - old_options->preauth_list_length); + old_options->preauth_list_length); krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); @@ -410,7 +518,8 @@ change_password (krb5_context context, data, 0, "kadmin/changepw", - &options); + options); + krb5_get_init_creds_opt_free(context, options); if (ret) goto out; @@ -444,28 +553,36 @@ change_password (krb5_context context, memset (buf1, 0, sizeof(buf1)); memset (buf2, 0, sizeof(buf2)); } - - ret = krb5_change_password (context, - &cpw_cred, - buf1, - &result_code, - &result_code_string, - &result_string); + + ret = krb5_set_password (context, + &cpw_cred, + buf1, + client, + &result_code, + &result_code_string, + &result_string); if (ret) goto out; - asprintf (&p, "%s: %.*s\n", - result_code ? "Error" : "Success", - (int)result_string.length, - result_string.length > 0 ? (char*)result_string.data : ""); + if (asprintf(&p, "%s: %.*s\n", + result_code ? "Error" : "Success", + (int)result_string.length, + result_string.length > 0 ? (char*)result_string.data : "") < 0) + { + ret = ENOMEM; + goto out; + } + + /* return the result */ + (*prompter) (context, data, NULL, p, 0, NULL); - ret = (*prompter) (context, data, NULL, p, 0, NULL); free (p); if (result_code == 0) { strlcpy (newpw, buf1, newpw_sz); ret = 0; } else { - krb5_set_error_string (context, "failed changing password"); ret = ENOTTY; + krb5_set_error_message(context, ret, + N_("failed changing password", "")); } out: @@ -477,7 +594,8 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_key_proc (krb5_context context, krb5_keytype type, krb5_data *salt, @@ -487,68 +605,17 @@ krb5_keyblock_key_proc (krb5_context context, return krb5_copy_keyblock (context, keyseed, key); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_keytab(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_keytab keytab, - krb5_deltat start_time, - const char *in_tkt_service, - krb5_get_init_creds_opt *options) -{ - krb5_get_init_creds_ctx ctx; - krb5_error_code ret; - krb5_keytab_key_proc_args *a; - - ret = get_init_creds_common(context, client, start_time, - in_tkt_service, options, &ctx); - if (ret) - goto out; - - a = malloc (sizeof(*a)); - if (a == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - a->principal = ctx.cred.client; - a->keytab = keytab; - - ret = krb5_get_in_cred (context, - KDCOptions2int(ctx.flags), - ctx.addrs, - ctx.etypes, - ctx.pre_auth_types, - NULL, - krb5_keytab_key_proc, - a, - NULL, - NULL, - &ctx.cred, - NULL); - free (a); - - if (ret == 0 && creds) - *creds = ctx.cred; - else - krb5_free_cred_contents (context, &ctx.cred); - - out: - free_init_creds_ctx(context, &ctx); - return ret; -} - /* * */ static krb5_error_code -init_creds_init_as_req (krb5_context context, - KDCOptions opts, - const krb5_creds *creds, - const krb5_addresses *addrs, - const krb5_enctype *etypes, - AS_REQ *a) +init_as_req (krb5_context context, + KDCOptions opts, + const krb5_creds *creds, + const krb5_addresses *addrs, + const krb5_enctype *etypes, + AS_REQ *a) { krb5_error_code ret; @@ -560,13 +627,13 @@ init_creds_init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -585,7 +652,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.from = creds->times.starttime; @@ -598,13 +665,14 @@ init_creds_init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.rtime = creds->times.renew_till; } a->req_body.nonce = 0; - ret = krb5_init_etype (context, + ret = _krb5_init_etype(context, + KRB5_PDU_AS_REQUEST, &a->req_body.etype.len, &a->req_body.etype.val, etypes); @@ -621,7 +689,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -650,20 +718,6 @@ init_creds_init_as_req (krb5_context context, return ret; } -struct pa_info_data { - krb5_enctype etype; - krb5_salt salt; - krb5_data *s2kparams; -}; - -static void -free_paid(krb5_context context, struct pa_info_data *ppaid) -{ - krb5_free_salt(context, ppaid->salt); - if (ppaid->s2kparams) - krb5_free_data(context, ppaid->s2kparams); -} - static krb5_error_code set_paid(struct pa_info_data *paid, krb5_context context, @@ -675,7 +729,7 @@ set_paid(struct pa_info_data *paid, krb5_context context, paid->salt.salttype = salttype; paid->salt.saltvalue.data = malloc(salt_len + 1); if (paid->salt.saltvalue.data == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } memcpy(paid->salt.saltvalue.data, salt_string, salt_len); @@ -686,7 +740,7 @@ set_paid(struct pa_info_data *paid, krb5_context context, ret = krb5_copy_data(context, s2kparams, &paid->s2kparams); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_free_salt(context, paid->salt); return ret; } @@ -698,15 +752,15 @@ set_paid(struct pa_info_data *paid, krb5_context context, static struct pa_info_data * pa_etype_info2(krb5_context context, - const krb5_principal client, + const krb5_principal client, const AS_REQ *asreq, - struct pa_info_data *paid, + struct pa_info_data *paid, heim_octet_string *data) { krb5_error_code ret; ETYPE_INFO2 e; size_t sz; - int i, j; + size_t i, j; memset(&e, 0, sizeof(e)); ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz); @@ -728,7 +782,7 @@ pa_etype_info2(krb5_context context, if (ret == 0) ret = set_paid(paid, context, e.val[i].etype, KRB5_PW_SALT, - salt.saltvalue.data, + salt.saltvalue.data, salt.saltvalue.length, e.val[i].s2kparams); if (e.val[i].salt == NULL) @@ -747,7 +801,7 @@ pa_etype_info2(krb5_context context, static struct pa_info_data * pa_etype_info(krb5_context context, - const krb5_principal client, + const krb5_principal client, const AS_REQ *asreq, struct pa_info_data *paid, heim_octet_string *data) @@ -755,7 +809,7 @@ pa_etype_info(krb5_context context, krb5_error_code ret; ETYPE_INFO e; size_t sz; - int i, j; + size_t i, j; memset(&e, 0, sizeof(e)); ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz); @@ -779,7 +833,7 @@ pa_etype_info(krb5_context context, if (ret == 0) { ret = set_paid(paid, context, e.val[i].etype, salt.salttype, - salt.saltvalue.data, + salt.saltvalue.data, salt.saltvalue.length, NULL); if (e.val[i].salt == NULL) @@ -799,7 +853,7 @@ pa_etype_info(krb5_context context, static struct pa_info_data * pa_pw_or_afs3_salt(krb5_context context, - const krb5_principal client, + const krb5_principal client, const AS_REQ *asreq, struct pa_info_data *paid, heim_octet_string *data) @@ -807,10 +861,10 @@ pa_pw_or_afs3_salt(krb5_context context, krb5_error_code ret; if (paid->etype == ENCTYPE_NULL) return NULL; - ret = set_paid(paid, context, + ret = set_paid(paid, context, paid->etype, paid->salt.salttype, - data->data, + data->data, data->length, NULL); if (ret) @@ -822,9 +876,9 @@ pa_pw_or_afs3_salt(krb5_context context, struct pa_info { krb5_preauthtype type; struct pa_info_data *(*salt_info)(krb5_context, - const krb5_principal, + const krb5_principal, const AS_REQ *, - struct pa_info_data *, + struct pa_info_data *, heim_octet_string *); }; @@ -834,11 +888,11 @@ static struct pa_info pa_prefs[] = { { KRB5_PADATA_PW_SALT, pa_pw_or_afs3_salt }, { KRB5_PADATA_AFS3_SALT, pa_pw_or_afs3_salt } }; - + static PA_DATA * -find_pa_data(const METHOD_DATA *md, int type) +find_pa_data(const METHOD_DATA *md, unsigned type) { - int i; + size_t i; if (md == NULL) return NULL; for (i = 0; i < md->len; i++) @@ -848,20 +902,20 @@ find_pa_data(const METHOD_DATA *md, int type) } static struct pa_info_data * -process_pa_info(krb5_context context, - const krb5_principal client, +process_pa_info(krb5_context context, + const krb5_principal client, const AS_REQ *asreq, struct pa_info_data *paid, METHOD_DATA *md) { struct pa_info_data *p = NULL; - int i; + size_t i; for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) { PA_DATA *pa = find_pa_data(md, pa_prefs[i].type); if (pa == NULL) continue; - paid->salt.salttype = pa_prefs[i].type; + paid->salt.salttype = (krb5_salttype)pa_prefs[i].type; p = (*pa_prefs[i].salt_info)(context, client, asreq, paid, &pa->padata_value); } @@ -869,19 +923,19 @@ process_pa_info(krb5_context context, } static krb5_error_code -make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, +make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; unsigned char *buf; size_t buf_size; - size_t len; + size_t len = 0; EncryptedData encdata; krb5_error_code ret; int32_t usec; int usec2; krb5_crypto crypto; - + krb5_us_timeofday (context, &p.patimestamp, &usec); usec2 = usec; p.pausec = &usec2; @@ -897,7 +951,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, free(buf); return ret; } - ret = krb5_encrypt_EncryptedData(context, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, buf, @@ -908,7 +962,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, krb5_crypto_destroy(context, crypto); if (ret) return ret; - + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) @@ -924,9 +978,9 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, static krb5_error_code add_enc_ts_padata(krb5_context context, - METHOD_DATA *md, + METHOD_DATA *md, krb5_principal client, - krb5_s2k_proc key_proc, + krb5_s2k_proc keyproc, krb5_const_pointer keyseed, krb5_enctype *enctypes, unsigned netypes, @@ -936,11 +990,13 @@ add_enc_ts_padata(krb5_context context, krb5_error_code ret; krb5_salt salt2; krb5_enctype *ep; - int i; - + size_t i; + if(salt == NULL) { /* default to standard salt */ ret = krb5_get_pw_salt (context, client, &salt2); + if (ret) + return ret; salt = &salt2; } if (!enctypes) { @@ -953,8 +1009,10 @@ add_enc_ts_padata(krb5_context context, for (i = 0; i < netypes; ++i) { krb5_keyblock *key; - ret = (*key_proc)(context, enctypes[i], keyseed, - *salt, s2kparams, &key); + _krb5_debug(context, 5, "krb5_get_init_creds: using ENC-TS with enctype %d", enctypes[i]); + + ret = (*keyproc)(context, enctypes[i], keyseed, + *salt, s2kparams, &key); if (ret) continue; ret = make_pa_enc_timestamp (context, md, enctypes[i], key); @@ -975,29 +1033,31 @@ pa_data_to_md_ts_enc(krb5_context context, struct pa_info_data *ppaid, METHOD_DATA *md) { - if (ctx->key_proc == NULL || ctx->password == NULL) + if (ctx->keyproc == NULL || ctx->keyseed == NULL) return 0; if (ppaid) { - add_enc_ts_padata(context, md, client, - ctx->key_proc, ctx->password, + add_enc_ts_padata(context, md, client, + ctx->keyproc, ctx->keyseed, &ppaid->etype, 1, &ppaid->salt, ppaid->s2kparams); } else { krb5_salt salt; - + + _krb5_debug(context, 5, "krb5_get_init_creds: pa-info not found, guessing salt"); + /* make a v5 salted pa-data */ - add_enc_ts_padata(context, md, client, - ctx->key_proc, ctx->password, - a->req_body.etype.val, a->req_body.etype.len, + add_enc_ts_padata(context, md, client, + ctx->keyproc, ctx->keyseed, + a->req_body.etype.val, a->req_body.etype.len, NULL, NULL); - + /* make a v4 salted pa-data */ salt.salttype = KRB5_PW_SALT; krb5_data_zero(&salt.saltvalue); - add_enc_ts_padata(context, md, client, - ctx->key_proc, ctx->password, - a->req_body.etype.val, a->req_body.etype.len, + add_enc_ts_padata(context, md, client, + ctx->keyproc, ctx->keyseed, + a->req_body.etype.val, a->req_body.etype.len, &salt, NULL); } return 0; @@ -1014,7 +1074,7 @@ pa_data_to_key_plain(krb5_context context, { krb5_error_code ret; - ret = (*ctx->key_proc)(context, etype, ctx->password, + ret = (*ctx->keyproc)(context, etype, ctx->keyseed, salt, s2kparams, key); return ret; } @@ -1024,6 +1084,7 @@ static krb5_error_code pa_data_to_md_pkinit(krb5_context context, const AS_REQ *a, const krb5_principal client, + int win2k, krb5_get_init_creds_ctx *ctx, METHOD_DATA *md) { @@ -1031,12 +1092,15 @@ pa_data_to_md_pkinit(krb5_context context, return 0; #ifdef PKINIT return _krb5_pk_mk_padata(context, - ctx->pk_init_ctx, - &a->req_body, - ctx->pk_nonce, - md); + ctx->pk_init_ctx, + ctx->ic_flags, + win2k, + &a->req_body, + ctx->pk_nonce, + md); #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, + N_("no support for PKINIT compiled in", "")); return EINVAL; #endif } @@ -1046,11 +1110,11 @@ pa_data_add_pac_request(krb5_context context, krb5_get_init_creds_ctx *ctx, METHOD_DATA *md) { - size_t len, length; + size_t len = 0, length; krb5_error_code ret; PA_PAC_REQUEST req; void *buf; - + switch (ctx->req_pac) { case KRB5_INIT_CREDS_TRISTATE_UNSET: return 0; /* don't bother */ @@ -1059,9 +1123,9 @@ pa_data_add_pac_request(krb5_context context, break; case KRB5_INIT_CREDS_TRISTATE_FALSE: req.include_pac = 0; - } + } - ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, + ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, &req, &len, ret); if (ret) return ret; @@ -1093,12 +1157,19 @@ process_pa_data_to_md(krb5_context context, ALLOC(*out_md, 1); if (*out_md == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } (*out_md)->len = 0; (*out_md)->val = NULL; - + + if (_krb5_have_debug(context, 5)) { + unsigned i; + _krb5_debug(context, 5, "KDC send %d patypes", in_md->len); + for (i = 0; i < in_md->len; i++) + _krb5_debug(context, 5, "KDC send PA-DATA type: %d", in_md->val[i].padata_type); + } + /* * Make sure we don't sent both ENC-TS and PK-INIT pa data, no * need to expose our password protecting our PKCS12 key. @@ -1106,21 +1177,62 @@ process_pa_data_to_md(krb5_context context, if (ctx->pk_init_ctx) { - ret = pa_data_to_md_pkinit(context, a, creds->client, ctx, *out_md); + _krb5_debug(context, 5, "krb5_get_init_creds: " + "prepareing PKINIT padata (%s)", + (ctx->used_pa_types & USED_PKINIT_W2K) ? "win2k" : "ietf"); + + if (ctx->used_pa_types & USED_PKINIT_W2K) { + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + "Already tried pkinit, looping"); + return KRB5_GET_IN_TKT_LOOP; + } + + ret = pa_data_to_md_pkinit(context, a, creds->client, + (ctx->used_pa_types & USED_PKINIT), + ctx, *out_md); if (ret) return ret; + if (ctx->used_pa_types & USED_PKINIT) + ctx->used_pa_types |= USED_PKINIT_W2K; + else + ctx->used_pa_types |= USED_PKINIT; + } else if (in_md->len != 0) { - struct pa_info_data paid, *ppaid; - - memset(&paid, 0, sizeof(paid)); - - paid.etype = ENCTYPE_NULL; - ppaid = process_pa_info(context, creds->client, a, &paid, in_md); - + struct pa_info_data *paid, *ppaid; + unsigned flag; + + paid = calloc(1, sizeof(*paid)); + + paid->etype = ENCTYPE_NULL; + ppaid = process_pa_info(context, creds->client, a, paid, in_md); + + if (ppaid) + flag = USED_ENC_TS_INFO; + else + flag = USED_ENC_TS_GUESS; + + if (ctx->used_pa_types & flag) { + if (ppaid) + free_paid(context, ppaid); + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + "Already tried ENC-TS-%s, looping", + flag == USED_ENC_TS_INFO ? "info" : "guess"); + return KRB5_GET_IN_TKT_LOOP; + } + pa_data_to_md_ts_enc(context, a, creds->client, ctx, ppaid, *out_md); - if (ppaid) - free_paid(context, ppaid); + + ctx->used_pa_types |= flag; + + if (ppaid) { + if (ctx->ppaid) { + free_paid(context, ctx->ppaid); + free(ctx->ppaid); + } + ctx->ppaid = ppaid; + } else + free(paid); } pa_data_add_pac_request(context, ctx, *out_md); @@ -1138,7 +1250,7 @@ process_pa_data_to_key(krb5_context context, krb5_get_init_creds_ctx *ctx, krb5_creds *creds, AS_REQ *a, - krb5_kdc_rep *rep, + AS_REP *rep, const krb5_krbhst_info *hi, krb5_keyblock **key) { @@ -1149,38 +1261,43 @@ process_pa_data_to_key(krb5_context context, memset(&paid, 0, sizeof(paid)); - etype = rep->kdc_rep.enc_part.etype; + etype = rep->enc_part.etype; - if (rep->kdc_rep.padata) { + if (rep->padata) { paid.etype = etype; - ppaid = process_pa_info(context, creds->client, a, &paid, - rep->kdc_rep.padata); + ppaid = process_pa_info(context, creds->client, a, &paid, + rep->padata); } + if (ppaid == NULL) + ppaid = ctx->ppaid; if (ppaid == NULL) { ret = krb5_get_pw_salt (context, creds->client, &paid.salt); if (ret) return ret; paid.etype = etype; paid.s2kparams = NULL; + ppaid = &paid; } pa = NULL; - if (rep->kdc_rep.padata) { + if (rep->padata) { int idx = 0; - pa = krb5_find_padata(rep->kdc_rep.padata->val, - rep->kdc_rep.padata->len, + pa = krb5_find_padata(rep->padata->val, + rep->padata->len, KRB5_PADATA_PK_AS_REP, &idx); if (pa == NULL) { idx = 0; - pa = krb5_find_padata(rep->kdc_rep.padata->val, - rep->kdc_rep.padata->len, + pa = krb5_find_padata(rep->padata->val, + rep->padata->len, KRB5_PADATA_PK_AS_REP_19, &idx); } } if (pa && ctx->pk_init_ctx) { #ifdef PKINIT + _krb5_debug(context, 5, "krb5_get_init_creds: using PKINIT"); + ret = _krb5_pk_rd_pa_reply(context, a->req_body.realm, ctx->pk_init_ctx, @@ -1191,124 +1308,442 @@ process_pa_data_to_key(krb5_context context, pa, key); #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); ret = EINVAL; + krb5_set_error_message(context, ret, N_("no support for PKINIT compiled in", "")); #endif - } else if (ctx->password) - ret = pa_data_to_key_plain(context, creds->client, ctx, - paid.salt, paid.s2kparams, etype, key); - else { - krb5_set_error_string(context, "No usable pa data type"); + } else if (ctx->keyseed) { + _krb5_debug(context, 5, "krb5_get_init_creds: using keyproc"); + ret = pa_data_to_key_plain(context, creds->client, ctx, + ppaid->salt, ppaid->s2kparams, etype, key); + } else { ret = EINVAL; + krb5_set_error_message(context, ret, N_("No usable pa data type", "")); } free_paid(context, &paid); return ret; } -static krb5_error_code -init_cred_loop(krb5_context context, - krb5_get_init_creds_opt *init_cred_opts, - const krb5_prompter_fct prompter, - void *prompter_data, - krb5_get_init_creds_ctx *ctx, - krb5_creds *creds, - krb5_kdc_rep *ret_as_reply) +/** + * Start a new context to get a new initial credential. + * + * @param context A Kerberos 5 context. + * @param client The Kerberos principal to get the credential for, if + * NULL is given, the default principal is used as determined by + * krb5_get_default_principal(). + * @param prompter + * @param prompter_data + * @param start_time the time the ticket should start to be valid or 0 for now. + * @param options a options structure, can be NULL for default options. + * @param rctx A new allocated free with krb5_init_creds_free(). + * + * @return 0 for success or an Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_init(krb5_context context, + krb5_principal client, + krb5_prompter_fct prompter, + void *prompter_data, + krb5_deltat start_time, + krb5_get_init_creds_opt *options, + krb5_init_creds_context *rctx) { + krb5_init_creds_context ctx; krb5_error_code ret; - krb5_kdc_rep rep; - METHOD_DATA md; - krb5_data resp; - size_t len; - size_t size; - krb5_krbhst_info *hi = NULL; - krb5_sendto_ctx stctx = NULL; + *rctx = NULL; - memset(&md, 0, sizeof(md)); - memset(&rep, 0, sizeof(rep)); + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } - _krb5_get_init_creds_opt_free_krb5_error(init_cred_opts); - - if (ret_as_reply) - memset(ret_as_reply, 0, sizeof(*ret_as_reply)); - - ret = init_creds_init_as_req(context, ctx->flags, creds, - ctx->addrs, ctx->etypes, &ctx->as_req); - if (ret) + ret = get_init_creds_common(context, client, start_time, options, ctx); + if (ret) { + free(ctx); return ret; - - ret = krb5_sendto_ctx_alloc(context, &stctx); - if (ret) - goto out; - krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL); + } /* Set a new nonce. */ krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce)); - ctx->nonce &= 0xffffffff; + ctx->nonce &= 0x7fffffff; /* XXX these just needs to be the same when using Windows PK-INIT */ ctx->pk_nonce = ctx->nonce; + ctx->prompter = prompter; + ctx->prompter_data = prompter_data; + + *rctx = ctx; + + return ret; +} + +/** + * Sets the service that the is requested. This call is only neede for + * special initial tickets, by default the a krbtgt is fetched in the default realm. + * + * @param context a Kerberos 5 context. + * @param ctx a krb5_init_creds_context context. + * @param service the service given as a string, for example + * "kadmind/admin". If NULL, the default krbtgt in the clients + * realm is set. + * + * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_service(krb5_context context, + krb5_init_creds_context ctx, + const char *service) +{ + krb5_const_realm client_realm; + krb5_principal principal; + krb5_error_code ret; + + client_realm = krb5_principal_get_realm (context, ctx->cred.client); + + if (service) { + ret = krb5_parse_name (context, service, &principal); + if (ret) + return ret; + krb5_principal_set_realm (context, principal, client_realm); + } else { + ret = krb5_make_principal(context, &principal, + client_realm, KRB5_TGS_NAME, client_realm, + NULL); + if (ret) + return ret; + } + /* - * Increase counter when we want other pre-auth types then - * KRB5_PA_ENC_TIMESTAMP. + * This is for Windows RODC that are picky about what name type + * the server principal have, and the really strange part is that + * they are picky about the AS-REQ name type and not the TGS-REQ + * later. Oh well. */ -#define MAX_PA_COUNTER 3 - ctx->pa_counter = 0; - while (ctx->pa_counter < MAX_PA_COUNTER) { + if (krb5_principal_is_krbtgt(context, principal)) + krb5_principal_set_type(context, principal, KRB5_NT_SRV_INST); - ctx->pa_counter++; + krb5_free_principal(context, ctx->cred.server); + ctx->cred.server = principal; - if (ctx->as_req.padata) { - free_METHOD_DATA(ctx->as_req.padata); - free(ctx->as_req.padata); - ctx->as_req.padata = NULL; + return 0; +} + +/** + * Sets the password that will use for the request. + * + * @param context a Kerberos 5 context. + * @param ctx ctx krb5_init_creds_context context. + * @param password the password to use. + * + * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_password(krb5_context context, + krb5_init_creds_context ctx, + const char *password) +{ + if (ctx->password) { + memset(ctx->password, 0, strlen(ctx->password)); + free(ctx->password); + } + if (password) { + ctx->password = strdup(password); + if (ctx->password == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; } + ctx->keyseed = (void *) ctx->password; + } else { + ctx->keyseed = NULL; + ctx->password = NULL; + } - /* Set a new nonce. */ - ctx->as_req.req_body.nonce = ctx->nonce; + return 0; +} - /* fill_in_md_data */ - ret = process_pa_data_to_md(context, creds, &ctx->as_req, ctx, - &md, &ctx->as_req.padata, - prompter, prompter_data); - if (ret) - goto out; +static krb5_error_code KRB5_CALLCONV +keytab_key_proc(krb5_context context, krb5_enctype enctype, + krb5_const_pointer keyseed, + krb5_salt salt, krb5_data *s2kparms, + krb5_keyblock **key) +{ + krb5_keytab_key_proc_args *args = rk_UNCONST(keyseed); + krb5_keytab keytab = args->keytab; + krb5_principal principal = args->principal; + krb5_error_code ret; + krb5_keytab real_keytab; + krb5_keytab_entry entry; - krb5_data_free(&ctx->req_buffer); + if(keytab == NULL) + krb5_kt_default(context, &real_keytab); + else + real_keytab = keytab; - ASN1_MALLOC_ENCODE(AS_REQ, - ctx->req_buffer.data, ctx->req_buffer.length, - &ctx->as_req, &len, ret); - if (ret) - goto out; - if(len != ctx->req_buffer.length) - krb5_abortx(context, "internal error in ASN.1 encoder"); + ret = krb5_kt_get_entry (context, real_keytab, principal, + 0, enctype, &entry); - ret = krb5_sendto_context (context, stctx, &ctx->req_buffer, - creds->client->realm, &resp); - if (ret) - goto out; + if (keytab == NULL) + krb5_kt_close (context, real_keytab); - memset (&rep, 0, sizeof(rep)); - ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size); + if (ret) + return ret; + + ret = krb5_copy_keyblock (context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + return ret; +} + + +/** + * Set the keytab to use for authentication. + * + * @param context a Kerberos 5 context. + * @param ctx ctx krb5_init_creds_context context. + * @param keytab the keytab to read the key from. + * + * @return 0 for success, or an Kerberos 5 error code, see krb5_get_error_message(). + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_keytab(krb5_context context, + krb5_init_creds_context ctx, + krb5_keytab keytab) +{ + krb5_keytab_key_proc_args *a; + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + krb5_enctype *etypes = NULL; + krb5_error_code ret; + size_t netypes = 0; + int kvno = 0; + + a = malloc(sizeof(*a)); + if (a == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + a->principal = ctx->cred.client; + a->keytab = keytab; + + ctx->keytab_data = a; + ctx->keyseed = (void *)a; + ctx->keyproc = keytab_key_proc; + + /* + * We need to the KDC what enctypes we support for this keytab, + * esp if the keytab is really a password based entry, then the + * KDC might have more enctypes in the database then what we have + * in the keytab. + */ + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret) + goto out; + + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0){ + void *ptr; + + if (!krb5_principal_compare(context, entry.principal, ctx->cred.client)) + goto next; + + /* check if we ahve this kvno already */ + if (entry.vno > kvno) { + /* remove old list of etype */ + if (etypes) + free(etypes); + etypes = NULL; + netypes = 0; + kvno = entry.vno; + } else if (entry.vno != kvno) + goto next; + + /* check if enctype is supported */ + if (krb5_enctype_valid(context, entry.keyblock.keytype) != 0) + goto next; + + /* add enctype to supported list */ + ptr = realloc(etypes, sizeof(etypes[0]) * (netypes + 2)); + if (ptr == NULL) + goto next; + + etypes = ptr; + etypes[netypes] = entry.keyblock.keytype; + etypes[netypes + 1] = ETYPE_NULL; + netypes++; + next: + krb5_kt_free_entry(context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + if (etypes) { + if (ctx->etypes) + free(ctx->etypes); + ctx->etypes = etypes; + } + + out: + return 0; +} + +static krb5_error_code KRB5_CALLCONV +keyblock_key_proc(krb5_context context, krb5_enctype enctype, + krb5_const_pointer keyseed, + krb5_salt salt, krb5_data *s2kparms, + krb5_keyblock **key) +{ + return krb5_copy_keyblock (context, keyseed, key); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_keyblock(krb5_context context, + krb5_init_creds_context ctx, + krb5_keyblock *keyblock) +{ + ctx->keyseed = (void *)keyblock; + ctx->keyproc = keyblock_key_proc; + + return 0; +} + +/** + * The core loop if krb5_get_init_creds() function family. Create the + * packets and have the caller send them off to the KDC. + * + * If the caller want all work been done for them, use + * krb5_init_creds_get() instead. + * + * @param context a Kerberos 5 context. + * @param ctx ctx krb5_init_creds_context context. + * @param in input data from KDC, first round it should be reset by krb5_data_zer(). + * @param out reply to KDC. + * @param hostinfo KDC address info, first round it can be NULL. + * @param flags status of the round, if + * KRB5_INIT_CREDS_STEP_FLAG_CONTINUE is set, continue one more round. + * + * @return 0 for success, or an Kerberos 5 error code, see + * krb5_get_error_message(). + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_step(krb5_context context, + krb5_init_creds_context ctx, + krb5_data *in, + krb5_data *out, + krb5_krbhst_info *hostinfo, + unsigned int *flags) +{ + krb5_error_code ret; + size_t len = 0; + size_t size; + + krb5_data_zero(out); + + if (ctx->as_req.req_body.cname == NULL) { + ret = init_as_req(context, ctx->flags, &ctx->cred, + ctx->addrs, ctx->etypes, &ctx->as_req); + if (ret) { + free_init_creds_ctx(context, ctx); + return ret; + } + } + +#define MAX_PA_COUNTER 10 + if (ctx->pa_counter > MAX_PA_COUNTER) { + krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, + N_("Looping %d times while getting " + "initial credentials", ""), + ctx->pa_counter); + return KRB5_GET_IN_TKT_LOOP; + } + ctx->pa_counter++; + + _krb5_debug(context, 5, "krb5_get_init_creds: loop %d", ctx->pa_counter); + + /* Lets process the input packet */ + if (in && in->length) { + krb5_kdc_rep rep; + + memset(&rep, 0, sizeof(rep)); + + _krb5_debug(context, 5, "krb5_get_init_creds: processing input"); + + ret = decode_AS_REP(in->data, in->length, &rep.kdc_rep, &size); if (ret == 0) { - krb5_data_free(&resp); - krb5_clear_error_string(context); - break; + krb5_keyblock *key = NULL; + unsigned eflags = EXTRACT_TICKET_AS_REQ | EXTRACT_TICKET_TIMESYNC; + + if (ctx->flags.canonicalize) { + eflags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; + eflags |= EXTRACT_TICKET_MATCH_REALM; + } + if (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) + eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; + + ret = process_pa_data_to_key(context, ctx, &ctx->cred, + &ctx->as_req, &rep.kdc_rep, hostinfo, &key); + if (ret) { + free_AS_REP(&rep.kdc_rep); + goto out; + } + + _krb5_debug(context, 5, "krb5_get_init_creds: extracting ticket"); + + ret = _krb5_extract_ticket(context, + &rep, + &ctx->cred, + key, + NULL, + KRB5_KU_AS_REP_ENC_PART, + NULL, + ctx->nonce, + eflags, + NULL, + NULL); + krb5_free_keyblock(context, key); + + *flags = 0; + + if (ret == 0) + ret = copy_EncKDCRepPart(&rep.enc_part, &ctx->enc_part); + + free_AS_REP(&rep.kdc_rep); + free_EncASRepPart(&rep.enc_part); + + return ret; + } else { /* let's try to parse it as a KRB-ERROR */ - KRB_ERROR error; - ret = krb5_rd_error(context, &resp, &error); - if(ret && resp.data && ((char*)resp.data)[0] == 4) + _krb5_debug(context, 5, "krb5_get_init_creds: got an error"); + + free_KRB_ERROR(&ctx->error); + + ret = krb5_rd_error(context, in, &ctx->error); + if(ret && in->length && ((char*)in->data)[0] == 4) ret = KRB5KRB_AP_ERR_V4_REPLY; - krb5_data_free(&resp); - if (ret) + if (ret) { + _krb5_debug(context, 5, "krb5_get_init_creds: failed to read error"); goto out; + } - ret = krb5_error_from_rd_error(context, &error, creds); + ret = krb5_error_from_rd_error(context, &ctx->error, &ctx->cred); + + _krb5_debug(context, 5, "krb5_get_init_creds: KRB-ERROR %d", ret); /* * If no preauth was set and KDC requires it, give it one @@ -1316,223 +1751,212 @@ init_cred_loop(krb5_context context, */ if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) { - free_METHOD_DATA(&md); - memset(&md, 0, sizeof(md)); - if (error.e_data) { - ret = decode_METHOD_DATA(error.e_data->data, - error.e_data->length, - &md, + free_METHOD_DATA(&ctx->md); + memset(&ctx->md, 0, sizeof(ctx->md)); + + if (ctx->error.e_data) { + ret = decode_METHOD_DATA(ctx->error.e_data->data, + ctx->error.e_data->length, + &ctx->md, NULL); if (ret) - krb5_set_error_string(context, - "failed to decode METHOD DATA"); + krb5_set_error_message(context, ret, + N_("Failed to decode METHOD-DATA", "")); } else { - /* XXX guess what the server want here add add md */ + krb5_set_error_message(context, ret, + N_("Preauth required but no preauth " + "options send by KDC", "")); } - krb5_free_error_contents(context, &error); - if (ret) + } else if (ret == KRB5KRB_AP_ERR_SKEW && context->kdc_sec_offset == 0) { + /* + * Try adapt to timeskrew when we are using pre-auth, and + * if there was a time skew, try again. + */ + krb5_set_real_time(context, ctx->error.stime, -1); + if (context->kdc_sec_offset) + ret = 0; + + _krb5_debug(context, 10, "init_creds: err skew updateing kdc offset to %d", + context->kdc_sec_offset); + + ctx->used_pa_types = 0; + + } else if (ret == KRB5_KDC_ERR_WRONG_REALM && ctx->flags.canonicalize) { + /* client referal to a new realm */ + + if (ctx->error.crealm == NULL) { + krb5_set_error_message(context, ret, + N_("Got a client referral, not but no realm", "")); goto out; - } else { - _krb5_get_init_creds_opt_set_krb5_error(context, - init_cred_opts, - &error); - if (ret_as_reply) - rep.error = error; - else - krb5_free_error_contents(context, &error); - goto out; + } + _krb5_debug(context, 5, + "krb5_get_init_creds: got referal to realm %s", + *ctx->error.crealm); + + ret = krb5_principal_set_realm(context, + ctx->cred.client, + *ctx->error.crealm); + + ctx->used_pa_types = 0; } + if (ret) + goto out; } } - { - krb5_keyblock *key = NULL; - unsigned flags = 0; - - if (ctx->flags.request_anonymous) - flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - if (ctx->flags.canonicalize) { - flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; - flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - flags |= EXTRACT_TICKET_MATCH_REALM; - } - - ret = process_pa_data_to_key(context, ctx, creds, - &ctx->as_req, &rep, hi, &key); - if (ret) - goto out; - - ret = _krb5_extract_ticket(context, - &rep, - creds, - key, - NULL, - KRB5_KU_AS_REP_ENC_PART, - NULL, - ctx->nonce, - flags, - NULL, - NULL); - krb5_free_keyblock(context, key); + if (ctx->as_req.padata) { + free_METHOD_DATA(ctx->as_req.padata); + free(ctx->as_req.padata); + ctx->as_req.padata = NULL; } - /* - * Verify referral data - */ - if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) && - (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) == 0) - { - PA_ClientCanonicalized canon; - krb5_crypto crypto; - krb5_data data; - PA_DATA *pa; - size_t len; - pa = find_pa_data(rep.kdc_rep.padata, KRB5_PADATA_CLIENT_CANONICALIZED); - if (pa == NULL) { - ret = EINVAL; - krb5_set_error_string(context, "Client canonicalizion not signed"); - goto out; - } - - ret = decode_PA_ClientCanonicalized(pa->padata_value.data, - pa->padata_value.length, - &canon, &len); - if (ret) { - krb5_set_error_string(context, "Failed to decode " - "PA_ClientCanonicalized"); - goto out; - } + /* Set a new nonce. */ + ctx->as_req.req_body.nonce = ctx->nonce; - ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, - &canon.names, &len, ret); - if (ret) - goto out; - if (data.length != len) - krb5_abortx(context, "internal asn.1 error"); - - ret = krb5_crypto_init(context, &creds->session, 0, &crypto); - if (ret) { - free(data.data); - free_PA_ClientCanonicalized(&canon); - goto out; - } - - ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES, - data.data, data.length, - &canon.canon_checksum); - krb5_crypto_destroy(context, crypto); - free(data.data); - free_PA_ClientCanonicalized(&canon); - if (ret) { - krb5_set_error_string(context, "Failed to verify " - "client canonicalized data"); - goto out; - } - } -out: - if (stctx) - krb5_sendto_ctx_free(context, stctx); - krb5_data_free(&ctx->req_buffer); - free_METHOD_DATA(&md); - memset(&md, 0, sizeof(md)); - - if (ret == 0 && ret_as_reply) - *ret_as_reply = rep; - else - krb5_free_kdc_rep (context, &rep); - return ret; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_prompter_fct prompter, - void *data, - krb5_deltat start_time, - const char *in_tkt_service, - krb5_get_init_creds_opt *options) -{ - krb5_get_init_creds_ctx ctx; - krb5_kdc_rep kdc_reply; - krb5_error_code ret; - char buf[BUFSIZ]; - int done; - - memset(&kdc_reply, 0, sizeof(kdc_reply)); - - ret = get_init_creds_common(context, client, start_time, - in_tkt_service, options, &ctx); + /* fill_in_md_data */ + ret = process_pa_data_to_md(context, &ctx->cred, &ctx->as_req, ctx, + &ctx->md, &ctx->as_req.padata, + ctx->prompter, ctx->prompter_data); if (ret) goto out; - done = 0; - while(!done) { - memset(&kdc_reply, 0, sizeof(kdc_reply)); + krb5_data_free(&ctx->req_buffer); - ret = init_cred_loop(context, - options, - prompter, - data, - &ctx, - &ctx.cred, - &kdc_reply); - - switch (ret) { - case 0 : - done = 1; - break; - case KRB5KDC_ERR_KEY_EXPIRED : - /* try to avoid recursion */ + ASN1_MALLOC_ENCODE(AS_REQ, + ctx->req_buffer.data, ctx->req_buffer.length, + &ctx->as_req, &len, ret); + if (ret) + goto out; + if(len != ctx->req_buffer.length) + krb5_abortx(context, "internal error in ASN.1 encoder"); - /* don't try to change password where then where none */ - if (prompter == NULL || ctx.password == NULL) - goto out; + out->data = ctx->req_buffer.data; + out->length = ctx->req_buffer.length; - krb5_clear_error_string (context); - - if (ctx.in_tkt_service != NULL - && strcmp (ctx.in_tkt_service, "kadmin/changepw") == 0) - goto out; - - ret = change_password (context, - client, - ctx.password, - buf, - sizeof(buf), - prompter, - data, - options); - if (ret) - goto out; - ctx.password = buf; - break; - default: - goto out; - } - } - - if (prompter) - print_expire (context, - krb5_principal_get_realm (context, ctx.cred.client), - &kdc_reply, - prompter, - data); + *flags = KRB5_INIT_CREDS_STEP_FLAG_CONTINUE; + return 0; out: - memset (buf, 0, sizeof(buf)); - free_init_creds_ctx(context, &ctx); - krb5_free_kdc_rep (context, &kdc_reply); - if (ret == 0) - *creds = ctx.cred; - else - krb5_free_cred_contents (context, &ctx.cred); + return ret; +} + +/** + * Extract the newly acquired credentials from krb5_init_creds_context + * context. + * + * @param context A Kerberos 5 context. + * @param ctx + * @param cred credentials, free with krb5_free_cred_contents(). + * + * @return 0 for sucess or An Kerberos error code, see krb5_get_error_message(). + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get_creds(krb5_context context, + krb5_init_creds_context ctx, + krb5_creds *cred) +{ + return krb5_copy_creds_contents(context, &ctx->cred, cred); +} + +/** + * Get the last error from the transaction. + * + * @return Returns 0 or an error code + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get_error(krb5_context context, + krb5_init_creds_context ctx, + KRB_ERROR *error) +{ + krb5_error_code ret; + + ret = copy_KRB_ERROR(&ctx->error, error); + if (ret) + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Free the krb5_init_creds_context allocated by krb5_init_creds_init(). + * + * @param context A Kerberos 5 context. + * @param ctx The krb5_init_creds_context to free. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_init_creds_free(krb5_context context, + krb5_init_creds_context ctx) +{ + free_init_creds_ctx(context, ctx); + free(ctx); +} + +/** + * Get new credentials as setup by the krb5_init_creds_context. + * + * @param context A Kerberos 5 context. + * @param ctx The krb5_init_creds_context to process. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) +{ + krb5_sendto_ctx stctx = NULL; + krb5_krbhst_info *hostinfo = NULL; + krb5_error_code ret; + krb5_data in, out; + unsigned int flags = 0; + + krb5_data_zero(&in); + krb5_data_zero(&out); + + ret = krb5_sendto_ctx_alloc(context, &stctx); + if (ret) + goto out; + krb5_sendto_ctx_set_func(stctx, _krb5_kdc_retry, NULL); + + while (1) { + flags = 0; + ret = krb5_init_creds_step(context, ctx, &in, &out, hostinfo, &flags); + krb5_data_free(&in); + if (ret) + goto out; + + if ((flags & 1) == 0) + break; + + ret = krb5_sendto_context (context, stctx, &out, + ctx->cred.client->realm, &in); + if (ret) + goto out; + + } + + out: + if (stctx) + krb5_sendto_ctx_free(context, stctx); + + return ret; +} + +/** + * Get new credentials using password. + * + * @ingroup krb5_credential + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_principal client, @@ -1541,29 +1965,23 @@ krb5_get_init_creds_password(krb5_context context, void *data, krb5_deltat start_time, const char *in_tkt_service, - krb5_get_init_creds_opt *in_options) + krb5_get_init_creds_opt *options) { - krb5_get_init_creds_opt *options; + krb5_init_creds_context ctx; char buf[BUFSIZ]; krb5_error_code ret; + int chpw = 0; - if (in_options == NULL) { - const char *realm = krb5_principal_get_realm(context, client); - ret = krb5_get_init_creds_opt_alloc(context, &options); - if (ret == 0) - krb5_get_init_creds_opt_set_default_flags(context, - NULL, - realm, - options); - } else - ret = _krb5_get_init_creds_opt_copy(context, in_options, &options); + again: + ret = krb5_init_creds_init(context, client, prompter, data, start_time, options, &ctx); if (ret) - return ret; + goto out; - if (password == NULL && - options->opt_private->password == NULL && - options->opt_private->pk_init_ctx == NULL) - { + ret = krb5_init_creds_set_service(context, ctx, in_tkt_service); + if (ret) + goto out; + + if (prompter != NULL && ctx->password == NULL && password == NULL) { krb5_prompt prompt; krb5_data password_data; char *p, *q; @@ -1582,42 +2000,69 @@ krb5_get_init_creds_password(krb5_context context, free (q); if (ret) { memset (buf, 0, sizeof(buf)); - krb5_get_init_creds_opt_free(context, options); ret = KRB5_LIBOS_PWDINTR; - krb5_clear_error_string (context); - return ret; + krb5_clear_error_message (context); + goto out; } password = password_data.data; } - if (options->opt_private->password == NULL) { - ret = krb5_get_init_creds_opt_set_pa_password(context, options, - password, NULL); - if (ret) { - krb5_get_init_creds_opt_free(context, options); - memset(buf, 0, sizeof(buf)); - return ret; - } + if (password) { + ret = krb5_init_creds_set_password(context, ctx, password); + if (ret) + goto out; } - ret = krb5_get_init_creds(context, creds, client, prompter, - data, start_time, in_tkt_service, options); - krb5_get_init_creds_opt_free(context, options); + ret = krb5_init_creds_get(context, ctx); + + if (ret == 0) + process_last_request(context, options, ctx); + + + if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) { + char buf2[1024]; + + /* try to avoid recursion */ + if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw") == 0) + goto out; + + /* don't try to change password where then where none */ + if (prompter == NULL) + goto out; + + ret = change_password (context, + client, + ctx->password, + buf2, + sizeof(buf), + prompter, + data, + options); + if (ret) + goto out; + chpw = 1; + krb5_init_creds_free(context, ctx); + goto again; + } + + out: + if (ret == 0) + krb5_init_creds_get_creds(context, ctx, creds); + + if (ctx) + krb5_init_creds_free(context, ctx); + memset(buf, 0, sizeof(buf)); return ret; } -static krb5_error_code -init_creds_keyblock_key_proc (krb5_context context, - krb5_enctype type, - krb5_salt salt, - krb5_const_pointer keyseed, - krb5_keyblock **key) -{ - return krb5_copy_keyblock (context, keyseed, key); -} +/** + * Get new credentials using keyblock. + * + * @ingroup krb5_credential + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock(krb5_context context, krb5_creds *creds, krb5_principal client, @@ -1626,33 +2071,80 @@ krb5_get_init_creds_keyblock(krb5_context context, const char *in_tkt_service, krb5_get_init_creds_opt *options) { - struct krb5_get_init_creds_ctx ctx; + krb5_init_creds_context ctx; krb5_error_code ret; - - ret = get_init_creds_common(context, client, start_time, - in_tkt_service, options, &ctx); + + memset(creds, 0, sizeof(*creds)); + + ret = krb5_init_creds_init(context, client, NULL, NULL, start_time, options, &ctx); if (ret) goto out; - ret = krb5_get_in_cred (context, - KDCOptions2int(ctx.flags), - ctx.addrs, - ctx.etypes, - ctx.pre_auth_types, - NULL, - init_creds_keyblock_key_proc, - keyblock, - NULL, - NULL, - &ctx.cred, - NULL); + ret = krb5_init_creds_set_service(context, ctx, in_tkt_service); + if (ret) + goto out; - if (ret == 0 && creds) - *creds = ctx.cred; - else - krb5_free_cred_contents (context, &ctx.cred); + ret = krb5_init_creds_set_keyblock(context, ctx, keyblock); + if (ret) + goto out; + + ret = krb5_init_creds_get(context, ctx); + + if (ret == 0) + process_last_request(context, options, ctx); out: - free_init_creds_ctx(context, &ctx); + if (ret == 0) + krb5_init_creds_get_creds(context, ctx, creds); + + if (ctx) + krb5_init_creds_free(context, ctx); + + return ret; +} + +/** + * Get new credentials using keytab. + * + * @ingroup krb5_credential + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_keytab(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_keytab keytab, + krb5_deltat start_time, + const char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + krb5_init_creds_context ctx; + krb5_error_code ret; + + memset(creds, 0, sizeof(*creds)); + + ret = krb5_init_creds_init(context, client, NULL, NULL, start_time, options, &ctx); + if (ret) + goto out; + + ret = krb5_init_creds_set_service(context, ctx, in_tkt_service); + if (ret) + goto out; + + ret = krb5_init_creds_set_keytab(context, ctx, keytab); + if (ret) + goto out; + + ret = krb5_init_creds_get(context, ctx); + if (ret == 0) + process_last_request(context, options, ctx); + + out: + if (ret == 0) + krb5_init_creds_get_creds(context, ctx, creds); + + if (ctx) + krb5_init_creds_free(context, ctx); + return ret; } diff --git a/crypto/heimdal/lib/krb5/k524_err.et b/crypto/heimdal/lib/krb5/k524_err.et index 0ca25f74d47..4827b397af0 100644 --- a/crypto/heimdal/lib/krb5/k524_err.et +++ b/crypto/heimdal/lib/krb5/k524_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $" +id "$Id$" error_table k524 diff --git a/crypto/heimdal/lib/krb5/kcm.c b/crypto/heimdal/lib/krb5/kcm.c index 8afaa6ea80a..5a28b5138b5 100644 --- a/crypto/heimdal/lib/krb5/kcm.c +++ b/crypto/heimdal/lib/krb5/kcm.c @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -37,130 +39,68 @@ * Client library for Kerberos Credentials Manager (KCM) daemon */ -#ifdef HAVE_SYS_UN_H -#include -#endif - #include "kcm.h" +#include -RCSID("$Id: kcm.c 22108 2007-12-03 17:23:53Z lha $"); +static krb5_error_code +kcm_set_kdc_offset(krb5_context, krb5_ccache, krb5_deltat); + +static const char *kcm_ipc_name = "ANY:org.h5l.kcm"; typedef struct krb5_kcmcache { char *name; - struct sockaddr_un path; - char *door_path; } krb5_kcmcache; +typedef struct krb5_kcm_cursor { + unsigned long offset; + unsigned long length; + kcmuuid_t *uuids; +} *krb5_kcm_cursor; + + #define KCMCACHE(X) ((krb5_kcmcache *)(X)->data.data) #define CACHENAME(X) (KCMCACHE(X)->name) -#define KCMCURSOR(C) (*(uint32_t *)(C)) +#define KCMCURSOR(C) ((krb5_kcm_cursor)(C)) -static krb5_error_code -try_door(krb5_context context, const krb5_kcmcache *k, - krb5_data *request_data, - krb5_data *response_data) -{ -#ifdef HAVE_DOOR_CREATE - door_arg_t arg; - int fd; - int ret; +static HEIMDAL_MUTEX kcm_mutex = HEIMDAL_MUTEX_INITIALIZER; +static heim_ipc kcm_ipc = NULL; - memset(&arg, 0, sizeof(arg)); - - fd = open(k->door_path, O_RDWR); - if (fd < 0) - return KRB5_CC_IO; - - arg.data_ptr = request_data->data; - arg.data_size = request_data->length; - arg.desc_ptr = NULL; - arg.desc_num = 0; - arg.rbuf = NULL; - arg.rsize = 0; - - ret = door_call(fd, &arg); - close(fd); - if (ret != 0) - return KRB5_CC_IO; - - ret = krb5_data_copy(response_data, arg.rbuf, arg.rsize); - munmap(arg.rbuf, arg.rsize); - if (ret) - return ret; - - return 0; -#else - return KRB5_CC_IO; -#endif -} - -static krb5_error_code -try_unix_socket(krb5_context context, const krb5_kcmcache *k, - krb5_data *request_data, - krb5_data *response_data) -{ - krb5_error_code ret; - int fd; - - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd < 0) - return KRB5_CC_IO; - - if (connect(fd, rk_UNCONST(&k->path), sizeof(k->path)) != 0) { - close(fd); - return KRB5_CC_IO; - } - - ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout, - request_data, response_data); - close(fd); - return ret; -} - static krb5_error_code kcm_send_request(krb5_context context, - krb5_kcmcache *k, krb5_storage *request, krb5_data *response_data) { - krb5_error_code ret; + krb5_error_code ret = 0; krb5_data request_data; - int i; - response_data->data = NULL; - response_data->length = 0; + HEIMDAL_MUTEX_lock(&kcm_mutex); + if (kcm_ipc == NULL) + ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); + HEIMDAL_MUTEX_unlock(&kcm_mutex); + if (ret) + return KRB5_CC_NOSUPP; ret = krb5_storage_to_data(request, &request_data); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_CC_NOMEM; } - ret = KRB5_CC_IO; - - for (i = 0; i < context->max_retries; i++) { - ret = try_door(context, k, &request_data, response_data); - if (ret == 0 && response_data->length != 0) - break; - ret = try_unix_socket(context, k, &request_data, response_data); - if (ret == 0 && response_data->length != 0) - break; - } - + ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL); krb5_data_free(&request_data); if (ret) { - krb5_clear_error_string(context); - ret = KRB5_CC_IO; + krb5_clear_error_message(context); + ret = KRB5_CC_NOSUPP; } return ret; } -static krb5_error_code -kcm_storage_request(krb5_context context, - kcm_operation opcode, - krb5_storage **storage_p) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kcm_storage_request(krb5_context context, + uint16_t opcode, + krb5_storage **storage_p) { krb5_storage *sp; krb5_error_code ret; @@ -169,7 +109,7 @@ kcm_storage_request(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } @@ -187,22 +127,23 @@ kcm_storage_request(krb5_context context, *storage_p = sp; fail: if (ret) { - krb5_set_error_string(context, "Failed to encode request"); + krb5_set_error_message(context, ret, + N_("Failed to encode KCM request", "")); krb5_storage_free(sp); } - - return ret; + + return ret; } static krb5_error_code kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) { krb5_kcmcache *k; - const char *path; k = malloc(sizeof(*k)); if (k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } @@ -210,40 +151,24 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) k->name = strdup(name); if (k->name == NULL) { free(k); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } } else k->name = NULL; - path = krb5_config_get_string_default(context, NULL, - _PATH_KCM_SOCKET, - "libdefaults", - "kcm_socket", - NULL); - - k->path.sun_family = AF_UNIX; - strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path)); - - path = krb5_config_get_string_default(context, NULL, - _PATH_KCM_DOOR, - "libdefaults", - "kcm_door", - NULL); - k->door_path = strdup(path); - (*id)->data.data = k; (*id)->data.length = sizeof(*k); return 0; } -static krb5_error_code -kcm_call(krb5_context context, - krb5_kcmcache *k, - krb5_storage *request, - krb5_storage **response_p, - krb5_data *response_data_p) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kcm_call(krb5_context context, + krb5_storage *request, + krb5_storage **response_p, + krb5_data *response_data_p) { krb5_data response_data; krb5_error_code ret; @@ -253,10 +178,11 @@ kcm_call(krb5_context context, if (response_p != NULL) *response_p = NULL; - ret = kcm_send_request(context, k, request, &response_data); - if (ret) { + krb5_data_zero(&response_data); + + ret = kcm_send_request(context, request, &response_data); + if (ret) return ret; - } response = krb5_storage_from_data(&response_data); if (response == NULL) { @@ -298,13 +224,9 @@ kcm_free(krb5_context context, krb5_ccache *id) if (k != NULL) { if (k->name != NULL) free(k->name); - if (k->door_path) - free(k->door_path); memset(k, 0, sizeof(*k)); krb5_data_free(&(*id)->data); } - - *id = NULL; } static const char * @@ -340,13 +262,13 @@ kcm_gen_new(krb5_context context, krb5_ccache *id) k = KCMCACHE(*id); - ret = kcm_storage_request(context, KCM_OP_GEN_NEW, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GEN_NEW, &request); if (ret) { kcm_free(context, id); return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); kcm_free(context, id); @@ -384,7 +306,7 @@ kcm_initialize(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_INITIALIZE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_INITIALIZE, &request); if (ret) return ret; @@ -400,9 +322,13 @@ kcm_initialize(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); + + if (context->kdc_sec_offset) + kcm_set_kdc_offset(context, id, context->kdc_sec_offset); + return ret; } @@ -429,7 +355,7 @@ kcm_destroy(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_DESTROY, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_DESTROY, &request); if (ret) return ret; @@ -439,7 +365,7 @@ kcm_destroy(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -462,7 +388,7 @@ kcm_store_cred(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_STORE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_STORE, &request); if (ret) return ret; @@ -478,12 +404,13 @@ kcm_store_cred(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; } +#if 0 /* * Request: * NameZ @@ -506,7 +433,7 @@ kcm_retrieve(krb5_context context, krb5_storage *request, *response; krb5_data response_data; - ret = kcm_storage_request(context, KCM_OP_RETRIEVE, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_RETRIEVE, &request); if (ret) return ret; @@ -528,7 +455,7 @@ kcm_retrieve(krb5_context context, return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; @@ -544,6 +471,7 @@ kcm_retrieve(krb5_context context, return ret; } +#endif /* * Request: @@ -562,7 +490,7 @@ kcm_get_principal(krb5_context context, krb5_storage *request, *response; krb5_data response_data; - ret = kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_PRINCIPAL, &request); if (ret) return ret; @@ -572,7 +500,7 @@ kcm_get_principal(krb5_context context, return ret; } - ret = kcm_call(context, k, request, &response, &response_data); + ret = krb5_kcm_call(context, request, &response, &response_data); if (ret) { krb5_storage_free(request); return ret; @@ -603,12 +531,12 @@ kcm_get_first (krb5_context context, krb5_cc_cursor *cursor) { krb5_error_code ret; + krb5_kcm_cursor c; krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request, *response; krb5_data response_data; - int32_t tmp; - ret = kcm_storage_request(context, KCM_OP_GET_FIRST, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_UUID_LIST, &request); if (ret) return ret; @@ -618,28 +546,57 @@ kcm_get_first (krb5_context context, return ret; } - ret = kcm_call(context, k, request, &response, &response_data); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = krb5_ret_int32(response, &tmp); - if (ret || tmp < 0) - ret = KRB5_CC_IO; - + ret = krb5_kcm_call(context, request, &response, &response_data); krb5_storage_free(request); - krb5_storage_free(response); - krb5_data_free(&response_data); - if (ret) return ret; - *cursor = malloc(sizeof(tmp)); - if (*cursor == NULL) - return KRB5_CC_NOMEM; + c = calloc(1, sizeof(*c)); + if (c == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + return ret; + } - KCMCURSOR(*cursor) = tmp; + while (1) { + ssize_t sret; + kcmuuid_t uuid; + void *ptr; + + sret = krb5_storage_read(response, &uuid, sizeof(uuid)); + if (sret == 0) { + ret = 0; + break; + } else if (sret != sizeof(uuid)) { + ret = EINVAL; + break; + } + + ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1)); + if (ptr == NULL) { + free(c->uuids); + free(c); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + c->uuids = ptr; + + memcpy(&c->uuids[c->length], &uuid, sizeof(uuid)); + c->length += 1; + } + + krb5_storage_free(response); + krb5_data_free(&response_data); + + if (ret) { + free(c->uuids); + free(c); + return ret; + } + + *cursor = c; return 0; } @@ -660,10 +617,17 @@ kcm_get_next (krb5_context context, { krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); + krb5_kcm_cursor c = KCMCURSOR(*cursor); krb5_storage *request, *response; krb5_data response_data; + ssize_t sret; - ret = kcm_storage_request(context, KCM_OP_GET_NEXT, &request); + again: + + if (c->offset >= c->length) + return KRB5_CC_END; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CRED_BY_UUID, &request); if (ret) return ret; @@ -673,23 +637,26 @@ kcm_get_next (krb5_context context, return ret; } - ret = krb5_store_int32(request, KCMCURSOR(*cursor)); - if (ret) { + sret = krb5_storage_write(request, + &c->uuids[c->offset], + sizeof(c->uuids[c->offset])); + c->offset++; + if (sret != sizeof(c->uuids[c->offset])) { krb5_storage_free(request); - return ret; + krb5_clear_error_message(context); + return ENOMEM; } - ret = kcm_call(context, k, request, &response, &response_data); - if (ret) { - krb5_storage_free(request); - return ret; + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret == KRB5_CC_END) { + goto again; } ret = krb5_ret_creds(response, creds); if (ret) ret = KRB5_CC_IO; - krb5_storage_free(request); krb5_storage_free(response); krb5_data_free(&response_data); @@ -709,39 +676,14 @@ kcm_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) { - krb5_error_code ret; - krb5_kcmcache *k = KCMCACHE(id); - krb5_storage *request; + krb5_kcm_cursor c = KCMCURSOR(*cursor); - ret = kcm_storage_request(context, KCM_OP_END_GET, &request); - if (ret) - return ret; + free(c->uuids); + free(c); - ret = krb5_store_stringz(request, k->name); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = krb5_store_int32(request, KCMCURSOR(*cursor)); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = kcm_call(context, k, request, NULL, NULL); - if (ret) { - krb5_storage_free(request); - return ret; - } - - krb5_storage_free(request); - - KCMCURSOR(*cursor) = 0; - free(*cursor); *cursor = NULL; - return ret; + return 0; } /* @@ -763,7 +705,7 @@ kcm_remove_cred(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_REMOVE_CRED, &request); if (ret) return ret; @@ -785,7 +727,7 @@ kcm_remove_cred(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -800,7 +742,7 @@ kcm_set_flags(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_SET_FLAGS, &request); if (ret) return ret; @@ -816,32 +758,342 @@ kcm_set_flags(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; } -static krb5_error_code +static int kcm_get_version(krb5_context context, krb5_ccache id) { return 0; } +/* + * Send nothing + * get back list of uuids + */ + static krb5_error_code -kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) +kcm_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) { - krb5_set_error_string(context, "kcm_move not implemented"); - return EINVAL; + krb5_error_code ret; + krb5_kcm_cursor c; + krb5_storage *request, *response; + krb5_data response_data; + + *cursor = NULL; + + c = calloc(1, sizeof(*c)); + if (c == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + goto out; + } + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_UUID_LIST, &request); + if (ret) + goto out; + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + goto out; + + while (1) { + ssize_t sret; + kcmuuid_t uuid; + void *ptr; + + sret = krb5_storage_read(response, &uuid, sizeof(uuid)); + if (sret == 0) { + ret = 0; + break; + } else if (sret != sizeof(uuid)) { + ret = EINVAL; + goto out; + } + + ptr = realloc(c->uuids, sizeof(c->uuids[0]) * (c->length + 1)); + if (ptr == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + goto out; + } + c->uuids = ptr; + + memcpy(&c->uuids[c->length], &uuid, sizeof(uuid)); + c->length += 1; + } + + krb5_storage_free(response); + krb5_data_free(&response_data); + + out: + if (ret && c) { + free(c->uuids); + free(c); + } else + *cursor = c; + + return ret; +} + +/* + * Send uuid + * Recv cache name + */ + +static krb5_error_code +kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_ops *ops, krb5_ccache *id) +{ + krb5_error_code ret; + krb5_kcm_cursor c = KCMCURSOR(cursor); + krb5_storage *request, *response; + krb5_data response_data; + ssize_t sret; + char *name; + + *id = NULL; + + again: + + if (c->offset >= c->length) + return KRB5_CC_END; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_CACHE_BY_UUID, &request); + if (ret) + return ret; + + sret = krb5_storage_write(request, + &c->uuids[c->offset], + sizeof(c->uuids[c->offset])); + c->offset++; + if (sret != sizeof(c->uuids[c->offset])) { + krb5_storage_free(request); + krb5_clear_error_message(context); + return ENOMEM; + } + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret == KRB5_CC_END) + goto again; + + ret = krb5_ret_stringz(response, &name); + krb5_storage_free(response); + krb5_data_free(&response_data); + + if (ret == 0) { + ret = _krb5_cc_allocate(context, ops, id); + if (ret == 0) + ret = kcm_alloc(context, name, id); + krb5_xfree(name); + } + + return ret; } static krb5_error_code -kcm_default_name(krb5_context context, char **str) +kcm_get_cache_next_kcm(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) { - return _krb5_expand_default_cc_name(context, - KRB5_DEFAULT_CCNAME_KCM, - str); +#ifndef KCM_IS_API_CACHE + return kcm_get_cache_next(context, cursor, &krb5_kcm_ops, id); +#else + return KRB5_CC_END; +#endif +} + +static krb5_error_code +kcm_get_cache_next_api(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) +{ + return kcm_get_cache_next(context, cursor, &krb5_akcm_ops, id); +} + + +static krb5_error_code +kcm_end_cache_get(krb5_context context, krb5_cc_cursor cursor) +{ + krb5_kcm_cursor c = KCMCURSOR(cursor); + + free(c->uuids); + free(c); + return 0; +} + + +static krb5_error_code +kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_error_code ret; + krb5_kcmcache *oldk = KCMCACHE(from); + krb5_kcmcache *newk = KCMCACHE(to); + krb5_storage *request; + + ret = krb5_kcm_storage_request(context, KCM_OP_MOVE_CACHE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, oldk->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_store_stringz(request, newk->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + ret = krb5_kcm_call(context, request, NULL, NULL); + + krb5_storage_free(request); + return ret; +} + +static krb5_error_code +kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, + const char *defstr, char **str) +{ + krb5_error_code ret; + krb5_storage *request, *response; + krb5_data response_data; + char *name; + + *str = NULL; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_DEFAULT_CACHE, &request); + if (ret) + return ret; + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + return _krb5_expand_default_cc_name(context, defstr, str); + + ret = krb5_ret_stringz(response, &name); + krb5_storage_free(response); + krb5_data_free(&response_data); + if (ret) + return ret; + + asprintf(str, "%s:%s", ops->prefix, name); + free(name); + if (str == NULL) + return ENOMEM; + + return 0; +} + +static krb5_error_code +kcm_get_default_name_api(krb5_context context, char **str) +{ + return kcm_get_default_name(context, &krb5_akcm_ops, + KRB5_DEFAULT_CCNAME_KCM_API, str); +} + +static krb5_error_code +kcm_get_default_name_kcm(krb5_context context, char **str) +{ + return kcm_get_default_name(context, &krb5_kcm_ops, + KRB5_DEFAULT_CCNAME_KCM_KCM, str); +} + +static krb5_error_code +kcm_set_default(krb5_context context, krb5_ccache id) +{ + krb5_error_code ret; + krb5_storage *request; + krb5_kcmcache *k = KCMCACHE(id); + + ret = krb5_kcm_storage_request(context, KCM_OP_SET_DEFAULT_CACHE, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_kcm_call(context, request, NULL, NULL); + krb5_storage_free(request); + + return ret; +} + +static krb5_error_code +kcm_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + *mtime = time(NULL); + return 0; +} + +static krb5_error_code +kcm_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) +{ + krb5_kcmcache *k = KCMCACHE(id); + krb5_error_code ret; + krb5_storage *request; + + ret = krb5_kcm_storage_request(context, KCM_OP_SET_KDC_OFFSET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + ret = krb5_store_int32(request, kdc_offset); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_kcm_call(context, request, NULL, NULL); + krb5_storage_free(request); + + return ret; +} + +static krb5_error_code +kcm_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) +{ + krb5_kcmcache *k = KCMCACHE(id); + krb5_error_code ret; + krb5_storage *request, *response; + krb5_data response_data; + int32_t offset; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_KDC_OFFSET, &request); + if (ret) + return ret; + + ret = krb5_store_stringz(request, k->name); + if (ret) { + krb5_storage_free(request); + return ret; + } + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + return ret; + + ret = krb5_ret_int32(response, &offset); + krb5_storage_free(response); + krb5_data_free(&response_data); + if (ret) + return ret; + + *kdc_offset = offset; + + return 0; } /** @@ -850,7 +1102,8 @@ kcm_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_kcm_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = { + KRB5_CC_OPS_VERSION, "KCM", kcm_get_name, kcm_resolve, @@ -859,7 +1112,7 @@ const krb5_cc_ops krb5_kcm_ops = { kcm_destroy, kcm_close, kcm_store_cred, - kcm_retrieve, + NULL /* kcm_retrieve */, kcm_get_principal, kcm_get_first, kcm_get_next, @@ -867,14 +1120,48 @@ const krb5_cc_ops krb5_kcm_ops = { kcm_remove_cred, kcm_set_flags, kcm_get_version, - NULL, - NULL, - NULL, + kcm_get_cache_first, + kcm_get_cache_next_kcm, + kcm_end_cache_get, kcm_move, - kcm_default_name + kcm_get_default_name_kcm, + kcm_set_default, + kcm_lastchange, + kcm_set_kdc_offset, + kcm_get_kdc_offset }; -krb5_boolean +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = { + KRB5_CC_OPS_VERSION, + "API", + kcm_get_name, + kcm_resolve, + kcm_gen_new, + kcm_initialize, + kcm_destroy, + kcm_close, + kcm_store_cred, + NULL /* kcm_retrieve */, + kcm_get_principal, + kcm_get_first, + kcm_get_next, + kcm_end_get, + kcm_remove_cred, + kcm_set_flags, + kcm_get_version, + kcm_get_cache_first, + kcm_get_cache_next_api, + kcm_end_cache_get, + kcm_move, + kcm_get_default_name_api, + kcm_set_default, + kcm_lastchange, + NULL, + NULL +}; + + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_kcm_is_running(krb5_context context) { krb5_error_code ret; @@ -899,107 +1186,18 @@ _krb5_kcm_is_running(krb5_context context) * Response: * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_noop(krb5_context context, krb5_ccache id) { krb5_error_code ret; - krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_NOOP, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_NOOP, &request); if (ret) return ret; - ret = kcm_call(context, k, request, NULL, NULL); - - krb5_storage_free(request); - return ret; -} - - -/* - * Request: - * NameZ - * Mode - * - * Response: - * - */ -krb5_error_code -_krb5_kcm_chmod(krb5_context context, - krb5_ccache id, - uint16_t mode) -{ - krb5_error_code ret; - krb5_kcmcache *k = KCMCACHE(id); - krb5_storage *request; - - ret = kcm_storage_request(context, KCM_OP_CHMOD, &request); - if (ret) - return ret; - - ret = krb5_store_stringz(request, k->name); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = krb5_store_int16(request, mode); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = kcm_call(context, k, request, NULL, NULL); - - krb5_storage_free(request); - return ret; -} - - -/* - * Request: - * NameZ - * UID - * GID - * - * Response: - * - */ -krb5_error_code -_krb5_kcm_chown(krb5_context context, - krb5_ccache id, - uint32_t uid, - uint32_t gid) -{ - krb5_error_code ret; - krb5_kcmcache *k = KCMCACHE(id); - krb5_storage *request; - - ret = kcm_storage_request(context, KCM_OP_CHOWN, &request); - if (ret) - return ret; - - ret = krb5_store_stringz(request, k->name); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = krb5_store_int32(request, uid); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = krb5_store_int32(request, gid); - if (ret) { - krb5_storage_free(request); - return ret; - } - - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -1016,17 +1214,17 @@ _krb5_kcm_chown(krb5_context context, * Repsonse: * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_initial_ticket(krb5_context context, krb5_ccache id, krb5_principal server, krb5_keyblock *key) { - krb5_error_code ret; krb5_kcmcache *k = KCMCACHE(id); + krb5_error_code ret; krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_INITIAL_TICKET, &request); if (ret) return ret; @@ -1056,7 +1254,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; @@ -1073,7 +1271,7 @@ _krb5_kcm_get_initial_ticket(krb5_context context, * Repsonse: * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_ticket(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, @@ -1084,7 +1282,7 @@ _krb5_kcm_get_ticket(krb5_context context, krb5_kcmcache *k = KCMCACHE(id); krb5_storage *request; - ret = kcm_storage_request(context, KCM_OP_GET_TICKET, &request); + ret = krb5_kcm_storage_request(context, KCM_OP_GET_TICKET, &request); if (ret) return ret; @@ -1112,11 +1310,10 @@ _krb5_kcm_get_ticket(krb5_context context, return ret; } - ret = kcm_call(context, k, request, NULL, NULL); + ret = krb5_kcm_call(context, request, NULL, NULL); krb5_storage_free(request); return ret; } - #endif /* HAVE_KCM */ diff --git a/crypto/heimdal/lib/krb5/kcm.h b/crypto/heimdal/lib/krb5/kcm.h index 10dfa440f1d..27197fec3ed 100644 --- a/crypto/heimdal/lib/krb5/kcm.h +++ b/crypto/heimdal/lib/krb5/kcm.h @@ -2,6 +2,8 @@ * Copyright (c) 2005, PADL Software Pty Ltd. * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -37,9 +39,11 @@ * KCM protocol definitions */ -#define KCM_PROTOCOL_VERSION_MAJOR 1 +#define KCM_PROTOCOL_VERSION_MAJOR 2 #define KCM_PROTOCOL_VERSION_MINOR 0 +typedef unsigned char kcmuuid_t[16]; + typedef enum kcm_operation { KCM_OP_NOOP, KCM_OP_GET_NAME, @@ -50,20 +54,37 @@ typedef enum kcm_operation { KCM_OP_STORE, KCM_OP_RETRIEVE, KCM_OP_GET_PRINCIPAL, - KCM_OP_GET_FIRST, - KCM_OP_GET_NEXT, - KCM_OP_END_GET, + KCM_OP_GET_CRED_UUID_LIST, + KCM_OP_GET_CRED_BY_UUID, KCM_OP_REMOVE_CRED, KCM_OP_SET_FLAGS, KCM_OP_CHOWN, KCM_OP_CHMOD, KCM_OP_GET_INITIAL_TICKET, KCM_OP_GET_TICKET, + KCM_OP_MOVE_CACHE, + KCM_OP_GET_CACHE_UUID_LIST, + KCM_OP_GET_CACHE_BY_UUID, + KCM_OP_GET_DEFAULT_CACHE, + KCM_OP_SET_DEFAULT_CACHE, + KCM_OP_GET_KDC_OFFSET, + KCM_OP_SET_KDC_OFFSET, + /* NTLM operations */ + KCM_OP_ADD_NTLM_CRED, + KCM_OP_HAVE_NTLM_CRED, + KCM_OP_DEL_NTLM_CRED, + KCM_OP_DO_NTLM_AUTH, + KCM_OP_GET_NTLM_USER_LIST, KCM_OP_MAX } kcm_operation; #define _PATH_KCM_SOCKET "/var/run/.kcm_socket" #define _PATH_KCM_DOOR "/var/run/.kcm_door" +#define KCM_NTLM_FLAG_SESSIONKEY 1 +#define KCM_NTLM_FLAG_NTLM2_SESSION 2 +#define KCM_NTLM_FLAG_KEYEX 4 +#define KCM_NTLM_FLAG_AV_GUEST 8 + #endif /* __KCM_H__ */ diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index e45c947d10c..94d49955180 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2000 Kungliga Tekniska Högskolan +.\" Copyright (c) 2000 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: kerberos.8 16121 2005-10-03 14:24:36Z lha $ +.\" $Id$ .\" .Dd September 1, 2000 .Dt KERBEROS 8 diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c index ff4f972e57d..9ba9c4b290d 100644 --- a/crypto/heimdal/lib/krb5/keyblock.c +++ b/crypto/heimdal/lib/krb5/keyblock.c @@ -1,48 +1,63 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: keyblock.c 15167 2005-05-18 04:21:57Z lha $"); +/** + * Zero out a keyblock + * + * @param keyblock keyblock to zero out + * + * @ingroup krb5_crypto + */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero(krb5_keyblock *keyblock) { keyblock->keytype = 0; krb5_data_zero(&keyblock->keyvalue); } -void KRB5_LIB_FUNCTION +/** + * Free a keyblock's content, also zero out the content of the keyblock. + * + * @param context a Kerberos 5 context + * @param keyblock keyblock content to free, NULL is valid argument + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *keyblock) { @@ -54,7 +69,17 @@ krb5_free_keyblock_contents(krb5_context context, } } -void KRB5_LIB_FUNCTION +/** + * Free a keyblock, also zero out the content of the keyblock, uses + * krb5_free_keyblock_contents() to free the content. + * + * @param context a Kerberos 5 context + * @param keyblock keyblock to free, NULL is valid argument + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock(krb5_context context, krb5_keyblock *keyblock) { @@ -64,7 +89,20 @@ krb5_free_keyblock(krb5_context context, } } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Copy a keyblock, free the output keyblock with + * krb5_free_keyblock_contents(). + * + * @param context a Kerberos 5 context + * @param inblock the key to copy + * @param to the output key. + * + * @return 0 on success or a Kerberos 5 error code + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock *to) @@ -72,34 +110,67 @@ krb5_copy_keyblock_contents (krb5_context context, return copy_EncryptionKey(inblock, to); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Copy a keyblock, free the output keyblock with + * krb5_free_keyblock(). + * + * @param context a Kerberos 5 context + * @param inblock the key to copy + * @param to the output key. + * + * @return 0 on success or a Kerberos 5 error code + * + * @ingroup krb5_crypto + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock (krb5_context context, const krb5_keyblock *inblock, krb5_keyblock **to) { + krb5_error_code ret; krb5_keyblock *k; - k = malloc (sizeof(*k)); + *to = NULL; + + k = calloc (1, sizeof(*k)); if (k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } + + ret = krb5_copy_keyblock_contents (context, inblock, k); + if (ret) { + free(k); + return ret; + } *to = k; - return krb5_copy_keyblock_contents (context, inblock, k); + return 0; } -krb5_enctype +/** + * Get encryption type of a keyblock. + * + * @ingroup krb5_crypto + */ + +KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype(const krb5_keyblock *block) { return block->keytype; } -/* +/** * Fill in `key' with key data of type `enctype' from `data' of length - * `size'. Key should be freed using krb5_free_keyblock_contents. + * `size'. Key should be freed using krb5_free_keyblock_contents(). + * + * @return 0 on success or a Kerberos 5 error code + * + * @ingroup krb5_crypto */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init(krb5_context context, krb5_enctype type, const void *data, @@ -116,15 +187,15 @@ krb5_keyblock_init(krb5_context context, return ret; if (len != size) { - krb5_set_error_string(context, "Encryption key %d is %lu bytes " - "long, %lu was passed in", - type, (unsigned long)len, (unsigned long)size); + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "Encryption key %d is %lu bytes " + "long, %lu was passed in", + type, (unsigned long)len, (unsigned long)size); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_copy(&key->keyvalue, data, len); if(ret) { - krb5_set_error_string(context, "malloc failed: %lu", - (unsigned long)len); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } key->keytype = type; diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index f6c7858c12e..8ca515f2133 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -1,60 +1,161 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: keytab.c 20211 2007-02-09 07:11:03Z lha $"); +/** + * @page krb5_keytab_intro The keytab handing functions + * @section section_krb5_keytab Kerberos Keytabs + * + * See the library functions here: @ref krb5_keytab + * + * Keytabs are long term key storage for servers, their equvalment of + * password files. + * + * Normally the only function that useful for server are to specify + * what keytab to use to other core functions like krb5_rd_req() + * krb5_kt_resolve(), and krb5_kt_close(). + * + * @subsection krb5_keytab_names Keytab names + * + * A keytab name is on the form type:residual. The residual part is + * specific to each keytab-type. + * + * When a keytab-name is resolved, the type is matched with an internal + * list of keytab types. If there is no matching keytab type, + * the default keytab is used. The current default type is FILE. + * + * The default value can be changed in the configuration file + * /etc/krb5.conf by setting the variable + * [defaults]default_keytab_name. + * + * The keytab types that are implemented in Heimdal are: + * - file + * store the keytab in a file, the type's name is FILE . The + * residual part is a filename. For compatibility with other + * Kerberos implemtation WRFILE and JAVA14 is also accepted. WRFILE + * has the same format as FILE. JAVA14 have a format that is + * compatible with older versions of MIT kerberos and SUN's Java + * based installation. They store a truncted kvno, so when the knvo + * excess 255, they are truncted in this format. + * + * - keytab + * store the keytab in a AFS keyfile (usually /usr/afs/etc/KeyFile ), + * the type's name is AFSKEYFILE. The residual part is a filename. + * + * - memory + * The keytab is stored in a memory segment. This allows sensitive + * and/or temporary data not to be stored on disk. The type's name + * is MEMORY. Each MEMORY keytab is referenced counted by and + * opened by the residual name, so two handles can point to the + * same memory area. When the last user closes using krb5_kt_close() + * the keytab, the keys in they keytab is memset() to zero and freed + * and can no longer be looked up by name. + * + * + * @subsection krb5_keytab_example Keytab example + * + * This is a minimalistic version of ktutil. + * + * @code +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + krb5_error_code ret; + char *principal; -/* - * Register a new keytab in `ops' - * Return 0 or an error. + if (krb5_init_context (&context) != 0) + errx(1, "krb5_context"); + + ret = krb5_kt_default (context, &keytab); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_default"); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + krb5_unparse_name(context, entry.principal, &principal); + printf("principal: %s\n", principal); + free(principal); + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_end_seq_get"); + ret = krb5_kt_close(context, keytab); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_close"); + krb5_free_context(context); + return 0; +} + * @endcode + * */ -krb5_error_code KRB5_LIB_FUNCTION + +/** + * Register a new keytab backend. + * + * @param context a Keberos context. + * @param ops a backend to register. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register(krb5_context context, const krb5_kt_ops *ops) { struct krb5_keytab_data *tmp; if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { - krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + krb5_set_error_message(context, KRB5_KT_BADNAME, + N_("can't register cache type, prefix too long", "")); return KRB5_KT_BADNAME; } tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); if(tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memcpy(&tmp[context->num_kt_types], ops, @@ -64,13 +165,49 @@ krb5_kt_register(krb5_context context, return 0; } -/* +static const char * +keytab_name(const char *name, const char **type, size_t *type_len) +{ + const char *residual; + + residual = strchr(name, ':'); + + if (residual == NULL || + name[0] == '/' +#ifdef _WIN32 + /* Avoid treating : as a keytab type + * specification */ + || name + 1 == residual +#endif + ) { + + *type = "FILE"; + *type_len = strlen(*type); + residual = name; + } else { + *type = name; + *type_len = residual - name; + residual++; + } + + return residual; +} + +/** * Resolve the keytab name (of the form `type:residual') in `name' * into a keytab in `id'. - * Return 0 or an error + * + * @param context a Keberos context. + * @param name name to resolve + * @param id resulting keytab, free with krb5_kt_close(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve(krb5_context context, const char *name, krb5_keytab *id) @@ -81,30 +218,22 @@ krb5_kt_resolve(krb5_context context, size_t type_len; krb5_error_code ret; - residual = strchr(name, ':'); - if(residual == NULL) { - type = "FILE"; - type_len = strlen(type); - residual = name; - } else { - type = name; - type_len = residual - name; - residual++; - } - + residual = keytab_name(name, &type, &type_len); + for(i = 0; i < context->num_kt_types; i++) { if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0) break; } if(i == context->num_kt_types) { - krb5_set_error_string(context, "unknown keytab type %.*s", - (int)type_len, type); + krb5_set_error_message(context, KRB5_KT_UNKNOWN_TYPE, + N_("unknown keytab type %.*s", "type"), + (int)type_len, type); return KRB5_KT_UNKNOWN_TYPE; } - + k = malloc (sizeof(*k)); if (k == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(k, &context->kt_types[i], sizeof(*k)); @@ -118,27 +247,41 @@ krb5_kt_resolve(krb5_context context, return ret; } -/* +/** * copy the name of the default keytab into `name'. - * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short. + * + * @param context a Keberos context. + * @param name buffer where the name will be written + * @param namesize length of name + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { if (strlcpy (name, context->default_keytab, namesize) >= namesize) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_CONFIG_NOTENUFSPACE; } return 0; } -/* - * copy the name of the default modify keytab into `name'. - * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short. +/** + * Copy the name of the default modify keytab into `name'. + * + * @param context a Keberos context. + * @param name buffer where the name will be written + * @param namesize length of name + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) { const char *kt = NULL; @@ -148,40 +291,56 @@ krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) else { size_t len = strcspn(context->default_keytab + 4, ","); if(len >= namesize) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_CONFIG_NOTENUFSPACE; } strlcpy(name, context->default_keytab + 4, namesize); name[len] = '\0'; return 0; - } + } } else kt = context->default_keytab_modify; if (strlcpy (name, kt, namesize) >= namesize) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_CONFIG_NOTENUFSPACE; } return 0; } -/* +/** * Set `id' to the default keytab. - * Return 0 or an error. + * + * @param context a Keberos context. + * @param id the new default keytab. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default(krb5_context context, krb5_keytab *id) { return krb5_kt_resolve (context, context->default_keytab, id); } -/* +/** * Read the key identified by `(principal, vno, enctype)' from the * keytab in `keyprocarg' (the default if == NULL) into `*key'. - * Return 0 or an error. + * + * @param context a Keberos context. + * @param keyprocarg + * @param principal + * @param vno + * @param enctype + * @param key + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, @@ -210,12 +369,21 @@ krb5_kt_read_service_key(krb5_context context, return ret; } -/* +/** * Return the type of the `keytab' in the string `prefix of length * `prefixsize'. + * + * @param context a Keberos context. + * @param keytab the keytab to get the prefix for + * @param prefix prefix buffer + * @param prefixsize length of prefix buffer + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type(krb5_context context, krb5_keytab keytab, char *prefix, @@ -225,13 +393,21 @@ krb5_kt_get_type(krb5_context context, return 0; } -/* +/** * Retrieve the name of the keytab `keytab' into `name', `namesize' - * Return 0 or an error. + * + * @param context a Keberos context. + * @param keytab the keytab to get the name for. + * @param name name buffer. + * @param namesize size of name buffer. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_name(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, size_t namesize) @@ -239,21 +415,29 @@ krb5_kt_get_name(krb5_context context, return (*keytab->get_name)(context, keytab, name, namesize); } -/* +/** * Retrieve the full name of the keytab `keytab' and store the name in - * `str'. `str' needs to be freed by the caller using free(3). - * Returns 0 or an error. On error, *str is set to NULL. + * `str'. + * + * @param context a Keberos context. + * @param keytab keytab to get name for. + * @param str the name of the keytab name, usee krb5_xfree() to free + * the string. On error, *str is set to NULL. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_full_name(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_get_full_name(krb5_context context, krb5_keytab keytab, char **str) { char type[KRB5_KT_PREFIX_MAX_LEN]; char name[MAXPATHLEN]; krb5_error_code ret; - + *str = NULL; ret = krb5_kt_get_type(context, keytab, type, sizeof(type)); @@ -265,7 +449,7 @@ krb5_kt_get_full_name(krb5_context context, return ret; if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); *str = NULL; return ENOMEM; } @@ -273,13 +457,20 @@ krb5_kt_get_full_name(krb5_context context, return 0; } -/* +/** * Finish using the keytab in `id'. All resources will be released, - * even on errors. Return 0 or an error. + * even on errors. + * + * @param context a Keberos context. + * @param id keytab to close. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_close(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_close(krb5_context context, krb5_keytab id) { krb5_error_code ret; @@ -290,21 +481,73 @@ krb5_kt_close(krb5_context context, return ret; } +/** + * Destroy (remove) the keytab in `id'. All resources will be released, + * even on errors, does the equvalment of krb5_kt_close() on the resources. + * + * @param context a Keberos context. + * @param id keytab to destroy. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_destroy(krb5_context context, + krb5_keytab id) +{ + krb5_error_code ret; + + ret = (*id->destroy)(context, id); + krb5_kt_close(context, id); + return ret; +} + /* + * Match any aliases in keytab `entry' with `principal'. + */ + +static krb5_boolean +compare_aliseses(krb5_context context, + krb5_keytab_entry *entry, + krb5_const_principal principal) +{ + unsigned int i; + if (entry->aliases == NULL) + return FALSE; + for (i = 0; i < entry->aliases->len; i++) + if (krb5_principal_compare(context, &entry->aliases->val[i], principal)) + return TRUE; + return FALSE; +} + +/** * Compare `entry' against `principal, vno, enctype'. * Any of `principal, vno, enctype' might be 0 which acts as a wildcard. * Return TRUE if they compare the same, FALSE otherwise. + * + * @param context a Keberos context. + * @param entry an entry to match with. + * @param principal principal to match, NULL matches all principals. + * @param vno key version to match, 0 matches all key version numbers. + * @param enctype encryption type to match, 0 matches all encryption types. + * + * @return Return TRUE or match, FALSE if not matched. + * + * @ingroup krb5_keytab */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare(krb5_context context, - krb5_keytab_entry *entry, + krb5_keytab_entry *entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype) { - if(principal != NULL && - !krb5_principal_compare(context, entry->principal, principal)) + if(principal != NULL && + !(krb5_principal_compare(context, entry->principal, principal) || + compare_aliseses(context, entry, principal))) return FALSE; if(vno && vno != entry->vno) return FALSE; @@ -313,14 +556,56 @@ krb5_kt_compare(krb5_context context, return TRUE; } -/* +krb5_error_code +_krb5_kt_principal_not_found(krb5_context context, + krb5_error_code ret, + krb5_keytab id, + krb5_const_principal principal, + krb5_enctype enctype, + int kvno) +{ + char princ[256], kvno_str[25], *kt_name; + char *enctype_str = NULL; + + krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); + krb5_kt_get_full_name (context, id, &kt_name); + krb5_enctype_to_string(context, enctype, &enctype_str); + + if (kvno) + snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); + else + kvno_str[0] = '\0'; + + krb5_set_error_message (context, ret, + N_("Failed to find %s%s in keytab %s (%s)", + "principal, kvno, keytab file, enctype"), + princ, + kvno_str, + kt_name ? kt_name : "unknown keytab", + enctype_str ? enctype_str : "unknown enctype"); + free(kt_name); + free(enctype_str); + return ret; +} + + +/** * Retrieve the keytab entry for `principal, kvno, enctype' into `entry' - * from the keytab `id'. - * kvno == 0 is a wildcard and gives the keytab with the highest vno. - * Return 0 or an error. + * from the keytab `id'. Matching is done like krb5_kt_compare(). + * + * @param context a Keberos context. + * @param id a keytab. + * @param principal principal to match, NULL matches all principals. + * @param kvno key version to match, 0 matches all key version numbers. + * @param enctype encryption type to match, 0 matches all encryption types. + * @param entry the returned entry, free with krb5_kt_free_entry(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal principal, @@ -337,8 +622,10 @@ krb5_kt_get_entry(krb5_context context, ret = krb5_kt_start_seq_get (context, id, &cursor); if (ret) { - krb5_clear_error_string(context); - return KRB5_KT_NOTFOUND; /* XXX i.e. file not found */ + /* This is needed for krb5_verify_init_creds, but keep error + * string from previous error for the human. */ + context->error_code = KRB5_KT_NOTFOUND; + return KRB5_KT_NOTFOUND; } entry->vno = 0; @@ -361,38 +648,25 @@ krb5_kt_get_entry(krb5_context context, krb5_kt_free_entry(context, &tmp); } krb5_kt_end_seq_get (context, id, &cursor); - if (entry->vno) { - return 0; - } else { - char princ[256], kvno_str[25], *kt_name; - char *enctype_str = NULL; - - krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); - krb5_kt_get_full_name (context, id, &kt_name); - krb5_enctype_to_string(context, enctype, &enctype_str); - - if (kvno) - snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); - else - kvno_str[0] = '\0'; - - krb5_set_error_string (context, - "Failed to find %s%s in keytab %s (%s)", - princ, - kvno_str, - kt_name ? kt_name : "unknown keytab", - enctype_str ? enctype_str : "unknown enctype"); - free(kt_name); - free(enctype_str); - return KRB5_KT_NOTFOUND; - } + if (entry->vno == 0) + return _krb5_kt_principal_not_found(context, KRB5_KT_NOTFOUND, + id, principal, enctype, kvno); + return 0; } -/* +/** * Copy the contents of `in' into `out'. - * Return 0 or an error. */ + * + * @param context a Keberos context. + * @param in the keytab entry to copy. + * @param out the copy of the keytab entry, free with krb5_kt_free_entry(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents(krb5_context context, const krb5_keytab_entry *in, krb5_keytab_entry *out) @@ -417,11 +691,18 @@ fail: return ret; } -/* +/** * Free the contents of `entry'. + * + * @param context a Keberos context. + * @param entry the entry to free + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *entry) { @@ -431,98 +712,182 @@ krb5_kt_free_entry(krb5_context context, return 0; } -/* +/** * Set `cursor' to point at the beginning of `id'. - * Return 0 or an error. + * + * @param context a Keberos context. + * @param id a keytab. + * @param cursor a newly allocated cursor, free with krb5_kt_end_seq_get(). + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { if(id->start_seq_get == NULL) { - krb5_set_error_string(context, - "start_seq_get is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + N_("start_seq_get is not supported " + "in the %s keytab type", ""), + id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->start_seq_get)(context, id, cursor); } -/* - * Get the next entry from `id' pointed to by `cursor' and advance the - * `cursor'. - * Return 0 or an error. +/** + * Get the next entry from keytab, advance the cursor. On last entry + * the function will return KRB5_KT_END. + * + * @param context a Keberos context. + * @param id a keytab. + * @param entry the returned entry, free with krb5_kt_free_entry(). + * @param cursor the cursor of the iteration. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { if(id->next_entry == NULL) { - krb5_set_error_string(context, - "next_entry is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + N_("next_entry is not supported in the %s " + " keytab", ""), + id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->next_entry)(context, id, entry, cursor); } -/* +/** * Release all resources associated with `cursor'. + * + * @param context a Keberos context. + * @param id a keytab. + * @param cursor the cursor to free. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { if(id->end_seq_get == NULL) { - krb5_set_error_string(context, - "end_seq_get is not supported in the %s " - " keytab", id->prefix); + krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, + "end_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->end_seq_get)(context, id, cursor); } -/* +/** * Add the entry in `entry' to the keytab `id'. - * Return 0 or an error. + * + * @param context a Keberos context. + * @param id a keytab. + * @param entry the entry to add + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { if(id->add == NULL) { - krb5_set_error_string(context, "Add is not supported in the %s keytab", - id->prefix); + krb5_set_error_message(context, KRB5_KT_NOWRITE, + N_("Add is not supported in the %s keytab", ""), + id->prefix); return KRB5_KT_NOWRITE; } entry->timestamp = time(NULL); return (*id->add)(context, id,entry); } -/* - * Remove the entry `entry' from the keytab `id'. - * Return 0 or an error. +/** + * Remove an entry from the keytab, matching is done using + * krb5_kt_compare(). + + * @param context a Keberos context. + * @param id a keytab. + * @param entry the entry to remove + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { if(id->remove == NULL) { - krb5_set_error_string(context, - "Remove is not supported in the %s keytab", - id->prefix); + krb5_set_error_message(context, KRB5_KT_NOWRITE, + N_("Remove is not supported in the %s keytab", ""), + id->prefix); return KRB5_KT_NOWRITE; } return (*id->remove)(context, id, entry); } + +/** + * Return true if the keytab exists and have entries + * + * @param context a Keberos context. + * @param id a keytab. + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_keytab + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_kt_have_content(krb5_context context, + krb5_keytab id) +{ + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + krb5_error_code ret; + char *name; + + ret = krb5_kt_start_seq_get(context, id, &cursor); + if (ret) + goto notfound; + + ret = krb5_kt_next_entry(context, id, &entry, &cursor); + krb5_kt_end_seq_get(context, id, &cursor); + if (ret) + goto notfound; + + krb5_kt_free_entry(context, &entry); + + return 0; + + notfound: + ret = krb5_kt_get_full_name(context, id, &name); + if (ret == 0) { + krb5_set_error_message(context, KRB5_KT_NOTFOUND, + N_("No entry in keytab: %s", ""), name); + free(name); + } + return KRB5_KT_NOTFOUND; +} diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c index 54272d48453..d5ac4883db1 100644 --- a/crypto/heimdal/lib/krb5/keytab_any.c +++ b/crypto/heimdal/lib/krb5/keytab_any.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c 17035 2006-04-10 09:20:13Z lha $"); - struct any_data { krb5_keytab kt; char *name; @@ -55,7 +53,7 @@ free_list (krb5_context context, struct any_data *a) } } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_resolve(krb5_context context, const char *name, krb5_keytab id) { struct any_data *a, *a0 = NULL, *prev = NULL; @@ -63,7 +61,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) char buf[256]; while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) { - a = malloc(sizeof(*a)); + a = calloc(1, sizeof(*a)); if (a == NULL) { ret = ENOMEM; goto fail; @@ -72,8 +70,8 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) a0 = a; a->name = strdup(buf); if (a->name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } } else @@ -87,7 +85,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) prev = a; } if (a0 == NULL) { - krb5_set_error_string(context, "empty ANY: keytab"); + krb5_set_error_message(context, ENOENT, N_("empty ANY: keytab", "")); return ENOENT; } id->data = a0; @@ -97,7 +95,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_get_name (krb5_context context, krb5_keytab id, char *name, @@ -108,7 +106,7 @@ any_get_name (krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_close (krb5_context context, krb5_keytab id) { @@ -123,9 +121,9 @@ struct any_cursor_extra_data { krb5_kt_cursor cursor; }; -static krb5_error_code -any_start_seq_get(krb5_context context, - krb5_keytab id, +static krb5_error_code KRB5_CALLCONV +any_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { struct any_data *a = id->data; @@ -134,21 +132,25 @@ any_start_seq_get(krb5_context context, c->data = malloc (sizeof(struct any_cursor_extra_data)); if(c->data == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ed = (struct any_cursor_extra_data *)c->data; - ed->a = a; - ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); - if (ret) { + for (ed->a = a; ed->a != NULL; ed->a = ed->a->next) { + ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret == 0) + break; + } + if (ed->a == NULL) { free (c->data); c->data = NULL; - return ret; + krb5_clear_error_message (context); + return KRB5_KT_END; } return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_next_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, @@ -174,13 +176,13 @@ any_next_entry (krb5_context context, break; } if (ed->a == NULL) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KT_END; } } while (1); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) @@ -196,7 +198,7 @@ any_end_seq_get(krb5_context context, return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -206,8 +208,9 @@ any_add_entry(krb5_context context, while(a != NULL) { ret = krb5_kt_add_entry(context, a->kt, entry); if(ret != 0 && ret != KRB5_KT_NOWRITE) { - krb5_set_error_string(context, "failed to add entry to %s", - a->name); + krb5_set_error_message(context, ret, + N_("failed to add entry to %s", ""), + a->name); return ret; } a = a->next; @@ -215,7 +218,7 @@ any_add_entry(krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV any_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -229,8 +232,10 @@ any_remove_entry(krb5_context context, found++; else { if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { - krb5_set_error_string(context, "failed to remove entry from %s", - a->name); + krb5_set_error_message(context, ret, + N_("Failed to remove keytab " + "entry from %s", "keytab name"), + a->name); return ret; } } @@ -246,6 +251,7 @@ const krb5_kt_ops krb5_any_ops = { any_resolve, any_get_name, any_close, + NULL, /* destroy */ NULL, /* get */ any_start_seq_get, any_next_entry, diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c index 4ada3a463ea..ccaf62fcb4c 100644 --- a/crypto/heimdal/lib/krb5/keytab_file.c +++ b/crypto/heimdal/lib/krb5/keytab_file.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c 17457 2006-05-05 12:36:57Z lha $"); - #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 #define KRB5_KT_VNO KRB5_KT_VNO_2 @@ -62,7 +60,7 @@ krb5_kt_ret_data(krb5_context context, data->length = size; data->data = malloc(size); if (data->data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_storage_read(sp, data->data, size); @@ -83,7 +81,7 @@ krb5_kt_ret_string(krb5_context context, return ret; *data = malloc(size + 1); if (*data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_storage_read(sp, *data, size); @@ -103,7 +101,7 @@ krb5_kt_store_data(krb5_context context, if(ret < 0) return ret; ret = krb5_storage_write(sp, data.data, data.length); - if(ret != data.length){ + if(ret != (int)data.length){ if(ret < 0) return errno; return KRB5_KT_END; @@ -121,7 +119,7 @@ krb5_kt_store_string(krb5_storage *sp, if(ret < 0) return ret; ret = krb5_storage_write(sp, data, len); - if(ret != len){ + if(ret != (int)len){ if(ret < 0) return errno; return KRB5_KT_END; @@ -130,76 +128,113 @@ krb5_kt_store_string(krb5_storage *sp, } static krb5_error_code -krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p) +krb5_kt_ret_keyblock(krb5_context context, + struct fkt_data *fkt, + krb5_storage *sp, + krb5_keyblock *p) { int ret; int16_t tmp; ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */ - if(ret) return ret; + if(ret) { + krb5_set_error_message(context, ret, + N_("Cant read keyblock from file %s", ""), + fkt->filename); + return ret; + } p->keytype = tmp; ret = krb5_kt_ret_data(context, sp, &p->keyvalue); + if (ret) + krb5_set_error_message(context, ret, + N_("Cant read keyblock from file %s", ""), + fkt->filename); return ret; } static krb5_error_code krb5_kt_store_keyblock(krb5_context context, - krb5_storage *sp, + struct fkt_data *fkt, + krb5_storage *sp, krb5_keyblock *p) { int ret; ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */ - if(ret) return ret; + if(ret) { + krb5_set_error_message(context, ret, + N_("Cant store keyblock to file %s", ""), + fkt->filename); + return ret; + } ret = krb5_kt_store_data(context, sp, p->keyvalue); + if (ret) + krb5_set_error_message(context, ret, + N_("Cant store keyblock to file %s", ""), + fkt->filename); return ret; } static krb5_error_code krb5_kt_ret_principal(krb5_context context, + struct fkt_data *fkt, krb5_storage *sp, krb5_principal *princ) { - int i; + size_t i; int ret; krb5_principal p; int16_t len; - + ALLOC(p, 1); if(p == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_ret_int16(sp, &len); if(ret) { - krb5_set_error_string(context, - "Failed decoding length of keytab principal"); + krb5_set_error_message(context, ret, + N_("Failed decoding length of " + "keytab principal in keytab file %s", ""), + fkt->filename); goto out; } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) len--; if (len < 0) { - krb5_set_error_string(context, - "Keytab principal contains invalid length"); ret = KRB5_KT_END; + krb5_set_error_message(context, ret, + N_("Keytab principal contains " + "invalid length in keytab %s", ""), + fkt->filename); goto out; } ret = krb5_kt_ret_string(context, sp, &p->realm); - if(ret) + if(ret) { + krb5_set_error_message(context, ret, + N_("Can't read realm from keytab: %s", ""), + fkt->filename); goto out; + } p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val)); if(p->name.name_string.val == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } p->name.name_string.len = len; for(i = 0; i < p->name.name_string.len; i++){ ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); - if(ret) + if(ret) { + krb5_set_error_message(context, ret, + N_("Can't read principal from " + "keytab: %s", ""), + fkt->filename); goto out; + } } if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) p->name.name_type = KRB5_NT_UNKNOWN; @@ -207,8 +242,13 @@ krb5_kt_ret_principal(krb5_context context, int32_t tmp32; ret = krb5_ret_int32(sp, &tmp32); p->name.name_type = tmp32; - if (ret) + if (ret) { + krb5_set_error_message(context, ret, + N_("Can't read name-type from " + "keytab: %s", ""), + fkt->filename); goto out; + } } *princ = p; return 0; @@ -222,9 +262,9 @@ krb5_kt_store_principal(krb5_context context, krb5_storage *sp, krb5_principal p) { - int i; + size_t i; int ret; - + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) ret = krb5_store_int16(sp, p->name.name_string.len + 1); else @@ -246,20 +286,20 @@ krb5_kt_store_principal(krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct fkt_data *d; d = malloc(sizeof(*d)); if(d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } d->filename = strdup(name); if(d->filename == NULL) { free(d); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } d->flags = 0; @@ -267,7 +307,7 @@ fkt_resolve(krb5_context context, const char *name, krb5_keytab id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id) { krb5_error_code ret; @@ -280,7 +320,7 @@ fkt_resolve_java14(krb5_context context, const char *name, krb5_keytab id) return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fkt_close(krb5_context context, krb5_keytab id) { struct fkt_data *d = id->data; @@ -289,10 +329,18 @@ fkt_close(krb5_context context, krb5_keytab id) return 0; } -static krb5_error_code -fkt_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code KRB5_CALLCONV +fkt_destroy(krb5_context context, krb5_keytab id) +{ + struct fkt_data *d = id->data; + _krb5_erase_file(context, d->filename); + return 0; +} + +static krb5_error_code KRB5_CALLCONV +fkt_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t namesize) { /* This function is XXX */ @@ -314,15 +362,15 @@ storage_set_flags(krb5_context context, krb5_storage *sp, int vno) case KRB5_KT_VNO_2: break; default: - krb5_warnx(context, + krb5_warnx(context, "storage_set_flags called with bad vno (%d)", vno); } krb5_storage_set_flags(sp, flags); } static krb5_error_code -fkt_start_seq_get_int(krb5_context context, - krb5_keytab id, +fkt_start_seq_get_int(krb5_context context, + krb5_keytab id, int flags, int exclusive, krb5_kt_cursor *c) @@ -330,14 +378,16 @@ fkt_start_seq_get_int(krb5_context context, int8_t pvno, tag; krb5_error_code ret; struct fkt_data *d = id->data; - + c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "%s: %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, + N_("keytab %s open failed: %s", ""), + d->filename, strerror(ret)); return ret; } + rk_cloexec(c->fd); ret = _krb5_xlock(context, c->fd, exclusive, d->filename); if (ret) { close(c->fd); @@ -347,7 +397,8 @@ fkt_start_seq_get_int(krb5_context context, if (c->sp == NULL) { _krb5_xunlock(context, c->fd); close(c->fd); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); @@ -356,14 +407,14 @@ fkt_start_seq_get_int(krb5_context context, krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if(pvno != 5) { krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8(c->sp, &tag); @@ -371,7 +422,7 @@ fkt_start_seq_get_int(krb5_context context, krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } id->version = tag; @@ -379,26 +430,28 @@ fkt_start_seq_get_int(krb5_context context, return 0; } -static krb5_error_code -fkt_start_seq_get(krb5_context context, - krb5_keytab id, +static krb5_error_code KRB5_CALLCONV +fkt_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { - return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c); + return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c); } static krb5_error_code -fkt_next_entry_int(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +fkt_next_entry_int(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor, off_t *start, off_t *end) { + struct fkt_data *d = id->data; int32_t len; int ret; int8_t tmp8; int32_t tmp32; + uint32_t utmp32; off_t pos, curpos; pos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR); @@ -410,18 +463,18 @@ loop: pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR); goto loop; } - ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal); + ret = krb5_kt_ret_principal (context, d, cursor->sp, &entry->principal); if (ret) goto out; - ret = krb5_ret_int32(cursor->sp, &tmp32); - entry->timestamp = tmp32; + ret = krb5_ret_uint32(cursor->sp, &utmp32); + entry->timestamp = utmp32; if (ret) goto out; ret = krb5_ret_int8(cursor->sp, &tmp8); if (ret) goto out; entry->vno = tmp8; - ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock); + ret = krb5_kt_ret_keyblock (context, d, cursor->sp, &entry->keyblock); if (ret) goto out; /* there might be a 32 bit kvno here @@ -430,10 +483,19 @@ loop: curpos = krb5_storage_seek(cursor->sp, 0, SEEK_CUR); if(len + 4 + pos - curpos >= 4) { ret = krb5_ret_int32(cursor->sp, &tmp32); - if (ret == 0 && tmp32 != 0) { + if (ret == 0 && tmp32 != 0) entry->vno = tmp32; - } } + /* there might be a flags field here */ + if(len + 4 + pos - curpos >= 8) { + ret = krb5_ret_uint32(cursor->sp, &utmp32); + if (ret == 0) + entry->flags = utmp32; + } else + entry->flags = 0; + + entry->aliases = NULL; + if(start) *start = pos; if(end) *end = pos + 4 + len; out: @@ -441,17 +503,17 @@ loop: return ret; } -static krb5_error_code -fkt_next_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +static krb5_error_code KRB5_CALLCONV +fkt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL); } -static krb5_error_code -fkt_end_seq_get(krb5_context context, +static krb5_error_code KRB5_CALLCONV +fkt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { @@ -461,7 +523,7 @@ fkt_end_seq_get(krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fkt_setup_keytab(krb5_context context, krb5_keytab id, krb5_storage *sp) @@ -474,8 +536,8 @@ fkt_setup_keytab(krb5_context context, id->version = KRB5_KT_VNO; return krb5_store_int8 (sp, id->version); } - -static krb5_error_code + +static krb5_error_code KRB5_CALLCONV fkt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -486,16 +548,19 @@ fkt_add_entry(krb5_context context, struct fkt_data *d = id->data; krb5_data keytab; int32_t len; - - fd = open (d->filename, O_RDWR | O_BINARY); + + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { - fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, + N_("open(%s): %s", ""), d->filename, + strerror(ret)); return ret; } + rk_cloexec(fd); + ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); @@ -510,6 +575,9 @@ fkt_add_entry(krb5_context context, storage_set_flags(context, sp, id->version); } else { int8_t pvno, tag; + + rk_cloexec(fd); + ret = _krb5_xlock(context, fd, 1, d->filename); if (ret) { close(fd); @@ -523,22 +591,26 @@ fkt_add_entry(krb5_context context, properly */ ret = fkt_setup_keytab(context, id, sp); if(ret) { - krb5_set_error_string(context, "%s: keytab is corrupted: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, + N_("%s: keytab is corrupted: %s", ""), + d->filename, strerror(ret)); goto out; } storage_set_flags(context, sp, id->version); } else { if(pvno != 5) { ret = KRB5_KEYTAB_BADVNO; - krb5_set_error_string(context, "%s: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, + N_("Bad version in keytab %s", ""), + d->filename); goto out; } ret = krb5_ret_int8 (sp, &tag); if (ret) { - krb5_set_error_string(context, "%s: reading tag: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, + N_("failed reading tag from " + "keytab %s", ""), + d->filename); goto out; } id->version = tag; @@ -551,25 +623,38 @@ fkt_add_entry(krb5_context context, emem = krb5_storage_emem(); if(emem == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } ret = krb5_kt_store_principal(context, emem, entry->principal); if(ret) { + krb5_set_error_message(context, ret, + N_("Failed storing principal " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_int32 (emem, entry->timestamp); if(ret) { + krb5_set_error_message(context, ret, + N_("Failed storing timpstamp " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_int8 (emem, entry->vno % 256); if(ret) { + krb5_set_error_message(context, ret, + N_("Failed storing kvno " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } - ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock); + ret = krb5_kt_store_keyblock (context, d, emem, &entry->keyblock); if(ret) { krb5_storage_free(emem); goto out; @@ -577,6 +662,19 @@ fkt_add_entry(krb5_context context, if ((d->flags & KRB5_KT_FL_JAVA) == 0) { ret = krb5_store_int32 (emem, entry->vno); if (ret) { + krb5_set_error_message(context, ret, + N_("Failed storing extended kvno " + "in keytab %s", ""), + d->filename); + krb5_storage_free(emem); + goto out; + } + ret = krb5_store_uint32 (emem, entry->flags); + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed storing extended kvno " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } @@ -584,10 +682,15 @@ fkt_add_entry(krb5_context context, ret = krb5_storage_to_data(emem, &keytab); krb5_storage_free(emem); - if(ret) + if(ret) { + krb5_set_error_message(context, ret, + N_("Failed converting keytab entry " + "to memory block for keytab %s", ""), + d->filename); goto out; + } } - + while(1) { ret = krb5_ret_int32(sp, &len); if(ret == KRB5_KT_END) { @@ -596,7 +699,7 @@ fkt_add_entry(krb5_context context, } if(len < 0) { len = -len; - if(len >= keytab.length) { + if(len >= (int)keytab.length) { krb5_storage_seek(sp, -4, SEEK_CUR); break; } @@ -604,8 +707,13 @@ fkt_add_entry(krb5_context context, krb5_storage_seek(sp, len, SEEK_CUR); } ret = krb5_store_int32(sp, len); - if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) + if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) { ret = errno; + krb5_set_error_message(context, ret, + N_("Failed writing keytab block " + "in keytab %s: %s", ""), + d->filename, strerror(ret)); + } memset(keytab.data, 0, keytab.length); krb5_data_free(&keytab); out: @@ -615,7 +723,7 @@ fkt_add_entry(krb5_context context, return ret; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV fkt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -625,13 +733,13 @@ fkt_remove_entry(krb5_context context, off_t pos_start, pos_end; int found = 0; krb5_error_code ret; - - ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor); - if(ret != 0) + + ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor); + if(ret != 0) goto out; /* return other error here? */ - while(fkt_next_entry_int(context, id, &e, &cursor, + while(fkt_next_entry_int(context, id, &e, &cursor, &pos_start, &pos_end) == 0) { - if(krb5_kt_compare(context, &e, entry->principal, + if(krb5_kt_compare(context, &e, entry->principal, entry->vno, entry->keyblock.keytype)) { int32_t len; unsigned char buf[128]; @@ -641,8 +749,9 @@ fkt_remove_entry(krb5_context context, krb5_store_int32(cursor.sp, -len); memset(buf, 0, sizeof(buf)); while(len > 0) { - krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf))); - len -= min(len, sizeof(buf)); + krb5_storage_write(cursor.sp, buf, + min((size_t)len, sizeof(buf))); + len -= min((size_t)len, sizeof(buf)); } } krb5_kt_free_entry(context, &e); @@ -650,7 +759,7 @@ fkt_remove_entry(krb5_context context, krb5_kt_end_seq_get(context, id, &cursor); out: if (!found) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KT_NOTFOUND; } return 0; @@ -661,6 +770,7 @@ const krb5_kt_ops krb5_fkt_ops = { fkt_resolve, fkt_get_name, fkt_close, + fkt_destroy, NULL, /* get */ fkt_start_seq_get, fkt_next_entry, @@ -674,6 +784,7 @@ const krb5_kt_ops krb5_wrfkt_ops = { fkt_resolve, fkt_get_name, fkt_close, + fkt_destroy, NULL, /* get */ fkt_start_seq_get, fkt_next_entry, @@ -687,6 +798,7 @@ const krb5_kt_ops krb5_javakt_ops = { fkt_resolve_java14, fkt_get_name, fkt_close, + fkt_destroy, NULL, /* get */ fkt_start_seq_get, fkt_next_entry, diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 77455ba5f7c..12008321554 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -1,45 +1,45 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c 20695 2007-05-30 14:09:09Z lha $"); +#ifndef HEIMDAL_SMALLER /* afs keyfile operations --------------------------------------- */ /* * Minimum tools to handle the AFS KeyFile. - * + * * Format of the KeyFile is: * {[ ] * numkeys} * @@ -52,7 +52,7 @@ RCSID("$Id: keytab_keyfile.c 20695 2007-05-30 14:09:09Z lha $"); #define AFS_SERVERMAGICKRBCONF "/usr/afs/etc/krb.conf" struct akf_data { - int num_entries; + uint32_t num_entries; char *filename; char *cell; char *realm; @@ -72,13 +72,17 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) f = fopen (AFS_SERVERTHISCELL, "r"); if (f == NULL) { ret = errno; - krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, - strerror(ret)); + krb5_set_error_message (context, ret, + N_("Open ThisCell %s: %s", ""), + AFS_SERVERTHISCELL, + strerror(ret)); return ret; } if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); - krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); + krb5_set_error_message (context, EINVAL, + N_("No cell in ThisCell file %s", ""), + AFS_SERVERTHISCELL); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -86,7 +90,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) d->cell = strdup (buf); if (d->cell == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -96,8 +101,9 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) free (d->cell); d->cell = NULL; fclose (f); - krb5_set_error_string (context, "no realm in %s", - AFS_SERVERMAGICKRBCONF); + krb5_set_error_message (context, EINVAL, + N_("No realm in ThisCell file %s", ""), + AFS_SERVERMAGICKRBCONF); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -106,12 +112,13 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) /* uppercase */ for (cp = buf; *cp != '\0'; cp++) *cp = toupper((unsigned char)*cp); - + d->realm = strdup (buf); if (d->realm == NULL) { free (d->cell); d->cell = NULL; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -121,17 +128,18 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) * init and get filename */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV akf_resolve(krb5_context context, const char *name, krb5_keytab id) { int ret; struct akf_data *d = malloc(sizeof (struct akf_data)); if (d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - + d->num_entries = 0; ret = get_cell_and_realm (context, d); if (ret) { @@ -143,11 +151,12 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) free (d->cell); free (d->realm); free (d); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } id->data = d; - + return 0; } @@ -155,7 +164,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) * cleanup */ -static krb5_error_code +static krb5_error_code KRB5_CALLCONV akf_close(krb5_context context, krb5_keytab id) { struct akf_data *d = id->data; @@ -170,10 +179,10 @@ akf_close(krb5_context context, krb5_keytab id) * Return filename */ -static krb5_error_code -akf_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code KRB5_CALLCONV +akf_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t name_sz) { struct akf_data *d = id->data; @@ -183,31 +192,40 @@ akf_get_name(krb5_context context, } /* - * Init + * Init */ -static krb5_error_code -akf_start_seq_get(krb5_context context, - krb5_keytab id, +static krb5_error_code KRB5_CALLCONV +akf_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { int32_t ret; struct akf_data *d = id->data; - c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); + c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600); if (c->fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, + N_("keytab afs keyfile open %s failed: %s", ""), + d->filename, strerror(ret)); return ret; } + c->data = NULL; c->sp = krb5_storage_from_fd(c->fd); - ret = krb5_ret_int32(c->sp, &d->num_entries); - if(ret) { + if (c->sp == NULL) { + close(c->fd); + krb5_clear_error_message (context); + return KRB5_KT_NOTFOUND; + } + krb5_storage_set_eof_code(c->sp, KRB5_KT_END); + + ret = krb5_ret_uint32(c->sp, &d->num_entries); + if(ret || d->num_entries > INT_MAX / 8) { krb5_storage_free(c->sp); close(c->fd); - krb5_clear_error_string (context); + krb5_clear_error_message (context); if(ret == KRB5_KT_END) return KRB5_KT_NOTFOUND; return ret; @@ -216,10 +234,10 @@ akf_start_seq_get(krb5_context context, return 0; } -static krb5_error_code -akf_next_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +static krb5_error_code KRB5_CALLCONV +akf_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { struct akf_data *d = id->data; @@ -245,12 +263,16 @@ akf_next_entry(krb5_context context, entry->vno = kvno; - entry->keyblock.keytype = ETYPE_DES_CBC_MD5; + if (cursor->data) + entry->keyblock.keytype = ETYPE_DES_CBC_MD5; + else + entry->keyblock.keytype = ETYPE_DES_CBC_CRC; entry->keyblock.keyvalue.length = 8; entry->keyblock.keyvalue.data = malloc (8); if (entry->keyblock.keyvalue.data == NULL) { krb5_free_principal (context, entry->principal); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); ret = ENOMEM; goto out; } @@ -262,23 +284,30 @@ akf_next_entry(krb5_context context, ret = 0; entry->timestamp = time(NULL); + entry->flags = 0; + entry->aliases = NULL; out: - krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET); + if (cursor->data) { + krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET); + cursor->data = NULL; + } else + cursor->data = cursor; return ret; } -static krb5_error_code -akf_end_seq_get(krb5_context context, +static krb5_error_code KRB5_CALLCONV +akf_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { krb5_storage_free(cursor->sp); close(cursor->fd); + cursor->data = NULL; return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV akf_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -301,14 +330,16 @@ akf_add_entry(krb5_context context, return 0; } - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); + krb5_set_error_message(context, ret, + N_("open keyfile(%s): %s", ""), + d->filename, + strerror(ret)); return ret; } created = 1; @@ -317,7 +348,8 @@ akf_add_entry(krb5_context context, sp = krb5_storage_from_fd(fd); if(sp == NULL) { close(fd); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if (created) @@ -327,10 +359,12 @@ akf_add_entry(krb5_context context, ret = errno; krb5_storage_free(sp); close(fd); - krb5_set_error_string (context, "seek: %s", strerror(ret)); + krb5_set_error_message(context, ret, + N_("seeking in keyfile: %s", ""), + strerror(ret)); return ret; } - + ret = krb5_ret_int32(sp, &len); if(ret) { krb5_storage_free(sp); @@ -350,11 +384,15 @@ akf_add_entry(krb5_context context, for (i = 0; i < len; i++) { ret = krb5_ret_int32(sp, &kvno); if (ret) { - krb5_set_error_string (context, "Failed to get kvno "); + krb5_set_error_message (context, ret, + N_("Failed getting kvno from keyfile", "")); goto out; } if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { - krb5_set_error_string (context, "seek: %s", strerror(ret)); + ret = errno; + krb5_set_error_message (context, ret, + N_("Failed seeing in keyfile: %s", ""), + strerror(ret)); goto out; } if (kvno == entry->vno) { @@ -365,38 +403,45 @@ akf_add_entry(krb5_context context, } len++; - + if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { ret = errno; - krb5_set_error_string (context, "seek: %s", strerror(ret)); + krb5_set_error_message (context, ret, + N_("Failed seeing in keyfile: %s", ""), + strerror(ret)); goto out; } - + ret = krb5_store_int32(sp, len); if(ret) { - krb5_set_error_string(context, "keytab keyfile failed new length"); + ret = errno; + krb5_set_error_message (context, ret, + N_("keytab keyfile failed new length", "")); return ret; } if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { ret = errno; - krb5_set_error_string (context, "seek to end: %s", strerror(ret)); + krb5_set_error_message (context, ret, + N_("seek to end: %s", ""), strerror(ret)); goto out; } - + ret = krb5_store_int32(sp, entry->vno); if(ret) { - krb5_set_error_string(context, "keytab keyfile failed store kvno"); + krb5_set_error_message(context, ret, + N_("keytab keyfile failed store kvno", "")); goto out; } - ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, + ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, entry->keyblock.keyvalue.length); if(ret != entry->keyblock.keyvalue.length) { if (ret < 0) ret = errno; else ret = ENOTTY; - krb5_set_error_string(context, "keytab keyfile failed to add key"); + krb5_set_error_message(context, ret, + N_("keytab keyfile failed to add key", "")); goto out; } ret = 0; @@ -411,6 +456,7 @@ const krb5_kt_ops krb5_akf_ops = { akf_resolve, akf_get_name, akf_close, + NULL, /* destroy */ NULL, /* get */ akf_start_seq_get, akf_next_entry, @@ -418,3 +464,5 @@ const krb5_kt_ops krb5_akf_ops = { akf_add_entry, NULL /* remove */ }; + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c deleted file mode 100644 index 907836c144f..00000000000 --- a/crypto/heimdal/lib/krb5/keytab_krb4.c +++ /dev/null @@ -1,448 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: keytab_krb4.c 17046 2006-04-10 17:10:53Z lha $"); - -struct krb4_kt_data { - char *filename; -}; - -static krb5_error_code -krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id) -{ - struct krb4_kt_data *d; - - d = malloc (sizeof(*d)); - if (d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - d->filename = strdup (name); - if (d->filename == NULL) { - free(d); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - id->data = d; - return 0; -} - -static krb5_error_code -krb4_kt_get_name (krb5_context context, - krb5_keytab id, - char *name, - size_t name_sz) -{ - struct krb4_kt_data *d = id->data; - - strlcpy (name, d->filename, name_sz); - return 0; -} - -static krb5_error_code -krb4_kt_close (krb5_context context, - krb5_keytab id) -{ - struct krb4_kt_data *d = id->data; - - free (d->filename); - free (d); - return 0; -} - -struct krb4_cursor_extra_data { - krb5_keytab_entry entry; - int num; -}; - -static int -open_flock(const char *filename, int flags, int mode) -{ - int lock_mode; - int tries = 0; - int fd = open(filename, flags, mode); - if(fd < 0) - return fd; - if((flags & O_ACCMODE) == O_RDONLY) - lock_mode = LOCK_SH | LOCK_NB; - else - lock_mode = LOCK_EX | LOCK_NB; - while(flock(fd, lock_mode) < 0) { - if(++tries < 5) { - sleep(1); - } else { - close(fd); - return -1; - } - } - return fd; -} - - - -static krb5_error_code -krb4_kt_start_seq_get_int (krb5_context context, - krb5_keytab id, - int flags, - krb5_kt_cursor *c) -{ - struct krb4_kt_data *d = id->data; - struct krb4_cursor_extra_data *ed; - int ret; - - ed = malloc (sizeof(*ed)); - if (ed == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ed->entry.principal = NULL; - ed->num = -1; - c->data = ed; - c->fd = open_flock (d->filename, flags, 0); - if (c->fd < 0) { - ret = errno; - free (ed); - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); - return ret; - } - c->sp = krb5_storage_from_fd(c->fd); - if(c->sp == NULL) { - close(c->fd); - free(ed); - return ENOMEM; - } - krb5_storage_set_eof_code(c->sp, KRB5_KT_END); - return 0; -} - -static krb5_error_code -krb4_kt_start_seq_get (krb5_context context, - krb5_keytab id, - krb5_kt_cursor *c) -{ - return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c); -} - -static krb5_error_code -read_v4_entry (krb5_context context, - struct krb4_kt_data *d, - krb5_kt_cursor *c, - struct krb4_cursor_extra_data *ed) -{ - unsigned char des_key[8]; - krb5_error_code ret; - char *service, *instance, *realm; - int8_t kvno; - - ret = krb5_ret_stringz(c->sp, &service); - if (ret) - return ret; - ret = krb5_ret_stringz(c->sp, &instance); - if (ret) { - free (service); - return ret; - } - ret = krb5_ret_stringz(c->sp, &realm); - if (ret) { - free (service); - free (instance); - return ret; - } - ret = krb5_425_conv_principal (context, service, instance, realm, - &ed->entry.principal); - free (service); - free (instance); - free (realm); - if (ret) - return ret; - ret = krb5_ret_int8(c->sp, &kvno); - if (ret) { - krb5_free_principal (context, ed->entry.principal); - return ret; - } - ret = krb5_storage_read(c->sp, des_key, sizeof(des_key)); - if (ret < 0) { - krb5_free_principal(context, ed->entry.principal); - return ret; - } - if (ret < 8) { - krb5_free_principal(context, ed->entry.principal); - return EINVAL; - } - ed->entry.vno = kvno; - ret = krb5_data_copy (&ed->entry.keyblock.keyvalue, - des_key, sizeof(des_key)); - if (ret) - return ret; - ed->entry.timestamp = time(NULL); - ed->num = 0; - return 0; -} - -static krb5_error_code -krb4_kt_next_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, - krb5_kt_cursor *c) -{ - krb5_error_code ret; - struct krb4_kt_data *d = id->data; - struct krb4_cursor_extra_data *ed = c->data; - const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC}; - - if (ed->num == -1) { - ret = read_v4_entry (context, d, c, ed); - if (ret) - return ret; - } - ret = krb5_kt_copy_entry_contents (context, - &ed->entry, - entry); - if (ret) - return ret; - entry->keyblock.keytype = keytypes[ed->num]; - if (++ed->num == 3) { - krb5_kt_free_entry (context, &ed->entry); - ed->num = -1; - } - return 0; -} - -static krb5_error_code -krb4_kt_end_seq_get (krb5_context context, - krb5_keytab id, - krb5_kt_cursor *c) -{ - struct krb4_cursor_extra_data *ed = c->data; - - krb5_storage_free (c->sp); - if (ed->num != -1) - krb5_kt_free_entry (context, &ed->entry); - free (c->data); - close (c->fd); - return 0; -} - -static krb5_error_code -krb4_store_keytab_entry(krb5_context context, - krb5_keytab_entry *entry, - krb5_storage *sp) -{ - krb5_error_code ret; -#define ANAME_SZ 40 -#define INST_SZ 40 -#define REALM_SZ 40 - char service[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; - ret = krb5_524_conv_principal (context, entry->principal, - service, instance, realm); - if (ret) - return ret; - if (entry->keyblock.keyvalue.length == 8 - && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { - ret = krb5_store_stringz(sp, service); - ret = krb5_store_stringz(sp, instance); - ret = krb5_store_stringz(sp, realm); - ret = krb5_store_int8(sp, entry->vno); - ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8); - } - return 0; -} - -static krb5_error_code -krb4_kt_add_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) -{ - struct krb4_kt_data *d = id->data; - krb5_storage *sp; - krb5_error_code ret; - int fd; - - fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0); - if (fd < 0) { - fd = open_flock (d->filename, - O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); - if (fd < 0) { - ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); - return ret; - } - } - sp = krb5_storage_from_fd(fd); - if(sp == NULL) { - close(fd); - return ENOMEM; - } - krb5_storage_set_eof_code(sp, KRB5_KT_END); - ret = krb4_store_keytab_entry(context, entry, sp); - krb5_storage_free(sp); - if(close (fd) < 0) - return errno; - return ret; -} - -static krb5_error_code -krb4_kt_remove_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) -{ - struct krb4_kt_data *d = id->data; - krb5_error_code ret; - krb5_keytab_entry e; - krb5_kt_cursor cursor; - krb5_storage *sp; - int remove_flag = 0; - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = krb5_kt_start_seq_get(context, id, &cursor); - if (ret) { - krb5_storage_free(sp); - return ret; - } - while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) { - if(!krb5_kt_compare(context, &e, entry->principal, - entry->vno, entry->keyblock.keytype)) { - ret = krb4_store_keytab_entry(context, &e, sp); - if(ret) { - krb5_kt_free_entry(context, &e); - krb5_storage_free(sp); - return ret; - } - } else - remove_flag = 1; - krb5_kt_free_entry(context, &e); - } - krb5_kt_end_seq_get(context, id, &cursor); - if(remove_flag) { - int fd; - unsigned char buf[1024]; - ssize_t n; - krb5_data data; - struct stat st; - - krb5_storage_to_data(sp, &data); - krb5_storage_free(sp); - - fd = open_flock (d->filename, O_RDWR | O_BINARY, 0); - if(fd < 0) { - memset(data.data, 0, data.length); - krb5_data_free(&data); - if(errno == EACCES || errno == EROFS) - return KRB5_KT_NOWRITE; - return errno; - } - - if(write(fd, data.data, data.length) != data.length) { - memset(data.data, 0, data.length); - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); - return errno; - } - memset(data.data, 0, data.length); - if(fstat(fd, &st) < 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename); - return errno; - } - st.st_size -= data.length; - memset(buf, 0, sizeof(buf)); - while(st.st_size > 0) { - n = min(st.st_size, sizeof(buf)); - n = write(fd, buf, n); - if(n <= 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); - return errno; - - } - st.st_size -= n; - } - if(ftruncate(fd, data.length) < 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed truncating \"%s\"", d->filename); - return errno; - } - krb5_data_free(&data); - if(close(fd) < 0) { - krb5_set_error_string(context, "error closing \"%s\"", d->filename); - return errno; - } - return 0; - } else { - krb5_storage_free(sp); - return KRB5_KT_NOTFOUND; - } -} - - -const krb5_kt_ops krb4_fkt_ops = { - "krb4", - krb4_kt_resolve, - krb4_kt_get_name, - krb4_kt_close, - NULL, /* get */ - krb4_kt_start_seq_get, - krb4_kt_next_entry, - krb4_kt_end_seq_get, - krb4_kt_add_entry, /* add_entry */ - krb4_kt_remove_entry /* remove_entry */ -}; - -const krb5_kt_ops krb5_srvtab_fkt_ops = { - "SRVTAB", - krb4_kt_resolve, - krb4_kt_get_name, - krb4_kt_close, - NULL, /* get */ - krb4_kt_start_seq_get, - krb4_kt_next_entry, - krb4_kt_end_seq_get, - krb4_kt_add_entry, /* add_entry */ - krb4_kt_remove_entry /* remove_entry */ -}; diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c index 0ad8720c3fb..0ee684d3638 100644 --- a/crypto/heimdal/lib/krb5/keytab_memory.c +++ b/crypto/heimdal/lib/krb5/keytab_memory.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c 16352 2005-12-05 18:39:46Z lha $"); - /* memory operations -------------------------------------------- */ struct mkt_data { @@ -45,14 +43,14 @@ struct mkt_data { struct mkt_data *next; }; -/* this mutex protects mkt_head, ->refcount, and ->next +/* this mutex protects mkt_head, ->refcount, and ->next * content is not protected (name is static and need no protection) */ static HEIMDAL_MUTEX mkt_mutex = HEIMDAL_MUTEX_INITIALIZER; static struct mkt_data *mkt_head; -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct mkt_data *d; @@ -75,14 +73,16 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) d = calloc(1, sizeof(*d)); if(d == NULL) { HEIMDAL_MUTEX_unlock(&mkt_mutex); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } d->name = strdup(name); if (d->name == NULL) { HEIMDAL_MUTEX_unlock(&mkt_mutex); free(d); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } d->entries = NULL; @@ -95,7 +95,7 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mkt_close(krb5_context context, krb5_keytab id) { struct mkt_data *d = id->data, **dp; @@ -103,7 +103,7 @@ mkt_close(krb5_context context, krb5_keytab id) HEIMDAL_MUTEX_lock(&mkt_mutex); if (d->refcount < 1) - krb5_abortx(context, + krb5_abortx(context, "krb5 internal error, memory keytab refcount < 1 on close"); if (--d->refcount > 0) { @@ -126,10 +126,10 @@ mkt_close(krb5_context context, krb5_keytab id) return 0; } -static krb5_error_code -mkt_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code KRB5_CALLCONV +mkt_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t namesize) { struct mkt_data *d = id->data; @@ -137,9 +137,9 @@ mkt_get_name(krb5_context context, return 0; } -static krb5_error_code -mkt_start_seq_get(krb5_context context, - krb5_keytab id, +static krb5_error_code KRB5_CALLCONV +mkt_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { /* XXX */ @@ -147,10 +147,10 @@ mkt_start_seq_get(krb5_context context, return 0; } -static krb5_error_code -mkt_next_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +static krb5_error_code KRB5_CALLCONV +mkt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *c) { struct mkt_data *d = id->data; @@ -159,15 +159,15 @@ mkt_next_entry(krb5_context context, return krb5_kt_copy_entry_contents(context, &d->entries[c->fd++], entry); } -static krb5_error_code -mkt_end_seq_get(krb5_context context, +static krb5_error_code KRB5_CALLCONV +mkt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mkt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -176,15 +176,16 @@ mkt_add_entry(krb5_context context, krb5_keytab_entry *tmp; tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } d->entries = tmp; - return krb5_kt_copy_entry_contents(context, entry, + return krb5_kt_copy_entry_contents(context, entry, &d->entries[d->num_entries++]); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mkt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) @@ -192,15 +193,15 @@ mkt_remove_entry(krb5_context context, struct mkt_data *d = id->data; krb5_keytab_entry *e, *end; int found = 0; - + if (d->num_entries == 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_KT_NOTFOUND; } /* do this backwards to minimize copying */ for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) { - if(krb5_kt_compare(context, e, entry->principal, + if(krb5_kt_compare(context, e, entry->principal, entry->vno, entry->keyblock.keytype)) { krb5_kt_free_entry(context, e); memmove(e, e + 1, (end - e - 1) * sizeof(*e)); @@ -211,7 +212,7 @@ mkt_remove_entry(krb5_context context, } } if (!found) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KT_NOTFOUND; } e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); @@ -225,6 +226,7 @@ const krb5_kt_ops krb5_mkt_ops = { mkt_resolve, mkt_get_name, mkt_close, + NULL, /* destroy */ NULL, /* get */ mkt_start_seq_get, mkt_next_entry, diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h index 7e04446fe07..956e00e4aaf 100644 --- a/crypto/heimdal/lib/krb5/krb5-private.h +++ b/crypto/heimdal/lib/krb5/krb5-private.h @@ -4,14 +4,59 @@ #include -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt ( - const unsigned char */*in*/, - unsigned char */*out*/, +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef KRB5_DEPRECATED_FUNCTION +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define KRB5_DEPRECATED_FUNCTION(X) __attribute__((__deprecated__)) +#else +#define KRB5_DEPRECATED_FUNCTION(X) +#endif +#endif + + +void +_heim_krb5_ipc_client_clear_target (void); + +void +_heim_krb5_ipc_client_set_target_uid (uid_t /*uid*/); + +void +_krb5_DES3_random_to_key ( + krb5_context /*context*/, + krb5_keyblock */*key*/, + const void */*data*/, + size_t /*size*/); + +krb5_error_code +_krb5_HMAC_MD5_checksum ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + const void */*data*/, size_t /*len*/, - const AES_KEY */*key*/, - unsigned char */*ivec*/, - const int /*encryptp*/); + unsigned /*usage*/, + Checksum */*result*/); + +krb5_error_code +_krb5_SP_HMAC_SHA1_checksum ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + Checksum */*result*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_build_authenticator ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_enctype /*enctype*/, + krb5_creds */*cred*/, + Checksum */*cksum*/, + krb5_data */*result*/, + krb5_key_usage /*usage*/); krb5_error_code _krb5_cc_allocate ( @@ -19,6 +64,53 @@ _krb5_cc_allocate ( const krb5_cc_ops */*ops*/, krb5_ccache */*id*/); +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_config_copy ( + krb5_context /*context*/, + krb5_config_section */*c*/, + krb5_config_section **/*head*/); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_get ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + ...); + +krb5_config_section * +_krb5_config_get_entry ( + krb5_config_section **/*parent*/, + const char */*name*/, + int /*type*/); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_get_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + ...); + +const void * +_krb5_config_vget ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + int /*type*/, + va_list /*args*/); + +KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL +_krb5_config_vget_next ( + krb5_context /*context*/, + const krb5_config_section */*c*/, + const krb5_config_binding **/*pointer*/, + int /*type*/, + va_list /*args*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_copy_send_to_kdc_func ( + krb5_context /*context*/, + krb5_context /*to*/); + void _krb5_crc_init_table (void); @@ -28,6 +120,43 @@ _krb5_crc_update ( size_t /*len*/, uint32_t /*res*/); +void KRB5_LIB_FUNCTION +_krb5_debug ( + krb5_context /*context*/, + int /*level*/, + const char */*fmt*/, + ...) + __attribute__((format (printf, 3, 4))); + +void +_krb5_debug_backtrace (krb5_context /*context*/); + +krb5_error_code +_krb5_derive_key ( + krb5_context /*context*/, + struct _krb5_encryption_type */*et*/, + struct _krb5_key_data */*key*/, + const void */*constant*/, + size_t /*len*/); + +krb5_error_code +_krb5_des_checksum ( + krb5_context /*context*/, + const EVP_MD */*evp_md*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + Checksum */*cksum*/); + +krb5_error_code +_krb5_des_verify ( + krb5_context /*context*/, + const EVP_MD */*evp_md*/, + struct _krb5_key_data */*key*/, + const void */*data*/, + size_t /*len*/, + Checksum */*C*/); + krb5_error_code _krb5_dh_group_ok ( krb5_context /*context*/, @@ -38,11 +167,47 @@ _krb5_dh_group_ok ( struct krb5_dh_moduli **/*moduli*/, char **/*name*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_enctype_to_oid ( +krb5_error_code +_krb5_einval ( krb5_context /*context*/, - krb5_enctype /*etype*/, - heim_oid */*oid*/); + const char */*func*/, + unsigned long /*argn*/); + +krb5_error_code +_krb5_erase_file ( + krb5_context /*context*/, + const char */*filename*/); + +void +_krb5_evp_cleanup ( + krb5_context /*context*/, + struct _krb5_key_data */*kd*/); + +krb5_error_code +_krb5_evp_encrypt ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + void */*data*/, + size_t /*len*/, + krb5_boolean /*encryptp*/, + int /*usage*/, + void */*ivec*/); + +krb5_error_code +_krb5_evp_encrypt_cts ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + void */*data*/, + size_t /*len*/, + krb5_boolean /*encryptp*/, + int /*usage*/, + void */*ivec*/); + +void +_krb5_evp_schedule ( + krb5_context /*context*/, + struct _krb5_key_type */*kt*/, + struct _krb5_key_data */*kd*/); krb5_error_code _krb5_expand_default_cc_name ( @@ -50,6 +215,12 @@ _krb5_expand_default_cc_name ( const char */*str*/, char **/*res*/); +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_path_tokens ( + krb5_context /*context*/, + const char */*path_in*/, + char **/*ppath_out*/); + int _krb5_extract_ticket ( krb5_context /*context*/, @@ -64,43 +235,57 @@ _krb5_extract_ticket ( krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/); +struct _krb5_checksum_type * +_krb5_find_checksum (krb5_cksumtype /*type*/); + +struct _krb5_encryption_type * +_krb5_find_enctype (krb5_enctype /*type*/); + +void +_krb5_free_key_data ( + krb5_context /*context*/, + struct _krb5_key_data */*key*/, + struct _krb5_encryption_type */*et*/); + void _krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); void _krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/); +krb5_error_code +_krb5_get_cred_kdc_any ( + krb5_context /*context*/, + krb5_kdc_flags /*flags*/, + krb5_ccache /*ccache*/, + krb5_creds */*in_creds*/, + krb5_principal /*impersonate_principal*/, + Ticket */*second_ticket*/, + krb5_creds **/*out_creds*/, + krb5_creds ***/*ret_tgts*/); + +char * +_krb5_get_default_cc_name_from_registry (krb5_context /*context*/); + +char * +_krb5_get_default_config_config_files_from_registry (void); + krb5_error_code _krb5_get_default_principal_local ( krb5_context /*context*/, krb5_principal */*princ*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_get_host_realm_int ( krb5_context /*context*/, const char */*host*/, krb5_boolean /*use_dns*/, krb5_realm **/*realms*/); -krb5_error_code -_krb5_get_init_creds_opt_copy ( - krb5_context /*context*/, - const krb5_get_init_creds_opt */*in*/, - krb5_get_init_creds_opt **/*out*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/); -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_set_krb5_error ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - const KRB_ERROR */*error*/); - -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_get_int ( void */*buffer*/, unsigned long */*value*/, @@ -113,27 +298,40 @@ _krb5_get_krbtgt ( krb5_realm /*realm*/, krb5_creds **/*cred*/); -krb5_error_code -_krb5_kcm_chmod ( +krb5_boolean KRB5_LIB_FUNCTION +_krb5_have_debug ( krb5_context /*context*/, - krb5_ccache /*id*/, - uint16_t /*mode*/); + int /*level*/); + +krb5_boolean +_krb5_homedir_access (krb5_context /*context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_init_etype ( + krb5_context /*context*/, + krb5_pdu /*pdu_type*/, + unsigned */*len*/, + krb5_enctype **/*val*/, + const krb5_enctype */*etypes*/); krb5_error_code -_krb5_kcm_chown ( +_krb5_internal_hmac ( krb5_context /*context*/, - krb5_ccache /*id*/, - uint32_t /*uid*/, - uint32_t /*gid*/); + struct _krb5_checksum_type */*cm*/, + const void */*data*/, + size_t /*len*/, + unsigned /*usage*/, + struct _krb5_key_data */*keyblock*/, + Checksum */*result*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_initial_ticket ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_principal /*server*/, krb5_keyblock */*key*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_get_ticket ( krb5_context /*context*/, krb5_ccache /*id*/, @@ -141,15 +339,15 @@ _krb5_kcm_get_ticket ( krb5_enctype /*enctype*/, krb5_principal /*server*/); -krb5_boolean +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL _krb5_kcm_is_running (krb5_context /*context*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_kcm_noop ( krb5_context /*context*/, krb5_ccache /*id*/); -krb5_error_code +krb5_error_code KRB5_CALLCONV _krb5_kdc_retry ( krb5_context /*context*/, krb5_sendto_ctx /*ctx*/, @@ -157,114 +355,33 @@ _krb5_kdc_retry ( const krb5_data */*reply*/, int */*action*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_cr_err_reply ( - krb5_context /*context*/, - const char */*name*/, - const char */*inst*/, - const char */*realm*/, - uint32_t /*time_ws*/, - uint32_t /*e*/, - const char */*e_string*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_auth_reply ( - krb5_context /*context*/, - const char */*pname*/, - const char */*pinst*/, - const char */*prealm*/, - int32_t /*time_ws*/, - int /*n*/, - uint32_t /*x_date*/, - unsigned char /*kvno*/, - const krb5_data */*cipher*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ciph ( - krb5_context /*context*/, - const krb5_keyblock */*session*/, - const char */*service*/, - const char */*instance*/, - const char */*realm*/, - uint32_t /*life*/, - unsigned char /*kvno*/, - const krb5_data */*ticket*/, - uint32_t /*kdc_time*/, - const krb5_keyblock */*key*/, - krb5_data */*enc_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ticket ( - krb5_context /*context*/, - unsigned char /*flags*/, - const char */*pname*/, - const char */*pinstance*/, - const char */*prealm*/, - int32_t /*paddress*/, - const krb5_keyblock */*session*/, - int16_t /*life*/, - int32_t /*life_sec*/, - const char */*sname*/, - const char */*sinstance*/, - const krb5_keyblock */*key*/, - krb5_data */*enc_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_decomp_ticket ( - krb5_context /*context*/, - const krb5_data */*enc_ticket*/, - const krb5_keyblock */*key*/, - const char */*local_realm*/, - char **/*sname*/, - char **/*sinstance*/, - struct _krb5_krb_auth_data */*ad*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_dest_tkt ( - krb5_context /*context*/, - const char */*tkfile*/); - -void KRB5_LIB_FUNCTION -_krb5_krb_free_auth_data ( - krb5_context /*context*/, - struct _krb5_krb_auth_data */*ad*/); - -time_t KRB5_LIB_FUNCTION -_krb5_krb_life_to_time ( - int /*start*/, - int /*life_*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_rd_req ( - krb5_context /*context*/, - krb5_data */*authent*/, - const char */*service*/, - const char */*instance*/, - const char */*local_realm*/, - int32_t /*from_addr*/, - const krb5_keyblock */*key*/, - struct _krb5_krb_auth_data */*ad*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_tf_setup ( - krb5_context /*context*/, - struct credentials */*v4creds*/, - const char */*tkfile*/, - int /*append*/); - -int KRB5_LIB_FUNCTION -_krb5_krb_time_to_life ( - time_t /*start*/, - time_t /*end*/); - krb5_error_code _krb5_krbhost_info_move ( krb5_context /*context*/, krb5_krbhst_info */*from*/, krb5_krbhst_info **/*to*/); +const char * +_krb5_krbhst_get_realm (krb5_krbhst_handle /*handle*/); + +krb5_error_code +_krb5_kt_principal_not_found ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + krb5_keytab /*id*/, + krb5_const_principal /*principal*/, + krb5_enctype /*enctype*/, + int /*kvno*/); + +krb5_error_code +_krb5_load_ccache_plugins (krb5_context /*context*/); + +void +_krb5_load_plugins ( + krb5_context /*context*/, + const char */*name*/, + const char **/*paths*/); + krb5_error_code _krb5_mk_req_internal ( krb5_context /*context*/, @@ -276,19 +393,13 @@ _krb5_mk_req_internal ( krb5_key_usage /*checksum_usage*/, krb5_key_usage /*encrypt_usage*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_n_fold ( const void */*str*/, size_t /*len*/, void */*key*/, size_t /*size*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_oid_to_enctype ( - krb5_context /*context*/, - const heim_oid */*oid*/, - krb5_enctype */*etype*/); - krb5_error_code _krb5_pac_sign ( krb5_context /*context*/, @@ -313,15 +424,24 @@ _krb5_parse_moduli_line ( char */*p*/, struct krb5_dh_moduli **/*m*/); -void KRB5_LIB_FUNCTION -_krb5_pk_allow_proxy_certificate ( - struct krb5_pk_identity */*id*/, - int /*boolean*/); - -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); -krb5_error_code KRB5_LIB_FUNCTION +krb5_error_code +_krb5_pk_kdf ( + krb5_context /*context*/, + const struct AlgorithmIdentifier */*ai*/, + const void */*dhdata*/, + size_t /*dhsize*/, + krb5_const_principal /*client*/, + krb5_const_principal /*server*/, + krb5_enctype /*enctype*/, + const krb5_data */*as_req*/, + const krb5_data */*pk_as_rep*/, + const Ticket */*ticket*/, + krb5_keyblock */*key*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_load_id ( krb5_context /*context*/, struct krb5_pk_identity **/*ret_id*/, @@ -333,17 +453,19 @@ _krb5_pk_load_id ( void */*prompter_data*/, char */*password*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_ContentInfo ( krb5_context /*context*/, const krb5_data */*buf*/, const heim_oid */*oid*/, struct ContentInfo */*content_info*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_padata ( krb5_context /*context*/, void */*c*/, + int /*ic_flags*/, + int /*win2k*/, const KDC_REQ_BODY */*req_body*/, unsigned /*nonce*/, METHOD_DATA */*md*/); @@ -358,7 +480,7 @@ _krb5_pk_octetstring2key ( const heim_octet_string */*k_n*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_rd_pa_reply ( krb5_context /*context*/, const char */*realm*/, @@ -370,16 +492,6 @@ _krb5_pk_rd_pa_reply ( PA_DATA */*pa*/, krb5_keyblock **/*key*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_verify_sign ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - struct krb5_pk_identity */*id*/, - heim_oid */*contentType*/, - krb5_data */*content*/, - struct krb5_pk_cert **/*signer*/); - krb5_error_code _krb5_plugin_find ( krb5_context /*context*/, @@ -396,30 +508,41 @@ _krb5_plugin_get_next (struct krb5_plugin */*p*/); void * _krb5_plugin_get_symbol (struct krb5_plugin */*p*/); -krb5_error_code KRB5_LIB_FUNCTION +krb5_error_code +_krb5_plugin_run_f ( + krb5_context /*context*/, + const char */*module*/, + const char */*name*/, + int /*min_version*/, + int /*flags*/, + void */*userctx*/, + krb5_error_code (*/*func*/)(krb5_context, const void *, void *, void *)); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principal2principalname ( PrincipalName */*p*/, const krb5_principal /*from*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_principal_compare_PrincipalName ( + krb5_context /*context*/, + krb5_const_principal /*princ1*/, + PrincipalName */*princ2*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_principalname2krb5_principal ( krb5_context /*context*/, krb5_principal */*principal*/, const PrincipalName /*from*/, const Realm /*realm*/); -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL _krb5_put_int ( void */*buffer*/, unsigned long /*value*/, size_t /*size*/); -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_req_out_ctx_alloc ( - krb5_context /*context*/, - krb5_rd_req_out_ctx */*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_s4u2self_to_checksumdata ( krb5_context /*context*/, const PA_S4U2Self */*self*/, @@ -427,11 +550,26 @@ _krb5_s4u2self_to_checksumdata ( int _krb5_send_and_recv_tcp ( - int /*fd*/, + krb5_socket_t /*fd*/, time_t /*tmout*/, const krb5_data */*req*/, krb5_data */*rep*/); +int +_krb5_set_default_cc_name_to_registry ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +void +_krb5_unload_plugins ( + krb5_context /*context*/, + const char */*name*/); + +krb5_error_code +_krb5_usage2arcfour ( + krb5_context /*context*/, + unsigned */*usage*/); + int _krb5_xlock ( krb5_context /*context*/, @@ -439,9 +577,17 @@ _krb5_xlock ( krb5_boolean /*exclusive*/, const char */*filename*/); +void +_krb5_xor ( + DES_cblock */*key*/, + const unsigned char */*b*/); + int _krb5_xunlock ( krb5_context /*context*/, int /*fd*/); +#undef KRB5_DEPRECATED_FUNCTION +#define KRB5_DEPRECATED_FUNCTION(X) + #endif /* __krb5_private_h__ */ diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 647d8886b7c..c72e796afe2 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -8,119 +8,98 @@ #define __attribute__(x) #endif +#ifndef KRB5_DEPRECATED_FUNCTION +#if defined(__GNUC__) && ((__GNUC__ > 3) || ((__GNUC__ == 3) && (__GNUC_MINOR__ >= 1 ))) +#define KRB5_DEPRECATED_FUNCTION(X) __attribute__((__deprecated__)) +#else +#define KRB5_DEPRECATED_FUNCTION(X) +#endif +#endif + + #ifdef __cplusplus extern "C" { #endif +#ifndef KRB5_LIB #ifndef KRB5_LIB_FUNCTION #if defined(_WIN32) -#define KRB5_LIB_FUNCTION _stdcall +#define KRB5_LIB_FUNCTION __declspec(dllimport) +#define KRB5_LIB_CALL __stdcall +#define KRB5_LIB_VARIABLE __declspec(dllimport) #else #define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL +#define KRB5_LIB_VARIABLE #endif #endif - -krb5_error_code KRB5_LIB_FUNCTION +#endif +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc ( krb5_context /*context*/, krb5_creds */*in_cred*/, - struct credentials */*v4creds*/); + struct credentials */*v4creds*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, krb5_creds */*in_cred*/, - struct credentials */*v4creds*/); + struct credentials */*v4creds*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_boolean (*/*func*/)(krb5_context, krb5_principal), - krb5_boolean /*resolve*/, - krb5_principal */*principal*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext2 ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal), - void */*funcctx*/, - krb5_boolean /*resolve*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_524_conv_principal ( - krb5_context /*context*/, - const krb5_principal /*principal*/, - char */*name*/, - char */*instance*/, - char */*realm*/); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, ...) - __attribute__ ((noreturn, format (printf, 3, 4))); + __attribute__ ((noreturn, format (printf, 3, 4))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx ( krb5_context /*context*/, const char */*fmt*/, ...) - __attribute__ ((noreturn, format (printf, 2, 3))); + __attribute__ ((noreturn, format (printf, 2, 3))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_file ( krb5_context /*context*/, const char */*file*/, const char */*format*/, ...); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_acl_match_string ( krb5_context /*context*/, const char */*string*/, const char */*format*/, ...); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_et_list ( krb5_context /*context*/, void (*/*func*/)(struct et_list **)); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_extra_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_add_ignore_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_dest ( krb5_context /*context*/, krb5_log_facility */*f*/, const char */*orig*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_func ( krb5_context /*context*/, krb5_log_facility */*fac*/, @@ -130,7 +109,7 @@ krb5_addlog_func ( krb5_log_close_func_t /*close_func*/, void */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addr2sockaddr ( krb5_context /*context*/, const krb5_address */*addr*/, @@ -138,19 +117,19 @@ krb5_addr2sockaddr ( krb5_socklen_t */*sa_size*/, int /*port*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_compare ( krb5_context /*context*/, const krb5_address */*addr1*/, const krb5_address */*addr2*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_address_order ( krb5_context /*context*/, const krb5_address */*addr1*/, const krb5_address */*addr2*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_address_prefixlen_boundary ( krb5_context /*context*/, const krb5_address */*inaddr*/, @@ -158,20 +137,25 @@ krb5_address_prefixlen_boundary ( krb5_address */*low*/, krb5_address */*high*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_address_search ( krb5_context /*context*/, const krb5_address */*addr*/, const krb5_addresses */*addrlist*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_allow_weak_crypto ( + krb5_context /*context*/, + krb5_boolean /*enable*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_aname_to_localname ( krb5_context /*context*/, krb5_const_principal /*aname*/, size_t /*lnsize*/, char */*lname*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_anyaddr ( krb5_context /*context*/, int /*af*/, @@ -179,7 +163,7 @@ krb5_anyaddr ( krb5_socklen_t */*sa_size*/, int /*port*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_boolean ( krb5_context /*context*/, const char */*appname*/, @@ -188,7 +172,7 @@ krb5_appdefault_boolean ( krb5_boolean /*def_val*/, krb5_boolean */*ret_val*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_string ( krb5_context /*context*/, const char */*appname*/, @@ -197,7 +181,7 @@ krb5_appdefault_string ( const char */*def_val*/, char **/*ret_val*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_appdefault_time ( krb5_context /*context*/, const char */*appname*/, @@ -206,190 +190,221 @@ krb5_appdefault_time ( time_t /*def_val*/, time_t */*ret_val*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_append_addresses ( krb5_context /*context*/, krb5_addresses */*dest*/, const krb5_addresses */*source*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_addflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*addflags*/, int32_t */*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_free ( krb5_context /*context*/, krb5_auth_context /*auth_context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_genaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, - int /*fd*/, + krb5_socket_t /*fd*/, int /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_generatelocalsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_address **/*local_addr*/, krb5_address **/*remote_addr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getauthenticator ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_authenticator */*authenticator*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getcksumtype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_cksumtype */*cksumtype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t */*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getkeytype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keytype */*keytype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t */*seqnumber*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getlocalsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getrcache ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_rcache */*rcache*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getrecvsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getremoteseqnumber ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + int32_t */*seqnumber*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_getremotesubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock **/*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getsendsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock **/*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_init ( krb5_context /*context*/, krb5_auth_context */*auth_context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_removeflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*removeflags*/, int32_t */*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_address */*local_addr*/, krb5_address */*remote_addr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setaddrs_from_fd ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, void */*p_fd*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setcksumtype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_cksumtype /*cksumtype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setflags ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setkeytype ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keytype /*keytype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*seqnumber*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setlocalsubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setrcache ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_rcache /*rcache*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setrecvsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremoteseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, int32_t /*seqnumber*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setremotesubkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setsendsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_con_setuserkey ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_auth_getremoteseqnumber ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, - int32_t */*seqnumber*/); + int32_t */*seqnumber*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_ap_req ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -398,18 +413,7 @@ krb5_build_ap_req ( krb5_data /*authenticator*/, krb5_data */*retdata*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_authenticator ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_enctype /*enctype*/, - krb5_creds */*cred*/, - Checksum */*cksum*/, - Authenticator **/*auth_result*/, - krb5_data */*result*/, - krb5_key_usage /*usage*/); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal ( krb5_context /*context*/, krb5_principal */*principal*/, @@ -417,7 +421,7 @@ krb5_build_principal ( krb5_const_realm /*realm*/, ...); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_ext ( krb5_context /*context*/, krb5_principal */*principal*/, @@ -425,7 +429,7 @@ krb5_build_principal_ext ( krb5_const_realm /*realm*/, ...); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va ( krb5_context /*context*/, krb5_principal */*principal*/, @@ -433,7 +437,7 @@ krb5_build_principal_va ( krb5_const_realm /*realm*/, va_list /*ap*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_va_ext ( krb5_context /*context*/, krb5_principal */*principal*/, @@ -441,19 +445,19 @@ krb5_build_principal_va_ext ( krb5_const_realm /*realm*/, va_list /*ap*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_block_size ( krb5_context /*context*/, krb5_enctype /*enctype*/, size_t */*blocksize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_checksum_length ( krb5_context /*context*/, krb5_cksumtype /*cksumtype*/, size_t */*length*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_decrypt ( krb5_context /*context*/, const krb5_keyblock /*key*/, @@ -462,7 +466,7 @@ krb5_c_decrypt ( krb5_enc_data */*input*/, krb5_data */*output*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt ( krb5_context /*context*/, const krb5_keyblock */*key*/, @@ -471,41 +475,42 @@ krb5_c_encrypt ( const krb5_data */*input*/, krb5_enc_data */*output*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_encrypt_length ( krb5_context /*context*/, krb5_enctype /*enctype*/, size_t /*inputlen*/, size_t */*length*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_enctype_compare ( krb5_context /*context*/, krb5_enctype /*e1*/, krb5_enctype /*e2*/, - krb5_boolean */*similar*/); + krb5_boolean */*similar*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_get_checksum ( krb5_context /*context*/, const krb5_checksum */*cksum*/, krb5_cksumtype */*type*/, krb5_data **/*data*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_keylengths ( krb5_context /*context*/, krb5_enctype /*enctype*/, size_t */*ilen*/, size_t */*keylen*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_checksum ( krb5_context /*context*/, krb5_cksumtype /*cksumtype*/, @@ -514,39 +519,44 @@ krb5_c_make_checksum ( const krb5_data */*input*/, krb5_checksum */*cksum*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_random_key ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_keyblock */*random_key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf ( krb5_context /*context*/, const krb5_keyblock */*key*/, const krb5_data */*input*/, krb5_data */*output*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf_length ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*length*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_random_make_octets ( + krb5_context /*context*/, + krb5_data * /*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_set_checksum ( krb5_context /*context*/, krb5_checksum */*cksum*/, krb5_cksumtype /*type*/, const krb5_data */*data*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_enctype (krb5_enctype /*etype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_verify_checksum ( krb5_context /*context*/, const krb5_keyblock */*key*/, @@ -555,170 +565,205 @@ krb5_c_verify_checksum ( const krb5_checksum */*cksum*/, krb5_boolean */*valid*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_end_seq_get ( krb5_context /*context*/, krb5_cc_cache_cursor /*cursor*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_get_first ( krb5_context /*context*/, const char */*type*/, krb5_cc_cache_cursor */*cursor*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_match ( krb5_context /*context*/, krb5_principal /*client*/, - const char */*type*/, krb5_ccache */*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_cache_next ( krb5_context /*context*/, krb5_cc_cache_cursor /*cursor*/, krb5_ccache */*id*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_cc_clear_mcred (krb5_creds */*mcred*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_close ( krb5_context /*context*/, krb5_ccache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_copy_cache ( krb5_context /*context*/, const krb5_ccache /*from*/, krb5_ccache /*to*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_copy_cache_match ( +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_creds ( + krb5_context /*context*/, + const krb5_ccache /*from*/, + krb5_ccache /*to*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_match_f ( krb5_context /*context*/, const krb5_ccache /*from*/, krb5_ccache /*to*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/, + krb5_boolean (*/*match*/)(krb5_context, void *, const krb5_creds *), + void */*matchctx*/, unsigned int */*matched*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_default ( krb5_context /*context*/, krb5_ccache */*id*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_default_name (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_destroy ( krb5_context /*context*/, krb5_ccache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_end_seq_get ( krb5_context /*context*/, const krb5_ccache /*id*/, krb5_cc_cursor */*cursor*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_gen_new ( krb5_context /*context*/, const krb5_cc_ops */*ops*/, - krb5_ccache */*id*/); + krb5_ccache */*id*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_config ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_const_principal /*principal*/, + const char */*name*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_flags ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_flags */*flags*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_friendly_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + char **/*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_full_name ( krb5_context /*context*/, krb5_ccache /*id*/, char **/*str*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_kdc_offset ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_deltat */*offset*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_get_lifetime ( + krb5_context /*context*/, + krb5_ccache /*id*/, + time_t */*t*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_name ( krb5_context /*context*/, krb5_ccache /*id*/); -const krb5_cc_ops * +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_ops ( krb5_context /*context*/, krb5_ccache /*id*/); -const krb5_cc_ops * +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_prefix_ops ( krb5_context /*context*/, const char */*prefix*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_principal ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_principal */*principal*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_cc_get_type ( krb5_context /*context*/, krb5_ccache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_version ( krb5_context /*context*/, const krb5_ccache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_initialize ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_principal /*primary_principal*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_last_change_time ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_timestamp */*mtime*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move ( krb5_context /*context*/, krb5_ccache /*from*/, krb5_ccache /*to*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_new_unique ( krb5_context /*context*/, const char */*type*/, const char */*hint*/, krb5_ccache */*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_next_cred ( krb5_context /*context*/, const krb5_ccache /*id*/, krb5_cc_cursor */*cursor*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_next_cred_match ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor * /*cursor*/, - krb5_creds * /*creds*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_register ( krb5_context /*context*/, const krb5_cc_ops */*ops*/, krb5_boolean /*override*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_remove_cred ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_flags /*which*/, krb5_creds */*cred*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_resolve ( krb5_context /*context*/, const char */*name*/, krb5_ccache */*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_retrieve_cred ( krb5_context /*context*/, krb5_ccache /*id*/, @@ -726,351 +771,390 @@ krb5_cc_retrieve_cred ( const krb5_creds */*mcreds*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_config ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_const_principal /*principal*/, + const char */*name*/, + krb5_data */*data*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_default_name ( krb5_context /*context*/, const char */*name*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_flags ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_flags /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_friendly_name ( + krb5_context /*context*/, + krb5_ccache /*id*/, + const char */*name*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_set_kdc_offset ( + krb5_context /*context*/, + krb5_ccache /*id*/, + krb5_deltat /*offset*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_start_seq_get ( krb5_context /*context*/, const krb5_ccache /*id*/, krb5_cc_cursor */*cursor*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_store_cred ( krb5_context /*context*/, krb5_ccache /*id*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_cc_support_switch ( + krb5_context /*context*/, + const char */*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_switch ( + krb5_context /*context*/, + krb5_ccache /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_free ( + krb5_context /*context*/, + krb5_cccol_cursor */*cursor*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_new ( + krb5_context /*context*/, + krb5_cccol_cursor */*cursor*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_cursor_next ( + krb5_context /*context*/, + krb5_cccol_cursor /*cursor*/, + krb5_ccache */*cache*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cccol_last_change_time ( + krb5_context /*context*/, + const char */*type*/, + krb5_timestamp */*mtime*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_change_password ( krb5_context /*context*/, krb5_creds */*creds*/, const char */*newpw*/, int */*result_code*/, krb5_data */*result_code_string*/, - krb5_data */*result_string*/); + krb5_data */*result_string*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited ( krb5_context /*context*/, krb5_const_realm /*client_realm*/, krb5_const_realm /*server_realm*/, krb5_realm */*realms*/, - int /*num_realms*/, + unsigned int /*num_realms*/, int */*bad_realm*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited_realms ( krb5_context /*context*/, const char *const */*realms*/, - int /*num_realms*/, + unsigned int /*num_realms*/, int */*bad_realm*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksum_disable ( krb5_context /*context*/, krb5_cksumtype /*type*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_checksum_free ( krb5_context /*context*/, krb5_checksum */*cksum*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_collision_proof ( krb5_context /*context*/, krb5_cksumtype /*type*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_checksum_is_keyed ( krb5_context /*context*/, krb5_cksumtype /*type*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_checksumsize ( krb5_context /*context*/, krb5_cksumtype /*type*/, size_t */*size*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cksumtype_to_enctype ( + krb5_context /*context*/, + krb5_cksumtype /*ctype*/, + krb5_enctype */*etype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cksumtype_valid ( krb5_context /*context*/, krb5_cksumtype /*ctype*/); -void KRB5_LIB_FUNCTION -krb5_clear_error_string (krb5_context /*context*/); +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_clear_error_message (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_clear_error_string (krb5_context /*context*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_closelog ( krb5_context /*context*/, krb5_log_facility */*fac*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_compare_creds ( krb5_context /*context*/, krb5_flags /*whichfields*/, const krb5_creds * /*mcreds*/, const krb5_creds * /*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_file_free ( krb5_context /*context*/, krb5_config_section */*s*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_config_free_strings (char **/*strings*/); -const void * -krb5_config_get ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*type*/, - ...); - -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_get_bool_default ( krb5_context /*context*/, const krb5_config_section */*c*/, krb5_boolean /*def_value*/, ...); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_int_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, ...); -const krb5_config_binding * +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_get_list ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); -const void * -krb5_config_get_next ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const krb5_config_binding **/*pointer*/, - int /*type*/, - ...); - -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_get_string_default ( krb5_context /*context*/, const krb5_config_section */*c*/, const char */*def_value*/, ...); -char** +KRB5_LIB_FUNCTION char** KRB5_LIB_CALL krb5_config_get_strings ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time ( krb5_context /*context*/, const krb5_config_section */*c*/, ...); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_get_time_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, ...); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file ( krb5_context /*context*/, const char */*fname*/, krb5_config_section **/*res*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi ( krb5_context /*context*/, const char */*fname*/, krb5_config_section **/*res*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi ( krb5_context /*context*/, const char */*string*/, - krb5_config_section **/*res*/); + krb5_config_section **/*res*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -const void * -krb5_config_vget ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*type*/, - va_list /*args*/); - -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_config_vget_bool_default ( krb5_context /*context*/, const krb5_config_section */*c*/, krb5_boolean /*def_value*/, va_list /*args*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_int_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, va_list /*args*/); -const krb5_config_binding * +KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL krb5_config_vget_list ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); -const void * -krb5_config_vget_next ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const krb5_config_binding **/*pointer*/, - int /*type*/, - va_list /*args*/); - -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_config_vget_string_default ( krb5_context /*context*/, const krb5_config_section */*c*/, const char */*def_value*/, va_list /*args*/); -char ** KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL krb5_config_vget_strings ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time ( krb5_context /*context*/, const krb5_config_section */*c*/, va_list /*args*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_config_vget_time_default ( krb5_context /*context*/, const krb5_config_section */*c*/, int /*def_value*/, va_list /*args*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_address ( krb5_context /*context*/, const krb5_address */*inaddr*/, krb5_address */*outaddr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_addresses ( krb5_context /*context*/, const krb5_addresses */*inaddr*/, krb5_addresses */*outaddr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_checksum ( krb5_context /*context*/, const krb5_checksum */*old*/, krb5_checksum **/*new*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_copy_context ( + krb5_context /*context*/, + krb5_context */*out*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds ( krb5_context /*context*/, const krb5_creds */*incred*/, krb5_creds **/*outcred*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_creds_contents ( krb5_context /*context*/, const krb5_creds */*incred*/, krb5_creds */*c*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_data ( krb5_context /*context*/, const krb5_data */*indata*/, krb5_data **/*outdata*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_host_realm ( krb5_context /*context*/, const krb5_realm */*from*/, krb5_realm **/*to*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock ( krb5_context /*context*/, const krb5_keyblock */*inblock*/, krb5_keyblock **/*to*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_keyblock_contents ( krb5_context /*context*/, const krb5_keyblock */*inblock*/, krb5_keyblock */*to*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal ( krb5_context /*context*/, krb5_const_principal /*inprinc*/, krb5_principal */*outprinc*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket ( krb5_context /*context*/, const krb5_ticket */*from*/, krb5_ticket **/*to*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_create_checksum ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1080,164 +1164,213 @@ krb5_create_checksum ( size_t /*len*/, Checksum */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_create_checksum_iov ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/, + krb5_cksumtype */*type*/); + +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL +krb5_creds_get_ticket_flags (krb5_creds */*creds*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_destroy ( krb5_context /*context*/, krb5_crypto /*crypto*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_fx_cf2 ( + krb5_context /*context*/, + const krb5_crypto /*crypto1*/, + const krb5_crypto /*crypto2*/, + krb5_data */*pepper1*/, + krb5_data */*pepper2*/, + krb5_enctype /*enctype*/, + krb5_keyblock */*res*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_get_checksum_type ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_cksumtype */*type*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getblocksize ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t */*blocksize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getconfoundersize ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t */*confoundersize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getenctype ( krb5_context /*context*/, krb5_crypto /*crypto*/, krb5_enctype */*enctype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_getpadsize ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t */*padsize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_init ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_enctype /*etype*/, krb5_crypto */*crypto*/); -size_t +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_length ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + int /*type*/, + size_t */*len*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_crypto_length_iov ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/); + +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_crypto_overhead ( krb5_context /*context*/, krb5_crypto /*crypto*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf ( krb5_context /*context*/, const krb5_crypto /*crypto*/, const krb5_data */*input*/, krb5_data */*output*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_crypto_prf_length ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*length*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_alloc ( krb5_data */*p*/, int /*len*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_data_cmp ( const krb5_data */*data1*/, const krb5_data */*data2*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_copy ( krb5_data */*p*/, const void */*data*/, size_t /*len*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_data_ct_cmp ( + const krb5_data */*data1*/, + const krb5_data */*data2*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_free (krb5_data */*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_data_realloc ( krb5_data */*p*/, int /*len*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_data_zero (krb5_data */*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_Authenticator ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, Authenticator */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, ETYPE_INFO */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ETYPE_INFO2 ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, ETYPE_INFO2 */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncAPRepPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncAPRepPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncASRepPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncASRepPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncKrbCredPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncKrbCredPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTGSRepPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncTGSRepPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_EncTicketPart ( krb5_context /*context*/, const void */*data*/, size_t /*length*/, EncTicketPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ap_req ( krb5_context /*context*/, const krb5_data */*inbuf*/, krb5_ap_req */*ap_req*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1246,7 +1379,7 @@ krb5_decrypt ( size_t /*len*/, krb5_data */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_EncryptedData ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1254,7 +1387,16 @@ krb5_decrypt_EncryptedData ( const EncryptedData */*e*/, krb5_data */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_decrypt_iov_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/, + void */*ivec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1264,7 +1406,7 @@ krb5_decrypt_ivec ( krb5_data */*result*/, void */*ivec*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ticket ( krb5_context /*context*/, Ticket */*ticket*/, @@ -1272,7 +1414,7 @@ krb5_decrypt_ticket ( EncTicketPart */*out*/, krb5_flags /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_derive_key ( krb5_context /*context*/, const krb5_keyblock */*key*/, @@ -1281,267 +1423,275 @@ krb5_derive_key ( size_t /*constant_len*/, krb5_keyblock **/*derived_key*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_alloc ( krb5_context /*context*/, krb5_digest */*digest*/); -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_digest_free (krb5_digest /*digest*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_client_binding ( krb5_context /*context*/, krb5_digest /*digest*/, char **/*type*/, char **/*binding*/); -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_identifier ( krb5_context /*context*/, krb5_digest /*digest*/); -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_opaque ( krb5_context /*context*/, krb5_digest /*digest*/); -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_rsp ( krb5_context /*context*/, krb5_digest /*digest*/); -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_digest_get_server_nonce ( krb5_context /*context*/, krb5_digest /*digest*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_session_key ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_data */*data*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_get_tickets ( krb5_context /*context*/, krb5_digest /*digest*/, Ticket **/*tickets*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_init_request ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_probe ( krb5_context /*context*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/, unsigned */*flags*/); -krb5_boolean +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_digest_rep_get_status ( krb5_context /*context*/, krb5_digest /*digest*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_request ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authentication_user ( krb5_context /*context*/, krb5_digest /*digest*/, krb5_principal /*authentication_user*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_authid ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*authid*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_client_nonce ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*nonce*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_digest ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*dgst*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_hostname ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*hostname*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_identifier ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*id*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_method ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*method*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_nonceCount ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*nonce_count*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_opaque ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*opaque*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_qop ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*qop*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_realm ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*realm*/); -int +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_digest_set_responseData ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*response*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_cb ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*type*/, const char */*binding*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_server_nonce ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*nonce*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_type ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*type*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_uri ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*uri*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_digest_set_username ( krb5_context /*context*/, krb5_digest /*digest*/, const char */*username*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_decode ( krb5_context /*context*/, krb5_data /*tr*/, char ***/*realms*/, - int */*num_realms*/, + unsigned int */*num_realms*/, const char */*client_realm*/, const char */*server_realm*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_encode ( char **/*realms*/, - int /*num_realms*/, + unsigned int /*num_realms*/, krb5_data */*encoding*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_eai_to_heim_errno ( int /*eai_errno*/, int /*system_error*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_Authenticator ( krb5_context /*context*/, void */*data*/, size_t /*length*/, Authenticator */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO ( krb5_context /*context*/, void */*data*/, size_t /*length*/, ETYPE_INFO */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_ETYPE_INFO2 ( krb5_context /*context*/, void */*data*/, size_t /*length*/, ETYPE_INFO2 */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncAPRepPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncAPRepPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncASRepPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncASRepPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncKrbCredPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncKrbCredPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTGSRepPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncTGSRepPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encode_EncTicketPart ( krb5_context /*context*/, void */*data*/, size_t /*length*/, EncTicketPart */*t*/, - size_t */*len*/); + size_t */*len*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1550,7 +1700,7 @@ krb5_encrypt ( size_t /*len*/, krb5_data */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_EncryptedData ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1560,7 +1710,16 @@ krb5_encrypt_EncryptedData ( int /*kvno*/, EncryptedData */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_encrypt_iov_ivec ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + int /*num_data*/, + void */*ivec*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_encrypt_ivec ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -1570,93 +1729,99 @@ krb5_encrypt_ivec ( krb5_data */*result*/, void */*ivec*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_disable ( krb5_context /*context*/, krb5_enctype /*enctype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_enctype_enable ( + krb5_context /*context*/, + krb5_enctype /*enctype*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keybits ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*keybits*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_keysize ( krb5_context /*context*/, krb5_enctype /*type*/, size_t */*keysize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_keytype ( krb5_context /*context*/, krb5_enctype /*etype*/, krb5_keytype */*keytype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_to_string ( krb5_context /*context*/, krb5_enctype /*etype*/, char **/*string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enctype_valid ( krb5_context /*context*/, krb5_enctype /*etype*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_enctypes_compatible_keys ( krb5_context /*context*/, krb5_enctype /*etype1*/, - krb5_enctype /*etype2*/); + krb5_enctype /*etype2*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +krb5_error_code +krb5_enomem (krb5_context /*context*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_err ( krb5_context /*context*/, int /*eval*/, krb5_error_code /*code*/, const char */*fmt*/, ...) - __attribute__ ((noreturn, format (printf, 4, 5))); + __attribute__ ((noreturn, format (printf, 4, 5))); -krb5_error_code KRB5_LIB_FUNCTION - __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_error_from_rd_error ( krb5_context /*context*/, const krb5_error */*error*/, const krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx ( krb5_context /*context*/, int /*eval*/, const char */*fmt*/, ...) - __attribute__ ((noreturn, format (printf, 3, 4))); + __attribute__ ((noreturn, format (printf, 3, 4))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname ( krb5_context /*context*/, const char */*orig_hostname*/, char **/*new_hostname*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_expand_hostname_realms ( krb5_context /*context*/, const char */*orig_hostname*/, char **/*new_hostname*/, char ***/*realms*/); -PA_DATA * +KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL krb5_find_padata ( PA_DATA */*val*/, unsigned /*len*/, int /*type*/, int */*idx*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_format_time ( krb5_context /*context*/, time_t /*t*/, @@ -1664,118 +1829,142 @@ krb5_format_time ( size_t /*len*/, krb5_boolean /*include_time*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_address ( krb5_context /*context*/, krb5_address */*address*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_ap_rep_enc_part ( krb5_context /*context*/, krb5_ap_rep_enc_part */*val*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_authenticator ( krb5_context /*context*/, krb5_authenticator */*authenticator*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum ( krb5_context /*context*/, krb5_checksum */*cksum*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum_contents ( krb5_context /*context*/, krb5_checksum */*cksum*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_config_files (char **/*filenames*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_context (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_cred_contents ( krb5_context /*context*/, krb5_creds */*c*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_creds ( krb5_context /*context*/, krb5_creds */*c*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_creds_contents ( + krb5_context /*context*/, + krb5_creds */*c*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data ( krb5_context /*context*/, krb5_data */*p*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_data_contents ( krb5_context /*context*/, - krb5_data */*data*/); + krb5_data */*data*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_default_realm ( + krb5_context /*context*/, + krb5_realm /*realm*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error ( krb5_context /*context*/, krb5_error */*error*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_contents ( krb5_context /*context*/, krb5_error */*error*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_error_message ( + krb5_context /*context*/, + const char */*msg*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_string ( krb5_context /*context*/, - char */*str*/); + char */*str*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_host_realm ( krb5_context /*context*/, krb5_realm */*realmlist*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_kdc_rep ( krb5_context /*context*/, krb5_kdc_rep */*rep*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock ( krb5_context /*context*/, krb5_keyblock */*keyblock*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_keyblock_contents ( krb5_context /*context*/, krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_krbhst ( krb5_context /*context*/, char **/*hostlist*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal ( krb5_context /*context*/, krb5_principal /*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_salt ( krb5_context /*context*/, krb5_salt /*salt*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket ( krb5_context /*context*/, krb5_ticket */*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_free_unparsed_name ( + krb5_context /*context*/, + char */*str*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_fwd_tgt_creds ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -1786,64 +1975,67 @@ krb5_fwd_tgt_creds ( int /*forwardable*/, krb5_data */*out_data*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_generate_random_block ( void */*buf*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_random_keyblock ( krb5_context /*context*/, krb5_enctype /*type*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_seq_number ( krb5_context /*context*/, const krb5_keyblock */*key*/, uint32_t */*seqno*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey ( krb5_context /*context*/, const krb5_keyblock */*key*/, - krb5_keyblock **/*subkey*/); + krb5_keyblock **/*subkey*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_generate_subkey_extended ( krb5_context /*context*/, const krb5_keyblock */*key*/, krb5_enctype /*etype*/, krb5_keyblock **/*subkey*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_client_addrs ( krb5_context /*context*/, krb5_addresses */*res*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_all_server_addrs ( krb5_context /*context*/, krb5_addresses */*res*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc ( krb5_context /*context*/, krb5_ccache /*ccache*/, krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/, - krb5_creds ***/*ret_tgts*/); + krb5_creds ***/*ret_tgts*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_cred_from_kdc_opt ( krb5_context /*context*/, krb5_ccache /*ccache*/, krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/, krb5_creds ***/*ret_tgts*/, - krb5_flags /*flags*/); + krb5_flags /*flags*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials ( krb5_context /*context*/, krb5_flags /*options*/, @@ -1851,7 +2043,7 @@ krb5_get_credentials ( krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_credentials_with_flags ( krb5_context /*context*/, krb5_flags /*options*/, @@ -1860,7 +2052,7 @@ krb5_get_credentials_with_flags ( krb5_creds */*in_creds*/, krb5_creds **/*out_creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, @@ -1868,96 +2060,98 @@ krb5_get_creds ( krb5_const_principal /*inprinc*/, krb5_creds **/*out_creds*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_add_options ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_flags /*options*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_alloc ( krb5_context /*context*/, krb5_get_creds_opt */*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_free ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_enctype ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_enctype /*enctype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_impersonate ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_const_principal /*self*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_creds_opt_set_options ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, krb5_flags /*options*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_creds_opt_set_ticket ( krb5_context /*context*/, krb5_get_creds_opt /*opt*/, const Ticket */*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files (char ***/*pfilenames*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_in_tkt_etypes ( krb5_context /*context*/, + krb5_pdu /*pdu_type*/, krb5_enctype **/*etypes*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_principal ( krb5_context /*context*/, krb5_principal */*princ*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realm ( krb5_context /*context*/, krb5_realm */*realm*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_realms ( krb5_context /*context*/, krb5_realm **/*realms*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_dns_canonicalize_hostname (krb5_context /*context*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_get_err_text ( krb5_context /*context*/, - krb5_error_code /*code*/); + krb5_error_code /*code*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL krb5_get_error_message ( krb5_context /*context*/, krb5_error_code /*code*/); -char * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION char * KRB5_LIB_CALL krb5_get_error_string (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_extra_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_fcache_version ( krb5_context /*context*/, int */*version*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_forwarded_creds ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -1967,18 +2161,18 @@ krb5_get_forwarded_creds ( krb5_creds */*in_creds*/, krb5_data */*out_data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_host_realm ( krb5_context /*context*/, const char */*targethost*/, krb5_realm **/*realms*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_ignore_addresses ( krb5_context /*context*/, krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_cred ( krb5_context /*context*/, krb5_flags /*options*/, @@ -1991,9 +2185,10 @@ krb5_get_in_cred ( krb5_decrypt_proc /*decrypt_proc*/, krb5_const_pointer /*decryptarg*/, krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt ( krb5_context /*context*/, krb5_flags /*options*/, @@ -2006,9 +2201,10 @@ krb5_get_in_tkt ( krb5_const_pointer /*decryptarg*/, krb5_creds */*creds*/, krb5_ccache /*ccache*/, - krb5_kdc_rep */*ret_as_reply*/); + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_keytab ( krb5_context /*context*/, krb5_flags /*options*/, @@ -2018,9 +2214,10 @@ krb5_get_in_tkt_with_keytab ( krb5_keytab /*keytab*/, krb5_ccache /*ccache*/, krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_password ( krb5_context /*context*/, krb5_flags /*options*/, @@ -2030,9 +2227,10 @@ krb5_get_in_tkt_with_password ( const char */*password*/, krb5_ccache /*ccache*/, krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_in_tkt_with_skey ( krb5_context /*context*/, krb5_flags /*options*/, @@ -2042,20 +2240,10 @@ krb5_get_in_tkt_with_skey ( const krb5_keyblock */*key*/, krb5_ccache /*ccache*/, krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); + krb5_kdc_rep */*ret_as_reply*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_prompter_fct /*prompter*/, - void */*data*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keyblock ( krb5_context /*context*/, krb5_creds */*creds*/, @@ -2065,7 +2253,7 @@ krb5_get_init_creds_keyblock ( const char */*in_tkt_service*/, krb5_get_init_creds_opt */*options*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_keytab ( krb5_context /*context*/, krb5_creds */*creds*/, @@ -2075,79 +2263,81 @@ krb5_get_init_creds_keytab ( const char */*in_tkt_service*/, krb5_get_init_creds_opt */*options*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_alloc ( krb5_context /*context*/, krb5_get_init_creds_opt **/*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_free ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_get_error ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, - KRB_ERROR **/*error*/); + KRB_ERROR **/*error*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/); +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_address_list ( krb5_get_init_creds_opt */*opt*/, krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_addressless ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*addressless*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_anonymous ( krb5_get_init_creds_opt */*opt*/, int /*anonymous*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_canonicalize ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*req*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_default_flags ( krb5_context /*context*/, const char */*appname*/, krb5_const_realm /*realm*/, krb5_get_init_creds_opt */*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_etype_list ( krb5_get_init_creds_opt */*opt*/, krb5_enctype */*etype_list*/, int /*etype_list_length*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_forwardable ( krb5_get_init_creds_opt */*opt*/, int /*forwardable*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pa_password ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, const char */*password*/, krb5_s2k_proc /*key_proc*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pac_request ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*req_pac*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pkinit ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, @@ -2161,39 +2351,52 @@ krb5_get_init_creds_opt_set_pkinit ( void */*prompter_data*/, char */*password*/); -void KRB5_LIB_FUNCTION +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pkinit_user_certs ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + struct hx509_certs_data */*certs*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_preauth_list ( krb5_get_init_creds_opt */*opt*/, krb5_preauthtype */*preauth_list*/, int /*preauth_list_length*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_init_creds_opt_set_process_last_req ( + krb5_context /*context*/, + krb5_get_init_creds_opt */*opt*/, + krb5_gic_process_last_req /*func*/, + void */*ctx*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_proxiable ( krb5_get_init_creds_opt */*opt*/, int /*proxiable*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_renew_life ( krb5_get_init_creds_opt */*opt*/, krb5_deltat /*renew_life*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_salt ( krb5_get_init_creds_opt */*opt*/, krb5_data */*salt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_get_init_creds_opt_set_tkt_life ( krb5_get_init_creds_opt */*opt*/, krb5_deltat /*tkt_life*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_win2k ( krb5_context /*context*/, krb5_get_init_creds_opt */*opt*/, krb5_boolean /*req*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_password ( krb5_context /*context*/, krb5_creds */*creds*/, @@ -2203,9 +2406,9 @@ krb5_get_init_creds_password ( void */*data*/, krb5_deltat /*start_time*/, const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*in_options*/); + krb5_get_init_creds_opt */*options*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_cred ( krb5_context /*context*/, krb5_ccache /*id*/, @@ -2215,46 +2418,51 @@ krb5_get_kdc_cred ( krb5_creds */*in_creds*/, krb5_creds **out_creds ); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_kdc_sec_offset ( krb5_context /*context*/, int32_t */*sec*/, int32_t */*usec*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb524hst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_admin_hst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_changepw_hst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krbhst ( krb5_context /*context*/, const krb5_realm */*realm*/, char ***/*hostlist*/); -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_get_max_time_skew (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_permitted_enctypes ( + krb5_context /*context*/, + krb5_enctype **/*etypes*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_pw_salt ( krb5_context /*context*/, krb5_const_principal /*principal*/, krb5_salt */*salt*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_renewed_creds ( krb5_context /*context*/, krb5_creds */*creds*/, @@ -2262,39 +2470,47 @@ krb5_get_renewed_creds ( krb5_ccache /*ccache*/, const char */*in_tkt_service*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_server_rcache ( krb5_context /*context*/, const krb5_data */*piece*/, krb5_rcache */*id*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_get_use_admin_kdc (krb5_context /*context*/); -krb5_log_facility * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_validated_creds ( + krb5_context /*context*/, + krb5_creds */*creds*/, + krb5_principal /*client*/, + krb5_ccache /*ccache*/, + char */*service*/); + +KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL krb5_get_warn_dest (krb5_context /*context*/); -size_t +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_get_wrapped_length ( krb5_context /*context*/, krb5_crypto /*crypto*/, size_t /*data_len*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_getportbyname ( krb5_context /*context*/, const char */*service*/, const char */*proto*/, int /*default_port*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2addr ( krb5_context /*context*/, int /*af*/, const char */*haddr*/, krb5_address */*addr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_addr2sockaddr ( krb5_context /*context*/, int /*af*/, @@ -2303,13 +2519,13 @@ krb5_h_addr2sockaddr ( krb5_socklen_t */*sa_size*/, int /*port*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_h_errno_to_heim_errno (int /*eai_errno*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_have_error_string (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_hmac ( krb5_context /*context*/, krb5_cksumtype /*cktype*/, @@ -2319,35 +2535,111 @@ krb5_hmac ( krb5_keyblock */*key*/, Checksum */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_init_context (krb5_context */*context*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_init_creds_free ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get_creds ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_creds */*cred*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_get_error ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + KRB_ERROR */*error*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_init ( + krb5_context /*context*/, + krb5_principal /*client*/, + krb5_prompter_fct /*prompter*/, + void */*prompter_data*/, + krb5_deltat /*start_time*/, + krb5_get_init_creds_opt */*options*/, + krb5_init_creds_context */*rctx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_keyblock ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_keyblock */*keyblock*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_keytab ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_keytab /*keytab*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_password ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + const char */*password*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_set_service ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + const char */*service*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_init_creds_step ( + krb5_context /*context*/, + krb5_init_creds_context /*ctx*/, + krb5_data */*in*/, + krb5_data */*out*/, + krb5_krbhst_info */*hostinfo*/, + unsigned int */*flags*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_init_ets (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_etype ( - krb5_context /*context*/, - unsigned */*len*/, - krb5_enctype **/*val*/, - const krb5_enctype */*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_initlog ( krb5_context /*context*/, const char */*program*/, krb5_log_facility **/*fac*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_is_config_principal ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_is_thread_safe (void); -const krb5_enctype * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kcm_call ( + krb5_context /*context*/, + krb5_storage */*request*/, + krb5_storage **/*response_p*/, + krb5_data */*response_data_p*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kcm_storage_request ( + krb5_context /*context*/, + uint16_t /*opcode*/, + krb5_storage **/*storage_p*/); + +KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL krb5_kerberos_enctypes (krb5_context /*context*/); -krb5_enctype +KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_init ( krb5_context /*context*/, krb5_enctype /*type*/, @@ -2355,7 +2647,7 @@ krb5_keyblock_init ( size_t /*size*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keyblock_key_proc ( krb5_context /*context*/, krb5_keytype /*type*/, @@ -2363,63 +2655,67 @@ krb5_keyblock_key_proc ( krb5_const_pointer /*keyseed*/, krb5_keyblock **/*key*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_keyblock_zero (krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_keytab_key_proc ( krb5_context /*context*/, krb5_enctype /*enctype*/, krb5_salt /*salt*/, krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); + krb5_keyblock **/*key*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes ( krb5_context /*context*/, krb5_keytype /*keytype*/, unsigned */*len*/, - krb5_enctype **/*val*/); + krb5_enctype **/*val*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_enctypes_default ( krb5_context /*context*/, krb5_keytype /*keytype*/, unsigned */*len*/, - krb5_enctype **/*val*/); + krb5_enctype **/*val*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_keytype_to_string ( krb5_context /*context*/, krb5_keytype /*keytype*/, - char **/*string*/); + char **/*string*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_format_string ( krb5_context /*context*/, const krb5_krbhst_info */*host*/, char */*hostname*/, size_t /*hostlen*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_free ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo ( krb5_context /*context*/, krb5_krbhst_info */*host*/, struct addrinfo **/*ai*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init ( krb5_context /*context*/, const char */*realm*/, unsigned int /*type*/, krb5_krbhst_handle */*handle*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init_flags ( krb5_context /*context*/, const char */*realm*/, @@ -2427,36 +2723,36 @@ krb5_krbhst_init_flags ( int /*flags*/, krb5_krbhst_handle */*handle*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/, krb5_krbhst_info **/*host*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next_as_string ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/, char */*hostname*/, size_t /*hostlen*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_reset ( krb5_context /*context*/, krb5_krbhst_handle /*handle*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_add_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_keytab_entry */*entry*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close ( krb5_context /*context*/, krb5_keytab /*id*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kt_compare ( krb5_context /*context*/, krb5_keytab_entry */*entry*/, @@ -2464,41 +2760,46 @@ krb5_kt_compare ( krb5_kvno /*vno*/, krb5_enctype /*enctype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_copy_entry_contents ( krb5_context /*context*/, const krb5_keytab_entry */*in*/, krb5_keytab_entry */*out*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default ( krb5_context /*context*/, krb5_keytab */*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_modify_name ( krb5_context /*context*/, char */*name*/, size_t /*namesize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_default_name ( krb5_context /*context*/, char */*name*/, size_t /*namesize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_kt_destroy ( + krb5_context /*context*/, + krb5_keytab /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_end_seq_get ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_kt_cursor */*cursor*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_free_entry ( krb5_context /*context*/, krb5_keytab_entry */*entry*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_entry ( krb5_context /*context*/, krb5_keytab /*id*/, @@ -2507,34 +2808,39 @@ krb5_kt_get_entry ( krb5_enctype /*enctype*/, krb5_keytab_entry */*entry*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_full_name ( krb5_context /*context*/, krb5_keytab /*keytab*/, char **/*str*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_name ( krb5_context /*context*/, krb5_keytab /*keytab*/, char */*name*/, size_t /*namesize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_get_type ( krb5_context /*context*/, krb5_keytab /*keytab*/, char */*prefix*/, size_t /*prefixsize*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_kt_have_content ( + krb5_context /*context*/, + krb5_keytab /*id*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_next_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_keytab_entry */*entry*/, krb5_kt_cursor */*cursor*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_read_service_key ( krb5_context /*context*/, krb5_pointer /*keyprocarg*/, @@ -2543,45 +2849,45 @@ krb5_kt_read_service_key ( krb5_enctype /*enctype*/, krb5_keyblock **/*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_register ( krb5_context /*context*/, const krb5_kt_ops */*ops*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_remove_entry ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_keytab_entry */*entry*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_resolve ( krb5_context /*context*/, const char */*name*/, krb5_keytab */*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_start_seq_get ( krb5_context /*context*/, krb5_keytab /*id*/, krb5_kt_cursor */*cursor*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok ( krb5_context /*context*/, krb5_principal /*principal*/, const char */*luser*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log ( krb5_context /*context*/, krb5_log_facility */*fac*/, int /*level*/, const char */*fmt*/, ...) - __attribute__((format (printf, 4, 5))); + __attribute__((format (printf, 4, 5))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log_msg ( krb5_context /*context*/, krb5_log_facility */*fac*/, @@ -2589,26 +2895,26 @@ krb5_log_msg ( char **/*reply*/, const char */*fmt*/, ...) - __attribute__((format (printf, 5, 6))); + __attribute__((format (printf, 5, 6))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_addrport ( krb5_context /*context*/, krb5_address **/*res*/, const krb5_address */*addr*/, int16_t /*port*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal ( krb5_context /*context*/, krb5_principal */*principal*/, krb5_const_realm /*realm*/, ...); -size_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_max_sockaddr_size (void); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_error ( krb5_context /*context*/, krb5_error_code /*error_code*/, @@ -2620,7 +2926,7 @@ krb5_mk_error ( int */*client_usec*/, krb5_data */*reply*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_priv ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -2628,13 +2934,13 @@ krb5_mk_priv ( krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_rep ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_data */*outbuf*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -2645,7 +2951,7 @@ krb5_mk_req ( krb5_ccache /*ccache*/, krb5_data */*outbuf*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_exact ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -2655,7 +2961,7 @@ krb5_mk_req_exact ( krb5_ccache /*ccache*/, krb5_data */*outbuf*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_extended ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -2664,7 +2970,7 @@ krb5_mk_req_extended ( krb5_creds */*in_creds*/, krb5_data */*outbuf*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_safe ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -2672,21 +2978,21 @@ krb5_mk_safe ( krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_read ( krb5_context /*context*/, void */*p_fd*/, void */*buf*/, size_t /*len*/); -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write ( krb5_context /*context*/, void */*p_fd*/, const void */*buf*/, size_t /*len*/); -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write_block ( krb5_context /*context*/, void */*p_fd*/, @@ -2694,47 +3000,47 @@ krb5_net_write_block ( size_t /*len*/, time_t /*timeout*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_alloc ( krb5_context /*context*/, krb5_ntlm */*ntlm*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_free ( krb5_context /*context*/, krb5_ntlm /*ntlm*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_challange ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*challange*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_flags ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, uint32_t */*flags*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_opaque ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*opaque*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetinfo ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*data*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_get_targetname ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, char **/*name*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_init_request ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, @@ -2744,114 +3050,114 @@ krb5_ntlm_init_request ( const char */*hostname*/, const char */*domainname*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_rep_get_sessionkey ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*data*/); -krb5_boolean +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_ntlm_rep_get_status ( krb5_context /*context*/, krb5_ntlm /*ntlm*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_flags ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, uint32_t /*flags*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_lm ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, void */*hash*/, size_t /*len*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_ntlm ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, void */*hash*/, size_t /*len*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_opaque ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_data */*opaque*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_session ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, void */*sessionkey*/, size_t /*length*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_targetname ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, const char */*targetname*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_req_set_username ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, const char */*username*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ntlm_request ( krb5_context /*context*/, krb5_ntlm /*ntlm*/, krb5_realm /*realm*/, krb5_ccache /*ccache*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_openlog ( krb5_context /*context*/, const char */*program*/, krb5_log_facility **/*fac*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_add_buffer ( krb5_context /*context*/, krb5_pac /*p*/, uint32_t /*type*/, const krb5_data */*data*/); -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_pac_free ( krb5_context /*context*/, krb5_pac /*pac*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer ( krb5_context /*context*/, krb5_pac /*p*/, uint32_t /*type*/, krb5_data */*data*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_types ( krb5_context /*context*/, krb5_pac /*p*/, size_t */*len*/, uint32_t **/*types*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_init ( krb5_context /*context*/, krb5_pac */*pac*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_parse ( krb5_context /*context*/, const void */*ptr*/, size_t /*len*/, krb5_pac */*pac*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify ( krb5_context /*context*/, const krb5_pac /*pac*/, @@ -2860,7 +3166,7 @@ krb5_pac_verify ( const krb5_keyblock */*server*/, const krb5_keyblock */*privsvr*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_padata_add ( krb5_context /*context*/, METHOD_DATA */*md*/, @@ -2868,130 +3174,165 @@ krb5_padata_add ( void */*buf*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_address ( krb5_context /*context*/, const char */*string*/, krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name ( krb5_context /*context*/, const char */*name*/, krb5_principal */*principal*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags ( krb5_context /*context*/, const char */*name*/, int /*flags*/, krb5_principal */*principal*/); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype ( krb5_context /*context*/, const char */*str*/, int32_t */*nametype*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_passwd_result_to_string ( krb5_context /*context*/, int /*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_CALLCONV krb5_password_key_proc ( krb5_context /*context*/, krb5_enctype /*type*/, krb5_salt /*salt*/, krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); + krb5_keyblock **/*key*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pk_enterprise_cert ( + krb5_context /*context*/, + const char */*user_id*/, + krb5_const_realm /*realm*/, + krb5_principal */*principal*/, + struct hx509_certs_data **/*res*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register ( krb5_context /*context*/, enum krb5_plugin_type /*type*/, const char */*name*/, void */*symbol*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files ( const char */*filelist*/, char **/*pq*/, char ***/*ret_pp*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_prepend_config_files_default ( const char */*filelist*/, char ***/*pfilenames*/); -krb5_realm * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_prepend_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + ...) + __attribute__ ((format (printf, 3, 4))); + +KRB5_LIB_FUNCTION krb5_realm * KRB5_LIB_CALL krb5_princ_realm ( krb5_context /*context*/, - krb5_principal /*principal*/); + krb5_principal /*principal*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_princ_set_realm ( krb5_context /*context*/, krb5_principal /*principal*/, - krb5_realm */*realm*/); + krb5_realm */*realm*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare ( krb5_context /*context*/, krb5_const_principal /*princ1*/, krb5_const_principal /*princ2*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm ( krb5_context /*context*/, krb5_const_principal /*princ1*/, krb5_const_principal /*princ2*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_comp_string ( krb5_context /*context*/, krb5_const_principal /*principal*/, unsigned int /*component*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL +krb5_principal_get_num_comp ( + krb5_context /*context*/, + krb5_const_principal /*principal*/); + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm ( krb5_context /*context*/, krb5_const_principal /*principal*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type ( krb5_context /*context*/, krb5_const_principal /*principal*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_is_krbtgt ( + krb5_context /*context*/, + krb5_const_principal /*p*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match ( krb5_context /*context*/, krb5_const_principal /*princ*/, krb5_const_principal /*pattern*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_principal_set_realm ( + krb5_context /*context*/, + krb5_principal /*principal*/, + krb5_const_realm /*realm*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type ( krb5_context /*context*/, krb5_principal /*principal*/, int /*type*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_print_address ( const krb5_address */*addr*/, char */*str*/, size_t /*len*/, size_t */*ret_len*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_program_setup ( krb5_context */*context*/, int /*argc*/, char **/*argv*/, struct getargs */*args*/, int /*num_args*/, - void (*/*usage*/)(int, struct getargs*, int)); + void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_CALLCONV krb5_prompter_posix ( krb5_context /*context*/, void */*data*/, @@ -3000,7 +3341,7 @@ krb5_prompter_posix ( int /*num_prompts*/, krb5_prompt prompts[]); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_random_to_key ( krb5_context /*context*/, krb5_enctype /*type*/, @@ -3008,84 +3349,84 @@ krb5_random_to_key ( size_t /*size*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_close ( krb5_context /*context*/, krb5_rcache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_default ( krb5_context /*context*/, krb5_rcache */*id*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_name (krb5_context /*context*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_type (krb5_context /*context*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_destroy ( krb5_context /*context*/, krb5_rcache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_expunge ( krb5_context /*context*/, krb5_rcache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_get_lifespan ( krb5_context /*context*/, krb5_rcache /*id*/, krb5_deltat */*auth_lifespan*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_name ( krb5_context /*context*/, krb5_rcache /*id*/); -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_type ( krb5_context /*context*/, krb5_rcache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_initialize ( krb5_context /*context*/, krb5_rcache /*id*/, krb5_deltat /*auth_lifespan*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_recover ( krb5_context /*context*/, krb5_rcache /*id*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve ( krb5_context /*context*/, krb5_rcache /*id*/, const char */*name*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_full ( krb5_context /*context*/, krb5_rcache */*id*/, const char */*string_name*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_type ( krb5_context /*context*/, krb5_rcache */*id*/, const char */*type*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_store ( krb5_context /*context*/, krb5_rcache /*id*/, krb5_donot_replay */*rep*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -3093,20 +3434,20 @@ krb5_rd_cred ( krb5_creds ***/*ret_creds*/, krb5_replay_data */*outdata*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred2 ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, krb5_ccache /*ccache*/, krb5_data */*in_data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_error ( krb5_context /*context*/, const krb5_data */*msg*/, KRB_ERROR */*result*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_priv ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -3114,14 +3455,14 @@ krb5_rd_priv ( krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_rep ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, const krb5_data */*inbuf*/, krb5_ap_rep_enc_part **/*repl*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3131,7 +3472,7 @@ krb5_rd_req ( krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3140,58 +3481,64 @@ krb5_rd_req_ctx ( krb5_rd_req_in_ctx /*inctx*/, krb5_rd_req_out_ctx */*outctx*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc ( krb5_context /*context*/, krb5_rd_req_in_ctx */*ctx*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_in_ctx_free ( krb5_context /*context*/, krb5_rd_req_in_ctx /*ctx*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keyblock ( krb5_context /*context*/, krb5_rd_req_in_ctx /*in*/, krb5_keyblock */*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_keytab ( krb5_context /*context*/, krb5_rd_req_in_ctx /*in*/, krb5_keytab /*keytab*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_set_pac_check ( krb5_context /*context*/, krb5_rd_req_in_ctx /*in*/, krb5_boolean /*flag*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free ( krb5_context /*context*/, krb5_rd_req_out_ctx /*ctx*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ap_req_options ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_flags */*ap_req_options*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_keyblock ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_keyblock **/*keyblock*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_server ( + krb5_context /*context*/, + krb5_rd_req_out_ctx /*out*/, + krb5_principal */*principal*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_out_get_ticket ( krb5_context /*context*/, krb5_rd_req_out_ctx /*out*/, krb5_ticket **/*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_with_keyblock ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3201,7 +3548,7 @@ krb5_rd_req_with_keyblock ( krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_safe ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -3209,33 +3556,33 @@ krb5_rd_safe ( krb5_data */*outbuf*/, krb5_replay_data */*outdata*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_message ( krb5_context /*context*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_priv_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_safe_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare ( krb5_context /*context*/, krb5_const_principal /*princ1*/, krb5_const_principal /*princ2*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3246,7 +3593,7 @@ krb5_recvauth ( krb5_keytab /*keytab*/, krb5_ticket **/*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth_match_version ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3258,104 +3605,104 @@ krb5_recvauth_match_version ( krb5_keytab /*keytab*/, krb5_ticket **/*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address ( krb5_storage */*sp*/, krb5_address */*adr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs ( krb5_storage */*sp*/, krb5_addresses */*adr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata ( krb5_storage */*sp*/, krb5_authdata */*auth*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds ( krb5_storage */*sp*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag ( krb5_storage */*sp*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data ( krb5_storage */*sp*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16 ( krb5_storage */*sp*/, int16_t */*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32 ( krb5_storage */*sp*/, int32_t */*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8 ( krb5_storage */*sp*/, int8_t */*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock ( krb5_storage */*sp*/, krb5_keyblock */*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal ( krb5_storage */*sp*/, krb5_principal */*princ*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string ( krb5_storage */*sp*/, char **/*string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringnl ( krb5_storage */*sp*/, char **/*string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz ( krb5_storage */*sp*/, char **/*string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times ( krb5_storage */*sp*/, krb5_times */*times*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16 ( krb5_storage */*sp*/, uint16_t */*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32 ( krb5_storage */*sp*/, uint32_t */*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8 ( krb5_storage */*sp*/, uint8_t */*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_salttype_to_string ( krb5_context /*context*/, krb5_enctype /*etype*/, krb5_salttype /*stype*/, char **/*string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendauth ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3371,14 +3718,14 @@ krb5_sendauth ( krb5_ap_rep_enc_part **/*rep_result*/, krb5_creds **/*out_creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto ( krb5_context /*context*/, const krb5_data */*send_data*/, krb5_krbhst_handle /*handle*/, krb5_data */*receive*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_context ( krb5_context /*context*/, krb5_sendto_ctx /*ctx*/, @@ -3386,43 +3733,43 @@ krb5_sendto_context ( const krb5_realm /*realm*/, krb5_data */*receive*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_add_flags ( krb5_sendto_ctx /*ctx*/, int /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_ctx_alloc ( krb5_context /*context*/, krb5_sendto_ctx */*ctx*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_free ( krb5_context /*context*/, krb5_sendto_ctx /*ctx*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_func ( krb5_sendto_ctx /*ctx*/, krb5_sendto_ctx_func /*func*/, void */*data*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_type ( krb5_sendto_ctx /*ctx*/, int /*type*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc ( krb5_context /*context*/, const krb5_data */*send_data*/, const krb5_realm */*realm*/, krb5_data */*receive*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc_flags ( krb5_context /*context*/, const krb5_data */*send_data*/, @@ -3430,54 +3777,73 @@ krb5_sendto_kdc_flags ( krb5_data */*receive*/, int /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_config_files ( krb5_context /*context*/, char **/*filenames*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_in_tkt_etypes ( krb5_context /*context*/, const krb5_enctype */*etypes*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_realm ( krb5_context /*context*/, const char */*realm*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_dns_canonicalize_hostname ( krb5_context /*context*/, krb5_boolean /*flag*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_set_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + ...) + __attribute__ ((format (printf, 3, 4))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_error_string ( krb5_context /*context*/, const char */*fmt*/, ...) - __attribute__((format (printf, 2, 3))); + __attribute__((format (printf, 2, 3))) KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_extra_addresses ( krb5_context /*context*/, const krb5_addresses */*addresses*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_fcache_version ( krb5_context /*context*/, int /*version*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_set_home_dir_access ( + krb5_context /*context*/, + krb5_boolean /*allow*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_ignore_addresses ( krb5_context /*context*/, const krb5_addresses */*addresses*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_kdc_sec_offset ( + krb5_context /*context*/, + int32_t /*sec*/, + int32_t /*usec*/); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_max_time_skew ( krb5_context /*context*/, time_t /*t*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password ( krb5_context /*context*/, krb5_creds */*creds*/, @@ -3487,7 +3853,7 @@ krb5_set_password ( krb5_data */*result_code_string*/, krb5_data */*result_string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_password_using_ccache ( krb5_context /*context*/, krb5_ccache /*ccache*/, @@ -3497,29 +3863,29 @@ krb5_set_password_using_ccache ( krb5_data */*result_code_string*/, krb5_data */*result_string*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time ( krb5_context /*context*/, krb5_timestamp /*sec*/, int32_t /*usec*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_send_to_kdc_func ( krb5_context /*context*/, krb5_send_to_kdc_func /*func*/, void */*data*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_set_use_admin_kdc ( krb5_context /*context*/, krb5_boolean /*flag*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest ( krb5_context /*context*/, krb5_log_facility */*fac*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal ( krb5_context /*context*/, const char */*hostname*/, @@ -3527,7 +3893,7 @@ krb5_sname_to_principal ( int32_t /*type*/, krb5_principal */*ret_princ*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sock_to_principal ( krb5_context /*context*/, int /*sock*/, @@ -3535,204 +3901,218 @@ krb5_sock_to_principal ( int32_t /*type*/, krb5_principal */*ret_princ*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2address ( krb5_context /*context*/, const struct sockaddr */*sa*/, krb5_address */*addr*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sockaddr2port ( krb5_context /*context*/, const struct sockaddr */*sa*/, int16_t */*port*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_sockaddr_is_loopback (const struct sockaddr */*sa*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_std_usage ( int /*code*/, struct getargs */*args*/, int /*num_args*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags ( krb5_storage */*sp*/, krb5_flags /*flags*/); -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_emem (void); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free (krb5_storage */*sp*/); -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_data (krb5_data */*data*/); -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_fd (int /*fd*/); +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_fd (krb5_socket_t /*fd_in*/); -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_mem ( void */*buf*/, size_t /*len*/); -krb5_storage * KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_readonly_mem ( const void */*buf*/, size_t /*len*/); -krb5_flags KRB5_LIB_FUNCTION -krb5_storage_get_byteorder ( - krb5_storage */*sp*/, - krb5_flags /*byteorder*/); +KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL +krb5_storage_get_byteorder (krb5_storage */*sp*/); -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_get_eof_code (krb5_storage */*sp*/); + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags ( krb5_storage */*sp*/, krb5_flags /*flags*/); -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read ( krb5_storage */*sp*/, void */*buf*/, size_t /*len*/); -off_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek ( krb5_storage */*sp*/, off_t /*offset*/, int /*whence*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder ( krb5_storage */*sp*/, krb5_flags /*byteorder*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code ( krb5_storage */*sp*/, int /*code*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags ( krb5_storage */*sp*/, krb5_flags /*flags*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_set_max_alloc ( + krb5_storage */*sp*/, + size_t /*size*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data ( krb5_storage */*sp*/, krb5_data */*data*/); -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_truncate ( + krb5_storage */*sp*/, + off_t /*offset*/); + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write ( krb5_storage */*sp*/, const void */*buf*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address ( krb5_storage */*sp*/, krb5_address /*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs ( krb5_storage */*sp*/, krb5_addresses /*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata ( krb5_storage */*sp*/, krb5_authdata /*auth*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds ( krb5_storage */*sp*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag ( krb5_storage */*sp*/, krb5_creds */*creds*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data ( krb5_storage */*sp*/, krb5_data /*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16 ( krb5_storage */*sp*/, int16_t /*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32 ( krb5_storage */*sp*/, int32_t /*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8 ( krb5_storage */*sp*/, int8_t /*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock ( krb5_storage */*sp*/, krb5_keyblock /*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal ( krb5_storage */*sp*/, krb5_const_principal /*p*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string ( krb5_storage */*sp*/, const char */*s*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringnl ( krb5_storage */*sp*/, const char */*s*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz ( krb5_storage */*sp*/, const char */*s*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times ( krb5_storage */*sp*/, krb5_times /*times*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16 ( krb5_storage */*sp*/, uint16_t /*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32 ( krb5_storage */*sp*/, uint32_t /*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8 ( krb5_storage */*sp*/, uint8_t /*value*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_deltat ( const char */*string*/, krb5_deltat */*deltat*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_enctype ( krb5_context /*context*/, const char */*string*/, krb5_enctype */*etype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -3740,7 +4120,7 @@ krb5_string_to_key ( krb5_principal /*principal*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -3748,7 +4128,7 @@ krb5_string_to_key_data ( krb5_principal /*principal*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -3756,7 +4136,7 @@ krb5_string_to_key_data_salt ( krb5_salt /*salt*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_data_salt_opaque ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -3765,7 +4145,7 @@ krb5_string_to_key_data_salt_opaque ( krb5_data /*opaque*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_derived ( krb5_context /*context*/, const void */*str*/, @@ -3773,7 +4153,7 @@ krb5_string_to_key_derived ( krb5_enctype /*etype*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -3781,7 +4161,7 @@ krb5_string_to_key_salt ( krb5_salt /*salt*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_key_salt_opaque ( krb5_context /*context*/, krb5_enctype /*enctype*/, @@ -3790,62 +4170,68 @@ krb5_string_to_key_salt_opaque ( krb5_data /*opaque*/, krb5_keyblock */*key*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_keytype ( krb5_context /*context*/, const char */*string*/, - krb5_keytype */*keytype*/); + krb5_keytype */*keytype*/) + KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_salttype ( krb5_context /*context*/, krb5_enctype /*etype*/, const char */*string*/, krb5_salttype */*salttype*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type ( krb5_context /*context*/, krb5_ticket */*ticket*/, int /*type*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client ( krb5_context /*context*/, const krb5_ticket */*ticket*/, krb5_principal */*client*/); -time_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime ( krb5_context /*context*/, const krb5_ticket */*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL +krb5_ticket_get_flags ( + krb5_context /*context*/, + const krb5_ticket */*ticket*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server ( krb5_context /*context*/, const krb5_ticket */*ticket*/, krb5_principal */*server*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_timeofday ( krb5_context /*context*/, krb5_timestamp */*timeret*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name ( krb5_context /*context*/, krb5_const_principal /*principal*/, char **/*name*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed ( krb5_context /*context*/, krb5_const_principal /*principal*/, char */*name*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags ( krb5_context /*context*/, krb5_const_principal /*principal*/, @@ -3853,48 +4239,48 @@ krb5_unparse_name_fixed_flags ( char */*name*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short ( krb5_context /*context*/, krb5_const_principal /*principal*/, char */*name*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags ( krb5_context /*context*/, krb5_const_principal /*principal*/, int /*flags*/, char **/*name*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short ( krb5_context /*context*/, krb5_const_principal /*principal*/, char **/*name*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_us_timeofday ( krb5_context /*context*/, krb5_timestamp */*sec*/, int32_t */*usec*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabort ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 3, 0))); + __attribute__ ((noreturn, format (printf, 3, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabortx ( krb5_context /*context*/, const char */*fmt*/, va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 2, 0))); + __attribute__ ((noreturn, format (printf, 2, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3905,7 +4291,7 @@ krb5_verify_ap_req ( krb5_flags */*ap_req_options*/, krb5_ticket **/*ticket*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req2 ( krb5_context /*context*/, krb5_auth_context */*auth_context*/, @@ -3917,14 +4303,14 @@ krb5_verify_ap_req2 ( krb5_ticket **/*ticket*/, krb5_key_usage /*usage*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_authenticator_checksum ( krb5_context /*context*/, krb5_auth_context /*ac*/, void */*data*/, size_t /*len*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_checksum ( krb5_context /*context*/, krb5_crypto /*crypto*/, @@ -3933,7 +4319,16 @@ krb5_verify_checksum ( size_t /*len*/, Checksum */*cksum*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_checksum_iov ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + unsigned /*usage*/, + krb5_crypto_iov */*data*/, + unsigned int /*num_data*/, + krb5_cksumtype */*type*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_init_creds ( krb5_context /*context*/, krb5_creds */*creds*/, @@ -3942,51 +4337,51 @@ krb5_verify_init_creds ( krb5_ccache */*ccache*/, krb5_verify_init_creds_opt */*options*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_set_ap_req_nofail ( krb5_verify_init_creds_opt */*options*/, int /*ap_req_nofail*/); -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_verify_opt_alloc ( krb5_context /*context*/, krb5_verify_opt **/*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_free (krb5_verify_opt */*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_init (krb5_verify_opt */*opt*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_ccache ( krb5_verify_opt */*opt*/, krb5_ccache /*ccache*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_flags ( krb5_verify_opt */*opt*/, unsigned int /*flags*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_keytab ( krb5_verify_opt */*opt*/, krb5_keytab /*keytab*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_secure ( krb5_verify_opt */*opt*/, krb5_boolean /*secure*/); -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_service ( krb5_verify_opt */*opt*/, const char */*service*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user ( krb5_context /*context*/, krb5_principal /*principal*/, @@ -3995,7 +4390,7 @@ krb5_verify_user ( krb5_boolean /*secure*/, const char */*service*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_lrealm ( krb5_context /*context*/, krb5_principal /*principal*/, @@ -4004,40 +4399,40 @@ krb5_verify_user_lrealm ( krb5_boolean /*secure*/, const char */*service*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_opt ( krb5_context /*context*/, krb5_principal /*principal*/, const char */*password*/, krb5_verify_opt */*opt*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verr ( krb5_context /*context*/, int /*eval*/, krb5_error_code /*code*/, const char */*fmt*/, va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 4, 0))); + __attribute__ ((noreturn, format (printf, 4, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx ( krb5_context /*context*/, int /*eval*/, const char */*fmt*/, va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 3, 0))); + __attribute__ ((noreturn, format (printf, 3, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog ( krb5_context /*context*/, krb5_log_facility */*fac*/, int /*level*/, const char */*fmt*/, va_list /*ap*/) - __attribute__((format (printf, 4, 0))); + __attribute__((format (printf, 4, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog_msg ( krb5_context /*context*/, krb5_log_facility */*fac*/, @@ -4045,70 +4440,88 @@ krb5_vlog_msg ( int /*level*/, const char */*fmt*/, va_list /*ap*/) - __attribute__((format (printf, 5, 0))); + __attribute__((format (printf, 5, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_vprepend_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((format (printf, 3, 0))); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_vset_error_message ( + krb5_context /*context*/, + krb5_error_code /*ret*/, + const char */*fmt*/, + va_list /*args*/) + __attribute__ ((format (printf, 3, 0))); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vset_error_string ( krb5_context /*context*/, const char */*fmt*/, va_list /*args*/) - __attribute__ ((format (printf, 2, 0))); + __attribute__ ((format (printf, 2, 0))) KRB5_DEPRECATED_FUNCTION("Use X instead"); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarn ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, va_list /*ap*/) - __attribute__ ((format (printf, 3, 0))); + __attribute__ ((format (printf, 3, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx ( krb5_context /*context*/, const char */*fmt*/, va_list /*ap*/) - __attribute__ ((format (printf, 2, 0))); + __attribute__ ((format (printf, 2, 0))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn ( krb5_context /*context*/, krb5_error_code /*code*/, const char */*fmt*/, ...) - __attribute__ ((format (printf, 3, 4))); + __attribute__ ((format (printf, 3, 4))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx ( krb5_context /*context*/, const char */*fmt*/, ...) - __attribute__ ((format (printf, 2, 3))); + __attribute__ ((format (printf, 2, 3))); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_message ( krb5_context /*context*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_priv_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_safe_message ( krb5_context /*context*/, krb5_auth_context /*ac*/, krb5_pointer /*p_fd*/, krb5_data */*data*/); -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_xfree (void */*ptr*/); #ifdef __cplusplus } #endif +#undef KRB5_DEPRECATED_FUNCTION + #endif /* __krb5_protos_h__ */ diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h index dfd7e944607..324c8c1d3c8 100644 --- a/crypto/heimdal/lib/krb5/krb5-v4compat.h +++ b/crypto/heimdal/lib/krb5/krb5-v4compat.h @@ -1,44 +1,44 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */ +/* $Id$ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ #include "krb_err.h" -/* +/* * This file must only be included with v4 compat glue stuff in * heimdal sources. * @@ -105,8 +105,12 @@ struct credentials { #define CLOCK_SKEW 5*60 #ifndef TKT_ROOT +#ifdef KRB5_USE_PATH_TOKENS +#define TKT_ROOT "%{TEMP}/tkt" +#else #define TKT_ROOT "/tmp/tkt" #endif +#endif struct _krb5_krb_auth_data { int8_t k_flags; /* Flags from ticket */ @@ -120,11 +124,18 @@ struct _krb5_krb_auth_data { uint32_t address; /* Address in ticket */ }; -time_t _krb5_krb_life_to_time (int, int); -int _krb5_krb_time_to_life (time_t, time_t); -krb5_error_code _krb5_krb_tf_setup (krb5_context, struct credentials *, - const char *, int); -krb5_error_code _krb5_krb_dest_tkt(krb5_context, const char *); +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL +_krb5_krb_life_to_time (int, int); + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +_krb5_krb_time_to_life (time_t, time_t); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krb_tf_setup (krb5_context, struct credentials *, + const char *, int); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_krb_dest_tkt(krb5_context, const char *); #define krb_time_to_life _krb5_krb_time_to_life #define krb_life_to_time _krb5_krb_life_to_time diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3 deleted file mode 100644 index 3ce8c1fe9c1..00000000000 --- a/crypto/heimdal/lib/krb5/krb5.3 +++ /dev/null @@ -1,526 +0,0 @@ -.\" Copyright (c) 2001, 2003 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5.3 18212 2006-10-03 10:39:35Z lha $ -.\" -.Dd May 1, 2006 -.Dt KRB5 3 -.Os -.Sh NAME -.Nm krb5 -.Nd Kerberos 5 library -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Sh DESCRIPTION -These functions constitute the Kerberos 5 library, -.Em libkrb5 . -.Sh LIST OF FUNCTIONS -.sp 2 -.nf -.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u -\fIName/Page\fP \fIDescription\fP -.ta \w'krb5_ticket_get_authorization_data_type.3'u+2n +\w'Description goes here'u+6nC -.sp 5p -krb524_convert_creds_kdc.3 -krb524_convert_creds_kdc_cache.3 -krb5_425_conv_principal.3 -krb5_425_conv_principal_ext.3 -krb5_524_conv_principal.3 -krb5_abort.3 -krb5_abortx.3 -krb5_acl_match_file.3 -krb5_acl_match_string.3 -krb5_add_et_list.3 -krb5_add_extra_addresses.3 -krb5_add_ignore_addresses.3 -krb5_addlog_dest.3 -krb5_addlog_func.3 -krb5_addr2sockaddr.3 -krb5_address.3 -krb5_address_compare.3 -krb5_address_order.3 -krb5_address_search.3 -krb5_addresses.3 -krb5_aname_to_localname.3 -krb5_anyaddr.3 -krb5_appdefault_boolean.3 -krb5_appdefault_string.3 -krb5_appdefault_time.3 -krb5_append_addresses.3 -krb5_auth_con_addflags.3 -krb5_auth_con_free.3 -krb5_auth_con_genaddrs.3 -krb5_auth_con_generatelocalsubkey.3 -krb5_auth_con_getaddrs.3 -krb5_auth_con_getauthenticator.3 -krb5_auth_con_getcksumtype.3 -krb5_auth_con_getflags.3 -krb5_auth_con_getkey.3 -krb5_auth_con_getkeytype.3 -krb5_auth_con_getlocalseqnumber.3 -krb5_auth_con_getlocalsubkey.3 -krb5_auth_con_getrcache.3 -krb5_auth_con_getremotesubkey.3 -krb5_auth_con_getuserkey.3 -krb5_auth_con_init.3 -krb5_auth_con_initivector.3 -krb5_auth_con_removeflags.3 -krb5_auth_con_setaddrs.3 -krb5_auth_con_setaddrs_from_fd.3 -krb5_auth_con_setcksumtype.3 -krb5_auth_con_setflags.3 -krb5_auth_con_setivector.3 -krb5_auth_con_setkey.3 -krb5_auth_con_setkeytype.3 -krb5_auth_con_setlocalseqnumber.3 -krb5_auth_con_setlocalsubkey.3 -krb5_auth_con_setrcache.3 -krb5_auth_con_setremoteseqnumber.3 -krb5_auth_con_setremotesubkey.3 -krb5_auth_con_setuserkey.3 -krb5_auth_context.3 -krb5_auth_getremoteseqnumber.3 -krb5_build_principal.3 -krb5_build_principal_ext.3 -krb5_build_principal_va.3 -krb5_build_principal_va_ext.3 -krb5_c_block_size.3 -krb5_c_checksum_length.3 -krb5_c_decrypt.3 -krb5_c_encrypt.3 -krb5_c_encrypt_length.3 -krb5_c_enctype_compare.3 -krb5_c_get_checksum.3 -krb5_c_is_coll_proof_cksum.3 -krb5_c_is_keyed_cksum.3 -krb5_c_make_checksum.3 -krb5_c_make_random_key.3 -krb5_c_set_checksum.3 -krb5_c_valid_cksumtype.3 -krb5_c_valid_enctype.3 -krb5_c_verify_checksum.3 -krb5_cc_cache_end_seq_get.3 -krb5_cc_cache_get_first.3 -krb5_cc_cache_match.3 -krb5_cc_cache_next.3 -krb5_cc_close.3 -krb5_cc_copy_cache.3 -krb5_cc_default.3 -krb5_cc_default_name.3 -krb5_cc_destroy.3 -krb5_cc_end_seq_get.3 -krb5_cc_gen_new.3 -krb5_cc_get_full_name.3 -krb5_cc_get_name.3 -krb5_cc_get_ops.3 -krb5_cc_get_principal.3 -krb5_cc_get_type.3 -krb5_cc_get_version.3 -krb5_cc_initialize.3 -krb5_cc_new_unique.3 -krb5_cc_next_cred.3 -krb5_cc_register.3 -krb5_cc_remove_cred.3 -krb5_cc_resolve.3 -krb5_cc_retrieve_cred.3 -krb5_cc_set_default_name.3 -krb5_cc_set_flags.3 -krb5_cc_store_cred.3 -krb5_change_password.3 -krb5_check_transited.3 -krb5_check_transited_realms.3 -krb5_checksum_disable.3 -krb5_checksum_free.3 -krb5_checksum_is_collision_proof.3 -krb5_checksum_is_keyed.3 -krb5_checksumsize.3 -krb5_clear_error_string.3 -krb5_closelog.3 -krb5_config_file_free.3 -krb5_config_free_strings.3 -krb5_config_get.3 -krb5_config_get_bool.3 -krb5_config_get_bool_default.3 -krb5_config_get_int.3 -krb5_config_get_int_default.3 -krb5_config_get_list.3 -krb5_config_get_next.3 -krb5_config_get_string.3 -krb5_config_get_string_default.3 -krb5_config_get_strings.3 -krb5_config_get_time.3 -krb5_config_get_time_default.3 -krb5_config_parse_file.3 -krb5_config_parse_file_multi.3 -krb5_config_vget.3 -krb5_config_vget_bool.3 -krb5_config_vget_bool_default.3 -krb5_config_vget_int.3 -krb5_config_vget_int_default.3 -krb5_config_vget_list.3 -krb5_config_vget_next.3 -krb5_config_vget_string.3 -krb5_config_vget_string_default.3 -krb5_config_vget_strings.3 -krb5_config_vget_time.3 -krb5_config_vget_time_default.3 -krb5_context.3 -krb5_copy_address.3 -krb5_copy_addresses.3 -krb5_copy_checksum.3 -krb5_copy_data.3 -krb5_copy_host_realm.3 -krb5_copy_keyblock.3 -krb5_copy_keyblock_contents.3 -krb5_copy_principal.3 -krb5_copy_ticket.3 -krb5_create_checksum.3 -krb5_creds.3 -krb5_crypto_destroy.3 -krb5_crypto_get_checksum_type.3 -krb5_crypto_getblocksize.3 -krb5_crypto_getconfoundersize.3 -krb5_crypto_getenctype.3 -krb5_crypto_getpadsize.3 -krb5_crypto_init.3 -krb5_data_alloc.3 -krb5_data_copy.3 -krb5_data_free.3 -krb5_data_realloc.3 -krb5_data_zero.3 -krb5_decrypt.3 -krb5_decrypt_EncryptedData.3 -krb5_digest.3 -krb5_digest_alloc.3 -krb5_digest_free.3 -krb5_digest_get_a1_hash.3 -krb5_digest_get_client_binding.3 -krb5_digest_get_identifier.3 -krb5_digest_get_opaque.3 -krb5_digest_get_responseData.3 -krb5_digest_get_rsp.3 -krb5_digest_get_server_nonce.3 -krb5_digest_get_tickets.3 -krb5_digest_init_request.3 -krb5_digest_request.3 -krb5_digest_set_authentication_user.3 -krb5_digest_set_authid.3 -krb5_digest_set_client_nonce.3 -krb5_digest_set_digest.3 -krb5_digest_set_hostname.3 -krb5_digest_set_identifier.3 -krb5_digest_set_method.3 -krb5_digest_set_nonceCount.3 -krb5_digest_set_opaque.3 -krb5_digest_set_qop.3 -krb5_digest_set_realm.3 -krb5_digest_set_server_cb.3 -krb5_digest_set_server_nonce.3 -krb5_digest_set_type.3 -krb5_digest_set_uri.3 -krb5_digest_set_username.3 -krb5_domain_x500_decode.3 -krb5_domain_x500_encode.3 -krb5_eai_to_heim_errno.3 -krb5_encrypt.3 -krb5_encrypt_EncryptedData.3 -krb5_enctype_disable.3 -krb5_enctype_to_string.3 -krb5_enctype_valid.3 -krb5_err.3 -krb5_errx.3 -krb5_expand_hostname.3 -krb5_expand_hostname_realms.3 -krb5_find_padata.3 -krb5_format_time.3 -krb5_free_address.3 -krb5_free_addresses.3 -krb5_free_authenticator.3 -krb5_free_checksum.3 -krb5_free_checksum_contents.3 -krb5_free_config_files.3 -krb5_free_context.3 -krb5_free_data.3 -krb5_free_data_contents.3 -krb5_free_error_string.3 -krb5_free_host_realm.3 -krb5_free_kdc_rep.3 -krb5_free_keyblock.3 -krb5_free_keyblock_contents.3 -krb5_free_krbhst.3 -krb5_free_principal.3 -krb5_free_salt.3 -krb5_free_ticket.3 -krb5_fwd_tgt_creds.3 -krb5_generate_random_block.3 -krb5_generate_random_keyblock.3 -krb5_generate_subkey.3 -krb5_get_all_client_addrs.3 -krb5_get_all_server_addrs.3 -krb5_get_cred_from_kdc.3 -krb5_get_cred_from_kdc_opt.3 -krb5_get_credentials.3 -krb5_get_credentials_with_flags.3 -krb5_get_default_config_files.3 -krb5_get_default_principal.3 -krb5_get_default_realm.3 -krb5_get_default_realms.3 -krb5_get_err_text.3 -krb5_get_error_message.3 -krb5_get_error_string.3 -krb5_get_extra_addresses.3 -krb5_get_fcache_version.3 -krb5_get_forwarded_creds.3 -krb5_get_host_realm.3 -krb5_get_ignore_addresses.3 -krb5_get_in_cred.3 -krb5_get_in_tkt.3 -krb5_get_in_tkt_with_keytab.3 -krb5_get_in_tkt_with_password.3 -krb5_get_in_tkt_with_skey.3 -krb5_get_init_creds.3 -krb5_get_init_creds_keytab.3 -krb5_get_init_creds_opt_alloc.3 -krb5_get_init_creds_opt_free.3 -krb5_get_init_creds_opt_free_pkinit.3 -krb5_get_init_creds_opt_init.3 -krb5_get_init_creds_opt_set_address_list.3 -krb5_get_init_creds_opt_set_anonymous.3 -krb5_get_init_creds_opt_set_default_flags.3 -krb5_get_init_creds_opt_set_etype_list.3 -krb5_get_init_creds_opt_set_forwardable.3 -krb5_get_init_creds_opt_set_pa_password.3 -krb5_get_init_creds_opt_set_paq_request.3 -krb5_get_init_creds_opt_set_pkinit.3 -krb5_get_init_creds_opt_set_preauth_list.3 -krb5_get_init_creds_opt_set_proxiable.3 -krb5_get_init_creds_opt_set_renew_life.3 -krb5_get_init_creds_opt_set_salt.3 -krb5_get_init_creds_opt_set_tkt_life.3 -krb5_get_init_creds_password.3 -krb5_get_kdc_cred.3 -krb5_get_krb524hst.3 -krb5_get_krb_admin_hst.3 -krb5_get_krb_changepw_hst.3 -krb5_get_krbhst.3 -krb5_get_pw_salt.3 -krb5_get_server_rcache.3 -krb5_get_use_admin_kdc.3 -krb5_get_wrapped_length.3 -krb5_getportbyname.3 -krb5_h_addr2addr.3 -krb5_h_addr2sockaddr.3 -krb5_h_errno_to_heim_errno.3 -krb5_have_error_string.3 -krb5_hmac.3 -krb5_init_context.3 -krb5_init_ets.3 -krb5_initlog.3 -krb5_keyblock_get_enctype.3 -krb5_keyblock_zero.3 -krb5_keytab_entry.3 -krb5_krbhst_format_string.3 -krb5_krbhst_free.3 -krb5_krbhst_get_addrinfo.3 -krb5_krbhst_init.3 -krb5_krbhst_init_flags.3 -krb5_krbhst_next.3 -krb5_krbhst_next_as_string.3 -krb5_krbhst_reset.3 -krb5_kt_add_entry.3 -krb5_kt_close.3 -krb5_kt_compare.3 -krb5_kt_copy_entry_contents.3 -krb5_kt_cursor.3 -krb5_kt_default.3 -krb5_kt_default_modify_name.3 -krb5_kt_default_name.3 -krb5_kt_end_seq_get.3 -krb5_kt_free_entry.3 -krb5_kt_get_entry.3 -krb5_kt_get_name.3 -krb5_kt_get_type.3 -krb5_kt_next_entry.3 -krb5_kt_ops.3 -krb5_kt_read_service_key.3 -krb5_kt_register.3 -krb5_kt_remove_entry.3 -krb5_kt_resolve.3.3 -krb5_kt_start_seq_get -krb5_kuserok.3 -krb5_log.3 -krb5_log_msg.3 -krb5_make_addrport.3 -krb5_make_principal.3 -krb5_max_sockaddr_size.3 -krb5_openlog.3 -krb5_padata_add.3 -krb5_parse_address.3 -krb5_parse_name.3 -krb5_passwd_result_to_string.3 -krb5_password_key_proc.3 -krb5_prepend_config_files.3 -krb5_prepend_config_files_default.3 -krb5_princ_realm.3 -krb5_princ_set_realm.3 -krb5_principal.3 -krb5_principal_compare.3 -krb5_principal_compare_any_realm.3 -krb5_principal_get_comp_string.3 -krb5_principal_get_realm.3 -krb5_principal_get_type.3 -krb5_principal_match.3 -krb5_principal_set_type.3 -krb5_print_address.3 -krb5_rc_close.3 -krb5_rc_default.3 -krb5_rc_default_name.3 -krb5_rc_default_type.3 -krb5_rc_destroy.3 -krb5_rc_expunge.3 -krb5_rc_get_lifespan.3 -krb5_rc_get_name.3 -krb5_rc_get_type.3 -krb5_rc_initialize.3 -krb5_rc_recover.3 -krb5_rc_resolve.3 -krb5_rc_resolve_full.3 -krb5_rc_resolve_type.3 -krb5_rc_store.3 -krb5_rcache.3 -krb5_realm_compare.3 -krb5_ret_address.3 -krb5_ret_addrs.3 -krb5_ret_authdata.3 -krb5_ret_creds.3 -krb5_ret_data.3 -krb5_ret_int16.3 -krb5_ret_int32.3 -krb5_ret_int8.3 -krb5_ret_keyblock.3 -krb5_ret_principal.3 -krb5_ret_string.3 -krb5_ret_stringz.3 -krb5_ret_times.3 -krb5_set_config_files.3 -krb5_set_default_realm.3 -krb5_set_error_string.3 -krb5_set_extra_addresses.3 -krb5_set_fcache_version.3 -krb5_set_ignore_addresses.3 -krb5_set_password.3 -krb5_set_password_using_ccache.3 -krb5_set_real_time.3 -krb5_set_use_admin_kdc.3 -krb5_set_warn_dest.3 -krb5_sname_to_principal.3 -krb5_sock_to_principal.3 -krb5_sockaddr2address.3 -krb5_sockaddr2port.3 -krb5_sockaddr_uninteresting.3 -krb5_storage.3 -krb5_storage_clear_flags.3 -krb5_storage_emem.3 -krb5_storage_free.3 -krb5_storage_from_data.3 -krb5_storage_from_fd.3 -krb5_storage_from_mem.3 -krb5_storage_get_byteorder.3 -krb5_storage_is_flags.3 -krb5_storage_read.3 -krb5_storage_seek.3 -krb5_storage_set_byteorder.3 -krb5_storage_set_eof_code.3 -krb5_storage_set_flags.3 -krb5_storage_to_data.3 -krb5_storage_write.3 -krb5_store_address.3 -krb5_store_addrs.3 -krb5_store_authdata.3 -krb5_store_creds.3 -krb5_store_data.3 -krb5_store_int16.3 -krb5_store_int32.3 -krb5_store_int8.3 -krb5_store_keyblock.3 -krb5_store_principal.3 -krb5_store_string.3 -krb5_store_stringz.3 -krb5_store_times.3 -krb5_string_to_deltat.3 -krb5_string_to_enctype.3 -krb5_string_to_key.3 -krb5_string_to_key_data.3 -krb5_string_to_key_data_salt.3 -krb5_string_to_key_data_salt_opaque.3 -krb5_string_to_key_salt.3 -krb5_string_to_key_salt_opaque.3 -krb5_ticket.3 -krb5_ticket_get_authorization_data_type.3 -krb5_ticket_get_client.3 -krb5_ticket_get_server.3 -krb5_timeofday.3 -krb5_unparse_name.3 -krb5_unparse_name_fixed.3 -krb5_unparse_name_fixed_short.3 -krb5_unparse_name_short.3 -krb5_us_timeofday.3 -krb5_vabort.3 -krb5_vabortx.3 -krb5_verify_checksum.3 -krb5_verify_init_creds.3 -krb5_verify_init_creds_opt_init.3 -krb5_verify_init_creds_opt_set_ap_req_nofail.3 -krb5_verify_opt_init.3 -krb5_verify_opt_set_ccache.3 -krb5_verify_opt_set_flags.3 -krb5_verify_opt_set_keytab.3 -krb5_verify_opt_set_secure.3 -krb5_verify_opt_set_service.3 -krb5_verify_user.3 -krb5_verify_user_lrealm.3 -krb5_verify_user_opt.3 -krb5_verr.3 -krb5_verrx.3 -krb5_vlog.3 -krb5_vlog_msg.3 -krb5_vset_error_string.3 -krb5_vwarn.3 -krb5_vwarnx.3 -krb5_warn.3 -krb5_warnx.3 -.ta -.Fi -.Sh SEE ALSO -.Xr krb5.conf 5 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index ceb16a401aa..9e1edc7b6ca 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5.conf.5 15514 2005-06-23 18:43:34Z lha $ +.\" $Id$ .\" .Dd May 4, 2005 .Dt KRB5.CONF 5 @@ -143,6 +143,9 @@ Default realm to use, this is also known as your .Dq local realm . The default is the result of .Fn krb5_get_host_realm "local hostname" . +.It Li allow_weak_crypto = Va boolean +is weaks crypto algorithms allowed to be used, among others, DES is +considered weak. .It Li clockskew = Va time Maximum time differential (in seconds) allowed when comparing times. @@ -160,17 +163,28 @@ manual page. .It ... .It Li } .El -This is deprecated, see the +This is deprecated, see the .Li capaths section below. +.It Li default_cc_type = Va cctype +sets the default credentials type. .It Li default_cc_name = Va ccname the default credentials cache name. +If you want to change the type only use +.Li default_cc_type . The string can contain variables that are expanded on runtime. Only support variable now is .Li %{uid} that expands to the current user id. .It Li default_etypes = Va etypes ... -A list of default encryption types to use. +A list of default encryption types to use. (Default: all enctypes if +allow_weak_crypto = TRUE, else all enctypes except single DES enctypes.) +.It Li default_as_etypes = Va etypes ... +A list of default encryption types to use in AS requests. (Default: the +value of default_etypes.) +.It Li default_tgs_etypes = Va etypes ... +A list of default encryption types to use in TGS requests. (Default: +the value of default_etypes.) .It Li default_etypes_des = Va etypes ... A list of default encryption types to use when requesting a DES credential. .It Li default_keytab_name = Va keytab @@ -241,6 +255,11 @@ older than Heimdal 0.7. Setting this flag to .Dv TRUE make it store the MIT way, this is default for Heimdal 0.7. +.It Li check-rd-req-server +If set to "ignore", the framework will ignore any the server input to +.Xr krb5_rd_req 3, +this is very useful when the GSS-API server input the +wrong server name into the gss_accept_sec_context call. .El .It Li [domain_realm] This is a list of mappings from DNS domain to Kerberos realm. @@ -326,7 +345,7 @@ obtain credentials for a service in the .Va server-realm . Secondly, it tells the KDC (and other servers) which realms are allowed in a multi-hop traversal from -.Va client-realm +.Va client-realm to .Va server-realm . Except for the client case, the order of the realms are not important. @@ -351,7 +370,7 @@ manual page for a list of defined destinations. .Bl -tag -width "xxx" -offset indent .It Li dbname Li = Va DATABASENAME Use this database for this realm. -See the info documetation how to configure diffrent database backends. +See the info documetation how to configure different database backends. .It Li realm Li = Va REALM Specifies the realm that will be stored in this database. It realm isn't set, it will used as the default database, there can @@ -393,6 +412,24 @@ Default is the same as Should the kdc answer kdc-requests over http. .It Li enable-kaserver = Va BOOL If this kdc should emulate the AFS kaserver. +.It Li as-use-strongest-session-key = Va BOOL +If this is TRUE then the KDC will prefer the strongest key from the +client's AS-REQ enctype list, that is also supported by the KDC and the +target principal, for the ticket session key. Else it will prefer the +first key from the client's AS-REQ enctype list that is also supported +by the KDC and the target principal. Defaults to TRUE. +.It Li preauth-use-strongest-session-key = Va BOOL +Like as-use-strongest-session-key, but applies to the session key +enctype selection for PA-ETYPE-INFO2 (i.e., for password-based +pre-authentication). Defaults to TRUE. +.It Li tgs-use-strongest-session-key = Va BOOL +Like as-use-strongest-session-key, but applies to the session key +enctype of tickets issued by the TGS. Defaults to TRUE. +.It Li use-strongest-server-key = Va BOOL +If TRUE then the KDC picks, for the ticket encrypted part's key, the +first supported enctype from the target service principal's hdb entry's +current keyset. Else the KDC picks the first supported enctype from the +target service principal's hdb entry's current keyset. Defaults to TRUE. .It Li check-ticket-addresses = Va BOOL Verify the addresses in the tickets used in tgs requests. .\" XXX @@ -425,6 +462,11 @@ The default value is account . .It Li hdb-ldap-create-base Va creation dn is the dn that will be appended to the principal when creating entries. Default value is the search dn. +.It Li enable-digest = Va BOOL +Should the kdc answer digest requests. The default is FALSE. +.It Li digests_allowed = Va list of digests +Specifies the digests the kdc will reply to. The default is +.Li ntlm-v2 . .El .It Li [kadmin] .Bl -tag -width "xxx" -offset indent @@ -462,7 +504,7 @@ When true, this is the same as .Pp and is only left for backwards compatibility. .El -.It Li [password-quality] +.It Li [password_quality] Check the Password quality assurance in the info documentation for more information. .Bl -tag -width "xxx" -offset indent diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index 571eb6192ae..2d555ea0604 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -1,37 +1,39 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: krb5.h 22100 2007-12-03 17:15:00Z lha $ */ +/* $Id$ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -51,6 +53,12 @@ #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED #endif +#ifdef _WIN32 +#define KRB5_CALLCONV __stdcall +#else +#define KRB5_CALLCONV +#endif + /* simple constants */ #ifndef TRUE @@ -62,7 +70,7 @@ typedef int krb5_boolean; typedef int32_t krb5_error_code; -typedef int krb5_kvno; +typedef int32_t krb5_kvno; typedef uint32_t krb5_flags; @@ -92,6 +100,8 @@ typedef Checksum krb5_checksum; typedef ENCTYPE krb5_enctype; +typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context; + typedef heim_octet_string krb5_data; /* PKINIT related forward declarations */ @@ -108,28 +118,69 @@ typedef struct krb5_enc_data { /* alternative names */ enum { - ENCTYPE_NULL = ETYPE_NULL, - ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC, - ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4, - ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5, - ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5, - ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1, - ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE, - ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV, - ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB, - ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1, - ENCTYPE_AES128_CTS_HMAC_SHA1_96 = ETYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_AES256_CTS_HMAC_SHA1_96 = ETYPE_AES256_CTS_HMAC_SHA1_96, - ENCTYPE_ARCFOUR_HMAC = ETYPE_ARCFOUR_HMAC_MD5, - ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5, - ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56, - ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS, - ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, - ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, - ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, - ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE + ENCTYPE_NULL = KRB5_ENCTYPE_NULL, + ENCTYPE_DES_CBC_CRC = KRB5_ENCTYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD4 = KRB5_ENCTYPE_DES_CBC_MD4, + ENCTYPE_DES_CBC_MD5 = KRB5_ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES3_CBC_MD5 = KRB5_ENCTYPE_DES3_CBC_MD5, + ENCTYPE_OLD_DES3_CBC_SHA1 = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1, + ENCTYPE_SIGN_DSA_GENERATE = KRB5_ENCTYPE_SIGN_DSA_GENERATE, + ENCTYPE_ENCRYPT_RSA_PRIV = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV, + ENCTYPE_ENCRYPT_RSA_PUB = KRB5_ENCTYPE_ENCRYPT_RSA_PUB, + ENCTYPE_DES3_CBC_SHA1 = KRB5_ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_ARCFOUR_HMAC = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, + ENCTYPE_ARCFOUR_HMAC_MD5 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, + ENCTYPE_ARCFOUR_HMAC_MD5_56 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56, + ENCTYPE_ENCTYPE_PK_CROSS = KRB5_ENCTYPE_ENCTYPE_PK_CROSS, + ENCTYPE_DES_CBC_NONE = KRB5_ENCTYPE_DES_CBC_NONE, + ENCTYPE_DES3_CBC_NONE = KRB5_ENCTYPE_DES3_CBC_NONE, + ENCTYPE_DES_CFB64_NONE = KRB5_ENCTYPE_DES_CFB64_NONE, + ENCTYPE_DES_PCBC_NONE = KRB5_ENCTYPE_DES_PCBC_NONE, + ETYPE_NULL = KRB5_ENCTYPE_NULL, + ETYPE_DES_CBC_CRC = KRB5_ENCTYPE_DES_CBC_CRC, + ETYPE_DES_CBC_MD4 = KRB5_ENCTYPE_DES_CBC_MD4, + ETYPE_DES_CBC_MD5 = KRB5_ENCTYPE_DES_CBC_MD5, + ETYPE_DES3_CBC_MD5 = KRB5_ENCTYPE_DES3_CBC_MD5, + ETYPE_OLD_DES3_CBC_SHA1 = KRB5_ENCTYPE_OLD_DES3_CBC_SHA1, + ETYPE_SIGN_DSA_GENERATE = KRB5_ENCTYPE_SIGN_DSA_GENERATE, + ETYPE_ENCRYPT_RSA_PRIV = KRB5_ENCTYPE_ENCRYPT_RSA_PRIV, + ETYPE_ENCRYPT_RSA_PUB = KRB5_ENCTYPE_ENCRYPT_RSA_PUB, + ETYPE_DES3_CBC_SHA1 = KRB5_ENCTYPE_DES3_CBC_SHA1, + ETYPE_AES128_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ETYPE_AES256_CTS_HMAC_SHA1_96 = KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ETYPE_ARCFOUR_HMAC_MD5 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, + ETYPE_ARCFOUR_HMAC_MD5_56 = KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56, + ETYPE_ENCTYPE_PK_CROSS = KRB5_ENCTYPE_ENCTYPE_PK_CROSS, + ETYPE_ARCFOUR_MD4 = KRB5_ENCTYPE_ARCFOUR_MD4, + ETYPE_ARCFOUR_HMAC_OLD = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD, + ETYPE_ARCFOUR_HMAC_OLD_EXP = KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP, + ETYPE_DES_CBC_NONE = KRB5_ENCTYPE_DES_CBC_NONE, + ETYPE_DES3_CBC_NONE = KRB5_ENCTYPE_DES3_CBC_NONE, + ETYPE_DES_CFB64_NONE = KRB5_ENCTYPE_DES_CFB64_NONE, + ETYPE_DES_PCBC_NONE = KRB5_ENCTYPE_DES_PCBC_NONE, + ETYPE_DIGEST_MD5_NONE = KRB5_ENCTYPE_DIGEST_MD5_NONE, + ETYPE_CRAM_MD5_NONE = KRB5_ENCTYPE_CRAM_MD5_NONE + }; +/* PDU types */ +typedef enum krb5_pdu { + KRB5_PDU_ERROR = 0, + KRB5_PDU_TICKET = 1, + KRB5_PDU_AS_REQUEST = 2, + KRB5_PDU_AS_REPLY = 3, + KRB5_PDU_TGS_REQUEST = 4, + KRB5_PDU_TGS_REPLY = 5, + KRB5_PDU_AP_REQUEST = 6, + KRB5_PDU_AP_REPLY = 7, + KRB5_PDU_KRB_SAFE = 8, + KRB5_PDU_KRB_PRIV = 9, + KRB5_PDU_KRB_CRED = 10, + KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */ +} krb5_pdu; + typedef PADATA_TYPE krb5_preauthtype; typedef enum krb5_key_usage { @@ -205,7 +256,7 @@ typedef enum krb5_key_usage { /* acceptor sign in GSSAPI CFX krb5 mechanism */ KRB5_KU_USAGE_ACCEPTOR_SIGN = 23, /* acceptor seal in GSSAPI CFX krb5 mechanism */ - KRB5_KU_USAGE_INITIATOR_SEAL = 24, + KRB5_KU_USAGE_INITIATOR_SEAL = 24, /* initiator sign in GSSAPI CFX krb5 mechanism */ KRB5_KU_USAGE_INITIATOR_SIGN = 25, /* initiator seal in GSSAPI CFX krb5 mechanism */ @@ -219,6 +270,10 @@ typedef enum krb5_key_usage { /* Keyusage for the server referral in a TGS req */ KRB5_KU_SAM_ENC_NONCE_SAD = 27, /* Encryption of the SAM-NONCE-OR-SAD field */ + KRB5_KU_PA_PKINIT_KX = 44, + /* Encryption type of the kdc session contribution in pk-init */ + KRB5_KU_AS_REQ = 56, + /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */ KRB5_KU_DIGEST_ENCRYPT = -18, /* Encryption key usage used in the digest encryption field */ KRB5_KU_DIGEST_OPAQUE = -19, @@ -253,7 +308,7 @@ typedef struct krb5_preauthdata { krb5_preauthdata_entry *val; }krb5_preauthdata; -typedef enum krb5_address_type { +typedef enum krb5_address_type { KRB5_ADDRESS_INET = 2, KRB5_ADDRESS_NETBIOS = 20, KRB5_ADDRESS_INET6 = 24, @@ -271,15 +326,17 @@ typedef HostAddress krb5_address; typedef HostAddresses krb5_addresses; -typedef enum krb5_keytype { - KEYTYPE_NULL = 0, - KEYTYPE_DES = 1, - KEYTYPE_DES3 = 7, - KEYTYPE_AES128 = 17, - KEYTYPE_AES256 = 18, - KEYTYPE_ARCFOUR = 23, - KEYTYPE_ARCFOUR_56 = 24 -} krb5_keytype; +typedef krb5_enctype krb5_keytype; + +enum krb5_keytype_old { + KEYTYPE_NULL = ETYPE_NULL, + KEYTYPE_DES = ETYPE_DES_CBC_CRC, + KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1, + KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96, + KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96, + KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5, + KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56 +}; typedef EncryptionKey krb5_keyblock; @@ -287,7 +344,15 @@ typedef AP_REQ krb5_ap_req; struct krb5_cc_ops; +#ifdef _WIN32 +#define KRB5_USE_PATH_TOKENS 1 +#endif + +#ifdef KRB5_USE_PATH_TOKENS +#define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_" +#else #define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_" +#endif #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT @@ -297,6 +362,7 @@ struct krb5_cc_ops; NULL) typedef void *krb5_cc_cursor; +typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor; typedef struct krb5_ccache_data { const struct krb5_cc_ops *ops; @@ -316,6 +382,7 @@ typedef const char *krb5_const_realm; /* stupid language */ typedef Principal krb5_principal_data; typedef struct Principal *krb5_principal; typedef const struct Principal *krb5_const_principal; +typedef struct Principals *krb5_principals; typedef time_t krb5_deltat; typedef time_t krb5_timestamp; @@ -363,6 +430,7 @@ typedef union { #define KRB5_GC_FORWARDABLE (1U << 4) #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) +#define KRB5_GC_CANONICALIZE (1U << 7) /* constants for compare_creds (and cc_retrieve_cred) */ #define KRB5_TC_DONT_MATCH_REALM (1U << 31) @@ -377,6 +445,10 @@ typedef union { #define KRB5_TC_MATCH_2ND_TKT (1 << 23) #define KRB5_TC_MATCH_IS_SKEY (1 << 22) +/* constants for get_flags and set_flags */ +#define KRB5_TC_OPENCLOSE 0x00000001 +#define KRB5_TC_NOTICKET 0x00000002 + typedef AuthorizationData krb5_authdata; typedef KRB_ERROR krb5_error; @@ -395,31 +467,39 @@ typedef struct krb5_creds { typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; +#define KRB5_CC_OPS_VERSION 3 + typedef struct krb5_cc_ops { + int version; const char *prefix; - const char* (*get_name)(krb5_context, krb5_ccache); - krb5_error_code (*resolve)(krb5_context, krb5_ccache *, const char *); - krb5_error_code (*gen_new)(krb5_context, krb5_ccache *); - krb5_error_code (*init)(krb5_context, krb5_ccache, krb5_principal); - krb5_error_code (*destroy)(krb5_context, krb5_ccache); - krb5_error_code (*close)(krb5_context, krb5_ccache); - krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*); - krb5_error_code (*retrieve)(krb5_context, krb5_ccache, - krb5_flags, const krb5_creds*, krb5_creds *); - krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*); - krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code (*get_next)(krb5_context, krb5_ccache, - krb5_cc_cursor*, krb5_creds*); - krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); - krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, - krb5_flags, krb5_creds*); - krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); - int (*get_version)(krb5_context, krb5_ccache); - krb5_error_code (*get_cache_first)(krb5_context, krb5_cc_cursor *); - krb5_error_code (*get_cache_next)(krb5_context, krb5_cc_cursor, krb5_ccache *); - krb5_error_code (*end_cache_get)(krb5_context, krb5_cc_cursor); - krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache); - krb5_error_code (*default_name)(krb5_context, char **); + const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *); + krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *); + krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal); + krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*); + krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache, + krb5_flags, const krb5_creds*, krb5_creds *); + krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*); + krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache, + krb5_cc_cursor*, krb5_creds*); + krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); + krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache, + krb5_flags, krb5_creds*); + krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags); + int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *); + krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor, + krb5_ccache *); + krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor); + krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **); + krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache); + krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); + krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat); + krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *); } krb5_cc_ops; struct krb5_log_facility; @@ -471,6 +551,8 @@ typedef struct krb5_keytab_entry { krb5_kvno vno; krb5_keyblock keyblock; uint32_t timestamp; + uint32_t flags; + krb5_principals aliases; } krb5_keytab_entry; typedef struct krb5_kt_cursor { @@ -487,17 +569,18 @@ typedef struct krb5_keytab_data *krb5_keytab; struct krb5_keytab_data { const char *prefix; - krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); - krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t); - krb5_error_code (*close)(krb5_context, krb5_keytab); - krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, - krb5_kvno, krb5_enctype, krb5_keytab_entry*); - krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); - krb5_error_code (*next_entry)(krb5_context, krb5_keytab, - krb5_keytab_entry*, krb5_kt_cursor*); - krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); - krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*); - krb5_error_code (*remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); + krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab); + krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t); + krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab); + krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab); + krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal, + krb5_kvno, krb5_enctype, krb5_keytab_entry*); + krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); + krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab, + krb5_keytab_entry*, krb5_kt_cursor*); + krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); + krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*); + krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*); void *data; int32_t version; }; @@ -551,14 +634,14 @@ typedef struct krb5_auth_context_data { uint32_t remote_seqnumber; krb5_authenticator authenticator; - + krb5_pointer i_vector; - + krb5_rcache rcache; - krb5_keytype keytype; /* ¿requested key type ? */ - krb5_cksumtype cksumtype; /* ¡requested checksum type! */ - + krb5_keytype keytype; /* ¿requested key type ? */ + krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + }krb5_auth_context_data, *krb5_auth_context; typedef struct { @@ -569,8 +652,8 @@ typedef struct { extern const char *heimdal_version, *heimdal_long_version; -typedef void (*krb5_log_log_func_t)(const char*, const char*, void*); -typedef void (*krb5_log_close_func_t)(void*); +typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(const char*, const char*, void*); +typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*); typedef struct krb5_log_facility { char *program; @@ -586,14 +669,10 @@ typedef EncAPRepPart krb5_ap_rep_enc_part; #define KRB5_TGS_NAME_SIZE (6) #define KRB5_TGS_NAME ("krbtgt") - +#define KRB5_WELLKNOWN_NAME ("WELLKNOWN") +#define KRB5_ANON_NAME ("ANONYMOUS") #define KRB5_DIGEST_NAME ("digest") -/* variables */ - -extern const char *krb5_config_file; -extern const char *krb5_defkeyname; - typedef enum { KRB5_PROMPT_TYPE_PASSWORD = 0x1, KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, @@ -609,32 +688,32 @@ typedef struct _krb5_prompt { krb5_prompt_type type; } krb5_prompt; -typedef int (*krb5_prompter_fct)(krb5_context /*context*/, - void * /*data*/, - const char * /*name*/, - const char * /*banner*/, - int /*num_prompts*/, - krb5_prompt /*prompts*/[]); -typedef krb5_error_code (*krb5_key_proc)(krb5_context /*context*/, - krb5_enctype /*type*/, - krb5_salt /*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock ** /*key*/); -typedef krb5_error_code (*krb5_decrypt_proc)(krb5_context /*context*/, - krb5_keyblock * /*key*/, - krb5_key_usage /*usage*/, - krb5_const_pointer /*decrypt_arg*/, - krb5_kdc_rep * /*dec_rep*/); -typedef krb5_error_code (*krb5_s2k_proc)(krb5_context /*context*/, - krb5_enctype /*type*/, - krb5_const_pointer /*keyseed*/, - krb5_salt /*salt*/, - krb5_data * /*s2kparms*/, - krb5_keyblock ** /*key*/); +typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/, + void * /*data*/, + const char * /*name*/, + const char * /*banner*/, + int /*num_prompts*/, + krb5_prompt /*prompts*/[]); +typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_salt /*salt*/, + krb5_const_pointer /*keyseed*/, + krb5_keyblock ** /*key*/); +typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/, + krb5_keyblock * /*key*/, + krb5_key_usage /*usage*/, + krb5_const_pointer /*decrypt_arg*/, + krb5_kdc_rep * /*dec_rep*/); +typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/, + krb5_enctype /*type*/, + krb5_const_pointer /*keyseed*/, + krb5_salt /*salt*/, + krb5_data * /*s2kparms*/, + krb5_keyblock ** /*key*/); struct _krb5_get_init_creds_opt_private; -typedef struct _krb5_get_init_creds_opt { +struct _krb5_get_init_creds_opt { krb5_flags flags; krb5_deltat tkt_life; krb5_deltat renew_life; @@ -650,7 +729,9 @@ typedef struct _krb5_get_init_creds_opt { int preauth_list_length; krb5_data *salt; struct _krb5_get_init_creds_opt_private *opt_private; -} krb5_get_init_creds_opt; +}; + +typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt; #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 @@ -659,10 +740,13 @@ typedef struct _krb5_get_init_creds_opt { #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 -#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 +#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */ #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200 +/* krb5_init_creds_step flags argument */ +#define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001 + typedef struct _krb5_verify_init_creds_opt { krb5_flags flags; int ap_req_nofail; @@ -681,20 +765,6 @@ typedef struct krb5_verify_opt { #define KRB5_VERIFY_LREALMS 1 #define KRB5_VERIFY_NO_ADDRESSES 2 -extern const krb5_cc_ops krb5_acc_ops; -extern const krb5_cc_ops krb5_fcc_ops; -extern const krb5_cc_ops krb5_mcc_ops; -extern const krb5_cc_ops krb5_kcm_ops; - -extern const krb5_kt_ops krb5_fkt_ops; -extern const krb5_kt_ops krb5_wrfkt_ops; -extern const krb5_kt_ops krb5_javakt_ops; -extern const krb5_kt_ops krb5_mkt_ops; -extern const krb5_kt_ops krb5_akf_ops; -extern const krb5_kt_ops krb4_fkt_ops; -extern const krb5_kt_ops krb5_srvtab_fkt_ops; -extern const krb5_kt_ops krb5_any_ops; - #define KRB5_KPASSWD_VERS_CHANGEPW 1 #define KRB5_KPASSWD_VERS_SETPW 0xff80 @@ -736,24 +806,22 @@ enum { KRB5_KRBHST_FLAGS_LARGE_MSG = 2 }; -typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, - void *, - krb5_krbhst_info *, - const krb5_data *, - krb5_data *); +typedef krb5_error_code +(KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t, + const krb5_data *, krb5_data *); -/* flags for krb5_parse_name_flags */ +/** flags for krb5_parse_name_flags */ enum { - KRB5_PRINCIPAL_PARSE_NO_REALM = 1, - KRB5_PRINCIPAL_PARSE_MUST_REALM = 2, - KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 + KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */ + KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */ + KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4 /**< Parse as a NT-ENTERPRISE name */ }; -/* flags for krb5_unparse_name_flags */ +/** flags for krb5_unparse_name_flags */ enum { - KRB5_PRINCIPAL_UNPARSE_SHORT = 1, - KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, - KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 + KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */ + KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */ + KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */ }; typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx; @@ -762,7 +830,9 @@ typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx; #define KRB5_SENDTO_RESTART 1 #define KRB5_SENDTO_CONTINUE 2 -typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *); +typedef krb5_error_code +(KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, + const krb5_data *, int *); struct krb5_plugin; enum krb5_plugin_type { @@ -774,7 +844,73 @@ struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; +/** + * Semi private, not stable yet + */ + +typedef struct krb5_crypto_iov { + unsigned int flags; + /* ignored */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ +#define KRB5_CRYPTO_TYPE_HEADER 1 + /* IN and OUT */ +#define KRB5_CRYPTO_TYPE_DATA 2 + /* IN */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 + /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_PADDING 4 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 + krb5_data data; +} krb5_crypto_iov; + + +/* Glue for MIT */ + +typedef struct { + int32_t lr_type; + krb5_timestamp value; +} krb5_last_req_entry; + +typedef krb5_error_code +(KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *); + +/* + * + */ + +struct hx509_certs_data; + #include +/* variables */ + +extern KRB5_LIB_VARIABLE const char *krb5_config_file; +extern KRB5_LIB_VARIABLE const char *krb5_defkeyname; + + +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops; +extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops; + +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops; +extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops; + +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm; +extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc; + #endif /* __KRB5_H__ */ diff --git a/crypto/heimdal/lib/krb5/krb5.moduli b/crypto/heimdal/lib/krb5/krb5.moduli index f67d2b29be8..a27bae5dfa2 100644 --- a/crypto/heimdal/lib/krb5/krb5.moduli +++ b/crypto/heimdal/lib/krb5/krb5.moduli @@ -1,3 +1,3 @@ -# $Id: krb5.moduli 16154 2005-10-08 15:39:42Z lha $ +# $Id$ # comment security-bits-decimal secure-prime(p)-hex generator(g)-hex (q)-hex rfc3526-MODP-group14 1760 FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF 02 7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA3604650C10BE19482F23171B671DF1CF3B960C074301CD93C1D17603D147DAE2AEF837A62964EF15E5FB4AAC0B8C1CCAA4BE754AB5728AE9130C4C7D02880AB9472D455655347FFFFFFFFFFFFFFF diff --git a/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3 b/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3 index 1f4b9bf8a9e..511eabd915e 100644 --- a/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3 +++ b/crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb524_convert_creds_kdc.3 15239 2005-05-25 13:19:16Z lha $ +.\" $Id$ .\" .Dd March 20, 2004 .Dt KRB524_CONVERT_CREDS_KDC 3 @@ -66,7 +66,7 @@ to Kerberos 4 credential that is stored in .Fa credentials . .Pp .Fn krb524_convert_creds_kdc_ccache -is diffrent from +is different from .Fn krb524_convert_creds_kdc in that way that if .Fa in_cred diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 index 16c118f8ace..49028f42660 100644 --- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1997-2003 Kungliga Tekniska Högskolan +.\" Copyright (c) 1997-2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_425_conv_principal.3 12734 2003-09-03 00:13:07Z lha $ +.\" $Id$ .\" .Dd September 3, 2003 .Dt KRB5_425_CONV_PRINCIPAL 3 diff --git a/crypto/heimdal/lib/krb5/krb5_acl_match_file.3 b/crypto/heimdal/lib/krb5/krb5_acl_match_file.3 index 342645edd2d..a1eb1e4e7a2 100644 --- a/crypto/heimdal/lib/krb5/krb5_acl_match_file.3 +++ b/crypto/heimdal/lib/krb5/krb5_acl_match_file.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_acl_match_file.3 17534 2006-05-11 22:43:44Z lha $ +.\" $Id$ .\" .Dd May 12, 2006 .Dt KRB5_ACL_MATCH_FILE 3 diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3 deleted file mode 100644 index 06f7fa5cd02..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_address.3 +++ /dev/null @@ -1,359 +0,0 @@ -.\" Copyright (c) 2003, 2005 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_address.3 17461 2006-05-05 13:13:18Z lha $ -.\" -.Dd May 1, 2006 -.Dt KRB5_ADDRESS 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_address , -.Nm krb5_addresses , -.Nm krb5_sockaddr2address , -.Nm krb5_sockaddr2port , -.Nm krb5_addr2sockaddr , -.Nm krb5_max_sockaddr_size , -.Nm krb5_sockaddr_uninteresting , -.Nm krb5_h_addr2sockaddr , -.Nm krb5_h_addr2addr , -.Nm krb5_anyaddr , -.Nm krb5_print_address , -.Nm krb5_parse_address , -.Nm krb5_address_order , -.Nm krb5_address_compare , -.Nm krb5_address_search , -.Nm krb5_free_address , -.Nm krb5_free_addresses , -.Nm krb5_copy_address , -.Nm krb5_copy_addresses , -.Nm krb5_append_addresses , -.Nm krb5_make_addrport -.Nd mange addresses in Kerberos -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Ft krb5_error_code -.Fo krb5_sockaddr2address -.Fa "krb5_context context" -.Fa "const struct sockaddr *sa" -.Fa "krb5_address *addr" -.Fc -.Ft krb5_error_code -.Fo krb5_sockaddr2port -.Fa "krb5_context context" -.Fa "const struct sockaddr *sa" -.Fa "int16_t *port" -.Fc -.Ft krb5_error_code -.Fo krb5_addr2sockaddr -.Fa "krb5_context context" -.Fa "const krb5_address *addr" -.Fa "struct sockaddr *sa" -.Fa "krb5_socklen_t *sa_size" -.Fa "int port" -.Fc -.Ft size_t -.Fo krb5_max_sockaddr_size -.Fa "void" -.Fc -.Ft "krb5_boolean" -.Fo krb5_sockaddr_uninteresting -.Fa "const struct sockaddr *sa" -.Fc -.Ft krb5_error_code -.Fo krb5_h_addr2sockaddr -.Fa "krb5_context context" -.Fa "int af" -.Fa "const char *addr" -.Fa "struct sockaddr *sa" -.Fa "krb5_socklen_t *sa_size" -.Fa "int port" -.Fc -.Ft krb5_error_code -.Fo krb5_h_addr2addr -.Fa "krb5_context context" -.Fa "int af" -.Fa "const char *haddr" -.Fa "krb5_address *addr" -.Fc -.Ft krb5_error_code -.Fo krb5_anyaddr -.Fa "krb5_context context" -.Fa "int af" -.Fa "struct sockaddr *sa" -.Fa "krb5_socklen_t *sa_size" -.Fa "int port" -.Fc -.Ft krb5_error_code -.Fo krb5_print_address -.Fa "const krb5_address *addr" -.Fa "char *str" -.Fa "size_t len" -.Fa "size_t *ret_len" -.Fc -.Ft krb5_error_code -.Fo krb5_parse_address -.Fa "krb5_context context" -.Fa "const char *string" -.Fa "krb5_addresses *addresses" -.Fc -.Ft int -.Fo "krb5_address_order" -.Fa "krb5_context context" -.Fa "const krb5_address *addr1" -.Fa "const krb5_address *addr2" -.Fc -.Ft "krb5_boolean" -.Fo krb5_address_compare -.Fa "krb5_context context" -.Fa "const krb5_address *addr1" -.Fa "const krb5_address *addr2" -.Fc -.Ft "krb5_boolean" -.Fo krb5_address_search -.Fa "krb5_context context" -.Fa "const krb5_address *addr" -.Fa "const krb5_addresses *addrlist" -.Fc -.Ft krb5_error_code -.Fo krb5_free_address -.Fa "krb5_context context" -.Fa "krb5_address *address" -.Fc -.Ft krb5_error_code -.Fo krb5_free_addresses -.Fa "krb5_context context" -.Fa "krb5_addresses *addresses" -.Fc -.Ft krb5_error_code -.Fo krb5_copy_address -.Fa "krb5_context context" -.Fa "const krb5_address *inaddr" -.Fa "krb5_address *outaddr" -.Fc -.Ft krb5_error_code -.Fo krb5_copy_addresses -.Fa "krb5_context context" -.Fa "const krb5_addresses *inaddr" -.Fa "krb5_addresses *outaddr" -.Fc -.Ft krb5_error_code -.Fo krb5_append_addresses -.Fa "krb5_context context" -.Fa "krb5_addresses *dest" -.Fa "const krb5_addresses *source" -.Fc -.Ft krb5_error_code -.Fo krb5_make_addrport -.Fa "krb5_context context" -.Fa "krb5_address **res" -.Fa "const krb5_address *addr" -.Fa "int16_t port" -.Fc -.Sh DESCRIPTION -The -.Li krb5_address -structure holds a address that can be used in Kerberos API -calls. There are help functions to set and extract address information -of the address. -.Pp -The -.Li krb5_addresses -structure holds a set of krb5_address:es. -.Pp -.Fn krb5_sockaddr2address -stores a address a -.Li "struct sockaddr" -.Fa sa -in the krb5_address -.Fa addr . -.Pp -.Fn krb5_sockaddr2port -extracts a -.Fa port -(if possible) from a -.Li "struct sockaddr" -.Fa sa . -.Pp -.Fn krb5_addr2sockaddr -sets the -struct sockaddr -.Fa sockaddr -from -.Fa addr -and -.Fa port . -The argument -.Fa sa_size -should initially contain the size of the -.Fa sa , -and after the call, it will contain the actual length of the address. -.Pp -.Fn krb5_max_sockaddr_size -returns the max size of the -.Li struct sockaddr -that the Kerberos library will return. -.Pp -.Fn krb5_sockaddr_uninteresting -returns -.Dv TRUE -for all -.Fa sa -that the kerberos library thinks are uninteresting. -One example are link local addresses. -.Pp -.Fn krb5_h_addr2sockaddr -initializes a -.Li "struct sockaddr" -.Fa sa -from -.Fa af -and the -.Li "struct hostent" -(see -.Xr gethostbyname 3 ) -.Fa h_addr_list -component. -The argument -.Fa sa_size -should initially contain the size of the -.Fa sa , -and after the call, it will contain the actual length of the address. -.Pp -.Fn krb5_h_addr2addr -works like -.Fn krb5_h_addr2sockaddr -with the exception that it operates on a -.Li krb5_address -instead of a -.Li struct sockaddr . -.Pp -.Fn krb5_anyaddr -fills in a -.Li "struct sockaddr" -.Fa sa -that can be used to -.Xr bind 2 -to. -The argument -.Fa sa_size -should initially contain the size of the -.Fa sa , -and after the call, it will contain the actual length of the address. -.Pp -.Fn krb5_print_address -prints the address in -.Fa addr -to the string -.Fa string -that have the length -.Fa len . -If -.Fa ret_len -is not -.Dv NULL , -it will be filled with the length of the string if size were unlimited (not -including the final -.Ql \e0 ) . -.Pp -.Fn krb5_parse_address -Returns the resolved hostname in -.Fa string -to the -.Li krb5_addresses -.Fa addresses . -.Pp -.Fn krb5_address_order -compares the addresses -.Fa addr1 -and -.Fa addr2 -so that it can be used for sorting addresses. If the addresses are the -same address -.Fa krb5_address_order -will return 0. -.Pp -.Fn krb5_address_compare -compares the addresses -.Fa addr1 -and -.Fa addr2 . -Returns -.Dv TRUE -if the two addresses are the same. -.Pp -.Fn krb5_address_search -checks if the address -.Fa addr -is a member of the address set list -.Fa addrlist . -.Pp -.Fn krb5_free_address -frees the data stored in the -.Fa address -that is alloced with any of the krb5_address functions. -.Pp -.Fn krb5_free_addresses -frees the data stored in the -.Fa addresses -that is alloced with any of the krb5_address functions. -.Pp -.Fn krb5_copy_address -copies the content of address -.Fa inaddr -to -.Fa outaddr . -.Pp -.Fn krb5_copy_addresses -copies the content of the address list -.Fa inaddr -to -.Fa outaddr . -.Pp -.Fn krb5_append_addresses -adds the set of addresses in -.Fa source -to -.Fa dest . -While copying the addresses, duplicates are also sorted out. -.Pp -.Fn krb5_make_addrport -allocates and creates an -krb5_address in -.Fa res -of type KRB5_ADDRESS_ADDRPORT from -.Fa ( addr , port ) . -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5.conf 5 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 index a0c3e4b4150..a50e935fd2f 100644 --- a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 +++ b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_aname_to_localname.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd February 18, 2006 .Dt KRB5_ANAME_TO_LOCALNAME 3 diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index f5b532937db..780c2ff7f5e 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2000 Kungliga Tekniska Högskolan +.\" Copyright (c) 2000 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_appdefault.3 12329 2003-05-26 14:09:04Z lha $ +.\" $Id$ .\" .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index 66d150ef858..ec7f8b31cf8 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001 - 2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_auth_context.3 15240 2005-05-25 13:47:58Z lha $ +.\" $Id$ .\" .Dd May 17, 2005 .Dt KRB5_AUTH_CONTEXT 3 diff --git a/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3 b/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3 index a323ccee1d3..77be59adbe7 100644 --- a/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3 +++ b/crypto/heimdal/lib/krb5/krb5_c_make_checksum.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_c_make_checksum.3 19066 2006-11-17 22:09:25Z lha $ +.\" $Id$ .\" .Dd Nov 17, 2006 .Dt KRB5_C_MAKE_CHECKSUM 3 @@ -112,7 +112,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fc .Ft krb5_error_code .Fo krb5_c_verify_checksum -.Fa "krb5_context context +.Fa "krb5_context context" .Fa "const krb5_keyblock *key" .Fa "krb5_keyusage usage" .Fa "const krb5_data *data" @@ -185,7 +185,7 @@ decrypts .Fa input and store the data in .Fa output. -If +If .Fa ivec is .Dv NULL @@ -257,7 +257,7 @@ If some either of .Fa data or .Fa checksum -is not needed for the application, +is not needed for the application, .Dv NULL can be passed in. .Pp @@ -279,14 +279,14 @@ is a keyed checksum type. .Fn krb5_c_is_coll_proof_cksum returns true if .Fa ctype -is a collition proof checksum type. +is a collision proof checksum type. .Pp .Fn krb5_c_keylengths -return the minimum length ( -.Fa inlength ) +return the minimum length +.Fa ( inlength ) bytes needed to create a key and the -length ( -.Fa keylength ) +length +.Fa ( keylength ) of the resulting key for the .Fa enctype . diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3 deleted file mode 100644 index 3fca5956e7d..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_ccache.3 +++ /dev/null @@ -1,517 +0,0 @@ -.\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_ccache.3 22071 2007-11-14 20:04:50Z lha $ -.\" -.Dd October 19, 2005 -.Dt KRB5_CCACHE 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_ccache , -.Nm krb5_cc_cursor , -.Nm krb5_cc_ops , -.Nm krb5_fcc_ops , -.Nm krb5_mcc_ops , -.Nm krb5_cc_clear_mcred , -.Nm krb5_cc_close , -.Nm krb5_cc_copy_cache , -.Nm krb5_cc_default , -.Nm krb5_cc_default_name , -.Nm krb5_cc_destroy , -.Nm krb5_cc_end_seq_get , -.Nm krb5_cc_gen_new , -.Nm krb5_cc_get_full_name , -.Nm krb5_cc_get_name , -.Nm krb5_cc_get_ops , -.Nm krb5_cc_get_prefix_ops , -.Nm krb5_cc_get_principal , -.Nm krb5_cc_get_type , -.Nm krb5_cc_get_version , -.Nm krb5_cc_initialize , -.Nm krb5_cc_next_cred , -.Nm krb5_cc_next_cred_match , -.Nm krb5_cc_new_unique , -.Nm krb5_cc_register , -.Nm krb5_cc_remove_cred , -.Nm krb5_cc_resolve , -.Nm krb5_cc_retrieve_cred , -.Nm krb5_cc_set_default_name , -.Nm krb5_cc_set_flags , -.Nm krb5_cc_start_seq_get , -.Nm krb5_cc_store_cred -.Nd mange credential cache -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Li "struct krb5_ccache;" -.Pp -.Li "struct krb5_cc_cursor;" -.Pp -.Li "struct krb5_cc_ops;" -.Pp -.Li "struct krb5_cc_ops *krb5_fcc_ops;" -.Pp -.Li "struct krb5_cc_ops *krb5_mcc_ops;" -.Pp -.Ft void -.Fo krb5_cc_clear_mcred -.Fa "krb5_creds *mcred" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_close -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_copy_cache -.Fa "krb5_context context" -.Fa "const krb5_ccache from" -.Fa "krb5_ccache to" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_default -.Fa "krb5_context context" -.Fa "krb5_ccache *id" -.Fc -.Ft "const char *" -.Fo krb5_cc_default_name -.Fa "krb5_context context" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_destroy -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_end_seq_get -.Fa "krb5_context context" -.Fa "const krb5_ccache id" -.Fa "krb5_cc_cursor *cursor" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_gen_new -.Fa "krb5_context context" -.Fa "const krb5_cc_ops *ops" -.Fa "krb5_ccache *id" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_get_full_name -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fa "char **str" -.Fc -.Ft "const char *" -.Fo krb5_cc_get_name -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_get_principal -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fa "krb5_principal *principal" -.Fc -.Ft "const char *" -.Fo krb5_cc_get_type -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fc -.Ft "const krb5_cc_ops *" -.Fo krb5_cc_get_ops -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fc -.Ft "const krb5_cc_ops *" -.Fo krb5_cc_get_prefix_ops -.Fa "krb5_context context" -.Fa "const char *prefix" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_get_version -.Fa "krb5_context context" -.Fa "const krb5_ccache id" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_initialize -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fa "krb5_principal primary_principal" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_register -.Fa "krb5_context context" -.Fa "const krb5_cc_ops *ops" -.Fa "krb5_boolean override" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_resolve -.Fa "krb5_context context" -.Fa "const char *name" -.Fa "krb5_ccache *id" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_retrieve_cred -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fa "krb5_flags whichfields" -.Fa "const krb5_creds *mcreds" -.Fa "krb5_creds *creds" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_remove_cred -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fa "krb5_flags which" -.Fa "krb5_creds *cred" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_set_default_name -.Fa "krb5_context context" -.Fa "const char *name" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_start_seq_get -.Fa "krb5_context context" -.Fa "const krb5_ccache id" -.Fa "krb5_cc_cursor *cursor" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_store_cred -.Fa "krb5_context context" -.Fa "krb5_ccache id" -.Fa "krb5_creds *creds" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_set_flags -.Fa "krb5_context context" -.Fa "krb5_cc_set_flags id" -.Fa "krb5_flags flags" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_next_cred -.Fa "krb5_context context" -.Fa "const krb5_ccache id" -.Fa "krb5_cc_cursor *cursor" -.Fa "krb5_creds *creds" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_next_cred_match -.Fa "krb5_context context" -.Fa "const krb5_ccache id" -.Fa "krb5_cc_cursor *cursor" -.Fa "krb5_creds *creds" -.Fa "krb5_flags whichfields" -.Fa "const krb5_creds *mcreds" -.Fc -.Ft krb5_error_code -.Fo krb5_cc_new_unique -.Fa "krb5_context context" -.Fa "const char *type" -.Fa "const char *hint" -.Fa "krb5_ccache *id" -.Fc -.Sh DESCRIPTION -The -.Li krb5_ccache -structure holds a Kerberos credential cache. -.Pp -The -.Li krb5_cc_cursor -structure holds current position in a credential cache when -iterating over the cache. -.Pp -The -.Li krb5_cc_ops -structure holds a set of operations that can me preformed on a -credential cache. -.Pp -There is no component inside -.Li krb5_ccache , -.Li krb5_cc_cursor -nor -.Li krb5_fcc_ops -that is directly referable. -.Pp -The -.Li krb5_creds -holds a Kerberos credential, see manpage for -.Xr krb5_creds 3 . -.Pp -.Fn krb5_cc_default_name -and -.Fn krb5_cc_set_default_name -gets and sets the default name for the -.Fa context . -.Pp -.Fn krb5_cc_default -opens the default credential cache in -.Fa id . -Return 0 or an error code. -.Pp -.Fn krb5_cc_gen_new -generates a new credential cache of type -.Fa ops -in -.Fa id . -Return 0 or an error code. -The Heimdal version of this function also runs -.Fn krb5_cc_initialize -on the credential cache, but since the MIT version doesn't, portable -code must call krb5_cc_initialize. -.Pp -.Fn krb5_cc_new_unique -generates a new unique credential cache of -.Fa type -in -.Fa id . -If type is -.Dv NULL , -the library chooses the default credential cache type. -The supplied -.Fa hint -(that can be -.Dv NULL ) -is a string that the credential cache type can use to base the name of -the credential on, this is to make it easier for the user to -differentiate the credentials. -The returned credential cache -.Fa id -should be freed using -.Fn krb5_cc_close -or -.Fn krb5_cc_destroy . -Returns 0 or an error code. -.Pp -.Fn krb5_cc_resolve -finds and allocates a credential cache in -.Fa id -from the specification in -.Fa residual . -If the credential cache name doesn't contain any colon (:), interpret it as a -file name. -Return 0 or an error code. -.Pp -.Fn krb5_cc_initialize -creates a new credential cache in -.Fa id -for -.Fa primary_principal . -Return 0 or an error code. -.Pp -.Fn krb5_cc_close -stops using the credential cache -.Fa id -and frees the related resources. -Return 0 or an error code. -.Fn krb5_cc_destroy -removes the credential cache -and closes (by calling -.Fn krb5_cc_close ) -.Fa id . -Return 0 or an error code. -.Pp -.Fn krb5_cc_copy_cache -copys the contents of -.Fa from -to -.Fa to . -.Pp -.Fn krb5_cc_get_full_name -returns the complete resolvable name of the credential cache -.Fa id -in -.Fa str . -.Fa str -should be freed with -.Xr free 3 . -Returns 0 or an error, on error -.Fa *str -is set to -.Dv NULL . -.Pp -.Fn krb5_cc_get_name -returns the name of the credential cache -.Fa id . -.Pp -.Fn krb5_cc_get_principal -returns the principal of -.Fa id -in -.Fa principal . -Return 0 or an error code. -.Pp -.Fn krb5_cc_get_type -returns the type of the credential cache -.Fa id . -.Pp -.Fn krb5_cc_get_ops -returns the ops of the credential cache -.Fa id . -.Pp -.Fn krb5_cc_get_version -returns the version of -.Fa id . -.Pp -.Fn krb5_cc_register -Adds a new credential cache type with operations -.Fa ops , -overwriting any existing one if -.Fa override . -Return an error code or 0. -.Pp -.Fn krb5_cc_get_prefix_ops -Get the cc ops that is registered in -.Fa context -to handle the -.Fa prefix . -Returns -.Dv NULL -if ops not found. -.Pp -.Fn krb5_cc_remove_cred -removes the credential identified by -.Fa ( cred , -.Fa which ) -from -.Fa id . -.Pp -.Fn krb5_cc_store_cred -stores -.Fa creds -in the credential cache -.Fa id . -Return 0 or an error code. -.Pp -.Fn krb5_cc_set_flags -sets the flags of -.Fa id -to -.Fa flags . -.Pp -.Fn krb5_cc_clear_mcred -clears the -.Fa mcreds -argument so it is reset and can be used with -.Fa krb5_cc_retrieve_cred . -.Pp -.Fn krb5_cc_retrieve_cred , -retrieves the credential identified by -.Fa mcreds -(and -.Fa whichfields ) -from -.Fa id -in -.Fa creds . -.Fa creds -should be freed using -.Fn krb5_free_cred_contents . -Return 0 or an error code. -.Pp -.Fn krb5_cc_start_seq_get -initiates the -.Li krb5_cc_cursor -structure to be used for iteration over the credential cache. -.Pp -.Fn krb5_cc_next_cred -retrieves the next cred pointed to by -.Fa ( id , -.Fa cursor ) -in -.Fa creds , -and advance -.Fa cursor . -Return 0 or an error code. -.Pp -.Fn krb5_cc_next_cred_match -is similar to -.Fn krb5_cc_next_cred -except that it will only return creds matching -.Fa whichfields -and -.Fa mcreds -(as interpreted by -.Xr krb5_compare_creds 3 . ) -.Pp -.Fn krb5_cc_end_seq_get -Destroys the cursor -.Fa cursor . -.Sh EXAMPLE -This is a minimalistic version of -.Nm klist . -.Pp -.Bd -literal -#include - -int -main (int argc, char **argv) -{ - krb5_context context; - krb5_cc_cursor cursor; - krb5_error_code ret; - krb5_ccache id; - krb5_creds creds; - - if (krb5_init_context (&context) != 0) - errx(1, "krb5_context"); - - ret = krb5_cc_default (context, &id); - if (ret) - krb5_err(context, 1, ret, "krb5_cc_default"); - - ret = krb5_cc_start_seq_get(context, id, &cursor); - if (ret) - krb5_err(context, 1, ret, "krb5_cc_start_seq_get"); - - while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){ - char *principal; - - krb5_unparse_name_short(context, creds.server, &principal); - printf("principal: %s\\n", principal); - free(principal); - krb5_free_cred_contents (context, &creds); - } - ret = krb5_cc_end_seq_get(context, id, &cursor); - if (ret) - krb5_err(context, 1, ret, "krb5_cc_end_seq_get"); - - krb5_cc_close(context, id); - - krb5_free_context(context); - return 0; -} -.Ed -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5.conf 5 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_ccapi.h b/crypto/heimdal/lib/krb5/krb5_ccapi.h index 59a38425c25..5a7fe6a4133 100644 --- a/crypto/heimdal/lib/krb5/krb5_ccapi.h +++ b/crypto/heimdal/lib/krb5/krb5_ccapi.h @@ -1,43 +1,47 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */ +/* $Id$ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 #include + #ifdef __APPLE__ +#pragma pack(push,2) +#endif + enum { cc_credentials_v5 = 2 }; @@ -49,7 +53,7 @@ enum { enum { ccNoError = 0, - + ccIteratorEnd = 201, ccErrBadParam, ccErrNoMem, @@ -61,25 +65,25 @@ enum { ccErrInvalidCCacheIterator, ccErrInvalidCredentialsIterator, ccErrInvalidLock, - + ccErrBadName, /* 211 */ ccErrBadCredentialsVersion, ccErrBadAPIVersion, ccErrContextLocked, ccErrContextUnlocked, - + ccErrCCacheLocked, /* 216 */ ccErrCCacheUnlocked, ccErrBadLockType, ccErrNeverDefault, ccErrCredentialsNotFound, - + ccErrCCacheNotFound, /* 221 */ ccErrContextNotFound, ccErrServerUnavailable, ccErrServerInsecure, ccErrServerCantBecomeUID, - + ccErrTimeOffsetNotSet /* 226 */ }; @@ -92,7 +96,7 @@ typedef struct cc_credentials_v5_t cc_credentials_v5_t; typedef struct cc_credentials_t *cc_credentials_t; typedef struct cc_credentials_iterator_t *cc_credentials_iterator_t; typedef struct cc_string_t *cc_string_t; -typedef time_t cc_time_t; +typedef cc_uint32 cc_time_t; typedef struct cc_data { cc_uint32 type; @@ -224,7 +228,12 @@ struct cc_context_t { const struct cc_context_functions* func; }; -typedef cc_int32 +typedef cc_int32 (*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **); +#ifdef __APPLE__ +#pragma pack(pop) +#endif + + #endif /* KRB5_CCAPI_H */ diff --git a/crypto/heimdal/lib/krb5/krb5_check_transited.3 b/crypto/heimdal/lib/krb5/krb5_check_transited.3 index 65ce0774225..4d4dae3086c 100644 --- a/crypto/heimdal/lib/krb5/krb5_check_transited.3 +++ b/crypto/heimdal/lib/krb5/krb5_check_transited.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_check_transited.3 17382 2006-05-01 07:09:16Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_CHECK_TRANSITED 3 @@ -86,7 +86,7 @@ where and .Fa num_realms is the realms between them. -If the function returns an error value, +If the function returns an error value, .Fa bad_realm will be set to the realm in the list causing the error. .Fn krb5_check_transited diff --git a/crypto/heimdal/lib/krb5/krb5_compare_creds.3 b/crypto/heimdal/lib/krb5/krb5_compare_creds.3 deleted file mode 100644 index 9fd2bbbbb68..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_compare_creds.3 +++ /dev/null @@ -1,104 +0,0 @@ -.\" Copyright (c) 2004-2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_compare_creds.3 15110 2005-05-10 09:21:06Z lha $ -.\" -.Dd May 10, 2005 -.Dt KRB5_COMPARE_CREDS 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_compare_creds -.Nd compare Kerberos 5 credentials -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_boolean -.Fo krb5_compare_creds -.Fa "krb5_context context" -.Fa "krb5_flags whichfields" -.Fa "const krb5_creds *mcreds" -.Fa "const krb5_creds *creds" -.Fc -.Sh DESCRIPTION -.Fn krb5_compare_creds -compares -.Fa mcreds -(usually filled in by the application) -to -.Fa creds -(most often from a credentials cache) -and return -.Dv TRUE -if they are equal. -Unless -.Va mcreds-\*[Gt]server -is -.Dv NULL , -the service of the credentials are always compared. If the client -name in -.Fa mcreds -is present, the client names are also compared. This function is -normally only called indirectly via -.Xr krb5_cc_retrieve_cred 3 . -.Pp -The following flags, set in -.Fa whichfields , -affects the comparison: -.Bl -tag -width KRB5_TC_MATCH_SRV_NAMEONLY -compact -offset indent -.It KRB5_TC_MATCH_SRV_NAMEONLY -Consider all realms equal when comparing the service principal. -.It KRB5_TC_MATCH_KEYTYPE -Compare enctypes. -.It KRB5_TC_MATCH_FLAGS_EXACT -Make sure that the ticket flags are identical. -.It KRB5_TC_MATCH_FLAGS -Make sure that all ticket flags set in -.Fa mcreds -are also present in -.Fa creds . -.It KRB5_TC_MATCH_TIMES_EXACT -Compares the ticket times exactly. -.It KRB5_TC_MATCH_TIMES -Compares only the expiration times of the creds. -.It KRB5_TC_MATCH_AUTHDATA -Compares the authdata fields. -.It KRB5_TC_MATCH_2ND_TKT -Compares the second tickets (used by user-to-user authentication). -.It KRB5_TC_MATCH_IS_SKEY -Compares the existance of the second ticket. -.El -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5_cc_retrieve_cred 3 , -.Xr krb5_creds 3 , -.Xr krb5_get_init_creds 3 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3 deleted file mode 100644 index 9c302ae2f3a..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_config.3 +++ /dev/null @@ -1,307 +0,0 @@ -.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" -.\" $Id: krb5_config.3 21905 2007-08-10 10:16:45Z lha $ -.\" -.Dd August 10, 2007 -.Dt KRB5_CONFIG_GET 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_config_file_free , -.Nm krb5_config_free_strings , -.Nm krb5_config_get , -.Nm krb5_config_get_bool , -.Nm krb5_config_get_bool_default , -.Nm krb5_config_get_int , -.Nm krb5_config_get_int_default , -.Nm krb5_config_get_list , -.Nm krb5_config_get_next , -.Nm krb5_config_get_string , -.Nm krb5_config_get_string_default , -.Nm krb5_config_get_strings , -.Nm krb5_config_get_time , -.Nm krb5_config_get_time_default , -.Nm krb5_config_parse_file , -.Nm krb5_config_parse_file_multi , -.Nm krb5_config_vget , -.Nm krb5_config_vget_bool , -.Nm krb5_config_vget_bool_default , -.Nm krb5_config_vget_int , -.Nm krb5_config_vget_int_default , -.Nm krb5_config_vget_list , -.Nm krb5_config_vget_next , -.Nm krb5_config_vget_string , -.Nm krb5_config_vget_string_default , -.Nm krb5_config_vget_strings , -.Nm krb5_config_vget_time , -.Nm krb5_config_vget_time_default -.Nd get configuration value -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_error_code -.Fo krb5_config_file_free -.Fa "krb5_context context" -.Fa "krb5_config_section *s" -.Fc -.Ft void -.Fo krb5_config_free_strings -.Fa "char **strings" -.Fc -.Ft "const void *" -.Fo krb5_config_get -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "int type" -.Fa "..." -.Fc -.Ft krb5_boolean -.Fo krb5_config_get_bool -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "..." -.Fc -.Ft krb5_boolean -.Fo krb5_config_get_bool_default -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "krb5_boolean def_value" -.Fa "..." -.Fc -.Ft int -.Fo krb5_config_get_int -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "..." -.Fc -.Ft int -.Fo krb5_config_get_int_default -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "int def_value" -.Fa "..." -.Fc -.Ft const char* -.Fo krb5_config_get_string -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "..." -.Fc -.Ft const char* -.Fo krb5_config_get_string_default -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "const char *def_value" -.Fa "..." -.Fc -.Ft "char**" -.Fo krb5_config_get_strings -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "..." -.Fc -.Ft int -.Fo krb5_config_get_time -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "..." -.Fc -.Ft int -.Fo krb5_config_get_time_default -.Fa "krb5_context context" -.Fa "krb5_config_section *c" -.Fa "int def_value" -.Fa "..." -.Fc -.Ft krb5_error_code -.Fo krb5_config_parse_file -.Fa "krb5_context context" -.Fa "const char *fname" -.Fa "krb5_config_section **res" -.Fc -.Ft krb5_error_code -.Fo krb5_config_parse_file_multi -.Fa "krb5_context context" -.Fa "const char *fname" -.Fa "krb5_config_section **res" -.Fc -.Ft "const void *" -.Fo krb5_config_vget -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "int type" -.Fa "va_list args" -.Fc -.Ft krb5_boolean -.Fo krb5_config_vget_bool -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "va_list args" -.Fc -.Ft krb5_boolean -.Fo krb5_config_vget_bool_default -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "krb5_boolean def_value" -.Fa "va_list args" -.Fc -.Ft int -.Fo krb5_config_vget_int -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "va_list args" -.Fc -.Ft int -.Fo krb5_config_vget_int_default -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "int def_value" -.Fa "va_list args" -.Fc -.Ft "const krb5_config_binding *" -.Fo krb5_config_vget_list -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "va_list args" -.Fc -.Ft "const void *" -.Fo krb5_config_vget_next -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "const krb5_config_binding **pointer" -.Fa "int type" -.Fa "va_list args" -.Fc -.Ft "const char *" -.Fo krb5_config_vget_string -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "va_list args" -.Fc -.Ft "const char *" -.Fo krb5_config_vget_string_default -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "const char *def_value" -.Fa "va_list args" -.Fc -.Ft char ** -.Fo krb5_config_vget_strings -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "va_list args" -.Fc -.Ft int -.Fo krb5_config_vget_time -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "va_list args" -.Fc -.Ft int -.Fo krb5_config_vget_time_default -.Fa "krb5_context context" -.Fa "const krb5_config_section *c" -.Fa "int def_value" -.Fa "va_list args" -.Fc -.Sh DESCRIPTION -These functions get values from the -.Xr krb5.conf 5 -configuration file, or another configuration database specified by the -.Fa c -parameter. -.Pp -The variable arguments should be a list of strings naming each -subsection to look for. For example: -.Bd -literal -offset indent -krb5_config_get_bool_default(context, NULL, FALSE, - "libdefaults", "log_utc", NULL); -.Ed -.Pp -gets the boolean value for the -.Dv log_utc -option, defaulting to -.Dv FALSE . -.Pp -.Fn krb5_config_get_bool_default -will convert the option value to a boolean value, where -.Sq yes , -.Sq true , -and any non-zero number means -.Dv TRUE , -and any other value -.Dv FALSE . -.Pp -.Fn krb5_config_get_int_default -will convert the value to an integer. -.Pp -.Fn krb5_config_get_time_default -will convert the value to a period of time (not a time stamp) in -seconds, so the string -.Sq 2 weeks -will be converted to -1209600 (2 * 7 * 24 * 60 * 60). -.Pp -.Fn krb5_config_get_string -returns a -.Ft "const char *" -to a string in the configuration database. The string not be valid -after reload of the configuration database -.\" or a call to .Fn krb5_config_set_string , -so a caller should make a local copy if its need to keep the database. -.Pp -.Fn krb5_config_free_strings -free -.Fa strings -as returned by -.Fn krb5_config_get_strings -and -.Fn krb5_config_vget_strings . -If the argument -.Fa strings -is a -.Dv NULL -pointer, no action occurs. -.Pp -.Fn krb5_config_file_free -free the result of -.Fn krb5_config_parse_file -and -.Fn krb5_config_parse_file_multi . -.Sh SEE ALSO -.Xr krb5_appdefault 3 , -.Xr krb5_init_context 3 , -.Xr krb5.conf 5 -.Sh BUGS -For the default functions, other than for the string case, there's no -way to tell whether there was a value specified or not. diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 index 43d5b4e5d32..06d806e1441 100644 --- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 +++ b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1999-2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 1999-2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_create_checksum.3 15921 2005-08-12 09:01:22Z lha $ +.\" $Id$ .\" .Dd August 12, 2005 .Dt NAME 3 @@ -217,7 +217,7 @@ and keyblock Note that keyusage is not always used in checksums. .Pp .Nm krb5_checksum_disable -globally disables the checksum type. +globally disables the checksum type. .\" .Sh EXAMPLE .\" .Sh BUGS .Sh SEE ALSO diff --git a/crypto/heimdal/lib/krb5/krb5_creds.3 b/crypto/heimdal/lib/krb5/krb5_creds.3 index 9eb9a2be949..b22550e6c95 100644 --- a/crypto/heimdal/lib/krb5/krb5_creds.3 +++ b/crypto/heimdal/lib/krb5/krb5_creds.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004, 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_creds.3 17383 2006-05-01 07:13:03Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_CREDS 3 @@ -104,7 +104,7 @@ should be freed by the called with .Fn krb5_free_creds_contents . .Pp .Fn krb5_free_creds -frees the content of the +frees the content of the .Fa cred structure and the structure itself. .Pp diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 deleted file mode 100644 index 822006e08f4..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 +++ /dev/null @@ -1,67 +0,0 @@ -.\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_crypto_init.3 13563 2004-03-20 12:00:01Z lha $ -.\" -.Dd April 7, 1999 -.Dt NAME 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_crypto_destroy , -.Nm krb5_crypto_init -.Nd encryption support in krb5 -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_error_code -.Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto" -.Ft krb5_error_code -.Fn krb5_crypto_destroy "krb5_context context" "krb5_crypto crypto" -.Sh DESCRIPTION -Heimdal exports parts of the Kerberos crypto interface for applications. -.Pp -Each kerberos encrytion/checksum function takes a crypto context. -.Pp -To setup and destroy crypto contextes there are two functions -.Fn krb5_crypto_init -and -.Fn krb5_crypto_destroy . -The encryption type to use is taken from the key, but can be overridden -with the -.Fa enctype parameter . -This can be useful for encryptions types which is compatiable (DES for -example). -.\" .Sh EXAMPLE -.\" .Sh BUGS -.Sh SEE ALSO -.Xr krb5_create_checksum 3 , -.Xr krb5_encrypt 3 diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3 deleted file mode 100644 index 2ccff19251d..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_data.3 +++ /dev/null @@ -1,159 +0,0 @@ -.\" Copyright (c) 2003 - 2005, 2007 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_data.3 20040 2007-01-23 20:35:12Z lha $ -.\" -.Dd Jan 23, 2007 -.Dt KRB5_DATA 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_data , -.Nm krb5_data_zero , -.Nm krb5_data_free , -.Nm krb5_free_data_contents , -.Nm krb5_free_data , -.Nm krb5_data_alloc , -.Nm krb5_data_realloc , -.Nm krb5_data_copy , -.Nm krb5_copy_data , -.Nm krb5_data_cmp -.Nd operates on the Kerberos datatype krb5_data -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Li "struct krb5_data;" -.Ft void -.Fn krb5_data_zero "krb5_data *p" -.Ft void -.Fn krb5_data_free "krb5_data *p" -.Ft void -.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p" -.Ft void -.Fn krb5_free_data "krb5_context context" "krb5_data *p" -.Ft krb5_error_code -.Fn krb5_data_alloc "krb5_data *p" "int len" -.Ft krb5_error_code -.Fn krb5_data_realloc "krb5_data *p" "int len" -.Ft krb5_error_code -.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len" -.Ft krb5_error_code -.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata" -.Ft krb5_error_code -.Fn krb5_data_cmp "const krb5_data *data1" "const krb5_data *data2" -.Sh DESCRIPTION -The -.Li krb5_data -structure holds a data element. -The structure contains two public accessible elements -.Fa length -(the length of data) -and -.Fa data -(the data itself). -The structure must always be initiated and freed by the functions -documented in this manual. -.Pp -.Fn krb5_data_zero -resets the content of -.Fa p . -.Pp -.Fn krb5_data_free -free the data in -.Fa p -and reset the content of the structure with -.Fn krb5_data_zero . -.Pp -.Fn krb5_free_data_contents -works the same way as -.Fa krb5_data_free . -The diffrence is that krb5_free_data_contents is more portable (exists -in MIT api). -.Pp -.Fn krb5_free_data -frees the data in -.Fa p -and -.Fa p -itself. -.Pp -.Fn krb5_data_alloc -allocates -.Fa len -bytes in -.Fa p . -Returns 0 or an error. -.Pp -.Fn krb5_data_realloc -reallocates the length of -.Fa p -to the length in -.Fa len . -Returns 0 or an error. -.Pp -.Fn krb5_data_copy -copies the -.Fa data -that have the length -.Fa len -into -.Fa p . -.Fa p -is not freed so the calling function should make sure the -.Fa p -doesn't contain anything needs to be freed. -Returns 0 or an error. -.Pp -.Fn krb5_copy_data -copies the -.Li krb5_data -in -.Fa indata -to -.Fa outdata . -.Fa outdata -is not freed so the calling function should make sure the -.Fa outdata -doesn't contain anything needs to be freed. -.Fa outdata -should be freed using -.Fn krb5_free_data . -Returns 0 or an error. -.Pp -.Fn krb5_data_cmp -will compare two data object and check if they are the same in a -simular way as memcmp does it. The return value can be used for -sorting. -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5_storage 3 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_digest.3 b/crypto/heimdal/lib/krb5/krb5_digest.3 index f9d7571b072..a4ee75631a6 100644 --- a/crypto/heimdal/lib/krb5/krb5_digest.3 +++ b/crypto/heimdal/lib/krb5/krb5_digest.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan +.\" Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_digest.3 20259 2007-02-17 23:49:54Z lha $ +.\" $Id$ .\" .Dd February 18, 2007 .Dt KRB5_DIGEST 3 diff --git a/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3 b/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3 index fcada92bc94..0c83a33f8cd 100644 --- a/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3 +++ b/crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_eai_to_heim_errno.3 14086 2004-08-03 11:13:46Z lha $ +.\" $Id$ .\" .Dd April 13, 2004 .Dt KRB5_EAI_TO_HEIM_ERRNO 3 diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3 index 76cb4c700c1..2b1f58708c8 100644 --- a/crypto/heimdal/lib/krb5/krb5_encrypt.3 +++ b/crypto/heimdal/lib/krb5/krb5_encrypt.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_encrypt.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd March 20, 2004 .Dt KRB5_ENCRYPT 3 @@ -141,7 +141,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft krb5_error_code .Fo krb5_crypto_getconfoundersize .Fa "krb5_context context" -.Fa "krb5_crypto crypto +.Fa "krb5_crypto crypto" .Fa size_t *confoundersize" .Fc .Ft krb5_error_code @@ -199,7 +199,7 @@ should be the appropriate key-usage. .Fa ivec is a pointer to a initial IV, it is modified to the end IV at the end of the round. -Ivec should be the size of +Ivec should be the size of If .Dv NULL is passed in, the default IV is used. @@ -229,7 +229,7 @@ and works similarly. .Pp .Fn krb5_decrypt_ticket -decrypts the encrypted part of +decrypts the encrypted part of .Fa ticket with .Fa key . diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et index 6714401e450..098e04b9592 100644 --- a/crypto/heimdal/lib/krb5/krb5_err.et +++ b/crypto/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $" +id "$Id$" error_table krb5 @@ -106,11 +106,17 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo #error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC" #error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC" -# 82-127 are reserved +# 82-93 are reserved + +index 94 +error_code INVALID_HASH_ALG, "Invalid OTP digest algorithm" +error_code INVALID_ITERATION_COUNT, "Invalid OTP iteration count" + +# 97-127 are reserved index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 21050 2007-06-12 02:00:40Z lha $" +error_code KRB5_ERR_RCSID, "$Id$" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" @@ -262,5 +268,7 @@ error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC" error_code KRB5_ERR_NO_SERVICE, "Service not available" error_code KRB5_CC_NOSUPP, "Credential cache function not supported" error_code KRB5_DELTAT_BADFORMAT, "Invalid format of Kerberos lifetime or clock skew string" +error_code KRB5_PLUGIN_NO_HANDLE, "Supplied data not handled by this plugin" +error_code KRB5_PLUGIN_OP_NOTSUPP, "Plugin does not support the operaton" end diff --git a/crypto/heimdal/lib/krb5/krb5_expand_hostname.3 b/crypto/heimdal/lib/krb5/krb5_expand_hostname.3 deleted file mode 100644 index ffd98dad168..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_expand_hostname.3 +++ /dev/null @@ -1,93 +0,0 @@ -.\" Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_expand_hostname.3 17461 2006-05-05 13:13:18Z lha $ -.\" -.Dd May 5, 2006 -.Dt KRB5_EXPAND_HOSTNAME 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_expand_hostname , -.Nm krb5_expand_hostname_realms -.Nd Kerberos 5 host name canonicalization functions -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Ft krb5_error_code -.Fo krb5_expand_hostname -.Fa "krb5_context context" -.Fa "const char *orig_hostname" -.Fa "char **new_hostname" -.Fc -.Ft krb5_error_code -.Fo krb5_expand_hostname_realms -.Fa "krb5_context context" -.Fa "const char *orig_hostname" -.Fa "char **new_hostname" -.Fa "char ***realms" -.Fc -.Sh DESCRIPTION -.Fn krb5_expand_hostname -tries to make -.Fa orig_hostname -into a more canonical one in the newly allocated space returned in -.Fa new_hostname . -Caller must free the hostname with -.Xr free 3 . -.Pp -.Fn krb5_expand_hostname_realms -expands -.Fa orig_hostname -to a name we believe to be a hostname in newly -allocated space in -.Fa new_hostname -and return the realms -.Fa new_hostname -is belive to belong to in -.Fa realms . -.Fa Realms -is a array terminated with -.Dv NULL . -Caller must free the -.Fa realms -with -.Fn krb5_free_host_realm -and -.Fa new_hostname -with -.Xr free 3 . -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5_free_host_realm 3 , -.Xr krb5_get_host_realm 3 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_find_padata.3 b/crypto/heimdal/lib/krb5/krb5_find_padata.3 index b7267849315..377a2cb0efb 100644 --- a/crypto/heimdal/lib/krb5/krb5_find_padata.3 +++ b/crypto/heimdal/lib/krb5/krb5_find_padata.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_find_padata.3 13595 2004-03-21 13:17:41Z lha $ +.\" $Id$ .\" .Dd March 21, 2004 .Dt KRB5_FIND_PADATA 3 diff --git a/crypto/heimdal/lib/krb5/krb5_generate_random_block.3 b/crypto/heimdal/lib/krb5/krb5_generate_random_block.3 index 4b46954fa90..8fad9493f4b 100644 --- a/crypto/heimdal/lib/krb5/krb5_generate_random_block.3 +++ b/crypto/heimdal/lib/krb5/krb5_generate_random_block.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_generate_random_block.3 17385 2006-05-01 08:48:55Z lha $ +.\" $Id$ .\" .Dd March 21, 2004 .Dt KRB5_GENERATE_RANDOM_BLOCK 3 diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 index f6f4c85c97a..56a5322399b 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_all_client_addrs.3 12329 2003-05-26 14:09:04Z lha $ +.\" $Id$ .\" .Dd July 1, 2001 .Dt KRB5_GET_ADDRS 3 diff --git a/crypto/heimdal/lib/krb5/krb5_get_credentials.3 b/crypto/heimdal/lib/krb5/krb5_get_credentials.3 index 32e0ffe1eef..112f308277e 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_credentials.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_credentials.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_credentials.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd July 26, 2004 .Dt KRB5_GET_CREDENTIALS 3 @@ -37,8 +37,6 @@ .Sh NAME .Nm krb5_get_credentials , .Nm krb5_get_credentials_with_flags , -.Nm krb5_get_cred_from_kdc , -.Nm krb5_get_cred_from_kdc_opt , .Nm krb5_get_kdc_cred , .Nm krb5_get_renewed_creds .Nd get credentials from the KDC using krbtgt @@ -64,23 +62,6 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fa "krb5_creds **out_creds" .Fc .Ft krb5_error_code -.Fo krb5_get_cred_from_kdc -.Fa "krb5_context context" -.Fa "krb5_ccache ccache" -.Fa "krb5_creds *in_creds" -.Fa "krb5_creds **out_creds" -.Fa "krb5_creds ***ret_tgts" -.Fc -.Ft krb5_error_code -.Fo krb5_get_cred_from_kdc_opt -.Fa "krb5_context context" -.Fa "krb5_ccache ccache" -.Fa "krb5_creds *in_creds" -.Fa "krb5_creds **out_creds" -.Fa "krb5_creds ***ret_tgts" -.Fa "krb5_flags flags" -.Fc -.Ft krb5_error_code .Fo krb5_get_kdc_cred .Fa "krb5_context context" .Fa "krb5_ccache id" @@ -121,7 +102,7 @@ Valid flags to pass into .Fa options argument are: .Pp -.Bl -tag -width "KRB5_GC_USER_USER" -compact +.Bl -tag -width "KRB5_GC_EXPIRED_OK" -compact .It KRB5_GC_CACHED Only check the .Fa ccache , @@ -147,14 +128,6 @@ except that the .Fa flags field is missing. .Pp -.Fn krb5_get_cred_from_kdc -and -.Fn krb5_get_cred_from_kdc_opt -fetches the credential from the KDC very much like -.Fn krb5_get_credentials, but doesn't look in the -.Fa ccache -if the credential exists there first. -.Pp .Fn krb5_get_kdc_cred does the same as the functions above, but the caller must fill in all the information andits closer to the wire protocol. @@ -185,7 +158,7 @@ getcred(krb5_context context, krb5_ccache id, krb5_creds **creds) krb5_error_code ret; krb5_creds in; - ret = krb5_parse_name(context, "client@EXAMPLE.COM", + ret = krb5_parse_name(context, "client@EXAMPLE.COM", &in.client); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); diff --git a/crypto/heimdal/lib/krb5/krb5_get_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_creds.3 index 189c93f408d..e0ab8a91db6 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_creds.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_creds.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_creds.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd June 15, 2006 .Dt KRB5_GET_CREDS 3 diff --git a/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3 index bbe46ec4478..a6483177b2c 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_forwarded_creds.3 14068 2004-07-26 13:34:33Z lha $ +.\" $Id$ .\" .Dd July 26, 2004 .Dt KRB5_GET_FORWARDED_CREDS 3 diff --git a/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 b/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 index 290e3c5c694..c415aeca35c 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_in_cred.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_in_cred.3 17593 2006-05-29 14:55:18Z lha $ +.\" $Id$ .\" .Dd May 31, 2003 .Dt KRB5_GET_IN_TKT 3 @@ -169,7 +169,7 @@ but are more specialized. .Nm krb5_get_in_tkt_with_password uses the clients password to authenticate. If the password argument is -.DV NULL +.Dv NULL the user user queried with the default password query function. .Pp .Nm krb5_get_in_tkt_with_keytab diff --git a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 index 3838c1449a5..764efb47e44 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_init_creds.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_init_creds.3 20266 2007-02-18 10:41:10Z lha $ +.\" $Id$ .\" .Dd Sep 16, 2006 .Dt KRB5_GET_INIT_CREDS 3 @@ -222,7 +222,7 @@ Getting initial credential ticket for a principal. That may include changing an expired password, and doing preauthentication. This interface that replaces the deprecated .Fa krb5_in_tkt -and +and .Fa krb5_in_cred functions. .Pp diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 index d613a0d6df1..55fb8f2a0b0 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_get_krbhst.3 14905 2005-04-24 07:46:59Z lha $ +.\" $Id$ .\" .Dd April 24, 2005 .Dt KRB5_GET_KRBHST 3 diff --git a/crypto/heimdal/lib/krb5/krb5_getportbyname.3 b/crypto/heimdal/lib/krb5/krb5_getportbyname.3 index 14360609003..0e9b7cbac8e 100644 --- a/crypto/heimdal/lib/krb5/krb5_getportbyname.3 +++ b/crypto/heimdal/lib/krb5/krb5_getportbyname.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_getportbyname.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd August 15, 2004 .Dt NAME 3 diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index cf9d6969850..3a6199b9547 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001 - 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_init_context.3 19980 2007-01-17 18:06:33Z lha $ +.\" $Id$ .\" .Dd December 8, 2004 .Dt KRB5_CONTEXT 3 @@ -156,7 +156,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fa "const char *filelist" .Fa "char ***pfilenames" .Fc -.Ft krb5_error_code +.Ft krb5_error_code .Fo krb5_get_default_config_files .Fa "char ***pfilenames" .Fc @@ -211,7 +211,7 @@ libs to This is done by .Fn krb5_init_context . .Pp -.Fn krb5_add_et_list +.Fn krb5_add_et_list adds a .Xr com_err 3 error-code handler @@ -219,7 +219,7 @@ error-code handler to the specified .Fa context . The error handler must generated by the the re-rentrant version of the -.Xr compile_et 3 +.Xr compile_et 1 program. .Fn krb5_add_extra_addresses add a list of addresses that should be added when requesting tickets. @@ -265,7 +265,7 @@ set the list of configuration files to use and re-initialize the configuration from the files. .Pp .Fn krb5_prepend_config_files -parse the +parse the .Fa filelist and prepend the result to the already existing list .Fa pq @@ -275,7 +275,7 @@ and should be freed with .Fn krb5_free_config_files . .Pp .Fn krb5_prepend_config_files_default -parse the +parse the .Fa filelist and append that to the default list of configuration files. diff --git a/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3 b/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3 index 9f0a919d357..1a73e853e8b 100644 --- a/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3 +++ b/crypto/heimdal/lib/krb5/krb5_is_thread_safe.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_is_thread_safe.3 17462 2006-05-05 13:18:39Z lha $ +.\" $Id$ .\" .Dd May 5, 2006 .Dt KRB5_IS_THREAD_SAFE 3 @@ -50,7 +50,7 @@ returns if the library was compiled with with multithread support. If the library isn't compiled, the consumer have to use a global lock to make sure Kerboros functions are not called at the same time by -diffrent threads. +different threads. .\" .Sh EXAMPLE .\" .Sh BUGS .Sh SEE ALSO diff --git a/crypto/heimdal/lib/krb5/krb5_keyblock.3 b/crypto/heimdal/lib/krb5/krb5_keyblock.3 deleted file mode 100644 index 9fabd32a0d0..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_keyblock.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_keyblock.3 17385 2006-05-01 08:48:55Z lha $ -.\" -.Dd May 1, 2006 -.Dt KRB5_KEYBLOCK 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_keyblock , -.Nm krb5_keyblock_get_enctype , -.Nm krb5_copy_keyblock , -.Nm krb5_copy_keyblock_contents , -.Nm krb5_free_keyblock , -.Nm krb5_free_keyblock_contents , -.Nm krb5_generate_random_keyblock , -.Nm krb5_generate_subkey , -.Nm krb5_generate_subkey_extended , -.Nm krb5_keyblock_init , -.Nm krb5_keyblock_zero , -.Nm krb5_random_to_key -.Nd Kerberos 5 key handling functions -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Li krb5_keyblock ; -.Ft krb5_enctype -.Fo krb5_keyblock_get_enctype -.Fa "const krb5_keyblock *block" -.Fc -.Ft krb5_error_code -.Fo krb5_copy_keyblock -.Fa "krb5_context context" -.Fa "krb5_keyblock **to" -.Fc -.Ft krb5_error_code -.Fo krb5_copy_keyblock_contents -.Fa "krb5_context context" -.Fa "const krb5_keyblock *inblock" -.Fa "krb5_keyblock *to" -.Fc -.Ft void -.Fo krb5_free_keyblock -.Fa "krb5_context context" -.Fa "krb5_keyblock *keyblock" -.Fc -.Ft void -.Fo krb5_free_keyblock_contents -.Fa "krb5_context context" -.Fa "krb5_keyblock *keyblock" -.Fc -.Ft krb5_error_code -.Fo krb5_generate_random_keyblock -.Fa "krb5_context context" -.Fa "krb5_enctype type" -.Fa "krb5_keyblock *key" -.Fc -.Ft krb5_error_code -.Fo krb5_generate_subkey -.Fa "krb5_context context" -.Fa "const krb5_keyblock *key" -.Fa "krb5_keyblock **subkey" -.Fc -.Ft krb5_error_code -.Fo krb5_generate_subkey_extended -.Fa "krb5_context context" -.Fa "const krb5_keyblock *key" -.Fa "krb5_enctype enctype" -.Fa "krb5_keyblock **subkey" -.Fc -.Ft krb5_error_code -.Fo krb5_keyblock_init -.Fa "krb5_context context" -.Fa "krb5_enctype type" -.Fa "const void *data" -.Fa "size_t size" -.Fa "krb5_keyblock *key" -.Fc -.Ft void -.Fo krb5_keyblock_zero -.Fa "krb5_keyblock *keyblock" -.Fc -.Ft krb5_error_code -.Fo krb5_random_to_key -.Fa "krb5_context context" -.Fa "krb5_enctype type" -.Fa "const void *data" -.Fa "size_t size" -.Fa "krb5_keyblock *key" -.Fc -.Sh DESCRIPTION -.Li krb5_keyblock -holds the encryption key for a specific encryption type. -There is no component inside -.Li krb5_keyblock -that is directly referable. -.Pp -.Fn krb5_keyblock_get_enctype -returns the encryption type of the keyblock. -.Pp -.Fn krb5_copy_keyblock -makes a copy the keyblock -.Fa inblock -to the -output -.Fa out . -.Fa out -should be freed by the caller with -.Fa krb5_free_keyblock . -.Pp -.Fn krb5_copy_keyblock_contents -copies the contents of -.Fa inblock -to the -.Fa to -keyblock. -The destination keyblock is overritten. -.Pp -.Fn krb5_free_keyblock -zeros out and frees the content and the keyblock itself. -.Pp -.Fn krb5_free_keyblock_contents -zeros out and frees the content of the keyblock. -.Pp -.Fn krb5_generate_random_keyblock -creates a new content of the keyblock -.Fa key -of type encrytion type -.Fa type . -The content of -.Fa key -is overwritten and not freed, so the caller should be sure it is -freed before calling the function. -.Pp -.Fn krb5_generate_subkey -generates a -.Fa subkey -of the same type as -.Fa key . -The caller must free the subkey with -.Fa krb5_free_keyblock . -.Pp -.Fn krb5_generate_subkey_extended -generates a -.Fa subkey -of the specified encryption type -.Fa type . -If -.Fa type -is -.Dv ETYPE_NULL , -of the same type as -.Fa key . -The caller must free the subkey with -.Fa krb5_free_keyblock . -.Pp -.Fn krb5_keyblock_init -Fill in -.Fa key -with key data of type -.Fa enctype -from -.Fa data -of length -.Fa size . -Key should be freed using -.Fn krb5_free_keyblock_contents . -.Pp -.Fn krb5_keyblock_zero -zeros out the keyblock to to make sure no keymaterial is in -memory. -Note that -.Fn krb5_free_keyblock_contents -also zeros out the memory. -.Pp -.Fn krb5_random_to_key -converts the random bytestring to a protocol key according to Kerberos -crypto frame work. -It the resulting key will be of type -.Fa enctype . -It may be assumed that all the bits of the input string are equally -random, even though the entropy present in the random source may be -limited -.\" .Sh EXAMPLES -.Sh SEE ALSO -.Xr krb5_crypto_init 3 , -.Xr krb5 3 , -.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3 deleted file mode 100644 index b6cb1a26cc0..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_keytab.3 +++ /dev/null @@ -1,482 +0,0 @@ -.\" Copyright (c) 2001 - 2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_keytab.3 22071 2007-11-14 20:04:50Z lha $ -.\" -.Dd August 12, 2005 -.Dt KRB5_KEYTAB 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_kt_ops , -.Nm krb5_keytab_entry , -.Nm krb5_kt_cursor , -.Nm krb5_kt_add_entry , -.Nm krb5_kt_close , -.Nm krb5_kt_compare , -.Nm krb5_kt_copy_entry_contents , -.Nm krb5_kt_default , -.Nm krb5_kt_default_modify_name , -.Nm krb5_kt_default_name , -.Nm krb5_kt_end_seq_get , -.Nm krb5_kt_free_entry , -.Nm krb5_kt_get_entry , -.Nm krb5_kt_get_name , -.Nm krb5_kt_get_type , -.Nm krb5_kt_next_entry , -.Nm krb5_kt_read_service_key , -.Nm krb5_kt_register , -.Nm krb5_kt_remove_entry , -.Nm krb5_kt_resolve , -.Nm krb5_kt_start_seq_get -.Nd manage keytab (key storage) files -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Ft krb5_error_code -.Fo krb5_kt_add_entry -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fa "krb5_keytab_entry *entry" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_close -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fc -.Ft krb5_boolean -.Fo krb5_kt_compare -.Fa "krb5_context context" -.Fa "krb5_keytab_entry *entry" -.Fa "krb5_const_principal principal" -.Fa "krb5_kvno vno" -.Fa "krb5_enctype enctype" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_copy_entry_contents -.Fa "krb5_context context" -.Fa "const krb5_keytab_entry *in" -.Fa "krb5_keytab_entry *out" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_default -.Fa "krb5_context context" -.Fa "krb5_keytab *id" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_default_modify_name -.Fa "krb5_context context" -.Fa "char *name" -.Fa "size_t namesize" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_default_name -.Fa "krb5_context context" -.Fa "char *name" -.Fa "size_t namesize" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_end_seq_get -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fa "krb5_kt_cursor *cursor" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_free_entry -.Fa "krb5_context context" -.Fa "krb5_keytab_entry *entry" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_get_entry -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fa "krb5_const_principal principal" -.Fa "krb5_kvno kvno" -.Fa "krb5_enctype enctype" -.Fa "krb5_keytab_entry *entry" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_get_name -.Fa "krb5_context context" -.Fa "krb5_keytab keytab" -.Fa "char *name" -.Fa "size_t namesize" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_get_type -.Fa "krb5_context context" -.Fa "krb5_keytab keytab" -.Fa "char *prefix" -.Fa "size_t prefixsize" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_next_entry -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fa "krb5_keytab_entry *entry" -.Fa "krb5_kt_cursor *cursor" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_read_service_key -.Fa "krb5_context context" -.Fa "krb5_pointer keyprocarg" -.Fa "krb5_principal principal" -.Fa "krb5_kvno vno" -.Fa "krb5_enctype enctype" -.Fa "krb5_keyblock **key" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_register -.Fa "krb5_context context" -.Fa "const krb5_kt_ops *ops" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_remove_entry -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fa "krb5_keytab_entry *entry" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_resolve -.Fa "krb5_context context" -.Fa "const char *name" -.Fa "krb5_keytab *id" -.Fc -.Ft krb5_error_code -.Fo krb5_kt_start_seq_get -.Fa "krb5_context context" -.Fa "krb5_keytab id" -.Fa "krb5_kt_cursor *cursor" -.Fc -.Sh DESCRIPTION -A keytab name is on the form -.Li type:residual . -The -.Li residual -part is specific to each keytab-type. -.Pp -When a keytab-name is resolved, the type is matched with an internal -list of keytab types. If there is no matching keytab type, -the default keytab is used. The current default type is -.Nm file . -The default value can be changed in the configuration file -.Pa /etc/krb5.conf -by setting the variable -.Li [defaults]default_keytab_name . -.Pp -The keytab types that are implemented in Heimdal -are: -.Bl -tag -width Ds -.It Nm file -store the keytab in a file, the type's name is -.Li FILE . -The residual part is a filename. -For compatibility with other Kerberos implemtation -.Li WRFILE -and -.LI JAVA14 -is also accepted. -.Li WRFILE -has the same format as -.Li FILE . -.Li JAVA14 -have a format that is compatible with older versions of MIT kerberos -and SUN's Java based installation. They store a truncted kvno, so -when the knvo excess 255, they are truncted in this format. -.It Nm keyfile -store the keytab in a -.Li AFS -keyfile (usually -.Pa /usr/afs/etc/KeyFile ) , -the type's name is -.Li AFSKEYFILE . -The residual part is a filename. -.It Nm krb4 -the keytab is a Kerberos 4 -.Pa srvtab -that is on-the-fly converted to a keytab. The type's name is -.Li krb4 . -The residual part is a filename. -.It Nm memory -The keytab is stored in a memory segment. This allows sensitive and/or -temporary data not to be stored on disk. The type's name is -.Li MEMORY . -Each -.Li MEMORY -keytab is referenced counted by and opened by the residual name, so two -handles can point to the same memory area. -When the last user closes the entry, it disappears. -.El -.Pp -.Nm krb5_keytab_entry -holds all data for an entry in a keytab file, like principal name, -key-type, key, key-version number, etc. -.Nm krb5_kt_cursor -holds the current position that is used when iterating through a -keytab entry with -.Fn krb5_kt_start_seq_get , -.Fn krb5_kt_next_entry , -and -.Fn krb5_kt_end_seq_get . -.Pp -.Nm krb5_kt_ops -contains the different operations that can be done to a keytab. This -structure is normally only used when doing a new keytab-type -implementation. -.Pp -.Fn krb5_kt_resolve -is the equivalent of an -.Xr open 2 -on keytab. Resolve the keytab name in -.Fa name -into a keytab in -.Fa id . -Returns 0 or an error. The opposite of -.Fn krb5_kt_resolve -is -.Fn krb5_kt_close . -.Pp -.Fn krb5_kt_close -frees all resources allocated to the keytab, even on failure. -Returns 0 or an error. -.Pp -.Fn krb5_kt_default -sets the argument -.Fa id -to the default keytab. -Returns 0 or an error. -.Pp -.Fn krb5_kt_default_modify_name -copies the name of the default modify keytab into -.Fa name . -Return 0 or KRB5_CONFIG_NOTENUFSPACE if -.Fa namesize -is too short. -.Pp -.Fn krb5_kt_default_name -copies the name of the default keytab into -.Fa name . -Return 0 or KRB5_CONFIG_NOTENUFSPACE if -.Fa namesize -is too short. -.Pp -.Fn krb5_kt_add_entry -adds a new -.Fa entry -to the keytab -.Fa id . -.Li KRB5_KT_NOWRITE -is returned if the keytab is a readonly keytab. -.Pp -.Fn krb5_kt_compare -compares the passed in -.Fa entry -against -.Fa principal , -.Fa vno , -and -.Fa enctype . -Any of -.Fa principal , -.Fa vno -or -.Fa enctype -might be 0 which acts as a wildcard. Return TRUE if they compare the -same, FALSE otherwise. -.Pp -.Fn krb5_kt_copy_entry_contents -copies the contents of -.Fa in -into -.Fa out . -Returns 0 or an error. -.Pp -.Fn krb5_kt_get_name -retrieves the name of the keytab -.Fa keytab -into -.Fa name , -.Fa namesize . -Returns 0 or an error. -.Pp -.Fn krb5_kt_get_type -retrieves the type of the keytab -.Fa keytab -and store the prefix/name for type of the keytab into -.Fa prefix , -.Fa prefixsize . -The prefix will have the maximum length of -.Dv KRB5_KT_PREFIX_MAX_LEN -(including terminating -.Dv NUL ) . -Returns 0 or an error. -.Pp -.Fn krb5_kt_free_entry -frees the contents of -.Fa entry . -.Pp -.Fn krb5_kt_start_seq_get -sets -.Fa cursor -to point at the beginning of -.Fa id . -Returns 0 or an error. -.Pp -.Fn krb5_kt_next_entry -gets the next entry from -.Fa id -pointed to by -.Fa cursor -and advance the -.Fa cursor . -On success the returne entry must be freed with -.Fn krb5_kt_free_entry . -Returns 0 or an error. -.Pp -.Fn krb5_kt_end_seq_get -releases all resources associated with -.Fa cursor . -.Pp -.Fn krb5_kt_get_entry -retrieves the keytab entry for -.Fa principal , -.Fa kvno , -.Fa enctype -into -.Fa entry -from the keytab -.Fa id . -When comparing an entry in the keytab to determine a match, the -function -.Fn krb5_kt_compare -is used, so the wildcard rules applies to the argument of -.F krb5_kt_get_entry -too. -On success the returne entry must be freed with -.Fn krb5_kt_free_entry . -Returns 0 or an error. -.Pp -.Fn krb5_kt_read_service_key -reads the key identified by -.Fa ( principal , -.Fa vno , -.Fa enctype ) -from the keytab in -.Fa keyprocarg -(the system default keytab if -.Dv NULL -is used) into -.Fa *key . -.Fa keyprocarg -is the same argument as to -.Fa name -argument to -.Fn krb5_kt_resolve . -Internal -.Fn krb5_kt_compare -will be used, so the same wildcard rules applies -to -.Fn krb5_kt_read_service_key . -On success the returned key must be freed with -.Fa krb5_free_keyblock . -Returns 0 or an error. -.Pp -.Fn krb5_kt_remove_entry -removes the entry -.Fa entry -from the keytab -.Fa id . -When comparing an entry in the keytab to determine a match, the -function -.Fn krb5_kt_compare -is use, so the wildcard rules applies to the argument of -.Fn krb5_kt_remove_entry . -Returns 0, -.Dv KRB5_KT_NOTFOUND -if not entry matched or another error. -.Pp -.Fn krb5_kt_register -registers a new keytab type -.Fa ops . -Returns 0 or an error. -.Sh EXAMPLES -This is a minimalistic version of -.Nm ktutil . -.Pp -.Bd -literal -int -main (int argc, char **argv) -{ - krb5_context context; - krb5_keytab keytab; - krb5_kt_cursor cursor; - krb5_keytab_entry entry; - krb5_error_code ret; - char *principal; - - if (krb5_init_context (&context) != 0) - errx(1, "krb5_context"); - - ret = krb5_kt_default (context, &keytab); - if (ret) - krb5_err(context, 1, ret, "krb5_kt_default"); - - ret = krb5_kt_start_seq_get(context, keytab, &cursor); - if (ret) - krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); - while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ - krb5_unparse_name_short(context, entry.principal, &principal); - printf("principal: %s\\n", principal); - free(principal); - krb5_kt_free_entry(context, &entry); - } - ret = krb5_kt_end_seq_get(context, keytab, &cursor); - if (ret) - krb5_err(context, 1, ret, "krb5_kt_end_seq_get"); - ret = krb5_kt_close(context, keytab); - if (ret) - krb5_err(context, 1, ret, "krb5_kt_close"); - krb5_free_context(context); - return 0; -} -.Ed -.Sh COMPATIBILITY -Heimdal stored the ticket flags in machine bit-field order before -Heimdal 0.7. The behavior is possible to change in with the option -.Li [libdefaults]fcc-mit-ticketflags . -Heimdal 0.7 also code to detech that ticket flags was in the wrong -order and correct them. This matters when doing delegation in GSS-API -because the client code looks at the flag to determin if it is possible -to do delegation if the user requested it. -.Sh SEE ALSO -.Xr krb5.conf 5 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 index 1d906bfafc0..8abb00fea49 100644 --- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001-2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001-2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_krbhst_init.3 15110 2005-05-10 09:21:06Z lha $ +.\" $Id$ .\" .Dd May 10, 2005 .Dt KRB5_KRBHST_INIT 3 diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3 deleted file mode 100644 index e5e5c9937de..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_kuserok.3 +++ /dev/null @@ -1,103 +0,0 @@ -.\" Copyright (c) 2003-2005 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_kuserok.3 15083 2005-05-04 12:11:22Z joda $ -.\" -.Dd May 4, 2005 -.Dt KRB5_KUSEROK 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_kuserok -.Nd "checks if a principal is permitted to login as a user" -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_boolean -.Fo krb5_kuserok -.Fa "krb5_context context" -.Fa "krb5_principal principal" -.Fa "const char *user" -.Fc -.Sh DESCRIPTION -This function takes the name of a local -.Fa user -and checks if -.Fa principal -is allowed to log in as that user. -.Pp -The -.Fa user -may have a -.Pa ~/.k5login -file listing principals that are allowed to login as that user. If -that file does not exist, all principals with a first component -identical to the username, and a realm considered local, are allowed -access. -.Pp -The -.Pa .k5login -file must contain one principal per line, be owned by -.Fa user , -and not be writable by group or other (but must be readable by -anyone). -.Pp -Note that if the file exists, no implicit access rights are given to -.Fa user Ns @ Ns Aq localrealm . -.Pp -Optionally, a set of files may be put in -.Pa ~/.k5login.d ( Ns -a directory), in which case they will all be checked in the same -manner as -.Pa .k5login . -The files may be called anything, but files starting with a hash -.Dq ( # ) , -or ending with a tilde -.Dq ( ~ ) -are ignored. Subdirectories are not traversed. Note that this -directory may not be checked by other implementations. -.Sh RETURN VALUES -.Nm -returns -.Dv TRUE -if access should be granted, -.Dv FALSE -otherwise. -.Sh HISTORY -The -.Pa ~/.k5login.d -feature appeared in Heimdal 0.7. -.Sh SEE ALSO -.Xr krb5_get_default_realms 3 , -.Xr krb5_verify_user 3 , -.Xr krb5_verify_user_lrealm 3 , -.Xr krb5_verify_user_opt 3 , -.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h index ef812dae7c9..d0c68927ffb 100644 --- a/crypto/heimdal/lib/krb5/krb5_locl.h +++ b/crypto/heimdal/lib/krb5/krb5_locl.h @@ -1,45 +1,44 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */ -/* $FreeBSD$ */ +/* $Id$ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ -#ifdef HAVE_CONFIG_H #include -#endif #include #include @@ -48,6 +47,8 @@ #include #include +#include + #ifdef HAVE_SYS_TYPES_H #include #endif @@ -117,6 +118,21 @@ struct sockaddr_dl; #include #endif +#include + +#include + +#define HEIMDAL_TEXTDOMAIN "heimdal_krb5" + +#ifdef LIBINTL +#include +#define N_(x,y) dgettext(HEIMDAL_TEXTDOMAIN, x) +#else +#define N_(x,y) (x) +#define bindtextdomain(package, localedir) +#endif + + #ifdef HAVE_CRYPT_H #undef des_encrypt #define des_encrypt wingless_pigs_mostly_fail_to_fly @@ -132,6 +148,9 @@ struct sockaddr_dl; #include #include +#include + +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" @@ -140,9 +159,11 @@ struct sockaddr_dl; struct send_to_kdc; /* XXX glue for pkinit */ +struct hx509_certs_data; struct krb5_pk_identity; struct krb5_pk_cert; struct ContentInfo; +struct AlgorithmIdentifier; typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx; struct krb5_dh_moduli; @@ -155,8 +176,11 @@ struct _krb5_krb_auth_data; #include #include #ifdef PKINIT -#include +#include #endif + +#include "crypto.h" + #include #include "heim_threads.h" @@ -164,17 +188,37 @@ struct _krb5_krb_auth_data; #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) +#ifndef __func__ +#define __func__ "unknown-function" +#endif + +#define krb5_einval(context, argnum) _krb5_einval((context), __func__, (argnum)) + +#ifndef PATH_SEP +#define PATH_SEP ":" +#endif + /* should this be public? */ -#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab" +#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" + #define MODULI_FILE SYSCONFDIR "/krb5.moduli" #ifndef O_BINARY #define O_BINARY 0 #endif -#define KRB5_BUFSIZ 1024 +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + + +#define KRB5_BUFSIZ 2048 typedef enum { KRB5_INIT_CREDS_TRISTATE_UNSET = 0, @@ -191,16 +235,25 @@ struct _krb5_get_init_creds_opt_private { krb5_get_init_creds_tristate req_pac; /* PKINIT */ krb5_pk_init_ctx pk_init_ctx; - KRB_ERROR *error; krb5_get_init_creds_tristate addressless; int flags; #define KRB5_INIT_CREDS_CANONICALIZE 1 #define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 +#define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4 + struct { + krb5_gic_process_last_req func; + void *ctx; + } lr; }; +typedef uint32_t krb5_enctype_set; + typedef struct krb5_context_data { krb5_enctype *etypes; - krb5_enctype *etypes_des; + krb5_enctype *etypes_des;/* deprecated */ + krb5_enctype *as_etypes; + krb5_enctype *tgs_etypes; + krb5_enctype *permitted_enctypes; char **default_realms; time_t max_skew; time_t kdc_timeout; @@ -210,7 +263,8 @@ typedef struct krb5_context_data { krb5_config_section *cf; struct et_list *et_list; struct krb5_log_facility *warn_dest; - krb5_cc_ops *cc_ops; + struct krb5_log_facility *debug_dest; + const krb5_cc_ops **cc_ops; int num_cc_ops; const char *http_proxy; const char *time_fmt; @@ -228,7 +282,7 @@ typedef struct krb5_context_data { struct krb5_keytab_data *kt_types; /* registered keytab types */ const char *date_fmt; char *error_string; - char error_buf[256]; + krb5_error_code error_code; krb5_addresses *ignore_addresses; char *default_cc_name; char *default_cc_name_env; @@ -238,16 +292,29 @@ typedef struct krb5_context_data { int flags; #define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1 #define KRB5_CTX_F_CHECK_PAC 2 +#define KRB5_CTX_F_HOMEDIR_ACCESS 4 +#define KRB5_CTX_F_SOCKETS_INITIALIZED 8 +#define KRB5_CTX_F_RD_REQ_IGNORE 16 struct send_to_kdc *send_to_kdc; +#ifdef PKINIT + hx509_context hx509ctx; +#endif } krb5_context_data; +#ifndef KRB5_USE_PATH_TOKENS #define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" +#else +#define KRB5_DEFAULT_CCNAME_FILE "FILE:%{TEMP}/krb5cc_%{uid}" +#endif #define KRB5_DEFAULT_CCNAME_API "API:" -#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}" +#define KRB5_DEFAULT_CCNAME_KCM_KCM "KCM:%{uid}" +#define KRB5_DEFAULT_CCNAME_KCM_API "API:%{uid}" #define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 #define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 #define EXTRACT_TICKET_MATCH_REALM 4 +#define EXTRACT_TICKET_AS_REQ 8 +#define EXTRACT_TICKET_TIMESYNC 16 /* * Configurable options @@ -265,4 +332,28 @@ typedef struct krb5_context_data { #define KRB5_ADDRESSLESS_DEFAULT TRUE #endif +#ifndef KRB5_FORWARDABLE_DEFAULT +#define KRB5_FORWARDABLE_DEFAULT TRUE +#endif + +#ifdef PKINIT + +struct krb5_pk_identity { + hx509_verify_ctx verify_ctx; + hx509_certs certs; + hx509_cert cert; + hx509_certs anchors; + hx509_certs certpool; + hx509_revoke_ctx revokectx; + int flags; +#define PKINIT_BTMM 1 +}; + +enum krb5_pk_type { + PKINIT_WIN2K = 1, + PKINIT_27 = 2 +}; + +#endif /* PKINIT */ + #endif /* __KRB5_LOCL_H__ */ diff --git a/crypto/heimdal/lib/krb5/krb5_mk_req.3 b/crypto/heimdal/lib/krb5/krb5_mk_req.3 index e37d8e7e975..41701b02992 100644 --- a/crypto/heimdal/lib/krb5/krb5_mk_req.3 +++ b/crypto/heimdal/lib/krb5/krb5_mk_req.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_mk_req.3 16100 2005-09-26 05:38:55Z lha $ +.\" $Id$ .\" .Dd August 27, 2005 .Dt KRB5_MK_REQ 3 @@ -123,7 +123,7 @@ or .Dv NULL passed in, in that case, it will be allocated and freed internally. .Pp -The input data +The input data .Fa in_data will have a checksum calculated over it and checksum will be transported in the message to the server. diff --git a/crypto/heimdal/lib/krb5/krb5_mk_safe.3 b/crypto/heimdal/lib/krb5/krb5_mk_safe.3 index 25b65411f80..e8f45598e48 100644 --- a/crypto/heimdal/lib/krb5/krb5_mk_safe.3 +++ b/crypto/heimdal/lib/krb5/krb5_mk_safe.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_mk_safe.3 17385 2006-05-01 08:48:55Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_MK_SAFE 3 diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3 index 4acad4175ae..28e9a1f4bc8 100644 --- a/crypto/heimdal/lib/krb5/krb5_openlog.3 +++ b/crypto/heimdal/lib/krb5/krb5_openlog.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_openlog.3 12329 2003-05-26 14:09:04Z lha $ +.\" $Id$ .Dd August 6, 1997 .Dt KRB5_OPENLOG 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index e876ee3cb0b..eb4a2d28c56 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan +.\" Copyright (c) 1997 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_parse_name.3 17385 2006-05-01 08:48:55Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_PARSE_NAME 3 diff --git a/crypto/heimdal/lib/krb5/krb5_principal.3 b/crypto/heimdal/lib/krb5/krb5_principal.3 index 1b0c2da32a9..2998130a80e 100644 --- a/crypto/heimdal/lib/krb5/krb5_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_principal.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_principal.3 21255 2007-06-21 04:36:31Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_PRINCIPAL 3 @@ -47,7 +47,6 @@ .Nm krb5_parse_name , .Nm krb5_parse_name_flags , .Nm krb5_parse_nametype , -.Nm krb5_princ_realm , .Nm krb5_princ_set_realm , .Nm krb5_principal_compare , .Nm krb5_principal_compare_any_realm , @@ -90,8 +89,6 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn "krb5_unparse_name_short" "krb5_context context" "krb5_const_principal principal" "char **name" .Ft krb5_error_code .Fn krb5_unparse_name_fixed_short "krb5_context context" "krb5_const_principal principal" "char *name" "size_t len" -.Ft krb5_realm * -.Fn krb5_princ_realm "krb5_context context" "krb5_principal principal" .Ft void .Fn krb5_princ_set_realm "krb5_context context" "krb5_principal principal" "krb5_realm *realm" .Ft krb5_error_code @@ -158,12 +155,12 @@ takes an extra argument the following flags can be passed in .Bl -tag -width Ds .It Dv KRB5_PRINCIPAL_PARSE_NO_REALM -requries the input string to be without a realm, and no realm is +requires the input string to be without a realm, and no realm is stored in the .Fa principal return argument. -.It Dv KRB5_PRINCIPAL_PARSE_MUST_REALM -requries the input string to with a realm. +.It Dv KRB5_PRINCIPAL_PARSE_REQUIRE_REALM +requires the input string to with a realm. .El .Pp .Fn krb5_unparse_name @@ -176,7 +173,7 @@ to the string .Fa name should be freed with .Xr free 3 . -To the +To the .Fa flags argument the following flags can be passed in .Bl -tag -width Ds @@ -287,7 +284,6 @@ is returned. and .Fn krb5_principal_get_comp_string are replacements for -.Fn krb5_princ_realm , .Fn krb5_princ_component and related macros, described as internal in the MIT API specification. @@ -309,14 +305,6 @@ get and sets the name type for a principal. Name type handling is tricky and not often needed, don't use this unless you know what you do. .Pp -.Fn krb5_princ_realm -returns the realm component of the principal. -The caller must not free realm unless -.Fn krb5_princ_set_realm -is called to set a new realm after freeing the realm. -.Fn krb5_princ_set_realm -sets the realm component of a principal. The old realm is not freed. -.Pp .Fn krb5_sname_to_principal and .Fn krb5_sock_to_principal diff --git a/crypto/heimdal/lib/krb5/krb5_rcache.3 b/crypto/heimdal/lib/krb5/krb5_rcache.3 index 0b7e83aa071..5b121b80c6d 100644 --- a/crypto/heimdal/lib/krb5/krb5_rcache.3 +++ b/crypto/heimdal/lib/krb5/krb5_rcache.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_rcache.3 17462 2006-05-05 13:18:39Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_RCACHE 3 diff --git a/crypto/heimdal/lib/krb5/krb5_rd_error.3 b/crypto/heimdal/lib/krb5/krb5_rd_error.3 index 00203cdae24..19c092e650b 100644 --- a/crypto/heimdal/lib/krb5/krb5_rd_error.3 +++ b/crypto/heimdal/lib/krb5/krb5_rd_error.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_rd_error.3 21059 2007-06-12 17:52:46Z lha $ +.\" $Id$ .\" .Dd July 26, 2004 .Dt KRB5_RD_ERROR 3 diff --git a/crypto/heimdal/lib/krb5/krb5_rd_safe.3 b/crypto/heimdal/lib/krb5/krb5_rd_safe.3 index d024ae48e20..bb6294e66dd 100644 --- a/crypto/heimdal/lib/krb5/krb5_rd_safe.3 +++ b/crypto/heimdal/lib/krb5/krb5_rd_safe.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_rd_safe.3 17385 2006-05-01 08:48:55Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_RD_SAFE 3 diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 index 27467d816b3..b1ab61f05f3 100644 --- a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 +++ b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_set_default_realm.3 17462 2006-05-05 13:18:39Z lha $ +.\" $Id$ .\" .Dd April 24, 2005 .Dt KRB5_SET_DEFAULT_REALM 3 diff --git a/crypto/heimdal/lib/krb5/krb5_set_password.3 b/crypto/heimdal/lib/krb5/krb5_set_password.3 index 45ed41d477f..14cd29979af 100644 --- a/crypto/heimdal/lib/krb5/krb5_set_password.3 +++ b/crypto/heimdal/lib/krb5/krb5_set_password.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_set_password.3 14052 2004-07-15 14:39:06Z lha $ +.\" $Id$ .\" .Dd July 15, 2004 .Dt KRB5_SET_PASSWORD 3 diff --git a/crypto/heimdal/lib/krb5/krb5_storage.3 b/crypto/heimdal/lib/krb5/krb5_storage.3 deleted file mode 100644 index cc03c5b5e24..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_storage.3 +++ /dev/null @@ -1,427 +0,0 @@ -.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_storage.3 17884 2006-08-18 08:41:09Z lha $ -.\" -.Dd Aug 18, 2006 -.Dt KRB5_STORAGE 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_storage , -.Nm krb5_storage_emem , -.Nm krb5_storage_from_data , -.Nm krb5_storage_from_fd , -.Nm krb5_storage_from_mem , -.Nm krb5_storage_set_flags , -.Nm krb5_storage_clear_flags , -.Nm krb5_storage_is_flags , -.Nm krb5_storage_set_byteorder , -.Nm krb5_storage_get_byteorder , -.Nm krb5_storage_set_eof_code , -.Nm krb5_storage_seek , -.Nm krb5_storage_read , -.Nm krb5_storage_write , -.Nm krb5_storage_free , -.Nm krb5_storage_to_data , -.Nm krb5_store_int32 , -.Nm krb5_ret_int32 , -.Nm krb5_store_uint32 , -.Nm krb5_ret_uint32 , -.Nm krb5_store_int16 , -.Nm krb5_ret_int16 , -.Nm krb5_store_uint16 , -.Nm krb5_ret_uint16 , -.Nm krb5_store_int8 , -.Nm krb5_ret_int8 , -.Nm krb5_store_uint8 , -.Nm krb5_ret_uint8 , -.Nm krb5_store_data , -.Nm krb5_ret_data , -.Nm krb5_store_string , -.Nm krb5_ret_string , -.Nm krb5_store_stringnl , -.Nm krb5_ret_stringnl , -.Nm krb5_store_stringz , -.Nm krb5_ret_stringz , -.Nm krb5_store_principal , -.Nm krb5_ret_principal , -.Nm krb5_store_keyblock , -.Nm krb5_ret_keyblock , -.Nm krb5_store_times , -.Nm krb5_ret_times , -.Nm krb5_store_address , -.Nm krb5_ret_address , -.Nm krb5_store_addrs , -.Nm krb5_ret_addrs , -.Nm krb5_store_authdata , -.Nm krb5_ret_authdata , -.Nm krb5_store_creds , -.Nm krb5_ret_creds -.Nd operates on the Kerberos datatype krb5_storage -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Li "struct krb5_storage;" -.Pp -.Ft "krb5_storage *" -.Fn krb5_storage_from_fd "int fd" -.Ft "krb5_storage *" -.Fn krb5_storage_emem "void" -.Ft "krb5_storage *" -.Fn krb5_storage_from_mem "void *buf" "size_t len" -.Ft "krb5_storage *" -.Fn krb5_storage_from_data "krb5_data *data" -.Ft void -.Fn krb5_storage_set_flags "krb5_storage *sp" "krb5_flags flags" -.Ft void -.Fn krb5_storage_clear_flags "krb5_storage *sp" "krb5_flags flags" -.Ft krb5_boolean -.Fn krb5_storage_is_flags "krb5_storage *sp" "krb5_flags flags" -.Ft void -.Fn krb5_storage_set_byteorder "krb5_storage *sp" "krb5_flags byteorder" -.Ft krb5_flags -.Fn krb5_storage_get_byteorder "krb5_storage *sp" "krb5_flags byteorder" -.Ft void -.Fn krb5_storage_set_eof_code "krb5_storage *sp" "int code" -.Ft off_t -.Fn krb5_storage_seek "krb5_storage *sp" "off_t offset" "int whence" -.Ft krb5_ssize_t -.Fn krb5_storage_read "krb5_storage *sp" "void *buf" "size_t len" -.Ft krb5_ssize_t -.Fn krb5_storage_write "krb5_storage *sp" "const void *buf" "size_t len" -.Ft krb5_error_code -.Fn krb5_storage_free "krb5_storage *sp" -.Ft krb5_error_code -.Fn krb5_storage_to_data "krb5_storage *sp" "krb5_data *data" -.Ft krb5_error_code -.Fn krb5_store_int32 "krb5_storage *sp" "int32_t value" -.Ft krb5_error_code -.Fn krb5_ret_int32 "krb5_storage *sp" "int32_t *value" -.Ft krb5_error_code -.Fn krb5_ret_uint32 "krb5_storage *sp" "uint32_t *value" -.Ft krb5_error_code -.Fn krb5_store_uint32 "krb5_storage *sp" "uint32_t value" -.Ft krb5_error_code -.Fn krb5_store_int16 "krb5_storage *sp" "int16_t value" -.Ft krb5_error_code -.Fn krb5_ret_int16 "krb5_storage *sp" "int16_t *value" -.Ft krb5_error_code -.Fn krb5_store_uint16 "krb5_storage *sp" "uint16_t value" -.Ft krb5_error_code -.Fn krb5_ret_uint16 "krb5_storage *sp" "u_int16_t *value" -.Ft krb5_error_code -.Fn krb5_store_int8 "krb5_storage *sp" "int8_t value" -.Ft krb5_error_code -.Fn krb5_ret_int8 "krb5_storage *sp" "int8_t *value" -.Ft krb5_error_code -.Fn krb5_store_uint8 "krb5_storage *sp" "u_int8_t value" -.Ft krb5_error_code -.Fn krb5_ret_uint8 "krb5_storage *sp" "u_int8_t *value" -.Ft krb5_error_code -.Fn krb5_store_data "krb5_storage *sp" "krb5_data data" -.Ft krb5_error_code -.Fn krb5_ret_data "krb5_storage *sp" "krb5_data *data" -.Ft krb5_error_code -.Fn krb5_store_string "krb5_storage *sp" "const char *s" -.Ft krb5_error_code -.Fn krb5_ret_string "krb5_storage *sp" "char **string" -.Ft krb5_error_code -.Fn krb5_store_stringnl "krb5_storage *sp" "const char *s" -.Ft krb5_error_code -.Fn krb5_ret_stringnl "krb5_storage *sp" "char **string" -.Ft krb5_error_code -.Fn krb5_store_stringz "krb5_storage *sp" "const char *s" -.Ft krb5_error_code -.Fn krb5_ret_stringz "krb5_storage *sp" "char **string" -.Ft krb5_error_code -.Fn krb5_store_principal "krb5_storage *sp" "krb5_const_principal p" -.Ft krb5_error_code -.Fn krb5_ret_principal "krb5_storage *sp" "krb5_principal *princ" -.Ft krb5_error_code -.Fn krb5_store_keyblock "krb5_storage *sp" "krb5_keyblock p" -.Ft krb5_error_code -.Fn krb5_ret_keyblock "krb5_storage *sp" "krb5_keyblock *p" -.Ft krb5_error_code -.Fn krb5_store_times "krb5_storage *sp" "krb5_times times" -.Ft krb5_error_code -.Fn krb5_ret_times "krb5_storage *sp" "krb5_times *times" -.Ft krb5_error_code -.Fn krb5_store_address "krb5_storage *sp" "krb5_address p" -.Ft krb5_error_code -.Fn krb5_ret_address "krb5_storage *sp" "krb5_address *adr" -.Ft krb5_error_code -.Fn krb5_store_addrs "krb5_storage *sp" "krb5_addresses p" -.Ft krb5_error_code -.Fn krb5_ret_addrs "krb5_storage *sp" "krb5_addresses *adr" -.Ft krb5_error_code -.Fn krb5_store_authdata "krb5_storage *sp" "krb5_authdata auth" -.Ft krb5_error_code -.Fn krb5_ret_authdata "krb5_storage *sp" "krb5_authdata *auth" -.Ft krb5_error_code -.Fn krb5_store_creds "krb5_storage *sp" "krb5_creds *creds" -.Ft krb5_error_code -.Fn krb5_ret_creds "krb5_storage *sp" "krb5_creds *creds" -.Sh DESCRIPTION -The -.Li krb5_storage -structure holds a storage element that is used for data manipulation. -The structure contains no public accessible elements. -.Pp -.Fn krb5_storage_emem -create a memory based krb5 storage unit that dynamicly resized to the -ammount of data stored in. -The storage never returns errors, on memory allocation errors -.Xr exit 3 -will be called. -.Pp -.Fn krb5_storage_from_data -create a krb5 storage unit that will read is data from a -.Li krb5_data . -There is no copy made of the -.Fa data , -so the caller must not free -.Fa data -until the storage is freed. -.Pp -.Fn krb5_storage_from_fd -create a krb5 storage unit that will read is data from a -file descriptor. -The descriptor must be seekable if -.Fn krb5_storage_seek -is used. -Caller must not free the file descriptor before the storage is freed. -.Pp -.Fn krb5_storage_from_mem -create a krb5 storage unit that will read is data from a -memory region. -There is no copy made of the -.Fa data , -so the caller must not free -.Fa data -until the storage is freed. -.Pp -.Fn krb5_storage_set_flags -and -.Fn krb5_storage_clear_flags -modifies the behavior of the storage functions. -.Fn krb5_storage_is_flags -tests if the -.Fa flags -are set on the -.Li krb5_storage . -Valid flags to set, is and clear is are: -.Pp -.Bl -tag -width "Fan vet..." -compact -offset indent -.It KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS -Stores the number of principal componets one too many when storing -principal namees, used for compatibility with version 1 of file -keytabs and version 1 of file credential caches. -.It KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE -Doesn't store the name type in when storing a principal name, used for -compatibility with version 1 of file keytabs and version 1 of file -credential caches. -.It KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE -Stores the keyblock type twice storing a keyblock, used for -compatibility version 3 of file credential caches. -.It KRB5_STORAGE_BYTEORDER_MASK -bitmask that can be used to and out what type of byte order order is used. -.It KRB5_STORAGE_BYTEORDER_BE -Store integers in in big endian byte order, this is the default mode. -.It KRB5_STORAGE_BYTEORDER_LE -Store integers in in little endian byte order. -.It KRB5_STORAGE_BYTEORDER_HOST -Stores the integers in host byte order, used for compatibility with -version 1 of file keytabs and version 1 and 2 of file credential -caches. -.It KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER -Store the credential flags in a krb5_creds in the reverse bit order. -.El -.Pp -.Fn krb5_storage_set_byteorder -and -.Fn krb5_storage_get_byteorder -modifies the byte order used in the storage for integers. -The flags used is same as above. -The valid flags are -.Dv KRB5_STORAGE_BYTEORDER_BE , -.Dv KRB5_STORAGE_BYTEORDER_LE -and -.Dv KRB5_STORAGE_BYTEORDER_HOST . -.Pp -.Fn krb5_storage_set_eof_code -sets the error code that will be returned on end of file condition to -.Fa code . -.Pp -.Fn krb5_storage_seek -seeks -.Fa offset -bytes in the storage -.Fa sp . -The -.Fa whence -argument is one of -.Bl -tag -width SEEK_SET -compact -offset indent -.It SEEK_SET -offset is from begining of storage. -.It SEEK_CUR -offset is relative from current offset. -.It SEEK_END -offset is from end of storage. -.El -.Pp -.Fn krb5_storage_read -reads -.Fa len -(or less bytes in case of end of file) into -.Fa buf -from the current offset in the storage -.Fa sp . -.Pp -.Fn krb5_storage_write -writes -.Fa len -or (less bytes in case of end of file) from -.Fa buf -from the current offset in the storage -.Fa sp . -.Pp -.Fn krb5_storage_free -frees the storage -.Fa sp . -.Pp -.Fn krb5_storage_to_data -converts the data in storage -.Fa sp -into a -.Li krb5_data -structure. -.Fa data -must be freed with -.Fn krb5_data_free -by the caller when done with the -.Fa data . -.Pp -All -.Li krb5_store -and -.Li krb5_ret -functions move the current offset forward when the functions returns. -.Pp -.Fn krb5_store_int32 , -.Fn krb5_ret_int32 , -.Fn krb5_store_uint32 , -.Fn krb5_ret_uint32 , -.Fn krb5_store_int16 , -.Fn krb5_ret_int16 , -.Fn krb5_store_uint16 , -.Fn krb5_ret_uint16 , -.Fn krb5_store_int8 , -.Fn krb5_ret_int8 -.Fn krb5_store_uint8 , -and -.Fn krb5_ret_uint8 -stores and reads an integer from -.Fa sp -in the byte order specified by the flags set on the -.Fa sp . -.Pp -.Fn krb5_store_data -and -.Fn krb5_ret_data -store and reads a krb5_data. -The length of the data is stored with -.Fn krb5_store_int32 . -.Pp -.Fn krb5_store_string -and -.Fn krb5_ret_string -store and reads a string by storing the length of the string with -.Fn krb5_store_int32 -followed by the string itself. -.Pp -.Fn krb5_store_stringnl -and -.Fn krb5_ret_stringnl -store and reads a string by storing string followed by a -.Dv '\n' . -.Pp -.Fn krb5_store_stringz -and -.Fn krb5_ret_stringz -store and reads a string by storing string followed by a -.Dv NUL . -.Pp -.Fn krb5_store_principal -and -.Fn krb5_ret_principal -store and reads a principal. -.Pp -.Fn krb5_store_keyblock -and -.Fn krb5_ret_keyblock -store and reads a -.Li krb5_keyblock . -.Pp -.Fn krb5_store_times -.Fn krb5_ret_times -store and reads -.Li krb5_times -structure . -.Pp -.Fn krb5_store_address -and -.Fn krb5_ret_address -store and reads a -.Li krb5_address . -.Pp -.Fn krb5_store_addrs -and -.Fn krb5_ret_addrs -store and reads a -.Li krb5_addresses . -.Pp -.Fn krb5_store_authdata -and -.Fn krb5_ret_authdata -store and reads a -.Li krb5_authdata . -.Pp -.Fn krb5_store_creds -and -.Fn krb5_ret_creds -store and reads a -.Li krb5_creds . -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5_data 3 , -.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_string_to_key.3 b/crypto/heimdal/lib/krb5/krb5_string_to_key.3 index cf96f4e013b..c77d4594cdb 100644 --- a/crypto/heimdal/lib/krb5/krb5_string_to_key.3 +++ b/crypto/heimdal/lib/krb5/krb5_string_to_key.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_string_to_key.3 17820 2006-07-10 14:28:01Z lha $ +.\" $Id$ .\" .Dd July 10, 2006 .Dt KRB5_STRING_TO_KEY 3 @@ -114,7 +114,7 @@ The string to key functions convert a string to a kerberos key. .Pp .Fn krb5_string_to_key_data_salt_opaque is the function that does all the work, the rest of the functions are -just wrapers around +just wrappers around .Fn krb5_string_to_key_data_salt_opaque that calls it with default values. .Pp diff --git a/crypto/heimdal/lib/krb5/krb5_ticket.3 b/crypto/heimdal/lib/krb5/krb5_ticket.3 deleted file mode 100644 index 4f6d45ba576..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_ticket.3 +++ /dev/null @@ -1,137 +0,0 @@ -.\" Copyright (c) 2003 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_ticket.3 19543 2006-12-28 20:48:50Z lha $ -.\" -.Dd May 1, 2006 -.Dt KRB5_TICKET 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_ticket , -.Nm krb5_free_ticket , -.Nm krb5_copy_ticket , -.Nm krb5_ticket_get_authorization_data_type , -.Nm krb5_ticket_get_client , -.Nm krb5_ticket_get_server , -.Nm krb5_ticket_get_endtime -.Nd Kerberos 5 ticket access and handling functions -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Pp -.Li krb5_ticket ; -.Pp -.Ft krb5_error_code -.Fo krb5_free_ticket -.Fa "krb5_context context" -.Fa "krb5_ticket *ticket" -.Fc -.Ft krb5_error_code -.Fo krb5_copy_ticket -.Fa "krb5_context context" -.Fa "const krb5_ticket *from" -.Fa "krb5_ticket **to" -.Fc -.Ft krb5_error_code -.Fo krb5_ticket_get_authorization_data_type -.Fa "krb5_context context" -.Fa "krb5_ticket *ticket" -.Fa "int type" -.Fa "krb5_data *data" -.Fc -.Ft krb5_error_code -.Fo krb5_ticket_get_client -.Fa "krb5_context context" -.Fa "const krb5_ticket *ticket" -.Fa "krb5_principal *client" -.Fc -.Ft krb5_error_code -.Fo krb5_ticket_get_server -.Fa "krb5_context context" -.Fa "const krb5_ticket *ticket" -.Fa "krb5_principal *server" -.Fc -.Ft time_t -.Fo krb5_ticket_get_endtime -.Fa "krb5_context context" -.Fa "const krb5_ticket *ticket" -.Fc -.Sh DESCRIPTION -.Li krb5_ticket -holds a kerberos ticket. -The internals of the structure should never be accessed directly, -functions exist for extracting information. -.Pp -.Fn krb5_free_ticket -frees the -.Fa ticket -and its content. -Used to free the result of -.Fn krb5_copy_ticket -and -.Fn krb5_recvauth . -.Pp -.Fn krb5_copy_ticket -copies the content of the ticket -.Fa from -to the ticket -.Fa to . -The result -.Fa to -should be freed with -.Fn krb5_free_ticket . -.Pp -.Fn krb5_ticket_get_authorization_data_type -fetches the authorization data of the type -.Fa type -from the -.Fa ticket . -If there isn't any authorization data of type -.Fa type , -.Dv ENOENT -is returned. -.Fa data -needs to be freed with -.Fn krb5_data_free -on success. -.Pp -.Fn krb5_ticket_get_client -and -.Fn krb5_ticket_get_server -returns a copy of the client/server principal from the ticket. -The principal returned should be free using -.Xr krb5_free_principal 3 . -.Pp -.Fn krb5_ticket_get_endtime -return the end time of the ticket. -.Sh SEE ALSO -.Xr krb5 3 diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3 index 4163cc1b716..b065ade1bdd 100644 --- a/crypto/heimdal/lib/krb5/krb5_timeofday.3 +++ b/crypto/heimdal/lib/krb5/krb5_timeofday.3 @@ -1,6 +1,6 @@ -.\" $Id: krb5_timeofday.3 18093 2006-09-16 09:27:28Z lha $ +.\" $Id$ .\" -.\" Copyright (c) 2001, 2003, 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001, 2003, 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -31,7 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_timeofday.3 18093 2006-09-16 09:27:28Z lha $ +.\" $Id$ .\" .Dd Sepember 16, 2006 .Dt KRB5_TIMEOFDAY 3 diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 deleted file mode 100644 index 274d638d669..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ /dev/null @@ -1,62 +0,0 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_unparse_name.3 12329 2003-05-26 14:09:04Z lha $ -.\" -.Dd August 8, 1997 -.Dt KRB5_UNPARSE_NAME 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_unparse_name -.\" .Nm krb5_unparse_name_ext -.Nd principal to string conversion -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_error_code -.Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name" -.\" .Ft krb5_error_code -.\" .Fn krb5_unparse_name_ext "krb5_context context" "krb5_const_principal principal" "char **name" "size_t *size" -.Sh DESCRIPTION -This function takes a -.Fa principal , -and will convert in to a printable representation with the same syntax -as described in -.Xr krb5_parse_name 3 . -.Fa *name -will point to allocated data and should be freed by the caller. -.Sh SEE ALSO -.Xr krb5_425_conv_principal 3 , -.Xr krb5_build_principal 3 , -.Xr krb5_free_principal 3 , -.Xr krb5_parse_name 3 , -.Xr krb5_sname_to_principal 3 diff --git a/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3 b/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3 index 9a34648981b..0fe958289a1 100644 --- a/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3 +++ b/crypto/heimdal/lib/krb5/krb5_verify_init_creds.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_verify_init_creds.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_VERIFY_INIT_CREDS 3 diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3 index 8086bc04baf..a32986d1a4c 100644 --- a/crypto/heimdal/lib/krb5/krb5_verify_user.3 +++ b/crypto/heimdal/lib/krb5/krb5_verify_user.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan +.\" Copyright (c) 2001 - 2006 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: krb5_verify_user.3 22071 2007-11-14 20:04:50Z lha $ +.\" $Id$ .\" .Dd May 1, 2006 .Dt KRB5_VERIFY_USER 3 diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3 deleted file mode 100644 index 5610cd8dc42..00000000000 --- a/crypto/heimdal/lib/krb5/krb5_warn.3 +++ /dev/null @@ -1,233 +0,0 @@ -.\" Copyright (c) 1997, 2001 - 2006 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_warn.3 19085 2006-11-21 07:55:20Z lha $ -.\" -.Dd May 1, 2006 -.Dt KRB5_WARN 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_abort , -.Nm krb5_abortx , -.Nm krb5_clear_error_string , -.Nm krb5_err , -.Nm krb5_errx , -.Nm krb5_free_error_string , -.Nm krb5_get_err_text , -.Nm krb5_get_error_message , -.Nm krb5_get_error_string , -.Nm krb5_have_error_string , -.Nm krb5_set_error_string , -.Nm krb5_set_warn_dest , -.Nm krb5_get_warn_dest , -.Nm krb5_vabort , -.Nm krb5_vabortx , -.Nm krb5_verr , -.Nm krb5_verrx , -.Nm krb5_vset_error_string , -.Nm krb5_vwarn , -.Nm krb5_vwarnx , -.Nm krb5_warn , -.Nm krb5_warnx -.Nd Heimdal warning and error functions -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_error_code -.Fn krb5_abort "krb5_context context" "krb5_error_code code" "const char *fmt" "..." -.Ft krb5_error_code -.Fn krb5_abortx "krb5_context context" "krb5_error_code code" "const char *fmt" "..." -.Ft void -.Fn krb5_clear_error_string "krb5_context context" -.Ft krb5_error_code -.Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..." -.Ft krb5_error_code -.Fn krb5_errx "krb5_context context" "int eval" "const char *format" "..." -.Ft void -.Fn krb5_free_error_string "krb5_context context" "char *str" -.Ft krb5_error_code -.Fn krb5_verr "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "va_list ap" -.Ft krb5_error_code -.Fn krb5_verrx "krb5_context context" "int eval" "const char *format" "va_list ap" -.Ft krb5_error_code -.Fn krb5_vset_error_string "krb5_context context" "const char *fmt" "va_list args" -.Ft krb5_error_code -.Fn krb5_vwarn "krb5_context context" "krb5_error_code code" "const char *format" "va_list ap" -.Ft krb5_error_code -.Fn krb5_vwarnx "krb5_context context" "const char *format" "va_list ap" -.Ft krb5_error_code -.Fn krb5_warn "krb5_context context" "krb5_error_code code" "const char *format" "..." -.Ft krb5_error_code -.Fn krb5_warnx "krb5_context context" "const char *format" "..." -.Ft krb5_error_code -.Fn krb5_set_error_string "krb5_context context" "const char *fmt" "..." -.Ft krb5_error_code -.Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility" -.Ft "char *" -.Ft krb5_log_facility * -.Fo krb5_get_warn_dest -.Fa "krb5_context context" -.Fc -.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code" -.Ft char* -.Fn krb5_get_error_string "krb5_context context" -.Ft char* -.Fn krb5_get_error_message "krb5_context context, krb5_error_code code" -.Ft krb5_boolean -.Fn krb5_have_error_string "krb5_context context" -.Ft krb5_error_code -.Fn krb5_vabortx "krb5_context context" "const char *fmt" "va_list ap" -.Ft krb5_error_code -.Fn krb5_vabort "krb5_context context" "const char *fmt" "va_list ap" -.Sh DESCRIPTION -These functions print a warning message to some destination. -.Fa format -is a printf style format specifying the message to print. The forms not ending in an -.Dq x -print the error string associated with -.Fa code -along with the message. -The -.Dq err -functions exit with exit status -.Fa eval -after printing the message. -.Pp -Applications that want to get the error message to report it to a user -or store it in a log want to use -.Fn krb5_get_error_message . -.Pp -The -.Fn krb5_set_warn_func -function sets the destination for warning messages to the specified -.Fa facility . -Messages logged with the -.Dq warn -functions have a log level of 1, while the -.Dq err -functions log with level 0. -.Pp -.Fn krb5_get_err_text -fetches the human readable strings describing the error-code. -.Pp -.Fn krb5_abort -and -.Nm krb5_abortx -behaves like -.Nm krb5_err -and -.Nm krb5_errx -but instead of exiting using the -.Xr exit 3 -call, -.Xr abort 3 -is used. -.Pp -.Fn krb5_free_error_string -frees the error string -.Fa str -returned by -.Fn krb5_get_error_string . -.Pp -.Fn krb5_clear_error_string -clears the error string from the -.Fa context . -.Pp -.Fn krb5_set_error_string -and -.Fn krb5_vset_error_string -sets an verbose error string in -.Fa context . -.Pp -.Fn krb5_get_error_string -fetches the error string from -.Fa context . -The error message in the context is consumed and must be freed using -.Fn krb5_free_error_string -by the caller. -See also -.Fn krb5_get_error_message , -what is usually less verbose to use. -.Pp -.Fn krb5_have_error_string -returns -.Dv TRUE -if there is a verbose error message in the -.Fa context . -.Pp -.Fn krb5_get_error_message -fetches the error string from the context, or if there -is no customized error string in -.Fa context , -uses -.Fa code -to return a error string. -In either case, the error message in the context is consumed and must -be freed using -.Fn krb5_free_error_string -by the caller. -.Pp -.Fn krb5_set_warn_dest -and -.Fn krb5_get_warn_dest -sets and get the log context that is used by -.Fn krb5_warn -and friends. By using this the application can control where the -output should go. For example, this is imperative to inetd servers -where logging status and error message will end up on the output -stream to the client. -.Sh EXAMPLES -Below is a simple example how to report error messages from the -Kerberos library in an application. -.Bd -literal -#include - -krb5_error_code -function (krb5_context context) -{ - krb5_error_code ret; - - ret = krb5_function (context, arg1, arg2); - if (ret) { - char *s = krb5_get_error_message(context, ret); - if (s == NULL) - errx(1, "kerberos error: %d (and out of memory)", ret); - application_logger("krb5_function failed: %s", s); - krb5_free_error_string(context, s); - return ret; - } - return 0; -} -.Ed -.Sh SEE ALSO -.Xr krb5 3 , -.Xr krb5_openlog 3 diff --git a/crypto/heimdal/lib/krb5/krbhst-test.c b/crypto/heimdal/lib/krb5/krbhst-test.c index 38b0b6a36c3..873734fce77 100644 --- a/crypto/heimdal/lib/krb5/krbhst-test.c +++ b/crypto/heimdal/lib/krb5/krbhst-test.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -36,8 +36,6 @@ #include #include -RCSID("$Id: krbhst-test.c 15466 2005-06-17 04:21:47Z lha $"); - static int version_flag = 0; static int help_flag = 0; @@ -67,12 +65,12 @@ main(int argc, char **argv) KRB5_KRBHST_KRB524}; const char *type_str[] = {"kdc", "admin", "changepw", "krb524"}; int optidx = 0; - + setprogname (argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -95,7 +93,7 @@ main(int argc, char **argv) krb5_krbhst_init(context, argv[i], types[j], &handle); while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0) - printf("%s\n", host); + printf("\thost: %s\n", host); krb5_krbhst_reset(context, handle); printf ("\n"); } diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c index 094fd4f9c64..3242cdb9995 100644 --- a/crypto/heimdal/lib/krb5/krbhst.c +++ b/crypto/heimdal/lib/krb5/krbhst.c @@ -1,50 +1,48 @@ /* - * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include #include "locate_plugin.h" -RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $"); - static int string_to_proto(const char *string) { if(strcasecmp(string, "udp") == 0) return KRB5_KRBHST_UDP; - else if(strcasecmp(string, "tcp") == 0) + else if(strcasecmp(string, "tcp") == 0) return KRB5_KRBHST_TCP; - else if(strcasecmp(string, "http") == 0) + else if(strcasecmp(string, "http") == 0) return KRB5_KRBHST_HTTP; return -1; } @@ -56,13 +54,13 @@ string_to_proto(const char *string) */ static krb5_error_code -srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, +srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, const char *realm, const char *dns_type, const char *proto, const char *service, int port) { char domain[1024]; - struct dns_reply *r; - struct resource_record *rr; + struct rk_dns_reply *r; + struct rk_resource_record *rr; int num_srv; int proto_num; int def_port; @@ -72,7 +70,9 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, proto_num = string_to_proto(proto); if(proto_num < 0) { - krb5_set_error_string(context, "unknown protocol `%s'", proto); + krb5_set_error_message(context, EINVAL, + N_("unknown protocol `%s' to lookup", ""), + proto); return EINVAL; } @@ -85,31 +85,35 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm); - r = dns_lookup(domain, dns_type); - if(r == NULL) + r = rk_dns_lookup(domain, dns_type); + if(r == NULL) { + _krb5_debug(context, 0, + "DNS lookup failed domain: %s", domain); return KRB5_KDC_UNREACH; + } - for(num_srv = 0, rr = r->head; rr; rr = rr->next) - if(rr->type == T_SRV) + for(num_srv = 0, rr = r->head; rr; rr = rr->next) + if(rr->type == rk_ns_t_srv) num_srv++; *res = malloc(num_srv * sizeof(**res)); if(*res == NULL) { - dns_free_data(r); - krb5_set_error_string(context, "malloc: out of memory"); + rk_dns_free_data(r); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - dns_srv_order(r); + rk_dns_srv_order(r); - for(num_srv = 0, rr = r->head; rr; rr = rr->next) - if(rr->type == T_SRV) { + for(num_srv = 0, rr = r->head; rr; rr = rr->next) + if(rr->type == rk_ns_t_srv) { krb5_krbhst_info *hi; size_t len = strlen(rr->u.srv->target); hi = calloc(1, sizeof(*hi) + len); if(hi == NULL) { - dns_free_data(r); + rk_dns_free_data(r); while(--num_srv >= 0) free((*res)[num_srv]); free(*res); @@ -119,7 +123,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, (*res)[num_srv++] = hi; hi->proto = proto_num; - + hi->def_port = def_port; if (port != 0) hi->port = port; @@ -130,8 +134,8 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, } *count = num_srv; - - dns_free_data(r); + + rk_dns_free_data(r); return 0; } @@ -149,7 +153,7 @@ struct krb5_krbhst_data { #define KD_CONFIG_EXISTS 32 #define KD_LARGE_MSG 64 #define KD_PLUGIN 128 - krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, + krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, krb5_krbhst_info**); unsigned int fallback_count; @@ -175,6 +179,15 @@ krbhst_get_default_proto(struct krb5_krbhst_data *kd) return KRB5_KRBHST_UDP; } +/* + * + */ + +const char * +_krb5_krbhst_get_realm(krb5_krbhst_handle handle) +{ + return handle->realm; +} /* * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port' @@ -185,13 +198,13 @@ static struct krb5_krbhst_info* parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd, const char *spec, int def_port, int port) { - const char *p = spec; + const char *p = spec, *q; struct krb5_krbhst_info *hi; - + hi = calloc(1, sizeof(*hi) + strlen(spec)); if(hi == NULL) return NULL; - + hi->proto = krbhst_get_default_proto(kd); if(strncmp(p, "http://", 7) == 0){ @@ -208,7 +221,17 @@ parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd, p += 4; } - if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) { + if (p[0] == '[' && (q = strchr(p, ']')) != NULL) { + /* if address looks like [foo:bar] or [foo:bar]: its a ipv6 + adress, strip of [] */ + memcpy(hi->hostname, &p[1], q - p - 1); + hi->hostname[q - p - 1] = '\0'; + p = q + 1; + /* get trailing : */ + if (p[0] == ':') + p++; + } else if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) { + /* copy everything before : */ free(hi); return NULL; } @@ -217,7 +240,7 @@ parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd, strlwr(hi->hostname); hi->port = hi->def_port = def_port; - if(p != NULL) { + if(p != NULL && p[0]) { char *end; hi->port = strtol(p, &end, 0); if(end == p) { @@ -245,9 +268,10 @@ _krb5_krbhost_info_move(krb5_context context, { size_t hostnamelen = strlen(from->hostname); /* trailing NUL is included in structure */ - *to = calloc(1, sizeof(**to) + hostnamelen); + *to = calloc(1, sizeof(**to) + hostnamelen); if(*to == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -268,8 +292,8 @@ append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host) struct krb5_krbhst_info *h; for(h = kd->hosts; h; h = h->next) - if(h->proto == host->proto && - h->port == host->port && + if(h->proto == host->proto && + h->port == host->port && strcmp(h->hostname, host->hostname) == 0) { _krb5_free_krbhst_info(host); return; @@ -287,7 +311,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd, hi = parse_hostspec(context, kd, host, def_port, port); if(hi == NULL) return ENOMEM; - + append_host_hostinfo(kd, hi); return 0; } @@ -296,8 +320,8 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd, * return a readable representation of `host' in `hostname, hostlen' */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, char *hostname, size_t hostlen) { const char *proto = ""; @@ -332,28 +356,66 @@ make_hints(struct addrinfo *hints, int proto) } } -/* - * return an `struct addrinfo *' in `ai' corresponding to the information - * in `host'. free:ing is handled by krb5_krbhst_free. +/** + * Return an `struct addrinfo *' for a KDC host. + * + * Returns an the struct addrinfo in in that corresponds to the + * information in `host'. free:ing is handled by krb5_krbhst_free, so + * the returned ai must not be released. + * + * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, struct addrinfo **ai) { - struct addrinfo hints; - char portstr[NI_MAXSERV]; - int ret; + int ret = 0; if (host->ai == NULL) { - make_hints(&hints, host->proto); + struct addrinfo hints; + char portstr[NI_MAXSERV]; + char *hostname = host->hostname; + snprintf (portstr, sizeof(portstr), "%d", host->port); + make_hints(&hints, host->proto); + + /** + * First try this as an IP address, this allows us to add a + * dot at the end to stop using the search domains. + */ + + hints.ai_flags |= AI_NUMERICHOST | AI_NUMERICSERV; + ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai); - if (ret) - return krb5_eai_to_heim_errno(ret, errno); + if (ret == 0) + goto out; + + /** + * If the hostname contains a dot, assumes it's a FQDN and + * don't use search domains since that might be painfully slow + * when machine is disconnected from that network. + */ + + hints.ai_flags &= ~(AI_NUMERICHOST); + + if (strchr(hostname, '.') && hostname[strlen(hostname) - 1] != '.') { + ret = asprintf(&hostname, "%s.", host->hostname); + if (ret < 0 || hostname == NULL) + return ENOMEM; + } + + ret = getaddrinfo(hostname, portstr, &hints, &host->ai); + if (hostname != host->hostname) + free(hostname); + if (ret) { + ret = krb5_eai_to_heim_errno(ret, errno); + goto out; + } } + out: *ai = host->ai; - return 0; + return ret; } static krb5_boolean @@ -369,14 +431,18 @@ get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host) } static void -srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, +srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, const char *proto, const char *service) { + krb5_error_code ret; krb5_krbhst_info **res; int count, i; - if (srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service, - kd->port)) + ret = srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service, + kd->port); + _krb5_debug(context, 2, "searching DNS for realm %s %s.%s -> %d", + kd->realm, proto, service, ret); + if (ret) return; for(i = 0; i < count; i++) append_host_hostinfo(kd, res[i]); @@ -389,15 +455,17 @@ srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, */ static void -config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, +config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, const char *conf_string) { int i; - char **hostlist; - hostlist = krb5_config_get_strings(context, NULL, + hostlist = krb5_config_get_strings(context, NULL, "realms", kd->realm, conf_string, NULL); + _krb5_debug(context, 2, "configuration file for realm %s%s found", + kd->realm, hostlist ? "" : " not"); + if(hostlist == NULL) return; kd->flags |= KD_CONFIG_EXISTS; @@ -410,21 +478,24 @@ config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, /* * as a fallback, look for `serv_string.kd->realm' (typically * kerberos.REALM, kerberos-1.REALM, ... - * `port' is the default port for the service, and `proto' the + * `port' is the default port for the service, and `proto' the * protocol */ static krb5_error_code -fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, +fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, const char *serv_string, int port, int proto) { - char *host; + char *host = NULL; int ret; struct addrinfo *ai; struct addrinfo hints; char portstr[NI_MAXSERV]; - /* + _krb5_debug(context, 2, "fallback lookup %d for realm %s (service %s)", + kd->fallback_count, kd->realm, serv_string); + + /* * Don't try forever in case the DNS server keep returning us * entries (like wildcard entries or the .nu TLD) */ @@ -434,14 +505,14 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, } if(kd->fallback_count == 0) - asprintf(&host, "%s.%s.", serv_string, kd->realm); + ret = asprintf(&host, "%s.%s.", serv_string, kd->realm); else - asprintf(&host, "%s-%d.%s.", - serv_string, kd->fallback_count, kd->realm); + ret = asprintf(&host, "%s-%d.%s.", + serv_string, kd->fallback_count, kd->realm); - if (host == NULL) + if (ret < 0 || host == NULL) return ENOMEM; - + make_hints(&hints, proto); snprintf(portstr, sizeof(portstr), "%d", port); ret = getaddrinfo(host, portstr, &hints, &ai); @@ -475,7 +546,7 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, * Fetch hosts from plugin */ -static krb5_error_code +static krb5_error_code add_locate(void *ctx, int type, struct sockaddr *addr) { struct krb5_krbhst_info *hi; @@ -503,7 +574,7 @@ add_locate(void *ctx, int type, struct sockaddr *addr) hi = calloc(1, sizeof(*hi) + hostlen); if(hi == NULL) return ENOMEM; - + hi->proto = krbhst_get_default_proto(kd); hi->port = hi->def_port = socket_get_port(addr); hi->ai = ai; @@ -522,12 +593,11 @@ plugin_get_hosts(krb5_context context, struct krb5_plugin *list = NULL, *e; krb5_error_code ret; - ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "resolve", &list); + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, + KRB5_PLUGIN_LOCATE, &list); if(ret != 0 || list == NULL) return; - kd->flags |= KD_CONFIG_EXISTS; - for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { krb5plugin_service_locate_ftable *service; void *ctx; @@ -535,14 +605,20 @@ plugin_get_hosts(krb5_context context, service = _krb5_plugin_get_symbol(e); if (service->minor_version != 0) continue; - + (*service->init)(context, &ctx); ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd); (*service->fini)(ctx); - if (ret) { - krb5_set_error_string(context, "Plugin failed to lookup"); + if (ret && ret != KRB5_PLUGIN_NO_HANDLE) { + krb5_set_error_message(context, ret, + N_("Locate plugin failed to lookup realm %s: %d", ""), + kd->realm, ret); break; + } else if (ret == 0) { + _krb5_debug(context, 2, "plugin found result for realm %s", kd->realm); + kd->flags |= KD_CONFIG_EXISTS; } + } _krb5_plugin_free(list); } @@ -572,8 +648,12 @@ kdc_get_next(krb5_context context, return 0; } - if (kd->flags & KD_CONFIG_EXISTS) - return KRB5_KDC_UNREACH; /* XXX */ + if (kd->flags & KD_CONFIG_EXISTS) { + _krb5_debug(context, 1, + "Configuration exists for realm %s, wont go to DNS", + kd->realm); + return KRB5_KDC_UNREACH; + } if(context->srv_lookup) { if((kd->flags & KD_SRV_UDP) == 0 && (kd->flags & KD_LARGE_MSG) == 0) { @@ -599,7 +679,7 @@ kdc_get_next(krb5_context context, while((kd->flags & KD_FALLBACK) == 0) { ret = fallback_get_hosts(context, kd, "kerberos", - kd->def_port, + kd->def_port, krbhst_get_default_proto(kd)); if(ret) return ret; @@ -607,6 +687,8 @@ kdc_get_next(krb5_context context, return 0; } + _krb5_debug(context, 0, "No KDC entries found for %s", kd->realm); + return KRB5_KDC_UNREACH; /* XXX */ } @@ -631,8 +713,12 @@ admin_get_next(krb5_context context, return 0; } - if (kd->flags & KD_CONFIG_EXISTS) - return KRB5_KDC_UNREACH; /* XXX */ + if (kd->flags & KD_CONFIG_EXISTS) { + _krb5_debug(context, 1, + "Configuration exists for realm %s, wont go to DNS", + kd->realm); + return KRB5_KDC_UNREACH; + } if(context->srv_lookup) { if((kd->flags & KD_SRV_TCP) == 0) { @@ -655,6 +741,8 @@ admin_get_next(krb5_context context, return 0; } + _krb5_debug(context, 0, "No admin entries found for realm %s", kd->realm); + return KRB5_KDC_UNREACH; /* XXX */ } @@ -679,8 +767,12 @@ kpasswd_get_next(krb5_context context, return 0; } - if (kd->flags & KD_CONFIG_EXISTS) - return KRB5_KDC_UNREACH; /* XXX */ + if (kd->flags & KD_CONFIG_EXISTS) { + _krb5_debug(context, 1, + "Configuration exists for realm %s, wont go to DNS", + kd->realm); + return KRB5_KDC_UNREACH; + } if(context->srv_lookup) { if((kd->flags & KD_SRV_UDP) == 0) { @@ -709,7 +801,9 @@ kpasswd_get_next(krb5_context context, return ret; } - return KRB5_KDC_UNREACH; /* XXX */ + _krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm); + + return KRB5_KDC_UNREACH; } static krb5_error_code @@ -731,8 +825,12 @@ krb524_get_next(krb5_context context, kd->flags |= KD_CONFIG; } - if (kd->flags & KD_CONFIG_EXISTS) - return KRB5_KDC_UNREACH; /* XXX */ + if (kd->flags & KD_CONFIG_EXISTS) { + _krb5_debug(context, 1, + "Configuration exists for realm %s, wont go to DNS", + kd->realm); + return KRB5_KDC_UNREACH; + } if(context->srv_lookup) { if((kd->flags & KD_SRV_UDP) == 0) { @@ -759,11 +857,14 @@ krb524_get_next(krb5_context context, return (*kd->get_next)(context, kd, host); } - return KRB5_KDC_UNREACH; /* XXX */ + _krb5_debug(context, 0, "No kpasswd entries found for realm %s", kd->realm); + + return KRB5_KDC_UNREACH; } static struct krb5_krbhst_data* common_init(krb5_context context, + const char *service, const char *realm, int flags) { @@ -777,6 +878,9 @@ common_init(krb5_context context, return NULL; } + _krb5_debug(context, 2, "Trying to find service %s for realm %s flags %x", + service, realm, flags); + /* For 'realms' without a . do not even think of going to DNS */ if (!strchr(realm, '.')) kd->flags |= KD_CONFIG_EXISTS; @@ -791,7 +895,7 @@ common_init(krb5_context context, * initialize `handle' to look for hosts of type `type' in realm `realm' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init(krb5_context context, const char *realm, unsigned int type, @@ -800,7 +904,7 @@ krb5_krbhst_init(krb5_context context, return krb5_krbhst_init_flags(context, realm, type, 0, handle); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_init_flags(krb5_context context, const char *realm, unsigned int type, @@ -808,34 +912,40 @@ krb5_krbhst_init_flags(krb5_context context, krb5_krbhst_handle *handle) { struct krb5_krbhst_data *kd; - krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, + krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, krb5_krbhst_info **); int def_port; + const char *service; switch(type) { case KRB5_KRBHST_KDC: next = kdc_get_next; def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88)); + service = "kdc"; break; case KRB5_KRBHST_ADMIN: next = admin_get_next; def_port = ntohs(krb5_getportbyname (context, "kerberos-adm", "tcp", 749)); + service = "admin"; break; case KRB5_KRBHST_CHANGEPW: next = kpasswd_get_next; def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); + service = "change_password"; break; case KRB5_KRBHST_KRB524: next = krb524_get_next; def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); + service = "524"; break; default: - krb5_set_error_string(context, "unknown krbhst type (%u)", type); + krb5_set_error_message(context, ENOTTY, + N_("unknown krbhst type (%u)", ""), type); return ENOTTY; } - if((kd = common_init(context, realm, flags)) == NULL) + if((kd = common_init(context, service, realm, flags)) == NULL) return ENOMEM; kd->get_next = next; kd->def_port = def_port; @@ -847,7 +957,7 @@ krb5_krbhst_init_flags(krb5_context context, * return the next host information from `handle' in `host' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next(krb5_context context, krb5_krbhst_handle handle, krb5_krbhst_info **host) @@ -863,7 +973,7 @@ krb5_krbhst_next(krb5_context context, * in `hostname' (or length `hostlen) */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_krbhst_next_as_string(krb5_context context, krb5_krbhst_handle handle, char *hostname, @@ -878,13 +988,13 @@ krb5_krbhst_next_as_string(krb5_context context, } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle) { handle->index = &handle->hosts; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) { krb5_krbhst_info *h, *next; @@ -904,7 +1014,7 @@ krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) /* backwards compatibility ahead */ static krb5_error_code -gethostlist(krb5_context context, const char *realm, +gethostlist(krb5_context context, const char *realm, unsigned int type, char ***hostlist) { krb5_error_code ret; @@ -920,7 +1030,8 @@ gethostlist(krb5_context context, const char *realm, while(krb5_krbhst_next(context, handle, &hostinfo) == 0) nhost++; if(nhost == 0) { - krb5_set_error_string(context, "No KDC found for realm %s", realm); + krb5_set_error_message(context, KRB5_KDC_UNREACH, + N_("No KDC found for realm %s", ""), realm); return KRB5_KDC_UNREACH; } *hostlist = calloc(nhost + 1, sizeof(**hostlist)); @@ -931,7 +1042,7 @@ gethostlist(krb5_context context, const char *realm, krb5_krbhst_reset(context, handle); nhost = 0; - while(krb5_krbhst_next_as_string(context, handle, + while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0) { if(((*hostlist)[nhost++] = strdup(host)) == NULL) { krb5_free_krbhst(context, *hostlist); @@ -939,7 +1050,7 @@ gethostlist(krb5_context context, const char *realm, return ENOMEM; } } - (*hostlist)[nhost++] = NULL; + (*hostlist)[nhost] = NULL; krb5_krbhst_free(context, handle); return 0; } @@ -948,7 +1059,7 @@ gethostlist(krb5_context context, const char *realm, * return an malloced list of kadmin-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_admin_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -960,7 +1071,7 @@ krb5_get_krb_admin_hst (krb5_context context, * return an malloced list of changepw-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb_changepw_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -972,7 +1083,7 @@ krb5_get_krb_changepw_hst (krb5_context context, * return an malloced list of 524-hosts for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krb524hst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -985,7 +1096,7 @@ krb5_get_krb524hst (krb5_context context, * return an malloced list of KDC's for `realm' in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_krbhst (krb5_context context, const krb5_realm *realm, char ***hostlist) @@ -997,7 +1108,7 @@ krb5_get_krbhst (krb5_context context, * free all the memory allocated in `hostlist' */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_krbhst (krb5_context context, char **hostlist) { diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index 8f0ff996960..2fe4e490aa4 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -1,62 +1,63 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include -RCSID("$Id: kuserok.c 16048 2005-09-09 10:33:33Z lha $"); +#ifndef _WIN32 /* see if principal is mentioned in the filename access file, return TRUE (in result) if so, FALSE otherwise */ static krb5_error_code -check_one_file(krb5_context context, - const char *filename, +check_one_file(krb5_context context, + const char *filename, struct passwd *pwd, - krb5_principal principal, + krb5_principal principal, krb5_boolean *result) { FILE *f; char buf[BUFSIZ]; krb5_error_code ret; struct stat st; - + *result = FALSE; f = fopen (filename, "r"); if (f == NULL) return errno; - + rk_cloexec_file(f); + /* check type and mode of file */ if (fstat(fileno(f), &st) != 0) { fclose (f); @@ -105,10 +106,10 @@ check_one_file(krb5_context context, } static krb5_error_code -check_directory(krb5_context context, - const char *dirname, +check_directory(krb5_context context, + const char *dirname, struct passwd *pwd, - krb5_principal principal, + krb5_principal principal, krb5_boolean *result) { DIR *d; @@ -124,16 +125,15 @@ check_directory(krb5_context context, if (!S_ISDIR(st.st_mode)) return ENOTDIR; - + if (st.st_uid != pwd->pw_uid && st.st_uid != 0) return EACCES; if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) return EACCES; - if((d = opendir(dirname)) == NULL) + if((d = opendir(dirname)) == NULL) return errno; -#ifdef HAVE_DIRFD { int fd; struct stat st2; @@ -148,7 +148,6 @@ check_directory(krb5_context context, return EACCES; } } -#endif while((dent = readdir(d)) != NULL) { if(strcmp(dent->d_name, ".") == 0 || @@ -166,6 +165,8 @@ check_directory(krb5_context context, return ret; } +#endif /* !_WIN32 */ + static krb5_boolean match_local_principals(krb5_context context, krb5_principal principal, @@ -174,7 +175,7 @@ match_local_principals(krb5_context context, krb5_error_code ret; krb5_realm *realms, *r; krb5_boolean result = FALSE; - + /* multi-component principals can never match */ if(krb5_principal_get_comp_string(context, principal, 1) != NULL) return FALSE; @@ -182,7 +183,7 @@ match_local_principals(krb5_context context, ret = krb5_get_default_realms (context, &realms); if (ret) return FALSE; - + for (r = realms; *r != NULL; ++r) { if(strcmp(krb5_principal_get_realm(context, principal), *r) != 0) @@ -198,17 +199,50 @@ match_local_principals(krb5_context context, } /** - * Return TRUE iff `principal' is allowed to login as `luser'. + * This function takes the name of a local user and checks if + * principal is allowed to log in as that user. + * + * The user may have a ~/.k5login file listing principals that are + * allowed to login as that user. If that file does not exist, all + * principals with a first component identical to the username, and a + * realm considered local, are allowed access. + * + * The .k5login file must contain one principal per line, be owned by + * user and not be writable by group or other (but must be readable by + * anyone). + * + * Note that if the file exists, no implicit access rights are given + * to user@@LOCALREALM. + * + * Optionally, a set of files may be put in ~/.k5login.d (a + * directory), in which case they will all be checked in the same + * manner as .k5login. The files may be called anything, but files + * starting with a hash (#) , or ending with a tilde (~) are + * ignored. Subdirectories are not traversed. Note that this directory + * may not be checked by other Kerberos implementations. + * + * If no configuration file exists, match user against local domains, + * ie luser@@LOCAL-REALMS-IN-CONFIGURATION-FILES. + * + * @param context Kerberos 5 context. + * @param principal principal to check if allowed to login + * @param luser local user id + * + * @return returns TRUE if access should be granted, FALSE otherwise. + * + * @ingroup krb5_support */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_kuserok (krb5_context context, krb5_principal principal, const char *luser) { +#ifndef _WIN32 char *buf; size_t buflen; - struct passwd *pwd; + struct passwd *pwd = NULL; + char *profile_dir = NULL; krb5_error_code ret; krb5_boolean result = FALSE; @@ -225,14 +259,15 @@ krb5_kuserok (krb5_context context, #endif if (pwd == NULL) return FALSE; + profile_dir = pwd->pw_dir; #define KLOGIN "/.k5login" - buflen = strlen(pwd->pw_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */ + buflen = strlen(profile_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */ buf = malloc(buflen); if(buf == NULL) return FALSE; /* check user's ~/.k5login */ - strlcpy(buf, pwd->pw_dir, buflen); + strlcpy(buf, profile_dir, buflen); strlcat(buf, KLOGIN, buflen); ret = check_one_file(context, buf, pwd, principal, &result); @@ -241,7 +276,7 @@ krb5_kuserok (krb5_context context, return TRUE; } - if(ret != ENOENT) + if(ret != ENOENT) found_file = TRUE; strlcat(buf, ".d", buflen); @@ -250,7 +285,7 @@ krb5_kuserok (krb5_context context, if(ret == 0 && result == TRUE) return TRUE; - if(ret != ENOENT && ret != ENOTDIR) + if(ret != ENOENT && ret != ENOTDIR) found_file = TRUE; /* finally if no files exist, allow all principals matching @@ -259,4 +294,10 @@ krb5_kuserok (krb5_context context, return match_local_principals(context, principal, luser); return FALSE; +#else + /* The .k5login file may be on a remote profile and we don't have + access to the profile until we have a token handle for the + user's credentials. */ + return match_local_principals(context, principal, luser); +#endif } diff --git a/crypto/heimdal/lib/krb5/locate_plugin.h b/crypto/heimdal/lib/krb5/locate_plugin.h index 251712c8940..b1b1f0ef230 100644 --- a/crypto/heimdal/lib/krb5/locate_plugin.h +++ b/crypto/heimdal/lib/krb5/locate_plugin.h @@ -1,42 +1,42 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: locate_plugin.h 18998 2006-11-12 19:00:03Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H #define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 -#include +#define KRB5_PLUGIN_LOCATE "service_locator" enum locate_service_type { locate_service_kdc = 1, @@ -46,9 +46,9 @@ enum locate_service_type { locate_service_kpasswd }; -typedef krb5_error_code +typedef krb5_error_code (*krb5plugin_service_locate_lookup) (void *, enum locate_service_type, - const char *, int, int, + const char *, int, int, int (*)(void *,int,struct sockaddr *), void *); diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c index c04f50fd9aa..4b289afd807 100644 --- a/crypto/heimdal/lib/krb5/log.c +++ b/crypto/heimdal/lib/krb5/log.c @@ -1,39 +1,40 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" - -RCSID("$Id: log.c 19088 2006-11-21 08:08:46Z lha $"); +#include struct facility { int min; @@ -114,27 +115,29 @@ find_value(const char *s, struct s2i *table) return table->val; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_initlog(krb5_context context, const char *program, krb5_log_facility **fac) { krb5_log_facility *f = calloc(1, sizeof(*f)); if(f == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } f->program = strdup(program); if(f->program == NULL){ free(f); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *fac = f; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_func(krb5_context context, krb5_log_facility *fac, int min, @@ -145,7 +148,8 @@ krb5_addlog_func(krb5_context context, { struct facility *fp = log_realloc(fac); if(fp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } fp->min = min; @@ -161,17 +165,17 @@ struct _heimdal_syslog_data{ int priority; }; -static void +static void KRB5_CALLCONV log_syslog(const char *timestr, const char *msg, void *data) - + { struct _heimdal_syslog_data *s = data; syslog(s->priority, "%s", msg); } -static void +static void KRB5_CALLCONV close_syslog(void *data) { free(data); @@ -187,7 +191,8 @@ open_syslog(krb5_context context, int i; if(sd == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } i = find_value(sev, syslogvals); @@ -210,24 +215,33 @@ struct file_data{ int keep_open; }; -static void +static void KRB5_CALLCONV log_file(const char *timestr, const char *msg, void *data) { struct file_data *f = data; + char *msgclean; + size_t len = strlen(msg); if(f->keep_open == 0) f->fd = fopen(f->filename, f->mode); if(f->fd == NULL) return; - fprintf(f->fd, "%s %s\n", timestr, msg); + /* make sure the log doesn't contain special chars */ + msgclean = malloc((len + 1) * 4); + if (msgclean == NULL) + goto out; + strvisx(msgclean, rk_UNCONST(msg), len, VIS_OCTAL); + fprintf(f->fd, "%s %s\n", timestr, msgclean); + free(msgclean); + out: if(f->keep_open == 0) { fclose(f->fd); f->fd = NULL; } } -static void +static void KRB5_CALLCONV close_file(void *data) { struct file_data *f = data; @@ -242,7 +256,8 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, { struct file_data *fd = malloc(sizeof(*fd)); if(fd == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } fd->filename = filename; @@ -255,7 +270,7 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) { krb5_error_code ret = 0; @@ -277,7 +292,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) if(n){ p = strchr(p, '/'); if(p == NULL) { - krb5_set_error_string (context, "failed to parse \"%s\"", orig); + krb5_set_error_message(context, HEIM_ERR_LOG_PARSE, + N_("failed to parse \"%s\"", ""), orig); return HEIM_ERR_LOG_PARSE; } p++; @@ -292,25 +308,29 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) int keep_open = 0; fn = strdup(p + 5); if(fn == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if(p[4] == '='){ - int i = open(fn, O_WRONLY | O_CREAT | + int i = open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666); if(i < 0) { ret = errno; - krb5_set_error_string (context, "open(%s): %s", fn, + krb5_set_error_message(context, ret, + N_("open(%s) logile: %s", ""), fn, strerror(ret)); free(fn); return ret; } + rk_cloexec(i); file = fdopen(i, "a"); if(file == NULL){ ret = errno; close(i); - krb5_set_error_string (context, "fdopen(%s): %s", fn, - strerror(ret)); + krb5_set_error_message(context, ret, + N_("fdopen(%s) logfile: %s", ""), + fn, strerror(ret)); free(fn); return ret; } @@ -333,14 +353,15 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) strlcpy(facility, "AUTH", sizeof(facility)); ret = open_syslog(context, f, min, max, severity, facility); }else{ - krb5_set_error_string (context, "unknown log type: %s", p); ret = HEIM_ERR_LOG_PARSE; /* XXX */ + krb5_set_error_message (context, ret, + N_("unknown log type: %s", ""), p); } return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_openlog(krb5_context context, const char *program, krb5_log_facility **fac) @@ -356,15 +377,15 @@ krb5_openlog(krb5_context context, if(p == NULL) p = krb5_config_get_strings(context, NULL, "logging", "default", NULL); if(p){ - for(q = p; *q; q++) + for(q = p; *q && ret == 0; q++) ret = krb5_addlog_dest(context, *fac, *q); krb5_config_free_strings(p); }else ret = krb5_addlog_dest(context, *fac, "SYSLOG"); - return 0; + return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_closelog(krb5_context context, krb5_log_facility *fac) { @@ -383,7 +404,7 @@ krb5_closelog(krb5_context context, #undef __attribute__ #define __attribute__(X) -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog_msg(krb5_context context, krb5_log_facility *fac, char **reply, @@ -392,7 +413,7 @@ krb5_vlog_msg(krb5_context context, va_list ap) __attribute__((format (printf, 5, 0))) { - + char *msg = NULL; const char *actual = NULL; char buf[64]; @@ -400,15 +421,15 @@ krb5_vlog_msg(krb5_context context, int i; for(i = 0; fac && i < fac->len; i++) - if(fac->val[i].min <= level && + if(fac->val[i].min <= level && (fac->val[i].max < 0 || fac->val[i].max >= level)) { if(t == 0) { t = time(NULL); krb5_format_time(context, t, buf, sizeof(buf), TRUE); } if(actual == NULL) { - vasprintf(&msg, fmt, ap); - if(msg == NULL) + int ret = vasprintf(&msg, fmt, ap); + if(ret < 0 || msg == NULL) actual = fmt; else actual = msg; @@ -422,7 +443,7 @@ krb5_vlog_msg(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vlog(krb5_context context, krb5_log_facility *fac, int level, @@ -433,7 +454,7 @@ krb5_vlog(krb5_context context, return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log_msg(krb5_context context, krb5_log_facility *fac, int level, @@ -452,7 +473,7 @@ krb5_log_msg(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_log(krb5_context context, krb5_log_facility *fac, int level, @@ -469,3 +490,27 @@ krb5_log(krb5_context context, return ret; } +void KRB5_LIB_FUNCTION +_krb5_debug(krb5_context context, + int level, + const char *fmt, + ...) + __attribute__((format (printf, 3, 4))) +{ + va_list ap; + + if (context == NULL || context->debug_dest == NULL) + return; + + va_start(ap, fmt); + krb5_vlog(context, context->debug_dest, level, fmt, ap); + va_end(ap); +} + +krb5_boolean KRB5_LIB_FUNCTION +_krb5_have_debug(krb5_context context, int level) +{ + if (context == NULL || context->debug_dest == NULL) + return 0 ; + return 1; +} diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c index 01bcb09d3be..e4b90c17e7b 100644 --- a/crypto/heimdal/lib/krb5/mcache.c +++ b/crypto/heimdal/lib/krb5/mcache.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: mcache.c 22107 2007-12-03 17:22:51Z lha $"); - typedef struct krb5_mcache { char *name; unsigned int refcnt; @@ -45,6 +45,8 @@ typedef struct krb5_mcache { struct link *next; } *creds; struct krb5_mcache *next; + time_t mtime; + krb5_deltat kdc_offset; } krb5_mcache; static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -54,26 +56,27 @@ static struct krb5_mcache *mcc_head; #define MISDEAD(X) ((X)->dead) -static const char* +static const char* KRB5_CALLCONV mcc_get_name(krb5_context context, krb5_ccache id) { return MCACHE(id)->name; } -static krb5_mcache * +static krb5_mcache * KRB5_CALLCONV mcc_alloc(const char *name) { krb5_mcache *m, *m_c; + int ret = 0; ALLOC(m, 1); if(m == NULL) return NULL; if(name == NULL) - asprintf(&m->name, "%p", m); + ret = asprintf(&m->name, "%p", m); else m->name = strdup(name); - if(m->name == NULL) { + if(ret < 0 || m->name == NULL) { free(m); return NULL; } @@ -93,13 +96,15 @@ mcc_alloc(const char *name) m->refcnt = 1; m->primary_principal = NULL; m->creds = NULL; + m->mtime = time(NULL); + m->kdc_offset = 0; m->next = mcc_head; mcc_head = m; HEIMDAL_MUTEX_unlock(&mcc_mutex); return m; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) { krb5_mcache *m; @@ -119,10 +124,11 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) m = mcc_alloc(res); if (m == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } - + (*id)->data.data = m; (*id)->data.length = sizeof(*m); @@ -130,7 +136,7 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_gen_new(krb5_context context, krb5_ccache *id) { krb5_mcache *m; @@ -138,7 +144,8 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) m = mcc_alloc(NULL); if (m == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } @@ -148,13 +155,14 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal primary_principal) { krb5_mcache *m = MCACHE(id); m->dead = 0; + m->mtime = time(NULL); return krb5_copy_principal (context, primary_principal, &m->primary_principal); @@ -173,7 +181,7 @@ mcc_close_internal(krb5_mcache *m) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_close(krb5_context context, krb5_ccache id) { @@ -182,7 +190,7 @@ mcc_close(krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_destroy(krb5_context context, krb5_ccache id) { @@ -212,7 +220,7 @@ mcc_destroy(krb5_context context, l = m->creds; while (l != NULL) { struct link *old; - + krb5_free_cred_contents (context, &l->cred); old = l; l = l->next; @@ -223,7 +231,7 @@ mcc_destroy(krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_store_cred(krb5_context context, krb5_ccache id, krb5_creds *creds) @@ -237,7 +245,8 @@ mcc_store_cred(krb5_context context, l = malloc (sizeof(*l)); if (l == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } l->next = m->creds; @@ -249,10 +258,11 @@ mcc_store_cred(krb5_context context, free (l); return ret; } + m->mtime = time(NULL); return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *principal) @@ -266,7 +276,7 @@ mcc_get_principal(krb5_context context, principal); } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_get_first (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) @@ -280,7 +290,7 @@ mcc_get_first (krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_get_next (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, @@ -302,7 +312,7 @@ mcc_get_next (krb5_context context, return KRB5_CC_END; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_end_get (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor) @@ -310,7 +320,7 @@ mcc_end_get (krb5_context context, return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags which, @@ -323,34 +333,36 @@ mcc_remove_cred(krb5_context context, *q = p->next; krb5_free_cred_contents(context, &p->cred); free(p); + m->mtime = time(NULL); } else q = &p->next; } return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { return 0; /* XXX */ } - + struct mcache_iter { krb5_mcache *cache; }; -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) { struct mcache_iter *iter; iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; - } + } HEIMDAL_MUTEX_lock(&mcc_mutex); iter->cache = mcc_head; @@ -362,7 +374,7 @@ mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) { struct mcache_iter *iter = cursor; @@ -389,7 +401,7 @@ mcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) { struct mcache_iter *iter = cursor; @@ -401,7 +413,7 @@ mcc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_mcache *mfrom = MCACHE(from), *mto = MCACHE(to); @@ -428,23 +440,49 @@ mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) mto->primary_principal = mfrom->primary_principal; mfrom->primary_principal = principal; + mto->mtime = mfrom->mtime = time(NULL); + HEIMDAL_MUTEX_unlock(&mcc_mutex); mcc_destroy(context, from); return 0; } -static krb5_error_code +static krb5_error_code KRB5_CALLCONV mcc_default_name(krb5_context context, char **str) { *str = strdup("MEMORY:"); if (*str == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; } +static krb5_error_code KRB5_CALLCONV +mcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + *mtime = MCACHE(id)->mtime; + return 0; +} + +static krb5_error_code KRB5_CALLCONV +mcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset) +{ + krb5_mcache *m = MCACHE(id); + m->kdc_offset = kdc_offset; + return 0; +} + +static krb5_error_code KRB5_CALLCONV +mcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset) +{ + krb5_mcache *m = MCACHE(id); + *kdc_offset = m->kdc_offset; + return 0; +} + /** * Variable containing the MEMORY based credential cache implemention. @@ -452,7 +490,8 @@ mcc_default_name(krb5_context context, char **str) * @ingroup krb5_ccache */ -const krb5_cc_ops krb5_mcc_ops = { +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops = { + KRB5_CC_OPS_VERSION, "MEMORY", mcc_get_name, mcc_resolve, @@ -473,5 +512,9 @@ const krb5_cc_ops krb5_mcc_ops = { mcc_get_cache_next, mcc_end_cache_get, mcc_move, - mcc_default_name + mcc_default_name, + NULL, + mcc_lastchange, + mcc_set_kdc_offset, + mcc_get_kdc_offset }; diff --git a/crypto/heimdal/lib/krb5/misc.c b/crypto/heimdal/lib/krb5/misc.c index 8050bdb9b46..ac6720c4e99 100644 --- a/crypto/heimdal/lib/krb5/misc.c +++ b/crypto/heimdal/lib/krb5/misc.c @@ -1,54 +1,55 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" +#ifdef HAVE_EXECINFO_H +#include +#endif -RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_s4u2self_to_checksumdata(krb5_context context, - const PA_S4U2Self *self, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_s4u2self_to_checksumdata(krb5_context context, + const PA_S4U2Self *self, krb5_data *data) { krb5_error_code ret; krb5_ssize_t ssize; krb5_storage *sp; size_t size; - int i; + size_t i; sp = krb5_storage_emem(); if (sp == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -58,20 +59,20 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, for (i = 0; i < self->name.name_string.len; i++) { size = strlen(self->name.name_string.val[i]); ssize = krb5_storage_write(sp, self->name.name_string.val[i], size); - if (ssize != size) { + if (ssize != (krb5_ssize_t)size) { ret = ENOMEM; goto out; } } size = strlen(self->realm); ssize = krb5_storage_write(sp, self->realm, size); - if (ssize != size) { + if (ssize != (krb5_ssize_t)size) { ret = ENOMEM; goto out; } size = strlen(self->auth); ssize = krb5_storage_write(sp, self->auth, size); - if (ssize != size) { + if (ssize != (krb5_ssize_t)size) { ret = ENOMEM; goto out; } @@ -81,6 +82,47 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, return ret; out: - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } + +krb5_error_code +krb5_enomem(krb5_context context) +{ + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; +} + +void +_krb5_debug_backtrace(krb5_context context) +{ +#if defined(HAVE_BACKTRACE) && !defined(HEIMDAL_SMALLER) + void *stack[128]; + char **strs = NULL; + int i, frames = backtrace(stack, sizeof(stack) / sizeof(stack[0])); + if (frames > 0) + strs = backtrace_symbols(stack, frames); + if (strs) { + for (i = 0; i < frames; i++) + _krb5_debug(context, 10, "frame %d: %s", i, strs[i]); + free(strs); + } +#endif +} + +krb5_error_code +_krb5_einval(krb5_context context, const char *func, unsigned long argn) +{ +#ifndef HEIMDAL_SMALLER + krb5_set_error_message(context, EINVAL, + N_("programmer error: invalid argument to %s argument %lu", + "function:line"), + func, argn); + if (_krb5_have_debug(context, 10)) { + _krb5_debug(context, 10, "invalid argument to function %s argument %lu", + func, argn); + _krb5_debug_backtrace(context); + } +#endif + return EINVAL; +} diff --git a/crypto/heimdal/lib/krb5/mit_glue.c b/crypto/heimdal/lib/krb5/mit_glue.c index 7440d547627..16c230a11f9 100644 --- a/crypto/heimdal/lib/krb5/mit_glue.c +++ b/crypto/heimdal/lib/krb5/mit_glue.c @@ -1,49 +1,50 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $"); + +#ifndef HEIMDAL_SMALLER /* * Glue for MIT API */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_make_checksum(krb5_context context, - krb5_cksumtype cksumtype, - const krb5_keyblock *key, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_make_checksum(krb5_context context, + krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *input, + const krb5_data *input, krb5_checksum *cksum) { krb5_error_code ret; @@ -60,7 +61,7 @@ krb5_c_make_checksum(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid) @@ -76,8 +77,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, return ret; if (data_cksum.cksumtype == cksum->cksumtype - && data_cksum.checksum.length == cksum->checksum.length - && memcmp(data_cksum.checksum.data, cksum->checksum.data, cksum->checksum.length) == 0) + && krb5_data_ct_cmp(&data_cksum.checksum, &cksum->checksum) == 0) *valid = 1; krb5_free_checksum_contents(context, &data_cksum); @@ -85,7 +85,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, krb5_cksumtype *type, krb5_data **data) { @@ -108,7 +108,7 @@ krb5_c_get_checksum(krb5_context context, const krb5_checksum *cksum, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, krb5_cksumtype type, const krb5_data *data) { @@ -116,51 +116,51 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, return der_copy_octet_string(data, &cksum->checksum); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum (krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); free(cksum); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_checksum_contents(krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); memset(cksum, 0, sizeof(*cksum)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_checksum_free(krb5_context context, krb5_checksum *cksum) { free_Checksum(cksum); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_enctype (krb5_enctype etype) { - return krb5_enctype_valid(NULL, etype); + return !krb5_enctype_valid(NULL, etype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_valid_cksumtype(krb5_cksumtype ctype) { return krb5_cksumtype_valid(NULL, ctype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) { return krb5_checksum_is_collision_proof(NULL, ctype); } -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_c_is_keyed_cksum(krb5_cksumtype ctype) { return krb5_checksum_is_keyed(NULL, ctype); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_checksum (krb5_context context, const krb5_checksum *old, krb5_checksum **new) @@ -171,16 +171,16 @@ krb5_copy_checksum (krb5_context context, return copy_Checksum(old, *new); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, size_t *length) { return krb5_checksumsize(context, cksumtype, length); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_block_size(krb5_context context, - krb5_enctype enctype, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_block_size(krb5_context context, + krb5_enctype enctype, size_t *blocksize) { krb5_error_code ret; @@ -201,12 +201,12 @@ krb5_c_block_size(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_decrypt(krb5_context context, - const krb5_keyblock key, - krb5_keyusage usage, - const krb5_data *ivec, - krb5_enc_data *input, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_decrypt(krb5_context context, + const krb5_keyblock key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_enc_data *input, krb5_data *output) { krb5_error_code ret; @@ -224,16 +224,16 @@ krb5_c_decrypt(krb5_context context, krb5_crypto_destroy(context, crypto); return ret; } - + if (blocksize > ivec->length) { krb5_crypto_destroy(context, crypto); return KRB5_BAD_MSIZE; } } - ret = krb5_decrypt_ivec(context, crypto, usage, - input->ciphertext.data, input->ciphertext.length, - output, + ret = krb5_decrypt_ivec(context, crypto, usage, + input->ciphertext.data, input->ciphertext.length, + output, ivec ? ivec->data : NULL); krb5_crypto_destroy(context, crypto); @@ -241,11 +241,11 @@ krb5_c_decrypt(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt(krb5_context context, - const krb5_keyblock *key, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_encrypt(krb5_context context, + const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *ivec, + const krb5_data *ivec, const krb5_data *input, krb5_enc_data *output) { @@ -271,9 +271,9 @@ krb5_c_encrypt(krb5_context context, } } - ret = krb5_encrypt_ivec(context, crypto, usage, - input->data, input->length, - &output->ciphertext, + ret = krb5_encrypt_ivec(context, crypto, usage, + input->data, input->length, + &output->ciphertext, ivec ? ivec->data : NULL); output->kvno = 0; krb5_crypto_getenctype(context, crypto, &output->enctype); @@ -283,9 +283,9 @@ krb5_c_encrypt(krb5_context context, return ret ; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt_length(krb5_context context, - krb5_enctype enctype, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_encrypt_length(krb5_context context, + krb5_enctype enctype, size_t inputlen, size_t *length) { @@ -308,25 +308,32 @@ krb5_c_encrypt_length(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_enctype_compare(krb5_context context, +/** + * Deprecated: keytypes doesn't exists, they are really enctypes. + * + * @ingroup krb5_deprecated + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, - krb5_enctype e2, + krb5_enctype e2, krb5_boolean *similar) + KRB5_DEPRECATED_FUNCTION("Use X instead") { - *similar = krb5_enctypes_compatible_keys(context, e1, e2); + *similar = (e1 == e2); return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_make_random_key(krb5_context context, - krb5_enctype enctype, + krb5_enctype enctype, krb5_keyblock *random_key) { return krb5_generate_random_keyblock(context, enctype, random_key); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_keylengths(krb5_context context, krb5_enctype enctype, size_t *ilen, @@ -341,7 +348,7 @@ krb5_c_keylengths(krb5_context context, return krb5_enctype_keysize(context, enctype, keylen); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf_length(krb5_context context, krb5_enctype type, size_t *length) @@ -349,10 +356,10 @@ krb5_c_prf_length(krb5_context context, return krb5_crypto_prf_length(context, type, length); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_prf(krb5_context context, const krb5_keyblock *key, - const krb5_data *input, + const krb5_data *input, krb5_data *output) { krb5_crypto crypto; @@ -367,3 +374,59 @@ krb5_c_prf(krb5_context context, return ret; } + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_c_random_make_octets(krb5_context context, krb5_data * data) +{ + return krb5_generate_random_keyblock(context, data->length, data->data); +} + +/** + * MIT compat glue + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_cc_copy_creds(krb5_context context, + const krb5_ccache from, + krb5_ccache to) +{ + return krb5_cc_copy_cache(context, from, to); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getsendsubkey(krb5_context context, krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + return krb5_auth_con_getlocalsubkey(context, auth_context, keyblock); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_getrecvsubkey(krb5_context context, krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + return krb5_auth_con_getremotesubkey(context, auth_context, keyblock); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setsendsubkey(krb5_context context, krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + return krb5_auth_con_setlocalsubkey(context, auth_context, keyblock); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_auth_con_setrecvsubkey(krb5_context context, krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + return krb5_auth_con_setremotesubkey(context, auth_context, keyblock); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_default_realm(krb5_context context, krb5_realm realm) +{ + return krb5_xfree(realm); +} + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c index 70466499343..5fee1d6bed6 100644 --- a/crypto/heimdal/lib/krb5/mk_error.c +++ b/crypto/heimdal/lib/krb5/mk_error.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_error(krb5_context context, krb5_error_code error_code, const char *e_text, @@ -46,10 +44,11 @@ krb5_mk_error(krb5_context context, int *client_usec, krb5_data *reply) { + const char *e_text2 = NULL; KRB_ERROR msg; krb5_timestamp sec; int32_t usec; - size_t len; + size_t len = 0; krb5_error_code ret = 0; krb5_us_timeofday (context, &sec, &usec); @@ -64,7 +63,7 @@ krb5_mk_error(krb5_context context, /* Make sure we only send `protocol' error codes */ if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) { if(e_text == NULL) - e_text = krb5_get_err_text(context, error_code); + e_text = e_text2 = krb5_get_error_message(context, error_code); error_code = KRB5KRB_ERR_GENERIC; } msg.error_code = error_code - KRB5KDC_ERR_NONE; @@ -76,7 +75,8 @@ krb5_mk_error(krb5_context context, msg.realm = server->realm; msg.sname = server->name; }else{ - msg.realm = ""; + static char unspec[] = ""; + msg.realm = unspec; } if(client){ msg.crealm = &client->realm; @@ -84,6 +84,8 @@ krb5_mk_error(krb5_context context, } ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret); + if (e_text2) + krb5_free_error_message(context, e_text2); if (ret) return ret; if(reply->length != len) diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c index 87e429af8cb..dede6d2fa4d 100644 --- a/crypto/heimdal/lib/krb5/mk_priv.c +++ b/crypto/heimdal/lib/krb5/mk_priv.c @@ -1,42 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: mk_priv.c 16680 2006-02-01 12:39:26Z lha $"); - - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, @@ -48,12 +45,12 @@ krb5_mk_priv(krb5_context context, EncKrbPrivPart part; u_char *buf = NULL; size_t buf_size; - size_t len; + size_t len = 0; krb5_crypto crypto; krb5_keyblock *key; krb5_replay_data rdata; - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ @@ -92,7 +89,7 @@ krb5_mk_priv(krb5_context context, if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = auth_context->local_seqnumber; - + part.s_address = auth_context->local_address; part.r_address = auth_context->remote_address; @@ -114,10 +111,10 @@ krb5_mk_priv(krb5_context context, free (buf); return ret; } - ret = krb5_encrypt (context, + ret = krb5_encrypt (context, crypto, KRB5_KU_KRB_PRIV, - buf + buf_size - len, + buf + buf_size - len, len, &s.enc_part.cipher); krb5_crypto_destroy(context, crypto); @@ -138,7 +135,8 @@ krb5_mk_priv(krb5_context context, ret = krb5_data_copy(outbuf, buf + buf_size - len, len); if (ret) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); free(buf); return ENOMEM; } diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index 570a8372013..84c315291c1 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: mk_rep.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) @@ -45,7 +43,7 @@ krb5_mk_rep(krb5_context context, EncAPRepPart body; u_char *buf = NULL; size_t buf_size; - size_t len; + size_t len = 0; krb5_crypto crypto; ap.pvno = 5; @@ -61,8 +59,6 @@ krb5_mk_rep(krb5_context context, auth_context, auth_context->keyblock); if(ret) { - krb5_set_error_string (context, - "krb5_mk_rep: generating subkey"); free_EncAPRepPart(&body); return ret; } @@ -70,21 +66,21 @@ krb5_mk_rep(krb5_context context, ret = krb5_copy_keyblock(context, auth_context->local_subkey, &body.subkey); if (ret) { - krb5_set_error_string (context, - "krb5_copy_keyblock: out of memory"); free_EncAPRepPart(&body); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } } else body.subkey = NULL; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - if(auth_context->local_seqnumber == 0) + if(auth_context->local_seqnumber == 0) krb5_generate_seq_number (context, auth_context->keyblock, &auth_context->local_seqnumber); ALLOC(body.seq_number, 1); if (body.seq_number == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); free_EncAPRepPart(&body); return ENOMEM; } @@ -101,7 +97,7 @@ krb5_mk_rep(krb5_context context, return ret; if (buf_size != len) krb5_abortx(context, "internal error in ASN.1 encoder"); - ret = krb5_crypto_init(context, auth_context->keyblock, + ret = krb5_crypto_init(context, auth_context->keyblock, 0 /* ap.enc_part.etype */, &crypto); if (ret) { free (buf); @@ -110,7 +106,7 @@ krb5_mk_rep(krb5_context context, ret = krb5_encrypt (context, crypto, KRB5_KU_AP_REQ_ENC_PART, - buf + buf_size - len, + buf + buf_size - len, len, &ap.enc_part.cipher); krb5_crypto_destroy(context, crypto); diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c index 5f64f01e956..44e6c8b68a1 100644 --- a/crypto/heimdal/lib/krb5/mk_req.c +++ b/crypto/heimdal/lib/krb5/mk_req.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_exact(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, @@ -50,7 +48,7 @@ krb5_mk_req_exact(krb5_context context, memset(&this_cred, 0, sizeof(this_cred)); ret = krb5_cc_get_principal(context, ccache, &this_cred.client); - + if(ret) return ret; @@ -79,7 +77,7 @@ krb5_mk_req_exact(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c index b6d55c8815a..af68e4e1953 100644 --- a/crypto/heimdal/lib/krb5/mk_req_ext.c +++ b/crypto/heimdal/lib/krb5/mk_req_ext.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $"); +#include "krb5_locl.h" krb5_error_code _krb5_mk_req_internal(krb5_context context, @@ -61,10 +59,10 @@ _krb5_mk_req_internal(krb5_context context, ret = krb5_auth_con_init(context, &ac); if(ret) return ret; - + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { ret = krb5_auth_con_generatelocalsubkey(context, - ac, + ac, &in_creds->session); if(ret) goto out; @@ -74,7 +72,7 @@ _krb5_mk_req_internal(krb5_context context, ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); if (ret) goto out; - + /* it's unclear what type of checksum we can use. try the best one, except: * a) if it's configured differently for the current realm, or * b) if the session key is des-cbc-crc @@ -83,7 +81,7 @@ _krb5_mk_req_internal(krb5_context context, if (in_data) { if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { /* this is to make DCE secd (and older MIT kdcs?) happy */ - ret = krb5_create_checksum(context, + ret = krb5_create_checksum(context, NULL, 0, CKSUMTYPE_RSA_MD4, @@ -94,8 +92,8 @@ _krb5_mk_req_internal(krb5_context context, ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 || ac->keyblock->keytype == ETYPE_DES_CBC_MD4 || ac->keyblock->keytype == ETYPE_DES_CBC_MD5) { - /* this is to make MS kdc happy */ - ret = krb5_create_checksum(context, + /* this is to make MS kdc happy */ + ret = krb5_create_checksum(context, NULL, 0, CKSUMTYPE_RSA_MD5, @@ -108,7 +106,7 @@ _krb5_mk_req_internal(krb5_context context, ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); if (ret) goto out; - ret = krb5_create_checksum(context, + ret = krb5_create_checksum(context, crypto, checksum_usage, 0, @@ -124,13 +122,12 @@ _krb5_mk_req_internal(krb5_context context, if (ret) goto out; - - ret = krb5_build_authenticator (context, + + ret = _krb5_build_authenticator(context, ac, ac->keyblock->keytype, in_creds, c_opt, - NULL, &authenticator, encrypt_usage); if (c_opt) @@ -138,7 +135,7 @@ _krb5_mk_req_internal(krb5_context context, if (ret) goto out; - ret = krb5_build_ap_req (context, ac->keyblock->keytype, + ret = krb5_build_ap_req (context, ac->keyblock->keytype, in_creds, ap_req_options, authenticator, outbuf); out: if(auth_context == NULL) @@ -146,7 +143,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c index 0b75759a5f6..b327e1ce72f 100644 --- a/crypto/heimdal/lib/krb5/mk_safe.c +++ b/crypto/heimdal/lib/krb5/mk_safe.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: mk_safe.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, @@ -46,12 +44,12 @@ krb5_mk_safe(krb5_context context, KRB_SAFE s; u_char *buf = NULL; size_t buf_size; - size_t len; + size_t len = 0; krb5_crypto crypto; krb5_keyblock *key; krb5_replay_data rdata; - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ @@ -79,7 +77,7 @@ krb5_mk_safe(krb5_context context, s.safe_body.timestamp = NULL; s.safe_body.usec = NULL; } - + if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) { outdata->timestamp = rdata.timestamp; outdata->usec = rdata.usec; @@ -88,12 +86,12 @@ krb5_mk_safe(krb5_context context, if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { rdata.seq = auth_context->local_seqnumber; s.safe_body.seq_number = &rdata.seq; - } else + } else s.safe_body.seq_number = NULL; if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = auth_context->local_seqnumber; - + s.safe_body.s_address = auth_context->local_address; s.safe_body.r_address = auth_context->remote_address; @@ -111,7 +109,7 @@ krb5_mk_safe(krb5_context context, free (buf); return ret; } - ret = krb5_create_checksum(context, + ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB_SAFE_CKSUM, 0, diff --git a/crypto/heimdal/lib/krb5/n-fold-test.c b/crypto/heimdal/lib/krb5/n-fold-test.c index 248e232c056..452964522be 100644 --- a/crypto/heimdal/lib/krb5/n-fold-test.c +++ b/crypto/heimdal/lib/krb5/n-fold-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,8 +32,6 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold-test.c 21745 2007-07-31 16:11:25Z lha $"); - enum { MAXSIZE = 24 }; static struct testcase { diff --git a/crypto/heimdal/lib/krb5/n-fold.c b/crypto/heimdal/lib/krb5/n-fold.c index 53528cfd1f7..2e6092c5ca8 100644 --- a/crypto/heimdal/lib/krb5/n-fold.c +++ b/crypto/heimdal/lib/krb5/n-fold.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,8 +32,6 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c 22190 2007-12-06 16:24:22Z lha $"); - static krb5_error_code rr13(unsigned char *buf, size_t len) { @@ -45,7 +43,7 @@ rr13(unsigned char *buf, size_t len) { const int bits = 13 % len; const int lbit = len % 8; - + tmp = malloc(bytes); if (tmp == NULL) return ENOMEM; @@ -66,11 +64,11 @@ rr13(unsigned char *buf, size_t len) /* byte offset and shift count */ b1 = bb / 8; s1 = bb % 8; - - if(bb + 8 > bytes * 8) + + if(bb + 8 > bytes * 8) /* watch for wraparound */ s2 = (len + 8 - s1) % 8; - else + else s2 = 8 - s1; b2 = (b1 + 1) % bytes; buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2); @@ -98,7 +96,7 @@ add1(unsigned char *a, unsigned char *b, size_t len) } } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_n_fold(const void *str, size_t len, void *key, size_t size) { /* if len < size we need at most N * len bytes, ie < 2 * size; @@ -108,9 +106,11 @@ _krb5_n_fold(const void *str, size_t len, void *key, size_t size) size_t l = 0; unsigned char *tmp = malloc(maxlen); unsigned char *buf = malloc(len); - - if (tmp == NULL || buf == NULL) - return ENOMEM; + + if (tmp == NULL || buf == NULL) { + ret = ENOMEM; + goto out; + } memcpy(buf, str, len); memset(key, 0, size); @@ -129,9 +129,13 @@ _krb5_n_fold(const void *str, size_t len, void *key, size_t size) } } while(l != 0); out: - memset(buf, 0, len); - free(buf); - memset(tmp, 0, maxlen); - free(tmp); + if (buf) { + memset(buf, 0, len); + free(buf); + } + if (tmp) { + memset(tmp, 0, maxlen); + free(tmp); + } return ret; } diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c deleted file mode 100644 index 0bb05f5531a..00000000000 --- a/crypto/heimdal/lib/krb5/name-45-test.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "krb5_locl.h" -#include - -RCSID("$Id: name-45-test.c 19763 2007-01-08 13:35:49Z lha $"); - -enum { MAX_COMPONENTS = 3 }; - -static struct testcase { - const char *v4_name; - const char *v4_inst; - const char *v4_realm; - - krb5_realm v5_realm; - unsigned ncomponents; - char *comp_val[MAX_COMPONENTS]; - - const char *config_file; - krb5_error_code ret; /* expected error code from 524 */ - - krb5_error_code ret2; /* expected error code from 425 */ -} tests[] = { - {"", "", "", "", 1, {""}, NULL, 0, 0}, - {"a", "", "", "", 1, {"a"}, NULL, 0, 0}, - {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0}, - {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0}, - - {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2, - {"krbtgt", "FOO.SE"}, NULL, 0, 0}, - - {"foo", "bar2", "BAZ", "BAZ", 2, - {"foo", "bar2"}, NULL, 0, 0}, - {"foo", "bar2", "BAZ", "BAZ", 2, - {"foo", "bar2"}, - "[libdefaults]\n" - " v4_name_convert = {\n" - " host = {\n" - " foo = foo5\n" - " }\n" - "}\n", - HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"foo", "bar2", "BAZ", "BAZ", 2, - {"foo5", "bar2.baz"}, - "[realms]\n" - " BAZ = {\n" - " v4_name_convert = {\n" - " host = {\n" - " foo = foo5\n" - " }\n" - " }\n" - " v4_instance_convert = {\n" - " bar2 = bar2.baz\n" - " }\n" - " }\n", - 0, 0}, - - {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL, - HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"}, - "[realms]\n" - " realm = {\n" - " v4_instance_convert = {\n" - " foo = foo.realm\n" - " }\n" - " }\n", - 0, 0}, - - {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"pop", "mail0.nada.kth.se"}, - "[realms]\n" - " NADA.KTH.SE = {\n" - " default_domain = nada.kth.se\n" - " }\n", - 0, 0}, - {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"pop", "mail0.nada.kth.se"}, - "[libdefaults]\n" - " v4_instance_resolve = true\n", - HEIM_ERR_V4_PRINC_NO_CONV, 0}, - - {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "hokkigai.pdc.kth.se"}, - "[libdefaults]\n" - " v4_instance_resolve = true\n" - "[realms]\n" - " NADA.KTH.SE = {\n" - " v4_name_convert = {\n" - " host = {\n" - " rcmd = host\n" - " }\n" - " }\n" - " default_domain = pdc.kth.se\n" - " }\n", - 0, 0}, - - {"0123456789012345678901234567890123456789", - "0123456789012345678901234567890123456789", - "0123456789012345678901234567890123456789", - "0123456789012345678901234567890123456789", - 2, {"0123456789012345678901234567890123456789", - "0123456789012345678901234567890123456789"}, NULL, - 0, KRB5_PARSE_MALFORMED}, - - {"012345678901234567890123456789012345678", - "012345678901234567890123456789012345678", - "012345678901234567890123456789012345678", - "012345678901234567890123456789012345678", - 2, {"012345678901234567890123456789012345678", - "012345678901234567890123456789012345678"}, NULL, - 0, 0}, - - {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0} -}; - -int -main(int argc, char **argv) -{ - struct testcase *t; - krb5_context context; - krb5_error_code ret; - char hostname[1024]; - int val = 0; - - setprogname(argv[0]); - - gethostname(hostname, sizeof(hostname)); - if (!(strstr(hostname, "kth.se") != NULL || strstr(hostname, "su.se") != NULL)) - return 0; - - for (t = tests; t->v4_name; ++t) { - krb5_principal princ; - int i; - char name[40], inst[40], realm[40]; - char printable_princ[256]; - - ret = krb5_init_context (&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - if (t->config_file != NULL) { - char template[] = "/tmp/krb5-conf-XXXXXX"; - int fd = mkstemp(template); - char *files[2]; - - if (fd < 0) - krb5_err (context, 1, errno, "mkstemp %s", template); - - if (write (fd, t->config_file, strlen(t->config_file)) - != strlen(t->config_file)) - krb5_err (context, 1, errno, "write %s", template); - close (fd); - files[0] = template; - files[1] = NULL; - - ret = krb5_set_config_files (context, files); - unlink (template); - if (ret) - krb5_err (context, 1, ret, "krb5_set_config_files"); - } - - ret = krb5_425_conv_principal (context, - t->v4_name, - t->v4_inst, - t->v4_realm, - &princ); - if (ret) { - if (ret != t->ret) { - krb5_warn (context, ret, - "krb5_425_conv_principal %s.%s@%s", - t->v4_name, t->v4_inst, t->v4_realm); - val = 1; - } - } else { - if (t->ret) { - char *s; - krb5_unparse_name(context, princ, &s); - krb5_warnx (context, - "krb5_425_conv_principal %s.%s@%s " - "passed unexpected: %s", - t->v4_name, t->v4_inst, t->v4_realm, s); - free(s); - val = 1; - krb5_free_context(context); - continue; - } - } - - if (ret) { - krb5_free_context(context); - continue; - } - - if (strcmp (t->v5_realm, princ->realm) != 0) { - printf ("wrong realm (\"%s\" should be \"%s\")" - " for \"%s.%s@%s\"\n", - princ->realm, t->v5_realm, - t->v4_name, - t->v4_inst, - t->v4_realm); - val = 1; - } - - if (t->ncomponents != princ->name.name_string.len) { - printf ("wrong number of components (%u should be %u)" - " for \"%s.%s@%s\"\n", - princ->name.name_string.len, t->ncomponents, - t->v4_name, - t->v4_inst, - t->v4_realm); - val = 1; - } else { - for (i = 0; i < t->ncomponents; ++i) { - if (strcmp(t->comp_val[i], - princ->name.name_string.val[i]) != 0) { - printf ("bad component %d (\"%s\" should be \"%s\")" - " for \"%s.%s@%s\"\n", - i, - princ->name.name_string.val[i], - t->comp_val[i], - t->v4_name, - t->v4_inst, - t->v4_realm); - val = 1; - } - } - } - ret = krb5_524_conv_principal (context, princ, - name, inst, realm); - if (krb5_unparse_name_fixed(context, princ, - printable_princ, sizeof(printable_princ))) - strlcpy(printable_princ, "unknown principal", - sizeof(printable_princ)); - if (ret) { - if (ret != t->ret2) { - krb5_warn (context, ret, - "krb5_524_conv_principal %s", printable_princ); - val = 1; - } - } else { - if (t->ret2) { - krb5_warnx (context, - "krb5_524_conv_principal %s " - "passed unexpected", printable_princ); - val = 1; - krb5_free_context(context); - continue; - } - } - if (ret) { - krb5_free_principal (context, princ); - krb5_free_context(context); - continue; - } - - krb5_free_principal (context, princ); - krb5_free_context(context); - } - return val; -} diff --git a/crypto/heimdal/lib/krb5/net_read.c b/crypto/heimdal/lib/krb5/net_read.c index f0fa2ce7a0e..f6d781c27c0 100644 --- a/crypto/heimdal/lib/krb5/net_read.c +++ b/crypto/heimdal/lib/krb5/net_read.c @@ -1,47 +1,44 @@ /* - * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: net_read.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_read (krb5_context context, void *p_fd, void *buf, size_t len) { - int fd = *((int *)p_fd); - - return net_read (fd, buf, len); + krb5_socket_t fd = *((krb5_socket_t *)p_fd); + return net_read(fd, buf, len); } diff --git a/crypto/heimdal/lib/krb5/net_write.c b/crypto/heimdal/lib/krb5/net_write.c index 868015fa921..289b96541fe 100644 --- a/crypto/heimdal/lib/krb5/net_write.c +++ b/crypto/heimdal/lib/krb5/net_write.c @@ -1,59 +1,56 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: net_write.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write (krb5_context context, void *p_fd, const void *buf, size_t len) { - int fd = *((int *)p_fd); - - return net_write (fd, buf, len); + krb5_socket_t fd = *((krb5_socket_t *)p_fd); + return net_write(fd, buf, len); } -krb5_ssize_t KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write_block(krb5_context context, void *p_fd, const void *buf, size_t len, time_t timeout) { - int fd = *((int *)p_fd); + krb5_socket_t fd = *((krb5_socket_t *)p_fd); int ret; struct timeval tv, *tvp; const char *cbuf = (const char *)buf; @@ -64,7 +61,7 @@ krb5_net_write_block(krb5_context context, do { FD_ZERO(&wfds); FD_SET(fd, &wfds); - + if (timeout != 0) { tv.tv_sec = timeout; tv.tv_usec = 0; @@ -73,29 +70,45 @@ krb5_net_write_block(krb5_context context, tvp = NULL; ret = select(fd + 1, NULL, &wfds, NULL, tvp); - if (ret < 0) { - if (errno == EINTR) + if (rk_IS_SOCKET_ERROR(ret)) { + if (rk_SOCK_ERRNO == EINTR) continue; return -1; - } else if (ret == 0) + } + +#ifdef HAVE_WINSOCK + if (ret == 0) { + WSASetLastError( WSAETIMEDOUT ); return 0; - + } + + count = send (fd, cbuf, rem, 0); + + if (rk_IS_SOCKET_ERROR(count)) { + return -1; + } + +#else + if (ret == 0) { + return 0; + } + if (!FD_ISSET(fd, &wfds)) { errno = ETIMEDOUT; return -1; } -#ifdef WIN32 - count = send (fd, cbuf, rem, 0); -#else count = write (fd, cbuf, rem); -#endif + if (count < 0) { if (errno == EINTR) continue; else return count; } + +#endif + cbuf += count; rem -= count; diff --git a/crypto/heimdal/lib/krb5/pac.c b/crypto/heimdal/lib/krb5/pac.c index 1b21750e5d4..f4caaddc264 100644 --- a/crypto/heimdal/lib/krb5/pac.c +++ b/crypto/heimdal/lib/krb5/pac.c @@ -1,39 +1,38 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" - -RCSID("$Id: pac.c 21934 2007-08-27 14:21:04Z lha $"); +#include struct PAC_INFO_BUFFER { uint32_t type; @@ -44,7 +43,7 @@ struct PAC_INFO_BUFFER { struct PACTYPE { uint32_t numbuffers; - uint32_t version; + uint32_t version; struct PAC_INFO_BUFFER buffers[1]; }; @@ -69,18 +68,55 @@ struct krb5_pac_data { #define CHECK(r,f,l) \ do { \ if (((r) = f ) != 0) { \ - krb5_clear_error_string(context); \ + krb5_clear_error_message(context); \ goto l; \ } \ } while(0) static const char zeros[PAC_ALIGNMENT] = { 0 }; +/* + * HMAC-MD5 checksum over any key (needed for the PAC routines) + */ + +static krb5_error_code +HMAC_MD5_any_checksum(krb5_context context, + const krb5_keyblock *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) +{ + struct _krb5_key_data local_key; + krb5_error_code ret; + + memset(&local_key, 0, sizeof(local_key)); + + ret = krb5_copy_keyblock(context, key, &local_key.key); + if (ret) + return ret; + + ret = krb5_data_alloc (&result->checksum, 16); + if (ret) { + krb5_free_keyblock(context, local_key.key); + return ret; + } + + result->cksumtype = CKSUMTYPE_HMAC_MD5; + ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result); + if (ret) + krb5_data_free(&result->checksum); + + krb5_free_keyblock(context, local_key.key); + return ret; +} + + /* * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_parse(krb5_context context, const void *ptr, size_t len, krb5_pac *pac) { @@ -91,15 +127,13 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, p = calloc(1, sizeof(*p)); if (p == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + ret = krb5_enomem(context); goto out; } sp = krb5_storage_from_readonly_mem(ptr, len); if (sp == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "out of memory"); + ret = krb5_enomem(context); goto out; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -107,21 +141,22 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, CHECK(ret, krb5_ret_uint32(sp, &tmp), out); CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); if (tmp < 1) { - krb5_set_error_string(context, "PAC have too few buffer"); ret = EINVAL; /* Too few buffers */ + krb5_set_error_message(context, ret, N_("PAC have too few buffer", "")); goto out; } if (tmp2 != 0) { - krb5_set_error_string(context, "PAC have wrong version"); ret = EINVAL; /* Wrong version */ + krb5_set_error_message(context, ret, + N_("PAC have wrong version %d", ""), + (int)tmp2); goto out; } - p->pac = calloc(1, + p->pac = calloc(1, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); if (p->pac == NULL) { - krb5_set_error_string(context, "out of memory"); - ret = ENOMEM; + ret = krb5_enomem(context); goto out; } @@ -142,51 +177,59 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, /* consistency checks */ if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { - krb5_set_error_string(context, "PAC out of allignment"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC out of allignment", "")); goto out; } if (p->pac->buffers[i].offset_hi) { - krb5_set_error_string(context, "PAC high offset set"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC high offset set", "")); goto out; } if (p->pac->buffers[i].offset_lo > len) { - krb5_set_error_string(context, "PAC offset off end"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC offset off end", "")); goto out; } if (p->pac->buffers[i].offset_lo < header_end) { - krb5_set_error_string(context, "PAC offset inside header: %d %d", - p->pac->buffers[i].offset_lo, header_end); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC offset inside header: %lu %lu", ""), + (unsigned long)p->pac->buffers[i].offset_lo, + (unsigned long)header_end); goto out; } if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ - krb5_set_error_string(context, "PAC length off end"); ret = EINVAL; + krb5_set_error_message(context, ret, N_("PAC length off end", "")); goto out; } /* let save pointer to data we need later */ if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { if (p->server_checksum) { - krb5_set_error_string(context, "PAC have two server checksums"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC have two server checksums", "")); goto out; } p->server_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { if (p->privsvr_checksum) { - krb5_set_error_string(context, "PAC have two KDC checksums"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC have two KDC checksums", "")); goto out; } p->privsvr_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { if (p->logon_name) { - krb5_set_error_string(context, "PAC have two logon names"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PAC have two logon names", "")); goto out; } p->logon_name = &p->pac->buffers[i]; @@ -215,7 +258,7 @@ out: return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_init(krb5_context context, krb5_pac *pac) { krb5_error_code ret; @@ -223,31 +266,27 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; + return krb5_enomem(context); } p->pac = calloc(1, sizeof(*p->pac)); if (p->pac == NULL) { free(p); - krb5_set_error_string(context, "out of memory"); - return ENOMEM; + return krb5_enomem(context); } ret = krb5_data_alloc(&p->data, PACTYPE_SIZE); if (ret) { free (p->pac); free(p); - krb5_set_error_string(context, "out of memory"); - return ret; + return krb5_enomem(context); } - *pac = p; return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_add_buffer(krb5_context context, krb5_pac p, uint32_t type, const krb5_data *data) { @@ -260,10 +299,9 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); - if (ptr == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (ptr == NULL) + return krb5_enomem(context); + p->pac = ptr; for (i = 0; i < len; i++) @@ -279,20 +317,20 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, old_end = p->data.length; len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; if (len < p->data.length) { - krb5_set_error_string(context, "integer overrun"); + krb5_set_error_message(context, EINVAL, "integer overrun"); return EINVAL; } - + /* align to PAC_ALIGNMENT */ len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; ret = krb5_data_realloc(&p->data, len); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } - /* + /* * make place for new PAC INFO BUFFER header */ header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); @@ -315,43 +353,43 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, return 0; } -krb5_error_code +/** + * Get the PAC buffer of specific type from the pac. + * + * @param context Kerberos 5 context. + * @param p the pac structure returned by krb5_pac_parse(). + * @param type type of buffer to get + * @param data return data, free with krb5_data_free(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_pac + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer(krb5_context context, krb5_pac p, uint32_t type, krb5_data *data) { krb5_error_code ret; uint32_t i; - /* - * Hide the checksums from external consumers - */ - - if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { - ret = krb5_data_alloc(data, 16); - if (ret) { - krb5_set_error_string(context, "out of memory"); - return ret; - } - memset(data->data, 0, data->length); - return 0; - } - for (i = 0; i < p->pac->numbuffers; i++) { - size_t len = p->pac->buffers[i].buffersize; - size_t offset = p->pac->buffers[i].offset_lo; + const size_t len = p->pac->buffers[i].buffersize; + const size_t offset = p->pac->buffers[i].offset_lo; if (p->pac->buffers[i].type != type) continue; ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); if (ret) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } return 0; } - krb5_set_error_string(context, "No PAC buffer of type %lu was found", - (unsigned long)type); + krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found", + (unsigned long)type); return ENOENT; } @@ -359,7 +397,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_types(krb5_context context, krb5_pac p, size_t *len, @@ -370,8 +408,7 @@ krb5_pac_get_types(krb5_context context, *types = calloc(p->pac->numbuffers, sizeof(*types)); if (*types == NULL) { *len = 0; - krb5_set_error_string(context, "out of memory"); - return ENOMEM; + return krb5_enomem(context); } for (i = 0; i < p->pac->numbuffers; i++) (*types)[i] = p->pac->buffers[i].type; @@ -384,7 +421,7 @@ krb5_pac_get_types(krb5_context context, * */ -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_pac_free(krb5_context context, krb5_pac pac) { krb5_data_free(&pac->data); @@ -403,7 +440,6 @@ verify_checksum(krb5_context context, void *ptr, size_t len, const krb5_keyblock *key) { - krb5_crypto crypto = NULL; krb5_storage *sp = NULL; uint32_t type; krb5_error_code ret; @@ -413,44 +449,71 @@ verify_checksum(krb5_context context, sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sig->buffersize); - if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (sp == NULL) + return krb5_enomem(context); + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); CHECK(ret, krb5_ret_uint32(sp, &type), out); cksum.cksumtype = type; - cksum.checksum.length = + cksum.checksum.length = sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); cksum.checksum.data = malloc(cksum.checksum.length); if (cksum.checksum.data == NULL) { - krb5_set_error_string(context, "out of memory"); - ret = ENOMEM; + ret = krb5_enomem(context); goto out; } ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); - if (ret != cksum.checksum.length) { - krb5_set_error_string(context, "PAC checksum missing checksum"); + if (ret != (int)cksum.checksum.length) { ret = EINVAL; + krb5_set_error_message(context, ret, "PAC checksum missing checksum"); goto out; } if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) { - krb5_set_error_string (context, "Checksum type %d not keyed", - cksum.cksumtype); ret = EINVAL; + krb5_set_error_message(context, ret, "Checksum type %d not keyed", + cksum.cksumtype); goto out; } - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) - goto out; + /* If the checksum is HMAC-MD5, the checksum type is not tied to + * the key type, instead the HMAC-MD5 checksum is applied blindly + * on whatever key is used for this connection, avoiding issues + * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See + * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 + * for the same issue in MIT, and + * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx + * for Microsoft's explaination */ - ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, - ptr, len, &cksum); + if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5) { + Checksum local_checksum; + + memset(&local_checksum, 0, sizeof(local_checksum)); + + ret = HMAC_MD5_any_checksum(context, key, ptr, len, + KRB5_KU_OTHER_CKSUM, &local_checksum); + + if (ret != 0 || krb5_data_ct_cmp(&local_checksum.checksum, &cksum.checksum) != 0) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + krb5_set_error_message(context, ret, + N_("PAC integrity check failed for " + "hmac-md5 checksum", "")); + } + krb5_data_free(&local_checksum.checksum); + + } else { + krb5_crypto crypto = NULL; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + goto out; + + ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, + ptr, len, &cksum); + krb5_crypto_destroy(context, crypto); + } free(cksum.checksum.data); - krb5_crypto_destroy(context, crypto); krb5_storage_free(sp); return ret; @@ -460,14 +523,13 @@ out: free(cksum.checksum.data); if (sp) krb5_storage_free(sp); - if (crypto) - krb5_crypto_destroy(context, crypto); return ret; } static krb5_error_code create_checksum(krb5_context context, const krb5_keyblock *key, + uint32_t cksumtype, void *data, size_t datalen, void *sig, size_t siglen) { @@ -475,18 +537,31 @@ create_checksum(krb5_context context, krb5_error_code ret; Checksum cksum; - ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) - return ret; + /* If the checksum is HMAC-MD5, the checksum type is not tied to + * the key type, instead the HMAC-MD5 checksum is applied blindly + * on whatever key is used for this connection, avoiding issues + * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See + * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 + * for the same issue in MIT, and + * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx + * for Microsoft's explaination */ - ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0, - data, datalen, &cksum); - krb5_crypto_destroy(context, crypto); - if (ret) - return ret; + if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) { + ret = HMAC_MD5_any_checksum(context, key, data, datalen, + KRB5_KU_OTHER_CKSUM, &cksum); + } else { + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0, + data, datalen, &cksum); + krb5_crypto_destroy(context, crypto); + if (ret) + return ret; + } if (cksum.checksum.length != siglen) { - krb5_set_error_string(context, "pac checksum wrong length"); + krb5_set_error_message(context, EINVAL, "pac checksum wrong length"); free_Checksum(&cksum); return EINVAL; } @@ -528,10 +603,8 @@ verify_logonname(krb5_context context, sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, logon_name->buffersize); - if (sp == NULL) { - krb5_set_error_string(context, "Out of memory"); - return ENOMEM; - } + if (sp == NULL) + return krb5_enomem(context); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -544,79 +617,74 @@ verify_logonname(krb5_context context, t2 = ((uint64_t)time2 << 32) | time1; if (t1 != t2) { krb5_storage_free(sp); - krb5_set_error_string(context, "PAC timestamp mismatch"); + krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch"); return EINVAL; } } CHECK(ret, krb5_ret_uint16(sp, &len), out); if (len == 0) { krb5_storage_free(sp); - krb5_set_error_string(context, "PAC logon name length missing"); + krb5_set_error_message(context, EINVAL, "PAC logon name length missing"); return EINVAL; } s = malloc(len); if (s == NULL) { krb5_storage_free(sp); - krb5_set_error_string(context, "Out of memory"); - return ENOMEM; + return krb5_enomem(context); } ret = krb5_storage_read(sp, s, len); if (ret != len) { krb5_storage_free(sp); - krb5_set_error_string(context, "Failed to read pac logon name"); + krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name"); return EINVAL; } krb5_storage_free(sp); -#if 1 /* cheat for now */ - { - size_t i; - - if (len & 1) { - krb5_set_error_string(context, "PAC logon name malformed"); - return EINVAL; - } - - for (i = 0; i < len / 2; i++) { - if (s[(i * 2) + 1]) { - krb5_set_error_string(context, "PAC logon name not ASCII"); - return EINVAL; - } - s[i] = s[i * 2]; - } - s[i] = '\0'; - } -#else { + size_t ucs2len = len / 2; uint16_t *ucs2; - ssize_t ucs2len; size_t u8len; + unsigned int flags = WIND_RW_LE; - ucs2 = malloc(sizeof(ucs2[0]) * len / 2); - if (ucs2) - abort(); - ucs2len = wind_ucs2read(s, len / 2, ucs2); + ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); + if (ucs2 == NULL) + return krb5_enomem(context); + + ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); free(s); - if (len < 0) - return -1; - ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len); - if (ret < 0) - abort(); - s = malloc(u8len + 1); - if (s == NULL) - abort(); - wind_ucs2toutf8(ucs2, ucs2len, s, &u8len); + if (ret) { + free(ucs2); + krb5_set_error_message(context, ret, "Failed to convert string to UCS-2"); + return ret; + } + ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len); + if (ret) { + free(ucs2); + krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string"); + return ret; + } + u8len += 1; /* Add space for NUL */ + s = malloc(u8len); + if (s == NULL) { + free(ucs2); + return krb5_enomem(context); + } + ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); free(ucs2); + if (ret) { + free(s); + krb5_set_error_message(context, ret, "Failed to convert to UTF-8"); + return ret; + } } -#endif ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); free(s); if (ret) return ret; - + if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { - krb5_set_error_string(context, "PAC logon name mismatch"); ret = EINVAL; + krb5_set_error_message(context, ret, "PAC logon name mismatch"); } krb5_free_principal(context, p2); return ret; @@ -629,9 +697,9 @@ out: */ static krb5_error_code -build_logon_name(krb5_context context, +build_logon_name(krb5_context context, time_t authtime, - krb5_const_principal principal, + krb5_const_principal principal, krb5_data *logon) { krb5_error_code ret; @@ -645,10 +713,9 @@ build_logon_name(krb5_context context, krb5_data_zero(logon); sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (sp == NULL) + return krb5_enomem(context); + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out); @@ -660,13 +727,13 @@ build_logon_name(krb5_context context, goto out; len = strlen(s); - + CHECK(ret, krb5_store_uint16(sp, len * 2), out); #if 1 /* cheat for now */ s2 = malloc(len * 2); if (s2 == NULL) { - ret = ENOMEM; + ret = krb5_enomem(context); free(s); goto out; } @@ -681,8 +748,8 @@ build_logon_name(krb5_context context, ret = krb5_storage_write(sp, s2, len * 2); free(s2); - if (ret != len * 2) { - ret = ENOMEM; + if (ret != (int)(len * 2)) { + ret = krb5_enomem(context); goto out; } ret = krb5_storage_to_data(sp, logon); @@ -697,12 +764,24 @@ out: } -/* +/** + * Verify the PAC. * + * @param context Kerberos 5 context. + * @param pac the pac structure returned by krb5_pac_parse(). + * @param authtime The time of the ticket the PAC belongs to. + * @param principal the principal to verify. + * @param server The service key, most always be given. + * @param privsvr The KDC key, may be given. + + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_pac */ -krb5_error_code -krb5_pac_verify(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pac_verify(krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, @@ -712,19 +791,19 @@ krb5_pac_verify(krb5_context context, krb5_error_code ret; if (pac->server_checksum == NULL) { - krb5_set_error_string(context, "PAC missing server checksum"); + krb5_set_error_message(context, EINVAL, "PAC missing server checksum"); return EINVAL; } if (pac->privsvr_checksum == NULL) { - krb5_set_error_string(context, "PAC missing kdc checksum"); + krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum"); return EINVAL; } if (pac->logon_name == NULL) { - krb5_set_error_string(context, "PAC missing logon name"); + krb5_set_error_message(context, EINVAL, "PAC missing logon name"); return EINVAL; } - ret = verify_logonname(context, + ret = verify_logonname(context, pac->logon_name, &pac->data, authtime, @@ -732,7 +811,7 @@ krb5_pac_verify(krb5_context context, if (ret) return ret; - /* + /* * in the service case, clean out data option of the privsvr and * server checksum before checking the checksum. */ @@ -767,6 +846,7 @@ krb5_pac_verify(krb5_context context, return ret; } if (privsvr) { + /* The priv checksum covers the server checksum */ ret = verify_checksum(context, pac->privsvr_checksum, &pac->data, @@ -796,17 +876,16 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len) if (l > sizeof(zeros)) l = sizeof(zeros); sret = krb5_storage_write(sp, zeros, l); - if (sret <= 0) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (sret <= 0) + return krb5_enomem(context); + len -= sret; } return 0; } static krb5_error_code -pac_checksum(krb5_context context, +pac_checksum(krb5_context context, const krb5_keyblock *key, uint32_t *cksumtype, size_t *cksumsize) @@ -820,19 +899,19 @@ pac_checksum(krb5_context context, return ret; ret = krb5_crypto_get_checksum_type(context, crypto, &cktype); - ret = krb5_crypto_destroy(context, crypto); + krb5_crypto_destroy(context, crypto); if (ret) return ret; if (krb5_checksum_is_keyed(context, cktype) == FALSE) { - krb5_set_error_string(context, "PAC checksum type is not keyed"); - return EINVAL; + *cksumtype = CKSUMTYPE_HMAC_MD5; + *cksumsize = 16; } ret = krb5_checksumsize(context, cktype, cksumsize); if (ret) return ret; - + *cksumtype = (uint32_t)cktype; return 0; @@ -853,7 +932,8 @@ _krb5_pac_sign(krb5_context context, size_t server_size, priv_size; uint32_t server_offset = 0, priv_offset = 0; uint32_t server_cksumtype = 0, priv_cksumtype = 0; - int i, num = 0; + int num = 0; + size_t i; krb5_data logon, d; krb5_data_zero(&logon); @@ -869,10 +949,9 @@ _krb5_pac_sign(krb5_context context, void *ptr; ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); - if (ptr == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (ptr == NULL) + return krb5_enomem(context); + p->pac = ptr; if (p->logon_name == NULL) { @@ -907,17 +986,15 @@ _krb5_pac_sign(krb5_context context, /* Encode PAC */ sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } + if (sp == NULL) + return krb5_enomem(context); + krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); spdata = krb5_storage_emem(); if (spdata == NULL) { krb5_storage_free(sp); - krb5_set_error_string(context, "out of memory"); - return ENOMEM; + return krb5_enomem(context); } krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); @@ -955,8 +1032,7 @@ _krb5_pac_sign(krb5_context context, sret = krb5_storage_write(spdata, ptr, len); if (sret != len) { - krb5_set_error_string(context, "out of memory"); - ret = ENOMEM; + ret = krb5_enomem(context); goto out; } /* XXX if not aligned, fill_zeros */ @@ -974,7 +1050,7 @@ _krb5_pac_sign(krb5_context context, end += len; e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; - if (end != e) { + if ((int32_t)end != e) { CHECK(ret, fill_zeros(context, spdata, e - end), out); } end = e; @@ -987,35 +1063,32 @@ _krb5_pac_sign(krb5_context context, /* export PAC */ ret = krb5_storage_to_data(spdata, &d); if (ret) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } ret = krb5_storage_write(sp, d.data, d.length); - if (ret != d.length) { + if (ret != (int)d.length) { krb5_data_free(&d); - krb5_set_error_string(context, "out of memory"); - ret = ENOMEM; + ret = krb5_enomem(context); goto out; } krb5_data_free(&d); ret = krb5_storage_to_data(sp, &d); if (ret) { - krb5_set_error_string(context, "out of memory"); + ret = krb5_enomem(context); goto out; } /* sign */ - - ret = create_checksum(context, server_key, + ret = create_checksum(context, server_key, server_cksumtype, d.data, d.length, (char *)d.data + server_offset, server_size); if (ret) { krb5_data_free(&d); goto out; } - - ret = create_checksum(context, priv_key, + ret = create_checksum(context, priv_key, priv_cksumtype, (char *)d.data + server_offset, server_size, (char *)d.data + priv_offset, priv_size); if (ret) { diff --git a/crypto/heimdal/lib/krb5/padata.c b/crypto/heimdal/lib/krb5/padata.c index b2b70f52e78..babe22cb387 100644 --- a/crypto/heimdal/lib/krb5/padata.c +++ b/crypto/heimdal/lib/krb5/padata.c @@ -1,50 +1,48 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: padata.c 15469 2005-06-17 04:28:35Z lha $"); - -PA_DATA * +KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) { - for(; *idx < len; (*idx)++) - if(val[*idx].padata_type == type) + for(; *idx < (int)len; (*idx)++) + if(val[*idx].padata_type == (unsigned)type) return val + *idx; - return NULL; + return NULL; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_padata_add(krb5_context context, METHOD_DATA *md, int type, void *buf, size_t len) { @@ -52,7 +50,8 @@ krb5_padata_add(krb5_context context, METHOD_DATA *md, pa = realloc (md->val, (md->len + 1) * sizeof(*md->val)); if (pa == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } md->val = pa; @@ -60,7 +59,7 @@ krb5_padata_add(krb5_context context, METHOD_DATA *md, pa[md->len].padata_type = type; pa[md->len].padata_value.length = len; pa[md->len].padata_value.data = buf; - md->len++; + md->len++; return 0; } diff --git a/crypto/heimdal/lib/krb5/parse-name-test.c b/crypto/heimdal/lib/krb5/parse-name-test.c index 7e607053890..bb2fc024e61 100644 --- a/crypto/heimdal/lib/krb5/parse-name-test.c +++ b/crypto/heimdal/lib/krb5/parse-name-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: parse-name-test.c 16342 2005-12-02 14:14:43Z lha $"); - enum { MAX_COMPONENTS = 3 }; static struct testcase { @@ -63,7 +61,7 @@ static struct testcase { {"a/b/c", "a/b/c@", "", 3, {"a", "b", "c"}, FALSE}, {NULL, NULL, "", 0, { NULL }, FALSE}}; -int KRB5_LIB_FUNCTION +int main(int argc, char **argv) { struct testcase *t; diff --git a/crypto/heimdal/lib/krb5/pcache.c b/crypto/heimdal/lib/krb5/pcache.c new file mode 100644 index 00000000000..23d5389a607 --- /dev/null +++ b/crypto/heimdal/lib/krb5/pcache.c @@ -0,0 +1,66 @@ +/*********************************************************************** + * Copyright (c) 2010, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +#include "krb5_locl.h" +#include "ccache_plugin.h" +#ifdef HAVE_DLFCN_H +#include +#endif +#include + +krb5_error_code +_krb5_load_ccache_plugins(krb5_context context) +{ + struct krb5_plugin * plist = NULL; + struct krb5_plugin *p; + krb5_error_code code; + + code = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, KRB5_PLUGIN_CCACHE, + &plist); + if (code) + return code; + + for (p = plist; p != NULL; p = _krb5_plugin_get_next(p)) { + krb5_cc_ops * ccops; + krb5_error_code c_load; + + ccops = _krb5_plugin_get_symbol(p); + if (ccops != NULL && ccops->version == KRB5_CC_OPS_VERSION) { + c_load = krb5_cc_register(context, ccops, TRUE); + if (c_load != 0) + code = c_load; + } + } + + _krb5_plugin_free(plist); + + return code; +} diff --git a/crypto/heimdal/lib/krb5/pkinit.c b/crypto/heimdal/lib/krb5/pkinit.c index a0b6a4e0793..1103a17807b 100644 --- a/crypto/heimdal/lib/krb5/pkinit.c +++ b/crypto/heimdal/lib/krb5/pkinit.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 22433 2008-01-13 14:11:46Z lha $"); - struct krb5_dh_moduli { char *name; unsigned long bits; @@ -45,8 +45,6 @@ struct krb5_dh_moduli { #ifdef PKINIT -#include -#include #include #include #include @@ -56,53 +54,44 @@ struct krb5_dh_moduli { #include -#include - -enum { - COMPAT_WIN2K = 1, - COMPAT_IETF = 2 -}; - -struct krb5_pk_identity { - hx509_context hx509ctx; - hx509_verify_ctx verify_ctx; - hx509_certs certs; - hx509_certs anchors; - hx509_certs certpool; - hx509_revoke_ctx revokectx; -}; - struct krb5_pk_cert { hx509_cert cert; }; struct krb5_pk_init_ctx_data { struct krb5_pk_identity *id; - DH *dh; + enum { USE_RSA, USE_DH, USE_ECDH } keyex; + union { + DH *dh; +#ifdef HAVE_OPENSSL + EC_KEY *eckey; +#endif + } u; krb5_data *clientDHNonce; struct krb5_dh_moduli **m; hx509_peer_info peer; - int type; + enum krb5_pk_type type; unsigned int require_binding:1; unsigned int require_eku:1; unsigned int require_krbtgt_otherName:1; unsigned int require_hostname_match:1; unsigned int trustedCertifiers:1; + unsigned int anonymous:1; }; static void -_krb5_pk_copy_error(krb5_context context, - hx509_context hx509ctx, - int hxret, - const char *fmt, - ...) +pk_copy_error(krb5_context context, + hx509_context hx509ctx, + int hxret, + const char *fmt, + ...) __attribute__ ((format (printf, 4, 5))); /* * */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_pk_cert_free(struct krb5_pk_cert *cert) { if (cert->cert) { @@ -117,7 +106,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); if (integer->data == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } BN_bn2bin(bn, integer->data); @@ -132,60 +121,136 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, ENOMEM, + N_("PKINIT: parsing BN failed %s", ""), field); return NULL; } BN_set_negative(bn, f->negative); return bn; } +static krb5_error_code +select_dh_group(krb5_context context, DH *dh, unsigned long bits, + struct krb5_dh_moduli **moduli) +{ + const struct krb5_dh_moduli *m; + + if (bits == 0) { + m = moduli[1]; /* XXX */ + if (m == NULL) + m = moduli[0]; /* XXX */ + } else { + int i; + for (i = 0; moduli[i] != NULL; i++) { + if (bits < moduli[i]->bits) + break; + } + if (moduli[i] == NULL) { + krb5_set_error_message(context, EINVAL, + N_("Did not find a DH group parameter " + "matching requirement of %lu bits", ""), + bits); + return EINVAL; + } + m = moduli[i]; + } + + dh->p = integer_to_BN(context, "p", &m->p); + if (dh->p == NULL) + return ENOMEM; + dh->g = integer_to_BN(context, "g", &m->g); + if (dh->g == NULL) + return ENOMEM; + dh->q = integer_to_BN(context, "q", &m->q); + if (dh->q == NULL) + return ENOMEM; + + return 0; +} + +struct certfind { + const char *type; + const heim_oid *oid; +}; + +/* + * Try searchin the key by to use by first looking for for PK-INIT + * EKU, then the Microsoft smart card EKU and last, no special EKU at all. + */ static krb5_error_code -_krb5_pk_create_sign(krb5_context context, - const heim_oid *eContentType, - krb5_data *eContent, - struct krb5_pk_identity *id, - hx509_peer_info peer, - krb5_data *sd_data) +find_cert(krb5_context context, struct krb5_pk_identity *id, + hx509_query *q, hx509_cert *cert) { - hx509_cert cert; - hx509_query *q; - int ret; + struct certfind cf[4] = { + { "MobileMe EKU" }, + { "PKINIT EKU" }, + { "MS EKU" }, + { "any (or no)" } + }; + int ret = HX509_CERT_NOT_FOUND; + size_t i, start = 1; + unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 }; + const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids }; - ret = hx509_query_alloc(id->hx509ctx, &q); - if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Allocate query to find signing certificate"); - return ret; + + if (id->flags & PKINIT_BTMM) + start = 0; + + cf[0].oid = &mobileMe; + cf[1].oid = &asn1_oid_id_pkekuoid; + cf[2].oid = &asn1_oid_id_pkinit_ms_eku; + cf[3].oid = NULL; + + for (i = start; i < sizeof(cf)/sizeof(cf[0]); i++) { + ret = hx509_query_match_eku(q, cf[i].oid); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Failed setting %s OID", cf[i].type); + return ret; + } + + ret = hx509_certs_find(context->hx509ctx, id->certs, q, cert); + if (ret == 0) + break; + pk_copy_error(context, context->hx509ctx, ret, + "Failed finding certificate with %s OID", cf[i].type); } + return ret; +} - hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); - hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); - ret = hx509_certs_find(id->hx509ctx, id->certs, q, &cert); - hx509_query_free(id->hx509ctx, q); - if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Find certificate to signed CMS data"); - return ret; - } +static krb5_error_code +create_signature(krb5_context context, + const heim_oid *eContentType, + krb5_data *eContent, + struct krb5_pk_identity *id, + hx509_peer_info peer, + krb5_data *sd_data) +{ + int ret, flags = 0; - ret = hx509_cms_create_signed_1(id->hx509ctx, - 0, + if (id->cert == NULL) + flags |= HX509_CMS_SIGNATURE_NO_SIGNER; + + ret = hx509_cms_create_signed_1(context->hx509ctx, + flags, eContentType, eContent->data, eContent->length, NULL, - cert, + id->cert, peer, NULL, id->certs, sd_data); - if (ret) - _krb5_pk_copy_error(context, id->hx509ctx, ret, "create CMS signedData"); - hx509_cert_free(cert); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Create CMS signedData"); + return ret; + } - return ret; + return 0; } static int @@ -197,6 +262,9 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) void *p; int ret; + if (ids->len > 10) + return 0; + memset(&id, 0, sizeof(id)); ret = hx509_cert_get_subject(c, &subject); @@ -211,7 +279,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) free_ExternalPrincipalIdentifier(&id); return ENOMEM; } - + ret = hx509_name_binary(subject, id.subjectName); if (ret) { hx509_name_free(&subject); @@ -231,8 +299,8 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) { IssuerAndSerialNumber iasn; hx509_name issuer; - size_t size; - + size_t size = 0; + memset(&iasn, 0, sizeof(iasn)); ret = hx509_cert_get_issuer(c, &issuer); @@ -247,7 +315,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) free_ExternalPrincipalIdentifier(&id); return ret; } - + ret = hx509_cert_get_serialnumber(c, &iasn.serialNumber); if (ret) { free_IssuerAndSerialNumber(&iasn); @@ -256,7 +324,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) } ASN1_MALLOC_ENCODE(IssuerAndSerialNumber, - id.issuerAndSerialNumber->data, + id.issuerAndSerialNumber->data, id.issuerAndSerialNumber->length, &iasn, &size, ret); free_IssuerAndSerialNumber(&iasn); @@ -268,7 +336,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) id.subjectKeyIdentifier = NULL; - p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); + p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); if (p == NULL) { free_ExternalPrincipalIdentifier(&id); return ENOMEM; @@ -287,25 +355,24 @@ build_edi(krb5_context context, hx509_certs certs, ExternalPrincipalIdentifiers *ids) { - return hx509_certs_iter(hx509ctx, certs, cert2epi, ids); + return hx509_certs_iter_f(hx509ctx, certs, cert2epi, ids); } static krb5_error_code build_auth_pack(krb5_context context, unsigned nonce, krb5_pk_init_ctx ctx, - DH *dh, const KDC_REQ_BODY *body, AuthPack *a) { - size_t buf_size, len; + size_t buf_size, len = 0; krb5_error_code ret; void *buf; krb5_timestamp sec; int32_t usec; Checksum checksum; - krb5_clear_error_string(context); + krb5_clear_error_message(context); memset(&checksum, 0, sizeof(checksum)); @@ -327,12 +394,13 @@ build_auth_pack(krb5_context context, len, &checksum); free(buf); - if (ret) + if (ret) return ret; ALLOC(a->pkAuthenticator.paChecksum, 1); if (a->pkAuthenticator.paChecksum == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -342,25 +410,62 @@ build_auth_pack(krb5_context context, if (ret) return ret; - if (dh) { - DomainParameters dp; - heim_integer dh_pub_key; + if (ctx->keyex == USE_DH || ctx->keyex == USE_ECDH) { + const char *moduli_file; + unsigned long dh_min_bits; krb5_data dhbuf; - size_t size; + size_t size = 0; + + krb5_data_zero(&dhbuf); + + + + moduli_file = krb5_config_get_string(context, NULL, + "libdefaults", + "moduli", + NULL); + + dh_min_bits = + krb5_config_get_int_default(context, NULL, 0, + "libdefaults", + "pkinit_dh_min_bits", + NULL); + + ret = _krb5_parse_moduli(context, moduli_file, &ctx->m); + if (ret) + return ret; + + ctx->u.dh = DH_new(); + if (ctx->u.dh == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + ret = select_dh_group(context, ctx->u.dh, dh_min_bits, ctx->m); + if (ret) + return ret; + + if (DH_generate_key(ctx->u.dh) != 1) { + krb5_set_error_message(context, ENOMEM, + N_("pkinit: failed to generate DH key", "")); + return ENOMEM; + } + if (1 /* support_cached_dh */) { ALLOC(a->clientDHNonce, 1); if (a->clientDHNonce == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } ret = krb5_data_alloc(a->clientDHNonce, 40); if (a->clientDHNonce == NULL) { - krb5_clear_error_string(context); - return ENOMEM; + krb5_clear_error_message(context); + return ret; } - memset(a->clientDHNonce->data, 0, a->clientDHNonce->length); - ret = krb5_copy_data(context, a->clientDHNonce, + RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length); + ret = krb5_copy_data(context, a->clientDHNonce, &ctx->clientDHNonce); if (ret) return ret; @@ -369,60 +474,131 @@ build_auth_pack(krb5_context context, ALLOC(a->clientPublicValue, 1); if (a->clientPublicValue == NULL) return ENOMEM; - ret = der_copy_oid(oid_id_dhpublicnumber(), - &a->clientPublicValue->algorithm.algorithm); - if (ret) - return ret; - - memset(&dp, 0, sizeof(dp)); - ret = BN_to_integer(context, dh->p, &dp.p); - if (ret) { + if (ctx->keyex == USE_DH) { + DH *dh = ctx->u.dh; + DomainParameters dp; + heim_integer dh_pub_key; + + ret = der_copy_oid(&asn1_oid_id_dhpublicnumber, + &a->clientPublicValue->algorithm.algorithm); + if (ret) + return ret; + + memset(&dp, 0, sizeof(dp)); + + ret = BN_to_integer(context, dh->p, &dp.p); + if (ret) { + free_DomainParameters(&dp); + return ret; + } + ret = BN_to_integer(context, dh->g, &dp.g); + if (ret) { + free_DomainParameters(&dp); + return ret; + } + ret = BN_to_integer(context, dh->q, &dp.q); + if (ret) { + free_DomainParameters(&dp); + return ret; + } + dp.j = NULL; + dp.validationParms = NULL; + + a->clientPublicValue->algorithm.parameters = + malloc(sizeof(*a->clientPublicValue->algorithm.parameters)); + if (a->clientPublicValue->algorithm.parameters == NULL) { + free_DomainParameters(&dp); + return ret; + } + + ASN1_MALLOC_ENCODE(DomainParameters, + a->clientPublicValue->algorithm.parameters->data, + a->clientPublicValue->algorithm.parameters->length, + &dp, &size, ret); free_DomainParameters(&dp); - return ret; - } - ret = BN_to_integer(context, dh->g, &dp.g); - if (ret) { - free_DomainParameters(&dp); - return ret; - } - ret = BN_to_integer(context, dh->q, &dp.q); - if (ret) { - free_DomainParameters(&dp); - return ret; - } - dp.j = NULL; - dp.validationParms = NULL; + if (ret) + return ret; + if (size != a->clientPublicValue->algorithm.parameters->length) + krb5_abortx(context, "Internal ASN1 encoder error"); - a->clientPublicValue->algorithm.parameters = - malloc(sizeof(*a->clientPublicValue->algorithm.parameters)); - if (a->clientPublicValue->algorithm.parameters == NULL) { - free_DomainParameters(&dp); - return ret; - } + ret = BN_to_integer(context, dh->pub_key, &dh_pub_key); + if (ret) + return ret; - ASN1_MALLOC_ENCODE(DomainParameters, - a->clientPublicValue->algorithm.parameters->data, - a->clientPublicValue->algorithm.parameters->length, - &dp, &size, ret); - free_DomainParameters(&dp); - if (ret) - return ret; - if (size != a->clientPublicValue->algorithm.parameters->length) - krb5_abortx(context, "Internal ASN1 encoder error"); + ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length, + &dh_pub_key, &size, ret); + der_free_heim_integer(&dh_pub_key); + if (ret) + return ret; + if (size != dhbuf.length) + krb5_abortx(context, "asn1 internal error"); + } else if (ctx->keyex == USE_ECDH) { +#ifdef HAVE_OPENSSL + ECParameters ecp; + unsigned char *p; + int xlen; - ret = BN_to_integer(context, dh->pub_key, &dh_pub_key); - if (ret) - return ret; + /* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */ - ASN1_MALLOC_ENCODE(DHPublicKey, dhbuf.data, dhbuf.length, - &dh_pub_key, &size, ret); - der_free_heim_integer(&dh_pub_key); - if (ret) - return ret; - if (size != dhbuf.length) - krb5_abortx(context, "asn1 internal error"); + ecp.element = choice_ECParameters_namedCurve; + ret = der_copy_oid(&asn1_oid_id_ec_group_secp256r1, + &ecp.u.namedCurve); + if (ret) + return ret; + ALLOC(a->clientPublicValue->algorithm.parameters, 1); + if (a->clientPublicValue->algorithm.parameters == NULL) { + free_ECParameters(&ecp); + return ENOMEM; + } + ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret); + free_ECParameters(&ecp); + if (ret) + return ret; + if ((int)size != xlen) + krb5_abortx(context, "asn1 internal error"); + + a->clientPublicValue->algorithm.parameters->data = p; + a->clientPublicValue->algorithm.parameters->length = size; + + /* copy in public key */ + + ret = der_copy_oid(&asn1_oid_id_ecPublicKey, + &a->clientPublicValue->algorithm.algorithm); + if (ret) + return ret; + + ctx->u.eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (ctx->u.eckey == NULL) + return ENOMEM; + + ret = EC_KEY_generate_key(ctx->u.eckey); + if (ret != 1) + return EINVAL; + + /* encode onto dhkey */ + + xlen = i2o_ECPublicKey(ctx->u.eckey, NULL); + if (xlen <= 0) + abort(); + + dhbuf.data = malloc(xlen); + if (dhbuf.data == NULL) + abort(); + dhbuf.length = xlen; + p = dhbuf.data; + + xlen = i2o_ECPublicKey(ctx->u.eckey, &p); + if (xlen <= 0) + abort(); + + /* XXX verify that this is right with RFC3279 */ +#else + return EINVAL; +#endif + } else + krb5_abortx(context, "internal error"); a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8; a->clientPublicValue->subjectPublicKey.data = dhbuf.data; } @@ -432,7 +608,8 @@ build_auth_pack(krb5_context context, if (a->supportedCMSTypes == NULL) return ENOMEM; - ret = hx509_crypto_available(ctx->id->hx509ctx, HX509_SELECT_ALL, NULL, + ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, + ctx->id->cert, &a->supportedCMSTypes->val, &a->supportedCMSTypes->len); if (ret) @@ -442,9 +619,9 @@ build_auth_pack(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_ContentInfo(krb5_context context, - const krb5_data *buf, + const krb5_data *buf, const heim_oid *oid, struct ContentInfo *content_info) { @@ -473,16 +650,16 @@ pk_mk_padata(krb5_context context, { struct ContentInfo content_info; krb5_error_code ret; - const heim_oid *oid; - size_t size; + const heim_oid *oid = NULL; + size_t size = 0; krb5_data buf, sd_buf; - int pa_type; + int pa_type = -1; krb5_data_zero(&buf); krb5_data_zero(&sd_buf); memset(&content_info, 0, sizeof(content_info)); - if (ctx->type == COMPAT_WIN2K) { + if (ctx->type == PKINIT_WIN2K) { AuthPack_Win2k ap; krb5_timestamp sec; int32_t usec; @@ -493,13 +670,13 @@ pk_mk_padata(krb5_context context, ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName); if (ret) { free_AuthPack_Win2k(&ap); - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm); if (ret) { free_AuthPack_Win2k(&ap); - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -512,19 +689,21 @@ pk_mk_padata(krb5_context context, &ap, &size, ret); free_AuthPack_Win2k(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack_Win2k: %d", ret); + krb5_set_error_message(context, ret, + N_("Failed encoding AuthPackWin: %d", ""), + (int)ret); goto out; } if (buf.length != size) krb5_abortx(context, "internal ASN1 encoder error"); - oid = oid_id_pkcs7_data(); - } else if (ctx->type == COMPAT_IETF) { + oid = &asn1_oid_id_pkcs7_data; + } else if (ctx->type == PKINIT_27) { AuthPack ap; - + memset(&ap, 0, sizeof(ap)); - ret = build_auth_pack(context, nonce, ctx, ctx->dh, req_body, &ap); + ret = build_auth_pack(context, nonce, ctx, req_body, &ap); if (ret) { free_AuthPack(&ap); goto out; @@ -533,35 +712,33 @@ pk_mk_padata(krb5_context context, ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); free_AuthPack(&ap); if (ret) { - krb5_set_error_string(context, "AuthPack: %d", ret); + krb5_set_error_message(context, ret, + N_("Failed encoding AuthPack: %d", ""), + (int)ret); goto out; } if (buf.length != size) krb5_abortx(context, "internal ASN1 encoder error"); - oid = oid_id_pkauthdata(); + oid = &asn1_oid_id_pkauthdata; } else krb5_abortx(context, "internal pkinit error"); - ret = _krb5_pk_create_sign(context, - oid, - &buf, - ctx->id, - ctx->peer, - &sd_buf); + ret = create_signature(context, oid, &buf, ctx->id, + ctx->peer, &sd_buf); krb5_data_free(&buf); if (ret) goto out; - ret = hx509_cms_wrap_ContentInfo(oid_id_pkcs7_signedData(), &sd_buf, &buf); + ret = hx509_cms_wrap_ContentInfo(&asn1_oid_id_pkcs7_signedData, &sd_buf, &buf); krb5_data_free(&sd_buf); if (ret) { - krb5_set_error_string(context, - "ContentInfo wrapping of signedData failed"); + krb5_set_error_message(context, ret, + N_("ContentInfo wrapping of signedData failed","")); goto out; } - if (ctx->type == COMPAT_WIN2K) { + if (ctx->type == PKINIT_WIN2K) { PA_PK_AS_REQ_Win2k winreq; pa_type = KRB5_PADATA_PK_AS_REQ_WIN; @@ -574,26 +751,30 @@ pk_mk_padata(krb5_context context, &winreq, &size, ret); free_PA_PK_AS_REQ_Win2k(&winreq); - } else if (ctx->type == COMPAT_IETF) { + } else if (ctx->type == PKINIT_27) { PA_PK_AS_REQ req; pa_type = KRB5_PADATA_PK_AS_REQ; memset(&req, 0, sizeof(req)); - req.signedAuthPack = buf; + req.signedAuthPack = buf; if (ctx->trustedCertifiers) { req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); if (req.trustedCertifiers == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); free_PA_PK_AS_REQ(&req); goto out; } - ret = build_edi(context, ctx->id->hx509ctx, + ret = build_edi(context, context->hx509ctx, ctx->id->anchors, req.trustedCertifiers); if (ret) { - krb5_set_error_string(context, "pk-init: failed to build trustedCertifiers"); + krb5_set_error_message(context, ret, + N_("pk-init: failed to build " + "trustedCertifiers", "")); free_PA_PK_AS_REQ(&req); goto out; } @@ -608,7 +789,7 @@ pk_mk_padata(krb5_context context, } else krb5_abortx(context, "internal pkinit error"); if (ret) { - krb5_set_error_string(context, "PA-PK-AS-REQ %d", ret); + krb5_set_error_message(context, ret, "PA-PK-AS-REQ %d", (int)ret); goto out; } if (buf.length != size) @@ -618,19 +799,21 @@ pk_mk_padata(krb5_context context, if (ret) free(buf.data); - if (ret == 0 && ctx->type == COMPAT_WIN2K) - krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); + if (ret == 0) + krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); -out: + out: free_ContentInfo(&content_info); return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_mk_padata(krb5_context context, void *c, + int ic_flags, + int win2k, const KDC_REQ_BODY *req_body, unsigned nonce, METHOD_DATA *md) @@ -638,33 +821,44 @@ _krb5_pk_mk_padata(krb5_context context, krb5_pk_init_ctx ctx = c; int win2k_compat; + if (ctx->id->certs == NULL && ctx->anonymous == 0) { + krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY, + N_("PKINIT: No user certificate given", "")); + return HEIM_PKINIT_NO_PRIVATE_KEY; + } + win2k_compat = krb5_config_get_bool_default(context, NULL, - FALSE, + win2k, "realms", req_body->realm, "pkinit_win2k", NULL); if (win2k_compat) { - ctx->require_binding = + ctx->require_binding = krb5_config_get_bool_default(context, NULL, - FALSE, + TRUE, "realms", req_body->realm, "pkinit_win2k_require_binding", NULL); - ctx->type = COMPAT_WIN2K; + ctx->type = PKINIT_WIN2K; } else - ctx->type = COMPAT_IETF; + ctx->type = PKINIT_27; - ctx->require_eku = + ctx->require_eku = krb5_config_get_bool_default(context, NULL, TRUE, "realms", req_body->realm, "pkinit_require_eku", NULL); - ctx->require_krbtgt_otherName = + if (ic_flags & KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK) + ctx->require_eku = 0; + if (ctx->id->flags & PKINIT_BTMM) + ctx->require_eku = 0; + + ctx->require_krbtgt_otherName = krb5_config_get_bool_default(context, NULL, TRUE, "realms", @@ -672,7 +866,7 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_krbtgt_otherName", NULL); - ctx->require_hostname_match = + ctx->require_hostname_match = krb5_config_get_bool_default(context, NULL, FALSE, "realms", @@ -680,7 +874,7 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_hostname_match", NULL); - ctx->trustedCertifiers = + ctx->trustedCertifiers = krb5_config_get_bool_default(context, NULL, TRUE, "realms", @@ -691,22 +885,30 @@ _krb5_pk_mk_padata(krb5_context context, return pk_mk_padata(context, ctx, req_body, nonce, md); } -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_verify_sign(krb5_context context, - const void *data, - size_t length, - struct krb5_pk_identity *id, - heim_oid *contentType, - krb5_data *content, - struct krb5_pk_cert **signer) +static krb5_error_code +pk_verify_sign(krb5_context context, + const void *data, + size_t length, + struct krb5_pk_identity *id, + heim_oid *contentType, + krb5_data *content, + struct krb5_pk_cert **signer) { hx509_certs signer_certs; - int ret; + int ret, flags = 0; + + /* BTMM is broken in Leo and SnowLeo */ + if (id->flags & PKINIT_BTMM) { + flags |= HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; + flags |= HX509_CMS_VS_NO_KU_CHECK; + flags |= HX509_CMS_VS_NO_VALIDATE; + } *signer = NULL; - ret = hx509_cms_verify_signed(id->hx509ctx, + ret = hx509_cms_verify_signed(context->hx509ctx, id->verify_ctx, + flags, data, length, NULL, @@ -715,26 +917,26 @@ _krb5_pk_verify_sign(krb5_context context, content, &signer_certs); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "CMS verify signed failed"); + pk_copy_error(context, context->hx509ctx, ret, + "CMS verify signed failed"); return ret; } *signer = calloc(1, sizeof(**signer)); if (*signer == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } - - ret = hx509_get_one_cert(id->hx509ctx, signer_certs, &(*signer)->cert); + + ret = hx509_get_one_cert(context->hx509ctx, signer_certs, &(*signer)->cert); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to get on of the signer certs"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed to get on of the signer certs"); goto out; } -out: + out: hx509_certs_free(&signer_certs); if (ret) { if (*signer) { @@ -762,29 +964,32 @@ get_reply_key_win(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_string(context, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, + N_("PKINIT decoding reply key failed", "")); free_ReplyKeyPack_Win2k(&key_pack); return ret; } - - if (key_pack.nonce != nonce) { - krb5_set_error_string(context, "PKINIT enckey nonce is wrong"); + + if ((unsigned)key_pack.nonce != nonce) { + krb5_set_error_message(context, ret, + N_("PKINIT enckey nonce is wrong", "")); free_ReplyKeyPack_Win2k(&key_pack); return KRB5KRB_AP_ERR_MODIFIED; } *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "PKINIT failed allocating reply key"); free_ReplyKeyPack_Win2k(&key_pack); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack_Win2k(&key_pack); if (ret) { - krb5_set_error_string(context, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, + N_("PKINIT failed copying reply key", "")); free(*key); *key = NULL; } @@ -807,15 +1012,16 @@ get_reply_key(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_string(context, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, + N_("PKINIT decoding reply key failed", "")); free_ReplyKeyPack(&key_pack); return ret; } - + { krb5_crypto crypto; - /* + /* * XXX Verify kp.replyKey is a allowed enctype in the * configuration file */ @@ -838,16 +1044,17 @@ get_reply_key(krb5_context context, *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "PKINIT failed allocating reply key"); free_ReplyKeyPack(&key_pack); - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack(&key_pack); if (ret) { - krb5_set_error_string(context, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, + N_("PKINIT failed copying reply key", "")); free(*key); *key = NULL; } @@ -866,24 +1073,27 @@ pk_verify_host(krb5_context context, krb5_error_code ret = 0; if (ctx->require_eku) { - ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, - oid_id_pkkdcekuoid(), 0); + ret = hx509_cert_check_eku(context->hx509ctx, host->cert, + &asn1_oid_id_pkkdcekuoid, 0); if (ret) { - krb5_set_error_string(context, "No PK-INIT KDC EKU in kdc certificate"); + krb5_set_error_message(context, ret, + N_("No PK-INIT KDC EKU in kdc certificate", "")); return ret; } } if (ctx->require_krbtgt_otherName) { hx509_octet_string_list list; - int i; + size_t i; - ret = hx509_cert_find_subjectAltName_otherName(ctx->id->hx509ctx, + ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx, host->cert, - oid_id_pkinit_san(), + &asn1_oid_id_pkinit_san, &list); if (ret) { - krb5_set_error_string(context, "Failed to find the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, + N_("Failed to find the PK-INIT " + "subjectAltName in the KDC " + "certificate", "")); return ret; } @@ -896,8 +1106,10 @@ pk_verify_host(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, + N_("Failed to decode the PK-INIT " + "subjectAltName in the " + "KDC certificate", "")); break; } @@ -906,11 +1118,12 @@ pk_verify_host(krb5_context context, strcmp(r.principalName.name_string.val[0], KRB5_TGS_NAME) != 0 || strcmp(r.principalName.name_string.val[1], realm) != 0 || strcmp(r.realm, realm) != 0) - { - krb5_set_error_string(context, "KDC have wrong realm name in " - "the certificate"); - ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - } + { + ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; + krb5_set_error_message(context, ret, + N_("KDC have wrong realm name in " + "the certificate", "")); + } free_KRB5PrincipalName(&r); if (ret) @@ -920,17 +1133,18 @@ pk_verify_host(krb5_context context, } if (ret) return ret; - + if (hi) { - ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, + ret = hx509_verify_hostname(context->hx509ctx, host->cert, ctx->require_hostname_match, HX509_HN_HOSTNAME, hi->hostname, hi->ai->ai_addr, hi->ai->ai_addrlen); if (ret) - krb5_set_error_string(context, "Address mismatch in " - "the KDC certificate"); + krb5_set_error_message(context, ret, + N_("Address mismatch in " + "the KDC certificate", "")); } return ret; } @@ -947,81 +1161,91 @@ pk_rd_pa_reply_enckey(krb5_context context, unsigned nonce, const krb5_data *req_buffer, PA_DATA *pa, - krb5_keyblock **key) + krb5_keyblock **key) { krb5_error_code ret; struct krb5_pk_cert *host = NULL; krb5_data content; heim_oid contentType = { 0, NULL }; + int flags = HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT; - if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { - krb5_set_error_string(context, "PKINIT: Invalid content type"); + if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_envelopedData, dataType)) { + krb5_set_error_message(context, EINVAL, + N_("PKINIT: Invalid content type", "")); return EINVAL; } - ret = hx509_cms_unenvelope(ctx->id->hx509ctx, + if (ctx->type == PKINIT_WIN2K) + flags |= HX509_CMS_UE_ALLOW_WEAK; + + ret = hx509_cms_unenvelope(context->hx509ctx, ctx->id->certs, - HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT, + flags, indata->data, indata->length, NULL, + 0, &contentType, &content); if (ret) { - _krb5_pk_copy_error(context, ctx->id->hx509ctx, ret, - "Failed to unenvelope CMS data in PK-INIT reply"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed to unenvelope CMS data in PK-INIT reply"); return ret; } der_free_oid(&contentType); -#if 0 /* windows LH with interesting CMS packets, leaks memory */ - { - size_t ph = 1 + der_length_len (length); - unsigned char *ptr = malloc(length + ph); - size_t l; - - memcpy(ptr + ph, p, length); - - ret = der_put_length_and_tag (ptr + ph - 1, ph, length, - ASN1_C_UNIV, CONS, UT_Sequence, &l); - if (ret) - return ret; - ptr += ph - l; - length += l; - p = ptr; - } -#endif - /* win2k uses ContentInfo */ - if (type == COMPAT_WIN2K) { - heim_oid type; + if (type == PKINIT_WIN2K) { + heim_oid type2; heim_octet_string out; - ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); - if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { + ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); + if (ret) { + /* windows LH with interesting CMS packets */ + size_t ph = 1 + der_length_len(content.length); + unsigned char *ptr = malloc(content.length + ph); + size_t l; + + memcpy(ptr + ph, content.data, content.length); + + ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length, + ASN1_C_UNIV, CONS, UT_Sequence, &l); + if (ret) + return ret; + free(content.data); + content.data = ptr; + content.length += ph; + + ret = hx509_cms_unwrap_ContentInfo(&content, &type2, &out, NULL); + if (ret) + goto out; + } + if (der_heim_oid_cmp(&type2, &asn1_oid_id_pkcs7_signedData)) { ret = EINVAL; /* XXX */ - krb5_set_error_string(context, "PKINIT: Invalid content type"); - der_free_oid(&type); + krb5_set_error_message(context, ret, + N_("PKINIT: Invalid content type", "")); + der_free_oid(&type2); der_free_octet_string(&out); goto out; } - der_free_oid(&type); + der_free_oid(&type2); krb5_data_free(&content); ret = krb5_data_copy(&content, out.data, out.length); der_free_octet_string(&out); if (ret) { - krb5_set_error_string(context, "PKINIT: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } } - ret = _krb5_pk_verify_sign(context, - content.data, - content.length, - ctx->id, - &contentType, - &content, - &host); + ret = pk_verify_sign(context, + content.data, + content.length, + ctx->id, + &contentType, + &content, + &host); if (ret) goto out; @@ -1032,28 +1256,28 @@ pk_rd_pa_reply_enckey(krb5_context context, } #if 0 - if (type == COMPAT_WIN2K) { - if (der_heim_oid_cmp(&contentType, oid_id_pkcs7_data()) != 0) { - krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); + if (type == PKINIT_WIN2K) { + if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkcs7_data) != 0) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); goto out; } } else { - if (der_heim_oid_cmp(&contentType, oid_id_pkrkeydata()) != 0) { - krb5_set_error_string(context, "PKINIT: reply key, wrong oid"); + if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkrkeydata) != 0) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, "PKINIT: reply key, wrong oid"); goto out; } } #endif switch(type) { - case COMPAT_WIN2K: + case PKINIT_WIN2K: ret = get_reply_key(context, &content, req_buffer, key); if (ret != 0 && ctx->require_binding == 0) ret = get_reply_key_win(context, &content, nonce, key); break; - case COMPAT_IETF: + case PKINIT_27: ret = get_reply_key(context, &content, req_buffer, key); break; } @@ -1085,31 +1309,33 @@ pk_rd_pa_reply_dh(krb5_context context, PA_DATA *pa, krb5_keyblock **key) { - unsigned char *p, *dh_gen_key = NULL; + const unsigned char *p; + unsigned char *dh_gen_key = NULL; struct krb5_pk_cert *host = NULL; BIGNUM *kdc_dh_pubkey = NULL; KDCDHKeyInfo kdc_dh_info; heim_oid contentType = { 0, NULL }; krb5_data content; krb5_error_code ret; - int dh_gen_keylen; + int dh_gen_keylen = 0; size_t size; krb5_data_zero(&content); memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); - if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { - krb5_set_error_string(context, "PKINIT: Invalid content type"); + if (der_heim_oid_cmp(&asn1_oid_id_pkcs7_signedData, dataType)) { + krb5_set_error_message(context, EINVAL, + N_("PKINIT: Invalid content type", "")); return EINVAL; } - ret = _krb5_pk_verify_sign(context, - indata->data, - indata->length, - ctx->id, - &contentType, - &content, - &host); + ret = pk_verify_sign(context, + indata->data, + indata->length, + ctx->id, + &contentType, + &content, + &host); if (ret) goto out; @@ -1118,9 +1344,10 @@ pk_rd_pa_reply_dh(krb5_context context, if (ret) goto out; - if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { - krb5_set_error_string(context, "pkinit - dh reply contains wrong oid"); + if (der_heim_oid_cmp(&contentType, &asn1_oid_id_pkdhkeydata)) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_set_error_message(context, ret, + N_("pkinit - dh reply contains wrong oid", "")); goto out; } @@ -1130,35 +1357,40 @@ pk_rd_pa_reply_dh(krb5_context context, &size); if (ret) { - krb5_set_error_string(context, "pkinit - " - "failed to decode KDC DH Key Info"); + krb5_set_error_message(context, ret, + N_("pkinit - failed to decode " + "KDC DH Key Info", "")); goto out; } if (kdc_dh_info.nonce != nonce) { - krb5_set_error_string(context, "PKINIT: DH nonce is wrong"); ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_message(context, ret, + N_("PKINIT: DH nonce is wrong", "")); goto out; } if (kdc_dh_info.dhKeyExpiration) { if (k_n == NULL) { - krb5_set_error_string(context, "pkinit; got key expiration " - "without server nonce"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + N_("pkinit; got key expiration " + "without server nonce", "")); goto out; } if (c_n == NULL) { - krb5_set_error_string(context, "pkinit; got DH reuse but no " - "client nonce"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + N_("pkinit; got DH reuse but no " + "client nonce", "")); goto out; } } else { if (k_n) { - krb5_set_error_string(context, "pkinit: got server nonce " - "without key expiration"); ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + N_("pkinit: got server nonce " + "without key expiration", "")); goto out; } c_n = NULL; @@ -1168,49 +1400,110 @@ pk_rd_pa_reply_dh(krb5_context context, p = kdc_dh_info.subjectPublicKey.data; size = (kdc_dh_info.subjectPublicKey.length + 7) / 8; - { + if (ctx->keyex == USE_DH) { DHPublicKey k; ret = decode_DHPublicKey(p, size, &k, NULL); if (ret) { - krb5_set_error_string(context, "pkinit: can't decode " - "without key expiration"); + krb5_set_error_message(context, ret, + N_("pkinit: can't decode " + "without key expiration", "")); goto out; } kdc_dh_pubkey = integer_to_BN(context, "DHPublicKey", &k); free_DHPublicKey(&k); if (kdc_dh_pubkey == NULL) { - ret = KRB5KRB_ERR_GENERIC; + ret = ENOMEM; goto out; } - } - - dh_gen_keylen = DH_size(ctx->dh); - size = BN_num_bytes(ctx->dh->p); - if (size < dh_gen_keylen) - size = dh_gen_keylen; - dh_gen_key = malloc(size); - if (dh_gen_key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - memset(dh_gen_key, 0, size - dh_gen_keylen); - dh_gen_keylen = DH_compute_key(dh_gen_key + (size - dh_gen_keylen), - kdc_dh_pubkey, ctx->dh); - if (dh_gen_keylen == -1) { - krb5_set_error_string(context, - "PKINIT: Can't compute Diffie-Hellman key"); - ret = KRB5KRB_ERR_GENERIC; + size = DH_size(ctx->u.dh); + + dh_gen_key = malloc(size); + if (dh_gen_key == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; + } + + dh_gen_keylen = DH_compute_key(dh_gen_key, kdc_dh_pubkey, ctx->u.dh); + if (dh_gen_keylen == -1) { + ret = KRB5KRB_ERR_GENERIC; + dh_gen_keylen = 0; + krb5_set_error_message(context, ret, + N_("PKINIT: Can't compute Diffie-Hellman key", "")); + goto out; + } + if (dh_gen_keylen < (int)size) { + size -= dh_gen_keylen; + memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen); + memset(dh_gen_key, 0, size); + } + + } else { +#ifdef HAVE_OPENSSL + const EC_GROUP *group; + EC_KEY *public = NULL; + + group = EC_KEY_get0_group(ctx->u.eckey); + + public = EC_KEY_new(); + if (public == NULL) { + ret = ENOMEM; + goto out; + } + if (EC_KEY_set_group(public, group) != 1) { + EC_KEY_free(public); + ret = ENOMEM; + goto out; + } + + if (o2i_ECPublicKey(&public, &p, size) == NULL) { + EC_KEY_free(public); + ret = KRB5KRB_ERR_GENERIC; + krb5_set_error_message(context, ret, + N_("PKINIT: Can't parse ECDH public key", "")); + goto out; + } + + size = (EC_GROUP_get_degree(group) + 7) / 8; + dh_gen_key = malloc(size); + if (dh_gen_key == NULL) { + EC_KEY_free(public); + ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); + goto out; + } + dh_gen_keylen = ECDH_compute_key(dh_gen_key, size, + EC_KEY_get0_public_key(public), ctx->u.eckey, NULL); + EC_KEY_free(public); + if (dh_gen_keylen == -1) { + ret = KRB5KRB_ERR_GENERIC; + dh_gen_keylen = 0; + krb5_set_error_message(context, ret, + N_("PKINIT: Can't compute ECDH public key", "")); + goto out; + } +#else + ret = EINVAL; +#endif + } + + if (dh_gen_keylen <= 0) { + ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PKINIT: resulting DH key <= 0", "")); + dh_gen_keylen = 0; goto out; } *key = malloc (sizeof (**key)); if (*key == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } @@ -1220,8 +1513,8 @@ pk_rd_pa_reply_dh(krb5_context context, c_n, k_n, *key); if (ret) { - krb5_set_error_string(context, - "PKINIT: can't create key from DH key"); + krb5_set_error_message(context, ret, + N_("PKINIT: can't create key from DH key", "")); free(*key); *key = NULL; goto out; @@ -1231,7 +1524,7 @@ pk_rd_pa_reply_dh(krb5_context context, if (kdc_dh_pubkey) BN_free(kdc_dh_pubkey); if (dh_gen_key) { - memset(dh_gen_key, 0, DH_size(ctx->dh)); + memset(dh_gen_key, 0, dh_gen_keylen); free(dh_gen_key); } if (host) @@ -1244,7 +1537,7 @@ pk_rd_pa_reply_dh(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_rd_pa_reply(krb5_context context, const char *realm, void *c, @@ -1260,13 +1553,14 @@ _krb5_pk_rd_pa_reply(krb5_context context, size_t size; /* Check for IETF PK-INIT first */ - if (ctx->type == COMPAT_IETF) { + if (ctx->type == PKINIT_27) { PA_PK_AS_REP rep; heim_octet_string os, data; heim_oid oid; - + if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_string(context, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: wrong padata recv", "")); return EINVAL; } @@ -1275,28 +1569,65 @@ _krb5_pk_rd_pa_reply(krb5_context context, &rep, &size); if (ret) { - krb5_set_error_string(context, "Failed to decode pkinit AS rep"); + krb5_set_error_message(context, ret, + N_("Failed to decode pkinit AS rep", "")); return ret; } switch (rep.element) { case choice_PA_PK_AS_REP_dhInfo: + _krb5_debug(context, 5, "krb5_get_init_creds: using pkinit dh"); os = rep.u.dhInfo.dhSignedData; break; case choice_PA_PK_AS_REP_encKeyPack: + _krb5_debug(context, 5, "krb5_get_init_creds: using kinit enc reply key"); os = rep.u.encKeyPack; break; - default: + default: { + PA_PK_AS_REP_BTMM btmm; free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: -27 reply " - "invalid content type"); - return EINVAL; + memset(&rep, 0, sizeof(rep)); + + _krb5_debug(context, 5, "krb5_get_init_creds: using BTMM kinit enc reply key"); + + ret = decode_PA_PK_AS_REP_BTMM(pa->padata_value.data, + pa->padata_value.length, + &btmm, + &size); + if (ret) { + krb5_set_error_message(context, EINVAL, + N_("PKINIT: -27 reply " + "invalid content type", "")); + return EINVAL; + } + + if (btmm.dhSignedData || btmm.encKeyPack == NULL) { + free_PA_PK_AS_REP_BTMM(&btmm); + ret = EINVAL; + krb5_set_error_message(context, ret, + N_("DH mode not supported for BTMM mode", "")); + return ret; + } + + /* + * Transform to IETF style PK-INIT reply so that free works below + */ + + rep.element = choice_PA_PK_AS_REP_encKeyPack; + rep.u.encKeyPack.data = btmm.encKeyPack->data; + rep.u.encKeyPack.length = btmm.encKeyPack->length; + btmm.encKeyPack->data = NULL; + btmm.encKeyPack->length = 0; + free_PA_PK_AS_REP_BTMM(&btmm); + os = rep.u.encKeyPack; + } } ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); if (ret) { free_PA_PK_AS_REP(&rep); - krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, + N_("PKINIT: failed to unwrap CI", "")); return ret; } @@ -1308,7 +1639,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, nonce, pa, key); break; case choice_PA_PK_AS_REP_encKeyPack: - ret = pk_rd_pa_reply_enckey(context, COMPAT_IETF, &data, &oid, realm, + ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm, ctx, etype, hi, nonce, req_buffer, pa, key); break; default: @@ -1318,46 +1649,49 @@ _krb5_pk_rd_pa_reply(krb5_context context, der_free_oid(&oid); free_PA_PK_AS_REP(&rep); - } else if (ctx->type == COMPAT_WIN2K) { + } else if (ctx->type == PKINIT_WIN2K) { PA_PK_AS_REP_Win2k w2krep; - /* Check for Windows encoding of the AS-REP pa data */ + /* Check for Windows encoding of the AS-REP pa data */ #if 0 /* should this be ? */ if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_string(context, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, + "PKINIT: wrong padata recv"); return EINVAL; } #endif memset(&w2krep, 0, sizeof(w2krep)); - + ret = decode_PA_PK_AS_REP_Win2k(pa->padata_value.data, pa->padata_value.length, &w2krep, &size); if (ret) { - krb5_set_error_string(context, "PKINIT: Failed decoding windows " - "pkinit reply %d", ret); + krb5_set_error_message(context, ret, + N_("PKINIT: Failed decoding windows " + "pkinit reply %d", ""), (int)ret); return ret; } - krb5_clear_error_string(context); - + krb5_clear_error_message(context); + switch (w2krep.element) { case choice_PA_PK_AS_REP_Win2k_encKeyPack: { heim_octet_string data; heim_oid oid; - - ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, + + ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, &oid, &data, NULL); free_PA_PK_AS_REP_Win2k(&w2krep); if (ret) { - krb5_set_error_string(context, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, + N_("PKINIT: failed to unwrap CI", "")); return ret; } - ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &data, &oid, realm, + ret = pk_rd_pa_reply_enckey(context, PKINIT_WIN2K, &data, &oid, realm, ctx, etype, hi, nonce, req_buffer, pa, key); der_free_octet_string(&data); der_free_oid(&oid); @@ -1366,15 +1700,17 @@ _krb5_pk_rd_pa_reply(krb5_context context, } default: free_PA_PK_AS_REP_Win2k(&w2krep); - krb5_set_error_string(context, "PKINIT: win2k reply invalid " - "content type"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PKINIT: win2k reply invalid " + "content type", "")); break; } - + } else { - krb5_set_error_string(context, "PKINIT: unknown reply type"); ret = EINVAL; + krb5_set_error_message(context, ret, + N_("PKINIT: unknown reply type", "")); } return ret; @@ -1386,14 +1722,14 @@ struct prompter { void *prompter_data; }; -static int +static int hx_pass_prompter(void *data, const hx509_prompt *prompter) { krb5_error_code ret; krb5_prompt prompt; krb5_data password_data; struct prompter *p = data; - + password_data.data = prompter->reply.data; password_data.length = prompter->reply.length; @@ -1410,8 +1746,8 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) default: prompt.type = KRB5_PROMPT_TYPE_PASSWORD; break; - } - + } + ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); if (ret) { memset (prompter->reply.data, 0, prompter->reply.length); @@ -1420,16 +1756,80 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) return 0; } - -void KRB5_LIB_FUNCTION -_krb5_pk_allow_proxy_certificate(struct krb5_pk_identity *id, - int boolean) +static krb5_error_code +_krb5_pk_set_user_id(krb5_context context, + krb5_principal principal, + krb5_pk_init_ctx ctx, + struct hx509_certs_data *certs) { - hx509_verify_set_proxy_certificate(id->verify_ctx, boolean); + hx509_certs c = hx509_certs_ref(certs); + hx509_query *q = NULL; + int ret; + + if (ctx->id->certs) + hx509_certs_free(&ctx->id->certs); + if (ctx->id->cert) { + hx509_cert_free(ctx->id->cert); + ctx->id->cert = NULL; + } + + ctx->id->certs = c; + ctx->anonymous = 0; + + ret = hx509_query_alloc(context->hx509ctx, &q); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Allocate query to find signing certificate"); + return ret; + } + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + + if (principal && strncmp("LKDC:SHA1.", krb5_principal_get_realm(context, principal), 9) == 0) { + ctx->id->flags |= PKINIT_BTMM; + } + + ret = find_cert(context, ctx->id, q, &ctx->id->cert); + hx509_query_free(context->hx509ctx, q); + + if (ret == 0 && _krb5_have_debug(context, 2)) { + hx509_name name; + char *str, *sn; + heim_integer i; + + ret = hx509_cert_get_subject(ctx->id->cert, &name); + if (ret) + goto out; + + ret = hx509_name_to_string(name, &str); + hx509_name_free(&name); + if (ret) + goto out; + + ret = hx509_cert_get_serialnumber(ctx->id->cert, &i); + if (ret) { + free(str); + goto out; + } + + ret = der_print_hex_heim_integer(&i, &sn); + der_free_heim_integer(&i); + if (ret) { + free(name); + goto out; + } + + _krb5_debug(context, 2, "using cert: subject: %s sn: %s", str, sn); + free(str); + free(sn); + } + out: + + return ret; } - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_load_id(krb5_context context, struct krb5_pk_identity **ret_id, const char *user_id, @@ -1441,190 +1841,187 @@ _krb5_pk_load_id(krb5_context context, char *password) { struct krb5_pk_identity *id = NULL; - hx509_lock lock = NULL; struct prompter p; int ret; *ret_id = NULL; if (anchor_id == NULL) { - krb5_set_error_string(context, "PKINIT: No anchor given"); + krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA, + N_("PKINIT: No anchor given", "")); return HEIM_PKINIT_NO_VALID_CA; } - if (user_id == NULL) { - krb5_set_error_string(context, - "PKINIT: No user certificate given"); - return HEIM_PKINIT_NO_PRIVATE_KEY; - } - /* load cert */ id = calloc(1, sizeof(*id)); if (id == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; - } + } - ret = hx509_context_init(&id->hx509ctx); - if (ret) - goto out; + if (user_id) { + hx509_lock lock; - ret = hx509_lock_init(id->hx509ctx, &lock); - if (password && password[0]) - hx509_lock_add_password(lock, password); - - if (prompter) { - p.context = context; - p.prompter = prompter; - p.prompter_data = prompter_data; - - ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p); - if (ret) + ret = hx509_lock_init(context->hx509ctx, &lock); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, "Failed init lock"); goto out; + } + + if (password && password[0]) + hx509_lock_add_password(lock, password); + + if (prompter) { + p.context = context; + p.prompter = prompter; + p.prompter_data = prompter_data; + + ret = hx509_lock_set_prompter(lock, hx_pass_prompter, &p); + if (ret) { + hx509_lock_free(lock); + goto out; + } + } + + ret = hx509_certs_init(context->hx509ctx, user_id, 0, lock, &id->certs); + hx509_lock_free(lock); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Failed to init cert certs"); + goto out; + } + } else { + id->certs = NULL; } - ret = hx509_certs_init(id->hx509ctx, user_id, 0, lock, &id->certs); + ret = hx509_certs_init(context->hx509ctx, anchor_id, 0, NULL, &id->anchors); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to init cert certs"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed to init anchors"); goto out; } - ret = hx509_certs_init(id->hx509ctx, anchor_id, 0, NULL, &id->anchors); - if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to init anchors"); - goto out; - } - - ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", + ret = hx509_certs_init(context->hx509ctx, "MEMORY:pkinit-cert-chain", 0, NULL, &id->certpool); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to init chain"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed to init chain"); goto out; } while (chain_list && *chain_list) { - ret = hx509_certs_append(id->hx509ctx, id->certpool, + ret = hx509_certs_append(context->hx509ctx, id->certpool, NULL, *chain_list); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed to laod chain %s", - *chain_list); + pk_copy_error(context, context->hx509ctx, ret, + "Failed to laod chain %s", + *chain_list); goto out; } chain_list++; } if (revoke_list) { - ret = hx509_revoke_init(id->hx509ctx, &id->revokectx); + ret = hx509_revoke_init(context->hx509ctx, &id->revokectx); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed init revoke list"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed init revoke list"); goto out; } while (*revoke_list) { - ret = hx509_revoke_add_crl(id->hx509ctx, + ret = hx509_revoke_add_crl(context->hx509ctx, id->revokectx, *revoke_list); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed load revoke list"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed load revoke list"); goto out; } revoke_list++; } } else - hx509_context_set_missing_revoke(id->hx509ctx, 1); + hx509_context_set_missing_revoke(context->hx509ctx, 1); - ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); + ret = hx509_verify_init_ctx(context->hx509ctx, &id->verify_ctx); if (ret) { - _krb5_pk_copy_error(context, id->hx509ctx, ret, - "Failed init verify context"); + pk_copy_error(context, context->hx509ctx, ret, + "Failed init verify context"); goto out; } hx509_verify_attach_anchors(id->verify_ctx, id->anchors); hx509_verify_attach_revoke(id->verify_ctx, id->revokectx); -out: + out: if (ret) { hx509_verify_destroy_ctx(id->verify_ctx); hx509_certs_free(&id->certs); hx509_certs_free(&id->anchors); hx509_certs_free(&id->certpool); hx509_revoke_free(&id->revokectx); - hx509_context_free(&id->hx509ctx); free(id); } else *ret_id = id; - hx509_lock_free(lock); - return ret; } -static krb5_error_code -select_dh_group(krb5_context context, DH *dh, unsigned long bits, - struct krb5_dh_moduli **moduli) -{ - const struct krb5_dh_moduli *m; +/* + * + */ - if (bits == 0) { - m = moduli[1]; /* XXX */ - if (m == NULL) - m = moduli[0]; /* XXX */ - } else { - int i; - for (i = 0; moduli[i] != NULL; i++) { - if (bits < moduli[i]->bits) - break; - } - if (moduli[i] == NULL) { - krb5_set_error_string(context, - "Did not find a DH group parameter " - "matching requirement of %lu bits", - bits); - return EINVAL; - } - m = moduli[i]; +static void +pk_copy_error(krb5_context context, + hx509_context hx509ctx, + int hxret, + const char *fmt, + ...) +{ + va_list va; + char *s, *f; + int ret; + + va_start(va, fmt); + ret = vasprintf(&f, fmt, va); + va_end(va); + if (ret == -1 || f == NULL) { + krb5_clear_error_message(context); + return; } - dh->p = integer_to_BN(context, "p", &m->p); - if (dh->p == NULL) - return ENOMEM; - dh->g = integer_to_BN(context, "g", &m->g); - if (dh->g == NULL) - return ENOMEM; - dh->q = integer_to_BN(context, "q", &m->q); - if (dh->q == NULL) - return ENOMEM; - - return 0; + s = hx509_get_error_string(hx509ctx, hxret); + if (s == NULL) { + krb5_clear_error_message(context); + free(f); + return; + } + krb5_set_error_message(context, hxret, "%s: %s", f, s); + free(s); + free(f); } -#endif /* PKINIT */ - static int -parse_integer(krb5_context context, char **p, const char *file, int lineno, +parse_integer(krb5_context context, char **p, const char *file, int lineno, const char *name, heim_integer *integer) { int ret; char *p1; p1 = strsep(p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing %s on line %d", - file, name, lineno); + krb5_set_error_message(context, EINVAL, + N_("moduli file %s missing %s on line %d", ""), + file, name, lineno); return EINVAL; } ret = der_parse_hex_heim_integer(p1, integer); if (ret) { - krb5_set_error_string(context, "moduli file %s failed parsing %s " - "on line %d", - file, name, lineno); + krb5_set_error_message(context, ret, + N_("moduli file %s failed parsing %s " + "on line %d", ""), + file, name, lineno); return ret; } @@ -1632,7 +2029,7 @@ parse_integer(krb5_context context, char **p, const char *file, int lineno, } krb5_error_code -_krb5_parse_moduli_line(krb5_context context, +_krb5_parse_moduli_line(krb5_context context, const char *file, int lineno, char *p, @@ -1646,43 +2043,49 @@ _krb5_parse_moduli_line(krb5_context context, m1 = calloc(1, sizeof(*m1)); if (m1 == NULL) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } while (isspace((unsigned char)*p)) p++; - if (*p == '#') + if (*p == '#') { + free(m1); return 0; + } ret = EINVAL; p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing name " - "on line %d", file, lineno); + krb5_set_error_message(context, ret, + N_("moduli file %s missing name on line %d", ""), + file, lineno); goto out; } m1->name = strdup(p1); - if (p1 == NULL) { - krb5_set_error_string(context, "malloc - out of memeory"); + if (m1->name == NULL) { ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memeory", "")); goto out; } p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_string(context, "moduli file %s missing bits on line %d", - file, lineno); + krb5_set_error_message(context, ret, + N_("moduli file %s missing bits on line %d", ""), + file, lineno); goto out; } m1->bits = atoi(p1); if (m1->bits == 0) { - krb5_set_error_string(context, "moduli file %s have un-parsable " - "bits on line %d", file, lineno); + krb5_set_error_message(context, ret, + N_("moduli file %s have un-parsable " + "bits on line %d", ""), file, lineno); goto out; } - + ret = parse_integer(context, &p, file, lineno, "p", &m1->p); if (ret) goto out; @@ -1696,7 +2099,7 @@ _krb5_parse_moduli_line(krb5_context context, *m = m1; return 0; -out: + out: free(m1->name); der_free_heim_integer(&m1->p); der_free_heim_integer(&m1->g); @@ -1788,7 +2191,8 @@ _krb5_parse_moduli(krb5_context context, const char *file, m = calloc(1, sizeof(m[0]) * 3); if (m == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -1812,11 +2216,26 @@ _krb5_parse_moduli(krb5_context context, const char *file, if (file == NULL) file = MODULI_FILE; +#ifdef KRB5_USE_PATH_TOKENS + { + char * exp_file; + + if (_krb5_expand_path_tokens(context, file, &exp_file) == 0) { + f = fopen(exp_file, "r"); + krb5_xfree(exp_file); + } else { + f = NULL; + } + } +#else f = fopen(file, "r"); +#endif + if (f == NULL) { *moduli = m; return 0; } + rk_cloexec_file(f); while(fgets(buf, sizeof(buf), f) != NULL) { struct krb5_dh_moduli *element; @@ -1826,12 +2245,13 @@ _krb5_parse_moduli(krb5_context context, const char *file, m2 = realloc(m, (n + 2) * sizeof(m[0])); if (m2 == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); _krb5_free_moduli(m); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } m = m2; - + m[n] = NULL; ret = _krb5_parse_moduli_line(context, file, lineno, buf, &element); @@ -1865,23 +2285,29 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, if (der_heim_integer_cmp(&moduli[i]->g, g) == 0 && der_heim_integer_cmp(&moduli[i]->p, p) == 0 && (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) - { - if (bits && bits > moduli[i]->bits) { - krb5_set_error_string(context, "PKINIT: DH group parameter %s " - "no accepted, not enough bits generated", - moduli[i]->name); - return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + { + if (bits && bits > moduli[i]->bits) { + krb5_set_error_message(context, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, + N_("PKINIT: DH group parameter %s " + "no accepted, not enough bits " + "generated", ""), + moduli[i]->name); + return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; + } + if (name) + *name = strdup(moduli[i]->name); + return 0; } - if (name) - *name = strdup(moduli[i]->name); - return 0; - } } - krb5_set_error_string(context, "PKINIT: DH group parameter no ok"); + krb5_set_error_message(context, + KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, + N_("PKINIT: DH group parameter no ok", "")); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } +#endif /* PKINIT */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) { #ifdef PKINIT @@ -1890,15 +2316,26 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) if (opt->opt_private == NULL || opt->opt_private->pk_init_ctx == NULL) return; ctx = opt->opt_private->pk_init_ctx; - if (ctx->dh) - DH_free(ctx->dh); - ctx->dh = NULL; + switch (ctx->keyex) { + case USE_DH: + if (ctx->u.dh) + DH_free(ctx->u.dh); + break; + case USE_RSA: + break; + case USE_ECDH: +#ifdef HAVE_OPENSSL + if (ctx->u.eckey) + EC_KEY_free(ctx->u.eckey); +#endif + break; + } if (ctx->id) { hx509_verify_destroy_ctx(ctx->id->verify_ctx); hx509_certs_free(&ctx->id->certs); + hx509_cert_free(ctx->id->cert); hx509_certs_free(&ctx->id->anchors); hx509_certs_free(&ctx->id->certpool); - hx509_context_free(&ctx->id->hx509ctx); if (ctx->clientDHNonce) { krb5_free_data(NULL, ctx->clientDHNonce); @@ -1913,8 +2350,8 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) opt->opt_private->pk_init_ctx = NULL; #endif } - -krb5_error_code KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_get_init_creds_opt *opt, krb5_principal principal, @@ -1932,19 +2369,18 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, char *anchors = NULL; if (opt->opt_private == NULL) { - krb5_set_error_string(context, "PKINIT: on non extendable opt"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: on non extendable opt", "")); return EINVAL; } - opt->opt_private->pk_init_ctx = + opt->opt_private->pk_init_ctx = calloc(1, sizeof(*opt->opt_private->pk_init_ctx)); if (opt->opt_private->pk_init_ctx == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - opt->opt_private->pk_init_ctx->dh = NULL; - opt->opt_private->pk_init_ctx->id = NULL; - opt->opt_private->pk_init_ctx->clientDHNonce = NULL; opt->opt_private->pk_init_ctx->require_binding = 0; opt->opt_private->pk_init_ctx->require_eku = 1; opt->opt_private->pk_init_ctx->require_krbtgt_otherName = 1; @@ -1953,23 +2389,26 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, /* XXX implement krb5_appdefault_strings */ if (pool == NULL) pool = krb5_config_get_strings(context, NULL, - "appdefaults", - "pkinit_pool", + "appdefaults", + "pkinit_pool", NULL); if (pki_revoke == NULL) pki_revoke = krb5_config_get_strings(context, NULL, - "appdefaults", - "pkinit_revoke", + "appdefaults", + "pkinit_revoke", NULL); if (x509_anchors == NULL) { krb5_appdefault_string(context, "kinit", - krb5_principal_get_realm(context, principal), + krb5_principal_get_realm(context, principal), "pkinit_anchors", NULL, &anchors); x509_anchors = anchors; } + if (flags & 4) + opt->opt_private->pk_init_ctx->anonymous = 1; + ret = _krb5_pk_load_id(context, &opt->opt_private->pk_init_ctx->id, user_id, @@ -1985,86 +2424,218 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, return ret; } + if (opt->opt_private->pk_init_ctx->id->certs) { + _krb5_pk_set_user_id(context, + principal, + opt->opt_private->pk_init_ctx, + opt->opt_private->pk_init_ctx->id->certs); + } else + opt->opt_private->pk_init_ctx->id->cert = NULL; + if ((flags & 2) == 0) { - const char *moduli_file; - unsigned long dh_min_bits; + hx509_context hx509ctx = context->hx509ctx; + hx509_cert cert = opt->opt_private->pk_init_ctx->id->cert; - moduli_file = krb5_config_get_string(context, NULL, - "libdefaults", - "moduli", - NULL); + opt->opt_private->pk_init_ctx->keyex = USE_DH; - dh_min_bits = - krb5_config_get_int_default(context, NULL, 0, - "libdefaults", - "pkinit_dh_min_bits", - NULL); + /* + * If its a ECDSA certs, lets select ECDSA as the keyex algorithm. + */ + if (cert) { + AlgorithmIdentifier alg; - ret = _krb5_parse_moduli(context, moduli_file, - &opt->opt_private->pk_init_ctx->m); - if (ret) { - _krb5_get_init_creds_opt_free_pkinit(opt); - return ret; - } - - opt->opt_private->pk_init_ctx->dh = DH_new(); - if (opt->opt_private->pk_init_ctx->dh == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; + ret = hx509_cert_get_SPKI_AlgorithmIdentifier(hx509ctx, cert, &alg); + if (ret == 0) { + if (der_heim_oid_cmp(&alg.algorithm, &asn1_oid_id_ecPublicKey) == 0) + opt->opt_private->pk_init_ctx->keyex = USE_ECDH; + free_AlgorithmIdentifier(&alg); + } } - ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh, - dh_min_bits, - opt->opt_private->pk_init_ctx->m); - if (ret) { - _krb5_get_init_creds_opt_free_pkinit(opt); - return ret; - } + } else { + opt->opt_private->pk_init_ctx->keyex = USE_RSA; - if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { - krb5_set_error_string(context, "pkinit: failed to generate DH key"); - _krb5_get_init_creds_opt_free_pkinit(opt); - return ENOMEM; + if (opt->opt_private->pk_init_ctx->id->certs == NULL) { + krb5_set_error_message(context, EINVAL, + N_("No anonymous pkinit support in RSA mode", "")); + return EINVAL; } } return 0; #else - krb5_set_error_string(context, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, + N_("no support for PKINIT compiled in", "")); return EINVAL; #endif } +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, + krb5_get_init_creds_opt *opt, + struct hx509_certs_data *certs) +{ +#ifdef PKINIT + if (opt->opt_private == NULL) { + krb5_set_error_message(context, EINVAL, + N_("PKINIT: on non extendable opt", "")); + return EINVAL; + } + if (opt->opt_private->pk_init_ctx == NULL) { + krb5_set_error_message(context, EINVAL, + N_("PKINIT: on pkinit context", "")); + return EINVAL; + } + + _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs); + + return 0; +#else + krb5_set_error_message(context, EINVAL, + N_("no support for PKINIT compiled in", "")); + return EINVAL; +#endif +} + +#ifdef PKINIT + +static int +get_ms_san(hx509_context context, hx509_cert cert, char **upn) +{ + hx509_octet_string_list list; + int ret; + + *upn = NULL; + + ret = hx509_cert_find_subjectAltName_otherName(context, + cert, + &asn1_oid_id_pkinit_ms_san, + &list); + if (ret) + return 0; + + if (list.len > 0 && list.val[0].length > 0) + ret = decode_MS_UPN_SAN(list.val[0].data, list.val[0].length, + upn, NULL); + else + ret = 1; + hx509_free_octet_string_list(&list); + + return ret; +} + +static int +find_ms_san(hx509_context context, hx509_cert cert, void *ctx) +{ + char *upn; + int ret; + + ret = get_ms_san(context, cert, &upn); + if (ret == 0) + free(upn); + return ret; +} + + + +#endif + /* - * + * Private since it need to be redesigned using krb5_get_init_creds() */ -static void -_krb5_pk_copy_error(krb5_context context, - hx509_context hx509ctx, - int hxret, - const char *fmt, - ...) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_pk_enterprise_cert(krb5_context context, + const char *user_id, + krb5_const_realm realm, + krb5_principal *principal, + struct hx509_certs_data **res) { - va_list va; - char *s, *f; +#ifdef PKINIT + krb5_error_code ret; + hx509_certs certs, result; + hx509_cert cert = NULL; + hx509_query *q; + char *name; - va_start(va, fmt); - vasprintf(&f, fmt, va); - va_end(va); - if (f == NULL) { - krb5_clear_error_string(context); - return; + *principal = NULL; + if (res) + *res = NULL; + + if (user_id == NULL) { + krb5_set_error_message(context, ENOENT, "no user id"); + return ENOENT; } - s = hx509_get_error_string(hx509ctx, hxret); - if (s == NULL) { - krb5_clear_error_string(context); - free(f); - return; + ret = hx509_certs_init(context->hx509ctx, user_id, 0, NULL, &certs); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Failed to init cert certs"); + goto out; } - krb5_set_error_string(context, "%s: %s", f, s); - free(s); - free(f); + + ret = hx509_query_alloc(context->hx509ctx, &q); + if (ret) { + krb5_set_error_message(context, ret, "out of memory"); + hx509_certs_free(&certs); + goto out; + } + + hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY); + hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE); + hx509_query_match_eku(q, &asn1_oid_id_pkinit_ms_eku); + hx509_query_match_cmp_func(q, find_ms_san, NULL); + + ret = hx509_certs_filter(context->hx509ctx, certs, q, &result); + hx509_query_free(context->hx509ctx, q); + hx509_certs_free(&certs); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Failed to find PKINIT certificate"); + return ret; + } + + ret = hx509_get_one_cert(context->hx509ctx, result, &cert); + hx509_certs_free(&result); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Failed to get one cert"); + goto out; + } + + ret = get_ms_san(context->hx509ctx, cert, &name); + if (ret) { + pk_copy_error(context, context->hx509ctx, ret, + "Failed to get MS SAN"); + goto out; + } + + ret = krb5_make_principal(context, principal, realm, name, NULL); + free(name); + if (ret) + goto out; + + krb5_principal_set_type(context, *principal, KRB5_NT_ENTERPRISE_PRINCIPAL); + + if (res) { + ret = hx509_certs_init(context->hx509ctx, "MEMORY:", 0, NULL, res); + if (ret) + goto out; + + ret = hx509_certs_add(context->hx509ctx, *res, cert); + if (ret) { + hx509_certs_free(res); + goto out; + } + } + + out: + hx509_cert_free(cert); + + return ret; +#else + krb5_set_error_message(context, EINVAL, + N_("no support for PKINIT compiled in", "")); + return EINVAL; +#endif } diff --git a/crypto/heimdal/lib/krb5/plugin.c b/crypto/heimdal/lib/krb5/plugin.c index bae28496aaf..9303b6c615b 100644 --- a/crypto/heimdal/lib/krb5/plugin.c +++ b/crypto/heimdal/lib/krb5/plugin.c @@ -1,38 +1,38 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 22033 2007-11-10 10:39:47Z lha $"); + #ifdef HAVE_DLFCN_H #include #endif @@ -40,21 +40,36 @@ RCSID("$Id: plugin.c 22033 2007-11-10 10:39:47Z lha $"); struct krb5_plugin { void *symbol; - void *dsohandle; struct krb5_plugin *next; }; struct plugin { - enum krb5_plugin_type type; - void *name; - void *symbol; + enum { DSO, SYMBOL } type; + union { + struct { + char *path; + void *dsohandle; + } dso; + struct { + enum krb5_plugin_type type; + char *name; + char *symbol; + } symbol; + } u; struct plugin *next; }; static HEIMDAL_MUTEX plugin_mutex = HEIMDAL_MUTEX_INITIALIZER; static struct plugin *registered = NULL; +static int plugins_needs_scan = 1; -static const char *plugin_dir = LIBDIR "/plugin/krb5"; +static const char *sysplugin_dirs[] = { + LIBDIR "/plugin/krb5", +#ifdef __APPLE__ + "/System/Library/KerberosPlugins/KerberosFrameworkPlugins", +#endif + NULL +}; /* * @@ -79,39 +94,30 @@ _krb5_plugin_get_next(struct krb5_plugin *p) #ifdef HAVE_DLOPEN static krb5_error_code -loadlib(krb5_context context, - enum krb5_plugin_type type, - const char *name, - const char *lib, - struct krb5_plugin **e) +loadlib(krb5_context context, char *path) { - *e = calloc(1, sizeof(**e)); - if (*e == NULL) { - krb5_set_error_string(context, "out of memory"); + struct plugin *e; + + e = calloc(1, sizeof(*e)); + if (e == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + free(path); return ENOMEM; } #ifndef RTLD_LAZY #define RTLD_LAZY 0 #endif +#ifndef RTLD_LOCAL +#define RTLD_LOCAL 0 +#endif + e->type = DSO; + /* ignore error from dlopen, and just keep it as negative cache entry */ + e->u.dso.dsohandle = dlopen(path, RTLD_LOCAL|RTLD_LAZY); + e->u.dso.path = path; - (*e)->dsohandle = dlopen(lib, RTLD_LAZY); - if ((*e)->dsohandle == NULL) { - free(*e); - *e = NULL; - krb5_set_error_string(context, "Failed to load %s: %s", - lib, dlerror()); - return ENOMEM; - } - - /* dlsym doesn't care about the type */ - (*e)->symbol = dlsym((*e)->dsohandle, name); - if ((*e)->symbol == NULL) { - dlclose((*e)->dsohandle); - free(*e); - krb5_clear_error_string(context); - return ENOMEM; - } + e->next = registered; + registered = e; return 0; } @@ -129,29 +135,43 @@ loadlib(krb5_context context, * @ingroup krb5_support */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register(krb5_context context, enum krb5_plugin_type type, - const char *name, + const char *name, void *symbol) { struct plugin *e; + HEIMDAL_MUTEX_lock(&plugin_mutex); + + /* check for duplicates */ + for (e = registered; e != NULL; e = e->next) { + if (e->type == SYMBOL && + strcmp(e->u.symbol.name, name) == 0 && + e->u.symbol.type == type && e->u.symbol.symbol == symbol) { + HEIMDAL_MUTEX_unlock(&plugin_mutex); + return 0; + } + } + e = calloc(1, sizeof(*e)); if (e == NULL) { - krb5_set_error_string(context, "out of memory"); + HEIMDAL_MUTEX_unlock(&plugin_mutex); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - e->type = type; - e->name = strdup(name); - if (e->name == NULL) { + e->type = SYMBOL; + e->u.symbol.type = type; + e->u.symbol.name = strdup(name); + if (e->u.symbol.name == NULL) { + HEIMDAL_MUTEX_unlock(&plugin_mutex); free(e); - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } - e->symbol = symbol; + e->u.symbol.symbol = symbol; - HEIMDAL_MUTEX_lock(&plugin_mutex); e->next = registered; registered = e; HEIMDAL_MUTEX_unlock(&plugin_mutex); @@ -159,95 +179,191 @@ krb5_plugin_register(krb5_context context, return 0; } -krb5_error_code -_krb5_plugin_find(krb5_context context, - enum krb5_plugin_type type, - const char *name, - struct krb5_plugin **list) +static int +is_valid_plugin_filename(const char * n) { - struct krb5_plugin *e; - struct plugin *p; + if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0'))) + return 0; + +#ifdef _WIN32 + /* On Windows, we only attempt to load .dll files as plug-ins. */ + { + const char * ext; + + ext = strrchr(n, '.'); + if (ext == NULL) + return 0; + + return !stricmp(ext, ".dll"); + } +#else + return 1; +#endif +} + +static void +trim_trailing_slash(char * path) +{ + size_t l; + + l = strlen(path); + while (l > 0 && (path[l - 1] == '/' +#ifdef BACKSLASH_PATH_DELIM + || path[l - 1] == '\\' +#endif + )) { + path[--l] = '\0'; + } +} + +static krb5_error_code +load_plugins(krb5_context context) +{ + struct plugin *e; krb5_error_code ret; - char *sysdirs[2] = { NULL, NULL }; char **dirs = NULL, **di; struct dirent *entry; char *path; DIR *d = NULL; + if (!plugins_needs_scan) + return 0; + plugins_needs_scan = 0; + +#ifdef HAVE_DLOPEN + + dirs = krb5_config_get_strings(context, NULL, "libdefaults", + "plugin_dir", NULL); + if (dirs == NULL) + dirs = rk_UNCONST(sysplugin_dirs); + + for (di = dirs; *di != NULL; di++) { + char * dir = *di; + +#ifdef KRB5_USE_PATH_TOKENS + if (_krb5_expand_path_tokens(context, *di, &dir)) + goto next_dir; +#endif + + trim_trailing_slash(dir); + + d = opendir(dir); + + if (d == NULL) + goto next_dir; + + rk_cloexec_dir(d); + + while ((entry = readdir(d)) != NULL) { + char *n = entry->d_name; + + /* skip . and .. */ + if (!is_valid_plugin_filename(n)) + continue; + + path = NULL; + ret = 0; +#ifdef __APPLE__ + { /* support loading bundles on MacOS */ + size_t len = strlen(n); + if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0) + ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", dir, n, (int)(len - 7), n); + } +#endif + if (ret < 0 || path == NULL) + ret = asprintf(&path, "%s/%s", dir, n); + + if (ret < 0 || path == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); + return ret; + } + + /* check if already tried */ + for (e = registered; e != NULL; e = e->next) + if (e->type == DSO && strcmp(e->u.dso.path, path) == 0) + break; + if (e) { + free(path); + } else { + loadlib(context, path); /* store or frees path */ + } + } + closedir(d); + + next_dir: + if (dir != *di) + free(dir); + } + if (dirs != rk_UNCONST(sysplugin_dirs)) + krb5_config_free_strings(dirs); +#endif /* HAVE_DLOPEN */ + return 0; +} + +static krb5_error_code +add_symbol(krb5_context context, struct krb5_plugin **list, void *symbol) +{ + struct krb5_plugin *e; + + e = calloc(1, sizeof(*e)); + if (e == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + e->symbol = symbol; + e->next = *list; + *list = e; + return 0; +} + +krb5_error_code +_krb5_plugin_find(krb5_context context, + enum krb5_plugin_type type, + const char *name, + struct krb5_plugin **list) +{ + struct plugin *e; + krb5_error_code ret; + *list = NULL; HEIMDAL_MUTEX_lock(&plugin_mutex); - for (p = registered; p != NULL; p = p->next) { - if (p->type != type || strcmp(p->name, name) != 0) - continue; + load_plugins(context); - e = calloc(1, sizeof(*e)); - if (e == NULL) { - HEIMDAL_MUTEX_unlock(&plugin_mutex); - krb5_set_error_string(context, "out of memory"); - ret = ENOMEM; - goto out; - } - e->symbol = p->symbol; - e->dsohandle = NULL; - e->next = *list; - *list = e; - } - HEIMDAL_MUTEX_unlock(&plugin_mutex); - -#ifdef HAVE_DLOPEN - - dirs = krb5_config_get_strings(context, NULL, "libdefaults", - "plugin_dir", NULL); - if (dirs == NULL) { - sysdirs[0] = rk_UNCONST(plugin_dir); - dirs = sysdirs; - } - - for (di = dirs; *di != NULL; di++) { - - d = opendir(*di); - if (d == NULL) - continue; - - while ((entry = readdir(d)) != NULL) { - asprintf(&path, "%s/%s", *di, entry->d_name); - if (path == NULL) { - krb5_set_error_string(context, "out of memory"); - ret = ENOMEM; - goto out; - } - ret = loadlib(context, type, name, path, &e); - free(path); - if (ret) + for (ret = 0, e = registered; e != NULL; e = e->next) { + switch(e->type) { + case DSO: { + void *sym; + if (e->u.dso.dsohandle == NULL) continue; - - e->next = *list; - *list = e; + sym = dlsym(e->u.dso.dsohandle, name); + if (sym) + ret = add_symbol(context, list, sym); + break; + } + case SYMBOL: + if (strcmp(e->u.symbol.name, name) == 0 && e->u.symbol.type == type) + ret = add_symbol(context, list, e->u.symbol.symbol); + break; + } + if (ret) { + _krb5_plugin_free(*list); + *list = NULL; } - closedir(d); } - if (dirs != sysdirs) - krb5_config_free_strings(dirs); -#endif /* HAVE_DLOPEN */ + + HEIMDAL_MUTEX_unlock(&plugin_mutex); + if (ret) + return ret; if (*list == NULL) { - krb5_set_error_string(context, "Did not find a plugin for %s", name); + krb5_set_error_message(context, ENOENT, "Did not find a plugin for %s", name); return ENOENT; } return 0; - -out: - if (dirs && dirs != sysdirs) - krb5_config_free_strings(dirs); - if (d) - closedir(d); - _krb5_plugin_free(*list); - *list = NULL; - - return ret; } void @@ -256,9 +372,264 @@ _krb5_plugin_free(struct krb5_plugin *list) struct krb5_plugin *next; while (list) { next = list->next; - if (list->dsohandle) - dlclose(list->dsohandle); free(list); list = next; } } +/* + * module - dict of { + * ModuleName = [ + * plugin = object{ + * array = { ptr, ctx } + * } + * ] + * } + */ + +static heim_dict_t modules; + +struct plugin2 { + heim_string_t path; + void *dsohandle; + heim_dict_t names; +}; + +static void +plug_dealloc(void *ptr) +{ + struct plugin2 *p = ptr; + heim_release(p->path); + heim_release(p->names); + if (p->dsohandle) + dlclose(p->dsohandle); +} + + +void +_krb5_load_plugins(krb5_context context, const char *name, const char **paths) +{ +#ifdef HAVE_DLOPEN + heim_string_t s = heim_string_create(name); + heim_dict_t module; + struct dirent *entry; + krb5_error_code ret; + const char **di; + DIR *d; + + HEIMDAL_MUTEX_lock(&plugin_mutex); + + if (modules == NULL) { + modules = heim_dict_create(11); + if (modules == NULL) { + HEIMDAL_MUTEX_unlock(&plugin_mutex); + return; + } + } + + module = heim_dict_copy_value(modules, s); + if (module == NULL) { + module = heim_dict_create(11); + if (module == NULL) { + HEIMDAL_MUTEX_unlock(&plugin_mutex); + heim_release(s); + return; + } + heim_dict_add_value(modules, s, module); + } + heim_release(s); + + for (di = paths; *di != NULL; di++) { + d = opendir(*di); + if (d == NULL) + continue; + rk_cloexec_dir(d); + + while ((entry = readdir(d)) != NULL) { + char *n = entry->d_name; + char *path = NULL; + heim_string_t spath; + struct plugin2 *p; + + /* skip . and .. */ + if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0'))) + continue; + + ret = 0; +#ifdef __APPLE__ + { /* support loading bundles on MacOS */ + size_t len = strlen(n); + if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0) + ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", *di, n, (int)(len - 7), n); + } +#endif + if (ret < 0 || path == NULL) + ret = asprintf(&path, "%s/%s", *di, n); + + if (ret < 0 || path == NULL) + continue; + + spath = heim_string_create(n); + if (spath == NULL) { + free(path); + continue; + } + + /* check if already cached */ + p = heim_dict_copy_value(module, spath); + if (p == NULL) { + p = heim_alloc(sizeof(*p), "krb5-plugin", plug_dealloc); + if (p) + p->dsohandle = dlopen(path, RTLD_LOCAL|RTLD_LAZY); + + if (p->dsohandle) { + p->path = heim_retain(spath); + p->names = heim_dict_create(11); + heim_dict_add_value(module, spath, p); + } + } + heim_release(spath); + heim_release(p); + free(path); + } + closedir(d); + } + heim_release(module); + HEIMDAL_MUTEX_unlock(&plugin_mutex); +#endif /* HAVE_DLOPEN */ +} + +void +_krb5_unload_plugins(krb5_context context, const char *name) +{ + HEIMDAL_MUTEX_lock(&plugin_mutex); + heim_release(modules); + modules = NULL; + HEIMDAL_MUTEX_unlock(&plugin_mutex); +} + +/* + * + */ + +struct common_plugin_method { + int version; + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); +}; + +struct plug { + void *dataptr; + void *ctx; +}; + +static void +plug_free(void *ptr) +{ + struct plug *pl = ptr; + if (pl->dataptr) { + struct common_plugin_method *cpm = pl->dataptr; + cpm->fini(pl->ctx); + } +} + +struct iter_ctx { + krb5_context context; + heim_string_t n; + const char *name; + int min_version; + heim_array_t result; + krb5_error_code (*func)(krb5_context, const void *, void *, void *); + void *userctx; + krb5_error_code ret; +}; + +static void +search_modules(void *ctx, heim_object_t key, heim_object_t value) +{ + struct iter_ctx *s = ctx; + struct plugin2 *p = value; + struct plug *pl = heim_dict_copy_value(p->names, s->n); + struct common_plugin_method *cpm; + + if (pl == NULL) { + if (p->dsohandle == NULL) + return; + + pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free); + + cpm = pl->dataptr = dlsym(p->dsohandle, s->name); + if (cpm) { + int ret; + + ret = cpm->init(s->context, &pl->ctx); + if (ret) + cpm = pl->dataptr = NULL; + } + heim_dict_add_value(p->names, s->n, pl); + } else { + cpm = pl->dataptr; + } + + if (cpm && cpm->version >= s->min_version) + heim_array_append_value(s->result, pl); + + heim_release(pl); +} + +static void +eval_results(heim_object_t value, void *ctx) +{ + struct plug *pl = value; + struct iter_ctx *s = ctx; + + if (s->ret != KRB5_PLUGIN_NO_HANDLE) + return; + + s->ret = s->func(s->context, pl->dataptr, pl->ctx, s->userctx); +} + +krb5_error_code +_krb5_plugin_run_f(krb5_context context, + const char *module, + const char *name, + int min_version, + int flags, + void *userctx, + krb5_error_code (*func)(krb5_context, const void *, void *, void *)) +{ + heim_string_t m = heim_string_create(module); + heim_dict_t dict; + struct iter_ctx s; + + HEIMDAL_MUTEX_lock(&plugin_mutex); + + dict = heim_dict_copy_value(modules, m); + heim_release(m); + if (dict == NULL) { + HEIMDAL_MUTEX_unlock(&plugin_mutex); + return KRB5_PLUGIN_NO_HANDLE; + } + + s.context = context; + s.name = name; + s.n = heim_string_create(name); + s.min_version = min_version; + s.result = heim_array_create(); + s.func = func; + s.userctx = userctx; + + heim_dict_iterate_f(dict, search_modules, &s); + + heim_release(dict); + + HEIMDAL_MUTEX_unlock(&plugin_mutex); + + s.ret = KRB5_PLUGIN_NO_HANDLE; + + heim_array_iterate_f(s.result, eval_results, &s); + + heim_release(s.result); + heim_release(s.n); + + return s.ret; +} diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 8d9c8805415..a10d2d07980 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -1,34 +1,50 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/** + * @page krb5_principal_intro The principal handing functions. + * + * A Kerberos principal is a email address looking string that + * contains to parts separeted by a @. The later part is the kerbero + * realm the principal belongs to and the former is a list of 0 or + * more components. For example + * @verbatim +lha@SU.SE +host/hummel.it.su.se@SU.SE +host/admin@H5L.ORG +@endverbatim + * + * See the library functions here: @ref krb5_principal */ #include "krb5_locl.h" @@ -41,15 +57,26 @@ #include #include "resolve.h" -RCSID("$Id: principal.c 21741 2007-07-31 16:00:37Z lha $"); - #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) #define princ_comp(P) ((P)->name.name_string.val) #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)]) #define princ_realm(P) ((P)->realm) -void KRB5_LIB_FUNCTION +/** + * Frees a Kerberos principal allocated by the library with + * krb5_parse_name(), krb5_make_principal() or any other related + * principal functions. + * + * @param context A Kerberos context. + * @param p a principal to free. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_principal(krb5_context context, krb5_principal p) { @@ -59,7 +86,19 @@ krb5_free_principal(krb5_context context, } } -void KRB5_LIB_FUNCTION +/** + * Set the type of the principal + * + * @param context A Kerberos context. + * @param principal principal to set the type for + * @param type the new type + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_principal_set_type(krb5_context context, krb5_principal principal, int type) @@ -67,21 +106,43 @@ krb5_principal_set_type(krb5_context context, princ_type(principal) = type; } -int KRB5_LIB_FUNCTION +/** + * Get the type of the principal + * + * @param context A Kerberos context. + * @param principal principal to get the type for + * + * @return the type of principal + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_principal_get_type(krb5_context context, krb5_const_principal principal) { return princ_type(principal); } -const char* KRB5_LIB_FUNCTION +/** + * Get the realm of the principal + * + * @param context A Kerberos context. + * @param principal principal to get the realm for + * + * @return realm of the principal, don't free or use after krb5_principal is freed + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_realm(krb5_context context, krb5_const_principal principal) { return princ_realm(principal); -} +} -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_principal_get_comp_string(krb5_context context, krb5_const_principal principal, unsigned int component) @@ -91,7 +152,38 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Get number of component is principal. + * + * @param context Kerberos 5 context + * @param principal principal to query + * + * @return number of components in string + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION unsigned int KRB5_LIB_CALL +krb5_principal_get_num_comp(krb5_context context, + krb5_const_principal principal) +{ + return princ_num_comp(principal); +} + +/** + * Parse a name into a krb5_principal structure, flags controls the behavior. + * + * @param context Kerberos 5 context + * @param name name to parse into a Kerberos principal + * @param flags flags to control the behavior + * @param principal returned principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name_flags(krb5_context context, const char *name, int flags, @@ -112,14 +204,15 @@ krb5_parse_name_flags(krb5_context context, int got_realm = 0; int first_at = 1; int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); - + *principal = NULL; -#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM) +#define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) if ((flags & RFLAGS) == RFLAGS) { - krb5_set_error_string(context, "Can't require both realm and " - "no realm at the same time"); + krb5_set_error_message(context, KRB5_ERR_NO_SERVICE, + N_("Can't require both realm and " + "no realm at the same time", "")); return KRB5_ERR_NO_SERVICE; } #undef RFLAGS @@ -132,8 +225,8 @@ krb5_parse_name_flags(krb5_context context, for(p = name; *p; p++){ if(*p=='\\'){ if(!p[1]) { - krb5_set_error_string (context, - "trailing \\ in principal name"); + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + N_("trailing \\ in principal name", "")); return KRB5_PARSE_MALFORMED; } p++; @@ -145,15 +238,17 @@ krb5_parse_name_flags(krb5_context context, } comp = calloc(ncomp, sizeof(*comp)); if (comp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - + n = 0; p = start = q = s = strdup(name); if (start == NULL) { free (comp); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } while(*p){ @@ -169,9 +264,9 @@ krb5_parse_name_flags(krb5_context context, else if(c == '0') c = '\0'; else if(c == '\0') { - krb5_set_error_string (context, - "trailing \\ in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + N_("trailing \\ in principal name", "")); goto exit; } }else if(enterprise && first_at) { @@ -179,15 +274,16 @@ krb5_parse_name_flags(krb5_context context, first_at = 0; }else if((c == '/' && !enterprise) || c == '@'){ if(got_realm){ - krb5_set_error_string (context, - "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + N_("part after realm in principal name", "")); goto exit; }else{ comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } memcpy(comp[n], start, q - start); @@ -199,34 +295,37 @@ krb5_parse_name_flags(krb5_context context, start = q; continue; } - if(got_realm && (c == ':' || c == '/' || c == '\0')) { - krb5_set_error_string (context, - "part after realm in principal name"); + if(got_realm && (c == '/' || c == '\0')) { ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + N_("part after realm in principal name", "")); goto exit; } *q++ = c; } if(got_realm){ if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { - krb5_set_error_string (context, "realm found in 'short' principal " - "expected to be without one"); ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + N_("realm found in 'short' principal " + "expected to be without one", "")); goto exit; } realm = malloc(q - start + 1); if (realm == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } memcpy(realm, start, q - start); realm[q - start] = 0; }else{ - if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) { - krb5_set_error_string (context, "realm NOT found in principal " - "expected to be with one"); + if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) { ret = KRB5_PARSE_MALFORMED; + krb5_set_error_message(context, ret, + N_("realm NOT found in principal " + "expected to be with one", "")); goto exit; } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { realm = NULL; @@ -238,8 +337,9 @@ krb5_parse_name_flags(krb5_context context, comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } memcpy(comp[n], start, q - start); @@ -248,8 +348,9 @@ krb5_parse_name_flags(krb5_context context, } *principal = malloc(sizeof(**principal)); if (*principal == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } if (enterprise) @@ -271,7 +372,19 @@ exit: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Parse a name into a krb5_principal structure + * + * @param context Kerberos 5 context + * @param name name to parse into a Kerberos principal + * @param principal returned principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal) @@ -313,14 +426,15 @@ unparse_name_fixed(krb5_context context, int flags) { size_t idx = 0; - int i; + size_t i; int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0; int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; if (!no_realm && princ_realm(principal) == NULL) { - krb5_set_error_string(context, "Realm missing from principal, " - "can't unparse"); + krb5_set_error_message(context, ERANGE, + N_("Realm missing from principal, " + "can't unparse", "")); return ERANGE; } @@ -329,10 +443,11 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '/'); idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); if(idx == len) { - krb5_set_error_string(context, "Out of space printing principal"); + krb5_set_error_message(context, ERANGE, + N_("Out of space printing principal", "")); return ERANGE; } - } + } /* add realm if different from default realm */ if(short_form && !no_realm) { krb5_realm r; @@ -348,15 +463,29 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '@'); idx = quote_string(princ_realm(principal), name, idx, len, display); if(idx == len) { - krb5_set_error_string(context, - "Out of space printing realm of principal"); + krb5_set_error_message(context, ERANGE, + N_("Out of space printing " + "realm of principal", "")); return ERANGE; } } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Unparse the principal name to a fixed buffer + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param name buffer to write name to + * @param len length of buffer + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed(krb5_context context, krb5_const_principal principal, char *name, @@ -365,17 +494,45 @@ krb5_unparse_name_fixed(krb5_context context, return unparse_name_fixed(context, principal, name, len, 0); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Unparse the principal name to a fixed buffer. The realm is skipped + * if its a default realm. + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param name buffer to write name to + * @param len length of buffer + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_short(krb5_context context, krb5_const_principal principal, char *name, size_t len) { - return unparse_name_fixed(context, principal, name, len, + return unparse_name_fixed(context, principal, name, len, KRB5_PRINCIPAL_UNPARSE_SHORT); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Unparse the principal name with unparse flags to a fixed buffer. + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param flags unparse flags + * @param name buffer to write name to + * @param len length of buffer + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_fixed_flags(krb5_context context, krb5_const_principal principal, int flags, @@ -392,7 +549,7 @@ unparse_name(krb5_context context, int flags) { size_t len = 0, plen; - int i; + size_t i; krb5_error_code ret; /* count length */ if (princ_realm(principal)) { @@ -415,7 +572,8 @@ unparse_name(krb5_context context, len++; /* '\0' */ *name = malloc(len); if(*name == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = unparse_name_fixed(context, principal, *name, len, flags); @@ -426,7 +584,19 @@ unparse_name(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Unparse the Kerberos name into a string + * + * @param context Kerberos 5 context + * @param principal principal to query + * @param name resulting string, free with krb5_xfree() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name(krb5_context context, krb5_const_principal principal, char **name) @@ -434,7 +604,20 @@ krb5_unparse_name(krb5_context context, return unparse_name(context, principal, name, 0); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Unparse the Kerberos name into a string + * + * @param context Kerberos 5 context + * @param principal principal to query + * @param flags flag to determine the behavior + * @param name resulting string, free with krb5_xfree() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, @@ -443,7 +626,20 @@ krb5_unparse_name_flags(krb5_context context, return unparse_name(context, principal, name, flags); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Unparse the principal name to a allocated buffer. The realm is + * skipped if its a default realm. + * + * @param context A Kerberos context. + * @param principal principal to unparse + * @param name returned buffer, free with krb5_xfree() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_unparse_name_short(krb5_context context, krb5_const_principal principal, char **name) @@ -451,37 +647,52 @@ krb5_unparse_name_short(krb5_context context, return unparse_name(context, principal, name, KRB5_PRINCIPAL_UNPARSE_SHORT); } -#if 0 /* not implemented */ +/** + * Set a new realm for a principal, and as a side-effect free the + * previous realm. + * + * @param context A Kerberos context. + * @param principal principal set the realm for + * @param realm the new realm to set + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_ext(krb5_context context, - krb5_const_principal principal, - char **name, - size_t *size) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_principal_set_realm(krb5_context context, + krb5_principal principal, + krb5_const_realm realm) { - krb5_abortx(context, "unimplemented krb5_unparse_name_ext called"); + if (princ_realm(principal)) + free(princ_realm(principal)); + + princ_realm(principal) = strdup(realm); + if (princ_realm(principal) == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + return 0; } -#endif +#ifndef HEIMDAL_SMALLER +/** + * Build a principal using vararg style building + * + * @param context A Kerberos context. + * @param principal returned principal + * @param rlen length of realm + * @param realm realm name + * @param ... a list of components ended with NULL. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ -krb5_realm * KRB5_LIB_FUNCTION -krb5_princ_realm(krb5_context context, - krb5_principal principal) -{ - return &princ_realm(principal); -} - - -void KRB5_LIB_FUNCTION -krb5_princ_set_realm(krb5_context context, - krb5_principal principal, - krb5_realm *realm) -{ - princ_realm(principal) = *realm; -} - - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal(krb5_context context, krb5_principal *principal, int rlen, @@ -495,9 +706,46 @@ krb5_build_principal(krb5_context context, va_end(ap); return ret; } +#endif + +/** + * Build a principal using vararg style building + * + * @param context A Kerberos context. + * @param principal returned principal + * @param realm realm name + * @param ... a list of components ended with NULL. + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_make_principal(krb5_context context, + krb5_principal *principal, + krb5_const_realm realm, + ...) +{ + krb5_error_code ret; + krb5_realm r = NULL; + va_list ap; + if(realm == NULL) { + ret = krb5_get_default_realm(context, &r); + if(ret) + return ret; + realm = r; + } + va_start(ap, realm); + ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); + va_end(ap); + if(r) + free(r); + return ret; +} static krb5_error_code -append_component(krb5_context context, krb5_principal p, +append_component(krb5_context context, krb5_principal p, const char *comp, size_t comp_len) { @@ -506,13 +754,15 @@ append_component(krb5_context context, krb5_principal p, tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } princ_comp(p) = tmp; princ_ncomp(p, len) = malloc(comp_len + 1); if (princ_ncomp(p, len) == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memcpy (princ_ncomp(p, len), comp, comp_len); @@ -547,7 +797,6 @@ va_princ(krb5_context context, krb5_principal p, va_list ap) } } - static krb5_error_code build_principal(krb5_context context, krb5_principal *principal, @@ -557,10 +806,11 @@ build_principal(krb5_context context, va_list ap) { krb5_principal p; - + p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } princ_type(p) = KRB5_NT_PRINCIPAL; @@ -568,41 +818,19 @@ build_principal(krb5_context context, princ_realm(p) = strdup(realm); if(p->realm == NULL){ free(p); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - + (*func)(context, p, ap); *principal = p; return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_make_principal(krb5_context context, - krb5_principal *principal, - krb5_const_realm realm, - ...) -{ - krb5_error_code ret; - krb5_realm r = NULL; - va_list ap; - if(realm == NULL) { - ret = krb5_get_default_realm(context, &r); - if(ret) - return ret; - realm = r; - } - va_start(ap, realm); - ret = krb5_build_principal_va(context, principal, strlen(realm), realm, ap); - va_end(ap); - if(r) - free(r); - return ret; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va(krb5_context context, - krb5_principal *principal, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_principal_va(krb5_context context, + krb5_principal *principal, int rlen, krb5_const_realm realm, va_list ap) @@ -610,9 +838,9 @@ krb5_build_principal_va(krb5_context context, return build_principal(context, principal, rlen, realm, va_princ, ap); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va_ext(krb5_context context, - krb5_principal *principal, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_build_principal_va_ext(krb5_context context, + krb5_principal *principal, int rlen, krb5_const_realm realm, va_list ap) @@ -621,7 +849,7 @@ krb5_build_principal_va_ext(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_build_principal_ext(krb5_context context, krb5_principal *principal, int rlen, @@ -636,36 +864,60 @@ krb5_build_principal_ext(krb5_context context, return ret; } +/** + * Copy a principal + * + * @param context A Kerberos context. + * @param inprinc principal to copy + * @param outprinc copied principal, free with krb5_free_principal() + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ -krb5_error_code KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) { krb5_principal p = malloc(sizeof(*p)); if (p == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if(copy_Principal(inprinc, p)) { free(p); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *outprinc = p; return 0; } -/* - * return TRUE iff princ1 == princ2 (without considering the realm) +/** + * Return TRUE iff princ1 == princ2 (without considering the realm) + * + * @param context Kerberos 5 context + * @param princ1 first principal to compare + * @param princ2 second principal to compare + * + * @return non zero if equal, 0 if not + * + * @ingroup krb5_principal + * @see krb5_principal_compare() + * @see krb5_realm_compare() */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) { - int i; + size_t i; if(princ_num_comp(princ1) != princ_num_comp(princ2)) return FALSE; for(i = 0; i < princ_num_comp(princ1); i++){ @@ -675,11 +927,40 @@ krb5_principal_compare_any_realm(krb5_context context, return TRUE; } +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +_krb5_principal_compare_PrincipalName(krb5_context context, + krb5_const_principal princ1, + PrincipalName *princ2) +{ + size_t i; + if (princ_num_comp(princ1) != princ2->name_string.len) + return FALSE; + for(i = 0; i < princ_num_comp(princ1); i++){ + if(strcmp(princ_ncomp(princ1, i), princ2->name_string.val[i]) != 0) + return FALSE; + } + return TRUE; +} + + +/** + * Compares the two principals, including realm of the principals and returns + * TRUE if they are the same and FALSE if not. + * + * @param context Kerberos 5 context + * @param princ1 first principal to compare + * @param princ2 second principal to compare + * + * @ingroup krb5_principal + * @see krb5_principal_compare_any_realm() + * @see krb5_realm_compare() + */ + /* * return TRUE iff princ1 == princ2 */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -689,11 +970,19 @@ krb5_principal_compare(krb5_context context, return krb5_principal_compare_any_realm(context, princ1, princ2); } -/* +/** * return TRUE iff realm(princ1) == realm(princ2) + * + * @param context Kerberos 5 context + * @param princ1 first principal to compare + * @param princ2 second principal to compare + * + * @ingroup krb5_principal + * @see krb5_principal_compare_any_realm() + * @see krb5_principal_compare() */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) @@ -701,16 +990,18 @@ krb5_realm_compare(krb5_context context, return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0; } -/* +/** * return TRUE iff princ matches pattern + * + * @ingroup krb5_principal */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_match(krb5_context context, krb5_const_principal princ, krb5_const_principal pattern) { - int i; + size_t i; if(princ_num_comp(princ) != princ_num_comp(pattern)) return FALSE; if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0) @@ -722,461 +1013,23 @@ krb5_principal_match(krb5_context context, return TRUE; } - -static struct v4_name_convert { - const char *from; - const char *to; -} default_v4_name_convert[] = { - { "ftp", "ftp" }, - { "hprop", "hprop" }, - { "pop", "pop" }, - { "imap", "imap" }, - { "rcmd", "host" }, - { "smtp", "smtp" }, - { NULL, NULL } -}; - -/* - * return the converted instance name of `name' in `realm'. - * look in the configuration file and then in the default set above. - * return NULL if no conversion is appropriate. +/** + * Create a principal for the service running on hostname. If + * KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or + * some other service), this is potentially insecure. + * + * @param context A Kerberos context. + * @param hostname hostname to use + * @param sname Service name to use + * @param type name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. + * @param ret_princ return principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal */ -static const char* -get_name_conversion(krb5_context context, const char *realm, const char *name) -{ - struct v4_name_convert *q; - const char *p; - - p = krb5_config_get_string(context, NULL, "realms", realm, - "v4_name_convert", "host", name, NULL); - if(p == NULL) - p = krb5_config_get_string(context, NULL, "libdefaults", - "v4_name_convert", "host", name, NULL); - if(p) - return p; - - /* XXX should be possible to override default list */ - p = krb5_config_get_string(context, NULL, - "realms", - realm, - "v4_name_convert", - "plain", - name, - NULL); - if(p) - return NULL; - p = krb5_config_get_string(context, NULL, - "libdefaults", - "v4_name_convert", - "plain", - name, - NULL); - if(p) - return NULL; - for(q = default_v4_name_convert; q->from; q++) - if(strcmp(q->from, name) == 0) - return q->to; - return NULL; -} - -/* - * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'. - * if `resolve', use DNS. - * if `func', use that function for validating the conversion - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext2(krb5_context context, - const char *name, - const char *instance, - const char *realm, - krb5_boolean (*func)(krb5_context, - void *, krb5_principal), - void *funcctx, - krb5_boolean resolve, - krb5_principal *princ) -{ - const char *p; - krb5_error_code ret; - krb5_principal pr; - char host[MAXHOSTNAMELEN]; - char local_hostname[MAXHOSTNAMELEN]; - - /* do the following: if the name is found in the - `v4_name_convert:host' part, is assumed to be a `host' type - principal, and the instance is looked up in the - `v4_instance_convert' part. if not found there the name is - (optionally) looked up as a hostname, and if that doesn't yield - anything, the `default_domain' is appended to the instance - */ - - if(instance == NULL) - goto no_host; - if(instance[0] == 0){ - instance = NULL; - goto no_host; - } - p = get_name_conversion(context, realm, name); - if(p == NULL) - goto no_host; - name = p; - p = krb5_config_get_string(context, NULL, "realms", realm, - "v4_instance_convert", instance, NULL); - if(p){ - instance = p; - ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - *princ = NULL; - krb5_clear_error_string (context); - return HEIM_ERR_V4_PRINC_NO_CONV; - } - if(resolve){ - krb5_boolean passed = FALSE; - char *inst = NULL; -#ifdef USE_RESOLVER - struct dns_reply *r; - - r = dns_lookup(instance, "aaaa"); - if (r) { - if (r->head && r->head->type == T_AAAA) { - inst = strdup(r->head->domain); - passed = TRUE; - } - dns_free_data(r); - } else { - r = dns_lookup(instance, "a"); - if (r) { - if(r->head && r->head->type == T_A) { - inst = strdup(r->head->domain); - passed = TRUE; - } - dns_free_data(r); - } - } -#else - struct addrinfo hints, *ai; - - memset (&hints, 0, sizeof(hints)); - hints.ai_flags = AI_CANONNAME; - ret = getaddrinfo(instance, NULL, &hints, &ai); - if (ret == 0) { - const struct addrinfo *a; - for (a = ai; a != NULL; a = a->ai_next) { - if (a->ai_canonname != NULL) { - inst = strdup (a->ai_canonname); - passed = TRUE; - break; - } - } - freeaddrinfo (ai); - } -#endif - if (passed) { - if (inst == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - strlwr(inst); - ret = krb5_make_principal(context, &pr, realm, name, inst, - NULL); - free (inst); - if(ret == 0) { - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - } - } - } - if(func != NULL) { - snprintf(host, sizeof(host), "%s.%s", instance, realm); - strlwr(host); - ret = krb5_make_principal(context, &pr, realm, name, host, NULL); - if((*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - } - - /* - * if the instance is the first component of the local hostname, - * the converted host should be the long hostname. - */ - - if (func == NULL && - gethostname (local_hostname, sizeof(local_hostname)) == 0 && - strncmp(instance, local_hostname, strlen(instance)) == 0 && - local_hostname[strlen(instance)] == '.') { - strlcpy(host, local_hostname, sizeof(host)); - goto local_host; - } - - { - char **domains, **d; - domains = krb5_config_get_strings(context, NULL, "realms", realm, - "v4_domains", NULL); - for(d = domains; d && *d; d++){ - snprintf(host, sizeof(host), "%s.%s", instance, *d); - ret = krb5_make_principal(context, &pr, realm, name, host, NULL); - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - krb5_config_free_strings(domains); - return 0; - } - krb5_free_principal(context, pr); - } - krb5_config_free_strings(domains); - } - - - p = krb5_config_get_string(context, NULL, "realms", realm, - "default_domain", NULL); - if(p == NULL){ - /* this should be an error, just faking a name is not good */ - krb5_clear_error_string (context); - return HEIM_ERR_V4_PRINC_NO_CONV; - } - - if (*p == '.') - ++p; - snprintf(host, sizeof(host), "%s.%s", instance, p); -local_host: - ret = krb5_make_principal(context, &pr, realm, name, host, NULL); - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - krb5_clear_error_string (context); - return HEIM_ERR_V4_PRINC_NO_CONV; -no_host: - p = krb5_config_get_string(context, NULL, - "realms", - realm, - "v4_name_convert", - "plain", - name, - NULL); - if(p == NULL) - p = krb5_config_get_string(context, NULL, - "libdefaults", - "v4_name_convert", - "plain", - name, - NULL); - if(p) - name = p; - - ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - krb5_clear_error_string (context); - return HEIM_ERR_V4_PRINC_NO_CONV; -} - -static krb5_boolean -convert_func(krb5_context conxtext, void *funcctx, krb5_principal principal) -{ - krb5_boolean (*func)(krb5_context, krb5_principal) = funcctx; - return (*func)(conxtext, principal); -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext(krb5_context context, - const char *name, - const char *instance, - const char *realm, - krb5_boolean (*func)(krb5_context, krb5_principal), - krb5_boolean resolve, - krb5_principal *principal) -{ - return krb5_425_conv_principal_ext2(context, - name, - instance, - realm, - func ? convert_func : NULL, - func, - resolve, - principal); -} - - - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal(krb5_context context, - const char *name, - const char *instance, - const char *realm, - krb5_principal *princ) -{ - krb5_boolean resolve = krb5_config_get_bool(context, - NULL, - "libdefaults", - "v4_instance_resolve", - NULL); - - return krb5_425_conv_principal_ext(context, name, instance, realm, - NULL, resolve, princ); -} - - -static int -check_list(const krb5_config_binding *l, const char *name, const char **out) -{ - while(l){ - if (l->type != krb5_config_string) - continue; - if(strcmp(name, l->u.string) == 0) { - *out = l->name; - return 1; - } - l = l->next; - } - return 0; -} - -static int -name_convert(krb5_context context, const char *name, const char *realm, - const char **out) -{ - const krb5_config_binding *l; - l = krb5_config_get_list (context, - NULL, - "realms", - realm, - "v4_name_convert", - "host", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_SRV_HST; - l = krb5_config_get_list (context, - NULL, - "libdefaults", - "v4_name_convert", - "host", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_SRV_HST; - l = krb5_config_get_list (context, - NULL, - "realms", - realm, - "v4_name_convert", - "plain", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_UNKNOWN; - l = krb5_config_get_list (context, - NULL, - "libdefaults", - "v4_name_convert", - "host", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_UNKNOWN; - - /* didn't find it in config file, try built-in list */ - { - struct v4_name_convert *q; - for(q = default_v4_name_convert; q->from; q++) { - if(strcmp(name, q->to) == 0) { - *out = q->from; - return KRB5_NT_SRV_HST; - } - } - } - return -1; -} - -/* - * convert the v5 principal in `principal' into a v4 corresponding one - * in `name, instance, realm' - * this is limited interface since there's no length given for these - * three parameters. They have to be 40 bytes each (ANAME_SZ). - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_524_conv_principal(krb5_context context, - const krb5_principal principal, - char *name, - char *instance, - char *realm) -{ - const char *n, *i, *r; - char tmpinst[40]; - int type = princ_type(principal); - const int aname_sz = 40; - - r = principal->realm; - - switch(principal->name.name_string.len){ - case 1: - n = principal->name.name_string.val[0]; - i = ""; - break; - case 2: - n = principal->name.name_string.val[0]; - i = principal->name.name_string.val[1]; - break; - default: - krb5_set_error_string (context, - "cannot convert a %d component principal", - principal->name.name_string.len); - return KRB5_PARSE_MALFORMED; - } - - { - const char *tmp; - int t = name_convert(context, n, r, &tmp); - if(t >= 0) { - type = t; - n = tmp; - } - } - - if(type == KRB5_NT_SRV_HST){ - char *p; - - strlcpy (tmpinst, i, sizeof(tmpinst)); - p = strchr(tmpinst, '.'); - if(p) - *p = 0; - i = tmpinst; - } - - if (strlcpy (name, n, aname_sz) >= aname_sz) { - krb5_set_error_string (context, - "too long name component to convert"); - return KRB5_PARSE_MALFORMED; - } - if (strlcpy (instance, i, aname_sz) >= aname_sz) { - krb5_set_error_string (context, - "too long instance component to convert"); - return KRB5_PARSE_MALFORMED; - } - if (strlcpy (realm, r, aname_sz) >= aname_sz) { - krb5_set_error_string (context, - "too long realm component to convert"); - return KRB5_PARSE_MALFORMED; - } - return 0; -} - -/* - * Create a principal in `ret_princ' for the service `sname' running - * on host `hostname'. */ - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sname_to_principal (krb5_context context, const char *hostname, const char *sname, @@ -1186,14 +1039,22 @@ krb5_sname_to_principal (krb5_context context, krb5_error_code ret; char localhost[MAXHOSTNAMELEN]; char **realms, *host = NULL; - + if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { - krb5_set_error_string (context, "unsupported name type %d", - type); + krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE, + N_("unsupported name type %d", ""), + (int)type); return KRB5_SNAME_UNSUPP_NAMETYPE; } if(hostname == NULL) { - gethostname(localhost, sizeof(localhost)); + ret = gethostname(localhost, sizeof(localhost) - 1); + if (ret != 0) { + ret = errno; + krb5_set_error_message(context, ret, + N_("Failed to get local hostname", "")); + return ret; + } + localhost[sizeof(localhost) - 1] = '\0'; hostname = localhost; } if(sname == NULL) @@ -1235,20 +1096,41 @@ static const struct { { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID }, { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL }, { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID }, - { NULL } + { NULL, 0 } }; -krb5_error_code +/** + * Parse nametype string and return a nametype integer + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) { size_t i; - + for(i = 0; nametypes[i].type; i++) { if (strcasecmp(nametypes[i].type, str) == 0) { *nametype = nametypes[i].value; return 0; } } - krb5_set_error_string(context, "Failed to find name type %s", str); + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + N_("Failed to find name type %s", ""), str); return KRB5_PARSE_MALFORMED; } + +/** + * Check if the cname part of the principal is a krbtgt principal + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p) +{ + return p->name.name_string.len == 2 && + strcmp(p->name.name_string.val[0], KRB5_TGS_NAME) == 0; + +} diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c index 0586155ac46..21afbf8d103 100644 --- a/crypto/heimdal/lib/krb5/prog_setup.c +++ b/crypto/heimdal/lib/krb5/prog_setup.c @@ -1,53 +1,51 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include #include -RCSID("$Id: prog_setup.c 15470 2005-06-17 04:29:41Z lha $"); - -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_std_usage(int code, struct getargs *args, int num_args) { arg_printusage(args, num_args, NULL, ""); exit(code); } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_program_setup(krb5_context *context, int argc, char **argv, - struct getargs *args, int num_args, - void (*usage)(int, struct getargs*, int)) + struct getargs *args, int num_args, + void (KRB5_LIB_CALL *usage)(int, struct getargs*, int)) { krb5_error_code ret; int optidx = 0; @@ -59,7 +57,7 @@ krb5_program_setup(krb5_context *context, int argc, char **argv, ret = krb5_init_context(context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - + if(getarg(args, num_args, argc, argv, &optidx)) (*usage)(1, args, num_args); return optidx; diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index e0f407fb247..1bf748c5123 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $"); - -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_CALLCONV krb5_prompter_posix (krb5_context context, void *data, const char *name, diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index c3f732201f3..c08547112b2 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: rd_cred.c 20304 2007-04-11 11:15:05Z lha $"); +#include "krb5_locl.h" static krb5_error_code compare_addrs(krb5_context context, @@ -49,11 +47,12 @@ compare_addrs(krb5_context context, krb5_print_address (a, a_str, sizeof(a_str), &len); krb5_print_address (b, b_str, sizeof(b_str), &len); - krb5_set_error_string(context, "%s: %s != %s", message, b_str, a_str); + krb5_set_error_message(context, KRB5KRB_AP_ERR_BADADDR, + "%s: %s != %s", message, b_str, a_str); return KRB5KRB_AP_ERR_BADADDR; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *in_data, @@ -66,43 +65,44 @@ krb5_rd_cred(krb5_context context, EncKrbCredPart enc_krb_cred_part; krb5_data enc_krb_cred_part_data; krb5_crypto crypto; - int i; + size_t i; memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part)); + krb5_data_zero(&enc_krb_cred_part_data); - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ *ret_creds = NULL; - ret = decode_KRB_CRED(in_data->data, in_data->length, + ret = decode_KRB_CRED(in_data->data, in_data->length, &cred, &len); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if (cred.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } if (cred.msg_type != krb_cred) { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } - if (cred.enc_part.etype == ETYPE_NULL) { + if (cred.enc_part.etype == ETYPE_NULL) { /* DK: MIT GSS-API Compatibility */ enc_krb_cred_part_data.length = cred.enc_part.cipher.length; enc_krb_cred_part_data.data = cred.enc_part.cipher.data; } else { /* Try both subkey and session key. - * + * * RFC4120 claims we should use the session key, but Heimdal * before 0.8 used the remote subkey if it was send in the * auth_context. @@ -119,12 +119,12 @@ krb5_rd_cred(krb5_context context, KRB5_KU_KRB_CRED, &cred.enc_part, &enc_krb_cred_part_data); - + krb5_crypto_destroy(context, crypto); } - /* - * If there was not subkey, or we failed using subkey, + /* + * If there was not subkey, or we failed using subkey, * retry using the session key */ if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) @@ -135,28 +135,31 @@ krb5_rd_cred(krb5_context context, if (ret) goto out; - + ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_KRB_CRED, &cred.enc_part, &enc_krb_cred_part_data); - + krb5_crypto_destroy(context, crypto); } if (ret) goto out; } - ret = krb5_decode_EncKrbCredPart (context, - enc_krb_cred_part_data.data, - enc_krb_cred_part_data.length, - &enc_krb_cred_part, - &len); + ret = decode_EncKrbCredPart(enc_krb_cred_part_data.data, + enc_krb_cred_part_data.length, + &enc_krb_cred_part, + &len); if (enc_krb_cred_part_data.data != cred.enc_part.cipher.data) krb5_data_free(&enc_krb_cred_part_data); - if (ret) + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed to decode " + "encrypte credential part", "")); goto out; + } /* check sender address */ @@ -172,8 +175,9 @@ krb5_rd_cred(krb5_context context, goto out; - ret = compare_addrs(context, a, enc_krb_cred_part.s_address, - "sender address is wrong in received creds"); + ret = compare_addrs(context, a, enc_krb_cred_part.s_address, + N_("sender address is wrong " + "in received creds", "")); krb5_free_address(context, a); free(a); if(ret) @@ -192,9 +196,10 @@ krb5_rd_cred(krb5_context context, auth_context->local_port); if (ret) goto out; - - ret = compare_addrs(context, a, enc_krb_cred_part.r_address, - "receiver address is wrong in received creds"); + + ret = compare_addrs(context, a, enc_krb_cred_part.r_address, + N_("receiver address is wrong " + "in received creds", "")); krb5_free_address(context, a); free(a); if(ret) @@ -202,7 +207,8 @@ krb5_rd_cred(krb5_context context, } else { ret = compare_addrs(context, auth_context->local_address, enc_krb_cred_part.r_address, - "receiver address is wrong in received creds"); + N_("receiver address is wrong " + "in received creds", "")); if(ret) goto out; } @@ -218,13 +224,13 @@ krb5_rd_cred(krb5_context context, enc_krb_cred_part.usec == NULL || abs(*enc_krb_cred_part.timestamp - sec) > context->max_skew) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_SKEW; goto out; } } - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { /* if these fields are not present in the cred-part, silently return zero */ @@ -236,15 +242,16 @@ krb5_rd_cred(krb5_context context, if(enc_krb_cred_part.nonce) outdata->seq = *enc_krb_cred_part.nonce; } - + /* Convert to NULL terminated list of creds */ - *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, + *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, sizeof(**ret_creds)); if (*ret_creds == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } @@ -255,11 +262,12 @@ krb5_rd_cred(krb5_context context, creds = calloc(1, sizeof(*creds)); if(creds == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } - ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, &cred.tickets.val[i], &len, ret); if (ret) { free(creds); @@ -292,9 +300,9 @@ krb5_rd_cred(krb5_context context, krb5_copy_addresses (context, kci->caddr, &creds->addresses); - + (*ret_creds)[i] = creds; - + } (*ret_creds)[i] = NULL; @@ -315,7 +323,7 @@ krb5_rd_cred(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_cred2 (krb5_context context, krb5_auth_context auth_context, krb5_ccache ccache, diff --git a/crypto/heimdal/lib/krb5/rd_error.c b/crypto/heimdal/lib/krb5/rd_error.c index e7646467afd..d778c68cd63 100644 --- a/crypto/heimdal/lib/krb5/rd_error.c +++ b/crypto/heimdal/lib/krb5/rd_error.c @@ -1,59 +1,57 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: rd_error.c 21057 2007-06-12 17:22:31Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_error(krb5_context context, const krb5_data *msg, KRB_ERROR *result) { - + size_t len; krb5_error_code ret; ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } result->error_code += KRB5KDC_ERR_NONE; return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error_contents (krb5_context context, krb5_error *error) { @@ -61,7 +59,7 @@ krb5_free_error_contents (krb5_context context, memset(error, 0, sizeof(*error)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_error (krb5_context context, krb5_error *error) { @@ -69,7 +67,7 @@ krb5_free_error (krb5_context context, free (error); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_error_from_rd_error(krb5_context context, const krb5_error *error, const krb5_creds *creds) @@ -78,7 +76,7 @@ krb5_error_from_rd_error(krb5_context context, ret = error->error_code; if (error->e_text != NULL) { - krb5_set_error_string(context, "%s", *error->e_text); + krb5_set_error_message(context, ret, "%s", *error->e_text); } else { char clientname[256], servername[256]; @@ -91,31 +89,35 @@ krb5_error_from_rd_error(krb5_context context, switch (ret) { case KRB5KDC_ERR_NAME_EXP : - krb5_set_error_string(context, "Client %s%s%s expired", - creds ? "(" : "", - creds ? clientname : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, + N_("Client %s%s%s expired", ""), + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_SERVICE_EXP : - krb5_set_error_string(context, "Server %s%s%s expired", - creds ? "(" : "", - creds ? servername : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, + N_("Server %s%s%s expired", ""), + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Client %s%s%s unknown", - creds ? "(" : "", - creds ? clientname : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, + N_("Client %s%s%s unknown", ""), + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); break; case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : - krb5_set_error_string(context, "Server %s%s%s unknown", - creds ? "(" : "", - creds ? servername : "", - creds ? ")" : ""); + krb5_set_error_message(context, ret, + N_("Server %s%s%s unknown", ""), + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); break; default : - krb5_clear_error_string(context); + krb5_clear_error_message(context); break; } } diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c index ed7a2ccc527..8a46195b694 100644 --- a/crypto/heimdal/lib/krb5/rd_priv.c +++ b/crypto/heimdal/lib/krb5/rd_priv.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, @@ -50,29 +48,33 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; - if (outbuf) - krb5_data_zero(outbuf); + krb5_data_zero(outbuf); - if ((auth_context->flags & - (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - outdata == NULL) { - krb5_clear_error_string (context); - return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) + { + if (outdata == NULL) { + krb5_clear_error_message (context); + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + } + /* if these fields are not present in the priv-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); } memset(&priv, 0, sizeof(priv)); ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); if (ret) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } if (priv.pvno != 5) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADVERSION; goto failure; } if (priv.msg_type != krb_priv) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto failure; } @@ -93,16 +95,16 @@ krb5_rd_priv(krb5_context context, &priv.enc_part, &plain); krb5_crypto_destroy(context, crypto); - if (ret) + if (ret) goto failure; ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); krb5_data_free (&plain); if (ret) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } - + /* check sender address */ if (part.s_address @@ -110,7 +112,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->remote_address, part.s_address)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -122,7 +124,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->local_address, part.r_address)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -135,7 +137,7 @@ krb5_rd_priv(krb5_context context, if (part.timestamp == NULL || part.usec == NULL || abs(*part.timestamp - sec) > context->max_skew) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_SKEW; goto failure_part; } @@ -152,7 +154,7 @@ krb5_rd_priv(krb5_context context, && auth_context->remote_seqnumber != 0) || (part.seq_number != NULL && *part.seq_number != auth_context->remote_seqnumber)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADORDER; goto failure_part; } @@ -163,11 +165,8 @@ krb5_rd_priv(krb5_context context, if (ret) goto failure_part; - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { - /* if these fields are not present in the priv-part, silently - return zero */ - memset(outdata, 0, sizeof(*outdata)); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c index 8c9b7bb441d..391d81c191b 100644 --- a/crypto/heimdal/lib/krb5/rd_rep.c +++ b/crypto/heimdal/lib/krb5/rd_rep.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include +#include "krb5_locl.h" -RCSID("$Id: rd_rep.c 17890 2006-08-21 09:19:22Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, @@ -48,27 +46,26 @@ krb5_rd_rep(krb5_context context, krb5_crypto crypto; krb5_data_zero (&data); - ret = 0; ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); if (ret) return ret; if (ap_rep.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } if (ap_rep.msg_type != krb_ap_rep) { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) goto out; - ret = krb5_decrypt_EncryptedData (context, - crypto, + ret = krb5_decrypt_EncryptedData (context, + crypto, KRB5_KU_AP_REQ_ENC_PART, &ap_rep.enc_part, &data); @@ -79,25 +76,23 @@ krb5_rd_rep(krb5_context context, *repl = malloc(sizeof(**repl)); if (*repl == NULL) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } - ret = krb5_decode_EncAPRepPart(context, - data.data, - data.length, - *repl, - &len); - if (ret) + ret = decode_EncAPRepPart(data.data, data.length, *repl, &len); + if (ret) { + krb5_set_error_message(context, ret, N_("Failed to decode EncAPRepPart", "")); return ret; - - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + } + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { if ((*repl)->ctime != auth_context->authenticator->ctime || - (*repl)->cusec != auth_context->authenticator->cusec) + (*repl)->cusec != auth_context->authenticator->cusec) { krb5_free_ap_rep_enc_part(context, *repl); *repl = NULL; ret = KRB5KRB_AP_ERR_MUT_FAIL; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } } @@ -106,14 +101,14 @@ krb5_rd_rep(krb5_context context, *((*repl)->seq_number)); if ((*repl)->subkey) krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); - + out: krb5_data_free (&data); free_AP_REP (&ap_rep); return ret; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_free_ap_rep_enc_part (krb5_context context, krb5_ap_rep_enc_part *val) { diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c index 0f33b971645..21daeb596b5 100644 --- a/crypto/heimdal/lib/krb5/rd_req.c +++ b/crypto/heimdal/lib/krb5/rd_req.c @@ -1,39 +1,38 @@ + /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: rd_req.c 22235 2007-12-08 21:52:07Z lha $"); +#include "krb5_locl.h" static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -58,8 +57,11 @@ decrypt_tkt_enc_part (krb5_context context, if (ret) return ret; - ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, - decr_part, &len); + ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len); + if (ret) + krb5_set_error_message(context, ret, + N_("Failed to decode encrypted " + "ticket part", "")); krb5_data_free (&plain); return ret; } @@ -95,13 +97,13 @@ decrypt_authenticator (krb5_context context, if (ret) return ret; - ret = krb5_decode_Authenticator(context, plain.data, plain.length, - authenticator, &len); + ret = decode_Authenticator(plain.data, plain.length, + authenticator, &len); krb5_data_free (&plain); return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decode_ap_req(krb5_context context, const krb5_data *inbuf, krb5_ap_req *ap_req) @@ -113,17 +115,17 @@ krb5_decode_ap_req(krb5_context context, return ret; if (ap_req->pvno != 5){ free_AP_REQ(ap_req); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_BADVERSION; } if (ap_req->msg_type != krb_ap_req){ free_AP_REQ(ap_req); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_MSG_TYPE; } if (ap_req->ticket.tkt_vno != 5){ free_AP_REQ(ap_req); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_BADVERSION; } return 0; @@ -133,10 +135,10 @@ static krb5_error_code check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) { char **realms; - int num_realms; + unsigned int num_realms, n; krb5_error_code ret; - - /* + + /* * Windows 2000 and 2003 uses this inside their TGT so it's normaly * not seen by others, however, samba4 joined with a Windows AD as * a Domain Controller gets exposed to this. @@ -150,15 +152,17 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) if(enc->transited.contents.length == 0) return 0; - ret = krb5_domain_x500_decode(context, enc->transited.contents, - &realms, &num_realms, + ret = krb5_domain_x500_decode(context, enc->transited.contents, + &realms, &num_realms, enc->crealm, ticket->realm); if(ret) return ret; - ret = krb5_check_transited(context, enc->crealm, - ticket->realm, + ret = krb5_check_transited(context, enc->crealm, + ticket->realm, realms, num_realms, NULL); + for (n = 0; n < num_realms; n++) + free(realms[n]); free(realms); return ret; } @@ -173,7 +177,7 @@ find_etypelist(krb5_context context, krb5_authdata adIfRelevant; unsigned i; - adIfRelevant.len = 0; + memset(&adIfRelevant, 0, sizeof(adIfRelevant)); etypes->len = 0; etypes->val = NULL; @@ -209,14 +213,14 @@ find_etypelist(krb5_context context, etypes, NULL); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); free_AD_IF_RELEVANT(&adIfRelevant); return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_decrypt_ticket(krb5_context context, Ticket *ticket, krb5_keyblock *key, @@ -228,7 +232,7 @@ krb5_decrypt_ticket(krb5_context context, ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t); if (ret) return ret; - + { krb5_timestamp now; time_t start = t.authtime; @@ -240,15 +244,15 @@ krb5_decrypt_ticket(krb5_context context, || (t.flags.invalid && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { free_EncTicketPart(&t); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_TKT_NYV; } if(now - t.endtime > context->max_skew) { free_EncTicketPart(&t); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_TKT_EXPIRED; } - + if(!t.flags.transited_policy_checked) { ret = check_transited(context, ticket, &t); if(ret) { @@ -257,7 +261,7 @@ krb5_decrypt_ticket(krb5_context context, } } } - + if(out) *out = t; else @@ -265,7 +269,7 @@ krb5_decrypt_ticket(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_authenticator_checksum(krb5_context context, krb5_auth_context ac, void *data, @@ -275,7 +279,7 @@ krb5_verify_authenticator_checksum(krb5_context context, krb5_keyblock *key; krb5_authenticator authenticator; krb5_crypto crypto; - + ret = krb5_auth_con_getauthenticator (context, ac, &authenticator); @@ -307,7 +311,7 @@ out: } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, @@ -328,7 +332,7 @@ krb5_verify_ap_req(krb5_context context, KRB5_KU_AP_REQ_AUTH); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_ap_req2(krb5_context context, krb5_auth_context *auth_context, krb5_ap_req *ap_req, @@ -343,7 +347,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_auth_context ac; krb5_error_code ret; EtypeList etypes; - + if (ticket) *ticket = NULL; @@ -358,42 +362,37 @@ krb5_verify_ap_req2(krb5_context context, t = calloc(1, sizeof(*t)); if (t == NULL) { ret = ENOMEM; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } if (ap_req->ap_options.use_session_key && ac->keyblock){ - ret = krb5_decrypt_ticket(context, &ap_req->ticket, - ac->keyblock, + ret = krb5_decrypt_ticket(context, &ap_req->ticket, + ac->keyblock, &t->ticket, flags); krb5_free_keyblock(context, ac->keyblock); ac->keyblock = NULL; }else - ret = krb5_decrypt_ticket(context, &ap_req->ticket, - keyblock, + ret = krb5_decrypt_ticket(context, &ap_req->ticket, + keyblock, &t->ticket, flags); - + if(ret) goto out; ret = _krb5_principalname2krb5_principal(context, &t->server, - ap_req->ticket.sname, + ap_req->ticket.sname, ap_req->ticket.realm); if (ret) goto out; ret = _krb5_principalname2krb5_principal(context, &t->client, - t->ticket.cname, + t->ticket.cname, t->ticket.crealm); if (ret) goto out; - /* save key */ - - ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); - if (ret) goto out; - ret = decrypt_authenticator (context, &t->ticket.key, &ap_req->authenticator, @@ -405,13 +404,13 @@ krb5_verify_ap_req2(krb5_context context, { krb5_principal p1, p2; krb5_boolean res; - + _krb5_principalname2krb5_principal(context, &p1, ac->authenticator->cname, ac->authenticator->crealm); _krb5_principalname2krb5_principal(context, - &p2, + &p2, t->ticket.cname, t->ticket.crealm); res = krb5_principal_compare (context, p1, p2); @@ -419,7 +418,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_free_principal (context, p2); if (!res) { ret = KRB5KRB_AP_ERR_BADMATCH; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } } @@ -432,7 +431,7 @@ krb5_verify_ap_req2(krb5_context context, ac->remote_address, t->ticket.caddr)) { ret = KRB5KRB_AP_ERR_BADADDR; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } @@ -444,7 +443,7 @@ krb5_verify_ap_req2(krb5_context context, if (abs(ac->authenticator->ctime - now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } } @@ -469,7 +468,7 @@ krb5_verify_ap_req2(krb5_context context, ac->keytype = ETYPE_NULL; if (etypes.val) { - int i; + size_t i; for (i = 0; i < etypes.len; i++) { if (krb5_enctype_valid(context, etypes.val[i]) == 0) { @@ -479,6 +478,10 @@ krb5_verify_ap_req2(krb5_context context, } } + /* save key */ + ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); + if (ret) goto out; + if (ap_req_options) { *ap_req_options = 0; if (ac->keytype != ETYPE_NULL) @@ -507,7 +510,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_auth_con_free (context, ac); return ret; } - + /* * */ @@ -522,47 +525,72 @@ struct krb5_rd_req_out_ctx_data { krb5_keyblock *keyblock; krb5_flags ap_req_options; krb5_ticket *ticket; + krb5_principal server; }; -/* +/** + * Allocate a krb5_rd_req_in_ctx as an input parameter to + * krb5_rd_req_ctx(). The caller should free the context with + * krb5_rd_req_in_ctx_free() when done with the context. * + * @param context Keberos 5 context. + * @param ctx in ctx to krb5_rd_req_ctx(). + * + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0; return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keytab(krb5_context context, +/** + * Set the keytab that krb5_rd_req_ctx() will use. + * + * @param context Keberos 5 context. + * @param in in ctx to krb5_rd_req_ctx(). + * @param keytab keytab that krb5_rd_req_ctx() will use, only copy the + * pointer, so the caller must free they keytab after + * krb5_rd_req_in_ctx_free() is called. + * + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_set_keytab(krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab) { - in->keytab = keytab; /* XXX should make copy */ + in->keytab = keytab; return 0; } /** * Set if krb5_rq_red() is going to check the Windows PAC or not - * + * * @param context Keberos 5 context. * @param in krb5_rd_req_in_ctx to check the option on. * @param flag flag to select if to check the pac (TRUE) or not (FALSE). * * @return Kerberos 5 error code, see krb5_get_error_message(). * - * @ingroup krb5 + * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_pac_check(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_set_pac_check(krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag) { @@ -571,8 +599,8 @@ krb5_rd_req_in_set_pac_check(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keyblock(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_in_set_keyblock(krb5_context context, krb5_rd_req_in_ctx in, krb5_keyblock *keyblock) { @@ -580,8 +608,8 @@ krb5_rd_req_in_set_keyblock(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ap_req_options(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_ap_req_options(krb5_context context, krb5_rd_req_out_ctx out, krb5_flags *ap_req_options) { @@ -589,43 +617,66 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ticket(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_ticket(krb5_context context, krb5_rd_req_out_ctx out, krb5_ticket **ticket) { return krb5_copy_ticket(context, out->ticket, ticket); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_keyblock(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_keyblock(krb5_context context, krb5_rd_req_out_ctx out, krb5_keyblock **keyblock) { return krb5_copy_keyblock(context, out->keyblock, keyblock); } -void KRB5_LIB_FUNCTION +/** + * Get the principal that was used in the request from the + * client. Might not match whats in the ticket if krb5_rd_req_ctx() + * searched in the keytab for a matching key. + * + * @param context a Kerberos 5 context. + * @param out a krb5_rd_req_out_ctx from krb5_rd_req_ctx(). + * @param principal return principal, free with krb5_free_principal(). + * + * @ingroup krb5_auth + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_rd_req_out_get_server(krb5_context context, + krb5_rd_req_out_ctx out, + krb5_principal *principal) +{ + return krb5_copy_principal(context, out->server, principal); +} + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_in_ctx_free(krb5_context context, krb5_rd_req_in_ctx ctx) { free(ctx); } -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx) -{ - *ctx = calloc(1, sizeof(**ctx)); - if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } - return 0; -} +/** + * Free the krb5_rd_req_out_ctx. + * + * @param context Keberos 5 context. + * @param ctx krb5_rd_req_out_ctx context to free. + * + * @ingroup krb5_auth + */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) { - krb5_free_keyblock(context, ctx->keyblock); + if (ctx->ticket) + krb5_free_ticket(context, ctx->ticket); + if (ctx->keyblock) + krb5_free_keyblock(context, ctx->keyblock); + if (ctx->server) + krb5_free_principal(context, ctx->server); free(ctx); } @@ -633,7 +684,7 @@ krb5_rd_req_out_ctx_free(krb5_context context, krb5_rd_req_out_ctx ctx) * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -649,7 +700,7 @@ krb5_rd_req(krb5_context context, ret = krb5_rd_req_in_ctx_alloc(context, &in); if (ret) return ret; - + ret = krb5_rd_req_in_set_keytab(context, in, keytab); if (ret) { krb5_rd_req_in_ctx_free(context, in); @@ -678,7 +729,7 @@ out: * */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_with_keyblock(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -694,7 +745,7 @@ krb5_rd_req_with_keyblock(krb5_context context, ret = krb5_rd_req_in_ctx_alloc(context, &in); if (ret) return ret; - + ret = krb5_rd_req_in_set_keyblock(context, in, keyblock); if (ret) { krb5_rd_req_in_ctx_free(context, in); @@ -725,7 +776,6 @@ out: static krb5_error_code get_key_from_keytab(krb5_context context, - krb5_auth_context *auth_context, krb5_ap_req *ap_req, krb5_const_principal server, krb5_keytab keytab, @@ -740,7 +790,7 @@ get_key_from_keytab(krb5_context context, krb5_kt_default(context, &real_keytab); else real_keytab = keytab; - + if (ap_req->ticket.enc_part.kvno) kvno = *ap_req->ticket.enc_part.kvno; else @@ -756,18 +806,38 @@ get_key_from_keytab(krb5_context context, goto out; ret = krb5_copy_keyblock(context, &entry.keyblock, out_key); krb5_kt_free_entry (context, &entry); -out: +out: if(keytab == NULL) krb5_kt_close(context, real_keytab); - + return ret; } -/* +/** + * The core server function that verify application authentication + * requests from clients. * + * @param context Keberos 5 context. + * @param auth_context the authentication context, can be NULL, then + * default values for the authentication context will used. + * @param inbuf the (AP-REQ) authentication buffer + * + * @param server the server with authenticate as, if NULL the function + * will try to find any available credential in the keytab + * that will verify the reply. The function will prefer the + * server the server client specified in the AP-REQ, but if + * there is no mach, it will try all keytab entries for a + * match. This have serious performance issues for larger keytabs. + * + * @param inctx control the behavior of the function, if NULL, the + * default behavior is used. + * @param outctx the return outctx, free with krb5_rd_req_out_ctx_free(). + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_auth */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_req_ctx(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, @@ -777,12 +847,18 @@ krb5_rd_req_ctx(krb5_context context, { krb5_error_code ret; krb5_ap_req ap_req; - krb5_principal service = NULL; krb5_rd_req_out_ctx o = NULL; + krb5_keytab id = NULL, keytab = NULL; + krb5_principal service = NULL; - ret = _krb5_rd_req_out_ctx_alloc(context, &o); - if (ret) - goto out; + *outctx = NULL; + + o = calloc(1, sizeof(*o)); + if (o == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); @@ -794,66 +870,171 @@ krb5_rd_req_ctx(krb5_context context, if(ret) goto out; - if(server == NULL){ - ret = _krb5_principalname2krb5_principal(context, - &service, - ap_req.ticket.sname, - ap_req.ticket.realm); - if (ret) - goto out; - server = service; - } + /* Save that principal that was in the request */ + ret = _krb5_principalname2krb5_principal(context, + &o->server, + ap_req.ticket.sname, + ap_req.ticket.realm); + if (ret) + goto out; + if (ap_req.ap_options.use_session_key && (*auth_context)->keyblock == NULL) { - krb5_set_error_string(context, "krb5_rd_req: user to user auth " - "without session key given"); ret = KRB5KRB_AP_ERR_NOKEY; + krb5_set_error_message(context, ret, + N_("krb5_rd_req: user to user auth " + "without session key given", "")); goto out; } + if (inctx && inctx->keytab) + id = inctx->keytab; + if((*auth_context)->keyblock){ ret = krb5_copy_keyblock(context, (*auth_context)->keyblock, &o->keyblock); if (ret) goto out; - } else if(inctx->keyblock){ + } else if(inctx && inctx->keyblock){ ret = krb5_copy_keyblock(context, inctx->keyblock, &o->keyblock); if (ret) goto out; } else { - krb5_keytab keytab = NULL; - if (inctx && inctx->keytab) - keytab = inctx->keytab; + if(id == NULL) { + krb5_kt_default(context, &keytab); + id = keytab; + } + if (id == NULL) + goto out; - ret = get_key_from_keytab(context, - auth_context, + if (server == NULL) { + ret = _krb5_principalname2krb5_principal(context, + &service, + ap_req.ticket.sname, + ap_req.ticket.realm); + if (ret) + goto out; + server = service; + } + + ret = get_key_from_keytab(context, &ap_req, server, - keytab, + id, &o->keyblock); - if(ret) - goto out; + if (ret) { + /* If caller specified a server, fail. */ + if (service == NULL && (context->flags & KRB5_CTX_F_RD_REQ_IGNORE) == 0) + goto out; + /* Otherwise, fall back to iterating over the keytab. This + * have serious performace issues for larger keytab. + */ + o->keyblock = NULL; + } } - ret = krb5_verify_ap_req2(context, - auth_context, - &ap_req, - server, - o->keyblock, - 0, - &o->ap_req_options, - &o->ticket, - KRB5_KU_AP_REQ_AUTH); + if (o->keyblock) { + /* + * We got an exact keymatch, use that. + */ - if (ret) - goto out; + ret = krb5_verify_ap_req2(context, + auth_context, + &ap_req, + server, + o->keyblock, + 0, + &o->ap_req_options, + &o->ticket, + KRB5_KU_AP_REQ_AUTH); + + if (ret) + goto out; + + } else { + /* + * Interate over keytab to find a key that can decrypt the request. + */ + + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + int done = 0, kvno = 0; + + memset(&cursor, 0, sizeof(cursor)); + + if (ap_req.ticket.enc_part.kvno) + kvno = *ap_req.ticket.enc_part.kvno; + + ret = krb5_kt_start_seq_get(context, id, &cursor); + if (ret) + goto out; + + done = 0; + while (!done) { + krb5_principal p; + + ret = krb5_kt_next_entry(context, id, &entry, &cursor); + if (ret) { + _krb5_kt_principal_not_found(context, ret, id, o->server, + ap_req.ticket.enc_part.etype, + kvno); + goto out; + } + + if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype) { + krb5_kt_free_entry (context, &entry); + continue; + } + + ret = krb5_verify_ap_req2(context, + auth_context, + &ap_req, + server, + &entry.keyblock, + 0, + &o->ap_req_options, + &o->ticket, + KRB5_KU_AP_REQ_AUTH); + if (ret) { + krb5_kt_free_entry (context, &entry); + continue; + } + + /* + * Found a match, save the keyblock for PAC processing, + * and update the service principal in the ticket to match + * whatever is in the keytab. + */ + + ret = krb5_copy_keyblock(context, + &entry.keyblock, + &o->keyblock); + if (ret) { + krb5_kt_free_entry (context, &entry); + goto out; + } + + ret = krb5_copy_principal(context, entry.principal, &p); + if (ret) { + krb5_kt_free_entry (context, &entry); + goto out; + } + krb5_free_principal(context, o->ticket->server); + o->ticket->server = p; + + krb5_kt_free_entry (context, &entry); + + done = 1; + } + krb5_kt_end_seq_get (context, id, &cursor); + } /* If there is a PAC, verify its server signature */ - if (inctx->check_pac) { + if (inctx == NULL || inctx->check_pac) { krb5_pac pac; krb5_data data; @@ -866,27 +1047,33 @@ krb5_rd_req_ctx(krb5_context context, krb5_data_free(&data); if (ret) goto out; - + ret = krb5_pac_verify(context, - pac, + pac, o->ticket->ticket.authtime, - o->ticket->client, - o->keyblock, + o->ticket->client, + o->keyblock, NULL); krb5_pac_free(context, pac); if (ret) goto out; - } - ret = 0; + } else + ret = 0; } out: + if (ret || outctx == NULL) { krb5_rd_req_out_ctx_free(context, o); - } else + } else *outctx = o; free_AP_REQ(&ap_req); - if(service) + + if (service) krb5_free_principal(context, service); + + if (keytab) + krb5_kt_close(context, keytab); + return ret; } diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index b2fb5c59d77..e62906b1f72 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -1,39 +1,37 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#include - -RCSID("$Id: rd_safe.c 19827 2007-01-11 02:54:59Z lha $"); +#include "krb5_locl.h" static krb5_error_code verify_checksum(krb5_context context, @@ -43,7 +41,7 @@ verify_checksum(krb5_context context, krb5_error_code ret; u_char *buf; size_t buf_size; - size_t len; + size_t len = 0; Checksum c; krb5_crypto crypto; krb5_keyblock *key; @@ -82,7 +80,7 @@ out: return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, @@ -93,33 +91,39 @@ krb5_rd_safe(krb5_context context, KRB_SAFE safe; size_t len; - if (outbuf) - krb5_data_zero(outbuf); + krb5_data_zero(outbuf); - if ((auth_context->flags & - (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - outdata == NULL) { - krb5_set_error_string(context, "rd_safe: need outdata to return data"); - return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + if ((auth_context->flags & + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) + { + if (outdata == NULL) { + krb5_set_error_message(context, KRB5_RC_REQUIRED, + N_("rd_safe: need outdata " + "to return data", "")); + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + } + /* if these fields are not present in the safe-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); } ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len); - if (ret) + if (ret) return ret; if (safe.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } if (safe.msg_type != krb_safe) { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype) || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) { ret = KRB5KRB_AP_ERR_INAPP_CKSUM; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } @@ -131,7 +135,7 @@ krb5_rd_safe(krb5_context context, auth_context->remote_address, safe.safe_body.s_address)) { ret = KRB5KRB_AP_ERR_BADADDR; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } @@ -143,7 +147,7 @@ krb5_rd_safe(krb5_context context, auth_context->local_address, safe.safe_body.r_address)) { ret = KRB5KRB_AP_ERR_BADADDR; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } @@ -157,7 +161,7 @@ krb5_rd_safe(krb5_context context, safe.safe_body.usec == NULL || abs(*safe.safe_body.timestamp - sec) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } } @@ -174,7 +178,7 @@ krb5_rd_safe(krb5_context context, && *safe.safe_body.seq_number != auth_context->remote_seqnumber)) { ret = KRB5KRB_AP_ERR_BADORDER; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } auth_context->remote_seqnumber++; @@ -183,22 +187,20 @@ krb5_rd_safe(krb5_context context, ret = verify_checksum (context, auth_context, &safe); if (ret) goto failure; - + outbuf->length = safe.safe_body.user_data.length; outbuf->data = malloc(outbuf->length); if (outbuf->data == NULL && outbuf->length != 0) { ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); krb5_data_zero(outbuf); goto failure; } memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length); - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { - /* if these fields are not present in the safe-part, silently - return zero */ - memset(outdata, 0, sizeof(*outdata)); + if(safe.safe_body.timestamp) outdata->timestamp = *safe.safe_body.timestamp; if(safe.safe_body.usec) diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c index 5e03507b66a..4e9bd012dd6 100644 --- a/crypto/heimdal/lib/krb5/read_message.c +++ b/crypto/heimdal/lib/krb5/read_message.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: read_message.c 21750 2007-07-31 20:41:25Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_message (krb5_context context, krb5_pointer p_fd, krb5_data *data) @@ -49,29 +47,29 @@ krb5_read_message (krb5_context context, ret = krb5_net_read (context, p_fd, buf, 4); if(ret == -1) { ret = errno; - krb5_clear_error_string (context); + krb5_clear_error_message (context); return ret; } if(ret < 4) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return HEIM_ERR_EOF; } len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; ret = krb5_data_alloc (data, len); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if (krb5_net_read (context, p_fd, data->data, len) != len) { ret = errno; krb5_data_free (data); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return ret; } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_priv_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, @@ -88,7 +86,7 @@ krb5_read_priv_message(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_read_safe_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c index 03482851268..78e98a10fc1 100644 --- a/crypto/heimdal/lib/krb5/recvauth.c +++ b/crypto/heimdal/lib/krb5/recvauth.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: recvauth.c 20306 2007-04-11 11:15:55Z lha $"); - /* * See `sendauth.c' for the format. */ @@ -45,7 +43,7 @@ match_exact(const void *data, const char *appl_version) return strcmp(data, appl_version) == 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, @@ -61,11 +59,11 @@ krb5_recvauth(krb5_context context, keytab, ticket); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_recvauth_match_version(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, - krb5_boolean (*match_appl_version)(const void *, + krb5_boolean (*match_appl_version)(const void *, const char*), const void *match_data, krb5_principal server, @@ -103,11 +101,12 @@ krb5_recvauth_match_version(krb5_context context, n = krb5_net_read (context, p_fd, &len, 4); if (n < 0) { ret = errno; - krb5_set_error_string (context, "read: %s", strerror(errno)); + krb5_set_error_message(context, ret, "read: %s", strerror(ret)); return ret; } if (n == 0) { - krb5_set_error_string (context, "Failed to receive sendauth data"); + krb5_set_error_message(context, KRB5_SENDAUTH_BADAUTHVERS, + N_("Failed to receive sendauth data", "")); return KRB5_SENDAUTH_BADAUTHVERS; } len = ntohl(len); @@ -116,7 +115,7 @@ krb5_recvauth_match_version(krb5_context context, || strncmp (version, her_version, len)) { repl = 1; krb5_net_write (context, p_fd, &repl, 1); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_SENDAUTH_BADAUTHVERS; } } @@ -124,11 +123,11 @@ krb5_recvauth_match_version(krb5_context context, n = krb5_net_read (context, p_fd, &len, 4); if (n < 0) { ret = errno; - krb5_set_error_string (context, "read: %s", strerror(errno)); + krb5_set_error_message(context, ret, "read: %s", strerror(ret)); return ret; } if (n == 0) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_SENDAUTH_BADAPPLVERS; } len = ntohl(len); @@ -136,14 +135,16 @@ krb5_recvauth_match_version(krb5_context context, if (her_appl_version == NULL) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if (krb5_net_read (context, p_fd, her_appl_version, len) != len || !(*match_appl_version)(match_data, her_appl_version)) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); - krb5_set_error_string (context, "wrong sendauth version (%s)", + krb5_set_error_message(context, KRB5_SENDAUTH_BADAPPLVERS, + N_("wrong sendauth version (%s)", ""), her_appl_version); free (her_appl_version); return KRB5_SENDAUTH_BADAPPLVERS; @@ -153,7 +154,7 @@ krb5_recvauth_match_version(krb5_context context, repl = 0; if (krb5_net_write (context, p_fd, &repl, 1) != 1) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(errno)); + krb5_set_error_message(context, ret, "write: %s", strerror(ret)); return ret; } @@ -188,23 +189,31 @@ krb5_recvauth_match_version(krb5_context context, krb5_data_free (&error_data); } return ret; - } + } len = 0; if (krb5_net_write (context, p_fd, &len, 4) != 4) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(errno)); + krb5_set_error_message(context, ret, "write: %s", strerror(ret)); + krb5_free_ticket(context, *ticket); + *ticket = NULL; return ret; } if (ap_options & AP_OPTS_MUTUAL_REQUIRED) { ret = krb5_mk_rep (context, *auth_context, &data); - if (ret) + if (ret) { + krb5_free_ticket(context, *ticket); + *ticket = NULL; return ret; + } ret = krb5_write_message (context, p_fd, &data); - if (ret) + if (ret) { + krb5_free_ticket(context, *ticket); + *ticket = NULL; return ret; + } krb5_data_free (&data); } return 0; diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c index 12894d96a95..965dd44437d 100644 --- a/crypto/heimdal/lib/krb5/replay.c +++ b/crypto/heimdal/lib/krb5/replay.c @@ -1,78 +1,79 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include -RCSID("$Id: replay.c 17047 2006-04-10 17:13:49Z lha $"); - struct krb5_rcache_data { char *name; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve(krb5_context context, krb5_rcache id, const char *name) { id->name = strdup(name); if(id->name == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_RC_MALLOC, + N_("malloc: out of memory", "")); return KRB5_RC_MALLOC; } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) { *id = NULL; if(strcmp(type, "FILE")) { - krb5_set_error_string (context, "replay cache type %s not supported", - type); + krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND, + N_("replay cache type %s not supported", ""), + type); return KRB5_RC_TYPE_NOTFOUND; } *id = calloc(1, sizeof(**id)); if(*id == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_RC_MALLOC, + N_("malloc: out of memory", "")); return KRB5_RC_MALLOC; } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_resolve_full(krb5_context context, krb5_rcache *id, const char *string_name) @@ -82,7 +83,8 @@ krb5_rc_resolve_full(krb5_context context, *id = NULL; if(strncmp(string_name, "FILE:", 5)) { - krb5_set_error_string (context, "replay cache type %s not supported", + krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND, + N_("replay cache type %s not supported", ""), string_name); return KRB5_RC_TYPE_NOTFOUND; } @@ -97,19 +99,19 @@ krb5_rc_resolve_full(krb5_context context, return ret; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_name(krb5_context context) { return "FILE:/var/run/default_rcache"; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_default_type(krb5_context context) { return "FILE"; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_default(krb5_context context, krb5_rcache *id) { @@ -121,7 +123,7 @@ struct rc_entry{ unsigned char data[16]; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_initialize(krb5_context context, krb5_rcache id, krb5_deltat auth_lifespan) @@ -131,9 +133,10 @@ krb5_rc_initialize(krb5_context context, int ret; if(f == NULL) { + char buf[128]; ret = errno; - krb5_set_error_string (context, "open(%s): %s", id->name, - strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } tmp.stamp = auth_lifespan; @@ -142,29 +145,30 @@ krb5_rc_initialize(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_recover(krb5_context context, krb5_rcache id) { return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_destroy(krb5_context context, krb5_rcache id) { int ret; if(remove(id->name) < 0) { + char buf[128]; ret = errno; - krb5_set_error_string (context, "remove(%s): %s", id->name, - strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf); return ret; } return krb5_rc_close(context, id); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_close(krb5_context context, krb5_rcache id) { @@ -176,20 +180,23 @@ krb5_rc_close(krb5_context context, static void checksum_authenticator(Authenticator *auth, void *data) { - MD5_CTX md5; - int i; + EVP_MD_CTX *m = EVP_MD_CTX_create(); + unsigned i; - MD5_Init (&md5); - MD5_Update (&md5, auth->crealm, strlen(auth->crealm)); + EVP_DigestInit_ex(m, EVP_md5(), NULL); + + EVP_DigestUpdate(m, auth->crealm, strlen(auth->crealm)); for(i = 0; i < auth->cname.name_string.len; i++) - MD5_Update(&md5, auth->cname.name_string.val[i], + EVP_DigestUpdate(m, auth->cname.name_string.val[i], strlen(auth->cname.name_string.val[i])); - MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime)); - MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec)); - MD5_Final (data, &md5); + EVP_DigestUpdate(m, &auth->ctime, sizeof(auth->ctime)); + EVP_DigestUpdate(m, &auth->cusec, sizeof(auth->cusec)); + + EVP_DigestFinal_ex(m, data, NULL); + EVP_MD_CTX_destroy(m); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) @@ -203,11 +210,13 @@ krb5_rc_store(krb5_context context, checksum_authenticator(rep, ent.data); f = fopen(id->name, "r"); if(f == NULL) { + char buf[128]; ret = errno; - krb5_set_error_string (context, "open(%s): %s", id->name, - strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } + rk_cloexec_file(f); fread(&tmp, sizeof(ent), 1, f); t = ent.stamp - tmp.stamp; while(fread(&tmp, sizeof(ent), 1, f)){ @@ -215,21 +224,26 @@ krb5_rc_store(krb5_context context, continue; if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ fclose(f); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_RC_REPLAY; } } if(ferror(f)){ + char buf[128]; ret = errno; fclose(f); - krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); + rk_strerror_r(ret, buf, sizeof(buf)); + krb5_set_error_message(context, ret, "%s: %s", + id->name, buf); return ret; } fclose(f); f = fopen(id->name, "a"); if(f == NULL) { - krb5_set_error_string (context, "open(%s): %s", id->name, - strerror(errno)); + char buf[128]; + rk_strerror_r(errno, buf, sizeof(buf)); + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "open(%s): %s", id->name, buf); return KRB5_RC_IO_UNKNOWN; } fwrite(&ent, 1, sizeof(ent), f); @@ -237,14 +251,14 @@ krb5_rc_store(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_expunge(krb5_context context, krb5_rcache id) { return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_rc_get_lifespan(krb5_context context, krb5_rcache id, krb5_deltat *auth_lifespan) @@ -258,27 +272,27 @@ krb5_rc_get_lifespan(krb5_context context, *auth_lifespan = ent.stamp; return 0; } - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_RC_IO_UNKNOWN; } -const char* KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_name(krb5_context context, krb5_rcache id) { return id->name; } - -const char* KRB5_LIB_FUNCTION + +KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL krb5_rc_get_type(krb5_context context, krb5_rcache id) { return "FILE"; } - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_server_rcache(krb5_context context, - const krb5_data *piece, + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_server_rcache(krb5_context context, + const krb5_data *piece, krb5_rcache *id) { krb5_rcache rcache; @@ -288,18 +302,20 @@ krb5_get_server_rcache(krb5_context context, char *name; if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); #ifdef HAVE_GETEUID - asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid()); + ret = asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid()); #else - asprintf(&name, "FILE:rc_%s", tmp); + ret = asprintf(&name, "FILE:rc_%s", tmp); #endif free(tmp); - if(name == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + if(ret < 0 || name == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } diff --git a/crypto/heimdal/lib/krb5/salt-aes.c b/crypto/heimdal/lib/krb5/salt-aes.c new file mode 100644 index 00000000000..32dafd68cb8 --- /dev/null +++ b/crypto/heimdal/lib/krb5/salt-aes.c @@ -0,0 +1,103 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +int _krb5_AES_string_to_default_iterator = 4096; + +static krb5_error_code +AES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + uint32_t iter; + struct _krb5_encryption_type *et; + struct _krb5_key_data kd; + + if (opaque.length == 0) + iter = _krb5_AES_string_to_default_iterator; + else if (opaque.length == 4) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 4); + iter = ((uint32_t)v); + } else + return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ + + et = _krb5_find_enctype(enctype); + if (et == NULL) + return KRB5_PROG_KEYTYPE_NOSUPP; + + kd.schedule = NULL; + ALLOC(kd.key, 1); + if(kd.key == NULL) { + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + kd.key->keytype = enctype; + ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); + if (ret) { + krb5_set_error_message (context, ret, N_("malloc: out of memory", "")); + return ret; + } + + ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + iter, + et->keytype->size, kd.key->keyvalue.data); + if (ret != 1) { + _krb5_free_key_data(context, &kd, et); + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "Error calculating s2k"); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + ret = _krb5_derive_key(context, et, &kd, "kerberos", strlen("kerberos")); + if (ret == 0) + ret = krb5_copy_keyblock_contents(context, kd.key, key); + _krb5_free_key_data(context, &kd, et); + + return ret; +} + +struct salt_type _krb5_AES_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + AES_string_to_key + }, + { 0 } +}; diff --git a/crypto/heimdal/lib/krb5/salt-arcfour.c b/crypto/heimdal/lib/krb5/salt-arcfour.c new file mode 100644 index 00000000000..ab5e51270c8 --- /dev/null +++ b/crypto/heimdal/lib/krb5/salt-arcfour.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +static krb5_error_code +ARCFOUR_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + uint16_t *s = NULL; + size_t len = 0, i; + EVP_MD_CTX *m; + + m = EVP_MD_CTX_create(); + if (m == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; + } + + EVP_DigestInit_ex(m, EVP_md4(), NULL); + + ret = wind_utf8ucs2_length(password.data, &len); + if (ret) { + krb5_set_error_message (context, ret, + N_("Password not an UCS2 string", "")); + goto out; + } + + s = malloc (len * sizeof(s[0])); + if (len != 0 && s == NULL) { + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); + ret = ENOMEM; + goto out; + } + + ret = wind_utf8ucs2(password.data, s, &len); + if (ret) { + krb5_set_error_message (context, ret, + N_("Password not an UCS2 string", "")); + goto out; + } + + /* LE encoding */ + for (i = 0; i < len; i++) { + unsigned char p; + p = (s[i] & 0xff); + EVP_DigestUpdate (m, &p, 1); + p = (s[i] >> 8) & 0xff; + EVP_DigestUpdate (m, &p, 1); + } + + key->keytype = enctype; + ret = krb5_data_alloc (&key->keyvalue, 16); + if (ret) { + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); + goto out; + } + EVP_DigestFinal_ex (m, key->keyvalue.data, NULL); + + out: + EVP_MD_CTX_destroy(m); + if (s) + memset (s, 0, len); + free (s); + return ret; +} + +struct salt_type _krb5_arcfour_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + ARCFOUR_string_to_key + }, + { 0 } +}; diff --git a/crypto/heimdal/lib/krb5/salt-des.c b/crypto/heimdal/lib/krb5/salt-des.c new file mode 100644 index 00000000000..56b285f72ed --- /dev/null +++ b/crypto/heimdal/lib/krb5/salt-des.c @@ -0,0 +1,224 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifdef HEIM_WEAK_CRYPTO + +#ifdef ENABLE_AFS_STRING_TO_KEY + +/* This defines the Andrew string_to_key function. It accepts a password + * string as input and converts it via a one-way encryption algorithm to a DES + * encryption key. It is compatible with the original Andrew authentication + * service password database. + */ + +/* + * Short passwords, i.e 8 characters or less. + */ +static void +krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, + krb5_data cell, + DES_cblock *key) +{ + char password[8+1]; /* crypt is limited to 8 chars anyway */ + size_t i; + + for(i = 0; i < 8; i++) { + char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ + ((i < cell.length) ? + tolower(((unsigned char*)cell.data)[i]) : 0); + password[i] = c ? c : 'X'; + } + password[8] = '\0'; + + memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); + + /* parity is inserted into the LSB so left shift each byte up one + bit. This allows ascii characters with a zero MSB to retain as + much significance as possible. */ + for (i = 0; i < sizeof(DES_cblock); i++) + ((unsigned char*)key)[i] <<= 1; + DES_set_odd_parity (key); +} + +/* + * Long passwords, i.e 9 characters or more. + */ +static void +krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, + krb5_data cell, + DES_cblock *key) +{ + DES_key_schedule schedule; + DES_cblock temp_key; + DES_cblock ivec; + char password[512]; + size_t passlen; + + memcpy(password, pw.data, min(pw.length, sizeof(password))); + if(pw.length < sizeof(password)) { + int len = min(cell.length, sizeof(password) - pw.length); + size_t i; + + memcpy(password + pw.length, cell.data, len); + for (i = pw.length; i < pw.length + len; ++i) + password[i] = tolower((unsigned char)password[i]); + } + passlen = min(sizeof(password), pw.length + cell.length); + memcpy(&ivec, "kerberos", 8); + memcpy(&temp_key, "kerberos", 8); + DES_set_odd_parity (&temp_key); + DES_set_key_unchecked (&temp_key, &schedule); + DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); + + memcpy(&temp_key, &ivec, 8); + DES_set_odd_parity (&temp_key); + DES_set_key_unchecked (&temp_key, &schedule); + DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); + memset(&schedule, 0, sizeof(schedule)); + memset(&temp_key, 0, sizeof(temp_key)); + memset(&ivec, 0, sizeof(ivec)); + memset(password, 0, sizeof(password)); + + DES_set_odd_parity (key); +} + +static krb5_error_code +DES_AFS3_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + DES_cblock tmp; + if(password.length > 8) + krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); + else + krb5_DES_AFS3_CMU_string_to_key(password, salt.saltvalue, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&key, 0, sizeof(key)); + return 0; +} +#endif /* ENABLE_AFS_STRING_TO_KEY */ + +static void +DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) +{ + DES_key_schedule schedule; + size_t i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key_unchecked(key, &schedule); + DES_cbc_cksum((void*)data, key, length, &schedule, key); + memset(&schedule, 0, sizeof(schedule)); + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; +} + +static krb5_error_code +krb5_DES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + unsigned char *s; + size_t len; + DES_cblock tmp; + +#ifdef ENABLE_AFS_STRING_TO_KEY + if (opaque.length == 1) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 1); + if (v == 1) + return DES_AFS3_string_to_key(context, enctype, password, + salt, opaque, key); + } +#endif + + len = password.length + salt.saltvalue.length; + s = malloc(len); + if(len > 0 && s == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + DES_string_to_key_int(s, len, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&tmp, 0, sizeof(tmp)); + memset(s, 0, len); + free(s); + return 0; +} + +struct salt_type _krb5_des_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + krb5_DES_string_to_key + }, +#ifdef ENABLE_AFS_STRING_TO_KEY + { + KRB5_AFS3_SALT, + "afs3-salt", + DES_AFS3_string_to_key + }, +#endif + { 0 } +}; +#endif diff --git a/crypto/heimdal/lib/krb5/salt-des3.c b/crypto/heimdal/lib/krb5/salt-des3.c new file mode 100644 index 00000000000..79140a274f9 --- /dev/null +++ b/crypto/heimdal/lib/krb5/salt-des3.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifdef DES3_OLD_ENCTYPE +static krb5_error_code +DES3_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + char *str; + size_t len; + unsigned char tmp[24]; + DES_cblock keys[3]; + krb5_error_code ret; + + len = password.length + salt.saltvalue.length; + str = malloc(len); + if(len != 0 && str == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + memcpy(str, password.data, password.length); + memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); + { + DES_cblock ivec; + DES_key_schedule s[3]; + int i; + + ret = _krb5_n_fold(str, len, tmp, 24); + if (ret) { + memset(str, 0, len); + free(str); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + return ret; + } + + for(i = 0; i < 3; i++){ + memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); + DES_set_odd_parity(keys + i); + if(DES_is_weak_key(keys + i)) + _krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + DES_set_key_unchecked(keys + i, &s[i]); + } + memset(&ivec, 0, sizeof(ivec)); + DES_ede3_cbc_encrypt(tmp, + tmp, sizeof(tmp), + &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); + memset(s, 0, sizeof(s)); + memset(&ivec, 0, sizeof(ivec)); + for(i = 0; i < 3; i++){ + memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); + DES_set_odd_parity(keys + i); + if(DES_is_weak_key(keys + i)) + _krb5_xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + } + memset(tmp, 0, sizeof(tmp)); + } + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); + memset(keys, 0, sizeof(keys)); + memset(str, 0, len); + free(str); + return 0; +} +#endif + +static krb5_error_code +DES3_string_to_key_derived(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + size_t len = password.length + salt.saltvalue.length; + char *s; + + s = malloc(len); + if(len != 0 && s == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + ret = krb5_string_to_key_derived(context, + s, + len, + enctype, + key); + memset(s, 0, len); + free(s); + return ret; +} + + +#ifdef DES3_OLD_ENCTYPE +struct salt_type _krb5_des3_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + DES3_string_to_key + }, + { 0 } +}; +#endif + +struct salt_type _krb5_des3_salt_derived[] = { + { + KRB5_PW_SALT, + "pw-salt", + DES3_string_to_key_derived + }, + { 0 } +}; diff --git a/crypto/heimdal/lib/krb5/salt.c b/crypto/heimdal/lib/krb5/salt.c new file mode 100644 index 00000000000..5e4c8a1c857 --- /dev/null +++ b/crypto/heimdal/lib/krb5/salt.c @@ -0,0 +1,305 @@ +/* + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +/* coverity[+alloc : arg-*3] */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_salttype_to_string (krb5_context context, + krb5_enctype etype, + krb5_salttype stype, + char **string) +{ + struct _krb5_encryption_type *e; + struct salt_type *st; + + e = _krb5_find_enctype (etype); + if (e == NULL) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + for (st = e->keytype->string_to_key; st && st->type; st++) { + if (st->type == stype) { + *string = strdup (st->name); + if (*string == NULL) { + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + return 0; + } + } + krb5_set_error_message (context, HEIM_ERR_SALTTYPE_NOSUPP, + "salttype %d not supported", stype); + return HEIM_ERR_SALTTYPE_NOSUPP; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_salttype (krb5_context context, + krb5_enctype etype, + const char *string, + krb5_salttype *salttype) +{ + struct _krb5_encryption_type *e; + struct salt_type *st; + + e = _krb5_find_enctype (etype); + if (e == NULL) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + for (st = e->keytype->string_to_key; st && st->type; st++) { + if (strcasecmp (st->name, string) == 0) { + *salttype = st->type; + return 0; + } + } + krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, + N_("salttype %s not supported", ""), string); + return HEIM_ERR_SALTTYPE_NOSUPP; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_pw_salt(krb5_context context, + krb5_const_principal principal, + krb5_salt *salt) +{ + size_t len; + size_t i; + krb5_error_code ret; + char *p; + + salt->salttype = KRB5_PW_SALT; + len = strlen(principal->realm); + for (i = 0; i < principal->name.name_string.len; ++i) + len += strlen(principal->name.name_string.val[i]); + ret = krb5_data_alloc (&salt->saltvalue, len); + if (ret) + return ret; + p = salt->saltvalue.data; + memcpy (p, principal->realm, strlen(principal->realm)); + p += strlen(principal->realm); + for (i = 0; i < principal->name.name_string.len; ++i) { + memcpy (p, + principal->name.name_string.val[i], + strlen(principal->name.name_string.val[i])); + p += strlen(principal->name.name_string.val[i]); + } + return 0; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_free_salt(krb5_context context, + krb5_salt salt) +{ + krb5_data_free(&salt.saltvalue); + return 0; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_data (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_principal principal, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_salt salt; + + ret = krb5_get_pw_salt(context, principal, &salt); + if(ret) + return ret; + ret = krb5_string_to_key_data_salt(context, enctype, password, salt, key); + krb5_free_salt(context, salt); + return ret; +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_principal principal, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data(context, enctype, pw, principal, key); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_data_salt (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_keyblock *key) +{ + krb5_data opaque; + krb5_data_zero(&opaque); + return krb5_string_to_key_data_salt_opaque(context, enctype, password, + salt, opaque, key); +} + +/* + * Do a string -> key for encryption type `enctype' operation on + * `password' (with salt `salt' and the enctype specific data string + * `opaque'), returning the resulting key in `key' + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_data_salt_opaque (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + struct _krb5_encryption_type *et =_krb5_find_enctype(enctype); + struct salt_type *st; + if(et == NULL) { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + for(st = et->keytype->string_to_key; st && st->type; st++) + if(st->type == salt.salttype) + return (*st->string_to_key)(context, enctype, password, + salt, opaque, key); + krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, + N_("salt type %d not supported", ""), + salt.salttype); + return HEIM_ERR_SALTTYPE_NOSUPP; +} + +/* + * Do a string -> key for encryption type `enctype' operation on the + * string `password' (with salt `salt'), returning the resulting key + * in `key' + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_salt (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_salt salt, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); +} + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_salt_opaque (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data_salt_opaque(context, enctype, + pw, salt, opaque, key); +} + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_string_to_key_derived(krb5_context context, + const void *str, + size_t len, + krb5_enctype etype, + krb5_keyblock *key) +{ + struct _krb5_encryption_type *et = _krb5_find_enctype(etype); + krb5_error_code ret; + struct _krb5_key_data kd; + size_t keylen; + u_char *tmp; + + if(et == NULL) { + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + keylen = et->keytype->bits / 8; + + ALLOC(kd.key, 1); + if(kd.key == NULL) { + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); + if(ret) { + free(kd.key); + return ret; + } + kd.key->keytype = etype; + tmp = malloc (keylen); + if(tmp == NULL) { + krb5_free_keyblock(context, kd.key); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + ret = _krb5_n_fold(str, len, tmp, keylen); + if (ret) { + free(tmp); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); + return ret; + } + kd.schedule = NULL; + _krb5_DES3_random_to_key(context, kd.key, tmp, keylen); + memset(tmp, 0, keylen); + free(tmp); + ret = _krb5_derive_key(context, + et, + &kd, + "kerberos", /* XXX well known constant */ + strlen("kerberos")); + if (ret) { + _krb5_free_key_data(context, &kd, et); + return ret; + } + ret = krb5_copy_keyblock_contents(context, kd.key, key); + _krb5_free_key_data(context, &kd, et); + return ret; +} diff --git a/crypto/heimdal/lib/krb5/scache.c b/crypto/heimdal/lib/krb5/scache.c new file mode 100644 index 00000000000..5c422c6a449 --- /dev/null +++ b/crypto/heimdal/lib/krb5/scache.c @@ -0,0 +1,1451 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#ifdef HAVE_SCC + +#include + +typedef struct krb5_scache { + char *name; + char *file; + sqlite3 *db; + + sqlite_uint64 cid; + + sqlite3_stmt *icred; + sqlite3_stmt *dcred; + sqlite3_stmt *iprincipal; + + sqlite3_stmt *icache; + sqlite3_stmt *ucachen; + sqlite3_stmt *ucachep; + sqlite3_stmt *dcache; + sqlite3_stmt *scache; + sqlite3_stmt *scache_name; + sqlite3_stmt *umaster; + +} krb5_scache; + +#define SCACHE(X) ((krb5_scache *)(X)->data.data) + +#define SCACHE_DEF_NAME "Default-cache" +#ifdef KRB5_USE_PATH_TOKENS +#define KRB5_SCACHE_DB "%{TEMP}/krb5scc_%{uid}" +#else +#define KRB5_SCACHE_DB "/tmp/krb5scc_%{uid}" +#endif +#define KRB5_SCACHE_NAME "SCC:" SCACHE_DEF_NAME ":" KRB5_SCACHE_DB + +#define SCACHE_INVALID_CID ((sqlite_uint64)-1) + +/* + * + */ + +#define SQL_CMASTER "" \ + "CREATE TABLE master (" \ + "oid INTEGER PRIMARY KEY," \ + "version INTEGER NOT NULL," \ + "defaultcache TEXT NOT NULL" \ + ")" + +#define SQL_SETUP_MASTER \ + "INSERT INTO master (version,defaultcache) VALUES(2, \"" SCACHE_DEF_NAME "\")" +#define SQL_UMASTER "UPDATE master SET defaultcache=? WHERE version=2" + +#define SQL_CCACHE "" \ + "CREATE TABLE caches (" \ + "oid INTEGER PRIMARY KEY," \ + "principal TEXT," \ + "name TEXT NOT NULL" \ + ")" + +#define SQL_TCACHE "" \ + "CREATE TRIGGER CacheDropCreds AFTER DELETE ON caches " \ + "FOR EACH ROW BEGIN " \ + "DELETE FROM credentials WHERE cid=old.oid;" \ + "END" + +#define SQL_ICACHE "INSERT INTO caches (name) VALUES(?)" +#define SQL_UCACHE_NAME "UPDATE caches SET name=? WHERE OID=?" +#define SQL_UCACHE_PRINCIPAL "UPDATE caches SET principal=? WHERE OID=?" +#define SQL_DCACHE "DELETE FROM caches WHERE OID=?" +#define SQL_SCACHE "SELECT principal,name FROM caches WHERE OID=?" +#define SQL_SCACHE_NAME "SELECT oid FROM caches WHERE NAME=?" + +#define SQL_CCREDS "" \ + "CREATE TABLE credentials (" \ + "oid INTEGER PRIMARY KEY," \ + "cid INTEGER NOT NULL," \ + "kvno INTEGER NOT NULL," \ + "etype INTEGER NOT NULL," \ + "created_at INTEGER NOT NULL," \ + "cred BLOB NOT NULL" \ + ")" + +#define SQL_TCRED "" \ + "CREATE TRIGGER credDropPrincipal AFTER DELETE ON credentials " \ + "FOR EACH ROW BEGIN " \ + "DELETE FROM principals WHERE credential_id=old.oid;" \ + "END" + +#define SQL_ICRED "INSERT INTO credentials (cid, kvno, etype, cred, created_at) VALUES (?,?,?,?,?)" +#define SQL_DCRED "DELETE FROM credentials WHERE cid=?" + +#define SQL_CPRINCIPALS "" \ + "CREATE TABLE principals (" \ + "oid INTEGER PRIMARY KEY," \ + "principal TEXT NOT NULL," \ + "type INTEGER NOT NULL," \ + "credential_id INTEGER NOT NULL" \ + ")" + +#define SQL_IPRINCIPAL "INSERT INTO principals (principal, type, credential_id) VALUES (?,?,?)" + +/* + * sqlite destructors + */ + +static void +free_data(void *data) +{ + free(data); +} + +static void +free_krb5(void *str) +{ + krb5_xfree(str); +} + +static void +scc_free(krb5_scache *s) +{ + if (s->file) + free(s->file); + if (s->name) + free(s->name); + + if (s->icred) + sqlite3_finalize(s->icred); + if (s->dcred) + sqlite3_finalize(s->dcred); + if (s->iprincipal) + sqlite3_finalize(s->iprincipal); + if (s->icache) + sqlite3_finalize(s->icache); + if (s->ucachen) + sqlite3_finalize(s->ucachen); + if (s->ucachep) + sqlite3_finalize(s->ucachep); + if (s->dcache) + sqlite3_finalize(s->dcache); + if (s->scache) + sqlite3_finalize(s->scache); + if (s->scache_name) + sqlite3_finalize(s->scache_name); + if (s->umaster) + sqlite3_finalize(s->umaster); + + if (s->db) + sqlite3_close(s->db); + free(s); +} + +#ifdef TRACEME +static void +trace(void* ptr, const char * str) +{ + printf("SQL: %s\n", str); +} +#endif + +static krb5_error_code +prepare_stmt(krb5_context context, sqlite3 *db, + sqlite3_stmt **stmt, const char *str) +{ + int ret; + + ret = sqlite3_prepare_v2(db, str, -1, stmt, NULL); + if (ret != SQLITE_OK) { + krb5_set_error_message(context, ENOENT, + N_("Failed to prepare stmt %s: %s", ""), + str, sqlite3_errmsg(db)); + return ENOENT; + } + return 0; +} + +static krb5_error_code +exec_stmt(krb5_context context, sqlite3 *db, const char *str, + krb5_error_code code) +{ + int ret; + + ret = sqlite3_exec(db, str, NULL, NULL, NULL); + if (ret != SQLITE_OK && code) { + krb5_set_error_message(context, code, + N_("scache execute %s: %s", ""), str, + sqlite3_errmsg(db)); + return code; + } + return 0; +} + +static krb5_error_code +default_db(krb5_context context, sqlite3 **db) +{ + char *name; + int ret; + + ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &name); + if (ret) + return ret; + + ret = sqlite3_open_v2(name, db, SQLITE_OPEN_READWRITE, NULL); + free(name); + if (ret != SQLITE_OK) { + krb5_clear_error_message(context); + return ENOENT; + } + +#ifdef TRACEME + sqlite3_trace(*db, trace, NULL); +#endif + + return 0; +} + +static krb5_error_code +get_def_name(krb5_context context, char **str) +{ + krb5_error_code ret; + sqlite3_stmt *stmt; + const char *name; + sqlite3 *db; + + ret = default_db(context, &db); + if (ret) + return ret; + + ret = prepare_stmt(context, db, &stmt, "SELECT defaultcache FROM master"); + if (ret) { + sqlite3_close(db); + return ret; + } + + ret = sqlite3_step(stmt); + if (ret != SQLITE_ROW) + goto out; + + if (sqlite3_column_type(stmt, 0) != SQLITE_TEXT) + goto out; + + name = (const char *)sqlite3_column_text(stmt, 0); + if (name == NULL) + goto out; + + *str = strdup(name); + if (*str == NULL) + goto out; + + sqlite3_finalize(stmt); + sqlite3_close(db); + return 0; +out: + sqlite3_finalize(stmt); + sqlite3_close(db); + krb5_clear_error_message(context); + return ENOENT; +} + + + +static krb5_scache * KRB5_CALLCONV +scc_alloc(krb5_context context, const char *name) +{ + krb5_error_code ret; + krb5_scache *s; + + ALLOC(s, 1); + if(s == NULL) + return NULL; + + s->cid = SCACHE_INVALID_CID; + + if (name) { + char *file; + + if (*name == '\0') { + krb5_error_code ret; + ret = get_def_name(context, &s->name); + if (ret) + s->name = strdup(SCACHE_DEF_NAME); + } else + s->name = strdup(name); + + file = strrchr(s->name, ':'); + if (file) { + *file++ = '\0'; + s->file = strdup(file); + ret = 0; + } else { + ret = _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file); + } + } else { + _krb5_expand_default_cc_name(context, KRB5_SCACHE_DB, &s->file); + ret = asprintf(&s->name, "unique-%p", s); + } + if (ret < 0 || s->file == NULL || s->name == NULL) { + scc_free(s); + return NULL; + } + + return s; +} + +static krb5_error_code +open_database(krb5_context context, krb5_scache *s, int flags) +{ + int ret; + + ret = sqlite3_open_v2(s->file, &s->db, SQLITE_OPEN_READWRITE|flags, NULL); + if (ret) { + if (s->db) { + krb5_set_error_message(context, ENOENT, + N_("Error opening scache file %s: %s", ""), + s->file, sqlite3_errmsg(s->db)); + sqlite3_close(s->db); + s->db = NULL; + } else + krb5_set_error_message(context, ENOENT, + N_("malloc: out of memory", "")); + return ENOENT; + } + return 0; +} + +static krb5_error_code +create_cache(krb5_context context, krb5_scache *s) +{ + int ret; + + sqlite3_bind_text(s->icache, 1, s->name, -1, NULL); + do { + ret = sqlite3_step(s->icache); + } while (ret == SQLITE_ROW); + if (ret != SQLITE_DONE) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Failed to add scache: %d", ""), ret); + return KRB5_CC_IO; + } + sqlite3_reset(s->icache); + + s->cid = sqlite3_last_insert_rowid(s->db); + + return 0; +} + +static krb5_error_code +make_database(krb5_context context, krb5_scache *s) +{ + int created_file = 0; + int ret; + + if (s->db) + return 0; + + ret = open_database(context, s, 0); + if (ret) { + mode_t oldumask = umask(077); + ret = open_database(context, s, SQLITE_OPEN_CREATE); + umask(oldumask); + if (ret) goto out; + + created_file = 1; + + ret = exec_stmt(context, s->db, SQL_CMASTER, KRB5_CC_IO); + if (ret) goto out; + ret = exec_stmt(context, s->db, SQL_CCACHE, KRB5_CC_IO); + if (ret) goto out; + ret = exec_stmt(context, s->db, SQL_CCREDS, KRB5_CC_IO); + if (ret) goto out; + ret = exec_stmt(context, s->db, SQL_CPRINCIPALS, KRB5_CC_IO); + if (ret) goto out; + ret = exec_stmt(context, s->db, SQL_SETUP_MASTER, KRB5_CC_IO); + if (ret) goto out; + + ret = exec_stmt(context, s->db, SQL_TCACHE, KRB5_CC_IO); + if (ret) goto out; + ret = exec_stmt(context, s->db, SQL_TCRED, KRB5_CC_IO); + if (ret) goto out; + } + +#ifdef TRACEME + sqlite3_trace(s->db, trace, NULL); +#endif + + ret = prepare_stmt(context, s->db, &s->icred, SQL_ICRED); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->dcred, SQL_DCRED); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->iprincipal, SQL_IPRINCIPAL); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->icache, SQL_ICACHE); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->ucachen, SQL_UCACHE_NAME); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->ucachep, SQL_UCACHE_PRINCIPAL); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->dcache, SQL_DCACHE); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->scache, SQL_SCACHE); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->scache_name, SQL_SCACHE_NAME); + if (ret) goto out; + ret = prepare_stmt(context, s->db, &s->umaster, SQL_UMASTER); + if (ret) goto out; + + return 0; + +out: + if (s->db) + sqlite3_close(s->db); + if (created_file) + unlink(s->file); + + return ret; +} + +static krb5_error_code +bind_principal(krb5_context context, + sqlite3 *db, + sqlite3_stmt *stmt, + int col, + krb5_const_principal principal) +{ + krb5_error_code ret; + char *str; + + ret = krb5_unparse_name(context, principal, &str); + if (ret) + return ret; + + ret = sqlite3_bind_text(stmt, col, str, -1, free_krb5); + if (ret != SQLITE_OK) { + krb5_xfree(str); + krb5_set_error_message(context, ENOMEM, + N_("scache bind principal: %s", ""), + sqlite3_errmsg(db)); + return ENOMEM; + } + return 0; +} + +/* + * + */ + +static const char* KRB5_CALLCONV +scc_get_name(krb5_context context, + krb5_ccache id) +{ + return SCACHE(id)->name; +} + +static krb5_error_code KRB5_CALLCONV +scc_resolve(krb5_context context, krb5_ccache *id, const char *res) +{ + krb5_scache *s; + int ret; + + s = scc_alloc(context, res); + if (s == NULL) { + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); + return KRB5_CC_NOMEM; + } + + ret = make_database(context, s); + if (ret) { + scc_free(s); + return ret; + } + + ret = sqlite3_bind_text(s->scache_name, 1, s->name, -1, NULL); + if (ret != SQLITE_OK) { + krb5_set_error_message(context, ENOMEM, + "bind name: %s", sqlite3_errmsg(s->db)); + scc_free(s); + return ENOMEM; + } + + if (sqlite3_step(s->scache_name) == SQLITE_ROW) { + + if (sqlite3_column_type(s->scache_name, 0) != SQLITE_INTEGER) { + sqlite3_reset(s->scache_name); + krb5_set_error_message(context, KRB5_CC_END, + N_("Cache name of wrong type " + "for scache %s", ""), + s->name); + scc_free(s); + return KRB5_CC_END; + } + + s->cid = sqlite3_column_int(s->scache_name, 0); + } else { + s->cid = SCACHE_INVALID_CID; + } + sqlite3_reset(s->scache_name); + + (*id)->data.data = s; + (*id)->data.length = sizeof(*s); + + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_gen_new(krb5_context context, krb5_ccache *id) +{ + krb5_scache *s; + + s = scc_alloc(context, NULL); + + if (s == NULL) { + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); + return KRB5_CC_NOMEM; + } + + (*id)->data.data = s; + (*id)->data.length = sizeof(*s); + + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_initialize(krb5_context context, + krb5_ccache id, + krb5_principal primary_principal) +{ + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + + ret = make_database(context, s); + if (ret) + return ret; + + ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO); + if (ret) return ret; + + if (s->cid == SCACHE_INVALID_CID) { + ret = create_cache(context, s); + if (ret) + goto rollback; + } else { + sqlite3_bind_int(s->dcred, 1, s->cid); + do { + ret = sqlite3_step(s->dcred); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->dcred); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("Failed to delete old " + "credentials: %s", ""), + sqlite3_errmsg(s->db)); + goto rollback; + } + } + + ret = bind_principal(context, s->db, s->ucachep, 1, primary_principal); + if (ret) + goto rollback; + sqlite3_bind_int(s->ucachep, 2, s->cid); + + do { + ret = sqlite3_step(s->ucachep); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->ucachep); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("Failed to bind principal to cache %s", ""), + sqlite3_errmsg(s->db)); + goto rollback; + } + + ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO); + if (ret) return ret; + + return 0; + +rollback: + exec_stmt(context, s->db, "ROLLBACK", 0); + + return ret; + +} + +static krb5_error_code KRB5_CALLCONV +scc_close(krb5_context context, + krb5_ccache id) +{ + scc_free(SCACHE(id)); + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_destroy(krb5_context context, + krb5_ccache id) +{ + krb5_scache *s = SCACHE(id); + int ret; + + if (s->cid == SCACHE_INVALID_CID) + return 0; + + sqlite3_bind_int(s->dcache, 1, s->cid); + do { + ret = sqlite3_step(s->dcache); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->dcache); + if (ret != SQLITE_DONE) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Failed to destroy cache %s: %s", ""), + s->name, sqlite3_errmsg(s->db)); + return KRB5_CC_IO; + } + return 0; +} + +static krb5_error_code +encode_creds(krb5_context context, krb5_creds *creds, krb5_data *data) +{ + krb5_error_code ret; + krb5_storage *sp; + + sp = krb5_storage_emem(); + if (sp == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + ret = krb5_store_creds(sp, creds); + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed to store credential in scache", "")); + krb5_storage_free(sp); + return ret; + } + + ret = krb5_storage_to_data(sp, data); + krb5_storage_free(sp); + if (ret) + krb5_set_error_message(context, ret, + N_("Failed to encode credential in scache", "")); + return ret; +} + +static krb5_error_code +decode_creds(krb5_context context, const void *data, size_t length, + krb5_creds *creds) +{ + krb5_error_code ret; + krb5_storage *sp; + + sp = krb5_storage_from_readonly_mem(data, length); + if (sp == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + ret = krb5_ret_creds(sp, creds); + krb5_storage_free(sp); + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed to read credential in scache", "")); + return ret; + } + return 0; +} + + +static krb5_error_code KRB5_CALLCONV +scc_store_cred(krb5_context context, + krb5_ccache id, + krb5_creds *creds) +{ + sqlite_uint64 credid; + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + krb5_data data; + + ret = make_database(context, s); + if (ret) + return ret; + + ret = encode_creds(context, creds, &data); + if (ret) + return ret; + + sqlite3_bind_int(s->icred, 1, s->cid); + { + krb5_enctype etype = 0; + int kvno = 0; + Ticket t; + size_t len; + + ret = decode_Ticket(creds->ticket.data, + creds->ticket.length, &t, &len); + if (ret == 0) { + if(t.enc_part.kvno) + kvno = *t.enc_part.kvno; + + etype = t.enc_part.etype; + + free_Ticket(&t); + } + + sqlite3_bind_int(s->icred, 2, kvno); + sqlite3_bind_int(s->icred, 3, etype); + + } + + sqlite3_bind_blob(s->icred, 4, data.data, data.length, free_data); + sqlite3_bind_int(s->icred, 5, time(NULL)); + + ret = exec_stmt(context, s->db, "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO); + if (ret) return ret; + + do { + ret = sqlite3_step(s->icred); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->icred); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("Failed to add credential: %s", ""), + sqlite3_errmsg(s->db)); + goto rollback; + } + + credid = sqlite3_last_insert_rowid(s->db); + + { + bind_principal(context, s->db, s->iprincipal, 1, creds->server); + sqlite3_bind_int(s->iprincipal, 2, 1); + sqlite3_bind_int(s->iprincipal, 3, credid); + + do { + ret = sqlite3_step(s->iprincipal); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->iprincipal); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("Failed to add principal: %s", ""), + sqlite3_errmsg(s->db)); + goto rollback; + } + } + + { + bind_principal(context, s->db, s->iprincipal, 1, creds->client); + sqlite3_bind_int(s->iprincipal, 2, 0); + sqlite3_bind_int(s->iprincipal, 3, credid); + + do { + ret = sqlite3_step(s->iprincipal); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->iprincipal); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("Failed to add principal: %s", ""), + sqlite3_errmsg(s->db)); + goto rollback; + } + } + + ret = exec_stmt(context, s->db, "COMMIT", KRB5_CC_IO); + if (ret) return ret; + + return 0; + +rollback: + exec_stmt(context, s->db, "ROLLBACK", 0); + + return ret; +} + +static krb5_error_code KRB5_CALLCONV +scc_get_principal(krb5_context context, + krb5_ccache id, + krb5_principal *principal) +{ + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + const char *str; + + *principal = NULL; + + ret = make_database(context, s); + if (ret) + return ret; + + sqlite3_bind_int(s->scache, 1, s->cid); + + if (sqlite3_step(s->scache) != SQLITE_ROW) { + sqlite3_reset(s->scache); + krb5_set_error_message(context, KRB5_CC_END, + N_("No principal for cache SCC:%s:%s", ""), + s->name, s->file); + return KRB5_CC_END; + } + + if (sqlite3_column_type(s->scache, 0) != SQLITE_TEXT) { + sqlite3_reset(s->scache); + krb5_set_error_message(context, KRB5_CC_END, + N_("Principal data of wrong type " + "for SCC:%s:%s", ""), + s->name, s->file); + return KRB5_CC_END; + } + + str = (const char *)sqlite3_column_text(s->scache, 0); + if (str == NULL) { + sqlite3_reset(s->scache); + krb5_set_error_message(context, KRB5_CC_END, + N_("Principal not set for SCC:%s:%s", ""), + s->name, s->file); + return KRB5_CC_END; + } + + ret = krb5_parse_name(context, str, principal); + + sqlite3_reset(s->scache); + + return ret; +} + +struct cred_ctx { + char *drop; + sqlite3_stmt *stmt; + sqlite3_stmt *credstmt; +}; + +static krb5_error_code KRB5_CALLCONV +scc_get_first (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + struct cred_ctx *ctx; + char *str = NULL, *name = NULL; + + *cursor = NULL; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + ret = make_database(context, s); + if (ret) { + free(ctx); + return ret; + } + + if (s->cid == SCACHE_INVALID_CID) { + krb5_set_error_message(context, KRB5_CC_END, + N_("Iterating a invalid scache %s", ""), + s->name); + free(ctx); + return KRB5_CC_END; + } + + ret = asprintf(&name, "credIteration%pPid%d", + ctx, (int)getpid()); + if (ret < 0 || name == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + free(ctx); + return ENOMEM; + } + + ret = asprintf(&ctx->drop, "DROP TABLE %s", name); + if (ret < 0 || ctx->drop == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + free(name); + free(ctx); + return ENOMEM; + } + + ret = asprintf(&str, "CREATE TEMPORARY TABLE %s " + "AS SELECT oid,created_at FROM credentials WHERE cid = %lu", + name, (unsigned long)s->cid); + if (ret < 0 || str == NULL) { + free(ctx->drop); + free(name); + free(ctx); + return ENOMEM; + } + + ret = exec_stmt(context, s->db, str, KRB5_CC_IO); + free(str); + str = NULL; + if (ret) { + free(ctx->drop); + free(name); + free(ctx); + return ret; + } + + ret = asprintf(&str, "SELECT oid FROM %s ORDER BY created_at", name); + if (ret < 0 || str == NULL) { + exec_stmt(context, s->db, ctx->drop, 0); + free(ctx->drop); + free(name); + free(ctx); + return ret; + } + + ret = prepare_stmt(context, s->db, &ctx->stmt, str); + free(str); + str = NULL; + free(name); + if (ret) { + exec_stmt(context, s->db, ctx->drop, 0); + free(ctx->drop); + free(ctx); + return ret; + } + + ret = prepare_stmt(context, s->db, &ctx->credstmt, + "SELECT cred FROM credentials WHERE oid = ?"); + if (ret) { + sqlite3_finalize(ctx->stmt); + exec_stmt(context, s->db, ctx->drop, 0); + free(ctx->drop); + free(ctx); + return ret; + } + + *cursor = ctx; + + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_get_next (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor, + krb5_creds *creds) +{ + struct cred_ctx *ctx = *cursor; + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + sqlite_uint64 oid; + const void *data = NULL; + size_t len = 0; + +next: + ret = sqlite3_step(ctx->stmt); + if (ret == SQLITE_DONE) { + krb5_clear_error_message(context); + return KRB5_CC_END; + } else if (ret != SQLITE_ROW) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("scache Database failed: %s", ""), + sqlite3_errmsg(s->db)); + return KRB5_CC_IO; + } + + oid = sqlite3_column_int64(ctx->stmt, 0); + + /* read cred from credentials table */ + + sqlite3_bind_int(ctx->credstmt, 1, oid); + + ret = sqlite3_step(ctx->credstmt); + if (ret != SQLITE_ROW) { + sqlite3_reset(ctx->credstmt); + goto next; + } + + if (sqlite3_column_type(ctx->credstmt, 0) != SQLITE_BLOB) { + krb5_set_error_message(context, KRB5_CC_END, + N_("credential of wrong type for SCC:%s:%s", ""), + s->name, s->file); + sqlite3_reset(ctx->credstmt); + return KRB5_CC_END; + } + + data = sqlite3_column_blob(ctx->credstmt, 0); + len = sqlite3_column_bytes(ctx->credstmt, 0); + + ret = decode_creds(context, data, len, creds); + sqlite3_reset(ctx->credstmt); + return ret; +} + +static krb5_error_code KRB5_CALLCONV +scc_end_get (krb5_context context, + krb5_ccache id, + krb5_cc_cursor *cursor) +{ + struct cred_ctx *ctx = *cursor; + krb5_scache *s = SCACHE(id); + + sqlite3_finalize(ctx->stmt); + sqlite3_finalize(ctx->credstmt); + + exec_stmt(context, s->db, ctx->drop, 0); + + free(ctx->drop); + free(ctx); + + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_remove_cred(krb5_context context, + krb5_ccache id, + krb5_flags which, + krb5_creds *mcreds) +{ + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + sqlite3_stmt *stmt; + sqlite_uint64 credid = 0; + const void *data = NULL; + size_t len = 0; + + ret = make_database(context, s); + if (ret) + return ret; + + ret = prepare_stmt(context, s->db, &stmt, + "SELECT cred,oid FROM credentials " + "WHERE cid = ?"); + if (ret) + return ret; + + sqlite3_bind_int(stmt, 1, s->cid); + + /* find credential... */ + while (1) { + krb5_creds creds; + + ret = sqlite3_step(stmt); + if (ret == SQLITE_DONE) { + ret = 0; + break; + } else if (ret != SQLITE_ROW) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("scache Database failed: %s", ""), + sqlite3_errmsg(s->db)); + break; + } + + if (sqlite3_column_type(stmt, 0) != SQLITE_BLOB) { + ret = KRB5_CC_END; + krb5_set_error_message(context, ret, + N_("Credential of wrong type " + "for SCC:%s:%s", ""), + s->name, s->file); + break; + } + + data = sqlite3_column_blob(stmt, 0); + len = sqlite3_column_bytes(stmt, 0); + + ret = decode_creds(context, data, len, &creds); + if (ret) + break; + + ret = krb5_compare_creds(context, which, mcreds, &creds); + krb5_free_cred_contents(context, &creds); + if (ret) { + credid = sqlite3_column_int64(stmt, 1); + ret = 0; + break; + } + } + + sqlite3_finalize(stmt); + + if (id) { + ret = prepare_stmt(context, s->db, &stmt, + "DELETE FROM credentials WHERE oid=?"); + if (ret) + return ret; + sqlite3_bind_int(stmt, 1, credid); + + do { + ret = sqlite3_step(stmt); + } while (ret == SQLITE_ROW); + sqlite3_finalize(stmt); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("failed to delete scache credental", "")); + } else + ret = 0; + } + + return ret; +} + +static krb5_error_code KRB5_CALLCONV +scc_set_flags(krb5_context context, + krb5_ccache id, + krb5_flags flags) +{ + return 0; /* XXX */ +} + +struct cache_iter { + char *drop; + sqlite3 *db; + sqlite3_stmt *stmt; +}; + +static krb5_error_code KRB5_CALLCONV +scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) +{ + struct cache_iter *ctx; + krb5_error_code ret; + char *name = NULL, *str = NULL; + + *cursor = NULL; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + + ret = default_db(context, &ctx->db); + if (ctx->db == NULL) { + free(ctx); + return ret; + } + + ret = asprintf(&name, "cacheIteration%pPid%d", + ctx, (int)getpid()); + if (ret < 0 || name == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + sqlite3_close(ctx->db); + free(ctx); + return ENOMEM; + } + + ret = asprintf(&ctx->drop, "DROP TABLE %s", name); + if (ret < 0 || ctx->drop == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + sqlite3_close(ctx->db); + free(name); + free(ctx); + return ENOMEM; + } + + ret = asprintf(&str, "CREATE TEMPORARY TABLE %s AS SELECT name FROM caches", + name); + if (ret < 0 || str == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + sqlite3_close(ctx->db); + free(name); + free(ctx->drop); + free(ctx); + return ENOMEM; + } + + ret = exec_stmt(context, ctx->db, str, KRB5_CC_IO); + free(str); + str = NULL; + if (ret) { + sqlite3_close(ctx->db); + free(name); + free(ctx->drop); + free(ctx); + return ret; + } + + ret = asprintf(&str, "SELECT name FROM %s", name); + free(name); + if (ret < 0 || str == NULL) { + exec_stmt(context, ctx->db, ctx->drop, 0); + sqlite3_close(ctx->db); + free(name); + free(ctx->drop); + free(ctx); + return ENOMEM; + } + + ret = prepare_stmt(context, ctx->db, &ctx->stmt, str); + free(str); + if (ret) { + exec_stmt(context, ctx->db, ctx->drop, 0); + sqlite3_close(ctx->db); + free(ctx->drop); + free(ctx); + return ret; + } + + *cursor = ctx; + + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_get_cache_next(krb5_context context, + krb5_cc_cursor cursor, + krb5_ccache *id) +{ + struct cache_iter *ctx = cursor; + krb5_error_code ret; + const char *name; + +again: + ret = sqlite3_step(ctx->stmt); + if (ret == SQLITE_DONE) { + krb5_clear_error_message(context); + return KRB5_CC_END; + } else if (ret != SQLITE_ROW) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Database failed: %s", ""), + sqlite3_errmsg(ctx->db)); + return KRB5_CC_IO; + } + + if (sqlite3_column_type(ctx->stmt, 0) != SQLITE_TEXT) + goto again; + + name = (const char *)sqlite3_column_text(ctx->stmt, 0); + if (name == NULL) + goto again; + + ret = _krb5_cc_allocate(context, &krb5_scc_ops, id); + if (ret) + return ret; + + return scc_resolve(context, id, name); +} + +static krb5_error_code KRB5_CALLCONV +scc_end_cache_get(krb5_context context, krb5_cc_cursor cursor) +{ + struct cache_iter *ctx = cursor; + + exec_stmt(context, ctx->db, ctx->drop, 0); + sqlite3_finalize(ctx->stmt); + sqlite3_close(ctx->db); + free(ctx->drop); + free(ctx); + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_move(krb5_context context, krb5_ccache from, krb5_ccache to) +{ + krb5_scache *sfrom = SCACHE(from); + krb5_scache *sto = SCACHE(to); + krb5_error_code ret; + + if (strcmp(sfrom->file, sto->file) != 0) { + krb5_set_error_message(context, KRB5_CC_BADNAME, + N_("Can't handle cross database " + "credential move: %s -> %s", ""), + sfrom->file, sto->file); + return KRB5_CC_BADNAME; + } + + ret = make_database(context, sfrom); + if (ret) + return ret; + + ret = exec_stmt(context, sfrom->db, + "BEGIN IMMEDIATE TRANSACTION", KRB5_CC_IO); + if (ret) return ret; + + if (sto->cid != SCACHE_INVALID_CID) { + /* drop old cache entry */ + + sqlite3_bind_int(sfrom->dcache, 1, sto->cid); + do { + ret = sqlite3_step(sfrom->dcache); + } while (ret == SQLITE_ROW); + sqlite3_reset(sfrom->dcache); + if (ret != SQLITE_DONE) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Failed to delete old cache: %d", ""), + (int)ret); + goto rollback; + } + } + + sqlite3_bind_text(sfrom->ucachen, 1, sto->name, -1, NULL); + sqlite3_bind_int(sfrom->ucachen, 2, sfrom->cid); + + do { + ret = sqlite3_step(sfrom->ucachen); + } while (ret == SQLITE_ROW); + sqlite3_reset(sfrom->ucachen); + if (ret != SQLITE_DONE) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Failed to update new cache: %d", ""), + (int)ret); + goto rollback; + } + + sto->cid = sfrom->cid; + + ret = exec_stmt(context, sfrom->db, "COMMIT", KRB5_CC_IO); + if (ret) return ret; + + scc_free(sfrom); + + return 0; + +rollback: + exec_stmt(context, sfrom->db, "ROLLBACK", 0); + scc_free(sfrom); + + return KRB5_CC_IO; +} + +static krb5_error_code KRB5_CALLCONV +scc_get_default_name(krb5_context context, char **str) +{ + krb5_error_code ret; + char *name; + + *str = NULL; + + ret = get_def_name(context, &name); + if (ret) + return _krb5_expand_default_cc_name(context, KRB5_SCACHE_NAME, str); + + ret = asprintf(str, "SCC:%s", name); + free(name); + if (ret < 0 || *str == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + return 0; +} + +static krb5_error_code KRB5_CALLCONV +scc_set_default(krb5_context context, krb5_ccache id) +{ + krb5_scache *s = SCACHE(id); + krb5_error_code ret; + + if (s->cid == SCACHE_INVALID_CID) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Trying to set a invalid cache " + "as default %s", ""), + s->name); + return KRB5_CC_IO; + } + + ret = sqlite3_bind_text(s->umaster, 1, s->name, -1, NULL); + if (ret) { + sqlite3_reset(s->umaster); + krb5_set_error_message(context, KRB5_CC_IO, + N_("Failed to set name of default cache", "")); + return KRB5_CC_IO; + } + + do { + ret = sqlite3_step(s->umaster); + } while (ret == SQLITE_ROW); + sqlite3_reset(s->umaster); + if (ret != SQLITE_DONE) { + krb5_set_error_message(context, KRB5_CC_IO, + N_("Failed to update default cache", "")); + return KRB5_CC_IO; + } + + return 0; +} + +/** + * Variable containing the SCC based credential cache implemention. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = { + KRB5_CC_OPS_VERSION, + "SCC", + scc_get_name, + scc_resolve, + scc_gen_new, + scc_initialize, + scc_destroy, + scc_close, + scc_store_cred, + NULL, /* scc_retrieve */ + scc_get_principal, + scc_get_first, + scc_get_next, + scc_end_get, + scc_remove_cred, + scc_set_flags, + NULL, + scc_get_cache_first, + scc_get_cache_next, + scc_end_cache_get, + scc_move, + scc_get_default_name, + scc_set_default +}; + +#endif diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c index 2582a615c05..edf1d33c9d1 100644 --- a/crypto/heimdal/lib/krb5/send_to_kdc.c +++ b/crypto/heimdal/lib/krb5/send_to_kdc.c @@ -1,39 +1,38 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" - -RCSID("$Id: send_to_kdc.c 21934 2007-08-27 14:21:04Z lha $"); +#include "send_to_kdc_plugin.h" struct send_to_kdc { krb5_send_to_kdc_func func; @@ -48,7 +47,7 @@ struct send_to_kdc { */ static int -recv_loop (int fd, +recv_loop (krb5_socket_t fd, time_t tmout, int udp, size_t limit, @@ -59,9 +58,11 @@ recv_loop (int fd, int ret; int nbytes; +#ifndef NO_LIMIT_FD_SETSIZE if (fd >= FD_SETSIZE) { return -1; } +#endif krb5_data_zero(rep); do { @@ -79,7 +80,7 @@ recv_loop (int fd, } else { void *tmp; - if (ioctl (fd, FIONREAD, &nbytes) < 0) { + if (rk_SOCK_IOCTL (fd, FIONREAD, &nbytes) < 0) { krb5_data_free (rep); return -1; } @@ -87,7 +88,7 @@ recv_loop (int fd, return 0; if (limit) - nbytes = min(nbytes, limit - rep->length); + nbytes = min((size_t)nbytes, limit - rep->length); tmp = realloc (rep->data, rep->length + nbytes); if (tmp == NULL) { @@ -112,7 +113,7 @@ recv_loop (int fd, */ static int -send_and_recv_udp(int fd, +send_and_recv_udp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -131,7 +132,7 @@ send_and_recv_udp(int fd, */ static int -send_and_recv_tcp(int fd, +send_and_recv_tcp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -141,9 +142,9 @@ send_and_recv_tcp(int fd, krb5_data len_data; _krb5_put_int(len, req->length, 4); - if(net_write(fd, len, sizeof(len)) < 0) + if(net_write (fd, len, sizeof(len)) < 0) return -1; - if(net_write(fd, req->data, req->length) < 0) + if(net_write (fd, req->data, req->length) < 0) return -1; if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) return -1; @@ -163,7 +164,7 @@ send_and_recv_tcp(int fd, } int -_krb5_send_and_recv_tcp(int fd, +_krb5_send_and_recv_tcp(krb5_socket_t fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -176,22 +177,22 @@ _krb5_send_and_recv_tcp(int fd, */ static int -send_and_recv_http(int fd, +send_and_recv_http(krb5_socket_t fd, time_t tmout, const char *prefix, const krb5_data *req, krb5_data *rep) { - char *request; + char *request = NULL; char *str; int ret; int len = base64_encode(req->data, req->length, &str); if(len < 0) return -1; - asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str); + ret = asprintf(&request, "GET %s%s HTTP/1.0\r\n\r\n", prefix, str); free(str); - if (request == NULL) + if (ret < 0 || request == NULL) return -1; ret = net_write (fd, request, strlen(request)); free (request); @@ -260,14 +261,14 @@ send_via_proxy (krb5_context context, { char *proxy2 = strdup(context->http_proxy); char *proxy = proxy2; - char *prefix; + char *prefix = NULL; char *colon; struct addrinfo hints; struct addrinfo *ai, *a; int ret; - int s = -1; + krb5_socket_t s = rk_INVALID_SOCKET; char portstr[NI_MAXSERV]; - + if (proxy == NULL) return ENOMEM; if (strncmp (proxy, "http://", 7) == 0) @@ -287,11 +288,12 @@ send_via_proxy (krb5_context context, return krb5_eai_to_heim_errno(ret, errno); for (a = ai; a != NULL; a = a->ai_next) { - s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + s = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (s < 0) continue; + rk_cloexec(s); if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { - close (s); + rk_closesocket (s); continue; } break; @@ -302,34 +304,74 @@ send_via_proxy (krb5_context context, } freeaddrinfo (ai); - asprintf(&prefix, "http://%s/", hi->hostname); - if(prefix == NULL) { + ret = asprintf(&prefix, "http://%s/", hi->hostname); + if(ret < 0 || prefix == NULL) { close(s); return 1; } ret = send_and_recv_http(s, context->kdc_timeout, prefix, send_data, receive); - close (s); + rk_closesocket (s); free(prefix); if(ret == 0 && receive->length != 0) return 0; return 1; } +static krb5_error_code +send_via_plugin(krb5_context context, + krb5_krbhst_info *hi, + time_t timeout, + const krb5_data *send_data, + krb5_data *receive) +{ + struct krb5_plugin *list = NULL, *e; + krb5_error_code ret; + + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, KRB5_PLUGIN_SEND_TO_KDC, &list); + if(ret != 0 || list == NULL) + return KRB5_PLUGIN_NO_HANDLE; + + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + krb5plugin_send_to_kdc_ftable *service; + void *ctx; + + service = _krb5_plugin_get_symbol(e); + if (service->minor_version != 0) + continue; + + (*service->init)(context, &ctx); + ret = (*service->send_to_kdc)(context, ctx, hi, + timeout, send_data, receive); + (*service->fini)(ctx); + if (ret == 0) + break; + if (ret != KRB5_PLUGIN_NO_HANDLE) { + krb5_set_error_message(context, ret, + N_("Plugin send_to_kdc failed to " + "lookup with error: %d", ""), ret); + break; + } + } + _krb5_plugin_free(list); + return KRB5_PLUGIN_NO_HANDLE; +} + + /* * Send the data `send' to one host from `handle` and get back the reply * in `receive'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto (krb5_context context, const krb5_data *send_data, - krb5_krbhst_handle handle, + krb5_krbhst_handle handle, krb5_data *receive) { krb5_error_code ret; - int fd; - int i; + krb5_socket_t fd; + size_t i; krb5_data_zero(receive); @@ -339,16 +381,27 @@ krb5_sendto (krb5_context context, while (krb5_krbhst_next(context, handle, &hi) == 0) { struct addrinfo *ai, *a; + _krb5_debug(context, 2, + "trying to communicate with host %s in realm %s", + hi->hostname, _krb5_krbhst_get_realm(handle)); + if (context->send_to_kdc) { struct send_to_kdc *s = context->send_to_kdc; - ret = (*s->func)(context, s->data, - hi, send_data, receive); + ret = (*s->func)(context, s->data, hi, + context->kdc_timeout, send_data, receive); if (ret == 0 && receive->length != 0) goto out; continue; } + ret = send_via_plugin(context, hi, context->kdc_timeout, + send_data, receive); + if (ret == 0 && receive->length != 0) + goto out; + else if (ret != KRB5_PLUGIN_NO_HANDLE) + continue; + if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { if (send_via_proxy (context, hi, send_data, receive) == 0) { ret = 0; @@ -362,11 +415,12 @@ krb5_sendto (krb5_context context, continue; for (a = ai; a != NULL; a = a->ai_next) { - fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); - if (fd < 0) + fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); + if (rk_IS_BAD_SOCKET(fd)) continue; + rk_cloexec(fd); if (connect (fd, a->ai_addr, a->ai_addrlen) < 0) { - close (fd); + rk_closesocket (fd); continue; } switch (hi->proto) { @@ -383,20 +437,23 @@ krb5_sendto (krb5_context context, send_data, receive); break; } - close (fd); + rk_closesocket (fd); if(ret == 0 && receive->length != 0) goto out; } } krb5_krbhst_reset(context, handle); } - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5_KDC_UNREACH; out: + _krb5_debug(context, 2, + "result of trying to talk to realm %s = %d", + _krb5_krbhst_get_realm(handle), ret); return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc(krb5_context context, const krb5_data *send_data, const krb5_realm *realm, @@ -405,7 +462,7 @@ krb5_sendto_kdc(krb5_context context, return krb5_sendto_kdc_flags(context, send_data, realm, receive, 0); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_kdc_flags(krb5_context context, const krb5_data *send_data, const krb5_realm *realm, @@ -426,8 +483,8 @@ krb5_sendto_kdc_flags(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_to_kdc_func(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_set_send_to_kdc_func(krb5_context context, krb5_send_to_kdc_func func, void *data) { @@ -439,7 +496,8 @@ krb5_set_send_to_kdc_func(krb5_context context, context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); if (context->send_to_kdc == NULL) { - krb5_set_error_string(context, "Out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -448,6 +506,19 @@ krb5_set_send_to_kdc_func(krb5_context context, return 0; } +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to) +{ + if (context->send_to_kdc) + return krb5_set_send_to_kdc_func(to, + context->send_to_kdc->func, + context->send_to_kdc->data); + else + return krb5_set_send_to_kdc_func(to, NULL, NULL); +} + + + struct krb5_sendto_ctx_data { int flags; int type; @@ -455,37 +526,38 @@ struct krb5_sendto_ctx_data { void *data; }; -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_string(context, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_add_flags(krb5_sendto_ctx ctx, int flags) { ctx->flags |= flags; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_sendto_ctx_get_flags(krb5_sendto_ctx ctx) { return ctx->flags; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_type(krb5_sendto_ctx ctx, int type) { ctx->type = type; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, krb5_sendto_ctx_func func, void *data) @@ -494,14 +566,14 @@ krb5_sendto_ctx_set_func(krb5_sendto_ctx ctx, ctx->data = data; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_sendto_ctx_free(krb5_context context, krb5_sendto_ctx ctx) { memset(ctx, 0, sizeof(*ctx)); free(ctx); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendto_context(krb5_context context, krb5_sendto_ctx ctx, const krb5_data *send_data, @@ -530,7 +602,7 @@ krb5_sendto_context(krb5_context context, type = KRB5_KRBHST_KDC; } - if (send_data->length > context->large_msg_size) + if ((int)send_data->length > context->large_msg_size) ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; /* loop until we get back a appropriate response */ @@ -541,7 +613,7 @@ krb5_sendto_context(krb5_context context, krb5_data_free(receive); if (handle == NULL) { - ret = krb5_krbhst_init_flags(context, realm, type, + ret = krb5_krbhst_init_flags(context, realm, type, ctx->flags, &handle); if (ret) { if (freectx) @@ -549,7 +621,7 @@ krb5_sendto_context(krb5_context context, return ret; } } - + ret = krb5_sendto(context, send_data, handle, receive); if (ret) break; @@ -566,8 +638,9 @@ krb5_sendto_context(krb5_context context, if (handle) krb5_krbhst_free(context, handle); if (ret == KRB5_KDC_UNREACH) - krb5_set_error_string(context, - "unable to reach any KDC in realm %s", realm); + krb5_set_error_message(context, ret, + N_("unable to reach any KDC in realm %s", ""), + realm); if (ret) krb5_data_free(receive); if (freectx) @@ -575,7 +648,7 @@ krb5_sendto_context(krb5_context context, return ret; } -krb5_error_code +krb5_error_code KRB5_CALLCONV _krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data, const krb5_data *reply, int *action) { diff --git a/crypto/heimdal/lib/krb5/send_to_kdc_plugin.h b/crypto/heimdal/lib/krb5/send_to_kdc_plugin.h new file mode 100644 index 00000000000..c729a1286ba --- /dev/null +++ b/crypto/heimdal/lib/krb5/send_to_kdc_plugin.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H +#define HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H 1 + +#include + +#define KRB5_PLUGIN_SEND_TO_KDC "send_to_kdc" + +typedef krb5_error_code +(*krb5plugin_send_to_kdc_func)(krb5_context, + void *, + krb5_krbhst_info *, + time_t timeout, + const krb5_data *, + krb5_data *); + +typedef struct krb5plugin_send_to_kdc_ftable { + int minor_version; + krb5_error_code (*init)(krb5_context, void **); + void (*fini)(void *); + krb5plugin_send_to_kdc_func send_to_kdc; +} krb5plugin_send_to_kdc_ftable; + +#endif /* HEIMDAL_KRB5_SEND_TO_KDC_PLUGIN_H */ diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c index a7242f0daf9..d334d34497a 100644 --- a/crypto/heimdal/lib/krb5/sendauth.c +++ b/crypto/heimdal/lib/krb5/sendauth.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: sendauth.c 17442 2006-05-05 09:31:15Z lha $"); - /* * The format seems to be: * client -> server @@ -62,7 +60,7 @@ RCSID("$Id: sendauth.c 17442 2006-05-05 09:31:15Z lha $"); * } */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sendauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer p_fd, @@ -93,7 +91,7 @@ krb5_sendauth(krb5_context context, if (krb5_net_write (context, p_fd, &net_len, 4) != 4 || krb5_net_write (context, p_fd, version, len) != len) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(ret)); + krb5_set_error_message (context, ret, "write: %s", strerror(ret)); return ret; } @@ -102,22 +100,22 @@ krb5_sendauth(krb5_context context, if (krb5_net_write (context, p_fd, &net_len, 4) != 4 || krb5_net_write (context, p_fd, appl_version, len) != len) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(ret)); + krb5_set_error_message (context, ret, "write: %s", strerror(ret)); return ret; } sret = krb5_net_read (context, p_fd, &repl, sizeof(repl)); if (sret < 0) { ret = errno; - krb5_set_error_string (context, "read: %s", strerror(ret)); + krb5_set_error_message (context, ret, "read: %s", strerror(ret)); return ret; } else if (sret != sizeof(repl)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_SENDAUTH_BADRESPONSE; } if (repl != 0) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_SENDAUTH_REJECTED; } @@ -205,14 +203,15 @@ krb5_sendauth(krb5_context context, } return ret; } else { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } - } + } else + krb5_data_free (&error_data); if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { krb5_data ap_rep; - krb5_ap_rep_enc_part *ignore; + krb5_ap_rep_enc_part *ignore = NULL; krb5_data_zero (&ap_rep); ret = krb5_read_message (context, diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c index 98040bc2e9d..ddce677c1ac 100644 --- a/crypto/heimdal/lib/krb5/set_default_realm.c +++ b/crypto/heimdal/lib/krb5/set_default_realm.c @@ -1,42 +1,40 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c 13863 2004-05-25 21:46:46Z lha $"); - /* - * Convert the simple string `s' into a NULL-terminated and freshly allocated + * Convert the simple string `s' into a NULL-terminated and freshly allocated * list in `list'. Return an error code. */ @@ -46,13 +44,15 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) *list = malloc (2 * sizeof(**list)); if (*list == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*list)[0] = strdup (s); if ((*list)[0] == NULL) { free (*list); - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*list)[1] = NULL; @@ -62,10 +62,10 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) /* * Set the knowledge of the default realm(s) in `context'. * If realm != NULL, that's the new default realm. - * Otherwise, the realm(s) are figured out from configuration or DNS. + * Otherwise, the realm(s) are figured out from configuration or DNS. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_default_realm(krb5_context context, const char *realm) { diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c index 9b4ba978a1b..a43546de340 100644 --- a/crypto/heimdal/lib/krb5/sock_principal.c +++ b/crypto/heimdal/lib/krb5/sock_principal.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: sock_principal.c 13863 2004-05-25 21:46:46Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_sock_to_principal (krb5_context context, int sock, const char *sname, @@ -50,15 +48,15 @@ krb5_sock_to_principal (krb5_context context, if (getsockname (sock, sa, &salen) < 0) { ret = errno; - krb5_set_error_string (context, "getsockname: %s", strerror(ret)); + krb5_set_error_message (context, ret, "getsockname: %s", strerror(ret)); return ret; } ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0); if (ret) { int save_errno = errno; - - krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret)); - return krb5_eai_to_heim_errno(ret, save_errno); + krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, save_errno); + krb5_set_error_message (context, ret2, "getnameinfo: %s", gai_strerror(ret)); + return ret2; } ret = krb5_sname_to_principal (context, diff --git a/crypto/heimdal/lib/krb5/store-int.c b/crypto/heimdal/lib/krb5/store-int.c new file mode 100644 index 00000000000..d5776297181 --- /dev/null +++ b/crypto/heimdal/lib/krb5/store-int.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +_krb5_put_int(void *buffer, unsigned long value, size_t size) +{ + unsigned char *p = buffer; + int i; + for (i = size - 1; i >= 0; i--) { + p[i] = value & 0xff; + value >>= 8; + } + return size; +} + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL +_krb5_get_int(void *buffer, unsigned long *value, size_t size) +{ + unsigned char *p = buffer; + unsigned long v = 0; + size_t i; + for (i = 0; i < size; i++) + v = (v << 8) + p[i]; + *value = v; + return size; +} diff --git a/crypto/heimdal/lib/krb5/store-int.h b/crypto/heimdal/lib/krb5/store-int.h index 42e695a11bc..877ccc008dc 100644 --- a/crypto/heimdal/lib/krb5/store-int.h +++ b/crypto/heimdal/lib/krb5/store-int.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifndef __store_int_h__ @@ -39,9 +39,11 @@ struct krb5_storage_data { ssize_t (*fetch)(struct krb5_storage_data*, void*, size_t); ssize_t (*store)(struct krb5_storage_data*, const void*, size_t); off_t (*seek)(struct krb5_storage_data*, off_t, int); + int (*trunc)(struct krb5_storage_data*, off_t); void (*free)(struct krb5_storage_data*); krb5_flags flags; int eof_code; + size_t max_alloc; }; #endif /* __store_int_h__ */ diff --git a/crypto/heimdal/lib/krb5/store-test.c b/crypto/heimdal/lib/krb5/store-test.c index aec2dfe7cb3..3d0f9e0b46c 100644 --- a/crypto/heimdal/lib/krb5/store-test.c +++ b/crypto/heimdal/lib/krb5/store-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,8 +32,6 @@ #include "krb5_locl.h" -RCSID("$Id: store-test.c 16344 2005-12-02 15:15:43Z lha $"); - static void print_data(unsigned char *data, size_t len) { @@ -51,7 +49,8 @@ compare(const char *name, krb5_storage *sp, void *expected, size_t len) { int ret = 0; krb5_data data; - krb5_storage_to_data(sp, &data); + if (krb5_storage_to_data(sp, &data)) + errx(1, "krb5_storage_to_data failed"); krb5_storage_free(sp); if(data.length != len || memcmp(data.data, expected, len) != 0) { printf("%s mismatch\n", name); @@ -72,7 +71,7 @@ main(int argc, char **argv) krb5_storage *sp; krb5_context context; krb5_principal principal; - + krb5_init_context(&context); @@ -96,9 +95,9 @@ main(int argc, char **argv) { int test = 1; void *data; - if(*(char*)&test) + if(*(char*)&test) data = "\x4\x3\x2\x1"; - else + else data = "\x1\x2\x3\x4"; nerr += compare("Integer (host)", sp, data, 4); } @@ -111,7 +110,7 @@ main(int argc, char **argv) "\x0\x0\x0\x1" "\x0\x0\x0\x4TEST" "\x0\x0\x0\x6""foobar", 26); - + krb5_free_context(context); return nerr ? 1 : 0; diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c index c9cbbb5cef3..3aeb8d62814 100644 --- a/crypto/heimdal/lib/krb5/store.c +++ b/crypto/heimdal/lib/krb5/store.c @@ -1,127 +1,273 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $"); - #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) #define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE) #define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \ krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER)) -void KRB5_LIB_FUNCTION +/** + * Add the flags on a storage buffer by or-ing in the flags to the buffer. + * + * @param sp the storage buffer to set the flags on + * @param flags the flags to set + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) { sp->flags |= flags; } -void KRB5_LIB_FUNCTION +/** + * Clear the flags on a storage buffer + * + * @param sp the storage buffer to clear the flags on + * @param flags the flags to clear + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_clear_flags(krb5_storage *sp, krb5_flags flags) { sp->flags &= ~flags; } -krb5_boolean KRB5_LIB_FUNCTION +/** + * Return true or false depending on if the storage flags is set or + * not. NB testing for the flag 0 always return true. + * + * @param sp the storage buffer to check flags on + * @param flags The flags to test for + * + * @return true if all the flags are set, false if not. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) { return (sp->flags & flags) == flags; } -void KRB5_LIB_FUNCTION +/** + * Set the new byte order of the storage buffer. + * + * @param sp the storage buffer to set the byte order for. + * @param byteorder the new byte order. + * + * The byte order are: KRB5_STORAGE_BYTEORDER_BE, + * KRB5_STORAGE_BYTEORDER_LE and KRB5_STORAGE_BYTEORDER_HOST. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) { sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK; sp->flags |= byteorder; } -krb5_flags KRB5_LIB_FUNCTION -krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder) +/** + * Return the current byteorder for the buffer. See krb5_storage_set_byteorder() for the list or byte order contants. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_flags KRB5_LIB_CALL +krb5_storage_get_byteorder(krb5_storage *sp) { return sp->flags & KRB5_STORAGE_BYTEORDER_MASK; } -off_t KRB5_LIB_FUNCTION +/** + * Set the max alloc value + * + * @param sp the storage buffer set the max allow for + * @param size maximum size to allocate, use 0 to remove limit + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +krb5_storage_set_max_alloc(krb5_storage *sp, size_t size) +{ + sp->max_alloc = size; +} + +/* don't allocate unresonable amount of memory */ +static krb5_error_code +size_too_large(krb5_storage *sp, size_t size) +{ + if (sp->max_alloc && sp->max_alloc < size) + return HEIM_ERR_TOO_BIG; + return 0; +} + +static krb5_error_code +size_too_large_num(krb5_storage *sp, size_t count, size_t size) +{ + if (sp->max_alloc == 0 || size == 0) + return 0; + size = sp->max_alloc / size; + if (size < count) + return HEIM_ERR_TOO_BIG; + return 0; +} + +/** + * Seek to a new offset. + * + * @param sp the storage buffer to seek in. + * @param offset the offset to seek + * @param whence relateive searching, SEEK_CUR from the current + * position, SEEK_END from the end, SEEK_SET absolute from the start. + * + * @return The new current offset + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION off_t KRB5_LIB_CALL krb5_storage_seek(krb5_storage *sp, off_t offset, int whence) { return (*sp->seek)(sp, offset, whence); } -krb5_ssize_t KRB5_LIB_FUNCTION +/** + * Truncate the storage buffer in sp to offset. + * + * @param sp the storage buffer to truncate. + * @param offset the offset to truncate too. + * + * @return An Kerberos 5 error code. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_truncate(krb5_storage *sp, off_t offset) +{ + return (*sp->trunc)(sp, offset); +} + +/** + * Read to the storage buffer. + * + * @param sp the storage buffer to read from + * @param buf the buffer to store the data in + * @param len the length to read + * + * @return The length of data read (can be shorter then len), or negative on error. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_read(krb5_storage *sp, void *buf, size_t len) { return sp->fetch(sp, buf, len); } -krb5_ssize_t KRB5_LIB_FUNCTION +/** + * Write to the storage buffer. + * + * @param sp the storage buffer to write to + * @param buf the buffer to write to the storage buffer + * @param len the length to write + * + * @return The length of data written (can be shorter then len), or negative on error. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_storage_write(krb5_storage *sp, const void *buf, size_t len) { return sp->store(sp, buf, len); } -void KRB5_LIB_FUNCTION +/** + * Set the return code that will be used when end of storage is reached. + * + * @param sp the storage + * @param code the error code to return on end of storage + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_storage_set_eof_code(krb5_storage *sp, int code) { sp->eof_code = code; } -krb5_ssize_t KRB5_LIB_FUNCTION -_krb5_put_int(void *buffer, unsigned long value, size_t size) +/** + * Get the return code that will be used when end of storage is reached. + * + * @param sp the storage + * + * @return storage error code + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION int KRB5_LIB_CALL +krb5_storage_get_eof_code(krb5_storage *sp) { - unsigned char *p = buffer; - int i; - for (i = size - 1; i >= 0; i--) { - p[i] = value & 0xff; - value >>= 8; - } - return size; + return sp->eof_code; } -krb5_ssize_t KRB5_LIB_FUNCTION -_krb5_get_int(void *buffer, unsigned long *value, size_t size) -{ - unsigned char *p = buffer; - unsigned long v = 0; - int i; - for (i = 0; i < size; i++) - v = (v << 8) + p[i]; - *value = v; - return size; -} +/** + * Free a krb5 storage. + * + * @param sp the storage to free. + * + * @return An Kerberos 5 error code. + * + * @ingroup krb5_storage + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_free(krb5_storage *sp) { if(sp->free) @@ -131,16 +277,31 @@ krb5_storage_free(krb5_storage *sp) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Copy the contnent of storage + * + * @param sp the storage to copy to a data + * @param data the copied data, free with krb5_data_free() + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_storage_to_data(krb5_storage *sp, krb5_data *data) { - off_t pos; - size_t size; + off_t pos, size; krb5_error_code ret; pos = sp->seek(sp, 0, SEEK_CUR); - size = (size_t)sp->seek(sp, 0, SEEK_END); - ret = krb5_data_alloc (data, size); + if (pos < 0) + return HEIM_ERR_NOT_SEEKABLE; + size = sp->seek(sp, 0, SEEK_END); + ret = size_too_large(sp, size); + if (ret) + return ret; + ret = krb5_data_alloc(data, size); if (ret) { sp->seek(sp, pos, SEEK_SET); return ret; @@ -165,12 +326,26 @@ krb5_store_int(krb5_storage *sp, return EINVAL; _krb5_put_int(v, value, len); ret = sp->store(sp, v, len); - if (ret != len) - return (ret<0)?errno:sp->eof_code; + if (ret < 0) + return errno; + if ((size_t)ret != len) + return sp->eof_code; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a int32 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int32(krb5_storage *sp, int32_t value) { @@ -181,7 +356,19 @@ krb5_store_int32(krb5_storage *sp, return krb5_store_int(sp, value, 4); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a uint32 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint32(krb5_storage *sp, uint32_t value) { @@ -197,14 +384,28 @@ krb5_ret_int(krb5_storage *sp, unsigned char v[4]; unsigned long w; ret = sp->fetch(sp, v, len); - if(ret != len) - return (ret<0)?errno:sp->eof_code; + if (ret < 0) + return errno; + if ((size_t)ret != len) + return sp->eof_code; _krb5_get_int(v, &w, len); *value = w; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a int32 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int32(krb5_storage *sp, int32_t *value) { @@ -218,7 +419,19 @@ krb5_ret_int32(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a uint32 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint32(krb5_storage *sp, uint32_t *value) { @@ -232,7 +445,19 @@ krb5_ret_uint32(krb5_storage *sp, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a int16 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int16(krb5_storage *sp, int16_t value) { @@ -243,14 +468,38 @@ krb5_store_int16(krb5_storage *sp, return krb5_store_int(sp, value, 2); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a uint16 to storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint16(krb5_storage *sp, uint16_t value) { return krb5_store_int16(sp, (int16_t)value); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a int16 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int16(krb5_storage *sp, int16_t *value) { @@ -267,7 +516,19 @@ krb5_ret_int16(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a int16 from storage, byte order is controlled by the settings + * on the storage, see krb5_storage_set_byteorder(). + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint16(krb5_storage *sp, uint16_t *value) { @@ -281,7 +542,18 @@ krb5_ret_uint16(krb5_storage *sp, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a int8 to storage. + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_int8(krb5_storage *sp, int8_t value) { @@ -293,14 +565,36 @@ krb5_store_int8(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a uint8 to storage. + * + * @param sp the storage to write too + * @param value the value to store + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_uint8(krb5_storage *sp, uint8_t value) { return krb5_store_int8(sp, (int8_t)value); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a int8 from storage + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_int8(krb5_storage *sp, int8_t *value) { @@ -312,7 +606,18 @@ krb5_ret_int8(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a uint8 from storage + * + * @param sp the storage to write too + * @param value the value read from the buffer + * + * @return 0 for success, or a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_uint8(krb5_storage *sp, uint8_t *value) { @@ -326,7 +631,19 @@ krb5_ret_uint8(krb5_storage *sp, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a data to the storage. The data is stored with an int32 as + * lenght plus the data (not padded). + * + * @param sp the storage buffer to write to + * @param data the buffer to store. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_data(krb5_storage *sp, krb5_data data) { @@ -335,15 +652,25 @@ krb5_store_data(krb5_storage *sp, if(ret < 0) return ret; ret = sp->store(sp, data.data, data.length); - if(ret != data.length){ - if(ret < 0) - return errno; + if(ret < 0) + return errno; + if((size_t)ret != data.length) return sp->eof_code; - } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Parse a data from the storage. + * + * @param sp the storage buffer to read from + * @param data the parsed data + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_data(krb5_storage *sp, krb5_data *data) { @@ -353,6 +680,9 @@ krb5_ret_data(krb5_storage *sp, ret = krb5_ret_int32(sp, &size); if(ret) return ret; + ret = size_too_large(sp, size); + if (ret) + return ret; ret = krb5_data_alloc (data, size); if (ret) return ret; @@ -364,7 +694,19 @@ krb5_ret_data(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a string to the buffer. The data is formated as an len:uint32 + * plus the string itself (not padded). + * + * @param sp the storage buffer to write to + * @param s the string to store. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_string(krb5_storage *sp, const char *s) { krb5_data data; @@ -373,7 +715,19 @@ krb5_store_string(krb5_storage *sp, const char *s) return krb5_store_data(sp, data); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Parse a string from the storage. + * + * @param sp the storage buffer to read from + * @param string the parsed string + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_string(krb5_storage *sp, char **string) { @@ -391,23 +745,44 @@ krb5_ret_string(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a zero terminated string to the buffer. The data is stored + * one character at a time until a NUL is stored. + * + * @param sp the storage buffer to write to + * @param s the string to store. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringz(krb5_storage *sp, const char *s) { size_t len = strlen(s) + 1; ssize_t ret; ret = sp->store(sp, s, len); - if(ret != len) { - if(ret < 0) - return ret; - else - return sp->eof_code; - } + if(ret < 0) + return ret; + if((size_t)ret != len) + return sp->eof_code; return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Parse zero terminated string from the storage. + * + * @param sp the storage buffer to read from + * @param string the parsed string + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringz(krb5_storage *sp, char **string) { @@ -420,6 +795,9 @@ krb5_ret_stringz(krb5_storage *sp, char *tmp; len++; + ret = size_too_large(sp, len); + if (ret) + break; tmp = realloc (s, len); if (tmp == NULL) { free (s); @@ -440,19 +818,17 @@ krb5_ret_stringz(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_stringnl(krb5_storage *sp, const char *s) { size_t len = strlen(s); ssize_t ret; ret = sp->store(sp, s, len); - if(ret != len) { - if(ret < 0) - return ret; - else - return sp->eof_code; - } + if(ret < 0) + return ret; + if((size_t)ret != len) + return sp->eof_code; ret = sp->store(sp, "\n", 1); if(ret != 1) { if(ret < 0) @@ -465,7 +841,7 @@ krb5_store_stringnl(krb5_storage *sp, const char *s) } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_stringnl(krb5_storage *sp, char **string) { @@ -488,6 +864,9 @@ krb5_ret_stringnl(krb5_storage *sp, } len++; + ret = size_too_large(sp, len); + if (ret) + break; tmp = realloc (s, len); if (tmp == NULL) { free (s); @@ -510,12 +889,22 @@ krb5_ret_stringnl(krb5_storage *sp, return 0; } +/** + * Write a principal block to storage. + * + * @param sp the storage buffer to write to + * @param p the principal block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal(krb5_storage *sp, krb5_const_principal p) { - int i; + size_t i; int ret; if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { @@ -526,7 +915,7 @@ krb5_store_principal(krb5_storage *sp, ret = krb5_store_int32(sp, p->name.name_string.len + 1); else ret = krb5_store_int32(sp, p->name.name_string.len); - + if(ret) return ret; ret = krb5_store_string(sp, p->realm); if(ret) return ret; @@ -537,7 +926,18 @@ krb5_store_principal(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Parse principal from the storage. + * + * @param sp the storage buffer to read from + * @param princ the parsed principal + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_principal(krb5_storage *sp, krb5_principal *princ) { @@ -546,7 +946,7 @@ krb5_ret_principal(krb5_storage *sp, krb5_principal p; int32_t type; int32_t ncomp; - + p = calloc(1, sizeof(*p)); if(p == NULL) return ENOMEM; @@ -567,6 +967,11 @@ krb5_ret_principal(krb5_storage *sp, free(p); return EINVAL; } + ret = size_too_large_num(sp, ncomp, sizeof(p->name.name_string.val[0])); + if (ret) { + free(p); + return ret; + } p->name.name_type = type; p->name.name_string.len = ncomp; ret = krb5_ret_string(sp, &p->realm); @@ -574,7 +979,7 @@ krb5_ret_principal(krb5_storage *sp, free(p); return ret; } - p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val)); + p->name.name_string.val = calloc(ncomp, sizeof(p->name.name_string.val[0])); if(p->name.name_string.val == NULL && ncomp != 0){ free(p->realm); free(p); @@ -594,7 +999,18 @@ krb5_ret_principal(krb5_storage *sp, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Store a keyblock to the storage. + * + * @param sp the storage buffer to write to + * @param p the keyblock to write + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) { int ret; @@ -612,7 +1028,18 @@ krb5_store_keyblock(krb5_storage *sp, krb5_keyblock p) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a keyblock from the storage. + * + * @param sp the storage buffer to write to + * @param p the keyblock read from storage, free using krb5_free_keyblock() + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) { int ret; @@ -631,7 +1058,18 @@ krb5_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Write a times block to storage. + * + * @param sp the storage buffer to write to + * @param times the times block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_times(krb5_storage *sp, krb5_times times) { int ret; @@ -645,7 +1083,18 @@ krb5_store_times(krb5_storage *sp, krb5_times times) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a times block from the storage. + * + * @param sp the storage buffer to write to + * @param times the times block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_times(krb5_storage *sp, krb5_times *times) { int ret; @@ -664,7 +1113,18 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Write a address block to storage. + * + * @param sp the storage buffer to write to + * @param p the address block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_address(krb5_storage *sp, krb5_address p) { int ret; @@ -674,7 +1134,18 @@ krb5_store_address(krb5_storage *sp, krb5_address p) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a address block from the storage. + * + * @param sp the storage buffer to write to + * @param adr the address block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_address(krb5_storage *sp, krb5_address *adr) { int16_t t; @@ -686,10 +1157,21 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Write a addresses block to storage. + * + * @param sp the storage buffer to write to + * @param p the addresses block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs(krb5_storage *sp, krb5_addresses p) { - int i; + size_t i; int ret; ret = krb5_store_int32(sp, p.len); if(ret) return ret; @@ -700,15 +1182,28 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a addresses block from the storage. + * + * @param sp the storage buffer to write to + * @param adr the addresses block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) { - int i; + size_t i; int ret; int32_t tmp; ret = krb5_ret_int32(sp, &tmp); if(ret) return ret; + ret = size_too_large_num(sp, tmp, sizeof(adr->val[0])); + if (ret) return ret; adr->len = tmp; ALLOC(adr->val, adr->len); if (adr->val == NULL && adr->len != 0) @@ -720,11 +1215,22 @@ krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Write a auth data block to storage. + * + * @param sp the storage buffer to write to + * @param auth the auth data block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) { krb5_error_code ret; - int i; + size_t i; ret = krb5_store_int32(sp, auth.len); if(ret) return ret; for(i = 0; i < auth.len; i++){ @@ -736,7 +1242,18 @@ krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a auth data from the storage. + * + * @param sp the storage buffer to write to + * @param auth the auth data block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth) { krb5_error_code ret; @@ -745,6 +1262,8 @@ krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth) int i; ret = krb5_ret_int32(sp, &tmp); if(ret) return ret; + ret = size_too_large_num(sp, tmp, sizeof(auth->val[0])); + if (ret) return ret; ALLOC_SEQ(auth, tmp); if (auth->val == NULL && tmp != 0) return ENOMEM; @@ -770,12 +1289,18 @@ bitswap32(int32_t b) return r; } - -/* +/** + * Write a credentials block to storage. * + * @param sp the storage buffer to write to + * @param creds the creds block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds(krb5_storage *sp, krb5_creds *creds) { int ret; @@ -816,7 +1341,18 @@ krb5_store_creds(krb5_storage *sp, krb5_creds *creds) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a credentials block from the storage. + * + * @param sp the storage buffer to write to + * @param creds the credentials block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) { krb5_error_code ret; @@ -862,7 +1398,7 @@ krb5_ret_creds(krb5_storage *sp, krb5_creds *creds) ret = krb5_ret_data (sp, &creds->second_ticket); cleanup: if(ret) { -#if 0 +#if 0 krb5_free_cred_contents(context, creds); /* XXX */ #endif } @@ -877,11 +1413,18 @@ cleanup: #define SC_AUTHDATA 0x0020 #define SC_ADDRESSES 0x0040 -/* +/** + * Write a tagged credentials block to storage. * + * @param sp the storage buffer to write to + * @param creds the creds block to write. + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) { int ret; @@ -903,6 +1446,8 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) header |= SC_ADDRESSES; ret = krb5_store_int32(sp, header); + if (ret) + return ret; if (creds->client) { ret = krb5_store_principal(sp, creds->client); @@ -960,7 +1505,18 @@ krb5_store_creds_tag(krb5_storage *sp, krb5_creds *creds) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Read a tagged credentials block from the storage. + * + * @param sp the storage buffer to write to + * @param creds the credentials block read from storage + * + * @return 0 on success, a Kerberos 5 error code on failure. + * + * @ingroup krb5_storage + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_creds_tag(krb5_storage *sp, krb5_creds *creds) { @@ -1027,7 +1583,7 @@ krb5_ret_creds_tag(krb5_storage *sp, cleanup: if(ret) { -#if 0 +#if 0 krb5_free_cred_contents(context, creds); /* XXX */ #endif } diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c index b59a647f804..7f91b084862 100644 --- a/crypto/heimdal/lib/krb5/store_emem.c +++ b/crypto/heimdal/lib/krb5/store_emem.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c 21745 2007-07-31 16:11:25Z lha $"); - typedef struct emem_storage{ unsigned char *base; size_t size; @@ -47,7 +45,7 @@ static ssize_t emem_fetch(krb5_storage *sp, void *data, size_t size) { emem_storage *s = (emem_storage*)sp->data; - if(s->base + s->len - s->ptr < size) + if((size_t)(s->base + s->len - s->ptr) < size) size = s->base + s->len - s->ptr; memmove(data, s->ptr, size); sp->seek(sp, size, SEEK_CUR); @@ -58,7 +56,7 @@ static ssize_t emem_store(krb5_storage *sp, const void *data, size_t size) { emem_storage *s = (emem_storage*)sp->data; - if(size > s->base + s->size - s->ptr){ + if(size > (size_t)(s->base + s->size - s->ptr)){ void *base; size_t sz, off; off = s->ptr - s->base; @@ -67,7 +65,7 @@ emem_store(krb5_storage *sp, const void *data, size_t size) sz *= 2; base = realloc(s->base, sz); if(base == NULL) - return 0; + return -1; s->size = sz; s->base = base; s->ptr = (unsigned char*)base + off; @@ -83,12 +81,12 @@ emem_seek(krb5_storage *sp, off_t offset, int whence) emem_storage *s = (emem_storage*)sp->data; switch(whence){ case SEEK_SET: - if(offset > s->size) + if((size_t)offset > s->size) offset = s->size; if(offset < 0) offset = 0; s->ptr = s->base + offset; - if(offset > s->len) + if((size_t)offset > s->len) s->len = offset; break; case SEEK_CUR: @@ -104,6 +102,39 @@ emem_seek(krb5_storage *sp, off_t offset, int whence) return s->ptr - s->base; } +static int +emem_trunc(krb5_storage *sp, off_t offset) +{ + emem_storage *s = (emem_storage*)sp->data; + /* + * If offset is larget then current size, or current size is + * shrunk more then half of the current size, adjust buffer. + */ + if (offset == 0) { + free(s->base); + s->size = 0; + s->base = NULL; + s->ptr = NULL; + } else if ((size_t)offset > s->size || (s->size / 2) > (size_t)offset) { + void *base; + size_t off; + off = s->ptr - s->base; + base = realloc(s->base, offset); + if(base == NULL) + return ENOMEM; + if ((size_t)offset > s->size) + memset((char *)base + s->size, 0, offset - s->size); + s->size = offset; + s->base = base; + s->ptr = (unsigned char *)base + off; + } + s->len = offset; + if ((s->ptr - s->base) > offset) + s->ptr = s->base + offset; + return 0; +} + + static void emem_free(krb5_storage *sp) { @@ -112,13 +143,32 @@ emem_free(krb5_storage *sp) free(s->base); } -krb5_storage * KRB5_LIB_FUNCTION +/** + * Create a elastic (allocating) memory storage backend. Memory is + * allocated on demand. Free returned krb5_storage with + * krb5_storage_free(). + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_fd() + * @sa krb5_storage_from_data() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_emem(void) { - krb5_storage *sp = malloc(sizeof(krb5_storage)); + krb5_storage *sp; + emem_storage *s; + + sp = malloc(sizeof(krb5_storage)); if (sp == NULL) return NULL; - emem_storage *s = malloc(sizeof(*s)); + + s = malloc(sizeof(*s)); if (s == NULL) { free(sp); return NULL; @@ -138,6 +188,8 @@ krb5_storage_emem(void) sp->fetch = emem_fetch; sp->store = emem_store; sp->seek = emem_seek; + sp->trunc = emem_trunc; sp->free = emem_free; + sp->max_alloc = UINT_MAX/8; return sp; } diff --git a/crypto/heimdal/lib/krb5/store_fd.c b/crypto/heimdal/lib/krb5/store_fd.c index 15f86fcac30..2b72dea3a3f 100644 --- a/crypto/heimdal/lib/krb5/store_fd.c +++ b/crypto/heimdal/lib/krb5/store_fd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,8 +34,6 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $"); - typedef struct fd_storage { int fd; } fd_storage; @@ -60,18 +58,53 @@ fd_seek(krb5_storage * sp, off_t offset, int whence) return lseek(FD(sp), offset, whence); } +static int +fd_trunc(krb5_storage * sp, off_t offset) +{ + if (ftruncate(FD(sp), offset) == -1) + return errno; + return 0; +} + static void fd_free(krb5_storage * sp) { close(FD(sp)); } -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_fd(int fd) +/** + * + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_emem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_data() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL +krb5_storage_from_fd(krb5_socket_t fd_in) { krb5_storage *sp; + int fd; + +#ifdef SOCKET_IS_NOT_AN_FD +#ifdef _MSC_VER + if (_get_osfhandle(fd_in) != -1) { + fd = dup(fd_in); + } else { + fd = _open_osfhandle(fd_in, 0); + } +#else +#error Dont know how to deal with fd that may or may not be a socket. +#endif +#else /* SOCKET_IS_NOT_AN_FD */ + fd = dup(fd_in); +#endif - fd = dup(fd); if (fd < 0) return NULL; @@ -93,6 +126,8 @@ krb5_storage_from_fd(int fd) sp->fetch = fd_fetch; sp->store = fd_store; sp->seek = fd_seek; + sp->trunc = fd_trunc; sp->free = fd_free; + sp->max_alloc = UINT_MAX/8; return sp; } diff --git a/crypto/heimdal/lib/krb5/store_mem.c b/crypto/heimdal/lib/krb5/store_mem.c index e6e62b5a62e..e674a95dbad 100644 --- a/crypto/heimdal/lib/krb5/store_mem.c +++ b/crypto/heimdal/lib/krb5/store_mem.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $"); - typedef struct mem_storage{ unsigned char *base; size_t size; @@ -46,7 +44,7 @@ static ssize_t mem_fetch(krb5_storage *sp, void *data, size_t size) { mem_storage *s = (mem_storage*)sp->data; - if(size > s->base + s->size - s->ptr) + if(size > (size_t)(s->base + s->size - s->ptr)) size = s->base + s->size - s->ptr; memmove(data, s->ptr, size); sp->seek(sp, size, SEEK_CUR); @@ -57,7 +55,7 @@ static ssize_t mem_store(krb5_storage *sp, const void *data, size_t size) { mem_storage *s = (mem_storage*)sp->data; - if(size > s->base + s->size - s->ptr) + if(size > (size_t)(s->base + s->size - s->ptr)) size = s->base + s->size - s->ptr; memmove(s->ptr, data, size); sp->seek(sp, size, SEEK_CUR); @@ -76,7 +74,7 @@ mem_seek(krb5_storage *sp, off_t offset, int whence) mem_storage *s = (mem_storage*)sp->data; switch(whence){ case SEEK_SET: - if(offset > s->size) + if((size_t)offset > s->size) offset = s->size; if(offset < 0) offset = 0; @@ -93,7 +91,38 @@ mem_seek(krb5_storage *sp, off_t offset, int whence) return s->ptr - s->base; } -krb5_storage * KRB5_LIB_FUNCTION +static int +mem_trunc(krb5_storage *sp, off_t offset) +{ + mem_storage *s = (mem_storage*)sp->data; + if((size_t)offset > s->size) + return ERANGE; + s->size = offset; + if ((s->ptr - s->base) > offset) + s->ptr = s->base + offset; + return 0; +} + +static int +mem_no_trunc(krb5_storage *sp, off_t offset) +{ + return EINVAL; +} + +/** + * Create a fixed size memory storage block + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_fd() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_mem(void *buf, size_t len) { krb5_storage *sp = malloc(sizeof(krb5_storage)); @@ -114,17 +143,45 @@ krb5_storage_from_mem(void *buf, size_t len) sp->fetch = mem_fetch; sp->store = mem_store; sp->seek = mem_seek; + sp->trunc = mem_trunc; sp->free = NULL; + sp->max_alloc = UINT_MAX/8; return sp; } -krb5_storage * KRB5_LIB_FUNCTION +/** + * Create a fixed size memory storage block + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_mem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_readonly_mem() + * @sa krb5_storage_from_fd() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_data(krb5_data *data) { return krb5_storage_from_mem(data->data, data->length); } -krb5_storage * KRB5_LIB_FUNCTION +/** + * Create a fixed size memory storage block that is read only + * + * @return A krb5_storage on success, or NULL on out of memory error. + * + * @ingroup krb5_storage + * + * @sa krb5_storage_mem() + * @sa krb5_storage_from_mem() + * @sa krb5_storage_from_data() + * @sa krb5_storage_from_fd() + */ + +KRB5_LIB_FUNCTION krb5_storage * KRB5_LIB_CALL krb5_storage_from_readonly_mem(const void *buf, size_t len) { krb5_storage *sp = malloc(sizeof(krb5_storage)); @@ -145,6 +202,8 @@ krb5_storage_from_readonly_mem(const void *buf, size_t len) sp->fetch = mem_fetch; sp->store = mem_no_store; sp->seek = mem_seek; + sp->trunc = mem_no_trunc; sp->free = NULL; + sp->max_alloc = UINT_MAX/8; return sp; } diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c index 30075ea6b95..cb7081b9e0f 100644 --- a/crypto/heimdal/lib/krb5/string-to-key-test.c +++ b/crypto/heimdal/lib/krb5/string-to-key-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: string-to-key-test.c 16344 2005-12-02 15:15:43Z lha $"); - enum { MAXSIZE = 24 }; static struct testcase { @@ -43,12 +41,26 @@ static struct testcase { krb5_enctype enctype; unsigned char res[MAXSIZE]; } tests[] = { +#ifdef HEIM_WEAK_CRYPTO {"@", "", ETYPE_DES_CBC_MD5, {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}}, {"nisse@FOO.SE", "hej", ETYPE_DES_CBC_MD5, {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}}, {"assar/liten@FOO.SE", "hemligt", ETYPE_DES_CBC_MD5, {0x5b, 0x9b, 0xcb, 0xf2, 0x97, 0x43, 0xc8, 0x40}}, + {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5, + {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}}, + {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5, + {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}}, + {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5, + {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}}, + {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5, + {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}}, + {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5, + {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}}, + {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5, + {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}}, +#endif #if 0 {"@", "", ETYPE_DES3_CBC_SHA1, {0xce, 0xa2, 0x2f, 0x9b, 0x52, 0x2c, 0xb0, 0x15, 0x6e, 0x6b, 0x64, @@ -66,18 +78,6 @@ static struct testcase { {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5, {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe, 0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}}, - {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5, - {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}}, - {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5, - {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}}, - {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5, - {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}}, - {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5, - {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}}, - {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5, - {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}}, - {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5, - {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}}, {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1, {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}}, {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1, diff --git a/crypto/heimdal/lib/krb5/test_acl.c b/crypto/heimdal/lib/krb5/test_acl.c index e52f31a8b5a..9e27c040864 100644 --- a/crypto/heimdal/lib/krb5/test_acl.c +++ b/crypto/heimdal/lib/krb5/test_acl.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_acl.c 15036 2005-04-30 15:19:58Z lha $"); - #define RETVAL(c, r, e, s) \ do { if (r != e) krb5_errx(c, 1, "%s", s); } while (0) #define STRINGMATCH(c, s, _s1, _s2) \ @@ -72,6 +70,13 @@ test_match_string(krb5_context context) RETVAL(context, ret, 0, "liternal fnmatch"); ret = krb5_acl_match_string(context, "foo/bar", "f", "foo/*"); RETVAL(context, ret, 0, "foo/*"); + ret = krb5_acl_match_string(context, "foo/bar.example.org", "f", + "foo/*.example.org"); + RETVAL(context, ret, 0, "foo/*.example.org"); + ret = krb5_acl_match_string(context, "foo/bar.example.com", "f", + "foo/*.example.org"); + RETVAL(context, ret, EACCES, "foo/*.example.com"); + ret = krb5_acl_match_string(context, "foo/bar/baz", "f", "foo/*/baz"); RETVAL(context, ret, 0, "foo/*/baz"); diff --git a/crypto/heimdal/lib/krb5/test_addr.c b/crypto/heimdal/lib/krb5/test_addr.c index 1ab47aecc02..79a55ff303e 100644 --- a/crypto/heimdal/lib/krb5/test_addr.c +++ b/crypto/heimdal/lib/krb5/test_addr.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_addr.c 15036 2005-04-30 15:19:58Z lha $"); - static void print_addr(krb5_context context, const char *addr) { @@ -51,20 +49,22 @@ print_addr(krb5_context context, const char *addr) if (addresses.len < 1) krb5_err(context, 1, ret, "too few addresses"); - + for (i = 0; i < addresses.len; i++) { krb5_print_address(&addresses.val[i], buf, sizeof(buf), &len); #if 0 - printf("addr %d: %s (%d/%d)\n", i, buf, (int)len, (int)strlen(buf)); + printf("addr %d: %s (%d/%d)\n", i, buf, (int)len, (int)strlen(buf)); #endif if (strlen(buf) > sizeof(buf)) - abort(); + krb5_err(context, 1, ret, "len %d larger then buf %d", + (int)strlen(buf), (int)sizeof(buf)); krb5_print_address(&addresses.val[i], buf2, sizeof(buf2), &len); #if 0 - printf("addr %d: %s (%d/%d)\n", i, buf2, (int)len, (int)strlen(buf2)); + printf("addr %d: %s (%d/%d)\n", i, buf2, (int)len, (int)strlen(buf2)); #endif if (strlen(buf2) > sizeof(buf2)) - abort(); + krb5_err(context, 1, ret, "len %d larger then buf %d", + (int)strlen(buf2), (int)sizeof(buf2)); } krb5_free_addresses(context, &addresses); @@ -72,7 +72,7 @@ print_addr(krb5_context context, const char *addr) } static void -truncated_addr(krb5_context context, const char *addr, +truncated_addr(krb5_context context, const char *addr, size_t truncate_len, size_t outlen) { krb5_addresses addresses; @@ -88,22 +88,25 @@ truncated_addr(krb5_context context, const char *addr, if (addresses.len != 1) krb5_err(context, 1, ret, "addresses should be one"); - + krb5_print_address(&addresses.val[0], buf, truncate_len, &len); - + #if 0 - printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); + printf("addr %s (%d/%d) should be %d\n", buf, (int)len, (int)strlen(buf), (int)outlen); #endif - + if (truncate_len > strlen(buf) + 1) - abort(); + krb5_err(context, 1, ret, "%s truncate_len %d larger then strlen %d source %s", + buf, (int)truncate_len, (int)strlen(buf), addr); + if (outlen != len) - abort(); - + krb5_err(context, 1, ret, "%s: outlen %d != len %d", + buf, (int)outlen, (int)strlen(buf)); + krb5_print_address(&addresses.val[0], buf, outlen + 1, &len); #if 0 - printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); + printf("addr %s (%d/%d)\n", buf, (int)len, (int)strlen(buf)); #endif if (len != outlen) @@ -120,12 +123,14 @@ check_truncation(krb5_context context, const char *addr) { int i, len = strlen(addr); + truncated_addr(context, addr, len, len); + for (i = 0; i < len; i++) truncated_addr(context, addr, i, len); } static void -match_addr(krb5_context context, const char *range_addr, +match_addr(krb5_context context, const char *range_addr, const char *one_addr, int match) { krb5_addresses range, one; @@ -137,7 +142,7 @@ match_addr(krb5_context context, const char *range_addr, if (range.len != 1) krb5_err(context, 1, ret, "wrong num of addresses"); - + ret = krb5_parse_address(context, one_addr, &one); if (ret) krb5_err(context, 1, ret, "krb5_parse_address"); @@ -157,12 +162,41 @@ match_addr(krb5_context context, const char *range_addr, krb5_free_addresses(context, &one); } +#ifdef _MSC_VER + +/* For the truncation tests, calling strcpy_s() or strcat_s() with a + size of 0 results in the invalid parameter handler being invoked. + For the debug version, the runtime also throws an assert. */ + +static void +inv_param_handler(const wchar_t* expression, + const wchar_t* function, + const wchar_t* file, + unsigned int line, + uintptr_t pReserved) +{ + printf("Invalid parameter handler invoked for: %S in %S(%d) [%S]\n", + function, file, line, expression); +} + +static _invalid_parameter_handler _inv_old = NULL; + +#define SET_INVALID_PARAM_HANDLER _inv_old = _set_invalid_parameter_handler(inv_param_handler) + +#else + +#define SET_INVALID_PARAM_HANDLER ((void) 0) + +#endif + int main(int argc, char **argv) { krb5_context context; krb5_error_code ret; + SET_INVALID_PARAM_HANDLER; + setprogname(argv[0]); ret = krb5_init_context(&context); @@ -174,7 +208,7 @@ main(int argc, char **argv) print_addr(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255"); print_addr(context, "RANGE:130.237.237.4/29"); #ifdef HAVE_IPV6 - print_addr(context, "RANGE:fe80::209:6bff:fea0:e522/64"); + print_addr(context, "RANGE:2001:db8:1:2:3:4:1428:7ab/64"); print_addr(context, "RANGE:IPv6:fe80::209:6bff:fea0:e522/64"); print_addr(context, "RANGE:IPv6:fe80::-IPv6:fe80::ffff:ffff:ffff:ffff"); print_addr(context, "RANGE:fe80::-fe80::ffff:ffff:ffff:ffff"); @@ -183,7 +217,10 @@ main(int argc, char **argv) check_truncation(context, "IPv4:127.0.0.0"); check_truncation(context, "RANGE:IPv4:127.0.0.0-IPv4:127.0.0.255"); #ifdef HAVE_IPV6 + check_truncation(context, "IPv6:::"); check_truncation(context, "IPv6:::1"); + check_truncation(context, "IPv6:2001:db8:1:2:3:4:1428:7ab"); + check_truncation(context, "IPv6:fe80::209:0:0:0"); check_truncation(context, "IPv6:fe80::ffff:ffff:ffff:ffff"); #endif diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c index e8397b74802..21e4bff8d82 100644 --- a/crypto/heimdal/lib/krb5/test_alname.c +++ b/crypto/heimdal/lib/krb5/test_alname.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,11 +34,9 @@ #include #include -RCSID("$Id: test_alname.c 15474 2005-06-17 04:48:02Z lha $"); - static void test_alname(krb5_context context, krb5_const_realm realm, - const char *user, const char *inst, + const char *user, const char *inst, const char *localuser, int ok) { krb5_principal p; @@ -60,20 +58,20 @@ test_alname(krb5_context context, krb5_const_realm realm, if (ret) { if (!ok) return; - krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", + krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", princ, localuser); } if (strcmp(localname, localuser) != 0) { if (ok) - errx(1, "compared failed %s != %s (should have succeded)", + errx(1, "compared failed %s != %s (should have succeded)", localname, localuser); } else { if (!ok) - errx(1, "compared failed %s == %s (should have failed)", + errx(1, "compared failed %s == %s (should have failed)", localname, localuser); } - + } static int version_flag = 0; @@ -109,7 +107,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -140,12 +138,12 @@ main(int argc, char **argv) test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0); test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0); - test_alname(context, realm, user, NULL, + test_alname(context, realm, user, NULL, "not-same-as-user", 0); test_alname(context, realm, user, "root", "not-same-as-user", 0); - test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, "not-same-as-user", 0); test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "not-same-as-user", 0); diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c index 075cfe237fb..911fba52405 100644 --- a/crypto/heimdal/lib/krb5/test_cc.c +++ b/crypto/heimdal/lib/krb5/test_cc.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,17 +34,21 @@ #include #include -RCSID("$Id: test_cc.c 22115 2007-12-03 21:21:42Z lha $"); - static int debug_flag = 0; static int version_flag = 0; static int help_flag = 0; +#ifdef KRB5_USE_PATH_TOKENS +#define TEST_CC_NAME "%{TEMP}/krb5-cc-test-foo" +#else +#define TEST_CC_NAME "/tmp/krb5-cc-test-foo" +#endif + static void test_default_name(krb5_context context) { krb5_error_code ret; - const char *p, *test_cc_name = "/tmp/krb5-cc-test-foo"; + const char *p, *test_cc_name = TEST_CC_NAME; char *p1, *p2, *p3; p = krb5_cc_default_name(context); @@ -63,18 +67,23 @@ test_default_name(krb5_context context) if (strcmp(p1, p2) != 0) krb5_errx (context, 1, "krb5_cc_default_name no longer same"); - + ret = krb5_cc_set_default_name(context, test_cc_name); if (p == NULL) krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); - + p = krb5_cc_default_name(context); if (p == NULL) krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); p3 = estrdup(p); - + +#ifndef KRB5_USE_PATH_TOKENS + /* If we are using path tokens, we don't expect the p3 and + test_cc_name to match since p3 is going to have expanded + tokens. */ if (strcmp(p3, test_cc_name) != 0) krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); +#endif free(p1); free(p2); @@ -99,9 +108,9 @@ test_mcache(krb5_context context) if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &id); if (ret) - krb5_err(context, 1, ret, "krb5_cc_gen_new"); + krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_initialize(context, id, p); if (ret) @@ -115,10 +124,11 @@ test_mcache(krb5_context context) if (tc == NULL) krb5_errx(context, 1, "krb5_cc_get_name"); - asprintf(&c, "%s:%s", tc, nc); - + if (asprintf(&c, "%s:%s", tc, nc) < 0 || c == NULL) + errx(1, "malloc"); + krb5_cc_close(context, id); - + ret = krb5_cc_resolve(context, c, &id2); if (ret) krb5_err(context, 1, ret, "krb5_cc_resolve"); @@ -151,24 +161,26 @@ test_mcache(krb5_context context) */ static void -test_init_vs_destroy(krb5_context context, const krb5_cc_ops *ops) +test_init_vs_destroy(krb5_context context, const char *type) { krb5_error_code ret; krb5_ccache id, id2; krb5_principal p, p2; - char *n; + char *n = NULL; ret = krb5_parse_name(context, "lha@SU.SE", &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_cc_gen_new(context, ops, &id); + ret = krb5_cc_new_unique(context, type, NULL, &id); if (ret) - krb5_err(context, 1, ret, "krb5_cc_gen_new"); + krb5_err(context, 1, ret, "krb5_cc_new_unique: %s", type); + + if (asprintf(&n, "%s:%s", + krb5_cc_get_type(context, id), + krb5_cc_get_name(context, id)) < 0 || n == NULL) + errx(1, "malloc"); - asprintf(&n, "%s:%s", - krb5_cc_get_type(context, id), - krb5_cc_get_name(context, id)); ret = krb5_cc_resolve(context, n, &id2); free(n); @@ -191,7 +203,7 @@ test_init_vs_destroy(krb5_context context, const krb5_cc_ops *ops) } static void -test_fcache_remove(krb5_context context) +test_cache_remove(krb5_context context, const char *type) { krb5_error_code ret; krb5_ccache id; @@ -202,9 +214,9 @@ test_fcache_remove(krb5_context context) if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &id); + ret = krb5_cc_new_unique(context, type, NULL, &id); if (ret) - krb5_err(context, 1, ret, "krb5_cc_gen_new"); + krb5_err(context, 1, ret, "krb5_cc_gen_new: %s", type); ret = krb5_cc_initialize(context, id, p); if (ret) @@ -280,12 +292,33 @@ struct { char *res; } cc_names[] = { { "foo", 0, "foo" }, + { "foo%}", 0, "foo%}" }, { "%{uid}", 0 }, { "foo%{null}", 0, "foo" }, { "foo%{null}bar", 0, "foobar" }, { "%{", 1 }, { "%{foo %{", 1 }, { "%{{", 1 }, + { "%{{}", 1 }, + { "%{nulll}", 1 }, + { "%{does not exist}", 1 }, + { "%{}", 1 }, +#ifdef KRB5_USE_PATH_TOKENS + { "%{APPDATA}", 0 }, + { "%{COMMON_APPDATA}", 0}, + { "%{LOCAL_APPDATA}", 0}, + { "%{SYSTEM}", 0}, + { "%{WINDOWS}", 0}, + { "%{TEMP}", 0}, + { "%{USERID}", 0}, + { "%{uid}", 0}, + { "%{USERCONFIG}", 0}, + { "%{COMMONCONFIG}", 0}, + { "%{LIBDIR}", 0}, + { "%{BINDIR}", 0}, + { "%{LIBEXEC}", 0}, + { "%{SBINDIR}", 0}, +#endif }; static void @@ -299,14 +332,14 @@ test_def_cc_name(krb5_context context) ret = _krb5_expand_default_cc_name(context, cc_names[i].str, &str); if (ret) { if (cc_names[i].fail == 0) - krb5_errx(context, 1, "test %d \"%s\" failed", + krb5_errx(context, 1, "test %d \"%s\" failed", i, cc_names[i].str); } else { if (cc_names[i].fail) - krb5_errx(context, 1, "test %d \"%s\" was successful", + krb5_errx(context, 1, "test %d \"%s\" was successful", i, cc_names[i].str); if (cc_names[i].res && strcmp(cc_names[i].res, str) != 0) - krb5_errx(context, 1, "test %d %s != %s", + krb5_errx(context, 1, "test %d %s != %s", i, cc_names[i].res, str); if (debug_flag) printf("%s => %s\n", cc_names[i].str, str); @@ -316,8 +349,7 @@ test_def_cc_name(krb5_context context) } static void -test_cache_find(krb5_context context, const char *type, const char *principal, - int find) +test_cache_find(krb5_context context, const char *principal, int find) { krb5_principal client; krb5_error_code ret; @@ -326,8 +358,8 @@ test_cache_find(krb5_context context, const char *type, const char *principal, ret = krb5_parse_name(context, principal, &client); if (ret) krb5_err(context, 1, ret, "parse_name for %s failed", principal); - - ret = krb5_cc_cache_match(context, client, type, &id); + + ret = krb5_cc_cache_match(context, client, &id); if (ret && find) krb5_err(context, 1, ret, "cc_cache_match for %s failed", principal); if (ret == 0 && !find) @@ -345,7 +377,7 @@ test_cache_iter(krb5_context context, const char *type, int destroy) krb5_cc_cache_cursor cursor; krb5_error_code ret; krb5_ccache id; - + ret = krb5_cc_cache_get_first (context, type, &cursor); if (ret == KRB5_CC_NOSUPP) return; @@ -379,36 +411,62 @@ test_cache_iter(krb5_context context, const char *type, int destroy) } static void -test_copy(krb5_context context, const char *fromtype, const char *totype) +test_cache_iter_all(krb5_context context) +{ + krb5_cccol_cursor cursor; + krb5_error_code ret; + krb5_ccache id; + + ret = krb5_cccol_cursor_new (context, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_cccol_cursor_new"); + + + while ((ret = krb5_cccol_cursor_next (context, cursor, &id)) == 0 && id != NULL) { + krb5_principal principal; + char *name; + + if (debug_flag) + printf("name: %s\n", krb5_cc_get_name(context, id)); + ret = krb5_cc_get_principal(context, id, &principal); + if (ret == 0) { + ret = krb5_unparse_name(context, principal, &name); + if (ret == 0) { + if (debug_flag) + printf("\tprincipal: %s\n", name); + free(name); + } + krb5_free_principal(context, principal); + } + krb5_cc_close(context, id); + } + + krb5_cccol_cursor_free(context, &cursor); +} + + +static void +test_copy(krb5_context context, const char *from, const char *to) { - const krb5_cc_ops *from, *to; krb5_ccache fromid, toid; krb5_error_code ret; krb5_principal p, p2; - from = krb5_cc_get_prefix_ops(context, fromtype); - if (from == NULL) - krb5_errx(context, 1, "%s isn't a type", fromtype); - - to = krb5_cc_get_prefix_ops(context, totype); - if (to == NULL) - krb5_errx(context, 1, "%s isn't a type", totype); - ret = krb5_parse_name(context, "lha@SU.SE", &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_cc_gen_new(context, from, &fromid); + ret = krb5_cc_new_unique(context, from, NULL, &fromid); if (ret) - krb5_err(context, 1, ret, "krb5_cc_gen_new"); + krb5_err(context, 1, ret, "krb5_cc_new_unique: %s", from); ret = krb5_cc_initialize(context, fromid, p); if (ret) krb5_err(context, 1, ret, "krb5_cc_initialize"); - ret = krb5_cc_gen_new(context, to, &toid); + ret = krb5_cc_new_unique(context, to, NULL, &toid); if (ret) - krb5_err(context, 1, ret, "krb5_cc_gen_new"); + krb5_err(context, 1, ret, "krb5_cc_gen_new: %s", to); ret = krb5_cc_copy_cache(context, fromid, toid); if (ret) @@ -428,6 +486,55 @@ test_copy(krb5_context context, const char *fromtype, const char *totype) krb5_cc_destroy(context, toid); } +static void +test_move(krb5_context context, const char *type) +{ + const krb5_cc_ops *ops; + krb5_ccache fromid, toid; + krb5_error_code ret; + krb5_principal p, p2; + + ops = krb5_cc_get_prefix_ops(context, type); + if (ops == NULL) + return; + + ret = krb5_cc_new_unique(context, type, NULL, &fromid); + if (ret == KRB5_CC_NOSUPP) + return; + else if (ret) + krb5_err(context, 1, ret, "krb5_cc_new_unique: %s", type); + + ret = krb5_parse_name(context, "lha@SU.SE", &p); + if (ret) + krb5_err(context, 1, ret, "krb5_parse_name"); + + ret = krb5_cc_initialize(context, fromid, p); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_initialize"); + + ret = krb5_cc_new_unique(context, type, NULL, &toid); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_new_unique"); + + ret = krb5_cc_initialize(context, toid, p); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_initialize"); + + ret = krb5_cc_get_principal(context, toid, &p2); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_get_principal"); + + if (krb5_principal_compare(context, p, p2) == FALSE) + krb5_errx(context, 1, "p != p2"); + + krb5_free_principal(context, p); + krb5_free_principal(context, p2); + + krb5_cc_destroy(context, toid); + krb5_cc_destroy(context, fromid); +} + + static void test_prefix_ops(krb5_context context, const char *name, const krb5_cc_ops *ops) { @@ -441,6 +548,68 @@ test_prefix_ops(krb5_context context, const char *name, const krb5_cc_ops *ops) "the expected %s != %s", name, o->prefix, ops->prefix); } +static void +test_cc_config(krb5_context context) +{ + krb5_error_code ret; + krb5_principal p; + krb5_ccache id; + unsigned int i; + + ret = krb5_cc_new_unique(context, "MEMORY", "bar", &id); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_new_unique"); + + ret = krb5_parse_name(context, "lha@SU.SE", &p); + if (ret) + krb5_err(context, 1, ret, "krb5_parse_name"); + + ret = krb5_cc_initialize(context, id, p); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_initialize"); + + for (i = 0; i < 1000; i++) { + krb5_data data, data2; + const char *name = "foo"; + krb5_principal p1 = NULL; + + if (i & 1) + p1 = p; + + data.data = rk_UNCONST(name); + data.length = strlen(name); + + ret = krb5_cc_set_config(context, id, p1, "FriendlyName", &data); + if (ret) + krb5_errx(context, 1, "krb5_cc_set_config: add"); + + ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2); + if (ret) + krb5_errx(context, 1, "krb5_cc_get_config: first"); + krb5_data_free(&data2); + + ret = krb5_cc_set_config(context, id, p1, "FriendlyName", &data); + if (ret) + krb5_errx(context, 1, "krb5_cc_set_config: add -second"); + + ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2); + if (ret) + krb5_errx(context, 1, "krb5_cc_get_config: second"); + krb5_data_free(&data2); + + ret = krb5_cc_set_config(context, id, p1, "FriendlyName", NULL); + if (ret) + krb5_errx(context, 1, "krb5_cc_set_config: delete"); + + ret = krb5_cc_get_config(context, id, p1, "FriendlyName", &data2); + if (ret == 0) + krb5_errx(context, 1, "krb5_cc_get_config: non-existant"); + } + + krb5_cc_destroy(context, id); + krb5_free_principal(context, p); +} + static struct getargs args[] = { {"debug", 'd', arg_flag, &debug_flag, @@ -470,7 +639,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -486,47 +655,82 @@ main(int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); - test_fcache_remove(context); + test_cache_remove(context, krb5_cc_type_file); + test_cache_remove(context, krb5_cc_type_memory); +#ifdef USE_SQLITE + test_cache_remove(context, krb5_cc_type_scc); +#endif + test_default_name(context); test_mcache(context); - test_init_vs_destroy(context, &krb5_mcc_ops); - test_init_vs_destroy(context, &krb5_fcc_ops); + test_init_vs_destroy(context, krb5_cc_type_memory); + test_init_vs_destroy(context, krb5_cc_type_file); +#if 0 + test_init_vs_destroy(context, krb5_cc_type_api); +#endif + test_init_vs_destroy(context, krb5_cc_type_scc); test_mcc_default(); test_def_cc_name(context); - test_cache_iter(context, "MEMORY", 0); + + test_cache_iter_all(context); + + test_cache_iter(context, krb5_cc_type_memory, 0); { krb5_principal p; - krb5_cc_new_unique(context, "MEMORY", "bar", &id1); - krb5_cc_new_unique(context, "MEMORY", "baz", &id2); + krb5_cc_new_unique(context, krb5_cc_type_memory, "bar", &id1); + krb5_cc_new_unique(context, krb5_cc_type_memory, "baz", &id2); krb5_parse_name(context, "lha@SU.SE", &p); krb5_cc_initialize(context, id1, p); krb5_free_principal(context, p); } - test_cache_find(context, "MEMORY", "lha@SU.SE", 1); - test_cache_find(context, "MEMORY", "hulabundulahotentot@SU.SE", 0); + test_cache_find(context, "lha@SU.SE", 1); + test_cache_find(context, "hulabundulahotentot@SU.SE", 0); - test_cache_iter(context, "MEMORY", 0); - test_cache_iter(context, "MEMORY", 1); - test_cache_iter(context, "MEMORY", 0); - test_cache_iter(context, "FILE", 0); - test_cache_iter(context, "API", 0); + test_cache_iter(context, krb5_cc_type_memory, 0); + test_cache_iter(context, krb5_cc_type_memory, 1); + test_cache_iter(context, krb5_cc_type_memory, 0); + test_cache_iter(context, krb5_cc_type_file, 0); + test_cache_iter(context, krb5_cc_type_api, 0); + test_cache_iter(context, krb5_cc_type_scc, 0); + test_cache_iter(context, krb5_cc_type_scc, 1); - test_copy(context, "FILE", "FILE"); - test_copy(context, "MEMORY", "MEMORY"); - test_copy(context, "FILE", "MEMORY"); - test_copy(context, "MEMORY", "FILE"); + test_copy(context, krb5_cc_type_file, krb5_cc_type_file); + test_copy(context, krb5_cc_type_memory, krb5_cc_type_memory); + test_copy(context, krb5_cc_type_file, krb5_cc_type_memory); + test_copy(context, krb5_cc_type_memory, krb5_cc_type_file); + test_copy(context, krb5_cc_type_scc, krb5_cc_type_file); + test_copy(context, krb5_cc_type_file, krb5_cc_type_scc); + test_copy(context, krb5_cc_type_scc, krb5_cc_type_memory); + test_copy(context, krb5_cc_type_memory, krb5_cc_type_scc); + + test_move(context, krb5_cc_type_file); + test_move(context, krb5_cc_type_memory); +#ifdef HAVE_KCM + test_move(context, krb5_cc_type_kcm); +#endif + test_move(context, krb5_cc_type_scc); test_prefix_ops(context, "FILE:/tmp/foo", &krb5_fcc_ops); test_prefix_ops(context, "FILE", &krb5_fcc_ops); test_prefix_ops(context, "MEMORY", &krb5_mcc_ops); test_prefix_ops(context, "MEMORY:foo", &krb5_mcc_ops); test_prefix_ops(context, "/tmp/kaka", &krb5_fcc_ops); +#ifdef HAVE_SCC + test_prefix_ops(context, "SCC:", &krb5_scc_ops); + test_prefix_ops(context, "SCC:foo", &krb5_scc_ops); +#endif krb5_cc_destroy(context, id1); krb5_cc_destroy(context, id2); + test_cc_config(context); + krb5_free_context(context); +#if 0 + sleep(60); +#endif + return 0; } diff --git a/crypto/heimdal/lib/krb5/test_config.c b/crypto/heimdal/lib/krb5/test_config.c index 7fe224e6881..a2816332dab 100644 --- a/crypto/heimdal/lib/krb5/test_config.c +++ b/crypto/heimdal/lib/krb5/test_config.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_config.c 15036 2005-04-30 15:19:58Z lha $"); - static int check_config_file(krb5_context context, char *filelist, char **res, int def) { @@ -49,39 +47,39 @@ check_config_file(krb5_context context, char *filelist, char **res, int def) ret = krb5_prepend_config_files_default(filelist, &pp); else ret = krb5_prepend_config_files(filelist, NULL, &pp); - + if (ret) krb5_err(context, 1, ret, "prepend_config_files"); - + for (i = 0; res[i] && pp[i]; i++) if (strcmp(pp[i], res[i]) != 0) krb5_errx(context, 1, "'%s' != '%s'", pp[i], res[i]); - + if (res[i] != NULL) krb5_errx(context, 1, "pp ended before res list"); - + if (def) { char **deflist; int j; - + ret = krb5_get_default_config_files(&deflist); if (ret) krb5_err(context, 1, ret, "get_default_config_files"); - + for (j = 0 ; pp[i] && deflist[j]; i++, j++) if (strcmp(pp[i], deflist[j]) != 0) krb5_errx(context, 1, "'%s' != '%s'", pp[i], deflist[j]); - + if (deflist[j] != NULL) krb5_errx(context, 1, "pp ended before def list"); krb5_free_config_files(deflist); } - + if (pp[i] != NULL) krb5_errx(context, 1, "pp ended after res (and def) list"); - + krb5_free_config_files(pp); - + return 0; } @@ -94,12 +92,12 @@ struct { char **res; } test[] = { { "/tmp/foo", NULL }, - { "/tmp/foo:/tmp/foo/bar", NULL }, + { "/tmp/foo" PATH_SEP "/tmp/foo/bar", NULL }, { "", NULL } }; -int -main(int argc, char **argv) +static void +check_config_files(void) { krb5_context context; krb5_error_code ret; @@ -119,6 +117,130 @@ main(int argc, char **argv) } krb5_free_context(context); +} +const char *config_string_result0[] = { + "A", "B", "C", "D", NULL +}; + +const char *config_string_result1[] = { + "A", "B", "C D", NULL +}; + +const char *config_string_result2[] = { + "A", "B", "", NULL +}; + +const char *config_string_result3[] = { + "A B;C: D", NULL +}; + +const char *config_string_result4[] = { + "\"\"", "", "\"\"", NULL +}; + +const char *config_string_result5[] = { + "A\"BQd", NULL +}; + +const char *config_string_result6[] = { + "efgh\"", "ABC", NULL +}; + +const char *config_string_result7[] = { + "SnapeKills\\", "Dumbledore", NULL +}; + +const char *config_string_result8[] = { + "\"TownOf Sandwich: Massachusetts\"Oldest", "Town", "In", "Cape Cod", NULL +}; + +const char *config_string_result9[] = { + "\"Begins and\"ends", "In", "One", "String", NULL +}; + +const char *config_string_result10[] = { + "Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:", + "1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.", + "2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.", + "3. Neither the name of the Institute nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.", + "THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", + "Why do we test with such long strings? Because some people have config files", + "That", "look", "Like this.", NULL +}; + +const struct { + const char * name; + const char ** expected; +} config_strings_tests[] = { + { "foo", config_string_result0 }, + { "bar", config_string_result1 }, + { "baz", config_string_result2 }, + { "quux", config_string_result3 }, + { "questionable", config_string_result4 }, + { "mismatch1", config_string_result5 }, + { "mismatch2", config_string_result6 }, + { "internal1", config_string_result7 }, + { "internal2", config_string_result8 }, + { "internal3", config_string_result9 }, + { "longer_strings", config_string_result10 } +}; + +static void +check_escaped_strings(void) +{ + krb5_context context; + krb5_config_section *c = NULL; + krb5_error_code ret; + int i; + + ret = krb5_init_context(&context); + if (ret) + errx(1, "krb5_init_context %d", ret); + + ret = krb5_config_parse_file(context, "test_config_strings.out", &c); + if (ret) + krb5_errx(context, 1, "krb5_config_parse_file()"); + + for (i=0; i < sizeof(config_strings_tests)/sizeof(config_strings_tests[0]); i++) { + char **ps; + const char **s; + const char **e; + + ps = krb5_config_get_strings(context, c, "escapes", config_strings_tests[i].name, + NULL); + if (ps == NULL) + errx(1, "Failed to read string value %s", config_strings_tests[i].name); + + e = config_strings_tests[i].expected; + + for (s = (const char **)ps; *s && *e; s++, e++) { + if (strcmp(*s, *e)) + errx(1, + "Unexpected configuration string at value [%s].\n" + "Actual=[%s]\n" + "Expected=[%s]\n", + config_strings_tests[i].name, *s, *e); + } + + if (*s || *e) + errx(1, "Configuation string list for value [%s] has incorrect length.", + config_strings_tests[i].name); + + krb5_config_free_strings(ps); + } + + ret = krb5_config_file_free(context, c); + if (ret) + krb5_errx(context, 1, "krb5_config_file_free()"); + + krb5_free_context(context); +} + +int +main(int argc, char **argv) +{ + check_config_files(); + check_escaped_strings(); return 0; } diff --git a/crypto/heimdal/lib/krb5/test_crypto.c b/crypto/heimdal/lib/krb5/test_crypto.c index 0837911f26a..972af0c5f47 100644 --- a/crypto/heimdal/lib/krb5/test_crypto.c +++ b/crypto/heimdal/lib/krb5/test_crypto.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003-2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include #include -RCSID("$Id: test_crypto.c 16290 2005-11-24 09:57:50Z lha $"); - static void time_encryption(krb5_context context, size_t size, krb5_enctype etype, int iterations) @@ -79,7 +77,7 @@ time_encryption(krb5_context context, size_t size, timevalsub(&tv2, &tv1); - printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n", + printf("%s size: %7lu iterations: %d time: %3ld.%06ld\n", etype_name, (unsigned long)size, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec); @@ -91,7 +89,7 @@ time_encryption(krb5_context context, size_t size, static void time_s2k(krb5_context context, - krb5_enctype etype, + krb5_enctype etype, const char *password, krb5_salt salt, int iterations) @@ -124,7 +122,7 @@ time_s2k(krb5_context context, timevalsub(&tv2, &tv1); - printf("%s string2key %d iterations time: %3ld.%06ld\n", + printf("%s string2key %d iterations time: %3ld.%06ld\n", etype_name, iterations, (long)tv2.tv_sec, (long)tv2.tv_usec); free(etype_name); @@ -159,7 +157,7 @@ main(int argc, char **argv) int optidx = 0; krb5_salt salt; - krb5_enctype enctypes[] = { + krb5_enctype enctypes[] = { ETYPE_DES_CBC_CRC, ETYPE_DES3_CBC_SHA1, ETYPE_ARCFOUR_HMAC_MD5, @@ -171,7 +169,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -180,9 +178,6 @@ main(int argc, char **argv) exit(0); } - argc -= optidx; - argv += optidx; - salt.salttype = KRB5_PW_SALT; salt.saltvalue.data = NULL; salt.saltvalue.length = 0; @@ -196,6 +191,8 @@ main(int argc, char **argv) for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { + krb5_enctype_enable(context, enctypes[i]); + time_encryption(context, 16, enctypes[i], enciter); time_encryption(context, 32, enctypes[i], enciter); time_encryption(context, 512, enctypes[i], enciter); diff --git a/crypto/heimdal/lib/krb5/test_crypto_wrapping.c b/crypto/heimdal/lib/krb5/test_crypto_wrapping.c index 1618fdf1179..81905a8eadd 100644 --- a/crypto/heimdal/lib/krb5/test_crypto_wrapping.c +++ b/crypto/heimdal/lib/krb5/test_crypto_wrapping.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include #include -RCSID("$Id: test_crypto_wrapping.c 18809 2006-10-22 07:11:43Z lha $"); - static void test_wrapping(krb5_context context, size_t min_size, @@ -124,10 +122,12 @@ main(int argc, char **argv) krb5_error_code ret; int i, optidx = 0; - krb5_enctype enctypes[] = { + krb5_enctype enctypes[] = { +#ifdef HEIM_WEAK_CRYPTO ETYPE_DES_CBC_CRC, ETYPE_DES_CBC_MD4, ETYPE_DES_CBC_MD5, +#endif ETYPE_DES3_CBC_SHA1, ETYPE_ARCFOUR_HMAC_MD5, ETYPE_AES128_CTS_HMAC_SHA1_96, @@ -138,7 +138,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -155,6 +155,8 @@ main(int argc, char **argv) errx (1, "krb5_init_context failed: %d", ret); for (i = 0; i < sizeof(enctypes)/sizeof(enctypes[0]); i++) { + krb5_enctype_enable(context, enctypes[i]); + test_wrapping(context, 0, 1024, 1, enctypes[i]); test_wrapping(context, 1024, 1024 * 100, 1024, enctypes[i]); } diff --git a/crypto/heimdal/lib/krb5/test_forward.c b/crypto/heimdal/lib/krb5/test_forward.c index 163995334ed..3782e5074f6 100644 --- a/crypto/heimdal/lib/krb5/test_forward.c +++ b/crypto/heimdal/lib/krb5/test_forward.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include #include -RCSID("$Id$"); - static int version_flag = 0; static int help_flag = 0; @@ -72,7 +70,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -97,11 +95,11 @@ main(int argc, char **argv) ret = krb5_cc_default(context, &id); if (ret) - krb5_err(context, 1, ret, "krb5_cc_default failed: %d", ret); + krb5_err(context, 1, ret, "krb5_cc_default failed"); ret = krb5_auth_con_init(context, &ac); if (ret) - krb5_err(context, 1, ret, "krb5_auth_con_init failed: %d", ret); + krb5_err(context, 1, ret, "krb5_auth_con_init failed"); krb5_auth_con_addflags(context, ac, KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED, NULL); diff --git a/crypto/heimdal/lib/krb5/test_get_addrs.c b/crypto/heimdal/lib/krb5/test_get_addrs.c index 1d53e0eb8c6..33ca929e6e8 100644 --- a/crypto/heimdal/lib/krb5/test_get_addrs.c +++ b/crypto/heimdal/lib/krb5/test_get_addrs.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include #include -RCSID("$Id: test_get_addrs.c 15474 2005-06-17 04:48:02Z lha $"); - /* print all addresses that we find */ static void @@ -44,7 +42,7 @@ print_addresses (krb5_context context, const krb5_addresses *addrs) int i; char buf[256]; size_t len; - + for (i = 0; i < addrs->len; ++i) { krb5_print_address (&addrs->val[i], buf, sizeof(buf), &len); printf ("%s\n", buf); @@ -83,7 +81,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -92,9 +90,6 @@ main(int argc, char **argv) exit(0); } - argc -= optidx; - argv += optidx; - ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); diff --git a/crypto/heimdal/lib/krb5/test_hostname.c b/crypto/heimdal/lib/krb5/test_hostname.c index 095cb391633..fbdb5c9c322 100644 --- a/crypto/heimdal/lib/krb5/test_hostname.c +++ b/crypto/heimdal/lib/krb5/test_hostname.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include #include -RCSID("$Id: test_hostname.c 15965 2005-08-23 20:18:55Z lha $"); - static int debug_flag = 0; static int version_flag = 0; static int help_flag = 0; @@ -122,7 +120,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); diff --git a/crypto/heimdal/lib/krb5/test_keytab.c b/crypto/heimdal/lib/krb5/test_keytab.c index 97361cc19a3..134b0f17e69 100644 --- a/crypto/heimdal/lib/krb5/test_keytab.c +++ b/crypto/heimdal/lib/krb5/test_keytab.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,8 +32,7 @@ #include "krb5_locl.h" #include - -RCSID("$Id: test_keytab.c 18809 2006-10-22 07:11:43Z lha $"); +#include /* * Test that removal entry from of empty keytab doesn't corrupts @@ -55,6 +54,10 @@ test_empty_keytab(krb5_context context, const char *keytab) krb5_kt_remove_entry(context, id, &entry); + ret = krb5_kt_have_content(context, id); + if (ret == 0) + krb5_errx(context, 1, "supposed to be empty keytab isn't"); + ret = krb5_kt_close(context, id); if (ret) krb5_err(context, 1, ret, "krb5_kt_close"); @@ -167,23 +170,120 @@ test_memory_keytab(krb5_context context, const char *keytab, const char *keytab2 krb5_free_keyblock_contents(context, &entry3.keyblock); } +static void +perf_add(krb5_context context, krb5_keytab id, int times) +{ +} + +static void +perf_find(krb5_context context, krb5_keytab id, int times) +{ +} + +static void +perf_delete(krb5_context context, krb5_keytab id, int forward, int times) +{ +} + + +static int version_flag = 0; +static int help_flag = 0; +static char *perf_str = NULL; +static int times = 1000; + +static struct getargs args[] = { + {"performance", 0, arg_string, &perf_str, + "test performance for named keytab", "keytab" }, + {"times", 0, arg_integer, ×, + "number of times to run the perforamce test", "number" }, + {"version", 0, arg_flag, &version_flag, + "print version", NULL }, + {"help", 0, arg_flag, &help_flag, + NULL, NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + int main(int argc, char **argv) { krb5_context context; krb5_error_code ret; + int optidx = 0; setprogname(argv[0]); + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optidx; + argv += optidx; + + if (argc != 0) + errx(1, "argc != 0"); + ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - test_empty_keytab(context, "MEMORY:foo"); - test_empty_keytab(context, "FILE:foo"); - test_empty_keytab(context, "KRB4:foo"); + if (perf_str) { + krb5_keytab id; - test_memory_keytab(context, "MEMORY:foo", "MEMORY:foo2"); + ret = krb5_kt_resolve(context, perf_str, &id); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_resolve: %s", perf_str); + + /* add, find, delete on keytab */ + perf_add(context, id, times); + perf_find(context, id, times); + perf_delete(context, id, 0, times); + + /* add and find again on used keytab */ + perf_add(context, id, times); + perf_find(context, id, times); + + ret = krb5_kt_destroy(context, id); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_destroy: %s", perf_str); + + ret = krb5_kt_resolve(context, perf_str, &id); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_resolve: %s", perf_str); + + /* try delete backwards */ +#if 0 + perf_add(context, id, times); + perf_delete(context, id, 1, times); +#endif + + ret = krb5_kt_destroy(context, id); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_destroy"); + + } else { + + test_empty_keytab(context, "MEMORY:foo"); + test_empty_keytab(context, "FILE:foo"); + + test_memory_keytab(context, "MEMORY:foo", "MEMORY:foo2"); + + } krb5_free_context(context); diff --git a/crypto/heimdal/lib/krb5/test_kuserok.c b/crypto/heimdal/lib/krb5/test_kuserok.c index 04a6f210a05..5beb1b75732 100644 --- a/crypto/heimdal/lib/krb5/test_kuserok.c +++ b/crypto/heimdal/lib/krb5/test_kuserok.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include #include -RCSID("$Id: test_kuserok.c 15033 2005-04-30 15:15:38Z lha $"); - static int version_flag = 0; static int help_flag = 0; @@ -69,7 +67,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &o)) usage(1); - + if (help_flag) usage (0); @@ -91,7 +89,7 @@ main(int argc, char **argv) ret = krb5_parse_name(context, argv[0], &principal); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - + ret = krb5_unparse_name(context, principal, &p); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); diff --git a/crypto/heimdal/lib/krb5/test_mem.c b/crypto/heimdal/lib/krb5/test_mem.c index 8989caed748..3333d0dc6d9 100644 --- a/crypto/heimdal/lib/krb5/test_mem.c +++ b/crypto/heimdal/lib/krb5/test_mem.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_mem.c 15931 2005-08-12 13:43:46Z lha $"); - /* * Test run functions, to be used with valgrind to detect memoryleaks. */ @@ -52,11 +50,11 @@ check_log(void) ret = krb5_init_context(&context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - + krb5_initlog(context, "test-mem", &logfacility); krb5_addlog_dest(context, logfacility, "0/STDERR:"); krb5_set_warn_dest(context, logfacility); - + krb5_free_context(context); } } diff --git a/crypto/heimdal/lib/krb5/test_pac.c b/crypto/heimdal/lib/krb5/test_pac.c index a22fe3a8c6c..983294ecf90 100644 --- a/crypto/heimdal/lib/krb5/test_pac.c +++ b/crypto/heimdal/lib/krb5/test_pac.c @@ -1,58 +1,56 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: test_pac.c 21934 2007-08-27 14:21:04Z lha $"); - /* * This PAC and keys are copied (with permission) from Samba torture * regression test suite, they where created by Andrew Bartlet. */ static const unsigned char saved_pac[] = { - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, - 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, - 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, + 0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb, + 0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00, 0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00, @@ -95,7 +93,70 @@ static const krb5_keyblock member_keyblock = { }; static time_t authtime = 1120440609; -static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL"; +static const char *user = "w2003final$"; + +/* + * This pac from Christan Krause + */ + +static const unsigned char saved_pac2[] = + "\x05\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xc8\x01\x00\x00" + "\x58\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x18\x00\x00\x00" + "\x20\x02\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x70\x00\x00\x00" + "\x38\x02\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x14\x00\x00\x00" + "\xa8\x02\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x14\x00\x00\x00" + "\xc0\x02\x00\x00\x00\x00\x00\x00\x01\x10\x08\x00\xcc\xcc\xcc\xcc" + "\xb8\x01\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x7d\xee\x09\x76" + "\xf2\x39\xc9\x01\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\xff" + "\xff\xff\xff\x7f\x6d\x49\x38\x62\xf2\x39\xc9\x01\x6d\x09\xa2\x8c" + "\xbb\x3a\xc9\x01\xff\xff\xff\xff\xff\xff\xff\x7f\x0e\x00\x0e\x00" + "\x04\x00\x02\x00\x10\x00\x10\x00\x08\x00\x02\x00\x00\x00\x00\x00" + "\x0c\x00\x02\x00\x00\x00\x00\x00\x10\x00\x02\x00\x00\x00\x00\x00" + "\x14\x00\x02\x00\x00\x00\x00\x00\x18\x00\x02\x00\x02\x01\x00\x00" + "\x52\x04\x00\x00\x01\x02\x00\x00\x03\x00\x00\x00\x1c\x00\x02\x00" + "\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x10\x00\x12\x00\x20\x00\x02\x00\x0e\x00\x10\x00" + "\x24\x00\x02\x00\x28\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00" + "\x6f\x00\x70\x00\x65\x00\x6e\x00\x6d\x00\x73\x00\x70\x00\x00\x00" + "\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x6f\x00\x70\x00" + "\x65\x00\x6e\x00\x20\x00\x6d\x00\x73\x00\x70\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00" + "\x60\x04\x00\x00\x07\x00\x00\x00\x01\x02\x00\x00\x07\x00\x00\x00" + "\x5e\x04\x00\x00\x07\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00" + "\x08\x00\x00\x00\x43\x00\x48\x00\x4b\x00\x52\x00\x2d\x00\x41\x00" + "\x44\x00\x53\x00\x08\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00" + "\x4d\x00\x53\x00\x50\x00\x2d\x00\x41\x00\x44\x00\x53\x00\x00\x00" + "\x04\x00\x00\x00\x01\x04\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00" + "\x91\xad\xdc\x4c\x63\xb8\xb5\x48\xd5\x53\xd2\xd1\x00\x00\x00\x00" + "\x00\x66\xeb\x75\xf2\x39\xc9\x01\x0e\x00\x6f\x00\x70\x00\x65\x00" + "\x6e\x00\x6d\x00\x73\x00\x70\x00\x38\x00\x10\x00\x28\x00\x48\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x6f\x00\x70\x00\x65\x00\x6e\x00" + "\x6d\x00\x73\x00\x70\x00\x40\x00\x6d\x00\x73\x00\x70\x00\x2d\x00" + "\x61\x00\x64\x00\x73\x00\x2e\x00\x70\x00\x65\x00\x70\x00\x70\x00" + "\x65\x00\x72\x00\x63\x00\x6f\x00\x6e\x00\x2e\x00\x64\x00\x65\x00" + "\x4d\x00\x53\x00\x50\x00\x2d\x00\x41\x00\x44\x00\x53\x00\x2e\x00" + "\x50\x00\x45\x00\x50\x00\x50\x00\x45\x00\x52\x00\x43\x00\x4f\x00" + "\x4e\x00\x2e\x00\x44\x00\x45\x00\x76\xff\xff\xff\xb3\x56\x15\x29" + "\x37\xc6\x5c\xf7\x97\x35\xfa\xec\x59\xe8\x96\xa0\x00\x00\x00\x00" + "\x76\xff\xff\xff\x50\x71\xa2\xb1\xa3\x64\x82\x5c\xfd\x23\xea\x3b" + "\xb0\x19\x12\xd4\x00\x00\x00\x00"; + + +static const krb5_keyblock member_keyblock2 = { + ETYPE_DES_CBC_MD5, + { 8, "\x9e\x37\x83\x25\x4a\x7f\xf2\xf8" } +}; + +static time_t authtime2 = 1225304188; +static const char *user2 = "openmsp"; + + int main(int argc, char **argv) @@ -104,13 +165,16 @@ main(int argc, char **argv) krb5_context context; krb5_pac pac; krb5_data data; - krb5_principal p; + krb5_principal p, p2; ret = krb5_init_context(&context); if (ret) errx(1, "krb5_init_contex"); - ret = krb5_parse_name(context, user, &p); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); + + ret = krb5_parse_name_flags(context, user, + KRB5_PRINCIPAL_PARSE_NO_REALM, &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); @@ -123,7 +187,7 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_pac_verify"); - ret = _krb5_pac_sign(context, pac, authtime, p, + ret = _krb5_pac_sign(context, pac, authtime, p, &member_keyblock, &kdc_keyblock, &data); if (ret) krb5_err(context, 1, ret, "_krb5_pac_sign"); @@ -166,10 +230,10 @@ main(int argc, char **argv) if (list[i] == 1) { if (type_1_length != data.length) - krb5_errx(context, 1, "type 1 have wrong length: %lu", + krb5_errx(context, 1, "type 1 have wrong length: %lu", (unsigned long)data.length); } else - krb5_errx(context, 1, "unknown type %lu", + krb5_errx(context, 1, "unknown type %lu", (unsigned long)list[i]); ret = krb5_pac_add_buffer(context, pac2, list[i], &data); @@ -178,28 +242,50 @@ main(int argc, char **argv) krb5_data_free(&data); } free(list); - - ret = _krb5_pac_sign(context, pac2, authtime, p, + + ret = _krb5_pac_sign(context, pac2, authtime, p, &member_keyblock, &kdc_keyblock, &data); if (ret) krb5_err(context, 1, ret, "_krb5_pac_sign 4"); - + krb5_pac_free(context, pac2); ret = krb5_pac_parse(context, data.data, data.length, &pac2); + krb5_data_free(&data); if (ret) krb5_err(context, 1, ret, "krb5_pac_parse 4"); - + ret = krb5_pac_verify(context, pac2, authtime, p, &member_keyblock, &kdc_keyblock); if (ret) krb5_err(context, 1, ret, "krb5_pac_verify 4"); - + krb5_pac_free(context, pac2); } krb5_pac_free(context, pac); + /* + * check pac from Christian + */ + + ret = krb5_parse_name_flags(context, user2, + KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); + if (ret) + krb5_err(context, 1, ret, "krb5_parse_name"); + + ret = krb5_pac_parse(context, saved_pac2, sizeof(saved_pac2) -1, &pac); + if (ret) + krb5_err(context, 1, ret, "krb5_pac_parse"); + + ret = krb5_pac_verify(context, pac, authtime2, p2, + &member_keyblock2, NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_pac_verify c1"); + + krb5_pac_free(context, pac); + krb5_free_principal(context, p2); + /* * Test empty free */ @@ -256,7 +342,7 @@ main(int argc, char **argv) krb5_data_free(&data); } - ret = _krb5_pac_sign(context, pac, authtime, p, + ret = _krb5_pac_sign(context, pac, authtime, p, &member_keyblock, &kdc_keyblock, &data); if (ret) krb5_err(context, 1, ret, "_krb5_pac_sign"); diff --git a/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c b/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c index e23bef9a9ee..e18fd174a58 100644 --- a/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c +++ b/crypto/heimdal/lib/krb5/test_pkinit_dh2key.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,11 +34,9 @@ #include #include -RCSID("$Id: test_pkinit_dh2key.c 18809 2006-10-22 07:11:43Z lha $"); - static void test_dh2key(int i, - krb5_context context, + krb5_context context, const heim_octet_string *dh, const heim_octet_string *c_n, const heim_octet_string *k_n, @@ -191,7 +189,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -208,7 +206,7 @@ main(int argc, char **argv) errx (1, "krb5_init_context failed: %d", ret); for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - test_dh2key(i, context, &tests[i].X, NULL, NULL, + test_dh2key(i, context, &tests[i].X, NULL, NULL, tests[i].type, &tests[i].key); } diff --git a/crypto/heimdal/lib/krb5/test_plugin.c b/crypto/heimdal/lib/krb5/test_plugin.c index 18e9fcd2867..4235442b999 100644 --- a/crypto/heimdal/lib/krb5/test_plugin.c +++ b/crypto/heimdal/lib/krb5/test_plugin.c @@ -1,38 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include -RCSID("$Id: test_plugin.c 22024 2007-11-03 21:36:55Z lha $"); #include "locate_plugin.h" static krb5_error_code @@ -52,7 +51,7 @@ resolve_lookup(void *ctx, enum locate_service_type service, const char *realm, int domain, - int type, + int type, int (*add)(void *,int,struct sockaddr *), void *addctx) { @@ -97,7 +96,8 @@ main(int argc, char **argv) if (ret) errx(1, "krb5_init_contex"); - ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, "resolve", &resolve); + ret = krb5_plugin_register(context, PLUGIN_TYPE_DATA, + KRB5_PLUGIN_LOCATE, &resolve); if (ret) krb5_err(context, 1, ret, "krb5_plugin_register"); @@ -110,7 +110,7 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_krbhst_init_flags"); - + while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0){ found++; if (strcmp(host, "127.0.0.2") != 0) diff --git a/crypto/heimdal/lib/krb5/test_prf.c b/crypto/heimdal/lib/krb5/test_prf.c index 94fb67dffae..26ba2a6ef49 100644 --- a/crypto/heimdal/lib/krb5/test_prf.c +++ b/crypto/heimdal/lib/krb5/test_prf.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" -RCSID("$Id: test_prf.c 20843 2007-06-03 14:23:20Z lha $"); - #include #include @@ -42,7 +40,7 @@ RCSID("$Id: test_prf.c 20843 2007-06-03 14:23:20Z lha $"); * key: string2key(aes256, "testkey", "testkey", default_params) * input: unhex(1122334455667788) * output: 58b594b8a61df6e9439b7baa991ff5c1 - * + * * key: string2key(aes128, "testkey", "testkey", default_params) * input: unhex(1122334455667788) * output: ffa2f823aa7f83a8ce3c5fb730587129 @@ -93,7 +91,7 @@ main(int argc, char **argv) krb5_data_free(&output2); krb5_crypto_destroy(context, crypto); - + krb5_free_keyblock_contents(context, &key); krb5_free_context(context); diff --git a/crypto/heimdal/lib/krb5/test_princ.c b/crypto/heimdal/lib/krb5/test_princ.c index d1036c1b3b4..98e61e3d8bf 100644 --- a/crypto/heimdal/lib/krb5/test_princ.c +++ b/crypto/heimdal/lib/krb5/test_princ.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_princ.c 22071 2007-11-14 20:04:50Z lha $"); - /* * Check that a closed cc still keeps it data and that it's no longer * there when it's destroyed. @@ -67,7 +65,7 @@ test_princ(krb5_context context) free(princ_unparsed); - ret = krb5_unparse_name_flags(context, p, + ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &princ_unparsed); if (ret) @@ -76,10 +74,11 @@ test_princ(krb5_context context) if (strcmp(princ_short, princ_unparsed)) krb5_errx(context, 1, "%s != %s", princ_short, princ_unparsed); free(princ_unparsed); - + realm = krb5_principal_get_realm(context, p); - asprintf(&princ_reformed, "%s@%s", princ_short, realm); + if (asprintf(&princ_reformed, "%s@%s", princ_short, realm) < 0 || princ_reformed == NULL) + errx(1, "malloc"); ret = krb5_parse_name(context, princ_reformed, &p2); free(princ_reformed); @@ -88,7 +87,7 @@ test_princ(krb5_context context) if (!krb5_principal_compare(context, p, p2)) { krb5_errx(context, 1, "p != p2"); - } + } krb5_free_principal(context, p2); @@ -96,7 +95,7 @@ test_princ(krb5_context context) if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_unparse_name_flags(context, p, + ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_SHORT, &princ_unparsed); if (ret) @@ -181,20 +180,20 @@ test_princ(krb5_context context) krb5_errx(context, 1, "'%s' != '%s'", princ, princ_unparsed); free(princ_unparsed); - ret = krb5_parse_name_flags(context, princ, + ret = krb5_parse_name_flags(context, princ, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); if (!ret) krb5_err(context, 1, ret, "Should have failed to parse %s a " "short name", princ); - ret = krb5_parse_name_flags(context, princ_short, + ret = krb5_parse_name_flags(context, princ_short, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_unparse_name_flags(context, p2, + ret = krb5_unparse_name_flags(context, p2, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &princ_unparsed); krb5_free_principal(context, p2); @@ -205,23 +204,23 @@ test_princ(krb5_context context) krb5_errx(context, 1, "'%s' != '%s'", princ_short, princ_unparsed); free(princ_unparsed); - ret = krb5_parse_name_flags(context, princ_short, - KRB5_PRINCIPAL_PARSE_MUST_REALM, + ret = krb5_parse_name_flags(context, princ_short, + KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &p2); if (!ret) krb5_err(context, 1, ret, "Should have failed to parse %s " "because it lacked a realm", princ_short); ret = krb5_parse_name_flags(context, princ, - KRB5_PRINCIPAL_PARSE_MUST_REALM, + KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &p2); if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - + if (!krb5_principal_compare(context, p, p2)) krb5_errx(context, 1, "p != p2"); - ret = krb5_unparse_name_flags(context, p2, + ret = krb5_unparse_name_flags(context, p2, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &princ_unparsed); krb5_free_principal(context, p2); @@ -274,7 +273,7 @@ test_enterprise(krb5_context context) if (ret) krb5_err(context, 1, ret, "krb5_parse_name"); - ret = krb5_parse_name_flags(context, "lha@su.se@WIN.SU.SE", + ret = krb5_parse_name_flags(context, "lha@su.se@WIN.SU.SE", KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name_flags"); @@ -293,7 +292,7 @@ test_enterprise(krb5_context context) * */ - ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", + ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name_flags"); @@ -328,7 +327,7 @@ test_enterprise(krb5_context context) * */ - ret = krb5_parse_name_flags(context, "lha@su.se", + ret = krb5_parse_name_flags(context, "lha@su.se", KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p); if (ret) krb5_err(context, 1, ret, "krb5_parse_name_flags"); diff --git a/crypto/heimdal/lib/krb5/test_renew.c b/crypto/heimdal/lib/krb5/test_renew.c index 5fa2de1b9fa..40d373917ab 100644 --- a/crypto/heimdal/lib/krb5/test_renew.c +++ b/crypto/heimdal/lib/krb5/test_renew.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -35,9 +35,6 @@ #include #include -RCSID("$Id$"); - - static int version_flag = 0; static int help_flag = 0; @@ -66,14 +63,14 @@ main(int argc, char **argv) const char *in_tkt_service = NULL; krb5_ccache id; krb5_error_code ret; - krb5_creds out;; + krb5_creds out; int optidx = 0; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -109,7 +106,7 @@ main(int argc, char **argv) in_tkt_service); if(ret) - krb5_err(context, 1, ret, "krb5_get_kdc_cred"); + krb5_err(context, 1, ret, "krb5_get_renewed_creds"); if (krb5_principal_compare(context, out.client, client) != TRUE) krb5_errx(context, 1, "return principal is not as expected"); diff --git a/crypto/heimdal/lib/krb5/test_store.c b/crypto/heimdal/lib/krb5/test_store.c index 2ce6c8dac36..6b930775c0c 100644 --- a/crypto/heimdal/lib/krb5/test_store.c +++ b/crypto/heimdal/lib/krb5/test_store.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -33,8 +33,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_store.c 20192 2007-02-05 23:21:03Z lha $"); - static void test_int8(krb5_context context, krb5_storage *sp) { @@ -44,6 +42,8 @@ test_int8(krb5_context context, krb5_storage *sp) 0, 1, -1, 128, -127 }, v; + krb5_storage_truncate(sp, 0); + for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_int8(sp, val[i]); @@ -67,6 +67,8 @@ test_int16(krb5_context context, krb5_storage *sp) 0, 1, -1, 32768, -32767 }, v; + krb5_storage_truncate(sp, 0); + for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_int16(sp, val[i]); @@ -90,6 +92,8 @@ test_int32(krb5_context context, krb5_storage *sp) 0, 1, -1, 2147483647, -2147483646 }, v; + krb5_storage_truncate(sp, 0); + for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_int32(sp, val[i]); @@ -113,6 +117,8 @@ test_uint8(krb5_context context, krb5_storage *sp) 0, 1, 255 }, v; + krb5_storage_truncate(sp, 0); + for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_uint8(sp, val[i]); @@ -136,6 +142,8 @@ test_uint16(krb5_context context, krb5_storage *sp) 0, 1, 65535 }, v; + krb5_storage_truncate(sp, 0); + for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_uint16(sp, val[i]); @@ -159,6 +167,8 @@ test_uint32(krb5_context context, krb5_storage *sp) 0, 1, 4294967295UL }, v; + krb5_storage_truncate(sp, 0); + for (i = 0; i < sizeof(val[0])/sizeof(val); i++) { ret = krb5_store_uint32(sp, val[i]); @@ -175,22 +185,54 @@ test_uint32(krb5_context context, krb5_storage *sp) static void -test_storage(krb5_context context) +test_storage(krb5_context context, krb5_storage *sp) { - krb5_storage *sp; - - sp = krb5_storage_emem(); - if (sp == NULL) - krb5_errx(context, 1, "krb5_storage_emem: no mem"); - test_int8(context, sp); test_int16(context, sp); test_int32(context, sp); test_uint8(context, sp); test_uint16(context, sp); test_uint32(context, sp); +} - krb5_storage_free(sp); + +static void +test_truncate(krb5_context context, krb5_storage *sp, int fd) +{ + struct stat sb; + + krb5_store_string(sp, "hej"); + krb5_storage_truncate(sp, 2); + + if (fstat(fd, &sb) != 0) + krb5_err(context, 1, errno, "fstat"); + if (sb.st_size != 2) + krb5_errx(context, 1, "length not 2"); + + krb5_storage_truncate(sp, 1024); + + if (fstat(fd, &sb) != 0) + krb5_err(context, 1, errno, "fstat"); + if (sb.st_size != 1024) + krb5_errx(context, 1, "length not 2"); +} + +static void +check_too_large(krb5_context context, krb5_storage *sp) +{ + uint32_t too_big_sizes[] = { INT_MAX, INT_MAX / 2, INT_MAX / 4, INT_MAX / 8 + 1}; + krb5_error_code ret; + krb5_data data; + size_t n; + + for (n = 0; n < sizeof(too_big_sizes) / sizeof(too_big_sizes); n++) { + krb5_storage_truncate(sp, 0); + krb5_store_uint32(sp, too_big_sizes[n]); + krb5_storage_seek(sp, 0, SEEK_SET); + ret = krb5_ret_data(sp, &data); + if (ret != HEIM_ERR_TOO_BIG) + errx(1, "not too big: %lu", (unsigned long)n); + } } /* @@ -222,13 +264,15 @@ main(int argc, char **argv) { krb5_context context; krb5_error_code ret; - int optidx = 0; + int fd, optidx = 0; + krb5_storage *sp; + const char *fn = "test-store-data"; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -244,7 +288,48 @@ main(int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); - test_storage(context); + /* + * Test encoding/decoding of primotive types on diffrent backends + */ + + sp = krb5_storage_emem(); + if (sp == NULL) + krb5_errx(context, 1, "krb5_storage_emem: no mem"); + + test_storage(context, sp); + check_too_large(context, sp); + krb5_storage_free(sp); + + + fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0600); + if (fd < 0) + krb5_err(context, 1, errno, "open(%s)", fn); + + sp = krb5_storage_from_fd(fd); + close(fd); + if (sp == NULL) + krb5_errx(context, 1, "krb5_storage_from_fd: %s no mem", fn); + + test_storage(context, sp); + krb5_storage_free(sp); + unlink(fn); + + /* + * test truncate behavior + */ + + fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0600); + if (fd < 0) + krb5_err(context, 1, errno, "open(%s)", fn); + + sp = krb5_storage_from_fd(fd); + if (sp == NULL) + krb5_errx(context, 1, "krb5_storage_from_fd: %s no mem", fn); + + test_truncate(context, sp, fd); + krb5_storage_free(sp); + close(fd); + unlink(fn); krb5_free_context(context); diff --git a/crypto/heimdal/lib/krb5/test_time.c b/crypto/heimdal/lib/krb5/test_time.c index 02a0204477c..5f6625c9090 100644 --- a/crypto/heimdal/lib/krb5/test_time.c +++ b/crypto/heimdal/lib/krb5/test_time.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -34,8 +34,6 @@ #include "krb5_locl.h" #include -RCSID("$Id: test_time.c 18809 2006-10-22 07:11:43Z lha $"); - static void check_set_time(krb5_context context) { @@ -51,7 +49,7 @@ check_set_time(krb5_context context) ret = krb5_set_real_time(context, tv.tv_sec + diff, tv.tv_usec); if (ret) krb5_err(context, 1, ret, "krb5_us_timeofday"); - + ret = krb5_us_timeofday(context, &sec, &usec); if (ret) krb5_err(context, 1, ret, "krb5_us_timeofday"); diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c index 7eb4d32fad5..4845a93d944 100644 --- a/crypto/heimdal/lib/krb5/ticket.c +++ b/crypto/heimdal/lib/krb5/ticket.c @@ -1,41 +1,53 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: ticket.c 19544 2006-12-28 20:49:18Z lha $"); +/** + * Free ticket and content + * + * @param context a Kerberos 5 context + * @param ticket ticket to free + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_ticket(krb5_context context, krb5_ticket *ticket) { @@ -46,7 +58,20 @@ krb5_free_ticket(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Copy ticket and content + * + * @param context a Kerberos 5 context + * @param from ticket to copy + * @param to new copy of ticket, free with krb5_free_ticket() + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **to) @@ -57,7 +82,8 @@ krb5_copy_ticket(krb5_context context, *to = NULL; tmp = malloc(sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ @@ -81,7 +107,20 @@ krb5_copy_ticket(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Return client principal in ticket + * + * @param context a Kerberos 5 context + * @param ticket ticket to copy + * @param client client principal, free with krb5_free_principal() + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_client(krb5_context context, const krb5_ticket *ticket, krb5_principal *client) @@ -89,7 +128,20 @@ krb5_ticket_get_client(krb5_context context, return krb5_copy_principal(context, ticket->client, client); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Return server principal in ticket + * + * @param context a Kerberos 5 context + * @param ticket ticket to copy + * @param server server principal, free with krb5_free_principal() + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_server(krb5_context context, const krb5_ticket *ticket, krb5_principal *server) @@ -97,16 +149,44 @@ krb5_ticket_get_server(krb5_context context, return krb5_copy_principal(context, ticket->server, server); } -time_t KRB5_LIB_FUNCTION +/** + * Return end time of ticket + * + * @param context a Kerberos 5 context + * @param ticket ticket to copy + * + * @return end time of ticket + * + * @ingroup krb5 + */ + +KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL krb5_ticket_get_endtime(krb5_context context, const krb5_ticket *ticket) { return ticket->ticket.endtime; } +/** + * Get the flags from the Kerberos ticket + * + * @param context Kerberos context + * @param ticket Kerberos ticket + * + * @return ticket flags + * + * @ingroup krb5_ticket + */ +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL +krb5_ticket_get_flags(krb5_context context, + const krb5_ticket *ticket) +{ + return TicketFlags2int(ticket->ticket.flags); +} + static int find_type_in_ad(krb5_context context, - int type, + int type, krb5_data *data, krb5_boolean *found, krb5_boolean failp, @@ -115,12 +195,14 @@ find_type_in_ad(krb5_context context, int level) { krb5_error_code ret = 0; - int i; + size_t i; if (level > 9) { - krb5_set_error_string(context, "Authorization data nested deeper " - "then %d levels, stop searching", level); ret = ENOENT; /* XXX */ + krb5_set_error_message(context, ret, + N_("Authorization data nested deeper " + "then %d levels, stop searching", ""), + level); goto out; } @@ -133,7 +215,8 @@ find_type_in_ad(krb5_context context, if (!*found && ad->val[i].ad_type == type) { ret = der_copy_octet_string(&ad->val[i].ad_data, data); if (ret) { - krb5_set_error_string(context, "malloc - out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } *found = TRUE; @@ -147,8 +230,10 @@ find_type_in_ad(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "IF_RELEVANT with %d", ret); + krb5_set_error_message(context, ret, + N_("Failed to decode " + "IF_RELEVANT with %d", ""), + (int)ret); goto out; } ret = find_type_in_ad(context, type, data, found, FALSE, @@ -167,8 +252,10 @@ find_type_in_ad(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_string(context, "Failed to decode " - "AD_KDCIssued with %d", ret); + krb5_set_error_message(context, ret, + N_("Failed to decode " + "AD_KDCIssued with %d", ""), + ret); goto out; } if (failp) { @@ -176,11 +263,11 @@ find_type_in_ad(krb5_context context, krb5_data buf; size_t len; - ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, + ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, &child.elements, &len, ret); if (ret) { free_AD_KDCIssued(&child); - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } if(buf.length != len) @@ -194,7 +281,7 @@ find_type_in_ad(krb5_context context, goto out; } if (!valid) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOENT; free_AD_KDCIssued(&child); goto out; @@ -211,17 +298,20 @@ find_type_in_ad(krb5_context context, case KRB5_AUTHDATA_AND_OR: if (!failp) break; - krb5_set_error_string(context, "Authorization data contains " - "AND-OR element that is unknown to the " - "application"); ret = ENOENT; /* XXX */ + krb5_set_error_message(context, ret, + N_("Authorization data contains " + "AND-OR element that is unknown to the " + "application", "")); goto out; default: if (!failp) break; - krb5_set_error_string(context, "Authorization data contains " - "unknown type (%d) ", ad->val[i].ad_type); ret = ENOENT; /* XXX */ + krb5_set_error_message(context, ret, + N_("Authorization data contains " + "unknown type (%d) ", ""), + ad->val[i].ad_type); goto out; } } @@ -235,13 +325,20 @@ out: return ret; } -/* - * Extract the authorization data type of `type' from the - * 'ticket'. Store the field in `data'. This function is to use for - * kerberos applications. +/** + * Extract the authorization data type of type from the ticket. Store + * the field in data. This function is to use for kerberos + * applications. + * + * @param context a Kerberos 5 context + * @param ticket Kerberos ticket + * @param type type to fetch + * @param data returned data, free with krb5_data_free() + * + * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ticket_get_authorization_data_type(krb5_context context, krb5_ticket *ticket, int type, @@ -255,7 +352,8 @@ krb5_ticket_get_authorization_data_type(krb5_context context, ad = ticket->ticket.authorization_data; if (ticket->ticket.authorization_data == NULL) { - krb5_set_error_string(context, "Ticket have not authorization data"); + krb5_set_error_message(context, ENOENT, + N_("Ticket have not authorization data", "")); return ENOENT; /* XXX */ } @@ -264,9 +362,489 @@ krb5_ticket_get_authorization_data_type(krb5_context context, if (ret) return ret; if (!found) { - krb5_set_error_string(context, "Ticket have not authorization " - "data of type %d", type); + krb5_set_error_message(context, ENOENT, + N_("Ticket have not " + "authorization data of type %d", ""), + type); return ENOENT; /* XXX */ } return 0; } + +static krb5_error_code +check_server_referral(krb5_context context, + krb5_kdc_rep *rep, + unsigned flags, + krb5_const_principal requested, + krb5_const_principal returned, + krb5_keyblock * key) +{ + krb5_error_code ret; + PA_ServerReferralData ref; + krb5_crypto session; + EncryptedData ed; + size_t len; + krb5_data data; + PA_DATA *pa; + int i = 0, cmp; + + if (rep->kdc_rep.padata == NULL) + goto noreferral; + + pa = krb5_find_padata(rep->kdc_rep.padata->val, + rep->kdc_rep.padata->len, + KRB5_PADATA_SERVER_REFERRAL, &i); + if (pa == NULL) + goto noreferral; + + memset(&ed, 0, sizeof(ed)); + memset(&ref, 0, sizeof(ref)); + + ret = decode_EncryptedData(pa->padata_value.data, + pa->padata_value.length, + &ed, &len); + if (ret) + return ret; + if (len != pa->padata_value.length) { + free_EncryptedData(&ed); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Referral EncryptedData wrong for realm %s", + "realm"), requested->realm); + return KRB5KRB_AP_ERR_MODIFIED; + } + + ret = krb5_crypto_init(context, key, 0, &session); + if (ret) { + free_EncryptedData(&ed); + return ret; + } + + ret = krb5_decrypt_EncryptedData(context, session, + KRB5_KU_PA_SERVER_REFERRAL, + &ed, &data); + free_EncryptedData(&ed); + krb5_crypto_destroy(context, session); + if (ret) + return ret; + + ret = decode_PA_ServerReferralData(data.data, data.length, &ref, &len); + if (ret) { + krb5_data_free(&data); + return ret; + } + krb5_data_free(&data); + + if (strcmp(requested->realm, returned->realm) != 0) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("server ref realm mismatch, " + "requested realm %s got back %s", ""), + requested->realm, returned->realm); + return KRB5KRB_AP_ERR_MODIFIED; + } + + if (krb5_principal_is_krbtgt(context, returned)) { + const char *realm = returned->name.name_string.val[1]; + + if (ref.referred_realm == NULL + || strcmp(*ref.referred_realm, realm) != 0) + { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("tgt returned with wrong ref", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + } else if (krb5_principal_compare(context, returned, requested) == 0) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("req princ no same as returned", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + + if (ref.requested_principal_name) { + cmp = _krb5_principal_compare_PrincipalName(context, + requested, + ref.requested_principal_name); + if (!cmp) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("referred principal not same " + "as requested", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + } else if (flags & EXTRACT_TICKET_AS_REQ) { + free_PA_ServerReferralData(&ref); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Requested principal missing on AS-REQ", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + + free_PA_ServerReferralData(&ref); + + return ret; +noreferral: + /* + * Expect excact match or that we got a krbtgt + */ + if (krb5_principal_compare(context, requested, returned) != TRUE && + (krb5_realm_compare(context, requested, returned) != TRUE && + krb5_principal_is_krbtgt(context, returned) != TRUE)) + { + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Not same server principal returned " + "as requested", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + return 0; +} + + +/* + * Verify referral data + */ + + +static krb5_error_code +check_client_referral(krb5_context context, + krb5_kdc_rep *rep, + krb5_const_principal requested, + krb5_const_principal mapped, + krb5_keyblock const * key) +{ + krb5_error_code ret; + PA_ClientCanonicalized canon; + krb5_crypto crypto; + krb5_data data; + PA_DATA *pa; + size_t len; + int i = 0; + + if (rep->kdc_rep.padata == NULL) + goto noreferral; + + pa = krb5_find_padata(rep->kdc_rep.padata->val, + rep->kdc_rep.padata->len, + KRB5_PADATA_CLIENT_CANONICALIZED, &i); + if (pa == NULL) + goto noreferral; + + ret = decode_PA_ClientCanonicalized(pa->padata_value.data, + pa->padata_value.length, + &canon, &len); + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed to decode ClientCanonicalized " + "from realm %s", ""), requested->realm); + return ret; + } + + ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, + &canon.names, &len, ret); + if (ret) { + free_PA_ClientCanonicalized(&canon); + return ret; + } + if (data.length != len) + krb5_abortx(context, "internal asn.1 error"); + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free(data.data); + free_PA_ClientCanonicalized(&canon); + return ret; + } + + ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES, + data.data, data.length, + &canon.canon_checksum); + krb5_crypto_destroy(context, crypto); + free(data.data); + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed to verify client canonicalized " + "data from realm %s", ""), + requested->realm); + free_PA_ClientCanonicalized(&canon); + return ret; + } + + if (!_krb5_principal_compare_PrincipalName(context, + requested, + &canon.names.requested_name)) + { + free_PA_ClientCanonicalized(&canon); + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + N_("Requested name doesn't match" + " in client referral", "")); + return KRB5_PRINC_NOMATCH; + } + if (!_krb5_principal_compare_PrincipalName(context, + mapped, + &canon.names.mapped_name)) + { + free_PA_ClientCanonicalized(&canon); + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + N_("Mapped name doesn't match" + " in client referral", "")); + return KRB5_PRINC_NOMATCH; + } + + return 0; + +noreferral: + if (krb5_principal_compare(context, requested, mapped) == FALSE) { + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Not same client principal returned " + "as requested", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + return 0; +} + + +static krb5_error_code KRB5_CALLCONV +decrypt_tkt (krb5_context context, + krb5_keyblock *key, + krb5_key_usage usage, + krb5_const_pointer decrypt_arg, + krb5_kdc_rep *dec_rep) +{ + krb5_error_code ret; + krb5_data data; + size_t size; + krb5_crypto crypto; + + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; + + ret = krb5_decrypt_EncryptedData (context, + crypto, + usage, + &dec_rep->kdc_rep.enc_part, + &data); + krb5_crypto_destroy(context, crypto); + + if (ret) + return ret; + + ret = decode_EncASRepPart(data.data, + data.length, + &dec_rep->enc_part, + &size); + if (ret) + ret = decode_EncTGSRepPart(data.data, + data.length, + &dec_rep->enc_part, + &size); + krb5_data_free (&data); + if (ret) { + krb5_set_error_message(context, ret, + N_("Failed to decode encpart in ticket", "")); + return ret; + } + return 0; +} + +int +_krb5_extract_ticket(krb5_context context, + krb5_kdc_rep *rep, + krb5_creds *creds, + krb5_keyblock *key, + krb5_const_pointer keyseed, + krb5_key_usage key_usage, + krb5_addresses *addrs, + unsigned nonce, + unsigned flags, + krb5_decrypt_proc decrypt_proc, + krb5_const_pointer decryptarg) +{ + krb5_error_code ret; + krb5_principal tmp_principal; + size_t len = 0; + time_t tmp_time; + krb5_timestamp sec_now; + + /* decrypt */ + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); + if (ret) + goto out; + + /* save session key */ + + creds->session.keyvalue.length = 0; + creds->session.keyvalue.data = NULL; + creds->session.keytype = rep->enc_part.key.keytype; + ret = krb5_data_copy (&creds->session.keyvalue, + rep->enc_part.key.keyvalue.data, + rep->enc_part.key.keyvalue.length); + if (ret) { + krb5_clear_error_message(context); + goto out; + } + + /* compare client and save */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, + rep->kdc_rep.cname, + rep->kdc_rep.crealm); + if (ret) + goto out; + + /* check client referral and save principal */ + /* anonymous here ? */ + if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0) { + ret = check_client_referral(context, rep, + creds->client, + tmp_principal, + &creds->session); + if (ret) { + krb5_free_principal (context, tmp_principal); + goto out; + } + } + krb5_free_principal (context, creds->client); + creds->client = tmp_principal; + + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, + rep->kdc_rep.ticket.sname, + rep->kdc_rep.ticket.realm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ + ret = check_server_referral(context, + rep, + flags, + creds->server, + tmp_principal, + &creds->session); + if (ret) { + krb5_free_principal (context, tmp_principal); + goto out; + } + } + krb5_free_principal(context, creds->server); + creds->server = tmp_principal; + + /* verify names */ + if(flags & EXTRACT_TICKET_MATCH_REALM){ + const char *srealm = krb5_principal_get_realm(context, creds->server); + const char *crealm = krb5_principal_get_realm(context, creds->client); + + if (strcmp(rep->enc_part.srealm, srealm) != 0 || + strcmp(rep->enc_part.srealm, crealm) != 0) + { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_message(context); + goto out; + } + } + + /* compare nonces */ + + if (nonce != (unsigned)rep->enc_part.nonce) { + ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); + goto out; + } + + /* set kdc-offset */ + + krb5_timeofday (context, &sec_now); + if (rep->enc_part.flags.initial + && (flags & EXTRACT_TICKET_TIMESYNC) + && context->kdc_sec_offset == 0 + && krb5_config_get_bool (context, NULL, + "libdefaults", + "kdc_timesync", + NULL)) { + context->kdc_sec_offset = rep->enc_part.authtime - sec_now; + krb5_timeofday (context, &sec_now); + } + + /* check all times */ + + if (rep->enc_part.starttime) { + tmp_time = *rep->enc_part.starttime; + } else + tmp_time = rep->enc_part.authtime; + + if (creds->times.starttime == 0 + && abs(tmp_time - sec_now) > context->max_skew) { + ret = KRB5KRB_AP_ERR_SKEW; + krb5_set_error_message (context, ret, + N_("time skew (%d) larger than max (%d)", ""), + abs(tmp_time - sec_now), + (int)context->max_skew); + goto out; + } + + if (creds->times.starttime != 0 + && tmp_time != creds->times.starttime) { + krb5_clear_error_message (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + creds->times.starttime = tmp_time; + + if (rep->enc_part.renew_till) { + tmp_time = *rep->enc_part.renew_till; + } else + tmp_time = 0; + + if (creds->times.renew_till != 0 + && tmp_time > creds->times.renew_till) { + krb5_clear_error_message (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + creds->times.renew_till = tmp_time; + + creds->times.authtime = rep->enc_part.authtime; + + if (creds->times.endtime != 0 + && rep->enc_part.endtime > creds->times.endtime) { + krb5_clear_error_message (context); + ret = KRB5KRB_AP_ERR_MODIFIED; + goto out; + } + + creds->times.endtime = rep->enc_part.endtime; + + if(rep->enc_part.caddr) + krb5_copy_addresses (context, rep->enc_part.caddr, &creds->addresses); + else if(addrs) + krb5_copy_addresses (context, addrs, &creds->addresses); + else { + creds->addresses.len = 0; + creds->addresses.val = NULL; + } + creds->flags.b = rep->enc_part.flags; + + creds->authdata.len = 0; + creds->authdata.val = NULL; + + /* extract ticket */ + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &rep->kdc_rep.ticket, &len, ret); + if(ret) + goto out; + if (creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + creds->second_ticket.length = 0; + creds->second_ticket.data = NULL; + + +out: + memset (rep->enc_part.key.keyvalue.data, 0, + rep->enc_part.key.keyvalue.length); + return ret; +} diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c index 4cd992d48f2..247549ba237 100644 --- a/crypto/heimdal/lib/krb5/time.c +++ b/crypto/heimdal/lib/krb5/time.c @@ -1,62 +1,77 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: time.c 14308 2004-10-13 17:57:11Z lha $"); - -/* +/** * Set the absolute time that the caller knows the kdc has so the * kerberos library can calculate the relative diffrence beteen the * KDC time and local system time. + * + * @param context Keberos 5 context. + * @param sec The applications new of "now" in seconds + * @param usec The applications new of "now" in micro seconds + + * @return Kerberos 5 error code, see krb5_get_error_message(). + * + * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_real_time (krb5_context context, krb5_timestamp sec, int32_t usec) { struct timeval tv; - + gettimeofday(&tv, NULL); context->kdc_sec_offset = sec - tv.tv_sec; - context->kdc_usec_offset = usec - tv.tv_usec; - if (context->kdc_usec_offset < 0) { - context->kdc_sec_offset--; - context->kdc_usec_offset += 1000000; - } + /** + * If the caller passes in a negative usec, its assumed to be + * unknown and the function will use the current time usec. + */ + if (usec >= 0) { + context->kdc_usec_offset = usec - tv.tv_usec; + + if (context->kdc_usec_offset < 0) { + context->kdc_sec_offset--; + context->kdc_usec_offset += 1000000; + } + } else + context->kdc_usec_offset = tv.tv_usec; + return 0; } @@ -64,7 +79,7 @@ krb5_set_real_time (krb5_context context, * return ``corrected'' time in `timeret'. */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_timeofday (krb5_context context, krb5_timestamp *timeret) { @@ -76,7 +91,7 @@ krb5_timeofday (krb5_context context, * like gettimeofday but with time correction to the KDC */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_us_timeofday (krb5_context context, krb5_timestamp *sec, int32_t *usec) @@ -90,8 +105,8 @@ krb5_us_timeofday (krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_format_time(krb5_context context, time_t t, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_format_time(krb5_context context, time_t t, char *s, size_t len, krb5_boolean include_time) { struct tm *tm; @@ -105,7 +120,7 @@ krb5_format_time(krb5_context context, time_t t, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_string_to_deltat(const char *string, krb5_deltat *deltat) { if((*deltat = parse_time(string, "s")) == -1) diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index 9b67ecc04f2..5e21987bca9 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: transited.c 21745 2007-07-31 16:11:25Z lha $"); - /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead that words can not describe it, and all this just to save a few @@ -57,16 +55,15 @@ free_realms(struct tr_realm *r) r = r->next; free(p->realm); free(p); - } + } } static int make_path(krb5_context context, struct tr_realm *r, const char *from, const char *to) { - const char *p; - struct tr_realm *path = r->next; struct tr_realm *tmp; + const char *p; if(strlen(from) < strlen(to)){ const char *str; @@ -74,71 +71,65 @@ make_path(krb5_context context, struct tr_realm *r, from = to; to = str; } - + if(strcmp(from + strlen(from) - strlen(to), to) == 0){ p = from; while(1){ p = strchr(p, '.'); if(p == NULL) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KDC_ERR_POLICY; } p++; if(strcmp(p, to) == 0) break; tmp = calloc(1, sizeof(*tmp)); - if(tmp == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - tmp->next = path; - path = tmp; - path->realm = strdup(p); - if(path->realm == NULL){ - r->next = path; /* XXX */ - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM;; + if(tmp == NULL) + return krb5_enomem(context); + tmp->next = r->next; + r->next = tmp; + tmp->realm = strdup(p); + if(tmp->realm == NULL){ + r->next = tmp->next; + free(tmp); + return krb5_enomem(context); } } }else if(strncmp(from, to, strlen(to)) == 0){ p = from + strlen(from); while(1){ while(p >= from && *p != '/') p--; - if(p == from) { - r->next = path; /* XXX */ + if(p == from) return KRB5KDC_ERR_POLICY; - } + if(strncmp(to, from, p - from) == 0) break; tmp = calloc(1, sizeof(*tmp)); - if(tmp == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + if(tmp == NULL) + return krb5_enomem(context); + tmp->next = r->next; + r->next = tmp; + tmp->realm = malloc(p - from + 1); + if(tmp->realm == NULL){ + r->next = tmp->next; + free(tmp); + return krb5_enomem(context); } - tmp->next = path; - path = tmp; - path->realm = malloc(p - from + 1); - if(path->realm == NULL){ - r->next = path; /* XXX */ - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(path->realm, from, p - from); - path->realm[p - from] = '\0'; + memcpy(tmp->realm, from, p - from); + tmp->realm[p - from] = '\0'; p--; } } else { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KDC_ERR_POLICY; } - r->next = path; - + return 0; } static int make_paths(krb5_context context, - struct tr_realm *realms, const char *client_realm, + struct tr_realm *realms, const char *client_realm, const char *server_realm) { struct tr_realm *r; @@ -186,8 +177,7 @@ expand_realms(krb5_context context, tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return krb5_enomem(context); } r->realm = tmp; strlcat(r->realm, prev_realm, len); @@ -200,8 +190,7 @@ expand_realms(krb5_context context, tmp = malloc(len); if(tmp == NULL){ free_realms(realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return krb5_enomem(context); } strlcpy(tmp, prev_realm, len); strlcat(tmp, r->realm, len); @@ -285,17 +274,14 @@ decode_realms(krb5_context context, } if(tr[i] == ','){ tmp = malloc(tr + i - start + 1); - if(tmp == NULL){ - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } + if(tmp == NULL) + return krb5_enomem(context); memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); if(r == NULL){ free_realms(*realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return krb5_enomem(context); } *realms = append_realm(*realms, r); start = tr + i + 1; @@ -304,32 +290,30 @@ decode_realms(krb5_context context, tmp = malloc(tr + i - start + 1); if(tmp == NULL){ free(*realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return krb5_enomem(context); } memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); if(r == NULL){ free_realms(*realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return krb5_enomem(context); } *realms = append_realm(*realms, r); - + return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_domain_x500_decode(krb5_context context, - krb5_data tr, char ***realms, int *num_realms, + krb5_data tr, char ***realms, unsigned int *num_realms, const char *client_realm, const char *server_realm) { struct tr_realm *r = NULL; struct tr_realm *p, **q; int ret; - + if(tr.length == 0) { *realms = NULL; *num_realms = 0; @@ -340,39 +324,37 @@ krb5_domain_x500_decode(krb5_context context, ret = decode_realms(context, tr.data, tr.length, &r); if(ret) return ret; - + /* apply prefix rule */ ret = expand_realms(context, r, client_realm); if(ret) return ret; - + ret = make_paths(context, r, client_realm, server_realm); if(ret) return ret; - + /* remove empty components and count realms */ - q = &r; *num_realms = 0; - for(p = r; p; ){ - if(p->realm[0] == '\0'){ - free(p->realm); - *q = p->next; - free(p); + for(q = &r; *q; ){ + if((*q)->realm[0] == '\0'){ p = *q; + *q = (*q)->next; + free(p->realm); + free(p); }else{ - q = &p->next; - p = p->next; + q = &(*q)->next; (*num_realms)++; } } - if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms)) + if (*num_realms + 1 > UINT_MAX/sizeof(**realms)) return ERANGE; { char **R; R = malloc((*num_realms + 1) * sizeof(*R)); if (R == NULL) - return ENOMEM; + return krb5_enomem(context); *realms = R; while(r){ *R++ = r->realm; @@ -384,12 +366,13 @@ krb5_domain_x500_decode(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_domain_x500_encode(char **realms, unsigned int num_realms, + krb5_data *encoding) { char *s = NULL; int len = 0; - int i; + unsigned int i; krb5_data_zero(encoding); if (num_realms == 0) return 0; @@ -404,7 +387,7 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) return ENOMEM; *s = '\0'; for(i = 0; i < num_realms; i++){ - if(i && i < num_realms - 1) + if(i) strlcat(s, ",", len + 1); if(realms[i][0] == '/') strlcat(s, " ", len + 1); @@ -415,25 +398,25 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited(krb5_context context, krb5_const_realm client_realm, krb5_const_realm server_realm, krb5_realm *realms, - int num_realms, + unsigned int num_realms, int *bad_realm) { char **tr_realms; char **p; - int i; + size_t i; if(num_realms == 0) return 0; - - tr_realms = krb5_config_get_strings(context, NULL, - "capaths", - client_realm, - server_realm, + + tr_realms = krb5_config_get_strings(context, NULL, + "capaths", + client_realm, + server_realm, NULL); for(i = 0; i < num_realms; i++) { for(p = tr_realms; p && *p; p++) { @@ -442,8 +425,10 @@ krb5_check_transited(krb5_context context, } if(p == NULL || *p == NULL) { krb5_config_free_strings(tr_realms); - krb5_set_error_string (context, "no transit through realm %s", - realms[i]); + krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT, + N_("no transit allowed " + "through realm %s", ""), + realms[i]); if(bad_realm) *bad_realm = i; return KRB5KRB_AP_ERR_ILL_CR_TKT; @@ -453,17 +438,17 @@ krb5_check_transited(krb5_context context, return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_check_transited_realms(krb5_context context, - const char *const *realms, - int num_realms, + const char *const *realms, + unsigned int num_realms, int *bad_realm) { - int i; + size_t i; int ret = 0; - char **bad_realms = krb5_config_get_strings(context, NULL, - "libdefaults", - "transited_realms_reject", + char **bad_realms = krb5_config_get_strings(context, NULL, + "libdefaults", + "transited_realms_reject", NULL); if(bad_realms == NULL) return 0; @@ -472,9 +457,11 @@ krb5_check_transited_realms(krb5_context context, char **p; for(p = bad_realms; *p; p++) if(strcmp(*p, realms[i]) == 0) { - krb5_set_error_string (context, "no transit through realm %s", - *p); ret = KRB5KRB_AP_ERR_ILL_CR_TKT; + krb5_set_error_message (context, ret, + N_("no transit allowed " + "through realm %s", ""), + *p); if(bad_realm) *bad_realm = i; break; diff --git a/crypto/heimdal/lib/krb5/v4_glue.c b/crypto/heimdal/lib/krb5/v4_glue.c deleted file mode 100644 index 37b1e35dd18..00000000000 --- a/crypto/heimdal/lib/krb5/v4_glue.c +++ /dev/null @@ -1,939 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" -RCSID("$Id: v4_glue.c 22071 2007-11-14 20:04:50Z lha $"); - -#include "krb5-v4compat.h" - -/* - * - */ - -#define RCHECK(r,func,label) \ - do { (r) = func ; if (r) goto label; } while(0); - - -/* include this here, to avoid dependencies on libkrb */ - -static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { - 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, - 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, - 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720, - 191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116, - 326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904, - 556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303, - 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247, - 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 -}; - -int KRB5_LIB_FUNCTION -_krb5_krb_time_to_life(time_t start, time_t end) -{ - int i; - time_t life = end - start; - - if (life > MAXTKTLIFETIME || life <= 0) - return 0; -#if 0 - if (krb_no_long_lifetimes) - return (life + 5*60 - 1)/(5*60); -#endif - - if (end >= NEVERDATE) - return TKTLIFENOEXPIRE; - if (life < _tkt_lifetimes[0]) - return (life + 5*60 - 1)/(5*60); - for (i=0; i TKTLIFEMAXFIXED) - return start + MAXTKTLIFETIME; - return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; -} - -/* - * Get the name of the krb4 credentials cache, will use `tkfile' as - * the name if that is passed in. `cc' must be free()ed by caller, - */ - -static krb5_error_code -get_krb4_cc_name(const char *tkfile, char **cc) -{ - - *cc = NULL; - if(tkfile == NULL) { - char *path; - if(!issuid()) { - path = getenv("KRBTKFILE"); - if (path) - *cc = strdup(path); - } - if(*cc == NULL) - if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0) - return errno; - } else { - *cc = strdup(tkfile); - if (*cc == NULL) - return ENOMEM; - } - return 0; -} - -/* - * Write a Kerberos 4 ticket file - */ - -#define KRB5_TF_LCK_RETRY_COUNT 50 -#define KRB5_TF_LCK_RETRY 1 - -static krb5_error_code -write_v4_cc(krb5_context context, const char *tkfile, - krb5_storage *sp, int append) -{ - krb5_error_code ret; - struct stat sb; - krb5_data data; - char *path; - int fd, i; - - ret = get_krb4_cc_name(tkfile, &path); - if (ret) { - krb5_set_error_string(context, - "krb5_krb_tf_setup: failed getting " - "the krb4 credentials cache name"); - return ret; - } - - fd = open(path, O_WRONLY|O_CREAT, 0600); - if (fd < 0) { - ret = errno; - krb5_set_error_string(context, - "krb5_krb_tf_setup: error opening file %s", - path); - free(path); - return ret; - } - - if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { - krb5_set_error_string(context, - "krb5_krb_tf_setup: tktfile %s is not a file", - path); - free(path); - close(fd); - return KRB5_FCC_PERM; - } - - for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) { - if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - sleep(KRB5_TF_LCK_RETRY); - } else - break; - } - if (i == KRB5_TF_LCK_RETRY_COUNT) { - krb5_set_error_string(context, - "krb5_krb_tf_setup: failed to lock %s", - path); - free(path); - close(fd); - return KRB5_FCC_PERM; - } - - if (!append) { - ret = ftruncate(fd, 0); - if (ret < 0) { - flock(fd, LOCK_UN); - krb5_set_error_string(context, - "krb5_krb_tf_setup: failed to truncate %s", - path); - free(path); - close(fd); - return KRB5_FCC_PERM; - } - } - ret = lseek(fd, 0L, SEEK_END); - if (ret < 0) { - ret = errno; - flock(fd, LOCK_UN); - free(path); - close(fd); - return ret; - } - - krb5_storage_to_data(sp, &data); - - ret = write(fd, data.data, data.length); - if (ret != data.length) - ret = KRB5_CC_IO; - - krb5_free_data_contents(context, &data); - - flock(fd, LOCK_UN); - free(path); - close(fd); - - return 0; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_tf_setup(krb5_context context, - struct credentials *v4creds, - const char *tkfile, - int append) -{ - krb5_error_code ret; - krb5_storage *sp; - - sp = krb5_storage_emem(); - if (sp == NULL) - return ENOMEM; - - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST); - krb5_storage_set_eof_code(sp, KRB5_CC_IO); - - krb5_clear_error_string(context); - - if (!append) { - RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error); - RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error); - } - - /* cred */ - RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error); - RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error); - RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error); - ret = krb5_storage_write(sp, v4creds->session, 8); - if (ret != 8) { - ret = KRB5_CC_IO; - goto error; - } - RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error); - RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error); - RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error); - - ret = krb5_storage_write(sp, v4creds->ticket_st.dat, - v4creds->ticket_st.length); - if (ret != v4creds->ticket_st.length) { - ret = KRB5_CC_IO; - goto error; - } - RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error); - - ret = write_v4_cc(context, tkfile, sp, append); - - error: - krb5_storage_free(sp); - - return ret; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_dest_tkt(krb5_context context, const char *tkfile) -{ - krb5_error_code ret; - char *path; - - ret = get_krb4_cc_name(tkfile, &path); - if (ret) { - krb5_set_error_string(context, - "krb5_krb_tf_setup: failed getting " - "the krb4 credentials cache name"); - return ret; - } - - if (unlink(path) < 0) { - ret = errno; - krb5_set_error_string(context, - "krb5_krb_dest_tkt failed removing the cache " - "with error %s", strerror(ret)); - } - free(path); - - return ret; -} - -/* - * - */ - -static krb5_error_code -decrypt_etext(krb5_context context, const krb5_keyblock *key, - const krb5_data *cdata, krb5_data *data) -{ - krb5_error_code ret; - krb5_crypto crypto; - - ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto); - if (ret) - return ret; - - ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data); - krb5_crypto_destroy(context, crypto); - - return ret; -} - - -/* - * - */ - -static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00"; - -static krb5_error_code -storage_to_etext(krb5_context context, - krb5_storage *sp, - const krb5_keyblock *key, - krb5_data *enc_data) -{ - krb5_error_code ret; - krb5_crypto crypto; - krb5_ssize_t size; - krb5_data data; - - /* multiple of eight bytes */ - - size = krb5_storage_seek(sp, 0, SEEK_END); - if (size < 0) - return KRB4ET_RD_AP_UNDEC; - size = 8 - (size & 7); - - ret = krb5_storage_write(sp, eightzeros, size); - if (ret != size) - return KRB4ET_RD_AP_UNDEC; - - ret = krb5_storage_to_data(sp, &data); - if (ret) - return ret; - - ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto); - if (ret) { - krb5_data_free(&data); - return ret; - } - - ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data); - - krb5_data_free(&data); - krb5_crypto_destroy(context, crypto); - - return ret; -} - -/* - * - */ - -static krb5_error_code -put_nir(krb5_storage *sp, const char *name, - const char *instance, const char *realm) -{ - krb5_error_code ret; - - RCHECK(ret, krb5_store_stringz(sp, name), error); - RCHECK(ret, krb5_store_stringz(sp, instance), error); - if (realm) { - RCHECK(ret, krb5_store_stringz(sp, realm), error); - } - error: - return ret; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ticket(krb5_context context, - unsigned char flags, - const char *pname, - const char *pinstance, - const char *prealm, - int32_t paddress, - const krb5_keyblock *session, - int16_t life, - int32_t life_sec, - const char *sname, - const char *sinstance, - const krb5_keyblock *key, - krb5_data *enc_data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(enc_data); - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_store_int8(sp, flags), error); - RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error); - RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error); - - /* session key */ - ret = krb5_storage_write(sp, - session->keyvalue.data, - session->keyvalue.length); - if (ret != session->keyvalue.length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - RCHECK(ret, krb5_store_int8(sp, life), error); - RCHECK(ret, krb5_store_int32(sp, life_sec), error); - RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error); - - ret = storage_to_etext(context, sp, key, enc_data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); - - return ret; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ciph(krb5_context context, - const krb5_keyblock *session, - const char *service, - const char *instance, - const char *realm, - uint32_t life, - unsigned char kvno, - const krb5_data *ticket, - uint32_t kdc_time, - const krb5_keyblock *key, - krb5_data *enc_data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(enc_data); - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - /* session key */ - ret = krb5_storage_write(sp, - session->keyvalue.data, - session->keyvalue.length); - if (ret != session->keyvalue.length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - RCHECK(ret, put_nir(sp, service, instance, realm), error); - RCHECK(ret, krb5_store_int8(sp, life), error); - RCHECK(ret, krb5_store_int8(sp, kvno), error); - RCHECK(ret, krb5_store_int8(sp, ticket->length), error); - ret = krb5_storage_write(sp, ticket->data, ticket->length); - if (ret != ticket->length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - RCHECK(ret, krb5_store_int32(sp, kdc_time), error); - - ret = storage_to_etext(context, sp, key, enc_data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); - - return ret; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_auth_reply(krb5_context context, - const char *pname, - const char *pinst, - const char *prealm, - int32_t time_ws, - int n, - uint32_t x_date, - unsigned char kvno, - const krb5_data *cipher, - krb5_data *data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(data); - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error); - RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error); - RCHECK(ret, put_nir(sp, pname, pinst, prealm), error); - RCHECK(ret, krb5_store_int32(sp, time_ws), error); - RCHECK(ret, krb5_store_int8(sp, n), error); - RCHECK(ret, krb5_store_int32(sp, x_date), error); - RCHECK(ret, krb5_store_int8(sp, kvno), error); - RCHECK(ret, krb5_store_int16(sp, cipher->length), error); - ret = krb5_storage_write(sp, cipher->data, cipher->length); - if (ret != cipher->length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - ret = krb5_storage_to_data(sp, data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 ticket"); - - return ret; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_cr_err_reply(krb5_context context, - const char *name, - const char *inst, - const char *realm, - uint32_t time_ws, - uint32_t e, - const char *e_string, - krb5_data *data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(data); - - if (name == NULL) name = ""; - if (inst == NULL) inst = ""; - if (realm == NULL) realm = ""; - if (e_string == NULL) e_string = ""; - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error); - RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); - RCHECK(ret, put_nir(sp, name, inst, realm), error); - RCHECK(ret, krb5_store_int32(sp, time_ws), error); - /* If it is a Kerberos 4 error-code, remove the et BASE */ - if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255) - e -= ERROR_TABLE_BASE_krb; - RCHECK(ret, krb5_store_int32(sp, e), error); - RCHECK(ret, krb5_store_stringz(sp, e_string), error); - - ret = krb5_storage_to_data(sp, data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_string(context, "Failed to encode kerberos 4 error"); - - return 0; -} - -static krb5_error_code -get_v4_stringz(krb5_storage *sp, char **str, size_t max_len) -{ - krb5_error_code ret; - - ret = krb5_ret_stringz(sp, str); - if (ret) - return ret; - if (strlen(*str) > max_len) { - free(*str); - *str = NULL; - return KRB4ET_INTK_PROT; - } - return 0; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_decomp_ticket(krb5_context context, - const krb5_data *enc_ticket, - const krb5_keyblock *key, - const char *local_realm, - char **sname, - char **sinstance, - struct _krb5_krb_auth_data *ad) -{ - krb5_error_code ret; - krb5_ssize_t size; - krb5_storage *sp = NULL; - krb5_data ticket; - unsigned char des_key[8]; - - memset(ad, 0, sizeof(*ad)); - krb5_data_zero(&ticket); - - *sname = NULL; - *sinstance = NULL; - - RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error); - - sp = krb5_storage_from_data(&ticket); - if (sp == NULL) { - krb5_data_free(&ticket); - krb5_set_error_string(context, "alloc: out of memory"); - return ENOMEM; - } - - krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT); - - RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error); - RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error); - RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error); - - size = krb5_storage_read(sp, des_key, sizeof(des_key)); - if (size != sizeof(des_key)) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error); - - if (ad->k_flags & 1) - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); - else - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error); - - RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error); - RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error); - - ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE, - des_key, sizeof(des_key), &ad->session); - if (ret) - goto error; - - if (strlen(ad->prealm) == 0) { - free(ad->prealm); - ad->prealm = strdup(local_realm); - if (ad->prealm == NULL) { - ret = ENOMEM; - goto error; - } - } - - error: - memset(des_key, 0, sizeof(des_key)); - if (sp) - krb5_storage_free(sp); - krb5_data_free(&ticket); - if (ret) { - if (*sname) { - free(*sname); - *sname = NULL; - } - if (*sinstance) { - free(*sinstance); - *sinstance = NULL; - } - _krb5_krb_free_auth_data(context, ad); - krb5_set_error_string(context, "Failed to decode v4 ticket"); - } - return ret; -} - -/* - * - */ - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_rd_req(krb5_context context, - krb5_data *authent, - const char *service, - const char *instance, - const char *local_realm, - int32_t from_addr, - const krb5_keyblock *key, - struct _krb5_krb_auth_data *ad) -{ - krb5_error_code ret; - krb5_storage *sp; - krb5_data ticket, eaut, aut; - krb5_ssize_t size; - int little_endian; - int8_t pvno; - int8_t type; - int8_t s_kvno; - uint8_t ticket_length; - uint8_t eaut_length; - uint8_t time_5ms; - char *realm = NULL; - char *sname = NULL; - char *sinstance = NULL; - char *r_realm = NULL; - char *r_name = NULL; - char *r_instance = NULL; - - uint32_t r_time_sec; /* Coarse time from authenticator */ - unsigned long delta_t; /* Time in authenticator - local time */ - long tkt_age; /* Age of ticket */ - - struct timeval tv; - - krb5_data_zero(&ticket); - krb5_data_zero(&eaut); - krb5_data_zero(&aut); - - sp = krb5_storage_from_data(authent); - if (sp == NULL) { - krb5_set_error_string(context, "alloc: out of memory"); - return ENOMEM; - } - - krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT); - - ret = krb5_ret_int8(sp, &pvno); - if (ret) { - krb5_set_error_string(context, "Failed reading v4 pvno"); - goto error; - } - - if (pvno != KRB_PROT_VERSION) { - ret = KRB4ET_RD_AP_VERSION; - krb5_set_error_string(context, "Failed v4 pvno not 4"); - goto error; - } - - ret = krb5_ret_int8(sp, &type); - if (ret) { - krb5_set_error_string(context, "Failed readin v4 type"); - goto error; - } - - little_endian = type & 1; - type &= ~1; - - if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { - ret = KRB4ET_RD_AP_MSG_TYPE; - krb5_set_error_string(context, "Not a valid v4 request type"); - goto error; - } - - RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error); - RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error); - RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error); - RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error); - RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error); - - size = krb5_storage_read(sp, ticket.data, ticket.length); - if (size != ticket.length) { - ret = KRB4ET_INTK_PROT; - krb5_set_error_string(context, "Failed reading v4 ticket"); - goto error; - } - - /* Decrypt and take apart ticket */ - ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, - &sname, &sinstance, ad); - if (ret) - goto error; - - RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error); - - size = krb5_storage_read(sp, eaut.data, eaut.length); - if (size != eaut.length) { - ret = KRB4ET_INTK_PROT; - krb5_set_error_string(context, "Failed reading v4 authenticator"); - goto error; - } - - krb5_storage_free(sp); - sp = NULL; - - ret = decrypt_etext(context, &ad->session, &eaut, &aut); - if (ret) - goto error; - - sp = krb5_storage_from_data(&aut); - if (sp == NULL) { - ret = ENOMEM; - krb5_set_error_string(context, "alloc: out of memory"); - goto error; - } - - if (little_endian) - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); - else - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error); - - RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error); - RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error); - RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error); - - if (strcmp(ad->pname, r_name) != 0 || - strcmp(ad->pinst, r_instance) != 0 || - strcmp(ad->prealm, r_realm) != 0) { - krb5_set_error_string(context, "v4 principal mismatch"); - ret = KRB4ET_RD_AP_INCON; - goto error; - } - - if (from_addr && ad->address && from_addr != ad->address) { - krb5_set_error_string(context, "v4 bad address in ticket"); - ret = KRB4ET_RD_AP_BADD; - goto error; - } - - gettimeofday(&tv, NULL); - delta_t = abs((int)(tv.tv_sec - r_time_sec)); - if (delta_t > CLOCK_SKEW) { - ret = KRB4ET_RD_AP_TIME; - krb5_set_error_string(context, "v4 clock skew"); - goto error; - } - - /* Now check for expiration of ticket */ - - tkt_age = tv.tv_sec - ad->time_sec; - - if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { - ret = KRB4ET_RD_AP_NYV; - krb5_set_error_string(context, "v4 clock skew for expiration"); - goto error; - } - - if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { - ret = KRB4ET_RD_AP_EXP; - krb5_set_error_string(context, "v4 ticket expired"); - goto error; - } - - ret = 0; - error: - krb5_data_free(&ticket); - krb5_data_free(&eaut); - krb5_data_free(&aut); - if (realm) - free(realm); - if (sname) - free(sname); - if (sinstance) - free(sinstance); - if (r_name) - free(r_name); - if (r_instance) - free(r_instance); - if (r_realm) - free(r_realm); - if (sp) - krb5_storage_free(sp); - - if (ret) - krb5_clear_error_string(context); - - return ret; -} - -/* - * - */ - -void KRB5_LIB_FUNCTION -_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) -{ - if (ad->pname) - free(ad->pname); - if (ad->pinst) - free(ad->pinst); - if (ad->prealm) - free(ad->prealm); - krb5_free_keyblock_contents(context, &ad->session); - memset(ad, 0, sizeof(*ad)); -} diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c index 37db3466929..2e77b7e59d9 100644 --- a/crypto/heimdal/lib/krb5/verify_init.c +++ b/crypto/heimdal/lib/krb5/verify_init.c @@ -1,47 +1,45 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: verify_init.c 15555 2005-07-06 00:48:16Z lha $"); - -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options) { memset (options, 0, sizeof(*options)); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options, int ap_req_nofail) { @@ -69,7 +67,7 @@ fail_verify_is_ok (krb5_context context, return TRUE; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_init_creds(krb5_context context, krb5_creds *creds, krb5_principal ap_req_server, @@ -92,8 +90,8 @@ krb5_verify_init_creds(krb5_context context, if (gethostname (local_hostname, sizeof(local_hostname)) < 0) { ret = errno; - krb5_set_error_string (context, "gethostname: %s", - strerror(ret)); + krb5_set_error_message (context, ret, "gethostname: %s", + strerror(ret)); return ret; } @@ -117,7 +115,8 @@ krb5_verify_init_creds(krb5_context context, if (ccache && *ccache) local_ccache = *ccache; else { - ret = krb5_cc_gen_new (context, &krb5_mcc_ops, &local_ccache); + ret = krb5_cc_new_unique(context, krb5_cc_type_memory, + NULL, &local_ccache); if (ret) goto cleanup; ret = krb5_cc_initialize (context, @@ -159,7 +158,7 @@ krb5_verify_init_creds(krb5_context context, NULL, creds, &req); - + krb5_auth_con_free (context, auth_context); auth_context = NULL; @@ -197,3 +196,48 @@ cleanup: return ret; } + +/** + * Validate the newly fetch credential, see also krb5_verify_init_creds(). + * + * @param context a Kerberos 5 context + * @param creds the credentials to verify + * @param client the client name to match up + * @param ccache the credential cache to use + * @param service a service name to use, used with + * krb5_sname_to_principal() to build a hostname to use to + * verify. + * + * @ingroup krb5_ccache + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_get_validated_creds(krb5_context context, + krb5_creds *creds, + krb5_principal client, + krb5_ccache ccache, + char *service) +{ + krb5_verify_init_creds_opt vopt; + krb5_principal server; + krb5_error_code ret; + + if (krb5_principal_compare(context, creds->client, client) != TRUE) { + krb5_set_error_message(context, KRB5_PRINC_NOMATCH, + N_("Validation credentials and client " + "doesn't match", "")); + return KRB5_PRINC_NOMATCH; + } + + ret = krb5_sname_to_principal (context, NULL, service, + KRB5_NT_SRV_HST, &server); + if(ret) + return ret; + + krb5_verify_init_creds_opt_init(&vopt); + + ret = krb5_verify_init_creds(context, creds, server, NULL, NULL, &vopt); + krb5_free_principal(context, server); + + return ret; +} diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 index 28f84aba41e..fc580feaa2d 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: verify_krb5_conf.8 14375 2004-12-08 17:52:41Z lha $ +.\" $Id$ .\" .Dd December 8, 2004 .Dt VERIFY_KRB5_CONF 8 @@ -45,7 +45,7 @@ reads the configuration file .Pa krb5.conf , or the file given on the command line, -and parses it, thereby verifying that the syntax is not correctly wrong. +parses it, checking verifying that the syntax is not correctly wrong. .Pp If the file is syntactically correct, .Nm @@ -79,7 +79,7 @@ versa, or just that is confused. .It : unknown entry Means that is not known by -.Nm "" . +.Nm . .El .Sh SEE ALSO .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c index b55fbd7a86b..d554423a16d 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c @@ -1,41 +1,40 @@ /* - * Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include #include #include -RCSID("$Id: verify_krb5_conf.c 22233 2007-12-08 21:43:37Z lha $"); /* verify krb5.conf */ @@ -45,9 +44,9 @@ static int help_flag = 0; static int warn_mit_syntax_flag = 0; static struct getargs args[] = { - {"dumpconfig", 0, arg_flag, &dumpconfig_flag, + {"dumpconfig", 0, arg_flag, &dumpconfig_flag, "show the parsed config files", NULL }, - {"warn-mit-syntax", 0, arg_flag, &warn_mit_syntax_flag, + {"warn-mit-syntax", 0, arg_flag, &warn_mit_syntax_flag, "show the parsed config files", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, @@ -88,11 +87,17 @@ check_time(krb5_context context, const char *path, char *data) static int check_numeric(krb5_context context, const char *path, char *data) { - long int v; + long v; char *end; v = strtol(data, &end, 0); + + if ((v == LONG_MIN || v == LONG_MAX) && errno != 0) { + krb5_warnx(context, "%s: over/under flow for \"%s\"", + path, data); + return 1; + } if(*end != '\0') { - krb5_warnx(context, "%s: failed to parse \"%s\" as a number", + krb5_warnx(context, "%s: failed to parse \"%s\" as a number", path, data); return 1; } @@ -111,12 +116,12 @@ check_boolean(krb5_context context, const char *path, char *data) return 0; v = strtol(data, &end, 0); if(*end != '\0') { - krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean", + krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean", path, data); return 1; } if(v != 0 && v != 1) - krb5_warnx(context, "%s: numeric value \"%s\" is treated as \"true\"", + krb5_warnx(context, "%s: numeric value \"%s\" is treated as \"true\"", path, data); return 0; } @@ -130,7 +135,7 @@ check_524(krb5_context context, const char *path, char *data) strcasecmp(data, "local") == 0) return 0; - krb5_warnx(context, "%s: didn't contain a valid option `%s'", + krb5_warnx(context, "%s: didn't contain a valid option `%s'", path, data); return 1; } @@ -155,7 +160,7 @@ check_host(krb5_context context, const char *path, char *data) hints.ai_canonname = NULL; hints.ai_addr = NULL; hints.ai_next = NULL; - + /* XXX data could be a list of hosts that this code can't handle */ /* XXX copied from krbhst.c */ if(strncmp(p, "http://", 7) == 0){ @@ -191,7 +196,7 @@ check_host(krb5_context context, const char *path, char *data) char *end; int tmp = strtol(p, &end, 0); if(end == p) { - krb5_warnx(context, "%s: failed to parse port number in %s", + krb5_warnx(context, "%s: failed to parse port number in %s", path, data); return 1; } @@ -304,7 +309,7 @@ check_log(krb5_context context, const char *path, char *data) } p++; } - if(strcmp(p, "STDERR") == 0 || + if(strcmp(p, "STDERR") == 0 || strcmp(p, "CONSOLE") == 0 || (strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')) || (strncmp(p, "DEVICE", 6) == 0 && p[6] == '=')) @@ -323,12 +328,12 @@ check_log(krb5_context context, const char *path, char *data) if(*facility == '\0') strlcpy(facility, "AUTH", sizeof(facility)); if(find_value(severity, syslogvals) == -1) { - krb5_warnx(context, "%s: unknown syslog facility \"%s\"", + krb5_warnx(context, "%s: unknown syslog facility \"%s\"", path, facility); ret++; } if(find_value(severity, syslogvals) == -1) { - krb5_warnx(context, "%s: unknown syslog severity \"%s\"", + krb5_warnx(context, "%s: unknown syslog severity \"%s\"", path, severity); ret++; } @@ -344,6 +349,7 @@ struct entry { const char *name; int type; void *check_data; + int deprecated; }; struct entry all_strings[] = { @@ -365,7 +371,8 @@ struct entry v4_name_convert_entries[] = { struct entry libdefaults_entries[] = { { "accept_null_addresses", krb5_config_string, check_boolean }, - { "capath", krb5_config_list, all_strings }, + { "allow_weak_crypto", krb5_config_string, check_boolean }, + { "capath", krb5_config_list, all_strings, 1 }, { "check_pac", krb5_config_string, check_boolean }, { "clockskew", krb5_config_string, check_time }, { "date_format", krb5_config_string, NULL }, @@ -395,7 +402,7 @@ struct entry libdefaults_entries[] = { { "maxretries", krb5_config_string, check_numeric }, { "scan_interfaces", krb5_config_string, check_boolean }, { "srv_lookup", krb5_config_string, check_boolean }, - { "srv_try_txt", krb5_config_string, check_boolean }, + { "srv_try_txt", krb5_config_string, check_boolean }, { "ticket_lifetime", krb5_config_string, check_time }, { "time_format", krb5_config_string, NULL }, { "transited_realms_reject", krb5_config_string, NULL }, @@ -571,17 +578,19 @@ struct entry toplevel_sections[] = { static int -check_section(krb5_context context, const char *path, krb5_config_section *cf, +check_section(krb5_context context, const char *path, krb5_config_section *cf, struct entry *entries) { int error = 0; krb5_config_section *p; struct entry *e; - + char *local; - + for(p = cf; p != NULL; p = p->next) { - asprintf(&local, "%s/%s", path, p->name); + local = NULL; + if (asprintf(&local, "%s/%s", path, p->name) < 0 || local == NULL) + errx(1, "out of memory"); for(e = entries; e->name != NULL; e++) { if(*e->name == '\0' || strcmp(e->name, p->name) == 0) { if(e->type != p->type) { @@ -592,6 +601,10 @@ check_section(krb5_context context, const char *path, krb5_config_section *cf, } else if(p->type == krb5_config_list && e->check_data != NULL) { error |= check_section(context, local, p->u.list, e->check_data); } + if(e->deprecated) { + krb5_warnx(context, "%s: is a deprecated entry", local); + error |= 1; + } break; } } @@ -646,7 +659,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -671,6 +684,6 @@ main(int argc, char **argv) if(dumpconfig_flag) dumpconfig(0, tmp_cf); - + return check_section(context, "", tmp_cf, toplevel_sections); } diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c index 1edbaff7e23..01562ef562a 100644 --- a/crypto/heimdal/lib/krb5/verify_user.c +++ b/crypto/heimdal/lib/krb5/verify_user.c @@ -1,40 +1,38 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: verify_user.c 19078 2006-11-20 18:12:41Z lha $"); - static krb5_error_code verify_common (krb5_context context, krb5_principal principal, @@ -90,7 +88,7 @@ verify_common (krb5_context context, * As a side effect, fresh tickets are obtained and stored in `ccache'. */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_init(krb5_verify_opt *opt) { memset(opt, 0, sizeof(*opt)); @@ -98,49 +96,50 @@ krb5_verify_opt_init(krb5_verify_opt *opt) opt->service = "host"; } -int KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION int KRB5_LIB_CALL krb5_verify_opt_alloc(krb5_context context, krb5_verify_opt **opt) { *opt = calloc(1, sizeof(**opt)); if ((*opt) == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } krb5_verify_opt_init(*opt); return 0; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_free(krb5_verify_opt *opt) { free(opt); } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache) { opt->ccache = ccache; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab) { opt->keytab = keytab; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure) { opt->secure = secure; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service) { opt->service = service; } -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags) { opt->flags |= flags; @@ -160,8 +159,8 @@ verify_user_opt_int(krb5_context context, ret = krb5_get_init_creds_opt_alloc (context, &opt); if (ret) return ret; - krb5_get_init_creds_opt_set_default_flags(context, NULL, - krb5_principal_get_realm(context, principal), + krb5_get_init_creds_opt_set_default_flags(context, NULL, + krb5_principal_get_realm(context, principal), opt); ret = krb5_get_init_creds_password (context, &cred, @@ -176,13 +175,13 @@ verify_user_opt_int(krb5_context context, if(ret) return ret; #define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D)) - return verify_common (context, principal, OPT(ccache, NULL), - OPT(keytab, NULL), vopt ? vopt->secure : TRUE, + return verify_common (context, principal, OPT(ccache, NULL), + OPT(keytab, NULL), vopt ? vopt->secure : TRUE, OPT(service, "host"), cred); #undef OPT } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verify_user_opt(krb5_context context, krb5_principal principal, const char *password, @@ -196,18 +195,14 @@ krb5_verify_user_opt(krb5_context context, if (ret) return ret; ret = KRB5_CONFIG_NODEFREALM; - + for (r = realms; *r != NULL && ret != 0; ++r) { - char *tmp = strdup (*r); - - if (tmp == NULL) { + ret = krb5_principal_set_realm(context, principal, *r); + if (ret) { krb5_free_host_realm (context, realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return ret; } - free (*krb5_princ_realm (context, principal)); - krb5_princ_set_realm (context, principal, &tmp); - + ret = verify_user_opt_int(context, principal, password, opt); } krb5_free_host_realm (context, realms); @@ -220,8 +215,8 @@ krb5_verify_user_opt(krb5_context context, /* compat function that calls above */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_user(krb5_context context, krb5_principal principal, krb5_ccache ccache, const char *password, @@ -229,13 +224,13 @@ krb5_verify_user(krb5_context context, const char *service) { krb5_verify_opt opt; - + krb5_verify_opt_init(&opt); - + krb5_verify_opt_set_ccache(&opt, ccache); krb5_verify_opt_set_secure(&opt, secure); krb5_verify_opt_set_service(&opt, service); - + return krb5_verify_user_opt(context, principal, password, &opt); } @@ -244,8 +239,8 @@ krb5_verify_user(krb5_context context, * ignored and all the local realms are tried. */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user_lrealm(krb5_context context, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verify_user_lrealm(krb5_context context, krb5_principal principal, krb5_ccache ccache, const char *password, @@ -253,13 +248,13 @@ krb5_verify_user_lrealm(krb5_context context, const char *service) { krb5_verify_opt opt; - + krb5_verify_opt_init(&opt); - + krb5_verify_opt_set_ccache(&opt, ccache); krb5_verify_opt_set_secure(&opt, secure); krb5_verify_opt_set_service(&opt, service); krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS); - + return krb5_verify_user_opt(context, principal, password, &opt); } diff --git a/crypto/heimdal/lib/krb5/version-script.map b/crypto/heimdal/lib/krb5/version-script.map index df8804a4e31..818e6e071cb 100644 --- a/crypto/heimdal/lib/krb5/version-script.map +++ b/crypto/heimdal/lib/krb5/version-script.map @@ -1,6 +1,4 @@ -# $Id$ - -HEIMDAL_KRB5_1.0 { +HEIMDAL_KRB5_2.0 { global: krb524_convert_creds_kdc; krb524_convert_creds_kdc_ccache; @@ -22,6 +20,7 @@ HEIMDAL_KRB5_1.0 { krb5_address_order; krb5_address_prefixlen_boundary; krb5_address_search; + krb5_allow_weak_crypto; krb5_aname_to_localname; krb5_anyaddr; krb5_appdefault_boolean; @@ -41,6 +40,7 @@ HEIMDAL_KRB5_1.0 { krb5_auth_con_getlocalseqnumber; krb5_auth_con_getlocalsubkey; krb5_auth_con_getrcache; + krb5_auth_con_getremoteseqnumber; krb5_auth_con_getremotesubkey; krb5_auth_con_init; krb5_auth_con_removeflags; @@ -58,7 +58,6 @@ HEIMDAL_KRB5_1.0 { krb5_auth_con_setuserkey; krb5_auth_getremoteseqnumber; krb5_build_ap_req; - krb5_build_authenticator; krb5_build_principal; krb5_build_principal_ext; krb5_build_principal_va; @@ -88,13 +87,17 @@ HEIMDAL_KRB5_1.0 { krb5_cc_clear_mcred; krb5_cc_close; krb5_cc_copy_cache; - krb5_cc_copy_cache_match; + krb5_cc_copy_match_f; krb5_cc_default; krb5_cc_default_name; krb5_cc_destroy; krb5_cc_end_seq_get; krb5_cc_gen_new; + krb5_cc_get_config; + krb5_cc_get_friendly_name; krb5_cc_get_full_name; + krb5_cc_get_kdc_offset; + krb5_cc_get_lifetime; krb5_cc_get_name; krb5_cc_get_ops; krb5_cc_get_prefix_ops; @@ -102,6 +105,7 @@ HEIMDAL_KRB5_1.0 { krb5_cc_get_type; krb5_cc_get_version; krb5_cc_initialize; + krb5_cc_last_change_time; krb5_cc_move; krb5_cc_new_unique; krb5_cc_next_cred; @@ -110,10 +114,15 @@ HEIMDAL_KRB5_1.0 { krb5_cc_remove_cred; krb5_cc_resolve; krb5_cc_retrieve_cred; + krb5_cc_set_config; krb5_cc_set_default_name; krb5_cc_set_flags; + krb5_cc_set_kdc_offset; krb5_cc_start_seq_get; krb5_cc_store_cred; + krb5_cc_support_switch; + krb5_cc_switch; + krb5_cc_set_friendly_name; krb5_change_password; krb5_check_transited; krb5_check_transited_realms; @@ -122,19 +131,19 @@ HEIMDAL_KRB5_1.0 { krb5_checksum_is_collision_proof; krb5_checksum_is_keyed; krb5_checksumsize; + krb5_cksumtype_to_enctype; krb5_cksumtype_valid; krb5_clear_error_string; + krb5_clear_error_message; krb5_closelog; krb5_compare_creds; krb5_config_file_free; krb5_config_free_strings; - krb5_config_get; krb5_config_get_bool; krb5_config_get_bool_default; krb5_config_get_int; krb5_config_get_int_default; krb5_config_get_list; - krb5_config_get_next; krb5_config_get_string; krb5_config_get_string_default; krb5_config_get_strings; @@ -143,13 +152,11 @@ HEIMDAL_KRB5_1.0 { krb5_config_parse_file; krb5_config_parse_file_multi; krb5_config_parse_string_multi; - krb5_config_vget; krb5_config_vget_bool; krb5_config_vget_bool_default; krb5_config_vget_int; krb5_config_vget_int_default; krb5_config_vget_list; - krb5_config_vget_next; krb5_config_vget_string; krb5_config_vget_string_default; krb5_config_vget_strings; @@ -160,6 +167,7 @@ HEIMDAL_KRB5_1.0 { krb5_copy_checksum; krb5_copy_creds; krb5_copy_creds_contents; + krb5_copy_context; krb5_copy_data; krb5_copy_host_realm; krb5_copy_keyblock; @@ -167,7 +175,9 @@ HEIMDAL_KRB5_1.0 { krb5_copy_principal; krb5_copy_ticket; krb5_create_checksum; + krb5_create_checksum_iov; krb5_crypto_destroy; + krb5_crypto_fx_cf2; krb5_crypto_get_checksum_type; krb5_crypto_getblocksize; krb5_crypto_getconfoundersize; @@ -177,7 +187,13 @@ HEIMDAL_KRB5_1.0 { krb5_crypto_overhead; krb5_crypto_prf; krb5_crypto_prf_length; + krb5_crypto_length; + krb5_crypto_length_iov; + krb5_decrypt_iov_ivec; + krb5_encrypt_iov_ivec; + krb5_enomem; krb5_data_alloc; + krb5_data_ct_cmp; krb5_data_cmp; krb5_data_copy; krb5_data_free; @@ -241,6 +257,7 @@ HEIMDAL_KRB5_1.0 { krb5_encrypt; krb5_encrypt_EncryptedData; krb5_encrypt_ivec; + krb5_enctype_enable; krb5_enctype_disable; krb5_enctype_keybits; krb5_enctype_keysize; @@ -268,9 +285,11 @@ HEIMDAL_KRB5_1.0 { krb5_free_creds_contents; krb5_free_data; krb5_free_data_contents; + krb5_free_default_realm; krb5_free_error; krb5_free_error_contents; krb5_free_error_string; + krb5_free_error_message; krb5_free_host_realm; krb5_free_kdc_rep; krb5_free_keyblock; @@ -279,6 +298,7 @@ HEIMDAL_KRB5_1.0 { krb5_free_principal; krb5_free_salt; krb5_free_ticket; + krb5_free_unparsed_name; krb5_fwd_tgt_creds; krb5_generate_random_block; krb5_generate_random_keyblock; @@ -314,6 +334,7 @@ HEIMDAL_KRB5_1.0 { krb5_get_host_realm; krb5_get_ignore_addresses; krb5_get_in_cred; + krb5_cccol_last_change_time; krb5_get_in_tkt; krb5_get_in_tkt_with_keytab; krb5_get_in_tkt_with_password; @@ -336,6 +357,7 @@ HEIMDAL_KRB5_1.0 { krb5_get_init_creds_opt_set_pac_request; krb5_get_init_creds_opt_set_pkinit; krb5_get_init_creds_opt_set_preauth_list; + krb5_get_init_creds_opt_set_process_last_req; krb5_get_init_creds_opt_set_proxiable; krb5_get_init_creds_opt_set_renew_life; krb5_get_init_creds_opt_set_salt; @@ -363,9 +385,11 @@ HEIMDAL_KRB5_1.0 { krb5_hmac; krb5_init_context; krb5_init_ets; - krb5_init_etype; krb5_initlog; + krb5_is_config_principal; krb5_is_thread_safe; + krb5_kcm_call; + krb5_kcm_storage_request; krb5_kerberos_enctypes; krb5_keyblock_get_enctype; krb5_keyblock_init; @@ -390,12 +414,14 @@ HEIMDAL_KRB5_1.0 { krb5_kt_default; krb5_kt_default_modify_name; krb5_kt_default_name; + krb5_kt_destroy; krb5_kt_end_seq_get; krb5_kt_free_entry; krb5_kt_get_entry; krb5_kt_get_full_name; krb5_kt_get_name; krb5_kt_get_type; + krb5_kt_have_content; krb5_kt_next_entry; krb5_kt_read_service_key; krb5_kt_register; @@ -451,18 +477,23 @@ HEIMDAL_KRB5_1.0 { krb5_parse_nametype; krb5_passwd_result_to_string; krb5_password_key_proc; + krb5_get_permitted_enctypes; krb5_plugin_register; krb5_prepend_config_files; krb5_prepend_config_files_default; + krb5_prepend_error_message; krb5_princ_realm; krb5_princ_set_realm; krb5_principal_compare; krb5_principal_compare_any_realm; krb5_principal_get_comp_string; + krb5_principal_get_num_comp; krb5_principal_get_realm; krb5_principal_get_type; krb5_principal_match; + krb5_principal_set_realm; krb5_principal_set_type; + krb5_principal_is_krbtgt; krb5_print_address; krb5_program_setup; krb5_prompter_posix; @@ -540,10 +571,13 @@ HEIMDAL_KRB5_1.0 { krb5_set_default_in_tkt_etypes; krb5_set_default_realm; krb5_set_dns_canonicalize_hostname; + krb5_set_error_message; krb5_set_error_string; krb5_set_extra_addresses; krb5_set_fcache_version; + krb5_set_home_dir_access; krb5_set_ignore_addresses; + krb5_set_kdc_sec_offset; krb5_set_max_time_skew; krb5_set_password; krb5_set_password_using_ccache; @@ -565,13 +599,16 @@ HEIMDAL_KRB5_1.0 { krb5_storage_from_mem; krb5_storage_from_readonly_mem; krb5_storage_get_byteorder; + krb5_storage_get_eof_code; krb5_storage_is_flags; krb5_storage_read; krb5_storage_seek; krb5_storage_set_byteorder; krb5_storage_set_eof_code; krb5_storage_set_flags; + krb5_storage_set_max_alloc; krb5_storage_to_data; + krb5_storage_truncate; krb5_storage_write; krb5_store_address; krb5_store_addrs; @@ -620,6 +657,7 @@ HEIMDAL_KRB5_1.0 { krb5_verify_ap_req; krb5_verify_authenticator_checksum; krb5_verify_checksum; + krb5_verify_checksum_iov; krb5_verify_init_creds; krb5_verify_init_creds_opt_init; krb5_verify_init_creds_opt_set_ap_req_nofail; @@ -638,6 +676,8 @@ HEIMDAL_KRB5_1.0 { krb5_verrx; krb5_vlog; krb5_vlog_msg; + krb5_vprepend_error_message; + krb5_vset_error_message; krb5_vset_error_string; krb5_vwarn; krb5_vwarnx; @@ -647,6 +687,9 @@ HEIMDAL_KRB5_1.0 { krb5_write_priv_message; krb5_write_safe_message; krb5_xfree; + krb5_cccol_cursor_new; + krb5_cccol_cursor_next; + krb5_cccol_cursor_free; # com_err error tables initialize_krb5_error_table_r; @@ -662,22 +705,27 @@ HEIMDAL_KRB5_1.0 { krb5_mcc_ops; krb5_acc_ops; krb5_fcc_ops; + krb5_scc_ops; krb5_kcm_ops; - krb4_fkt_ops; krb5_wrfkt_ops; krb5_mkt_ops; - krb5_fkt_ops; krb5_akf_ops; - krb5_srvtab_fkt_ops; krb5_any_ops; heimdal_version; heimdal_long_version; krb5_config_file; krb5_defkeyname; + krb5_cc_type_api; + krb5_cc_type_file; + krb5_cc_type_memory; + krb5_cc_type_kcm; + krb5_cc_type_scc; # Shared with GSSAPI krb5 _krb5_crc_init_table; _krb5_crc_update; + _krb5_get_krbtgt; + _krb5_build_authenticator; # V4 compat glue _krb5_krb_tf_setup; @@ -694,24 +742,28 @@ HEIMDAL_KRB5_1.0 { _krb5_krb_cr_err_reply; # Shared with libkdc - _krb5_principalname2krb5_principal; - _krb5_principal2principalname; - _krb5_s4u2self_to_checksumdata; - _krb5_put_int; - _krb5_get_int; - _krb5_pk_load_id; - _krb5_parse_moduli; - _krb5_pk_mk_ContentInfo; - _krb5_dh_group_ok; - _krb5_pk_octetstring2key; - _krb5_pk_allow_proxy_certificate; - _krb5_pac_sign; - _krb5_plugin_find; - _krb5_plugin_get_symbol; - _krb5_plugin_get_next; - _krb5_plugin_free; _krb5_AES_string_to_default_iterator; + _krb5_dh_group_ok; _krb5_get_host_realm_int; + _krb5_get_int; + _krb5_pac_sign; + _krb5_parse_moduli; + _krb5_pk_kdf; + _krb5_pk_load_id; + _krb5_pk_mk_ContentInfo; + _krb5_pk_octetstring2key; + _krb5_plugin_find; + _krb5_plugin_free; + _krb5_plugin_get_next; + _krb5_plugin_get_symbol; + _krb5_principal2principalname; + _krb5_principalname2krb5_principal; + _krb5_put_int; + _krb5_s4u2self_to_checksumdata; + + # kinit helper + krb5_get_init_creds_opt_set_pkinit_user_certs; + krb5_pk_enterprise_cert; # testing _krb5_aes_cts_encrypt; diff --git a/crypto/heimdal/lib/krb5/version.c b/crypto/heimdal/lib/krb5/version.c index f7ccff5bc88..302854de3f2 100644 --- a/crypto/heimdal/lib/krb5/version.c +++ b/crypto/heimdal/lib/krb5/version.c @@ -1,43 +1,39 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $"); - /* this is just to get a version stamp in the library file */ -#define heimdal_version __heimdal_version -#define heimdal_long_version __heimdal_long_version #include "version.h" diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c index 85f143b8b4b..cb3be76fccf 100644 --- a/crypto/heimdal/lib/krb5/warn.c +++ b/crypto/heimdal/lib/krb5/warn.c @@ -1,88 +1,81 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include -RCSID("$Id: warn.c 19086 2006-11-21 08:06:40Z lha $"); - -static krb5_error_code _warnerr(krb5_context context, int do_errtext, +static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) __attribute__((__format__(__printf__, 5, 0))); - + static krb5_error_code -_warnerr(krb5_context context, int do_errtext, +_warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) { char xfmt[7] = ""; const char *args[2], **arg; char *msg = NULL; - char *err_str = NULL; - + const char *err_str = NULL; + krb5_error_code ret; + args[0] = args[1] = NULL; arg = args; if(fmt){ strlcat(xfmt, "%s", sizeof(xfmt)); if(do_errtext) strlcat(xfmt, ": ", sizeof(xfmt)); - vasprintf(&msg, fmt, ap); - if(msg == NULL) + ret = vasprintf(&msg, fmt, ap); + if(ret < 0 || msg == NULL) return ENOMEM; *arg++ = msg; } if(context && do_errtext){ - const char *err_msg; - strlcat(xfmt, "%s", sizeof(xfmt)); - err_str = krb5_get_error_string(context); + err_str = krb5_get_error_message(context, code); if (err_str != NULL) { - *arg++ = err_str; + *arg = err_str; } else { - err_msg = krb5_get_err_text(context, code); - if (err_msg) - *arg++ = err_msg; - else - *arg++ = ""; + *arg= ""; } } - + if(context && context->warn_dest) krb5_log(context, context->warn_dest, level, xfmt, args[0], args[1]); else warnx(xfmt, args[0], args[1]); free(msg); - free(err_str); + krb5_free_error_message(context, err_str); return 0; } @@ -96,16 +89,38 @@ _warnerr(krb5_context context, int do_errtext, #undef __attribute__ #define __attribute__(X) -krb5_error_code KRB5_LIB_FUNCTION -krb5_vwarn(krb5_context context, krb5_error_code code, +/** + * Log a warning to the log, default stderr, include the error from + * the last failure. + * + * @param context A Kerberos 5 context. + * @param code error code of the last error + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vwarn(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((format (printf, 3, 0))) { return _warnerr(context, 1, code, 1, fmt, ap); } +/** + * Log a warning to the log, default stderr, include the error from + * the last failure. + * + * @param context A Kerberos 5 context. + * @param code error code of the last error + * @param fmt message to print + * + * @ingroup krb5_error + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))) { @@ -113,14 +128,33 @@ krb5_warn(krb5_context context, krb5_error_code code, const char *fmt, ...) return ret; } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Log a warning to the log, default stderr. + * + * @param context A Kerberos 5 context. + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vwarnx(krb5_context context, const char *fmt, va_list ap) __attribute__ ((format (printf, 2, 0))) { return _warnerr(context, 0, 0, 1, fmt, ap); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Log a warning to the log, default stderr. + * + * @param context A Kerberos 5 context. + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_warnx(krb5_context context, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))) { @@ -128,83 +162,185 @@ krb5_warnx(krb5_context context, const char *fmt, ...) return ret; } -krb5_error_code KRB5_LIB_FUNCTION -krb5_verr(krb5_context context, int eval, krb5_error_code code, +/** + * Log a warning to the log, default stderr, include bthe error from + * the last failure and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param code error code of the last error + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_verr(krb5_context context, int eval, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 4, 0))) { _warnerr(context, 1, code, 0, fmt, ap); exit(eval); + UNREACHABLE(return 0); } +/** + * Log a warning to the log, default stderr, include bthe error from + * the last failure and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param code error code of the last error + * @param fmt message to print + * + * @ingroup krb5_error + */ -krb5_error_code KRB5_LIB_FUNCTION -krb5_err(krb5_context context, int eval, krb5_error_code code, +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_err(krb5_context context, int eval, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 4, 5))) { FUNC(1, code, 0); exit(eval); + UNREACHABLE(return 0); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Log a warning to the log, default stderr, and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) { _warnerr(context, 0, 0, 0, fmt, ap); exit(eval); + UNREACHABLE(return 0); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Log a warning to the log, default stderr, and then exit. + * + * @param context A Kerberos 5 context + * @param eval the exit code to exit with + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_errx(krb5_context context, int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 3, 4))) { FUNC(0, 0, 0); exit(eval); + UNREACHABLE(return 0); } -krb5_error_code KRB5_LIB_FUNCTION -krb5_vabort(krb5_context context, krb5_error_code code, +/** + * Log a warning to the log, default stderr, include bthe error from + * the last failure and then abort. + * + * @param context A Kerberos 5 context + * @param code error code of the last error + * @param fmt message to print + * @param ap arguments + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_vabort(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) { _warnerr(context, 1, code, 0, fmt, ap); abort(); + UNREACHABLE(return 0); } +/** + * Log a warning to the log, default stderr, include the error from + * the last failure and then abort. + * + * @param context A Kerberos 5 context + * @param code error code of the last error + * @param fmt message to print + * + * @ingroup krb5_error + */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 3, 4))) { FUNC(1, code, 0); abort(); + UNREACHABLE(return 0); } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_vabortx(krb5_context context, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))) { _warnerr(context, 0, 0, 0, fmt, ap); abort(); + UNREACHABLE(return 0); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Log a warning to the log, default stderr, and then abort. + * + * @param context A Kerberos 5 context + * @param code error code of the last error + * @param fmt message to print + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_abortx(krb5_context context, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))) { FUNC(0, 0, 0); abort(); + UNREACHABLE(return 0); } -krb5_error_code KRB5_LIB_FUNCTION +/** + * Set the default logging facility. + * + * @param context A Kerberos 5 context + * @param fac Facility to use for logging. + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_set_warn_dest(krb5_context context, krb5_log_facility *fac) { context->warn_dest = fac; return 0; } -krb5_log_facility * KRB5_LIB_FUNCTION +/** + * Get the default logging facility. + * + * @param context A Kerberos 5 context + * + * @ingroup krb5_error + */ + +KRB5_LIB_FUNCTION krb5_log_facility * KRB5_LIB_CALL krb5_get_warn_dest(krb5_context context) { return context->warn_dest; diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c index 1694a1075e4..84100461444 100644 --- a/crypto/heimdal/lib/krb5/write_message.c +++ b/crypto/heimdal/lib/krb5/write_message.c @@ -1,41 +1,39 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" -RCSID("$Id: write_message.c 17442 2006-05-05 09:31:15Z lha $"); - -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_message (krb5_context context, krb5_pointer p_fd, krb5_data *data) @@ -49,13 +47,13 @@ krb5_write_message (krb5_context context, if (krb5_net_write (context, p_fd, buf, 4) != 4 || krb5_net_write (context, p_fd, data->data, len) != len) { ret = errno; - krb5_set_error_string (context, "write: %s", strerror(ret)); + krb5_set_error_message (context, ret, "write: %s", strerror(ret)); return ret; } return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_priv_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, @@ -72,7 +70,7 @@ krb5_write_priv_message(krb5_context context, return ret; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_write_safe_message(krb5_context context, krb5_auth_context ac, krb5_pointer p_fd, diff --git a/crypto/heimdal/lib/ntlm/ChangeLog b/crypto/heimdal/lib/ntlm/ChangeLog index b38ae91c460..b2e151ac475 100644 --- a/crypto/heimdal/lib/ntlm/ChangeLog +++ b/crypto/heimdal/lib/ntlm/ChangeLog @@ -1,11 +1,19 @@ -2007-12-28 Love Hörnquist Åstrand +2008-05-14 Love Hornquist Astrand + + * ntlm.c: replace hashes with keys. + +2008-04-27 Love Hörnquist Ã…strand + + * ntlm.c: Use DES_set_key_unchecked(). + +2007-12-28 Love Hörnquist Ã…strand * heimntlm.h: Add NTLM_TARGET_* * ntlm.c: Make heim_ntlm_decode_type3 more useful and provide a username. From Ming Yang. -2007-11-11 Love Hörnquist Åstrand +2007-11-11 Love Hörnquist Ã…strand * move doxygen into the main file @@ -13,18 +21,18 @@ * export heim_ntlm_free_buf, start doxygen documentation -2007-07-17 Love Hörnquist Åstrand +2007-07-17 Love Hörnquist Ã…strand * ntlm.c: Use unsigned char * as argument to HMAC_Update to please OpenSSL and gcc. * test_ntlm.c: more verbose what we are testing. -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * Makefile.am: New library version. -2007-06-20 Love Hörnquist Åstrand +2007-06-20 Love Hörnquist Ã…strand * test_ntlm.c: heim_ntlm_calculate_ntlm2_sess_resp @@ -47,31 +55,31 @@ * test_ntlm.c: Test heim_ntlm_calculate_ntlm2_sess_resp from Puneet Mehra. -2007-06-08 Love Hörnquist Åstrand +2007-06-08 Love Hörnquist Ã…strand * Makefile.am: EXTRA_DIST += version-script.map. -2007-06-03 Love Hörnquist Åstrand +2007-06-03 Love Hörnquist Ã…strand * test_ntlm.c: Free memory diffrently. * ntlm.c: Make free functions free memory. -2007-04-22 Love Hörnquist Åstrand +2007-04-22 Love Hörnquist Ã…strand * Makefile.am: symbol versioning. * version-script.map: symbol versioning. -2007-01-31 Love Hörnquist Åstrand +2007-01-31 Love Hörnquist Ã…strand * test_ntlm.c: No need to include . -2007-01-04 Love Hörnquist Åstrand +2007-01-04 Love Hörnquist Ã…strand * Makefile.am: add LIB_roken for test_ntlm -2006-12-26 Love Hörnquist Åstrand +2006-12-26 Love Hörnquist Ã…strand * test_ntlm.c: Verify infotarget. @@ -83,7 +91,7 @@ * ntlm.c: Include . -2006-12-20 Love Hörnquist Åstrand +2006-12-20 Love Hörnquist Ã…strand * test_ntlm.c: add some new tests. @@ -93,17 +101,17 @@ * heimntlm.h: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security. -2006-12-19 Love Hörnquist Åstrand +2006-12-19 Love Hörnquist Ã…strand * ntlm.c (heim_ntlm_build_ntlm1_master): return session master key. -2006-12-18 Love Hörnquist Åstrand +2006-12-18 Love Hörnquist Ã…strand * ntlm.c (heim_ntlm_build_ntlm1_master): calculate the ntlm version 1 "master" key. -2006-12-13 Love Hörnquist Åstrand +2006-12-13 Love Hörnquist Ã…strand * test_ntlm.c: Add simple parser test app. diff --git a/crypto/heimdal/lib/ntlm/Makefile.am b/crypto/heimdal/lib/ntlm/Makefile.am index 8d621416893..8b36bbc14e4 100644 --- a/crypto/heimdal/lib/ntlm/Makefile.am +++ b/crypto/heimdal/lib/ntlm/Makefile.am @@ -1,12 +1,18 @@ -# $Id: Makefile.am 22045 2007-11-11 08:57:47Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common -lib_LTLIBRARIES = libheimntlm.la +AM_CPPFLAGS += $(INCLUDE_hcrypto) -include_HEADERS = heimntlm.h heimntlm-protos.h +lib_LTLIBRARIES = libheimntlm.la -libheimntlm_la_SOURCES = ntlm.c heimntlm.h +dist_include_HEADERS = heimntlm.h heimntlm-protos.h + +nodist_include_HEADERS = ntlm_err.h + +dist_libheimntlm_la_SOURCES = ntlm.c heimntlm.h + +nodist_libheimntlm_la_SOURCES = ntlm_err.c libheimntlm_la_LDFLAGS = -version-info 1:0:1 @@ -17,13 +23,13 @@ $(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map libheimntlm_la_LIBADD = \ ../krb5/libkrb5.la \ + $(LIB_hcrypto) \ $(LIBADD_roken) $(srcdir)/heimntlm-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h - -$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(dist_libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h +$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h ntlm_err.h TESTS = test_ntlm @@ -31,4 +37,14 @@ check_PROGRAMS = test_ntlm LDADD = libheimntlm.la $(LIB_roken) -EXTRA_DIST = version-script.map +EXTRA_DIST = \ + NTMakefile \ + libheimntlm-version.rc \ + libheimntlm-exports.def \ + version-script.map \ + ntlm_err.et + +CLEANFILES = \ + ntlm_err.c ntlm_err.h + +ntlm_err.h: ntlm_err.et diff --git a/crypto/heimdal/lib/ntlm/Makefile.in b/crypto/heimdal/lib/ntlm/Makefile.in index b5c614f8942..f033c982259 100644 --- a/crypto/heimdal/lib/ntlm/Makefile.in +++ b/crypto/heimdal/lib/ntlm/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,17 +15,18 @@ @SET_MAKE@ -# $Id: Makefile.am 22045 2007-11-11 08:57:47Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -39,7 +41,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ +DIST_COMMON = $(dist_include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common ChangeLog @versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map @@ -48,7 +50,7 @@ check_PROGRAMS = test_ntlm$(EXEEXT) subdir = lib/ntlm ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -63,7 +65,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -77,9 +79,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -87,25 +92,44 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \ + "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = -libheimntlm_la_DEPENDENCIES = ../krb5/libkrb5.la $(am__DEPENDENCIES_1) -am_libheimntlm_la_OBJECTS = ntlm.lo -libheimntlm_la_OBJECTS = $(am_libheimntlm_la_OBJECTS) +libheimntlm_la_DEPENDENCIES = ../krb5/libkrb5.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +dist_libheimntlm_la_OBJECTS = ntlm.lo +nodist_libheimntlm_la_OBJECTS = ntlm_err.lo +libheimntlm_la_OBJECTS = $(dist_libheimntlm_la_OBJECTS) \ + $(nodist_libheimntlm_la_OBJECTS) libheimntlm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libheimntlm_la_LDFLAGS) $(LDFLAGS) -o $@ @@ -113,9 +137,9 @@ test_ntlm_SOURCES = test_ntlm.c test_ntlm_OBJECTS = test_ntlm.$(OBJEXT) test_ntlm_LDADD = $(LDADD) test_ntlm_DEPENDENCIES = libheimntlm.la $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -125,60 +149,71 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c -DIST_SOURCES = $(libheimntlm_la_SOURCES) test_ntlm.c -includeHEADERS_INSTALL = $(INSTALL_HEADER) -HEADERS = $(include_HEADERS) +SOURCES = $(dist_libheimntlm_la_SOURCES) \ + $(nodist_libheimntlm_la_SOURCES) test_ntlm.c +DIST_SOURCES = $(dist_libheimntlm_la_SOURCES) test_ntlm.c +HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -202,10 +237,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -222,6 +258,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -237,31 +275,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -276,10 +328,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -320,56 +374,73 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(INCLUDE_hcrypto) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libheimntlm.la -include_HEADERS = heimntlm.h heimntlm-protos.h -libheimntlm_la_SOURCES = ntlm.c heimntlm.h +dist_include_HEADERS = heimntlm.h heimntlm-protos.h +nodist_include_HEADERS = ntlm_err.h +dist_libheimntlm_la_SOURCES = ntlm.c heimntlm.h +nodist_libheimntlm_la_SOURCES = ntlm_err.c libheimntlm_la_LDFLAGS = -version-info 1:0:1 $(am__append_1) libheimntlm_la_LIBADD = \ ../krb5/libkrb5.la \ + $(LIB_hcrypto) \ $(LIBADD_roken) LDADD = libheimntlm.la $(LIB_roken) -EXTRA_DIST = version-script.map +EXTRA_DIST = \ + NTMakefile \ + libheimntlm-version.rc \ + libheimntlm-exports.def \ + version-script.map \ + ntlm_err.et + +CLEANFILES = \ + ntlm_err.c ntlm_err.h + all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/ntlm/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/ntlm/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/ntlm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/ntlm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -387,23 +458,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -418,11 +494,13 @@ libheimntlm.la: $(libheimntlm_la_OBJECTS) $(libheimntlm_la_DEPENDENCIES) $(libheimntlm_la_LINK) -rpath $(libdir) $(libheimntlm_la_OBJECTS) $(libheimntlm_la_LIBADD) $(LIBS) clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list test_ntlm$(EXEEXT): $(test_ntlm_OBJECTS) $(test_ntlm_DEPENDENCIES) @rm -f test_ntlm$(EXEEXT) $(LINK) $(test_ntlm_OBJECTS) $(test_ntlm_LDADD) $(LIBS) @@ -433,90 +511,134 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntlm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntlm_err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_ntlm.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-includeHEADERS: $(include_HEADERS) +install-dist_includeHEADERS: $(dist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done -uninstall-includeHEADERS: +uninstall-dist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files +install-nodist_includeHEADERS: $(nodist_include_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done +uninstall-nodist_includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files + ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -525,49 +647,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -578,11 +714,15 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi @@ -602,13 +742,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -621,7 +765,7 @@ check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -641,9 +785,11 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -654,6 +800,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -664,33 +811,45 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: -install-data-am: install-includeHEADERS +install-data-am: install-dist_includeHEADERS \ + install-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -707,12 +866,12 @@ ps: ps-am ps-am: -uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES +uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \ + uninstall-nodist_includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-checkPROGRAMS clean-generic \ @@ -720,16 +879,18 @@ uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am \ - install-data-hook install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man install-pdf install-pdf-am \ + install-data-hook install-dist_includeHEADERS install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-man \ + install-nodist_includeHEADERS install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-hook \ - uninstall-includeHEADERS uninstall-libLTLIBRARIES + tags uninstall uninstall-am uninstall-dist_includeHEADERS \ + uninstall-hook uninstall-libLTLIBRARIES \ + uninstall-nodist_includeHEADERS install-suid-programs: @@ -800,6 +961,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -885,7 +1049,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -901,9 +1065,12 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) $(libheimntlm_la_OBJECTS): $(srcdir)/version-script.map $(srcdir)/heimntlm-protos.h: - cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o heimntlm-protos.h $(dist_libheimntlm_la_SOURCES) || rm -f heimntlm-protos.h + +$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h ntlm_err.h + +ntlm_err.h: ntlm_err.et -$(libheimntlm_la_OBJECTS): $(srcdir)/heimntlm-protos.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/ntlm/heimntlm-protos.h b/crypto/heimdal/lib/ntlm/heimntlm-protos.h index bc64791b439..5f56536ffc3 100644 --- a/crypto/heimdal/lib/ntlm/heimntlm-protos.h +++ b/crypto/heimdal/lib/ntlm/heimntlm-protos.h @@ -15,11 +15,29 @@ heim_ntlm_build_ntlm1_master ( struct ntlm_buf */*session*/, struct ntlm_buf */*master*/); +int +heim_ntlm_build_ntlm2_master ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*blob*/, + struct ntlm_buf */*session*/, + struct ntlm_buf */*master*/); + +int +heim_ntlm_calculate_lm2 ( + const void */*key*/, + size_t /*len*/, + const char */*username*/, + const char */*target*/, + const unsigned char serverchallenge[8], + unsigned char ntlmv2[16], + struct ntlm_buf */*answer*/); + int heim_ntlm_calculate_ntlm1 ( void */*key*/, size_t /*len*/, - unsigned char challange[8], + unsigned char challenge[8], struct ntlm_buf */*answer*/); int @@ -28,7 +46,7 @@ heim_ntlm_calculate_ntlm2 ( size_t /*len*/, const char */*username*/, const char */*target*/, - const unsigned char serverchallange[8], + const unsigned char serverchallenge[8], const struct ntlm_buf */*infotarget*/, unsigned char ntlmv2[16], struct ntlm_buf */*answer*/); @@ -41,6 +59,12 @@ heim_ntlm_calculate_ntlm2_sess ( struct ntlm_buf */*lm*/, struct ntlm_buf */*ntlm*/); +int +heim_ntlm_calculate_ntlm2_sess_hash ( + const unsigned char clnt_nonce[8], + const unsigned char svr_chal[8], + unsigned char verifier[8]); + int heim_ntlm_decode_targetinfo ( const struct ntlm_buf */*data*/, @@ -63,6 +87,14 @@ heim_ntlm_decode_type3 ( int /*ucs2*/, struct ntlm_type3 */*type3*/); +void +heim_ntlm_derive_ntlm2_sess ( + const unsigned char sessionkey[16], + const unsigned char */*clnt_nonce*/, + size_t /*clnt_nonce_length*/, + const unsigned char svr_chal[8], + unsigned char derivedkey[16]); + int heim_ntlm_encode_targetinfo ( const struct ntlm_targetinfo */*ti*/, @@ -99,12 +131,24 @@ heim_ntlm_free_type2 (struct ntlm_type2 */*data*/); void heim_ntlm_free_type3 (struct ntlm_type3 */*data*/); +int +heim_ntlm_keyex_unwrap ( + struct ntlm_buf */*baseKey*/, + struct ntlm_buf */*encryptedSession*/, + struct ntlm_buf */*session*/); + +int +heim_ntlm_keyex_wrap ( + struct ntlm_buf */*base_session*/, + struct ntlm_buf */*session*/, + struct ntlm_buf */*encryptedSession*/); + int heim_ntlm_nt_key ( const char */*password*/, struct ntlm_buf */*key*/); -void +int heim_ntlm_ntlmv2_key ( const void */*key*/, size_t /*len*/, @@ -112,6 +156,25 @@ heim_ntlm_ntlmv2_key ( const char */*target*/, unsigned char ntlmv2[16]); +size_t +heim_ntlm_unparse_flags ( + uint32_t /*flags*/, + char */*s*/, + size_t /*len*/); + +int +heim_ntlm_v1_base_session ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*session*/); + +int +heim_ntlm_v2_base_session ( + void */*key*/, + size_t /*len*/, + struct ntlm_buf */*ntlmResponse*/, + struct ntlm_buf */*session*/); + int heim_ntlm_verify_ntlm2 ( const void */*key*/, @@ -119,7 +182,7 @@ heim_ntlm_verify_ntlm2 ( const char */*username*/, const char */*target*/, time_t /*now*/, - const unsigned char serverchallange[8], + const unsigned char serverchallenge[8], const struct ntlm_buf */*answer*/, struct ntlm_buf */*infotarget*/, unsigned char ntlmv2[16]); diff --git a/crypto/heimdal/lib/ntlm/heimntlm.h b/crypto/heimdal/lib/ntlm/heimntlm.h index 09d2205fd21..22e2142df88 100644 --- a/crypto/heimdal/lib/ntlm/heimntlm.h +++ b/crypto/heimdal/lib/ntlm/heimntlm.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: heimntlm.h 22376 2007-12-28 18:38:23Z lha $ */ +/* $Id$ */ #ifndef HEIM_NTLM_H #define HEIM_NTLM_H @@ -46,32 +46,64 @@ struct ntlm_buf { }; #define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_OEM 0x00000002 #define NTLM_NEG_TARGET 0x00000004 +#define NTLM_MBZ9 0x00000008 + #define NTLM_NEG_SIGN 0x00000010 #define NTLM_NEG_SEAL 0x00000020 +#define NTLM_NEG_DATAGRAM 0x00000040 +#define NTLM_NEG_LM_KEY 0x00000080 #define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_ANONYMOUS 0x00000800 -#define NTLM_SUPPLIED_DOMAIN 0x00001000 -#define NTLM_SUPPLIED_WORKSTAION 0x00002000 +#define NTLM_MBZ8 0x00000100 +#define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_NT_ONLY 0x00000400 +#define NTLM_MBZ7 0x00000800 /* anon ? */ +#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000 +#define NTLM_OEM_SUPPLIED_WORKSTATION 0x00002000 +#define NTLM_MBZ6 0x00004000 /* local call ? */ #define NTLM_NEG_ALWAYS_SIGN 0x00008000 -#define NTLM_NEG_NTLM2_SESSION 0x00080000 #define NTLM_TARGET_DOMAIN 0x00010000 #define NTLM_TARGET_SERVER 0x00020000 + +#define NTLM_TARGET_SHARE 0x00040000 +#define NTLM_NEG_NTLM2_SESSION 0x00080000 +#define NTLM_NEG_NTLM2 0x00080000 + +#define NTLM_NEG_IDENTIFY 0x00100000 +#define NTLM_MBZ5 0x00200000 +#define NTLM_NON_NT_SESSION_KEY 0x00400000 +#define NTLM_NEG_TARGET_INFO 0x00800000 + +#define NTLM_MBZ4 0x01000000 +#define NTLM_NEG_VERSION 0x02000000 +#define NTLM_MBZ3 0x04000000 +#define NTLM_MBZ2 0x08000000 + +#define NTLM_MBZ1 0x10000000 #define NTLM_ENC_128 0x20000000 #define NTLM_NEG_KEYEX 0x40000000 +#define NTLM_ENC_56 0x80000000 /** * Struct for the NTLM target info, the strings is assumed to be in * UTF8. When filled in by the library it should be freed with * heim_ntlm_free_targetinfo(). */ + +#define NTLM_TI_AV_FLAG_GUEST 0x00000001 + struct ntlm_targetinfo { char *servername; /**< */ char *domainname; /**< */ char *dnsdomainname; /**< */ char *dnsservername; /**< */ + char *dnstreename; /**< */ + uint32_t avflags; /**< */ }; /** @@ -97,7 +129,7 @@ struct ntlm_type2 { uint32_t flags; /**< */ char *targetname; /**< */ struct ntlm_buf targetinfo; /**< */ - unsigned char challange[8]; /**< */ + unsigned char challenge[8]; /**< */ uint32_t context[2]; /**< */ uint32_t os[2]; /**< */ }; @@ -119,6 +151,7 @@ struct ntlm_type3 { uint32_t os[2]; /**< */ }; +#include #include #endif /* NTLM_NTLM_H */ diff --git a/crypto/heimdal/lib/ntlm/ntlm.c b/crypto/heimdal/lib/ntlm/ntlm.c index f3dccfaca16..7aafc8c0aa7 100644 --- a/crypto/heimdal/lib/ntlm/ntlm.c +++ b/crypto/heimdal/lib/ntlm/ntlm.c @@ -1,40 +1,40 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include -RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); - #include #include #include @@ -43,8 +43,11 @@ RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); #include #include -#include #include +#include +#include + +#define HC_DEPRECATED_CRYPTO #include "krb5-types.h" #include "crypto-headers.h" @@ -59,7 +62,7 @@ RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); * protocol, both version 1 and 2. The GSS-API mech that uses this * library adds support for transport encryption and integrity * checking. - * + * * NTLM is a protocol for mutual authentication, its still used in * many protocol where Kerberos is not support, one example is * EAP/X802.1x mechanism LEAP from Microsoft and Cisco. @@ -68,16 +71,25 @@ RCSID("$Id: ntlm.c 22370 2007-12-28 16:12:01Z lha $"); * Heimdal to implement and GSS-API mechanism. There is also support * in the KDC to do remote digest authenticiation, this to allow * services to authenticate users w/o direct access to the users ntlm - * hashes (same as Kerberos arcfour enctype hashes). + * hashes (same as Kerberos arcfour enctype keys). * * More information about the NTLM protocol can found here * http://davenport.sourceforge.net/ntlm.html . - * + * * The Heimdal projects web page: http://www.h5l.org/ + * + * @section ntlm_example NTLM Example + * + * Example to to use @ref test_ntlm.c . + * + * @example test_ntlm.c + * + * Example how to use the NTLM primitives. + * */ -/** @defgroup ntlm_core Heimdal NTLM library - * +/** @defgroup ntlm_core Heimdal NTLM library + * * The NTLM core functions implement the string2key generation * function, message encode and decode function, and the hash function * functions. @@ -96,7 +108,58 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00"; */ #define CHECK(f, e) \ - do { ret = f ; if (ret != (e)) { ret = EINVAL; goto out; } } while(0) + do { \ + ret = f; \ + if (ret != (ssize_t)(e)) { \ + ret = HNTLM_ERR_DECODE; \ + goto out; \ + } \ + } while(/*CONSTCOND*/0) + +static struct units ntlm_flag_units[] = { +#define ntlm_flag(x) { #x, NTLM_##x } + ntlm_flag(ENC_56), + ntlm_flag(NEG_KEYEX), + ntlm_flag(ENC_128), + ntlm_flag(MBZ1), + ntlm_flag(MBZ2), + ntlm_flag(MBZ3), + ntlm_flag(NEG_VERSION), + ntlm_flag(MBZ4), + ntlm_flag(NEG_TARGET_INFO), + ntlm_flag(NON_NT_SESSION_KEY), + ntlm_flag(MBZ5), + ntlm_flag(NEG_IDENTIFY), + ntlm_flag(NEG_NTLM2), + ntlm_flag(TARGET_SHARE), + ntlm_flag(TARGET_SERVER), + ntlm_flag(TARGET_DOMAIN), + ntlm_flag(NEG_ALWAYS_SIGN), + ntlm_flag(MBZ6), + ntlm_flag(OEM_SUPPLIED_WORKSTATION), + ntlm_flag(OEM_SUPPLIED_DOMAIN), + ntlm_flag(NEG_ANONYMOUS), + ntlm_flag(NEG_NT_ONLY), + ntlm_flag(NEG_NTLM), + ntlm_flag(MBZ8), + ntlm_flag(NEG_LM_KEY), + ntlm_flag(NEG_DATAGRAM), + ntlm_flag(NEG_SEAL), + ntlm_flag(NEG_SIGN), + ntlm_flag(MBZ9), + ntlm_flag(NEG_TARGET), + ntlm_flag(NEG_OEM), + ntlm_flag(NEG_UNICODE), +#undef ntlm_flag + {NULL, 0} +}; + +size_t +heim_ntlm_unparse_flags(uint32_t flags, char *s, size_t len) +{ + return unparse_flags(flags, ntlm_flag_units, s, len); +} + /** * heim_ntlm_free_buf frees the ntlm buffer @@ -114,7 +177,7 @@ heim_ntlm_free_buf(struct ntlm_buf *p) p->data = NULL; p->length = 0; } - + static int ascii2ucs2le(const char *string, int up, struct ntlm_buf *buf) @@ -188,19 +251,25 @@ len_string(int ucs2, const char *s) return len; } +/* + * + */ + static krb5_error_code -ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s) +ret_string(krb5_storage *sp, int ucs2, size_t len, char **s) { krb5_error_code ret; - *s = malloc(desc->length + 1); - CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); - CHECK(krb5_storage_read(sp, *s, desc->length), desc->length); - (*s)[desc->length] = '\0'; + *s = malloc(len + 1); + if (*s == NULL) + return ENOMEM; + CHECK(krb5_storage_read(sp, *s, len), len); + + (*s)[len] = '\0'; if (ucs2) { size_t i; - for (i = 0; i < desc->length / 2; i++) { + for (i = 0; i < len / 2; i++) { (*s)[i] = (*s)[i * 2]; if ((*s)[i * 2 + 1]) { free(*s); @@ -211,10 +280,20 @@ ret_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s) (*s)[i] = '\0'; } ret = 0; -out: + out: return ret; +} - return 0; + + +static krb5_error_code +ret_sec_string(krb5_storage *sp, int ucs2, struct sec_buffer *desc, char **s) +{ + krb5_error_code ret = 0; + CHECK(krb5_storage_seek(sp, desc->offset, SEEK_SET), desc->offset); + CHECK(ret_string(sp, ucs2, desc->length, s), 0); + out: + return ret; } static krb5_error_code @@ -283,11 +362,12 @@ heim_ntlm_free_targetinfo(struct ntlm_targetinfo *ti) free(ti->domainname); free(ti->dnsdomainname); free(ti->dnsservername); + free(ti->dnstreename); memset(ti, 0, sizeof(*ti)); } static int -encode_ti_blob(krb5_storage *out, uint16_t type, int ucs2, char *s) +encode_ti_string(krb5_storage *out, uint16_t type, int ucs2, char *s) { krb5_error_code ret; CHECK(krb5_store_uint16(out, type), 0); @@ -301,7 +381,7 @@ out: * Encodes a ntlm_targetinfo message. * * @param ti the ntlm_targetinfo message to encode. - * @param ucs2 if the strings should be encoded with ucs2 (selected by flag in message). + * @param ucs2 ignored * @param data is the return buffer with the encoded message, should be * freed with heim_ntlm_free_buf(). * @@ -313,7 +393,7 @@ out: int heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti, - int ucs2, + int ucs2, struct ntlm_buf *data) { krb5_error_code ret; @@ -326,14 +406,23 @@ heim_ntlm_encode_targetinfo(const struct ntlm_targetinfo *ti, if (out == NULL) return ENOMEM; + krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); + if (ti->servername) - CHECK(encode_ti_blob(out, 1, ucs2, ti->servername), 0); + CHECK(encode_ti_string(out, 1, ucs2, ti->servername), 0); if (ti->domainname) - CHECK(encode_ti_blob(out, 2, ucs2, ti->domainname), 0); + CHECK(encode_ti_string(out, 2, ucs2, ti->domainname), 0); if (ti->dnsservername) - CHECK(encode_ti_blob(out, 3, ucs2, ti->dnsservername), 0); + CHECK(encode_ti_string(out, 3, ucs2, ti->dnsservername), 0); if (ti->dnsdomainname) - CHECK(encode_ti_blob(out, 4, ucs2, ti->dnsdomainname), 0); + CHECK(encode_ti_string(out, 4, ucs2, ti->dnsdomainname), 0); + if (ti->dnstreename) + CHECK(encode_ti_string(out, 5, ucs2, ti->dnstreename), 0); + if (ti->avflags) { + CHECK(krb5_store_uint16(out, 6), 0); + CHECK(krb5_store_uint16(out, 4), 0); + CHECK(krb5_store_uint32(out, ti->avflags), 0); + } /* end tag */ CHECK(krb5_store_int16(out, 0), 0); @@ -368,8 +457,55 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data, int ucs2, struct ntlm_targetinfo *ti) { + uint16_t type, len; + krb5_storage *in; + int ret = 0, done = 0; + memset(ti, 0, sizeof(*ti)); - return 0; + + if (data->length == 0) + return 0; + + in = krb5_storage_from_readonly_mem(data->data, data->length); + if (in == NULL) + return ENOMEM; + krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); + + while (!done) { + CHECK(krb5_ret_uint16(in, &type), 0); + CHECK(krb5_ret_uint16(in, &len), 0); + + switch (type) { + case 0: + done = 1; + break; + case 1: + CHECK(ret_string(in, ucs2, len, &ti->servername), 0); + break; + case 2: + CHECK(ret_string(in, ucs2, len, &ti->domainname), 0); + break; + case 3: + CHECK(ret_string(in, ucs2, len, &ti->dnsservername), 0); + break; + case 4: + CHECK(ret_string(in, ucs2, len, &ti->dnsdomainname), 0); + break; + case 5: + CHECK(ret_string(in, ucs2, len, &ti->dnstreename), 0); + break; + case 6: + CHECK(krb5_ret_uint32(in, &ti->avflags), 0); + break; + default: + krb5_storage_seek(in, len, SEEK_CUR); + break; + } + } + out: + if (in) + krb5_storage_free(in); + return ret; } /** @@ -398,12 +534,12 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) uint32_t type; struct sec_buffer domain, hostname; krb5_storage *in; - + memset(data, 0, sizeof(*data)); in = krb5_storage_from_readonly_mem(buf->data, buf->length); if (in == NULL) { - ret = EINVAL; + ret = ENOMEM; goto out; } krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); @@ -413,9 +549,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 1); CHECK(krb5_ret_uint32(in, &data->flags), 0); - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_sec_buffer(in, &domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTATION) CHECK(ret_sec_buffer(in, &hostname), 0); #if 0 if (domain.offset > 32) { @@ -423,13 +559,14 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &data->os[1]), 0); } #endif - if (data->flags & NTLM_SUPPLIED_DOMAIN) - CHECK(ret_string(in, 0, &domain, &data->domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) - CHECK(ret_string(in, 0, &hostname, &data->hostname), 0); + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) + CHECK(ret_sec_string(in, 0, &domain, &data->domain), 0); + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTATION) + CHECK(ret_sec_string(in, 0, &hostname, &data->hostname), 0); out: - krb5_storage_free(in); + if (in) + krb5_storage_free(in); if (ret) heim_ntlm_free_type1(data); @@ -456,30 +593,37 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) struct sec_buffer domain, hostname; krb5_storage *out; uint32_t base, flags; - + flags = type1->flags; base = 16; if (type1->domain) { base += 8; - flags |= NTLM_SUPPLIED_DOMAIN; + flags |= NTLM_OEM_SUPPLIED_DOMAIN; } if (type1->hostname) { base += 8; - flags |= NTLM_SUPPLIED_WORKSTAION; + flags |= NTLM_OEM_SUPPLIED_WORKSTATION; } if (type1->os[0]) base += 8; + domain.offset = base; if (type1->domain) { - domain.offset = base; domain.length = len_string(0, type1->domain); domain.allocated = domain.length; + } else { + domain.length = 0; + domain.allocated = 0; } + + hostname.offset = domain.allocated + domain.offset; if (type1->hostname) { - hostname.offset = domain.allocated + domain.offset; hostname.length = len_string(0, type1->hostname); hostname.allocated = hostname.length; + } else { + hostname.length = 0; + hostname.allocated = 0; } out = krb5_storage_emem(); @@ -487,19 +631,17 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) return ENOMEM; krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), sizeof(ntlmsigature)); CHECK(krb5_store_uint32(out, 1), 0); CHECK(krb5_store_uint32(out, flags), 0); - - if (type1->domain) - CHECK(store_sec_buffer(out, &domain), 0); - if (type1->hostname) - CHECK(store_sec_buffer(out, &hostname), 0); - if (type1->os[0]) { + + CHECK(store_sec_buffer(out, &domain), 0); + CHECK(store_sec_buffer(out, &hostname), 0); +#if 0 CHECK(krb5_store_uint32(out, type1->os[0]), 0); CHECK(krb5_store_uint32(out, type1->os[1]), 0); - } +#endif if (type1->domain) CHECK(put_string(out, 0, type1->domain), 0); if (type1->hostname) @@ -543,12 +685,12 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2) struct sec_buffer targetname, targetinfo; krb5_storage *in; int ucs2 = 0; - + memset(type2, 0, sizeof(*type2)); in = krb5_storage_from_readonly_mem(buf->data, buf->length); if (in == NULL) { - ret = EINVAL; + ret = ENOMEM; goto out; } krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); @@ -562,23 +704,24 @@ heim_ntlm_decode_type2(const struct ntlm_buf *buf, struct ntlm_type2 *type2) CHECK(krb5_ret_uint32(in, &type2->flags), 0); if (type2->flags & NTLM_NEG_UNICODE) ucs2 = 1; - CHECK(krb5_storage_read(in, type2->challange, sizeof(type2->challange)), - sizeof(type2->challange)); + CHECK(krb5_storage_read(in, type2->challenge, sizeof(type2->challenge)), + sizeof(type2->challenge)); CHECK(krb5_ret_uint32(in, &ctx[0]), 0); /* context */ CHECK(krb5_ret_uint32(in, &ctx[1]), 0); CHECK(ret_sec_buffer(in, &targetinfo), 0); /* os version */ -#if 0 - CHECK(krb5_ret_uint32(in, &type2->os[0]), 0); - CHECK(krb5_ret_uint32(in, &type2->os[1]), 0); -#endif + if (type2->flags & NTLM_NEG_VERSION) { + CHECK(krb5_ret_uint32(in, &type2->os[0]), 0); + CHECK(krb5_ret_uint32(in, &type2->os[1]), 0); + } - CHECK(ret_string(in, ucs2, &targetname, &type2->targetname), 0); + CHECK(ret_sec_string(in, ucs2, &targetname, &type2->targetname), 0); CHECK(ret_buf(in, &targetinfo, &type2->targetinfo), 0); ret = 0; out: - krb5_storage_free(in); + if (in) + krb5_storage_free(in); if (ret) heim_ntlm_free_type2(type2); @@ -607,10 +750,10 @@ heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data) uint32_t base; int ucs2 = 0; - if (type2->os[0]) - base = 56; - else - base = 48; + base = 48; + + if (type2->flags & NTLM_NEG_VERSION) + base += 8; if (type2->flags & NTLM_NEG_UNICODE) ucs2 = 1; @@ -628,26 +771,26 @@ heim_ntlm_encode_type2(const struct ntlm_type2 *type2, struct ntlm_buf *data) return ENOMEM; krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), sizeof(ntlmsigature)); CHECK(krb5_store_uint32(out, 2), 0); CHECK(store_sec_buffer(out, &targetname), 0); CHECK(krb5_store_uint32(out, type2->flags), 0); - CHECK(krb5_storage_write(out, type2->challange, sizeof(type2->challange)), - sizeof(type2->challange)); + CHECK(krb5_storage_write(out, type2->challenge, sizeof(type2->challenge)), + sizeof(type2->challenge)); CHECK(krb5_store_uint32(out, 0), 0); /* context */ CHECK(krb5_store_uint32(out, 0), 0); CHECK(store_sec_buffer(out, &targetinfo), 0); /* os version */ - if (type2->os[0]) { + if (type2->flags & NTLM_NEG_VERSION) { CHECK(krb5_store_uint32(out, type2->os[0]), 0); CHECK(krb5_store_uint32(out, type2->os[1]), 0); } CHECK(put_string(out, ucs2, type2->targetname), 0); - CHECK(krb5_storage_write(out, type2->targetinfo.data, + CHECK(krb5_storage_write(out, type2->targetinfo.data, type2->targetinfo.length), type2->targetinfo.length); - + { krb5_data d; ret = krb5_storage_to_data(out, &d); @@ -698,13 +841,14 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf, uint32_t type; krb5_storage *in; struct sec_buffer lm, ntlm, target, username, sessionkey, ws; + uint32_t min_offset = 72; memset(type3, 0, sizeof(*type3)); memset(&sessionkey, 0, sizeof(sessionkey)); in = krb5_storage_from_readonly_mem(buf->data, buf->length); if (in == NULL) { - ret = EINVAL; + ret = ENOMEM; goto out; } krb5_storage_set_byteorder(in, KRB5_STORAGE_BYTEORDER_LE); @@ -714,30 +858,41 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf, CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 3); CHECK(ret_sec_buffer(in, &lm), 0); + if (lm.allocated) + min_offset = min(min_offset, lm.offset); CHECK(ret_sec_buffer(in, &ntlm), 0); + if (ntlm.allocated) + min_offset = min(min_offset, ntlm.offset); CHECK(ret_sec_buffer(in, &target), 0); + if (target.allocated) + min_offset = min(min_offset, target.offset); CHECK(ret_sec_buffer(in, &username), 0); + if (username.allocated) + min_offset = min(min_offset, username.offset); CHECK(ret_sec_buffer(in, &ws), 0); - if (lm.offset >= 60) { + if (ws.allocated) + min_offset = min(min_offset, ws.offset); + + if (min_offset > 52) { CHECK(ret_sec_buffer(in, &sessionkey), 0); - } - if (lm.offset >= 64) { + min_offset = max(min_offset, sessionkey.offset); CHECK(krb5_ret_uint32(in, &type3->flags), 0); } - if (lm.offset >= 72) { + if (min_offset > 52 + 8 + 4 + 8) { CHECK(krb5_ret_uint32(in, &type3->os[0]), 0); CHECK(krb5_ret_uint32(in, &type3->os[1]), 0); } CHECK(ret_buf(in, &lm, &type3->lm), 0); CHECK(ret_buf(in, &ntlm, &type3->ntlm), 0); - CHECK(ret_string(in, ucs2, &target, &type3->targetname), 0); - CHECK(ret_string(in, ucs2, &username, &type3->username), 0); - CHECK(ret_string(in, ucs2, &ws, &type3->ws), 0); + CHECK(ret_sec_string(in, ucs2, &target, &type3->targetname), 0); + CHECK(ret_sec_string(in, ucs2, &username, &type3->username), 0); + CHECK(ret_sec_string(in, ucs2, &ws, &type3->ws), 0); if (sessionkey.offset) CHECK(ret_buf(in, &sessionkey, &type3->sessionkey), 0); out: - krb5_storage_free(in); + if (in) + krb5_storage_free(in); if (ret) heim_ntlm_free_type3(type3); @@ -774,10 +929,10 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) memset(&sessionkey, 0, sizeof(sessionkey)); base = 52; - if (type3->sessionkey.length) { - base += 8; /* sessionkey sec buf */ - base += 4; /* flags */ - } + + base += 8; /* sessionkey sec buf */ + base += 4; /* flags */ + if (type3->os[0]) { base += 8; } @@ -785,15 +940,7 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) if (type3->flags & NTLM_NEG_UNICODE) ucs2 = 1; - lm.offset = base; - lm.length = type3->lm.length; - lm.allocated = type3->lm.length; - - ntlm.offset = lm.offset + lm.allocated; - ntlm.length = type3->ntlm.length; - ntlm.allocated = ntlm.length; - - target.offset = ntlm.offset + ntlm.allocated; + target.offset = base; target.length = len_string(ucs2, type3->targetname); target.allocated = target.length; @@ -805,7 +952,15 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) ws.length = len_string(ucs2, type3->ws); ws.allocated = ws.length; - sessionkey.offset = ws.offset + ws.allocated; + lm.offset = ws.offset + ws.allocated; + lm.length = type3->lm.length; + lm.allocated = type3->lm.length; + + ntlm.offset = lm.offset + lm.allocated; + ntlm.length = type3->ntlm.length; + ntlm.allocated = ntlm.length; + + sessionkey.offset = ntlm.offset + ntlm.allocated; sessionkey.length = type3->sessionkey.length; sessionkey.allocated = type3->sessionkey.length; @@ -814,7 +969,7 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) return ENOMEM; krb5_storage_set_byteorder(out, KRB5_STORAGE_BYTEORDER_LE); - CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), + CHECK(krb5_storage_write(out, ntlmsigature, sizeof(ntlmsigature)), sizeof(ntlmsigature)); CHECK(krb5_store_uint32(out, 3), 0); @@ -823,23 +978,21 @@ heim_ntlm_encode_type3(const struct ntlm_type3 *type3, struct ntlm_buf *data) CHECK(store_sec_buffer(out, &target), 0); CHECK(store_sec_buffer(out, &username), 0); CHECK(store_sec_buffer(out, &ws), 0); - /* optional */ - if (type3->sessionkey.length) { - CHECK(store_sec_buffer(out, &sessionkey), 0); - CHECK(krb5_store_uint32(out, type3->flags), 0); - } + CHECK(store_sec_buffer(out, &sessionkey), 0); + CHECK(krb5_store_uint32(out, type3->flags), 0); + #if 0 CHECK(krb5_store_uint32(out, 0), 0); /* os0 */ CHECK(krb5_store_uint32(out, 0), 0); /* os1 */ #endif - CHECK(put_buf(out, &type3->lm), 0); - CHECK(put_buf(out, &type3->ntlm), 0); CHECK(put_string(out, ucs2, type3->targetname), 0); CHECK(put_string(out, ucs2, type3->username), 0); CHECK(put_string(out, ucs2, type3->ws), 0); + CHECK(put_buf(out, &type3->lm), 0); + CHECK(put_buf(out, &type3->ntlm), 0); CHECK(put_buf(out, &type3->sessionkey), 0); - + { krb5_data d; ret = krb5_storage_to_data(out, &d); @@ -859,26 +1012,27 @@ out: */ static void -splitandenc(unsigned char *hash, - unsigned char *challange, +splitandenc(unsigned char *hash, + unsigned char *challenge, unsigned char *answer) { - DES_cblock key; - DES_key_schedule sched; + EVP_CIPHER_CTX ctx; + unsigned char key[8]; - ((unsigned char*)key)[0] = hash[0]; - ((unsigned char*)key)[1] = (hash[0] << 7) | (hash[1] >> 1); - ((unsigned char*)key)[2] = (hash[1] << 6) | (hash[2] >> 2); - ((unsigned char*)key)[3] = (hash[2] << 5) | (hash[3] >> 3); - ((unsigned char*)key)[4] = (hash[3] << 4) | (hash[4] >> 4); - ((unsigned char*)key)[5] = (hash[4] << 3) | (hash[5] >> 5); - ((unsigned char*)key)[6] = (hash[5] << 2) | (hash[6] >> 6); - ((unsigned char*)key)[7] = (hash[6] << 1); + key[0] = hash[0]; + key[1] = (hash[0] << 7) | (hash[1] >> 1); + key[2] = (hash[1] << 6) | (hash[2] >> 2); + key[3] = (hash[2] << 5) | (hash[3] >> 3); + key[4] = (hash[3] << 4) | (hash[4] >> 4); + key[5] = (hash[4] << 3) | (hash[5] >> 5); + key[6] = (hash[5] << 2) | (hash[6] >> 6); + key[7] = (hash[6] << 1); - DES_set_odd_parity(&key); - DES_set_key(&key, &sched); - DES_ecb_encrypt((DES_cblock *)challange, (DES_cblock *)answer, &sched, 1); - memset(&sched, 0, sizeof(sched)); + EVP_CIPHER_CTX_init(&ctx); + + EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1); + EVP_Cipher(&ctx, answer, challenge, 8); + EVP_CIPHER_CTX_cleanup(&ctx); memset(key, 0, sizeof(key)); } @@ -898,7 +1052,7 @@ int heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) { struct ntlm_buf buf; - MD4_CTX ctx; + EVP_MD_CTX *m; int ret; key->data = malloc(MD5_DIGEST_LENGTH); @@ -911,9 +1065,19 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) heim_ntlm_free_buf(key); return ret; } - MD4_Init(&ctx); - MD4_Update(&ctx, buf.data, buf.length); - MD4_Final(key->data, &ctx); + + m = EVP_MD_CTX_create(); + if (m == NULL) { + heim_ntlm_free_buf(key); + heim_ntlm_free_buf(&buf); + return ENOMEM; + } + + EVP_DigestInit_ex(m, EVP_md4(), NULL); + EVP_DigestUpdate(m, buf.data, buf.length); + EVP_DigestFinal_ex(m, key->data, NULL); + EVP_MD_CTX_destroy(m); + heim_ntlm_free_buf(&buf); return 0; } @@ -923,7 +1087,7 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) * * @param key the ntlm v1 key * @param len length of key - * @param challange sent by the server + * @param challenge sent by the server * @param answer calculated answer, should be freed with heim_ntlm_free_buf(). * * @return In case of success 0 is return, an errors, a errno in what @@ -934,13 +1098,13 @@ heim_ntlm_nt_key(const char *password, struct ntlm_buf *key) int heim_ntlm_calculate_ntlm1(void *key, size_t len, - unsigned char challange[8], + unsigned char challenge[8], struct ntlm_buf *answer) { unsigned char res[21]; if (len != MD4_DIGEST_LENGTH) - return EINVAL; + return HNTLM_ERR_INVALID_LENGTH; memcpy(res, key, len); memset(&res[MD4_DIGEST_LENGTH], 0, sizeof(res) - MD4_DIGEST_LENGTH); @@ -950,13 +1114,116 @@ heim_ntlm_calculate_ntlm1(void *key, size_t len, return ENOMEM; answer->length = 24; - splitandenc(&res[0], challange, ((unsigned char *)answer->data) + 0); - splitandenc(&res[7], challange, ((unsigned char *)answer->data) + 8); - splitandenc(&res[14], challange, ((unsigned char *)answer->data) + 16); + splitandenc(&res[0], challenge, ((unsigned char *)answer->data) + 0); + splitandenc(&res[7], challenge, ((unsigned char *)answer->data) + 8); + splitandenc(&res[14], challenge, ((unsigned char *)answer->data) + 16); return 0; } +int +heim_ntlm_v1_base_session(void *key, size_t len, + struct ntlm_buf *session) +{ + EVP_MD_CTX *m; + + session->length = MD4_DIGEST_LENGTH; + session->data = malloc(session->length); + if (session->data == NULL) { + session->length = 0; + return ENOMEM; + } + + m = EVP_MD_CTX_create(); + if (m == NULL) { + heim_ntlm_free_buf(session); + return ENOMEM; + } + EVP_DigestInit_ex(m, EVP_md4(), NULL); + EVP_DigestUpdate(m, key, len); + EVP_DigestFinal_ex(m, session->data, NULL); + EVP_MD_CTX_destroy(m); + + return 0; +} + +int +heim_ntlm_v2_base_session(void *key, size_t len, + struct ntlm_buf *ntlmResponse, + struct ntlm_buf *session) +{ + unsigned int hmaclen; + HMAC_CTX c; + + if (ntlmResponse->length <= 16) + return HNTLM_ERR_INVALID_LENGTH; + + session->data = malloc(16); + if (session->data == NULL) + return ENOMEM; + session->length = 16; + + /* Note: key is the NTLMv2 key */ + HMAC_CTX_init(&c); + HMAC_Init_ex(&c, key, len, EVP_md5(), NULL); + HMAC_Update(&c, ntlmResponse->data, 16); + HMAC_Final(&c, session->data, &hmaclen); + HMAC_CTX_cleanup(&c); + + return 0; +} + + +int +heim_ntlm_keyex_wrap(struct ntlm_buf *base_session, + struct ntlm_buf *session, + struct ntlm_buf *encryptedSession) +{ + EVP_CIPHER_CTX c; + int ret; + + session->length = MD4_DIGEST_LENGTH; + session->data = malloc(session->length); + if (session->data == NULL) { + session->length = 0; + return ENOMEM; + } + encryptedSession->length = MD4_DIGEST_LENGTH; + encryptedSession->data = malloc(encryptedSession->length); + if (encryptedSession->data == NULL) { + heim_ntlm_free_buf(session); + encryptedSession->length = 0; + return ENOMEM; + } + + EVP_CIPHER_CTX_init(&c); + + ret = EVP_CipherInit_ex(&c, EVP_rc4(), NULL, base_session->data, NULL, 1); + if (ret != 1) { + EVP_CIPHER_CTX_cleanup(&c); + heim_ntlm_free_buf(encryptedSession); + heim_ntlm_free_buf(session); + return HNTLM_ERR_CRYPTO; + } + + if (RAND_bytes(session->data, session->length) != 1) { + EVP_CIPHER_CTX_cleanup(&c); + heim_ntlm_free_buf(encryptedSession); + heim_ntlm_free_buf(session); + return HNTLM_ERR_RAND; + } + + EVP_Cipher(&c, encryptedSession->data, session->data, encryptedSession->length); + EVP_CIPHER_CTX_cleanup(&c); + + return 0; + + + +} + + + /** * Generates an NTLMv1 session random with assosited session master key. * @@ -976,51 +1243,100 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len, struct ntlm_buf *session, struct ntlm_buf *master) { - RC4_KEY rc4; + struct ntlm_buf sess; + int ret; + + ret = heim_ntlm_v1_base_session(key, len, &sess); + if (ret) + return ret; + + ret = heim_ntlm_keyex_wrap(&sess, session, master); + heim_ntlm_free_buf(&sess); + + return ret; +} + +/** + * Generates an NTLMv2 session random with associated session master key. + * + * @param key the NTLMv2 key + * @param len length of key + * @param blob the NTLMv2 "blob" + * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). + * @param master calculated session master key, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + + +int +heim_ntlm_build_ntlm2_master(void *key, size_t len, + struct ntlm_buf *blob, + struct ntlm_buf *session, + struct ntlm_buf *master) +{ + struct ntlm_buf sess; + int ret; + + ret = heim_ntlm_v2_base_session(key, len, blob, &sess); + if (ret) + return ret; + + ret = heim_ntlm_keyex_wrap(&sess, session, master); + heim_ntlm_free_buf(&sess); + + return ret; +} + +/** + * Given a key and encrypted session, unwrap the session key + * + * @param baseKey the sessionBaseKey + * @param encryptedSession encrypted session, type3.session field. + * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_keyex_unwrap(struct ntlm_buf *baseKey, + struct ntlm_buf *encryptedSession, + struct ntlm_buf *session) +{ + EVP_CIPHER_CTX c; - memset(master, 0, sizeof(*master)); memset(session, 0, sizeof(*session)); - if (len != MD4_DIGEST_LENGTH) - return EINVAL; - + if (baseKey->length != MD4_DIGEST_LENGTH) + return HNTLM_ERR_INVALID_LENGTH; + session->length = MD4_DIGEST_LENGTH; session->data = malloc(session->length); if (session->data == NULL) { session->length = 0; - return EINVAL; - } - master->length = MD4_DIGEST_LENGTH; - master->data = malloc(master->length); - if (master->data == NULL) { - heim_ntlm_free_buf(master); + return ENOMEM; + } + EVP_CIPHER_CTX_init(&c); + + if (EVP_CipherInit_ex(&c, EVP_rc4(), NULL, baseKey->data, NULL, 0) != 1) { + EVP_CIPHER_CTX_cleanup(&c); heim_ntlm_free_buf(session); - return EINVAL; + return HNTLM_ERR_CRYPTO; } - - { - unsigned char sessionkey[MD4_DIGEST_LENGTH]; - MD4_CTX ctx; - - MD4_Init(&ctx); - MD4_Update(&ctx, key, len); - MD4_Final(sessionkey, &ctx); - - RC4_set_key(&rc4, sizeof(sessionkey), sessionkey); - } - - if (RAND_bytes(session->data, session->length) != 1) { - heim_ntlm_free_buf(master); - heim_ntlm_free_buf(session); - return EINVAL; - } - - RC4(&rc4, master->length, session->data, master->data); - memset(&rc4, 0, sizeof(rc4)); - + + EVP_Cipher(&c, session->data, encryptedSession->data, session->length); + EVP_CIPHER_CTX_cleanup(&c); + return 0; } + /** * Generates an NTLMv2 session key. * @@ -1030,15 +1346,18 @@ heim_ntlm_build_ntlm1_master(void *key, size_t len, * @param target the name of the target, assumed to be in UTF8. * @param ntlmv2 the ntlmv2 session key * + * @return 0 on success, or an error code on failure. + * * @ingroup ntlm_core */ -void +int heim_ntlm_ntlmv2_key(const void *key, size_t len, const char *username, const char *target, unsigned char ntlmv2[16]) { + int ret; unsigned int hmaclen; HMAC_CTX c; @@ -1046,18 +1365,24 @@ heim_ntlm_ntlmv2_key(const void *key, size_t len, HMAC_Init_ex(&c, key, len, EVP_md5(), NULL); { struct ntlm_buf buf; - /* uppercase username and turn it inte ucs2-le */ - ascii2ucs2le(username, 1, &buf); + /* uppercase username and turn it into ucs2-le */ + ret = ascii2ucs2le(username, 1, &buf); + if (ret) + goto out; HMAC_Update(&c, buf.data, buf.length); free(buf.data); /* uppercase target and turn into ucs2-le */ - ascii2ucs2le(target, 1, &buf); + ret = ascii2ucs2le(target, 1, &buf); + if (ret) + goto out; HMAC_Update(&c, buf.data, buf.length); free(buf.data); } HMAC_Final(&c, ntlmv2, &hmaclen); + out: HMAC_CTX_cleanup(&c); + return ret; } /* @@ -1078,11 +1403,58 @@ static time_t nt2unixtime(uint64_t t) { t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000); - if (t > (((time_t)(~(uint64_t)0)) >> 1)) + if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1)) return 0; return (time_t)t; } +/** + * Calculate LMv2 response + * + * @param key the ntlm key + * @param len length of key + * @param username name of the user, as sent in the message, assumed to be in UTF8. + * @param target the name of the target, assumed to be in UTF8. + * @param serverchallenge challenge as sent by the server in the type2 message. + * @param ntlmv2 calculated session key + * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_calculate_lm2(const void *key, size_t len, + const char *username, + const char *target, + const unsigned char serverchallenge[8], + unsigned char ntlmv2[16], + struct ntlm_buf *answer) +{ + unsigned char clientchallenge[8]; + + if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1) + return HNTLM_ERR_RAND; + + /* calculate ntlmv2 key */ + + heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); + + answer->data = malloc(24); + if (answer->data == NULL) + return ENOMEM; + answer->length = 24; + + heim_ntlm_derive_ntlm2_sess(ntlmv2, clientchallenge, 8, + serverchallenge, answer->data); + + memcpy(((uint8_t *)answer->data) + 16, clientchallenge, 8); + + return 0; +} + /** * Calculate NTLMv2 response @@ -1091,7 +1463,7 @@ nt2unixtime(uint64_t t) * @param len length of key * @param username name of the user, as sent in the message, assumed to be in UTF8. * @param target the name of the target, assumed to be in UTF8. - * @param serverchallange challange as sent by the server in the type2 message. + * @param serverchallenge challenge as sent by the server in the type2 message. * @param infotarget infotarget as sent by the server in the type2 message. * @param ntlmv2 calculated session key * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). @@ -1106,25 +1478,23 @@ int heim_ntlm_calculate_ntlm2(const void *key, size_t len, const char *username, const char *target, - const unsigned char serverchallange[8], + const unsigned char serverchallenge[8], const struct ntlm_buf *infotarget, unsigned char ntlmv2[16], struct ntlm_buf *answer) { krb5_error_code ret; krb5_data data; - unsigned int hmaclen; unsigned char ntlmv2answer[16]; krb5_storage *sp; - unsigned char clientchallange[8]; - HMAC_CTX c; + unsigned char clientchallenge[8]; uint64_t t; - + t = unix2nttime(time(NULL)); - if (RAND_bytes(clientchallange, sizeof(clientchallange)) != 1) - return EINVAL; - + if (RAND_bytes(clientchallenge, sizeof(clientchallenge)) != 1) + return HNTLM_ERR_RAND; + /* calculate ntlmv2 key */ heim_ntlm_ntlmv2_key(key, len, username, target, ntlmv2); @@ -1142,23 +1512,18 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len, CHECK(krb5_store_uint32(sp, t & 0xffffffff), 0); CHECK(krb5_store_uint32(sp, t >> 32), 0); - CHECK(krb5_storage_write(sp, clientchallange, 8), 8); + CHECK(krb5_storage_write(sp, clientchallenge, 8), 8); CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */ - CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), + CHECK(krb5_storage_write(sp, infotarget->data, infotarget->length), infotarget->length); CHECK(krb5_store_uint32(sp, 0), 0); /* unknown but zero will work */ - + CHECK(krb5_storage_to_data(sp, &data), 0); krb5_storage_free(sp); sp = NULL; - HMAC_CTX_init(&c); - HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL); - HMAC_Update(&c, serverchallange, 8); - HMAC_Update(&c, data.data, data.length); - HMAC_Final(&c, ntlmv2answer, &hmaclen); - HMAC_CTX_cleanup(&c); + heim_ntlm_derive_ntlm2_sess(ntlmv2, data.data, data.length, serverchallenge, ntlmv2answer); sp = krb5_storage_emem(); if (sp == NULL) { @@ -1169,7 +1534,7 @@ heim_ntlm_calculate_ntlm2(const void *key, size_t len, CHECK(krb5_storage_write(sp, ntlmv2answer, 16), 16); CHECK(krb5_storage_write(sp, data.data, data.length), data.length); krb5_data_free(&data); - + CHECK(krb5_storage_to_data(sp, &data), 0); krb5_storage_free(sp); sp = NULL; @@ -1194,7 +1559,7 @@ static const int authtimediff = 3600 * 2; /* 2 hours */ * @param username name of the user, as sent in the message, assumed to be in UTF8. * @param target the name of the target, assumed to be in UTF8. * @param now the time now (0 if the library should pick it up itself) - * @param serverchallange challange as sent by the server in the type2 message. + * @param serverchallenge challenge as sent by the server in the type2 message. * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). * @param infotarget infotarget as sent by the server in the type2 message. * @param ntlmv2 calculated session key @@ -1210,27 +1575,25 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, const char *username, const char *target, time_t now, - const unsigned char serverchallange[8], + const unsigned char serverchallenge[8], const struct ntlm_buf *answer, struct ntlm_buf *infotarget, unsigned char ntlmv2[16]) { krb5_error_code ret; - unsigned int hmaclen; unsigned char clientanswer[16]; unsigned char clientnonce[8]; unsigned char serveranswer[16]; krb5_storage *sp; - HMAC_CTX c; - uint64_t t; time_t authtime; uint32_t temp; + uint64_t t; - infotarget->length = 0; - infotarget->data = NULL; + infotarget->length = 0; + infotarget->data = NULL; if (answer->length < 16) - return EINVAL; + return HNTLM_ERR_INVALID_LENGTH; if (now == 0) now = time(NULL); @@ -1261,11 +1624,11 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, authtime = nt2unixtime(t); if (abs((int)(authtime - now)) > authtimediff) { - ret = EINVAL; + ret = HNTLM_ERR_TIME_SKEW; goto out; } - /* client challange */ + /* client challenge */ CHECK(krb5_storage_read(sp, clientnonce, 8), 8); CHECK(krb5_ret_uint32(sp, &temp), 0); /* unknown */ @@ -1277,22 +1640,25 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len, ret = ENOMEM; goto out; } - CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), + CHECK(krb5_storage_read(sp, infotarget->data, infotarget->length), infotarget->length); /* XXX remove the unknown ?? */ krb5_storage_free(sp); sp = NULL; - HMAC_CTX_init(&c); - HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL); - HMAC_Update(&c, serverchallange, 8); - HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16); - HMAC_Final(&c, serveranswer, &hmaclen); - HMAC_CTX_cleanup(&c); + if (answer->length < 16) { + ret = HNTLM_ERR_INVALID_LENGTH; + goto out; + } + + heim_ntlm_derive_ntlm2_sess(ntlmv2, + ((unsigned char *)answer->data) + 16, answer->length - 16, + serverchallenge, + serveranswer); if (memcmp(serveranswer, clientanswer, 16) != 0) { heim_ntlm_free_buf(infotarget); - return EINVAL; + return HNTLM_ERR_AUTH; } return 0; @@ -1326,13 +1692,20 @@ heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8], struct ntlm_buf *lm, struct ntlm_buf *ntlm) { - unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH]; + unsigned char ntlm2_sess_hash[8]; unsigned char res[21], *resp; - MD5_CTX md5; + int code; + + code = heim_ntlm_calculate_ntlm2_sess_hash(clnt_nonce, svr_chal, + ntlm2_sess_hash); + if (code) { + return code; + } lm->data = malloc(24); - if (lm->data == NULL) + if (lm->data == NULL) { return ENOMEM; + } lm->length = 24; ntlm->data = malloc(24); @@ -1347,11 +1720,6 @@ heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8], memset(lm->data, 0, 24); memcpy(lm->data, clnt_nonce, 8); - MD5_Init(&md5); - MD5_Update(&md5, svr_chal, 8); /* session nonce part 1 */ - MD5_Update(&md5, clnt_nonce, 8); /* session nonce part 2 */ - MD5_Final(ntlm2_sess_hash, &md5); /* will only use first 8 bytes */ - memset(res, 0, sizeof(res)); memcpy(res, ntlm_hash, 16); @@ -1362,3 +1730,74 @@ heim_ntlm_calculate_ntlm2_sess(const unsigned char clnt_nonce[8], return 0; } + + +/* + * Calculate the NTLM2 Session "Verifier" + * + * @param clnt_nonce client nonce + * @param svr_chal server challage + * @param hash The NTLM session verifier + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +int +heim_ntlm_calculate_ntlm2_sess_hash(const unsigned char clnt_nonce[8], + const unsigned char svr_chal[8], + unsigned char verifier[8]) +{ + unsigned char ntlm2_sess_hash[MD5_DIGEST_LENGTH]; + EVP_MD_CTX *m; + + m = EVP_MD_CTX_create(); + if (m == NULL) + return ENOMEM; + + EVP_DigestInit_ex(m, EVP_md5(), NULL); + EVP_DigestUpdate(m, svr_chal, 8); /* session nonce part 1 */ + EVP_DigestUpdate(m, clnt_nonce, 8); /* session nonce part 2 */ + EVP_DigestFinal_ex(m, ntlm2_sess_hash, NULL); /* will only use first 8 bytes */ + EVP_MD_CTX_destroy(m); + + memcpy(verifier, ntlm2_sess_hash, 8); + + return 0; +} + + +/* + * Derive a NTLM2 session key + * + * @param sessionkey session key from domain controller + * @param clnt_nonce client nonce + * @param svr_chal server challenge + * @param derivedkey salted session key + * + * @return In case of success 0 is return, an errors, a errno in what + * went wrong. + * + * @ingroup ntlm_core + */ + +void +heim_ntlm_derive_ntlm2_sess(const unsigned char sessionkey[16], + const unsigned char *clnt_nonce, size_t clnt_nonce_length, + const unsigned char svr_chal[8], + unsigned char derivedkey[16]) +{ + unsigned int hmaclen; + HMAC_CTX c; + + /* HMAC(Ksession, serverchallenge || clientchallenge) */ + HMAC_CTX_init(&c); + HMAC_Init_ex(&c, sessionkey, 16, EVP_md5(), NULL); + HMAC_Update(&c, svr_chal, 8); + HMAC_Update(&c, clnt_nonce, clnt_nonce_length); + HMAC_Final(&c, derivedkey, &hmaclen); + HMAC_CTX_cleanup(&c); +} + diff --git a/crypto/heimdal/lib/ntlm/ntlm_err.et b/crypto/heimdal/lib/ntlm/ntlm_err.et new file mode 100644 index 00000000000..0fd6e00a21c --- /dev/null +++ b/crypto/heimdal/lib/ntlm/ntlm_err.et @@ -0,0 +1,24 @@ +# +# Error messages for the ntlm library +# +# This might look like a com_err file, but is not +# + +error_table ntlm + +prefix HNTLM_ERR +error_code DECODE, "Failed to decode packet" +error_code INVALID_LENGTH, "Input length invalid" +error_code CRYPTO, "Failed crypto primitive" +error_code RAND, "Random generator failed" +error_code AUTH, "NTLM authentication failed" +error_code TIME_SKEW, "Client time skewed to server" +error_code OEM, "Client set OEM string" +error_code MISSING_NAME_SEPARATOR, "missing @ or \ in name" +error_code MISSING_BUFFER, "missing expected buffer" +error_code INVALID_APOP, "Invalid APOP response" +error_code INVALID_CRAM_MD5, "Invalid CRAM-MD5 response" +error_code INVALID_DIGEST_MD5, "Invalid DIGEST-MD5 response" +error_code INVALID_DIGEST_MD5_RSPAUTH, "Invalid DIGEST-MD5 rspauth" + +end diff --git a/crypto/heimdal/lib/ntlm/test_ntlm.c b/crypto/heimdal/lib/ntlm/test_ntlm.c index 11eceb01cc6..5a995adae48 100644 --- a/crypto/heimdal/lib/ntlm/test_ntlm.c +++ b/crypto/heimdal/lib/ntlm/test_ntlm.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -38,15 +38,13 @@ #include #include -RCSID("$Id: test_ntlm.c 22377 2007-12-28 18:38:53Z lha $"); - -#include +#include /* or */ #include static int test_parse(void) { - const char *user = "foo", + const char *user = "foo", *domain = "mydomain", *password = "digestpassword", *target = "DOMAIN"; @@ -54,9 +52,8 @@ test_parse(void) struct ntlm_type2 type2; struct ntlm_type3 type3; struct ntlm_buf data; - krb5_error_code ret; - int flags; - + int ret, flags; + memset(&type1, 0, sizeof(type1)); type1.flags = NTLM_NEG_UNICODE|NTLM_NEG_TARGET|NTLM_NEG_NTLM; @@ -87,7 +84,7 @@ test_parse(void) flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN; type2.flags = flags; - memset(type2.challange, 0x7f, sizeof(type2.challange)); + memset(type2.challenge, 0x7f, sizeof(type2.challenge)); type2.targetname = rk_UNCONST(target); type2.targetinfo.data = NULL; type2.targetinfo.length = 0; @@ -121,7 +118,7 @@ test_parse(void) heim_ntlm_nt_key(password, &key); heim_ntlm_calculate_ntlm1(key.data, key.length, - type2.challange, + type2.challenge, &type3.ntlm); free(key.data); } @@ -160,7 +157,7 @@ test_parse(void) flags = NTLM_NEG_UNICODE | NTLM_NEG_NTLM | NTLM_TARGET_DOMAIN; type2.flags = flags; - memset(type2.challange, 0x7f, sizeof(type2.challange)); + memset(type2.challenge, 0x7f, sizeof(type2.challenge)); type2.targetname = rk_UNCONST(target); type2.targetinfo.data = "\x00\x00"; type2.targetinfo.length = 2; @@ -188,12 +185,12 @@ test_keys(void) *username = "test", *password = "test1234", *target = "TESTNT"; - const unsigned char - serverchallange[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c"; + const unsigned char + serverchallenge[8] = "\x67\x7f\x1c\x55\x7a\x5e\xe9\x6c"; struct ntlm_buf infotarget, infotarget2, answer, key; unsigned char ntlmv2[16], ntlmv2_1[16]; int ret; - + infotarget.length = 70; infotarget.data = "\x02\x00\x0c\x00\x54\x00\x45\x00\x53\x00\x54\x00\x4e\x00\x54\x00" @@ -212,7 +209,7 @@ test_keys(void) key.length, username, target, - serverchallange, + serverchallenge, &infotarget, ntlmv2, &answer); @@ -224,7 +221,7 @@ test_keys(void) username, target, 0, - serverchallange, + serverchallenge, &answer, &infotarget2, ntlmv2_1); @@ -253,18 +250,18 @@ test_ntlm2_session_resp(void) int ret; struct ntlm_buf lm, ntlm; - const unsigned char lm_resp[24] = + const unsigned char lm_resp[24] = "\xff\xff\xff\x00\x11\x22\x33\x44" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00"; - const unsigned char ntlm2_sess_resp[24] = + const unsigned char ntlm2_sess_resp[24] = "\x10\xd5\x50\x83\x2d\x12\xb2\xcc" "\xb7\x9d\x5a\xd1\xf4\xee\xd3\xdf" "\x82\xac\xa4\xc3\x68\x1d\xd4\x55"; - + const unsigned char client_nonce[8] = "\xff\xff\xff\x00\x11\x22\x33\x44"; - const unsigned char server_challange[8] = + const unsigned char server_challenge[8] = "\x01\x23\x45\x67\x89\xab\xcd\xef"; const unsigned char ntlm_hash[16] = @@ -272,7 +269,7 @@ test_ntlm2_session_resp(void) "\x1d\x33\xb7\x48\x5a\x2e\xd8\x08"; ret = heim_ntlm_calculate_ntlm2_sess(client_nonce, - server_challange, + server_challenge, ntlm_hash, &lm, &ntlm); @@ -283,7 +280,7 @@ test_ntlm2_session_resp(void) errx(1, "lm_resp wrong"); if (ntlm.length != 24 || memcmp(ntlm.data, ntlm2_sess_resp, 24) != 0) errx(1, "ntlm2_sess_resp wrong"); - + free(lm.data); free(ntlm.data); @@ -291,10 +288,45 @@ test_ntlm2_session_resp(void) return 0; } +static int +test_targetinfo(void) +{ + struct ntlm_targetinfo ti; + struct ntlm_buf buf; + const char *dnsservername = "dnsservername"; + int ret; + + memset(&ti, 0, sizeof(ti)); + + ti.dnsservername = rk_UNCONST(dnsservername); + ti.avflags = 1; + ret = heim_ntlm_encode_targetinfo(&ti, 1, &buf); + if (ret) + return ret; + + memset(&ti, 0, sizeof(ti)); + + ret = heim_ntlm_decode_targetinfo(&buf, 1, &ti); + if (ret) + return ret; + + if (ti.dnsservername == NULL || + strcmp(ti.dnsservername, dnsservername) != 0) + errx(1, "ti.dnshostname != %s", dnsservername); + if (ti.avflags != 1) + errx(1, "ti.avflags != 1"); + + heim_ntlm_free_targetinfo(&ti); + + return 0; +} + +static int verbose_flag = 0; static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { + {"verbose", 0, arg_flag, &verbose_flag, "verbose printing", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, {"help", 0, arg_flag, &help_flag, NULL, NULL } }; @@ -316,7 +348,7 @@ main(int argc, char **argv) if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); - + if (help_flag) usage (0); @@ -328,12 +360,21 @@ main(int argc, char **argv) argc -= optind; argv += optind; - printf("test_parse\n"); + if (verbose_flag) + printf("test_parse\n"); + ret += test_parse(); - printf("test_keys\n"); + if (verbose_flag) + printf("test_keys\n"); + ret += test_keys(); - printf("test_ntlm2_session_resp\n"); + if (verbose_flag) + printf("test_ntlm2_session_resp\n"); ret += test_ntlm2_session_resp(); - return 0; + if (verbose_flag) + printf("test_targetinfo\n"); + ret += test_targetinfo(); + + return ret; } diff --git a/crypto/heimdal/lib/ntlm/version-script.map b/crypto/heimdal/lib/ntlm/version-script.map index 654a630cec1..6fe67a618fe 100644 --- a/crypto/heimdal/lib/ntlm/version-script.map +++ b/crypto/heimdal/lib/ntlm/version-script.map @@ -1,8 +1,9 @@ -# $Id: version-script.map 22041 2007-11-11 07:43:27Z lha $ +# $Id$ HEIMDAL_NTLM_1.0 { global: heim_ntlm_build_ntlm1_master; + heim_ntlm_calculate_lm2; heim_ntlm_calculate_ntlm1; heim_ntlm_calculate_ntlm2; heim_ntlm_calculate_ntlm2_sess; @@ -22,6 +23,8 @@ HEIMDAL_NTLM_1.0 { heim_ntlm_nt_key; heim_ntlm_ntlmv2_key; heim_ntlm_verify_ntlm2; + heim_ntlm_unparse_flags; + initialize_ntlm_error_table_r; local: *; }; diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog index 6a9abe72078..518987b26ab 100644 --- a/crypto/heimdal/lib/roken/ChangeLog +++ b/crypto/heimdal/lib/roken/ChangeLog @@ -1,8 +1,41 @@ -2008-01-12 Love Hörnquist Åstrand +2008-07-12 Love Hörnquist Ã…strand + + * rkpty.c: Always print output for status. + +2008-04-27 Love Hörnquist Ã…strand + + * getaddrinfo-test.c: drop ) + + * Makefile.am: Add rkpty. + + * rkpty.c: More includes. + + * rkpty.c: Add timeout, add password command, add diffrent + verbosity levels. + +2008-04-26 Love Hörnquist Ã…strand + + * rkpty.c: pty testing application + +2008-04-07 Love Hörnquist Ã…strand + + * resolve.c: Use unsigned where appropriate. + +2008-02-23 Love Hörnquist Ã…strand + + * Makefile.am: make AM_CPPFLAGS += + +2008-02-22 Love Hörnquist Ã…strand + + * Makefile.am: Use AM_CPPFLAGS instead, not really right, but + definatly better then CPPFLAGS. Thanks to Mike Whitton for + pointing this out. + +2008-01-12 Love Hörnquist Ã…strand * Makefile.am: add missing files. -2007-08-09 Love Hörnquist Åstrand +2007-08-09 Love Hörnquist Ã…strand * strftime.c: rewrite str[pf]time for testing. @@ -10,7 +43,7 @@ * Makefile.am: add TEST_STRPFTIME -2007-07-17 Love Hörnquist Åstrand +2007-07-17 Love Hörnquist Ã…strand * ndbm_wrap.c (dbm_get): set dsize to 0 on failure. @@ -18,7 +51,7 @@ * ndbm_wrap.c (dbm_fetch): set dsize to 0 on failure. -2007-07-16 Love Hörnquist Åstrand +2007-07-16 Love Hörnquist Ã…strand * socket_wrapper.c: Implement swrap_dup too. @@ -26,19 +59,19 @@ * socket_wrapper.h: Add dup(dummy stub) and dup2(real). -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * Makefile.am: New library version. -2007-06-19 Love Hörnquist Åstrand +2007-06-19 Love Hörnquist Ã…strand * roken_gethostby.c: set proxy_port to 0 to pacify BEAM. -2007-06-07 Love Hörnquist Åstrand +2007-06-07 Love Hörnquist Ã…strand * use "roken.h" consitantly -2007-06-03 Love Hörnquist Åstrand +2007-06-03 Love Hörnquist Ã…strand * test-readenv.c: Free environment. @@ -48,20 +81,20 @@ * roken-common.h (free_environment): free result of read_environment(). -2007-05-10 Love Hörnquist Åstrand +2007-05-10 Love Hörnquist Ã…strand * fnmatch.c: Do recursive call to rk_fnmatch -2007-01-12 Love Hörnquist Åstrand +2007-01-12 Love Hörnquist Ã…strand * resolve.c: Try harder to call res_ndestroy(). -2006-12-27 Love Hörnquist Åstrand +2006-12-27 Love Hörnquist Ã…strand * Makefile.am: make sure built headers are copied to the ${build_topdir}/include -2006-12-15 Love Hörnquist Åstrand +2006-12-15 Love Hörnquist Ã…strand * unvis.c: Use internal version of rk_unvis @@ -73,11 +106,11 @@ * unvis.c: prefix unvis functions with rk_, and prototypes. -2006-12-13 Love Hörnquist Åstrand +2006-12-13 Love Hörnquist Ã…strand * vis.c: Provide some prototypes for the rk_vis functions. -2006-12-11 Love Hörnquist Åstrand +2006-12-11 Love Hörnquist Ã…strand * ifaddrs.hin: Prefix getifaddrs functions with rk_ and do symbol renaming. @@ -93,11 +126,11 @@ * Makefile.am: Install extra posix headers in to avoid dup headers. -2006-11-09 Love Hörnquist Åstrand +2006-11-09 Love Hörnquist Ã…strand * socket_wrapper.c (swrap_sendto): fail on to unknown si->type -2006-11-06 Love Hörnquist Åstrand +2006-11-06 Love Hörnquist Ã…strand * socket_wrapper.c: A few fixes to have Heimdal pass the make check under socket_wrapper. The first is a missing 'break' before @@ -107,11 +140,11 @@ unix stream sockets, but not for TCP sockets. The alternate fix would be to have the KDC use 'send()' in this case. Andrew Bartlett. -2006-10-20 Love Hörnquist Åstrand +2006-10-20 Love Hörnquist Ã…strand * Makefile.am: split dist and nondist HEADERS -2006-10-19 Love Hörnquist Åstrand +2006-10-19 Love Hörnquist Ã…strand * roken.h.in: Add timegm glue. @@ -123,7 +156,7 @@ * socket_wrapper.c: Maybe include and/or maybe include . -2006-10-17 Love Hörnquist Åstrand +2006-10-17 Love Hörnquist Ã…strand * roken.h.in: Revert prevois for now, the problem is that we have to include symbols unconditionally, even for those that just needs @@ -133,7 +166,7 @@ * socket_wrapper.c: Maybe include . -2006-10-10 Love Hörnquist Åstrand +2006-10-10 Love Hörnquist Ã…strand * socket_wrapper.c: more consitity check, remove dead code, add socket length code, add missing break, make diffrent chars of type @@ -145,7 +178,7 @@ * socket_wrapper.c: Force no socket wrapper for socket_wrapper itself. -2006-10-09 Love Hörnquist Åstrand +2006-10-09 Love Hörnquist Ã…strand * socket_wrapper.c: Maybe include . @@ -158,7 +191,7 @@ * socket_wrapper.[ch]: Include socket wrapper from samba4 (rev 19179). -2006-10-07 Love Hörnquist Åstrand +2006-10-07 Love Hörnquist Ã…strand * Makefile.am: Add build_HEADERZ to EXTRA_DIST @@ -166,13 +199,13 @@ * Makefile.am: Add to all objects BUILD_ROKEN_LIB. -2006-09-16 Love Hörnquist Åstrand +2006-09-16 Love Hörnquist Ã…strand * roken.h.in: Add samba socket wrapper fragment. * Makefile.am: Add samba socket wrapper fragment. -2006-09-05 Love Hörnquist Åstrand +2006-09-05 Love Hörnquist Ã…strand * snprintf.c: reapply patch that went away in last commit @@ -182,7 +215,7 @@ * snprintf-test.c: add tests for size_t printf formater -2006-06-30 Love Hörnquist Åstrand +2006-06-30 Love Hörnquist Ã…strand * rtbl.h: Add extern "C" for C++. @@ -190,7 +223,7 @@ * rtbl.h: Add rtbl_add_column_entryv functions, printf like -2006-06-22 Love Hörnquist Åstrand +2006-06-22 Love Hörnquist Ã…strand * glob.hin: Add extern "C" for C++. From joerg at britannica dot bec dot de @@ -198,18 +231,18 @@ * fnmatch.hin: Add extern "C" for C++. From joerg at britannica dot bec dot de -2006-04-20 Love Hörnquist Åstrand +2006-04-20 Love Hörnquist Ã…strand * fnmatch.hin (fnmatch): CPP rename to rk_fnmatch -2006-04-14 Love Hörnquist Åstrand +2006-04-14 Love Hörnquist Ã…strand * resolve.c (dns_srv_order): change a if (ptr == NULL) continue into a assert(ptr != NULL) since it could never happen, found by the IBM code checker (beam). Thanks to Florian Krohm for explaining it. -2006-04-02 Love Hörnquist Åstrand +2006-04-02 Love Hörnquist Ã…strand * roken_gethostby.c (roken_gethostby): make addr_list one larger to avoid a off-by-one error. Found by IBM checker. @@ -217,11 +250,11 @@ * resolve.c: Plug memory leak found by IBM checker (and try to please it). -2006-02-06 Love Hörnquist Åstrand +2006-02-06 Love Hörnquist Ã…strand * resolve.c: Spelling, from Alexey Dobriyan, via Jason McIntyre -2006-01-13 Love Hörnquist Åstrand +2006-01-13 Love Hörnquist Ã…strand * getcap.c: Don't use db support unless its build into libc but we dont check for that now, so just disable the code. This removes @@ -231,7 +264,7 @@ application calls getpwnamn() and it linked to roken, it craches in the nss functions. -2006-01-09 Love Hörnquist Åstrand +2006-01-09 Love Hörnquist Ã…strand * hex.c (hex_decode): support decoding odd number of characters, in the odd len case, the first character ends up in the first byte @@ -239,12 +272,12 @@ * hex-test.c: Check that we can decode single character hex chars. -2005-12-12 Love Hörnquist Åstrand +2005-12-12 Love Hörnquist Ã…strand * getifaddrs.c: Try handle HP/UX 11.nn, its diffrent from Solaris large SIOCGIFCONF. -2005-09-28 Love Hörnquist Åstrand +2005-09-28 Love Hörnquist Ã…strand * roken-common.h: Move rk_UNCONST to roken.h.in since it might use uintptr_t depending on avaibility. @@ -252,46 +285,46 @@ * roken.h.in: Include if it exists. If avaiable, use uintptr_t to define rk_UNCONST. -2005-09-22 Love Hörnquist Åstrand +2005-09-22 Love Hörnquist Ã…strand * roken-common.h: Add rk_dumpdata. * dumpdata.c: Add rk_dumpdata() that write a chunk of data into a file for later processing by some other tool (like asn1_print). -2005-09-13 Love Hörnquist Åstrand +2005-09-13 Love Hörnquist Ã…strand * strptime.c: cast to unsigned char to make sure its not negative when passing it to is* functions -2005-09-01 Love Hörnquist Åstrand +2005-09-01 Love Hörnquist Ã…strand * socket.c: Add socket_set_ipv6only. * roken-common.h: Add socket_set_ipv6only, remove some argument names. -2005-08-25 Love Hörnquist Åstrand +2005-08-25 Love Hörnquist Ã…strand * strpool.c (rk_strpoolprintf): remove debug printf, plug memory leak -2005-08-23 Love Hörnquist Åstrand +2005-08-23 Love Hörnquist Ã…strand * setprogname.c (setprogname): const poision * print_version.c: Removed, moved to libvers. -2005-08-22 Love Hörnquist Åstrand +2005-08-22 Love Hörnquist Ã…strand * resolve.c (dns_lookup_int): if we have res_ndestroy, prefeer that before res_nclose -2005-08-12 Love Hörnquist Åstrand +2005-08-12 Love Hörnquist Ã…strand * getaddrinfo-test.c: Rename optind to optidx to avoid shadowing. -2005-08-05 Love Hörnquist Åstrand +2005-08-05 Love Hörnquist Ã…strand * gai_strerror.c: sprinkel more const @@ -299,21 +332,21 @@ const to match SUSv3. Prompted by Stefan Metzmacher change to Samba. -2005-07-19 Love Hörnquist Åstrand +2005-07-19 Love Hörnquist Ã…strand * roken.h.in: Remove parameter names to avoid shadow warnings. -2005-07-13 Love Hörnquist Åstrand +2005-07-13 Love Hörnquist Ã…strand * getifaddrs.c (nl_getlist): poll to get messages from kernel, and retry if the message was lost (free_nlmsglist): free all linked elements, not just the first one -2005-07-08 Love Hörnquist Åstrand +2005-07-08 Love Hörnquist Ã…strand * snprintf-test.c: Check a very simple format string -2005-07-07 Love Hörnquist Åstrand +2005-07-07 Love Hörnquist Ã…strand * roken.h.in: If we have include it, its needed for strcasecmp() on those platforms that are SUS3/iso c99 strict (like @@ -321,15 +354,15 @@ * roken-common.h: remove duplicate ; -2005-07-06 Love Hörnquist Åstrand +2005-07-06 Love Hörnquist Ã…strand * roken-common.h: rk_strpoolprintf first variable identifier is 3 -2005-06-30 Love Hörnquist Åstrand +2005-06-30 Love Hörnquist Ã…strand * base64.h: remove variable names -2005-06-29 Love Hörnquist Åstrand +2005-06-29 Love Hörnquist Ã…strand * roken-common.h: fix format attribute @@ -341,11 +374,11 @@ * strpool.c: add strpool, a printf collector to make it eaiser to collect strings into one string -2005-06-23 Love Hörnquist Åstrand +2005-06-23 Love Hörnquist Ã…strand * base64.c: Add const, from Andrew Abartlet -2005-06-21 Love Hörnquist Åstrand +2005-06-21 Love Hörnquist Ã…strand * strpftime-test.c: test for "%Y%m" @@ -355,7 +388,7 @@ to limit that amount of numbers used, with this strptime can handle strptime("200505", "%Y%m", &tm); -2005-06-16 Love Hörnquist Åstrand +2005-06-16 Love Hörnquist Ã…strand * getaddrinfo.c: avoid shadowing sin @@ -376,13 +409,13 @@ * environment.c: rename index to idx to avoid shadowing -2005-05-29 Love Hörnquist Åstrand +2005-05-29 Love Hörnquist Ã…strand * parse_reply-test.c: avoid signedness warnings * test-mem.c: avoid signedness warnings -2005-05-27 Love Hörnquist Åstrand +2005-05-27 Love Hörnquist Ã…strand * hex.c: include "roken.h" to avoid undefined size_t/ssize_t @@ -390,12 +423,12 @@ * Makefile.am (snprintf_test_SOURCES): Add snprintf-test.h. -2005-05-20 Love Hörnquist Åstrand +2005-05-20 Love Hörnquist Ã…strand * environment.c (rk_read_env_file): move assignment to later to make pre c99 compiler happy -2005-05-18 Love Hörnquist Åstrand +2005-05-18 Love Hörnquist Ã…strand * strptime.c: use english spelling of March @@ -409,7 +442,7 @@ * environment.c: eliminate duplicates -2005-05-13 Love Hörnquist Åstrand +2005-05-13 Love Hörnquist Ã…strand * issuid.c (issuid): change the #ifdef order to avoid unreachable code warning. @@ -432,7 +465,7 @@ * test-mem.c: Add member fd to map. (rk_test_mem_alloc, rk_test_mem_free): Use it. -2005-04-30 Love Hörnquist Åstrand +2005-04-30 Love Hörnquist Ã…strand * getifaddrs.c: add break on default: statements, from Douglas E. Engert @@ -445,7 +478,7 @@ * parse_time-test.c: Include . -2005-04-27 Love Hörnquist Åstrand +2005-04-27 Love Hörnquist Ã…strand * parse_time-test.c: improve testing @@ -459,7 +492,7 @@ * getusershell.c: Include roken.h -2005-04-18 Love Hörnquist Åstrand +2005-04-18 Love Hörnquist Ã…strand * unvis.c: cast to unsigned char to make sure its not negative when passing it to is* functions @@ -467,7 +500,7 @@ * strptime.c: cast to unsigned char to make sure its not negative when passing it to to* functions -2005-04-13 Love Hörnquist Åstrand +2005-04-13 Love Hörnquist Ã…strand * simple_exec.c: don't close stderr, close all fd that is num 3 and larger @@ -476,19 +509,19 @@ * add closefrom -2005-04-12 Love Hörnquist Åstrand +2005-04-12 Love Hörnquist Ã…strand * add ROKEN_LIB_FUNCTION to all exported functions -2005-04-10 Love Hörnquist Åstrand +2005-04-10 Love Hörnquist Ã…strand * resolve-test.c: print DS -2005-04-07 Love Hörnquist Åstrand +2005-04-07 Love Hörnquist Ã…strand * parse_time-test.c: remove unused variable -2005-04-04 Love Hörnquist Åstrand +2005-04-04 Love Hörnquist Ã…strand * strpftime-test.c: print size_t by casting to unsigned long @@ -498,12 +531,12 @@ * resolve-test.c: print size_t by casting to unsigned long -2005-04-01 Love Hörnquist Åstrand +2005-04-01 Love Hörnquist Ã…strand * snprintf-test.c (try): reset va_list argument between reuse, from Peter Kruty -2005-03-30 Love Hörnquist Åstrand +2005-03-30 Love Hörnquist Ã…strand * roken_gethostby.c (roken_gethostby): s/sin/addr/ to avoid shadowing @@ -512,20 +545,20 @@ * parse_units.c: avoid shadowing div -2005-03-26 Love Hörnquist Åstrand +2005-03-26 Love Hörnquist Ã…strand * snprintf.c: use defined(TEST_SNPRINTF) like on all other places in the same file -2005-03-21 Love Hörnquist Åstrand +2005-03-21 Love Hörnquist Ã…strand * hex.c: check for overflows -2005-03-18 Love Hörnquist Åstrand +2005-03-18 Love Hörnquist Ã…strand * vis.c: use RCSID instead of __RCSID -2005-03-06 Love Hörnquist Åstrand +2005-03-06 Love Hörnquist Ã…strand * Makefile.am: check_PROGRAMS += hex-test @@ -534,13 +567,13 @@ * hex.c: fix decodeing, it processed to much data and thus returned the wrong length -2005-03-04 Love Hörnquist Åstrand +2005-03-04 Love Hörnquist Ã…strand * Makefile.am: add hex.[ch] * hex.c: add hex encoder/decoder -2005-03-02 Love Hörnquist Åstrand +2005-03-02 Love Hörnquist Ã…strand * daemon.c fnmatch.c fnmatch.hin getcap.c getopt.c getusershell.c glob.c glob.hin iruserok.c unvis.c vis.hin: @@ -556,7 +589,7 @@ * vis.c: Update new revision from NetBSD (copyright update) -2005-02-24 Love Hörnquist Åstrand +2005-02-24 Love Hörnquist Ã…strand * Makefile.am: bump version to 17:0:1 @@ -565,7 +598,7 @@ * getusershell.c: Include ctype.h, cast argument to isspace to unsigned char. -2004-10-31 Love Hörnquist Åstrand +2004-10-31 Love Hörnquist Ã…strand * parse_time.3, parse_units.c: Change the behavior of the parse_unit code to return the number of bytes needed to print the @@ -574,7 +607,7 @@ * parse_time-test.c Makefile.am test-mem.c test-mem.h: test parse_time -2004-10-16 Love Hörnquist Åstrand +2004-10-16 Love Hörnquist Ã…strand * resolve.c: put dns_type_to_string and dns_string_to_type in the abi @@ -583,20 +616,20 @@ * resolve.h: add ds_record -2004-10-06 Love Hörnquist Åstrand +2004-10-06 Love Hörnquist Ã…strand * ndbm_wrap.c: undefine open so this works on solaris with large file support From netbsd's pkgsrc via Gavan Fantom -2004-09-13 Love Hörnquist Åstrand +2004-09-13 Love Hörnquist Ã…strand * resolve-test.c: add --version/--help -2004-09-12 Love Hörnquist Åstrand +2004-09-12 Love Hörnquist Ã…strand * Makefile.am: make resolve-test a noinst program -2004-09-11 Love Hörnquist Åstrand +2004-09-11 Love Hörnquist Ã…strand * resolve-test.c: test program for libroken resolve from resolve.c @@ -614,7 +647,7 @@ * Makefile.am: always clean generated headers -2004-06-26 Love Hörnquist Åstrand +2004-06-26 Love Hörnquist Ã…strand * rtbl.3: use .In for header, remove trailing space @@ -630,20 +663,20 @@ - ability to end a row - don't extend last column to full width -2004-06-20 Love Hörnquist Åstrand +2004-06-20 Love Hörnquist Ã…strand * resolve.[ch]: add and use and bind9 version of rr type (rk_ns_t_XXX) instead of the old bind4 version (T_XXX) -2004-05-25 Love Hörnquist Åstrand +2004-05-25 Love Hörnquist Ã…strand * resolve.c (stot): add AAAA -2004-02-17 Love Hörnquist Åstrand +2004-02-17 Love Hörnquist Ã…strand * getarg.c (add_string): catch error from realloc -2004-02-12 Love Hörnquist Åstrand +2004-02-12 Love Hörnquist Ã…strand * roken-common.h: add simple_execve_timed @@ -651,11 +684,11 @@ * simple_exec.c: add timed simple_exec -2004-01-05 Love Hörnquist Åstrand +2004-01-05 Love Hörnquist Ã…strand * gai_strerror.c: correct ifdef for EAI_ADDRFAMILY -2003-12-14 Love Hörnquist Åstrand +2003-12-14 Love Hörnquist Ã…strand * resolve.c: parse dns header, add support for SSHFP @@ -663,35 +696,35 @@ * resolve.h: add SSHFP, clean up the the dns_header -2003-12-14 Love Hörnquist Åstrand +2003-12-14 Love Hörnquist Ã…strand * resolve.h: remove HEADER (only used for crays) * resolve.c: number-of fields no longer stored in network order -2003-12-13 Love Hörnquist Åstrand +2003-12-13 Love Hörnquist Ã…strand * resolve.c: remove depency on c99 types in resolv.h * resolve.h: remove depency on c99 types -2003-12-06 Love Hörnquist Åstrand +2003-12-06 Love Hörnquist Ã…strand * resolv.h: add more T_ types and inline the dns headers, all this for bind9 resolvers -2003-12-02 Love Hörnquist Åstrand +2003-12-02 Love Hörnquist Ã…strand * gai_strerror.c: EAI_ADDRFAMILY and EAI_NODATA is deprecated * roken-common.h: use EAI_NONAME instead of EAI_ADDRFAMILY to check for if we need EAI_ macros -2003-10-04 Love Hörnquist Åstrand +2003-10-04 Love Hörnquist Ã…strand * strptime.c: let t and n match zero or more whitespaces -2003-08-29 Love Hörnquist Åstrand +2003-08-29 Love Hörnquist Ã…strand * ndbm_wrap.c: patch for working with DB4 on heimdal-discuss From: Luke Howard diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am index b1a4251fcdd..e723288107c 100644 --- a/crypto/heimdal/lib/roken/Makefile.am +++ b/crypto/heimdal/lib/roken/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 22409 2008-01-12 05:53:37Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -7,34 +7,41 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la + libroken_la_LDFLAGS = -version-info 19:0:1 libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB -# XXX this is needed for the LIBOBJS objects -CPPFLAGS = $(libroken_la_CPPFLAGS) +if versionscript +libroken_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif -noinst_PROGRAMS = make-roken snprintf-test resolve-test +AM_CPPFLAGS += $(libroken_la_CPPFLAGS) +if HAVE_DBHEADER +AM_CPPFLAGS += -I$(DBHEADER) +endif -nodist_make_roken_SOURCES = make-roken.c +noinst_PROGRAMS = snprintf-test resolve-test rkpty check_PROGRAMS = \ base64-test \ getaddrinfo-test \ + getifaddrs-test \ hex-test \ test-readenv \ parse_bytes-test \ parse_reply-test \ parse_time-test \ snprintf-test \ - strpftime-test + strpftime-test \ + tsearch-test TESTS = $(check_PROGRAMS) -LDADD = libroken.la $(LIB_crypt) +LDADD = libroken.la make_roken_LDADD = noinst_LTLIBRARIES = libtest.la -libtest_la_SOURCES = strftime.c strptime.c snprintf.c +libtest_la_SOURCES = strftime.c strptime.c snprintf.c tsearch.c libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME parse_reply_test_SOURCES = parse_reply-test.c resolve.c @@ -42,14 +49,19 @@ parse_reply_test_CFLAGS = -DTEST_RESOLVE test_readenv_SOURCES = test-readenv.c test-mem.c +rkpty_LDADD = $(LIB_openpty) $(LDADD) + parse_time_test_SOURCES = parse_time-test.c test-mem.c strpftime_test_SOURCES = strpftime-test.c strpftime-test.h strpftime_test_LDADD = libtest.la $(LDADD) strpftime_test_CFLAGS = -DTEST_STRPFTIME -snprintf_test_SOURCES = snprintf-test.c snprintf-test.h +snprintf_test_SOURCES = snprintf-test.c snprintf_test_LDADD = libtest.la $(LDADD) snprintf_test_CFLAGS = -DTEST_SNPRINTF +tsearch_test_SOURCES = tsearch-test.c +tsearch_test_LDADD = libtest.la $(LDADD) +tsearch_test_CFLAGS = -DTEST_TSEARCH resolve_test_SOURCES = resolve-test.c @@ -57,6 +69,9 @@ libroken_la_SOURCES = \ base64.c \ bswap.c \ concat.c \ + cloexec.c \ + ct.c \ + doxygen.c \ dumpdata.c \ environment.c \ eread.c \ @@ -80,6 +95,8 @@ libroken_la_SOURCES = \ parse_bytes.c \ parse_time.c \ parse_units.c \ + qsort.c \ + rand.c \ realloc.c \ resolve.c \ roken_gethostby.c \ @@ -91,15 +108,16 @@ libroken_la_SOURCES = \ snprintf.c \ socket.c \ strcollect.c \ + strerror_r.c \ strpool.c \ timeval.c \ tm2time.c \ unvis.c \ verify.c \ vis.c \ - vis.h \ warnerr.c \ write_pid.c \ + xfree.c \ xdbm.h EXTRA_libroken_la_SOURCES = \ @@ -107,13 +125,14 @@ EXTRA_libroken_la_SOURCES = \ glob.hin \ fnmatch.hin \ ifaddrs.hin \ + search.hin \ vis.hin -libroken_la_LIBADD = @LTLIBOBJS@ +libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt) $(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS) -BUILT_SOURCES = make-roken.c roken.h +BUILT_SOURCES = roken.h if have_err_h err_h = @@ -139,6 +158,12 @@ else ifaddrs_h = ifaddrs.h endif +if have_search_h +search_h = +else +search_h = search.h +endif + if have_vis_h vis_h = else @@ -146,8 +171,8 @@ vis_h = vis.h endif ## these are controlled by configure -XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h) -CLEANFILES += err.h fnmatch.h glob.h ifaddrs.h vis.h +XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(search_h) $(vis_h) +CLEANFILES += err.h fnmatch.h glob.h ifaddrs.h search.h vis.h dist_include_HEADERS = \ base64.h \ @@ -178,6 +203,14 @@ SUFFIXES += .hin .hin.h: cp $< $@ +# Make make-roken deprecated in 1.4 when we know that roken-h-process.pl works +if !CROSS_COMPILE + +noinst_PROGRAMS += make-roken +BUILT_SOURCES += make-roken.c + +nodist_make_roken_SOURCES = make-roken.c + roken.h: make-roken$(EXEEXT) @./make-roken$(EXEEXT) > tmp.h ;\ if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \ @@ -186,9 +219,21 @@ roken.h: make-roken$(EXEEXT) make-roken.c: roken.h.in roken.awk $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c +else + +roken.h: $(top_srcdir)/cf/roken-h-process.pl roken.h.in + perl $(top_srcdir)/cf/roken-h-process.pl \ + -c $(top_builddir)/include/config.h \ + -p $(srcdir)/roken.h.in -o roken.h + +endif + + EXTRA_DIST = \ + NTMakefile \ roken.awk roken.h.in \ $(man_MANS) \ test-mem.h \ ndbm_wrap.c \ - ndbm_wrap.h + ndbm_wrap.h \ + version-script.map diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in index 0398523aae5..9c05b08a404 100644 --- a/crypto/heimdal/lib/roken/Makefile.in +++ b/crypto/heimdal/lib/roken/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 22409 2008-01-12 05:53:37Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -56,21 +58,28 @@ DIST_COMMON = $(am__dist_include_HEADERS_DIST) $(srcdir)/Makefile.am \ seteuid.c strcasecmp.c strdup.c strerror.c strftime.c \ strlcat.c strlcpy.c strlwr.c strncasecmp.c strndup.c strnlen.c \ strptime.c strsep.c strsep_copy.c strtok_r.c strupr.c swab.c \ - timegm.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c vwarnx.c \ - warn.c warnx.c writev.c -noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) \ - resolve-test$(EXEEXT) + timegm.c tsearch.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c \ + vwarnx.c warn.c warnx.c writev.c +@versionscript_TRUE@am__append_1 = $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +@HAVE_DBHEADER_TRUE@am__append_2 = -I$(DBHEADER) +noinst_PROGRAMS = snprintf-test$(EXEEXT) resolve-test$(EXEEXT) \ + rkpty$(EXEEXT) $(am__EXEEXT_1) check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \ - hex-test$(EXEEXT) test-readenv$(EXEEXT) \ - parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \ - parse_time-test$(EXEEXT) snprintf-test$(EXEEXT) \ - strpftime-test$(EXEEXT) -@have_socket_wrapper_TRUE@am__append_1 = socket_wrapper.c socket_wrapper.h -@have_socket_wrapper_TRUE@am__append_2 = socket_wrapper.h + getifaddrs-test$(EXEEXT) hex-test$(EXEEXT) \ + test-readenv$(EXEEXT) parse_bytes-test$(EXEEXT) \ + parse_reply-test$(EXEEXT) parse_time-test$(EXEEXT) \ + snprintf-test$(EXEEXT) strpftime-test$(EXEEXT) \ + tsearch-test$(EXEEXT) +@have_socket_wrapper_TRUE@am__append_3 = socket_wrapper.c socket_wrapper.h +@have_socket_wrapper_TRUE@am__append_4 = socket_wrapper.h + +# Make make-roken deprecated in 1.4 when we know that roken-h-process.pl works +@CROSS_COMPILE_FALSE@am__append_5 = make-roken +@CROSS_COMPILE_FALSE@am__append_6 = make-roken.c subdir = lib/roken ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -85,7 +94,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -99,9 +108,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -109,39 +121,57 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man3dir)" \ "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)" \ "$(DESTDIR)$(rokenincludedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) -libroken_la_DEPENDENCIES = @LTLIBOBJS@ -am__libroken_la_SOURCES_DIST = base64.c bswap.c concat.c dumpdata.c \ - environment.c eread.c esetenv.c ewrite.c \ - getaddrinfo_hostspec.c get_default_username.c \ +am__DEPENDENCIES_1 = +libroken_la_DEPENDENCIES = @LTLIBOBJS@ $(am__DEPENDENCIES_1) +am__libroken_la_SOURCES_DIST = base64.c bswap.c concat.c cloexec.c \ + ct.c doxygen.c dumpdata.c environment.c eread.c esetenv.c \ + ewrite.c getaddrinfo_hostspec.c get_default_username.c \ get_window_size.c getarg.c getnameinfo_verified.c \ getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \ k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \ - parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \ - roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \ - simple_exec.c snprintf.c socket.c strcollect.c strpool.c \ - timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \ - write_pid.c xdbm.h socket_wrapper.c socket_wrapper.h + parse_bytes.c parse_time.c parse_units.c qsort.c rand.c \ + realloc.c resolve.c roken_gethostby.c rtbl.c rtbl.h \ + setprogname.c signal.c simple_exec.c snprintf.c socket.c \ + strcollect.c strerror_r.c strpool.c timeval.c tm2time.c \ + unvis.c verify.c vis.c warnerr.c write_pid.c xfree.c xdbm.h \ + socket_wrapper.c socket_wrapper.h @have_socket_wrapper_TRUE@am__objects_1 = \ @have_socket_wrapper_TRUE@ libroken_la-socket_wrapper.lo am_libroken_la_OBJECTS = libroken_la-base64.lo libroken_la-bswap.lo \ - libroken_la-concat.lo libroken_la-dumpdata.lo \ + libroken_la-concat.lo libroken_la-cloexec.lo libroken_la-ct.lo \ + libroken_la-doxygen.lo libroken_la-dumpdata.lo \ libroken_la-environment.lo libroken_la-eread.lo \ libroken_la-esetenv.lo libroken_la-ewrite.lo \ libroken_la-getaddrinfo_hostspec.lo \ @@ -154,54 +184,59 @@ am_libroken_la_OBJECTS = libroken_la-base64.lo libroken_la-bswap.lo \ libroken_la-mini_inetd.lo libroken_la-net_read.lo \ libroken_la-net_write.lo libroken_la-parse_bytes.lo \ libroken_la-parse_time.lo libroken_la-parse_units.lo \ + libroken_la-qsort.lo libroken_la-rand.lo \ libroken_la-realloc.lo libroken_la-resolve.lo \ libroken_la-roken_gethostby.lo libroken_la-rtbl.lo \ libroken_la-setprogname.lo libroken_la-signal.lo \ libroken_la-simple_exec.lo libroken_la-snprintf.lo \ libroken_la-socket.lo libroken_la-strcollect.lo \ - libroken_la-strpool.lo libroken_la-timeval.lo \ - libroken_la-tm2time.lo libroken_la-unvis.lo \ - libroken_la-verify.lo libroken_la-vis.lo \ + libroken_la-strerror_r.lo libroken_la-strpool.lo \ + libroken_la-timeval.lo libroken_la-tm2time.lo \ + libroken_la-unvis.lo libroken_la-verify.lo libroken_la-vis.lo \ libroken_la-warnerr.lo libroken_la-write_pid.lo \ - $(am__objects_1) + libroken_la-xfree.lo $(am__objects_1) libroken_la_OBJECTS = $(am_libroken_la_OBJECTS) libroken_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libroken_la_LDFLAGS) $(LDFLAGS) -o $@ libtest_la_LIBADD = am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \ - libtest_la-snprintf.lo + libtest_la-snprintf.lo libtest_la-tsearch.lo libtest_la_OBJECTS = $(am_libtest_la_OBJECTS) libtest_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +@CROSS_COMPILE_FALSE@am__EXEEXT_1 = make-roken$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) base64_test_SOURCES = base64-test.c base64_test_OBJECTS = base64-test.$(OBJEXT) base64_test_LDADD = $(LDADD) -am__DEPENDENCIES_1 = -base64_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) +base64_test_DEPENDENCIES = libroken.la getaddrinfo_test_SOURCES = getaddrinfo-test.c getaddrinfo_test_OBJECTS = getaddrinfo-test.$(OBJEXT) getaddrinfo_test_LDADD = $(LDADD) -getaddrinfo_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) +getaddrinfo_test_DEPENDENCIES = libroken.la +getifaddrs_test_SOURCES = getifaddrs-test.c +getifaddrs_test_OBJECTS = getifaddrs-test.$(OBJEXT) +getifaddrs_test_LDADD = $(LDADD) +getifaddrs_test_DEPENDENCIES = libroken.la hex_test_SOURCES = hex-test.c hex_test_OBJECTS = hex-test.$(OBJEXT) hex_test_LDADD = $(LDADD) -hex_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) -nodist_make_roken_OBJECTS = make-roken.$(OBJEXT) +hex_test_DEPENDENCIES = libroken.la +@CROSS_COMPILE_FALSE@nodist_make_roken_OBJECTS = make-roken.$(OBJEXT) make_roken_OBJECTS = $(nodist_make_roken_OBJECTS) make_roken_DEPENDENCIES = parse_bytes_test_SOURCES = parse_bytes-test.c parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT) parse_bytes_test_LDADD = $(LDADD) -parse_bytes_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) +parse_bytes_test_DEPENDENCIES = libroken.la am_parse_reply_test_OBJECTS = \ parse_reply_test-parse_reply-test.$(OBJEXT) \ parse_reply_test-resolve.$(OBJEXT) parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS) parse_reply_test_LDADD = $(LDADD) -parse_reply_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) +parse_reply_test_DEPENDENCIES = libroken.la parse_reply_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(parse_reply_test_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ @@ -209,31 +244,39 @@ am_parse_time_test_OBJECTS = parse_time-test.$(OBJEXT) \ test-mem.$(OBJEXT) parse_time_test_OBJECTS = $(am_parse_time_test_OBJECTS) parse_time_test_LDADD = $(LDADD) -parse_time_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) +parse_time_test_DEPENDENCIES = libroken.la am_resolve_test_OBJECTS = resolve-test.$(OBJEXT) resolve_test_OBJECTS = $(am_resolve_test_OBJECTS) resolve_test_LDADD = $(LDADD) -resolve_test_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) +resolve_test_DEPENDENCIES = libroken.la +rkpty_SOURCES = rkpty.c +rkpty_OBJECTS = rkpty.$(OBJEXT) +rkpty_DEPENDENCIES = $(am__DEPENDENCIES_1) $(LDADD) am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT) snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS) -am__DEPENDENCIES_2 = libroken.la $(am__DEPENDENCIES_1) -snprintf_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2) +snprintf_test_DEPENDENCIES = libtest.la $(LDADD) snprintf_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(snprintf_test_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_strpftime_test_OBJECTS = strpftime_test-strpftime-test.$(OBJEXT) strpftime_test_OBJECTS = $(am_strpftime_test_OBJECTS) -strpftime_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_2) +strpftime_test_DEPENDENCIES = libtest.la $(LDADD) strpftime_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(strpftime_test_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_test_readenv_OBJECTS = test-readenv.$(OBJEXT) test-mem.$(OBJEXT) test_readenv_OBJECTS = $(am_test_readenv_OBJECTS) test_readenv_LDADD = $(LDADD) -test_readenv_DEPENDENCIES = libroken.la $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +test_readenv_DEPENDENCIES = libroken.la +am_tsearch_test_OBJECTS = tsearch_test-tsearch-test.$(OBJEXT) +tsearch_test_OBJECTS = $(am_tsearch_test_OBJECTS) +tsearch_test_DEPENDENCIES = libtest.la $(LDADD) +tsearch_test_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tsearch_test_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -245,78 +288,86 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \ $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \ - hex-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c \ - $(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \ - $(resolve_test_SOURCES) $(snprintf_test_SOURCES) \ - $(strpftime_test_SOURCES) $(test_readenv_SOURCES) + getifaddrs-test.c hex-test.c $(nodist_make_roken_SOURCES) \ + parse_bytes-test.c $(parse_reply_test_SOURCES) \ + $(parse_time_test_SOURCES) $(resolve_test_SOURCES) rkpty.c \ + $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) \ + $(test_readenv_SOURCES) $(tsearch_test_SOURCES) DIST_SOURCES = $(am__libroken_la_SOURCES_DIST) \ $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) \ - base64-test.c getaddrinfo-test.c hex-test.c parse_bytes-test.c \ - $(parse_reply_test_SOURCES) $(parse_time_test_SOURCES) \ - $(resolve_test_SOURCES) $(snprintf_test_SOURCES) \ - $(strpftime_test_SOURCES) $(test_readenv_SOURCES) + base64-test.c getaddrinfo-test.c getifaddrs-test.c hex-test.c \ + parse_bytes-test.c $(parse_reply_test_SOURCES) \ + $(parse_time_test_SOURCES) $(resolve_test_SOURCES) rkpty.c \ + $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) \ + $(test_readenv_SOURCES) $(tsearch_test_SOURCES) man3dir = $(mandir)/man3 MANS = $(man_MANS) am__dist_include_HEADERS_DIST = base64.h getarg.h hex.h parse_bytes.h \ parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \ xdbm.h socket_wrapper.h -dist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_rokenincludeHEADERS_INSTALL = $(INSTALL_HEADER) HEADERS = $(dist_include_HEADERS) $(nodist_include_HEADERS) \ $(nodist_rokeninclude_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ - -# XXX this is needed for the LIBOBJS objects -CPPFLAGS = $(libroken_la_CPPFLAGS) -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ +CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -340,10 +391,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -360,6 +412,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -375,31 +429,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -414,10 +482,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -458,74 +528,85 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(libroken_la_CPPFLAGS) \ + $(am__append_2) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) err.h fnmatch.h glob.h \ - ifaddrs.h vis.h + ifaddrs.h search.h vis.h lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 19:0:1 +libroken_la_LDFLAGS = -version-info 19:0:1 $(am__append_1) libroken_la_CPPFLAGS = -DBUILD_ROKEN_LIB -nodist_make_roken_SOURCES = make-roken.c TESTS = $(check_PROGRAMS) -LDADD = libroken.la $(LIB_crypt) +LDADD = libroken.la make_roken_LDADD = noinst_LTLIBRARIES = libtest.la -libtest_la_SOURCES = strftime.c strptime.c snprintf.c +libtest_la_SOURCES = strftime.c strptime.c snprintf.c tsearch.c libtest_la_CFLAGS = -DTEST_SNPRINTF -DTEST_STRPFTIME parse_reply_test_SOURCES = parse_reply-test.c resolve.c parse_reply_test_CFLAGS = -DTEST_RESOLVE test_readenv_SOURCES = test-readenv.c test-mem.c +rkpty_LDADD = $(LIB_openpty) $(LDADD) parse_time_test_SOURCES = parse_time-test.c test-mem.c strpftime_test_SOURCES = strpftime-test.c strpftime-test.h strpftime_test_LDADD = libtest.la $(LDADD) strpftime_test_CFLAGS = -DTEST_STRPFTIME -snprintf_test_SOURCES = snprintf-test.c snprintf-test.h +snprintf_test_SOURCES = snprintf-test.c snprintf_test_LDADD = libtest.la $(LDADD) snprintf_test_CFLAGS = -DTEST_SNPRINTF +tsearch_test_SOURCES = tsearch-test.c +tsearch_test_LDADD = libtest.la $(LDADD) +tsearch_test_CFLAGS = -DTEST_TSEARCH resolve_test_SOURCES = resolve-test.c -libroken_la_SOURCES = base64.c bswap.c concat.c dumpdata.c \ - environment.c eread.c esetenv.c ewrite.c \ +libroken_la_SOURCES = base64.c bswap.c concat.c cloexec.c ct.c \ + doxygen.c dumpdata.c environment.c eread.c esetenv.c ewrite.c \ getaddrinfo_hostspec.c get_default_username.c \ get_window_size.c getarg.c getnameinfo_verified.c \ getprogname.c h_errno.c hex.c hostent_find_fqdn.c issuid.c \ k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c \ - parse_bytes.c parse_time.c parse_units.c realloc.c resolve.c \ - roken_gethostby.c rtbl.c rtbl.h setprogname.c signal.c \ - simple_exec.c snprintf.c socket.c strcollect.c strpool.c \ - timeval.c tm2time.c unvis.c verify.c vis.c vis.h warnerr.c \ - write_pid.c xdbm.h $(am__append_1) + parse_bytes.c parse_time.c parse_units.c qsort.c rand.c \ + realloc.c resolve.c roken_gethostby.c rtbl.c rtbl.h \ + setprogname.c signal.c simple_exec.c snprintf.c socket.c \ + strcollect.c strerror_r.c strpool.c timeval.c tm2time.c \ + unvis.c verify.c vis.c warnerr.c write_pid.c xfree.c xdbm.h \ + $(am__append_3) EXTRA_libroken_la_SOURCES = \ err.hin \ glob.hin \ fnmatch.hin \ ifaddrs.hin \ + search.hin \ vis.hin -libroken_la_LIBADD = @LTLIBOBJS@ -BUILT_SOURCES = make-roken.c roken.h +libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt) +BUILT_SOURCES = roken.h $(am__append_6) @have_err_h_FALSE@err_h = err.h @have_err_h_TRUE@err_h = @have_fnmatch_h_FALSE@fnmatch_h = fnmatch.h @@ -534,41 +615,46 @@ BUILT_SOURCES = make-roken.c roken.h @have_glob_h_TRUE@glob_h = @have_ifaddrs_h_FALSE@ifaddrs_h = ifaddrs.h @have_ifaddrs_h_TRUE@ifaddrs_h = +@have_search_h_FALSE@search_h = search.h +@have_search_h_TRUE@search_h = @have_vis_h_FALSE@vis_h = vis.h @have_vis_h_TRUE@vis_h = -XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(vis_h) +XHEADERS = $(err_h) $(fnmatch_h) $(glob_h) $(ifaddrs_h) $(search_h) $(vis_h) dist_include_HEADERS = base64.h getarg.h hex.h parse_bytes.h \ parse_time.h parse_units.h resolve.h roken-common.h rtbl.h \ - xdbm.h $(am__append_2) + xdbm.h $(am__append_4) build_HEADERZ = test-mem.h $(XHEADERS) nodist_include_HEADERS = roken.h rokenincludedir = $(includedir)/roken nodist_rokeninclude_HEADERS = $(XHEADERS) man_MANS = getarg.3 parse_time.3 rtbl.3 ecalloc.3 +@CROSS_COMPILE_FALSE@nodist_make_roken_SOURCES = make-roken.c EXTRA_DIST = \ + NTMakefile \ roken.awk roken.h.in \ $(man_MANS) \ test-mem.h \ ndbm_wrap.c \ - ndbm_wrap.h + ndbm_wrap.h \ + version-script.map all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/roken/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/roken/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/roken/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/roken/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -586,23 +672,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -628,24 +719,31 @@ libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) $(libtest_la_LINK) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS) clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list base64-test$(EXEEXT): $(base64_test_OBJECTS) $(base64_test_DEPENDENCIES) @rm -f base64-test$(EXEEXT) $(LINK) $(base64_test_OBJECTS) $(base64_test_LDADD) $(LIBS) getaddrinfo-test$(EXEEXT): $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_DEPENDENCIES) @rm -f getaddrinfo-test$(EXEEXT) $(LINK) $(getaddrinfo_test_OBJECTS) $(getaddrinfo_test_LDADD) $(LIBS) +getifaddrs-test$(EXEEXT): $(getifaddrs_test_OBJECTS) $(getifaddrs_test_DEPENDENCIES) + @rm -f getifaddrs-test$(EXEEXT) + $(LINK) $(getifaddrs_test_OBJECTS) $(getifaddrs_test_LDADD) $(LIBS) hex-test$(EXEEXT): $(hex_test_OBJECTS) $(hex_test_DEPENDENCIES) @rm -f hex-test$(EXEEXT) $(LINK) $(hex_test_OBJECTS) $(hex_test_LDADD) $(LIBS) @@ -664,6 +762,9 @@ parse_time-test$(EXEEXT): $(parse_time_test_OBJECTS) $(parse_time_test_DEPENDENC resolve-test$(EXEEXT): $(resolve_test_OBJECTS) $(resolve_test_DEPENDENCIES) @rm -f resolve-test$(EXEEXT) $(LINK) $(resolve_test_OBJECTS) $(resolve_test_LDADD) $(LIBS) +rkpty$(EXEEXT): $(rkpty_OBJECTS) $(rkpty_DEPENDENCIES) + @rm -f rkpty$(EXEEXT) + $(LINK) $(rkpty_OBJECTS) $(rkpty_LDADD) $(LIBS) snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) @rm -f snprintf-test$(EXEEXT) $(snprintf_test_LINK) $(snprintf_test_OBJECTS) $(snprintf_test_LDADD) $(LIBS) @@ -673,6 +774,9 @@ strpftime-test$(EXEEXT): $(strpftime_test_OBJECTS) $(strpftime_test_DEPENDENCIES test-readenv$(EXEEXT): $(test_readenv_OBJECTS) $(test_readenv_DEPENDENCIES) @rm -f test-readenv$(EXEEXT) $(LINK) $(test_readenv_OBJECTS) $(test_readenv_LDADD) $(LIBS) +tsearch-test$(EXEEXT): $(tsearch_test_OBJECTS) $(tsearch_test_DEPENDENCIES) + @rm -f tsearch-test$(EXEEXT) + $(tsearch_test_LINK) $(tsearch_test_OBJECTS) $(tsearch_test_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -680,337 +784,802 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/chown.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/closefrom.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/copyhostent.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/daemon.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ecalloc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/emalloc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/erealloc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/err.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/errx.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/estrdup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/fchown.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/flock.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/fnmatch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/freeaddrinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/freehostent.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/gai_strerror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getaddrinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getcap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getcwd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getdtablesize.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getegid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/geteuid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getgid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/gethostname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getifaddrs.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getipnodebyaddr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getipnodebyname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getnameinfo.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getopt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/gettimeofday.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getuid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getusershell.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/glob.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/hstrerror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_aton.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_ntop.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_pton.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/initgroups.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/innetgr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/iruserok.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/localtime_r.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/lstat.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/memmove.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/mkstemp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/putenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/rcmd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/readv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/recvmsg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/sendmsg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/setegid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/setenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/seteuid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strcasecmp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strdup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strerror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strftime.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strlcat.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strlcpy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strlwr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strncasecmp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strndup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strnlen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strptime.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strsep.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strsep_copy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strtok_r.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strupr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/swab.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/timegm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/tsearch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/unsetenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/verr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/verrx.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/vsyslog.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/vwarn.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/vwarnx.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/warn.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/warnx.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/writev.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getaddrinfo-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getifaddrs-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hex-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-base64.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-bswap.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-cloexec.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-concat.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-ct.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-doxygen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-dumpdata.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-environment.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-eread.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-esetenv.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-ewrite.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-get_default_username.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-get_window_size.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-getaddrinfo_hostspec.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-getarg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-getnameinfo_verified.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-getprogname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-h_errno.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-hex.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-hostent_find_fqdn.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-issuid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-k_getpwnam.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-k_getpwuid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-mini_inetd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-net_read.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-net_write.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-parse_bytes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-parse_time.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-parse_units.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-qsort.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-rand.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-realloc.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-resolve.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-roken_gethostby.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-rtbl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-setprogname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-signal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-simple_exec.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-snprintf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-socket.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-socket_wrapper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-strcollect.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-strerror_r.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-strpool.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-timeval.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-tm2time.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-unvis.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-verify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-vis.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-warnerr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-write_pid.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libroken_la-xfree.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-snprintf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-strftime.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-strptime.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-tsearch.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/make-roken.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_bytes-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_reply_test-parse_reply-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_reply_test-resolve.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_time-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rkpty.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/snprintf_test-snprintf-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strpftime_test-strpftime-test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-mem.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-readenv.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tsearch_test-tsearch-test.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< libroken_la-base64.lo: base64.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-base64.lo -MD -MP -MF $(DEPDIR)/libroken_la-base64.Tpo -c -o libroken_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-base64.Tpo $(DEPDIR)/libroken_la-base64.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='base64.c' object='libroken_la-base64.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c libroken_la-bswap.lo: bswap.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-bswap.lo `test -f 'bswap.c' || echo '$(srcdir)/'`bswap.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-bswap.lo -MD -MP -MF $(DEPDIR)/libroken_la-bswap.Tpo -c -o libroken_la-bswap.lo `test -f 'bswap.c' || echo '$(srcdir)/'`bswap.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-bswap.Tpo $(DEPDIR)/libroken_la-bswap.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bswap.c' object='libroken_la-bswap.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-bswap.lo `test -f 'bswap.c' || echo '$(srcdir)/'`bswap.c libroken_la-concat.lo: concat.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-concat.lo `test -f 'concat.c' || echo '$(srcdir)/'`concat.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-concat.lo -MD -MP -MF $(DEPDIR)/libroken_la-concat.Tpo -c -o libroken_la-concat.lo `test -f 'concat.c' || echo '$(srcdir)/'`concat.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-concat.Tpo $(DEPDIR)/libroken_la-concat.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='concat.c' object='libroken_la-concat.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-concat.lo `test -f 'concat.c' || echo '$(srcdir)/'`concat.c + +libroken_la-cloexec.lo: cloexec.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-cloexec.lo -MD -MP -MF $(DEPDIR)/libroken_la-cloexec.Tpo -c -o libroken_la-cloexec.lo `test -f 'cloexec.c' || echo '$(srcdir)/'`cloexec.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-cloexec.Tpo $(DEPDIR)/libroken_la-cloexec.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='cloexec.c' object='libroken_la-cloexec.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-cloexec.lo `test -f 'cloexec.c' || echo '$(srcdir)/'`cloexec.c + +libroken_la-ct.lo: ct.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-ct.lo -MD -MP -MF $(DEPDIR)/libroken_la-ct.Tpo -c -o libroken_la-ct.lo `test -f 'ct.c' || echo '$(srcdir)/'`ct.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-ct.Tpo $(DEPDIR)/libroken_la-ct.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ct.c' object='libroken_la-ct.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-ct.lo `test -f 'ct.c' || echo '$(srcdir)/'`ct.c + +libroken_la-doxygen.lo: doxygen.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-doxygen.lo -MD -MP -MF $(DEPDIR)/libroken_la-doxygen.Tpo -c -o libroken_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-doxygen.Tpo $(DEPDIR)/libroken_la-doxygen.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='doxygen.c' object='libroken_la-doxygen.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-doxygen.lo `test -f 'doxygen.c' || echo '$(srcdir)/'`doxygen.c libroken_la-dumpdata.lo: dumpdata.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-dumpdata.lo `test -f 'dumpdata.c' || echo '$(srcdir)/'`dumpdata.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-dumpdata.lo -MD -MP -MF $(DEPDIR)/libroken_la-dumpdata.Tpo -c -o libroken_la-dumpdata.lo `test -f 'dumpdata.c' || echo '$(srcdir)/'`dumpdata.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-dumpdata.Tpo $(DEPDIR)/libroken_la-dumpdata.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='dumpdata.c' object='libroken_la-dumpdata.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-dumpdata.lo `test -f 'dumpdata.c' || echo '$(srcdir)/'`dumpdata.c libroken_la-environment.lo: environment.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-environment.lo `test -f 'environment.c' || echo '$(srcdir)/'`environment.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-environment.lo -MD -MP -MF $(DEPDIR)/libroken_la-environment.Tpo -c -o libroken_la-environment.lo `test -f 'environment.c' || echo '$(srcdir)/'`environment.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-environment.Tpo $(DEPDIR)/libroken_la-environment.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='environment.c' object='libroken_la-environment.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-environment.lo `test -f 'environment.c' || echo '$(srcdir)/'`environment.c libroken_la-eread.lo: eread.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-eread.lo `test -f 'eread.c' || echo '$(srcdir)/'`eread.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-eread.lo -MD -MP -MF $(DEPDIR)/libroken_la-eread.Tpo -c -o libroken_la-eread.lo `test -f 'eread.c' || echo '$(srcdir)/'`eread.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-eread.Tpo $(DEPDIR)/libroken_la-eread.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='eread.c' object='libroken_la-eread.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-eread.lo `test -f 'eread.c' || echo '$(srcdir)/'`eread.c libroken_la-esetenv.lo: esetenv.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-esetenv.lo `test -f 'esetenv.c' || echo '$(srcdir)/'`esetenv.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-esetenv.lo -MD -MP -MF $(DEPDIR)/libroken_la-esetenv.Tpo -c -o libroken_la-esetenv.lo `test -f 'esetenv.c' || echo '$(srcdir)/'`esetenv.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-esetenv.Tpo $(DEPDIR)/libroken_la-esetenv.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='esetenv.c' object='libroken_la-esetenv.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-esetenv.lo `test -f 'esetenv.c' || echo '$(srcdir)/'`esetenv.c libroken_la-ewrite.lo: ewrite.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-ewrite.lo `test -f 'ewrite.c' || echo '$(srcdir)/'`ewrite.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-ewrite.lo -MD -MP -MF $(DEPDIR)/libroken_la-ewrite.Tpo -c -o libroken_la-ewrite.lo `test -f 'ewrite.c' || echo '$(srcdir)/'`ewrite.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-ewrite.Tpo $(DEPDIR)/libroken_la-ewrite.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ewrite.c' object='libroken_la-ewrite.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-ewrite.lo `test -f 'ewrite.c' || echo '$(srcdir)/'`ewrite.c libroken_la-getaddrinfo_hostspec.lo: getaddrinfo_hostspec.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getaddrinfo_hostspec.lo `test -f 'getaddrinfo_hostspec.c' || echo '$(srcdir)/'`getaddrinfo_hostspec.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-getaddrinfo_hostspec.lo -MD -MP -MF $(DEPDIR)/libroken_la-getaddrinfo_hostspec.Tpo -c -o libroken_la-getaddrinfo_hostspec.lo `test -f 'getaddrinfo_hostspec.c' || echo '$(srcdir)/'`getaddrinfo_hostspec.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-getaddrinfo_hostspec.Tpo $(DEPDIR)/libroken_la-getaddrinfo_hostspec.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='getaddrinfo_hostspec.c' object='libroken_la-getaddrinfo_hostspec.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getaddrinfo_hostspec.lo `test -f 'getaddrinfo_hostspec.c' || echo '$(srcdir)/'`getaddrinfo_hostspec.c libroken_la-get_default_username.lo: get_default_username.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_default_username.lo `test -f 'get_default_username.c' || echo '$(srcdir)/'`get_default_username.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-get_default_username.lo -MD -MP -MF $(DEPDIR)/libroken_la-get_default_username.Tpo -c -o libroken_la-get_default_username.lo `test -f 'get_default_username.c' || echo '$(srcdir)/'`get_default_username.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-get_default_username.Tpo $(DEPDIR)/libroken_la-get_default_username.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_default_username.c' object='libroken_la-get_default_username.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_default_username.lo `test -f 'get_default_username.c' || echo '$(srcdir)/'`get_default_username.c libroken_la-get_window_size.lo: get_window_size.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_window_size.lo `test -f 'get_window_size.c' || echo '$(srcdir)/'`get_window_size.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-get_window_size.lo -MD -MP -MF $(DEPDIR)/libroken_la-get_window_size.Tpo -c -o libroken_la-get_window_size.lo `test -f 'get_window_size.c' || echo '$(srcdir)/'`get_window_size.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-get_window_size.Tpo $(DEPDIR)/libroken_la-get_window_size.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='get_window_size.c' object='libroken_la-get_window_size.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-get_window_size.lo `test -f 'get_window_size.c' || echo '$(srcdir)/'`get_window_size.c libroken_la-getarg.lo: getarg.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getarg.lo `test -f 'getarg.c' || echo '$(srcdir)/'`getarg.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-getarg.lo -MD -MP -MF $(DEPDIR)/libroken_la-getarg.Tpo -c -o libroken_la-getarg.lo `test -f 'getarg.c' || echo '$(srcdir)/'`getarg.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-getarg.Tpo $(DEPDIR)/libroken_la-getarg.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='getarg.c' object='libroken_la-getarg.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getarg.lo `test -f 'getarg.c' || echo '$(srcdir)/'`getarg.c libroken_la-getnameinfo_verified.lo: getnameinfo_verified.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getnameinfo_verified.lo `test -f 'getnameinfo_verified.c' || echo '$(srcdir)/'`getnameinfo_verified.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-getnameinfo_verified.lo -MD -MP -MF $(DEPDIR)/libroken_la-getnameinfo_verified.Tpo -c -o libroken_la-getnameinfo_verified.lo `test -f 'getnameinfo_verified.c' || echo '$(srcdir)/'`getnameinfo_verified.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-getnameinfo_verified.Tpo $(DEPDIR)/libroken_la-getnameinfo_verified.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='getnameinfo_verified.c' object='libroken_la-getnameinfo_verified.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getnameinfo_verified.lo `test -f 'getnameinfo_verified.c' || echo '$(srcdir)/'`getnameinfo_verified.c libroken_la-getprogname.lo: getprogname.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getprogname.lo `test -f 'getprogname.c' || echo '$(srcdir)/'`getprogname.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-getprogname.lo -MD -MP -MF $(DEPDIR)/libroken_la-getprogname.Tpo -c -o libroken_la-getprogname.lo `test -f 'getprogname.c' || echo '$(srcdir)/'`getprogname.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-getprogname.Tpo $(DEPDIR)/libroken_la-getprogname.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='getprogname.c' object='libroken_la-getprogname.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-getprogname.lo `test -f 'getprogname.c' || echo '$(srcdir)/'`getprogname.c libroken_la-h_errno.lo: h_errno.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-h_errno.lo `test -f 'h_errno.c' || echo '$(srcdir)/'`h_errno.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-h_errno.lo -MD -MP -MF $(DEPDIR)/libroken_la-h_errno.Tpo -c -o libroken_la-h_errno.lo `test -f 'h_errno.c' || echo '$(srcdir)/'`h_errno.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-h_errno.Tpo $(DEPDIR)/libroken_la-h_errno.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='h_errno.c' object='libroken_la-h_errno.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-h_errno.lo `test -f 'h_errno.c' || echo '$(srcdir)/'`h_errno.c libroken_la-hex.lo: hex.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hex.lo `test -f 'hex.c' || echo '$(srcdir)/'`hex.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-hex.lo -MD -MP -MF $(DEPDIR)/libroken_la-hex.Tpo -c -o libroken_la-hex.lo `test -f 'hex.c' || echo '$(srcdir)/'`hex.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-hex.Tpo $(DEPDIR)/libroken_la-hex.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hex.c' object='libroken_la-hex.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hex.lo `test -f 'hex.c' || echo '$(srcdir)/'`hex.c libroken_la-hostent_find_fqdn.lo: hostent_find_fqdn.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hostent_find_fqdn.lo `test -f 'hostent_find_fqdn.c' || echo '$(srcdir)/'`hostent_find_fqdn.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-hostent_find_fqdn.lo -MD -MP -MF $(DEPDIR)/libroken_la-hostent_find_fqdn.Tpo -c -o libroken_la-hostent_find_fqdn.lo `test -f 'hostent_find_fqdn.c' || echo '$(srcdir)/'`hostent_find_fqdn.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-hostent_find_fqdn.Tpo $(DEPDIR)/libroken_la-hostent_find_fqdn.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hostent_find_fqdn.c' object='libroken_la-hostent_find_fqdn.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-hostent_find_fqdn.lo `test -f 'hostent_find_fqdn.c' || echo '$(srcdir)/'`hostent_find_fqdn.c libroken_la-issuid.lo: issuid.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-issuid.lo `test -f 'issuid.c' || echo '$(srcdir)/'`issuid.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-issuid.lo -MD -MP -MF $(DEPDIR)/libroken_la-issuid.Tpo -c -o libroken_la-issuid.lo `test -f 'issuid.c' || echo '$(srcdir)/'`issuid.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-issuid.Tpo $(DEPDIR)/libroken_la-issuid.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='issuid.c' object='libroken_la-issuid.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-issuid.lo `test -f 'issuid.c' || echo '$(srcdir)/'`issuid.c libroken_la-k_getpwnam.lo: k_getpwnam.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwnam.lo `test -f 'k_getpwnam.c' || echo '$(srcdir)/'`k_getpwnam.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-k_getpwnam.lo -MD -MP -MF $(DEPDIR)/libroken_la-k_getpwnam.Tpo -c -o libroken_la-k_getpwnam.lo `test -f 'k_getpwnam.c' || echo '$(srcdir)/'`k_getpwnam.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-k_getpwnam.Tpo $(DEPDIR)/libroken_la-k_getpwnam.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='k_getpwnam.c' object='libroken_la-k_getpwnam.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwnam.lo `test -f 'k_getpwnam.c' || echo '$(srcdir)/'`k_getpwnam.c libroken_la-k_getpwuid.lo: k_getpwuid.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwuid.lo `test -f 'k_getpwuid.c' || echo '$(srcdir)/'`k_getpwuid.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-k_getpwuid.lo -MD -MP -MF $(DEPDIR)/libroken_la-k_getpwuid.Tpo -c -o libroken_la-k_getpwuid.lo `test -f 'k_getpwuid.c' || echo '$(srcdir)/'`k_getpwuid.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-k_getpwuid.Tpo $(DEPDIR)/libroken_la-k_getpwuid.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='k_getpwuid.c' object='libroken_la-k_getpwuid.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-k_getpwuid.lo `test -f 'k_getpwuid.c' || echo '$(srcdir)/'`k_getpwuid.c libroken_la-mini_inetd.lo: mini_inetd.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-mini_inetd.lo `test -f 'mini_inetd.c' || echo '$(srcdir)/'`mini_inetd.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-mini_inetd.lo -MD -MP -MF $(DEPDIR)/libroken_la-mini_inetd.Tpo -c -o libroken_la-mini_inetd.lo `test -f 'mini_inetd.c' || echo '$(srcdir)/'`mini_inetd.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-mini_inetd.Tpo $(DEPDIR)/libroken_la-mini_inetd.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='mini_inetd.c' object='libroken_la-mini_inetd.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-mini_inetd.lo `test -f 'mini_inetd.c' || echo '$(srcdir)/'`mini_inetd.c libroken_la-net_read.lo: net_read.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-net_read.lo -MD -MP -MF $(DEPDIR)/libroken_la-net_read.Tpo -c -o libroken_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-net_read.Tpo $(DEPDIR)/libroken_la-net_read.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='net_read.c' object='libroken_la-net_read.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_read.lo `test -f 'net_read.c' || echo '$(srcdir)/'`net_read.c libroken_la-net_write.lo: net_write.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-net_write.lo -MD -MP -MF $(DEPDIR)/libroken_la-net_write.Tpo -c -o libroken_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-net_write.Tpo $(DEPDIR)/libroken_la-net_write.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='net_write.c' object='libroken_la-net_write.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-net_write.lo `test -f 'net_write.c' || echo '$(srcdir)/'`net_write.c libroken_la-parse_bytes.lo: parse_bytes.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_bytes.lo `test -f 'parse_bytes.c' || echo '$(srcdir)/'`parse_bytes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-parse_bytes.lo -MD -MP -MF $(DEPDIR)/libroken_la-parse_bytes.Tpo -c -o libroken_la-parse_bytes.lo `test -f 'parse_bytes.c' || echo '$(srcdir)/'`parse_bytes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-parse_bytes.Tpo $(DEPDIR)/libroken_la-parse_bytes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='parse_bytes.c' object='libroken_la-parse_bytes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_bytes.lo `test -f 'parse_bytes.c' || echo '$(srcdir)/'`parse_bytes.c libroken_la-parse_time.lo: parse_time.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_time.lo `test -f 'parse_time.c' || echo '$(srcdir)/'`parse_time.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-parse_time.lo -MD -MP -MF $(DEPDIR)/libroken_la-parse_time.Tpo -c -o libroken_la-parse_time.lo `test -f 'parse_time.c' || echo '$(srcdir)/'`parse_time.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-parse_time.Tpo $(DEPDIR)/libroken_la-parse_time.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='parse_time.c' object='libroken_la-parse_time.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_time.lo `test -f 'parse_time.c' || echo '$(srcdir)/'`parse_time.c libroken_la-parse_units.lo: parse_units.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_units.lo `test -f 'parse_units.c' || echo '$(srcdir)/'`parse_units.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-parse_units.lo -MD -MP -MF $(DEPDIR)/libroken_la-parse_units.Tpo -c -o libroken_la-parse_units.lo `test -f 'parse_units.c' || echo '$(srcdir)/'`parse_units.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-parse_units.Tpo $(DEPDIR)/libroken_la-parse_units.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='parse_units.c' object='libroken_la-parse_units.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-parse_units.lo `test -f 'parse_units.c' || echo '$(srcdir)/'`parse_units.c + +libroken_la-qsort.lo: qsort.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-qsort.lo -MD -MP -MF $(DEPDIR)/libroken_la-qsort.Tpo -c -o libroken_la-qsort.lo `test -f 'qsort.c' || echo '$(srcdir)/'`qsort.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-qsort.Tpo $(DEPDIR)/libroken_la-qsort.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='qsort.c' object='libroken_la-qsort.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-qsort.lo `test -f 'qsort.c' || echo '$(srcdir)/'`qsort.c + +libroken_la-rand.lo: rand.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-rand.lo -MD -MP -MF $(DEPDIR)/libroken_la-rand.Tpo -c -o libroken_la-rand.lo `test -f 'rand.c' || echo '$(srcdir)/'`rand.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-rand.Tpo $(DEPDIR)/libroken_la-rand.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rand.c' object='libroken_la-rand.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-rand.lo `test -f 'rand.c' || echo '$(srcdir)/'`rand.c libroken_la-realloc.lo: realloc.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-realloc.lo `test -f 'realloc.c' || echo '$(srcdir)/'`realloc.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-realloc.lo -MD -MP -MF $(DEPDIR)/libroken_la-realloc.Tpo -c -o libroken_la-realloc.lo `test -f 'realloc.c' || echo '$(srcdir)/'`realloc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-realloc.Tpo $(DEPDIR)/libroken_la-realloc.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='realloc.c' object='libroken_la-realloc.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-realloc.lo `test -f 'realloc.c' || echo '$(srcdir)/'`realloc.c libroken_la-resolve.lo: resolve.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-resolve.lo -MD -MP -MF $(DEPDIR)/libroken_la-resolve.Tpo -c -o libroken_la-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-resolve.Tpo $(DEPDIR)/libroken_la-resolve.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='resolve.c' object='libroken_la-resolve.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c libroken_la-roken_gethostby.lo: roken_gethostby.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-roken_gethostby.lo `test -f 'roken_gethostby.c' || echo '$(srcdir)/'`roken_gethostby.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-roken_gethostby.lo -MD -MP -MF $(DEPDIR)/libroken_la-roken_gethostby.Tpo -c -o libroken_la-roken_gethostby.lo `test -f 'roken_gethostby.c' || echo '$(srcdir)/'`roken_gethostby.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-roken_gethostby.Tpo $(DEPDIR)/libroken_la-roken_gethostby.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='roken_gethostby.c' object='libroken_la-roken_gethostby.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-roken_gethostby.lo `test -f 'roken_gethostby.c' || echo '$(srcdir)/'`roken_gethostby.c libroken_la-rtbl.lo: rtbl.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-rtbl.lo `test -f 'rtbl.c' || echo '$(srcdir)/'`rtbl.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-rtbl.lo -MD -MP -MF $(DEPDIR)/libroken_la-rtbl.Tpo -c -o libroken_la-rtbl.lo `test -f 'rtbl.c' || echo '$(srcdir)/'`rtbl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-rtbl.Tpo $(DEPDIR)/libroken_la-rtbl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rtbl.c' object='libroken_la-rtbl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-rtbl.lo `test -f 'rtbl.c' || echo '$(srcdir)/'`rtbl.c libroken_la-setprogname.lo: setprogname.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-setprogname.lo `test -f 'setprogname.c' || echo '$(srcdir)/'`setprogname.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-setprogname.lo -MD -MP -MF $(DEPDIR)/libroken_la-setprogname.Tpo -c -o libroken_la-setprogname.lo `test -f 'setprogname.c' || echo '$(srcdir)/'`setprogname.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-setprogname.Tpo $(DEPDIR)/libroken_la-setprogname.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='setprogname.c' object='libroken_la-setprogname.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-setprogname.lo `test -f 'setprogname.c' || echo '$(srcdir)/'`setprogname.c libroken_la-signal.lo: signal.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-signal.lo `test -f 'signal.c' || echo '$(srcdir)/'`signal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-signal.lo -MD -MP -MF $(DEPDIR)/libroken_la-signal.Tpo -c -o libroken_la-signal.lo `test -f 'signal.c' || echo '$(srcdir)/'`signal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-signal.Tpo $(DEPDIR)/libroken_la-signal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signal.c' object='libroken_la-signal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-signal.lo `test -f 'signal.c' || echo '$(srcdir)/'`signal.c libroken_la-simple_exec.lo: simple_exec.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-simple_exec.lo `test -f 'simple_exec.c' || echo '$(srcdir)/'`simple_exec.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-simple_exec.lo -MD -MP -MF $(DEPDIR)/libroken_la-simple_exec.Tpo -c -o libroken_la-simple_exec.lo `test -f 'simple_exec.c' || echo '$(srcdir)/'`simple_exec.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-simple_exec.Tpo $(DEPDIR)/libroken_la-simple_exec.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='simple_exec.c' object='libroken_la-simple_exec.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-simple_exec.lo `test -f 'simple_exec.c' || echo '$(srcdir)/'`simple_exec.c libroken_la-snprintf.lo: snprintf.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-snprintf.lo -MD -MP -MF $(DEPDIR)/libroken_la-snprintf.Tpo -c -o libroken_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-snprintf.Tpo $(DEPDIR)/libroken_la-snprintf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='snprintf.c' object='libroken_la-snprintf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c libroken_la-socket.lo: socket.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket.lo `test -f 'socket.c' || echo '$(srcdir)/'`socket.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-socket.lo -MD -MP -MF $(DEPDIR)/libroken_la-socket.Tpo -c -o libroken_la-socket.lo `test -f 'socket.c' || echo '$(srcdir)/'`socket.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-socket.Tpo $(DEPDIR)/libroken_la-socket.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='socket.c' object='libroken_la-socket.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket.lo `test -f 'socket.c' || echo '$(srcdir)/'`socket.c libroken_la-strcollect.lo: strcollect.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strcollect.lo `test -f 'strcollect.c' || echo '$(srcdir)/'`strcollect.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-strcollect.lo -MD -MP -MF $(DEPDIR)/libroken_la-strcollect.Tpo -c -o libroken_la-strcollect.lo `test -f 'strcollect.c' || echo '$(srcdir)/'`strcollect.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-strcollect.Tpo $(DEPDIR)/libroken_la-strcollect.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strcollect.c' object='libroken_la-strcollect.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strcollect.lo `test -f 'strcollect.c' || echo '$(srcdir)/'`strcollect.c + +libroken_la-strerror_r.lo: strerror_r.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-strerror_r.lo -MD -MP -MF $(DEPDIR)/libroken_la-strerror_r.Tpo -c -o libroken_la-strerror_r.lo `test -f 'strerror_r.c' || echo '$(srcdir)/'`strerror_r.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-strerror_r.Tpo $(DEPDIR)/libroken_la-strerror_r.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strerror_r.c' object='libroken_la-strerror_r.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strerror_r.lo `test -f 'strerror_r.c' || echo '$(srcdir)/'`strerror_r.c libroken_la-strpool.lo: strpool.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strpool.lo `test -f 'strpool.c' || echo '$(srcdir)/'`strpool.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-strpool.lo -MD -MP -MF $(DEPDIR)/libroken_la-strpool.Tpo -c -o libroken_la-strpool.lo `test -f 'strpool.c' || echo '$(srcdir)/'`strpool.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-strpool.Tpo $(DEPDIR)/libroken_la-strpool.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strpool.c' object='libroken_la-strpool.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-strpool.lo `test -f 'strpool.c' || echo '$(srcdir)/'`strpool.c libroken_la-timeval.lo: timeval.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-timeval.lo -MD -MP -MF $(DEPDIR)/libroken_la-timeval.Tpo -c -o libroken_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-timeval.Tpo $(DEPDIR)/libroken_la-timeval.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='timeval.c' object='libroken_la-timeval.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c libroken_la-tm2time.lo: tm2time.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-tm2time.lo `test -f 'tm2time.c' || echo '$(srcdir)/'`tm2time.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-tm2time.lo -MD -MP -MF $(DEPDIR)/libroken_la-tm2time.Tpo -c -o libroken_la-tm2time.lo `test -f 'tm2time.c' || echo '$(srcdir)/'`tm2time.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-tm2time.Tpo $(DEPDIR)/libroken_la-tm2time.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tm2time.c' object='libroken_la-tm2time.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-tm2time.lo `test -f 'tm2time.c' || echo '$(srcdir)/'`tm2time.c libroken_la-unvis.lo: unvis.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-unvis.lo `test -f 'unvis.c' || echo '$(srcdir)/'`unvis.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-unvis.lo -MD -MP -MF $(DEPDIR)/libroken_la-unvis.Tpo -c -o libroken_la-unvis.lo `test -f 'unvis.c' || echo '$(srcdir)/'`unvis.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-unvis.Tpo $(DEPDIR)/libroken_la-unvis.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unvis.c' object='libroken_la-unvis.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-unvis.lo `test -f 'unvis.c' || echo '$(srcdir)/'`unvis.c libroken_la-verify.lo: verify.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-verify.lo `test -f 'verify.c' || echo '$(srcdir)/'`verify.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-verify.lo -MD -MP -MF $(DEPDIR)/libroken_la-verify.Tpo -c -o libroken_la-verify.lo `test -f 'verify.c' || echo '$(srcdir)/'`verify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-verify.Tpo $(DEPDIR)/libroken_la-verify.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='verify.c' object='libroken_la-verify.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-verify.lo `test -f 'verify.c' || echo '$(srcdir)/'`verify.c libroken_la-vis.lo: vis.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-vis.lo `test -f 'vis.c' || echo '$(srcdir)/'`vis.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-vis.lo -MD -MP -MF $(DEPDIR)/libroken_la-vis.Tpo -c -o libroken_la-vis.lo `test -f 'vis.c' || echo '$(srcdir)/'`vis.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-vis.Tpo $(DEPDIR)/libroken_la-vis.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='vis.c' object='libroken_la-vis.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-vis.lo `test -f 'vis.c' || echo '$(srcdir)/'`vis.c libroken_la-warnerr.lo: warnerr.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-warnerr.lo `test -f 'warnerr.c' || echo '$(srcdir)/'`warnerr.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-warnerr.lo -MD -MP -MF $(DEPDIR)/libroken_la-warnerr.Tpo -c -o libroken_la-warnerr.lo `test -f 'warnerr.c' || echo '$(srcdir)/'`warnerr.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-warnerr.Tpo $(DEPDIR)/libroken_la-warnerr.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='warnerr.c' object='libroken_la-warnerr.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-warnerr.lo `test -f 'warnerr.c' || echo '$(srcdir)/'`warnerr.c libroken_la-write_pid.lo: write_pid.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-write_pid.lo `test -f 'write_pid.c' || echo '$(srcdir)/'`write_pid.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-write_pid.lo -MD -MP -MF $(DEPDIR)/libroken_la-write_pid.Tpo -c -o libroken_la-write_pid.lo `test -f 'write_pid.c' || echo '$(srcdir)/'`write_pid.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-write_pid.Tpo $(DEPDIR)/libroken_la-write_pid.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='write_pid.c' object='libroken_la-write_pid.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-write_pid.lo `test -f 'write_pid.c' || echo '$(srcdir)/'`write_pid.c + +libroken_la-xfree.lo: xfree.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-xfree.lo -MD -MP -MF $(DEPDIR)/libroken_la-xfree.Tpo -c -o libroken_la-xfree.lo `test -f 'xfree.c' || echo '$(srcdir)/'`xfree.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-xfree.Tpo $(DEPDIR)/libroken_la-xfree.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='xfree.c' object='libroken_la-xfree.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-xfree.lo `test -f 'xfree.c' || echo '$(srcdir)/'`xfree.c libroken_la-socket_wrapper.lo: socket_wrapper.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket_wrapper.lo `test -f 'socket_wrapper.c' || echo '$(srcdir)/'`socket_wrapper.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libroken_la-socket_wrapper.lo -MD -MP -MF $(DEPDIR)/libroken_la-socket_wrapper.Tpo -c -o libroken_la-socket_wrapper.lo `test -f 'socket_wrapper.c' || echo '$(srcdir)/'`socket_wrapper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libroken_la-socket_wrapper.Tpo $(DEPDIR)/libroken_la-socket_wrapper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='socket_wrapper.c' object='libroken_la-socket_wrapper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libroken_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libroken_la-socket_wrapper.lo `test -f 'socket_wrapper.c' || echo '$(srcdir)/'`socket_wrapper.c libtest_la-strftime.lo: strftime.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-strftime.lo -MD -MP -MF $(DEPDIR)/libtest_la-strftime.Tpo -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtest_la-strftime.Tpo $(DEPDIR)/libtest_la-strftime.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strftime.c' object='libtest_la-strftime.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strftime.lo `test -f 'strftime.c' || echo '$(srcdir)/'`strftime.c libtest_la-strptime.lo: strptime.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-strptime.lo -MD -MP -MF $(DEPDIR)/libtest_la-strptime.Tpo -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtest_la-strptime.Tpo $(DEPDIR)/libtest_la-strptime.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strptime.c' object='libtest_la-strptime.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-strptime.lo `test -f 'strptime.c' || echo '$(srcdir)/'`strptime.c libtest_la-snprintf.lo: snprintf.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-snprintf.lo -MD -MP -MF $(DEPDIR)/libtest_la-snprintf.Tpo -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtest_la-snprintf.Tpo $(DEPDIR)/libtest_la-snprintf.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='snprintf.c' object='libtest_la-snprintf.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c + +libtest_la-tsearch.lo: tsearch.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-tsearch.lo -MD -MP -MF $(DEPDIR)/libtest_la-tsearch.Tpo -c -o libtest_la-tsearch.lo `test -f 'tsearch.c' || echo '$(srcdir)/'`tsearch.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libtest_la-tsearch.Tpo $(DEPDIR)/libtest_la-tsearch.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsearch.c' object='libtest_la-tsearch.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-tsearch.lo `test -f 'tsearch.c' || echo '$(srcdir)/'`tsearch.c parse_reply_test-parse_reply-test.o: parse_reply-test.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -MT parse_reply_test-parse_reply-test.o -MD -MP -MF $(DEPDIR)/parse_reply_test-parse_reply-test.Tpo -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parse_reply_test-parse_reply-test.Tpo $(DEPDIR)/parse_reply_test-parse_reply-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='parse_reply-test.c' object='parse_reply_test-parse_reply-test.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c parse_reply_test-parse_reply-test.obj: parse_reply-test.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `if test -f 'parse_reply-test.c'; then $(CYGPATH_W) 'parse_reply-test.c'; else $(CYGPATH_W) '$(srcdir)/parse_reply-test.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -MT parse_reply_test-parse_reply-test.obj -MD -MP -MF $(DEPDIR)/parse_reply_test-parse_reply-test.Tpo -c -o parse_reply_test-parse_reply-test.obj `if test -f 'parse_reply-test.c'; then $(CYGPATH_W) 'parse_reply-test.c'; else $(CYGPATH_W) '$(srcdir)/parse_reply-test.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parse_reply_test-parse_reply-test.Tpo $(DEPDIR)/parse_reply_test-parse_reply-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='parse_reply-test.c' object='parse_reply_test-parse_reply-test.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `if test -f 'parse_reply-test.c'; then $(CYGPATH_W) 'parse_reply-test.c'; else $(CYGPATH_W) '$(srcdir)/parse_reply-test.c'; fi` parse_reply_test-resolve.o: resolve.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -MT parse_reply_test-resolve.o -MD -MP -MF $(DEPDIR)/parse_reply_test-resolve.Tpo -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parse_reply_test-resolve.Tpo $(DEPDIR)/parse_reply_test-resolve.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='resolve.c' object='parse_reply_test-resolve.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c parse_reply_test-resolve.obj: resolve.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -MT parse_reply_test-resolve.obj -MD -MP -MF $(DEPDIR)/parse_reply_test-resolve.Tpo -c -o parse_reply_test-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parse_reply_test-resolve.Tpo $(DEPDIR)/parse_reply_test-resolve.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='resolve.c' object='parse_reply_test-resolve.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi` snprintf_test-snprintf-test.o: snprintf-test.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -MT snprintf_test-snprintf-test.o -MD -MP -MF $(DEPDIR)/snprintf_test-snprintf-test.Tpo -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/snprintf_test-snprintf-test.Tpo $(DEPDIR)/snprintf_test-snprintf-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='snprintf-test.c' object='snprintf_test-snprintf-test.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c snprintf_test-snprintf-test.obj: snprintf-test.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `if test -f 'snprintf-test.c'; then $(CYGPATH_W) 'snprintf-test.c'; else $(CYGPATH_W) '$(srcdir)/snprintf-test.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -MT snprintf_test-snprintf-test.obj -MD -MP -MF $(DEPDIR)/snprintf_test-snprintf-test.Tpo -c -o snprintf_test-snprintf-test.obj `if test -f 'snprintf-test.c'; then $(CYGPATH_W) 'snprintf-test.c'; else $(CYGPATH_W) '$(srcdir)/snprintf-test.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/snprintf_test-snprintf-test.Tpo $(DEPDIR)/snprintf_test-snprintf-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='snprintf-test.c' object='snprintf_test-snprintf-test.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.obj `if test -f 'snprintf-test.c'; then $(CYGPATH_W) 'snprintf-test.c'; else $(CYGPATH_W) '$(srcdir)/snprintf-test.c'; fi` strpftime_test-strpftime-test.o: strpftime-test.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.o `test -f 'strpftime-test.c' || echo '$(srcdir)/'`strpftime-test.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -MT strpftime_test-strpftime-test.o -MD -MP -MF $(DEPDIR)/strpftime_test-strpftime-test.Tpo -c -o strpftime_test-strpftime-test.o `test -f 'strpftime-test.c' || echo '$(srcdir)/'`strpftime-test.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/strpftime_test-strpftime-test.Tpo $(DEPDIR)/strpftime_test-strpftime-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strpftime-test.c' object='strpftime_test-strpftime-test.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.o `test -f 'strpftime-test.c' || echo '$(srcdir)/'`strpftime-test.c strpftime_test-strpftime-test.obj: strpftime-test.c - $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.obj `if test -f 'strpftime-test.c'; then $(CYGPATH_W) 'strpftime-test.c'; else $(CYGPATH_W) '$(srcdir)/strpftime-test.c'; fi` +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -MT strpftime_test-strpftime-test.obj -MD -MP -MF $(DEPDIR)/strpftime_test-strpftime-test.Tpo -c -o strpftime_test-strpftime-test.obj `if test -f 'strpftime-test.c'; then $(CYGPATH_W) 'strpftime-test.c'; else $(CYGPATH_W) '$(srcdir)/strpftime-test.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/strpftime_test-strpftime-test.Tpo $(DEPDIR)/strpftime_test-strpftime-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='strpftime-test.c' object='strpftime_test-strpftime-test.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strpftime_test_CFLAGS) $(CFLAGS) -c -o strpftime_test-strpftime-test.obj `if test -f 'strpftime-test.c'; then $(CYGPATH_W) 'strpftime-test.c'; else $(CYGPATH_W) '$(srcdir)/strpftime-test.c'; fi` + +tsearch_test-tsearch-test.o: tsearch-test.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tsearch_test_CFLAGS) $(CFLAGS) -MT tsearch_test-tsearch-test.o -MD -MP -MF $(DEPDIR)/tsearch_test-tsearch-test.Tpo -c -o tsearch_test-tsearch-test.o `test -f 'tsearch-test.c' || echo '$(srcdir)/'`tsearch-test.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tsearch_test-tsearch-test.Tpo $(DEPDIR)/tsearch_test-tsearch-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsearch-test.c' object='tsearch_test-tsearch-test.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tsearch_test_CFLAGS) $(CFLAGS) -c -o tsearch_test-tsearch-test.o `test -f 'tsearch-test.c' || echo '$(srcdir)/'`tsearch-test.c + +tsearch_test-tsearch-test.obj: tsearch-test.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tsearch_test_CFLAGS) $(CFLAGS) -MT tsearch_test-tsearch-test.obj -MD -MP -MF $(DEPDIR)/tsearch_test-tsearch-test.Tpo -c -o tsearch_test-tsearch-test.obj `if test -f 'tsearch-test.c'; then $(CYGPATH_W) 'tsearch-test.c'; else $(CYGPATH_W) '$(srcdir)/tsearch-test.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/tsearch_test-tsearch-test.Tpo $(DEPDIR)/tsearch_test-tsearch-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tsearch-test.c' object='tsearch_test-tsearch-test.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tsearch_test_CFLAGS) $(CFLAGS) -c -o tsearch_test-tsearch-test.obj `if test -f 'tsearch-test.c'; then $(CYGPATH_W) 'tsearch-test.c'; else $(CYGPATH_W) '$(srcdir)/tsearch-test.c'; fi` mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done + @list=''; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.3[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } install-dist_includeHEADERS: $(dist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(dist_include_HEADERS)'; for p in $$list; do \ + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(dist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(dist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-dist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(dist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(dist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nodist_includeHEADERS: $(nodist_include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-nodist_includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done + @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files install-nodist_rokenincludeHEADERS: $(nodist_rokeninclude_HEADERS) @$(NORMAL_INSTALL) test -z "$(rokenincludedir)" || $(MKDIR_P) "$(DESTDIR)$(rokenincludedir)" - @list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \ + @list='$(nodist_rokeninclude_HEADERS)'; test -n "$(rokenincludedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_rokenincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(rokenincludedir)/$$f'"; \ - $(nodist_rokenincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(rokenincludedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(rokenincludedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(rokenincludedir)" || exit $$?; \ done uninstall-nodist_rokenincludeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(nodist_rokeninclude_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(rokenincludedir)/$$f'"; \ - rm -f "$(DESTDIR)$(rokenincludedir)/$$f"; \ - done + @list='$(nodist_rokeninclude_HEADERS)'; test -n "$(rokenincludedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(rokenincludedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(rokenincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -1019,49 +1588,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -1072,15 +1655,32 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -1096,13 +1696,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -1142,6 +1746,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1154,6 +1759,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ mostlyclean-am distclean: distclean-am + -rm -rf $(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1164,6 +1770,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -1173,26 +1781,35 @@ install-data-am: install-dist_includeHEADERS install-man \ install-nodist_rokenincludeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf $(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1214,11 +1831,10 @@ uninstall-am: uninstall-dist_includeHEADERS uninstall-libLTLIBRARIES \ uninstall-nodist_rokenincludeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - uninstall-man: uninstall-man3 -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: all check check-am install install-am install-data-am \ + install-exec-am install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ check-local clean clean-checkPROGRAMS clean-generic \ @@ -1311,6 +1927,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1396,7 +2015,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1414,13 +2033,19 @@ $(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS) .hin.h: cp $< $@ -roken.h: make-roken$(EXEEXT) - @./make-roken$(EXEEXT) > tmp.h ;\ - if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \ - else rm -f roken.h; mv tmp.h roken.h; fi +@CROSS_COMPILE_FALSE@roken.h: make-roken$(EXEEXT) +@CROSS_COMPILE_FALSE@ @./make-roken$(EXEEXT) > tmp.h ;\ +@CROSS_COMPILE_FALSE@ if [ -f roken.h ] && cmp -s tmp.h roken.h ; then rm -f tmp.h ; \ +@CROSS_COMPILE_FALSE@ else rm -f roken.h; mv tmp.h roken.h; fi + +@CROSS_COMPILE_FALSE@make-roken.c: roken.h.in roken.awk +@CROSS_COMPILE_FALSE@ $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c + +@CROSS_COMPILE_TRUE@roken.h: $(top_srcdir)/cf/roken-h-process.pl roken.h.in +@CROSS_COMPILE_TRUE@ perl $(top_srcdir)/cf/roken-h-process.pl \ +@CROSS_COMPILE_TRUE@ -c $(top_builddir)/include/config.h \ +@CROSS_COMPILE_TRUE@ -p $(srcdir)/roken.h.in -o roken.h -make-roken.c: roken.h.in roken.awk - $(AWK) -f $(srcdir)/roken.awk $(srcdir)/roken.h.in > make-roken.c # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/roken/base64-test.c b/crypto/heimdal/lib/roken/base64-test.c index 435e41b1832..e9a2835e85e 100644 --- a/crypto/heimdal/lib/roken/base64-test.c +++ b/crypto/heimdal/lib/roken/base64-test.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: base64-test.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include "roken.h" #include @@ -63,7 +60,7 @@ main(int argc, char **argv) int len; len = base64_encode(t->data, t->len, &str); if(strcmp(str, t->result) != 0) { - fprintf(stderr, "failed test %d: %s != %s\n", numtest, + fprintf(stderr, "failed test %d: %s != %s\n", numtest, str, t->result); numerr++; } @@ -85,12 +82,12 @@ main(int argc, char **argv) { char str[32]; if(base64_decode("M=M=", str) != -1) { - fprintf(stderr, "failed test %d: successful decode of `M=M='\n", + fprintf(stderr, "failed test %d: successful decode of `M=M='\n", numtest++); numerr++; } if(base64_decode("MQ===", str) != -1) { - fprintf(stderr, "failed test %d: successful decode of `MQ==='\n", + fprintf(stderr, "failed test %d: successful decode of `MQ==='\n", numtest++); numerr++; } diff --git a/crypto/heimdal/lib/roken/base64.c b/crypto/heimdal/lib/roken/base64.c index daf7fc56716..394e9841c78 100644 --- a/crypto/heimdal/lib/roken/base64.c +++ b/crypto/heimdal/lib/roken/base64.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,18 +31,17 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: base64.c 15506 2005-06-23 10:47:57Z lha $"); -#endif + #include #include +#include #include "base64.h" -static const char base64_chars[] = +static const char base64_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static int +static int pos(char c) { const char *p; @@ -52,7 +51,7 @@ pos(char c) return -1; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_encode(const void *data, int size, char **str) { char *s, *p; @@ -60,11 +59,18 @@ base64_encode(const void *data, int size, char **str) int c; const unsigned char *q; - p = s = (char *) malloc(size * 4 / 3 + 4); - if (p == NULL) + if (size > INT_MAX/4 || size < 0) { + *str = NULL; return -1; + } + + p = s = (char *) malloc(size * 4 / 3 + 4); + if (p == NULL) { + *str = NULL; + return -1; + } q = (const unsigned char *) data; - i = 0; + for (i = 0; i < size;) { c = q[i++]; c *= 256; @@ -87,7 +93,7 @@ base64_encode(const void *data, int size, char **str) } *p = 0; *str = s; - return strlen(s); + return (int) strlen(s); } #define DECODE_ERROR 0xffffffff @@ -114,7 +120,7 @@ token_decode(const char *token) return (marker << 24) | val; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_decode(const char *str, void *data) { const char *p; diff --git a/crypto/heimdal/lib/roken/base64.h b/crypto/heimdal/lib/roken/base64.h index 09aadffe7c4..dfae4c13b32 100644 --- a/crypto/heimdal/lib/roken/base64.h +++ b/crypto/heimdal/lib/roken/base64.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,23 +31,25 @@ * SUCH DAMAGE. */ -/* $Id: base64.h 15535 2005-06-30 07:13:33Z lha $ */ +/* $Id$ */ #ifndef _BASE64_H_ #define _BASE64_H_ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_encode(const void *, int, char **); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL base64_decode(const char *, void *); #endif diff --git a/crypto/heimdal/lib/roken/bswap.c b/crypto/heimdal/lib/roken/bswap.c index e669eb2e4c0..7f8c1c22b1b 100644 --- a/crypto/heimdal/lib/roken/bswap.c +++ b/crypto/heimdal/lib/roken/bswap.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,12 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" -RCSID("$Id: bswap.c 14773 2005-04-12 11:29:18Z lha $"); - #ifndef HAVE_BSWAP32 -unsigned int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL bswap32 (unsigned int val) { return (val & 0xff) << 24 | @@ -52,7 +48,7 @@ bswap32 (unsigned int val) #ifndef HAVE_BSWAP16 -unsigned short ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL bswap16 (unsigned short val) { return (val & 0xff) << 8 | diff --git a/crypto/heimdal/lib/roken/chown.c b/crypto/heimdal/lib/roken/chown.c index 5eb9c92c806..90a82d958ec 100644 --- a/crypto/heimdal/lib/roken/chown.c +++ b/crypto/heimdal/lib/roken/chown.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: chown.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL chown(const char *path, uid_t owner, gid_t group) { return 0; diff --git a/crypto/heimdal/lib/roken/cloexec.c b/crypto/heimdal/lib/roken/cloexec.c new file mode 100644 index 00000000000..2d1fe033f2d --- /dev/null +++ b/crypto/heimdal/lib/roken/cloexec.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include "roken.h" + +void ROKEN_LIB_FUNCTION +rk_cloexec(int fd) +{ +#ifdef HAVE_FCNTL + int ret; + + ret = fcntl(fd, F_GETFD); + if (ret == -1) + return; + if (fcntl(fd, F_SETFD, ret | FD_CLOEXEC) == -1) + return; +#endif +} + +void ROKEN_LIB_FUNCTION +rk_cloexec_file(FILE *f) +{ +#ifdef HAVE_FCNTL + rk_cloexec(fileno(f)); +#endif +} + +void ROKEN_LIB_FUNCTION +rk_cloexec_dir(DIR * d) +{ +#ifndef _WIN32 + rk_cloexec(dirfd(d)); +#endif +} diff --git a/crypto/heimdal/lib/roken/closefrom.c b/crypto/heimdal/lib/roken/closefrom.c index f56e556a81d..770eb2c67ac 100644 --- a/crypto/heimdal/lib/roken/closefrom.c +++ b/crypto/heimdal/lib/roken/closefrom.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #ifdef HAVE_SYS_TYPES_H #include @@ -45,7 +42,7 @@ RCSID("$Id: closefrom.c 21005 2007-06-08 01:54:35Z lha $"); #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL closefrom(int fd) { int num = getdtablesize(); diff --git a/crypto/heimdal/lib/roken/concat.c b/crypto/heimdal/lib/roken/concat.c index 94e0fcc3110..0b4ac46824c 100644 --- a/crypto/heimdal/lib/roken/concat.c +++ b/crypto/heimdal/lib/roken/concat.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,13 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: concat.c 14773 2005-04-12 11:29:18Z lha $"); -#endif + #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_concat (char *s, size_t len, ...) { int ret; @@ -49,7 +47,7 @@ roken_concat (char *s, size_t len, ...) return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_vconcat (char *s, size_t len, va_list args) { const char *a; @@ -67,7 +65,7 @@ roken_vconcat (char *s, size_t len, va_list args) return 0; } -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_vmconcat (char **s, size_t max_len, va_list args) { const char *a; @@ -80,7 +78,7 @@ roken_vmconcat (char **s, size_t max_len, va_list args) len = 1; while ((a = va_arg(args, const char*))) { size_t n = strlen (a); - + if(max_len && len + n > max_len){ free(p); return 0; @@ -99,10 +97,10 @@ roken_vmconcat (char **s, size_t max_len, va_list args) return len; } -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_mconcat (char **s, size_t max_len, ...) { - int ret; + size_t ret; va_list args; va_start(args, max_len); diff --git a/crypto/heimdal/lib/roken/copyhostent.c b/crypto/heimdal/lib/roken/copyhostent.c index 6410449ffbe..4ed630210fc 100644 --- a/crypto/heimdal/lib/roken/copyhostent.c +++ b/crypto/heimdal/lib/roken/copyhostent.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -42,7 +39,7 @@ RCSID("$Id: copyhostent.c 14773 2005-04-12 11:29:18Z lha $"); * return a malloced copy of `h' */ -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL copyhostent (const struct hostent *h) { struct hostent *res; diff --git a/crypto/heimdal/lib/roken/ct.c b/crypto/heimdal/lib/roken/ct.c new file mode 100644 index 00000000000..0778c2d4749 --- /dev/null +++ b/crypto/heimdal/lib/roken/ct.c @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include "roken.h" + +/** + * Constant time compare to memory regions. The reason for making it + * constant time is to make sure that timeing information leak from + * where in the function the diffrence is. + * + * ct_memcmp() can't be used to order memory regions like memcmp(), + * for example, use ct_memcmp() with qsort(). + * + * @param p1 memory region 1 to compare + * @param p2 memory region 2 to compare + * @param len length of memory + * + * @return 0 when the memory regions are equal, non zero if not + * + * @ingroup roken + */ + +int +ct_memcmp(const void *p1, const void *p2, size_t len) +{ + const unsigned char *s1 = p1, *s2 = p2; + size_t i; + int r = 0; + + for (i = 0; i < len; i++) + r |= (s1[i] ^ s2[i]); + return !!r; +} diff --git a/crypto/heimdal/lib/roken/daemon.c b/crypto/heimdal/lib/roken/daemon.c index 2bc2350054c..591a9a9532f 100644 --- a/crypto/heimdal/lib/roken/daemon.c +++ b/crypto/heimdal/lib/roken/daemon.c @@ -31,11 +31,7 @@ static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_CONFIG_H #include -#endif - -RCSID("$Id: daemon.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_DAEMON @@ -51,7 +47,7 @@ RCSID("$Id: daemon.c 14773 2005-04-12 11:29:18Z lha $"); #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL daemon(int nochdir, int noclose) { int fd; diff --git a/crypto/heimdal/lib/roken/doxygen.c b/crypto/heimdal/lib/roken/doxygen.c new file mode 100644 index 00000000000..0d30a47a2c8 --- /dev/null +++ b/crypto/heimdal/lib/roken/doxygen.c @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2009 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/*! @mainpage Heimdal Roken support library + * + * @section intro Introduction + * + * Heimdal's roken implememnts missing functions and make it easier to + * work with almost unixies like cygwin and AIX. + * + * The project web page: http://www.h5l.org/ + */ + +/** @defgroup roken Heimdal roken library */ diff --git a/crypto/heimdal/lib/roken/dumpdata.c b/crypto/heimdal/lib/roken/dumpdata.c index 4750cac1a5b..844360187f8 100644 --- a/crypto/heimdal/lib/roken/dumpdata.c +++ b/crypto/heimdal/lib/roken/dumpdata.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,12 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: dumpdata.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - -#include #include "roken.h" @@ -44,7 +39,7 @@ RCSID("$Id: dumpdata.c 21005 2007-06-08 01:54:35Z lha $"); * Write datablob to a filename, don't care about errors. */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dumpdata (const char *filename, const void *buf, size_t size) { int fd; @@ -55,3 +50,45 @@ rk_dumpdata (const char *filename, const void *buf, size_t size) net_write(fd, buf, size); close(fd); } + +/* + * Read all data from a filename, care about errors. + */ + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_undumpdata(const char *filename, void **buf, size_t *size) +{ + struct stat sb; + int fd, ret; + ssize_t sret; + + *buf = NULL; + + fd = open(filename, O_RDONLY, 0); + if (fd < 0) + return errno; + if (fstat(fd, &sb) != 0){ + ret = errno; + goto out; + } + *buf = malloc(sb.st_size); + if (*buf == NULL) { + ret = ENOMEM; + goto out; + } + *size = sb.st_size; + + sret = net_read(fd, *buf, *size); + if (sret < 0) + ret = errno; + else if (sret != (ssize_t)*size) { + ret = EINVAL; + free(*buf); + *buf = NULL; + } else + ret = 0; + + out: + close(fd); + return ret; +} diff --git a/crypto/heimdal/lib/roken/ecalloc.3 b/crypto/heimdal/lib/roken/ecalloc.3 index 194ad271cf9..a2863df4317 100644 --- a/crypto/heimdal/lib/roken/ecalloc.3 +++ b/crypto/heimdal/lib/roken/ecalloc.3 @@ -1,34 +1,34 @@ -.\" Copyright (c) 2001, 2003 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2001, 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" $Id: ecalloc.3 12527 2003-08-15 12:28:14Z joda $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" $Id$ .\" .Dd August 14, 2003 .Dt ECALLOC 3 @@ -61,13 +61,13 @@ The roken library (libroken, -lroken) .Ft ssize_t .Fn ewrite "int fd" "const void *buf" "size_t nbytes" .Sh DESCRIPTION -These functions do the same as the ones without the +These functions do the same as the ones without the .Dq e -prefix, but if there is an error they will print a message with +prefix, but if there is an error they will print a message with .Xr errx 3 , and exit. For .Nm eread -and +and .Nm ewrite this is also true for partial data. .Pp diff --git a/crypto/heimdal/lib/roken/ecalloc.c b/crypto/heimdal/lib/roken/ecalloc.c index c5ef4a7b245..04b37330c9b 100644 --- a/crypto/heimdal/lib/roken/ecalloc.c +++ b/crypto/heimdal/lib/roken/ecalloc.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -45,7 +42,7 @@ RCSID("$Id: ecalloc.c 21005 2007-06-08 01:54:35Z lha $"); * Like calloc but never fails. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL ecalloc (size_t number, size_t size) { void *tmp = calloc (number, size); diff --git a/crypto/heimdal/lib/roken/emalloc.c b/crypto/heimdal/lib/roken/emalloc.c index a39fcc0d22b..2520230a354 100644 --- a/crypto/heimdal/lib/roken/emalloc.c +++ b/crypto/heimdal/lib/roken/emalloc.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -45,7 +42,7 @@ RCSID("$Id: emalloc.c 21005 2007-06-08 01:54:35Z lha $"); * Like malloc but never fails. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL emalloc (size_t sz) { void *tmp = malloc (sz); diff --git a/crypto/heimdal/lib/roken/environment.c b/crypto/heimdal/lib/roken/environment.c index 3822e4c6ffe..64c354d62bb 100644 --- a/crypto/heimdal/lib/roken/environment.c +++ b/crypto/heimdal/lib/roken/environment.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2000, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -32,10 +32,7 @@ */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: environment.c 20866 2007-06-03 21:00:29Z lha $"); -#endif #include #include @@ -43,7 +40,7 @@ RCSID("$Id: environment.c 20866 2007-06-03 21:00:29Z lha $"); #include "roken.h" /* find assignment in env list; len is length of variable including - * equal + * equal */ static int @@ -63,7 +60,7 @@ find_var(char **env, char *assignment, size_t len) */ static int -rk_read_env_file(FILE *F, char ***env, int *assigned) +read_env_file(FILE *F, char ***env, int *assigned) { int idx = 0; int i; @@ -126,11 +123,11 @@ rk_read_env_file(FILE *F, char ***env, int *assigned) } /* - * return count of environment assignments from file and + * return count of environment assignments from file and * list of malloced strings in `env' */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL read_environment(const char *file, char ***env) { int assigned; @@ -139,12 +136,12 @@ read_environment(const char *file, char ***env) if ((F = fopen(file, "r")) == NULL) return 0; - rk_read_env_file(F, env, &assigned); + read_env_file(F, env, &assigned); fclose(F); return assigned; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_environment(char **env) { int i; diff --git a/crypto/heimdal/lib/roken/eread.c b/crypto/heimdal/lib/roken/eread.c index ec4eed412e1..ba30f0230c5 100644 --- a/crypto/heimdal/lib/roken/eread.c +++ b/crypto/heimdal/lib/roken/eread.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,13 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: eread.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - -#include -#include #include "roken.h" @@ -45,7 +39,7 @@ RCSID("$Id: eread.c 21005 2007-06-08 01:54:35Z lha $"); * Like read but never fails (and never returns partial data). */ -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL eread (int fd, void *buf, size_t nbytes) { ssize_t ret; diff --git a/crypto/heimdal/lib/roken/erealloc.c b/crypto/heimdal/lib/roken/erealloc.c index c38236085cb..1c30ecc60bf 100644 --- a/crypto/heimdal/lib/roken/erealloc.c +++ b/crypto/heimdal/lib/roken/erealloc.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -45,7 +42,7 @@ RCSID("$Id: erealloc.c 21005 2007-06-08 01:54:35Z lha $"); * Like realloc but never fails. */ -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL erealloc (void *ptr, size_t sz) { void *tmp = realloc (ptr, sz); diff --git a/crypto/heimdal/lib/roken/err.c b/crypto/heimdal/lib/roken/err.c index dcb820bba6b..5fbe84fdf76 100644 --- a/crypto/heimdal/lib/roken/err.c +++ b/crypto/heimdal/lib/roken/err.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: err.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "err.h" -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL err(int eval, const char *fmt, ...) { va_list ap; diff --git a/crypto/heimdal/lib/roken/err.hin b/crypto/heimdal/lib/roken/err.hin index 2f1232d3e7f..96fe5cf8515 100644 --- a/crypto/heimdal/lib/roken/err.hin +++ b/crypto/heimdal/lib/roken/err.hin @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: err.hin 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __ERR_H__ #define __ERR_H__ @@ -48,40 +48,42 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL verr(int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL err(int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL verrx(int eval, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 2, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL errx(int eval, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 2, 3))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vwarn(const char *fmt, va_list ap) __attribute__ ((format (printf, 1, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL warn(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vwarnx(const char *fmt, va_list ap) __attribute__ ((format (printf, 1, 0))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL warnx(const char *fmt, ...) __attribute__ ((format (printf, 1, 2))); diff --git a/crypto/heimdal/lib/roken/errx.c b/crypto/heimdal/lib/roken/errx.c index 1090ac79d02..f75ad0179e3 100644 --- a/crypto/heimdal/lib/roken/errx.c +++ b/crypto/heimdal/lib/roken/errx.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: errx.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "err.h" -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL errx(int eval, const char *fmt, ...) { va_list ap; diff --git a/crypto/heimdal/lib/roken/esetenv.c b/crypto/heimdal/lib/roken/esetenv.c index e92f04ab32f..3cbf5ed365e 100644 --- a/crypto/heimdal/lib/roken/esetenv.c +++ b/crypto/heimdal/lib/roken/esetenv.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: esetenv.c 15502 2005-06-21 18:56:15Z lha $"); -#endif #include "roken.h" #include -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL esetenv(const char *var, const char *val, int rewrite) { if (setenv (rk_UNCONST(var), rk_UNCONST(val), rewrite)) diff --git a/crypto/heimdal/lib/roken/estrdup.c b/crypto/heimdal/lib/roken/estrdup.c index 262412bd35e..d275a2830b0 100644 --- a/crypto/heimdal/lib/roken/estrdup.c +++ b/crypto/heimdal/lib/roken/estrdup.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -45,7 +42,7 @@ RCSID("$Id: estrdup.c 21005 2007-06-08 01:54:35Z lha $"); * Like strdup but never fails. */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL estrdup (const char *str) { char *tmp = strdup (str); diff --git a/crypto/heimdal/lib/roken/ewrite.c b/crypto/heimdal/lib/roken/ewrite.c index a2323d6ffd9..fce57052922 100644 --- a/crypto/heimdal/lib/roken/ewrite.c +++ b/crypto/heimdal/lib/roken/ewrite.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,13 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: ewrite.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - -#include -#include #include "roken.h" @@ -45,7 +39,7 @@ RCSID("$Id: ewrite.c 21005 2007-06-08 01:54:35Z lha $"); * Like write but never fails (and never returns partial data). */ -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL ewrite (int fd, const void *buf, size_t nbytes) { ssize_t ret; diff --git a/crypto/heimdal/lib/roken/fchown.c b/crypto/heimdal/lib/roken/fchown.c index 87a205179f2..050c2dd3be7 100644 --- a/crypto/heimdal/lib/roken/fchown.c +++ b/crypto/heimdal/lib/roken/fchown.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: fchown.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fchown(int fd, uid_t owner, gid_t group) { return 0; diff --git a/crypto/heimdal/lib/roken/flock.c b/crypto/heimdal/lib/roken/flock.c index 911d5ff31ed..068d09929e1 100644 --- a/crypto/heimdal/lib/roken/flock.c +++ b/crypto/heimdal/lib/roken/flock.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,25 +31,22 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #ifndef HAVE_FLOCK -RCSID("$Id: flock.c 14773 2005-04-12 11:29:18Z lha $"); #include "roken.h" - #define OP_MASK (LOCK_SH | LOCK_EX | LOCK_UN) -int ROKEN_LIB_FUNCTION -flock(int fd, int operation) + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_flock(int fd, int operation) { #if defined(HAVE_FCNTL) && defined(F_SETLK) struct flock arg; int code, cmd; - + arg.l_whence = SEEK_SET; arg.l_start = 0; arg.l_len = 0; /* means to EOF */ @@ -78,6 +75,76 @@ flock(int fd, int operation) break; } return code; + +#elif defined(_WIN32) + /* Windows */ + +#define FLOCK_OFFSET_LOW 0 +#define FLOCK_OFFSET_HIGH 0 +#define FLOCK_LENGTH_LOW 0x00000000 +#define FLOCK_LENGTH_HIGH 0x80000000 + + HANDLE hFile; + OVERLAPPED ov; + BOOL rv = FALSE; + DWORD f = 0; + + hFile = (HANDLE) _get_osfhandle(fd); + if (hFile == NULL || hFile == INVALID_HANDLE_VALUE) { + _set_errno(EBADF); + return -1; + } + + ZeroMemory(&ov, sizeof(ov)); + ov.hEvent = NULL; + ov.Offset = FLOCK_OFFSET_LOW; + ov.OffsetHigh = FLOCK_OFFSET_HIGH; + + if (operation & LOCK_NB) + f = LOCKFILE_FAIL_IMMEDIATELY; + + switch (operation & OP_MASK) { + case LOCK_UN: /* Unlock */ + rv = UnlockFileEx(hFile, 0, + FLOCK_LENGTH_LOW, FLOCK_LENGTH_HIGH, &ov); + break; + + case LOCK_SH: /* Shared lock */ + rv = LockFileEx(hFile, f, 0, + FLOCK_LENGTH_LOW, FLOCK_LENGTH_HIGH, &ov); + break; + + case LOCK_EX: /* Exclusive lock */ + rv = LockFileEx(hFile, f|LOCKFILE_EXCLUSIVE_LOCK, 0, + FLOCK_LENGTH_LOW, FLOCK_LENGTH_HIGH, + &ov); + break; + + default: + _set_errno(EINVAL); + return -1; + } + + if (!rv) { + switch (GetLastError()) { + case ERROR_SHARING_VIOLATION: + case ERROR_LOCK_VIOLATION: + case ERROR_IO_PENDING: + _set_errno(EWOULDBLOCK); + break; + + case ERROR_ACCESS_DENIED: + _set_errno(EACCES); + break; + + default: + _set_errno(ENOLCK); + } + return -1; + } + + return 0; + #else return -1; #endif diff --git a/crypto/heimdal/lib/roken/fnmatch.c b/crypto/heimdal/lib/roken/fnmatch.c index 126949a8e08..7dfe492179d 100644 --- a/crypto/heimdal/lib/roken/fnmatch.c +++ b/crypto/heimdal/lib/roken/fnmatch.c @@ -45,6 +45,12 @@ static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $"; * Compares a filename or pathname to a pattern. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + #include #include @@ -52,7 +58,7 @@ static char rcsid[] = "$NetBSD: fnmatch.c,v 1.11 1995/02/27 03:43:06 cgd Exp $"; static const char *rangematch (const char *, int, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_fnmatch(const char *pattern, const char *string, int flags) { const char *stringstart; @@ -147,13 +153,13 @@ rangematch(const char *pattern, int test, int flags) */ if (negate = (*pattern == '!' || *pattern == '^')) ++pattern; - + for (ok = 0; (c = *pattern++) != ']';) { if (c == '\\' && !(flags & FNM_NOESCAPE)) c = *pattern++; if (c == EOS) return (NULL); - if (*pattern == '-' + if (*pattern == '-' && (c2 = *(pattern+1)) != EOS && c2 != ']') { pattern += 2; if (c2 == '\\' && !(flags & FNM_NOESCAPE)) diff --git a/crypto/heimdal/lib/roken/fnmatch.hin b/crypto/heimdal/lib/roken/fnmatch.hin index d5d54a56225..fd96656de85 100644 --- a/crypto/heimdal/lib/roken/fnmatch.hin +++ b/crypto/heimdal/lib/roken/fnmatch.hin @@ -36,9 +36,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __stdcall #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif diff --git a/crypto/heimdal/lib/roken/freeaddrinfo.c b/crypto/heimdal/lib/roken/freeaddrinfo.c index a61536ddf88..7132e95dd38 100644 --- a/crypto/heimdal/lib/roken/freeaddrinfo.c +++ b/crypto/heimdal/lib/roken/freeaddrinfo.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -42,7 +39,7 @@ RCSID("$Id: freeaddrinfo.c 14773 2005-04-12 11:29:18Z lha $"); * free the list of `struct addrinfo' starting at `ai' */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freeaddrinfo(struct addrinfo *ai) { struct addrinfo *tofree; diff --git a/crypto/heimdal/lib/roken/freehostent.c b/crypto/heimdal/lib/roken/freehostent.c index 54fc49532b2..61fbb223b5e 100644 --- a/crypto/heimdal/lib/roken/freehostent.c +++ b/crypto/heimdal/lib/roken/freehostent.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -42,7 +39,7 @@ RCSID("$Id: freehostent.c 14773 2005-04-12 11:29:18Z lha $"); * free a malloced hostent */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freehostent (struct hostent *h) { char **p; diff --git a/crypto/heimdal/lib/roken/gai_strerror.c b/crypto/heimdal/lib/roken/gai_strerror.c index c86274358b6..1e326bee367 100644 --- a/crypto/heimdal/lib/roken/gai_strerror.c +++ b/crypto/heimdal/lib/roken/gai_strerror.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: gai_strerror.c 15837 2005-08-05 09:31:35Z lha $"); -#endif #include "roken.h" @@ -65,7 +62,7 @@ static struct gai_error { * */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL gai_strerror(int ecode) { struct gai_error *g; diff --git a/crypto/heimdal/lib/roken/get_default_username.c b/crypto/heimdal/lib/roken/get_default_username.c index 754b60d2a8b..da6806b15b4 100644 --- a/crypto/heimdal/lib/roken/get_default_username.c +++ b/crypto/heimdal/lib/roken/get_default_username.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: get_default_username.c 14773 2005-04-12 11:29:18Z lha $"); -#endif /* HAVE_CONFIG_H */ #include "roken.h" @@ -43,7 +40,7 @@ RCSID("$Id: get_default_username.c 14773 2005-04-12 11:29:18Z lha $"); * NULL if we can't guess at all. */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL get_default_username (void) { const char *user; @@ -76,5 +73,11 @@ get_default_username (void) return pwd->pw_name; } #endif +#ifdef _WIN32 + /* TODO: We can call GetUserNameEx() and figure out a + username. However, callers do not free the return value of this + function. */ +#endif + return user; } diff --git a/crypto/heimdal/lib/roken/get_window_size.c b/crypto/heimdal/lib/roken/get_window_size.c index 7fa91d65227..5a4a1753fef 100644 --- a/crypto/heimdal/lib/roken/get_window_size.c +++ b/crypto/heimdal/lib/roken/get_window_size.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #ifdef HAVE_UNISTD_H @@ -60,43 +57,76 @@ RCSID("$Id: get_window_size.c 21005 2007-06-08 01:54:35Z lha $"); #include "roken.h" -int ROKEN_LIB_FUNCTION -get_window_size(int fd, struct winsize *wp) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +get_window_size(int fd, int *lines, int *columns) { - int ret = -1; - - memset(wp, 0, sizeof(*wp)); + char *s; #if defined(TIOCGWINSZ) - ret = ioctl(fd, TIOCGWINSZ, wp); + { + struct winsize ws; + int ret; + ret = ioctl(fd, TIOCGWINSZ, &ws); + if (ret != -1) { + if (lines) + *lines = ws.ws_row; + if (columns) + *columns = ws.ws_col; + return 0; + } + } #elif defined(TIOCGSIZE) { struct ttysize ts; - + int ret; ret = ioctl(fd, TIOCGSIZE, &ts); - if(ret == 0) { - wp->ws_row = ts.ts_lines; - wp->ws_col = ts.ts_cols; - } + if (ret != -1) { + if (lines) + *lines = ts.ws_lines; + if (columns) + *columns = ts.ts_cols; + return 0; + } } #elif defined(HAVE__SCRSIZE) { int dst[2]; - - _scrsize(dst); - wp->ws_row = dst[1]; - wp->ws_col = dst[0]; - ret = 0; + + _scrsize(dst); + if (lines) + *lines = dst[1]; + if (columns) + *columns = dst[0]; + return 0; + } +#elif defined(_WIN32) + { + intptr_t fh = 0; + CONSOLE_SCREEN_BUFFER_INFO sb_info; + + fh = _get_osfhandle(fd); + if (fh != (intptr_t) INVALID_HANDLE_VALUE && + GetConsoleScreenBufferInfo((HANDLE) fh, &sb_info)) { + if (lines) + *lines = 1 + sb_info.srWindow.Bottom - sb_info.srWindow.Top; + if (columns) + *columns = 1 + sb_info.srWindow.Right - sb_info.srWindow.Left; + + return 0; + } } #endif - if (ret != 0) { - char *s; - if((s = getenv("COLUMNS"))) - wp->ws_col = atoi(s); - if((s = getenv("LINES"))) - wp->ws_row = atoi(s); - if(wp->ws_col > 0 && wp->ws_row > 0) - ret = 0; + if (columns) { + if ((s = getenv("COLUMNS"))) + *columns = atoi(s); + else + return -1; } - return ret; + if (lines) { + if ((s = getenv("LINES"))) + *lines = atoi(s); + else + return -1; + } + return 0; } diff --git a/crypto/heimdal/lib/roken/getaddrinfo-test.c b/crypto/heimdal/lib/roken/getaddrinfo-test.c index 027e32a742c..a2b726f9a2d 100644 --- a/crypto/heimdal/lib/roken/getaddrinfo-test.c +++ b/crypto/heimdal/lib/roken/getaddrinfo-test.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getaddrinfo-test.c 15930 2005-08-12 13:42:17Z lha $"); -#endif #include "roken.h" #include "getarg.h" @@ -43,10 +40,12 @@ static int flags; static int family; static int socktype; +static int verbose_counter; static int version_flag; static int help_flag; static struct getargs args[] = { + {"verbose", 0, arg_counter, &verbose_counter,"verbose", NULL}, {"flags", 0, arg_integer, &flags, "flags", NULL}, {"family", 0, arg_integer, &family, "family", NULL}, {"socktype",0, arg_integer, &socktype, "socktype", NULL}, @@ -71,7 +70,8 @@ doit (const char *nodename, const char *servname) struct addrinfo *res, *r; int ret; - printf ("(%s,%s)... ", nodename ? nodename : "null", servname); + if (verbose_counter) + printf ("(%s,%s)... ", nodename ? nodename : "null", servname); memset (&hints, 0, sizeof(hints)); hints.ai_flags = flags; @@ -79,29 +79,32 @@ doit (const char *nodename, const char *servname) hints.ai_socktype = socktype; ret = getaddrinfo (nodename, servname, &hints, &res); - if (ret) { - printf ("error: %s\n", gai_strerror(ret)); - return; - } - printf ("\n"); + if (ret) + errx(1, "error: %s\n", gai_strerror(ret)); + + if (verbose_counter) + printf ("\n"); for (r = res; r != NULL; r = r->ai_next) { char addrstr[256]; - if (inet_ntop (r->ai_family, + if (inet_ntop (r->ai_family, socket_get_address (r->ai_addr), addrstr, sizeof(addrstr)) == NULL) { - printf ("\tbad address?\n"); + if (verbose_counter) + printf ("\tbad address?\n"); continue; - } - printf ("\tfamily = %d, socktype = %d, protocol = %d, " - "address = \"%s\", port = %d", - r->ai_family, r->ai_socktype, r->ai_protocol, - addrstr, - ntohs(socket_get_port (r->ai_addr))); - if (r->ai_canonname) - printf (", canonname = \"%s\"", r->ai_canonname); - printf ("\n"); + } + if (verbose_counter) { + printf ("\tfamily = %d, socktype = %d, protocol = %d, " + "address = \"%s\", port = %d", + r->ai_family, r->ai_socktype, r->ai_protocol, + addrstr, + ntohs(socket_get_port (r->ai_addr))); + if (r->ai_canonname) + printf (", canonname = \"%s\"", r->ai_canonname); + printf ("\n"); + } } freeaddrinfo (res); } @@ -122,7 +125,7 @@ main(int argc, char **argv) usage (0); if (version_flag) { - fprintf (stderr, "%s from %s-%s)\n", getprogname(), PACKAGE, VERSION); + fprintf (stderr, "%s from %s-%s\n", getprogname(), PACKAGE, VERSION); return 0; } diff --git a/crypto/heimdal/lib/roken/getaddrinfo.c b/crypto/heimdal/lib/roken/getaddrinfo.c index f9ffcd86514..c8ed95413fe 100644 --- a/crypto/heimdal/lib/roken/getaddrinfo.c +++ b/crypto/heimdal/lib/roken/getaddrinfo.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getaddrinfo.c 15417 2005-06-16 17:49:29Z lha $"); -#endif #include "roken.h" @@ -368,7 +365,7 @@ get_nodes (const char *nodename, * }; */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getaddrinfo(const char *nodename, const char *servname, const struct addrinfo *hints, diff --git a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c b/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c index 29eae31e4ca..454121992d3 100644 --- a/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c +++ b/crypto/heimdal/lib/roken/getaddrinfo_hostspec.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getaddrinfo_hostspec.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" /* getaddrinfo via string specifying host and port */ -int ROKEN_LIB_FUNCTION -roken_getaddrinfo_hostspec2(const char *hostspec, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +roken_getaddrinfo_hostspec2(const char *hostspec, int socktype, int port, struct addrinfo **ai) @@ -60,15 +57,15 @@ roken_getaddrinfo_hostspec2(const char *hostspec, } *hstp, hst[] = { { "http://", SOCK_STREAM, IPPROTO_TCP, 80 }, { "http/", SOCK_STREAM, IPPROTO_TCP, 80 }, - { "tcp/", SOCK_STREAM, IPPROTO_TCP }, - { "udp/", SOCK_DGRAM, IPPROTO_UDP }, - { NULL } + { "tcp/", SOCK_STREAM, IPPROTO_TCP, 0 }, + { "udp/", SOCK_DGRAM, IPPROTO_UDP, 0 }, + { NULL, 0, 0, 0 } }; memset(&hints, 0, sizeof(hints)); hints.ai_socktype = socktype; - + for(hstp = hst; hstp->prefix; hstp++) { if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) { hints.ai_socktype = hstp->socktype; @@ -79,7 +76,7 @@ roken_getaddrinfo_hostspec2(const char *hostspec, break; } } - + p = strchr (hostspec, ':'); if (p != NULL) { char *end; @@ -90,13 +87,13 @@ roken_getaddrinfo_hostspec2(const char *hostspec, hostspec_len = strlen(hostspec); } snprintf (portstr, sizeof(portstr), "%u", port); - + snprintf (host, sizeof(host), "%.*s", hostspec_len, hostspec); return getaddrinfo (host, portstr, &hints, ai); } -int ROKEN_LIB_FUNCTION -roken_getaddrinfo_hostspec(const char *hostspec, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +roken_getaddrinfo_hostspec(const char *hostspec, int port, struct addrinfo **ai) { diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3 index fd5ed3de0e8..dda6e7dbf3d 100644 --- a/crypto/heimdal/lib/roken/getarg.3 +++ b/crypto/heimdal/lib/roken/getarg.3 @@ -1,35 +1,35 @@ -.\" Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: getarg.3 13380 2004-02-17 12:04:59Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .Dd September 24, 1999 .Dt GETARG 3 .Os ROKEN @@ -246,20 +246,20 @@ or .Pp Long option names are prefixed with -- (double dash), and the value with a = (equal), -.Fl -foo= Ns Ar bar . +.Fl Fl foo= Ns Ar bar . Long option flags can either be specified as they are -.Pf ( Fl -help ) , +.Pf ( Fl Fl help ) , or with an (boolean parsable) option -.Pf ( Fl -help= Ns Ar yes , -.Fl -help= Ns Ar true , +.Pf ( Fl Fl help= Ns Ar yes , +.Fl Fl help= Ns Ar true , or similar), or they can also be negated -.Pf ( Fl -no-help +.Pf ( Fl Fl no-help is the same as -.Fl -help= Ns no ) , +.Fl Fl help= Ns no ) , and if you're really confused you can do it multiple times -.Pf ( Fl -no-no-help= Ns Ar false , +.Pf ( Fl Fl no-no-help= Ns Ar false , or even -.Fl -no-no-help= Ns Ar maybe ) . +.Fl Fl no-no-help= Ns Ar maybe ) . .Sh EXAMPLE .Bd -literal #include diff --git a/crypto/heimdal/lib/roken/getarg.c b/crypto/heimdal/lib/roken/getarg.c index c732d2fd43a..d6a50486895 100644 --- a/crypto/heimdal/lib/roken/getarg.c +++ b/crypto/heimdal/lib/roken/getarg.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -45,7 +42,12 @@ RCSID("$Id: getarg.c 21005 2007-06-08 01:54:35Z lha $"); #define ISFLAG(X) ((X).type == arg_flag || (X).type == arg_negative_flag) static size_t -print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg) +print_arg (char *string, + size_t len, + int mdoc, + int longp, + struct getargs *arg, + char *(i18n)(const char *)) { const char *s; @@ -66,7 +68,7 @@ print_arg (char *string, size_t len, int mdoc, int longp, struct getargs *arg) } if (arg->arg_help) - s = arg->arg_help; + s = (*i18n)(arg->arg_help); else if (arg->type == arg_integer || arg->type == arg_counter) s = "integer"; else if (arg->type == arg_string) @@ -86,9 +88,10 @@ static void mandoc_template(struct getargs *args, size_t num_args, const char *progname, - const char *extra_string) + const char *extra_string, + char *(i18n)(const char *)) { - int i; + size_t i; char timestr[64], cmd[64]; char buf[128]; const char *p; @@ -106,40 +109,39 @@ mandoc_template(struct getargs *args, if(p) p++; else p = progname; strlcpy(cmd, p, sizeof(cmd)); strupr(cmd); - + printf(".Dt %s SECTION\n", cmd); printf(".Os OPERATING_SYSTEM\n"); printf(".Sh NAME\n"); printf(".Nm %s\n", p); - printf(".Nd\n"); - printf("in search of a description\n"); + printf(".Nd in search of a description\n"); printf(".Sh SYNOPSIS\n"); printf(".Nm\n"); for(i = 0; i < num_args; i++){ /* we seem to hit a limit on number of arguments if doing short and long flags with arguments -- split on two lines */ - if(ISFLAG(args[i]) || + if(ISFLAG(args[i]) || args[i].short_name == 0 || args[i].long_name == NULL) { printf(".Op "); if(args[i].short_name) { - print_arg(buf, sizeof(buf), 1, 0, args + i); + print_arg(buf, sizeof(buf), 1, 0, args + i, i18n); printf("Fl %c%s", args[i].short_name, buf); if(args[i].long_name) printf(" | "); } if(args[i].long_name) { - print_arg(buf, sizeof(buf), 1, 1, args + i); - printf("Fl -%s%s%s", + print_arg(buf, sizeof(buf), 1, 1, args + i, i18n); + printf("Fl Fl %s%s%s", args[i].type == arg_negative_flag ? "no-" : "", args[i].long_name, buf); } printf("\n"); } else { - print_arg(buf, sizeof(buf), 1, 0, args + i); + print_arg(buf, sizeof(buf), 1, 0, args + i, i18n); printf(".Oo Fl %c%s \\*(Ba Xo\n", args[i].short_name, buf); - print_arg(buf, sizeof(buf), 1, 1, args + i); - printf(".Fl -%s%s\n.Xc\n.Oc\n", args[i].long_name, buf); + print_arg(buf, sizeof(buf), 1, 1, args + i, i18n); + printf(".Fl Fl %s%s\n.Xc\n.Oc\n", args[i].long_name, buf); } /* if(args[i].type == arg_strings) @@ -155,17 +157,17 @@ mandoc_template(struct getargs *args, printf(".It Xo\n"); if(args[i].short_name){ printf(".Fl %c", args[i].short_name); - print_arg(buf, sizeof(buf), 1, 0, args + i); + print_arg(buf, sizeof(buf), 1, 0, args + i, i18n); printf("%s", buf); if(args[i].long_name) printf(" ,"); printf("\n"); } if(args[i].long_name){ - printf(".Fl -%s%s", + printf(".Fl Fl %s%s", args[i].type == arg_negative_flag ? "no-" : "", args[i].long_name); - print_arg(buf, sizeof(buf), 1, 1, args + i); + print_arg(buf, sizeof(buf), 1, 1, args + i, i18n); printf("%s\n", buf); } printf(".Xc\n"); @@ -198,31 +200,48 @@ check_column(FILE *f, int col, int len, int columns) return col; } -void ROKEN_LIB_FUNCTION +static char * +builtin_i18n(const char *str) +{ + return rk_UNCONST(str); +} + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL arg_printusage (struct getargs *args, size_t num_args, const char *progname, const char *extra_string) { - int i; - size_t max_len = 0; + arg_printusage_i18n(args, num_args, "Usage", + progname, extra_string, builtin_i18n); +} + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +arg_printusage_i18n (struct getargs *args, + size_t num_args, + const char *usage, + const char *progname, + const char *extra_string, + char *(*i18n)(const char *)) +{ + size_t i, max_len = 0; char buf[128]; int col = 0, columns; - struct winsize ws; if (progname == NULL) progname = getprogname(); + if (i18n == NULL) + i18n = builtin_i18n; + if(getenv("GETARGMANDOC")){ - mandoc_template(args, num_args, progname, extra_string); + mandoc_template(args, num_args, progname, extra_string, i18n); return; } - if(get_window_size(2, &ws) == 0) - columns = ws.ws_col; - else + if(get_window_size(2, NULL, &columns) == -1) columns = 80; col = 0; - col += fprintf (stderr, "Usage: %s", progname); + col += fprintf (stderr, "%s: %s", usage, progname); buf[0] = '\0'; for (i = 0; i < num_args; ++i) { if(args[i].short_name && ISFLAG(args[i])) { @@ -253,8 +272,8 @@ arg_printusage (struct getargs *args, } strlcat(buf, args[i].long_name, sizeof(buf)); len += strlen(args[i].long_name); - len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), - 0, 1, &args[i]); + len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), + 0, 1, &args[i], i18n); strlcat(buf, "]", sizeof(buf)); if(args[i].type == arg_strings) strlcat(buf, "...", sizeof(buf)); @@ -264,8 +283,8 @@ arg_printusage (struct getargs *args, if (args[i].short_name && !ISFLAG(args[i])) { snprintf(buf, sizeof(buf), "[-%c", args[i].short_name); len += 2; - len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), - 0, 0, &args[i]); + len += print_arg(buf + strlen(buf), sizeof(buf) - strlen(buf), + 0, 0, &args[i], i18n); strlcat(buf, "]", sizeof(buf)); if(args[i].type == arg_strings) strlcat(buf, "...", sizeof(buf)); @@ -277,7 +296,7 @@ arg_printusage (struct getargs *args, max_len = max(max_len, len); } if (extra_string) { - col = check_column(stderr, col, strlen(extra_string) + 1, columns); + check_column(stderr, col, strlen(extra_string) + 1, columns); fprintf (stderr, " %s\n", extra_string); } else fprintf (stderr, "\n"); @@ -287,7 +306,7 @@ arg_printusage (struct getargs *args, if (args[i].short_name) { count += fprintf (stderr, "-%c", args[i].short_name); - print_arg (buf, sizeof(buf), 0, 0, &args[i]); + print_arg (buf, sizeof(buf), 0, 0, &args[i], i18n); count += fprintf(stderr, "%s", buf); } if (args[i].short_name && args[i].long_name) @@ -297,12 +316,12 @@ arg_printusage (struct getargs *args, if (args[i].type == arg_negative_flag) count += fprintf (stderr, "no-"); count += fprintf (stderr, "%s", args[i].long_name); - print_arg (buf, sizeof(buf), 0, 1, &args[i]); + print_arg (buf, sizeof(buf), 0, 1, &args[i], i18n); count += fprintf(stderr, "%s", buf); } while(count++ <= max_len) putc (' ', stderr); - fprintf (stderr, "%s\n", args[i].help); + fprintf (stderr, "%s\n", (*i18n)(args[i].help)); } } } @@ -329,7 +348,7 @@ static int arg_match_long(struct getargs *args, size_t num_args, char *argv, int argc, char **rargv, int *goptind) { - int i; + size_t i; char *goptarg = NULL; int negate = 0; int partial_match = 0; @@ -378,7 +397,7 @@ arg_match_long(struct getargs *args, size_t num_args, else return ARG_ERR_NO_MATCH; } - + if(*goptarg == '\0' && !ISFLAG(*current) && current->type != arg_collect @@ -407,16 +426,12 @@ arg_match_long(struct getargs *args, size_t num_args, { int *flag = current->value; if(*goptarg == '\0' || - strcmp(goptarg + 1, "yes") == 0 || + strcmp(goptarg + 1, "yes") == 0 || strcmp(goptarg + 1, "true") == 0){ *flag = !negate; return 0; } else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) { -#ifdef HAVE_RANDOM - *flag = random() & 1; -#else - *flag = rand() & 1; -#endif + *flag = rk_random() & 1; } else { *flag = negate; return 0; @@ -450,6 +465,7 @@ arg_match_long(struct getargs *args, size_t num_args, default: abort (); + UNREACHABLE(return 0); } } @@ -457,7 +473,7 @@ static int arg_match_short (struct getargs *args, size_t num_args, char *argv, int argc, char **rargv, int *goptind) { - int j, k; + size_t j, k; for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) { for(k = 0; k < num_args; k++) { @@ -473,16 +489,18 @@ arg_match_short (struct getargs *args, size_t num_args, if(args[k].type == arg_negative_flag) { *(int*)args[k].value = 0; break; - } + } if(args[k].type == arg_counter) { ++*(int *)args[k].value; break; } if(args[k].type == arg_collect) { struct getarg_collect_info *c = args[k].value; + int a = (int)j; - if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data)) + if((*c->func)(TRUE, argc, rargv, goptind, &a, c->data)) return ARG_ERR_BAD_ARG; + j = a; break; } @@ -523,20 +541,14 @@ arg_match_short (struct getargs *args, size_t num_args, return 0; } -int ROKEN_LIB_FUNCTION -getarg(struct getargs *args, size_t num_args, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getarg(struct getargs *args, size_t num_args, int argc, char **argv, int *goptind) { int i; int ret = 0; -#if defined(HAVE_SRANDOMDEV) - srandomdev(); -#elif defined(HAVE_RANDOM) - srandom(time(NULL)); -#else - srand (time(NULL)); -#endif + rk_random_init(); (*goptind)++; for(i = *goptind; i < argc; i++) { if(argv[i][0] != '-') @@ -546,7 +558,7 @@ getarg(struct getargs *args, size_t num_args, i++; break; } - ret = arg_match_long (args, num_args, argv[i] + 2, + ret = arg_match_long (args, num_args, argv[i] + 2, argc, argv, &i); } else { ret = arg_match_short (args, num_args, argv[i], @@ -559,7 +571,7 @@ getarg(struct getargs *args, size_t num_args, return ret; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_getarg_strings (getarg_strings *s) { free (s->strings); @@ -585,9 +597,9 @@ int main(int argc, char **argv) int goptind = 0; while(getarg(args, 5, argc, argv, &goptind)) printf("Bad arg: %s\n", argv[goptind]); - printf("flag1 = %d\n", flag1); - printf("flag2 = %d\n", flag2); - printf("foo_flag = %d\n", foo_flag); + printf("flag1 = %d\n", flag1); + printf("flag2 = %d\n", flag2); + printf("foo_flag = %d\n", foo_flag); printf("bar_int = %d\n", bar_int); printf("baz_flag = %s\n", baz_string); arg_printusage (args, 5, argv[0], "nothing here"); diff --git a/crypto/heimdal/lib/roken/getarg.h b/crypto/heimdal/lib/roken/getarg.h index 62d1b6687c3..1065c7c661a 100644 --- a/crypto/heimdal/lib/roken/getarg.h +++ b/crypto/heimdal/lib/roken/getarg.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: getarg.h 14776 2005-04-13 05:52:27Z lha $ */ +/* $Id$ */ #ifndef __GETARG_H__ #define __GETARG_H__ @@ -40,19 +40,21 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif struct getargs{ const char *long_name; char short_name; - enum { arg_integer, - arg_string, - arg_flag, - arg_negative_flag, + enum { arg_integer, + arg_string, + arg_flag, + arg_negative_flag, arg_strings, arg_double, arg_collect, @@ -86,17 +88,25 @@ typedef struct getarg_collect_info { void *data; } getarg_collect_info; -int ROKEN_LIB_FUNCTION -getarg(struct getargs *args, size_t num_args, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getarg(struct getargs *args, size_t num_args, int argc, char **argv, int *goptind); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL arg_printusage (struct getargs *args, size_t num_args, const char *progname, const char *extra_string); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +arg_printusage_i18n (struct getargs *args, + size_t num_args, + const char *usage, + const char *progname, + const char *extra_string, + char *(*i18n)(const char *)); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_getarg_strings (getarg_strings *); #endif /* __GETARG_H__ */ diff --git a/crypto/heimdal/lib/roken/getcap.c b/crypto/heimdal/lib/roken/getcap.c index a4e3a7de5d9..42f8dc07d80 100644 --- a/crypto/heimdal/lib/roken/getcap.c +++ b/crypto/heimdal/lib/roken/getcap.c @@ -32,11 +32,9 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif + #include "roken.h" -RCSID("$Id: getcap.c 22071 2007-11-14 20:04:50Z lha $"); #include #include @@ -45,7 +43,7 @@ RCSID("$Id: getcap.c 22071 2007-11-14 20:04:50Z lha $"); #elif defined(HAVE_DB_H) #include #endif -#include +#include #include #include #include @@ -85,24 +83,24 @@ static int getent (char **, size_t *, char **, int, const char *, int, char *); static int nfcmp (char *, char *); -int ROKEN_LIB_FUNCTION cgetset(const char *ent); -char *ROKEN_LIB_FUNCTION cgetcap(char *buf, const char *cap, int type); -int ROKEN_LIB_FUNCTION cgetent(char **buf, char **db_array, const char *name); -int ROKEN_LIB_FUNCTION cgetmatch(const char *buf, const char *name); -int ROKEN_LIB_FUNCTION cgetclose(void); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetset(const char *ent); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL cgetcap(char *buf, const char *cap, int type); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetent(char **buf, char **db_array, const char *name); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetmatch(const char *buf, const char *name); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetclose(void); #if 0 int cgetfirst(char **buf, char **db_array); int cgetnext(char **bp, char **db_array); #endif -int ROKEN_LIB_FUNCTION cgetstr(char *buf, const char *cap, char **str); -int ROKEN_LIB_FUNCTION cgetustr(char *buf, const char *cap, char **str); -int ROKEN_LIB_FUNCTION cgetnum(char *buf, const char *cap, long *num); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetstr(char *buf, const char *cap, char **str); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetustr(char *buf, const char *cap, char **str); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetnum(char *buf, const char *cap, long *num); /* * Cgetset() allows the addition of a user specified buffer to be added * to the database array, in effect "pushing" the buffer on top of the * virtual database. 0 is returned on success, -1 on failure. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetset(const char *ent) { const char *source, *check; @@ -155,7 +153,7 @@ cgetset(const char *ent) * If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator) * return NULL. */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL cgetcap(char *buf, const char *cap, int type) { char *bp; @@ -206,7 +204,7 @@ cgetcap(char *buf, const char *cap, int type) * encountered (couldn't open/read a file, etc.), and -3 if a potential * reference loop is detected. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetent(char **buf, char **db_array, const char *name) { size_t dummy; @@ -233,14 +231,14 @@ cgetent(char **buf, char **db_array, const char *name) * MAX_RECURSION. */ static int -getent(char **cap, size_t *len, char **db_array, int fd, +getent(char **cap, size_t *len, char **db_array, int fd, const char *name, int depth, char *nfield) { char *r_end, *rp = NULL, **db_p; /* pacify gcc */ int myfd = 0, eof, foundit; char *record; int tc_not_resolved; - + /* * Return with ``loop detected'' error if we've recursed more than * MAX_RECURSION times. @@ -358,7 +356,7 @@ getent(char **cap, size_t *len, char **db_array, int fd, for (;;) { if (bp >= b_end) { int n; - + n = read(fd, buf, sizeof(buf)); if (n <= 0) { if (myfd) @@ -375,7 +373,7 @@ getent(char **cap, size_t *len, char **db_array, int fd, b_end = buf+n; bp = buf; } - + c = *bp++; if (c == '\n') { if (slash) { @@ -412,7 +410,7 @@ getent(char **cap, size_t *len, char **db_array, int fd, *rp++ = c; /* - * Enforce loop invariant: if no room + * Enforce loop invariant: if no room * left in record buffer, try to get * some more. */ @@ -444,13 +442,13 @@ getent(char **cap, size_t *len, char **db_array, int fd, */ if (eof) break; - + /* * Toss blank lines and comments. */ if (*record == '\0' || *record == '#') continue; - + /* * See if this is the record we want ... */ @@ -510,7 +508,7 @@ getent(char **cap, size_t *len, char **db_array, int fd, tclen = s - tcstart; tcend = s; - iret = getent(&icap, &ilen, db_p, fd, tc, depth+1, + iret = getent(&icap, &ilen, db_p, fd, tc, depth+1, NULL); newicap = icap; /* Put into a register. */ newilen = ilen; @@ -526,11 +524,11 @@ getent(char **cap, size_t *len, char **db_array, int fd, tc_not_resolved = 1; /* couldn't resolve tc */ if (iret == -1) { - *(s - 1) = ':'; + *(s - 1) = ':'; scan = s - 1; tc_not_resolved = 1; continue; - + } } /* not interested in name field of tc'ed record */ @@ -593,7 +591,7 @@ getent(char **cap, size_t *len, char **db_array, int fd, */ scan = s-1; } - + } /* * Close file (if we opened it), give back any extra memory, and @@ -603,17 +601,17 @@ getent(char **cap, size_t *len, char **db_array, int fd, (void)close(fd); *len = rp - record - 1; /* don't count NUL */ if (r_end > rp) - if ((record = + if ((record = realloc(record, (size_t)(rp - record))) == NULL) { errno = ENOMEM; return (-2); } - + *cap = record; if (tc_not_resolved) return (1); return (0); -} +} #ifdef USE_DB static int @@ -642,7 +640,7 @@ cdbget(DB *capdbp, char **bp, const char *name) key.data = (char *)data.data + 1; key.size = data.size - 1; } - + *bp = (char *)data.data + 1; return (((char *)(data.data))[0] == TCERR ? 1 : 0); } @@ -702,7 +700,7 @@ static FILE *pfp; static int slash; static char **dbp; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetclose(void) { if (pfp != NULL) { @@ -717,7 +715,7 @@ cgetclose(void) #if 0 /* - * Cgetnext() gets either the first or next entry in the logical database + * Cgetnext() gets either the first or next entry in the logical database * specified by db_array. It returns 0 upon completion of the database, 1 * upon returning an entry with more remaining, and -1 if an error occurs. */ @@ -777,10 +775,10 @@ cgetnext(char **bp, char **db_array) slash = 1; else slash = 0; - } + } - /* + /* * Line points to a name line. */ done = 0; @@ -822,12 +820,12 @@ cgetnext(char **bp, char **db_array) *rp++ = *cp; *rp = '\0'; - /* - * XXX + /* + * XXX * Last argument of getent here should be nbuf if we want true - * sequential access in the case of duplicates. + * sequential access in the case of duplicates. * With NULL, getent will return the first entry found - * rather than the duplicate entry record. This is a + * rather than the duplicate entry record. This is a * matter of semantics that should be resolved. */ status = getent(bp, &dummy, db_array, -1, buf, 0, NULL); @@ -849,14 +847,16 @@ cgetnext(char **bp, char **db_array) * couldn't be found, -2 if a system error was encountered (storage * allocation failure). */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetstr(char *buf, const char *cap, char **str) { u_int m_room; const char *bp; char *mp; int len; - char *mem; + char *mem, *nmem; + + *str = NULL; /* * Find string capability cap @@ -943,8 +943,11 @@ cgetstr(char *buf, const char *cap, char **str) if (m_room == 0) { size_t size = mp - mem; - if ((mem = realloc(mem, size + SFRAG)) == NULL) + if ((nmem = realloc(mem, size + SFRAG)) == NULL) { + free(mem); return (-2); + } + mem = nmem; m_room = SFRAG; mp = mem + size; } @@ -956,9 +959,13 @@ cgetstr(char *buf, const char *cap, char **str) /* * Give back any extra memory and return value and success. */ - if (m_room != 0) - if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL) + if (m_room != 0) { + if ((nmem = realloc(mem, (size_t)(mp - mem))) == NULL) { + free(mem); return (-2); + } + mem = nmem; + } *str = mem; return (len); } @@ -967,13 +974,13 @@ cgetstr(char *buf, const char *cap, char **str) * Cgetustr retrieves the value of the string capability cap from the * capability record pointed to by buf. The difference between cgetustr() * and cgetstr() is that cgetustr does not decode escapes but rather treats - * all characters literally. A pointer to a NUL terminated malloc'd - * copy of the string is returned in the char pointed to by str. The + * all characters literally. A pointer to a NUL terminated malloc'd + * copy of the string is returned in the char pointed to by str. The * length of the string not including the trailing NUL is returned on success, - * -1 if the requested string capability couldn't be found, -2 if a system + * -1 if the requested string capability couldn't be found, -2 if a system * error was encountered (storage allocation failure). */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetustr(char *buf, const char *cap, char **str) { u_int m_room; @@ -1042,7 +1049,7 @@ cgetustr(char *buf, const char *cap, char **str) * the long pointed to by num. 0 is returned on success, -1 if the requested * numeric capability couldn't be found. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetnum(char *buf, const char *cap, long *num) { long n; @@ -1109,10 +1116,10 @@ nfcmp(char *nf, char *rec) { char *cp, tmp; int ret; - + for (cp = rec; *cp != ':'; cp++) ; - + tmp = *(cp + 1); *(cp + 1) = '\0'; ret = strcmp(nf, rec); diff --git a/crypto/heimdal/lib/roken/getcwd.c b/crypto/heimdal/lib/roken/getcwd.c index a32149c2129..f8917b245b4 100644 --- a/crypto/heimdal/lib/roken/getcwd.c +++ b/crypto/heimdal/lib/roken/getcwd.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getcwd.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #ifdef HAVE_UNISTD_H #include @@ -45,7 +42,7 @@ RCSID("$Id: getcwd.c 14773 2005-04-12 11:29:18Z lha $"); #include "roken.h" -char* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char* ROKEN_LIB_CALL getcwd(char *path, size_t size) { char xxx[MaxPathLen]; diff --git a/crypto/heimdal/lib/roken/getdtablesize.c b/crypto/heimdal/lib/roken/getdtablesize.c index a6ef38b2957..08c0661faa1 100644 --- a/crypto/heimdal/lib/roken/getdtablesize.c +++ b/crypto/heimdal/lib/roken/getdtablesize.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getdtablesize.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -64,7 +61,7 @@ RCSID("$Id: getdtablesize.c 14773 2005-04-12 11:29:18Z lha $"); #include #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void) { int files = -1; @@ -79,7 +76,7 @@ getdtablesize(void) #if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES) int mib[2]; size_t len; - + mib[0] = CTL_KERN; mib[1] = KERN_MAXFILES; len = sizeof(files); @@ -96,7 +93,7 @@ getdtablesize(void) #ifdef NOFILE if (files < 0) files = NOFILE; -#endif - +#endif + return files; } diff --git a/crypto/heimdal/lib/roken/getegid.c b/crypto/heimdal/lib/roken/getegid.c index 57ea1985738..663fb1df1be 100644 --- a/crypto/heimdal/lib/roken/getegid.c +++ b/crypto/heimdal/lib/roken/getegid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif + #include "roken.h" #ifndef HAVE_GETEGID -RCSID("$Id: getegid.c 14773 2005-04-12 11:29:18Z lha $"); - -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getegid(void) { return getgid(); diff --git a/crypto/heimdal/lib/roken/geteuid.c b/crypto/heimdal/lib/roken/geteuid.c index f2f771ede07..598a73929fd 100644 --- a/crypto/heimdal/lib/roken/geteuid.c +++ b/crypto/heimdal/lib/roken/geteuid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif + #include "roken.h" #ifndef HAVE_GETEUID -RCSID("$Id: geteuid.c 14773 2005-04-12 11:29:18Z lha $"); - -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL geteuid(void) { return getuid(); diff --git a/crypto/heimdal/lib/roken/getgid.c b/crypto/heimdal/lib/roken/getgid.c index fbe4f6d1d27..b24ceebc892 100644 --- a/crypto/heimdal/lib/roken/getgid.c +++ b/crypto/heimdal/lib/roken/getgid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,12 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" #ifndef HAVE_GETGID -RCSID("$Id: getgid.c 14773 2005-04-12 11:29:18Z lha $"); - -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getgid(void) { return 17; diff --git a/crypto/heimdal/lib/roken/gethostname.c b/crypto/heimdal/lib/roken/gethostname.c index f291ce2cb77..83890914028 100644 --- a/crypto/heimdal/lib/roken/gethostname.c +++ b/crypto/heimdal/lib/roken/gethostname.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,9 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" #ifndef HAVE_GETHOSTNAME @@ -49,7 +47,7 @@ * interface is identical to gethostname(2).) */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL gethostname(char *name, int namelen) { #if defined(HAVE_UNAME) diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c index 485c0d62221..cc949b0b1a8 100644 --- a/crypto/heimdal/lib/roken/getifaddrs.c +++ b/crypto/heimdal/lib/roken/getifaddrs.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000 - 2002, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2002, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getifaddrs.c 21745 2007-07-31 16:11:25Z lha $"); -#endif #include "roken.h" #ifdef __osf__ @@ -95,7 +92,7 @@ struct mbuf; * 3. Neither the name of the author nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -193,9 +190,9 @@ ifa_sa_len(sa_family_t family, int len) return size; } -static void -ifa_make_sockaddr(sa_family_t family, - struct sockaddr *sa, +static void +ifa_make_sockaddr(sa_family_t family, + struct sockaddr *sa, void *p, size_t len, uint32_t scope, uint32_t scopeid) { @@ -227,8 +224,8 @@ ifa_make_sockaddr(sa_family_t family, #ifndef IFA_NETMASK static struct sockaddr * -ifa_make_sockaddr_mask(sa_family_t family, - struct sockaddr *sa, +ifa_make_sockaddr_mask(sa_family_t family, + struct sockaddr *sa, uint32_t prefixlen) { int i; @@ -274,7 +271,7 @@ ifa_make_sockaddr_mask(sa_family_t family, #endif /* ====================================================================== */ -static int +static int nl_sendreq(int sd, int request, int flags, int *seq) { char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + @@ -300,9 +297,9 @@ nl_sendreq(int sd, int request, int flags, int *seq) (struct sockaddr *)&nladdr, sizeof(nladdr))); } -static int -nl_recvmsg(int sd, int request, int seq, - void *buf, size_t buflen, +static int +nl_recvmsg(int sd, int request, int seq, + void *buf, size_t buflen, int *flags) { struct msghdr msg; @@ -327,8 +324,8 @@ nl_recvmsg(int sd, int request, int seq, return read_len; } -static int -nl_getmsg(int sd, int request, int seq, +static int +nl_getmsg(int sd, int request, int seq, struct nlmsghdr **nlhp, int *done) { @@ -447,7 +444,7 @@ nl_getlist(int sd, int seq, } /* ---------------------------------------------------------------------- */ -static void +static void free_nlmsglist(struct nlmsg_list *nlm0) { struct nlmsg_list *nlm, *nlm_next; @@ -464,7 +461,7 @@ free_nlmsglist(struct nlmsg_list *nlm0) __set_errno(saved_errno); } -static void +static void free_data(void *data, void *ifdata) { int saved_errno = errno; @@ -474,7 +471,7 @@ free_data(void *data, void *ifdata) } /* ---------------------------------------------------------------------- */ -static void +static void nl_close(int sd) { int saved_errno = errno; @@ -483,7 +480,7 @@ nl_close(int sd) } /* ---------------------------------------------------------------------- */ -static int +static int nl_open(void) { struct sockaddr_nl nladdr; @@ -501,7 +498,7 @@ nl_open(void) } /* ====================================================================== */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_getifaddrs(struct ifaddrs **ifap) { int sd; @@ -561,7 +558,7 @@ rk_getifaddrs(struct ifaddrs **ifap) NLMSG_ALIGN(sizeof(struct ifaddrs[icnt])) + dlen + xlen + nlen); ifa = (struct ifaddrs *)data; - ifdata = calloc(1, + ifdata = calloc(1, NLMSG_ALIGN(sizeof(char *[max_ifindex+1])) + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1]))); if (ifap != NULL) @@ -588,8 +585,8 @@ rk_getifaddrs(struct ifaddrs **ifap) int nlmlen = nlm->size; if (!(nlh0 = nlm->nlh)) continue; - for (nlh = nlh0; - NLMSG_OK(nlh, nlmlen); + for (nlh = nlh0; + NLMSG_OK(nlh, nlmlen); nlh=NLMSG_NEXT(nlh,nlmlen)){ struct ifinfomsg *ifim = NULL; struct ifaddrmsg *ifam = NULL; @@ -635,7 +632,7 @@ rk_getifaddrs(struct ifaddrs **ifap) default: continue; } - + if (!build){ if (max_ifindex < nlm_index) max_ifindex = nlm_index; @@ -826,8 +823,8 @@ rk_getifaddrs(struct ifaddrs **ifap) if (ifa->ifa_name == NULL) ifa->ifa_name = iflist[nlm_index]; #ifndef IFA_NETMASK - if (ifa->ifa_addr && - ifa->ifa_addr->sa_family != AF_UNSPEC && + if (ifa->ifa_addr && + ifa->ifa_addr->sa_family != AF_UNSPEC && ifa->ifa_addr->sa_family != AF_PACKET){ ifa->ifa_netmask = (struct sockaddr *)data; ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen); @@ -856,6 +853,13 @@ rk_getifaddrs(struct ifaddrs **ifap) return 0; } +void ROKEN_LIB_FUNCTION +rk_freeifaddrs(struct ifaddrs *ifp) +{ + /* AF_NETLINK method uses a single allocation for all interfaces */ + free(ifp); +} + #else /* !AF_NETLINK */ /* @@ -863,7 +867,7 @@ rk_getifaddrs(struct ifaddrs **ifap) */ static int -getifaddrs2(struct ifaddrs **ifap, +getifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, size_t ifreq_sz) { @@ -970,7 +974,7 @@ getifaddrs2(struct ifaddrs **ifap, ret = ENOMEM; goto error_out; } - memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, + memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, sizeof(ifr->ifr_broadaddr)); } else if(ifreq.ifr_flags & IFF_POINTOPOINT) { (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr)); @@ -978,7 +982,7 @@ getifaddrs2(struct ifaddrs **ifap, ret = ENOMEM; goto error_out; } - memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, + memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, sizeof(ifr->ifr_dstaddr)); } else (*end)->ifa_dstaddr = NULL; @@ -989,7 +993,7 @@ getifaddrs2(struct ifaddrs **ifap, (*end)->ifa_data = NULL; end = &(*end)->ifa_next; - + } *ifap = start; close(fd); @@ -1005,7 +1009,7 @@ getifaddrs2(struct ifaddrs **ifap, #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) static int -getlifaddrs2(struct ifaddrs **ifap, +getlifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, size_t ifreq_sz) { @@ -1035,7 +1039,7 @@ getlifaddrs2(struct ifaddrs **ifap, goto error_out; } #ifndef __hpux - ifconf.lifc_family = AF_UNSPEC; + ifconf.lifc_family = af; ifconf.lifc_flags = 0; #endif ifconf.lifc_len = buf_size; @@ -1116,7 +1120,7 @@ getlifaddrs2(struct ifaddrs **ifap, ret = ENOMEM; goto error_out; } - memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, + memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, sizeof(ifr->ifr_broadaddr)); } else if(ifreq.ifr_flags & IFF_POINTOPOINT) { (*end)->ifa_dstaddr = malloc(sizeof(ifr->ifr_dstaddr)); @@ -1124,7 +1128,7 @@ getlifaddrs2(struct ifaddrs **ifap, ret = ENOMEM; goto error_out; } - memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, + memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, sizeof(ifr->ifr_dstaddr)); } else (*end)->ifa_dstaddr = NULL; @@ -1135,7 +1139,7 @@ getlifaddrs2(struct ifaddrs **ifap, (*end)->ifa_data = NULL; end = &(*end)->ifa_next; - + } *ifap = start; close(fd); @@ -1150,8 +1154,29 @@ getlifaddrs2(struct ifaddrs **ifap, } #endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */ -int ROKEN_LIB_FUNCTION -rk_getifaddrs(struct ifaddrs **ifap) +/** + * Join two struct ifaddrs lists by appending supp to base. + * Either may be NULL. The new list head (usually base) will be + * returned. + */ +static struct ifaddrs * +append_ifaddrs(struct ifaddrs *base, struct ifaddrs *supp) { + if (!base) + return supp; + + if (!supp) + return base; + + while (base->ifa_next) + base = base->ifa_next; + + base->ifa_next = supp; + + return base; +} + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_getifaddrs(struct ifaddrs **ifap) { int ret = -1; errno = ENXIO; @@ -1161,9 +1186,43 @@ rk_getifaddrs(struct ifaddrs **ifap) sizeof(struct in6_ifreq)); #endif #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) - if (ret) - ret = getlifaddrs2 (ifap, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, + /* Do IPv6 and IPv4 queries separately then join the result. + * + * HP-UX only returns IPv6 addresses using SIOCGLIFCONF, + * SIOCGIFCONF has to be used for IPv4 addresses. The result is then + * merged. + * + * Solaris needs particular care, because a SIOCGLIFCONF lookup using + * AF_UNSPEC can fail in a Zone requiring an AF_INET lookup, so we just + * do them separately the same as for HP-UX. See + * http://repo.or.cz/w/heimdal.git/commitdiff/76afc31e9ba2f37e64c70adc006ade9e37e9ef73 + */ + if (ret) { + int v6err, v4err; + struct ifaddrs *v6addrs, *v4addrs; + + v6err = getlifaddrs2 (&v6addrs, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, sizeof(struct lifreq)); + v4err = getifaddrs2 (&v4addrs, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, + sizeof(struct ifreq)); + if (v6err) + v6addrs = NULL; + if (v4err) + v4addrs = NULL; + + if (v6addrs) { + if (v4addrs) + *ifap = append_ifaddrs(v6addrs, v4addrs); + else + *ifap = v6addrs; + } else if (v4addrs) { + *ifap = v4addrs; + } else { + *ifap = NULL; + } + + ret = (v6err || v4err) ? -1 : 0; + } #endif #if defined(HAVE_IPV6) && defined(SIOCGIFCONF) if (ret) @@ -1178,20 +1237,18 @@ rk_getifaddrs(struct ifaddrs **ifap) return ret; } -#endif /* !AF_NETLINK */ - -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_freeifaddrs(struct ifaddrs *ifp) { struct ifaddrs *p, *q; - + for(p = ifp; p; ) { free(p->ifa_name); if(p->ifa_addr) free(p->ifa_addr); - if(p->ifa_dstaddr) + if(p->ifa_dstaddr) free(p->ifa_dstaddr); - if(p->ifa_netmask) + if(p->ifa_netmask) free(p->ifa_netmask); if(p->ifa_data) free(p->ifa_data); @@ -1201,6 +1258,8 @@ rk_freeifaddrs(struct ifaddrs *ifp) } } +#endif /* !AF_NETLINK */ + #ifdef TEST void @@ -1212,25 +1271,25 @@ print_addr(const char *s, struct sockaddr *sa) for(i = 0; i < sa->sa_len - ((long)sa->sa_data - (long)&sa->sa_family); i++) printf("%02x", ((unsigned char*)sa->sa_data)[i]); #else - for(i = 0; i < sizeof(sa->sa_data); i++) + for(i = 0; i < sizeof(sa->sa_data); i++) printf("%02x", ((unsigned char*)sa->sa_data)[i]); #endif printf("\n"); } -void +void print_ifaddrs(struct ifaddrs *x) { struct ifaddrs *p; - + for(p = x; p; p = p->ifa_next) { printf("%s\n", p->ifa_name); printf(" flags=%x\n", p->ifa_flags); if(p->ifa_addr) print_addr("addr", p->ifa_addr); - if(p->ifa_dstaddr) + if(p->ifa_dstaddr) print_addr("dstaddr", p->ifa_dstaddr); - if(p->ifa_netmask) + if(p->ifa_netmask) print_addr("netmask", p->ifa_netmask); printf(" %p\n", p->ifa_data); } diff --git a/crypto/heimdal/lib/roken/getipnodebyaddr.c b/crypto/heimdal/lib/roken/getipnodebyaddr.c index 56ae860aff1..7d4095f1d84 100644 --- a/crypto/heimdal/lib/roken/getipnodebyaddr.c +++ b/crypto/heimdal/lib/roken/getipnodebyaddr.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -43,7 +40,7 @@ RCSID("$Id: getipnodebyaddr.c 14773 2005-04-12 11:29:18Z lha $"); * to a malloced struct hostent or NULL. */ -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyaddr (const void *src, size_t len, int af, int *error_num) { struct hostent *tmp; diff --git a/crypto/heimdal/lib/roken/getipnodebyname.c b/crypto/heimdal/lib/roken/getipnodebyname.c index 739b329e21a..2ff282707c2 100644 --- a/crypto/heimdal/lib/roken/getipnodebyname.c +++ b/crypto/heimdal/lib/roken/getipnodebyname.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getipnodebyname.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -47,7 +44,7 @@ static int h_errno = NO_RECOVERY; * to a malloced struct hostent or NULL. */ -struct hostent * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyname (const char *name, int af, int flags, int *error_num) { struct hostent *tmp; diff --git a/crypto/heimdal/lib/roken/getnameinfo.c b/crypto/heimdal/lib/roken/getnameinfo.c index 4f820f0a74a..b23ad01ebdd 100644 --- a/crypto/heimdal/lib/roken/getnameinfo.c +++ b/crypto/heimdal/lib/roken/getnameinfo.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getnameinfo.c 15412 2005-06-16 16:53:09Z lha $"); -#endif #include "roken.h" @@ -94,7 +91,7 @@ doit (int af, * */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, char *serv, size_t servlen, diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c index 91f938a8b22..6175291e457 100644 --- a/crypto/heimdal/lib/roken/getnameinfo_verified.c +++ b/crypto/heimdal/lib/roken/getnameinfo_verified.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getnameinfo_verified.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -46,7 +43,7 @@ RCSID("$Id: getnameinfo_verified.c 14773 2005-04-12 11:29:18Z lha $"); * NI_NAMEREQD flag is set or return the numeric address as a string. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, char *serv, size_t servlen, @@ -56,6 +53,8 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, struct addrinfo *ai, *a; char servbuf[NI_MAXSERV]; struct addrinfo hints; + void *saaddr; + size_t sasize; if (host == NULL) return EAI_NONAME; @@ -75,9 +74,12 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, ret = getaddrinfo (host, serv, &hints, &ai); if (ret) goto fail; + + saaddr = socket_get_address(sa); + sasize = socket_addr_size(sa); for (a = ai; a != NULL; a = a->ai_next) { - if (a->ai_addrlen == salen - && memcmp (a->ai_addr, sa, salen) == 0) { + if (sasize == socket_addr_size(a->ai_addr) && + memcmp(saaddr, socket_get_address(a->ai_addr), sasize) == 0) { freeaddrinfo (ai); return 0; } diff --git a/crypto/heimdal/lib/roken/getopt.c b/crypto/heimdal/lib/roken/getopt.c index 12bf138d026..f035f749747 100644 --- a/crypto/heimdal/lib/roken/getopt.c +++ b/crypto/heimdal/lib/roken/getopt.c @@ -34,6 +34,9 @@ static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93"; #ifndef __STDC__ #define const #endif +#include +#include "roken.h" + #include #include #include @@ -41,21 +44,18 @@ static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93"; /* * get option letter from argument vector */ -int opterr = 1, /* if error message should be printed */ - optind = 1, /* index into parent argv vector */ - optopt, /* character checked for validity */ - optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ +ROKEN_LIB_VARIABLE int opterr = 1; /* if error message should be printed */ +ROKEN_LIB_VARIABLE int optind = 1; /* index into parent argv vector */ +ROKEN_LIB_VARIABLE int optopt; /* character checked for validity */ +int optreset; /* reset getopt */ +ROKEN_LIB_VARIABLE char *optarg; /* argument associated with option */ #define BADCH (int)'?' #define BADARG (int)':' #define EMSG "" -int ROKEN_LIB_FUNCTION -getopt(nargc, nargv, ostr) - int nargc; - char * const *nargv; - const char *ostr; +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getopt(int nargc, char * const *nargv, const char *ostr) { static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ diff --git a/crypto/heimdal/lib/roken/getprogname.c b/crypto/heimdal/lib/roken/getprogname.c index 6d0bfeec9ba..a310208a843 100644 --- a/crypto/heimdal/lib/roken/getprogname.c +++ b/crypto/heimdal/lib/roken/getprogname.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: getprogname.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -43,7 +40,7 @@ const char *__progname; #endif #ifndef HAVE_GETPROGNAME -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL getprogname(void) { return __progname; diff --git a/crypto/heimdal/lib/roken/gettimeofday.c b/crypto/heimdal/lib/roken/gettimeofday.c index d8e4e750026..a53b96f4f52 100644 --- a/crypto/heimdal/lib/roken/gettimeofday.c +++ b/crypto/heimdal/lib/roken/gettimeofday.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,25 +31,48 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" #ifndef HAVE_GETTIMEOFDAY -RCSID("$Id: gettimeofday.c 14773 2005-04-12 11:29:18Z lha $"); +#ifdef _WIN32 + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +gettimeofday (struct timeval *tp, void *ignore) +{ + FILETIME ft; + ULARGE_INTEGER li; + ULONGLONG ull; + + GetSystemTimeAsFileTime(&ft); + li.LowPart = ft.dwLowDateTime; + li.HighPart = ft.dwHighDateTime; + ull = li.QuadPart; + + ull -= 116444736000000000i64; + ull /= 10i64; /* ull is now in microseconds */ + + tp->tv_usec = (ull % 1000000i64); + tp->tv_sec = (ull / 1000000i64); + + return 0; +} + +#else /* * Simple gettimeofday that only returns seconds. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL gettimeofday (struct timeval *tp, void *ignore) { time_t t; t = time(NULL); - tp->tv_sec = t; + tp->tv_sec = (long) t; tp->tv_usec = 0; return 0; } + +#endif /* !_WIN32 */ #endif diff --git a/crypto/heimdal/lib/roken/getuid.c b/crypto/heimdal/lib/roken/getuid.c index f558ab6815d..63fdec19d8f 100644 --- a/crypto/heimdal/lib/roken/getuid.c +++ b/crypto/heimdal/lib/roken/getuid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,12 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" #ifndef HAVE_GETUID -RCSID("$Id: getuid.c 14773 2005-04-12 11:29:18Z lha $"); - -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getuid(void) { return 17; diff --git a/crypto/heimdal/lib/roken/getusershell.c b/crypto/heimdal/lib/roken/getusershell.c index 8def1ca10f8..6f7145d52b0 100644 --- a/crypto/heimdal/lib/roken/getusershell.c +++ b/crypto/heimdal/lib/roken/getusershell.c @@ -27,11 +27,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif - -RCSID("$Id: getusershell.c 21005 2007-06-08 01:54:35Z lha $"); #ifndef HAVE_GETUSERSHELL @@ -85,7 +81,7 @@ static char **initshells (void); /* * Get a list of shells from _PATH_SHELLS, if it exists. */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL getusershell() { char *ret; @@ -98,7 +94,7 @@ getusershell() return (ret); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL endusershell() { if (shells != NULL) @@ -110,7 +106,7 @@ endusershell() curshell = NULL; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setusershell() { curshell = initshells(); diff --git a/crypto/heimdal/lib/roken/glob.c b/crypto/heimdal/lib/roken/glob.c index 803eda17d1e..5a7ed65af80 100644 --- a/crypto/heimdal/lib/roken/glob.c +++ b/crypto/heimdal/lib/roken/glob.c @@ -50,14 +50,12 @@ * GLOB_TILDE: * expand ~user/foo to the /home/dir/of/user/foo * GLOB_BRACE: - * expand {1,2}{a,b} to 1a 1b 2a 2b + * expand {1,2}{a,b} to 1a 1b 2a 2b * gl_matchc: * Number of matches in the current invocation of glob. */ -#ifdef HAVE_CONFIG_H #include -#endif #ifdef HAVE_SYS_PARAM_H #include @@ -166,10 +164,10 @@ static int match (Char *, Char *, Char *); static void qprintf (const char *, Char *); #endif -int ROKEN_LIB_FUNCTION -glob(const char *pattern, - int flags, - int (*errfunc)(const char *, int), +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +glob(const char *pattern, + int flags, + int (*errfunc)(const char *, int), glob_t *pglob) { const u_char *patnext; @@ -191,7 +189,7 @@ glob(const char *pattern, bufend = bufnext + MaxPathLen; if (flags & GLOB_QUOTE) { /* Protect the quoted characters. */ - while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) + while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) if (c == CHAR_QUOTE) { if ((c = *patnext++) == CHAR_EOS) { c = CHAR_QUOTE; @@ -202,8 +200,8 @@ glob(const char *pattern, else *bufnext++ = c; } - else - while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) + else + while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) *bufnext++ = c; *bufnext = CHAR_EOS; @@ -240,7 +238,7 @@ static int globexp1(const Char *pattern, glob_t *pglob) * If it succeeds then it invokes globexp1 with the new pattern. * If it fails then it tries to glob the rest of the pattern and returns. */ -static int globexp2(const Char *ptr, const Char *pattern, +static int globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv) { int i; @@ -260,7 +258,7 @@ static int globexp2(const Char *ptr, const Char *pattern, for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++) continue; if (*pe == CHAR_EOS) { - /* + /* * We could not find a matching CHAR_RBRACKET. * Ignore and just look for CHAR_RBRACE */ @@ -288,7 +286,7 @@ static int globexp2(const Char *ptr, const Char *pattern, for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++) continue; if (*pm == CHAR_EOS) { - /* + /* * We could not find a matching CHAR_RBRACKET. * Ignore and just look for CHAR_RBRACE */ @@ -313,7 +311,7 @@ static int globexp2(const Char *ptr, const Char *pattern, /* Append the current string */ for (lm = ls; (pl < pm); *lm++ = *pl++) continue; - /* + /* * Append the rest of the pattern after the * closing brace */ @@ -355,15 +353,15 @@ globtilde(const Char *pattern, Char *patbuf, glob_t *pglob) return pattern; /* Copy up to the end of the string or / */ - for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; + for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; *h++ = *p++) continue; *h = CHAR_EOS; if (((char *) patbuf)[0] == CHAR_EOS) { - /* - * handle a plain ~ or ~/ by expanding $HOME + /* + * handle a plain ~ or ~/ by expanding $HOME * first and then trying the password file */ if ((h = getenv("HOME")) == NULL) { @@ -386,14 +384,14 @@ globtilde(const Char *pattern, Char *patbuf, glob_t *pglob) /* Copy the home directory */ for (b = patbuf; *h; *b++ = *h++) continue; - + /* Append the rest of the pattern */ while ((*b++ = *p++) != CHAR_EOS) continue; return patbuf; } - + /* * The main glob() routine: compiles the pattern (optionally processing @@ -450,7 +448,7 @@ glob0(const Char *pattern, glob_t *pglob) break; case CHAR_STAR: pglob->gl_flags |= GLOB_MAGCHAR; - /* collapse adjacent stars to one, + /* collapse adjacent stars to one, * to avoid exponential behavior */ if (bufnext == patbuf || bufnext[-1] != M_ALL) @@ -470,17 +468,17 @@ glob0(const Char *pattern, glob_t *pglob) return(err); /* - * If there was no match we are going to append the pattern + * If there was no match we are going to append the pattern * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified * and the pattern did not contain any magic characters * GLOB_NOMAGIC is there just for compatibility with csh. */ - if (pglob->gl_pathc == oldpathc && - ((pglob->gl_flags & GLOB_NOCHECK) || + if (pglob->gl_pathc == oldpathc && + ((pglob->gl_flags & GLOB_NOCHECK) || ((pglob->gl_flags & GLOB_NOMAGIC) && !(pglob->gl_flags & GLOB_MAGCHAR)))) return(globextend(pattern, pglob, &limit)); - else if (!(pglob->gl_flags & GLOB_NOSORT)) + else if (!(pglob->gl_flags & GLOB_NOSORT)) qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, pglob->gl_pathc - oldpathc, sizeof(char *), compare); return(0); @@ -534,7 +532,7 @@ glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob, *pathend = CHAR_EOS; if (g_lstat(pathbuf, &sb, pglob)) return(0); - + if (((pglob->gl_flags & GLOB_MARK) && pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode) || (S_ISLNK(sb.st_mode) && @@ -569,7 +567,7 @@ glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob, } static int -glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, +glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, glob_t *pglob, size_t *limit) { struct dirent *dp; @@ -587,7 +585,7 @@ glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, *pathend = CHAR_EOS; errno = 0; - + if ((dirp = g_opendir(pathbuf, pglob)) == NULL) { /* TODO: don't call for ENOENT or ENOTDIR? */ if (pglob->gl_errfunc) { @@ -613,7 +611,7 @@ glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, /* Initial CHAR_DOT must be matched literally. */ if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT) continue; - for (sc = (u_char *) dp->d_name, dc = pathend; + for (sc = (u_char *) dp->d_name, dc = pathend; (*dc++ = *sc++) != CHAR_EOS;) continue; if (!match(pathend, pattern, restpattern)) { @@ -657,7 +655,7 @@ globextend(const Char *path, glob_t *pglob, size_t *limit) const Char *p; newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); - pathv = pglob->gl_pathv ? + pathv = pglob->gl_pathv ? realloc(pglob->gl_pathv, newsize) : malloc(newsize); if (pathv == NULL) @@ -706,7 +704,7 @@ match(Char *name, Char *pat, Char *patend) case M_ALL: if (pat == patend) return(1); - do + do if (match(name, pat, patend)) return(1); while (*name++ != CHAR_EOS); @@ -741,7 +739,7 @@ match(Char *name, Char *pat, Char *patend) } /* Free allocated data belonging to a glob_t structure. */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL globfree(glob_t *pglob) { int i; @@ -831,7 +829,7 @@ g_Ctoc(const Char *str, char *buf) } #ifdef DEBUG -static void +static void qprintf(const Char *str, Char *s) { Char *p; diff --git a/crypto/heimdal/lib/roken/glob.hin b/crypto/heimdal/lib/roken/glob.hin index ffb6081046f..a4f16ce5e5d 100644 --- a/crypto/heimdal/lib/roken/glob.hin +++ b/crypto/heimdal/lib/roken/glob.hin @@ -37,9 +37,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL _stdcall #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif diff --git a/crypto/heimdal/lib/roken/h_errno.c b/crypto/heimdal/lib/roken/h_errno.c index 11dcb08ac24..7e49f8008f9 100644 --- a/crypto/heimdal/lib/roken/h_errno.c +++ b/crypto/heimdal/lib/roken/h_errno.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: h_errno.c 10442 2001-08-08 03:47:23Z assar $"); -#endif #ifndef HAVE_H_ERRNO int h_errno = -17; /* Some magic number */ diff --git a/crypto/heimdal/lib/roken/hex-test.c b/crypto/heimdal/lib/roken/hex-test.c index 72aea1ed713..9a3d10f2870 100644 --- a/crypto/heimdal/lib/roken/hex-test.c +++ b/crypto/heimdal/lib/roken/hex-test.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001, 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001, 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,12 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: hex-test.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - #include "roken.h" #include @@ -66,7 +62,7 @@ main(int argc, char **argv) int len; len = hex_encode(t->data, t->len, &str); if(strcmp(str, t->result) != 0) { - fprintf(stderr, "failed test %d: %s != %s\n", numtest, + fprintf(stderr, "failed test %d: %s != %s\n", numtest, str, t->result); numerr++; } diff --git a/crypto/heimdal/lib/roken/hex.c b/crypto/heimdal/lib/roken/hex.c index 89fb0e116ef..c66b324f790 100644 --- a/crypto/heimdal/lib/roken/hex.c +++ b/crypto/heimdal/lib/roken/hex.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005 Kungliga Tekniska Högskolan + * Copyright (c) 2004-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,17 +31,15 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H + #include -RCSID("$Id: hex.c 16504 2006-01-09 17:09:29Z lha $"); -#endif #include "roken.h" #include #include "hex.h" -const static char hexchar[] = "0123456789ABCDEF"; +static const char hexchar[16] = "0123456789ABCDEF"; -static int +static int pos(char c) { const char *p; @@ -52,7 +50,7 @@ pos(char c) return -1; } -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_encode(const void *data, size_t size, char **str) { const unsigned char *q = data; @@ -60,13 +58,17 @@ hex_encode(const void *data, size_t size, char **str) char *p; /* check for overflow */ - if (size * 2 < size) + if (size * 2 < size) { + *str = NULL; return -1; + } p = malloc(size * 2 + 1); - if (p == NULL) + if (p == NULL) { + *str = NULL; return -1; - + } + for (i = 0; i < size; i++) { p[i * 2] = hexchar[(*q >> 4) & 0xf]; p[i * 2 + 1] = hexchar[*q & 0xf]; @@ -78,20 +80,19 @@ hex_encode(const void *data, size_t size, char **str) return i * 2; } -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_decode(const char *str, void *data, size_t len) { size_t l; unsigned char *p = data; size_t i; - + l = strlen(str); - + /* check for overflow, same as (l+1)/2 but overflow safe */ if ((l/2) + (l&1) > len) return -1; - i = 0; if (l & 1) { p[0] = pos(str[0]); str++; diff --git a/crypto/heimdal/lib/roken/hex.h b/crypto/heimdal/lib/roken/hex.h index 4c4b8508ed4..c266268ea08 100644 --- a/crypto/heimdal/lib/roken/hex.h +++ b/crypto/heimdal/lib/roken/hex.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,25 +31,27 @@ * SUCH DAMAGE. */ -/* $Id: hex.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef _rk_HEX_H_ #define _rk_HEX_H_ 1 #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif #define hex_encode rk_hex_encode #define hex_decode rk_hex_decode -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_encode(const void *, size_t, char **); -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL hex_decode(const char *, void *, size_t); #endif /* _rk_HEX_H_ */ diff --git a/crypto/heimdal/lib/roken/hostent_find_fqdn.c b/crypto/heimdal/lib/roken/hostent_find_fqdn.c index 299ed6d38b4..dc3c17ff22a 100644 --- a/crypto/heimdal/lib/roken/hostent_find_fqdn.c +++ b/crypto/heimdal/lib/roken/hostent_find_fqdn.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -42,7 +39,7 @@ RCSID("$Id: hostent_find_fqdn.c 14773 2005-04-12 11:29:18Z lha $"); * Try to find a fqdn (with `.') in he if possible, else return h_name */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hostent_find_fqdn (const struct hostent *he) { const char *ret = he->h_name; diff --git a/crypto/heimdal/lib/roken/hstrerror.c b/crypto/heimdal/lib/roken/hstrerror.c index 32dab23f13d..70b63016e90 100644 --- a/crypto/heimdal/lib/roken/hstrerror.c +++ b/crypto/heimdal/lib/roken/hstrerror.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: hstrerror.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #ifndef HAVE_HSTRERROR @@ -67,7 +64,7 @@ extern int h_nerr; #endif -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int herr) { if (0 <= herr && herr < h_nerr) diff --git a/crypto/heimdal/lib/roken/ifaddrs.hin b/crypto/heimdal/lib/roken/ifaddrs.hin index 0951c8cbc1b..ef00b63bad6 100644 --- a/crypto/heimdal/lib/roken/ifaddrs.hin +++ b/crypto/heimdal/lib/roken/ifaddrs.hin @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,16 +31,18 @@ * SUCH DAMAGE. */ -/* $Id: ifaddrs.hin 19309 2006-12-11 18:58:15Z lha $ */ +/* $Id$ */ #ifndef __ifaddrs_h__ #define __ifaddrs_h__ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL _stdcall #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif diff --git a/crypto/heimdal/lib/roken/inet_aton.c b/crypto/heimdal/lib/roken/inet_aton.c index 3010935045f..31644a0cd36 100644 --- a/crypto/heimdal/lib/roken/inet_aton.c +++ b/crypto/heimdal/lib/roken/inet_aton.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_aton.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" /* Minimal implementation of inet_aton. * Cannot distinguish between failure and a local broadcast address. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_aton(const char *cp, struct in_addr *addr) { addr->s_addr = inet_addr(cp); diff --git a/crypto/heimdal/lib/roken/inet_ntop.c b/crypto/heimdal/lib/roken/inet_ntop.c index 7433c3725e2..b3c327cc3e5 100644 --- a/crypto/heimdal/lib/roken/inet_ntop.c +++ b/crypto/heimdal/lib/roken/inet_ntop.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_ntop.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include "roken.h" @@ -86,6 +83,7 @@ inet_ntop_v6 (const void *src, char *dst, size_t size) const struct in6_addr *addr = (struct in6_addr *)src; const u_char *ptr = addr->s6_addr; const char *orig_dst = dst; + int compressed = 0; if (size < INET6_ADDRSTRLEN) { errno = ENOSPC; @@ -94,6 +92,26 @@ inet_ntop_v6 (const void *src, char *dst, size_t size) for (i = 0; i < 8; ++i) { int non_zerop = 0; + if (compressed == 0 && + ptr[0] == 0 && ptr[1] == 0 && + i <= 5 && + ptr[2] == 0 && ptr[3] == 0 && + ptr[4] == 0 && ptr[5] == 0) { + + compressed = 1; + + if (i == 0) + *dst++ = ':'; + *dst++ = ':'; + + for (ptr += 6, i += 3; + i < 8 && ptr[0] == 0 && ptr[1] == 0; + ++i, ptr += 2); + + if (i >= 8) + break; + } + if (non_zerop || (ptr[0] >> 4)) { *dst++ = xdigits[ptr[0] >> 4]; non_zerop = 1; @@ -116,7 +134,7 @@ inet_ntop_v6 (const void *src, char *dst, size_t size) } #endif /* HAVE_IPV6 */ -const char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL inet_ntop(int af, const void *src, char *dst, size_t size) { switch (af) { diff --git a/crypto/heimdal/lib/roken/inet_pton.c b/crypto/heimdal/lib/roken/inet_pton.c index 390233a72d0..e44fb1925ad 100644 --- a/crypto/heimdal/lib/roken/inet_pton.c +++ b/crypto/heimdal/lib/roken/inet_pton.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,79 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: inet_pton.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include "roken.h" -int ROKEN_LIB_FUNCTION +#ifdef HAVE_WINSOCK + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +inet_pton(int af, const char *csrc, void *dst) +{ + char * src; + + if (csrc == NULL || (src = strdup(csrc)) == NULL) { + _set_errno( ENOMEM ); + return 0; + } + + switch (af) { + case AF_INET: + { + struct sockaddr_in si4; + INT r; + INT s = sizeof(si4); + + si4.sin_family = AF_INET; + r = WSAStringToAddress(src, AF_INET, NULL, (LPSOCKADDR) &si4, &s); + free(src); + src = NULL; + + if (r == 0) { + memcpy(dst, &si4.sin_addr, sizeof(si4.sin_addr)); + return 1; + } + } + break; + + case AF_INET6: + { + struct sockaddr_in6 si6; + INT r; + INT s = sizeof(si6); + + si6.sin6_family = AF_INET6; + r = WSAStringToAddress(src, AF_INET6, NULL, (LPSOCKADDR) &si6, &s); + free(src); + src = NULL; + + if (r == 0) { + memcpy(dst, &si6.sin6_addr, sizeof(si6.sin6_addr)); + return 1; + } + } + break; + + default: + _set_errno( EAFNOSUPPORT ); + return -1; + } + + /* the call failed */ + { + int le = WSAGetLastError(); + + if (le == WSAEINVAL) + return 0; + + _set_errno(le); + return -1; + } +} + +#else /* !HAVE_WINSOCK */ + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_pton(int af, const char *src, void *dst) { if (af != AF_INET) { @@ -47,3 +112,5 @@ inet_pton(int af, const char *src, void *dst) } return inet_aton (src, dst); } + +#endif diff --git a/crypto/heimdal/lib/roken/initgroups.c b/crypto/heimdal/lib/roken/initgroups.c index f326e5f1fd2..2ba944c1ac0 100644 --- a/crypto/heimdal/lib/roken/initgroups.c +++ b/crypto/heimdal/lib/roken/initgroups.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: initgroups.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL initgroups(const char *name, gid_t basegid) { return 0; diff --git a/crypto/heimdal/lib/roken/innetgr.c b/crypto/heimdal/lib/roken/innetgr.c index 598bad21c2a..e1783bbfb4c 100644 --- a/crypto/heimdal/lib/roken/innetgr.c +++ b/crypto/heimdal/lib/roken/innetgr.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,17 +30,13 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" #ifndef HAVE_INNETGR -RCSID("$Id: innetgr.c 14773 2005-04-12 11:29:18Z lha $"); - -int ROKEN_LIB_FUNCTION -innetgr(const char *netgroup, const char *machine, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +innetgr(const char *netgroup, const char *machine, const char *user, const char *domain) { return 0; diff --git a/crypto/heimdal/lib/roken/iruserok.c b/crypto/heimdal/lib/roken/iruserok.c index ca93e1cc5eb..95f654681ec 100644 --- a/crypto/heimdal/lib/roken/iruserok.c +++ b/crypto/heimdal/lib/roken/iruserok.c @@ -27,10 +27,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: iruserok.c 17879 2006-08-08 21:50:40Z lha $"); -#endif #include #include @@ -217,7 +214,7 @@ __ivaliduser(FILE *hostf, unsigned raddr, const char *luser, * * Returns 0 if ok, -1 if not ok. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL iruserok(unsigned raddr, int superuser, const char *ruser, const char *luser) { char *cp; diff --git a/crypto/heimdal/lib/roken/issuid.c b/crypto/heimdal/lib/roken/issuid.c index 46bde77b785..ea0db803e2e 100644 --- a/crypto/heimdal/lib/roken/issuid.c +++ b/crypto/heimdal/lib/roken/issuid.c @@ -1,44 +1,41 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: issuid.c 15131 2005-05-13 07:42:03Z lha $"); -#endif #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL issuid(void) { #if defined(HAVE_ISSETUGID) diff --git a/crypto/heimdal/lib/roken/k_getpwnam.c b/crypto/heimdal/lib/roken/k_getpwnam.c index 81eba286920..c0db757c43a 100644 --- a/crypto/heimdal/lib/roken/k_getpwnam.c +++ b/crypto/heimdal/lib/roken/k_getpwnam.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: k_getpwnam.c 14773 2005-04-12 11:29:18Z lha $"); -#endif /* HAVE_CONFIG_H */ #include "roken.h" #ifdef HAVE_SHADOW_H #include #endif -struct passwd * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwnam (const char *user) { struct passwd *p; diff --git a/crypto/heimdal/lib/roken/k_getpwuid.c b/crypto/heimdal/lib/roken/k_getpwuid.c index 7fe03b98f8c..d533738d9d0 100644 --- a/crypto/heimdal/lib/roken/k_getpwuid.c +++ b/crypto/heimdal/lib/roken/k_getpwuid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: k_getpwuid.c 14773 2005-04-12 11:29:18Z lha $"); -#endif /* HAVE_CONFIG_H */ #include "roken.h" #ifdef HAVE_SHADOW_H #include #endif -struct passwd * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwuid (uid_t uid) { struct passwd *p; diff --git a/crypto/heimdal/lib/roken/localtime_r.c b/crypto/heimdal/lib/roken/localtime_r.c index ad515c14656..fa3d1269d64 100644 --- a/crypto/heimdal/lib/roken/localtime_r.c +++ b/crypto/heimdal/lib/roken/localtime_r.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: localtime_r.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include @@ -42,16 +39,22 @@ RCSID("$Id: localtime_r.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_LOCALTIME_R -struct tm * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct tm * ROKEN_LIB_CALL localtime_r(const time_t *timer, struct tm *result) { +#ifdef _MSC_VER + + return (localtime_s(result, timer) == 0)? result : NULL; + +#else struct tm *tm; - + tm = localtime((time_t *)timer); if (tm == NULL) return NULL; *result = *tm; return result; +#endif } #endif diff --git a/crypto/heimdal/lib/roken/lstat.c b/crypto/heimdal/lib/roken/lstat.c index 9357e123458..46925885062 100644 --- a/crypto/heimdal/lib/roken/lstat.c +++ b/crypto/heimdal/lib/roken/lstat.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: lstat.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL lstat(const char *path, struct stat *buf) { return stat(path, buf); diff --git a/crypto/heimdal/lib/roken/memmove.c b/crypto/heimdal/lib/roken/memmove.c index 5f78ac293fd..1825d7eb3c6 100644 --- a/crypto/heimdal/lib/roken/memmove.c +++ b/crypto/heimdal/lib/roken/memmove.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,20 +31,17 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: memmove.c 14773 2005-04-12 11:29:18Z lha $"); -#endif -/* - * memmove for systems that doesn't have it +/* + * memmove for systems that doesn't have it */ #ifdef HAVE_SYS_TYPES_H #include #endif -void* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void* ROKEN_LIB_CALL memmove(void *s1, const void *s2, size_t n) { char *s=(char*)s2, *d=(char*)s1; diff --git a/crypto/heimdal/lib/roken/mini_inetd.c b/crypto/heimdal/lib/roken/mini_inetd.c index 9eb114d74e7..a9398f4fdac 100644 --- a/crypto/heimdal/lib/roken/mini_inetd.c +++ b/crypto/heimdal/lib/roken/mini_inetd.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: mini_inetd.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include "roken.h" @@ -44,62 +41,93 @@ RCSID("$Id: mini_inetd.c 14773 2005-04-12 11:29:18Z lha $"); */ static void -accept_it (int s) +accept_it (rk_socket_t s, rk_socket_t *ret_socket) { - int s2; + rk_socket_t as; - s2 = accept(s, NULL, NULL); - if(s2 < 0) + as = accept(s, NULL, NULL); + if(rk_IS_BAD_SOCKET(as)) err (1, "accept"); - close(s); - dup2(s2, STDIN_FILENO); - dup2(s2, STDOUT_FILENO); - /* dup2(s2, STDERR_FILENO); */ - close(s2); + + if (ret_socket) { + + *ret_socket = as; + + } else { + int fd = socket_to_fd(as, 0); + + /* We would use _O_RDONLY for the socket_to_fd() call for + STDIN, but there are instances where we assume that STDIN + is a r/w socket. */ + + dup2(fd, STDIN_FILENO); + dup2(fd, STDOUT_FILENO); + + rk_closesocket(as); + } } -/* - * Listen on a specified port, emulating inetd. +/** + * Listen on a specified addresses + * + * Listens on the specified addresses for incoming connections. If + * the \a ret_socket parameter is \a NULL, on return STDIN and STDOUT + * will be connected to an accepted socket. If the \a ret_socket + * parameter is non-NULL, the accepted socket will be returned in + * *ret_socket. In the latter case, STDIN and STDOUT will be left + * unmodified. + * + * This function does not return if there is an error or if no + * connection is established. + * + * @param[in] ai Addresses to listen on + * @param[out] ret_socket If non-NULL receives the accepted socket. + * + * @see mini_inetd() */ - -void ROKEN_LIB_FUNCTION -mini_inetd_addrinfo (struct addrinfo *ai) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd_addrinfo (struct addrinfo *ai, rk_socket_t *ret_socket) { int ret; struct addrinfo *a; int n, nalloc, i; - int *fds; + rk_socket_t *fds; fd_set orig_read_set, read_set; - int max_fd = -1; + rk_socket_t max_fd = (rk_socket_t)-1; for (nalloc = 0, a = ai; a != NULL; a = a->ai_next) ++nalloc; fds = malloc (nalloc * sizeof(*fds)); - if (fds == NULL) + if (fds == NULL) { errx (1, "mini_inetd: out of memory"); + UNREACHABLE(return); + } FD_ZERO(&orig_read_set); for (i = 0, a = ai; a != NULL; a = a->ai_next) { fds[i] = socket (a->ai_family, a->ai_socktype, a->ai_protocol); - if (fds[i] < 0) { - warn ("socket af = %d", a->ai_family); + if (rk_IS_BAD_SOCKET(fds[i])) continue; - } socket_set_reuseaddr (fds[i], 1); - if (bind (fds[i], a->ai_addr, a->ai_addrlen) < 0) { + socket_set_ipv6only(fds[i], 1); + if (rk_IS_SOCKET_ERROR(bind (fds[i], a->ai_addr, a->ai_addrlen))) { warn ("bind af = %d", a->ai_family); - close(fds[i]); + rk_closesocket(fds[i]); + fds[i] = rk_INVALID_SOCKET; continue; } - if (listen (fds[i], SOMAXCONN) < 0) { + if (rk_IS_SOCKET_ERROR(listen (fds[i], SOMAXCONN))) { warn ("listen af = %d", a->ai_family); - close(fds[i]); + rk_closesocket(fds[i]); + fds[i] = rk_INVALID_SOCKET; continue; } +#ifndef NO_LIMIT_FD_SETSIZE if (fds[i] >= FD_SETSIZE) errx (1, "fd too large"); +#endif FD_SET(fds[i], &orig_read_set); max_fd = max(max_fd, fds[i]); ++i; @@ -112,20 +140,40 @@ mini_inetd_addrinfo (struct addrinfo *ai) read_set = orig_read_set; ret = select (max_fd + 1, &read_set, NULL, NULL, NULL); - if (ret < 0 && errno != EINTR) + if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) err (1, "select"); } while (ret <= 0); for (i = 0; i < n; ++i) if (FD_ISSET (fds[i], &read_set)) { - accept_it (fds[i]); + accept_it (fds[i], ret_socket); + for (i = 0; i < n; ++i) + rk_closesocket(fds[i]); + free(fds); return; } abort (); } -void ROKEN_LIB_FUNCTION -mini_inetd (int port) +/** + * Listen on a specified port + * + * Listens on the specified port for incoming connections. If the \a + * ret_socket parameter is \a NULL, on return STDIN and STDOUT will be + * connected to an accepted socket. If the \a ret_socket parameter is + * non-NULL, the accepted socket will be returned in *ret_socket. In + * the latter case, STDIN and STDOUT will be left unmodified. + * + * This function does not return if there is an error or if no + * connection is established. + * + * @param[in] port Port to listen on + * @param[out] ret_socket If non-NULL receives the accepted socket. + * + * @see mini_inetd_addrinfo() + */ +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd(int port, rk_socket_t * ret_socket) { int error; struct addrinfo *ai, hints; @@ -142,7 +190,8 @@ mini_inetd (int port) if (error) errx (1, "getaddrinfo: %s", gai_strerror (error)); - mini_inetd_addrinfo(ai); - + mini_inetd_addrinfo(ai, ret_socket); + freeaddrinfo(ai); } + diff --git a/crypto/heimdal/lib/roken/mkstemp.c b/crypto/heimdal/lib/roken/mkstemp.c index ccb2e700b89..a3ca6c717f0 100644 --- a/crypto/heimdal/lib/roken/mkstemp.c +++ b/crypto/heimdal/lib/roken/mkstemp.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,9 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include #ifdef HAVE_UNISTD_H @@ -44,11 +42,11 @@ #endif #include -RCSID("$Id: mkstemp.c 14773 2005-04-12 11:29:18Z lha $"); +#include #ifndef HAVE_MKSTEMP -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL mkstemp(char *template) { int start, i; @@ -60,7 +58,7 @@ mkstemp(char *template) val /= 10; start--; } - + do{ int fd; fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.c b/crypto/heimdal/lib/roken/ndbm_wrap.c index 8bc5d93e48f..73a3726d0f0 100644 --- a/crypto/heimdal/lib/roken/ndbm_wrap.c +++ b/crypto/heimdal/lib/roken/ndbm_wrap.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan + * Copyright (c) 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,13 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: ndbm_wrap.c 21634 2007-07-17 11:30:36Z lha $"); -#endif #include "ndbm_wrap.h" -#if defined(HAVE_DB4_DB_H) +#if defined(HAVE_DBHEADER) +#include +#elif defined(HAVE_DB5_DB_H) +#include +#elif defined(HAVE_DB4_DB_H) #include #elif defined(HAVE_DB3_DB_H) #include @@ -63,7 +64,7 @@ static DBC *cursor; #define D(X) ((DB*)(X)) -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL dbm_close (DBM *db) { #ifdef HAVE_DB3 @@ -74,7 +75,7 @@ dbm_close (DBM *db) #endif } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_delete (DBM *db, datum dkey) { DBT key; @@ -92,9 +93,9 @@ dbm_fetch (DBM *db, datum dkey) datum dvalue; DBT key, value; DATUM2DBT(&dkey, &key); - if(D(db)->get(D(db), + if(D(db)->get(D(db), #ifdef HAVE_DB3 - NULL, + NULL, #endif &key, &value, 0) != 0) { dvalue.dptr = NULL; @@ -112,15 +113,16 @@ dbm_get (DB *db, int flags) DBT key, value; datum datum; #ifdef HAVE_DB3 - if(cursor == NULL) + if(cursor == NULL) db->cursor(db, NULL, &cursor, 0); if(cursor->c_get(cursor, &key, &value, flags) != 0) { datum.dptr = NULL; datum.dsize = 0; - } else + } else DBT2DATUM(&value, &datum); #else db->seq(db, &key, &value, flags); + DBT2DATUM(&value, &datum); #endif return datum; } @@ -132,23 +134,25 @@ dbm_get (DB *db, int flags) #define DB_KEYEXIST 1 #endif -datum ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION datum ROKEN_LIB_CALL dbm_firstkey (DBM *db) { return dbm_get(D(db), DB_FIRST); } -datum ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION datum ROKEN_LIB_CALL dbm_nextkey (DBM *db) { return dbm_get(D(db), DB_NEXT); } -DBM* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION DBM* ROKEN_LIB_CALL dbm_open (const char *file, int flags, mode_t mode) { - DB *db; +#ifdef HAVE_DB3 int myflags = 0; +#endif + DB *db; char *fn = malloc(strlen(file) + 4); if(fn == NULL) return NULL; @@ -187,7 +191,7 @@ dbm_open (const char *file, int flags, mode_t mode) return (DBM*)db; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_store (DBM *db, datum dkey, datum dvalue, int flags) { int ret; @@ -196,10 +200,10 @@ dbm_store (DBM *db, datum dkey, datum dvalue, int flags) if((flags & DBM_REPLACE) == 0) myflags |= DB_NOOVERWRITE; DATUM2DBT(&dkey, &key); - DATUM2DBT(&dvalue, &value); - ret = D(db)->put(D(db), + DATUM2DBT(&dvalue, &value); + ret = D(db)->put(D(db), #ifdef HAVE_DB3 - NULL, + NULL, #endif &key, &value, myflags); if(ret == DB_KEYEXIST) @@ -207,13 +211,13 @@ dbm_store (DBM *db, datum dkey, datum dvalue, int flags) RETURN(ret); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_error (DBM *db) { return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_clearerr (DBM *db) { return 0; diff --git a/crypto/heimdal/lib/roken/ndbm_wrap.h b/crypto/heimdal/lib/roken/ndbm_wrap.h index 414940249db..a2ec4f20609 100644 --- a/crypto/heimdal/lib/roken/ndbm_wrap.h +++ b/crypto/heimdal/lib/roken/ndbm_wrap.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan + * Copyright (c) 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ndbm_wrap.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __ndbm_wrap_h__ #define __ndbm_wrap_h__ @@ -41,9 +41,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -78,14 +80,14 @@ typedef struct { } DBM; #endif -int ROKEN_LIB_FUNCTION dbm_clearerr (DBM*); -void ROKEN_LIB_FUNCTION dbm_close (DBM*); -int ROKEN_LIB_FUNCTION dbm_delete (DBM*, datum); -int ROKEN_LIB_FUNCTION dbm_error (DBM*); -datum ROKEN_LIB_FUNCTION dbm_fetch (DBM*, datum); -datum ROKEN_LIB_FUNCTION dbm_firstkey (DBM*); -datum ROKEN_LIB_FUNCTION dbm_nextkey (DBM*); -DBM* ROKEN_LIB_FUNCTION dbm_open (const char*, int, mode_t); -int ROKEN_LIB_FUNCTION dbm_store (DBM*, datum, datum, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_clearerr (DBM*); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL dbm_close (DBM*); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_delete (DBM*, datum); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_error (DBM*); +ROKEN_LIB_FUNCTION datum ROKEN_LIB_CALL dbm_fetch (DBM*, datum); +ROKEN_LIB_FUNCTION datum ROKEN_LIB_CALL dbm_firstkey (DBM*); +ROKEN_LIB_FUNCTION datum ROKEN_LIB_CALL dbm_nextkey (DBM*); +ROKEN_LIB_FUNCTION DBM* ROKEN_LIB_CALL dbm_open (const char*, int, mode_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL dbm_store (DBM*, datum, datum, int); #endif /* __ndbm_wrap_h__ */ diff --git a/crypto/heimdal/lib/roken/net_read.c b/crypto/heimdal/lib/roken/net_read.c index effc00112b7..df1ac53def1 100644 --- a/crypto/heimdal/lib/roken/net_read.c +++ b/crypto/heimdal/lib/roken/net_read.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - -#include -#include -#include #include "roken.h" @@ -46,19 +39,17 @@ RCSID("$Id: net_read.c 21005 2007-06-08 01:54:35Z lha $"); * Like read but never return partial data. */ -ssize_t ROKEN_LIB_FUNCTION -net_read (int fd, void *buf, size_t nbytes) +#ifndef _WIN32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_read (rk_socket_t fd, void *buf, size_t nbytes) { char *cbuf = (char *)buf; ssize_t count; size_t rem = nbytes; while (rem > 0) { -#ifdef WIN32 - count = recv (fd, cbuf, rem, 0); -#else count = read (fd, cbuf, rem); -#endif if (count < 0) { if (errno == EINTR) continue; @@ -72,3 +63,56 @@ net_read (int fd, void *buf, size_t nbytes) } return nbytes; } + +#else + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_read(rk_socket_t sock, void *buf, size_t nbytes) +{ + char *cbuf = (char *)buf; + ssize_t count; + size_t rem = nbytes; + +#ifdef SOCKET_IS_NOT_AN_FD + int use_read = 0; +#endif + + while (rem > 0) { +#ifdef SOCKET_IS_NOT_AN_FD + if (use_read) + count = _read (sock, cbuf, rem); + else + count = recv (sock, cbuf, rem, 0); + + if (use_read == 0 && + rk_IS_SOCKET_ERROR(count) && + (rk_SOCK_ERRNO == WSANOTINITIALISED || + rk_SOCK_ERRNO == WSAENOTSOCK)) { + use_read = 1; + + count = _read (sock, cbuf, rem); + } +#else + count = recv (sock, cbuf, rem, 0); +#endif + if (count < 0) { + + /* With WinSock, the error EINTR (WSAEINTR), is used to + indicate that a blocking call was cancelled using + WSACancelBlockingCall(). */ + +#ifndef HAVE_WINSOCK + if (rk_SOCK_ERRNO == EINTR) + continue; +#endif + return count; + } else if (count == 0) { + return count; + } + cbuf += count; + rem -= count; + } + return nbytes; +} + +#endif diff --git a/crypto/heimdal/lib/roken/net_write.c b/crypto/heimdal/lib/roken/net_write.c index a68317f6124..e1cfa99074e 100644 --- a/crypto/heimdal/lib/roken/net_write.c +++ b/crypto/heimdal/lib/roken/net_write.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - -#include -#include -#include #include "roken.h" @@ -46,18 +39,58 @@ RCSID("$Id: net_write.c 21005 2007-06-08 01:54:35Z lha $"); * Like write but never return partial data. */ -ssize_t ROKEN_LIB_FUNCTION -net_write (int fd, const void *buf, size_t nbytes) +#ifndef _WIN32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_write (rk_socket_t fd, const void *buf, size_t nbytes) { const char *cbuf = (const char *)buf; ssize_t count; size_t rem = nbytes; while (rem > 0) { -#ifdef WIN32 - count = send (fd, cbuf, rem, 0); -#else count = write (fd, cbuf, rem); + if (count < 0) { + if (errno == EINTR) + continue; + else + return count; + } + cbuf += count; + rem -= count; + } + return nbytes; +} + +#else + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +net_write(rk_socket_t sock, const void *buf, size_t nbytes) +{ + const char *cbuf = (const char *)buf; + ssize_t count; + size_t rem = nbytes; +#ifdef SOCKET_IS_NOT_AN_FD + int use_write = 0; +#endif + + while (rem > 0) { +#ifdef SOCKET_IS_NOT_AN_FD + if (use_write) + count = _write (sock, cbuf, rem); + else + count = send (sock, cbuf, rem, 0); + + if (use_write == 0 && + rk_IS_SOCKET_ERROR(count) && + (rk_SOCK_ERRNO == WSANOTINITIALISED || + rk_SOCK_ERRNO == WSAENOTSOCK)) { + use_write = 1; + + count = _write (sock, cbuf, rem); + } +#else + count = send (sock, cbuf, rem, 0); #endif if (count < 0) { if (errno == EINTR) @@ -70,3 +103,5 @@ net_write (int fd, const void *buf, size_t nbytes) } return nbytes; } + +#endif diff --git a/crypto/heimdal/lib/roken/parse_bytes-test.c b/crypto/heimdal/lib/roken/parse_bytes-test.c index 5e55b307c16..3c42cb1827c 100644 --- a/crypto/heimdal/lib/roken/parse_bytes-test.c +++ b/crypto/heimdal/lib/roken/parse_bytes-test.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_bytes-test.c 10655 2001-09-04 09:56:00Z assar $"); -#endif #include "roken.h" #include "parse_bytes.h" @@ -82,7 +79,7 @@ main(int argc, char **argv) tests[i].val, buf, tests[i].str); ++ret; } - } + } } if (ret) { printf ("%d errors\n", ret); diff --git a/crypto/heimdal/lib/roken/parse_bytes.c b/crypto/heimdal/lib/roken/parse_bytes.c index 4ab02b41557..561079afc02 100644 --- a/crypto/heimdal/lib/roken/parse_bytes.c +++ b/crypto/heimdal/lib/roken/parse_bytes.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_bytes.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include "parse_bytes.h" @@ -59,19 +56,19 @@ static struct units bytes_short_units[] = { { NULL, 0 } }; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_bytes (const char *s, const char *def_unit) { return parse_units (s, bytes_units, def_unit); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_bytes (int t, char *s, size_t len) { return unparse_units (t, bytes_units, s, len); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_bytes_short (int t, char *s, size_t len) { return unparse_units_approx (t, bytes_short_units, s, len); diff --git a/crypto/heimdal/lib/roken/parse_bytes.h b/crypto/heimdal/lib/roken/parse_bytes.h index 1998f70736a..8a88eca49b1 100644 --- a/crypto/heimdal/lib/roken/parse_bytes.h +++ b/crypto/heimdal/lib/roken/parse_bytes.h @@ -1,56 +1,58 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: parse_bytes.h 14787 2005-04-13 13:19:07Z lha $ */ +/* $Id$ */ #ifndef __PARSE_BYTES_H__ #define __PARSE_BYTES_H__ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_bytes (const char *s, const char *def_unit); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_bytes (int t, char *s, size_t len); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_bytes_short (int t, char *s, size_t len); #endif /* __PARSE_BYTES_H__ */ diff --git a/crypto/heimdal/lib/roken/parse_reply-test.c b/crypto/heimdal/lib/roken/parse_reply-test.c index f6342efd7e3..5e40b818502 100644 --- a/crypto/heimdal/lib/roken/parse_reply-test.c +++ b/crypto/heimdal/lib/roken/parse_reply-test.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_reply-test.c 15287 2005-05-29 21:21:12Z lha $"); -#endif #include #ifdef HAVE_SYS_MMAN_H diff --git a/crypto/heimdal/lib/roken/parse_time-test.c b/crypto/heimdal/lib/roken/parse_time-test.c index 0ce7063b381..851764d28e5 100644 --- a/crypto/heimdal/lib/roken/parse_time-test.c +++ b/crypto/heimdal/lib/roken/parse_time-test.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_time-test.c 15028 2005-04-30 14:48:29Z lha $"); -#endif #include "roken.h" #include "parse_time.h" @@ -43,8 +40,8 @@ RCSID("$Id: parse_time-test.c 15028 2005-04-30 14:48:29Z lha $"); static struct testcase { size_t size; - time_t val; - char *str; + int val; + char *str; } tests[] = { { 8, 1, "1 second" }, { 17, 61, "1 minute 1 second" }, @@ -69,7 +66,7 @@ main(int argc, char **argv) if (sz != tests[i].size) errx(1, "sz (%lu) != tests[%d].size (%lu)", (unsigned long)sz, i, (unsigned long)tests[i].size); - + for (buf_sz = 0; buf_sz < tests[i].size + 2; buf_sz++) { buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun", @@ -77,7 +74,7 @@ main(int argc, char **argv) sz = unparse_time(tests[i].val, buf, buf_sz); if (sz != tests[i].size) errx(1, "sz (%lu) != tests[%d].size (%lu) with in size %lu", - (unsigned long)sz, i, + (unsigned long)sz, i, (unsigned long)tests[i].size, (unsigned long)buf_sz); if (buf_sz > 0 && memcmp(buf, tests[i].str, buf_sz - 1) != 0) @@ -86,20 +83,21 @@ main(int argc, char **argv) errx(1, "test %i not zero terminated", i); rk_test_mem_free("overrun"); - buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun", + buf = rk_test_mem_alloc(RK_TM_UNDERRUN, "underrun", NULL, tests[i].size); - sz = unparse_time(tests[i].val, buf, buf_sz); + sz = unparse_time(tests[i].val, buf, min(buf_sz, tests[i].size)); if (sz != tests[i].size) errx(1, "sz (%lu) != tests[%d].size (%lu) with insize %lu", (unsigned long)sz, i, (unsigned long)tests[i].size, (unsigned long)buf_sz); - if (buf_sz > 0 && strncmp(buf, tests[i].str, buf_sz - 1) != 0) + if (buf_sz > 0 && strncmp(buf, tests[i].str, min(buf_sz, tests[i].size) - 1) != 0) errx(1, "test %i wrong result %s vs %s", i, buf, tests[i].str); - if (buf_sz > 0 && buf[buf_sz - 1] != '\0') + if (buf_sz > 0 && buf[min(buf_sz, tests[i].size) - 1] != '\0') errx(1, "test %i not zero terminated", i); rk_test_mem_free("underrun"); } + buf = rk_test_mem_alloc(RK_TM_OVERRUN, "overrun", tests[i].str, tests[i].size + 1); j = parse_time(buf, "s"); @@ -113,6 +111,7 @@ main(int argc, char **argv) if (j != tests[i].val) errx(1, "parse_time failed for test %d", i); rk_test_mem_free("underrun"); + } return 0; } diff --git a/crypto/heimdal/lib/roken/parse_time.3 b/crypto/heimdal/lib/roken/parse_time.3 index f7a801b51f6..da326cb3bc2 100644 --- a/crypto/heimdal/lib/roken/parse_time.3 +++ b/crypto/heimdal/lib/roken/parse_time.3 @@ -1,34 +1,34 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" $Id: parse_time.3 14325 2004-10-30 22:34:28Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" $Id$ .\" .Dd October 31, 2004 .Dt PARSE_TIME 3 @@ -52,13 +52,13 @@ The roken library (libroken, -lroken) .Ft size_t .Fn unparse_time_approx "int seconds" "char *buf" "size_t len" .Sh DESCRIPTION -The +The .Fn parse_time function converts a the period of time specified in into a number of seconds. -The +The .Fa timespec -can be any number of +can be any number of .Aq number unit pairs separated by comma and whitespace. The number can be negative. Number without explicit units are taken as being @@ -68,12 +68,12 @@ The .Fn unparse_time and .Fn unparse_time_approx -does the opposite of +does the opposite of .Fn parse_time , that is they take a number of seconds and express that as human -readable string. +readable string. .Fa unparse_time -produces an exact time, while +produces an exact time, while .Fa unparse_time_approx restricts the result to only include one units. .Pp @@ -99,13 +99,13 @@ Units names can be arbitrarily abbreviated (as long as they are unique). .Sh RETURN VALUES .Fn parse_time -returns the number of seconds that represents the expression in +returns the number of seconds that represents the expression in .Fa timespec or -1 on error. .Fn unparse_time -and -.Fn unparse_time_approx -return the number of characters written to +and +.Fn unparse_time_approx +return the number of characters written to .Fa buf . if the return value is greater than or equal to the .Fa len @@ -140,7 +140,7 @@ main(int argc, char **argv) } .Ed .Bd -literal -$ ./a.out "1 minute 30 seconds" "90 s" "1 y -1 s" +$ ./a.out "1 minute 30 seconds" "90 s" "1 y -1 s" 1 year = 365 days 1 month = 30 days 1 week = 7 days diff --git a/crypto/heimdal/lib/roken/parse_time.c b/crypto/heimdal/lib/roken/parse_time.c index 1c39bde4e8a..febd6a5d2bf 100644 --- a/crypto/heimdal/lib/roken/parse_time.c +++ b/crypto/heimdal/lib/roken/parse_time.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_time.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include "parse_time.h" @@ -53,25 +50,25 @@ static struct units time_units[] = { {NULL, 0}, }; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_time (const char *s, const char *def_unit) { return parse_units (s, time_units, def_unit); } -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time (int t, char *s, size_t len) { return unparse_units (t, time_units, s, len); } -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time_approx (int t, char *s, size_t len) { return unparse_units_approx (t, time_units, s, len); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_time_table (FILE *f) { print_units_table (time_units, f); diff --git a/crypto/heimdal/lib/roken/parse_time.h b/crypto/heimdal/lib/roken/parse_time.h index 4dc2da08bcb..dabcefd81a7 100644 --- a/crypto/heimdal/lib/roken/parse_time.h +++ b/crypto/heimdal/lib/roken/parse_time.h @@ -1,59 +1,61 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: parse_time.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __PARSE_TIME_H__ #define __PARSE_TIME_H__ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -int +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_time (const char *s, const char *def_unit); -size_t +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time (int t, char *s, size_t len); -size_t +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL unparse_time_approx (int t, char *s, size_t len); -void +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_time_table (FILE *f); #endif /* __PARSE_TIME_H__ */ diff --git a/crypto/heimdal/lib/roken/parse_units.c b/crypto/heimdal/lib/roken/parse_units.c index 1960beca071..8b3cdf40e59 100644 --- a/crypto/heimdal/lib/roken/parse_units.c +++ b/crypto/heimdal/lib/roken/parse_units.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: parse_units.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -73,7 +70,7 @@ parse_something (const char *s, const struct units *units, p = s; while (*p) { - double val; + int val; char *next; const struct units *u, *partial_unit; size_t u_len; @@ -83,7 +80,7 @@ parse_something (const char *s, const struct units *units, while(isspace((unsigned char)*p) || *p == ',') ++p; - val = strtod (p, &next); /* strtol(p, &next, 0); */ + val = strtol(p, &next, 0); if (p == next) { val = 0; if(!accept_no_val_p) @@ -152,7 +149,7 @@ acc_units(int res, int val, unsigned mult) return res + val * mult; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_units (const char *s, const struct units *units, const char *def_unit) { @@ -178,7 +175,7 @@ acc_flags(int res, int val, unsigned mult) return -1; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_flags (const char *s, const struct units *units, int orig) { @@ -211,7 +208,7 @@ unparse_something (int num, const struct units *units, char *s, size_t len, tmp = (*print) (s, len, divisor, u->name, num); if (tmp < 0) return tmp; - if (tmp > len) { + if (tmp > (int) len) { len = 0; s = NULL; } else { @@ -248,7 +245,7 @@ update_unit_approx (int in, unsigned mult) return update_unit (in, mult); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units (int num, const struct units *units, char *s, size_t len) { return unparse_something (num, units, s, len, @@ -257,7 +254,7 @@ unparse_units (int num, const struct units *units, char *s, size_t len) "0"); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units_approx (int num, const struct units *units, char *s, size_t len) { return unparse_something (num, units, s, len, @@ -266,11 +263,11 @@ unparse_units_approx (int num, const struct units *units, char *s, size_t len) "0"); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_units_table (const struct units *units, FILE *f) { const struct units *u, *u2; - unsigned max_sz = 0; + size_t max_sz = 0; for (u = units; u->name; ++u) { max_sz = max(max_sz, strlen(u->name)); @@ -291,7 +288,7 @@ print_units_table (const struct units *units, FILE *f) if (u2->name == NULL) --u2; unparse_units (u->mult, u2, buf, sizeof(buf)); - fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf); + fprintf (f, "1 %*s = %s\n", (int)max_sz, u->name, buf); } else { fprintf (f, "1 %s\n", u->name); } @@ -311,7 +308,7 @@ update_flag (int in, unsigned mult) return in - mult; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_flags (int num, const struct units *units, char *s, size_t len) { return unparse_something (num, units, s, len, @@ -320,7 +317,7 @@ unparse_flags (int num, const struct units *units, char *s, size_t len) ""); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_flags_table (const struct units *units, FILE *f) { const struct units *u; diff --git a/crypto/heimdal/lib/roken/parse_units.h b/crypto/heimdal/lib/roken/parse_units.h index a42154d4869..2d1c2869068 100644 --- a/crypto/heimdal/lib/roken/parse_units.h +++ b/crypto/heimdal/lib/roken/parse_units.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: parse_units.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ @@ -41,9 +41,11 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -52,28 +54,28 @@ struct units { unsigned mult; }; -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_units (const char *s, const struct units *units, const char *def_unit); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_units_table (const struct units *units, FILE *f); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL parse_flags (const char *s, const struct units *units, int orig); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units (int num, const struct units *units, char *s, size_t len); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_units_approx (int num, const struct units *units, char *s, size_t len); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unparse_flags (int num, const struct units *units, char *s, size_t len); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_flags_table (const struct units *units, FILE *f); #endif /* __PARSE_UNITS_H__ */ diff --git a/crypto/heimdal/lib/roken/putenv.c b/crypto/heimdal/lib/roken/putenv.c index 5e501dcc0f2..647eb7a348b 100644 --- a/crypto/heimdal/lib/roken/putenv.c +++ b/crypto/heimdal/lib/roken/putenv.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: putenv.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include +#if !HAVE_DECL_ENVIRON extern char **environ; +#endif /* * putenv -- @@ -48,13 +47,13 @@ extern char **environ; * value by altering an existing variable or creating a new one. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL putenv(const char *string) { int i; const char *eq = (const char *)strchr(string, '='); int len; - + if (eq == NULL) return 1; len = eq - string; diff --git a/crypto/heimdal/lib/roken/qsort.c b/crypto/heimdal/lib/roken/qsort.c new file mode 100644 index 00000000000..768981334f2 --- /dev/null +++ b/crypto/heimdal/lib/roken/qsort.c @@ -0,0 +1,203 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if 0 +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)qsort.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ +#include +__FBSDID("$FreeBSD$"); +#endif + +#include + +#ifdef NEED_QSORT + +#include "roken.h" + +#include + +#ifdef I_AM_QSORT_R +typedef int cmp_t(void *, const void *, const void *); +#else +typedef int cmp_t(const void *, const void *); +#endif +static inline char *med3(char *, char *, char *, cmp_t *, void *); +static inline void swapfunc(char *, char *, int, int); + +/* + * Qsort routine from Bentley & McIlroy's "Engineering a Sort Function". + */ +#define swapcode(TYPE, parmi, parmj, n) { \ + long i = (n) / sizeof (TYPE); \ + TYPE *pi = (TYPE *) (parmi); \ + TYPE *pj = (TYPE *) (parmj); \ + do { \ + TYPE t = *pi; \ + *pi++ = *pj; \ + *pj++ = t; \ + } while (--i > 0); \ +} + +#define SWAPINIT(a, es) swaptype = ((char *)a - (char *)0) % sizeof(long) || \ + es % sizeof(long) ? 2 : es == sizeof(long)? 0 : 1; + +static inline void +swapfunc(a, b, n, swaptype) + char *a, *b; + int n, swaptype; +{ + if(swaptype <= 1) + swapcode(long, a, b, n) + else + swapcode(char, a, b, n) +} + +#define swap(a, b) \ + if (swaptype == 0) { \ + long t = *(long *)(a); \ + *(long *)(a) = *(long *)(b); \ + *(long *)(b) = t; \ + } else \ + swapfunc(a, b, es, swaptype) + +#define vecswap(a, b, n) if ((n) > 0) swapfunc(a, b, n, swaptype) + +#ifdef I_AM_QSORT_R +#define CMP(t, x, y) (cmp((t), (x), (y))) +#else +#define CMP(t, x, y) (cmp((x), (y))) +#endif + +static inline char * +med3(char *a, char *b, char *c, cmp_t *cmp, void *thunk +#ifndef I_AM_QSORT_R +/* __unused */ +#endif +) +{ + return CMP(thunk, a, b) < 0 ? + (CMP(thunk, b, c) < 0 ? b : (CMP(thunk, a, c) < 0 ? c : a )) + :(CMP(thunk, b, c) > 0 ? b : (CMP(thunk, a, c) < 0 ? a : c )); +} + +#ifdef I_AM_QSORT_R +void +rk_qsort_r(void *a, size_t n, size_t es, void *thunk, cmp_t *cmp) +#else +#define thunk NULL +void +rk_qsort(void *a, size_t n, size_t es, cmp_t *cmp) +#endif +{ + char *pa, *pb, *pc, *pd, *pl, *pm, *pn; + size_t d, r; + int cmp_result; + int swaptype, swap_cnt; + +loop: SWAPINIT(a, es); + swap_cnt = 0; + if (n < 7) { + for (pm = (char *)a + es; pm < (char *)a + n * es; pm += es) + for (pl = pm; + pl > (char *)a && CMP(thunk, pl - es, pl) > 0; + pl -= es) + swap(pl, pl - es); + return; + } + pm = (char *)a + (n / 2) * es; + if (n > 7) { + pl = a; + pn = (char *)a + (n - 1) * es; + if (n > 40) { + d = (n / 8) * es; + pl = med3(pl, pl + d, pl + 2 * d, cmp, thunk); + pm = med3(pm - d, pm, pm + d, cmp, thunk); + pn = med3(pn - 2 * d, pn - d, pn, cmp, thunk); + } + pm = med3(pl, pm, pn, cmp, thunk); + } + swap(a, pm); + pa = pb = (char *)a + es; + + pc = pd = (char *)a + (n - 1) * es; + for (;;) { + while (pb <= pc && (cmp_result = CMP(thunk, pb, a)) <= 0) { + if (cmp_result == 0) { + swap_cnt = 1; + swap(pa, pb); + pa += es; + } + pb += es; + } + while (pb <= pc && (cmp_result = CMP(thunk, pc, a)) >= 0) { + if (cmp_result == 0) { + swap_cnt = 1; + swap(pc, pd); + pd -= es; + } + pc -= es; + } + if (pb > pc) + break; + swap(pb, pc); + swap_cnt = 1; + pb += es; + pc -= es; + } + if (swap_cnt == 0) { /* Switch to insertion sort */ + for (pm = (char *)a + es; pm < (char *)a + n * es; pm += es) + for (pl = pm; + pl > (char *)a && CMP(thunk, pl - es, pl) > 0; + pl -= es) + swap(pl, pl - es); + return; + } + + pn = (char *)a + n * es; + r = min(pa - (char *)a, pb - pa); + vecswap(a, pb - r, r); + r = min(pd - pc, pn - pd - es); + vecswap(pb, pn - r, r); + if ((r = pb - pa) > es) +#ifdef I_AM_QSORT_R + rk_qsort_r(a, r / es, es, thunk, cmp); +#else + rk_qsort(a, r / es, es, cmp); +#endif + if ((r = pd - pc) > es) { + /* Iterate rather than recurse to save stack space */ + a = pn - r; + n = r / es; + goto loop; + } +/* rk_qsort(pn - r, r / es, es, cmp);*/ +} + +#endif /* NEED_QSORT */ diff --git a/crypto/heimdal/lib/roken/rand.c b/crypto/heimdal/lib/roken/rand.c new file mode 100644 index 00000000000..ef92c2052b7 --- /dev/null +++ b/crypto/heimdal/lib/roken/rand.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "roken.h" + +void ROKEN_LIB_FUNCTION +rk_random_init(void) +{ +#if defined(HAVE_ARC4RANDOM) + arc4random_stir(); +#elif defined(HAVE_SRANDOMDEV) + srandomdev(); +#elif defined(HAVE_RANDOM) + srandom(time(NULL)); +#else + srand (time(NULL)); +#endif +} diff --git a/crypto/heimdal/lib/roken/rcmd.c b/crypto/heimdal/lib/roken/rcmd.c index e732fe3c2a8..7fa85a35b4a 100644 --- a/crypto/heimdal/lib/roken/rcmd.c +++ b/crypto/heimdal/lib/roken/rcmd.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,15 +31,12 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: rcmd.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" #include -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rcmd(char **ahost, unsigned short inport, const char *locuser, diff --git a/crypto/heimdal/lib/roken/readv.c b/crypto/heimdal/lib/roken/readv.c index b49890ebd6e..a1560158991 100644 --- a/crypto/heimdal/lib/roken/readv.c +++ b/crypto/heimdal/lib/roken/readv.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: readv.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL readv(int d, const struct iovec *iov, int iovcnt) { ssize_t ret, nb; diff --git a/crypto/heimdal/lib/roken/realloc.c b/crypto/heimdal/lib/roken/realloc.c index 33e898c3430..8cbc0d63e06 100644 --- a/crypto/heimdal/lib/roken/realloc.c +++ b/crypto/heimdal/lib/roken/realloc.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan + * Copyright (c) 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include #undef realloc -#endif + #include #include "roken.h" -RCSID("$Id"); - - -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_realloc(void *ptr, size_t size) { if (ptr == NULL) diff --git a/crypto/heimdal/lib/roken/recvmsg.c b/crypto/heimdal/lib/roken/recvmsg.c index d92186c1b9f..aba298b9081 100644 --- a/crypto/heimdal/lib/roken/recvmsg.c +++ b/crypto/heimdal/lib/roken/recvmsg.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: recvmsg.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL recvmsg(int s, struct msghdr *msg, int flags) { ssize_t ret, nb; diff --git a/crypto/heimdal/lib/roken/resolve-test.c b/crypto/heimdal/lib/roken/resolve-test.c index 106cfd71b3e..711d6e896e7 100644 --- a/crypto/heimdal/lib/roken/resolve-test.c +++ b/crypto/heimdal/lib/roken/resolve-test.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H + #include -#endif + #include "roken.h" #include "getarg.h" #ifdef HAVE_ARPA_NAMESER_H @@ -44,12 +44,13 @@ #endif #include "resolve.h" -RCSID("$Id: resolve-test.c 15415 2005-06-16 16:58:45Z lha $"); - +static int loop_integer = 1; static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { + {"loop", 0, arg_integer, &loop_integer, + "loop resolving", NULL }, {"version", 0, arg_flag, &version_flag, "print version", NULL }, {"help", 0, arg_flag, &help_flag, @@ -69,15 +70,15 @@ usage (int ret) int main(int argc, char **argv) { - struct dns_reply *r; - struct resource_record *rr; - int optidx = 0; + struct rk_dns_reply *r; + struct rk_resource_record *rr; + int optidx = 0, i, exit_code = 0; setprogname (argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); - + if (help_flag) usage (0); @@ -92,88 +93,93 @@ main(int argc, char **argv) if (argc != 2) usage(1); - r = dns_lookup(argv[0], argv[1]); - if(r == NULL){ - printf("No reply.\n"); - return 1; + for (i = 0; i < loop_integer; i++) { + + r = rk_dns_lookup(argv[0], argv[1]); + if(r == NULL){ + printf("No reply.\n"); + exit_code = 1; + break; + } + if(r->q.type == rk_ns_t_srv) + rk_dns_srv_order(r); + + for(rr = r->head; rr;rr=rr->next){ + printf("%-30s %-5s %-6d ", rr->domain, rk_dns_type_to_string(rr->type), rr->ttl); + switch(rr->type){ + case rk_ns_t_ns: + case rk_ns_t_cname: + case rk_ns_t_ptr: + printf("%s\n", (char*)rr->u.data); + break; + case rk_ns_t_a: + printf("%s\n", inet_ntoa(*rr->u.a)); + break; + case rk_ns_t_mx: + case rk_ns_t_afsdb:{ + printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain); + break; + } + case rk_ns_t_srv:{ + struct rk_srv_record *srv = rr->u.srv; + printf("%d %d %d %s\n", srv->priority, srv->weight, + srv->port, srv->target); + break; + } + case rk_ns_t_txt: { + printf("%s\n", rr->u.txt); + break; + } + case rk_ns_t_sig : { + struct rk_sig_record *sig = rr->u.sig; + const char *type_string = rk_dns_type_to_string (sig->type); + + printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n", + sig->type, type_string ? type_string : "", + sig->algorithm, sig->labels, sig->orig_ttl, + sig->sig_expiration, sig->sig_inception, sig->key_tag, + sig->signer); + break; + } + case rk_ns_t_key : { + struct rk_key_record *key = rr->u.key; + + printf ("flags %u, protocol %u, algorithm %u\n", + key->flags, key->protocol, key->algorithm); + break; + } + case rk_ns_t_sshfp : { + struct rk_sshfp_record *sshfp = rr->u.sshfp; + size_t i; + + printf ("alg %u type %u length %lu data ", sshfp->algorithm, + sshfp->type, (unsigned long)sshfp->sshfp_len); + for (i = 0; i < sshfp->sshfp_len; i++) + printf("%02X", sshfp->sshfp_data[i]); + printf("\n"); + + break; + } + case rk_ns_t_ds : { + struct rk_ds_record *ds = rr->u.ds; + size_t i; + + printf ("key tag %u alg %u type %u length %lu data ", + ds->key_tag, ds->algorithm, ds->digest_type, + (unsigned long)ds->digest_len); + for (i = 0; i < ds->digest_len; i++) + printf("%02X", ds->digest_data[i]); + printf("\n"); + + break; + } + default: + printf("\n"); + break; + } + } + rk_dns_free_data(r); } - if(r->q.type == rk_ns_t_srv) - dns_srv_order(r); - for(rr = r->head; rr;rr=rr->next){ - printf("%-30s %-5s %-6d ", rr->domain, dns_type_to_string(rr->type), rr->ttl); - switch(rr->type){ - case rk_ns_t_ns: - case rk_ns_t_cname: - case rk_ns_t_ptr: - printf("%s\n", (char*)rr->u.data); - break; - case rk_ns_t_a: - printf("%s\n", inet_ntoa(*rr->u.a)); - break; - case rk_ns_t_mx: - case rk_ns_t_afsdb:{ - printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain); - break; - } - case rk_ns_t_srv:{ - struct srv_record *srv = rr->u.srv; - printf("%d %d %d %s\n", srv->priority, srv->weight, - srv->port, srv->target); - break; - } - case rk_ns_t_txt: { - printf("%s\n", rr->u.txt); - break; - } - case rk_ns_t_sig : { - struct sig_record *sig = rr->u.sig; - const char *type_string = dns_type_to_string (sig->type); - - printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n", - sig->type, type_string ? type_string : "", - sig->algorithm, sig->labels, sig->orig_ttl, - sig->sig_expiration, sig->sig_inception, sig->key_tag, - sig->signer); - break; - } - case rk_ns_t_key : { - struct key_record *key = rr->u.key; - - printf ("flags %u, protocol %u, algorithm %u\n", - key->flags, key->protocol, key->algorithm); - break; - } - case rk_ns_t_sshfp : { - struct sshfp_record *sshfp = rr->u.sshfp; - int i; - - printf ("alg %u type %u length %lu data ", sshfp->algorithm, - sshfp->type, (unsigned long)sshfp->sshfp_len); - for (i = 0; i < sshfp->sshfp_len; i++) - printf("%02X", sshfp->sshfp_data[i]); - printf("\n"); - - break; - } - case rk_ns_t_ds : { - struct ds_record *ds = rr->u.ds; - int i; - - printf ("key tag %u alg %u type %u length %u data ", - ds->key_tag, ds->algorithm, ds->digest_type, - ds->digest_len); - for (i = 0; i < ds->digest_len; i++) - printf("%02X", ds->digest_data[i]); - printf("\n"); - - break; - } - default: - printf("\n"); - break; - } - } - - return 0; + return exit_code; } diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c index 8f8fec7657e..2eeaaf34401 100644 --- a/crypto/heimdal/lib/roken/resolve.c +++ b/crypto/heimdal/lib/roken/resolve.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,9 +31,9 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H + #include -#endif + #include "roken.h" #ifdef HAVE_ARPA_NAMESER_H #include @@ -41,12 +41,13 @@ #ifdef HAVE_RESOLV_H #include #endif +#ifdef HAVE_DNS_H +#include +#endif #include "resolve.h" #include -RCSID("$Id: resolve.c 19869 2007-01-12 16:03:14Z lha $"); - #ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH #endif @@ -77,8 +78,8 @@ static struct stot{ int _resolve_debug = 0; -int ROKEN_LIB_FUNCTION -dns_string_to_type(const char *name) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_dns_string_to_type(const char *name) { struct stot *p = stot; for(p = stot; p->name; p++) @@ -87,8 +88,8 @@ dns_string_to_type(const char *name) return -1; } -const char * ROKEN_LIB_FUNCTION -dns_type_to_string(int type) +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL +rk_dns_type_to_string(int type) { struct stot *p = stot; for(p = stot; p->name; p++) @@ -97,10 +98,10 @@ dns_type_to_string(int type) return NULL; } -#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) +#if ((defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)) || defined(HAVE_WINDNS) static void -dns_free_rr(struct resource_record *rr) +dns_free_rr(struct rk_resource_record *rr) { if(rr->domain) free(rr->domain); @@ -109,26 +110,29 @@ dns_free_rr(struct resource_record *rr) free(rr); } -void ROKEN_LIB_FUNCTION -dns_free_data(struct dns_reply *r) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_dns_free_data(struct rk_dns_reply *r) { - struct resource_record *rr; + struct rk_resource_record *rr; if(r->q.domain) free(r->q.domain); for(rr = r->head; rr;){ - struct resource_record *tmp = rr; + struct rk_resource_record *tmp = rr; rr = rr->next; dns_free_rr(tmp); } free (r); } +#ifndef HAVE_WINDNS + static int -parse_record(const unsigned char *data, const unsigned char *end_data, - const unsigned char **pp, struct resource_record **ret_rr) +parse_record(const unsigned char *data, const unsigned char *end_data, + const unsigned char **pp, struct rk_resource_record **ret_rr) { - struct resource_record *rr; - int type, class, ttl, size; + struct rk_resource_record *rr; + int type, class, ttl; + unsigned size; int status; char host[MAXDNAME]; const unsigned char *p = *pp; @@ -136,7 +140,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, *ret_rr = NULL; status = dn_expand(data, end_data, p, host, sizeof(host)); - if(status < 0) + if(status < 0) return -1; if (p + status + 10 > end_data) return -1; @@ -155,7 +159,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, return -1; rr = calloc(1, sizeof(*rr)); - if(rr == NULL) + if(rr == NULL) return -1; rr->domain = strdup(host); if(rr->domain == NULL) { @@ -190,13 +194,13 @@ parse_record(const unsigned char *data, const unsigned char *end_data, dns_free_rr(rr); return -1; } - if (status + 2 > size) { + if ((size_t)status + 2 > size) { dns_free_rr(rr); return -1; } hostlen = strlen(host); - rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + hostlen); if(rr->u.mx == NULL) { dns_free_rr(rr); @@ -213,14 +217,14 @@ parse_record(const unsigned char *data, const unsigned char *end_data, dns_free_rr(rr); return -1; } - if (status + 6 > size) { + if ((size_t)status + 6 > size) { dns_free_rr(rr); return -1; } hostlen = strlen(host); - rr->u.srv = - (struct srv_record*)malloc(sizeof(struct srv_record) + + rr->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + hostlen); if(rr->u.srv == NULL) { dns_free_rr(rr); @@ -233,7 +237,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, break; } case rk_ns_t_txt:{ - if(size == 0 || size < *p + 1) { + if(size == 0 || size < (unsigned)(*p + 1)) { dns_free_rr(rr); return -1; } @@ -280,7 +284,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, dns_free_rr(rr); return -1; } - if (status + 18 > size) { + if ((size_t)status + 18 > size) { dns_free_rr(rr); return -1; } @@ -400,17 +404,17 @@ parse_record(const unsigned char *data, const unsigned char *end_data, #ifndef TEST_RESOLVE static #endif -struct dns_reply* +struct rk_dns_reply* parse_reply(const unsigned char *data, size_t len) { const unsigned char *p; int status; - int i; + size_t i; char host[MAXDNAME]; const unsigned char *end_data = data + len; - struct dns_reply *r; - struct resource_record **rr; - + struct rk_dns_reply *r; + struct rk_resource_record **rr; + r = calloc(1, sizeof(*r)); if (r == NULL) return NULL; @@ -448,16 +452,16 @@ parse_reply(const unsigned char *data, size_t len) } status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0){ - dns_free_data(r); + rk_dns_free_data(r); return NULL; } r->q.domain = strdup(host); if(r->q.domain == NULL) { - dns_free_data(r); + rk_dns_free_data(r); return NULL; } if (p + status + 4 > end_data) { - dns_free_data(r); + rk_dns_free_data(r); return NULL; } p += status; @@ -465,25 +469,25 @@ parse_reply(const unsigned char *data, size_t len) p += 2; r->q.class = (p[0] << 8 | p[1]); p += 2; - + rr = &r->head; for(i = 0; i < r->h.ancount; i++) { if(parse_record(data, end_data, &p, rr) != 0) { - dns_free_data(r); + rk_dns_free_data(r); return NULL; } rr = &(*rr)->next; } for(i = 0; i < r->h.nscount; i++) { if(parse_record(data, end_data, &p, rr) != 0) { - dns_free_data(r); + rk_dns_free_data(r); return NULL; } rr = &(*rr)->next; } for(i = 0; i < r->h.arcount; i++) { if(parse_record(data, end_data, &p, rr) != 0) { - dns_free_data(r); + rk_dns_free_data(r); return NULL; } rr = &(*rr)->next; @@ -500,121 +504,135 @@ parse_reply(const unsigned char *data, size_t len) #endif #endif -static struct dns_reply * +#if defined(HAVE_DNS_SEARCH) +#define resolve_search(h,n,c,t,r,l) \ + ((int)dns_search(h,n,c,t,r,l,(struct sockaddr *)&from,&fromsize)) +#define resolve_free_handle(h) dns_free(h) +#elif defined(HAVE_RES_NSEARCH) +#define resolve_search(h,n,c,t,r,l) res_nsearch(h,n,c,t,r,l) +#define resolve_free_handle(h) rk_res_free(h); +#else +#define resolve_search(h,n,c,t,r,l) res_search(n,c,t,r,l) +#define handle 0 +#define resolve_free_handle(h) +#endif + + +static struct rk_dns_reply * dns_lookup_int(const char *domain, int rr_class, int rr_type) { - struct dns_reply *r; - unsigned char *reply = NULL; - int size; - int len; -#ifdef HAVE_RES_NSEARCH + struct rk_dns_reply *r; + void *reply = NULL; + int size, len; +#if defined(HAVE_DNS_SEARCH) + struct sockaddr_storage from; + uint32_t fromsize = sizeof(from); + dns_handle_t handle; + + handle = dns_open(NULL); + if (handle == NULL) + return NULL; +#elif defined(HAVE_RES_NSEARCH) struct __res_state state; + struct __res_state *handle = &state; + memset(&state, 0, sizeof(state)); - if(res_ninit(&state)) + if(res_ninit(handle)) return NULL; /* is this the best we can do? */ -#elif defined(HAVE__RES) - u_long old_options = 0; #endif - - size = 0; - len = 1000; - do { + + len = 1500; + while(1) { if (reply) { free(reply); reply = NULL; } - if (size <= len) - size = len; if (_resolve_debug) { -#ifdef HAVE_RES_NSEARCH +#if defined(HAVE_DNS_SEARCH) + dns_set_debug(handle, 1); +#elif defined(HAVE_RES_NSEARCH) state.options |= RES_DEBUG; -#elif defined(HAVE__RES) - old_options = _res.options; - _res.options |= RES_DEBUG; #endif fprintf(stderr, "dns_lookup(%s, %d, %s), buffer size %d\n", domain, - rr_class, dns_type_to_string(rr_type), size); + rr_class, rk_dns_type_to_string(rr_type), len); } - reply = malloc(size); + reply = malloc(len); if (reply == NULL) { -#ifdef HAVE_RES_NSEARCH - rk_res_free(&state); -#endif + resolve_free_handle(handle); return NULL; } -#ifdef HAVE_RES_NSEARCH - len = res_nsearch(&state, domain, rr_class, rr_type, reply, size); -#else - len = res_search(domain, rr_class, rr_type, reply, size); -#endif + + size = resolve_search(handle, domain, rr_class, rr_type, reply, len); + if (_resolve_debug) { -#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) - _res.options = old_options; -#endif fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", - domain, rr_class, dns_type_to_string(rr_type), len); + domain, rr_class, rk_dns_type_to_string(rr_type), size); } - if (len < 0) { -#ifdef HAVE_RES_NSEARCH - rk_res_free(&state); -#endif + if (size > len) { + /* resolver thinks it know better, go for it */ + len = size; + } else if (size > 0) { + /* got a good reply */ + break; + } else if (size <= 0 && len < rk_DNS_MAX_PACKET_SIZE) { + len *= 2; + if (len > rk_DNS_MAX_PACKET_SIZE) + len = rk_DNS_MAX_PACKET_SIZE; + } else { + /* the end, leave */ + resolve_free_handle(handle); free(reply); return NULL; } - } while (size < len && len < rk_DNS_MAX_PACKET_SIZE); -#ifdef HAVE_RES_NSEARCH - rk_res_free(&state); -#endif + } len = min(len, size); r = parse_reply(reply, len); free(reply); + + resolve_free_handle(handle); + return r; } -struct dns_reply * ROKEN_LIB_FUNCTION -dns_lookup(const char *domain, const char *type_name) +ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL +rk_dns_lookup(const char *domain, const char *type_name) { int type; - - type = dns_string_to_type(type_name); + + type = rk_dns_string_to_type(type_name); if(type == -1) { if(_resolve_debug) - fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", + fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", type_name); return NULL; } - return dns_lookup_int(domain, C_IN, type); + return dns_lookup_int(domain, rk_ns_c_in, type); } +#endif /* !HAVE_WINDNS */ + static int compare_srv(const void *a, const void *b) { - const struct resource_record *const* aa = a, *const* bb = b; + const struct rk_resource_record *const* aa = a, *const* bb = b; if((*aa)->u.srv->priority == (*bb)->u.srv->priority) return ((*aa)->u.srv->weight - (*bb)->u.srv->weight); return ((*aa)->u.srv->priority - (*bb)->u.srv->priority); } -#ifndef HAVE_RANDOM -#define random() rand() -#endif - /* try to rearrange the srv-records by the algorithm in RFC2782 */ -void ROKEN_LIB_FUNCTION -dns_srv_order(struct dns_reply *r) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_dns_srv_order(struct rk_dns_reply *r) { - struct resource_record **srvs, **ss, **headp; - struct resource_record *rr; + struct rk_resource_record **srvs, **ss, **headp; + struct rk_resource_record *rr; int num_srv = 0; -#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE) - int state[256 / sizeof(int)]; - char *oldstate; -#endif + rk_random_init(); - for(rr = r->head; rr; rr = rr->next) + for(rr = r->head; rr; rr = rr->next) if(rr->type == rk_ns_t_srv) num_srv++; @@ -624,7 +642,7 @@ dns_srv_order(struct dns_reply *r) srvs = malloc(num_srv * sizeof(*srvs)); if(srvs == NULL) return; /* XXX not much to do here */ - + /* unlink all srv-records from the linked list and put them in a vector */ for(ss = srvs, headp = &r->head; *headp; ) @@ -635,19 +653,15 @@ dns_srv_order(struct dns_reply *r) ss++; } else headp = &(*headp)->next; - + /* sort them by priority and weight */ qsort(srvs, num_srv, sizeof(*srvs), compare_srv); -#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE) - oldstate = initstate(time(NULL), (char*)state, sizeof(state)); -#endif - headp = &r->head; - + for(ss = srvs; ss < srvs + num_srv; ) { int sum, rnd, count; - struct resource_record **ee, **tt; + struct rk_resource_record **ee, **tt; /* find the last record with the same priority and count the sum of all weights */ for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) { @@ -660,7 +674,7 @@ dns_srv_order(struct dns_reply *r) /* ss is now the first record of this priority and ee is the first of the next */ while(ss < ee) { - rnd = random() % (sum + 1); + rnd = rk_random() % (sum + 1); for(count = 0, tt = ss; ; tt++) { if(*tt == NULL) continue; @@ -682,29 +696,238 @@ dns_srv_order(struct dns_reply *r) ss++; } } - -#if defined(HAVE_INITSTATE) && defined(HAVE_SETSTATE) - setstate(oldstate); -#endif + free(srvs); return; } +#ifdef HAVE_WINDNS + +#include + +static struct rk_resource_record * +parse_dns_record(PDNS_RECORD pRec) +{ + struct rk_resource_record * rr; + + if (pRec == NULL) + return NULL; + + rr = calloc(1, sizeof(*rr)); + + rr->domain = strdup(pRec->pName); + rr->type = pRec->wType; + rr->class = 0; + rr->ttl = pRec->dwTtl; + rr->size = 0; + + switch (rr->type) { + case rk_ns_t_ns: + case rk_ns_t_cname: + case rk_ns_t_ptr: + rr->u.txt = strdup(pRec->Data.NS.pNameHost); + if(rr->u.txt == NULL) { + dns_free_rr(rr); + return NULL; + } + break; + + case rk_ns_t_mx: + case rk_ns_t_afsdb:{ + size_t hostlen = strnlen(pRec->Data.MX.pNameExchange, DNS_MAX_NAME_LENGTH); + + rr->u.mx = (struct mx_record *)malloc(sizeof(struct mx_record) + + hostlen); + if (rr->u.mx == NULL) { + dns_free_rr(rr); + return NULL; + } + + strcpy_s(rr->u.mx->domain, hostlen + 1, pRec->Data.MX.pNameExchange); + rr->u.mx->preference = pRec->Data.MX.wPreference; + break; + } + + case rk_ns_t_srv:{ + size_t hostlen = strnlen(pRec->Data.SRV.pNameTarget, DNS_MAX_NAME_LENGTH); + + rr->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + + hostlen); + if(rr->u.srv == NULL) { + dns_free_rr(rr); + return NULL; + } + + rr->u.srv->priority = pRec->Data.SRV.wPriority; + rr->u.srv->weight = pRec->Data.SRV.wWeight; + rr->u.srv->port = pRec->Data.SRV.wPort; + strcpy_s(rr->u.srv->target, hostlen + 1, pRec->Data.SRV.pNameTarget); + + break; + } + + case rk_ns_t_txt:{ + size_t len; + + if (pRec->Data.TXT.dwStringCount == 0) { + rr->u.txt = strdup(""); + break; + } + + len = strnlen(pRec->Data.TXT.pStringArray[0], DNS_MAX_TEXT_STRING_LENGTH); + + rr->u.txt = (char *)malloc(len + 1); + strcpy_s(rr->u.txt, len + 1, pRec->Data.TXT.pStringArray[0]); + + break; + } + + case rk_ns_t_key : { + size_t key_len; + + if (pRec->wDataLength < 4) { + dns_free_rr(rr); + return NULL; + } + + key_len = pRec->wDataLength - 4; + rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1); + if (rr->u.key == NULL) { + dns_free_rr(rr); + return NULL; + } + + rr->u.key->flags = pRec->Data.KEY.wFlags; + rr->u.key->protocol = pRec->Data.KEY.chProtocol; + rr->u.key->algorithm = pRec->Data.KEY.chAlgorithm; + rr->u.key->key_len = key_len; + memcpy_s (rr->u.key->key_data, key_len, + pRec->Data.KEY.Key, key_len); + break; + } + + case rk_ns_t_sig : { + size_t sig_len, hostlen; + + if(pRec->wDataLength <= 18) { + dns_free_rr(rr); + return NULL; + } + + sig_len = pRec->wDataLength; + + hostlen = strnlen(pRec->Data.SIG.pNameSigner, DNS_MAX_NAME_LENGTH); + + rr->u.sig = malloc(sizeof(*rr->u.sig) + + hostlen + sig_len); + if (rr->u.sig == NULL) { + dns_free_rr(rr); + return NULL; + } + rr->u.sig->type = pRec->Data.SIG.wTypeCovered; + rr->u.sig->algorithm = pRec->Data.SIG.chAlgorithm; + rr->u.sig->labels = pRec->Data.SIG.chLabelCount; + rr->u.sig->orig_ttl = pRec->Data.SIG.dwOriginalTtl; + rr->u.sig->sig_expiration = pRec->Data.SIG.dwExpiration; + rr->u.sig->sig_inception = pRec->Data.SIG.dwTimeSigned; + rr->u.sig->key_tag = pRec->Data.SIG.wKeyTag; + rr->u.sig->sig_len = sig_len; + memcpy_s (rr->u.sig->sig_data, sig_len, + pRec->Data.SIG.Signature, sig_len); + rr->u.sig->signer = &rr->u.sig->sig_data[sig_len]; + strcpy_s(rr->u.sig->signer, hostlen + 1, pRec->Data.SIG.pNameSigner); + break; + } + +#ifdef DNS_TYPE_DS + case rk_ns_t_ds: { + rr->u.ds = malloc (sizeof(*rr->u.ds) + pRec->Data.DS.wDigestLength - 1); + if (rr->u.ds == NULL) { + dns_free_rr(rr); + return NULL; + } + + rr->u.ds->key_tag = pRec->Data.DS.wKeyTag; + rr->u.ds->algorithm = pRec->Data.DS.chAlgorithm; + rr->u.ds->digest_type = pRec->Data.DS.chDigestType; + rr->u.ds->digest_len = pRec->Data.DS.wDigestLength; + memcpy_s (rr->u.ds->digest_data, pRec->Data.DS.wDigestLength, + pRec->Data.DS.Digest, pRec->Data.DS.wDigestLength); + break; + } +#endif + + default: + dns_free_rr(rr); + return NULL; + } + + rr->next = parse_dns_record(pRec->pNext); + return rr; +} + +ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL +rk_dns_lookup(const char *domain, const char *type_name) +{ + DNS_STATUS status; + int type; + PDNS_RECORD pRec = NULL; + struct rk_dns_reply * r = NULL; + + __try { + + type = rk_dns_string_to_type(type_name); + if(type == -1) { + if(_resolve_debug) + fprintf(stderr, "dns_lookup: unknown resource type: `%s'\n", + type_name); + return NULL; + } + + status = DnsQuery_UTF8(domain, type, DNS_QUERY_STANDARD, NULL, + &pRec, NULL); + if (status != ERROR_SUCCESS) + return NULL; + + r = calloc(1, sizeof(*r)); + r->q.domain = strdup(domain); + r->q.type = type; + r->q.class = 0; + + r->head = parse_dns_record(pRec); + + if (r->head == NULL) { + rk_dns_free_data(r); + return NULL; + } else { + return r; + } + + } __finally { + + if (pRec) + DnsRecordListFree(pRec, DnsFreeRecordList); + + } +} +#endif /* HAVE_WINDNS */ + #else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ -struct dns_reply * ROKEN_LIB_FUNCTION -dns_lookup(const char *domain, const char *type_name) +ROKEN_LIB_FUNCTION struct rk_dns_reply * ROKEN_LIB_CALL +rk_dns_lookup(const char *domain, const char *type_name) { return NULL; } -void ROKEN_LIB_FUNCTION -dns_free_data(struct dns_reply *r) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_dns_free_data(struct rk_dns_reply *r) { } -void ROKEN_LIB_FUNCTION -dns_srv_order(struct dns_reply *r) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_dns_srv_order(struct rk_dns_reply *r) { } diff --git a/crypto/heimdal/lib/roken/resolve.h b/crypto/heimdal/lib/roken/resolve.h index fe83115b1ec..fc1e97fc63b 100644 --- a/crypto/heimdal/lib/roken/resolve.h +++ b/crypto/heimdal/lib/roken/resolve.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,20 +31,26 @@ * SUCH DAMAGE. */ -/* $Id: resolve.h 14773 2005-04-12 11:29:18Z lha $ */ +/* $Id$ */ #ifndef __RESOLVE_H__ #define __RESOLVE_H__ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif -typedef enum { +enum { + rk_ns_c_in = 1 +}; + +enum { rk_ns_t_invalid = 0, /* Cookie. */ rk_ns_t_a = 1, /* Host address. */ rk_ns_t_ns = 2, /* Authoritative server. */ @@ -99,99 +105,38 @@ typedef enum { rk_ns_t_any = 255, /* Wildcard match. */ rk_ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ rk_ns_t_max = 65536 -} rk_ns_type; - -/* We use these, but they are not always present in */ - -#ifndef C_IN -#define C_IN 1 -#endif - -#ifndef T_A -#define T_A 1 -#endif -#ifndef T_NS -#define T_NS 2 -#endif -#ifndef T_CNAME -#define T_CNAME 5 -#endif -#ifndef T_SOA -#define T_SOA 5 -#endif -#ifndef T_PTR -#define T_PTR 12 -#endif -#ifndef T_MX -#define T_MX 15 -#endif -#ifndef T_TXT -#define T_TXT 16 -#endif -#ifndef T_AFSDB -#define T_AFSDB 18 -#endif -#ifndef T_SIG -#define T_SIG 24 -#endif -#ifndef T_KEY -#define T_KEY 25 -#endif -#ifndef T_AAAA -#define T_AAAA 28 -#endif -#ifndef T_SRV -#define T_SRV 33 -#endif -#ifndef T_NAPTR -#define T_NAPTR 35 -#endif -#ifndef T_CERT -#define T_CERT 37 -#endif -#ifndef T_SSHFP -#define T_SSHFP 44 -#endif +}; #ifndef MAXDNAME #define MAXDNAME 1025 #endif -#define dns_query rk_dns_query #define mx_record rk_mx_record #define srv_record rk_srv_record #define key_record rk_key_record #define sig_record rk_sig_record #define cert_record rk_cert_record #define sshfp_record rk_sshfp_record -#define resource_record rk_resource_record -#define dns_reply rk_dns_reply -#define dns_lookup rk_dns_lookup -#define dns_free_data rk_dns_free_data -#define dns_string_to_type rk_dns_string_to_type -#define dns_type_to_string rk_dns_type_to_string -#define dns_srv_order rk_dns_srv_order - -struct dns_query{ +struct rk_dns_query{ char *domain; unsigned type; unsigned class; }; -struct mx_record{ +struct rk_mx_record{ unsigned preference; char domain[1]; }; -struct srv_record{ +struct rk_srv_record{ unsigned priority; unsigned weight; unsigned port; char target[1]; }; -struct key_record { +struct rk_key_record { unsigned flags; unsigned protocol; unsigned algorithm; @@ -199,7 +144,7 @@ struct key_record { u_char key_data[1]; }; -struct sig_record { +struct rk_sig_record { unsigned type; unsigned algorithm; unsigned labels; @@ -208,11 +153,11 @@ struct sig_record { unsigned sig_inception; unsigned key_tag; char *signer; - unsigned sig_len; + size_t sig_len; char sig_data[1]; /* also includes signer */ }; -struct cert_record { +struct rk_cert_record { unsigned type; unsigned tag; unsigned algorithm; @@ -220,22 +165,22 @@ struct cert_record { u_char cert_data[1]; }; -struct sshfp_record { +struct rk_sshfp_record { unsigned algorithm; unsigned type; size_t sshfp_len; u_char sshfp_data[1]; }; -struct ds_record { +struct rk_ds_record { unsigned key_tag; unsigned algorithm; unsigned digest_type; - unsigned digest_len; + size_t digest_len; u_char digest_data[1]; }; -struct resource_record{ +struct rk_resource_record{ char *domain; unsigned type; unsigned class; @@ -243,23 +188,23 @@ struct resource_record{ unsigned size; union { void *data; - struct mx_record *mx; - struct mx_record *afsdb; /* mx and afsdb are identical */ - struct srv_record *srv; + struct rk_mx_record *mx; + struct rk_mx_record *afsdb; /* mx and afsdb are identical */ + struct rk_srv_record *srv; struct in_addr *a; char *txt; - struct key_record *key; - struct cert_record *cert; - struct sig_record *sig; - struct sshfp_record *sshfp; - struct ds_record *ds; + struct rk_key_record *key; + struct rk_cert_record *cert; + struct rk_sig_record *sig; + struct rk_sshfp_record *sshfp; + struct rk_ds_record *ds; }u; - struct resource_record *next; + struct rk_resource_record *next; }; #define rk_DNS_MAX_PACKET_SIZE 0xffff -struct dns_header { +struct rk_dns_header { unsigned id; unsigned flags; #define rk_DNS_HEADER_RESPONSE_FLAG 1 @@ -277,22 +222,30 @@ struct dns_header { unsigned arcount; }; -struct dns_reply{ - struct dns_header h; - struct dns_query q; - struct resource_record *head; +struct rk_dns_reply{ + struct rk_dns_header h; + struct rk_dns_query q; + struct rk_resource_record *head; }; -struct dns_reply* ROKEN_LIB_FUNCTION - dns_lookup(const char *, const char *); -void ROKEN_LIB_FUNCTION - dns_free_data(struct dns_reply *); -int ROKEN_LIB_FUNCTION - dns_string_to_type(const char *name); -const char *ROKEN_LIB_FUNCTION - dns_type_to_string(int type); -void ROKEN_LIB_FUNCTION - dns_srv_order(struct dns_reply*); +#ifdef __cplusplus +extern "C" { +#endif + +ROKEN_LIB_FUNCTION struct rk_dns_reply* ROKEN_LIB_CALL + rk_dns_lookup(const char *, const char *); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL + rk_dns_free_data(struct rk_dns_reply *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_dns_string_to_type(const char *name); +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL + rk_dns_type_to_string(int type); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL + rk_dns_srv_order(struct rk_dns_reply*); + +#ifdef __cplusplus +} +#endif #endif /* __RESOLVE_H__ */ diff --git a/crypto/heimdal/lib/roken/rkpty.c b/crypto/heimdal/lib/roken/rkpty.c new file mode 100644 index 00000000000..f2c62f23f39 --- /dev/null +++ b/crypto/heimdal/lib/roken/rkpty.c @@ -0,0 +1,381 @@ +/* + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#ifndef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_PTY_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#ifdef HAVE_LIBUTIL_H +#include +#endif + +#ifdef STREAMSPTY +#include +#endif /* STREAMPTY */ + +#include "roken.h" +#include + +struct command { + enum { CMD_EXPECT = 0, CMD_SEND, CMD_PASSWORD } type; + unsigned int lineno; + char *str; + struct command *next; +}; + +/* + * + */ + +static struct command *commands, **next = &commands; + +static sig_atomic_t alarmset = 0; + +static int timeout = 10; +static int verbose; +static int help_flag; +static int version_flag; + +static int master; +static int slave; +static char line[256] = { 0 }; + +static void +caught_signal(int signo) +{ + alarmset = signo; +} + + +static void +open_pty(void) +{ +#ifdef _AIX + printf("implement open_pty\n"); + exit(77); +#endif +#if defined(HAVE_OPENPTY) || defined(__linux) || defined(__osf__) /* XXX */ + if(openpty(&master, &slave, line, 0, 0) == 0) + return; +#endif /* HAVE_OPENPTY .... */ +#ifdef STREAMSPTY + { + char *clone[] = { + "/dev/ptc", + "/dev/ptmx", + "/dev/ptm", + "/dev/ptym/clone", + NULL + }; + char **q; + + for(q = clone; *q; q++){ + master = open(*q, O_RDWR); + if(master >= 0){ +#ifdef HAVE_GRANTPT + grantpt(master); +#endif +#ifdef HAVE_UNLOCKPT + unlockpt(master); +#endif + strlcpy(line, ptsname(master), sizeof(line)); + slave = open(line, O_RDWR); + if (slave < 0) + errx(1, "failed to open slave when using %s", *q); + ioctl(slave, I_PUSH, "ptem"); + ioctl(slave, I_PUSH, "ldterm"); + + return; + } + } + } +#endif /* STREAMSPTY */ + + /* more cases, like open /dev/ptmx, etc */ + + exit(77); +} + +/* + * + */ + +static char * +iscmd(const char *buf, const char *s) +{ + size_t len = strlen(s); + if (strncmp(buf, s, len) != 0) + return NULL; + return estrdup(buf + len); +} + +static void +parse_configuration(const char *fn) +{ + struct command *c; + char s[1024]; + char *str; + unsigned int lineno = 0; + FILE *cmd; + + cmd = fopen(fn, "r"); + if (cmd == NULL) + err(1, "open: %s", fn); + + while (fgets(s, sizeof(s), cmd) != NULL) { + + s[strcspn(s, "#\n")] = '\0'; + lineno++; + + c = calloc(1, sizeof(*c)); + if (c == NULL) + errx(1, "malloc"); + + c->lineno = lineno; + (*next) = c; + next = &(c->next); + + if ((str = iscmd(s, "expect ")) != NULL) { + c->type = CMD_EXPECT; + c->str = str; + } else if ((str = iscmd(s, "send ")) != NULL) { + c->type = CMD_SEND; + c->str = str; + } else if ((str = iscmd(s, "password ")) != NULL) { + c->type = CMD_PASSWORD; + c->str = str; + } else + errx(1, "Invalid command on line %d: %s", lineno, s); + } + + fclose(cmd); +} + + +/* + * + */ + +static int +eval_parent(pid_t pid) +{ + struct command *c; + char in; + size_t len = 0; + ssize_t sret; + + for (c = commands; c != NULL; c = c->next) { + switch(c->type) { + case CMD_EXPECT: + if (verbose) + printf("[expecting %s]", c->str); + len = 0; + alarm(timeout); + while((sret = read(master, &in, sizeof(in))) > 0) { + alarm(timeout); + printf("%c", in); + if (c->str[len] != in) { + len = 0; + continue; + } + len++; + if (c->str[len] == '\0') + break; + } + alarm(0); + if (alarmset == SIGALRM) + errx(1, "timeout waiting for %s (line %u)", + c->str, c->lineno); + else if (alarmset) + errx(1, "got a signal %d waiting for %s (line %u)", + alarmset, c->str, c->lineno); + if (sret <= 0) + errx(1, "end command while waiting for %s (line %u)", + c->str, c->lineno); + break; + case CMD_SEND: + case CMD_PASSWORD: { + size_t i = 0; + const char *msg = (c->type == CMD_PASSWORD) ? "****" : c->str; + + if (verbose) + printf("[send %s]", msg); + + len = strlen(c->str); + + while (i < len) { + if (c->str[i] == '\\' && i < len - 1) { + char ctrl; + i++; + switch(c->str[i]) { + case 'n': ctrl = '\n'; break; + case 'r': ctrl = '\r'; break; + case 't': ctrl = '\t'; break; + default: + errx(1, "unknown control char %c (line %u)", + c->str[i], c->lineno); + } + if (net_write(master, &ctrl, 1) != 1) + errx(1, "command refused input (line %u)", c->lineno); + } else { + if (net_write(master, &c->str[i], 1) != 1) + errx(1, "command refused input (line %u)", c->lineno); + } + i++; + } + break; + } + default: + abort(); + } + } + while(read(master, &in, sizeof(in)) > 0) + printf("%c", in); + + if (verbose) + printf("[end of program]\n"); + + /* + * Fetch status from child + */ + { + int ret, status; + + ret = waitpid(pid, &status, 0); + if (ret == -1) + err(1, "waitpid"); + if (WIFEXITED(status) && WEXITSTATUS(status)) + return WEXITSTATUS(status); + else if (WIFSIGNALED(status)) { + printf("killed by signal: %d\n", WTERMSIG(status)); + return 1; + } + } + return 0; +} + +/* + * + */ + +static struct getargs args[] = { + { "timeout", 't', arg_integer, &timeout, "timout", "seconds" }, + { "verbose", 'v', arg_counter, &verbose, "verbose debugging" }, + { "version", 0, arg_flag, &version_flag, "print version" }, + { "help", 0, arg_flag, &help_flag, NULL } +}; + +static void +usage(int ret) +{ + arg_printusage (args, sizeof(args)/sizeof(*args), NULL, "infile command.."); + exit (ret); +} + +int +main(int argc, char **argv) +{ + int optidx = 0; + pid_t pid; + + setprogname(argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); + + if (help_flag) + usage (0); + + if (version_flag) { + fprintf (stderr, "%s from %s-%s\n", getprogname(), PACKAGE, VERSION); + return 0; + } + + argv += optidx; + argc -= optidx; + + if (argc < 2) + usage(1); + + parse_configuration(argv[0]); + + argv += 1; + + open_pty(); + + pid = fork(); + switch (pid) { + case -1: + err(1, "Failed to fork"); + case 0: + + if(setsid()<0) + err(1, "setsid"); + + dup2(slave, STDIN_FILENO); + dup2(slave, STDOUT_FILENO); + dup2(slave, STDERR_FILENO); + closefrom(STDERR_FILENO + 1); + + execvp(argv[0], argv); /* add NULL to end of array ? */ + err(1, "Failed to exec: %s", argv[0]); + default: + close(slave); + { + struct sigaction sa; + + sa.sa_handler = caught_signal; + sa.sa_flags = 0; + sigemptyset (&sa.sa_mask); + + sigaction(SIGALRM, &sa, NULL); + } + + return eval_parent(pid); + } +} diff --git a/crypto/heimdal/lib/roken/roken-common.h b/crypto/heimdal/lib/roken/roken-common.h index b835e880a24..a819d510d03 100644 --- a/crypto/heimdal/lib/roken/roken-common.h +++ b/crypto/heimdal/lib/roken/roken-common.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,18 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h 20867 2007-06-03 21:00:45Z lha $ */ +/* $Id$ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -120,6 +122,8 @@ #define O_ACCMODE 003 #endif +#ifndef _WIN32 + #ifndef _PATH_DEV #define _PATH_DEV "/dev/" #endif @@ -144,6 +148,16 @@ #define MAXPATHLEN (1024+4) #endif +#endif /* !_WIN32 */ + +#ifndef PATH_MAX +#define PATH_MAX MAX_PATH +#endif + +#ifndef RETSIGTYPE +#define RETSIGTYPE void +#endif + #ifndef SIG_ERR #define SIG_ERR ((RETSIGTYPE (*)(int))-1) #endif @@ -207,6 +221,10 @@ #define AI_NUMERICHOST 0x04 #endif +#ifndef AI_NUMERICSERV +#define AI_NUMERICSERV 0x08 +#endif + /* flags for getnameinfo() */ #ifndef NI_DGRAM @@ -261,145 +279,220 @@ ROKEN_CPP_START #ifndef IRIX4 /* fix for compiler bug */ +#ifndef _WIN32 #ifdef RETSIGTYPE typedef RETSIGTYPE (*SigAction)(int); SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ #endif #endif +#endif -int ROKEN_LIB_FUNCTION +#define SE_E_UNSPECIFIED (-1) +#define SE_E_FORKFAILED (-2) +#define SE_E_WAITPIDFAILED (-3) +#define SE_E_EXECTIMEOUT (-4) +#define SE_E_NOEXEC 126 +#define SE_E_NOTFOUND 127 + +#define SE_PROCSTATUS(st) (((st) >= 0 && (st) < 126)? st: -1) +#define SE_PROCSIGNAL(st) (((st) >= 128)? (st) - 128: -1) +#define SE_IS_ERROR(st) ((st) < 0 || (st) >= 126) + + +#define simple_execve rk_simple_execve +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve(const char*, char*const[], char*const[]); -int ROKEN_LIB_FUNCTION -simple_execve_timed(const char *, char *const[], - char *const [], time_t (*)(void *), +#define simple_execve_timed rk_simple_execve_timed +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execve_timed(const char *, char *const[], + char *const [], time_t (*)(void *), void *, time_t); -int ROKEN_LIB_FUNCTION + +#define simple_execvp rk_simple_execvp +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execvp(const char*, char *const[]); -int ROKEN_LIB_FUNCTION -simple_execvp_timed(const char *, char *const[], +#define simple_execvp_timed rk_simple_execvp_timed +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execvp_timed(const char *, char *const[], time_t (*)(void *), void *, time_t); -int ROKEN_LIB_FUNCTION + +#define simple_execlp rk_simple_execlp +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execlp(const char*, ...); -int ROKEN_LIB_FUNCTION +#define simple_execle rk_simple_execle +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execle(const char*, ...); -int ROKEN_LIB_FUNCTION -simple_execl(const char *file, ...); - -int ROKEN_LIB_FUNCTION +#define wait_for_process rk_wait_for_process +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL wait_for_process(pid_t); -int ROKEN_LIB_FUNCTION -wait_for_process_timed(pid_t, time_t (*)(void *), - void *, time_t); -int ROKEN_LIB_FUNCTION +#define wait_for_process_timed rk_wait_for_process_timed +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +wait_for_process_timed(pid_t, time_t (*)(void *), + void *, time_t); + +#define pipe_execv rk_pipe_execv +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL pipe_execv(FILE**, FILE**, FILE**, const char*, ...); -void ROKEN_LIB_FUNCTION +#define print_version rk_print_version +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_version(const char *); -ssize_t ROKEN_LIB_FUNCTION +#define eread rk_eread +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL eread (int fd, void *buf, size_t nbytes); -ssize_t ROKEN_LIB_FUNCTION +#define ewrite rk_ewrite +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL ewrite (int fd, const void *buf, size_t nbytes); struct hostent; -const char * ROKEN_LIB_FUNCTION +#define hostent_find_fqdn rk_hostent_find_fqdn +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hostent_find_fqdn (const struct hostent *); -void ROKEN_LIB_FUNCTION +#define esetenv rk_esetenv +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL esetenv(const char *, const char *, int); -void ROKEN_LIB_FUNCTION +#define socket_set_address_and_port rk_socket_set_address_and_port +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_address_and_port (struct sockaddr *, const void *, int); -size_t ROKEN_LIB_FUNCTION +#define socket_addr_size rk_socket_addr_size +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_addr_size (const struct sockaddr *); -void ROKEN_LIB_FUNCTION +#define socket_set_any rk_socket_set_any +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_any (struct sockaddr *, int); -size_t ROKEN_LIB_FUNCTION +#define socket_sockaddr_size rk_socket_sockaddr_size +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_sockaddr_size (const struct sockaddr *); -void * ROKEN_LIB_FUNCTION -socket_get_address (struct sockaddr *); +#define socket_get_address rk_socket_get_address +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL +socket_get_address (const struct sockaddr *); -int ROKEN_LIB_FUNCTION +#define socket_get_port rk_socket_get_port +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL socket_get_port (const struct sockaddr *); -void ROKEN_LIB_FUNCTION +#define socket_set_port rk_socket_set_port +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_port (struct sockaddr *, int); -void ROKEN_LIB_FUNCTION -socket_set_portrange (int, int, int); +#define socket_set_portrange rk_socket_set_portrange +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_portrange (rk_socket_t, int, int); -void ROKEN_LIB_FUNCTION -socket_set_debug (int); +#define socket_set_debug rk_socket_set_debug +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_debug (rk_socket_t); -void ROKEN_LIB_FUNCTION -socket_set_tos (int, int); +#define socket_set_tos rk_socket_set_tos +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_tos (rk_socket_t, int); -void ROKEN_LIB_FUNCTION -socket_set_reuseaddr (int, int); +#define socket_set_reuseaddr rk_socket_set_reuseaddr +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_reuseaddr (rk_socket_t, int); -void ROKEN_LIB_FUNCTION -socket_set_ipv6only (int, int); +#define socket_set_ipv6only rk_socket_set_ipv6only +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_ipv6only (rk_socket_t, int); -char ** ROKEN_LIB_FUNCTION +#define socket_to_fd rk_socket_to_fd +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +socket_to_fd(rk_socket_t, int); + +#define vstrcollect rk_vstrcollect +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL vstrcollect(va_list *ap); -char ** ROKEN_LIB_FUNCTION +#define strcollect rk_strcollect +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL strcollect(char *first, ...); -void ROKEN_LIB_FUNCTION +#define timevalfix rk_timevalfix +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevalfix(struct timeval *t1); -void ROKEN_LIB_FUNCTION +#define timevaladd rk_timevaladd +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevaladd(struct timeval *t1, const struct timeval *t2); -void ROKEN_LIB_FUNCTION +#define timevalsub rk_timevalsub +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevalsub(struct timeval *t1, const struct timeval *t2); -char *ROKEN_LIB_FUNCTION +#define pid_file_write rk_pid_file_write +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL pid_file_write (const char *progname); -void ROKEN_LIB_FUNCTION +#define pid_file_delete rk_pid_file_delete +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pid_file_delete (char **); -int ROKEN_LIB_FUNCTION +#define read_environment rk_read_environment +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL read_environment(const char *file, char ***env); -void ROKEN_LIB_FUNCTION +#define free_environment rk_free_environment +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL free_environment(char **); -void ROKEN_LIB_FUNCTION -warnerr(int doerrno, const char *fmt, va_list ap) +#define warnerr rk_warnerr +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_warnerr(int doerrno, const char *fmt, va_list ap) __attribute__ ((format (printf, 2, 0))); -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_realloc(void *, size_t); struct rk_strpool; -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_strpoolcollect(struct rk_strpool *); -struct rk_strpool * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL rk_strpoolprintf(struct rk_strpool *, const char *, ...) __attribute__ ((format (printf, 2, 3))); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_strpoolfree(struct rk_strpool *); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dumpdata (const char *, const void *, size_t); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_undumpdata (const char *, void **, size_t *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_xfree (void *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec(int); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec_file(FILE *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_cloexec_dir(DIR *); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +ct_memcmp(const void *, const void *, size_t); + +void ROKEN_LIB_FUNCTION +rk_random_init(void); + ROKEN_CPP_END #endif /* __ROKEN_COMMON_H__ */ diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk index e0c19d7823a..47ae1960a4c 100644 --- a/crypto/heimdal/lib/roken/roken.awk +++ b/crypto/heimdal/lib/roken/roken.awk @@ -1,10 +1,14 @@ -# $Id: roken.awk 15409 2005-06-16 16:29:58Z lha $ +# $Id$ BEGIN { - print "#ifdef HAVE_CONFIG_H" print "#include " - print "#endif" print "#include " + print "#ifdef HAVE_SYS_TYPES_H" + print "#include " + print "#endif" + print "#ifdef HAVE_SYS_SOCKET_H" + print "#include " + print "#endif" print "" print "int main(int argc, char **argv)" print "{" @@ -32,7 +36,6 @@ $1 == "#ifdef" || $1 == "#ifndef" || $1 == "#if" || $1 == "#else" || $1 == "#eli } END { - print "puts(\"#define ROKEN_VERSION \" VERSION );" print "puts(\"\");" print "puts(\"#endif /* __ROKEN_H__ */\");" print "return 0;" diff --git a/crypto/heimdal/lib/roken/roken.h.in b/crypto/heimdal/lib/roken/roken.h.in index cf2ee9ed7bd..ab8c8741ab0 100644 --- a/crypto/heimdal/lib/roken/roken.h.in +++ b/crypto/heimdal/lib/roken/roken.h.in @@ -1,6 +1,6 @@ /* -*- C -*- */ /* - * Copyright (c) 1995-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,8 +32,6 @@ * SUCH DAMAGE. */ -/* $Id: roken.h.in 18612 2006-10-19 16:35:16Z lha $ */ - #include #include #include @@ -43,6 +41,148 @@ #include #include +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +# define ROKEN_LIB_CALL __cdecl +# ifdef ROKEN_LIB_DYNAMIC +# define ROKEN_LIB_FUNCTION __declspec(dllimport) +# define ROKEN_LIB_VARIABLE __declspec(dllimport) +# else +# define ROKEN_LIB_FUNCTION +# define ROKEN_LIB_VARIABLE +# endif +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#define ROKEN_LIB_VARIABLE +#endif +#endif + +#ifdef HAVE_WINSOCK +/* Declarations for Microsoft Windows */ + +#include +#include + +/* + * error codes for inet_ntop/inet_pton + */ +#define EAFNOSUPPORT WSAEAFNOSUPPORT + +typedef SOCKET rk_socket_t; + +#define rk_closesocket(x) closesocket(x) +#define rk_INVALID_SOCKET INVALID_SOCKET +#define rk_IS_BAD_SOCKET(s) ((s) == INVALID_SOCKET) +#define rk_IS_SOCKET_ERROR(rv) ((rv) == SOCKET_ERROR) +#define rk_SOCK_ERRNO WSAGetLastError() + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_SOCK_IOCTL(SOCKET s, long cmd, int * argp); + +/* Microsoft VC 2010 POSIX definitions */ +#ifndef ENOTSOCK +#define ENOTSOCK 128 +#endif +#ifndef ENOTSUP +#define ENOTSUP 129 +#endif +#ifndef EOVERFLOW +#define EOVERFLOW 132 +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT 138 +#endif +#ifndef EWOULDBLOCK +#define EWOULDBLOCK 140 +#endif + +#define rk_SOCK_INIT() rk_WSAStartup() +#define rk_SOCK_EXIT() rk_WSACleanup() + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSAStartup(void); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSACleanup(void); + +#else /* not WinSock */ + +typedef int rk_socket_t; + +#define rk_closesocket(x) close(x) +#define rk_SOCK_IOCTL(s,c,a) ioctl((s),(c),(a)) +#define rk_IS_BAD_SOCKET(s) ((s) < 0) +#define rk_IS_SOCKET_ERROR(rv) ((rv) < 0) +#define rk_SOCK_ERRNO errno +#define rk_INVALID_SOCKET (-1) + +#define rk_SOCK_INIT() 0 +#define rk_SOCK_EXIT() do { } while(0) + +#endif + +#ifndef IN_LOOPBACKNET +#define IN_LOOPBACKNET 127 +#endif + +#ifdef _MSC_VER +/* Declarations for Microsoft Visual C runtime on Windows */ + +#include + +#include + +#ifndef __BIT_TYPES_DEFINED__ +#define __BIT_TYPES_DEFINED__ + +typedef __int8 int8_t; +typedef __int16 int16_t; +typedef __int32 int32_t; +typedef __int64 int64_t; +typedef unsigned __int8 uint8_t; +typedef unsigned __int16 uint16_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +typedef uint8_t u_int8_t; +typedef uint16_t u_int16_t; +typedef uint32_t u_int32_t; +typedef uint64_t u_int64_t; + +#endif /* __BIT_TYPES_DEFINED__ */ + +#define UNREACHABLE(x) x +#define UNUSED_ARGUMENT(x) ((void) x) + +#define RETSIGTYPE void + +#define VOID_RETSIGTYPE 1 + +#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif + +#ifndef CPP_ONLY + +typedef int pid_t; + +typedef unsigned int gid_t; + +typedef unsigned int uid_t; + +typedef unsigned short mode_t; + +#endif + +#ifndef __cplusplus +#define inline __inline +#endif + +#else + +#define UNREACHABLE(x) +#define UNUSED_ARGUMENT(x) + +#endif + #ifdef _AIX struct ether_addr; struct sockaddr_dl; @@ -114,7 +254,7 @@ struct sockaddr_dl; #ifdef HAVE_TERMIOS_H #include #endif -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 +#ifdef HAVE_SYS_IOCTL_H #include #endif #ifdef TIME_WITH_SYS_TIME @@ -125,17 +265,32 @@ struct sockaddr_dl; #else #include #endif -#ifdef HAVE_STRINGS_H -#include -#endif #ifdef HAVE_PATHS_H #include #endif +#ifdef HAVE_DIRENT_H +#include +#endif + +#ifdef BACKSLASH_PATH_DELIM +#define rk_PATH_DELIM '\\' +#endif + #ifndef HAVE_SSIZE_T +#ifndef SSIZE_T_DEFINED +#ifdef ssize_t +#undef ssize_t +#endif +#ifdef _WIN64 +typedef __int64 ssize_t; +#else typedef int ssize_t; #endif +#define SSIZE_T_DEFINED +#endif /* SSIZE_T_DEFINED */ +#endif /* HAVE_SSIZE_T */ #include @@ -151,118 +306,264 @@ ROKEN_CPP_START #define setsid _setsid #endif +#ifdef _MSC_VER +/* Additional macros for Visual C/C++ runtime */ + +#define close _close + +#define getpid _getpid + +#define open _open + +#define chdir _chdir + +#define fsync _commit + +/* The MSVC implementation of snprintf is not C99 compliant. */ +#define snprintf rk_snprintf +#define vsnprintf rk_vsnprintf +#define vasnprintf rk_vasnprintf +#define vasprintf rk_vasprintf +#define asnprintf rk_asnprintf +#define asprintf rk_asprintf + +#define _PIPE_BUFFER_SZ 8192 +#define pipe(fds) _pipe((fds), _PIPE_BUFFER_SZ, O_BINARY); + +#define ftruncate(fd, sz) _chsize((fd), (sz)) + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_snprintf (char *str, size_t sz, const char *format, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_asprintf (char **ret, const char *format, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_asnprintf (char **ret, size_t max_sz, const char *format, ...); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vasprintf (char **ret, const char *format, va_list args); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vasnprintf (char **ret, size_t max_sz, const char *format, va_list args); + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vsnprintf (char *str, size_t sz, const char *format, va_list args); + +/* missing stat.h predicates */ + +#define S_ISREG(m) (((m) & _S_IFREG) == _S_IFREG) + +#define S_ISDIR(m) (((m) & _S_IFDIR) == _S_IFDIR) + +#define S_ISCHR(m) (((m) & _S_IFCHR) == _S_IFCHR) + +#define S_ISFIFO(m) (((m) & _S_IFIFO) == _S_IFIFO) + +/* The following are not implemented: + + S_ISLNK(m) + S_ISSOCK(m) + S_ISBLK(m) +*/ + +#endif /* _MSC_VER */ + +#ifdef HAVE_WINSOCK + +/* While we are at it, define WinSock specific scatter gather socket + I/O. */ + +#define iovec _WSABUF +#define iov_base buf +#define iov_len len + +struct msghdr { + void *msg_name; + socklen_t msg_namelen; + struct iovec *msg_iov; + size_t msg_iovlen; + void *msg_control; + socklen_t msg_controllen; + int msg_flags; +}; + +#define sendmsg sendmsg_w32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +sendmsg_w32(rk_socket_t s, const struct msghdr * msg, int flags); + +#endif /* HAVE_WINSOCK */ + #ifndef HAVE_PUTENV -int ROKEN_LIB_FUNCTION putenv(const char *); +#define putenv rk_putenv +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL putenv(const char *); #endif #if !defined(HAVE_SETENV) || defined(NEED_SETENV_PROTO) -int ROKEN_LIB_FUNCTION setenv(const char *, const char *, int); +#ifndef HAVE_SETENV +#define setenv rk_setenv +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setenv(const char *, const char *, int); #endif #if !defined(HAVE_UNSETENV) || defined(NEED_UNSETENV_PROTO) -void ROKEN_LIB_FUNCTION unsetenv(const char *); +#ifndef HAVE_UNSETENV +#define unsetenv rk_unsetenv +#endif +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL unsetenv(const char *); #endif #if !defined(HAVE_GETUSERSHELL) || defined(NEED_GETUSERSHELL_PROTO) -char * ROKEN_LIB_FUNCTION getusershell(void); -void ROKEN_LIB_FUNCTION endusershell(void); +#ifndef HAVE_GETUSERSHELL +#define getusershell rk_getusershell +#define endusershell rk_endusershell +#endif +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL getusershell(void); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL endusershell(void); #endif #if !defined(HAVE_SNPRINTF) || defined(NEED_SNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION snprintf (char *, size_t, const char *, ...) +#ifndef HAVE_SNPRINTF +#define snprintf rk_snprintf +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_snprintf (char *, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); #endif #if !defined(HAVE_VSNPRINTF) || defined(NEED_VSNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - vsnprintf (char *, size_t, const char *, va_list) +#ifndef HAVE_VSNPRINTF +#define vsnprintf rk_vsnprintf +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_vsnprintf (char *, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); #endif #if !defined(HAVE_ASPRINTF) || defined(NEED_ASPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - asprintf (char **, const char *, ...) +#ifndef HAVE_ASPRINTF +#define asprintf rk_asprintf +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_asprintf (char **, const char *, ...) __attribute__ ((format (printf, 2, 3))); #endif #if !defined(HAVE_VASPRINTF) || defined(NEED_VASPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - vasprintf (char **, const char *, va_list) +#ifndef HAVE_VASPRINTF +#define vasprintf rk_vasprintf +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_vasprintf (char **, const char *, va_list) __attribute__((format (printf, 2, 0))); #endif #if !defined(HAVE_ASNPRINTF) || defined(NEED_ASNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION - asnprintf (char **, size_t, const char *, ...) +#ifndef HAVE_ASNPRINTF +#define asnprintf rk_asnprintf +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_asnprintf (char **, size_t, const char *, ...) __attribute__ ((format (printf, 3, 4))); #endif #if !defined(HAVE_VASNPRINTF) || defined(NEED_VASNPRINTF_PROTO) -int ROKEN_LIB_FUNCTION +#ifndef HAVE_VASNPRINTF +#define vasnprintf rk_vasnprintf +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL vasnprintf (char **, size_t, const char *, va_list) __attribute__((format (printf, 3, 0))); #endif #ifndef HAVE_STRDUP -char * ROKEN_LIB_FUNCTION strdup(const char *); +#define strdup rk_strdup +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strdup(const char *); #endif #if !defined(HAVE_STRNDUP) || defined(NEED_STRNDUP_PROTO) -char * ROKEN_LIB_FUNCTION strndup(const char *, size_t); +#ifndef HAVE_STRNDUP +#define strndup rk_strndup +#endif +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strndup(const char *, size_t); #endif #ifndef HAVE_STRLWR -char * ROKEN_LIB_FUNCTION strlwr(char *); +#define strlwr rk_strlwr +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strlwr(char *); #endif #ifndef HAVE_STRNLEN -size_t ROKEN_LIB_FUNCTION strnlen(const char*, size_t); +#define strnlen rk_strnlen +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strnlen(const char*, size_t); #endif #if !defined(HAVE_STRSEP) || defined(NEED_STRSEP_PROTO) -char * ROKEN_LIB_FUNCTION strsep(char**, const char*); +#ifndef HAVE_STRSEP +#define strsep rk_strsep +#endif +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strsep(char**, const char*); #endif #if !defined(HAVE_STRSEP_COPY) || defined(NEED_STRSEP_COPY_PROTO) -ssize_t ROKEN_LIB_FUNCTION strsep_copy(const char**, const char*, char*, size_t); +#ifndef HAVE_STRSEP_COPY +#define strsep_copy rk_strsep_copy +#endif +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL strsep_copy(const char**, const char*, char*, size_t); #endif #ifndef HAVE_STRCASECMP -int ROKEN_LIB_FUNCTION strcasecmp(const char *, const char *); +#define strcasecmp rk_strcasecmp +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strcasecmp(const char *, const char *); #endif #ifdef NEED_FCLOSE_PROTO -int ROKEN_LIB_FUNCTION fclose(FILE *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fclose(FILE *); #endif #ifdef NEED_STRTOK_R_PROTO -char * ROKEN_LIB_FUNCTION strtok_r(char *, const char *, char **); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strtok_r(char *, const char *, char **); #endif #ifndef HAVE_STRUPR -char * ROKEN_LIB_FUNCTION strupr(char *); +#define strupr rk_strupr +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strupr(char *); #endif #ifndef HAVE_STRLCPY -size_t ROKEN_LIB_FUNCTION strlcpy (char *, const char *, size_t); +#define strlcpy rk_strlcpy +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcpy (char *, const char *, size_t); #endif #ifndef HAVE_STRLCAT -size_t ROKEN_LIB_FUNCTION strlcat (char *, const char *, size_t); +#define strlcat rk_strlcat +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcat (char *, const char *, size_t); #endif #ifndef HAVE_GETDTABLESIZE -int ROKEN_LIB_FUNCTION getdtablesize(void); +#define getdtablesize rk_getdtablesize +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void); #endif #if !defined(HAVE_STRERROR) && !defined(strerror) -char * ROKEN_LIB_FUNCTION strerror(int); +#define strerror rk_strerror +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int); +#endif + +#if (!defined(HAVE_STRERROR_R) && !defined(strerror_r)) || (!defined(STRERROR_R_PROTO_COMPATIBLE) && defined(HAVE_STRERROR_R)) +int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t); +#else +#define rk_strerror_r strerror_r #endif #if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) +#ifndef HAVE_HSTRERROR +#define hstrerror rk_hstrerror +#endif /* This causes a fatal error under Psoriasis */ -#if !(defined(SunOS) && (SunOS >= 50)) -const char * ROKEN_LIB_FUNCTION hstrerror(int); +#ifndef SunOS +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int); #endif #endif @@ -271,118 +572,151 @@ extern int h_errno; #endif #if !defined(HAVE_INET_ATON) || defined(NEED_INET_ATON_PROTO) -int ROKEN_LIB_FUNCTION inet_aton(const char *, struct in_addr *); +#ifndef HAVE_INET_ATON +#define inet_aton rk_inet_aton +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_aton(const char *, struct in_addr *); #endif #ifndef HAVE_INET_NTOP -const char * ROKEN_LIB_FUNCTION +#define inet_ntop rk_inet_ntop +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL inet_ntop(int af, const void *src, char *dst, size_t size); #endif #ifndef HAVE_INET_PTON -int ROKEN_LIB_FUNCTION +#define inet_pton rk_inet_pton +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL inet_pton(int, const char *, void *); #endif -#if !defined(HAVE_GETCWD) -char* ROKEN_LIB_FUNCTION getcwd(char *, size_t); +#ifndef HAVE_GETCWD +#define getcwd rk_getcwd +ROKEN_LIB_FUNCTION char* ROKEN_LIB_CALL getcwd(char *, size_t); #endif #ifdef HAVE_PWD_H #include -struct passwd * ROKEN_LIB_FUNCTION k_getpwnam (const char *); -struct passwd * ROKEN_LIB_FUNCTION k_getpwuid (uid_t); +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwnam (const char *); +ROKEN_LIB_FUNCTION struct passwd * ROKEN_LIB_CALL k_getpwuid (uid_t); #endif -const char * ROKEN_LIB_FUNCTION get_default_username (void); +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL get_default_username (void); #ifndef HAVE_SETEUID -int ROKEN_LIB_FUNCTION seteuid(uid_t); +#define seteuid rk_seteuid +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL seteuid(uid_t); #endif #ifndef HAVE_SETEGID -int ROKEN_LIB_FUNCTION setegid(gid_t); +#define setegid rk_setegid +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setegid(gid_t); #endif #ifndef HAVE_LSTAT -int ROKEN_LIB_FUNCTION lstat(const char *, struct stat *); +#define lstat rk_lstat +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL lstat(const char *, struct stat *); #endif #if !defined(HAVE_MKSTEMP) || defined(NEED_MKSTEMP_PROTO) -int ROKEN_LIB_FUNCTION mkstemp(char *); +#ifndef HAVE_MKSTEMP +#define mkstemp rk_mkstemp +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL mkstemp(char *); #endif #ifndef HAVE_CGETENT -int ROKEN_LIB_FUNCTION cgetent(char **, char **, const char *); -int ROKEN_LIB_FUNCTION cgetstr(char *, const char *, char **); +#define cgetent rk_cgetent +#define cgetstr rk_cgetstr +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetent(char **, char **, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL cgetstr(char *, const char *, char **); #endif #ifndef HAVE_INITGROUPS -int ROKEN_LIB_FUNCTION initgroups(const char *, gid_t); +#define initgroups rk_initgroups +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL initgroups(const char *, gid_t); #endif #ifndef HAVE_FCHOWN -int ROKEN_LIB_FUNCTION fchown(int, uid_t, gid_t); +#define fchown rk_fchown +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL fchown(int, uid_t, gid_t); +#endif + +#ifdef RENAME_DOES_NOT_UNLINK +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_rename(const char *, const char *); +#else +#define rk_rename(__rk_rn_from,__rk_rn_to) rename(__rk_rn_from,__rk_rn_to) #endif #if !defined(HAVE_DAEMON) || defined(NEED_DAEMON_PROTO) -int ROKEN_LIB_FUNCTION daemon(int, int); +#ifndef HAVE_DAEMON +#define daemon rk_daemon #endif - -#ifndef HAVE_INNETGR -int ROKEN_LIB_FUNCTION innetgr(const char *, const char *, - const char *, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL daemon(int, int); #endif #ifndef HAVE_CHOWN -int ROKEN_LIB_FUNCTION chown(const char *, uid_t, gid_t); +#define chown rk_chown +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL chown(const char *, uid_t, gid_t); #endif #ifndef HAVE_RCMD -int ROKEN_LIB_FUNCTION +#define rcmd rk_rcmd +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rcmd(char **, unsigned short, const char *, const char *, const char *, int *); #endif #if !defined(HAVE_INNETGR) || defined(NEED_INNETGR_PROTO) -int ROKEN_LIB_FUNCTION innetgr(const char*, const char*, +#ifndef HAVE_INNETGR +#define innetgr rk_innetgr +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL innetgr(const char*, const char*, const char*, const char*); #endif #ifndef HAVE_IRUSEROK -int ROKEN_LIB_FUNCTION iruserok(unsigned, int, +#define iruserok rk_iruserok +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL iruserok(unsigned, int, const char *, const char *); #endif #if !defined(HAVE_GETHOSTNAME) || defined(NEED_GETHOSTNAME_PROTO) -int ROKEN_LIB_FUNCTION gethostname(char *, int); +#ifndef HAVE_GETHOSTNAME +#define gethostname rk_gethostname +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL gethostname(char *, int); #endif #ifndef HAVE_WRITEV -ssize_t ROKEN_LIB_FUNCTION +#define writev rk_writev +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL writev(int, const struct iovec *, int); #endif #ifndef HAVE_READV -ssize_t ROKEN_LIB_FUNCTION +#define readv rk_readv +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL readv(int, const struct iovec *, int); #endif -#ifndef HAVE_MKSTEMP -int ROKEN_LIB_FUNCTION -mkstemp(char *); -#endif - #ifndef HAVE_PIDFILE -void ROKEN_LIB_FUNCTION pidfile (const char*); +#ifdef NO_PIDFILES +#define pidfile(x) ((void) 0) +#else +#define pidfile rk_pidfile +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pidfile (const char*); +#endif #endif #ifndef HAVE_BSWAP32 -unsigned int ROKEN_LIB_FUNCTION bswap32(unsigned int); +#define bswap32 rk_bswap32 +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL bswap32(unsigned int); #endif #ifndef HAVE_BSWAP16 -unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); +#define bswap16 rk_bswap16 +ROKEN_LIB_FUNCTION unsigned short ROKEN_LIB_CALL bswap16(unsigned short); #endif #ifndef HAVE_FLOCK @@ -399,27 +733,41 @@ unsigned short ROKEN_LIB_FUNCTION bswap16(unsigned short); #define LOCK_UN 8 /* Unlock */ #endif -int flock(int fd, int operation); +#define flock(_x,_y) rk_flock(_x,_y) +int rk_flock(int fd, int operation); #endif /* HAVE_FLOCK */ -time_t ROKEN_LIB_FUNCTION tm2time (struct tm, int); +#ifndef HAVE_DIRFD +#ifdef HAVE_DIR_DD_FD +#define dirfd(x) ((x)->dd_fd) +#else +#ifndef _WIN32 /* Windows code never calls dirfd */ +#error Missing dirfd() and ->dd_fd +#endif +#endif +#endif -int ROKEN_LIB_FUNCTION unix_verify_user(char *, char *); +ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL tm2time (struct tm, int); -int ROKEN_LIB_FUNCTION roken_concat (char *, size_t, ...); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unix_verify_user(char *, char *); -size_t ROKEN_LIB_FUNCTION roken_mconcat (char **, size_t, ...); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_concat (char *, size_t, ...); -int ROKEN_LIB_FUNCTION roken_vconcat (char *, size_t, va_list); +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_mconcat (char **, size_t, ...); -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_vconcat (char *, size_t, va_list); + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL roken_vmconcat (char **, size_t, va_list); -ssize_t ROKEN_LIB_FUNCTION net_write (int, const void *, size_t); +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + net_write (rk_socket_t, const void *, size_t); -ssize_t ROKEN_LIB_FUNCTION net_read (int, void *, size_t); +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL + net_read (rk_socket_t, void *, size_t); -int ROKEN_LIB_FUNCTION issuid(void); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + issuid(void); #ifndef HAVE_STRUCT_WINSIZE struct winsize { @@ -428,43 +776,53 @@ struct winsize { }; #endif -int ROKEN_LIB_FUNCTION get_window_size(int fd, struct winsize *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, int *, int *); #ifndef HAVE_VSYSLOG -void ROKEN_LIB_FUNCTION vsyslog(int, const char *, va_list); +#define vsyslog rk_vsyslog +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int, const char *, va_list); +#endif + +#ifndef HAVE_GETOPT +#define getopt rk_getopt +#define optarg rk_optarg +#define optind rk_optind +#define opterr rk_opterr +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getopt(int nargc, char * const *nargv, const char *ostr); #endif #if !HAVE_DECL_OPTARG -extern char *optarg; +ROKEN_LIB_VARIABLE extern char *optarg; #endif #if !HAVE_DECL_OPTIND -extern int optind; +ROKEN_LIB_VARIABLE extern int optind; #endif #if !HAVE_DECL_OPTERR -extern int opterr; -#endif - -#if !HAVE_DECL_ENVIRON -extern char **environ; +ROKEN_LIB_VARIABLE extern int opterr; #endif #ifndef HAVE_GETIPNODEBYNAME -struct hostent * ROKEN_LIB_FUNCTION +#define getipnodebyname rk_getipnodebyname +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyname (const char *, int, int, int *); #endif #ifndef HAVE_GETIPNODEBYADDR -struct hostent * ROKEN_LIB_FUNCTION +#define getipnodebyaddr rk_getipnodebyaddr +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL getipnodebyaddr (const void *, size_t, int, int *); #endif #ifndef HAVE_FREEHOSTENT -void ROKEN_LIB_FUNCTION +#define freehostent rk_freehostent +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freehostent (struct hostent *); #endif #ifndef HAVE_COPYHOSTENT -struct hostent * ROKEN_LIB_FUNCTION +#define copyhostent rk_copyhostent +ROKEN_LIB_FUNCTION struct hostent * ROKEN_LIB_CALL copyhostent (const struct hostent *); #endif @@ -531,7 +889,8 @@ struct addrinfo { #endif #ifndef HAVE_GETADDRINFO -int ROKEN_LIB_FUNCTION +#define getaddrinfo rk_getaddrinfo +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getaddrinfo(const char *, const char *, const struct addrinfo *, @@ -539,7 +898,8 @@ getaddrinfo(const char *, #endif #ifndef HAVE_GETNAMEINFO -int ROKEN_LIB_FUNCTION +#define getnameinfo rk_getnameinfo +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, @@ -547,73 +907,80 @@ getnameinfo(const struct sockaddr *, socklen_t, #endif #ifndef HAVE_FREEADDRINFO -void ROKEN_LIB_FUNCTION +#define freeaddrinfo rk_freeaddrinfo +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL freeaddrinfo(struct addrinfo *); #endif #ifndef HAVE_GAI_STRERROR -const char * ROKEN_LIB_FUNCTION +#define gai_strerror rk_gai_strerror +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL gai_strerror(int); #endif -int ROKEN_LIB_FUNCTION +#ifdef NO_SLEEP + +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL +sleep(unsigned int seconds); + +#endif + +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getnameinfo_verified(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_getaddrinfo_hostspec2(const char *, int, int, struct addrinfo **); #ifndef HAVE_STRFTIME -size_t ROKEN_LIB_FUNCTION +#define strftime rk_strftime +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strftime (char *, size_t, const char *, const struct tm *); #endif #ifndef HAVE_STRPTIME -char * ROKEN_LIB_FUNCTION +#define strptime rk_strptime +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strptime (const char *, const char *, struct tm *); #endif +#ifndef HAVE_GETTIMEOFDAY +#define gettimeofday rk_gettimeofday +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +gettimeofday (struct timeval *, void *); +#endif + #ifndef HAVE_EMALLOC -void * ROKEN_LIB_FUNCTION emalloc (size_t); +#define emalloc rk_emalloc +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL emalloc (size_t); #endif #ifndef HAVE_ECALLOC -void * ROKEN_LIB_FUNCTION ecalloc(size_t, size_t); +#define ecalloc rk_ecalloc +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL ecalloc(size_t, size_t); #endif #ifndef HAVE_EREALLOC -void * ROKEN_LIB_FUNCTION erealloc (void *, size_t); +#define erealloc rk_erealloc +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL erealloc (void *, size_t); #endif #ifndef HAVE_ESTRDUP -char * ROKEN_LIB_FUNCTION estrdup (const char *); +#define estrdup rk_estrdup +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL estrdup (const char *); #endif /* * kludges and such */ -#if 1 -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_gethostby_setup(const char*, const char*); -struct hostent* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyname(const char*); -struct hostent* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyaddr(const void*, size_t, int); -#else -#ifdef GETHOSTBYNAME_PROTO_COMPATIBLE -#define roken_gethostbyname(x) gethostbyname(x) -#else -#define roken_gethostbyname(x) gethostbyname((char *)x) -#endif - -#ifdef GETHOSTBYADDR_PROTO_COMPATIBLE -#define roken_gethostbyaddr(a, l, t) gethostbyaddr(a, l, t) -#else -#define roken_gethostbyaddr(a, l, t) gethostbyaddr((char *)a, l, t) -#endif -#endif #ifdef GETSERVBYNAME_PROTO_COMPATIBLE #define roken_getservbyname(x,y) getservbyname(x,y) @@ -634,71 +1001,140 @@ roken_gethostbyaddr(const void*, size_t, int); #endif #ifndef HAVE_SETPROGNAME -void ROKEN_LIB_FUNCTION setprogname(const char *); +#define setprogname rk_setprogname +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setprogname(const char *); #endif #ifndef HAVE_GETPROGNAME -const char * ROKEN_LIB_FUNCTION getprogname(void); +#define getprogname rk_getprogname +ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL getprogname(void); #endif #if !defined(HAVE_SETPROGNAME) && !defined(HAVE_GETPROGNAME) && !HAVE_DECL___PROGNAME extern const char *__progname; #endif -void ROKEN_LIB_FUNCTION mini_inetd_addrinfo (struct addrinfo*); -void ROKEN_LIB_FUNCTION mini_inetd (int); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd_addrinfo (struct addrinfo*, rk_socket_t *); + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +mini_inetd (int, rk_socket_t *); #ifndef HAVE_LOCALTIME_R -struct tm * ROKEN_LIB_FUNCTION +#define localtime_r rk_localtime_r +ROKEN_LIB_FUNCTION struct tm * ROKEN_LIB_CALL localtime_r(const time_t *, struct tm *); #endif #if !defined(HAVE_STRSVIS) || defined(NEED_STRSVIS_PROTO) -int ROKEN_LIB_FUNCTION +#ifndef HAVE_STRSVIS +#define strsvis rk_strsvis +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strsvis(char *, const char *, int, const char *); #endif +#if !defined(HAVE_STRSVISX) || defined(NEED_STRSVISX_PROTO) +#ifndef HAVE_STRSVISX +#define strsvisx rk_strsvisx +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +strsvisx(char *, const char *, size_t, int, const char *); +#endif + #if !defined(HAVE_STRUNVIS) || defined(NEED_STRUNVIS_PROTO) -int ROKEN_LIB_FUNCTION +#ifndef HAVE_STRUNVIS +#define strunvis rk_strunvis +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strunvis(char *, const char *); #endif #if !defined(HAVE_STRVIS) || defined(NEED_STRVIS_PROTO) -int ROKEN_LIB_FUNCTION +#ifndef HAVE_STRVIS +#define strvis rk_strvis +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strvis(char *, const char *, int); #endif #if !defined(HAVE_STRVISX) || defined(NEED_STRVISX_PROTO) -int ROKEN_LIB_FUNCTION +#ifndef HAVE_STRVISX +#define strvisx rk_strvisx +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strvisx(char *, const char *, size_t, int); #endif #if !defined(HAVE_SVIS) || defined(NEED_SVIS_PROTO) -char * ROKEN_LIB_FUNCTION +#ifndef HAVE_SVIS +#define svis rk_svis +#endif +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL svis(char *, int, int, int, const char *); #endif #if !defined(HAVE_UNVIS) || defined(NEED_UNVIS_PROTO) -int ROKEN_LIB_FUNCTION +#ifndef HAVE_UNVIS +#define unvis rk_unvis +#endif +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unvis(char *, int, int *, int); #endif #if !defined(HAVE_VIS) || defined(NEED_VIS_PROTO) -char * ROKEN_LIB_FUNCTION +#ifndef HAVE_VIS +#define vis rk_vis +#endif +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL vis(char *, int, int, int); #endif #if !defined(HAVE_CLOSEFROM) -int ROKEN_LIB_FUNCTION +#define closefrom rk_closefrom +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL closefrom(int); #endif #if !defined(HAVE_TIMEGM) #define timegm rk_timegm -time_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL rk_timegm(struct tm *tm); #endif +#ifdef NEED_QSORT +#define qsort rk_qsort +void +rk_qsort(void *, size_t, size_t, int (*)(const void *, const void *)); +#endif + +#if defined(HAVE_ARC4RANDOM) +#define rk_random() arc4random() +#elif defined(HAVE_RANDOM) +#define rk_random() random() +#else +#define rk_random() rand() +#endif + +#ifndef HAVE_TDELETE +#define tdelete(a,b,c) rk_tdelete(a,b,c) +#endif +#ifndef HAVE_TFIND +#define tfind(a,b,c) rk_tfind(a,b,c) +#endif +#ifndef HAVE_TSEARCH +#define tsearch(a,b,c) rk_tsearch(a,b,c) +#endif +#ifndef HAVE_TWALK +#define twalk(a,b) rk_twalk(a,b) +#endif + +#if defined(__linux__) && defined(SOCK_CLOEXEC) && !defined(SOCKET_WRAPPER_REPLACE) && !defined(__SOCKET_WRAPPER_H__) +#undef socket +#define socket(_fam,_type,_prot) rk_socket(_fam,_type,_prot) +int ROKEN_LIB_FUNCTION rk_socket(int, int, int); +#endif + #ifdef SOCKET_WRAPPER_REPLACE #include #endif diff --git a/crypto/heimdal/lib/roken/roken_gethostby.c b/crypto/heimdal/lib/roken/roken_gethostby.c index ff0af86ef4c..1bb560d3baf 100644 --- a/crypto/heimdal/lib/roken/roken_gethostby.c +++ b/crypto/heimdal/lib/roken/roken_gethostby.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: roken_gethostby.c 21157 2007-06-18 22:03:13Z lha $"); -#endif #include "roken.h" @@ -69,11 +66,13 @@ setup_int(const char *proxy_host, short proxy_port, memset(&dns_addr, 0, sizeof(dns_addr)); if(dns_req) free(dns_req); + dns_req = NULL; if(proxy_host) { if(make_address(proxy_host, &dns_addr.sin_addr) != 0) return -1; dns_addr.sin_port = htons(proxy_port); - asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path); + if (asprintf(&dns_req, "http://%s:%d%s", dns_host, dns_port, dns_path) < 0) + return -1; } else { if(make_address(dns_host, &dns_addr.sin_addr) != 0) return -1; @@ -98,25 +97,25 @@ split_spec(const char *spec, char **host, int *port, char **path, int def_port) *port = def_port; p = strchr(p ? p : *host, '/'); if(p) { - if(path) + if(path) *path = strdup(p); *p = '\0'; }else - if(path) + if(path) *path = NULL; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL roken_gethostby_setup(const char *proxy_spec, const char *dns_spec) { char *proxy_host = NULL; int proxy_port = 0; char *dns_host, *dns_path; int dns_port; - + int ret = -1; - + split_spec(dns_spec, &dns_host, &dns_port, &dns_path, 80); if(dns_path == NULL) goto out; @@ -129,7 +128,7 @@ out: free(dns_path); return ret; } - + /* Try to lookup a name or an ip-address using http as transport mechanism. See the end of this file for an example program. */ @@ -138,16 +137,18 @@ roken_gethostby(const char *hostname) { int s; struct sockaddr_in addr; - char *request; + char *request = NULL; char buf[1024]; int offset = 0; int n; char *p, *foo; - + size_t len; + if(dns_addr.sin_family == 0) return NULL; /* no configured host */ addr = dns_addr; - asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname); + if (asprintf(&request, "GET %s?%s HTTP/1.0\r\n\r\n", dns_req, hostname) < 0) + return NULL; if(request == NULL) return NULL; s = socket(AF_INET, SOCK_STREAM, 0); @@ -160,7 +161,9 @@ roken_gethostby(const char *hostname) free(request); return NULL; } - if(write(s, request, strlen(request)) != strlen(request)) { + + len = strlen(request); + if(write(s, request, len) != (ssize_t)len) { close(s); free(request); return NULL; @@ -188,12 +191,12 @@ roken_gethostby(const char *hostname) static char addrs[4 * MAX_ADDRS]; static char *addr_list[MAX_ADDRS + 1]; int num_addrs = 0; - + he.h_name = p; he.h_aliases = NULL; he.h_addrtype = AF_INET; he.h_length = 4; - + while((p = strtok_r(NULL, " \t\r\n", &foo)) && num_addrs < MAX_ADDRS) { struct in_addr ip; inet_aton(p, &ip); @@ -210,7 +213,7 @@ roken_gethostby(const char *hostname) } } -struct hostent* +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyname(const char *hostname) { struct hostent *he; @@ -220,7 +223,7 @@ roken_gethostbyname(const char *hostname) return roken_gethostby(hostname); } -struct hostent* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct hostent* ROKEN_LIB_CALL roken_gethostbyaddr(const void *addr, size_t len, int type) { struct in_addr a; @@ -253,7 +256,7 @@ main(int argc, char **argv) char host[MAXHOSTNAMELEN]; int i; struct hostent *he; - + printf("Content-type: text/plain\n\n"); if(query == NULL) exit(0); diff --git a/crypto/heimdal/lib/roken/rtbl.3 b/crypto/heimdal/lib/roken/rtbl.3 index ccdc73f77a3..0d70918836f 100644 --- a/crypto/heimdal/lib/roken/rtbl.3 +++ b/crypto/heimdal/lib/roken/rtbl.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2004 Kungliga Tekniska Högskolan +.\" Copyright (c) 2004 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). .\" All rights reserved. .\" @@ -28,7 +28,7 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.\" $Id: rtbl.3 22088 2007-11-25 14:10:15Z lha $ +.\" $Id$ .\" .Dd June 26, 2004 .Dt RTBL 3 @@ -89,7 +89,7 @@ would be output from tools such as or .Xr netstat 1 , where you have a fixed number of columns, but don't know the column -widthds before hand. +widths before hand. .Pp A table is created with .Fn rtbl_create diff --git a/crypto/heimdal/lib/roken/rtbl.c b/crypto/heimdal/lib/roken/rtbl.c index dd4328f3620..fe0fde662b8 100644 --- a/crypto/heimdal/lib/roken/rtbl.c +++ b/crypto/heimdal/lib/roken/rtbl.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000, 2002, 2004 Kungliga Tekniska Högskolan + * Copyright (c) 2000, 2002, 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,8 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID ("$Id: rtbl.c 17758 2006-06-30 13:41:40Z lha $"); -#endif + #include "roken.h" #include "rtbl.h" @@ -61,19 +59,19 @@ struct rtbl_data { char *column_separator; }; -rtbl_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL rtbl_create (void) { return calloc (1, sizeof (struct rtbl_data)); } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_set_flags (rtbl_t table, unsigned int flags) { table->flags = flags; } -unsigned int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL rtbl_get_flags (rtbl_t table) { return table->flags; @@ -82,7 +80,7 @@ rtbl_get_flags (rtbl_t table) static struct column_data * rtbl_get_column_by_id (rtbl_t table, unsigned int id) { - int i; + size_t i; for(i = 0; i < table->num_columns; i++) if(table->columns[i]->column_id == id) return table->columns[i]; @@ -92,17 +90,17 @@ rtbl_get_column_by_id (rtbl_t table, unsigned int id) static struct column_data * rtbl_get_column (rtbl_t table, const char *column) { - int i; + size_t i; for(i = 0; i < table->num_columns; i++) if(strcmp(table->columns[i]->header, column) == 0) return table->columns[i]; return NULL; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_destroy (rtbl_t table) { - int i, j; + size_t i, j; for (i = 0; i < table->num_columns; i++) { struct column_data *c = table->columns[i]; @@ -121,8 +119,8 @@ rtbl_destroy (rtbl_t table) free (table); } -int ROKEN_LIB_FUNCTION -rtbl_add_column_by_id (rtbl_t table, unsigned int id, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rtbl_add_column_by_id (rtbl_t table, unsigned int id, const char *header, unsigned int flags) { struct column_data *col, **tmp; @@ -150,13 +148,13 @@ rtbl_add_column_by_id (rtbl_t table, unsigned int id, return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column (rtbl_t table, const char *header, unsigned int flags) { return rtbl_add_column_by_id(table, 0, header, flags); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_new_row(rtbl_t table) { size_t max_rows = 0; @@ -169,7 +167,7 @@ rtbl_new_row(rtbl_t table) if(table->columns[c]->num_rows == max_rows) continue; - tmp = realloc(table->columns[c]->rows, + tmp = realloc(table->columns[c]->rows, max_rows * sizeof(table->columns[c]->rows)); if(tmp == NULL) return ENOMEM; @@ -185,18 +183,18 @@ rtbl_new_row(rtbl_t table) static void column_compute_width (rtbl_t table, struct column_data *column) { - int i; + size_t i; if(table->flags & RTBL_HEADER_STYLE_NONE) column->width = 0; else column->width = strlen (column->header); for (i = 0; i < column->num_rows; i++) - column->width = max (column->width, strlen (column->rows[i].data)); + column->width = max (column->width, (int) strlen (column->rows[i].data)); } /* DEPRECATED */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_prefix (rtbl_t table, const char *prefix) { if (table->column_prefix) @@ -207,7 +205,7 @@ rtbl_set_prefix (rtbl_t table, const char *prefix) return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_separator (rtbl_t table, const char *separator) { if (table->column_separator) @@ -218,7 +216,7 @@ rtbl_set_separator (rtbl_t table, const char *separator) return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_prefix (rtbl_t table, const char *column, const char *prefix) { @@ -234,7 +232,7 @@ rtbl_set_column_prefix (rtbl_t table, const char *column, return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_affix_by_id(rtbl_t table, unsigned int id, const char *prefix, const char *suffix) { @@ -303,7 +301,7 @@ add_column_entry (struct column_data *c, const char *data) return 0; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data) { struct column_data *c = rtbl_get_column_by_id (table, id); @@ -314,7 +312,7 @@ rtbl_add_column_entry_by_id (rtbl_t table, unsigned int id, const char *data) return add_column_entry(c, data); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, const char *fmt, ...) { @@ -332,7 +330,7 @@ rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry (rtbl_t table, const char *column, const char *data) { struct column_data *c = rtbl_get_column (table, column); @@ -343,7 +341,7 @@ rtbl_add_column_entry (rtbl_t table, const char *column, const char *data) return add_column_entry(c, data); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...) { va_list ap; @@ -361,10 +359,10 @@ rtbl_add_column_entryv (rtbl_t table, const char *column, const char *fmt, ...) } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_format (rtbl_t table, FILE * f) { - int i, j; + size_t i, j; for (i = 0; i < table->num_columns; i++) column_compute_width (table, table->columns[i]); diff --git a/crypto/heimdal/lib/roken/rtbl.h b/crypto/heimdal/lib/roken/rtbl.h index 9b168c7e730..549d3a8aa41 100644 --- a/crypto/heimdal/lib/roken/rtbl.h +++ b/crypto/heimdal/lib/roken/rtbl.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 2000,2004 Kungliga Tekniska Högskolan + * Copyright (c) 2000,2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -30,16 +30,18 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: rtbl.h 17760 2006-06-30 13:42:39Z lha $ */ +/* $Id$ */ #ifndef __rtbl_h__ #define __rtbl_h__ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif @@ -60,55 +62,55 @@ typedef struct rtbl_data *rtbl_t; /* flags */ #define RTBL_HEADER_STYLE_NONE 1 -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column (rtbl_t, const char*, unsigned int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_by_id (rtbl_t, unsigned int, const char*, unsigned int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv_by_id (rtbl_t table, unsigned int id, const char *fmt, ...) __attribute__ ((format (printf, 3, 0))); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry (rtbl_t, const char*, const char*); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entryv (rtbl_t, const char*, const char*, ...) __attribute__ ((format (printf, 3, 0))); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_add_column_entry_by_id (rtbl_t, unsigned int, const char*); -rtbl_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION rtbl_t ROKEN_LIB_CALL rtbl_create (void); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_destroy (rtbl_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_format (rtbl_t, FILE*); -unsigned int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION unsigned int ROKEN_LIB_CALL rtbl_get_flags (rtbl_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_new_row (rtbl_t); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_affix_by_id (rtbl_t, unsigned int, const char*, const char*); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_column_prefix (rtbl_t, const char*, const char*); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rtbl_set_flags (rtbl_t, unsigned int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_prefix (rtbl_t, const char*); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rtbl_set_separator (rtbl_t, const char*); #ifdef __cplusplus diff --git a/crypto/heimdal/lib/roken/search.hin b/crypto/heimdal/lib/roken/search.hin new file mode 100644 index 00000000000..f8592c481c3 --- /dev/null +++ b/crypto/heimdal/lib/roken/search.hin @@ -0,0 +1,44 @@ +/*- + * Written by J.T. Conklin + * Public domain. + * + * $NetBSD: search.h,v 1.12 1999/02/22 10:34:28 christos Exp $ + */ + +#ifndef _rk_SEARCH_H_ +#define _rk_SEARCH_H_ 1 + +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32 +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl +#else +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL +#endif +#endif + +#ifndef _WIN32 +#include +#endif +#include + +typedef enum { + preorder, + postorder, + endorder, + leaf +} VISIT; + +ROKEN_CPP_START + +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_tdelete(const void *, void **, + int (*)(const void *, const void *)); +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_tfind(const void *, void * const *, + int (*)(const void *, const void *)); +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_tsearch(const void *, void **, int (*)(const void *, const void *)); +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_twalk(const void *, void (*)(const void *, VISIT, int)); + +ROKEN_CPP_END + +#endif /* !_rk_SEARCH_H_ */ diff --git a/crypto/heimdal/lib/roken/sendmsg.c b/crypto/heimdal/lib/roken/sendmsg.c index e7478bfe2d6..c6853772ad7 100644 --- a/crypto/heimdal/lib/roken/sendmsg.c +++ b/crypto/heimdal/lib/roken/sendmsg.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,15 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: sendmsg.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -ssize_t ROKEN_LIB_FUNCTION -sendmsg(int s, const struct msghdr *msg, int flags) +#ifndef _WIN32 + +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +sendmsg(rk_socket_t s, const struct msghdr *msg, int flags) { ssize_t ret; size_t tot = 0; @@ -63,3 +62,87 @@ sendmsg(int s, const struct msghdr *msg, int flags) free (buf); return ret; } + +#else /* _WIN32 */ + +/*********************************************************************** + * Copyright (c) 2009, Secure Endpoints Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * - Neither the name of Secure Endpoints Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + **********************************************************************/ + +/** + * Implementation of sendmsg() for WIN32 + * + * We are using a contrived definition of msghdr which actually uses + * an array of ::_WSABUF structures instead of ::iovec . This allows + * us to call WSASend directly using the given ::msghdr instead of + * having to allocate another array of ::_WSABUF and copying data for + * each call. + * + * Limitations: + * + * - msg->msg_name is ignored. So is msg->control. + * - WSASend() only supports ::MSG_DONTROUTE, ::MSG_OOB and + * ::MSG_PARTIAL. + * + * @param[in] s The socket to use. + * @param[in] msg The message + * @param[in] flags Flags. A combination of ::MSG_DONTROUTE, + * ::MSG_OOB and ::MSG_PARTIAL + * + * @return The number of bytes sent, on success. Or -1 on error. + */ +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL +sendmsg_w32(rk_socket_t s, const struct msghdr * msg, int flags) +{ + int srv; + DWORD num_bytes_sent = 0; + + /* TODO: For _WIN32_WINNT >= 0x0600 we can use WSASendMsg using + WSAMSG which is a much more direct analogue to sendmsg(). */ + + srv = WSASend(s, msg->msg_iov, msg->msg_iovlen, + &num_bytes_sent, flags, NULL, NULL); + + if (srv == 0) + return (int) num_bytes_sent; + + /* srv == SOCKET_ERROR and WSAGetLastError() == WSA_IO_PENDING + indicates that a non-blocking transfer has been scheduled. + We'll have to check for that if we ever support non-blocking + I/O. */ + + return -1; +} + +#endif /* !_WIN32 */ diff --git a/crypto/heimdal/lib/roken/setegid.c b/crypto/heimdal/lib/roken/setegid.c index 14d99eecb86..d9aef122ddb 100644 --- a/crypto/heimdal/lib/roken/setegid.c +++ b/crypto/heimdal/lib/roken/setegid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: setegid.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #ifdef HAVE_UNISTD_H #include @@ -42,7 +39,7 @@ RCSID("$Id: setegid.c 14773 2005-04-12 11:29:18Z lha $"); #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setegid(gid_t egid) { #ifdef HAVE_SETREGID diff --git a/crypto/heimdal/lib/roken/setenv.c b/crypto/heimdal/lib/roken/setenv.c index 2bf09bec9d8..b4dbefef26f 100644 --- a/crypto/heimdal/lib/roken/setenv.c +++ b/crypto/heimdal/lib/roken/setenv.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: setenv.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -47,20 +44,31 @@ RCSID("$Id: setenv.c 14773 2005-04-12 11:29:18Z lha $"); * anyway. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL setenv(const char *var, const char *val, int rewrite) { - char *t; +#ifndef _WIN32 + char *t = NULL; if (!rewrite && getenv(var) != 0) return 0; - - asprintf (&t, "%s=%s", var, val); - if (t == NULL) + + if (asprintf (&t, "%s=%s", var, val) < 0 || t == NULL) return -1; if (putenv(t) == 0) return 0; else return -1; +#else /* Win32 */ + char dummy[8]; + + if (!rewrite && GetEnvironmentVariable(var, dummy, sizeof(dummy)/sizeof(char)) != 0) + return 0; + + if (SetEnvironmentVariable(var, val) == 0) + return -1; + else + return 0; +#endif } diff --git a/crypto/heimdal/lib/roken/seteuid.c b/crypto/heimdal/lib/roken/seteuid.c index 4f786bbf471..2d8c14829e7 100644 --- a/crypto/heimdal/lib/roken/seteuid.c +++ b/crypto/heimdal/lib/roken/seteuid.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: seteuid.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #ifdef HAVE_UNISTD_H #include @@ -42,7 +39,7 @@ RCSID("$Id: seteuid.c 14773 2005-04-12 11:29:18Z lha $"); #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL seteuid(uid_t euid) { #ifdef HAVE_SETREUID diff --git a/crypto/heimdal/lib/roken/setprogname.c b/crypto/heimdal/lib/roken/setprogname.c index b24c785b1bc..88a5f9bb449 100644 --- a/crypto/heimdal/lib/roken/setprogname.c +++ b/crypto/heimdal/lib/roken/setprogname.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: setprogname.c 15955 2005-08-23 10:19:20Z lha $"); -#endif #include "roken.h" @@ -43,19 +40,52 @@ extern const char *__progname; #endif #ifndef HAVE_SETPROGNAME -void ROKEN_LIB_FUNCTION + +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setprogname(const char *argv0) { + #ifndef HAVE___PROGNAME + const char *p; if(argv0 == NULL) return; p = strrchr(argv0, '/'); + +#ifdef BACKSLASH_PATH_DELIM + { + const char * pb; + + pb = strrchr((p != NULL)? p : argv0, '\\'); + if (pb != NULL) + p = pb; + } +#endif + if(p == NULL) p = argv0; else p++; + +#ifdef _WIN32 + { + char * fn = strdup(p); + char * ext; + + strlwr(fn); + ext = strrchr(fn, '.'); + if (ext != NULL && !strcmp(ext, ".exe")) + *ext = '\0'; + + __progname = fn; + } +#else + __progname = p; + #endif + +#endif /* HAVE___PROGNAME */ } + #endif /* HAVE_SETPROGNAME */ diff --git a/crypto/heimdal/lib/roken/signal.c b/crypto/heimdal/lib/roken/signal.c index e18439040f9..284f1e79261 100644 --- a/crypto/heimdal/lib/roken/signal.c +++ b/crypto/heimdal/lib/roken/signal.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include "roken.h" @@ -50,7 +47,7 @@ RCSID("$Id: signal.c 14773 2005-04-12 11:29:18Z lha $"); * Do we need any extra hacks for SIGCLD and/or SIGCHLD? */ -SigAction ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION SigAction ROKEN_LIB_CALL signal(int iSig, SigAction pAction) { struct sigaction saNew, saOld; diff --git a/crypto/heimdal/lib/roken/simple_exec.c b/crypto/heimdal/lib/roken/simple_exec.c index 447b5bfd027..97679d7e417 100644 --- a/crypto/heimdal/lib/roken/simple_exec.c +++ b/crypto/heimdal/lib/roken/simple_exec.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1998 - 2001, 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -55,13 +52,13 @@ RCSID("$Id: simple_exec.c 21005 2007-06-08 01:54:35Z lha $"); #define EX_NOTFOUND 127 /* return values: - -1 on `unspecified' system errors - -2 on fork failures - -3 on waitpid errors - -4 exec timeout + SE_E_UNSPECIFIED on `unspecified' system errors + SE_E_FORKFAILED on fork failures + SE_E_WAITPIDFAILED on waitpid errors + SE_E_EXECTIMEOUT exec timeout 0- is return value from subprocess - 126 if the program couldn't be executed - 127 if the program couldn't be found + SE_E_NOEXEC if the program couldn't be executed + SE_E_NOTFOUND if the program couldn't be found 128- is 128 + signal that killed subprocess possible values `func' can return: @@ -81,8 +78,8 @@ sigtimeout(int sig) SIGRETURN(0); } -int ROKEN_LIB_FUNCTION -wait_for_process_timed(pid_t pid, time_t (*func)(void *), +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +wait_for_process_timed(pid_t pid, time_t (*func)(void *), void *ptr, time_t timeout) { RETSIGTYPE (*old_func)(int sig) = NULL; @@ -101,7 +98,7 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *), while(waitpid(pid, &status, 0) < 0) { if (errno != EINTR) { - ret = -3; + ret = SE_E_WAITPIDFAILED; goto out; } if (func == NULL) @@ -113,7 +110,7 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *), kill(pid, SIGTERM); continue; } else if (timeout == (time_t)-2) { - ret = -4; + ret = SE_E_EXECTIMEOUT; goto out; } alarm(timeout); @@ -137,14 +134,14 @@ wait_for_process_timed(pid_t pid, time_t (*func)(void *), return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL wait_for_process(pid_t pid) { return wait_for_process_timed(pid, NULL, NULL, 0); } -int ROKEN_LIB_FUNCTION -pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, const char *file, ...) { int in_fd[2], out_fd[2], err_fd[2]; @@ -214,7 +211,7 @@ pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, close(err_fd[0]); close(err_fd[1]); } - return -2; + return SE_E_FORKFAILED; default: if(stdin_fd != NULL) { close(in_fd[0]); @@ -232,52 +229,52 @@ pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, return pid; } -int ROKEN_LIB_FUNCTION -simple_execvp_timed(const char *file, char *const args[], +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +simple_execvp_timed(const char *file, char *const args[], time_t (*func)(void *), void *ptr, time_t timeout) { pid_t pid = fork(); switch(pid){ case -1: - return -2; + return SE_E_FORKFAILED; case 0: execvp(file, args); exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); - default: + default: return wait_for_process_timed(pid, func, ptr, timeout); } } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execvp(const char *file, char *const args[]) { return simple_execvp_timed(file, args, NULL, NULL, 0); } /* gee, I'd like a execvpe */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve_timed(const char *file, char *const args[], char *const envp[], time_t (*func)(void *), void *ptr, time_t timeout) { pid_t pid = fork(); switch(pid){ case -1: - return -2; + return SE_E_FORKFAILED; case 0: execve(file, args, envp); exit((errno == ENOENT) ? EX_NOTFOUND : EX_NOEXEC); - default: + default: return wait_for_process_timed(pid, func, ptr, timeout); } } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execve(const char *file, char *const args[], char *const envp[]) { return simple_execve_timed(file, args, envp, NULL, NULL, 0); } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execlp(const char *file, ...) { va_list ap; @@ -288,13 +285,13 @@ simple_execlp(const char *file, ...) argv = vstrcollect(&ap); va_end(ap); if(argv == NULL) - return -1; + return SE_E_UNSPECIFIED; ret = simple_execvp(file, argv); free(argv); return ret; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL simple_execle(const char *file, ... /* ,char *const envp[] */) { va_list ap; @@ -307,25 +304,8 @@ simple_execle(const char *file, ... /* ,char *const envp[] */) envp = va_arg(ap, char **); va_end(ap); if(argv == NULL) - return -1; + return SE_E_UNSPECIFIED; ret = simple_execve(file, argv, envp); free(argv); return ret; } - -int ROKEN_LIB_FUNCTION -simple_execl(const char *file, ...) -{ - va_list ap; - char **argv; - int ret; - - va_start(ap, file); - argv = vstrcollect(&ap); - va_end(ap); - if(argv == NULL) - return -1; - ret = simple_execve(file, argv, environ); - free(argv); - return ret; -} diff --git a/crypto/heimdal/lib/roken/snprintf-test.c b/crypto/heimdal/lib/roken/snprintf-test.c index 047d54b63ff..adfcb713f61 100644 --- a/crypto/heimdal/lib/roken/snprintf-test.c +++ b/crypto/heimdal/lib/roken/snprintf-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,15 +30,10 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif -#include "snprintf-test.h" #include "roken.h" #include -RCSID("$Id: snprintf-test.c 21627 2007-07-17 10:53:17Z lha $"); - static int try (const char *format, ...) { @@ -47,7 +42,7 @@ try (const char *format, ...) char buf1[256], buf2[256]; va_start (ap, format); - ret = vsnprintf (buf1, sizeof(buf1), format, ap); + ret = rk_vsnprintf (buf1, sizeof(buf1), format, ap); if (ret >= sizeof(buf1)) errx (1, "increase buf and try again"); va_end (ap); @@ -224,7 +219,7 @@ cmp_with_sprintf_float (void) static int test_null (void) { - return snprintf (NULL, 0, "foo") != 3; + return rk_snprintf (NULL, 0, "foo") != 3; } static int @@ -242,7 +237,7 @@ test_sizet (void) tot += try("%zX", sizet_values[i]); #else char buf[256]; - snprintf(buf, sizeof(buf), "%zu", sizet_values[i]); + rk_snprintf(buf, sizeof(buf), "%zu", sizet_values[i]); if (strcmp(buf, result[i]) != 0) { printf("%s != %s", buf, result[i]); tot++; diff --git a/crypto/heimdal/lib/roken/snprintf-test.h b/crypto/heimdal/lib/roken/snprintf-test.h deleted file mode 100644 index d672873679b..00000000000 --- a/crypto/heimdal/lib/roken/snprintf-test.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* $Id: snprintf-test.h 10377 2001-07-19 18:39:14Z assar $ */ - -#ifndef __SNPRINTF_TEST_H__ -#define __SNPRINTF_TEST_H__ - -/* - * we cannot use the real names of the functions when testing, since - * they might have different prototypes as the system functions, hence - * these evil hacks - */ - -#define snprintf test_snprintf -#define asprintf test_asprintf -#define asnprintf test_asnprintf -#define vasprintf test_vasprintf -#define vasnprintf test_vasnprintf -#define vsnprintf test_vsnprintf - -#endif /* __SNPRINTF_TEST_H__ */ diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c index 6b3352f96b8..88e996c671f 100644 --- a/crypto/heimdal/lib/roken/snprintf.c +++ b/crypto/heimdal/lib/roken/snprintf.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,13 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: snprintf.c 21005 2007-06-08 01:54:35Z lha $"); -#endif -#if defined(TEST_SNPRINTF) -#include "snprintf-test.h" -#endif /* TEST_SNPRINTF */ #include #include #include @@ -125,10 +119,10 @@ typedef long longest; -static int +static size_t pad(struct snprintf_state *state, int width, char c) { - int len = 0; + size_t len = 0; while(width-- > 0){ (*state->append_char)(state, c); ++len; @@ -186,9 +180,9 @@ append_number(struct snprintf_state *state, signchar = ' '; else signchar = '\0'; - + if((flags & alternate_flag) && base == 8) { - /* if necessary, increase the precision to + /* if necessary, increase the precision to make first digit a zero */ /* XXX C99 claims (regarding # and %o) that "if the value and @@ -196,7 +190,7 @@ append_number(struct snprintf_state *state, no such wording for %x. This would mean that %#.o would output "0", but %#.x "". This does not make sense, and is also not what other printf implementations are doing. */ - + if(prec <= nlen && nstr[nstart] != '0' && nstr[nstart] != '\0') prec = nlen + 1; } @@ -214,13 +208,13 @@ append_number(struct snprintf_state *state, width -= prec; else width -= nlen; - + if(use_alternative(flags, num, base)) width -= 2; - + if(signchar != '\0') width--; - + /* pad to width */ len += pad(state, width, ' '); } @@ -242,12 +236,12 @@ append_number(struct snprintf_state *state, } else /* pad to prec with zeros */ len += pad(state, prec - nlen, '0'); - + while(nstr[nstart] != '\0') { (*state->append_char)(state, nstr[nstart++]); ++len; } - + if(flags & minus_flag) len += pad(state, width - len, ' '); @@ -258,14 +252,14 @@ append_number(struct snprintf_state *state, * return length */ -static int +static size_t append_string (struct snprintf_state *state, const unsigned char *arg, int width, int prec, int flags) { - int len = 0; + size_t len = 0; if(arg == NULL) arg = (const unsigned char*)"(null)"; @@ -350,12 +344,12 @@ else \ * zyxprintf - return length, as snprintf */ -static int +static size_t xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) { const unsigned char *format = (const unsigned char *)char_format; unsigned char c; - int len = 0; + size_t len = 0; while((c = *format++)) { if (c == '%') { @@ -384,7 +378,7 @@ xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) else break; } - + if((flags & space_flag) && (flags & plus_flag)) flags ^= space_flag; @@ -446,7 +440,7 @@ xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) len += append_string(state, va_arg(ap, unsigned char*), width, - prec, + prec, flags); break; case 'd' : @@ -504,7 +498,7 @@ xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) break; } case 'p' : { - unsigned long arg = (unsigned long)va_arg(ap, void*); + u_longest arg = (u_longest)va_arg(ap, void*); len += append_number (state, arg, 0x10, "0123456789ABCDEF", width, prec, flags, 0); @@ -537,8 +531,8 @@ xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) } #if !defined(HAVE_SNPRINTF) || defined(TEST_SNPRINTF) -int ROKEN_LIB_FUNCTION -snprintf (char *str, size_t sz, const char *format, ...) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_snprintf (char *str, size_t sz, const char *format, ...) { va_list args; int ret; @@ -570,8 +564,8 @@ snprintf (char *str, size_t sz, const char *format, ...) #endif #if !defined(HAVE_ASPRINTF) || defined(TEST_SNPRINTF) -int ROKEN_LIB_FUNCTION -asprintf (char **ret, const char *format, ...) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_asprintf (char **ret, const char *format, ...) { va_list args; int val; @@ -602,8 +596,8 @@ asprintf (char **ret, const char *format, ...) #endif #if !defined(HAVE_ASNPRINTF) || defined(TEST_SNPRINTF) -int ROKEN_LIB_FUNCTION -asnprintf (char **ret, size_t max_sz, const char *format, ...) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_asnprintf (char **ret, size_t max_sz, const char *format, ...) { va_list args; int val; @@ -632,8 +626,8 @@ asnprintf (char **ret, size_t max_sz, const char *format, ...) #endif #if !defined(HAVE_VASPRINTF) || defined(TEST_SNPRINTF) -int ROKEN_LIB_FUNCTION -vasprintf (char **ret, const char *format, va_list args) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vasprintf (char **ret, const char *format, va_list args) { return vasnprintf (ret, 0, format, args); } @@ -641,10 +635,10 @@ vasprintf (char **ret, const char *format, va_list args) #if !defined(HAVE_VASNPRINTF) || defined(TEST_SNPRINTF) -int ROKEN_LIB_FUNCTION -vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) { - int st; + size_t st; struct snprintf_state state; state.max_sz = max_sz; @@ -680,8 +674,8 @@ vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) #endif #if !defined(HAVE_VSNPRINTF) || defined(TEST_SNPRINTF) -int ROKEN_LIB_FUNCTION -vsnprintf (char *str, size_t sz, const char *format, va_list args) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_vsnprintf (char *str, size_t sz, const char *format, va_list args) { struct snprintf_state state; int ret; diff --git a/crypto/heimdal/lib/roken/socket.c b/crypto/heimdal/lib/roken/socket.c index a82dd0186c9..017d6252ea1 100644 --- a/crypto/heimdal/lib/roken/socket.c +++ b/crypto/heimdal/lib/roken/socket.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include "roken.h" #include @@ -43,7 +40,7 @@ RCSID("$Id: socket.c 21005 2007-06-08 01:54:35Z lha $"); * Set `sa' to the unitialized address of address family `af' */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_any (struct sockaddr *sa, int af) { switch (af) { @@ -77,7 +74,7 @@ socket_set_any (struct sockaddr *sa, int af) * set `sa' to (`ptr', `port') */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port) { switch (sa->sa_family) { @@ -111,7 +108,7 @@ socket_set_address_and_port (struct sockaddr *sa, const void *ptr, int port) * Return the size of an address of the type in `sa' */ -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_addr_size (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -122,8 +119,7 @@ socket_addr_size (const struct sockaddr *sa) return sizeof(struct in6_addr); #endif default : - errx (1, "unknown address family %d", sa->sa_family); - break; + return 0; } } @@ -131,7 +127,7 @@ socket_addr_size (const struct sockaddr *sa) * Return the size of a `struct sockaddr' in `sa'. */ -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL socket_sockaddr_size (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -141,9 +137,8 @@ socket_sockaddr_size (const struct sockaddr *sa) case AF_INET6 : return sizeof(struct sockaddr_in6); #endif - default : - errx (1, "unknown address family %d", sa->sa_family); - break; + default: + return 0; } } @@ -151,23 +146,22 @@ socket_sockaddr_size (const struct sockaddr *sa) * Return the binary address of `sa'. */ -void * ROKEN_LIB_FUNCTION -socket_get_address (struct sockaddr *sa) +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL +socket_get_address (const struct sockaddr *sa) { switch (sa->sa_family) { case AF_INET : { - struct sockaddr_in *sin4 = (struct sockaddr_in *)sa; - return &sin4->sin_addr; + const struct sockaddr_in *sin4 = (const struct sockaddr_in *)sa; + return rk_UNCONST(&sin4->sin_addr); } #ifdef HAVE_IPV6 case AF_INET6 : { - struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; - return &sin6->sin6_addr; + const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; + return rk_UNCONST(&sin6->sin6_addr); } #endif - default : - errx (1, "unknown address family %d", sa->sa_family); - break; + default: + return NULL; } } @@ -175,7 +169,7 @@ socket_get_address (struct sockaddr *sa) * Return the port number from `sa'. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL socket_get_port (const struct sockaddr *sa) { switch (sa->sa_family) { @@ -190,8 +184,7 @@ socket_get_port (const struct sockaddr *sa) } #endif default : - errx (1, "unknown address family %d", sa->sa_family); - break; + return 0; } } @@ -199,7 +192,7 @@ socket_get_port (const struct sockaddr *sa) * Set the port in `sa' to `port'. */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_port (struct sockaddr *sa, int port) { switch (sa->sa_family) { @@ -224,40 +217,33 @@ socket_set_port (struct sockaddr *sa, int port) /* * Set the range of ports to use when binding with port = 0. */ -void ROKEN_LIB_FUNCTION -socket_set_portrange (int sock, int restr, int af) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_portrange (rk_socket_t sock, int restr, int af) { #if defined(IP_PORTRANGE) if (af == AF_INET) { int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT; - if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, - sizeof(on)) < 0) - warn ("setsockopt IP_PORTRANGE (ignored)"); + setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, sizeof(on)); } #endif #if defined(IPV6_PORTRANGE) if (af == AF_INET6) { - int on = restr ? IPV6_PORTRANGE_HIGH : - IPV6_PORTRANGE_DEFAULT; - if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, - sizeof(on)) < 0) - warn ("setsockopt IPV6_PORTRANGE (ignored)"); + int on = restr ? IPV6_PORTRANGE_HIGH : IPV6_PORTRANGE_DEFAULT; + setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, sizeof(on)); } #endif } - + /* * Enable debug on `sock'. */ -void ROKEN_LIB_FUNCTION -socket_set_debug (int sock) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_debug (rk_socket_t sock) { #if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) int on = 1; - - if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0) - warn ("setsockopt SO_DEBUG (ignored)"); + setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)); #endif } @@ -265,13 +251,11 @@ socket_set_debug (int sock) * Set the type-of-service of `sock' to `tos'. */ -void ROKEN_LIB_FUNCTION -socket_set_tos (int sock, int tos) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_tos (rk_socket_t sock, int tos) { #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0) - if (errno != EINVAL) - warn ("setsockopt TOS (ignored)"); + setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(int)); #endif } @@ -279,13 +263,11 @@ socket_set_tos (int sock, int tos) * set the reuse of addresses on `sock' to `val'. */ -void ROKEN_LIB_FUNCTION -socket_set_reuseaddr (int sock, int val) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_reuseaddr (rk_socket_t sock, int val) { #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) - if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, - sizeof(val)) < 0) - err (1, "setsockopt SO_REUSEADDR"); + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, sizeof(val)); #endif } @@ -293,10 +275,62 @@ socket_set_reuseaddr (int sock, int val) * Set the that the `sock' should bind to only IPv6 addresses. */ -void ROKEN_LIB_FUNCTION -socket_set_ipv6only (int sock, int val) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +socket_set_ipv6only (rk_socket_t sock, int val) { #if defined(IPV6_V6ONLY) && defined(HAVE_SETSOCKOPT) setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&val, sizeof(val)); #endif } + +/** + * Create a file descriptor from a socket + * + * While the socket handle in \a sock can be used with WinSock + * functions after calling socket_to_fd(), it should not be closed + * with rk_closesocket(). The socket will be closed when the associated + * file descriptor is closed. + */ +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +socket_to_fd(rk_socket_t sock, int flags) +{ +#ifndef _WIN32 + return sock; +#else + return _open_osfhandle((intptr_t) sock, flags); +#endif +} + +#ifdef HAVE_WINSOCK +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_SOCK_IOCTL(SOCKET s, long cmd, int * argp) { + u_long ul = (argp)? *argp : 0; + int rv; + + rv = ioctlsocket(s, cmd, &ul); + if (argp) + *argp = (int) ul; + return rv; +} +#endif + +#ifndef HEIMDAL_SMALLER +#undef socket + +int rk_socket(int, int, int); + +int +rk_socket(int domain, int type, int protocol) +{ + int s; + s = socket (domain, type, protocol); +#ifdef SOCK_CLOEXEC + if ((SOCK_CLOEXEC & type) && s < 0 && errno == EINVAL) { + type &= ~SOCK_CLOEXEC; + s = socket (domain, type, protocol); + } +#endif + return s; +} + +#endif /* HEIMDAL_SMALLER */ diff --git a/crypto/heimdal/lib/roken/socket_wrapper.c b/crypto/heimdal/lib/roken/socket_wrapper.c index 9e6bfdd0981..94389494b19 100644 --- a/crypto/heimdal/lib/roken/socket_wrapper.c +++ b/crypto/heimdal/lib/roken/socket_wrapper.c @@ -3,22 +3,22 @@ * Copyright (C) Stefan Metzmacher 2006 * * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the author nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -59,9 +59,7 @@ #else /* _SAMBA_BUILD_ */ -#ifdef HAVE_CONFIG_H #include -#endif #undef SOCKET_WRAPPER_REPLACE #include @@ -131,7 +129,7 @@ /* LD_PRELOAD doesn't work yet, so REWRITE_CALLS is all we support * for now */ -#define REWRITE_CALLS +#define REWRITE_CALLS #ifdef REWRITE_CALLS #define real_accept accept @@ -161,8 +159,8 @@ /* we need to use a very terse format here as IRIX 6.4 silently truncates names to 16 chars, so if we use a longer name then we - can't tell which port a packet came from with recvfrom() - + can't tell which port a packet came from with recvfrom() + with this format we have 8 chars left for the directory name */ #define SOCKET_FORMAT "%c%02X%04X" @@ -298,7 +296,7 @@ static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, sock case SOCKET_TYPE_CHAR_TCP: case SOCKET_TYPE_CHAR_UDP: { struct sockaddr_in *in2 = (struct sockaddr_in *)in; - + if ((*len) < sizeof(*in2)) { errno = EINVAL; return -1; @@ -316,7 +314,7 @@ static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, sock case SOCKET_TYPE_CHAR_TCP_V6: case SOCKET_TYPE_CHAR_UDP_V6: { struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)in; - + if ((*len) < sizeof(*in2)) { errno = EINVAL; return -1; @@ -351,7 +349,7 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i switch (si->family) { case AF_INET: { - const struct sockaddr_in *in = + const struct sockaddr_in *in = (const struct sockaddr_in *)inaddr; unsigned int addr = ntohl(in->sin_addr.s_addr); char u_type = '\0'; @@ -394,7 +392,7 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i } #ifdef HAVE_IPV6 case AF_INET6: { - const struct sockaddr_in6 *in = + const struct sockaddr_in6 *in = (const struct sockaddr_in6 *)inaddr; switch (si->type) { @@ -410,7 +408,7 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i prt = ntohs(in->sin6_port); iface = SW_IPV6_ADDRESS; - + break; } #endif @@ -425,13 +423,13 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i } if (is_bcast) { - snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL", + snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL", socket_wrapper_dir()); /* the caller need to do more processing */ return 0; } - snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, + snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, socket_wrapper_dir(), type, iface, prt); return 0; @@ -450,7 +448,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in switch (si->family) { case AF_INET: { - const struct sockaddr_in *in = + const struct sockaddr_in *in = (const struct sockaddr_in *)inaddr; unsigned int addr = ntohl(in->sin_addr.s_addr); char u_type = '\0'; @@ -501,7 +499,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in } #ifdef HAVE_IPV6 case AF_INET6: { - const struct sockaddr_in6 *in = + const struct sockaddr_in6 *in = (const struct sockaddr_in6 *)inaddr; switch (si->type) { @@ -517,7 +515,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in prt = ntohs(in->sin6_port); iface = SW_IPV6_ADDRESS; - + break; } #endif @@ -532,7 +530,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in if (prt == 0) { /* handle auto-allocation of ephemeral ports */ for (prt = 5001; prt < 10000; prt++) { - snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, + snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, socket_wrapper_dir(), type, iface, prt); if (stat(un->sun_path, &st) == 0) continue; @@ -540,7 +538,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in } } - snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, + snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT, socket_wrapper_dir(), type, iface, prt); return 0; } @@ -549,14 +547,14 @@ static struct socket_info *find_socket_info(int fd) { struct socket_info *i; for (i = sockets; i; i = i->next) { - if (i->fd == fd) + if (i->fd == fd) return i; } return NULL; } -static int sockaddr_convert_to_un(struct socket_info *si, const struct sockaddr *in_addr, socklen_t in_len, +static int sockaddr_convert_to_un(struct socket_info *si, const struct sockaddr *in_addr, socklen_t in_len, struct sockaddr_un *out_addr, int alloc_sock, int *bcast) { if (!out_addr) @@ -585,19 +583,19 @@ static int sockaddr_convert_to_un(struct socket_info *si, const struct sockaddr default: break; } - + errno = EAFNOSUPPORT; return -1; } -static int sockaddr_convert_from_un(const struct socket_info *si, - const struct sockaddr_un *in_addr, +static int sockaddr_convert_from_un(const struct socket_info *si, + const struct sockaddr_un *in_addr, socklen_t un_addrlen, int family, struct sockaddr *out_addr, socklen_t *out_addrlen) { - if (out_addr == NULL || out_addrlen == NULL) + if (out_addr == NULL || out_addrlen == NULL) return 0; if (un_addrlen == 0) { @@ -650,7 +648,7 @@ enum swrap_packet_type { struct swrap_file_hdr { unsigned long magic; - unsigned short version_major; + unsigned short version_major; unsigned short version_minor; long timezone; unsigned long sigfigs; @@ -732,7 +730,7 @@ static const char *socket_wrapper_pcap_file(void) /* * TODO: don't use the structs use plain buffer offsets * and PUSH_U8(), PUSH_U16() and PUSH_U32() - * + * * for now make sure we disable PCAP support * if the struct has alignment! */ @@ -913,7 +911,7 @@ static int swrap_get_pcap_fd(const char *fname) if (fd != -1) { struct swrap_file_hdr file_hdr; file_hdr.magic = 0xA1B2C3D4; - file_hdr.version_major = 0x0002; + file_hdr.version_major = 0x0002; file_hdr.version_minor = 0x0004; file_hdr.timezone = 0x00000000; file_hdr.sigfigs = 0x00000000; @@ -1284,7 +1282,7 @@ _PUBLIC_ int swrap_accept(int s, struct sockaddr *addr, socklen_t *addrlen) return real_accept(s, addr, addrlen); } - /* + /* * assume out sockaddr have the same size as the in parent * socket family */ @@ -1412,7 +1410,7 @@ static int swrap_auto_bind(struct socket_info *si) memset(&in, 0, sizeof(in)); in.sin_family = AF_INET; - in.sin_addr.s_addr = htonl(127<<24 | + in.sin_addr.s_addr = htonl(127<<24 | socket_wrapper_default_iface()); si->myname_len = sizeof(in); @@ -1454,11 +1452,11 @@ static int swrap_auto_bind(struct socket_info *si) for (i=0;i<1000;i++) { port = autobind_start + i; - snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), + snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT, socket_wrapper_dir(), type, socket_wrapper_default_iface(), port); if (stat(un_addr.sun_path, &st) == 0) continue; - + ret = real_bind(si->fd, (struct sockaddr *)&un_addr, sizeof(un_addr)); if (ret == -1) return ret; @@ -1503,7 +1501,7 @@ _PUBLIC_ int swrap_connect(int s, const struct sockaddr *serv_addr, socklen_t ad swrap_dump_packet(si, serv_addr, SWRAP_CONNECT_SEND, NULL, 0); - ret = real_connect(s, (struct sockaddr *)&un_addr, + ret = real_connect(s, (struct sockaddr *)&un_addr, sizeof(struct sockaddr_un)); /* to give better errors */ @@ -1610,7 +1608,7 @@ _PUBLIC_ int swrap_getsockopt(int s, int level, int optname, void *optval, sockl if (level == SOL_SOCKET) { return real_getsockopt(s, level, optname, optval, optlen); - } + } errno = ENOPROTOOPT; return -1; @@ -1651,7 +1649,7 @@ _PUBLIC_ ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags, struct /* irix 6.4 forgets to null terminate the sun_path string :-( */ memset(&un_addr, 0, sizeof(un_addr)); ret = real_recvfrom(s, buf, len, flags, (struct sockaddr *)&un_addr, &un_addrlen); - if (ret == -1) + if (ret == -1) return ret; if (sockaddr_convert_from_un(si, &un_addr, un_addrlen, @@ -1685,32 +1683,32 @@ _PUBLIC_ ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, con ret = swrap_auto_bind(si); if (ret == -1) return -1; } - + ret = sockaddr_convert_to_un(si, to, tolen, &un_addr, 0, &bcast); if (ret == -1) return -1; - + if (bcast) { struct stat st; unsigned int iface; unsigned int prt = ntohs(((const struct sockaddr_in *)to)->sin_port); char type; - + type = SOCKET_TYPE_CHAR_UDP; - + for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) { - snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT, + snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT, socket_wrapper_dir(), type, iface, prt); if (stat(un_addr.sun_path, &st) != 0) continue; - + /* ignore the any errors in broadcast sends */ real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr)); } - + swrap_dump_packet(si, to, SWRAP_SENDTO, buf, len); - + return len; } - + ret = real_sendto(s, buf, len, flags, (struct sockaddr *)&un_addr, sizeof(un_addr)); break; default: @@ -1718,7 +1716,7 @@ _PUBLIC_ ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags, con errno = EHOSTUNREACH; break; } - + /* to give better errors */ if (ret == -1 && errno == ENOENT) { errno = EHOSTUNREACH; @@ -1858,7 +1856,7 @@ dup_internal(const struct socket_info *si_oldd, int fd) si_newd->myname = sockaddr_dup(si_oldd->myname, si_oldd->myname_len); si_newd->myname_len = si_oldd->myname_len; - si_newd->peername = + si_newd->peername = sockaddr_dup(si_oldd->peername, si_oldd->peername_len); si_newd->peername_len = si_oldd->peername_len; diff --git a/crypto/heimdal/lib/roken/socket_wrapper.h b/crypto/heimdal/lib/roken/socket_wrapper.h index 316b024326b..06fd63305d9 100644 --- a/crypto/heimdal/lib/roken/socket_wrapper.h +++ b/crypto/heimdal/lib/roken/socket_wrapper.h @@ -3,22 +3,22 @@ * Copyright (C) Stefan Metzmacher 2006 * * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the author nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE diff --git a/crypto/heimdal/lib/roken/strcasecmp.c b/crypto/heimdal/lib/roken/strcasecmp.c index 4788d4fb512..00a0a8ef023 100644 --- a/crypto/heimdal/lib/roken/strcasecmp.c +++ b/crypto/heimdal/lib/roken/strcasecmp.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strcasecmp.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include @@ -43,7 +40,7 @@ RCSID("$Id: strcasecmp.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_STRCASECMP -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strcasecmp(const char *s1, const char *s2) { while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) { diff --git a/crypto/heimdal/lib/roken/strcollect.c b/crypto/heimdal/lib/roken/strcollect.c index f29189159e1..0afc3f0c62e 100644 --- a/crypto/heimdal/lib/roken/strcollect.c +++ b/crypto/heimdal/lib/roken/strcollect.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strcollect.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -69,7 +66,7 @@ sub (char **argv, int i, int argc, va_list *ap) * terminated by NULL. */ -char ** ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL vstrcollect(va_list *ap) { return sub (NULL, 0, 0, ap); @@ -79,7 +76,7 @@ vstrcollect(va_list *ap) * */ -char ** ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char ** ROKEN_LIB_CALL strcollect(char *first, ...) { va_list ap; diff --git a/crypto/heimdal/lib/roken/strdup.c b/crypto/heimdal/lib/roken/strdup.c index a832120da25..ce004562f0f 100644 --- a/crypto/heimdal/lib/roken/strdup.c +++ b/crypto/heimdal/lib/roken/strdup.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,15 +31,12 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strdup.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include #ifndef HAVE_STRDUP -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strdup(const char *old) { char *t = malloc(strlen(old)+1); diff --git a/crypto/heimdal/lib/roken/strerror.c b/crypto/heimdal/lib/roken/strerror.c index ca152f46b56..b5ec6918e69 100644 --- a/crypto/heimdal/lib/roken/strerror.c +++ b/crypto/heimdal/lib/roken/strerror.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strerror.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include @@ -43,7 +40,7 @@ RCSID("$Id: strerror.c 14773 2005-04-12 11:29:18Z lha $"); extern int sys_nerr; extern char *sys_errlist[]; -char* ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char* ROKEN_LIB_CALL strerror(int eno) { static char emsg[1024]; diff --git a/crypto/heimdal/lib/roken/strerror_r.c b/crypto/heimdal/lib/roken/strerror_r.c new file mode 100644 index 00000000000..85271ecaf5c --- /dev/null +++ b/crypto/heimdal/lib/roken/strerror_r.c @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#if (!defined(HAVE_STRERROR_R) && !defined(strerror_r)) || (!defined(STRERROR_R_PROTO_COMPATIBLE) && defined(HAVE_STRERROR_R)) + +#include +#include +#include +#include "roken.h" + +#ifdef _MSC_VER + +int ROKEN_LIB_FUNCTION +rk_strerror_r(int eno, char * strerrbuf, size_t buflen) +{ + errno_t err; + + err = strerror_s(strerrbuf, buflen, eno); + if (err != 0) { + int code; + code = sprintf_s(strerrbuf, buflen, "Error % occurred.", eno); + err = ((code != 0)? errno : 0); + } + + return err; +} + +#else /* _MSC_VER */ + +int ROKEN_LIB_FUNCTION +rk_strerror_r(int eno, char *strerrbuf, size_t buflen) +{ + /* Assume is the linux broken strerror_r (returns the a buffer (char *) if the input buffer wasn't use */ +#ifdef HAVE_STRERROR_R + const char *str; + str = strerror_r(eno, strerrbuf, buflen); + if (str != strerrbuf) + if (strlcpy(strerrbuf, str, buflen) >= buflen) + return ERANGE; + return 0; +#else + int ret; + ret = strlcpy(strerrbuf, strerror(eno), buflen); + if (ret > buflen) + return ERANGE; + return 0; +#endif +} + +#endif /* !_MSC_VER */ + +#endif diff --git a/crypto/heimdal/lib/roken/strftime.c b/crypto/heimdal/lib/roken/strftime.c index b7176b60b7b..447c1554337 100644 --- a/crypto/heimdal/lib/roken/strftime.c +++ b/crypto/heimdal/lib/roken/strftime.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,15 +30,11 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif +#include "roken.h" #ifdef TEST_STRPFTIME #include "strpftime-test.h" #endif -#include "roken.h" - -RCSID("$Id: strftime.c 21896 2007-08-09 08:46:08Z lha $"); static const char *abb_weekdays[] = { "Sun", @@ -155,7 +151,7 @@ week_number_mon4 (const struct tm *tm) int wday = (tm->tm_wday + 6) % 7; int w1day = (wday - tm->tm_yday % 7 + 7) % 7; int ret; - + ret = (tm->tm_yday + w1day) / 7; if (w1day >= 4) --ret; @@ -170,7 +166,7 @@ week_number_mon4 (const struct tm *tm) * */ -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strftime (char *buf, size_t maxsize, const char *format, const struct tm *tm) { @@ -290,7 +286,7 @@ strftime (char *buf, size_t maxsize, const char *format, "%02d:%02d", tm->tm_hour, tm->tm_min); - + break; case 's' : ret = snprintf (buf, maxsize - n, "%d", (int)mktime(rk_UNCONST(tm))); @@ -358,7 +354,7 @@ strftime (char *buf, size_t maxsize, const char *format, (long)timezone #else #error Where in timezone chaos are you? -#endif +#endif ); break; case 'Z' : @@ -386,7 +382,7 @@ strftime (char *buf, size_t maxsize, const char *format, "%%%c", *format); break; } - if (ret < 0 || ret >= maxsize - n) + if (ret < 0 || ret >= (int)(maxsize - n)) return 0; n += ret; buf += ret; @@ -396,6 +392,6 @@ strftime (char *buf, size_t maxsize, const char *format, ++n; } } - *buf++ = '\0'; + *buf = '\0'; return n; } diff --git a/crypto/heimdal/lib/roken/strlcat.c b/crypto/heimdal/lib/roken/strlcat.c index 3f9c085210c..e8fe1b781c6 100644 --- a/crypto/heimdal/lib/roken/strlcat.c +++ b/crypto/heimdal/lib/roken/strlcat.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,21 +31,24 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" -RCSID("$Id: strlcat.c 14773 2005-04-12 11:29:18Z lha $"); - #ifndef HAVE_STRLCAT -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcat (char *dst, const char *src, size_t dst_sz) { - size_t len = strlen(dst); + size_t len; +#if defined(_MSC_VER) && _MSC_VER >= 1400 + len = strnlen_s(dst, dst_sz); +#elif defined(HAVE_STRNLEN) + len = strnlen(dst, dst_sz); +#else + len = strlen(dst); +#endif - if (dst_sz < len) + if (dst_sz <= len) /* the total size of dst is less than the string it contains; this could be considered bad input, but we might as well handle it */ @@ -53,4 +56,5 @@ strlcat (char *dst, const char *src, size_t dst_sz) return len + strlcpy (dst + len, src, dst_sz - len); } + #endif diff --git a/crypto/heimdal/lib/roken/strlcpy.c b/crypto/heimdal/lib/roken/strlcpy.c index 6797317bf40..0fe2b97fccb 100644 --- a/crypto/heimdal/lib/roken/strlcpy.c +++ b/crypto/heimdal/lib/roken/strlcpy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,16 +31,27 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" -RCSID("$Id: strlcpy.c 14773 2005-04-12 11:29:18Z lha $"); - #ifndef HAVE_STRLCPY -size_t ROKEN_LIB_FUNCTION +#if defined(_MSC_VER) && _MSC_VER >= 1400 + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL +strlcpy (char *dst, const char *src, size_t dst_cch) +{ + errno_t e; + + if (dst_cch > 0) + e = strncpy_s(dst, dst_cch, src, _TRUNCATE); + + return strlen (src); +} + +#else + +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strlcpy (char *dst, const char *src, size_t dst_sz) { size_t n; @@ -58,3 +69,5 @@ strlcpy (char *dst, const char *src, size_t dst_sz) } #endif + +#endif diff --git a/crypto/heimdal/lib/roken/strlwr.c b/crypto/heimdal/lib/roken/strlwr.c index 9e5e9739fc1..68bd4edad3f 100644 --- a/crypto/heimdal/lib/roken/strlwr.c +++ b/crypto/heimdal/lib/roken/strlwr.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strlwr.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include #include "roken.h" #ifndef HAVE_STRLWR -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strlwr(char *str) { char *s; diff --git a/crypto/heimdal/lib/roken/strncasecmp.c b/crypto/heimdal/lib/roken/strncasecmp.c index e534393c7d5..f244fb582f7 100644 --- a/crypto/heimdal/lib/roken/strncasecmp.c +++ b/crypto/heimdal/lib/roken/strncasecmp.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strncasecmp.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include @@ -42,10 +39,10 @@ RCSID("$Id: strncasecmp.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_STRNCASECMP -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL strncasecmp(const char *s1, const char *s2, size_t n) { - while(n > 0 + while(n > 0 && toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) { if(*s1 == '\0') diff --git a/crypto/heimdal/lib/roken/strndup.c b/crypto/heimdal/lib/roken/strndup.c index 1960fd28c2a..e67c9983a4a 100644 --- a/crypto/heimdal/lib/roken/strndup.c +++ b/crypto/heimdal/lib/roken/strndup.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strndup.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include #include "roken.h" #ifndef HAVE_STRNDUP -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strndup(const char *old, size_t sz) { size_t len = strnlen (old, sz); diff --git a/crypto/heimdal/lib/roken/strnlen.c b/crypto/heimdal/lib/roken/strnlen.c index 3ba61a58231..f26cd845143 100644 --- a/crypto/heimdal/lib/roken/strnlen.c +++ b/crypto/heimdal/lib/roken/strnlen.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strnlen.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -size_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL strnlen(const char *s, size_t len) { size_t i; diff --git a/crypto/heimdal/lib/roken/strpftime-test.c b/crypto/heimdal/lib/roken/strpftime-test.c index a1c13f3dced..8524ff5eeeb 100644 --- a/crypto/heimdal/lib/roken/strpftime-test.c +++ b/crypto/heimdal/lib/roken/strpftime-test.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,15 +30,11 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif +#include #ifdef TEST_STRPFTIME #include "strpftime-test.h" #endif -#include "roken.h" - -RCSID("$Id: strpftime-test.c 21897 2007-08-09 08:46:34Z lha $"); enum { MAXSIZE = 26 }; diff --git a/crypto/heimdal/lib/roken/strpftime-test.h b/crypto/heimdal/lib/roken/strpftime-test.h index 546e5529539..5f9b23fda9d 100644 --- a/crypto/heimdal/lib/roken/strpftime-test.h +++ b/crypto/heimdal/lib/roken/strpftime-test.h @@ -1,18 +1,18 @@ /* - * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -45,4 +45,11 @@ #define strftime test_strftime #define strptime test_strptime +ROKEN_LIB_FUNCTION size_t ROKEN_LIB_CALL +strftime (char *buf, size_t maxsize, const char *format, + const struct tm *tm); + +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL +strptime (const char *buf, const char *format, struct tm *timeptr); + #endif /* __STRFTIME_TEST_H__ */ diff --git a/crypto/heimdal/lib/roken/strpool.c b/crypto/heimdal/lib/roken/strpool.c index 6ebe0ce6c4b..6e6a737bc63 100644 --- a/crypto/heimdal/lib/roken/strpool.c +++ b/crypto/heimdal/lib/roken/strpool.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strpool.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include @@ -49,7 +46,7 @@ struct rk_strpool { * */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_strpoolfree(struct rk_strpool *p) { if (p->str) { @@ -63,7 +60,7 @@ rk_strpoolfree(struct rk_strpool *p) * */ -struct rk_strpool * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION struct rk_strpool * ROKEN_LIB_CALL rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...) { va_list ap; @@ -100,10 +97,13 @@ rk_strpoolprintf(struct rk_strpool *p, const char *fmt, ...) * */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_strpoolcollect(struct rk_strpool *p) { - char *str = p->str; + char *str; + if (p == NULL) + return strdup(""); + str = p->str; p->str = NULL; free(p); return str; diff --git a/crypto/heimdal/lib/roken/strptime.c b/crypto/heimdal/lib/roken/strptime.c index 9cd133357a5..75c27a32877 100644 --- a/crypto/heimdal/lib/roken/strptime.c +++ b/crypto/heimdal/lib/roken/strptime.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999, 2003, 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999, 2003, 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -30,16 +30,12 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif +#include "roken.h" #ifdef TEST_STRPFTIME #include "strpftime-test.h" #endif #include -#include "roken.h" - -RCSID("$Id: strptime.c 21895 2007-08-09 08:45:54Z lha $"); static const char *abb_weekdays[] = { "Sun", @@ -181,7 +177,7 @@ first_day (int year) int ret = 4; for (; year > 1970; --year) - ret = (ret + 365 + is_leap_year (year) ? 1 : 0) % 7; + ret = (ret + (is_leap_year (year) ? 366 : 365)) % 7; return ret; } @@ -241,7 +237,7 @@ set_week_number_mon4 (struct tm *timeptr, int wnum) * */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strptime (const char *buf, const char *format, struct tm *timeptr) { char c; diff --git a/crypto/heimdal/lib/roken/strsep.c b/crypto/heimdal/lib/roken/strsep.c index dd191c40229..76b447c373d 100644 --- a/crypto/heimdal/lib/roken/strsep.c +++ b/crypto/heimdal/lib/roken/strsep.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include @@ -42,7 +39,7 @@ RCSID("$Id: strsep.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_STRSEP -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strsep(char **str, const char *delim) { char *save = *str; diff --git a/crypto/heimdal/lib/roken/strsep_copy.c b/crypto/heimdal/lib/roken/strsep_copy.c index 4a0a8b05333..1228f1a4504 100644 --- a/crypto/heimdal/lib/roken/strsep_copy.c +++ b/crypto/heimdal/lib/roken/strsep_copy.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 2000, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include @@ -44,7 +41,7 @@ RCSID("$Id: strsep_copy.c 14773 2005-04-12 11:29:18Z lha $"); /* strsep, but with const stringp, so return string in buf */ -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL strsep_copy(const char **stringp, const char *delim, char *buf, size_t len) { const char *save = *stringp; @@ -52,7 +49,7 @@ strsep_copy(const char **stringp, const char *delim, char *buf, size_t len) if(save == NULL) return -1; *stringp = *stringp + strcspn(*stringp, delim); - l = min(len, *stringp - save); + l = min(len, (size_t)(*stringp - save)); if(len > 0) { memcpy(buf, save, l); buf[l] = '\0'; diff --git a/crypto/heimdal/lib/roken/strtok_r.c b/crypto/heimdal/lib/roken/strtok_r.c index fb72f5dc772..16a9daf2462 100644 --- a/crypto/heimdal/lib/roken/strtok_r.c +++ b/crypto/heimdal/lib/roken/strtok_r.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strtok_r.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include @@ -42,7 +39,7 @@ RCSID("$Id: strtok_r.c 14773 2005-04-12 11:29:18Z lha $"); #ifndef HAVE_STRTOK_R -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strtok_r(char *s1, const char *s2, char **lasts) { char *ret; diff --git a/crypto/heimdal/lib/roken/strupr.c b/crypto/heimdal/lib/roken/strupr.c index 2a5322677f5..fdff7f44a89 100644 --- a/crypto/heimdal/lib/roken/strupr.c +++ b/crypto/heimdal/lib/roken/strupr.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: strupr.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include #include #include "roken.h" #ifndef HAVE_STRUPR -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strupr(char *str) { char *s; diff --git a/crypto/heimdal/lib/roken/swab.c b/crypto/heimdal/lib/roken/swab.c index 20744ca02ff..9b8d1d1f98a 100644 --- a/crypto/heimdal/lib/roken/swab.c +++ b/crypto/heimdal/lib/roken/swab.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,12 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif #include "roken.h" #ifndef HAVE_SWAB -RCSID("$Id: swab.c 14773 2005-04-12 11:29:18Z lha $"); - -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL swab (char *from, char *to, int nbytes) { while(nbytes >= 2) { diff --git a/crypto/heimdal/lib/roken/test-mem.c b/crypto/heimdal/lib/roken/test-mem.c index d955c1a489f..2ce961e0634 100644 --- a/crypto/heimdal/lib/roken/test-mem.c +++ b/crypto/heimdal/lib/roken/test-mem.c @@ -1,39 +1,38 @@ /* - * Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -#endif + #ifdef HAVE_SYS_MMAN_H #include #endif @@ -44,8 +43,6 @@ #include "test-mem.h" -RCSID("$Id: test-mem.c 21005 2007-06-08 01:54:35Z lha $"); - /* #undef HAVE_MMAP */ struct { @@ -57,8 +54,16 @@ struct { int fd; } map; +#ifdef HAVE_SIGACTION + struct sigaction sa, osa; +#else + +void (* osigh)(int); + +#endif + char *testname; static RETSIGTYPE @@ -66,12 +71,12 @@ segv_handler(int sig) { int fd; char msg[] = "SIGSEGV i current test: "; - + fd = open("/dev/stdout", O_WRONLY, 0600); if (fd >= 0) { - write(fd, msg, sizeof(msg) - 1); - write(fd, testname, strlen(testname)); - write(fd, "\n", 1); + (void)write(fd, msg, sizeof(msg) - 1); + (void)write(fd, testname, strlen(testname)); + (void)write(fd, "\n", 1); close(fd); } _exit(1); @@ -85,13 +90,13 @@ segv_handler(int sig) errx(1, "malloc"); -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_test_mem_alloc(enum rk_test_mem_type type, const char *name, void *buf, size_t size) { #ifndef HAVE_MMAP unsigned char *p; - + TESTREC(); p = malloc(size + 2); @@ -101,7 +106,7 @@ rk_test_mem_alloc(enum rk_test_mem_type type, const char *name, map.start = p; map.size = size + 2; p[0] = 0xff; - p[map.size] = 0xff; + p[map.size-1] = 0xff; map.data_start = p + 1; #else unsigned char *p; @@ -152,6 +157,7 @@ rk_test_mem_alloc(enum rk_test_mem_type type, const char *name, abort(); } #endif +#ifdef HAVE_SIGACTION sigemptyset (&sa.sa_mask); sa.sa_flags = 0; #ifdef SA_RESETHAND @@ -159,6 +165,9 @@ rk_test_mem_alloc(enum rk_test_mem_type type, const char *name, #endif sa.sa_handler = segv_handler; sigaction (SIGSEGV, &sa, &osa); +#else + osigh = signal(SIGSEGV, segv_handler); +#endif map.data_size = size; if (buf) @@ -166,23 +175,23 @@ rk_test_mem_alloc(enum rk_test_mem_type type, const char *name, return map.data_start; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_test_mem_free(const char *map_name) { #ifndef HAVE_MMAP unsigned char *p = map.start; - + if (testname == NULL) errx(1, "test_mem_free call on no free"); if (p[0] != 0xff) errx(1, "%s: %s underrun %x\n", testname, map_name, p[0]); - if (p[map.size] != 0xff) + if (p[map.size-1] != 0xff) errx(1, "%s: %s overrun %x\n", testname, map_name, p[map.size - 1]); free(map.start); #else int ret; - + if (testname == NULL) errx(1, "test_mem_free call on no free"); @@ -195,5 +204,9 @@ rk_test_mem_free(const char *map_name) free(testname); testname = NULL; +#ifdef HAVE_SIGACTION sigaction (SIGSEGV, &osa, NULL); +#else + signal (SIGSEGV, osigh); +#endif } diff --git a/crypto/heimdal/lib/roken/test-mem.h b/crypto/heimdal/lib/roken/test-mem.h index 896222f8d76..4d900b4a6a3 100644 --- a/crypto/heimdal/lib/roken/test-mem.h +++ b/crypto/heimdal/lib/roken/test-mem.h @@ -1,39 +1,39 @@ /* - * Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ enum rk_test_mem_type { RK_TM_OVERRUN, RK_TM_UNDERRUN }; -void * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void * ROKEN_LIB_CALL rk_test_mem_alloc(enum rk_test_mem_type, const char *, void *, size_t); -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_test_mem_free(const char *); diff --git a/crypto/heimdal/lib/roken/test-readenv.c b/crypto/heimdal/lib/roken/test-readenv.c index 2cbf8166716..24a666184b9 100644 --- a/crypto/heimdal/lib/roken/test-readenv.c +++ b/crypto/heimdal/lib/roken/test-readenv.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: test-readenv.c 20868 2007-06-03 21:02:04Z lha $"); -#endif #include "roken.h" #include "test-mem.h" @@ -112,7 +109,7 @@ main(int argc, char **argv) error++; } free_environment(env); - - + + return error; } diff --git a/crypto/heimdal/lib/roken/timegm.c b/crypto/heimdal/lib/roken/timegm.c index 41eb48716d1..e6c8992ad21 100644 --- a/crypto/heimdal/lib/roken/timegm.c +++ b/crypto/heimdal/lib/roken/timegm.c @@ -1,40 +1,37 @@ /* - * Copyright (c) 1997, 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: timegm.c 18606 2006-10-19 16:19:10Z lha $"); -#endif #include "roken.h" @@ -45,7 +42,7 @@ is_leap(unsigned y) return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); } -/* +/* * XXX This is a simplifed version of timegm, it needs to support out of * bounds values. */ @@ -59,17 +56,17 @@ rk_timegm (struct tm *tm) time_t res = 0; unsigned i; - if (tm->tm_year < 0) + if (tm->tm_year < 0) return -1; - if (tm->tm_mon < 0 || tm->tm_mon > 11) + if (tm->tm_mon < 0 || tm->tm_mon > 11) return -1; if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon]) return -1; - if (tm->tm_hour < 0 || tm->tm_hour > 23) + if (tm->tm_hour < 0 || tm->tm_hour > 23) return -1; - if (tm->tm_min < 0 || tm->tm_min > 59) + if (tm->tm_min < 0 || tm->tm_min > 59) return -1; - if (tm->tm_sec < 0 || tm->tm_sec > 59) + if (tm->tm_sec < 0 || tm->tm_sec > 59) return -1; for (i = 70; i < tm->tm_year; ++i) diff --git a/crypto/heimdal/lib/roken/timeval.c b/crypto/heimdal/lib/roken/timeval.c index b72e2023f00..38b1f7ce9c3 100644 --- a/crypto/heimdal/lib/roken/timeval.c +++ b/crypto/heimdal/lib/roken/timeval.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -35,10 +35,7 @@ * Timeval stuff */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: timeval.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" @@ -46,7 +43,7 @@ RCSID("$Id: timeval.c 14773 2005-04-12 11:29:18Z lha $"); * Make `t1' consistent. */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevalfix(struct timeval *t1) { if (t1->tv_usec < 0) { @@ -58,24 +55,24 @@ timevalfix(struct timeval *t1) t1->tv_usec -= 1000000; } } - + /* * t1 += t2 */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevaladd(struct timeval *t1, const struct timeval *t2) { t1->tv_sec += t2->tv_sec; t1->tv_usec += t2->tv_usec; timevalfix(t1); } - + /* * t1 -= t2 */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL timevalsub(struct timeval *t1, const struct timeval *t2) { t1->tv_sec -= t2->tv_sec; diff --git a/crypto/heimdal/lib/roken/tm2time.c b/crypto/heimdal/lib/roken/tm2time.c index 7bcba8379ca..ba69a048793 100644 --- a/crypto/heimdal/lib/roken/tm2time.c +++ b/crypto/heimdal/lib/roken/tm2time.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: tm2time.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #ifdef TIME_WITH_SYS_TIME #include @@ -46,7 +43,7 @@ RCSID("$Id: tm2time.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include "roken.h" -time_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION time_t ROKEN_LIB_CALL tm2time (struct tm tm, int local) { time_t t; diff --git a/crypto/heimdal/lib/roken/tsearch.c b/crypto/heimdal/lib/roken/tsearch.c new file mode 100644 index 00000000000..65328d367df --- /dev/null +++ b/crypto/heimdal/lib/roken/tsearch.c @@ -0,0 +1,180 @@ +/* + * Tree search generalized from Knuth (6.2.2) Algorithm T just like + * the AT&T man page says. + * + * The node_t structure is for internal use only, lint doesn't grok it. + * + * Written by reading the System V Interface Definition, not the code. + * + * Totally public domain. + * + * $NetBSD: tsearch.c,v 1.3 1999/09/16 11:45:37 lukem Exp $ + * $NetBSD: twalk.c,v 1.1 1999/02/22 10:33:16 christos Exp $ + * $NetBSD: tdelete.c,v 1.2 1999/09/16 11:45:37 lukem Exp $ + * $NetBSD: tfind.c,v 1.2 1999/09/16 11:45:37 lukem Exp $ + */ + +#include +#include "roken.h" +#include "search.h" +#include + +typedef struct node { + char *key; + struct node *llink, *rlink; +} node_t; + +#ifndef __DECONST +#define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var)) +#endif + +/* + * find or insert datum into search tree + * + * Parameters: + * vkey: key to be located + * vrootp: address of tree root + */ + +ROKEN_LIB_FUNCTION void * +rk_tsearch(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) +{ + node_t *q; + node_t **rootp = (node_t **)vrootp; + + if (rootp == NULL) + return NULL; + + while (*rootp != NULL) { /* Knuth's T1: */ + int r; + + if ((r = (*compar)(vkey, (*rootp)->key)) == 0) /* T2: */ + return *rootp; /* we found it! */ + + rootp = (r < 0) ? + &(*rootp)->llink : /* T3: follow left branch */ + &(*rootp)->rlink; /* T4: follow right branch */ + } + + q = malloc(sizeof(node_t)); /* T5: key not found */ + if (q != 0) { /* make new node */ + *rootp = q; /* link new node to old */ + /* LINTED const castaway ok */ + q->key = __DECONST(void *, vkey); /* initialize new node */ + q->llink = q->rlink = NULL; + } + return q; +} + +/* + * Walk the nodes of a tree + * + * Parameters: + * root: Root of the tree to be walked + */ +static void +trecurse(const node_t *root, void (*action)(const void *, VISIT, int), + int level) +{ + + if (root->llink == NULL && root->rlink == NULL) + (*action)(root, leaf, level); + else { + (*action)(root, preorder, level); + if (root->llink != NULL) + trecurse(root->llink, action, level + 1); + (*action)(root, postorder, level); + if (root->rlink != NULL) + trecurse(root->rlink, action, level + 1); + (*action)(root, endorder, level); + } +} + +/* + * Walk the nodes of a tree + * + * Parameters: + * vroot: Root of the tree to be walked + */ +ROKEN_LIB_FUNCTION void +rk_twalk(const void *vroot, + void (*action)(const void *, VISIT, int)) +{ + if (vroot != NULL && action != NULL) + trecurse(vroot, action, 0); +} + +/* + * delete node with given key + * + * vkey: key to be deleted + * vrootp: address of the root of the tree + * compar: function to carry out node comparisons + */ +ROKEN_LIB_FUNCTION void * +rk_tdelete(const void * vkey, void ** vrootp, + int (*compar)(const void *, const void *)) +{ + node_t **rootp = (node_t **)vrootp; + node_t *p, *q, *r; + int cmp; + + if (rootp == NULL || (p = *rootp) == NULL) + return NULL; + + while ((cmp = (*compar)(vkey, (*rootp)->key)) != 0) { + p = *rootp; + rootp = (cmp < 0) ? + &(*rootp)->llink : /* follow llink branch */ + &(*rootp)->rlink; /* follow rlink branch */ + if (*rootp == NULL) + return NULL; /* key not found */ + } + r = (*rootp)->rlink; /* D1: */ + if ((q = (*rootp)->llink) == NULL) /* Left NULL? */ + q = r; + else if (r != NULL) { /* Right link is NULL? */ + if (r->llink == NULL) { /* D2: Find successor */ + r->llink = q; + q = r; + } else { /* D3: Find NULL link */ + for (q = r->llink; q->llink != NULL; q = r->llink) + r = q; + r->llink = q->rlink; + q->llink = (*rootp)->llink; + q->rlink = (*rootp)->rlink; + } + } + free(*rootp); /* D4: Free node */ + *rootp = q; /* link parent to new node */ + return p; +} + +/* + * find a node, or return 0 + * + * Parameters: + * vkey: key to be found + * vrootp: address of the tree root + */ +ROKEN_LIB_FUNCTION void * +rk_tfind(const void *vkey, void * const *vrootp, + int (*compar)(const void *, const void *)) +{ + node_t **rootp = (node_t **)vrootp; + + if (rootp == NULL) + return NULL; + + while (*rootp != NULL) { /* T1: */ + int r; + + if ((r = (*compar)(vkey, (*rootp)->key)) == 0) /* T2: */ + return *rootp; /* key found */ + rootp = (r < 0) ? + &(*rootp)->llink : /* T3: follow left branch */ + &(*rootp)->rlink; /* T4: follow right branch */ + } + return NULL; +} diff --git a/crypto/heimdal/lib/roken/unsetenv.c b/crypto/heimdal/lib/roken/unsetenv.c index 54cf7b77dc9..55ba5e36d9e 100644 --- a/crypto/heimdal/lib/roken/unsetenv.c +++ b/crypto/heimdal/lib/roken/unsetenv.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,22 +31,21 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: unsetenv.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #include #include "roken.h" +#if !HAVE_DECL_ENVIRON extern char **environ; +#endif /* * unsetenv -- */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL unsetenv(const char *name) { int len; @@ -59,7 +58,7 @@ unsetenv(const char *name) for (np = name; *np && *np != '='; np++) /* nop */; len = np - name; - + for (p = environ; *p != 0; p++) if (strncmp(*p, name, len) == 0 && (*p)[len] == '=') break; diff --git a/crypto/heimdal/lib/roken/unvis.c b/crypto/heimdal/lib/roken/unvis.c index 72d5f161b08..6ceda4aa2c2 100644 --- a/crypto/heimdal/lib/roken/unvis.c +++ b/crypto/heimdal/lib/roken/unvis.c @@ -30,10 +30,7 @@ */ #if 1 -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: unvis.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include "roken.h" #ifndef _DIAGASSERT #define _DIAGASSERT(X) @@ -82,16 +79,16 @@ __warn_references(unvis, #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strunvis (char *, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_unvis (char *, int, int *, int); /* * unvis - decode characters previously encoded by vis */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_unvis(char *cp, int c, int *astate, int flag) { @@ -102,7 +99,7 @@ rk_unvis(char *cp, int c, int *astate, int flag) if (*astate == S_OCTAL2 || *astate == S_OCTAL3) { *astate = S_GROUND; return (UNVIS_VALID); - } + } return (*astate == S_GROUND ? UNVIS_NOCHAR : UNVIS_SYNBAD); } @@ -113,7 +110,7 @@ rk_unvis(char *cp, int c, int *astate, int flag) if (c == '\\') { *astate = S_START; return (0); - } + } *cp = c; return (UNVIS_VALID); @@ -129,7 +126,7 @@ rk_unvis(char *cp, int c, int *astate, int flag) *astate = S_OCTAL2; return (0); case 'M': - *cp = (char)0200; + *cp = (u_char)0200; *astate = S_META; return (0); case '^': @@ -186,7 +183,7 @@ rk_unvis(char *cp, int c, int *astate, int flag) } *astate = S_GROUND; return (UNVIS_SYNBAD); - + case S_META: if (c == '-') *astate = S_META1; @@ -197,12 +194,12 @@ rk_unvis(char *cp, int c, int *astate, int flag) return (UNVIS_SYNBAD); } return (0); - + case S_META1: *astate = S_GROUND; *cp |= c; return (UNVIS_VALID); - + case S_CTRL: if (c == '?') *cp |= 0177; @@ -213,15 +210,15 @@ rk_unvis(char *cp, int c, int *astate, int flag) case S_OCTAL2: /* second possible octal digit */ if (isoctal(c)) { - /* - * yes - and maybe a third + /* + * yes - and maybe a third */ *cp = (*cp << 3) + (c - '0'); - *astate = S_OCTAL3; + *astate = S_OCTAL3; return (0); - } - /* - * no - done with current sequence, push back passed char + } + /* + * no - done with current sequence, push back passed char */ *astate = S_GROUND; return (UNVIS_VALIDPUSH); @@ -236,10 +233,10 @@ rk_unvis(char *cp, int c, int *astate, int flag) * we were done, push back passed char */ return (UNVIS_VALIDPUSH); - - default: - /* - * decoder in unknown state - (probably uninitialized) + + default: + /* + * decoder in unknown state - (probably uninitialized) */ *astate = S_GROUND; return (UNVIS_SYNBAD); @@ -247,13 +244,13 @@ rk_unvis(char *cp, int c, int *astate, int flag) } /* - * strunvis - decode src into dst + * strunvis - decode src into dst * * Number of chars decoded into dst is returned, -1 on error. * Dst is null terminated. */ -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strunvis(char *dst, const char *src) { char c; diff --git a/crypto/heimdal/lib/roken/verify.c b/crypto/heimdal/lib/roken/verify.c index 54ad814e982..fc8fc57b6f4 100644 --- a/crypto/heimdal/lib/roken/verify.c +++ b/crypto/heimdal/lib/roken/verify.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: verify.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include #ifdef HAVE_UNISTD_H @@ -45,11 +42,11 @@ RCSID("$Id: verify.c 14773 2005-04-12 11:29:18Z lha $"); #endif #include "roken.h" -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL unix_verify_user(char *user, char *password) { struct passwd *pw; - + pw = k_getpwnam(user); if(pw == NULL) return -1; diff --git a/crypto/heimdal/lib/roken/verr.c b/crypto/heimdal/lib/roken/verr.c index 3db3c1c37c0..cd3cdf35ea6 100644 --- a/crypto/heimdal/lib/roken/verr.c +++ b/crypto/heimdal/lib/roken/verr.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: verr.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" #include -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL verr(int eval, const char *fmt, va_list ap) { - warnerr(1, fmt, ap); + rk_warnerr(1, fmt, ap); exit(eval); } diff --git a/crypto/heimdal/lib/roken/verrx.c b/crypto/heimdal/lib/roken/verrx.c index a3a59d02b13..84645181c87 100644 --- a/crypto/heimdal/lib/roken/verrx.c +++ b/crypto/heimdal/lib/roken/verrx.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: verrx.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" #include -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL verrx(int eval, const char *fmt, va_list ap) { - warnerr(0, fmt, ap); + rk_warnerr(0, fmt, ap); exit(eval); } diff --git a/crypto/heimdal/lib/roken/version-script.map b/crypto/heimdal/lib/roken/version-script.map new file mode 100644 index 00000000000..9229a373cd7 --- /dev/null +++ b/crypto/heimdal/lib/roken/version-script.map @@ -0,0 +1,203 @@ +HEIMDAL_ROKEN_1.0 { + global: + arg_printusage; + arg_printusage_i18n; + base64_decode; + base64_encode; + cgetcap; + cgetclose; + cgetmatch; + cgetnum; + cgetset; + cgetustr; + ct_memcmp; + err; + errx; + free_getarg_strings; + get_default_username; + get_window_size; + getarg; + getnameinfo_verified; + hex_decode; + hex_encode; + issuid; + k_getpwnam; + k_getpwuid; + mini_inetd; + mini_inetd_addrinfo; + net_read; + net_write; + parse_bytes; + parse_flags; + parse_time; + parse_units; + print_flags_table; + print_time_table; + print_units_table; + rk_asnprintf; + rk_asprintf; + rk_bswap16; + rk_bswap32; + rk_cgetent; + rk_cgetstr; + rk_cloexec; + rk_cloexec_file; + rk_cloexec_dir; + rk_closefrom; + rk_copyhostent; + rk_dns_free_data; + rk_dns_lookup; + rk_dns_srv_order; + rk_dns_string_to_type; + rk_dns_type_to_string; + rk_dumpdata; + rk_ecalloc; + rk_emalloc; + rk_eread; + rk_erealloc; + rk_esetenv; + rk_estrdup; + rk_ewrite; + rk_flock; + rk_fnmatch; + rk_free_environment; + rk_freeaddrinfo; + rk_freehostent; + rk_freeifaddrs; + rk_gai_strerror; + rk_getaddrinfo; + rk_getifaddrs; + rk_getipnodebyaddr; + rk_getipnodebyname; + rk_getnameinfo; + rk_getprogname; + rk_glob; + rk_globfree; + rk_hex_decode; + rk_hex_encode; + rk_hostent_find_fqdn; + rk_inet_ntop; + rk_inet_pton; + rk_localtime_r; + rk_mkstemp; + rk_pid_file_delete; + rk_pid_file_write; + rk_pidfile; + rk_pipe_execv; + rk_random_init; + rk_read_environment; + rk_readv; + rk_realloc; + rk_strerror; + rk_strerror_r; + rk_setprogname; + rk_simple_execle; + rk_simple_execlp; + rk_simple_execve; + rk_simple_execve_timed; + rk_simple_execvp; + rk_simple_execvp_timed; + rk_socket; + rk_socket_addr_size; + rk_socket_get_address; + rk_socket_get_port; + rk_socket_set_address_and_port; + rk_socket_set_any; + rk_socket_set_debug; + rk_socket_set_ipv6only; + rk_socket_set_port; + rk_socket_set_portrange; + rk_socket_set_reuseaddr; + rk_socket_set_tos; + rk_socket_sockaddr_size; + rk_strcollect; + rk_strftime; + rk_strlcat; + rk_strlcpy; + rk_strlwr; + rk_strndup; + rk_strnlen; + rk_strpoolcollect; + rk_strpoolfree; + rk_strpoolprintf; + rk_strptime; + rk_strsep_copy; + rk_strsvis; + rk_strsvis; + rk_strsvisx; + rk_strunvis; + rk_strunvis; + rk_strunvisx; + rk_strupr; + rk_strvis; + rk_strvis; + rk_strvisx; + rk_strvisx; + rk_svis; + rk_svis; + rk_timegm; + rk_timevaladd; + rk_timevalfix; + rk_timevalsub; + rk_tdelete; + rk_tfind; + rk_tsearch; + rk_twalk; + rk_undumpdata; + rk_unvis; + rk_vasnprintf; + rk_vasprintf; + rk_vis; + rk_vis; + rk_vsnprintf; + rk_vstrcollect; + rk_wait_for_process; + rk_wait_for_process_timed; + rk_warnerr; + rk_xfree; + roken_concat; + roken_getaddrinfo_hostspec2; + roken_getaddrinfo_hostspec; + roken_gethostby_setup; + roken_gethostbyaddr; + roken_gethostbyname; + roken_mconcat; + roken_vconcat; + roken_vmconcat; + rtbl_add_column; + rtbl_add_column_by_id; + rtbl_add_column_entry; + rtbl_add_column_entry_by_id; + rtbl_add_column_entryv; + rtbl_add_column_entryv_by_id; + rtbl_create; + rtbl_destroy; + rtbl_format; + rtbl_get_flags; + rtbl_new_row; + rtbl_set_column_affix_by_id; + rtbl_set_column_prefix; + rtbl_set_flags; + rtbl_set_prefix; + rtbl_set_separator; + signal; + simple_execl; + tm2time; + unix_verify_user; + unparse_bytes; + unparse_bytes_short; + unparse_flags; + unparse_time; + unparse_time_approx; + unparse_units; + unparse_units_approx; + verr; + verrx; + vwarn; + vwarnx; + warn; + warnx; + writev; + local: + *; +}; diff --git a/crypto/heimdal/lib/roken/vis.c b/crypto/heimdal/lib/roken/vis.c index 1114223a297..19ff29d95ca 100644 --- a/crypto/heimdal/lib/roken/vis.c +++ b/crypto/heimdal/lib/roken/vis.c @@ -1,4 +1,4 @@ -/* $NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $ */ +/* $NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -30,7 +30,8 @@ */ /*- - * Copyright (c) 1999 The NetBSD Foundation, Inc. + * Copyright (c) 1999, 2005 The NetBSD Foundation, Inc. + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -40,47 +41,35 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ - #if 1 -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: vis.c 21005 2007-06-08 01:54:35Z lha $"); -#endif #include "roken.h" #ifndef _DIAGASSERT #define _DIAGASSERT(X) #endif -#else +#else /* heimdal */ #include -#if !defined(lint) -__RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); -#endif /* not lint */ -#endif +#if defined(LIBC_SCCS) && !defined(lint) +__RCSID("$NetBSD: vis.c,v 1.37 2008/07/25 22:29:23 dsl Exp $"); +#endif /* LIBC_SCCS and not lint */ -#if 0 #include "namespace.h" -#endif +#endif /* heimdal */ + #include #include @@ -89,6 +78,7 @@ __RCSID("$NetBSD: vis.c,v 1.4 2003/08/07 09:15:32 agc Exp $"); #include #include #include +#include #if 0 #ifdef __weak_alias @@ -101,6 +91,14 @@ __weak_alias(vis,_vis) #endif #endif +#if !HAVE_VIS || !HAVE_SVIS +#include +#include +#include +#include + +static char *do_svis(char *, int, int, int, const char *); + #undef BELL #if defined(__STDC__) #define BELL '\a' @@ -108,39 +106,64 @@ __weak_alias(vis,_vis) #define BELL '\007' #endif -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL + rk_vis (char *, int, int, int); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL + rk_svis (char *, int, int, int, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvis (char *, const char *, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvis (char *, const char *, int, const char *); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvisx (char *, const char *, size_t, int); -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strsvisx (char *, const char *, size_t, int, const char *); #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') #define iswhite(c) (c == ' ' || c == '\t' || c == '\n') #define issafe(c) (c == '\b' || c == BELL || c == '\r') +#define xtoa(c) "0123456789abcdef"[c] -#define MAXEXTRAS 5 +#define MAXEXTRAS 5 - -#define MAKEEXTRALIST(flag, extra) \ +#define MAKEEXTRALIST(flag, extra, orig_str) \ do { \ - char *pextra = extra; \ - if (flag & VIS_SP) *pextra++ = ' '; \ - if (flag & VIS_TAB) *pextra++ = '\t'; \ - if (flag & VIS_NL) *pextra++ = '\n'; \ - if ((flag & VIS_NOSLASH) == 0) *pextra++ = '\\'; \ - *pextra = '\0'; \ + const char *orig = orig_str; \ + const char *o = orig; \ + char *e; \ + while (*o++) \ + continue; \ + extra = malloc((size_t)((o - orig) + MAXEXTRAS)); \ + if (!extra) break; \ + for (o = orig, e = extra; (*e++ = *o++) != '\0';) \ + continue; \ + e--; \ + if (flag & VIS_SP) *e++ = ' '; \ + if (flag & VIS_TAB) *e++ = '\t'; \ + if (flag & VIS_NL) *e++ = '\n'; \ + if ((flag & VIS_NOSLASH) == 0) *e++ = '\\'; \ + *e = '\0'; \ } while (/*CONSTCOND*/0) /* - * This is SVIS, the central macro of vis. + * This is do_hvis, for HTTP style (RFC 1808) + */ +static char * +do_hvis(char *dst, int c, int flag, int nextc, const char *extra) +{ + if (!isascii(c) || !isalnum(c) || strchr("$-_.+!*'(),", c) != NULL) { + *dst++ = '%'; + *dst++ = xtoa(((unsigned int)c >> 4) & 0xf); + *dst++ = xtoa((unsigned int)c & 0xf); + } else { + dst = do_svis(dst, c, flag, nextc, extra); + } + return dst; +} + +/* + * This is do_vis, the central code of vis. * dst: Pointer to the destination buffer * c: Character to encode * flag: Flag word @@ -148,90 +171,103 @@ do { \ * extra: Pointer to the list of extra characters to be * backslash-protected. */ -#define SVIS(dst, c, flag, nextc, extra) \ -do { \ - int isextra, isc; \ - isextra = strchr(extra, c) != NULL; \ - if (!isextra && \ - isascii((unsigned char)c) && \ - (isgraph((unsigned char)c) || iswhite(c) || \ - ((flag & VIS_SAFE) && issafe(c)))) { \ - *dst++ = c; \ - break; \ - } \ - isc = 0; \ - if (flag & VIS_CSTYLE) { \ - switch (c) { \ - case '\n': \ - isc = 1; *dst++ = '\\'; *dst++ = 'n'; \ - break; \ - case '\r': \ - isc = 1; *dst++ = '\\'; *dst++ = 'r'; \ - break; \ - case '\b': \ - isc = 1; *dst++ = '\\'; *dst++ = 'b'; \ - break; \ - case BELL: \ - isc = 1; *dst++ = '\\'; *dst++ = 'a'; \ - break; \ - case '\v': \ - isc = 1; *dst++ = '\\'; *dst++ = 'v'; \ - break; \ - case '\t': \ - isc = 1; *dst++ = '\\'; *dst++ = 't'; \ - break; \ - case '\f': \ - isc = 1; *dst++ = '\\'; *dst++ = 'f'; \ - break; \ - case ' ': \ - isc = 1; *dst++ = '\\'; *dst++ = 's'; \ - break; \ - case '\0': \ - isc = 1; *dst++ = '\\'; *dst++ = '0'; \ - if (isoctal(nextc)) { \ - *dst++ = '0'; \ - *dst++ = '0'; \ - } \ - } \ - } \ - if (isc) break; \ - if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { \ - *dst++ = '\\'; \ - *dst++ = (u_char)(((unsigned)(u_char)c >> 6) & 03) + '0'; \ - *dst++ = (u_char)(((unsigned)(u_char)c >> 3) & 07) + '0'; \ - *dst++ = (c & 07) + '0'; \ - } else { \ - if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; \ - if (c & 0200) { \ - c &= 0177; *dst++ = 'M'; \ - } \ - if (iscntrl((unsigned char)c)) { \ - *dst++ = '^'; \ - if (c == 0177) \ - *dst++ = '?'; \ - else \ - *dst++ = c + '@'; \ - } else { \ - *dst++ = '-'; *dst++ = c; \ - } \ - } \ -} while (/*CONSTCOND*/0) +static char * +do_svis(char *dst, int c, int flag, int nextc, const char *extra) +{ + int isextra; + isextra = strchr(extra, c) != NULL; + if (!isextra && isascii(c) && (isgraph(c) || iswhite(c) || + ((flag & VIS_SAFE) && issafe(c)))) { + *dst++ = c; + return dst; + } + if (flag & VIS_CSTYLE) { + switch (c) { + case '\n': + *dst++ = '\\'; *dst++ = 'n'; + return dst; + case '\r': + *dst++ = '\\'; *dst++ = 'r'; + return dst; + case '\b': + *dst++ = '\\'; *dst++ = 'b'; + return dst; + case BELL: + *dst++ = '\\'; *dst++ = 'a'; + return dst; + case '\v': + *dst++ = '\\'; *dst++ = 'v'; + return dst; + case '\t': + *dst++ = '\\'; *dst++ = 't'; + return dst; + case '\f': + *dst++ = '\\'; *dst++ = 'f'; + return dst; + case ' ': + *dst++ = '\\'; *dst++ = 's'; + return dst; + case '\0': + *dst++ = '\\'; *dst++ = '0'; + if (isoctal(nextc)) { + *dst++ = '0'; + *dst++ = '0'; + } + return dst; + default: + if (isgraph(c)) { + *dst++ = '\\'; *dst++ = c; + return dst; + } + } + } + if (isextra || ((c & 0177) == ' ') || (flag & VIS_OCTAL)) { + *dst++ = '\\'; + *dst++ = (u_char)(((unsigned int)(u_char)c >> 6) & 03) + '0'; + *dst++ = (u_char)(((unsigned int)(u_char)c >> 3) & 07) + '0'; + *dst++ = (u_char)( c & 07) + '0'; + } else { + if ((flag & VIS_NOSLASH) == 0) *dst++ = '\\'; + if (c & 0200) { + c &= 0177; *dst++ = 'M'; + } + if (iscntrl(c)) { + *dst++ = '^'; + if (c == 0177) + *dst++ = '?'; + else + *dst++ = c + '@'; + } else { + *dst++ = '-'; *dst++ = c; + } + } + return dst; +} /* * svis - visually encode characters, also encoding the characters - * pointed to by `extra' + * pointed to by `extra' */ - -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_svis(char *dst, int c, int flag, int nextc, const char *extra) { + char *nextra = NULL; + _DIAGASSERT(dst != NULL); _DIAGASSERT(extra != NULL); - - SVIS(dst, c, flag, nextc, extra); + MAKEEXTRALIST(flag, nextra, extra); + if (!nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return dst; + } + if (flag & VIS_HTTPSTYLE) + dst = do_hvis(dst, c, flag, nextc, nextra); + else + dst = do_svis(dst, c, flag, nextc, nextra); + free(nextra); *dst = '\0'; - return(dst); + return dst; } @@ -242,94 +278,145 @@ rk_svis(char *dst, int c, int flag, int nextc, const char *extra) * be encoded, too. These functions are useful e. g. to * encode strings in such a way so that they are not interpreted * by a shell. - * + * * Dst must be 4 times the size of src to account for possible * expansion. The length of dst, not including the trailing NULL, - * is returned. + * is returned. * * Strsvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ -int ROKEN_LIB_FUNCTION -rk_strsvis(char *dst, const char *src, int flag, const char *extra) +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_strsvis(char *dst, const char *csrc, int flag, const char *extra) { - char c; + int c; char *start; + char *nextra = NULL; + const unsigned char *src = (const unsigned char *)csrc; _DIAGASSERT(dst != NULL); _DIAGASSERT(src != NULL); _DIAGASSERT(extra != NULL); - - for (start = dst; (c = *src++) != '\0'; /* empty */) - SVIS(dst, c, flag, *src, extra); - *dst = '\0'; - return (dst - start); -} - - -int ROKEN_LIB_FUNCTION -rk_strsvisx(char *dst, const char *src, size_t len, int flag, const char *extra) -{ - char c; - char *start; - - _DIAGASSERT(dst != NULL); - _DIAGASSERT(src != NULL); - _DIAGASSERT(extra != NULL); - - for (start = dst; len > 0; len--) { - c = *src++; - SVIS(dst, c, flag, len ? *src : '\0', extra); + MAKEEXTRALIST(flag, nextra, extra); + if (!nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return 0; } + if (flag & VIS_HTTPSTYLE) { + for (start = dst; (c = *src++) != '\0'; /* empty */) + dst = do_hvis(dst, c, flag, *src, nextra); + } else { + for (start = dst; (c = *src++) != '\0'; /* empty */) + dst = do_svis(dst, c, flag, *src, nextra); + } + free(nextra); *dst = '\0'; return (dst - start); } +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +rk_strsvisx(char *dst, const char *csrc, size_t len, int flag, const char *extra) +{ + unsigned char c; + char *start; + char *nextra = NULL; + const unsigned char *src = (const unsigned char *)csrc; + + _DIAGASSERT(dst != NULL); + _DIAGASSERT(src != NULL); + _DIAGASSERT(extra != NULL); + MAKEEXTRALIST(flag, nextra, extra); + if (! nextra) { + *dst = '\0'; /* can't create nextra, return "" */ + return 0; + } + + if (flag & VIS_HTTPSTYLE) { + for (start = dst; len > 0; len--) { + c = *src++; + dst = do_hvis(dst, c, flag, len ? *src : '\0', nextra); + } + } else { + for (start = dst; len > 0; len--) { + c = *src++; + dst = do_svis(dst, c, flag, len ? *src : '\0', nextra); + } + } + free(nextra); + *dst = '\0'; + return (dst - start); +} +#endif + +#if !HAVE_VIS /* * vis - visually encode characters */ -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL rk_vis(char *dst, int c, int flag, int nextc) { - char extra[MAXEXTRAS]; + char *extra = NULL; + unsigned char uc = (unsigned char)c; _DIAGASSERT(dst != NULL); - MAKEEXTRALIST(flag, extra); - SVIS(dst, c, flag, nextc, extra); + MAKEEXTRALIST(flag, extra, ""); + if (! extra) { + *dst = '\0'; /* can't create extra, return "" */ + return dst; + } + if (flag & VIS_HTTPSTYLE) + dst = do_hvis(dst, uc, flag, nextc, extra); + else + dst = do_svis(dst, uc, flag, nextc, extra); + free(extra); *dst = '\0'; - return (dst); + return dst; } /* * strvis, strvisx - visually encode characters from src into dst - * + * * Dst must be 4 times the size of src to account for possible * expansion. The length of dst, not including the trailing NULL, - * is returned. + * is returned. * * Strvisx encodes exactly len bytes from src into dst. * This is useful for encoding a block of data. */ - -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvis(char *dst, const char *src, int flag) { - char extra[MAXEXTRAS]; + char *extra = NULL; + int rv; - MAKEEXTRALIST(flag, extra); - return (rk_strsvis(dst, src, flag, extra)); + MAKEEXTRALIST(flag, extra, ""); + if (!extra) { + *dst = '\0'; /* can't create extra, return "" */ + return 0; + } + rv = strsvis(dst, src, flag, extra); + free(extra); + return rv; } -int ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_strvisx(char *dst, const char *src, size_t len, int flag) { - char extra[MAXEXTRAS]; + char *extra = NULL; + int rv; - MAKEEXTRALIST(flag, extra); - return (rk_strsvisx(dst, src, len, flag, extra)); + MAKEEXTRALIST(flag, extra, ""); + if (!extra) { + *dst = '\0'; /* can't create extra, return "" */ + return 0; + } + rv = strsvisx(dst, src, len, flag, extra); + free(extra); + return rv; } +#endif diff --git a/crypto/heimdal/lib/roken/vis.h b/crypto/heimdal/lib/roken/vis.h deleted file mode 100644 index 224870b00af..00000000000 --- a/crypto/heimdal/lib/roken/vis.h +++ /dev/null @@ -1,115 +0,0 @@ -/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ -/* $Id: vis.hin 19341 2006-12-15 11:53:09Z lha $ */ - -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)vis.h 8.1 (Berkeley) 6/2/93 - */ - -#ifndef _VIS_H_ -#define _VIS_H_ - -#ifndef ROKEN_LIB_FUNCTION -#ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall -#else -#define ROKEN_LIB_FUNCTION -#endif -#endif - -/* - * to select alternate encoding format - */ -#define VIS_OCTAL 0x01 /* use octal \ddd format */ -#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropiate */ - -/* - * to alter set of characters encoded (default is to encode all - * non-graphic except space, tab, and newline). - */ -#define VIS_SP 0x04 /* also encode space */ -#define VIS_TAB 0x08 /* also encode tab */ -#define VIS_NL 0x10 /* also encode newline */ -#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) -#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ - -/* - * other - */ -#define VIS_NOSLASH 0x40 /* inhibit printing '\' */ - -/* - * unvis return codes - */ -#define UNVIS_VALID 1 /* character valid */ -#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */ -#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */ -#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */ -#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */ - -/* - * unvis flags - */ -#define UNVIS_END 1 /* no more characters */ - -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); -int ROKEN_LIB_FUNCTION - rk_strvis (char *, const char *, int); -int ROKEN_LIB_FUNCTION - rk_strsvis (char *, const char *, int, const char *); -int ROKEN_LIB_FUNCTION - rk_strvisx (char *, const char *, size_t, int); -int ROKEN_LIB_FUNCTION - rk_strsvisx (char *, const char *, size_t, int, const char *); -int ROKEN_LIB_FUNCTION - rk_strunvis (char *, const char *); -int ROKEN_LIB_FUNCTION - rk_unvis (char *, int, int *, int); - -#undef vis -#define vis(a,b,c,d) rk_vis(a,b,c,d) -#undef svis -#define svis(a,b,c,d,e) rk_svis(a,b,c,d,e) -#undef strvis -#define strvis(a,b,c) rk_strvis(a,b,c) -#undef strsvis -#define strsvis(a,b,c,d) rk_strsvis(a,b,c,d) -#undef strvisx -#define strvisx(a,b,c,d) rk_strvisx(a,b,c,d) -#undef strsvisx -#define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e) -#undef strunvis -#define strunvis(a,b) rk_strunvis(a,b) -#undef unvis -#define unvis(a,b,c,d) rk_unvis(a,b,c,d) - -#endif /* !_VIS_H_ */ diff --git a/crypto/heimdal/lib/roken/vis.hin b/crypto/heimdal/lib/roken/vis.hin index 224870b00af..25d662a9802 100644 --- a/crypto/heimdal/lib/roken/vis.hin +++ b/crypto/heimdal/lib/roken/vis.hin @@ -1,5 +1,4 @@ -/* $NetBSD: vis.h,v 1.11 1999/11/25 16:55:50 wennmach Exp $ */ -/* $Id: vis.hin 19341 2006-12-15 11:53:09Z lha $ */ +/* $NetBSD: vis.h,v 1.16 2005/09/13 01:44:32 christos Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -37,12 +36,18 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION _stdcall +#define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL __cdecl #else #define ROKEN_LIB_FUNCTION +#define ROKEN_LIB_CALL #endif #endif +#include + +#include + /* * to select alternate encoding format */ @@ -63,6 +68,7 @@ * other */ #define VIS_NOSLASH 0x40 /* inhibit printing '\' */ +#define VIS_HTTPSTYLE 0x80 /* http-style escape % HEX HEX */ /* * unvis return codes @@ -78,38 +84,68 @@ */ #define UNVIS_END 1 /* no more characters */ -char ROKEN_LIB_FUNCTION - *rk_vis (char *, int, int, int); -char ROKEN_LIB_FUNCTION - *rk_svis (char *, int, int, int, const char *); -int ROKEN_LIB_FUNCTION - rk_strvis (char *, const char *, int); -int ROKEN_LIB_FUNCTION - rk_strsvis (char *, const char *, int, const char *); -int ROKEN_LIB_FUNCTION - rk_strvisx (char *, const char *, size_t, int); -int ROKEN_LIB_FUNCTION - rk_strsvisx (char *, const char *, size_t, int, const char *); -int ROKEN_LIB_FUNCTION - rk_strunvis (char *, const char *); -int ROKEN_LIB_FUNCTION - rk_unvis (char *, int, int *, int); +ROKEN_CPP_START +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL + rk_vis(char *, int, int, int); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL + rk_svis(char *, int, int, int, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_strvis(char *, const char *, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_strsvis(char *, const char *, int, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_strvisx(char *, const char *, size_t, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_strsvisx(char *, const char *, size_t, int, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_strunvis(char *, const char *); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_strunvisx(char *, const char *, int); +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL + rk_unvis(char *, int, int *, int); + +ROKEN_CPP_END + +#ifndef HAVE_VIS #undef vis #define vis(a,b,c,d) rk_vis(a,b,c,d) +#endif + +#ifndef HAVE_SVIS #undef svis #define svis(a,b,c,d,e) rk_svis(a,b,c,d,e) +#endif + +#ifndef HAVE_STRVIS #undef strvis #define strvis(a,b,c) rk_strvis(a,b,c) +#endif + +#ifndef HAVE_STRSVIS #undef strsvis #define strsvis(a,b,c,d) rk_strsvis(a,b,c,d) +#endif + +#ifndef HAVE_STRVISX #undef strvisx #define strvisx(a,b,c,d) rk_strvisx(a,b,c,d) +#endif + +#ifndef HAVE_STRSVISX #undef strsvisx #define strsvisx(a,b,c,d,e) rk_strsvisx(a,b,c,d,e) +#endif + +#ifndef HAVE_STRUNVIS #undef strunvis #define strunvis(a,b) rk_strunvis(a,b) +#endif + + +#ifndef HAVE_UNVIS #undef unvis #define unvis(a,b,c,d) rk_unvis(a,b,c,d) +#endif #endif /* !_VIS_H_ */ diff --git a/crypto/heimdal/lib/roken/vsyslog.c b/crypto/heimdal/lib/roken/vsyslog.c index 690eb7dc075..aea7086d712 100644 --- a/crypto/heimdal/lib/roken/vsyslog.c +++ b/crypto/heimdal/lib/roken/vsyslog.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: vsyslog.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #ifndef HAVE_VSYSLOG @@ -61,12 +58,13 @@ simple_vsyslog(int pri, const char *fmt, va_list ap) * do like syslog but with a `va_list' */ -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int pri, const char *fmt, va_list ap) { char *fmt2; const char *p; char *p2; + int ret; int saved_errno = errno; int fmt_len = strlen (fmt); int fmt2_len = fmt_len; @@ -103,9 +101,9 @@ vsyslog(int pri, const char *fmt, va_list ap) } *p2 = '\0'; - vasprintf (&buf, fmt2, ap); + ret = vasprintf (&buf, fmt2, ap); free (fmt2); - if (buf == NULL) { + if (ret < 0 || buf == NULL) { simple_vsyslog (pri, fmt, ap); return; } diff --git a/crypto/heimdal/lib/roken/vwarn.c b/crypto/heimdal/lib/roken/vwarn.c index c25ca629ca2..8f1706d4ab5 100644 --- a/crypto/heimdal/lib/roken/vwarn.c +++ b/crypto/heimdal/lib/roken/vwarn.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: vwarn.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" #include -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vwarn(const char *fmt, va_list ap) { - warnerr(1, fmt, ap); + rk_warnerr(1, fmt, ap); } diff --git a/crypto/heimdal/lib/roken/vwarnx.c b/crypto/heimdal/lib/roken/vwarnx.c index e35c0deb09b..6fb1d8c8745 100644 --- a/crypto/heimdal/lib/roken/vwarnx.c +++ b/crypto/heimdal/lib/roken/vwarnx.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,17 +31,14 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: vwarnx.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" #include -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vwarnx(const char *fmt, va_list ap) { - warnerr(0, fmt, ap); + rk_warnerr(0, fmt, ap); } diff --git a/crypto/heimdal/lib/roken/warn.c b/crypto/heimdal/lib/roken/warn.c index 0924880e4cb..09b9cf82e72 100644 --- a/crypto/heimdal/lib/roken/warn.c +++ b/crypto/heimdal/lib/roken/warn.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: warn.c 7463 1999-12-02 16:58:55Z joda $"); -#endif #include "err.h" diff --git a/crypto/heimdal/lib/roken/warnerr.c b/crypto/heimdal/lib/roken/warnerr.c index 6dee466bc67..9e670239a1b 100644 --- a/crypto/heimdal/lib/roken/warnerr.c +++ b/crypto/heimdal/lib/roken/warnerr.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,16 +31,13 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: warnerr.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" #include "err.h" -void ROKEN_LIB_FUNCTION -warnerr(int doerrno, const char *fmt, va_list ap) +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL +rk_warnerr(int doerrno, const char *fmt, va_list ap) { int sverrno = errno; const char *progname = getprogname(); diff --git a/crypto/heimdal/lib/roken/warnx.c b/crypto/heimdal/lib/roken/warnx.c index 7e1de7acc1b..cf33939b247 100644 --- a/crypto/heimdal/lib/roken/warnx.c +++ b/crypto/heimdal/lib/roken/warnx.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: warnx.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "err.h" -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL warnx(const char *fmt, ...) { va_list ap; diff --git a/crypto/heimdal/lib/roken/write_pid.c b/crypto/heimdal/lib/roken/write_pid.c index edadf5ceb33..5059369847a 100644 --- a/crypto/heimdal/lib/roken/write_pid.c +++ b/crypto/heimdal/lib/roken/write_pid.c @@ -1,56 +1,47 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: write_pid.c 21005 2007-06-08 01:54:35Z lha $"); -#endif - -#include -#include -#include -#include "roken.h" #include "roken.h" -char * ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL pid_file_write (const char *progname) { + char *ret = NULL; FILE *fp; - char *ret; - asprintf (&ret, "%s%s.pid", _PATH_VARRUN, progname); - if (ret == NULL) + if (asprintf (&ret, "%s%s.pid", _PATH_VARRUN, progname) < 0 || ret == NULL) return NULL; fp = fopen (ret, "w"); if (fp == NULL) { @@ -62,7 +53,7 @@ pid_file_write (const char *progname) return ret; } -void ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pid_file_delete (char **filename) { if (*filename != NULL) { @@ -82,7 +73,7 @@ pidfile_cleanup(void) pid_file_delete(&pidfile_path); } -void +ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL pidfile(const char *basename) { if(pidfile_path != NULL) diff --git a/crypto/heimdal/lib/roken/writev.c b/crypto/heimdal/lib/roken/writev.c index 2500e6d28f0..80945e95da4 100644 --- a/crypto/heimdal/lib/roken/writev.c +++ b/crypto/heimdal/lib/roken/writev.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,14 +31,11 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: writev.c 14773 2005-04-12 11:29:18Z lha $"); -#endif #include "roken.h" -ssize_t ROKEN_LIB_FUNCTION +ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL writev(int d, const struct iovec *iov, int iovcnt) { ssize_t ret; diff --git a/crypto/heimdal/lib/roken/xdbm.h b/crypto/heimdal/lib/roken/xdbm.h index 618e074d1e6..c2c6c28b45e 100644 --- a/crypto/heimdal/lib/roken/xdbm.h +++ b/crypto/heimdal/lib/roken/xdbm.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: xdbm.h 10986 2002-05-17 16:02:22Z joda $ */ +/* $Id$ */ /* Generic *dbm include file */ diff --git a/crypto/heimdal/lib/45/45_locl.h b/crypto/heimdal/lib/roken/xfree.c similarity index 65% rename from crypto/heimdal/lib/45/45_locl.h rename to crypto/heimdal/lib/roken/xfree.c index 8104179d5bb..c7e30daf85e 100644 --- a/crypto/heimdal/lib/45/45_locl.h +++ b/crypto/heimdal/lib/roken/xfree.c @@ -1,52 +1,42 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifndef __45_LOCL_H__ -#define __45_LOCL_H__ - -#ifdef HAVE_CONFIG_H #include -#endif -#include -#include +#include "roken.h" -#ifdef HAVE_SYS_TIME_H -#include -#endif - -#include -#include -#include - -#endif /* __45_LOCL_H__ */ +void ROKEN_LIB_FUNCTION +rk_xfree (void *buf) +{ + free(buf); +} diff --git a/crypto/heimdal/lib/sl/ChangeLog b/crypto/heimdal/lib/sl/ChangeLog index 3937232b063..485e1dc3ff3 100644 --- a/crypto/heimdal/lib/sl/ChangeLog +++ b/crypto/heimdal/lib/sl/ChangeLog @@ -1,14 +1,18 @@ -2007-07-17 Love Hörnquist Åstrand +2008-05-05 Love Hörnquist Ã…strand + + * drop libss and make_cmds + +2007-07-17 Love Hörnquist Ã…strand * Makefile.am: roken_rename.h is a dist_ source k * Makefile.am: split source files in dist and nodist. -2007-07-10 Love Hörnquist Åstrand +2007-07-10 Love Hörnquist Ã…strand * Makefile.am: New library version. -2007-06-18 Love Hörnquist Åstrand +2007-06-18 Love Hörnquist Ã…strand * sl.c: make compile. @@ -17,25 +21,25 @@ * sl.c (sl_make_argv): use memmove since we are dealing with overlapping strings. -2007-06-09 Love Hörnquist Åstrand +2007-06-09 Love Hörnquist Ã…strand * Makefile.am: don't clean yacc/lex files in CLEANFILES, maintainers clean will do that for us. -2007-06-01 Love Hörnquist Åstrand +2007-06-01 Love Hörnquist Ã…strand * slc-gram.y (main): also fclose yyin. -2007-04-20 Love Hörnquist Åstrand +2007-04-20 Love Hörnquist Ã…strand * Makefile.am: Add dependency on slc-gram.h for slc-lex.c, breaks in disttree with make -j -2006-12-29 Love Hörnquist Åstrand +2006-12-29 Love Hörnquist Ã…strand * test_sl.c: Fix caseing for case-sensitive filesystems -2006-12-27 Love Hörnquist Åstrand +2006-12-27 Love Hörnquist Ã…strand * test_sl.c: catch test that should fail but didn't @@ -47,32 +51,32 @@ * sl.c (sl_make_argv): Add quoting support (both "" and \ style). -2006-12-05 Love Hörnquist Åstrand +2006-12-05 Love Hörnquist Ã…strand * sl.c: Use strcspn to remove \n from fgets result. Prompted by - change by Ray Lai of OpenBSD via Björn Sandell. + change by Ray Lai of OpenBSD via Björn Sandell. -2006-10-19 Love Hörnquist Åstrand +2006-10-19 Love Hörnquist Ã…strand * Makefile.am (ES): add roken_rename.h -2006-08-30 Love Hörnquist Åstrand +2006-08-30 Love Hörnquist Ã…strand * sl.c (sl_slc_help): remove return -2006-08-28 Love Hörnquist Åstrand +2006-08-28 Love Hörnquist Ã…strand * sl.h: Add sl_slc_help. * sl.c: Add sl_slc_help. -2005-07-27 Love Hörnquist Åstrand +2005-07-27 Love Hörnquist Ã…strand * slc-gram.y (gen_wrapper): use the generated version of name for function, if no function is is used, also use the generated name for the structure name. -2005-06-16 Love Hörnquist Åstrand +2005-06-16 Love Hörnquist Ã…strand * slc-gram.y: fix a merge error @@ -90,7 +94,7 @@ * slc-lex.l: Include . -2005-05-09 Love Hörnquist Åstrand +2005-05-09 Love Hörnquist Ã…strand * sl.c (sl_command_loop): new return code -2 for EOF (sl_loop): treat all return value from sl_command_loop >= 0 as ok, and @@ -100,7 +104,7 @@ * Makefile.am (LDADD): Add libsl.la. -2005-04-19 Love Hörnquist Åstrand +2005-04-19 Love Hörnquist Ã…strand * slc-gram.y: include since defines _GNU_SOURCE if needed, avoid asprintf warning @@ -109,7 +113,7 @@ * slc-gram.y: include -2005-01-09 Love Hörnquist Åstrand +2005-01-09 Love Hörnquist Ã…strand * slc-gram.y: cast argument to isalnum to unsigned char @@ -122,11 +126,11 @@ * slc-gram.y: add min_args/max_args checking -2004-06-21 Love Hörnquist Åstrand +2004-06-21 Love Hörnquist Ã…strand * slc-gram.y: pull in and to avoid warnings -2004-03-02 Love Hörnquist Åstrand +2004-03-02 Love Hörnquist Ã…strand * sl.h: make it possible to use libsl from c++ From: Mattias Amnefelt diff --git a/crypto/heimdal/lib/sl/Makefile.am b/crypto/heimdal/lib/sl/Makefile.am index 9c1b2dcebfa..c49353f8847 100644 --- a/crypto/heimdal/lib/sl/Makefile.am +++ b/crypto/heimdal/lib/sl/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am 21625 2007-07-17 07:48:26Z lha $ +# $Id$ include $(top_srcdir)/Makefile.am.common @@ -12,42 +12,28 @@ YFLAGS = -d include_HEADERS = sl.h -lib_LTLIBRARIES = libsl.la libss.la +lib_LTLIBRARIES = libsl.la libsl_la_LDFLAGS = -version-info 2:1:2 -libss_la_LDFLAGS = -version-info 1:6:1 libsl_la_LIBADD = @LIB_readline@ -libss_la_LIBADD = @LIB_readline@ @LIB_com_err@ dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h nodist_libsl_la_SOURCES = $(ES) -dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h -nodist_libss_la_SOURCES = $(ES) TESTS = test_sl check_PROGRAMS = $(TESTS) # install these? -bin_PROGRAMS = mk_cmds -noinst_PROGRAMS = slc - -mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l -mk_cmds_LDADD = libsl.la $(LDADD) +libexec_heimdal_PROGRAMS = slc slc_SOURCES = slc-gram.y slc-lex.l slc.h -ssincludedir = $(includedir)/ss -ssinclude_HEADERS = ss.h +CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c slc-lex.c -CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c +LDADD = libsl.la $(LIB_roken) -$(mk_cmds_OBJECTS): parse.h parse.c - -LDADD = \ - libsl.la \ - $(LIB_roken) \ - $(LEXLIB) +slc_LDADD = $(LEXLIB) $(LDADD) strtok_r.c: $(LN_S) $(srcdir)/../roken/strtok_r.c . @@ -61,3 +47,5 @@ getprogname.c: $(LN_S) $(srcdir)/../roken/getprogname.c . slc-lex.c: slc-gram.h + +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in index 0814375a7b9..cb44b91af15 100644 --- a/crypto/heimdal/lib/sl/Makefile.in +++ b/crypto/heimdal/lib/sl/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,18 +15,19 @@ @SET_MAKE@ -# $Id: Makefile.am 21625 2007-07-17 07:48:26Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -41,18 +43,16 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(ssinclude_HEADERS) \ - $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common ChangeLog lex.c parse.c \ - parse.h slc-gram.c slc-gram.h slc-lex.c + $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ + $(top_srcdir)/cf/Makefile.am.common ChangeLog slc-gram.c \ + slc-gram.h slc-lex.c TESTS = test_sl$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) -bin_PROGRAMS = mk_cmds$(EXEEXT) -noinst_PROGRAMS = slc$(EXEEXT) +libexec_heimdal_PROGRAMS = slc$(EXEEXT) subdir = lib/sl ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -67,7 +67,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -81,9 +81,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -91,21 +94,36 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \ - "$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" \ + "$(DESTDIR)$(libexec_heimdaldir)" "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) libsl_la_DEPENDENCIES = dist_libsl_la_OBJECTS = sl.lo @@ -116,36 +134,20 @@ libsl_la_OBJECTS = $(dist_libsl_la_OBJECTS) $(nodist_libsl_la_OBJECTS) libsl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libsl_la_LDFLAGS) \ $(LDFLAGS) -o $@ -libss_la_DEPENDENCIES = -am__objects_2 = sl.lo -dist_libss_la_OBJECTS = $(am__objects_2) ss.lo -nodist_libss_la_OBJECTS = $(am__objects_1) -libss_la_OBJECTS = $(dist_libss_la_OBJECTS) $(nodist_libss_la_OBJECTS) -libss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(libss_la_LDFLAGS) \ - $(LDFLAGS) -o $@ -binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) am__EXEEXT_1 = test_sl$(EXEEXT) -PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) -am_mk_cmds_OBJECTS = make_cmds.$(OBJEXT) parse.$(OBJEXT) lex.$(OBJEXT) -mk_cmds_OBJECTS = $(am_mk_cmds_OBJECTS) -am__DEPENDENCIES_1 = -am__DEPENDENCIES_2 = libsl.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -mk_cmds_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_2) +PROGRAMS = $(libexec_heimdal_PROGRAMS) am_slc_OBJECTS = slc-gram.$(OBJEXT) slc-lex.$(OBJEXT) slc_OBJECTS = $(am_slc_OBJECTS) -slc_LDADD = $(LDADD) -slc_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) +am__DEPENDENCIES_1 = +am__DEPENDENCIES_2 = libsl.la $(am__DEPENDENCIES_1) +slc_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) test_sl_SOURCES = test_sl.c test_sl_OBJECTS = test_sl.$(OBJEXT) test_sl_LDADD = $(LDADD) -test_sl_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +test_sl_DEPENDENCIES = libsl.la $(am__DEPENDENCIES_1) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -165,63 +167,70 @@ YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) SOURCES = $(dist_libsl_la_SOURCES) $(nodist_libsl_la_SOURCES) \ - $(dist_libss_la_SOURCES) $(nodist_libss_la_SOURCES) \ - $(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c -DIST_SOURCES = $(dist_libsl_la_SOURCES) $(dist_libss_la_SOURCES) \ - $(mk_cmds_SOURCES) $(slc_SOURCES) test_sl.c -includeHEADERS_INSTALL = $(INSTALL_HEADER) -ssincludeHEADERS_INSTALL = $(INSTALL_HEADER) -HEADERS = $(include_HEADERS) $(ssinclude_HEADERS) + $(slc_SOURCES) test_sl.c +DIST_SOURCES = $(dist_libsl_la_SOURCES) $(slc_SOURCES) test_sl.c +HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -245,10 +254,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -265,6 +275,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -280,31 +292,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -319,10 +345,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -363,69 +391,63 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) \ - $(ROKEN_RENAME) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) $(ROKEN_RENAME) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la @do_roken_rename_TRUE@ES = strtok_r.c snprintf.c strdup.c strupr.c getprogname.c include_HEADERS = sl.h -lib_LTLIBRARIES = libsl.la libss.la +lib_LTLIBRARIES = libsl.la libsl_la_LDFLAGS = -version-info 2:1:2 -libss_la_LDFLAGS = -version-info 1:6:1 libsl_la_LIBADD = @LIB_readline@ -libss_la_LIBADD = @LIB_readline@ @LIB_com_err@ dist_libsl_la_SOURCES = sl_locl.h sl.c roken_rename.h nodist_libsl_la_SOURCES = $(ES) -dist_libss_la_SOURCES = $(dist_libsl_la_SOURCES) ss.c ss.h -nodist_libss_la_SOURCES = $(ES) -mk_cmds_SOURCES = make_cmds.c make_cmds.h parse.y lex.l -mk_cmds_LDADD = libsl.la $(LDADD) slc_SOURCES = slc-gram.y slc-lex.l slc.h -ssincludedir = $(includedir)/ss -ssinclude_HEADERS = ss.h -CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c -LDADD = \ - libsl.la \ - $(LIB_roken) \ - $(LEXLIB) - +CLEANFILES = snprintf.c strtok_r.c strdup.c strupr.c getprogname.c slc-lex.c +LDADD = libsl.la $(LIB_roken) +slc_LDADD = $(LEXLIB) $(LDADD) +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/sl/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/sl/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/sl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/sl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -443,23 +465,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -472,58 +499,58 @@ clean-libLTLIBRARIES: done libsl.la: $(libsl_la_OBJECTS) $(libsl_la_DEPENDENCIES) $(libsl_la_LINK) -rpath $(libdir) $(libsl_la_OBJECTS) $(libsl_la_LIBADD) $(LIBS) -libss.la: $(libss_la_OBJECTS) $(libss_la_DEPENDENCIES) - $(libss_la_LINK) -rpath $(libdir) $(libss_la_OBJECTS) $(libss_la_LIBADD) $(LIBS) -install-binPROGRAMS: $(bin_PROGRAMS) - @$(NORMAL_INSTALL) - test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \ - else :; fi; \ - done - -uninstall-binPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \ - rm -f "$(DESTDIR)$(bindir)/$$f"; \ - done - -clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +install-libexec_heimdalPROGRAMS: $(libexec_heimdal_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(libexec_heimdaldir)" || $(MKDIR_P) "$(DESTDIR)$(libexec_heimdaldir)" + @list='$(libexec_heimdal_PROGRAMS)'; test -n "$(libexec_heimdaldir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexec_heimdaldir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexec_heimdaldir)$$dir" || exit $$?; \ + } \ + ; done -clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -parse.h: parse.c - @if test ! -f $@; then \ - rm -f parse.c; \ - $(MAKE) $(AM_MAKEFLAGS) parse.c; \ - else :; fi -mk_cmds$(EXEEXT): $(mk_cmds_OBJECTS) $(mk_cmds_DEPENDENCIES) - @rm -f mk_cmds$(EXEEXT) - $(LINK) $(mk_cmds_OBJECTS) $(mk_cmds_LDADD) $(LIBS) +uninstall-libexec_heimdalPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_heimdal_PROGRAMS)'; test -n "$(libexec_heimdaldir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexec_heimdaldir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexec_heimdaldir)" && rm -f $$files + +clean-libexec_heimdalPROGRAMS: + @list='$(libexec_heimdal_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list slc-gram.h: slc-gram.c @if test ! -f $@; then \ rm -f slc-gram.c; \ @@ -542,14 +569,36 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getprogname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/slc-gram.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/slc-lex.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/snprintf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strdup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strtok_r.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strupr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_sl.Po@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .l.c: $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) @@ -565,90 +614,81 @@ clean-libtool: install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done -install-ssincludeHEADERS: $(ssinclude_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(ssincludedir)" || $(MKDIR_P) "$(DESTDIR)$(ssincludedir)" - @list='$(ssinclude_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(ssincludeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(ssincludedir)/$$f'"; \ - $(ssincludeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(ssincludedir)/$$f"; \ - done - -uninstall-ssincludeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(ssinclude_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(ssincludedir)/$$f'"; \ - rm -f "$(DESTDIR)$(ssincludedir)/$$f"; \ - done + @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ + $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ @@ -657,49 +697,63 @@ check-TESTS: $(TESTS) if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ + col=$$red; res=XPASS; \ ;; \ *) \ - echo "PASS: $$tst"; \ + col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ + *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ + col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ + col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ + col=$$blu; res=SKIP; \ fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ + banner="$$All$$all $$tests passed"; \ else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ + banner="$$failed of $$all $$tests failed"; \ else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ @@ -710,11 +764,15 @@ check-TESTS: $(TESTS) dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ + echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi @@ -734,13 +792,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -752,10 +814,8 @@ check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local -install-binPROGRAMS: install-libLTLIBRARIES - installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(ssincludedir)"; do \ + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexec_heimdaldir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -779,23 +839,21 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -rm -f lex.c - -rm -f parse.c - -rm -f parse.h -rm -f slc-gram.c -rm -f slc-gram.h -rm -f slc-lex.c clean: clean-am -clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \ - clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ - mostlyclean-am +clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \ + clean-libexec_heimdalPROGRAMS clean-libtool mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -806,33 +864,45 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: -install-data-am: install-includeHEADERS install-ssincludeHEADERS +install-data-am: install-includeHEADERS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am -install-exec-am: install-binPROGRAMS install-libLTLIBRARIES +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES \ + install-libexec_heimdalPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -849,33 +919,31 @@ ps: ps-am ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ - uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS +uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ + uninstall-libexec_heimdalPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am .PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ - check-local clean clean-binPROGRAMS clean-checkPROGRAMS \ - clean-generic clean-libLTLIBRARIES clean-libtool \ - clean-noinstPROGRAMS ctags dist-hook distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-binPROGRAMS install-data \ - install-data-am install-data-hook install-dvi install-dvi-am \ - install-exec install-exec-am install-exec-hook install-html \ - install-html-am install-includeHEADERS install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am \ - install-ssincludeHEADERS install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + check-local clean clean-checkPROGRAMS clean-generic \ + clean-libLTLIBRARIES clean-libexec_heimdalPROGRAMS \ + clean-libtool ctags dist-hook distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-data-hook install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-hook \ + install-html install-html-am install-includeHEADERS \ + install-info install-info-am install-libLTLIBRARIES \ + install-libexec_heimdalPROGRAMS install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-hook uninstall-includeHEADERS \ - uninstall-libLTLIBRARIES uninstall-ssincludeHEADERS + tags uninstall uninstall-am uninstall-hook \ + uninstall-includeHEADERS uninstall-libLTLIBRARIES \ + uninstall-libexec_heimdalPROGRAMS install-suid-programs: @@ -946,6 +1014,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -1031,7 +1102,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -1045,8 +1116,6 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -$(mk_cmds_OBJECTS): parse.h parse.c - strtok_r.c: $(LN_S) $(srcdir)/../roken/strtok_r.c . snprintf.c: @@ -1059,6 +1128,7 @@ getprogname.c: $(LN_S) $(srcdir)/../roken/getprogname.c . slc-lex.c: slc-gram.h + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/sl/lex.c b/crypto/heimdal/lib/sl/lex.c deleted file mode 100644 index 57e6a7c4de9..00000000000 --- a/crypto/heimdal/lib/sl/lex.c +++ /dev/null @@ -1,1880 +0,0 @@ - -#line 3 "lex.c" - -#define YY_INT_ALIGNED short int - -/* A lexical scanner generated by flex */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 -#if YY_FLEX_SUBMINOR_VERSION > 0 -#define FLEX_BETA -#endif - -/* First, we deal with platform-specific or compiler-specific issues. */ - -/* begin standard C headers. */ -#include -#include -#include -#include - -/* end standard C headers. */ - -/* flex integer type definitions */ - -#ifndef FLEXINT_H -#define FLEXINT_H - -/* C99 systems have . Non-C99 systems may or may not. */ - -#if __STDC_VERSION__ >= 199901L - -/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, - * if you want the limit (max/min) macros for int types. - */ -#ifndef __STDC_LIMIT_MACROS -#define __STDC_LIMIT_MACROS 1 -#endif - -#include -typedef int8_t flex_int8_t; -typedef uint8_t flex_uint8_t; -typedef int16_t flex_int16_t; -typedef uint16_t flex_uint16_t; -typedef int32_t flex_int32_t; -typedef uint32_t flex_uint32_t; -#else -typedef signed char flex_int8_t; -typedef short int flex_int16_t; -typedef int flex_int32_t; -typedef unsigned char flex_uint8_t; -typedef unsigned short int flex_uint16_t; -typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ - -/* Limits of integral types. */ -#ifndef INT8_MIN -#define INT8_MIN (-128) -#endif -#ifndef INT16_MIN -#define INT16_MIN (-32767-1) -#endif -#ifndef INT32_MIN -#define INT32_MIN (-2147483647-1) -#endif -#ifndef INT8_MAX -#define INT8_MAX (127) -#endif -#ifndef INT16_MAX -#define INT16_MAX (32767) -#endif -#ifndef INT32_MAX -#define INT32_MAX (2147483647) -#endif -#ifndef UINT8_MAX -#define UINT8_MAX (255U) -#endif -#ifndef UINT16_MAX -#define UINT16_MAX (65535U) -#endif -#ifndef UINT32_MAX -#define UINT32_MAX (4294967295U) -#endif - -#endif /* ! FLEXINT_H */ - -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN (yy_start) = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START (((yy_start) - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#ifndef YY_BUF_SIZE -#define YY_BUF_SIZE 16384 -#endif - -/* The state buf must be large enough to hold one state per character in the main buffer. - */ -#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) - -#ifndef YY_TYPEDEF_YY_BUFFER_STATE -#define YY_TYPEDEF_YY_BUFFER_STATE -typedef struct yy_buffer_state *YY_BUFFER_STATE; -#endif - -extern int yyleng; - -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - - #define YY_LESS_LINENO(n) - -/* Return all but the first "n" matched characters back to the input stream. */ -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - *yy_cp = (yy_hold_char); \ - YY_RESTORE_YY_MORE_OFFSET \ - (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, (yytext_ptr) ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; -#endif - -#ifndef YY_STRUCT_YY_BUFFER_STATE -#define YY_STRUCT_YY_BUFFER_STATE -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - int yy_bs_lineno; /**< The line count. */ - int yy_bs_column; /**< The column count. */ - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; - -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - - }; -#endif /* !YY_STRUCT_YY_BUFFER_STATE */ - -/* Stack of input buffers. */ -static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ -static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - * - * Returns the top of the stack, or NULL. - */ -#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ - ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ - : NULL) - -/* Same as previous macro, but useful when we know that the buffer stack is not - * NULL or when we need an lvalue. For internal use only. - */ -#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; -static int yy_n_chars; /* number of characters read into yy_ch_buf */ -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 0; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); - -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) - -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); - -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! YY_CURRENT_BUFFER ){ \ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! YY_CURRENT_BUFFER ){\ - yyensure_buffer_stack (); \ - YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ - } \ - YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) - -/* Begin user sect3 */ - -typedef unsigned char YY_CHAR; - -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; - -typedef int yy_state_type; - -extern int yylineno; - -int yylineno = 1; - -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ - (yy_hold_char) = *yy_cp; \ - *yy_cp = '\0'; \ - (yy_c_buf_p) = yy_cp; - -#define YY_NUM_RULES 12 -#define YY_END_OF_BUFFER 13 -/* This struct is not used in this scanner, - but its presence is necessary. */ -struct yy_trans_info - { - flex_int32_t yy_verify; - flex_int32_t yy_nxt; - }; -static yyconst flex_int16_t yy_accept[54] = - { 0, - 0, 0, 13, 11, 7, 8, 9, 6, 10, 10, - 10, 10, 10, 6, 10, 10, 10, 10, 10, 10, - 5, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 2, 10, 3, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 1, 4, 0 - } ; - -static yyconst flex_int32_t yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 4, 5, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 1, 1, 1, - 1, 1, 1, 1, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 1, 1, 1, 1, 7, 1, 8, 9, 10, 11, - - 12, 6, 6, 6, 13, 6, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 6, 25, 6, - 6, 6, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst flex_int32_t yy_meta[26] = - { 0, - 1, 1, 2, 1, 1, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3 - } ; - -static yyconst flex_int16_t yy_base[57] = - { 0, - 0, 24, 69, 70, 70, 70, 70, 0, 0, 50, - 50, 54, 48, 0, 0, 48, 52, 42, 0, 45, - 0, 36, 43, 41, 49, 44, 36, 35, 30, 24, - 29, 18, 31, 18, 28, 22, 31, 0, 21, 0, - 12, 21, 24, 14, 21, 0, 2, 4, 3, 0, - 0, 0, 70, 48, 51, 3 - } ; - -static yyconst flex_int16_t yy_def[57] = - { 0, - 54, 54, 53, 53, 53, 53, 53, 55, 56, 56, - 56, 56, 56, 55, 56, 56, 56, 56, 56, 56, - 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, - 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, - 56, 56, 56, 56, 56, 56, 56, 56, 56, 56, - 56, 56, 0, 53, 53, 53 - } ; - -static yyconst flex_int16_t yy_nxt[96] = - { 0, - 4, 5, 6, 7, 8, 15, 53, 53, 53, 10, - 52, 11, 23, 24, 51, 50, 49, 53, 53, 53, - 12, 53, 48, 13, 4, 5, 6, 7, 8, 47, - 46, 45, 44, 10, 43, 11, 42, 41, 40, 39, - 38, 37, 36, 35, 12, 34, 33, 13, 9, 9, - 9, 14, 32, 14, 31, 30, 29, 28, 27, 26, - 25, 22, 21, 20, 19, 18, 17, 16, 53, 3, - 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 53, 53, 53 - - } ; - -static yyconst flex_int16_t yy_chk[96] = - { 0, - 1, 1, 1, 1, 1, 56, 0, 0, 0, 1, - 50, 1, 19, 19, 49, 48, 47, 0, 0, 0, - 1, 0, 46, 1, 2, 2, 2, 2, 2, 45, - 44, 43, 42, 2, 41, 2, 39, 37, 36, 35, - 34, 33, 32, 31, 2, 30, 29, 2, 54, 54, - 54, 55, 28, 55, 27, 26, 25, 24, 23, 22, - 20, 18, 17, 16, 13, 12, 11, 10, 3, 53, - 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 53, 53, 53, 53, 53, 53, 53, 53, - 53, 53, 53, 53, 53 - - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -extern int yy_flex_debug; -int yy_flex_debug = 0; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "lex.l" -#line 2 "lex.l" -/* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#undef ECHO - -#include "make_cmds.h" -#include "parse.h" - -RCSID("$Id: lex.l 10703 2001-09-16 23:10:10Z assar $"); - -static unsigned lineno = 1; -static int getstring(void); - -#define YY_NO_UNPUT - -#undef ECHO - -#line 538 "lex.c" - -#define INITIAL 0 - -#ifndef YY_NO_UNISTD_H -/* Special case for "unistd.h", since it is non-ANSI. We include it way - * down here because we want the user's section 1 to have been scanned first. - * The user has a chance to override it with an option. - */ -#include -#endif - -#ifndef YY_EXTRA_TYPE -#define YY_EXTRA_TYPE void * -#endif - -static int yy_init_globals (void ); - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap (void ); -#else -extern int yywrap (void ); -#endif -#endif - - static void yyunput (int c,char *buf_ptr ); - -#ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); -#endif - -#ifndef YY_NO_INPUT - -#ifdef __cplusplus -static int yyinput (void ); -#else -static int input (void ); -#endif - -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ - size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else \ - { \ - errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ - { \ - if( errno != EINTR) \ - { \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - break; \ - } \ - errno=0; \ - clearerr(yyin); \ - } \ - }\ -\ - -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* end tables serialization structures and prototypes */ - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL_IS_OURS 1 - -extern int yylex (void); - -#define YY_DECL int yylex (void) -#endif /* !YY_DECL */ - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -/** The main scanner function which does all the work. - */ -YY_DECL -{ - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; - -#line 52 "lex.l" - -#line 693 "lex.c" - - if ( !(yy_init) ) - { - (yy_init) = 1; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! (yy_start) ) - (yy_start) = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! YY_CURRENT_BUFFER ) { - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } - - yy_load_buffer_state( ); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = (yy_c_buf_p); - - /* Support of yytext. */ - *yy_cp = (yy_hold_char); - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = (yy_start); -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 54 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 70 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - -do_action: /* This label is used only to access EOF actions. */ - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = (yy_hold_char); - yy_cp = (yy_last_accepting_cpos); - yy_current_state = (yy_last_accepting_state); - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 53 "lex.l" -{ return TABLE; } - YY_BREAK -case 2: -YY_RULE_SETUP -#line 54 "lex.l" -{ return REQUEST; } - YY_BREAK -case 3: -YY_RULE_SETUP -#line 55 "lex.l" -{ return UNKNOWN; } - YY_BREAK -case 4: -YY_RULE_SETUP -#line 56 "lex.l" -{ return UNIMPLEMENTED; } - YY_BREAK -case 5: -YY_RULE_SETUP -#line 57 "lex.l" -{ return END; } - YY_BREAK -case 6: -YY_RULE_SETUP -#line 58 "lex.l" -; - YY_BREAK -case 7: -YY_RULE_SETUP -#line 59 "lex.l" -; - YY_BREAK -case 8: -/* rule 8 can match eol */ -YY_RULE_SETUP -#line 60 "lex.l" -{ lineno++; } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 61 "lex.l" -{ return getstring(); } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 62 "lex.l" -{ yylval.string = strdup(yytext); return STRING; } - YY_BREAK -case 11: -YY_RULE_SETUP -#line 63 "lex.l" -{ return *yytext; } - YY_BREAK -case 12: -YY_RULE_SETUP -#line 64 "lex.l" -ECHO; - YY_BREAK -#line 837 "lex.c" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = (yy_hold_char); - YY_RESTORE_YY_MORE_OFFSET - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between YY_CURRENT_BUFFER and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++(yy_c_buf_p); - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = (yy_c_buf_p); - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_END_OF_FILE: - { - (yy_did_buffer_switch_on_eof) = 0; - - if ( yywrap( ) ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = - (yytext_ptr) + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - (yy_c_buf_p) = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - - yy_current_state = yy_get_previous_state( ); - - yy_cp = (yy_c_buf_p); - yy_bp = (yytext_ptr) + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ -} /* end of yylex */ - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ -static int yy_get_next_buffer (void) -{ - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); - register int number_to_move, i; - int ret_val; - - if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; - - else - { - int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - - number_to_move - 1; - - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - if ( (yy_n_chars) == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - (yy_n_chars) += number_to_move; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - - (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; - - return ret_val; -} - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - - static yy_state_type yy_get_previous_state (void) -{ - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = (yy_start); - - for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 54 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; -} - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) -{ - register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - (yy_last_accepting_state) = yy_current_state; - (yy_last_accepting_cpos) = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 54 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 53); - - return yy_is_jam ? 0 : yy_current_state; -} - - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); - - /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} - -#ifndef YY_NO_INPUT -#ifdef __cplusplus - static int yyinput (void) -#else - static int input (void) -#endif - -{ - int c; - - *(yy_c_buf_p) = (yy_hold_char); - - if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) - /* This was really a NUL. */ - *(yy_c_buf_p) = '\0'; - - else - { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart(yyin ); - - /*FALLTHROUGH*/ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap( ) ) - return 0; - - if ( ! (yy_did_buffer_switch_on_eof) ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - (yy_c_buf_p) = (yytext_ptr) + offset; - break; - } - } - } - - c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ - *(yy_c_buf_p) = '\0'; /* preserve yytext */ - (yy_hold_char) = *++(yy_c_buf_p); - - return c; -} -#endif /* ifndef YY_NO_INPUT */ - -/** Immediately switch to a different input stream. - * @param input_file A readable stream. - * - * @note This function does not reset the start condition to @c INITIAL . - */ - void yyrestart (FILE * input_file ) -{ - - if ( ! YY_CURRENT_BUFFER ){ - yyensure_buffer_stack (); - YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); - } - - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); -} - -/** Switch to a different input buffer. - * @param new_buffer The new input buffer. - * - */ - void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) -{ - - /* TODO. We should be able to replace this entire function body - * with - * yypop_buffer_state(); - * yypush_buffer_state(new_buffer); - */ - yyensure_buffer_stack (); - if ( YY_CURRENT_BUFFER == new_buffer ) - return; - - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - (yy_did_buffer_switch_on_eof) = 1; -} - -static void yy_load_buffer_state (void) -{ - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; - (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; - yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; - (yy_hold_char) = *(yy_c_buf_p); -} - -/** Allocate and initialize an input buffer state. - * @param file A readable stream. - * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. - * - * @return the allocated buffer state. - */ - YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) -{ - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer(b,file ); - - return b; -} - -/** Destroy the buffer. - * @param b a buffer created with yy_create_buffer() - * - */ - void yy_delete_buffer (YY_BUFFER_STATE b ) -{ - - if ( ! b ) - return; - - if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ - YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); - - yyfree((void *) b ); -} - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. - */ - static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) - -{ - int oerrno = errno; - - yy_flush_buffer(b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - - /* If b is the current buffer, then yy_init_buffer was _probably_ - * called from yyrestart() or through yy_get_next_buffer. - * In that case, we don't want to reset the lineno or column. - */ - if (b != YY_CURRENT_BUFFER){ - b->yy_bs_lineno = 1; - b->yy_bs_column = 0; - } - - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; - - errno = oerrno; -} - -/** Discard all buffered characters. On the next scan, YY_INPUT will be called. - * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. - * - */ - void yy_flush_buffer (YY_BUFFER_STATE b ) -{ - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); -} - -/** Pushes the new state onto the stack. The new state becomes - * the current state. This function will allocate the stack - * if necessary. - * @param new_buffer The new state. - * - */ -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) -{ - if (new_buffer == NULL) - return; - - yyensure_buffer_stack(); - - /* This block is copied from yy_switch_to_buffer. */ - if ( YY_CURRENT_BUFFER ) - { - /* Flush out information for old buffer. */ - *(yy_c_buf_p) = (yy_hold_char); - YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } - - /* Only push if top exists. Otherwise, replace top. */ - if (YY_CURRENT_BUFFER) - (yy_buffer_stack_top)++; - YY_CURRENT_BUFFER_LVALUE = new_buffer; - - /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; -} - -/** Removes and deletes the top of the stack, if present. - * The next element becomes the new top. - * - */ -void yypop_buffer_state (void) -{ - if (!YY_CURRENT_BUFFER) - return; - - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - if ((yy_buffer_stack_top) > 0) - --(yy_buffer_stack_top); - - if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); - (yy_did_buffer_switch_on_eof) = 1; - } -} - -/* Allocates the stack if it does not exist. - * Guarantees space for at least one push. - */ -static void yyensure_buffer_stack (void) -{ - int num_to_alloc; - - if (!(yy_buffer_stack)) { - - /* First allocation is just for 2 elements, since we don't know if this - * scanner will even need a stack. We use 2 instead of 1 to avoid an - * immediate realloc on the next call. - */ - num_to_alloc = 1; - (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc - (num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - - (yy_buffer_stack_max) = num_to_alloc; - (yy_buffer_stack_top) = 0; - return; - } - - if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ - - /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; - - num_to_alloc = (yy_buffer_stack_max) + grow_size; - (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc - ((yy_buffer_stack), - num_to_alloc * sizeof(struct yy_buffer_state*) - ); - - /* zero only the new slots.*/ - memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); - (yy_buffer_stack_max) = num_to_alloc; - } -} - -/** Setup the input buffer state to scan directly from a user-specified character buffer. - * @param base the character buffer - * @param size the size in bytes of the character buffer - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) -{ - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer(b ); - - return b; -} - -/** Setup the input buffer state to scan a string. The next call to yylex() will - * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan - * - * @return the newly allocated buffer state object. - * @note If you want to scan bytes that may contain NUL values, then use - * yy_scan_bytes() instead. - */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) -{ - - return yy_scan_bytes(yystr,strlen(yystr) ); -} - -/** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -{ - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < _yybytes_len; ++i ) - buf[i] = yybytes[i]; - - buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer(buf,n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; -} - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -static void yy_fatal_error (yyconst char* msg ) -{ - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); -} - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - int yyless_macro_arg = (n); \ - YY_LESS_LINENO(yyless_macro_arg);\ - yytext[yyleng] = (yy_hold_char); \ - (yy_c_buf_p) = yytext + yyless_macro_arg; \ - (yy_hold_char) = *(yy_c_buf_p); \ - *(yy_c_buf_p) = '\0'; \ - yyleng = yyless_macro_arg; \ - } \ - while ( 0 ) - -/* Accessor methods (get/set functions) to struct members. */ - -/** Get the current line number. - * - */ -int yyget_lineno (void) -{ - - return yylineno; -} - -/** Get the input stream. - * - */ -FILE *yyget_in (void) -{ - return yyin; -} - -/** Get the output stream. - * - */ -FILE *yyget_out (void) -{ - return yyout; -} - -/** Get the length of the current token. - * - */ -int yyget_leng (void) -{ - return yyleng; -} - -/** Get the current token. - * - */ - -char *yyget_text (void) -{ - return yytext; -} - -/** Set the current line number. - * @param line_number - * - */ -void yyset_lineno (int line_number ) -{ - - yylineno = line_number; -} - -/** Set the input stream. This does not discard the current - * input buffer. - * @param in_str A readable stream. - * - * @see yy_switch_to_buffer - */ -void yyset_in (FILE * in_str ) -{ - yyin = in_str ; -} - -void yyset_out (FILE * out_str ) -{ - yyout = out_str ; -} - -int yyget_debug (void) -{ - return yy_flex_debug; -} - -void yyset_debug (int bdebug ) -{ - yy_flex_debug = bdebug ; -} - -static int yy_init_globals (void) -{ - /* Initialization is the same as for the non-reentrant scanner. - * This function is called from yylex_destroy(), so don't allocate here. - */ - - (yy_buffer_stack) = 0; - (yy_buffer_stack_top) = 0; - (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; - (yy_init) = 0; - (yy_start) = 0; - -/* Defined in main.c */ -#ifdef YY_STDINIT - yyin = stdin; - yyout = stdout; -#else - yyin = (FILE *) 0; - yyout = (FILE *) 0; -#endif - - /* For future reference: Set errno on error, since we are called by - * yylex_init() - */ - return 0; -} - -/* yylex_destroy is for both reentrant and non-reentrant scanners. */ -int yylex_destroy (void) -{ - - /* Pop the buffer stack, destroying each element. */ - while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); - YY_CURRENT_BUFFER_LVALUE = NULL; - yypop_buffer_state(); - } - - /* Destroy the stack itself. */ - yyfree((yy_buffer_stack) ); - (yy_buffer_stack) = NULL; - - /* Reset the globals. This is important in a non-reentrant scanner so the next time - * yylex() is called, initialization will occur. */ - yy_init_globals( ); - - return 0; -} - -/* - * Internal utility routines. - */ - -#ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) -{ - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; -} -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) -{ - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; -} -#endif - -void *yyalloc (yy_size_t size ) -{ - return (void *) malloc( size ); -} - -void *yyrealloc (void * ptr, yy_size_t size ) -{ - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); -} - -void yyfree (void * ptr ) -{ - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ -} - -#define YYTABLES_NAME "yytables" - -#line 64 "lex.l" - - - -#ifndef yywrap /* XXX */ -int -yywrap () -{ - return 1; -} -#endif - -static int -getstring(void) -{ - char x[128]; - int i = 0; - int c; - int backslash = 0; - while((c = input()) != EOF){ - if(backslash) { - if(c == 'n') - c = '\n'; - else if(c == 't') - c = '\t'; - x[i++] = c; - backslash = 0; - continue; - } - if(c == '\n'){ - error_message("unterminated string"); - lineno++; - break; - } - if(c == '\\'){ - backslash++; - continue; - } - if(c == '\"') - break; - x[i++] = c; - } - x[i] = '\0'; - yylval.string = strdup(x); - return STRING; -} - -void -error_message (const char *format, ...) -{ - va_list args; - - va_start (args, format); - fprintf (stderr, "%s:%d: ", filename, lineno); - vfprintf (stderr, format, args); - va_end (args); - numerror++; -} - diff --git a/crypto/heimdal/lib/sl/lex.l b/crypto/heimdal/lib/sl/lex.l deleted file mode 100644 index b4f8a2cdbcf..00000000000 --- a/crypto/heimdal/lib/sl/lex.l +++ /dev/null @@ -1,119 +0,0 @@ -%{ -/* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#undef ECHO - -#include "make_cmds.h" -#include "parse.h" - -RCSID("$Id: lex.l 10703 2001-09-16 23:10:10Z assar $"); - -static unsigned lineno = 1; -static int getstring(void); - -#define YY_NO_UNPUT - -#undef ECHO - -%} - - -%% -command_table { return TABLE; } -request { return REQUEST; } -unknown { return UNKNOWN; } -unimplemented { return UNIMPLEMENTED; } -end { return END; } -#[^\n]* ; -[ \t] ; -\n { lineno++; } -\" { return getstring(); } -[a-zA-Z0-9_]+ { yylval.string = strdup(yytext); return STRING; } -. { return *yytext; } -%% - -#ifndef yywrap /* XXX */ -int -yywrap () -{ - return 1; -} -#endif - -static int -getstring(void) -{ - char x[128]; - int i = 0; - int c; - int backslash = 0; - while((c = input()) != EOF){ - if(backslash) { - if(c == 'n') - c = '\n'; - else if(c == 't') - c = '\t'; - x[i++] = c; - backslash = 0; - continue; - } - if(c == '\n'){ - error_message("unterminated string"); - lineno++; - break; - } - if(c == '\\'){ - backslash++; - continue; - } - if(c == '\"') - break; - x[i++] = c; - } - x[i] = '\0'; - yylval.string = strdup(x); - return STRING; -} - -void -error_message (const char *format, ...) -{ - va_list args; - - va_start (args, format); - fprintf (stderr, "%s:%d: ", filename, lineno); - vfprintf (stderr, format, args); - va_end (args); - numerror++; -} diff --git a/crypto/heimdal/lib/sl/make_cmds.c b/crypto/heimdal/lib/sl/make_cmds.c deleted file mode 100644 index c39be2136c9..00000000000 --- a/crypto/heimdal/lib/sl/make_cmds.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright (c) 1998-1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "make_cmds.h" -#include - -RCSID("$Id: make_cmds.c 15430 2005-06-16 19:25:45Z lha $"); - -#include -#include -#include "parse.h" - -int numerror; -extern FILE *yyin; -FILE *c_file; - -extern void yyparse(void); - -#ifdef YYDEBUG -extern int yydebug = 1; -#endif - -char *filename; -char *table_name; - -static struct command_list *commands; - -void -add_command(char *function, - char *help, - struct string_list *aliases, - unsigned flags) -{ - struct command_list *cl = malloc(sizeof(*cl)); - - if (cl == NULL) - err (1, "malloc"); - cl->function = function; - cl->help = help; - cl->aliases = aliases; - cl->flags = flags; - cl->next = NULL; - if(commands) { - *commands->tail = cl; - commands->tail = &cl->next; - return; - } - cl->tail = &cl->next; - commands = cl; -} - -static char * -quote(const char *str) -{ - char buf[1024]; /* XXX */ - const char *p; - char *q; - q = buf; - - *q++ = '\"'; - for(p = str; *p != '\0'; p++) { - if(*p == '\n') { - *q++ = '\\'; - *q++ = 'n'; - continue; - } - if(*p == '\t') { - *q++ = '\\'; - *q++ = 't'; - continue; - } - if(*p == '\"' || *p == '\\') - *q++ = '\\'; - *q++ = *p; - } - *q++ = '\"'; - *q++ = '\0'; - return strdup(buf); -} - -static void -generate_commands(void) -{ - char *base; - char *cfn; - char *p, *q; - - p = strrchr(table_name, '/'); - if(p == NULL) - p = table_name; - else - p++; - - base = strdup (p); - if (base == NULL) - err (1, "strdup"); - - p = strrchr(base, '.'); - if(p) - *p = '\0'; - - asprintf(&cfn, "%s.c", base); - if (cfn == NULL) - err (1, "asprintf"); - - c_file = fopen(cfn, "w"); - if (c_file == NULL) - err (1, "cannot fopen %s", cfn); - - fprintf(c_file, "/* Generated from %s */\n", filename); - fprintf(c_file, "\n"); - fprintf(c_file, "#include \n"); - fprintf(c_file, "#include \n"); - fprintf(c_file, "\n"); - - { - struct command_list *cl, *xl; - - for(cl = commands; cl; cl = cl->next) { - for(xl = commands; xl != cl; xl = xl->next) - if(strcmp(cl->function, xl->function) == 0) - break; - if(xl != cl) - continue; - /* XXX hack for ss_quit */ - if(strcmp(cl->function, "ss_quit") == 0) { - fprintf(c_file, "int %s (int, char**);\n", cl->function); - fprintf(c_file, "#define _ss_quit_wrap ss_quit\n\n"); - continue; - } - fprintf(c_file, "void %s (int, char**);\n", cl->function); - fprintf(c_file, "static int _%s_wrap (int argc, char **argv)\n", - cl->function); - fprintf(c_file, "{\n"); - fprintf(c_file, " %s (argc, argv);\n", cl->function); - fprintf(c_file, " return 0;\n"); - fprintf(c_file, "}\n\n"); - } - - fprintf(c_file, "SL_cmd %s[] = {\n", table_name); - for(cl = commands; cl; cl = cl->next) { - struct string_list *sl; - sl = cl->aliases; - p = quote(sl->string); - q = quote(cl->help); - fprintf(c_file, " { %s, _%s_wrap, %s },\n", p, cl->function, q); - free(p); - free(q); - - for(sl = sl->next; sl; sl = sl->next) { - p = quote(sl->string); - fprintf(c_file, " { %s },\n", p); - free(p); - } - } - fprintf(c_file, " { NULL },\n"); - fprintf(c_file, "};\n"); - fprintf(c_file, "\n"); - } - fclose(c_file); - free(base); - free(cfn); -} - -int version_flag; -int help_flag; -struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; -int num_args = sizeof(args) / sizeof(args[0]); - -static void -usage(int code) -{ - arg_printusage(args, num_args, NULL, "command-table"); - exit(code); -} - -int -main(int argc, char **argv) -{ - int optidx = 0; - - setprogname(argv[0]); - if(getarg(args, num_args, argc, argv, &optidx)) - usage(1); - if(help_flag) - usage(0); - if(version_flag) { - print_version(NULL); - exit(0); - } - - if(argc == optidx) - usage(1); - filename = argv[optidx]; - yyin = fopen(filename, "r"); - if(yyin == NULL) - err(1, "%s", filename); - - yyparse(); - - generate_commands(); - - if(numerror) - return 1; - return 0; -} diff --git a/crypto/heimdal/lib/sl/parse.c b/crypto/heimdal/lib/sl/parse.c deleted file mode 100644 index f79318dc386..00000000000 --- a/crypto/heimdal/lib/sl/parse.c +++ /dev/null @@ -1,1724 +0,0 @@ -/* A Bison parser, made by GNU Bison 2.3. */ - -/* Skeleton implementation for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* C LALR(1) parser skeleton written by Richard Stallman, by - simplifying the original so-called "semantic" parser. */ - -/* All symbols defined below should begin with yy or YY, to avoid - infringing on user name space. This should be done even for local - variables, as they might otherwise be expanded by user macros. - There are some unavoidable exceptions within include files to - define necessary library symbols; they are noted "INFRINGES ON - USER NAME SPACE" below. */ - -/* Identify Bison output. */ -#define YYBISON 1 - -/* Bison version. */ -#define YYBISON_VERSION "2.3" - -/* Skeleton name. */ -#define YYSKELETON_NAME "yacc.c" - -/* Pure parsers. */ -#define YYPURE 0 - -/* Using locations. */ -#define YYLSP_NEEDED 0 - - - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - TABLE = 258, - REQUEST = 259, - UNKNOWN = 260, - UNIMPLEMENTED = 261, - END = 262, - STRING = 263 - }; -#endif -/* Tokens. */ -#define TABLE 258 -#define REQUEST 259 -#define UNKNOWN 260 -#define UNIMPLEMENTED 261 -#define END 262 -#define STRING 263 - - - - -/* Copy the first part of user declarations. */ -#line 1 "parse.y" - -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "make_cmds.h" -RCSID("$Id: parse.y 21745 2007-07-31 16:11:25Z lha $"); - -static void yyerror (char *s); - -struct string_list* append_string(struct string_list*, char*); -void free_string_list(struct string_list *list); -unsigned string_to_flag(const char *); - -/* This is for bison */ - -#if !defined(alloca) && !defined(HAVE_ALLOCA) -#define alloca(x) malloc(x) -#endif - - - -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 0 -#endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 0 -#endif - -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE -#line 52 "parse.y" -{ - char *string; - unsigned number; - struct string_list *list; -} -/* Line 193 of yacc.c. */ -#line 169 "parse.c" - YYSTYPE; -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 -#endif - - - -/* Copy the second part of user declarations. */ - - -/* Line 216 of yacc.c. */ -#line 182 "parse.c" - -#ifdef short -# undef short -#endif - -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; -#else -typedef unsigned char yytype_uint8; -#endif - -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#elif (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -typedef signed char yytype_int8; -#else -typedef short int yytype_int8; -#endif - -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; -#else -typedef unsigned short int yytype_uint16; -#endif - -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; -#endif - -#ifndef YYSIZE_T -# ifdef __SIZE_TYPE__ -# define YYSIZE_T __SIZE_TYPE__ -# elif defined size_t -# define YYSIZE_T size_t -# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -# include /* INFRINGES ON USER NAME SPACE */ -# define YYSIZE_T size_t -# else -# define YYSIZE_T unsigned int -# endif -#endif - -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) - -#ifndef YY_ -# if defined YYENABLE_NLS && YYENABLE_NLS -# if ENABLE_NLS -# include /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) -# endif -# endif -# ifndef YY_ -# define YY_(msgid) msgid -# endif -#endif - -/* Suppress unused-variable warnings by "using" E. */ -#if ! defined lint || defined __GNUC__ -# define YYUSE(e) ((void) (e)) -#else -# define YYUSE(e) /* empty */ -#endif - -/* Identity function, used to suppress warnings about constant conditions. */ -#ifndef lint -# define YYID(n) (n) -#else -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static int -YYID (int i) -#else -static int -YYID (i) - int i; -#endif -{ - return i; -} -#endif - -#if ! defined yyoverflow || YYERROR_VERBOSE - -/* The parser invokes alloca or malloc; define the necessary symbols. */ - -# ifdef YYSTACK_USE_ALLOCA -# if YYSTACK_USE_ALLOCA -# ifdef __GNUC__ -# define YYSTACK_ALLOC __builtin_alloca -# elif defined __BUILTIN_VA_ARG_INCR -# include /* INFRINGES ON USER NAME SPACE */ -# elif defined _AIX -# define YYSTACK_ALLOC __alloca -# elif defined _MSC_VER -# include /* INFRINGES ON USER NAME SPACE */ -# define alloca _alloca -# else -# define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -# include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 -# endif -# endif -# endif -# endif -# endif - -# ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) -# ifndef YYSTACK_ALLOC_MAXIMUM - /* The OS might guarantee only one guard page at the bottom of the stack, - and a page size can be as small as 4096 bytes. So we cannot safely - invoke alloca (N) if N exceeds 4096. Use a slightly smaller number - to allow for a few compiler-allocated temporary stack slots. */ -# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ -# endif -# else -# define YYSTACK_ALLOC YYMALLOC -# define YYSTACK_FREE YYFREE -# ifndef YYSTACK_ALLOC_MAXIMUM -# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM -# endif -# if (defined __cplusplus && ! defined _STDLIB_H \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) -# include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 -# endif -# endif -# ifndef YYMALLOC -# define YYMALLOC malloc -# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# ifndef YYFREE -# define YYFREE free -# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -void free (void *); /* INFRINGES ON USER NAME SPACE */ -# endif -# endif -# endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - - -#if (! defined yyoverflow \ - && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) - -/* A type that is properly aligned for any stack member. */ -union yyalloc -{ - yytype_int16 yyss; - YYSTYPE yyvs; - }; - -/* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) - -/* The size of an array large to enough to hold all stacks, each with - N elements. */ -# define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - -/* Copy COUNT objects from FROM to TO. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(To, From, Count) \ - __builtin_memcpy (To, From, (Count) * sizeof (*(From))) -# else -# define YYCOPY(To, From, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (To)[yyi] = (From)[yyi]; \ - } \ - while (YYID (0)) -# endif -# endif - -/* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ -# define YYSTACK_RELOCATE(Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack, Stack, yysize); \ - Stack = &yyptr->Stack; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (YYID (0)) - -#endif - -/* YYFINAL -- State number of the termination state. */ -#define YYFINAL 15 -/* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 37 - -/* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 13 -/* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 7 -/* YYNRULES -- Number of rules. */ -#define YYNRULES 16 -/* YYNRULES -- Number of states. */ -#define YYNSTATES 40 - -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 -#define YYMAXUTOK 263 - -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) - -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const yytype_uint8 yytranslate[] = -{ - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 11, 12, 2, 2, 10, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 9, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6, 7, 8 -}; - -#if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const yytype_uint8 yyprhs[] = -{ - 0, 0, 3, 4, 6, 8, 11, 15, 27, 35, - 43, 47, 50, 52, 56, 58, 62 -}; - -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yytype_int8 yyrhs[] = -{ - 14, 0, -1, -1, 15, -1, 16, -1, 15, 16, - -1, 3, 8, 9, -1, 4, 8, 10, 8, 10, - 17, 10, 11, 18, 12, 9, -1, 4, 8, 10, - 8, 10, 17, 9, -1, 6, 8, 10, 8, 10, - 17, 9, -1, 5, 17, 9, -1, 7, 9, -1, - 8, -1, 17, 10, 8, -1, 19, -1, 18, 10, - 19, -1, 8, -1 -}; - -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const yytype_uint8 yyrline[] = -{ - 0, 65, 65, 66, 69, 70, 73, 77, 81, 85, - 91, 95, 101, 105, 111, 115, 120 -}; -#endif - -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE -/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ -static const char *const yytname[] = -{ - "$end", "error", "$undefined", "TABLE", "REQUEST", "UNKNOWN", - "UNIMPLEMENTED", "END", "STRING", "';'", "','", "'('", "')'", "$accept", - "file", "statements", "statement", "aliases", "flags", "flag", 0 -}; -#endif - -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const yytype_uint16 yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 59, - 44, 40, 41 -}; -# endif - -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint8 yyr1[] = -{ - 0, 13, 14, 14, 15, 15, 16, 16, 16, 16, - 16, 16, 17, 17, 18, 18, 19 -}; - -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = -{ - 0, 2, 0, 1, 1, 2, 3, 11, 7, 7, - 3, 2, 1, 3, 1, 3, 1 -}; - -/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state - STATE-NUM when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const yytype_uint8 yydefact[] = -{ - 2, 0, 0, 0, 0, 0, 0, 3, 4, 0, - 0, 12, 0, 0, 11, 1, 5, 6, 0, 10, - 0, 0, 0, 13, 0, 0, 0, 0, 0, 8, - 0, 9, 0, 16, 0, 14, 0, 0, 15, 7 -}; - -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int8 yydefgoto[] = -{ - -1, 6, 7, 8, 12, 34, 35 -}; - -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -10 -static const yytype_int8 yypact[] = -{ - -3, 0, 10, 11, 12, 13, 21, -3, -10, 14, - 15, -10, 1, 16, -10, -10, -10, -10, 19, -10, - 20, 22, 23, -10, 24, 11, 11, 3, 5, -10, - -2, -10, 27, -10, -5, -10, 27, 28, -10, -10 -}; - -/* YYPGOTO[NTERM-NUM]. */ -static const yytype_int8 yypgoto[] = -{ - -10, -10, -10, 17, -9, -10, -7 -}; - -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If zero, do what YYDEFACT says. - If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const yytype_uint8 yytable[] = -{ - 1, 2, 3, 4, 5, 36, 23, 37, 9, 32, - 19, 20, 29, 30, 31, 20, 27, 28, 10, 11, - 13, 15, 14, 17, 16, 18, 21, 22, 23, 38, - 24, 0, 0, 25, 26, 33, 0, 39 -}; - -static const yytype_int8 yycheck[] = -{ - 3, 4, 5, 6, 7, 10, 8, 12, 8, 11, - 9, 10, 9, 10, 9, 10, 25, 26, 8, 8, - 8, 0, 9, 9, 7, 10, 10, 8, 8, 36, - 8, -1, -1, 10, 10, 8, -1, 9 -}; - -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint8 yystos[] = -{ - 0, 3, 4, 5, 6, 7, 14, 15, 16, 8, - 8, 8, 17, 8, 9, 0, 16, 9, 10, 9, - 10, 10, 8, 8, 8, 10, 10, 17, 17, 9, - 10, 9, 11, 8, 18, 19, 10, 12, 19, 9 -}; - -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - - -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. */ - -#define YYFAIL goto yyerrlab - -#define YYRECOVERING() (!!yyerrstatus) - -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY && yylen == 1) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK (1); \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (YYID (0)) - - -#define YYTERROR 1 -#define YYERRCODE 256 - - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (YYID (N)) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (YYID (0)) -#endif - - -/* YY_LOCATION_PRINT -- Print the location on the stream. - This macro was not mandated originally: define only if we know - we won't break user code: when these are the locations we know. */ - -#ifndef YY_LOCATION_PRINT -# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL -# define YY_LOCATION_PRINT(File, Loc) \ - fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) -# else -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif -#endif - - -/* YYLEX -- calling `yylex' with the right arguments. */ - -#ifdef YYLEX_PARAM -# define YYLEX yylex (YYLEX_PARAM) -#else -# define YYLEX yylex () -#endif - -/* Enable debugging if requested. */ -#if YYDEBUG - -# ifndef YYFPRINTF -# include /* INFRINGES ON USER NAME SPACE */ -# define YYFPRINTF fprintf -# endif - -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (YYID (0)) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (YYID (0)) - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_value_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif -{ - if (!yyvaluep) - return; -# ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# else - YYUSE (yyoutput); -# endif - switch (yytype) - { - default: - break; - } -} - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif -{ - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); - - yy_symbol_value_print (yyoutput, yytype, yyvaluep); - YYFPRINTF (yyoutput, ")"); -} - -/*------------------------------------------------------------------. -| yy_stack_print -- Print the state stack from its BOTTOM up to its | -| TOP (included). | -`------------------------------------------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) -#else -static void -yy_stack_print (bottom, top) - yytype_int16 *bottom; - yytype_int16 *top; -#endif -{ - YYFPRINTF (stderr, "Stack now"); - for (; bottom <= top; ++bottom) - YYFPRINTF (stderr, " %d", *bottom); - YYFPRINTF (stderr, "\n"); -} - -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (YYID (0)) - - -/*------------------------------------------------. -| Report that the YYRULE is going to be reduced. | -`------------------------------------------------*/ - -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_reduce_print (YYSTYPE *yyvsp, int yyrule) -#else -static void -yy_reduce_print (yyvsp, yyrule) - YYSTYPE *yyvsp; - int yyrule; -#endif -{ - int yynrhs = yyr2[yyrule]; - int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) - { - fprintf (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); - fprintf (stderr, "\n"); - } -} - -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyvsp, Rule); \ -} while (YYID (0)) - -/* Nonzero means print parse trace. It is left uninitialized so that - multiple parsers can coexist. */ -int yydebug; -#else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) -# define YY_STACK_PRINT(Bottom, Top) -# define YY_REDUCE_PRINT(Rule) -#endif /* !YYDEBUG */ - - -/* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH -# define YYINITDEPTH 200 -#endif - -/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only - if the built-in stack extension method is used). - - Do not make this value too large; the results are undefined if - YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) - evaluated with infinite-precision integer arithmetic. */ - -#ifndef YYMAXDEPTH -# define YYMAXDEPTH 10000 -#endif - - - -#if YYERROR_VERBOSE - -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else -/* Return the length of YYSTR. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static YYSIZE_T -yystrlen (const char *yystr) -#else -static YYSIZE_T -yystrlen (yystr) - const char *yystr; -#endif -{ - YYSIZE_T yylen; - for (yylen = 0; yystr[yylen]; yylen++) - continue; - return yylen; -} -# endif -# endif - -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else -/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - YYDEST. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static char * -yystpcpy (char *yydest, const char *yysrc) -#else -static char * -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -#endif -{ - char *yyd = yydest; - const char *yys = yysrc; - - while ((*yyd++ = *yys++) != '\0') - continue; - - return yyd - 1; -} -# endif -# endif - -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) -{ - if (*yystr == '"') - { - YYSIZE_T yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; -} -# endif - -/* Copy into YYRESULT an error message about the unexpected token - YYCHAR while in state YYSTATE. Return the number of bytes copied, - including the terminating null byte. If YYRESULT is null, do not - copy anything; just return the number of bytes that would be - copied. As a special case, return 0 if an ordinary "syntax error" - message will do. Return YYSIZE_MAXIMUM if overflow occurs during - size calculation. */ -static YYSIZE_T -yysyntax_error (char *yyresult, int yystate, int yychar) -{ - int yyn = yypact[yystate]; - - if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) - return 0; - else - { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -# if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -# endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; - - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; - - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; - } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - - if (yysize_overflow) - return YYSIZE_MAXIMUM; - - if (yyresult) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yyresult; - int yyi = 0; - while ((*yyp = *yyf) != '\0') - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - } - return yysize; - } -} -#endif /* YYERROR_VERBOSE */ - - -/*-----------------------------------------------. -| Release the memory associated to this symbol. | -`-----------------------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) -#else -static void -yydestruct (yymsg, yytype, yyvaluep) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; -#endif -{ - YYUSE (yyvaluep); - - if (!yymsg) - yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); - - switch (yytype) - { - - default: - break; - } -} - - -/* Prevent warnings from -Wmissing-prototypes. */ - -#ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int yyparse (void *YYPARSE_PARAM); -#else -int yyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int yyparse (void); -#else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ - - - -/* The look-ahead symbol. */ -int yychar; - -/* The semantic value of the look-ahead symbol. */ -YYSTYPE yylval; - -/* Number of syntax errors so far. */ -int yynerrs; - - - -/*----------. -| yyparse. | -`----------*/ - -#ifdef YYPARSE_PARAM -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void *YYPARSE_PARAM) -#else -int -yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -#endif -#else /* ! YYPARSE_PARAM */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void) -#else -int -yyparse () - -#endif -#endif -{ - - int yystate; - int yyn; - int yyresult; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - /* Look-ahead token as an internal (translated) token number. */ - int yytoken = 0; -#if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; - char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif - - /* Three stacks and their tools: - `yyss': related to states, - `yyvs': related to semantic values, - `yyls': related to locations. - - Refer to the stacks thru separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ - - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss = yyssa; - yytype_int16 *yyssp; - - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs = yyvsa; - YYSTYPE *yyvsp; - - - -#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - - YYSIZE_T yystacksize = YYINITDEPTH; - - /* The variables used to return semantic value and location from the - action routines. */ - YYSTYPE yyval; - - - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; - - YYDPRINTF ((stderr, "Starting parse\n")); - - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; - yychar = YYEMPTY; /* Cause a token to be read. */ - - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - - yyssp = yyss; - yyvsp = yyvs; - - goto yysetstate; - -/*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | -`------------------------------------------------------------*/ - yynewstate: - /* In all cases, when you get here, the value and location stacks - have just been pushed. So pushing a state here evens the stacks. */ - yyssp++; - - yysetstate: - *yyssp = yystate; - - if (yyss + yystacksize - 1 <= yyssp) - { - /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; - -#ifdef yyoverflow - { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; - } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else - /* Extend the stack our own way. */ - if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; - yystacksize *= 2; - if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; - - { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss); - YYSTACK_RELOCATE (yyvs); - -# undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); - } -# endif -#endif /* no yyoverflow */ - - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - - - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); - - if (yyss + yystacksize - 1 <= yyssp) - YYABORT; - } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - - goto yybackup; - -/*-----------. -| yybackup. | -`-----------*/ -yybackup: - - /* Do appropriate processing given the current state. Read a - look-ahead token if we need one and don't already have one. */ - - /* First try to decide what to do without reference to look-ahead token. */ - yyn = yypact[yystate]; - if (yyn == YYPACT_NINF) - goto yydefault; - - /* Not known => get a look-ahead token if don't already have one. */ - - /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = YYLEX; - } - - if (yychar <= YYEOF) - { - yychar = yytoken = YYEOF; - YYDPRINTF ((stderr, "Now at end of input.\n")); - } - else - { - yytoken = YYTRANSLATE (yychar); - YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); - } - - /* If the proper action on seeing token YYTOKEN is to reduce or to - detect an error, take that action. */ - yyn += yytoken; - if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) - goto yydefault; - yyn = yytable[yyn]; - if (yyn <= 0) - { - if (yyn == 0 || yyn == YYTABLE_NINF) - goto yyerrlab; - yyn = -yyn; - goto yyreduce; - } - - if (yyn == YYFINAL) - YYACCEPT; - - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - - /* Shift the look-ahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token unless it is eof. */ - if (yychar != YYEOF) - yychar = YYEMPTY; - - yystate = yyn; - *++yyvsp = yylval; - - goto yynewstate; - - -/*-----------------------------------------------------------. -| yydefault -- do the default action for the current state. | -`-----------------------------------------------------------*/ -yydefault: - yyn = yydefact[yystate]; - if (yyn == 0) - goto yyerrlab; - goto yyreduce; - - -/*-----------------------------. -| yyreduce -- Do a reduction. | -`-----------------------------*/ -yyreduce: - /* yyn is the number of a rule to reduce with. */ - yylen = yyr2[yyn]; - - /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. - - Otherwise, the following line sets YYVAL to garbage. - This behavior is undocumented and Bison - users should not rely upon it. Assigning to YYVAL - unconditionally makes the parser a bit smaller, and it avoids a - GCC warning that YYVAL may be used uninitialized. */ - yyval = yyvsp[1-yylen]; - - - YY_REDUCE_PRINT (yyn); - switch (yyn) - { - case 6: -#line 74 "parse.y" - { - table_name = (yyvsp[(2) - (3)].string); - } - break; - - case 7: -#line 78 "parse.y" - { - add_command((yyvsp[(2) - (11)].string), (yyvsp[(4) - (11)].string), (yyvsp[(6) - (11)].list), (yyvsp[(9) - (11)].number)); - } - break; - - case 8: -#line 82 "parse.y" - { - add_command((yyvsp[(2) - (7)].string), (yyvsp[(4) - (7)].string), (yyvsp[(6) - (7)].list), 0); - } - break; - - case 9: -#line 86 "parse.y" - { - free((yyvsp[(2) - (7)].string)); - free((yyvsp[(4) - (7)].string)); - free_string_list((yyvsp[(6) - (7)].list)); - } - break; - - case 10: -#line 92 "parse.y" - { - free_string_list((yyvsp[(2) - (3)].list)); - } - break; - - case 11: -#line 96 "parse.y" - { - YYACCEPT; - } - break; - - case 12: -#line 102 "parse.y" - { - (yyval.list) = append_string(NULL, (yyvsp[(1) - (1)].string)); - } - break; - - case 13: -#line 106 "parse.y" - { - (yyval.list) = append_string((yyvsp[(1) - (3)].list), (yyvsp[(3) - (3)].string)); - } - break; - - case 14: -#line 112 "parse.y" - { - (yyval.number) = (yyvsp[(1) - (1)].number); - } - break; - - case 15: -#line 116 "parse.y" - { - (yyval.number) = (yyvsp[(1) - (3)].number) | (yyvsp[(3) - (3)].number); - } - break; - - case 16: -#line 121 "parse.y" - { - (yyval.number) = string_to_flag((yyvsp[(1) - (1)].string)); - free((yyvsp[(1) - (1)].string)); - } - break; - - -/* Line 1267 of yacc.c. */ -#line 1469 "parse.c" - default: break; - } - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); - - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - - *++yyvsp = yyval; - - - /* Now `shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; - - goto yynewstate; - - -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ -yyerrlab: - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { - ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); -#else - { - YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); - if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) - { - YYSIZE_T yyalloc = 2 * yysize; - if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) - yyalloc = YYSTACK_ALLOC_MAXIMUM; - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yyalloc); - if (yymsg) - yymsg_alloc = yyalloc; - else - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - } - } - - if (0 < yysize && yysize <= yymsg_alloc) - { - (void) yysyntax_error (yymsg, yystate, yychar); - yyerror (yymsg); - } - else - { - yyerror (YY_("syntax error")); - if (yysize != 0) - goto yyexhaustedlab; - } - } -#endif - } - - - - if (yyerrstatus == 3) - { - /* If just tried and failed to reuse look-ahead token after an - error, discard it. */ - - if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } - else - { - yydestruct ("Error: discarding", - yytoken, &yylval); - yychar = YYEMPTY; - } - } - - /* Else will try to reuse look-ahead token after shifting the error - token. */ - goto yyerrlab1; - - -/*---------------------------------------------------. -| yyerrorlab -- error raised explicitly by YYERROR. | -`---------------------------------------------------*/ -yyerrorlab: - - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule which action triggered - this YYERROR. */ - YYPOPSTACK (yylen); - yylen = 0; - YY_STACK_PRINT (yyss, yyssp); - yystate = *yyssp; - goto yyerrlab1; - - -/*-------------------------------------------------------------. -| yyerrlab1 -- common code for both syntax error and YYERROR. | -`-------------------------------------------------------------*/ -yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ - - for (;;) - { - yyn = yypact[yystate]; - if (yyn != YYPACT_NINF) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } - - /* Pop the current state because it cannot handle the error token. */ - if (yyssp == yyss) - YYABORT; - - - yydestruct ("Error: popping", - yystos[yystate], yyvsp); - YYPOPSTACK (1); - yystate = *yyssp; - YY_STACK_PRINT (yyss, yyssp); - } - - if (yyn == YYFINAL) - YYACCEPT; - - *++yyvsp = yylval; - - - /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); - - yystate = yyn; - goto yynewstate; - - -/*-------------------------------------. -| yyacceptlab -- YYACCEPT comes here. | -`-------------------------------------*/ -yyacceptlab: - yyresult = 0; - goto yyreturn; - -/*-----------------------------------. -| yyabortlab -- YYABORT comes here. | -`-----------------------------------*/ -yyabortlab: - yyresult = 1; - goto yyreturn; - -#ifndef yyoverflow -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ -yyexhaustedlab: - yyerror (YY_("memory exhausted")); - yyresult = 2; - /* Fall through. */ -#endif - -yyreturn: - if (yychar != YYEOF && yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - /* Do not reclaim the symbols of the rule which action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); - YY_STACK_PRINT (yyss, yyssp); - while (yyssp != yyss) - { - yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); - YYPOPSTACK (1); - } -#ifndef yyoverflow - if (yyss != yyssa) - YYSTACK_FREE (yyss); -#endif -#if YYERROR_VERBOSE - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); -#endif - /* Make sure YYID is used. */ - return YYID (yyresult); -} - - -#line 129 "parse.y" - - -static void -yyerror (char *s) -{ - error_message ("%s\n", s); -} - -struct string_list* -append_string(struct string_list *list, char *str) -{ - struct string_list *sl = malloc(sizeof(*sl)); - if (sl == NULL) - return sl; - sl->string = str; - sl->next = NULL; - if(list) { - *list->tail = sl; - list->tail = &sl->next; - return list; - } - sl->tail = &sl->next; - return sl; -} - -void -free_string_list(struct string_list *list) -{ - while(list) { - struct string_list *sl = list->next; - free(list->string); - free(list); - list = sl; - } -} - -unsigned -string_to_flag(const char *string) -{ - return 0; -} - diff --git a/crypto/heimdal/lib/sl/parse.h b/crypto/heimdal/lib/sl/parse.h deleted file mode 100644 index f7fef6dbefd..00000000000 --- a/crypto/heimdal/lib/sl/parse.h +++ /dev/null @@ -1,78 +0,0 @@ -/* A Bison parser, made by GNU Bison 2.3. */ - -/* Skeleton interface for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ - -/* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work - under terms of your choice, so long as that work isn't itself a - parser generator using the skeleton or a modified version thereof - as a parser skeleton. Alternatively, if you modify or redistribute - the parser skeleton itself, you may (at your option) remove this - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. - - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - TABLE = 258, - REQUEST = 259, - UNKNOWN = 260, - UNIMPLEMENTED = 261, - END = 262, - STRING = 263 - }; -#endif -/* Tokens. */ -#define TABLE 258 -#define REQUEST 259 -#define UNKNOWN 260 -#define UNIMPLEMENTED 261 -#define END 262 -#define STRING 263 - - - - -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE -#line 52 "parse.y" -{ - char *string; - unsigned number; - struct string_list *list; -} -/* Line 1529 of yacc.c. */ -#line 71 "parse.h" - YYSTYPE; -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 -#endif - -extern YYSTYPE yylval; - diff --git a/crypto/heimdal/lib/sl/parse.y b/crypto/heimdal/lib/sl/parse.y deleted file mode 100644 index b08c19306db..00000000000 --- a/crypto/heimdal/lib/sl/parse.y +++ /dev/null @@ -1,169 +0,0 @@ -%{ -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "make_cmds.h" -RCSID("$Id: parse.y 21745 2007-07-31 16:11:25Z lha $"); - -static void yyerror (char *s); - -struct string_list* append_string(struct string_list*, char*); -void free_string_list(struct string_list *list); -unsigned string_to_flag(const char *); - -/* This is for bison */ - -#if !defined(alloca) && !defined(HAVE_ALLOCA) -#define alloca(x) malloc(x) -#endif - -%} - -%union { - char *string; - unsigned number; - struct string_list *list; -} - -%token TABLE REQUEST UNKNOWN UNIMPLEMENTED END -%token STRING -%type flag flags -%type aliases - -%% - -file : /* */ - | statements - ; - -statements : statement - | statements statement - ; - -statement : TABLE STRING ';' - { - table_name = $2; - } - | REQUEST STRING ',' STRING ',' aliases ',' '(' flags ')' ';' - { - add_command($2, $4, $6, $9); - } - | REQUEST STRING ',' STRING ',' aliases ';' - { - add_command($2, $4, $6, 0); - } - | UNIMPLEMENTED STRING ',' STRING ',' aliases ';' - { - free($2); - free($4); - free_string_list($6); - } - | UNKNOWN aliases ';' - { - free_string_list($2); - } - | END ';' - { - YYACCEPT; - } - ; - -aliases : STRING - { - $$ = append_string(NULL, $1); - } - | aliases ',' STRING - { - $$ = append_string($1, $3); - } - ; - -flags : flag - { - $$ = $1; - } - | flags ',' flag - { - $$ = $1 | $3; - } - ; -flag : STRING - { - $$ = string_to_flag($1); - free($1); - } - ; - - - -%% - -static void -yyerror (char *s) -{ - error_message ("%s\n", s); -} - -struct string_list* -append_string(struct string_list *list, char *str) -{ - struct string_list *sl = malloc(sizeof(*sl)); - if (sl == NULL) - return sl; - sl->string = str; - sl->next = NULL; - if(list) { - *list->tail = sl; - list->tail = &sl->next; - return list; - } - sl->tail = &sl->next; - return sl; -} - -void -free_string_list(struct string_list *list) -{ - while(list) { - struct string_list *sl = list->next; - free(list->string); - free(list); - list = sl; - } -} - -unsigned -string_to_flag(const char *string) -{ - return 0; -} diff --git a/crypto/heimdal/lib/sl/roken_rename.h b/crypto/heimdal/lib/sl/roken_rename.h index 88ec0f82f0e..a198efcfa44 100644 --- a/crypto/heimdal/lib/sl/roken_rename.h +++ b/crypto/heimdal/lib/sl/roken_rename.h @@ -1,67 +1,67 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: roken_rename.h 9842 2001-05-06 21:47:54Z assar $ */ +/* $Id$ */ #ifndef __roken_rename_h__ #define __roken_rename_h__ #ifndef HAVE_STRTOK_R -#define strtok_r _sl_strtok_r +#define rk_strtok_r _sl_strtok_r #endif #ifndef HAVE_SNPRINTF -#define snprintf _sl_snprintf +#define rk_snprintf _sl_snprintf #endif #ifndef HAVE_ASPRINTF -#define asprintf _sl_asprintf +#define rk_asprintf _sl_asprintf #endif #ifndef HAVE_ASNPRINTF -#define asnprintf _sl_asnprintf +#define rk_asnprintf _sl_asnprintf #endif #ifndef HAVE_VASPRINTF -#define vasprintf _sl_vasprintf +#define rk_vasprintf _sl_vasprintf #endif #ifndef HAVE_VASNPRINTF -#define vasnprintf _sl_vasnprintf +#define rk_vasnprintf _sl_vasnprintf #endif #ifndef HAVE_VSNPRINTF -#define vsnprintf _sl_vsnprintf +#define rk_vsnprintf _sl_vsnprintf #endif #ifndef HAVE_STRUPR -#define strupr _sl_strupr +#define rk_strupr _sl_strupr #endif #ifndef HAVE_STRDUP -#define strdup _sl_strdup +#define rk_strdup _sl_strdup #endif #endif /* __roken_rename_h__ */ diff --git a/crypto/heimdal/lib/sl/sl.c b/crypto/heimdal/lib/sl/sl.c index 8f604e89b84..30f69436dd2 100644 --- a/crypto/heimdal/lib/sl/sl.c +++ b/crypto/heimdal/lib/sl/sl.c @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2006 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,10 +31,7 @@ * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: sl.c 21160 2007-06-18 22:58:21Z lha $"); -#endif #include "sl_locl.h" #include @@ -61,7 +58,7 @@ mandoc_template(SL_cmd *cmds, strncpy(cmd, p, sizeof(cmd)); cmd[sizeof(cmd)-1] = '\0'; strupr(cmd); - + printf(".Dt %s SECTION\n", cmd); printf(".Os OPERATING_SYSTEM\n"); printf(".Sh NAME\n"); @@ -75,7 +72,7 @@ mandoc_template(SL_cmd *cmds, continue; */ printf(".Op Fl %s", c->name); printf("\n"); - + } if (extra_string && *extra_string) printf (".Ar %s\n", extra_string); @@ -156,7 +153,7 @@ sl_help (SL_cmd *cmds, int argc, char **argv) if(prev_c) printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", prev_c->usage ? "\n" : ""); - } else { + } else { c = sl_match (cmds, argv[1], 0); if (c == NULL) printf ("No such command: %s. " @@ -224,7 +221,7 @@ sl_make_argv(char *line, int *ret_argc, char ***ret_argv) int argc, nargv; char **argv; int quote = 0; - + nargv = 10; argv = malloc(nargv * sizeof(*argv)); if(argv == NULL) @@ -302,7 +299,7 @@ static char *sl_readline(const char *prompt) return s; } -/* return values: +/* return values: * 0 on success, * -1 on fatal error, * -2 if EOF, or @@ -314,8 +311,7 @@ sl_command_loop(SL_cmd *cmds, const char *prompt, void **data) char *buf; int argc; char **argv; - - ret = 0; + buf = sl_readline(prompt); if(buf == NULL) return -2; @@ -340,7 +336,7 @@ sl_command_loop(SL_cmd *cmds, const char *prompt, void **data) return ret; } -int +int sl_loop(SL_cmd *cmds, const char *prompt) { void *data = NULL; @@ -375,8 +371,11 @@ sl_slc_help (SL_cmd *cmds, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + static char help[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = help; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/crypto/heimdal/lib/sl/sl.h b/crypto/heimdal/lib/sl/sl.h index 8798ee8628e..09225b0a537 100644 --- a/crypto/heimdal/lib/sl/sl.h +++ b/crypto/heimdal/lib/sl/sl.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: sl.h 17948 2006-08-28 14:16:43Z lha $ */ +/* $Id$ */ #ifndef _SL_H #define _SL_H @@ -41,10 +41,10 @@ typedef int (*cmd_func)(int, char **); struct sl_cmd { - char *name; + const char *name; cmd_func func; - char *usage; - char *help; + const char *usage; + const char *help; }; typedef struct sl_cmd SL_cmd; diff --git a/crypto/heimdal/lib/sl/sl_locl.h b/crypto/heimdal/lib/sl/sl_locl.h index a7bc843dc96..50eeadec1d8 100644 --- a/crypto/heimdal/lib/sl/sl_locl.h +++ b/crypto/heimdal/lib/sl/sl_locl.h @@ -1,23 +1,23 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -31,11 +31,9 @@ * SUCH DAMAGE. */ -/* $Id: sl_locl.h 19517 2006-12-27 20:27:00Z lha $ */ +/* $Id$ */ -#ifdef HAVE_CONFIG_H #include -#endif #include #include #include diff --git a/crypto/heimdal/lib/sl/slc-gram.c b/crypto/heimdal/lib/sl/slc-gram.c index 1ab243bd279..e44c7110bbd 100644 --- a/crypto/heimdal/lib/sl/slc-gram.c +++ b/crypto/heimdal/lib/sl/slc-gram.c @@ -81,42 +81,39 @@ #line 1 "slc-gram.y" /* - * Copyright (c) 2004-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $"); -#endif #include #include @@ -131,6 +128,12 @@ RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $"); extern FILE *yyin; extern struct assignment *assignment; +/* Declarations for Bison: + */ +#define YYMALLOC malloc +#define YYFREE free + + /* Enabling traces. */ #ifndef YYDEBUG @@ -152,13 +155,13 @@ extern struct assignment *assignment; #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 54 "slc-gram.y" +#line 57 "slc-gram.y" { char *string; struct assignment *assignment; } /* Line 193 of yacc.c. */ -#line 162 "slc-gram.c" +#line 165 "slc-gram.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 @@ -171,7 +174,7 @@ typedef union YYSTYPE /* Line 216 of yacc.c. */ -#line 175 "slc-gram.c" +#line 178 "slc-gram.c" #ifdef short # undef short @@ -453,7 +456,7 @@ static const yytype_int8 yyrhs[] = /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 67, 67, 73, 78, 81, 90 + 0, 70, 70, 76, 81, 84, 93 }; #endif @@ -1353,14 +1356,14 @@ yyreduce: switch (yyn) { case 2: -#line 68 "slc-gram.y" +#line 71 "slc-gram.y" { assignment = (yyvsp[(1) - (1)].assignment); } break; case 3: -#line 74 "slc-gram.y" +#line 77 "slc-gram.y" { (yyvsp[(1) - (2)].assignment)->next = (yyvsp[(2) - (2)].assignment); (yyval.assignment) = (yyvsp[(1) - (2)].assignment); @@ -1368,7 +1371,7 @@ yyreduce: break; case 5: -#line 82 "slc-gram.y" +#line 85 "slc-gram.y" { (yyval.assignment) = malloc(sizeof(*(yyval.assignment))); (yyval.assignment)->name = (yyvsp[(1) - (3)].string); @@ -1380,7 +1383,7 @@ yyreduce: break; case 6: -#line 91 "slc-gram.y" +#line 94 "slc-gram.y" { (yyval.assignment) = malloc(sizeof(*(yyval.assignment))); (yyval.assignment)->name = (yyvsp[(1) - (5)].string); @@ -1393,7 +1396,7 @@ yyreduce: /* Line 1267 of yacc.c. */ -#line 1397 "slc-gram.c" +#line 1400 "slc-gram.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1607,7 +1610,7 @@ yyreturn: } -#line 101 "slc-gram.y" +#line 104 "slc-gram.y" char *filename; FILE *cfile, *hfile; @@ -1633,6 +1636,7 @@ check_option(struct assignment *as) { struct assignment *a; int seen_long = 0; + int seen_name = 0; int seen_short = 0; int seen_type = 0; int seen_argument = 0; @@ -1645,6 +1649,8 @@ check_option(struct assignment *as) seen_long++; else if(strcmp(a->name, "short") == 0) seen_short++; + else if(strcmp(a->name, "name") == 0) + seen_name++; else if(strcmp(a->name, "type") == 0) seen_type++; else if(strcmp(a->name, "argument") == 0) @@ -1654,7 +1660,7 @@ check_option(struct assignment *as) else if(strcmp(a->name, "default") == 0) seen_default++; else { - ex(a, "unknown name"); + ex(a, "unknown name %s", a->name); ret++; } } @@ -1662,6 +1668,10 @@ check_option(struct assignment *as) ex(as, "neither long nor short option"); ret++; } + if (seen_long == 0 && seen_name == 0) { + ex(as, "either of long or name option must be used"); + ret++; + } if(seen_long > 1) { ex(as, "multiple long options"); ret++; @@ -1716,7 +1726,7 @@ check_command(struct assignment *as) } else if(strcmp(a->name, "max_args") == 0) { seen_maxargs++; } else { - ex(a, "unknown name"); + ex(a, "unknown name: %s", a->name); ret++; } } @@ -1744,7 +1754,7 @@ check_command(struct assignment *as) ex(as, "multiple max_args strings"); ret++; } - + return ret; } @@ -1866,7 +1876,7 @@ make_name(struct assignment *as) lopt = find(as, "name"); if(lopt == NULL) return NULL; - + type = find(as, "type"); if(strcmp(type->u.value, "-flag") == 0) asprintf(&s, "%s_flag", lopt->u.value); @@ -1884,10 +1894,17 @@ static void defval_int(const char *name, struct assignment *defval) else cprint(1, "opt.%s = 0;\n", name); } -static void defval_string(const char *name, struct assignment *defval) +static void defval_neg_flag(const char *name, struct assignment *defval) { if(defval != NULL) - cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value); + cprint(1, "opt.%s = %s;\n", name, defval->u.value); + else + cprint(1, "opt.%s = 1;\n", name); +} +static void defval_string(const char *name, struct assignment *defval) +{ + if(defval != NULL) + cprint(1, "opt.%s = (char *)(unsigned long)\"%s\";\n", name, defval->u.value); else cprint(1, "opt.%s = NULL;\n", name); } @@ -1936,7 +1953,7 @@ struct type_handler { { "-flag", "int", "arg_negative_flag", - defval_int, + defval_neg_flag, NULL }, { NULL } @@ -1959,13 +1976,13 @@ gen_options(struct assignment *opt1, const char *name) hprint(0, "struct %s_options {\n", name); - for(tmp = opt1; - tmp != NULL; + for(tmp = opt1; + tmp != NULL; tmp = find_next(tmp, "option")) { struct assignment *type; struct type_handler *th; char *s; - + s = make_name(tmp->u.assignment); type = find(tmp->u.assignment, "type"); th = find_handler(type); @@ -1985,19 +2002,22 @@ gen_wrapper(struct assignment *as) struct assignment *tmp; char *n, *f; int nargs = 0; + int narguments = 0; name = find(as, "name"); n = strdup(name->u.value); gen_name(n); arg = find(as, "argument"); + if (arg) + narguments++; opt1 = find(as, "option"); function = find(as, "function"); if(function) f = function->u.value; else f = n; - - + + if(opt1 != NULL) { gen_options(opt1, n); hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n); @@ -2013,8 +2033,8 @@ gen_wrapper(struct assignment *as) cprint(1, "int ret;\n"); cprint(1, "int optidx = 0;\n"); cprint(1, "struct getargs args[] = {\n"); - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { struct assignment *type = find(tmp->u.assignment, "type"); struct assignment *lopt = find(tmp->u.assignment, "long"); @@ -2023,7 +2043,7 @@ gen_wrapper(struct assignment *as) struct assignment *help = find(tmp->u.assignment, "help"); struct type_handler *th; - + cprint(2, "{ "); if(lopt) fprintf(cfile, "\"%s\", ", lopt->u.value); @@ -2040,9 +2060,10 @@ gen_wrapper(struct assignment *as) fprintf(cfile, "\"%s\", ", help->u.value); else fprintf(cfile, "NULL, "); - if(aarg) + if(aarg) { fprintf(cfile, "\"%s\"", aarg->u.value); - else + narguments++; + } else fprintf(cfile, "NULL"); fprintf(cfile, " },\n"); } @@ -2050,8 +2071,8 @@ gen_wrapper(struct assignment *as) cprint(1, "};\n"); cprint(1, "int help_flag = 0;\n"); - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; struct assignment *type = find(tmp->u.assignment, "type"); @@ -2059,15 +2080,15 @@ gen_wrapper(struct assignment *as) struct assignment *defval = find(tmp->u.assignment, "default"); struct type_handler *th; - + s = make_name(tmp->u.assignment); th = find_handler(type); (*th->defval)(s, defval); free(s); } - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; s = make_name(tmp->u.assignment); @@ -2082,7 +2103,7 @@ gen_wrapper(struct assignment *as) int min_args = -1; int max_args = -1; char *end; - if(arg == NULL) { + if(narguments == 0) { max_args = 0; } else { if((tmp = find(as, "min_args")) != NULL) { @@ -2110,7 +2131,7 @@ gen_wrapper(struct assignment *as) } if(min_args != -1 || max_args != -1) { if(min_args == max_args) { - cprint(1, "if(argc - optidx != %d) {\n", + cprint(1, "if(argc - optidx != %d) {\n", min_args); cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args); cprint(2, "goto usage;\n"); @@ -2131,16 +2152,16 @@ gen_wrapper(struct assignment *as) } } } - + cprint(1, "if(help_flag)\n"); cprint(2, "goto usage;\n"); - cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", + cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", f, opt1 ? "&opt": "NULL"); - + /* free allocated data */ - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; struct assignment *type = find(tmp->u.assignment, "type"); @@ -2155,11 +2176,11 @@ gen_wrapper(struct assignment *as) cprint(1, "return ret;\n"); cprint(0, "usage:\n"); - cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, + cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, name->u.value, arg ? arg->u.value : ""); /* free allocated data */ - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; struct assignment *type = find(tmp->u.assignment, "type"); @@ -2236,7 +2257,7 @@ main(int argc, char **argv) print_version(NULL); exit(0); } - + if(argc == optidx) usage(1); diff --git a/crypto/heimdal/lib/sl/slc-gram.h b/crypto/heimdal/lib/sl/slc-gram.h index 1d50c2a6698..b6b16419ded 100644 --- a/crypto/heimdal/lib/sl/slc-gram.h +++ b/crypto/heimdal/lib/sl/slc-gram.h @@ -52,7 +52,7 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE -#line 54 "slc-gram.y" +#line 57 "slc-gram.y" { char *string; struct assignment *assignment; diff --git a/crypto/heimdal/lib/sl/slc-gram.y b/crypto/heimdal/lib/sl/slc-gram.y index d58edfbf286..450ee25353b 100644 --- a/crypto/heimdal/lib/sl/slc-gram.y +++ b/crypto/heimdal/lib/sl/slc-gram.y @@ -1,41 +1,38 @@ %{ /* - * Copyright (c) 2004-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -#ifdef HAVE_CONFIG_H #include -RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $"); -#endif #include #include @@ -50,6 +47,12 @@ RCSID("$Id: slc-gram.y 20767 2007-06-01 11:24:52Z lha $"); extern FILE *yyin; extern struct assignment *assignment; extern int yyparse(void); + +/* Declarations for Bison: + */ +#define YYMALLOC malloc +#define YYFREE free + %} %union { @@ -124,6 +127,7 @@ check_option(struct assignment *as) { struct assignment *a; int seen_long = 0; + int seen_name = 0; int seen_short = 0; int seen_type = 0; int seen_argument = 0; @@ -136,6 +140,8 @@ check_option(struct assignment *as) seen_long++; else if(strcmp(a->name, "short") == 0) seen_short++; + else if(strcmp(a->name, "name") == 0) + seen_name++; else if(strcmp(a->name, "type") == 0) seen_type++; else if(strcmp(a->name, "argument") == 0) @@ -145,7 +151,7 @@ check_option(struct assignment *as) else if(strcmp(a->name, "default") == 0) seen_default++; else { - ex(a, "unknown name"); + ex(a, "unknown name %s", a->name); ret++; } } @@ -153,6 +159,10 @@ check_option(struct assignment *as) ex(as, "neither long nor short option"); ret++; } + if (seen_long == 0 && seen_name == 0) { + ex(as, "either of long or name option must be used"); + ret++; + } if(seen_long > 1) { ex(as, "multiple long options"); ret++; @@ -207,7 +217,7 @@ check_command(struct assignment *as) } else if(strcmp(a->name, "max_args") == 0) { seen_maxargs++; } else { - ex(a, "unknown name"); + ex(a, "unknown name: %s", a->name); ret++; } } @@ -235,7 +245,7 @@ check_command(struct assignment *as) ex(as, "multiple max_args strings"); ret++; } - + return ret; } @@ -357,7 +367,7 @@ make_name(struct assignment *as) lopt = find(as, "name"); if(lopt == NULL) return NULL; - + type = find(as, "type"); if(strcmp(type->u.value, "-flag") == 0) asprintf(&s, "%s_flag", lopt->u.value); @@ -375,10 +385,17 @@ static void defval_int(const char *name, struct assignment *defval) else cprint(1, "opt.%s = 0;\n", name); } -static void defval_string(const char *name, struct assignment *defval) +static void defval_neg_flag(const char *name, struct assignment *defval) { if(defval != NULL) - cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value); + cprint(1, "opt.%s = %s;\n", name, defval->u.value); + else + cprint(1, "opt.%s = 1;\n", name); +} +static void defval_string(const char *name, struct assignment *defval) +{ + if(defval != NULL) + cprint(1, "opt.%s = (char *)(unsigned long)\"%s\";\n", name, defval->u.value); else cprint(1, "opt.%s = NULL;\n", name); } @@ -427,7 +444,7 @@ struct type_handler { { "-flag", "int", "arg_negative_flag", - defval_int, + defval_neg_flag, NULL }, { NULL } @@ -450,13 +467,13 @@ gen_options(struct assignment *opt1, const char *name) hprint(0, "struct %s_options {\n", name); - for(tmp = opt1; - tmp != NULL; + for(tmp = opt1; + tmp != NULL; tmp = find_next(tmp, "option")) { struct assignment *type; struct type_handler *th; char *s; - + s = make_name(tmp->u.assignment); type = find(tmp->u.assignment, "type"); th = find_handler(type); @@ -476,19 +493,22 @@ gen_wrapper(struct assignment *as) struct assignment *tmp; char *n, *f; int nargs = 0; + int narguments = 0; name = find(as, "name"); n = strdup(name->u.value); gen_name(n); arg = find(as, "argument"); + if (arg) + narguments++; opt1 = find(as, "option"); function = find(as, "function"); if(function) f = function->u.value; else f = n; - - + + if(opt1 != NULL) { gen_options(opt1, n); hprint(0, "int %s(struct %s_options*, int, char **);\n", f, n); @@ -504,8 +524,8 @@ gen_wrapper(struct assignment *as) cprint(1, "int ret;\n"); cprint(1, "int optidx = 0;\n"); cprint(1, "struct getargs args[] = {\n"); - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { struct assignment *type = find(tmp->u.assignment, "type"); struct assignment *lopt = find(tmp->u.assignment, "long"); @@ -514,7 +534,7 @@ gen_wrapper(struct assignment *as) struct assignment *help = find(tmp->u.assignment, "help"); struct type_handler *th; - + cprint(2, "{ "); if(lopt) fprintf(cfile, "\"%s\", ", lopt->u.value); @@ -531,9 +551,10 @@ gen_wrapper(struct assignment *as) fprintf(cfile, "\"%s\", ", help->u.value); else fprintf(cfile, "NULL, "); - if(aarg) + if(aarg) { fprintf(cfile, "\"%s\"", aarg->u.value); - else + narguments++; + } else fprintf(cfile, "NULL"); fprintf(cfile, " },\n"); } @@ -541,8 +562,8 @@ gen_wrapper(struct assignment *as) cprint(1, "};\n"); cprint(1, "int help_flag = 0;\n"); - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; struct assignment *type = find(tmp->u.assignment, "type"); @@ -550,15 +571,15 @@ gen_wrapper(struct assignment *as) struct assignment *defval = find(tmp->u.assignment, "default"); struct type_handler *th; - + s = make_name(tmp->u.assignment); th = find_handler(type); (*th->defval)(s, defval); free(s); } - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; s = make_name(tmp->u.assignment); @@ -573,7 +594,7 @@ gen_wrapper(struct assignment *as) int min_args = -1; int max_args = -1; char *end; - if(arg == NULL) { + if(narguments == 0) { max_args = 0; } else { if((tmp = find(as, "min_args")) != NULL) { @@ -601,7 +622,7 @@ gen_wrapper(struct assignment *as) } if(min_args != -1 || max_args != -1) { if(min_args == max_args) { - cprint(1, "if(argc - optidx != %d) {\n", + cprint(1, "if(argc - optidx != %d) {\n", min_args); cprint(2, "fprintf(stderr, \"Need exactly %u parameters (%%u given).\\n\\n\", argc - optidx);\n", min_args); cprint(2, "goto usage;\n"); @@ -622,16 +643,16 @@ gen_wrapper(struct assignment *as) } } } - + cprint(1, "if(help_flag)\n"); cprint(2, "goto usage;\n"); - cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", + cprint(1, "ret = %s(%s, argc - optidx, argv + optidx);\n", f, opt1 ? "&opt": "NULL"); - + /* free allocated data */ - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; struct assignment *type = find(tmp->u.assignment, "type"); @@ -646,11 +667,11 @@ gen_wrapper(struct assignment *as) cprint(1, "return ret;\n"); cprint(0, "usage:\n"); - cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, + cprint(1, "arg_printusage (args, %d, \"%s\", \"%s\");\n", nargs, name->u.value, arg ? arg->u.value : ""); /* free allocated data */ - for(tmp = find(as, "option"); - tmp != NULL; + for(tmp = find(as, "option"); + tmp != NULL; tmp = find_next(tmp, "option")) { char *s; struct assignment *type = find(tmp->u.assignment, "type"); @@ -727,7 +748,7 @@ main(int argc, char **argv) print_version(NULL); exit(0); } - + if(argc == optidx) usage(1); diff --git a/crypto/heimdal/lib/sl/slc-lex.c b/crypto/heimdal/lib/sl/slc-lex.c index d89b39c1f03..7bba1531a13 100644 --- a/crypto/heimdal/lib/sl/slc-lex.c +++ b/crypto/heimdal/lib/sl/slc-lex.c @@ -8,7 +8,7 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 33 +#define YY_FLEX_SUBMINOR_VERSION 35 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -30,7 +30,7 @@ /* C99 systems have . Non-C99 systems may or may not. */ -#if __STDC_VERSION__ >= 199901L +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. @@ -93,11 +93,12 @@ typedef unsigned int flex_uint32_t; #else /* ! __cplusplus */ -#if __STDC__ +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) #define YY_USE_CONST -#endif /* __STDC__ */ +#endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST @@ -151,7 +152,12 @@ typedef unsigned int flex_uint32_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif -extern int yyleng; +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + +extern yy_size_t yyleng; extern FILE *yyin, *yyout; @@ -177,16 +183,6 @@ extern FILE *yyin, *yyout; #define unput(c) yyunput( c, (yytext_ptr) ) -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ - -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef unsigned int yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -204,7 +200,7 @@ struct yy_buffer_state /* Number of characters read into yy_ch_buf, not including EOB * characters. */ - int yy_n_chars; + yy_size_t yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to @@ -274,8 +270,8 @@ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; -static int yy_n_chars; /* number of characters read into yy_ch_buf */ -int yyleng; +static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ +yy_size_t yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; @@ -303,7 +299,7 @@ static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); @@ -458,39 +454,39 @@ char *yytext; #line 1 "slc-lex.l" #line 2 "slc-lex.l" /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: slc-lex.l 15118 2005-05-10 22:19:01Z lha $ */ +/* $Id$ */ #undef ECHO @@ -509,7 +505,7 @@ static char * handle_string(void); #undef ECHO -#line 513 "slc-lex.c" +#line 509 "slc-lex.c" #define INITIAL 0 @@ -527,6 +523,35 @@ static char * handle_string(void); static int yy_init_globals (void ); +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int yylex_destroy (void ); + +int yyget_debug (void ); + +void yyset_debug (int debug_flag ); + +YY_EXTRA_TYPE yyget_extra (void ); + +void yyset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *yyget_in (void ); + +void yyset_in (FILE * in_str ); + +FILE *yyget_out (void ); + +void yyset_out (FILE * out_str ); + +yy_size_t yyget_leng (void ); + +char *yyget_text (void ); + +int yyget_lineno (void ); + +void yyset_lineno (int line_number ); + /* Macros after this point can all be overridden by user definitions in * section 1. */ @@ -539,8 +564,6 @@ extern int yywrap (void ); #endif #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif @@ -569,7 +592,7 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -580,7 +603,7 @@ static int input (void ); if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ - size_t n; \ + yy_size_t n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ @@ -662,9 +685,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 55 "slc-lex.l" +#line 58 "slc-lex.l" -#line 668 "slc-lex.c" +#line 691 "slc-lex.c" if ( !(yy_init) ) { @@ -749,7 +772,7 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 56 "slc-lex.l" +#line 59 "slc-lex.l" { yylval.string = strdup ((const char *)yytext); return LITERAL; @@ -757,36 +780,36 @@ YY_RULE_SETUP YY_BREAK case 2: YY_RULE_SETUP -#line 60 "slc-lex.l" +#line 63 "slc-lex.l" { yylval.string = handle_string(); return STRING; } YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP -#line 61 "slc-lex.l" +#line 64 "slc-lex.l" { ++lineno; } YY_BREAK case 4: YY_RULE_SETUP -#line 62 "slc-lex.l" +#line 65 "slc-lex.l" { handle_comment(); } YY_BREAK case 5: YY_RULE_SETUP -#line 63 "slc-lex.l" +#line 66 "slc-lex.l" { return *yytext; } YY_BREAK case 6: YY_RULE_SETUP -#line 64 "slc-lex.l" +#line 67 "slc-lex.l" ; YY_BREAK case 7: YY_RULE_SETUP -#line 65 "slc-lex.l" +#line 68 "slc-lex.l" ECHO; YY_BREAK -#line 790 "slc-lex.c" +#line 813 "slc-lex.c" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -972,7 +995,7 @@ static int yy_get_next_buffer (void) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) @@ -986,7 +1009,7 @@ static int yy_get_next_buffer (void) if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1041,6 +1064,14 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + } + (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; @@ -1107,43 +1138,6 @@ static int yy_get_next_buffer (void) return yy_is_jam ? 0 : yy_current_state; } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); - - /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} - #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) @@ -1168,7 +1162,7 @@ static int yy_get_next_buffer (void) else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); + yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) @@ -1444,7 +1438,7 @@ void yypop_buffer_state (void) */ static void yyensure_buffer_stack (void) { - int num_to_alloc; + yy_size_t num_to_alloc; if (!(yy_buffer_stack)) { @@ -1456,7 +1450,9 @@ static void yyensure_buffer_stack (void) (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); - + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; @@ -1474,6 +1470,8 @@ static void yyensure_buffer_stack (void) ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -1518,7 +1516,7 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. - * @param str a NUL-terminated string to scan + * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use @@ -1537,12 +1535,11 @@ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) * * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) { YY_BUFFER_STATE b; char *buf; - yy_size_t n; - int i; + yy_size_t n, i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -1624,7 +1621,7 @@ FILE *yyget_out (void) /** Get the length of the current token. * */ -int yyget_leng (void) +yy_size_t yyget_leng (void) { return yyleng; } @@ -1772,7 +1769,7 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 65 "slc-lex.l" +#line 68 "slc-lex.l" @@ -1812,19 +1809,12 @@ handle_comment(void) } seen_slash = 1; continue; - } - if(seen_star && c == '/') { - if(--level == 0) - return; - seen_star = 0; - continue; - } - if(c == '*') { + } else if(c == '*') { if(seen_slash) { level++; seen_star = seen_slash = 0; continue; - } + } seen_star = 1; continue; } @@ -1870,7 +1860,7 @@ handle_string(void) } int -yywrap () +yywrap () { return 1; } diff --git a/crypto/heimdal/lib/sl/slc-lex.l b/crypto/heimdal/lib/sl/slc-lex.l index b810b12737b..1099ede32b8 100644 --- a/crypto/heimdal/lib/sl/slc-lex.l +++ b/crypto/heimdal/lib/sl/slc-lex.l @@ -1,38 +1,38 @@ %{ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: slc-lex.l 15118 2005-05-10 22:19:01Z lha $ */ +/* $Id$ */ #undef ECHO @@ -52,6 +52,9 @@ static char * handle_string(void); #undef ECHO %} + +%option nounput + %% [A-Za-z][-A-Za-z0-9_]* { yylval.string = strdup ((const char *)yytext); @@ -100,19 +103,12 @@ handle_comment(void) } seen_slash = 1; continue; - } - if(seen_star && c == '/') { - if(--level == 0) - return; - seen_star = 0; - continue; - } - if(c == '*') { + } else if(c == '*') { if(seen_slash) { level++; seen_star = seen_slash = 0; continue; - } + } seen_star = 1; continue; } @@ -158,7 +154,7 @@ handle_string(void) } int -yywrap () +yywrap () { return 1; } diff --git a/crypto/heimdal/lib/sl/slc.h b/crypto/heimdal/lib/sl/slc.h index 2b05813e4b0..6e45ed2f152 100644 --- a/crypto/heimdal/lib/sl/slc.h +++ b/crypto/heimdal/lib/sl/slc.h @@ -1,37 +1,37 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ -/* $Id: slc.h 13969 2004-06-21 19:10:59Z joda $ */ +/* $Id$ */ #include #include #include diff --git a/crypto/heimdal/lib/sl/ss.c b/crypto/heimdal/lib/sl/ss.c deleted file mode 100644 index f2f3cbc0a2a..00000000000 --- a/crypto/heimdal/lib/sl/ss.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "sl_locl.h" -#include -#include "ss.h" - -RCSID("$Id: ss.c 15429 2005-06-16 19:24:11Z lha $"); - -struct ss_subst { - char *name; - char *version; - char *info; - ss_request_table *table; -}; - -static struct ss_subst subsystems[2]; -static int num_subsystems; - -int -ss_create_invocation(const char *subsystem, - const char *version, - const char *info, - ss_request_table *table, - int *code) -{ - struct ss_subst *ss; - - if(num_subsystems >= sizeof(subsystems) / sizeof(subsystems[0])) { - *code = 17; - return 0; - } - ss = &subsystems[num_subsystems]; - ss->name = ss->version = ss->info = NULL; - if (subsystem != NULL) { - ss->name = strdup (subsystem); - if (ss->name == NULL) { - *code = ENOMEM; - return 0; - } - } - if (version != NULL) { - ss->version = strdup (version); - if (ss->version == NULL) { - *code = ENOMEM; - return 0; - } - } - if (info != NULL) { - ss->info = strdup (info); - if (ss->info == NULL) { - *code = ENOMEM; - return 0; - } - } - ss->table = table; - *code = 0; - return num_subsystems++; -} - -void -ss_error (int idx, long code, const char *fmt, ...) -{ - va_list ap; - va_start(ap, fmt); - com_err_va (subsystems[idx].name, code, fmt, ap); - va_end(ap); -} - -void -ss_perror (int idx, long code, const char *msg) -{ - ss_error(idx, code, "%s", msg); -} - -int -ss_execute_command(int idx, char **argv) -{ - int argc = 0; - int ret; - - while(argv[argc++]); - ret = sl_command(subsystems[idx].table, argc, argv); - if (ret == SL_BADCOMMAND) - return SS_ET_COMMAND_NOT_FOUND; - return 0; -} - -int -ss_execute_line (int idx, const char *line) -{ - char *buf = strdup(line); - int argc; - char **argv; - int ret; - - if (buf == NULL) - return ENOMEM; - sl_make_argv(buf, &argc, &argv); - ret = sl_command(subsystems[idx].table, argc, argv); - free(buf); - if (ret == SL_BADCOMMAND) - return SS_ET_COMMAND_NOT_FOUND; - return 0; -} - -int -ss_listen (int idx) -{ - char *prompt = malloc(strlen(subsystems[idx].name) + 3); - if (prompt == NULL) - return ENOMEM; - - strcpy(prompt, subsystems[idx].name); - strcat(prompt, ": "); - sl_loop(subsystems[idx].table, prompt); - free(prompt); - return 0; -} - -int -ss_list_requests(int argc, char **argv /* , int idx, void *info */) -{ - sl_help(subsystems[0 /* idx */].table, argc, argv); - return 0; -} - -int -ss_quit(int argc, char **argv) -{ - return 1; -} diff --git a/crypto/heimdal/lib/sl/test_sl.c b/crypto/heimdal/lib/sl/test_sl.c index 06105591f4f..91140125ec9 100644 --- a/crypto/heimdal/lib/sl/test_sl.c +++ b/crypto/heimdal/lib/sl/test_sl.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -32,8 +32,6 @@ #include "sl_locl.h" -RCSID("$Id: test_sl.c 19555 2006-12-28 23:40:17Z lha $"); - struct { int ok; const char *line; @@ -82,7 +80,7 @@ main(int argc, char **argv) } else if (!lines[i].ok) errx(1, "sl_make_argv passed test %d when it shouldn't", i); if (rargc != lines[i].argc) - errx(1, "result argc (%d) != should be argc (%d) for test %d", + errx(1, "result argc (%d) != should be argc (%d) for test %d", rargc, lines[i].argc, i); for (j = 0; j < rargc; j++) if (strcmp(rargv[j], lines[i].argv[j]) != 0) diff --git a/crypto/heimdal/lib/sqlite/Makefile.am b/crypto/heimdal/lib/sqlite/Makefile.am new file mode 100644 index 00000000000..2ca8bfd64af --- /dev/null +++ b/crypto/heimdal/lib/sqlite/Makefile.am @@ -0,0 +1,13 @@ +# $Id$ + +include $(top_srcdir)/Makefile.am.common + +lib_LTLIBRARIES = libheimsqlite.la + +noinst_HEADERS = sqlite3.h sqlite3ext.h + +libheimsqlite_la_SOURCES = sqlite3.c + +libheimsqlite_la_LIBADD = $(PTHREAD_LIBADD) + +EXTRA_DIST = NTMakefile diff --git a/crypto/heimdal/tests/plugin/Makefile.in b/crypto/heimdal/lib/sqlite/Makefile.in similarity index 70% rename from crypto/heimdal/tests/plugin/Makefile.in rename to crypto/heimdal/lib/sqlite/Makefile.in index 3e06d801525..e5df2eb7f2d 100644 --- a/crypto/heimdal/tests/plugin/Makefile.in +++ b/crypto/heimdal/lib/sqlite/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,17 +15,18 @@ @SET_MAKE@ -# $Id: Makefile.am 20202 2007-02-08 00:59:47Z lha $ +# $Id$ -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ +# $Id$ -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ +# $Id$ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -39,13 +41,13 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(top_srcdir)/Makefile.am.common \ +DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ $(top_srcdir)/cf/Makefile.am.common -subdir = tests/plugin +subdir = lib/sqlite ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ + $(top_srcdir)/cf/auth-modules.m4 \ $(top_srcdir)/cf/broken-getaddrinfo.m4 \ $(top_srcdir)/cf/broken-glob.m4 \ $(top_srcdir)/cf/broken-realloc.m4 \ @@ -60,7 +62,7 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ + $(top_srcdir)/cf/dispatch.m4 $(top_srcdir)/cf/dlopen.m4 \ $(top_srcdir)/cf/find-func-no-libs.m4 \ $(top_srcdir)/cf/find-func-no-libs2.m4 \ $(top_srcdir)/cf/find-func.m4 \ @@ -74,9 +76,12 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/krb-readline.m4 \ $(top_srcdir)/cf/krb-struct-spwd.m4 \ $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ + $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/libtool.m4 \ + $(top_srcdir)/cf/ltoptions.m4 $(top_srcdir)/cf/ltsugar.m4 \ + $(top_srcdir)/cf/ltversion.m4 $(top_srcdir)/cf/lt~obsolete.m4 \ + $(top_srcdir)/cf/mips-abi.m4 $(top_srcdir)/cf/misc.m4 \ + $(top_srcdir)/cf/need-proto.m4 $(top_srcdir)/cf/osfc2.m4 \ + $(top_srcdir)/cf/otp.m4 $(top_srcdir)/cf/pkg.m4 \ $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ $(top_srcdir)/cf/roken-frag.m4 \ @@ -84,30 +89,43 @@ am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) -windc_la_LIBADD = -am_windc_la_OBJECTS = windc.lo -windc_la_OBJECTS = $(am_windc_la_OBJECTS) -windc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(windc_la_LDFLAGS) \ - $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = +am__DEPENDENCIES_1 = +libheimsqlite_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am_libheimsqlite_la_OBJECTS = sqlite3.lo +libheimsqlite_la_OBJECTS = $(am_libheimsqlite_la_OBJECTS) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -117,9 +135,9 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(windc_la_SOURCES) -DIST_SOURCES = $(windc_la_SOURCES) -DATA = $(noinst_DATA) +SOURCES = $(libheimsqlite_la_SOURCES) +DIST_SOURCES = $(libheimsqlite_la_SOURCES) +HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -127,49 +145,58 @@ ACLOCAL = @ACLOCAL@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ AMTAR = @AMTAR@ AR = @AR@ +ASN1_COMPILE = @ASN1_COMPILE@ +ASN1_COMPILE_DEP = @ASN1_COMPILE_DEP@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ +CAPNG_CFLAGS = @CAPNG_CFLAGS@ +CAPNG_LIBS = @CAPNG_LIBS@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ +DBHEADER = @DBHEADER@ DBLIB = @DBLIB@ DEFS = @DEFS@ +DEPDIR = @DEPDIR@ DIR_com_err = @DIR_com_err@ DIR_hcrypto = @DIR_hcrypto@ DIR_hdbdir = @DIR_hdbdir@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ +FGREP = @FGREP@ GREP = @GREP@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_hcrypto = @INCLUDE_hcrypto@ INCLUDE_hesiod = @INCLUDE_hesiod@ INCLUDE_krb4 = @INCLUDE_krb4@ +INCLUDE_libedit = @INCLUDE_libedit@ +INCLUDE_libintl = @INCLUDE_libintl@ INCLUDE_openldap = @INCLUDE_openldap@ INCLUDE_readline = @INCLUDE_readline@ +INCLUDE_sqlite3 = @INCLUDE_sqlite3@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ LEX = @LEX@ @@ -193,10 +220,11 @@ LIB_crypt = @LIB_crypt@ LIB_db_create = @LIB_db_create@ LIB_dbm_firstkey = @LIB_dbm_firstkey@ LIB_dbopen = @LIB_dbopen@ +LIB_dispatch_async_f = @LIB_dispatch_async_f@ LIB_dlopen = @LIB_dlopen@ LIB_dn_expand = @LIB_dn_expand@ +LIB_dns_search = @LIB_dns_search@ LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ LIB_freeaddrinfo = @LIB_freeaddrinfo@ LIB_gai_strerror = @LIB_gai_strerror@ LIB_getaddrinfo = @LIB_getaddrinfo@ @@ -213,6 +241,8 @@ LIB_hesiod = @LIB_hesiod@ LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ LIB_krb4 = @LIB_krb4@ +LIB_libedit = @LIB_libedit@ +LIB_libintl = @LIB_libintl@ LIB_loadquery = @LIB_loadquery@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ @@ -228,31 +258,45 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LIB_setsockopt = @LIB_setsockopt@ LIB_socket = @LIB_socket@ +LIB_sqlite3 = @LIB_sqlite3@ LIB_syslog = @LIB_syslog@ LIB_tgetent = @LIB_tgetent@ +LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NO_AFS = @NO_AFS@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ +PTHREAD_LDADD = @PTHREAD_LDADD@ +PTHREAD_LIBADD = @PTHREAD_LIBADD@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SLC = @SLC@ +SLC_DEP = @SLC_DEP@ STRIP = @STRIP@ VERSION = @VERSION@ VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ @@ -267,10 +311,12 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ @@ -311,71 +357,56 @@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) +SUFFIXES = .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include +AM_CPPFLAGS = $(INCLUDES_roken) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME AM_CFLAGS = $(WFLAGS) CP = cp buildinclude = $(top_builddir)/include +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ LIB_getpwent_r = @LIB_getpwent_r@ LIB_odm_initialize = @LIB_odm_initialize@ LIB_setpcred = @LIB_setpcred@ HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +libexec_heimdaldir = $(libexecdir)/heimdal NROFF_MAN = groff -mandoc -Tascii LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la +LIB_heimbase = $(top_builddir)/base/libheimbase.la @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -noinst_DATA = krb5.conf -SCRIPT_TESTS = check-pac -TESTS = $(SCRIPT_TESTS) -port = 49188 -do_subst = sed -e 's,[@]srcdir[@],$(srcdir),g' \ - -e 's,[@]port[@],$(port),g' \ - -e 's,[@]objdir[@],$(top_builddir)/tests/plugin,g' \ - -e 's,[@]EGREP[@],$(EGREP),g' - -LDADD = ../../lib/krb5/libkrb5.la $(LIB_roken) -lib_LTLIBRARIES = windc.la -windc_la_SOURCES = windc.c -windc_la_LDFLAGS = -module -CLEANFILES = \ - $(TESTS) \ - server.keytab \ - current-db* \ - foopassword \ - krb5.conf krb5.conf.tmp \ - messages.log - -EXTRA_DIST = \ - check-pac.in \ - krb5.conf.in - +lib_LTLIBRARIES = libheimsqlite.la +noinst_HEADERS = sqlite3.h sqlite3ext.h +libheimsqlite_la_SOURCES = sqlite3.c +libheimsqlite_la_LIBADD = $(PTHREAD_LIBADD) +EXTRA_DIST = NTMakefile all: all-am .SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj +.SUFFIXES: .et .h .x .z .hx .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps tests/plugin/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps tests/plugin/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/sqlite/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/sqlite/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -393,23 +424,28 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -420,8 +456,8 @@ clean-libLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -windc.la: $(windc_la_OBJECTS) $(windc_la_DEPENDENCIES) - $(windc_la_LINK) -rpath $(libdir) $(windc_la_OBJECTS) $(windc_la_LIBADD) $(LIBS) +libheimsqlite.la: $(libheimsqlite_la_OBJECTS) $(libheimsqlite_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libheimsqlite_la_OBJECTS) $(libheimsqlite_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -429,14 +465,28 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sqlite3.Plo@am__quote@ + .c.o: - $(COMPILE) -c $< +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: - $(LTCOMPILE) -c -o $@ $< +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo @@ -449,122 +499,53 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -check-TESTS: $(TESTS) - @failed=0; all=0; xfail=0; xpass=0; skip=0; ws='[ ]'; \ - srcdir=$(srcdir); export srcdir; \ - list=' $(TESTS) '; \ - if test -n "$$list"; then \ - for tst in $$list; do \ - if test -f ./$$tst; then dir=./; \ - elif test -f $$tst; then dir=; \ - else dir="$(srcdir)/"; fi; \ - if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ - all=`expr $$all + 1`; \ - case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ - xpass=`expr $$xpass + 1`; \ - failed=`expr $$failed + 1`; \ - echo "XPASS: $$tst"; \ - ;; \ - *) \ - echo "PASS: $$tst"; \ - ;; \ - esac; \ - elif test $$? -ne 77; then \ - all=`expr $$all + 1`; \ - case " $(XFAIL_TESTS) " in \ - *$$ws$$tst$$ws*) \ - xfail=`expr $$xfail + 1`; \ - echo "XFAIL: $$tst"; \ - ;; \ - *) \ - failed=`expr $$failed + 1`; \ - echo "FAIL: $$tst"; \ - ;; \ - esac; \ - else \ - skip=`expr $$skip + 1`; \ - echo "SKIP: $$tst"; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - if test "$$xfail" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="All $$all tests behaved as expected ($$xfail expected failures)"; \ - fi; \ - else \ - if test "$$xpass" -eq 0; then \ - banner="$$failed of $$all tests failed"; \ - else \ - banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \ - fi; \ - fi; \ - dashes="$$banner"; \ - skipped=""; \ - if test "$$skip" -ne 0; then \ - skipped="($$skip tests were not run)"; \ - test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ - dashes="$$skipped"; \ - fi; \ - report=""; \ - if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ - report="Please report to $(PACKAGE_BUGREPORT)"; \ - test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ - dashes="$$report"; \ - fi; \ - dashes=`echo "$$dashes" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - test -z "$$skipped" || echo "$$skipped"; \ - test -z "$$report" || echo "$$report"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0; \ - else :; fi - distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -581,13 +562,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -595,9 +580,9 @@ distdir: $(DISTFILES) top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local + $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -all-am: Makefile $(LTLIBRARIES) $(DATA) all-local +all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -619,10 +604,10 @@ install-strip: mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -633,6 +618,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -643,6 +629,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -650,26 +638,35 @@ info-am: install-data-am: @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook - install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -689,18 +686,17 @@ ps-am: uninstall-am: uninstall-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook +.MAKE: check-am install-am install-data-am install-exec-am \ + install-strip uninstall-am -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am - -.PHONY: CTAGS GTAGS all all-am all-local check check-TESTS check-am \ - check-local clean clean-generic clean-libLTLIBRARIES \ - clean-libtool ctags dist-hook distclean distclean-compile \ - distclean-generic distclean-libtool distclean-tags distdir dvi \ - dvi-am html html-am info info-am install install-am \ - install-data install-data-am install-data-hook install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-hook \ - install-html install-html-am install-info install-info-am \ +.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ + clean clean-generic clean-libLTLIBRARIES clean-libtool ctags \ + dist-hook distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-hook install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-html \ + install-html-am install-info install-info-am \ install-libLTLIBRARIES install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -778,6 +774,9 @@ check-local:: .x.c: @cmp -s $< $@ 2> /dev/null || cp $< $@ + +.hx.h: + @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -863,7 +862,7 @@ uninstall-hook: uninstall-cat-mans check-valgrind: tobjdir=`cd $(top_builddir) && pwd` ; \ tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check + env TESTS_ENVIRONMENT="$${tsrcdir}/cf/maybe-valgrind.sh -s $${tsrcdir} -o $${tobjdir}" make check # # Target to please samba build farm, builds distfiles in-tree. @@ -877,14 +876,6 @@ distdir-in-tree: $(DISTFILES) $(INFO_DEPS) fi ; \ done -check-pac: check-pac.in Makefile - $(do_subst) < $(srcdir)/check-pac.in > check-pac.tmp - chmod +x check-pac.tmp - mv check-pac.tmp check-pac - -krb5.conf: krb5.conf.in Makefile - $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp - mv krb5.conf.tmp krb5.conf # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/sqlite/NTMakefile b/crypto/heimdal/lib/sqlite/NTMakefile new file mode 100644 index 00000000000..f9e90fb77ff --- /dev/null +++ b/crypto/heimdal/lib/sqlite/NTMakefile @@ -0,0 +1,47 @@ +######################################################################## +# +# Copyright (c) 2009, Secure Endpoints Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# - Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +RELDIR=lib\sqlite + +!include ../../windows/NTMakefile.w32 + +INCFILES= \ + $(INCDIR)\sqlite3.h \ + $(INCDIR)\sqlite3ext.h + +$(LIBSQLITE): $(OBJ)\sqlite3.obj + $(LIBCON) + +all:: $(INCFILES) $(LIBSQLITE) + +clean:: + -$(RM) $(LIBSQLITE) + -$(RM) $(INCFILES) diff --git a/crypto/heimdal/lib/sqlite/sqlite3.c b/crypto/heimdal/lib/sqlite/sqlite3.c new file mode 100644 index 00000000000..d04fa3801eb --- /dev/null +++ b/crypto/heimdal/lib/sqlite/sqlite3.c @@ -0,0 +1,131072 @@ +/****************************************************************************** +** This file is an amalgamation of many separate C source files from SQLite +** version 3.7.8. By combining all the individual C code files into this +** single large file, the entire code can be compiled as a single translation +** unit. This allows many compilers to do optimizations that would not be +** possible if the files were compiled separately. Performance improvements +** of 5% or more are commonly seen when SQLite is compiled as a single +** translation unit. +** +** This file is all you need to compile SQLite. To use SQLite in other +** programs, you need this file and the "sqlite3.h" header file that defines +** the programming interface to the SQLite library. (If you do not have +** the "sqlite3.h" header file at hand, you will find a copy embedded within +** the text of this file. Search for "Begin file sqlite3.h" to find the start +** of the embedded sqlite3.h header file.) Additional code files may be needed +** if you want a wrapper to interface SQLite with your choice of programming +** language. The code for the "sqlite3" command-line shell is also in a +** separate file. This file contains only code for the core SQLite library. +*/ +#define SQLITE_CORE 1 +#define SQLITE_AMALGAMATION 1 +#ifndef SQLITE_PRIVATE +# define SQLITE_PRIVATE static +#endif +#ifndef SQLITE_API +# define SQLITE_API +#endif +/************** Begin file sqliteInt.h ***************************************/ +/* +** 2001 September 15 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** Internal interface definitions for SQLite. +** +*/ +#ifndef _SQLITEINT_H_ +#define _SQLITEINT_H_ + +/* +** These #defines should enable >2GB file support on POSIX if the +** underlying operating system supports it. If the OS lacks +** large file support, or if the OS is windows, these should be no-ops. +** +** Ticket #2739: The _LARGEFILE_SOURCE macro must appear before any +** system #includes. Hence, this block of code must be the very first +** code in all source files. +** +** Large file support can be disabled using the -DSQLITE_DISABLE_LFS switch +** on the compiler command line. This is necessary if you are compiling +** on a recent machine (ex: Red Hat 7.2) but you want your code to work +** on an older machine (ex: Red Hat 6.0). If you compile on Red Hat 7.2 +** without this option, LFS is enable. But LFS does not exist in the kernel +** in Red Hat 6.0, so the code won't work. Hence, for maximum binary +** portability you should omit LFS. +** +** Similar is true for Mac OS X. LFS is only supported on Mac OS X 9 and later. +*/ +#ifndef SQLITE_DISABLE_LFS +# define _LARGE_FILE 1 +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 +# endif +# define _LARGEFILE_SOURCE 1 +#endif + +/* +** Include the configuration header output by 'configure' if we're using the +** autoconf-based build +*/ +#ifdef _HAVE_SQLITE_CONFIG_H +#include "config.h" +#endif + +/************** Include sqliteLimit.h in the middle of sqliteInt.h ***********/ +/************** Begin file sqliteLimit.h *************************************/ +/* +** 2007 May 7 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** +** This file defines various limits of what SQLite can process. +*/ + +/* +** The maximum length of a TEXT or BLOB in bytes. This also +** limits the size of a row in a table or index. +** +** The hard limit is the ability of a 32-bit signed integer +** to count the size: 2^31-1 or 2147483647. +*/ +#ifndef SQLITE_MAX_LENGTH +# define SQLITE_MAX_LENGTH 1000000000 +#endif + +/* +** This is the maximum number of +** +** * Columns in a table +** * Columns in an index +** * Columns in a view +** * Terms in the SET clause of an UPDATE statement +** * Terms in the result set of a SELECT statement +** * Terms in the GROUP BY or ORDER BY clauses of a SELECT statement. +** * Terms in the VALUES clause of an INSERT statement +** +** The hard upper limit here is 32676. Most database people will +** tell you that in a well-normalized database, you usually should +** not have more than a dozen or so columns in any table. And if +** that is the case, there is no point in having more than a few +** dozen values in any of the other situations described above. +*/ +#ifndef SQLITE_MAX_COLUMN +# define SQLITE_MAX_COLUMN 2000 +#endif + +/* +** The maximum length of a single SQL statement in bytes. +** +** It used to be the case that setting this value to zero would +** turn the limit off. That is no longer true. It is not possible +** to turn this limit off. +*/ +#ifndef SQLITE_MAX_SQL_LENGTH +# define SQLITE_MAX_SQL_LENGTH 1000000000 +#endif + +/* +** The maximum depth of an expression tree. This is limited to +** some extent by SQLITE_MAX_SQL_LENGTH. But sometime you might +** want to place more severe limits on the complexity of an +** expression. +** +** A value of 0 used to mean that the limit was not enforced. +** But that is no longer true. The limit is now strictly enforced +** at all times. +*/ +#ifndef SQLITE_MAX_EXPR_DEPTH +# define SQLITE_MAX_EXPR_DEPTH 1000 +#endif + +/* +** The maximum number of terms in a compound SELECT statement. +** The code generator for compound SELECT statements does one +** level of recursion for each term. A stack overflow can result +** if the number of terms is too large. In practice, most SQL +** never has more than 3 or 4 terms. Use a value of 0 to disable +** any limit on the number of terms in a compount SELECT. +*/ +#ifndef SQLITE_MAX_COMPOUND_SELECT +# define SQLITE_MAX_COMPOUND_SELECT 500 +#endif + +/* +** The maximum number of opcodes in a VDBE program. +** Not currently enforced. +*/ +#ifndef SQLITE_MAX_VDBE_OP +# define SQLITE_MAX_VDBE_OP 25000 +#endif + +/* +** The maximum number of arguments to an SQL function. +*/ +#ifndef SQLITE_MAX_FUNCTION_ARG +# define SQLITE_MAX_FUNCTION_ARG 127 +#endif + +/* +** The maximum number of in-memory pages to use for the main database +** table and for temporary tables. The SQLITE_DEFAULT_CACHE_SIZE +*/ +#ifndef SQLITE_DEFAULT_CACHE_SIZE +# define SQLITE_DEFAULT_CACHE_SIZE 2000 +#endif +#ifndef SQLITE_DEFAULT_TEMP_CACHE_SIZE +# define SQLITE_DEFAULT_TEMP_CACHE_SIZE 500 +#endif + +/* +** The default number of frames to accumulate in the log file before +** checkpointing the database in WAL mode. +*/ +#ifndef SQLITE_DEFAULT_WAL_AUTOCHECKPOINT +# define SQLITE_DEFAULT_WAL_AUTOCHECKPOINT 1000 +#endif + +/* +** The maximum number of attached databases. This must be between 0 +** and 62. The upper bound on 62 is because a 64-bit integer bitmap +** is used internally to track attached databases. +*/ +#ifndef SQLITE_MAX_ATTACHED +# define SQLITE_MAX_ATTACHED 10 +#endif + + +/* +** The maximum value of a ?nnn wildcard that the parser will accept. +*/ +#ifndef SQLITE_MAX_VARIABLE_NUMBER +# define SQLITE_MAX_VARIABLE_NUMBER 999 +#endif + +/* Maximum page size. The upper bound on this value is 65536. This a limit +** imposed by the use of 16-bit offsets within each page. +** +** Earlier versions of SQLite allowed the user to change this value at +** compile time. This is no longer permitted, on the grounds that it creates +** a library that is technically incompatible with an SQLite library +** compiled with a different limit. If a process operating on a database +** with a page-size of 65536 bytes crashes, then an instance of SQLite +** compiled with the default page-size limit will not be able to rollback +** the aborted transaction. This could lead to database corruption. +*/ +#ifdef SQLITE_MAX_PAGE_SIZE +# undef SQLITE_MAX_PAGE_SIZE +#endif +#define SQLITE_MAX_PAGE_SIZE 65536 + + +/* +** The default size of a database page. +*/ +#ifndef SQLITE_DEFAULT_PAGE_SIZE +# define SQLITE_DEFAULT_PAGE_SIZE 1024 +#endif +#if SQLITE_DEFAULT_PAGE_SIZE>SQLITE_MAX_PAGE_SIZE +# undef SQLITE_DEFAULT_PAGE_SIZE +# define SQLITE_DEFAULT_PAGE_SIZE SQLITE_MAX_PAGE_SIZE +#endif + +/* +** Ordinarily, if no value is explicitly provided, SQLite creates databases +** with page size SQLITE_DEFAULT_PAGE_SIZE. However, based on certain +** device characteristics (sector-size and atomic write() support), +** SQLite may choose a larger value. This constant is the maximum value +** SQLite will choose on its own. +*/ +#ifndef SQLITE_MAX_DEFAULT_PAGE_SIZE +# define SQLITE_MAX_DEFAULT_PAGE_SIZE 8192 +#endif +#if SQLITE_MAX_DEFAULT_PAGE_SIZE>SQLITE_MAX_PAGE_SIZE +# undef SQLITE_MAX_DEFAULT_PAGE_SIZE +# define SQLITE_MAX_DEFAULT_PAGE_SIZE SQLITE_MAX_PAGE_SIZE +#endif + + +/* +** Maximum number of pages in one database file. +** +** This is really just the default value for the max_page_count pragma. +** This value can be lowered (or raised) at run-time using that the +** max_page_count macro. +*/ +#ifndef SQLITE_MAX_PAGE_COUNT +# define SQLITE_MAX_PAGE_COUNT 1073741823 +#endif + +/* +** Maximum length (in bytes) of the pattern in a LIKE or GLOB +** operator. +*/ +#ifndef SQLITE_MAX_LIKE_PATTERN_LENGTH +# define SQLITE_MAX_LIKE_PATTERN_LENGTH 50000 +#endif + +/* +** Maximum depth of recursion for triggers. +** +** A value of 1 means that a trigger program will not be able to itself +** fire any triggers. A value of 0 means that no trigger programs at all +** may be executed. +*/ +#ifndef SQLITE_MAX_TRIGGER_DEPTH +# define SQLITE_MAX_TRIGGER_DEPTH 1000 +#endif + +/************** End of sqliteLimit.h *****************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ + +/* Disable nuisance warnings on Borland compilers */ +#if defined(__BORLANDC__) +#pragma warn -rch /* unreachable code */ +#pragma warn -ccc /* Condition is always true or false */ +#pragma warn -aus /* Assigned value is never used */ +#pragma warn -csu /* Comparing signed and unsigned */ +#pragma warn -spa /* Suspicious pointer arithmetic */ +#endif + +/* Needed for various definitions... */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +/* +** Include standard header files as necessary +*/ +#ifdef HAVE_STDINT_H +#include +#endif +#ifdef HAVE_INTTYPES_H +#include +#endif + +/* +** The number of samples of an index that SQLite takes in order to +** construct a histogram of the table content when running ANALYZE +** and with SQLITE_ENABLE_STAT2 +*/ +#define SQLITE_INDEX_SAMPLES 10 + +/* +** The following macros are used to cast pointers to integers and +** integers to pointers. The way you do this varies from one compiler +** to the next, so we have developed the following set of #if statements +** to generate appropriate macros for a wide range of compilers. +** +** The correct "ANSI" way to do this is to use the intptr_t type. +** Unfortunately, that typedef is not available on all compilers, or +** if it is available, it requires an #include of specific headers +** that vary from one machine to the next. +** +** Ticket #3860: The llvm-gcc-4.2 compiler from Apple chokes on +** the ((void*)&((char*)0)[X]) construct. But MSVC chokes on ((void*)(X)). +** So we have to define the macros in different ways depending on the +** compiler. +*/ +#if defined(__PTRDIFF_TYPE__) /* This case should work for GCC */ +# define SQLITE_INT_TO_PTR(X) ((void*)(__PTRDIFF_TYPE__)(X)) +# define SQLITE_PTR_TO_INT(X) ((int)(__PTRDIFF_TYPE__)(X)) +#elif !defined(__GNUC__) /* Works for compilers other than LLVM */ +# define SQLITE_INT_TO_PTR(X) ((void*)&((char*)0)[X]) +# define SQLITE_PTR_TO_INT(X) ((int)(((char*)X)-(char*)0)) +#elif defined(HAVE_STDINT_H) /* Use this case if we have ANSI headers */ +# define SQLITE_INT_TO_PTR(X) ((void*)(intptr_t)(X)) +# define SQLITE_PTR_TO_INT(X) ((int)(intptr_t)(X)) +#else /* Generates a warning - but it always works */ +# define SQLITE_INT_TO_PTR(X) ((void*)(X)) +# define SQLITE_PTR_TO_INT(X) ((int)(X)) +#endif + +/* +** The SQLITE_THREADSAFE macro must be defined as 0, 1, or 2. +** 0 means mutexes are permanently disable and the library is never +** threadsafe. 1 means the library is serialized which is the highest +** level of threadsafety. 2 means the libary is multithreaded - multiple +** threads can use SQLite as long as no two threads try to use the same +** database connection at the same time. +** +** Older versions of SQLite used an optional THREADSAFE macro. +** We support that for legacy. +*/ +#if !defined(SQLITE_THREADSAFE) +#if defined(THREADSAFE) +# define SQLITE_THREADSAFE THREADSAFE +#else +# define SQLITE_THREADSAFE 1 /* IMP: R-07272-22309 */ +#endif +#endif + +/* +** The SQLITE_DEFAULT_MEMSTATUS macro must be defined as either 0 or 1. +** It determines whether or not the features related to +** SQLITE_CONFIG_MEMSTATUS are available by default or not. This value can +** be overridden at runtime using the sqlite3_config() API. +*/ +#if !defined(SQLITE_DEFAULT_MEMSTATUS) +# define SQLITE_DEFAULT_MEMSTATUS 1 +#endif + +/* +** Exactly one of the following macros must be defined in order to +** specify which memory allocation subsystem to use. +** +** SQLITE_SYSTEM_MALLOC // Use normal system malloc() +** SQLITE_WIN32_MALLOC // Use Win32 native heap API +** SQLITE_MEMDEBUG // Debugging version of system malloc() +** +** On Windows, if the SQLITE_WIN32_MALLOC_VALIDATE macro is defined and the +** assert() macro is enabled, each call into the Win32 native heap subsystem +** will cause HeapValidate to be called. If heap validation should fail, an +** assertion will be triggered. +** +** (Historical note: There used to be several other options, but we've +** pared it down to just these two.) +** +** If none of the above are defined, then set SQLITE_SYSTEM_MALLOC as +** the default. +*/ +#if defined(SQLITE_SYSTEM_MALLOC)+defined(SQLITE_WIN32_MALLOC)+defined(SQLITE_MEMDEBUG)>1 +# error "At most one of the following compile-time configuration options\ + is allows: SQLITE_SYSTEM_MALLOC, SQLITE_WIN32_MALLOC, SQLITE_MEMDEBUG" +#endif +#if defined(SQLITE_SYSTEM_MALLOC)+defined(SQLITE_WIN32_MALLOC)+defined(SQLITE_MEMDEBUG)==0 +# define SQLITE_SYSTEM_MALLOC 1 +#endif + +/* +** If SQLITE_MALLOC_SOFT_LIMIT is not zero, then try to keep the +** sizes of memory allocations below this value where possible. +*/ +#if !defined(SQLITE_MALLOC_SOFT_LIMIT) +# define SQLITE_MALLOC_SOFT_LIMIT 1024 +#endif + +/* +** We need to define _XOPEN_SOURCE as follows in order to enable +** recursive mutexes on most Unix systems. But Mac OS X is different. +** The _XOPEN_SOURCE define causes problems for Mac OS X we are told, +** so it is omitted there. See ticket #2673. +** +** Later we learn that _XOPEN_SOURCE is poorly or incorrectly +** implemented on some systems. So we avoid defining it at all +** if it is already defined or if it is unneeded because we are +** not doing a threadsafe build. Ticket #2681. +** +** See also ticket #2741. +*/ +#if !defined(_XOPEN_SOURCE) && !defined(__DARWIN__) && !defined(__APPLE__) && SQLITE_THREADSAFE +#ifdef __sun +# define _XOPEN_SOURCE 600 +#else +# define _XOPEN_SOURCE 500 /* Needed to enable pthread recursive mutexes */ +#endif +#endif + +/* +** The TCL headers are only needed when compiling the TCL bindings. +*/ +#if defined(SQLITE_TCL) || defined(TCLSH) +# include +#endif + +/* +** Many people are failing to set -DNDEBUG=1 when compiling SQLite. +** Setting NDEBUG makes the code smaller and run faster. So the following +** lines are added to automatically set NDEBUG unless the -DSQLITE_DEBUG=1 +** option is set. Thus NDEBUG becomes an opt-in rather than an opt-out +** feature. +*/ +#if !defined(NDEBUG) && !defined(SQLITE_DEBUG) +# define NDEBUG 1 +#endif + +/* +** The testcase() macro is used to aid in coverage testing. When +** doing coverage testing, the condition inside the argument to +** testcase() must be evaluated both true and false in order to +** get full branch coverage. The testcase() macro is inserted +** to help ensure adequate test coverage in places where simple +** condition/decision coverage is inadequate. For example, testcase() +** can be used to make sure boundary values are tested. For +** bitmask tests, testcase() can be used to make sure each bit +** is significant and used at least once. On switch statements +** where multiple cases go to the same block of code, testcase() +** can insure that all cases are evaluated. +** +*/ +#ifdef SQLITE_COVERAGE_TEST +SQLITE_PRIVATE void sqlite3Coverage(int); +# define testcase(X) if( X ){ sqlite3Coverage(__LINE__); } +#else +# define testcase(X) +#endif + +/* +** The TESTONLY macro is used to enclose variable declarations or +** other bits of code that are needed to support the arguments +** within testcase() and assert() macros. +*/ +#if !defined(NDEBUG) || defined(SQLITE_COVERAGE_TEST) +# define TESTONLY(X) X +#else +# define TESTONLY(X) +#endif + +/* +** Sometimes we need a small amount of code such as a variable initialization +** to setup for a later assert() statement. We do not want this code to +** appear when assert() is disabled. The following macro is therefore +** used to contain that setup code. The "VVA" acronym stands for +** "Verification, Validation, and Accreditation". In other words, the +** code within VVA_ONLY() will only run during verification processes. +*/ +#ifndef NDEBUG +# define VVA_ONLY(X) X +#else +# define VVA_ONLY(X) +#endif + +/* +** The ALWAYS and NEVER macros surround boolean expressions which +** are intended to always be true or false, respectively. Such +** expressions could be omitted from the code completely. But they +** are included in a few cases in order to enhance the resilience +** of SQLite to unexpected behavior - to make the code "self-healing" +** or "ductile" rather than being "brittle" and crashing at the first +** hint of unplanned behavior. +** +** In other words, ALWAYS and NEVER are added for defensive code. +** +** When doing coverage testing ALWAYS and NEVER are hard-coded to +** be true and false so that the unreachable code then specify will +** not be counted as untested code. +*/ +#if defined(SQLITE_COVERAGE_TEST) +# define ALWAYS(X) (1) +# define NEVER(X) (0) +#elif !defined(NDEBUG) +# define ALWAYS(X) ((X)?1:(assert(0),0)) +# define NEVER(X) ((X)?(assert(0),1):0) +#else +# define ALWAYS(X) (X) +# define NEVER(X) (X) +#endif + +/* +** Return true (non-zero) if the input is a integer that is too large +** to fit in 32-bits. This macro is used inside of various testcase() +** macros to verify that we have tested SQLite for large-file support. +*/ +#define IS_BIG_INT(X) (((X)&~(i64)0xffffffff)!=0) + +/* +** The macro unlikely() is a hint that surrounds a boolean +** expression that is usually false. Macro likely() surrounds +** a boolean expression that is usually true. GCC is able to +** use these hints to generate better code, sometimes. +*/ +#if defined(__GNUC__) && 0 +# define likely(X) __builtin_expect((X),1) +# define unlikely(X) __builtin_expect((X),0) +#else +# define likely(X) !!(X) +# define unlikely(X) !!(X) +#endif + +/************** Include sqlite3.h in the middle of sqliteInt.h ***************/ +/************** Begin file sqlite3.h *****************************************/ +/* +** 2001 September 15 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This header file defines the interface that the SQLite library +** presents to client programs. If a C-function, structure, datatype, +** or constant definition does not appear in this file, then it is +** not a published API of SQLite, is subject to change without +** notice, and should not be referenced by programs that use SQLite. +** +** Some of the definitions that are in this file are marked as +** "experimental". Experimental interfaces are normally new +** features recently added to SQLite. We do not anticipate changes +** to experimental interfaces but reserve the right to make minor changes +** if experience from use "in the wild" suggest such changes are prudent. +** +** The official C-language API documentation for SQLite is derived +** from comments in this file. This file is the authoritative source +** on how SQLite interfaces are suppose to operate. +** +** The name of this file under configuration management is "sqlite.h.in". +** The makefile makes some minor changes to this file (such as inserting +** the version number) and changes its name to "sqlite3.h" as +** part of the build process. +*/ +#ifndef _SQLITE3_H_ +#define _SQLITE3_H_ +#include /* Needed for the definition of va_list */ + +/* +** Make sure we can call this stuff from C++. +*/ +#if 0 +extern "C" { +#endif + + +/* +** Add the ability to override 'extern' +*/ +#ifndef SQLITE_EXTERN +# define SQLITE_EXTERN extern +#endif + +#ifndef SQLITE_API +# define SQLITE_API +#endif + + +/* +** These no-op macros are used in front of interfaces to mark those +** interfaces as either deprecated or experimental. New applications +** should not use deprecated interfaces - they are support for backwards +** compatibility only. Application writers should be aware that +** experimental interfaces are subject to change in point releases. +** +** These macros used to resolve to various kinds of compiler magic that +** would generate warning messages when they were used. But that +** compiler magic ended up generating such a flurry of bug reports +** that we have taken it all out and gone back to using simple +** noop macros. +*/ +#define SQLITE_DEPRECATED +#define SQLITE_EXPERIMENTAL + +/* +** Ensure these symbols were not defined by some previous header file. +*/ +#ifdef SQLITE_VERSION +# undef SQLITE_VERSION +#endif +#ifdef SQLITE_VERSION_NUMBER +# undef SQLITE_VERSION_NUMBER +#endif + +/* +** CAPI3REF: Compile-Time Library Version Numbers +** +** ^(The [SQLITE_VERSION] C preprocessor macro in the sqlite3.h header +** evaluates to a string literal that is the SQLite version in the +** format "X.Y.Z" where X is the major version number (always 3 for +** SQLite3) and Y is the minor version number and Z is the release number.)^ +** ^(The [SQLITE_VERSION_NUMBER] C preprocessor macro resolves to an integer +** with the value (X*1000000 + Y*1000 + Z) where X, Y, and Z are the same +** numbers used in [SQLITE_VERSION].)^ +** The SQLITE_VERSION_NUMBER for any given release of SQLite will also +** be larger than the release from which it is derived. Either Y will +** be held constant and Z will be incremented or else Y will be incremented +** and Z will be reset to zero. +** +** Since version 3.6.18, SQLite source code has been stored in the +** Fossil configuration management +** system. ^The SQLITE_SOURCE_ID macro evaluates to +** a string which identifies a particular check-in of SQLite +** within its configuration management system. ^The SQLITE_SOURCE_ID +** string contains the date and time of the check-in (UTC) and an SHA1 +** hash of the entire source tree. +** +** See also: [sqlite3_libversion()], +** [sqlite3_libversion_number()], [sqlite3_sourceid()], +** [sqlite_version()] and [sqlite_source_id()]. +*/ +#define SQLITE_VERSION "3.7.8" +#define SQLITE_VERSION_NUMBER 3007008 +#define SQLITE_SOURCE_ID "2011-09-19 14:49:19 3e0da808d2f5b4d12046e05980ca04578f581177" + +/* +** CAPI3REF: Run-Time Library Version Numbers +** KEYWORDS: sqlite3_version, sqlite3_sourceid +** +** These interfaces provide the same information as the [SQLITE_VERSION], +** [SQLITE_VERSION_NUMBER], and [SQLITE_SOURCE_ID] C preprocessor macros +** but are associated with the library instead of the header file. ^(Cautious +** programmers might include assert() statements in their application to +** verify that values returned by these interfaces match the macros in +** the header, and thus insure that the application is +** compiled with matching library and header files. +** +** 
+** assert( sqlite3_libversion_number()==SQLITE_VERSION_NUMBER );
+** assert( strcmp(sqlite3_sourceid(),SQLITE_SOURCE_ID)==0 );
+** assert( strcmp(sqlite3_libversion(),SQLITE_VERSION)==0 );
+**
)^ +** +** ^The sqlite3_version[] string constant contains the text of [SQLITE_VERSION] +** macro. ^The sqlite3_libversion() function returns a pointer to the +** to the sqlite3_version[] string constant. The sqlite3_libversion() +** function is provided for use in DLLs since DLL users usually do not have +** direct access to string constants within the DLL. ^The +** sqlite3_libversion_number() function returns an integer equal to +** [SQLITE_VERSION_NUMBER]. ^The sqlite3_sourceid() function returns +** a pointer to a string constant whose value is the same as the +** [SQLITE_SOURCE_ID] C preprocessor macro. +** +** See also: [sqlite_version()] and [sqlite_source_id()]. +*/ +SQLITE_API const char sqlite3_version[] = SQLITE_VERSION; +SQLITE_API const char *sqlite3_libversion(void); +SQLITE_API const char *sqlite3_sourceid(void); +SQLITE_API int sqlite3_libversion_number(void); + +/* +** CAPI3REF: Run-Time Library Compilation Options Diagnostics +** +** ^The sqlite3_compileoption_used() function returns 0 or 1 +** indicating whether the specified option was defined at +** compile time. ^The SQLITE_ prefix may be omitted from the +** option name passed to sqlite3_compileoption_used(). +** +** ^The sqlite3_compileoption_get() function allows iterating +** over the list of options that were defined at compile time by +** returning the N-th compile time option string. ^If N is out of range, +** sqlite3_compileoption_get() returns a NULL pointer. ^The SQLITE_ +** prefix is omitted from any strings returned by +** sqlite3_compileoption_get(). +** +** ^Support for the diagnostic functions sqlite3_compileoption_used() +** and sqlite3_compileoption_get() may be omitted by specifying the +** [SQLITE_OMIT_COMPILEOPTION_DIAGS] option at compile time. +** +** See also: SQL functions [sqlite_compileoption_used()] and +** [sqlite_compileoption_get()] and the [compile_options pragma]. +*/ +#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS +SQLITE_API int sqlite3_compileoption_used(const char *zOptName); +SQLITE_API const char *sqlite3_compileoption_get(int N); +#endif + +/* +** CAPI3REF: Test To See If The Library Is Threadsafe +** +** ^The sqlite3_threadsafe() function returns zero if and only if +** SQLite was compiled mutexing code omitted due to the +** [SQLITE_THREADSAFE] compile-time option being set to 0. +** +** SQLite can be compiled with or without mutexes. When +** the [SQLITE_THREADSAFE] C preprocessor macro is 1 or 2, mutexes +** are enabled and SQLite is threadsafe. When the +** [SQLITE_THREADSAFE] macro is 0, +** the mutexes are omitted. Without the mutexes, it is not safe +** to use SQLite concurrently from more than one thread. +** +** Enabling mutexes incurs a measurable performance penalty. +** So if speed is of utmost importance, it makes sense to disable +** the mutexes. But for maximum safety, mutexes should be enabled. +** ^The default behavior is for mutexes to be enabled. +** +** This interface can be used by an application to make sure that the +** version of SQLite that it is linking against was compiled with +** the desired setting of the [SQLITE_THREADSAFE] macro. +** +** This interface only reports on the compile-time mutex setting +** of the [SQLITE_THREADSAFE] flag. If SQLite is compiled with +** SQLITE_THREADSAFE=1 or =2 then mutexes are enabled by default but +** can be fully or partially disabled using a call to [sqlite3_config()] +** with the verbs [SQLITE_CONFIG_SINGLETHREAD], [SQLITE_CONFIG_MULTITHREAD], +** or [SQLITE_CONFIG_MUTEX]. ^(The return value of the +** sqlite3_threadsafe() function shows only the compile-time setting of +** thread safety, not any run-time changes to that setting made by +** sqlite3_config(). In other words, the return value from sqlite3_threadsafe() +** is unchanged by calls to sqlite3_config().)^ +** +** See the [threading mode] documentation for additional information. +*/ +SQLITE_API int sqlite3_threadsafe(void); + +/* +** CAPI3REF: Database Connection Handle +** KEYWORDS: {database connection} {database connections} +** +** Each open SQLite database is represented by a pointer to an instance of +** the opaque structure named "sqlite3". It is useful to think of an sqlite3 +** pointer as an object. The [sqlite3_open()], [sqlite3_open16()], and +** [sqlite3_open_v2()] interfaces are its constructors, and [sqlite3_close()] +** is its destructor. There are many other interfaces (such as +** [sqlite3_prepare_v2()], [sqlite3_create_function()], and +** [sqlite3_busy_timeout()] to name but three) that are methods on an +** sqlite3 object. +*/ +typedef struct sqlite3 sqlite3; + +/* +** CAPI3REF: 64-Bit Integer Types +** KEYWORDS: sqlite_int64 sqlite_uint64 +** +** Because there is no cross-platform way to specify 64-bit integer types +** SQLite includes typedefs for 64-bit signed and unsigned integers. +** +** The sqlite3_int64 and sqlite3_uint64 are the preferred type definitions. +** The sqlite_int64 and sqlite_uint64 types are supported for backwards +** compatibility only. +** +** ^The sqlite3_int64 and sqlite_int64 types can store integer values +** between -9223372036854775808 and +9223372036854775807 inclusive. ^The +** sqlite3_uint64 and sqlite_uint64 types can store integer values +** between 0 and +18446744073709551615 inclusive. +*/ +#ifdef SQLITE_INT64_TYPE + typedef SQLITE_INT64_TYPE sqlite_int64; + typedef unsigned SQLITE_INT64_TYPE sqlite_uint64; +#elif defined(_MSC_VER) || defined(__BORLANDC__) + typedef __int64 sqlite_int64; + typedef unsigned __int64 sqlite_uint64; +#else + typedef long long int sqlite_int64; + typedef unsigned long long int sqlite_uint64; +#endif +typedef sqlite_int64 sqlite3_int64; +typedef sqlite_uint64 sqlite3_uint64; + +/* +** If compiling for a processor that lacks floating point support, +** substitute integer for floating-point. +*/ +#ifdef SQLITE_OMIT_FLOATING_POINT +# define double sqlite3_int64 +#endif + +/* +** CAPI3REF: Closing A Database Connection +** +** ^The sqlite3_close() routine is the destructor for the [sqlite3] object. +** ^Calls to sqlite3_close() return SQLITE_OK if the [sqlite3] object is +** successfully destroyed and all associated resources are deallocated. +** +** Applications must [sqlite3_finalize | finalize] all [prepared statements] +** and [sqlite3_blob_close | close] all [BLOB handles] associated with +** the [sqlite3] object prior to attempting to close the object. ^If +** sqlite3_close() is called on a [database connection] that still has +** outstanding [prepared statements] or [BLOB handles], then it returns +** SQLITE_BUSY. +** +** ^If [sqlite3_close()] is invoked while a transaction is open, +** the transaction is automatically rolled back. +** +** The C parameter to [sqlite3_close(C)] must be either a NULL +** pointer or an [sqlite3] object pointer obtained +** from [sqlite3_open()], [sqlite3_open16()], or +** [sqlite3_open_v2()], and not previously closed. +** ^Calling sqlite3_close() with a NULL pointer argument is a +** harmless no-op. +*/ +SQLITE_API int sqlite3_close(sqlite3 *); + +/* +** The type for a callback function. +** This is legacy and deprecated. It is included for historical +** compatibility and is not documented. +*/ +typedef int (*sqlite3_callback)(void*,int,char**, char**); + +/* +** CAPI3REF: One-Step Query Execution Interface +** +** The sqlite3_exec() interface is a convenience wrapper around +** [sqlite3_prepare_v2()], [sqlite3_step()], and [sqlite3_finalize()], +** that allows an application to run multiple statements of SQL +** without having to use a lot of C code. +** +** ^The sqlite3_exec() interface runs zero or more UTF-8 encoded, +** semicolon-separate SQL statements passed into its 2nd argument, +** in the context of the [database connection] passed in as its 1st +** argument. ^If the callback function of the 3rd argument to +** sqlite3_exec() is not NULL, then it is invoked for each result row +** coming out of the evaluated SQL statements. ^The 4th argument to +** sqlite3_exec() is relayed through to the 1st argument of each +** callback invocation. ^If the callback pointer to sqlite3_exec() +** is NULL, then no callback is ever invoked and result rows are +** ignored. +** +** ^If an error occurs while evaluating the SQL statements passed into +** sqlite3_exec(), then execution of the current statement stops and +** subsequent statements are skipped. ^If the 5th parameter to sqlite3_exec() +** is not NULL then any error message is written into memory obtained +** from [sqlite3_malloc()] and passed back through the 5th parameter. +** To avoid memory leaks, the application should invoke [sqlite3_free()] +** on error message strings returned through the 5th parameter of +** of sqlite3_exec() after the error message string is no longer needed. +** ^If the 5th parameter to sqlite3_exec() is not NULL and no errors +** occur, then sqlite3_exec() sets the pointer in its 5th parameter to +** NULL before returning. +** +** ^If an sqlite3_exec() callback returns non-zero, the sqlite3_exec() +** routine returns SQLITE_ABORT without invoking the callback again and +** without running any subsequent SQL statements. +** +** ^The 2nd argument to the sqlite3_exec() callback function is the +** number of columns in the result. ^The 3rd argument to the sqlite3_exec() +** callback is an array of pointers to strings obtained as if from +** [sqlite3_column_text()], one for each column. ^If an element of a +** result row is NULL then the corresponding string pointer for the +** sqlite3_exec() callback is a NULL pointer. ^The 4th argument to the +** sqlite3_exec() callback is an array of pointers to strings where each +** entry represents the name of corresponding result column as obtained +** from [sqlite3_column_name()]. +** +** ^If the 2nd parameter to sqlite3_exec() is a NULL pointer, a pointer +** to an empty string, or a pointer that contains only whitespace and/or +** SQL comments, then no SQL statements are evaluated and the database +** is not changed. +** +** Restrictions: +** +**
    +**
  • The application must insure that the 1st parameter to sqlite3_exec() +** is a valid and open [database connection]. +**
  • The application must not close [database connection] specified by +** the 1st parameter to sqlite3_exec() while sqlite3_exec() is running. +**
  • The application must not modify the SQL statement text passed into +** the 2nd parameter of sqlite3_exec() while sqlite3_exec() is running. +**
+*/ +SQLITE_API int sqlite3_exec( + sqlite3*, /* An open database */ + const char *sql, /* SQL to be evaluated */ + int (*callback)(void*,int,char**,char**), /* Callback function */ + void *, /* 1st argument to callback */ + char **errmsg /* Error msg written here */ +); + +/* +** CAPI3REF: Result Codes +** KEYWORDS: SQLITE_OK {error code} {error codes} +** KEYWORDS: {result code} {result codes} +** +** Many SQLite functions return an integer result code from the set shown +** here in order to indicates success or failure. +** +** New error codes may be added in future versions of SQLite. +** +** See also: [SQLITE_IOERR_READ | extended result codes], +** [sqlite3_vtab_on_conflict()] [SQLITE_ROLLBACK | result codes]. +*/ +#define SQLITE_OK 0 /* Successful result */ +/* beginning-of-error-codes */ +#define SQLITE_ERROR 1 /* SQL error or missing database */ +#define SQLITE_INTERNAL 2 /* Internal logic error in SQLite */ +#define SQLITE_PERM 3 /* Access permission denied */ +#define SQLITE_ABORT 4 /* Callback routine requested an abort */ +#define SQLITE_BUSY 5 /* The database file is locked */ +#define SQLITE_LOCKED 6 /* A table in the database is locked */ +#define SQLITE_NOMEM 7 /* A malloc() failed */ +#define SQLITE_READONLY 8 /* Attempt to write a readonly database */ +#define SQLITE_INTERRUPT 9 /* Operation terminated by sqlite3_interrupt()*/ +#define SQLITE_IOERR 10 /* Some kind of disk I/O error occurred */ +#define SQLITE_CORRUPT 11 /* The database disk image is malformed */ +#define SQLITE_NOTFOUND 12 /* Unknown opcode in sqlite3_file_control() */ +#define SQLITE_FULL 13 /* Insertion failed because database is full */ +#define SQLITE_CANTOPEN 14 /* Unable to open the database file */ +#define SQLITE_PROTOCOL 15 /* Database lock protocol error */ +#define SQLITE_EMPTY 16 /* Database is empty */ +#define SQLITE_SCHEMA 17 /* The database schema changed */ +#define SQLITE_TOOBIG 18 /* String or BLOB exceeds size limit */ +#define SQLITE_CONSTRAINT 19 /* Abort due to constraint violation */ +#define SQLITE_MISMATCH 20 /* Data type mismatch */ +#define SQLITE_MISUSE 21 /* Library used incorrectly */ +#define SQLITE_NOLFS 22 /* Uses OS features not supported on host */ +#define SQLITE_AUTH 23 /* Authorization denied */ +#define SQLITE_FORMAT 24 /* Auxiliary database format error */ +#define SQLITE_RANGE 25 /* 2nd parameter to sqlite3_bind out of range */ +#define SQLITE_NOTADB 26 /* File opened that is not a database file */ +#define SQLITE_ROW 100 /* sqlite3_step() has another row ready */ +#define SQLITE_DONE 101 /* sqlite3_step() has finished executing */ +/* end-of-error-codes */ + +/* +** CAPI3REF: Extended Result Codes +** KEYWORDS: {extended error code} {extended error codes} +** KEYWORDS: {extended result code} {extended result codes} +** +** In its default configuration, SQLite API routines return one of 26 integer +** [SQLITE_OK | result codes]. However, experience has shown that many of +** these result codes are too coarse-grained. They do not provide as +** much information about problems as programmers might like. In an effort to +** address this, newer versions of SQLite (version 3.3.8 and later) include +** support for additional result codes that provide more detailed information +** about errors. The extended result codes are enabled or disabled +** on a per database connection basis using the +** [sqlite3_extended_result_codes()] API. +** +** Some of the available extended result codes are listed here. +** One may expect the number of extended result codes will be expand +** over time. Software that uses extended result codes should expect +** to see new result codes in future releases of SQLite. +** +** The SQLITE_OK result code will never be extended. It will always +** be exactly zero. +*/ +#define SQLITE_IOERR_READ (SQLITE_IOERR | (1<<8)) +#define SQLITE_IOERR_SHORT_READ (SQLITE_IOERR | (2<<8)) +#define SQLITE_IOERR_WRITE (SQLITE_IOERR | (3<<8)) +#define SQLITE_IOERR_FSYNC (SQLITE_IOERR | (4<<8)) +#define SQLITE_IOERR_DIR_FSYNC (SQLITE_IOERR | (5<<8)) +#define SQLITE_IOERR_TRUNCATE (SQLITE_IOERR | (6<<8)) +#define SQLITE_IOERR_FSTAT (SQLITE_IOERR | (7<<8)) +#define SQLITE_IOERR_UNLOCK (SQLITE_IOERR | (8<<8)) +#define SQLITE_IOERR_RDLOCK (SQLITE_IOERR | (9<<8)) +#define SQLITE_IOERR_DELETE (SQLITE_IOERR | (10<<8)) +#define SQLITE_IOERR_BLOCKED (SQLITE_IOERR | (11<<8)) +#define SQLITE_IOERR_NOMEM (SQLITE_IOERR | (12<<8)) +#define SQLITE_IOERR_ACCESS (SQLITE_IOERR | (13<<8)) +#define SQLITE_IOERR_CHECKRESERVEDLOCK (SQLITE_IOERR | (14<<8)) +#define SQLITE_IOERR_LOCK (SQLITE_IOERR | (15<<8)) +#define SQLITE_IOERR_CLOSE (SQLITE_IOERR | (16<<8)) +#define SQLITE_IOERR_DIR_CLOSE (SQLITE_IOERR | (17<<8)) +#define SQLITE_IOERR_SHMOPEN (SQLITE_IOERR | (18<<8)) +#define SQLITE_IOERR_SHMSIZE (SQLITE_IOERR | (19<<8)) +#define SQLITE_IOERR_SHMLOCK (SQLITE_IOERR | (20<<8)) +#define SQLITE_IOERR_SHMMAP (SQLITE_IOERR | (21<<8)) +#define SQLITE_IOERR_SEEK (SQLITE_IOERR | (22<<8)) +#define SQLITE_LOCKED_SHAREDCACHE (SQLITE_LOCKED | (1<<8)) +#define SQLITE_BUSY_RECOVERY (SQLITE_BUSY | (1<<8)) +#define SQLITE_CANTOPEN_NOTEMPDIR (SQLITE_CANTOPEN | (1<<8)) +#define SQLITE_CORRUPT_VTAB (SQLITE_CORRUPT | (1<<8)) +#define SQLITE_READONLY_RECOVERY (SQLITE_READONLY | (1<<8)) +#define SQLITE_READONLY_CANTLOCK (SQLITE_READONLY | (2<<8)) + +/* +** CAPI3REF: Flags For File Open Operations +** +** These bit values are intended for use in the +** 3rd parameter to the [sqlite3_open_v2()] interface and +** in the 4th parameter to the [sqlite3_vfs.xOpen] method. +*/ +#define SQLITE_OPEN_READONLY 0x00000001 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_READWRITE 0x00000002 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_CREATE 0x00000004 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_DELETEONCLOSE 0x00000008 /* VFS only */ +#define SQLITE_OPEN_EXCLUSIVE 0x00000010 /* VFS only */ +#define SQLITE_OPEN_AUTOPROXY 0x00000020 /* VFS only */ +#define SQLITE_OPEN_URI 0x00000040 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_MAIN_DB 0x00000100 /* VFS only */ +#define SQLITE_OPEN_TEMP_DB 0x00000200 /* VFS only */ +#define SQLITE_OPEN_TRANSIENT_DB 0x00000400 /* VFS only */ +#define SQLITE_OPEN_MAIN_JOURNAL 0x00000800 /* VFS only */ +#define SQLITE_OPEN_TEMP_JOURNAL 0x00001000 /* VFS only */ +#define SQLITE_OPEN_SUBJOURNAL 0x00002000 /* VFS only */ +#define SQLITE_OPEN_MASTER_JOURNAL 0x00004000 /* VFS only */ +#define SQLITE_OPEN_NOMUTEX 0x00008000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_FULLMUTEX 0x00010000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_SHAREDCACHE 0x00020000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_PRIVATECACHE 0x00040000 /* Ok for sqlite3_open_v2() */ +#define SQLITE_OPEN_WAL 0x00080000 /* VFS only */ + +/* Reserved: 0x00F00000 */ + +/* +** CAPI3REF: Device Characteristics +** +** The xDeviceCharacteristics method of the [sqlite3_io_methods] +** object returns an integer which is a vector of the these +** bit values expressing I/O characteristics of the mass storage +** device that holds the file that the [sqlite3_io_methods] +** refers to. +** +** The SQLITE_IOCAP_ATOMIC property means that all writes of +** any size are atomic. The SQLITE_IOCAP_ATOMICnnn values +** mean that writes of blocks that are nnn bytes in size and +** are aligned to an address which is an integer multiple of +** nnn are atomic. The SQLITE_IOCAP_SAFE_APPEND value means +** that when data is appended to a file, the data is appended +** first then the size of the file is extended, never the other +** way around. The SQLITE_IOCAP_SEQUENTIAL property means that +** information is written to disk in the same order as calls +** to xWrite(). +*/ +#define SQLITE_IOCAP_ATOMIC 0x00000001 +#define SQLITE_IOCAP_ATOMIC512 0x00000002 +#define SQLITE_IOCAP_ATOMIC1K 0x00000004 +#define SQLITE_IOCAP_ATOMIC2K 0x00000008 +#define SQLITE_IOCAP_ATOMIC4K 0x00000010 +#define SQLITE_IOCAP_ATOMIC8K 0x00000020 +#define SQLITE_IOCAP_ATOMIC16K 0x00000040 +#define SQLITE_IOCAP_ATOMIC32K 0x00000080 +#define SQLITE_IOCAP_ATOMIC64K 0x00000100 +#define SQLITE_IOCAP_SAFE_APPEND 0x00000200 +#define SQLITE_IOCAP_SEQUENTIAL 0x00000400 +#define SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN 0x00000800 + +/* +** CAPI3REF: File Locking Levels +** +** SQLite uses one of these integer values as the second +** argument to calls it makes to the xLock() and xUnlock() methods +** of an [sqlite3_io_methods] object. +*/ +#define SQLITE_LOCK_NONE 0 +#define SQLITE_LOCK_SHARED 1 +#define SQLITE_LOCK_RESERVED 2 +#define SQLITE_LOCK_PENDING 3 +#define SQLITE_LOCK_EXCLUSIVE 4 + +/* +** CAPI3REF: Synchronization Type Flags +** +** When SQLite invokes the xSync() method of an +** [sqlite3_io_methods] object it uses a combination of +** these integer values as the second argument. +** +** When the SQLITE_SYNC_DATAONLY flag is used, it means that the +** sync operation only needs to flush data to mass storage. Inode +** information need not be flushed. If the lower four bits of the flag +** equal SQLITE_SYNC_NORMAL, that means to use normal fsync() semantics. +** If the lower four bits equal SQLITE_SYNC_FULL, that means +** to use Mac OS X style fullsync instead of fsync(). +** +** Do not confuse the SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags +** with the [PRAGMA synchronous]=NORMAL and [PRAGMA synchronous]=FULL +** settings. The [synchronous pragma] determines when calls to the +** xSync VFS method occur and applies uniformly across all platforms. +** The SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags determine how +** energetic or rigorous or forceful the sync operations are and +** only make a difference on Mac OSX for the default SQLite code. +** (Third-party VFS implementations might also make the distinction +** between SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL, but among the +** operating systems natively supported by SQLite, only Mac OSX +** cares about the difference.) +*/ +#define SQLITE_SYNC_NORMAL 0x00002 +#define SQLITE_SYNC_FULL 0x00003 +#define SQLITE_SYNC_DATAONLY 0x00010 + +/* +** CAPI3REF: OS Interface Open File Handle +** +** An [sqlite3_file] object represents an open file in the +** [sqlite3_vfs | OS interface layer]. Individual OS interface +** implementations will +** want to subclass this object by appending additional fields +** for their own use. The pMethods entry is a pointer to an +** [sqlite3_io_methods] object that defines methods for performing +** I/O operations on the open file. +*/ +typedef struct sqlite3_file sqlite3_file; +struct sqlite3_file { + const struct sqlite3_io_methods *pMethods; /* Methods for an open file */ +}; + +/* +** CAPI3REF: OS Interface File Virtual Methods Object +** +** Every file opened by the [sqlite3_vfs.xOpen] method populates an +** [sqlite3_file] object (or, more commonly, a subclass of the +** [sqlite3_file] object) with a pointer to an instance of this object. +** This object defines the methods used to perform various operations +** against the open file represented by the [sqlite3_file] object. +** +** If the [sqlite3_vfs.xOpen] method sets the sqlite3_file.pMethods element +** to a non-NULL pointer, then the sqlite3_io_methods.xClose method +** may be invoked even if the [sqlite3_vfs.xOpen] reported that it failed. The +** only way to prevent a call to xClose following a failed [sqlite3_vfs.xOpen] +** is for the [sqlite3_vfs.xOpen] to set the sqlite3_file.pMethods element +** to NULL. +** +** The flags argument to xSync may be one of [SQLITE_SYNC_NORMAL] or +** [SQLITE_SYNC_FULL]. The first choice is the normal fsync(). +** The second choice is a Mac OS X style fullsync. The [SQLITE_SYNC_DATAONLY] +** flag may be ORed in to indicate that only the data of the file +** and not its inode needs to be synced. +** +** The integer values to xLock() and xUnlock() are one of +**
    +**
  • [SQLITE_LOCK_NONE], +**
  • [SQLITE_LOCK_SHARED], +**
  • [SQLITE_LOCK_RESERVED], +**
  • [SQLITE_LOCK_PENDING], or +**
  • [SQLITE_LOCK_EXCLUSIVE]. +**
+** xLock() increases the lock. xUnlock() decreases the lock. +** The xCheckReservedLock() method checks whether any database connection, +** either in this process or in some other process, is holding a RESERVED, +** PENDING, or EXCLUSIVE lock on the file. It returns true +** if such a lock exists and false otherwise. +** +** The xFileControl() method is a generic interface that allows custom +** VFS implementations to directly control an open file using the +** [sqlite3_file_control()] interface. The second "op" argument is an +** integer opcode. The third argument is a generic pointer intended to +** point to a structure that may contain arguments or space in which to +** write return values. Potential uses for xFileControl() might be +** functions to enable blocking locks with timeouts, to change the +** locking strategy (for example to use dot-file locks), to inquire +** about the status of a lock, or to break stale locks. The SQLite +** core reserves all opcodes less than 100 for its own use. +** A [SQLITE_FCNTL_LOCKSTATE | list of opcodes] less than 100 is available. +** Applications that define a custom xFileControl method should use opcodes +** greater than 100 to avoid conflicts. VFS implementations should +** return [SQLITE_NOTFOUND] for file control opcodes that they do not +** recognize. +** +** The xSectorSize() method returns the sector size of the +** device that underlies the file. The sector size is the +** minimum write that can be performed without disturbing +** other bytes in the file. The xDeviceCharacteristics() +** method returns a bit vector describing behaviors of the +** underlying device: +** +**
    +**
  • [SQLITE_IOCAP_ATOMIC] +**
  • [SQLITE_IOCAP_ATOMIC512] +**
  • [SQLITE_IOCAP_ATOMIC1K] +**
  • [SQLITE_IOCAP_ATOMIC2K] +**
  • [SQLITE_IOCAP_ATOMIC4K] +**
  • [SQLITE_IOCAP_ATOMIC8K] +**
  • [SQLITE_IOCAP_ATOMIC16K] +**
  • [SQLITE_IOCAP_ATOMIC32K] +**
  • [SQLITE_IOCAP_ATOMIC64K] +**
  • [SQLITE_IOCAP_SAFE_APPEND] +**
  • [SQLITE_IOCAP_SEQUENTIAL] +**
+** +** The SQLITE_IOCAP_ATOMIC property means that all writes of +** any size are atomic. The SQLITE_IOCAP_ATOMICnnn values +** mean that writes of blocks that are nnn bytes in size and +** are aligned to an address which is an integer multiple of +** nnn are atomic. The SQLITE_IOCAP_SAFE_APPEND value means +** that when data is appended to a file, the data is appended +** first then the size of the file is extended, never the other +** way around. The SQLITE_IOCAP_SEQUENTIAL property means that +** information is written to disk in the same order as calls +** to xWrite(). +** +** If xRead() returns SQLITE_IOERR_SHORT_READ it must also fill +** in the unread portions of the buffer with zeros. A VFS that +** fails to zero-fill short reads might seem to work. However, +** failure to zero-fill short reads will eventually lead to +** database corruption. +*/ +typedef struct sqlite3_io_methods sqlite3_io_methods; +struct sqlite3_io_methods { + int iVersion; + int (*xClose)(sqlite3_file*); + int (*xRead)(sqlite3_file*, void*, int iAmt, sqlite3_int64 iOfst); + int (*xWrite)(sqlite3_file*, const void*, int iAmt, sqlite3_int64 iOfst); + int (*xTruncate)(sqlite3_file*, sqlite3_int64 size); + int (*xSync)(sqlite3_file*, int flags); + int (*xFileSize)(sqlite3_file*, sqlite3_int64 *pSize); + int (*xLock)(sqlite3_file*, int); + int (*xUnlock)(sqlite3_file*, int); + int (*xCheckReservedLock)(sqlite3_file*, int *pResOut); + int (*xFileControl)(sqlite3_file*, int op, void *pArg); + int (*xSectorSize)(sqlite3_file*); + int (*xDeviceCharacteristics)(sqlite3_file*); + /* Methods above are valid for version 1 */ + int (*xShmMap)(sqlite3_file*, int iPg, int pgsz, int, void volatile**); + int (*xShmLock)(sqlite3_file*, int offset, int n, int flags); + void (*xShmBarrier)(sqlite3_file*); + int (*xShmUnmap)(sqlite3_file*, int deleteFlag); + /* Methods above are valid for version 2 */ + /* Additional methods may be added in future releases */ +}; + +/* +** CAPI3REF: Standard File Control Opcodes +** +** These integer constants are opcodes for the xFileControl method +** of the [sqlite3_io_methods] object and for the [sqlite3_file_control()] +** interface. +** +** The [SQLITE_FCNTL_LOCKSTATE] opcode is used for debugging. This +** opcode causes the xFileControl method to write the current state of +** the lock (one of [SQLITE_LOCK_NONE], [SQLITE_LOCK_SHARED], +** [SQLITE_LOCK_RESERVED], [SQLITE_LOCK_PENDING], or [SQLITE_LOCK_EXCLUSIVE]) +** into an integer that the pArg argument points to. This capability +** is used during testing and only needs to be supported when SQLITE_TEST +** is defined. +** +** The [SQLITE_FCNTL_SIZE_HINT] opcode is used by SQLite to give the VFS +** layer a hint of how large the database file will grow to be during the +** current transaction. This hint is not guaranteed to be accurate but it +** is often close. The underlying VFS might choose to preallocate database +** file space based on this hint in order to help writes to the database +** file run faster. +** +** The [SQLITE_FCNTL_CHUNK_SIZE] opcode is used to request that the VFS +** extends and truncates the database file in chunks of a size specified +** by the user. The fourth argument to [sqlite3_file_control()] should +** point to an integer (type int) containing the new chunk-size to use +** for the nominated database. Allocating database file space in large +** chunks (say 1MB at a time), may reduce file-system fragmentation and +** improve performance on some systems. +** +** The [SQLITE_FCNTL_FILE_POINTER] opcode is used to obtain a pointer +** to the [sqlite3_file] object associated with a particular database +** connection. See the [sqlite3_file_control()] documentation for +** additional information. +** +** ^(The [SQLITE_FCNTL_SYNC_OMITTED] opcode is generated internally by +** SQLite and sent to all VFSes in place of a call to the xSync method +** when the database connection has [PRAGMA synchronous] set to OFF.)^ +** Some specialized VFSes need this signal in order to operate correctly +** when [PRAGMA synchronous | PRAGMA synchronous=OFF] is set, but most +** VFSes do not need this signal and should silently ignore this opcode. +** Applications should not call [sqlite3_file_control()] with this +** opcode as doing so may disrupt the operation of the specialized VFSes +** that do require it. +** +** ^The [SQLITE_FCNTL_WIN32_AV_RETRY] opcode is used to configure automatic +** retry counts and intervals for certain disk I/O operations for the +** windows [VFS] in order to work to provide robustness against +** anti-virus programs. By default, the windows VFS will retry file read, +** file write, and file delete opertions up to 10 times, with a delay +** of 25 milliseconds before the first retry and with the delay increasing +** by an additional 25 milliseconds with each subsequent retry. This +** opcode allows those to values (10 retries and 25 milliseconds of delay) +** to be adjusted. The values are changed for all database connections +** within the same process. The argument is a pointer to an array of two +** integers where the first integer i the new retry count and the second +** integer is the delay. If either integer is negative, then the setting +** is not changed but instead the prior value of that setting is written +** into the array entry, allowing the current retry settings to be +** interrogated. The zDbName parameter is ignored. +** +** ^The [SQLITE_FCNTL_PERSIST_WAL] opcode is used to set or query the +** persistent [WAL | Write AHead Log] setting. By default, the auxiliary +** write ahead log and shared memory files used for transaction control +** are automatically deleted when the latest connection to the database +** closes. Setting persistent WAL mode causes those files to persist after +** close. Persisting the files is useful when other processes that do not +** have write permission on the directory containing the database file want +** to read the database file, as the WAL and shared memory files must exist +** in order for the database to be readable. The fourth parameter to +** [sqlite3_file_control()] for this opcode should be a pointer to an integer. +** That integer is 0 to disable persistent WAL mode or 1 to enable persistent +** WAL mode. If the integer is -1, then it is overwritten with the current +** WAL persistence setting. +** +*/ +#define SQLITE_FCNTL_LOCKSTATE 1 +#define SQLITE_GET_LOCKPROXYFILE 2 +#define SQLITE_SET_LOCKPROXYFILE 3 +#define SQLITE_LAST_ERRNO 4 +#define SQLITE_FCNTL_SIZE_HINT 5 +#define SQLITE_FCNTL_CHUNK_SIZE 6 +#define SQLITE_FCNTL_FILE_POINTER 7 +#define SQLITE_FCNTL_SYNC_OMITTED 8 +#define SQLITE_FCNTL_WIN32_AV_RETRY 9 +#define SQLITE_FCNTL_PERSIST_WAL 10 + +/* +** CAPI3REF: Mutex Handle +** +** The mutex module within SQLite defines [sqlite3_mutex] to be an +** abstract type for a mutex object. The SQLite core never looks +** at the internal representation of an [sqlite3_mutex]. It only +** deals with pointers to the [sqlite3_mutex] object. +** +** Mutexes are created using [sqlite3_mutex_alloc()]. +*/ +typedef struct sqlite3_mutex sqlite3_mutex; + +/* +** CAPI3REF: OS Interface Object +** +** An instance of the sqlite3_vfs object defines the interface between +** the SQLite core and the underlying operating system. The "vfs" +** in the name of the object stands for "virtual file system". See +** the [VFS | VFS documentation] for further information. +** +** The value of the iVersion field is initially 1 but may be larger in +** future versions of SQLite. Additional fields may be appended to this +** object when the iVersion value is increased. Note that the structure +** of the sqlite3_vfs object changes in the transaction between +** SQLite version 3.5.9 and 3.6.0 and yet the iVersion field was not +** modified. +** +** The szOsFile field is the size of the subclassed [sqlite3_file] +** structure used by this VFS. mxPathname is the maximum length of +** a pathname in this VFS. +** +** Registered sqlite3_vfs objects are kept on a linked list formed by +** the pNext pointer. The [sqlite3_vfs_register()] +** and [sqlite3_vfs_unregister()] interfaces manage this list +** in a thread-safe way. The [sqlite3_vfs_find()] interface +** searches the list. Neither the application code nor the VFS +** implementation should use the pNext pointer. +** +** The pNext field is the only field in the sqlite3_vfs +** structure that SQLite will ever modify. SQLite will only access +** or modify this field while holding a particular static mutex. +** The application should never modify anything within the sqlite3_vfs +** object once the object has been registered. +** +** The zName field holds the name of the VFS module. The name must +** be unique across all VFS modules. +** +** [[sqlite3_vfs.xOpen]] +** ^SQLite guarantees that the zFilename parameter to xOpen +** is either a NULL pointer or string obtained +** from xFullPathname() with an optional suffix added. +** ^If a suffix is added to the zFilename parameter, it will +** consist of a single "-" character followed by no more than +** 10 alphanumeric and/or "-" characters. +** ^SQLite further guarantees that +** the string will be valid and unchanged until xClose() is +** called. Because of the previous sentence, +** the [sqlite3_file] can safely store a pointer to the +** filename if it needs to remember the filename for some reason. +** If the zFilename parameter to xOpen is a NULL pointer then xOpen +** must invent its own temporary name for the file. ^Whenever the +** xFilename parameter is NULL it will also be the case that the +** flags parameter will include [SQLITE_OPEN_DELETEONCLOSE]. +** +** The flags argument to xOpen() includes all bits set in +** the flags argument to [sqlite3_open_v2()]. Or if [sqlite3_open()] +** or [sqlite3_open16()] is used, then flags includes at least +** [SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]. +** If xOpen() opens a file read-only then it sets *pOutFlags to +** include [SQLITE_OPEN_READONLY]. Other bits in *pOutFlags may be set. +** +** ^(SQLite will also add one of the following flags to the xOpen() +** call, depending on the object being opened: +** +**
    +**
  • [SQLITE_OPEN_MAIN_DB] +**
  • [SQLITE_OPEN_MAIN_JOURNAL] +**
  • [SQLITE_OPEN_TEMP_DB] +**
  • [SQLITE_OPEN_TEMP_JOURNAL] +**
  • [SQLITE_OPEN_TRANSIENT_DB] +**
  • [SQLITE_OPEN_SUBJOURNAL] +**
  • [SQLITE_OPEN_MASTER_JOURNAL] +**
  • [SQLITE_OPEN_WAL] +**
)^ +** +** The file I/O implementation can use the object type flags to +** change the way it deals with files. For example, an application +** that does not care about crash recovery or rollback might make +** the open of a journal file a no-op. Writes to this journal would +** also be no-ops, and any attempt to read the journal would return +** SQLITE_IOERR. Or the implementation might recognize that a database +** file will be doing page-aligned sector reads and writes in a random +** order and set up its I/O subsystem accordingly. +** +** SQLite might also add one of the following flags to the xOpen method: +** +**
    +**
  • [SQLITE_OPEN_DELETEONCLOSE] +**
  • [SQLITE_OPEN_EXCLUSIVE] +**
+** +** The [SQLITE_OPEN_DELETEONCLOSE] flag means the file should be +** deleted when it is closed. ^The [SQLITE_OPEN_DELETEONCLOSE] +** will be set for TEMP databases and their journals, transient +** databases, and subjournals. +** +** ^The [SQLITE_OPEN_EXCLUSIVE] flag is always used in conjunction +** with the [SQLITE_OPEN_CREATE] flag, which are both directly +** analogous to the O_EXCL and O_CREAT flags of the POSIX open() +** API. The SQLITE_OPEN_EXCLUSIVE flag, when paired with the +** SQLITE_OPEN_CREATE, is used to indicate that file should always +** be created, and that it is an error if it already exists. +** It is not used to indicate the file should be opened +** for exclusive access. +** +** ^At least szOsFile bytes of memory are allocated by SQLite +** to hold the [sqlite3_file] structure passed as the third +** argument to xOpen. The xOpen method does not have to +** allocate the structure; it should just fill it in. Note that +** the xOpen method must set the sqlite3_file.pMethods to either +** a valid [sqlite3_io_methods] object or to NULL. xOpen must do +** this even if the open fails. SQLite expects that the sqlite3_file.pMethods +** element will be valid after xOpen returns regardless of the success +** or failure of the xOpen call. +** +** [[sqlite3_vfs.xAccess]] +** ^The flags argument to xAccess() may be [SQLITE_ACCESS_EXISTS] +** to test for the existence of a file, or [SQLITE_ACCESS_READWRITE] to +** test whether a file is readable and writable, or [SQLITE_ACCESS_READ] +** to test whether a file is at least readable. The file can be a +** directory. +** +** ^SQLite will always allocate at least mxPathname+1 bytes for the +** output buffer xFullPathname. The exact size of the output buffer +** is also passed as a parameter to both methods. If the output buffer +** is not large enough, [SQLITE_CANTOPEN] should be returned. Since this is +** handled as a fatal error by SQLite, vfs implementations should endeavor +** to prevent this by setting mxPathname to a sufficiently large value. +** +** The xRandomness(), xSleep(), xCurrentTime(), and xCurrentTimeInt64() +** interfaces are not strictly a part of the filesystem, but they are +** included in the VFS structure for completeness. +** The xRandomness() function attempts to return nBytes bytes +** of good-quality randomness into zOut. The return value is +** the actual number of bytes of randomness obtained. +** The xSleep() method causes the calling thread to sleep for at +** least the number of microseconds given. ^The xCurrentTime() +** method returns a Julian Day Number for the current date and time as +** a floating point value. +** ^The xCurrentTimeInt64() method returns, as an integer, the Julian +** Day Number multiplied by 86400000 (the number of milliseconds in +** a 24-hour day). +** ^SQLite will use the xCurrentTimeInt64() method to get the current +** date and time if that method is available (if iVersion is 2 or +** greater and the function pointer is not NULL) and will fall back +** to xCurrentTime() if xCurrentTimeInt64() is unavailable. +** +** ^The xSetSystemCall(), xGetSystemCall(), and xNestSystemCall() interfaces +** are not used by the SQLite core. These optional interfaces are provided +** by some VFSes to facilitate testing of the VFS code. By overriding +** system calls with functions under its control, a test program can +** simulate faults and error conditions that would otherwise be difficult +** or impossible to induce. The set of system calls that can be overridden +** varies from one VFS to another, and from one version of the same VFS to the +** next. Applications that use these interfaces must be prepared for any +** or all of these interfaces to be NULL or for their behavior to change +** from one release to the next. Applications must not attempt to access +** any of these methods if the iVersion of the VFS is less than 3. +*/ +typedef struct sqlite3_vfs sqlite3_vfs; +typedef void (*sqlite3_syscall_ptr)(void); +struct sqlite3_vfs { + int iVersion; /* Structure version number (currently 3) */ + int szOsFile; /* Size of subclassed sqlite3_file */ + int mxPathname; /* Maximum file pathname length */ + sqlite3_vfs *pNext; /* Next registered VFS */ + const char *zName; /* Name of this virtual file system */ + void *pAppData; /* Pointer to application-specific data */ + int (*xOpen)(sqlite3_vfs*, const char *zName, sqlite3_file*, + int flags, int *pOutFlags); + int (*xDelete)(sqlite3_vfs*, const char *zName, int syncDir); + int (*xAccess)(sqlite3_vfs*, const char *zName, int flags, int *pResOut); + int (*xFullPathname)(sqlite3_vfs*, const char *zName, int nOut, char *zOut); + void *(*xDlOpen)(sqlite3_vfs*, const char *zFilename); + void (*xDlError)(sqlite3_vfs*, int nByte, char *zErrMsg); + void (*(*xDlSym)(sqlite3_vfs*,void*, const char *zSymbol))(void); + void (*xDlClose)(sqlite3_vfs*, void*); + int (*xRandomness)(sqlite3_vfs*, int nByte, char *zOut); + int (*xSleep)(sqlite3_vfs*, int microseconds); + int (*xCurrentTime)(sqlite3_vfs*, double*); + int (*xGetLastError)(sqlite3_vfs*, int, char *); + /* + ** The methods above are in version 1 of the sqlite_vfs object + ** definition. Those that follow are added in version 2 or later + */ + int (*xCurrentTimeInt64)(sqlite3_vfs*, sqlite3_int64*); + /* + ** The methods above are in versions 1 and 2 of the sqlite_vfs object. + ** Those below are for version 3 and greater. + */ + int (*xSetSystemCall)(sqlite3_vfs*, const char *zName, sqlite3_syscall_ptr); + sqlite3_syscall_ptr (*xGetSystemCall)(sqlite3_vfs*, const char *zName); + const char *(*xNextSystemCall)(sqlite3_vfs*, const char *zName); + /* + ** The methods above are in versions 1 through 3 of the sqlite_vfs object. + ** New fields may be appended in figure versions. The iVersion + ** value will increment whenever this happens. + */ +}; + +/* +** CAPI3REF: Flags for the xAccess VFS method +** +** These integer constants can be used as the third parameter to +** the xAccess method of an [sqlite3_vfs] object. They determine +** what kind of permissions the xAccess method is looking for. +** With SQLITE_ACCESS_EXISTS, the xAccess method +** simply checks whether the file exists. +** With SQLITE_ACCESS_READWRITE, the xAccess method +** checks whether the named directory is both readable and writable +** (in other words, if files can be added, removed, and renamed within +** the directory). +** The SQLITE_ACCESS_READWRITE constant is currently used only by the +** [temp_store_directory pragma], though this could change in a future +** release of SQLite. +** With SQLITE_ACCESS_READ, the xAccess method +** checks whether the file is readable. The SQLITE_ACCESS_READ constant is +** currently unused, though it might be used in a future release of +** SQLite. +*/ +#define SQLITE_ACCESS_EXISTS 0 +#define SQLITE_ACCESS_READWRITE 1 /* Used by PRAGMA temp_store_directory */ +#define SQLITE_ACCESS_READ 2 /* Unused */ + +/* +** CAPI3REF: Flags for the xShmLock VFS method +** +** These integer constants define the various locking operations +** allowed by the xShmLock method of [sqlite3_io_methods]. The +** following are the only legal combinations of flags to the +** xShmLock method: +** +**
    +**
  • SQLITE_SHM_LOCK | SQLITE_SHM_SHARED +**
  • SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE +**
  • SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED +**
  • SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE +**
+** +** When unlocking, the same SHARED or EXCLUSIVE flag must be supplied as +** was given no the corresponding lock. +** +** The xShmLock method can transition between unlocked and SHARED or +** between unlocked and EXCLUSIVE. It cannot transition between SHARED +** and EXCLUSIVE. +*/ +#define SQLITE_SHM_UNLOCK 1 +#define SQLITE_SHM_LOCK 2 +#define SQLITE_SHM_SHARED 4 +#define SQLITE_SHM_EXCLUSIVE 8 + +/* +** CAPI3REF: Maximum xShmLock index +** +** The xShmLock method on [sqlite3_io_methods] may use values +** between 0 and this upper bound as its "offset" argument. +** The SQLite core will never attempt to acquire or release a +** lock outside of this range +*/ +#define SQLITE_SHM_NLOCK 8 + + +/* +** CAPI3REF: Initialize The SQLite Library +** +** ^The sqlite3_initialize() routine initializes the +** SQLite library. ^The sqlite3_shutdown() routine +** deallocates any resources that were allocated by sqlite3_initialize(). +** These routines are designed to aid in process initialization and +** shutdown on embedded systems. Workstation applications using +** SQLite normally do not need to invoke either of these routines. +** +** A call to sqlite3_initialize() is an "effective" call if it is +** the first time sqlite3_initialize() is invoked during the lifetime of +** the process, or if it is the first time sqlite3_initialize() is invoked +** following a call to sqlite3_shutdown(). ^(Only an effective call +** of sqlite3_initialize() does any initialization. All other calls +** are harmless no-ops.)^ +** +** A call to sqlite3_shutdown() is an "effective" call if it is the first +** call to sqlite3_shutdown() since the last sqlite3_initialize(). ^(Only +** an effective call to sqlite3_shutdown() does any deinitialization. +** All other valid calls to sqlite3_shutdown() are harmless no-ops.)^ +** +** The sqlite3_initialize() interface is threadsafe, but sqlite3_shutdown() +** is not. The sqlite3_shutdown() interface must only be called from a +** single thread. All open [database connections] must be closed and all +** other SQLite resources must be deallocated prior to invoking +** sqlite3_shutdown(). +** +** Among other things, ^sqlite3_initialize() will invoke +** sqlite3_os_init(). Similarly, ^sqlite3_shutdown() +** will invoke sqlite3_os_end(). +** +** ^The sqlite3_initialize() routine returns [SQLITE_OK] on success. +** ^If for some reason, sqlite3_initialize() is unable to initialize +** the library (perhaps it is unable to allocate a needed resource such +** as a mutex) it returns an [error code] other than [SQLITE_OK]. +** +** ^The sqlite3_initialize() routine is called internally by many other +** SQLite interfaces so that an application usually does not need to +** invoke sqlite3_initialize() directly. For example, [sqlite3_open()] +** calls sqlite3_initialize() so the SQLite library will be automatically +** initialized when [sqlite3_open()] is called if it has not be initialized +** already. ^However, if SQLite is compiled with the [SQLITE_OMIT_AUTOINIT] +** compile-time option, then the automatic calls to sqlite3_initialize() +** are omitted and the application must call sqlite3_initialize() directly +** prior to using any other SQLite interface. For maximum portability, +** it is recommended that applications always invoke sqlite3_initialize() +** directly prior to using any other SQLite interface. Future releases +** of SQLite may require this. In other words, the behavior exhibited +** when SQLite is compiled with [SQLITE_OMIT_AUTOINIT] might become the +** default behavior in some future release of SQLite. +** +** The sqlite3_os_init() routine does operating-system specific +** initialization of the SQLite library. The sqlite3_os_end() +** routine undoes the effect of sqlite3_os_init(). Typical tasks +** performed by these routines include allocation or deallocation +** of static resources, initialization of global variables, +** setting up a default [sqlite3_vfs] module, or setting up +** a default configuration using [sqlite3_config()]. +** +** The application should never invoke either sqlite3_os_init() +** or sqlite3_os_end() directly. The application should only invoke +** sqlite3_initialize() and sqlite3_shutdown(). The sqlite3_os_init() +** interface is called automatically by sqlite3_initialize() and +** sqlite3_os_end() is called by sqlite3_shutdown(). Appropriate +** implementations for sqlite3_os_init() and sqlite3_os_end() +** are built into SQLite when it is compiled for Unix, Windows, or OS/2. +** When [custom builds | built for other platforms] +** (using the [SQLITE_OS_OTHER=1] compile-time +** option) the application must supply a suitable implementation for +** sqlite3_os_init() and sqlite3_os_end(). An application-supplied +** implementation of sqlite3_os_init() or sqlite3_os_end() +** must return [SQLITE_OK] on success and some other [error code] upon +** failure. +*/ +SQLITE_API int sqlite3_initialize(void); +SQLITE_API int sqlite3_shutdown(void); +SQLITE_API int sqlite3_os_init(void); +SQLITE_API int sqlite3_os_end(void); + +/* +** CAPI3REF: Configuring The SQLite Library +** +** The sqlite3_config() interface is used to make global configuration +** changes to SQLite in order to tune SQLite to the specific needs of +** the application. The default configuration is recommended for most +** applications and so this routine is usually not necessary. It is +** provided to support rare applications with unusual needs. +** +** The sqlite3_config() interface is not threadsafe. The application +** must insure that no other SQLite interfaces are invoked by other +** threads while sqlite3_config() is running. Furthermore, sqlite3_config() +** may only be invoked prior to library initialization using +** [sqlite3_initialize()] or after shutdown by [sqlite3_shutdown()]. +** ^If sqlite3_config() is called after [sqlite3_initialize()] and before +** [sqlite3_shutdown()] then it will return SQLITE_MISUSE. +** Note, however, that ^sqlite3_config() can be called as part of the +** implementation of an application-defined [sqlite3_os_init()]. +** +** The first argument to sqlite3_config() is an integer +** [configuration option] that determines +** what property of SQLite is to be configured. Subsequent arguments +** vary depending on the [configuration option] +** in the first argument. +** +** ^When a configuration option is set, sqlite3_config() returns [SQLITE_OK]. +** ^If the option is unknown or SQLite is unable to set the option +** then this routine returns a non-zero [error code]. +*/ +SQLITE_API int sqlite3_config(int, ...); + +/* +** CAPI3REF: Configure database connections +** +** The sqlite3_db_config() interface is used to make configuration +** changes to a [database connection]. The interface is similar to +** [sqlite3_config()] except that the changes apply to a single +** [database connection] (specified in the first argument). +** +** The second argument to sqlite3_db_config(D,V,...) is the +** [SQLITE_DBCONFIG_LOOKASIDE | configuration verb] - an integer code +** that indicates what aspect of the [database connection] is being configured. +** Subsequent arguments vary depending on the configuration verb. +** +** ^Calls to sqlite3_db_config() return SQLITE_OK if and only if +** the call is considered successful. +*/ +SQLITE_API int sqlite3_db_config(sqlite3*, int op, ...); + +/* +** CAPI3REF: Memory Allocation Routines +** +** An instance of this object defines the interface between SQLite +** and low-level memory allocation routines. +** +** This object is used in only one place in the SQLite interface. +** A pointer to an instance of this object is the argument to +** [sqlite3_config()] when the configuration option is +** [SQLITE_CONFIG_MALLOC] or [SQLITE_CONFIG_GETMALLOC]. +** By creating an instance of this object +** and passing it to [sqlite3_config]([SQLITE_CONFIG_MALLOC]) +** during configuration, an application can specify an alternative +** memory allocation subsystem for SQLite to use for all of its +** dynamic memory needs. +** +** Note that SQLite comes with several [built-in memory allocators] +** that are perfectly adequate for the overwhelming majority of applications +** and that this object is only useful to a tiny minority of applications +** with specialized memory allocation requirements. This object is +** also used during testing of SQLite in order to specify an alternative +** memory allocator that simulates memory out-of-memory conditions in +** order to verify that SQLite recovers gracefully from such +** conditions. +** +** The xMalloc, xRealloc, and xFree methods must work like the +** malloc(), realloc() and free() functions from the standard C library. +** ^SQLite guarantees that the second argument to +** xRealloc is always a value returned by a prior call to xRoundup. +** +** xSize should return the allocated size of a memory allocation +** previously obtained from xMalloc or xRealloc. The allocated size +** is always at least as big as the requested size but may be larger. +** +** The xRoundup method returns what would be the allocated size of +** a memory allocation given a particular requested size. Most memory +** allocators round up memory allocations at least to the next multiple +** of 8. Some allocators round up to a larger multiple or to a power of 2. +** Every memory allocation request coming in through [sqlite3_malloc()] +** or [sqlite3_realloc()] first calls xRoundup. If xRoundup returns 0, +** that causes the corresponding memory allocation to fail. +** +** The xInit method initializes the memory allocator. (For example, +** it might allocate any require mutexes or initialize internal data +** structures. The xShutdown method is invoked (indirectly) by +** [sqlite3_shutdown()] and should deallocate any resources acquired +** by xInit. The pAppData pointer is used as the only parameter to +** xInit and xShutdown. +** +** SQLite holds the [SQLITE_MUTEX_STATIC_MASTER] mutex when it invokes +** the xInit method, so the xInit method need not be threadsafe. The +** xShutdown method is only called from [sqlite3_shutdown()] so it does +** not need to be threadsafe either. For all other methods, SQLite +** holds the [SQLITE_MUTEX_STATIC_MEM] mutex as long as the +** [SQLITE_CONFIG_MEMSTATUS] configuration option is turned on (which +** it is by default) and so the methods are automatically serialized. +** However, if [SQLITE_CONFIG_MEMSTATUS] is disabled, then the other +** methods must be threadsafe or else make their own arrangements for +** serialization. +** +** SQLite will never invoke xInit() more than once without an intervening +** call to xShutdown(). +*/ +typedef struct sqlite3_mem_methods sqlite3_mem_methods; +struct sqlite3_mem_methods { + void *(*xMalloc)(int); /* Memory allocation function */ + void (*xFree)(void*); /* Free a prior allocation */ + void *(*xRealloc)(void*,int); /* Resize an allocation */ + int (*xSize)(void*); /* Return the size of an allocation */ + int (*xRoundup)(int); /* Round up request size to allocation size */ + int (*xInit)(void*); /* Initialize the memory allocator */ + void (*xShutdown)(void*); /* Deinitialize the memory allocator */ + void *pAppData; /* Argument to xInit() and xShutdown() */ +}; + +/* +** CAPI3REF: Configuration Options +** KEYWORDS: {configuration option} +** +** These constants are the available integer configuration options that +** can be passed as the first argument to the [sqlite3_config()] interface. +** +** New configuration options may be added in future releases of SQLite. +** Existing configuration options might be discontinued. Applications +** should check the return code from [sqlite3_config()] to make sure that +** the call worked. The [sqlite3_config()] interface will return a +** non-zero [error code] if a discontinued or unsupported configuration option +** is invoked. +** +**
+** [[SQLITE_CONFIG_SINGLETHREAD]]
SQLITE_CONFIG_SINGLETHREAD
+**
There are no arguments to this option. ^This option sets the +** [threading mode] to Single-thread. In other words, it disables +** all mutexing and puts SQLite into a mode where it can only be used +** by a single thread. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** it is not possible to change the [threading mode] from its default +** value of Single-thread and so [sqlite3_config()] will return +** [SQLITE_ERROR] if called with the SQLITE_CONFIG_SINGLETHREAD +** configuration option.
+** +** [[SQLITE_CONFIG_MULTITHREAD]]
SQLITE_CONFIG_MULTITHREAD
+**
There are no arguments to this option. ^This option sets the +** [threading mode] to Multi-thread. In other words, it disables +** mutexing on [database connection] and [prepared statement] objects. +** The application is responsible for serializing access to +** [database connections] and [prepared statements]. But other mutexes +** are enabled so that SQLite will be safe to use in a multi-threaded +** environment as long as no two threads attempt to use the same +** [database connection] at the same time. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** it is not possible to set the Multi-thread [threading mode] and +** [sqlite3_config()] will return [SQLITE_ERROR] if called with the +** SQLITE_CONFIG_MULTITHREAD configuration option.
+** +** [[SQLITE_CONFIG_SERIALIZED]]
SQLITE_CONFIG_SERIALIZED
+**
There are no arguments to this option. ^This option sets the +** [threading mode] to Serialized. In other words, this option enables +** all mutexes including the recursive +** mutexes on [database connection] and [prepared statement] objects. +** In this mode (which is the default when SQLite is compiled with +** [SQLITE_THREADSAFE=1]) the SQLite library will itself serialize access +** to [database connections] and [prepared statements] so that the +** application is free to use the same [database connection] or the +** same [prepared statement] in different threads at the same time. +** ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** it is not possible to set the Serialized [threading mode] and +** [sqlite3_config()] will return [SQLITE_ERROR] if called with the +** SQLITE_CONFIG_SERIALIZED configuration option.
+** +** [[SQLITE_CONFIG_MALLOC]]
SQLITE_CONFIG_MALLOC
+**
^(This option takes a single argument which is a pointer to an +** instance of the [sqlite3_mem_methods] structure. The argument specifies +** alternative low-level memory allocation routines to be used in place of +** the memory allocation routines built into SQLite.)^ ^SQLite makes +** its own private copy of the content of the [sqlite3_mem_methods] structure +** before the [sqlite3_config()] call returns.
+** +** [[SQLITE_CONFIG_GETMALLOC]]
SQLITE_CONFIG_GETMALLOC
+**
^(This option takes a single argument which is a pointer to an +** instance of the [sqlite3_mem_methods] structure. The [sqlite3_mem_methods] +** structure is filled with the currently defined memory allocation routines.)^ +** This option can be used to overload the default memory allocation +** routines with a wrapper that simulations memory allocation failure or +** tracks memory usage, for example.
+** +** [[SQLITE_CONFIG_MEMSTATUS]]
SQLITE_CONFIG_MEMSTATUS
+**
^This option takes single argument of type int, interpreted as a +** boolean, which enables or disables the collection of memory allocation +** statistics. ^(When memory allocation statistics are disabled, the +** following SQLite interfaces become non-operational: +**
    +**
  • [sqlite3_memory_used()] +**
  • [sqlite3_memory_highwater()] +**
  • [sqlite3_soft_heap_limit64()] +**
  • [sqlite3_status()] +**
)^ +** ^Memory allocation statistics are enabled by default unless SQLite is +** compiled with [SQLITE_DEFAULT_MEMSTATUS]=0 in which case memory +** allocation statistics are disabled by default. +**
+** +** [[SQLITE_CONFIG_SCRATCH]]
SQLITE_CONFIG_SCRATCH
+**
^This option specifies a static memory buffer that SQLite can use for +** scratch memory. There are three arguments: A pointer an 8-byte +** aligned memory buffer from which the scratch allocations will be +** drawn, the size of each scratch allocation (sz), +** and the maximum number of scratch allocations (N). The sz +** argument must be a multiple of 16. +** The first argument must be a pointer to an 8-byte aligned buffer +** of at least sz*N bytes of memory. +** ^SQLite will use no more than two scratch buffers per thread. So +** N should be set to twice the expected maximum number of threads. +** ^SQLite will never require a scratch buffer that is more than 6 +** times the database page size. ^If SQLite needs needs additional +** scratch memory beyond what is provided by this configuration option, then +** [sqlite3_malloc()] will be used to obtain the memory needed.
+** +** [[SQLITE_CONFIG_PAGECACHE]]
SQLITE_CONFIG_PAGECACHE
+**
^This option specifies a static memory buffer that SQLite can use for +** the database page cache with the default page cache implementation. +** This configuration should not be used if an application-define page +** cache implementation is loaded using the SQLITE_CONFIG_PCACHE option. +** There are three arguments to this option: A pointer to 8-byte aligned +** memory, the size of each page buffer (sz), and the number of pages (N). +** The sz argument should be the size of the largest database page +** (a power of two between 512 and 32768) plus a little extra for each +** page header. ^The page header size is 20 to 40 bytes depending on +** the host architecture. ^It is harmless, apart from the wasted memory, +** to make sz a little too large. The first +** argument should point to an allocation of at least sz*N bytes of memory. +** ^SQLite will use the memory provided by the first argument to satisfy its +** memory needs for the first N pages that it adds to cache. ^If additional +** page cache memory is needed beyond what is provided by this option, then +** SQLite goes to [sqlite3_malloc()] for the additional storage space. +** The pointer in the first argument must +** be aligned to an 8-byte boundary or subsequent behavior of SQLite +** will be undefined.
+** +** [[SQLITE_CONFIG_HEAP]]
SQLITE_CONFIG_HEAP
+**
^This option specifies a static memory buffer that SQLite will use +** for all of its dynamic memory allocation needs beyond those provided +** for by [SQLITE_CONFIG_SCRATCH] and [SQLITE_CONFIG_PAGECACHE]. +** There are three arguments: An 8-byte aligned pointer to the memory, +** the number of bytes in the memory buffer, and the minimum allocation size. +** ^If the first pointer (the memory pointer) is NULL, then SQLite reverts +** to using its default memory allocator (the system malloc() implementation), +** undoing any prior invocation of [SQLITE_CONFIG_MALLOC]. ^If the +** memory pointer is not NULL and either [SQLITE_ENABLE_MEMSYS3] or +** [SQLITE_ENABLE_MEMSYS5] are defined, then the alternative memory +** allocator is engaged to handle all of SQLites memory allocation needs. +** The first pointer (the memory pointer) must be aligned to an 8-byte +** boundary or subsequent behavior of SQLite will be undefined. +** The minimum allocation size is capped at 2^12. Reasonable values +** for the minimum allocation size are 2^5 through 2^8.
+** +** [[SQLITE_CONFIG_MUTEX]]
SQLITE_CONFIG_MUTEX
+**
^(This option takes a single argument which is a pointer to an +** instance of the [sqlite3_mutex_methods] structure. The argument specifies +** alternative low-level mutex routines to be used in place +** the mutex routines built into SQLite.)^ ^SQLite makes a copy of the +** content of the [sqlite3_mutex_methods] structure before the call to +** [sqlite3_config()] returns. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** the entire mutexing subsystem is omitted from the build and hence calls to +** [sqlite3_config()] with the SQLITE_CONFIG_MUTEX configuration option will +** return [SQLITE_ERROR].
+** +** [[SQLITE_CONFIG_GETMUTEX]]
SQLITE_CONFIG_GETMUTEX
+**
^(This option takes a single argument which is a pointer to an +** instance of the [sqlite3_mutex_methods] structure. The +** [sqlite3_mutex_methods] +** structure is filled with the currently defined mutex routines.)^ +** This option can be used to overload the default mutex allocation +** routines with a wrapper used to track mutex usage for performance +** profiling or testing, for example. ^If SQLite is compiled with +** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then +** the entire mutexing subsystem is omitted from the build and hence calls to +** [sqlite3_config()] with the SQLITE_CONFIG_GETMUTEX configuration option will +** return [SQLITE_ERROR].
+** +** [[SQLITE_CONFIG_LOOKASIDE]]
SQLITE_CONFIG_LOOKASIDE
+**
^(This option takes two arguments that determine the default +** memory allocation for the lookaside memory allocator on each +** [database connection]. The first argument is the +** size of each lookaside buffer slot and the second is the number of +** slots allocated to each database connection.)^ ^(This option sets the +** default lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE] +** verb to [sqlite3_db_config()] can be used to change the lookaside +** configuration on individual connections.)^
+** +** [[SQLITE_CONFIG_PCACHE]]
SQLITE_CONFIG_PCACHE
+**
^(This option takes a single argument which is a pointer to +** an [sqlite3_pcache_methods] object. This object specifies the interface +** to a custom page cache implementation.)^ ^SQLite makes a copy of the +** object and uses it for page cache memory allocations.
+** +** [[SQLITE_CONFIG_GETPCACHE]]
SQLITE_CONFIG_GETPCACHE
+**
^(This option takes a single argument which is a pointer to an +** [sqlite3_pcache_methods] object. SQLite copies of the current +** page cache implementation into that object.)^
+** +** [[SQLITE_CONFIG_LOG]]
SQLITE_CONFIG_LOG
+**
^The SQLITE_CONFIG_LOG option takes two arguments: a pointer to a +** function with a call signature of void(*)(void*,int,const char*), +** and a pointer to void. ^If the function pointer is not NULL, it is +** invoked by [sqlite3_log()] to process each logging event. ^If the +** function pointer is NULL, the [sqlite3_log()] interface becomes a no-op. +** ^The void pointer that is the second argument to SQLITE_CONFIG_LOG is +** passed through as the first parameter to the application-defined logger +** function whenever that function is invoked. ^The second parameter to +** the logger function is a copy of the first parameter to the corresponding +** [sqlite3_log()] call and is intended to be a [result code] or an +** [extended result code]. ^The third parameter passed to the logger is +** log message after formatting via [sqlite3_snprintf()]. +** The SQLite logging interface is not reentrant; the logger function +** supplied by the application must not invoke any SQLite interface. +** In a multi-threaded application, the application-defined logger +** function must be threadsafe.
+** +** [[SQLITE_CONFIG_URI]]
SQLITE_CONFIG_URI +**
This option takes a single argument of type int. If non-zero, then +** URI handling is globally enabled. If the parameter is zero, then URI handling +** is globally disabled. If URI handling is globally enabled, all filenames +** passed to [sqlite3_open()], [sqlite3_open_v2()], [sqlite3_open16()] or +** specified as part of [ATTACH] commands are interpreted as URIs, regardless +** of whether or not the [SQLITE_OPEN_URI] flag is set when the database +** connection is opened. If it is globally disabled, filenames are +** only interpreted as URIs if the SQLITE_OPEN_URI flag is set when the +** database connection is opened. By default, URI handling is globally +** disabled. The default value may be changed by compiling with the +** [SQLITE_USE_URI] symbol defined. +**
+*/ +#define SQLITE_CONFIG_SINGLETHREAD 1 /* nil */ +#define SQLITE_CONFIG_MULTITHREAD 2 /* nil */ +#define SQLITE_CONFIG_SERIALIZED 3 /* nil */ +#define SQLITE_CONFIG_MALLOC 4 /* sqlite3_mem_methods* */ +#define SQLITE_CONFIG_GETMALLOC 5 /* sqlite3_mem_methods* */ +#define SQLITE_CONFIG_SCRATCH 6 /* void*, int sz, int N */ +#define SQLITE_CONFIG_PAGECACHE 7 /* void*, int sz, int N */ +#define SQLITE_CONFIG_HEAP 8 /* void*, int nByte, int min */ +#define SQLITE_CONFIG_MEMSTATUS 9 /* boolean */ +#define SQLITE_CONFIG_MUTEX 10 /* sqlite3_mutex_methods* */ +#define SQLITE_CONFIG_GETMUTEX 11 /* sqlite3_mutex_methods* */ +/* previously SQLITE_CONFIG_CHUNKALLOC 12 which is now unused. */ +#define SQLITE_CONFIG_LOOKASIDE 13 /* int int */ +#define SQLITE_CONFIG_PCACHE 14 /* sqlite3_pcache_methods* */ +#define SQLITE_CONFIG_GETPCACHE 15 /* sqlite3_pcache_methods* */ +#define SQLITE_CONFIG_LOG 16 /* xFunc, void* */ +#define SQLITE_CONFIG_URI 17 /* int */ + +/* +** CAPI3REF: Database Connection Configuration Options +** +** These constants are the available integer configuration options that +** can be passed as the second argument to the [sqlite3_db_config()] interface. +** +** New configuration options may be added in future releases of SQLite. +** Existing configuration options might be discontinued. Applications +** should check the return code from [sqlite3_db_config()] to make sure that +** the call worked. ^The [sqlite3_db_config()] interface will return a +** non-zero [error code] if a discontinued or unsupported configuration option +** is invoked. +** +**
+**
SQLITE_DBCONFIG_LOOKASIDE
+**
^This option takes three additional arguments that determine the +** [lookaside memory allocator] configuration for the [database connection]. +** ^The first argument (the third parameter to [sqlite3_db_config()] is a +** pointer to a memory buffer to use for lookaside memory. +** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb +** may be NULL in which case SQLite will allocate the +** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the +** size of each lookaside buffer slot. ^The third argument is the number of +** slots. The size of the buffer in the first argument must be greater than +** or equal to the product of the second and third arguments. The buffer +** must be aligned to an 8-byte boundary. ^If the second argument to +** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally +** rounded down to the next smaller multiple of 8. ^(The lookaside memory +** configuration for a database connection can only be changed when that +** connection is not currently using lookaside memory, or in other words +** when the "current value" returned by +** [sqlite3_db_status](D,[SQLITE_CONFIG_LOOKASIDE],...) is zero. +** Any attempt to change the lookaside memory configuration when lookaside +** memory is in use leaves the configuration unchanged and returns +** [SQLITE_BUSY].)^
+** +**
SQLITE_DBCONFIG_ENABLE_FKEY
+**
^This option is used to enable or disable the enforcement of +** [foreign key constraints]. There should be two additional arguments. +** The first argument is an integer which is 0 to disable FK enforcement, +** positive to enable FK enforcement or negative to leave FK enforcement +** unchanged. The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether FK enforcement is off or on +** following this call. The second parameter may be a NULL pointer, in +** which case the FK enforcement setting is not reported back.
+** +**
SQLITE_DBCONFIG_ENABLE_TRIGGER
+**
^This option is used to enable or disable [CREATE TRIGGER | triggers]. +** There should be two additional arguments. +** The first argument is an integer which is 0 to disable triggers, +** positive to enable triggers or negative to leave the setting unchanged. +** The second parameter is a pointer to an integer into which +** is written 0 or 1 to indicate whether triggers are disabled or enabled +** following this call. The second parameter may be a NULL pointer, in +** which case the trigger setting is not reported back.
+** +**
+*/ +#define SQLITE_DBCONFIG_LOOKASIDE 1001 /* void* int int */ +#define SQLITE_DBCONFIG_ENABLE_FKEY 1002 /* int int* */ +#define SQLITE_DBCONFIG_ENABLE_TRIGGER 1003 /* int int* */ + + +/* +** CAPI3REF: Enable Or Disable Extended Result Codes +** +** ^The sqlite3_extended_result_codes() routine enables or disables the +** [extended result codes] feature of SQLite. ^The extended result +** codes are disabled by default for historical compatibility. +*/ +SQLITE_API int sqlite3_extended_result_codes(sqlite3*, int onoff); + +/* +** CAPI3REF: Last Insert Rowid +** +** ^Each entry in an SQLite table has a unique 64-bit signed +** integer key called the [ROWID | "rowid"]. ^The rowid is always available +** as an undeclared column named ROWID, OID, or _ROWID_ as long as those +** names are not also used by explicitly declared columns. ^If +** the table has a column of type [INTEGER PRIMARY KEY] then that column +** is another alias for the rowid. +** +** ^This routine returns the [rowid] of the most recent +** successful [INSERT] into the database from the [database connection] +** in the first argument. ^As of SQLite version 3.7.7, this routines +** records the last insert rowid of both ordinary tables and [virtual tables]. +** ^If no successful [INSERT]s +** have ever occurred on that database connection, zero is returned. +** +** ^(If an [INSERT] occurs within a trigger or within a [virtual table] +** method, then this routine will return the [rowid] of the inserted +** row as long as the trigger or virtual table method is running. +** But once the trigger or virtual table method ends, the value returned +** by this routine reverts to what it was before the trigger or virtual +** table method began.)^ +** +** ^An [INSERT] that fails due to a constraint violation is not a +** successful [INSERT] and does not change the value returned by this +** routine. ^Thus INSERT OR FAIL, INSERT OR IGNORE, INSERT OR ROLLBACK, +** and INSERT OR ABORT make no changes to the return value of this +** routine when their insertion fails. ^(When INSERT OR REPLACE +** encounters a constraint violation, it does not fail. The +** INSERT continues to completion after deleting rows that caused +** the constraint problem so INSERT OR REPLACE will always change +** the return value of this interface.)^ +** +** ^For the purposes of this routine, an [INSERT] is considered to +** be successful even if it is subsequently rolled back. +** +** This function is accessible to SQL statements via the +** [last_insert_rowid() SQL function]. +** +** If a separate thread performs a new [INSERT] on the same +** database connection while the [sqlite3_last_insert_rowid()] +** function is running and thus changes the last insert [rowid], +** then the value returned by [sqlite3_last_insert_rowid()] is +** unpredictable and might not equal either the old or the new +** last insert [rowid]. +*/ +SQLITE_API sqlite3_int64 sqlite3_last_insert_rowid(sqlite3*); + +/* +** CAPI3REF: Count The Number Of Rows Modified +** +** ^This function returns the number of database rows that were changed +** or inserted or deleted by the most recently completed SQL statement +** on the [database connection] specified by the first parameter. +** ^(Only changes that are directly specified by the [INSERT], [UPDATE], +** or [DELETE] statement are counted. Auxiliary changes caused by +** triggers or [foreign key actions] are not counted.)^ Use the +** [sqlite3_total_changes()] function to find the total number of changes +** including changes caused by triggers and foreign key actions. +** +** ^Changes to a view that are simulated by an [INSTEAD OF trigger] +** are not counted. Only real table changes are counted. +** +** ^(A "row change" is a change to a single row of a single table +** caused by an INSERT, DELETE, or UPDATE statement. Rows that +** are changed as side effects of [REPLACE] constraint resolution, +** rollback, ABORT processing, [DROP TABLE], or by any other +** mechanisms do not count as direct row changes.)^ +** +** A "trigger context" is a scope of execution that begins and +** ends with the script of a [CREATE TRIGGER | trigger]. +** Most SQL statements are +** evaluated outside of any trigger. This is the "top level" +** trigger context. If a trigger fires from the top level, a +** new trigger context is entered for the duration of that one +** trigger. Subtriggers create subcontexts for their duration. +** +** ^Calling [sqlite3_exec()] or [sqlite3_step()] recursively does +** not create a new trigger context. +** +** ^This function returns the number of direct row changes in the +** most recent INSERT, UPDATE, or DELETE statement within the same +** trigger context. +** +** ^Thus, when called from the top level, this function returns the +** number of changes in the most recent INSERT, UPDATE, or DELETE +** that also occurred at the top level. ^(Within the body of a trigger, +** the sqlite3_changes() interface can be called to find the number of +** changes in the most recently completed INSERT, UPDATE, or DELETE +** statement within the body of the same trigger. +** However, the number returned does not include changes +** caused by subtriggers since those have their own context.)^ +** +** See also the [sqlite3_total_changes()] interface, the +** [count_changes pragma], and the [changes() SQL function]. +** +** If a separate thread makes changes on the same database connection +** while [sqlite3_changes()] is running then the value returned +** is unpredictable and not meaningful. +*/ +SQLITE_API int sqlite3_changes(sqlite3*); + +/* +** CAPI3REF: Total Number Of Rows Modified +** +** ^This function returns the number of row changes caused by [INSERT], +** [UPDATE] or [DELETE] statements since the [database connection] was opened. +** ^(The count returned by sqlite3_total_changes() includes all changes +** from all [CREATE TRIGGER | trigger] contexts and changes made by +** [foreign key actions]. However, +** the count does not include changes used to implement [REPLACE] constraints, +** do rollbacks or ABORT processing, or [DROP TABLE] processing. The +** count does not include rows of views that fire an [INSTEAD OF trigger], +** though if the INSTEAD OF trigger makes changes of its own, those changes +** are counted.)^ +** ^The sqlite3_total_changes() function counts the changes as soon as +** the statement that makes them is completed (when the statement handle +** is passed to [sqlite3_reset()] or [sqlite3_finalize()]). +** +** See also the [sqlite3_changes()] interface, the +** [count_changes pragma], and the [total_changes() SQL function]. +** +** If a separate thread makes changes on the same database connection +** while [sqlite3_total_changes()] is running then the value +** returned is unpredictable and not meaningful. +*/ +SQLITE_API int sqlite3_total_changes(sqlite3*); + +/* +** CAPI3REF: Interrupt A Long-Running Query +** +** ^This function causes any pending database operation to abort and +** return at its earliest opportunity. This routine is typically +** called in response to a user action such as pressing "Cancel" +** or Ctrl-C where the user wants a long query operation to halt +** immediately. +** +** ^It is safe to call this routine from a thread different from the +** thread that is currently running the database operation. But it +** is not safe to call this routine with a [database connection] that +** is closed or might close before sqlite3_interrupt() returns. +** +** ^If an SQL operation is very nearly finished at the time when +** sqlite3_interrupt() is called, then it might not have an opportunity +** to be interrupted and might continue to completion. +** +** ^An SQL operation that is interrupted will return [SQLITE_INTERRUPT]. +** ^If the interrupted SQL operation is an INSERT, UPDATE, or DELETE +** that is inside an explicit transaction, then the entire transaction +** will be rolled back automatically. +** +** ^The sqlite3_interrupt(D) call is in effect until all currently running +** SQL statements on [database connection] D complete. ^Any new SQL statements +** that are started after the sqlite3_interrupt() call and before the +** running statements reaches zero are interrupted as if they had been +** running prior to the sqlite3_interrupt() call. ^New SQL statements +** that are started after the running statement count reaches zero are +** not effected by the sqlite3_interrupt(). +** ^A call to sqlite3_interrupt(D) that occurs when there are no running +** SQL statements is a no-op and has no effect on SQL statements +** that are started after the sqlite3_interrupt() call returns. +** +** If the database connection closes while [sqlite3_interrupt()] +** is running then bad things will likely happen. +*/ +SQLITE_API void sqlite3_interrupt(sqlite3*); + +/* +** CAPI3REF: Determine If An SQL Statement Is Complete +** +** These routines are useful during command-line input to determine if the +** currently entered text seems to form a complete SQL statement or +** if additional input is needed before sending the text into +** SQLite for parsing. ^These routines return 1 if the input string +** appears to be a complete SQL statement. ^A statement is judged to be +** complete if it ends with a semicolon token and is not a prefix of a +** well-formed CREATE TRIGGER statement. ^Semicolons that are embedded within +** string literals or quoted identifier names or comments are not +** independent tokens (they are part of the token in which they are +** embedded) and thus do not count as a statement terminator. ^Whitespace +** and comments that follow the final semicolon are ignored. +** +** ^These routines return 0 if the statement is incomplete. ^If a +** memory allocation fails, then SQLITE_NOMEM is returned. +** +** ^These routines do not parse the SQL statements thus +** will not detect syntactically incorrect SQL. +** +** ^(If SQLite has not been initialized using [sqlite3_initialize()] prior +** to invoking sqlite3_complete16() then sqlite3_initialize() is invoked +** automatically by sqlite3_complete16(). If that initialization fails, +** then the return value from sqlite3_complete16() will be non-zero +** regardless of whether or not the input SQL is complete.)^ +** +** The input to [sqlite3_complete()] must be a zero-terminated +** UTF-8 string. +** +** The input to [sqlite3_complete16()] must be a zero-terminated +** UTF-16 string in native byte order. +*/ +SQLITE_API int sqlite3_complete(const char *sql); +SQLITE_API int sqlite3_complete16(const void *sql); + +/* +** CAPI3REF: Register A Callback To Handle SQLITE_BUSY Errors +** +** ^This routine sets a callback function that might be invoked whenever +** an attempt is made to open a database table that another thread +** or process has locked. +** +** ^If the busy callback is NULL, then [SQLITE_BUSY] or [SQLITE_IOERR_BLOCKED] +** is returned immediately upon encountering the lock. ^If the busy callback +** is not NULL, then the callback might be invoked with two arguments. +** +** ^The first argument to the busy handler is a copy of the void* pointer which +** is the third argument to sqlite3_busy_handler(). ^The second argument to +** the busy handler callback is the number of times that the busy handler has +** been invoked for this locking event. ^If the +** busy callback returns 0, then no additional attempts are made to +** access the database and [SQLITE_BUSY] or [SQLITE_IOERR_BLOCKED] is returned. +** ^If the callback returns non-zero, then another attempt +** is made to open the database for reading and the cycle repeats. +** +** The presence of a busy handler does not guarantee that it will be invoked +** when there is lock contention. ^If SQLite determines that invoking the busy +** handler could result in a deadlock, it will go ahead and return [SQLITE_BUSY] +** or [SQLITE_IOERR_BLOCKED] instead of invoking the busy handler. +** Consider a scenario where one process is holding a read lock that +** it is trying to promote to a reserved lock and +** a second process is holding a reserved lock that it is trying +** to promote to an exclusive lock. The first process cannot proceed +** because it is blocked by the second and the second process cannot +** proceed because it is blocked by the first. If both processes +** invoke the busy handlers, neither will make any progress. Therefore, +** SQLite returns [SQLITE_BUSY] for the first process, hoping that this +** will induce the first process to release its read lock and allow +** the second process to proceed. +** +** ^The default busy callback is NULL. +** +** ^The [SQLITE_BUSY] error is converted to [SQLITE_IOERR_BLOCKED] +** when SQLite is in the middle of a large transaction where all the +** changes will not fit into the in-memory cache. SQLite will +** already hold a RESERVED lock on the database file, but it needs +** to promote this lock to EXCLUSIVE so that it can spill cache +** pages into the database file without harm to concurrent +** readers. ^If it is unable to promote the lock, then the in-memory +** cache will be left in an inconsistent state and so the error +** code is promoted from the relatively benign [SQLITE_BUSY] to +** the more severe [SQLITE_IOERR_BLOCKED]. ^This error code promotion +** forces an automatic rollback of the changes. See the +** +** CorruptionFollowingBusyError wiki page for a discussion of why +** this is important. +** +** ^(There can only be a single busy handler defined for each +** [database connection]. Setting a new busy handler clears any +** previously set handler.)^ ^Note that calling [sqlite3_busy_timeout()] +** will also set or clear the busy handler. +** +** The busy callback should not take any actions which modify the +** database connection that invoked the busy handler. Any such actions +** result in undefined behavior. +** +** A busy handler must not close the database connection +** or [prepared statement] that invoked the busy handler. +*/ +SQLITE_API int sqlite3_busy_handler(sqlite3*, int(*)(void*,int), void*); + +/* +** CAPI3REF: Set A Busy Timeout +** +** ^This routine sets a [sqlite3_busy_handler | busy handler] that sleeps +** for a specified amount of time when a table is locked. ^The handler +** will sleep multiple times until at least "ms" milliseconds of sleeping +** have accumulated. ^After at least "ms" milliseconds of sleeping, +** the handler returns 0 which causes [sqlite3_step()] to return +** [SQLITE_BUSY] or [SQLITE_IOERR_BLOCKED]. +** +** ^Calling this routine with an argument less than or equal to zero +** turns off all busy handlers. +** +** ^(There can only be a single busy handler for a particular +** [database connection] any any given moment. If another busy handler +** was defined (using [sqlite3_busy_handler()]) prior to calling +** this routine, that other busy handler is cleared.)^ +*/ +SQLITE_API int sqlite3_busy_timeout(sqlite3*, int ms); + +/* +** CAPI3REF: Convenience Routines For Running Queries +** +** This is a legacy interface that is preserved for backwards compatibility. +** Use of this interface is not recommended. +** +** Definition: A result table is memory data structure created by the +** [sqlite3_get_table()] interface. A result table records the +** complete query results from one or more queries. +** +** The table conceptually has a number of rows and columns. But +** these numbers are not part of the result table itself. These +** numbers are obtained separately. Let N be the number of rows +** and M be the number of columns. +** +** A result table is an array of pointers to zero-terminated UTF-8 strings. +** There are (N+1)*M elements in the array. The first M pointers point +** to zero-terminated strings that contain the names of the columns. +** The remaining entries all point to query results. NULL values result +** in NULL pointers. All other values are in their UTF-8 zero-terminated +** string representation as returned by [sqlite3_column_text()]. +** +** A result table might consist of one or more memory allocations. +** It is not safe to pass a result table directly to [sqlite3_free()]. +** A result table should be deallocated using [sqlite3_free_table()]. +** +** ^(As an example of the result table format, suppose a query result +** is as follows: +** +** 
+**        Name        | Age
+**        -----------------------
+**        Alice       | 43
+**        Bob         | 28
+**        Cindy       | 21
+**
+** +** There are two column (M==2) and three rows (N==3). Thus the +** result table has 8 entries. Suppose the result table is stored +** in an array names azResult. Then azResult holds this content: +** +** 
+**        azResult[0] = "Name";
+**        azResult[1] = "Age";
+**        azResult[2] = "Alice";
+**        azResult[3] = "43";
+**        azResult[4] = "Bob";
+**        azResult[5] = "28";
+**        azResult[6] = "Cindy";
+**        azResult[7] = "21";
+**
)^ +** +** ^The sqlite3_get_table() function evaluates one or more +** semicolon-separated SQL statements in the zero-terminated UTF-8 +** string of its 2nd parameter and returns a result table to the +** pointer given in its 3rd parameter. +** +** After the application has finished with the result from sqlite3_get_table(), +** it must pass the result table pointer to sqlite3_free_table() in order to +** release the memory that was malloced. Because of the way the +** [sqlite3_malloc()] happens within sqlite3_get_table(), the calling +** function must not try to call [sqlite3_free()] directly. Only +** [sqlite3_free_table()] is able to release the memory properly and safely. +** +** The sqlite3_get_table() interface is implemented as a wrapper around +** [sqlite3_exec()]. The sqlite3_get_table() routine does not have access +** to any internal data structures of SQLite. It uses only the public +** interface defined here. As a consequence, errors that occur in the +** wrapper layer outside of the internal [sqlite3_exec()] call are not +** reflected in subsequent calls to [sqlite3_errcode()] or +** [sqlite3_errmsg()]. +*/ +SQLITE_API int sqlite3_get_table( + sqlite3 *db, /* An open database */ + const char *zSql, /* SQL to be evaluated */ + char ***pazResult, /* Results of the query */ + int *pnRow, /* Number of result rows written here */ + int *pnColumn, /* Number of result columns written here */ + char **pzErrmsg /* Error msg written here */ +); +SQLITE_API void sqlite3_free_table(char **result); + +/* +** CAPI3REF: Formatted String Printing Functions +** +** These routines are work-alikes of the "printf()" family of functions +** from the standard C library. +** +** ^The sqlite3_mprintf() and sqlite3_vmprintf() routines write their +** results into memory obtained from [sqlite3_malloc()]. +** The strings returned by these two routines should be +** released by [sqlite3_free()]. ^Both routines return a +** NULL pointer if [sqlite3_malloc()] is unable to allocate enough +** memory to hold the resulting string. +** +** ^(The sqlite3_snprintf() routine is similar to "snprintf()" from +** the standard C library. The result is written into the +** buffer supplied as the second parameter whose size is given by +** the first parameter. Note that the order of the +** first two parameters is reversed from snprintf().)^ This is an +** historical accident that cannot be fixed without breaking +** backwards compatibility. ^(Note also that sqlite3_snprintf() +** returns a pointer to its buffer instead of the number of +** characters actually written into the buffer.)^ We admit that +** the number of characters written would be a more useful return +** value but we cannot change the implementation of sqlite3_snprintf() +** now without breaking compatibility. +** +** ^As long as the buffer size is greater than zero, sqlite3_snprintf() +** guarantees that the buffer is always zero-terminated. ^The first +** parameter "n" is the total size of the buffer, including space for +** the zero terminator. So the longest string that can be completely +** written will be n-1 characters. +** +** ^The sqlite3_vsnprintf() routine is a varargs version of sqlite3_snprintf(). +** +** These routines all implement some additional formatting +** options that are useful for constructing SQL statements. +** All of the usual printf() formatting options apply. In addition, there +** is are "%q", "%Q", and "%z" options. +** +** ^(The %q option works like %s in that it substitutes a null-terminated +** string from the argument list. But %q also doubles every '\'' character. +** %q is designed for use inside a string literal.)^ By doubling each '\'' +** character it escapes that character and allows it to be inserted into +** the string. +** +** For example, assume the string variable zText contains text as follows: +** +** 
+**  char *zText = "It's a happy day!";
+**
+** +** One can use this text in an SQL statement as follows: +** +** 
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES('%q')", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+**
+** +** Because the %q format string is used, the '\'' character in zText +** is escaped and the SQL generated is as follows: +** +** 
+**  INSERT INTO table1 VALUES('It''s a happy day!')
+**
+** +** This is correct. Had we used %s instead of %q, the generated SQL +** would have looked like this: +** +** 
+**  INSERT INTO table1 VALUES('It's a happy day!');
+**
+** +** This second example is an SQL syntax error. As a general rule you should +** always use %q instead of %s when inserting text into a string literal. +** +** ^(The %Q option works like %q except it also adds single quotes around +** the outside of the total string. Additionally, if the parameter in the +** argument list is a NULL pointer, %Q substitutes the text "NULL" (without +** single quotes).)^ So, for example, one could say: +** +** 
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES(%Q)", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+**
+** +** The code above will render a correct SQL statement in the zSQL +** variable even if the zText variable is a NULL pointer. +** +** ^(The "%z" formatting option works like "%s" but with the +** addition that after the string has been read and copied into +** the result, [sqlite3_free()] is called on the input string.)^ +*/ +SQLITE_API char *sqlite3_mprintf(const char*,...); +SQLITE_API char *sqlite3_vmprintf(const char*, va_list); +SQLITE_API char *sqlite3_snprintf(int,char*,const char*, ...); +SQLITE_API char *sqlite3_vsnprintf(int,char*,const char*, va_list); + +/* +** CAPI3REF: Memory Allocation Subsystem +** +** The SQLite core uses these three routines for all of its own +** internal memory allocation needs. "Core" in the previous sentence +** does not include operating-system specific VFS implementation. The +** Windows VFS uses native malloc() and free() for some operations. +** +** ^The sqlite3_malloc() routine returns a pointer to a block +** of memory at least N bytes in length, where N is the parameter. +** ^If sqlite3_malloc() is unable to obtain sufficient free +** memory, it returns a NULL pointer. ^If the parameter N to +** sqlite3_malloc() is zero or negative then sqlite3_malloc() returns +** a NULL pointer. +** +** ^Calling sqlite3_free() with a pointer previously returned +** by sqlite3_malloc() or sqlite3_realloc() releases that memory so +** that it might be reused. ^The sqlite3_free() routine is +** a no-op if is called with a NULL pointer. Passing a NULL pointer +** to sqlite3_free() is harmless. After being freed, memory +** should neither be read nor written. Even reading previously freed +** memory might result in a segmentation fault or other severe error. +** Memory corruption, a segmentation fault, or other severe error +** might result if sqlite3_free() is called with a non-NULL pointer that +** was not obtained from sqlite3_malloc() or sqlite3_realloc(). +** +** ^(The sqlite3_realloc() interface attempts to resize a +** prior memory allocation to be at least N bytes, where N is the +** second parameter. The memory allocation to be resized is the first +** parameter.)^ ^ If the first parameter to sqlite3_realloc() +** is a NULL pointer then its behavior is identical to calling +** sqlite3_malloc(N) where N is the second parameter to sqlite3_realloc(). +** ^If the second parameter to sqlite3_realloc() is zero or +** negative then the behavior is exactly the same as calling +** sqlite3_free(P) where P is the first parameter to sqlite3_realloc(). +** ^sqlite3_realloc() returns a pointer to a memory allocation +** of at least N bytes in size or NULL if sufficient memory is unavailable. +** ^If M is the size of the prior allocation, then min(N,M) bytes +** of the prior allocation are copied into the beginning of buffer returned +** by sqlite3_realloc() and the prior allocation is freed. +** ^If sqlite3_realloc() returns NULL, then the prior allocation +** is not freed. +** +** ^The memory returned by sqlite3_malloc() and sqlite3_realloc() +** is always aligned to at least an 8 byte boundary, or to a +** 4 byte boundary if the [SQLITE_4_BYTE_ALIGNED_MALLOC] compile-time +** option is used. +** +** In SQLite version 3.5.0 and 3.5.1, it was possible to define +** the SQLITE_OMIT_MEMORY_ALLOCATION which would cause the built-in +** implementation of these routines to be omitted. That capability +** is no longer provided. Only built-in memory allocators can be used. +** +** The Windows OS interface layer calls +** the system malloc() and free() directly when converting +** filenames between the UTF-8 encoding used by SQLite +** and whatever filename encoding is used by the particular Windows +** installation. Memory allocation errors are detected, but +** they are reported back as [SQLITE_CANTOPEN] or +** [SQLITE_IOERR] rather than [SQLITE_NOMEM]. +** +** The pointer arguments to [sqlite3_free()] and [sqlite3_realloc()] +** must be either NULL or else pointers obtained from a prior +** invocation of [sqlite3_malloc()] or [sqlite3_realloc()] that have +** not yet been released. +** +** The application must not read or write any part of +** a block of memory after it has been released using +** [sqlite3_free()] or [sqlite3_realloc()]. +*/ +SQLITE_API void *sqlite3_malloc(int); +SQLITE_API void *sqlite3_realloc(void*, int); +SQLITE_API void sqlite3_free(void*); + +/* +** CAPI3REF: Memory Allocator Statistics +** +** SQLite provides these two interfaces for reporting on the status +** of the [sqlite3_malloc()], [sqlite3_free()], and [sqlite3_realloc()] +** routines, which form the built-in memory allocation subsystem. +** +** ^The [sqlite3_memory_used()] routine returns the number of bytes +** of memory currently outstanding (malloced but not freed). +** ^The [sqlite3_memory_highwater()] routine returns the maximum +** value of [sqlite3_memory_used()] since the high-water mark +** was last reset. ^The values returned by [sqlite3_memory_used()] and +** [sqlite3_memory_highwater()] include any overhead +** added by SQLite in its implementation of [sqlite3_malloc()], +** but not overhead added by the any underlying system library +** routines that [sqlite3_malloc()] may call. +** +** ^The memory high-water mark is reset to the current value of +** [sqlite3_memory_used()] if and only if the parameter to +** [sqlite3_memory_highwater()] is true. ^The value returned +** by [sqlite3_memory_highwater(1)] is the high-water mark +** prior to the reset. +*/ +SQLITE_API sqlite3_int64 sqlite3_memory_used(void); +SQLITE_API sqlite3_int64 sqlite3_memory_highwater(int resetFlag); + +/* +** CAPI3REF: Pseudo-Random Number Generator +** +** SQLite contains a high-quality pseudo-random number generator (PRNG) used to +** select random [ROWID | ROWIDs] when inserting new records into a table that +** already uses the largest possible [ROWID]. The PRNG is also used for +** the build-in random() and randomblob() SQL functions. This interface allows +** applications to access the same PRNG for other purposes. +** +** ^A call to this routine stores N bytes of randomness into buffer P. +** +** ^The first time this routine is invoked (either internally or by +** the application) the PRNG is seeded using randomness obtained +** from the xRandomness method of the default [sqlite3_vfs] object. +** ^On all subsequent invocations, the pseudo-randomness is generated +** internally and without recourse to the [sqlite3_vfs] xRandomness +** method. +*/ +SQLITE_API void sqlite3_randomness(int N, void *P); + +/* +** CAPI3REF: Compile-Time Authorization Callbacks +** +** ^This routine registers an authorizer callback with a particular +** [database connection], supplied in the first argument. +** ^The authorizer callback is invoked as SQL statements are being compiled +** by [sqlite3_prepare()] or its variants [sqlite3_prepare_v2()], +** [sqlite3_prepare16()] and [sqlite3_prepare16_v2()]. ^At various +** points during the compilation process, as logic is being created +** to perform various actions, the authorizer callback is invoked to +** see if those actions are allowed. ^The authorizer callback should +** return [SQLITE_OK] to allow the action, [SQLITE_IGNORE] to disallow the +** specific action but allow the SQL statement to continue to be +** compiled, or [SQLITE_DENY] to cause the entire SQL statement to be +** rejected with an error. ^If the authorizer callback returns +** any value other than [SQLITE_IGNORE], [SQLITE_OK], or [SQLITE_DENY] +** then the [sqlite3_prepare_v2()] or equivalent call that triggered +** the authorizer will fail with an error message. +** +** When the callback returns [SQLITE_OK], that means the operation +** requested is ok. ^When the callback returns [SQLITE_DENY], the +** [sqlite3_prepare_v2()] or equivalent call that triggered the +** authorizer will fail with an error message explaining that +** access is denied. +** +** ^The first parameter to the authorizer callback is a copy of the third +** parameter to the sqlite3_set_authorizer() interface. ^The second parameter +** to the callback is an integer [SQLITE_COPY | action code] that specifies +** the particular action to be authorized. ^The third through sixth parameters +** to the callback are zero-terminated strings that contain additional +** details about the action to be authorized. +** +** ^If the action code is [SQLITE_READ] +** and the callback returns [SQLITE_IGNORE] then the +** [prepared statement] statement is constructed to substitute +** a NULL value in place of the table column that would have +** been read if [SQLITE_OK] had been returned. The [SQLITE_IGNORE] +** return can be used to deny an untrusted user access to individual +** columns of a table. +** ^If the action code is [SQLITE_DELETE] and the callback returns +** [SQLITE_IGNORE] then the [DELETE] operation proceeds but the +** [truncate optimization] is disabled and all rows are deleted individually. +** +** An authorizer is used when [sqlite3_prepare | preparing] +** SQL statements from an untrusted source, to ensure that the SQL statements +** do not try to access data they are not allowed to see, or that they do not +** try to execute malicious statements that damage the database. For +** example, an application may allow a user to enter arbitrary +** SQL queries for evaluation by a database. But the application does +** not want the user to be able to make arbitrary changes to the +** database. An authorizer could then be put in place while the +** user-entered SQL is being [sqlite3_prepare | prepared] that +** disallows everything except [SELECT] statements. +** +** Applications that need to process SQL from untrusted sources +** might also consider lowering resource limits using [sqlite3_limit()] +** and limiting database size using the [max_page_count] [PRAGMA] +** in addition to using an authorizer. +** +** ^(Only a single authorizer can be in place on a database connection +** at a time. Each call to sqlite3_set_authorizer overrides the +** previous call.)^ ^Disable the authorizer by installing a NULL callback. +** The authorizer is disabled by default. +** +** The authorizer callback must not do anything that will modify +** the database connection that invoked the authorizer callback. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +** ^When [sqlite3_prepare_v2()] is used to prepare a statement, the +** statement might be re-prepared during [sqlite3_step()] due to a +** schema change. Hence, the application should ensure that the +** correct authorizer callback remains in place during the [sqlite3_step()]. +** +** ^Note that the authorizer callback is invoked only during +** [sqlite3_prepare()] or its variants. Authorization is not +** performed during statement evaluation in [sqlite3_step()], unless +** as stated in the previous paragraph, sqlite3_step() invokes +** sqlite3_prepare_v2() to reprepare a statement after a schema change. +*/ +SQLITE_API int sqlite3_set_authorizer( + sqlite3*, + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*), + void *pUserData +); + +/* +** CAPI3REF: Authorizer Return Codes +** +** The [sqlite3_set_authorizer | authorizer callback function] must +** return either [SQLITE_OK] or one of these two constants in order +** to signal SQLite whether or not the action is permitted. See the +** [sqlite3_set_authorizer | authorizer documentation] for additional +** information. +** +** Note that SQLITE_IGNORE is also used as a [SQLITE_ROLLBACK | return code] +** from the [sqlite3_vtab_on_conflict()] interface. +*/ +#define SQLITE_DENY 1 /* Abort the SQL statement with an error */ +#define SQLITE_IGNORE 2 /* Don't allow access, but don't generate an error */ + +/* +** CAPI3REF: Authorizer Action Codes +** +** The [sqlite3_set_authorizer()] interface registers a callback function +** that is invoked to authorize certain SQL statement actions. The +** second parameter to the callback is an integer code that specifies +** what action is being authorized. These are the integer action codes that +** the authorizer callback may be passed. +** +** These action code values signify what kind of operation is to be +** authorized. The 3rd and 4th parameters to the authorization +** callback function will be parameters or NULL depending on which of these +** codes is used as the second parameter. ^(The 5th parameter to the +** authorizer callback is the name of the database ("main", "temp", +** etc.) if applicable.)^ ^The 6th parameter to the authorizer callback +** is the name of the inner-most trigger or view that is responsible for +** the access attempt or NULL if this access attempt is directly from +** top-level SQL code. +*/ +/******************************************* 3rd ************ 4th ***********/ +#define SQLITE_CREATE_INDEX 1 /* Index Name Table Name */ +#define SQLITE_CREATE_TABLE 2 /* Table Name NULL */ +#define SQLITE_CREATE_TEMP_INDEX 3 /* Index Name Table Name */ +#define SQLITE_CREATE_TEMP_TABLE 4 /* Table Name NULL */ +#define SQLITE_CREATE_TEMP_TRIGGER 5 /* Trigger Name Table Name */ +#define SQLITE_CREATE_TEMP_VIEW 6 /* View Name NULL */ +#define SQLITE_CREATE_TRIGGER 7 /* Trigger Name Table Name */ +#define SQLITE_CREATE_VIEW 8 /* View Name NULL */ +#define SQLITE_DELETE 9 /* Table Name NULL */ +#define SQLITE_DROP_INDEX 10 /* Index Name Table Name */ +#define SQLITE_DROP_TABLE 11 /* Table Name NULL */ +#define SQLITE_DROP_TEMP_INDEX 12 /* Index Name Table Name */ +#define SQLITE_DROP_TEMP_TABLE 13 /* Table Name NULL */ +#define SQLITE_DROP_TEMP_TRIGGER 14 /* Trigger Name Table Name */ +#define SQLITE_DROP_TEMP_VIEW 15 /* View Name NULL */ +#define SQLITE_DROP_TRIGGER 16 /* Trigger Name Table Name */ +#define SQLITE_DROP_VIEW 17 /* View Name NULL */ +#define SQLITE_INSERT 18 /* Table Name NULL */ +#define SQLITE_PRAGMA 19 /* Pragma Name 1st arg or NULL */ +#define SQLITE_READ 20 /* Table Name Column Name */ +#define SQLITE_SELECT 21 /* NULL NULL */ +#define SQLITE_TRANSACTION 22 /* Operation NULL */ +#define SQLITE_UPDATE 23 /* Table Name Column Name */ +#define SQLITE_ATTACH 24 /* Filename NULL */ +#define SQLITE_DETACH 25 /* Database Name NULL */ +#define SQLITE_ALTER_TABLE 26 /* Database Name Table Name */ +#define SQLITE_REINDEX 27 /* Index Name NULL */ +#define SQLITE_ANALYZE 28 /* Table Name NULL */ +#define SQLITE_CREATE_VTABLE 29 /* Table Name Module Name */ +#define SQLITE_DROP_VTABLE 30 /* Table Name Module Name */ +#define SQLITE_FUNCTION 31 /* NULL Function Name */ +#define SQLITE_SAVEPOINT 32 /* Operation Savepoint Name */ +#define SQLITE_COPY 0 /* No longer used */ + +/* +** CAPI3REF: Tracing And Profiling Functions +** +** These routines register callback functions that can be used for +** tracing and profiling the execution of SQL statements. +** +** ^The callback function registered by sqlite3_trace() is invoked at +** various times when an SQL statement is being run by [sqlite3_step()]. +** ^The sqlite3_trace() callback is invoked with a UTF-8 rendering of the +** SQL statement text as the statement first begins executing. +** ^(Additional sqlite3_trace() callbacks might occur +** as each triggered subprogram is entered. The callbacks for triggers +** contain a UTF-8 SQL comment that identifies the trigger.)^ +** +** ^The callback function registered by sqlite3_profile() is invoked +** as each SQL statement finishes. ^The profile callback contains +** the original statement text and an estimate of wall-clock time +** of how long that statement took to run. ^The profile callback +** time is in units of nanoseconds, however the current implementation +** is only capable of millisecond resolution so the six least significant +** digits in the time are meaningless. Future versions of SQLite +** might provide greater resolution on the profiler callback. The +** sqlite3_profile() function is considered experimental and is +** subject to change in future versions of SQLite. +*/ +SQLITE_API void *sqlite3_trace(sqlite3*, void(*xTrace)(void*,const char*), void*); +SQLITE_API SQLITE_EXPERIMENTAL void *sqlite3_profile(sqlite3*, + void(*xProfile)(void*,const char*,sqlite3_uint64), void*); + +/* +** CAPI3REF: Query Progress Callbacks +** +** ^The sqlite3_progress_handler(D,N,X,P) interface causes the callback +** function X to be invoked periodically during long running calls to +** [sqlite3_exec()], [sqlite3_step()] and [sqlite3_get_table()] for +** database connection D. An example use for this +** interface is to keep a GUI updated during a large query. +** +** ^The parameter P is passed through as the only parameter to the +** callback function X. ^The parameter N is the number of +** [virtual machine instructions] that are evaluated between successive +** invocations of the callback X. +** +** ^Only a single progress handler may be defined at one time per +** [database connection]; setting a new progress handler cancels the +** old one. ^Setting parameter X to NULL disables the progress handler. +** ^The progress handler is also disabled by setting N to a value less +** than 1. +** +** ^If the progress callback returns non-zero, the operation is +** interrupted. This feature can be used to implement a +** "Cancel" button on a GUI progress dialog box. +** +** The progress handler callback must not do anything that will modify +** the database connection that invoked the progress handler. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +*/ +SQLITE_API void sqlite3_progress_handler(sqlite3*, int, int(*)(void*), void*); + +/* +** CAPI3REF: Opening A New Database Connection +** +** ^These routines open an SQLite database file as specified by the +** filename argument. ^The filename argument is interpreted as UTF-8 for +** sqlite3_open() and sqlite3_open_v2() and as UTF-16 in the native byte +** order for sqlite3_open16(). ^(A [database connection] handle is usually +** returned in *ppDb, even if an error occurs. The only exception is that +** if SQLite is unable to allocate memory to hold the [sqlite3] object, +** a NULL will be written into *ppDb instead of a pointer to the [sqlite3] +** object.)^ ^(If the database is opened (and/or created) successfully, then +** [SQLITE_OK] is returned. Otherwise an [error code] is returned.)^ ^The +** [sqlite3_errmsg()] or [sqlite3_errmsg16()] routines can be used to obtain +** an English language description of the error following a failure of any +** of the sqlite3_open() routines. +** +** ^The default encoding for the database will be UTF-8 if +** sqlite3_open() or sqlite3_open_v2() is called and +** UTF-16 in the native byte order if sqlite3_open16() is used. +** +** Whether or not an error occurs when it is opened, resources +** associated with the [database connection] handle should be released by +** passing it to [sqlite3_close()] when it is no longer required. +** +** The sqlite3_open_v2() interface works like sqlite3_open() +** except that it accepts two additional parameters for additional control +** over the new database connection. ^(The flags parameter to +** sqlite3_open_v2() can take one of +** the following three values, optionally combined with the +** [SQLITE_OPEN_NOMUTEX], [SQLITE_OPEN_FULLMUTEX], [SQLITE_OPEN_SHAREDCACHE], +** [SQLITE_OPEN_PRIVATECACHE], and/or [SQLITE_OPEN_URI] flags:)^ +** +**
+** ^(
[SQLITE_OPEN_READONLY]
+**
The database is opened in read-only mode. If the database does not +** already exist, an error is returned.
)^ +** +** ^(
[SQLITE_OPEN_READWRITE]
+**
The database is opened for reading and writing if possible, or reading +** only if the file is write protected by the operating system. In either +** case the database must already exist, otherwise an error is returned.
)^ +** +** ^(
[SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]
+**
The database is opened for reading and writing, and is created if +** it does not already exist. This is the behavior that is always used for +** sqlite3_open() and sqlite3_open16().
)^ +**
+** +** If the 3rd parameter to sqlite3_open_v2() is not one of the +** combinations shown above optionally combined with other +** [SQLITE_OPEN_READONLY | SQLITE_OPEN_* bits] +** then the behavior is undefined. +** +** ^If the [SQLITE_OPEN_NOMUTEX] flag is set, then the database connection +** opens in the multi-thread [threading mode] as long as the single-thread +** mode has not been set at compile-time or start-time. ^If the +** [SQLITE_OPEN_FULLMUTEX] flag is set then the database connection opens +** in the serialized [threading mode] unless single-thread was +** previously selected at compile-time or start-time. +** ^The [SQLITE_OPEN_SHAREDCACHE] flag causes the database connection to be +** eligible to use [shared cache mode], regardless of whether or not shared +** cache is enabled using [sqlite3_enable_shared_cache()]. ^The +** [SQLITE_OPEN_PRIVATECACHE] flag causes the database connection to not +** participate in [shared cache mode] even if it is enabled. +** +** ^The fourth parameter to sqlite3_open_v2() is the name of the +** [sqlite3_vfs] object that defines the operating system interface that +** the new database connection should use. ^If the fourth parameter is +** a NULL pointer then the default [sqlite3_vfs] object is used. +** +** ^If the filename is ":memory:", then a private, temporary in-memory database +** is created for the connection. ^This in-memory database will vanish when +** the database connection is closed. Future versions of SQLite might +** make use of additional special filenames that begin with the ":" character. +** It is recommended that when a database filename actually does begin with +** a ":" character you should prefix the filename with a pathname such as +** "./" to avoid ambiguity. +** +** ^If the filename is an empty string, then a private, temporary +** on-disk database will be created. ^This private database will be +** automatically deleted as soon as the database connection is closed. +** +** [[URI filenames in sqlite3_open()]]

URI Filenames

+** +** ^If [URI filename] interpretation is enabled, and the filename argument +** begins with "file:", then the filename is interpreted as a URI. ^URI +** filename interpretation is enabled if the [SQLITE_OPEN_URI] flag is +** set in the fourth argument to sqlite3_open_v2(), or if it has +** been enabled globally using the [SQLITE_CONFIG_URI] option with the +** [sqlite3_config()] method or by the [SQLITE_USE_URI] compile-time option. +** As of SQLite version 3.7.7, URI filename interpretation is turned off +** by default, but future releases of SQLite might enable URI filename +** interpretation by default. See "[URI filenames]" for additional +** information. +** +** URI filenames are parsed according to RFC 3986. ^If the URI contains an +** authority, then it must be either an empty string or the string +** "localhost". ^If the authority is not an empty string or "localhost", an +** error is returned to the caller. ^The fragment component of a URI, if +** present, is ignored. +** +** ^SQLite uses the path component of the URI as the name of the disk file +** which contains the database. ^If the path begins with a '/' character, +** then it is interpreted as an absolute path. ^If the path does not begin +** with a '/' (meaning that the authority section is omitted from the URI) +** then the path is interpreted as a relative path. +** ^On windows, the first component of an absolute path +** is a drive specification (e.g. "C:"). +** +** [[core URI query parameters]] +** The query component of a URI may contain parameters that are interpreted +** either by SQLite itself, or by a [VFS | custom VFS implementation]. +** SQLite interprets the following three query parameters: +** +**
    +**
  • vfs: ^The "vfs" parameter may be used to specify the name of +** a VFS object that provides the operating system interface that should +** be used to access the database file on disk. ^If this option is set to +** an empty string the default VFS object is used. ^Specifying an unknown +** VFS is an error. ^If sqlite3_open_v2() is used and the vfs option is +** present, then the VFS specified by the option takes precedence over +** the value passed as the fourth parameter to sqlite3_open_v2(). +** +**
  • mode: ^(The mode parameter may be set to either "ro", "rw" or +** "rwc". Attempting to set it to any other value is an error)^. +** ^If "ro" is specified, then the database is opened for read-only +** access, just as if the [SQLITE_OPEN_READONLY] flag had been set in the +** third argument to sqlite3_prepare_v2(). ^If the mode option is set to +** "rw", then the database is opened for read-write (but not create) +** access, as if SQLITE_OPEN_READWRITE (but not SQLITE_OPEN_CREATE) had +** been set. ^Value "rwc" is equivalent to setting both +** SQLITE_OPEN_READWRITE and SQLITE_OPEN_CREATE. ^If sqlite3_open_v2() is +** used, it is an error to specify a value for the mode parameter that is +** less restrictive than that specified by the flags passed as the third +** parameter. +** +**
  • cache: ^The cache parameter may be set to either "shared" or +** "private". ^Setting it to "shared" is equivalent to setting the +** SQLITE_OPEN_SHAREDCACHE bit in the flags argument passed to +** sqlite3_open_v2(). ^Setting the cache parameter to "private" is +** equivalent to setting the SQLITE_OPEN_PRIVATECACHE bit. +** ^If sqlite3_open_v2() is used and the "cache" parameter is present in +** a URI filename, its value overrides any behaviour requested by setting +** SQLITE_OPEN_PRIVATECACHE or SQLITE_OPEN_SHAREDCACHE flag. +**
+** +** ^Specifying an unknown parameter in the query component of a URI is not an +** error. Future versions of SQLite might understand additional query +** parameters. See "[query parameters with special meaning to SQLite]" for +** additional information. +** +** [[URI filename examples]]

URI filename examples

+** +** +**
URI filenames Results +**
file:data.db +** Open the file "data.db" in the current directory. +**
file:/home/fred/data.db
+** file:///home/fred/data.db
+** file://localhost/home/fred/data.db
+** Open the database file "/home/fred/data.db". +**
file://darkstar/home/fred/data.db +** An error. "darkstar" is not a recognized authority. +**
+** file:///C:/Documents%20and%20Settings/fred/Desktop/data.db +** Windows only: Open the file "data.db" on fred's desktop on drive +** C:. Note that the %20 escaping in this example is not strictly +** necessary - space characters can be used literally +** in URI filenames. +**
file:data.db?mode=ro&cache=private +** Open file "data.db" in the current directory for read-only access. +** Regardless of whether or not shared-cache mode is enabled by +** default, use a private cache. +**
file:/home/fred/data.db?vfs=unix-nolock +** Open file "/home/fred/data.db". Use the special VFS "unix-nolock". +**
file:data.db?mode=readonly +** An error. "readonly" is not a valid option for the "mode" parameter. +**
+** +** ^URI hexadecimal escape sequences (%HH) are supported within the path and +** query components of a URI. A hexadecimal escape sequence consists of a +** percent sign - "%" - followed by exactly two hexadecimal digits +** specifying an octet value. ^Before the path or query components of a +** URI filename are interpreted, they are encoded using UTF-8 and all +** hexadecimal escape sequences replaced by a single byte containing the +** corresponding octet. If this process generates an invalid UTF-8 encoding, +** the results are undefined. +** +** Note to Windows users: The encoding used for the filename argument +** of sqlite3_open() and sqlite3_open_v2() must be UTF-8, not whatever +** codepage is currently defined. Filenames containing international +** characters must be converted to UTF-8 prior to passing them into +** sqlite3_open() or sqlite3_open_v2(). +*/ +SQLITE_API int sqlite3_open( + const char *filename, /* Database filename (UTF-8) */ + sqlite3 **ppDb /* OUT: SQLite db handle */ +); +SQLITE_API int sqlite3_open16( + const void *filename, /* Database filename (UTF-16) */ + sqlite3 **ppDb /* OUT: SQLite db handle */ +); +SQLITE_API int sqlite3_open_v2( + const char *filename, /* Database filename (UTF-8) */ + sqlite3 **ppDb, /* OUT: SQLite db handle */ + int flags, /* Flags */ + const char *zVfs /* Name of VFS module to use */ +); + +/* +** CAPI3REF: Obtain Values For URI Parameters +** +** This is a utility routine, useful to VFS implementations, that checks +** to see if a database file was a URI that contained a specific query +** parameter, and if so obtains the value of the query parameter. +** +** The zFilename argument is the filename pointer passed into the xOpen() +** method of a VFS implementation. The zParam argument is the name of the +** query parameter we seek. This routine returns the value of the zParam +** parameter if it exists. If the parameter does not exist, this routine +** returns a NULL pointer. +** +** If the zFilename argument to this function is not a pointer that SQLite +** passed into the xOpen VFS method, then the behavior of this routine +** is undefined and probably undesirable. +*/ +SQLITE_API const char *sqlite3_uri_parameter(const char *zFilename, const char *zParam); + + +/* +** CAPI3REF: Error Codes And Messages +** +** ^The sqlite3_errcode() interface returns the numeric [result code] or +** [extended result code] for the most recent failed sqlite3_* API call +** associated with a [database connection]. If a prior API call failed +** but the most recent API call succeeded, the return value from +** sqlite3_errcode() is undefined. ^The sqlite3_extended_errcode() +** interface is the same except that it always returns the +** [extended result code] even when extended result codes are +** disabled. +** +** ^The sqlite3_errmsg() and sqlite3_errmsg16() return English-language +** text that describes the error, as either UTF-8 or UTF-16 respectively. +** ^(Memory to hold the error message string is managed internally. +** The application does not need to worry about freeing the result. +** However, the error string might be overwritten or deallocated by +** subsequent calls to other SQLite interface functions.)^ +** +** When the serialized [threading mode] is in use, it might be the +** case that a second error occurs on a separate thread in between +** the time of the first error and the call to these interfaces. +** When that happens, the second error will be reported since these +** interfaces always report the most recent result. To avoid +** this, each thread can obtain exclusive use of the [database connection] D +** by invoking [sqlite3_mutex_enter]([sqlite3_db_mutex](D)) before beginning +** to use D and invoking [sqlite3_mutex_leave]([sqlite3_db_mutex](D)) after +** all calls to the interfaces listed here are completed. +** +** If an interface fails with SQLITE_MISUSE, that means the interface +** was invoked incorrectly by the application. In that case, the +** error code and message may or may not be set. +*/ +SQLITE_API int sqlite3_errcode(sqlite3 *db); +SQLITE_API int sqlite3_extended_errcode(sqlite3 *db); +SQLITE_API const char *sqlite3_errmsg(sqlite3*); +SQLITE_API const void *sqlite3_errmsg16(sqlite3*); + +/* +** CAPI3REF: SQL Statement Object +** KEYWORDS: {prepared statement} {prepared statements} +** +** An instance of this object represents a single SQL statement. +** This object is variously known as a "prepared statement" or a +** "compiled SQL statement" or simply as a "statement". +** +** The life of a statement object goes something like this: +** +**
    +**
  1. Create the object using [sqlite3_prepare_v2()] or a related +** function. +**
  2. Bind values to [host parameters] using the sqlite3_bind_*() +** interfaces. +**
  3. Run the SQL by calling [sqlite3_step()] one or more times. +**
  4. Reset the statement using [sqlite3_reset()] then go back +** to step 2. Do this zero or more times. +**
  5. Destroy the object using [sqlite3_finalize()]. +**
+** +** Refer to documentation on individual methods above for additional +** information. +*/ +typedef struct sqlite3_stmt sqlite3_stmt; + +/* +** CAPI3REF: Run-time Limits +** +** ^(This interface allows the size of various constructs to be limited +** on a connection by connection basis. The first parameter is the +** [database connection] whose limit is to be set or queried. The +** second parameter is one of the [limit categories] that define a +** class of constructs to be size limited. The third parameter is the +** new limit for that construct.)^ +** +** ^If the new limit is a negative number, the limit is unchanged. +** ^(For each limit category SQLITE_LIMIT_NAME there is a +** [limits | hard upper bound] +** set at compile-time by a C preprocessor macro called +** [limits | SQLITE_MAX_NAME]. +** (The "_LIMIT_" in the name is changed to "_MAX_".))^ +** ^Attempts to increase a limit above its hard upper bound are +** silently truncated to the hard upper bound. +** +** ^Regardless of whether or not the limit was changed, the +** [sqlite3_limit()] interface returns the prior value of the limit. +** ^Hence, to find the current value of a limit without changing it, +** simply invoke this interface with the third parameter set to -1. +** +** Run-time limits are intended for use in applications that manage +** both their own internal database and also databases that are controlled +** by untrusted external sources. An example application might be a +** web browser that has its own databases for storing history and +** separate databases controlled by JavaScript applications downloaded +** off the Internet. The internal databases can be given the +** large, default limits. Databases managed by external sources can +** be given much smaller limits designed to prevent a denial of service +** attack. Developers might also want to use the [sqlite3_set_authorizer()] +** interface to further control untrusted SQL. The size of the database +** created by an untrusted script can be contained using the +** [max_page_count] [PRAGMA]. +** +** New run-time limit categories may be added in future releases. +*/ +SQLITE_API int sqlite3_limit(sqlite3*, int id, int newVal); + +/* +** CAPI3REF: Run-Time Limit Categories +** KEYWORDS: {limit category} {*limit categories} +** +** These constants define various performance limits +** that can be lowered at run-time using [sqlite3_limit()]. +** The synopsis of the meanings of the various limits is shown below. +** Additional information is available at [limits | Limits in SQLite]. +** +**
+** [[SQLITE_LIMIT_LENGTH]] ^(
SQLITE_LIMIT_LENGTH
+**
The maximum size of any string or BLOB or table row, in bytes.
)^ +** +** [[SQLITE_LIMIT_SQL_LENGTH]] ^(
SQLITE_LIMIT_SQL_LENGTH
+**
The maximum length of an SQL statement, in bytes.
)^ +** +** [[SQLITE_LIMIT_COLUMN]] ^(
SQLITE_LIMIT_COLUMN
+**
The maximum number of columns in a table definition or in the +** result set of a [SELECT] or the maximum number of columns in an index +** or in an ORDER BY or GROUP BY clause.
)^ +** +** [[SQLITE_LIMIT_EXPR_DEPTH]] ^(
SQLITE_LIMIT_EXPR_DEPTH
+**
The maximum depth of the parse tree on any expression.
)^ +** +** [[SQLITE_LIMIT_COMPOUND_SELECT]] ^(
SQLITE_LIMIT_COMPOUND_SELECT
+**
The maximum number of terms in a compound SELECT statement.
)^ +** +** [[SQLITE_LIMIT_VDBE_OP]] ^(
SQLITE_LIMIT_VDBE_OP
+**
The maximum number of instructions in a virtual machine program +** used to implement an SQL statement. This limit is not currently +** enforced, though that might be added in some future release of +** SQLite.
)^ +** +** [[SQLITE_LIMIT_FUNCTION_ARG]] ^(
SQLITE_LIMIT_FUNCTION_ARG
+**
The maximum number of arguments on a function.
)^ +** +** [[SQLITE_LIMIT_ATTACHED]] ^(
SQLITE_LIMIT_ATTACHED
+**
The maximum number of [ATTACH | attached databases].)^
+** +** [[SQLITE_LIMIT_LIKE_PATTERN_LENGTH]] +** ^(
SQLITE_LIMIT_LIKE_PATTERN_LENGTH
+**
The maximum length of the pattern argument to the [LIKE] or +** [GLOB] operators.
)^ +** +** [[SQLITE_LIMIT_VARIABLE_NUMBER]] +** ^(
SQLITE_LIMIT_VARIABLE_NUMBER
+**
The maximum index number of any [parameter] in an SQL statement.)^ +** +** [[SQLITE_LIMIT_TRIGGER_DEPTH]] ^(
SQLITE_LIMIT_TRIGGER_DEPTH
+**
The maximum depth of recursion for triggers.
)^ +**
+*/ +#define SQLITE_LIMIT_LENGTH 0 +#define SQLITE_LIMIT_SQL_LENGTH 1 +#define SQLITE_LIMIT_COLUMN 2 +#define SQLITE_LIMIT_EXPR_DEPTH 3 +#define SQLITE_LIMIT_COMPOUND_SELECT 4 +#define SQLITE_LIMIT_VDBE_OP 5 +#define SQLITE_LIMIT_FUNCTION_ARG 6 +#define SQLITE_LIMIT_ATTACHED 7 +#define SQLITE_LIMIT_LIKE_PATTERN_LENGTH 8 +#define SQLITE_LIMIT_VARIABLE_NUMBER 9 +#define SQLITE_LIMIT_TRIGGER_DEPTH 10 + +/* +** CAPI3REF: Compiling An SQL Statement +** KEYWORDS: {SQL statement compiler} +** +** To execute an SQL query, it must first be compiled into a byte-code +** program using one of these routines. +** +** The first argument, "db", is a [database connection] obtained from a +** prior successful call to [sqlite3_open()], [sqlite3_open_v2()] or +** [sqlite3_open16()]. The database connection must not have been closed. +** +** The second argument, "zSql", is the statement to be compiled, encoded +** as either UTF-8 or UTF-16. The sqlite3_prepare() and sqlite3_prepare_v2() +** interfaces use UTF-8, and sqlite3_prepare16() and sqlite3_prepare16_v2() +** use UTF-16. +** +** ^If the nByte argument is less than zero, then zSql is read up to the +** first zero terminator. ^If nByte is non-negative, then it is the maximum +** number of bytes read from zSql. ^When nByte is non-negative, the +** zSql string ends at either the first '\000' or '\u0000' character or +** the nByte-th byte, whichever comes first. If the caller knows +** that the supplied string is nul-terminated, then there is a small +** performance advantage to be gained by passing an nByte parameter that +** is equal to the number of bytes in the input string including +** the nul-terminator bytes. +** +** ^If pzTail is not NULL then *pzTail is made to point to the first byte +** past the end of the first SQL statement in zSql. These routines only +** compile the first statement in zSql, so *pzTail is left pointing to +** what remains uncompiled. +** +** ^*ppStmt is left pointing to a compiled [prepared statement] that can be +** executed using [sqlite3_step()]. ^If there is an error, *ppStmt is set +** to NULL. ^If the input text contains no SQL (if the input is an empty +** string or a comment) then *ppStmt is set to NULL. +** The calling procedure is responsible for deleting the compiled +** SQL statement using [sqlite3_finalize()] after it has finished with it. +** ppStmt may not be NULL. +** +** ^On success, the sqlite3_prepare() family of routines return [SQLITE_OK]; +** otherwise an [error code] is returned. +** +** The sqlite3_prepare_v2() and sqlite3_prepare16_v2() interfaces are +** recommended for all new programs. The two older interfaces are retained +** for backwards compatibility, but their use is discouraged. +** ^In the "v2" interfaces, the prepared statement +** that is returned (the [sqlite3_stmt] object) contains a copy of the +** original SQL text. This causes the [sqlite3_step()] interface to +** behave differently in three ways: +** +**
    +**
  1. +** ^If the database schema changes, instead of returning [SQLITE_SCHEMA] as it +** always used to do, [sqlite3_step()] will automatically recompile the SQL +** statement and try to run it again. +**
    2. +** +**
  2. +** ^When an error occurs, [sqlite3_step()] will return one of the detailed +** [error codes] or [extended error codes]. ^The legacy behavior was that +** [sqlite3_step()] would only return a generic [SQLITE_ERROR] result code +** and the application would have to make a second call to [sqlite3_reset()] +** in order to find the underlying cause of the problem. With the "v2" prepare +** interfaces, the underlying reason for the error is returned immediately. +**
    3. +** +**
  3. +** ^If the specific value bound to [parameter | host parameter] in the +** WHERE clause might influence the choice of query plan for a statement, +** then the statement will be automatically recompiled, as if there had been +** a schema change, on the first [sqlite3_step()] call following any change +** to the [sqlite3_bind_text | bindings] of that [parameter]. +** ^The specific value of WHERE-clause [parameter] might influence the +** choice of query plan if the parameter is the left-hand side of a [LIKE] +** or [GLOB] operator or if the parameter is compared to an indexed column +** and the [SQLITE_ENABLE_STAT2] compile-time option is enabled. +** the +**
    4. +**
+*/ +SQLITE_API int sqlite3_prepare( + sqlite3 *db, /* Database handle */ + const char *zSql, /* SQL statement, UTF-8 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const char **pzTail /* OUT: Pointer to unused portion of zSql */ +); +SQLITE_API int sqlite3_prepare_v2( + sqlite3 *db, /* Database handle */ + const char *zSql, /* SQL statement, UTF-8 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const char **pzTail /* OUT: Pointer to unused portion of zSql */ +); +SQLITE_API int sqlite3_prepare16( + sqlite3 *db, /* Database handle */ + const void *zSql, /* SQL statement, UTF-16 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const void **pzTail /* OUT: Pointer to unused portion of zSql */ +); +SQLITE_API int sqlite3_prepare16_v2( + sqlite3 *db, /* Database handle */ + const void *zSql, /* SQL statement, UTF-16 encoded */ + int nByte, /* Maximum length of zSql in bytes. */ + sqlite3_stmt **ppStmt, /* OUT: Statement handle */ + const void **pzTail /* OUT: Pointer to unused portion of zSql */ +); + +/* +** CAPI3REF: Retrieving Statement SQL +** +** ^This interface can be used to retrieve a saved copy of the original +** SQL text used to create a [prepared statement] if that statement was +** compiled using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()]. +*/ +SQLITE_API const char *sqlite3_sql(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Determine If An SQL Statement Writes The Database +** +** ^The sqlite3_stmt_readonly(X) interface returns true (non-zero) if +** and only if the [prepared statement] X makes no direct changes to +** the content of the database file. +** +** Note that [application-defined SQL functions] or +** [virtual tables] might change the database indirectly as a side effect. +** ^(For example, if an application defines a function "eval()" that +** calls [sqlite3_exec()], then the following SQL statement would +** change the database file through side-effects: +** +** 
+**    SELECT eval('DELETE FROM t1') FROM t2;
+**
+** +** But because the [SELECT] statement does not change the database file +** directly, sqlite3_stmt_readonly() would still return true.)^ +** +** ^Transaction control statements such as [BEGIN], [COMMIT], [ROLLBACK], +** [SAVEPOINT], and [RELEASE] cause sqlite3_stmt_readonly() to return true, +** since the statements themselves do not actually modify the database but +** rather they control the timing of when other statements modify the +** database. ^The [ATTACH] and [DETACH] statements also cause +** sqlite3_stmt_readonly() to return true since, while those statements +** change the configuration of a database connection, they do not make +** changes to the content of the database files on disk. +*/ +SQLITE_API int sqlite3_stmt_readonly(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Dynamically Typed Value Object +** KEYWORDS: {protected sqlite3_value} {unprotected sqlite3_value} +** +** SQLite uses the sqlite3_value object to represent all values +** that can be stored in a database table. SQLite uses dynamic typing +** for the values it stores. ^Values stored in sqlite3_value objects +** can be integers, floating point values, strings, BLOBs, or NULL. +** +** An sqlite3_value object may be either "protected" or "unprotected". +** Some interfaces require a protected sqlite3_value. Other interfaces +** will accept either a protected or an unprotected sqlite3_value. +** Every interface that accepts sqlite3_value arguments specifies +** whether or not it requires a protected sqlite3_value. +** +** The terms "protected" and "unprotected" refer to whether or not +** a mutex is held. An internal mutex is held for a protected +** sqlite3_value object but no mutex is held for an unprotected +** sqlite3_value object. If SQLite is compiled to be single-threaded +** (with [SQLITE_THREADSAFE=0] and with [sqlite3_threadsafe()] returning 0) +** or if SQLite is run in one of reduced mutex modes +** [SQLITE_CONFIG_SINGLETHREAD] or [SQLITE_CONFIG_MULTITHREAD] +** then there is no distinction between protected and unprotected +** sqlite3_value objects and they can be used interchangeably. However, +** for maximum code portability it is recommended that applications +** still make the distinction between protected and unprotected +** sqlite3_value objects even when not strictly required. +** +** ^The sqlite3_value objects that are passed as parameters into the +** implementation of [application-defined SQL functions] are protected. +** ^The sqlite3_value object returned by +** [sqlite3_column_value()] is unprotected. +** Unprotected sqlite3_value objects may only be used with +** [sqlite3_result_value()] and [sqlite3_bind_value()]. +** The [sqlite3_value_blob | sqlite3_value_type()] family of +** interfaces require protected sqlite3_value objects. +*/ +typedef struct Mem sqlite3_value; + +/* +** CAPI3REF: SQL Function Context Object +** +** The context in which an SQL function executes is stored in an +** sqlite3_context object. ^A pointer to an sqlite3_context object +** is always first parameter to [application-defined SQL functions]. +** The application-defined SQL function implementation will pass this +** pointer through into calls to [sqlite3_result_int | sqlite3_result()], +** [sqlite3_aggregate_context()], [sqlite3_user_data()], +** [sqlite3_context_db_handle()], [sqlite3_get_auxdata()], +** and/or [sqlite3_set_auxdata()]. +*/ +typedef struct sqlite3_context sqlite3_context; + +/* +** CAPI3REF: Binding Values To Prepared Statements +** KEYWORDS: {host parameter} {host parameters} {host parameter name} +** KEYWORDS: {SQL parameter} {SQL parameters} {parameter binding} +** +** ^(In the SQL statement text input to [sqlite3_prepare_v2()] and its variants, +** literals may be replaced by a [parameter] that matches one of following +** templates: +** +**
    +**
  • ? +**
  • ?NNN +**
  • :VVV +**
  • @VVV +**
  • $VVV +**
+** +** In the templates above, NNN represents an integer literal, +** and VVV represents an alphanumeric identifier.)^ ^The values of these +** parameters (also called "host parameter names" or "SQL parameters") +** can be set using the sqlite3_bind_*() routines defined here. +** +** ^The first argument to the sqlite3_bind_*() routines is always +** a pointer to the [sqlite3_stmt] object returned from +** [sqlite3_prepare_v2()] or its variants. +** +** ^The second argument is the index of the SQL parameter to be set. +** ^The leftmost SQL parameter has an index of 1. ^When the same named +** SQL parameter is used more than once, second and subsequent +** occurrences have the same index as the first occurrence. +** ^The index for named parameters can be looked up using the +** [sqlite3_bind_parameter_index()] API if desired. ^The index +** for "?NNN" parameters is the value of NNN. +** ^The NNN value must be between 1 and the [sqlite3_limit()] +** parameter [SQLITE_LIMIT_VARIABLE_NUMBER] (default value: 999). +** +** ^The third argument is the value to bind to the parameter. +** +** ^(In those routines that have a fourth argument, its value is the +** number of bytes in the parameter. To be clear: the value is the +** number of bytes in the value, not the number of characters.)^ +** ^If the fourth parameter is negative, the length of the string is +** the number of bytes up to the first zero terminator. +** +** ^The fifth argument to sqlite3_bind_blob(), sqlite3_bind_text(), and +** sqlite3_bind_text16() is a destructor used to dispose of the BLOB or +** string after SQLite has finished with it. ^The destructor is called +** to dispose of the BLOB or string even if the call to sqlite3_bind_blob(), +** sqlite3_bind_text(), or sqlite3_bind_text16() fails. +** ^If the fifth argument is +** the special value [SQLITE_STATIC], then SQLite assumes that the +** information is in static, unmanaged space and does not need to be freed. +** ^If the fifth argument has the value [SQLITE_TRANSIENT], then +** SQLite makes its own private copy of the data immediately, before +** the sqlite3_bind_*() routine returns. +** +** ^The sqlite3_bind_zeroblob() routine binds a BLOB of length N that +** is filled with zeroes. ^A zeroblob uses a fixed amount of memory +** (just an integer to hold its size) while it is being processed. +** Zeroblobs are intended to serve as placeholders for BLOBs whose +** content is later written using +** [sqlite3_blob_open | incremental BLOB I/O] routines. +** ^A negative value for the zeroblob results in a zero-length BLOB. +** +** ^If any of the sqlite3_bind_*() routines are called with a NULL pointer +** for the [prepared statement] or with a prepared statement for which +** [sqlite3_step()] has been called more recently than [sqlite3_reset()], +** then the call will return [SQLITE_MISUSE]. If any sqlite3_bind_() +** routine is passed a [prepared statement] that has been finalized, the +** result is undefined and probably harmful. +** +** ^Bindings are not cleared by the [sqlite3_reset()] routine. +** ^Unbound parameters are interpreted as NULL. +** +** ^The sqlite3_bind_* routines return [SQLITE_OK] on success or an +** [error code] if anything goes wrong. +** ^[SQLITE_RANGE] is returned if the parameter +** index is out of range. ^[SQLITE_NOMEM] is returned if malloc() fails. +** +** See also: [sqlite3_bind_parameter_count()], +** [sqlite3_bind_parameter_name()], and [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API int sqlite3_bind_blob(sqlite3_stmt*, int, const void*, int n, void(*)(void*)); +SQLITE_API int sqlite3_bind_double(sqlite3_stmt*, int, double); +SQLITE_API int sqlite3_bind_int(sqlite3_stmt*, int, int); +SQLITE_API int sqlite3_bind_int64(sqlite3_stmt*, int, sqlite3_int64); +SQLITE_API int sqlite3_bind_null(sqlite3_stmt*, int); +SQLITE_API int sqlite3_bind_text(sqlite3_stmt*, int, const char*, int n, void(*)(void*)); +SQLITE_API int sqlite3_bind_text16(sqlite3_stmt*, int, const void*, int, void(*)(void*)); +SQLITE_API int sqlite3_bind_value(sqlite3_stmt*, int, const sqlite3_value*); +SQLITE_API int sqlite3_bind_zeroblob(sqlite3_stmt*, int, int n); + +/* +** CAPI3REF: Number Of SQL Parameters +** +** ^This routine can be used to find the number of [SQL parameters] +** in a [prepared statement]. SQL parameters are tokens of the +** form "?", "?NNN", ":AAA", "$AAA", or "@AAA" that serve as +** placeholders for values that are [sqlite3_bind_blob | bound] +** to the parameters at a later time. +** +** ^(This routine actually returns the index of the largest (rightmost) +** parameter. For all forms except ?NNN, this will correspond to the +** number of unique parameters. If parameters of the ?NNN form are used, +** there may be gaps in the list.)^ +** +** See also: [sqlite3_bind_blob|sqlite3_bind()], +** [sqlite3_bind_parameter_name()], and +** [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API int sqlite3_bind_parameter_count(sqlite3_stmt*); + +/* +** CAPI3REF: Name Of A Host Parameter +** +** ^The sqlite3_bind_parameter_name(P,N) interface returns +** the name of the N-th [SQL parameter] in the [prepared statement] P. +** ^(SQL parameters of the form "?NNN" or ":AAA" or "@AAA" or "$AAA" +** have a name which is the string "?NNN" or ":AAA" or "@AAA" or "$AAA" +** respectively. +** In other words, the initial ":" or "$" or "@" or "?" +** is included as part of the name.)^ +** ^Parameters of the form "?" without a following integer have no name +** and are referred to as "nameless" or "anonymous parameters". +** +** ^The first host parameter has an index of 1, not 0. +** +** ^If the value N is out of range or if the N-th parameter is +** nameless, then NULL is returned. ^The returned string is +** always in UTF-8 encoding even if the named parameter was +** originally specified as UTF-16 in [sqlite3_prepare16()] or +** [sqlite3_prepare16_v2()]. +** +** See also: [sqlite3_bind_blob|sqlite3_bind()], +** [sqlite3_bind_parameter_count()], and +** [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API const char *sqlite3_bind_parameter_name(sqlite3_stmt*, int); + +/* +** CAPI3REF: Index Of A Parameter With A Given Name +** +** ^Return the index of an SQL parameter given its name. ^The +** index value returned is suitable for use as the second +** parameter to [sqlite3_bind_blob|sqlite3_bind()]. ^A zero +** is returned if no matching parameter is found. ^The parameter +** name must be given in UTF-8 even if the original statement +** was prepared from UTF-16 text using [sqlite3_prepare16_v2()]. +** +** See also: [sqlite3_bind_blob|sqlite3_bind()], +** [sqlite3_bind_parameter_count()], and +** [sqlite3_bind_parameter_index()]. +*/ +SQLITE_API int sqlite3_bind_parameter_index(sqlite3_stmt*, const char *zName); + +/* +** CAPI3REF: Reset All Bindings On A Prepared Statement +** +** ^Contrary to the intuition of many, [sqlite3_reset()] does not reset +** the [sqlite3_bind_blob | bindings] on a [prepared statement]. +** ^Use this routine to reset all host parameters to NULL. +*/ +SQLITE_API int sqlite3_clear_bindings(sqlite3_stmt*); + +/* +** CAPI3REF: Number Of Columns In A Result Set +** +** ^Return the number of columns in the result set returned by the +** [prepared statement]. ^This routine returns 0 if pStmt is an SQL +** statement that does not return data (for example an [UPDATE]). +** +** See also: [sqlite3_data_count()] +*/ +SQLITE_API int sqlite3_column_count(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Column Names In A Result Set +** +** ^These routines return the name assigned to a particular column +** in the result set of a [SELECT] statement. ^The sqlite3_column_name() +** interface returns a pointer to a zero-terminated UTF-8 string +** and sqlite3_column_name16() returns a pointer to a zero-terminated +** UTF-16 string. ^The first parameter is the [prepared statement] +** that implements the [SELECT] statement. ^The second parameter is the +** column number. ^The leftmost column is number 0. +** +** ^The returned string pointer is valid until either the [prepared statement] +** is destroyed by [sqlite3_finalize()] or until the statement is automatically +** reprepared by the first call to [sqlite3_step()] for a particular run +** or until the next call to +** sqlite3_column_name() or sqlite3_column_name16() on the same column. +** +** ^If sqlite3_malloc() fails during the processing of either routine +** (for example during a conversion from UTF-8 to UTF-16) then a +** NULL pointer is returned. +** +** ^The name of a result column is the value of the "AS" clause for +** that column, if there is an AS clause. If there is no AS clause +** then the name of the column is unspecified and may change from +** one release of SQLite to the next. +*/ +SQLITE_API const char *sqlite3_column_name(sqlite3_stmt*, int N); +SQLITE_API const void *sqlite3_column_name16(sqlite3_stmt*, int N); + +/* +** CAPI3REF: Source Of Data In A Query Result +** +** ^These routines provide a means to determine the database, table, and +** table column that is the origin of a particular result column in +** [SELECT] statement. +** ^The name of the database or table or column can be returned as +** either a UTF-8 or UTF-16 string. ^The _database_ routines return +** the database name, the _table_ routines return the table name, and +** the origin_ routines return the column name. +** ^The returned string is valid until the [prepared statement] is destroyed +** using [sqlite3_finalize()] or until the statement is automatically +** reprepared by the first call to [sqlite3_step()] for a particular run +** or until the same information is requested +** again in a different encoding. +** +** ^The names returned are the original un-aliased names of the +** database, table, and column. +** +** ^The first argument to these interfaces is a [prepared statement]. +** ^These functions return information about the Nth result column returned by +** the statement, where N is the second function argument. +** ^The left-most column is column 0 for these routines. +** +** ^If the Nth column returned by the statement is an expression or +** subquery and is not a column value, then all of these functions return +** NULL. ^These routine might also return NULL if a memory allocation error +** occurs. ^Otherwise, they return the name of the attached database, table, +** or column that query result column was extracted from. +** +** ^As with all other SQLite APIs, those whose names end with "16" return +** UTF-16 encoded strings and the other functions return UTF-8. +** +** ^These APIs are only available if the library was compiled with the +** [SQLITE_ENABLE_COLUMN_METADATA] C-preprocessor symbol. +** +** If two or more threads call one or more of these routines against the same +** prepared statement and column at the same time then the results are +** undefined. +** +** If two or more threads call one or more +** [sqlite3_column_database_name | column metadata interfaces] +** for the same [prepared statement] and result column +** at the same time then the results are undefined. +*/ +SQLITE_API const char *sqlite3_column_database_name(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_database_name16(sqlite3_stmt*,int); +SQLITE_API const char *sqlite3_column_table_name(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_table_name16(sqlite3_stmt*,int); +SQLITE_API const char *sqlite3_column_origin_name(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_origin_name16(sqlite3_stmt*,int); + +/* +** CAPI3REF: Declared Datatype Of A Query Result +** +** ^(The first parameter is a [prepared statement]. +** If this statement is a [SELECT] statement and the Nth column of the +** returned result set of that [SELECT] is a table column (not an +** expression or subquery) then the declared type of the table +** column is returned.)^ ^If the Nth column of the result set is an +** expression or subquery, then a NULL pointer is returned. +** ^The returned string is always UTF-8 encoded. +** +** ^(For example, given the database schema: +** +** CREATE TABLE t1(c1 VARIANT); +** +** and the following statement to be compiled: +** +** SELECT c1 + 1, c1 FROM t1; +** +** this routine would return the string "VARIANT" for the second result +** column (i==1), and a NULL pointer for the first result column (i==0).)^ +** +** ^SQLite uses dynamic run-time typing. ^So just because a column +** is declared to contain a particular type does not mean that the +** data stored in that column is of the declared type. SQLite is +** strongly typed, but the typing is dynamic not static. ^Type +** is associated with individual values, not with the containers +** used to hold those values. +*/ +SQLITE_API const char *sqlite3_column_decltype(sqlite3_stmt*,int); +SQLITE_API const void *sqlite3_column_decltype16(sqlite3_stmt*,int); + +/* +** CAPI3REF: Evaluate An SQL Statement +** +** After a [prepared statement] has been prepared using either +** [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] or one of the legacy +** interfaces [sqlite3_prepare()] or [sqlite3_prepare16()], this function +** must be called one or more times to evaluate the statement. +** +** The details of the behavior of the sqlite3_step() interface depend +** on whether the statement was prepared using the newer "v2" interface +** [sqlite3_prepare_v2()] and [sqlite3_prepare16_v2()] or the older legacy +** interface [sqlite3_prepare()] and [sqlite3_prepare16()]. The use of the +** new "v2" interface is recommended for new applications but the legacy +** interface will continue to be supported. +** +** ^In the legacy interface, the return value will be either [SQLITE_BUSY], +** [SQLITE_DONE], [SQLITE_ROW], [SQLITE_ERROR], or [SQLITE_MISUSE]. +** ^With the "v2" interface, any of the other [result codes] or +** [extended result codes] might be returned as well. +** +** ^[SQLITE_BUSY] means that the database engine was unable to acquire the +** database locks it needs to do its job. ^If the statement is a [COMMIT] +** or occurs outside of an explicit transaction, then you can retry the +** statement. If the statement is not a [COMMIT] and occurs within an +** explicit transaction then you should rollback the transaction before +** continuing. +** +** ^[SQLITE_DONE] means that the statement has finished executing +** successfully. sqlite3_step() should not be called again on this virtual +** machine without first calling [sqlite3_reset()] to reset the virtual +** machine back to its initial state. +** +** ^If the SQL statement being executed returns any data, then [SQLITE_ROW] +** is returned each time a new row of data is ready for processing by the +** caller. The values may be accessed using the [column access functions]. +** sqlite3_step() is called again to retrieve the next row of data. +** +** ^[SQLITE_ERROR] means that a run-time error (such as a constraint +** violation) has occurred. sqlite3_step() should not be called again on +** the VM. More information may be found by calling [sqlite3_errmsg()]. +** ^With the legacy interface, a more specific error code (for example, +** [SQLITE_INTERRUPT], [SQLITE_SCHEMA], [SQLITE_CORRUPT], and so forth) +** can be obtained by calling [sqlite3_reset()] on the +** [prepared statement]. ^In the "v2" interface, +** the more specific error code is returned directly by sqlite3_step(). +** +** [SQLITE_MISUSE] means that the this routine was called inappropriately. +** Perhaps it was called on a [prepared statement] that has +** already been [sqlite3_finalize | finalized] or on one that had +** previously returned [SQLITE_ERROR] or [SQLITE_DONE]. Or it could +** be the case that the same database connection is being used by two or +** more threads at the same moment in time. +** +** For all versions of SQLite up to and including 3.6.23.1, a call to +** [sqlite3_reset()] was required after sqlite3_step() returned anything +** other than [SQLITE_ROW] before any subsequent invocation of +** sqlite3_step(). Failure to reset the prepared statement using +** [sqlite3_reset()] would result in an [SQLITE_MISUSE] return from +** sqlite3_step(). But after version 3.6.23.1, sqlite3_step() began +** calling [sqlite3_reset()] automatically in this circumstance rather +** than returning [SQLITE_MISUSE]. This is not considered a compatibility +** break because any application that ever receives an SQLITE_MISUSE error +** is broken by definition. The [SQLITE_OMIT_AUTORESET] compile-time option +** can be used to restore the legacy behavior. +** +** Goofy Interface Alert: In the legacy interface, the sqlite3_step() +** API always returns a generic error code, [SQLITE_ERROR], following any +** error other than [SQLITE_BUSY] and [SQLITE_MISUSE]. You must call +** [sqlite3_reset()] or [sqlite3_finalize()] in order to find one of the +** specific [error codes] that better describes the error. +** We admit that this is a goofy design. The problem has been fixed +** with the "v2" interface. If you prepare all of your SQL statements +** using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] instead +** of the legacy [sqlite3_prepare()] and [sqlite3_prepare16()] interfaces, +** then the more specific [error codes] are returned directly +** by sqlite3_step(). The use of the "v2" interface is recommended. +*/ +SQLITE_API int sqlite3_step(sqlite3_stmt*); + +/* +** CAPI3REF: Number of columns in a result set +** +** ^The sqlite3_data_count(P) interface returns the number of columns in the +** current row of the result set of [prepared statement] P. +** ^If prepared statement P does not have results ready to return +** (via calls to the [sqlite3_column_int | sqlite3_column_*()] of +** interfaces) then sqlite3_data_count(P) returns 0. +** ^The sqlite3_data_count(P) routine also returns 0 if P is a NULL pointer. +** +** See also: [sqlite3_column_count()] +*/ +SQLITE_API int sqlite3_data_count(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Fundamental Datatypes +** KEYWORDS: SQLITE_TEXT +** +** ^(Every value in SQLite has one of five fundamental datatypes: +** +**
    +**
  • 64-bit signed integer +**
  • 64-bit IEEE floating point number +**
  • string +**
  • BLOB +**
  • NULL +**
)^ +** +** These constants are codes for each of those types. +** +** Note that the SQLITE_TEXT constant was also used in SQLite version 2 +** for a completely different meaning. Software that links against both +** SQLite version 2 and SQLite version 3 should use SQLITE3_TEXT, not +** SQLITE_TEXT. +*/ +#define SQLITE_INTEGER 1 +#define SQLITE_FLOAT 2 +#define SQLITE_BLOB 4 +#define SQLITE_NULL 5 +#ifdef SQLITE_TEXT +# undef SQLITE_TEXT +#else +# define SQLITE_TEXT 3 +#endif +#define SQLITE3_TEXT 3 + +/* +** CAPI3REF: Result Values From A Query +** KEYWORDS: {column access functions} +** +** These routines form the "result set" interface. +** +** ^These routines return information about a single column of the current +** result row of a query. ^In every case the first argument is a pointer +** to the [prepared statement] that is being evaluated (the [sqlite3_stmt*] +** that was returned from [sqlite3_prepare_v2()] or one of its variants) +** and the second argument is the index of the column for which information +** should be returned. ^The leftmost column of the result set has the index 0. +** ^The number of columns in the result can be determined using +** [sqlite3_column_count()]. +** +** If the SQL statement does not currently point to a valid row, or if the +** column index is out of range, the result is undefined. +** These routines may only be called when the most recent call to +** [sqlite3_step()] has returned [SQLITE_ROW] and neither +** [sqlite3_reset()] nor [sqlite3_finalize()] have been called subsequently. +** If any of these routines are called after [sqlite3_reset()] or +** [sqlite3_finalize()] or after [sqlite3_step()] has returned +** something other than [SQLITE_ROW], the results are undefined. +** If [sqlite3_step()] or [sqlite3_reset()] or [sqlite3_finalize()] +** are called from a different thread while any of these routines +** are pending, then the results are undefined. +** +** ^The sqlite3_column_type() routine returns the +** [SQLITE_INTEGER | datatype code] for the initial data type +** of the result column. ^The returned value is one of [SQLITE_INTEGER], +** [SQLITE_FLOAT], [SQLITE_TEXT], [SQLITE_BLOB], or [SQLITE_NULL]. The value +** returned by sqlite3_column_type() is only meaningful if no type +** conversions have occurred as described below. After a type conversion, +** the value returned by sqlite3_column_type() is undefined. Future +** versions of SQLite may change the behavior of sqlite3_column_type() +** following a type conversion. +** +** ^If the result is a BLOB or UTF-8 string then the sqlite3_column_bytes() +** routine returns the number of bytes in that BLOB or string. +** ^If the result is a UTF-16 string, then sqlite3_column_bytes() converts +** the string to UTF-8 and then returns the number of bytes. +** ^If the result is a numeric value then sqlite3_column_bytes() uses +** [sqlite3_snprintf()] to convert that value to a UTF-8 string and returns +** the number of bytes in that string. +** ^If the result is NULL, then sqlite3_column_bytes() returns zero. +** +** ^If the result is a BLOB or UTF-16 string then the sqlite3_column_bytes16() +** routine returns the number of bytes in that BLOB or string. +** ^If the result is a UTF-8 string, then sqlite3_column_bytes16() converts +** the string to UTF-16 and then returns the number of bytes. +** ^If the result is a numeric value then sqlite3_column_bytes16() uses +** [sqlite3_snprintf()] to convert that value to a UTF-16 string and returns +** the number of bytes in that string. +** ^If the result is NULL, then sqlite3_column_bytes16() returns zero. +** +** ^The values returned by [sqlite3_column_bytes()] and +** [sqlite3_column_bytes16()] do not include the zero terminators at the end +** of the string. ^For clarity: the values returned by +** [sqlite3_column_bytes()] and [sqlite3_column_bytes16()] are the number of +** bytes in the string, not the number of characters. +** +** ^Strings returned by sqlite3_column_text() and sqlite3_column_text16(), +** even empty strings, are always zero terminated. ^The return +** value from sqlite3_column_blob() for a zero-length BLOB is a NULL pointer. +** +** ^The object returned by [sqlite3_column_value()] is an +** [unprotected sqlite3_value] object. An unprotected sqlite3_value object +** may only be used with [sqlite3_bind_value()] and [sqlite3_result_value()]. +** If the [unprotected sqlite3_value] object returned by +** [sqlite3_column_value()] is used in any other way, including calls +** to routines like [sqlite3_value_int()], [sqlite3_value_text()], +** or [sqlite3_value_bytes()], then the behavior is undefined. +** +** These routines attempt to convert the value where appropriate. ^For +** example, if the internal representation is FLOAT and a text result +** is requested, [sqlite3_snprintf()] is used internally to perform the +** conversion automatically. ^(The following table details the conversions +** that are applied: +** +**
+** +**
Internal
Type 		Requested
Type 		Conversion +** +**
NULL INTEGER Result is 0 +**
NULL FLOAT Result is 0.0 +**
NULL TEXT Result is NULL pointer +**
NULL BLOB Result is NULL pointer +**
INTEGER FLOAT Convert from integer to float +**
INTEGER TEXT ASCII rendering of the integer +**
INTEGER BLOB Same as INTEGER->TEXT +**
FLOAT INTEGER Convert from float to integer +**
FLOAT TEXT ASCII rendering of the float +**
FLOAT BLOB Same as FLOAT->TEXT +**
TEXT INTEGER Use atoi() +**
TEXT FLOAT Use atof() +**
TEXT BLOB No change +**
BLOB INTEGER Convert to TEXT then use atoi() +**
BLOB FLOAT Convert to TEXT then use atof() +**
BLOB TEXT Add a zero terminator if needed +**
+**
)^ +** +** The table above makes reference to standard C library functions atoi() +** and atof(). SQLite does not really use these functions. It has its +** own equivalent internal routines. The atoi() and atof() names are +** used in the table for brevity and because they are familiar to most +** C programmers. +** +** Note that when type conversions occur, pointers returned by prior +** calls to sqlite3_column_blob(), sqlite3_column_text(), and/or +** sqlite3_column_text16() may be invalidated. +** Type conversions and pointer invalidations might occur +** in the following cases: +** +**
    +**
  • The initial content is a BLOB and sqlite3_column_text() or +** sqlite3_column_text16() is called. A zero-terminator might +** need to be added to the string.
    • +**
  • The initial content is UTF-8 text and sqlite3_column_bytes16() or +** sqlite3_column_text16() is called. The content must be converted +** to UTF-16.
    • +**
  • The initial content is UTF-16 text and sqlite3_column_bytes() or +** sqlite3_column_text() is called. The content must be converted +** to UTF-8.
    • +**
+** +** ^Conversions between UTF-16be and UTF-16le are always done in place and do +** not invalidate a prior pointer, though of course the content of the buffer +** that the prior pointer references will have been modified. Other kinds +** of conversion are done in place when it is possible, but sometimes they +** are not possible and in those cases prior pointers are invalidated. +** +** The safest and easiest to remember policy is to invoke these routines +** in one of the following ways: +** +**
    +**
  • sqlite3_column_text() followed by sqlite3_column_bytes()
    • +**
  • sqlite3_column_blob() followed by sqlite3_column_bytes()
    • +**
  • sqlite3_column_text16() followed by sqlite3_column_bytes16()
    • +**
+** +** In other words, you should call sqlite3_column_text(), +** sqlite3_column_blob(), or sqlite3_column_text16() first to force the result +** into the desired format, then invoke sqlite3_column_bytes() or +** sqlite3_column_bytes16() to find the size of the result. Do not mix calls +** to sqlite3_column_text() or sqlite3_column_blob() with calls to +** sqlite3_column_bytes16(), and do not mix calls to sqlite3_column_text16() +** with calls to sqlite3_column_bytes(). +** +** ^The pointers returned are valid until a type conversion occurs as +** described above, or until [sqlite3_step()] or [sqlite3_reset()] or +** [sqlite3_finalize()] is called. ^The memory space used to hold strings +** and BLOBs is freed automatically. Do not pass the pointers returned +** [sqlite3_column_blob()], [sqlite3_column_text()], etc. into +** [sqlite3_free()]. +** +** ^(If a memory allocation error occurs during the evaluation of any +** of these routines, a default value is returned. The default value +** is either the integer 0, the floating point number 0.0, or a NULL +** pointer. Subsequent calls to [sqlite3_errcode()] will return +** [SQLITE_NOMEM].)^ +*/ +SQLITE_API const void *sqlite3_column_blob(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_bytes(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_bytes16(sqlite3_stmt*, int iCol); +SQLITE_API double sqlite3_column_double(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_int(sqlite3_stmt*, int iCol); +SQLITE_API sqlite3_int64 sqlite3_column_int64(sqlite3_stmt*, int iCol); +SQLITE_API const unsigned char *sqlite3_column_text(sqlite3_stmt*, int iCol); +SQLITE_API const void *sqlite3_column_text16(sqlite3_stmt*, int iCol); +SQLITE_API int sqlite3_column_type(sqlite3_stmt*, int iCol); +SQLITE_API sqlite3_value *sqlite3_column_value(sqlite3_stmt*, int iCol); + +/* +** CAPI3REF: Destroy A Prepared Statement Object +** +** ^The sqlite3_finalize() function is called to delete a [prepared statement]. +** ^If the most recent evaluation of the statement encountered no errors +** or if the statement is never been evaluated, then sqlite3_finalize() returns +** SQLITE_OK. ^If the most recent evaluation of statement S failed, then +** sqlite3_finalize(S) returns the appropriate [error code] or +** [extended error code]. +** +** ^The sqlite3_finalize(S) routine can be called at any point during +** the life cycle of [prepared statement] S: +** before statement S is ever evaluated, after +** one or more calls to [sqlite3_reset()], or after any call +** to [sqlite3_step()] regardless of whether or not the statement has +** completed execution. +** +** ^Invoking sqlite3_finalize() on a NULL pointer is a harmless no-op. +** +** The application must finalize every [prepared statement] in order to avoid +** resource leaks. It is a grievous error for the application to try to use +** a prepared statement after it has been finalized. Any use of a prepared +** statement after it has been finalized can result in undefined and +** undesirable behavior such as segfaults and heap corruption. +*/ +SQLITE_API int sqlite3_finalize(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Reset A Prepared Statement Object +** +** The sqlite3_reset() function is called to reset a [prepared statement] +** object back to its initial state, ready to be re-executed. +** ^Any SQL statement variables that had values bound to them using +** the [sqlite3_bind_blob | sqlite3_bind_*() API] retain their values. +** Use [sqlite3_clear_bindings()] to reset the bindings. +** +** ^The [sqlite3_reset(S)] interface resets the [prepared statement] S +** back to the beginning of its program. +** +** ^If the most recent call to [sqlite3_step(S)] for the +** [prepared statement] S returned [SQLITE_ROW] or [SQLITE_DONE], +** or if [sqlite3_step(S)] has never before been called on S, +** then [sqlite3_reset(S)] returns [SQLITE_OK]. +** +** ^If the most recent call to [sqlite3_step(S)] for the +** [prepared statement] S indicated an error, then +** [sqlite3_reset(S)] returns an appropriate [error code]. +** +** ^The [sqlite3_reset(S)] interface does not change the values +** of any [sqlite3_bind_blob|bindings] on the [prepared statement] S. +*/ +SQLITE_API int sqlite3_reset(sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Create Or Redefine SQL Functions +** KEYWORDS: {function creation routines} +** KEYWORDS: {application-defined SQL function} +** KEYWORDS: {application-defined SQL functions} +** +** ^These functions (collectively known as "function creation routines") +** are used to add SQL functions or aggregates or to redefine the behavior +** of existing SQL functions or aggregates. The only differences between +** these routines are the text encoding expected for +** the second parameter (the name of the function being created) +** and the presence or absence of a destructor callback for +** the application data pointer. +** +** ^The first parameter is the [database connection] to which the SQL +** function is to be added. ^If an application uses more than one database +** connection then application-defined SQL functions must be added +** to each database connection separately. +** +** ^The second parameter is the name of the SQL function to be created or +** redefined. ^The length of the name is limited to 255 bytes in a UTF-8 +** representation, exclusive of the zero-terminator. ^Note that the name +** length limit is in UTF-8 bytes, not characters nor UTF-16 bytes. +** ^Any attempt to create a function with a longer name +** will result in [SQLITE_MISUSE] being returned. +** +** ^The third parameter (nArg) +** is the number of arguments that the SQL function or +** aggregate takes. ^If this parameter is -1, then the SQL function or +** aggregate may take any number of arguments between 0 and the limit +** set by [sqlite3_limit]([SQLITE_LIMIT_FUNCTION_ARG]). If the third +** parameter is less than -1 or greater than 127 then the behavior is +** undefined. +** +** ^The fourth parameter, eTextRep, specifies what +** [SQLITE_UTF8 | text encoding] this SQL function prefers for +** its parameters. Every SQL function implementation must be able to work +** with UTF-8, UTF-16le, or UTF-16be. But some implementations may be +** more efficient with one encoding than another. ^An application may +** invoke sqlite3_create_function() or sqlite3_create_function16() multiple +** times with the same function but with different values of eTextRep. +** ^When multiple implementations of the same function are available, SQLite +** will pick the one that involves the least amount of data conversion. +** If there is only a single implementation which does not care what text +** encoding is used, then the fourth argument should be [SQLITE_ANY]. +** +** ^(The fifth parameter is an arbitrary pointer. The implementation of the +** function can gain access to this pointer using [sqlite3_user_data()].)^ +** +** ^The sixth, seventh and eighth parameters, xFunc, xStep and xFinal, are +** pointers to C-language functions that implement the SQL function or +** aggregate. ^A scalar SQL function requires an implementation of the xFunc +** callback only; NULL pointers must be passed as the xStep and xFinal +** parameters. ^An aggregate SQL function requires an implementation of xStep +** and xFinal and NULL pointer must be passed for xFunc. ^To delete an existing +** SQL function or aggregate, pass NULL pointers for all three function +** callbacks. +** +** ^(If the ninth parameter to sqlite3_create_function_v2() is not NULL, +** then it is destructor for the application data pointer. +** The destructor is invoked when the function is deleted, either by being +** overloaded or when the database connection closes.)^ +** ^The destructor is also invoked if the call to +** sqlite3_create_function_v2() fails. +** ^When the destructor callback of the tenth parameter is invoked, it +** is passed a single argument which is a copy of the application data +** pointer which was the fifth parameter to sqlite3_create_function_v2(). +** +** ^It is permitted to register multiple implementations of the same +** functions with the same name but with either differing numbers of +** arguments or differing preferred text encodings. ^SQLite will use +** the implementation that most closely matches the way in which the +** SQL function is used. ^A function implementation with a non-negative +** nArg parameter is a better match than a function implementation with +** a negative nArg. ^A function where the preferred text encoding +** matches the database encoding is a better +** match than a function where the encoding is different. +** ^A function where the encoding difference is between UTF16le and UTF16be +** is a closer match than a function where the encoding difference is +** between UTF8 and UTF16. +** +** ^Built-in functions may be overloaded by new application-defined functions. +** +** ^An application-defined function is permitted to call other +** SQLite interfaces. However, such calls must not +** close the database connection nor finalize or reset the prepared +** statement in which the function is running. +*/ +SQLITE_API int sqlite3_create_function( + sqlite3 *db, + const char *zFunctionName, + int nArg, + int eTextRep, + void *pApp, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*) +); +SQLITE_API int sqlite3_create_function16( + sqlite3 *db, + const void *zFunctionName, + int nArg, + int eTextRep, + void *pApp, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*) +); +SQLITE_API int sqlite3_create_function_v2( + sqlite3 *db, + const char *zFunctionName, + int nArg, + int eTextRep, + void *pApp, + void (*xFunc)(sqlite3_context*,int,sqlite3_value**), + void (*xStep)(sqlite3_context*,int,sqlite3_value**), + void (*xFinal)(sqlite3_context*), + void(*xDestroy)(void*) +); + +/* +** CAPI3REF: Text Encodings +** +** These constant define integer codes that represent the various +** text encodings supported by SQLite. +*/ +#define SQLITE_UTF8 1 +#define SQLITE_UTF16LE 2 +#define SQLITE_UTF16BE 3 +#define SQLITE_UTF16 4 /* Use native byte order */ +#define SQLITE_ANY 5 /* sqlite3_create_function only */ +#define SQLITE_UTF16_ALIGNED 8 /* sqlite3_create_collation only */ + +/* +** CAPI3REF: Deprecated Functions +** DEPRECATED +** +** These functions are [deprecated]. In order to maintain +** backwards compatibility with older code, these functions continue +** to be supported. However, new applications should avoid +** the use of these functions. To help encourage people to avoid +** using these functions, we are not going to tell you what they do. +*/ +#ifndef SQLITE_OMIT_DEPRECATED +SQLITE_API SQLITE_DEPRECATED int sqlite3_aggregate_count(sqlite3_context*); +SQLITE_API SQLITE_DEPRECATED int sqlite3_expired(sqlite3_stmt*); +SQLITE_API SQLITE_DEPRECATED int sqlite3_transfer_bindings(sqlite3_stmt*, sqlite3_stmt*); +SQLITE_API SQLITE_DEPRECATED int sqlite3_global_recover(void); +SQLITE_API SQLITE_DEPRECATED void sqlite3_thread_cleanup(void); +SQLITE_API SQLITE_DEPRECATED int sqlite3_memory_alarm(void(*)(void*,sqlite3_int64,int),void*,sqlite3_int64); +#endif + +/* +** CAPI3REF: Obtaining SQL Function Parameter Values +** +** The C-language implementation of SQL functions and aggregates uses +** this set of interface routines to access the parameter values on +** the function or aggregate. +** +** The xFunc (for scalar functions) or xStep (for aggregates) parameters +** to [sqlite3_create_function()] and [sqlite3_create_function16()] +** define callbacks that implement the SQL functions and aggregates. +** The 3rd parameter to these callbacks is an array of pointers to +** [protected sqlite3_value] objects. There is one [sqlite3_value] object for +** each parameter to the SQL function. These routines are used to +** extract values from the [sqlite3_value] objects. +** +** These routines work only with [protected sqlite3_value] objects. +** Any attempt to use these routines on an [unprotected sqlite3_value] +** object results in undefined behavior. +** +** ^These routines work just like the corresponding [column access functions] +** except that these routines take a single [protected sqlite3_value] object +** pointer instead of a [sqlite3_stmt*] pointer and an integer column number. +** +** ^The sqlite3_value_text16() interface extracts a UTF-16 string +** in the native byte-order of the host machine. ^The +** sqlite3_value_text16be() and sqlite3_value_text16le() interfaces +** extract UTF-16 strings as big-endian and little-endian respectively. +** +** ^(The sqlite3_value_numeric_type() interface attempts to apply +** numeric affinity to the value. This means that an attempt is +** made to convert the value to an integer or floating point. If +** such a conversion is possible without loss of information (in other +** words, if the value is a string that looks like a number) +** then the conversion is performed. Otherwise no conversion occurs. +** The [SQLITE_INTEGER | datatype] after conversion is returned.)^ +** +** Please pay particular attention to the fact that the pointer returned +** from [sqlite3_value_blob()], [sqlite3_value_text()], or +** [sqlite3_value_text16()] can be invalidated by a subsequent call to +** [sqlite3_value_bytes()], [sqlite3_value_bytes16()], [sqlite3_value_text()], +** or [sqlite3_value_text16()]. +** +** These routines must be called from the same thread as +** the SQL function that supplied the [sqlite3_value*] parameters. +*/ +SQLITE_API const void *sqlite3_value_blob(sqlite3_value*); +SQLITE_API int sqlite3_value_bytes(sqlite3_value*); +SQLITE_API int sqlite3_value_bytes16(sqlite3_value*); +SQLITE_API double sqlite3_value_double(sqlite3_value*); +SQLITE_API int sqlite3_value_int(sqlite3_value*); +SQLITE_API sqlite3_int64 sqlite3_value_int64(sqlite3_value*); +SQLITE_API const unsigned char *sqlite3_value_text(sqlite3_value*); +SQLITE_API const void *sqlite3_value_text16(sqlite3_value*); +SQLITE_API const void *sqlite3_value_text16le(sqlite3_value*); +SQLITE_API const void *sqlite3_value_text16be(sqlite3_value*); +SQLITE_API int sqlite3_value_type(sqlite3_value*); +SQLITE_API int sqlite3_value_numeric_type(sqlite3_value*); + +/* +** CAPI3REF: Obtain Aggregate Function Context +** +** Implementations of aggregate SQL functions use this +** routine to allocate memory for storing their state. +** +** ^The first time the sqlite3_aggregate_context(C,N) routine is called +** for a particular aggregate function, SQLite +** allocates N of memory, zeroes out that memory, and returns a pointer +** to the new memory. ^On second and subsequent calls to +** sqlite3_aggregate_context() for the same aggregate function instance, +** the same buffer is returned. Sqlite3_aggregate_context() is normally +** called once for each invocation of the xStep callback and then one +** last time when the xFinal callback is invoked. ^(When no rows match +** an aggregate query, the xStep() callback of the aggregate function +** implementation is never called and xFinal() is called exactly once. +** In those cases, sqlite3_aggregate_context() might be called for the +** first time from within xFinal().)^ +** +** ^The sqlite3_aggregate_context(C,N) routine returns a NULL pointer if N is +** less than or equal to zero or if a memory allocate error occurs. +** +** ^(The amount of space allocated by sqlite3_aggregate_context(C,N) is +** determined by the N parameter on first successful call. Changing the +** value of N in subsequent call to sqlite3_aggregate_context() within +** the same aggregate function instance will not resize the memory +** allocation.)^ +** +** ^SQLite automatically frees the memory allocated by +** sqlite3_aggregate_context() when the aggregate query concludes. +** +** The first parameter must be a copy of the +** [sqlite3_context | SQL function context] that is the first parameter +** to the xStep or xFinal callback routine that implements the aggregate +** function. +** +** This routine must be called from the same thread in which +** the aggregate SQL function is running. +*/ +SQLITE_API void *sqlite3_aggregate_context(sqlite3_context*, int nBytes); + +/* +** CAPI3REF: User Data For Functions +** +** ^The sqlite3_user_data() interface returns a copy of +** the pointer that was the pUserData parameter (the 5th parameter) +** of the [sqlite3_create_function()] +** and [sqlite3_create_function16()] routines that originally +** registered the application defined function. +** +** This routine must be called from the same thread in which +** the application-defined function is running. +*/ +SQLITE_API void *sqlite3_user_data(sqlite3_context*); + +/* +** CAPI3REF: Database Connection For Functions +** +** ^The sqlite3_context_db_handle() interface returns a copy of +** the pointer to the [database connection] (the 1st parameter) +** of the [sqlite3_create_function()] +** and [sqlite3_create_function16()] routines that originally +** registered the application defined function. +*/ +SQLITE_API sqlite3 *sqlite3_context_db_handle(sqlite3_context*); + +/* +** CAPI3REF: Function Auxiliary Data +** +** The following two functions may be used by scalar SQL functions to +** associate metadata with argument values. If the same value is passed to +** multiple invocations of the same SQL function during query execution, under +** some circumstances the associated metadata may be preserved. This may +** be used, for example, to add a regular-expression matching scalar +** function. The compiled version of the regular expression is stored as +** metadata associated with the SQL value passed as the regular expression +** pattern. The compiled regular expression can be reused on multiple +** invocations of the same function so that the original pattern string +** does not need to be recompiled on each invocation. +** +** ^The sqlite3_get_auxdata() interface returns a pointer to the metadata +** associated by the sqlite3_set_auxdata() function with the Nth argument +** value to the application-defined function. ^If no metadata has been ever +** been set for the Nth argument of the function, or if the corresponding +** function parameter has changed since the meta-data was set, +** then sqlite3_get_auxdata() returns a NULL pointer. +** +** ^The sqlite3_set_auxdata() interface saves the metadata +** pointed to by its 3rd parameter as the metadata for the N-th +** argument of the application-defined function. Subsequent +** calls to sqlite3_get_auxdata() might return this data, if it has +** not been destroyed. +** ^If it is not NULL, SQLite will invoke the destructor +** function given by the 4th parameter to sqlite3_set_auxdata() on +** the metadata when the corresponding function parameter changes +** or when the SQL statement completes, whichever comes first. +** +** SQLite is free to call the destructor and drop metadata on any +** parameter of any function at any time. ^The only guarantee is that +** the destructor will be called before the metadata is dropped. +** +** ^(In practice, metadata is preserved between function calls for +** expressions that are constant at compile time. This includes literal +** values and [parameters].)^ +** +** These routines must be called from the same thread in which +** the SQL function is running. +*/ +SQLITE_API void *sqlite3_get_auxdata(sqlite3_context*, int N); +SQLITE_API void sqlite3_set_auxdata(sqlite3_context*, int N, void*, void (*)(void*)); + + +/* +** CAPI3REF: Constants Defining Special Destructor Behavior +** +** These are special values for the destructor that is passed in as the +** final argument to routines like [sqlite3_result_blob()]. ^If the destructor +** argument is SQLITE_STATIC, it means that the content pointer is constant +** and will never change. It does not need to be destroyed. ^The +** SQLITE_TRANSIENT value means that the content will likely change in +** the near future and that SQLite should make its own private copy of +** the content before returning. +** +** The typedef is necessary to work around problems in certain +** C++ compilers. See ticket #2191. +*/ +typedef void (*sqlite3_destructor_type)(void*); +#define SQLITE_STATIC ((sqlite3_destructor_type)0) +#define SQLITE_TRANSIENT ((sqlite3_destructor_type)-1) + +/* +** CAPI3REF: Setting The Result Of An SQL Function +** +** These routines are used by the xFunc or xFinal callbacks that +** implement SQL functions and aggregates. See +** [sqlite3_create_function()] and [sqlite3_create_function16()] +** for additional information. +** +** These functions work very much like the [parameter binding] family of +** functions used to bind values to host parameters in prepared statements. +** Refer to the [SQL parameter] documentation for additional information. +** +** ^The sqlite3_result_blob() interface sets the result from +** an application-defined function to be the BLOB whose content is pointed +** to by the second parameter and which is N bytes long where N is the +** third parameter. +** +** ^The sqlite3_result_zeroblob() interfaces set the result of +** the application-defined function to be a BLOB containing all zero +** bytes and N bytes in size, where N is the value of the 2nd parameter. +** +** ^The sqlite3_result_double() interface sets the result from +** an application-defined function to be a floating point value specified +** by its 2nd argument. +** +** ^The sqlite3_result_error() and sqlite3_result_error16() functions +** cause the implemented SQL function to throw an exception. +** ^SQLite uses the string pointed to by the +** 2nd parameter of sqlite3_result_error() or sqlite3_result_error16() +** as the text of an error message. ^SQLite interprets the error +** message string from sqlite3_result_error() as UTF-8. ^SQLite +** interprets the string from sqlite3_result_error16() as UTF-16 in native +** byte order. ^If the third parameter to sqlite3_result_error() +** or sqlite3_result_error16() is negative then SQLite takes as the error +** message all text up through the first zero character. +** ^If the third parameter to sqlite3_result_error() or +** sqlite3_result_error16() is non-negative then SQLite takes that many +** bytes (not characters) from the 2nd parameter as the error message. +** ^The sqlite3_result_error() and sqlite3_result_error16() +** routines make a private copy of the error message text before +** they return. Hence, the calling function can deallocate or +** modify the text after they return without harm. +** ^The sqlite3_result_error_code() function changes the error code +** returned by SQLite as a result of an error in a function. ^By default, +** the error code is SQLITE_ERROR. ^A subsequent call to sqlite3_result_error() +** or sqlite3_result_error16() resets the error code to SQLITE_ERROR. +** +** ^The sqlite3_result_toobig() interface causes SQLite to throw an error +** indicating that a string or BLOB is too long to represent. +** +** ^The sqlite3_result_nomem() interface causes SQLite to throw an error +** indicating that a memory allocation failed. +** +** ^The sqlite3_result_int() interface sets the return value +** of the application-defined function to be the 32-bit signed integer +** value given in the 2nd argument. +** ^The sqlite3_result_int64() interface sets the return value +** of the application-defined function to be the 64-bit signed integer +** value given in the 2nd argument. +** +** ^The sqlite3_result_null() interface sets the return value +** of the application-defined function to be NULL. +** +** ^The sqlite3_result_text(), sqlite3_result_text16(), +** sqlite3_result_text16le(), and sqlite3_result_text16be() interfaces +** set the return value of the application-defined function to be +** a text string which is represented as UTF-8, UTF-16 native byte order, +** UTF-16 little endian, or UTF-16 big endian, respectively. +** ^SQLite takes the text result from the application from +** the 2nd parameter of the sqlite3_result_text* interfaces. +** ^If the 3rd parameter to the sqlite3_result_text* interfaces +** is negative, then SQLite takes result text from the 2nd parameter +** through the first zero character. +** ^If the 3rd parameter to the sqlite3_result_text* interfaces +** is non-negative, then as many bytes (not characters) of the text +** pointed to by the 2nd parameter are taken as the application-defined +** function result. +** ^If the 4th parameter to the sqlite3_result_text* interfaces +** or sqlite3_result_blob is a non-NULL pointer, then SQLite calls that +** function as the destructor on the text or BLOB result when it has +** finished using that result. +** ^If the 4th parameter to the sqlite3_result_text* interfaces or to +** sqlite3_result_blob is the special constant SQLITE_STATIC, then SQLite +** assumes that the text or BLOB result is in constant space and does not +** copy the content of the parameter nor call a destructor on the content +** when it has finished using that result. +** ^If the 4th parameter to the sqlite3_result_text* interfaces +** or sqlite3_result_blob is the special constant SQLITE_TRANSIENT +** then SQLite makes a copy of the result into space obtained from +** from [sqlite3_malloc()] before it returns. +** +** ^The sqlite3_result_value() interface sets the result of +** the application-defined function to be a copy the +** [unprotected sqlite3_value] object specified by the 2nd parameter. ^The +** sqlite3_result_value() interface makes a copy of the [sqlite3_value] +** so that the [sqlite3_value] specified in the parameter may change or +** be deallocated after sqlite3_result_value() returns without harm. +** ^A [protected sqlite3_value] object may always be used where an +** [unprotected sqlite3_value] object is required, so either +** kind of [sqlite3_value] object can be used with this interface. +** +** If these routines are called from within the different thread +** than the one containing the application-defined function that received +** the [sqlite3_context] pointer, the results are undefined. +*/ +SQLITE_API void sqlite3_result_blob(sqlite3_context*, const void*, int, void(*)(void*)); +SQLITE_API void sqlite3_result_double(sqlite3_context*, double); +SQLITE_API void sqlite3_result_error(sqlite3_context*, const char*, int); +SQLITE_API void sqlite3_result_error16(sqlite3_context*, const void*, int); +SQLITE_API void sqlite3_result_error_toobig(sqlite3_context*); +SQLITE_API void sqlite3_result_error_nomem(sqlite3_context*); +SQLITE_API void sqlite3_result_error_code(sqlite3_context*, int); +SQLITE_API void sqlite3_result_int(sqlite3_context*, int); +SQLITE_API void sqlite3_result_int64(sqlite3_context*, sqlite3_int64); +SQLITE_API void sqlite3_result_null(sqlite3_context*); +SQLITE_API void sqlite3_result_text(sqlite3_context*, const char*, int, void(*)(void*)); +SQLITE_API void sqlite3_result_text16(sqlite3_context*, const void*, int, void(*)(void*)); +SQLITE_API void sqlite3_result_text16le(sqlite3_context*, const void*, int,void(*)(void*)); +SQLITE_API void sqlite3_result_text16be(sqlite3_context*, const void*, int,void(*)(void*)); +SQLITE_API void sqlite3_result_value(sqlite3_context*, sqlite3_value*); +SQLITE_API void sqlite3_result_zeroblob(sqlite3_context*, int n); + +/* +** CAPI3REF: Define New Collating Sequences +** +** ^These functions add, remove, or modify a [collation] associated +** with the [database connection] specified as the first argument. +** +** ^The name of the collation is a UTF-8 string +** for sqlite3_create_collation() and sqlite3_create_collation_v2() +** and a UTF-16 string in native byte order for sqlite3_create_collation16(). +** ^Collation names that compare equal according to [sqlite3_strnicmp()] are +** considered to be the same name. +** +** ^(The third argument (eTextRep) must be one of the constants: +**
    +**
  • [SQLITE_UTF8], +**
  • [SQLITE_UTF16LE], +**
  • [SQLITE_UTF16BE], +**
  • [SQLITE_UTF16], or +**
  • [SQLITE_UTF16_ALIGNED]. +**
)^ +** ^The eTextRep argument determines the encoding of strings passed +** to the collating function callback, xCallback. +** ^The [SQLITE_UTF16] and [SQLITE_UTF16_ALIGNED] values for eTextRep +** force strings to be UTF16 with native byte order. +** ^The [SQLITE_UTF16_ALIGNED] value for eTextRep forces strings to begin +** on an even byte address. +** +** ^The fourth argument, pArg, is an application data pointer that is passed +** through as the first argument to the collating function callback. +** +** ^The fifth argument, xCallback, is a pointer to the collating function. +** ^Multiple collating functions can be registered using the same name but +** with different eTextRep parameters and SQLite will use whichever +** function requires the least amount of data transformation. +** ^If the xCallback argument is NULL then the collating function is +** deleted. ^When all collating functions having the same name are deleted, +** that collation is no longer usable. +** +** ^The collating function callback is invoked with a copy of the pArg +** application data pointer and with two strings in the encoding specified +** by the eTextRep argument. The collating function must return an +** integer that is negative, zero, or positive +** if the first string is less than, equal to, or greater than the second, +** respectively. A collating function must always return the same answer +** given the same inputs. If two or more collating functions are registered +** to the same collation name (using different eTextRep values) then all +** must give an equivalent answer when invoked with equivalent strings. +** The collating function must obey the following properties for all +** strings A, B, and C: +** +**
    +**
  1. If A==B then B==A. +**
  2. If A==B and B==C then A==C. +**
  3. If A<B THEN B>A. +**
  4. If A<B and B<C then A<C. +**
+** +** If a collating function fails any of the above constraints and that +** collating function is registered and used, then the behavior of SQLite +** is undefined. +** +** ^The sqlite3_create_collation_v2() works like sqlite3_create_collation() +** with the addition that the xDestroy callback is invoked on pArg when +** the collating function is deleted. +** ^Collating functions are deleted when they are overridden by later +** calls to the collation creation functions or when the +** [database connection] is closed using [sqlite3_close()]. +** +** ^The xDestroy callback is not called if the +** sqlite3_create_collation_v2() function fails. Applications that invoke +** sqlite3_create_collation_v2() with a non-NULL xDestroy argument should +** check the return code and dispose of the application data pointer +** themselves rather than expecting SQLite to deal with it for them. +** This is different from every other SQLite interface. The inconsistency +** is unfortunate but cannot be changed without breaking backwards +** compatibility. +** +** See also: [sqlite3_collation_needed()] and [sqlite3_collation_needed16()]. +*/ +SQLITE_API int sqlite3_create_collation( + sqlite3*, + const char *zName, + int eTextRep, + void *pArg, + int(*xCompare)(void*,int,const void*,int,const void*) +); +SQLITE_API int sqlite3_create_collation_v2( + sqlite3*, + const char *zName, + int eTextRep, + void *pArg, + int(*xCompare)(void*,int,const void*,int,const void*), + void(*xDestroy)(void*) +); +SQLITE_API int sqlite3_create_collation16( + sqlite3*, + const void *zName, + int eTextRep, + void *pArg, + int(*xCompare)(void*,int,const void*,int,const void*) +); + +/* +** CAPI3REF: Collation Needed Callbacks +** +** ^To avoid having to register all collation sequences before a database +** can be used, a single callback function may be registered with the +** [database connection] to be invoked whenever an undefined collation +** sequence is required. +** +** ^If the function is registered using the sqlite3_collation_needed() API, +** then it is passed the names of undefined collation sequences as strings +** encoded in UTF-8. ^If sqlite3_collation_needed16() is used, +** the names are passed as UTF-16 in machine native byte order. +** ^A call to either function replaces the existing collation-needed callback. +** +** ^(When the callback is invoked, the first argument passed is a copy +** of the second argument to sqlite3_collation_needed() or +** sqlite3_collation_needed16(). The second argument is the database +** connection. The third argument is one of [SQLITE_UTF8], [SQLITE_UTF16BE], +** or [SQLITE_UTF16LE], indicating the most desirable form of the collation +** sequence function required. The fourth parameter is the name of the +** required collation sequence.)^ +** +** The callback function should register the desired collation using +** [sqlite3_create_collation()], [sqlite3_create_collation16()], or +** [sqlite3_create_collation_v2()]. +*/ +SQLITE_API int sqlite3_collation_needed( + sqlite3*, + void*, + void(*)(void*,sqlite3*,int eTextRep,const char*) +); +SQLITE_API int sqlite3_collation_needed16( + sqlite3*, + void*, + void(*)(void*,sqlite3*,int eTextRep,const void*) +); + +#ifdef SQLITE_HAS_CODEC +/* +** Specify the key for an encrypted database. This routine should be +** called right after sqlite3_open(). +** +** The code to implement this API is not available in the public release +** of SQLite. +*/ +SQLITE_API int sqlite3_key( + sqlite3 *db, /* Database to be rekeyed */ + const void *pKey, int nKey /* The key */ +); + +/* +** Change the key on an open database. If the current database is not +** encrypted, this routine will encrypt it. If pNew==0 or nNew==0, the +** database is decrypted. +** +** The code to implement this API is not available in the public release +** of SQLite. +*/ +SQLITE_API int sqlite3_rekey( + sqlite3 *db, /* Database to be rekeyed */ + const void *pKey, int nKey /* The new key */ +); + +/* +** Specify the activation key for a SEE database. Unless +** activated, none of the SEE routines will work. +*/ +SQLITE_API void sqlite3_activate_see( + const char *zPassPhrase /* Activation phrase */ +); +#endif + +#ifdef SQLITE_ENABLE_CEROD +/* +** Specify the activation key for a CEROD database. Unless +** activated, none of the CEROD routines will work. +*/ +SQLITE_API void sqlite3_activate_cerod( + const char *zPassPhrase /* Activation phrase */ +); +#endif + +/* +** CAPI3REF: Suspend Execution For A Short Time +** +** The sqlite3_sleep() function causes the current thread to suspend execution +** for at least a number of milliseconds specified in its parameter. +** +** If the operating system does not support sleep requests with +** millisecond time resolution, then the time will be rounded up to +** the nearest second. The number of milliseconds of sleep actually +** requested from the operating system is returned. +** +** ^SQLite implements this interface by calling the xSleep() +** method of the default [sqlite3_vfs] object. If the xSleep() method +** of the default VFS is not implemented correctly, or not implemented at +** all, then the behavior of sqlite3_sleep() may deviate from the description +** in the previous paragraphs. +*/ +SQLITE_API int sqlite3_sleep(int); + +/* +** CAPI3REF: Name Of The Folder Holding Temporary Files +** +** ^(If this global variable is made to point to a string which is +** the name of a folder (a.k.a. directory), then all temporary files +** created by SQLite when using a built-in [sqlite3_vfs | VFS] +** will be placed in that directory.)^ ^If this variable +** is a NULL pointer, then SQLite performs a search for an appropriate +** temporary file directory. +** +** It is not safe to read or modify this variable in more than one +** thread at a time. It is not safe to read or modify this variable +** if a [database connection] is being used at the same time in a separate +** thread. +** It is intended that this variable be set once +** as part of process initialization and before any SQLite interface +** routines have been called and that this variable remain unchanged +** thereafter. +** +** ^The [temp_store_directory pragma] may modify this variable and cause +** it to point to memory obtained from [sqlite3_malloc]. ^Furthermore, +** the [temp_store_directory pragma] always assumes that any string +** that this variable points to is held in memory obtained from +** [sqlite3_malloc] and the pragma may attempt to free that memory +** using [sqlite3_free]. +** Hence, if this variable is modified directly, either it should be +** made NULL or made to point to memory obtained from [sqlite3_malloc] +** or else the use of the [temp_store_directory pragma] should be avoided. +*/ +SQLITE_API char *sqlite3_temp_directory; + +/* +** CAPI3REF: Test For Auto-Commit Mode +** KEYWORDS: {autocommit mode} +** +** ^The sqlite3_get_autocommit() interface returns non-zero or +** zero if the given database connection is or is not in autocommit mode, +** respectively. ^Autocommit mode is on by default. +** ^Autocommit mode is disabled by a [BEGIN] statement. +** ^Autocommit mode is re-enabled by a [COMMIT] or [ROLLBACK]. +** +** If certain kinds of errors occur on a statement within a multi-statement +** transaction (errors including [SQLITE_FULL], [SQLITE_IOERR], +** [SQLITE_NOMEM], [SQLITE_BUSY], and [SQLITE_INTERRUPT]) then the +** transaction might be rolled back automatically. The only way to +** find out whether SQLite automatically rolled back the transaction after +** an error is to use this function. +** +** If another thread changes the autocommit status of the database +** connection while this routine is running, then the return value +** is undefined. +*/ +SQLITE_API int sqlite3_get_autocommit(sqlite3*); + +/* +** CAPI3REF: Find The Database Handle Of A Prepared Statement +** +** ^The sqlite3_db_handle interface returns the [database connection] handle +** to which a [prepared statement] belongs. ^The [database connection] +** returned by sqlite3_db_handle is the same [database connection] +** that was the first argument +** to the [sqlite3_prepare_v2()] call (or its variants) that was used to +** create the statement in the first place. +*/ +SQLITE_API sqlite3 *sqlite3_db_handle(sqlite3_stmt*); + +/* +** CAPI3REF: Find the next prepared statement +** +** ^This interface returns a pointer to the next [prepared statement] after +** pStmt associated with the [database connection] pDb. ^If pStmt is NULL +** then this interface returns a pointer to the first prepared statement +** associated with the database connection pDb. ^If no prepared statement +** satisfies the conditions of this routine, it returns NULL. +** +** The [database connection] pointer D in a call to +** [sqlite3_next_stmt(D,S)] must refer to an open database +** connection and in particular must not be a NULL pointer. +*/ +SQLITE_API sqlite3_stmt *sqlite3_next_stmt(sqlite3 *pDb, sqlite3_stmt *pStmt); + +/* +** CAPI3REF: Commit And Rollback Notification Callbacks +** +** ^The sqlite3_commit_hook() interface registers a callback +** function to be invoked whenever a transaction is [COMMIT | committed]. +** ^Any callback set by a previous call to sqlite3_commit_hook() +** for the same database connection is overridden. +** ^The sqlite3_rollback_hook() interface registers a callback +** function to be invoked whenever a transaction is [ROLLBACK | rolled back]. +** ^Any callback set by a previous call to sqlite3_rollback_hook() +** for the same database connection is overridden. +** ^The pArg argument is passed through to the callback. +** ^If the callback on a commit hook function returns non-zero, +** then the commit is converted into a rollback. +** +** ^The sqlite3_commit_hook(D,C,P) and sqlite3_rollback_hook(D,C,P) functions +** return the P argument from the previous call of the same function +** on the same [database connection] D, or NULL for +** the first call for each function on D. +** +** The callback implementation must not do anything that will modify +** the database connection that invoked the callback. Any actions +** to modify the database connection must be deferred until after the +** completion of the [sqlite3_step()] call that triggered the commit +** or rollback hook in the first place. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +** ^Registering a NULL function disables the callback. +** +** ^When the commit hook callback routine returns zero, the [COMMIT] +** operation is allowed to continue normally. ^If the commit hook +** returns non-zero, then the [COMMIT] is converted into a [ROLLBACK]. +** ^The rollback hook is invoked on a rollback that results from a commit +** hook returning non-zero, just as it would be with any other rollback. +** +** ^For the purposes of this API, a transaction is said to have been +** rolled back if an explicit "ROLLBACK" statement is executed, or +** an error or constraint causes an implicit rollback to occur. +** ^The rollback callback is not invoked if a transaction is +** automatically rolled back because the database connection is closed. +** +** See also the [sqlite3_update_hook()] interface. +*/ +SQLITE_API void *sqlite3_commit_hook(sqlite3*, int(*)(void*), void*); +SQLITE_API void *sqlite3_rollback_hook(sqlite3*, void(*)(void *), void*); + +/* +** CAPI3REF: Data Change Notification Callbacks +** +** ^The sqlite3_update_hook() interface registers a callback function +** with the [database connection] identified by the first argument +** to be invoked whenever a row is updated, inserted or deleted. +** ^Any callback set by a previous call to this function +** for the same database connection is overridden. +** +** ^The second argument is a pointer to the function to invoke when a +** row is updated, inserted or deleted. +** ^The first argument to the callback is a copy of the third argument +** to sqlite3_update_hook(). +** ^The second callback argument is one of [SQLITE_INSERT], [SQLITE_DELETE], +** or [SQLITE_UPDATE], depending on the operation that caused the callback +** to be invoked. +** ^The third and fourth arguments to the callback contain pointers to the +** database and table name containing the affected row. +** ^The final callback parameter is the [rowid] of the row. +** ^In the case of an update, this is the [rowid] after the update takes place. +** +** ^(The update hook is not invoked when internal system tables are +** modified (i.e. sqlite_master and sqlite_sequence).)^ +** +** ^In the current implementation, the update hook +** is not invoked when duplication rows are deleted because of an +** [ON CONFLICT | ON CONFLICT REPLACE] clause. ^Nor is the update hook +** invoked when rows are deleted using the [truncate optimization]. +** The exceptions defined in this paragraph might change in a future +** release of SQLite. +** +** The update hook implementation must not do anything that will modify +** the database connection that invoked the update hook. Any actions +** to modify the database connection must be deferred until after the +** completion of the [sqlite3_step()] call that triggered the update hook. +** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their +** database connections for the meaning of "modify" in this paragraph. +** +** ^The sqlite3_update_hook(D,C,P) function +** returns the P argument from the previous call +** on the same [database connection] D, or NULL for +** the first call on D. +** +** See also the [sqlite3_commit_hook()] and [sqlite3_rollback_hook()] +** interfaces. +*/ +SQLITE_API void *sqlite3_update_hook( + sqlite3*, + void(*)(void *,int ,char const *,char const *,sqlite3_int64), + void* +); + +/* +** CAPI3REF: Enable Or Disable Shared Pager Cache +** KEYWORDS: {shared cache} +** +** ^(This routine enables or disables the sharing of the database cache +** and schema data structures between [database connection | connections] +** to the same database. Sharing is enabled if the argument is true +** and disabled if the argument is false.)^ +** +** ^Cache sharing is enabled and disabled for an entire process. +** This is a change as of SQLite version 3.5.0. In prior versions of SQLite, +** sharing was enabled or disabled for each thread separately. +** +** ^(The cache sharing mode set by this interface effects all subsequent +** calls to [sqlite3_open()], [sqlite3_open_v2()], and [sqlite3_open16()]. +** Existing database connections continue use the sharing mode +** that was in effect at the time they were opened.)^ +** +** ^(This routine returns [SQLITE_OK] if shared cache was enabled or disabled +** successfully. An [error code] is returned otherwise.)^ +** +** ^Shared cache is disabled by default. But this might change in +** future releases of SQLite. Applications that care about shared +** cache setting should set it explicitly. +** +** See Also: [SQLite Shared-Cache Mode] +*/ +SQLITE_API int sqlite3_enable_shared_cache(int); + +/* +** CAPI3REF: Attempt To Free Heap Memory +** +** ^The sqlite3_release_memory() interface attempts to free N bytes +** of heap memory by deallocating non-essential memory allocations +** held by the database library. Memory used to cache database +** pages to improve performance is an example of non-essential memory. +** ^sqlite3_release_memory() returns the number of bytes actually freed, +** which might be more or less than the amount requested. +** ^The sqlite3_release_memory() routine is a no-op returning zero +** if SQLite is not compiled with [SQLITE_ENABLE_MEMORY_MANAGEMENT]. +*/ +SQLITE_API int sqlite3_release_memory(int); + +/* +** CAPI3REF: Impose A Limit On Heap Size +** +** ^The sqlite3_soft_heap_limit64() interface sets and/or queries the +** soft limit on the amount of heap memory that may be allocated by SQLite. +** ^SQLite strives to keep heap memory utilization below the soft heap +** limit by reducing the number of pages held in the page cache +** as heap memory usages approaches the limit. +** ^The soft heap limit is "soft" because even though SQLite strives to stay +** below the limit, it will exceed the limit rather than generate +** an [SQLITE_NOMEM] error. In other words, the soft heap limit +** is advisory only. +** +** ^The return value from sqlite3_soft_heap_limit64() is the size of +** the soft heap limit prior to the call. ^If the argument N is negative +** then no change is made to the soft heap limit. Hence, the current +** size of the soft heap limit can be determined by invoking +** sqlite3_soft_heap_limit64() with a negative argument. +** +** ^If the argument N is zero then the soft heap limit is disabled. +** +** ^(The soft heap limit is not enforced in the current implementation +** if one or more of following conditions are true: +** +**
    +**
  • The soft heap limit is set to zero. +**
  • Memory accounting is disabled using a combination of the +** [sqlite3_config]([SQLITE_CONFIG_MEMSTATUS],...) start-time option and +** the [SQLITE_DEFAULT_MEMSTATUS] compile-time option. +**
  • An alternative page cache implementation is specified using +** [sqlite3_config]([SQLITE_CONFIG_PCACHE],...). +**
  • The page cache allocates from its own memory pool supplied +** by [sqlite3_config]([SQLITE_CONFIG_PAGECACHE],...) rather than +** from the heap. +**
)^ +** +** Beginning with SQLite version 3.7.3, the soft heap limit is enforced +** regardless of whether or not the [SQLITE_ENABLE_MEMORY_MANAGEMENT] +** compile-time option is invoked. With [SQLITE_ENABLE_MEMORY_MANAGEMENT], +** the soft heap limit is enforced on every memory allocation. Without +** [SQLITE_ENABLE_MEMORY_MANAGEMENT], the soft heap limit is only enforced +** when memory is allocated by the page cache. Testing suggests that because +** the page cache is the predominate memory user in SQLite, most +** applications will achieve adequate soft heap limit enforcement without +** the use of [SQLITE_ENABLE_MEMORY_MANAGEMENT]. +** +** The circumstances under which SQLite will enforce the soft heap limit may +** changes in future releases of SQLite. +*/ +SQLITE_API sqlite3_int64 sqlite3_soft_heap_limit64(sqlite3_int64 N); + +/* +** CAPI3REF: Deprecated Soft Heap Limit Interface +** DEPRECATED +** +** This is a deprecated version of the [sqlite3_soft_heap_limit64()] +** interface. This routine is provided for historical compatibility +** only. All new applications should use the +** [sqlite3_soft_heap_limit64()] interface rather than this one. +*/ +SQLITE_API SQLITE_DEPRECATED void sqlite3_soft_heap_limit(int N); + + +/* +** CAPI3REF: Extract Metadata About A Column Of A Table +** +** ^This routine returns metadata about a specific column of a specific +** database table accessible using the [database connection] handle +** passed as the first function argument. +** +** ^The column is identified by the second, third and fourth parameters to +** this function. ^The second parameter is either the name of the database +** (i.e. "main", "temp", or an attached database) containing the specified +** table or NULL. ^If it is NULL, then all attached databases are searched +** for the table using the same algorithm used by the database engine to +** resolve unqualified table references. +** +** ^The third and fourth parameters to this function are the table and column +** name of the desired column, respectively. Neither of these parameters +** may be NULL. +** +** ^Metadata is returned by writing to the memory locations passed as the 5th +** and subsequent parameters to this function. ^Any of these arguments may be +** NULL, in which case the corresponding element of metadata is omitted. +** +** ^(
+** +**
Parameter Output
Type 		Description +** +**
5th const char* Data type +**
6th const char* Name of default collation sequence +**
7th int True if column has a NOT NULL constraint +**
8th int True if column is part of the PRIMARY KEY +**
9th int True if column is [AUTOINCREMENT] +**
+**
)^ +** +** ^The memory pointed to by the character pointers returned for the +** declaration type and collation sequence is valid only until the next +** call to any SQLite API function. +** +** ^If the specified table is actually a view, an [error code] is returned. +** +** ^If the specified column is "rowid", "oid" or "_rowid_" and an +** [INTEGER PRIMARY KEY] column has been explicitly declared, then the output +** parameters are set for the explicitly declared column. ^(If there is no +** explicitly declared [INTEGER PRIMARY KEY] column, then the output +** parameters are set as follows: +** +** 
+**     data type: "INTEGER"
+**     collation sequence: "BINARY"
+**     not null: 0
+**     primary key: 1
+**     auto increment: 0
+**
)^ +** +** ^(This function may load one or more schemas from database files. If an +** error occurs during this process, or if the requested table or column +** cannot be found, an [error code] is returned and an error message left +** in the [database connection] (to be retrieved using sqlite3_errmsg()).)^ +** +** ^This API is only available if the library was compiled with the +** [SQLITE_ENABLE_COLUMN_METADATA] C-preprocessor symbol defined. +*/ +SQLITE_API int sqlite3_table_column_metadata( + sqlite3 *db, /* Connection handle */ + const char *zDbName, /* Database name or NULL */ + const char *zTableName, /* Table name */ + const char *zColumnName, /* Column name */ + char const **pzDataType, /* OUTPUT: Declared data type */ + char const **pzCollSeq, /* OUTPUT: Collation sequence name */ + int *pNotNull, /* OUTPUT: True if NOT NULL constraint exists */ + int *pPrimaryKey, /* OUTPUT: True if column part of PK */ + int *pAutoinc /* OUTPUT: True if column is auto-increment */ +); + +/* +** CAPI3REF: Load An Extension +** +** ^This interface loads an SQLite extension library from the named file. +** +** ^The sqlite3_load_extension() interface attempts to load an +** SQLite extension library contained in the file zFile. +** +** ^The entry point is zProc. +** ^zProc may be 0, in which case the name of the entry point +** defaults to "sqlite3_extension_init". +** ^The sqlite3_load_extension() interface returns +** [SQLITE_OK] on success and [SQLITE_ERROR] if something goes wrong. +** ^If an error occurs and pzErrMsg is not 0, then the +** [sqlite3_load_extension()] interface shall attempt to +** fill *pzErrMsg with error message text stored in memory +** obtained from [sqlite3_malloc()]. The calling function +** should free this memory by calling [sqlite3_free()]. +** +** ^Extension loading must be enabled using +** [sqlite3_enable_load_extension()] prior to calling this API, +** otherwise an error will be returned. +** +** See also the [load_extension() SQL function]. +*/ +SQLITE_API int sqlite3_load_extension( + sqlite3 *db, /* Load the extension into this database connection */ + const char *zFile, /* Name of the shared library containing extension */ + const char *zProc, /* Entry point. Derived from zFile if 0 */ + char **pzErrMsg /* Put error message here if not 0 */ +); + +/* +** CAPI3REF: Enable Or Disable Extension Loading +** +** ^So as not to open security holes in older applications that are +** unprepared to deal with extension loading, and as a means of disabling +** extension loading while evaluating user-entered SQL, the following API +** is provided to turn the [sqlite3_load_extension()] mechanism on and off. +** +** ^Extension loading is off by default. See ticket #1863. +** ^Call the sqlite3_enable_load_extension() routine with onoff==1 +** to turn extension loading on and call it with onoff==0 to turn +** it back off again. +*/ +SQLITE_API int sqlite3_enable_load_extension(sqlite3 *db, int onoff); + +/* +** CAPI3REF: Automatically Load Statically Linked Extensions +** +** ^This interface causes the xEntryPoint() function to be invoked for +** each new [database connection] that is created. The idea here is that +** xEntryPoint() is the entry point for a statically linked SQLite extension +** that is to be automatically loaded into all new database connections. +** +** ^(Even though the function prototype shows that xEntryPoint() takes +** no arguments and returns void, SQLite invokes xEntryPoint() with three +** arguments and expects and integer result as if the signature of the +** entry point where as follows: +** +** 
+**    int xEntryPoint(
+**      sqlite3 *db,
+**      const char **pzErrMsg,
+**      const struct sqlite3_api_routines *pThunk
+**    );
+**
)^ +** +** If the xEntryPoint routine encounters an error, it should make *pzErrMsg +** point to an appropriate error message (obtained from [sqlite3_mprintf()]) +** and return an appropriate [error code]. ^SQLite ensures that *pzErrMsg +** is NULL before calling the xEntryPoint(). ^SQLite will invoke +** [sqlite3_free()] on *pzErrMsg after xEntryPoint() returns. ^If any +** xEntryPoint() returns an error, the [sqlite3_open()], [sqlite3_open16()], +** or [sqlite3_open_v2()] call that provoked the xEntryPoint() will fail. +** +** ^Calling sqlite3_auto_extension(X) with an entry point X that is already +** on the list of automatic extensions is a harmless no-op. ^No entry point +** will be called more than once for each database connection that is opened. +** +** See also: [sqlite3_reset_auto_extension()]. +*/ +SQLITE_API int sqlite3_auto_extension(void (*xEntryPoint)(void)); + +/* +** CAPI3REF: Reset Automatic Extension Loading +** +** ^This interface disables all automatic extensions previously +** registered using [sqlite3_auto_extension()]. +*/ +SQLITE_API void sqlite3_reset_auto_extension(void); + +/* +** The interface to the virtual-table mechanism is currently considered +** to be experimental. The interface might change in incompatible ways. +** If this is a problem for you, do not use the interface at this time. +** +** When the virtual-table mechanism stabilizes, we will declare the +** interface fixed, support it indefinitely, and remove this comment. +*/ + +/* +** Structures used by the virtual table interface +*/ +typedef struct sqlite3_vtab sqlite3_vtab; +typedef struct sqlite3_index_info sqlite3_index_info; +typedef struct sqlite3_vtab_cursor sqlite3_vtab_cursor; +typedef struct sqlite3_module sqlite3_module; + +/* +** CAPI3REF: Virtual Table Object +** KEYWORDS: sqlite3_module {virtual table module} +** +** This structure, sometimes called a "virtual table module", +** defines the implementation of a [virtual tables]. +** This structure consists mostly of methods for the module. +** +** ^A virtual table module is created by filling in a persistent +** instance of this structure and passing a pointer to that instance +** to [sqlite3_create_module()] or [sqlite3_create_module_v2()]. +** ^The registration remains valid until it is replaced by a different +** module or until the [database connection] closes. The content +** of this structure must not change while it is registered with +** any database connection. +*/ +struct sqlite3_module { + int iVersion; + int (*xCreate)(sqlite3*, void *pAux, + int argc, const char *const*argv, + sqlite3_vtab **ppVTab, char**); + int (*xConnect)(sqlite3*, void *pAux, + int argc, const char *const*argv, + sqlite3_vtab **ppVTab, char**); + int (*xBestIndex)(sqlite3_vtab *pVTab, sqlite3_index_info*); + int (*xDisconnect)(sqlite3_vtab *pVTab); + int (*xDestroy)(sqlite3_vtab *pVTab); + int (*xOpen)(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor); + int (*xClose)(sqlite3_vtab_cursor*); + int (*xFilter)(sqlite3_vtab_cursor*, int idxNum, const char *idxStr, + int argc, sqlite3_value **argv); + int (*xNext)(sqlite3_vtab_cursor*); + int (*xEof)(sqlite3_vtab_cursor*); + int (*xColumn)(sqlite3_vtab_cursor*, sqlite3_context*, int); + int (*xRowid)(sqlite3_vtab_cursor*, sqlite3_int64 *pRowid); + int (*xUpdate)(sqlite3_vtab *, int, sqlite3_value **, sqlite3_int64 *); + int (*xBegin)(sqlite3_vtab *pVTab); + int (*xSync)(sqlite3_vtab *pVTab); + int (*xCommit)(sqlite3_vtab *pVTab); + int (*xRollback)(sqlite3_vtab *pVTab); + int (*xFindFunction)(sqlite3_vtab *pVtab, int nArg, const char *zName, + void (**pxFunc)(sqlite3_context*,int,sqlite3_value**), + void **ppArg); + int (*xRename)(sqlite3_vtab *pVtab, const char *zNew); + /* The methods above are in version 1 of the sqlite_module object. Those + ** below are for version 2 and greater. */ + int (*xSavepoint)(sqlite3_vtab *pVTab, int); + int (*xRelease)(sqlite3_vtab *pVTab, int); + int (*xRollbackTo)(sqlite3_vtab *pVTab, int); +}; + +/* +** CAPI3REF: Virtual Table Indexing Information +** KEYWORDS: sqlite3_index_info +** +** The sqlite3_index_info structure and its substructures is used as part +** of the [virtual table] interface to +** pass information into and receive the reply from the [xBestIndex] +** method of a [virtual table module]. The fields under **Inputs** are the +** inputs to xBestIndex and are read-only. xBestIndex inserts its +** results into the **Outputs** fields. +** +** ^(The aConstraint[] array records WHERE clause constraints of the form: +** +**
column OP expr
+** +** where OP is =, <, <=, >, or >=.)^ ^(The particular operator is +** stored in aConstraint[].op using one of the +** [SQLITE_INDEX_CONSTRAINT_EQ | SQLITE_INDEX_CONSTRAINT_ values].)^ +** ^(The index of the column is stored in +** aConstraint[].iColumn.)^ ^(aConstraint[].usable is TRUE if the +** expr on the right-hand side can be evaluated (and thus the constraint +** is usable) and false if it cannot.)^ +** +** ^The optimizer automatically inverts terms of the form "expr OP column" +** and makes other simplifications to the WHERE clause in an attempt to +** get as many WHERE clause terms into the form shown above as possible. +** ^The aConstraint[] array only reports WHERE clause terms that are +** relevant to the particular virtual table being queried. +** +** ^Information about the ORDER BY clause is stored in aOrderBy[]. +** ^Each term of aOrderBy records a column of the ORDER BY clause. +** +** The [xBestIndex] method must fill aConstraintUsage[] with information +** about what parameters to pass to xFilter. ^If argvIndex>0 then +** the right-hand side of the corresponding aConstraint[] is evaluated +** and becomes the argvIndex-th entry in argv. ^(If aConstraintUsage[].omit +** is true, then the constraint is assumed to be fully handled by the +** virtual table and is not checked again by SQLite.)^ +** +** ^The idxNum and idxPtr values are recorded and passed into the +** [xFilter] method. +** ^[sqlite3_free()] is used to free idxPtr if and only if +** needToFreeIdxPtr is true. +** +** ^The orderByConsumed means that output from [xFilter]/[xNext] will occur in +** the correct order to satisfy the ORDER BY clause so that no separate +** sorting step is required. +** +** ^The estimatedCost value is an estimate of the cost of doing the +** particular lookup. A full scan of a table with N entries should have +** a cost of N. A binary search of a table of N entries should have a +** cost of approximately log(N). +*/ +struct sqlite3_index_info { + /* Inputs */ + int nConstraint; /* Number of entries in aConstraint */ + struct sqlite3_index_constraint { + int iColumn; /* Column on left-hand side of constraint */ + unsigned char op; /* Constraint operator */ + unsigned char usable; /* True if this constraint is usable */ + int iTermOffset; /* Used internally - xBestIndex should ignore */ + } *aConstraint; /* Table of WHERE clause constraints */ + int nOrderBy; /* Number of terms in the ORDER BY clause */ + struct sqlite3_index_orderby { + int iColumn; /* Column number */ + unsigned char desc; /* True for DESC. False for ASC. */ + } *aOrderBy; /* The ORDER BY clause */ + /* Outputs */ + struct sqlite3_index_constraint_usage { + int argvIndex; /* if >0, constraint is part of argv to xFilter */ + unsigned char omit; /* Do not code a test for this constraint */ + } *aConstraintUsage; + int idxNum; /* Number used to identify the index */ + char *idxStr; /* String, possibly obtained from sqlite3_malloc */ + int needToFreeIdxStr; /* Free idxStr using sqlite3_free() if true */ + int orderByConsumed; /* True if output is already ordered */ + double estimatedCost; /* Estimated cost of using this index */ +}; + +/* +** CAPI3REF: Virtual Table Constraint Operator Codes +** +** These macros defined the allowed values for the +** [sqlite3_index_info].aConstraint[].op field. Each value represents +** an operator that is part of a constraint term in the wHERE clause of +** a query that uses a [virtual table]. +*/ +#define SQLITE_INDEX_CONSTRAINT_EQ 2 +#define SQLITE_INDEX_CONSTRAINT_GT 4 +#define SQLITE_INDEX_CONSTRAINT_LE 8 +#define SQLITE_INDEX_CONSTRAINT_LT 16 +#define SQLITE_INDEX_CONSTRAINT_GE 32 +#define SQLITE_INDEX_CONSTRAINT_MATCH 64 + +/* +** CAPI3REF: Register A Virtual Table Implementation +** +** ^These routines are used to register a new [virtual table module] name. +** ^Module names must be registered before +** creating a new [virtual table] using the module and before using a +** preexisting [virtual table] for the module. +** +** ^The module name is registered on the [database connection] specified +** by the first parameter. ^The name of the module is given by the +** second parameter. ^The third parameter is a pointer to +** the implementation of the [virtual table module]. ^The fourth +** parameter is an arbitrary client data pointer that is passed through +** into the [xCreate] and [xConnect] methods of the virtual table module +** when a new virtual table is be being created or reinitialized. +** +** ^The sqlite3_create_module_v2() interface has a fifth parameter which +** is a pointer to a destructor for the pClientData. ^SQLite will +** invoke the destructor function (if it is not NULL) when SQLite +** no longer needs the pClientData pointer. ^The destructor will also +** be invoked if the call to sqlite3_create_module_v2() fails. +** ^The sqlite3_create_module() +** interface is equivalent to sqlite3_create_module_v2() with a NULL +** destructor. +*/ +SQLITE_API int sqlite3_create_module( + sqlite3 *db, /* SQLite connection to register module with */ + const char *zName, /* Name of the module */ + const sqlite3_module *p, /* Methods for the module */ + void *pClientData /* Client data for xCreate/xConnect */ +); +SQLITE_API int sqlite3_create_module_v2( + sqlite3 *db, /* SQLite connection to register module with */ + const char *zName, /* Name of the module */ + const sqlite3_module *p, /* Methods for the module */ + void *pClientData, /* Client data for xCreate/xConnect */ + void(*xDestroy)(void*) /* Module destructor function */ +); + +/* +** CAPI3REF: Virtual Table Instance Object +** KEYWORDS: sqlite3_vtab +** +** Every [virtual table module] implementation uses a subclass +** of this object to describe a particular instance +** of the [virtual table]. Each subclass will +** be tailored to the specific needs of the module implementation. +** The purpose of this superclass is to define certain fields that are +** common to all module implementations. +** +** ^Virtual tables methods can set an error message by assigning a +** string obtained from [sqlite3_mprintf()] to zErrMsg. The method should +** take care that any prior string is freed by a call to [sqlite3_free()] +** prior to assigning a new string to zErrMsg. ^After the error message +** is delivered up to the client application, the string will be automatically +** freed by sqlite3_free() and the zErrMsg field will be zeroed. +*/ +struct sqlite3_vtab { + const sqlite3_module *pModule; /* The module for this virtual table */ + int nRef; /* NO LONGER USED */ + char *zErrMsg; /* Error message from sqlite3_mprintf() */ + /* Virtual table implementations will typically add additional fields */ +}; + +/* +** CAPI3REF: Virtual Table Cursor Object +** KEYWORDS: sqlite3_vtab_cursor {virtual table cursor} +** +** Every [virtual table module] implementation uses a subclass of the +** following structure to describe cursors that point into the +** [virtual table] and are used +** to loop through the virtual table. Cursors are created using the +** [sqlite3_module.xOpen | xOpen] method of the module and are destroyed +** by the [sqlite3_module.xClose | xClose] method. Cursors are used +** by the [xFilter], [xNext], [xEof], [xColumn], and [xRowid] methods +** of the module. Each module implementation will define +** the content of a cursor structure to suit its own needs. +** +** This superclass exists in order to define fields of the cursor that +** are common to all implementations. +*/ +struct sqlite3_vtab_cursor { + sqlite3_vtab *pVtab; /* Virtual table of this cursor */ + /* Virtual table implementations will typically add additional fields */ +}; + +/* +** CAPI3REF: Declare The Schema Of A Virtual Table +** +** ^The [xCreate] and [xConnect] methods of a +** [virtual table module] call this interface +** to declare the format (the names and datatypes of the columns) of +** the virtual tables they implement. +*/ +SQLITE_API int sqlite3_declare_vtab(sqlite3*, const char *zSQL); + +/* +** CAPI3REF: Overload A Function For A Virtual Table +** +** ^(Virtual tables can provide alternative implementations of functions +** using the [xFindFunction] method of the [virtual table module]. +** But global versions of those functions +** must exist in order to be overloaded.)^ +** +** ^(This API makes sure a global version of a function with a particular +** name and number of parameters exists. If no such function exists +** before this API is called, a new function is created.)^ ^The implementation +** of the new function always causes an exception to be thrown. So +** the new function is not good for anything by itself. Its only +** purpose is to be a placeholder function that can be overloaded +** by a [virtual table]. +*/ +SQLITE_API int sqlite3_overload_function(sqlite3*, const char *zFuncName, int nArg); + +/* +** The interface to the virtual-table mechanism defined above (back up +** to a comment remarkably similar to this one) is currently considered +** to be experimental. The interface might change in incompatible ways. +** If this is a problem for you, do not use the interface at this time. +** +** When the virtual-table mechanism stabilizes, we will declare the +** interface fixed, support it indefinitely, and remove this comment. +*/ + +/* +** CAPI3REF: A Handle To An Open BLOB +** KEYWORDS: {BLOB handle} {BLOB handles} +** +** An instance of this object represents an open BLOB on which +** [sqlite3_blob_open | incremental BLOB I/O] can be performed. +** ^Objects of this type are created by [sqlite3_blob_open()] +** and destroyed by [sqlite3_blob_close()]. +** ^The [sqlite3_blob_read()] and [sqlite3_blob_write()] interfaces +** can be used to read or write small subsections of the BLOB. +** ^The [sqlite3_blob_bytes()] interface returns the size of the BLOB in bytes. +*/ +typedef struct sqlite3_blob sqlite3_blob; + +/* +** CAPI3REF: Open A BLOB For Incremental I/O +** +** ^(This interfaces opens a [BLOB handle | handle] to the BLOB located +** in row iRow, column zColumn, table zTable in database zDb; +** in other words, the same BLOB that would be selected by: +** +** 
+**     SELECT zColumn FROM zDb.zTable WHERE [rowid] = iRow;
+**
)^ +** +** ^If the flags parameter is non-zero, then the BLOB is opened for read +** and write access. ^If it is zero, the BLOB is opened for read access. +** ^It is not possible to open a column that is part of an index or primary +** key for writing. ^If [foreign key constraints] are enabled, it is +** not possible to open a column that is part of a [child key] for writing. +** +** ^Note that the database name is not the filename that contains +** the database but rather the symbolic name of the database that +** appears after the AS keyword when the database is connected using [ATTACH]. +** ^For the main database file, the database name is "main". +** ^For TEMP tables, the database name is "temp". +** +** ^(On success, [SQLITE_OK] is returned and the new [BLOB handle] is written +** to *ppBlob. Otherwise an [error code] is returned and *ppBlob is set +** to be a null pointer.)^ +** ^This function sets the [database connection] error code and message +** accessible via [sqlite3_errcode()] and [sqlite3_errmsg()] and related +** functions. ^Note that the *ppBlob variable is always initialized in a +** way that makes it safe to invoke [sqlite3_blob_close()] on *ppBlob +** regardless of the success or failure of this routine. +** +** ^(If the row that a BLOB handle points to is modified by an +** [UPDATE], [DELETE], or by [ON CONFLICT] side-effects +** then the BLOB handle is marked as "expired". +** This is true if any column of the row is changed, even a column +** other than the one the BLOB handle is open on.)^ +** ^Calls to [sqlite3_blob_read()] and [sqlite3_blob_write()] for +** an expired BLOB handle fail with a return code of [SQLITE_ABORT]. +** ^(Changes written into a BLOB prior to the BLOB expiring are not +** rolled back by the expiration of the BLOB. Such changes will eventually +** commit if the transaction continues to completion.)^ +** +** ^Use the [sqlite3_blob_bytes()] interface to determine the size of +** the opened blob. ^The size of a blob may not be changed by this +** interface. Use the [UPDATE] SQL command to change the size of a +** blob. +** +** ^The [sqlite3_bind_zeroblob()] and [sqlite3_result_zeroblob()] interfaces +** and the built-in [zeroblob] SQL function can be used, if desired, +** to create an empty, zero-filled blob in which to read or write using +** this interface. +** +** To avoid a resource leak, every open [BLOB handle] should eventually +** be released by a call to [sqlite3_blob_close()]. +*/ +SQLITE_API int sqlite3_blob_open( + sqlite3*, + const char *zDb, + const char *zTable, + const char *zColumn, + sqlite3_int64 iRow, + int flags, + sqlite3_blob **ppBlob +); + +/* +** CAPI3REF: Move a BLOB Handle to a New Row +** +** ^This function is used to move an existing blob handle so that it points +** to a different row of the same database table. ^The new row is identified +** by the rowid value passed as the second argument. Only the row can be +** changed. ^The database, table and column on which the blob handle is open +** remain the same. Moving an existing blob handle to a new row can be +** faster than closing the existing handle and opening a new one. +** +** ^(The new row must meet the same criteria as for [sqlite3_blob_open()] - +** it must exist and there must be either a blob or text value stored in +** the nominated column.)^ ^If the new row is not present in the table, or if +** it does not contain a blob or text value, or if another error occurs, an +** SQLite error code is returned and the blob handle is considered aborted. +** ^All subsequent calls to [sqlite3_blob_read()], [sqlite3_blob_write()] or +** [sqlite3_blob_reopen()] on an aborted blob handle immediately return +** SQLITE_ABORT. ^Calling [sqlite3_blob_bytes()] on an aborted blob handle +** always returns zero. +** +** ^This function sets the database handle error code and message. +*/ +SQLITE_API SQLITE_EXPERIMENTAL int sqlite3_blob_reopen(sqlite3_blob *, sqlite3_int64); + +/* +** CAPI3REF: Close A BLOB Handle +** +** ^Closes an open [BLOB handle]. +** +** ^Closing a BLOB shall cause the current transaction to commit +** if there are no other BLOBs, no pending prepared statements, and the +** database connection is in [autocommit mode]. +** ^If any writes were made to the BLOB, they might be held in cache +** until the close operation if they will fit. +** +** ^(Closing the BLOB often forces the changes +** out to disk and so if any I/O errors occur, they will likely occur +** at the time when the BLOB is closed. Any errors that occur during +** closing are reported as a non-zero return value.)^ +** +** ^(The BLOB is closed unconditionally. Even if this routine returns +** an error code, the BLOB is still closed.)^ +** +** ^Calling this routine with a null pointer (such as would be returned +** by a failed call to [sqlite3_blob_open()]) is a harmless no-op. +*/ +SQLITE_API int sqlite3_blob_close(sqlite3_blob *); + +/* +** CAPI3REF: Return The Size Of An Open BLOB +** +** ^Returns the size in bytes of the BLOB accessible via the +** successfully opened [BLOB handle] in its only argument. ^The +** incremental blob I/O routines can only read or overwriting existing +** blob content; they cannot change the size of a blob. +** +** This routine only works on a [BLOB handle] which has been created +** by a prior successful call to [sqlite3_blob_open()] and which has not +** been closed by [sqlite3_blob_close()]. Passing any other pointer in +** to this routine results in undefined and probably undesirable behavior. +*/ +SQLITE_API int sqlite3_blob_bytes(sqlite3_blob *); + +/* +** CAPI3REF: Read Data From A BLOB Incrementally +** +** ^(This function is used to read data from an open [BLOB handle] into a +** caller-supplied buffer. N bytes of data are copied into buffer Z +** from the open BLOB, starting at offset iOffset.)^ +** +** ^If offset iOffset is less than N bytes from the end of the BLOB, +** [SQLITE_ERROR] is returned and no data is read. ^If N or iOffset is +** less than zero, [SQLITE_ERROR] is returned and no data is read. +** ^The size of the blob (and hence the maximum value of N+iOffset) +** can be determined using the [sqlite3_blob_bytes()] interface. +** +** ^An attempt to read from an expired [BLOB handle] fails with an +** error code of [SQLITE_ABORT]. +** +** ^(On success, sqlite3_blob_read() returns SQLITE_OK. +** Otherwise, an [error code] or an [extended error code] is returned.)^ +** +** This routine only works on a [BLOB handle] which has been created +** by a prior successful call to [sqlite3_blob_open()] and which has not +** been closed by [sqlite3_blob_close()]. Passing any other pointer in +** to this routine results in undefined and probably undesirable behavior. +** +** See also: [sqlite3_blob_write()]. +*/ +SQLITE_API int sqlite3_blob_read(sqlite3_blob *, void *Z, int N, int iOffset); + +/* +** CAPI3REF: Write Data Into A BLOB Incrementally +** +** ^This function is used to write data into an open [BLOB handle] from a +** caller-supplied buffer. ^N bytes of data are copied from the buffer Z +** into the open BLOB, starting at offset iOffset. +** +** ^If the [BLOB handle] passed as the first argument was not opened for +** writing (the flags parameter to [sqlite3_blob_open()] was zero), +** this function returns [SQLITE_READONLY]. +** +** ^This function may only modify the contents of the BLOB; it is +** not possible to increase the size of a BLOB using this API. +** ^If offset iOffset is less than N bytes from the end of the BLOB, +** [SQLITE_ERROR] is returned and no data is written. ^If N is +** less than zero [SQLITE_ERROR] is returned and no data is written. +** The size of the BLOB (and hence the maximum value of N+iOffset) +** can be determined using the [sqlite3_blob_bytes()] interface. +** +** ^An attempt to write to an expired [BLOB handle] fails with an +** error code of [SQLITE_ABORT]. ^Writes to the BLOB that occurred +** before the [BLOB handle] expired are not rolled back by the +** expiration of the handle, though of course those changes might +** have been overwritten by the statement that expired the BLOB handle +** or by other independent statements. +** +** ^(On success, sqlite3_blob_write() returns SQLITE_OK. +** Otherwise, an [error code] or an [extended error code] is returned.)^ +** +** This routine only works on a [BLOB handle] which has been created +** by a prior successful call to [sqlite3_blob_open()] and which has not +** been closed by [sqlite3_blob_close()]. Passing any other pointer in +** to this routine results in undefined and probably undesirable behavior. +** +** See also: [sqlite3_blob_read()]. +*/ +SQLITE_API int sqlite3_blob_write(sqlite3_blob *, const void *z, int n, int iOffset); + +/* +** CAPI3REF: Virtual File System Objects +** +** A virtual filesystem (VFS) is an [sqlite3_vfs] object +** that SQLite uses to interact +** with the underlying operating system. Most SQLite builds come with a +** single default VFS that is appropriate for the host computer. +** New VFSes can be registered and existing VFSes can be unregistered. +** The following interfaces are provided. +** +** ^The sqlite3_vfs_find() interface returns a pointer to a VFS given its name. +** ^Names are case sensitive. +** ^Names are zero-terminated UTF-8 strings. +** ^If there is no match, a NULL pointer is returned. +** ^If zVfsName is NULL then the default VFS is returned. +** +** ^New VFSes are registered with sqlite3_vfs_register(). +** ^Each new VFS becomes the default VFS if the makeDflt flag is set. +** ^The same VFS can be registered multiple times without injury. +** ^To make an existing VFS into the default VFS, register it again +** with the makeDflt flag set. If two different VFSes with the +** same name are registered, the behavior is undefined. If a +** VFS is registered with a name that is NULL or an empty string, +** then the behavior is undefined. +** +** ^Unregister a VFS with the sqlite3_vfs_unregister() interface. +** ^(If the default VFS is unregistered, another VFS is chosen as +** the default. The choice for the new VFS is arbitrary.)^ +*/ +SQLITE_API sqlite3_vfs *sqlite3_vfs_find(const char *zVfsName); +SQLITE_API int sqlite3_vfs_register(sqlite3_vfs*, int makeDflt); +SQLITE_API int sqlite3_vfs_unregister(sqlite3_vfs*); + +/* +** CAPI3REF: Mutexes +** +** The SQLite core uses these routines for thread +** synchronization. Though they are intended for internal +** use by SQLite, code that links against SQLite is +** permitted to use any of these routines. +** +** The SQLite source code contains multiple implementations +** of these mutex routines. An appropriate implementation +** is selected automatically at compile-time. ^(The following +** implementations are available in the SQLite core: +** +**
    +**
  • SQLITE_MUTEX_OS2 +**
  • SQLITE_MUTEX_PTHREAD +**
  • SQLITE_MUTEX_W32 +**
  • SQLITE_MUTEX_NOOP +**
)^ +** +** ^The SQLITE_MUTEX_NOOP implementation is a set of routines +** that does no real locking and is appropriate for use in +** a single-threaded application. ^The SQLITE_MUTEX_OS2, +** SQLITE_MUTEX_PTHREAD, and SQLITE_MUTEX_W32 implementations +** are appropriate for use on OS/2, Unix, and Windows. +** +** ^(If SQLite is compiled with the SQLITE_MUTEX_APPDEF preprocessor +** macro defined (with "-DSQLITE_MUTEX_APPDEF=1"), then no mutex +** implementation is included with the library. In this case the +** application must supply a custom mutex implementation using the +** [SQLITE_CONFIG_MUTEX] option of the sqlite3_config() function +** before calling sqlite3_initialize() or any other public sqlite3_ +** function that calls sqlite3_initialize().)^ +** +** ^The sqlite3_mutex_alloc() routine allocates a new +** mutex and returns a pointer to it. ^If it returns NULL +** that means that a mutex could not be allocated. ^SQLite +** will unwind its stack and return an error. ^(The argument +** to sqlite3_mutex_alloc() is one of these integer constants: +** +**
    +**
  • SQLITE_MUTEX_FAST +**
  • SQLITE_MUTEX_RECURSIVE +**
  • SQLITE_MUTEX_STATIC_MASTER +**
  • SQLITE_MUTEX_STATIC_MEM +**
  • SQLITE_MUTEX_STATIC_MEM2 +**
  • SQLITE_MUTEX_STATIC_PRNG +**
  • SQLITE_MUTEX_STATIC_LRU +**
  • SQLITE_MUTEX_STATIC_LRU2 +**
)^ +** +** ^The first two constants (SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE) +** cause sqlite3_mutex_alloc() to create +** a new mutex. ^The new mutex is recursive when SQLITE_MUTEX_RECURSIVE +** is used but not necessarily so when SQLITE_MUTEX_FAST is used. +** The mutex implementation does not need to make a distinction +** between SQLITE_MUTEX_RECURSIVE and SQLITE_MUTEX_FAST if it does +** not want to. ^SQLite will only request a recursive mutex in +** cases where it really needs one. ^If a faster non-recursive mutex +** implementation is available on the host platform, the mutex subsystem +** might return such a mutex in response to SQLITE_MUTEX_FAST. +** +** ^The other allowed parameters to sqlite3_mutex_alloc() (anything other +** than SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE) each return +** a pointer to a static preexisting mutex. ^Six static mutexes are +** used by the current version of SQLite. Future versions of SQLite +** may add additional static mutexes. Static mutexes are for internal +** use by SQLite only. Applications that use SQLite mutexes should +** use only the dynamic mutexes returned by SQLITE_MUTEX_FAST or +** SQLITE_MUTEX_RECURSIVE. +** +** ^Note that if one of the dynamic mutex parameters (SQLITE_MUTEX_FAST +** or SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc() +** returns a different mutex on every call. ^But for the static +** mutex types, the same mutex is returned on every call that has +** the same type number. +** +** ^The sqlite3_mutex_free() routine deallocates a previously +** allocated dynamic mutex. ^SQLite is careful to deallocate every +** dynamic mutex that it allocates. The dynamic mutexes must not be in +** use when they are deallocated. Attempting to deallocate a static +** mutex results in undefined behavior. ^SQLite never deallocates +** a static mutex. +** +** ^The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt +** to enter a mutex. ^If another thread is already within the mutex, +** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return +** SQLITE_BUSY. ^The sqlite3_mutex_try() interface returns [SQLITE_OK] +** upon successful entry. ^(Mutexes created using +** SQLITE_MUTEX_RECURSIVE can be entered multiple times by the same thread. +** In such cases the, +** mutex must be exited an equal number of times before another thread +** can enter.)^ ^(If the same thread tries to enter any other +** kind of mutex more than once, the behavior is undefined. +** SQLite will never exhibit +** such behavior in its own use of mutexes.)^ +** +** ^(Some systems (for example, Windows 95) do not support the operation +** implemented by sqlite3_mutex_try(). On those systems, sqlite3_mutex_try() +** will always return SQLITE_BUSY. The SQLite core only ever uses +** sqlite3_mutex_try() as an optimization so this is acceptable behavior.)^ +** +** ^The sqlite3_mutex_leave() routine exits a mutex that was +** previously entered by the same thread. ^(The behavior +** is undefined if the mutex is not currently entered by the +** calling thread or is not currently allocated. SQLite will +** never do either.)^ +** +** ^If the argument to sqlite3_mutex_enter(), sqlite3_mutex_try(), or +** sqlite3_mutex_leave() is a NULL pointer, then all three routines +** behave as no-ops. +** +** See also: [sqlite3_mutex_held()] and [sqlite3_mutex_notheld()]. +*/ +SQLITE_API sqlite3_mutex *sqlite3_mutex_alloc(int); +SQLITE_API void sqlite3_mutex_free(sqlite3_mutex*); +SQLITE_API void sqlite3_mutex_enter(sqlite3_mutex*); +SQLITE_API int sqlite3_mutex_try(sqlite3_mutex*); +SQLITE_API void sqlite3_mutex_leave(sqlite3_mutex*); + +/* +** CAPI3REF: Mutex Methods Object +** +** An instance of this structure defines the low-level routines +** used to allocate and use mutexes. +** +** Usually, the default mutex implementations provided by SQLite are +** sufficient, however the user has the option of substituting a custom +** implementation for specialized deployments or systems for which SQLite +** does not provide a suitable implementation. In this case, the user +** creates and populates an instance of this structure to pass +** to sqlite3_config() along with the [SQLITE_CONFIG_MUTEX] option. +** Additionally, an instance of this structure can be used as an +** output variable when querying the system for the current mutex +** implementation, using the [SQLITE_CONFIG_GETMUTEX] option. +** +** ^The xMutexInit method defined by this structure is invoked as +** part of system initialization by the sqlite3_initialize() function. +** ^The xMutexInit routine is called by SQLite exactly once for each +** effective call to [sqlite3_initialize()]. +** +** ^The xMutexEnd method defined by this structure is invoked as +** part of system shutdown by the sqlite3_shutdown() function. The +** implementation of this method is expected to release all outstanding +** resources obtained by the mutex methods implementation, especially +** those obtained by the xMutexInit method. ^The xMutexEnd() +** interface is invoked exactly once for each call to [sqlite3_shutdown()]. +** +** ^(The remaining seven methods defined by this structure (xMutexAlloc, +** xMutexFree, xMutexEnter, xMutexTry, xMutexLeave, xMutexHeld and +** xMutexNotheld) implement the following interfaces (respectively): +** +**
    +**
  • [sqlite3_mutex_alloc()]
    • +**
  • [sqlite3_mutex_free()]
    • +**
  • [sqlite3_mutex_enter()]
    • +**
  • [sqlite3_mutex_try()]
    • +**
  • [sqlite3_mutex_leave()]
    • +**
  • [sqlite3_mutex_held()]
    • +**
  • [sqlite3_mutex_notheld()]
    • +**
)^ +** +** The only difference is that the public sqlite3_XXX functions enumerated +** above silently ignore any invocations that pass a NULL pointer instead +** of a valid mutex handle. The implementations of the methods defined +** by this structure are not required to handle this case, the results +** of passing a NULL pointer instead of a valid mutex handle are undefined +** (i.e. it is acceptable to provide an implementation that segfaults if +** it is passed a NULL pointer). +** +** The xMutexInit() method must be threadsafe. ^It must be harmless to +** invoke xMutexInit() multiple times within the same process and without +** intervening calls to xMutexEnd(). Second and subsequent calls to +** xMutexInit() must be no-ops. +** +** ^xMutexInit() must not use SQLite memory allocation ([sqlite3_malloc()] +** and its associates). ^Similarly, xMutexAlloc() must not use SQLite memory +** allocation for a static mutex. ^However xMutexAlloc() may use SQLite +** memory allocation for a fast or recursive mutex. +** +** ^SQLite will invoke the xMutexEnd() method when [sqlite3_shutdown()] is +** called, but only if the prior call to xMutexInit returned SQLITE_OK. +** If xMutexInit fails in any way, it is expected to clean up after itself +** prior to returning. +*/ +typedef struct sqlite3_mutex_methods sqlite3_mutex_methods; +struct sqlite3_mutex_methods { + int (*xMutexInit)(void); + int (*xMutexEnd)(void); + sqlite3_mutex *(*xMutexAlloc)(int); + void (*xMutexFree)(sqlite3_mutex *); + void (*xMutexEnter)(sqlite3_mutex *); + int (*xMutexTry)(sqlite3_mutex *); + void (*xMutexLeave)(sqlite3_mutex *); + int (*xMutexHeld)(sqlite3_mutex *); + int (*xMutexNotheld)(sqlite3_mutex *); +}; + +/* +** CAPI3REF: Mutex Verification Routines +** +** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routines +** are intended for use inside assert() statements. ^The SQLite core +** never uses these routines except inside an assert() and applications +** are advised to follow the lead of the core. ^The SQLite core only +** provides implementations for these routines when it is compiled +** with the SQLITE_DEBUG flag. ^External mutex implementations +** are only required to provide these routines if SQLITE_DEBUG is +** defined and if NDEBUG is not defined. +** +** ^These routines should return true if the mutex in their argument +** is held or not held, respectively, by the calling thread. +** +** ^The implementation is not required to provided versions of these +** routines that actually work. If the implementation does not provide working +** versions of these routines, it should at least provide stubs that always +** return true so that one does not get spurious assertion failures. +** +** ^If the argument to sqlite3_mutex_held() is a NULL pointer then +** the routine should return 1. This seems counter-intuitive since +** clearly the mutex cannot be held if it does not exist. But +** the reason the mutex does not exist is because the build is not +** using mutexes. And we do not want the assert() containing the +** call to sqlite3_mutex_held() to fail, so a non-zero return is +** the appropriate thing to do. ^The sqlite3_mutex_notheld() +** interface should also return 1 when given a NULL pointer. +*/ +#ifndef NDEBUG +SQLITE_API int sqlite3_mutex_held(sqlite3_mutex*); +SQLITE_API int sqlite3_mutex_notheld(sqlite3_mutex*); +#endif + +/* +** CAPI3REF: Mutex Types +** +** The [sqlite3_mutex_alloc()] interface takes a single argument +** which is one of these integer constants. +** +** The set of static mutexes may change from one SQLite release to the +** next. Applications that override the built-in mutex logic must be +** prepared to accommodate additional static mutexes. +*/ +#define SQLITE_MUTEX_FAST 0 +#define SQLITE_MUTEX_RECURSIVE 1 +#define SQLITE_MUTEX_STATIC_MASTER 2 +#define SQLITE_MUTEX_STATIC_MEM 3 /* sqlite3_malloc() */ +#define SQLITE_MUTEX_STATIC_MEM2 4 /* NOT USED */ +#define SQLITE_MUTEX_STATIC_OPEN 4 /* sqlite3BtreeOpen() */ +#define SQLITE_MUTEX_STATIC_PRNG 5 /* sqlite3_random() */ +#define SQLITE_MUTEX_STATIC_LRU 6 /* lru page list */ +#define SQLITE_MUTEX_STATIC_LRU2 7 /* NOT USED */ +#define SQLITE_MUTEX_STATIC_PMEM 7 /* sqlite3PageMalloc() */ + +/* +** CAPI3REF: Retrieve the mutex for a database connection +** +** ^This interface returns a pointer the [sqlite3_mutex] object that +** serializes access to the [database connection] given in the argument +** when the [threading mode] is Serialized. +** ^If the [threading mode] is Single-thread or Multi-thread then this +** routine returns a NULL pointer. +*/ +SQLITE_API sqlite3_mutex *sqlite3_db_mutex(sqlite3*); + +/* +** CAPI3REF: Low-Level Control Of Database Files +** +** ^The [sqlite3_file_control()] interface makes a direct call to the +** xFileControl method for the [sqlite3_io_methods] object associated +** with a particular database identified by the second argument. ^The +** name of the database is "main" for the main database or "temp" for the +** TEMP database, or the name that appears after the AS keyword for +** databases that are added using the [ATTACH] SQL command. +** ^A NULL pointer can be used in place of "main" to refer to the +** main database file. +** ^The third and fourth parameters to this routine +** are passed directly through to the second and third parameters of +** the xFileControl method. ^The return value of the xFileControl +** method becomes the return value of this routine. +** +** ^The SQLITE_FCNTL_FILE_POINTER value for the op parameter causes +** a pointer to the underlying [sqlite3_file] object to be written into +** the space pointed to by the 4th parameter. ^The SQLITE_FCNTL_FILE_POINTER +** case is a short-circuit path which does not actually invoke the +** underlying sqlite3_io_methods.xFileControl method. +** +** ^If the second parameter (zDbName) does not match the name of any +** open database file, then SQLITE_ERROR is returned. ^This error +** code is not remembered and will not be recalled by [sqlite3_errcode()] +** or [sqlite3_errmsg()]. The underlying xFileControl method might +** also return SQLITE_ERROR. There is no way to distinguish between +** an incorrect zDbName and an SQLITE_ERROR return from the underlying +** xFileControl method. +** +** See also: [SQLITE_FCNTL_LOCKSTATE] +*/ +SQLITE_API int sqlite3_file_control(sqlite3*, const char *zDbName, int op, void*); + +/* +** CAPI3REF: Testing Interface +** +** ^The sqlite3_test_control() interface is used to read out internal +** state of SQLite and to inject faults into SQLite for testing +** purposes. ^The first parameter is an operation code that determines +** the number, meaning, and operation of all subsequent parameters. +** +** This interface is not for use by applications. It exists solely +** for verifying the correct operation of the SQLite library. Depending +** on how the SQLite library is compiled, this interface might not exist. +** +** The details of the operation codes, their meanings, the parameters +** they take, and what they do are all subject to change without notice. +** Unlike most of the SQLite API, this function is not guaranteed to +** operate consistently from one release to the next. +*/ +SQLITE_API int sqlite3_test_control(int op, ...); + +/* +** CAPI3REF: Testing Interface Operation Codes +** +** These constants are the valid operation code parameters used +** as the first argument to [sqlite3_test_control()]. +** +** These parameters and their meanings are subject to change +** without notice. These values are for testing purposes only. +** Applications should not use any of these parameters or the +** [sqlite3_test_control()] interface. +*/ +#define SQLITE_TESTCTRL_FIRST 5 +#define SQLITE_TESTCTRL_PRNG_SAVE 5 +#define SQLITE_TESTCTRL_PRNG_RESTORE 6 +#define SQLITE_TESTCTRL_PRNG_RESET 7 +#define SQLITE_TESTCTRL_BITVEC_TEST 8 +#define SQLITE_TESTCTRL_FAULT_INSTALL 9 +#define SQLITE_TESTCTRL_BENIGN_MALLOC_HOOKS 10 +#define SQLITE_TESTCTRL_PENDING_BYTE 11 +#define SQLITE_TESTCTRL_ASSERT 12 +#define SQLITE_TESTCTRL_ALWAYS 13 +#define SQLITE_TESTCTRL_RESERVE 14 +#define SQLITE_TESTCTRL_OPTIMIZATIONS 15 +#define SQLITE_TESTCTRL_ISKEYWORD 16 +#define SQLITE_TESTCTRL_PGHDRSZ 17 +#define SQLITE_TESTCTRL_SCRATCHMALLOC 18 +#define SQLITE_TESTCTRL_LOCALTIME_FAULT 19 +#define SQLITE_TESTCTRL_LAST 19 + +/* +** CAPI3REF: SQLite Runtime Status +** +** ^This interface is used to retrieve runtime status information +** about the performance of SQLite, and optionally to reset various +** highwater marks. ^The first argument is an integer code for +** the specific parameter to measure. ^(Recognized integer codes +** are of the form [status parameters | SQLITE_STATUS_...].)^ +** ^The current value of the parameter is returned into *pCurrent. +** ^The highest recorded value is returned in *pHighwater. ^If the +** resetFlag is true, then the highest record value is reset after +** *pHighwater is written. ^(Some parameters do not record the highest +** value. For those parameters +** nothing is written into *pHighwater and the resetFlag is ignored.)^ +** ^(Other parameters record only the highwater mark and not the current +** value. For these latter parameters nothing is written into *pCurrent.)^ +** +** ^The sqlite3_status() routine returns SQLITE_OK on success and a +** non-zero [error code] on failure. +** +** This routine is threadsafe but is not atomic. This routine can be +** called while other threads are running the same or different SQLite +** interfaces. However the values returned in *pCurrent and +** *pHighwater reflect the status of SQLite at different points in time +** and it is possible that another thread might change the parameter +** in between the times when *pCurrent and *pHighwater are written. +** +** See also: [sqlite3_db_status()] +*/ +SQLITE_API int sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag); + + +/* +** CAPI3REF: Status Parameters +** KEYWORDS: {status parameters} +** +** These integer constants designate various run-time status parameters +** that can be returned by [sqlite3_status()]. +** +**
+** [[SQLITE_STATUS_MEMORY_USED]] ^(
SQLITE_STATUS_MEMORY_USED
+**
This parameter is the current amount of memory checked out +** using [sqlite3_malloc()], either directly or indirectly. The +** figure includes calls made to [sqlite3_malloc()] by the application +** and internal memory usage by the SQLite library. Scratch memory +** controlled by [SQLITE_CONFIG_SCRATCH] and auxiliary page-cache +** memory controlled by [SQLITE_CONFIG_PAGECACHE] is not included in +** this parameter. The amount returned is the sum of the allocation +** sizes as reported by the xSize method in [sqlite3_mem_methods].
)^ +** +** [[SQLITE_STATUS_MALLOC_SIZE]] ^(
SQLITE_STATUS_MALLOC_SIZE
+**
This parameter records the largest memory allocation request +** handed to [sqlite3_malloc()] or [sqlite3_realloc()] (or their +** internal equivalents). Only the value returned in the +** *pHighwater parameter to [sqlite3_status()] is of interest. +** The value written into the *pCurrent parameter is undefined.
)^ +** +** [[SQLITE_STATUS_MALLOC_COUNT]] ^(
SQLITE_STATUS_MALLOC_COUNT
+**
This parameter records the number of separate memory allocations +** currently checked out.
)^ +** +** [[SQLITE_STATUS_PAGECACHE_USED]] ^(
SQLITE_STATUS_PAGECACHE_USED
+**
This parameter returns the number of pages used out of the +** [pagecache memory allocator] that was configured using +** [SQLITE_CONFIG_PAGECACHE]. The +** value returned is in pages, not in bytes.
)^ +** +** [[SQLITE_STATUS_PAGECACHE_OVERFLOW]] +** ^(
SQLITE_STATUS_PAGECACHE_OVERFLOW
+**
This parameter returns the number of bytes of page cache +** allocation which could not be satisfied by the [SQLITE_CONFIG_PAGECACHE] +** buffer and where forced to overflow to [sqlite3_malloc()]. The +** returned value includes allocations that overflowed because they +** where too large (they were larger than the "sz" parameter to +** [SQLITE_CONFIG_PAGECACHE]) and allocations that overflowed because +** no space was left in the page cache.
)^ +** +** [[SQLITE_STATUS_PAGECACHE_SIZE]] ^(
SQLITE_STATUS_PAGECACHE_SIZE
+**
This parameter records the largest memory allocation request +** handed to [pagecache memory allocator]. Only the value returned in the +** *pHighwater parameter to [sqlite3_status()] is of interest. +** The value written into the *pCurrent parameter is undefined.
)^ +** +** [[SQLITE_STATUS_SCRATCH_USED]] ^(
SQLITE_STATUS_SCRATCH_USED
+**
This parameter returns the number of allocations used out of the +** [scratch memory allocator] configured using +** [SQLITE_CONFIG_SCRATCH]. The value returned is in allocations, not +** in bytes. Since a single thread may only have one scratch allocation +** outstanding at time, this parameter also reports the number of threads +** using scratch memory at the same time.
)^ +** +** [[SQLITE_STATUS_SCRATCH_OVERFLOW]] ^(
SQLITE_STATUS_SCRATCH_OVERFLOW
+**
This parameter returns the number of bytes of scratch memory +** allocation which could not be satisfied by the [SQLITE_CONFIG_SCRATCH] +** buffer and where forced to overflow to [sqlite3_malloc()]. The values +** returned include overflows because the requested allocation was too +** larger (that is, because the requested allocation was larger than the +** "sz" parameter to [SQLITE_CONFIG_SCRATCH]) and because no scratch buffer +** slots were available. +**
)^ +** +** [[SQLITE_STATUS_SCRATCH_SIZE]] ^(
SQLITE_STATUS_SCRATCH_SIZE
+**
This parameter records the largest memory allocation request +** handed to [scratch memory allocator]. Only the value returned in the +** *pHighwater parameter to [sqlite3_status()] is of interest. +** The value written into the *pCurrent parameter is undefined.
)^ +** +** [[SQLITE_STATUS_PARSER_STACK]] ^(
SQLITE_STATUS_PARSER_STACK
+**
This parameter records the deepest parser stack. It is only +** meaningful if SQLite is compiled with [YYTRACKMAXSTACKDEPTH].
)^ +**
+** +** New status parameters may be added from time to time. +*/ +#define SQLITE_STATUS_MEMORY_USED 0 +#define SQLITE_STATUS_PAGECACHE_USED 1 +#define SQLITE_STATUS_PAGECACHE_OVERFLOW 2 +#define SQLITE_STATUS_SCRATCH_USED 3 +#define SQLITE_STATUS_SCRATCH_OVERFLOW 4 +#define SQLITE_STATUS_MALLOC_SIZE 5 +#define SQLITE_STATUS_PARSER_STACK 6 +#define SQLITE_STATUS_PAGECACHE_SIZE 7 +#define SQLITE_STATUS_SCRATCH_SIZE 8 +#define SQLITE_STATUS_MALLOC_COUNT 9 + +/* +** CAPI3REF: Database Connection Status +** +** ^This interface is used to retrieve runtime status information +** about a single [database connection]. ^The first argument is the +** database connection object to be interrogated. ^The second argument +** is an integer constant, taken from the set of +** [SQLITE_DBSTATUS options], that +** determines the parameter to interrogate. The set of +** [SQLITE_DBSTATUS options] is likely +** to grow in future releases of SQLite. +** +** ^The current value of the requested parameter is written into *pCur +** and the highest instantaneous value is written into *pHiwtr. ^If +** the resetFlg is true, then the highest instantaneous value is +** reset back down to the current value. +** +** ^The sqlite3_db_status() routine returns SQLITE_OK on success and a +** non-zero [error code] on failure. +** +** See also: [sqlite3_status()] and [sqlite3_stmt_status()]. +*/ +SQLITE_API int sqlite3_db_status(sqlite3*, int op, int *pCur, int *pHiwtr, int resetFlg); + +/* +** CAPI3REF: Status Parameters for database connections +** KEYWORDS: {SQLITE_DBSTATUS options} +** +** These constants are the available integer "verbs" that can be passed as +** the second argument to the [sqlite3_db_status()] interface. +** +** New verbs may be added in future releases of SQLite. Existing verbs +** might be discontinued. Applications should check the return code from +** [sqlite3_db_status()] to make sure that the call worked. +** The [sqlite3_db_status()] interface will return a non-zero error code +** if a discontinued or unsupported verb is invoked. +** +**
+** [[SQLITE_DBSTATUS_LOOKASIDE_USED]] ^(
SQLITE_DBSTATUS_LOOKASIDE_USED
+**
This parameter returns the number of lookaside memory slots currently +** checked out.
)^ +** +** [[SQLITE_DBSTATUS_LOOKASIDE_HIT]] ^(
SQLITE_DBSTATUS_LOOKASIDE_HIT
+**
This parameter returns the number malloc attempts that were +** satisfied using lookaside memory. Only the high-water value is meaningful; +** the current value is always zero.)^ +** +** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE]] +** ^(
SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE
+**
This parameter returns the number malloc attempts that might have +** been satisfied using lookaside memory but failed due to the amount of +** memory requested being larger than the lookaside slot size. +** Only the high-water value is meaningful; +** the current value is always zero.)^ +** +** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL]] +** ^(
SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL
+**
This parameter returns the number malloc attempts that might have +** been satisfied using lookaside memory but failed due to all lookaside +** memory already being in use. +** Only the high-water value is meaningful; +** the current value is always zero.)^ +** +** [[SQLITE_DBSTATUS_CACHE_USED]] ^(
SQLITE_DBSTATUS_CACHE_USED
+**
This parameter returns the approximate number of of bytes of heap +** memory used by all pager caches associated with the database connection.)^ +** ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_USED is always 0. +** +** [[SQLITE_DBSTATUS_SCHEMA_USED]] ^(
SQLITE_DBSTATUS_SCHEMA_USED
+**
This parameter returns the approximate number of of bytes of heap +** memory used to store the schema for all databases associated +** with the connection - main, temp, and any [ATTACH]-ed databases.)^ +** ^The full amount of memory used by the schemas is reported, even if the +** schema memory is shared with other database connections due to +** [shared cache mode] being enabled. +** ^The highwater mark associated with SQLITE_DBSTATUS_SCHEMA_USED is always 0. +** +** [[SQLITE_DBSTATUS_STMT_USED]] ^(
SQLITE_DBSTATUS_STMT_USED
+**
This parameter returns the approximate number of of bytes of heap +** and lookaside memory used by all prepared statements associated with +** the database connection.)^ +** ^The highwater mark associated with SQLITE_DBSTATUS_STMT_USED is always 0. +**
+**
+*/ +#define SQLITE_DBSTATUS_LOOKASIDE_USED 0 +#define SQLITE_DBSTATUS_CACHE_USED 1 +#define SQLITE_DBSTATUS_SCHEMA_USED 2 +#define SQLITE_DBSTATUS_STMT_USED 3 +#define SQLITE_DBSTATUS_LOOKASIDE_HIT 4 +#define SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE 5 +#define SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL 6 +#define SQLITE_DBSTATUS_MAX 6 /* Largest defined DBSTATUS */ + + +/* +** CAPI3REF: Prepared Statement Status +** +** ^(Each prepared statement maintains various +** [SQLITE_STMTSTATUS counters] that measure the number +** of times it has performed specific operations.)^ These counters can +** be used to monitor the performance characteristics of the prepared +** statements. For example, if the number of table steps greatly exceeds +** the number of table searches or result rows, that would tend to indicate +** that the prepared statement is using a full table scan rather than +** an index. +** +** ^(This interface is used to retrieve and reset counter values from +** a [prepared statement]. The first argument is the prepared statement +** object to be interrogated. The second argument +** is an integer code for a specific [SQLITE_STMTSTATUS counter] +** to be interrogated.)^ +** ^The current value of the requested counter is returned. +** ^If the resetFlg is true, then the counter is reset to zero after this +** interface call returns. +** +** See also: [sqlite3_status()] and [sqlite3_db_status()]. +*/ +SQLITE_API int sqlite3_stmt_status(sqlite3_stmt*, int op,int resetFlg); + +/* +** CAPI3REF: Status Parameters for prepared statements +** KEYWORDS: {SQLITE_STMTSTATUS counter} {SQLITE_STMTSTATUS counters} +** +** These preprocessor macros define integer codes that name counter +** values associated with the [sqlite3_stmt_status()] interface. +** The meanings of the various counters are as follows: +** +**
+** [[SQLITE_STMTSTATUS_FULLSCAN_STEP]]
SQLITE_STMTSTATUS_FULLSCAN_STEP
+**
^This is the number of times that SQLite has stepped forward in +** a table as part of a full table scan. Large numbers for this counter +** may indicate opportunities for performance improvement through +** careful use of indices.
+** +** [[SQLITE_STMTSTATUS_SORT]]
SQLITE_STMTSTATUS_SORT
+**
^This is the number of sort operations that have occurred. +** A non-zero value in this counter may indicate an opportunity to +** improvement performance through careful use of indices.
+** +** [[SQLITE_STMTSTATUS_AUTOINDEX]]
SQLITE_STMTSTATUS_AUTOINDEX
+**
^This is the number of rows inserted into transient indices that +** were created automatically in order to help joins run faster. +** A non-zero value in this counter may indicate an opportunity to +** improvement performance by adding permanent indices that do not +** need to be reinitialized each time the statement is run.
+** +**
+*/ +#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1 +#define SQLITE_STMTSTATUS_SORT 2 +#define SQLITE_STMTSTATUS_AUTOINDEX 3 + +/* +** CAPI3REF: Custom Page Cache Object +** +** The sqlite3_pcache type is opaque. It is implemented by +** the pluggable module. The SQLite core has no knowledge of +** its size or internal structure and never deals with the +** sqlite3_pcache object except by holding and passing pointers +** to the object. +** +** See [sqlite3_pcache_methods] for additional information. +*/ +typedef struct sqlite3_pcache sqlite3_pcache; + +/* +** CAPI3REF: Application Defined Page Cache. +** KEYWORDS: {page cache} +** +** ^(The [sqlite3_config]([SQLITE_CONFIG_PCACHE], ...) interface can +** register an alternative page cache implementation by passing in an +** instance of the sqlite3_pcache_methods structure.)^ +** In many applications, most of the heap memory allocated by +** SQLite is used for the page cache. +** By implementing a +** custom page cache using this API, an application can better control +** the amount of memory consumed by SQLite, the way in which +** that memory is allocated and released, and the policies used to +** determine exactly which parts of a database file are cached and for +** how long. +** +** The alternative page cache mechanism is an +** extreme measure that is only needed by the most demanding applications. +** The built-in page cache is recommended for most uses. +** +** ^(The contents of the sqlite3_pcache_methods structure are copied to an +** internal buffer by SQLite within the call to [sqlite3_config]. Hence +** the application may discard the parameter after the call to +** [sqlite3_config()] returns.)^ +** +** [[the xInit() page cache method]] +** ^(The xInit() method is called once for each effective +** call to [sqlite3_initialize()])^ +** (usually only once during the lifetime of the process). ^(The xInit() +** method is passed a copy of the sqlite3_pcache_methods.pArg value.)^ +** The intent of the xInit() method is to set up global data structures +** required by the custom page cache implementation. +** ^(If the xInit() method is NULL, then the +** built-in default page cache is used instead of the application defined +** page cache.)^ +** +** [[the xShutdown() page cache method]] +** ^The xShutdown() method is called by [sqlite3_shutdown()]. +** It can be used to clean up +** any outstanding resources before process shutdown, if required. +** ^The xShutdown() method may be NULL. +** +** ^SQLite automatically serializes calls to the xInit method, +** so the xInit method need not be threadsafe. ^The +** xShutdown method is only called from [sqlite3_shutdown()] so it does +** not need to be threadsafe either. All other methods must be threadsafe +** in multithreaded applications. +** +** ^SQLite will never invoke xInit() more than once without an intervening +** call to xShutdown(). +** +** [[the xCreate() page cache methods]] +** ^SQLite invokes the xCreate() method to construct a new cache instance. +** SQLite will typically create one cache instance for each open database file, +** though this is not guaranteed. ^The +** first parameter, szPage, is the size in bytes of the pages that must +** be allocated by the cache. ^szPage will not be a power of two. ^szPage +** will the page size of the database file that is to be cached plus an +** increment (here called "R") of less than 250. SQLite will use the +** extra R bytes on each page to store metadata about the underlying +** database page on disk. The value of R depends +** on the SQLite version, the target platform, and how SQLite was compiled. +** ^(R is constant for a particular build of SQLite. Except, there are two +** distinct values of R when SQLite is compiled with the proprietary +** ZIPVFS extension.)^ ^The second argument to +** xCreate(), bPurgeable, is true if the cache being created will +** be used to cache database pages of a file stored on disk, or +** false if it is used for an in-memory database. The cache implementation +** does not have to do anything special based with the value of bPurgeable; +** it is purely advisory. ^On a cache where bPurgeable is false, SQLite will +** never invoke xUnpin() except to deliberately delete a page. +** ^In other words, calls to xUnpin() on a cache with bPurgeable set to +** false will always have the "discard" flag set to true. +** ^Hence, a cache created with bPurgeable false will +** never contain any unpinned pages. +** +** [[the xCachesize() page cache method]] +** ^(The xCachesize() method may be called at any time by SQLite to set the +** suggested maximum cache-size (number of pages stored by) the cache +** instance passed as the first argument. This is the value configured using +** the SQLite "[PRAGMA cache_size]" command.)^ As with the bPurgeable +** parameter, the implementation is not required to do anything with this +** value; it is advisory only. +** +** [[the xPagecount() page cache methods]] +** The xPagecount() method must return the number of pages currently +** stored in the cache, both pinned and unpinned. +** +** [[the xFetch() page cache methods]] +** The xFetch() method locates a page in the cache and returns a pointer to +** the page, or a NULL pointer. +** A "page", in this context, means a buffer of szPage bytes aligned at an +** 8-byte boundary. The page to be fetched is determined by the key. ^The +** minimum key value is 1. After it has been retrieved using xFetch, the page +** is considered to be "pinned". +** +** If the requested page is already in the page cache, then the page cache +** implementation must return a pointer to the page buffer with its content +** intact. If the requested page is not already in the cache, then the +** cache implementation should use the value of the createFlag +** parameter to help it determined what action to take: +** +** +**
createFlag Behaviour when page is not already in cache +**
0 Do not allocate a new page. Return NULL. +**
1 Allocate a new page if it easy and convenient to do so. +** Otherwise return NULL. +**
2 Make every effort to allocate a new page. Only return +** NULL if allocating a new page is effectively impossible. +**
+** +** ^(SQLite will normally invoke xFetch() with a createFlag of 0 or 1. SQLite +** will only use a createFlag of 2 after a prior call with a createFlag of 1 +** failed.)^ In between the to xFetch() calls, SQLite may +** attempt to unpin one or more cache pages by spilling the content of +** pinned pages to disk and synching the operating system disk cache. +** +** [[the xUnpin() page cache method]] +** ^xUnpin() is called by SQLite with a pointer to a currently pinned page +** as its second argument. If the third parameter, discard, is non-zero, +** then the page must be evicted from the cache. +** ^If the discard parameter is +** zero, then the page may be discarded or retained at the discretion of +** page cache implementation. ^The page cache implementation +** may choose to evict unpinned pages at any time. +** +** The cache must not perform any reference counting. A single +** call to xUnpin() unpins the page regardless of the number of prior calls +** to xFetch(). +** +** [[the xRekey() page cache methods]] +** The xRekey() method is used to change the key value associated with the +** page passed as the second argument. If the cache +** previously contains an entry associated with newKey, it must be +** discarded. ^Any prior cache entry associated with newKey is guaranteed not +** to be pinned. +** +** When SQLite calls the xTruncate() method, the cache must discard all +** existing cache entries with page numbers (keys) greater than or equal +** to the value of the iLimit parameter passed to xTruncate(). If any +** of these pages are pinned, they are implicitly unpinned, meaning that +** they can be safely discarded. +** +** [[the xDestroy() page cache method]] +** ^The xDestroy() method is used to delete a cache allocated by xCreate(). +** All resources associated with the specified cache should be freed. ^After +** calling the xDestroy() method, SQLite considers the [sqlite3_pcache*] +** handle invalid, and will not use it with any other sqlite3_pcache_methods +** functions. +*/ +typedef struct sqlite3_pcache_methods sqlite3_pcache_methods; +struct sqlite3_pcache_methods { + void *pArg; + int (*xInit)(void*); + void (*xShutdown)(void*); + sqlite3_pcache *(*xCreate)(int szPage, int bPurgeable); + void (*xCachesize)(sqlite3_pcache*, int nCachesize); + int (*xPagecount)(sqlite3_pcache*); + void *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag); + void (*xUnpin)(sqlite3_pcache*, void*, int discard); + void (*xRekey)(sqlite3_pcache*, void*, unsigned oldKey, unsigned newKey); + void (*xTruncate)(sqlite3_pcache*, unsigned iLimit); + void (*xDestroy)(sqlite3_pcache*); +}; + +/* +** CAPI3REF: Online Backup Object +** +** The sqlite3_backup object records state information about an ongoing +** online backup operation. ^The sqlite3_backup object is created by +** a call to [sqlite3_backup_init()] and is destroyed by a call to +** [sqlite3_backup_finish()]. +** +** See Also: [Using the SQLite Online Backup API] +*/ +typedef struct sqlite3_backup sqlite3_backup; + +/* +** CAPI3REF: Online Backup API. +** +** The backup API copies the content of one database into another. +** It is useful either for creating backups of databases or +** for copying in-memory databases to or from persistent files. +** +** See Also: [Using the SQLite Online Backup API] +** +** ^SQLite holds a write transaction open on the destination database file +** for the duration of the backup operation. +** ^The source database is read-locked only while it is being read; +** it is not locked continuously for the entire backup operation. +** ^Thus, the backup may be performed on a live source database without +** preventing other database connections from +** reading or writing to the source database while the backup is underway. +** +** ^(To perform a backup operation: +**
    +**
  1. sqlite3_backup_init() is called once to initialize the +** backup, +**
  2. sqlite3_backup_step() is called one or more times to transfer +** the data between the two databases, and finally +**
  3. sqlite3_backup_finish() is called to release all resources +** associated with the backup operation. +**
)^ +** There should be exactly one call to sqlite3_backup_finish() for each +** successful call to sqlite3_backup_init(). +** +** [[sqlite3_backup_init()]] sqlite3_backup_init() +** +** ^The D and N arguments to sqlite3_backup_init(D,N,S,M) are the +** [database connection] associated with the destination database +** and the database name, respectively. +** ^The database name is "main" for the main database, "temp" for the +** temporary database, or the name specified after the AS keyword in +** an [ATTACH] statement for an attached database. +** ^The S and M arguments passed to +** sqlite3_backup_init(D,N,S,M) identify the [database connection] +** and database name of the source database, respectively. +** ^The source and destination [database connections] (parameters S and D) +** must be different or else sqlite3_backup_init(D,N,S,M) will fail with +** an error. +** +** ^If an error occurs within sqlite3_backup_init(D,N,S,M), then NULL is +** returned and an error code and error message are stored in the +** destination [database connection] D. +** ^The error code and message for the failed call to sqlite3_backup_init() +** can be retrieved using the [sqlite3_errcode()], [sqlite3_errmsg()], and/or +** [sqlite3_errmsg16()] functions. +** ^A successful call to sqlite3_backup_init() returns a pointer to an +** [sqlite3_backup] object. +** ^The [sqlite3_backup] object may be used with the sqlite3_backup_step() and +** sqlite3_backup_finish() functions to perform the specified backup +** operation. +** +** [[sqlite3_backup_step()]] sqlite3_backup_step() +** +** ^Function sqlite3_backup_step(B,N) will copy up to N pages between +** the source and destination databases specified by [sqlite3_backup] object B. +** ^If N is negative, all remaining source pages are copied. +** ^If sqlite3_backup_step(B,N) successfully copies N pages and there +** are still more pages to be copied, then the function returns [SQLITE_OK]. +** ^If sqlite3_backup_step(B,N) successfully finishes copying all pages +** from source to destination, then it returns [SQLITE_DONE]. +** ^If an error occurs while running sqlite3_backup_step(B,N), +** then an [error code] is returned. ^As well as [SQLITE_OK] and +** [SQLITE_DONE], a call to sqlite3_backup_step() may return [SQLITE_READONLY], +** [SQLITE_NOMEM], [SQLITE_BUSY], [SQLITE_LOCKED], or an +** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX] extended error code. +** +** ^(The sqlite3_backup_step() might return [SQLITE_READONLY] if +**
    +**
  1. the destination database was opened read-only, or +**
  2. the destination database is using write-ahead-log journaling +** and the destination and source page sizes differ, or +**
  3. the destination database is an in-memory database and the +** destination and source page sizes differ. +**
)^ +** +** ^If sqlite3_backup_step() cannot obtain a required file-system lock, then +** the [sqlite3_busy_handler | busy-handler function] +** is invoked (if one is specified). ^If the +** busy-handler returns non-zero before the lock is available, then +** [SQLITE_BUSY] is returned to the caller. ^In this case the call to +** sqlite3_backup_step() can be retried later. ^If the source +** [database connection] +** is being used to write to the source database when sqlite3_backup_step() +** is called, then [SQLITE_LOCKED] is returned immediately. ^Again, in this +** case the call to sqlite3_backup_step() can be retried later on. ^(If +** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX], [SQLITE_NOMEM], or +** [SQLITE_READONLY] is returned, then +** there is no point in retrying the call to sqlite3_backup_step(). These +** errors are considered fatal.)^ The application must accept +** that the backup operation has failed and pass the backup operation handle +** to the sqlite3_backup_finish() to release associated resources. +** +** ^The first call to sqlite3_backup_step() obtains an exclusive lock +** on the destination file. ^The exclusive lock is not released until either +** sqlite3_backup_finish() is called or the backup operation is complete +** and sqlite3_backup_step() returns [SQLITE_DONE]. ^Every call to +** sqlite3_backup_step() obtains a [shared lock] on the source database that +** lasts for the duration of the sqlite3_backup_step() call. +** ^Because the source database is not locked between calls to +** sqlite3_backup_step(), the source database may be modified mid-way +** through the backup process. ^If the source database is modified by an +** external process or via a database connection other than the one being +** used by the backup operation, then the backup will be automatically +** restarted by the next call to sqlite3_backup_step(). ^If the source +** database is modified by the using the same database connection as is used +** by the backup operation, then the backup database is automatically +** updated at the same time. +** +** [[sqlite3_backup_finish()]] sqlite3_backup_finish() +** +** When sqlite3_backup_step() has returned [SQLITE_DONE], or when the +** application wishes to abandon the backup operation, the application +** should destroy the [sqlite3_backup] by passing it to sqlite3_backup_finish(). +** ^The sqlite3_backup_finish() interfaces releases all +** resources associated with the [sqlite3_backup] object. +** ^If sqlite3_backup_step() has not yet returned [SQLITE_DONE], then any +** active write-transaction on the destination database is rolled back. +** The [sqlite3_backup] object is invalid +** and may not be used following a call to sqlite3_backup_finish(). +** +** ^The value returned by sqlite3_backup_finish is [SQLITE_OK] if no +** sqlite3_backup_step() errors occurred, regardless or whether or not +** sqlite3_backup_step() completed. +** ^If an out-of-memory condition or IO error occurred during any prior +** sqlite3_backup_step() call on the same [sqlite3_backup] object, then +** sqlite3_backup_finish() returns the corresponding [error code]. +** +** ^A return of [SQLITE_BUSY] or [SQLITE_LOCKED] from sqlite3_backup_step() +** is not a permanent error and does not affect the return value of +** sqlite3_backup_finish(). +** +** [[sqlite3_backup__remaining()]] [[sqlite3_backup_pagecount()]] +** sqlite3_backup_remaining() and sqlite3_backup_pagecount() +** +** ^Each call to sqlite3_backup_step() sets two values inside +** the [sqlite3_backup] object: the number of pages still to be backed +** up and the total number of pages in the source database file. +** The sqlite3_backup_remaining() and sqlite3_backup_pagecount() interfaces +** retrieve these two values, respectively. +** +** ^The values returned by these functions are only updated by +** sqlite3_backup_step(). ^If the source database is modified during a backup +** operation, then the values are not updated to account for any extra +** pages that need to be updated or the size of the source database file +** changing. +** +** Concurrent Usage of Database Handles +** +** ^The source [database connection] may be used by the application for other +** purposes while a backup operation is underway or being initialized. +** ^If SQLite is compiled and configured to support threadsafe database +** connections, then the source database connection may be used concurrently +** from within other threads. +** +** However, the application must guarantee that the destination +** [database connection] is not passed to any other API (by any thread) after +** sqlite3_backup_init() is called and before the corresponding call to +** sqlite3_backup_finish(). SQLite does not currently check to see +** if the application incorrectly accesses the destination [database connection] +** and so no error code is reported, but the operations may malfunction +** nevertheless. Use of the destination database connection while a +** backup is in progress might also also cause a mutex deadlock. +** +** If running in [shared cache mode], the application must +** guarantee that the shared cache used by the destination database +** is not accessed while the backup is running. In practice this means +** that the application must guarantee that the disk file being +** backed up to is not accessed by any connection within the process, +** not just the specific connection that was passed to sqlite3_backup_init(). +** +** The [sqlite3_backup] object itself is partially threadsafe. Multiple +** threads may safely make multiple concurrent calls to sqlite3_backup_step(). +** However, the sqlite3_backup_remaining() and sqlite3_backup_pagecount() +** APIs are not strictly speaking threadsafe. If they are invoked at the +** same time as another thread is invoking sqlite3_backup_step() it is +** possible that they return invalid values. +*/ +SQLITE_API sqlite3_backup *sqlite3_backup_init( + sqlite3 *pDest, /* Destination database handle */ + const char *zDestName, /* Destination database name */ + sqlite3 *pSource, /* Source database handle */ + const char *zSourceName /* Source database name */ +); +SQLITE_API int sqlite3_backup_step(sqlite3_backup *p, int nPage); +SQLITE_API int sqlite3_backup_finish(sqlite3_backup *p); +SQLITE_API int sqlite3_backup_remaining(sqlite3_backup *p); +SQLITE_API int sqlite3_backup_pagecount(sqlite3_backup *p); + +/* +** CAPI3REF: Unlock Notification +** +** ^When running in shared-cache mode, a database operation may fail with +** an [SQLITE_LOCKED] error if the required locks on the shared-cache or +** individual tables within the shared-cache cannot be obtained. See +** [SQLite Shared-Cache Mode] for a description of shared-cache locking. +** ^This API may be used to register a callback that SQLite will invoke +** when the connection currently holding the required lock relinquishes it. +** ^This API is only available if the library was compiled with the +** [SQLITE_ENABLE_UNLOCK_NOTIFY] C-preprocessor symbol defined. +** +** See Also: [Using the SQLite Unlock Notification Feature]. +** +** ^Shared-cache locks are released when a database connection concludes +** its current transaction, either by committing it or rolling it back. +** +** ^When a connection (known as the blocked connection) fails to obtain a +** shared-cache lock and SQLITE_LOCKED is returned to the caller, the +** identity of the database connection (the blocking connection) that +** has locked the required resource is stored internally. ^After an +** application receives an SQLITE_LOCKED error, it may call the +** sqlite3_unlock_notify() method with the blocked connection handle as +** the first argument to register for a callback that will be invoked +** when the blocking connections current transaction is concluded. ^The +** callback is invoked from within the [sqlite3_step] or [sqlite3_close] +** call that concludes the blocking connections transaction. +** +** ^(If sqlite3_unlock_notify() is called in a multi-threaded application, +** there is a chance that the blocking connection will have already +** concluded its transaction by the time sqlite3_unlock_notify() is invoked. +** If this happens, then the specified callback is invoked immediately, +** from within the call to sqlite3_unlock_notify().)^ +** +** ^If the blocked connection is attempting to obtain a write-lock on a +** shared-cache table, and more than one other connection currently holds +** a read-lock on the same table, then SQLite arbitrarily selects one of +** the other connections to use as the blocking connection. +** +** ^(There may be at most one unlock-notify callback registered by a +** blocked connection. If sqlite3_unlock_notify() is called when the +** blocked connection already has a registered unlock-notify callback, +** then the new callback replaces the old.)^ ^If sqlite3_unlock_notify() is +** called with a NULL pointer as its second argument, then any existing +** unlock-notify callback is canceled. ^The blocked connections +** unlock-notify callback may also be canceled by closing the blocked +** connection using [sqlite3_close()]. +** +** The unlock-notify callback is not reentrant. If an application invokes +** any sqlite3_xxx API functions from within an unlock-notify callback, a +** crash or deadlock may be the result. +** +** ^Unless deadlock is detected (see below), sqlite3_unlock_notify() always +** returns SQLITE_OK. +** +** Callback Invocation Details +** +** When an unlock-notify callback is registered, the application provides a +** single void* pointer that is passed to the callback when it is invoked. +** However, the signature of the callback function allows SQLite to pass +** it an array of void* context pointers. The first argument passed to +** an unlock-notify callback is a pointer to an array of void* pointers, +** and the second is the number of entries in the array. +** +** When a blocking connections transaction is concluded, there may be +** more than one blocked connection that has registered for an unlock-notify +** callback. ^If two or more such blocked connections have specified the +** same callback function, then instead of invoking the callback function +** multiple times, it is invoked once with the set of void* context pointers +** specified by the blocked connections bundled together into an array. +** This gives the application an opportunity to prioritize any actions +** related to the set of unblocked database connections. +** +** Deadlock Detection +** +** Assuming that after registering for an unlock-notify callback a +** database waits for the callback to be issued before taking any further +** action (a reasonable assumption), then using this API may cause the +** application to deadlock. For example, if connection X is waiting for +** connection Y's transaction to be concluded, and similarly connection +** Y is waiting on connection X's transaction, then neither connection +** will proceed and the system may remain deadlocked indefinitely. +** +** To avoid this scenario, the sqlite3_unlock_notify() performs deadlock +** detection. ^If a given call to sqlite3_unlock_notify() would put the +** system in a deadlocked state, then SQLITE_LOCKED is returned and no +** unlock-notify callback is registered. The system is said to be in +** a deadlocked state if connection A has registered for an unlock-notify +** callback on the conclusion of connection B's transaction, and connection +** B has itself registered for an unlock-notify callback when connection +** A's transaction is concluded. ^Indirect deadlock is also detected, so +** the system is also considered to be deadlocked if connection B has +** registered for an unlock-notify callback on the conclusion of connection +** C's transaction, where connection C is waiting on connection A. ^Any +** number of levels of indirection are allowed. +** +** The "DROP TABLE" Exception +** +** When a call to [sqlite3_step()] returns SQLITE_LOCKED, it is almost +** always appropriate to call sqlite3_unlock_notify(). There is however, +** one exception. When executing a "DROP TABLE" or "DROP INDEX" statement, +** SQLite checks if there are any currently executing SELECT statements +** that belong to the same connection. If there are, SQLITE_LOCKED is +** returned. In this case there is no "blocking connection", so invoking +** sqlite3_unlock_notify() results in the unlock-notify callback being +** invoked immediately. If the application then re-attempts the "DROP TABLE" +** or "DROP INDEX" query, an infinite loop might be the result. +** +** One way around this problem is to check the extended error code returned +** by an sqlite3_step() call. ^(If there is a blocking connection, then the +** extended error code is set to SQLITE_LOCKED_SHAREDCACHE. Otherwise, in +** the special "DROP TABLE/INDEX" case, the extended error code is just +** SQLITE_LOCKED.)^ +*/ +SQLITE_API int sqlite3_unlock_notify( + sqlite3 *pBlocked, /* Waiting connection */ + void (*xNotify)(void **apArg, int nArg), /* Callback function to invoke */ + void *pNotifyArg /* Argument to pass to xNotify */ +); + + +/* +** CAPI3REF: String Comparison +** +** ^The [sqlite3_strnicmp()] API allows applications and extensions to +** compare the contents of two buffers containing UTF-8 strings in a +** case-independent fashion, using the same definition of case independence +** that SQLite uses internally when comparing identifiers. +*/ +SQLITE_API int sqlite3_strnicmp(const char *, const char *, int); + +/* +** CAPI3REF: Error Logging Interface +** +** ^The [sqlite3_log()] interface writes a message into the error log +** established by the [SQLITE_CONFIG_LOG] option to [sqlite3_config()]. +** ^If logging is enabled, the zFormat string and subsequent arguments are +** used with [sqlite3_snprintf()] to generate the final output string. +** +** The sqlite3_log() interface is intended for use by extensions such as +** virtual tables, collating functions, and SQL functions. While there is +** nothing to prevent an application from calling sqlite3_log(), doing so +** is considered bad form. +** +** The zFormat string must not be NULL. +** +** To avoid deadlocks and other threading problems, the sqlite3_log() routine +** will not use dynamically allocated memory. The log message is stored in +** a fixed-length buffer on the stack. If the log message is longer than +** a few hundred characters, it will be truncated to the length of the +** buffer. +*/ +SQLITE_API void sqlite3_log(int iErrCode, const char *zFormat, ...); + +/* +** CAPI3REF: Write-Ahead Log Commit Hook +** +** ^The [sqlite3_wal_hook()] function is used to register a callback that +** will be invoked each time a database connection commits data to a +** [write-ahead log] (i.e. whenever a transaction is committed in +** [journal_mode | journal_mode=WAL mode]). +** +** ^The callback is invoked by SQLite after the commit has taken place and +** the associated write-lock on the database released, so the implementation +** may read, write or [checkpoint] the database as required. +** +** ^The first parameter passed to the callback function when it is invoked +** is a copy of the third parameter passed to sqlite3_wal_hook() when +** registering the callback. ^The second is a copy of the database handle. +** ^The third parameter is the name of the database that was written to - +** either "main" or the name of an [ATTACH]-ed database. ^The fourth parameter +** is the number of pages currently in the write-ahead log file, +** including those that were just committed. +** +** The callback function should normally return [SQLITE_OK]. ^If an error +** code is returned, that error will propagate back up through the +** SQLite code base to cause the statement that provoked the callback +** to report an error, though the commit will have still occurred. If the +** callback returns [SQLITE_ROW] or [SQLITE_DONE], or if it returns a value +** that does not correspond to any valid SQLite error code, the results +** are undefined. +** +** A single database handle may have at most a single write-ahead log callback +** registered at one time. ^Calling [sqlite3_wal_hook()] replaces any +** previously registered write-ahead log callback. ^Note that the +** [sqlite3_wal_autocheckpoint()] interface and the +** [wal_autocheckpoint pragma] both invoke [sqlite3_wal_hook()] and will +** those overwrite any prior [sqlite3_wal_hook()] settings. +*/ +SQLITE_API void *sqlite3_wal_hook( + sqlite3*, + int(*)(void *,sqlite3*,const char*,int), + void* +); + +/* +** CAPI3REF: Configure an auto-checkpoint +** +** ^The [sqlite3_wal_autocheckpoint(D,N)] is a wrapper around +** [sqlite3_wal_hook()] that causes any database on [database connection] D +** to automatically [checkpoint] +** after committing a transaction if there are N or +** more frames in the [write-ahead log] file. ^Passing zero or +** a negative value as the nFrame parameter disables automatic +** checkpoints entirely. +** +** ^The callback registered by this function replaces any existing callback +** registered using [sqlite3_wal_hook()]. ^Likewise, registering a callback +** using [sqlite3_wal_hook()] disables the automatic checkpoint mechanism +** configured by this function. +** +** ^The [wal_autocheckpoint pragma] can be used to invoke this interface +** from SQL. +** +** ^Every new [database connection] defaults to having the auto-checkpoint +** enabled with a threshold of 1000 or [SQLITE_DEFAULT_WAL_AUTOCHECKPOINT] +** pages. The use of this interface +** is only necessary if the default setting is found to be suboptimal +** for a particular application. +*/ +SQLITE_API int sqlite3_wal_autocheckpoint(sqlite3 *db, int N); + +/* +** CAPI3REF: Checkpoint a database +** +** ^The [sqlite3_wal_checkpoint(D,X)] interface causes database named X +** on [database connection] D to be [checkpointed]. ^If X is NULL or an +** empty string, then a checkpoint is run on all databases of +** connection D. ^If the database connection D is not in +** [WAL | write-ahead log mode] then this interface is a harmless no-op. +** +** ^The [wal_checkpoint pragma] can be used to invoke this interface +** from SQL. ^The [sqlite3_wal_autocheckpoint()] interface and the +** [wal_autocheckpoint pragma] can be used to cause this interface to be +** run whenever the WAL reaches a certain size threshold. +** +** See also: [sqlite3_wal_checkpoint_v2()] +*/ +SQLITE_API int sqlite3_wal_checkpoint(sqlite3 *db, const char *zDb); + +/* +** CAPI3REF: Checkpoint a database +** +** Run a checkpoint operation on WAL database zDb attached to database +** handle db. The specific operation is determined by the value of the +** eMode parameter: +** +**
+**
SQLITE_CHECKPOINT_PASSIVE
+** Checkpoint as many frames as possible without waiting for any database +** readers or writers to finish. Sync the db file if all frames in the log +** are checkpointed. This mode is the same as calling +** sqlite3_wal_checkpoint(). The busy-handler callback is never invoked. +** +**
SQLITE_CHECKPOINT_FULL
+** This mode blocks (calls the busy-handler callback) until there is no +** database writer and all readers are reading from the most recent database +** snapshot. It then checkpoints all frames in the log file and syncs the +** database file. This call blocks database writers while it is running, +** but not database readers. +** +**
SQLITE_CHECKPOINT_RESTART
+** This mode works the same way as SQLITE_CHECKPOINT_FULL, except after +** checkpointing the log file it blocks (calls the busy-handler callback) +** until all readers are reading from the database file only. This ensures +** that the next client to write to the database file restarts the log file +** from the beginning. This call blocks database writers while it is running, +** but not database readers. +**
+** +** If pnLog is not NULL, then *pnLog is set to the total number of frames in +** the log file before returning. If pnCkpt is not NULL, then *pnCkpt is set to +** the total number of checkpointed frames (including any that were already +** checkpointed when this function is called). *pnLog and *pnCkpt may be +** populated even if sqlite3_wal_checkpoint_v2() returns other than SQLITE_OK. +** If no values are available because of an error, they are both set to -1 +** before returning to communicate this to the caller. +** +** All calls obtain an exclusive "checkpoint" lock on the database file. If +** any other process is running a checkpoint operation at the same time, the +** lock cannot be obtained and SQLITE_BUSY is returned. Even if there is a +** busy-handler configured, it will not be invoked in this case. +** +** The SQLITE_CHECKPOINT_FULL and RESTART modes also obtain the exclusive +** "writer" lock on the database file. If the writer lock cannot be obtained +** immediately, and a busy-handler is configured, it is invoked and the writer +** lock retried until either the busy-handler returns 0 or the lock is +** successfully obtained. The busy-handler is also invoked while waiting for +** database readers as described above. If the busy-handler returns 0 before +** the writer lock is obtained or while waiting for database readers, the +** checkpoint operation proceeds from that point in the same way as +** SQLITE_CHECKPOINT_PASSIVE - checkpointing as many frames as possible +** without blocking any further. SQLITE_BUSY is returned in this case. +** +** If parameter zDb is NULL or points to a zero length string, then the +** specified operation is attempted on all WAL databases. In this case the +** values written to output parameters *pnLog and *pnCkpt are undefined. If +** an SQLITE_BUSY error is encountered when processing one or more of the +** attached WAL databases, the operation is still attempted on any remaining +** attached databases and SQLITE_BUSY is returned to the caller. If any other +** error occurs while processing an attached database, processing is abandoned +** and the error code returned to the caller immediately. If no error +** (SQLITE_BUSY or otherwise) is encountered while processing the attached +** databases, SQLITE_OK is returned. +** +** If database zDb is the name of an attached database that is not in WAL +** mode, SQLITE_OK is returned and both *pnLog and *pnCkpt set to -1. If +** zDb is not NULL (or a zero length string) and is not the name of any +** attached database, SQLITE_ERROR is returned to the caller. +*/ +SQLITE_API int sqlite3_wal_checkpoint_v2( + sqlite3 *db, /* Database handle */ + const char *zDb, /* Name of attached database (or NULL) */ + int eMode, /* SQLITE_CHECKPOINT_* value */ + int *pnLog, /* OUT: Size of WAL log in frames */ + int *pnCkpt /* OUT: Total number of frames checkpointed */ +); + +/* +** CAPI3REF: Checkpoint operation parameters +** +** These constants can be used as the 3rd parameter to +** [sqlite3_wal_checkpoint_v2()]. See the [sqlite3_wal_checkpoint_v2()] +** documentation for additional information about the meaning and use of +** each of these values. +*/ +#define SQLITE_CHECKPOINT_PASSIVE 0 +#define SQLITE_CHECKPOINT_FULL 1 +#define SQLITE_CHECKPOINT_RESTART 2 + +/* +** CAPI3REF: Virtual Table Interface Configuration +** +** This function may be called by either the [xConnect] or [xCreate] method +** of a [virtual table] implementation to configure +** various facets of the virtual table interface. +** +** If this interface is invoked outside the context of an xConnect or +** xCreate virtual table method then the behavior is undefined. +** +** At present, there is only one option that may be configured using +** this function. (See [SQLITE_VTAB_CONSTRAINT_SUPPORT].) Further options +** may be added in the future. +*/ +SQLITE_API int sqlite3_vtab_config(sqlite3*, int op, ...); + +/* +** CAPI3REF: Virtual Table Configuration Options +** +** These macros define the various options to the +** [sqlite3_vtab_config()] interface that [virtual table] implementations +** can use to customize and optimize their behavior. +** +**
+**
SQLITE_VTAB_CONSTRAINT_SUPPORT +**
Calls of the form +** [sqlite3_vtab_config](db,SQLITE_VTAB_CONSTRAINT_SUPPORT,X) are supported, +** where X is an integer. If X is zero, then the [virtual table] whose +** [xCreate] or [xConnect] method invoked [sqlite3_vtab_config()] does not +** support constraints. In this configuration (which is the default) if +** a call to the [xUpdate] method returns [SQLITE_CONSTRAINT], then the entire +** statement is rolled back as if [ON CONFLICT | OR ABORT] had been +** specified as part of the users SQL statement, regardless of the actual +** ON CONFLICT mode specified. +** +** If X is non-zero, then the virtual table implementation guarantees +** that if [xUpdate] returns [SQLITE_CONSTRAINT], it will do so before +** any modifications to internal or persistent data structures have been made. +** If the [ON CONFLICT] mode is ABORT, FAIL, IGNORE or ROLLBACK, SQLite +** is able to roll back a statement or database transaction, and abandon +** or continue processing the current SQL statement as appropriate. +** If the ON CONFLICT mode is REPLACE and the [xUpdate] method returns +** [SQLITE_CONSTRAINT], SQLite handles this as if the ON CONFLICT mode +** had been ABORT. +** +** Virtual table implementations that are required to handle OR REPLACE +** must do so within the [xUpdate] method. If a call to the +** [sqlite3_vtab_on_conflict()] function indicates that the current ON +** CONFLICT policy is REPLACE, the virtual table implementation should +** silently replace the appropriate rows within the xUpdate callback and +** return SQLITE_OK. Or, if this is not possible, it may return +** SQLITE_CONSTRAINT, in which case SQLite falls back to OR ABORT +** constraint handling. +**
+*/ +#define SQLITE_VTAB_CONSTRAINT_SUPPORT 1 + +/* +** CAPI3REF: Determine The Virtual Table Conflict Policy +** +** This function may only be called from within a call to the [xUpdate] method +** of a [virtual table] implementation for an INSERT or UPDATE operation. ^The +** value returned is one of [SQLITE_ROLLBACK], [SQLITE_IGNORE], [SQLITE_FAIL], +** [SQLITE_ABORT], or [SQLITE_REPLACE], according to the [ON CONFLICT] mode +** of the SQL statement that triggered the call to the [xUpdate] method of the +** [virtual table]. +*/ +SQLITE_API int sqlite3_vtab_on_conflict(sqlite3 *); + +/* +** CAPI3REF: Conflict resolution modes +** +** These constants are returned by [sqlite3_vtab_on_conflict()] to +** inform a [virtual table] implementation what the [ON CONFLICT] mode +** is for the SQL statement being evaluated. +** +** Note that the [SQLITE_IGNORE] constant is also used as a potential +** return value from the [sqlite3_set_authorizer()] callback and that +** [SQLITE_ABORT] is also a [result code]. +*/ +#define SQLITE_ROLLBACK 1 +/* #define SQLITE_IGNORE 2 // Also used by sqlite3_authorizer() callback */ +#define SQLITE_FAIL 3 +/* #define SQLITE_ABORT 4 // Also an error code */ +#define SQLITE_REPLACE 5 + + + +/* +** Undo the hack that converts floating point types to integer for +** builds on processors without floating point support. +*/ +#ifdef SQLITE_OMIT_FLOATING_POINT +# undef double +#endif + +#if 0 +} /* End of the 'extern "C"' block */ +#endif +#endif + +/* +** 2010 August 30 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +*/ + +#ifndef _SQLITE3RTREE_H_ +#define _SQLITE3RTREE_H_ + + +#if 0 +extern "C" { +#endif + +typedef struct sqlite3_rtree_geometry sqlite3_rtree_geometry; + +/* +** Register a geometry callback named zGeom that can be used as part of an +** R-Tree geometry query as follows: +** +** SELECT ... FROM WHERE MATCH $zGeom(... params ...) +*/ +SQLITE_API int sqlite3_rtree_geometry_callback( + sqlite3 *db, + const char *zGeom, + int (*xGeom)(sqlite3_rtree_geometry *, int nCoord, double *aCoord, int *pRes), + void *pContext +); + + +/* +** A pointer to a structure of the following type is passed as the first +** argument to callbacks registered using rtree_geometry_callback(). +*/ +struct sqlite3_rtree_geometry { + void *pContext; /* Copy of pContext passed to s_r_g_c() */ + int nParam; /* Size of array aParam[] */ + double *aParam; /* Parameters passed to SQL geom function */ + void *pUser; /* Callback implementation user data */ + void (*xDelUser)(void *); /* Called by SQLite to clean up pUser */ +}; + + +#if 0 +} /* end of the 'extern "C"' block */ +#endif + +#endif /* ifndef _SQLITE3RTREE_H_ */ + + +/************** End of sqlite3.h *********************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +/************** Include hash.h in the middle of sqliteInt.h ******************/ +/************** Begin file hash.h ********************************************/ +/* +** 2001 September 22 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This is the header file for the generic hash-table implemenation +** used in SQLite. +*/ +#ifndef _SQLITE_HASH_H_ +#define _SQLITE_HASH_H_ + +/* Forward declarations of structures. */ +typedef struct Hash Hash; +typedef struct HashElem HashElem; + +/* A complete hash table is an instance of the following structure. +** The internals of this structure are intended to be opaque -- client +** code should not attempt to access or modify the fields of this structure +** directly. Change this structure only by using the routines below. +** However, some of the "procedures" and "functions" for modifying and +** accessing this structure are really macros, so we can't really make +** this structure opaque. +** +** All elements of the hash table are on a single doubly-linked list. +** Hash.first points to the head of this list. +** +** There are Hash.htsize buckets. Each bucket points to a spot in +** the global doubly-linked list. The contents of the bucket are the +** element pointed to plus the next _ht.count-1 elements in the list. +** +** Hash.htsize and Hash.ht may be zero. In that case lookup is done +** by a linear search of the global list. For small tables, the +** Hash.ht table is never allocated because if there are few elements +** in the table, it is faster to do a linear search than to manage +** the hash table. +*/ +struct Hash { + unsigned int htsize; /* Number of buckets in the hash table */ + unsigned int count; /* Number of entries in this table */ + HashElem *first; /* The first element of the array */ + struct _ht { /* the hash table */ + int count; /* Number of entries with this hash */ + HashElem *chain; /* Pointer to first entry with this hash */ + } *ht; +}; + +/* Each element in the hash table is an instance of the following +** structure. All elements are stored on a single doubly-linked list. +** +** Again, this structure is intended to be opaque, but it can't really +** be opaque because it is used by macros. +*/ +struct HashElem { + HashElem *next, *prev; /* Next and previous elements in the table */ + void *data; /* Data associated with this element */ + const char *pKey; int nKey; /* Key associated with this element */ +}; + +/* +** Access routines. To delete, insert a NULL pointer. +*/ +SQLITE_PRIVATE void sqlite3HashInit(Hash*); +SQLITE_PRIVATE void *sqlite3HashInsert(Hash*, const char *pKey, int nKey, void *pData); +SQLITE_PRIVATE void *sqlite3HashFind(const Hash*, const char *pKey, int nKey); +SQLITE_PRIVATE void sqlite3HashClear(Hash*); + +/* +** Macros for looping over all elements of a hash table. The idiom is +** like this: +** +** Hash h; +** HashElem *p; +** ... +** for(p=sqliteHashFirst(&h); p; p=sqliteHashNext(p)){ +** SomeStructure *pData = sqliteHashData(p); +** // do something with pData +** } +*/ +#define sqliteHashFirst(H) ((H)->first) +#define sqliteHashNext(E) ((E)->next) +#define sqliteHashData(E) ((E)->data) +/* #define sqliteHashKey(E) ((E)->pKey) // NOT USED */ +/* #define sqliteHashKeysize(E) ((E)->nKey) // NOT USED */ + +/* +** Number of entries in a hash table +*/ +/* #define sqliteHashCount(H) ((H)->count) // NOT USED */ + +#endif /* _SQLITE_HASH_H_ */ + +/************** End of hash.h ************************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +/************** Include parse.h in the middle of sqliteInt.h *****************/ +/************** Begin file parse.h *******************************************/ +#define TK_SEMI 1 +#define TK_EXPLAIN 2 +#define TK_QUERY 3 +#define TK_PLAN 4 +#define TK_BEGIN 5 +#define TK_TRANSACTION 6 +#define TK_DEFERRED 7 +#define TK_IMMEDIATE 8 +#define TK_EXCLUSIVE 9 +#define TK_COMMIT 10 +#define TK_END 11 +#define TK_ROLLBACK 12 +#define TK_SAVEPOINT 13 +#define TK_RELEASE 14 +#define TK_TO 15 +#define TK_TABLE 16 +#define TK_CREATE 17 +#define TK_IF 18 +#define TK_NOT 19 +#define TK_EXISTS 20 +#define TK_TEMP 21 +#define TK_LP 22 +#define TK_RP 23 +#define TK_AS 24 +#define TK_COMMA 25 +#define TK_ID 26 +#define TK_INDEXED 27 +#define TK_ABORT 28 +#define TK_ACTION 29 +#define TK_AFTER 30 +#define TK_ANALYZE 31 +#define TK_ASC 32 +#define TK_ATTACH 33 +#define TK_BEFORE 34 +#define TK_BY 35 +#define TK_CASCADE 36 +#define TK_CAST 37 +#define TK_COLUMNKW 38 +#define TK_CONFLICT 39 +#define TK_DATABASE 40 +#define TK_DESC 41 +#define TK_DETACH 42 +#define TK_EACH 43 +#define TK_FAIL 44 +#define TK_FOR 45 +#define TK_IGNORE 46 +#define TK_INITIALLY 47 +#define TK_INSTEAD 48 +#define TK_LIKE_KW 49 +#define TK_MATCH 50 +#define TK_NO 51 +#define TK_KEY 52 +#define TK_OF 53 +#define TK_OFFSET 54 +#define TK_PRAGMA 55 +#define TK_RAISE 56 +#define TK_REPLACE 57 +#define TK_RESTRICT 58 +#define TK_ROW 59 +#define TK_TRIGGER 60 +#define TK_VACUUM 61 +#define TK_VIEW 62 +#define TK_VIRTUAL 63 +#define TK_REINDEX 64 +#define TK_RENAME 65 +#define TK_CTIME_KW 66 +#define TK_ANY 67 +#define TK_OR 68 +#define TK_AND 69 +#define TK_IS 70 +#define TK_BETWEEN 71 +#define TK_IN 72 +#define TK_ISNULL 73 +#define TK_NOTNULL 74 +#define TK_NE 75 +#define TK_EQ 76 +#define TK_GT 77 +#define TK_LE 78 +#define TK_LT 79 +#define TK_GE 80 +#define TK_ESCAPE 81 +#define TK_BITAND 82 +#define TK_BITOR 83 +#define TK_LSHIFT 84 +#define TK_RSHIFT 85 +#define TK_PLUS 86 +#define TK_MINUS 87 +#define TK_STAR 88 +#define TK_SLASH 89 +#define TK_REM 90 +#define TK_CONCAT 91 +#define TK_COLLATE 92 +#define TK_BITNOT 93 +#define TK_STRING 94 +#define TK_JOIN_KW 95 +#define TK_CONSTRAINT 96 +#define TK_DEFAULT 97 +#define TK_NULL 98 +#define TK_PRIMARY 99 +#define TK_UNIQUE 100 +#define TK_CHECK 101 +#define TK_REFERENCES 102 +#define TK_AUTOINCR 103 +#define TK_ON 104 +#define TK_INSERT 105 +#define TK_DELETE 106 +#define TK_UPDATE 107 +#define TK_SET 108 +#define TK_DEFERRABLE 109 +#define TK_FOREIGN 110 +#define TK_DROP 111 +#define TK_UNION 112 +#define TK_ALL 113 +#define TK_EXCEPT 114 +#define TK_INTERSECT 115 +#define TK_SELECT 116 +#define TK_DISTINCT 117 +#define TK_DOT 118 +#define TK_FROM 119 +#define TK_JOIN 120 +#define TK_USING 121 +#define TK_ORDER 122 +#define TK_GROUP 123 +#define TK_HAVING 124 +#define TK_LIMIT 125 +#define TK_WHERE 126 +#define TK_INTO 127 +#define TK_VALUES 128 +#define TK_INTEGER 129 +#define TK_FLOAT 130 +#define TK_BLOB 131 +#define TK_REGISTER 132 +#define TK_VARIABLE 133 +#define TK_CASE 134 +#define TK_WHEN 135 +#define TK_THEN 136 +#define TK_ELSE 137 +#define TK_INDEX 138 +#define TK_ALTER 139 +#define TK_ADD 140 +#define TK_TO_TEXT 141 +#define TK_TO_BLOB 142 +#define TK_TO_NUMERIC 143 +#define TK_TO_INT 144 +#define TK_TO_REAL 145 +#define TK_ISNOT 146 +#define TK_END_OF_FILE 147 +#define TK_ILLEGAL 148 +#define TK_SPACE 149 +#define TK_UNCLOSED_STRING 150 +#define TK_FUNCTION 151 +#define TK_COLUMN 152 +#define TK_AGG_FUNCTION 153 +#define TK_AGG_COLUMN 154 +#define TK_CONST_FUNC 155 +#define TK_UMINUS 156 +#define TK_UPLUS 157 + +/************** End of parse.h ***********************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +#include +#include +#include +#include +#include + +/* +** If compiling for a processor that lacks floating point support, +** substitute integer for floating-point +*/ +#ifdef SQLITE_OMIT_FLOATING_POINT +# define double sqlite_int64 +# define float sqlite_int64 +# define LONGDOUBLE_TYPE sqlite_int64 +# ifndef SQLITE_BIG_DBL +# define SQLITE_BIG_DBL (((sqlite3_int64)1)<<50) +# endif +# define SQLITE_OMIT_DATETIME_FUNCS 1 +# define SQLITE_OMIT_TRACE 1 +# undef SQLITE_MIXED_ENDIAN_64BIT_FLOAT +# undef SQLITE_HAVE_ISNAN +#endif +#ifndef SQLITE_BIG_DBL +# define SQLITE_BIG_DBL (1e99) +#endif + +/* +** OMIT_TEMPDB is set to 1 if SQLITE_OMIT_TEMPDB is defined, or 0 +** afterward. Having this macro allows us to cause the C compiler +** to omit code used by TEMP tables without messy #ifndef statements. +*/ +#ifdef SQLITE_OMIT_TEMPDB +#define OMIT_TEMPDB 1 +#else +#define OMIT_TEMPDB 0 +#endif + +/* +** The "file format" number is an integer that is incremented whenever +** the VDBE-level file format changes. The following macros define the +** the default file format for new databases and the maximum file format +** that the library can read. +*/ +#define SQLITE_MAX_FILE_FORMAT 4 +#ifndef SQLITE_DEFAULT_FILE_FORMAT +# define SQLITE_DEFAULT_FILE_FORMAT 1 +#endif + +/* +** Determine whether triggers are recursive by default. This can be +** changed at run-time using a pragma. +*/ +#ifndef SQLITE_DEFAULT_RECURSIVE_TRIGGERS +# define SQLITE_DEFAULT_RECURSIVE_TRIGGERS 0 +#endif + +/* +** Provide a default value for SQLITE_TEMP_STORE in case it is not specified +** on the command-line +*/ +#ifndef SQLITE_TEMP_STORE +# define SQLITE_TEMP_STORE 1 +#endif + +/* +** GCC does not define the offsetof() macro so we'll have to do it +** ourselves. +*/ +#ifndef offsetof +#define offsetof(STRUCTURE,FIELD) ((int)((char*)&((STRUCTURE*)0)->FIELD)) +#endif + +/* +** Check to see if this machine uses EBCDIC. (Yes, believe it or +** not, there are still machines out there that use EBCDIC.) +*/ +#if 'A' == '\301' +# define SQLITE_EBCDIC 1 +#else +# define SQLITE_ASCII 1 +#endif + +/* +** Integers of known sizes. These typedefs might change for architectures +** where the sizes very. Preprocessor macros are available so that the +** types can be conveniently redefined at compile-type. Like this: +** +** cc '-DUINTPTR_TYPE=long long int' ... +*/ +#ifndef UINT32_TYPE +# ifdef HAVE_UINT32_T +# define UINT32_TYPE uint32_t +# else +# define UINT32_TYPE unsigned int +# endif +#endif +#ifndef UINT16_TYPE +# ifdef HAVE_UINT16_T +# define UINT16_TYPE uint16_t +# else +# define UINT16_TYPE unsigned short int +# endif +#endif +#ifndef INT16_TYPE +# ifdef HAVE_INT16_T +# define INT16_TYPE int16_t +# else +# define INT16_TYPE short int +# endif +#endif +#ifndef UINT8_TYPE +# ifdef HAVE_UINT8_T +# define UINT8_TYPE uint8_t +# else +# define UINT8_TYPE unsigned char +# endif +#endif +#ifndef INT8_TYPE +# ifdef HAVE_INT8_T +# define INT8_TYPE int8_t +# else +# define INT8_TYPE signed char +# endif +#endif +#ifndef LONGDOUBLE_TYPE +# define LONGDOUBLE_TYPE long double +#endif +typedef sqlite_int64 i64; /* 8-byte signed integer */ +typedef sqlite_uint64 u64; /* 8-byte unsigned integer */ +typedef UINT32_TYPE u32; /* 4-byte unsigned integer */ +typedef UINT16_TYPE u16; /* 2-byte unsigned integer */ +typedef INT16_TYPE i16; /* 2-byte signed integer */ +typedef UINT8_TYPE u8; /* 1-byte unsigned integer */ +typedef INT8_TYPE i8; /* 1-byte signed integer */ + +/* +** SQLITE_MAX_U32 is a u64 constant that is the maximum u64 value +** that can be stored in a u32 without loss of data. The value +** is 0x00000000ffffffff. But because of quirks of some compilers, we +** have to specify the value in the less intuitive manner shown: +*/ +#define SQLITE_MAX_U32 ((((u64)1)<<32)-1) + +/* +** Macros to determine whether the machine is big or little endian, +** evaluated at runtime. +*/ +#ifdef SQLITE_AMALGAMATION +SQLITE_PRIVATE const int sqlite3one = 1; +#else +SQLITE_PRIVATE const int sqlite3one; +#endif +#if defined(i386) || defined(__i386__) || defined(_M_IX86)\ + || defined(__x86_64) || defined(__x86_64__) +# define SQLITE_BIGENDIAN 0 +# define SQLITE_LITTLEENDIAN 1 +# define SQLITE_UTF16NATIVE SQLITE_UTF16LE +#else +# define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0) +# define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1) +# define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE) +#endif + +/* +** Constants for the largest and smallest possible 64-bit signed integers. +** These macros are designed to work correctly on both 32-bit and 64-bit +** compilers. +*/ +#define LARGEST_INT64 (0xffffffff|(((i64)0x7fffffff)<<32)) +#define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64) + +/* +** Round up a number to the next larger multiple of 8. This is used +** to force 8-byte alignment on 64-bit architectures. +*/ +#define ROUND8(x) (((x)+7)&~7) + +/* +** Round down to the nearest multiple of 8 +*/ +#define ROUNDDOWN8(x) ((x)&~7) + +/* +** Assert that the pointer X is aligned to an 8-byte boundary. This +** macro is used only within assert() to verify that the code gets +** all alignment restrictions correct. +** +** Except, if SQLITE_4_BYTE_ALIGNED_MALLOC is defined, then the +** underlying malloc() implemention might return us 4-byte aligned +** pointers. In that case, only verify 4-byte alignment. +*/ +#ifdef SQLITE_4_BYTE_ALIGNED_MALLOC +# define EIGHT_BYTE_ALIGNMENT(X) ((((char*)(X) - (char*)0)&3)==0) +#else +# define EIGHT_BYTE_ALIGNMENT(X) ((((char*)(X) - (char*)0)&7)==0) +#endif + + +/* +** An instance of the following structure is used to store the busy-handler +** callback for a given sqlite handle. +** +** The sqlite.busyHandler member of the sqlite struct contains the busy +** callback for the database handle. Each pager opened via the sqlite +** handle is passed a pointer to sqlite.busyHandler. The busy-handler +** callback is currently invoked only from within pager.c. +*/ +typedef struct BusyHandler BusyHandler; +struct BusyHandler { + int (*xFunc)(void *,int); /* The busy callback */ + void *pArg; /* First arg to busy callback */ + int nBusy; /* Incremented with each busy call */ +}; + +/* +** Name of the master database table. The master database table +** is a special table that holds the names and attributes of all +** user tables and indices. +*/ +#define MASTER_NAME "sqlite_master" +#define TEMP_MASTER_NAME "sqlite_temp_master" + +/* +** The root-page of the master database table. +*/ +#define MASTER_ROOT 1 + +/* +** The name of the schema table. +*/ +#define SCHEMA_TABLE(x) ((!OMIT_TEMPDB)&&(x==1)?TEMP_MASTER_NAME:MASTER_NAME) + +/* +** A convenience macro that returns the number of elements in +** an array. +*/ +#define ArraySize(X) ((int)(sizeof(X)/sizeof(X[0]))) + +/* +** The following value as a destructor means to use sqlite3DbFree(). +** This is an internal extension to SQLITE_STATIC and SQLITE_TRANSIENT. +*/ +#define SQLITE_DYNAMIC ((sqlite3_destructor_type)sqlite3DbFree) + +/* +** When SQLITE_OMIT_WSD is defined, it means that the target platform does +** not support Writable Static Data (WSD) such as global and static variables. +** All variables must either be on the stack or dynamically allocated from +** the heap. When WSD is unsupported, the variable declarations scattered +** throughout the SQLite code must become constants instead. The SQLITE_WSD +** macro is used for this purpose. And instead of referencing the variable +** directly, we use its constant as a key to lookup the run-time allocated +** buffer that holds real variable. The constant is also the initializer +** for the run-time allocated buffer. +** +** In the usual case where WSD is supported, the SQLITE_WSD and GLOBAL +** macros become no-ops and have zero performance impact. +*/ +#ifdef SQLITE_OMIT_WSD + #define SQLITE_WSD const + #define GLOBAL(t,v) (*(t*)sqlite3_wsd_find((void*)&(v), sizeof(v))) + #define sqlite3GlobalConfig GLOBAL(struct Sqlite3Config, sqlite3Config) +SQLITE_API int sqlite3_wsd_init(int N, int J); +SQLITE_API void *sqlite3_wsd_find(void *K, int L); +#else + #define SQLITE_WSD + #define GLOBAL(t,v) v + #define sqlite3GlobalConfig sqlite3Config +#endif + +/* +** The following macros are used to suppress compiler warnings and to +** make it clear to human readers when a function parameter is deliberately +** left unused within the body of a function. This usually happens when +** a function is called via a function pointer. For example the +** implementation of an SQL aggregate step callback may not use the +** parameter indicating the number of arguments passed to the aggregate, +** if it knows that this is enforced elsewhere. +** +** When a function parameter is not used at all within the body of a function, +** it is generally named "NotUsed" or "NotUsed2" to make things even clearer. +** However, these macros may also be used to suppress warnings related to +** parameters that may or may not be used depending on compilation options. +** For example those parameters only used in assert() statements. In these +** cases the parameters are named as per the usual conventions. +*/ +#define UNUSED_PARAMETER(x) (void)(x) +#define UNUSED_PARAMETER2(x,y) UNUSED_PARAMETER(x),UNUSED_PARAMETER(y) + +/* +** Forward references to structures +*/ +typedef struct AggInfo AggInfo; +typedef struct AuthContext AuthContext; +typedef struct AutoincInfo AutoincInfo; +typedef struct Bitvec Bitvec; +typedef struct CollSeq CollSeq; +typedef struct Column Column; +typedef struct Db Db; +typedef struct Schema Schema; +typedef struct Expr Expr; +typedef struct ExprList ExprList; +typedef struct ExprSpan ExprSpan; +typedef struct FKey FKey; +typedef struct FuncDestructor FuncDestructor; +typedef struct FuncDef FuncDef; +typedef struct FuncDefHash FuncDefHash; +typedef struct IdList IdList; +typedef struct Index Index; +typedef struct IndexSample IndexSample; +typedef struct KeyClass KeyClass; +typedef struct KeyInfo KeyInfo; +typedef struct Lookaside Lookaside; +typedef struct LookasideSlot LookasideSlot; +typedef struct Module Module; +typedef struct NameContext NameContext; +typedef struct Parse Parse; +typedef struct RowSet RowSet; +typedef struct Savepoint Savepoint; +typedef struct Select Select; +typedef struct SrcList SrcList; +typedef struct StrAccum StrAccum; +typedef struct Table Table; +typedef struct TableLock TableLock; +typedef struct Token Token; +typedef struct Trigger Trigger; +typedef struct TriggerPrg TriggerPrg; +typedef struct TriggerStep TriggerStep; +typedef struct UnpackedRecord UnpackedRecord; +typedef struct VTable VTable; +typedef struct VtabCtx VtabCtx; +typedef struct Walker Walker; +typedef struct WherePlan WherePlan; +typedef struct WhereInfo WhereInfo; +typedef struct WhereLevel WhereLevel; + +/* +** Defer sourcing vdbe.h and btree.h until after the "u8" and +** "BusyHandler" typedefs. vdbe.h also requires a few of the opaque +** pointer types (i.e. FuncDef) defined above. +*/ +/************** Include btree.h in the middle of sqliteInt.h *****************/ +/************** Begin file btree.h *******************************************/ +/* +** 2001 September 15 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This header file defines the interface that the sqlite B-Tree file +** subsystem. See comments in the source code for a detailed description +** of what each interface routine does. +*/ +#ifndef _BTREE_H_ +#define _BTREE_H_ + +/* TODO: This definition is just included so other modules compile. It +** needs to be revisited. +*/ +#define SQLITE_N_BTREE_META 10 + +/* +** If defined as non-zero, auto-vacuum is enabled by default. Otherwise +** it must be turned on for each database using "PRAGMA auto_vacuum = 1". +*/ +#ifndef SQLITE_DEFAULT_AUTOVACUUM + #define SQLITE_DEFAULT_AUTOVACUUM 0 +#endif + +#define BTREE_AUTOVACUUM_NONE 0 /* Do not do auto-vacuum */ +#define BTREE_AUTOVACUUM_FULL 1 /* Do full auto-vacuum */ +#define BTREE_AUTOVACUUM_INCR 2 /* Incremental vacuum */ + +/* +** Forward declarations of structure +*/ +typedef struct Btree Btree; +typedef struct BtCursor BtCursor; +typedef struct BtShared BtShared; + + +SQLITE_PRIVATE int sqlite3BtreeOpen( + sqlite3_vfs *pVfs, /* VFS to use with this b-tree */ + const char *zFilename, /* Name of database file to open */ + sqlite3 *db, /* Associated database connection */ + Btree **ppBtree, /* Return open Btree* here */ + int flags, /* Flags */ + int vfsFlags /* Flags passed through to VFS open */ +); + +/* The flags parameter to sqlite3BtreeOpen can be the bitwise or of the +** following values. +** +** NOTE: These values must match the corresponding PAGER_ values in +** pager.h. +*/ +#define BTREE_OMIT_JOURNAL 1 /* Do not create or use a rollback journal */ +#define BTREE_NO_READLOCK 2 /* Omit readlocks on readonly files */ +#define BTREE_MEMORY 4 /* This is an in-memory DB */ +#define BTREE_SINGLE 8 /* The file contains at most 1 b-tree */ +#define BTREE_UNORDERED 16 /* Use of a hash implementation is OK */ + +SQLITE_PRIVATE int sqlite3BtreeClose(Btree*); +SQLITE_PRIVATE int sqlite3BtreeSetCacheSize(Btree*,int); +SQLITE_PRIVATE int sqlite3BtreeSetSafetyLevel(Btree*,int,int,int); +SQLITE_PRIVATE int sqlite3BtreeSyncDisabled(Btree*); +SQLITE_PRIVATE int sqlite3BtreeSetPageSize(Btree *p, int nPagesize, int nReserve, int eFix); +SQLITE_PRIVATE int sqlite3BtreeGetPageSize(Btree*); +SQLITE_PRIVATE int sqlite3BtreeMaxPageCount(Btree*,int); +SQLITE_PRIVATE u32 sqlite3BtreeLastPage(Btree*); +SQLITE_PRIVATE int sqlite3BtreeSecureDelete(Btree*,int); +SQLITE_PRIVATE int sqlite3BtreeGetReserve(Btree*); +SQLITE_PRIVATE int sqlite3BtreeSetAutoVacuum(Btree *, int); +SQLITE_PRIVATE int sqlite3BtreeGetAutoVacuum(Btree *); +SQLITE_PRIVATE int sqlite3BtreeBeginTrans(Btree*,int); +SQLITE_PRIVATE int sqlite3BtreeCommitPhaseOne(Btree*, const char *zMaster); +SQLITE_PRIVATE int sqlite3BtreeCommitPhaseTwo(Btree*, int); +SQLITE_PRIVATE int sqlite3BtreeCommit(Btree*); +SQLITE_PRIVATE int sqlite3BtreeRollback(Btree*); +SQLITE_PRIVATE int sqlite3BtreeBeginStmt(Btree*,int); +SQLITE_PRIVATE int sqlite3BtreeCreateTable(Btree*, int*, int flags); +SQLITE_PRIVATE int sqlite3BtreeIsInTrans(Btree*); +SQLITE_PRIVATE int sqlite3BtreeIsInReadTrans(Btree*); +SQLITE_PRIVATE int sqlite3BtreeIsInBackup(Btree*); +SQLITE_PRIVATE void *sqlite3BtreeSchema(Btree *, int, void(*)(void *)); +SQLITE_PRIVATE int sqlite3BtreeSchemaLocked(Btree *pBtree); +SQLITE_PRIVATE int sqlite3BtreeLockTable(Btree *pBtree, int iTab, u8 isWriteLock); +SQLITE_PRIVATE int sqlite3BtreeSavepoint(Btree *, int, int); + +SQLITE_PRIVATE const char *sqlite3BtreeGetFilename(Btree *); +SQLITE_PRIVATE const char *sqlite3BtreeGetJournalname(Btree *); +SQLITE_PRIVATE int sqlite3BtreeCopyFile(Btree *, Btree *); + +SQLITE_PRIVATE int sqlite3BtreeIncrVacuum(Btree *); + +/* The flags parameter to sqlite3BtreeCreateTable can be the bitwise OR +** of the flags shown below. +** +** Every SQLite table must have either BTREE_INTKEY or BTREE_BLOBKEY set. +** With BTREE_INTKEY, the table key is a 64-bit integer and arbitrary data +** is stored in the leaves. (BTREE_INTKEY is used for SQL tables.) With +** BTREE_BLOBKEY, the key is an arbitrary BLOB and no content is stored +** anywhere - the key is the content. (BTREE_BLOBKEY is used for SQL +** indices.) +*/ +#define BTREE_INTKEY 1 /* Table has only 64-bit signed integer keys */ +#define BTREE_BLOBKEY 2 /* Table has keys only - no data */ + +SQLITE_PRIVATE int sqlite3BtreeDropTable(Btree*, int, int*); +SQLITE_PRIVATE int sqlite3BtreeClearTable(Btree*, int, int*); +SQLITE_PRIVATE void sqlite3BtreeTripAllCursors(Btree*, int); + +SQLITE_PRIVATE void sqlite3BtreeGetMeta(Btree *pBtree, int idx, u32 *pValue); +SQLITE_PRIVATE int sqlite3BtreeUpdateMeta(Btree*, int idx, u32 value); + +/* +** The second parameter to sqlite3BtreeGetMeta or sqlite3BtreeUpdateMeta +** should be one of the following values. The integer values are assigned +** to constants so that the offset of the corresponding field in an +** SQLite database header may be found using the following formula: +** +** offset = 36 + (idx * 4) +** +** For example, the free-page-count field is located at byte offset 36 of +** the database file header. The incr-vacuum-flag field is located at +** byte offset 64 (== 36+4*7). +*/ +#define BTREE_FREE_PAGE_COUNT 0 +#define BTREE_SCHEMA_VERSION 1 +#define BTREE_FILE_FORMAT 2 +#define BTREE_DEFAULT_CACHE_SIZE 3 +#define BTREE_LARGEST_ROOT_PAGE 4 +#define BTREE_TEXT_ENCODING 5 +#define BTREE_USER_VERSION 6 +#define BTREE_INCR_VACUUM 7 + +SQLITE_PRIVATE int sqlite3BtreeCursor( + Btree*, /* BTree containing table to open */ + int iTable, /* Index of root page */ + int wrFlag, /* 1 for writing. 0 for read-only */ + struct KeyInfo*, /* First argument to compare function */ + BtCursor *pCursor /* Space to write cursor structure */ +); +SQLITE_PRIVATE int sqlite3BtreeCursorSize(void); +SQLITE_PRIVATE void sqlite3BtreeCursorZero(BtCursor*); + +SQLITE_PRIVATE int sqlite3BtreeCloseCursor(BtCursor*); +SQLITE_PRIVATE int sqlite3BtreeMovetoUnpacked( + BtCursor*, + UnpackedRecord *pUnKey, + i64 intKey, + int bias, + int *pRes +); +SQLITE_PRIVATE int sqlite3BtreeCursorHasMoved(BtCursor*, int*); +SQLITE_PRIVATE int sqlite3BtreeDelete(BtCursor*); +SQLITE_PRIVATE int sqlite3BtreeInsert(BtCursor*, const void *pKey, i64 nKey, + const void *pData, int nData, + int nZero, int bias, int seekResult); +SQLITE_PRIVATE int sqlite3BtreeFirst(BtCursor*, int *pRes); +SQLITE_PRIVATE int sqlite3BtreeLast(BtCursor*, int *pRes); +SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor*, int *pRes); +SQLITE_PRIVATE int sqlite3BtreeEof(BtCursor*); +SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor*, int *pRes); +SQLITE_PRIVATE int sqlite3BtreeKeySize(BtCursor*, i64 *pSize); +SQLITE_PRIVATE int sqlite3BtreeKey(BtCursor*, u32 offset, u32 amt, void*); +SQLITE_PRIVATE const void *sqlite3BtreeKeyFetch(BtCursor*, int *pAmt); +SQLITE_PRIVATE const void *sqlite3BtreeDataFetch(BtCursor*, int *pAmt); +SQLITE_PRIVATE int sqlite3BtreeDataSize(BtCursor*, u32 *pSize); +SQLITE_PRIVATE int sqlite3BtreeData(BtCursor*, u32 offset, u32 amt, void*); +SQLITE_PRIVATE void sqlite3BtreeSetCachedRowid(BtCursor*, sqlite3_int64); +SQLITE_PRIVATE sqlite3_int64 sqlite3BtreeGetCachedRowid(BtCursor*); + +SQLITE_PRIVATE char *sqlite3BtreeIntegrityCheck(Btree*, int *aRoot, int nRoot, int, int*); +SQLITE_PRIVATE struct Pager *sqlite3BtreePager(Btree*); + +SQLITE_PRIVATE int sqlite3BtreePutData(BtCursor*, u32 offset, u32 amt, void*); +SQLITE_PRIVATE void sqlite3BtreeCacheOverflow(BtCursor *); +SQLITE_PRIVATE void sqlite3BtreeClearCursor(BtCursor *); + +SQLITE_PRIVATE int sqlite3BtreeSetVersion(Btree *pBt, int iVersion); + +#ifndef NDEBUG +SQLITE_PRIVATE int sqlite3BtreeCursorIsValid(BtCursor*); +#endif + +#ifndef SQLITE_OMIT_BTREECOUNT +SQLITE_PRIVATE int sqlite3BtreeCount(BtCursor *, i64 *); +#endif + +#ifdef SQLITE_TEST +SQLITE_PRIVATE int sqlite3BtreeCursorInfo(BtCursor*, int*, int); +SQLITE_PRIVATE void sqlite3BtreeCursorList(Btree*); +#endif + +#ifndef SQLITE_OMIT_WAL +SQLITE_PRIVATE int sqlite3BtreeCheckpoint(Btree*, int, int *, int *); +#endif + +/* +** If we are not using shared cache, then there is no need to +** use mutexes to access the BtShared structures. So make the +** Enter and Leave procedures no-ops. +*/ +#ifndef SQLITE_OMIT_SHARED_CACHE +SQLITE_PRIVATE void sqlite3BtreeEnter(Btree*); +SQLITE_PRIVATE void sqlite3BtreeEnterAll(sqlite3*); +#else +# define sqlite3BtreeEnter(X) +# define sqlite3BtreeEnterAll(X) +#endif + +#if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE +SQLITE_PRIVATE int sqlite3BtreeSharable(Btree*); +SQLITE_PRIVATE void sqlite3BtreeLeave(Btree*); +SQLITE_PRIVATE void sqlite3BtreeEnterCursor(BtCursor*); +SQLITE_PRIVATE void sqlite3BtreeLeaveCursor(BtCursor*); +SQLITE_PRIVATE void sqlite3BtreeLeaveAll(sqlite3*); +#ifndef NDEBUG + /* These routines are used inside assert() statements only. */ +SQLITE_PRIVATE int sqlite3BtreeHoldsMutex(Btree*); +SQLITE_PRIVATE int sqlite3BtreeHoldsAllMutexes(sqlite3*); +SQLITE_PRIVATE int sqlite3SchemaMutexHeld(sqlite3*,int,Schema*); +#endif +#else + +# define sqlite3BtreeSharable(X) 0 +# define sqlite3BtreeLeave(X) +# define sqlite3BtreeEnterCursor(X) +# define sqlite3BtreeLeaveCursor(X) +# define sqlite3BtreeLeaveAll(X) + +# define sqlite3BtreeHoldsMutex(X) 1 +# define sqlite3BtreeHoldsAllMutexes(X) 1 +# define sqlite3SchemaMutexHeld(X,Y,Z) 1 +#endif + + +#endif /* _BTREE_H_ */ + +/************** End of btree.h ***********************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +/************** Include vdbe.h in the middle of sqliteInt.h ******************/ +/************** Begin file vdbe.h ********************************************/ +/* +** 2001 September 15 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** Header file for the Virtual DataBase Engine (VDBE) +** +** This header defines the interface to the virtual database engine +** or VDBE. The VDBE implements an abstract machine that runs a +** simple program to access and modify the underlying database. +*/ +#ifndef _SQLITE_VDBE_H_ +#define _SQLITE_VDBE_H_ +/* #include */ + +/* +** A single VDBE is an opaque structure named "Vdbe". Only routines +** in the source file sqliteVdbe.c are allowed to see the insides +** of this structure. +*/ +typedef struct Vdbe Vdbe; + +/* +** The names of the following types declared in vdbeInt.h are required +** for the VdbeOp definition. +*/ +typedef struct VdbeFunc VdbeFunc; +typedef struct Mem Mem; +typedef struct SubProgram SubProgram; + +/* +** A single instruction of the virtual machine has an opcode +** and as many as three operands. The instruction is recorded +** as an instance of the following structure: +*/ +struct VdbeOp { + u8 opcode; /* What operation to perform */ + signed char p4type; /* One of the P4_xxx constants for p4 */ + u8 opflags; /* Mask of the OPFLG_* flags in opcodes.h */ + u8 p5; /* Fifth parameter is an unsigned character */ + int p1; /* First operand */ + int p2; /* Second parameter (often the jump destination) */ + int p3; /* The third parameter */ + union { /* fourth parameter */ + int i; /* Integer value if p4type==P4_INT32 */ + void *p; /* Generic pointer */ + char *z; /* Pointer to data for string (char array) types */ + i64 *pI64; /* Used when p4type is P4_INT64 */ + double *pReal; /* Used when p4type is P4_REAL */ + FuncDef *pFunc; /* Used when p4type is P4_FUNCDEF */ + VdbeFunc *pVdbeFunc; /* Used when p4type is P4_VDBEFUNC */ + CollSeq *pColl; /* Used when p4type is P4_COLLSEQ */ + Mem *pMem; /* Used when p4type is P4_MEM */ + VTable *pVtab; /* Used when p4type is P4_VTAB */ + KeyInfo *pKeyInfo; /* Used when p4type is P4_KEYINFO */ + int *ai; /* Used when p4type is P4_INTARRAY */ + SubProgram *pProgram; /* Used when p4type is P4_SUBPROGRAM */ + int (*xAdvance)(BtCursor *, int *); + } p4; +#ifdef SQLITE_DEBUG + char *zComment; /* Comment to improve readability */ +#endif +#ifdef VDBE_PROFILE + int cnt; /* Number of times this instruction was executed */ + u64 cycles; /* Total time spent executing this instruction */ +#endif +}; +typedef struct VdbeOp VdbeOp; + + +/* +** A sub-routine used to implement a trigger program. +*/ +struct SubProgram { + VdbeOp *aOp; /* Array of opcodes for sub-program */ + int nOp; /* Elements in aOp[] */ + int nMem; /* Number of memory cells required */ + int nCsr; /* Number of cursors required */ + void *token; /* id that may be used to recursive triggers */ + SubProgram *pNext; /* Next sub-program already visited */ +}; + +/* +** A smaller version of VdbeOp used for the VdbeAddOpList() function because +** it takes up less space. +*/ +struct VdbeOpList { + u8 opcode; /* What operation to perform */ + signed char p1; /* First operand */ + signed char p2; /* Second parameter (often the jump destination) */ + signed char p3; /* Third parameter */ +}; +typedef struct VdbeOpList VdbeOpList; + +/* +** Allowed values of VdbeOp.p4type +*/ +#define P4_NOTUSED 0 /* The P4 parameter is not used */ +#define P4_DYNAMIC (-1) /* Pointer to a string obtained from sqliteMalloc() */ +#define P4_STATIC (-2) /* Pointer to a static string */ +#define P4_COLLSEQ (-4) /* P4 is a pointer to a CollSeq structure */ +#define P4_FUNCDEF (-5) /* P4 is a pointer to a FuncDef structure */ +#define P4_KEYINFO (-6) /* P4 is a pointer to a KeyInfo structure */ +#define P4_VDBEFUNC (-7) /* P4 is a pointer to a VdbeFunc structure */ +#define P4_MEM (-8) /* P4 is a pointer to a Mem* structure */ +#define P4_TRANSIENT 0 /* P4 is a pointer to a transient string */ +#define P4_VTAB (-10) /* P4 is a pointer to an sqlite3_vtab structure */ +#define P4_MPRINTF (-11) /* P4 is a string obtained from sqlite3_mprintf() */ +#define P4_REAL (-12) /* P4 is a 64-bit floating point value */ +#define P4_INT64 (-13) /* P4 is a 64-bit signed integer */ +#define P4_INT32 (-14) /* P4 is a 32-bit signed integer */ +#define P4_INTARRAY (-15) /* P4 is a vector of 32-bit integers */ +#define P4_SUBPROGRAM (-18) /* P4 is a pointer to a SubProgram structure */ +#define P4_ADVANCE (-19) /* P4 is a pointer to BtreeNext() or BtreePrev() */ + +/* When adding a P4 argument using P4_KEYINFO, a copy of the KeyInfo structure +** is made. That copy is freed when the Vdbe is finalized. But if the +** argument is P4_KEYINFO_HANDOFF, the passed in pointer is used. It still +** gets freed when the Vdbe is finalized so it still should be obtained +** from a single sqliteMalloc(). But no copy is made and the calling +** function should *not* try to free the KeyInfo. +*/ +#define P4_KEYINFO_HANDOFF (-16) +#define P4_KEYINFO_STATIC (-17) + +/* +** The Vdbe.aColName array contains 5n Mem structures, where n is the +** number of columns of data returned by the statement. +*/ +#define COLNAME_NAME 0 +#define COLNAME_DECLTYPE 1 +#define COLNAME_DATABASE 2 +#define COLNAME_TABLE 3 +#define COLNAME_COLUMN 4 +#ifdef SQLITE_ENABLE_COLUMN_METADATA +# define COLNAME_N 5 /* Number of COLNAME_xxx symbols */ +#else +# ifdef SQLITE_OMIT_DECLTYPE +# define COLNAME_N 1 /* Store only the name */ +# else +# define COLNAME_N 2 /* Store the name and decltype */ +# endif +#endif + +/* +** The following macro converts a relative address in the p2 field +** of a VdbeOp structure into a negative number so that +** sqlite3VdbeAddOpList() knows that the address is relative. Calling +** the macro again restores the address. +*/ +#define ADDR(X) (-1-(X)) + +/* +** The makefile scans the vdbe.c source file and creates the "opcodes.h" +** header file that defines a number for each opcode used by the VDBE. +*/ +/************** Include opcodes.h in the middle of vdbe.h ********************/ +/************** Begin file opcodes.h *****************************************/ +/* Automatically generated. Do not edit */ +/* See the mkopcodeh.awk script for details */ +#define OP_Goto 1 +#define OP_Gosub 2 +#define OP_Return 3 +#define OP_Yield 4 +#define OP_HaltIfNull 5 +#define OP_Halt 6 +#define OP_Integer 7 +#define OP_Int64 8 +#define OP_Real 130 /* same as TK_FLOAT */ +#define OP_String8 94 /* same as TK_STRING */ +#define OP_String 9 +#define OP_Null 10 +#define OP_Blob 11 +#define OP_Variable 12 +#define OP_Move 13 +#define OP_Copy 14 +#define OP_SCopy 15 +#define OP_ResultRow 16 +#define OP_Concat 91 /* same as TK_CONCAT */ +#define OP_Add 86 /* same as TK_PLUS */ +#define OP_Subtract 87 /* same as TK_MINUS */ +#define OP_Multiply 88 /* same as TK_STAR */ +#define OP_Divide 89 /* same as TK_SLASH */ +#define OP_Remainder 90 /* same as TK_REM */ +#define OP_CollSeq 17 +#define OP_Function 18 +#define OP_BitAnd 82 /* same as TK_BITAND */ +#define OP_BitOr 83 /* same as TK_BITOR */ +#define OP_ShiftLeft 84 /* same as TK_LSHIFT */ +#define OP_ShiftRight 85 /* same as TK_RSHIFT */ +#define OP_AddImm 20 +#define OP_MustBeInt 21 +#define OP_RealAffinity 22 +#define OP_ToText 141 /* same as TK_TO_TEXT */ +#define OP_ToBlob 142 /* same as TK_TO_BLOB */ +#define OP_ToNumeric 143 /* same as TK_TO_NUMERIC*/ +#define OP_ToInt 144 /* same as TK_TO_INT */ +#define OP_ToReal 145 /* same as TK_TO_REAL */ +#define OP_Eq 76 /* same as TK_EQ */ +#define OP_Ne 75 /* same as TK_NE */ +#define OP_Lt 79 /* same as TK_LT */ +#define OP_Le 78 /* same as TK_LE */ +#define OP_Gt 77 /* same as TK_GT */ +#define OP_Ge 80 /* same as TK_GE */ +#define OP_Permutation 23 +#define OP_Compare 24 +#define OP_Jump 25 +#define OP_And 69 /* same as TK_AND */ +#define OP_Or 68 /* same as TK_OR */ +#define OP_Not 19 /* same as TK_NOT */ +#define OP_BitNot 93 /* same as TK_BITNOT */ +#define OP_Once 26 +#define OP_If 27 +#define OP_IfNot 28 +#define OP_IsNull 73 /* same as TK_ISNULL */ +#define OP_NotNull 74 /* same as TK_NOTNULL */ +#define OP_Column 29 +#define OP_Affinity 30 +#define OP_MakeRecord 31 +#define OP_Count 32 +#define OP_Savepoint 33 +#define OP_AutoCommit 34 +#define OP_Transaction 35 +#define OP_ReadCookie 36 +#define OP_SetCookie 37 +#define OP_VerifyCookie 38 +#define OP_OpenRead 39 +#define OP_OpenWrite 40 +#define OP_OpenAutoindex 41 +#define OP_OpenEphemeral 42 +#define OP_SorterOpen 43 +#define OP_OpenPseudo 44 +#define OP_Close 45 +#define OP_SeekLt 46 +#define OP_SeekLe 47 +#define OP_SeekGe 48 +#define OP_SeekGt 49 +#define OP_Seek 50 +#define OP_NotFound 51 +#define OP_Found 52 +#define OP_IsUnique 53 +#define OP_NotExists 54 +#define OP_Sequence 55 +#define OP_NewRowid 56 +#define OP_Insert 57 +#define OP_InsertInt 58 +#define OP_Delete 59 +#define OP_ResetCount 60 +#define OP_SorterCompare 61 +#define OP_SorterData 62 +#define OP_RowKey 63 +#define OP_RowData 64 +#define OP_Rowid 65 +#define OP_NullRow 66 +#define OP_Last 67 +#define OP_SorterSort 70 +#define OP_Sort 71 +#define OP_Rewind 72 +#define OP_SorterNext 81 +#define OP_Prev 92 +#define OP_Next 95 +#define OP_SorterInsert 96 +#define OP_IdxInsert 97 +#define OP_IdxDelete 98 +#define OP_IdxRowid 99 +#define OP_IdxLT 100 +#define OP_IdxGE 101 +#define OP_Destroy 102 +#define OP_Clear 103 +#define OP_CreateIndex 104 +#define OP_CreateTable 105 +#define OP_ParseSchema 106 +#define OP_LoadAnalysis 107 +#define OP_DropTable 108 +#define OP_DropIndex 109 +#define OP_DropTrigger 110 +#define OP_IntegrityCk 111 +#define OP_RowSetAdd 112 +#define OP_RowSetRead 113 +#define OP_RowSetTest 114 +#define OP_Program 115 +#define OP_Param 116 +#define OP_FkCounter 117 +#define OP_FkIfZero 118 +#define OP_MemMax 119 +#define OP_IfPos 120 +#define OP_IfNeg 121 +#define OP_IfZero 122 +#define OP_AggStep 123 +#define OP_AggFinal 124 +#define OP_Checkpoint 125 +#define OP_JournalMode 126 +#define OP_Vacuum 127 +#define OP_IncrVacuum 128 +#define OP_Expire 129 +#define OP_TableLock 131 +#define OP_VBegin 132 +#define OP_VCreate 133 +#define OP_VDestroy 134 +#define OP_VOpen 135 +#define OP_VFilter 136 +#define OP_VColumn 137 +#define OP_VNext 138 +#define OP_VRename 139 +#define OP_VUpdate 140 +#define OP_Pagecount 146 +#define OP_MaxPgcnt 147 +#define OP_Trace 148 +#define OP_Noop 149 +#define OP_Explain 150 + + +/* Properties such as "out2" or "jump" that are specified in +** comments following the "case" for each opcode in the vdbe.c +** are encoded into bitvectors as follows: +*/ +#define OPFLG_JUMP 0x0001 /* jump: P2 holds jmp target */ +#define OPFLG_OUT2_PRERELEASE 0x0002 /* out2-prerelease: */ +#define OPFLG_IN1 0x0004 /* in1: P1 is an input */ +#define OPFLG_IN2 0x0008 /* in2: P2 is an input */ +#define OPFLG_IN3 0x0010 /* in3: P3 is an input */ +#define OPFLG_OUT2 0x0020 /* out2: P2 is an output */ +#define OPFLG_OUT3 0x0040 /* out3: P3 is an output */ +#define OPFLG_INITIALIZER {\ +/* 0 */ 0x00, 0x01, 0x05, 0x04, 0x04, 0x10, 0x00, 0x02,\ +/* 8 */ 0x02, 0x02, 0x02, 0x02, 0x02, 0x00, 0x24, 0x24,\ +/* 16 */ 0x00, 0x00, 0x00, 0x24, 0x04, 0x05, 0x04, 0x00,\ +/* 24 */ 0x00, 0x01, 0x05, 0x05, 0x05, 0x00, 0x00, 0x00,\ +/* 32 */ 0x02, 0x00, 0x00, 0x00, 0x02, 0x10, 0x00, 0x00,\ +/* 40 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11,\ +/* 48 */ 0x11, 0x11, 0x08, 0x11, 0x11, 0x11, 0x11, 0x02,\ +/* 56 */ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\ +/* 64 */ 0x00, 0x02, 0x00, 0x01, 0x4c, 0x4c, 0x01, 0x01,\ +/* 72 */ 0x01, 0x05, 0x05, 0x15, 0x15, 0x15, 0x15, 0x15,\ +/* 80 */ 0x15, 0x01, 0x4c, 0x4c, 0x4c, 0x4c, 0x4c, 0x4c,\ +/* 88 */ 0x4c, 0x4c, 0x4c, 0x4c, 0x01, 0x24, 0x02, 0x01,\ +/* 96 */ 0x08, 0x08, 0x00, 0x02, 0x01, 0x01, 0x02, 0x00,\ +/* 104 */ 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\ +/* 112 */ 0x0c, 0x45, 0x15, 0x01, 0x02, 0x00, 0x01, 0x08,\ +/* 120 */ 0x05, 0x05, 0x05, 0x00, 0x00, 0x00, 0x02, 0x00,\ +/* 128 */ 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,\ +/* 136 */ 0x01, 0x00, 0x01, 0x00, 0x00, 0x04, 0x04, 0x04,\ +/* 144 */ 0x04, 0x04, 0x02, 0x02, 0x00, 0x00, 0x00,} + +/************** End of opcodes.h *********************************************/ +/************** Continuing where we left off in vdbe.h ***********************/ + +/* +** Prototypes for the VDBE interface. See comments on the implementation +** for a description of what each of these routines does. +*/ +SQLITE_PRIVATE Vdbe *sqlite3VdbeCreate(sqlite3*); +SQLITE_PRIVATE int sqlite3VdbeAddOp0(Vdbe*,int); +SQLITE_PRIVATE int sqlite3VdbeAddOp1(Vdbe*,int,int); +SQLITE_PRIVATE int sqlite3VdbeAddOp2(Vdbe*,int,int,int); +SQLITE_PRIVATE int sqlite3VdbeAddOp3(Vdbe*,int,int,int,int); +SQLITE_PRIVATE int sqlite3VdbeAddOp4(Vdbe*,int,int,int,int,const char *zP4,int); +SQLITE_PRIVATE int sqlite3VdbeAddOp4Int(Vdbe*,int,int,int,int,int); +SQLITE_PRIVATE int sqlite3VdbeAddOpList(Vdbe*, int nOp, VdbeOpList const *aOp); +SQLITE_PRIVATE void sqlite3VdbeAddParseSchemaOp(Vdbe*,int,char*); +SQLITE_PRIVATE void sqlite3VdbeChangeP1(Vdbe*, u32 addr, int P1); +SQLITE_PRIVATE void sqlite3VdbeChangeP2(Vdbe*, u32 addr, int P2); +SQLITE_PRIVATE void sqlite3VdbeChangeP3(Vdbe*, u32 addr, int P3); +SQLITE_PRIVATE void sqlite3VdbeChangeP5(Vdbe*, u8 P5); +SQLITE_PRIVATE void sqlite3VdbeJumpHere(Vdbe*, int addr); +SQLITE_PRIVATE void sqlite3VdbeChangeToNoop(Vdbe*, int addr); +SQLITE_PRIVATE void sqlite3VdbeChangeP4(Vdbe*, int addr, const char *zP4, int N); +SQLITE_PRIVATE void sqlite3VdbeUsesBtree(Vdbe*, int); +SQLITE_PRIVATE VdbeOp *sqlite3VdbeGetOp(Vdbe*, int); +SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeRunOnlyOnce(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeDelete(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeDeleteObject(sqlite3*,Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeMakeReady(Vdbe*,Parse*); +SQLITE_PRIVATE int sqlite3VdbeFinalize(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe*, int); +SQLITE_PRIVATE int sqlite3VdbeCurrentAddr(Vdbe*); +#ifdef SQLITE_DEBUG +SQLITE_PRIVATE int sqlite3VdbeAssertMayAbort(Vdbe *, int); +SQLITE_PRIVATE void sqlite3VdbeTrace(Vdbe*,FILE*); +#endif +SQLITE_PRIVATE void sqlite3VdbeResetStepResult(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeRewind(Vdbe*); +SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe*,int); +SQLITE_PRIVATE int sqlite3VdbeSetColName(Vdbe*, int, int, const char *, void(*)(void*)); +SQLITE_PRIVATE void sqlite3VdbeCountChanges(Vdbe*); +SQLITE_PRIVATE sqlite3 *sqlite3VdbeDb(Vdbe*); +SQLITE_PRIVATE void sqlite3VdbeSetSql(Vdbe*, const char *z, int n, int); +SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe*,Vdbe*); +SQLITE_PRIVATE VdbeOp *sqlite3VdbeTakeOpArray(Vdbe*, int*, int*); +SQLITE_PRIVATE sqlite3_value *sqlite3VdbeGetValue(Vdbe*, int, u8); +SQLITE_PRIVATE void sqlite3VdbeSetVarmask(Vdbe*, int); +#ifndef SQLITE_OMIT_TRACE +SQLITE_PRIVATE char *sqlite3VdbeExpandSql(Vdbe*, const char*); +#endif + +SQLITE_PRIVATE void sqlite3VdbeRecordUnpack(KeyInfo*,int,const void*,UnpackedRecord*); +SQLITE_PRIVATE int sqlite3VdbeRecordCompare(int,const void*,UnpackedRecord*); +SQLITE_PRIVATE UnpackedRecord *sqlite3VdbeAllocUnpackedRecord(KeyInfo *, char *, int, char **); + +#ifndef SQLITE_OMIT_TRIGGER +SQLITE_PRIVATE void sqlite3VdbeLinkSubProgram(Vdbe *, SubProgram *); +#endif + + +#ifndef NDEBUG +SQLITE_PRIVATE void sqlite3VdbeComment(Vdbe*, const char*, ...); +# define VdbeComment(X) sqlite3VdbeComment X +SQLITE_PRIVATE void sqlite3VdbeNoopComment(Vdbe*, const char*, ...); +# define VdbeNoopComment(X) sqlite3VdbeNoopComment X +#else +# define VdbeComment(X) +# define VdbeNoopComment(X) +#endif + +#endif + +/************** End of vdbe.h ************************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +/************** Include pager.h in the middle of sqliteInt.h *****************/ +/************** Begin file pager.h *******************************************/ +/* +** 2001 September 15 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This header file defines the interface that the sqlite page cache +** subsystem. The page cache subsystem reads and writes a file a page +** at a time and provides a journal for rollback. +*/ + +#ifndef _PAGER_H_ +#define _PAGER_H_ + +/* +** Default maximum size for persistent journal files. A negative +** value means no limit. This value may be overridden using the +** sqlite3PagerJournalSizeLimit() API. See also "PRAGMA journal_size_limit". +*/ +#ifndef SQLITE_DEFAULT_JOURNAL_SIZE_LIMIT + #define SQLITE_DEFAULT_JOURNAL_SIZE_LIMIT -1 +#endif + +/* +** The type used to represent a page number. The first page in a file +** is called page 1. 0 is used to represent "not a page". +*/ +typedef u32 Pgno; + +/* +** Each open file is managed by a separate instance of the "Pager" structure. +*/ +typedef struct Pager Pager; + +/* +** Handle type for pages. +*/ +typedef struct PgHdr DbPage; + +/* +** Page number PAGER_MJ_PGNO is never used in an SQLite database (it is +** reserved for working around a windows/posix incompatibility). It is +** used in the journal to signify that the remainder of the journal file +** is devoted to storing a master journal name - there are no more pages to +** roll back. See comments for function writeMasterJournal() in pager.c +** for details. +*/ +#define PAGER_MJ_PGNO(x) ((Pgno)((PENDING_BYTE/((x)->pageSize))+1)) + +/* +** Allowed values for the flags parameter to sqlite3PagerOpen(). +** +** NOTE: These values must match the corresponding BTREE_ values in btree.h. +*/ +#define PAGER_OMIT_JOURNAL 0x0001 /* Do not use a rollback journal */ +#define PAGER_NO_READLOCK 0x0002 /* Omit readlocks on readonly files */ +#define PAGER_MEMORY 0x0004 /* In-memory database */ + +/* +** Valid values for the second argument to sqlite3PagerLockingMode(). +*/ +#define PAGER_LOCKINGMODE_QUERY -1 +#define PAGER_LOCKINGMODE_NORMAL 0 +#define PAGER_LOCKINGMODE_EXCLUSIVE 1 + +/* +** Numeric constants that encode the journalmode. +*/ +#define PAGER_JOURNALMODE_QUERY (-1) /* Query the value of journalmode */ +#define PAGER_JOURNALMODE_DELETE 0 /* Commit by deleting journal file */ +#define PAGER_JOURNALMODE_PERSIST 1 /* Commit by zeroing journal header */ +#define PAGER_JOURNALMODE_OFF 2 /* Journal omitted. */ +#define PAGER_JOURNALMODE_TRUNCATE 3 /* Commit by truncating journal */ +#define PAGER_JOURNALMODE_MEMORY 4 /* In-memory journal file */ +#define PAGER_JOURNALMODE_WAL 5 /* Use write-ahead logging */ + +/* +** The remainder of this file contains the declarations of the functions +** that make up the Pager sub-system API. See source code comments for +** a detailed description of each routine. +*/ + +/* Open and close a Pager connection. */ +SQLITE_PRIVATE int sqlite3PagerOpen( + sqlite3_vfs*, + Pager **ppPager, + const char*, + int, + int, + int, + void(*)(DbPage*) +); +SQLITE_PRIVATE int sqlite3PagerClose(Pager *pPager); +SQLITE_PRIVATE int sqlite3PagerReadFileheader(Pager*, int, unsigned char*); + +/* Functions used to configure a Pager object. */ +SQLITE_PRIVATE void sqlite3PagerSetBusyhandler(Pager*, int(*)(void *), void *); +SQLITE_PRIVATE int sqlite3PagerSetPagesize(Pager*, u32*, int); +SQLITE_PRIVATE int sqlite3PagerMaxPageCount(Pager*, int); +SQLITE_PRIVATE void sqlite3PagerSetCachesize(Pager*, int); +SQLITE_PRIVATE void sqlite3PagerSetSafetyLevel(Pager*,int,int,int); +SQLITE_PRIVATE int sqlite3PagerLockingMode(Pager *, int); +SQLITE_PRIVATE int sqlite3PagerSetJournalMode(Pager *, int); +SQLITE_PRIVATE int sqlite3PagerGetJournalMode(Pager*); +SQLITE_PRIVATE int sqlite3PagerOkToChangeJournalMode(Pager*); +SQLITE_PRIVATE i64 sqlite3PagerJournalSizeLimit(Pager *, i64); +SQLITE_PRIVATE sqlite3_backup **sqlite3PagerBackupPtr(Pager*); + +/* Functions used to obtain and release page references. */ +SQLITE_PRIVATE int sqlite3PagerAcquire(Pager *pPager, Pgno pgno, DbPage **ppPage, int clrFlag); +#define sqlite3PagerGet(A,B,C) sqlite3PagerAcquire(A,B,C,0) +SQLITE_PRIVATE DbPage *sqlite3PagerLookup(Pager *pPager, Pgno pgno); +SQLITE_PRIVATE void sqlite3PagerRef(DbPage*); +SQLITE_PRIVATE void sqlite3PagerUnref(DbPage*); + +/* Operations on page references. */ +SQLITE_PRIVATE int sqlite3PagerWrite(DbPage*); +SQLITE_PRIVATE void sqlite3PagerDontWrite(DbPage*); +SQLITE_PRIVATE int sqlite3PagerMovepage(Pager*,DbPage*,Pgno,int); +SQLITE_PRIVATE int sqlite3PagerPageRefcount(DbPage*); +SQLITE_PRIVATE void *sqlite3PagerGetData(DbPage *); +SQLITE_PRIVATE void *sqlite3PagerGetExtra(DbPage *); + +/* Functions used to manage pager transactions and savepoints. */ +SQLITE_PRIVATE void sqlite3PagerPagecount(Pager*, int*); +SQLITE_PRIVATE int sqlite3PagerBegin(Pager*, int exFlag, int); +SQLITE_PRIVATE int sqlite3PagerCommitPhaseOne(Pager*,const char *zMaster, int); +SQLITE_PRIVATE int sqlite3PagerExclusiveLock(Pager*); +SQLITE_PRIVATE int sqlite3PagerSync(Pager *pPager); +SQLITE_PRIVATE int sqlite3PagerCommitPhaseTwo(Pager*); +SQLITE_PRIVATE int sqlite3PagerRollback(Pager*); +SQLITE_PRIVATE int sqlite3PagerOpenSavepoint(Pager *pPager, int n); +SQLITE_PRIVATE int sqlite3PagerSavepoint(Pager *pPager, int op, int iSavepoint); +SQLITE_PRIVATE int sqlite3PagerSharedLock(Pager *pPager); + +SQLITE_PRIVATE int sqlite3PagerCheckpoint(Pager *pPager, int, int*, int*); +SQLITE_PRIVATE int sqlite3PagerWalSupported(Pager *pPager); +SQLITE_PRIVATE int sqlite3PagerWalCallback(Pager *pPager); +SQLITE_PRIVATE int sqlite3PagerOpenWal(Pager *pPager, int *pisOpen); +SQLITE_PRIVATE int sqlite3PagerCloseWal(Pager *pPager); + +/* Functions used to query pager state and configuration. */ +SQLITE_PRIVATE u8 sqlite3PagerIsreadonly(Pager*); +SQLITE_PRIVATE int sqlite3PagerRefcount(Pager*); +SQLITE_PRIVATE int sqlite3PagerMemUsed(Pager*); +SQLITE_PRIVATE const char *sqlite3PagerFilename(Pager*); +SQLITE_PRIVATE const sqlite3_vfs *sqlite3PagerVfs(Pager*); +SQLITE_PRIVATE sqlite3_file *sqlite3PagerFile(Pager*); +SQLITE_PRIVATE const char *sqlite3PagerJournalname(Pager*); +SQLITE_PRIVATE int sqlite3PagerNosync(Pager*); +SQLITE_PRIVATE void *sqlite3PagerTempSpace(Pager*); +SQLITE_PRIVATE int sqlite3PagerIsMemdb(Pager*); + +/* Functions used to truncate the database file. */ +SQLITE_PRIVATE void sqlite3PagerTruncateImage(Pager*,Pgno); + +#if defined(SQLITE_HAS_CODEC) && !defined(SQLITE_OMIT_WAL) +SQLITE_PRIVATE void *sqlite3PagerCodec(DbPage *); +#endif + +/* Functions to support testing and debugging. */ +#if !defined(NDEBUG) || defined(SQLITE_TEST) +SQLITE_PRIVATE Pgno sqlite3PagerPagenumber(DbPage*); +SQLITE_PRIVATE int sqlite3PagerIswriteable(DbPage*); +#endif +#ifdef SQLITE_TEST +SQLITE_PRIVATE int *sqlite3PagerStats(Pager*); +SQLITE_PRIVATE void sqlite3PagerRefdump(Pager*); + void disable_simulated_io_errors(void); + void enable_simulated_io_errors(void); +#else +# define disable_simulated_io_errors() +# define enable_simulated_io_errors() +#endif + +#endif /* _PAGER_H_ */ + +/************** End of pager.h ***********************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +/************** Include pcache.h in the middle of sqliteInt.h ****************/ +/************** Begin file pcache.h ******************************************/ +/* +** 2008 August 05 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** This header file defines the interface that the sqlite page cache +** subsystem. +*/ + +#ifndef _PCACHE_H_ + +typedef struct PgHdr PgHdr; +typedef struct PCache PCache; + +/* +** Every page in the cache is controlled by an instance of the following +** structure. +*/ +struct PgHdr { + void *pData; /* Content of this page */ + void *pExtra; /* Extra content */ + PgHdr *pDirty; /* Transient list of dirty pages */ + Pgno pgno; /* Page number for this page */ + Pager *pPager; /* The pager this page is part of */ +#ifdef SQLITE_CHECK_PAGES + u32 pageHash; /* Hash of page content */ +#endif + u16 flags; /* PGHDR flags defined below */ + + /********************************************************************** + ** Elements above are public. All that follows is private to pcache.c + ** and should not be accessed by other modules. + */ + i16 nRef; /* Number of users of this page */ + PCache *pCache; /* Cache that owns this page */ + + PgHdr *pDirtyNext; /* Next element in list of dirty pages */ + PgHdr *pDirtyPrev; /* Previous element in list of dirty pages */ +}; + +/* Bit values for PgHdr.flags */ +#define PGHDR_DIRTY 0x002 /* Page has changed */ +#define PGHDR_NEED_SYNC 0x004 /* Fsync the rollback journal before + ** writing this page to the database */ +#define PGHDR_NEED_READ 0x008 /* Content is unread */ +#define PGHDR_REUSE_UNLIKELY 0x010 /* A hint that reuse is unlikely */ +#define PGHDR_DONT_WRITE 0x020 /* Do not write content to disk */ + +/* Initialize and shutdown the page cache subsystem */ +SQLITE_PRIVATE int sqlite3PcacheInitialize(void); +SQLITE_PRIVATE void sqlite3PcacheShutdown(void); + +/* Page cache buffer management: +** These routines implement SQLITE_CONFIG_PAGECACHE. +*/ +SQLITE_PRIVATE void sqlite3PCacheBufferSetup(void *, int sz, int n); + +/* Create a new pager cache. +** Under memory stress, invoke xStress to try to make pages clean. +** Only clean and unpinned pages can be reclaimed. +*/ +SQLITE_PRIVATE void sqlite3PcacheOpen( + int szPage, /* Size of every page */ + int szExtra, /* Extra space associated with each page */ + int bPurgeable, /* True if pages are on backing store */ + int (*xStress)(void*, PgHdr*), /* Call to try to make pages clean */ + void *pStress, /* Argument to xStress */ + PCache *pToInit /* Preallocated space for the PCache */ +); + +/* Modify the page-size after the cache has been created. */ +SQLITE_PRIVATE void sqlite3PcacheSetPageSize(PCache *, int); + +/* Return the size in bytes of a PCache object. Used to preallocate +** storage space. +*/ +SQLITE_PRIVATE int sqlite3PcacheSize(void); + +/* One release per successful fetch. Page is pinned until released. +** Reference counted. +*/ +SQLITE_PRIVATE int sqlite3PcacheFetch(PCache*, Pgno, int createFlag, PgHdr**); +SQLITE_PRIVATE void sqlite3PcacheRelease(PgHdr*); + +SQLITE_PRIVATE void sqlite3PcacheDrop(PgHdr*); /* Remove page from cache */ +SQLITE_PRIVATE void sqlite3PcacheMakeDirty(PgHdr*); /* Make sure page is marked dirty */ +SQLITE_PRIVATE void sqlite3PcacheMakeClean(PgHdr*); /* Mark a single page as clean */ +SQLITE_PRIVATE void sqlite3PcacheCleanAll(PCache*); /* Mark all dirty list pages as clean */ + +/* Change a page number. Used by incr-vacuum. */ +SQLITE_PRIVATE void sqlite3PcacheMove(PgHdr*, Pgno); + +/* Remove all pages with pgno>x. Reset the cache if x==0 */ +SQLITE_PRIVATE void sqlite3PcacheTruncate(PCache*, Pgno x); + +/* Get a list of all dirty pages in the cache, sorted by page number */ +SQLITE_PRIVATE PgHdr *sqlite3PcacheDirtyList(PCache*); + +/* Reset and close the cache object */ +SQLITE_PRIVATE void sqlite3PcacheClose(PCache*); + +/* Clear flags from pages of the page cache */ +SQLITE_PRIVATE void sqlite3PcacheClearSyncFlags(PCache *); + +/* Discard the contents of the cache */ +SQLITE_PRIVATE void sqlite3PcacheClear(PCache*); + +/* Return the total number of outstanding page references */ +SQLITE_PRIVATE int sqlite3PcacheRefCount(PCache*); + +/* Increment the reference count of an existing page */ +SQLITE_PRIVATE void sqlite3PcacheRef(PgHdr*); + +SQLITE_PRIVATE int sqlite3PcachePageRefcount(PgHdr*); + +/* Return the total number of pages stored in the cache */ +SQLITE_PRIVATE int sqlite3PcachePagecount(PCache*); + +#if defined(SQLITE_CHECK_PAGES) || defined(SQLITE_DEBUG) +/* Iterate through all dirty pages currently stored in the cache. This +** interface is only available if SQLITE_CHECK_PAGES is defined when the +** library is built. +*/ +SQLITE_PRIVATE void sqlite3PcacheIterateDirty(PCache *pCache, void (*xIter)(PgHdr *)); +#endif + +/* Set and get the suggested cache-size for the specified pager-cache. +** +** If no global maximum is configured, then the system attempts to limit +** the total number of pages cached by purgeable pager-caches to the sum +** of the suggested cache-sizes. +*/ +SQLITE_PRIVATE void sqlite3PcacheSetCachesize(PCache *, int); +#ifdef SQLITE_TEST +SQLITE_PRIVATE int sqlite3PcacheGetCachesize(PCache *); +#endif + +#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT +/* Try to return memory used by the pcache module to the main memory heap */ +SQLITE_PRIVATE int sqlite3PcacheReleaseMemory(int); +#endif + +#ifdef SQLITE_TEST +SQLITE_PRIVATE void sqlite3PcacheStats(int*,int*,int*,int*); +#endif + +SQLITE_PRIVATE void sqlite3PCacheSetDefault(void); + +#endif /* _PCACHE_H_ */ + +/************** End of pcache.h **********************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ + +/************** Include os.h in the middle of sqliteInt.h ********************/ +/************** Begin file os.h **********************************************/ +/* +** 2001 September 16 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +****************************************************************************** +** +** This header file (together with is companion C source-code file +** "os.c") attempt to abstract the underlying operating system so that +** the SQLite library will work on both POSIX and windows systems. +** +** This header file is #include-ed by sqliteInt.h and thus ends up +** being included by every source file. +*/ +#ifndef _SQLITE_OS_H_ +#define _SQLITE_OS_H_ + +/* +** Figure out if we are dealing with Unix, Windows, or some other +** operating system. After the following block of preprocess macros, +** all of SQLITE_OS_UNIX, SQLITE_OS_WIN, SQLITE_OS_OS2, and SQLITE_OS_OTHER +** will defined to either 1 or 0. One of the four will be 1. The other +** three will be 0. +*/ +#if defined(SQLITE_OS_OTHER) +# if SQLITE_OS_OTHER==1 +# undef SQLITE_OS_UNIX +# define SQLITE_OS_UNIX 0 +# undef SQLITE_OS_WIN +# define SQLITE_OS_WIN 0 +# undef SQLITE_OS_OS2 +# define SQLITE_OS_OS2 0 +# else +# undef SQLITE_OS_OTHER +# endif +#endif +#if !defined(SQLITE_OS_UNIX) && !defined(SQLITE_OS_OTHER) +# define SQLITE_OS_OTHER 0 +# ifndef SQLITE_OS_WIN +# if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__BORLANDC__) +# define SQLITE_OS_WIN 1 +# define SQLITE_OS_UNIX 0 +# define SQLITE_OS_OS2 0 +# elif defined(__EMX__) || defined(_OS2) || defined(OS2) || defined(_OS2_) || defined(__OS2__) +# define SQLITE_OS_WIN 0 +# define SQLITE_OS_UNIX 0 +# define SQLITE_OS_OS2 1 +# else +# define SQLITE_OS_WIN 0 +# define SQLITE_OS_UNIX 1 +# define SQLITE_OS_OS2 0 +# endif +# else +# define SQLITE_OS_UNIX 0 +# define SQLITE_OS_OS2 0 +# endif +#else +# ifndef SQLITE_OS_WIN +# define SQLITE_OS_WIN 0 +# endif +#endif + +/* +** Determine if we are dealing with WindowsCE - which has a much +** reduced API. +*/ +#if defined(_WIN32_WCE) +# define SQLITE_OS_WINCE 1 +#else +# define SQLITE_OS_WINCE 0 +#endif + + +/* +** Define the maximum size of a temporary filename +*/ +#if SQLITE_OS_WIN +# include +# define SQLITE_TEMPNAME_SIZE (MAX_PATH+50) +#elif SQLITE_OS_OS2 +# if (__GNUC__ > 3 || __GNUC__ == 3 && __GNUC_MINOR__ >= 3) && defined(OS2_HIGH_MEMORY) +# include /* has to be included before os2.h for linking to work */ +# endif +# define INCL_DOSDATETIME +# define INCL_DOSFILEMGR +# define INCL_DOSERRORS +# define INCL_DOSMISC +# define INCL_DOSPROCESS +# define INCL_DOSMODULEMGR +# define INCL_DOSSEMAPHORES +# include +# include +# define SQLITE_TEMPNAME_SIZE (CCHMAXPATHCOMP) +#else +# define SQLITE_TEMPNAME_SIZE 200 +#endif + +/* If the SET_FULLSYNC macro is not defined above, then make it +** a no-op +*/ +#ifndef SET_FULLSYNC +# define SET_FULLSYNC(x,y) +#endif + +/* +** The default size of a disk sector +*/ +#ifndef SQLITE_DEFAULT_SECTOR_SIZE +# define SQLITE_DEFAULT_SECTOR_SIZE 512 +#endif + +/* +** Temporary files are named starting with this prefix followed by 16 random +** alphanumeric characters, and no file extension. They are stored in the +** OS's standard temporary file directory, and are deleted prior to exit. +** If sqlite is being embedded in another program, you may wish to change the +** prefix to reflect your program's name, so that if your program exits +** prematurely, old temporary files can be easily identified. This can be done +** using -DSQLITE_TEMP_FILE_PREFIX=myprefix_ on the compiler command line. +** +** 2006-10-31: The default prefix used to be "sqlite_". But then +** Mcafee started using SQLite in their anti-virus product and it +** started putting files with the "sqlite" name in the c:/temp folder. +** This annoyed many windows users. Those users would then do a +** Google search for "sqlite", find the telephone numbers of the +** developers and call to wake them up at night and complain. +** For this reason, the default name prefix is changed to be "sqlite" +** spelled backwards. So the temp files are still identified, but +** anybody smart enough to figure out the code is also likely smart +** enough to know that calling the developer will not help get rid +** of the file. +*/ +#ifndef SQLITE_TEMP_FILE_PREFIX +# define SQLITE_TEMP_FILE_PREFIX "etilqs_" +#endif + +/* +** The following values may be passed as the second argument to +** sqlite3OsLock(). The various locks exhibit the following semantics: +** +** SHARED: Any number of processes may hold a SHARED lock simultaneously. +** RESERVED: A single process may hold a RESERVED lock on a file at +** any time. Other processes may hold and obtain new SHARED locks. +** PENDING: A single process may hold a PENDING lock on a file at +** any one time. Existing SHARED locks may persist, but no new +** SHARED locks may be obtained by other processes. +** EXCLUSIVE: An EXCLUSIVE lock precludes all other locks. +** +** PENDING_LOCK may not be passed directly to sqlite3OsLock(). Instead, a +** process that requests an EXCLUSIVE lock may actually obtain a PENDING +** lock. This can be upgraded to an EXCLUSIVE lock by a subsequent call to +** sqlite3OsLock(). +*/ +#define NO_LOCK 0 +#define SHARED_LOCK 1 +#define RESERVED_LOCK 2 +#define PENDING_LOCK 3 +#define EXCLUSIVE_LOCK 4 + +/* +** File Locking Notes: (Mostly about windows but also some info for Unix) +** +** We cannot use LockFileEx() or UnlockFileEx() on Win95/98/ME because +** those functions are not available. So we use only LockFile() and +** UnlockFile(). +** +** LockFile() prevents not just writing but also reading by other processes. +** A SHARED_LOCK is obtained by locking a single randomly-chosen +** byte out of a specific range of bytes. The lock byte is obtained at +** random so two separate readers can probably access the file at the +** same time, unless they are unlucky and choose the same lock byte. +** An EXCLUSIVE_LOCK is obtained by locking all bytes in the range. +** There can only be one writer. A RESERVED_LOCK is obtained by locking +** a single byte of the file that is designated as the reserved lock byte. +** A PENDING_LOCK is obtained by locking a designated byte different from +** the RESERVED_LOCK byte. +** +** On WinNT/2K/XP systems, LockFileEx() and UnlockFileEx() are available, +** which means we can use reader/writer locks. When reader/writer locks +** are used, the lock is placed on the same range of bytes that is used +** for probabilistic locking in Win95/98/ME. Hence, the locking scheme +** will support two or more Win95 readers or two or more WinNT readers. +** But a single Win95 reader will lock out all WinNT readers and a single +** WinNT reader will lock out all other Win95 readers. +** +** The following #defines specify the range of bytes used for locking. +** SHARED_SIZE is the number of bytes available in the pool from which +** a random byte is selected for a shared lock. The pool of bytes for +** shared locks begins at SHARED_FIRST. +** +** The same locking strategy and +** byte ranges are used for Unix. This leaves open the possiblity of having +** clients on win95, winNT, and unix all talking to the same shared file +** and all locking correctly. To do so would require that samba (or whatever +** tool is being used for file sharing) implements locks correctly between +** windows and unix. I'm guessing that isn't likely to happen, but by +** using the same locking range we are at least open to the possibility. +** +** Locking in windows is manditory. For this reason, we cannot store +** actual data in the bytes used for locking. The pager never allocates +** the pages involved in locking therefore. SHARED_SIZE is selected so +** that all locks will fit on a single page even at the minimum page size. +** PENDING_BYTE defines the beginning of the locks. By default PENDING_BYTE +** is set high so that we don't have to allocate an unused page except +** for very large databases. But one should test the page skipping logic +** by setting PENDING_BYTE low and running the entire regression suite. +** +** Changing the value of PENDING_BYTE results in a subtly incompatible +** file format. Depending on how it is changed, you might not notice +** the incompatibility right away, even running a full regression test. +** The default location of PENDING_BYTE is the first byte past the +** 1GB boundary. +** +*/ +#ifdef SQLITE_OMIT_WSD +# define PENDING_BYTE (0x40000000) +#else +# define PENDING_BYTE sqlite3PendingByte +#endif +#define RESERVED_BYTE (PENDING_BYTE+1) +#define SHARED_FIRST (PENDING_BYTE+2) +#define SHARED_SIZE 510 + +/* +** Wrapper around OS specific sqlite3_os_init() function. +*/ +SQLITE_PRIVATE int sqlite3OsInit(void); + +/* +** Functions for accessing sqlite3_file methods +*/ +SQLITE_PRIVATE int sqlite3OsClose(sqlite3_file*); +SQLITE_PRIVATE int sqlite3OsRead(sqlite3_file*, void*, int amt, i64 offset); +SQLITE_PRIVATE int sqlite3OsWrite(sqlite3_file*, const void*, int amt, i64 offset); +SQLITE_PRIVATE int sqlite3OsTruncate(sqlite3_file*, i64 size); +SQLITE_PRIVATE int sqlite3OsSync(sqlite3_file*, int); +SQLITE_PRIVATE int sqlite3OsFileSize(sqlite3_file*, i64 *pSize); +SQLITE_PRIVATE int sqlite3OsLock(sqlite3_file*, int); +SQLITE_PRIVATE int sqlite3OsUnlock(sqlite3_file*, int); +SQLITE_PRIVATE int sqlite3OsCheckReservedLock(sqlite3_file *id, int *pResOut); +SQLITE_PRIVATE int sqlite3OsFileControl(sqlite3_file*,int,void*); +#define SQLITE_FCNTL_DB_UNCHANGED 0xca093fa0 +SQLITE_PRIVATE int sqlite3OsSectorSize(sqlite3_file *id); +SQLITE_PRIVATE int sqlite3OsDeviceCharacteristics(sqlite3_file *id); +SQLITE_PRIVATE int sqlite3OsShmMap(sqlite3_file *,int,int,int,void volatile **); +SQLITE_PRIVATE int sqlite3OsShmLock(sqlite3_file *id, int, int, int); +SQLITE_PRIVATE void sqlite3OsShmBarrier(sqlite3_file *id); +SQLITE_PRIVATE int sqlite3OsShmUnmap(sqlite3_file *id, int); + +/* +** Functions for accessing sqlite3_vfs methods +*/ +SQLITE_PRIVATE int sqlite3OsOpen(sqlite3_vfs *, const char *, sqlite3_file*, int, int *); +SQLITE_PRIVATE int sqlite3OsDelete(sqlite3_vfs *, const char *, int); +SQLITE_PRIVATE int sqlite3OsAccess(sqlite3_vfs *, const char *, int, int *pResOut); +SQLITE_PRIVATE int sqlite3OsFullPathname(sqlite3_vfs *, const char *, int, char *); +#ifndef SQLITE_OMIT_LOAD_EXTENSION +SQLITE_PRIVATE void *sqlite3OsDlOpen(sqlite3_vfs *, const char *); +SQLITE_PRIVATE void sqlite3OsDlError(sqlite3_vfs *, int, char *); +SQLITE_PRIVATE void (*sqlite3OsDlSym(sqlite3_vfs *, void *, const char *))(void); +SQLITE_PRIVATE void sqlite3OsDlClose(sqlite3_vfs *, void *); +#endif /* SQLITE_OMIT_LOAD_EXTENSION */ +SQLITE_PRIVATE int sqlite3OsRandomness(sqlite3_vfs *, int, char *); +SQLITE_PRIVATE int sqlite3OsSleep(sqlite3_vfs *, int); +SQLITE_PRIVATE int sqlite3OsCurrentTimeInt64(sqlite3_vfs *, sqlite3_int64*); + +/* +** Convenience functions for opening and closing files using +** sqlite3_malloc() to obtain space for the file-handle structure. +*/ +SQLITE_PRIVATE int sqlite3OsOpenMalloc(sqlite3_vfs *, const char *, sqlite3_file **, int,int*); +SQLITE_PRIVATE int sqlite3OsCloseFree(sqlite3_file *); + +#endif /* _SQLITE_OS_H_ */ + +/************** End of os.h **************************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ +/************** Include mutex.h in the middle of sqliteInt.h *****************/ +/************** Begin file mutex.h *******************************************/ +/* +** 2007 August 28 +** +** The author disclaims copyright to this source code. In place of +** a legal notice, here is a blessing: +** +** May you do good and not evil. +** May you find forgiveness for yourself and forgive others. +** May you share freely, never taking more than you give. +** +************************************************************************* +** +** This file contains the common header for all mutex implementations. +** The sqliteInt.h header #includes this file so that it is available +** to all source files. We break it out in an effort to keep the code +** better organized. +** +** NOTE: source files should *not* #include this header file directly. +** Source files should #include the sqliteInt.h file and let that file +** include this one indirectly. +*/ + + +/* +** Figure out what version of the code to use. The choices are +** +** SQLITE_MUTEX_OMIT No mutex logic. Not even stubs. The +** mutexes implemention cannot be overridden +** at start-time. +** +** SQLITE_MUTEX_NOOP For single-threaded applications. No +** mutual exclusion is provided. But this +** implementation can be overridden at +** start-time. +** +** SQLITE_MUTEX_PTHREADS For multi-threaded applications on Unix. +** +** SQLITE_MUTEX_W32 For multi-threaded applications on Win32. +** +** SQLITE_MUTEX_OS2 For multi-threaded applications on OS/2. +*/ +#if !SQLITE_THREADSAFE +# define SQLITE_MUTEX_OMIT +#endif +#if SQLITE_THREADSAFE && !defined(SQLITE_MUTEX_NOOP) +# if SQLITE_OS_UNIX +# define SQLITE_MUTEX_PTHREADS +# elif SQLITE_OS_WIN +# define SQLITE_MUTEX_W32 +# elif SQLITE_OS_OS2 +# define SQLITE_MUTEX_OS2 +# else +# define SQLITE_MUTEX_NOOP +# endif +#endif + +#ifdef SQLITE_MUTEX_OMIT +/* +** If this is a no-op implementation, implement everything as macros. +*/ +#define sqlite3_mutex_alloc(X) ((sqlite3_mutex*)8) +#define sqlite3_mutex_free(X) +#define sqlite3_mutex_enter(X) +#define sqlite3_mutex_try(X) SQLITE_OK +#define sqlite3_mutex_leave(X) +#define sqlite3_mutex_held(X) ((void)(X),1) +#define sqlite3_mutex_notheld(X) ((void)(X),1) +#define sqlite3MutexAlloc(X) ((sqlite3_mutex*)8) +#define sqlite3MutexInit() SQLITE_OK +#define sqlite3MutexEnd() +#endif /* defined(SQLITE_MUTEX_OMIT) */ + +/************** End of mutex.h ***********************************************/ +/************** Continuing where we left off in sqliteInt.h ******************/ + + +/* +** Each database file to be accessed by the system is an instance +** of the following structure. There are normally two of these structures +** in the sqlite.aDb[] array. aDb[0] is the main database file and +** aDb[1] is the database file used to hold temporary tables. Additional +** databases may be attached. +*/ +struct Db { + char *zName; /* Name of this database */ + Btree *pBt; /* The B*Tree structure for this database file */ + u8 inTrans; /* 0: not writable. 1: Transaction. 2: Checkpoint */ + u8 safety_level; /* How aggressive at syncing data to disk */ + Schema *pSchema; /* Pointer to database schema (possibly shared) */ +}; + +/* +** An instance of the following structure stores a database schema. +** +** Most Schema objects are associated with a Btree. The exception is +** the Schema for the TEMP databaes (sqlite3.aDb[1]) which is free-standing. +** In shared cache mode, a single Schema object can be shared by multiple +** Btrees that refer to the same underlying BtShared object. +** +** Schema objects are automatically deallocated when the last Btree that +** references them is destroyed. The TEMP Schema is manually freed by +** sqlite3_close(). +* +** A thread must be holding a mutex on the corresponding Btree in order +** to access Schema content. This implies that the thread must also be +** holding a mutex on the sqlite3 connection pointer that owns the Btree. +** For a TEMP Schema, only the connection mutex is required. +*/ +struct Schema { + int schema_cookie; /* Database schema version number for this file */ + int iGeneration; /* Generation counter. Incremented with each change */ + Hash tblHash; /* All tables indexed by name */ + Hash idxHash; /* All (named) indices indexed by name */ + Hash trigHash; /* All triggers indexed by name */ + Hash fkeyHash; /* All foreign keys by referenced table name */ + Table *pSeqTab; /* The sqlite_sequence table used by AUTOINCREMENT */ + u8 file_format; /* Schema format version for this file */ + u8 enc; /* Text encoding used by this database */ + u16 flags; /* Flags associated with this schema */ + int cache_size; /* Number of pages to use in the cache */ +}; + +/* +** These macros can be used to test, set, or clear bits in the +** Db.pSchema->flags field. +*/ +#define DbHasProperty(D,I,P) (((D)->aDb[I].pSchema->flags&(P))==(P)) +#define DbHasAnyProperty(D,I,P) (((D)->aDb[I].pSchema->flags&(P))!=0) +#define DbSetProperty(D,I,P) (D)->aDb[I].pSchema->flags|=(P) +#define DbClearProperty(D,I,P) (D)->aDb[I].pSchema->flags&=~(P) + +/* +** Allowed values for the DB.pSchema->flags field. +** +** The DB_SchemaLoaded flag is set after the database schema has been +** read into internal hash tables. +** +** DB_UnresetViews means that one or more views have column names that +** have been filled out. If the schema changes, these column names might +** changes and so the view will need to be reset. +*/ +#define DB_SchemaLoaded 0x0001 /* The schema has been loaded */ +#define DB_UnresetViews 0x0002 /* Some views have defined column names */ +#define DB_Empty 0x0004 /* The file is empty (length 0 bytes) */ + +/* +** The number of different kinds of things that can be limited +** using the sqlite3_limit() interface. +*/ +#define SQLITE_N_LIMIT (SQLITE_LIMIT_TRIGGER_DEPTH+1) + +/* +** Lookaside malloc is a set of fixed-size buffers that can be used +** to satisfy small transient memory allocation requests for objects +** associated with a particular database connection. The use of +** lookaside malloc provides a significant performance enhancement +** (approx 10%) by avoiding numerous malloc/free requests while parsing +** SQL statements. +** +** The Lookaside structure holds configuration information about the +** lookaside malloc subsystem. Each available memory allocation in +** the lookaside subsystem is stored on a linked list of LookasideSlot +** objects. +** +** Lookaside allocations are only allowed for objects that are associated +** with a particular database connection. Hence, schema information cannot +** be stored in lookaside because in shared cache mode the schema information +** is shared by multiple database connections. Therefore, while parsing +** schema information, the Lookaside.bEnabled flag is cleared so that +** lookaside allocations are not used to construct the schema objects. +*/ +struct Lookaside { + u16 sz; /* Size of each buffer in bytes */ + u8 bEnabled; /* False to disable new lookaside allocations */ + u8 bMalloced; /* True if pStart obtained from sqlite3_malloc() */ + int nOut; /* Number of buffers currently checked out */ + int mxOut; /* Highwater mark for nOut */ + int anStat[3]; /* 0: hits. 1: size misses. 2: full misses */ + LookasideSlot *pFree; /* List of available buffers */ + void *pStart; /* First byte of available memory space */ + void *pEnd; /* First byte past end of available space */ +}; +struct LookasideSlot { + LookasideSlot *pNext; /* Next buffer in the list of free buffers */ +}; + +/* +** A hash table for function definitions. +** +** Hash each FuncDef structure into one of the FuncDefHash.a[] slots. +** Collisions are on the FuncDef.pHash chain. +*/ +struct FuncDefHash { + FuncDef *a[23]; /* Hash table for functions */ +}; + +/* +** Each database connection is an instance of the following structure. +** +** The sqlite.lastRowid records the last insert rowid generated by an +** insert statement. Inserts on views do not affect its value. Each +** trigger has its own context, so that lastRowid can be updated inside +** triggers as usual. The previous value will be restored once the trigger +** exits. Upon entering a before or instead of trigger, lastRowid is no +** longer (since after version 2.8.12) reset to -1. +** +** The sqlite.nChange does not count changes within triggers and keeps no +** context. It is reset at start of sqlite3_exec. +** The sqlite.lsChange represents the number of changes made by the last +** insert, update, or delete statement. It remains constant throughout the +** length of a statement and is then updated by OP_SetCounts. It keeps a +** context stack just like lastRowid so that the count of changes +** within a trigger is not seen outside the trigger. Changes to views do not +** affect the value of lsChange. +** The sqlite.csChange keeps track of the number of current changes (since +** the last statement) and is used to update sqlite_lsChange. +** +** The member variables sqlite.errCode, sqlite.zErrMsg and sqlite.zErrMsg16 +** store the most recent error code and, if applicable, string. The +** internal function sqlite3Error() is used to set these variables +** consistently. +*/ +struct sqlite3 { + sqlite3_vfs *pVfs; /* OS Interface */ + int nDb; /* Number of backends currently in use */ + Db *aDb; /* All backends */ + int flags; /* Miscellaneous flags. See below */ + unsigned int openFlags; /* Flags passed to sqlite3_vfs.xOpen() */ + int errCode; /* Most recent error code (SQLITE_*) */ + int errMask; /* & result codes with this before returning */ + u8 autoCommit; /* The auto-commit flag. */ + u8 temp_store; /* 1: file 2: memory 0: default */ + u8 mallocFailed; /* True if we have seen a malloc failure */ + u8 dfltLockMode; /* Default locking-mode for attached dbs */ + signed char nextAutovac; /* Autovac setting after VACUUM if >=0 */ + u8 suppressErr; /* Do not issue error messages if true */ + u8 vtabOnConflict; /* Value to return for s3_vtab_on_conflict() */ + int nextPagesize; /* Pagesize after VACUUM if >0 */ + int nTable; /* Number of tables in the database */ + CollSeq *pDfltColl; /* The default collating sequence (BINARY) */ + i64 lastRowid; /* ROWID of most recent insert (see above) */ + u32 magic; /* Magic number for detect library misuse */ + int nChange; /* Value returned by sqlite3_changes() */ + int nTotalChange; /* Value returned by sqlite3_total_changes() */ + sqlite3_mutex *mutex; /* Connection mutex */ + int aLimit[SQLITE_N_LIMIT]; /* Limits */ + struct sqlite3InitInfo { /* Information used during initialization */ + int iDb; /* When back is being initialized */ + int newTnum; /* Rootpage of table being initialized */ + u8 busy; /* TRUE if currently initializing */ + u8 orphanTrigger; /* Last statement is orphaned TEMP trigger */ + } init; + int nExtension; /* Number of loaded extensions */ + void **aExtension; /* Array of shared library handles */ + struct Vdbe *pVdbe; /* List of active virtual machines */ + int activeVdbeCnt; /* Number of VDBEs currently executing */ + int writeVdbeCnt; /* Number of active VDBEs that are writing */ + int vdbeExecCnt; /* Number of nested calls to VdbeExec() */ + void (*xTrace)(void*,const char*); /* Trace function */ + void *pTraceArg; /* Argument to the trace function */ + void (*xProfile)(void*,const char*,u64); /* Profiling function */ + void *pProfileArg; /* Argument to profile function */ + void *pCommitArg; /* Argument to xCommitCallback() */ + int (*xCommitCallback)(void*); /* Invoked at every commit. */ + void *pRollbackArg; /* Argument to xRollbackCallback() */ + void (*xRollbackCallback)(void*); /* Invoked at every commit. */ + void *pUpdateArg; + void (*xUpdateCallback)(void*,int, const char*,const char*,sqlite_int64); +#ifndef SQLITE_OMIT_WAL + int (*xWalCallback)(void *, sqlite3 *, const char *, int); + void *pWalArg; +#endif + void(*xCollNeeded)(void*,sqlite3*,int eTextRep,const char*); + void(*xCollNeeded16)(void*,sqlite3*,int eTextRep,const void*); + void *pCollNeededArg; + sqlite3_value *pErr; /* Most recent error message */ + char *zErrMsg; /* Most recent error message (UTF-8 encoded) */ + char *zErrMsg16; /* Most recent error message (UTF-16 encoded) */ + union { + volatile int isInterrupted; /* True if sqlite3_interrupt has been called */ + double notUsed1; /* Spacer */ + } u1; + Lookaside lookaside; /* Lookaside malloc configuration */ +#ifndef SQLITE_OMIT_AUTHORIZATION + int (*xAuth)(void*,int,const char*,const char*,const char*,const char*); + /* Access authorization function */ + void *pAuthArg; /* 1st argument to the access auth function */ +#endif +#ifndef SQLITE_OMIT_PROGRESS_CALLBACK + int (*xProgress)(void *); /* The progress callback */ + void *pProgressArg; /* Argument to the progress callback */ + int nProgressOps; /* Number of opcodes for progress callback */ +#endif +#ifndef SQLITE_OMIT_VIRTUALTABLE + Hash aModule; /* populated by sqlite3_create_module() */ + VtabCtx *pVtabCtx; /* Context for active vtab connect/create */ + VTable **aVTrans; /* Virtual tables with open transactions */ + int nVTrans; /* Allocated size of aVTrans */ + VTable *pDisconnect; /* Disconnect these in next sqlite3_prepare() */ +#endif + FuncDefHash aFunc; /* Hash table of connection functions */ + Hash aCollSeq; /* All collating sequences */ + BusyHandler busyHandler; /* Busy callback */ + int busyTimeout; /* Busy handler timeout, in msec */ + Db aDbStatic[2]; /* Static space for the 2 default backends */ + Savepoint *pSavepoint; /* List of active savepoints */ + int nSavepoint; /* Number of non-transaction savepoints */ + int nStatement; /* Number of nested statement-transactions */ + u8 isTransactionSavepoint; /* True if the outermost savepoint is a TS */ + i64 nDeferredCons; /* Net deferred constraints this transaction. */ + int *pnBytesFreed; /* If not NULL, increment this in DbFree() */ + +#ifdef SQLITE_ENABLE_UNLOCK_NOTIFY + /* The following variables are all protected by the STATIC_MASTER + ** mutex, not by sqlite3.mutex. They are used by code in notify.c. + ** + ** When X.pUnlockConnection==Y, that means that X is waiting for Y to + ** unlock so that it can proceed. + ** + ** When X.pBlockingConnection==Y, that means that something that X tried + ** tried to do recently failed with an SQLITE_LOCKED error due to locks + ** held by Y. + */ + sqlite3 *pBlockingConnection; /* Connection that caused SQLITE_LOCKED */ + sqlite3 *pUnlockConnection; /* Connection to watch for unlock */ + void *pUnlockArg; /* Argument to xUnlockNotify */ + void (*xUnlockNotify)(void **, int); /* Unlock notify callback */ + sqlite3 *pNextBlocked; /* Next in list of all blocked connections */ +#endif +}; + +/* +** A macro to discover the encoding of a database. +*/ +#define ENC(db) ((db)->aDb[0].pSchema->enc) + +/* +** Possible values for the sqlite3.flags. +*/ +#define SQLITE_VdbeTrace 0x00000100 /* True to trace VDBE execution */ +#define SQLITE_InternChanges 0x00000200 /* Uncommitted Hash table changes */ +#define SQLITE_FullColNames 0x00000400 /* Show full column names on SELECT */ +#define SQLITE_ShortColNames 0x00000800 /* Show short columns names */ +#define SQLITE_CountRows 0x00001000 /* Count rows changed by INSERT, */ + /* DELETE, or UPDATE and return */ + /* the count using a callback. */ +#define SQLITE_NullCallback 0x00002000 /* Invoke the callback once if the */ + /* result set is empty */ +#define SQLITE_SqlTrace 0x00004000 /* Debug print SQL as it executes */ +#define SQLITE_VdbeListing 0x00008000 /* Debug listings of VDBE programs */ +#define SQLITE_WriteSchema 0x00010000 /* OK to update SQLITE_MASTER */ +#define SQLITE_NoReadlock 0x00020000 /* Readlocks are omitted when + ** accessing read-only databases */ +#define SQLITE_IgnoreChecks 0x00040000 /* Do not enforce check constraints */ +#define SQLITE_ReadUncommitted 0x0080000 /* For shared-cache mode */ +#define SQLITE_LegacyFileFmt 0x00100000 /* Create new databases in format 1 */ +#define SQLITE_FullFSync 0x00200000 /* Use full fsync on the backend */ +#define SQLITE_CkptFullFSync 0x00400000 /* Use full fsync for checkpoint */ +#define SQLITE_RecoveryMode 0x00800000 /* Ignore schema errors */ +#define SQLITE_ReverseOrder 0x01000000 /* Reverse unordered SELECTs */ +#define SQLITE_RecTriggers 0x02000000 /* Enable recursive triggers */ +#define SQLITE_ForeignKeys 0x04000000 /* Enforce foreign key constraints */ +#define SQLITE_AutoIndex 0x08000000 /* Enable automatic indexes */ +#define SQLITE_PreferBuiltin 0x10000000 /* Preference to built-in funcs */ +#define SQLITE_LoadExtension 0x20000000 /* Enable load_extension */ +#define SQLITE_EnableTrigger 0x40000000 /* True to enable triggers */ + +/* +** Bits of the sqlite3.flags field that are used by the +** sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS,...) interface. +** These must be the low-order bits of the flags field. +*/ +#define SQLITE_QueryFlattener 0x01 /* Disable query flattening */ +#define SQLITE_ColumnCache 0x02 /* Disable the column cache */ +#define SQLITE_IndexSort 0x04 /* Disable indexes for sorting */ +#define SQLITE_IndexSearch 0x08 /* Disable indexes for searching */ +#define SQLITE_IndexCover 0x10 /* Disable index covering table */ +#define SQLITE_GroupByOrder 0x20 /* Disable GROUPBY cover of ORDERBY */ +#define SQLITE_FactorOutConst 0x40 /* Disable factoring out constants */ +#define SQLITE_IdxRealAsInt 0x80 /* Store REAL as INT in indices */ +#define SQLITE_DistinctOpt 0x80 /* DISTINCT using indexes */ +#define SQLITE_OptMask 0xff /* Mask of all disablable opts */ + +/* +** Possible values for the sqlite.magic field. +** The numbers are obtained at random and have no special meaning, other +** than being distinct from one another. +*/ +#define SQLITE_MAGIC_OPEN 0xa029a697 /* Database is open */ +#define SQLITE_MAGIC_CLOSED 0x9f3c2d33 /* Database is closed */ +#define SQLITE_MAGIC_SICK 0x4b771290 /* Error and awaiting close */ +#define SQLITE_MAGIC_BUSY 0xf03b7906 /* Database currently in use */ +#define SQLITE_MAGIC_ERROR 0xb5357930 /* An SQLITE_MISUSE error occurred */ + +/* +** Each SQL function is defined by an instance of the following +** structure. A pointer to this structure is stored in the sqlite.aFunc +** hash table. When multiple functions have the same name, the hash table +** points to a linked list of these structures. +*/ +struct FuncDef { + i16 nArg; /* Number of arguments. -1 means unlimited */ + u8 iPrefEnc; /* Preferred text encoding (SQLITE_UTF8, 16LE, 16BE) */ + u8 flags; /* Some combination of SQLITE_FUNC_* */ + void *pUserData; /* User data parameter */ + FuncDef *pNext; /* Next function with same name */ + void (*xFunc)(sqlite3_context*,int,sqlite3_value**); /* Regular function */ + void (*xStep)(sqlite3_context*,int,sqlite3_value**); /* Aggregate step */ + void (*xFinalize)(sqlite3_context*); /* Aggregate finalizer */ + char *zName; /* SQL name of the function. */ + FuncDef *pHash; /* Next with a different name but the same hash */ + FuncDestructor *pDestructor; /* Reference counted destructor function */ +}; + +/* +** This structure encapsulates a user-function destructor callback (as +** configured using create_function_v2()) and a reference counter. When +** create_function_v2() is called to create a function with a destructor, +** a single object of this type is allocated. FuncDestructor.nRef is set to +** the number of FuncDef objects created (either 1 or 3, depending on whether +** or not the specified encoding is SQLITE_ANY). The FuncDef.pDestructor +** member of each of the new FuncDef objects is set to point to the allocated +** FuncDestructor. +** +** Thereafter, when one of the FuncDef objects is deleted, the reference +** count on this object is decremented. When it reaches 0, the destructor +** is invoked and the FuncDestructor structure freed. +*/ +struct FuncDestructor { + int nRef; + void (*xDestroy)(void *); + void *pUserData; +}; + +/* +** Possible values for FuncDef.flags +*/ +#define SQLITE_FUNC_LIKE 0x01 /* Candidate for the LIKE optimization */ +#define SQLITE_FUNC_CASE 0x02 /* Case-sensitive LIKE-type function */ +#define SQLITE_FUNC_EPHEM 0x04 /* Ephemeral. Delete with VDBE */ +#define SQLITE_FUNC_NEEDCOLL 0x08 /* sqlite3GetFuncCollSeq() might be called */ +#define SQLITE_FUNC_PRIVATE 0x10 /* Allowed for internal use only */ +#define SQLITE_FUNC_COUNT 0x20 /* Built-in count(*) aggregate */ +#define SQLITE_FUNC_COALESCE 0x40 /* Built-in coalesce() or ifnull() function */ + +/* +** The following three macros, FUNCTION(), LIKEFUNC() and AGGREGATE() are +** used to create the initializers for the FuncDef structures. +** +** FUNCTION(zName, nArg, iArg, bNC, xFunc) +** Used to create a scalar function definition of a function zName +** implemented by C function xFunc that accepts nArg arguments. The +** value passed as iArg is cast to a (void*) and made available +** as the user-data (sqlite3_user_data()) for the function. If +** argument bNC is true, then the SQLITE_FUNC_NEEDCOLL flag is set. +** +** AGGREGATE(zName, nArg, iArg, bNC, xStep, xFinal) +** Used to create an aggregate function definition implemented by +** the C functions xStep and xFinal. The first four parameters +** are interpreted in the same way as the first 4 parameters to +** FUNCTION(). +** +** LIKEFUNC(zName, nArg, pArg, flags) +** Used to create a scalar function definition of a function zName +** that accepts nArg arguments and is implemented by a call to C +** function likeFunc. Argument pArg is cast to a (void *) and made +** available as the function user-data (sqlite3_user_data()). The +** FuncDef.flags variable is set to the value passed as the flags +** parameter. +*/ +#define FUNCTION(zName, nArg, iArg, bNC, xFunc) \ + {nArg, SQLITE_UTF8, bNC*SQLITE_FUNC_NEEDCOLL, \ + SQLITE_INT_TO_PTR(iArg), 0, xFunc, 0, 0, #zName, 0, 0} +#define STR_FUNCTION(zName, nArg, pArg, bNC, xFunc) \ + {nArg, SQLITE_UTF8, bNC*SQLITE_FUNC_NEEDCOLL, \ + pArg, 0, xFunc, 0, 0, #zName, 0, 0} +#define LIKEFUNC(zName, nArg, arg, flags) \ + {nArg, SQLITE_UTF8, flags, (void *)arg, 0, likeFunc, 0, 0, #zName, 0, 0} +#define AGGREGATE(zName, nArg, arg, nc, xStep, xFinal) \ + {nArg, SQLITE_UTF8, nc*SQLITE_FUNC_NEEDCOLL, \ + SQLITE_INT_TO_PTR(arg), 0, 0, xStep,xFinal,#zName,0,0} + +/* +** All current savepoints are stored in a linked list starting at +** sqlite3.pSavepoint. The first element in the list is the most recently +** opened savepoint. Savepoints are added to the list by the vdbe +** OP_Savepoint instruction. +*/ +struct Savepoint { + char *zName; /* Savepoint name (nul-terminated) */ + i64 nDeferredCons; /* Number of deferred fk violations */ + Savepoint *pNext; /* Parent savepoint (if any) */ +}; + +/* +** The following are used as the second parameter to sqlite3Savepoint(), +** and as the P1 argument to the OP_Savepoint instruction. +*/ +#define SAVEPOINT_BEGIN 0 +#define SAVEPOINT_RELEASE 1 +#define SAVEPOINT_ROLLBACK 2 + + +/* +** Each SQLite module (virtual table definition) is defined by an +** instance of the following structure, stored in the sqlite3.aModule +** hash table. +*/ +struct Module { + const sqlite3_module *pModule; /* Callback pointers */ + const char *zName; /* Name passed to create_module() */ + void *pAux; /* pAux passed to create_module() */ + void (*xDestroy)(void *); /* Module destructor function */ +}; + +/* +** information about each column of an SQL table is held in an instance +** of this structure. +*/ +struct Column { + char *zName; /* Name of this column */ + Expr *pDflt; /* Default value of this column */ + char *zDflt; /* Original text of the default value */ + char *zType; /* Data type for this column */ + char *zColl; /* Collating sequence. If NULL, use the default */ + u8 notNull; /* True if there is a NOT NULL constraint */ + u8 isPrimKey; /* True if this column is part of the PRIMARY KEY */ + char affinity; /* One of the SQLITE_AFF_... values */ +#ifndef SQLITE_OMIT_VIRTUALTABLE + u8 isHidden; /* True if this column is 'hidden' */ +#endif +}; + +/* +** A "Collating Sequence" is defined by an instance of the following +** structure. Conceptually, a collating sequence consists of a name and +** a comparison routine that defines the order of that sequence. +** +** There may two separate implementations of the collation function, one +** that processes text in UTF-8 encoding (CollSeq.xCmp) and another that +** processes text encoded in UTF-16 (CollSeq.xCmp16), using the machine +** native byte order. When a collation sequence is invoked, SQLite selects +** the version that will require the least expensive encoding +** translations, if any. +** +** The CollSeq.pUser member variable is an extra parameter that passed in +** as the first argument to the UTF-8 comparison function, xCmp. +** CollSeq.pUser16 is the equivalent for the UTF-16 comparison function, +** xCmp16. +** +** If both CollSeq.xCmp and CollSeq.xCmp16 are NULL, it means that the +** collating sequence is undefined. Indices built on an undefined +** collating sequence may not be read or written. +*/ +struct CollSeq { + char *zName; /* Name of the collating sequence, UTF-8 encoded */ + u8 enc; /* Text encoding handled by xCmp() */ + u8 type; /* One of the SQLITE_COLL_... values below */ + void *pUser; /* First argument to xCmp() */ + int (*xCmp)(void*,int, const void*, int, const void*); + void (*xDel)(void*); /* Destructor for pUser */ +}; + +/* +** Allowed values of CollSeq.type: +*/ +#define SQLITE_COLL_BINARY 1 /* The default memcmp() collating sequence */ +#define SQLITE_COLL_NOCASE 2 /* The built-in NOCASE collating sequence */ +#define SQLITE_COLL_REVERSE 3 /* The built-in REVERSE collating sequence */ +#define SQLITE_COLL_USER 0 /* Any other user-defined collating sequence */ + +/* +** A sort order can be either ASC or DESC. +*/ +#define SQLITE_SO_ASC 0 /* Sort in ascending order */ +#define SQLITE_SO_DESC 1 /* Sort in ascending order */ + +/* +** Column affinity types. +** +** These used to have mnemonic name like 'i' for SQLITE_AFF_INTEGER and +** 't' for SQLITE_AFF_TEXT. But we can save a little space and improve +** the speed a little by numbering the values consecutively. +** +** But rather than start with 0 or 1, we begin with 'a'. That way, +** when multiple affinity types are concatenated into a string and +** used as the P4 operand, they will be more readable. +** +** Note also that the numeric types are grouped together so that testing +** for a numeric type is a single comparison. +*/ +#define SQLITE_AFF_TEXT 'a' +#define SQLITE_AFF_NONE 'b' +#define SQLITE_AFF_NUMERIC 'c' +#define SQLITE_AFF_INTEGER 'd' +#define SQLITE_AFF_REAL 'e' + +#define sqlite3IsNumericAffinity(X) ((X)>=SQLITE_AFF_NUMERIC) + +/* +** The SQLITE_AFF_MASK values masks off the significant bits of an +** affinity value. +*/ +#define SQLITE_AFF_MASK 0x67 + +/* +** Additional bit values that can be ORed with an affinity without +** changing the affinity. +*/ +#define SQLITE_JUMPIFNULL 0x08 /* jumps if either operand is NULL */ +#define SQLITE_STOREP2 0x10 /* Store result in reg[P2] rather than jump */ +#define SQLITE_NULLEQ 0x80 /* NULL=NULL */ + +/* +** An object of this type is created for each virtual table present in +** the database schema. +** +** If the database schema is shared, then there is one instance of this +** structure for each database connection (sqlite3*) that uses the shared +** schema. This is because each database connection requires its own unique +** instance of the sqlite3_vtab* handle used to access the virtual table +** implementation. sqlite3_vtab* handles can not be shared between +** database connections, even when the rest of the in-memory database +** schema is shared, as the implementation often stores the database +** connection handle passed to it via the xConnect() or xCreate() method +** during initialization internally. This database connection handle may +** then be used by the virtual table implementation to access real tables +** within the database. So that they appear as part of the callers +** transaction, these accesses need to be made via the same database +** connection as that used to execute SQL operations on the virtual table. +** +** All VTable objects that correspond to a single table in a shared +** database schema are initially stored in a linked-list pointed to by +** the Table.pVTable member variable of the corresponding Table object. +** When an sqlite3_prepare() operation is required to access the virtual +** table, it searches the list for the VTable that corresponds to the +** database connection doing the preparing so as to use the correct +** sqlite3_vtab* handle in the compiled query. +** +** When an in-memory Table object is deleted (for example when the +** schema is being reloaded for some reason), the VTable objects are not +** deleted and the sqlite3_vtab* handles are not xDisconnect()ed +** immediately. Instead, they are moved from the Table.pVTable list to +** another linked list headed by the sqlite3.pDisconnect member of the +** corresponding sqlite3 structure. They are then deleted/xDisconnected +** next time a statement is prepared using said sqlite3*. This is done +** to avoid deadlock issues involving multiple sqlite3.mutex mutexes. +** Refer to comments above function sqlite3VtabUnlockList() for an +** explanation as to why it is safe to add an entry to an sqlite3.pDisconnect +** list without holding the corresponding sqlite3.mutex mutex. +** +** The memory for objects of this type is always allocated by +** sqlite3DbMalloc(), using the connection handle stored in VTable.db as +** the first argument. +*/ +struct VTable { + sqlite3 *db; /* Database connection associated with this table */ + Module *pMod; /* Pointer to module implementation */ + sqlite3_vtab *pVtab; /* Pointer to vtab instance */ + int nRef; /* Number of pointers to this structure */ + u8 bConstraint; /* True if constraints are supported */ + int iSavepoint; /* Depth of the SAVEPOINT stack */ + VTable *pNext; /* Next in linked list (see above) */ +}; + +/* +** Each SQL table is represented in memory by an instance of the +** following structure. +** +** Table.zName is the name of the table. The case of the original +** CREATE TABLE statement is stored, but case is not significant for +** comparisons. +** +** Table.nCol is the number of columns in this table. Table.aCol is a +** pointer to an array of Column structures, one for each column. +** +** If the table has an INTEGER PRIMARY KEY, then Table.iPKey is the index of +** the column that is that key. Otherwise Table.iPKey is negative. Note +** that the datatype of the PRIMARY KEY must be INTEGER for this field to +** be set. An INTEGER PRIMARY KEY is used as the rowid for each row of +** the table. If a table has no INTEGER PRIMARY KEY, then a random rowid +** is generated for each row of the table. TF_HasPrimaryKey is set if +** the table has any PRIMARY KEY, INTEGER or otherwise. +** +** Table.tnum is the page number for the root BTree page of the table in the +** database file. If Table.iDb is the index of the database table backend +** in sqlite.aDb[]. 0 is for the main database and 1 is for the file that +** holds temporary tables and indices. If TF_Ephemeral is set +** then the table is stored in a file that is automatically deleted +** when the VDBE cursor to the table is closed. In this case Table.tnum +** refers VDBE cursor number that holds the table open, not to the root +** page number. Transient tables are used to hold the results of a +** sub-query that appears instead of a real table name in the FROM clause +** of a SELECT statement. +*/ +struct Table { + char *zName; /* Name of the table or view */ + int iPKey; /* If not negative, use aCol[iPKey] as the primary key */ + int nCol; /* Number of columns in this table */ + Column *aCol; /* Information about each column */ + Index *pIndex; /* List of SQL indexes on this table. */ + int tnum; /* Root BTree node for this table (see note above) */ + unsigned nRowEst; /* Estimated rows in table - from sqlite_stat1 table */ + Select *pSelect; /* NULL for tables. Points to definition if a view. */ + u16 nRef; /* Number of pointers to this Table */ + u8 tabFlags; /* Mask of TF_* values */ + u8 keyConf; /* What to do in case of uniqueness conflict on iPKey */ + FKey *pFKey; /* Linked list of all foreign keys in this table */ + char *zColAff; /* String defining the affinity of each column */ +#ifndef SQLITE_OMIT_CHECK + Expr *pCheck; /* The AND of all CHECK constraints */ +#endif +#ifndef SQLITE_OMIT_ALTERTABLE + int addColOffset; /* Offset in CREATE TABLE stmt to add a new column */ +#endif +#ifndef SQLITE_OMIT_VIRTUALTABLE + VTable *pVTable; /* List of VTable objects. */ + int nModuleArg; /* Number of arguments to the module */ + char **azModuleArg; /* Text of all module args. [0] is module name */ +#endif + Trigger *pTrigger; /* List of triggers stored in pSchema */ + Schema *pSchema; /* Schema that contains this table */ + Table *pNextZombie; /* Next on the Parse.pZombieTab list */ +}; + +/* +** Allowed values for Tabe.tabFlags. +*/ +#define TF_Readonly 0x01 /* Read-only system table */ +#define TF_Ephemeral 0x02 /* An ephemeral table */ +#define TF_HasPrimaryKey 0x04 /* Table has a primary key */ +#define TF_Autoincrement 0x08 /* Integer primary key is autoincrement */ +#define TF_Virtual 0x10 /* Is a virtual table */ +#define TF_NeedMetadata 0x20 /* aCol[].zType and aCol[].pColl missing */ + + + +/* +** Test to see whether or not a table is a virtual table. This is +** done as a macro so that it will be optimized out when virtual +** table support is omitted from the build. +*/ +#ifndef SQLITE_OMIT_VIRTUALTABLE +# define IsVirtual(X) (((X)->tabFlags & TF_Virtual)!=0) +# define IsHiddenColumn(X) ((X)->isHidden) +#else +# define IsVirtual(X) 0 +# define IsHiddenColumn(X) 0 +#endif + +/* +** Each foreign key constraint is an instance of the following structure. +** +** A foreign key is associated with two tables. The "from" table is +** the table that contains the REFERENCES clause that creates the foreign +** key. The "to" table is the table that is named in the REFERENCES clause. +** Consider this example: +** +** CREATE TABLE ex1( +** a INTEGER PRIMARY KEY, +** b INTEGER CONSTRAINT fk1 REFERENCES ex2(x) +** ); +** +** For foreign key "fk1", the from-table is "ex1" and the to-table is "ex2". +** +** Each REFERENCES clause generates an instance of the following structure +** which is attached to the from-table. The to-table need not exist when +** the from-table is created. The existence of the to-table is not checked. +*/ +struct FKey { + Table *pFrom; /* Table containing the REFERENCES clause (aka: Child) */ + FKey *pNextFrom; /* Next foreign key in pFrom */ + char *zTo; /* Name of table that the key points to (aka: Parent) */ + FKey *pNextTo; /* Next foreign key on table named zTo */ + FKey *pPrevTo; /* Previous foreign key on table named zTo */ + int nCol; /* Number of columns in this key */ + /* EV: R-30323-21917 */ + u8 isDeferred; /* True if constraint checking is deferred till COMMIT */ + u8 aAction[2]; /* ON DELETE and ON UPDATE actions, respectively */ + Trigger *apTrigger[2]; /* Triggers for aAction[] actions */ + struct sColMap { /* Mapping of columns in pFrom to columns in zTo */ + int iFrom; /* Index of column in pFrom */ + char *zCol; /* Name of column in zTo. If 0 use PRIMARY KEY */ + } aCol[1]; /* One entry for each of nCol column s */ +}; + +/* +** SQLite supports many different ways to resolve a constraint +** error. ROLLBACK processing means that a constraint violation +** causes the operation in process to fail and for the current transaction +** to be rolled back. ABORT processing means the operation in process +** fails and any prior changes from that one operation are backed out, +** but the transaction is not rolled back. FAIL processing means that +** the operation in progress stops and returns an error code. But prior +** changes due to the same operation are not backed out and no rollback +** occurs. IGNORE means that the particular row that caused the constraint +** error is not inserted or updated. Processing continues and no error +** is returned. REPLACE means that preexisting database rows that caused +** a UNIQUE constraint violation are removed so that the new insert or +** update can proceed. Processing continues and no error is reported. +** +** RESTRICT, SETNULL, and CASCADE actions apply only to foreign keys. +** RESTRICT is the same as ABORT for IMMEDIATE foreign keys and the +** same as ROLLBACK for DEFERRED keys. SETNULL means that the foreign +** key is set to NULL. CASCADE means that a DELETE or UPDATE of the +** referenced table row is propagated into the row that holds the +** foreign key. +** +** The following symbolic values are used to record which type +** of action to take. +*/ +#define OE_None 0 /* There is no constraint to check */ +#define OE_Rollback 1 /* Fail the operation and rollback the transaction */ +#define OE_Abort 2 /* Back out changes but do no rollback transaction */ +#define OE_Fail 3 /* Stop the operation but leave all prior changes */ +#define OE_Ignore 4 /* Ignore the error. Do not do the INSERT or UPDATE */ +#define OE_Replace 5 /* Delete existing record, then do INSERT or UPDATE */ + +#define OE_Restrict 6 /* OE_Abort for IMMEDIATE, OE_Rollback for DEFERRED */ +#define OE_SetNull 7 /* Set the foreign key value to NULL */ +#define OE_SetDflt 8 /* Set the foreign key value to its default */ +#define OE_Cascade 9 /* Cascade the changes */ + +#define OE_Default 99 /* Do whatever the default action is */ + + +/* +** An instance of the following structure is passed as the first +** argument to sqlite3VdbeKeyCompare and is used to control the +** comparison of the two index keys. +*/ +struct KeyInfo { + sqlite3 *db; /* The database connection */ + u8 enc; /* Text encoding - one of the SQLITE_UTF* values */ + u16 nField; /* Number of entries in aColl[] */ + u8 *aSortOrder; /* Sort order for each column. May be NULL */ + CollSeq *aColl[1]; /* Collating sequence for each term of the key */ +}; + +/* +** An instance of the following structure holds information about a +** single index record that has already been parsed out into individual +** values. +** +** A record is an object that contains one or more fields of data. +** Records are used to store the content of a table row and to store +** the key of an index. A blob encoding of a record is created by +** the OP_MakeRecord opcode of the VDBE and is disassembled by the +** OP_Column opcode. +** +** This structure holds a record that has already been disassembled +** into its constituent fields. +*/ +struct UnpackedRecord { + KeyInfo *pKeyInfo; /* Collation and sort-order information */ + u16 nField; /* Number of entries in apMem[] */ + u16 flags; /* Boolean settings. UNPACKED_... below */ + i64 rowid; /* Used by UNPACKED_PREFIX_SEARCH */ + Mem *aMem; /* Values */ +}; + +/* +** Allowed values of UnpackedRecord.flags +*/ +#define UNPACKED_NEED_FREE 0x0001 /* Memory is from sqlite3Malloc() */ +#define UNPACKED_NEED_DESTROY 0x0002 /* apMem[]s should all be destroyed */ +#define UNPACKED_IGNORE_ROWID 0x0004 /* Ignore trailing rowid on key1 */ +#define UNPACKED_INCRKEY 0x0008 /* Make this key an epsilon larger */ +#define UNPACKED_PREFIX_MATCH 0x0010 /* A prefix match is considered OK */ +#define UNPACKED_PREFIX_SEARCH 0x0020 /* A prefix match is considered OK */ + +/* +** Each SQL index is represented in memory by an +** instance of the following structure. +** +** The columns of the table that are to be indexed are described +** by the aiColumn[] field of this structure. For example, suppose +** we have the following table and index: +** +** CREATE TABLE Ex1(c1 int, c2 int, c3 text); +** CREATE INDEX Ex2 ON Ex1(c3,c1); +** +** In the Table structure describing Ex1, nCol==3 because there are +** three columns in the table. In the Index structure describing +** Ex2, nColumn==2 since 2 of the 3 columns of Ex1 are indexed. +** The value of aiColumn is {2, 0}. aiColumn[0]==2 because the +** first column to be indexed (c3) has an index of 2 in Ex1.aCol[]. +** The second column to be indexed (c1) has an index of 0 in +** Ex1.aCol[], hence Ex2.aiColumn[1]==0. +** +** The Index.onError field determines whether or not the indexed columns +** must be unique and what to do if they are not. When Index.onError=OE_None, +** it means this is not a unique index. Otherwise it is a unique index +** and the value of Index.onError indicate the which conflict resolution +** algorithm to employ whenever an attempt is made to insert a non-unique +** element. +*/ +struct Index { + char *zName; /* Name of this index */ + int nColumn; /* Number of columns in the table used by this index */ + int *aiColumn; /* Which columns are used by this index. 1st is 0 */ + unsigned *aiRowEst; /* Result of ANALYZE: Est. rows selected by each column */ + Table *pTable; /* The SQL table being indexed */ + int tnum; /* Page containing root of this index in database file */ + u8 onError; /* OE_Abort, OE_Ignore, OE_Replace, or OE_None */ + u8 autoIndex; /* True if is automatically created (ex: by UNIQUE) */ + u8 bUnordered; /* Use this index for == or IN queries only */ + char *zColAff; /* String defining the affinity of each column */ + Index *pNext; /* The next index associated with the same table */ + Schema *pSchema; /* Schema containing this index */ + u8 *aSortOrder; /* Array of size Index.nColumn. True==DESC, False==ASC */ + char **azColl; /* Array of collation sequence names for index */ + IndexSample *aSample; /* Array of SQLITE_INDEX_SAMPLES samples */ +}; + +/* +** Each sample stored in the sqlite_stat2 table is represented in memory +** using a structure of this type. +*/ +struct IndexSample { + union { + char *z; /* Value if eType is SQLITE_TEXT or SQLITE_BLOB */ + double r; /* Value if eType is SQLITE_FLOAT or SQLITE_INTEGER */ + } u; + u8 eType; /* SQLITE_NULL, SQLITE_INTEGER ... etc. */ + u8 nByte; /* Size in byte of text or blob. */ +}; + +/* +** Each token coming out of the lexer is an instance of +** this structure. Tokens are also used as part of an expression. +** +** Note if Token.z==0 then Token.dyn and Token.n are undefined and +** may contain random values. Do not make any assumptions about Token.dyn +** and Token.n when Token.z==0. +*/ +struct Token { + const char *z; /* Text of the token. Not NULL-terminated! */ + unsigned int n; /* Number of characters in this token */ +}; + +/* +** An instance of this structure contains information needed to generate +** code for a SELECT that contains aggregate functions. +** +** If Expr.op==TK_AGG_COLUMN or TK_AGG_FUNCTION then Expr.pAggInfo is a +** pointer to this structure. The Expr.iColumn field is the index in +** AggInfo.aCol[] or AggInfo.aFunc[] of information needed to generate +** code for that node. +** +** AggInfo.pGroupBy and AggInfo.aFunc.pExpr point to fields within the +** original Select structure that describes the SELECT statement. These +** fields do not need to be freed when deallocating the AggInfo structure. +*/ +struct AggInfo { + u8 directMode; /* Direct rendering mode means take data directly + ** from source tables rather than from accumulators */ + u8 useSortingIdx; /* In direct mode, reference the sorting index rather + ** than the source table */ + int sortingIdx; /* Cursor number of the sorting index */ + int sortingIdxPTab; /* Cursor number of pseudo-table */ + ExprList *pGroupBy; /* The group by clause */ + int nSortingColumn; /* Number of columns in the sorting index */ + struct AggInfo_col { /* For each column used in source tables */ + Table *pTab; /* Source table */ + int iTable; /* Cursor number of the source table */ + int iColumn; /* Column number within the source table */ + int iSorterColumn; /* Column number in the sorting index */ + int iMem; /* Memory location that acts as accumulator */ + Expr *pExpr; /* The original expression */ + } *aCol; + int nColumn; /* Number of used entries in aCol[] */ + int nColumnAlloc; /* Number of slots allocated for aCol[] */ + int nAccumulator; /* Number of columns that show through to the output. + ** Additional columns are used only as parameters to + ** aggregate functions */ + struct AggInfo_func { /* For each aggregate function */ + Expr *pExpr; /* Expression encoding the function */ + FuncDef *pFunc; /* The aggregate function implementation */ + int iMem; /* Memory location that acts as accumulator */ + int iDistinct; /* Ephemeral table used to enforce DISTINCT */ + } *aFunc; + int nFunc; /* Number of entries in aFunc[] */ + int nFuncAlloc; /* Number of slots allocated for aFunc[] */ +}; + +/* +** The datatype ynVar is a signed integer, either 16-bit or 32-bit. +** Usually it is 16-bits. But if SQLITE_MAX_VARIABLE_NUMBER is greater +** than 32767 we have to make it 32-bit. 16-bit is preferred because +** it uses less memory in the Expr object, which is a big memory user +** in systems with lots of prepared statements. And few applications +** need more than about 10 or 20 variables. But some extreme users want +** to have prepared statements with over 32767 variables, and for them +** the option is available (at compile-time). +*/ +#if SQLITE_MAX_VARIABLE_NUMBER<=32767 +typedef i16 ynVar; +#else +typedef int ynVar; +#endif + +/* +** Each node of an expression in the parse tree is an instance +** of this structure. +** +** Expr.op is the opcode. The integer parser token codes are reused +** as opcodes here. For example, the parser defines TK_GE to be an integer +** code representing the ">=" operator. This same integer code is reused +** to represent the greater-than-or-equal-to operator in the expression +** tree. +** +** If the expression is an SQL literal (TK_INTEGER, TK_FLOAT, TK_BLOB, +** or TK_STRING), then Expr.token contains the text of the SQL literal. If +** the expression is a variable (TK_VARIABLE), then Expr.token contains the +** variable name. Finally, if the expression is an SQL function (TK_FUNCTION), +** then Expr.token contains the name of the function. +** +** Expr.pRight and Expr.pLeft are the left and right subexpressions of a +** binary operator. Either or both may be NULL. +** +** Expr.x.pList is a list of arguments if the expression is an SQL function, +** a CASE expression or an IN expression of the form " IN (, ...)". +** Expr.x.pSelect is used if the expression is a sub-select or an expression of +** the form " IN (SELECT ...)". If the EP_xIsSelect bit is set in the +** Expr.flags mask, then Expr.x.pSelect is valid. Otherwise, Expr.x.pList is +** valid. +** +** An expression of the form ID or ID.ID refers to a column in a table. +** For such expressions, Expr.op is set to TK_COLUMN and Expr.iTable is +** the integer cursor number of a VDBE cursor pointing to that table and +** Expr.iColumn is the column number for the specific column. If the +** expression is used as a result in an aggregate SELECT, then the +** value is also stored in the Expr.iAgg column in the aggregate so that +** it can be accessed after all aggregates are computed. +** +** If the expression is an unbound variable marker (a question mark +** character '?' in the original SQL) then the Expr.iTable holds the index +** number for that variable. +** +** If the expression is a subquery then Expr.iColumn holds an integer +** register number containing the result of the subquery. If the +** subquery gives a constant result, then iTable is -1. If the subquery +** gives a different answer at different times during statement processing +** then iTable is the address of a subroutine that computes the subquery. +** +** If the Expr is of type OP_Column, and the table it is selecting from +** is a disk table or the "old.*" pseudo-table, then pTab points to the +** corresponding table definition. +** +** ALLOCATION NOTES: +** +** Expr objects can use a lot of memory space in database schema. To +** help reduce memory requirements, sometimes an Expr object will be +** truncated. And to reduce the number of memory allocations, sometimes +** two or more Expr objects will be stored in a single memory allocation, +** together with Expr.zToken strings. +** +** If the EP_Reduced and EP_TokenOnly flags are set when +** an Expr object is truncated. When EP_Reduced is set, then all +** the child Expr objects in the Expr.pLeft and Expr.pRight subtrees +** are contained within the same memory allocation. Note, however, that +** the subtrees in Expr.x.pList or Expr.x.pSelect are always separately +** allocated, regardless of whether or not EP_Reduced is set. +*/ +struct Expr { + u8 op; /* Operation performed by this node */ + char affinity; /* The affinity of the column or 0 if not a column */ + u16 flags; /* Various flags. EP_* See below */ + union { + char *zToken; /* Token value. Zero terminated and dequoted */ + int iValue; /* Non-negative integer value if EP_IntValue */ + } u; + + /* If the EP_TokenOnly flag is set in the Expr.flags mask, then no + ** space is allocated for the fields below this point. An attempt to + ** access them will result in a segfault or malfunction. + *********************************************************************/ + + Expr *pLeft; /* Left subnode */ + Expr *pRight; /* Right subnode */ + union { + ExprList *pList; /* Function arguments or in " IN ( IN (